projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of git://git.infradead.org/users/pcmoore/selinux into next
[deliverable/linux.git] / net / bluetooth / rfcomm / core.c
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define VERSION "1.11"
39
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45 static struct task_struct *rfcomm_thread;
46
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52 static LIST_HEAD(session_list);
53
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65 static void rfcomm_process_connect(struct rfcomm_session *s);
66
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
79
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
83
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
89
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
92
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
103
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
110
111 /* ---- RFCOMM FCS computation ---- */
112
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154 };
155
156 /* CRC on 2 bytes */
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
159 /* FCS on 2 bytes */
160 static inline u8 __fcs(u8 *data)
161 {
162 return 0xff - __crc(data);
163 }
164
165 /* FCS on 3 bytes */
166 static inline u8 __fcs2(u8 *data)
167 {
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
169 }
170
171 /* Check FCS */
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
173 {
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 }
181
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
184 {
185 BT_DBG("%p state %d", sk, sk->sk_state);
186 rfcomm_schedule();
187 }
188
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190 {
191 BT_DBG("%p bytes %d", sk, bytes);
192 rfcomm_schedule();
193 }
194
195 static int rfcomm_l2sock_create(struct socket **sock)
196 {
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208 }
209
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
211 {
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 break;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
223 break;
224 default:
225 auth_type = HCI_AT_NO_BONDING;
226 break;
227 }
228
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
230 }
231
232 static void rfcomm_session_timeout(unsigned long arg)
233 {
234 struct rfcomm_session *s = (void *) arg;
235
236 BT_DBG("session %p state %ld", s, s->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
239 rfcomm_schedule();
240 }
241
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
243 {
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
245
246 mod_timer(&s->timer, jiffies + timeout);
247 }
248
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
250 {
251 BT_DBG("session %p state %ld", s, s->state);
252
253 del_timer_sync(&s->timer);
254 }
255
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
258 {
259 struct rfcomm_dlc *d = (void *) arg;
260
261 BT_DBG("dlc %p state %ld", d, d->state);
262
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
264 rfcomm_dlc_put(d);
265 rfcomm_schedule();
266 }
267
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
269 {
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
271
272 if (!mod_timer(&d->timer, jiffies + timeout))
273 rfcomm_dlc_hold(d);
274 }
275
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
277 {
278 BT_DBG("dlc %p state %ld", d, d->state);
279
280 if (del_timer(&d->timer))
281 rfcomm_dlc_put(d);
282 }
283
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
285 {
286 BT_DBG("%p", d);
287
288 d->state = BT_OPEN;
289 d->flags = 0;
290 d->mscex = 0;
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
294
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
297 }
298
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
300 {
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
302
303 if (!d)
304 return NULL;
305
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
307
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
311
312 rfcomm_dlc_clear_state(d);
313
314 BT_DBG("%p", d);
315
316 return d;
317 }
318
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
320 {
321 BT_DBG("%p", d);
322
323 skb_queue_purge(&d->tx_queue);
324 kfree(d);
325 }
326
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
328 {
329 BT_DBG("dlc %p session %p", d, s);
330
331 rfcomm_session_clear_timer(s);
332 rfcomm_dlc_hold(d);
333 list_add(&d->list, &s->dlcs);
334 d->session = s;
335 }
336
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
338 {
339 struct rfcomm_session *s = d->session;
340
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342
343 list_del(&d->list);
344 d->session = NULL;
345 rfcomm_dlc_put(d);
346
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
349 }
350
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
352 {
353 struct rfcomm_dlc *d;
354
355 list_for_each_entry(d, &s->dlcs, list)
356 if (d->dlci == dlci)
357 return d;
358
359 return NULL;
360 }
361
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
363 {
364 struct rfcomm_session *s;
365 int err = 0;
366 u8 dlci;
367
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
370
371 if (channel < 1 || channel > 30)
372 return -EINVAL;
373
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
375 return 0;
376
377 s = rfcomm_session_get(src, dst);
378 if (!s) {
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
380 if (!s)
381 return err;
382 }
383
384 dlci = __dlci(!s->initiator, channel);
385
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
388 return -EBUSY;
389
390 rfcomm_dlc_clear_state(d);
391
392 d->dlci = dlci;
393 d->addr = __addr(s->initiator, dlci);
394 d->priority = 7;
395
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
398
399 d->out = 1;
400
401 d->mtu = s->mtu;
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
403
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
407 else
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
409 }
410
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
412
413 return 0;
414 }
415
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
417 {
418 int r;
419
420 rfcomm_lock();
421
422 r = __rfcomm_dlc_open(d, src, dst, channel);
423
424 rfcomm_unlock();
425 return r;
426 }
427
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
429 {
430 struct rfcomm_session *s = d->session;
431 if (!s)
432 return 0;
433
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
436
437 switch (d->state) {
438 case BT_CONNECT:
439 case BT_CONFIG:
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
442 rfcomm_schedule();
443 break;
444 }
445 /* Fall through */
446
447 case BT_CONNECTED:
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
452 } else {
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
455 }
456 break;
457
458 case BT_OPEN:
459 case BT_CONNECT2:
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
462 rfcomm_schedule();
463 break;
464 }
465 /* Fall through */
466
467 default:
468 rfcomm_dlc_clear_timer(d);
469
470 rfcomm_dlc_lock(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
474
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
477 }
478
479 return 0;
480 }
481
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
483 {
484 int r = 0;
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
487
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
489
490 rfcomm_lock();
491
492 s = d->session;
493 if (!s)
494 goto no_session;
495
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
498 */
499 list_for_each_entry(s_list, &session_list, list) {
500 if (s_list == s) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
502 if (d_list == d) {
503 r = __rfcomm_dlc_close(d, err);
504 break;
505 }
506 }
507 break;
508 }
509 }
510
511 no_session:
512 rfcomm_unlock();
513 return r;
514 }
515
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
517 {
518 int len = skb->len;
519
520 if (d->state != BT_CONNECTED)
521 return -ENOTCONN;
522
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
524
525 if (len > d->mtu)
526 return -EINVAL;
527
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
530
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
532 rfcomm_schedule();
533 return len;
534 }
535
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
537 {
538 BT_DBG("dlc %p state %ld", d, d->state);
539
540 if (!d->cfc) {
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
544 rfcomm_schedule();
545 }
546
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
548 {
549 BT_DBG("dlc %p state %ld", d, d->state);
550
551 if (!d->cfc) {
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
554 }
555 rfcomm_schedule();
556 }
557
558 /*
559 Set/get modem status functions use _local_ status i.e. what we report
560 to the other side.
