search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
GUI: Fix Tomato RAF theme for all builds. Compilation typo.
[tomato.git] / release / src-rt-6.x.4708 / linux / linux-2.6.36 / net / bluetooth / rfcomm / sock.c
blob194b3a04cfd38a3b4a13817d5aecace4f355ea49
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM sockets.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <linux/debugfs.h>
44 #include <linux/seq_file.h>
45 #include <net/sock.h>
46
47 #include <asm/system.h>
48 #include <asm/uaccess.h>
49
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52 #include <net/bluetooth/l2cap.h>
53 #include <net/bluetooth/rfcomm.h>
54
55 static const struct proto_ops rfcomm_sock_ops;
56
57 static struct bt_sock_list rfcomm_sk_list = {
58 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
59 };
60
61 static void rfcomm_sock_close(struct sock *sk);
62 static void rfcomm_sock_kill(struct sock *sk);
63
64 /* ---- DLC callbacks ----
65 *
66 * called under rfcomm_dlc_lock()
67 */
68 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
69 {
70 struct sock *sk = d->owner;
71 if (!sk)
72 return;
73
74 atomic_add(skb->len, &sk->sk_rmem_alloc);
75 skb_queue_tail(&sk->sk_receive_queue, skb);
76 sk->sk_data_ready(sk, skb->len);
77
78 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
79 rfcomm_dlc_throttle(d);
80 }
81
82 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
83 {
84 struct sock *sk = d->owner, *parent;
85 unsigned long flags;
86
87 if (!sk)
88 return;
89
90 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
91
92 local_irq_save(flags);
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114 local_irq_restore(flags);
115
116 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
117 /* We have to drop DLC lock here, otherwise
118 * rfcomm_sock_destruct() will dead lock. */
119 rfcomm_dlc_unlock(d);
120 rfcomm_sock_kill(sk);
121 rfcomm_dlc_lock(d);
122 }
123 }
124
125 /* ---- Socket functions ---- */
126 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
127 {
128 struct sock *sk = NULL;
129 struct hlist_node *node;
130
131 sk_for_each(sk, node, &rfcomm_sk_list.head) {
132 if (rfcomm_pi(sk)->channel == channel &&
133 !bacmp(&bt_sk(sk)->src, src))
134 break;
135 }
136
137 return node ? sk : NULL;
138 }
139
140 /* Find socket with channel and source bdaddr.
141 * Returns closest match.
142 */
143 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144 {
145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node;
147
148 sk_for_each(sk, node, &rfcomm_sk_list.head) {
149 if (state && sk->sk_state != state)
150 continue;
151
152 if (rfcomm_pi(sk)->channel == channel) {
153 /* Exact match. */
154 if (!bacmp(&bt_sk(sk)->src, src))
155 break;
156
157 /* Closest match */
158 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
159 sk1 = sk;
160 }
161 }
162 return node ? sk : sk1;
163 }
164
165 /* Find socket with given address (channel, src).
166 * Returns locked socket */
167 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
168 {
169 struct sock *s;
170 read_lock(&rfcomm_sk_list.lock);
171 s = __rfcomm_get_sock_by_channel(state, channel, src);
172 if (s) bh_lock_sock(s);
173 read_unlock(&rfcomm_sk_list.lock);
174 return s;
175 }
176
177 static void rfcomm_sock_destruct(struct sock *sk)
178 {
179 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
180
181 BT_DBG("sk %p dlc %p", sk, d);
182
183 skb_queue_purge(&sk->sk_receive_queue);
184 skb_queue_purge(&sk->sk_write_queue);
185
186 rfcomm_dlc_lock(d);
187 rfcomm_pi(sk)->dlc = NULL;
188
189 /* Detach DLC if it's owned by this socket */
190 if (d->owner == sk)
191 d->owner = NULL;
192 rfcomm_dlc_unlock(d);
193
194 rfcomm_dlc_put(d);
195 }
196
197 static void rfcomm_sock_cleanup_listen(struct sock *parent)
198 {
199 struct sock *sk;
200
201 BT_DBG("parent %p", parent);
202
203 /* Close not yet accepted dlcs */
204 while ((sk = bt_accept_dequeue(parent, NULL))) {
205 rfcomm_sock_close(sk);
206 rfcomm_sock_kill(sk);
207 }
208
209 parent->sk_state = BT_CLOSED;
210 sock_set_flag(parent, SOCK_ZAPPED);
211 }
212
213 /* Kill socket (only if zapped and orphan)
214 * Must be called on unlocked socket.
