projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Refactor deferred setup test in rfcomm_dlc_close()
[deliverable/linux.git] / net / bluetooth / rfcomm / core.c
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define VERSION "1.11"
39
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45 static struct task_struct *rfcomm_thread;
46
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52 static LIST_HEAD(session_list);
53
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65 static void rfcomm_process_connect(struct rfcomm_session *s);
66
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
79
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
83
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
89
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
92
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
103
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
110
111 /* ---- RFCOMM FCS computation ---- */
112
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154 };
155
156 /* CRC on 2 bytes */
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
159 /* FCS on 2 bytes */
160 static inline u8 __fcs(u8 *data)
161 {
162 return 0xff - __crc(data);
163 }
164
165 /* FCS on 3 bytes */
166 static inline u8 __fcs2(u8 *data)
167 {
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
169 }
170
171 /* Check FCS */
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
173 {
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 }
181
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
184 {
185 BT_DBG("%p state %d", sk, sk->sk_state);
186 rfcomm_schedule();
187 }
188
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190 {
191 BT_DBG("%p bytes %d", sk, bytes);
192 rfcomm_schedule();
193 }
194
195 static int rfcomm_l2sock_create(struct socket **sock)
196 {
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208 }
209
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
211 {
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 case BT_SECURITY_FIPS:
220 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 break;
222 case BT_SECURITY_MEDIUM:
223 auth_type = HCI_AT_GENERAL_BONDING;
224 break;
225 default:
226 auth_type = HCI_AT_NO_BONDING;
227 break;
228 }
229
230 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
231 }
232
233 static void rfcomm_session_timeout(unsigned long arg)
234 {
235 struct rfcomm_session *s = (void *) arg;
236
237 BT_DBG("session %p state %ld", s, s->state);
238
239 set_bit(RFCOMM_TIMED_OUT, &s->flags);
240 rfcomm_schedule();
241 }
242
243 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 {
245 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246
247 mod_timer(&s->timer, jiffies + timeout);
248 }
249
250 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 {
252 BT_DBG("session %p state %ld", s, s->state);
253
254 del_timer_sync(&s->timer);
255 }
256
257 /* ---- RFCOMM DLCs ---- */
258 static void rfcomm_dlc_timeout(unsigned long arg)
259 {
260 struct rfcomm_dlc *d = (void *) arg;
261
262 BT_DBG("dlc %p state %ld", d, d->state);
263
264 set_bit(RFCOMM_TIMED_OUT, &d->flags);
265 rfcomm_dlc_put(d);
266 rfcomm_schedule();
267 }
268
269 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 {
271 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272
273 if (!mod_timer(&d->timer, jiffies + timeout))
274 rfcomm_dlc_hold(d);
275 }
276
277 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 {
279 BT_DBG("dlc %p state %ld", d, d->state);
280
281 if (del_timer(&d->timer))
282 rfcomm_dlc_put(d);
283 }
284
285 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
286 {
287 BT_DBG("%p", d);
288
289 d->state = BT_OPEN;
290 d->flags = 0;
291 d->mscex = 0;
292 d->sec_level = BT_SECURITY_LOW;
293 d->mtu = RFCOMM_DEFAULT_MTU;
294 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295
296 d->cfc = RFCOMM_CFC_DISABLED;
297 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
298 }
299
300 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 {
302 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
303
304 if (!d)
305 return NULL;
306
307 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308
309 skb_queue_head_init(&d->tx_queue);
310 spin_lock_init(&d->lock);
311 atomic_set(&d->refcnt, 1);
312
313 rfcomm_dlc_clear_state(d);
314
315 BT_DBG("%p", d);
316
317 return d;
318 }
319
320 void rfcomm_dlc_free(struct rfcomm_dlc *d)
321 {
322 BT_DBG("%p", d);
323
324 skb_queue_purge(&d->tx_queue);
325 kfree(d);
326 }
327
328 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 {
330 BT_DBG("dlc %p session %p", d, s);
331
332 rfcomm_session_clear_timer(s);
333 rfcomm_dlc_hold(d);
334 list_add(&d->list, &s->dlcs);
335 d->session = s;
336 }
337
338 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 {
340 struct rfcomm_session *s = d->session;
341
342 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
343
344 list_del(&d->list);
345 d->session = NULL;
346 rfcomm_dlc_put(d);
347
348 if (list_empty(&s->dlcs))
349 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
350 }
351
352 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 {
354 struct rfcomm_dlc *d;
355
356 list_for_each_entry(d, &s->dlcs, list)
357 if (d->dlci == dlci)
358 return d;
359
360 return NULL;
361 }
362
363 static int rfcomm_check_channel(u8 channel)
364 {
365 return channel < 1 || channel > 30;
366 }
367
368 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
369 {
370 struct rfcomm_session *s;
371 int err = 0;
372 u8 dlci;
373
374 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
375 d, d->state, src, dst, channel);
376
377 if (rfcomm_check_channel(channel))
378 return -EINVAL;
379
380 if (d->state != BT_OPEN && d->state != BT_CLOSED)
381 return 0;
382
383 s = rfcomm_session_get(src, dst);
384 if (!s) {
385 s = rfcomm_session_create(src, dst, d->sec_level, &err);
386 if (!s)
387 return err;
388 }
389
390 dlci = __dlci(!s->initiator, channel);
391
392 /* Check if DLCI already exists */
393 if (rfcomm_dlc_get(s, dlci))
394 return -EBUSY;
395
396 rfcomm_dlc_clear_state(d);
397
398 d->dlci = dlci;
399 d->addr = __addr(s->initiator, dlci);
400 d->priority = 7;
401
402 d->state = BT_CONFIG;
403 rfcomm_dlc_link(s, d);
404
405 d->out = 1;
406
407 d->mtu = s->mtu;
408 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
409
410 if (s->state == BT_CONNECTED) {
411 if (rfcomm_check_security(d))
412 rfcomm_send_pn(s, 1, d);
413 else
414 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
415 }
416
417 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
418
419 return 0;
420 }
421
422 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
