search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6.git] / net / bluetooth / rfcomm / core.c
blobca957d34b0c89fa29341a179ee16e325ac226e55
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define VERSION "1.11"
39
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45 static struct task_struct *rfcomm_thread;
46
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52 static LIST_HEAD(session_list);
53
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65 static void rfcomm_process_connect(struct rfcomm_session *s);
66
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
79
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
83
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
89
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
92
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
103
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
110
111 /* ---- RFCOMM FCS computation ---- */
112
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154 };
155
156 /* CRC on 2 bytes */
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
159 /* FCS on 2 bytes */
160 static inline u8 __fcs(u8 *data)
161 {
162 return 0xff - __crc(data);
163 }
164
165 /* FCS on 3 bytes */
166 static inline u8 __fcs2(u8 *data)
167 {
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
169 }
170
171 /* Check FCS */
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
173 {
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 }
181
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
184 {
185 BT_DBG("%p state %d", sk, sk->sk_state);
186 rfcomm_schedule();
187 }
188
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190 {
191 BT_DBG("%p bytes %d", sk, bytes);
192 rfcomm_schedule();
193 }
194
195 static int rfcomm_l2sock_create(struct socket **sock)
196 {
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208 }
209
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
211 {
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 break;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
223 break;
224 default:
225 auth_type = HCI_AT_NO_BONDING;
226 break;
227 }
228
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
230 }
231
232 static void rfcomm_session_timeout(unsigned long arg)
233 {
234 struct rfcomm_session *s = (void *) arg;
235
236 BT_DBG("session %p state %ld", s, s->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
239 rfcomm_schedule();
240 }
241
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
243 {
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
245
246 mod_timer(&s->timer, jiffies + timeout);
247 }
248
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
250 {
251 BT_DBG("session %p state %ld", s, s->state);
252
253 del_timer_sync(&s->timer);
254 }
255
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
258 {
259 struct rfcomm_dlc *d = (void *) arg;
260
261 BT_DBG("dlc %p state %ld", d, d->state);
262
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
264 rfcomm_dlc_put(d);
265 rfcomm_schedule();
266 }
267
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
269 {
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
271
272 if (!mod_timer(&d->timer, jiffies + timeout))
273 rfcomm_dlc_hold(d);
274 }
275
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
277 {
278 BT_DBG("dlc %p state %ld", d, d->state);
279
280 if (del_timer(&d->timer))
281 rfcomm_dlc_put(d);
282 }
283
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
285 {
286 BT_DBG("%p", d);
287
288 d->state = BT_OPEN;
289 d->flags = 0;
290 d->mscex = 0;
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
294
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
297 }
298
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
300 {
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
302
303 if (!d)
304 return NULL;
305
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
307
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
311
312 rfcomm_dlc_clear_state(d);
313
314 BT_DBG("%p", d);
315
316 return d;
317 }
318
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
320 {
321 BT_DBG("%p", d);
322
323 skb_queue_purge(&d->tx_queue);
324 kfree(d);
325 }
326
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
328 {
329 BT_DBG("dlc %p session %p", d, s);
330
331 rfcomm_session_clear_timer(s);
332 rfcomm_dlc_hold(d);
333 list_add(&d->list, &s->dlcs);
334 d->session = s;
335 }
336
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
338 {
339 struct rfcomm_session *s = d->session;
340
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342
343 list_del(&d->list);
344 d->session = NULL;
345 rfcomm_dlc_put(d);
346
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
349 }
350
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
352 {
353 struct rfcomm_dlc *d;
354
355 list_for_each_entry(d, &s->dlcs, list)
356 if (d->dlci == dlci)
357 return d;
358
359 return NULL;
360 }
361
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
363 {
364 struct rfcomm_session *s;
365 int err = 0;
366 u8 dlci;
367
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
370
371 if (channel < 1 || channel > 30)
372 return -EINVAL;
373
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
375 return 0;
376
377 s = rfcomm_session_get(src, dst);
378 if (!s) {
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
380 if (!s)
381 return err;
382 }
383
384 dlci = __dlci(!s->initiator, channel);
385
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
388 return -EBUSY;
389
390 rfcomm_dlc_clear_state(d);
391
392 d->dlci = dlci;
393 d->addr = __addr(s->initiator, dlci);
394 d->priority = 7;
395
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
398
399 d->out = 1;
400
401 d->mtu = s->mtu;
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
403
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
407 else
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
409 }
410
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
412
413 return 0;
414 }
415
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
417 {
418 int r;
419
420 rfcomm_lock();
421
422 r = __rfcomm_dlc_open(d, src, dst, channel);
423
424 rfcomm_unlock();
425 return r;
426 }
427
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
429 {
430 struct rfcomm_session *s = d->session;
431 if (!s)
432 return 0;
433
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
436
437 switch (d->state) {
438 case BT_CONNECT:
439 case BT_CONFIG:
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
442 rfcomm_schedule();
443 break;
444 }
445 /* Fall through */
446
447 case BT_CONNECTED:
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
452 } else {
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
455 }
456 break;
457
458 case BT_OPEN:
459 case BT_CONNECT2:
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
462 rfcomm_schedule();
463 break;
464 }
465 /* Fall through */
466
467 default:
468 rfcomm_dlc_clear_timer(d);
469
470 rfcomm_dlc_lock(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
474
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
477 }
478
479 return 0;
480 }
481
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
483 {
484 int r = 0;
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
487
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
489
490 rfcomm_lock();
491
492 s = d->session;
493 if (!s)
494 goto no_session;
495
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
498 */
499 list_for_each_entry(s_list, &session_list, list) {
500 if (s_list == s) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
502 if (d_list == d) {
503 r = __rfcomm_dlc_close(d, err);
504 break;
505 }
506 }
507 break;
508 }
509 }
510
511 no_session:
512 rfcomm_unlock();
513 return r;
514 }
515
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
517 {
518 int len = skb->len;
519
520 if (d->state != BT_CONNECTED)
521 return -ENOTCONN;
522
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
524
525 if (len > d->mtu)
526 return -EINVAL;
527
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
530
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
532 rfcomm_schedule();
533 return len;
534 }
535
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
537 {
538 BT_DBG("dlc %p state %ld", d, d->state);
539
540 if (!d->cfc) {
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
544 rfcomm_schedule();
545 }
546
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
548 {
549 BT_DBG("dlc %p state %ld", d, d->state);
550
551 if (!d->cfc) {
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
554 }
555 rfcomm_schedule();
556 }
557
558 /*
559 Set/get modem status functions use _local_ status i.e. what we report
560 to the other side.
