projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Replace L2CAP link mode with security level
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
1da177e4
LT		 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
be9d1227 42#include <linux/device.h>
1da177e4
LT		 43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47
48#include <net/bluetooth/bluetooth.h>
49#include <net/bluetooth/hci_core.h>
50#include <net/bluetooth/l2cap.h>
51#include <net/bluetooth/rfcomm.h>
52
90ddc4f0 53static const struct proto_ops rfcomm_sock_ops;
1da177e4
LT		 54
55static struct bt_sock_list rfcomm_sk_list = {
d5fb2962 56 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
1da177e4
LT		 57};
58
59static void rfcomm_sock_close(struct sock *sk);
60static void rfcomm_sock_kill(struct sock *sk);
61
62/* ---- DLC callbacks ----
63 *
64 * called under rfcomm_dlc_lock()
65 */
66static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
67{
68 struct sock *sk = d->owner;
69 if (!sk)
70 return;
71
72 atomic_add(skb->len, &sk->sk_rmem_alloc);
73 skb_queue_tail(&sk->sk_receive_queue, skb);
74 sk->sk_data_ready(sk, skb->len);
75
76 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
77 rfcomm_dlc_throttle(d);
78}
79
80static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
81{
82 struct sock *sk = d->owner, *parent;
83 if (!sk)
84 return;
85
86 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
87
88 bh_lock_sock(sk);
89
90 if (err)
91 sk->sk_err = err;
92
93 sk->sk_state = d->state;
94
95 parent = bt_sk(sk)->parent;
96 if (parent) {
97 if (d->state == BT_CLOSED) {
98 sock_set_flag(sk, SOCK_ZAPPED);
99 bt_accept_unlink(sk);
100 }
101 parent->sk_data_ready(parent, 0);
102 } else {
103 if (d->state == BT_CONNECTED)
104 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
105 sk->sk_state_change(sk);
106 }
107
108 bh_unlock_sock(sk);
109
110 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
111 /* We have to drop DLC lock here, otherwise
112 * rfcomm_sock_destruct() will dead lock. */
113 rfcomm_dlc_unlock(d);
114 rfcomm_sock_kill(sk);
115 rfcomm_dlc_lock(d);
116 }
117}
118
119/* ---- Socket functions ---- */
120static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
121{
122 struct sock *sk = NULL;
123 struct hlist_node *node;
124
125 sk_for_each(sk, node, &rfcomm_sk_list.head) {
8e87d142 126 if (rfcomm_pi(sk)->channel == channel &&
1da177e4
LT		 127 !bacmp(&bt_sk(sk)->src, src))
128 break;
129 }
130
131 return node ? sk : NULL;
132}
133
134/* Find socket with channel and source bdaddr.
135 * Returns closest match.
136 */
137static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
138{
139 struct sock *sk = NULL, *sk1 = NULL;
140 struct hlist_node *node;
141
142 sk_for_each(sk, node, &rfcomm_sk_list.head) {
143 if (state && sk->sk_state != state)
144 continue;
145
146 if (rfcomm_pi(sk)->channel == channel) {
147 /* Exact match. */
148 if (!bacmp(&bt_sk(sk)->src, src))
149 break;
150
151 /* Closest match */
152 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
153 sk1 = sk;
154 }
155 }
156 return node ? sk : sk1;
157}
158
159/* Find socket with given address (channel, src).
