Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg...
[pandora-kernel.git] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47
48 #include <net/bluetooth/bluetooth.h>
49 #include <net/bluetooth/hci_core.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
52
53 static const struct proto_ops rfcomm_sock_ops;
54
55 static struct bt_sock_list rfcomm_sk_list = {
56         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
57 };
58
59 static void rfcomm_sock_close(struct sock *sk);
60 static void rfcomm_sock_kill(struct sock *sk);
61
62 /* ---- DLC callbacks ----
63  *
64  * called under rfcomm_dlc_lock()
65  */
66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
67 {
68         struct sock *sk = d->owner;
69         if (!sk)
70                 return;
71
72         atomic_add(skb->len, &sk->sk_rmem_alloc);
73         skb_queue_tail(&sk->sk_receive_queue, skb);
74         sk->sk_data_ready(sk, skb->len);
75
76         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
77                 rfcomm_dlc_throttle(d);
78 }
79
80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
81 {
82         struct sock *sk = d->owner, *parent;
83         if (!sk)
84                 return;
85
86         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
87
88         bh_lock_sock(sk);
89
90         if (err)
91                 sk->sk_err = err;
92
93         sk->sk_state = d->state;
94
95         parent = bt_sk(sk)->parent;
96         if (parent) {
97                 if (d->state == BT_CLOSED) {
98                         sock_set_flag(sk, SOCK_ZAPPED);
99                         bt_accept_unlink(sk);
100                 }
101                 parent->sk_data_ready(parent, 0);
102         } else {
103                 if (d->state == BT_CONNECTED)
104                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
105                 sk->sk_state_change(sk);
106         }
107
108         bh_unlock_sock(sk);
109
110         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
111                 /* We have to drop DLC lock here, otherwise
112                  * rfcomm_sock_destruct() will dead lock. */
113                 rfcomm_dlc_unlock(d);
114                 rfcomm_sock_kill(sk);
115                 rfcomm_dlc_lock(d);
116         }
117 }
118
119 /* ---- Socket functions ---- */
120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
121 {
122         struct sock *sk = NULL;
123         struct hlist_node *node;
124
125         sk_for_each(sk, node, &rfcomm_sk_list.head) {
126                 if (rfcomm_pi(sk)->channel == channel &&
127                                 !bacmp(&bt_sk(sk)->src, src))
128                         break;
129         }
130
131         return node ? sk : NULL;
132 }
133
134 /* Find socket with channel and source bdaddr.
135  * Returns closest match.
136  */
137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
138 {
139         struct sock *sk = NULL, *sk1 = NULL;
140         struct hlist_node *node;
141
142         sk_for_each(sk, node, &rfcomm_sk_list.head) {
143                 if (state && sk->sk_state != state)
144                         continue;
145
146                 if (rfcomm_pi(sk)->channel == channel) {
147                         /* Exact match. */
148                         if (!bacmp(&bt_sk(sk)->src, src))
149                                 break;
150
151                         /* Closest match */
152                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
153                                 sk1 = sk;
154                 }
155         }
156         return node ? sk : sk1;
157 }
158
159 /* Find socket with given address (channel, src).
160  * Returns locked socket */
161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
162 {
163         struct sock *s;
164         read_lock(&rfcomm_sk_list.lock);
165         s = __rfcomm_get_sock_by_channel(state, channel, src);
166         if (s) bh_lock_sock(s);
167         read_unlock(&rfcomm_sk_list.lock);
168         return s;
169 }
170
171 static void rfcomm_sock_destruct(struct sock *sk)
172 {
173         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175         BT_DBG("sk %p dlc %p", sk, d);
176
177         skb_queue_purge(&sk->sk_receive_queue);
178         skb_queue_purge(&sk->sk_write_queue);
179
180         rfcomm_dlc_lock(d);
181         rfcomm_pi(sk)->dlc = NULL;
182
183         /* Detach DLC if it's owned by this socket */
184         if (d->owner == sk)
185                 d->owner = NULL;
186         rfcomm_dlc_unlock(d);
187
188         rfcomm_dlc_put(d);
189 }
190
191 static void rfcomm_sock_cleanup_listen(struct sock *parent)
192 {
193         struct sock *sk;
194
195         BT_DBG("parent %p", parent);
196
197         /* Close not yet accepted dlcs */
198         while ((sk = bt_accept_dequeue(parent, NULL))) {
199                 rfcomm_sock_close(sk);
200                 rfcomm_sock_kill(sk);
201         }
202
203         parent->sk_state  = BT_CLOSED;
204         sock_set_flag(parent, SOCK_ZAPPED);
205 }
206
207 /* Kill socket (only if zapped and orphan)
208  * Must be called on unlocked socket.