423 {
424 int r;
425
426 rfcomm_lock();
427
428 r = __rfcomm_dlc_open(d, src, dst, channel);
429
430 rfcomm_unlock();
431 return r;
432 }
433
434 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
435 {
436 struct rfcomm_session *s = d->session;
437 if (!s)
438 return 0;
439
440 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
441 d, d->state, d->dlci, err, s);
442
443 switch (d->state) {
444 case BT_CONNECT:
445 case BT_CONFIG:
446 case BT_OPEN:
447 case BT_CONNECT2:
448 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
449 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
450 rfcomm_schedule();
451 return 0;
452 }
453 }
454
455 switch (d->state) {
456 case BT_CONNECT:
457 case BT_CONFIG:
458 /* Fall through */
459
460 case BT_CONNECTED:
461 d->state = BT_DISCONN;
462 if (skb_queue_empty(&d->tx_queue)) {
463 rfcomm_send_disc(s, d->dlci);
464 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
465 } else {
466 rfcomm_queue_disc(d);
467 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
468 }
469 break;
470
471 default:
472 rfcomm_dlc_clear_timer(d);
473
474 rfcomm_dlc_lock(d);
475 d->state = BT_CLOSED;
476 d->state_change(d, err);
477 rfcomm_dlc_unlock(d);
478
479 skb_queue_purge(&d->tx_queue);
480 rfcomm_dlc_unlink(d);
481 }
482
483 return 0;
484 }
485
486 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
487 {
488 int r = 0;
489 struct rfcomm_dlc *d_list;
490 struct rfcomm_session *s, *s_list;
491
492 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
493
494 rfcomm_lock();
495
496 s = d->session;
497 if (!s)
498 goto no_session;
499
500 /* after waiting on the mutex check the session still exists
501 * then check the dlc still exists
502 */
503 list_for_each_entry(s_list, &session_list, list) {
504 if (s_list == s) {
505 list_for_each_entry(d_list, &s->dlcs, list) {
506 if (d_list == d) {
507 r = __rfcomm_dlc_close(d, err);
508 break;
509 }
510 }
511 break;
512 }
513 }
514
515 no_session:
516 rfcomm_unlock();
517 return r;
518 }
519
520 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
521 {
522 struct rfcomm_session *s;
523 struct rfcomm_dlc *dlc = NULL;
524 u8 dlci;
525
526 if (rfcomm_check_channel(channel))
527 return ERR_PTR(-EINVAL);
528
529 rfcomm_lock();
530 s = rfcomm_session_get(src, dst);
531 if (s) {
532 dlci = __dlci(!s->initiator, channel);
533 dlc = rfcomm_dlc_get(s, dlci);
534 }
535 rfcomm_unlock();
536 return dlc;
537 }
538
539 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
540 {
541 int len = skb->len;
542
543 if (d->state != BT_CONNECTED)
544 return -ENOTCONN;
545
546 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
547
548 if (len > d->mtu)
549 return -EINVAL;
550
551 rfcomm_make_uih(skb, d->addr);
552 skb_queue_tail(&d->tx_queue, skb);
553
554 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
555 rfcomm_schedule();
556 return len;
557 }
558
559 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
560 {
561 BT_DBG("dlc %p state %ld", d, d->state);
562
563 if (!d->cfc) {
564 d->v24_sig |= RFCOMM_V24_FC;
565 set_bit(RFCOMM_MSC_PENDING, &d->flags);
566 }
567 rfcomm_schedule();
568 }
569
570 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
571 {
572 BT_DBG("dlc %p state %ld", d, d->state);
573
574 if (!d->cfc) {
575 d->v24_sig &= ~RFCOMM_V24_FC;
576 set_bit(RFCOMM_MSC_PENDING, &d->flags);
577 }
578 rfcomm_schedule();
579 }
580
581 /*
582 Set/get modem status functions use _local_ status i.e. what we report
583 to the other side.
584 Remote status is provided by dlc->modem_status() callback.
585 */
586 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
587 {
588 BT_DBG("dlc %p state %ld v24_sig 0x%x",
589 d, d->state, v24_sig);
590
591 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
592 v24_sig |= RFCOMM_V24_FC;
593 else
594 v24_sig &= ~RFCOMM_V24_FC;
595
596 d->v24_sig = v24_sig;
597
598 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
599 rfcomm_schedule();
600
601 return 0;
602 }
603
604 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
605 {
606 BT_DBG("dlc %p state %ld v24_sig 0x%x",
607 d, d->state, d->v24_sig);
608
609 *v24_sig = d->v24_sig;
610 return 0;
611 }
612
613 /* ---- RFCOMM sessions ---- */
614 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
615 {
616 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
617
618 if (!s)
619 return NULL;
620
621 BT_DBG("session %p sock %p", s, sock);
622
623 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
624
625 INIT_LIST_HEAD(&s->dlcs);
626 s->state = state;
627 s->sock = sock;
628
629 s->mtu = RFCOMM_DEFAULT_MTU;
630 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
631
632 /* Do not increment module usage count for listening sessions.
633 * Otherwise we won't be able to unload the module. */
634 if (state != BT_LISTEN)
635 if (!try_module_get(THIS_MODULE)) {
636 kfree(s);
637 return NULL;
638 }
639
640 list_add(&s->list, &session_list);
641
642 return s;
643 }
644
645 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
646 {
647 int state = s->state;
648
649 BT_DBG("session %p state %ld", s, s->state);
650
651 list_del(&s->list);
652
653 rfcomm_session_clear_timer(s);
654 sock_release(s->sock);
655 kfree(s);
656
657 if (state != BT_LISTEN)
658 module_put(THIS_MODULE);
659
660 return NULL;
661 }
662
663 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
664 {
665 struct rfcomm_session *s;
666 struct list_head *p, *n;
667 struct l2cap_chan *chan;
668 list_for_each_safe(p, n, &session_list) {
669 s = list_entry(p, struct rfcomm_session, list);
670 chan = l2cap_pi(s->sock->sk)->chan;
671
672 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
673 !bacmp(&chan->dst, dst))
674 return s;
675 }
676 return NULL;
677 }
678
679 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
680 int err)
681 {
682 struct rfcomm_dlc *d;
683 struct list_head *p, *n;
684
685 s->state = BT_CLOSED;
686
687 BT_DBG("session %p state %ld err %d", s, s->state, err);
688
689 /* Close all dlcs */
690 list_for_each_safe(p, n, &s->dlcs) {
691 d = list_entry(p, struct rfcomm_dlc, list);
692 d->state = BT_CLOSED;
693 __rfcomm_dlc_close(d, err);
694 }
695
696 rfcomm_session_clear_timer(s);
697 return rfcomm_session_del(s);
698 }
699
700 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
701 bdaddr_t *dst,
702 u8 sec_level,
703 int *err)
704 {
705 struct rfcomm_session *s = NULL;
706 struct sockaddr_l2 addr;
707 struct socket *sock;
708 struct sock *sk;
709
710 BT_DBG("%pMR -> %pMR", src, dst);
711
712 *err = rfcomm_l2sock_create(&sock);
713 if (*err < 0)
714 return NULL;
715
716 bacpy(&addr.l2_bdaddr, src);
