1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 48 #include <net/bluetooth/bluetooth.h> 49 #include <net/bluetooth/hci_core.h> 50 #include <net/bluetooth/l2cap.h> 51 #include <net/bluetooth/rfcomm.h> 52 53 #ifndef CONFIG_BT_RFCOMM_DEBUG 54 #undef BT_DBG 55 #define BT_DBG(D...) 56 #endif 57 58 static const struct proto_ops rfcomm_sock_ops; 59 60 static struct bt_sock_list rfcomm_sk_list = { 61 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 62 }; 63 64 static void rfcomm_sock_close(struct sock *sk); 65 static void rfcomm_sock_kill(struct sock *sk); 66 67 /* ---- DLC callbacks ---- 68 * 69 * called under rfcomm_dlc_lock() 70 */ 71 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 72 { 73 struct sock *sk = d->owner; 74 if (!sk) 75 return; 76 77 atomic_add(skb->len, &sk->sk_rmem_alloc); 78 skb_queue_tail(&sk->sk_receive_queue, skb); 79 sk->sk_data_ready(sk, skb->len); 80 81 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 82 rfcomm_dlc_throttle(d); 83 } 84 85 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 86 { 87 struct sock *sk = d->owner, *parent; 88 if (!sk) 89 return; 90 91 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 92 93 bh_lock_sock(sk); 94 95 if (err) 96 sk->sk_err = err; 97 98 sk->sk_state = d->state; 99 100 parent = bt_sk(sk)->parent; 101 if (parent) { 102 if (d->state == BT_CLOSED) { 103 sock_set_flag(sk, SOCK_ZAPPED); 104 bt_accept_unlink(sk); 105 } 106 parent->sk_data_ready(parent, 0); 107 } else { 108 if (d->state == BT_CONNECTED) 109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 110 sk->sk_state_change(sk); 111 } 112 113 bh_unlock_sock(sk); 114 115 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 116 /* We have to drop DLC lock here, otherwise 117 * rfcomm_sock_destruct() will dead lock. */ 118 rfcomm_dlc_unlock(d); 119 rfcomm_sock_kill(sk); 120 rfcomm_dlc_lock(d); 121 } 122 } 123 124 /* ---- Socket functions ---- */ 125 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 126 { 127 struct sock *sk = NULL; 128 struct hlist_node *node; 129 130 sk_for_each(sk, node, &rfcomm_sk_list.head) { 131 if (rfcomm_pi(sk)->channel == channel && 132 !bacmp(&bt_sk(sk)->src, src)) 133 break; 134 } 135 136 return node ? sk : NULL; 137 } 138 139 /* Find socket with channel and source bdaddr. 140 * Returns closest match. 141 */ 142 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 143 { 144 struct sock *sk = NULL, *sk1 = NULL; 145 struct hlist_node *node; 146 147 sk_for_each(sk, node, &rfcomm_sk_list.head) { 148 if (state && sk->sk_state != state) 149 continue; 150 151 if (rfcomm_pi(sk)->channel == channel) { 152 /* Exact match. */ 153 if (!bacmp(&bt_sk(sk)->src, src)) 154 break; 155 156 /* Closest match */ 157 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 158 sk1 = sk; 159 } 160 } 161 return node ? sk : sk1; 162 } 163 164 /* Find socket with given address (channel, src). 165 * Returns locked socket */ 166 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 167 { 168 struct sock *s; 169 read_lock(&rfcomm_sk_list.lock); 170 s = __rfcomm_get_sock_by_channel(state, channel, src); 171 if (s) bh_lock_sock(s); 172 read_unlock(&rfcomm_sk_list.lock); 173 return s; 174 } 175 176 static void rfcomm_sock_destruct(struct sock *sk) 177 { 178 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 179 180 BT_DBG("sk %p dlc %p", sk, d); 181 182 skb_queue_purge(&sk->sk_receive_queue); 183 skb_queue_purge(&sk->sk_write_queue); 184 185 rfcomm_dlc_lock(d); 186 rfcomm_pi(sk)->dlc = NULL; 187 188 /* Detach