209  */
210 static void rfcomm_sock_kill(struct sock *sk)
211 {
212         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213                 return;
214
215         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217         /* Kill poor orphan */
218         bt_sock_unlink(&rfcomm_sk_list, sk);
219         sock_set_flag(sk, SOCK_DEAD);
220         sock_put(sk);
221 }
222
223 static void __rfcomm_sock_close(struct sock *sk)
224 {
225         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229         switch (sk->sk_state) {
230         case BT_LISTEN:
231                 rfcomm_sock_cleanup_listen(sk);
232                 break;
233
234         case BT_CONNECT:
235         case BT_CONNECT2:
236         case BT_CONFIG:
237         case BT_CONNECTED:
238                 rfcomm_dlc_close(d, 0);
239
240         default:
241                 sock_set_flag(sk, SOCK_ZAPPED);
242                 break;
243         }
244 }
245
246 /* Close socket.
247  * Must be called on unlocked socket.
248  */
249 static void rfcomm_sock_close(struct sock *sk)
250 {
251         lock_sock(sk);
252         __rfcomm_sock_close(sk);
253         release_sock(sk);
254 }
255
256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257 {
258         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260         BT_DBG("sk %p", sk);
261
262         if (parent) {
263                 sk->sk_type = parent->sk_type;
264                 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
265
266                 pi->sec_level = rfcomm_pi(parent)->sec_level;
267                 pi->role_switch = rfcomm_pi(parent)->role_switch;
268         } else {
269                 pi->dlc->defer_setup = 0;
270
271                 pi->sec_level = BT_SECURITY_LOW;
272                 pi->role_switch = 0;
273         }
274
275         pi->dlc->sec_level = pi->sec_level;
276         pi->dlc->role_switch = pi->role_switch;
277 }
278
279 static struct proto rfcomm_proto = {
280         .name           = "RFCOMM",
281         .owner          = THIS_MODULE,
282         .obj_size       = sizeof(struct rfcomm_pinfo)
283 };
284
285 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
286 {
287         struct rfcomm_dlc *d;
288         struct sock *sk;
289
290         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
291         if (!sk)
292                 return NULL;
293
294         sock_init_data(sock, sk);
295         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
296
297         d = rfcomm_dlc_alloc(prio);
298         if (!d) {
299                 sk_free(sk);
300                 return NULL;
301         }
302
303         d->data_ready   = rfcomm_sk_data_ready;
304         d->state_change = rfcomm_sk_state_change;
305
306         rfcomm_pi(sk)->dlc = d;
307         d->owner = sk;
308
309         sk->sk_destruct = rfcomm_sock_destruct;
310         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
311
312         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314
315         sock_reset_flag(sk, SOCK_ZAPPED);
316
317         sk->sk_protocol = proto;
318         sk->sk_state    = BT_OPEN;
319
320         bt_sock_link(&rfcomm_sk_list, sk);
321
322         BT_DBG("sk %p", sk);
323         return sk;
324 }
325
326 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
327 {
328         struct sock *sk;
329
330         BT_DBG("sock %p", sock);
331
332         sock->state = SS_UNCONNECTED;
333
334         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
335                 return -ESOCKTNOSUPPORT;
336
337         sock->ops = &rfcomm_sock_ops;
338
339         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340         if (!sk)
341                 return -ENOMEM;
342
343         rfcomm_sock_init(sk, NULL);
344         return 0;
345 }
346
347 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
348 {
349         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
350         struct sock *sk = sock->sk;
351         int err = 0;
352
353         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
354
355         if (!addr || addr->sa_family != AF_BLUETOOTH)
356                 return -EINVAL;
357
358         lock_sock(sk);
359
360         if (sk->sk_state != BT_OPEN) {
361                 err = -EBADFD;
362                 goto done;
363         }
364
365         if (sk->sk_type != SOCK_STREAM) {
366                 err = -EINVAL;
367                 goto done;
368         }
369
370         write_lock_bh(&rfcomm_sk_list.lock);
371
372         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
373                 err = -EADDRINUSE;
374         } else {
375                 /* Save source address */
376                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
377                 rfcomm_pi(sk)->channel = sa->rc_channel;