561 Remote status is provided by dlc->modem_status() callback.
562 */
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564 {
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
567
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
570 else
571 v24_sig &= ~RFCOMM_V24_FC;
572
573 d->v24_sig = v24_sig;
574
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
576 rfcomm_schedule();
577
578 return 0;
579 }
580
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582 {
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
585
586 *v24_sig = d->v24_sig;
587 return 0;
588 }
589
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592 {
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
594
595 if (!s)
596 return NULL;
597
598 BT_DBG("session %p sock %p", s, sock);
599
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601
602 INIT_LIST_HEAD(&s->dlcs);
603 s->state = state;
604 s->sock = sock;
605
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
608
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
613 kfree(s);
614 return NULL;
615 }
616
617 list_add(&s->list, &session_list);
618
619 return s;
620 }
621
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
623 {
624 int state = s->state;
625
626 BT_DBG("session %p state %ld", s, s->state);
627
628 list_del(&s->list);
629
630 rfcomm_session_clear_timer(s);
631 sock_release(s->sock);
632 kfree(s);
633
634 if (state != BT_LISTEN)
635 module_put(THIS_MODULE);
636
637 return NULL;
638 }
639
640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
641 {
642 struct rfcomm_session *s;
643 struct list_head *p, *n;
644 struct l2cap_chan *chan;
645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list);
647 chan = l2cap_pi(s->sock->sk)->chan;
648
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
650 !bacmp(&chan->dst, dst))
651 return s;
652 }
653 return NULL;
654 }
655
656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
657 int err)
658 {
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
661
662 s->state = BT_CLOSED;
663
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
665
666 /* Close all dlcs */
667 list_for_each_safe(p, n, &s->dlcs) {
668 d = list_entry(p, struct rfcomm_dlc, list);
669 d->state = BT_CLOSED;
670 __rfcomm_dlc_close(d, err);
671 }
672
673 rfcomm_session_clear_timer(s);
674 return rfcomm_session_del(s);
675 }
676
677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
678 bdaddr_t *dst,
679 u8 sec_level,
680 int *err)
681 {
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
684 struct socket *sock;
685 struct sock *sk;
686
687 BT_DBG("%pMR -> %pMR", src, dst);
688
689 *err = rfcomm_l2sock_create(&sock);
690 if (*err < 0)
691 return NULL;
692
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0;
696 addr.l2_cid = 0;
697 addr.l2_bdaddr_type = BDADDR_BREDR;
698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
699 if (*err < 0)
700 goto failed;
701
702 /* Set L2CAP options */
703 sk = sock->sk;
704 lock_sock(sk);
705 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
706 l2cap_pi(sk)->chan->sec_level = sec_level;
707 if (l2cap_ertm)
708 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
709 release_sock(sk);
710
711 s = rfcomm_session_add(sock, BT_BOUND);
712 if (!s) {
713 *err = -ENOMEM;
714 goto failed;
715 }
716
717 s->initiator = 1;
718
719 bacpy(&addr.l2_bdaddr, dst);
720 addr.l2_family = AF_BLUETOOTH;
721 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
722 addr.l2_cid = 0;
723 addr.l2_bdaddr_type = BDADDR_BREDR;
724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
725 if (*err == 0 || *err == -EINPROGRESS)
726 return s;
727
728 return rfcomm_session_del(s);
729
730 failed:
731 sock_release(sock);
732 return NULL;
733 }
734
735 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
736 {
737 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
738 if (src)
739 bacpy(src, &chan->src);
740 if (dst)
741 bacpy(dst, &chan->dst);
742 }
743
744 /* ---- RFCOMM frame sending ---- */
745 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
746 {
747 struct kvec iv = { data, len };
748 struct msghdr msg;
749
750 BT_DBG("session %p len %d", s, len);
751
752 memset(&msg, 0, sizeof(msg));
753
754 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
755 }
756
757 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
758 {
759 BT_DBG("%p cmd %u", s, cmd->ctrl);
760
761 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
762 }
763
764 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
765 {
766 struct rfcomm_cmd cmd;
767
768 BT_DBG("%p dlci %d", s, dlci);
769
770 cmd.addr = __addr(s->initiator, dlci);
771 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
772 cmd.len = __len8(0);
773 cmd.fcs = __fcs2((u8 *) &cmd);
774
775 return rfcomm_send_cmd(s, &cmd);
776 }
777
778 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
779 {
780 struct rfcomm_cmd cmd;
781
782 BT_DBG("%p dlci %d", s, dlci);
783
784 cmd.addr = __addr(!s->initiator, dlci);
785 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
786 cmd.len = __len8(0);
787 cmd.fcs = __fcs2((u8 *) &cmd);
788
789 return rfcomm_send_cmd(s, &cmd);
790 }
791
792 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
793 {
794 struct rfcomm_cmd cmd;
795
796 BT_DBG("%p dlci %d", s, dlci);
797
798 cmd.addr = __addr(s->initiator, dlci);
799 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
800 cmd.len = __len8(0);
801 cmd.fcs = __fcs2((u8 *) &cmd);
802
803 return rfcomm_send_cmd(s, &cmd);
804 }
805
806 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
807 {
808 struct rfcomm_cmd *cmd;
809 struct sk_buff *skb;
810
811 BT_DBG("dlc %p dlci %d", d, d->dlci);
812
813 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
814 if (!skb)
815 return -ENOMEM;
816
817 cmd = (void *) __skb_put(skb, sizeof(*cmd));
818 cmd->addr = d->addr;
819 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
