core.c revision 262038fcb2a50e9b5553243452918fda08cdf83d
1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * Bluetooth RFCOMM core. 26 */ 27 28#include <linux/module.h> 29#include <linux/errno.h> 30#include <linux/kernel.h> 31#include <linux/sched.h> 32#include <linux/signal.h> 33#include <linux/init.h> 34#include <linux/wait.h> 35#include <linux/device.h> 36#include <linux/debugfs.h> 37#include <linux/seq_file.h> 38#include <linux/net.h> 39#include <linux/mutex.h> 40#include <linux/kthread.h> 41#include <linux/slab.h> 42 43#include <net/sock.h> 44#include <linux/uaccess.h> 45#include <asm/unaligned.h> 46 47#include <net/bluetooth/bluetooth.h> 48#include <net/bluetooth/hci_core.h> 49#include <net/bluetooth/l2cap.h> 50#include <net/bluetooth/rfcomm.h> 51 52#define VERSION "1.11" 53 54static int disable_cfc; 55static int l2cap_ertm; 56static int channel_mtu = -1; 57static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 58 59static struct task_struct *rfcomm_thread; 60 61static DEFINE_MUTEX(rfcomm_mutex); 62#define rfcomm_lock() mutex_lock(&rfcomm_mutex) 63#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 64 65 66static LIST_HEAD(session_list); 67 68static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len, 69 u32 priority); 70static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80static void rfcomm_process_connect(struct rfcomm_session *s); 81 82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 83 bdaddr_t *dst, 84 u8 sec_level, 85 int *err); 86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87static void rfcomm_session_del(struct rfcomm_session *s); 88 89/* ---- RFCOMM frame parsing macros ---- */ 90#define __get_dlci(b) ((b & 0xfc) >> 2) 91#define __get_channel(b) ((b & 0xf8) >> 3) 92#define __get_dir(b) ((b & 0x04) >> 2) 93#define __get_type(b) ((b & 0xef)) 94 95#define __test_ea(b) ((b & 0x01)) 96#define __test_cr(b) ((b & 0x02)) 97#define __test_pf(b) ((b & 0x10)) 98 99#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100#define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102#define __srv_channel(dlci) (dlci >> 1) 103#define __dir(dlci) (dlci & 0x01) 104 105#define __len8(len) (((len) << 1) | 1) 106#define __len16(len) ((len) << 1) 107 108/* MCC macros */ 109#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110#define __get_mcc_type(b) ((b & 0xfc) >> 2) 111#define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113/* RPN macros */ 114#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115#define __get_rpn_data_bits(line) ((line) & 0x3) 116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117#define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119static inline void rfcomm_schedule(void) 120{ 121 if (!rfcomm_thread) 122 return; 123 wake_up_process(rfcomm_thread); 124} 125 126static inline void rfcomm_session_put(struct rfcomm_session *s) 127{ 128 if (atomic_dec_and_test(&s->refcnt)) 129 rfcomm_session_del(s); 130} 131 132/* ---- RFCOMM FCS computation ---- */ 133 134/* reversed, 8-bit, poly=0x07 */ 135static unsigned char rfcomm_crc_table[256] = { 136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 140 141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 145 146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 150 151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 155 156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 160 161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 165 166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 170 171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 175}; 176 177/* CRC on 2 bytes */ 178#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 179 180/* FCS on 2 bytes */ 181static inline u8 __fcs(u8 *data) 182{ 183 return 0xff - __crc(data); 184} 185 186/* FCS on 3 bytes */ 187static inline u8 __fcs2(u8 *data) 188{ 189 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 190} 191 192/* Check FCS */ 193static inline int __check_fcs(u8 *data, int type, u8 fcs) 194{ 195 u8 f = __crc(data); 196 197 if (type != RFCOMM_UIH) 198 f = rfcomm_crc_table[f ^ data[2]]; 199 200 return rfcomm_crc_table[f ^ fcs] != 0xcf; 201} 202 203/* ---- L2CAP callbacks ---- */ 204static void rfcomm_l2state_change(struct sock *sk) 205{ 206 BT_DBG("%p state %d", sk, sk->sk_state); 207 rfcomm_schedule(); 208} 209 210static void rfcomm_l2data_ready(struct sock *sk, int bytes) 211{ 212 BT_DBG("%p bytes %d", sk, bytes); 213 rfcomm_schedule(); 214} 215 216static int rfcomm_l2sock_create(struct socket **sock) 217{ 218 int err; 219 220 BT_DBG(""); 221 222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 223 if (!err) { 224 struct sock *sk = (*sock)->sk; 225 sk->sk_data_ready = rfcomm_l2data_ready; 226 sk->sk_state_change = rfcomm_l2state_change; 227 } 228 return err; 229} 230 231static inline int rfcomm_check_security(struct rfcomm_dlc *d) 232{ 233 struct sock *sk = d->session->sock->sk; 234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 235 236 __u8 auth_type; 237 238 switch (d->sec_level) { 239 case BT_SECURITY_HIGH: 240 auth_type = HCI_AT_GENERAL_BONDING_MITM; 241 break; 242 case BT_SECURITY_MEDIUM: 243 auth_type = HCI_AT_GENERAL_BONDING; 244 break; 245 default: 246 auth_type = HCI_AT_NO_BONDING; 247 break; 248 } 249 250 return hci_conn_security(conn->hcon, d->sec_level, auth_type); 251} 252 253static void rfcomm_session_timeout(unsigned long arg) 254{ 255 struct rfcomm_session *s = (void *) arg; 256 257 BT_DBG("session %p state %ld", s, s->state); 258 259 set_bit(RFCOMM_TIMED_OUT, &s->flags); 260 rfcomm_schedule(); 261} 262 263static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 264{ 265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 266 267 if (!mod_timer(&s->timer, jiffies + timeout)) 268 rfcomm_session_hold(s); 269} 270 271static void rfcomm_session_clear_timer(struct rfcomm_session *s) 272{ 273 BT_DBG("session %p state %ld", s, s->state); 274 275 if (timer_pending(&s->timer) && del_timer(&s->timer)) 276 rfcomm_session_put(s); 277} 278 279/* ---- RFCOMM DLCs ---- */ 280static void rfcomm_dlc_timeout(unsigned long arg) 281{ 282 struct rfcomm_dlc *d = (void *) arg; 283 284 BT_DBG("dlc %p state %ld", d, d->state); 285 286 set_bit(RFCOMM_TIMED_OUT, &d->flags); 287 rfcomm_dlc_put(d); 288 rfcomm_schedule(); 289} 290 291static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 292{ 293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 294 295 if (!mod_timer(&d->timer, jiffies + timeout)) 296 rfcomm_dlc_hold(d); 297} 298 299static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 300{ 301 BT_DBG("dlc %p state %ld", d, d->state); 302 303 if (timer_pending(&d->timer) && del_timer(&d->timer)) 304 rfcomm_dlc_put(d); 305} 306 307static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 308{ 309 BT_DBG("%p", d); 310 311 d->state = BT_OPEN; 312 d->flags = 0; 313 d->mscex = 0; 314 d->sec_level = BT_SECURITY_LOW; 315 d->mtu = RFCOMM_DEFAULT_MTU; 316 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 317 318 d->cfc = RFCOMM_CFC_DISABLED; 319 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 320} 321 322struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 323{ 324 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 325 326 if (!d) 327 return NULL; 328 329 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 330 331 skb_queue_head_init(&d->tx_queue); 332 spin_lock_init(&d->lock); 333 atomic_set(&d->refcnt, 1); 334 335 rfcomm_dlc_clear_state(d); 336 337 BT_DBG("%p", d); 338 339 return d; 340} 341 342void rfcomm_dlc_free(struct rfcomm_dlc *d) 343{ 344 BT_DBG("%p", d); 345 346 skb_queue_purge(&d->tx_queue); 347 kfree(d); 348} 349 350static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 351{ 352 BT_DBG("dlc %p session %p", d, s); 353 354 rfcomm_session_hold(s); 355 356 rfcomm_session_clear_timer(s); 357 rfcomm_dlc_hold(d); 358 list_add(&d->list, &s->dlcs); 359 d->session = s; 360} 361 362static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 363{ 364 struct rfcomm_session *s = d->session; 365 366 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 367 368 list_del(&d->list); 369 d->session = NULL; 370 rfcomm_dlc_put(d); 371 372 if (list_empty(&s->dlcs)) 373 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 374 375 rfcomm_session_put(s); 376} 377 378static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 379{ 380 struct rfcomm_dlc *d; 381 382 list_for_each_entry(d, &s->dlcs, list) 383 if (d->dlci == dlci) 384 return d; 385 386 return NULL; 387} 388 389static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 390{ 391 struct rfcomm_session *s; 392 int err = 0; 393 u8 dlci; 394 395 BT_DBG("dlc %p state %ld %s %s channel %d", 396 d, d->state, batostr(src), batostr(dst), channel); 397 398 if (channel < 1 || channel > 30) 399 return -EINVAL; 400 401 if (d->state != BT_OPEN && d->state != BT_CLOSED) 402 return 0; 403 404 s = rfcomm_session_get(src, dst); 405 if (!s) { 406 s = rfcomm_session_create(src, dst, d->sec_level, &err); 407 if (!s) 408 return err; 409 } 410 411 dlci = __dlci(!s->initiator, channel); 412 413 /* Check if DLCI already exists */ 414 if (rfcomm_dlc_get(s, dlci)) 415 return -EBUSY; 416 417 rfcomm_dlc_clear_state(d); 418 419 d->dlci = dlci; 420 d->addr = __addr(s->initiator, dlci); 421 d->priority = 7; 422 423 d->state = BT_CONFIG; 424 rfcomm_dlc_link(s, d); 425 426 d->out = 1; 427 428 d->mtu = s->mtu; 429 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 430 431 if (s->state == BT_CONNECTED) { 432 if (rfcomm_check_security(d)) 433 rfcomm_send_pn(s, 1, d); 434 else 435 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 436 } 437 438 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 439 440 return 0; 441} 442 443int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 444{ 445 int r; 446 447 rfcomm_lock(); 448 449 r = __rfcomm_dlc_open(d, src, dst, channel); 450 451 rfcomm_unlock(); 452 return r; 453} 454 455static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 456{ 457 struct rfcomm_session *s = d->session; 458 if (!s) 459 return 0; 460 461 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 462 d, d->state, d->dlci, err, s); 463 464 switch (d->state) { 465 case BT_CONNECT: 466 case BT_CONFIG: 467 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 468 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 469 rfcomm_schedule(); 470 break; 471 } 472 /* Fall through */ 473 474 case BT_CONNECTED: 475 d->state = BT_DISCONN; 476 if (skb_queue_empty(&d->tx_queue)) { 477 rfcomm_send_disc(s, d->dlci); 478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 479 } else { 480 rfcomm_queue_disc(d); 481 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 482 } 483 break; 484 485 case BT_OPEN: 486 case BT_CONNECT2: 487 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 488 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 489 rfcomm_schedule(); 490 break; 491 } 492 /* Fall through */ 493 494 default: 495 rfcomm_dlc_clear_timer(d); 496 497 rfcomm_dlc_lock(d); 498 d->state = BT_CLOSED; 499 d->state_change(d, err); 500 rfcomm_dlc_unlock(d); 501 502 skb_queue_purge(&d->tx_queue); 503 rfcomm_dlc_unlink(d); 504 } 505 506 return 0; 507} 508 509int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 510{ 511 int r; 512 513 rfcomm_lock(); 514 515 r = __rfcomm_dlc_close(d, err); 516 517 rfcomm_unlock(); 518 return r; 519} 520 521int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 522{ 523 int len = skb->len; 524 525 if (d->state != BT_CONNECTED) 526 return -ENOTCONN; 527 528 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 529 530 if (len > d->mtu) 531 return -EINVAL; 532 533 rfcomm_make_uih(skb, d->addr); 534 skb_queue_tail(&d->tx_queue, skb); 535 536 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 537 rfcomm_schedule(); 538 return len; 539} 540 541void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 542{ 543 BT_DBG("dlc %p state %ld", d, d->state); 544 545 if (!d->cfc) { 546 d->v24_sig |= RFCOMM_V24_FC; 547 set_bit(RFCOMM_MSC_PENDING, &d->flags); 548 } 549 rfcomm_schedule(); 550} 551 552void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 553{ 554 BT_DBG("dlc %p state %ld", d, d->state); 555 556 if (!d->cfc) { 557 d->v24_sig &= ~RFCOMM_V24_FC; 558 set_bit(RFCOMM_MSC_PENDING, &d->flags); 559 } 560 rfcomm_schedule(); 561} 562 563/* 564 Set/get modem status functions use _local_ status i.e. what we report 565 to the other side. 566 Remote status is provided by dlc->modem_status() callback. 567 */ 568int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 569{ 570 BT_DBG("dlc %p state %ld v24_sig 0x%x", 571 d, d->state, v24_sig); 572 573 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 574 v24_sig |= RFCOMM_V24_FC; 575 else 576 v24_sig &= ~RFCOMM_V24_FC; 577 578 d->v24_sig = v24_sig; 579 580 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 581 rfcomm_schedule(); 582 583 return 0; 584} 585 586int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 587{ 588 BT_DBG("dlc %p state %ld v24_sig 0x%x", 589 d, d->state, d->v24_sig); 590 591 *v24_sig = d->v24_sig; 592 return 0; 593} 594 595/* ---- RFCOMM sessions ---- */ 596static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 597{ 598 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 599 600 if (!s) 601 return NULL; 602 603 BT_DBG("session %p sock %p", s, sock); 604 605 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 606 607 INIT_LIST_HEAD(&s->dlcs); 608 s->state = state; 609 s->sock = sock; 610 611 s->mtu = RFCOMM_DEFAULT_MTU; 612 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 613 614 /* Do not increment module usage count for listening sessions. 