1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 * 27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 33 #include <linux/types.h> 34 #include <linux/errno.h> 35 #include <linux/kernel.h> 36 #include <linux/sched.h> 37 #include <linux/slab.h> 38 #include <linux/poll.h> 39 #include <linux/fcntl.h> 40 #include <linux/init.h> 41 #include <linux/interrupt.h> 42 #include <linux/socket.h> 43 #include <linux/skbuff.h> 44 #include <linux/list.h> 45 #include <linux/proc_fs.h> 46 #include <linux/seq_file.h> 47 #include <net/sock.h> 48 49 #include <asm/system.h> 50 #include <asm/uaccess.h> 51 52 #include <net/bluetooth/bluetooth.h> 53 #include <net/bluetooth/hci_core.h> 54 #include <net/bluetooth/l2cap.h> 55 #include <net/bluetooth/rfcomm.h> 56 57 #ifndef CONFIG_BT_RFCOMM_DEBUG 58 #undef BT_DBG 59 #define BT_DBG(D...) 60 #endif 61 62 static struct proto_ops rfcomm_sock_ops; 63 64 static struct bt_sock_list rfcomm_sk_list = { 65 .lock = RW_LOCK_UNLOCKED 66 }; 67 68 static void rfcomm_sock_close(struct sock *sk); 69 static void rfcomm_sock_kill(struct sock *sk); 70 71 /* ---- DLC callbacks ---- 72 * 73 * called under rfcomm_dlc_lock() 74 */ 75 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 76 { 77 struct sock *sk = d->owner; 78 if (!sk) 79 return; 80 81 atomic_add(skb->len, &sk->sk_rmem_alloc); 82 skb_queue_tail(&sk->sk_receive_queue, skb); 83 sk->sk_data_ready(sk, skb->len); 84 85 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 86 rfcomm_dlc_throttle(d); 87 } 88 89 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 90 { 91 struct sock *sk = d->owner, *parent; 92 if (!sk) 93 return; 94 95 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 96 97 bh_lock_sock(sk); 98 99 if (err) 100 sk->sk_err = err; 101 102 sk->sk_state = d->state; 103 104 parent = bt_sk(sk)->parent; 105 if (parent) { 106 if (d->state == BT_CLOSED) { 107 sock_set_flag(sk, SOCK_ZAPPED); 108 bt_accept_unlink(sk); 109 } 110 parent->sk_data_ready(parent, 0); 111 } else { 112 if (d->state == BT_CONNECTED) 113 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 114 sk->sk_state_change(sk); 115 } 116 117 bh_unlock_sock(sk); 118 119 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 120 /* We have to drop DLC lock here, otherwise 121 * rfcomm_sock_destruct() will dead lock. */ 122 rfcomm_dlc_unlock(d); 123 rfcomm_sock_kill(sk); 124 rfcomm_dlc_lock(d); 125 } 126 } 127 128 /* ---- Socket functions ---- */ 129 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 130 { 131 struct sock *sk = NULL; 132 struct hlist_node *node; 133 134 sk_for_each(sk, node, &rfcomm_sk_list.head) { 135 if (rfcomm_pi(sk)->channel == channel && 136 !bacmp(&bt_sk(sk)->src, src)) 137 break; 138 } 139 140 return node ? sk : NULL; 141 } 142 143 /* Find socket with channel and source bdaddr. 144 * Returns closest match. 145 */ 146 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 147 { 148 struct sock *sk = NULL, *sk1 = NULL; 149 struct hlist_node *node; 150 151 sk_for_each(sk, node, &rfcomm_sk_list.head) { 152 if (state && sk->sk_state != state) 153 continue; 154 155 if (rfcomm_pi(sk)->channel == channel) { 156 /* Exact match. */ 157 if (!bacmp(&bt_sk(sk)->src, src)) 158 break; 159 160 /* Closest match */ 161 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 162 sk1 = sk; 163 } 164 } 165 return node ? sk : sk1; 166 } 167 168 /* Find socket with given address (channel, src). 