search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
eCryptfs: Prevent lower dentry from going negative during unlink
[linux/fpc-iii.git] / net / bluetooth / rfcomm / core.c
blob25692bc0a3423bb78058a9bde2b8e2479eee5b3e
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
39
40 #include <net/sock.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
48
49 #define VERSION "1.11"
50
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54
55 static struct task_struct *rfcomm_thread;
56
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
60
61 static unsigned long rfcomm_event;
62
63 static LIST_HEAD(session_list);
64
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
75
76 static void rfcomm_process_connect(struct rfcomm_session *s);
77
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
81
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
87
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
91
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
97
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
100
101 /* MCC macros */
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
105
106 /* RPN macros */
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
111
112 static inline void rfcomm_schedule(uint event)
113 {
114 if (!rfcomm_thread)
115 return;
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
119 }
120
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
122 {
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
125 }
126
127 /* ---- RFCOMM FCS computation ---- */
128
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
135
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
140
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
145
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
150
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
155
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
160
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
165
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
170 };
171
172 /* CRC on 2 bytes */
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
174
175 /* FCS on 2 bytes */
176 static inline u8 __fcs(u8 *data)
177 {
178 return (0xff - __crc(data));
179 }
180
181 /* FCS on 3 bytes */
182 static inline u8 __fcs2(u8 *data)
183 {
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
185 }
186
187 /* Check FCS */
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
189 {
190 u8 f = __crc(data);
191
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
194
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
196 }
197
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
200 {
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
203 }
204
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
206 {
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
209 }
210
211 static int rfcomm_l2sock_create(struct socket **sock)
212 {
213 int err;
214
215 BT_DBG("");
216
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
218 if (!err) {
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
222 }
223 return err;
224 }
225
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
227 {
228 struct sock *sk = d->session->sock->sk;
229 __u8 auth_type;
230
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
234 break;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
237 break;
238 default:
239 auth_type = HCI_AT_NO_BONDING;
240 break;
241 }
242
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
244 auth_type);
245 }
246
247 static void rfcomm_session_timeout(unsigned long arg)
248 {
249 struct rfcomm_session *s = (void *) arg;
250
251 BT_DBG("session %p state %ld", s, s->state);
252
253 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_session_put(s);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
256 }
257
258 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
259 {
260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
261
262 if (!mod_timer(&s->timer, jiffies + timeout))
263 rfcomm_session_hold(s);
264 }
265
266 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
267 {
268 BT_DBG("session %p state %ld", s, s->state);
269
270 if (timer_pending(&s->timer) && del_timer(&s->timer))
271 rfcomm_session_put(s);
272 }
273
274 /* ---- RFCOMM DLCs ---- */
275 static void rfcomm_dlc_timeout(unsigned long arg)
276 {
277 struct rfcomm_dlc *d = (void *) arg;
278
279 BT_DBG("dlc %p state %ld", d, d->state);
280
281 set_bit(RFCOMM_TIMED_OUT, &d->flags);
282 rfcomm_dlc_put(d);
283 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
284 }
285
286 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
287 {
288 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
289
290 if (!mod_timer(&d->timer, jiffies + timeout))
291 rfcomm_dlc_hold(d);
292 }
293
294 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
295 {
296 BT_DBG("dlc %p state %ld", d, d->state);
297
298 if (timer_pending(&d->timer) && del_timer(&d->timer))
299 rfcomm_dlc_put(d);
300 }
301
302 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
303 {
304 BT_DBG("%p", d);
305
306 d->state = BT_OPEN;
307 d->flags = 0;
308 d->mscex = 0;
309 d->mtu = RFCOMM_DEFAULT_MTU;
310 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
311
312 d->cfc = RFCOMM_CFC_DISABLED;
313 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
314 }
315
316 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
317 {
318 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
319
320 if (!d)
321 return NULL;
322
323 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
324
325 skb_queue_head_init(&d->tx_queue);
326 spin_lock_init(&d->lock);
327 atomic_set(&d->refcnt, 1);
328
329 rfcomm_dlc_clear_state(d);
330
331 BT_DBG("%p", d);
332
333 return d;
334 }
335
336 void rfcomm_dlc_free(struct rfcomm_dlc *d)
337 {
338 BT_DBG("%p", d);
339
340 skb_queue_purge(&d->tx_queue);
341 kfree(d);
342 }
343
344 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
345 {
346 BT_DBG("dlc %p session %p", d, s);
347
348 rfcomm_session_hold(s);
349
350 rfcomm_session_clear_timer(s);
351 rfcomm_dlc_hold(d);
352 list_add(&d->list, &s->dlcs);
353 d->session = s;
354 }
355
