Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> | |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> | |
5 | ||
6 | This program is free software; you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License version 2 as | |
8 | published by the Free Software Foundation; | |
9 | ||
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | ||
8e87d142 YH |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ | |
23 | ||
24 | /* | |
25 | * RFCOMM sockets. | |
1da177e4 LT |
26 | */ |
27 | ||
1da177e4 LT |
28 | #include <linux/module.h> |
29 | ||
30 | #include <linux/types.h> | |
31 | #include <linux/errno.h> | |
32 | #include <linux/kernel.h> | |
1da177e4 LT |
33 | #include <linux/sched.h> |
34 | #include <linux/slab.h> | |
35 | #include <linux/poll.h> | |
36 | #include <linux/fcntl.h> | |
37 | #include <linux/init.h> | |
38 | #include <linux/interrupt.h> | |
39 | #include <linux/socket.h> | |
40 | #include <linux/skbuff.h> | |
41 | #include <linux/list.h> | |
be9d1227 | 42 | #include <linux/device.h> |
1da177e4 LT |
43 | #include <net/sock.h> |
44 | ||
45 | #include <asm/system.h> | |
46 | #include <asm/uaccess.h> | |
47 | ||
48 | #include <net/bluetooth/bluetooth.h> | |
49 | #include <net/bluetooth/hci_core.h> | |
50 | #include <net/bluetooth/l2cap.h> | |
51 | #include <net/bluetooth/rfcomm.h> | |
52 | ||
90ddc4f0 | 53 | static const struct proto_ops rfcomm_sock_ops; |
1da177e4 LT |
54 | |
55 | static struct bt_sock_list rfcomm_sk_list = { | |
d5fb2962 | 56 | .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock) |
1da177e4 LT |
57 | }; |
58 | ||
59 | static void rfcomm_sock_close(struct sock *sk); | |
60 | static void rfcomm_sock_kill(struct sock *sk); | |
61 | ||
62 | /* ---- DLC callbacks ---- | |
63 | * | |
64 | * called under rfcomm_dlc_lock() | |
65 | */ | |
66 | static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb) | |
67 | { | |
68 | struct sock *sk = d->owner; | |
69 | if (!sk) | |
70 | return; | |
71 | ||
72 | atomic_add(skb->len, &sk->sk_rmem_alloc); | |
73 | skb_queue_tail(&sk->sk_receive_queue, skb); | |
74 | sk->sk_data_ready(sk, skb->len); | |
75 | ||
76 | if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) | |
77 | rfcomm_dlc_throttle(d); | |
78 | } | |
79 | ||
80 | static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) | |
81 | { | |
82 | struct sock *sk = d->owner, *parent; | |
83 | if (!sk) | |
84 | return; | |
85 | ||
86 | BT_DBG("dlc %p state %ld err %d", d, d->state, err); | |
87 | ||
88 | bh_lock_sock(sk); | |
89 | ||
90 | if (err) | |
91 | sk->sk_err = err; | |
92 | ||
93 | sk->sk_state = d->state; | |
94 | ||
95 | parent = bt_sk(sk)->parent; | |
96 | if (parent) { | |
97 | if (d->state == BT_CLOSED) { | |
98 | sock_set_flag(sk, SOCK_ZAPPED); | |
99 | bt_accept_unlink(sk); | |
100 | } | |
101 | parent->sk_data_ready(parent, 0); | |
102 | } else { | |
103 | if (d->state == BT_CONNECTED) | |
104 | rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); | |
105 | sk->sk_state_change(sk); | |
106 | } | |
107 | ||
108 | bh_unlock_sock(sk); | |
109 | ||
110 | if (parent && sock_flag(sk, SOCK_ZAPPED)) { | |
111 | /* We have to drop DLC lock here, otherwise | |
112 | * rfcomm_sock_destruct() will dead lock. */ | |
113 | rfcomm_dlc_unlock(d); | |
114 | rfcomm_sock_kill(sk); | |
115 | rfcomm_dlc_lock(d); | |
116 | } | |
117 | } | |
118 | ||
119 | /* ---- Socket functions ---- */ | |
120 | static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) | |
121 | { | |
122 | struct sock *sk = NULL; | |
123 | struct hlist_node *node; | |
124 | ||
125 | sk_for_each(sk, node, &rfcomm_sk_list.head) { | |
8e87d142 | 126 | if (rfcomm_pi(sk)->channel == channel && |
1da177e4 LT |
127 | !bacmp(&bt_sk(sk)->src, src)) |
128 | break; | |
129 | } | |
130 | ||
131 | return node ? sk : NULL; | |
132 | } | |
133 | ||
134 | /* Find socket with channel and source bdaddr. | |
135 | * Returns closest match. | |
136 | */ | |
