net/irda/af_irda.c at 4dfd459b738cf1f65b3eac4e0a9b19bc93cc91c6

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / irda / af_irda.c
at 4dfd459b738cf1f65b3eac4e0a9b19bc93cc91c6 2721 lines 69 kB view raw
wrap content
   1/*********************************************************************
   2 *
   3 * Filename:      af_irda.c
   4 * Version:       0.9
   5 * Description:   IrDA sockets implementation
   6 * Status:        Stable
   7 * Author:        Dag Brattli <dagb@cs.uit.no>
   8 * Created at:    Sun May 31 10:12:43 1998
   9 * Modified at:   Sat Dec 25 21:10:23 1999
  10 * Modified by:   Dag Brattli <dag@brattli.net>
  11 * Sources:       af_netroom.c, af_ax25.c, af_rose.c, af_x25.c etc.
  12 *
  13 *     Copyright (c) 1999 Dag Brattli <dagb@cs.uit.no>
  14 *     Copyright (c) 1999-2003 Jean Tourrilhes <jt@hpl.hp.com>
  15 *     All Rights Reserved.
  16 *
  17 *     This program is free software; you can redistribute it and/or
  18 *     modify it under the terms of the GNU General Public License as
  19 *     published by the Free Software Foundation; either version 2 of
  20 *     the License, or (at your option) any later version.
  21 *
  22 *     This program is distributed in the hope that it will be useful,
  23 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
  24 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25 *     GNU General Public License for more details.
  26 *
  27 *     You should have received a copy of the GNU General Public License
  28 *     along with this program; if not, write to the Free Software
  29 *     Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  30 *     MA 02111-1307 USA
  31 *
  32 *     Linux-IrDA now supports four different types of IrDA sockets:
  33 *
  34 *     o SOCK_STREAM:    TinyTP connections with SAR disabled. The
  35 *                       max SDU size is 0 for conn. of this type
  36 *     o SOCK_SEQPACKET: TinyTP connections with SAR enabled. TTP may
  37 *                       fragment the messages, but will preserve
  38 *                       the message boundaries
  39 *     o SOCK_DGRAM:     IRDAPROTO_UNITDATA: TinyTP connections with Unitdata
  40 *                       (unreliable) transfers
  41 *                       IRDAPROTO_ULTRA: Connectionless and unreliable data
  42 *
  43 ********************************************************************/
  44
  45#include <linux/capability.h>
  46#include <linux/module.h>
  47#include <linux/types.h>
  48#include <linux/smp_lock.h>
  49#include <linux/socket.h>
  50#include <linux/sockios.h>
  51#include <linux/init.h>
  52#include <linux/net.h>
  53#include <linux/irda.h>
  54#include <linux/poll.h>
  55
  56#include <asm/ioctls.h>		/* TIOCOUTQ, TIOCINQ */
  57#include <asm/uaccess.h>
  58
  59#include <net/sock.h>
  60#include <net/tcp_states.h>
  61
  62#include <net/irda/af_irda.h>
  63
  64static int irda_create(struct net *net, struct socket *sock, int protocol, int kern);
  65
  66static const struct proto_ops irda_stream_ops;
  67static const struct proto_ops irda_seqpacket_ops;
  68static const struct proto_ops irda_dgram_ops;
  69
  70#ifdef CONFIG_IRDA_ULTRA
  71static const struct proto_ops irda_ultra_ops;
  72#define ULTRA_MAX_DATA 382
  73#endif /* CONFIG_IRDA_ULTRA */
  74
  75#define IRDA_MAX_HEADER (TTP_MAX_HEADER)
  76
  77/*
  78 * Function irda_data_indication (instance, sap, skb)
  79 *
  80 *    Received some data from TinyTP. Just queue it on the receive queue
  81 *
  82 */
  83static int irda_data_indication(void *instance, void *sap, struct sk_buff *skb)
  84{
  85	struct irda_sock *self;
  86	struct sock *sk;
  87	int err;
  88
  89	IRDA_DEBUG(3, "%s()\n", __func__);
  90
  91	self = instance;
  92	sk = instance;
  93
  94	err = sock_queue_rcv_skb(sk, skb);
  95	if (err) {
  96		IRDA_DEBUG(1, "%s(), error: no more mem!\n", __func__);
  97		self->rx_flow = FLOW_STOP;
  98
  99		/* When we return error, TTP will need to requeue the skb */
 100		return err;
 101	}
 102
 103	return 0;
 104}
 105
 106/*
 107 * Function irda_disconnect_indication (instance, sap, reason, skb)
 108 *
 109 *    Connection has been closed. Check reason to find out why
 110 *
 111 */
 112static void irda_disconnect_indication(void *instance, void *sap,
 113				       LM_REASON reason, struct sk_buff *skb)
 114{
 115	struct irda_sock *self;
 116	struct sock *sk;
 117
 118	self = instance;
 119
 120	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 121
 122	/* Don't care about it, but let's not leak it */
 123	if(skb)
 124		dev_kfree_skb(skb);
 125
 126	sk = instance;
 127	if (sk == NULL) {
 128		IRDA_DEBUG(0, "%s(%p) : BUG : sk is NULL\n",
 129			   __func__, self);
 130		return;
 131	}
 132
 133	/* Prevent race conditions with irda_release() and irda_shutdown() */
 134	bh_lock_sock(sk);
 135	if (!sock_flag(sk, SOCK_DEAD) && sk->sk_state != TCP_CLOSE) {
 136		sk->sk_state     = TCP_CLOSE;
 137		sk->sk_shutdown |= SEND_SHUTDOWN;
 138
 139		sk->sk_state_change(sk);
 140
 141		/* Close our TSAP.
 142		 * If we leave it open, IrLMP put it back into the list of
 143		 * unconnected LSAPs. The problem is that any incoming request
 144		 * can then be matched to this socket (and it will be, because
 145		 * it is at the head of the list). This would prevent any
 146		 * listening socket waiting on the same TSAP to get those
 147		 * requests. Some apps forget to close sockets, or hang to it
 148		 * a bit too long, so we may stay in this dead state long
 149		 * enough to be noticed...
 150		 * Note : all socket function do check sk->sk_state, so we are
 151		 * safe...
 152		 * Jean II
 153		 */
 154		if (self->tsap) {
 155			irttp_close_tsap(self->tsap);
 156			self->tsap = NULL;
 157		}
 158	}
 159	bh_unlock_sock(sk);
 160
 161	/* Note : once we are there, there is not much you want to do
 162	 * with the socket anymore, apart from closing it.
 163	 * For example, bind() and connect() won't reset sk->sk_err,
 164	 * sk->sk_shutdown and sk->sk_flags to valid values...
 165	 * Jean II
 166	 */
 167}
 168
 169/*
 170 * Function irda_connect_confirm (instance, sap, qos, max_sdu_size, skb)
 171 *
 172 *    Connections has been confirmed by the remote device
 173 *
 174 */
 175static void irda_connect_confirm(void *instance, void *sap,
 176				 struct qos_info *qos,
 177				 __u32 max_sdu_size, __u8 max_header_size,
 178				 struct sk_buff *skb)
 179{
 180	struct irda_sock *self;
 181	struct sock *sk;
 182
 183	self = instance;
 184
 185	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 186
 187	sk = instance;
 188	if (sk == NULL) {
 189		dev_kfree_skb(skb);
 190		return;
 191	}
 192
 193	dev_kfree_skb(skb);
 194	// Should be ??? skb_queue_tail(&sk->sk_receive_queue, skb);
 195
 196	/* How much header space do we need to reserve */
 197	self->max_header_size = max_header_size;
 198
 199	/* IrTTP max SDU size in transmit direction */
 200	self->max_sdu_size_tx = max_sdu_size;
 201
 202	/* Find out what the largest chunk of data that we can transmit is */
 203	switch (sk->sk_type) {
 204	case SOCK_STREAM:
 205		if (max_sdu_size != 0) {
 206			IRDA_ERROR("%s: max_sdu_size must be 0\n",
 207				   __func__);
 208			return;
 209		}
 210		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 211		break;
 212	case SOCK_SEQPACKET:
 213		if (max_sdu_size == 0) {
 214			IRDA_ERROR("%s: max_sdu_size cannot be 0\n",
 215				   __func__);
 216			return;
 217		}
 218		self->max_data_size = max_sdu_size;
 219		break;
 220	default:
 221		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 222	}
 223
 224	IRDA_DEBUG(2, "%s(), max_data_size=%d\n", __func__,
 225		   self->max_data_size);
 226
 227	memcpy(&self->qos_tx, qos, sizeof(struct qos_info));
 228
 229	/* We are now connected! */
 230	sk->sk_state = TCP_ESTABLISHED;
 231	sk->sk_state_change(sk);
 232}
 233
 234/*
 235 * Function irda_connect_indication(instance, sap, qos, max_sdu_size, userdata)
 236 *
 237 *    Incoming connection
 238 *
 239 */
 240static void irda_connect_indication(void *instance, void *sap,
 241				    struct qos_info *qos, __u32 max_sdu_size,
 242				    __u8 max_header_size, struct sk_buff *skb)
 243{
 244	struct irda_sock *self;
 245	struct sock *sk;
 246
 247	self = instance;
 248
 249	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 250
 251	sk = instance;
 252	if (sk == NULL) {
 253		dev_kfree_skb(skb);
 254		return;
 255	}
 256
 257	/* How much header space do we need to reserve */
 258	self->max_header_size = max_header_size;
 259
 260	/* IrTTP max SDU size in transmit direction */
 261	self->max_sdu_size_tx = max_sdu_size;
 262
 263	/* Find out what the largest chunk of data that we can transmit is */
 264	switch (sk->sk_type) {
 265	case SOCK_STREAM:
 266		if (max_sdu_size != 0) {
 267			IRDA_ERROR("%s: max_sdu_size must be 0\n",
 268				   __func__);
 269			kfree_skb(skb);
 270			return;
 271		}
 272		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 273		break;
 274	case SOCK_SEQPACKET:
 275		if (max_sdu_size == 0) {
 276			IRDA_ERROR("%s: max_sdu_size cannot be 0\n",
 277				   __func__);
 278			kfree_skb(skb);
 279			return;
 280		}
 281		self->max_data_size = max_sdu_size;
 282		break;
 283	default:
 284		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 285	}
 286
 287	IRDA_DEBUG(2, "%s(), max_data_size=%d\n", __func__,
 288		   self->max_data_size);
 289
 290	memcpy(&self->qos_tx, qos, sizeof(struct qos_info));
 291
 292	skb_queue_tail(&sk->sk_receive_queue, skb);
 293	sk->sk_state_change(sk);
 294}
 295
 296/*
 297 * Function irda_connect_response (handle)
 298 *
 299 *    Accept incoming connection
 300 *
 301 */
 302static void irda_connect_response(struct irda_sock *self)
 303{
 304	struct sk_buff *skb;
 305
 306	IRDA_DEBUG(2, "%s()\n", __func__);
 307
 308	skb = alloc_skb(TTP_MAX_HEADER + TTP_SAR_HEADER,
 309			GFP_ATOMIC);
 310	if (skb == NULL) {
 311		IRDA_DEBUG(0, "%s() Unable to allocate sk_buff!\n",
 312			   __func__);
 313		return;
 314	}
 315
 316	/* Reserve space for MUX_CONTROL and LAP header */
 317	skb_reserve(skb, IRDA_MAX_HEADER);
 318
 319	irttp_connect_response(self->tsap, self->max_sdu_size_rx, skb);
 320}
 321
 322/*
 323 * Function irda_flow_indication (instance, sap, flow)
 324 *
 325 *    Used by TinyTP to tell us if it can accept more data or not
 326 *
 327 */
 328static void irda_flow_indication(void *instance, void *sap, LOCAL_FLOW flow)
 329{
 330	struct irda_sock *self;
 331	struct sock *sk;
 332
 333	IRDA_DEBUG(2, "%s()\n", __func__);
 334
 335	self = instance;
 336	sk = instance;
 337	BUG_ON(sk == NULL);
 338
 339	switch (flow) {
 340	case FLOW_STOP:
 341		IRDA_DEBUG(1, "%s(), IrTTP wants us to slow down\n",
 342			   __func__);
 343		self->tx_flow = flow;
 344		break;
 345	case FLOW_START:
 346		self->tx_flow = flow;
 347		IRDA_DEBUG(1, "%s(), IrTTP wants us to start again\n",
 348			   __func__);
 349		wake_up_interruptible(sk->sk_sleep);
 350		break;
 351	default:
 352		IRDA_DEBUG(0, "%s(), Unknown flow command!\n", __func__);
 353		/* Unknown flow command, better stop */
 354		self->tx_flow = flow;
 355		break;
 356	}
 357}
 358
 359/*
 360 * Function irda_getvalue_confirm (obj_id, value, priv)
 361 *
 362 *    Got answer from remote LM-IAS, just pass object to requester...
