Bluetooth: Disconnect L2CAP connections without encryption
[pandora-kernel.git] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/list.h>
42 #include <linux/device.h>
43 #include <net/sock.h>
44
45 #include <asm/system.h>
46 #include <asm/uaccess.h>
47
48 #include <net/bluetooth/bluetooth.h>
49 #include <net/bluetooth/hci_core.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
52
53 static const struct proto_ops rfcomm_sock_ops;
54
55 static struct bt_sock_list rfcomm_sk_list = {
56         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
57 };
58
59 static void rfcomm_sock_close(struct sock *sk);
60 static void rfcomm_sock_kill(struct sock *sk);
61
62 /* ---- DLC callbacks ----
63  *
64  * called under rfcomm_dlc_lock()
65  */
66 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
67 {
68         struct sock *sk = d->owner;
69         if (!sk)
70                 return;
71
72         atomic_add(skb->len, &sk->sk_rmem_alloc);
73         skb_queue_tail(&sk->sk_receive_queue, skb);
74         sk->sk_data_ready(sk, skb->len);
75
76         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
77                 rfcomm_dlc_throttle(d);
78 }
79
80 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
81 {
82         struct sock *sk = d->owner, *parent;
83         if (!sk)
84                 return;
85
86         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
87
88         bh_lock_sock(sk);
89
90         if (err)
91                 sk->sk_err = err;
92
93         sk->sk_state = d->state;
94
95         parent = bt_sk(sk)->parent;
96         if (parent) {
97                 if (d->state == BT_CLOSED) {
98                         sock_set_flag(sk, SOCK_ZAPPED);
99                         bt_accept_unlink(sk);
100                 }
101                 parent->sk_data_ready(parent, 0);
102         } else {
103                 if (d->state == BT_CONNECTED)
104                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
105                 sk->sk_state_change(sk);
106         }
107
108         bh_unlock_sock(sk);
109
110         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
111                 /* We have to drop DLC lock here, otherwise
112                  * rfcomm_sock_destruct() will dead lock. */
113                 rfcomm_dlc_unlock(d);
114                 rfcomm_sock_kill(sk);
115                 rfcomm_dlc_lock(d);
116         }
117 }
118
119 /* ---- Socket functions ---- */
120 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
121 {
122         struct sock *sk = NULL;
123         struct hlist_node *node;
124
125         sk_for_each(sk, node, &rfcomm_sk_list.head) {
126                 if (rfcomm_pi(sk)->channel == channel &&
127                                 !bacmp(&bt_sk(sk)->src, src))
128                         break;
129         }
130
131         return node ? sk : NULL;
132 }
133
134 /* Find socket with channel and source bdaddr.
135  * Returns closest match.
136  */
137 static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
138 {
139         struct sock *sk = NULL, *sk1 = NULL;
140         struct hlist_node *node;
141
142         sk_for_each(sk, node, &rfcomm_sk_list.head) {
143                 if (state && sk->sk_state != state)
144                         continue;
145
146                 if (rfcomm_pi(sk)->channel == channel) {
147                         /* Exact match. */
148                         if (!bacmp(&bt_sk(sk)->src, src))
149                                 break;
150
151                         /* Closest match */
152                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
153                                 sk1 = sk;
154                 }
155         }
156         return node ? sk : sk1;
157 }
158
159 /* Find socket with given address (channel, src).
