core.c revision 4339c25afb0d49878fba5a989618ffe807aa46cd
1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * Bluetooth RFCOMM core. 26 */ 27 28#include <linux/module.h> 29#include <linux/debugfs.h> 30#include <linux/kthread.h> 31#include <asm/unaligned.h> 32 33#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/hci_core.h> 35#include <net/bluetooth/l2cap.h> 36#include <net/bluetooth/rfcomm.h> 37 38#define VERSION "1.11" 39 40static bool disable_cfc; 41static bool l2cap_ertm; 42static int channel_mtu = -1; 43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 44 45static struct task_struct *rfcomm_thread; 46 47static DEFINE_MUTEX(rfcomm_mutex); 48#define rfcomm_lock() mutex_lock(&rfcomm_mutex) 49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 50 51 52static LIST_HEAD(session_list); 53 54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 57static int rfcomm_queue_disc(struct rfcomm_dlc *d); 58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 64 65static void rfcomm_process_connect(struct rfcomm_session *s); 66 67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 68 bdaddr_t *dst, 69 u8 sec_level, 70 int *err); 71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s); 73 74/* ---- RFCOMM frame parsing macros ---- */ 75#define __get_dlci(b) ((b & 0xfc) >> 2) 76#define __get_channel(b) ((b & 0xf8) >> 3) 77#define __get_dir(b) ((b & 0x04) >> 2) 78#define __get_type(b) ((b & 0xef)) 79 80#define __test_ea(b) ((b & 0x01)) 81#define __test_cr(b) ((b & 0x02)) 82#define __test_pf(b) ((b & 0x10)) 83 84#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 85#define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 86#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 87#define __srv_channel(dlci) (dlci >> 1) 88#define __dir(dlci) (dlci & 0x01) 89 90#define __len8(len) (((len) << 1) | 1) 91#define __len16(len) ((len) << 1) 92 93/* MCC macros */ 94#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 95#define __get_mcc_type(b) ((b & 0xfc) >> 2) 96#define __get_mcc_len(b) ((b & 0xfe) >> 1) 97 98/* RPN macros */ 99#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 100#define __get_rpn_data_bits(line) ((line) & 0x3) 101#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 102#define __get_rpn_parity(line) (((line) >> 3) & 0x7) 103 104static void rfcomm_schedule(void) 105{ 106 if (!rfcomm_thread) 107 return; 108 wake_up_process(rfcomm_thread); 109} 110 111/* ---- RFCOMM FCS computation ---- */ 112 113/* reversed, 8-bit, poly=0x07 */ 114static unsigned char rfcomm_crc_table[256] = { 115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 119 120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 124 125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 129 130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 134 135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 139 140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 144 145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 149 150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 154}; 155 156/* CRC on 2 bytes */ 157#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 158 159/* FCS on 2 bytes */ 160static inline u8 __fcs(u8 *data) 161{ 162 return 0xff - __crc(data); 163} 164 165/* FCS on 3 bytes */ 166static inline u8 __fcs2(u8 *data) 167{ 168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 169} 170 171/* Check FCS */ 172static inline int __check_fcs(u8 *data, int type, u8 fcs) 173{ 174 u8 f = __crc(data); 175 176 if (type != RFCOMM_UIH) 177 f = rfcomm_crc_table[f ^ data[2]]; 178 179 return rfcomm_crc_table[f ^ fcs] != 0xcf; 180} 181 182/* ---- L2CAP callbacks ---- */ 183static void rfcomm_l2state_change(struct sock *sk) 184{ 185 BT_DBG("%p state %d", sk, sk->sk_state); 186 rfcomm_schedule(); 187} 188 189static void rfcomm_l2data_ready(struct sock *sk, int bytes) 190{ 191 BT_DBG("%p bytes %d", sk, bytes); 192 rfcomm_schedule(); 193} 194 195static int rfcomm_l2sock_create(struct socket **sock) 196{ 197 int err; 198 199 BT_DBG(""); 200 201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 202 if (!err) { 203 struct sock *sk = (*sock)->sk; 204 sk->sk_data_ready = rfcomm_l2data_ready; 205 sk->sk_state_change = rfcomm_l2state_change; 206 } 207 return err; 208} 209 210static int rfcomm_check_security(struct rfcomm_dlc *d) 211{ 212 struct sock *sk = d->session->sock->sk; 213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 214 215 __u8 auth_type; 216 217 switch (d->sec_level) { 218 case BT_SECURITY_HIGH: 219 case BT_SECURITY_FIPS: 220 auth_type = HCI_AT_GENERAL_BONDING_MITM; 221 break; 222 case BT_SECURITY_MEDIUM: 223 auth_type = HCI_AT_GENERAL_BONDING; 224 break; 225 default: 226 auth_type = HCI_AT_NO_BONDING; 227 break; 228 } 229 230 return hci_conn_security(conn->hcon, d->sec_level, auth_type); 231} 232 233static void rfcomm_session_timeout(unsigned long arg) 234{ 235 struct rfcomm_session *s = (void *) arg; 236 237 BT_DBG("session %p state %ld", s, s->state); 238 239 set_bit(RFCOMM_TIMED_OUT, &s->flags); 240 rfcomm_schedule(); 241} 242 243static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 244{ 245 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 246 247 mod_timer(&s->timer, jiffies + timeout); 248} 249 250static void rfcomm_session_clear_timer(struct rfcomm_session *s) 251{ 252 BT_DBG("session %p state %ld", s, s->state); 253 254 del_timer_sync(&s->timer); 255} 256 257/* ---- RFCOMM DLCs ---- */ 258static void rfcomm_dlc_timeout(unsigned long arg) 259{ 260 struct rfcomm_dlc *d = (void *) arg; 261 262 BT_DBG("dlc %p state %ld", d, d->state); 263 264 set_bit(RFCOMM_TIMED_OUT, &d->flags); 265 rfcomm_dlc_put(d); 266 rfcomm_schedule(); 267} 268 269static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 270{ 271 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 272 273 if (!mod_timer(&d->timer, jiffies + timeout)) 274 rfcomm_dlc_hold(d); 275} 276 277static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 278{ 279 BT_DBG("dlc %p state %ld", d, d->state); 280 281 if (del_timer(&d->timer)) 282 rfcomm_dlc_put(d); 283} 284 285static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 286{ 287 BT_DBG("%p", d); 288 289 d->state = BT_OPEN; 290 d->flags = 0; 291 d->mscex = 0; 292 d->sec_level = BT_SECURITY_LOW; 293 d->mtu = RFCOMM_DEFAULT_MTU; 294 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 295 296 d->cfc = RFCOMM_CFC_DISABLED; 297 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 298} 299 300struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 301{ 302 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 303 304 if (!d) 305 return NULL; 306 307 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 308 309 skb_queue_head_init(&d->tx_queue); 310 spin_lock_init(&d->lock); 311 atomic_set(&d->refcnt, 1); 312 313 rfcomm_dlc_clear_state(d); 314 315 BT_DBG("%p", d); 316 