561 Remote status is provided by dlc->modem_status() callback.
562 */
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564 {
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
567
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
570 else
571 v24_sig &= ~RFCOMM_V24_FC;
572
573 d->v24_sig = v24_sig;
574
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
576 rfcomm_schedule();
577
578 return 0;
579 }
580
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582 {
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
585
586 *v24_sig = d->v24_sig;
587 return 0;
588 }
589
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592 {
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
594
595 if (!s)
596 return NULL;
597
598 BT_DBG("session %p sock %p", s, sock);
599
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601
602 INIT_LIST_HEAD(&s->dlcs);
603 s->state = state;
604 s->sock = sock;
605
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
608
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
613 kfree(s);
614 return NULL;
615 }
616
617 list_add(&s->list, &session_list);
618
619 return s;
620 }
621
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
623 {
624 int state = s->state;
625
626 BT_DBG("session %p state %ld", s, s->state);
627
628 list_del(&s->list);
629
630 rfcomm_session_clear_timer(s);
631 sock_release(s->sock);
632 kfree(s);
633
634 if (state != BT_LISTEN)
635 module_put(THIS_MODULE);
636
637 return NULL;
638 }
639
640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
641 {
642 struct rfcomm_session *s;
643 struct list_head *p, *n;
644 struct bt_sock *sk;
645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list);
647 sk = bt_sk(s->sock->sk);
648
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
650 !bacmp(&sk->dst, dst))
651 return s;
652 }
653 return NULL;
654 }
655
656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
657 int err)
658 {
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
661
662 s->state = BT_CLOSED;
663
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
665
666 /* Close all dlcs */
667 list_for_each_safe(p, n, &s->dlcs) {
668 d = list_entry(p, struct rfcomm_dlc, list);
669 d->state = BT_CLOSED;
670 __rfcomm_dlc_close(d, err);
671 }
672
673 rfcomm_session_clear_timer(s);
674 return rfcomm_session_del(s);
675 }
676
677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
678 bdaddr_t *dst,
679 u8 sec_level,
680 int *err)
681 {
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
684 struct socket *sock;
685 struct sock *sk;
686
687 BT_DBG("%pMR -> %pMR", src, dst);
688
689 *err = rfcomm_l2sock_create(&sock);
690 if (*err < 0)
691 return NULL;
692
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0;
696 addr.l2_cid = 0;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698 if (*err < 0)
699 goto failed;
700
701 /* Set L2CAP options */
702 sk = sock->sk;
703 lock_sock(sk);
704 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
705 l2cap_pi(sk)->chan->sec_level = sec_level;
706 if (l2cap_ertm)
707 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
708 release_sock(sk);
709
710 s = rfcomm_session_add(sock, BT_BOUND);
711 if (!s) {
712 *err = -ENOMEM;
713 goto failed;
714 }
715
716 s->initiator = 1;
717
718 bacpy(&addr.l2_bdaddr, dst);
719 addr.l2_family = AF_BLUETOOTH;
720 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
721 addr.l2_cid = 0;
722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
723 if (*err == 0 || *err == -EINPROGRESS)
724 return s;
725
726 return rfcomm_session_del(s);
727
728 failed:
729 sock_release(sock);
730 return NULL;
731 }
732
733 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
734 {
735 struct sock *sk = s->sock->sk;
736 if (src)
737 bacpy(src, &bt_sk(sk)->src);
738 if (dst)
739 bacpy(dst, &bt_sk(sk)->dst);
740 }
741
742 /* ---- RFCOMM frame sending ---- */
743 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
744 {
745 struct kvec iv = { data, len };
746 struct msghdr msg;
747
748 BT_DBG("session %p len %d", s, len);
749
750 memset(&msg, 0, sizeof(msg));
751
752 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
753 }
754
755 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
756 {
757 BT_DBG("%p cmd %u", s, cmd->ctrl);
758
759 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
760 }
761
762 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
763 {
764 struct rfcomm_cmd cmd;
765
766 BT_DBG("%p dlci %d", s, dlci);
767
768 cmd.addr = __addr(s->initiator, dlci);
769 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
770 cmd.len = __len8(0);
771 cmd.fcs = __fcs2((u8 *) &cmd);
772
773 return rfcomm_send_cmd(s, &cmd);
774 }
775
776 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
777 {
778 struct rfcomm_cmd cmd;
779
780 BT_DBG("%p dlci %d", s, dlci);
781
782 cmd.addr = __addr(!s->initiator, dlci);
783 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
784 cmd.len = __len8(0);
785 cmd.fcs = __fcs2((u8 *) &cmd);
786
787 return rfcomm_send_cmd(s, &cmd);
788 }
789
790 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
791 {
792 struct rfcomm_cmd cmd;
793
794 BT_DBG("%p dlci %d", s, dlci);
795
796 cmd.addr = __addr(s->initiator, dlci);
797 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
798 cmd.len = __len8(0);
799 cmd.fcs = __fcs2((u8 *) &cmd);
800
801 return rfcomm_send_cmd(s, &cmd);
802 }
803
804 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
805 {
806 struct rfcomm_cmd *cmd;
807 struct sk_buff *skb;
808
809 BT_DBG("dlc %p dlci %d", d, d->dlci);
810
811 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
812 if (!skb)
813 return -ENOMEM;
814
815 cmd = (void *) __skb_put(skb, sizeof(*cmd));
816 cmd->addr = d->addr;
817 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
818 cmd->len = __len8(0);
819 cmd->fcs = __fcs2((u8 *) cmd);