 363 *
 364 * Note : duplicate from above, but we need our own version that
 365 * doesn't touch the dtsap_sel and save the full value structure...
 366 */
 367static void irda_getvalue_confirm(int result, __u16 obj_id,
 368				  struct ias_value *value, void *priv)
 369{
 370	struct irda_sock *self;
 371
 372	self = (struct irda_sock *) priv;
 373	if (!self) {
 374		IRDA_WARNING("%s: lost myself!\n", __func__);
 375		return;
 376	}
 377
 378	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 379
 380	/* We probably don't need to make any more queries */
 381	iriap_close(self->iriap);
 382	self->iriap = NULL;
 383
 384	/* Check if request succeeded */
 385	if (result != IAS_SUCCESS) {
 386		IRDA_DEBUG(1, "%s(), IAS query failed! (%d)\n", __func__,
 387			   result);
 388
 389		self->errno = result;	/* We really need it later */
 390
 391		/* Wake up any processes waiting for result */
 392		wake_up_interruptible(&self->query_wait);
 393
 394		return;
 395	}
 396
 397	/* Pass the object to the caller (so the caller must delete it) */
 398	self->ias_result = value;
 399	self->errno = 0;
 400
 401	/* Wake up any processes waiting for result */
 402	wake_up_interruptible(&self->query_wait);
 403}
 404
 405/*
 406 * Function irda_selective_discovery_indication (discovery)
 407 *
 408 *    Got a selective discovery indication from IrLMP.
 409 *
 410 * IrLMP is telling us that this node is new and matching our hint bit
 411 * filter. Wake up any process waiting for answer...
 412 */
 413static void irda_selective_discovery_indication(discinfo_t *discovery,
 414						DISCOVERY_MODE mode,
 415						void *priv)
 416{
 417	struct irda_sock *self;
 418
 419	IRDA_DEBUG(2, "%s()\n", __func__);
 420
 421	self = (struct irda_sock *) priv;
 422	if (!self) {
 423		IRDA_WARNING("%s: lost myself!\n", __func__);
 424		return;
 425	}
 426
 427	/* Pass parameter to the caller */
 428	self->cachedaddr = discovery->daddr;
 429
 430	/* Wake up process if its waiting for device to be discovered */
 431	wake_up_interruptible(&self->query_wait);
 432}
 433
 434/*
 435 * Function irda_discovery_timeout (priv)
 436 *
 437 *    Timeout in the selective discovery process
 438 *
 439 * We were waiting for a node to be discovered, but nothing has come up
 440 * so far. Wake up the user and tell him that we failed...
 441 */
 442static void irda_discovery_timeout(u_long priv)
 443{
 444	struct irda_sock *self;
 445
 446	IRDA_DEBUG(2, "%s()\n", __func__);
 447
 448	self = (struct irda_sock *) priv;
 449	BUG_ON(self == NULL);
 450
 451	/* Nothing for the caller */
 452	self->cachelog = NULL;
 453	self->cachedaddr = 0;
 454	self->errno = -ETIME;
 455
 456	/* Wake up process if its still waiting... */
 457	wake_up_interruptible(&self->query_wait);
 458}
 459
 460/*
 461 * Function irda_open_tsap (self)
 462 *
 463 *    Open local Transport Service Access Point (TSAP)
 464 *
 465 */
 466static int irda_open_tsap(struct irda_sock *self, __u8 tsap_sel, char *name)
 467{
 468	notify_t notify;
 469
 470	if (self->tsap) {
 471		IRDA_WARNING("%s: busy!\n", __func__);
 472		return -EBUSY;
 473	}
 474
 475	/* Initialize callbacks to be used by the IrDA stack */
 476	irda_notify_init(&notify);
 477	notify.connect_confirm       = irda_connect_confirm;
 478	notify.connect_indication    = irda_connect_indication;
 479	notify.disconnect_indication = irda_disconnect_indication;
 480	notify.data_indication       = irda_data_indication;
 481	notify.udata_indication	     = irda_data_indication;
 482	notify.flow_indication       = irda_flow_indication;
 483	notify.instance = self;
 484	strncpy(notify.name, name, NOTIFY_MAX_NAME);
 485
 486	self->tsap = irttp_open_tsap(tsap_sel, DEFAULT_INITIAL_CREDIT,
 487				     &notify);
 488	if (self->tsap == NULL) {
 489		IRDA_DEBUG(0, "%s(), Unable to allocate TSAP!\n",
 490			   __func__);
 491		return -ENOMEM;
 492	}
 493	/* Remember which TSAP selector we actually got */
 494	self->stsap_sel = self->tsap->stsap_sel;
 495
 496	return 0;
 497}
 498
 499/*
 500 * Function irda_open_lsap (self)
 501 *
 502 *    Open local Link Service Access Point (LSAP). Used for opening Ultra
 503 *    sockets
 504 */
 505#ifdef CONFIG_IRDA_ULTRA
 506static int irda_open_lsap(struct irda_sock *self, int pid)
 507{
 508	notify_t notify;
 509
 510	if (self->lsap) {
 511		IRDA_WARNING("%s(), busy!\n", __func__);
 512		return -EBUSY;
 513	}
 514
 515	/* Initialize callbacks to be used by the IrDA stack */
 516	irda_notify_init(&notify);
 517	notify.udata_indication	= irda_data_indication;
 518	notify.instance = self;
 519	strncpy(notify.name, "Ultra", NOTIFY_MAX_NAME);
 520
 521	self->lsap = irlmp_open_lsap(LSAP_CONNLESS, &notify, pid);
 522	if (self->lsap == NULL) {
 523		IRDA_DEBUG( 0, "%s(), Unable to allocate LSAP!\n", __func__);
 524		return -ENOMEM;
 525	}
 526
 527	return 0;
 528}
 529#endif /* CONFIG_IRDA_ULTRA */
 530
 531/*
 532 * Function irda_find_lsap_sel (self, name)
 533 *
 534 *    Try to lookup LSAP selector in remote LM-IAS
 535 *
 536 * Basically, we start a IAP query, and then go to sleep. When the query
 537 * return, irda_getvalue_confirm will wake us up, and we can examine the
 538 * result of the query...
 539 * Note that in some case, the query fail even before we go to sleep,
 540 * creating some races...
 541 */
 542static int irda_find_lsap_sel(struct irda_sock *self, char *name)
 543{
 544	IRDA_DEBUG(2, "%s(%p, %s)\n", __func__, self, name);
 545
 546	if (self->iriap) {
 547		IRDA_WARNING("%s(): busy with a previous query\n",
 548			     __func__);
 549		return -EBUSY;
 550	}
 551
 552	self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self,
 553				 irda_getvalue_confirm);
 554	if(self->iriap == NULL)
 555		return -ENOMEM;
 556
 557	/* Treat unexpected wakeup as disconnect */
 558	self->errno = -EHOSTUNREACH;
 559
 560	/* Query remote LM-IAS */
 561	iriap_getvaluebyclass_request(self->iriap, self->saddr, self->daddr,
 562				      name, "IrDA:TinyTP:LsapSel");
 563
 564	/* Wait for answer, if not yet finished (or failed) */
 565	if (wait_event_interruptible(self->query_wait, (self->iriap==NULL)))
 566		/* Treat signals as disconnect */
 567		return -EHOSTUNREACH;
 568
 569	/* Check what happened */
 570	if (self->errno)
 571	{
 572		/* Requested object/attribute doesn't exist */
 573		if((self->errno == IAS_CLASS_UNKNOWN) ||
 574		   (self->errno == IAS_ATTRIB_UNKNOWN))
 575			return (-EADDRNOTAVAIL);
 576		else
 577			return (-EHOSTUNREACH);
 578	}
 579
 580	/* Get the remote TSAP selector */
 581	switch (self->ias_result->type) {
 582	case IAS_INTEGER:
 583		IRDA_DEBUG(4, "%s() int=%d\n",
 584			   __func__, self->ias_result->t.integer);
 585
 586		if (self->ias_result->t.integer != -1)
 587			self->dtsap_sel = self->ias_result->t.integer;
 588		else
 589			self->dtsap_sel = 0;
 590		break;
 591	default:
 592		self->dtsap_sel = 0;
 593		IRDA_DEBUG(0, "%s(), bad type!\n", __func__);
 594		break;
 595	}
 596	if (self->ias_result)
 597		irias_delete_value(self->ias_result);
 598
 599	if (self->dtsap_sel)
 600		return 0;
 601
 602	return -EADDRNOTAVAIL;
 603}
 604
 605/*
 606 * Function irda_discover_daddr_and_lsap_sel (self, name)
 607 *
 608 *    This try to find a device with the requested service.
 609 *
 610 * It basically look into the discovery log. For each address in the list,
 611 * it queries the LM-IAS of the device to find if this device offer
 612 * the requested service.
 613 * If there is more than one node supporting the service, we complain
 614 * to the user (it should move devices around).
 615 * The, we set both the destination address and the lsap selector to point
 616 * on the service on the unique device we have found.
 617 *
 618 * Note : this function fails if there is more than one device in range,
 619 * because IrLMP doesn't disconnect the LAP when the last LSAP is closed.
 620 * Moreover, we would need to wait the LAP disconnection...
 621 */
 622static int irda_discover_daddr_and_lsap_sel(struct irda_sock *self, char *name)
 623{
 624	discinfo_t *discoveries;	/* Copy of the discovery log */
 625	int	number;			/* Number of nodes in the log */
 626	int	i;
 627	int	err = -ENETUNREACH;
 628	__u32	daddr = DEV_ADDR_ANY;	/* Address we found the service on */
 629	__u8	dtsap_sel = 0x0;	/* TSAP associated with it */
 630
 631	IRDA_DEBUG(2, "%s(), name=%s\n", __func__, name);
 632
 633	/* Ask lmp for the current discovery log
 634	 * Note : we have to use irlmp_get_discoveries(), as opposed
 635	 * to play with the cachelog directly, because while we are
 636	 * making our ias query, le log might change... */
 637	discoveries = irlmp_get_discoveries(&number, self->mask.word,
 638					    self->nslots);
 639	/* Check if the we got some results */
 640	if (discoveries == NULL)
 641		return -ENETUNREACH;	/* No nodes discovered */
 642
 643	/*
 644	 * Now, check all discovered devices (if any), and connect
 645	 * client only about the services that the client is
 646	 * interested in...