160 * Returns locked socket */
161static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
162{
163 struct sock *s;
164 read_lock(&rfcomm_sk_list.lock);
165 s = __rfcomm_get_sock_by_channel(state, channel, src);
166 if (s) bh_lock_sock(s);
167 read_unlock(&rfcomm_sk_list.lock);
168 return s;
169}
170
171static void rfcomm_sock_destruct(struct sock *sk)
172{
173 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175 BT_DBG("sk %p dlc %p", sk, d);
176
177 skb_queue_purge(&sk->sk_receive_queue);
178 skb_queue_purge(&sk->sk_write_queue);
179
180 rfcomm_dlc_lock(d);
181 rfcomm_pi(sk)->dlc = NULL;
182
183 /* Detach DLC if it's owned by this socket */
184 if (d->owner == sk)
185 d->owner = NULL;
186 rfcomm_dlc_unlock(d);
187
188 rfcomm_dlc_put(d);
189}
190
191static void rfcomm_sock_cleanup_listen(struct sock *parent)
192{
193 struct sock *sk;
194
195 BT_DBG("parent %p", parent);
196
197 /* Close not yet accepted dlcs */
198 while ((sk = bt_accept_dequeue(parent, NULL))) {
199 rfcomm_sock_close(sk);
200 rfcomm_sock_kill(sk);
201 }
202
203 parent->sk_state = BT_CLOSED;
204 sock_set_flag(parent, SOCK_ZAPPED);
205}
206
207/* Kill socket (only if zapped and orphan)
208 * Must be called on unlocked socket.
209 */
210static void rfcomm_sock_kill(struct sock *sk)
211{
212 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213 return;
214
215 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217 /* Kill poor orphan */
218 bt_sock_unlink(&rfcomm_sk_list, sk);
219 sock_set_flag(sk, SOCK_DEAD);
220 sock_put(sk);
221}
222
223static void __rfcomm_sock_close(struct sock *sk)
224{
225 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229 switch (sk->sk_state) {
230 case BT_LISTEN:
231 rfcomm_sock_cleanup_listen(sk);
232 break;
233
234 case BT_CONNECT:
235 case BT_CONNECT2:
236 case BT_CONFIG:
237 case BT_CONNECTED:
238 rfcomm_dlc_close(d, 0);
239
240 default:
241 sock_set_flag(sk, SOCK_ZAPPED);
242 break;
243 }
244}
245
246/* Close socket.
247 * Must be called on unlocked socket.
248 */
249static void rfcomm_sock_close(struct sock *sk)
250{
251 lock_sock(sk);
252 __rfcomm_sock_close(sk);
253 release_sock(sk);
254}
255
256static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257{
258 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260 BT_DBG("sk %p", sk);
261
262 if (parent) {
263 sk->sk_type = parent->sk_type;
264 pi->link_mode = rfcomm_pi(parent)->link_mode;
bb23c0ab 265 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
1da177e4
LT		 266 } else {
267 pi->link_mode = 0;
bb23c0ab 268 pi->dlc->defer_setup = 0;
1da177e4
LT		 269 }
270
271 pi->dlc->link_mode = pi->link_mode;
272}
273
274static struct proto rfcomm_proto = {
275 .name = "RFCOMM",
276 .owner = THIS_MODULE,
277 .obj_size = sizeof(struct rfcomm_pinfo)
278};
279
1b8d7ae4 280static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
1da177e4
LT		 281{
282 struct rfcomm_dlc *d;
283 struct sock *sk;
284
6257ff21 285 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
1da177e4
LT		 286 if (!sk)
287 return NULL;
288
289 sock_init_data(sock, sk);
290 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
291
292 d = rfcomm_dlc_alloc(prio);
293 if (!d) {
294 sk_free(sk);
295 return NULL;
296 }
297
298 d->data_ready = rfcomm_sk_data_ready;
299 d->state_change = rfcomm_sk_state_change;
300
301 rfcomm_pi(sk)->dlc = d;
302 d->owner = sk;
303
304 sk->sk_destruct = rfcomm_sock_destruct;
305 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
306
77db1980
MH		 307 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
308 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
