1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 * 27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 33 #include <linux/types.h> 34 #include <linux/errno.h> 35 #include <linux/kernel.h> 36 #include <linux/sched.h> 37 #include <linux/slab.h> 38 #include <linux/poll.h> 39 #include <linux/fcntl.h> 40 #include <linux/init.h> 41 #include <linux/interrupt.h> 42 #include <linux/socket.h> 43 #include <linux/skbuff.h> 44 #include <linux/list.h> 45 #include <linux/proc_fs.h> 46 #include <linux/seq_file.h> 47 #include <net/sock.h> 48 49 #include <asm/system.h> 50 #include <asm/uaccess.h> 51 52 #include <net/bluetooth/bluetooth.h> 53 #include <net/bluetooth/hci_core.h> 54 #include <net/bluetooth/l2cap.h> 55 #include <net/bluetooth/rfcomm.h> 56 57 #ifndef CONFIG_BT_RFCOMM_DEBUG 58 #undef BT_DBG 59 #define BT_DBG(D...) 60 #endif 61 62 static struct proto_ops rfcomm_sock_ops; 63 64 static struct bt_sock_list rfcomm_sk_list = { 65 .lock = RW_LOCK_UNLOCKED 66 }; 67 68 static void rfcomm_sock_close(struct sock *sk); 69 static void rfcomm_sock_kill(struct sock *sk); 70 71 /* ---- DLC callbacks ---- 72 * 73 * called under rfcomm_dlc_lock() 74 */ 75 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 76 { 77 struct sock *sk = d->owner; 78 if (!sk) 79 return; 80 81 atomic_add(skb->len, &sk->sk_rmem_alloc); 82 skb_queue_tail(&sk->sk_receive_queue, skb); 83 sk->sk_data_ready(sk, skb->len); 84 85 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 86 rfcomm_dlc_throttle(d); 87 } 88 89 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 90 { 91 struct sock *sk = d->owner, *parent; 92 if (!sk) 93 return; 94 95 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 96 97 bh_lock_sock(sk); 98 99 if (err) 100 sk->sk_err = err; 101 102 sk->sk_state = d->state; 103 104 parent = bt_sk(sk)->parent; 105 if (parent) { 106 if (d->state == BT_CLOSED) { 107 sock_set_flag(sk, SOCK_ZAPPED); 108 bt_accept_unlink(sk); 109 } 110 parent->sk_data_ready(parent, 0); 111 } else { 112 if (d->state == BT_CONNECTED) 113 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 114 sk->sk_state_change(sk); 115 } 116 117 bh_unlock_sock(sk); 118 119 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 120 /* We have to drop DLC lock here, otherwise 121 * rfcomm_sock_destruct() will dead lock. */ 122 rfcomm_dlc_unlock(d); 123 rfcomm_sock_kill(sk); 124 rfcomm_dlc_lock(d); 125 } 126 } 127 128 /* ---- Socket functions ---- */ 129 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL; 132 struct hlist_node *node; 133 134 sk_for_each(sk, node, &rfcomm_sk_list.head) { 135 if (rfcomm_pi(sk)->channel == channel && 136 !bacmp(&bt_sk(sk)->src, src)) 137 break; 138 } 139 140 return node ? sk : NULL; 141 } 142 143 /* Find socket with channel and source bdaddr. 144 * Returns closest match. 145 */ 146 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 147 { 148 struct sock *sk = NULL, *sk1 = NULL; 149 struct hlist_node *node; 150 151 sk_for_each(sk, node, &rfcomm_sk_list.head) { 152 if (state && sk->sk_state != state) 153 continue; 154 155 if (rfcomm_pi(sk)->channel == channel) { 156 /* Exact match. */ 157 if (!bacmp(&bt_sk(sk)->src, src)) 158 break; 159 160 /* Closest match */ 161 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 162 sk1 = sk; 163 } 164 } 165 return node ? sk : sk1; 166 } 167 168 /* Find socket with given address (channel, src). 