 647	 */
 648	for(i = 0; i < number; i++) {
 649		/* Try the address in the log */
 650		self->daddr = discoveries[i].daddr;
 651		self->saddr = 0x0;
 652		IRDA_DEBUG(1, "%s(), trying daddr = %08x\n",
 653			   __func__, self->daddr);
 654
 655		/* Query remote LM-IAS for this service */
 656		err = irda_find_lsap_sel(self, name);
 657		switch (err) {
 658		case 0:
 659			/* We found the requested service */
 660			if(daddr != DEV_ADDR_ANY) {
 661				IRDA_DEBUG(1, "%s(), discovered service ''%s'' in two different devices !!!\n",
 662					   __func__, name);
 663				self->daddr = DEV_ADDR_ANY;
 664				kfree(discoveries);
 665				return(-ENOTUNIQ);
 666			}
 667			/* First time we found that one, save it ! */
 668			daddr = self->daddr;
 669			dtsap_sel = self->dtsap_sel;
 670			break;
 671		case -EADDRNOTAVAIL:
 672			/* Requested service simply doesn't exist on this node */
 673			break;
 674		default:
 675			/* Something bad did happen :-( */
 676			IRDA_DEBUG(0, "%s(), unexpected IAS query failure\n", __func__);
 677			self->daddr = DEV_ADDR_ANY;
 678			kfree(discoveries);
 679			return(-EHOSTUNREACH);
 680			break;
 681		}
 682	}
 683	/* Cleanup our copy of the discovery log */
 684	kfree(discoveries);
 685
 686	/* Check out what we found */
 687	if(daddr == DEV_ADDR_ANY) {
 688		IRDA_DEBUG(1, "%s(), cannot discover service ''%s'' in any device !!!\n",
 689			   __func__, name);
 690		self->daddr = DEV_ADDR_ANY;
 691		return(-EADDRNOTAVAIL);
 692	}
 693
 694	/* Revert back to discovered device & service */
 695	self->daddr = daddr;
 696	self->saddr = 0x0;
 697	self->dtsap_sel = dtsap_sel;
 698
 699	IRDA_DEBUG(1, "%s(), discovered requested service ''%s'' at address %08x\n",
 700		   __func__, name, self->daddr);
 701
 702	return 0;
 703}
 704
 705/*
 706 * Function irda_getname (sock, uaddr, uaddr_len, peer)
 707 *
 708 *    Return the our own, or peers socket address (sockaddr_irda)
 709 *
 710 */
 711static int irda_getname(struct socket *sock, struct sockaddr *uaddr,
 712			int *uaddr_len, int peer)
 713{
 714	struct sockaddr_irda saddr;
 715	struct sock *sk = sock->sk;
 716	struct irda_sock *self = irda_sk(sk);
 717	int err;
 718
 719	lock_kernel();
 720	memset(&saddr, 0, sizeof(saddr));
 721	if (peer) {
 722		err  = -ENOTCONN;
 723		if (sk->sk_state != TCP_ESTABLISHED)
 724			goto out;
 725
 726		saddr.sir_family = AF_IRDA;
 727		saddr.sir_lsap_sel = self->dtsap_sel;
 728		saddr.sir_addr = self->daddr;
 729	} else {
 730		saddr.sir_family = AF_IRDA;
 731		saddr.sir_lsap_sel = self->stsap_sel;
 732		saddr.sir_addr = self->saddr;
 733	}
 734
 735	IRDA_DEBUG(1, "%s(), tsap_sel = %#x\n", __func__, saddr.sir_lsap_sel);
 736	IRDA_DEBUG(1, "%s(), addr = %08x\n", __func__, saddr.sir_addr);
 737
 738	/* uaddr_len come to us uninitialised */
 739	*uaddr_len = sizeof (struct sockaddr_irda);
 740	memcpy(uaddr, &saddr, *uaddr_len);
 741	err = 0;
 742out:
 743	unlock_kernel();
 744	return err;
 745}
 746
 747/*
 748 * Function irda_listen (sock, backlog)
 749 *
 750 *    Just move to the listen state
 751 *
 752 */
 753static int irda_listen(struct socket *sock, int backlog)
 754{
 755	struct sock *sk = sock->sk;
 756	int err = -EOPNOTSUPP;
 757
 758	IRDA_DEBUG(2, "%s()\n", __func__);
 759
 760	lock_kernel();
 761	if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) &&
 762	    (sk->sk_type != SOCK_DGRAM))
 763		goto out;
 764
 765	if (sk->sk_state != TCP_LISTEN) {
 766		sk->sk_max_ack_backlog = backlog;
 767		sk->sk_state           = TCP_LISTEN;
 768
 769		err = 0;
 770	}
 771out:
 772	unlock_kernel();
 773
 774	return err;
 775}
 776
 777/*
 778 * Function irda_bind (sock, uaddr, addr_len)
 779 *
 780 *    Used by servers to register their well known TSAP
 781 *
 782 */
 783static int irda_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 784{
 785	struct sock *sk = sock->sk;
 786	struct sockaddr_irda *addr = (struct sockaddr_irda *) uaddr;
 787	struct irda_sock *self = irda_sk(sk);
 788	int err;
 789
 790	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 791
 792	if (addr_len != sizeof(struct sockaddr_irda))
 793		return -EINVAL;
 794
 795	lock_kernel();
 796#ifdef CONFIG_IRDA_ULTRA
 797	/* Special care for Ultra sockets */
 798	if ((sk->sk_type == SOCK_DGRAM) &&
 799	    (sk->sk_protocol == IRDAPROTO_ULTRA)) {
 800		self->pid = addr->sir_lsap_sel;
 801		err = -EOPNOTSUPP;
 802		if (self->pid & 0x80) {
 803			IRDA_DEBUG(0, "%s(), extension in PID not supp!\n", __func__);
 804			goto out;
 805		}
 806		err = irda_open_lsap(self, self->pid);
 807		if (err < 0)
 808			goto out;
 809
 810		/* Pretend we are connected */
 811		sock->state = SS_CONNECTED;
 812		sk->sk_state   = TCP_ESTABLISHED;
 813		err = 0;
 814
 815		goto out;
 816	}
 817#endif /* CONFIG_IRDA_ULTRA */
 818
 819	self->ias_obj = irias_new_object(addr->sir_name, jiffies);
 820	err = -ENOMEM;
 821	if (self->ias_obj == NULL)
 822		goto out;
 823
 824	err = irda_open_tsap(self, addr->sir_lsap_sel, addr->sir_name);
 825	if (err < 0) {
 826		kfree(self->ias_obj->name);
 827		kfree(self->ias_obj);
 828		goto out;
 829	}
 830
 831	/*  Register with LM-IAS */
 832	irias_add_integer_attrib(self->ias_obj, "IrDA:TinyTP:LsapSel",
 833				 self->stsap_sel, IAS_KERNEL_ATTR);
 834	irias_insert_object(self->ias_obj);
 835
 836	err = 0;
 837out:
 838	unlock_kernel();
 839	return err;
 840}
 841
 842/*
 843 * Function irda_accept (sock, newsock, flags)
 844 *
 845 *    Wait for incoming connection
 846 *
 847 */
 848static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
 849{
 850	struct sock *sk = sock->sk;
 851	struct irda_sock *new, *self = irda_sk(sk);
 852	struct sock *newsk;
 853	struct sk_buff *skb;
 854	int err;
 855
 856	IRDA_DEBUG(2, "%s()\n", __func__);
 857
 858	lock_kernel();
 859	err = irda_create(sock_net(sk), newsock, sk->sk_protocol, 0);
 860	if (err)
 861		goto out;
 862
 863	err = -EINVAL;
 864	if (sock->state != SS_UNCONNECTED)
 865		goto out;
 866
 867	if ((sk = sock->sk) == NULL)
 868		goto out;
 869
 870	err = -EOPNOTSUPP;
 871	if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) &&
 872	    (sk->sk_type != SOCK_DGRAM))
 873		goto out;
 874
 875	err = -EINVAL;
 876	if (sk->sk_state != TCP_LISTEN)
 877		goto out;
 878
 879	/*
 880	 *	The read queue this time is holding sockets ready to use
 881	 *	hooked into the SABM we saved
 882	 */
 883
 884	/*
 885	 * We can perform the accept only if there is incoming data
 886	 * on the listening socket.
 887	 * So, we will block the caller until we receive any data.
 888	 * If the caller was waiting on select() or poll() before
 889	 * calling us, the data is waiting for us ;-)
 890	 * Jean II
 891	 */
 892	while (1) {
 893		skb = skb_dequeue(&sk->sk_receive_queue);
 894		if (skb)
 895			break;
 896
 897		/* Non blocking operation */
 898		err = -EWOULDBLOCK;
 899		if (flags & O_NONBLOCK)
 900			goto out;
 901
 902		err = wait_event_interruptible(*(sk->sk_sleep),
 903					skb_peek(&sk->sk_receive_queue));
 904		if (err)
 905			goto out;
 906	}
 907
 908	newsk = newsock->sk;
 909	err = -EIO;
 910	if (newsk == NULL)
 911		goto out;
 912
 913	newsk->sk_state = TCP_ESTABLISHED;
 914
 915	new = irda_sk(newsk);
 916
 917	/* Now attach up the new socket */
 918	new->tsap = irttp_dup(self->tsap, new);
 919	err = -EPERM; /* value does not seem to make sense. -arnd */
 920	if (!new->tsap) {
 921		IRDA_DEBUG(0, "%s(), dup failed!\n", __func__);
 922		kfree_skb(skb);
 923		goto out;
 924	}
 925
 926	new->stsap_sel = new->tsap->stsap_sel;
 927	new->dtsap_sel = new->tsap->dtsap_sel;
 928	new->saddr = irttp_get_saddr(new->tsap);
 929	new->daddr = irttp_get_daddr(new->tsap);
 930
 931	new->max_sdu_size_tx = self->max_sdu_size_tx;
 932	new->max_sdu_size_rx = self->max_sdu_size_rx;
 933	new->max_data_size   = self->max_data_size;
 934	new->max_header_size = self->max_header_size;
 935
 936	memcpy(&new->qos_tx, &self->qos_tx, sizeof(struct qos_info));
 937
 938	/* Clean up the original one to keep it in listen state */
 939	irttp_listen(self->tsap);
 940
 941	kfree_skb(skb);
 942	sk->sk_ack_backlog--;
 943
 944	newsock->state = SS_CONNECTED;
 945
 946	irda_connect_response(new);
 947	err = 0;
 948out:
 949	unlock_kernel();
 950	return err;
 951}
 952
 953/*
 954 * Function irda_connect (sock, uaddr, addr_len, flags)
 955 *
 956 *    Connect to a IrDA device
 957 *
 958 * The main difference with a "standard" connect is that with IrDA we need
 959 * to resolve the service name into a TSAP selector (in TCP, port number
 960 * doesn't have to be resolved).
 961 * Because of this service name resoltion, we can offer "auto-connect",
 962 * where we connect to a service without specifying a destination address.
 963 *
 964 * Note : by consulting "errno", the user space caller may learn the cause
 965 * of the failure. Most of them are visible in the function, others may come
 966 * from subroutines called and are listed here :
 967 *	o EBUSY : already processing a connect
 968 *	o EHOSTUNREACH : bad addr->sir_addr argument
 969 *	o EADDRNOTAVAIL : bad addr->sir_name argument
 970 *	o ENOTUNIQ : more than one node has addr->sir_name (auto-connect)
 971 *	o ENETUNREACH : no node found on the network (auto-connect)
 972 */
 973static int irda_connect(struct socket *sock, struct sockaddr *uaddr,
 974			int addr_len, int flags)
 975{
 976	struct sock *sk = sock->sk;
 977	struct sockaddr_irda *addr = (struct sockaddr_irda *) uaddr;
 978	struct irda_sock *self = irda_sk(sk);
 979	int err;
 980
 981	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 982
 983	lock_kernel();
 984	/* Don't allow connect for Ultra sockets */
 985	err = -ESOCKTNOSUPPORT;
 986	if ((sk->sk_type == SOCK_DGRAM) && (sk->sk_protocol == IRDAPROTO_ULTRA))
 987		goto out;
 988
 989	if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) {
 990		sock->state = SS_CONNECTED;
 991		err = 0;
 992		goto out;   /* Connect completed during a ERESTARTSYS event */
 993	}
 994
 995	if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) {
 996		sock->state = SS_UNCONNECTED;
 997		err = -ECONNREFUSED;
 998		goto out;
 999	}
1000
1001	err = -EISCONN;      /* No reconnect on a seqpacket socket */
1002	if (sk->sk_state == TCP_ESTABLISHED)
1003		goto out;
1004
1005	sk->sk_state   = TCP_CLOSE;
1006	sock->state = SS_UNCONNECTED;
1007
1008	err = -EINVAL;
1009	if (addr_len != sizeof(struct sockaddr_irda))
1010		goto out;
1011
1012	/* Check if user supplied any destination device address */
1013	if ((!addr->sir_addr) || (addr->sir_addr == DEV_ADDR_ANY)) {
1014		/* Try to find one suitable */
1015		err = irda_discover_daddr_and_lsap_sel(self, addr->sir_name);
1016		if (err) {
1017			IRDA_DEBUG(0, "%s(), auto-connect failed!\n", __func__);
1018			goto out;
1019		}
1020	} else {
1021		/* Use the one provided by the user */
1022		self->daddr = addr->sir_addr;
1023		IRDA_DEBUG(1, "%s(), daddr = %08x\n", __func__, self->daddr);
1024
1025		/* If we don't have a valid service name, we assume the
1026		 * user want to connect on a specific LSAP. Prevent
1027		 * the use of invalid LSAPs (IrLMP 1.1 p10). Jean II */
1028		if((addr->sir_name[0] != '\0') ||
1029		   (addr->sir_lsap_sel >= 0x70)) {
1030			/* Query remote LM-IAS using service name */
1031			err = irda_find_lsap_sel(self, addr->sir_name);
1032			if (err) {
1033				IRDA_DEBUG(0, "%s(), connect failed!\n", __func__);
1034				goto out;
1035			}
1036		} else {
1037			/* Directly connect to the remote LSAP
1038			 * specified by the sir_lsap field.
