net/irda/af_irda.c at v2.6.37-rc5

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / irda / af_irda.c
at v2.6.37-rc5 2743 lines 69 kB view raw
wrap content
   1/*********************************************************************
   2 *
   3 * Filename:      af_irda.c
   4 * Version:       0.9
   5 * Description:   IrDA sockets implementation
   6 * Status:        Stable
   7 * Author:        Dag Brattli <dagb@cs.uit.no>
   8 * Created at:    Sun May 31 10:12:43 1998
   9 * Modified at:   Sat Dec 25 21:10:23 1999
  10 * Modified by:   Dag Brattli <dag@brattli.net>
  11 * Sources:       af_netroom.c, af_ax25.c, af_rose.c, af_x25.c etc.
  12 *
  13 *     Copyright (c) 1999 Dag Brattli <dagb@cs.uit.no>
  14 *     Copyright (c) 1999-2003 Jean Tourrilhes <jt@hpl.hp.com>
  15 *     All Rights Reserved.
  16 *
  17 *     This program is free software; you can redistribute it and/or
  18 *     modify it under the terms of the GNU General Public License as
  19 *     published by the Free Software Foundation; either version 2 of
  20 *     the License, or (at your option) any later version.
  21 *
  22 *     This program is distributed in the hope that it will be useful,
  23 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
  24 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25 *     GNU General Public License for more details.
  26 *
  27 *     You should have received a copy of the GNU General Public License
  28 *     along with this program; if not, write to the Free Software
  29 *     Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  30 *     MA 02111-1307 USA
  31 *
  32 *     Linux-IrDA now supports four different types of IrDA sockets:
  33 *
  34 *     o SOCK_STREAM:    TinyTP connections with SAR disabled. The
  35 *                       max SDU size is 0 for conn. of this type
  36 *     o SOCK_SEQPACKET: TinyTP connections with SAR enabled. TTP may
  37 *                       fragment the messages, but will preserve
  38 *                       the message boundaries
  39 *     o SOCK_DGRAM:     IRDAPROTO_UNITDATA: TinyTP connections with Unitdata
  40 *                       (unreliable) transfers
  41 *                       IRDAPROTO_ULTRA: Connectionless and unreliable data
  42 *
  43 ********************************************************************/
  44
  45#include <linux/capability.h>
  46#include <linux/module.h>
  47#include <linux/types.h>
  48#include <linux/socket.h>
  49#include <linux/sockios.h>
  50#include <linux/slab.h>
  51#include <linux/init.h>
  52#include <linux/net.h>
  53#include <linux/irda.h>
  54#include <linux/poll.h>
  55
  56#include <asm/ioctls.h>		/* TIOCOUTQ, TIOCINQ */
  57#include <asm/uaccess.h>
  58
  59#include <net/sock.h>
  60#include <net/tcp_states.h>
  61
  62#include <net/irda/af_irda.h>
  63
  64static int irda_create(struct net *net, struct socket *sock, int protocol, int kern);
  65
  66static const struct proto_ops irda_stream_ops;
  67static const struct proto_ops irda_seqpacket_ops;
  68static const struct proto_ops irda_dgram_ops;
  69
  70#ifdef CONFIG_IRDA_ULTRA
  71static const struct proto_ops irda_ultra_ops;
  72#define ULTRA_MAX_DATA 382
  73#endif /* CONFIG_IRDA_ULTRA */
  74
  75#define IRDA_MAX_HEADER (TTP_MAX_HEADER)
  76
  77/*
  78 * Function irda_data_indication (instance, sap, skb)
  79 *
  80 *    Received some data from TinyTP. Just queue it on the receive queue
  81 *
  82 */
  83static int irda_data_indication(void *instance, void *sap, struct sk_buff *skb)
  84{
  85	struct irda_sock *self;
  86	struct sock *sk;
  87	int err;
  88
  89	IRDA_DEBUG(3, "%s()\n", __func__);
  90
  91	self = instance;
  92	sk = instance;
  93
  94	err = sock_queue_rcv_skb(sk, skb);
  95	if (err) {
  96		IRDA_DEBUG(1, "%s(), error: no more mem!\n", __func__);
  97		self->rx_flow = FLOW_STOP;
  98
  99		/* When we return error, TTP will need to requeue the skb */
 100		return err;
 101	}
 102
 103	return 0;
 104}
 105
 106/*
 107 * Function irda_disconnect_indication (instance, sap, reason, skb)
 108 *
 109 *    Connection has been closed. Check reason to find out why
 110 *
 111 */
 112static void irda_disconnect_indication(void *instance, void *sap,
 113				       LM_REASON reason, struct sk_buff *skb)
 114{
 115	struct irda_sock *self;
 116	struct sock *sk;
 117
 118	self = instance;
 119
 120	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 121
 122	/* Don't care about it, but let's not leak it */
 123	if(skb)
 124		dev_kfree_skb(skb);
 125
 126	sk = instance;
 127	if (sk == NULL) {
 128		IRDA_DEBUG(0, "%s(%p) : BUG : sk is NULL\n",
 129			   __func__, self);
 130		return;
 131	}
 132
 133	/* Prevent race conditions with irda_release() and irda_shutdown() */
 134	bh_lock_sock(sk);
 135	if (!sock_flag(sk, SOCK_DEAD) && sk->sk_state != TCP_CLOSE) {
 136		sk->sk_state     = TCP_CLOSE;
 137		sk->sk_shutdown |= SEND_SHUTDOWN;
 138
 139		sk->sk_state_change(sk);
 140
 141		/* Close our TSAP.
 142		 * If we leave it open, IrLMP put it back into the list of
 143		 * unconnected LSAPs. The problem is that any incoming request
 144		 * can then be matched to this socket (and it will be, because
 145		 * it is at the head of the list). This would prevent any
 146		 * listening socket waiting on the same TSAP to get those
 147		 * requests. Some apps forget to close sockets, or hang to it
 148		 * a bit too long, so we may stay in this dead state long
 149		 * enough to be noticed...
 150		 * Note : all socket function do check sk->sk_state, so we are
 151		 * safe...
 152		 * Jean II
 153		 */
 154		if (self->tsap) {
 155			irttp_close_tsap(self->tsap);
 156			self->tsap = NULL;
 157		}
 158	}
 159	bh_unlock_sock(sk);
 160
 161	/* Note : once we are there, there is not much you want to do
 162	 * with the socket anymore, apart from closing it.
 163	 * For example, bind() and connect() won't reset sk->sk_err,
 164	 * sk->sk_shutdown and sk->sk_flags to valid values...
 165	 * Jean II
 166	 */
 167}
 168
 169/*
 170 * Function irda_connect_confirm (instance, sap, qos, max_sdu_size, skb)
 171 *
 172 *    Connections has been confirmed by the remote device
 173 *
 174 */
 175static void irda_connect_confirm(void *instance, void *sap,
 176				 struct qos_info *qos,
 177				 __u32 max_sdu_size, __u8 max_header_size,
 178				 struct sk_buff *skb)
 179{
 180	struct irda_sock *self;
 181	struct sock *sk;
 182
 183	self = instance;
 184
 185	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 186
 187	sk = instance;
 188	if (sk == NULL) {
 189		dev_kfree_skb(skb);
 190		return;
 191	}
 192
 193	dev_kfree_skb(skb);
 194	// Should be ??? skb_queue_tail(&sk->sk_receive_queue, skb);
 195
 196	/* How much header space do we need to reserve */
 197	self->max_header_size = max_header_size;
 198
 199	/* IrTTP max SDU size in transmit direction */
 200	self->max_sdu_size_tx = max_sdu_size;
 201
 202	/* Find out what the largest chunk of data that we can transmit is */
 203	switch (sk->sk_type) {
 204	case SOCK_STREAM:
 205		if (max_sdu_size != 0) {
 206			IRDA_ERROR("%s: max_sdu_size must be 0\n",
 207				   __func__);
 208			return;
 209		}
 210		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 211		break;
 212	case SOCK_SEQPACKET:
 213		if (max_sdu_size == 0) {
 214			IRDA_ERROR("%s: max_sdu_size cannot be 0\n",
 215				   __func__);
 216			return;
 217		}
 218		self->max_data_size = max_sdu_size;
 219		break;
 220	default:
 221		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 222	}
 223
 224	IRDA_DEBUG(2, "%s(), max_data_size=%d\n", __func__,
 225		   self->max_data_size);
 226
 227	memcpy(&self->qos_tx, qos, sizeof(struct qos_info));
 228
 229	/* We are now connected! */
 230	sk->sk_state = TCP_ESTABLISHED;
 231	sk->sk_state_change(sk);
 232}
 233
 234/*
 235 * Function irda_connect_indication(instance, sap, qos, max_sdu_size, userdata)
 236 *
 237 *    Incoming connection
 238 *
 239 */
 240static void irda_connect_indication(void *instance, void *sap,
 241				    struct qos_info *qos, __u32 max_sdu_size,
 242				    __u8 max_header_size, struct sk_buff *skb)
 243{
 244	struct irda_sock *self;
 245	struct sock *sk;
 246
 247	self = instance;
 248
 249	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 250
 251	sk = instance;
 252	if (sk == NULL) {
 253		dev_kfree_skb(skb);
 254		return;
 255	}
 256
 257	/* How much header space do we need to reserve */
 258	self->max_header_size = max_header_size;
 259
 260	/* IrTTP max SDU size in transmit direction */
 261	self->max_sdu_size_tx = max_sdu_size;
 262
 263	/* Find out what the largest chunk of data that we can transmit is */
 264	switch (sk->sk_type) {
 265	case SOCK_STREAM:
 266		if (max_sdu_size != 0) {
 267			IRDA_ERROR("%s: max_sdu_size must be 0\n",
 268				   __func__);
 269			kfree_skb(skb);
 270			return;
 271		}
 272		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 273		break;
 274	case SOCK_SEQPACKET:
 275		if (max_sdu_size == 0) {
 276			IRDA_ERROR("%s: max_sdu_size cannot be 0\n",
 277				   __func__);
 278			kfree_skb(skb);
 279			return;
 280		}
 281		self->max_data_size = max_sdu_size;
 282		break;
 283	default:
 284		self->max_data_size = irttp_get_max_seg_size(self->tsap);
 285	}
 286
 287	IRDA_DEBUG(2, "%s(), max_data_size=%d\n", __func__,
 288		   self->max_data_size);
 289
 290	memcpy(&self->qos_tx, qos, sizeof(struct qos_info));
 291
 292	skb_queue_tail(&sk->sk_receive_queue, skb);
 293	sk->sk_state_change(sk);
 294}
 295
 296/*
 297 * Function irda_connect_response (handle)
 298 *
 299 *    Accept incoming connection
 300 *
 301 */
 302static void irda_connect_response(struct irda_sock *self)
 303{
 304	struct sk_buff *skb;
 305
 306	IRDA_DEBUG(2, "%s()\n", __func__);
 307
 308	skb = alloc_skb(TTP_MAX_HEADER + TTP_SAR_HEADER,
 309			GFP_ATOMIC);
 310	if (skb == NULL) {
 311		IRDA_DEBUG(0, "%s() Unable to allocate sk_buff!\n",
 312			   __func__);
 313		return;
 314	}
 315
 316	/* Reserve space for MUX_CONTROL and LAP header */
 317	skb_reserve(skb, IRDA_MAX_HEADER);
 318
 319	irttp_connect_response(self->tsap, self->max_sdu_size_rx, skb);
 320}
 321
 322/*
 323 * Function irda_flow_indication (instance, sap, flow)
 324 *
 325 *    Used by TinyTP to tell us if it can accept more data or not
 326 *
 327 */
 328static void irda_flow_indication(void *instance, void *sap, LOCAL_FLOW flow)
 329{
 330	struct irda_sock *self;
 331	struct sock *sk;
 332
 333	IRDA_DEBUG(2, "%s()\n", __func__);
 334
 335	self = instance;
 336	sk = instance;
 337	BUG_ON(sk == NULL);
 338
 339	switch (flow) {
 340	case FLOW_STOP:
 341		IRDA_DEBUG(1, "%s(), IrTTP wants us to slow down\n",
 342			   __func__);
 343		self->tx_flow = flow;
 344		break;
 345	case FLOW_START:
 346		self->tx_flow = flow;
 347		IRDA_DEBUG(1, "%s(), IrTTP wants us to start again\n",
 348			   __func__);
 349		wake_up_interruptible(sk_sleep(sk));
 350		break;
 351	default:
 352		IRDA_DEBUG(0, "%s(), Unknown flow command!\n", __func__);
 353		/* Unknown flow command, better stop */
 354		self->tx_flow = flow;
 355		break;
 356	}
 357}
 358
 359/*
 360 * Function irda_getvalue_confirm (obj_id, value, priv)
 361 *
 362 *    Got answer from remote LM-IAS, just pass object to requester...