137 | static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) | |
138 | { | |
139 | struct sock *sk = NULL, *sk1 = NULL; | |
140 | struct hlist_node *node; | |
141 | ||
142 | sk_for_each(sk, node, &rfcomm_sk_list.head) { | |
143 | if (state && sk->sk_state != state) | |
144 | continue; | |
145 | ||
146 | if (rfcomm_pi(sk)->channel == channel) { | |
147 | /* Exact match. */ | |
148 | if (!bacmp(&bt_sk(sk)->src, src)) | |
149 | break; | |
150 | ||
151 | /* Closest match */ | |
152 | if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) | |
153 | sk1 = sk; | |
154 | } | |
155 | } | |
156 | return node ? sk : sk1; | |
157 | } | |
158 | ||
159 | /* Find socket with given address (channel, src). | |
160 | * Returns locked socket */ | |
161 | static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) | |
162 | { | |
163 | struct sock *s; | |
164 | read_lock(&rfcomm_sk_list.lock); | |
165 | s = __rfcomm_get_sock_by_channel(state, channel, src); | |
166 | if (s) bh_lock_sock(s); | |
167 | read_unlock(&rfcomm_sk_list.lock); | |
168 | return s; | |
169 | } | |
170 | ||
171 | static void rfcomm_sock_destruct(struct sock *sk) | |
172 | { | |
173 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | |
174 | ||
175 | BT_DBG("sk %p dlc %p", sk, d); | |
176 | ||
177 | skb_queue_purge(&sk->sk_receive_queue); | |
178 | skb_queue_purge(&sk->sk_write_queue); | |
179 | ||
180 | rfcomm_dlc_lock(d); | |
181 | rfcomm_pi(sk)->dlc = NULL; | |
182 | ||
183 | /* Detach DLC if it's owned by this socket */ | |
184 | if (d->owner == sk) | |
185 | d->owner = NULL; | |
186 | rfcomm_dlc_unlock(d); | |
187 | ||
188 | rfcomm_dlc_put(d); | |
189 | } | |
190 | ||
191 | static void rfcomm_sock_cleanup_listen(struct sock *parent) | |
192 | { | |
193 | struct sock *sk; | |
194 | ||
195 | BT_DBG("parent %p", parent); | |
196 | ||
197 | /* Close not yet accepted dlcs */ | |
198 | while ((sk = bt_accept_dequeue(parent, NULL))) { | |
199 | rfcomm_sock_close(sk); | |
200 | rfcomm_sock_kill(sk); | |
201 | } | |
202 | ||
203 | parent->sk_state = BT_CLOSED; | |
204 | sock_set_flag(parent, SOCK_ZAPPED); | |
205 | } | |
206 | ||
207 | /* Kill socket (only if zapped and orphan) | |
208 | * Must be called on unlocked socket. | |
209 | */ | |
210 | static void rfcomm_sock_kill(struct sock *sk) | |
211 | { | |
212 | if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) | |
213 | return; | |
214 | ||
215 | BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt)); | |
216 | ||
217 | /* Kill poor orphan */ | |
218 | bt_sock_unlink(&rfcomm_sk_list, sk); | |
219 | sock_set_flag(sk, SOCK_DEAD); | |
220 | sock_put(sk); | |
221 | } | |
222 | ||
223 | static void __rfcomm_sock_close(struct sock *sk) | |
224 | { | |
225 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | |
226 | ||
227 | BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); | |
228 | ||
229 | switch (sk->sk_state) { | |
230 | case BT_LISTEN: | |
231 | rfcomm_sock_cleanup_listen(sk); | |
232 | break; | |
233 | ||
234 | case BT_CONNECT: | |
235 | case BT_CONNECT2: | |
236 | case BT_CONFIG: | |
237 | case BT_CONNECTED: | |
238 | rfcomm_dlc_close(d, 0); | |
239 | ||
240 | default: | |
241 | sock_set_flag(sk, SOCK_ZAPPED); | |
242 | break; | |
243 | } | |
244 | } | |
245 | ||
246 | /* Close socket. | |
247 | * Must be called on unlocked socket. | |
248 | */ | |
249 | static void rfcomm_sock_close(struct sock *sk) | |
250 | { | |
251 | lock_sock(sk); | |
252 | __rfcomm_sock_close(sk); | |
253 | release_sock(sk); | |
254 | } | |
255 | ||
256 | static void rfcomm_sock_init(struct sock *sk, struct sock *parent) | |
257 | { | |
258 | struct rfcomm_pinfo *pi = rfcomm_pi(sk); | |
259 | ||
260 | BT_DBG("sk %p", sk); | |
261 | ||
262 | if (parent) { | |
263 | sk->sk_type = parent->sk_type; | |
264 | pi->link_mode = rfcomm_pi(parent)->link_mode; | |
bb23c0ab | 265 | pi->dlc->defer_setup = bt_sk(parent)->defer_setup; |
1da177e4 LT |
266 | } else { |