169 * Returns locked socket */ 170 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 171 { 172 struct sock *s; 173 read_lock(&rfcomm_sk_list.lock); 174 s = __rfcomm_get_sock_by_channel(state, channel, src); 175 if (s) bh_lock_sock(s); 176 read_unlock(&rfcomm_sk_list.lock); 177 return s; 178 } 179 180 static void rfcomm_sock_destruct(struct sock *sk) 181 { 182 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 183 184 BT_DBG("sk %p dlc %p", sk, d); 185 186 skb_queue_purge(&sk->sk_receive_queue); 187 skb_queue_purge(&sk->sk_write_queue); 188 189 rfcomm_dlc_lock(d); 190 rfcomm_pi(sk)->dlc = NULL; 191 192 /* Detach DLC if it's owned by this socket */ 193 if (d->owner == sk) 194 d->owner = NULL; 195 rfcomm_dlc_unlock(d); 196 197 rfcomm_dlc_put(d); 198 } 199 200 static void rfcomm_sock_cleanup_listen(struct sock *parent) 201 { 202 struct sock *sk; 203 204 BT_DBG("parent %p", parent); 205 206 /* Close not yet accepted dlcs */ 207 while ((sk = bt_accept_dequeue(parent, NULL))) { 208 rfcomm_sock_close(sk); 209 rfcomm_sock_kill(sk); 210 } 211 212 parent->sk_state = BT_CLOSED; 213 sock_set_flag(parent, SOCK_ZAPPED); 214 } 215 216 /* Kill socket (only if zapped and orphan) 217 * Must be called on unlocked socket. 218 */ 219 static void rfcomm_sock_kill(struct sock *sk) 220 { 221 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 222 return; 223 224 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 225 226 /* Kill poor orphan */ 227 bt_sock_unlink(&rfcomm_sk_list, sk); 228 sock_set_flag(sk, SOCK_DEAD); 229 sock_put(sk); 230 } 231 232 static void __rfcomm_sock_close(struct sock *sk) 233 { 234 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 235 236 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 237 238 switch (sk->sk_state) { 239 case BT_LISTEN: 240 rfcomm_sock_cleanup_listen(sk); 241 break; 242 243 case BT_CONNECT: 244 case BT_CONNECT2: 245 case BT_CONFIG: 246 case BT_CONNECTED: 247 rfcomm_dlc_close(d, 0); 248 249 default: 250 sock_set_flag(sk, SOCK_ZAPPED); 251 break; 252 } 253 } 254 255 /* Close socket. 256 * Must be called on unlocked socket. 257 */ 258 static void rfcomm_sock_close(struct sock *sk) 259 { 260 lock_sock(sk); 261 __rfcomm_sock_close(sk); 262 release_sock(sk); 263 } 264 265 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 266 { 267 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 268 269 BT_DBG("sk %p", sk); 270 271 if (parent) { 272 sk->sk_type = parent->sk_type; 273 pi->link_mode = rfcomm_pi(parent)->link_mode; 274 } else { 275 pi->link_mode = 0; 276 } 277 278 pi->dlc->link_mode = pi->link_mode; 279 } 280 281 static struct proto rfcomm_proto = { 282 .name = "RFCOMM", 283 .owner = THIS_MODULE, 284 .obj_size = sizeof(struct rfcomm_pinfo) 285 }; 286 287 static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio) 288 { 289 struct rfcomm_dlc *d; 290 struct sock *sk; 291 292 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 293 if (!sk) 294 return NULL; 295 296 sock_init_data(sock, sk); 297 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 298 299 d = rfcomm_dlc_alloc(prio); 300 if (!d) { 301 sk_free(sk); 302 return NULL; 303 } 304 305 d->data_ready = rfcomm_sk_data_ready; 306 d->state_change = rfcomm_sk_state_change; 307 308 rfcomm_pi(sk)->dlc = d; 309 d->owner = sk; 310 311 sk->sk_destruct = rfcomm_sock_destruct; 312 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 313 314 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 315 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 316 317 sock_reset_flag(sk, SOCK_ZAPPED); 318 319 sk->sk_protocol = proto; 320 sk->sk_state = BT_OPEN; 321 322 bt_sock_link(&rfcomm_sk_list, sk); 323 324 BT_DBG("sk %p", sk); 325 return sk; 326 } 327 328 static int rfcomm_sock_create(struct socket *sock, int protocol) 329 { 330 struct sock *sk; 331 332 BT_DBG("sock %p", sock); 333 334 sock->state = SS_UNCONNECTED; 335 336 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 337 return -ESOCKTNOSUPPORT; 338 339 sock->ops = &rfcomm_sock_ops; 340 341 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL))) 342 return -ENOMEM; 343 344 rfcomm_sock_init(sk, NULL); 345 return 0; 346 } 347 348 