search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
init from v2.6.32.60
[mach-moxart.git] / net / bluetooth / rfcomm / core.c
blobef3abf28c12039cd9d538b2f826a410dc647d545
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
39
40 #include <net/sock.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
48
49 #define VERSION "1.11"
50
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54
55 static struct task_struct *rfcomm_thread;
56
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
60
61 static unsigned long rfcomm_event;
62
63 static LIST_HEAD(session_list);
64
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
75
76 static void rfcomm_process_connect(struct rfcomm_session *s);
77
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
81
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
87
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
91
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
97
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
100
101 /* MCC macros */
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
105
106 /* RPN macros */
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
111
112 static inline void rfcomm_schedule(uint event)
113 {
114 if (!rfcomm_thread)
115 return;
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
119 }
120
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
122 {
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
125 }
126
127 /* ---- RFCOMM FCS computation ---- */
128
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
135
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
140
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
145
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
150
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
155
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
160
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
165
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
170 };
171
172 /* CRC on 2 bytes */
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
174
175 /* FCS on 2 bytes */
176 static inline u8 __fcs(u8 *data)
177 {
178 return (0xff - __crc(data));
179 }
180
181 /* FCS on 3 bytes */
182 static inline u8 __fcs2(u8 *data)
183 {
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
185 }
186
187 /* Check FCS */
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
189 {
190 u8 f = __crc(data);
191
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
194
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
196 }
197
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
200 {
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
203 }
204
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
206 {
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
209 }
210
211 static int rfcomm_l2sock_create(struct socket **sock)
212 {
213 int err;
214
215 BT_DBG("");
216
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
218 if (!err) {
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
222 }
223 return err;
224 }
225
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
227 {
228 struct sock *sk = d->session->sock->sk;
229 __u8 auth_type;
230
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
234 break;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
237 break;
238 default:
239 auth_type = HCI_AT_NO_BONDING;
240 break;
241 }
242
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
244 auth_type);
245 }
246
247 static void rfcomm_session_timeout(unsigned long arg)
248 {
249 struct rfcomm_session *s = (void *) arg;
250
251 BT_DBG("session %p state %ld", s, s->state);
252
253 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
255 }
256
257 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
258 {
259 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
260
261 if (!mod_timer(&s->timer, jiffies + timeout))
262 rfcomm_session_hold(s);
263 }
264
265 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
266 {
267 BT_DBG("session %p state %ld", s, s->state);
268
269 if (timer_pending(&s->timer) && del_timer(&s->timer))
270 rfcomm_session_put(s);
271 }
272
273 /* ---- RFCOMM DLCs ---- */
274 static void rfcomm_dlc_timeout(unsigned long arg)
275 {
276 struct rfcomm_dlc *d = (void *) arg;
277
278 BT_DBG("dlc %p state %ld", d, d->state);
279
280 set_bit(RFCOMM_TIMED_OUT, &d->flags);
281 rfcomm_dlc_put(d);
282 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
283 }
284
285 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
286 {
287 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
288
289 if (!mod_timer(&d->timer, jiffies + timeout))
290 rfcomm_dlc_hold(d);
291 }
292
293 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
294 {
295 BT_DBG("dlc %p state %ld", d, d->state);
296
297 if (timer_pending(&d->timer) && del_timer(&d->timer))
298 rfcomm_dlc_put(d);
299 }
300
301 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
302 {
303 BT_DBG("%p", d);
304
305 d->state = BT_OPEN;
306 d->flags = 0;
307 d->mscex = 0;
308 d->mtu = RFCOMM_DEFAULT_MTU;
309 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
310
311 d->cfc = RFCOMM_CFC_DISABLED;
312 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
313 }
314
315 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
316 {
