1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM sockets. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/types.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/slab.h> 35 #include <linux/poll.h> 36 #include <linux/fcntl.h> 37 #include <linux/init.h> 38 #include <linux/interrupt.h> 39 #include <linux/socket.h> 40 #include <linux/skbuff.h> 41 #include <linux/list.h> 42 #include <linux/device.h> 43 #include <net/sock.h> 44 45 #include <asm/system.h> 46 #include <asm/uaccess.h> 47 48 #include <net/bluetooth/bluetooth.h> 49 #include <net/bluetooth/hci_core.h> 50 #include <net/bluetooth/l2cap.h> 51 #include <net/bluetooth/rfcomm.h> 52 53 static const struct proto_ops rfcomm_sock_ops; 54 55 static struct bt_sock_list rfcomm_sk_list = { 56 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) 57 }; 58 59 static void rfcomm_sock_close(struct sock *sk); 60 static void rfcomm_sock_kill(struct sock *sk); 61 62 /* ---- DLC callbacks ---- 63 * 64 * called under rfcomm_dlc_lock() 65 */ 66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) 67 { 68 struct sock *sk = d->owner; 69 if (!sk) 70 return; 71 72 atomic_add(skb->len, &sk->sk_rmem_alloc); 73 skb_queue_tail(&sk->sk_receive_queue, skb); 74 sk->sk_data_ready(sk, skb->len); 75 76 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 77 rfcomm_dlc_throttle(d); 78 } 79 80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) 81 { 82 struct sock *sk = d->owner, *parent; 83 if (!sk) 84 return; 85 86 BT_DBG("dlc %p state %ld err %d", d, d->state, err); 87 88 bh_lock_sock(sk); 89 90 if (err) 91 sk->sk_err = err; 92 93 sk->sk_state = d->state; 94 95 parent = bt_sk(sk)->parent; 96 if (parent) { 97 if (d->state == BT_CLOSED) { 98 sock_set_flag(sk, SOCK_ZAPPED); 99 bt_accept_unlink(sk); 100 } 101 parent->sk_data_ready(parent, 0); 102 } else { 103 if (d->state == BT_CONNECTED) 104 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 105 sk->sk_state_change(sk); 106 } 107 108 bh_unlock_sock(sk); 109 110 if (parent && sock_flag(sk, SOCK_ZAPPED)) { 111 /* We have to drop DLC lock here, otherwise 112 * rfcomm_sock_destruct() will dead lock. */ 113 rfcomm_dlc_unlock(d); 114 rfcomm_sock_kill(sk); 115 rfcomm_dlc_lock(d); 116 } 117 } 118 119 /* ---- Socket functions ---- */ 120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) 121 { 122 struct sock *sk = NULL; 123 struct hlist_node *node; 124 125 sk_for_each(sk, node, &rfcomm_sk_list.head) { 126 if (rfcomm_pi(sk)->channel == channel && 127 !bacmp(&bt_sk(sk)->src, src)) 128 break; 129 } 130 131 return node ? sk : NULL; 132 } 133 134 /* Find socket with channel and source bdaddr. 135 * Returns closest match. 136 */ 137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 138 { 139 struct sock *sk = NULL, *sk1 = NULL; 140 struct hlist_node *node; 141 142 sk_for_each(sk, node, &rfcomm_sk_list.head) { 143 if (state && sk->sk_state != state) 144 continue; 145 146 if (rfcomm_pi(sk)->channel == channel) { 147 /* Exact match. */ 148 if (!bacmp(&bt_sk(sk)->src, src)) 149 break; 150 151 /* Closest match */ 152 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 153 sk1 = sk; 154 } 155 } 156 return node ? sk : sk1; 157 } 158 159 /* Find socket with given address (channel, src). 