317 return d; 318} 319 320void rfcomm_dlc_free(struct rfcomm_dlc *d) 321{ 322 BT_DBG("%p", d); 323 324 skb_queue_purge(&d->tx_queue); 325 kfree(d); 326} 327 328static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 329{ 330 BT_DBG("dlc %p session %p", d, s); 331 332 rfcomm_session_clear_timer(s); 333 rfcomm_dlc_hold(d); 334 list_add(&d->list, &s->dlcs); 335 d->session = s; 336} 337 338static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 339{ 340 struct rfcomm_session *s = d->session; 341 342 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 343 344 list_del(&d->list); 345 d->session = NULL; 346 rfcomm_dlc_put(d); 347 348 if (list_empty(&s->dlcs)) 349 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 350} 351 352static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 353{ 354 struct rfcomm_dlc *d; 355 356 list_for_each_entry(d, &s->dlcs, list) 357 if (d->dlci == dlci) 358 return d; 359 360 return NULL; 361} 362 363static int rfcomm_check_channel(u8 channel) 364{ 365 return channel < 1 || channel > 30; 366} 367 368static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 369{ 370 struct rfcomm_session *s; 371 int err = 0; 372 u8 dlci; 373 374 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d", 375 d, d->state, src, dst, channel); 376 377 if (rfcomm_check_channel(channel)) 378 return -EINVAL; 379 380 if (d->state != BT_OPEN && d->state != BT_CLOSED) 381 return 0; 382 383 s = rfcomm_session_get(src, dst); 384 if (!s) { 385 s = rfcomm_session_create(src, dst, d->sec_level, &err); 386 if (!s) 387 return err; 388 } 389 390 dlci = __dlci(!s->initiator, channel); 391 392 /* Check if DLCI already exists */ 393 if (rfcomm_dlc_get(s, dlci)) 394 return -EBUSY; 395 396 rfcomm_dlc_clear_state(d); 397 398 d->dlci = dlci; 399 d->addr = __addr(s->initiator, dlci); 400 d->priority = 7; 401 402 d->state = BT_CONFIG; 403 rfcomm_dlc_link(s, d); 404 405 d->out = 1; 406 407 d->mtu = s->mtu; 408 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 409 410 if (s->state == BT_CONNECTED) { 411 if (rfcomm_check_security(d)) 412 rfcomm_send_pn(s, 1, d); 413 else 414 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 415 } 416 417 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 418 419 return 0; 420} 421 422int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 423{ 424 int r; 425 426 rfcomm_lock(); 427 428 r = __rfcomm_dlc_open(d, src, dst, channel); 429 430 rfcomm_unlock(); 431 return r; 432} 433 434static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 435{ 436 struct rfcomm_session *s = d->session; 437 if (!s) 438 return 0; 439 440 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 441 d, d->state, d->dlci, err, s); 442 443 switch (d->state) { 444 case BT_CONNECT: 445 case BT_CONFIG: 446 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 447 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 448 rfcomm_schedule(); 449 break; 450 } 451 /* Fall through */ 452 453 case BT_CONNECTED: 454 d->state = BT_DISCONN; 455 if (skb_queue_empty(&d->tx_queue)) { 456 rfcomm_send_disc(s, d->dlci); 457 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 458 } else { 459 rfcomm_queue_disc(d); 460 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 461 } 462 break; 463 464 case BT_OPEN: 465 case BT_CONNECT2: 466 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 467 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 468 rfcomm_schedule(); 469 break; 470 } 471 /* Fall through */ 472 473 default: 474 rfcomm_dlc_clear_timer(d); 475 476 rfcomm_dlc_lock(d); 477 d->state = BT_CLOSED; 478 d->state_change(d, err); 479 rfcomm_dlc_unlock(d); 480 481 skb_queue_purge(&d->tx_queue); 482 rfcomm_dlc_unlink(d); 483 } 484 485 return 0; 486} 487 488int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 489{ 490 int r = 0; 491 struct rfcomm_dlc *d_list; 492 struct rfcomm_session *s, *s_list; 493 494 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err); 495 496 rfcomm_lock(); 497 498 s = d->session; 499 if (!s) 500 goto no_session; 501 502 /* after waiting on the mutex check the session still exists 503 * then check the dlc still exists 504 */ 505 list_for_each_entry(s_list, &session_list, list) { 506 if (s_list == s) { 507 list_for_each_entry(d_list, &s->dlcs, list) { 508 if (d_list == d) { 509 r = __rfcomm_dlc_close(d, err); 510 break; 511 } 512 } 513 break; 514 } 515 } 516 517no_session: 518 rfcomm_unlock(); 519 return r; 520} 521 522struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel) 523{ 524 struct rfcomm_session *s; 525 struct rfcomm_dlc *dlc = NULL; 526 u8 dlci; 527 528 if (rfcomm_check_channel(channel)) 529 return ERR_PTR(-EINVAL); 530 531 rfcomm_lock(); 532 s = rfcomm_session_get(src, dst); 533 if (s) { 534 dlci = __dlci(!s->initiator, channel); 535 dlc = rfcomm_dlc_get(s, dlci); 536 } 537 rfcomm_unlock(); 538 return dlc; 539} 540 541int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 542{ 543 int len = skb->len; 544 545 if (d->state != BT_CONNECTED) 546 return -ENOTCONN; 547 548 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 549 550 if (len > d->mtu) 551 return -EINVAL; 552 553 rfcomm_make_uih(skb, d->addr); 554 skb_queue_tail(&d->tx_queue, skb); 555 556 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 557 rfcomm_schedule(); 558 return len; 559} 560 561void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 562{ 563 BT_DBG("dlc %p state %ld", d, d->state); 564 565 if (!d->cfc) { 566 d->v24_sig |= RFCOMM_V24_FC; 567 set_bit(RFCOMM_MSC_PENDING, &d->flags); 568 } 569 rfcomm_schedule(); 570} 571 572void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 573{ 574 BT_DBG("dlc %p state %ld", d, d->state); 575 576 if (!d->cfc) { 577 d->v24_sig &= ~RFCOMM_V24_FC; 578 set_bit(RFCOMM_MSC_PENDING, &d->flags); 579 } 580 rfcomm_schedule(); 581} 582 583/* 584 Set/get modem status functions use _local_ status i.e. what we report 585 to the other side. 586 Remote status is provided by dlc->modem_status() callback. 587 */ 588int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 589{ 590 BT_DBG("dlc %p state %ld v24_sig 0x%x", 591 d, d->state, v24_sig); 592 593 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 594 v24_sig |= RFCOMM_V24_FC; 595 else 596 v24_sig &= ~RFCOMM_V24_FC; 597 598 d->v24_sig = v24_sig; 599 600 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 601 rfcomm_schedule(); 602 603 return 0; 604} 605 606int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 607{ 608 BT_DBG("dlc %p state %ld v24_sig 0x%x", 609 d, d->state, d->v24_sig); 610 611 *v24_sig = d->v24_sig; 612 return 0; 613} 614 615/* ---- RFCOMM sessions ---- */ 616static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 617{ 618 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 619 620 if (!s) 621 return NULL; 622 623 BT_DBG("session %p sock %p", s, sock); 624 625 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 626 627 INIT_LIST_HEAD(&s->dlcs); 628 s->state = state; 629 s->sock = sock; 630 631 s->mtu = RFCOMM_DEFAULT_MTU; 632 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 633 634 /* Do not increment module usage count for listening sessions. 