Bluetooth: Fix hci_inquiry ioctl usage
[linux-3.10.git] / net / bluetooth / rfcomm / sock.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM sockets.
26  */
27
28 #include <linux/export.h>
29 #include <linux/debugfs.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/rfcomm.h>
35
36 static const struct proto_ops rfcomm_sock_ops;
37
38 static struct bt_sock_list rfcomm_sk_list = {
39         .lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
40 };
41
42 static void rfcomm_sock_close(struct sock *sk);
43 static void rfcomm_sock_kill(struct sock *sk);
44
45 /* ---- DLC callbacks ----
46  *
47  * called under rfcomm_dlc_lock()
48  */
49 static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
50 {
51         struct sock *sk = d->owner;
52         if (!sk)
53                 return;
54
55         atomic_add(skb->len, &sk->sk_rmem_alloc);
56         skb_queue_tail(&sk->sk_receive_queue, skb);
57         sk->sk_data_ready(sk, skb->len);
58
59         if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
60                 rfcomm_dlc_throttle(d);
61 }
62
63 static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
64 {
65         struct sock *sk = d->owner, *parent;
66         unsigned long flags;
67
68         if (!sk)
69                 return;
70
71         BT_DBG("dlc %p state %ld err %d", d, d->state, err);
72
73         local_irq_save(flags);
74         bh_lock_sock(sk);
75
76         if (err)
77                 sk->sk_err = err;
78
79         sk->sk_state = d->state;
80
81         parent = bt_sk(sk)->parent;
82         if (parent) {
83                 if (d->state == BT_CLOSED) {
84                         sock_set_flag(sk, SOCK_ZAPPED);
85                         bt_accept_unlink(sk);
86                 }
87                 parent->sk_data_ready(parent, 0);
88         } else {
89                 if (d->state == BT_CONNECTED)
90                         rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
91                 sk->sk_state_change(sk);
92         }
93
94         bh_unlock_sock(sk);
95         local_irq_restore(flags);
96
97         if (parent && sock_flag(sk, SOCK_ZAPPED)) {
98                 /* We have to drop DLC lock here, otherwise
99                  * rfcomm_sock_destruct() will dead lock. */
100                 rfcomm_dlc_unlock(d);
101                 rfcomm_sock_kill(sk);
102                 rfcomm_dlc_lock(d);
103         }
104 }
105
106 /* ---- Socket functions ---- */
107 static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
108 {
109         struct sock *sk = NULL;
110
111         sk_for_each(sk, &rfcomm_sk_list.head) {
112                 if (rfcomm_pi(sk)->channel == channel &&
113                                 !bacmp(&bt_sk(sk)->src, src))
114                         break;
115         }
116
117         return sk ? sk : NULL;
118 }
119
120 /* Find socket with channel and source bdaddr.
121  * Returns closest match.
122  */
123 static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
124 {
125         struct sock *sk = NULL, *sk1 = NULL;
126
127         read_lock(&rfcomm_sk_list.lock);
128
129         sk_for_each(sk, &rfcomm_sk_list.head) {
130                 if (state && sk->sk_state != state)
131                         continue;
132
133                 if (rfcomm_pi(sk)->channel == channel) {
134                         /* Exact match. */
135                         if (!bacmp(&bt_sk(sk)->src, src))
136                                 break;
137
138                         /* Closest match */
139                         if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
140                                 sk1 = sk;
141                 }
142         }
143
144         read_unlock(&rfcomm_sk_list.lock);
145
146         return sk ? sk : sk1;
147 }
148
149 static void rfcomm_sock_destruct(struct sock *sk)
150 {
151         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
152
153         BT_DBG("sk %p dlc %p", sk, d);
154
155         skb_queue_purge(&sk->sk_receive_queue);
156         skb_queue_purge(&sk->sk_write_queue);
157
158         rfcomm_dlc_lock(d);
159         rfcomm_pi(sk)->dlc = NULL;
160
161         /* Detach DLC if it's owned by this socket */
162         if (d->owner == sk)
163                 d->owner = NULL;
164         rfcomm_dlc_unlock(d);
165
166         rfcomm_dlc_put(d);
167 }
168
169 static void rfcomm_sock_cleanup_listen(struct sock *parent)
170 {
171         struct sock *sk;
172
173         BT_DBG("parent %p", parent);
174
175         /* Close not yet accepted dlcs */
176         while ((sk = bt_accept_dequeue(parent, NULL))) {
177                 rfcomm_sock_close(sk);
178                 rfcomm_sock_kill(sk);
179         }
180
181         parent->sk_state  = BT_CLOSED;
182         sock_set_flag(parent, SOCK_ZAPPED);
183 }
184
185 /* Kill socket (only if zapped and orphan)
186  * Must be called on unlocked socket.