169 * Returns locked socket */ 170 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 171 { 172 struct sock *s; 173 read_lock(&rfcomm_sk_list.lock); 174 s = __rfcomm_get_sock_by_channel(state, channel, src); 175 if (s) bh_lock_sock(s); 176 read_unlock(&rfcomm_sk_list.lock); 177 return s; 178 } 179 180 static void rfcomm_sock_destruct(struct sock *sk) 181 { 182 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 183 184 BT_DBG("sk %p dlc %p", sk, d); 185 186 skb_queue_purge(&sk->sk_receive_queue); 187 skb_queue_purge(&sk->sk_write_queue); 188 189 rfcomm_dlc_lock(d); 190 rfcomm_pi(sk)->dlc = NULL; 191 192 /* Detach DLC if it's owned by this socket */ 193 if (d->owner == sk) 194 d->owner = NULL; 195 rfcomm_dlc_unlock(d); 196 197 rfcomm_dlc_put(d); 198 } 199 200 static void rfcomm_sock_cleanup_listen(struct sock *parent) 201 { 202 struct sock *sk; 203 204 BT_DBG("parent %p", parent); 205 206 /* Close not yet accepted dlcs */ 207 while ((sk = bt_accept_dequeue(parent, NULL))) { 208 rfcomm_sock_close(sk); 209 rfcomm_sock_kill(sk); 210 } 211 212 parent->sk_state = BT_CLOSED; 213 sock_set_flag(parent, SOCK_ZAPPED); 214 } 215 216 /* Kill socket (only if zapped and orphan) 217 * Must be called on unlocked socket. 218 */ 219 static void rfcomm_sock_kill(struct sock *sk) 220 { 221 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 222 return; 223 224 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 225 226 /* Kill poor orphan */ 227 bt_sock_unlink(&rfcomm_sk_list, sk); 228 sock_set_flag(sk, SOCK_DEAD); 229 sock_put(sk); 230 } 231 232 static void __rfcomm_sock_close(struct sock *sk) 233 { 234 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 235 236 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 237 238 switch (sk->sk_state) { 239 case BT_LISTEN: 240 rfcomm_sock_cleanup_listen(sk); 241 break; 242 243 case BT_CONNECT: 244 case BT_CONNECT2: 245 case BT_CONFIG: 246 case BT_CONNECTED: 247 rfcomm_dlc_close(d, 0); 248 249 default: 250 sock_set_flag(sk, SOCK_ZAPPED); 251 break; 252 } 253 } 254 255 /* Close socket. 256 * Must be called on unlocked socket. 257 */ 258 static void rfcomm_sock_close(struct sock *sk) 259 { 260 lock_sock(sk); 261 __rfcomm_sock_close(sk); 262 release_sock(sk); 263 } 264 265 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 266 { 267 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 268 269 BT_DBG("sk %p", sk); 270 271 if (parent) { 272 sk->sk_type = parent->sk_type; 273 pi->link_mode = rfcomm_pi(parent)->link_mode; 274 } else { 275 pi->link_mode = 0; 276 } 277 278 pi->dlc->link_mode = pi->link_mode; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, unsigned int __nocast prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct socket *sock, int protocol) 329 { 330 struct sock *sk; 331 332 BT_DBG("sock %p", sock); 333 334 sock->state = SS_UNCONNECTED; 335 336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 337 return -ESOCKTNOSUPPORT; 338 339 sock->ops = &rfcomm_sock_ops; 340 341 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL))) 342 return -ENOMEM; 343 344 rfcomm_sock_init(sk, NULL); 345 return 0; 346 } 347 348 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 349 { 350 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 351 struct sock *sk = sock->sk; 352 int err = 0; 353 354 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 355 356 if (!addr || addr->sa_family != AF_BLUETOOTH) 357 return -EINVAL; 358 359 lock_sock(sk); 360 361 if (sk->sk_state != BT_OPEN) { 362 err = -EBADFD; 363 goto done; 364 } 365 366 write_lock_bh(&rfcomm_sk_list.lock); 367 368 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 369 err = -EADDRINUSE; 370 } else { 371 /* Save source address */ 372 