317 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
318
319 if (!d)
320 return NULL;
321
322 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
323
324 skb_queue_head_init(&d->tx_queue);
325 spin_lock_init(&d->lock);
326 atomic_set(&d->refcnt, 1);
327
328 rfcomm_dlc_clear_state(d);
329
330 BT_DBG("%p", d);
331
332 return d;
333 }
334
335 void rfcomm_dlc_free(struct rfcomm_dlc *d)
336 {
337 BT_DBG("%p", d);
338
339 skb_queue_purge(&d->tx_queue);
340 kfree(d);
341 }
342
343 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
344 {
345 BT_DBG("dlc %p session %p", d, s);
346
347 rfcomm_session_hold(s);
348
349 rfcomm_session_clear_timer(s);
350 rfcomm_dlc_hold(d);
351 list_add(&d->list, &s->dlcs);
352 d->session = s;
353 }
354
355 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
356 {
357 struct rfcomm_session *s = d->session;
358
359 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
360
361 list_del(&d->list);
362 d->session = NULL;
363 rfcomm_dlc_put(d);
364
365 if (list_empty(&s->dlcs))
366 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
367
368 rfcomm_session_put(s);
369 }
370
371 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
372 {
373 struct rfcomm_dlc *d;
374 struct list_head *p;
375
376 list_for_each(p, &s->dlcs) {
377 d = list_entry(p, struct rfcomm_dlc, list);
378 if (d->dlci == dlci)
379 return d;
380 }
381 return NULL;
382 }
383
384 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
385 {
386 struct rfcomm_session *s;
387 int err = 0;
388 u8 dlci;
389
390 BT_DBG("dlc %p state %ld %s %s channel %d",
391 d, d->state, batostr(src), batostr(dst), channel);
392
393 if (channel < 1 || channel > 30)
394 return -EINVAL;
395
396 if (d->state != BT_OPEN && d->state != BT_CLOSED)
397 return 0;
398
399 s = rfcomm_session_get(src, dst);
400 if (!s) {
401 s = rfcomm_session_create(src, dst, &err);
402 if (!s)
403 return err;
404 }
405
406 dlci = __dlci(!s->initiator, channel);
407
408 /* Check if DLCI already exists */
409 if (rfcomm_dlc_get(s, dlci))
410 return -EBUSY;
411
412 rfcomm_dlc_clear_state(d);
413
414 d->dlci = dlci;
415 d->addr = __addr(s->initiator, dlci);
416 d->priority = 7;
417
418 d->state = BT_CONFIG;
419 rfcomm_dlc_link(s, d);
420
421 d->out = 1;
422
423 d->mtu = s->mtu;
424 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
425
426 if (s->state == BT_CONNECTED) {
427 if (rfcomm_check_security(d))
428 rfcomm_send_pn(s, 1, d);
429 else
430 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
431 }
432
433 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
434
435 return 0;
436 }
437
438 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
439 {
440 int r;
441
442 rfcomm_lock();
443
444 r = __rfcomm_dlc_open(d, src, dst, channel);
445
446 rfcomm_unlock();
447 return r;
448 }
449
450 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
451 {
452 struct rfcomm_session *s = d->session;
453 if (!s)
454 return 0;
455
456 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
457 d, d->state, d->dlci, err, s);
458
459 switch (d->state) {
460 case BT_CONNECT:
461 case BT_CONFIG:
462 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
463 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
464 rfcomm_schedule(RFCOMM_SCHED_AUTH);
465 break;
466 }
467 /* Fall through */
468
469 case BT_CONNECTED:
470 d->state = BT_DISCONN;
471 if (skb_queue_empty(&d->tx_queue)) {
472 rfcomm_send_disc(s, d->dlci);
473 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
474 } else {
475 rfcomm_queue_disc(d);
476 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
477 }
478 break;
479
480 case BT_OPEN:
481 case BT_CONNECT2:
482 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
483 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
484 rfcomm_schedule(RFCOMM_SCHED_AUTH);
485 break;
486 }
487 /* Fall through */
488
489 default:
490 rfcomm_dlc_clear_timer(d);
491
492 rfcomm_dlc_lock(d);
493 d->state = BT_CLOSED;
494 d->state_change(d, err);
495 rfcomm_dlc_unlock(d);
496
497 skb_queue_purge(&d->tx_queue);
498 rfcomm_dlc_unlink(d);
499 }
500
501 return 0;
502 }
503
504 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
505 {
506 int r;
507
508 rfcomm_lock();
509
510 r = __rfcomm_dlc_close(d, err);
511
512 rfcomm_unlock();
513 return r;
514 }
515
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
517 {
518 int len = skb->len;
519
520 if (d->state != BT_CONNECTED)
521 return -ENOTCONN;
522
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
524
525 if (len > d->mtu)
526 return -EINVAL;
527
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
530
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
532 rfcomm_schedule(RFCOMM_SCHED_TX);
533 return len;
534 }
535
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
537 {
538 BT_DBG("dlc %p state %ld", d, d->state);
539
540 if (!d->cfc) {
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
544 rfcomm_schedule(RFCOMM_SCHED_TX);
545 }
546
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
548 {
549 BT_DBG("dlc %p state %ld", d, d->state);
550
551 if (!d->cfc) {
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
554 }
555 rfcomm_schedule(RFCOMM_SCHED_TX);
556 }
557
558 /*
559 Set/get modem status functions use _local_ status i.e. what we report
560 to the other side.