1039			 * Please use with caution, in IrDA LSAPs are
1040			 * dynamic and there is no "well-known" LSAP. */
1041			self->dtsap_sel = addr->sir_lsap_sel;
1042		}
1043	}
1044
1045	/* Check if we have opened a local TSAP */
1046	if (!self->tsap)
1047		irda_open_tsap(self, LSAP_ANY, addr->sir_name);
1048
1049	/* Move to connecting socket, start sending Connect Requests */
1050	sock->state = SS_CONNECTING;
1051	sk->sk_state   = TCP_SYN_SENT;
1052
1053	/* Connect to remote device */
1054	err = irttp_connect_request(self->tsap, self->dtsap_sel,
1055				    self->saddr, self->daddr, NULL,
1056				    self->max_sdu_size_rx, NULL);
1057	if (err) {
1058		IRDA_DEBUG(0, "%s(), connect failed!\n", __func__);
1059		goto out;
1060	}
1061
1062	/* Now the loop */
1063	err = -EINPROGRESS;
1064	if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK))
1065		goto out;
1066
1067	err = -ERESTARTSYS;
1068	if (wait_event_interruptible(*(sk->sk_sleep),
1069				     (sk->sk_state != TCP_SYN_SENT)))
1070		goto out;
1071
1072	if (sk->sk_state != TCP_ESTABLISHED) {
1073		sock->state = SS_UNCONNECTED;
1074		err = sock_error(sk);
1075		if (!err)
1076			err = -ECONNRESET;
1077		goto out;
1078	}
1079
1080	sock->state = SS_CONNECTED;
1081
1082	/* At this point, IrLMP has assigned our source address */
1083	self->saddr = irttp_get_saddr(self->tsap);
1084	err = 0;
1085out:
1086	unlock_kernel();
1087	return err;
1088}
1089
1090static struct proto irda_proto = {
1091	.name	  = "IRDA",
1092	.owner	  = THIS_MODULE,
1093	.obj_size = sizeof(struct irda_sock),
1094};
1095
1096/*
1097 * Function irda_create (sock, protocol)
1098 *
1099 *    Create IrDA socket
1100 *
1101 */
1102static int irda_create(struct net *net, struct socket *sock, int protocol,
1103		       int kern)
1104{
1105	struct sock *sk;
1106	struct irda_sock *self;
1107
1108	IRDA_DEBUG(2, "%s()\n", __func__);
1109
1110	if (net != &init_net)
1111		return -EAFNOSUPPORT;
1112
1113	/* Check for valid socket type */
1114	switch (sock->type) {
1115	case SOCK_STREAM:     /* For TTP connections with SAR disabled */
1116	case SOCK_SEQPACKET:  /* For TTP connections with SAR enabled */
1117	case SOCK_DGRAM:      /* For TTP Unitdata or LMP Ultra transfers */
1118		break;
1119	default:
1120		return -ESOCKTNOSUPPORT;
1121	}
1122
1123	/* Allocate networking socket */
1124	sk = sk_alloc(net, PF_IRDA, GFP_ATOMIC, &irda_proto);
1125	if (sk == NULL)
1126		return -ENOMEM;
1127
1128	self = irda_sk(sk);
1129	IRDA_DEBUG(2, "%s() : self is %p\n", __func__, self);
1130
1131	init_waitqueue_head(&self->query_wait);
1132
1133	switch (sock->type) {
1134	case SOCK_STREAM:
1135		sock->ops = &irda_stream_ops;
1136		self->max_sdu_size_rx = TTP_SAR_DISABLE;
1137		break;
1138	case SOCK_SEQPACKET:
1139		sock->ops = &irda_seqpacket_ops;
1140		self->max_sdu_size_rx = TTP_SAR_UNBOUND;
1141		break;
1142	case SOCK_DGRAM:
1143		switch (protocol) {
1144#ifdef CONFIG_IRDA_ULTRA
1145		case IRDAPROTO_ULTRA:
1146			sock->ops = &irda_ultra_ops;
1147			/* Initialise now, because we may send on unbound
1148			 * sockets. Jean II */
1149			self->max_data_size = ULTRA_MAX_DATA - LMP_PID_HEADER;
1150			self->max_header_size = IRDA_MAX_HEADER + LMP_PID_HEADER;
1151			break;
1152#endif /* CONFIG_IRDA_ULTRA */
1153		case IRDAPROTO_UNITDATA:
1154			sock->ops = &irda_dgram_ops;
1155			/* We let Unitdata conn. be like seqpack conn. */
1156			self->max_sdu_size_rx = TTP_SAR_UNBOUND;
1157			break;
1158		default:
1159			sk_free(sk);
1160			return -ESOCKTNOSUPPORT;
1161		}
1162		break;
1163	default:
1164		sk_free(sk);
1165		return -ESOCKTNOSUPPORT;
1166	}
1167
1168	/* Initialise networking socket struct */
1169	sock_init_data(sock, sk);	/* Note : set sk->sk_refcnt to 1 */
1170	sk->sk_family = PF_IRDA;
1171	sk->sk_protocol = protocol;
1172
1173	/* Register as a client with IrLMP */
1174	self->ckey = irlmp_register_client(0, NULL, NULL, NULL);
1175	self->mask.word = 0xffff;
1176	self->rx_flow = self->tx_flow = FLOW_START;
1177	self->nslots = DISCOVERY_DEFAULT_SLOTS;
1178	self->daddr = DEV_ADDR_ANY;	/* Until we get connected */
1179	self->saddr = 0x0;		/* so IrLMP assign us any link */
1180	return 0;
1181}
1182
1183/*
1184 * Function irda_destroy_socket (self)
1185 *
1186 *    Destroy socket
1187 *
1188 */
1189static void irda_destroy_socket(struct irda_sock *self)
1190{
1191	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
1192
1193	/* Unregister with IrLMP */
1194	irlmp_unregister_client(self->ckey);
1195	irlmp_unregister_service(self->skey);
1196
1197	/* Unregister with LM-IAS */
1198	if (self->ias_obj) {
1199		irias_delete_object(self->ias_obj);
1200		self->ias_obj = NULL;
1201	}
1202
1203	if (self->iriap) {
1204		iriap_close(self->iriap);
1205		self->iriap = NULL;
1206	}
1207
1208	if (self->tsap) {
1209		irttp_disconnect_request(self->tsap, NULL, P_NORMAL);
1210		irttp_close_tsap(self->tsap);
1211		self->tsap = NULL;
1212	}
1213#ifdef CONFIG_IRDA_ULTRA
1214	if (self->lsap) {
1215		irlmp_close_lsap(self->lsap);
1216		self->lsap = NULL;
1217	}
1218#endif /* CONFIG_IRDA_ULTRA */
1219}
1220
1221/*
1222 * Function irda_release (sock)
1223 */
1224static int irda_release(struct socket *sock)
1225{
1226	struct sock *sk = sock->sk;
1227
1228	IRDA_DEBUG(2, "%s()\n", __func__);
1229
1230	if (sk == NULL)
1231		return 0;
1232
1233	lock_kernel();
1234	lock_sock(sk);
1235	sk->sk_state       = TCP_CLOSE;
1236	sk->sk_shutdown   |= SEND_SHUTDOWN;
1237	sk->sk_state_change(sk);
1238
1239	/* Destroy IrDA socket */
1240	irda_destroy_socket(irda_sk(sk));
1241
1242	sock_orphan(sk);
1243	sock->sk   = NULL;
1244	release_sock(sk);
1245
1246	/* Purge queues (see sock_init_data()) */
1247	skb_queue_purge(&sk->sk_receive_queue);
1248
1249	/* Destroy networking socket if we are the last reference on it,
1250	 * i.e. if(sk->sk_refcnt == 0) -> sk_free(sk) */
1251	sock_put(sk);
1252	unlock_kernel();
1253
1254	/* Notes on socket locking and deallocation... - Jean II
1255	 * In theory we should put pairs of sock_hold() / sock_put() to
1256	 * prevent the socket to be destroyed whenever there is an
1257	 * outstanding request or outstanding incoming packet or event.
1258	 *
1259	 * 1) This may include IAS request, both in connect and getsockopt.
1260	 * Unfortunately, the situation is a bit more messy than it looks,
1261	 * because we close iriap and kfree(self) above.
1262	 *
1263	 * 2) This may include selective discovery in getsockopt.
1264	 * Same stuff as above, irlmp registration and self are gone.
1265	 *
1266	 * Probably 1 and 2 may not matter, because it's all triggered
1267	 * by a process and the socket layer already prevent the
1268	 * socket to go away while a process is holding it, through
1269	 * sockfd_put() and fput()...
1270	 *
1271	 * 3) This may include deferred TSAP closure. In particular,
1272	 * we may receive a late irda_disconnect_indication()
1273	 * Fortunately, (tsap_cb *)->close_pend should protect us
1274	 * from that.