615 * Otherwise we won't be able to unload the module. */ 616 if (state != BT_LISTEN) 617 if (!try_module_get(THIS_MODULE)) { 618 kfree(s); 619 return NULL; 620 } 621 622 list_add(&s->list, &session_list); 623 624 return s; 625} 626 627static void rfcomm_session_del(struct rfcomm_session *s) 628{ 629 int state = s->state; 630 631 BT_DBG("session %p state %ld", s, s->state); 632 633 list_del(&s->list); 634 635 if (state == BT_CONNECTED) 636 rfcomm_send_disc(s, 0); 637 638 rfcomm_session_clear_timer(s); 639 sock_release(s->sock); 640 kfree(s); 641 642 if (state != BT_LISTEN) 643 module_put(THIS_MODULE); 644} 645 646static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 647{ 648 struct rfcomm_session *s; 649 struct list_head *p, *n; 650 struct bt_sock *sk; 651 list_for_each_safe(p, n, &session_list) { 652 s = list_entry(p, struct rfcomm_session, list); 653 sk = bt_sk(s->sock->sk); 654 655 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 656 !bacmp(&sk->dst, dst)) 657 return s; 658 } 659 return NULL; 660} 661 662static void rfcomm_session_close(struct rfcomm_session *s, int err) 663{ 664 struct rfcomm_dlc *d; 665 struct list_head *p, *n; 666 667 BT_DBG("session %p state %ld err %d", s, s->state, err); 668 669 rfcomm_session_hold(s); 670 671 s->state = BT_CLOSED; 672 673 /* Close all dlcs */ 674 list_for_each_safe(p, n, &s->dlcs) { 675 d = list_entry(p, struct rfcomm_dlc, list); 676 d->state = BT_CLOSED; 677 __rfcomm_dlc_close(d, err); 678 } 679 680 rfcomm_session_clear_timer(s); 681 rfcomm_session_put(s); 682} 683 684static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 685 bdaddr_t *dst, 686 u8 sec_level, 687 int *err) 688{ 689 struct rfcomm_session *s = NULL; 690 struct sockaddr_l2 addr; 691 struct socket *sock; 692 struct sock *sk; 693 694 BT_DBG("%s %s", batostr(src), batostr(dst)); 695 696 *err = rfcomm_l2sock_create(&sock); 697 if (*err < 0) 698 return NULL; 699 700 bacpy(&addr.l2_bdaddr, src); 701 addr.l2_family = AF_BLUETOOTH; 702 addr.l2_psm = 0; 703 addr.l2_cid = 0; 704 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 705 if (*err < 0) 706 goto failed; 707 708 /* Set L2CAP options */ 709 sk = sock->sk; 710 lock_sock(sk); 711 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 712 l2cap_pi(sk)->chan->sec_level = sec_level; 713 if (l2cap_ertm) 714 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM; 715 release_sock(sk); 716 717 s = rfcomm_session_add(sock, BT_BOUND); 718 if (!s) { 719 *err = -ENOMEM; 720 goto failed; 721 } 722 723 s->initiator = 1; 724 725 bacpy(&addr.l2_bdaddr, dst); 726 addr.l2_family = AF_BLUETOOTH; 727 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 728 addr.l2_cid = 0; 729 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 730 if (*err == 0 || *err == -EINPROGRESS) 731 return s; 732 733 rfcomm_session_del(s); 734 return NULL; 735 736failed: 737 sock_release(sock); 738 return NULL; 739} 740 741void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 742{ 743 struct sock *sk = s->sock->sk; 744 if (src) 745 bacpy(src, &bt_sk(sk)->src); 746 if (dst) 747 bacpy(dst, &bt_sk(sk)->dst); 748} 749 750/* ---- RFCOMM frame sending ---- */ 751static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len, 752 u32 priority) 753{ 754 struct socket *sock = s->sock; 755 struct sock *sk = sock->sk; 756 struct kvec iv = { data, len }; 757 struct msghdr msg; 758 759 BT_DBG("session %p len %d priority %u", s, len, priority); 760 761 if (sk->sk_priority != priority) { 762 lock_sock(sk); 763 sk->sk_priority = priority; 764 release_sock(sk); 765 } 766 767 memset(&msg, 0, sizeof(msg)); 768 769 return kernel_sendmsg(sock, &msg, &iv, 1, len); 770} 771 772static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd) 773{ 774 BT_DBG("%p cmd %u", s, cmd->ctrl); 775 776 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd), HCI_PRIO_MAX); 777} 778 779static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 780{ 781 struct rfcomm_cmd cmd; 782 783 BT_DBG("%p dlci %d", s, dlci); 784 785 cmd.addr = __addr(s->initiator, dlci); 786 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 787 cmd.len = __len8(0); 788 cmd.fcs = __fcs2((u8 *) &cmd); 789 790 return rfcomm_send_cmd(s, &cmd); 791} 792 793static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 794{ 795 struct rfcomm_cmd cmd; 796 797 BT_DBG("%p dlci %d", s, dlci); 798 799 cmd.addr = __addr(!s->initiator, dlci); 800 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 801 cmd.len = __len8(0); 802 cmd.fcs = __fcs2((u8 *) &cmd); 803 804 return rfcomm_send_cmd(s, &cmd); 805} 806 807static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 808{ 809 struct rfcomm_cmd cmd; 810 811 BT_DBG("%p dlci %d", s, dlci); 812 813 cmd.addr = __addr(s->initiator, dlci); 814 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 815 cmd.len = __len8(0); 816 cmd.fcs = __fcs2((u8 *) &cmd); 817 818 return rfcomm_send_cmd(s, &cmd); 819} 820 821static int rfcomm_queue_disc(struct rfcomm_dlc *d) 822{ 823 struct rfcomm_cmd *cmd; 824 struct sk_buff *skb; 825 826 BT_DBG("dlc %p dlci %d", d, d->dlci); 827 828 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 829 if (!skb) 830 return -ENOMEM; 831 832 skb->priority = HCI_PRIO_MAX; 833 834 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 835 cmd->addr = d->addr; 836 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 837 cmd->len = __len8(0); 838 cmd->fcs = __fcs2((u8 *) cmd); 839 840 skb_queue_tail(&d->tx_queue, skb); 841 rfcomm_schedule(); 842 return 0; 843} 844 845static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 846{ 847 struct rfcomm_cmd cmd; 848 849 BT_DBG("%p dlci %d", s, dlci); 850 851 cmd.addr = __addr(!s->initiator, dlci); 852 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 853 cmd.len = __len8(0); 854 cmd.fcs = __fcs2((u8 *) &cmd); 855 856 return rfcomm_send_cmd(s, &cmd); 857} 858 859static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 860{ 861 struct rfcomm_hdr *hdr; 862 struct rfcomm_mcc *mcc; 863 u8 buf[16], *ptr = buf; 864 865 BT_DBG("%p cr %d type %d", s, cr, type); 866 867 hdr = (void *) ptr; ptr += sizeof(*hdr); 868 hdr->addr = __addr(s->initiator, 0); 869 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 870 hdr->len = __len8(sizeof(*mcc) + 1); 871 872 mcc = (void *) ptr; ptr += sizeof(*mcc); 873 mcc->type = __mcc_type(cr, RFCOMM_NSC); 874 mcc->len = __len8(1); 875 876 /* Type that we didn't like */ 877 *ptr = __mcc_type(cr, type); ptr++; 878 879 *ptr = __fcs(buf); ptr++; 880 881 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 882} 883 884static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 885{ 886 struct rfcomm_hdr *hdr; 887 struct rfcomm_mcc *mcc; 888 struct rfcomm_pn *pn; 889 u8 buf[16], *ptr = buf; 890 891 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 892 893 hdr = (void *) ptr; ptr += sizeof(*hdr); 894 hdr->addr = __addr(s->initiator, 0); 895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 896 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 