1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 * 27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 33 #include <linux/types.h> 34 #include <linux/errno.h> 35 #include <linux/kernel.h> 36 #include <linux/sched.h> 37 #include <linux/slab.h> 38 #include <linux/poll.h> 39 #include <linux/fcntl.h> 40 #include <linux/init.h> 41 #include <linux/interrupt.h> 42 #include <linux/socket.h> 43 #include <linux/skbuff.h> 44 #include <linux/list.h> 45 #include <linux/device.h> 46 #include <net/sock.h> 47 48 #include <asm/system.h> 49 #include <asm/uaccess.h> 50 51 #include <net/bluetooth/bluetooth.h> 52 #include <net/bluetooth/hci_core.h> 53 #include <net/bluetooth/l2cap.h> 54 #include <net/bluetooth/rfcomm.h> 55 56 #ifndef CONFIG_BT_RFCOMM_DEBUG 57 #undef BT_DBG 58 #define BT_DBG(D...) 59 #endif 60 61 static const struct proto_ops rfcomm_sock_ops; 62 63 static struct bt_sock_list rfcomm_sk_list = { 64 .lock = RW_LOCK_UNLOCKED 65 }; 66 67 static void rfcomm_sock_close(struct sock *sk); 68 static void rfcomm_sock_kill(struct sock *sk); 69 70 /* ---- DLC callbacks ---- 71 * 72 * called under rfcomm_dlc_lock() 73 */ 74 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 75 { 76 struct sock *sk = d->owner; 77 if (!sk) 78 return; 79 80 atomic_add(skb->len, &sk->sk_rmem_alloc); 81 skb_queue_tail(&sk->sk_receive_queue, skb); 82 sk->sk_data_ready(sk, skb->len); 83 84 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 85 rfcomm_dlc_throttle(d); 86 } 87 88 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 89 { 90 struct sock *sk = d->owner, *parent; 91 if (!sk) 92 return; 93 94 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 95 96 bh_lock_sock(sk); 97 98 if (err) 99 sk->sk_err = err; 100 101 sk->sk_state = d->state; 102 103 parent = bt_sk(sk)->parent; 104 if (parent) { 105 if (d->state == BT_CLOSED) { 106 sock_set_flag(sk, SOCK_ZAPPED); 107 bt_accept_unlink(sk); 108 } 109 parent->sk_data_ready(parent, 0); 110 } else { 111 if (d->state == BT_CONNECTED) 112 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 113 sk->sk_state_change(sk); 114 } 115 116 bh_unlock_sock(sk); 117 118 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 119 /* We have to drop DLC lock here, otherwise 120 * rfcomm_sock_destruct() will dead lock. */ 121 rfcomm_dlc_unlock(d); 122 rfcomm_sock_kill(sk); 123 rfcomm_dlc_lock(d); 124 } 125 } 126 127 /* ---- Socket functions ---- */ 128 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 129 { 130 struct sock *sk = NULL; 131 struct hlist_node *node; 132 133 sk_for_each(sk, node, &rfcomm_sk_list.head) { 134 if (rfcomm_pi(sk)->channel == channel && 135 !bacmp(&bt_sk(sk)->src, src)) 136 break; 137 } 138 139 return node ? sk : NULL; 140 } 141 142 /* Find socket with channel and source bdaddr. 143 * Returns closest match. 144 */ 145 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 146 { 147 struct sock *sk = NULL, *sk1 = NULL; 148 struct hlist_node *node; 149 150 sk_for_each(sk, node, &rfcomm_sk_list.head) { 151 if (state && sk->sk_state != state) 152 continue; 153 154 if (rfcomm_pi(sk)->channel == channel) { 155 /* Exact match. */ 156 if (!bacmp(&bt_sk(sk)->src, src)) 157 break; 158 159 /* Closest match */ 160 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 161 sk1 = sk; 162 } 163 } 164 return node ? sk : sk1; 165 } 166 167 /* Find socket with given address (channel, src). 