820
821 skb_queue_tail(&d->tx_queue, skb);
822 rfcomm_schedule();
823 return 0;
824 }
825
826 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
827 {
828 struct rfcomm_cmd cmd;
829
830 BT_DBG("%p dlci %d", s, dlci);
831
832 cmd.addr = __addr(!s->initiator, dlci);
833 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
834 cmd.len = __len8(0);
835 cmd.fcs = __fcs2((u8 *) &cmd);
836
837 return rfcomm_send_cmd(s, &cmd);
838 }
839
840 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
841 {
842 struct rfcomm_hdr *hdr;
843 struct rfcomm_mcc *mcc;
844 u8 buf[16], *ptr = buf;
845
846 BT_DBG("%p cr %d type %d", s, cr, type);
847
848 hdr = (void *) ptr; ptr += sizeof(*hdr);
849 hdr->addr = __addr(s->initiator, 0);
850 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
851 hdr->len = __len8(sizeof(*mcc) + 1);
852
853 mcc = (void *) ptr; ptr += sizeof(*mcc);
854 mcc->type = __mcc_type(cr, RFCOMM_NSC);
855 mcc->len = __len8(1);
856
857 /* Type that we didn't like */
858 *ptr = __mcc_type(cr, type); ptr++;
859
860 *ptr = __fcs(buf); ptr++;
861
862 return rfcomm_send_frame(s, buf, ptr - buf);
863 }
864
865 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
866 {
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 struct rfcomm_pn *pn;
870 u8 buf[16], *ptr = buf;
871
872 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
873
874 hdr = (void *) ptr; ptr += sizeof(*hdr);
875 hdr->addr = __addr(s->initiator, 0);
876 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
877 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
878
879 mcc = (void *) ptr; ptr += sizeof(*mcc);
880 mcc->type = __mcc_type(cr, RFCOMM_PN);
881 mcc->len = __len8(sizeof(*pn));
882
883 pn = (void *) ptr; ptr += sizeof(*pn);
884 pn->dlci = d->dlci;
885 pn->priority = d->priority;
886 pn->ack_timer = 0;
887 pn->max_retrans = 0;
888
889 if (s->cfc) {
890 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
891 pn->credits = RFCOMM_DEFAULT_CREDITS;
892 } else {
893 pn->flow_ctrl = 0;
894 pn->credits = 0;
895 }
896
897 if (cr && channel_mtu >= 0)
898 pn->mtu = cpu_to_le16(channel_mtu);
899 else
900 pn->mtu = cpu_to_le16(d->mtu);
901
902 *ptr = __fcs(buf); ptr++;
903
904 return rfcomm_send_frame(s, buf, ptr - buf);
905 }
906
907 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
908 u8 bit_rate, u8 data_bits, u8 stop_bits,
909 u8 parity, u8 flow_ctrl_settings,
910 u8 xon_char, u8 xoff_char, u16 param_mask)
911 {
912 struct rfcomm_hdr *hdr;
913 struct rfcomm_mcc *mcc;
914 struct rfcomm_rpn *rpn;
915 u8 buf[16], *ptr = buf;
916
917 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
918 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
919 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
920 flow_ctrl_settings, xon_char, xoff_char, param_mask);
921
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
926
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_RPN);
929 mcc->len = __len8(sizeof(*rpn));
930
931 rpn = (void *) ptr; ptr += sizeof(*rpn);
932 rpn->dlci = __addr(1, dlci);
933 rpn->bit_rate = bit_rate;
934 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
935 rpn->flow_ctrl = flow_ctrl_settings;
936 rpn->xon_char = xon_char;
937 rpn->xoff_char = xoff_char;
938 rpn->param_mask = cpu_to_le16(param_mask);
939
940 *ptr = __fcs(buf); ptr++;
941
942 return rfcomm_send_frame(s, buf, ptr - buf);
943 }
944
945 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
946 {
947 struct rfcomm_hdr *hdr;
948 struct rfcomm_mcc *mcc;
949 struct rfcomm_rls *rls;
950 u8 buf[16], *ptr = buf;
951
952 BT_DBG("%p cr %d status 0x%x", s, cr, status);
953
954 hdr = (void *) ptr; ptr += sizeof(*hdr);
955 hdr->addr = __addr(s->initiator, 0);
956 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
957 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
958
959 mcc = (void *) ptr; ptr += sizeof(*mcc);
960 mcc->type = __mcc_type(cr, RFCOMM_RLS);
961 mcc->len = __len8(sizeof(*rls));
962
963 rls = (void *) ptr; ptr += sizeof(*rls);
964 rls->dlci = __addr(1, dlci);
965 rls->status = status;
966
967 *ptr = __fcs(buf); ptr++;
968
969 return rfcomm_send_frame(s, buf, ptr - buf);
970 }
971
972 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
973 {
974 struct rfcomm_hdr *hdr;
975 struct rfcomm_mcc *mcc;
976 struct rfcomm_msc *msc;
977 u8 buf[16], *ptr = buf;
978
979 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
980
981 hdr = (void *) ptr; ptr += sizeof(*hdr);
982 hdr->addr = __addr(s->initiator, 0);
983 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
984 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
985
986 mcc = (void *) ptr; ptr += sizeof(*mcc);
987 mcc->type = __mcc_type(cr, RFCOMM_MSC);
988 mcc->len = __len8(sizeof(*msc));
989
990 msc = (void *) ptr; ptr += sizeof(*msc);
991 msc->dlci = __addr(1, dlci);
992 msc->v24_sig = v24_sig | 0x01;
993
994 *ptr = __fcs(buf); ptr++;
995
996 return rfcomm_send_frame(s, buf, ptr - buf);
997 }
998
999 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1000 {
1001 struct rfcomm_hdr *hdr;
1002 struct rfcomm_mcc *mcc;
1003 u8 buf[16], *ptr = buf;
1004
1005 BT_DBG("%p cr %d", s, cr);
1006
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc));
1011
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1014 mcc->len = __len8(0);
1015
1016 *ptr = __fcs(buf); ptr++;
1017
1018 return rfcomm_send_frame(s, buf, ptr - buf);
1019 }
1020
1021 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1022 {
1023 struct rfcomm_hdr *hdr;
1024 struct rfcomm_mcc *mcc;
1025 u8 buf[16], *ptr = buf;
1026
1027 BT_DBG("%p cr %d", s, cr);
1028
1029 hdr = (void *) ptr; ptr += sizeof(*hdr);
1030 hdr->addr = __addr(s->initiator, 0);
1031 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1032 hdr->len = __len8(sizeof(*mcc));
1033
1034 mcc = (void *) ptr; ptr += sizeof(*mcc);
