1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47
48#include <net/bluetooth/bluetooth.h>
49#include <net/bluetooth/hci_core.h>
50#include <net/bluetooth/l2cap.h>
51#include <net/bluetooth/rfcomm.h>
52
53#ifndef CONFIG_BT_RFCOMM_DEBUG
54#undef BT_DBG
55#define BT_DBG(D...)
56#endif
57
58static const struct proto_ops rfcomm_sock_ops;
59
60static struct bt_sock_list rfcomm_sk_list = {
61 .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
62};
63
64static void rfcomm_sock_close(struct sock *sk);
65static void rfcomm_sock_kill(struct sock *sk);
66
67
68
69
70
71static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
72{
73 struct sock *sk = d->owner;
74 if (!sk)
75 return;
76
77 atomic_add(skb->len, &sk->sk_rmem_alloc);
78 skb_queue_tail(&sk->sk_receive_queue, skb);
79 sk->sk_data_ready(sk, skb->len);
80
81 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
82 rfcomm_dlc_throttle(d);
83}
84
85static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
86{
87 struct sock *sk = d->owner, *parent;
88 if (!sk)
89 return;
90
91 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
92
93 bh_lock_sock(sk);
94
95 if (err)
96 sk->sk_err = err;
97
98 sk->sk_state = d->state;
99
100 parent = bt_sk(sk)->parent;
101 if (parent) {
102 if (d->state == BT_CLOSED) {
103 sock_set_flag(sk, SOCK_ZAPPED);
104 bt_accept_unlink(sk);
105 }
106 parent->sk_data_ready(parent, 0);
107 } else {
108 if (d->state == BT_CONNECTED)
109 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
110 sk->sk_state_change(sk);
111 }
112
113 bh_unlock_sock(sk);
114
115 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
116
117
118 rfcomm_dlc_unlock(d);
119 rfcomm_sock_kill(sk);
120 rfcomm_dlc_lock(d);
121 }
122}
123
124
125static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
126{
127 struct sock *sk = NULL;
128 struct hlist_node *node;
129
130 sk_for_each(sk, node, &rfcomm_sk_list.head) {
131 if (rfcomm_pi(sk)->channel == channel &&
132 !bacmp(&bt_sk(sk)->src, src))
133 break;
134 }
135
136 return node ? sk : NULL;
137}
138
139
140
141
142static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
143{
144 struct sock *sk = NULL, *sk1 = NULL;
145 struct hlist_node *node;
146
147 sk_for_each(sk, node, &rfcomm_sk_list.head) {
148 if (state && sk->sk_state != state)
149 continue;
150
151 if (rfcomm_pi(sk)->channel == channel) {
152
153 if (!bacmp(&bt_sk(sk)->src, src))
154 break;
155
156
157 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
158 sk1 = sk;
159 }
160 }
161 return node ? sk : sk1;
162}
163
164
165
166static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
167{
168 struct sock *s;
169 read_lock(&rfcomm_sk_list.lock);
170 s = __rfcomm_get_sock_by_channel(state, channel, src);
171 if (s) bh_lock_sock(s);
172 read_unlock(&rfcomm_sk_list.lock);
173 return s;
174}
175
176static void rfcomm_sock_destruct(struct sock *sk)
177{
178 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
179
180 BT_DBG("sk %p dlc %p", sk, d);
181
182 skb_queue_purge(&sk->sk_receive_queue);
183 skb_queue_purge(&sk->sk_write_queue);
184
185 rfcomm_dlc_lock(d);
186 rfcomm_pi(sk)->dlc = NULL;
187
188
189 if (d->owner == sk)
190 d->owner = NULL;
191 rfcomm_dlc_unlock(d);
192
193 rfcomm_dlc_put(d);
194}
195
196static void rfcomm_sock_cleanup_listen(struct sock *parent)
197{
198 struct sock *sk;
199
200 BT_DBG("parent %p", parent);
201
202
203 while ((sk = bt_accept_dequeue(parent, NULL))) {
204 rfcomm_sock_close(sk);
205 rfcomm_sock_kill(sk);
206 }
207
208 parent->sk_state = BT_CLOSED;
209 sock_set_flag(parent, SOCK_ZAPPED);
210}
211
212
213
214
215static void rfcomm_sock_kill(struct sock *sk)
216{
217 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
218 return;
219
220 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
221
222
223 bt_sock_unlink(&rfcomm_sk_list, sk);
224 sock_set_flag(sk, SOCK_DEAD);
225 sock_put(sk);
226}
227
228static void __rfcomm_sock_close(struct sock *sk)
229{
230 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
231
232 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