187  */
188 static void rfcomm_sock_kill(struct sock *sk)
189 {
190         if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
191                 return;
192
193         BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
194
195         /* Kill poor orphan */
196         bt_sock_unlink(&rfcomm_sk_list, sk);
197         sock_set_flag(sk, SOCK_DEAD);
198         sock_put(sk);
199 }
200
201 static void __rfcomm_sock_close(struct sock *sk)
202 {
203         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
204
205         BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
206
207         switch (sk->sk_state) {
208         case BT_LISTEN:
209                 rfcomm_sock_cleanup_listen(sk);
210                 break;
211
212         case BT_CONNECT:
213         case BT_CONNECT2:
214         case BT_CONFIG:
215         case BT_CONNECTED:
216                 rfcomm_dlc_close(d, 0);
217
218         default:
219                 sock_set_flag(sk, SOCK_ZAPPED);
220                 break;
221         }
222 }
223
224 /* Close socket.
225  * Must be called on unlocked socket.
226  */
227 static void rfcomm_sock_close(struct sock *sk)
228 {
229         lock_sock(sk);
230         __rfcomm_sock_close(sk);
231         release_sock(sk);
232 }
233
234 static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
235 {
236         struct rfcomm_pinfo *pi = rfcomm_pi(sk);
237
238         BT_DBG("sk %p", sk);
239
240         if (parent) {
241                 sk->sk_type = parent->sk_type;
242                 pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
243                                                 &bt_sk(parent)->flags);
244
245                 pi->sec_level = rfcomm_pi(parent)->sec_level;
246                 pi->role_switch = rfcomm_pi(parent)->role_switch;
247
248                 security_sk_clone(parent, sk);
249         } else {
250                 pi->dlc->defer_setup = 0;
251
252                 pi->sec_level = BT_SECURITY_LOW;
253                 pi->role_switch = 0;
254         }
255
256         pi->dlc->sec_level = pi->sec_level;
257         pi->dlc->role_switch = pi->role_switch;
258 }
259
260 static struct proto rfcomm_proto = {
261         .name           = "RFCOMM",
262         .owner          = THIS_MODULE,
263         .obj_size       = sizeof(struct rfcomm_pinfo)
264 };
265
266 static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
267 {
268         struct rfcomm_dlc *d;
269         struct sock *sk;
270
271         sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
272         if (!sk)
273                 return NULL;
274
275         sock_init_data(sock, sk);
276         INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
277
278         d = rfcomm_dlc_alloc(prio);
279         if (!d) {
280                 sk_free(sk);
281                 return NULL;
282         }
283
284         d->data_ready   = rfcomm_sk_data_ready;
285         d->state_change = rfcomm_sk_state_change;
286
287         rfcomm_pi(sk)->dlc = d;
288         d->owner = sk;
289
290         sk->sk_destruct = rfcomm_sock_destruct;
291         sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
292
293         sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
294         sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
295
296         sock_reset_flag(sk, SOCK_ZAPPED);
297
298         sk->sk_protocol = proto;
299         sk->sk_state    = BT_OPEN;
300
301         bt_sock_link(&rfcomm_sk_list, sk);
302
303         BT_DBG("sk %p", sk);
304         return sk;
305 }
306
307 static int rfcomm_sock_create(struct net *net, struct socket *sock,
308                               int protocol, int kern)
309 {
310         struct sock *sk;
311
312         BT_DBG("sock %p", sock);
313
314         sock->state = SS_UNCONNECTED;
315
316         if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
317                 return -ESOCKTNOSUPPORT;
318
319         sock->ops = &rfcomm_sock_ops;
320
321         sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
322         if (!sk)
323                 return -ENOMEM;
324
325         rfcomm_sock_init(sk, NULL);
326         return 0;
327 }
328
329 static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
330 {
331         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
332         struct sock *sk = sock->sk;
333         int err = 0;
334
335         BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
336
337         if (!addr || addr->sa_family != AF_BLUETOOTH)
338                 return -EINVAL;
339
340         lock_sock(sk);
341