168 * Returns locked socket */ 169 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 170 { 171 struct sock *s; 172 read_lock(&rfcomm_sk_list.lock); 173 s = __rfcomm_get_sock_by_channel(state, channel, src); 174 if (s) bh_lock_sock(s); 175 read_unlock(&rfcomm_sk_list.lock); 176 return s; 177 } 178 179 static void rfcomm_sock_destruct(struct sock *sk) 180 { 181 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 182 183 BT_DBG("sk %p dlc %p", sk, d); 184 185 skb_queue_purge(&sk->sk_receive_queue); 186 skb_queue_purge(&sk->sk_write_queue); 187 188 rfcomm_dlc_lock(d); 189 rfcomm_pi(sk)->dlc = NULL; 190 191 /* Detach DLC if it's owned by this socket */ 192 if (d->owner == sk) 193 d->owner = NULL; 194 rfcomm_dlc_unlock(d); 195 196 rfcomm_dlc_put(d); 197 } 198 199 static void rfcomm_sock_cleanup_listen(struct sock *parent) 200 { 201 struct sock *sk; 202 203 BT_DBG("parent %p", parent); 204 205 /* Close not yet accepted dlcs */ 206 while ((sk = bt_accept_dequeue(parent, NULL))) { 207 rfcomm_sock_close(sk); 208 rfcomm_sock_kill(sk); 209 } 210 211 parent->sk_state = BT_CLOSED; 212 sock_set_flag(parent, SOCK_ZAPPED); 213 } 214 215 /* Kill socket (only if zapped and orphan) 216 * Must be called on unlocked socket. 217 */ 218 static void rfcomm_sock_kill(struct sock *sk) 219 { 220 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 221 return; 222 223 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 224 225 /* Kill poor orphan */ 226 bt_sock_unlink(&rfcomm_sk_list, sk); 227 sock_set_flag(sk, SOCK_DEAD); 228 sock_put(sk); 229 } 230 231 static void __rfcomm_sock_close(struct sock *sk) 232 { 233 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 234 235 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 236 237 switch (sk->sk_state) { 238 case BT_LISTEN: 239 rfcomm_sock_cleanup_listen(sk); 240 break; 241 242 case BT_CONNECT: 243 case BT_CONNECT2: 244 case BT_CONFIG: 245 case BT_CONNECTED: 246 rfcomm_dlc_close(d, 0); 247 248 default: 249 sock_set_flag(sk, SOCK_ZAPPED); 250 break; 251 } 252 } 253 254 /* Close socket. 255 * Must be called on unlocked socket. 256 */ 257 static void rfcomm_sock_close(struct sock *sk) 258 { 259 lock_sock(sk); 260 __rfcomm_sock_close(sk); 261 release_sock(sk); 262 } 263 264 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 265 { 266 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 267 268 BT_DBG("sk %p", sk); 269 270 if (parent) { 271 sk->sk_type = parent->sk_type; 272 pi->link_mode = rfcomm_pi(parent)->link_mode; 273 } else { 274 pi->link_mode = 0; 275 } 276 277 pi->dlc->link_mode = pi->link_mode; 278 } 279 280 static struct proto rfcomm_proto = { 281 .name = "RFCOMM", 282 .owner = THIS_MODULE, 283 .obj_size = sizeof(struct rfcomm_pinfo) 284 }; 285 286 static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio) 287 { 288 struct rfcomm_dlc *d; 289 struct sock *sk; 290 291 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 292 if (!sk) 293 return NULL; 294 295 sock_init_data(sock, sk); 296 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 297 298 d = rfcomm_dlc_alloc(prio); 299 if (!d) { 300 sk_free(sk); 301 return NULL; 302 } 303 304 d->data_ready = rfcomm_sk_data_ready; 305 d->state_change = rfcomm_sk_state_change; 306 307 rfcomm_pi(sk)->dlc = d; 308 d->owner = sk; 309 310 sk->sk_destruct = rfcomm_sock_destruct; 311 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 312 313 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 314 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 316 sock_reset_flag(sk, SOCK_ZAPPED); 317 318 sk->sk_protocol = proto; 319 sk->sk_state = BT_OPEN; 320 321 bt_sock_link(&rfcomm_sk_list, sk); 322 323 BT_DBG("sk %p", sk); 324 return sk; 325 } 326 327 