kernel - Fix races created by a comedy of circumstansces (3)
[dragonfly.git] / sys / netbt / rfcomm_dlc.c
blob904d415bcbfeba20b37480a095822aacdf946061
1 /* $OpenBSD: src/sys/netbt/rfcomm_dlc.c,v 1.2 2008/02/24 21:34:48 uwe Exp $ */
2 /* $NetBSD: rfcomm_dlc.c,v 1.4 2007/11/03 17:20:17 plunky Exp $ */
4 /*-
5 * Copyright (c) 2006 Itronix Inc.
6 * All rights reserved.
8 * Written by Iain Hibbert for Itronix Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/param.h>
36 #include <sys/kernel.h>
37 #include <sys/mbuf.h>
38 #include <sys/proc.h>
39 #include <sys/systm.h>
40 #include <sys/endian.h>
42 #include <netbt/bluetooth.h>
43 #include <netbt/hci.h>
44 #include <netbt/l2cap.h>
45 #include <netbt/rfcomm.h>
48 * rfcomm_dlc_lookup(rfcomm_session, dlci)
50 * Find DLC on session with matching dlci
52 struct rfcomm_dlc *
53 rfcomm_dlc_lookup(struct rfcomm_session *rs, int dlci)
55 struct rfcomm_dlc *dlc;
57 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
58 if (dlc->rd_dlci == dlci)
59 break;
62 return dlc;
66 * rfcomm_dlc_newconn(rfcomm_session, dlci)
68 * handle a new dlc request (since its called from a couple of places)
70 struct rfcomm_dlc *
71 rfcomm_dlc_newconn(struct rfcomm_session *rs, int dlci)
73 struct rfcomm_session *ls;
74 struct rfcomm_dlc *new, *dlc, *any, *best;
75 struct sockaddr_bt laddr, raddr, addr;
76 int chan;
79 * Search amongst the listening DLC community for the best match for
80 * address & channel. We keep listening DLC's hanging on listening
81 * sessions in a last first order, so scan the entire bunch and keep
82 * a note of the best address and BDADDR_ANY matches in order to find
83 * the oldest and most specific match.
85 l2cap_sockaddr(rs->rs_l2cap, &laddr);
86 l2cap_peeraddr(rs->rs_l2cap, &raddr);
87 chan = RFCOMM_CHANNEL(dlci);
88 new = NULL;
90 any = best = NULL;
91 LIST_FOREACH(ls, &rfcomm_session_listen, rs_next) {
92 l2cap_sockaddr(ls->rs_l2cap, &addr);
94 if (addr.bt_psm != laddr.bt_psm)
95 continue;
97 if (bdaddr_same(&laddr.bt_bdaddr, &addr.bt_bdaddr)) {
98 LIST_FOREACH(dlc, &ls->rs_dlcs, rd_next) {
99 if (dlc->rd_laddr.bt_channel == chan)
100 best = dlc;
104 if (bdaddr_any(&addr.bt_bdaddr)) {
105 LIST_FOREACH(dlc, &ls->rs_dlcs, rd_next) {
106 if (dlc->rd_laddr.bt_channel == chan)
107 any = dlc;
112 dlc = best ? best : any;
114 /* XXX
115 * Note that if this fails, we could have missed a chance to open
116 * a connection - really need to rewrite the strategy for storing
117 * listening DLC's so all can be checked in turn..
119 if (dlc != NULL)
120 new = (*dlc->rd_proto->newconn)(dlc->rd_upper, &laddr, &raddr);
122 if (new == NULL) {
123 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
124 return NULL;
127 new->rd_dlci = dlci;
128 new->rd_mtu = rfcomm_mtu_default;
129 new->rd_mode = dlc->rd_mode;
131 memcpy(&new->rd_laddr, &laddr, sizeof(struct sockaddr_bt));
132 new->rd_laddr.bt_channel = chan;
134 memcpy(&new->rd_raddr, &raddr, sizeof(struct sockaddr_bt));
135 new->rd_raddr.bt_channel = chan;
137 new->rd_session = rs;
138 new->rd_state = RFCOMM_DLC_WAIT_CONNECT;
139 LIST_INSERT_HEAD(&rs->rs_dlcs, new, rd_next);
141 return new;
145 * rfcomm_dlc_close(dlc, error)
147 * detach DLC from session and clean up
149 void
150 rfcomm_dlc_close(struct rfcomm_dlc *dlc, int err)
152 struct rfcomm_session *rs;
153 struct rfcomm_credit *credit;
155 KKASSERT(dlc->rd_state != RFCOMM_DLC_CLOSED);
157 /* Clear credit history */
158 rs = dlc->rd_session;
159 STAILQ_FOREACH(credit, &rs->rs_credits, rc_next)
160 if (credit->rc_dlc == dlc)
161 credit->rc_dlc = NULL;
163 callout_stop(&dlc->rd_timeout);
165 LIST_REMOVE(dlc, rd_next);
166 dlc->rd_session = NULL;
167 dlc->rd_state = RFCOMM_DLC_CLOSED;
169 (*dlc->rd_proto->disconnected)(dlc->rd_upper, err);
172 * It is the responsibility of the party who sends the last
173 * DISC(dlci) to disconnect the session, but we will schedule
174 * an expiry just in case that doesnt happen..