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 349 { 350 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 351 struct sock *sk = sock->sk; 352 int err = 0; 353 354 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 355 356 if (!addr || addr->sa_family != AF_BLUETOOTH) 357 return -EINVAL; 358 359 lock_sock(sk); 360 361 if (sk->sk_state != BT_OPEN) { 362 err = -EBADFD; 363 goto done; 364 } 365 366 if (sk->sk_type != SOCK_STREAM) { 367 err = -EINVAL; 368 goto done; 369 } 370 371 write_lock_bh(&rfcomm_sk_list.lock); 372 373 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 374 err = -EADDRINUSE; 375 } else { 376 /* Save source address */ 377 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 378 rfcomm_pi(sk)->channel = sa->rc_channel; 379 sk->sk_state = BT_BOUND; 380 } 381 382 write_unlock_bh(&rfcomm_sk_list.lock); 383 384 done: 385 release_sock(sk); 386 return err; 387 } 388 389 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 390 { 391 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 392 struct sock *sk = sock->sk; 393 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 394 int err = 0; 395 396 BT_DBG("sk %p", sk); 397 398 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 399 return -EINVAL; 400 401 lock_sock(sk); 402 403 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 404 err = -EBADFD; 405 goto done; 406 } 407 408 if (sk->sk_type != SOCK_STREAM) { 409 err = -EINVAL; 410 goto done; 411 } 412 413 sk->sk_state = BT_CONNECT; 414 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 415 rfcomm_pi(sk)->channel = sa->rc_channel; 416 417 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 418 if (!err) 419 err = bt_sock_wait_state(sk, BT_CONNECTED, 420 sock_sndtimeo(sk, flags & O_NONBLOCK)); 421 422 done: 423 release_sock(sk); 424 return err; 425 } 426 427 static int rfcomm_sock_listen(struct socket *sock, int backlog) 428 { 429 struct sock *sk = sock->sk; 430 int err = 0; 431 432 BT_DBG("sk %p backlog %d", sk, backlog); 433 434 lock_sock(sk); 435 436 if (sk->sk_state != BT_BOUND) { 437 err = -EBADFD; 438 goto done; 439 } 440 441 if (sk->sk_type != SOCK_STREAM) { 442 err = -EINVAL; 443 goto done; 444 } 445 446 if (!rfcomm_pi(sk)->channel) { 447 bdaddr_t *src = &bt_sk(sk)->src; 448 u8 channel; 449 450 err = -EINVAL; 451 452 write_lock_bh(&rfcomm_sk_list.lock); 453 454 for (channel = 1; channel < 31; channel++) 455 if (!__rfcomm_get_sock_by_addr(channel, src)) { 456 rfcomm_pi(sk)->channel = channel; 457 err = 0; 458 break; 459 } 460 461 write_unlock_bh(&rfcomm_sk_list.lock); 462 463 if (err < 0) 464 goto done; 465 } 466 467 sk->sk_max_ack_backlog = backlog; 468 sk->sk_ack_backlog = 0; 469 sk->sk_state = BT_LISTEN; 470 471 done: 472 release_sock(sk); 473 return err; 474 } 475 476 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 477 { 478 DECLARE_WAITQUEUE(wait, current); 479 struct sock *sk = sock->sk, *nsk; 480 long timeo; 481 int err = 0; 482 483 lock_sock(sk); 484 485 if (sk->sk_state != BT_LISTEN) { 486 err = -EBADFD; 487 goto done; 488 } 489 490 if (sk->sk_type != SOCK_STREAM) { 491 err = -EINVAL; 492 goto done; 493 } 494 495 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 496 497 BT_DBG("sk %p timeo %ld", sk, timeo); 498 499 /* Wait for an incoming connection. (wake-one). */ 500 add_wait_queue_exclusive(sk->sk_sleep, &wait); 501 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 502 set_current_state(TASK_INTERRUPTIBLE); 503 if (!timeo) { 504 err = -EAGAIN; 505 break; 506 } 507 508 release_sock(sk); 509 timeo = schedule_timeout(timeo); 510 lock_sock(sk); 511 512 if (sk->sk_state != BT_LISTEN) { 513 err = -EBADFD; 514 break; 515 } 516 517 if (signal_pending(current)) { 518 err = sock_intr_errno(timeo); 519 break; 520 } 521 } 522 set_current_state(TASK_RUNNING); 