717 addr.l2_family = AF_BLUETOOTH;
718 addr.l2_psm = 0;
719 addr.l2_cid = 0;
720 addr.l2_bdaddr_type = BDADDR_BREDR;
721 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
722 if (*err < 0)
723 goto failed;
724
725 /* Set L2CAP options */
726 sk = sock->sk;
727 lock_sock(sk);
728 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
729 l2cap_pi(sk)->chan->sec_level = sec_level;
730 if (l2cap_ertm)
731 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
732 release_sock(sk);
733
734 s = rfcomm_session_add(sock, BT_BOUND);
735 if (!s) {
736 *err = -ENOMEM;
737 goto failed;
738 }
739
740 s->initiator = 1;
741
742 bacpy(&addr.l2_bdaddr, dst);
743 addr.l2_family = AF_BLUETOOTH;
744 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
745 addr.l2_cid = 0;
746 addr.l2_bdaddr_type = BDADDR_BREDR;
747 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
748 if (*err == 0 || *err == -EINPROGRESS)
749 return s;
750
751 return rfcomm_session_del(s);
752
753 failed:
754 sock_release(sock);
755 return NULL;
756 }
757
758 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
759 {
760 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
761 if (src)
762 bacpy(src, &chan->src);
763 if (dst)
764 bacpy(dst, &chan->dst);
765 }
766
767 /* ---- RFCOMM frame sending ---- */
768 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
769 {
770 struct kvec iv = { data, len };
771 struct msghdr msg;
772
773 BT_DBG("session %p len %d", s, len);
774
775 memset(&msg, 0, sizeof(msg));
776
777 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
778 }
779
780 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
781 {
782 BT_DBG("%p cmd %u", s, cmd->ctrl);
783
784 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
785 }
786
787 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
788 {
789 struct rfcomm_cmd cmd;
790
791 BT_DBG("%p dlci %d", s, dlci);
792
793 cmd.addr = __addr(s->initiator, dlci);
794 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
795 cmd.len = __len8(0);
796 cmd.fcs = __fcs2((u8 *) &cmd);
797
798 return rfcomm_send_cmd(s, &cmd);
799 }
800
801 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
802 {
803 struct rfcomm_cmd cmd;
804
805 BT_DBG("%p dlci %d", s, dlci);
806
807 cmd.addr = __addr(!s->initiator, dlci);
808 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
809 cmd.len = __len8(0);
810 cmd.fcs = __fcs2((u8 *) &cmd);
811
812 return rfcomm_send_cmd(s, &cmd);
813 }
814
815 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
816 {
817 struct rfcomm_cmd cmd;
818
819 BT_DBG("%p dlci %d", s, dlci);
820
821 cmd.addr = __addr(s->initiator, dlci);
822 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
823 cmd.len = __len8(0);
824 cmd.fcs = __fcs2((u8 *) &cmd);
825
826 return rfcomm_send_cmd(s, &cmd);
827 }
828
829 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
830 {
831 struct rfcomm_cmd *cmd;
832 struct sk_buff *skb;
833
834 BT_DBG("dlc %p dlci %d", d, d->dlci);
835
836 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
837 if (!skb)
838 return -ENOMEM;
839
840 cmd = (void *) __skb_put(skb, sizeof(*cmd));
841 cmd->addr = d->addr;
842 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
843 cmd->len = __len8(0);
844 cmd->fcs = __fcs2((u8 *) cmd);
845
846 skb_queue_tail(&d->tx_queue, skb);
847 rfcomm_schedule();
848 return 0;
849 }
850
851 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
852 {
853 struct rfcomm_cmd cmd;
854
855 BT_DBG("%p dlci %d", s, dlci);
856
857 cmd.addr = __addr(!s->initiator, dlci);
858 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
859 cmd.len = __len8(0);
860 cmd.fcs = __fcs2((u8 *) &cmd);
861
862 return rfcomm_send_cmd(s, &cmd);
863 }
864
865 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
866 {
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 u8 buf[16], *ptr = buf;
870
871 BT_DBG("%p cr %d type %d", s, cr, type);
872
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + 1);
877
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_NSC);
880 mcc->len = __len8(1);
881
882 /* Type that we didn't like */
883 *ptr = __mcc_type(cr, type); ptr++;
884
885 *ptr = __fcs(buf); ptr++;
886
887 return rfcomm_send_frame(s, buf, ptr - buf);
888 }
889
890 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
891 {
892 struct rfcomm_hdr *hdr;
893 struct rfcomm_mcc *mcc;
894 struct rfcomm_pn *pn;
895 u8 buf[16], *ptr = buf;
896
897 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
898
899 hdr = (void *) ptr; ptr += sizeof(*hdr);
900 hdr->addr = __addr(s->initiator, 0);
901 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
902 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
903
904 mcc = (void *) ptr; ptr += sizeof(*mcc);
905 mcc->type = __mcc_type(cr, RFCOMM_PN);
906 mcc->len = __len8(sizeof(*pn));
907
908 pn = (void *) ptr; ptr += sizeof(*pn);
909 pn->dlci = d->dlci;
910 pn->priority = d->priority;
911 pn->ack_timer = 0;
912 pn->max_retrans = 0;
913
914 if (s->cfc) {
915 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
916 pn->credits = RFCOMM_DEFAULT_CREDITS;
917 } else {
918 pn->flow_ctrl = 0;
919 pn->credits = 0;
920 }
921
922 if (cr && channel_mtu >= 0)
923 pn->mtu = cpu_to_le16(channel_mtu);
924 else
925 pn->mtu = cpu_to_le16(d->mtu);
926
927 *ptr = __fcs(buf); ptr++;
928
929 return rfcomm_send_frame(s, buf, ptr - buf);
930 }
931
932 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
933 u8 bit_rate, u8 data_bits, u8 stop_bits,
934 u8 parity, u8 flow_ctrl_settings,
935 u8 xon_char, u8 xoff_char, u16 param_mask)
936 {
937 struct rfcomm_hdr *hdr;
938 struct rfcomm_mcc *mcc;
939 struct rfcomm_rpn *rpn;
940 u8 buf[16], *ptr = buf;
941
942 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
943 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
944 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
945 flow_ctrl_settings, xon_char, xoff_char, param_mask);
946
947 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->addr = __addr(s->initiator, 0);
949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
950 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
951
952 mcc = (void *) ptr; ptr += sizeof(*mcc);
953 mcc->type = __mcc_type(cr, RFCOMM_RPN);
954 mcc->len = __len8(sizeof(*rpn));
955
956 rpn = (void *) ptr; ptr += sizeof(*rpn);
957 rpn->dlci = __addr(1, dlci);
958 rpn->bit_rate = bit_rate;
959 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
960 rpn->flow_ctrl = flow_ctrl_settings;
961 rpn->xon_char = xon_char;
962 rpn->xoff_char = xoff_char;
963 rpn->param_mask = cpu_to_le16(param_mask);
964
965 *ptr = __fcs(buf); ptr++;