342         if (sk->sk_state != BT_OPEN) {
343                 err = -EBADFD;
344                 goto done;
345         }
346
347         if (sk->sk_type != SOCK_STREAM) {
348                 err = -EINVAL;
349                 goto done;
350         }
351
352         write_lock(&rfcomm_sk_list.lock);
353
354         if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
355                 err = -EADDRINUSE;
356         } else {
357                 /* Save source address */
358                 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
359                 rfcomm_pi(sk)->channel = sa->rc_channel;
360                 sk->sk_state = BT_BOUND;
361         }
362
363         write_unlock(&rfcomm_sk_list.lock);
364
365 done:
366         release_sock(sk);
367         return err;
368 }
369
370 static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
371 {
372         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
373         struct sock *sk = sock->sk;
374         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
375         int err = 0;
376
377         BT_DBG("sk %p", sk);
378
379         if (alen < sizeof(struct sockaddr_rc) ||
380             addr->sa_family != AF_BLUETOOTH)
381                 return -EINVAL;
382
383         lock_sock(sk);
384
385         if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
386                 err = -EBADFD;
387                 goto done;
388         }
389
390         if (sk->sk_type != SOCK_STREAM) {
391                 err = -EINVAL;
392                 goto done;
393         }
394
395         sk->sk_state = BT_CONNECT;
396         bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
397         rfcomm_pi(sk)->channel = sa->rc_channel;
398
399         d->sec_level = rfcomm_pi(sk)->sec_level;
400         d->role_switch = rfcomm_pi(sk)->role_switch;
401
402         err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
403         if (!err)
404                 err = bt_sock_wait_state(sk, BT_CONNECTED,
405                                 sock_sndtimeo(sk, flags & O_NONBLOCK));
406
407 done:
408         release_sock(sk);
409         return err;
410 }
411
412 static int rfcomm_sock_listen(struct socket *sock, int backlog)
413 {
414         struct sock *sk = sock->sk;
415         int err = 0;
416
417         BT_DBG("sk %p backlog %d", sk, backlog);
418
419         lock_sock(sk);
420
421         if (sk->sk_state != BT_BOUND) {
422                 err = -EBADFD;
423                 goto done;
424         }
425
426         if (sk->sk_type != SOCK_STREAM) {
427                 err = -EINVAL;
428                 goto done;
429         }
430
431         if (!rfcomm_pi(sk)->channel) {
432                 bdaddr_t *src = &bt_sk(sk)->src;
433                 u8 channel;
434
435                 err = -EINVAL;
436
437                 write_lock(&rfcomm_sk_list.lock);
438
439                 for (channel = 1; channel < 31; channel++)
440                         if (!__rfcomm_get_sock_by_addr(channel, src)) {
441                                 rfcomm_pi(sk)->channel = channel;
442                                 err = 0;
443                                 break;
444                         }
445
446                 write_unlock(&rfcomm_sk_list.lock);
447
448                 if (err < 0)
449                         goto done;
450         }
451
452         sk->sk_max_ack_backlog = backlog;
453         sk->sk_ack_backlog = 0;
454         sk->sk_state = BT_LISTEN;
455
456 done:
457         release_sock(sk);
458         return err;
459 }
460
461 static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
462 {
463         DECLARE_WAITQUEUE(wait, current);
464         struct sock *sk = sock->sk, *nsk;
465         long timeo;
466         int err = 0;
467
468         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
469
470         if (sk->sk_type != SOCK_STREAM) {
471                 err = -EINVAL;
472                 goto done;
473         }
474
475         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
476
477         BT_DBG("sk %p timeo %ld", sk, timeo);
478
479         /* Wait for an incoming connection. (wake-one). */
480         add_wait_queue_exclusive(sk_sleep(sk), &wait);
481         while (1) {
482                 set_current_state(TASK_INTERRUPTIBLE);
483
484                 if (sk->sk_state != BT_LISTEN) {
485                         err = -EBADFD;
486                         break;
487                 }
488
489                 nsk = bt_accept_dequeue(sk, newsock);
490                 if (nsk)
491                         break;