 363 *
 364 * Note : duplicate from above, but we need our own version that
 365 * doesn't touch the dtsap_sel and save the full value structure...
 366 */
 367static void irda_getvalue_confirm(int result, __u16 obj_id,
 368				  struct ias_value *value, void *priv)
 369{
 370	struct irda_sock *self;
 371
 372	self = (struct irda_sock *) priv;
 373	if (!self) {
 374		IRDA_WARNING("%s: lost myself!\n", __func__);
 375		return;
 376	}
 377
 378	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 379
 380	/* We probably don't need to make any more queries */
 381	iriap_close(self->iriap);
 382	self->iriap = NULL;
 383
 384	/* Check if request succeeded */
 385	if (result != IAS_SUCCESS) {
 386		IRDA_DEBUG(1, "%s(), IAS query failed! (%d)\n", __func__,
 387			   result);
 388
 389		self->errno = result;	/* We really need it later */
 390
 391		/* Wake up any processes waiting for result */
 392		wake_up_interruptible(&self->query_wait);
 393
 394		return;
 395	}
 396
 397	/* Pass the object to the caller (so the caller must delete it) */
 398	self->ias_result = value;
 399	self->errno = 0;
 400
 401	/* Wake up any processes waiting for result */
 402	wake_up_interruptible(&self->query_wait);
 403}
 404
 405/*
 406 * Function irda_selective_discovery_indication (discovery)
 407 *
 408 *    Got a selective discovery indication from IrLMP.
 409 *
 410 * IrLMP is telling us that this node is new and matching our hint bit
 411 * filter. Wake up any process waiting for answer...
 412 */
 413static void irda_selective_discovery_indication(discinfo_t *discovery,
 414						DISCOVERY_MODE mode,
 415						void *priv)
 416{
 417	struct irda_sock *self;
 418
 419	IRDA_DEBUG(2, "%s()\n", __func__);
 420
 421	self = (struct irda_sock *) priv;
 422	if (!self) {
 423		IRDA_WARNING("%s: lost myself!\n", __func__);
 424		return;
 425	}
 426
 427	/* Pass parameter to the caller */
 428	self->cachedaddr = discovery->daddr;
 429
 430	/* Wake up process if its waiting for device to be discovered */
 431	wake_up_interruptible(&self->query_wait);
 432}
 433
 434/*
 435 * Function irda_discovery_timeout (priv)
 436 *
 437 *    Timeout in the selective discovery process
 438 *
 439 * We were waiting for a node to be discovered, but nothing has come up
 440 * so far. Wake up the user and tell him that we failed...
 441 */
 442static void irda_discovery_timeout(u_long priv)
 443{
 444	struct irda_sock *self;
 445
 446	IRDA_DEBUG(2, "%s()\n", __func__);
 447
 448	self = (struct irda_sock *) priv;
 449	BUG_ON(self == NULL);
 450
 451	/* Nothing for the caller */
 452	self->cachelog = NULL;
 453	self->cachedaddr = 0;
 454	self->errno = -ETIME;
 455
 456	/* Wake up process if its still waiting... */
 457	wake_up_interruptible(&self->query_wait);
 458}
 459
 460/*
 461 * Function irda_open_tsap (self)
 462 *
 463 *    Open local Transport Service Access Point (TSAP)
 464 *
 465 */
 466static int irda_open_tsap(struct irda_sock *self, __u8 tsap_sel, char *name)
 467{
 468	notify_t notify;
 469
 470	if (self->tsap) {
 471		IRDA_WARNING("%s: busy!\n", __func__);
 472		return -EBUSY;
 473	}
 474
 475	/* Initialize callbacks to be used by the IrDA stack */
 476	irda_notify_init(&notify);
 477	notify.connect_confirm       = irda_connect_confirm;
 478	notify.connect_indication    = irda_connect_indication;
 479	notify.disconnect_indication = irda_disconnect_indication;
 480	notify.data_indication       = irda_data_indication;
 481	notify.udata_indication	     = irda_data_indication;
 482	notify.flow_indication       = irda_flow_indication;
 483	notify.instance = self;
 484	strncpy(notify.name, name, NOTIFY_MAX_NAME);
 485
 486	self->tsap = irttp_open_tsap(tsap_sel, DEFAULT_INITIAL_CREDIT,
 487				     &notify);
 488	if (self->tsap == NULL) {
 489		IRDA_DEBUG(0, "%s(), Unable to allocate TSAP!\n",
 490			   __func__);
 491		return -ENOMEM;
 492	}
 493	/* Remember which TSAP selector we actually got */
 494	self->stsap_sel = self->tsap->stsap_sel;
 495
 496	return 0;
 497}
 498
 499/*
 500 * Function irda_open_lsap (self)
 501 *
 502 *    Open local Link Service Access Point (LSAP). Used for opening Ultra
 503 *    sockets
 504 */
 505#ifdef CONFIG_IRDA_ULTRA
 506static int irda_open_lsap(struct irda_sock *self, int pid)
 507{
 508	notify_t notify;
 509
 510	if (self->lsap) {
 511		IRDA_WARNING("%s(), busy!\n", __func__);
 512		return -EBUSY;
 513	}
 514
 515	/* Initialize callbacks to be used by the IrDA stack */
 516	irda_notify_init(&notify);
 517	notify.udata_indication	= irda_data_indication;
 518	notify.instance = self;
 519	strncpy(notify.name, "Ultra", NOTIFY_MAX_NAME);
 520
 521	self->lsap = irlmp_open_lsap(LSAP_CONNLESS, &notify, pid);
 522	if (self->lsap == NULL) {
 523		IRDA_DEBUG( 0, "%s(), Unable to allocate LSAP!\n", __func__);
 524		return -ENOMEM;
 525	}
 526
 527	return 0;
 528}
 529#endif /* CONFIG_IRDA_ULTRA */
 530
 531/*
 532 * Function irda_find_lsap_sel (self, name)
 533 *
 534 *    Try to lookup LSAP selector in remote LM-IAS
 535 *
 536 * Basically, we start a IAP query, and then go to sleep. When the query
 537 * return, irda_getvalue_confirm will wake us up, and we can examine the
 538 * result of the query...
 539 * Note that in some case, the query fail even before we go to sleep,
 540 * creating some races...
 541 */
 542static int irda_find_lsap_sel(struct irda_sock *self, char *name)
 543{
 544	IRDA_DEBUG(2, "%s(%p, %s)\n", __func__, self, name);
 545
 546	if (self->iriap) {
 547		IRDA_WARNING("%s(): busy with a previous query\n",
 548			     __func__);
 549		return -EBUSY;
 550	}
 551
 552	self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self,
 553				 irda_getvalue_confirm);
 554	if(self->iriap == NULL)
 555		return -ENOMEM;
 556
 557	/* Treat unexpected wakeup as disconnect */
 558	self->errno = -EHOSTUNREACH;
 559
 560	/* Query remote LM-IAS */
 561	iriap_getvaluebyclass_request(self->iriap, self->saddr, self->daddr,
 562				      name, "IrDA:TinyTP:LsapSel");
 563
 564	/* Wait for answer, if not yet finished (or failed) */
 565	if (wait_event_interruptible(self->query_wait, (self->iriap==NULL)))
 566		/* Treat signals as disconnect */
 567		return -EHOSTUNREACH;
 568
 569	/* Check what happened */
 570	if (self->errno)
 571	{
 572		/* Requested object/attribute doesn't exist */
 573		if((self->errno == IAS_CLASS_UNKNOWN) ||
 574		   (self->errno == IAS_ATTRIB_UNKNOWN))
 575			return -EADDRNOTAVAIL;
 576		else
 577			return -EHOSTUNREACH;
 578	}
 579
 580	/* Get the remote TSAP selector */
 581	switch (self->ias_result->type) {
 582	case IAS_INTEGER:
 583		IRDA_DEBUG(4, "%s() int=%d\n",
 584			   __func__, self->ias_result->t.integer);
 585
 586		if (self->ias_result->t.integer != -1)
 587			self->dtsap_sel = self->ias_result->t.integer;
 588		else
 589			self->dtsap_sel = 0;
 590		break;
 591	default:
 592		self->dtsap_sel = 0;
 593		IRDA_DEBUG(0, "%s(), bad type!\n", __func__);
 594		break;
 595	}
 596	if (self->ias_result)
 597		irias_delete_value(self->ias_result);
 598
 599	if (self->dtsap_sel)
 600		return 0;
 601
 602	return -EADDRNOTAVAIL;
 603}
 604
 605/*
 606 * Function irda_discover_daddr_and_lsap_sel (self, name)
 607 *
 608 *    This try to find a device with the requested service.
 609 *
 610 * It basically look into the discovery log. For each address in the list,
 611 * it queries the LM-IAS of the device to find if this device offer
 612 * the requested service.
 613 * If there is more than one node supporting the service, we complain
 614 * to the user (it should move devices around).
 615 * The, we set both the destination address and the lsap selector to point
 616 * on the service on the unique device we have found.
 617 *
 618 * Note : this function fails if there is more than one device in range,
 619 * because IrLMP doesn't disconnect the LAP when the last LSAP is closed.
 620 * Moreover, we would need to wait the LAP disconnection...
 621 */
 622static int irda_discover_daddr_and_lsap_sel(struct irda_sock *self, char *name)
 623{
 624	discinfo_t *discoveries;	/* Copy of the discovery log */
 625	int	number;			/* Number of nodes in the log */
 626	int	i;
 627	int	err = -ENETUNREACH;
 628	__u32	daddr = DEV_ADDR_ANY;	/* Address we found the service on */
 629	__u8	dtsap_sel = 0x0;	/* TSAP associated with it */
 630
 631	IRDA_DEBUG(2, "%s(), name=%s\n", __func__, name);
 632
 633	/* Ask lmp for the current discovery log
 634	 * Note : we have to use irlmp_get_discoveries(), as opposed
 635	 * to play with the cachelog directly, because while we are
 636	 * making our ias query, le log might change... */
 637	discoveries = irlmp_get_discoveries(&number, self->mask.word,
 638					    self->nslots);
 639	/* Check if the we got some results */
 640	if (discoveries == NULL)
 641		return -ENETUNREACH;	/* No nodes discovered */
 642
 643	/*
 644	 * Now, check all discovered devices (if any), and connect
 645	 * client only about the services that the client is
 646	 * interested in...