523 remove_wait_queue(sk->sk_sleep, &wait); 524 525 if (err) 526 goto done; 527 528 newsock->state = SS_CONNECTED; 529 530 BT_DBG("new socket %p", nsk); 531 532 done: 533 release_sock(sk); 534 return err; 535 } 536 537 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 538 { 539 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 540 struct sock *sk = sock->sk; 541 542 BT_DBG("sock %p, sk %p", sock, sk); 543 544 sa->rc_family = AF_BLUETOOTH; 545 sa->rc_channel = rfcomm_pi(sk)->channel; 546 if (peer) 547 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 548 else 549 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 550 551 *len = sizeof(struct sockaddr_rc); 552 return 0; 553 } 554 555 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 556 struct msghdr *msg, size_t len) 557 { 558 struct sock *sk = sock->sk; 559 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 560 struct sk_buff *skb; 561 int err; 562 int sent = 0; 563 564 if (msg->msg_flags & MSG_OOB) 565 return -EOPNOTSUPP; 566 567 if (sk->sk_shutdown & SEND_SHUTDOWN) 568 return -EPIPE; 569 570 BT_DBG("sock %p, sk %p", sock, sk); 571 572 lock_sock(sk); 573 574 while (len) { 575 size_t size = min_t(size_t, len, d->mtu); 576 577 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 578 msg->msg_flags & MSG_DONTWAIT, &err); 579 if (!skb) 580 break; 581 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 582 583 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 584 if (err) { 585 kfree_skb(skb); 586 sent = err; 587 break; 588 } 589 590 err = rfcomm_dlc_send(d, skb); 591 if (err < 0) { 592 kfree_skb(skb); 593 break; 594 } 595 596 sent += size; 597 len -= size; 598 } 599 600 release_sock(sk); 601 602 return sent ? sent : err; 603 } 604 605 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 606 { 607 DECLARE_WAITQUEUE(wait, current); 608 609 add_wait_queue(sk->sk_sleep, &wait); 610 for (;;) { 611 set_current_state(TASK_INTERRUPTIBLE); 612 613 if (!skb_queue_empty(&sk->sk_receive_queue) || 614 sk->sk_err || 615 (sk->sk_shutdown & RCV_SHUTDOWN) || 616 signal_pending(current) || 617 !timeo) 618 break; 619 620 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 621 release_sock(sk); 622 timeo = schedule_timeout(timeo); 623 lock_sock(sk); 624 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 625 } 626 627 __set_current_state(TASK_RUNNING); 628 remove_wait_queue(sk->sk_sleep, &wait); 629 return timeo; 630 } 631 632 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 633 struct msghdr *msg, size_t size, int flags) 634 { 635 struct sock *sk = sock->sk; 636 int err = 0; 637 size_t target, copied = 0; 638 long timeo; 639 640 if (flags & MSG_OOB) 641 return -EOPNOTSUPP; 642 643 msg->msg_namelen = 0; 644 645 BT_DBG("sk %p size %d", sk, size); 646 647 lock_sock(sk); 648 649 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 650 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 651 652 do { 653 struct sk_buff *skb; 654 int chunk; 655 656 skb = skb_dequeue(&sk->sk_receive_queue); 657 if (!skb) { 658 if (copied >= target) 659 break; 660 661 if ((err = sock_error(sk)) != 0) 662 break; 663 if (sk->sk_shutdown & RCV_SHUTDOWN) 664 break; 665 666 err = -EAGAIN; 667 if (!timeo) 668 break; 669 670 timeo = rfcomm_sock_data_wait(sk, timeo); 671 672 if (signal_pending(current)) { 673 err = sock_intr_errno(timeo); 674 goto out; 675 } 676 continue; 677 } 678 679 chunk = min_t(unsigned int, skb->len, size); 680 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 681 skb_queue_head(&sk->sk_receive_queue, skb); 682 if (!copied) 683 copied = -EFAULT; 684 break; 685 } 686 copied += chunk; 687 size -= chunk; 688 689 if (!