1275	 *
1276	 * I did some testing on SMP, and it looks solid. And the socket
1277	 * memory leak is now gone... - Jean II
1278	 */
1279
1280	return 0;
1281}
1282
1283/*
1284 * Function irda_sendmsg (iocb, sock, msg, len)
1285 *
1286 *    Send message down to TinyTP. This function is used for both STREAM and
1287 *    SEQPACK services. This is possible since it forces the client to
1288 *    fragment the message if necessary
1289 */
1290static int irda_sendmsg(struct kiocb *iocb, struct socket *sock,
1291			struct msghdr *msg, size_t len)
1292{
1293	struct sock *sk = sock->sk;
1294	struct irda_sock *self;
1295	struct sk_buff *skb;
1296	int err = -EPIPE;
1297
1298	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1299
1300	lock_kernel();
1301	/* Note : socket.c set MSG_EOR on SEQPACKET sockets */
1302	if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_EOR | MSG_CMSG_COMPAT |
1303			       MSG_NOSIGNAL)) {
1304		err = -EINVAL;
1305		goto out;
1306	}
1307
1308	if (sk->sk_shutdown & SEND_SHUTDOWN)
1309		goto out_err;
1310
1311	if (sk->sk_state != TCP_ESTABLISHED) {
1312		err = -ENOTCONN;
1313		goto out;
1314	}
1315
1316	self = irda_sk(sk);
1317
1318	/* Check if IrTTP is wants us to slow down */
1319
1320	if (wait_event_interruptible(*(sk->sk_sleep),
1321	    (self->tx_flow != FLOW_STOP  ||  sk->sk_state != TCP_ESTABLISHED))) {
1322		err = -ERESTARTSYS;
1323		goto out;
1324	}
1325
1326	/* Check if we are still connected */
1327	if (sk->sk_state != TCP_ESTABLISHED) {
1328		err = -ENOTCONN;
1329		goto out;
1330	}
1331
1332	/* Check that we don't send out too big frames */
1333	if (len > self->max_data_size) {
1334		IRDA_DEBUG(2, "%s(), Chopping frame from %zd to %d bytes!\n",
1335			   __func__, len, self->max_data_size);
1336		len = self->max_data_size;
1337	}
1338
1339	skb = sock_alloc_send_skb(sk, len + self->max_header_size + 16,
1340				  msg->msg_flags & MSG_DONTWAIT, &err);
1341	if (!skb)
1342		goto out_err;
1343
1344	skb_reserve(skb, self->max_header_size + 16);
1345	skb_reset_transport_header(skb);
1346	skb_put(skb, len);
1347	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1348	if (err) {
1349		kfree_skb(skb);
1350		goto out_err;
1351	}
1352
1353	/*
1354	 * Just send the message to TinyTP, and let it deal with possible
1355	 * errors. No need to duplicate all that here
1356	 */
1357	err = irttp_data_request(self->tsap, skb);
1358	if (err) {
1359		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1360		goto out_err;
1361	}
1362
1363	unlock_kernel();
1364	/* Tell client how much data we actually sent */
1365	return len;
1366
1367out_err:
1368	err = sk_stream_error(sk, msg->msg_flags, err);
1369out:
1370	unlock_kernel();
1371	return err;
1372
1373}
1374
1375/*
1376 * Function irda_recvmsg_dgram (iocb, sock, msg, size, flags)
1377 *
1378 *    Try to receive message and copy it to user. The frame is discarded
1379 *    after being read, regardless of how much the user actually read
1380 */
1381static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1382			      struct msghdr *msg, size_t size, int flags)
1383{
1384	struct sock *sk = sock->sk;
1385	struct irda_sock *self = irda_sk(sk);
1386	struct sk_buff *skb;
1387	size_t copied;
1388	int err;
1389
1390	IRDA_DEBUG(4, "%s()\n", __func__);
1391
1392	lock_kernel();
1393	if ((err = sock_error(sk)) < 0)
1394		goto out;
1395
1396	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1397				flags & MSG_DONTWAIT, &err);
1398	if (!skb)
1399		goto out;
1400
1401	skb_reset_transport_header(skb);
1402	copied = skb->len;
1403
1404	if (copied > size) {
1405		IRDA_DEBUG(2, "%s(), Received truncated frame (%zd < %zd)!\n",
1406			   __func__, copied, size);
1407		copied = size;
1408		msg->msg_flags |= MSG_TRUNC;
1409	}
1410	skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1411
1412	skb_free_datagram(sk, skb);
1413
1414	/*
1415	 *  Check if we have previously stopped IrTTP and we know
1416	 *  have more free space in our rx_queue. If so tell IrTTP
1417	 *  to start delivering frames again before our rx_queue gets
1418	 *  empty
1419	 */
1420	if (self->rx_flow == FLOW_STOP) {
1421		if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) {
1422			IRDA_DEBUG(2, "%s(), Starting IrTTP\n", __func__);
1423			self->rx_flow = FLOW_START;
1424			irttp_flow_request(self->tsap, FLOW_START);
1425		}
1426	}
1427	unlock_kernel();
1428	return copied;
1429
1430out:
1431	unlock_kernel();
1432	return err;
1433}
1434
1435/*
1436 * Function irda_recvmsg_stream (iocb, sock, msg, size, flags)
1437 */
1438static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
1439			       struct msghdr *msg, size_t size, int flags)
1440{
1441	struct sock *sk = sock->sk;
1442	struct irda_sock *self = irda_sk(sk);
1443	int noblock = flags & MSG_DONTWAIT;
1444	size_t copied = 0;
1445	int target, err;
1446	long timeo;
1447
1448	IRDA_DEBUG(3, "%s()\n", __func__);
1449
1450	lock_kernel();
1451	if ((err = sock_error(sk)) < 0)
1452		goto out;
1453
1454	err = -EINVAL;
1455	if (sock->flags & __SO_ACCEPTCON)
1456		goto out;
1457
1458	err =-EOPNOTSUPP;
1459	if (flags & MSG_OOB)
1460		goto out;
1461
1462	err = 0;
1463	target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1464	timeo = sock_rcvtimeo(sk, noblock);
1465
1466	msg->msg_namelen = 0;
1467
1468	do {
1469		int chunk;
1470		struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
1471
1472		if (skb == NULL) {
1473			DEFINE_WAIT(wait);
1474			err = 0;
1475
1476			if (copied >= target)
1477				break;
1478
1479			prepare_to_wait_exclusive(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
1480
1481			/*
1482			 *	POSIX 1003.1g mandates this order.
1483			 */
1484			err = sock_error(sk);
1485			if (err)
1486				;
1487			else if (sk->sk_shutdown & RCV_SHUTDOWN)
1488				;
1489			else if (noblock)
1490				err = -EAGAIN;
1491			else if (signal_pending(current))
1492				err = sock_intr_errno(timeo);
1493			else if (sk->sk_state != TCP_ESTABLISHED)
1494				err = -ENOTCONN;
1495			else if (skb_peek(&sk->sk_receive_queue) == NULL)
1496				/* Wait process until data arrives */
1497				schedule();
1498
1499			finish_wait(sk->sk_sleep, &wait);
1500
1501			if (err)
1502				goto out;
1503			if (sk->sk_shutdown & RCV_SHUTDOWN)
1504				break;
1505
1506			continue;
1507		}
1508
1509		chunk = min_t(unsigned int, skb->len, size);
1510		if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1511			skb_queue_head(&sk->sk_receive_queue, skb);
1512			if (copied == 0)
1513				copied = -EFAULT;
1514			break;
1515		}
1516		copied += chunk;
1517		size -= chunk;
1518
1519		/* Mark read part of skb as used */
1520		if (!(flags & MSG_PEEK)) {
1521			skb_pull(skb, chunk);
1522
1523			/* put the skb back if we didn't use it up.. */
1524			if (skb->len) {
1525				IRDA_DEBUG(1, "%s(), back on q!\n",
1526					   __func__);
1527				skb_queue_head(&sk->sk_receive_queue, skb);
1528				break;
1529			}
1530
1531			kfree_skb(skb);
1532		} else {
1533			IRDA_DEBUG(0, "%s() questionable!?\n", __func__);
1534
1535			/* put message back and return */
1536			skb_queue_head(&sk->sk_receive_queue, skb);
1537			break;
1538		}
1539	} while (size);
1540
1541	/*
1542	 *  Check if we have previously stopped IrTTP and we know
1543	 *  have more free space in our rx_queue. If so tell IrTTP
1544	 *  to start delivering frames again before our rx_queue gets
1545	 *  empty
1546	 */
1547	if (self->rx_flow == FLOW_STOP) {
1548		if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) {
1549			IRDA_DEBUG(2, "%s(), Starting IrTTP\n", __func__);
1550			self->rx_flow = FLOW_START;
1551			irttp_flow_request(self->tsap, FLOW_START);
1552		}
1553	}
1554
1555out:
1556	unlock_kernel();
1557	return err ? : copied;
1558}
1559
1560/*
1561 * Function irda_sendmsg_dgram (iocb, sock, msg, len)
1562 *
1563 *    Send message down to TinyTP for the unreliable sequenced
1564 *    packet service...
1565 *
1566 */
1567static int irda_sendmsg_dgram(struct kiocb *iocb, struct socket *sock,
1568			      struct msghdr *msg, size_t len)
1569{
1570	struct sock *sk = sock->sk;
1571	struct irda_sock *self;
1572	struct sk_buff *skb;
1573	int err;
1574
1575	lock_kernel();
1576
1577	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1578
1579	err = -EINVAL;
1580	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
1581		goto out;
1582
1583	if (sk->sk_shutdown & SEND_SHUTDOWN) {
1584		send_sig(SIGPIPE, current, 0);
1585		err = -EPIPE;
1586		goto out;
1587	}
1588
1589	err = -ENOTCONN;
1590	if (sk->sk_state != TCP_ESTABLISHED)
1591		goto out;
1592
1593	self = irda_sk(sk);
1594
1595	/*
1596	 * Check that we don't send out too big frames. This is an unreliable
1597	 * service, so we have no fragmentation and no coalescence
1598	 */
1599	if (len > self->max_data_size) {
1600		IRDA_DEBUG(0, "%s(), Warning to much data! "
1601			   "Chopping frame from %zd to %d bytes!\n",
1602			   __func__, len, self->max_data_size);
1603		len = self->max_data_size;
1604	}
1605
1606	skb = sock_alloc_send_skb(sk, len + self->max_header_size,
1607				  msg->msg_flags & MSG_DONTWAIT, &err);
1608	err = -ENOBUFS;
1609	if (!skb)
1610		goto out;
1611
1612	skb_reserve(skb, self->max_header_size);
1613	skb_reset_transport_header(skb);
1614
1615	IRDA_DEBUG(4, "%s(), appending user data\n", __func__);
1616	skb_put(skb, len);
1617	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1618	if (err) {
1619		kfree_skb(skb);
1620		goto out;
1621	}
1622
1623	/*
1624	 * Just send the message to TinyTP, and let it deal with possible
1625	 * errors. No need to duplicate all that here
1626	 */
1627	err = irttp_udata_request(self->tsap, skb);
1628	if (err) {
1629		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1630		goto out;
1631	}
1632	unlock_kernel();
1633	return len;
1634out:
1635	unlock_kernel();
1636	return err;
1637}
1638
1639/*
1640 * Function irda_sendmsg_ultra (iocb, sock, msg, len)
1641 *
1642 *    Send message down to IrLMP for the unreliable Ultra
1643 *    packet service...