 647	 */
 648	for(i = 0; i < number; i++) {
 649		/* Try the address in the log */
 650		self->daddr = discoveries[i].daddr;
 651		self->saddr = 0x0;
 652		IRDA_DEBUG(1, "%s(), trying daddr = %08x\n",
 653			   __func__, self->daddr);
 654
 655		/* Query remote LM-IAS for this service */
 656		err = irda_find_lsap_sel(self, name);
 657		switch (err) {
 658		case 0:
 659			/* We found the requested service */
 660			if(daddr != DEV_ADDR_ANY) {
 661				IRDA_DEBUG(1, "%s(), discovered service ''%s'' in two different devices !!!\n",
 662					   __func__, name);
 663				self->daddr = DEV_ADDR_ANY;
 664				kfree(discoveries);
 665				return -ENOTUNIQ;
 666			}
 667			/* First time we found that one, save it ! */
 668			daddr = self->daddr;
 669			dtsap_sel = self->dtsap_sel;
 670			break;
 671		case -EADDRNOTAVAIL:
 672			/* Requested service simply doesn't exist on this node */
 673			break;
 674		default:
 675			/* Something bad did happen :-( */
 676			IRDA_DEBUG(0, "%s(), unexpected IAS query failure\n", __func__);
 677			self->daddr = DEV_ADDR_ANY;
 678			kfree(discoveries);
 679			return -EHOSTUNREACH;
 680			break;
 681		}
 682	}
 683	/* Cleanup our copy of the discovery log */
 684	kfree(discoveries);
 685
 686	/* Check out what we found */
 687	if(daddr == DEV_ADDR_ANY) {
 688		IRDA_DEBUG(1, "%s(), cannot discover service ''%s'' in any device !!!\n",
 689			   __func__, name);
 690		self->daddr = DEV_ADDR_ANY;
 691		return -EADDRNOTAVAIL;
 692	}
 693
 694	/* Revert back to discovered device & service */
 695	self->daddr = daddr;
 696	self->saddr = 0x0;
 697	self->dtsap_sel = dtsap_sel;
 698
 699	IRDA_DEBUG(1, "%s(), discovered requested service ''%s'' at address %08x\n",
 700		   __func__, name, self->daddr);
 701
 702	return 0;
 703}
 704
 705/*
 706 * Function irda_getname (sock, uaddr, uaddr_len, peer)
 707 *
 708 *    Return the our own, or peers socket address (sockaddr_irda)
 709 *
 710 */
 711static int irda_getname(struct socket *sock, struct sockaddr *uaddr,
 712			int *uaddr_len, int peer)
 713{
 714	struct sockaddr_irda saddr;
 715	struct sock *sk = sock->sk;
 716	struct irda_sock *self = irda_sk(sk);
 717
 718	memset(&saddr, 0, sizeof(saddr));
 719	if (peer) {
 720		if (sk->sk_state != TCP_ESTABLISHED)
 721			return -ENOTCONN;
 722
 723		saddr.sir_family = AF_IRDA;
 724		saddr.sir_lsap_sel = self->dtsap_sel;
 725		saddr.sir_addr = self->daddr;
 726	} else {
 727		saddr.sir_family = AF_IRDA;
 728		saddr.sir_lsap_sel = self->stsap_sel;
 729		saddr.sir_addr = self->saddr;
 730	}
 731
 732	IRDA_DEBUG(1, "%s(), tsap_sel = %#x\n", __func__, saddr.sir_lsap_sel);
 733	IRDA_DEBUG(1, "%s(), addr = %08x\n", __func__, saddr.sir_addr);
 734
 735	/* uaddr_len come to us uninitialised */
 736	*uaddr_len = sizeof (struct sockaddr_irda);
 737	memcpy(uaddr, &saddr, *uaddr_len);
 738
 739	return 0;
 740}
 741
 742/*
 743 * Function irda_listen (sock, backlog)
 744 *
 745 *    Just move to the listen state
 746 *
 747 */
 748static int irda_listen(struct socket *sock, int backlog)
 749{
 750	struct sock *sk = sock->sk;
 751	int err = -EOPNOTSUPP;
 752
 753	IRDA_DEBUG(2, "%s()\n", __func__);
 754
 755	lock_sock(sk);
 756
 757	if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) &&
 758	    (sk->sk_type != SOCK_DGRAM))
 759		goto out;
 760
 761	if (sk->sk_state != TCP_LISTEN) {
 762		sk->sk_max_ack_backlog = backlog;
 763		sk->sk_state           = TCP_LISTEN;
 764
 765		err = 0;
 766	}
 767out:
 768	release_sock(sk);
 769
 770	return err;
 771}
 772
 773/*
 774 * Function irda_bind (sock, uaddr, addr_len)
 775 *
 776 *    Used by servers to register their well known TSAP
 777 *
 778 */
 779static int irda_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 780{
 781	struct sock *sk = sock->sk;
 782	struct sockaddr_irda *addr = (struct sockaddr_irda *) uaddr;
 783	struct irda_sock *self = irda_sk(sk);
 784	int err;
 785
 786	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 787
 788	if (addr_len != sizeof(struct sockaddr_irda))
 789		return -EINVAL;
 790
 791	lock_sock(sk);
 792#ifdef CONFIG_IRDA_ULTRA
 793	/* Special care for Ultra sockets */
 794	if ((sk->sk_type == SOCK_DGRAM) &&
 795	    (sk->sk_protocol == IRDAPROTO_ULTRA)) {
 796		self->pid = addr->sir_lsap_sel;
 797		err = -EOPNOTSUPP;
 798		if (self->pid & 0x80) {
 799			IRDA_DEBUG(0, "%s(), extension in PID not supp!\n", __func__);
 800			goto out;
 801		}
 802		err = irda_open_lsap(self, self->pid);
 803		if (err < 0)
 804			goto out;
 805
 806		/* Pretend we are connected */
 807		sock->state = SS_CONNECTED;
 808		sk->sk_state   = TCP_ESTABLISHED;
 809		err = 0;
 810
 811		goto out;
 812	}
 813#endif /* CONFIG_IRDA_ULTRA */
 814
 815	self->ias_obj = irias_new_object(addr->sir_name, jiffies);
 816	err = -ENOMEM;
 817	if (self->ias_obj == NULL)
 818		goto out;
 819
 820	err = irda_open_tsap(self, addr->sir_lsap_sel, addr->sir_name);
 821	if (err < 0) {
 822		irias_delete_object(self->ias_obj);
 823		self->ias_obj = NULL;
 824		goto out;
 825	}
 826
 827	/*  Register with LM-IAS */
 828	irias_add_integer_attrib(self->ias_obj, "IrDA:TinyTP:LsapSel",
 829				 self->stsap_sel, IAS_KERNEL_ATTR);
 830	irias_insert_object(self->ias_obj);
 831
 832	err = 0;
 833out:
 834	release_sock(sk);
 835	return err;
 836}
 837
 838/*
 839 * Function irda_accept (sock, newsock, flags)
 840 *
 841 *    Wait for incoming connection
 842 *
 843 */
 844static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
 845{
 846	struct sock *sk = sock->sk;
 847	struct irda_sock *new, *self = irda_sk(sk);
 848	struct sock *newsk;
 849	struct sk_buff *skb;
 850	int err;
 851
 852	IRDA_DEBUG(2, "%s()\n", __func__);
 853
 854	err = irda_create(sock_net(sk), newsock, sk->sk_protocol, 0);
 855	if (err)
 856		return err;
 857
 858	err = -EINVAL;
 859
 860	lock_sock(sk);
 861	if (sock->state != SS_UNCONNECTED)
 862		goto out;
 863
 864	if ((sk = sock->sk) == NULL)
 865		goto out;
 866
 867	err = -EOPNOTSUPP;
 868	if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) &&
 869	    (sk->sk_type != SOCK_DGRAM))
 870		goto out;
 871
 872	err = -EINVAL;
 873	if (sk->sk_state != TCP_LISTEN)
 874		goto out;
 875
 876	/*
 877	 *	The read queue this time is holding sockets ready to use
 878	 *	hooked into the SABM we saved
 879	 */
 880
 881	/*
 882	 * We can perform the accept only if there is incoming data
 883	 * on the listening socket.
 884	 * So, we will block the caller until we receive any data.
 885	 * If the caller was waiting on select() or poll() before
 886	 * calling us, the data is waiting for us ;-)
 887	 * Jean II
 888	 */
 889	while (1) {
 890		skb = skb_dequeue(&sk->sk_receive_queue);
 891		if (skb)
 892			break;
 893
 894		/* Non blocking operation */
 895		err = -EWOULDBLOCK;
 896		if (flags & O_NONBLOCK)
 897			goto out;
 898
 899		err = wait_event_interruptible(*(sk_sleep(sk)),
 900					skb_peek(&sk->sk_receive_queue));
 901		if (err)
 902			goto out;
 903	}
 904
 905	newsk = newsock->sk;
 906	err = -EIO;
 907	if (newsk == NULL)
 908		goto out;
 909
 910	newsk->sk_state = TCP_ESTABLISHED;
 911
 912	new = irda_sk(newsk);
 913
 914	/* Now attach up the new socket */
 915	new->tsap = irttp_dup(self->tsap, new);
 916	err = -EPERM; /* value does not seem to make sense. -arnd */
 917	if (!new->tsap) {
 918		IRDA_DEBUG(0, "%s(), dup failed!\n", __func__);
 919		kfree_skb(skb);
 920		goto out;
 921	}
 922
 923	new->stsap_sel = new->tsap->stsap_sel;
 924	new->dtsap_sel = new->tsap->dtsap_sel;
 925	new->saddr = irttp_get_saddr(new->tsap);
 926	new->daddr = irttp_get_daddr(new->tsap);
 927
 928	new->max_sdu_size_tx = self->max_sdu_size_tx;
 929	new->max_sdu_size_rx = self->max_sdu_size_rx;
 930	new->max_data_size   = self->max_data_size;
 931	new->max_header_size = self->max_header_size;
 932
 933	memcpy(&new->qos_tx, &self->qos_tx, sizeof(struct qos_info));
 934
 935	/* Clean up the original one to keep it in listen state */
 936	irttp_listen(self->tsap);
 937
 938	kfree_skb(skb);
 939	sk->sk_ack_backlog--;
 940
 941	newsock->state = SS_CONNECTED;
 942
 943	irda_connect_response(new);
 944	err = 0;
 945out:
 946	release_sock(sk);
 947	return err;
 948}
 949
 950/*
 951 * Function irda_connect (sock, uaddr, addr_len, flags)
 952 *
 953 *    Connect to a IrDA device
 954 *
 955 * The main difference with a "standard" connect is that with IrDA we need
 956 * to resolve the service name into a TSAP selector (in TCP, port number
 957 * doesn't have to be resolved).
 958 * Because of this service name resoltion, we can offer "auto-connect",
 959 * where we connect to a service without specifying a destination address.
 960 *
 961 * Note : by consulting "errno", the user space caller may learn the cause
 962 * of the failure. Most of them are visible in the function, others may come
 963 * from subroutines called and are listed here :
 964 *	o EBUSY : already processing a connect
 965 *	o EHOSTUNREACH : bad addr->sir_addr argument
 966 *	o EADDRNOTAVAIL : bad addr->sir_name argument
 967 *	o ENOTUNIQ : more than one node has addr->sir_name (auto-connect)
 968 *	o ENETUNREACH : no node found on the network (auto-connect)
 969 */
 970static int irda_connect(struct socket *sock, struct sockaddr *uaddr,
 971			int addr_len, int flags)
 972{
 973	struct sock *sk = sock->sk;
 974	struct sockaddr_irda *addr = (struct sockaddr_irda *) uaddr;
 975	struct irda_sock *self = irda_sk(sk);
 976	int err;
 977
 978	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
 979
 980	lock_sock(sk);
 981	/* Don't allow connect for Ultra sockets */
 982	err = -ESOCKTNOSUPPORT;
 983	if ((sk->sk_type == SOCK_DGRAM) && (sk->sk_protocol == IRDAPROTO_ULTRA))
 984		goto out;
 985
 986	if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) {
 987		sock->state = SS_CONNECTED;
 988		err = 0;
 989		goto out;   /* Connect completed during a ERESTARTSYS event */
 990	}
 991
 992	if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) {
 993		sock->state = SS_UNCONNECTED;
 994		err = -ECONNREFUSED;
 995		goto out;
 996	}
 997
 998	err = -EISCONN;      /* No reconnect on a seqpacket socket */
 999	if (sk->sk_state == TCP_ESTABLISHED)
1000		goto out;
1001
1002	sk->sk_state   = TCP_CLOSE;
1003	sock->state = SS_UNCONNECTED;
1004
1005	err = -EINVAL;
1006	if (addr_len != sizeof(struct sockaddr_irda))
1007		goto out;
1008
1009	/* Check if user supplied any destination device address */
1010	if ((!addr->sir_addr) || (addr->sir_addr == DEV_ADDR_ANY)) {
1011		/* Try to find one suitable */
1012		err = irda_discover_daddr_and_lsap_sel(self, addr->sir_name);
1013		if (err) {
1014			IRDA_DEBUG(0, "%s(), auto-connect failed!\n", __func__);
1015			goto out;
1016		}
1017	} else {
1018		/* Use the one provided by the user */
1019		self->daddr = addr->sir_addr;
1020		IRDA_DEBUG(1, "%s(), daddr = %08x\n", __func__, self->daddr);
1021
1022		/* If we don't have a valid service name, we assume the
1023		 * user want to connect on a specific LSAP. Prevent
1024		 * the use of invalid LSAPs (IrLMP 1.1 p10). Jean II */
1025		if((addr->sir_name[0] != '\0') ||
1026		   (addr->sir_lsap_sel >= 0x70)) {
1027			/* Query remote LM-IAS using service name */
1028			err = irda_find_lsap_sel(self, addr->sir_name);
1029			if (err) {
1030				IRDA_DEBUG(0, "%s(), connect failed!\n", __func__);
1031				goto out;
1032			}
1033		} else {
1034			/* Directly connect to the remote LSAP
1035			 * specified by the sir_lsap field.