160  * Returns locked socket */
161 static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
162 {
163         struct sock *s;
164         read_lock(&rfcomm_sk_list.lock);
165         s = __rfcomm_get_sock_by_channel(state, channel, src);
166         if (s) bh_lock_sock(s);
167         read_unlock(&rfcomm_sk_list.lock);
168         return s;
169 }
170
171 static void rfcomm_sock_destruct(struct sock *sk)
172 {
173         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
174
175         BT_DBG("sk %p dlc %p", sk, d);
176
177         skb_queue_purge(&sk->sk_receive_queue);
178         skb_queue_purge(&sk->sk_write_queue);
179
180         rfcomm_dlc_lock(d);
181         rfcomm_pi(sk)->dlc = NULL;
182
183         /* Detach DLC if it's owned by this socket */
184         if (d->owner == sk)
185                 d->owner = NULL;
186         rfcomm_dlc_unlock(d);
187
188         rfcomm_dlc_put(d);
189 }
190
191 static void rfcomm_sock_cleanup_listen(struct sock *parent)
192 {
193         struct sock *sk;
194
195         BT_DBG("parent %p", parent);
196
197         /* Close not yet accepted dlcs */
198         while ((sk = bt_accept_dequeue(parent, NULL))) {
199                 rfcomm_sock_close(sk);
200                 rfcomm_sock_kill(sk);
201         }
202
203         parent->sk_state  = BT_CLOSED;
204         sock_set_flag(parent, SOCK_ZAPPED);
205 }
206
207 /* Kill socket (only if zapped and orphan)
208  * Must be called on unlocked socket.
209  */
210 static void rfcomm_sock_kill(struct sock *sk)
211 {
212         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
213                 return;
214
215         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
216
217         /* Kill poor orphan */
218         bt_sock_unlink(&rfcomm_sk_list, sk);
219         sock_set_flag(sk, SOCK_DEAD);
220         sock_put(sk);
221 }
222
223 static void __rfcomm_sock_close(struct sock *sk)
224 {
225         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
226
227         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
228
229         switch (sk->sk_state) {
230         case BT_LISTEN:
231                 rfcomm_sock_cleanup_listen(sk);
232                 break;
233
234         case BT_CONNECT:
235         case BT_CONNECT2:
236         case BT_CONFIG:
237         case BT_CONNECTED:
238                 rfcomm_dlc_close(d, 0);
239
240         default:
241                 sock_set_flag(sk, SOCK_ZAPPED);
242                 break;
243         }
244 }
245
246 /* Close socket.
247  * Must be called on unlocked socket.
248  */
249 static void rfcomm_sock_close(struct sock *sk)
250 {
251         lock_sock(sk);
252         __rfcomm_sock_close(sk);
253         release_sock(sk);
254 }
255
256 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
257 {
258         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
259
260         BT_DBG("sk %p", sk);
261
262         if (parent) {
263                 sk->sk_type = parent->sk_type;
264                 pi->dlc->defer_setup = bt_sk(parent)->defer_setup;
265
266                 pi->sec_level = rfcomm_pi(parent)->sec_level;
267                 pi->role_switch = rfcomm_pi(parent)->role_switch;
268         } else {
269                 pi->dlc->defer_setup = 0;
270
271                 pi->sec_level = BT_SECURITY_LOW;
272                 pi->role_switch = 0;
273         }
274
275         pi->dlc->sec_level = pi->sec_level;
276         pi->dlc->role_switch = pi->role_switch;
277 }
278
279 static struct proto rfcomm_proto = {
280         .name           = "RFCOMM",
281         .owner          = THIS_MODULE,
282         .obj_size       = sizeof(struct rfcomm_pinfo)
283 };
284
285 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
286 {
287         struct rfcomm_dlc *d;
288         struct sock *sk;
289
290         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
291         if (!sk)
292                 return NULL;
293
294         sock_init_data(sock, sk);
295         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
296
297         d = rfcomm_dlc_alloc(prio);
298         if (!d) {
299                 sk_free(sk);
300                 return NULL;
301         }
302
303         d->data_ready   = rfcomm_sk_data_ready;
304         d->state_change = rfcomm_sk_state_change;
305
306         rfcomm_pi(sk)->dlc = d;
307         d->owner = sk;
308
309         sk->sk_destruct = rfcomm_sock_destruct;
310         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
311
312         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314
315         sock_reset_flag(sk, SOCK_ZAPPED);
316
317         sk->sk_protocol = proto;
318         sk->sk_state    = BT_OPEN;
319
320         bt_sock_link(&rfcomm_sk_list, sk);
321
322         BT_DBG("sk %p", sk);
323         return sk;
324 }
325
326 static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
327 {
328         struct sock *sk;
329
330         BT_DBG("sock %p", sock);
331
332         sock->state = SS_UNCONNECTED;
333