356 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
357 {
358 struct rfcomm_session *s = d->session;
359
360 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
361
362 list_del(&d->list);
363 d->session = NULL;
364 rfcomm_dlc_put(d);
365
366 if (list_empty(&s->dlcs))
367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
368
369 rfcomm_session_put(s);
370 }
371
372 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
373 {
374 struct rfcomm_dlc *d;
375 struct list_head *p;
376
377 list_for_each(p, &s->dlcs) {
378 d = list_entry(p, struct rfcomm_dlc, list);
379 if (d->dlci == dlci)
380 return d;
381 }
382 return NULL;
383 }
384
385 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
386 {
387 struct rfcomm_session *s;
388 int err = 0;
389 u8 dlci;
390
391 BT_DBG("dlc %p state %ld %s %s channel %d",
392 d, d->state, batostr(src), batostr(dst), channel);
393
394 if (channel < 1 || channel > 30)
395 return -EINVAL;
396
397 if (d->state != BT_OPEN && d->state != BT_CLOSED)
398 return 0;
399
400 s = rfcomm_session_get(src, dst);
401 if (!s) {
402 s = rfcomm_session_create(src, dst, &err);
403 if (!s)
404 return err;
405 }
406
407 dlci = __dlci(!s->initiator, channel);
408
409 /* Check if DLCI already exists */
410 if (rfcomm_dlc_get(s, dlci))
411 return -EBUSY;
412
413 rfcomm_dlc_clear_state(d);
414
415 d->dlci = dlci;
416 d->addr = __addr(s->initiator, dlci);
417 d->priority = 7;
418
419 d->state = BT_CONFIG;
420 rfcomm_dlc_link(s, d);
421
422 d->out = 1;
423
424 d->mtu = s->mtu;
425 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
426
427 if (s->state == BT_CONNECTED) {
428 if (rfcomm_check_security(d))
429 rfcomm_send_pn(s, 1, d);
430 else
431 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
432 }
433
434 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
435
436 return 0;
437 }
438
439 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
440 {
441 int r;
442
443 rfcomm_lock();
444
445 r = __rfcomm_dlc_open(d, src, dst, channel);
446
447 rfcomm_unlock();
448 return r;
449 }
450
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
452 {
453 struct rfcomm_session *s = d->session;
454 if (!s)
455 return 0;
456
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
459
460 switch (d->state) {
461 case BT_CONNECT:
462 case BT_CONFIG:
463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
464 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
465 rfcomm_schedule(RFCOMM_SCHED_AUTH);
466 break;
467 }
468 /* Fall through */
469
470 case BT_CONNECTED:
471 d->state = BT_DISCONN;
472 if (skb_queue_empty(&d->tx_queue)) {
473 rfcomm_send_disc(s, d->dlci);
474 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
475 } else {
476 rfcomm_queue_disc(d);
477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
478 }
479 break;
480
481 case BT_OPEN:
482 case BT_CONNECT2:
483 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
484 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
485 rfcomm_schedule(RFCOMM_SCHED_AUTH);
486 break;
487 }
488 /* Fall through */
489
490 default:
491 rfcomm_dlc_clear_timer(d);
492
493 rfcomm_dlc_lock(d);
494 d->state = BT_CLOSED;
495 d->state_change(d, err);
496 rfcomm_dlc_unlock(d);
497
498 skb_queue_purge(&d->tx_queue);
499 rfcomm_dlc_unlink(d);
500 }
501
502 return 0;
503 }
504
505 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
506 {
507 int r;
508
509 rfcomm_lock();
510
511 r = __rfcomm_dlc_close(d, err);
512
513 rfcomm_unlock();
514 return r;
515 }
516
517 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
518 {
519 int len = skb->len;
520
521 if (d->state != BT_CONNECTED)
522 return -ENOTCONN;
523
524 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
525
526 if (len > d->mtu)
527 return -EINVAL;
528
529 rfcomm_make_uih(skb, d->addr);
530 skb_queue_tail(&d->tx_queue, skb);
531
532 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
533 rfcomm_schedule(RFCOMM_SCHED_TX);
534 return len;
535 }
536
537 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
538 {
539 BT_DBG("dlc %p state %ld", d, d->state);
540
541 if (!d->cfc) {
542 d->v24_sig |= RFCOMM_V24_FC;
543 set_bit(RFCOMM_MSC_PENDING, &d->flags);
544 }
545 rfcomm_schedule(RFCOMM_SCHED_TX);
546 }
547
548 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
549 {
550 BT_DBG("dlc %p state %ld", d, d->state);
551
552 if (!d->cfc) {
553 d->v24_sig &= ~RFCOMM_V24_FC;
554 set_bit(RFCOMM_MSC_PENDING, &d->flags);
555 }
556 rfcomm_schedule(RFCOMM_SCHED_TX);
557 }
558
559 /*
560 Set/get modem status functions use _local_ status i.e. what we report
561 to the other side.
562 Remote status is provided by dlc->modem_status() callback.
563 */
564 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
565 {
566 BT_DBG("dlc %p state %ld v24_sig 0x%x",
567 d, d->state, v24_sig);
568
569 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
570 v24_sig |= RFCOMM_V24_FC;
571 else
572 v24_sig &= ~RFCOMM_V24_FC;
573
574 d->v24_sig = v24_sig;
575
576 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
577 rfcomm_schedule(RFCOMM_SCHED_TX);
578
579 return 0;
580 }
581
582 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
583 {
584 BT_DBG("dlc %p state %ld v24_sig 0x%x",
585 d, d->state, d->v24_sig);
586
587 *v24_sig = d->v24_sig;
588 return 0;
589 }
590
591 /* ---- RFCOMM sessions ---- */
592 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
593 {
594 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
595
596 if (!s)
597 return NULL;
598
599 BT_DBG("session %p sock %p", s, sock);
600
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602
603 INIT_LIST_HEAD(&s->dlcs);
604 s->state = state;
605 s->sock = sock;
606
607 s->mtu = RFCOMM_DEFAULT_MTU;
608 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
609
610 /* Do not increment module usage count for listening sessions.
611 * Otherwise we won't be able to unload the module. */
612 if (state != BT_LISTEN)
613 if (!try_module_get(THIS_MODULE)) {
614 kfree(s);
615 return NULL;
616 }
617
618 list_add(&s->list, &session_list);
619
620 return s;
621 }
622
623 static void rfcomm_session_del(struct rfcomm_session *s)
624 {
625 int state = s->state;