215 */
216 static void rfcomm_sock_kill(struct sock *sk)
217 {
218 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
219 return;
220
221 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
222
223 /* Kill poor orphan */
224 bt_sock_unlink(&rfcomm_sk_list, sk);
225 sock_set_flag(sk, SOCK_DEAD);
226 sock_put(sk);
227 }
228
229 static void __rfcomm_sock_close(struct sock *sk)
230 {
231 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
232
233 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
234
235 switch (sk->sk_state) {
236 case BT_LISTEN:
237 rfcomm_sock_cleanup_listen(sk);
238 break;
239
240 case BT_CONNECT:
241 case BT_CONNECT2:
242 case BT_CONFIG:
243 case BT_CONNECTED:
244 rfcomm_dlc_close(d, 0);
245
246 default:
247 sock_set_flag(sk, SOCK_ZAPPED);
248 break;
249 }
250 }
251
252 /* Close socket.
253 * Must be called on unlocked socket.
254 */
255 static void rfcomm_sock_close(struct sock *sk)
256 {
257 lock_sock(sk);
258 __rfcomm_sock_close(sk);
259 release_sock(sk);
260 }
261
262 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
263 {
264 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
265
266 BT_DBG("sk %p", sk);
267
268 if (parent) {
269 sk->sk_type = parent->sk_type;
270 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
271
272 pi->sec_level = rfcomm_pi(parent)->sec_level;
273 pi->role_switch = rfcomm_pi(parent)->role_switch;
274 } else {
275 pi->dlc->defer_setup = 0;
276
277 pi->sec_level = BT_SECURITY_LOW;
278 pi->role_switch = 0;
279 }
280
281 pi->dlc->sec_level = pi->sec_level;
282 pi->dlc->role_switch = pi->role_switch;
283 }
284
285 static struct proto rfcomm_proto = {
286 .name = "RFCOMM",
287 .owner = THIS_MODULE,
288 .obj_size = sizeof(struct rfcomm_pinfo)
289 };
290
291 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
292 {
293 struct rfcomm_dlc *d;
294 struct sock *sk;
295
296 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
297 if (!sk)
298 return NULL;
299
300 sock_init_data(sock, sk);
301 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
302
303 d = rfcomm_dlc_alloc(prio);
304 if (!d) {
305 sk_free(sk);
306 return NULL;
307 }
308
309 d->data_ready = rfcomm_sk_data_ready;
310 d->state_change = rfcomm_sk_state_change;
311
312 rfcomm_pi(sk)->dlc = d;
313 d->owner = sk;
314
315 sk->sk_destruct = rfcomm_sock_destruct;
316 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
317
318 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
319 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
320
321 sock_reset_flag(sk, SOCK_ZAPPED);
322
323 sk->sk_protocol = proto;
324 sk->sk_state = BT_OPEN;
325
326 bt_sock_link(&rfcomm_sk_list, sk);
327
328 BT_DBG("sk %p", sk);
329 return sk;
330 }
331
332 static int rfcomm_sock_create(struct net *net, struct socket *sock,
333 int protocol, int kern)
334 {
335 struct sock *sk;
336
337 BT_DBG("sock %p", sock);
338
339 sock->state = SS_UNCONNECTED;
340
341 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
342 return -ESOCKTNOSUPPORT;
343
344 sock->ops = &rfcomm_sock_ops;
345
346 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
347 if (!sk)
348 return -ENOMEM;
349
350 rfcomm_sock_init(sk, NULL);
351 return 0;
352 }
353
354 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
355 {
356 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
357 struct sock *sk = sock->sk;
358 int err = 0;
359
360 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
361
362 if (!addr || addr->sa_family != AF_BLUETOOTH)
363 return -EINVAL;
364
365 lock_sock(sk);
366
367 if (sk->sk_state != BT_OPEN) {