1644 */
1645#ifdef CONFIG_IRDA_ULTRA
1646static int irda_sendmsg_ultra(struct kiocb *iocb, struct socket *sock,
1647			      struct msghdr *msg, size_t len)
1648{
1649	struct sock *sk = sock->sk;
1650	struct irda_sock *self;
1651	__u8 pid = 0;
1652	int bound = 0;
1653	struct sk_buff *skb;
1654	int err;
1655
1656	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1657
1658	lock_kernel();
1659	err = -EINVAL;
1660	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
1661		goto out;
1662
1663	err = -EPIPE;
1664	if (sk->sk_shutdown & SEND_SHUTDOWN) {
1665		send_sig(SIGPIPE, current, 0);
1666		goto out;
1667	}
1668
1669	self = irda_sk(sk);
1670
1671	/* Check if an address was specified with sendto. Jean II */
1672	if (msg->msg_name) {
1673		struct sockaddr_irda *addr = (struct sockaddr_irda *) msg->msg_name;
1674		err = -EINVAL;
1675		/* Check address, extract pid. Jean II */
1676		if (msg->msg_namelen < sizeof(*addr))
1677			goto out;
1678		if (addr->sir_family != AF_IRDA)
1679			goto out;
1680
1681		pid = addr->sir_lsap_sel;
1682		if (pid & 0x80) {
1683			IRDA_DEBUG(0, "%s(), extension in PID not supp!\n", __func__);
1684			err = -EOPNOTSUPP;
1685			goto out;
1686		}
1687	} else {
1688		/* Check that the socket is properly bound to an Ultra
1689		 * port. Jean II */
1690		if ((self->lsap == NULL) ||
1691		    (sk->sk_state != TCP_ESTABLISHED)) {
1692			IRDA_DEBUG(0, "%s(), socket not bound to Ultra PID.\n",
1693				   __func__);
1694			err = -ENOTCONN;
1695			goto out;
1696		}
1697		/* Use PID from socket */
1698		bound = 1;
1699	}
1700
1701	/*
1702	 * Check that we don't send out too big frames. This is an unreliable
1703	 * service, so we have no fragmentation and no coalescence
1704	 */
1705	if (len > self->max_data_size) {
1706		IRDA_DEBUG(0, "%s(), Warning to much data! "
1707			   "Chopping frame from %zd to %d bytes!\n",
1708			   __func__, len, self->max_data_size);
1709		len = self->max_data_size;
1710	}
1711
1712	skb = sock_alloc_send_skb(sk, len + self->max_header_size,
1713				  msg->msg_flags & MSG_DONTWAIT, &err);
1714	err = -ENOBUFS;
1715	if (!skb)
1716		goto out;
1717
1718	skb_reserve(skb, self->max_header_size);
1719	skb_reset_transport_header(skb);
1720
1721	IRDA_DEBUG(4, "%s(), appending user data\n", __func__);
1722	skb_put(skb, len);
1723	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1724	if (err) {
1725		kfree_skb(skb);
1726		goto out;
1727	}
1728
1729	err = irlmp_connless_data_request((bound ? self->lsap : NULL),
1730					  skb, pid);
1731	if (err)
1732		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1733out:
1734	unlock_kernel();
1735	return err ? : len;
1736}
1737#endif /* CONFIG_IRDA_ULTRA */
1738
1739/*
1740 * Function irda_shutdown (sk, how)
1741 */
1742static int irda_shutdown(struct socket *sock, int how)
1743{
1744	struct sock *sk = sock->sk;
1745	struct irda_sock *self = irda_sk(sk);
1746
1747	IRDA_DEBUG(1, "%s(%p)\n", __func__, self);
1748
1749	lock_kernel();
1750
1751	sk->sk_state       = TCP_CLOSE;
1752	sk->sk_shutdown   |= SEND_SHUTDOWN;
1753	sk->sk_state_change(sk);
1754
1755	if (self->iriap) {
1756		iriap_close(self->iriap);
1757		self->iriap = NULL;
1758	}
1759
1760	if (self->tsap) {
1761		irttp_disconnect_request(self->tsap, NULL, P_NORMAL);
1762		irttp_close_tsap(self->tsap);
1763		self->tsap = NULL;
1764	}
1765
1766	/* A few cleanup so the socket look as good as new... */
1767	self->rx_flow = self->tx_flow = FLOW_START;	/* needed ??? */
1768	self->daddr = DEV_ADDR_ANY;	/* Until we get re-connected */
1769	self->saddr = 0x0;		/* so IrLMP assign us any link */
1770
1771	unlock_kernel();
1772
1773	return 0;
1774}
1775
1776/*
1777 * Function irda_poll (file, sock, wait)
1778 */
1779static unsigned int irda_poll(struct file * file, struct socket *sock,
1780			      poll_table *wait)
1781{
1782	struct sock *sk = sock->sk;
1783	struct irda_sock *self = irda_sk(sk);
1784	unsigned int mask;
1785
1786	IRDA_DEBUG(4, "%s()\n", __func__);
1787
1788	lock_kernel();
1789	poll_wait(file, sk->sk_sleep, wait);
1790	mask = 0;
1791
1792	/* Exceptional events? */
1793	if (sk->sk_err)
1794		mask |= POLLERR;
1795	if (sk->sk_shutdown & RCV_SHUTDOWN) {
1796		IRDA_DEBUG(0, "%s(), POLLHUP\n", __func__);
1797		mask |= POLLHUP;
1798	}
1799
1800	/* Readable? */
1801	if (!skb_queue_empty(&sk->sk_receive_queue)) {
1802		IRDA_DEBUG(4, "Socket is readable\n");
1803		mask |= POLLIN | POLLRDNORM;
1804	}
1805
1806	/* Connection-based need to check for termination and startup */
1807	switch (sk->sk_type) {
1808	case SOCK_STREAM:
1809		if (sk->sk_state == TCP_CLOSE) {
1810			IRDA_DEBUG(0, "%s(), POLLHUP\n", __func__);
1811			mask |= POLLHUP;
1812		}
1813
1814		if (sk->sk_state == TCP_ESTABLISHED) {
1815			if ((self->tx_flow == FLOW_START) &&
1816			    sock_writeable(sk))
1817			{
1818				mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1819			}
1820		}
1821		break;
1822	case SOCK_SEQPACKET:
1823		if ((self->tx_flow == FLOW_START) &&
1824		    sock_writeable(sk))
1825		{
1826			mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1827		}
1828		break;
1829	case SOCK_DGRAM:
1830		if (sock_writeable(sk))
1831			mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1832		break;
1833	default:
1834		break;
1835	}
1836	unlock_kernel();
1837	return mask;
1838}
1839
1840static unsigned int irda_datagram_poll(struct file *file, struct socket *sock,
1841			   poll_table *wait)
1842{
1843	int err;
1844
1845	lock_kernel();
1846	err = datagram_poll(file, sock, wait);
1847	unlock_kernel();
1848
1849	return err;
1850}
1851
1852/*
1853 * Function irda_ioctl (sock, cmd, arg)
1854 */
1855static int irda_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1856{
1857	struct sock *sk = sock->sk;
1858	int err;
1859
1860	IRDA_DEBUG(4, "%s(), cmd=%#x\n", __func__, cmd);
1861
1862	lock_kernel();
1863	err = -EINVAL;
1864	switch (cmd) {
1865	case TIOCOUTQ: {
1866		long amount;
1867
1868		amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1869		if (amount < 0)
1870			amount = 0;
1871		err = put_user(amount, (unsigned int __user *)arg);
1872		break;
1873	}
1874
1875	case TIOCINQ: {
1876		struct sk_buff *skb;
1877		long amount = 0L;
1878		/* These two are safe on a single CPU system as only user tasks fiddle here */
1879		if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1880			amount = skb->len;
1881		err = put_user(amount, (unsigned int __user *)arg);
1882		break;
1883	}
1884
1885	case SIOCGSTAMP:
1886		if (sk != NULL)
1887			err = sock_get_timestamp(sk, (struct timeval __user *)arg);
1888		break;
1889
1890	case SIOCGIFADDR:
1891	case SIOCSIFADDR:
1892	case SIOCGIFDSTADDR:
1893	case SIOCSIFDSTADDR:
1894	case SIOCGIFBRDADDR:
1895	case SIOCSIFBRDADDR:
1896	case SIOCGIFNETMASK:
1897	case SIOCSIFNETMASK:
1898	case SIOCGIFMETRIC:
1899	case SIOCSIFMETRIC:
1900		break;
1901	default:
1902		IRDA_DEBUG(1, "%s(), doing device ioctl!\n", __func__);
1903		err = -ENOIOCTLCMD;
1904	}
1905	unlock_kernel();
1906
1907	return err;
1908}
1909
1910#ifdef CONFIG_COMPAT
1911/*
1912 * Function irda_ioctl (sock, cmd, arg)
1913 */
1914static int irda_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1915{
1916	/*
1917	 * All IRDA's ioctl are standard ones.
1918	 */
1919	return -ENOIOCTLCMD;
1920}
1921#endif
1922
1923/*
1924 * Function irda_setsockopt (sock, level, optname, optval, optlen)
1925 *
1926 *    Set some options for the socket
1927 *
1928 */
1929static int __irda_setsockopt(struct socket *sock, int level, int optname,
1930			   char __user *optval, unsigned int optlen)
1931{
1932	struct sock *sk = sock->sk;
1933	struct irda_sock *self = irda_sk(sk);
1934	struct irda_ias_set    *ias_opt;
1935	struct ias_object      *ias_obj;
1936	struct ias_attrib *	ias_attr;	/* Attribute in IAS object */
1937	int opt, free_ias = 0;
1938
1939	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
1940
1941	if (level != SOL_IRLMP)
1942		return -ENOPROTOOPT;
1943
1944	switch (optname) {
1945	case IRLMP_IAS_SET:
1946		/* The user want to add an attribute to an existing IAS object
1947		 * (in the IAS database) or to create a new object with this
1948		 * attribute.
1949		 * We first query IAS to know if the object exist, and then
1950		 * create the right attribute...
1951		 */
1952
1953		if (optlen != sizeof(struct irda_ias_set))
1954			return -EINVAL;
1955
1956		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
1957		if (ias_opt == NULL)
1958			return -ENOMEM;
1959
1960		/* Copy query to the driver. */
1961		if (copy_from_user(ias_opt, optval, optlen)) {
1962			kfree(ias_opt);
1963			return -EFAULT;
1964		}
1965
1966		/* Find the object we target.
1967		 * If the user gives us an empty string, we use the object
1968		 * associated with this socket. This will workaround
1969		 * duplicated class name - Jean II */
1970		if(ias_opt->irda_class_name[0] == '\0') {
1971			if(self->ias_obj == NULL) {
1972				kfree(ias_opt);
1973				return -EINVAL;
1974			}
1975			ias_obj = self->ias_obj;
1976		} else
1977			ias_obj = irias_find_object(ias_opt->irda_class_name);
1978
1979		/* Only ROOT can mess with the global IAS database.
1980		 * Users can only add attributes to the object associated
1981		 * with the socket they own - Jean II */
1982		if((!capable(CAP_NET_ADMIN)) &&
1983		   ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
1984			kfree(ias_opt);
1985			return -EPERM;
1986		}
1987
1988		/* If the object doesn't exist, create it */
1989		if(ias_obj == (struct ias_object *) NULL) {
1990			/* Create a new object */
1991			ias_obj = irias_new_object(ias_opt->irda_class_name,
1992						   jiffies);
1993			if (ias_obj == NULL) {
1994				kfree(ias_opt);
1995				return -ENOMEM;
1996			}
1997			free_ias = 1;
1998		}
1999
2000		/* Do we have the attribute already ? */
2001		if(irias_find_attrib(ias_obj, ias_opt->irda_attrib_name)) {
2002			kfree(ias_opt);
2003			if (free_ias) {
2004				kfree(ias_obj->name);
2005				kfree(ias_obj);
2006			}
2007			return -EINVAL;
2008		}
2009
2010		/* Look at the type */
2011		switch(ias_opt->irda_attrib_type) {
2012		case IAS_INTEGER:
2013			/* Add an integer attribute */
2014			irias_add_integer_attrib(
2015				ias_obj,
2016				ias_opt->irda_attrib_name,
2017				ias_opt->attribute.irda_attrib_int,
2018				IAS_USER_ATTR);
2019			break;
2020		case IAS_OCT_SEQ:
2021			/* Check length */
2022			if(ias_opt->attribute.irda_attrib_octet_seq.len >
2023			   IAS_MAX_OCTET_STRING) {
2024				kfree(ias_opt);
2025				if (free_ias) {
2026					kfree(ias_obj->name);
2027					kfree(ias_obj);
2028				}
2029
2030				return -EINVAL;
2031			}
2032			/* Add an octet sequence attribute */
2033			irias_add_octseq_attrib(
2034			      ias_obj,
2035			      ias_opt->irda_attrib_name,
2036			      ias_opt->attribute.irda_attrib_octet_seq.octet_seq,
2037			      ias_opt->attribute.irda_attrib_octet_seq.len,
2038			      IAS_USER_ATTR);
2039			break;
2040		case IAS_STRING:
2041			/* Should check charset & co */
2042			/* Check length */
2043			/* The length is encoded in a __u8, and
2044			 * IAS_MAX_STRING == 256, so there is no way
2045			 * userspace can pass us a string too large.
2046			 * Jean II */
2047			/* NULL terminate the string (avoid troubles) */
2048			ias_opt->attribute.irda_attrib_string.string[ias_opt->attribute.irda_attrib_string.len] = '\0';
2049			/* Add a string attribute */
2050			irias_add_string_attrib(
2051				ias_obj,
2052				ias_opt->irda_attrib_name,
2053				ias_opt->attribute.irda_attrib_string.string,
2054				IAS_USER_ATTR);
2055			break;
2056		default :
2057			kfree(ias_opt);
2058			if (free_ias) {
2059				kfree(ias_obj->name);
2060				kfree(ias_obj);
2061			}
2062			return -EINVAL;
2063		}
2064		irias_insert_object(ias_obj);
2065		kfree(ias_opt);
2066		break;
2067	case IRLMP_IAS_DEL:
2068		/* The user want to delete an object from our local IAS
2069		 * database. We just need to query the IAS, check is the
2070		 * object is not owned by the kernel and delete it.
