]> git.ipfire.org Git - people/ms/linux.git/blame - net/bluetooth/rfcomm/sock.c
projects / people / ms / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Acquire sk_lock.slock without disabling interrupts
[people/ms/linux.git] / net / bluetooth / rfcomm / sock.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
1da177e4 26 */
7d60a7a6 27#include <linux/compat.h>
8c520a59 28#include <linux/export.h>
aef7d97c 29#include <linux/debugfs.h>
174cd4b1 30#include <linux/sched/signal.h>
1da177e4
LT		 31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/rfcomm.h>
36
90ddc4f0 37static const struct proto_ops rfcomm_sock_ops;
1da177e4
LT		 38
39static struct bt_sock_list rfcomm_sk_list = {
d5fb2962 40 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
1da177e4
LT		 41};
42
43static void rfcomm_sock_close(struct sock *sk);
44static void rfcomm_sock_kill(struct sock *sk);
45
46/* ---- DLC callbacks ----
47 *
48 * called under rfcomm_dlc_lock()
49 */
50static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
51{
52 struct sock *sk = d->owner;
53 if (!sk)
54 return;
55
56 atomic_add(skb->len, &sk->sk_rmem_alloc);
57 skb_queue_tail(&sk->sk_receive_queue, skb);
676d2369 58 sk->sk_data_ready(sk);
1da177e4
LT		 59
60 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
61 rfcomm_dlc_throttle(d);
62}
63
64static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
65{
66 struct sock *sk = d->owner, *parent;
fad003b6 67
1da177e4
LT		 68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
e6da0edc 73 spin_lock_bh(&sk->sk_lock.slock);
1da177e4
LT		 74
75 if (err)
76 sk->sk_err = err;
77
78 sk->sk_state = d->state;
79
80 parent = bt_sk(sk)->parent;
81 if (parent) {
82 if (d->state == BT_CLOSED) {
83 sock_set_flag(sk, SOCK_ZAPPED);
84 bt_accept_unlink(sk);
85 }
676d2369 86 parent->sk_data_ready(parent);
1da177e4
LT		 87 } else {
88 if (d->state == BT_CONNECTED)
94a86df0
MH		 89 rfcomm_session_getaddr(d->session,
90 &rfcomm_pi(sk)->src, NULL);
1da177e4
LT		 91 sk->sk_state_change(sk);
92 }
93
e6da0edc 94 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 95
96 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
97 /* We have to drop DLC lock here, otherwise
98 * rfcomm_sock_destruct() will dead lock. */
99 rfcomm_dlc_unlock(d);
100 rfcomm_sock_kill(sk);
101 rfcomm_dlc_lock(d);
102 }
103}
104
105/* ---- Socket functions ---- */
b1765e7a 106static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
1da177e4
LT		 107{
108 struct sock *sk = NULL;
1da177e4 109
b67bfe0d 110 sk_for_each(sk, &rfcomm_sk_list.head) {
b1765e7a
AK		 111 if (rfcomm_pi(sk)->channel != channel)
112 continue;
113
114 if (bacmp(&rfcomm_pi(sk)->src, src))
115 continue;
116
117 if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
1da177e4
LT		 118 break;
119 }
120
b67bfe0d 121 return sk ? sk : NULL;
1da177e4
LT		 122}
123
124/* Find socket with channel and source bdaddr.
125 * Returns closest match.
