2007-02-09 15:24:33 +01:00
|
|
|
/*
|
2005-04-17 00:20:36 +02:00
|
|
|
RFCOMM implementation for Linux Bluetooth stack (BlueZ).
|
|
|
|
Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
|
|
|
|
Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License version 2 as
|
|
|
|
published by the Free Software Foundation;
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
|
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
|
|
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
|
2007-02-09 15:24:33 +01:00
|
|
|
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
|
|
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
2005-04-17 00:20:36 +02:00
|
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
2007-02-09 15:24:33 +01:00
|
|
|
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
|
|
|
|
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
|
2005-04-17 00:20:36 +02:00
|
|
|
SOFTWARE IS DISCLAIMED.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* RFCOMM sockets.
|
|
|
|
*/
|
|
|
|
|
2012-05-23 09:04:22 +02:00
|
|
|
#include <linux/export.h>
|
2010-03-21 05:27:45 +01:00
|
|
|
#include <linux/debugfs.h>
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
#include <net/bluetooth/bluetooth.h>
|
|
|
|
#include <net/bluetooth/hci_core.h>
|
|
|
|
#include <net/bluetooth/l2cap.h>
|
|
|
|
#include <net/bluetooth/rfcomm.h>
|
|
|
|
|
2005-12-22 21:49:22 +01:00
|
|
|
static const struct proto_ops rfcomm_sock_ops;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
static struct bt_sock_list rfcomm_sk_list = {
|
2008-03-29 00:17:38 +01:00
|
|
|
.lock = __RW_LOCK_UNLOCKED(rfcomm_sk_list.lock)
|
2005-04-17 00:20:36 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static void rfcomm_sock_close(struct sock *sk);
|
|
|
|
static void rfcomm_sock_kill(struct sock *sk);
|
|
|
|
|
|
|
|
/* ---- DLC callbacks ----
|
|
|
|
*
|
|
|
|
* called under rfcomm_dlc_lock()
|
|
|
|
*/
|
|
|
|
static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
struct sock *sk = d->owner;
|
|
|
|
if (!sk)
|
|
|
|
return;
|
|
|
|
|
|
|
|
atomic_add(skb->len, &sk->sk_rmem_alloc);
|
|
|
|
skb_queue_tail(&sk->sk_receive_queue, skb);
|
|
|
|
sk->sk_data_ready(sk, skb->len);
|
|
|
|
|
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
|
|
|
|
rfcomm_dlc_throttle(d);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
|
|
|
|
{
|
|
|
|
struct sock *sk = d->owner, *parent;
|
2010-08-14 05:48:07 +02:00
|
|
|
unsigned long flags;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!sk)
|
|
|
|
return;
|
|
|
|
|
|
|
|
BT_DBG("dlc %p state %ld err %d", d, d->state, err);
|
|
|
|
|
2010-08-14 05:48:07 +02:00
|
|
|
local_irq_save(flags);
|
2005-04-17 00:20:36 +02:00
|
|
|
bh_lock_sock(sk);
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
sk->sk_err = err;
|
|
|
|
|
|
|
|
sk->sk_state = d->state;
|
|
|
|
|
|
|
|
parent = bt_sk(sk)->parent;
|
|
|
|
if (parent) {
|
|
|
|
if (d->state == BT_CLOSED) {
|
|
|
|
sock_set_flag(sk, SOCK_ZAPPED);
|
|
|
|
bt_accept_unlink(sk);
|
|
|
|
}
|
|
|
|
parent->sk_data_ready(parent, 0);
|
|
|
|
} else {
|
|
|
|
if (d->state == BT_CONNECTED)
|
2013-10-13 19:34:02 +02:00
|
|
|
rfcomm_session_getaddr(d->session,
|
|
|
|
&rfcomm_pi(sk)->src, NULL);
|
2005-04-17 00:20:36 +02:00
|
|
|
sk->sk_state_change(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
bh_unlock_sock(sk);
|
2010-08-14 05:48:07 +02:00
|
|
|
local_irq_restore(flags);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (parent && sock_flag(sk, SOCK_ZAPPED)) {
|
|
|
|
/* We have to drop DLC lock here, otherwise
|
|
|
|
* rfcomm_sock_destruct() will dead lock. */
|
|
|
|
rfcomm_dlc_unlock(d);
|
|
|
|
rfcomm_sock_kill(sk);
|
|
|
|
rfcomm_dlc_lock(d);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ---- Socket functions ---- */
|
2014-02-20 16:42:01 +01:00
|
|
|
static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk = NULL;
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 02:06:00 +01:00
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) {
|
2014-02-20 16:42:01 +01:00
|
|
|
if (rfcomm_pi(sk)->channel != channel)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (bacmp(&rfcomm_pi(sk)->src, src))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN)
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 02:06:00 +01:00
|
|
|
return sk ? sk : NULL;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Find socket with channel and source bdaddr.
|
|
|
|
* Returns closest match.