267 | pi->link_mode = 0; | |
bb23c0ab | 268 | pi->dlc->defer_setup = 0; |
1da177e4 LT |
269 | } |
270 | ||
271 | pi->dlc->link_mode = pi->link_mode; | |
272 | } | |
273 | ||
274 | static struct proto rfcomm_proto = { | |
275 | .name = "RFCOMM", | |
276 | .owner = THIS_MODULE, | |
277 | .obj_size = sizeof(struct rfcomm_pinfo) | |
278 | }; | |
279 | ||
1b8d7ae4 | 280 | static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) |
1da177e4 LT |
281 | { |
282 | struct rfcomm_dlc *d; | |
283 | struct sock *sk; | |
284 | ||
6257ff21 | 285 | sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto); |
1da177e4 LT |
286 | if (!sk) |
287 | return NULL; | |
288 | ||
289 | sock_init_data(sock, sk); | |
290 | INIT_LIST_HEAD(&bt_sk(sk)->accept_q); | |
291 | ||
292 | d = rfcomm_dlc_alloc(prio); | |
293 | if (!d) { | |
294 | sk_free(sk); | |
295 | return NULL; | |
296 | } | |
297 | ||
298 | d->data_ready = rfcomm_sk_data_ready; | |
299 | d->state_change = rfcomm_sk_state_change; | |
300 | ||
301 | rfcomm_pi(sk)->dlc = d; | |
302 | d->owner = sk; | |
303 | ||
304 | sk->sk_destruct = rfcomm_sock_destruct; | |
305 | sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; | |
306 | ||
77db1980 MH |
307 | sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; |
308 | sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; | |
1da177e4 LT |
309 | |
310 | sock_reset_flag(sk, SOCK_ZAPPED); | |
311 | ||
312 | sk->sk_protocol = proto; | |
77db1980 | 313 | sk->sk_state = BT_OPEN; |
1da177e4 LT |
314 | |
315 | bt_sock_link(&rfcomm_sk_list, sk); | |
316 | ||
317 | BT_DBG("sk %p", sk); | |
318 | return sk; | |
319 | } | |
320 | ||
1b8d7ae4 | 321 | static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) |
1da177e4 LT |
322 | { |
323 | struct sock *sk; | |
324 | ||
325 | BT_DBG("sock %p", sock); | |
326 | ||
327 | sock->state = SS_UNCONNECTED; | |
328 | ||
329 | if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW) | |
330 | return -ESOCKTNOSUPPORT; | |
331 | ||
332 | sock->ops = &rfcomm_sock_ops; | |
333 | ||
1b8d7ae4 | 334 | sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); |
74da626a | 335 | if (!sk) |
1da177e4 LT |
336 | return -ENOMEM; |
337 | ||
338 | rfcomm_sock_init(sk, NULL); | |
339 | return 0; | |
340 | } | |
341 | ||
342 | static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) | |
343 | { | |
344 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; | |
345 | struct sock *sk = sock->sk; | |
346 | int err = 0; | |
347 | ||
348 | BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); | |
349 | ||
350 | if (!addr || addr->sa_family != AF_BLUETOOTH) | |
351 | return -EINVAL; | |
352 | ||
353 | lock_sock(sk); | |
354 | ||
355 | if (sk->sk_state != BT_OPEN) { | |
356 | err = -EBADFD; | |
357 | goto done; | |
358 | } | |
359 | ||
354d28d5 MH |
360 | if (sk->sk_type != SOCK_STREAM) { |
361 | err = -EINVAL; | |
362 | goto done; | |
363 | } | |
364 | ||
1da177e4 LT |
365 | write_lock_bh(&rfcomm_sk_list.lock); |
366 | ||
367 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { | |
368 | err = -EADDRINUSE; | |
369 | } else { | |
370 | /* Save source address */ | |
371 | bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); | |
372 | rfcomm_pi(sk)->channel = sa->rc_channel; | |
373 | sk->sk_state = BT_BOUND; | |
374 | } | |
375 | ||
376 | write_unlock_bh(&rfcomm_sk_list.lock); | |
377 | ||
378 | done: | |
379 | release_sock(sk); | |
380 | return err; | |
381 | } | |
382 | ||
383 | static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) | |
384 | { | |
385 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; | |
386 | struct sock *sk = sock->sk; | |
387 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | |
388 | int err = 0; | |
389 | ||
390 | BT_DBG("sk %p", sk); | |
391 | ||
392 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) | |
393 | return -EINVAL; | |
394 | ||
354d28d5 | 395 | lock_sock(sk); |
1da177e4 | 396 | |
354d28d5 MH |