126 */
eeb36656 127static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
1da177e4
LT		 128{
129 struct sock *sk = NULL, *sk1 = NULL;
1da177e4 130
eeb36656
GP		 131 read_lock(&rfcomm_sk_list.lock);
132
b67bfe0d 133 sk_for_each(sk, &rfcomm_sk_list.head) {
1da177e4
LT		 134 if (state && sk->sk_state != state)
135 continue;
136
137 if (rfcomm_pi(sk)->channel == channel) {
138 /* Exact match. */
94a86df0 139 if (!bacmp(&rfcomm_pi(sk)->src, src))
1da177e4
LT		 140 break;
141
142 /* Closest match */
94a86df0 143 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
1da177e4
LT		 144 sk1 = sk;
145 }
146 }
1da177e4 147
1da177e4 148 read_unlock(&rfcomm_sk_list.lock);
eeb36656 149
b67bfe0d 150 return sk ? sk : sk1;
1da177e4
LT		 151}
152
153static void rfcomm_sock_destruct(struct sock *sk)
154{
155 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
156
157 BT_DBG("sk %p dlc %p", sk, d);
158
159 skb_queue_purge(&sk->sk_receive_queue);
160 skb_queue_purge(&sk->sk_write_queue);
161
162 rfcomm_dlc_lock(d);
163 rfcomm_pi(sk)->dlc = NULL;
164
165 /* Detach DLC if it's owned by this socket */
166 if (d->owner == sk)
167 d->owner = NULL;
168 rfcomm_dlc_unlock(d);
169
170 rfcomm_dlc_put(d);
171}
172
173static void rfcomm_sock_cleanup_listen(struct sock *parent)
174{
175 struct sock *sk;
176
177 BT_DBG("parent %p", parent);
178
179 /* Close not yet accepted dlcs */
180 while ((sk = bt_accept_dequeue(parent, NULL))) {
181 rfcomm_sock_close(sk);
182 rfcomm_sock_kill(sk);
183 }
184
185 parent->sk_state = BT_CLOSED;
186 sock_set_flag(parent, SOCK_ZAPPED);
187}
188
189/* Kill socket (only if zapped and orphan)
190 * Must be called on unlocked socket.
191 */
192static void rfcomm_sock_kill(struct sock *sk)
193{
194 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
195 return;
196
41c6d650 197 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, refcount_read(&sk->sk_refcnt));
1da177e4
LT		 198
199 /* Kill poor orphan */
200 bt_sock_unlink(&rfcomm_sk_list, sk);
201 sock_set_flag(sk, SOCK_DEAD);
202 sock_put(sk);
203}
204
205static void __rfcomm_sock_close(struct sock *sk)
206{
207 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
208
209 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
210
211 switch (sk->sk_state) {
212 case BT_LISTEN:
213 rfcomm_sock_cleanup_listen(sk);
214 break;
215
216 case BT_CONNECT:
217 case BT_CONNECT2:
218 case BT_CONFIG:
219 case BT_CONNECTED:
220 rfcomm_dlc_close(d, 0);
9ea47132 221 /* fall through */
1da177e4
LT		 222
223 default:
224 sock_set_flag(sk, SOCK_ZAPPED);
225 break;
226 }
227}
228
229/* Close socket.
230 * Must be called on unlocked socket.
231 */
232static void rfcomm_sock_close(struct sock *sk)
233{
234 lock_sock(sk);
235 __rfcomm_sock_close(sk);
236 release_sock(sk);
237}
238
239static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
240{
241 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
242
243 BT_DBG("sk %p", sk);
244
245 if (parent) {
246 sk->sk_type = parent->sk_type;
c5daa683
GP		 247 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
248 &bt_sk(parent)->flags);
9f2c8a03
MH		 249
250 pi->sec_level = rfcomm_pi(parent)->sec_level;
251 pi->role_switch = rfcomm_pi(parent)->role_switch;
6230c9b4
PM		 252
253 security_sk_clone(parent, sk);
1da177e4 254 } else {
bb23c0ab 255 pi->dlc->defer_setup = 0;
9f2c8a03
MH		 256
257 pi->sec_level = BT_SECURITY_LOW;
258 pi->role_switch = 0;
1da177e4
LT		 259 }
260
9f2c8a03
MH		 261 pi->dlc->sec_level = pi->sec_level;
262 pi->dlc->role_switch = pi->role_switch;
1da177e4
LT		 263}
264
265static struct proto rfcomm_proto = {
266 .name = "RFCOMM",
267 .owner = THIS_MODULE,
268 .obj_size = sizeof(struct rfcomm_pinfo)