966
967 return rfcomm_send_frame(s, buf, ptr - buf);
968 }
969
970 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
971 {
972 struct rfcomm_hdr *hdr;
973 struct rfcomm_mcc *mcc;
974 struct rfcomm_rls *rls;
975 u8 buf[16], *ptr = buf;
976
977 BT_DBG("%p cr %d status 0x%x", s, cr, status);
978
979 hdr = (void *) ptr; ptr += sizeof(*hdr);
980 hdr->addr = __addr(s->initiator, 0);
981 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
982 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
983
984 mcc = (void *) ptr; ptr += sizeof(*mcc);
985 mcc->type = __mcc_type(cr, RFCOMM_RLS);
986 mcc->len = __len8(sizeof(*rls));
987
988 rls = (void *) ptr; ptr += sizeof(*rls);
989 rls->dlci = __addr(1, dlci);
990 rls->status = status;
991
992 *ptr = __fcs(buf); ptr++;
993
994 return rfcomm_send_frame(s, buf, ptr - buf);
995 }
996
997 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
998 {
999 struct rfcomm_hdr *hdr;
1000 struct rfcomm_mcc *mcc;
1001 struct rfcomm_msc *msc;
1002 u8 buf[16], *ptr = buf;
1003
1004 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1005
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1010
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1013 mcc->len = __len8(sizeof(*msc));
1014
1015 msc = (void *) ptr; ptr += sizeof(*msc);
1016 msc->dlci = __addr(1, dlci);
1017 msc->v24_sig = v24_sig | 0x01;
1018
1019 *ptr = __fcs(buf); ptr++;
1020
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1022 }
1023
1024 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1025 {
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 u8 buf[16], *ptr = buf;
1029
1030 BT_DBG("%p cr %d", s, cr);
1031
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc));
1036
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1039 mcc->len = __len8(0);
1040
1041 *ptr = __fcs(buf); ptr++;
1042
1043 return rfcomm_send_frame(s, buf, ptr - buf);
1044 }
1045
1046 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1047 {
1048 struct rfcomm_hdr *hdr;
1049 struct rfcomm_mcc *mcc;
1050 u8 buf[16], *ptr = buf;
1051
1052 BT_DBG("%p cr %d", s, cr);
1053
1054 hdr = (void *) ptr; ptr += sizeof(*hdr);
1055 hdr->addr = __addr(s->initiator, 0);
1056 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1057 hdr->len = __len8(sizeof(*mcc));
1058
1059 mcc = (void *) ptr; ptr += sizeof(*mcc);
1060 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1061 mcc->len = __len8(0);
1062
1063 *ptr = __fcs(buf); ptr++;
1064
1065 return rfcomm_send_frame(s, buf, ptr - buf);
1066 }
1067
1068 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1069 {
1070 struct socket *sock = s->sock;
1071 struct kvec iv[3];
1072 struct msghdr msg;
1073 unsigned char hdr[5], crc[1];
1074
1075 if (len > 125)
1076 return -EINVAL;
1077
1078 BT_DBG("%p cr %d", s, cr);
1079
1080 hdr[0] = __addr(s->initiator, 0);
1081 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1082 hdr[2] = 0x01 | ((len + 2) << 1);
1083 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1084 hdr[4] = 0x01 | (len << 1);
1085
1086 crc[0] = __fcs(hdr);
1087
1088 iv[0].iov_base = hdr;
1089 iv[0].iov_len = 5;
1090 iv[1].iov_base = pattern;
1091 iv[1].iov_len = len;
1092 iv[2].iov_base = crc;
1093 iv[2].iov_len = 1;
1094
1095 memset(&msg, 0, sizeof(msg));
1096
1097 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1098 }
1099
1100 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1101 {
1102 struct rfcomm_hdr *hdr;
1103 u8 buf[16], *ptr = buf;
1104
1105 BT_DBG("%p addr %d credits %d", s, addr, credits);
1106
1107 hdr = (void *) ptr; ptr += sizeof(*hdr);
1108 hdr->addr = addr;
1109 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1110 hdr->len = __len8(0);
1111
1112 *ptr = credits; ptr++;
1113
1114 *ptr = __fcs(buf); ptr++;
1115
1116 return rfcomm_send_frame(s, buf, ptr - buf);
1117 }
1118
1119 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1120 {
1121 struct rfcomm_hdr *hdr;
1122 int len = skb->len;
1123 u8 *crc;
1124
1125 if (len > 127) {
1126 hdr = (void *) skb_push(skb, 4);
1127 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1128 } else {
1129 hdr = (void *) skb_push(skb, 3);
1130 hdr->len = __len8(len);
1131 }
1132 hdr->addr = addr;
1133 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1134
1135 crc = skb_put(skb, 1);
1136 *crc = __fcs((void *) hdr);
1137 }
1138
1139 /* ---- RFCOMM frame reception ---- */
1140 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1141 {
1142 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1143
1144 if (dlci) {
1145 /* Data channel */
1146 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1147 if (!d) {
1148 rfcomm_send_dm(s, dlci);
1149 return s;
1150 }
1151
1152 switch (d->state) {
1153 case BT_CONNECT:
1154 rfcomm_dlc_clear_timer(d);
1155
1156 rfcomm_dlc_lock(d);
1157 d->state = BT_CONNECTED;
1158 d->state_change(d, 0);
1159 rfcomm_dlc_unlock(d);
1160
1161 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1162 break;
1163
1164 case BT_DISCONN:
1165 d->state = BT_CLOSED;
1166 __rfcomm_dlc_close(d, 0);
1167
1168 if (list_empty(&s->dlcs)) {
1169 s->state = BT_DISCONN;
1170 rfcomm_send_disc(s, 0);
1171 rfcomm_session_clear_timer(s);
1172 }
1173
1174 break;
1175 }
1176 } else {
1177 /* Control channel */
1178 switch (s->state) {
1179 case BT_CONNECT:
1180 s->state = BT_CONNECTED;
1181 rfcomm_process_connect(s);
1182 break;
1183
1184 case BT_DISCONN:
1185 s = rfcomm_session_close(s, ECONNRESET);
1186 break;
1187 }
1188 }
1189 return s;
1190 }
1191
1192 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1193 {
1194 int err = 0;
1195
1196 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1197
1198 if (dlci) {
1199 /* Data DLC */
1200 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1201 if (d) {
1202 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1203 err = ECONNREFUSED;
1204 else
1205 err = ECONNRESET;
1206
1207 d->state = BT_CLOSED;
1208 __rfcomm_dlc_close(d, err);
1209 }
1210 } else {
1211 if (s->state == BT_CONNECT)
1212 err = ECONNREFUSED;
1213 else
1214 err = ECONNRESET;
1215
1216 s = rfcomm_session_close(s, err);
1217 }
1218 return s;
1219 }
1220
1221 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1222 u8 dlci)
1223 {
1224 int err = 0;
1225
1226 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1227
1228 if (dlci) {
1229 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1230 if (d) {
1231 rfcomm_send_ua(s, dlci);
1232
1233 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1234 err = ECONNREFUSED;
1235 else
1236 err = ECONNRESET;
1237
1238 d->state = BT_CLOSED;
1239 __rfcomm_dlc_close(d, err);
1240 } else