378                 sk->sk_state = BT_BOUND;
379         }
380
381         write_unlock_bh(&rfcomm_sk_list.lock);
382
383 done:
384         release_sock(sk);
385         return err;
386 }
387
388 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
389 {
390         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
391         struct sock *sk = sock->sk;
392         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
393         int err = 0;
394
395         BT_DBG("sk %p", sk);
396
397         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
398                 return -EINVAL;
399
400         lock_sock(sk);
401
402         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
403                 err = -EBADFD;
404                 goto done;
405         }
406
407         if (sk->sk_type != SOCK_STREAM) {
408                 err = -EINVAL;
409                 goto done;
410         }
411
412         sk->sk_state = BT_CONNECT;
413         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
414         rfcomm_pi(sk)->channel = sa->rc_channel;
415
416         d->sec_level = rfcomm_pi(sk)->sec_level;
417         d->role_switch = rfcomm_pi(sk)->role_switch;
418
419         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
420         if (!err)
421                 err = bt_sock_wait_state(sk, BT_CONNECTED,
422                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
423
424 done:
425         release_sock(sk);
426         return err;
427 }
428
429 static int rfcomm_sock_listen(struct socket *sock, int backlog)
430 {
431         struct sock *sk = sock->sk;
432         int err = 0;
433
434         BT_DBG("sk %p backlog %d", sk, backlog);
435
436         lock_sock(sk);
437
438         if (sk->sk_state != BT_BOUND) {
439                 err = -EBADFD;
440                 goto done;
441         }
442
443         if (sk->sk_type != SOCK_STREAM) {
444                 err = -EINVAL;
445                 goto done;
446         }
447
448         if (!rfcomm_pi(sk)->channel) {
449                 bdaddr_t *src = &bt_sk(sk)->src;
450                 u8 channel;
451
452                 err = -EINVAL;
453
454                 write_lock_bh(&rfcomm_sk_list.lock);
455
456                 for (channel = 1; channel < 31; channel++)
457                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
458                                 rfcomm_pi(sk)->channel = channel;
459                                 err = 0;
460                                 break;
461                         }
462
463                 write_unlock_bh(&rfcomm_sk_list.lock);
464
465                 if (err < 0)
466                         goto done;
467         }
468
469         sk->sk_max_ack_backlog = backlog;
470         sk->sk_ack_backlog = 0;
471         sk->sk_state = BT_LISTEN;
472
473 done:
474         release_sock(sk);
475         return err;
476 }
477
478 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
479 {
480         DECLARE_WAITQUEUE(wait, current);
481         struct sock *sk = sock->sk, *nsk;
482         long timeo;
483         int err = 0;
484
485         lock_sock(sk);
486
487         if (sk->sk_state != BT_LISTEN) {
488                 err = -EBADFD;
489                 goto done;
490         }
491
492         if (sk->sk_type != SOCK_STREAM) {
493                 err = -EINVAL;
494                 goto done;
495         }
496
497         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
498
499         BT_DBG("sk %p timeo %ld", sk, timeo);
500
501         /* Wait for an incoming connection. (wake-one). */
502         add_wait_queue_exclusive(sk->sk_sleep, &wait);
503         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
504                 set_current_state(TASK_INTERRUPTIBLE);
505                 if (!timeo) {
506                         err = -EAGAIN;
507                         break;
508                 }
509
510                 release_sock(sk);
511                 timeo = schedule_timeout(timeo);
512                 lock_sock(sk);
513
514                 if (sk->sk_state != BT_LISTEN) {
515                         err = -EBADFD;
516                         break;
517                 }
518
519                 if (signal_pending(current)) {
520                         err = sock_intr_errno(timeo);
521                         break;
522                 }
523         }
524         set_current_state(TASK_RUNNING);
525         remove_wait_queue(sk->sk_sleep, &wait);
526
527         if (err)
528                 goto done;
529
530         newsock->state = SS_CONNECTED;
531
532         BT_DBG("new socket %p", nsk);
533
534 done:
535         release_sock(sk);
536         return err;
537 }
538
539 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
540 {
541         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