269};
270
11aa9c28 271static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
1da177e4
LT		 272{
273 struct rfcomm_dlc *d;
274 struct sock *sk;
275
11aa9c28 276 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
1da177e4
LT		 277 if (!sk)
278 return NULL;
279
280 sock_init_data(sock, sk);
281 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
282
283 d = rfcomm_dlc_alloc(prio);
284 if (!d) {
285 sk_free(sk);
286 return NULL;
287 }
288
289 d->data_ready = rfcomm_sk_data_ready;
290 d->state_change = rfcomm_sk_state_change;
291
292 rfcomm_pi(sk)->dlc = d;
293 d->owner = sk;
294
295 sk->sk_destruct = rfcomm_sock_destruct;
296 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
297
77db1980
MH		 298 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
299 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
1da177e4
LT		 300
301 sock_reset_flag(sk, SOCK_ZAPPED);
302
303 sk->sk_protocol = proto;
77db1980 304 sk->sk_state = BT_OPEN;
1da177e4
LT		 305
306 bt_sock_link(&rfcomm_sk_list, sk);
307
308 BT_DBG("sk %p", sk);
309 return sk;
310}
311
3f378b68
EP		 312static int rfcomm_sock_create(struct net *net, struct socket *sock,
313 int protocol, int kern)
1da177e4
LT		 314{
315 struct sock *sk;
316
317 BT_DBG("sock %p", sock);
318
319 sock->state = SS_UNCONNECTED;
320
321 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
322 return -ESOCKTNOSUPPORT;
323
324 sock->ops = &rfcomm_sock_ops;
325
11aa9c28 326 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC, kern);
74da626a 327 if (!sk)
1da177e4
LT		 328 return -ENOMEM;
329
330 rfcomm_sock_init(sk, NULL);
331 return 0;
332}
333
334static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
335{
951b6a07 336 struct sockaddr_rc sa;
1da177e4 337 struct sock *sk = sock->sk;
951b6a07 338 int len, err = 0;
1da177e4 339
d2ecfa76
MJ		 340 if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) ||
341 addr->sa_family != AF_BLUETOOTH)
1da177e4
LT		 342 return -EINVAL;
343
951b6a07
JK		 344 memset(&sa, 0, sizeof(sa));
345 len = min_t(unsigned int, sizeof(sa), addr_len);
346 memcpy(&sa, addr, len);
347
348 BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr);
349
1da177e4
LT		 350 lock_sock(sk);
351
352 if (sk->sk_state != BT_OPEN) {
353 err = -EBADFD;
354 goto done;
355 }
356
354d28d5
MH		 357 if (sk->sk_type != SOCK_STREAM) {
358 err = -EINVAL;
359 goto done;
360 }
361
95ca83f4 362 write_lock(&rfcomm_sk_list.lock);
1da177e4 363
951b6a07
JK		 364 if (sa.rc_channel &&
365 __rfcomm_get_listen_sock_by_addr(sa.rc_channel, &sa.rc_bdaddr)) {
1da177e4
LT		 366 err = -EADDRINUSE;
367 } else {
368 /* Save source address */
951b6a07
JK		 369 bacpy(&rfcomm_pi(sk)->src, &sa.rc_bdaddr);
370 rfcomm_pi(sk)->channel = sa.rc_channel;
1da177e4
LT		 371 sk->sk_state = BT_BOUND;
372 }
373
95ca83f4 374 write_unlock(&rfcomm_sk_list.lock);
1da177e4
LT		 375
376done:
377 release_sock(sk);
378 return err;
379}
380
381static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
382{
383 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
384 struct sock *sk = sock->sk;
385 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
386 int err = 0;
387
388 BT_DBG("sk %p", sk);
389
6503d961
CG		 390 if (alen < sizeof(struct sockaddr_rc) ||
391 addr->sa_family != AF_BLUETOOTH)
1da177e4
LT		 392 return -EINVAL;
393
354d28d5 394 lock_sock(sk);
1da177e4 395
354d28d5
MH		 396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
397 err = -EBADFD;
398 goto done;
399 }
1da177e4 400
354d28d5
MH		 401 if (sk->sk_type != SOCK_STREAM) {
402 err = -EINVAL;
403 goto done;
404 }
1da177e4
LT		 405
406 sk->sk_state = BT_CONNECT;
94a86df0 407 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