626
627 BT_DBG("session %p state %ld", s, s->state);
628
629 list_del(&s->list);
630
631 if (state == BT_CONNECTED)
632 rfcomm_send_disc(s, 0);
633
634 rfcomm_session_clear_timer(s);
635 sock_release(s->sock);
636 kfree(s);
637
638 if (state != BT_LISTEN)
639 module_put(THIS_MODULE);
640 }
641
642 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
643 {
644 struct rfcomm_session *s;
645 struct list_head *p, *n;
646 struct bt_sock *sk;
647 list_for_each_safe(p, n, &session_list) {
648 s = list_entry(p, struct rfcomm_session, list);
649 sk = bt_sk(s->sock->sk);
650
651 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
652 !bacmp(&sk->dst, dst))
653 return s;
654 }
655 return NULL;
656 }
657
658 static void rfcomm_session_close(struct rfcomm_session *s, int err)
659 {
660 struct rfcomm_dlc *d;
661 struct list_head *p, *n;
662
663 BT_DBG("session %p state %ld err %d", s, s->state, err);
664
665 rfcomm_session_hold(s);
666
667 s->state = BT_CLOSED;
668
669 /* Close all dlcs */
670 list_for_each_safe(p, n, &s->dlcs) {
671 d = list_entry(p, struct rfcomm_dlc, list);
672 d->state = BT_CLOSED;
673 __rfcomm_dlc_close(d, err);
674 }
675
676 rfcomm_session_clear_timer(s);
677 rfcomm_session_put(s);
678 }
679
680 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
681 {
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
684 struct socket *sock;
685 struct sock *sk;
686
687 BT_DBG("%s %s", batostr(src), batostr(dst));
688
689 *err = rfcomm_l2sock_create(&sock);
690 if (*err < 0)
691 return NULL;
692
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0;
696 addr.l2_cid = 0;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698 if (*err < 0)
699 goto failed;
700
701 /* Set L2CAP options */
702 sk = sock->sk;
703 lock_sock(sk);
704 l2cap_pi(sk)->imtu = l2cap_mtu;
705 release_sock(sk);
706
707 s = rfcomm_session_add(sock, BT_BOUND);
708 if (!s) {
709 *err = -ENOMEM;
710 goto failed;
711 }
712
713 s->initiator = 1;
714
715 bacpy(&addr.l2_bdaddr, dst);
716 addr.l2_family = AF_BLUETOOTH;
717 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
718 addr.l2_cid = 0;
719 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
720 if (*err == 0 || *err == -EINPROGRESS)
721 return s;
722
723 rfcomm_session_del(s);
724 return NULL;
725
726 failed:
727 sock_release(sock);
728 return NULL;
729 }
730
731 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
732 {
733 struct sock *sk = s->sock->sk;
734 if (src)
735 bacpy(src, &bt_sk(sk)->src);
736 if (dst)
737 bacpy(dst, &bt_sk(sk)->dst);
738 }
739
740 /* ---- RFCOMM frame sending ---- */
741 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
742 {
743 struct socket *sock = s->sock;
744 struct kvec iv = { data, len };
745 struct msghdr msg;
746
747 BT_DBG("session %p len %d", s, len);
748
749 memset(&msg, 0, sizeof(msg));
750
751 return kernel_sendmsg(sock, &msg, &iv, 1, len);
752 }
753
754 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
755 {
756 struct rfcomm_cmd cmd;
757
758 BT_DBG("%p dlci %d", s, dlci);
759
760 cmd.addr = __addr(s->initiator, dlci);
761 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
762 cmd.len = __len8(0);
763 cmd.fcs = __fcs2((u8 *) &cmd);
764
765 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
766 }
767
768 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
769 {
770 struct rfcomm_cmd cmd;
771
772 BT_DBG("%p dlci %d", s, dlci);
773
774 cmd.addr = __addr(!s->initiator, dlci);
775 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
776 cmd.len = __len8(0);
777 cmd.fcs = __fcs2((u8 *) &cmd);
778
779 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
780 }
781
782 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
783 {
784 struct rfcomm_cmd cmd;
785
786 BT_DBG("%p dlci %d", s, dlci);
787
788 cmd.addr = __addr(s->initiator, dlci);
789 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
790 cmd.len = __len8(0);
791 cmd.fcs = __fcs2((u8 *) &cmd);
792
793 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
794 }
795
796 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
797 {
798 struct rfcomm_cmd *cmd;
799 struct sk_buff *skb;
800
801 BT_DBG("dlc %p dlci %d", d, d->dlci);
802
803 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
804 if (!skb)
805 return -ENOMEM;
806
807 cmd = (void *) __skb_put(skb, sizeof(*cmd));
808 cmd->addr = d->addr;
809 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
810 cmd->len = __len8(0);
811 cmd->fcs = __fcs2((u8 *) cmd);
812
813 skb_queue_tail(&d->tx_queue, skb);
814 rfcomm_schedule(RFCOMM_SCHED_TX);
815 return 0;
816 }
817
818 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
819 {
820 struct rfcomm_cmd cmd;
821
822 BT_DBG("%p dlci %d", s, dlci);
823
824 cmd.addr = __addr(!s->initiator, dlci);
825 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
826 cmd.len = __len8(0);
827 cmd.fcs = __fcs2((u8 *) &cmd);
828
829 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
830 }
831
832 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
833 {
834 struct rfcomm_hdr *hdr;
835 struct rfcomm_mcc *mcc;
836 u8 buf[16], *ptr = buf;
837
838 BT_DBG("%p cr %d type %d", s, cr, type);
839
840 hdr = (void *) ptr; ptr += sizeof(*hdr);
841 hdr->addr = __addr(s->initiator, 0);
842 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
843 hdr->len = __len8(sizeof(*mcc) + 1);
844
845 mcc = (void *) ptr; ptr += sizeof(*mcc);
846 mcc->type = __mcc_type(cr, RFCOMM_NSC);
847 mcc->len = __len8(1);
848
849 /* Type that we didn't like */
850 *ptr = __mcc_type(cr, type); ptr++;
851
852 *ptr = __fcs(buf); ptr++;
853
854 return rfcomm_send_frame(s, buf, ptr - buf);
855 }
856
857 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
858 {
859 struct rfcomm_hdr *hdr;
860 struct rfcomm_mcc *mcc;
861 struct rfcomm_pn *pn;
862 u8 buf[16], *ptr = buf;
863
864 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
865
866 hdr = (void *) ptr; ptr += sizeof(*hdr);
867 hdr->addr = __addr(s->initiator, 0);
868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
870
871 mcc = (void *) ptr; ptr += sizeof(*mcc);
872 mcc->type = __mcc_type(cr, RFCOMM_PN);
873 mcc->len = __len8(sizeof(*pn));
