core.c revision 683d949a7fbf33c244670e34d35c460e0d6558cb
1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * Bluetooth RFCOMM core. 26 */ 27 28#include <linux/module.h> 29#include <linux/errno.h> 30#include <linux/kernel.h> 31#include <linux/sched.h> 32#include <linux/signal.h> 33#include <linux/init.h> 34#include <linux/wait.h> 35#include <linux/device.h> 36#include <linux/debugfs.h> 37#include <linux/seq_file.h> 38#include <linux/net.h> 39#include <linux/mutex.h> 40#include <linux/kthread.h> 41#include <linux/slab.h> 42 43#include <net/sock.h> 44#include <linux/uaccess.h> 45#include <asm/unaligned.h> 46 47#include <net/bluetooth/bluetooth.h> 48#include <net/bluetooth/hci_core.h> 49#include <net/bluetooth/l2cap.h> 50#include <net/bluetooth/rfcomm.h> 51 52#define VERSION "1.11" 53 54static int disable_cfc; 55static int l2cap_ertm; 56static int channel_mtu = -1; 57static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 58 59static struct task_struct *rfcomm_thread; 60 61static DEFINE_MUTEX(rfcomm_mutex); 62#define rfcomm_lock() mutex_lock(&rfcomm_mutex) 63#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 64 65static unsigned long rfcomm_event; 66 67static LIST_HEAD(session_list); 68 69static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 70static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80static void rfcomm_process_connect(struct rfcomm_session *s); 81 82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 83 bdaddr_t *dst, 84 u8 sec_level, 85 int *err); 86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87static void rfcomm_session_del(struct rfcomm_session *s); 88 89/* ---- RFCOMM frame parsing macros ---- */ 90#define __get_dlci(b) ((b & 0xfc) >> 2) 91#define __get_channel(b) ((b & 0xf8) >> 3) 92#define __get_dir(b) ((b & 0x04) >> 2) 93#define __get_type(b) ((b & 0xef)) 94 95#define __test_ea(b) ((b & 0x01)) 96#define __test_cr(b) ((b & 0x02)) 97#define __test_pf(b) ((b & 0x10)) 98 99#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100#define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102#define __srv_channel(dlci) (dlci >> 1) 103#define __dir(dlci) (dlci & 0x01) 104 105#define __len8(len) (((len) << 1) | 1) 106#define __len16(len) ((len) << 1) 107 108/* MCC macros */ 109#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110#define __get_mcc_type(b) ((b & 0xfc) >> 2) 111#define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113/* RPN macros */ 114#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115#define __get_rpn_data_bits(line) ((line) & 0x3) 116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117#define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119static inline void rfcomm_schedule(void) 120{ 121 if (!rfcomm_thread) 122 return; 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 124 wake_up_process(rfcomm_thread); 125} 126 127static inline void rfcomm_session_put(struct rfcomm_session *s) 128{ 129 if (atomic_dec_and_test(&s->refcnt)) 130 rfcomm_session_del(s); 131} 132 133/* ---- RFCOMM FCS computation ---- */ 134 135/* reversed, 8-bit, poly=0x07 */ 136static unsigned char rfcomm_crc_table[256] = { 137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 141 142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 146 147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 151 152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 156 157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 161 162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 166 167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 171 172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 176}; 177 178/* CRC on 2 bytes */ 179#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 180 181/* FCS on 2 bytes */ 182static inline u8 __fcs(u8 *data) 183{ 184 return 0xff - __crc(data); 185} 186 187/* FCS on 3 bytes */ 188static inline u8 __fcs2(u8 *data) 189{ 190 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 191} 192 193/* Check FCS */ 194static inline int __check_fcs(u8 *data, int type, u8 fcs) 195{ 196 u8 f = __crc(data); 197 198 if (type != RFCOMM_UIH) 199 f = rfcomm_crc_table[f ^ data[2]]; 200 201 return rfcomm_crc_table[f ^ fcs] != 0xcf; 202} 203 204/* ---- L2CAP callbacks ---- */ 205static void rfcomm_l2state_change(struct sock *sk) 206{ 207 BT_DBG("%p state %d", sk, sk->sk_state); 208 rfcomm_schedule(); 209} 210 211static void rfcomm_l2data_ready(struct sock *sk, int bytes) 212{ 213 BT_DBG("%p bytes %d", sk, bytes); 214 rfcomm_schedule(); 215} 216 217static int rfcomm_l2sock_create(struct socket **sock) 218{ 219 int err; 220 221 BT_DBG(""); 222 223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 224 if (!err) { 225 struct sock *sk = (*sock)->sk; 226 sk->sk_data_ready = rfcomm_l2data_ready; 227 sk->sk_state_change = rfcomm_l2state_change; 228 } 229 return err; 230} 231 232static inline int rfcomm_check_security(struct rfcomm_dlc *d) 233{ 234 struct sock *sk = d->session->sock->sk; 235 __u8 auth_type; 236 237 switch (d->sec_level) { 238 case BT_SECURITY_HIGH: 239 auth_type = HCI_AT_GENERAL_BONDING_MITM; 240 break; 241 case BT_SECURITY_MEDIUM: 242 auth_type = HCI_AT_GENERAL_BONDING; 243 break; 244 default: 245 auth_type = HCI_AT_NO_BONDING; 246 break; 247 } 248 249 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 250 auth_type); 251} 252 253static void rfcomm_session_timeout(unsigned long arg) 254{ 255 struct rfcomm_session *s = (void *) arg; 256 257 BT_DBG("session %p state %ld", s, s->state); 258 259 set_bit(RFCOMM_TIMED_OUT, &s->flags); 260 rfcomm_schedule(); 261} 262 263static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 264{ 265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 266 267 if (!mod_timer(&s->timer, jiffies + timeout)) 268 rfcomm_session_hold(s); 269} 270 271static void rfcomm_session_clear_timer(struct rfcomm_session *s) 272{ 273 BT_DBG("session %p state %ld", s, s->state); 274 275 if (timer_pending(&s->timer) && del_timer(&s->timer)) 276 rfcomm_session_put(s); 277} 278 279/* ---- RFCOMM DLCs ---- */ 280static void rfcomm_dlc_timeout(unsigned long arg) 281{ 282 struct rfcomm_dlc *d = (void *) arg; 283 284 BT_DBG("dlc %p state %ld", d, d->state); 285 286 set_bit(RFCOMM_TIMED_OUT, &d->flags); 287 rfcomm_dlc_put(d); 288 rfcomm_schedule(); 289} 290 291static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 292{ 293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 294 295 if (!mod_timer(&d->timer, jiffies + timeout)) 296 rfcomm_dlc_hold(d); 297} 298 299static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 300{ 301 BT_DBG("dlc %p state %ld", d, d->state); 302 303 if (timer_pending(&d->timer) && del_timer(&d->timer)) 304 rfcomm_dlc_put(d); 305} 306 307static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 308{ 309 BT_DBG("%p", d); 310 311 d->state = BT_OPEN; 