1da177e4
LT		 408 rfcomm_pi(sk)->channel = sa->rc_channel;
409
9f2c8a03
MH		 410 d->sec_level = rfcomm_pi(sk)->sec_level;
411 d->role_switch = rfcomm_pi(sk)->role_switch;
77db1980 412
94a86df0
MH		 413 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
414 sa->rc_channel);
1da177e4
LT		 415 if (!err)
416 err = bt_sock_wait_state(sk, BT_CONNECTED,
417 sock_sndtimeo(sk, flags & O_NONBLOCK));
418
354d28d5 419done:
1da177e4
LT		 420 release_sock(sk);
421 return err;
422}
423
424static int rfcomm_sock_listen(struct socket *sock, int backlog)
425{
426 struct sock *sk = sock->sk;
427 int err = 0;
428
429 BT_DBG("sk %p backlog %d", sk, backlog);
430
431 lock_sock(sk);
432
433 if (sk->sk_state != BT_BOUND) {
434 err = -EBADFD;
435 goto done;
436 }
437
354d28d5
MH		 438 if (sk->sk_type != SOCK_STREAM) {
439 err = -EINVAL;
440 goto done;
441 }
442
1da177e4 443 if (!rfcomm_pi(sk)->channel) {
94a86df0 444 bdaddr_t *src = &rfcomm_pi(sk)->src;
1da177e4
LT		 445 u8 channel;
446
447 err = -EINVAL;
448
95ca83f4 449 write_lock(&rfcomm_sk_list.lock);
1da177e4
LT		 450
451 for (channel = 1; channel < 31; channel++)
b1765e7a 452 if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
1da177e4
LT		 453 rfcomm_pi(sk)->channel = channel;
454 err = 0;
455 break;
456 }
457
95ca83f4 458 write_unlock(&rfcomm_sk_list.lock);
1da177e4
LT		 459
460 if (err < 0)
461 goto done;
462 }
463
464 sk->sk_max_ack_backlog = backlog;
465 sk->sk_ack_backlog = 0;
466 sk->sk_state = BT_LISTEN;
467
468done:
469 release_sock(sk);
470 return err;
471}
472
cdfbabfb
DH		 473static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags,
474 bool kern)
1da177e4 475{
dfb2fae7 476 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1da177e4
LT		 477 struct sock *sk = sock->sk, *nsk;
478 long timeo;
479 int err = 0;
480
dc2a0e20 481 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4 482
354d28d5
MH		 483 if (sk->sk_type != SOCK_STREAM) {
484 err = -EINVAL;
485 goto done;
486 }
487
1da177e4
LT		 488 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
489
490 BT_DBG("sk %p timeo %ld", sk, timeo);
491
492 /* Wait for an incoming connection. (wake-one). */
aa395145 493 add_wait_queue_exclusive(sk_sleep(sk), &wait);
950e2d51 494 while (1) {
950e2d51
PH		 495 if (sk->sk_state != BT_LISTEN) {
496 err = -EBADFD;
1da177e4
LT		 497 break;
498 }
499
950e2d51
PH		 500 nsk = bt_accept_dequeue(sk, newsock);
501 if (nsk)
502 break;
1da177e4 503
950e2d51
PH		 504 if (!timeo) {
505 err = -EAGAIN;
1da177e4
LT		 506 break;
507 }
508
509 if (signal_pending(current)) {
510 err = sock_intr_errno(timeo);
511 break;
512 }
950e2d51
PH		 513
514 release_sock(sk);
dfb2fae7
PH		 515
516 timeo = wait_woken(&wait, TASK_INTERRUPTIBLE, timeo);
517
dc2a0e20 518 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1da177e4 519 }
aa395145 520 remove_wait_queue(sk_sleep(sk), &wait);
1da177e4
LT		 521
522 if (err)
523 goto done;
524
525 newsock->state = SS_CONNECTED;
526
527 BT_DBG("new socket %p", nsk);
528
529done:
530 release_sock(sk);
531 return err;
532}
533
9b2c45d4 534static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int peer)
1da177e4
LT		 535{
536 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
537 struct sock *sk = sock->sk;
538
539 BT_DBG("sock %p, sk %p", sock, sk);
540
e8b1ab9e
JH		 541 if (peer && sk->sk_state != BT_CONNECTED &&
542 sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
35364c99
JH		 543 return -ENOTCONN;
544
9344a972 545 memset(sa, 0, sizeof(*sa));
1da177e4
LT		 546 sa->rc_family = AF_BLUETOOTH;
547 sa->rc_channel = rfcomm_pi(sk)->channel;
548 if (peer)
94a86df0 549 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