|
|
|
|
*/
|
2010-11-01 19:43:53 +01:00
|
|
|
static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk = NULL, *sk1 = NULL;
|
|
|
|
|
2010-11-01 19:43:53 +01:00
|
|
|
read_lock(&rfcomm_sk_list.lock);
|
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 02:06:00 +01:00
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) {
|
2005-04-17 00:20:36 +02:00
|
|
|
if (state && sk->sk_state != state)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (rfcomm_pi(sk)->channel == channel) {
|
|
|
|
/* Exact match. */
|
2013-10-13 19:34:02 +02:00
|
|
|
if (!bacmp(&rfcomm_pi(sk)->src, src))
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
/* Closest match */
|
2013-10-13 19:34:02 +02:00
|
|
|
if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
|
2005-04-17 00:20:36 +02:00
|
|
|
sk1 = sk;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
read_unlock(&rfcomm_sk_list.lock);
|
2010-11-01 19:43:53 +01:00
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 02:06:00 +01:00
|
|
|
return sk ? sk : sk1;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void rfcomm_sock_destruct(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
|
|
|
|
|
|
|
|
BT_DBG("sk %p dlc %p", sk, d);
|
|
|
|
|
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
skb_queue_purge(&sk->sk_write_queue);
|
|
|
|
|
|
|
|
rfcomm_dlc_lock(d);
|
|
|
|
rfcomm_pi(sk)->dlc = NULL;
|
|
|
|
|
|
|
|
/* Detach DLC if it's owned by this socket */
|
|
|
|
if (d->owner == sk)
|
|
|
|
d->owner = NULL;
|
|
|
|
rfcomm_dlc_unlock(d);
|
|
|
|
|
|
|
|
rfcomm_dlc_put(d);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void rfcomm_sock_cleanup_listen(struct sock *parent)
|
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
|
|
|
BT_DBG("parent %p", parent);
|
|
|
|
|
|
|
|
/* Close not yet accepted dlcs */
|
|
|
|
while ((sk = bt_accept_dequeue(parent, NULL))) {
|
|
|
|
rfcomm_sock_close(sk);
|
|
|
|
rfcomm_sock_kill(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
parent->sk_state = BT_CLOSED;
|
|
|
|
sock_set_flag(parent, SOCK_ZAPPED);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Kill socket (only if zapped and orphan)
|
|
|
|
* Must be called on unlocked socket.
|
|
|
|
*/
|
|
|
|
static void rfcomm_sock_kill(struct sock *sk)
|
|
|
|
{
|
|
|
|
if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
|
|
|
|
return;
|
|
|
|
|
|
|
|
BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
|
|
|
|
|
|
|
|
/* Kill poor orphan */
|
|
|
|
bt_sock_unlink(&rfcomm_sk_list, sk);
|
|
|
|
sock_set_flag(sk, SOCK_DEAD);
|
|
|
|
sock_put(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __rfcomm_sock_close(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
|
|
|
|
|
|
|
|
BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
|
|
|
|
|
|
|
|
switch (sk->sk_state) {
|
|
|
|
case BT_LISTEN:
|
|
|
|
rfcomm_sock_cleanup_listen(sk);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case BT_CONNECT:
|
|
|
|
case BT_CONNECT2:
|
|
|
|
case BT_CONFIG:
|
|
|
|
case BT_CONNECTED:
|
|
|
|
rfcomm_dlc_close(d, 0);
|
|
|
|
|
|
|
|
default:
|
|
|
|
sock_set_flag(sk, SOCK_ZAPPED);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Close socket.
|
|
|
|
* Must be called on unlocked socket.
|
|
|
|
*/
|
|
|
|
static void rfcomm_sock_close(struct sock *sk)
|
|
|
|
{
|
|
|
|
lock_sock(sk);
|
|
|
|
__rfcomm_sock_close(sk);
|
|
|
|
release_sock(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
|
|
|
|
{
|
|
|
|
struct rfcomm_pinfo *pi = rfcomm_pi(sk);
|
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
|
|
|
if (parent) {
|
|
|
|
sk->sk_type = parent->sk_type;
|
2012-05-16 17:17:10 +02:00
|
|
|
pi->dlc->defer_setup = test_bit(BT_SK_DEFER_SETUP,
|
|
|
|
&bt_sk(parent)->flags);
|
2009-01-15 21:58:40 +01:00
|
|
|
|
|
|
|
pi->sec_level = rfcomm_pi(parent)->sec_level;
|
|
|
|
pi->role_switch = rfcomm_pi(parent)->role_switch;
|
2011-10-07 11:40:59 +02:00
|
|
|
|
|
|
|
security_sk_clone(parent, sk);
|
2005-04-17 00:20:36 +02:00
|
|
|
} else {
|
2009-01-15 21:56:48 +01:00
|
|
|
pi->dlc->defer_setup = 0;
|
2009-01-15 21:58:40 +01:00
|
|
|
|
|
|
|
pi->sec_level = BT_SECURITY_LOW;
|
|
|
|
pi->role_switch = 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2009-01-15 21:58:40 +01:00
|
|
|
pi->dlc->sec_level = pi->sec_level;
|
|
|
|
pi->dlc->role_switch = pi->role_switch;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct proto rfcomm_proto = {
|
|
|
|
.name = "RFCOMM",
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.obj_size = sizeof(struct rfcomm_pinfo)
|
|
|
|
};
|
|
|
|
|
2007-10-09 08:24:22 +02:00
|
|
|
static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct rfcomm_dlc *d;
|
|
|
|
struct sock *sk;
|
|
|
|
|
2007-11-01 08:39:31 +01:00
|
|
|
sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto);
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!sk)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
sock_init_data(sock, sk);
|
|
|
|
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
|
|
|
|
|
|
|
|
d = rfcomm_dlc_alloc(prio);
|
|
|
|
if (!d) {
|
|
|
|
sk_free(sk);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
d->data_ready = rfcomm_sk_data_ready;
|
|
|
|
d->state_change = rfcomm_sk_state_change;
|
|
|
|
|
|
|
|
rfcomm_pi(sk)->dlc = d;
|
|
|
|
d->owner = sk;
|
|
|
|
|
|
|
|
sk->sk_destruct = rfcomm_sock_destruct;
|
|
|
|
sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
|
|
|
|
|
2008-07-14 20:13:45 +02:00
|
|
|
sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
|
|
|
|
sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
|
|
|
|
|
|
sk->sk_protocol = proto;
|
2008-07-14 20:13:45 +02:00
|
|
|
sk->sk_state = BT_OPEN;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
bt_sock_link(&rfcomm_sk_list, sk);
|
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
2009-11-06 07:18:14 +01:00
|
|
|
static int rfcomm_sock_create(struct net *net, struct socket *sock,
|
|
|
|
int protocol, int kern)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
|
|
|
BT_DBG("sock %p", sock);
|
|
|
|
|
|
|
|
sock->state = SS_UNCONNECTED;
|
|
|
|
|
|
|
|
if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
|
|
|
|
return -ESOCKTNOSUPPORT;
