search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix a kmap leak in virtio_console
[linux/fpc-iii.git] / net / bluetooth / rfcomm / sock.c
blob3c2d3e4aa2f58a271bea6632451edd21b92668a9
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM sockets.
26 */
27
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/rfcomm.h>
35
36 static const struct proto_ops rfcomm_sock_ops;
37
38 static struct bt_sock_list rfcomm_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40 };
41
42 static void rfcomm_sock_close(struct sock *sk);
43 static void rfcomm_sock_kill(struct sock *sk);
44
45 /* ---- DLC callbacks ----
46 *
47 * called under rfcomm_dlc_lock()
48 */
49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50 {
51 struct sock *sk = d->owner;
52 if (!sk)
53 return;
54
55 atomic_add(skb->len, &sk->sk_rmem_alloc);
56 skb_queue_tail(&sk->sk_receive_queue, skb);
57 sk->sk_data_ready(sk, skb->len);
58
59 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60 rfcomm_dlc_throttle(d);
61 }
62
63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64 {
65 struct sock *sk = d->owner, *parent;
66 unsigned long flags;
67
68 if (!sk)
69 return;
70
71 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73 local_irq_save(flags);
74 bh_lock_sock(sk);
75
76 if (err)
77 sk->sk_err = err;
78
79 sk->sk_state = d->state;
80
81 parent = bt_sk(sk)->parent;
82 if (parent) {
83 if (d->state == BT_CLOSED) {
84 sock_set_flag(sk, SOCK_ZAPPED);
85 bt_accept_unlink(sk);
86 }
87 parent->sk_data_ready(parent, 0);
88 } else {
89 if (d->state == BT_CONNECTED)
90 rfcomm_session_getaddr(d->session,
91 &rfcomm_pi(sk)->src, NULL);
92 sk->sk_state_change(sk);
93 }
94
95 bh_unlock_sock(sk);
96 local_irq_restore(flags);
97
98 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
99 /* We have to drop DLC lock here, otherwise
100 * rfcomm_sock_destruct() will dead lock. */
101 rfcomm_dlc_unlock(d);
102 rfcomm_sock_kill(sk);
103 rfcomm_dlc_lock(d);
104 }
105 }
106
107 /* ---- Socket functions ---- */
108 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
109 {
110 struct sock *sk = NULL;
111
112 sk_for_each(sk, &rfcomm_sk_list.head) {
113 if (rfcomm_pi(sk)->channel == channel &&
114 !bacmp(&rfcomm_pi(sk)->src, src))
115 break;
116 }
117
118 return sk ? sk : NULL;
119 }
120
121 /* Find socket with channel and source bdaddr.
122 * Returns closest match.
123 */
124 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
125 {
126 struct sock *sk = NULL, *sk1 = NULL;
127
128 read_lock(&rfcomm_sk_list.lock);
129
130 sk_for_each(sk, &rfcomm_sk_list.head) {
131 if (state && sk->sk_state != state)
132 continue;
133
134 if (rfcomm_pi(sk)->channel == channel) {
135 /* Exact match. */
136 if (!bacmp(&rfcomm_pi(sk)->src, src))
137 break;
138
139 /* Closest match */
140 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
141 sk1 = sk;
142 }
143 }
144
145 read_unlock(&rfcomm_sk_list.lock);
146
147 return sk ? sk : sk1;
148 }
149
150 static void rfcomm_sock_destruct(struct sock *sk)
151 {
152 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
153
154 BT_DBG("sk %p dlc %p", sk, d);
155
156 skb_queue_purge(&sk->sk_receive_queue);
157 skb_queue_purge(&sk->sk_write_queue);
158
159 rfcomm_dlc_lock(d);
160 rfcomm_pi(sk)->dlc = NULL;
161
162 /* Detach DLC if it's owned by this socket */
163 if (d->owner == sk)
164 d->owner = NULL;
165 rfcomm_dlc_unlock(d);
166
167 rfcomm_dlc_put(d);
168 }
169
170 static void rfcomm_sock_cleanup_listen(struct sock *parent)
171 {
172 struct sock *sk;
173
174 BT_DBG("parent %p", parent);
175
176 /* Close not yet accepted dlcs */
177 while ((sk = bt_accept_dequeue(parent, NULL))) {
178 rfcomm_sock_close(sk);
179 rfcomm_sock_kill(sk);
180 }
181
182 parent->sk_state = BT_CLOSED;
183 sock_set_flag(parent, SOCK_ZAPPED);
184 }
185
186 /* Kill socket (only if zapped and orphan)
187 * Must be called on unlocked socket.