635 * Otherwise we won't be able to unload the module. */ 636 if (state != BT_LISTEN) 637 if (!try_module_get(THIS_MODULE)) { 638 kfree(s); 639 return NULL; 640 } 641 642 list_add(&s->list, &session_list); 643 644 return s; 645} 646 647static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s) 648{ 649 int state = s->state; 650 651 BT_DBG("session %p state %ld", s, s->state); 652 653 list_del(&s->list); 654 655 rfcomm_session_clear_timer(s); 656 sock_release(s->sock); 657 kfree(s); 658 659 if (state != BT_LISTEN) 660 module_put(THIS_MODULE); 661 662 return NULL; 663} 664 665static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 666{ 667 struct rfcomm_session *s; 668 struct list_head *p, *n; 669 struct l2cap_chan *chan; 670 list_for_each_safe(p, n, &session_list) { 671 s = list_entry(p, struct rfcomm_session, list); 672 chan = l2cap_pi(s->sock->sk)->chan; 673 674 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) && 675 !bacmp(&chan->dst, dst)) 676 return s; 677 } 678 return NULL; 679} 680 681static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s, 682 int err) 683{ 684 struct rfcomm_dlc *d; 685 struct list_head *p, *n; 686 687 s->state = BT_CLOSED; 688 689 BT_DBG("session %p state %ld err %d", s, s->state, err); 690 691 /* Close all dlcs */ 692 list_for_each_safe(p, n, &s->dlcs) { 693 d = list_entry(p, struct rfcomm_dlc, list); 694 d->state = BT_CLOSED; 695 __rfcomm_dlc_close(d, err); 696 } 697 698 rfcomm_session_clear_timer(s); 699 return rfcomm_session_del(s); 700} 701 702static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 703 bdaddr_t *dst, 704 u8 sec_level, 705 int *err) 706{ 707 struct rfcomm_session *s = NULL; 708 struct sockaddr_l2 addr; 709 struct socket *sock; 710 struct sock *sk; 711 712 BT_DBG("%pMR -> %pMR", src, dst); 713 714 *err = rfcomm_l2sock_create(&sock); 715 if (*err < 0) 716 return NULL; 717 718 bacpy(&addr.l2_bdaddr, src); 719 addr.l2_family = AF_BLUETOOTH; 720 addr.l2_psm = 0; 721 addr.l2_cid = 0; 722 addr.l2_bdaddr_type = BDADDR_BREDR; 723 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 724 if (*err < 0) 725 goto failed; 726 727 /* Set L2CAP options */ 728 sk = sock->sk; 729 lock_sock(sk); 730 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 731 l2cap_pi(sk)->chan->sec_level = sec_level; 732 if (l2cap_ertm) 733 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM; 734 release_sock(sk); 735 736 s = rfcomm_session_add(sock, BT_BOUND); 737 if (!s) { 738 *err = -ENOMEM; 739 goto failed; 740 } 741 742 s->initiator = 1; 743 744 bacpy(&addr.l2_bdaddr, dst); 745 addr.l2_family = AF_BLUETOOTH; 746 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 747 addr.l2_cid = 0; 748 addr.l2_bdaddr_type = BDADDR_BREDR; 749 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 750 if (*err == 0 || *err == -EINPROGRESS) 751 return s; 752 753 return rfcomm_session_del(s); 754 755failed: 756 sock_release(sock); 757 return NULL; 758} 759 760void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 761{ 762 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan; 763 if (src) 764 bacpy(src, &chan->src); 765 if (dst) 766 bacpy(dst, &chan->dst); 767} 768 769/* ---- RFCOMM frame sending ---- */ 770static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 771{ 772 struct kvec iv = { data, len }; 773 struct msghdr msg; 774 775 BT_DBG("session %p len %d", s, len); 776 777 memset(&msg, 0, sizeof(msg)); 778 779 return kernel_sendmsg(s->sock, &msg, &iv, 1, len); 780} 781 782static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd) 783{ 784 BT_DBG("%p cmd %u", s, cmd->ctrl); 785 786 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd)); 787} 788 789static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 790{ 791 struct rfcomm_cmd cmd; 792 793 BT_DBG("%p dlci %d", s, dlci); 794 795 cmd.addr = __addr(s->initiator, dlci); 796 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 797 cmd.len = __len8(0); 798 cmd.fcs = __fcs2((u8 *) &cmd); 799 800 return rfcomm_send_cmd(s, &cmd); 801} 802 803static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 804{ 805 struct rfcomm_cmd cmd; 806 807 BT_DBG("%p dlci %d", s, dlci); 808 809 cmd.addr = __addr(!s->initiator, dlci); 810 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 811 cmd.len = __len8(0); 812 cmd.fcs = __fcs2((u8 *) &cmd); 813 814 return rfcomm_send_cmd(s, &cmd); 815} 816 817static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 818{ 819 struct rfcomm_cmd cmd; 820 821 BT_DBG("%p dlci %d", s, dlci); 822 823 cmd.addr = __addr(s->initiator, dlci); 824 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 825 cmd.len = __len8(0); 826 cmd.fcs = __fcs2((u8 *) &cmd); 827 828 return rfcomm_send_cmd(s, &cmd); 829} 830 831static int rfcomm_queue_disc(struct rfcomm_dlc *d) 832{ 833 struct rfcomm_cmd *cmd; 834 struct sk_buff *skb; 835 836 BT_DBG("dlc %p dlci %d", d, d->dlci); 837 838 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 839 if (!skb) 840 return -ENOMEM; 841 842 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 843 cmd->addr = d->addr; 844 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 845 cmd->len = __len8(0); 846 cmd->fcs = __fcs2((u8 *) cmd); 847 848 skb_queue_tail(&d->tx_queue, skb); 849 rfcomm_schedule(); 850 return 0; 851} 852 853static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 854{ 855 struct rfcomm_cmd cmd; 856 857 BT_DBG("%p dlci %d", s, dlci); 858 859 cmd.addr = __addr(!s->initiator, dlci); 860 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 861 cmd.len = __len8(0); 862 cmd.fcs = __fcs2((u8 *) &cmd); 863 864 return rfcomm_send_cmd(s, &cmd); 865} 866 867static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 868{ 869 struct rfcomm_hdr *hdr; 870 struct rfcomm_mcc *mcc; 871 u8 buf[16], *ptr = buf; 872 873 BT_DBG("%p cr %d type %d", s, cr, type); 874 875 hdr = (void *) ptr; ptr += sizeof(*hdr); 876 hdr->addr = __addr(s->initiator, 0); 877 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 878 hdr->len = __len8(sizeof(*mcc) + 1); 879 880 mcc = (void *) ptr; ptr += sizeof(*mcc); 881 mcc->type = __mcc_type(cr, RFCOMM_NSC); 882 mcc->len = __len8(1); 883 884 /* Type that we didn't like */ 885 *ptr = __mcc_type(cr, type); ptr++; 886 887 *ptr = __fcs(buf); ptr++; 888 889 return rfcomm_send_frame(s, buf, ptr - buf); 890} 891 892static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 893{ 894 struct rfcomm_hdr *hdr; 895 struct rfcomm_mcc *mcc; 896 struct rfcomm_pn *pn; 897 u8 buf[16], *ptr = buf; 898 899 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 900 901 hdr = (void *) ptr; ptr += sizeof(*hdr); 902 hdr->addr = __addr(s->initiator, 0); 903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 904 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 905 906 mcc = (void *) ptr; ptr += sizeof(*mcc); 907 mcc->type = __mcc_type(cr, RFCOMM_PN); 908 mcc->len = __len8(sizeof(*pn)); 909 910 pn = (void *) ptr; ptr += sizeof(*pn); 911 pn->dlci = d->dlci; 912 pn->priority = d->priority; 913 pn->ack_timer = 0; 914 pn->max_retrans = 0; 915 916 if (s->cfc) { 917 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 918 pn->credits = RFCOMM_DEFAULT_CREDITS; 919 } else { 920 pn->flow_ctrl = 0; 921 pn->credits = 0; 922 } 923 924 if (cr && channel_mtu >= 0) 925 pn->mtu = cpu_to_le16(channel_mtu); 926 else 927 pn->mtu = cpu_to_le16(d->mtu); 928 929 *ptr = __fcs(buf); ptr++; 930 931 return rfcomm_send_frame(s, buf, ptr - buf); 932} 933 934int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 935 u8 bit_rate, u8 data_bits, u8 stop_bits, 936 u8 parity, u8 flow_ctrl_settings, 937 u8 xon_char, u8 xoff_char, u16 param_mask) 938{ 939 struct rfcomm_hdr *hdr; 940 struct rfcomm_mcc *mcc; 941 struct rfcomm_rpn *rpn; 942 u8 buf[16], *ptr = buf; 943 944 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 945 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 946 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 947 flow_ctrl_settings, xon_char, xoff_char, param_mask); 948 949 hdr = (void *) ptr; ptr += sizeof(*hdr); 950 hdr->addr = __addr(s->initiator, 0); 951 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 952 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 953 954 mcc = (void *) ptr; ptr += sizeof(*mcc); 955 mcc->type = __mcc_type(cr, RFCOMM_RPN); 956 mcc->len = __len8(sizeof(*rpn)); 957 958 rpn = (void *) ptr; ptr += sizeof(*rpn); 959 rpn->dlci = __addr(1, dlci); 960 rpn->bit_rate = bit_rate; 961 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 962 rpn->flow_ctrl = flow_ctrl_settings; 963 rpn->xon_char = xon_char; 964 rpn->xoff_char = xoff_char; 965 rpn->param_mask = cpu_to_le16(param_mask); 966 967 *ptr = __fcs(buf); ptr++; 968 969 return rfcomm_send_frame(s, buf, ptr - buf); 970} 971 972static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 973{ 974 struct rfcomm_hdr *hdr; 975 struct rfcomm_mcc *mcc; 976 struct rfcomm_rls *rls; 977 u8 buf[16], *ptr = buf; 978 979 BT_DBG("%p cr %d status 0x%x", s, cr, status); 980 981 hdr = (void *) ptr; ptr += sizeof(*hdr); 982 hdr->addr = __addr(s->initiator, 0); 983 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 984 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 985 986 mcc = (void *) ptr; ptr += sizeof(*mcc); 987 mcc->type = __mcc_type(cr, RFCOMM_RLS); 988 mcc->len = __len8(sizeof(*rls)); 989 990 rls = (void *) ptr; ptr += sizeof(*rls); 991 rls->dlci = __addr(1, dlci); 992 rls->status = status; 993 994 *ptr = __fcs(buf); ptr++; 995 996 return rfcomm_send_frame(s, buf, ptr - buf); 997} 998 999static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 1000{ 1001 struct rfcomm_hdr *hdr; 1002 struct rfcomm_mcc *mcc; 1003 struct rfcomm_msc *msc; 1004 u8 buf[16], *ptr = buf; 1005 1006 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 1007 1008 hdr = (void *) ptr; ptr += sizeof(*hdr); 1009 hdr->addr = __addr(s->initiator, 0); 1010 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1011 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 1012 1013 mcc = (void *) ptr; ptr += sizeof(*mcc); 1014 mcc->type = __mcc_type(cr, RFCOMM_MSC); 1015 mcc->len = __len8(sizeof(*msc)); 1016 1017 msc = (void *) ptr; ptr += sizeof(*msc); 1018 msc->dlci = __addr(1, dlci); 1019 msc->v24_sig = v24_sig | 0x01; 1020 1021 *ptr = __fcs(buf); ptr++; 1022 1023 return rfcomm_send_frame(s, buf, ptr - buf); 1024} 1025 1026static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1027{ 1028 struct rfcomm_hdr *hdr; 1029 struct rfcomm_mcc *mcc; 1030 u8 buf[16], *ptr = buf; 1031 1032 BT_DBG("%p cr %d", s, cr); 1033 1034 hdr = (void *) ptr; ptr += sizeof(*hdr); 1035 hdr->addr = __addr(s->initiator, 0); 1036 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1037 hdr->len = __len8(sizeof(*mcc)); 1038 1039 mcc = (void *) ptr; ptr += sizeof(*mcc); 1040 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1041 mcc->len = __len8(0); 1042 1043 *ptr = __fcs(buf); ptr++; 1044 1045 return rfcomm_send_frame(s, buf, ptr - buf); 1046} 1047 1048static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1049{ 1050 struct rfcomm_hdr *hdr; 1051 struct rfcomm_mcc *mcc; 1052 u8 buf[16], *ptr = buf; 1053 1054 BT_DBG("%p cr %d", s, cr); 1055 1056 hdr = (void *) ptr; ptr += sizeof(*hdr); 1057 hdr->addr = __addr(s->initiator, 0); 1058 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1059 hdr->len = __len8(sizeof(*mcc)); 1060 1061 mcc = (void *) ptr; ptr += sizeof(*mcc); 1062 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1063 mcc->len = __len8(0); 1064 1065 *ptr = __fcs(buf); ptr++; 1066 1067 return rfcomm_send_frame(s, buf, ptr - buf); 1068} 1069 1070static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1071{ 1072 struct socket *sock = s->sock; 1073 struct kvec iv[3]; 1074 struct msghdr msg; 1075 unsigned char hdr[5], crc[1]; 1076 1077 if (len > 125) 1078 return -EINVAL; 1079 1080 BT_DBG("%p cr %d", s, cr); 1081 1082 hdr[0] = __addr(s->initiator, 0); 1083 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1084 hdr[2] = 0x01 | ((len + 2) << 1); 1085 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1086 hdr[4] = 0x01 | (len << 1); 1087 1088 crc[0] = __fcs(hdr); 1089 1090 iv[0].iov_base = hdr; 1091 iv[0].iov_len = 5; 1092 iv[1].iov_base = pattern; 1093 iv[1].iov_len = len; 1094 iv[2].iov_base = crc; 1095 iv[2].iov_len = 1; 1096 1097 memset(&msg, 0, sizeof(msg)); 1098 1099 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1100} 1101 1102static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1103{ 1104 struct rfcomm_hdr *hdr; 1105 u8 buf[16], *ptr = buf; 1106 1107 BT_DBG("%p addr %d credits %d", s, addr, credits); 1108 1109 hdr = (void *) ptr; ptr += sizeof(*hdr); 1110 hdr->addr = addr; 1111 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1112 hdr->len = __len8(0); 1113 1114 *ptr = credits; ptr++; 1115 1116 *ptr = __fcs(buf); ptr++; 1117 1118 return rfcomm_send_frame(s, buf, ptr - buf); 1119} 1120 1121static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1122{ 1123 struct rfcomm_hdr *hdr; 1124 int len = skb->len; 1125 u8 *crc; 1126 1127 if (len > 127) { 1128 hdr = (void *) skb_push(skb, 4); 1129 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1130 } else { 1131 hdr = (void *) skb_push(skb, 3); 1132 hdr->len = __len8(len); 1133 } 1134 hdr->addr = addr; 1135 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1136 1137 crc = skb_put(skb, 1); 1138 *crc = __fcs((void *) hdr); 1139} 1140 1141/* ---- RFCOMM frame reception ---- */ 