1035 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1036 mcc->len = __len8(0);
1037
1038 *ptr = __fcs(buf); ptr++;
1039
1040 return rfcomm_send_frame(s, buf, ptr - buf);
1041 }
1042
1043 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1044 {
1045 struct socket *sock = s->sock;
1046 struct kvec iv[3];
1047 struct msghdr msg;
1048 unsigned char hdr[5], crc[1];
1049
1050 if (len > 125)
1051 return -EINVAL;
1052
1053 BT_DBG("%p cr %d", s, cr);
1054
1055 hdr[0] = __addr(s->initiator, 0);
1056 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1057 hdr[2] = 0x01 | ((len + 2) << 1);
1058 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1059 hdr[4] = 0x01 | (len << 1);
1060
1061 crc[0] = __fcs(hdr);
1062
1063 iv[0].iov_base = hdr;
1064 iv[0].iov_len = 5;
1065 iv[1].iov_base = pattern;
1066 iv[1].iov_len = len;
1067 iv[2].iov_base = crc;
1068 iv[2].iov_len = 1;
1069
1070 memset(&msg, 0, sizeof(msg));
1071
1072 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1073 }
1074
1075 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1076 {
1077 struct rfcomm_hdr *hdr;
1078 u8 buf[16], *ptr = buf;
1079
1080 BT_DBG("%p addr %d credits %d", s, addr, credits);
1081
1082 hdr = (void *) ptr; ptr += sizeof(*hdr);
1083 hdr->addr = addr;
1084 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1085 hdr->len = __len8(0);
1086
1087 *ptr = credits; ptr++;
1088
1089 *ptr = __fcs(buf); ptr++;
1090
1091 return rfcomm_send_frame(s, buf, ptr - buf);
1092 }
1093
1094 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1095 {
1096 struct rfcomm_hdr *hdr;
1097 int len = skb->len;
1098 u8 *crc;
1099
1100 if (len > 127) {
1101 hdr = (void *) skb_push(skb, 4);
1102 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1103 } else {
1104 hdr = (void *) skb_push(skb, 3);
1105 hdr->len = __len8(len);
1106 }
1107 hdr->addr = addr;
1108 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1109
1110 crc = skb_put(skb, 1);
1111 *crc = __fcs((void *) hdr);
1112 }
1113
1114 /* ---- RFCOMM frame reception ---- */
1115 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1116 {
1117 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1118
1119 if (dlci) {
1120 /* Data channel */
1121 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1122 if (!d) {
1123 rfcomm_send_dm(s, dlci);
1124 return s;
1125 }
1126
1127 switch (d->state) {
1128 case BT_CONNECT:
1129 rfcomm_dlc_clear_timer(d);
1130
1131 rfcomm_dlc_lock(d);
1132 d->state = BT_CONNECTED;
1133 d->state_change(d, 0);
1134 rfcomm_dlc_unlock(d);
1135
1136 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1137 break;
1138
1139 case BT_DISCONN:
1140 d->state = BT_CLOSED;
1141 __rfcomm_dlc_close(d, 0);
1142
1143 if (list_empty(&s->dlcs)) {
1144 s->state = BT_DISCONN;
1145 rfcomm_send_disc(s, 0);
1146 rfcomm_session_clear_timer(s);
1147 }
1148
1149 break;
1150 }
1151 } else {
1152 /* Control channel */
1153 switch (s->state) {
1154 case BT_CONNECT:
1155 s->state = BT_CONNECTED;
1156 rfcomm_process_connect(s);
1157 break;
1158
1159 case BT_DISCONN:
1160 s = rfcomm_session_close(s, ECONNRESET);
1161 break;
1162 }
1163 }
1164 return s;
1165 }
1166
1167 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1168 {
1169 int err = 0;
1170
1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1172
1173 if (dlci) {
1174 /* Data DLC */
1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1176 if (d) {
1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1178 err = ECONNREFUSED;
1179 else
1180 err = ECONNRESET;
1181
1182 d->state = BT_CLOSED;
1183 __rfcomm_dlc_close(d, err);
1184 }
1185 } else {
1186 if (s->state == BT_CONNECT)
1187 err = ECONNREFUSED;
1188 else
1189 err = ECONNRESET;
1190
1191 s = rfcomm_session_close(s, err);
1192 }
1193 return s;
1194 }
1195
1196 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1197 u8 dlci)
1198 {
1199 int err = 0;
1200
1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1202
1203 if (dlci) {
1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1205 if (d) {
1206 rfcomm_send_ua(s, dlci);
1207
1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1209 err = ECONNREFUSED;
1210 else
1211 err = ECONNRESET;
1212
1213 d->state = BT_CLOSED;
1214 __rfcomm_dlc_close(d, err);
1215 } else
1216 rfcomm_send_dm(s, dlci);
1217
1218 } else {
1219 rfcomm_send_ua(s, 0);
1220
1221 if (s->state == BT_CONNECT)
1222 err = ECONNREFUSED;
1223 else
1224 err = ECONNRESET;
1225
1226 s = rfcomm_session_close(s, err);
1227 }
1228 return s;
1229 }
1230
1231 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1232 {
1233 struct sock *sk = d->session->sock->sk;
1234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1235
1236 BT_DBG("dlc %p", d);
1237
1238 rfcomm_send_ua(d->session, d->dlci);
1239
1240 rfcomm_dlc_clear_timer(d);
1241
1242 rfcomm_dlc_lock(d);
1243 d->state = BT_CONNECTED;
1244 d->state_change(d, 0);
1245 rfcomm_dlc_unlock(d);
1246
1247 if (d->role_switch)
1248 hci_conn_switch_role(conn->hcon, 0x00);
1249
1250 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1251 }
1252
1253 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1254 {
1255 if (rfcomm_check_security(d)) {
1256 if (d->defer_setup) {
1257 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1258 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1259
1260 rfcomm_dlc_lock(d);
1261 d->state = BT_CONNECT2;
1262 d->state_change(d, 0);
1263 rfcomm_dlc_unlock(d);
1264 } else
1265 rfcomm_dlc_accept(d);
1266 } else {
1267 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1268 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1269 }
1270 }
1271
1272 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1273 {
1274 struct rfcomm_dlc *d;
1275 u8 channel;
1276
1277 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1278
1279 if (!dlci) {
1280 rfcomm_send_ua(s, 0);
1281