368 err = -EBADFD;
369 goto done;
370 }
371
372 if (sk->sk_type != SOCK_STREAM) {
373 err = -EINVAL;
374 goto done;
375 }
376
377 write_lock_bh(&rfcomm_sk_list.lock);
378
379 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
380 err = -EADDRINUSE;
381 } else {
382 /* Save source address */
383 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
384 rfcomm_pi(sk)->channel = sa->rc_channel;
385 sk->sk_state = BT_BOUND;
386 }
387
388 write_unlock_bh(&rfcomm_sk_list.lock);
389
390 done:
391 release_sock(sk);
392 return err;
393 }
394
395 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
396 {
397 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
398 struct sock *sk = sock->sk;
399 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
400 int err = 0;
401
402 BT_DBG("sk %p", sk);
403
404 if (alen < sizeof(struct sockaddr_rc) ||
405 addr->sa_family != AF_BLUETOOTH)
406 return -EINVAL;
407
408 lock_sock(sk);
409
410 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
411 err = -EBADFD;
412 goto done;
413 }
414
415 if (sk->sk_type != SOCK_STREAM) {
416 err = -EINVAL;
417 goto done;
418 }
419
420 sk->sk_state = BT_CONNECT;
421 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
422 rfcomm_pi(sk)->channel = sa->rc_channel;
423
424 d->sec_level = rfcomm_pi(sk)->sec_level;
425 d->role_switch = rfcomm_pi(sk)->role_switch;
426
427 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
428 if (!err)
429 err = bt_sock_wait_state(sk, BT_CONNECTED,
430 sock_sndtimeo(sk, flags & O_NONBLOCK));
431
432 done:
433 release_sock(sk);
434 return err;
435 }
436
437 static int rfcomm_sock_listen(struct socket *sock, int backlog)
438 {
439 struct sock *sk = sock->sk;
440 int err = 0;
441
442 BT_DBG("sk %p backlog %d", sk, backlog);
443
444 lock_sock(sk);
445
446 if (sk->sk_state != BT_BOUND) {
447 err = -EBADFD;
448 goto done;
449 }
450
451 if (sk->sk_type != SOCK_STREAM) {
452 err = -EINVAL;
453 goto done;
454 }
455
456 if (!rfcomm_pi(sk)->channel) {
457 bdaddr_t *src = &bt_sk(sk)->src;
458 u8 channel;
459
460 err = -EINVAL;
461
462 write_lock_bh(&rfcomm_sk_list.lock);
463
464 for (channel = 1; channel < 31; channel++)
465 if (!__rfcomm_get_sock_by_addr(channel, src)) {
466 rfcomm_pi(sk)->channel = channel;
467 err = 0;
468 break;
469 }
470
471 write_unlock_bh(&rfcomm_sk_list.lock);
472
473 if (err < 0)
474 goto done;
475 }
476
477 sk->sk_max_ack_backlog = backlog;
478 sk->sk_ack_backlog = 0;
479 sk->sk_state = BT_LISTEN;
480
481 done:
482 release_sock(sk);
483 return err;
484 }
485
486 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
487 {
488 DECLARE_WAITQUEUE(wait, current);
489 struct sock *sk = sock->sk, *nsk;
490 long timeo;
491 int err = 0;
492
493 lock_sock(sk);
494
495 if (sk->sk_state != BT_LISTEN) {
496 err = -EBADFD;
497 goto done;
498 }
499
500 if (sk->sk_type != SOCK_STREAM) {
501 err = -EINVAL;
502 goto done;
503 }
504
505 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
506
507 BT_DBG("sk %p timeo %ld", sk, timeo);
508
509 /* Wait for an incoming connection. (wake-one). */
510 add_wait_queue_exclusive(sk_sleep(sk), &wait);
511 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
512 set_current_state(TASK_INTERRUPTIBLE);
513 if (!timeo) {
514 err = -EAGAIN;
515 break;
516 }
517
518 release_sock(sk);
519 timeo = schedule_timeout(timeo);
520 lock_sock(sk);
521
522 if (sk->sk_state != BT_LISTEN) {
523 err = -EBADFD;
524 break;
525 }
526
527 if (signal_pending(current)) {
528 err = sock_intr_errno(timeo);
529 break;
530 }
531 }
532 set_current_state(TASK_RUNNING);