874
875 pn = (void *) ptr; ptr += sizeof(*pn);
876 pn->dlci = d->dlci;
877 pn->priority = d->priority;
878 pn->ack_timer = 0;
879 pn->max_retrans = 0;
880
881 if (s->cfc) {
882 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
883 pn->credits = RFCOMM_DEFAULT_CREDITS;
884 } else {
885 pn->flow_ctrl = 0;
886 pn->credits = 0;
887 }
888
889 if (cr && channel_mtu >= 0)
890 pn->mtu = cpu_to_le16(channel_mtu);
891 else
892 pn->mtu = cpu_to_le16(d->mtu);
893
894 *ptr = __fcs(buf); ptr++;
895
896 return rfcomm_send_frame(s, buf, ptr - buf);
897 }
898
899 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
900 u8 bit_rate, u8 data_bits, u8 stop_bits,
901 u8 parity, u8 flow_ctrl_settings,
902 u8 xon_char, u8 xoff_char, u16 param_mask)
903 {
904 struct rfcomm_hdr *hdr;
905 struct rfcomm_mcc *mcc;
906 struct rfcomm_rpn *rpn;
907 u8 buf[16], *ptr = buf;
908
909 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
910 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
911 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
912 flow_ctrl_settings, xon_char, xoff_char, param_mask);
913
914 hdr = (void *) ptr; ptr += sizeof(*hdr);
915 hdr->addr = __addr(s->initiator, 0);
916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
917 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
918
919 mcc = (void *) ptr; ptr += sizeof(*mcc);
920 mcc->type = __mcc_type(cr, RFCOMM_RPN);
921 mcc->len = __len8(sizeof(*rpn));
922
923 rpn = (void *) ptr; ptr += sizeof(*rpn);
924 rpn->dlci = __addr(1, dlci);
925 rpn->bit_rate = bit_rate;
926 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
927 rpn->flow_ctrl = flow_ctrl_settings;
928 rpn->xon_char = xon_char;
929 rpn->xoff_char = xoff_char;
930 rpn->param_mask = cpu_to_le16(param_mask);
931
932 *ptr = __fcs(buf); ptr++;
933
934 return rfcomm_send_frame(s, buf, ptr - buf);
935 }
936
937 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
938 {
939 struct rfcomm_hdr *hdr;
940 struct rfcomm_mcc *mcc;
941 struct rfcomm_rls *rls;
942 u8 buf[16], *ptr = buf;
943
944 BT_DBG("%p cr %d status 0x%x", s, cr, status);
945
946 hdr = (void *) ptr; ptr += sizeof(*hdr);
947 hdr->addr = __addr(s->initiator, 0);
948 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
949 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
950
951 mcc = (void *) ptr; ptr += sizeof(*mcc);
952 mcc->type = __mcc_type(cr, RFCOMM_RLS);
953 mcc->len = __len8(sizeof(*rls));
954
955 rls = (void *) ptr; ptr += sizeof(*rls);
956 rls->dlci = __addr(1, dlci);
957 rls->status = status;
958
959 *ptr = __fcs(buf); ptr++;
960
961 return rfcomm_send_frame(s, buf, ptr - buf);
962 }
963
964 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
965 {
966 struct rfcomm_hdr *hdr;
967 struct rfcomm_mcc *mcc;
968 struct rfcomm_msc *msc;
969 u8 buf[16], *ptr = buf;
970
971 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
972
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
977
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_MSC);
980 mcc->len = __len8(sizeof(*msc));
981
982 msc = (void *) ptr; ptr += sizeof(*msc);
983 msc->dlci = __addr(1, dlci);
984 msc->v24_sig = v24_sig | 0x01;
985
986 *ptr = __fcs(buf); ptr++;
987
988 return rfcomm_send_frame(s, buf, ptr - buf);
989 }
990
991 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
992 {
993 struct rfcomm_hdr *hdr;
994 struct rfcomm_mcc *mcc;
995 u8 buf[16], *ptr = buf;
996
997 BT_DBG("%p cr %d", s, cr);
998
999 hdr = (void *) ptr; ptr += sizeof(*hdr);
1000 hdr->addr = __addr(s->initiator, 0);
1001 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1002 hdr->len = __len8(sizeof(*mcc));
1003
1004 mcc = (void *) ptr; ptr += sizeof(*mcc);
1005 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1006 mcc->len = __len8(0);
1007
1008 *ptr = __fcs(buf); ptr++;
1009
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1011 }
1012
1013 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1014 {
1015 struct rfcomm_hdr *hdr;
1016 struct rfcomm_mcc *mcc;
1017 u8 buf[16], *ptr = buf;
1018
1019 BT_DBG("%p cr %d", s, cr);
1020
1021 hdr = (void *) ptr; ptr += sizeof(*hdr);
1022 hdr->addr = __addr(s->initiator, 0);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1024 hdr->len = __len8(sizeof(*mcc));
1025
1026 mcc = (void *) ptr; ptr += sizeof(*mcc);
1027 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1028 mcc->len = __len8(0);
1029
1030 *ptr = __fcs(buf); ptr++;
1031
1032 return rfcomm_send_frame(s, buf, ptr - buf);
1033 }
1034
1035 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1036 {
1037 struct socket *sock = s->sock;
1038 struct kvec iv[3];
1039 struct msghdr msg;
1040 unsigned char hdr[5], crc[1];
1041
1042 if (len > 125)
1043 return -EINVAL;
1044
1045 BT_DBG("%p cr %d", s, cr);
1046
1047 hdr[0] = __addr(s->initiator, 0);
1048 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1049 hdr[2] = 0x01 | ((len + 2) << 1);
1050 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1051 hdr[4] = 0x01 | (len << 1);
1052
1053 crc[0] = __fcs(hdr);
1054
1055 iv[0].iov_base = hdr;
1056 iv[0].iov_len = 5;
1057 iv[1].iov_base = pattern;
1058 iv[1].iov_len = len;
1059 iv[2].iov_base = crc;
1060 iv[2].iov_len = 1;
1061
1062 memset(&msg, 0, sizeof(msg));
1063
1064 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1065 }
1066
1067 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1068 {
1069 struct rfcomm_hdr *hdr;
1070 u8 buf[16], *ptr = buf;
1071
1072 BT_DBG("%p addr %d credits %d", s, addr, credits);
1073
1074 hdr = (void *) ptr; ptr += sizeof(*hdr);
1075 hdr->addr = addr;
1076 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1077 hdr->len = __len8(0);
1078
1079 *ptr = credits; ptr++;
1080
1081 *ptr = __fcs(buf); ptr++;
1082
1083 return rfcomm_send_frame(s, buf, ptr - buf);
1084 }
1085
1086 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1087 {
1088 struct rfcomm_hdr *hdr;
1089 int len = skb->len;
1090 u8 *crc;
1091
1092 if (len > 127) {
1093 hdr = (void *) skb_push(skb, 4);
1094 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1095 } else {
1096 hdr = (void *) skb_push(skb, 3);
1097 hdr->len = __len8(len);
1098 }