561 Remote status is provided by dlc->modem_status() callback.
562 */
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564 {
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
567
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
570 else
571 v24_sig &= ~RFCOMM_V24_FC;
572
573 d->v24_sig = v24_sig;
574
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
576 rfcomm_schedule(RFCOMM_SCHED_TX);
577
578 return 0;
579 }
580
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582 {
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
585
586 *v24_sig = d->v24_sig;
587 return 0;
588 }
589
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592 {
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
594
595 if (!s)
596 return NULL;
597
598 BT_DBG("session %p sock %p", s, sock);
599
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601
602 INIT_LIST_HEAD(&s->dlcs);
603 s->state = state;
604 s->sock = sock;
605
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
608
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
613 kfree(s);
614 return NULL;
615 }
616
617 list_add(&s->list, &session_list);
618
619 return s;
620 }
621
622 static void rfcomm_session_del(struct rfcomm_session *s)
623 {
624 int state = s->state;
625
626 BT_DBG("session %p state %ld", s, s->state);
627
628 list_del(&s->list);
629
630 if (state == BT_CONNECTED)
631 rfcomm_send_disc(s, 0);
632
633 rfcomm_session_clear_timer(s);
634 sock_release(s->sock);
635 kfree(s);
636
637 if (state != BT_LISTEN)
638 module_put(THIS_MODULE);
639 }
640
641 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
642 {
643 struct rfcomm_session *s;
644 struct list_head *p, *n;
645 struct bt_sock *sk;
646 list_for_each_safe(p, n, &session_list) {
647 s = list_entry(p, struct rfcomm_session, list);
648 sk = bt_sk(s->sock->sk);
649
650 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
651 !bacmp(&sk->dst, dst))
652 return s;
653 }
654 return NULL;
655 }
656
657 static void rfcomm_session_close(struct rfcomm_session *s, int err)
658 {
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
661
662 BT_DBG("session %p state %ld err %d", s, s->state, err);
663
664 rfcomm_session_hold(s);
665
666 s->state = BT_CLOSED;
667
668 /* Close all dlcs */
669 list_for_each_safe(p, n, &s->dlcs) {
670 d = list_entry(p, struct rfcomm_dlc, list);
671 d->state = BT_CLOSED;
672 __rfcomm_dlc_close(d, err);
673 }
674
675 rfcomm_session_clear_timer(s);
676 rfcomm_session_put(s);
677 }
678
679 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
680 {
681 struct rfcomm_session *s = NULL;
682 struct sockaddr_l2 addr;
683 struct socket *sock;
684 struct sock *sk;
685
686 BT_DBG("%s %s", batostr(src), batostr(dst));
687
688 *err = rfcomm_l2sock_create(&sock);
689 if (*err < 0)
690 return NULL;
691
692 bacpy(&addr.l2_bdaddr, src);
693 addr.l2_family = AF_BLUETOOTH;
694 addr.l2_psm = 0;
695 addr.l2_cid = 0;
696 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
697 if (*err < 0)
698 goto failed;
699
700 /* Set L2CAP options */
701 sk = sock->sk;
702 lock_sock(sk);
703 l2cap_pi(sk)->imtu = l2cap_mtu;
704 release_sock(sk);
705
706 s = rfcomm_session_add(sock, BT_BOUND);
707 if (!s) {
708 *err = -ENOMEM;
709 goto failed;
710 }
711
712 s->initiator = 1;
713
714 bacpy(&addr.l2_bdaddr, dst);
715 addr.l2_family = AF_BLUETOOTH;
716 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
717 addr.l2_cid = 0;
718 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
719 if (*err == 0 || *err == -EINPROGRESS)
720 return s;
721
722 rfcomm_session_del(s);
723 return NULL;
724
725 failed:
726 sock_release(sock);
727 return NULL;
728 }
729
730 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
731 {
732 struct sock *sk = s->sock->sk;
733 if (src)
734 bacpy(src, &bt_sk(sk)->src);
735 if (dst)
736 bacpy(dst, &bt_sk(sk)->dst);
737 }
738
739 /* ---- RFCOMM frame sending ---- */
740 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
741 {
742 struct socket *sock = s->sock;
743 struct kvec iv = { data, len };
744 struct msghdr msg;
745
746 BT_DBG("session %p len %d", s, len);
747
748 memset(&msg, 0, sizeof(msg));
749
750 return kernel_sendmsg(sock, &msg, &iv, 1, len);
751 }
752
753 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
754 {
755 struct rfcomm_cmd cmd;
756
757 BT_DBG("%p dlci %d", s, dlci);
758
759 cmd.addr = __addr(s->initiator, dlci);
760 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
761 cmd.len = __len8(0);
762 cmd.fcs = __fcs2((u8 *) &cmd);
763
764 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
765 }