542         struct sock *sk = sock->sk;
543
544         BT_DBG("sock %p, sk %p", sock, sk);
545
546         sa->rc_family  = AF_BLUETOOTH;
547         sa->rc_channel = rfcomm_pi(sk)->channel;
548         if (peer)
549                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
550         else
551                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
552
553         *len = sizeof(struct sockaddr_rc);
554         return 0;
555 }
556
557 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
558                                struct msghdr *msg, size_t len)
559 {
560         struct sock *sk = sock->sk;
561         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
562         struct sk_buff *skb;
563         int sent = 0;
564
565         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
566                 return -ENOTCONN;
567
568         if (msg->msg_flags & MSG_OOB)
569                 return -EOPNOTSUPP;
570
571         if (sk->sk_shutdown & SEND_SHUTDOWN)
572                 return -EPIPE;
573
574         BT_DBG("sock %p, sk %p", sock, sk);
575
576         lock_sock(sk);
577
578         while (len) {
579                 size_t size = min_t(size_t, len, d->mtu);
580                 int err;
581
582                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
583                                 msg->msg_flags & MSG_DONTWAIT, &err);
584                 if (!skb) {
585                         if (sent == 0)
586                                 sent = err;
587                         break;
588                 }
589                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
590
591                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
592                 if (err) {
593                         kfree_skb(skb);
594                         if (sent == 0)
595                                 sent = err;
596                         break;
597                 }
598
599                 err = rfcomm_dlc_send(d, skb);
600                 if (err < 0) {
601                         kfree_skb(skb);
602                         if (sent == 0)
603                                 sent = err;
604                         break;
605                 }
606
607                 sent += size;
608                 len  -= size;
609         }
610
611         release_sock(sk);
612
613         return sent;
614 }
615
616 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
617 {
618         DECLARE_WAITQUEUE(wait, current);
619
620         add_wait_queue(sk->sk_sleep, &wait);
621         for (;;) {
622                 set_current_state(TASK_INTERRUPTIBLE);
623
624                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
625                     sk->sk_err ||
626                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
627                     signal_pending(current) ||
628                     !timeo)
629                         break;
630
631                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
632                 release_sock(sk);
633                 timeo = schedule_timeout(timeo);
634                 lock_sock(sk);
635                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
636         }
637
638         __set_current_state(TASK_RUNNING);
639         remove_wait_queue(sk->sk_sleep, &wait);
640         return timeo;
641 }
642
643 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
644                                struct msghdr *msg, size_t size, int flags)
645 {
646         struct sock *sk = sock->sk;
647         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
648         int err = 0;
649         size_t target, copied = 0;
650         long timeo;
651
652         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
653                 rfcomm_dlc_accept(d);
654                 return 0;
655         }
656
657         if (flags & MSG_OOB)
658                 return -EOPNOTSUPP;
659
660         msg->msg_namelen = 0;
661
662         BT_DBG("sk %p size %zu", sk, size);
663
664         lock_sock(sk);
665
666         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
667         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
668
669         do {
670                 struct sk_buff *skb;
671                 int chunk;
672
673                 skb = skb_dequeue(&sk->sk_receive_queue);
674                 if (!skb) {
675                         if (copied >= target)
676                                 break;
677
678                         if ((err = sock_error(sk)) != 0)
679                                 break;
680                         if (sk->sk_shutdown & RCV_SHUTDOWN)
681                                 break;
682
683                         err = -EAGAIN;
684                         if (!timeo)
685                                 break;
686