312 d->flags = 0; 313 d->mscex = 0; 314 d->sec_level = BT_SECURITY_LOW; 315 d->mtu = RFCOMM_DEFAULT_MTU; 316 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 317 318 d->cfc = RFCOMM_CFC_DISABLED; 319 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 320} 321 322struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 323{ 324 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 325 326 if (!d) 327 return NULL; 328 329 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 330 331 skb_queue_head_init(&d->tx_queue); 332 spin_lock_init(&d->lock); 333 atomic_set(&d->refcnt, 1); 334 335 rfcomm_dlc_clear_state(d); 336 337 BT_DBG("%p", d); 338 339 return d; 340} 341 342void rfcomm_dlc_free(struct rfcomm_dlc *d) 343{ 344 BT_DBG("%p", d); 345 346 skb_queue_purge(&d->tx_queue); 347 kfree(d); 348} 349 350static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 351{ 352 BT_DBG("dlc %p session %p", d, s); 353 354 rfcomm_session_hold(s); 355 356 rfcomm_session_clear_timer(s); 357 rfcomm_dlc_hold(d); 358 list_add(&d->list, &s->dlcs); 359 d->session = s; 360} 361 362static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 363{ 364 struct rfcomm_session *s = d->session; 365 366 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 367 368 list_del(&d->list); 369 d->session = NULL; 370 rfcomm_dlc_put(d); 371 372 if (list_empty(&s->dlcs)) 373 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 374 375 rfcomm_session_put(s); 376} 377 378static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 379{ 380 struct rfcomm_dlc *d; 381 struct list_head *p; 382 383 list_for_each(p, &s->dlcs) { 384 d = list_entry(p, struct rfcomm_dlc, list); 385 if (d->dlci == dlci) 386 return d; 387 } 388 return NULL; 389} 390 391static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 392{ 393 struct rfcomm_session *s; 394 int err = 0; 395 u8 dlci; 396 397 BT_DBG("dlc %p state %ld %s %s channel %d", 398 d, d->state, batostr(src), batostr(dst), channel); 399 400 if (channel < 1 || channel > 30) 401 return -EINVAL; 402 403 if (d->state != BT_OPEN && d->state != BT_CLOSED) 404 return 0; 405 406 s = rfcomm_session_get(src, dst); 407 if (!s) { 408 s = rfcomm_session_create(src, dst, d->sec_level, &err); 409 if (!s) 410 return err; 411 } 412 413 dlci = __dlci(!s->initiator, channel); 414 415 /* Check if DLCI already exists */ 416 if (rfcomm_dlc_get(s, dlci)) 417 return -EBUSY; 418 419 rfcomm_dlc_clear_state(d); 420 421 d->dlci = dlci; 422 d->addr = __addr(s->initiator, dlci); 423 d->priority = 7; 424 425 d->state = BT_CONFIG; 426 rfcomm_dlc_link(s, d); 427 428 d->out = 1; 429 430 d->mtu = s->mtu; 431 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 432 433 if (s->state == BT_CONNECTED) { 434 if (rfcomm_check_security(d)) 435 rfcomm_send_pn(s, 1, d); 436 else 437 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 438 } 439 440 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 441 442 return 0; 443} 444 445int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 446{ 447 int r; 448 449 rfcomm_lock(); 450 451 r = __rfcomm_dlc_open(d, src, dst, channel); 452 453 rfcomm_unlock(); 454 return r; 455} 456 457static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 458{ 459 struct rfcomm_session *s = d->session; 460 if (!s) 461 return 0; 462 463 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 464 d, d->state, d->dlci, err, s); 465 466 switch (d->state) { 467 case BT_CONNECT: 468 case BT_CONFIG: 469 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 470 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 471 rfcomm_schedule(); 472 break; 473 } 474 /* Fall through */ 475 476 case BT_CONNECTED: 477 d->state = BT_DISCONN; 478 if (skb_queue_empty(&d->tx_queue)) { 479 rfcomm_send_disc(s, d->dlci); 480 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 481 } else { 482 rfcomm_queue_disc(d); 483 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 484 } 485 break; 486 487 case BT_OPEN: 488 case BT_CONNECT2: 489 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 490 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 491 rfcomm_schedule(); 492 break; 493 } 494 /* Fall through */ 495 496 default: 497 rfcomm_dlc_clear_timer(d); 498 499 rfcomm_dlc_lock(d); 500 d->state = BT_CLOSED; 501 d->state_change(d, err); 502 rfcomm_dlc_unlock(d); 503 504 skb_queue_purge(&d->tx_queue); 505 rfcomm_dlc_unlink(d); 506 } 507 508 return 0; 509} 510 511int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 512{ 513 int r; 514 515 rfcomm_lock(); 516 517 r = __rfcomm_dlc_close(d, err); 518 519 rfcomm_unlock(); 520 return r; 521} 522 523int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 524{ 525 int len = skb->len; 526 527 if (d->state != BT_CONNECTED) 528 return -ENOTCONN; 529 530 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 531 532 if (len > d->mtu) 533 return -EINVAL; 534 535 rfcomm_make_uih(skb, d->addr); 536 skb_queue_tail(&d->tx_queue, skb); 537 538 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 539 rfcomm_schedule(); 540 return len; 541} 542 543void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 544{ 545 BT_DBG("dlc %p state %ld", d, d->state); 546 547 if (!d->cfc) { 548 d->v24_sig |= RFCOMM_V24_FC; 549 set_bit(RFCOMM_MSC_PENDING, &d->flags); 550 } 551 rfcomm_schedule(); 552} 553 554void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 555{ 556 BT_DBG("dlc %p state %ld", d, d->state); 557 558 if (!d->cfc) { 559 d->v24_sig &= ~RFCOMM_V24_FC; 560 set_bit(RFCOMM_MSC_PENDING, &d->flags); 561 } 562 rfcomm_schedule(); 563} 564 565/* 566 Set/get modem status functions use _local_ status i.e. what we report 567 to the other side. 568 Remote status is provided by dlc->modem_status() callback. 569 */ 570int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 571{ 572 BT_DBG("dlc %p state %ld v24_sig 0x%x", 573 d, d->state, v24_sig); 574 575 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 576 v24_sig |= RFCOMM_V24_FC; 577 else 578 v24_sig &= ~RFCOMM_V24_FC; 579 580 d->v24_sig = v24_sig; 581 582 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 583 rfcomm_schedule(); 584 585 return 0; 586} 587 588int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 589{ 590 BT_DBG("dlc %p state %ld v24_sig 0x%x", 591 d, d->state, d->v24_sig); 592 593 *v24_sig = d->v24_sig; 594 return 0; 595} 596 597/* ---- RFCOMM sessions ---- */ 598static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 599{ 600 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 601 602 if (!s) 603 return NULL; 604 605 BT_DBG("session %p sock %p", s, sock); 606 607 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 608 609 INIT_LIST_HEAD(&s->dlcs); 610 s->state = state; 611 s->sock = sock; 612 613 s->mtu = RFCOMM_DEFAULT_MTU; 614 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 615 616 /* Do not increment module usage count for listening sessions. 