1142static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1143{ 1144 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1145 1146 if (dlci) { 1147 /* Data channel */ 1148 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1149 if (!d) { 1150 rfcomm_send_dm(s, dlci); 1151 return s; 1152 } 1153 1154 switch (d->state) { 1155 case BT_CONNECT: 1156 rfcomm_dlc_clear_timer(d); 1157 1158 rfcomm_dlc_lock(d); 1159 d->state = BT_CONNECTED; 1160 d->state_change(d, 0); 1161 rfcomm_dlc_unlock(d); 1162 1163 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1164 break; 1165 1166 case BT_DISCONN: 1167 d->state = BT_CLOSED; 1168 __rfcomm_dlc_close(d, 0); 1169 1170 if (list_empty(&s->dlcs)) { 1171 s->state = BT_DISCONN; 1172 rfcomm_send_disc(s, 0); 1173 rfcomm_session_clear_timer(s); 1174 } 1175 1176 break; 1177 } 1178 } else { 1179 /* Control channel */ 1180 switch (s->state) { 1181 case BT_CONNECT: 1182 s->state = BT_CONNECTED; 1183 rfcomm_process_connect(s); 1184 break; 1185 1186 case BT_DISCONN: 1187 s = rfcomm_session_close(s, ECONNRESET); 1188 break; 1189 } 1190 } 1191 return s; 1192} 1193 1194static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1195{ 1196 int err = 0; 1197 1198 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1199 1200 if (dlci) { 1201 /* Data DLC */ 1202 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1203 if (d) { 1204 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1205 err = ECONNREFUSED; 1206 else 1207 err = ECONNRESET; 1208 1209 d->state = BT_CLOSED; 1210 __rfcomm_dlc_close(d, err); 1211 } 1212 } else { 1213 if (s->state == BT_CONNECT) 1214 err = ECONNREFUSED; 1215 else 1216 err = ECONNRESET; 1217 1218 s = rfcomm_session_close(s, err); 1219 } 1220 return s; 1221} 1222 1223static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s, 1224 u8 dlci) 1225{ 1226 int err = 0; 1227 1228 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1229 1230 if (dlci) { 1231 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1232 if (d) { 1233 rfcomm_send_ua(s, dlci); 1234 1235 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1236 err = ECONNREFUSED; 1237 else 1238 err = ECONNRESET; 1239 1240 d->state = BT_CLOSED; 1241 __rfcomm_dlc_close(d, err); 1242 } else 1243 rfcomm_send_dm(s, dlci); 1244 1245 } else { 1246 rfcomm_send_ua(s, 0); 1247 1248 if (s->state == BT_CONNECT) 1249 err = ECONNREFUSED; 1250 else 1251 err = ECONNRESET; 1252 1253 s = rfcomm_session_close(s, err); 1254 } 1255 return s; 1256} 1257 1258void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1259{ 1260 struct sock *sk = d->session->sock->sk; 1261 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 1262 1263 BT_DBG("dlc %p", d); 1264 1265 rfcomm_send_ua(d->session, d->dlci); 1266 1267 rfcomm_dlc_clear_timer(d); 1268 1269 rfcomm_dlc_lock(d); 1270 d->state = BT_CONNECTED; 1271 d->state_change(d, 0); 1272 rfcomm_dlc_unlock(d); 1273 1274 if (d->role_switch) 1275 hci_conn_switch_role(conn->hcon, 0x00); 1276 1277 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1278} 1279 1280static void rfcomm_check_accept(struct rfcomm_dlc *d) 1281{ 1282 if (rfcomm_check_security(d)) { 1283 if (d->defer_setup) { 1284 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1285 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1286 1287 rfcomm_dlc_lock(d); 1288 d->state = BT_CONNECT2; 1289 d->state_change(d, 0); 1290 rfcomm_dlc_unlock(d); 1291 } else 1292 rfcomm_dlc_accept(d); 1293 } else { 1294 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1295 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1296 } 1297} 1298 1299static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1300{ 1301 struct rfcomm_dlc *d; 1302 u8 channel; 1303 1304 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1305 1306 if (!dlci) { 1307 rfcomm_send_ua(s, 0); 1308 1309 if (s->state == BT_OPEN) { 1310 s->state = BT_CONNECTED; 1311 rfcomm_process_connect(s); 1312 } 1313 return 0; 1314 } 1315 1316 /* Check if DLC exists */ 1317 d = rfcomm_dlc_get(s, dlci); 1318 if (d) { 1319 if (d->state == BT_OPEN) { 1320 /* DLC was previously opened by PN request */ 1321 rfcomm_check_accept(d); 1322 } 1323 return 0; 1324 } 1325 1326 /* Notify socket layer about incoming connection */ 1327 channel = __srv_channel(dlci); 1328 if (rfcomm_connect_ind(s, channel, &d)) { 1329 d->dlci = dlci; 1330 d->addr = __addr(s->initiator, dlci); 1331 rfcomm_dlc_link(s, d); 1332 1333 rfcomm_check_accept(d); 1334 } else { 1335 rfcomm_send_dm(s, dlci); 1336 } 1337 1338 return 0; 1339} 1340 1341static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1342{ 1343 struct rfcomm_session *s = d->session; 1344 1345 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1346 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1347 1348 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1349 pn->flow_ctrl == 0xe0) { 1350 d->cfc = RFCOMM_CFC_ENABLED; 1351 d->tx_credits = pn->credits; 1352 } else { 1353 d->cfc = RFCOMM_CFC_DISABLED; 1354 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1355 } 1356 1357 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1358 s->cfc = d->cfc; 1359 1360 d->priority = pn->priority; 1361 1362 d->mtu = __le16_to_cpu(pn->mtu); 1363 1364 if (cr && d->mtu > s->mtu) 1365 d->mtu = s->mtu; 1366 1367 return 0; 1368} 1369 1370static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1371{ 1372 struct rfcomm_pn *pn = (void *) skb->data; 1373 struct rfcomm_dlc *d; 1374 u8 dlci = pn->dlci; 1375 1376 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1377 1378 if (!dlci) 1379 return 0; 1380 1381 d = rfcomm_dlc_get(s, dlci); 1382 if (d) { 1383 if (cr) { 1384 /* PN request */ 1385 rfcomm_apply_pn(d, cr, pn); 1386 rfcomm_send_pn(s, 0, d); 1387 } else { 1388 /* PN response */ 1389 switch (d->state) { 1390 case BT_CONFIG: 1391 rfcomm_apply_pn(d, cr, pn); 1392 1393 d->state = BT_CONNECT; 1394 rfcomm_send_sabm(s, d->dlci); 1395 break; 1396 } 1397 } 1398 } else { 1399 u8 channel = __srv_channel(dlci); 1400 1401 if (!cr) 1402 return 0; 1403 1404 /* PN request for non existing DLC. 1405 * Assume incoming connection. */ 1406 if (rfcomm_connect_ind(s, channel, &d)) { 1407 d->dlci = dlci; 1408 d->addr = __addr(s->initiator, dlci); 1409 rfcomm_dlc_link(s, d); 1410 1411 rfcomm_apply_pn(d, cr, pn); 1412 1413 d->state = BT_OPEN; 1414 rfcomm_send_pn(s, 0, d); 1415 } else { 1416 rfcomm_send_dm(s, dlci); 1417 } 1418 } 1419 return 0; 1420} 1421 1422static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1423{ 1424 struct rfcomm_rpn *rpn = (void *) skb->data; 1425 u8 dlci = __get_dlci(rpn->dlci); 1426 1427 u8 bit_rate = 0; 1428 u8 data_bits = 0; 1429 u8 stop_bits = 0; 1430 u8 parity = 0; 1431 u8 flow_ctrl = 0; 1432 u8 xon_char = 0; 1433 u8 xoff_char = 0; 1434 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1435 1436 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1437 