|
|
|
|
|
|
|
|
sock->ops = &rfcomm_sock_ops;
|
|
|
|
|
2007-10-09 08:24:22 +02:00
|
|
|
sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
|
2006-10-15 17:31:14 +02:00
|
|
|
if (!sk)
|
2005-04-17 00:20:36 +02:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
rfcomm_sock_init(sk, NULL);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
|
|
|
|
{
|
|
|
|
struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
2014-02-20 16:42:01 +01:00
|
|
|
int chan = sa->rc_channel;
|
2005-04-17 00:20:36 +02:00
|
|
|
int err = 0;
|
|
|
|
|
2012-09-25 11:49:43 +02:00
|
|
|
BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (!addr || addr->sa_family != AF_BLUETOOTH)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
if (sk->sk_state != BT_OPEN) {
|
|
|
|
err = -EBADFD;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
write_lock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2014-02-20 16:42:01 +01:00
|
|
|
if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
err = -EADDRINUSE;
|
|
|
|
} else {
|
|
|
|
/* Save source address */
|
2013-10-13 19:34:02 +02:00
|
|
|
bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr);
|
2014-02-20 16:42:01 +01:00
|
|
|
rfcomm_pi(sk)->channel = chan;
|
2005-04-17 00:20:36 +02:00
|
|
|
sk->sk_state = BT_BOUND;
|
|
|
|
}
|
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
write_unlock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
|
|
|
|
{
|
|
|
|
struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
2010-04-01 00:58:26 +02:00
|
|
|
if (alen < sizeof(struct sockaddr_rc) ||
|
|
|
|
addr->sa_family != AF_BLUETOOTH)
|
2005-04-17 00:20:36 +02:00
|
|
|
return -EINVAL;
|
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
lock_sock(sk);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
|
|
|
|
err = -EBADFD;
|
|
|
|
goto done;
|
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
sk->sk_state = BT_CONNECT;
|
2013-10-13 19:34:02 +02:00
|
|
|
bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
|
2005-04-17 00:20:36 +02:00
|
|
|
rfcomm_pi(sk)->channel = sa->rc_channel;
|
|
|
|
|
2009-01-15 21:58:40 +01:00
|
|
|
d->sec_level = rfcomm_pi(sk)->sec_level;
|
|
|
|
d->role_switch = rfcomm_pi(sk)->role_switch;
|
2008-07-14 20:13:45 +02:00
|
|
|
|
2013-10-13 19:34:02 +02:00
|
|
|
err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
|
|
|
|
sa->rc_channel);
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!err)
|
|
|
|
err = bt_sock_wait_state(sk, BT_CONNECTED,
|
|
|
|
sock_sndtimeo(sk, flags & O_NONBLOCK));
|
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
done:
|
2005-04-17 00:20:36 +02:00
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_listen(struct socket *sock, int backlog)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
BT_DBG("sk %p backlog %d", sk, backlog);
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
if (sk->sk_state != BT_BOUND) {
|
|
|
|
err = -EBADFD;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!rfcomm_pi(sk)->channel) {
|
2013-10-13 19:34:02 +02:00
|
|
|
bdaddr_t *src = &rfcomm_pi(sk)->src;
|
2005-04-17 00:20:36 +02:00
|
|
|
u8 channel;
|
|
|
|
|
|
|
|
err = -EINVAL;
|
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
write_lock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
for (channel = 1; channel < 31; channel++)
|
2014-02-20 16:42:01 +01:00
|
|
|
if (!__rfcomm_get_listen_sock_by_addr(channel, src)) {
|
2005-04-17 00:20:36 +02:00
|
|
|
rfcomm_pi(sk)->channel = channel;
|
|
|
|
err = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
write_unlock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (err < 0)
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
sk->sk_max_ack_backlog = backlog;
|
|
|
|
sk->sk_ack_backlog = 0;
|
|
|
|
sk->sk_state = BT_LISTEN;
|
|
|
|
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
|
|
|
|
{
|
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
|
|
|
struct sock *sk = sock->sk, *nsk;
|
|
|
|
long timeo;
|
|
|
|
int err = 0;
|
|
|
|
|
2012-11-21 02:25:54 +01:00
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2005-09-13 01:32:31 +02:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
|
|
|
|
|
|
|
|
BT_DBG("sk %p timeo %ld", sk, timeo);
|
|
|
|
|
|
|
|
/* Wait for an incoming connection. (wake-one). */
|
2010-04-20 15:03:51 +02:00
|
|
|
add_wait_queue_exclusive(sk_sleep(sk), &wait);
|
2011-07-24 06:10:41 +02:00
|
|
|
while (1) {
|
2005-04-17 00:20:36 +02:00
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
2011-07-24 06:10:41 +02:00
|
|
|
|
|
|
|
if (sk->sk_state != BT_LISTEN) {
|
|
|
|
err = -EBADFD;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-07-24 06:10:41 +02:00
|
|
|
nsk = bt_accept_dequeue(sk, newsock);
|
|
|
|
if (nsk)
|
|
|
|
break;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2011-07-24 06:10:41 +02:00
|
|
|
if (!timeo) {
|
|
|
|
err = -EAGAIN;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (signal_pending(current)) {
|
|
|
|
err = sock_intr_errno(timeo);
|
|
|
|
break;
|
|
|
|
}
|
2011-07-24 06:10:41 +02:00
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
timeo = schedule_timeout(timeo);
|
2012-11-21 02:25:54 +01:00
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
2011-07-24 06:10:41 +02:00
|
|
|
__set_current_state(TASK_RUNNING);
|
2010-04-20 15:03:51 +02:00
|
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (err)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
newsock->state = SS_CONNECTED;
|
|
|
|
|
|
|
|
BT_DBG("new socket %p", nsk);
|
|
|
|
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
|
|
|
|
{
|
|
|
|
struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
|
|
|
BT_DBG("sock %p, sk %p", sock, sk);
|
|
|
|
|
2014-03-26 14:49:18 +01:00
|
|
|
if (peer && sk->sk_state != BT_CONNECTED &&
|
|
|
|
sk->sk_state != BT_CONNECT && sk->sk_state != BT_CONNECT2)
|
2014-01-29 00:16:50 +01:00
|
|
|
return -ENOTCONN;
|
|
|
|
|
2012-08-15 13:31:50 +02:00
|
|
|
memset(sa, 0, sizeof(*sa));
|
2005-04-17 00:20:36 +02:00
|
|
|
sa->rc_family = AF_BLUETOOTH;
|
|
|
|
sa->rc_channel = rfcomm_pi(sk)->channel;
|
|
|
|
if (peer)
|
2013-10-13 19:34:02 +02:00
|
|
|
bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