1241 rfcomm_send_dm(s, dlci);
1242
1243 } else {
1244 rfcomm_send_ua(s, 0);
1245
1246 if (s->state == BT_CONNECT)
1247 err = ECONNREFUSED;
1248 else
1249 err = ECONNRESET;
1250
1251 s = rfcomm_session_close(s, err);
1252 }
1253 return s;
1254 }
1255
1256 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1257 {
1258 struct sock *sk = d->session->sock->sk;
1259 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1260
1261 BT_DBG("dlc %p", d);
1262
1263 rfcomm_send_ua(d->session, d->dlci);
1264
1265 rfcomm_dlc_clear_timer(d);
1266
1267 rfcomm_dlc_lock(d);
1268 d->state = BT_CONNECTED;
1269 d->state_change(d, 0);
1270 rfcomm_dlc_unlock(d);
1271
1272 if (d->role_switch)
1273 hci_conn_switch_role(conn->hcon, 0x00);
1274
1275 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1276 }
1277
1278 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1279 {
1280 if (rfcomm_check_security(d)) {
1281 if (d->defer_setup) {
1282 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1283 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1284
1285 rfcomm_dlc_lock(d);
1286 d->state = BT_CONNECT2;
1287 d->state_change(d, 0);
1288 rfcomm_dlc_unlock(d);
1289 } else
1290 rfcomm_dlc_accept(d);
1291 } else {
1292 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1293 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1294 }
1295 }
1296
1297 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1298 {
1299 struct rfcomm_dlc *d;
1300 u8 channel;
1301
1302 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1303
1304 if (!dlci) {
1305 rfcomm_send_ua(s, 0);
1306
1307 if (s->state == BT_OPEN) {
1308 s->state = BT_CONNECTED;
1309 rfcomm_process_connect(s);
1310 }
1311 return 0;
1312 }
1313
1314 /* Check if DLC exists */
1315 d = rfcomm_dlc_get(s, dlci);
1316 if (d) {
1317 if (d->state == BT_OPEN) {
1318 /* DLC was previously opened by PN request */
1319 rfcomm_check_accept(d);
1320 }
1321 return 0;
1322 }
1323
1324 /* Notify socket layer about incoming connection */
1325 channel = __srv_channel(dlci);
1326 if (rfcomm_connect_ind(s, channel, &d)) {
1327 d->dlci = dlci;
1328 d->addr = __addr(s->initiator, dlci);
1329 rfcomm_dlc_link(s, d);
1330
1331 rfcomm_check_accept(d);
1332 } else {
1333 rfcomm_send_dm(s, dlci);
1334 }
1335
1336 return 0;
1337 }
1338
1339 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1340 {
1341 struct rfcomm_session *s = d->session;
1342
1343 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1344 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1345
1346 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1347 pn->flow_ctrl == 0xe0) {
1348 d->cfc = RFCOMM_CFC_ENABLED;
1349 d->tx_credits = pn->credits;
1350 } else {
1351 d->cfc = RFCOMM_CFC_DISABLED;
1352 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1353 }
1354
1355 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1356 s->cfc = d->cfc;
1357
1358 d->priority = pn->priority;
1359
1360 d->mtu = __le16_to_cpu(pn->mtu);
1361
1362 if (cr && d->mtu > s->mtu)
1363 d->mtu = s->mtu;
1364
1365 return 0;
1366 }
1367
1368 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1369 {
1370 struct rfcomm_pn *pn = (void *) skb->data;
1371 struct rfcomm_dlc *d;
1372 u8 dlci = pn->dlci;
1373
1374 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1375
1376 if (!dlci)
1377 return 0;
1378
1379 d = rfcomm_dlc_get(s, dlci);
1380 if (d) {
1381 if (cr) {
1382 /* PN request */
1383 rfcomm_apply_pn(d, cr, pn);
1384 rfcomm_send_pn(s, 0, d);
1385 } else {
1386 /* PN response */
1387 switch (d->state) {
1388 case BT_CONFIG:
1389 rfcomm_apply_pn(d, cr, pn);
1390
1391 d->state = BT_CONNECT;
1392 rfcomm_send_sabm(s, d->dlci);
1393 break;
1394 }
1395 }
1396 } else {
1397 u8 channel = __srv_channel(dlci);
1398
1399 if (!cr)
1400 return 0;
1401
1402 /* PN request for non existing DLC.
1403 * Assume incoming connection. */
1404 if (rfcomm_connect_ind(s, channel, &d)) {
1405 d->dlci = dlci;
1406 d->addr = __addr(s->initiator, dlci);
1407 rfcomm_dlc_link(s, d);
1408
1409 rfcomm_apply_pn(d, cr, pn);
1410
1411 d->state = BT_OPEN;
1412 rfcomm_send_pn(s, 0, d);
1413 } else {
1414 rfcomm_send_dm(s, dlci);
1415 }
1416 }
1417 return 0;
1418 }
1419
1420 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1421 {
1422 struct rfcomm_rpn *rpn = (void *) skb->data;
1423 u8 dlci = __get_dlci(rpn->dlci);
1424
1425 u8 bit_rate = 0;
1426 u8 data_bits = 0;
1427 u8 stop_bits = 0;
1428 u8 parity = 0;
1429 u8 flow_ctrl = 0;
1430 u8 xon_char = 0;
1431 u8 xoff_char = 0;
1432 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1433
1434 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1435 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1436 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1437
1438 if (!cr)
1439 return 0;
1440
1441 if (len == 1) {
1442 /* This is a request, return default (according to ETSI TS 07.10) settings */
1443 bit_rate = RFCOMM_RPN_BR_9600;
1444 data_bits = RFCOMM_RPN_DATA_8;
1445 stop_bits = RFCOMM_RPN_STOP_1;
1446 parity = RFCOMM_RPN_PARITY_NONE;
1447 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1448 xon_char = RFCOMM_RPN_XON_CHAR;
1449 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1450 goto rpn_out;
1451 }
1452
1453 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1454 * no parity, no flow control lines, normal XON/XOFF chars */
1455
1456 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1457 bit_rate = rpn->bit_rate;
1458 if (bit_rate > RFCOMM_RPN_BR_230400) {
1459 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1460 bit_rate = RFCOMM_RPN_BR_9600;
1461 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1462 }
1463 }
1464
1465 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1466 data_bits = __get_rpn_data_bits(rpn->line_settings);
1467 if (data_bits != RFCOMM_RPN_DATA_8) {
1468 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1469 data_bits = RFCOMM_RPN_DATA_8;
1470 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1471 }
1472 }
1473
1474 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1475 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1476 if (stop_bits != RFCOMM_RPN_STOP_1) {
1477 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1478 stop_bits = RFCOMM_RPN_STOP_1;
1479 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1480 }
1481 }
1482
1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1484 parity = __get_rpn_parity(rpn->line_settings);
1485 if (parity != RFCOMM_RPN_PARITY_NONE) {
1486 BT_DBG("RPN parity mismatch 0x%x", parity);
1487 parity = RFCOMM_RPN_PARITY_NONE;
1488 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1489 }