233
234 switch (sk->sk_state) {
235 case BT_LISTEN:
236 rfcomm_sock_cleanup_listen(sk);
237 break;
238
239 case BT_CONNECT:
240 case BT_CONNECT2:
241 case BT_CONFIG:
242 case BT_CONNECTED:
243 rfcomm_dlc_close(d, 0);
244
245 default:
246 sock_set_flag(sk, SOCK_ZAPPED);
247 break;
248 }
249}
250
251
252
253
254static void rfcomm_sock_close(struct sock *sk)
255{
256 lock_sock(sk);
257 __rfcomm_sock_close(sk);
258 release_sock(sk);
259}
260
261static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
262{
263 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
264
265 BT_DBG("sk %p", sk);
266
267 if (parent) {
268 sk->sk_type = parent->sk_type;
269 pi->link_mode = rfcomm_pi(parent)->link_mode;
270 } else {
271 pi->link_mode = 0;
272 }
273
274 pi->dlc->link_mode = pi->link_mode;
275}
276
277static struct proto rfcomm_proto = {
278 .name = "RFCOMM",
279 .owner = THIS_MODULE,
280 .obj_size = sizeof(struct rfcomm_pinfo)
281};
282
283static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
284{
285 struct rfcomm_dlc *d;
286 struct sock *sk;
287
288 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
289 if (!sk)
290 return NULL;
291
292 sock_init_data(sock, sk);
293 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
294
295 d = rfcomm_dlc_alloc(prio);
296 if (!d) {
297 sk_free(sk);
298 return NULL;
299 }
300
301 d->data_ready = rfcomm_sk_data_ready;
302 d->state_change = rfcomm_sk_state_change;
303
304 rfcomm_pi(sk)->dlc = d;
305 d->owner = sk;
306
307 sk->sk_destruct = rfcomm_sock_destruct;
308 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
309
310 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
311 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312
313 sock_reset_flag(sk, SOCK_ZAPPED);
314
315 sk->sk_protocol = proto;
316 sk->sk_state = BT_OPEN;
317
318 bt_sock_link(&rfcomm_sk_list, sk);
319
320 BT_DBG("sk %p", sk);
321 return sk;
322}
323
324static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
325{
326 struct sock *sk;
327
328 BT_DBG("sock %p", sock);
329
330 sock->state = SS_UNCONNECTED;
331
332 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
333 return -ESOCKTNOSUPPORT;
334
335 sock->ops = &rfcomm_sock_ops;
336
337 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
338 if (!sk)
339 return -ENOMEM;
340
341 rfcomm_sock_init(sk, NULL);
342 return 0;
343}
344
345static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
346{
347 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
348 struct sock *sk = sock->sk;
349 int err = 0;
350
351 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
352
353 if (!addr || addr->sa_family != AF_BLUETOOTH)
354 return -EINVAL;
355
356 lock_sock(sk);
357
358 if (sk->sk_state != BT_OPEN) {
359 err = -EBADFD;
360 goto done;
361 }
362
363 if (sk->sk_type != SOCK_STREAM) {
364 err = -EINVAL;
365 goto done;
366 }
367
368 write_lock_bh(&rfcomm_sk_list.lock);
369
370 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
371 err = -EADDRINUSE;
372 } else {
373
374 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
375 rfcomm_pi(sk)->channel = sa->rc_channel;
376 sk->sk_state = BT_BOUND;
377 }
378
379 write_unlock_bh(&rfcomm_sk_list.lock);
380
381done:
382 release_sock(sk);
383 return err;
384}
385
386static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
387{
388 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
389 struct sock *sk = sock->sk;
390 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
391 int err = 0;
392
393 BT_DBG("sk %p", sk);
394
395 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
396 return -EINVAL;
397
398 lock_sock(sk);
399
400 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
401 err = -EBADFD;
402 goto done;
403 }
404
405 if (sk->sk_type != SOCK_STREAM) {
406 err = -EINVAL;
407 goto done;
408 }
409
410 sk->sk_state = BT_CONNECT;
411 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
412 rfcomm_pi(sk)->channel = sa->rc_channel;
413
414 d->link_mode = rfcomm_pi(sk)->link_mode;
415