1da177e4 550 else
94a86df0 551 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
1da177e4 552
9b2c45d4 553 return sizeof(struct sockaddr_rc);
1da177e4
LT		 554}
555
1b784140
YX		 556static int rfcomm_sock_sendmsg(struct socket *sock, struct msghdr *msg,
557 size_t len)
1da177e4
LT		 558{
559 struct sock *sk = sock->sk;
560 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
561 struct sk_buff *skb;
e793dcf0 562 int sent;
1da177e4 563
bb23c0ab
MH		 564 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
565 return -ENOTCONN;
566
1da177e4
LT		 567 if (msg->msg_flags & MSG_OOB)
568 return -EOPNOTSUPP;
569
570 if (sk->sk_shutdown & SEND_SHUTDOWN)
571 return -EPIPE;
572
573 BT_DBG("sock %p, sk %p", sock, sk);
574
575 lock_sock(sk);
576
e793dcf0
JH		 577 sent = bt_sock_wait_ready(sk, msg->msg_flags);
578 if (sent)
579 goto done;
580
1da177e4
LT		 581 while (len) {
582 size_t size = min_t(size_t, len, d->mtu);
4d6a2188 583 int err;
8e87d142 584
1da177e4
LT		 585 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
586 msg->msg_flags & MSG_DONTWAIT, &err);
91aa35a5
VS		 587 if (!skb) {
588 if (sent == 0)
589 sent = err;
1da177e4 590 break;
91aa35a5 591 }
1da177e4
LT		 592 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
593
6ce8e9ce 594 err = memcpy_from_msg(skb_put(skb, size), msg, size);
1da177e4
LT		 595 if (err) {
596 kfree_skb(skb);
4d6a2188
MH		 597 if (sent == 0)
598 sent = err;
1da177e4
LT		 599 break;
600 }
601
262038fc
LAD		 602 skb->priority = sk->sk_priority;
603
1da177e4
LT		 604 err = rfcomm_dlc_send(d, skb);
605 if (err < 0) {
606 kfree_skb(skb);
4d6a2188
MH		 607 if (sent == 0)
608 sent = err;
1da177e4
LT		 609 break;
610 }
611
612 sent += size;
613 len -= size;
614 }
615
e793dcf0 616done:
1da177e4
LT		 617 release_sock(sk);
618
4d6a2188 619 return sent;
1da177e4
LT		 620}
621
1b784140
YX		 622static int rfcomm_sock_recvmsg(struct socket *sock, struct msghdr *msg,
623 size_t size, int flags)
1da177e4
LT		 624{
625 struct sock *sk = sock->sk;
bb23c0ab 626 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
3d7d01df 627 int len;
1da177e4 628
bb23c0ab
MH		 629 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
630 rfcomm_dlc_accept(d);
631 return 0;
632 }
633
1b784140 634 len = bt_sock_stream_recvmsg(sock, msg, size, flags);
1da177e4
LT		 635
636 lock_sock(sk);
3d7d01df
MM		 637 if (!(flags & MSG_PEEK) && len > 0)
638 atomic_sub(len, &sk->sk_rmem_alloc);
1da177e4 639
1da177e4
LT		 640 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
641 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
1da177e4 642 release_sock(sk);
3d7d01df
MM		 643
644 return len;
1da177e4
LT		 645}
646
b7058842 647static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1da177e4
LT		 648{
649 struct sock *sk = sock->sk;
650 int err = 0;
651 u32 opt;
652
653 BT_DBG("sk %p", sk);
654
655 lock_sock(sk);
656
657 switch (optname) {
658 case RFCOMM_LM:
659 if (get_user(opt, (u32 __user *) optval)) {
660 err = -EFAULT;
661 break;
662 }
663
2c068e0b
MH		 664 if (opt & RFCOMM_LM_FIPS) {
665 err = -EINVAL;
666 break;
667 }
668
9f2c8a03
MH		 669 if (opt & RFCOMM_LM_AUTH)
670 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
671 if (opt & RFCOMM_LM_ENCRYPT)
672 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
673 if (opt & RFCOMM_LM_SECURE)
674 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
675
676 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
1da177e4
LT		 677 break;
678
679 default:
680 err = -ENOPROTOOPT;
681 break;
682 }
683
684 release_sock(sk);
685 return err;
686}
687
b7058842 688static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
d58daf42
MH		 689{
690 struct sock *sk = sock->sk;