397 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) { |
398 | err = -EBADFD; | |
399 | goto done; | |
400 | } | |
1da177e4 | 401 | |
354d28d5 MH |
402 | if (sk->sk_type != SOCK_STREAM) { |
403 | err = -EINVAL; | |
404 | goto done; | |
405 | } | |
1da177e4 LT |
406 | |
407 | sk->sk_state = BT_CONNECT; | |
408 | bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); | |
409 | rfcomm_pi(sk)->channel = sa->rc_channel; | |
410 | ||
77db1980 MH |
411 | d->link_mode = rfcomm_pi(sk)->link_mode; |
412 | ||
1da177e4 LT |
413 | err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); |
414 | if (!err) | |
415 | err = bt_sock_wait_state(sk, BT_CONNECTED, | |
416 | sock_sndtimeo(sk, flags & O_NONBLOCK)); | |
417 | ||
354d28d5 | 418 | done: |
1da177e4 LT |
419 | release_sock(sk); |
420 | return err; | |
421 | } | |
422 | ||
423 | static int rfcomm_sock_listen(struct socket *sock, int backlog) | |
424 | { | |
425 | struct sock *sk = sock->sk; | |
426 | int err = 0; | |
427 | ||
428 | BT_DBG("sk %p backlog %d", sk, backlog); | |
429 | ||
430 | lock_sock(sk); | |
431 | ||
432 | if (sk->sk_state != BT_BOUND) { | |
433 | err = -EBADFD; | |
434 | goto done; | |
435 | } | |
436 | ||
354d28d5 MH |
437 | if (sk->sk_type != SOCK_STREAM) { |
438 | err = -EINVAL; | |
439 | goto done; | |
440 | } | |
441 | ||
1da177e4 LT |
442 | if (!rfcomm_pi(sk)->channel) { |
443 | bdaddr_t *src = &bt_sk(sk)->src; | |
444 | u8 channel; | |
445 | ||
446 | err = -EINVAL; | |
447 | ||
448 | write_lock_bh(&rfcomm_sk_list.lock); | |
449 | ||
450 | for (channel = 1; channel < 31; channel++) | |
451 | if (!__rfcomm_get_sock_by_addr(channel, src)) { | |
452 | rfcomm_pi(sk)->channel = channel; | |
453 | err = 0; | |
454 | break; | |
455 | } | |
456 | ||
457 | write_unlock_bh(&rfcomm_sk_list.lock); | |
458 | ||
459 | if (err < 0) | |
460 | goto done; | |
461 | } | |
462 | ||
463 | sk->sk_max_ack_backlog = backlog; | |
464 | sk->sk_ack_backlog = 0; | |
465 | sk->sk_state = BT_LISTEN; | |
466 | ||
467 | done: | |
468 | release_sock(sk); | |
469 | return err; | |
470 | } | |
471 | ||
472 | static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags) | |
473 | { | |
474 | DECLARE_WAITQUEUE(wait, current); | |
475 | struct sock *sk = sock->sk, *nsk; | |
476 | long timeo; | |
477 | int err = 0; | |
478 | ||
479 | lock_sock(sk); | |
480 | ||
481 | if (sk->sk_state != BT_LISTEN) { | |
482 | err = -EBADFD; | |
483 | goto done; | |
484 | } | |
485 | ||
354d28d5 MH |
486 | if (sk->sk_type != SOCK_STREAM) { |
487 | err = -EINVAL; | |
488 | goto done; | |
489 | } | |
490 | ||
1da177e4 LT |
491 | timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); |
492 | ||
493 | BT_DBG("sk %p timeo %ld", sk, timeo); | |
494 | ||
495 | /* Wait for an incoming connection. (wake-one). */ | |
496 | add_wait_queue_exclusive(sk->sk_sleep, &wait); | |
497 | while (!(nsk = bt_accept_dequeue(sk, newsock))) { | |
498 | set_current_state(TASK_INTERRUPTIBLE); | |
499 | if (!timeo) { | |
500 | err = -EAGAIN; | |
501 | break; | |
502 | } | |
503 | ||
504 | release_sock(sk); | |
505 | timeo = schedule_timeout(timeo); | |
506 | lock_sock(sk); | |
507 | ||
508 | if (sk->sk_state != BT_LISTEN) { | |
509 | err = -EBADFD; | |
510 | break; | |
511 | } | |
512 | ||
513 | if (signal_pending(current)) { | |
514 | err = sock_intr_errno(timeo); | |
515 | break; | |
516 | } | |
517 | } | |
518 | set_current_state(TASK_RUNNING); | |
519 | remove_wait_queue(sk->sk_sleep, &wait); | |
520 | ||
521 | if (err) | |
522 | goto done; | |
523 | ||
524 | newsock->state = SS_CONNECTED; | |
525 | ||
526 | BT_DBG("new socket %p", nsk); | |
527 | ||
528 | done: | |
529 | release_sock(sk); | |
530 | return err; | |
531 | } | |
532 | ||
533 | static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) | |
534 | { | |
535 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; | |
536 | struct sock *sk = sock->sk; | |
537 | ||
538 | BT_DBG("sock %p, sk %p", sock, sk); | |
539 | ||