1099 hdr->addr = addr;
1100 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1101
1102 crc = skb_put(skb, 1);
1103 *crc = __fcs((void *) hdr);
1104 }
1105
1106 /* ---- RFCOMM frame reception ---- */
1107 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1108 {
1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1110
1111 if (dlci) {
1112 /* Data channel */
1113 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1114 if (!d) {
1115 rfcomm_send_dm(s, dlci);
1116 return 0;
1117 }
1118
1119 switch (d->state) {
1120 case BT_CONNECT:
1121 rfcomm_dlc_clear_timer(d);
1122
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1127
1128 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1129 break;
1130
1131 case BT_DISCONN:
1132 d->state = BT_CLOSED;
1133 __rfcomm_dlc_close(d, 0);
1134
1135 if (list_empty(&s->dlcs)) {
1136 s->state = BT_DISCONN;
1137 rfcomm_send_disc(s, 0);
1138 }
1139
1140 break;
1141 }
1142 } else {
1143 /* Control channel */
1144 switch (s->state) {
1145 case BT_CONNECT:
1146 s->state = BT_CONNECTED;
1147 rfcomm_process_connect(s);
1148 break;
1149
1150 case BT_DISCONN:
1151 rfcomm_session_put(s);
1152 break;
1153 }
1154 }
1155 return 0;
1156 }
1157
1158 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1159 {
1160 int err = 0;
1161
1162 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1163
1164 if (dlci) {
1165 /* Data DLC */
1166 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1167 if (d) {
1168 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1169 err = ECONNREFUSED;
1170 else
1171 err = ECONNRESET;
1172
1173 d->state = BT_CLOSED;
1174 __rfcomm_dlc_close(d, err);
1175 }
1176 } else {
1177 if (s->state == BT_CONNECT)
1178 err = ECONNREFUSED;
1179 else
1180 err = ECONNRESET;
1181
1182 s->state = BT_CLOSED;
1183 rfcomm_session_close(s, err);
1184 }
1185 return 0;
1186 }
1187
1188 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1189 {
1190 int err = 0;
1191
1192 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1193
1194 if (dlci) {
1195 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1196 if (d) {
1197 rfcomm_send_ua(s, dlci);
1198
1199 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1200 err = ECONNREFUSED;
1201 else
1202 err = ECONNRESET;
1203
1204 d->state = BT_CLOSED;
1205 __rfcomm_dlc_close(d, err);
1206 } else
1207 rfcomm_send_dm(s, dlci);
1208
1209 } else {
1210 rfcomm_send_ua(s, 0);
1211
1212 if (s->state == BT_CONNECT)
1213 err = ECONNREFUSED;
1214 else
1215 err = ECONNRESET;
1216
1217 s->state = BT_CLOSED;
1218 rfcomm_session_close(s, err);
1219 }
1220
1221 return 0;
1222 }
1223
1224 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1225 {
1226 struct sock *sk = d->session->sock->sk;
1227
1228 BT_DBG("dlc %p", d);
1229
1230 rfcomm_send_ua(d->session, d->dlci);
1231
1232 rfcomm_dlc_clear_timer(d);
1233
1234 rfcomm_dlc_lock(d);
1235 d->state = BT_CONNECTED;
1236 d->state_change(d, 0);
1237 rfcomm_dlc_unlock(d);
1238
1239 if (d->role_switch)
1240 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1241
1242 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1243 }
1244
1245 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1246 {
1247 if (rfcomm_check_security(d)) {
1248 if (d->defer_setup) {
1249 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1250 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1251
1252 rfcomm_dlc_lock(d);
1253 d->state = BT_CONNECT2;
1254 d->state_change(d, 0);
1255 rfcomm_dlc_unlock(d);
1256 } else
1257 rfcomm_dlc_accept(d);
1258 } else {
1259 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1260 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1261 }
1262 }
1263
1264 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1265 {
1266 struct rfcomm_dlc *d;
1267 u8 channel;
1268
1269 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1270
1271 if (!dlci) {
1272 rfcomm_send_ua(s, 0);
1273
1274 if (s->state == BT_OPEN) {
1275 s->state = BT_CONNECTED;
1276 rfcomm_process_connect(s);
1277 }
1278 return 0;
1279 }
1280
1281 /* Check if DLC exists */
1282 d = rfcomm_dlc_get(s, dlci);
1283 if (d) {
1284 if (d->state == BT_OPEN) {
1285 /* DLC was previously opened by PN request */
1286 rfcomm_check_accept(d);
1287 }
1288 return 0;
1289 }
1290
1291 /* Notify socket layer about incoming connection */
1292 channel = __srv_channel(dlci);
1293 if (rfcomm_connect_ind(s, channel, &d)) {
1294 d->dlci = dlci;
1295 d->addr = __addr(s->initiator, dlci);
1296 rfcomm_dlc_link(s, d);
1297
1298 rfcomm_check_accept(d);
1299 } else {
1300 rfcomm_send_dm(s, dlci);
1301 }
1302
1303 return 0;
1304 }
1305
1306 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1307 {
1308 struct rfcomm_session *s = d->session;
1309
1310 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1311 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1312
1313 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1314 pn->flow_ctrl == 0xe0) {
1315 d->cfc = RFCOMM_CFC_ENABLED;
1316 d->tx_credits = pn->credits;
1317 } else {
1318 d->cfc = RFCOMM_CFC_DISABLED;
1319 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1320 }
1321
1322 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1323 s->cfc = d->cfc;
1324
1325 d->priority = pn->priority;
1326
1327 d->mtu = __le16_to_cpu(pn->mtu);
1328
1329 if (cr && d->mtu > s->mtu)
1330 d->mtu = s->mtu;
1331
1332 return 0;
1333 }
1334
1335 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1336 {
1337 struct rfcomm_pn *pn = (void *) skb->data;
1338 struct rfcomm_dlc *d;
1339 u8 dlci = pn->dlci;
1340
1341 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1342
1343 if (!dlci)
1344 return 0;
1345
1346 d = rfcomm_dlc_get(s, dlci);
1347 if (d) {
1348 if (cr) {
1349 /* PN request */
1350 rfcomm_apply_pn(d, cr, pn);
1351 rfcomm_send_pn(s, 0, d);
1352 } else {
1353 /* PN response */
1354 switch (d->state) {
1355 case BT_CONFIG:
1356 rfcomm_apply_pn(d, cr, pn);
1357
1358 d->state = BT_CONNECT;
1359 rfcomm_send_sabm(s, d->dlci);
1360 break;
1361 }
1362 }
1363 } else {
1364 u8 channel = __srv_channel(dlci);
1365
1366 if (!cr)
1367 return 0;
1368
1369 /* PN request for non existing DLC.