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 373 rfcomm_pi(sk)->channel = sa->rc_channel; 374 sk->sk_state = BT_BOUND; 375 } 376 377 write_unlock_bh(&rfcomm_sk_list.lock); 378 379 done: 380 release_sock(sk); 381 return err; 382 } 383 384 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 385 { 386 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 387 struct sock *sk = sock->sk; 388 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 389 int err = 0; 390 391 BT_DBG("sk %p", sk); 392 393 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 394 return -EINVAL; 395 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 397 return -EBADFD; 398 399 if (sk->sk_type != SOCK_STREAM) 400 return -EINVAL; 401 402 lock_sock(sk); 403 404 sk->sk_state = BT_CONNECT; 405 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 406 rfcomm_pi(sk)->channel = sa->rc_channel; 407 408 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 409 if (!err) 410 err = bt_sock_wait_state(sk, BT_CONNECTED, 411 sock_sndtimeo(sk, flags & O_NONBLOCK)); 412 413 release_sock(sk); 414 return err; 415 } 416 417 static int rfcomm_sock_listen(struct socket *sock, int backlog) 418 { 419 struct sock *sk = sock->sk; 420 int err = 0; 421 422 BT_DBG("sk %p backlog %d", sk, backlog); 423 424 lock_sock(sk); 425 426 if (sk->sk_state != BT_BOUND) { 427 err = -EBADFD; 428 goto done; 429 } 430 431 if (!rfcomm_pi(sk)->channel) { 432 bdaddr_t *src = &bt_sk(sk)->src; 433 u8 channel; 434 435 err = -EINVAL; 436 437 write_lock_bh(&rfcomm_sk_list.lock); 438 439 for (channel = 1; channel < 31; channel++) 440 if (!__rfcomm_get_sock_by_addr(channel, src)) { 441 rfcomm_pi(sk)->channel = channel; 442 err = 0; 443 break; 444 } 445 446 write_unlock_bh(&rfcomm_sk_list.lock); 447 448 if (err < 0) 449 goto done; 450 } 451 452 sk->sk_max_ack_backlog = backlog; 453 sk->sk_ack_backlog = 0; 454 sk->sk_state = BT_LISTEN; 455 456 done: 457 release_sock(sk); 458 return err; 459 } 460 461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 462 { 463 DECLARE_WAITQUEUE(wait, current); 464 struct sock *sk = sock->sk, *nsk; 465 long timeo; 466 int err = 0; 467 468 lock_sock(sk); 469 470 if (sk->sk_state != BT_LISTEN) { 471 err = -EBADFD; 472 goto done; 473 } 474 475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 476 477 BT_DBG("sk %p timeo %ld", sk, timeo); 478 479 /* Wait for an incoming connection. (wake-one). */ 480 add_wait_queue_exclusive(sk->sk_sleep, &wait); 481 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 482 set_current_state(TASK_INTERRUPTIBLE); 483 if (!timeo) { 484 err = -EAGAIN; 485 break; 486 } 487 488 release_sock(sk); 489 timeo = schedule_timeout(timeo); 490 lock_sock(sk); 491 492 if (sk->sk_state != BT_LISTEN) { 493 err = -EBADFD; 494 break; 495 } 496 497 if (signal_pending(current)) { 498 err = sock_intr_errno(timeo); 499 break; 500 } 501 } 502 set_current_state(TASK_RUNNING); 503 remove_wait_queue(sk->sk_sleep, &wait); 504 505 if (err) 506 goto done; 507 508 newsock->state = SS_CONNECTED; 509 510 BT_DBG("new socket %p", nsk); 511 512 done: 513 release_sock(sk); 514 return err; 515 } 516 517 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 518 { 519 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 520 struct sock *sk = sock->sk; 521 522 BT_DBG("sock %p, sk %p", sock, sk); 523 524 sa->rc_family = AF_BLUETOOTH; 525 sa->rc_channel = rfcomm_pi(sk)->channel; 526 if (peer) 527 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 528 else 529 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 530 531 *len = sizeof(struct