820 cmd->len = __len8(0);
821 cmd->fcs = __fcs2((u8 *) cmd);
822
823 skb_queue_tail(&d->tx_queue, skb);
824 rfcomm_schedule();
825 return 0;
826 }
827
828 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
829 {
830 struct rfcomm_cmd cmd;
831
832 BT_DBG("%p dlci %d", s, dlci);
833
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
836 cmd.len = __len8(0);
837 cmd.fcs = __fcs2((u8 *) &cmd);
838
839 return rfcomm_send_cmd(s, &cmd);
840 }
841
842 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
843 {
844 struct rfcomm_hdr *hdr;
845 struct rfcomm_mcc *mcc;
846 u8 buf[16], *ptr = buf;
847
848 BT_DBG("%p cr %d type %d", s, cr, type);
849
850 hdr = (void *) ptr; ptr += sizeof(*hdr);
851 hdr->addr = __addr(s->initiator, 0);
852 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
853 hdr->len = __len8(sizeof(*mcc) + 1);
854
855 mcc = (void *) ptr; ptr += sizeof(*mcc);
856 mcc->type = __mcc_type(cr, RFCOMM_NSC);
857 mcc->len = __len8(1);
858
859 /* Type that we didn't like */
860 *ptr = __mcc_type(cr, type); ptr++;
861
862 *ptr = __fcs(buf); ptr++;
863
864 return rfcomm_send_frame(s, buf, ptr - buf);
865 }
866
867 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
868 {
869 struct rfcomm_hdr *hdr;
870 struct rfcomm_mcc *mcc;
871 struct rfcomm_pn *pn;
872 u8 buf[16], *ptr = buf;
873
874 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
875
876 hdr = (void *) ptr; ptr += sizeof(*hdr);
877 hdr->addr = __addr(s->initiator, 0);
878 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
879 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
880
881 mcc = (void *) ptr; ptr += sizeof(*mcc);
882 mcc->type = __mcc_type(cr, RFCOMM_PN);
883 mcc->len = __len8(sizeof(*pn));
884
885 pn = (void *) ptr; ptr += sizeof(*pn);
886 pn->dlci = d->dlci;
887 pn->priority = d->priority;
888 pn->ack_timer = 0;
889 pn->max_retrans = 0;
890
891 if (s->cfc) {
892 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
893 pn->credits = RFCOMM_DEFAULT_CREDITS;
894 } else {
895 pn->flow_ctrl = 0;
896 pn->credits = 0;
897 }
898
899 if (cr && channel_mtu >= 0)
900 pn->mtu = cpu_to_le16(channel_mtu);
901 else
902 pn->mtu = cpu_to_le16(d->mtu);
903
904 *ptr = __fcs(buf); ptr++;
905
906 return rfcomm_send_frame(s, buf, ptr - buf);
907 }
908
909 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
910 u8 bit_rate, u8 data_bits, u8 stop_bits,
911 u8 parity, u8 flow_ctrl_settings,
912 u8 xon_char, u8 xoff_char, u16 param_mask)
913 {
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_rpn *rpn;
917 u8 buf[16], *ptr = buf;
918
919 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
920 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
921 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
922 flow_ctrl_settings, xon_char, xoff_char, param_mask);
923
924 hdr = (void *) ptr; ptr += sizeof(*hdr);
925 hdr->addr = __addr(s->initiator, 0);
926 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
927 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
928
929 mcc = (void *) ptr; ptr += sizeof(*mcc);
930 mcc->type = __mcc_type(cr, RFCOMM_RPN);
931 mcc->len = __len8(sizeof(*rpn));
932
933 rpn = (void *) ptr; ptr += sizeof(*rpn);
934 rpn->dlci = __addr(1, dlci);
935 rpn->bit_rate = bit_rate;
936 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
937 rpn->flow_ctrl = flow_ctrl_settings;
938 rpn->xon_char = xon_char;
939 rpn->xoff_char = xoff_char;
940 rpn->param_mask = cpu_to_le16(param_mask);
941
942 *ptr = __fcs(buf); ptr++;
943
944 return rfcomm_send_frame(s, buf, ptr - buf);
945 }
946
947 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
948 {
949 struct rfcomm_hdr *hdr;
950 struct rfcomm_mcc *mcc;
951 struct rfcomm_rls *rls;
952 u8 buf[16], *ptr = buf;
953
954 BT_DBG("%p cr %d status 0x%x", s, cr, status);
955
956 hdr = (void *) ptr; ptr += sizeof(*hdr);
957 hdr->addr = __addr(s->initiator, 0);
958 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
959 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
960
961 mcc = (void *) ptr; ptr += sizeof(*mcc);
962 mcc->type = __mcc_type(cr, RFCOMM_RLS);
963 mcc->len = __len8(sizeof(*rls));
964
965 rls = (void *) ptr; ptr += sizeof(*rls);
966 rls->dlci = __addr(1, dlci);
967 rls->status = status;
968
969 *ptr = __fcs(buf); ptr++;
970
971 return rfcomm_send_frame(s, buf, ptr - buf);
972 }
973
974 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
975 {
976 struct rfcomm_hdr *hdr;
977 struct rfcomm_mcc *mcc;
978 struct rfcomm_msc *msc;
979 u8 buf[16], *ptr = buf;
980
981 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
982
983 hdr = (void *) ptr; ptr += sizeof(*hdr);
984 hdr->addr = __addr(s->initiator, 0);
985 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
986 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
987
988 mcc = (void *) ptr; ptr += sizeof(*mcc);
989 mcc->type = __mcc_type(cr, RFCOMM_MSC);
990 mcc->len = __len8(sizeof(*msc));
991
992 msc = (void *) ptr; ptr += sizeof(*msc);
993 msc->dlci = __addr(1, dlci);
994 msc->v24_sig = v24_sig | 0x01;
995
996 *ptr = __fcs(buf); ptr++;
997
998 return rfcomm_send_frame(s, buf, ptr - buf);
999 }
1000
1001 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1002 {
1003 struct rfcomm_hdr *hdr;
1004 struct rfcomm_mcc *mcc;
1005 u8 buf[16], *ptr = buf;
1006
1007 BT_DBG("%p cr %d", s, cr);
1008
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc));
1013
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1016 mcc->len = __len8(0);
1017
1018 *ptr = __fcs(buf); ptr++;
1019
1020 return rfcomm_send_frame(s, buf, ptr - buf);
1021 }
1022
1023 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1024 {
1025 struct rfcomm_hdr *hdr;
1026 struct rfcomm_mcc *mcc;
1027 u8 buf[16], *ptr = buf;
1028
1029 BT_DBG("%p cr %d", s, cr);
1030
1031 hdr = (void *) ptr; ptr += sizeof(*hdr);
1032 hdr->addr = __addr(s->initiator, 0);