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1438 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1439 1440 if (!cr) 1441 return 0; 1442 1443 if (len == 1) { 1444 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1445 bit_rate = RFCOMM_RPN_BR_9600; 1446 data_bits = RFCOMM_RPN_DATA_8; 1447 stop_bits = RFCOMM_RPN_STOP_1; 1448 parity = RFCOMM_RPN_PARITY_NONE; 1449 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1450 xon_char = RFCOMM_RPN_XON_CHAR; 1451 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1452 goto rpn_out; 1453 } 1454 1455 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1456 * no parity, no flow control lines, normal XON/XOFF chars */ 1457 1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1459 bit_rate = rpn->bit_rate; 1460 if (bit_rate > RFCOMM_RPN_BR_230400) { 1461 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1462 bit_rate = RFCOMM_RPN_BR_9600; 1463 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1464 } 1465 } 1466 1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1468 data_bits = __get_rpn_data_bits(rpn->line_settings); 1469 if (data_bits != RFCOMM_RPN_DATA_8) { 1470 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1471 data_bits = RFCOMM_RPN_DATA_8; 1472 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1473 } 1474 } 1475 1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1477 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1478 if (stop_bits != RFCOMM_RPN_STOP_1) { 1479 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1480 stop_bits = RFCOMM_RPN_STOP_1; 1481 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1482 } 1483 } 1484 1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1486 parity = __get_rpn_parity(rpn->line_settings); 1487 if (parity != RFCOMM_RPN_PARITY_NONE) { 1488 BT_DBG("RPN parity mismatch 0x%x", parity); 1489 parity = RFCOMM_RPN_PARITY_NONE; 1490 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1491 } 1492 } 1493 1494 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1495 flow_ctrl = rpn->flow_ctrl; 1496 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1497 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1498 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1499 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1500 } 1501 } 1502 1503 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1504 xon_char = rpn->xon_char; 1505 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1506 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1507 xon_char = RFCOMM_RPN_XON_CHAR; 1508 rpn_mask ^= RFCOMM_RPN_PM_XON; 1509 } 1510 } 1511 1512 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1513 xoff_char = rpn->xoff_char; 1514 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1515 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1516 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1517 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1518 } 1519 } 1520 1521rpn_out: 1522 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1523 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1524 1525 return 0; 1526} 1527 1528static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1529{ 1530 struct rfcomm_rls *rls = (void *) skb->data; 1531 u8 dlci = __get_dlci(rls->dlci); 1532 1533 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1534 1535 if (!cr) 1536 return 0; 1537 1538 /* We should probably do something with this information here. But 1539 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1540 * mandatory to recognise and respond to RLS */ 1541 1542 rfcomm_send_rls(s, 0, dlci, rls->status); 1543 1544 return 0; 1545} 1546 1547static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1548{ 1549 struct rfcomm_msc *msc = (void *) skb->data; 1550 struct rfcomm_dlc *d; 1551 u8 dlci = __get_dlci(msc->dlci); 1552 1553 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1554 1555 d = rfcomm_dlc_get(s, dlci); 1556 if (!d) 1557 return 0; 1558 1559 if (cr) { 1560 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1561 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1562 else 1563 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1564 1565 rfcomm_dlc_lock(d); 1566 1567 d->remote_v24_sig = msc->v24_sig; 1568 1569 if (d->modem_status) 1570 d->modem_status(d, msc->v24_sig); 1571 1572 rfcomm_dlc_unlock(d); 1573 1574 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1575 1576 d->mscex |= RFCOMM_MSCEX_RX; 1577 } else 1578 d->mscex |= RFCOMM_MSCEX_TX; 1579 1580 return 0; 1581} 1582 1583static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1584{ 1585 struct rfcomm_mcc *mcc = (void *) skb->data; 1586 u8 type, cr, len; 1587 1588 cr = __test_cr(mcc->type); 1589 type = __get_mcc_type(mcc->type); 1590 len = __get_mcc_len(mcc->len); 1591 1592 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1593 1594 skb_pull(skb, 2); 1595 1596 switch (type) { 1597 case RFCOMM_PN: 1598 rfcomm_recv_pn(s, cr, skb); 1599 break; 1600 1601 case RFCOMM_RPN: 1602 rfcomm_recv_rpn(s, cr, len, skb); 1603 break; 1604 1605 case RFCOMM_RLS: 1606 rfcomm_recv_rls(s, cr, skb); 1607 break; 1608 1609 case RFCOMM_MSC: 1610 rfcomm_recv_msc(s, cr, skb); 1611 break; 1612 1613 case RFCOMM_FCOFF: 1614 if (cr) { 1615 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1616 rfcomm_send_fcoff(s, 0); 1617 } 1618 break; 1619 1620 case RFCOMM_FCON: 1621 if (cr) { 1622 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1623 rfcomm_send_fcon(s, 0); 1624 } 1625 break; 1626 1627 case RFCOMM_TEST: 1628 if (cr) 1629 rfcomm_send_test(s, 0, skb->data, skb->len); 1630 break; 1631 1632 case RFCOMM_NSC: 1633 break; 1634 1635 default: 1636 BT_ERR("Unknown control type 0x%02x", type); 1637 rfcomm_send_nsc(s, cr, type); 1638 break; 1639 } 1640 return 0; 1641} 1642 1643static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1644{ 1645 struct rfcomm_dlc *d; 1646 1647 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1648 1649 d = rfcomm_dlc_get(s, dlci); 1650 if (!d) { 1651 rfcomm_send_dm(s, dlci); 1652 goto drop; 1653 } 1654 1655 if (pf && d->cfc) { 1656 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1657 1658 d->tx_credits += credits; 1659 if (d->tx_credits) 1660 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1661 } 1662 1663 if (skb->len && d->state == BT_CONNECTED) { 1664 rfcomm_dlc_lock(d); 1665 d->rx_credits--; 1666 d->data_ready(d, skb); 1667 rfcomm_dlc_unlock(d); 1668 return 0; 1669 } 1670 1671drop: 1672 kfree_skb(skb); 1673 return 0; 1674} 1675 1676static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s, 1677 struct sk_buff *skb) 1678{ 1679 struct rfcomm_hdr *hdr = (void *) skb->data; 1680 u8 type, dlci, fcs; 1681 1682 if (!s) { 1683 /* no session, so free socket data */ 1684 kfree_skb(skb); 1685 return s; 1686 } 1687 1688 dlci = __get_dlci(hdr->addr); 1689 type = __get_type(hdr->ctrl); 1690 1691 /* Trim FCS */ 1692 