9f2c8a03 691 struct bt_security sec;
d0fad89d
SB		 692 int err = 0;
693 size_t len;
bb23c0ab 694 u32 opt;
d58daf42
MH		 695
696 BT_DBG("sk %p", sk);
697
698 if (level == SOL_RFCOMM)
699 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
700
0588d94f
MH		 701 if (level != SOL_BLUETOOTH)
702 return -ENOPROTOOPT;
703
d58daf42
MH		 704 lock_sock(sk);
705
706 switch (optname) {
9f2c8a03 707 case BT_SECURITY:
0588d94f
MH		 708 if (sk->sk_type != SOCK_STREAM) {
709 err = -EINVAL;
710 break;
711 }
712
9f2c8a03
MH		 713 sec.level = BT_SECURITY_LOW;
714
715 len = min_t(unsigned int, sizeof(sec), optlen);
716 if (copy_from_user((char *) &sec, optval, len)) {
717 err = -EFAULT;
718 break;
719 }
720
721 if (sec.level > BT_SECURITY_HIGH) {
722 err = -EINVAL;
723 break;
724 }
725
726 rfcomm_pi(sk)->sec_level = sec.level;
727 break;
728
bb23c0ab
MH		 729 case BT_DEFER_SETUP:
730 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
731 err = -EINVAL;
732 break;
733 }
734
735 if (get_user(opt, (u32 __user *) optval)) {
736 err = -EFAULT;
737 break;
738 }
739
c5daa683
GP		 740 if (opt)
741 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
742 else
743 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
744
bb23c0ab
MH		 745 break;
746
d58daf42
MH		 747 default:
748 err = -ENOPROTOOPT;
749 break;
750 }
751
752 release_sock(sk);
753 return err;
754}
755
756static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1da177e4
LT		 757{
758 struct sock *sk = sock->sk;
60c7a3c9
MH		 759 struct sock *l2cap_sk;
760 struct l2cap_conn *conn;
1da177e4
LT		 761 struct rfcomm_conninfo cinfo;
762 int len, err = 0;
9f2c8a03 763 u32 opt;
1da177e4
LT		 764
765 BT_DBG("sk %p", sk);
766
767 if (get_user(len, optlen))
768 return -EFAULT;
769
770 lock_sock(sk);
771
772 switch (optname) {
773 case RFCOMM_LM:
9f2c8a03
MH		 774 switch (rfcomm_pi(sk)->sec_level) {
775 case BT_SECURITY_LOW:
776 opt = RFCOMM_LM_AUTH;
777 break;
778 case BT_SECURITY_MEDIUM:
779 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
780 break;
781 case BT_SECURITY_HIGH:
782 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
2c068e0b
MH		 783 RFCOMM_LM_SECURE;
784 break;
785 case BT_SECURITY_FIPS:
786 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
787 RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
9f2c8a03
MH		 788 break;
789 default:
790 opt = 0;
791 break;
792 }
793
794 if (rfcomm_pi(sk)->role_switch)
795 opt |= RFCOMM_LM_MASTER;
796
797 if (put_user(opt, (u32 __user *) optval))
1da177e4 798 err = -EFAULT;
2c068e0b 799
1da177e4
LT		 800 break;
801
802 case RFCOMM_CONNINFO:
bb23c0ab
MH		 803 if (sk->sk_state != BT_CONNECTED &&
804 !rfcomm_pi(sk)->dlc->defer_setup) {
1da177e4
LT		 805 err = -ENOTCONN;
806 break;
807 }
808
60c7a3c9
MH		 809 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
810 conn = l2cap_pi(l2cap_sk)->chan->conn;
811
8d03e971 812 memset(&cinfo, 0, sizeof(cinfo));
8c1d787b
GP		 813 cinfo.hci_handle = conn->hcon->handle;
814 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
1da177e4
LT		 815
816 len = min_t(unsigned int, len, sizeof(cinfo));
817 if (copy_to_user(optval, (char *) &cinfo, len))
818 err = -EFAULT;
819
820 break;
821
822 default:
823 err = -ENOPROTOOPT;
824 break;
825 }
826
827 release_sock(sk);
d58daf42
MH		 828 return err;
829}
830
831static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
832{
833 struct sock *sk = sock->sk;
9f2c8a03 834 struct bt_security sec;
d58daf42
MH		 835 int len, err = 0;
836
837 BT_DBG("sk %p", sk);
838
839 if (level == SOL_RFCOMM)
840 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
841
0588d94f
MH		 842 if (level != SOL_BLUETOOTH)
843 return -ENOPROTOOPT;