|
2005-04-17 00:20:36 +02:00
|
|
|
else
|
2013-10-13 19:34:02 +02:00
|
|
|
bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
*len = sizeof(struct sockaddr_rc);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
|
|
|
|
struct msghdr *msg, size_t len)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
|
|
|
|
struct sk_buff *skb;
|
2013-09-16 12:05:19 +02:00
|
|
|
int sent;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-01-15 21:56:48 +01:00
|
|
|
if (test_bit(RFCOMM_DEFER_SETUP, &d->flags))
|
|
|
|
return -ENOTCONN;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
if (msg->msg_flags & MSG_OOB)
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
|
|
if (sk->sk_shutdown & SEND_SHUTDOWN)
|
|
|
|
return -EPIPE;
|
|
|
|
|
|
|
|
BT_DBG("sock %p, sk %p", sock, sk);
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
2013-09-16 12:05:19 +02:00
|
|
|
sent = bt_sock_wait_ready(sk, msg->msg_flags);
|
|
|
|
if (sent)
|
|
|
|
goto done;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
while (len) {
|
|
|
|
size_t size = min_t(size_t, len, d->mtu);
|
2007-01-08 02:16:31 +01:00
|
|
|
int err;
|
2007-02-09 15:24:33 +01:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
|
|
|
|
msg->msg_flags & MSG_DONTWAIT, &err);
|
2009-01-15 21:52:12 +01:00
|
|
|
if (!skb) {
|
|
|
|
if (sent == 0)
|
|
|
|
sent = err;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
2009-01-15 21:52:12 +01:00
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
|
|
|
|
|
|
|
|
err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
|
|
|
|
if (err) {
|
|
|
|
kfree_skb(skb);
|
2007-01-08 02:16:31 +01:00
|
|
|
if (sent == 0)
|
|
|
|
sent = err;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-11-01 09:58:58 +01:00
|
|
|
skb->priority = sk->sk_priority;
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
err = rfcomm_dlc_send(d, skb);
|
|
|
|
if (err < 0) {
|
|
|
|
kfree_skb(skb);
|
2007-01-08 02:16:31 +01:00
|
|
|
if (sent == 0)
|
|
|
|
sent = err;
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
sent += size;
|
|
|
|
len -= size;
|
|
|
|
}
|
|
|
|
|
2013-09-16 12:05:19 +02:00
|
|
|
done:
|
2005-04-17 00:20:36 +02:00
|
|
|
release_sock(sk);
|
|
|
|
|
2007-01-08 02:16:31 +01:00
|
|
|
return sent;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
|
|
|
struct msghdr *msg, size_t size, int flags)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2009-01-15 21:56:48 +01:00
|
|
|
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
|
2010-09-08 19:05:28 +02:00
|
|
|
int len;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-01-15 21:56:48 +01:00
|
|
|
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
|
|
|
|
rfcomm_dlc_accept(d);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-09-08 19:05:28 +02:00
|
|
|
len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
lock_sock(sk);
|
2010-09-08 19:05:28 +02:00
|
|
|
if (!(flags & MSG_PEEK) && len > 0)
|
|
|
|
atomic_sub(len, &sk->sk_rmem_alloc);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
|
|
|
|
rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
|
|
|
|
release_sock(sk);
|
2010-09-08 19:05:28 +02:00
|
|
|
|
|
|
|
return len;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2009-10-01 01:12:20 +02:00
|
|
|
static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err = 0;
|
|
|
|
u32 opt;
|
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
case RFCOMM_LM:
|
|
|
|
if (get_user(opt, (u32 __user *) optval)) {
|
|
|
|
err = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2014-01-16 07:37:41 +01:00
|
|
|
if (opt & RFCOMM_LM_FIPS) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2009-01-15 21:58:40 +01:00
|
|
|
if (opt & RFCOMM_LM_AUTH)
|
|
|
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW;
|
|
|
|
if (opt & RFCOMM_LM_ENCRYPT)
|
|
|
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
|
|
|
|
if (opt & RFCOMM_LM_SECURE)
|
|
|
|
rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH;
|
|
|
|
|
|
|
|
rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER);
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2009-10-01 01:12:20 +02:00
|
|
|
static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
|
2009-01-15 21:52:14 +01:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2009-01-15 21:58:40 +01:00
|
|
|
struct bt_security sec;
|
2011-05-13 01:50:09 +02:00
|
|
|
int err = 0;
|
|
|
|
size_t len;
|
2009-01-15 21:56:48 +01:00
|
|
|
u32 opt;
|
2009-01-15 21:52:14 +01:00
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
|
|
|
if (level == SOL_RFCOMM)
|
|
|
|
return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen);
|
|
|
|
|
2009-01-16 10:06:13 +01:00
|
|
|
if (level != SOL_BLUETOOTH)
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
2009-01-15 21:52:14 +01:00
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
switch (optname) {
|
2009-01-15 21:58:40 +01:00
|
|
|
case BT_SECURITY:
|
2009-01-16 10:06:13 +01:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2009-01-15 21:58:40 +01:00
|
|
|
sec.level = BT_SECURITY_LOW;
|
|
|
|
|
|
|
|
len = min_t(unsigned int, sizeof(sec), optlen);
|
|
|
|
if (copy_from_user((char *) &sec, optval, len)) {
|
|
|
|
err = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sec.level > BT_SECURITY_HIGH) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
rfcomm_pi(sk)->sec_level = sec.level;
|
|
|
|
break;
|
|
|
|
|
2009-01-15 21:56:48 +01:00
|
|
|
case BT_DEFER_SETUP:
|
|
|
|
if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (get_user(opt, (u32 __user *) optval)) {
|
|
|
|
err = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2012-05-16 17:17:10 +02:00
|
|
|
if (opt)
|
|
|
|
set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
|
|
|
|
else
|
|
|
|
clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
|
|
|
|
|
2009-01-15 21:56:48 +01:00
|
|
|
break;
|
|
|
|
|
2009-01-15 21:52:14 +01:00
|
|
|
default:
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
Bluetooth: Fix issue with RFCOMM getsockopt operation
The commit 94a86df01082557e2de45865e538d7fb6c46231c seem to have
uncovered a long standing bug that did not trigger so far.