skb->len--; skb->tail--; 1693 fcs = *(u8 *)skb_tail_pointer(skb); 1694 1695 if (__check_fcs(skb->data, type, fcs)) { 1696 BT_ERR("bad checksum in packet"); 1697 kfree_skb(skb); 1698 return s; 1699 } 1700 1701 if (__test_ea(hdr->len)) 1702 skb_pull(skb, 3); 1703 else 1704 skb_pull(skb, 4); 1705 1706 switch (type) { 1707 case RFCOMM_SABM: 1708 if (__test_pf(hdr->ctrl)) 1709 rfcomm_recv_sabm(s, dlci); 1710 break; 1711 1712 case RFCOMM_DISC: 1713 if (__test_pf(hdr->ctrl)) 1714 s = rfcomm_recv_disc(s, dlci); 1715 break; 1716 1717 case RFCOMM_UA: 1718 if (__test_pf(hdr->ctrl)) 1719 s = rfcomm_recv_ua(s, dlci); 1720 break; 1721 1722 case RFCOMM_DM: 1723 s = rfcomm_recv_dm(s, dlci); 1724 break; 1725 1726 case RFCOMM_UIH: 1727 if (dlci) { 1728 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1729 return s; 1730 } 1731 rfcomm_recv_mcc(s, skb); 1732 break; 1733 1734 default: 1735 BT_ERR("Unknown packet type 0x%02x", type); 1736 break; 1737 } 1738 kfree_skb(skb); 1739 return s; 1740} 1741 1742/* ---- Connection and data processing ---- */ 1743 1744static void rfcomm_process_connect(struct rfcomm_session *s) 1745{ 1746 struct rfcomm_dlc *d; 1747 struct list_head *p, *n; 1748 1749 BT_DBG("session %p state %ld", s, s->state); 1750 1751 list_for_each_safe(p, n, &s->dlcs) { 1752 d = list_entry(p, struct rfcomm_dlc, list); 1753 if (d->state == BT_CONFIG) { 1754 d->mtu = s->mtu; 1755 if (rfcomm_check_security(d)) { 1756 rfcomm_send_pn(s, 1, d); 1757 } else { 1758 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1759 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1760 } 1761 } 1762 } 1763} 1764 1765/* Send data queued for the DLC. 1766 * Return number of frames left in the queue. 1767 */ 1768static int rfcomm_process_tx(struct rfcomm_dlc *d) 1769{ 1770 struct sk_buff *skb; 1771 int err; 1772 1773 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1774 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1775 1776 /* Send pending MSC */ 1777 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1778 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1779 1780 if (d->cfc) { 1781 /* CFC enabled. 1782 * Give them some credits */ 1783 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1784 d->rx_credits <= (d->cfc >> 2)) { 1785 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1786 d->rx_credits = d->cfc; 1787 } 1788 } else { 1789 /* CFC disabled. 1790 * Give ourselves some credits */ 1791 d->tx_credits = 5; 1792 } 1793 1794 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1795 return skb_queue_len(&d->tx_queue); 1796 1797 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1798 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1799 if (err < 0) { 1800 skb_queue_head(&d->tx_queue, skb); 1801 break; 1802 } 1803 kfree_skb(skb); 1804 d->tx_credits--; 1805 } 1806 1807 if (d->cfc && !d->tx_credits) { 1808 /* We're out of TX credits. 1809 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1810 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1811 } 1812 1813 return skb_queue_len(&d->tx_queue); 1814} 1815 1816static void rfcomm_process_dlcs(struct rfcomm_session *s) 1817{ 1818 struct rfcomm_dlc *d; 1819 struct list_head *p, *n; 1820 1821 BT_DBG("session %p state %ld", s, s->state); 1822 1823 list_for_each_safe(p, n, &s->dlcs) { 1824 d = list_entry(p, struct rfcomm_dlc, list); 1825 1826 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1827 __rfcomm_dlc_close(d, ETIMEDOUT); 1828 continue; 1829 } 1830 1831 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) { 1832 __rfcomm_dlc_close(d, ECONNREFUSED); 1833 continue; 1834 } 1835 1836 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1837 rfcomm_dlc_clear_timer(d); 1838 if (d->out) { 1839 rfcomm_send_pn(s, 1, d); 1840 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1841 } else { 1842 if (d->defer_setup) { 1843 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1844 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1845 1846 rfcomm_dlc_lock(d); 1847 d->state = BT_CONNECT2; 1848 d->state_change(d, 0); 1849 rfcomm_dlc_unlock(d); 1850 } else 1851 rfcomm_dlc_accept(d); 1852 } 1853 continue; 1854 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1855 rfcomm_dlc_clear_timer(d); 1856 if (!d->out) 1857 rfcomm_send_dm(s, d->dlci); 1858 else 1859 d->state = BT_CLOSED; 1860 __rfcomm_dlc_close(d, ECONNREFUSED); 1861 continue; 1862 } 1863 1864 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1865 continue; 1866 1867 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1868 continue; 1869 1870 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1871 d->mscex == RFCOMM_MSCEX_OK) 1872 rfcomm_process_tx(d); 1873 } 1874} 1875 1876static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s) 1877{ 1878 struct socket *sock = s->sock; 1879 struct sock *sk = sock->sk; 1880 struct sk_buff *skb; 1881 1882 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1883 1884 /* Get data directly from socket receive queue without copying it. */ 1885 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1886 skb_orphan(skb); 1887 if (!skb_linearize(skb)) 1888 s = rfcomm_recv_frame(s, skb); 1889 else 1890 kfree_skb(skb); 1891 } 1892 1893 if (s && (sk->sk_state == BT_CLOSED)) 1894 s = rfcomm_session_close(s, sk->sk_err); 1895 1896 return s; 1897} 1898 1899static void rfcomm_accept_connection(struct rfcomm_session *s) 1900{ 1901 struct socket *sock = s->sock, *nsock; 1902 int err; 1903 1904 /* Fast check for a new connection. 1905 * Avoids unnesesary socket allocations. */ 1906 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1907 return; 1908 1909 BT_DBG("session %p", s); 1910 1911 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1912 if (err < 0) 1913 return; 1914 1915 /* Set our callbacks */ 1916 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1917 nsock->sk->sk_state_change = rfcomm_l2state_change; 1918 1919 s = rfcomm_session_add(nsock, BT_OPEN); 1920 if (s) { 1921 /* We should adjust MTU on incoming sessions. 1922 * L2CAP MTU minus UIH header and FCS. */ 1923 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu, 1924 l2cap_pi(nsock->sk)->chan->imtu) - 5; 1925 1926 rfcomm_schedule(); 1927 } else 1928 sock_release(nsock); 1929} 1930 1931static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s) 1932{ 1933 struct sock *sk = s->sock->sk; 1934 1935 BT_DBG("%p state %ld", s, s->state); 1936 1937 switch (sk->sk_state) { 1938 case BT_CONNECTED: 1939 s->state = BT_CONNECT; 1940 1941 /* We can adjust MTU on outgoing sessions. 