844
d58daf42
MH		 845 if (get_user(len, optlen))
846 return -EFAULT;
847
848 lock_sock(sk);
849
850 switch (optname) {
9f2c8a03 851 case BT_SECURITY:
0588d94f
MH		 852 if (sk->sk_type != SOCK_STREAM) {
853 err = -EINVAL;
854 break;
855 }
856
9f2c8a03 857 sec.level = rfcomm_pi(sk)->sec_level;
9ad2de43 858 sec.key_size = 0;
9f2c8a03
MH		 859
860 len = min_t(unsigned int, len, sizeof(sec));
861 if (copy_to_user(optval, (char *) &sec, len))
862 err = -EFAULT;
863
864 break;
865
bb23c0ab
MH		 866 case BT_DEFER_SETUP:
867 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
868 err = -EINVAL;
869 break;
870 }
871
c5daa683
GP		 872 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
873 (u32 __user *) optval))
bb23c0ab
MH		 874 err = -EFAULT;
875
876 break;
877
d58daf42
MH		 878 default:
879 err = -ENOPROTOOPT;
880 break;
881 }
882
883 release_sock(sk);
1da177e4
LT		 884 return err;
885}
886
887static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
888{
e19caae7 889 struct sock *sk __maybe_unused = sock->sk;
1da177e4
LT		 890 int err;
891
e19caae7 892 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
1da177e4 893
3241ad82 894 err = bt_sock_ioctl(sock, cmd, arg);
1da177e4 895
3241ad82 896 if (err == -ENOIOCTLCMD) {
1da177e4 897#ifdef CONFIG_BT_RFCOMM_TTY
3241ad82
MH		 898 lock_sock(sk);
899 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
900 release_sock(sk);
1da177e4 901#else
3241ad82 902 err = -EOPNOTSUPP;
1da177e4 903#endif
3241ad82 904 }
1da177e4 905
1da177e4
LT		 906 return err;
907}
908
7d60a7a6
AB		 909#ifdef CONFIG_COMPAT
910static int rfcomm_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
911{
912 return rfcomm_sock_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
913}
914#endif
915
1da177e4
LT		 916static int rfcomm_sock_shutdown(struct socket *sock, int how)
917{
918 struct sock *sk = sock->sk;
919 int err = 0;
920
921 BT_DBG("sock %p, sk %p", sock, sk);
922
285b4e90
AE		 923 if (!sk)
924 return 0;
1da177e4
LT		 925
926 lock_sock(sk);
927 if (!sk->sk_shutdown) {
928 sk->sk_shutdown = SHUTDOWN_MASK;
929 __rfcomm_sock_close(sk);
930
093facf3
VD		 931 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
932 !(current->flags & PF_EXITING))
1da177e4
LT		 933 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
934 }
935 release_sock(sk);
936 return err;
937}
938
939static int rfcomm_sock_release(struct socket *sock)
940{
941 struct sock *sk = sock->sk;
942 int err;
943
944 BT_DBG("sock %p, sk %p", sock, sk);
945
946 if (!sk)
947 return 0;
948
949 err = rfcomm_sock_shutdown(sock, 2);
950
951 sock_orphan(sk);
952 rfcomm_sock_kill(sk);
953 return err;
954}
955
8e87d142 956/* ---- RFCOMM core layer callbacks ----
1da177e4
LT		 957 *
958 * called under rfcomm_lock()
959 */
960int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
961{
962 struct sock *sk, *parent;
963 bdaddr_t src, dst;
964 int result = 0;
965
966 BT_DBG("session %p channel %d", s, channel);
967
968 rfcomm_session_getaddr(s, &src, &dst);
969
970 /* Check if we have socket listening on channel */
971 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
972 if (!parent)
973 return 0;
974
eeb36656
GP		 975 bh_lock_sock(parent);
976
1da177e4
LT		 977 /* Check for backlog size */
978 if (sk_acceptq_is_full(parent)) {
8e87d142 979 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 980 goto done;
981 }
982
11aa9c28 983 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC, 0);
1da177e4
LT		 984 if (!sk)
985 goto done;
986
b5a30dda
OP		 987 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
988
1da177e4 989 rfcomm_sock_init(sk, parent);
94a86df0
MH		 990 bacpy(&rfcomm_pi(sk)->src, &src);