BUG: unable to handle kernel paging request at 00000009dd503502
IP: [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200
PGD 0
Oops: 0000 [#1] SMP
Modules linked in: ath5k ath mac80211 cfg80211
CPU: 2 PID: 1459 Comm: bluetoothd Not tainted 3.11.0-133163-gcebd830 #2
Hardware name: System manufacturer System Product Name/P6T DELUXE V2, BIOS
1202 12/22/2010
task: ffff8803304106a0 ti: ffff88033046a000 task.ti: ffff88033046a000
RIP: 0010:[<ffffffff815b1868>] [<ffffffff815b1868>]
rfcomm_sock_getsockopt+0x128/0x200
RSP: 0018:ffff88033046bed8 EFLAGS: 00010246
RAX: 00000009dd503502 RBX: 0000000000000003 RCX: 00007fffa2ed5548
RDX: 0000000000000003 RSI: 0000000000000012 RDI: ffff88032fd37480
RBP: ffff88033046bf28 R08: 00007fffa2ed554c R09: ffff88032f5707d8
R10: 00007fffa2ed5548 R11: 0000000000000202 R12: ffff880330bbd000
R13: 00007fffa2ed5548 R14: 0000000000000003 R15: 00007fffa2ed554c
FS: 00007fc44cfac700(0000) GS:ffff88033fc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000009dd503502 CR3: 00000003304c2000 CR4: 00000000000007e0
Stack:
ffff88033046bf28 ffffffff815b0f2f ffff88033046bf18 0002ffff81105ef6
0000000600000000 ffff88032fd37480 0000000000000012 00007fffa2ed5548
0000000000000003 00007fffa2ed554c ffff88033046bf78 ffffffff814c0380
Call Trace:
[<ffffffff815b0f2f>] ? rfcomm_sock_setsockopt+0x5f/0x190
[<ffffffff814c0380>] SyS_getsockopt+0x60/0xb0
[<ffffffff815e0852>] system_call_fastpath+0x16/0x1b
Code: 02 00 00 00 0f 47 d0 4c 89 ef e8 74 13 cd ff 83 f8 01 19 c9 f7 d1 83 e1
f2 e9 4b ff ff ff 0f 1f 44 00 00 49 8b 84 24 70 02 00 00 <4c> 8b 30 4c 89 c0 e8
2d 19 cd ff 85 c0 49 89 d7 b9 f2 ff ff ff
RIP [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200
RSP <ffff88033046bed8>
CR2: 00000009dd503502
It triggers in the following segment of the code:
0x1313 is in rfcomm_sock_getsockopt (net/bluetooth/rfcomm/sock.c:743).
738
739 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
740 {
741 struct sock *sk = sock->sk;
742 struct rfcomm_conninfo cinfo;
743 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
744 int len, err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
The l2cap_pi(sk) is wrong here since it should have been rfcomm_pi(sk),
but that socket of course does not contain the low-level connection
details requested here.
Tracking down the actual offending commit, it seems that this has been
introduced when doing some L2CAP refactoring:
commit 8c1d787be4b62d2d1b6f04953eca4bcf7c839d44
Author: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Wed Apr 13 20:23:55 2011 -0300
@@ -743,6 +743,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
struct sock *sk = sock->sk;
struct sock *l2cap_sk;
struct rfcomm_conninfo cinfo;
+ struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
int len, err = 0;
u32 opt;
@@ -787,8 +788,8 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
- cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
- memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
+ cinfo.hci_handle = conn->hcon->handle;
+ memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
The l2cap_sk got accidentally mixed into the sk (which is RFCOMM) and
now causing a problem within getsocketopt() system call. To fix this,
just re-introduce l2cap_sk and make sure the right socket is used for
the low-level connection details.