1942 * L2CAP MTU minus UIH header and FCS. */ 1943 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5; 1944 1945 rfcomm_send_sabm(s, 0); 1946 break; 1947 1948 case BT_CLOSED: 1949 s = rfcomm_session_close(s, sk->sk_err); 1950 break; 1951 } 1952 return s; 1953} 1954 1955static void rfcomm_process_sessions(void) 1956{ 1957 struct list_head *p, *n; 1958 1959 rfcomm_lock(); 1960 1961 list_for_each_safe(p, n, &session_list) { 1962 struct rfcomm_session *s; 1963 s = list_entry(p, struct rfcomm_session, list); 1964 1965 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1966 s->state = BT_DISCONN; 1967 rfcomm_send_disc(s, 0); 1968 continue; 1969 } 1970 1971 switch (s->state) { 1972 case BT_LISTEN: 1973 rfcomm_accept_connection(s); 1974 continue; 1975 1976 case BT_BOUND: 1977 s = rfcomm_check_connection(s); 1978 break; 1979 1980 default: 1981 s = rfcomm_process_rx(s); 1982 break; 1983 } 1984 1985 if (s) 1986 rfcomm_process_dlcs(s); 1987 } 1988 1989 rfcomm_unlock(); 1990} 1991 1992static int rfcomm_add_listener(bdaddr_t *ba) 1993{ 1994 struct sockaddr_l2 addr; 1995 struct socket *sock; 1996 struct sock *sk; 1997 struct rfcomm_session *s; 1998 int err = 0; 1999 2000 /* Create socket */ 2001 err = rfcomm_l2sock_create(&sock); 2002 if (err < 0) { 2003 BT_ERR("Create socket failed %d", err); 2004 return err; 2005 } 2006 2007 /* Bind socket */ 2008 bacpy(&addr.l2_bdaddr, ba); 2009 addr.l2_family = AF_BLUETOOTH; 2010 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 2011 addr.l2_cid = 0; 2012 addr.l2_bdaddr_type = BDADDR_BREDR; 2013 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 2014 if (err < 0) { 2015 BT_ERR("Bind failed %d", err); 2016 goto failed; 2017 } 2018 2019 /* Set L2CAP options */ 2020 sk = sock->sk; 2021 lock_sock(sk); 2022 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 2023 release_sock(sk); 2024 2025 /* Start listening on the socket */ 2026 err = kernel_listen(sock, 10); 2027 if (err) { 2028 BT_ERR("Listen failed %d", err); 2029 goto failed; 2030 } 2031 2032 /* Add listening session */ 2033 s = rfcomm_session_add(sock, BT_LISTEN); 2034 if (!s) { 2035 err = -ENOMEM; 2036 goto failed; 2037 } 2038 2039 return 0; 2040failed: 2041 sock_release(sock); 2042 return err; 2043} 2044 2045static void rfcomm_kill_listener(void) 2046{ 2047 struct rfcomm_session *s; 2048 struct list_head *p, *n; 2049 2050 BT_DBG(""); 2051 2052 list_for_each_safe(p, n, &session_list) { 2053 s = list_entry(p, struct rfcomm_session, list); 2054 rfcomm_session_del(s); 2055 } 2056} 2057 2058static int rfcomm_run(void *unused) 2059{ 2060 BT_DBG(""); 2061 2062 set_user_nice(current, -10); 2063 2064 rfcomm_add_listener(BDADDR_ANY); 2065 2066 while (1) { 2067 set_current_state(TASK_INTERRUPTIBLE); 2068 2069 if (kthread_should_stop()) 2070 break; 2071 2072 /* Process stuff */ 2073 rfcomm_process_sessions(); 2074 2075 schedule(); 2076 } 2077 __set_current_state(TASK_RUNNING); 2078 2079 rfcomm_kill_listener(); 2080 2081 return 0; 2082} 2083 2084static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2085{ 2086 struct rfcomm_session *s; 2087 struct rfcomm_dlc *d; 2088 struct list_head *p, *n; 2089 2090 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2091 2092 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2093 if (!s) 2094 return; 2095 2096 list_for_each_safe(p, n, &s->dlcs) { 2097 d = list_entry(p, struct rfcomm_dlc, list); 2098 2099 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2100 rfcomm_dlc_clear_timer(d); 2101 if (status || encrypt == 0x00) { 2102 set_bit(RFCOMM_ENC_DROP, &d->flags); 2103 continue; 2104 } 2105 } 2106 2107 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2108 if (d->sec_level == BT_SECURITY_MEDIUM) { 2109 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2110 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2111 continue; 2112 } else if (d->sec_level == BT_SECURITY_HIGH || 2113 d->sec_level == BT_SECURITY_FIPS) { 2114 set_bit(RFCOMM_ENC_DROP, &d->flags); 2115 continue; 2116 } 2117 } 2118 2119 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2120 continue; 2121 2122 if (!status && hci_conn_check_secure(conn, d->sec_level)) 2123 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2124 else 2125 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2126 } 2127 2128 rfcomm_schedule(); 2129} 2130 2131static struct hci_cb rfcomm_cb = { 2132 .name = "RFCOMM", 2133 .security_cfm = rfcomm_security_cfm 2134}; 2135 2136static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2137{ 2138 struct rfcomm_session *s; 2139 2140 rfcomm_lock(); 2141 2142 list_for_each_entry(s, &session_list, list) { 2143 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan; 2144 struct rfcomm_dlc *d; 2145 list_for_each_entry(d, &s->dlcs, list) { 2146 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n", 2147 &chan->src, &chan->dst, 2148 d->state, d->dlci, d->mtu, 2149 d->rx_credits, d->tx_credits); 2150 } 2151 } 2152 2153 rfcomm_unlock(); 2154 2155 return 0; 2156} 2157 2158static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2159{ 2160 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2161} 2162 2163static const struct file_operations rfcomm_dlc_debugfs_fops = { 2164 .open = rfcomm_dlc_debugfs_open, 2165 .read = seq_read, 2166 .llseek = seq_lseek, 2167 .release = single_release, 2168}; 2169 2170static struct dentry *rfcomm_dlc_debugfs; 2171 2172/* ---- Initialization ---- */ 2173static int __init rfcomm_init(void) 2174{ 2175 int err; 2176 2177 hci_register_cb(&rfcomm_cb); 2178 2179 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2180 if (IS_ERR(rfcomm_thread)) { 2181 err = PTR_ERR(rfcomm_thread); 2182 goto unregister; 2183 } 2184 2185 err = rfcomm_init_ttys(); 2186 if (err < 0) 2187 goto stop; 2188 2189 err = rfcomm_init_sockets(); 2190 if (err < 0) 2191 goto cleanup; 2192 2193 BT_INFO("RFCOMM ver %s", VERSION); 2194 2195 if (IS_ERR_OR_NULL(bt_debugfs)) 2196 return 0; 2197 2198 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2199 bt_debugfs, NULL, 2200 &rfcomm_dlc_debugfs_fops); 2201 2202 return 0; 2203 2204cleanup: 2205 rfcomm_cleanup_ttys(); 2206 2207stop: 2208 kthread_stop(rfcomm_thread); 2209 2210unregister: 2211 hci_unregister_cb(&rfcomm_cb); 2212 2213 return err; 2214} 2215 2216static void __exit rfcomm_exit(void) 2217{ 2218 debugfs_remove(rfcomm_dlc_debugfs); 2219 2220 hci_unregister_cb(&rfcomm_cb); 2221 2222 kthread_stop(rfcomm_thread); 2223 2224 rfcomm_cleanup_ttys(); 2225 2226 rfcomm_cleanup_sockets(); 2227} 2228 2229module_init(rfcomm_init); 2230module_exit(rfcomm_exit); 2231 2232module_param(disable_cfc, bool, 0644); 2233MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2234 2235module_param(channel_mtu, int, 0644); 2236MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2237 2238module_param(l2cap_mtu, uint, 0644); 2239MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2240 2241module_param(l2cap_ertm, bool, 0644); 2242MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2243 2244MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2245MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2246MODULE_VERSION(VERSION); 2247MODULE_LICENSE("GPL"); 2248MODULE_ALIAS("bt-proto-3"); 2249