188 */
189 static void rfcomm_sock_kill(struct sock *sk)
190 {
191 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
192 return;
193
194 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
195
196 /* Kill poor orphan */
197 bt_sock_unlink(&rfcomm_sk_list, sk);
198 sock_set_flag(sk, SOCK_DEAD);
199 sock_put(sk);
200 }
201
202 static void __rfcomm_sock_close(struct sock *sk)
203 {
204 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
205
206 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
207
208 switch (sk->sk_state) {
209 case BT_LISTEN:
210 rfcomm_sock_cleanup_listen(sk);
211 break;
212
213 case BT_CONNECT:
214 case BT_CONNECT2:
215 case BT_CONFIG:
216 case BT_CONNECTED:
217 rfcomm_dlc_close(d, 0);
218
219 default:
220 sock_set_flag(sk, SOCK_ZAPPED);
221 break;
222 }
223 }
224
225 /* Close socket.
226 * Must be called on unlocked socket.
227 */
228 static void rfcomm_sock_close(struct sock *sk)
229 {
230 lock_sock(sk);
231 __rfcomm_sock_close(sk);
232 release_sock(sk);
233 }
234
235 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
236 {
237 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
238
239 BT_DBG("sk %p", sk);
240
241 if (parent) {
242 sk->sk_type = parent->sk_type;
243 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
244 &bt_sk(parent)->flags);
245
246 pi->sec_level = rfcomm_pi(parent)->sec_level;
247 pi->role_switch = rfcomm_pi(parent)->role_switch;
248
249 security_sk_clone(parent, sk);
250 } else {
251 pi->dlc->defer_setup = 0;
252
253 pi->sec_level = BT_SECURITY_LOW;
254 pi->role_switch = 0;
255 }
256
257 pi->dlc->sec_level = pi->sec_level;
258 pi->dlc->role_switch = pi->role_switch;
259 }
260
261 static struct proto rfcomm_proto = {
262 .name = "RFCOMM",
263 .owner = THIS_MODULE,
264 .obj_size = sizeof(struct rfcomm_pinfo)
265 };
266
267 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
268 {
269 struct rfcomm_dlc *d;
270 struct sock *sk;
271
272 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
273 if (!sk)
274 return NULL;
275
276 sock_init_data(sock, sk);
277 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
278
279 d = rfcomm_dlc_alloc(prio);
280 if (!d) {
281 sk_free(sk);
282 return NULL;
283 }
284
285 d->data_ready = rfcomm_sk_data_ready;
286 d->state_change = rfcomm_sk_state_change;
287
288 rfcomm_pi(sk)->dlc = d;
289 d->owner = sk;
290
291 sk->sk_destruct = rfcomm_sock_destruct;
292 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
293
294 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
295 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
296
297 sock_reset_flag(sk, SOCK_ZAPPED);
298
299 sk->sk_protocol = proto;
300 sk->sk_state = BT_OPEN;
301
302 bt_sock_link(&rfcomm_sk_list, sk);
303
304 BT_DBG("sk %p", sk);
305 return sk;
306 }
307
308 static int rfcomm_sock_create(struct net *net, struct socket *sock,
309 int protocol, int kern)
310 {
311 struct sock *sk;
312
313 BT_DBG("sock %p", sock);
314
315 sock->state = SS_UNCONNECTED;
316
317 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
318 return -ESOCKTNOSUPPORT;
319
320 sock->ops = &rfcomm_sock_ops;
321
322 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
323 if (!sk)
324 return -ENOMEM;
325
326 rfcomm_sock_init(sk, NULL);
327 return 0;
328 }
329
330 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
331 {