1282 if (s->state == BT_OPEN) {
1283 s->state = BT_CONNECTED;
1284 rfcomm_process_connect(s);
1285 }
1286 return 0;
1287 }
1288
1289 /* Check if DLC exists */
1290 d = rfcomm_dlc_get(s, dlci);
1291 if (d) {
1292 if (d->state == BT_OPEN) {
1293 /* DLC was previously opened by PN request */
1294 rfcomm_check_accept(d);
1295 }
1296 return 0;
1297 }
1298
1299 /* Notify socket layer about incoming connection */
1300 channel = __srv_channel(dlci);
1301 if (rfcomm_connect_ind(s, channel, &d)) {
1302 d->dlci = dlci;
1303 d->addr = __addr(s->initiator, dlci);
1304 rfcomm_dlc_link(s, d);
1305
1306 rfcomm_check_accept(d);
1307 } else {
1308 rfcomm_send_dm(s, dlci);
1309 }
1310
1311 return 0;
1312 }
1313
1314 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1315 {
1316 struct rfcomm_session *s = d->session;
1317
1318 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1319 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1320
1321 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1322 pn->flow_ctrl == 0xe0) {
1323 d->cfc = RFCOMM_CFC_ENABLED;
1324 d->tx_credits = pn->credits;
1325 } else {
1326 d->cfc = RFCOMM_CFC_DISABLED;
1327 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1328 }
1329
1330 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1331 s->cfc = d->cfc;
1332
1333 d->priority = pn->priority;
1334
1335 d->mtu = __le16_to_cpu(pn->mtu);
1336
1337 if (cr && d->mtu > s->mtu)
1338 d->mtu = s->mtu;
1339
1340 return 0;
1341 }
1342
1343 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1344 {
1345 struct rfcomm_pn *pn = (void *) skb->data;
1346 struct rfcomm_dlc *d;
1347 u8 dlci = pn->dlci;
1348
1349 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1350
1351 if (!dlci)
1352 return 0;
1353
1354 d = rfcomm_dlc_get(s, dlci);
1355 if (d) {
1356 if (cr) {
1357 /* PN request */
1358 rfcomm_apply_pn(d, cr, pn);
1359 rfcomm_send_pn(s, 0, d);
1360 } else {
1361 /* PN response */
1362 switch (d->state) {
1363 case BT_CONFIG:
1364 rfcomm_apply_pn(d, cr, pn);
1365
1366 d->state = BT_CONNECT;
1367 rfcomm_send_sabm(s, d->dlci);
1368 break;
1369 }
1370 }
1371 } else {
1372 u8 channel = __srv_channel(dlci);
1373
1374 if (!cr)
1375 return 0;
1376
1377 /* PN request for non existing DLC.
1378 * Assume incoming connection. */
1379 if (rfcomm_connect_ind(s, channel, &d)) {
1380 d->dlci = dlci;
1381 d->addr = __addr(s->initiator, dlci);
1382 rfcomm_dlc_link(s, d);
1383
1384 rfcomm_apply_pn(d, cr, pn);
1385
1386 d->state = BT_OPEN;
1387 rfcomm_send_pn(s, 0, d);
1388 } else {
1389 rfcomm_send_dm(s, dlci);
1390 }
1391 }
1392 return 0;
1393 }
1394
1395 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1396 {
1397 struct rfcomm_rpn *rpn = (void *) skb->data;
1398 u8 dlci = __get_dlci(rpn->dlci);
1399
1400 u8 bit_rate = 0;
1401 u8 data_bits = 0;
1402 u8 stop_bits = 0;
1403 u8 parity = 0;
1404 u8 flow_ctrl = 0;
1405 u8 xon_char = 0;
1406 u8 xoff_char = 0;
1407 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1408
1409 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1410 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1411 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1412
1413 if (!cr)
1414 return 0;
1415
1416 if (len == 1) {
1417 /* This is a request, return default (according to ETSI TS 07.10) settings */
1418 bit_rate = RFCOMM_RPN_BR_9600;
1419 data_bits = RFCOMM_RPN_DATA_8;
1420 stop_bits = RFCOMM_RPN_STOP_1;
1421 parity = RFCOMM_RPN_PARITY_NONE;
1422 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1423 xon_char = RFCOMM_RPN_XON_CHAR;
1424 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1425 goto rpn_out;
1426 }
1427
1428 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1429 * no parity, no flow control lines, normal XON/XOFF chars */
1430
1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1432 bit_rate = rpn->bit_rate;
1433 if (bit_rate > RFCOMM_RPN_BR_230400) {
1434 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1435 bit_rate = RFCOMM_RPN_BR_9600;
1436 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1437 }
1438 }
1439
1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1441 data_bits = __get_rpn_data_bits(rpn->line_settings);
1442 if (data_bits != RFCOMM_RPN_DATA_8) {
1443 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1444 data_bits = RFCOMM_RPN_DATA_8;
1445 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1446 }
1447 }
1448
1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1450 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1451 if (stop_bits != RFCOMM_RPN_STOP_1) {
1452 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1453 stop_bits = RFCOMM_RPN_STOP_1;
1454 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1455 }
1456 }
1457
1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1459 parity = __get_rpn_parity(rpn->line_settings);
1460 if (parity != RFCOMM_RPN_PARITY_NONE) {
1461 BT_DBG("RPN parity mismatch 0x%x", parity);
1462 parity = RFCOMM_RPN_PARITY_NONE;
1463 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1464 }
1465 }
1466
1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1468 flow_ctrl = rpn->flow_ctrl;
1469 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1470 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1471 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1472 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1473 }
1474 }
1475
1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1477 xon_char = rpn->xon_char;
1478 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1479 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1480 xon_char = RFCOMM_RPN_XON_CHAR;
1481 rpn_mask ^= RFCOMM_RPN_PM_XON;
1482 }
1483 }
1484
1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1486 xoff_char = rpn->xoff_char;