540 | sa->rc_family = AF_BLUETOOTH; | |
541 | sa->rc_channel = rfcomm_pi(sk)->channel; | |
542 | if (peer) | |
543 | bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); | |
544 | else | |
545 | bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); | |
546 | ||
547 | *len = sizeof(struct sockaddr_rc); | |
548 | return 0; | |
549 | } | |
550 | ||
551 | static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |
552 | struct msghdr *msg, size_t len) | |
553 | { | |
554 | struct sock *sk = sock->sk; | |
555 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | |
556 | struct sk_buff *skb; | |
1da177e4 LT |
557 | int sent = 0; |
558 | ||
bb23c0ab MH |
559 | if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) |
560 | return -ENOTCONN; | |
561 | ||
1da177e4 LT |
562 | if (msg->msg_flags & MSG_OOB) |
563 | return -EOPNOTSUPP; | |
564 | ||
565 | if (sk->sk_shutdown & SEND_SHUTDOWN) | |
566 | return -EPIPE; | |
567 | ||
568 | BT_DBG("sock %p, sk %p", sock, sk); | |
569 | ||
570 | lock_sock(sk); | |
571 | ||
572 | while (len) { | |
573 | size_t size = min_t(size_t, len, d->mtu); | |
4d6a2188 | 574 | int err; |
8e87d142 | 575 | |
1da177e4 LT |
576 | skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, |
577 | msg->msg_flags & MSG_DONTWAIT, &err); | |
91aa35a5 VS |
578 | if (!skb) { |
579 | if (sent == 0) | |
580 | sent = err; | |
1da177e4 | 581 | break; |
91aa35a5 | 582 | } |
1da177e4 LT |
583 | skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); |
584 | ||
585 | err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); | |
586 | if (err) { | |
587 | kfree_skb(skb); | |
4d6a2188 MH |
588 | if (sent == 0) |
589 | sent = err; | |
1da177e4 LT |
590 | break; |
591 | } | |
592 | ||
593 | err = rfcomm_dlc_send(d, skb); | |
594 | if (err < 0) { | |
595 | kfree_skb(skb); | |
4d6a2188 MH |
596 | if (sent == 0) |
597 | sent = err; | |
1da177e4 LT |
598 | break; |
599 | } | |
600 | ||
601 | sent += size; | |
602 | len -= size; | |
603 | } | |
604 | ||
605 | release_sock(sk); | |
606 | ||
4d6a2188 | 607 | return sent; |
1da177e4 LT |
608 | } |
609 | ||
610 | static long rfcomm_sock_data_wait(struct sock *sk, long timeo) | |
611 | { | |
612 | DECLARE_WAITQUEUE(wait, current); | |
613 | ||
614 | add_wait_queue(sk->sk_sleep, &wait); | |
615 | for (;;) { | |
616 | set_current_state(TASK_INTERRUPTIBLE); | |
617 | ||
b03efcfb DM |
618 | if (!skb_queue_empty(&sk->sk_receive_queue) || |
619 | sk->sk_err || | |
620 | (sk->sk_shutdown & RCV_SHUTDOWN) || | |
621 | signal_pending(current) || | |
622 | !timeo) | |
1da177e4 LT |
623 | break; |
624 | ||
625 | set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); | |
626 | release_sock(sk); | |
627 | timeo = schedule_timeout(timeo); | |
628 | lock_sock(sk); | |
629 | clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); | |
630 | } | |
631 | ||
632 | __set_current_state(TASK_RUNNING); | |
633 | remove_wait_queue(sk->sk_sleep, &wait); | |
634 | return timeo; | |
635 | } | |
636 | ||
637 | static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |
638 | struct msghdr *msg, size_t size, int flags) | |
639 | { | |
640 | struct sock *sk = sock->sk; | |
bb23c0ab | 641 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
1da177e4 LT |
642 | int err = 0; |
643 | size_t target, copied = 0; | |
644 | long timeo; | |
645 | ||
bb23c0ab MH |
646 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
647 | rfcomm_dlc_accept(d); | |
648 | return 0; | |
649 | } | |
650 | ||
1da177e4 LT |
651 | if (flags & MSG_OOB) |
652 | return -EOPNOTSUPP; | |
653 | ||
654 | msg->msg_namelen = 0; | |
655 | ||
a418b893 | 656 | BT_DBG("sk %p size %zu", sk, size); |
1da177e4 LT |
657 | |
658 | lock_sock(sk); | |
659 | ||
660 | target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); | |
661 | timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); | |
662 | ||
663 | do { | |
664 | struct sk_buff *skb; | |
665 | int chunk; | |
666 | ||