1490 }
1491
1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1493 flow_ctrl = rpn->flow_ctrl;
1494 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1495 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1496 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1497 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1498 }
1499 }
1500
1501 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1502 xon_char = rpn->xon_char;
1503 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1504 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1505 xon_char = RFCOMM_RPN_XON_CHAR;
1506 rpn_mask ^= RFCOMM_RPN_PM_XON;
1507 }
1508 }
1509
1510 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1511 xoff_char = rpn->xoff_char;
1512 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1513 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1514 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1515 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1516 }
1517 }
1518
1519 rpn_out:
1520 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1521 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1522
1523 return 0;
1524 }
1525
1526 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1527 {
1528 struct rfcomm_rls *rls = (void *) skb->data;
1529 u8 dlci = __get_dlci(rls->dlci);
1530
1531 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1532
1533 if (!cr)
1534 return 0;
1535
1536 /* We should probably do something with this information here. But
1537 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1538 * mandatory to recognise and respond to RLS */
1539
1540 rfcomm_send_rls(s, 0, dlci, rls->status);
1541
1542 return 0;
1543 }
1544
1545 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1546 {
1547 struct rfcomm_msc *msc = (void *) skb->data;
1548 struct rfcomm_dlc *d;
1549 u8 dlci = __get_dlci(msc->dlci);
1550
1551 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1552
1553 d = rfcomm_dlc_get(s, dlci);
1554 if (!d)
1555 return 0;
1556
1557 if (cr) {
1558 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1559 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1560 else
1561 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1562
1563 rfcomm_dlc_lock(d);
1564
1565 d->remote_v24_sig = msc->v24_sig;
1566
1567 if (d->modem_status)
1568 d->modem_status(d, msc->v24_sig);
1569
1570 rfcomm_dlc_unlock(d);
1571
1572 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1573
1574 d->mscex |= RFCOMM_MSCEX_RX;
1575 } else
1576 d->mscex |= RFCOMM_MSCEX_TX;
1577
1578 return 0;
1579 }
1580
1581 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1582 {
1583 struct rfcomm_mcc *mcc = (void *) skb->data;
1584 u8 type, cr, len;
1585
1586 cr = __test_cr(mcc->type);
1587 type = __get_mcc_type(mcc->type);
1588 len = __get_mcc_len(mcc->len);
1589
1590 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1591
1592 skb_pull(skb, 2);
1593
1594 switch (type) {
1595 case RFCOMM_PN:
1596 rfcomm_recv_pn(s, cr, skb);
1597 break;
1598
1599 case RFCOMM_RPN:
1600 rfcomm_recv_rpn(s, cr, len, skb);
1601 break;
1602
1603 case RFCOMM_RLS:
1604 rfcomm_recv_rls(s, cr, skb);
1605 break;
1606
1607 case RFCOMM_MSC:
1608 rfcomm_recv_msc(s, cr, skb);
1609 break;
1610
1611 case RFCOMM_FCOFF:
1612 if (cr) {
1613 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1614 rfcomm_send_fcoff(s, 0);
1615 }
1616 break;
1617
1618 case RFCOMM_FCON:
1619 if (cr) {
1620 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1621 rfcomm_send_fcon(s, 0);
1622 }
1623 break;
1624
1625 case RFCOMM_TEST:
1626 if (cr)
1627 rfcomm_send_test(s, 0, skb->data, skb->len);
1628 break;
1629
1630 case RFCOMM_NSC:
1631 break;
1632
1633 default:
1634 BT_ERR("Unknown control type 0x%02x", type);
1635 rfcomm_send_nsc(s, cr, type);
1636 break;
1637 }
1638 return 0;
1639 }
1640
1641 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1642 {
1643 struct rfcomm_dlc *d;
1644
1645 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1646
1647 d = rfcomm_dlc_get(s, dlci);
1648 if (!d) {
1649 rfcomm_send_dm(s, dlci);
1650 goto drop;
1651 }
1652
1653 if (pf && d->cfc) {
1654 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1655
1656 d->tx_credits += credits;
1657 if (d->tx_credits)
1658 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1659 }
1660
1661 if (skb->len && d->state == BT_CONNECTED) {
1662 rfcomm_dlc_lock(d);
1663 d->rx_credits--;
1664 d->data_ready(d, skb);
1665 rfcomm_dlc_unlock(d);
1666 return 0;
1667 }
1668
1669 drop:
1670 kfree_skb(skb);
1671 return 0;
1672 }
1673
1674 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1675 struct sk_buff *skb)
1676 {
1677 struct rfcomm_hdr *hdr = (void *) skb->data;
1678 u8 type, dlci, fcs;
1679
1680 if (!s) {
1681 /* no session, so free socket data */
1682 kfree_skb(skb);
1683 return s;
1684 }
1685
1686 dlci = __get_dlci(hdr->addr);
1687 type = __get_type(hdr->ctrl);
1688
1689 /* Trim FCS */
1690 skb->len--; skb->tail--;
1691 fcs = *(u8 *)skb_tail_pointer(skb);
1692
1693 if (__check_fcs(skb->data, type, fcs)) {
1694 BT_ERR("bad checksum in packet");
1695 kfree_skb(skb);
1696 return s;
1697 }
1698
1699 if (__test_ea(hdr->len))
1700 skb_pull(skb, 3);
1701 else
1702 skb_pull(skb, 4);
1703
1704 switch (type) {
1705 case RFCOMM_SABM:
1706 if (__test_pf(hdr->ctrl))
1707 rfcomm_recv_sabm(s, dlci);
1708 break;
1709
1710 case RFCOMM_DISC:
1711 if (__test_pf(hdr->ctrl))
1712 s = rfcomm_recv_disc(s, dlci);
1713 break;
1714
1715 case RFCOMM_UA:
1716 if (__test_pf(hdr->ctrl))
1717 s = rfcomm_recv_ua(s, dlci);
1718 break;
1719
1720 case RFCOMM_DM:
1721 s = rfcomm_recv_dm(s, dlci);
1722 break;
1723
1724 case RFCOMM_UIH:
1725 if (dlci) {
1726 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1727 return s;
1728 }
1729 rfcomm_recv_mcc(s, skb);
1730 break;
1731
1732 default:
1733 BT_ERR("Unknown packet type 0x%02x", type);
1734 break;
1735 }
1736 kfree_skb(skb);
1737 return s;
1738 }
1739
1740 /* ---- Connection and data processing ---- */
1741
1742 static void rfcomm_process_connect(struct rfcomm_session *s)
1743 {
1744 struct rfcomm_dlc *d;
1745 struct list_head *p, *n;
1746
1747 BT_DBG("session %p state %ld", s, s->state);
1748
1749 list_for_each_safe(p, n, &s->dlcs) {
1750 d = list_entry(p, struct rfcomm_dlc, list);
1751 if (d->state == BT_CONFIG) {
1752 d->mtu = s->mtu;
1753 if (rfcomm_check_security(d)) {
1754 rfcomm_send_pn(s, 1, d);
1755 } else {
1756 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1757 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1758 }
1759 }
1760 }
1761 }
1762
1763 /* Send data queued for the DLC.