1036			 * Please use with caution, in IrDA LSAPs are
1037			 * dynamic and there is no "well-known" LSAP. */
1038			self->dtsap_sel = addr->sir_lsap_sel;
1039		}
1040	}
1041
1042	/* Check if we have opened a local TSAP */
1043	if (!self->tsap)
1044		irda_open_tsap(self, LSAP_ANY, addr->sir_name);
1045
1046	/* Move to connecting socket, start sending Connect Requests */
1047	sock->state = SS_CONNECTING;
1048	sk->sk_state   = TCP_SYN_SENT;
1049
1050	/* Connect to remote device */
1051	err = irttp_connect_request(self->tsap, self->dtsap_sel,
1052				    self->saddr, self->daddr, NULL,
1053				    self->max_sdu_size_rx, NULL);
1054	if (err) {
1055		IRDA_DEBUG(0, "%s(), connect failed!\n", __func__);
1056		goto out;
1057	}
1058
1059	/* Now the loop */
1060	err = -EINPROGRESS;
1061	if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK))
1062		goto out;
1063
1064	err = -ERESTARTSYS;
1065	if (wait_event_interruptible(*(sk_sleep(sk)),
1066				     (sk->sk_state != TCP_SYN_SENT)))
1067		goto out;
1068
1069	if (sk->sk_state != TCP_ESTABLISHED) {
1070		sock->state = SS_UNCONNECTED;
1071		if (sk->sk_prot->disconnect(sk, flags))
1072			sock->state = SS_DISCONNECTING;
1073		err = sock_error(sk);
1074		if (!err)
1075			err = -ECONNRESET;
1076		goto out;
1077	}
1078
1079	sock->state = SS_CONNECTED;
1080
1081	/* At this point, IrLMP has assigned our source address */
1082	self->saddr = irttp_get_saddr(self->tsap);
1083	err = 0;
1084out:
1085	release_sock(sk);
1086	return err;
1087}
1088
1089static struct proto irda_proto = {
1090	.name	  = "IRDA",
1091	.owner	  = THIS_MODULE,
1092	.obj_size = sizeof(struct irda_sock),
1093};
1094
1095/*
1096 * Function irda_create (sock, protocol)
1097 *
1098 *    Create IrDA socket
1099 *
1100 */
1101static int irda_create(struct net *net, struct socket *sock, int protocol,
1102		       int kern)
1103{
1104	struct sock *sk;
1105	struct irda_sock *self;
1106
1107	IRDA_DEBUG(2, "%s()\n", __func__);
1108
1109	if (net != &init_net)
1110		return -EAFNOSUPPORT;
1111
1112	/* Check for valid socket type */
1113	switch (sock->type) {
1114	case SOCK_STREAM:     /* For TTP connections with SAR disabled */
1115	case SOCK_SEQPACKET:  /* For TTP connections with SAR enabled */
1116	case SOCK_DGRAM:      /* For TTP Unitdata or LMP Ultra transfers */
1117		break;
1118	default:
1119		return -ESOCKTNOSUPPORT;
1120	}
1121
1122	/* Allocate networking socket */
1123	sk = sk_alloc(net, PF_IRDA, GFP_ATOMIC, &irda_proto);
1124	if (sk == NULL)
1125		return -ENOMEM;
1126
1127	self = irda_sk(sk);
1128	IRDA_DEBUG(2, "%s() : self is %p\n", __func__, self);
1129
1130	init_waitqueue_head(&self->query_wait);
1131
1132	switch (sock->type) {
1133	case SOCK_STREAM:
1134		sock->ops = &irda_stream_ops;
1135		self->max_sdu_size_rx = TTP_SAR_DISABLE;
1136		break;
1137	case SOCK_SEQPACKET:
1138		sock->ops = &irda_seqpacket_ops;
1139		self->max_sdu_size_rx = TTP_SAR_UNBOUND;
1140		break;
1141	case SOCK_DGRAM:
1142		switch (protocol) {
1143#ifdef CONFIG_IRDA_ULTRA
1144		case IRDAPROTO_ULTRA:
1145			sock->ops = &irda_ultra_ops;
1146			/* Initialise now, because we may send on unbound
1147			 * sockets. Jean II */
1148			self->max_data_size = ULTRA_MAX_DATA - LMP_PID_HEADER;
1149			self->max_header_size = IRDA_MAX_HEADER + LMP_PID_HEADER;
1150			break;
1151#endif /* CONFIG_IRDA_ULTRA */
1152		case IRDAPROTO_UNITDATA:
1153			sock->ops = &irda_dgram_ops;
1154			/* We let Unitdata conn. be like seqpack conn. */
1155			self->max_sdu_size_rx = TTP_SAR_UNBOUND;
1156			break;
1157		default:
1158			sk_free(sk);
1159			return -ESOCKTNOSUPPORT;
1160		}
1161		break;
1162	default:
1163		sk_free(sk);
1164		return -ESOCKTNOSUPPORT;
1165	}
1166
1167	/* Initialise networking socket struct */
1168	sock_init_data(sock, sk);	/* Note : set sk->sk_refcnt to 1 */
1169	sk->sk_family = PF_IRDA;
1170	sk->sk_protocol = protocol;
1171
1172	/* Register as a client with IrLMP */
1173	self->ckey = irlmp_register_client(0, NULL, NULL, NULL);
1174	self->mask.word = 0xffff;
1175	self->rx_flow = self->tx_flow = FLOW_START;
1176	self->nslots = DISCOVERY_DEFAULT_SLOTS;
1177	self->daddr = DEV_ADDR_ANY;	/* Until we get connected */
1178	self->saddr = 0x0;		/* so IrLMP assign us any link */
1179	return 0;
1180}
1181
1182/*
1183 * Function irda_destroy_socket (self)
1184 *
1185 *    Destroy socket
1186 *
1187 */
1188static void irda_destroy_socket(struct irda_sock *self)
1189{
1190	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
1191
1192	/* Unregister with IrLMP */
1193	irlmp_unregister_client(self->ckey);
1194	irlmp_unregister_service(self->skey);
1195
1196	/* Unregister with LM-IAS */
1197	if (self->ias_obj) {
1198		irias_delete_object(self->ias_obj);
1199		self->ias_obj = NULL;
1200	}
1201
1202	if (self->iriap) {
1203		iriap_close(self->iriap);
1204		self->iriap = NULL;
1205	}
1206
1207	if (self->tsap) {
1208		irttp_disconnect_request(self->tsap, NULL, P_NORMAL);
1209		irttp_close_tsap(self->tsap);
1210		self->tsap = NULL;
1211	}
1212#ifdef CONFIG_IRDA_ULTRA
1213	if (self->lsap) {
1214		irlmp_close_lsap(self->lsap);
1215		self->lsap = NULL;
1216	}
1217#endif /* CONFIG_IRDA_ULTRA */
1218}
1219
1220/*
1221 * Function irda_release (sock)
1222 */
1223static int irda_release(struct socket *sock)
1224{
1225	struct sock *sk = sock->sk;
1226
1227	IRDA_DEBUG(2, "%s()\n", __func__);
1228
1229	if (sk == NULL)
1230		return 0;
1231
1232	lock_sock(sk);
1233	sk->sk_state       = TCP_CLOSE;
1234	sk->sk_shutdown   |= SEND_SHUTDOWN;
1235	sk->sk_state_change(sk);
1236
1237	/* Destroy IrDA socket */
1238	irda_destroy_socket(irda_sk(sk));
1239
1240	sock_orphan(sk);
1241	sock->sk   = NULL;
1242	release_sock(sk);
1243
1244	/* Purge queues (see sock_init_data()) */
1245	skb_queue_purge(&sk->sk_receive_queue);
1246
1247	/* Destroy networking socket if we are the last reference on it,
1248	 * i.e. if(sk->sk_refcnt == 0) -> sk_free(sk) */
1249	sock_put(sk);
1250
1251	/* Notes on socket locking and deallocation... - Jean II
1252	 * In theory we should put pairs of sock_hold() / sock_put() to
1253	 * prevent the socket to be destroyed whenever there is an
1254	 * outstanding request or outstanding incoming packet or event.
1255	 *
1256	 * 1) This may include IAS request, both in connect and getsockopt.
1257	 * Unfortunately, the situation is a bit more messy than it looks,
1258	 * because we close iriap and kfree(self) above.
1259	 *
1260	 * 2) This may include selective discovery in getsockopt.
1261	 * Same stuff as above, irlmp registration and self are gone.
1262	 *
1263	 * Probably 1 and 2 may not matter, because it's all triggered
1264	 * by a process and the socket layer already prevent the
1265	 * socket to go away while a process is holding it, through
1266	 * sockfd_put() and fput()...
1267	 *
1268	 * 3) This may include deferred TSAP closure. In particular,
1269	 * we may receive a late irda_disconnect_indication()
1270	 * Fortunately, (tsap_cb *)->close_pend should protect us
1271	 * from that.