492
493                 if (!timeo) {
494                         err = -EAGAIN;
495                         break;
496                 }
497
498                 if (signal_pending(current)) {
499                         err = sock_intr_errno(timeo);
500                         break;
501                 }
502
503                 release_sock(sk);
504                 timeo = schedule_timeout(timeo);
505                 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
506         }
507         __set_current_state(TASK_RUNNING);
508         remove_wait_queue(sk_sleep(sk), &wait);
509
510         if (err)
511                 goto done;
512
513         newsock->state = SS_CONNECTED;
514
515         BT_DBG("new socket %p", nsk);
516
517 done:
518         release_sock(sk);
519         return err;
520 }
521
522 static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
523 {
524         struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
525         struct sock *sk = sock->sk;
526
527         BT_DBG("sock %p, sk %p", sock, sk);
528
529         memset(sa, 0, sizeof(*sa));
530         sa->rc_family  = AF_BLUETOOTH;
531         sa->rc_channel = rfcomm_pi(sk)->channel;
532         if (peer)
533                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
534         else
535                 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
536
537         *len = sizeof(struct sockaddr_rc);
538         return 0;
539 }
540
541 static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
542                                struct msghdr *msg, size_t len)
543 {
544         struct sock *sk = sock->sk;
545         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
546         struct sk_buff *skb;
547         int sent = 0;
548
549         if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
550                 return -ENOTCONN;
551
552         if (msg->msg_flags & MSG_OOB)
553                 return -EOPNOTSUPP;
554
555         if (sk->sk_shutdown & SEND_SHUTDOWN)
556                 return -EPIPE;
557
558         BT_DBG("sock %p, sk %p", sock, sk);
559
560         lock_sock(sk);
561
562         while (len) {
563                 size_t size = min_t(size_t, len, d->mtu);
564                 int err;
565
566                 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
567                                 msg->msg_flags & MSG_DONTWAIT, &err);
568                 if (!skb) {
569                         if (sent == 0)
570                                 sent = err;
571                         break;
572                 }
573                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
574
575                 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
576                 if (err) {
577                         kfree_skb(skb);
578                         if (sent == 0)
579                                 sent = err;
580                         break;
581                 }
582
583                 skb->priority = sk->sk_priority;
584
585                 err = rfcomm_dlc_send(d, skb);
586                 if (err < 0) {
587                         kfree_skb(skb);
588                         if (sent == 0)
589                                 sent = err;
590                         break;
591                 }
592
593                 sent += size;
594                 len  -= size;
595         }
596
597         release_sock(sk);
598
599         return sent;
600 }
601
602 static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
603                                struct msghdr *msg, size_t size, int flags)
604 {
605         struct sock *sk = sock->sk;
606         struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
607         int len;
608
609         if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
610                 rfcomm_dlc_accept(d);
611                 return 0;
612         }
613
614         len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
615
616         lock_sock(sk);
617         if (!(flags & MSG_PEEK) && len > 0)
618                 atomic_sub(len, &sk->sk_rmem_alloc);
619
620         if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
621                 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
622         release_sock(sk);
623
624         return len;
625 }
626
627 static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
628 {
629         struct sock *sk = sock->sk;
630         int err = 0;
631         u32 opt;
632
633         BT_DBG("sk %p", sk);
634
635         lock_sock(sk);
636
637         switch (optname) {