617 * Otherwise we won't be able to unload the module. */ 618 if (state != BT_LISTEN) 619 if (!try_module_get(THIS_MODULE)) { 620 kfree(s); 621 return NULL; 622 } 623 624 list_add(&s->list, &session_list); 625 626 return s; 627} 628 629static void rfcomm_session_del(struct rfcomm_session *s) 630{ 631 int state = s->state; 632 633 BT_DBG("session %p state %ld", s, s->state); 634 635 list_del(&s->list); 636 637 if (state == BT_CONNECTED) 638 rfcomm_send_disc(s, 0); 639 640 rfcomm_session_clear_timer(s); 641 sock_release(s->sock); 642 kfree(s); 643 644 if (state != BT_LISTEN) 645 module_put(THIS_MODULE); 646} 647 648static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 649{ 650 struct rfcomm_session *s; 651 struct list_head *p, *n; 652 struct bt_sock *sk; 653 list_for_each_safe(p, n, &session_list) { 654 s = list_entry(p, struct rfcomm_session, list); 655 sk = bt_sk(s->sock->sk); 656 657 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 658 !bacmp(&sk->dst, dst)) 659 return s; 660 } 661 return NULL; 662} 663 664static void rfcomm_session_close(struct rfcomm_session *s, int err) 665{ 666 struct rfcomm_dlc *d; 667 struct list_head *p, *n; 668 669 BT_DBG("session %p state %ld err %d", s, s->state, err); 670 671 rfcomm_session_hold(s); 672 673 s->state = BT_CLOSED; 674 675 /* Close all dlcs */ 676 list_for_each_safe(p, n, &s->dlcs) { 677 d = list_entry(p, struct rfcomm_dlc, list); 678 d->state = BT_CLOSED; 679 __rfcomm_dlc_close(d, err); 680 } 681 682 rfcomm_session_clear_timer(s); 683 rfcomm_session_put(s); 684} 685 686static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 687 bdaddr_t *dst, 688 u8 sec_level, 689 int *err) 690{ 691 struct rfcomm_session *s = NULL; 692 struct sockaddr_l2 addr; 693 struct socket *sock; 694 struct sock *sk; 695 696 BT_DBG("%s %s", batostr(src), batostr(dst)); 697 698 *err = rfcomm_l2sock_create(&sock); 699 if (*err < 0) 700 return NULL; 701 702 bacpy(&addr.l2_bdaddr, src); 703 addr.l2_family = AF_BLUETOOTH; 704 addr.l2_psm = 0; 705 addr.l2_cid = 0; 706 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 707 if (*err < 0) 708 goto failed; 709 710 /* Set L2CAP options */ 711 sk = sock->sk; 712 lock_sock(sk); 713 l2cap_pi(sk)->imtu = l2cap_mtu; 714 l2cap_pi(sk)->sec_level = sec_level; 715 if (l2cap_ertm) 716 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 717 release_sock(sk); 718 719 s = rfcomm_session_add(sock, BT_BOUND); 720 if (!s) { 721 *err = -ENOMEM; 722 goto failed; 723 } 724 725 s->initiator = 1; 726 727 bacpy(&addr.l2_bdaddr, dst); 728 addr.l2_family = AF_BLUETOOTH; 729 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 730 addr.l2_cid = 0; 731 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 732 if (*err == 0 || *err == -EINPROGRESS) 733 return s; 734 735 rfcomm_session_del(s); 736 return NULL; 737 738failed: 739 sock_release(sock); 740 return NULL; 741} 742 743void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 744{ 745 struct sock *sk = s->sock->sk; 746 if (src) 747 bacpy(src, &bt_sk(sk)->src); 748 if (dst) 749 bacpy(dst, &bt_sk(sk)->dst); 750} 751 752/* ---- RFCOMM frame sending ---- */ 753static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 754{ 755 struct socket *sock = s->sock; 756 struct kvec iv = { data, len }; 757 struct msghdr msg; 758 759 BT_DBG("session %p len %d", s, len); 760 761 memset(&msg, 0, sizeof(msg)); 762 763 return kernel_sendmsg(sock, &msg, &iv, 1, len); 764} 765 766static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 767{ 768 struct rfcomm_cmd cmd; 769 770 BT_DBG("%p dlci %d", s, dlci); 771 772 cmd.addr = __addr(s->initiator, dlci); 773 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 774 cmd.len = __len8(0); 775 cmd.fcs = __fcs2((u8 *) &cmd); 776 777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 778} 779 780static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 781{ 782 struct rfcomm_cmd cmd; 783 784 BT_DBG("%p dlci %d", s, dlci); 785 786 cmd.addr = __addr(!s->initiator, dlci); 787 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 788 cmd.len = __len8(0); 789 cmd.fcs = __fcs2((u8 *) &cmd); 790 791 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 792} 793 794static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 795{ 796 struct rfcomm_cmd cmd; 797 798 BT_DBG("%p dlci %d", s, dlci); 799 800 cmd.addr = __addr(s->initiator, dlci); 801 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 802 cmd.len = __len8(0); 803 cmd.fcs = __fcs2((u8 *) &cmd); 804 805 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 806} 807 808static int rfcomm_queue_disc(struct rfcomm_dlc *d) 809{ 810 struct rfcomm_cmd *cmd; 811 struct sk_buff *skb; 812 813 BT_DBG("dlc %p dlci %d", d, d->dlci); 814 815 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 816 if (!skb) 817 return -ENOMEM; 818 819 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 820 cmd->addr = d->addr; 821 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 822 cmd->len = __len8(0); 823 cmd->fcs = __fcs2((u8 *) cmd); 824 825 skb_queue_tail(&d->tx_queue, skb); 826 rfcomm_schedule(); 827 return 0; 828} 829 830static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 831{ 832 struct rfcomm_cmd cmd; 833 834 BT_DBG("%p dlci %d", s, dlci); 835 836 cmd.addr = __addr(!s->initiator, dlci); 837 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 838 cmd.len = __len8(0); 839 cmd.fcs = __fcs2((u8 *) &cmd); 840 841 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 842} 843 844static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 845{ 846 struct rfcomm_hdr *hdr; 847 struct rfcomm_mcc *mcc; 848 u8 buf[16], *ptr = buf; 849 850 BT_DBG("%p cr %d type %d", s, cr, type); 851 852 hdr = (void *) ptr; ptr += sizeof(*hdr); 853 hdr->addr = __addr(s->initiator, 0); 854 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 855 hdr->len = __len8(sizeof(*mcc) + 1); 856 857 mcc = (void *) ptr; ptr += sizeof(*mcc); 858 mcc->type = __mcc_type(cr, RFCOMM_NSC); 859 mcc->len = __len8(1); 860 861 /* Type that we didn't like */ 862 *ptr = __mcc_type(cr, type); ptr++; 863 864 *ptr = __fcs(buf); ptr++; 865 866 return rfcomm_send_frame(s, buf, ptr - buf); 867} 868 869static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 870{ 871 struct rfcomm_hdr *hdr; 872 struct rfcomm_mcc *mcc; 873 struct rfcomm_pn *pn; 874 u8 buf[16], *ptr = buf; 875 876 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 877 878 hdr = (void *) ptr; ptr += sizeof(*hdr); 879 hdr->addr = __addr(s->initiator, 0); 880 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 881 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 882 883 mcc = (void *) ptr; ptr += sizeof(*mcc); 884 mcc->type = __mcc_type(cr, RFCOMM_PN); 885 mcc->len = __len8(sizeof(*pn)); 886 887 pn = (void *) ptr; ptr += sizeof(*pn); 888 pn->dlci = d->dlci; 889 pn->priority = d->priority; 890 pn->ack_timer = 0; 891 pn->max_retrans = 0; 892 893 if (s->cfc) { 894 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 895 pn->credits = RFCOMM_DEFAULT_CREDITS; 896 } else { 897 pn->flow_ctrl = 0; 898 pn->credits = 0; 899 } 900 901 if (cr && channel_mtu >= 0) 902 pn->mtu = cpu_to_le16(channel_mtu); 903 else 904 pn->mtu = cpu_to_le16(d->mtu); 905 906 *ptr = __fcs(buf); ptr++; 907 908 return rfcomm_send_frame(s, buf, ptr - buf); 909} 910 911int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 912 u8 bit_rate, u8 data_bits, u8 stop_bits, 913 u8 parity, u8 flow_ctrl_settings, 914 u8 xon_char, u8 xoff_char, u16 param_mask) 915{ 916 struct rfcomm_hdr *hdr; 917 struct rfcomm_mcc *mcc; 918 struct rfcomm_rpn *rpn; 919 u8 buf[16], *ptr = buf; 920 921 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 922 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 923 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 924 flow_ctrl_settings, xon_char, xoff_char, param_mask); 925 926 hdr = (void *) ptr; ptr += sizeof(*hdr); 927 hdr->addr = __addr(s->initiator, 0); 928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 929 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 930 931 mcc = (void *) ptr; ptr += sizeof(*mcc); 932 mcc->type = __mcc_type(cr, RFCOMM_RPN); 933 mcc->len = __len8(sizeof(*rpn)); 934 935 rpn = (void *) ptr; ptr += sizeof(*rpn); 936 rpn->dlci = __addr(1, dlci); 937 rpn->bit_rate = bit_rate; 938 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 939 rpn->flow_ctrl = flow_ctrl_settings; 940 rpn->xon_char = xon_char; 941 rpn->xoff_char = xoff_char; 942 rpn->param_mask = cpu_to_le16(param_mask); 943 944 *ptr = __fcs(buf); ptr++; 945 946 return rfcomm_send_frame(s, buf, ptr - buf); 947} 948 949static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 950{ 951 struct rfcomm_hdr *hdr; 952 struct rfcomm_mcc *mcc; 953 struct rfcomm_rls *rls; 954 u8 buf[16], *ptr = buf; 955 956 BT_DBG("%p cr %d status 0x%x", s, cr, status); 957 958 hdr = (void *) ptr; ptr += sizeof(*hdr); 959 hdr->addr = __addr(s->initiator, 0); 960 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 961 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 962 963 mcc = (void *) ptr; ptr += sizeof(*mcc); 964 mcc->type = __mcc_type(cr, RFCOMM_RLS); 965 mcc->len = __len8(sizeof(*rls)); 966 967 rls = (void *) ptr; ptr += sizeof(*rls); 968 rls->dlci = __addr(1, dlci); 969 rls->status = status; 970 971 *ptr = __fcs(buf); ptr++; 972 973 return rfcomm_send_frame(s, buf, ptr - buf); 974} 975 976static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 977{ 978 struct rfcomm_hdr *hdr; 979 struct rfcomm_mcc *mcc; 980 struct rfcomm_msc *msc; 981 u8 buf[16], *ptr = buf; 982 983 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 984 985 hdr = (void *) ptr; ptr += sizeof(*hdr); 986 hdr->addr = __addr(s->initiator, 0); 987 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 988 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 989 990 mcc = (void *) ptr; ptr += sizeof(*mcc); 991 mcc->type = __mcc_type(cr, RFCOMM_MSC); 992 mcc->len = __len8(sizeof(*msc)); 993 994 msc = (void *) ptr; ptr += sizeof(*msc); 995 msc->dlci = __addr(1, dlci); 996 msc->v24_sig = v24_sig | 0x01; 997 998 *ptr = __fcs(buf); ptr++; 999 1000 return rfcomm_send_frame(s, buf, ptr - buf); 1001} 1002 1003static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1004{ 1005 struct rfcomm_hdr *hdr; 1006 struct rfcomm_mcc *mcc; 1007 u8 buf[16], *ptr = buf; 1008 1009 BT_DBG("%p cr %d", s, cr); 1010 1011 hdr = (void *) ptr; ptr += sizeof(*hdr); 1012 hdr->addr = __addr(s->initiator, 0); 1013 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1014 hdr->len = __len8(sizeof(*mcc)); 1015 1016 mcc = (void *) ptr; ptr += sizeof(*mcc); 1017 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1018 mcc->len = __len8(0); 1019 1020 *ptr = __fcs(buf); ptr++; 1021 1022 return rfcomm_send_frame(s, buf, ptr - buf); 1023} 1024 1025static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1026{ 1027 struct rfcomm_hdr *hdr; 1028 struct rfcomm_mcc *mcc; 1029 u8 buf[16], *ptr = buf; 1030 1031 BT_DBG("%p cr %d", s, cr); 1032 1033 hdr = (void *) ptr; ptr += sizeof(*hdr); 1034 hdr->addr = __addr(s->initiator, 0); 1035 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1036 hdr->len = __len8(sizeof(*mcc)); 1037 1038 mcc = (void *) ptr; ptr += sizeof(*mcc); 1039 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1040 mcc->len = __len8(0); 1041 1042 *ptr = __fcs(buf); ptr++; 1043 1044 return rfcomm_send_frame(s, buf, ptr - buf); 1045} 1046 1047static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1048{ 1049 struct socket *sock = s->sock; 1050 struct kvec iv[3]; 1051 struct msghdr msg; 1052 unsigned char hdr[5], crc[1]; 1053 1054 if (len > 125) 1055 return -EINVAL; 1056 1057 BT_DBG("%p cr %d", s, cr); 1058 1059 hdr[0] = __addr(s->initiator, 0); 1060 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1061 hdr[2] = 0x01 | ((len + 2) << 1); 1062 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1063 hdr[4] = 0x01 | (len << 1); 1064 1065 crc[0] = __fcs(hdr); 1066 1067 iv[0].iov_base = hdr; 1068 iv[0].iov_len = 5; 1069 iv[1].iov_base = pattern; 1070 iv[1].iov_len = len; 1071 iv[2].iov_base = crc; 1072 iv[2].iov_len = 1; 1073 1074 memset(&msg, 0, sizeof(msg)); 1075 1076 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1077} 1078 1079static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1080{ 1081 struct rfcomm_hdr *hdr; 1082 u8 buf[16], *ptr = buf; 1083 1084 BT_DBG("%p addr %d credits %d", s, addr, credits); 1085 1086 hdr = (void *) ptr; ptr += sizeof(*hdr); 1087 hdr->addr = addr; 1088 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1089 hdr->len = __len8(0); 1090 1091 *ptr = credits; ptr++; 1092 1093 *ptr = __fcs(buf); ptr++; 1094 1095 return rfcomm_send_frame(s, buf, ptr - buf); 1096} 1097 1098static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1099{ 1100 struct rfcomm_hdr *hdr; 1101 int len = skb->len; 1102 u8 *crc; 1103 1104 if (len > 127) { 1105 hdr = (void *) skb_push(skb, 4); 1106 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1107 } else { 1108 hdr = (void *) skb_push(skb, 3); 1109 hdr->len = __len8(len); 1110 } 1111 hdr->addr = addr; 1112 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1113 1114 crc = skb_put(skb, 1); 1115 *crc = __fcs((void *) hdr); 1116} 1117 1118/* ---- RFCOMM frame reception ---- */ 1119static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1120{ 1121 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1122 1123 if (dlci) { 1124 /* Data channel */ 1125 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1126 if (!d) { 1127 rfcomm_send_dm(s, dlci); 1128 return 0; 1129 } 1130 1131 switch (d->state) { 1132 case