DLC if it's owned by this socket */ 189 if (d->owner == sk) 190 d->owner = NULL; 191 rfcomm_dlc_unlock(d); 192 193 rfcomm_dlc_put(d); 194 } 195 196 static void rfcomm_sock_cleanup_listen(struct sock *parent) 197 { 198 struct sock *sk; 199 200 BT_DBG("parent %p", parent); 201 202 /* Close not yet accepted dlcs */ 203 while ((sk = bt_accept_dequeue(parent, NULL))) { 204 rfcomm_sock_close(sk); 205 rfcomm_sock_kill(sk); 206 } 207 208 parent->sk_state = BT_CLOSED; 209 sock_set_flag(parent, SOCK_ZAPPED); 210 } 211 212 /* Kill socket (only if zapped and orphan) 213 * Must be called on unlocked socket. 214 */ 215 static void rfcomm_sock_kill(struct sock *sk) 216 { 217 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 218 return; 219 220 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 221 222 /* Kill poor orphan */ 223 bt_sock_unlink(&rfcomm_sk_list, sk); 224 sock_set_flag(sk, SOCK_DEAD); 225 sock_put(sk); 226 } 227 228 static void __rfcomm_sock_close(struct sock *sk) 229 { 230 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 231 232 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 233 234 switch (sk->sk_state) { 235 case BT_LISTEN: 236 rfcomm_sock_cleanup_listen(sk); 237 break; 238 239 case BT_CONNECT: 240 case BT_CONNECT2: 241 case BT_CONFIG: 242 case BT_CONNECTED: 243 rfcomm_dlc_close(d, 0); 244 245 default: 246 sock_set_flag(sk, SOCK_ZAPPED); 247 break; 248 } 249 } 250 251 /* Close socket. 252 * Must be called on unlocked socket. 253 */ 254 static void rfcomm_sock_close(struct sock *sk) 255 { 256 lock_sock(sk); 257 __rfcomm_sock_close(sk); 258 release_sock(sk); 259 } 260 261 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 262 { 263 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 264 265 BT_DBG("sk %p", sk); 266 267 if (parent) { 268 sk->sk_type = parent->sk_type; 269 pi->link_mode = rfcomm_pi(parent)->link_mode; 270 } else { 271 pi->link_mode = 0; 272 } 273 274 pi->dlc->link_mode = pi->link_mode; 275 } 276 277 static struct proto rfcomm_proto = { 278 .name = "RFCOMM", 279 .owner = THIS_MODULE, 280 .obj_size = sizeof(struct rfcomm_pinfo) 281 }; 282 283 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 284 { 285 struct rfcomm_dlc *d; 286 struct sock *sk; 287 288 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 289 if (!sk) 290 return NULL; 291 292 sock_init_data(sock, sk); 293 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 294 295 d = rfcomm_dlc_alloc(prio); 296 if (!d) { 297 sk_free(sk); 298 return NULL; 299 } 300 301 d->data_ready = rfcomm_sk_data_ready; 302 d->state_change = rfcomm_sk_state_change; 303 304 rfcomm_pi(sk)->dlc = d; 305 d->owner = sk; 306 307 sk->sk_destruct = rfcomm_sock_destruct; 308 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 309 310 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 311 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 312 313 sock_reset_flag(sk, SOCK_ZAPPED); 314 315 sk->sk_protocol = proto; 316 sk->sk_state = BT_OPEN; 317 318 bt_sock_link(&rfcomm_sk_list, sk); 319 320 BT_DBG("sk %p", sk); 321 return sk; 322 } 323 324 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) 325 { 326 struct sock *sk; 327 328 BT_DBG("sock %p", sock); 329 330 sock->state = SS_UNCONNECTED; 331 332 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 333 return -ESOCKTNOSUPPORT; 334 335 sock->ops = &rfcomm_sock_ops; 336 337 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 338 if (!sk) 339 return -ENOMEM; 340 341 rfcomm_sock_init(sk, NULL); 342 return 0; 343 } 344 