176 if (LIST_EMPTY(&rs->rs_dlcs)) {
177 if (rs->rs_state == RFCOMM_SESSION_LISTEN)
178 rfcomm_session_free(rs);
179 else
180 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout * hz,
181 rfcomm_session_timeout, rs);
186 * rfcomm_dlc_timeout(dlc)
188 * DLC timeout function is schedUled when we sent any of SABM,
189 * DISC, MCC_MSC, or MCC_PN and should be cancelled when we get
190 * the relevant response. There is nothing to do but shut this
191 * DLC down.
193 void
194 rfcomm_dlc_timeout(void *arg)
196 struct rfcomm_dlc *dlc = arg;
198 crit_enter();
200 if (dlc->rd_state != RFCOMM_DLC_CLOSED)
201 rfcomm_dlc_close(dlc, ETIMEDOUT);
202 else if (dlc->rd_flags & RFCOMM_DLC_DETACH)
203 kfree(dlc, M_BLUETOOTH);
205 crit_exit();
209 * rfcomm_dlc_setmode(rfcomm_dlc)
211 * Set link mode for DLC. This is only called when the session is
212 * already open, so we don't need to worry about any previous mode
213 * settings.
216 rfcomm_dlc_setmode(struct rfcomm_dlc *dlc)
218 int mode = 0;
220 KKASSERT(dlc->rd_session != NULL);
221 KKASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
223 DPRINTF("dlci %d, auth %s, encrypt %s, secure %s\n", dlc->rd_dlci,
224 (dlc->rd_mode & RFCOMM_LM_AUTH ? "yes" : "no"),
225 (dlc->rd_mode & RFCOMM_LM_ENCRYPT ? "yes" : "no"),
226 (dlc->rd_mode & RFCOMM_LM_SECURE ? "yes" : "no"));
228 if (dlc->rd_mode & RFCOMM_LM_AUTH)
229 mode |= L2CAP_LM_AUTH;
231 if (dlc->rd_mode & RFCOMM_LM_ENCRYPT)
232 mode |= L2CAP_LM_ENCRYPT;
234 if (dlc->rd_mode & RFCOMM_LM_SECURE)
235 mode |= L2CAP_LM_SECURE;
237 return l2cap_setopt(dlc->rd_session->rs_l2cap, SO_L2CAP_LM, &mode);
241 * rfcomm_dlc_connect(rfcomm_dlc)
243 * initiate DLC connection (session is already connected)
246 rfcomm_dlc_connect(struct rfcomm_dlc *dlc)
248 struct rfcomm_mcc_pn pn;
249 int err = 0;
251 KKASSERT(dlc->rd_session != NULL);
252 KKASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
253 KKASSERT(dlc->rd_state == RFCOMM_DLC_WAIT_SESSION);
256 * If we have not already sent a PN on the session, we must send
257 * a PN to negotiate Credit Flow Control, and this setting will
258 * apply to all future connections for this session. We ask for
259 * this every time, in order to establish initial credits.
261 memset(&pn, 0, sizeof(pn));
262 pn.dlci = dlc->rd_dlci;
263 pn.priority = dlc->rd_dlci | 0x07;
264 pn.mtu = htole16(dlc->rd_mtu);
266 pn.flow_control = 0xf0;
267 dlc->rd_rxcred = (dlc->rd_rxsize / dlc->rd_mtu);
268 dlc->rd_rxcred = min(dlc->rd_rxcred, RFCOMM_CREDITS_DEFAULT);
269 pn.credits = dlc->rd_rxcred;
271 err = rfcomm_session_send_mcc(dlc->rd_session, 1,
272 RFCOMM_MCC_PN, &pn, sizeof(pn));
273 if (err)
274 return err;
276 dlc->rd_state = RFCOMM_DLC_WAIT_CONNECT;
277 callout_reset(&dlc->rd_timeout, rfcomm_mcc_timeout * hz,
278 rfcomm_dlc_timeout, dlc);
279 return 0;
283 * rfcomm_dlc_open(rfcomm_dlc)
285 * send "Modem Status Command" and mark DLC as open.