766
767 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
768 {
769 struct rfcomm_cmd cmd;
770
771 BT_DBG("%p dlci %d", s, dlci);
772
773 cmd.addr = __addr(!s->initiator, dlci);
774 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
775 cmd.len = __len8(0);
776 cmd.fcs = __fcs2((u8 *) &cmd);
777
778 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
779 }
780
781 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
782 {
783 struct rfcomm_cmd cmd;
784
785 BT_DBG("%p dlci %d", s, dlci);
786
787 cmd.addr = __addr(s->initiator, dlci);
788 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
789 cmd.len = __len8(0);
790 cmd.fcs = __fcs2((u8 *) &cmd);
791
792 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
793 }
794
795 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
796 {
797 struct rfcomm_cmd *cmd;
798 struct sk_buff *skb;
799
800 BT_DBG("dlc %p dlci %d", d, d->dlci);
801
802 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
803 if (!skb)
804 return -ENOMEM;
805
806 cmd = (void *) __skb_put(skb, sizeof(*cmd));
807 cmd->addr = d->addr;
808 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
809 cmd->len = __len8(0);
810 cmd->fcs = __fcs2((u8 *) cmd);
811
812 skb_queue_tail(&d->tx_queue, skb);
813 rfcomm_schedule(RFCOMM_SCHED_TX);
814 return 0;
815 }
816
817 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
818 {
819 struct rfcomm_cmd cmd;
820
821 BT_DBG("%p dlci %d", s, dlci);
822
823 cmd.addr = __addr(!s->initiator, dlci);
824 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
825 cmd.len = __len8(0);
826 cmd.fcs = __fcs2((u8 *) &cmd);
827
828 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
829 }
830
831 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
832 {
833 struct rfcomm_hdr *hdr;
834 struct rfcomm_mcc *mcc;
835 u8 buf[16], *ptr = buf;
836
837 BT_DBG("%p cr %d type %d", s, cr, type);
838
839 hdr = (void *) ptr; ptr += sizeof(*hdr);
840 hdr->addr = __addr(s->initiator, 0);
841 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
842 hdr->len = __len8(sizeof(*mcc) + 1);
843
844 mcc = (void *) ptr; ptr += sizeof(*mcc);
845 mcc->type = __mcc_type(cr, RFCOMM_NSC);
846 mcc->len = __len8(1);
847
848 /* Type that we didn't like */
849 *ptr = __mcc_type(cr, type); ptr++;
850
851 *ptr = __fcs(buf); ptr++;
852
853 return rfcomm_send_frame(s, buf, ptr - buf);
854 }
855
856 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
857 {
858 struct rfcomm_hdr *hdr;
859 struct rfcomm_mcc *mcc;
860 struct rfcomm_pn *pn;
861 u8 buf[16], *ptr = buf;
862
863 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
864
865 hdr = (void *) ptr; ptr += sizeof(*hdr);
866 hdr->addr = __addr(s->initiator, 0);
867 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
868 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
869
870 mcc = (void *) ptr; ptr += sizeof(*mcc);
871 mcc->type = __mcc_type(cr, RFCOMM_PN);
872 mcc->len = __len8(sizeof(*pn));
873
874 pn = (void *) ptr; ptr += sizeof(*pn);
875 pn->dlci = d->dlci;
876 pn->priority = d->priority;
877 pn->ack_timer = 0;
878 pn->max_retrans = 0;
879
880 if (s->cfc) {
881 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
882 pn->credits = RFCOMM_DEFAULT_CREDITS;
883 } else {
884 pn->flow_ctrl = 0;
885 pn->credits = 0;
886 }
887
888 if (cr && channel_mtu >= 0)
889 pn->mtu = cpu_to_le16(channel_mtu);
890 else
891 pn->mtu = cpu_to_le16(d->mtu);
892
893 *ptr = __fcs(buf); ptr++;
894
895 return rfcomm_send_frame(s, buf, ptr - buf);
896 }
897
898 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
899 u8 bit_rate, u8 data_bits, u8 stop_bits,
900 u8 parity, u8 flow_ctrl_settings,
901 u8 xon_char, u8 xoff_char, u16 param_mask)
902 {
903 struct rfcomm_hdr *hdr;
904 struct rfcomm_mcc *mcc;
905 struct rfcomm_rpn *rpn;
906 u8 buf[16], *ptr = buf;
907
908 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
909 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
910 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
911 flow_ctrl_settings, xon_char, xoff_char, param_mask);
912
913 hdr = (void *) ptr; ptr += sizeof(*hdr);
914 hdr->addr = __addr(s->initiator, 0);
915 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
916 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
917
918 mcc = (void *) ptr; ptr += sizeof(*mcc);
919 mcc->type = __mcc_type(cr, RFCOMM_RPN);
920 mcc->len = __len8(sizeof(*rpn));
921
922 rpn = (void *) ptr; ptr += sizeof(*rpn);
923 rpn->dlci = __addr(1, dlci);
924 rpn->bit_rate = bit_rate;
925 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