991 bacpy(&rfcomm_pi(sk)->dst, &dst);
1da177e4
LT		 992 rfcomm_pi(sk)->channel = channel;
993
994 sk->sk_state = BT_CONFIG;
c4f5627f 995 bt_accept_enqueue(parent, sk, true);
1da177e4
LT		 996
997 /* Accept connection and return socket DLC */
998 *d = rfcomm_pi(sk)->dlc;
999 result = 1;
1000
1001done:
1002 bh_unlock_sock(parent);
bb23c0ab 1003
c5daa683 1004 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
bb23c0ab
MH		 1005 parent->sk_state_change(parent);
1006
1da177e4
LT		 1007 return result;
1008}
1009
aef7d97c 1010static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1da177e4
LT		 1011{
1012 struct sock *sk;
1da177e4 1013
95ca83f4 1014 read_lock(&rfcomm_sk_list.lock);
1da177e4 1015
b67bfe0d 1016 sk_for_each(sk, &rfcomm_sk_list.head) {
fcb73338 1017 seq_printf(f, "%pMR %pMR %d %d\n",
94a86df0 1018 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
fcb73338 1019 sk->sk_state, rfcomm_pi(sk)->channel);
be9d1227 1020 }
1da177e4 1021
95ca83f4 1022 read_unlock(&rfcomm_sk_list.lock);
1da177e4 1023
aef7d97c 1024 return 0;
1da177e4
LT		 1025}
1026
8e2924e3 1027DEFINE_SHOW_ATTRIBUTE(rfcomm_sock_debugfs);
aef7d97c
MH		 1028
1029static struct dentry *rfcomm_sock_debugfs;
1da177e4 1030
90ddc4f0 1031static const struct proto_ops rfcomm_sock_ops = {
1da177e4
LT		 1032 .family = PF_BLUETOOTH,
1033 .owner = THIS_MODULE,
1034 .release = rfcomm_sock_release,
1035 .bind = rfcomm_sock_bind,
1036 .connect = rfcomm_sock_connect,
1037 .listen = rfcomm_sock_listen,
1038 .accept = rfcomm_sock_accept,
1039 .getname = rfcomm_sock_getname,
1040 .sendmsg = rfcomm_sock_sendmsg,
1041 .recvmsg = rfcomm_sock_recvmsg,
1042 .shutdown = rfcomm_sock_shutdown,
1043 .setsockopt = rfcomm_sock_setsockopt,
1044 .getsockopt = rfcomm_sock_getsockopt,
1045 .ioctl = rfcomm_sock_ioctl,
c7cbdbf2 1046 .gettstamp = sock_gettstamp,
a11e1d43 1047 .poll = bt_sock_poll,
1da177e4 1048 .socketpair = sock_no_socketpair,
7d60a7a6
AB		 1049 .mmap = sock_no_mmap,
1050#ifdef CONFIG_COMPAT
1051 .compat_ioctl = rfcomm_sock_compat_ioctl,
1052#endif
1da177e4
LT		 1053};
1054
ec1b4cf7 1055static const struct net_proto_family rfcomm_sock_family_ops = {
1da177e4
LT		 1056 .family = PF_BLUETOOTH,
1057 .owner = THIS_MODULE,
1058 .create = rfcomm_sock_create
1059};
1060
be9d1227 1061int __init rfcomm_init_sockets(void)
1da177e4
LT		 1062{
1063 int err;
1064
74b3fb8d
MH		 1065 BUILD_BUG_ON(sizeof(struct sockaddr_rc) > sizeof(struct sockaddr));
1066
1da177e4
LT		 1067 err = proto_register(&rfcomm_proto, 0);
1068 if (err < 0)
1069 return err;
1070
1071 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
c6f5df16
MY		 1072 if (err < 0) {
1073 BT_ERR("RFCOMM socket layer registration failed");
1074 goto error;
1075 }
1076
b0316615 1077 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
c6f5df16
MY		 1078 if (err < 0) {
1079 BT_ERR("Failed to create RFCOMM proc file");
1080 bt_sock_unregister(BTPROTO_RFCOMM);
1da177e4 1081 goto error;
c6f5df16 1082 }
1da177e4 1083
1da177e4
LT		 1084 BT_INFO("RFCOMM socket layer initialized");
1085
1120e4bf
MH		 1086 if (IS_ERR_OR_NULL(bt_debugfs))
1087 return 0;
1088
1089 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1090 bt_debugfs, NULL,
1091 &rfcomm_sock_debugfs_fops);
1092
1da177e4
LT		 1093 return 0;
1094
1095error:
1da177e4
LT		 1096 proto_unregister(&rfcomm_proto);
1097 return err;
1098}
1099
2f8362af 1100void __exit rfcomm_cleanup_sockets(void)
1da177e4 1101{
c6f5df16
MY		 1102 bt_procfs_cleanup(&init_net, "rfcomm");
1103
aef7d97c 1104 debugfs_remove(rfcomm_sock_debugfs);
1da177e4 1105
5e9d7f86 1106 bt_sock_unregister(BTPROTO_RFCOMM);
1da177e4
LT		 1107
1108 proto_unregister(&rfcomm_proto);
1109}
Michael's Linux tree.