345 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 346 { 347 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 348 struct sock *sk = sock->sk; 349 int err = 0; 350 351 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 352 353 if (!addr || addr->sa_family != AF_BLUETOOTH) 354 return -EINVAL; 355 356 lock_sock(sk); 357 358 if (sk->sk_state != BT_OPEN) { 359 err = -EBADFD; 360 goto done; 361 } 362 363 if (sk->sk_type != SOCK_STREAM) { 364 err = -EINVAL; 365 goto done; 366 } 367 368 write_lock_bh(&rfcomm_sk_list.lock); 369 370 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 371 err = -EADDRINUSE; 372 } else { 373 /* Save source address */ 374 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 375 rfcomm_pi(sk)->channel = sa->rc_channel; 376 sk->sk_state = BT_BOUND; 377 } 378 379 write_unlock_bh(&rfcomm_sk_list.lock); 380 381 done: 382 release_sock(sk); 383 return err; 384 } 385 386 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 387 { 388 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 389 struct sock *sk = sock->sk; 390 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 391 int err = 0; 392 393 BT_DBG("sk %p", sk); 394 395 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 396 return -EINVAL; 397 398 lock_sock(sk); 399 400 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 401 err = -EBADFD; 402 goto done; 403 } 404 405 if (sk->sk_type != SOCK_STREAM) { 406 err = -EINVAL; 407 goto done; 408 } 409 410 sk->sk_state = BT_CONNECT; 411 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 412 rfcomm_pi(sk)->channel = sa->rc_channel; 413 414 d->link_mode = rfcomm_pi(sk)->link_mode; 415 416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 417 if (!err) 418 err = bt_sock_wait_state(sk, BT_CONNECTED, 419 sock_sndtimeo(sk, flags & O_NONBLOCK)); 420 421 done: 422 release_sock(sk); 423 return err; 424 } 425 426 static int rfcomm_sock_listen(struct socket *sock, int backlog) 427 { 428 struct sock *sk = sock->sk; 429 int err = 0; 430 431 BT_DBG("sk %p backlog %d", sk, backlog); 432 433 lock_sock(sk); 434 435 if (sk->sk_state != BT_BOUND) { 436 err = -EBADFD; 437 goto done; 438 } 439 440 if (sk->sk_type != SOCK_STREAM) { 441 err = -EINVAL; 442 goto done; 443 } 444 445 if (!rfcomm_pi(sk)->channel) { 446 bdaddr_t *src = &bt_sk(sk)->src; 447 u8 channel; 448 449 err = -EINVAL; 450 451 write_lock_bh(&rfcomm_sk_list.lock); 452 453 for (channel = 1; channel < 31; channel++) 454 if (!__rfcomm_get_sock_by_addr(channel, src)) { 455 rfcomm_pi(sk)->channel = channel; 456 err = 0; 457 break; 458 } 459 460 write_unlock_bh(&rfcomm_sk_list.lock); 461 462 if (err < 0) 463 goto done; 464 } 465 466 sk->sk_max_ack_backlog = backlog; 467 sk->sk_ack_backlog = 0; 468 sk->sk_state = BT_LISTEN; 469 470 done: 471 release_sock(sk); 472 return err; 473 } 474 475 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 476 { 477 DECLARE_WAITQUEUE(wait, current); 478 struct sock *sk = sock->sk, *nsk; 479 long timeo; 480 int err = 0; 481 482 lock_sock(sk); 483 484 if (sk->sk_state != BT_LISTEN) { 485 err = -EBADFD; 486 goto done; 487 } 488 489 if (sk->sk_type != SOCK_STREAM) { 490 err = -EINVAL; 491 goto done; 492 } 493 494 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 495 496 BT_DBG("sk %p timeo %ld", sk, timeo); 497 498 /* Wait for an incoming connection. (wake-one). */ 499 add_wait_queue_exclusive(sk->sk_sleep, &wait); 500 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 501 set_current_state(TASK_INTERRUPTIBLE); 502 if (!timeo) { 