897 898 mcc = (void *) ptr; ptr += sizeof(*mcc); 899 mcc->type = __mcc_type(cr, RFCOMM_PN); 900 mcc->len = __len8(sizeof(*pn)); 901 902 pn = (void *) ptr; ptr += sizeof(*pn); 903 pn->dlci = d->dlci; 904 pn->priority = d->priority; 905 pn->ack_timer = 0; 906 pn->max_retrans = 0; 907 908 if (s->cfc) { 909 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 910 pn->credits = RFCOMM_DEFAULT_CREDITS; 911 } else { 912 pn->flow_ctrl = 0; 913 pn->credits = 0; 914 } 915 916 if (cr && channel_mtu >= 0) 917 pn->mtu = cpu_to_le16(channel_mtu); 918 else 919 pn->mtu = cpu_to_le16(d->mtu); 920 921 *ptr = __fcs(buf); ptr++; 922 923 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 924} 925 926int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 927 u8 bit_rate, u8 data_bits, u8 stop_bits, 928 u8 parity, u8 flow_ctrl_settings, 929 u8 xon_char, u8 xoff_char, u16 param_mask) 930{ 931 struct rfcomm_hdr *hdr; 932 struct rfcomm_mcc *mcc; 933 struct rfcomm_rpn *rpn; 934 u8 buf[16], *ptr = buf; 935 936 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 937 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 938 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 939 flow_ctrl_settings, xon_char, xoff_char, param_mask); 940 941 hdr = (void *) ptr; ptr += sizeof(*hdr); 942 hdr->addr = __addr(s->initiator, 0); 943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 944 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 945 946 mcc = (void *) ptr; ptr += sizeof(*mcc); 947 mcc->type = __mcc_type(cr, RFCOMM_RPN); 948 mcc->len = __len8(sizeof(*rpn)); 949 950 rpn = (void *) ptr; ptr += sizeof(*rpn); 951 rpn->dlci = __addr(1, dlci); 952 rpn->bit_rate = bit_rate; 953 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 954 rpn->flow_ctrl = flow_ctrl_settings; 955 rpn->xon_char = xon_char; 956 rpn->xoff_char = xoff_char; 957 rpn->param_mask = cpu_to_le16(param_mask); 958 959 *ptr = __fcs(buf); ptr++; 960 961 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 962} 963 964static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 965{ 966 struct rfcomm_hdr *hdr; 967 struct rfcomm_mcc *mcc; 968 struct rfcomm_rls *rls; 969 u8 buf[16], *ptr = buf; 970 971 BT_DBG("%p cr %d status 0x%x", s, cr, status); 972 973 hdr = (void *) ptr; ptr += sizeof(*hdr); 974 hdr->addr = __addr(s->initiator, 0); 975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 976 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 977 978 mcc = (void *) ptr; ptr += sizeof(*mcc); 979 mcc->type = __mcc_type(cr, RFCOMM_RLS); 980 mcc->len = __len8(sizeof(*rls)); 981 982 rls = (void *) ptr; ptr += sizeof(*rls); 983 rls->dlci = __addr(1, dlci); 984 rls->status = status; 985 986 *ptr = __fcs(buf); ptr++; 987 988 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 989} 990 991static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 992{ 993 struct rfcomm_hdr *hdr; 994 struct rfcomm_mcc *mcc; 995 struct rfcomm_msc *msc; 996 u8 buf[16], *ptr = buf; 997 998 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 999 1000 hdr = (void *) ptr; ptr += sizeof(*hdr); 1001 hdr->addr = __addr(s->initiator, 0); 1002 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1003 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 1004 1005 mcc = (void *) ptr; ptr += sizeof(*mcc); 1006 mcc->type = __mcc_type(cr, RFCOMM_MSC); 1007 mcc->len = __len8(sizeof(*msc)); 1008 1009 msc = (void *) ptr; ptr += sizeof(*msc); 1010 msc->dlci = __addr(1, dlci); 1011 msc->v24_sig = v24_sig | 0x01; 1012 1013 *ptr = __fcs(buf); ptr++; 1014 1015 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 1016} 1017 1018static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1019{ 1020 struct rfcomm_hdr *hdr; 1021 struct rfcomm_mcc *mcc; 1022 u8 buf[16], *ptr = buf; 1023 1024 BT_DBG("%p cr %d", s, cr); 1025 1026 hdr = (void *) ptr; ptr += sizeof(*hdr); 1027 hdr->addr = __addr(s->initiator, 0); 1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1029 hdr->len = __len8(sizeof(*mcc)); 1030 1031 mcc = (void *) ptr; ptr += sizeof(*mcc); 1032 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1033 mcc->len = __len8(0); 1034 1035 *ptr = __fcs(buf); ptr++; 1036 1037 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 1038} 1039 1040static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1041{ 1042 struct rfcomm_hdr *hdr; 1043 struct rfcomm_mcc *mcc; 1044 u8 buf[16], *ptr = buf; 1045 1046 BT_DBG("%p cr %d", s, cr); 1047 1048 hdr = (void *) ptr; ptr += sizeof(*hdr); 1049 hdr->addr = __addr(s->initiator, 0); 1050 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1051 hdr->len = __len8(sizeof(*mcc)); 1052 1053 mcc = (void *) ptr; ptr += sizeof(*mcc); 1054 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1055 mcc->len = __len8(0); 1056 1057 *ptr = __fcs(buf); ptr++; 1058 1059 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 1060} 1061 1062static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1063{ 1064 struct socket *sock = s->sock; 1065 struct kvec iv[3]; 1066 struct msghdr msg; 1067 unsigned char hdr[5], crc[1]; 1068 1069 if (len > 125) 1070 return -EINVAL; 1071 1072 BT_DBG("%p cr %d", s, cr); 1073 1074 hdr[0] = __addr(s->initiator, 0); 1075 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1076 hdr[2] = 0x01 | ((len + 2) << 1); 1077 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1078 hdr[4] = 0x01 | (len << 1); 1079 1080 crc[0] = __fcs(hdr); 1081 1082 iv[0].iov_base = hdr; 1083 iv[0].iov_len = 5; 1084 iv[1].iov_base = pattern; 1085 iv[1].iov_len = len; 1086 iv[2].iov_base = crc; 1087 iv[2].iov_len = 1; 1088 1089 memset(&msg, 0, sizeof(msg)); 1090 1091 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1092} 1093 1094static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1095{ 1096 struct rfcomm_hdr *hdr; 1097 u8 buf[16], *ptr = buf; 1098 1099 BT_DBG("%p addr %d credits %d", s, addr, credits); 1100 1101 hdr = (void *) ptr; ptr += sizeof(*hdr); 1102 hdr->addr = addr; 1103 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1104 hdr->len = __len8(0); 1105 1106 *ptr = credits; ptr++; 1107 1108 *ptr = __fcs(buf); ptr++; 1109 1110 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX); 1111} 1112 1113static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1114{ 1115 struct rfcomm_hdr *hdr; 1116 int len = skb->len; 1117 u8 *crc; 1118 1119 if (len > 127) { 1120 hdr = (void *) skb_push(skb, 4); 1121 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1122 } else { 1123 hdr = (void *) skb_push(skb, 3); 1124 hdr->len = __len8(len); 1125 } 1126 hdr->addr = addr; 1127 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1128 1129 crc = skb_put(skb, 1); 1130 *crc = __fcs((void *) hdr); 1131} 1132 1133/* ---- RFCOMM frame reception ---- */ 1134static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1135{ 1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1137 