416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
417 if (!err)
418 err = bt_sock_wait_state(sk, BT_CONNECTED,
419 sock_sndtimeo(sk, flags & O_NONBLOCK));
420
421done:
422 release_sock(sk);
423 return err;
424}
425
426static int rfcomm_sock_listen(struct socket *sock, int backlog)
427{
428 struct sock *sk = sock->sk;
429 int err = 0;
430
431 BT_DBG("sk %p backlog %d", sk, backlog);
432
433 lock_sock(sk);
434
435 if (sk->sk_state != BT_BOUND) {
436 err = -EBADFD;
437 goto done;
438 }
439
440 if (sk->sk_type != SOCK_STREAM) {
441 err = -EINVAL;
442 goto done;
443 }
444
445 if (!rfcomm_pi(sk)->channel) {
446 bdaddr_t *src = &bt_sk(sk)->src;
447 u8 channel;
448
449 err = -EINVAL;
450
451 write_lock_bh(&rfcomm_sk_list.lock);
452
453 for (channel = 1; channel < 31; channel++)
454 if (!__rfcomm_get_sock_by_addr(channel, src)) {
455 rfcomm_pi(sk)->channel = channel;
456 err = 0;
457 break;
458 }
459
460 write_unlock_bh(&rfcomm_sk_list.lock);
461
462 if (err < 0)
463 goto done;
464 }
465
466 sk->sk_max_ack_backlog = backlog;
467 sk->sk_ack_backlog = 0;
468 sk->sk_state = BT_LISTEN;
469
470done:
471 release_sock(sk);
472 return err;
473}
474
475static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
476{
477 DECLARE_WAITQUEUE(wait, current);
478 struct sock *sk = sock->sk, *nsk;
479 long timeo;
480 int err = 0;
481
482 lock_sock(sk);
483
484 if (sk->sk_state != BT_LISTEN) {
485 err = -EBADFD;
486 goto done;
487 }
488
489 if (sk->sk_type != SOCK_STREAM) {
490 err = -EINVAL;
491 goto done;
492 }
493
494 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
495
496 BT_DBG("sk %p timeo %ld", sk, timeo);
497
498
499 add_wait_queue_exclusive(sk->sk_sleep, &wait);
500 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
501 set_current_state(TASK_INTERRUPTIBLE);
502 if (!timeo) {
503 err = -EAGAIN;
504 break;
505 }
506
507 release_sock(sk);
508 timeo = schedule_timeout(timeo);
509 lock_sock(sk);
510
511 if (sk->sk_state != BT_LISTEN) {
512 err = -EBADFD;
513 break;
514 }
515
516 if (signal_pending(current)) {
517 err = sock_intr_errno(timeo);
518 break;
519 }
520 }
521 set_current_state(TASK_RUNNING);
522 remove_wait_queue(sk->sk_sleep, &wait);
523
524 if (err)
525 goto done;
526
527 newsock->state = SS_CONNECTED;
528
529 BT_DBG("new socket %p", nsk);
530
531done:
532 release_sock(sk);
533 return err;
534}
535
536static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
537{
538 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
539 struct sock *sk = sock->sk;
540
541 BT_DBG("sock %p, sk %p", sock, sk);
542
543 sa->rc_family = AF_BLUETOOTH;
544 sa->rc_channel = rfcomm_pi(sk)->channel;
545 if (peer)
546 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
547 else
548 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
549
550 *len = sizeof(struct sockaddr_rc);
551 return 0;
552}
553
554static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
555 struct msghdr *msg, size_t len)
556{
557 struct sock *sk = sock->sk;
558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559 struct sk_buff *skb;
560 int sent = 0;
561
562 if (msg->msg_flags & MSG_OOB)
563 return -EOPNOTSUPP;
564
565 if (sk->sk_shutdown & SEND_SHUTDOWN)
566 return -EPIPE;
567
568 BT_DBG("sock %p, sk %p", sock, sk);
569
570 lock_sock(sk);
571
572 while (len) {
573 size_t size = min_t(size_t, len, d->mtu);
574 int err;
575
576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
577 msg->msg_flags & MSG_DONTWAIT, &err);
578 if (!skb)
579 break;
580 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
581
582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
583 if (err) {
584 kfree_skb(skb);
585 if (sent == 0)
586 sent = err;
587 break;
588 }
589
590 err = rfcomm_dlc_send(d, skb);
591 if (err < 0) {
592 kfree_skb(skb);
593 if (sent == 0)
594 sent = err;
595 break;
596 }
597
598 sent += size;
599 len -= size;
600 }
601
602 release_sock(sk);
603
604 return sent;
605}
606
607static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
608{
609 DECLARE_WAITQUEUE(wait, current);
610
611 add_wait_queue(sk->sk_sleep, &wait);