533 remove_wait_queue(sk_sleep(sk), &wait);
534
535 if (err)
536 goto done;
537
538 newsock->state = SS_CONNECTED;
539
540 BT_DBG("new socket %p", nsk);
541
542 done:
543 release_sock(sk);
544 return err;
545 }
546
547 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
548 {
549 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
550 struct sock *sk = sock->sk;
551
552 BT_DBG("sock %p, sk %p", sock, sk);
553
554 sa->rc_family = AF_BLUETOOTH;
555 sa->rc_channel = rfcomm_pi(sk)->channel;
556 if (peer)
557 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
558 else
559 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
560
561 *len = sizeof(struct sockaddr_rc);
562 return 0;
563 }
564
565 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
566 struct msghdr *msg, size_t len)
567 {
568 struct sock *sk = sock->sk;
569 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
570 struct sk_buff *skb;
571 int sent = 0;
572
573 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
574 return -ENOTCONN;
575
576 if (msg->msg_flags & MSG_OOB)
577 return -EOPNOTSUPP;
578
579 if (sk->sk_shutdown & SEND_SHUTDOWN)
580 return -EPIPE;
581
582 BT_DBG("sock %p, sk %p", sock, sk);
583
584 lock_sock(sk);
585
586 while (len) {
587 size_t size = min_t(size_t, len, d->mtu);
588 int err;
589
590 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
591 msg->msg_flags & MSG_DONTWAIT, &err);
592 if (!skb) {
593 if (sent == 0)
594 sent = err;
595 break;
596 }
597 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
598
599 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
600 if (err) {
601 kfree_skb(skb);
602 if (sent == 0)
603 sent = err;
604 break;
605 }
606
607 err = rfcomm_dlc_send(d, skb);
608 if (err < 0) {
609 kfree_skb(skb);
610 if (sent == 0)
611 sent = err;
612 break;
613 }
614
615 sent += size;
616 len -= size;
617 }
618
619 release_sock(sk);
620
621 return sent;
622 }
623
624 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
625 {
626 DECLARE_WAITQUEUE(wait, current);
627
628 add_wait_queue(sk_sleep(sk), &wait);
629 for (;;) {
630 set_current_state(TASK_INTERRUPTIBLE);
631
632 if (!skb_queue_empty(&sk->sk_receive_queue) ||
633 sk->sk_err ||
634 (sk->sk_shutdown & RCV_SHUTDOWN) ||
635 signal_pending(current) ||
636 !timeo)
637 break;
638
639 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
640 release_sock(sk);
641 timeo = schedule_timeout(timeo);
642 lock_sock(sk);
643 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
644 }
645
646 __set_current_state(TASK_RUNNING);
647 remove_wait_queue(sk_sleep(sk), &wait);
648 return timeo;
649 }
650
651 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
652 struct msghdr *msg, size_t size, int flags)
653 {
654 struct sock *sk = sock->sk;
655 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
656 int err = 0;
657 size_t target, copied = 0;
658 long timeo;
659
660 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
661 rfcomm_dlc_accept(d);
662 return 0;
663 }
664
665 if (flags & MSG_OOB)
666 return -EOPNOTSUPP;
667
668 msg->msg_namelen = 0;
669
670 BT_DBG("sk %p size %zu", sk, size);
671
672 lock_sock(sk);
673
674 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
675 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
676
677 do {
678 struct sk_buff *skb;
679 int chunk;
680
681 skb = skb_dequeue(&sk->sk_receive_queue);
682 if (!skb) {
683 if (copied >= target)
684 break;
685
686 if ((err = sock_error(sk)) != 0)
687 break;
688 if (sk->sk_shutdown & RCV_SHUTDOWN)
689 break;
690
691 err = -EAGAIN;
692 if (!timeo)