687                         timeo = rfcomm_sock_data_wait(sk, timeo);
688
689                         if (signal_pending(current)) {
690                                 err = sock_intr_errno(timeo);
691                                 goto out;
692                         }
693                         continue;
694                 }
695
696                 chunk = min_t(unsigned int, skb->len, size);
697                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
698                         skb_queue_head(&sk->sk_receive_queue, skb);
699                         if (!copied)
700                                 copied = -EFAULT;
701                         break;
702                 }
703                 copied += chunk;
704                 size   -= chunk;
705
706                 sock_recv_timestamp(msg, sk, skb);
707
708                 if (!(flags & MSG_PEEK)) {
709                         atomic_sub(chunk, &sk->sk_rmem_alloc);
710
711                         skb_pull(skb, chunk);
712                         if (skb->len) {
713                                 skb_queue_head(&sk->sk_receive_queue, skb);
714                                 break;
715                         }
716                         kfree_skb(skb);
717
718                 } else {
719                         /* put message back and return */
720                         skb_queue_head(&sk->sk_receive_queue, skb);
721                         break;
722                 }
723         } while (size);
724
725 out:
726         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
727                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
728
729         release_sock(sk);
730         return copied ? : err;
731 }
732
733 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
734 {
735         struct sock *sk = sock->sk;
736         int err = 0;
737         u32 opt;
738
739         BT_DBG("sk %p", sk);
740
741         lock_sock(sk);
742
743         switch (optname) {
744         case RFCOMM_LM:
745                 if (get_user(opt, (u32 __user *) optval)) {
746                         err = -EFAULT;
747                         break;
748                 }
749
750                 if (opt & RFCOMM_LM_AUTH)
751                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
752                 if (opt & RFCOMM_LM_ENCRYPT)
753                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
754                 if (opt & RFCOMM_LM_SECURE)
755                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
756
757                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
758                 break;
759
760         default:
761                 err = -ENOPROTOOPT;
762                 break;
763         }
764
765         release_sock(sk);
766         return err;
767 }
768
769 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
770 {
771         struct sock *sk = sock->sk;
772         struct bt_security sec;
773         int len, err = 0;
774         u32 opt;
775
776         BT_DBG("sk %p", sk);
777
778         if (level == SOL_RFCOMM)
779                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
780
781         if (level != SOL_BLUETOOTH)
782                 return -ENOPROTOOPT;
783
784         lock_sock(sk);
785
786         switch (optname) {
787         case BT_SECURITY:
788                 if (sk->sk_type != SOCK_STREAM) {
789                         err = -EINVAL;
790                         break;
791                 }
792
793                 sec.level = BT_SECURITY_LOW;
794
795                 len = min_t(unsigned int, sizeof(sec), optlen);
796                 if (copy_from_user((char *) &sec, optval, len)) {
797                         err = -EFAULT;
798                         break;
799                 }
800
801                 if (sec.level > BT_SECURITY_HIGH) {
802                         err = -EINVAL;
803                         break;
804                 }
805
806                 rfcomm_pi(sk)->sec_level = sec.level;
807                 break;
808
809         case BT_DEFER_SETUP:
810                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
811                         err = -EINVAL;
812                         break;
813                 }
814
815                 if (get_user(opt, (u32 __user *) optval)) {
816                         err = -EFAULT;
817                         break;
818                 }
819
820                 bt_sk(sk)->defer_setup = opt;
821                 break;
822
823         default:
824                 err = -ENOPROTOOPT;
825                 break;
826         }
827
828         release_sock(sk);
829         return err;
830 }
831
832 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
833 {
834         struct sock *sk = sock->sk;
835         struct sock *l2cap_sk;