1da177e4
LT		 309
310 sock_reset_flag(sk, SOCK_ZAPPED);
311
312 sk->sk_protocol = proto;
77db1980 313 sk->sk_state = BT_OPEN;
1da177e4
LT		 314
315 bt_sock_link(&rfcomm_sk_list, sk);
316
317 BT_DBG("sk %p", sk);
318 return sk;
319}
320
1b8d7ae4 321static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
1da177e4
LT		 322{
323 struct sock *sk;
324
325 BT_DBG("sock %p", sock);
326
327 sock->state = SS_UNCONNECTED;
328
329 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
330 return -ESOCKTNOSUPPORT;
331
332 sock->ops = &rfcomm_sock_ops;
333
1b8d7ae4 334 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
74da626a 335 if (!sk)
1da177e4
LT		 336 return -ENOMEM;
337
338 rfcomm_sock_init(sk, NULL);
339 return 0;
340}
341
342static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
343{
344 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
345 struct sock *sk = sock->sk;
346 int err = 0;
347
348 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
349
350 if (!addr || addr->sa_family != AF_BLUETOOTH)
351 return -EINVAL;
352
353 lock_sock(sk);
354
355 if (sk->sk_state != BT_OPEN) {
356 err = -EBADFD;
357 goto done;
358 }
359
354d28d5
MH		 360 if (sk->sk_type != SOCK_STREAM) {
361 err = -EINVAL;
362 goto done;
363 }
364
1da177e4
LT		 365 write_lock_bh(&rfcomm_sk_list.lock);
366
367 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
368 err = -EADDRINUSE;
369 } else {
370 /* Save source address */
371 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
372 rfcomm_pi(sk)->channel = sa->rc_channel;
373 sk->sk_state = BT_BOUND;
374 }
375
376 write_unlock_bh(&rfcomm_sk_list.lock);
377
378done:
379 release_sock(sk);
380 return err;
381}
382
383static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
384{
385 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
386 struct sock *sk = sock->sk;
387 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
388 int err = 0;
389
390 BT_DBG("sk %p", sk);
391
392 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
393 return -EINVAL;
394
354d28d5 395 lock_sock(sk);
1da177e4 396
354d28d5
MH		 397 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
398 err = -EBADFD;
399 goto done;
400 }
1da177e4 401
354d28d5
MH		 402 if (sk->sk_type != SOCK_STREAM) {
403 err = -EINVAL;
404 goto done;
405 }
1da177e4
LT		 406
407 sk->sk_state = BT_CONNECT;
408 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
409 rfcomm_pi(sk)->channel = sa->rc_channel;
410
77db1980
MH		 411 d->link_mode = rfcomm_pi(sk)->link_mode;
412
1da177e4
LT		 413 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
414 if (!err)
415 err = bt_sock_wait_state(sk, BT_CONNECTED,
416 sock_sndtimeo(sk, flags & O_NONBLOCK));
417
354d28d5 418done:
1da177e4
LT		 419 release_sock(sk);
420 return err;
421}
422
423static int rfcomm_sock_listen(struct socket *sock, int backlog)
424{
425 struct sock *sk = sock->sk;
426 int err = 0;
427
428 BT_DBG("sk %p backlog %d", sk, backlog);
429
430 lock_sock(sk);
431
432 if (sk->sk_state != BT_BOUND) {
433 err = -EBADFD;
434 goto done;
435 }
436
354d28d5
MH		 437 if (sk->sk_type != SOCK_STREAM) {
438 err = -EINVAL;
439 goto done;
440 }
441
1da177e4
LT		 442 if (!rfcomm_pi(sk)->channel) {
443 bdaddr_t *src = &bt_sk(sk)->src;
444 u8 channel;
445
446 err = -EINVAL;
447
448 write_lock_bh(&rfcomm_sk_list.lock);
449
450 for (channel = 1; channel < 31; channel++)
451 if (!__rfcomm_get_sock_by_addr(channel, src)) {
452 rfcomm_pi(sk)->channel = channel;
453 err = 0;
454 break;
455 }
456
457 write_unlock_bh(&rfcomm_sk_list.lock);
458
459 if (err < 0)