Reported-by: Fabio Rossi <rossi.f@inwind.it>
Reported-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Tested-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2013-11-02 10:36:31 +01:00
|
|
|
struct sock *l2cap_sk;
|
|
|
|
struct l2cap_conn *conn;
|
2005-04-17 00:20:36 +02:00
|
|
|
struct rfcomm_conninfo cinfo;
|
|
|
|
int len, err = 0;
|
2009-01-15 21:58:40 +01:00
|
|
|
u32 opt;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
|
|
|
if (get_user(len, optlen))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
case RFCOMM_LM:
|
2009-01-15 21:58:40 +01:00
|
|
|
switch (rfcomm_pi(sk)->sec_level) {
|
|
|
|
case BT_SECURITY_LOW:
|
|
|
|
opt = RFCOMM_LM_AUTH;
|
|
|
|
break;
|
|
|
|
case BT_SECURITY_MEDIUM:
|
|
|
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
|
|
|
|
break;
|
|
|
|
case BT_SECURITY_HIGH:
|
|
|
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
|
2014-01-16 07:37:41 +01:00
|
|
|
RFCOMM_LM_SECURE;
|
|
|
|
break;
|
|
|
|
case BT_SECURITY_FIPS:
|
|
|
|
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
|
|
|
|
RFCOMM_LM_SECURE | RFCOMM_LM_FIPS;
|
2009-01-15 21:58:40 +01:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
opt = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rfcomm_pi(sk)->role_switch)
|
|
|
|
opt |= RFCOMM_LM_MASTER;
|
|
|
|
|
|
|
|
if (put_user(opt, (u32 __user *) optval))
|
2005-04-17 00:20:36 +02:00
|
|
|
err = -EFAULT;
|
2014-01-16 07:37:41 +01:00
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
case RFCOMM_CONNINFO:
|
2009-01-15 21:56:48 +01:00
|
|
|
if (sk->sk_state != BT_CONNECTED &&
|
|
|
|
!rfcomm_pi(sk)->dlc->defer_setup) {
|
2005-04-17 00:20:36 +02:00
|
|
|
err = -ENOTCONN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
Bluetooth: Fix issue with RFCOMM getsockopt operation
The commit 94a86df01082557e2de45865e538d7fb6c46231c seem to have
uncovered a long standing bug that did not trigger so far.
BUG: unable to handle kernel paging request at 00000009dd503502
IP: [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200
PGD 0
Oops: 0000 [#1] SMP
Modules linked in: ath5k ath mac80211 cfg80211
CPU: 2 PID: 1459 Comm: bluetoothd Not tainted 3.11.0-133163-gcebd830 #2
Hardware name: System manufacturer System Product Name/P6T DELUXE V2, BIOS
1202 12/22/2010
task: ffff8803304106a0 ti: ffff88033046a000 task.ti: ffff88033046a000
RIP: 0010:[<ffffffff815b1868>] [<ffffffff815b1868>]
rfcomm_sock_getsockopt+0x128/0x200
RSP: 0018:ffff88033046bed8 EFLAGS: 00010246
RAX: 00000009dd503502 RBX: 0000000000000003 RCX: 00007fffa2ed5548
RDX: 0000000000000003 RSI: 0000000000000012 RDI: ffff88032fd37480
RBP: ffff88033046bf28 R08: 00007fffa2ed554c R09: ffff88032f5707d8
R10: 00007fffa2ed5548 R11: 0000000000000202 R12: ffff880330bbd000
R13: 00007fffa2ed5548 R14: 0000000000000003 R15: 00007fffa2ed554c
FS: 00007fc44cfac700(0000) GS:ffff88033fc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000009dd503502 CR3: 00000003304c2000 CR4: 00000000000007e0
Stack:
ffff88033046bf28 ffffffff815b0f2f ffff88033046bf18 0002ffff81105ef6
0000000600000000 ffff88032fd37480 0000000000000012 00007fffa2ed5548
0000000000000003 00007fffa2ed554c ffff88033046bf78 ffffffff814c0380
Call Trace:
[<ffffffff815b0f2f>] ? rfcomm_sock_setsockopt+0x5f/0x190
[<ffffffff814c0380>] SyS_getsockopt+0x60/0xb0
[<ffffffff815e0852>] system_call_fastpath+0x16/0x1b
Code: 02 00 00 00 0f 47 d0 4c 89 ef e8 74 13 cd ff 83 f8 01 19 c9 f7 d1 83 e1
f2 e9 4b ff ff ff 0f 1f 44 00 00 49 8b 84 24 70 02 00 00 <4c> 8b 30 4c 89 c0 e8
2d 19 cd ff 85 c0 49 89 d7 b9 f2 ff ff ff
RIP [<ffffffff815b1868>] rfcomm_sock_getsockopt+0x128/0x200
RSP <ffff88033046bed8>
CR2: 00000009dd503502
It triggers in the following segment of the code:
0x1313 is in rfcomm_sock_getsockopt (net/bluetooth/rfcomm/sock.c:743).
738
739 static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
740 {
741 struct sock *sk = sock->sk;
742 struct rfcomm_conninfo cinfo;
743 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
744 int len, err = 0;
745 u32 opt;
746
747 BT_DBG("sk %p", sk);
The l2cap_pi(sk) is wrong here since it should have been rfcomm_pi(sk),
but that socket of course does not contain the low-level connection
details requested here.
Tracking down the actual offending commit, it seems that this has been
introduced when doing some L2CAP refactoring:
commit 8c1d787be4b62d2d1b6f04953eca4bcf7c839d44
Author: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Wed Apr 13 20:23:55 2011 -0300
@@ -743,6 +743,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
struct sock *sk = sock->sk;
struct sock *l2cap_sk;
struct rfcomm_conninfo cinfo;
+ struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
int len, err = 0;
u32 opt;
@@ -787,8 +788,8 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
- cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
- memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
+ cinfo.hci_handle = conn->hcon->handle;
+ memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
The l2cap_sk got accidentally mixed into the sk (which is RFCOMM) and
now causing a problem within getsocketopt() system call. To fix this,
just re-introduce l2cap_sk and make sure the right socket is used for
the low-level connection details.