1138 if (dlci) { 1139 /* Data channel */ 1140 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1141 if (!d) { 1142 rfcomm_send_dm(s, dlci); 1143 return 0; 1144 } 1145 1146 switch (d->state) { 1147 case BT_CONNECT: 1148 rfcomm_dlc_clear_timer(d); 1149 1150 rfcomm_dlc_lock(d); 1151 d->state = BT_CONNECTED; 1152 d->state_change(d, 0); 1153 rfcomm_dlc_unlock(d); 1154 1155 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1156 break; 1157 1158 case BT_DISCONN: 1159 d->state = BT_CLOSED; 1160 __rfcomm_dlc_close(d, 0); 1161 1162 if (list_empty(&s->dlcs)) { 1163 s->state = BT_DISCONN; 1164 rfcomm_send_disc(s, 0); 1165 } 1166 1167 break; 1168 } 1169 } else { 1170 /* Control channel */ 1171 switch (s->state) { 1172 case BT_CONNECT: 1173 s->state = BT_CONNECTED; 1174 rfcomm_process_connect(s); 1175 break; 1176 1177 case BT_DISCONN: 1178 /* When socket is closed and we are not RFCOMM 1179 * initiator rfcomm_process_rx already calls 1180 * rfcomm_session_put() */ 1181 if (s->sock->sk->sk_state != BT_CLOSED) 1182 if (list_empty(&s->dlcs)) 1183 rfcomm_session_put(s); 1184 break; 1185 } 1186 } 1187 return 0; 1188} 1189 1190static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1191{ 1192 int err = 0; 1193 1194 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1195 1196 if (dlci) { 1197 /* Data DLC */ 1198 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1199 if (d) { 1200 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1201 err = ECONNREFUSED; 1202 else 1203 err = ECONNRESET; 1204 1205 d->state = BT_CLOSED; 1206 __rfcomm_dlc_close(d, err); 1207 } 1208 } else { 1209 if (s->state == BT_CONNECT) 1210 err = ECONNREFUSED; 1211 else 1212 err = ECONNRESET; 1213 1214 s->state = BT_CLOSED; 1215 rfcomm_session_close(s, err); 1216 } 1217 return 0; 1218} 1219 1220static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1221{ 1222 int err = 0; 1223 1224 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1225 1226 if (dlci) { 1227 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1228 if (d) { 1229 rfcomm_send_ua(s, dlci); 1230 1231 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1232 err = ECONNREFUSED; 1233 else 1234 err = ECONNRESET; 1235 1236 d->state = BT_CLOSED; 1237 __rfcomm_dlc_close(d, err); 1238 } else 1239 rfcomm_send_dm(s, dlci); 1240 1241 } else { 1242 rfcomm_send_ua(s, 0); 1243 1244 if (s->state == BT_CONNECT) 1245 err = ECONNREFUSED; 1246 else 1247 err = ECONNRESET; 1248 1249 s->state = BT_CLOSED; 1250 rfcomm_session_close(s, err); 1251 } 1252 1253 return 0; 1254} 1255 1256void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1257{ 1258 struct sock *sk = d->session->sock->sk; 1259 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 1260 1261 BT_DBG("dlc %p", d); 1262 1263 rfcomm_send_ua(d->session, d->dlci); 1264 1265 rfcomm_dlc_clear_timer(d); 1266 1267 rfcomm_dlc_lock(d); 1268 d->state = BT_CONNECTED; 1269 d->state_change(d, 0); 1270 rfcomm_dlc_unlock(d); 1271 1272 if (d->role_switch) 1273 hci_conn_switch_role(conn->hcon, 0x00); 1274 1275 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1276} 1277 1278static void rfcomm_check_accept(struct rfcomm_dlc *d) 1279{ 1280 if (rfcomm_check_security(d)) { 1281 if (d->defer_setup) { 1282 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1283 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1284 1285 rfcomm_dlc_lock(d); 1286 d->state = BT_CONNECT2; 1287 d->state_change(d, 0); 1288 rfcomm_dlc_unlock(d); 1289 } else 1290 rfcomm_dlc_accept(d); 1291 } else { 1292 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1293 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1294 } 1295} 1296 1297static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1298{ 1299 struct rfcomm_dlc *d; 1300 u8 channel; 1301 1302 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1303 1304 if (!dlci) { 1305 rfcomm_send_ua(s, 0); 1306 1307 if (s->state == BT_OPEN) { 1308 s->state = BT_CONNECTED; 1309 rfcomm_process_connect(s); 1310 } 1311 return 0; 1312 } 1313 1314 /* Check if DLC exists */ 1315 d = rfcomm_dlc_get(s, dlci); 1316 if (d) { 1317 if (d->state == BT_OPEN) { 1318 /* DLC was previously opened by PN request */ 1319 rfcomm_check_accept(d); 1320 } 1321 return 0; 1322 } 1323 1324 /* Notify socket layer about incoming connection */ 1325 channel = __srv_channel(dlci); 1326 if (rfcomm_connect_ind(s, channel, &d)) { 1327 d->dlci = dlci; 1328 d->addr = __addr(s->initiator, dlci); 1329 rfcomm_dlc_link(s, d); 1330 1331 rfcomm_check_accept(d); 1332 } else { 1333 rfcomm_send_dm(s, dlci); 1334 } 1335 1336 return 0; 1337} 1338 1339static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1340{ 1341 struct rfcomm_session *s = d->session; 1342 1343 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1344 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1345 1346 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1347 pn->flow_ctrl == 0xe0) { 1348 d->cfc = RFCOMM_CFC_ENABLED; 1349 d->tx_credits = pn->credits; 1350 } else { 1351 d->cfc = RFCOMM_CFC_DISABLED; 1352 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1353 } 1354 1355 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1356 s->cfc = d->cfc; 1357 1358 d->priority = pn->priority; 1359 1360 d->mtu = __le16_to_cpu(pn->mtu); 1361 1362 if (cr && d->mtu > s->mtu) 1363 d->mtu = s->mtu; 1364 1365 return 0; 1366} 1367 1368static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1369{ 1370 struct rfcomm_pn *pn = (void *) skb->data; 1371 struct rfcomm_dlc *d; 1372 u8 dlci = pn->dlci; 1373 1374 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1375 1376 if (!dlci) 1377 return 0; 1378 1379 d = rfcomm_dlc_get(s, dlci); 1380 if (d) { 1381 if (cr) { 1382 /* PN request */ 1383 rfcomm_apply_pn(d, cr, pn); 1384 rfcomm_send_pn(s, 0, d); 1385 } else { 1386 /* PN response */ 1387 switch (d->state) { 1388 case BT_CONFIG: 1389 rfcomm_apply_pn(d, cr, pn); 1390 1391 d->state = BT_CONNECT; 1392 rfcomm_send_sabm(s, d->dlci); 1393 break; 1394 } 1395 } 1396 } else { 1397 u8 channel = __srv_channel(dlci); 1398 1399 if (!cr) 1400 return 0; 1401 1402 /* PN request for non existing DLC. 1403 * Assume incoming connection. */ 1404 if (rfcomm_connect_ind(s, channel, &d)) { 1405 d->dlci = dlci; 1406 d->addr = __addr(s->initiator, dlci); 1407 rfcomm_dlc_link(s, d); 1408 1409 rfcomm_apply_pn(d, cr, pn); 1410 1411 d->state = BT_OPEN; 1412 rfcomm_send_pn(s, 0, d); 1413 } else { 1414 rfcomm_send_dm(s, dlci); 1415 } 1416 } 1417 return 0; 1418} 1419 1420static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1421{ 1422 struct rfcomm_rpn *rpn = (void *) skb->data; 1423 u8 dlci = __get_dlci(rpn->dlci); 1424 1425 u8 bit_rate = 0; 1426 u8 data_bits = 0; 1427 u8 stop_bits = 0; 1428 u8 parity = 0; 1429 u8 flow_ctrl = 0; 1430 u8 xon_char = 0; 1431 u8 xoff_char = 0; 1432 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1433 1434 