667 | skb = skb_dequeue(&sk->sk_receive_queue); | |
668 | if (!skb) { | |
669 | if (copied >= target) | |
670 | break; | |
671 | ||
672 | if ((err = sock_error(sk)) != 0) | |
673 | break; | |
674 | if (sk->sk_shutdown & RCV_SHUTDOWN) | |
675 | break; | |
676 | ||
677 | err = -EAGAIN; | |
678 | if (!timeo) | |
679 | break; | |
680 | ||
681 | timeo = rfcomm_sock_data_wait(sk, timeo); | |
682 | ||
683 | if (signal_pending(current)) { | |
684 | err = sock_intr_errno(timeo); | |
685 | goto out; | |
686 | } | |
687 | continue; | |
688 | } | |
689 | ||
690 | chunk = min_t(unsigned int, skb->len, size); | |
691 | if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { | |
692 | skb_queue_head(&sk->sk_receive_queue, skb); | |
693 | if (!copied) | |
694 | copied = -EFAULT; | |
695 | break; | |
696 | } | |
697 | copied += chunk; | |
698 | size -= chunk; | |
699 | ||
3241ad82 MH |
700 | sock_recv_timestamp(msg, sk, skb); |
701 | ||
1da177e4 LT |
702 | if (!(flags & MSG_PEEK)) { |
703 | atomic_sub(chunk, &sk->sk_rmem_alloc); | |
704 | ||
705 | skb_pull(skb, chunk); | |
706 | if (skb->len) { | |
707 | skb_queue_head(&sk->sk_receive_queue, skb); | |
708 | break; | |
709 | } | |
710 | kfree_skb(skb); | |
711 | ||
712 | } else { | |
713 | /* put message back and return */ | |
714 | skb_queue_head(&sk->sk_receive_queue, skb); | |
715 | break; | |
716 | } | |
717 | } while (size); | |
718 | ||
719 | out: | |
720 | if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) | |
721 | rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); | |
722 | ||
723 | release_sock(sk); | |
724 | return copied ? : err; | |
725 | } | |
726 | ||
d58daf42 | 727 | static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen) |
1da177e4 LT |
728 | { |
729 | struct sock *sk = sock->sk; | |
730 | int err = 0; | |
731 | u32 opt; | |
732 | ||
733 | BT_DBG("sk %p", sk); | |
734 | ||
735 | lock_sock(sk); | |
736 | ||
737 | switch (optname) { | |
738 | case RFCOMM_LM: | |
739 | if (get_user(opt, (u32 __user *) optval)) { | |
740 | err = -EFAULT; | |
741 | break; | |
742 | } | |
743 | ||
744 | rfcomm_pi(sk)->link_mode = opt; | |
745 | break; | |
746 | ||
747 | default: | |
748 | err = -ENOPROTOOPT; | |
749 | break; | |
750 | } | |
751 | ||
752 | release_sock(sk); | |
753 | return err; | |
754 | } | |
755 | ||
d58daf42 MH |
756 | static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) |
757 | { | |
758 | struct sock *sk = sock->sk; | |
759 | int err = 0; | |
bb23c0ab | 760 | u32 opt; |
d58daf42 MH |
761 | |
762 | BT_DBG("sk %p", sk); | |
763 | ||
764 | if (level == SOL_RFCOMM) | |
765 | return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); | |
766 | ||
767 | lock_sock(sk); | |
768 | ||
769 | switch (optname) { | |
bb23c0ab MH |
770 | case BT_DEFER_SETUP: |
771 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | |
772 | err = -EINVAL; | |
773 | break; | |
774 | } | |
775 | ||
776 | if (get_user(opt, (u32 __user *) optval)) { | |
777 | err = -EFAULT; | |
778 | break; | |
779 | } | |
780 | ||
781 | bt_sk(sk)->defer_setup = opt; | |
782 | break; | |
783 | ||
d58daf42 MH |
784 | default: |
785 | err = -ENOPROTOOPT; | |
786 | break; | |
787 | } | |
788 | ||
789 | release_sock(sk); | |
790 | return err; | |
791 | } | |
792 | ||
793 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) | |
1da177e4 LT |
794 | { |
795 | struct sock *sk = sock->sk; | |
796 | struct sock *l2cap_sk; | |
797 | struct rfcomm_conninfo cinfo; | |
798 | int len, err = 0; | |
799 | ||
800 | BT_DBG("sk %p", sk); | |
801 | ||
802 | if (get_user(len, optlen)) | |
803 | return -EFAULT; | |
804 | ||
805 | lock_sock(sk); | |
806 | ||
807 | switch (optname) { | |
808 | case RFCOMM_LM: | |
809 | if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) | |
810 | err = -EFAULT; | |
811 | break; | |
812 | ||
813 | case RFCOMM_CONNINFO: | |
bb23c0ab MH |
814 | if (sk->sk_state != BT_CONNECTED && |
815 | !rfcomm_pi(sk)->dlc->defer_setup) { | |