638         case RFCOMM_LM:
639                 if (get_user(opt, (u32 __user *) optval)) {
640                         err = -EFAULT;
641                         break;
642                 }
643
644                 if (opt & RFCOMM_LM_AUTH)
645                         rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
646                 if (opt & RFCOMM_LM_ENCRYPT)
647                         rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
648                 if (opt & RFCOMM_LM_SECURE)
649                         rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
650
651                 rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
652                 break;
653
654         default:
655                 err = -ENOPROTOOPT;
656                 break;
657         }
658
659         release_sock(sk);
660         return err;
661 }
662
663 static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
664 {
665         struct sock *sk = sock->sk;
666         struct bt_security sec;
667         int err = 0;
668         size_t len;
669         u32 opt;
670
671         BT_DBG("sk %p", sk);
672
673         if (level == SOL_RFCOMM)
674                 return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
675
676         if (level != SOL_BLUETOOTH)
677                 return -ENOPROTOOPT;
678
679         lock_sock(sk);
680
681         switch (optname) {
682         case BT_SECURITY:
683                 if (sk->sk_type != SOCK_STREAM) {
684                         err = -EINVAL;
685                         break;
686                 }
687
688                 sec.level = BT_SECURITY_LOW;
689
690                 len = min_t(unsigned int, sizeof(sec), optlen);
691                 if (copy_from_user((char *) &sec, optval, len)) {
692                         err = -EFAULT;
693                         break;
694                 }
695
696                 if (sec.level > BT_SECURITY_HIGH) {
697                         err = -EINVAL;
698                         break;
699                 }
700
701                 rfcomm_pi(sk)->sec_level = sec.level;
702                 break;
703
704         case BT_DEFER_SETUP:
705                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
706                         err = -EINVAL;
707                         break;
708                 }
709
710                 if (get_user(opt, (u32 __user *) optval)) {
711                         err = -EFAULT;
712                         break;
713                 }
714
715                 if (opt)
716                         set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
717                 else
718                         clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
719
720                 break;
721
722         default:
723                 err = -ENOPROTOOPT;
724                 break;
725         }
726
727         release_sock(sk);
728         return err;
729 }
730
731 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
732 {
733         struct sock *sk = sock->sk;
734         struct rfcomm_conninfo cinfo;
735         struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
736         int len, err = 0;
737         u32 opt;
738
739         BT_DBG("sk %p", sk);
740
741         if (get_user(len, optlen))
742                 return -EFAULT;
743
744         lock_sock(sk);
745
746         switch (optname) {
747         case RFCOMM_LM:
748                 switch (rfcomm_pi(sk)->sec_level) {
749                 case BT_SECURITY_LOW:
750                         opt = RFCOMM_LM_AUTH;
751                         break;
752                 case BT_SECURITY_MEDIUM:
753                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
754                         break;
755                 case BT_SECURITY_HIGH:
756                         opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
757                                                         RFCOMM_LM_SECURE;
758                         break;
759                 default:
760                         opt = 0;
761                         break;
762                 }
763
764                 if (rfcomm_pi(sk)->role_switch)
765                         opt |= RFCOMM_LM_MASTER;
766
767                 if (put_user(opt, (u32 __user *) optval))
768                         err = -EFAULT;
769                 break;
770
771         case RFCOMM_CONNINFO:
772                 if (sk->sk_state != BT_CONNECTED &&
773                                         !rfcomm_pi(sk)->dlc->defer_setup) {
774                         err = -ENOTCONN;