1272	 *
1273	 * I did some testing on SMP, and it looks solid. And the socket
1274	 * memory leak is now gone... - Jean II
1275	 */
1276
1277	return 0;
1278}
1279
1280/*
1281 * Function irda_sendmsg (iocb, sock, msg, len)
1282 *
1283 *    Send message down to TinyTP. This function is used for both STREAM and
1284 *    SEQPACK services. This is possible since it forces the client to
1285 *    fragment the message if necessary
1286 */
1287static int irda_sendmsg(struct kiocb *iocb, struct socket *sock,
1288			struct msghdr *msg, size_t len)
1289{
1290	struct sock *sk = sock->sk;
1291	struct irda_sock *self;
1292	struct sk_buff *skb;
1293	int err = -EPIPE;
1294
1295	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1296
1297	/* Note : socket.c set MSG_EOR on SEQPACKET sockets */
1298	if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_EOR | MSG_CMSG_COMPAT |
1299			       MSG_NOSIGNAL)) {
1300		err = -EINVAL;
1301		goto out;
1302	}
1303
1304	lock_sock(sk);
1305
1306	if (sk->sk_shutdown & SEND_SHUTDOWN)
1307		goto out_err;
1308
1309	if (sk->sk_state != TCP_ESTABLISHED) {
1310		err = -ENOTCONN;
1311		goto out;
1312	}
1313
1314	self = irda_sk(sk);
1315
1316	/* Check if IrTTP is wants us to slow down */
1317
1318	if (wait_event_interruptible(*(sk_sleep(sk)),
1319	    (self->tx_flow != FLOW_STOP  ||  sk->sk_state != TCP_ESTABLISHED))) {
1320		err = -ERESTARTSYS;
1321		goto out;
1322	}
1323
1324	/* Check if we are still connected */
1325	if (sk->sk_state != TCP_ESTABLISHED) {
1326		err = -ENOTCONN;
1327		goto out;
1328	}
1329
1330	/* Check that we don't send out too big frames */
1331	if (len > self->max_data_size) {
1332		IRDA_DEBUG(2, "%s(), Chopping frame from %zd to %d bytes!\n",
1333			   __func__, len, self->max_data_size);
1334		len = self->max_data_size;
1335	}
1336
1337	skb = sock_alloc_send_skb(sk, len + self->max_header_size + 16,
1338				  msg->msg_flags & MSG_DONTWAIT, &err);
1339	if (!skb)
1340		goto out_err;
1341
1342	skb_reserve(skb, self->max_header_size + 16);
1343	skb_reset_transport_header(skb);
1344	skb_put(skb, len);
1345	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1346	if (err) {
1347		kfree_skb(skb);
1348		goto out_err;
1349	}
1350
1351	/*
1352	 * Just send the message to TinyTP, and let it deal with possible
1353	 * errors. No need to duplicate all that here
1354	 */
1355	err = irttp_data_request(self->tsap, skb);
1356	if (err) {
1357		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1358		goto out_err;
1359	}
1360
1361	release_sock(sk);
1362	/* Tell client how much data we actually sent */
1363	return len;
1364
1365out_err:
1366	err = sk_stream_error(sk, msg->msg_flags, err);
1367out:
1368	release_sock(sk);
1369	return err;
1370
1371}
1372
1373/*
1374 * Function irda_recvmsg_dgram (iocb, sock, msg, size, flags)
1375 *
1376 *    Try to receive message and copy it to user. The frame is discarded
1377 *    after being read, regardless of how much the user actually read
1378 */
1379static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1380			      struct msghdr *msg, size_t size, int flags)
1381{
1382	struct sock *sk = sock->sk;
1383	struct irda_sock *self = irda_sk(sk);
1384	struct sk_buff *skb;
1385	size_t copied;
1386	int err;
1387
1388	IRDA_DEBUG(4, "%s()\n", __func__);
1389
1390	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1391				flags & MSG_DONTWAIT, &err);
1392	if (!skb)
1393		return err;
1394
1395	skb_reset_transport_header(skb);
1396	copied = skb->len;
1397
1398	if (copied > size) {
1399		IRDA_DEBUG(2, "%s(), Received truncated frame (%zd < %zd)!\n",
1400			   __func__, copied, size);
1401		copied = size;
1402		msg->msg_flags |= MSG_TRUNC;
1403	}
1404	skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1405
1406	skb_free_datagram(sk, skb);
1407
1408	/*
1409	 *  Check if we have previously stopped IrTTP and we know
1410	 *  have more free space in our rx_queue. If so tell IrTTP
1411	 *  to start delivering frames again before our rx_queue gets
1412	 *  empty
1413	 */
1414	if (self->rx_flow == FLOW_STOP) {
1415		if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) {
1416			IRDA_DEBUG(2, "%s(), Starting IrTTP\n", __func__);
1417			self->rx_flow = FLOW_START;
1418			irttp_flow_request(self->tsap, FLOW_START);
1419		}
1420	}
1421
1422	return copied;
1423}
1424
1425/*
1426 * Function irda_recvmsg_stream (iocb, sock, msg, size, flags)
1427 */
1428static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
1429			       struct msghdr *msg, size_t size, int flags)
1430{
1431	struct sock *sk = sock->sk;
1432	struct irda_sock *self = irda_sk(sk);
1433	int noblock = flags & MSG_DONTWAIT;
1434	size_t copied = 0;
1435	int target, err;
1436	long timeo;
1437
1438	IRDA_DEBUG(3, "%s()\n", __func__);
1439
1440	if ((err = sock_error(sk)) < 0)
1441		return err;
1442
1443	if (sock->flags & __SO_ACCEPTCON)
1444		return -EINVAL;
1445
1446	err =-EOPNOTSUPP;
1447	if (flags & MSG_OOB)
1448		return -EOPNOTSUPP;
1449
1450	err = 0;
1451	target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1452	timeo = sock_rcvtimeo(sk, noblock);
1453
1454	msg->msg_namelen = 0;
1455
1456	do {
1457		int chunk;
1458		struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
1459
1460		if (skb == NULL) {
1461			DEFINE_WAIT(wait);
1462			err = 0;
1463
1464			if (copied >= target)
1465				break;
1466
1467			prepare_to_wait_exclusive(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1468
1469			/*
1470			 *	POSIX 1003.1g mandates this order.
1471			 */
1472			err = sock_error(sk);
1473			if (err)
1474				;
1475			else if (sk->sk_shutdown & RCV_SHUTDOWN)
1476				;
1477			else if (noblock)
1478				err = -EAGAIN;
1479			else if (signal_pending(current))
1480				err = sock_intr_errno(timeo);
1481			else if (sk->sk_state != TCP_ESTABLISHED)
1482				err = -ENOTCONN;
1483			else if (skb_peek(&sk->sk_receive_queue) == NULL)
1484				/* Wait process until data arrives */
1485				schedule();
1486
1487			finish_wait(sk_sleep(sk), &wait);
1488
1489			if (err)
1490				return err;
1491			if (sk->sk_shutdown & RCV_SHUTDOWN)
1492				break;
1493
1494			continue;
1495		}
1496
1497		chunk = min_t(unsigned int, skb->len, size);
1498		if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
1499			skb_queue_head(&sk->sk_receive_queue, skb);
1500			if (copied == 0)
1501				copied = -EFAULT;
1502			break;
1503		}
1504		copied += chunk;
1505		size -= chunk;
1506
1507		/* Mark read part of skb as used */
1508		if (!(flags & MSG_PEEK)) {
1509			skb_pull(skb, chunk);
1510
1511			/* put the skb back if we didn't use it up.. */
1512			if (skb->len) {
1513				IRDA_DEBUG(1, "%s(), back on q!\n",
1514					   __func__);
1515				skb_queue_head(&sk->sk_receive_queue, skb);
1516				break;
1517			}
1518
1519			kfree_skb(skb);
1520		} else {
1521			IRDA_DEBUG(0, "%s() questionable!?\n", __func__);
1522
1523			/* put message back and return */
1524			skb_queue_head(&sk->sk_receive_queue, skb);
1525			break;
1526		}
1527	} while (size);
1528
1529	/*
1530	 *  Check if we have previously stopped IrTTP and we know
1531	 *  have more free space in our rx_queue. If so tell IrTTP
1532	 *  to start delivering frames again before our rx_queue gets
1533	 *  empty
1534	 */
1535	if (self->rx_flow == FLOW_STOP) {
1536		if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) {
1537			IRDA_DEBUG(2, "%s(), Starting IrTTP\n", __func__);
1538			self->rx_flow = FLOW_START;
1539			irttp_flow_request(self->tsap, FLOW_START);
1540		}
1541	}
1542
1543	return copied;
1544}
1545
1546/*
1547 * Function irda_sendmsg_dgram (iocb, sock, msg, len)
1548 *
1549 *    Send message down to TinyTP for the unreliable sequenced
1550 *    packet service...
1551 *
1552 */
1553static int irda_sendmsg_dgram(struct kiocb *iocb, struct socket *sock,
1554			      struct msghdr *msg, size_t len)
1555{
1556	struct sock *sk = sock->sk;
1557	struct irda_sock *self;
1558	struct sk_buff *skb;
1559	int err;
1560
1561	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1562
1563	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
1564		return -EINVAL;
1565
1566	lock_sock(sk);
1567
1568	if (sk->sk_shutdown & SEND_SHUTDOWN) {
1569		send_sig(SIGPIPE, current, 0);
1570		err = -EPIPE;
1571		goto out;
1572	}
1573
1574	err = -ENOTCONN;
1575	if (sk->sk_state != TCP_ESTABLISHED)
1576		goto out;
1577
1578	self = irda_sk(sk);
1579
1580	/*
1581	 * Check that we don't send out too big frames. This is an unreliable
1582	 * service, so we have no fragmentation and no coalescence
1583	 */
1584	if (len > self->max_data_size) {
1585		IRDA_DEBUG(0, "%s(), Warning to much data! "
1586			   "Chopping frame from %zd to %d bytes!\n",
1587			   __func__, len, self->max_data_size);
1588		len = self->max_data_size;
1589	}
1590
1591	skb = sock_alloc_send_skb(sk, len + self->max_header_size,
1592				  msg->msg_flags & MSG_DONTWAIT, &err);
1593	err = -ENOBUFS;
1594	if (!skb)
1595		goto out;
1596
1597	skb_reserve(skb, self->max_header_size);
1598	skb_reset_transport_header(skb);
1599
1600	IRDA_DEBUG(4, "%s(), appending user data\n", __func__);
1601	skb_put(skb, len);
1602	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1603	if (err) {
1604		kfree_skb(skb);
1605		goto out;
1606	}
1607
1608	/*
1609	 * Just send the message to TinyTP, and let it deal with possible
1610	 * errors. No need to duplicate all that here
1611	 */
1612	err = irttp_udata_request(self->tsap, skb);
1613	if (err) {
1614		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1615		goto out;
1616	}
1617
1618	release_sock(sk);
1619	return len;
1620
1621out:
1622	release_sock(sk);
1623	return err;
1624}
1625
1626/*
1627 * Function irda_sendmsg_ultra (iocb, sock, msg, len)
1628 *
1629 *    Send message down to IrLMP for the unreliable Ultra
1630 *    packet service...