sockaddr_rc); 532 return 0; 533 } 534 535 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 536 struct msghdr *msg, size_t len) 537 { 538 struct sock *sk = sock->sk; 539 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 540 struct sk_buff *skb; 541 int err; 542 int sent = 0; 543 544 if (msg->msg_flags & MSG_OOB) 545 return -EOPNOTSUPP; 546 547 if (sk->sk_shutdown & SEND_SHUTDOWN) 548 return -EPIPE; 549 550 BT_DBG("sock %p, sk %p", sock, sk); 551 552 lock_sock(sk); 553 554 while (len) { 555 size_t size = min_t(size_t, len, d->mtu); 556 557 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 558 msg->msg_flags & MSG_DONTWAIT, &err); 559 if (!skb) 560 break; 561 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 562 563 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 564 if (err) { 565 kfree_skb(skb); 566 sent = err; 567 break; 568 } 569 570 err = rfcomm_dlc_send(d, skb); 571 if (err < 0) { 572 kfree_skb(skb); 573 break; 574 } 575 576 sent += size; 577 len -= size; 578 } 579 580 release_sock(sk); 581 582 return sent ? sent : err; 583 } 584 585 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 586 { 587 DECLARE_WAITQUEUE(wait, current); 588 589 add_wait_queue(sk->sk_sleep, &wait); 590 for (;;) { 591 set_current_state(TASK_INTERRUPTIBLE); 592 593 if (!skb_queue_empty(&sk->sk_receive_queue) || 594 sk->sk_err || 595 (sk->sk_shutdown & RCV_SHUTDOWN) || 596 signal_pending(current) || 597 !timeo) 598 break; 599 600 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 601 release_sock(sk); 602 timeo = schedule_timeout(timeo); 603 lock_sock(sk); 604 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 605 } 606 607 __set_current_state(TASK_RUNNING); 608 remove_wait_queue(sk->sk_sleep, &wait); 609 return timeo; 610 } 611 612 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 613 struct msghdr *msg, size_t size, int flags) 614 { 615 struct sock *sk = sock->sk; 616 int err = 0; 617 size_t target, copied = 0; 618 long timeo; 619 620 if (flags & MSG_OOB) 621 return -EOPNOTSUPP; 622 623 msg->msg_namelen = 0; 624 625 BT_DBG("sk %p size %d", sk, size); 626 627 lock_sock(sk); 628 629 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 630 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 631 632 do { 633 struct sk_buff *skb; 634 int chunk; 635 636 skb = skb_dequeue(&sk->sk_receive_queue); 637 if (!skb) { 638 if (copied >= target) 639 break; 640 641 if ((err = sock_error(sk)) != 0) 642 break; 643 if (sk->sk_shutdown & RCV_SHUTDOWN) 644 break; 645 646 err = -EAGAIN; 647 if (!timeo) 648 break; 649 650 timeo = rfcomm_sock_data_wait(sk, timeo); 651 652 if (signal_pending(current)) { 653 err = sock_intr_errno(timeo); 654 goto out; 655 } 656 continue; 657 } 658 659 chunk = min_t(unsigned int, skb->len, size); 660 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 661 skb_queue_head(&sk->sk_receive_queue, skb); 662 if (!copied) 663 copied = -EFAULT; 664 break; 665 } 666 copied += chunk; 667 size -= chunk; 668 669 if (!(flags & MSG_PEEK)) { 670 atomic_sub(chunk, &sk->sk_rmem_alloc); 671 672 skb_pull(skb, chunk); 673 if (skb->len) { 674 skb_queue_head(&sk->sk_receive_queue, skb); 675 break; 676 } 677 kfree_skb(skb); 678 679 } else { 680 /* put message back and return */ 681 skb_queue_head(&sk->sk_receive_queue, skb); 682 break; 683 } 684 } while (size); 685 686 out: 687 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 688 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 689 690 release_sock(sk); 691 return copied ? : err; 692 } 693 694 