Reported-by: Fabio Rossi <rossi.f@inwind.it>
Reported-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Tested-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2013-11-02 10:36:31 +01:00
|
|
|
l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
|
|
|
|
conn = l2cap_pi(l2cap_sk)->chan->conn;
|
|
|
|
|
2011-05-12 19:32:46 +02:00
|
|
|
memset(&cinfo, 0, sizeof(cinfo));
|
2011-04-14 01:23:55 +02:00
|
|
|
cinfo.hci_handle = conn->hcon->handle;
|
|
|
|
memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
len = min_t(unsigned int, len, sizeof(cinfo));
|
|
|
|
if (copy_to_user(optval, (char *) &cinfo, len))
|
|
|
|
err = -EFAULT;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
2009-01-15 21:52:14 +01:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
2009-01-15 21:58:40 +01:00
|
|
|
struct bt_security sec;
|
2009-01-15 21:52:14 +01:00
|
|
|
int len, err = 0;
|
|
|
|
|
|
|
|
BT_DBG("sk %p", sk);
|
|
|
|
|
|
|
|
if (level == SOL_RFCOMM)
|
|
|
|
return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen);
|
|
|
|
|
2009-01-16 10:06:13 +01:00
|
|
|
if (level != SOL_BLUETOOTH)
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
2009-01-15 21:52:14 +01:00
|
|
|
if (get_user(len, optlen))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
switch (optname) {
|
2009-01-15 21:58:40 +01:00
|
|
|
case BT_SECURITY:
|
2009-01-16 10:06:13 +01:00
|
|
|
if (sk->sk_type != SOCK_STREAM) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2009-01-15 21:58:40 +01:00
|
|
|
sec.level = rfcomm_pi(sk)->sec_level;
|
2012-08-15 13:31:48 +02:00
|
|
|
sec.key_size = 0;
|
2009-01-15 21:58:40 +01:00
|
|
|
|
|
|
|
len = min_t(unsigned int, len, sizeof(sec));
|
|
|
|
if (copy_to_user(optval, (char *) &sec, len))
|
|
|
|
err = -EFAULT;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2009-01-15 21:56:48 +01:00
|
|
|
case BT_DEFER_SETUP:
|
|
|
|
if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
|
|
|
|
err = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2012-05-16 17:17:10 +02:00
|
|
|
if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
|
|
|
|
(u32 __user *) optval))
|
2009-01-15 21:56:48 +01:00
|
|
|
err = -EFAULT;
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2009-01-15 21:52:14 +01:00
|
|
|
default:
|
|
|
|
err = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
2005-04-17 00:20:36 +02:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
|
|
|
|
{
|
2008-12-09 10:04:27 +01:00
|
|
|
struct sock *sk __maybe_unused = sock->sk;
|
2005-04-17 00:20:36 +02:00
|
|
|
int err;
|
|
|
|
|
2008-12-09 10:04:27 +01:00
|
|
|
BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-07-14 20:13:50 +02:00
|
|
|
err = bt_sock_ioctl(sock, cmd, arg);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-07-14 20:13:50 +02:00
|
|
|
if (err == -ENOIOCTLCMD) {
|
2005-04-17 00:20:36 +02:00
|
|
|
#ifdef CONFIG_BT_RFCOMM_TTY
|
2008-07-14 20:13:50 +02:00
|
|
|
lock_sock(sk);
|
|
|
|
err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
|
|
|
|
release_sock(sk);
|
2005-04-17 00:20:36 +02:00
|
|
|
#else
|
2008-07-14 20:13:50 +02:00
|
|
|
err = -EOPNOTSUPP;
|
2005-04-17 00:20:36 +02:00
|
|
|
#endif
|
2008-07-14 20:13:50 +02:00
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_shutdown(struct socket *sock, int how)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
BT_DBG("sock %p, sk %p", sock, sk);
|
|
|
|
|
2010-12-01 15:58:23 +01:00
|
|
|
if (!sk)
|
|
|
|
return 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
if (!sk->sk_shutdown) {
|
|
|
|
sk->sk_shutdown = SHUTDOWN_MASK;
|
|
|
|
__rfcomm_sock_close(sk);
|
|
|
|
|
|
|
|
if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
|
|
|
|
err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
|
|
|
|
}
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rfcomm_sock_release(struct socket *sock)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
BT_DBG("sock %p, sk %p", sock, sk);
|
|
|
|
|
|
|
|
if (!sk)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err = rfcomm_sock_shutdown(sock, 2);
|
|
|
|
|
|
|
|
sock_orphan(sk);
|
|
|
|
rfcomm_sock_kill(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2007-02-09 15:24:33 +01:00
|
|
|
/* ---- RFCOMM core layer callbacks ----
|
2005-04-17 00:20:36 +02:00
|
|
|
*
|
|
|
|
* called under rfcomm_lock()
|
|
|
|
*/
|
|
|
|
int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
|
|
|
|
{
|
|
|
|
struct sock *sk, *parent;
|
|
|
|
bdaddr_t src, dst;
|
|
|
|
int result = 0;
|
|
|
|
|
|
|
|
BT_DBG("session %p channel %d", s, channel);
|
|
|
|
|
|
|
|
rfcomm_session_getaddr(s, &src, &dst);
|
|
|
|
|
|
|
|
/* Check if we have socket listening on channel */
|
|
|
|
parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
|
|
|
|
if (!parent)
|
|
|
|
return 0;
|
|
|
|
|
2010-11-01 19:43:53 +01:00
|
|
|
bh_lock_sock(parent);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
/* Check for backlog size */
|
|
|
|
if (sk_acceptq_is_full(parent)) {
|
2007-02-09 15:24:33 +01:00
|
|
|
BT_DBG("backlog full %d", parent->sk_ack_backlog);
|