static int rfcomm_sock_create(struct socket *sock, int protocol) 328 { 329 struct sock *sk; 330 331 BT_DBG("sock %p", sock); 332 333 sock->state = SS_UNCONNECTED; 334 335 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 336 return -ESOCKTNOSUPPORT; 337 338 sock->ops = &rfcomm_sock_ops; 339 340 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL))) 341 return -ENOMEM; 342 343 rfcomm_sock_init(sk, NULL); 344 return 0; 345 } 346 347 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 348 { 349 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 350 struct sock *sk = sock->sk; 351 int err = 0; 352 353 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 354 355 if (!addr || addr->sa_family != AF_BLUETOOTH) 356 return -EINVAL; 357 358 lock_sock(sk); 359 360 if (sk->sk_state != BT_OPEN) { 361 err = -EBADFD; 362 goto done; 363 } 364 365 if (sk->sk_type != SOCK_STREAM) { 366 err = -EINVAL; 367 goto done; 368 } 369 370 write_lock_bh(&rfcomm_sk_list.lock); 371 372 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 373 err = -EADDRINUSE; 374 } else { 375 /* Save source address */ 376 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 377 rfcomm_pi(sk)->channel = sa->rc_channel; 378 sk->sk_state = BT_BOUND; 379 } 380 381 write_unlock_bh(&rfcomm_sk_list.lock); 382 383 done: 384 release_sock(sk); 385 return err; 386 } 387 388 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 389 { 390 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 391 struct sock *sk = sock->sk; 392 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 393 int err = 0; 394 395 BT_DBG("sk %p", sk); 396 397 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 398 return -EINVAL; 399 400 lock_sock(sk); 401 402 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 403 err = -EBADFD; 404 goto done; 405 } 406 407 if (sk->sk_type != SOCK_STREAM) { 408 err = -EINVAL; 409 goto done; 410 } 411 412 sk->sk_state = BT_CONNECT; 413 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 414 rfcomm_pi(sk)->channel = sa->rc_channel; 415 416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 417 if (!err) 418 err = bt_sock_wait_state(sk, BT_CONNECTED, 419 sock_sndtimeo(sk, flags & O_NONBLOCK)); 420 421 done: 422 release_sock(sk); 423 return err; 424 } 425 426 static int rfcomm_sock_listen(struct socket *sock, int backlog) 427 { 428 struct sock *sk = sock->sk; 429 int err = 0; 430 431 BT_DBG("sk %p backlog %d", sk, backlog); 432 433 lock_sock(sk); 434 435 if (sk->sk_state != BT_BOUND) { 436 err = -EBADFD; 437 goto done; 438 } 439 440 if (sk->sk_type != SOCK_STREAM) { 441 err = -EINVAL; 442 goto done; 443 } 444 445 if (!rfcomm_pi(sk)->channel) { 446 bdaddr_t *src = &bt_sk(sk)->src; 447 u8 channel; 448 449 err = -EINVAL; 450 451 write_lock_bh(&rfcomm_sk_list.lock); 452 453 for (channel = 1; channel < 31; channel++) 454 if (!__rfcomm_get_sock_by_addr(channel, src)) { 455 rfcomm_pi(sk)->channel = channel; 456 err = 0; 457 break; 458 } 459 460 write_unlock_bh(&rfcomm_sk_list.lock); 461 462 if (err < 0) 463 goto done; 464 } 465 466 sk->sk_max_ack_backlog = backlog; 467 sk->sk_ack_backlog = 0; 468 sk->sk_state = BT_LISTEN; 469 470 done: 471 release_sock(sk); 472 return err; 473 } 474 475 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 476 { 477 DECLARE_WAITQUEUE(wait, current); 478 struct sock *sk = sock->sk, *nsk; 479 long timeo; 480 int err = 0; 481 482 lock_sock(sk); 483 484 if (sk->sk_state != BT_LISTEN) { 485 err = -EBADFD; 486 goto done; 487 } 488 489 if (sk->sk_type != SOCK_STREAM) { 490 err = -EINVAL; 