334         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
335                 return -ESOCKTNOSUPPORT;
336
337         sock->ops = &rfcomm_sock_ops;
338
339         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340         if (!sk)
341                 return -ENOMEM;
342
343         rfcomm_sock_init(sk, NULL);
344         return 0;
345 }
346
347 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
348 {
349         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
350         struct sock *sk = sock->sk;
351         int err = 0;
352
353         BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
354
355         if (!addr || addr->sa_family != AF_BLUETOOTH)
356                 return -EINVAL;
357
358         lock_sock(sk);
359
360         if (sk->sk_state != BT_OPEN) {
361                 err = -EBADFD;
362                 goto done;
363         }
364
365         if (sk->sk_type != SOCK_STREAM) {
366                 err = -EINVAL;
367                 goto done;
368         }
369
370         write_lock_bh(&rfcomm_sk_list.lock);
371
372         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
373                 err = -EADDRINUSE;
374         } else {
375                 /* Save source address */
376                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
377                 rfcomm_pi(sk)->channel = sa->rc_channel;
378                 sk->sk_state = BT_BOUND;
379         }
380
381         write_unlock_bh(&rfcomm_sk_list.lock);
382
383 done:
384         release_sock(sk);
385         return err;
386 }
387
388 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
389 {
390         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
391         struct sock *sk = sock->sk;
392         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
393         int err = 0;
394
395         BT_DBG("sk %p", sk);
396
397         if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
398                 return -EINVAL;
399
400         lock_sock(sk);
401
402         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
403                 err = -EBADFD;
404                 goto done;
405         }
406
407         if (sk->sk_type != SOCK_STREAM) {
408                 err = -EINVAL;
409                 goto done;
410         }
411
412         sk->sk_state = BT_CONNECT;
413         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
414         rfcomm_pi(sk)->channel = sa->rc_channel;
415
416         d->sec_level = rfcomm_pi(sk)->sec_level;
417         d->role_switch = rfcomm_pi(sk)->role_switch;
418
419         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
420         if (!err)
421                 err = bt_sock_wait_state(sk, BT_CONNECTED,
422                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
423
424 done:
425         release_sock(sk);
426         return err;
427 }
428
429 static int rfcomm_sock_listen(struct socket *sock, int backlog)
430 {
431         struct sock *sk = sock->sk;
432         int err = 0;
433
434         BT_DBG("sk %p backlog %d", sk, backlog);
435
436         lock_sock(sk);
437
438         if (sk->sk_state != BT_BOUND) {
439                 err = -EBADFD;
440                 goto done;
441         }
442
443         if (sk->sk_type != SOCK_STREAM) {
444                 err = -EINVAL;
445                 goto done;
446         }
447
448         if (!rfcomm_pi(sk)->channel) {
449                 bdaddr_t *src = &bt_sk(sk)->src;
450                 u8 channel;
451
452                 err = -EINVAL;
453
454                 write_lock_bh(&rfcomm_sk_list.lock);
455
456                 for (channel = 1; channel < 31; channel++)
457                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
458                                 rfcomm_pi(sk)->channel = channel;
459                                 err = 0;
460                                 break;
461                         }
462
463                 write_unlock_bh(&rfcomm_sk_list.lock);
464
465                 if (err < 0)
466                         goto done;
467         }
468
469         sk->sk_max_ack_backlog = backlog;
470         sk->sk_ack_backlog = 0;
471         sk->sk_state = BT_LISTEN;
472
473 done:
474         release_sock(sk);
475         return err;
476 }
477
478 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
479 {
480         DECLARE_WAITQUEUE(wait, current);
481         struct sock *sk = sock->sk, *nsk;
482         long timeo;
483         int err = 0;
484
485         lock_sock(sk);
486
487         if (sk->sk_state != BT_LISTEN) {
488                 err = -EBADFD;
489                 goto done;
490         }
491
492         if (sk->sk_type != SOCK_STREAM) {
493                 err = -EINVAL;
494                 goto done;
495         }
496
497         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
498
499         BT_DBG("sk %p timeo %ld", sk, timeo);
500
501         /* Wait for an incoming connection. (wake-one). */
502         add_wait_queue_exclusive(sk->sk_sleep, &wait);