1033 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1034 hdr->len = __len8(sizeof(*mcc));
1035
1036 mcc = (void *) ptr; ptr += sizeof(*mcc);
1037 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1038 mcc->len = __len8(0);
1039
1040 *ptr = __fcs(buf); ptr++;
1041
1042 return rfcomm_send_frame(s, buf, ptr - buf);
1043 }
1044
1045 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1046 {
1047 struct socket *sock = s->sock;
1048 struct kvec iv[3];
1049 struct msghdr msg;
1050 unsigned char hdr[5], crc[1];
1051
1052 if (len > 125)
1053 return -EINVAL;
1054
1055 BT_DBG("%p cr %d", s, cr);
1056
1057 hdr[0] = __addr(s->initiator, 0);
1058 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1059 hdr[2] = 0x01 | ((len + 2) << 1);
1060 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1061 hdr[4] = 0x01 | (len << 1);
1062
1063 crc[0] = __fcs(hdr);
1064
1065 iv[0].iov_base = hdr;
1066 iv[0].iov_len = 5;
1067 iv[1].iov_base = pattern;
1068 iv[1].iov_len = len;
1069 iv[2].iov_base = crc;
1070 iv[2].iov_len = 1;
1071
1072 memset(&msg, 0, sizeof(msg));
1073
1074 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1075 }
1076
1077 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1078 {
1079 struct rfcomm_hdr *hdr;
1080 u8 buf[16], *ptr = buf;
1081
1082 BT_DBG("%p addr %d credits %d", s, addr, credits);
1083
1084 hdr = (void *) ptr; ptr += sizeof(*hdr);
1085 hdr->addr = addr;
1086 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1087 hdr->len = __len8(0);
1088
1089 *ptr = credits; ptr++;
1090
1091 *ptr = __fcs(buf); ptr++;
1092
1093 return rfcomm_send_frame(s, buf, ptr - buf);
1094 }
1095
1096 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1097 {
1098 struct rfcomm_hdr *hdr;
1099 int len = skb->len;
1100 u8 *crc;
1101
1102 if (len > 127) {
1103 hdr = (void *) skb_push(skb, 4);
1104 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1105 } else {
1106 hdr = (void *) skb_push(skb, 3);
1107 hdr->len = __len8(len);
1108 }
1109 hdr->addr = addr;
1110 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1111
1112 crc = skb_put(skb, 1);
1113 *crc = __fcs((void *) hdr);
1114 }
1115
1116 /* ---- RFCOMM frame reception ---- */
1117 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1118 {
1119 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1120
1121 if (dlci) {
1122 /* Data channel */
1123 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1124 if (!d) {
1125 rfcomm_send_dm(s, dlci);
1126 return s;
1127 }
1128
1129 switch (d->state) {
1130 case BT_CONNECT:
1131 rfcomm_dlc_clear_timer(d);
1132
1133 rfcomm_dlc_lock(d);
1134 d->state = BT_CONNECTED;
1135 d->state_change(d, 0);
1136 rfcomm_dlc_unlock(d);
1137
1138 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1139 break;
1140
1141 case BT_DISCONN:
1142 d->state = BT_CLOSED;
1143 __rfcomm_dlc_close(d, 0);
1144
1145 if (list_empty(&s->dlcs)) {
1146 s->state = BT_DISCONN;
1147 rfcomm_send_disc(s, 0);
1148 rfcomm_session_clear_timer(s);
1149 }
1150
1151 break;
1152 }
1153 } else {
1154 /* Control channel */
1155 switch (s->state) {
1156 case BT_CONNECT:
1157 s->state = BT_CONNECTED;
1158 rfcomm_process_connect(s);
1159 break;
1160
1161 case BT_DISCONN:
1162 s = rfcomm_session_close(s, ECONNRESET);
1163 break;
1164 }
1165 }
1166 return s;
1167 }
1168
1169 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1170 {
1171 int err = 0;
1172
1173 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1174
1175 if (dlci) {
1176 /* Data DLC */
1177 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1178 if (d) {
1179 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1180 err = ECONNREFUSED;
1181 else
1182 err = ECONNRESET;
1183
1184 d->state = BT_CLOSED;
1185 __rfcomm_dlc_close(d, err);
1186 }
1187 } else {
1188 if (s->state == BT_CONNECT)
1189 err = ECONNREFUSED;
1190 else
1191 err = ECONNRESET;
1192
1193 s = rfcomm_session_close(s, err);
1194 }
1195 return s;
1196 }
1197
1198 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1199 u8 dlci)
1200 {
1201 int err = 0;
1202
1203 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1204
1205 if (dlci) {
1206 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1207 if (d) {
1208 rfcomm_send_ua(s, dlci);
1209
1210 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1211 err = ECONNREFUSED;
1212 else
1213 err = ECONNRESET;
1214
1215 d->state = BT_CLOSED;
1216 __rfcomm_dlc_close(d, err);
1217 } else
1218 rfcomm_send_dm(s, dlci);
1219
1220 } else {
1221 rfcomm_send_ua(s, 0);
1222
1223 if (s->state == BT_CONNECT)
1224 err = ECONNREFUSED;
1225 else
1226 err = ECONNRESET;
1227
1228 s = rfcomm_session_close(s, err);
1229 }
1230 return s;
1231 }
1232
1233 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1234 {
1235 struct sock *sk = d->session->sock->sk;
1236 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1237
1238 BT_DBG("dlc %p", d);
1239
1240 rfcomm_send_ua(d->session, d->dlci);
1241
1242 rfcomm_dlc_clear_timer(d);
1243
1244 rfcomm_dlc_lock(d);
1245 d->state = BT_CONNECTED;
1246 d->state_change(d, 0);
1247 rfcomm_dlc_unlock(d);
1248
1249 if (d->role_switch)
1250 hci_conn_switch_role(conn->hcon, 0x00);
1251
1252 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1253 }
1254
1255 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1256 {
1257 if (rfcomm_check_security(d)) {
1258 if (d->defer_setup) {
1259 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1260 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1261
1262 rfcomm_dlc_lock(d);
1263 d->state = BT_CONNECT2;
1264 d->state_change(d, 0);
1265 rfcomm_dlc_unlock(d);
1266 } else
1267 rfcomm_dlc_accept(d);
1268 } else {
1269 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1270 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1271 }
1272 }
1273
1274 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1275 {
1276 struct rfcomm_dlc *d;
1277 u8 channel;
1278