491 goto done; 492 } 493 494 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 495 496 BT_DBG("sk %p timeo %ld", sk, timeo); 497 498 /* Wait for an incoming connection. (wake-one). */ 499 add_wait_queue_exclusive(sk->sk_sleep, &wait); 500 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 501 set_current_state(TASK_INTERRUPTIBLE); 502 if (!timeo) { 503 err = -EAGAIN; 504 break; 505 } 506 507 release_sock(sk); 508 timeo = schedule_timeout(timeo); 509 lock_sock(sk); 510 511 if (sk->sk_state != BT_LISTEN) { 512 err = -EBADFD; 513 break; 514 } 515 516 if (signal_pending(current)) { 517 err = sock_intr_errno(timeo); 518 break; 519 } 520 } 521 set_current_state(TASK_RUNNING); 522 remove_wait_queue(sk->sk_sleep, &wait); 523 524 if (err) 525 goto done; 526 527 newsock->state = SS_CONNECTED; 528 529 BT_DBG("new socket %p", nsk); 530 531 done: 532 release_sock(sk); 533 return err; 534 } 535 536 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 537 { 538 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 539 struct sock *sk = sock->sk; 540 541 BT_DBG("sock %p, sk %p", sock, sk); 542 543 sa->rc_family = AF_BLUETOOTH; 544 sa->rc_channel = rfcomm_pi(sk)->channel; 545 if (peer) 546 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 547 else 548 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 549 550 *len = sizeof(struct sockaddr_rc); 551 return 0; 552 } 553 554 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 555 struct msghdr *msg, size_t len) 556 { 557 struct sock *sk = sock->sk; 558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 559 struct sk_buff *skb; 560 int err; 561 int sent = 0; 562 563 if (msg->msg_flags & MSG_OOB) 564 return -EOPNOTSUPP; 565 566 if (sk->sk_shutdown & SEND_SHUTDOWN) 567 return -EPIPE; 568 569 BT_DBG("sock %p, sk %p", sock, sk); 570 571 lock_sock(sk); 572 573 while (len) { 574 size_t size = min_t(size_t, len, d->mtu); 575 576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 577 msg->msg_flags & MSG_DONTWAIT, &err); 578 if (!skb) 579 break; 580 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 581 582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 583 if (err) { 584 kfree_skb(skb); 585 sent = err; 586 break; 587 } 588 589 err = rfcomm_dlc_send(d, skb); 590 if (err < 0) { 591 kfree_skb(skb); 592 break; 593 } 594 595 sent += size; 596 len -= size; 597 } 598 599 release_sock(sk); 600 601 return sent ? sent : err; 602 } 603 604 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 605 { 606 DECLARE_WAITQUEUE(wait, current); 607 608 add_wait_queue(sk->sk_sleep, &wait); 609 for (;;) { 610 set_current_state(TASK_INTERRUPTIBLE); 611 612 if (!skb_queue_empty(&sk->sk_receive_queue) || 613 sk->sk_err || 614 (sk->sk_shutdown & RCV_SHUTDOWN) || 615 signal_pending(current) || 616 !timeo) 617 break; 618 619 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 620 release_sock(sk); 621 timeo = schedule_timeout(timeo); 622 lock_sock(sk); 623 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 624 } 625 626 __set_current_state(TASK_RUNNING); 627 remove_wait_queue(sk->sk_sleep, &wait); 628 return timeo; 629 } 630 631 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 632 struct msghdr *msg, size_t size, int flags) 633 { 634 struct sock *sk = sock->sk; 635 int err = 0; 636 size_t target, copied = 0; 637 long timeo; 638 639 if (flags & MSG_OOB) 640 return -EOPNOTSUPP; 641 642 msg->msg_namelen = 0; 643 644 BT_DBG("sk %p size %d", sk, size); 645 646 lock_sock(sk); 647 648 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 