503         while (!(nsk = bt_accept_dequeue(sk, newsock))) {
504                 set_current_state(TASK_INTERRUPTIBLE);
505                 if (!timeo) {
506                         err = -EAGAIN;
507                         break;
508                 }
509
510                 release_sock(sk);
511                 timeo = schedule_timeout(timeo);
512                 lock_sock(sk);
513
514                 if (sk->sk_state != BT_LISTEN) {
515                         err = -EBADFD;
516                         break;
517                 }
518
519                 if (signal_pending(current)) {
520                         err = sock_intr_errno(timeo);
521                         break;
522                 }
523         }
524         set_current_state(TASK_RUNNING);
525         remove_wait_queue(sk->sk_sleep, &wait);
526
527         if (err)
528                 goto done;
529
530         newsock->state = SS_CONNECTED;
531
532         BT_DBG("new socket %p", nsk);
533
534 done:
535         release_sock(sk);
536         return err;
537 }
538
539 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
540 {
541         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
542         struct sock *sk = sock->sk;
543
544         BT_DBG("sock %p, sk %p", sock, sk);
545
546         sa->rc_family  = AF_BLUETOOTH;
547         sa->rc_channel = rfcomm_pi(sk)->channel;
548         if (peer)
549                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
550         else
551                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
552
553         *len = sizeof(struct sockaddr_rc);
554         return 0;
555 }
556
557 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
558                                struct msghdr *msg, size_t len)
559 {
560         struct sock *sk = sock->sk;
561         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
562         struct sk_buff *skb;
563         int sent = 0;
564
565         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
566                 return -ENOTCONN;
567
568         if (msg->msg_flags & MSG_OOB)
569                 return -EOPNOTSUPP;
570
571         if (sk->sk_shutdown & SEND_SHUTDOWN)
572                 return -EPIPE;
573
574         BT_DBG("sock %p, sk %p", sock, sk);
575
576         lock_sock(sk);
577
578         while (len) {
579                 size_t size = min_t(size_t, len, d->mtu);
580                 int err;
581
582                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
583                                 msg->msg_flags & MSG_DONTWAIT, &err);
584                 if (!skb) {
585                         if (sent == 0)
586                                 sent = err;
587                         break;
588                 }
589                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
590
591                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
592                 if (err) {
593                         kfree_skb(skb);
594                         if (sent == 0)
595                                 sent = err;
596                         break;
597                 }
598
599                 err = rfcomm_dlc_send(d, skb);
600                 if (err < 0) {
601                         kfree_skb(skb);
602                         if (sent == 0)
603                                 sent = err;
604                         break;
605                 }
606
607                 sent += size;
608                 len  -= size;
609         }
610
611         release_sock(sk);
612
613         return sent;
614 }
615
616 static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
617 {
618         DECLARE_WAITQUEUE(wait, current);
619
620         add_wait_queue(sk->sk_sleep, &wait);
621         for (;;) {
622                 set_current_state(TASK_INTERRUPTIBLE);
623
624                 if (!skb_queue_empty(&sk->sk_receive_queue) ||
625                     sk->sk_err ||
626                     (sk->sk_shutdown & RCV_SHUTDOWN) ||
627                     signal_pending(current) ||
628                     !timeo)
629                         break;
630
631                 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
632                 release_sock(sk);
633                 timeo = schedule_timeout(timeo);
634                 lock_sock(sk);
635                 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
636         }
637
638         __set_current_state(TASK_RUNNING);
639         remove_wait_queue(sk->sk_sleep, &wait);
640         return timeo;
641 }
642
643 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
644                                struct msghdr *msg, size_t size, int flags)
645 {
646         struct sock *sk = sock->sk;
647         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
648         int err = 0;
649         size_t target, copied = 0;
650         long timeo;
651
652         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
653                 rfcomm_dlc_accept(d);