1370 * Assume incoming connection. */
1371 if (rfcomm_connect_ind(s, channel, &d)) {
1372 d->dlci = dlci;
1373 d->addr = __addr(s->initiator, dlci);
1374 rfcomm_dlc_link(s, d);
1375
1376 rfcomm_apply_pn(d, cr, pn);
1377
1378 d->state = BT_OPEN;
1379 rfcomm_send_pn(s, 0, d);
1380 } else {
1381 rfcomm_send_dm(s, dlci);
1382 }
1383 }
1384 return 0;
1385 }
1386
1387 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1388 {
1389 struct rfcomm_rpn *rpn = (void *) skb->data;
1390 u8 dlci = __get_dlci(rpn->dlci);
1391
1392 u8 bit_rate = 0;
1393 u8 data_bits = 0;
1394 u8 stop_bits = 0;
1395 u8 parity = 0;
1396 u8 flow_ctrl = 0;
1397 u8 xon_char = 0;
1398 u8 xoff_char = 0;
1399 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1400
1401 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1402 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1403 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1404
1405 if (!cr)
1406 return 0;
1407
1408 if (len == 1) {
1409 /* This is a request, return default settings */
1410 bit_rate = RFCOMM_RPN_BR_115200;
1411 data_bits = RFCOMM_RPN_DATA_8;
1412 stop_bits = RFCOMM_RPN_STOP_1;
1413 parity = RFCOMM_RPN_PARITY_NONE;
1414 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1415 xon_char = RFCOMM_RPN_XON_CHAR;
1416 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1417 goto rpn_out;
1418 }
1419
1420 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1421 * no parity, no flow control lines, normal XON/XOFF chars */
1422
1423 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1424 bit_rate = rpn->bit_rate;
1425 if (bit_rate != RFCOMM_RPN_BR_115200) {
1426 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1427 bit_rate = RFCOMM_RPN_BR_115200;
1428 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1429 }
1430 }
1431
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1433 data_bits = __get_rpn_data_bits(rpn->line_settings);
1434 if (data_bits != RFCOMM_RPN_DATA_8) {
1435 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1436 data_bits = RFCOMM_RPN_DATA_8;
1437 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1438 }
1439 }
1440
1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1442 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1443 if (stop_bits != RFCOMM_RPN_STOP_1) {
1444 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1445 stop_bits = RFCOMM_RPN_STOP_1;
1446 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1447 }
1448 }
1449
1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1451 parity = __get_rpn_parity(rpn->line_settings);
1452 if (parity != RFCOMM_RPN_PARITY_NONE) {
1453 BT_DBG("RPN parity mismatch 0x%x", parity);
1454 parity = RFCOMM_RPN_PARITY_NONE;
1455 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1456 }
1457 }
1458
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1460 flow_ctrl = rpn->flow_ctrl;
1461 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1462 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1463 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1464 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1465 }
1466 }
1467
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1469 xon_char = rpn->xon_char;
1470 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1471 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1472 xon_char = RFCOMM_RPN_XON_CHAR;
1473 rpn_mask ^= RFCOMM_RPN_PM_XON;
1474 }
1475 }
1476
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1478 xoff_char = rpn->xoff_char;
1479 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1480 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1481 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1482 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1483 }
1484 }
1485
1486 rpn_out:
1487 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1488 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1489
1490 return 0;
1491 }
1492
1493 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1494 {
1495 struct rfcomm_rls *rls = (void *) skb->data;
1496 u8 dlci = __get_dlci(rls->dlci);
1497
1498 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1499
1500 if (!cr)
1501 return 0;
1502
1503 /* We should probably do something with this information here. But
1504 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1505 * mandatory to recognise and respond to RLS */
1506
1507 rfcomm_send_rls(s, 0, dlci, rls->status);
1508
1509 return 0;
1510 }
1511
1512 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1513 {
1514 struct rfcomm_msc *msc = (void *) skb->data;
1515 struct rfcomm_dlc *d;
1516 u8 dlci = __get_dlci(msc->dlci);
1517
1518 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1519
1520 d = rfcomm_dlc_get(s, dlci);
1521 if (!d)
1522 return 0;
1523
1524 if (cr) {
1525 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1526 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1527 else
1528 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1529
1530 rfcomm_dlc_lock(d);
1531
1532 d->remote_v24_sig = msc->v24_sig;
1533
1534 if (d->modem_status)
1535 d->modem_status(d, msc->v24_sig);
1536
1537 rfcomm_dlc_unlock(d);
1538
1539 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1540
1541 d->mscex |= RFCOMM_MSCEX_RX;
1542 } else
1543 d->mscex |= RFCOMM_MSCEX_TX;
1544
1545 return 0;
1546 }
1547
1548 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1549 {
1550 struct rfcomm_mcc *mcc = (void *) skb->data;
1551 u8 type, cr, len;
1552
1553 cr = __test_cr(mcc->type);
1554 type = __get_mcc_type(mcc->type);
1555 len = __get_mcc_len(mcc->len);
1556
1557 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1558
1559 skb_pull(skb, 2);
1560
1561 switch (type) {
1562 case RFCOMM_PN:
1563 rfcomm_recv_pn(s, cr, skb);
1564 break;
1565
1566 case RFCOMM_RPN:
1567 rfcomm_recv_rpn(s, cr, len, skb);
1568 break;
1569
1570 case RFCOMM_RLS:
1571 rfcomm_recv_rls(s, cr, skb);
1572 break;
1573
1574 case RFCOMM_MSC:
1575 rfcomm_recv_msc(s, cr, skb);
1576 break;
1577
1578 case RFCOMM_FCOFF:
1579 if (cr) {
1580 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1581 rfcomm_send_fcoff(s, 0);
1582 }
1583 break;
1584
1585 case RFCOMM_FCON:
1586 if (cr) {
1587 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1588 rfcomm_send_fcon(s, 0);
1589 }
1590 break;
1591
1592 case RFCOMM_TEST:
1593 if (cr)
1594 rfcomm_send_test(s, 0, skb->data, skb->len);
1595 break;
1596
1597 case RFCOMM_NSC:
1598 break;
1599
1600 default:
1601 BT_ERR("Unknown control type 0x%02x", type);
1602 rfcomm_send_nsc(s, cr, type);
1603 break;
1604 }
1605 return 0;
1606 }
1607
1608 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1609 {
1610 struct rfcomm_dlc *d;
1611
1612 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1613
1614 d = rfcomm_dlc_get(s, dlci);
1615 if (!d) {
1616 rfcomm_send_dm(s, dlci);
1617 goto drop;
1618 }
1619
1620 if (pf && d->cfc) {
1621 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1622
1623 d->tx_credits += credits;
1624 if (d->tx_credits)
1625 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1626 }
1627
1628 if (skb->len && d->state == BT_CONNECTED) {
1629 rfcomm_dlc_lock(d);
1630 d->rx_credits--;
1631 d->data_ready(d, skb);
1632 rfcomm_dlc_unlock(d);
1633 return 0;
1634 }
1635
1636 drop:
1637 kfree_skb(skb);
1638 return 0;
1639 }
1640
1641 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1642 {
1643 struct rfcomm_hdr *hdr = (void *) skb->data;
1644 u8 type, dlci, fcs;
1645
1646 dlci = __get_dlci(hdr->addr);
1647 type = __get_type(hdr->ctrl);
1648
1649 /* Trim FCS */
1650 skb->len--; skb->tail--;
1651 fcs = *(u8 *)skb_tail_pointer(skb);
1652
1653 if (__check_fcs(skb->data, type, fcs)) {
1654 BT_ERR("bad checksum in packet");
1655 kfree_skb(skb);
1656 return -EILSEQ;
1657 }
1658
1659 if (__test_ea(hdr->len))
1660 skb_pull(skb, 3);
1661 else
1662 skb_pull(skb, 4);
1663
1664 switch (type) {
1665 case RFCOMM_SABM:
1666 if (__test_pf(hdr->ctrl))
1667 rfcomm_recv_sabm(s, dlci);
1668 break;
1669
1670 case RFCOMM_DISC:
1671 if (__test_pf(hdr->ctrl))
1672 rfcomm_recv_disc(s, dlci);
1673 break;
1674
1675 case RFCOMM_UA:
1676 if (__test_pf(hdr->ctrl))
1677 rfcomm_recv_ua(s, dlci);
1678 break;
1679
1680 case RFCOMM_DM:
1681 rfcomm_recv_dm(s, dlci);
1682 break;
1683
1684 case RFCOMM_UIH:
1685 if (dlci)
1686 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1687
1688 rfcomm_recv_mcc(s, skb);
1689 break;
1690
1691 default:
1692 BT_ERR("Unknown packet type 0x%02x\n", type);
1693 break;
1694 }
1695 kfree_skb(skb);
1696 return 0;
1697 }
1698
1699 /* ---- Connection and data processing ---- */
1700
1701 static void rfcomm_process_connect(struct rfcomm_session *s)
1702 {
1703 struct rfcomm_dlc *d;
1704 struct list_head *p, *n;
1705
1706 BT_DBG("session %p state %ld", s, s->state);
1707
1708 list_for_each_safe(p, n, &s->dlcs) {
1709 d = list_entry(p, struct rfcomm_dlc, list);
1710 if (d->state == BT_CONFIG) {
1711 d->mtu = s->mtu;
1712 if (rfcomm_check_security(d)) {
1713 rfcomm_send_pn(s, 1, d);
1714 } else {
1715 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1716 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1717 }
1718 }
1719 }
1720 }
1721
1722 /* Send data queued for the DLC.