(flags & MSG_PEEK)) { 690 atomic_sub(chunk, &sk->sk_rmem_alloc); 691 692 skb_pull(skb, chunk); 693 if (skb->len) { 694 skb_queue_head(&sk->sk_receive_queue, skb); 695 break; 696 } 697 kfree_skb(skb); 698 699 } else { 700 /* put message back and return */ 701 skb_queue_head(&sk->sk_receive_queue, skb); 702 break; 703 } 704 } while (size); 705 706 out: 707 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 708 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 709 710 release_sock(sk); 711 return copied ? : err; 712 } 713 714 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 715 { 716 struct sock *sk = sock->sk; 717 int err = 0; 718 u32 opt; 719 720 BT_DBG("sk %p", sk); 721 722 lock_sock(sk); 723 724 switch (optname) { 725 case RFCOMM_LM: 726 if (get_user(opt, (u32 __user *) optval)) { 727 err = -EFAULT; 728 break; 729 } 730 731 rfcomm_pi(sk)->link_mode = opt; 732 break; 733 734 default: 735 err = -ENOPROTOOPT; 736 break; 737 } 738 739 release_sock(sk); 740 return err; 741 } 742 743 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 744 { 745 struct sock *sk = sock->sk; 746 struct sock *l2cap_sk; 747 struct rfcomm_conninfo cinfo; 748 int len, err = 0; 749 750 BT_DBG("sk %p", sk); 751 752 if (get_user(len, optlen)) 753 return -EFAULT; 754 755 lock_sock(sk); 756 757 switch (optname) { 758 case RFCOMM_LM: 759 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 760 err = -EFAULT; 761 break; 762 763 case RFCOMM_CONNINFO: 764 if (sk->sk_state != BT_CONNECTED) { 765 err = -ENOTCONN; 766 break; 767 } 768 769 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 770 771 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 772 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 773 774 len = min_t(unsigned int, len, sizeof(cinfo)); 775 if (copy_to_user(optval, (char *) &cinfo, len)) 776 err = -EFAULT; 777 778 break; 779 780 default: 781 err = -ENOPROTOOPT; 782 break; 783 } 784 785 release_sock(sk); 786 return err; 787 } 788 789 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 790 { 791 struct sock *sk = sock->sk; 792 int err; 793 794 lock_sock(sk); 795 796 #ifdef CONFIG_BT_RFCOMM_TTY 797 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 798 #else 799 err = -EOPNOTSUPP; 800 #endif 801 802 release_sock(sk); 803 return err; 804 } 805 806 static int rfcomm_sock_shutdown(struct socket *sock, int how) 807 { 808 struct sock *sk = sock->sk; 809 int err = 0; 810 811 BT_DBG("sock %p, sk %p", sock, sk); 812 813 if (!sk) return 0; 814 815 lock_sock(sk); 816 if (!sk->sk_shutdown) { 817 sk->sk_shutdown = SHUTDOWN_MASK; 818 __rfcomm_sock_close(sk); 819 820 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 821 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 822 } 823 release_sock(sk); 824 return err; 825 } 826 827 static int rfcomm_sock_release(struct socket *sock) 828 { 829 struct sock *sk = sock->sk; 830 int err; 831 832 BT_DBG("sock %p, sk %p", sock, sk); 833 834 if (!sk) 835 return 0; 836 837 err = rfcomm_sock_shutdown(sock, 2); 838 839 sock_orphan(sk); 840 rfcomm_sock_kill(sk); 841 return err; 842 } 843 844 /* ---- RFCOMM core layer callbacks ---- 845 * 846 * called under rfcomm_lock() 847 */ 848 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 849 { 850 struct sock *sk, *parent; 851 bdaddr_t src, dst; 852 int result = 0; 853 854 BT_DBG("session %p channel %d", s, channel); 855 856 rfcomm_session_getaddr(s, &src, &dst); 857 858 /* Check if we have socket listening on channel */ 859 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 860 if (!parent) 861 return 0; 862 863 /* Check for backlog size */ 864 if (sk_acceptq_is_full(parent)) { 865 BT_DBG("backlog full %d", parent->sk_ack_backlog); 866 goto done; 867 } 868 869 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 870 if (!sk) 871 goto done; 872 873 rfcomm_sock_init(sk, parent); 874 bacpy(&bt_sk(sk)->src, &src); 875 bacpy(&bt_sk(sk)->dst, &dst); 