332 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
333 struct sock *sk = sock->sk;
334 int err = 0;
335
336 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
337
338 if (!addr || addr->sa_family != AF_BLUETOOTH)
339 return -EINVAL;
340
341 lock_sock(sk);
342
343 if (sk->sk_state != BT_OPEN) {
344 err = -EBADFD;
345 goto done;
346 }
347
348 if (sk->sk_type != SOCK_STREAM) {
349 err = -EINVAL;
350 goto done;
351 }
352
353 write_lock(&rfcomm_sk_list.lock);
354
355 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
356 err = -EADDRINUSE;
357 } else {
358 /* Save source address */
359 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr);
360 rfcomm_pi(sk)->channel = sa->rc_channel;
361 sk->sk_state = BT_BOUND;
362 }
363
364 write_unlock(&rfcomm_sk_list.lock);
365
366 done:
367 release_sock(sk);
368 return err;
369 }
370
371 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
372 {
373 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
374 struct sock *sk = sock->sk;
375 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
376 int err = 0;
377
378 BT_DBG("sk %p", sk);
379
380 if (alen < sizeof(struct sockaddr_rc) ||
381 addr->sa_family != AF_BLUETOOTH)
382 return -EINVAL;
383
384 lock_sock(sk);
385
386 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
387 err = -EBADFD;
388 goto done;
389 }
390
391 if (sk->sk_type != SOCK_STREAM) {
392 err = -EINVAL;
393 goto done;
394 }
395
396 sk->sk_state = BT_CONNECT;
397 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
398 rfcomm_pi(sk)->channel = sa->rc_channel;
399
400 d->sec_level = rfcomm_pi(sk)->sec_level;
401 d->role_switch = rfcomm_pi(sk)->role_switch;
402
403 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
404 sa->rc_channel);
405 if (!err)
406 err = bt_sock_wait_state(sk, BT_CONNECTED,
407 sock_sndtimeo(sk, flags & O_NONBLOCK));
408
409 done:
410 release_sock(sk);
411 return err;
412 }
413
414 static int rfcomm_sock_listen(struct socket *sock, int backlog)
415 {
416 struct sock *sk = sock->sk;
417 int err = 0;
418
419 BT_DBG("sk %p backlog %d", sk, backlog);
420
421 lock_sock(sk);
422
423 if (sk->sk_state != BT_BOUND) {
424 err = -EBADFD;
425 goto done;
426 }
427
428 if (sk->sk_type != SOCK_STREAM) {
429 err = -EINVAL;
430 goto done;
431 }
432
433 if (!rfcomm_pi(sk)->channel) {
434 bdaddr_t *src = &rfcomm_pi(sk)->src;
435 u8 channel;
436
437 err = -EINVAL;
438
439 write_lock(&rfcomm_sk_list.lock);
440
441 for (channel = 1; channel < 31; channel++)
442 if (!__rfcomm_get_sock_by_addr(channel, src)) {
443 rfcomm_pi(sk)->channel = channel;
444 err = 0;
445 break;
446 }
447
448 write_unlock(&rfcomm_sk_list.lock);
449
450 if (err < 0)
451 goto done;
452 }
453
454 sk->sk_max_ack_backlog = backlog;
455 sk->sk_ack_backlog = 0;
456 sk->sk_state = BT_LISTEN;
457
458 done:
459 release_sock(sk);
460 return err;
461 }
462
463 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
464 {
465 DECLARE_WAITQUEUE(wait, current);
466 struct sock *sk = sock->sk, *nsk;
467 long timeo;
468 int err = 0;
469
470 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
471
472 if (sk->sk_type != SOCK_STREAM) {
473 err = -EINVAL;
474 goto done;
475 }
476
477 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
478
479 BT_DBG("sk %p timeo %ld", sk, timeo);
480
481 /* Wait for an incoming connection. (wake-one). */