2071		 */
2072
2073		if (optlen != sizeof(struct irda_ias_set))
2074			return -EINVAL;
2075
2076		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2077		if (ias_opt == NULL)
2078			return -ENOMEM;
2079
2080		/* Copy query to the driver. */
2081		if (copy_from_user(ias_opt, optval, optlen)) {
2082			kfree(ias_opt);
2083			return -EFAULT;
2084		}
2085
2086		/* Find the object we target.
2087		 * If the user gives us an empty string, we use the object
2088		 * associated with this socket. This will workaround
2089		 * duplicated class name - Jean II */
2090		if(ias_opt->irda_class_name[0] == '\0')
2091			ias_obj = self->ias_obj;
2092		else
2093			ias_obj = irias_find_object(ias_opt->irda_class_name);
2094		if(ias_obj == (struct ias_object *) NULL) {
2095			kfree(ias_opt);
2096			return -EINVAL;
2097		}
2098
2099		/* Only ROOT can mess with the global IAS database.
2100		 * Users can only del attributes from the object associated
2101		 * with the socket they own - Jean II */
2102		if((!capable(CAP_NET_ADMIN)) &&
2103		   ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
2104			kfree(ias_opt);
2105			return -EPERM;
2106		}
2107
2108		/* Find the attribute (in the object) we target */
2109		ias_attr = irias_find_attrib(ias_obj,
2110					     ias_opt->irda_attrib_name);
2111		if(ias_attr == (struct ias_attrib *) NULL) {
2112			kfree(ias_opt);
2113			return -EINVAL;
2114		}
2115
2116		/* Check is the user space own the object */
2117		if(ias_attr->value->owner != IAS_USER_ATTR) {
2118			IRDA_DEBUG(1, "%s(), attempting to delete a kernel attribute\n", __func__);
2119			kfree(ias_opt);
2120			return -EPERM;
2121		}
2122
2123		/* Remove the attribute (and maybe the object) */
2124		irias_delete_attrib(ias_obj, ias_attr, 1);
2125		kfree(ias_opt);
2126		break;
2127	case IRLMP_MAX_SDU_SIZE:
2128		if (optlen < sizeof(int))
2129			return -EINVAL;
2130
2131		if (get_user(opt, (int __user *)optval))
2132			return -EFAULT;
2133
2134		/* Only possible for a seqpacket service (TTP with SAR) */
2135		if (sk->sk_type != SOCK_SEQPACKET) {
2136			IRDA_DEBUG(2, "%s(), setting max_sdu_size = %d\n",
2137				   __func__, opt);
2138			self->max_sdu_size_rx = opt;
2139		} else {
2140			IRDA_WARNING("%s: not allowed to set MAXSDUSIZE for this socket type!\n",
2141				     __func__);
2142			return -ENOPROTOOPT;
2143		}
2144		break;
2145	case IRLMP_HINTS_SET:
2146		if (optlen < sizeof(int))
2147			return -EINVAL;
2148
2149		/* The input is really a (__u8 hints[2]), easier as an int */
2150		if (get_user(opt, (int __user *)optval))
2151			return -EFAULT;
2152
2153		/* Unregister any old registration */
2154		if (self->skey)
2155			irlmp_unregister_service(self->skey);
2156
2157		self->skey = irlmp_register_service((__u16) opt);
2158		break;
2159	case IRLMP_HINT_MASK_SET:
2160		/* As opposed to the previous case which set the hint bits
2161		 * that we advertise, this one set the filter we use when
2162		 * making a discovery (nodes which don't match any hint
2163		 * bit in the mask are not reported).
2164		 */
2165		if (optlen < sizeof(int))
2166			return -EINVAL;
2167
2168		/* The input is really a (__u8 hints[2]), easier as an int */
2169		if (get_user(opt, (int __user *)optval))
2170			return -EFAULT;
2171
2172		/* Set the new hint mask */
2173		self->mask.word = (__u16) opt;
2174		/* Mask out extension bits */
2175		self->mask.word &= 0x7f7f;
2176		/* Check if no bits */
2177		if(!self->mask.word)
2178			self->mask.word = 0xFFFF;
2179
2180		break;
2181	default:
2182		return -ENOPROTOOPT;
2183	}
2184	return 0;
2185}
2186
2187static int irda_setsockopt(struct socket *sock, int level, int optname,
2188			   char __user *optval, unsigned int optlen)
2189{
2190	int err;
2191
2192	lock_kernel();
2193	err = __irda_setsockopt(sock, level, optname, optval, optlen);
2194	unlock_kernel();
2195
2196	return err;
2197}
2198
2199/*
2200 * Function irda_extract_ias_value(ias_opt, ias_value)
2201 *
2202 *    Translate internal IAS value structure to the user space representation
2203 *
2204 * The external representation of IAS values, as we exchange them with
2205 * user space program is quite different from the internal representation,
2206 * as stored in the IAS database (because we need a flat structure for
2207 * crossing kernel boundary).
2208 * This function transform the former in the latter. We also check
2209 * that the value type is valid.
2210 */
2211static int irda_extract_ias_value(struct irda_ias_set *ias_opt,
2212				  struct ias_value *ias_value)
2213{
2214	/* Look at the type */
2215	switch (ias_value->type) {
2216	case IAS_INTEGER:
2217		/* Copy the integer */
2218		ias_opt->attribute.irda_attrib_int = ias_value->t.integer;
2219		break;
2220	case IAS_OCT_SEQ:
2221		/* Set length */
2222		ias_opt->attribute.irda_attrib_octet_seq.len = ias_value->len;
2223		/* Copy over */
2224		memcpy(ias_opt->attribute.irda_attrib_octet_seq.octet_seq,
2225		       ias_value->t.oct_seq, ias_value->len);
2226		break;
2227	case IAS_STRING:
2228		/* Set length */
2229		ias_opt->attribute.irda_attrib_string.len = ias_value->len;
2230		ias_opt->attribute.irda_attrib_string.charset = ias_value->charset;
2231		/* Copy over */
2232		memcpy(ias_opt->attribute.irda_attrib_string.string,
2233		       ias_value->t.string, ias_value->len);
2234		/* NULL terminate the string (avoid troubles) */
2235		ias_opt->attribute.irda_attrib_string.string[ias_value->len] = '\0';
2236		break;
2237	case IAS_MISSING:
2238	default :
2239		return -EINVAL;
2240	}
2241
2242	/* Copy type over */
2243	ias_opt->irda_attrib_type = ias_value->type;
2244
2245	return 0;
2246}
2247
2248/*
2249 * Function irda_getsockopt (sock, level, optname, optval, optlen)
2250 */
2251static int __irda_getsockopt(struct socket *sock, int level, int optname,
2252			   char __user *optval, int __user *optlen)
2253{
2254	struct sock *sk = sock->sk;
2255	struct irda_sock *self = irda_sk(sk);
2256	struct irda_device_list list;
2257	struct irda_device_info *discoveries;
2258	struct irda_ias_set *	ias_opt;	/* IAS get/query params */
2259	struct ias_object *	ias_obj;	/* Object in IAS */
2260	struct ias_attrib *	ias_attr;	/* Attribute in IAS object */
2261	int daddr = DEV_ADDR_ANY;	/* Dest address for IAS queries */
2262	int val = 0;
2263	int len = 0;
2264	int err;
2265	int offset, total;
2266
2267	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
2268
2269	if (level != SOL_IRLMP)
2270		return -ENOPROTOOPT;
2271
2272	if (get_user(len, optlen))
2273		return -EFAULT;
2274
2275	if(len < 0)
2276		return -EINVAL;
2277
2278	switch (optname) {
2279	case IRLMP_ENUMDEVICES:
2280		/* Ask lmp for the current discovery log */
2281		discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
2282						    self->nslots);
2283		/* Check if the we got some results */
2284		if (discoveries == NULL)
2285			return -EAGAIN;		/* Didn't find any devices */
2286		err = 0;
2287
2288		/* Write total list length back to client */
2289		if (copy_to_user(optval, &list,
2290				 sizeof(struct irda_device_list) -
2291				 sizeof(struct irda_device_info)))
2292			err = -EFAULT;
2293
2294		/* Offset to first device entry */
2295		offset = sizeof(struct irda_device_list) -
2296			sizeof(struct irda_device_info);
2297
2298		/* Copy the list itself - watch for overflow */
2299		if(list.len > 2048)
2300		{
2301			err = -EINVAL;
2302			goto bed;
2303		}
2304		total = offset + (list.len * sizeof(struct irda_device_info));
2305		if (total > len)
2306			total = len;
2307		if (copy_to_user(optval+offset, discoveries, total - offset))
2308			err = -EFAULT;
2309
2310		/* Write total number of bytes used back to client */
2311		if (put_user(total, optlen))
2312			err = -EFAULT;
2313bed:
2314		/* Free up our buffer */
2315		kfree(discoveries);
2316		if (err)
2317			return err;
2318		break;
2319	case IRLMP_MAX_SDU_SIZE:
2320		val = self->max_data_size;
2321		len = sizeof(int);
2322		if (put_user(len, optlen))
2323			return -EFAULT;
2324
2325		if (copy_to_user(optval, &val, len))
2326			return -EFAULT;
2327		break;
2328	case IRLMP_IAS_GET:
2329		/* The user want an object from our local IAS database.
2330		 * We just need to query the IAS and return the value
2331		 * that we found */
2332
2333		/* Check that the user has allocated the right space for us */
2334		if (len != sizeof(struct irda_ias_set))
2335			return -EINVAL;
2336
2337		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2338		if (ias_opt == NULL)
2339			return -ENOMEM;
2340
2341		/* Copy query to the driver. */
2342		if (copy_from_user(ias_opt, optval, len)) {
2343			kfree(ias_opt);
2344			return -EFAULT;
2345		}
2346
2347		/* Find the object we target.
2348		 * If the user gives us an empty string, we use the object
2349		 * associated with this socket. This will workaround
2350		 * duplicated class name - Jean II */
2351		if(ias_opt->irda_class_name[0] == '\0')
2352			ias_obj = self->ias_obj;
2353		else
2354			ias_obj = irias_find_object(ias_opt->irda_class_name);
2355		if(ias_obj == (struct ias_object *) NULL) {
2356			kfree(ias_opt);
2357			return -EINVAL;
2358		}
2359
2360		/* Find the attribute (in the object) we target */
2361		ias_attr = irias_find_attrib(ias_obj,
2362					     ias_opt->irda_attrib_name);
2363		if(ias_attr == (struct ias_attrib *) NULL) {
2364			kfree(ias_opt);
2365			return -EINVAL;
2366		}
2367
2368		/* Translate from internal to user structure */
2369		err = irda_extract_ias_value(ias_opt, ias_attr->value);
2370		if(err) {
2371			kfree(ias_opt);
2372			return err;
2373		}
2374
2375		/* Copy reply to the user */
2376		if (copy_to_user(optval, ias_opt,
2377				 sizeof(struct irda_ias_set))) {
2378			kfree(ias_opt);
2379			return -EFAULT;
2380		}
2381		/* Note : don't need to put optlen, we checked it */
2382		kfree(ias_opt);
2383		break;
2384	case IRLMP_IAS_QUERY:
2385		/* The user want an object from a remote IAS database.
2386		 * We need to use IAP to query the remote database and
2387		 * then wait for the answer to come back. */
2388
2389		/* Check that the user has allocated the right space for us */
2390		if (len != sizeof(struct irda_ias_set))
2391			return -EINVAL;
2392
2393		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2394		if (ias_opt == NULL)
2395			return -ENOMEM;
2396
2397		/* Copy query to the driver. */
2398		if (copy_from_user(ias_opt, optval, len)) {
2399			kfree(ias_opt);
2400			return -EFAULT;
2401		}
2402
2403		/* At this point, there are two cases...