1631 */
1632#ifdef CONFIG_IRDA_ULTRA
1633static int irda_sendmsg_ultra(struct kiocb *iocb, struct socket *sock,
1634			      struct msghdr *msg, size_t len)
1635{
1636	struct sock *sk = sock->sk;
1637	struct irda_sock *self;
1638	__u8 pid = 0;
1639	int bound = 0;
1640	struct sk_buff *skb;
1641	int err;
1642
1643	IRDA_DEBUG(4, "%s(), len=%zd\n", __func__, len);
1644
1645	err = -EINVAL;
1646	if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
1647		return -EINVAL;
1648
1649	lock_sock(sk);
1650
1651	err = -EPIPE;
1652	if (sk->sk_shutdown & SEND_SHUTDOWN) {
1653		send_sig(SIGPIPE, current, 0);
1654		goto out;
1655	}
1656
1657	self = irda_sk(sk);
1658
1659	/* Check if an address was specified with sendto. Jean II */
1660	if (msg->msg_name) {
1661		struct sockaddr_irda *addr = (struct sockaddr_irda *) msg->msg_name;
1662		err = -EINVAL;
1663		/* Check address, extract pid. Jean II */
1664		if (msg->msg_namelen < sizeof(*addr))
1665			goto out;
1666		if (addr->sir_family != AF_IRDA)
1667			goto out;
1668
1669		pid = addr->sir_lsap_sel;
1670		if (pid & 0x80) {
1671			IRDA_DEBUG(0, "%s(), extension in PID not supp!\n", __func__);
1672			err = -EOPNOTSUPP;
1673			goto out;
1674		}
1675	} else {
1676		/* Check that the socket is properly bound to an Ultra
1677		 * port. Jean II */
1678		if ((self->lsap == NULL) ||
1679		    (sk->sk_state != TCP_ESTABLISHED)) {
1680			IRDA_DEBUG(0, "%s(), socket not bound to Ultra PID.\n",
1681				   __func__);
1682			err = -ENOTCONN;
1683			goto out;
1684		}
1685		/* Use PID from socket */
1686		bound = 1;
1687	}
1688
1689	/*
1690	 * Check that we don't send out too big frames. This is an unreliable
1691	 * service, so we have no fragmentation and no coalescence
1692	 */
1693	if (len > self->max_data_size) {
1694		IRDA_DEBUG(0, "%s(), Warning to much data! "
1695			   "Chopping frame from %zd to %d bytes!\n",
1696			   __func__, len, self->max_data_size);
1697		len = self->max_data_size;
1698	}
1699
1700	skb = sock_alloc_send_skb(sk, len + self->max_header_size,
1701				  msg->msg_flags & MSG_DONTWAIT, &err);
1702	err = -ENOBUFS;
1703	if (!skb)
1704		goto out;
1705
1706	skb_reserve(skb, self->max_header_size);
1707	skb_reset_transport_header(skb);
1708
1709	IRDA_DEBUG(4, "%s(), appending user data\n", __func__);
1710	skb_put(skb, len);
1711	err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len);
1712	if (err) {
1713		kfree_skb(skb);
1714		goto out;
1715	}
1716
1717	err = irlmp_connless_data_request((bound ? self->lsap : NULL),
1718					  skb, pid);
1719	if (err)
1720		IRDA_DEBUG(0, "%s(), err=%d\n", __func__, err);
1721out:
1722	release_sock(sk);
1723	return err ? : len;
1724}
1725#endif /* CONFIG_IRDA_ULTRA */
1726
1727/*
1728 * Function irda_shutdown (sk, how)
1729 */
1730static int irda_shutdown(struct socket *sock, int how)
1731{
1732	struct sock *sk = sock->sk;
1733	struct irda_sock *self = irda_sk(sk);
1734
1735	IRDA_DEBUG(1, "%s(%p)\n", __func__, self);
1736
1737	lock_sock(sk);
1738
1739	sk->sk_state       = TCP_CLOSE;
1740	sk->sk_shutdown   |= SEND_SHUTDOWN;
1741	sk->sk_state_change(sk);
1742
1743	if (self->iriap) {
1744		iriap_close(self->iriap);
1745		self->iriap = NULL;
1746	}
1747
1748	if (self->tsap) {
1749		irttp_disconnect_request(self->tsap, NULL, P_NORMAL);
1750		irttp_close_tsap(self->tsap);
1751		self->tsap = NULL;
1752	}
1753
1754	/* A few cleanup so the socket look as good as new... */
1755	self->rx_flow = self->tx_flow = FLOW_START;	/* needed ??? */
1756	self->daddr = DEV_ADDR_ANY;	/* Until we get re-connected */
1757	self->saddr = 0x0;		/* so IrLMP assign us any link */
1758
1759	release_sock(sk);
1760
1761	return 0;
1762}
1763
1764/*
1765 * Function irda_poll (file, sock, wait)
1766 */
1767static unsigned int irda_poll(struct file * file, struct socket *sock,
1768			      poll_table *wait)
1769{
1770	struct sock *sk = sock->sk;
1771	struct irda_sock *self = irda_sk(sk);
1772	unsigned int mask;
1773
1774	IRDA_DEBUG(4, "%s()\n", __func__);
1775
1776	poll_wait(file, sk_sleep(sk), wait);
1777	mask = 0;
1778
1779	/* Exceptional events? */
1780	if (sk->sk_err)
1781		mask |= POLLERR;
1782	if (sk->sk_shutdown & RCV_SHUTDOWN) {
1783		IRDA_DEBUG(0, "%s(), POLLHUP\n", __func__);
1784		mask |= POLLHUP;
1785	}
1786
1787	/* Readable? */
1788	if (!skb_queue_empty(&sk->sk_receive_queue)) {
1789		IRDA_DEBUG(4, "Socket is readable\n");
1790		mask |= POLLIN | POLLRDNORM;
1791	}
1792
1793	/* Connection-based need to check for termination and startup */
1794	switch (sk->sk_type) {
1795	case SOCK_STREAM:
1796		if (sk->sk_state == TCP_CLOSE) {
1797			IRDA_DEBUG(0, "%s(), POLLHUP\n", __func__);
1798			mask |= POLLHUP;
1799		}
1800
1801		if (sk->sk_state == TCP_ESTABLISHED) {
1802			if ((self->tx_flow == FLOW_START) &&
1803			    sock_writeable(sk))
1804			{
1805				mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1806			}
1807		}
1808		break;
1809	case SOCK_SEQPACKET:
1810		if ((self->tx_flow == FLOW_START) &&
1811		    sock_writeable(sk))
1812		{
1813			mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1814		}
1815		break;
1816	case SOCK_DGRAM:
1817		if (sock_writeable(sk))
1818			mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1819		break;
1820	default:
1821		break;
1822	}
1823
1824	return mask;
1825}
1826
1827/*
1828 * Function irda_ioctl (sock, cmd, arg)
1829 */
1830static int irda_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1831{
1832	struct sock *sk = sock->sk;
1833	int err;
1834
1835	IRDA_DEBUG(4, "%s(), cmd=%#x\n", __func__, cmd);
1836
1837	err = -EINVAL;
1838	switch (cmd) {
1839	case TIOCOUTQ: {
1840		long amount;
1841
1842		amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1843		if (amount < 0)
1844			amount = 0;
1845		err = put_user(amount, (unsigned int __user *)arg);
1846		break;
1847	}
1848
1849	case TIOCINQ: {
1850		struct sk_buff *skb;
1851		long amount = 0L;
1852		/* These two are safe on a single CPU system as only user tasks fiddle here */
1853		if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL)
1854			amount = skb->len;
1855		err = put_user(amount, (unsigned int __user *)arg);
1856		break;
1857	}
1858
1859	case SIOCGSTAMP:
1860		if (sk != NULL)
1861			err = sock_get_timestamp(sk, (struct timeval __user *)arg);
1862		break;
1863
1864	case SIOCGIFADDR:
1865	case SIOCSIFADDR:
1866	case SIOCGIFDSTADDR:
1867	case SIOCSIFDSTADDR:
1868	case SIOCGIFBRDADDR:
1869	case SIOCSIFBRDADDR:
1870	case SIOCGIFNETMASK:
1871	case SIOCSIFNETMASK:
1872	case SIOCGIFMETRIC:
1873	case SIOCSIFMETRIC:
1874		break;
1875	default:
1876		IRDA_DEBUG(1, "%s(), doing device ioctl!\n", __func__);
1877		err = -ENOIOCTLCMD;
1878	}
1879
1880	return err;
1881}
1882
1883#ifdef CONFIG_COMPAT
1884/*
1885 * Function irda_ioctl (sock, cmd, arg)
1886 */
1887static int irda_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1888{
1889	/*
1890	 * All IRDA's ioctl are standard ones.
1891	 */
1892	return -ENOIOCTLCMD;
1893}
1894#endif
1895
1896/*
1897 * Function irda_setsockopt (sock, level, optname, optval, optlen)
1898 *
1899 *    Set some options for the socket
1900 *
1901 */
1902static int irda_setsockopt(struct socket *sock, int level, int optname,
1903			   char __user *optval, unsigned int optlen)
1904{
1905	struct sock *sk = sock->sk;
1906	struct irda_sock *self = irda_sk(sk);
1907	struct irda_ias_set    *ias_opt;
1908	struct ias_object      *ias_obj;
1909	struct ias_attrib *	ias_attr;	/* Attribute in IAS object */
1910	int opt, free_ias = 0, err = 0;
1911
1912	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
1913
1914	if (level != SOL_IRLMP)
1915		return -ENOPROTOOPT;
1916
1917	lock_sock(sk);
1918
1919	switch (optname) {
1920	case IRLMP_IAS_SET:
1921		/* The user want to add an attribute to an existing IAS object
1922		 * (in the IAS database) or to create a new object with this
1923		 * attribute.
1924		 * We first query IAS to know if the object exist, and then
1925		 * create the right attribute...
1926		 */
1927
1928		if (optlen != sizeof(struct irda_ias_set)) {
1929			err = -EINVAL;
1930			goto out;
1931		}
1932
1933		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
1934		if (ias_opt == NULL) {
1935			err = -ENOMEM;
1936			goto out;
1937		}
1938
1939		/* Copy query to the driver. */
1940		if (copy_from_user(ias_opt, optval, optlen)) {
1941			kfree(ias_opt);
1942			err = -EFAULT;
1943			goto out;
1944		}
1945
1946		/* Find the object we target.
1947		 * If the user gives us an empty string, we use the object
1948		 * associated with this socket. This will workaround
1949		 * duplicated class name - Jean II */
1950		if(ias_opt->irda_class_name[0] == '\0') {
1951			if(self->ias_obj == NULL) {
1952				kfree(ias_opt);
1953				err = -EINVAL;
1954				goto out;
1955			}
1956			ias_obj = self->ias_obj;
1957		} else
1958			ias_obj = irias_find_object(ias_opt->irda_class_name);
1959
1960		/* Only ROOT can mess with the global IAS database.
1961		 * Users can only add attributes to the object associated
1962		 * with the socket they own - Jean II */
1963		if((!capable(CAP_NET_ADMIN)) &&
1964		   ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
1965			kfree(ias_opt);
1966			err = -EPERM;
1967			goto out;
1968		}
1969
1970		/* If the object doesn't exist, create it */
1971		if(ias_obj == (struct ias_object *) NULL) {
1972			/* Create a new object */
1973			ias_obj = irias_new_object(ias_opt->irda_class_name,
1974						   jiffies);
1975			if (ias_obj == NULL) {
1976				kfree(ias_opt);
1977				err = -ENOMEM;
1978				goto out;
1979			}
1980			free_ias = 1;
1981		}
1982
1983		/* Do we have the attribute already ? */
1984		if(irias_find_attrib(ias_obj, ias_opt->irda_attrib_name)) {
1985			kfree(ias_opt);
1986			if (free_ias) {
1987				kfree(ias_obj->name);
1988				kfree(ias_obj);
1989			}
1990			err = -EINVAL;
1991			goto out;
1992		}
1993
1994		/* Look at the type */
1995		switch(ias_opt->irda_attrib_type) {
1996		case IAS_INTEGER:
1997			/* Add an integer attribute */
1998			irias_add_integer_attrib(
1999				ias_obj,
2000				ias_opt->irda_attrib_name,
2001				ias_opt->attribute.irda_attrib_int,
2002				IAS_USER_ATTR);
2003			break;
2004		case IAS_OCT_SEQ:
2005			/* Check length */
2006			if(ias_opt->attribute.irda_attrib_octet_seq.len >
2007			   IAS_MAX_OCTET_STRING) {
2008				kfree(ias_opt);
2009				if (free_ias) {
2010					kfree(ias_obj->name);
2011					kfree(ias_obj);
2012				}
2013
2014				err = -EINVAL;
2015				goto out;
2016			}
2017			/* Add an octet sequence attribute */
2018			irias_add_octseq_attrib(
2019			      ias_obj,
2020			      ias_opt->irda_attrib_name,
2021			      ias_opt->attribute.irda_attrib_octet_seq.octet_seq,
2022			      ias_opt->attribute.irda_attrib_octet_seq.len,
2023			      IAS_USER_ATTR);
2024			break;
2025		case IAS_STRING:
2026			/* Should check charset & co */
2027			/* Check length */
2028			/* The length is encoded in a __u8, and
2029			 * IAS_MAX_STRING == 256, so there is no way
2030			 * userspace can pass us a string too large.
2031			 * Jean II */
2032			/* NULL terminate the string (avoid troubles) */
2033			ias_opt->attribute.irda_attrib_string.string[ias_opt->attribute.irda_attrib_string.len] = '\0';
2034			/* Add a string attribute */
2035			irias_add_string_attrib(
2036				ias_obj,
2037				ias_opt->irda_attrib_name,
2038				ias_opt->attribute.irda_attrib_string.string,
2039				IAS_USER_ATTR);
2040			break;
2041		default :
2042			kfree(ias_opt);
2043			if (free_ias) {
2044				kfree(ias_obj->name);
2045				kfree(ias_obj);
2046			}
2047			err = -EINVAL;
2048			goto out;
2049		}
2050		irias_insert_object(ias_obj);
2051		kfree(ias_opt);
2052		break;
2053	case IRLMP_IAS_DEL:
2054		/* The user want to delete an object from our local IAS
2055		 * database. We just need to query the IAS, check is the
2056		 * object is not owned by the kernel and delete it.