612 for (;;) {
613 set_current_state(TASK_INTERRUPTIBLE);
614
615 if (!skb_queue_empty(&sk->sk_receive_queue) ||
616 sk->sk_err ||
617 (sk->sk_shutdown & RCV_SHUTDOWN) ||
618 signal_pending(current) ||
619 !timeo)
620 break;
621
622 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
623 release_sock(sk);
624 timeo = schedule_timeout(timeo);
625 lock_sock(sk);
626 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
627 }
628
629 __set_current_state(TASK_RUNNING);
630 remove_wait_queue(sk->sk_sleep, &wait);
631 return timeo;
632}
633
634static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
635 struct msghdr *msg, size_t size, int flags)
636{
637 struct sock *sk = sock->sk;
638 int err = 0;
639 size_t target, copied = 0;
640 long timeo;
641
642 if (flags & MSG_OOB)
643 return -EOPNOTSUPP;
644
645 msg->msg_namelen = 0;
646
647 BT_DBG("sk %p size %d", sk, size);
648
649 lock_sock(sk);
650
651 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
652 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
653
654 do {
655 struct sk_buff *skb;
656 int chunk;
657
658 skb = skb_dequeue(&sk->sk_receive_queue);
659 if (!skb) {
660 if (copied >= target)
661 break;
662
663 if ((err = sock_error(sk)) != 0)
664 break;
665 if (sk->sk_shutdown & RCV_SHUTDOWN)
666 break;
667
668 err = -EAGAIN;
669 if (!timeo)
670 break;
671
672 timeo = rfcomm_sock_data_wait(sk, timeo);
673
674 if (signal_pending(current)) {
675 err = sock_intr_errno(timeo);
676 goto out;
677 }
678 continue;
679 }
680
681 chunk = min_t(unsigned int, skb->len, size);
682 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
683 skb_queue_head(&sk->sk_receive_queue, skb);
684 if (!copied)
685 copied = -EFAULT;
686 break;
687 }
688 copied += chunk;
689 size -= chunk;
690
691 sock_recv_timestamp(msg, sk, skb);
692
693 if (!(flags & MSG_PEEK)) {
694 atomic_sub(chunk, &sk->sk_rmem_alloc);
695
696 skb_pull(skb, chunk);
697 if (skb->len) {
698 skb_queue_head(&sk->sk_receive_queue, skb);
699 break;
700 }
701 kfree_skb(skb);
702
703 } else {
704
705 skb_queue_head(&sk->sk_receive_queue, skb);
706 break;
707 }
708 } while (size);
709
710out:
711 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
712 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
713
714 release_sock(sk);
715 return copied ? : err;
716}
717
718static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
719{
720 struct sock *sk = sock->sk;
721 int err = 0;
722 u32 opt;
723
724 BT_DBG("sk %p", sk);
725
726 lock_sock(sk);
727
728 switch (optname) {
729 case RFCOMM_LM:
730 if (get_user(opt, (u32 __user *) optval)) {
731 err = -EFAULT;
732 break;
733 }
734
735 rfcomm_pi(sk)->link_mode = opt;
736 break;
737
738 default:
739 err = -ENOPROTOOPT;
740 break;
741 }
742
743 release_sock(sk);
744 return err;
745}
746
747static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
748{
749 struct sock *sk = sock->sk;
750 struct sock *l2cap_sk;
751 struct rfcomm_conninfo cinfo;
752 int len, err = 0;
753
754 BT_DBG("sk %p", sk);
755
756 if (get_user(len, optlen))
757 return -EFAULT;
758
759 lock_sock(sk);
760
761 switch (optname) {
762 case RFCOMM_LM:
763 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
764 err = -EFAULT;
765 break;
766
767 case RFCOMM_CONNINFO:
768 if (sk->sk_state != BT_CONNECTED) {
769 err = -ENOTCONN;
770 break;
771 }
772
773 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
774
775 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
776 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
777
778 len = min_t(unsigned int, len, sizeof(cinfo));
779 if (copy_to_user(optval, (char *) &cinfo, len))
780 err = -EFAULT;
781
782 break;
783
784 default:
785 err = -ENOPROTOOPT;
786 break;
787 }
788
789 release_sock(sk);
790 return err;
791}
792
793static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
794{
795 struct sock *sk = sock->sk;
796 int err;
797
798 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
799
800 err = bt_sock_ioctl(sock, cmd, arg);
801
802 if (err == -ENOIOCTLCMD) {