1487 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1488 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1489 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1490 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1491 }
1492 }
1493
1494 rpn_out:
1495 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1496 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1497
1498 return 0;
1499 }
1500
1501 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1502 {
1503 struct rfcomm_rls *rls = (void *) skb->data;
1504 u8 dlci = __get_dlci(rls->dlci);
1505
1506 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1507
1508 if (!cr)
1509 return 0;
1510
1511 /* We should probably do something with this information here. But
1512 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1513 * mandatory to recognise and respond to RLS */
1514
1515 rfcomm_send_rls(s, 0, dlci, rls->status);
1516
1517 return 0;
1518 }
1519
1520 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1521 {
1522 struct rfcomm_msc *msc = (void *) skb->data;
1523 struct rfcomm_dlc *d;
1524 u8 dlci = __get_dlci(msc->dlci);
1525
1526 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1527
1528 d = rfcomm_dlc_get(s, dlci);
1529 if (!d)
1530 return 0;
1531
1532 if (cr) {
1533 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1534 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1535 else
1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1537
1538 rfcomm_dlc_lock(d);
1539
1540 d->remote_v24_sig = msc->v24_sig;
1541
1542 if (d->modem_status)
1543 d->modem_status(d, msc->v24_sig);
1544
1545 rfcomm_dlc_unlock(d);
1546
1547 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1548
1549 d->mscex |= RFCOMM_MSCEX_RX;
1550 } else
1551 d->mscex |= RFCOMM_MSCEX_TX;
1552
1553 return 0;
1554 }
1555
1556 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1557 {
1558 struct rfcomm_mcc *mcc = (void *) skb->data;
1559 u8 type, cr, len;
1560
1561 cr = __test_cr(mcc->type);
1562 type = __get_mcc_type(mcc->type);
1563 len = __get_mcc_len(mcc->len);
1564
1565 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1566
1567 skb_pull(skb, 2);
1568
1569 switch (type) {
1570 case RFCOMM_PN:
1571 rfcomm_recv_pn(s, cr, skb);
1572 break;
1573
1574 case RFCOMM_RPN:
1575 rfcomm_recv_rpn(s, cr, len, skb);
1576 break;
1577
1578 case RFCOMM_RLS:
1579 rfcomm_recv_rls(s, cr, skb);
1580 break;
1581
1582 case RFCOMM_MSC:
1583 rfcomm_recv_msc(s, cr, skb);
1584 break;
1585
1586 case RFCOMM_FCOFF:
1587 if (cr) {
1588 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1589 rfcomm_send_fcoff(s, 0);
1590 }
1591 break;
1592
1593 case RFCOMM_FCON:
1594 if (cr) {
1595 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1596 rfcomm_send_fcon(s, 0);
1597 }
1598 break;
1599
1600 case RFCOMM_TEST:
1601 if (cr)
1602 rfcomm_send_test(s, 0, skb->data, skb->len);
1603 break;
1604
1605 case RFCOMM_NSC:
1606 break;
1607
1608 default:
1609 BT_ERR("Unknown control type 0x%02x", type);
1610 rfcomm_send_nsc(s, cr, type);
1611 break;
1612 }
1613 return 0;
1614 }
1615
1616 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1617 {
1618 struct rfcomm_dlc *d;
1619
1620 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1621
1622 d = rfcomm_dlc_get(s, dlci);
1623 if (!d) {
1624 rfcomm_send_dm(s, dlci);
1625 goto drop;
1626 }
1627
1628 if (pf && d->cfc) {
1629 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1630
1631 d->tx_credits += credits;
1632 if (d->tx_credits)
1633 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1634 }
1635
1636 if (skb->len && d->state == BT_CONNECTED) {
1637 rfcomm_dlc_lock(d);
1638 d->rx_credits--;
1639 d->data_ready(d, skb);
1640 rfcomm_dlc_unlock(d);
1641 return 0;
1642 }
1643
1644 drop:
1645 kfree_skb(skb);
1646 return 0;
1647 }
1648
1649 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1650 struct sk_buff *skb)
1651 {
1652 struct rfcomm_hdr *hdr = (void *) skb->data;
1653 u8 type, dlci, fcs;
1654
1655 if (!s) {
1656 /* no session, so free socket data */
1657 kfree_skb(skb);
1658 return s;
1659 }
1660
1661 dlci = __get_dlci(hdr->addr);
1662 type = __get_type(hdr->ctrl);
1663
1664 /* Trim FCS */
1665 skb->len--; skb->tail--;
1666 fcs = *(u8 *)skb_tail_pointer(skb);
1667
1668 if (__check_fcs(skb->data, type, fcs)) {
1669 BT_ERR("bad checksum in packet");
1670 kfree_skb(skb);
1671 return s;
1672 }
1673
1674 if (__test_ea(hdr->len))
1675 skb_pull(skb, 3);
1676 else
1677 skb_pull(skb, 4);
1678
1679 switch (type) {
1680 case RFCOMM_SABM:
1681 if (__test_pf(hdr->ctrl))
1682 rfcomm_recv_sabm(s, dlci);
1683 break;
1684
1685 case RFCOMM_DISC:
1686 if (__test_pf(hdr->ctrl))
1687 s = rfcomm_recv_disc(s, dlci);
1688 break;
1689
1690 case RFCOMM_UA:
1691 if (__test_pf(hdr->ctrl))
1692 s = rfcomm_recv_ua(s, dlci);
1693 break;
1694
1695 case RFCOMM_DM:
1696 s = rfcomm_recv_dm(s, dlci);
1697 break;
1698
1699 case RFCOMM_UIH:
1700 if (dlci) {
1701 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1702 return s;
1703 }
1704 rfcomm_recv_mcc(s, skb);
1705 break;
1706
1707 default:
1708 BT_ERR("Unknown packet type 0x%02x", type);
1709 break;
1710 }
1711 kfree_skb(skb);
1712 return s;
1713 }
1714
1715 /* ---- Connection and data processing ---- */
1716
1717 static void rfcomm_process_connect(struct rfcomm_session *s)
1718 {
1719 struct rfcomm_dlc *d;
1720 struct list_head *p, *n;
1721
1722 BT_DBG("session %p state %ld", s, s->state);
1723
1724 list_for_each_safe(p, n, &s->dlcs) {
1725 d = list_entry(p, struct rfcomm_dlc, list);
1726 if (d->state == BT_CONFIG) {
1727 d->mtu = s->mtu;
1728 if (rfcomm_check_security(d)) {
1729 rfcomm_send_pn(s, 1, d);
1730 } else {
1731 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1732 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1733 }
1734 }
1735 }
1736 }
1737
1738 /* Send data queued for the DLC.
1739 * Return number of frames left in the queue.