1279 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1280
1281 if (!dlci) {
1282 rfcomm_send_ua(s, 0);
1283
1284 if (s->state == BT_OPEN) {
1285 s->state = BT_CONNECTED;
1286 rfcomm_process_connect(s);
1287 }
1288 return 0;
1289 }
1290
1291 /* Check if DLC exists */
1292 d = rfcomm_dlc_get(s, dlci);
1293 if (d) {
1294 if (d->state == BT_OPEN) {
1295 /* DLC was previously opened by PN request */
1296 rfcomm_check_accept(d);
1297 }
1298 return 0;
1299 }
1300
1301 /* Notify socket layer about incoming connection */
1302 channel = __srv_channel(dlci);
1303 if (rfcomm_connect_ind(s, channel, &d)) {
1304 d->dlci = dlci;
1305 d->addr = __addr(s->initiator, dlci);
1306 rfcomm_dlc_link(s, d);
1307
1308 rfcomm_check_accept(d);
1309 } else {
1310 rfcomm_send_dm(s, dlci);
1311 }
1312
1313 return 0;
1314 }
1315
1316 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1317 {
1318 struct rfcomm_session *s = d->session;
1319
1320 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1321 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1322
1323 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1324 pn->flow_ctrl == 0xe0) {
1325 d->cfc = RFCOMM_CFC_ENABLED;
1326 d->tx_credits = pn->credits;
1327 } else {
1328 d->cfc = RFCOMM_CFC_DISABLED;
1329 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1330 }
1331
1332 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1333 s->cfc = d->cfc;
1334
1335 d->priority = pn->priority;
1336
1337 d->mtu = __le16_to_cpu(pn->mtu);
1338
1339 if (cr && d->mtu > s->mtu)
1340 d->mtu = s->mtu;
1341
1342 return 0;
1343 }
1344
1345 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1346 {
1347 struct rfcomm_pn *pn = (void *) skb->data;
1348 struct rfcomm_dlc *d;
1349 u8 dlci = pn->dlci;
1350
1351 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1352
1353 if (!dlci)
1354 return 0;
1355
1356 d = rfcomm_dlc_get(s, dlci);
1357 if (d) {
1358 if (cr) {
1359 /* PN request */
1360 rfcomm_apply_pn(d, cr, pn);
1361 rfcomm_send_pn(s, 0, d);
1362 } else {
1363 /* PN response */
1364 switch (d->state) {
1365 case BT_CONFIG:
1366 rfcomm_apply_pn(d, cr, pn);
1367
1368 d->state = BT_CONNECT;
1369 rfcomm_send_sabm(s, d->dlci);
1370 break;
1371 }
1372 }
1373 } else {
1374 u8 channel = __srv_channel(dlci);
1375
1376 if (!cr)
1377 return 0;
1378
1379 /* PN request for non existing DLC.
1380 * Assume incoming connection. */
1381 if (rfcomm_connect_ind(s, channel, &d)) {
1382 d->dlci = dlci;
1383 d->addr = __addr(s->initiator, dlci);
1384 rfcomm_dlc_link(s, d);
1385
1386 rfcomm_apply_pn(d, cr, pn);
1387
1388 d->state = BT_OPEN;
1389 rfcomm_send_pn(s, 0, d);
1390 } else {
1391 rfcomm_send_dm(s, dlci);
1392 }
1393 }
1394 return 0;
1395 }
1396
1397 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1398 {
1399 struct rfcomm_rpn *rpn = (void *) skb->data;
1400 u8 dlci = __get_dlci(rpn->dlci);
1401
1402 u8 bit_rate = 0;
1403 u8 data_bits = 0;
1404 u8 stop_bits = 0;
1405 u8 parity = 0;
1406 u8 flow_ctrl = 0;
1407 u8 xon_char = 0;
1408 u8 xoff_char = 0;
1409 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1410
1411 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1412 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1413 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1414
1415 if (!cr)
1416 return 0;
1417
1418 if (len == 1) {
1419 /* This is a request, return default (according to ETSI TS 07.10) settings */
1420 bit_rate = RFCOMM_RPN_BR_9600;
1421 data_bits = RFCOMM_RPN_DATA_8;
1422 stop_bits = RFCOMM_RPN_STOP_1;
1423 parity = RFCOMM_RPN_PARITY_NONE;
1424 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1425 xon_char = RFCOMM_RPN_XON_CHAR;
1426 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1427 goto rpn_out;
1428 }
1429
1430 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1431 * no parity, no flow control lines, normal XON/XOFF chars */
1432
1433 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1434 bit_rate = rpn->bit_rate;
1435 if (bit_rate > RFCOMM_RPN_BR_230400) {
1436 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1437 bit_rate = RFCOMM_RPN_BR_9600;
1438 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1439 }
1440 }
1441
1442 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1443 data_bits = __get_rpn_data_bits(rpn->line_settings);
1444 if (data_bits != RFCOMM_RPN_DATA_8) {
1445 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1446 data_bits = RFCOMM_RPN_DATA_8;
1447 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1448 }
1449 }
1450
1451 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1452 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1453 if (stop_bits != RFCOMM_RPN_STOP_1) {
1454 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1455 stop_bits = RFCOMM_RPN_STOP_1;
1456 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1457 }
1458 }
1459
1460 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1461 parity = __get_rpn_parity(rpn->line_settings);
1462 if (parity != RFCOMM_RPN_PARITY_NONE) {
1463 BT_DBG("RPN parity mismatch 0x%x", parity);
1464 parity = RFCOMM_RPN_PARITY_NONE;
1465 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1466 }
1467 }
1468
1469 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1470 flow_ctrl = rpn->flow_ctrl;
1471 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1472 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1473 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1474 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1475 }
1476 }
1477
1478 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1479 xon_char = rpn->xon_char;
1480 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1481 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1482 xon_char = RFCOMM_RPN_XON_CHAR;
1483 rpn_mask ^= RFCOMM_RPN_PM_XON;
1484 }
1485 }
1486
1487 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1488 xoff_char = rpn->xoff_char;