160 * Returns locked socket */ 161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 162 { 163 struct sock *s; 164 read_lock(&rfcomm_sk_list.lock); 165 s = __rfcomm_get_sock_by_channel(state, channel, src); 166 if (s) bh_lock_sock(s); 167 read_unlock(&rfcomm_sk_list.lock); 168 return s; 169 } 170 171 static void rfcomm_sock_destruct(struct sock *sk) 172 { 173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 174 175 BT_DBG("sk %p dlc %p", sk, d); 176 177 skb_queue_purge(&sk->sk_receive_queue); 178 skb_queue_purge(&sk->sk_write_queue); 179 180 rfcomm_dlc_lock(d); 181 rfcomm_pi(sk)->dlc = NULL; 182 183 /* Detach DLC if it's owned by this socket */ 184 if (d->owner == sk) 185 d->owner = NULL; 186 rfcomm_dlc_unlock(d); 187 188 rfcomm_dlc_put(d); 189 } 190 191 static void rfcomm_sock_cleanup_listen(struct sock *parent) 192 { 193 struct sock *sk; 194 195 BT_DBG("parent %p", parent); 196 197 /* Close not yet accepted dlcs */ 198 while ((sk = bt_accept_dequeue(parent, NULL))) { 199 rfcomm_sock_close(sk); 200 rfcomm_sock_kill(sk); 201 } 202 203 parent->sk_state = BT_CLOSED; 204 sock_set_flag(parent, SOCK_ZAPPED); 205 } 206 207 /* Kill socket (only if zapped and orphan) 208 * Must be called on unlocked socket. 209 */ 210 static void rfcomm_sock_kill(struct sock *sk) 211 { 212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 213 return; 214 215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); 216 217 /* Kill poor orphan */ 218 bt_sock_unlink(&rfcomm_sk_list, sk); 219 sock_set_flag(sk, SOCK_DEAD); 220 sock_put(sk); 221 } 222 223 static void __rfcomm_sock_close(struct sock *sk) 224 { 225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 226 227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); 228 229 switch (sk->sk_state) { 230 case BT_LISTEN: 231 rfcomm_sock_cleanup_listen(sk); 232 break; 233 234 case BT_CONNECT: 235 case BT_CONNECT2: 236 case BT_CONFIG: 237 case BT_CONNECTED: 238 rfcomm_dlc_close(d, 0); 239 240 default: 241 sock_set_flag(sk, SOCK_ZAPPED); 242 break; 243 } 244 } 245 246 /* Close socket. 247 * Must be called on unlocked socket. 248 */ 249 static void rfcomm_sock_close(struct sock *sk) 250 { 251 lock_sock(sk); 252 __rfcomm_sock_close(sk); 253 release_sock(sk); 254 } 255 256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent) 257 { 258 struct rfcomm_pinfo *pi = rfcomm_pi(sk); 259 260 BT_DBG("sk %p", sk); 261 262 if (parent) { 263 sk->sk_type = parent->sk_type; 264 pi->link_mode = rfcomm_pi(parent)->link_mode; 265 } else { 266 pi->link_mode = 0; 267 } 268 269 pi->dlc->link_mode = pi->link_mode; 270 } 271 272 static struct proto rfcomm_proto = { 273 .name = "RFCOMM", 274 .owner = THIS_MODULE, 275 .obj_size = sizeof(struct rfcomm_pinfo) 276 }; 277 278 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 279 { 280 struct rfcomm_dlc *d; 281 struct sock *sk; 282 283 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); 284 if (!sk) 285 return NULL; 286 287 sock_init_data(sock, sk); 288 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 289 290 d = rfcomm_dlc_alloc(prio); 291 if (!d) { 292 sk_free(sk); 293 return NULL; 294 } 295 296 d->data_ready = rfcomm_sk_data_ready; 297 d->state_change = rfcomm_sk_state_change; 298 299 rfcomm_pi(sk)->dlc = d; 300 d->owner = sk; 301 302 sk->sk_destruct = rfcomm_sock_destruct; 303 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 304 305 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 306 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 307 308 sock_reset_flag(sk, SOCK_ZAPPED); 309 310 sk->sk_protocol = proto; 311 sk->sk_state = BT_OPEN; 312 313 bt_sock_link(&rfcomm_sk_list, sk); 314 315 BT_DBG("sk %p", sk); 316 return sk; 317 } 318 319 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) 320 { 321 struct sock *sk; 322 323 BT_DBG("sock %p", sock); 324 325 sock->state = SS_UNCONNECTED; 326 327 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) 328 return -ESOCKTNOSUPPORT; 329 330 sock->ops = &rfcomm_sock_ops; 331 332 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 333 if (!sk) 334 return -ENOMEM; 335 336 rfcomm_sock_init(sk, NULL); 337 return 0; 338 } 339 340 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 341 { 342 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 343 struct sock *sk = sock->sk; 344 int err = 0; 345 346 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 347 348 if (!addr || addr->sa_family != AF_BLUETOOTH) 349 return -EINVAL; 350 351 lock_sock(sk); 352 353 if (sk->sk_state != BT_OPEN) { 354 err = -EBADFD; 355 goto done; 356 } 357 358 if (sk->sk_type != SOCK_STREAM) { 359 err = -EINVAL; 360 goto done; 361 } 362 363 write_lock_bh(&rfcomm_sk_list.lock); 364 365 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 366 err = -EADDRINUSE; 367 } else { 368 /* Save source address */ 369 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 370 rfcomm_pi(sk)->channel = sa->rc_channel; 371 sk->sk_state = BT_BOUND; 372 } 373 374 write_unlock_bh(&rfcomm_sk_list.lock); 375 376 done: 377 release_sock(sk); 378 return err; 379 } 380 381 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 382 { 383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 384 struct sock *sk = sock->sk; 385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 386 int err = 0; 387 388 BT_DBG("sk %p", sk); 389 390 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 391 return -EINVAL; 392 393 lock_sock(sk); 394 395 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { 396 err = -EBADFD; 397 goto done; 398 } 399 400 if (sk->sk_type != SOCK_STREAM) { 401 err = -EINVAL; 402 goto done; 403 } 404 405 sk->sk_state = BT_CONNECT; 406 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 407 rfcomm_pi(sk)->channel = sa->rc_channel; 408 409 d->link_mode = rfcomm_pi(sk)->link_mode; 410 411 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 412 if (!err) 413 err = bt_sock_wait_state(sk, BT_CONNECTED, 414 sock_sndtimeo(sk, flags & O_NONBLOCK)); 415 416 done: 417 release_sock(sk); 418 return err; 419 } 420 421 static int rfcomm_sock_listen(struct socket *sock, int backlog) 422 { 423 struct sock *sk = sock->sk; 424 int err = 0; 425 426 BT_DBG("sk %p backlog %d", sk, backlog); 427 428 lock_sock(sk); 429 430 if (sk->sk_state != BT_BOUND) { 431 err = -EBADFD; 432 goto done; 433 } 434 435 if (sk->sk_type != SOCK_STREAM) { 436 err = -EINVAL; 437 goto done; 438 } 439 440 if (!rfcomm_pi(sk)->channel) { 441 bdaddr_t *src = &bt_sk(sk)->src; 442 u8 channel; 443 444 err = -EINVAL; 445 446 write_lock_bh(&rfcomm_sk_list.lock); 447 448 for (channel = 1; channel < 31; channel++) 449 if (!__rfcomm_get_sock_by_addr(channel, src)) { 450 rfcomm_pi(sk)->channel = channel; 451 err = 0; 452 break; 453 } 454 455 write_unlock_bh(&rfcomm_sk_list.lock); 456 457 if (err < 0) 458 goto done; 459 } 460 461 sk->sk_max_ack_backlog = backlog; 462 sk->sk_ack_backlog = 0; 463 sk->sk_state = BT_LISTEN; 464 465 done: 466 release_sock(sk); 467 return err; 468 } 469 470 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) 471 { 472 DECLARE_WAITQUEUE(wait, current); 473 struct sock *sk = sock->sk, *nsk; 474 long timeo; 475 int err = 0; 476 477 lock_sock(sk); 478 479 if (sk->sk_state != BT_LISTEN) { 480 err = -EBADFD; 481 goto done; 482 } 483 484 if (sk->sk_type != SOCK_STREAM) { 485 err = -EINVAL; 486 goto done; 487 } 488 489 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 490 491 BT_DBG("sk %p timeo %ld", sk, timeo); 492 493 /* Wait for an incoming connection. (wake-one). */ 494 add_wait_queue_exclusive(sk->sk_sleep, &wait); 495 while (!