482 add_wait_queue_exclusive(sk_sleep(sk), &wait);
483 while (1) {
484 set_current_state(TASK_INTERRUPTIBLE);
485
486 if (sk->sk_state != BT_LISTEN) {
487 err = -EBADFD;
488 break;
489 }
490
491 nsk = bt_accept_dequeue(sk, newsock);
492 if (nsk)
493 break;
494
495 if (!timeo) {
496 err = -EAGAIN;
497 break;
498 }
499
500 if (signal_pending(current)) {
501 err = sock_intr_errno(timeo);
502 break;
503 }
504
505 release_sock(sk);
506 timeo = schedule_timeout(timeo);
507 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
508 }
509 __set_current_state(TASK_RUNNING);
510 remove_wait_queue(sk_sleep(sk), &wait);
511
512 if (err)
513 goto done;
514
515 newsock->state = SS_CONNECTED;
516
517 BT_DBG("new socket %p", nsk);
518
519 done:
520 release_sock(sk);
521 return err;
522 }
523
524 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
525 {
526 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
527 struct sock *sk = sock->sk;
528
529 BT_DBG("sock %p, sk %p", sock, sk);
530
531 memset(sa, 0, sizeof(*sa));
532 sa->rc_family = AF_BLUETOOTH;
533 sa->rc_channel = rfcomm_pi(sk)->channel;
534 if (peer)
535 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
536 else
537 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
538
539 *len = sizeof(struct sockaddr_rc);
540 return 0;
541 }
542
543 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
544 struct msghdr *msg, size_t len)
545 {
546 struct sock *sk = sock->sk;
547 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
548 struct sk_buff *skb;
549 int sent;
550
551 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
552 return -ENOTCONN;
553
554 if (msg->msg_flags & MSG_OOB)
555 return -EOPNOTSUPP;
556
557 if (sk->sk_shutdown & SEND_SHUTDOWN)
558 return -EPIPE;
559
560 BT_DBG("sock %p, sk %p", sock, sk);
561
562 lock_sock(sk);
563
564 sent = bt_sock_wait_ready(sk, msg->msg_flags);
565 if (sent)
566 goto done;
567
568 while (len) {
569 size_t size = min_t(size_t, len, d->mtu);
570 int err;
571
572 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
573 msg->msg_flags & MSG_DONTWAIT, &err);
574 if (!skb) {
575 if (sent == 0)
576 sent = err;
577 break;
578 }
579 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
580
581 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
582 if (err) {
583 kfree_skb(skb);
584 if (sent == 0)
585 sent = err;
586 break;
587 }
588
589 skb->priority = sk->sk_priority;
590
591 err = rfcomm_dlc_send(d, skb);
592 if (err < 0) {
593 kfree_skb(skb);
594 if (sent == 0)
595 sent = err;
596 break;
597 }
598
599 sent += size;
600 len -= size;
601 }
602
603 done:
604 release_sock(sk);
605
606 return sent;
607 }
608
609 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
610 struct msghdr *msg, size_t size, int flags)
611 {
612 struct sock *sk = sock->sk;
613 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
614 int len;
615
616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617 rfcomm_dlc_accept(d);
618 return 0;
619 }
620
621 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
622
623 lock_sock(sk);
624 if (!(flags & MSG_PEEK) && len > 0)
625 atomic_sub(len, &sk->sk_rmem_alloc);
626
627 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
628 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
629 release_sock(sk);
630
631 return len;
632 }
633
634 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