460 goto done;
461 }
462
463 sk->sk_max_ack_backlog = backlog;
464 sk->sk_ack_backlog = 0;
465 sk->sk_state = BT_LISTEN;
466
467done:
468 release_sock(sk);
469 return err;
470}
471
472static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
473{
474 DECLARE_WAITQUEUE(wait, current);
475 struct sock *sk = sock->sk, *nsk;
476 long timeo;
477 int err = 0;
478
479 lock_sock(sk);
480
481 if (sk->sk_state != BT_LISTEN) {
482 err = -EBADFD;
483 goto done;
484 }
485
354d28d5
MH		 486 if (sk->sk_type != SOCK_STREAM) {
487 err = -EINVAL;
488 goto done;
489 }
490
1da177e4
LT		 491 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
492
493 BT_DBG("sk %p timeo %ld", sk, timeo);
494
495 /* Wait for an incoming connection. (wake-one). */
496 add_wait_queue_exclusive(sk->sk_sleep, &wait);
497 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
498 set_current_state(TASK_INTERRUPTIBLE);
499 if (!timeo) {
500 err = -EAGAIN;
501 break;
502 }
503
504 release_sock(sk);
505 timeo = schedule_timeout(timeo);
506 lock_sock(sk);
507
508 if (sk->sk_state != BT_LISTEN) {
509 err = -EBADFD;
510 break;
511 }
512
513 if (signal_pending(current)) {
514 err = sock_intr_errno(timeo);
515 break;
516 }
517 }
518 set_current_state(TASK_RUNNING);
519 remove_wait_queue(sk->sk_sleep, &wait);
520
521 if (err)
522 goto done;
523
524 newsock->state = SS_CONNECTED;
525
526 BT_DBG("new socket %p", nsk);
527
528done:
529 release_sock(sk);
530 return err;
531}
532
533static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
534{
535 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
536 struct sock *sk = sock->sk;
537
538 BT_DBG("sock %p, sk %p", sock, sk);
539
540 sa->rc_family = AF_BLUETOOTH;
541 sa->rc_channel = rfcomm_pi(sk)->channel;
542 if (peer)
543 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
544 else
545 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
546
547 *len = sizeof(struct sockaddr_rc);
548 return 0;
549}
550
551static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
552 struct msghdr *msg, size_t len)
553{
554 struct sock *sk = sock->sk;
555 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
556 struct sk_buff *skb;
1da177e4
LT		 557 int sent = 0;
558
bb23c0ab
MH		 559 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
560 return -ENOTCONN;
561
1da177e4
LT		 562 if (msg->msg_flags & MSG_OOB)
563 return -EOPNOTSUPP;
564
565 if (sk->sk_shutdown & SEND_SHUTDOWN)
566 return -EPIPE;
567
568 BT_DBG("sock %p, sk %p", sock, sk);
569
570 lock_sock(sk);
571
572 while (len) {
573 size_t size = min_t(size_t, len, d->mtu);
4d6a2188 574 int err;
8e87d142 575
1da177e4
LT		 576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
577 msg->msg_flags & MSG_DONTWAIT, &err);
91aa35a5
VS		 578 if (!skb) {
579 if (sent == 0)
580 sent = err;
1da177e4 581 break;
91aa35a5 582 }
1da177e4
LT		 583 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
584
585 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
586 if (err) {
587 kfree_skb(skb);
4d6a2188
MH		 588 if (sent == 0)
589 sent = err;
1da177e4
LT		 590 break;
591 }
592
593 err = rfcomm_dlc_send(d, skb);
594 if (err < 0) {
595 kfree_skb(skb);
4d6a2188
MH		 596 if (sent == 0)
597 sent = err;
1da177e4
LT		 598 break;
599 }
600
601 sent += size;
602 len -= size;
603 }
604
605 release_sock(sk);
606
4d6a2188 607 return sent;
1da177e4
LT		 608}
609
610static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
611{
612 DECLARE_WAITQUEUE(wait, current);
613
614 add_wait_queue(sk->sk_sleep, &wait);
615 for (;;) {
616 set_current_state(TASK_INTERRUPTIBLE);
617
b03efcfb