654                 return 0;
655         }
656
657         if (flags & MSG_OOB)
658                 return -EOPNOTSUPP;
659
660         msg->msg_namelen = 0;
661
662         BT_DBG("sk %p size %zu", sk, size);
663
664         lock_sock(sk);
665
666         target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
667         timeo  = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
668
669         do {
670                 struct sk_buff *skb;
671                 int chunk;
672
673                 skb = skb_dequeue(&sk->sk_receive_queue);
674                 if (!skb) {
675                         if (copied >= target)
676                                 break;
677
678                         if ((err = sock_error(sk)) != 0)
679                                 break;
680                         if (sk->sk_shutdown & RCV_SHUTDOWN)
681                                 break;
682
683                         err = -EAGAIN;
684                         if (!timeo)
685                                 break;
686
687                         timeo = rfcomm_sock_data_wait(sk, timeo);
688
689                         if (signal_pending(current)) {
690                                 err = sock_intr_errno(timeo);
691                                 goto out;
692                         }
693                         continue;
694                 }
695
696                 chunk = min_t(unsigned int, skb->len, size);
697                 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
698                         skb_queue_head(&sk->sk_receive_queue, skb);
699                         if (!copied)
700                                 copied = -EFAULT;
701                         break;
702                 }
703                 copied += chunk;
704                 size   -= chunk;
705
706                 sock_recv_timestamp(msg, sk, skb);
707
708                 if (!(flags & MSG_PEEK)) {
709                         atomic_sub(chunk, &sk->sk_rmem_alloc);
710
711                         skb_pull(skb, chunk);
712                         if (skb->len) {
713                                 skb_queue_head(&sk->sk_receive_queue, skb);
714                                 break;
715                         }
716                         kfree_skb(skb);
717
718                 } else {
719                         /* put message back and return */
720                         skb_queue_head(&sk->sk_receive_queue, skb);
721                         break;
722                 }
723         } while (size);
724
725 out:
726         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
727                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
728
729         release_sock(sk);
730         return copied ? : err;
731 }
732
733 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen)
734 {
735         struct sock *sk = sock->sk;
736         int err = 0;
737         u32 opt;
738
739         BT_DBG("sk %p", sk);
740
741         lock_sock(sk);
742
743         switch (optname) {
744         case RFCOMM_LM:
745                 if (get_user(opt, (u32 __user *) optval)) {
746                         err = -EFAULT;
747                         break;
748                 }
749
750                 if (opt & RFCOMM_LM_AUTH)
751                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
752                 if (opt & RFCOMM_LM_ENCRYPT)
753                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
754                 if (opt & RFCOMM_LM_SECURE)
755                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
756
757                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
758                 break;
759
760         default:
761                 err = -ENOPROTOOPT;
762                 break;
763         }
764
765         release_sock(sk);
766         return err;
767 }
768
769 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
770 {
771         struct sock *sk = sock->sk;
772         struct bt_security sec;
773         int len, err = 0;
774         u32 opt;
775
776         BT_DBG("sk %p", sk);
777
778         if (level == SOL_RFCOMM)
779                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
780
781         lock_sock(sk);
782
783         switch (optname) {
784         case BT_SECURITY:
785                 sec.level = BT_SECURITY_LOW;
786
787                 len = min_t(unsigned int, sizeof(sec), optlen);
788                 if (copy_from_user((char *) &sec, optval, len)) {
789                         err = -EFAULT;
790                         break;
791                 }
792
793                 if (sec.level > BT_SECURITY_HIGH) {
794                         err = -EINVAL;
795                         break;
796                 }
797
798                 rfcomm_pi(sk)->sec_level = sec.level;
799                 break;
800
801         case BT_DEFER_SETUP:
802                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
803                         err = -EINVAL;
804                         break;