635 {
636 struct sock *sk = sock->sk;
637 int err = 0;
638 u32 opt;
639
640 BT_DBG("sk %p", sk);
641
642 lock_sock(sk);
643
644 switch (optname) {
645 case RFCOMM_LM:
646 if (get_user(opt, (u32 __user *) optval)) {
647 err = -EFAULT;
648 break;
649 }
650
651 if (opt & RFCOMM_LM_AUTH)
652 rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
653 if (opt & RFCOMM_LM_ENCRYPT)
654 rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
655 if (opt & RFCOMM_LM_SECURE)
656 rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
657
658 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
659 break;
660
661 default:
662 err = -ENOPROTOOPT;
663 break;
664 }
665
666 release_sock(sk);
667 return err;
668 }
669
670 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
671 {
672 struct sock *sk = sock->sk;
673 struct bt_security sec;
674 int err = 0;
675 size_t len;
676 u32 opt;
677
678 BT_DBG("sk %p", sk);
679
680 if (level == SOL_RFCOMM)
681 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
682
683 if (level != SOL_BLUETOOTH)
684 return -ENOPROTOOPT;
685
686 lock_sock(sk);
687
688 switch (optname) {
689 case BT_SECURITY:
690 if (sk->sk_type != SOCK_STREAM) {
691 err = -EINVAL;
692 break;
693 }
694
695 sec.level = BT_SECURITY_LOW;
696
697 len = min_t(unsigned int, sizeof(sec), optlen);
698 if (copy_from_user((char *) &sec, optval, len)) {
699 err = -EFAULT;
700 break;
701 }
702
703 if (sec.level > BT_SECURITY_HIGH) {
704 err = -EINVAL;
705 break;
706 }
707
708 rfcomm_pi(sk)->sec_level = sec.level;
709 break;
710
711 case BT_DEFER_SETUP:
712 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
713 err = -EINVAL;
714 break;
715 }
716
717 if (get_user(opt, (u32 __user *) optval)) {
718 err = -EFAULT;
719 break;
720 }
721
722 if (opt)
723 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
724 else
725 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
726
727 break;
728
729 default:
730 err = -ENOPROTOOPT;
731 break;
732 }
733
734 release_sock(sk);
735 return err;
736 }
737
738 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
739 {
740 struct sock *sk = sock->sk;
741 struct sock *l2cap_sk;
742 struct l2cap_conn *conn;
743 struct rfcomm_conninfo cinfo;
744 int len, err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
748
749 if (get_user(len, optlen))
750 return -EFAULT;
751
752 lock_sock(sk);
753
754 switch (optname) {
755 case RFCOMM_LM:
756 switch (rfcomm_pi(sk)->sec_level) {
757 case BT_SECURITY_LOW:
758 opt = RFCOMM_LM_AUTH;
759 break;
760 case BT_SECURITY_MEDIUM:
761 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
762 break;
763 case BT_SECURITY_HIGH:
764 opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
765 RFCOMM_LM_SECURE;
766 break;
767 default:
768 opt = 0;
769 break;
770 }
771
772 if (rfcomm_pi(sk)->role_switch)
773 opt |= RFCOMM_LM_MASTER;
774
775 if (put_user(opt, (u32 __user *) optval))
776 err = -EFAULT;
777 break;
778
779 case RFCOMM_CONNINFO:
780 if (sk->sk_state != BT_CONNECTED &&
781 !rfcomm_pi(sk)->dlc->defer_setup) {
782 err = -ENOTCONN;
783 break;
784 }
785
786 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
787 conn = l2cap_pi(l2cap_sk)->chan->conn;
788
789 memset(&cinfo, 0, sizeof(cinfo));
790 cinfo.hci_handle = conn->hcon->handle;
791 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
792