2057		 */
2058
2059		if (optlen != sizeof(struct irda_ias_set)) {
2060			err = -EINVAL;
2061			goto out;
2062		}
2063
2064		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2065		if (ias_opt == NULL) {
2066			err = -ENOMEM;
2067			goto out;
2068		}
2069
2070		/* Copy query to the driver. */
2071		if (copy_from_user(ias_opt, optval, optlen)) {
2072			kfree(ias_opt);
2073			err = -EFAULT;
2074			goto out;
2075		}
2076
2077		/* Find the object we target.
2078		 * If the user gives us an empty string, we use the object
2079		 * associated with this socket. This will workaround
2080		 * duplicated class name - Jean II */
2081		if(ias_opt->irda_class_name[0] == '\0')
2082			ias_obj = self->ias_obj;
2083		else
2084			ias_obj = irias_find_object(ias_opt->irda_class_name);
2085		if(ias_obj == (struct ias_object *) NULL) {
2086			kfree(ias_opt);
2087			err = -EINVAL;
2088			goto out;
2089		}
2090
2091		/* Only ROOT can mess with the global IAS database.
2092		 * Users can only del attributes from the object associated
2093		 * with the socket they own - Jean II */
2094		if((!capable(CAP_NET_ADMIN)) &&
2095		   ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
2096			kfree(ias_opt);
2097			err = -EPERM;
2098			goto out;
2099		}
2100
2101		/* Find the attribute (in the object) we target */
2102		ias_attr = irias_find_attrib(ias_obj,
2103					     ias_opt->irda_attrib_name);
2104		if(ias_attr == (struct ias_attrib *) NULL) {
2105			kfree(ias_opt);
2106			err = -EINVAL;
2107			goto out;
2108		}
2109
2110		/* Check is the user space own the object */
2111		if(ias_attr->value->owner != IAS_USER_ATTR) {
2112			IRDA_DEBUG(1, "%s(), attempting to delete a kernel attribute\n", __func__);
2113			kfree(ias_opt);
2114			err = -EPERM;
2115			goto out;
2116		}
2117
2118		/* Remove the attribute (and maybe the object) */
2119		irias_delete_attrib(ias_obj, ias_attr, 1);
2120		kfree(ias_opt);
2121		break;
2122	case IRLMP_MAX_SDU_SIZE:
2123		if (optlen < sizeof(int)) {
2124			err = -EINVAL;
2125			goto out;
2126		}
2127
2128		if (get_user(opt, (int __user *)optval)) {
2129			err = -EFAULT;
2130			goto out;
2131		}
2132
2133		/* Only possible for a seqpacket service (TTP with SAR) */
2134		if (sk->sk_type != SOCK_SEQPACKET) {
2135			IRDA_DEBUG(2, "%s(), setting max_sdu_size = %d\n",
2136				   __func__, opt);
2137			self->max_sdu_size_rx = opt;
2138		} else {
2139			IRDA_WARNING("%s: not allowed to set MAXSDUSIZE for this socket type!\n",
2140				     __func__);
2141			err = -ENOPROTOOPT;
2142			goto out;
2143		}
2144		break;
2145	case IRLMP_HINTS_SET:
2146		if (optlen < sizeof(int)) {
2147			err = -EINVAL;
2148			goto out;
2149		}
2150
2151		/* The input is really a (__u8 hints[2]), easier as an int */
2152		if (get_user(opt, (int __user *)optval)) {
2153			err = -EFAULT;
2154			goto out;
2155		}
2156
2157		/* Unregister any old registration */
2158		if (self->skey)
2159			irlmp_unregister_service(self->skey);
2160
2161		self->skey = irlmp_register_service((__u16) opt);
2162		break;
2163	case IRLMP_HINT_MASK_SET:
2164		/* As opposed to the previous case which set the hint bits
2165		 * that we advertise, this one set the filter we use when
2166		 * making a discovery (nodes which don't match any hint
2167		 * bit in the mask are not reported).
2168		 */
2169		if (optlen < sizeof(int)) {
2170			err = -EINVAL;
2171			goto out;
2172		}
2173
2174		/* The input is really a (__u8 hints[2]), easier as an int */
2175		if (get_user(opt, (int __user *)optval)) {
2176			err = -EFAULT;
2177			goto out;
2178		}
2179
2180		/* Set the new hint mask */
2181		self->mask.word = (__u16) opt;
2182		/* Mask out extension bits */
2183		self->mask.word &= 0x7f7f;
2184		/* Check if no bits */
2185		if(!self->mask.word)
2186			self->mask.word = 0xFFFF;
2187
2188		break;
2189	default:
2190		err = -ENOPROTOOPT;
2191		break;
2192	}
2193
2194out:
2195	release_sock(sk);
2196
2197	return err;
2198}
2199
2200/*
2201 * Function irda_extract_ias_value(ias_opt, ias_value)
2202 *
2203 *    Translate internal IAS value structure to the user space representation
2204 *
2205 * The external representation of IAS values, as we exchange them with
2206 * user space program is quite different from the internal representation,
2207 * as stored in the IAS database (because we need a flat structure for
2208 * crossing kernel boundary).
2209 * This function transform the former in the latter. We also check
2210 * that the value type is valid.
2211 */
2212static int irda_extract_ias_value(struct irda_ias_set *ias_opt,
2213				  struct ias_value *ias_value)
2214{
2215	/* Look at the type */
2216	switch (ias_value->type) {
2217	case IAS_INTEGER:
2218		/* Copy the integer */
2219		ias_opt->attribute.irda_attrib_int = ias_value->t.integer;
2220		break;
2221	case IAS_OCT_SEQ:
2222		/* Set length */
2223		ias_opt->attribute.irda_attrib_octet_seq.len = ias_value->len;
2224		/* Copy over */
2225		memcpy(ias_opt->attribute.irda_attrib_octet_seq.octet_seq,
2226		       ias_value->t.oct_seq, ias_value->len);
2227		break;
2228	case IAS_STRING:
2229		/* Set length */
2230		ias_opt->attribute.irda_attrib_string.len = ias_value->len;
2231		ias_opt->attribute.irda_attrib_string.charset = ias_value->charset;
2232		/* Copy over */
2233		memcpy(ias_opt->attribute.irda_attrib_string.string,
2234		       ias_value->t.string, ias_value->len);
2235		/* NULL terminate the string (avoid troubles) */
2236		ias_opt->attribute.irda_attrib_string.string[ias_value->len] = '\0';
2237		break;
2238	case IAS_MISSING:
2239	default :
2240		return -EINVAL;
2241	}
2242
2243	/* Copy type over */
2244	ias_opt->irda_attrib_type = ias_value->type;
2245
2246	return 0;
2247}
2248
2249/*
2250 * Function irda_getsockopt (sock, level, optname, optval, optlen)
2251 */
2252static int irda_getsockopt(struct socket *sock, int level, int optname,
2253			   char __user *optval, int __user *optlen)
2254{
2255	struct sock *sk = sock->sk;
2256	struct irda_sock *self = irda_sk(sk);
2257	struct irda_device_list list;
2258	struct irda_device_info *discoveries;
2259	struct irda_ias_set *	ias_opt;	/* IAS get/query params */
2260	struct ias_object *	ias_obj;	/* Object in IAS */
2261	struct ias_attrib *	ias_attr;	/* Attribute in IAS object */
2262	int daddr = DEV_ADDR_ANY;	/* Dest address for IAS queries */
2263	int val = 0;
2264	int len = 0;
2265	int err = 0;
2266	int offset, total;
2267
2268	IRDA_DEBUG(2, "%s(%p)\n", __func__, self);
2269
2270	if (level != SOL_IRLMP)
2271		return -ENOPROTOOPT;
2272
2273	if (get_user(len, optlen))
2274		return -EFAULT;
2275
2276	if(len < 0)
2277		return -EINVAL;
2278
2279	lock_sock(sk);
2280
2281	switch (optname) {
2282	case IRLMP_ENUMDEVICES:
2283		/* Ask lmp for the current discovery log */
2284		discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
2285						    self->nslots);
2286		/* Check if the we got some results */
2287		if (discoveries == NULL) {
2288			err = -EAGAIN;
2289			goto out;		/* Didn't find any devices */
2290		}
2291
2292		/* Write total list length back to client */
2293		if (copy_to_user(optval, &list,
2294				 sizeof(struct irda_device_list) -
2295				 sizeof(struct irda_device_info)))
2296			err = -EFAULT;
2297
2298		/* Offset to first device entry */
2299		offset = sizeof(struct irda_device_list) -
2300			sizeof(struct irda_device_info);
2301
2302		/* Copy the list itself - watch for overflow */
2303		if (list.len > 2048) {
2304			err = -EINVAL;
2305			goto bed;
2306		}
2307		total = offset + (list.len * sizeof(struct irda_device_info));
2308		if (total > len)
2309			total = len;
2310		if (copy_to_user(optval+offset, discoveries, total - offset))
2311			err = -EFAULT;
2312
2313		/* Write total number of bytes used back to client */
2314		if (put_user(total, optlen))
2315			err = -EFAULT;
2316bed:
2317		/* Free up our buffer */
2318		kfree(discoveries);
2319		break;
2320	case IRLMP_MAX_SDU_SIZE:
2321		val = self->max_data_size;
2322		len = sizeof(int);
2323		if (put_user(len, optlen)) {
2324			err = -EFAULT;
2325			goto out;
2326		}
2327
2328		if (copy_to_user(optval, &val, len)) {
2329			err = -EFAULT;
2330			goto out;
2331		}
2332
2333		break;
2334	case IRLMP_IAS_GET:
2335		/* The user want an object from our local IAS database.
2336		 * We just need to query the IAS and return the value
2337		 * that we found */
2338
2339		/* Check that the user has allocated the right space for us */
2340		if (len != sizeof(struct irda_ias_set)) {
2341			err = -EINVAL;
2342			goto out;
2343		}
2344
2345		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2346		if (ias_opt == NULL) {
2347			err = -ENOMEM;
2348			goto out;
2349		}
2350
2351		/* Copy query to the driver. */
2352		if (copy_from_user(ias_opt, optval, len)) {
2353			kfree(ias_opt);
2354			err = -EFAULT;
2355			goto out;
2356		}
2357
2358		/* Find the object we target.
2359		 * If the user gives us an empty string, we use the object
2360		 * associated with this socket. This will workaround
2361		 * duplicated class name - Jean II */
2362		if(ias_opt->irda_class_name[0] == '\0')
2363			ias_obj = self->ias_obj;
2364		else
2365			ias_obj = irias_find_object(ias_opt->irda_class_name);
2366		if(ias_obj == (struct ias_object *) NULL) {
2367			kfree(ias_opt);
2368			err = -EINVAL;
2369			goto out;
2370		}
2371
2372		/* Find the attribute (in the object) we target */
2373		ias_attr = irias_find_attrib(ias_obj,
2374					     ias_opt->irda_attrib_name);
2375		if(ias_attr == (struct ias_attrib *) NULL) {
2376			kfree(ias_opt);
2377			err = -EINVAL;
2378			goto out;
2379		}
2380
2381		/* Translate from internal to user structure */
2382		err = irda_extract_ias_value(ias_opt, ias_attr->value);
2383		if(err) {
2384			kfree(ias_opt);
2385			goto out;
2386		}
2387
2388		/* Copy reply to the user */
2389		if (copy_to_user(optval, ias_opt,
2390				 sizeof(struct irda_ias_set))) {
2391			kfree(ias_opt);
2392			err = -EFAULT;
2393			goto out;
2394		}
2395		/* Note : don't need to put optlen, we checked it */
2396		kfree(ias_opt);
2397		break;
2398	case IRLMP_IAS_QUERY:
2399		/* The user want an object from a remote IAS database.
2400		 * We need to use IAP to query the remote database and
2401		 * then wait for the answer to come back. */
2402
2403		/* Check that the user has allocated the right space for us */
2404		if (len != sizeof(struct irda_ias_set)) {
2405			err = -EINVAL;
2406			goto out;
2407		}
2408
2409		ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
2410		if (ias_opt == NULL) {
2411			err = -ENOMEM;
2412			goto out;
2413		}
2414
2415		/* Copy query to the driver. */
2416		if (copy_from_user(ias_opt, optval, len)) {
2417			kfree(ias_opt);
2418			err = -EFAULT;
2419			goto out;
2420		}
2421
2422		/* At this point, there are two cases...