775                         break;
776                 }
777
778                 memset(&cinfo, 0, sizeof(cinfo));
779                 cinfo.hci_handle = conn->hcon->handle;
780                 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
781
782                 len = min_t(unsigned int, len, sizeof(cinfo));
783                 if (copy_to_user(optval, (char *) &cinfo, len))
784                         err = -EFAULT;
785
786                 break;
787
788         default:
789                 err = -ENOPROTOOPT;
790                 break;
791         }
792
793         release_sock(sk);
794         return err;
795 }
796
797 static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
798 {
799         struct sock *sk = sock->sk;
800         struct bt_security sec;
801         int len, err = 0;
802
803         BT_DBG("sk %p", sk);
804
805         if (level == SOL_RFCOMM)
806                 return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
807
808         if (level != SOL_BLUETOOTH)
809                 return -ENOPROTOOPT;
810
811         if (get_user(len, optlen))
812                 return -EFAULT;
813
814         lock_sock(sk);
815
816         switch (optname) {
817         case BT_SECURITY:
818                 if (sk->sk_type != SOCK_STREAM) {
819                         err = -EINVAL;
820                         break;
821                 }
822
823                 sec.level = rfcomm_pi(sk)->sec_level;
824                 sec.key_size = 0;
825
826                 len = min_t(unsigned int, len, sizeof(sec));
827                 if (copy_to_user(optval, (char *) &sec, len))
828                         err = -EFAULT;
829
830                 break;
831
832         case BT_DEFER_SETUP:
833                 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
834                         err = -EINVAL;
835                         break;
836                 }
837
838                 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
839                              (u32 __user *) optval))
840                         err = -EFAULT;
841
842                 break;
843
844         default:
845                 err = -ENOPROTOOPT;
846                 break;
847         }
848
849         release_sock(sk);
850         return err;
851 }
852
853 static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
854 {
855         struct sock *sk __maybe_unused = sock->sk;
856         int err;
857
858         BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
859
860         err = bt_sock_ioctl(sock, cmd, arg);
861
862         if (err == -ENOIOCTLCMD) {
863 #ifdef CONFIG_BT_RFCOMM_TTY
864                 lock_sock(sk);
865                 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
866                 release_sock(sk);
867 #else
868                 err = -EOPNOTSUPP;
869 #endif
870         }
871
872         return err;
873 }
874
875 static int rfcomm_sock_shutdown(struct socket *sock, int how)
876 {
877         struct sock *sk = sock->sk;
878         int err = 0;
879
880         BT_DBG("sock %p, sk %p", sock, sk);
881
882         if (!sk)
883                 return 0;
884
885         lock_sock(sk);
886         if (!sk->sk_shutdown) {
887                 sk->sk_shutdown = SHUTDOWN_MASK;
888                 __rfcomm_sock_close(sk);
889
890                 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
891                         err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
892         }
893         release_sock(sk);
894         return err;
895 }
896
897 static int rfcomm_sock_release(struct socket *sock)
898 {
899         struct sock *sk = sock->sk;
900         int err;
901
902         BT_DBG("sock %p, sk %p", sock, sk);
903
904         if (!sk)
905                 return 0;
906
907         err = rfcomm_sock_shutdown(sock, 2);
908
909         sock_orphan(sk);
910         rfcomm_sock_kill(sk);
911         return err;
912 }
913
914 /* ---- RFCOMM core layer callbacks ----
915  *
916  * called under rfcomm_lock()
917  */
918 int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
919 {
920         struct sock *sk, *parent;
921         bdaddr_t src, dst;
922         int result = 0;
923
924         BT_DBG("session %p channel %d", s, channel);
925
926         rfcomm_session_getaddr(s, &src, &dst);
927
928         /* Check if we have socket listening on channel */
929         parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
930         if (!parent)
931                 return 0;
932
933         bh_lock_sock(parent);
934
935         /* Check for backlog size */