805                 }
806
807                 if (get_user(opt, (u32 __user *) optval)) {
808                         err = -EFAULT;
809                         break;
810                 }
811
812                 bt_sk(sk)->defer_setup = opt;
813                 break;
814
815         default:
816                 err = -ENOPROTOOPT;
817                 break;
818         }
819
820         release_sock(sk);
821         return err;
822 }
823
824 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
825 {
826         struct sock *sk = sock->sk;
827         struct sock *l2cap_sk;
828         struct rfcomm_conninfo cinfo;
829         int len, err = 0;
830         u32 opt;
831
832         BT_DBG("sk %p", sk);
833
834         if (get_user(len, optlen))
835                 return -EFAULT;
836
837         lock_sock(sk);
838
839         switch (optname) {
840         case RFCOMM_LM:
841                 switch (rfcomm_pi(sk)->sec_level) {
842                 case BT_SECURITY_LOW:
843                         opt = RFCOMM_LM_AUTH;
844                         break;
845                 case BT_SECURITY_MEDIUM:
846                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
847                         break;
848                 case BT_SECURITY_HIGH:
849                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
850                                                         RFCOMM_LM_SECURE;
851                         break;
852                 default:
853                         opt = 0;
854                         break;
855                 }
856
857                 if (rfcomm_pi(sk)->role_switch)
858                         opt |= RFCOMM_LM_MASTER;
859
860                 if (put_user(opt, (u32 __user *) optval))
861                         err = -EFAULT;
862                 break;
863
864         case RFCOMM_CONNINFO:
865                 if (sk->sk_state != BT_CONNECTED &&
866                                         !rfcomm_pi(sk)->dlc->defer_setup) {
867                         err = -ENOTCONN;
868                         break;
869                 }
870
871                 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
872
873                 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
874                 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
875
876                 len = min_t(unsigned int, len, sizeof(cinfo));
877                 if (copy_to_user(optval, (char *) &cinfo, len))
878                         err = -EFAULT;
879
880                 break;
881
882         default:
883                 err = -ENOPROTOOPT;
884                 break;
885         }
886
887         release_sock(sk);
888         return err;
889 }
890
891 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
892 {
893         struct sock *sk = sock->sk;
894         struct bt_security sec;
895         int len, err = 0;
896
897         BT_DBG("sk %p", sk);
898
899         if (level == SOL_RFCOMM)
900                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
901
902         if (get_user(len, optlen))
903                 return -EFAULT;
904
905         lock_sock(sk);
906
907         switch (optname) {
908         case BT_SECURITY:
909                 sec.level = rfcomm_pi(sk)->sec_level;
910
911                 len = min_t(unsigned int, len, sizeof(sec));
912                 if (copy_to_user(optval, (char *) &sec, len))
913                         err = -EFAULT;
914
915                 break;
916
917         case BT_DEFER_SETUP:
918                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
919                         err = -EINVAL;
920                         break;
921                 }
922
923                 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
924                         err = -EFAULT;
925
926                 break;
927
928         default:
929                 err = -ENOPROTOOPT;
930                 break;
931         }
932
933         release_sock(sk);
934         return err;
935 }
936
937 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
938 {
939         struct sock *sk __maybe_unused = sock->sk;
940         int err;
941
942         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
943
944         err = bt_sock_ioctl(sock, cmd, arg);
945
946         if (err == -ENOIOCTLCMD) {
947 #ifdef CONFIG_BT_RFCOMM_TTY
948                 lock_sock(sk);
949                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
950                 release_sock(sk);
951 #else
952                 err = -EOPNOTSUPP;
953 #endif
954         }
955
956         return err;
957 }
958
959 static int rfcomm_sock_shutdown(struct socket *sock, int how)
960 {
961         struct sock *sk = sock->sk;
962         int err = 0;
963
964         BT_DBG("sock %p, sk %p", sock, sk);
965
966         if (!sk) return 0;
967
968         lock_sock(sk);
969         if (!sk->sk_shutdown) {
970                 sk->sk_shutdown = SHUTDOWN_MASK;
971                 __rfcomm_sock_close(sk);