2423		 * 1) the socket is connected - that's the easy case, we
2424		 *	just query the device we are connected to...
2425		 * 2) the socket is not connected - the user doesn't want
2426		 *	to connect and/or may not have a valid service name
2427		 *	(so can't create a fake connection). In this case,
2428		 *	we assume that the user pass us a valid destination
2429		 *	address in the requesting structure...
2430		 */
2431		if(self->daddr != DEV_ADDR_ANY) {
2432			/* We are connected - reuse known daddr */
2433			daddr = self->daddr;
2434		} else {
2435			/* We are not connected, we must specify a valid
2436			 * destination address */
2437			daddr = ias_opt->daddr;
2438			if((!daddr) || (daddr == DEV_ADDR_ANY)) {
2439				kfree(ias_opt);
2440				err = -EINVAL;
2441				goto out;
2442			}
2443		}
2444
2445		/* Check that we can proceed with IAP */
2446		if (self->iriap) {
2447			IRDA_WARNING("%s: busy with a previous query\n",
2448				     __func__);
2449			kfree(ias_opt);
2450			err = -EBUSY;
2451			goto out;
2452		}
2453
2454		self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self,
2455					 irda_getvalue_confirm);
2456
2457		if (self->iriap == NULL) {
2458			kfree(ias_opt);
2459			err = -ENOMEM;
2460			goto out;
2461		}
2462
2463		/* Treat unexpected wakeup as disconnect */
2464		self->errno = -EHOSTUNREACH;
2465
2466		/* Query remote LM-IAS */
2467		iriap_getvaluebyclass_request(self->iriap,
2468					      self->saddr, daddr,
2469					      ias_opt->irda_class_name,
2470					      ias_opt->irda_attrib_name);
2471
2472		/* Wait for answer, if not yet finished (or failed) */
2473		if (wait_event_interruptible(self->query_wait,
2474					     (self->iriap == NULL))) {
2475			/* pending request uses copy of ias_opt-content
2476			 * we can free it regardless! */
2477			kfree(ias_opt);
2478			/* Treat signals as disconnect */
2479			err = -EHOSTUNREACH;
2480			goto out;
2481		}
2482
2483		/* Check what happened */
2484		if (self->errno)
2485		{
2486			kfree(ias_opt);
2487			/* Requested object/attribute doesn't exist */
2488			if((self->errno == IAS_CLASS_UNKNOWN) ||
2489			   (self->errno == IAS_ATTRIB_UNKNOWN))
2490				err = -EADDRNOTAVAIL;
2491			else
2492				err = -EHOSTUNREACH;
2493
2494			goto out;
2495		}
2496
2497		/* Translate from internal to user structure */
2498		err = irda_extract_ias_value(ias_opt, self->ias_result);
2499		if (self->ias_result)
2500			irias_delete_value(self->ias_result);
2501		if (err) {
2502			kfree(ias_opt);
2503			goto out;
2504		}
2505
2506		/* Copy reply to the user */
2507		if (copy_to_user(optval, ias_opt,
2508				 sizeof(struct irda_ias_set))) {
2509			kfree(ias_opt);
2510			err = -EFAULT;
2511			goto out;
2512		}
2513		/* Note : don't need to put optlen, we checked it */
2514		kfree(ias_opt);
2515		break;
2516	case IRLMP_WAITDEVICE:
2517		/* This function is just another way of seeing life ;-)
2518		 * IRLMP_ENUMDEVICES assumes that you have a static network,
2519		 * and that you just want to pick one of the devices present.
2520		 * On the other hand, in here we assume that no device is
2521		 * present and that at some point in the future a device will
2522		 * come into range. When this device arrive, we just wake
2523		 * up the caller, so that he has time to connect to it before
2524		 * the device goes away...
2525		 * Note : once the node has been discovered for more than a
2526		 * few second, it won't trigger this function, unless it
2527		 * goes away and come back changes its hint bits (so we
2528		 * might call it IRLMP_WAITNEWDEVICE).
2529		 */
2530
2531		/* Check that the user is passing us an int */
2532		if (len != sizeof(int)) {
2533			err = -EINVAL;
2534			goto out;
2535		}
2536		/* Get timeout in ms (max time we block the caller) */
2537		if (get_user(val, (int __user *)optval)) {
2538			err = -EFAULT;
2539			goto out;
2540		}
2541
2542		/* Tell IrLMP we want to be notified */
2543		irlmp_update_client(self->ckey, self->mask.word,
2544				    irda_selective_discovery_indication,
2545				    NULL, (void *) self);
2546
2547		/* Do some discovery (and also return cached results) */
2548		irlmp_discovery_request(self->nslots);
2549
2550		/* Wait until a node is discovered */
2551		if (!self->cachedaddr) {
2552			IRDA_DEBUG(1, "%s(), nothing discovered yet, going to sleep...\n", __func__);
2553
2554			/* Set watchdog timer to expire in <val> ms. */
2555			self->errno = 0;
2556			setup_timer(&self->watchdog, irda_discovery_timeout,
2557					(unsigned long)self);
2558			self->watchdog.expires = jiffies + (val * HZ/1000);
2559			add_timer(&(self->watchdog));
2560
2561			/* Wait for IR-LMP to call us back */
2562			__wait_event_interruptible(self->query_wait,
2563			      (self->cachedaddr != 0 || self->errno == -ETIME),
2564						   err);
2565
2566			/* If watchdog is still activated, kill it! */
2567			if(timer_pending(&(self->watchdog)))
2568				del_timer(&(self->watchdog));
2569
2570			IRDA_DEBUG(1, "%s(), ...waking up !\n", __func__);
2571
2572			if (err != 0)
2573				goto out;
2574		}
2575		else
2576			IRDA_DEBUG(1, "%s(), found immediately !\n",
2577				   __func__);
2578
2579		/* Tell IrLMP that we have been notified */
2580		irlmp_update_client(self->ckey, self->mask.word,
2581				    NULL, NULL, NULL);
2582
2583		/* Check if the we got some results */
2584		if (!self->cachedaddr)
2585			return -EAGAIN;		/* Didn't find any devices */
2586		daddr = self->cachedaddr;
2587		/* Cleanup */
2588		self->cachedaddr = 0;
2589
2590		/* We return the daddr of the device that trigger the
2591		 * wakeup. As irlmp pass us only the new devices, we
2592		 * are sure that it's not an old device.
2593		 * If the user want more details, he should query
2594		 * the whole discovery log and pick one device...
2595		 */
2596		if (put_user(daddr, (int __user *)optval)) {
2597			err = -EFAULT;
2598			goto out;
2599		}
2600
2601		break;
2602	default:
2603		err = -ENOPROTOOPT;
2604	}
2605
2606out:
2607
2608	release_sock(sk);
2609
2610	return err;
2611}
2612
2613static const struct net_proto_family irda_family_ops = {
2614	.family = PF_IRDA,
2615	.create = irda_create,
2616	.owner	= THIS_MODULE,
2617};
2618
2619static const struct proto_ops irda_stream_ops = {
2620	.family =	PF_IRDA,
2621	.owner =	THIS_MODULE,
2622	.release =	irda_release,
2623	.bind =		irda_bind,
2624	.connect =	irda_connect,
2625	.socketpair =	sock_no_socketpair,
2626	.accept =	irda_accept,
2627	.getname =	irda_getname,
2628	.poll =		irda_poll,
2629	.ioctl =	irda_ioctl,
2630#ifdef CONFIG_COMPAT
2631	.compat_ioctl =	irda_compat_ioctl,
2632#endif
2633	.listen =	irda_listen,
2634	.shutdown =	irda_shutdown,
2635	.setsockopt =	irda_setsockopt,
2636	.getsockopt =	irda_getsockopt,
2637	.sendmsg =	irda_sendmsg,
2638	.recvmsg =	irda_recvmsg_stream,
2639	.mmap =		sock_no_mmap,
2640	.sendpage =	sock_no_sendpage,
2641};
2642
2643static const struct proto_ops irda_seqpacket_ops = {
2644	.family =	PF_IRDA,
2645	.owner =	THIS_MODULE,
2646	.release =	irda_release,
2647	.bind =		irda_bind,
2648	.connect =	irda_connect,
2649	.socketpair =	sock_no_socketpair,
2650	.accept =	irda_accept,
2651	.getname =	irda_getname,
2652	.poll =		datagram_poll,
2653	.ioctl =	irda_ioctl,
2654#ifdef CONFIG_COMPAT
2655	.compat_ioctl =	irda_compat_ioctl,
2656#endif
2657	.listen =	irda_listen,
2658	.shutdown =	irda_shutdown,
2659	.setsockopt =	irda_setsockopt,
2660	.getsockopt =	irda_getsockopt,
2661	.sendmsg =	irda_sendmsg,
2662	.recvmsg =	irda_recvmsg_dgram,
2663	.mmap =		sock_no_mmap,
2664	.sendpage =	sock_no_sendpage,
2665};
2666
2667static const struct proto_ops irda_dgram_ops = {
2668	.family =	PF_IRDA,
2669	.owner =	THIS_MODULE,
2670	.release =	irda_release,
2671	.bind =		irda_bind,
2672	.connect =	irda_connect,
2673	.socketpair =	sock_no_socketpair,
2674	.accept =	irda_accept,
2675	.getname =	irda_getname,
2676	.poll =		datagram_poll,
2677	.ioctl =	irda_ioctl,
2678#ifdef CONFIG_COMPAT
2679	.compat_ioctl =	irda_compat_ioctl,
2680#endif
2681	.listen =	irda_listen,
2682	.shutdown =	irda_shutdown,
2683	.setsockopt =	irda_setsockopt,
2684	.getsockopt =	irda_getsockopt,
2685	.sendmsg =	irda_sendmsg_dgram,
2686	.recvmsg =	irda_recvmsg_dgram,
2687	.mmap =		sock_no_mmap,
2688	.sendpage =	sock_no_sendpage,
2689};
2690
2691#ifdef CONFIG_IRDA_ULTRA
2692static const struct proto_ops irda_ultra_ops = {
2693	.family =	PF_IRDA,
2694	.owner =	THIS_MODULE,
2695	.release =	irda_release,
2696	.bind =		irda_bind,
2697	.connect =	sock_no_connect,
2698	.socketpair =	sock_no_socketpair,
2699	.accept =	sock_no_accept,
2700	.getname =	irda_getname,
2701	.poll =		datagram_poll,
2702	.ioctl =	irda_ioctl,
2703#ifdef CONFIG_COMPAT
2704	.compat_ioctl =	irda_compat_ioctl,
2705#endif
2706	.listen =	sock_no_listen,
2707	.shutdown =	irda_shutdown,
2708	.setsockopt =	irda_setsockopt,
2709	.getsockopt =	irda_getsockopt,
2710	.sendmsg =	irda_sendmsg_ultra,
2711	.recvmsg =	irda_recvmsg_dgram,
2712	.mmap =		sock_no_mmap,
2713	.sendpage =	sock_no_sendpage,
2714};
2715#endif /* CONFIG_IRDA_ULTRA */
2716
2717/*
2718 * Function irsock_init (pro)
2719 *
2720 *    Initialize IrDA protocol
2721 *
2722 */
2723int __init irsock_init(void)
2724{
2725	int rc = proto_register(&irda_proto, 0);
2726
2727	if (rc == 0)
2728		rc = sock_register(&irda_family_ops);
2729
2730	return rc;
2731}
2732
2733/*
2734 * Function irsock_cleanup (void)
2735 *
2736 *    Remove IrDA protocol
2737 *
2738 */
2739void irsock_cleanup(void)
2740{
2741	sock_unregister(PF_IRDA);
2742	proto_unregister(&irda_proto);
2743}
Configure Feed

Configure Feed