1489 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1490 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1491 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1492 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1493 }
1494 }
1495
1496 rpn_out:
1497 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1498 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1499
1500 return 0;
1501 }
1502
1503 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1504 {
1505 struct rfcomm_rls *rls = (void *) skb->data;
1506 u8 dlci = __get_dlci(rls->dlci);
1507
1508 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1509
1510 if (!cr)
1511 return 0;
1512
1513 /* We should probably do something with this information here. But
1514 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1515 * mandatory to recognise and respond to RLS */
1516
1517 rfcomm_send_rls(s, 0, dlci, rls->status);
1518
1519 return 0;
1520 }
1521
1522 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1523 {
1524 struct rfcomm_msc *msc = (void *) skb->data;
1525 struct rfcomm_dlc *d;
1526 u8 dlci = __get_dlci(msc->dlci);
1527
1528 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1529
1530 d = rfcomm_dlc_get(s, dlci);
1531 if (!d)
1532 return 0;
1533
1534 if (cr) {
1535 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1536 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1537 else
1538 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1539
1540 rfcomm_dlc_lock(d);
1541
1542 d->remote_v24_sig = msc->v24_sig;
1543
1544 if (d->modem_status)
1545 d->modem_status(d, msc->v24_sig);
1546
1547 rfcomm_dlc_unlock(d);
1548
1549 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1550
1551 d->mscex |= RFCOMM_MSCEX_RX;
1552 } else
1553 d->mscex |= RFCOMM_MSCEX_TX;
1554
1555 return 0;
1556 }
1557
1558 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1559 {
1560 struct rfcomm_mcc *mcc = (void *) skb->data;
1561 u8 type, cr, len;
1562
1563 cr = __test_cr(mcc->type);
1564 type = __get_mcc_type(mcc->type);
1565 len = __get_mcc_len(mcc->len);
1566
1567 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1568
1569 skb_pull(skb, 2);
1570
1571 switch (type) {
1572 case RFCOMM_PN:
1573 rfcomm_recv_pn(s, cr, skb);
1574 break;
1575
1576 case RFCOMM_RPN:
1577 rfcomm_recv_rpn(s, cr, len, skb);
1578 break;
1579
1580 case RFCOMM_RLS:
1581 rfcomm_recv_rls(s, cr, skb);
1582 break;
1583
1584 case RFCOMM_MSC:
1585 rfcomm_recv_msc(s, cr, skb);
1586 break;
1587
1588 case RFCOMM_FCOFF:
1589 if (cr) {
1590 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1591 rfcomm_send_fcoff(s, 0);
1592 }
1593 break;
1594
1595 case RFCOMM_FCON:
1596 if (cr) {
1597 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1598 rfcomm_send_fcon(s, 0);
1599 }
1600 break;
1601
1602 case RFCOMM_TEST:
1603 if (cr)
1604 rfcomm_send_test(s, 0, skb->data, skb->len);
1605 break;
1606
1607 case RFCOMM_NSC:
1608 break;
1609
1610 default:
1611 BT_ERR("Unknown control type 0x%02x", type);
1612 rfcomm_send_nsc(s, cr, type);
1613 break;
1614 }
1615 return 0;
1616 }
1617
1618 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1619 {
1620 struct rfcomm_dlc *d;
1621
1622 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1623
1624 d = rfcomm_dlc_get(s, dlci);
1625 if (!d) {
1626 rfcomm_send_dm(s, dlci);
1627 goto drop;
1628 }
1629
1630 if (pf && d->cfc) {
1631 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1632
1633 d->tx_credits += credits;
1634 if (d->tx_credits)
1635 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1636 }
1637
1638 if (skb->len && d->state == BT_CONNECTED) {
1639 rfcomm_dlc_lock(d);
1640 d->rx_credits--;
1641 d->data_ready(d, skb);
1642 rfcomm_dlc_unlock(d);
1643 return 0;
1644 }
1645
1646 drop:
1647 kfree_skb(skb);
1648 return 0;
1649 }
1650
1651 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1652 struct sk_buff *skb)
1653 {
1654 struct rfcomm_hdr *hdr = (void *) skb->data;
1655 u8 type, dlci, fcs;
1656
1657 if (!s) {
1658 /* no session, so free socket data */
1659 kfree_skb(skb);
1660 return s;
1661 }
1662
1663 dlci = __get_dlci(hdr->addr);
1664 type = __get_type(hdr->ctrl);
1665
1666 /* Trim FCS */
1667 skb->len--; skb->tail--;
1668 fcs = *(u8 *)skb_tail_pointer(skb);
1669
1670 if (__check_fcs(skb->data, type, fcs)) {
1671 BT_ERR("bad checksum in packet");
1672 kfree_skb(skb);
1673 return s;
1674 }
1675
1676 if (__test_ea(hdr->len))
1677 skb_pull(skb, 3);
1678 else
1679 skb_pull(skb, 4);
1680
1681 switch (type) {
1682 case RFCOMM_SABM:
1683 if (__test_pf(hdr->ctrl))
1684 rfcomm_recv_sabm(s, dlci);
1685 break;
1686
1687 case RFCOMM_DISC:
1688 if (__test_pf(hdr->ctrl))
1689 s = rfcomm_recv_disc(s, dlci);
1690 break;
1691
1692 case RFCOMM_UA:
1693 if (__test_pf(hdr->ctrl))
1694 s = rfcomm_recv_ua(s, dlci);
1695 break;
1696
1697 case RFCOMM_DM:
1698 s = rfcomm_recv_dm(s, dlci);
1699 break;
1700
1701 case RFCOMM_UIH:
1702 if (dlci) {
1703 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1704 return s;
1705 }
1706 rfcomm_recv_mcc(s, skb);
1707 break;
1708
1709 default:
1710 BT_ERR("Unknown packet type 0x%02x", type);
1711 break;
1712 }
1713 kfree_skb(skb);
1714 return s;
1715 }
1716
1717 /* ---- Connection and data processing ---- */
1718
1719 static void rfcomm_process_connect(struct rfcomm_session *s)
1720 {
1721 struct rfcomm_dlc *d;
1722 struct list_head *p, *n;
1723
1724 BT_DBG("session %p state %ld", s, s->state);
1725
1726 list_for_each_safe(p, n, &s->dlcs) {
1727 d = list_entry(p, struct rfcomm_dlc, list);
1728 if (d->state == BT_CONFIG) {
1729 d->mtu = s->mtu;
1730 if (rfcomm_check_security(d)) {
1731 rfcomm_send_pn(s, 1, d);
1732 } else {
1733 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1734 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1735 }
1736 }
1737 }
1738 }
1739
1740 /* Send data queued for the DLC.
1741 * Return number of frames left in the queue.