793 len = min_t(unsigned int, len, sizeof(cinfo));
794 if (copy_to_user(optval, (char *) &cinfo, len))
795 err = -EFAULT;
796
797 break;
798
799 default:
800 err = -ENOPROTOOPT;
801 break;
802 }
803
804 release_sock(sk);
805 return err;
806 }
807
808 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
809 {
810 struct sock *sk = sock->sk;
811 struct bt_security sec;
812 int len, err = 0;
813
814 BT_DBG("sk %p", sk);
815
816 if (level == SOL_RFCOMM)
817 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
818
819 if (level != SOL_BLUETOOTH)
820 return -ENOPROTOOPT;
821
822 if (get_user(len, optlen))
823 return -EFAULT;
824
825 lock_sock(sk);
826
827 switch (optname) {
828 case BT_SECURITY:
829 if (sk->sk_type != SOCK_STREAM) {
830 err = -EINVAL;
831 break;
832 }
833
834 sec.level = rfcomm_pi(sk)->sec_level;
835 sec.key_size = 0;
836
837 len = min_t(unsigned int, len, sizeof(sec));
838 if (copy_to_user(optval, (char *) &sec, len))
839 err = -EFAULT;
840
841 break;
842
843 case BT_DEFER_SETUP:
844 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
845 err = -EINVAL;
846 break;
847 }
848
849 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
850 (u32 __user *) optval))
851 err = -EFAULT;
852
853 break;
854
855 default:
856 err = -ENOPROTOOPT;
857 break;
858 }
859
860 release_sock(sk);
861 return err;
862 }
863
864 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
865 {
866 struct sock *sk __maybe_unused = sock->sk;
867 int err;
868
869 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
870
871 err = bt_sock_ioctl(sock, cmd, arg);
872
873 if (err == -ENOIOCTLCMD) {
874 #ifdef CONFIG_BT_RFCOMM_TTY
875 lock_sock(sk);
876 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
877 release_sock(sk);
878 #else
879 err = -EOPNOTSUPP;
880 #endif
881 }
882
883 return err;
884 }
885
886 static int rfcomm_sock_shutdown(struct socket *sock, int how)
887 {
888 struct sock *sk = sock->sk;
889 int err = 0;
890
891 BT_DBG("sock %p, sk %p", sock, sk);
892
893 if (!sk)
894 return 0;
895
896 lock_sock(sk);
897 if (!sk->sk_shutdown) {
898 sk->sk_shutdown = SHUTDOWN_MASK;
899 __rfcomm_sock_close(sk);
900
901 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
902 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
903 }
904 release_sock(sk);
905 return err;
906 }
907
908 static int rfcomm_sock_release(struct socket *sock)
909 {
910 struct sock *sk = sock->sk;
911 int err;
912
913 BT_DBG("sock %p, sk %p", sock, sk);
914
915 if (!sk)
916 return 0;
917
918 err = rfcomm_sock_shutdown(sock, 2);
919
920 sock_orphan(sk);
921 rfcomm_sock_kill(sk);
922 return err;
923 }
924
925 /* ---- RFCOMM core layer callbacks ----
926 *
927 * called under rfcomm_lock()
928 */
929 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
930 {
931 struct sock *sk, *parent;
932 bdaddr_t src, dst;
933 int result = 0;
934
935 BT_DBG("session %p channel %d", s, channel);
936
937 rfcomm_session_getaddr(s, &src, &dst);
938
939 /* Check if we have socket listening on channel */
940 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
941 if (!parent)
942 return 0;
943
944 bh_lock_sock(parent);
945
946 /* Check for backlog size */
947 if (sk_acceptq_is_full(parent)) {
948 BT_DBG("backlog full %d", parent->sk_ack_backlog);
949 goto done;
950 }
951
952 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