693 break;
694
695 timeo = rfcomm_sock_data_wait(sk, timeo);
696
697 if (signal_pending(current)) {
698 err = sock_intr_errno(timeo);
699 goto out;
700 }
701 continue;
702 }
703
704 chunk = min_t(unsigned int, skb->len, size);
705 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
706 skb_queue_head(&sk->sk_receive_queue, skb);
707 if (!copied)
708 copied = -EFAULT;
709 break;
710 }
711 copied += chunk;
712 size -= chunk;
713
714 sock_recv_ts_and_drops(msg, sk, skb);
715
716 if (!(flags & MSG_PEEK)) {
717 atomic_sub(chunk, &sk->sk_rmem_alloc);
718
719 skb_pull(skb, chunk);
720 if (skb->len) {
721 skb_queue_head(&sk->sk_receive_queue, skb);
722 break;
723 }
724 kfree_skb(skb);
725
726 } else {
727 /* put message back and return */
728 skb_queue_head(&sk->sk_receive_queue, skb);
729 break;
730 }
731 } while (size);
732
733 out:
734 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
735 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
736
737 release_sock(sk);
738 return copied ? : err;
739 }
740
741 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
742 {
743 struct sock *sk = sock->sk;
744 int err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
748
749 lock_sock(sk);
750
751 switch (optname) {
752 case RFCOMM_LM:
753 if (get_user(opt, (u32 __user *) optval)) {
754 err = -EFAULT;
755 break;
756 }
757
758 if (opt & RFCOMM_LM_AUTH)
759 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
760 if (opt & RFCOMM_LM_ENCRYPT)
761 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
762 if (opt & RFCOMM_LM_SECURE)
763 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
764
765 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
766 break;
767
768 default:
769 err = -ENOPROTOOPT;
770 break;
771 }
772
773 release_sock(sk);
774 return err;
775 }
776
777 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
778 {
779 struct sock *sk = sock->sk;
780 struct bt_security sec;
781 int len, err = 0;
782 u32 opt;
783
784 BT_DBG("sk %p", sk);
785
786 if (level == SOL_RFCOMM)
787 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
788
789 if (level != SOL_BLUETOOTH)
790 return -ENOPROTOOPT;
791
792 lock_sock(sk);
793
794 switch (optname) {
795 case BT_SECURITY:
796 if (sk->sk_type != SOCK_STREAM) {
797 err = -EINVAL;
798 break;
799 }
800
801 sec.level = BT_SECURITY_LOW;
802
803 len = min_t(unsigned int, sizeof(sec), optlen);
804 if (copy_from_user((char *) &sec, optval, len)) {
805 err = -EFAULT;
806 break;
807 }
808
809 if (sec.level > BT_SECURITY_HIGH) {
810 err = -EINVAL;
811 break;
812 }
813
814 rfcomm_pi(sk)->sec_level = sec.level;
815 break;
816
817 case BT_DEFER_SETUP:
818 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
819 err = -EINVAL;
820 break;
821 }
822
823 if (get_user(opt, (u32 __user *) optval)) {
824 err = -EFAULT;
825 break;
826 }
827
828 bt_sk(sk)->defer_setup = opt;
829 break;
830
831 default:
832 err = -ENOPROTOOPT;
833 break;
834 }
835
836 release_sock(sk);
837 return err;
838 }
839
840 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
841 {
842 struct sock *sk = sock->sk;
843 struct sock *l2cap_sk;
844 struct rfcomm_conninfo cinfo;
845 int len, err = 0;
846 u32 opt;
847
848 BT_DBG("sk %p", sk);
849
850 if (get_user(len, optlen))
851 return -EFAULT;
852
853 lock_sock(sk);
854
855 switch (optname) {
856 case RFCOMM_LM:
857 switch (rfcomm_pi(sk)->sec_level) {
858 case BT_SECURITY_LOW:
859 opt = RFCOMM_LM_AUTH;
860 break;
861 case BT_SECURITY_MEDIUM:
862 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
863 break;
864 case BT_SECURITY_HIGH:
865 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
866 RFCOMM_LM_SECURE;
867 break;
868 default:
869 opt = 0;
870 break;
871 }
872
873 if (rfcomm_pi(sk)->role_switch)
874 opt |= RFCOMM_LM_MASTER;
875
876 if (put_user(opt, (u32 __user *) optval))
877 err = -EFAULT;
878 break;
879
880 case RFCOMM_CONNINFO:
881 if (sk->sk_state != BT_CONNECTED &&
882 !rfcomm_pi(sk)->dlc->defer_setup) {
883 err = -ENOTCONN;
884 break;
885 }
886
887 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
888
889 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
890 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
891
892 len = min_t(unsigned int, len, sizeof(cinfo));
893 if (copy_to_user(optval, (char *) &cinfo, len))
894 err = -EFAULT;
895
896 break;
897
898 default:
899 err = -ENOPROTOOPT;
900 break;
901 }
902
903 release_sock(sk);
904 return err;
905 }
906
907 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
908 {
909 struct sock *sk = sock->sk;
910 struct bt_security sec;
911 int len, err = 0;
912
913 BT_DBG("sk %p", sk);
914
915 if (level == SOL_RFCOMM)
916 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
917
918 if (level != SOL_BLUETOOTH)
919 return -ENOPROTOOPT;
920
921 if (get_user(len, optlen))
922 return -EFAULT;
923
924 lock_sock(sk);
925
926 switch (optname) {
927 case BT_SECURITY:
928 if (sk->sk_type != SOCK_STREAM) {
929 err = -EINVAL;
930 break;
931 }
932
933 sec.level = rfcomm_pi(sk)->sec_level;
934
935 len = min_t(unsigned int, len, sizeof(sec));
936 if (copy_to_user(optval, (char *) &sec, len))
937 err = -EFAULT;
938
939 break;
940
941 case BT_DEFER_SETUP:
942 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
943 err = -EINVAL;
944 break;
945 }
946
947 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
948 err = -EFAULT;
949
950 break;
951
952 default:
953 err = -ENOPROTOOPT;
954 break;
955 }
956
957 release_sock(sk);
958 return err;
959 }
960
961 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
962 {
963 struct sock *sk __maybe_unused = sock->sk;
964 int err;
965
966 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
967
968 err = bt_sock_ioctl(sock, cmd, arg);
969
970 if (err == -ENOIOCTLCMD) {
971 #ifdef CONFIG_BT_RFCOMM_TTY
972 lock_sock(sk);
973 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
974 release_sock(sk);
975 #else
976 err = -EOPNOTSUPP;
977 #endif
978 }
979
980 return err;
981 }
982
983 static int rfcomm_sock_shutdown(struct socket *sock, int how)
984 {
985 struct sock *sk = sock->sk;
986 int err = 0;
987
988 BT_DBG("sock %p, sk %p", sock, sk);
989
990 if (!sk) return 0;
991
992 lock_sock(sk);
993 if (!sk->sk_shutdown) {
994 sk->sk_shutdown = SHUTDOWN_MASK;
995 __rfcomm_sock_close(sk);
996
997 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
998 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
999 }
1000 release_sock(sk);
1001 return err;
1002 }
1003
1004 static int rfcomm_sock_release(struct socket *sock)
1005 {
1006 struct sock *sk = sock->sk;
1007 int err;
1008
1009 BT_DBG("sock %p, sk %p", sock, sk);
1010
1011 if (!sk)
1012 return 0;
1013
1014 err = rfcomm_sock_shutdown(sock, 2);
1015
1016 sock_orphan(sk);
1017 rfcomm_sock_kill(sk);
1018 return err;
1019 }
1020
1021 /* ---- RFCOMM core layer callbacks ----
1022 *
1023 * called under rfcomm_lock()
1024 */
1025 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
1026 {
1027 struct sock *sk, *parent;
1028 bdaddr_t src, dst;
1029 int result = 0;
1030
1031 BT_DBG("session %p channel %d", s, channel);
1032
1033 rfcomm_session_getaddr(s, &src, &dst);
1034