(nsk = bt_accept_dequeue(sk, newsock))) { 496 set_current_state(TASK_INTERRUPTIBLE); 497 if (!timeo) { 498 err = -EAGAIN; 499 break; 500 } 501 502 release_sock(sk); 503 timeo = schedule_timeout(timeo); 504 lock_sock(sk); 505 506 if (sk->sk_state != BT_LISTEN) { 507 err = -EBADFD; 508 break; 509 } 510 511 if (signal_pending(current)) { 512 err = sock_intr_errno(timeo); 513 break; 514 } 515 } 516 set_current_state(TASK_RUNNING); 517 remove_wait_queue(sk->sk_sleep, &wait); 518 519 if (err) 520 goto done; 521 522 newsock->state = SS_CONNECTED; 523 524 BT_DBG("new socket %p", nsk); 525 526 done: 527 release_sock(sk); 528 return err; 529 } 530 531 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 532 { 533 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; 534 struct sock *sk = sock->sk; 535 536 BT_DBG("sock %p, sk %p", sock, sk); 537 538 sa->rc_family = AF_BLUETOOTH; 539 sa->rc_channel = rfcomm_pi(sk)->channel; 540 if (peer) 541 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 542 else 543 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 544 545 *len = sizeof(struct sockaddr_rc); 546 return 0; 547 } 548 549 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, 550 struct msghdr *msg, size_t len) 551 { 552 struct sock *sk = sock->sk; 553 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 554 struct sk_buff *skb; 555 int sent = 0; 556 557 if (msg->msg_flags & MSG_OOB) 558 return -EOPNOTSUPP; 559 560 if (sk->sk_shutdown & SEND_SHUTDOWN) 561 return -EPIPE; 562 563 BT_DBG("sock %p, sk %p", sock, sk); 564 565 lock_sock(sk); 566 567 while (len) { 568 size_t size = min_t(size_t, len, d->mtu); 569 int err; 570 571 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 572 msg->msg_flags & MSG_DONTWAIT, &err); 573 if (!skb) 574 break; 575 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 576 577 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 578 if (err) { 579 kfree_skb(skb); 580 if (sent == 0) 581 sent = err; 582 break; 583 } 584 585 err = rfcomm_dlc_send(d, skb); 586 if (err < 0) { 587 kfree_skb(skb); 588 if (sent == 0) 589 sent = err; 590 break; 591 } 592 593 sent += size; 594 len -= size; 595 } 596 597 release_sock(sk); 598 599 return sent; 600 } 601 602 static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 603 { 604 DECLARE_WAITQUEUE(wait, current); 605 606 add_wait_queue(sk->sk_sleep, &wait); 607 for (;;) { 608 set_current_state(TASK_INTERRUPTIBLE); 609 610 if (!skb_queue_empty(&sk->sk_receive_queue) || 611 sk->sk_err || 612 (sk->sk_shutdown & RCV_SHUTDOWN) || 613 signal_pending(current) || 614 !timeo) 615 break; 616 617 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 618 release_sock(sk); 619 timeo = schedule_timeout(timeo); 620 lock_sock(sk); 621 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); 622 } 623 624 __set_current_state(TASK_RUNNING); 625 remove_wait_queue(sk->sk_sleep, &wait); 626 return timeo; 627 } 628 629 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 630 struct msghdr *msg, size_t size, int flags) 631 { 632 struct sock *sk = sock->sk; 633 int err = 0; 634 size_t target, copied = 0; 635 long timeo; 636 637 if (flags & MSG_OOB) 638 return -EOPNOTSUPP; 639 640 msg->msg_namelen = 0; 641 642 BT_DBG("sk %p size %zu", sk, size); 643 644 lock_sock(sk); 645 646 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 647 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 648 649 do { 650 struct sk_buff *skb; 651 int chunk; 652 653 skb = skb_dequeue(&sk->sk_receive_queue); 654 if (!skb) { 655 if (copied >= target) 656 break; 657 658 if ((err = sock_error(sk)) != 0) 659 break; 660 if (sk->sk_shutdown & RCV_SHUTDOWN) 661 break; 662 663 err = -EAGAIN; 664 if (!timeo) 665 break; 666 667 timeo = rfcomm_sock_data_wait(sk, timeo); 668 669 if (signal_pending(current)) { 670 err = sock_intr_errno(timeo); 671 goto out; 672 } 673 continue; 674 } 675 676 chunk = min_t(unsigned int, skb->len, size); 677 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { 678 skb_queue_head(&sk->sk_receive_queue, skb); 679 if (!copied) 680 copied = -EFAULT; 681 break; 682 } 683 copied += chunk; 684 size -= chunk; 685 686 sock_recv_timestamp(msg, sk, skb); 687 688 if (!(flags & MSG_PEEK)) { 689 atomic_sub(chunk, &sk->sk_rmem_alloc); 690 691 skb_pull(skb, chunk); 692 if (skb->len) { 693 skb_queue_head(&sk->sk_receive_queue, skb); 694 break; 695 } 696 kfree_skb(skb); 697 698 } else { 699 /* put message back and return */ 700 skb_queue_head(&sk->sk_receive_queue, skb); 701 break; 702 } 703 } while (size); 704 705 out: 706 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 707 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 708 709 release_sock(sk); 710 return copied ? : err; 711 } 712 713 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 714 { 715 struct sock *sk = sock->sk; 716 int err = 0; 717 u32 opt; 718 719 BT_DBG("sk %p", sk); 720 721 lock_sock(sk); 722 723 switch (optname) { 724 case RFCOMM_LM: 725 if (get_user(opt, (u32 __user *) optval)) { 726 err = -EFAULT; 727 break; 728 } 729 730 rfcomm_pi(sk)->link_mode = opt; 731 break; 732 733 default: 734 err = -ENOPROTOOPT; 735 break; 736 } 737 738 release_sock(sk); 739 return err; 740 } 741 742 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 743 { 744 struct sock *sk = sock->sk; 745 struct sock *l2cap_sk; 746 struct rfcomm_conninfo cinfo; 747 int len, err = 0; 748 749 BT_DBG("sk %p", sk); 750 751 if (get_user(len, optlen)) 752 return -EFAULT; 753 754 lock_sock(sk); 755 756 switch (optname) { 757 case RFCOMM_LM: 758 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) 759 err = -EFAULT; 760 break; 761 762 case RFCOMM_CONNINFO: 763 if (sk->sk_state != BT_CONNECTED) { 764 err = -ENOTCONN; 765 break; 766 } 767 768 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 769 770 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 771 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 772 773 len = min_t(unsigned int, len, sizeof(cinfo)); 774 if (copy_to_user(optval, (char *) &cinfo, len)) 775 err = -EFAULT; 776 777 break; 778 779 default: 780 err = -ENOPROTOOPT; 781 break; 782 } 783 784 release_sock(sk); 785 return err; 786 } 787 788 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 789 { 790 struct sock *sk __maybe_unused = sock->sk; 791 int err; 792 793 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); 794 795 err = bt_sock_ioctl(sock, cmd, arg); 796 797 if (err == -ENOIOCTLCMD) { 798 #ifdef CONFIG_BT_RFCOMM_TTY 799 lock_sock(sk); 800 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); 801 release_sock(sk); 802 #else 803 err = -EOPNOTSUPP; 804 #endif 805 } 806 807 return err; 808 } 809 810 static int rfcomm_sock_shutdown(struct socket *sock, int how) 811 { 812 struct sock *sk = sock->sk; 813 int err = 0; 814 815 BT_DBG("sock %p, sk %p", sock, sk); 816 817 if (!sk) return 0; 818 819 lock_sock(sk); 820 if (!sk->sk_shutdown) { 821 sk->sk_shutdown = SHUTDOWN_MASK; 822 __rfcomm_sock_close(sk); 823 824 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 825 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 826 } 827 release_sock(sk); 828 return err; 