926 rpn->flow_ctrl = flow_ctrl_settings;
927 rpn->xon_char = xon_char;
928 rpn->xoff_char = xoff_char;
929 rpn->param_mask = cpu_to_le16(param_mask);
930
931 *ptr = __fcs(buf); ptr++;
932
933 return rfcomm_send_frame(s, buf, ptr - buf);
934 }
935
936 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
937 {
938 struct rfcomm_hdr *hdr;
939 struct rfcomm_mcc *mcc;
940 struct rfcomm_rls *rls;
941 u8 buf[16], *ptr = buf;
942
943 BT_DBG("%p cr %d status 0x%x", s, cr, status);
944
945 hdr = (void *) ptr; ptr += sizeof(*hdr);
946 hdr->addr = __addr(s->initiator, 0);
947 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
948 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
949
950 mcc = (void *) ptr; ptr += sizeof(*mcc);
951 mcc->type = __mcc_type(cr, RFCOMM_RLS);
952 mcc->len = __len8(sizeof(*rls));
953
954 rls = (void *) ptr; ptr += sizeof(*rls);
955 rls->dlci = __addr(1, dlci);
956 rls->status = status;
957
958 *ptr = __fcs(buf); ptr++;
959
960 return rfcomm_send_frame(s, buf, ptr - buf);
961 }
962
963 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
964 {
965 struct rfcomm_hdr *hdr;
966 struct rfcomm_mcc *mcc;
967 struct rfcomm_msc *msc;
968 u8 buf[16], *ptr = buf;
969
970 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
971
972 hdr = (void *) ptr; ptr += sizeof(*hdr);
973 hdr->addr = __addr(s->initiator, 0);
974 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
975 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
976
977 mcc = (void *) ptr; ptr += sizeof(*mcc);
978 mcc->type = __mcc_type(cr, RFCOMM_MSC);
979 mcc->len = __len8(sizeof(*msc));
980
981 msc = (void *) ptr; ptr += sizeof(*msc);
982 msc->dlci = __addr(1, dlci);
983 msc->v24_sig = v24_sig | 0x01;
984
985 *ptr = __fcs(buf); ptr++;
986
987 return rfcomm_send_frame(s, buf, ptr - buf);
988 }
989
990 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
991 {
992 struct rfcomm_hdr *hdr;
993 struct rfcomm_mcc *mcc;
994 u8 buf[16], *ptr = buf;
995
996 BT_DBG("%p cr %d", s, cr);
997
998 hdr = (void *) ptr; ptr += sizeof(*hdr);
999 hdr->addr = __addr(s->initiator, 0);
1000 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1001 hdr->len = __len8(sizeof(*mcc));
1002
1003 mcc = (void *) ptr; ptr += sizeof(*mcc);
1004 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1005 mcc->len = __len8(0);
1006
1007 *ptr = __fcs(buf); ptr++;
1008
1009 return rfcomm_send_frame(s, buf, ptr - buf);
1010 }
1011
1012 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1013 {
1014 struct rfcomm_hdr *hdr;
1015 struct rfcomm_mcc *mcc;
1016 u8 buf[16], *ptr = buf;
1017
1018 BT_DBG("%p cr %d", s, cr);
1019
1020 hdr = (void *) ptr; ptr += sizeof(*hdr);
1021 hdr->addr = __addr(s->initiator, 0);
1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1023 hdr->len = __len8(sizeof(*mcc));
1024
1025 mcc = (void *) ptr; ptr += sizeof(*mcc);
1026 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1027 mcc->len = __len8(0);
1028
1029 *ptr = __fcs(buf); ptr++;
1030
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1032 }
1033
1034 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1035 {
1036 struct socket *sock = s->sock;
1037 struct kvec iv[3];
1038 struct msghdr msg;
1039 unsigned char hdr[5], crc[1];
1040
1041 if (len > 125)
1042 return -EINVAL;
1043
1044 BT_DBG("%p cr %d", s, cr);
1045
1046 hdr[0] = __addr(s->initiator, 0);
1047 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1048 hdr[2] = 0x01 | ((len + 2) << 1);
1049 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1050 hdr[4] = 0x01 | (len << 1);
1051
1052 crc[0] = __fcs(hdr);
1053
1054 iv[0].iov_base = hdr;
1055 iv[0].iov_len = 5;
1056 iv[1].iov_base = pattern;
1057 iv[1].iov_len = len;
1058 iv[2].iov_base = crc;
1059 iv[2].iov_len = 1;
1060
1061 memset(&msg, 0, sizeof(msg));
1062
1063 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1064 }
1065
1066 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1067 {
1068 struct rfcomm_hdr *hdr;
1069 u8 buf[16], *ptr = buf;
1070
1071 BT_DBG("%p addr %d credits %d", s, addr, credits);
1072
1073 hdr = (void *) ptr; ptr += sizeof(*hdr);
1074 hdr->addr = addr;
1075 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1076 hdr->len = __len8(0);
1077
1078 *ptr = credits; ptr++;
1079
1080 *ptr = __fcs(buf); ptr++;
1081
1082 return rfcomm_send_frame(s, buf, ptr - buf);
1083 }
1084
1085 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1086 {
1087 struct rfcomm_hdr *hdr;
1088 int len = skb->len;
1089 u8 *crc;
1090
1091 if (len > 127) {
1092 hdr = (void *) skb_push(skb, 4);