972
973                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
974                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
975         }
976         release_sock(sk);
977         return err;
978 }
979
980 static int rfcomm_sock_release(struct socket *sock)
981 {
982         struct sock *sk = sock->sk;
983         int err;
984
985         BT_DBG("sock %p, sk %p", sock, sk);
986
987         if (!sk)
988                 return 0;
989
990         err = rfcomm_sock_shutdown(sock, 2);
991
992         sock_orphan(sk);
993         rfcomm_sock_kill(sk);
994         return err;
995 }
996
997 /* ---- RFCOMM core layer callbacks ----
998  *
999  * called under rfcomm_lock()
1000  */
1001 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
1002 {
1003         struct sock *sk, *parent;
1004         bdaddr_t src, dst;
1005         int result = 0;
1006
1007         BT_DBG("session %p channel %d", s, channel);
1008
1009         rfcomm_session_getaddr(s, &src, &dst);
1010
1011         /* Check if we have socket listening on channel */
1012         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
1013         if (!parent)
1014                 return 0;
1015
1016         /* Check for backlog size */
1017         if (sk_acceptq_is_full(parent)) {
1018                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1019                 goto done;
1020         }
1021
1022         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
1023         if (!sk)
1024                 goto done;
1025
1026         rfcomm_sock_init(sk, parent);
1027         bacpy(&bt_sk(sk)->src, &src);
1028         bacpy(&bt_sk(sk)->dst, &dst);
1029         rfcomm_pi(sk)->channel = channel;
1030
1031         sk->sk_state = BT_CONFIG;
1032         bt_accept_enqueue(parent, sk);
1033
1034         /* Accept connection and return socket DLC */
1035         *d = rfcomm_pi(sk)->dlc;
1036         result = 1;
1037
1038 done:
1039         bh_unlock_sock(parent);
1040
1041         if (bt_sk(parent)->defer_setup)
1042                 parent->sk_state_change(parent);
1043
1044         return result;
1045 }
1046
1047 static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
1048 {
1049         struct sock *sk;
1050         struct hlist_node *node;
1051         char *str = buf;
1052
1053         read_lock_bh(&rfcomm_sk_list.lock);
1054
1055         sk_for_each(sk, node, &rfcomm_sk_list.head) {
1056                 str += sprintf(str, "%s %s %d %d\n",
1057                                 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
1058                                 sk->sk_state, rfcomm_pi(sk)->channel);
1059         }
1060
1061         read_unlock_bh(&rfcomm_sk_list.lock);
1062
1063         return (str - buf);
1064 }
1065
1066 static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
1067
1068 static const struct proto_ops rfcomm_sock_ops = {
1069         .family         = PF_BLUETOOTH,
1070         .owner          = THIS_MODULE,
1071         .release        = rfcomm_sock_release,
1072         .bind           = rfcomm_sock_bind,
1073         .connect        = rfcomm_sock_connect,
1074         .listen         = rfcomm_sock_listen,
1075         .accept         = rfcomm_sock_accept,
1076         .getname        = rfcomm_sock_getname,
1077         .sendmsg        = rfcomm_sock_sendmsg,
1078         .recvmsg        = rfcomm_sock_recvmsg,
1079         .shutdown       = rfcomm_sock_shutdown,
1080         .setsockopt     = rfcomm_sock_setsockopt,
1081         .getsockopt     = rfcomm_sock_getsockopt,
1082         .ioctl          = rfcomm_sock_ioctl,
1083         .poll           = bt_sock_poll,
1084         .socketpair     = sock_no_socketpair,
1085         .mmap           = sock_no_mmap
1086 };
1087
1088 static struct net_proto_family rfcomm_sock_family_ops = {
1089         .family         = PF_BLUETOOTH,
1090         .owner          = THIS_MODULE,
1091         .create         = rfcomm_sock_create
1092 };
1093
1094 int __init rfcomm_init_sockets(void)
1095 {
1096         int err;
1097
1098         err = proto_register(&rfcomm_proto, 0);
1099         if (err < 0)
1100                 return err;
1101
1102         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1103         if (err < 0)
1104                 goto error;
1105
1106         if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
1107                 BT_ERR("Failed to create RFCOMM info file");
1108
1109         BT_INFO("RFCOMM socket layer initialized");
1110
1111         return 0;
1112
1113 error:
1114         BT_ERR("RFCOMM socket layer registration failed");
1115         proto_unregister(&rfcomm_proto);
1116         return err;
1117 }
1118
1119 void __exit rfcomm_cleanup_sockets(void)
1120 {
1121         class_remove_file(bt_class, &class_attr_rfcomm);
1122
1123         if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1124                 BT_ERR("RFCOMM socket layer unregistration failed");
1125
1126         proto_unregister(&rfcomm_proto);
1127 }