829 } 830 831 static int rfcomm_sock_release(struct socket *sock) 832 { 833 struct sock *sk = sock->sk; 834 int err; 835 836 BT_DBG("sock %p, sk %p", sock, sk); 837 838 if (!sk) 839 return 0; 840 841 err = rfcomm_sock_shutdown(sock, 2); 842 843 sock_orphan(sk); 844 rfcomm_sock_kill(sk); 845 return err; 846 } 847 848 /* ---- RFCOMM core layer callbacks ---- 849 * 850 * called under rfcomm_lock() 851 */ 852 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) 853 { 854 struct sock *sk, *parent; 855 bdaddr_t src, dst; 856 int result = 0; 857 858 BT_DBG("session %p channel %d", s, channel); 859 860 rfcomm_session_getaddr(s, &src, &dst); 861 862 /* Check if we have socket listening on channel */ 863 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); 864 if (!parent) 865 return 0; 866 867 /* Check for backlog size */ 868 if (sk_acceptq_is_full(parent)) { 869 BT_DBG("backlog full %d", parent->sk_ack_backlog); 870 goto done; 871 } 872 873 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 874 if (!sk) 875 goto done; 876 877 rfcomm_sock_init(sk, parent); 878 bacpy(&bt_sk(sk)->src, &src); 879 bacpy(&bt_sk(sk)->dst, &dst); 880 rfcomm_pi(sk)->channel = channel; 881 882 sk->sk_state = BT_CONFIG; 883 bt_accept_enqueue(parent, sk); 884 885 /* Accept connection and return socket DLC */ 886 *d = rfcomm_pi(sk)->dlc; 887 result = 1; 888 889 done: 890 bh_unlock_sock(parent); 891 return result; 892 } 893 894 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 895 { 896 struct sock *sk; 897 struct hlist_node *node; 898 char *str = buf; 899 900 read_lock_bh(&rfcomm_sk_list.lock); 901 902 sk_for_each(sk, node, &rfcomm_sk_list.head) { 903 str += sprintf(str, "%s %s %d %d\n", 904 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 905 sk->sk_state, rfcomm_pi(sk)->channel); 906 } 907 908 read_unlock_bh(&rfcomm_sk_list.lock); 909 910 return (str - buf); 911 } 912 913 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 914 915 static const struct proto_ops rfcomm_sock_ops = { 916 .family = PF_BLUETOOTH, 917 .owner = THIS_MODULE, 918 .release = rfcomm_sock_release, 919 .bind = rfcomm_sock_bind, 920 .connect = rfcomm_sock_connect, 921 .listen = rfcomm_sock_listen, 922 .accept = rfcomm_sock_accept, 923 .getname = rfcomm_sock_getname, 924 .sendmsg = rfcomm_sock_sendmsg, 925 .recvmsg = rfcomm_sock_recvmsg, 926 .shutdown = rfcomm_sock_shutdown, 927 .setsockopt = rfcomm_sock_setsockopt, 928 .getsockopt = rfcomm_sock_getsockopt, 929 .ioctl = rfcomm_sock_ioctl, 930 .poll = bt_sock_poll, 931 .socketpair = sock_no_socketpair, 932 .mmap = sock_no_mmap 933 }; 934 935 static struct net_proto_family rfcomm_sock_family_ops = { 936 .family = PF_BLUETOOTH, 937 .owner = THIS_MODULE, 938 .create = rfcomm_sock_create 939 }; 940 941 int __init rfcomm_init_sockets(void) 942 { 943 int err; 944 945 err = proto_register(&rfcomm_proto, 0); 946 if (err < 0) 947 return err; 948 949 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); 950 if (err < 0) 951 goto error; 952 953 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 954 BT_ERR("Failed to create RFCOMM info file"); 955 956 BT_INFO("RFCOMM socket layer initialized"); 957 958 return 0; 959 960 error: 961 BT_ERR("RFCOMM socket layer registration failed"); 962 proto_unregister(&rfcomm_proto); 963 return err; 964 } 965 966 void __exit rfcomm_cleanup_sockets(void) 967 { 968 class_remove_file(bt_class, &class_attr_rfcomm); 969 970 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 971 BT_ERR("RFCOMM socket layer unregistration failed"); 972 973 proto_unregister(&rfcomm_proto); 974 } 975