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 695 { 696 struct sock *sk = sock->sk; 697 int err = 0; 698 u32 opt; 699 700 BT_DBG("sk %p", sk); 701 702 lock_sock(sk); 703 704 switch (optname) { 705 case RFCOMM_LM: 706 if (get_user(opt, (u32 __user *) optval)) { 707 err = -EFAULT; 708 break; 709 } 710 711 rfcomm_pi(sk)->link_mode = opt; 712 break; 713 714 default: 715 err = -ENOPROTOOPT; 716 break; 717 } 718 719 release_sock(sk); 720 return err; 721 } 722 723 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 724 { 725 struct sock *sk = sock->sk; 726 struct sock *l2cap_sk; 727 struct rfcomm_conninfo cinfo; 728 int len, err = 0; 729 730 BT_DBG("sk %p", sk); 731 732 if (get_user(len, optlen)) 733 return -EFAULT; 734 735 lock_sock(sk); 736 737 switch (optname) { 738 case RFCOMM_LM: 739 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 740 err = -EFAULT; 741 break; 742 743 case RFCOMM_CONNINFO: 744 if (sk->sk_state != BT_CONNECTED) { 745 err = -ENOTCONN; 746 break; 747 } 748 749 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 750 751 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 752 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 753 754 len = min_t(unsigned int, len, sizeof(cinfo)); 755 if (copy_to_user(optval, (char *) &cinfo, len)) 756 err = -EFAULT; 757 758 break; 759 760 default: 761 err = -ENOPROTOOPT; 762 break; 763 } 764 765 release_sock(sk); 766 return err; 767 } 768 769 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 770 { 771 struct sock *sk = sock->sk; 772 int err; 773 774 lock_sock(sk); 775 776 #ifdef CONFIG_BT_RFCOMM_TTY 777 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 778 #else 779 err = -EOPNOTSUPP; 780 #endif 781 782 release_sock(sk); 783 return err; 784 } 785 786 static int rfcomm_sock_shutdown(struct socket *sock, int how) 787 { 788 struct sock *sk = sock->sk; 789 int err = 0; 790 791 BT_DBG("sock %p, sk %p", sock, sk); 792 793 if (!sk) return 0; 794 795 lock_sock(sk); 796 if (!sk->sk_shutdown) { 797 sk->sk_shutdown = SHUTDOWN_MASK; 798 __rfcomm_sock_close(sk); 799 800 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 801 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 802 } 803 release_sock(sk); 804 return err; 805 } 806 807 static int rfcomm_sock_release(struct socket *sock) 808 { 809 struct sock *sk = sock->sk; 810 int err; 811 812 BT_DBG("sock %p, sk %p", sock, sk); 813 814 if (!sk) 815 return 0; 816 817 err = rfcomm_sock_shutdown(sock, 2); 818 819 sock_orphan(sk); 820 rfcomm_sock_kill(sk); 821 return err; 822 } 823 824 /* ---- RFCOMM core layer callbacks ---- 825 * 826 * called under rfcomm_lock() 827 */ 828 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 829 { 830 struct sock *sk, *parent; 831 bdaddr_t src, dst; 832 int result = 0; 833 834 BT_DBG("session %p channel %d", s, channel); 835 836 rfcomm_session_getaddr(s, &src, &dst); 837 838 /* Check if we have socket listening on channel */ 839 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 840 if (!parent) 841 return 0; 842 843 /* Check for backlog size */ 844 if (sk_acceptq_is_full(parent)) { 845 BT_DBG("backlog full %d", parent->sk_ack_backlog); 846 goto done; 847 } 848 849 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 850 if (!sk) 851 goto done; 852 853 rfcomm_sock_init(sk, parent); 854 bacpy(&bt_sk(sk)->src, &src); 855 bacpy(&bt_sk(sk)->dst, &dst); 856 rfcomm_pi(sk)->channel = channel; 857 858 sk->sk_state = BT_CONFIG; 859 bt_accept_enqueue(parent, sk); 860 861 /* Accept connection and return socket DLC */ 862 *d = rfcomm_pi(sk)->dlc; 863 result = 1; 864 865 done: 866 bh_unlock_sock(parent); 867 return result; 868 } 869 870 /* ---- Proc fs support ---- */ 871 #ifdef CONFIG_PROC_FS 872 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos) 873 { 874 struct sock *sk; 875 struct hlist_node *node; 876 loff_t l = *pos; 877 878 read_lock_bh(&rfcomm_sk_list.lock); 879 880 sk_for_each(sk, node, &rfcomm_sk_list.head) 881 if (!l--) 882 return sk; 883 return NULL; 884 } 885 886 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos) 887 { 888 struct sock *sk = e; 889 (*pos)++; 890 return sk_next(sk); 891 } 892 893 static void rfcomm_seq_stop(struct seq_file *seq, void *e) 894 { 895 read_unlock_bh(&rfcomm_sk_list.lock); 896 } 897 898 static int rfcomm_seq_show(struct seq_file *seq, void *e) 899 { 900 struct sock *sk = e; 901 seq_printf(seq, "%s %s %d %d\n", 902 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 903 sk->sk_state, rfcomm_pi(sk)->channel); 904 return 0; 905 } 906 907 static struct seq_operations rfcomm_seq_ops = { 908 .start = rfcomm_seq_start, 909 .next = rfcomm_seq_next, 910 .stop = rfcomm_seq_stop, 911 .show = rfcomm_seq_show 912 }; 913 914 static int rfcomm_seq_open(struct inode *inode, struct file *file) 915 { 916 return seq_open(file, &rfcomm_seq_ops); 917 } 918 919 static struct file_operations rfcomm_seq_fops = { 920 .owner = THIS_MODULE, 921 .open = rfcomm_seq_open, 922 .read = seq_read, 923 .llseek = seq_lseek, 924 .release = seq_release, 925 }; 926 927 static int __init rfcomm_sock_proc_init(void) 928 { 929 struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm); 930 if (!p) 931 return -ENOMEM; 932 p->proc_fops = &rfcomm_seq_fops; 933 return 0; 934 } 935 936 static void __exit rfcomm_sock_proc_cleanup(void) 937 { 938 remove_proc_entry("sock", proc_bt_rfcomm); 939 } 940 941 #else /* CONFIG_PROC_FS */ 942 943 static int __init rfcomm_sock_proc_init(void) 944 { 945 return 0; 946 } 947 948 static void __exit rfcomm_sock_proc_cleanup(void) 949 { 950 return; 951 } 952 #endif /* CONFIG_PROC_FS */ 953 954 static struct proto_ops rfcomm_sock_ops = { 955 .family = PF_BLUETOOTH, 956 .owner = THIS_MODULE, 957 .release = rfcomm_sock_release, 958 .bind = rfcomm_sock_bind, 959 .connect = rfcomm_sock_connect, 960 .listen = rfcomm_sock_listen, 961 .accept = rfcomm_sock_accept, 962 .getname = rfcomm_sock_getname, 963 .sendmsg = rfcomm_sock_sendmsg, 964 .recvmsg = rfcomm_sock_recvmsg, 965 .shutdown = rfcomm_sock_shutdown, 966 .setsockopt = rfcomm_sock_setsockopt, 967 .getsockopt = rfcomm_sock_getsockopt, 968 .ioctl = rfcomm_sock_ioctl, 969 .poll = bt_sock_poll, 970 .socketpair = sock_no_socketpair, 971 .mmap = sock_no_mmap 972 }; 973 974 static struct net_proto_family rfcomm_sock_family_ops = { 975 .family = PF_BLUETOOTH, 976 .owner = THIS_MODULE, 977 .create = rfcomm_sock_create 978 }; 979 980 int __init rfcomm_init_sockets(void) 981 { 982 int err; 983 984 err = proto_register(&rfcomm_proto, 0); 985 if (err < 0) 986 return err; 987 988 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 989 if (err < 0) 990 goto error; 991 992 rfcomm_sock_proc_init(); 993 994 BT_INFO("RFCOMM socket layer initialized"); 995 996 return 0; 997 998 error: 999 BT_ERR("RFCOMM socket layer registration failed"); 1000 proto_unregister(&rfcomm_proto); 1001 return err; 1002 } 1003 1004 void __exit rfcomm_cleanup_sockets(void) 1005 { 1006 rfcomm_sock_proc_cleanup(); 1007 1008 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1009 BT_ERR("RFCOMM socket layer unregistration failed"); 1010 1011 proto_unregister(&rfcomm_proto); 1012 } 1013