BT_CONNECT: 1133 rfcomm_dlc_clear_timer(d); 1134 1135 rfcomm_dlc_lock(d); 1136 d->state = BT_CONNECTED; 1137 d->state_change(d, 0); 1138 rfcomm_dlc_unlock(d); 1139 1140 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1141 break; 1142 1143 case BT_DISCONN: 1144 d->state = BT_CLOSED; 1145 __rfcomm_dlc_close(d, 0); 1146 1147 if (list_empty(&s->dlcs)) { 1148 s->state = BT_DISCONN; 1149 rfcomm_send_disc(s, 0); 1150 } 1151 1152 break; 1153 } 1154 } else { 1155 /* Control channel */ 1156 switch (s->state) { 1157 case BT_CONNECT: 1158 s->state = BT_CONNECTED; 1159 rfcomm_process_connect(s); 1160 break; 1161 1162 case BT_DISCONN: 1163 /* When socket is closed and we are not RFCOMM 1164 * initiator rfcomm_process_rx already calls 1165 * rfcomm_session_put() */ 1166 if (s->sock->sk->sk_state != BT_CLOSED) 1167 if (list_empty(&s->dlcs)) 1168 rfcomm_session_put(s); 1169 break; 1170 } 1171 } 1172 return 0; 1173} 1174 1175static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1176{ 1177 int err = 0; 1178 1179 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1180 1181 if (dlci) { 1182 /* Data DLC */ 1183 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1184 if (d) { 1185 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1186 err = ECONNREFUSED; 1187 else 1188 err = ECONNRESET; 1189 1190 d->state = BT_CLOSED; 1191 __rfcomm_dlc_close(d, err); 1192 } 1193 } else { 1194 if (s->state == BT_CONNECT) 1195 err = ECONNREFUSED; 1196 else 1197 err = ECONNRESET; 1198 1199 s->state = BT_CLOSED; 1200 rfcomm_session_close(s, err); 1201 } 1202 return 0; 1203} 1204 1205static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1206{ 1207 int err = 0; 1208 1209 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1210 1211 if (dlci) { 1212 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1213 if (d) { 1214 rfcomm_send_ua(s, dlci); 1215 1216 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1217 err = ECONNREFUSED; 1218 else 1219 err = ECONNRESET; 1220 1221 d->state = BT_CLOSED; 1222 __rfcomm_dlc_close(d, err); 1223 } else 1224 rfcomm_send_dm(s, dlci); 1225 1226 } else { 1227 rfcomm_send_ua(s, 0); 1228 1229 if (s->state == BT_CONNECT) 1230 err = ECONNREFUSED; 1231 else 1232 err = ECONNRESET; 1233 1234 s->state = BT_CLOSED; 1235 rfcomm_session_close(s, err); 1236 } 1237 1238 return 0; 1239} 1240 1241void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1242{ 1243 struct sock *sk = d->session->sock->sk; 1244 1245 BT_DBG("dlc %p", d); 1246 1247 rfcomm_send_ua(d->session, d->dlci); 1248 1249 rfcomm_dlc_clear_timer(d); 1250 1251 rfcomm_dlc_lock(d); 1252 d->state = BT_CONNECTED; 1253 d->state_change(d, 0); 1254 rfcomm_dlc_unlock(d); 1255 1256 if (d->role_switch) 1257 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1258 1259 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1260} 1261 1262static void rfcomm_check_accept(struct rfcomm_dlc *d) 1263{ 1264 if (rfcomm_check_security(d)) { 1265 if (d->defer_setup) { 1266 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1267 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1268 1269 rfcomm_dlc_lock(d); 1270 d->state = BT_CONNECT2; 1271 d->state_change(d, 0); 1272 rfcomm_dlc_unlock(d); 1273 } else 1274 rfcomm_dlc_accept(d); 1275 } else { 1276 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1277 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1278 } 1279} 1280 1281static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1282{ 1283 struct rfcomm_dlc *d; 1284 u8 channel; 1285 1286 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1287 1288 if (!dlci) { 1289 rfcomm_send_ua(s, 0); 1290 1291 if (s->state == BT_OPEN) { 1292 s->state = BT_CONNECTED; 1293 rfcomm_process_connect(s); 1294 } 1295 return 0; 1296 } 1297 1298 /* Check if DLC exists */ 1299 d = rfcomm_dlc_get(s, dlci); 1300 if (d) { 1301 if (d->state == BT_OPEN) { 1302 /* DLC was previously opened by PN request */ 1303 rfcomm_check_accept(d); 1304 } 1305 return 0; 1306 } 1307 1308 /* Notify socket layer about incoming connection */ 1309 channel = __srv_channel(dlci); 1310 if (rfcomm_connect_ind(s, channel, &d)) { 1311 d->dlci = dlci; 1312 d->addr = __addr(s->initiator, dlci); 1313 rfcomm_dlc_link(s, d); 1314 1315 rfcomm_check_accept(d); 1316 } else { 1317 rfcomm_send_dm(s, dlci); 1318 } 1319 1320 return 0; 1321} 1322 1323static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1324{ 1325 struct rfcomm_session *s = d->session; 1326 1327 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1328 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1329 1330 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1331 pn->flow_ctrl == 0xe0) { 1332 d->cfc = RFCOMM_CFC_ENABLED; 1333 d->tx_credits = pn->credits; 1334 } else { 1335 d->cfc = RFCOMM_CFC_DISABLED; 1336 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1337 } 1338 1339 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1340 s->cfc = d->cfc; 1341 1342 d->priority = pn->priority; 1343 1344 d->mtu = __le16_to_cpu(pn->mtu); 1345 1346 if (cr && d->mtu > s->mtu) 1347 d->mtu = s->mtu; 1348 1349 return 0; 1350} 1351 1352static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1353{ 1354 struct rfcomm_pn *pn = (void *) skb->data; 1355 struct rfcomm_dlc *d; 1356 u8 dlci = pn->dlci; 1357 1358 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1359 1360 if (!dlci) 1361 return 0; 1362 1363 d = rfcomm_dlc_get(s, dlci); 1364 if (d) { 1365 if (cr) { 1366 /* PN request */ 1367 rfcomm_apply_pn(d, cr, pn); 1368 rfcomm_send_pn(s, 0, d); 1369 } else { 1370 /* PN response */ 1371 switch (d->state) { 1372 case BT_CONFIG: 1373 rfcomm_apply_pn(d, cr, pn); 1374 1375 d->state = BT_CONNECT; 1376 rfcomm_send_sabm(s, d->dlci); 1377 break; 1378 } 1379 } 1380 } else { 1381 u8 channel = __srv_channel(dlci); 1382 1383 if (!cr) 1384 return 0; 1385 1386 /* PN request for non existing DLC. 1387 * Assume incoming connection. */ 1388 if (rfcomm_connect_ind(s, channel, &d)) { 1389 d->dlci = dlci; 1390 d->addr = __addr(s->initiator, dlci); 1391 rfcomm_dlc_link(s, d); 1392 1393 rfcomm_apply_pn(d, cr, pn); 1394 1395 d->state = BT_OPEN; 1396 rfcomm_send_pn(s, 0, d); 1397 } else { 1398 rfcomm_send_dm(s, dlci); 1399 } 1400 } 1401 return 0; 1402} 1403 1404static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1405{ 1406 struct rfcomm_rpn *rpn = (void *) skb->data; 1407 u8 dlci = __get_dlci(rpn->dlci); 1408 1409 u8 bit_rate = 0; 1410 u8 data_bits = 0; 1411 u8 stop_bits = 0; 1412 u8 parity = 0; 1413 u8 flow_ctrl = 0; 1414 u8 xon_char = 0; 1415 u8 xoff_char = 0; 1416 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1417 1418 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1419 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1420 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1421 1422 if (!cr) 1423 return 0; 1424 1425 if (len == 1) { 1426 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1427 bit_rate = RFCOMM_RPN_BR_9600; 1428 data_bits = RFCOMM_RPN_DATA_8; 1429 stop_bits = RFCOMM_RPN_STOP_1; 1430 parity = RFCOMM_RPN_PARITY_NONE; 1431 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1432 xon_char = RFCOMM_RPN_XON_CHAR; 1433 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1434 goto rpn_out; 1435 } 1436 1437 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1438 * no parity, no flow control lines, normal XON/XOFF chars */ 1439 1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1441 bit_rate = rpn->bit_rate; 1442 if (bit_rate > RFCOMM_RPN_BR_230400) { 1443 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1444 bit_rate = RFCOMM_RPN_BR_9600; 1445 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1446 } 1447 } 1448 1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1450 data_bits = __get_rpn_data_bits(rpn->line_settings); 1451 if (data_bits != RFCOMM_RPN_DATA_8) { 1452 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1453 data_bits = RFCOMM_RPN_DATA_8; 1454 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1455 } 1456 } 1457 1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1459 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1460 if (stop_bits != RFCOMM_RPN_STOP_1) { 1461 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1462 stop_bits = RFCOMM_RPN_STOP_1; 1463 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1464 } 1465 } 1466 1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1468 parity = __get_rpn_parity(rpn->line_settings); 1469 if (parity != RFCOMM_RPN_PARITY_NONE) { 1470 BT_DBG("RPN parity mismatch 0x%x", parity); 1471 parity = RFCOMM_RPN_PARITY_NONE; 1472 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1473 } 1474 } 1475 1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1477 flow_ctrl = rpn->flow_ctrl; 1478 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1479 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1480 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1481 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1482 } 1483 } 1484 1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1486 xon_char = rpn->xon_char; 1487 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1488 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1489 xon_char = RFCOMM_RPN_XON_CHAR; 1490 rpn_mask ^= RFCOMM_RPN_PM_XON; 1491 } 1492 } 1493 1494 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1495 xoff_char = rpn->xoff_char; 1496 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1497 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1498 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1499 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1500 } 1501 } 1502 1503rpn_out: 1504 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1505 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1506 1507 return 0; 1508} 1509 1510static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1511{ 1512 struct rfcomm_rls *rls = (void *) skb->data; 1513 u8 dlci = __get_dlci(rls->dlci); 1514 1515 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1516 1517 if (!cr) 1518 return 0; 1519 1520 /* We should probably do something with this information here. But 1521 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1522 * mandatory to recognise and respond to RLS */ 1523 1524 rfcomm_send_rls(s, 0, dlci, rls->status); 1525 1526 return 0; 1527} 1528 1529static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1530{ 1531 struct rfcomm_msc *msc = (void *) skb->data; 1532 struct rfcomm_dlc *d; 1533 u8 dlci = __get_dlci(msc->dlci); 1534 1535 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1536 1537 d = rfcomm_dlc_get(s, dlci); 1538 if (!d) 1539 return 0; 1540 1541 if (cr) { 1542 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1543 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1544 else 1545 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1546 1547 rfcomm_dlc_lock(d); 1548 1549 d->remote_v24_sig = msc->v24_sig; 1550 1551 if (d->modem_status) 1552 d->modem_status(d, msc->v24_sig); 1553 1554 rfcomm_dlc_unlock(d); 1555 1556 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1557 1558 d->mscex |= RFCOMM_MSCEX_RX; 1559 } else 1560 d->mscex |= RFCOMM_MSCEX_TX; 1561 1562 return 0; 1563} 1564 1565static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1566{ 1567 struct rfcomm_mcc *mcc = (void *) skb->data; 1568 u8 type, cr, len; 1569 1570 cr = __test_cr(mcc->type); 1571 type = __get_mcc_type(mcc->type); 1572 len = __get_mcc_len(mcc->len); 1573 1574 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1575 1576 skb_pull(skb, 2); 1577 1578 switch (type) { 1579 case RFCOMM_PN: 1580 rfcomm_recv_pn(s, cr, skb); 1581 break; 1582 1583 case RFCOMM_RPN: 1584 rfcomm_recv_rpn(s, cr, len, skb); 1585 break; 1586 1587 case RFCOMM_RLS: 1588 rfcomm_recv_rls(s, cr, skb); 1589 break; 1590 1591 case RFCOMM_MSC: 1592 rfcomm_recv_msc(s, cr, skb); 1593 break; 1594 1595 case RFCOMM_FCOFF: 1596 if (cr) { 1597 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1598 rfcomm_send_fcoff(s, 0); 1599 } 1600 break; 1601 1602 case RFCOMM_FCON: 1603 if (cr) { 1604 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1605 rfcomm_send_fcon(s, 0); 1606 } 1607 break; 1608 1609 case RFCOMM_TEST: 1610 if (cr) 1611 rfcomm_send_test(s, 0, skb->data, skb->len); 1612 break; 1613 1614 case RFCOMM_NSC: 1615 break; 1616 1617 default: 1618 BT_ERR("Unknown control type 0x%02x", type); 1619 rfcomm_send_nsc(s, cr, type); 1620 break; 1621 } 1622 return 0; 1623} 1624 1625static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1626{ 1627 struct rfcomm_dlc *d; 1628 1629 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1630 1631 d = rfcomm_dlc_get(s, dlci); 1632 if (!d) { 1633 rfcomm_send_dm(s, dlci); 1634 goto drop; 1635 } 1636 1637 if (pf && d->cfc) { 1638 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1639 1640 d->tx_credits += credits; 1641 if (d->tx_credits) 1642 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1643 } 1644 1645 if (skb->len && d->state == BT_CONNECTED) { 1646 rfcomm_dlc_lock(d); 1647 d->rx_credits--; 1648 d->data_ready(d, skb); 1649 rfcomm_dlc_unlock(d); 1650 return 0; 1651 } 1652 1653drop: 1654 kfree_skb(skb); 1655 return 0; 1656} 1657 1658static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1659{ 1660 struct rfcomm_hdr *hdr = (void *) skb->data; 1661 u8 type, dlci, fcs; 1662 1663 dlci = __get_dlci(hdr->addr); 1664 type = __get_type(hdr->ctrl); 1665 1666 /* Trim FCS */ 1667 skb->len--; skb->tail--; 1668 fcs = *(u8 *)skb_tail_pointer(skb); 1669 1670 if (__check_fcs(skb->data, type, fcs)) { 1671 BT_ERR("bad checksum in packet"); 1672 kfree_skb(skb); 1673 return -EILSEQ; 1674 } 1675 1676 if (__test_ea(hdr->len)) 1677 skb_pull(skb, 