1740 */
1741 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1742 {
1743 struct sk_buff *skb;
1744 int err;
1745
1746 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1747 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1748
1749 /* Send pending MSC */
1750 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1751 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1752
1753 if (d->cfc) {
1754 /* CFC enabled.
1755 * Give them some credits */
1756 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1757 d->rx_credits <= (d->cfc >> 2)) {
1758 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1759 d->rx_credits = d->cfc;
1760 }
1761 } else {
1762 /* CFC disabled.
1763 * Give ourselves some credits */
1764 d->tx_credits = 5;
1765 }
1766
1767 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1768 return skb_queue_len(&d->tx_queue);
1769
1770 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1771 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1772 if (err < 0) {
1773 skb_queue_head(&d->tx_queue, skb);
1774 break;
1775 }
1776 kfree_skb(skb);
1777 d->tx_credits--;
1778 }
1779
1780 if (d->cfc && !d->tx_credits) {
1781 /* We're out of TX credits.
1782 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1783 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1784 }
1785
1786 return skb_queue_len(&d->tx_queue);
1787 }
1788
1789 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1790 {
1791 struct rfcomm_dlc *d;
1792 struct list_head *p, *n;
1793
1794 BT_DBG("session %p state %ld", s, s->state);
1795
1796 list_for_each_safe(p, n, &s->dlcs) {
1797 d = list_entry(p, struct rfcomm_dlc, list);
1798
1799 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1800 __rfcomm_dlc_close(d, ETIMEDOUT);
1801 continue;
1802 }
1803
1804 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1805 __rfcomm_dlc_close(d, ECONNREFUSED);
1806 continue;
1807 }
1808
1809 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1810 rfcomm_dlc_clear_timer(d);
1811 if (d->out) {
1812 rfcomm_send_pn(s, 1, d);
1813 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1814 } else {
1815 if (d->defer_setup) {
1816 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1817 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1818
1819 rfcomm_dlc_lock(d);
1820 d->state = BT_CONNECT2;
1821 d->state_change(d, 0);
1822 rfcomm_dlc_unlock(d);
1823 } else
1824 rfcomm_dlc_accept(d);
1825 }
1826 continue;
1827 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1828 rfcomm_dlc_clear_timer(d);
1829 if (!d->out)
1830 rfcomm_send_dm(s, d->dlci);
1831 else
1832 d->state = BT_CLOSED;
1833 __rfcomm_dlc_close(d, ECONNREFUSED);
1834 continue;
1835 }
1836
1837 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1838 continue;
1839
1840 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1841 continue;
1842
1843 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1844 d->mscex == RFCOMM_MSCEX_OK)
1845 rfcomm_process_tx(d);
1846 }
1847 }
1848
1849 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1850 {
1851 struct socket *sock = s->sock;
1852 struct sock *sk = sock->sk;
1853 struct sk_buff *skb;
1854
1855 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1856
1857 /* Get data directly from socket receive queue without copying it. */
1858 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1859 skb_orphan(skb);
1860 if (!skb_linearize(skb))
1861 s = rfcomm_recv_frame(s, skb);
1862 else
1863 kfree_skb(skb);
1864 }
1865
1866 if (s && (sk->sk_state == BT_CLOSED))
1867 s = rfcomm_session_close(s, sk->sk_err);
1868
1869 return s;
1870 }
1871
1872 static void rfcomm_accept_connection(struct rfcomm_session *s)
1873 {
1874 struct socket *sock = s->sock, *nsock;
1875 int err;
1876
1877 /* Fast check for a new connection.
1878 * Avoids unnesesary socket allocations. */
1879 if (list_empty(&bt_sk(sock->sk)->accept_q))
1880 return;
1881
1882 BT_DBG("session %p", s);
1883
1884 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1885 if (err < 0)
1886 return;
1887
1888 /* Set our callbacks */
1889 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1890 nsock->sk->sk_state_change = rfcomm_l2state_change;
1891
1892 s = rfcomm_session_add(nsock, BT_OPEN);
1893 if (s) {
1894 /* We should adjust MTU on incoming sessions.
1895 * L2CAP MTU minus UIH header and FCS. */
1896 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1897 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1898
1899 rfcomm_schedule();
1900 } else
1901 sock_release(nsock);
1902 }
1903
1904 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1905 {
1906 struct sock *sk = s->sock->sk;
1907
1908 BT_DBG("%p state %ld", s, s->state);
1909
1910 switch (sk->sk_state) {
1911 case BT_CONNECTED:
1912 s->state = BT_CONNECT;
1913
1914 /* We can adjust MTU on outgoing sessions.