1723 * Return number of frames left in the queue.
1724 */
1725 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1726 {
1727 struct sk_buff *skb;
1728 int err;
1729
1730 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1731 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1732
1733 /* Send pending MSC */
1734 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1735 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1736
1737 if (d->cfc) {
1738 /* CFC enabled.
1739 * Give them some credits */
1740 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1741 d->rx_credits <= (d->cfc >> 2)) {
1742 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1743 d->rx_credits = d->cfc;
1744 }
1745 } else {
1746 /* CFC disabled.
1747 * Give ourselves some credits */
1748 d->tx_credits = 5;
1749 }
1750
1751 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1752 return skb_queue_len(&d->tx_queue);
1753
1754 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1755 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1756 if (err < 0) {
1757 skb_queue_head(&d->tx_queue, skb);
1758 break;
1759 }
1760 kfree_skb(skb);
1761 d->tx_credits--;
1762 }
1763
1764 if (d->cfc && !d->tx_credits) {
1765 /* We're out of TX credits.
1766 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1767 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1768 }
1769
1770 return skb_queue_len(&d->tx_queue);
1771 }
1772
1773 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1774 {
1775 struct rfcomm_dlc *d;
1776 struct list_head *p, *n;
1777
1778 BT_DBG("session %p state %ld", s, s->state);
1779
1780 list_for_each_safe(p, n, &s->dlcs) {
1781 d = list_entry(p, struct rfcomm_dlc, list);
1782
1783 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1784 __rfcomm_dlc_close(d, ETIMEDOUT);
1785 continue;
1786 }
1787
1788 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1789 rfcomm_dlc_clear_timer(d);
1790 if (d->out) {
1791 rfcomm_send_pn(s, 1, d);
1792 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1793 } else {
1794 if (d->defer_setup) {
1795 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1796 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1797
1798 rfcomm_dlc_lock(d);
1799 d->state = BT_CONNECT2;
1800 d->state_change(d, 0);
1801 rfcomm_dlc_unlock(d);
1802 } else
1803 rfcomm_dlc_accept(d);
1804 }
1805 continue;
1806 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1807 rfcomm_dlc_clear_timer(d);
1808 if (!d->out)
1809 rfcomm_send_dm(s, d->dlci);
1810 else
1811 d->state = BT_CLOSED;
1812 __rfcomm_dlc_close(d, ECONNREFUSED);
1813 continue;
1814 }
1815
1816 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1817 continue;
1818
1819 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1820 continue;
1821
1822 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1823 d->mscex == RFCOMM_MSCEX_OK)
1824 rfcomm_process_tx(d);
1825 }
1826 }
1827
1828 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1829 {
1830 struct socket *sock = s->sock;
1831 struct sock *sk = sock->sk;
1832 struct sk_buff *skb;
1833
1834 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1835
1836 /* Get data directly from socket receive queue without copying it. */
1837 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1838 skb_orphan(skb);
1839 rfcomm_recv_frame(s, skb);
1840 }
1841
1842 if (sk->sk_state == BT_CLOSED) {
1843 if (!s->initiator)
1844 rfcomm_session_put(s);
1845
1846 rfcomm_session_close(s, sk->sk_err);
1847 }
1848 }
1849
1850 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1851 {
1852 struct socket *sock = s->sock, *nsock;
1853 int err;
1854
1855 /* Fast check for a new connection.
1856 * Avoids unnesesary socket allocations. */
1857 if (list_empty(&bt_sk(sock->sk)->accept_q))
1858 return;
1859
1860 BT_DBG("session %p", s);
1861
1862 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1863 if (err < 0)
1864 return;
1865
1866 /* Set our callbacks */
1867 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1868 nsock->sk->sk_state_change = rfcomm_l2state_change;
1869
1870 s = rfcomm_session_add(nsock, BT_OPEN);
1871 if (s) {
1872 rfcomm_session_hold(s);
1873
1874 /* We should adjust MTU on incoming sessions.
1875 * L2CAP MTU minus UIH header and FCS. */
1876 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1877
1878 rfcomm_schedule(RFCOMM_SCHED_RX);
1879 } else
1880 sock_release(nsock);
1881 }
1882
1883 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1884 {
1885 struct sock *sk = s->sock->sk;
1886
1887 BT_DBG("%p state %ld", s, s->state);
1888
1889 switch(sk->sk_state) {
1890 case BT_CONNECTED:
1891 s->state = BT_CONNECT;
1892
1893 /* We can adjust MTU on outgoing sessions.