936         if (sk_acceptq_is_full(parent)) {
937                 BT_DBG("backlog full %d", parent->sk_ack_backlog);
938                 goto done;
939         }
940
941         sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
942         if (!sk)
943                 goto done;
944
945         bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
946
947         rfcomm_sock_init(sk, parent);
948         bacpy(&bt_sk(sk)->src, &src);
949         bacpy(&bt_sk(sk)->dst, &dst);
950         rfcomm_pi(sk)->channel = channel;
951
952         sk->sk_state = BT_CONFIG;
953         bt_accept_enqueue(parent, sk);
954
955         /* Accept connection and return socket DLC */
956         *d = rfcomm_pi(sk)->dlc;
957         result = 1;
958
959 done:
960         bh_unlock_sock(parent);
961
962         if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
963                 parent->sk_state_change(parent);
964
965         return result;
966 }
967
968 static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
969 {
970         struct sock *sk;
971
972         read_lock(&rfcomm_sk_list.lock);
973
974         sk_for_each(sk, &rfcomm_sk_list.head) {
975                 seq_printf(f, "%pMR %pMR %d %d\n",
976                            &bt_sk(sk)->src, &bt_sk(sk)->dst,
977                            sk->sk_state, rfcomm_pi(sk)->channel);
978         }
979
980         read_unlock(&rfcomm_sk_list.lock);
981
982         return 0;
983 }
984
985 static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
986 {
987         return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
988 }
989
990 static const struct file_operations rfcomm_sock_debugfs_fops = {
991         .open           = rfcomm_sock_debugfs_open,
992         .read           = seq_read,
993         .llseek         = seq_lseek,
994         .release        = single_release,
995 };
996
997 static struct dentry *rfcomm_sock_debugfs;
998
999 static const struct proto_ops rfcomm_sock_ops = {
1000         .family         = PF_BLUETOOTH,
1001         .owner          = THIS_MODULE,
1002         .release        = rfcomm_sock_release,
1003         .bind           = rfcomm_sock_bind,
1004         .connect        = rfcomm_sock_connect,
1005         .listen         = rfcomm_sock_listen,
1006         .accept         = rfcomm_sock_accept,
1007         .getname        = rfcomm_sock_getname,
1008         .sendmsg        = rfcomm_sock_sendmsg,
1009         .recvmsg        = rfcomm_sock_recvmsg,
1010         .shutdown       = rfcomm_sock_shutdown,
1011         .setsockopt     = rfcomm_sock_setsockopt,
1012         .getsockopt     = rfcomm_sock_getsockopt,
1013         .ioctl          = rfcomm_sock_ioctl,
1014         .poll           = bt_sock_poll,
1015         .socketpair     = sock_no_socketpair,
1016         .mmap           = sock_no_mmap
1017 };
1018
1019 static const struct net_proto_family rfcomm_sock_family_ops = {
1020         .family         = PF_BLUETOOTH,
1021         .owner          = THIS_MODULE,
1022         .create         = rfcomm_sock_create
1023 };
1024
1025 int __init rfcomm_init_sockets(void)
1026 {
1027         int err;
1028
1029         err = proto_register(&rfcomm_proto, 0);
1030         if (err < 0)
1031                 return err;
1032
1033         err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
1034         if (err < 0) {
1035                 BT_ERR("RFCOMM socket layer registration failed");
1036                 goto error;
1037         }
1038
1039         err = bt_procfs_init(THIS_MODULE, &init_net, "rfcomm", &rfcomm_sk_list, NULL);
1040         if (err < 0) {
1041                 BT_ERR("Failed to create RFCOMM proc file");
1042                 bt_sock_unregister(BTPROTO_RFCOMM);
1043                 goto error;
1044         }
1045
1046         if (bt_debugfs) {
1047                 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1048                                 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1049                 if (!rfcomm_sock_debugfs)
1050                         BT_ERR("Failed to create RFCOMM debug file");
1051         }
1052
1053         BT_INFO("RFCOMM socket layer initialized");
1054
1055         return 0;
1056
1057 error:
1058         proto_unregister(&rfcomm_proto);
1059         return err;
1060 }
1061
1062 void __exit rfcomm_cleanup_sockets(void)
1063 {
1064         bt_procfs_cleanup(&init_net, "rfcomm");
1065
1066         debugfs_remove(rfcomm_sock_debugfs);
1067
1068         bt_sock_unregister(BTPROTO_RFCOMM);
1069
1070         proto_unregister(&rfcomm_proto);
1071 }