1da177e4 LT |
816 | err = -ENOTCONN; |
817 | break; | |
818 | } | |
819 | ||
820 | l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; | |
821 | ||
822 | cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; | |
823 | memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); | |
824 | ||
825 | len = min_t(unsigned int, len, sizeof(cinfo)); | |
826 | if (copy_to_user(optval, (char *) &cinfo, len)) | |
827 | err = -EFAULT; | |
828 | ||
829 | break; | |
830 | ||
831 | default: | |
832 | err = -ENOPROTOOPT; | |
833 | break; | |
834 | } | |
835 | ||
836 | release_sock(sk); | |
d58daf42 MH |
837 | return err; |
838 | } | |
839 | ||
840 | static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | |
841 | { | |
842 | struct sock *sk = sock->sk; | |
843 | int len, err = 0; | |
844 | ||
845 | BT_DBG("sk %p", sk); | |
846 | ||
847 | if (level == SOL_RFCOMM) | |
848 | return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); | |
849 | ||
850 | if (get_user(len, optlen)) | |
851 | return -EFAULT; | |
852 | ||
853 | lock_sock(sk); | |
854 | ||
855 | switch (optname) { | |
bb23c0ab MH |
856 | case BT_DEFER_SETUP: |
857 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | |
858 | err = -EINVAL; | |
859 | break; | |
860 | } | |
861 | ||
862 | if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) | |
863 | err = -EFAULT; | |
864 | ||
865 | break; | |
866 | ||
d58daf42 MH |
867 | default: |
868 | err = -ENOPROTOOPT; | |
869 | break; | |
870 | } | |
871 | ||
872 | release_sock(sk); | |
1da177e4 LT |
873 | return err; |
874 | } | |
875 | ||
876 | static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | |
877 | { | |
e19caae7 | 878 | struct sock *sk __maybe_unused = sock->sk; |
1da177e4 LT |
879 | int err; |
880 | ||
e19caae7 | 881 | BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg); |
1da177e4 | 882 | |
3241ad82 | 883 | err = bt_sock_ioctl(sock, cmd, arg); |
1da177e4 | 884 | |
3241ad82 | 885 | if (err == -ENOIOCTLCMD) { |
1da177e4 | 886 | #ifdef CONFIG_BT_RFCOMM_TTY |
3241ad82 MH |
887 | lock_sock(sk); |
888 | err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg); | |
889 | release_sock(sk); | |
1da177e4 | 890 | #else |
3241ad82 | 891 | err = -EOPNOTSUPP; |
1da177e4 | 892 | #endif |
3241ad82 | 893 | } |
1da177e4 | 894 | |
1da177e4 LT |
895 | return err; |
896 | } | |
897 | ||
898 | static int rfcomm_sock_shutdown(struct socket *sock, int how) | |
899 | { | |
900 | struct sock *sk = sock->sk; | |
901 | int err = 0; | |
902 | ||
903 | BT_DBG("sock %p, sk %p", sock, sk); | |
904 | ||
905 | if (!sk) return 0; | |
906 | ||
907 | lock_sock(sk); | |
908 | if (!sk->sk_shutdown) { | |
909 | sk->sk_shutdown = SHUTDOWN_MASK; | |
910 | __rfcomm_sock_close(sk); | |
911 | ||
912 | if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) | |
913 | err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); | |
914 | } | |
915 | release_sock(sk); | |
916 | return err; | |
917 | } | |
918 | ||
919 | static int rfcomm_sock_release(struct socket *sock) | |
920 | { | |
921 | struct sock *sk = sock->sk; | |
922 | int err; | |
923 | ||
924 | BT_DBG("sock %p, sk %p", sock, sk); | |
925 | ||
926 | if (!sk) | |
927 | return 0; | |
928 | ||
929 | err = rfcomm_sock_shutdown(sock, 2); | |
930 | ||
931 | sock_orphan(sk); | |
932 | rfcomm_sock_kill(sk); | |
933 | return err; | |
934 | } | |
935 | ||
8e87d142 | 936 | /* ---- RFCOMM core layer callbacks ---- |
1da177e4 LT |
937 | * |
938 | * called under rfcomm_lock() | |
939 | */ | |
940 | int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d) | |
941 | { | |
942 | struct sock *sk, *parent; | |
943 | bdaddr_t src, dst; | |
944 | int result = 0; | |
945 | ||
946 | BT_DBG("session %p channel %d", s, channel); | |
947 | ||
948 | rfcomm_session_getaddr(s, &src, &dst); | |
949 | ||
950 | /* Check if we have socket listening on channel */ | |
951 | parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src); | |