DM		 618 if (!skb_queue_empty(&sk->sk_receive_queue) ||
619 sk->sk_err ||
620 (sk->sk_shutdown & RCV_SHUTDOWN) ||
621 signal_pending(current) ||
622 !timeo)
1da177e4
LT		 623 break;
624
625 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
626 release_sock(sk);
627 timeo = schedule_timeout(timeo);
628 lock_sock(sk);
629 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
630 }
631
632 __set_current_state(TASK_RUNNING);
633 remove_wait_queue(sk->sk_sleep, &wait);
634 return timeo;
635}
636
637static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
638 struct msghdr *msg, size_t size, int flags)
639{
640 struct sock *sk = sock->sk;
bb23c0ab 641 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
1da177e4
LT		 642 int err = 0;
643 size_t target, copied = 0;
644 long timeo;
645
bb23c0ab
MH		 646 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
647 rfcomm_dlc_accept(d);
648 return 0;
649 }
650
1da177e4
LT		 651 if (flags & MSG_OOB)
652 return -EOPNOTSUPP;
653
654 msg->msg_namelen = 0;
655
a418b893 656 BT_DBG("sk %p size %zu", sk, size);
1da177e4
LT		 657
658 lock_sock(sk);
659
660 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
661 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
662
663 do {
664 struct sk_buff *skb;
665 int chunk;
666
667 skb = skb_dequeue(&sk->sk_receive_queue);
668 if (!skb) {
669 if (copied >= target)
670 break;
671
672 if ((err = sock_error(sk)) != 0)
673 break;
674 if (sk->sk_shutdown & RCV_SHUTDOWN)
675 break;
676
677 err = -EAGAIN;
678 if (!timeo)
679 break;
680
681 timeo = rfcomm_sock_data_wait(sk, timeo);
682
683 if (signal_pending(current)) {
684 err = sock_intr_errno(timeo);
685 goto out;
686 }
687 continue;
688 }
689
690 chunk = min_t(unsigned int, skb->len, size);
691 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
692 skb_queue_head(&sk->sk_receive_queue, skb);
693 if (!copied)
694 copied = -EFAULT;
695 break;
696 }
697 copied += chunk;
698 size -= chunk;
699
3241ad82
MH		 700 sock_recv_timestamp(msg, sk, skb);
701
1da177e4
LT		 702 if (!(flags & MSG_PEEK)) {
703 atomic_sub(chunk, &sk->sk_rmem_alloc);
704
705 skb_pull(skb, chunk);
706 if (skb->len) {
707 skb_queue_head(&sk->sk_receive_queue, skb);
708 break;
709 }
710 kfree_skb(skb);
711
712 } else {
713 /* put message back and return */
714 skb_queue_head(&sk->sk_receive_queue, skb);
715 break;
716 }
717 } while (size);
718
719out:
720 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
721 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
722
723 release_sock(sk);
724 return copied ? : err;
725}
726
d58daf42 727static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
1da177e4
LT		 728{
729 struct sock *sk = sock->sk;
730 int err = 0;
731 u32 opt;
732
733 BT_DBG("sk %p", sk);
734
735 lock_sock(sk);
736
737 switch (optname) {
738 case RFCOMM_LM:
739 if (get_user(opt, (u32 __user *) optval)) {
740 err = -EFAULT;
741 break;
742 }
743
744 rfcomm_pi(sk)->link_mode = opt;
745 break;
746
747 default:
748 err = -ENOPROTOOPT;
749 break;
750 }
751
752 release_sock(sk);
753 return err;
754}
755
d58daf42
MH		 756static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
757{
758 struct sock *sk = sock->sk;
759 int err = 0;
bb23c0ab 760 u32 opt;
d58daf42
MH		 761
762 BT_DBG("sk %p", sk);
763
764 if (level == SOL_RFCOMM)
765 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
766
767 lock_sock(sk);
768
769 switch (optname) {
bb23c0ab
MH		 770 case BT_DEFER_SETUP:
771 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
772 err = -EINVAL;
773 break;
774 }
775
776 if (get_user(opt, (u32 __user *) optval)) {