1093 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1094 } else {
1095 hdr = (void *) skb_push(skb, 3);
1096 hdr->len = __len8(len);
1097 }
1098 hdr->addr = addr;
1099 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1100
1101 crc = skb_put(skb, 1);
1102 *crc = __fcs((void *) hdr);
1103 }
1104
1105 /* ---- RFCOMM frame reception ---- */
1106 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1107 {
1108 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1109
1110 if (dlci) {
1111 /* Data channel */
1112 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1113 if (!d) {
1114 rfcomm_send_dm(s, dlci);
1115 return 0;
1116 }
1117
1118 switch (d->state) {
1119 case BT_CONNECT:
1120 rfcomm_dlc_clear_timer(d);
1121
1122 rfcomm_dlc_lock(d);
1123 d->state = BT_CONNECTED;
1124 d->state_change(d, 0);
1125 rfcomm_dlc_unlock(d);
1126
1127 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1128 break;
1129
1130 case BT_DISCONN:
1131 d->state = BT_CLOSED;
1132 __rfcomm_dlc_close(d, 0);
1133
1134 if (list_empty(&s->dlcs)) {
1135 s->state = BT_DISCONN;
1136 rfcomm_send_disc(s, 0);
1137 }
1138
1139 break;
1140 }
1141 } else {
1142 /* Control channel */
1143 switch (s->state) {
1144 case BT_CONNECT:
1145 s->state = BT_CONNECTED;
1146 rfcomm_process_connect(s);
1147 break;
1148
1149 case BT_DISCONN:
1150 rfcomm_session_put(s);
1151 break;
1152 }
1153 }
1154 return 0;
1155 }
1156
1157 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1158 {
1159 int err = 0;
1160
1161 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1162
1163 if (dlci) {
1164 /* Data DLC */
1165 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1166 if (d) {
1167 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1168 err = ECONNREFUSED;
1169 else
1170 err = ECONNRESET;
1171
1172 d->state = BT_CLOSED;
1173 __rfcomm_dlc_close(d, err);
1174 }
1175 } else {
1176 if (s->state == BT_CONNECT)
1177 err = ECONNREFUSED;
1178 else
1179 err = ECONNRESET;
1180
1181 s->state = BT_CLOSED;
1182 rfcomm_session_close(s, err);
1183 }
1184 return 0;
1185 }
1186
1187 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1188 {
1189 int err = 0;
1190
1191 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1192
1193 if (dlci) {
1194 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1195 if (d) {
1196 rfcomm_send_ua(s, dlci);
1197
1198 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1199 err = ECONNREFUSED;
1200 else
1201 err = ECONNRESET;
1202
1203 d->state = BT_CLOSED;
1204 __rfcomm_dlc_close(d, err);
1205 } else
1206 rfcomm_send_dm(s, dlci);
1207
1208 } else {
1209 rfcomm_send_ua(s, 0);
1210
1211 if (s->state == BT_CONNECT)
1212 err = ECONNREFUSED;
1213 else
1214 err = ECONNRESET;
1215
1216 s->state = BT_CLOSED;
1217 rfcomm_session_close(s, err);
1218 }
1219
1220 return 0;
1221 }
1222
1223 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1224 {
1225 struct sock *sk = d->session->sock->sk;
1226
1227 BT_DBG("dlc %p", d);
1228
1229 rfcomm_send_ua(d->session, d->dlci);
1230
1231 rfcomm_dlc_clear_timer(d);
1232
1233 rfcomm_dlc_lock(d);
1234 d->state = BT_CONNECTED;
1235 d->state_change(d, 0);
1236 rfcomm_dlc_unlock(d);
1237
1238 if (d->role_switch)
1239 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1240
1241 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1242 }
1243
1244 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1245 {
1246 if (rfcomm_check_security(d)) {
1247 if (d->defer_setup) {
1248 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1249 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1250
1251 rfcomm_dlc_lock(d);
1252 d->state = BT_CONNECT2;
1253 d->state_change(d, 0);
1254 rfcomm_dlc_unlock(d);
1255 } else
1256 rfcomm_dlc_accept(d);
1257 } else {
1258 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1259 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1260 }
1261 }
1262
1263 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1264 {
1265 struct rfcomm_dlc *d;
1266 u8 channel;
1267
1268 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1269
1270 if (!dlci) {
1271 rfcomm_send_ua(s, 0);
1272
1273 if (s->state == BT_OPEN) {
1274 s->state = BT_CONNECTED;
1275 rfcomm_process_connect(s);
1276 }
1277 return 0;
1278 }
1279
1280 /* Check if DLC exists */
1281 d = rfcomm_dlc_get(s, dlci);
1282 if (d) {
1283 if (d->state == BT_OPEN) {
1284 /* DLC was previously opened by PN request */
1285 rfcomm_check_accept(d);
1286 }
1287 return 0;
1288 }
1289
1290 /* Notify socket layer about incoming connection */
1291 channel = __srv_channel(dlci);
1292 if (rfcomm_connect_ind(s, channel, &d)) {