503 err = -EAGAIN; 504 break; 505 } 506 507 release_sock(sk); 508 timeo = schedule_timeout(timeo); 509 lock_sock(sk); 510 511 if (sk->sk_state != BT_LISTEN) { 512 err = -EBADFD; 513 break; 514 } 515 516 if (signal_pending(current)) { 517 err = sock_intr_errno(timeo); 518 break; 519 } 520 } 521 set_current_state(TASK_RUNNING); 522 remove_wait_queue(sk->sk_sleep, &wait); 523 524 if (err) 525 goto done; 526 527 newsock->state = SS_CONNECTED; 528 529 BT_DBG("new socket %p", nsk); 530 531 done: 532 release_sock(sk); 533 return err; 534 } 535 536 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 537 { 538 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 539 struct sock *sk = sock->sk; 540 541 BT_DBG("sock %p, sk %p", sock, sk); 542 543 sa->rc_family = AF_BLUETOOTH; 544 sa->rc_channel = rfcomm_pi(sk)->channel; 545 if (peer) 546 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 547 else 548 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 549 550 *len = sizeof(struct sockaddr_rc); 551 return 0; 552 } 553 554 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 555 struct msghdr *msg, size_t len) 556 { 557 struct sock *sk = sock->sk; 558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 559 struct sk_buff *skb; 560 int sent = 0; 561 562 if (msg->msg_flags & MSG_OOB) 563 return -EOPNOTSUPP; 564 565 if (sk->sk_shutdown & SEND_SHUTDOWN) 566 return -EPIPE; 567 568 BT_DBG("sock %p, sk %p", sock, sk); 569 570 lock_sock(sk); 571 572 while (len) { 573 size_t size = min_t(size_t, len, d->mtu); 574 int err; 575 576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 577 msg->msg_flags & MSG_DONTWAIT, &err); 578 if (!skb) 579 break; 580 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 581 582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 583 if (err) { 584 kfree_skb(skb); 585 if (sent == 0) 586 sent = err; 587 break; 588 } 589 590 err = rfcomm_dlc_send(d, skb); 591 if (err < 0) { 592 kfree_skb(skb); 593 if (sent == 0) 594 sent = err; 595 break; 596 } 597 598 sent += size; 599 len -= size; 600 } 601 602 release_sock(sk); 603 604 return sent; 605 } 606 607 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 608 { 609 DECLARE_WAITQUEUE(wait, current); 610 611 add_wait_queue(sk->sk_sleep, &wait); 612 for (;;) { 613 set_current_state(TASK_INTERRUPTIBLE); 614 615 if (!skb_queue_empty(&sk->sk_receive_queue) || 616 sk->sk_err || 617 (sk->sk_shutdown & RCV_SHUTDOWN) || 618 signal_pending(current) || 619 !timeo) 620 break; 621 622 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 623 release_sock(sk); 624 timeo = schedule_timeout(timeo); 625 lock_sock(sk); 626 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 627 } 628 629 __set_current_state(TASK_RUNNING); 630 remove_wait_queue(sk->sk_sleep, &wait); 631 return timeo; 632 } 633 634 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 635 struct msghdr *msg, size_t size, int flags) 636 { 637 struct sock *sk = sock->sk; 638 int err = 0; 639 size_t target, copied = 0; 640 long timeo; 641 642 if (flags & MSG_OOB) 643 return -EOPNOTSUPP; 644 645 msg->msg_namelen = 0; 646 647 BT_DBG("sk %p size %d", sk, size); 648 649 lock_sock(sk); 650 651 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 652 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 653 654 do { 655 struct sk_buff *skb; 656 int chunk; 657 658 skb = skb_dequeue(&sk->sk_receive_queue); 659 if (!skb) { 660 if (copied >= target) 661 break; 662 663 if ((err = sock_error(sk)) != 0) 664 break; 665 if (sk->sk_shutdown & RCV_SHUTDOWN) 666 break; 667 668 err = -EAGAIN; 669 if (!timeo) 670 break; 671 672 timeo = rfcomm_sock_data_wait(sk, timeo); 673 674 if (signal_pending(current)) { 675 err = sock_intr_errno(timeo); 676 goto out; 677 } 678 continue; 679 } 680 681 chunk = min_t(unsigned int, skb->len, size); 682 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 683 skb_queue_head(&sk->sk_receive_queue, skb); 684 if (!copied) 685 copied = -EFAULT; 686 break; 687 } 688 copied += chunk; 689 size -= chunk; 690 691 sock_recv_timestamp(msg, sk, skb); 692 693 if (!(flags & MSG_PEEK)) { 694 atomic_sub(chunk, &sk->sk_rmem_alloc); 695 696 skb_pull(skb, chunk); 697 if (skb->len) { 698 skb_queue_head(&sk->sk_receive_queue, skb); 699 break; 700 } 701 kfree_skb(skb); 702 703 } else { 704 /* put message back and return */ 705 skb_queue_head(&sk->sk_receive_queue, skb); 706 break; 707 } 708 } while (size); 709 710 out: 711 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 712 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 713 714 release_sock(sk); 715 return copied ? : err; 716 } 717 718 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 719 { 720 struct sock *sk = sock->sk; 721 int err = 0; 722 u32 opt; 723 724 BT_DBG("sk %p", sk); 725 726 lock_sock(sk); 727 728 switch (optname) { 729 case RFCOMM_LM: 730 if (get_user(opt, (u32 __user *) optval)) { 731 err = -EFAULT; 732 break; 733 } 734 735 rfcomm_pi(sk)->link_mode = opt; 736 break; 737 738 default: 739 err = -ENOPROTOOPT; 740 break; 741 } 742 743 release_sock(sk); 744 return err; 745 } 746 747 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 748 { 749 struct sock *sk = sock->sk; 750 struct sock *l2cap_sk; 751 struct rfcomm_conninfo cinfo; 752 int len, err = 0; 753 754 BT_DBG("sk %p", sk); 755 756 if (get_user(len, optlen)) 757 return -EFAULT; 758 759 lock_sock(sk); 760 761 switch (optname) { 762 case RFCOMM_LM: 763 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 764 err = -EFAULT; 765 break; 766 767 case RFCOMM_CONNINFO: 768 if (sk->sk_state != BT_CONNECTED) { 769 err = -ENOTCONN; 770 break; 771 } 772 773 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 774 775 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 776 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 777 778 len = min_t(unsigned int, len, sizeof(cinfo)); 779 if (copy_to_user(optval, (char *) &cinfo, len)) 780 err = -EFAULT; 781 782 break; 783 784 default: 785 err = -ENOPROTOOPT; 786 break; 787 } 788 789 release_sock(sk); 790 return err; 791 } 792 793 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 794 { 795 struct sock *sk = sock->sk; 796 int err; 797 798 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 799 800 err = bt_sock_ioctl(sock, cmd, arg); 801 802 if (err == -ENOIOCTLCMD) { 803 #ifdef CONFIG_BT_RFCOMM_TTY 804 lock_sock(sk); 805 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 806 release_sock(sk); 807 #else 808 err = -EOPNOTSUPP; 809 #endif 810 } 811 812 return err; 813 } 814 815 static int rfcomm_sock_shutdown(struct socket *sock, int how) 816 { 817 struct sock *sk = sock->sk; 818 int err = 0; 819 820 BT_DBG("sock %p, sk %p", sock, sk); 821 822 if (!sk) return 0; 823 824 lock_sock(sk); 825 if (!sk->sk_shutdown) { 826 sk->sk_shutdown = SHUTDOWN_MASK; 827 __rfcomm_sock_close(sk); 828 829 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 830 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 831 } 832 release_sock(sk); 833 return err; 834 } 835 836 static int rfcomm_sock_release(struct socket *sock) 837 { 838 struct sock *sk = sock->sk; 839 int err; 840 841 BT_DBG("sock %p, sk %p", sock, sk); 842 843 if (!sk) 844 return 0; 845 846 err = rfcomm_sock_shutdown(sock, 2); 847 848 sock_orphan(sk); 849 rfcomm_sock_kill(sk); 850 return err; 851 } 852 853 /* ---- RFCOMM core layer callbacks ---- 854 * 855 * called under rfcomm_lock() 856 */ 857 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 858 { 859 struct sock *sk, *parent; 860 bdaddr_t src, dst; 861 int result = 0; 862 863 BT_DBG("session %p channel %d", s, channel); 864 865 rfcomm_session_getaddr(s, &src, &dst); 866 867 /* Check if we have socket listening on channel */ 868 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 869 if (!parent) 870 return 0; 871 872 /* Check for backlog size */ 873 if (sk_acceptq_is_full(parent)) { 874 BT_DBG("backlog full %d", parent->sk_ack_backlog); 875 goto done; 876 } 877 878 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 879 if (!sk) 880 goto done; 881 882 rfcomm_sock_init(sk, parent); 883 bacpy(&bt_sk(sk)->src, &src); 884 bacpy(&bt_sk(sk)->dst, &dst); 885 rfcomm_pi(sk)->channel = channel; 886 887 sk->sk_state = BT_CONFIG; 888 bt_accept_enqueue(parent, sk); 889 890 /* Accept connection and return socket DLC */ 891 *d = rfcomm_pi(sk)->dlc; 892 result = 1; 893 894 done: 895 bh_unlock_sock(parent); 896 return result; 897 } 898 899 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 900 { 901 struct sock *sk; 902 struct hlist_node *node; 903 char *str = buf; 904 905 read_lock_bh(&rfcomm_sk_list.lock); 906 907 sk_for_each(sk, node, &rfcomm_sk_list.head) { 908 str += sprintf(str, "%s %s %d %d\n", 909 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 910 sk->sk_state, rfcomm_pi(sk)->channel); 911 } 912 913 read_unlock_bh(&rfcomm_sk_list.lock); 914 915 return (str - buf); 916 } 917 918 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 919 920 static const struct proto_ops rfcomm_sock_ops = { 921 .family = PF_BLUETOOTH, 922 .owner = THIS_MODULE, 923 .release = rfcomm_sock_release, 924 .bind = rfcomm_sock_bind, 925 .connect = rfcomm_sock_connect, 926 .listen = rfcomm_sock_listen, 927 .accept = rfcomm_sock_accept, 928 .getname = rfcomm_sock_getname, 929 .sendmsg = rfcomm_sock_sendmsg, 930 .recvmsg = rfcomm_sock_recvmsg, 931 .shutdown = rfcomm_sock_shutdown, 932 .setsockopt = rfcomm_sock_setsockopt, 933 .getsockopt = rfcomm_sock_getsockopt, 934 .ioctl = rfcomm_sock_ioctl, 935 .poll = bt_sock_poll, 936 .socketpair = sock_no_socketpair, 937 .mmap = sock_no_mmap 938 }; 939 940 static struct net_proto_family rfcomm_sock_family_ops = { 941 .family = PF_BLUETOOTH, 942 .owner = THIS_MODULE, 943 .create = rfcomm_sock_create 944 }; 945 946 int __init rfcomm_init_sockets(void) 947 { 948 int err; 949 950 err = proto_register(&rfcomm_proto, 0); 951 if (err < 0) 952 return err; 953 954 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 955 if (err < 0) 956 goto error; 957 958 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 959 BT_ERR("Failed to create RFCOMM info file"); 960 961 BT_INFO("RFCOMM socket layer initialized"); 962 963 return 0; 964 965 error: 966 BT_ERR("RFCOMM socket layer registration failed"); 967 proto_unregister(&rfcomm_proto); 968 return err; 969 } 970 971 void __exit rfcomm_cleanup_sockets(void) 972 { 973 class_remove_file(bt_class, &class_attr_rfcomm); 974 975 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 976 BT_ERR("RFCOMM socket layer unregistration failed"); 977 978 proto_unregister(&rfcomm_proto); 979 } 980