876 rfcomm_pi(sk)->channel = channel; 877 878 sk->sk_state = BT_CONFIG; 879 bt_accept_enqueue(parent, sk); 880 881 /* Accept connection and return socket DLC */ 882 *d = rfcomm_pi(sk)->dlc; 883 result = 1; 884 885 done: 886 bh_unlock_sock(parent); 887 return result; 888 } 889 890 /* ---- Proc fs support ---- */ 891 #ifdef CONFIG_PROC_FS 892 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos) 893 { 894 struct sock *sk; 895 struct hlist_node *node; 896 loff_t l = *pos; 897 898 read_lock_bh(&rfcomm_sk_list.lock); 899 900 sk_for_each(sk, node, &rfcomm_sk_list.head) 901 if (!l--) 902 return sk; 903 return NULL; 904 } 905 906 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos) 907 { 908 struct sock *sk = e; 909 (*pos)++; 910 return sk_next(sk); 911 } 912 913 static void rfcomm_seq_stop(struct seq_file *seq, void *e) 914 { 915 read_unlock_bh(&rfcomm_sk_list.lock); 916 } 917 918 static int rfcomm_seq_show(struct seq_file *seq, void *e) 919 { 920 struct sock *sk = e; 921 seq_printf(seq, "%s %s %d %d\n", 922 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 923 sk->sk_state, rfcomm_pi(sk)->channel); 924 return 0; 925 } 926 927 static struct seq_operations rfcomm_seq_ops = { 928 .start = rfcomm_seq_start, 929 .next = rfcomm_seq_next, 930 .stop = rfcomm_seq_stop, 931 .show = rfcomm_seq_show 932 }; 933 934 static int rfcomm_seq_open(struct inode *inode, struct file *file) 935 { 936 return seq_open(file, &rfcomm_seq_ops); 937 } 938 939 static struct file_operations rfcomm_seq_fops = { 940 .owner = THIS_MODULE, 941 .open = rfcomm_seq_open, 942 .read = seq_read, 943 .llseek = seq_lseek, 944 .release = seq_release, 945 }; 946 947 static int __init rfcomm_sock_proc_init(void) 948 { 949 struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm); 950 if (!p) 951 return -ENOMEM; 952 p->proc_fops = &rfcomm_seq_fops; 953 return 0; 954 } 955 956 static void __exit rfcomm_sock_proc_cleanup(void) 957 { 958 remove_proc_entry("sock", proc_bt_rfcomm); 959 } 960 961 #else /* CONFIG_PROC_FS */ 962 963 static int __init rfcomm_sock_proc_init(void) 964 { 965 return 0; 966 } 967 968 static void __exit rfcomm_sock_proc_cleanup(void) 969 { 970 return; 971 } 972 #endif /* CONFIG_PROC_FS */ 973 974 static struct proto_ops rfcomm_sock_ops = { 975 .family = PF_BLUETOOTH, 976 .owner = THIS_MODULE, 977 .release = rfcomm_sock_release, 978 .bind = rfcomm_sock_bind, 979 .connect = rfcomm_sock_connect, 980 .listen = rfcomm_sock_listen, 981 .accept = rfcomm_sock_accept, 982 .getname = rfcomm_sock_getname, 983 .sendmsg = rfcomm_sock_sendmsg, 984 .recvmsg = rfcomm_sock_recvmsg, 985 .shutdown = rfcomm_sock_shutdown, 986 .setsockopt = rfcomm_sock_setsockopt, 987 .getsockopt = rfcomm_sock_getsockopt, 988 .ioctl = rfcomm_sock_ioctl, 989 .poll = bt_sock_poll, 990 .socketpair = sock_no_socketpair, 991 .mmap = sock_no_mmap 992 }; 993 994 static struct net_proto_family rfcomm_sock_family_ops = { 995 .family = PF_BLUETOOTH, 996 .owner = THIS_MODULE, 997 .create = rfcomm_sock_create 998 }; 999 1000 int __init rfcomm_init_sockets(void) 1001 { 1002 int err; 1003 1004 err = proto_register(&rfcomm_proto, 0); 1005 if (err < 0) 1006 return err; 1007 1008 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 1009 if (err < 0) 1010 goto error; 1011 1012 rfcomm_sock_proc_init(); 1013 1014 BT_INFO("RFCOMM socket layer initialized"); 1015 1016 return 0; 1017 1018 error: 1019 BT_ERR("RFCOMM socket layer registration failed"); 1020 proto_unregister(&rfcomm_proto); 1021 return err; 1022 } 1023 1024 void __exit rfcomm_cleanup_sockets(void) 1025 { 1026 rfcomm_sock_proc_cleanup(); 1027 1028 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1029 BT_ERR("RFCOMM socket layer unregistration failed"); 1030 1031 proto_unregister(&rfcomm_proto); 1032 } 1033