3); 1678 else 1679 skb_pull(skb, 4); 1680 1681 switch (type) { 1682 case RFCOMM_SABM: 1683 if (__test_pf(hdr->ctrl)) 1684 rfcomm_recv_sabm(s, dlci); 1685 break; 1686 1687 case RFCOMM_DISC: 1688 if (__test_pf(hdr->ctrl)) 1689 rfcomm_recv_disc(s, dlci); 1690 break; 1691 1692 case RFCOMM_UA: 1693 if (__test_pf(hdr->ctrl)) 1694 rfcomm_recv_ua(s, dlci); 1695 break; 1696 1697 case RFCOMM_DM: 1698 rfcomm_recv_dm(s, dlci); 1699 break; 1700 1701 case RFCOMM_UIH: 1702 if (dlci) 1703 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1704 1705 rfcomm_recv_mcc(s, skb); 1706 break; 1707 1708 default: 1709 BT_ERR("Unknown packet type 0x%02x", type); 1710 break; 1711 } 1712 kfree_skb(skb); 1713 return 0; 1714} 1715 1716/* ---- Connection and data processing ---- */ 1717 1718static void rfcomm_process_connect(struct rfcomm_session *s) 1719{ 1720 struct rfcomm_dlc *d; 1721 struct list_head *p, *n; 1722 1723 BT_DBG("session %p state %ld", s, s->state); 1724 1725 list_for_each_safe(p, n, &s->dlcs) { 1726 d = list_entry(p, struct rfcomm_dlc, list); 1727 if (d->state == BT_CONFIG) { 1728 d->mtu = s->mtu; 1729 if (rfcomm_check_security(d)) { 1730 rfcomm_send_pn(s, 1, d); 1731 } else { 1732 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1733 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1734 } 1735 } 1736 } 1737} 1738 1739/* Send data queued for the DLC. 1740 * Return number of frames left in the queue. 1741 */ 1742static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1743{ 1744 struct sk_buff *skb; 1745 int err; 1746 1747 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1748 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1749 1750 /* Send pending MSC */ 1751 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1752 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1753 1754 if (d->cfc) { 1755 /* CFC enabled. 1756 * Give them some credits */ 1757 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1758 d->rx_credits <= (d->cfc >> 2)) { 1759 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1760 d->rx_credits = d->cfc; 1761 } 1762 } else { 1763 /* CFC disabled. 1764 * Give ourselves some credits */ 1765 d->tx_credits = 5; 1766 } 1767 1768 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1769 return skb_queue_len(&d->tx_queue); 1770 1771 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1772 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1773 if (err < 0) { 1774 skb_queue_head(&d->tx_queue, skb); 1775 break; 1776 } 1777 kfree_skb(skb); 1778 d->tx_credits--; 1779 } 1780 1781 if (d->cfc && !d->tx_credits) { 1782 /* We're out of TX credits. 1783 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1784 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1785 } 1786 1787 return skb_queue_len(&d->tx_queue); 1788} 1789 1790static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1791{ 1792 struct rfcomm_dlc *d; 1793 struct list_head *p, *n; 1794 1795 BT_DBG("session %p state %ld", s, s->state); 1796 1797 list_for_each_safe(p, n, &s->dlcs) { 1798 d = list_entry(p, struct rfcomm_dlc, list); 1799 1800 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1801 __rfcomm_dlc_close(d, ETIMEDOUT); 1802 continue; 1803 } 1804 1805 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1806 rfcomm_dlc_clear_timer(d); 1807 if (d->out) { 1808 rfcomm_send_pn(s, 1, d); 1809 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1810 } else { 1811 if (d->defer_setup) { 1812 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1813 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1814 1815 rfcomm_dlc_lock(d); 1816 d->state = BT_CONNECT2; 1817 d->state_change(d, 0); 1818 rfcomm_dlc_unlock(d); 1819 } else 1820 rfcomm_dlc_accept(d); 1821 } 1822 continue; 1823 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1824 rfcomm_dlc_clear_timer(d); 1825 if (!d->out) 1826 rfcomm_send_dm(s, d->dlci); 1827 else 1828 d->state = BT_CLOSED; 1829 __rfcomm_dlc_close(d, ECONNREFUSED); 1830 continue; 1831 } 1832 1833 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1834 continue; 1835 1836 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1837 continue; 1838 1839 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1840 d->mscex == RFCOMM_MSCEX_OK) 1841 rfcomm_process_tx(d); 1842 } 1843} 1844 1845static inline void rfcomm_process_rx(struct rfcomm_session *s) 1846{ 1847 struct socket *sock = s->sock; 1848 struct sock *sk = sock->sk; 1849 struct sk_buff *skb; 1850 1851 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1852 1853 /* Get data directly from socket receive queue without copying it. */ 1854 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1855 skb_orphan(skb); 1856 rfcomm_recv_frame(s, skb); 1857 } 1858 1859 if (sk->sk_state == BT_CLOSED) { 1860 if (!s->initiator) 1861 rfcomm_session_put(s); 1862 1863 rfcomm_session_close(s, sk->sk_err); 1864 } 1865} 1866 1867static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1868{ 1869 struct socket *sock = s->sock, *nsock; 1870 int err; 1871 1872 /* Fast check for a new connection. 1873 * Avoids unnesesary socket allocations. */ 1874 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1875 return; 1876 1877 BT_DBG("session %p", s); 1878 1879 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1880 if (err < 0) 1881 return; 1882 1883 /* Set our callbacks */ 1884 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1885 nsock->sk->sk_state_change = rfcomm_l2state_change; 1886 1887 s = rfcomm_session_add(nsock, BT_OPEN); 1888 if (s) { 1889 rfcomm_session_hold(s); 1890 1891 /* We should adjust MTU on incoming sessions. 1892 * L2CAP MTU minus UIH header and FCS. */ 1893 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1894 1895 rfcomm_schedule(); 1896 } else 1897 sock_release(nsock); 1898} 1899 1900static inline void rfcomm_check_connection(struct rfcomm_session *s) 1901{ 1902 struct sock *sk = s->sock->sk; 1903 1904 BT_DBG("%p state %ld", s, s->state); 1905 1906 switch (sk->sk_state) { 1907 case BT_CONNECTED: 1908 s->state = BT_CONNECT; 1909 1910 /* We can adjust MTU on outgoing sessions. 