1915 * L2CAP MTU minus UIH header and FCS. */
1916 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1917
1918 rfcomm_send_sabm(s, 0);
1919 break;
1920
1921 case BT_CLOSED:
1922 s = rfcomm_session_close(s, sk->sk_err);
1923 break;
1924 }
1925 return s;
1926 }
1927
1928 static void rfcomm_process_sessions(void)
1929 {
1930 struct list_head *p, *n;
1931
1932 rfcomm_lock();
1933
1934 list_for_each_safe(p, n, &session_list) {
1935 struct rfcomm_session *s;
1936 s = list_entry(p, struct rfcomm_session, list);
1937
1938 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1939 s->state = BT_DISCONN;
1940 rfcomm_send_disc(s, 0);
1941 continue;
1942 }
1943
1944 if (s->state == BT_LISTEN) {
1945 rfcomm_accept_connection(s);
1946 continue;
1947 }
1948
1949 switch (s->state) {
1950 case BT_BOUND:
1951 s = rfcomm_check_connection(s);
1952 break;
1953
1954 default:
1955 s = rfcomm_process_rx(s);
1956 break;
1957 }
1958
1959 if (s)
1960 rfcomm_process_dlcs(s);
1961 }
1962
1963 rfcomm_unlock();
1964 }
1965
1966 static int rfcomm_add_listener(bdaddr_t *ba)
1967 {
1968 struct sockaddr_l2 addr;
1969 struct socket *sock;
1970 struct sock *sk;
1971 struct rfcomm_session *s;
1972 int err = 0;
1973
1974 /* Create socket */
1975 err = rfcomm_l2sock_create(&sock);
1976 if (err < 0) {
1977 BT_ERR("Create socket failed %d", err);
1978 return err;
1979 }
1980
1981 /* Bind socket */
1982 bacpy(&addr.l2_bdaddr, ba);
1983 addr.l2_family = AF_BLUETOOTH;
1984 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1985 addr.l2_cid = 0;
1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1987 if (err < 0) {
1988 BT_ERR("Bind failed %d", err);
1989 goto failed;
1990 }
1991
1992 /* Set L2CAP options */
1993 sk = sock->sk;
1994 lock_sock(sk);
1995 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1996 release_sock(sk);
1997
1998 /* Start listening on the socket */
1999 err = kernel_listen(sock, 10);
2000 if (err) {
2001 BT_ERR("Listen failed %d", err);
2002 goto failed;
2003 }
2004
2005 /* Add listening session */
2006 s = rfcomm_session_add(sock, BT_LISTEN);
2007 if (!s) {
2008 err = -ENOMEM;
2009 goto failed;
2010 }
2011
2012 return 0;
2013 failed:
2014 sock_release(sock);
2015 return err;
2016 }
2017
2018 static void rfcomm_kill_listener(void)
2019 {
2020 struct rfcomm_session *s;
2021 struct list_head *p, *n;
2022
2023 BT_DBG("");
2024
2025 list_for_each_safe(p, n, &session_list) {
2026 s = list_entry(p, struct rfcomm_session, list);
2027 rfcomm_session_del(s);
2028 }
2029 }
2030
2031 static int rfcomm_run(void *unused)
2032 {
2033 BT_DBG("");
2034
2035 set_user_nice(current, -10);
2036
2037 rfcomm_add_listener(BDADDR_ANY);
2038
2039 while (1) {
2040 set_current_state(TASK_INTERRUPTIBLE);
2041
2042 if (kthread_should_stop())
2043 break;
2044
2045 /* Process stuff */
2046 rfcomm_process_sessions();
2047
2048 schedule();
2049 }
2050 __set_current_state(TASK_RUNNING);
2051
2052 rfcomm_kill_listener();
2053
2054 return 0;
2055 }
2056
2057 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2058 {
2059 struct rfcomm_session *s;
2060 struct rfcomm_dlc *d;
2061 struct list_head *p, *n;
2062
2063 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2064
2065 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2066 if (!s)
2067 return;
2068
2069 list_for_each_safe(p, n, &s->dlcs) {
2070 d = list_entry(p, struct rfcomm_dlc, list);
2071
2072 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2073 rfcomm_dlc_clear_timer(d);
2074 if (status || encrypt == 0x00) {
2075 set_bit(RFCOMM_ENC_DROP, &d->flags);
2076 continue;
2077 }
2078 }
2079
2080 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2081 if (d->sec_level == BT_SECURITY_MEDIUM) {
2082 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2083 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2084 continue;
2085 } else if (d->sec_level == BT_SECURITY_HIGH) {
2086 set_bit(RFCOMM_ENC_DROP, &d->flags);
2087 continue;
2088 }
2089 }
2090
2091 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2092 continue;
2093
2094 if (!status && hci_conn_check_secure(conn, d->sec_level))
2095 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2096 else
2097 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2098 }
2099
2100 rfcomm_schedule();
2101 }
2102
2103 static struct hci_cb rfcomm_cb = {
2104 .name = "RFCOMM",
2105 .security_cfm = rfcomm_security_cfm
2106 };
2107
2108 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2109 {
2110 struct rfcomm_session *s;
2111
2112 rfcomm_lock();
2113
2114 list_for_each_entry(s, &session_list, list) {
2115 struct rfcomm_dlc *d;
2116 list_for_each_entry(d, &s->dlcs, list) {
2117 struct sock *sk = s->sock->sk;
2118
2119 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2120 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2121 d->state, d->dlci, d->mtu,
2122 d->rx_credits, d->tx_credits);
2123 }
2124 }
2125
2126 rfcomm_unlock();
2127
2128 return 0;
2129 }
2130
2131 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2132 {
2133 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2134 }
2135
2136 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2137 .open = rfcomm_dlc_debugfs_open,
2138 .read = seq_read,
2139 .llseek = seq_lseek,
2140 .release = single_release,
2141 };
2142
2143 static struct dentry *rfcomm_dlc_debugfs;
2144
2145 /* ---- Initialization ---- */
2146 static int __init rfcomm_init(void)
2147 {
2148 int err;
2149
2150 hci_register_cb(&rfcomm_cb);
2151
2152 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2153 if (IS_ERR(rfcomm_thread)) {
2154 err = PTR_ERR(rfcomm_thread);
2155 goto unregister;
2156 }
2157
2158 if (bt_debugfs) {
2159 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2160 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2161 if (!rfcomm_dlc_debugfs)
2162 BT_ERR("Failed to create RFCOMM debug file");
2163 }
2164
2165 err = rfcomm_init_ttys();
2166 if (err < 0)
2167 goto stop;
2168
2169 err = rfcomm_init_sockets();
2170 if (err < 0)
2171 goto cleanup;
2172
2173 BT_INFO("RFCOMM ver %s", VERSION);
2174
2175 return 0;
2176
2177 cleanup:
2178 rfcomm_cleanup_ttys();
2179
2180 stop:
2181 kthread_stop(rfcomm_thread);
2182
2183 unregister:
2184 hci_unregister_cb(&rfcomm_cb);
2185
2186 return err;
2187 }
2188
2189 static void __exit rfcomm_exit(void)
2190 {
2191 debugfs_remove(rfcomm_dlc_debugfs);
2192
2193 hci_unregister_cb(&rfcomm_cb);
2194
2195 kthread_stop(rfcomm_thread);
2196
2197 rfcomm_cleanup_ttys();
2198
2199 rfcomm_cleanup_sockets();
2200 }
2201
2202 module_init(rfcomm_init);
2203 module_exit(rfcomm_exit);
2204
2205 module_param(disable_cfc, bool, 0644);
2206 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2207
2208 module_param(channel_mtu, int, 0644);
2209 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2210
2211 module_param(l2cap_mtu, uint, 0644);
2212 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2213
2214 module_param(l2cap_ertm, bool, 0644);
2215 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2216
2217 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2218 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2219 MODULE_VERSION(VERSION);
2220 MODULE_LICENSE("GPL");
2221 MODULE_ALIAS("bt-proto-3");
Linus' kernel tree