2005-04-17 00:20:36 +02:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2008-03-25 18:26:21 +01:00
|
|
|
sk = rfcomm_sock_alloc(sock_net(parent), NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
|
2005-04-17 00:20:36 +02:00
|
|
|
if (!sk)
|
|
|
|
goto done;
|
|
|
|
|
2012-01-21 23:28:34 +01:00
|
|
|
bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
rfcomm_sock_init(sk, parent);
|
2013-10-13 19:34:02 +02:00
|
|
|
bacpy(&rfcomm_pi(sk)->src, &src);
|
|
|
|
bacpy(&rfcomm_pi(sk)->dst, &dst);
|
2005-04-17 00:20:36 +02:00
|
|
|
rfcomm_pi(sk)->channel = channel;
|
|
|
|
|
|
|
|
sk->sk_state = BT_CONFIG;
|
|
|
|
bt_accept_enqueue(parent, sk);
|
|
|
|
|
|
|
|
/* Accept connection and return socket DLC */
|
|
|
|
*d = rfcomm_pi(sk)->dlc;
|
|
|
|
result = 1;
|
|
|
|
|
|
|
|
done:
|
|
|
|
bh_unlock_sock(parent);
|
2009-01-15 21:56:48 +01:00
|
|
|
|
2012-05-16 17:17:10 +02:00
|
|
|
if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
|
2009-01-15 21:56:48 +01:00
|
|
|
parent->sk_state_change(parent);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2010-03-21 05:27:45 +01:00
|
|
|
static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
read_lock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 02:06:00 +01:00
|
|
|
sk_for_each(sk, &rfcomm_sk_list.head) {
|
2012-09-25 11:49:44 +02:00
|
|
|
seq_printf(f, "%pMR %pMR %d %d\n",
|
2013-10-13 19:34:02 +02:00
|
|
|
&rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
|
2012-09-25 11:49:44 +02:00
|
|
|
sk->sk_state, rfcomm_pi(sk)->channel);
|
2005-11-08 18:57:38 +01:00
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2011-12-27 18:28:44 +01:00
|
|
|
read_unlock(&rfcomm_sk_list.lock);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2010-03-21 05:27:45 +01:00
|
|
|
return 0;
|
2005-04-17 00:20:36 +02:00
|
|
|
}
|
|
|
|
|
2010-03-21 05:27:45 +01:00
|
|
|
static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
|
|
|
|
{
|
|
|
|
return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
|
|
|
|
}
|
|
|
|
|
|
|
|
static const struct file_operations rfcomm_sock_debugfs_fops = {
|
|
|
|
.open = rfcomm_sock_debugfs_open,
|
|
|
|
.read = seq_read,
|
|
|
|
.llseek = seq_lseek,
|
|
|
|
.release = single_release,
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct dentry *rfcomm_sock_debugfs;
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2005-12-22 21:49:22 +01:00
|
|
|
static const struct proto_ops rfcomm_sock_ops = {
|
2005-04-17 00:20:36 +02:00
|
|
|
.family = PF_BLUETOOTH,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = rfcomm_sock_release,
|
|
|
|
.bind = rfcomm_sock_bind,
|
|
|
|
.connect = rfcomm_sock_connect,
|
|
|
|
.listen = rfcomm_sock_listen,
|
|
|
|
.accept = rfcomm_sock_accept,
|
|
|
|
.getname = rfcomm_sock_getname,
|
|
|
|
.sendmsg = rfcomm_sock_sendmsg,
|
|
|
|
.recvmsg = rfcomm_sock_recvmsg,
|
|
|
|
.shutdown = rfcomm_sock_shutdown,
|
|
|
|
.setsockopt = rfcomm_sock_setsockopt,
|
|
|
|
.getsockopt = rfcomm_sock_getsockopt,
|
|
|
|
.ioctl = rfcomm_sock_ioctl,
|
|
|
|
.poll = bt_sock_poll,
|
|
|
|
.socketpair = sock_no_socketpair,
|
|
|
|
.mmap = sock_no_mmap
|
|
|
|
};
|
|
|
|
|
2009-10-05 07:58:39 +02:00
|
|
|
static const struct net_proto_family rfcomm_sock_family_ops = {
|
2005-04-17 00:20:36 +02:00
|
|
|
.family = PF_BLUETOOTH,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.create = rfcomm_sock_create
|
|
|
|
};
|
|
|
|
|
2005-11-08 18:57:38 +01:00
|
|
|
int __init rfcomm_init_sockets(void)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = proto_register(&rfcomm_proto, 0);
|
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
|
2012-07-25 18:29:49 +02:00
|
|
|
if (err < 0) {
|
|
|
|
BT_ERR("RFCOMM socket layer registration failed");
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
2013-04-05 01:14:33 +02:00
|
|
|
err = bt_procfs_init(&init_net, "rfcomm", &rfcomm_sk_list, NULL);
|
2012-07-25 18:29:49 +02:00
|
|
|
if (err < 0) {
|
|
|
|
BT_ERR("Failed to create RFCOMM proc file");
|
|
|
|
bt_sock_unregister(BTPROTO_RFCOMM);
|
2005-04-17 00:20:36 +02:00
|
|
|
goto error;
|
2012-07-25 18:29:49 +02:00
|
|
|
}
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
BT_INFO("RFCOMM socket layer initialized");
|
|
|
|
|
2013-10-18 02:24:16 +02:00
|
|
|
if (IS_ERR_OR_NULL(bt_debugfs))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
|
|
|
|
bt_debugfs, NULL,
|
|
|
|
&rfcomm_sock_debugfs_fops);
|
|
|
|
|
2005-04-17 00:20:36 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
error:
|
|
|
|
proto_unregister(&rfcomm_proto);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2010-07-24 07:04:45 +02:00
|
|
|
void __exit rfcomm_cleanup_sockets(void)
|
2005-04-17 00:20:36 +02:00
|
|
|
{
|
2012-07-25 18:29:49 +02:00
|
|
|
bt_procfs_cleanup(&init_net, "rfcomm");
|
|
|
|
|
2010-03-21 05:27:45 +01:00
|
|
|
debugfs_remove(rfcomm_sock_debugfs);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2013-02-24 19:36:51 +01:00
|
|
|
bt_sock_unregister(BTPROTO_RFCOMM);
|
2005-04-17 00:20:36 +02:00
|
|
|
|
|
|
|
proto_unregister(&rfcomm_proto);
|
|
|
|
}
|