1742 */
1743 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1744 {
1745 struct sk_buff *skb;
1746 int err;
1747
1748 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1749 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1750
1751 /* Send pending MSC */
1752 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1753 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1754
1755 if (d->cfc) {
1756 /* CFC enabled.
1757 * Give them some credits */
1758 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1759 d->rx_credits <= (d->cfc >> 2)) {
1760 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1761 d->rx_credits = d->cfc;
1762 }
1763 } else {
1764 /* CFC disabled.
1765 * Give ourselves some credits */
1766 d->tx_credits = 5;
1767 }
1768
1769 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1770 return skb_queue_len(&d->tx_queue);
1771
1772 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1773 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1774 if (err < 0) {
1775 skb_queue_head(&d->tx_queue, skb);
1776 break;
1777 }
1778 kfree_skb(skb);
1779 d->tx_credits--;
1780 }
1781
1782 if (d->cfc && !d->tx_credits) {
1783 /* We're out of TX credits.
1784 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1785 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1786 }
1787
1788 return skb_queue_len(&d->tx_queue);
1789 }
1790
1791 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1792 {
1793 struct rfcomm_dlc *d;
1794 struct list_head *p, *n;
1795
1796 BT_DBG("session %p state %ld", s, s->state);
1797
1798 list_for_each_safe(p, n, &s->dlcs) {
1799 d = list_entry(p, struct rfcomm_dlc, list);
1800
1801 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1802 __rfcomm_dlc_close(d, ETIMEDOUT);
1803 continue;
1804 }
1805
1806 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1807 __rfcomm_dlc_close(d, ECONNREFUSED);
1808 continue;
1809 }
1810
1811 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1812 rfcomm_dlc_clear_timer(d);
1813 if (d->out) {
1814 rfcomm_send_pn(s, 1, d);
1815 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1816 } else {
1817 if (d->defer_setup) {
1818 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1819 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1820
1821 rfcomm_dlc_lock(d);
1822 d->state = BT_CONNECT2;
1823 d->state_change(d, 0);
1824 rfcomm_dlc_unlock(d);
1825 } else
1826 rfcomm_dlc_accept(d);
1827 }
1828 continue;
1829 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1830 rfcomm_dlc_clear_timer(d);
1831 if (!d->out)
1832 rfcomm_send_dm(s, d->dlci);
1833 else
1834 d->state = BT_CLOSED;
1835 __rfcomm_dlc_close(d, ECONNREFUSED);
1836 continue;
1837 }
1838
1839 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1840 continue;
1841
1842 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1843 continue;
1844
1845 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1846 d->mscex == RFCOMM_MSCEX_OK)
1847 rfcomm_process_tx(d);
1848 }
1849 }
1850
1851 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1852 {
1853 struct socket *sock = s->sock;
1854 struct sock *sk = sock->sk;
1855 struct sk_buff *skb;
1856
1857 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1858
1859 /* Get data directly from socket receive queue without copying it. */
1860 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1861 skb_orphan(skb);
1862 if (!skb_linearize(skb))
1863 s = rfcomm_recv_frame(s, skb);
1864 else
1865 kfree_skb(skb);
1866 }
1867
1868 if (s && (sk->sk_state == BT_CLOSED))
1869 s = rfcomm_session_close(s, sk->sk_err);
1870
1871 return s;
1872 }
1873
1874 static void rfcomm_accept_connection(struct rfcomm_session *s)
1875 {
1876 struct socket *sock = s->sock, *nsock;
1877 int err;
1878
1879 /* Fast check for a new connection.
1880 * Avoids unnesesary socket allocations. */
1881 if (list_empty(&bt_sk(sock->sk)->accept_q))
1882 return;
1883
1884 BT_DBG("session %p", s);
1885
1886 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1887 if (err < 0)
1888 return;
1889
1890 /* Set our callbacks */
1891 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1892 nsock->sk->sk_state_change = rfcomm_l2state_change;
1893
1894 s = rfcomm_session_add(nsock, BT_OPEN);
1895 if (s) {
1896 /* We should adjust MTU on incoming sessions.
1897 * L2CAP MTU minus UIH header and FCS. */
1898 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1899 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1900
1901 rfcomm_schedule();
1902 } else
1903 sock_release(nsock);
1904 }
1905
1906 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1907 {
1908 struct sock *sk = s->sock->sk;
1909
1910 BT_DBG("%p state %ld", s, s->state);
1911
1912 switch (sk->sk_state) {
1913 case BT_CONNECTED:
1914 s->state = BT_CONNECT;
1915
1916 /* We can adjust MTU on outgoing sessions.