803#ifdef CONFIG_BT_RFCOMM_TTY
804 lock_sock(sk);
805 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
806 release_sock(sk);
807#else
808 err = -EOPNOTSUPP;
809#endif
810 }
811
812 return err;
813}
814
815static int rfcomm_sock_shutdown(struct socket *sock, int how)
816{
817 struct sock *sk = sock->sk;
818 int err = 0;
819
820 BT_DBG("sock %p, sk %p", sock, sk);
821
822 if (!sk) return 0;
823
824 lock_sock(sk);
825 if (!sk->sk_shutdown) {
826 sk->sk_shutdown = SHUTDOWN_MASK;
827 __rfcomm_sock_close(sk);
828
829 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
830 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
831 }
832 release_sock(sk);
833 return err;
834}
835
836static int rfcomm_sock_release(struct socket *sock)
837{
838 struct sock *sk = sock->sk;
839 int err;
840
841 BT_DBG("sock %p, sk %p", sock, sk);
842
843 if (!sk)
844 return 0;
845
846 err = rfcomm_sock_shutdown(sock, 2);
847
848 sock_orphan(sk);
849 rfcomm_sock_kill(sk);
850 return err;
851}
852
853
854
855
856
857int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
858{
859 struct sock *sk, *parent;
860 bdaddr_t src, dst;
861 int result = 0;
862
863 BT_DBG("session %p channel %d", s, channel);
864
865 rfcomm_session_getaddr(s, &src, &dst);
866
867
868 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
869 if (!parent)
870 return 0;
871
872
873 if (sk_acceptq_is_full(parent)) {
874 BT_DBG("backlog full %d", parent->sk_ack_backlog);
875 goto done;
876 }
877
878 sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
879 if (!sk)
880 goto done;
881
882 rfcomm_sock_init(sk, parent);
883 bacpy(&bt_sk(sk)->src, &src);
884 bacpy(&bt_sk(sk)->dst, &dst);
885 rfcomm_pi(sk)->channel = channel;
886
887 sk->sk_state = BT_CONFIG;
888 bt_accept_enqueue(parent, sk);
889
890
891 *d = rfcomm_pi(sk)->dlc;
892 result = 1;
893
894done:
895 bh_unlock_sock(parent);
896 return result;
897}
898
899static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf)
900{
901 struct sock *sk;
902 struct hlist_node *node;
903 char *str = buf;
904
905 read_lock_bh(&rfcomm_sk_list.lock);
906
907 sk_for_each(sk, node, &rfcomm_sk_list.head) {
908 str += sprintf(str, "%s %s %d %d\n",
909 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
910 sk->sk_state, rfcomm_pi(sk)->channel);
911 }
912
913 read_unlock_bh(&rfcomm_sk_list.lock);
914
915 return (str - buf);
916}
917
918static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL);
919
920static const struct proto_ops rfcomm_sock_ops = {
921 .family = PF_BLUETOOTH,
922 .owner = THIS_MODULE,
923 .release = rfcomm_sock_release,
924 .bind = rfcomm_sock_bind,
925 .connect = rfcomm_sock_connect,
926 .listen = rfcomm_sock_listen,
927 .accept = rfcomm_sock_accept,
928 .getname = rfcomm_sock_getname,
929 .sendmsg = rfcomm_sock_sendmsg,
930 .recvmsg = rfcomm_sock_recvmsg,
931 .shutdown = rfcomm_sock_shutdown,
932 .setsockopt = rfcomm_sock_setsockopt,
933 .getsockopt = rfcomm_sock_getsockopt,
934 .ioctl = rfcomm_sock_ioctl,
935 .poll = bt_sock_poll,
936 .socketpair = sock_no_socketpair,
937 .mmap = sock_no_mmap
938};
939
940static struct net_proto_family rfcomm_sock_family_ops = {
941 .family = PF_BLUETOOTH,
942 .owner = THIS_MODULE,
943 .create = rfcomm_sock_create
944};
945
946int __init rfcomm_init_sockets(void)
947{
948 int err;
949
950 err = proto_register(&rfcomm_proto, 0);
951 if (err < 0)
952 return err;
953
954 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
955 if (err < 0)
956 goto error;
957
958 if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
959 BT_ERR("Failed to create RFCOMM info file");
960
961 BT_INFO("RFCOMM socket layer initialized");
962
963 return 0;
964
965error:
966 BT_ERR("RFCOMM socket layer registration failed");
967 proto_unregister(&rfcomm_proto);
968 return err;
969}
970
971void __exit rfcomm_cleanup_sockets(void)
972{
973 class_remove_file(bt_class, &class_attr_rfcomm);
974
975 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
976 BT_ERR("RFCOMM socket layer unregistration failed");
977
978 proto_unregister(&rfcomm_proto);
979}