953 if (!sk)
954 goto done;
955
956 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
957
958 rfcomm_sock_init(sk, parent);
959 bacpy(&rfcomm_pi(sk)->src, &src);
960 bacpy(&rfcomm_pi(sk)->dst, &dst);
961 rfcomm_pi(sk)->channel = channel;
962
963 sk->sk_state = BT_CONFIG;
964 bt_accept_enqueue(parent, sk);
965
966 /* Accept connection and return socket DLC */
967 *d = rfcomm_pi(sk)->dlc;
968 result = 1;
969
970 done:
971 bh_unlock_sock(parent);
972
973 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
974 parent->sk_state_change(parent);
975
976 return result;
977 }
978
979 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
980 {
981 struct sock *sk;
982
983 read_lock(&rfcomm_sk_list.lock);
984
985 sk_for_each(sk, &rfcomm_sk_list.head) {
986 seq_printf(f, "%pMR %pMR %d %d\n",
987 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
988 sk->sk_state, rfcomm_pi(sk)->channel);
989 }
990
991 read_unlock(&rfcomm_sk_list.lock);
992
993 return 0;
994 }
995
996 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
997 {
998 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
999 }
1000
1001 static const struct file_operations rfcomm_sock_debugfs_fops = {
1002 .open = rfcomm_sock_debugfs_open,
1003 .read = seq_read,
1004 .llseek = seq_lseek,
1005 .release = single_release,
1006 };
1007
1008 static struct dentry *rfcomm_sock_debugfs;
1009
1010 static const struct proto_ops rfcomm_sock_ops = {
1011 .family = PF_BLUETOOTH,
1012 .owner = THIS_MODULE,
1013 .release = rfcomm_sock_release,
1014 .bind = rfcomm_sock_bind,
1015 .connect = rfcomm_sock_connect,
1016 .listen = rfcomm_sock_listen,
1017 .accept = rfcomm_sock_accept,
1018 .getname = rfcomm_sock_getname,
1019 .sendmsg = rfcomm_sock_sendmsg,
1020 .recvmsg = rfcomm_sock_recvmsg,
1021 .shutdown = rfcomm_sock_shutdown,
1022 .setsockopt = rfcomm_sock_setsockopt,
1023 .getsockopt = rfcomm_sock_getsockopt,
1024 .ioctl = rfcomm_sock_ioctl,
1025 .poll = bt_sock_poll,
1026 .socketpair = sock_no_socketpair,
1027 .mmap = sock_no_mmap
1028 };
1029
1030 static const struct net_proto_family rfcomm_sock_family_ops = {
1031 .family = PF_BLUETOOTH,
1032 .owner = THIS_MODULE,
1033 .create = rfcomm_sock_create
1034 };
1035
1036 int __init rfcomm_init_sockets(void)
1037 {
1038 int err;
1039
1040 err = proto_register(&rfcomm_proto, 0);
1041 if (err < 0)
1042 return err;
1043
1044 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1045 if (err < 0) {
1046 BT_ERR("RFCOMM socket layer registration failed");
1047 goto error;
1048 }
1049
1050 err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
1051 if (err < 0) {
1052 BT_ERR("Failed to create RFCOMM proc file");
1053 bt_sock_unregister(BTPROTO_RFCOMM);
1054 goto error;
1055 }
1056
1057 BT_INFO("RFCOMM socket layer initialized");
1058
1059 if (IS_ERR_OR_NULL(bt_debugfs))
1060 return 0;
1061
1062 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1063 bt_debugfs, NULL,
1064 &rfcomm_sock_debugfs_fops);
1065
1066 return 0;
1067
1068 error:
1069 proto_unregister(&rfcomm_proto);
1070 return err;
1071 }
1072
1073 void __exit rfcomm_cleanup_sockets(void)
1074 {
1075 bt_procfs_cleanup(&init_net, "rfcomm");
1076
1077 debugfs_remove(rfcomm_sock_debugfs);
1078
1079 bt_sock_unregister(BTPROTO_RFCOMM);
1080
1081 proto_unregister(&rfcomm_proto);
1082 }
Linux with added FPC-III support