1035 /* Check if we have socket listening on channel */
1036 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
1037 if (!parent)
1038 return 0;
1039
1040 /* Check for backlog size */
1041 if (sk_acceptq_is_full(parent)) {
1042 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1043 goto done;
1044 }
1045
1046 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1047 if (!sk)
1048 goto done;
1049
1050 rfcomm_sock_init(sk, parent);
1051 bacpy(&bt_sk(sk)->src, &src);
1052 bacpy(&bt_sk(sk)->dst, &dst);
1053 rfcomm_pi(sk)->channel = channel;
1054
1055 sk->sk_state = BT_CONFIG;
1056 bt_accept_enqueue(parent, sk);
1057
1058 /* Accept connection and return socket DLC */
1059 *d = rfcomm_pi(sk)->dlc;
1060 result = 1;
1061
1062 done:
1063 bh_unlock_sock(parent);
1064
1065 if (bt_sk(parent)->defer_setup)
1066 parent->sk_state_change(parent);
1067
1068 return result;
1069 }
1070
1071 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1072 {
1073 struct sock *sk;
1074 struct hlist_node *node;
1075
1076 read_lock_bh(&rfcomm_sk_list.lock);
1077
1078 sk_for_each(sk, node, &rfcomm_sk_list.head) {
1079 seq_printf(f, "%s %s %d %d\n",
1080 batostr(&bt_sk(sk)->src),
1081 batostr(&bt_sk(sk)->dst),
1082 sk->sk_state, rfcomm_pi(sk)->channel);
1083 }
1084
1085 read_unlock_bh(&rfcomm_sk_list.lock);
1086
1087 return 0;
1088 }
1089
1090 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1091 {
1092 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1093 }
1094
1095 static const struct file_operations rfcomm_sock_debugfs_fops = {
1096 .open = rfcomm_sock_debugfs_open,
1097 .read = seq_read,
1098 .llseek = seq_lseek,
1099 .release = single_release,
1100 };
1101
1102 static struct dentry *rfcomm_sock_debugfs;
1103
1104 static const struct proto_ops rfcomm_sock_ops = {
1105 .family = PF_BLUETOOTH,
1106 .owner = THIS_MODULE,
1107 .release = rfcomm_sock_release,
1108 .bind = rfcomm_sock_bind,
1109 .connect = rfcomm_sock_connect,
1110 .listen = rfcomm_sock_listen,
1111 .accept = rfcomm_sock_accept,
1112 .getname = rfcomm_sock_getname,
1113 .sendmsg = rfcomm_sock_sendmsg,
1114 .recvmsg = rfcomm_sock_recvmsg,
1115 .shutdown = rfcomm_sock_shutdown,
1116 .setsockopt = rfcomm_sock_setsockopt,
1117 .getsockopt = rfcomm_sock_getsockopt,
1118 .ioctl = rfcomm_sock_ioctl,
1119 .poll = bt_sock_poll,
1120 .socketpair = sock_no_socketpair,
1121 .mmap = sock_no_mmap
1122 };
1123
1124 static const struct net_proto_family rfcomm_sock_family_ops = {
1125 .family = PF_BLUETOOTH,
1126 .owner = THIS_MODULE,
1127 .create = rfcomm_sock_create
1128 };
1129
1130 int __init rfcomm_init_sockets(void)
1131 {
1132 int err;
1133
1134 err = proto_register(&rfcomm_proto, 0);
1135 if (err < 0)
1136 return err;
1137
1138 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1139 if (err < 0)
1140 goto error;
1141
1142 if (bt_debugfs) {
1143 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1144 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1145 if (!rfcomm_sock_debugfs)
1146 BT_ERR("Failed to create RFCOMM debug file");
1147 }
1148
1149 BT_INFO("RFCOMM socket layer initialized");
1150
1151 return 0;
1152
1153 error:
1154 BT_ERR("RFCOMM socket layer registration failed");
1155 proto_unregister(&rfcomm_proto);
1156 return err;
1157 }
1158
1159 void __exit rfcomm_cleanup_sockets(void)
1160 {
1161 debugfs_remove(rfcomm_sock_debugfs);
1162
1163 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1164 BT_ERR("RFCOMM socket layer unregistration failed");
1165
1166 proto_unregister(&rfcomm_proto);
1167 }
Tomato firmware and modifications.