649 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 650 651 do { 652 struct sk_buff *skb; 653 int chunk; 654 655 skb = skb_dequeue(&sk->sk_receive_queue); 656 if (!skb) { 657 if (copied >= target) 658 break; 659 660 if ((err = sock_error(sk)) != 0) 661 break; 662 if (sk->sk_shutdown & RCV_SHUTDOWN) 663 break; 664 665 err = -EAGAIN; 666 if (!timeo) 667 break; 668 669 timeo = rfcomm_sock_data_wait(sk, timeo); 670 671 if (signal_pending(current)) { 672 err = sock_intr_errno(timeo); 673 goto out; 674 } 675 continue; 676 } 677 678 chunk = min_t(unsigned int, skb->len, size); 679 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 680 skb_queue_head(&sk->sk_receive_queue, skb); 681 if (!copied) 682 copied = -EFAULT; 683 break; 684 } 685 copied += chunk; 686 size -= chunk; 687 688 if (!(flags & MSG_PEEK)) { 689 atomic_sub(chunk, &sk->sk_rmem_alloc); 690 691 skb_pull(skb, chunk); 692 if (skb->len) { 693 skb_queue_head(&sk->sk_receive_queue, skb); 694 break; 695 } 696 kfree_skb(skb); 697 698 } else { 699 /* put message back and return */ 700 skb_queue_head(&sk->sk_receive_queue, skb); 701 break; 702 } 703 } while (size); 704 705 out: 706 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 707 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 708 709 release_sock(sk); 710 return copied ? : err; 711 } 712 713 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 714 { 715 struct sock *sk = sock->sk; 716 int err = 0; 717 u32 opt; 718 719 BT_DBG("sk %p", sk); 720 721 lock_sock(sk); 722 723 switch (optname) { 724 case RFCOMM_LM: 725 if (get_user(opt, (u32 __user *) optval)) { 726 err = -EFAULT; 727 break; 728 } 729 730 rfcomm_pi(sk)->link_mode = opt; 731 break; 732 733 default: 734 err = -ENOPROTOOPT; 735 break; 736 } 737 738 release_sock(sk); 739 return err; 740 } 741 742 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 743 { 744 struct sock *sk = sock->sk; 745 struct sock *l2cap_sk; 746 struct rfcomm_conninfo cinfo; 747 int len, err = 0; 748 749 BT_DBG("sk %p", sk); 750 751 if (get_user(len, optlen)) 752 return -EFAULT; 753 754 lock_sock(sk); 755 756 switch (optname) { 757 case RFCOMM_LM: 758 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 759 err = -EFAULT; 760 break; 761 762 case RFCOMM_CONNINFO: 763 if (sk->sk_state != BT_CONNECTED) { 764 err = -ENOTCONN; 765 break; 766 } 767 768 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 769 770 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 771 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 772 773 len = min_t(unsigned int, len, sizeof(cinfo)); 774 if (copy_to_user(optval, (char *) &cinfo, len)) 775 err = -EFAULT; 776 777 break; 778 779 default: 780 err = -ENOPROTOOPT; 781 break; 782 } 783 784 release_sock(sk); 785 return err; 786 } 787 788 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 789 { 790 struct sock *sk = sock->sk; 791 int err; 792 793 lock_sock(sk); 794 795 #ifdef CONFIG_BT_RFCOMM_TTY 796 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 797 #else 798 err = -EOPNOTSUPP; 799 #endif 800 801 release_sock(sk); 802 return err; 803 } 804 805 static int rfcomm_sock_shutdown(struct socket *sock, int how) 806 { 807 struct sock *sk = sock->sk; 808 int err = 0; 809 810 BT_DBG("sock %p, sk %p", sock, sk); 811 812 if (!sk) return 0; 813 814 lock_sock(sk); 815 if (!sk->sk_shutdown) { 816 sk->sk_shutdown = SHUTDOWN_MASK; 817 __rfcomm_sock_close(sk); 818 819 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 820 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 821 } 822 release_sock(sk); 