1293 d->dlci = dlci;
1294 d->addr = __addr(s->initiator, dlci);
1295 rfcomm_dlc_link(s, d);
1296
1297 rfcomm_check_accept(d);
1298 } else {
1299 rfcomm_send_dm(s, dlci);
1300 }
1301
1302 return 0;
1303 }
1304
1305 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1306 {
1307 struct rfcomm_session *s = d->session;
1308
1309 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1310 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1311
1312 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1313 pn->flow_ctrl == 0xe0) {
1314 d->cfc = RFCOMM_CFC_ENABLED;
1315 d->tx_credits = pn->credits;
1316 } else {
1317 d->cfc = RFCOMM_CFC_DISABLED;
1318 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1319 }
1320
1321 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1322 s->cfc = d->cfc;
1323
1324 d->priority = pn->priority;
1325
1326 d->mtu = __le16_to_cpu(pn->mtu);
1327
1328 if (cr && d->mtu > s->mtu)
1329 d->mtu = s->mtu;
1330
1331 return 0;
1332 }
1333
1334 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1335 {
1336 struct rfcomm_pn *pn = (void *) skb->data;
1337 struct rfcomm_dlc *d;
1338 u8 dlci = pn->dlci;
1339
1340 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1341
1342 if (!dlci)
1343 return 0;
1344
1345 d = rfcomm_dlc_get(s, dlci);
1346 if (d) {
1347 if (cr) {
1348 /* PN request */
1349 rfcomm_apply_pn(d, cr, pn);
1350 rfcomm_send_pn(s, 0, d);
1351 } else {
1352 /* PN response */
1353 switch (d->state) {
1354 case BT_CONFIG:
1355 rfcomm_apply_pn(d, cr, pn);
1356
1357 d->state = BT_CONNECT;
1358 rfcomm_send_sabm(s, d->dlci);
1359 break;
1360 }
1361 }
1362 } else {
1363 u8 channel = __srv_channel(dlci);
1364
1365 if (!cr)
1366 return 0;
1367
1368 /* PN request for non existing DLC.
1369 * Assume incoming connection. */
1370 if (rfcomm_connect_ind(s, channel, &d)) {
1371 d->dlci = dlci;
1372 d->addr = __addr(s->initiator, dlci);
1373 rfcomm_dlc_link(s, d);
1374
1375 rfcomm_apply_pn(d, cr, pn);
1376
1377 d->state = BT_OPEN;
1378 rfcomm_send_pn(s, 0, d);
1379 } else {
1380 rfcomm_send_dm(s, dlci);
1381 }
1382 }
1383 return 0;
1384 }
1385
1386 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1387 {
1388 struct rfcomm_rpn *rpn = (void *) skb->data;
1389 u8 dlci = __get_dlci(rpn->dlci);
1390
1391 u8 bit_rate = 0;
1392 u8 data_bits = 0;
1393 u8 stop_bits = 0;
1394 u8 parity = 0;
1395 u8 flow_ctrl = 0;
1396 u8 xon_char = 0;
1397 u8 xoff_char = 0;
1398 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1399
1400 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1401 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1402 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1403
1404 if (!cr)
1405 return 0;
1406
1407 if (len == 1) {
1408 /* This is a request, return default settings */
1409 bit_rate = RFCOMM_RPN_BR_115200;
1410 data_bits = RFCOMM_RPN_DATA_8;
1411 stop_bits = RFCOMM_RPN_STOP_1;
1412 parity = RFCOMM_RPN_PARITY_NONE;
1413 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1414 xon_char = RFCOMM_RPN_XON_CHAR;
1415 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1416 goto rpn_out;
1417 }
1418
1419 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1420 * no parity, no flow control lines, normal XON/XOFF chars */
1421
1422 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1423 bit_rate = rpn->bit_rate;
1424 if (bit_rate != RFCOMM_RPN_BR_115200) {
1425 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1426 bit_rate = RFCOMM_RPN_BR_115200;
1427 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1428 }
1429 }
1430
1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1432 data_bits = __get_rpn_data_bits(rpn->line_settings);
1433 if (data_bits != RFCOMM_RPN_DATA_8) {
1434 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1435 data_bits = RFCOMM_RPN_DATA_8;
1436 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1437 }
1438 }
1439
1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1441 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1442 if (stop_bits != RFCOMM_RPN_STOP_1) {
1443 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1444 stop_bits = RFCOMM_RPN_STOP_1;
1445 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1446 }
1447 }
1448
1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1450 parity = __get_rpn_parity(rpn->line_settings);
1451 if (parity != RFCOMM_RPN_PARITY_NONE) {
1452 BT_DBG("RPN parity mismatch 0x%x", parity);
1453 parity = RFCOMM_RPN_PARITY_NONE;
1454 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1455 }
1456 }
1457