1764 * Return number of frames left in the queue.
1765 */
1766 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1767 {
1768 struct sk_buff *skb;
1769 int err;
1770
1771 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1772 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1773
1774 /* Send pending MSC */
1775 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1776 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1777
1778 if (d->cfc) {
1779 /* CFC enabled.
1780 * Give them some credits */
1781 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1782 d->rx_credits <= (d->cfc >> 2)) {
1783 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1784 d->rx_credits = d->cfc;
1785 }
1786 } else {
1787 /* CFC disabled.
1788 * Give ourselves some credits */
1789 d->tx_credits = 5;
1790 }
1791
1792 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1793 return skb_queue_len(&d->tx_queue);
1794
1795 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1796 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1797 if (err < 0) {
1798 skb_queue_head(&d->tx_queue, skb);
1799 break;
1800 }
1801 kfree_skb(skb);
1802 d->tx_credits--;
1803 }
1804
1805 if (d->cfc && !d->tx_credits) {
1806 /* We're out of TX credits.
1807 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1808 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1809 }
1810
1811 return skb_queue_len(&d->tx_queue);
1812 }
1813
1814 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1815 {
1816 struct rfcomm_dlc *d;
1817 struct list_head *p, *n;
1818
1819 BT_DBG("session %p state %ld", s, s->state);
1820
1821 list_for_each_safe(p, n, &s->dlcs) {
1822 d = list_entry(p, struct rfcomm_dlc, list);
1823
1824 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1825 __rfcomm_dlc_close(d, ETIMEDOUT);
1826 continue;
1827 }
1828
1829 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1830 __rfcomm_dlc_close(d, ECONNREFUSED);
1831 continue;
1832 }
1833
1834 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1835 rfcomm_dlc_clear_timer(d);
1836 if (d->out) {
1837 rfcomm_send_pn(s, 1, d);
1838 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1839 } else {
1840 if (d->defer_setup) {
1841 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1842 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1843
1844 rfcomm_dlc_lock(d);
1845 d->state = BT_CONNECT2;
1846 d->state_change(d, 0);
1847 rfcomm_dlc_unlock(d);
1848 } else
1849 rfcomm_dlc_accept(d);
1850 }
1851 continue;
1852 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1853 rfcomm_dlc_clear_timer(d);
1854 if (!d->out)
1855 rfcomm_send_dm(s, d->dlci);
1856 else
1857 d->state = BT_CLOSED;
1858 __rfcomm_dlc_close(d, ECONNREFUSED);
1859 continue;
1860 }
1861
1862 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1863 continue;
1864
1865 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1866 continue;
1867
1868 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1869 d->mscex == RFCOMM_MSCEX_OK)
1870 rfcomm_process_tx(d);
1871 }
1872 }
1873
1874 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1875 {
1876 struct socket *sock = s->sock;
1877 struct sock *sk = sock->sk;
1878 struct sk_buff *skb;
1879
1880 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1881
1882 /* Get data directly from socket receive queue without copying it. */
1883 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1884 skb_orphan(skb);
1885 if (!skb_linearize(skb))
1886 s = rfcomm_recv_frame(s, skb);
1887 else
1888 kfree_skb(skb);
1889 }
1890
1891 if (s && (sk->sk_state == BT_CLOSED))
1892 s = rfcomm_session_close(s, sk->sk_err);
1893
1894 return s;
1895 }
1896
1897 static void rfcomm_accept_connection(struct rfcomm_session *s)
1898 {
1899 struct socket *sock = s->sock, *nsock;
1900 int err;
1901
1902 /* Fast check for a new connection.
1903 * Avoids unnesesary socket allocations. */
1904 if (list_empty(&bt_sk(sock->sk)->accept_q))
1905 return;
1906
1907 BT_DBG("session %p", s);
1908
1909 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1910 if (err < 0)
1911 return;
1912
1913 /* Set our callbacks */
1914 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1915 nsock->sk->sk_state_change = rfcomm_l2state_change;
1916
1917 s = rfcomm_session_add(nsock, BT_OPEN);
1918 if (s) {
1919 /* We should adjust MTU on incoming sessions.
1920 * L2CAP MTU minus UIH header and FCS. */
1921 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1922 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1923
1924 rfcomm_schedule();
1925 } else
1926 sock_release(nsock);
1927 }
1928
1929 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1930 {
1931 struct sock *sk = s->sock->sk;
1932
1933 BT_DBG("%p state %ld", s, s->state);
1934
1935 switch (sk->sk_state) {
1936 case BT_CONNECTED:
1937 s->state = BT_CONNECT;
1938
1939 /* We can adjust MTU on outgoing sessions.