1911 * L2CAP MTU minus UIH header and FCS. */ 1912 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1913 1914 rfcomm_send_sabm(s, 0); 1915 break; 1916 1917 case BT_CLOSED: 1918 s->state = BT_CLOSED; 1919 rfcomm_session_close(s, sk->sk_err); 1920 break; 1921 } 1922} 1923 1924static inline void rfcomm_process_sessions(void) 1925{ 1926 struct list_head *p, *n; 1927 1928 rfcomm_lock(); 1929 1930 list_for_each_safe(p, n, &session_list) { 1931 struct rfcomm_session *s; 1932 s = list_entry(p, struct rfcomm_session, list); 1933 1934 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1935 s->state = BT_DISCONN; 1936 rfcomm_send_disc(s, 0); 1937 rfcomm_session_put(s); 1938 continue; 1939 } 1940 1941 if (s->state == BT_LISTEN) { 1942 rfcomm_accept_connection(s); 1943 continue; 1944 } 1945 1946 rfcomm_session_hold(s); 1947 1948 switch (s->state) { 1949 case BT_BOUND: 1950 rfcomm_check_connection(s); 1951 break; 1952 1953 default: 1954 rfcomm_process_rx(s); 1955 break; 1956 } 1957 1958 rfcomm_process_dlcs(s); 1959 1960 rfcomm_session_put(s); 1961 } 1962 1963 rfcomm_unlock(); 1964} 1965 1966static int rfcomm_add_listener(bdaddr_t *ba) 1967{ 1968 struct sockaddr_l2 addr; 1969 struct socket *sock; 1970 struct sock *sk; 1971 struct rfcomm_session *s; 1972 int err = 0; 1973 1974 /* Create socket */ 1975 err = rfcomm_l2sock_create(&sock); 1976 if (err < 0) { 1977 BT_ERR("Create socket failed %d", err); 1978 return err; 1979 } 1980 1981 /* Bind socket */ 1982 bacpy(&addr.l2_bdaddr, ba); 1983 addr.l2_family = AF_BLUETOOTH; 1984 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1985 addr.l2_cid = 0; 1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1987 if (err < 0) { 1988 BT_ERR("Bind failed %d", err); 1989 goto failed; 1990 } 1991 1992 /* Set L2CAP options */ 1993 sk = sock->sk; 1994 lock_sock(sk); 1995 l2cap_pi(sk)->imtu = l2cap_mtu; 1996 release_sock(sk); 1997 1998 /* Start listening on the socket */ 1999 err = kernel_listen(sock, 10); 2000 if (err) { 2001 BT_ERR("Listen failed %d", err); 2002 goto failed; 2003 } 2004 2005 /* Add listening session */ 2006 s = rfcomm_session_add(sock, BT_LISTEN); 2007 if (!s) 2008 goto failed; 2009 2010 rfcomm_session_hold(s); 2011 return 0; 2012failed: 2013 sock_release(sock); 2014 return err; 2015} 2016 2017static void rfcomm_kill_listener(void) 2018{ 2019 struct rfcomm_session *s; 2020 struct list_head *p, *n; 2021 2022 BT_DBG(""); 2023 2024 list_for_each_safe(p, n, &session_list) { 2025 s = list_entry(p, struct rfcomm_session, list); 2026 rfcomm_session_del(s); 2027 } 2028} 2029 2030static int rfcomm_run(void *unused) 2031{ 2032 BT_DBG(""); 2033 2034 set_user_nice(current, -10); 2035 2036 rfcomm_add_listener(BDADDR_ANY); 2037 2038 while (!kthread_should_stop()) { 2039 set_current_state(TASK_INTERRUPTIBLE); 2040 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2041 /* No pending events. Let's sleep. 2042 * Incoming connections and data will wake us up. */ 2043 schedule(); 2044 } 2045 set_current_state(TASK_RUNNING); 2046 2047 /* Process stuff */ 2048 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2049 rfcomm_process_sessions(); 2050 } 2051 2052 rfcomm_kill_listener(); 2053 2054 return 0; 2055} 2056 2057static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2058{ 2059 struct rfcomm_session *s; 2060 struct rfcomm_dlc *d; 2061 struct list_head *p, *n; 2062 2063 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2064 2065 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2066 if (!s) 2067 return; 2068 2069 rfcomm_session_hold(s); 2070 2071 list_for_each_safe(p, n, &s->dlcs) { 2072 d = list_entry(p, struct rfcomm_dlc, list); 2073 2074 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2075 rfcomm_dlc_clear_timer(d); 2076 if (status || encrypt == 0x00) { 2077 __rfcomm_dlc_close(d, ECONNREFUSED); 2078 continue; 2079 } 2080 } 2081 2082 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2083 if (d->sec_level == BT_SECURITY_MEDIUM) { 2084 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2085 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2086 continue; 2087 } else if (d->sec_level == BT_SECURITY_HIGH) { 2088 __rfcomm_dlc_close(d, ECONNREFUSED); 2089 continue; 2090 } 2091 } 2092 2093 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2094 continue; 2095 2096 if (!status) 2097 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2098 else 2099 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2100 } 2101 2102 rfcomm_session_put(s); 2103 2104 rfcomm_schedule(); 2105} 2106 2107static struct hci_cb rfcomm_cb = { 2108 .name = "RFCOMM", 2109 .security_cfm = rfcomm_security_cfm 2110}; 2111 2112static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2113{ 2114 struct rfcomm_session *s; 2115 struct list_head *pp, *p; 2116 2117 rfcomm_lock(); 2118 2119 list_for_each(p, &session_list) { 2120 s = list_entry(p, struct rfcomm_session, list); 2121 list_for_each(pp, &s->dlcs) { 2122 struct sock *sk = s->sock->sk; 2123 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2124 2125 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2126 batostr(&bt_sk(sk)->src), 2127 batostr(&bt_sk(sk)->dst), 2128 d->state, d->dlci, d->mtu, 2129 d->rx_credits, d->tx_credits); 2130 } 2131 } 2132 2133 rfcomm_unlock(); 2134 2135 return 0; 2136} 2137 2138static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2139{ 2140 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2141} 2142 2143static const struct file_operations rfcomm_dlc_debugfs_fops = { 2144 .open = rfcomm_dlc_debugfs_open, 2145 .read = seq_read, 2146 .llseek = seq_lseek, 2147 .release = single_release, 2148}; 2149 2150static struct dentry *rfcomm_dlc_debugfs; 2151 2152/* ---- Initialization ---- */ 2153static int __init rfcomm_init(void) 2154{ 2155 int err; 2156 2157 l2cap_load(); 2158 2159 hci_register_cb(&rfcomm_cb); 2160 2161 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2162 if (IS_ERR(rfcomm_thread)) { 2163 err = PTR_ERR(rfcomm_thread); 2164 goto unregister; 2165 } 2166 2167 if (bt_debugfs) { 2168 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2169 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2170 if (!rfcomm_dlc_debugfs) 2171 BT_ERR("Failed to create RFCOMM debug file"); 2172 } 2173 2174 err = rfcomm_init_ttys(); 2175 if (err < 0) 2176 goto stop; 2177 2178 err = rfcomm_init_sockets(); 2179 if (err < 0) 2180 goto cleanup; 2181 2182 BT_INFO("RFCOMM ver %s", VERSION); 2183 2184 return 0; 2185 2186cleanup: 2187 rfcomm_cleanup_ttys(); 2188 2189stop: 2190 kthread_stop(rfcomm_thread); 2191 2192unregister: 2193 hci_unregister_cb(&rfcomm_cb); 2194 2195 return err; 2196} 2197 2198static void __exit rfcomm_exit(void) 2199{ 2200 debugfs_remove(rfcomm_dlc_debugfs); 2201 2202 hci_unregister_cb(&rfcomm_cb); 2203 2204 kthread_stop(rfcomm_thread); 2205 2206 rfcomm_cleanup_ttys(); 2207 2208 rfcomm_cleanup_sockets(); 2209} 2210 2211module_init(rfcomm_init); 2212module_exit(rfcomm_exit); 2213 2214module_param(disable_cfc, bool, 0644); 2215MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2216 2217module_param(channel_mtu, int, 0644); 2218MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2219 2220module_param(l2cap_mtu, uint, 0644); 2221MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2222 2223module_param(l2cap_ertm, bool, 0644); 2224MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2225 2226MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2227MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2228MODULE_VERSION(VERSION); 2229MODULE_LICENSE("GPL"); 2230MODULE_ALIAS("bt-proto-3"); 2231