1917 * L2CAP MTU minus UIH header and FCS. */
1918 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1919
1920 rfcomm_send_sabm(s, 0);
1921 break;
1922
1923 case BT_CLOSED:
1924 s = rfcomm_session_close(s, sk->sk_err);
1925 break;
1926 }
1927 return s;
1928 }
1929
1930 static void rfcomm_process_sessions(void)
1931 {
1932 struct list_head *p, *n;
1933
1934 rfcomm_lock();
1935
1936 list_for_each_safe(p, n, &session_list) {
1937 struct rfcomm_session *s;
1938 s = list_entry(p, struct rfcomm_session, list);
1939
1940 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1941 s->state = BT_DISCONN;
1942 rfcomm_send_disc(s, 0);
1943 continue;
1944 }
1945
1946 if (s->state == BT_LISTEN) {
1947 rfcomm_accept_connection(s);
1948 continue;
1949 }
1950
1951 switch (s->state) {
1952 case BT_BOUND:
1953 s = rfcomm_check_connection(s);
1954 break;
1955
1956 default:
1957 s = rfcomm_process_rx(s);
1958 break;
1959 }
1960
1961 if (s)
1962 rfcomm_process_dlcs(s);
1963 }
1964
1965 rfcomm_unlock();
1966 }
1967
1968 static int rfcomm_add_listener(bdaddr_t *ba)
1969 {
1970 struct sockaddr_l2 addr;
1971 struct socket *sock;
1972 struct sock *sk;
1973 struct rfcomm_session *s;
1974 int err = 0;
1975
1976 /* Create socket */
1977 err = rfcomm_l2sock_create(&sock);
1978 if (err < 0) {
1979 BT_ERR("Create socket failed %d", err);
1980 return err;
1981 }
1982
1983 /* Bind socket */
1984 bacpy(&addr.l2_bdaddr, ba);
1985 addr.l2_family = AF_BLUETOOTH;
1986 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1987 addr.l2_cid = 0;
1988 addr.l2_bdaddr_type = BDADDR_BREDR;
1989 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1990 if (err < 0) {
1991 BT_ERR("Bind failed %d", err);
1992 goto failed;
1993 }
1994
1995 /* Set L2CAP options */
1996 sk = sock->sk;
1997 lock_sock(sk);
1998 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1999 release_sock(sk);
2000
2001 /* Start listening on the socket */
2002 err = kernel_listen(sock, 10);
2003 if (err) {
2004 BT_ERR("Listen failed %d", err);
2005 goto failed;
2006 }
2007
2008 /* Add listening session */
2009 s = rfcomm_session_add(sock, BT_LISTEN);
2010 if (!s) {
2011 err = -ENOMEM;
2012 goto failed;
2013 }
2014
2015 return 0;
2016 failed:
2017 sock_release(sock);
2018 return err;
2019 }
2020
2021 static void rfcomm_kill_listener(void)
2022 {
2023 struct rfcomm_session *s;
2024 struct list_head *p, *n;
2025
2026 BT_DBG("");
2027
2028 list_for_each_safe(p, n, &session_list) {
2029 s = list_entry(p, struct rfcomm_session, list);
2030 rfcomm_session_del(s);
2031 }
2032 }
2033
2034 static int rfcomm_run(void *unused)
2035 {
2036 BT_DBG("");
2037
2038 set_user_nice(current, -10);
2039
2040 rfcomm_add_listener(BDADDR_ANY);
2041
2042 while (1) {
2043 set_current_state(TASK_INTERRUPTIBLE);
2044
2045 if (kthread_should_stop())
2046 break;
2047
2048 /* Process stuff */
2049 rfcomm_process_sessions();
2050
2051 schedule();
2052 }
2053 __set_current_state(TASK_RUNNING);
2054
2055 rfcomm_kill_listener();
2056
2057 return 0;
2058 }
2059
2060 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2061 {
2062 struct rfcomm_session *s;
2063 struct rfcomm_dlc *d;
2064 struct list_head *p, *n;
2065
2066 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2067
2068 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2069 if (!s)
2070 return;
2071
2072 list_for_each_safe(p, n, &s->dlcs) {
2073 d = list_entry(p, struct rfcomm_dlc, list);
2074
2075 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2076 rfcomm_dlc_clear_timer(d);
2077 if (status || encrypt == 0x00) {
2078 set_bit(RFCOMM_ENC_DROP, &d->flags);
2079 continue;
2080 }
2081 }
2082
2083 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2084 if (d->sec_level == BT_SECURITY_MEDIUM) {
2085 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2086 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2087 continue;
2088 } else if (d->sec_level == BT_SECURITY_HIGH) {
2089 set_bit(RFCOMM_ENC_DROP, &d->flags);
2090 continue;
2091 }
2092 }
2093
2094 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2095 continue;
2096
2097 if (!status && hci_conn_check_secure(conn, d->sec_level))
2098 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2099 else
2100 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2101 }
2102
2103 rfcomm_schedule();
2104 }
2105
2106 static struct hci_cb rfcomm_cb = {
2107 .name = "RFCOMM",
2108 .security_cfm = rfcomm_security_cfm
2109 };
2110
2111 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2112 {
2113 struct rfcomm_session *s;
2114
2115 rfcomm_lock();
2116
2117 list_for_each_entry(s, &session_list, list) {
2118 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2119 struct rfcomm_dlc *d;
2120 list_for_each_entry(d, &s->dlcs, list) {
2121 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2122 &chan->src, &chan->dst,
2123 d->state, d->dlci, d->mtu,
2124 d->rx_credits, d->tx_credits);
2125 }
2126 }
2127
2128 rfcomm_unlock();
2129
2130 return 0;
2131 }
2132
2133 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2134 {
2135 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2136 }
2137
2138 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2139 .open = rfcomm_dlc_debugfs_open,
2140 .read = seq_read,
2141 .llseek = seq_lseek,
2142 .release = single_release,
2143 };
2144
2145 static struct dentry *rfcomm_dlc_debugfs;
2146
2147 /* ---- Initialization ---- */
2148 static int __init rfcomm_init(void)
2149 {
2150 int err;
2151
2152 hci_register_cb(&rfcomm_cb);
2153
2154 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2155 if (IS_ERR(rfcomm_thread)) {
2156 err = PTR_ERR(rfcomm_thread);
2157 goto unregister;
2158 }
2159
2160 err = rfcomm_init_ttys();
2161 if (err < 0)
2162 goto stop;
2163
2164 err = rfcomm_init_sockets();
2165 if (err < 0)
2166 goto cleanup;
2167
2168 BT_INFO("RFCOMM ver %s", VERSION);
2169
2170 if (IS_ERR_OR_NULL(bt_debugfs))
2171 return 0;
2172
2173 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2174 bt_debugfs, NULL,
2175 &rfcomm_dlc_debugfs_fops);
2176
2177 return 0;
2178
2179 cleanup:
2180 rfcomm_cleanup_ttys();
2181
2182 stop:
2183 kthread_stop(rfcomm_thread);
2184
2185 unregister:
2186 hci_unregister_cb(&rfcomm_cb);
2187
2188 return err;
2189 }
2190
2191 static void __exit rfcomm_exit(void)
2192 {
2193 debugfs_remove(rfcomm_dlc_debugfs);
2194
2195 hci_unregister_cb(&rfcomm_cb);
2196
2197 kthread_stop(rfcomm_thread);
2198
2199 rfcomm_cleanup_ttys();
2200
2201 rfcomm_cleanup_sockets();
2202 }
2203
2204 module_init(rfcomm_init);
2205 module_exit(rfcomm_exit);
2206
2207 module_param(disable_cfc, bool, 0644);
2208 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2209
2210 module_param(channel_mtu, int, 0644);
2211 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2212
2213 module_param(l2cap_mtu, uint, 0644);
2214 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2215
2216 module_param(l2cap_ertm, bool, 0644);
2217 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2218
2219 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2220 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2221 MODULE_VERSION(VERSION);
2222 MODULE_LICENSE("GPL");
2223 MODULE_ALIAS("bt-proto-3");
Linux kernel - Deliverables
This page took 0.074769 seconds and 6 git commands to generate.