1940 * L2CAP MTU minus UIH header and FCS. */
1941 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1942
1943 rfcomm_send_sabm(s, 0);
1944 break;
1945
1946 case BT_CLOSED:
1947 s = rfcomm_session_close(s, sk->sk_err);
1948 break;
1949 }
1950 return s;
1951 }
1952
1953 static void rfcomm_process_sessions(void)
1954 {
1955 struct list_head *p, *n;
1956
1957 rfcomm_lock();
1958
1959 list_for_each_safe(p, n, &session_list) {
1960 struct rfcomm_session *s;
1961 s = list_entry(p, struct rfcomm_session, list);
1962
1963 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1964 s->state = BT_DISCONN;
1965 rfcomm_send_disc(s, 0);
1966 continue;
1967 }
1968
1969 switch (s->state) {
1970 case BT_LISTEN:
1971 rfcomm_accept_connection(s);
1972 continue;
1973
1974 case BT_BOUND:
1975 s = rfcomm_check_connection(s);
1976 break;
1977
1978 default:
1979 s = rfcomm_process_rx(s);
1980 break;
1981 }
1982
1983 if (s)
1984 rfcomm_process_dlcs(s);
1985 }
1986
1987 rfcomm_unlock();
1988 }
1989
1990 static int rfcomm_add_listener(bdaddr_t *ba)
1991 {
1992 struct sockaddr_l2 addr;
1993 struct socket *sock;
1994 struct sock *sk;
1995 struct rfcomm_session *s;
1996 int err = 0;
1997
1998 /* Create socket */
1999 err = rfcomm_l2sock_create(&sock);
2000 if (err < 0) {
2001 BT_ERR("Create socket failed %d", err);
2002 return err;
2003 }
2004
2005 /* Bind socket */
2006 bacpy(&addr.l2_bdaddr, ba);
2007 addr.l2_family = AF_BLUETOOTH;
2008 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
2009 addr.l2_cid = 0;
2010 addr.l2_bdaddr_type = BDADDR_BREDR;
2011 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2012 if (err < 0) {
2013 BT_ERR("Bind failed %d", err);
2014 goto failed;
2015 }
2016
2017 /* Set L2CAP options */
2018 sk = sock->sk;
2019 lock_sock(sk);
2020 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2021 release_sock(sk);
2022
2023 /* Start listening on the socket */
2024 err = kernel_listen(sock, 10);
2025 if (err) {
2026 BT_ERR("Listen failed %d", err);
2027 goto failed;
2028 }
2029
2030 /* Add listening session */
2031 s = rfcomm_session_add(sock, BT_LISTEN);
2032 if (!s) {
2033 err = -ENOMEM;
2034 goto failed;
2035 }
2036
2037 return 0;
2038 failed:
2039 sock_release(sock);
2040 return err;
2041 }
2042
2043 static void rfcomm_kill_listener(void)
2044 {
2045 struct rfcomm_session *s;
2046 struct list_head *p, *n;
2047
2048 BT_DBG("");
2049
2050 list_for_each_safe(p, n, &session_list) {
2051 s = list_entry(p, struct rfcomm_session, list);
2052 rfcomm_session_del(s);
2053 }
2054 }
2055
2056 static int rfcomm_run(void *unused)
2057 {
2058 BT_DBG("");
2059
2060 set_user_nice(current, -10);
2061
2062 rfcomm_add_listener(BDADDR_ANY);
2063
2064 while (1) {
2065 set_current_state(TASK_INTERRUPTIBLE);
2066
2067 if (kthread_should_stop())
2068 break;
2069
2070 /* Process stuff */
2071 rfcomm_process_sessions();
2072
2073 schedule();
2074 }
2075 __set_current_state(TASK_RUNNING);
2076
2077 rfcomm_kill_listener();
2078
2079 return 0;
2080 }
2081
2082 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2083 {
2084 struct rfcomm_session *s;
2085 struct rfcomm_dlc *d;
2086 struct list_head *p, *n;
2087
2088 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2089
2090 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2091 if (!s)
2092 return;
2093
2094 list_for_each_safe(p, n, &s->dlcs) {
2095 d = list_entry(p, struct rfcomm_dlc, list);
2096
2097 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2098 rfcomm_dlc_clear_timer(d);
2099 if (status || encrypt == 0x00) {
2100 set_bit(RFCOMM_ENC_DROP, &d->flags);
2101 continue;
2102 }
2103 }
2104
2105 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2106 if (d->sec_level == BT_SECURITY_MEDIUM) {
2107 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2108 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2109 continue;
2110 } else if (d->sec_level == BT_SECURITY_HIGH ||
2111 d->sec_level == BT_SECURITY_FIPS) {
2112 set_bit(RFCOMM_ENC_DROP, &d->flags);
2113 continue;
2114 }
2115 }
2116
2117 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2118 continue;
2119
2120 if (!status && hci_conn_check_secure(conn, d->sec_level))
2121 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2122 else
2123 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2124 }
2125
2126 rfcomm_schedule();
2127 }
2128
2129 static struct hci_cb rfcomm_cb = {
2130 .name = "RFCOMM",
2131 .security_cfm = rfcomm_security_cfm
2132 };
2133
2134 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2135 {
2136 struct rfcomm_session *s;
2137
2138 rfcomm_lock();
2139
2140 list_for_each_entry(s, &session_list, list) {
2141 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2142 struct rfcomm_dlc *d;
2143 list_for_each_entry(d, &s->dlcs, list) {
2144 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2145 &chan->src, &chan->dst,
2146 d->state, d->dlci, d->mtu,
2147 d->rx_credits, d->tx_credits);
2148 }
2149 }
2150
2151 rfcomm_unlock();
2152
2153 return 0;
2154 }
2155
2156 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2157 {
2158 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2159 }
2160
2161 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2162 .open = rfcomm_dlc_debugfs_open,
2163 .read = seq_read,
2164 .llseek = seq_lseek,
2165 .release = single_release,
2166 };
2167
2168 static struct dentry *rfcomm_dlc_debugfs;
2169
2170 /* ---- Initialization ---- */
2171 static int __init rfcomm_init(void)
2172 {
2173 int err;
2174
2175 hci_register_cb(&rfcomm_cb);
2176
2177 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2178 if (IS_ERR(rfcomm_thread)) {
2179 err = PTR_ERR(rfcomm_thread);
2180 goto unregister;
2181 }
2182
2183 err = rfcomm_init_ttys();
2184 if (err < 0)
2185 goto stop;
2186
2187 err = rfcomm_init_sockets();
2188 if (err < 0)
2189 goto cleanup;
2190
2191 BT_INFO("RFCOMM ver %s", VERSION);
2192
2193 if (IS_ERR_OR_NULL(bt_debugfs))
2194 return 0;
2195
2196 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2197 bt_debugfs, NULL,
2198 &rfcomm_dlc_debugfs_fops);
2199
2200 return 0;
2201
2202 cleanup:
2203 rfcomm_cleanup_ttys();
2204
2205 stop:
2206 kthread_stop(rfcomm_thread);
2207
2208 unregister:
2209 hci_unregister_cb(&rfcomm_cb);
2210
2211 return err;
2212 }
2213
2214 static void __exit rfcomm_exit(void)
2215 {
2216 debugfs_remove(rfcomm_dlc_debugfs);
2217
2218 hci_unregister_cb(&rfcomm_cb);
2219
2220 kthread_stop(rfcomm_thread);
2221
2222 rfcomm_cleanup_ttys();
2223
2224 rfcomm_cleanup_sockets();
2225 }
2226
2227 module_init(rfcomm_init);
2228 module_exit(rfcomm_exit);
2229
2230 module_param(disable_cfc, bool, 0644);
2231 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2232
2233 module_param(channel_mtu, int, 0644);
2234 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2235
2236 module_param(l2cap_mtu, uint, 0644);
2237 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2238
2239 module_param(l2cap_ertm, bool, 0644);
2240 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2241
2242 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2243 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2244 MODULE_VERSION(VERSION);
2245 MODULE_LICENSE("GPL");
2246 MODULE_ALIAS("bt-proto-3");
Linux kernel - Deliverables
This page took 0.12455 seconds and 5 git commands to generate.