836         struct rfcomm_conninfo cinfo;
837         int len, err = 0;
838         u32 opt;
839
840         BT_DBG("sk %p", sk);
841
842         if (get_user(len, optlen))
843                 return -EFAULT;
844
845         lock_sock(sk);
846
847         switch (optname) {
848         case RFCOMM_LM:
849                 switch (rfcomm_pi(sk)->sec_level) {
850                 case BT_SECURITY_LOW:
851                         opt = RFCOMM_LM_AUTH;
852                         break;
853                 case BT_SECURITY_MEDIUM:
854                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
855                         break;
856                 case BT_SECURITY_HIGH:
857                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
858                                                         RFCOMM_LM_SECURE;
859                         break;
860                 default:
861                         opt = 0;
862                         break;
863                 }
864
865                 if (rfcomm_pi(sk)->role_switch)
866                         opt |= RFCOMM_LM_MASTER;
867
868                 if (put_user(opt, (u32 __user *) optval))
869                         err = -EFAULT;
870                 break;
871
872         case RFCOMM_CONNINFO:
873                 if (sk->sk_state != BT_CONNECTED &&
874                                         !rfcomm_pi(sk)->dlc->defer_setup) {
875                         err = -ENOTCONN;
876                         break;
877                 }
878
879                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
880
881                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
882                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
883
884                 len = min_t(unsigned int, len, sizeof(cinfo));
885                 if (copy_to_user(optval, (char *) &cinfo, len))
886                         err = -EFAULT;
887
888                 break;
889
890         default:
891                 err = -ENOPROTOOPT;
892                 break;
893         }
894
895         release_sock(sk);
896         return err;
897 }
898
899 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
900 {
901         struct sock *sk = sock->sk;
902         struct bt_security sec;
903         int len, err = 0;
904
905         BT_DBG("sk %p", sk);
906
907         if (level == SOL_RFCOMM)
908                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
909
910         if (level != SOL_BLUETOOTH)
911                 return -ENOPROTOOPT;
912
913         if (get_user(len, optlen))
914                 return -EFAULT;
915
916         lock_sock(sk);
917
918         switch (optname) {
919         case BT_SECURITY:
920                 if (sk->sk_type != SOCK_STREAM) {
921                         err = -EINVAL;
922                         break;
923                 }
924
925                 sec.level = rfcomm_pi(sk)->sec_level;
926
927                 len = min_t(unsigned int, len, sizeof(sec));
928                 if (copy_to_user(optval, (char *) &sec, len))
929                         err = -EFAULT;
930
931                 break;
932
933         case BT_DEFER_SETUP:
934                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
935                         err = -EINVAL;
936                         break;
937                 }
938
939                 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
940                         err = -EFAULT;
941
942                 break;
943
944         default:
945                 err = -ENOPROTOOPT;
946                 break;
947         }
948
949         release_sock(sk);
950         return err;
951 }
952
953 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
954 {
955         struct sock *sk __maybe_unused = sock->sk;
956         int err;
957
958         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
959
960         err = bt_sock_ioctl(sock, cmd, arg);
961
962         if (err == -ENOIOCTLCMD) {
963 #ifdef CONFIG_BT_RFCOMM_TTY
964                 lock_sock(sk);
965                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
966                 release_sock(sk);
967 #else
968                 err = -EOPNOTSUPP;
969 #endif
970         }
971
972         return err;
973 }
974
975 static int rfcomm_sock_shutdown(struct socket *sock, int how)
976 {
977         struct sock *sk = sock->sk;
978         int err = 0;
979
980         BT_DBG("sock %p, sk %p", sock, sk);
981
982         if (!sk) return 0;
983
984         lock_sock(sk);
985         if (!sk->sk_shutdown) {
986                 sk->sk_shutdown = SHUTDOWN_MASK;
987                 __rfcomm_sock_close(sk);
988
989                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
990                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
991         }