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1435 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1436 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1437 1438 if (!cr) 1439 return 0; 1440 1441 if (len == 1) { 1442 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1443 bit_rate = RFCOMM_RPN_BR_9600; 1444 data_bits = RFCOMM_RPN_DATA_8; 1445 stop_bits = RFCOMM_RPN_STOP_1; 1446 parity = RFCOMM_RPN_PARITY_NONE; 1447 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1448 xon_char = RFCOMM_RPN_XON_CHAR; 1449 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1450 goto rpn_out; 1451 } 1452 1453 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1454 * no parity, no flow control lines, normal XON/XOFF chars */ 1455 1456 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1457 bit_rate = rpn->bit_rate; 1458 if (bit_rate > RFCOMM_RPN_BR_230400) { 1459 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1460 bit_rate = RFCOMM_RPN_BR_9600; 1461 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1462 } 1463 } 1464 1465 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1466 data_bits = __get_rpn_data_bits(rpn->line_settings); 1467 if (data_bits != RFCOMM_RPN_DATA_8) { 1468 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1469 data_bits = RFCOMM_RPN_DATA_8; 1470 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1471 } 1472 } 1473 1474 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1475 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1476 if (stop_bits != RFCOMM_RPN_STOP_1) { 1477 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1478 stop_bits = RFCOMM_RPN_STOP_1; 1479 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1480 } 1481 } 1482 1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1484 parity = __get_rpn_parity(rpn->line_settings); 1485 if (parity != RFCOMM_RPN_PARITY_NONE) { 1486 BT_DBG("RPN parity mismatch 0x%x", parity); 1487 parity = RFCOMM_RPN_PARITY_NONE; 1488 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1489 } 1490 } 1491 1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1493 flow_ctrl = rpn->flow_ctrl; 1494 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1495 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1496 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1497 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1498 } 1499 } 1500 1501 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1502 xon_char = rpn->xon_char; 1503 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1504 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1505 xon_char = RFCOMM_RPN_XON_CHAR; 1506 rpn_mask ^= RFCOMM_RPN_PM_XON; 1507 } 1508 } 1509 1510 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1511 xoff_char = rpn->xoff_char; 1512 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1513 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1514 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1515 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1516 } 1517 } 1518 1519rpn_out: 1520 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1521 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1522 1523 return 0; 1524} 1525 1526static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1527{ 1528 struct rfcomm_rls *rls = (void *) skb->data; 1529 u8 dlci = __get_dlci(rls->dlci); 1530 1531 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1532 1533 if (!cr) 1534 return 0; 1535 1536 /* We should probably do something with this information here. But 1537 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1538 * mandatory to recognise and respond to RLS */ 1539 1540 rfcomm_send_rls(s, 0, dlci, rls->status); 1541 1542 return 0; 1543} 1544 1545static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1546{ 1547 struct rfcomm_msc *msc = (void *) skb->data; 1548 struct rfcomm_dlc *d; 1549 u8 dlci = __get_dlci(msc->dlci); 1550 1551 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1552 1553 d = rfcomm_dlc_get(s, dlci); 1554 if (!d) 1555 return 0; 1556 1557 if (cr) { 1558 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1559 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1560 else 1561 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1562 1563 rfcomm_dlc_lock(d); 1564 1565 d->remote_v24_sig = msc->v24_sig; 1566 1567 if (d->modem_status) 1568 d->modem_status(d, msc->v24_sig); 1569 1570 rfcomm_dlc_unlock(d); 1571 1572 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1573 1574 d->mscex |= RFCOMM_MSCEX_RX; 1575 } else 1576 d->mscex |= RFCOMM_MSCEX_TX; 1577 1578 return 0; 1579} 1580 1581static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1582{ 1583 struct rfcomm_mcc *mcc = (void *) skb->data; 1584 u8 type, cr, len; 1585 1586 cr = __test_cr(mcc->type); 1587 type = __get_mcc_type(mcc->type); 1588 len = __get_mcc_len(mcc->len); 1589 1590 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1591 1592 skb_pull(skb, 2); 1593 1594 switch (type) { 1595 case RFCOMM_PN: 1596 rfcomm_recv_pn(s, cr, skb); 1597 break; 1598 1599 case RFCOMM_RPN: 1600 rfcomm_recv_rpn(s, cr, len, skb); 1601 break; 1602 1603 case RFCOMM_RLS: 1604 rfcomm_recv_rls(s, cr, skb); 1605 break; 1606 1607 case RFCOMM_MSC: 1608 rfcomm_recv_msc(s, cr, skb); 1609 break; 1610 1611 case RFCOMM_FCOFF: 1612 if (cr) { 1613 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1614 rfcomm_send_fcoff(s, 0); 1615 } 1616 break; 1617 1618 case RFCOMM_FCON: 1619 if (cr) { 1620 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1621 rfcomm_send_fcon(s, 0); 1622 } 1623 break; 1624 1625 case RFCOMM_TEST: 1626 if (cr) 1627 rfcomm_send_test(s, 0, skb->data, skb->len); 1628 break; 1629 1630 case RFCOMM_NSC: 1631 break; 1632 1633 default: 1634 BT_ERR("Unknown control type 0x%02x", type); 1635 rfcomm_send_nsc(s, cr, type); 1636 break; 1637 } 1638 return 0; 1639} 1640 1641static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1642{ 1643 struct rfcomm_dlc *d; 1644 1645 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1646 1647 d = rfcomm_dlc_get(s, dlci); 1648 if (!d) { 1649 rfcomm_send_dm(s, dlci); 1650 goto drop; 1651 } 1652 1653 if (pf && d->cfc) { 1654 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1655 1656 d->tx_credits += credits; 1657 if (d->tx_credits) 1658 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1659 } 1660 1661 if (skb->len && d->state == BT_CONNECTED) { 1662 rfcomm_dlc_lock(d); 1663 d->rx_credits--; 1664 d->data_ready(d, skb); 1665 rfcomm_dlc_unlock(d); 1666 return 0; 1667 } 1668 1669drop: 1670 kfree_skb(skb); 1671 return 0; 1672} 1673 1674static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1675{ 1676 struct rfcomm_hdr *hdr = (void *) skb->data; 1677 u8 type, dlci, fcs; 1678 1679 dlci = __get_dlci(hdr->addr); 1680 type = __get_type(hdr->ctrl); 1681 1682 /* Trim FCS */ 1683 skb->len--; skb->tail--; 1684 fcs = *(u8 *)skb_tail_pointer(skb); 1685 1686 if (__check_fcs(skb->data, type, fcs)) { 1687 BT_ERR("bad checksum in packet"); 1688 kfree_skb(skb); 1689 return -EILSEQ; 1690 } 1691 1692 if (__test_ea(hdr->len)) 1693 skb_pull(skb, 3); 1694 else 1695 skb_pull(skb, 4); 1696 1697 switch (type) { 1698 case RFCOMM_SABM: 1699 if (__test_pf(hdr->ctrl)) 1700 rfcomm_recv_sabm(s, dlci); 1701 break; 1702 1703 case RFCOMM_DISC: 1704 if (__test_pf(hdr->ctrl)) 1705 rfcomm_recv_disc(s, dlci); 1706 break; 1707 1708 case RFCOMM_UA: 1709 if (__test_pf(hdr->ctrl)) 1710 rfcomm_recv_ua(s, dlci); 1711 break; 1712 1713 case RFCOMM_DM: 1714 rfcomm_recv_dm(s, dlci); 1715 break; 1716 1717 case RFCOMM_UIH: 1718 if (dlci) 1719 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1720 1721 rfcomm_recv_mcc(s, skb); 1722 break; 1723 1724 default: 1725 BT_ERR("Unknown packet type 0x%02x", type); 1726 break; 1727 } 1728 kfree_skb(skb); 1729 return 0; 1730} 1731 1732/* ---- Connection and data processing ---- */ 1733 1734static void rfcomm_process_connect(struct rfcomm_session *s) 1735{ 1736 struct rfcomm_dlc *d; 1737 struct list_head *p, *n; 1738 1739 BT_DBG("session %p state %ld", s, s->state); 1740 1741 list_for_each_safe(p, n, &s->dlcs) { 1742 d = list_entry(p, struct rfcomm_dlc, list); 1743 if (d->state == BT_CONFIG) { 1744 d->mtu = s->mtu; 1745 if (rfcomm_check_security(d)) { 1746 rfcomm_send_pn(s, 1, d); 1747 } else { 1748 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1749 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1750 } 1751 } 1752 } 1753} 1754 1755/* Send data queued for the DLC. 1756 * Return number of frames left in the queue. 1757 */ 1758static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1759{ 1760 struct sk_buff *skb; 1761 int err; 1762 1763 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1764 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1765 1766 /* Send pending MSC */ 1767 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1768 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1769 1770 if (d->cfc) { 1771 /* CFC enabled. 1772 * Give them some credits */ 1773 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1774 d->rx_credits <= (d->cfc >> 2)) { 1775 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1776 d->rx_credits = d->cfc; 1777 } 1778 } else { 1779 /* CFC disabled. 1780 * Give ourselves some credits */ 1781 d->tx_credits = 5; 1782 } 1783 1784 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1785 return skb_queue_len(&d->tx_queue); 1786 1787 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1788 err = rfcomm_send_frame(d->session, skb->data, skb->len, 1789 skb->priority); 1790 if (err < 0) { 1791 skb_queue_head(&d->tx_queue, skb); 1792 break; 1793 } 1794 kfree_skb(skb); 1795 d->tx_credits--; 1796 } 1797 1798 if (d->cfc && !d->tx_credits) { 1799 /* We're out of TX credits. 1800 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1801 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1802 } 1803 1804 return skb_queue_len(&d->tx_queue); 1805} 1806 1807static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1808{ 1809 struct rfcomm_dlc *d; 1810 struct list_head *p, *n; 1811 1812 BT_DBG("session %p state %ld", s, s->state); 1813 1814 list_for_each_safe(p, n, &s->dlcs) { 1815 d = list_entry(p, struct rfcomm_dlc, list); 1816 1817 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1818 __rfcomm_dlc_close(d, ETIMEDOUT); 1819 continue; 1820 } 1821 1822 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1823 rfcomm_dlc_clear_timer(d); 1824 if (d->out) { 1825 rfcomm_send_pn(s, 1, d); 1826 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1827 } else { 1828 if (d->defer_setup) { 1829 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1830 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1831 1832 rfcomm_dlc_lock(d); 1833 d->state = BT_CONNECT2; 1834 d->state_change(d, 0); 1835 rfcomm_dlc_unlock(d); 1836 } else 1837 rfcomm_dlc_accept(d); 1838 } 1839 continue; 1840 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1841 rfcomm_dlc_clear_timer(d); 1842 if (!d->out) 1843 rfcomm_send_dm(s, d->dlci); 1844 else 1845 d->state = BT_CLOSED; 1846 __rfcomm_dlc_close(d, ECONNREFUSED); 1847 continue; 1848 } 1849 1850 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1851 continue; 1852 1853 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1854 continue; 1855 1856 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1857 d->mscex == RFCOMM_MSCEX_OK) 1858 rfcomm_process_tx(d); 1859 } 1860} 1861 1862static inline void rfcomm_process_rx(struct rfcomm_session *s) 1863{ 1864 struct socket *sock = s->sock; 1865 struct sock *sk = sock->sk; 1866 struct sk_buff *skb; 1867 1868 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1869 1870 /* Get data directly from socket receive queue without copying it. */ 1871 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1872 skb_orphan(skb); 1873 if (!skb_linearize(skb)) 1874 rfcomm_recv_frame(s, skb); 1875 else 1876 kfree_skb(skb); 1877 } 1878 1879 if (sk->sk_state == BT_CLOSED) { 1880 if (!s->initiator) 1881 rfcomm_session_put(s); 1882 1883 rfcomm_session_close(s, sk->sk_err); 1884 } 1885} 1886 1887static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1888{ 1889 struct socket *sock = s->sock, *nsock; 1890 int err; 1891 1892 /* Fast check for a new connection. 1893 * Avoids unnesesary socket allocations. */ 1894 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1895 return; 1896 1897 BT_DBG("session %p", s); 1898 1899 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1900 if (err < 0) 1901 return; 1902 1903 /* Set our callbacks */ 1904 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1905 nsock->sk->sk_state_change = rfcomm_l2state_change; 1906 1907 s = rfcomm_session_add(nsock, BT_OPEN); 1908 if (s) { 1909 rfcomm_session_hold(s); 1910 1911 /* We should adjust MTU on incoming sessions. 1912 * L2CAP MTU minus UIH header and FCS. */ 1913 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu, 1914 l2cap_pi(nsock->sk)->chan->imtu) - 5; 1915 1916 rfcomm_schedule(); 1917 } else 1918 sock_release(nsock); 1919} 1920 1921static inline void rfcomm_check_connection(struct rfcomm_session *s) 1922{ 1923 struct sock *sk = s->sock->sk; 1924 1925 BT_DBG("%p state %ld", s, s->state); 1926 1927 switch (sk->sk_state) { 1928 case BT_CONNECTED: 1929 s->state = BT_CONNECT; 1930 1931 /* We can adjust MTU on outgoing sessions. 