777 err = -EFAULT;
778 break;
779 }
780
781 bt_sk(sk)->defer_setup = opt;
782 break;
783
d58daf42
MH		 784 default:
785 err = -ENOPROTOOPT;
786 break;
787 }
788
789 release_sock(sk);
790 return err;
791}
792
793static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 794{
795 struct sock *sk = sock->sk;
796 struct sock *l2cap_sk;
797 struct rfcomm_conninfo cinfo;
798 int len, err = 0;
799
800 BT_DBG("sk %p", sk);
801
802 if (get_user(len, optlen))
803 return -EFAULT;
804
805 lock_sock(sk);
806
807 switch (optname) {
808 case RFCOMM_LM:
809 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
810 err = -EFAULT;
811 break;
812
813 case RFCOMM_CONNINFO:
bb23c0ab
MH		 814 if (sk->sk_state != BT_CONNECTED &&
815 !rfcomm_pi(sk)->dlc->defer_setup) {
1da177e4
LT		 816 err = -ENOTCONN;
817 break;
818 }
819
820 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
821
822 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
823 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
824
825 len = min_t(unsigned int, len, sizeof(cinfo));
826 if (copy_to_user(optval, (char *) &cinfo, len))
827 err = -EFAULT;
828
829 break;
830
831 default:
832 err = -ENOPROTOOPT;
833 break;
834 }
835
836 release_sock(sk);
d58daf42
MH		 837 return err;
838}
839
840static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
841{
842 struct sock *sk = sock->sk;
843 int len, err = 0;
844
845 BT_DBG("sk %p", sk);
846
847 if (level == SOL_RFCOMM)
848 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
849
850 if (get_user(len, optlen))
851 return -EFAULT;
852
853 lock_sock(sk);
854
855 switch (optname) {
bb23c0ab
MH		 856 case BT_DEFER_SETUP:
857 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
858 err = -EINVAL;
859 break;
860 }
861
862 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
863 err = -EFAULT;
864
865 break;
866
d58daf42
MH		 867 default:
868 err = -ENOPROTOOPT;
869 break;
870 }
871
872 release_sock(sk);
1da177e4
LT		 873 return err;
874}
875
876static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
877{
e19caae7 878 struct sock *sk __maybe_unused = sock->sk;
1da177e4
LT		 879 int err;
880
e19caae7 881 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
1da177e4 882
3241ad82 883 err = bt_sock_ioctl(sock, cmd, arg);
1da177e4 884
3241ad82 885 if (err == -ENOIOCTLCMD) {
1da177e4 886#ifdef CONFIG_BT_RFCOMM_TTY
3241ad82
MH		 887 lock_sock(sk);
888 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
889 release_sock(sk);
1da177e4 890#else
3241ad82 891 err = -EOPNOTSUPP;
1da177e4 892#endif
3241ad82 893 }
1da177e4 894
1da177e4
LT		 895 return err;
896}
897
898static int rfcomm_sock_shutdown(struct socket *sock, int how)
899{
900 struct sock *sk = sock->sk;
901 int err = 0;
902
903 BT_DBG("sock %p, sk %p", sock, sk);
904
905 if (!sk) return 0;
906
907 lock_sock(sk);
908 if (!sk->sk_shutdown) {
909 sk->sk_shutdown = SHUTDOWN_MASK;
910 __rfcomm_sock_close(sk);
911
912 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
913 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
914 }
915 release_sock(sk);
916 return err;
917}
918
919static int rfcomm_sock_release(struct socket *sock)
920{
921 struct sock *sk = sock->sk;
922 int err;
923
924 BT_DBG("sock %p, sk %p", sock, sk);
925
926 if (!sk)
927 return 0;
928
929 err = rfcomm_sock_shutdown(sock, 2);
930
931 sock_orphan(sk);
932 rfcomm_sock_kill(sk);
933 return err;
934}
935
8e87d142 936/* ---- RFCOMM core layer callbacks ----
1da177e4
LT		 937 *
938 * called under rfcomm_lock()
939 */
940int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