952 | if (!parent) | |
953 | return 0; | |
954 | ||
955 | /* Check for backlog size */ | |
956 | if (sk_acceptq_is_full(parent)) { | |
8e87d142 | 957 | BT_DBG("backlog full %d", parent->sk_ack_backlog); |
1da177e4 LT |
958 | goto done; |
959 | } | |
960 | ||
3b1e0a65 | 961 | sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC); |
1da177e4 LT |
962 | if (!sk) |
963 | goto done; | |
964 | ||
965 | rfcomm_sock_init(sk, parent); | |
966 | bacpy(&bt_sk(sk)->src, &src); | |
967 | bacpy(&bt_sk(sk)->dst, &dst); | |
968 | rfcomm_pi(sk)->channel = channel; | |
969 | ||
970 | sk->sk_state = BT_CONFIG; | |
971 | bt_accept_enqueue(parent, sk); | |
972 | ||
973 | /* Accept connection and return socket DLC */ | |
974 | *d = rfcomm_pi(sk)->dlc; | |
975 | result = 1; | |
976 | ||
977 | done: | |
978 | bh_unlock_sock(parent); | |
bb23c0ab MH |
979 | |
980 | if (bt_sk(parent)->defer_setup) | |
981 | parent->sk_state_change(parent); | |
982 | ||
1da177e4 LT |
983 | return result; |
984 | } | |
985 | ||
be9d1227 | 986 | static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) |
1da177e4 LT |
987 | { |
988 | struct sock *sk; | |
989 | struct hlist_node *node; | |
be9d1227 | 990 | char *str = buf; |
1da177e4 LT |
991 | |
992 | read_lock_bh(&rfcomm_sk_list.lock); | |
993 | ||
be9d1227 MH |
994 | sk_for_each(sk, node, &rfcomm_sk_list.head) { |
995 | str += sprintf(str, "%s %s %d %d\n", | |
996 | batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), | |
997 | sk->sk_state, rfcomm_pi(sk)->channel); | |
998 | } | |
1da177e4 | 999 | |
1da177e4 | 1000 | read_unlock_bh(&rfcomm_sk_list.lock); |
1da177e4 | 1001 | |
be9d1227 | 1002 | return (str - buf); |
1da177e4 LT |
1003 | } |
1004 | ||
be9d1227 | 1005 | static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); |
1da177e4 | 1006 | |
90ddc4f0 | 1007 | static const struct proto_ops rfcomm_sock_ops = { |
1da177e4 LT |
1008 | .family = PF_BLUETOOTH, |
1009 | .owner = THIS_MODULE, | |
1010 | .release = rfcomm_sock_release, | |
1011 | .bind = rfcomm_sock_bind, | |
1012 | .connect = rfcomm_sock_connect, | |
1013 | .listen = rfcomm_sock_listen, | |
1014 | .accept = rfcomm_sock_accept, | |
1015 | .getname = rfcomm_sock_getname, | |
1016 | .sendmsg = rfcomm_sock_sendmsg, | |
1017 | .recvmsg = rfcomm_sock_recvmsg, | |
1018 | .shutdown = rfcomm_sock_shutdown, | |
1019 | .setsockopt = rfcomm_sock_setsockopt, | |
1020 | .getsockopt = rfcomm_sock_getsockopt, | |
1021 | .ioctl = rfcomm_sock_ioctl, | |
1022 | .poll = bt_sock_poll, | |
1023 | .socketpair = sock_no_socketpair, | |
1024 | .mmap = sock_no_mmap | |
1025 | }; | |
1026 | ||
1027 | static struct net_proto_family rfcomm_sock_family_ops = { | |
1028 | .family = PF_BLUETOOTH, | |
1029 | .owner = THIS_MODULE, | |
1030 | .create = rfcomm_sock_create | |
1031 | }; | |
1032 | ||
be9d1227 | 1033 | int __init rfcomm_init_sockets(void) |
1da177e4 LT |
1034 | { |
1035 | int err; | |
1036 | ||
1037 | err = proto_register(&rfcomm_proto, 0); | |
1038 | if (err < 0) | |
1039 | return err; | |
1040 | ||
1041 | err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops); | |
1042 | if (err < 0) | |
1043 | goto error; | |
1044 | ||
df5c37ea MH |
1045 | if (class_create_file(bt_class, &class_attr_rfcomm) < 0) |
1046 | BT_ERR("Failed to create RFCOMM info file"); | |
1da177e4 LT |
1047 | |
1048 | BT_INFO("RFCOMM socket layer initialized"); | |
1049 | ||
1050 | return 0; | |
1051 | ||
1052 | error: | |
1053 | BT_ERR("RFCOMM socket layer registration failed"); | |
1054 | proto_unregister(&rfcomm_proto); | |
1055 | return err; | |
1056 | } | |
1057 | ||
1058 | void __exit rfcomm_cleanup_sockets(void) | |
1059 | { | |
a91f2e39 | 1060 | class_remove_file(bt_class, &class_attr_rfcomm); |
1da177e4 LT |
1061 | |
1062 | if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) | |
1063 | BT_ERR("RFCOMM socket layer unregistration failed"); | |
1064 | ||
1065 | proto_unregister(&rfcomm_proto); | |
1066 | } |