823 return err; 824 } 825 826 static int rfcomm_sock_release(struct socket *sock) 827 { 828 struct sock *sk = sock->sk; 829 int err; 830 831 BT_DBG("sock %p, sk %p", sock, sk); 832 833 if (!sk) 834 return 0; 835 836 err = rfcomm_sock_shutdown(sock, 2); 837 838 sock_orphan(sk); 839 rfcomm_sock_kill(sk); 840 return err; 841 } 842 843 /* ---- RFCOMM core layer callbacks ---- 844 * 845 * called under rfcomm_lock() 846 */ 847 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 848 { 849 struct sock *sk, *parent; 850 bdaddr_t src, dst; 851 int result = 0; 852 853 BT_DBG("session %p channel %d", s, channel); 854 855 rfcomm_session_getaddr(s, &src, &dst); 856 857 /* Check if we have socket listening on channel */ 858 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 859 if (!parent) 860 return 0; 861 862 /* Check for backlog size */ 863 if (sk_acceptq_is_full(parent)) { 864 BT_DBG("backlog full %d", parent->sk_ack_backlog); 865 goto done; 866 } 867 868 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 869 if (!sk) 870 goto done; 871 872 rfcomm_sock_init(sk, parent); 873 bacpy(&bt_sk(sk)->src, &src); 874 bacpy(&bt_sk(sk)->dst, &dst); 875 rfcomm_pi(sk)->channel = channel; 876 877 sk->sk_state = BT_CONFIG; 878 bt_accept_enqueue(parent, sk); 879 880 /* Accept connection and return socket DLC */ 881 *d = rfcomm_pi(sk)->dlc; 882 result = 1; 883 884 done: 885 bh_unlock_sock(parent); 886 return result; 887 } 888 889 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 890 { 891 struct sock *sk; 892 struct hlist_node *node; 893 char *str = buf; 894 895 read_lock_bh(&rfcomm_sk_list.lock); 896 897 sk_for_each(sk, node, &rfcomm_sk_list.head) { 898 str += sprintf(str, "%s %s %d %d\n", 899 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 900 sk->sk_state, rfcomm_pi(sk)->channel); 901 } 902 903 read_unlock_bh(&rfcomm_sk_list.lock); 904 905 return (str - buf); 906 } 907 908 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 909 910 static const struct proto_ops rfcomm_sock_ops = { 911 .family = PF_BLUETOOTH, 912 .owner = THIS_MODULE, 913 .release = rfcomm_sock_release, 914 .bind = rfcomm_sock_bind, 915 .connect = rfcomm_sock_connect, 916 .listen = rfcomm_sock_listen, 917 .accept = rfcomm_sock_accept, 918 .getname = rfcomm_sock_getname, 919 .sendmsg = rfcomm_sock_sendmsg, 920 .recvmsg = rfcomm_sock_recvmsg, 921 .shutdown = rfcomm_sock_shutdown, 922 .setsockopt = rfcomm_sock_setsockopt, 923 .getsockopt = rfcomm_sock_getsockopt, 924 .ioctl = rfcomm_sock_ioctl, 925 .poll = bt_sock_poll, 926 .socketpair = sock_no_socketpair, 927 .mmap = sock_no_mmap 928 }; 929 930 static struct net_proto_family rfcomm_sock_family_ops = { 931 .family = PF_BLUETOOTH, 932 .owner = THIS_MODULE, 933 .create = rfcomm_sock_create 934 }; 935 936 int __init rfcomm_init_sockets(void) 937 { 938 int err; 939 940 err = proto_register(&rfcomm_proto, 0); 941 if (err < 0) 942 return err; 943 944 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 945 if (err < 0) 946 goto error; 947 948 class_create_file(&bt_class, &class_attr_rfcomm); 949 950 BT_INFO("RFCOMM socket layer initialized"); 951 952 return 0; 953 954 error: 955 BT_ERR("RFCOMM socket layer registration failed"); 956 proto_unregister(&rfcomm_proto); 957 return err; 958 } 959 960 void __exit rfcomm_cleanup_sockets(void) 961 { 962 class_remove_file(&bt_class, &class_attr_rfcomm); 963 964 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 965 BT_ERR("RFCOMM socket layer unregistration failed"); 966 967 proto_unregister(&rfcomm_proto); 968 } 969