941{
942 struct sock *sk, *parent;
943 bdaddr_t src, dst;
944 int result = 0;
945
946 BT_DBG("session %p channel %d", s, channel);
947
948 rfcomm_session_getaddr(s, &src, &dst);
949
950 /* Check if we have socket listening on channel */
951 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
952 if (!parent)
953 return 0;
954
955 /* Check for backlog size */
956 if (sk_acceptq_is_full(parent)) {
8e87d142 957 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 958 goto done;
959 }
960
3b1e0a65 961 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1da177e4
LT		 962 if (!sk)
963 goto done;
964
965 rfcomm_sock_init(sk, parent);
966 bacpy(&bt_sk(sk)->src, &src);
967 bacpy(&bt_sk(sk)->dst, &dst);
968 rfcomm_pi(sk)->channel = channel;
969
970 sk->sk_state = BT_CONFIG;
971 bt_accept_enqueue(parent, sk);
972
973 /* Accept connection and return socket DLC */
974 *d = rfcomm_pi(sk)->dlc;
975 result = 1;
976
977done:
978 bh_unlock_sock(parent);
bb23c0ab
MH		 979
980 if (bt_sk(parent)->defer_setup)
981 parent->sk_state_change(parent);
982
1da177e4
LT		 983 return result;
984}
985
be9d1227 986static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 987{
988 struct sock *sk;
989 struct hlist_node *node;
be9d1227 990 char *str = buf;
1da177e4
LT		 991
992 read_lock_bh(&rfcomm_sk_list.lock);
993
be9d1227
MH		 994 sk_for_each(sk, node, &rfcomm_sk_list.head) {
995 str += sprintf(str, "%s %s %d %d\n",
996 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
997 sk->sk_state, rfcomm_pi(sk)->channel);
998 }
1da177e4 999
1da177e4 1000 read_unlock_bh(&rfcomm_sk_list.lock);
1da177e4 1001
be9d1227 1002 return (str - buf);
1da177e4
LT		 1003}
1004
be9d1227 1005static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
1da177e4 1006
90ddc4f0 1007static const struct proto_ops rfcomm_sock_ops = {
1da177e4
LT		 1008 .family = PF_BLUETOOTH,
1009 .owner = THIS_MODULE,
1010 .release = rfcomm_sock_release,
1011 .bind = rfcomm_sock_bind,
1012 .connect = rfcomm_sock_connect,
1013 .listen = rfcomm_sock_listen,
1014 .accept = rfcomm_sock_accept,
1015 .getname = rfcomm_sock_getname,
1016 .sendmsg = rfcomm_sock_sendmsg,
1017 .recvmsg = rfcomm_sock_recvmsg,
1018 .shutdown = rfcomm_sock_shutdown,
1019 .setsockopt = rfcomm_sock_setsockopt,
1020 .getsockopt = rfcomm_sock_getsockopt,
1021 .ioctl = rfcomm_sock_ioctl,
1022 .poll = bt_sock_poll,
1023 .socketpair = sock_no_socketpair,
1024 .mmap = sock_no_mmap
1025};
1026
1027static struct net_proto_family rfcomm_sock_family_ops = {
1028 .family = PF_BLUETOOTH,
1029 .owner = THIS_MODULE,
1030 .create = rfcomm_sock_create
1031};
1032
be9d1227 1033int __init rfcomm_init_sockets(void)
1da177e4
LT		 1034{
1035 int err;
1036
1037 err = proto_register(&rfcomm_proto, 0);
1038 if (err < 0)
1039 return err;
1040
1041 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1042 if (err < 0)
1043 goto error;
1044
df5c37ea
MH		 1045 if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
1046 BT_ERR("Failed to create RFCOMM info file");
1da177e4
LT		 1047
1048 BT_INFO("RFCOMM socket layer initialized");
1049
1050 return 0;
1051
1052error:
1053 BT_ERR("RFCOMM socket layer registration failed");
1054 proto_unregister(&rfcomm_proto);
1055 return err;
1056}
1057
1058void __exit rfcomm_cleanup_sockets(void)
1059{
a91f2e39 1060 class_remove_file(bt_class, &class_attr_rfcomm);
1da177e4
LT		 1061
1062 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1063 BT_ERR("RFCOMM socket layer unregistration failed");
1064
1065 proto_unregister(&rfcomm_proto);
1066}
kernel source for telekom puls (alcatel/mediatek)