992         release_sock(sk);
993         return err;
994 }
995
996 static int rfcomm_sock_release(struct socket *sock)
997 {
998         struct sock *sk = sock->sk;
999         int err;
1000
1001         BT_DBG("sock %p, sk %p", sock, sk);
1002
1003         if (!sk)
1004                 return 0;
1005
1006         err = rfcomm_sock_shutdown(sock, 2);
1007
1008         sock_orphan(sk);
1009         rfcomm_sock_kill(sk);
1010         return err;
1011 }
1012
1013 /* ---- RFCOMM core layer callbacks ----
1014  *
1015  * called under rfcomm_lock()
1016  */
1017 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
1018 {
1019         struct sock *sk, *parent;
1020         bdaddr_t src, dst;
1021         int result = 0;
1022
1023         BT_DBG("session %p channel %d", s, channel);
1024
1025         rfcomm_session_getaddr(s, &src, &dst);
1026
1027         /* Check if we have socket listening on channel */
1028         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
1029         if (!parent)
1030                 return 0;
1031
1032         /* Check for backlog size */
1033         if (sk_acceptq_is_full(parent)) {
1034                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1035                 goto done;
1036         }
1037
1038         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1039         if (!sk)
1040                 goto done;
1041
1042         rfcomm_sock_init(sk, parent);
1043         bacpy(&bt_sk(sk)->src, &src);
1044         bacpy(&bt_sk(sk)->dst, &dst);
1045         rfcomm_pi(sk)->channel = channel;
1046
1047         sk->sk_state = BT_CONFIG;
1048         bt_accept_enqueue(parent, sk);
1049
1050         /* Accept connection and return socket DLC */
1051         *d = rfcomm_pi(sk)->dlc;
1052         result = 1;
1053
1054 done:
1055         bh_unlock_sock(parent);
1056
1057         if (bt_sk(parent)->defer_setup)
1058                 parent->sk_state_change(parent);
1059
1060         return result;
1061 }
1062
1063 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
1064 {
1065         struct sock *sk;
1066         struct hlist_node *node;
1067         char *str = buf;
1068
1069         read_lock_bh(&rfcomm_sk_list.lock);
1070
1071         sk_for_each(sk, node, &rfcomm_sk_list.head) {
1072                 str += sprintf(str, "%s %s %d %d\n",
1073                                 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
1074                                 sk->sk_state, rfcomm_pi(sk)->channel);
1075         }
1076
1077         read_unlock_bh(&rfcomm_sk_list.lock);
1078
1079         return (str - buf);
1080 }
1081
1082 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
1083
1084 static const struct proto_ops rfcomm_sock_ops = {
1085         .family         = PF_BLUETOOTH,
1086         .owner          = THIS_MODULE,
1087         .release        = rfcomm_sock_release,
1088         .bind           = rfcomm_sock_bind,
1089         .connect        = rfcomm_sock_connect,
1090         .listen         = rfcomm_sock_listen,
1091         .accept         = rfcomm_sock_accept,
1092         .getname        = rfcomm_sock_getname,
1093         .sendmsg        = rfcomm_sock_sendmsg,
1094         .recvmsg        = rfcomm_sock_recvmsg,
1095         .shutdown       = rfcomm_sock_shutdown,
1096         .setsockopt     = rfcomm_sock_setsockopt,
1097         .getsockopt     = rfcomm_sock_getsockopt,
1098         .ioctl          = rfcomm_sock_ioctl,
1099         .poll           = bt_sock_poll,
1100         .socketpair     = sock_no_socketpair,
1101         .mmap           = sock_no_mmap
1102 };
1103
1104 static struct net_proto_family rfcomm_sock_family_ops = {
1105         .family         = PF_BLUETOOTH,
1106         .owner          = THIS_MODULE,
1107         .create         = rfcomm_sock_create
1108 };
1109
1110 int __init rfcomm_init_sockets(void)
1111 {
1112         int err;
1113
1114         err = proto_register(&rfcomm_proto, 0);
1115         if (err < 0)
1116                 return err;
1117
1118         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1119         if (err < 0)
1120                 goto error;
1121
1122         if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
1123                 BT_ERR("Failed to create RFCOMM info file");
1124
1125         BT_INFO("RFCOMM socket layer initialized");
1126
1127         return 0;
1128
1129 error:
1130         BT_ERR("RFCOMM socket layer registration failed");
1131         proto_unregister(&rfcomm_proto);
1132         return err;
1133 }
1134
1135 void __exit rfcomm_cleanup_sockets(void)
1136 {
1137         class_remove_file(bt_class, &class_attr_rfcomm);
1138
1139         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1140                 BT_ERR("RFCOMM socket layer unregistration failed");
1141
1142         proto_unregister(&rfcomm_proto);
1143 }