2404		 * 1) the socket is connected - that's the easy case, we
2405		 *	just query the device we are connected to...
2406		 * 2) the socket is not connected - the user doesn't want
2407		 *	to connect and/or may not have a valid service name
2408		 *	(so can't create a fake connection). In this case,
2409		 *	we assume that the user pass us a valid destination
2410		 *	address in the requesting structure...
2411		 */
2412		if(self->daddr != DEV_ADDR_ANY) {
2413			/* We are connected - reuse known daddr */
2414			daddr = self->daddr;
2415		} else {
2416			/* We are not connected, we must specify a valid
2417			 * destination address */
2418			daddr = ias_opt->daddr;
2419			if((!daddr) || (daddr == DEV_ADDR_ANY)) {
2420				kfree(ias_opt);
2421				return -EINVAL;
2422			}
2423		}
2424
2425		/* Check that we can proceed with IAP */
2426		if (self->iriap) {
2427			IRDA_WARNING("%s: busy with a previous query\n",
2428				     __func__);
2429			kfree(ias_opt);
2430			return -EBUSY;
2431		}
2432
2433		self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self,
2434					 irda_getvalue_confirm);
2435
2436		if (self->iriap == NULL) {
2437			kfree(ias_opt);
2438			return -ENOMEM;
2439		}
2440
2441		/* Treat unexpected wakeup as disconnect */
2442		self->errno = -EHOSTUNREACH;
2443
2444		/* Query remote LM-IAS */
2445		iriap_getvaluebyclass_request(self->iriap,
2446					      self->saddr, daddr,
2447					      ias_opt->irda_class_name,
2448					      ias_opt->irda_attrib_name);
2449
2450		/* Wait for answer, if not yet finished (or failed) */
2451		if (wait_event_interruptible(self->query_wait,
2452					     (self->iriap == NULL))) {
2453			/* pending request uses copy of ias_opt-content
2454			 * we can free it regardless! */
2455			kfree(ias_opt);
2456			/* Treat signals as disconnect */
2457			return -EHOSTUNREACH;
2458		}
2459
2460		/* Check what happened */
2461		if (self->errno)
2462		{
2463			kfree(ias_opt);
2464			/* Requested object/attribute doesn't exist */
2465			if((self->errno == IAS_CLASS_UNKNOWN) ||
2466			   (self->errno == IAS_ATTRIB_UNKNOWN))
2467				return (-EADDRNOTAVAIL);
2468			else
2469				return (-EHOSTUNREACH);
2470		}
2471
2472		/* Translate from internal to user structure */
2473		err = irda_extract_ias_value(ias_opt, self->ias_result);
2474		if (self->ias_result)
2475			irias_delete_value(self->ias_result);
2476		if (err) {
2477			kfree(ias_opt);
2478			return err;
2479		}
2480
2481		/* Copy reply to the user */
2482		if (copy_to_user(optval, ias_opt,
2483				 sizeof(struct irda_ias_set))) {
2484			kfree(ias_opt);
2485			return -EFAULT;
2486		}
2487		/* Note : don't need to put optlen, we checked it */
2488		kfree(ias_opt);
2489		break;
2490	case IRLMP_WAITDEVICE:
2491		/* This function is just another way of seeing life ;-)
2492		 * IRLMP_ENUMDEVICES assumes that you have a static network,
2493		 * and that you just want to pick one of the devices present.
2494		 * On the other hand, in here we assume that no device is
2495		 * present and that at some point in the future a device will
2496		 * come into range. When this device arrive, we just wake
2497		 * up the caller, so that he has time to connect to it before
2498		 * the device goes away...
2499		 * Note : once the node has been discovered for more than a
2500		 * few second, it won't trigger this function, unless it
2501		 * goes away and come back changes its hint bits (so we
2502		 * might call it IRLMP_WAITNEWDEVICE).
2503		 */
2504
2505		/* Check that the user is passing us an int */
2506		if (len != sizeof(int))
2507			return -EINVAL;
2508		/* Get timeout in ms (max time we block the caller) */
2509		if (get_user(val, (int __user *)optval))
2510			return -EFAULT;
2511
2512		/* Tell IrLMP we want to be notified */
2513		irlmp_update_client(self->ckey, self->mask.word,
2514				    irda_selective_discovery_indication,
2515				    NULL, (void *) self);
2516
2517		/* Do some discovery (and also return cached results) */
2518		irlmp_discovery_request(self->nslots);
2519
2520		/* Wait until a node is discovered */
2521		if (!self->cachedaddr) {
2522			int ret = 0;
2523
2524			IRDA_DEBUG(1, "%s(), nothing discovered yet, going to sleep...\n", __func__);
2525
2526			/* Set watchdog timer to expire in <val> ms. */
2527			self->errno = 0;
2528			setup_timer(&self->watchdog, irda_discovery_timeout,
2529					(unsigned long)self);
2530			self->watchdog.expires = jiffies + (val * HZ/1000);
2531			add_timer(&(self->watchdog));
2532
2533			/* Wait for IR-LMP to call us back */
2534			__wait_event_interruptible(self->query_wait,
2535			      (self->cachedaddr != 0 || self->errno == -ETIME),
2536						   ret);
2537
2538			/* If watchdog is still activated, kill it! */
2539			if(timer_pending(&(self->watchdog)))
2540				del_timer(&(self->watchdog));
2541
2542			IRDA_DEBUG(1, "%s(), ...waking up !\n", __func__);
2543
2544			if (ret != 0)
2545				return ret;
2546		}
2547		else
2548			IRDA_DEBUG(1, "%s(), found immediately !\n",
2549				   __func__);
2550
2551		/* Tell IrLMP that we have been notified */
2552		irlmp_update_client(self->ckey, self->mask.word,
2553				    NULL, NULL, NULL);
2554
2555		/* Check if the we got some results */
2556		if (!self->cachedaddr)
2557			return -EAGAIN;		/* Didn't find any devices */
2558		daddr = self->cachedaddr;
2559		/* Cleanup */
2560		self->cachedaddr = 0;
2561
2562		/* We return the daddr of the device that trigger the
2563		 * wakeup. As irlmp pass us only the new devices, we
2564		 * are sure that it's not an old device.
2565		 * If the user want more details, he should query
2566		 * the whole discovery log and pick one device...
2567		 */
2568		if (put_user(daddr, (int __user *)optval))
2569			return -EFAULT;
2570
2571		break;
2572	default:
2573		return -ENOPROTOOPT;
2574	}
2575
2576	return 0;
2577}
2578
2579static int irda_getsockopt(struct socket *sock, int level, int optname,
2580			   char __user *optval, int __user *optlen)
2581{
2582	int err;
2583
2584	lock_kernel();
2585	err = __irda_getsockopt(sock, level, optname, optval, optlen);
2586	unlock_kernel();
2587
2588	return err;
2589}
2590
2591static const struct net_proto_family irda_family_ops = {
2592	.family = PF_IRDA,
2593	.create = irda_create,
2594	.owner	= THIS_MODULE,
2595};
2596
2597static const struct proto_ops irda_stream_ops = {
2598	.family =	PF_IRDA,
2599	.owner =	THIS_MODULE,
2600	.release =	irda_release,
2601	.bind =		irda_bind,
2602	.connect =	irda_connect,
2603	.socketpair =	sock_no_socketpair,
2604	.accept =	irda_accept,
2605	.getname =	irda_getname,
2606	.poll =		irda_poll,
2607	.ioctl =	irda_ioctl,
2608#ifdef CONFIG_COMPAT
2609	.compat_ioctl =	irda_compat_ioctl,
2610#endif
2611	.listen =	irda_listen,
2612	.shutdown =	irda_shutdown,
2613	.setsockopt =	irda_setsockopt,
2614	.getsockopt =	irda_getsockopt,
2615	.sendmsg =	irda_sendmsg,
2616	.recvmsg =	irda_recvmsg_stream,
2617	.mmap =		sock_no_mmap,
2618	.sendpage =	sock_no_sendpage,
2619};
2620
2621static const struct proto_ops irda_seqpacket_ops = {
2622	.family =	PF_IRDA,
2623	.owner =	THIS_MODULE,
2624	.release =	irda_release,
2625	.bind =		irda_bind,
2626	.connect =	irda_connect,
2627	.socketpair =	sock_no_socketpair,
2628	.accept =	irda_accept,
2629	.getname =	irda_getname,
2630	.poll =		irda_datagram_poll,
2631	.ioctl =	irda_ioctl,
2632#ifdef CONFIG_COMPAT
2633	.compat_ioctl =	irda_compat_ioctl,
2634#endif
2635	.listen =	irda_listen,
2636	.shutdown =	irda_shutdown,
2637	.setsockopt =	irda_setsockopt,
2638	.getsockopt =	irda_getsockopt,
2639	.sendmsg =	irda_sendmsg,
2640	.recvmsg =	irda_recvmsg_dgram,
2641	.mmap =		sock_no_mmap,
2642	.sendpage =	sock_no_sendpage,
2643};
2644
2645static const struct proto_ops irda_dgram_ops = {
2646	.family =	PF_IRDA,
2647	.owner =	THIS_MODULE,
2648	.release =	irda_release,
2649	.bind =		irda_bind,
2650	.connect =	irda_connect,
2651	.socketpair =	sock_no_socketpair,
2652	.accept =	irda_accept,
2653	.getname =	irda_getname,
2654	.poll =		irda_datagram_poll,
2655	.ioctl =	irda_ioctl,
2656#ifdef CONFIG_COMPAT
2657	.compat_ioctl =	irda_compat_ioctl,
2658#endif
2659	.listen =	irda_listen,
2660	.shutdown =	irda_shutdown,
2661	.setsockopt =	irda_setsockopt,
2662	.getsockopt =	irda_getsockopt,
2663	.sendmsg =	irda_sendmsg_dgram,
2664	.recvmsg =	irda_recvmsg_dgram,
2665	.mmap =		sock_no_mmap,
2666	.sendpage =	sock_no_sendpage,
2667};
2668
2669#ifdef CONFIG_IRDA_ULTRA
2670static const struct proto_ops irda_ultra_ops = {
2671	.family =	PF_IRDA,
2672	.owner =	THIS_MODULE,
2673	.release =	irda_release,
2674	.bind =		irda_bind,
2675	.connect =	sock_no_connect,
2676	.socketpair =	sock_no_socketpair,
2677	.accept =	sock_no_accept,
2678	.getname =	irda_getname,
2679	.poll =		irda_datagram_poll,
2680	.ioctl =	irda_ioctl,
2681#ifdef CONFIG_COMPAT
2682	.compat_ioctl =	irda_compat_ioctl,
2683#endif
2684	.listen =	sock_no_listen,
2685	.shutdown =	irda_shutdown,
2686	.setsockopt =	irda_setsockopt,
2687	.getsockopt =	irda_getsockopt,
2688	.sendmsg =	irda_sendmsg_ultra,
2689	.recvmsg =	irda_recvmsg_dgram,
2690	.mmap =		sock_no_mmap,
2691	.sendpage =	sock_no_sendpage,
2692};
2693#endif /* CONFIG_IRDA_ULTRA */
2694
2695/*
2696 * Function irsock_init (pro)
2697 *
2698 *    Initialize IrDA protocol
2699 *
2700 */
2701int __init irsock_init(void)
2702{
2703	int rc = proto_register(&irda_proto, 0);
2704
2705	if (rc == 0)
2706		rc = sock_register(&irda_family_ops);
2707
2708	return rc;
2709}
2710
2711/*
2712 * Function irsock_cleanup (void)
2713 *
2714 *    Remove IrDA protocol
2715 *
2716 */
2717void irsock_cleanup(void)
2718{
2719	sock_unregister(PF_IRDA);
2720	proto_unregister(&irda_proto);
2721}
Configure Feed

Configure Feed