288 rfcomm_dlc_open(struct rfcomm_dlc *dlc)
290 struct rfcomm_mcc_msc msc;
291 int err;
293 KKASSERT(dlc->rd_session != NULL);
294 KKASSERT(dlc->rd_session->rs_state == RFCOMM_SESSION_OPEN);
296 memset(&msc, 0, sizeof(msc));
297 msc.address = RFCOMM_MKADDRESS(1, dlc->rd_dlci);
298 msc.modem = dlc->rd_lmodem & 0xfe; /* EA = 0 */
299 msc.brk = 0x00 | 0x01; /* EA = 1 */
301 err = rfcomm_session_send_mcc(dlc->rd_session, 1,
302 RFCOMM_MCC_MSC, &msc, sizeof(msc));
303 if (err)
304 return err;
306 callout_reset(&dlc->rd_timeout, rfcomm_mcc_timeout * hz,
307 rfcomm_dlc_timeout, dlc);
309 dlc->rd_state = RFCOMM_DLC_OPEN;
310 (*dlc->rd_proto->connected)(dlc->rd_upper);
312 return 0;
316 * rfcomm_dlc_start(rfcomm_dlc)
318 * Start sending data (and/or credits) for DLC. Our strategy is to
319 * send anything we can down to the l2cap layer. When credits run
320 * out, data will naturally bunch up. When not using credit flow
321 * control, we limit the number of packets we have pending to reduce
322 * flow control lag.
323 * We should deal with channel priority somehow.
325 void
326 rfcomm_dlc_start(struct rfcomm_dlc *dlc)
328 struct rfcomm_session *rs = dlc->rd_session;
329 struct mbuf *m;
330 int len, credits;
332 KKASSERT(rs != NULL);
333 KKASSERT(rs->rs_state == RFCOMM_SESSION_OPEN);
334 KKASSERT(dlc->rd_state == RFCOMM_DLC_OPEN);
336 for (;;) {
337 credits = 0;
338 len = dlc->rd_mtu;
339 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
340 credits = (dlc->rd_rxsize / dlc->rd_mtu);
341 credits -= dlc->rd_rxcred;
342 credits = min(credits, RFCOMM_CREDITS_MAX);
344 if (credits > 0)
345 len--;
347 if (dlc->rd_txcred == 0)
348 len = 0;
349 } else {
350 if (rs->rs_flags & RFCOMM_SESSION_RFC)
351 break;
353 if (dlc->rd_rmodem & RFCOMM_MSC_FC)
354 break;
356 if (dlc->rd_pending > RFCOMM_CREDITS_DEFAULT)
357 break;
360 if (dlc->rd_txbuf == NULL)
361 len = 0;
363 if (len == 0) {
364 if (credits == 0)
365 break;
368 * No need to send small numbers of credits on their
369 * own unless the other end hasn't many left.
371 if (credits < RFCOMM_CREDITS_DEFAULT
372 && dlc->rd_rxcred > RFCOMM_CREDITS_DEFAULT)
373 break;
375 m = NULL;
376 } else {
378 * take what data we can from (front of) txbuf
380 m = dlc->rd_txbuf;
381 if (len < m->m_pkthdr.len) {
382 dlc->rd_txbuf = m_split(m, len, M_NOWAIT);
383 if (dlc->rd_txbuf == NULL) {
384 dlc->rd_txbuf = m;
385 break;
387 } else {
388 dlc->rd_txbuf = NULL;
389 len = m->m_pkthdr.len;
393 DPRINTFN(10, "dlci %d send %d bytes, %d credits, rxcred = %d\n",
394 dlc->rd_dlci, len, credits, dlc->rd_rxcred);
396 if (rfcomm_session_send_uih(rs, dlc, credits, m)) {
397 kprintf("%s: lost %d bytes on DLCI %d\n",
398 __func__, len, dlc->rd_dlci);
400 break;
403 dlc->rd_pending++;
405 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
406 if (len > 0)
407 dlc->rd_txcred--;
409 if (credits > 0)
410 dlc->rd_rxcred += credits;