1932 * L2CAP MTU minus UIH header and FCS. */ 1933 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5; 1934 1935 rfcomm_send_sabm(s, 0); 1936 break; 1937 1938 case BT_CLOSED: 1939 s->state = BT_CLOSED; 1940 rfcomm_session_close(s, sk->sk_err); 1941 break; 1942 } 1943} 1944 1945static inline void rfcomm_process_sessions(void) 1946{ 1947 struct list_head *p, *n; 1948 1949 rfcomm_lock(); 1950 1951 list_for_each_safe(p, n, &session_list) { 1952 struct rfcomm_session *s; 1953 s = list_entry(p, struct rfcomm_session, list); 1954 1955 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1956 s->state = BT_DISCONN; 1957 rfcomm_send_disc(s, 0); 1958 rfcomm_session_put(s); 1959 continue; 1960 } 1961 1962 if (s->state == BT_LISTEN) { 1963 rfcomm_accept_connection(s); 1964 continue; 1965 } 1966 1967 rfcomm_session_hold(s); 1968 1969 switch (s->state) { 1970 case BT_BOUND: 1971 rfcomm_check_connection(s); 1972 break; 1973 1974 default: 1975 rfcomm_process_rx(s); 1976 break; 1977 } 1978 1979 rfcomm_process_dlcs(s); 1980 1981 rfcomm_session_put(s); 1982 } 1983 1984 rfcomm_unlock(); 1985} 1986 1987static int rfcomm_add_listener(bdaddr_t *ba) 1988{ 1989 struct sockaddr_l2 addr; 1990 struct socket *sock; 1991 struct sock *sk; 1992 struct rfcomm_session *s; 1993 int err = 0; 1994 1995 /* Create socket */ 1996 err = rfcomm_l2sock_create(&sock); 1997 if (err < 0) { 1998 BT_ERR("Create socket failed %d", err); 1999 return err; 2000 } 2001 2002 /* Bind socket */ 2003 bacpy(&addr.l2_bdaddr, ba); 2004 addr.l2_family = AF_BLUETOOTH; 2005 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 2006 addr.l2_cid = 0; 2007 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 2008 if (err < 0) { 2009 BT_ERR("Bind failed %d", err); 2010 goto failed; 2011 } 2012 2013 /* Set L2CAP options */ 2014 sk = sock->sk; 2015 lock_sock(sk); 2016 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 2017 release_sock(sk); 2018 2019 /* Start listening on the socket */ 2020 err = kernel_listen(sock, 10); 2021 if (err) { 2022 BT_ERR("Listen failed %d", err); 2023 goto failed; 2024 } 2025 2026 /* Add listening session */ 2027 s = rfcomm_session_add(sock, BT_LISTEN); 2028 if (!s) 2029 goto failed; 2030 2031 rfcomm_session_hold(s); 2032 return 0; 2033failed: 2034 sock_release(sock); 2035 return err; 2036} 2037 2038static void rfcomm_kill_listener(void) 2039{ 2040 struct rfcomm_session *s; 2041 struct list_head *p, *n; 2042 2043 BT_DBG(""); 2044 2045 list_for_each_safe(p, n, &session_list) { 2046 s = list_entry(p, struct rfcomm_session, list); 2047 rfcomm_session_del(s); 2048 } 2049} 2050 2051static int rfcomm_run(void *unused) 2052{ 2053 BT_DBG(""); 2054 2055 set_user_nice(current, -10); 2056 2057 rfcomm_add_listener(BDADDR_ANY); 2058 2059 while (1) { 2060 set_current_state(TASK_INTERRUPTIBLE); 2061 2062 if (kthread_should_stop()) 2063 break; 2064 2065 /* Process stuff */ 2066 rfcomm_process_sessions(); 2067 2068 schedule(); 2069 } 2070 __set_current_state(TASK_RUNNING); 2071 2072 rfcomm_kill_listener(); 2073 2074 return 0; 2075} 2076 2077static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2078{ 2079 struct rfcomm_session *s; 2080 struct rfcomm_dlc *d; 2081 struct list_head *p, *n; 2082 2083 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2084 2085 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2086 if (!s) 2087 return; 2088 2089 rfcomm_session_hold(s); 2090 2091 list_for_each_safe(p, n, &s->dlcs) { 2092 d = list_entry(p, struct rfcomm_dlc, list); 2093 2094 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2095 rfcomm_dlc_clear_timer(d); 2096 if (status || encrypt == 0x00) { 2097 __rfcomm_dlc_close(d, ECONNREFUSED); 2098 continue; 2099 } 2100 } 2101 2102 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2103 if (d->sec_level == BT_SECURITY_MEDIUM) { 2104 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2105 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2106 continue; 2107 } else if (d->sec_level == BT_SECURITY_HIGH) { 2108 __rfcomm_dlc_close(d, ECONNREFUSED); 2109 continue; 2110 } 2111 } 2112 2113 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2114 continue; 2115 2116 if (!status && hci_conn_check_secure(conn, d->sec_level)) 2117 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2118 else 2119 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2120 } 2121 2122 rfcomm_session_put(s); 2123 2124 rfcomm_schedule(); 2125} 2126 2127static struct hci_cb rfcomm_cb = { 2128 .name = "RFCOMM", 2129 .security_cfm = rfcomm_security_cfm 2130}; 2131 2132static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2133{ 2134 struct rfcomm_session *s; 2135 2136 rfcomm_lock(); 2137 2138 list_for_each_entry(s, &session_list, list) { 2139 struct rfcomm_dlc *d; 2140 list_for_each_entry(d, &s->dlcs, list) { 2141 struct sock *sk = s->sock->sk; 2142 2143 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2144 batostr(&bt_sk(sk)->src), 2145 batostr(&bt_sk(sk)->dst), 2146 d->state, d->dlci, d->mtu, 2147 d->rx_credits, d->tx_credits); 2148 } 2149 } 2150 2151 rfcomm_unlock(); 2152 2153 return 0; 2154} 2155 2156static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2157{ 2158 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2159} 2160 2161static const struct file_operations rfcomm_dlc_debugfs_fops = { 2162 .open = rfcomm_dlc_debugfs_open, 2163 .read = seq_read, 2164 .llseek = seq_lseek, 2165 .release = single_release, 2166}; 2167 2168static struct dentry *rfcomm_dlc_debugfs; 2169 2170/* ---- Initialization ---- */ 2171static int __init rfcomm_init(void) 2172{ 2173 int err; 2174 2175 hci_register_cb(&rfcomm_cb); 2176 2177 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2178 if (IS_ERR(rfcomm_thread)) { 2179 err = PTR_ERR(rfcomm_thread); 2180 goto unregister; 2181 } 2182 2183 if (bt_debugfs) { 2184 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2185 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2186 if (!rfcomm_dlc_debugfs) 2187 BT_ERR("Failed to create RFCOMM debug file"); 2188 } 2189 2190 err = rfcomm_init_ttys(); 2191 if (err < 0) 2192 goto stop; 2193 2194 err = rfcomm_init_sockets(); 2195 if (err < 0) 2196 goto cleanup; 2197 2198 BT_INFO("RFCOMM ver %s", VERSION); 2199 2200 return 0; 2201 2202cleanup: 2203 rfcomm_cleanup_ttys(); 2204 2205stop: 2206 kthread_stop(rfcomm_thread); 2207 2208unregister: 2209 hci_unregister_cb(&rfcomm_cb); 2210 2211 return err; 2212} 2213 2214static void __exit rfcomm_exit(void) 2215{ 2216 debugfs_remove(rfcomm_dlc_debugfs); 2217 2218 hci_unregister_cb(&rfcomm_cb); 2219 2220 kthread_stop(rfcomm_thread); 2221 2222 rfcomm_cleanup_ttys(); 2223 2224 rfcomm_cleanup_sockets(); 2225} 2226 2227module_init(rfcomm_init); 2228module_exit(rfcomm_exit); 2229 2230module_param(disable_cfc, bool, 0644); 2231MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2232 2233module_param(channel_mtu, int, 0644); 2234MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2235 2236module_param(l2cap_mtu, uint, 0644); 2237MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2238 2239module_param(l2cap_ertm, bool, 0644); 2240MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2241 2242MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2243MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2244MODULE_VERSION(VERSION); 2245MODULE_LICENSE("GPL"); 2246MODULE_ALIAS("bt-proto-3"); 2247