1894 * L2CAP MTU minus UIH header and FCS. */
1895 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1896
1897 rfcomm_send_sabm(s, 0);
1898 break;
1899
1900 case BT_CLOSED:
1901 s->state = BT_CLOSED;
1902 rfcomm_session_close(s, sk->sk_err);
1903 break;
1904 }
1905 }
1906
1907 static inline void rfcomm_process_sessions(void)
1908 {
1909 struct list_head *p, *n;
1910
1911 rfcomm_lock();
1912
1913 list_for_each_safe(p, n, &session_list) {
1914 struct rfcomm_session *s;
1915 s = list_entry(p, struct rfcomm_session, list);
1916
1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1918 s->state = BT_DISCONN;
1919 rfcomm_send_disc(s, 0);
1920 continue;
1921 }
1922
1923 if (s->state == BT_LISTEN) {
1924 rfcomm_accept_connection(s);
1925 continue;
1926 }
1927
1928 rfcomm_session_hold(s);
1929
1930 switch (s->state) {
1931 case BT_BOUND:
1932 rfcomm_check_connection(s);
1933 break;
1934
1935 default:
1936 rfcomm_process_rx(s);
1937 break;
1938 }
1939
1940 rfcomm_process_dlcs(s);
1941
1942 rfcomm_session_put(s);
1943 }
1944
1945 rfcomm_unlock();
1946 }
1947
1948 static int rfcomm_add_listener(bdaddr_t *ba)
1949 {
1950 struct sockaddr_l2 addr;
1951 struct socket *sock;
1952 struct sock *sk;
1953 struct rfcomm_session *s;
1954 int err = 0;
1955
1956 /* Create socket */
1957 err = rfcomm_l2sock_create(&sock);
1958 if (err < 0) {
1959 BT_ERR("Create socket failed %d", err);
1960 return err;
1961 }
1962
1963 /* Bind socket */
1964 bacpy(&addr.l2_bdaddr, ba);
1965 addr.l2_family = AF_BLUETOOTH;
1966 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1967 addr.l2_cid = 0;
1968 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1969 if (err < 0) {
1970 BT_ERR("Bind failed %d", err);
1971 goto failed;
1972 }
1973
1974 /* Set L2CAP options */
1975 sk = sock->sk;
1976 lock_sock(sk);
1977 l2cap_pi(sk)->imtu = l2cap_mtu;
1978 release_sock(sk);
1979
1980 /* Start listening on the socket */
1981 err = kernel_listen(sock, 10);
1982 if (err) {
1983 BT_ERR("Listen failed %d", err);
1984 goto failed;
1985 }
1986
1987 /* Add listening session */
1988 s = rfcomm_session_add(sock, BT_LISTEN);
1989 if (!s)
1990 goto failed;
1991
1992 rfcomm_session_hold(s);
1993 return 0;
1994 failed:
1995 sock_release(sock);
1996 return err;
1997 }
1998
1999 static void rfcomm_kill_listener(void)
2000 {
2001 struct rfcomm_session *s;
2002 struct list_head *p, *n;
2003
2004 BT_DBG("");
2005
2006 list_for_each_safe(p, n, &session_list) {
2007 s = list_entry(p, struct rfcomm_session, list);
2008 rfcomm_session_del(s);
2009 }
2010 }
2011
2012 static int rfcomm_run(void *unused)
2013 {
2014 BT_DBG("");
2015
2016 set_user_nice(current, -10);
2017
2018 rfcomm_add_listener(BDADDR_ANY);
2019
2020 while (!kthread_should_stop()) {
2021 set_current_state(TASK_INTERRUPTIBLE);
2022 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2023 /* No pending events. Let's sleep.
2024 * Incoming connections and data will wake us up. */
2025 schedule();
2026 }
2027 set_current_state(TASK_RUNNING);
2028
2029 /* Process stuff */
2030 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2031 rfcomm_process_sessions();
2032 }
2033
2034 rfcomm_kill_listener();
2035
2036 return 0;
2037 }
2038
2039 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2040 {
2041 struct rfcomm_session *s;
2042 struct rfcomm_dlc *d;
2043 struct list_head *p, *n;
2044
2045 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2046
2047 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2048 if (!s)
2049 return;
2050
2051 rfcomm_session_hold(s);
2052
2053 list_for_each_safe(p, n, &s->dlcs) {
2054 d = list_entry(p, struct rfcomm_dlc, list);
2055
2056 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2057 rfcomm_dlc_clear_timer(d);
2058 if (status || encrypt == 0x00) {
2059 __rfcomm_dlc_close(d, ECONNREFUSED);
2060 continue;
2061 }
2062 }
2063
2064 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2065 if (d->sec_level == BT_SECURITY_MEDIUM) {
2066 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2067 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2068 continue;
2069 } else if (d->sec_level == BT_SECURITY_HIGH) {
2070 __rfcomm_dlc_close(d, ECONNREFUSED);
2071 continue;
2072 }
2073 }
2074
2075 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2076 continue;
2077
2078 if (!status)
2079 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2080 else
2081 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2082 }
2083
2084 rfcomm_session_put(s);
2085
2086 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2087 }
2088
2089 static struct hci_cb rfcomm_cb = {
2090 .name = "RFCOMM",
2091 .security_cfm = rfcomm_security_cfm
2092 };
2093
2094 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2095 {
2096 struct rfcomm_session *s;
2097 struct list_head *pp, *p;
2098 char *str = buf;
2099
2100 rfcomm_lock();
2101
2102 list_for_each(p, &session_list) {
2103 s = list_entry(p, struct rfcomm_session, list);
2104 list_for_each(pp, &s->dlcs) {
2105 struct sock *sk = s->sock->sk;
2106 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2107
2108 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2109 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2110 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2111 }
2112 }
2113
2114 rfcomm_unlock();
2115
2116 return (str - buf);
2117 }
2118
2119 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2120
2121 /* ---- Initialization ---- */
2122 static int __init rfcomm_init(void)
2123 {
2124 int err;
2125
2126 l2cap_load();
2127
2128 hci_register_cb(&rfcomm_cb);
2129
2130 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2131 if (IS_ERR(rfcomm_thread)) {
2132 err = PTR_ERR(rfcomm_thread);
2133 goto unregister;
2134 }
2135
2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2137 BT_ERR("Failed to create RFCOMM info file");
2138
2139 err = rfcomm_init_ttys();
2140 if (err < 0)
2141 goto stop;
2142
2143 err = rfcomm_init_sockets();
2144 if (err < 0)
2145 goto cleanup;
2146
2147 BT_INFO("RFCOMM ver %s", VERSION);
2148
2149 return 0;
2150
2151 cleanup:
2152 rfcomm_cleanup_ttys();
2153
2154 stop:
2155 kthread_stop(rfcomm_thread);
2156
2157 unregister:
2158 hci_unregister_cb(&rfcomm_cb);
2159
2160 return err;
2161 }
2162
2163 static void __exit rfcomm_exit(void)
2164 {
2165 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2166
2167 hci_unregister_cb(&rfcomm_cb);
2168
2169 kthread_stop(rfcomm_thread);
2170
2171 rfcomm_cleanup_ttys();
2172
2173 rfcomm_cleanup_sockets();
2174 }
2175
2176 module_init(rfcomm_init);
2177 module_exit(rfcomm_exit);
2178
2179 module_param(disable_cfc, bool, 0644);
2180 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2181
2182 module_param(channel_mtu, int, 0644);
2183 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2184
2185 module_param(l2cap_mtu, uint, 0644);
2186 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2187
2188 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2189 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2190 MODULE_VERSION(VERSION);
2191 MODULE_LICENSE("GPL");
2192 MODULE_ALIAS("bt-proto-3");
Linux with added FPC-III support