1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1459 flow_ctrl = rpn->flow_ctrl;
1460 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1461 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1462 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1463 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1464 }
1465 }
1466
1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1468 xon_char = rpn->xon_char;
1469 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1470 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1471 xon_char = RFCOMM_RPN_XON_CHAR;
1472 rpn_mask ^= RFCOMM_RPN_PM_XON;
1473 }
1474 }
1475
1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1477 xoff_char = rpn->xoff_char;
1478 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1479 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1480 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1481 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1482 }
1483 }
1484
1485 rpn_out:
1486 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1487 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1488
1489 return 0;
1490 }
1491
1492 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1493 {
1494 struct rfcomm_rls *rls = (void *) skb->data;
1495 u8 dlci = __get_dlci(rls->dlci);
1496
1497 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1498
1499 if (!cr)
1500 return 0;
1501
1502 /* We should probably do something with this information here. But
1503 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1504 * mandatory to recognise and respond to RLS */
1505
1506 rfcomm_send_rls(s, 0, dlci, rls->status);
1507
1508 return 0;
1509 }
1510
1511 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1512 {
1513 struct rfcomm_msc *msc = (void *) skb->data;
1514 struct rfcomm_dlc *d;
1515 u8 dlci = __get_dlci(msc->dlci);
1516
1517 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1518
1519 d = rfcomm_dlc_get(s, dlci);
1520 if (!d)
1521 return 0;
1522
1523 if (cr) {
1524 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1525 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1526 else
1527 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1528
1529 rfcomm_dlc_lock(d);
1530
1531 d->remote_v24_sig = msc->v24_sig;
1532
1533 if (d->modem_status)
1534 d->modem_status(d, msc->v24_sig);
1535
1536 rfcomm_dlc_unlock(d);
1537
1538 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1539
1540 d->mscex |= RFCOMM_MSCEX_RX;
1541 } else
1542 d->mscex |= RFCOMM_MSCEX_TX;
1543
1544 return 0;
1545 }
1546
1547 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1548 {
1549 struct rfcomm_mcc *mcc = (void *) skb->data;
1550 u8 type, cr, len;
1551
1552 cr = __test_cr(mcc->type);
1553 type = __get_mcc_type(mcc->type);
1554 len = __get_mcc_len(mcc->len);
1555
1556 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1557
1558 skb_pull(skb, 2);
1559
1560 switch (type) {
1561 case RFCOMM_PN:
1562 rfcomm_recv_pn(s, cr, skb);
1563 break;
1564
1565 case RFCOMM_RPN:
1566 rfcomm_recv_rpn(s, cr, len, skb);
1567 break;
1568
1569 case RFCOMM_RLS:
1570 rfcomm_recv_rls(s, cr, skb);
1571 break;
1572
1573 case RFCOMM_MSC:
1574 rfcomm_recv_msc(s, cr, skb);
1575 break;
1576
1577 case RFCOMM_FCOFF:
1578 if (cr) {
1579 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1580 rfcomm_send_fcoff(s, 0);
1581 }
1582 break;
1583
1584 case RFCOMM_FCON:
1585 if (cr) {
1586 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1587 rfcomm_send_fcon(s, 0);
1588 }
1589 break;
1590
1591 case RFCOMM_TEST:
1592 if (cr)
1593 rfcomm_send_test(s, 0, skb->data, skb->len);
1594 break;
1595
1596 case RFCOMM_NSC:
1597 break;
1598
1599 default:
1600 BT_ERR("Unknown control type 0x%02x", type);
1601 rfcomm_send_nsc(s, cr, type);
1602 break;
1603 }
1604 return 0;
1605 }
1606
1607 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1608 {
1609 struct rfcomm_dlc *d;
1610
1611 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1612
1613 d = rfcomm_dlc_get(s, dlci);
1614 if (!d) {
1615 rfcomm_send_dm(s, dlci);
1616 goto drop;
1617 }
1618
1619 if (pf && d->cfc) {
1620 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1621
1622 d->tx_credits += credits;
1623 if (d->tx_credits)
1624 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1625 }
1626
1627 if (skb->len && d->state == BT_CONNECTED) {
1628 rfcomm_dlc_lock(d);
1629 d->rx_credits--;
1630 d->data_ready(d, skb);
1631 rfcomm_dlc_unlock(d);
1632 return 0;
1633 }
1634
1635 drop:
1636 kfree_skb(skb);
1637 return 0;
1638 }
1639
1640 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1641 {
1642 struct rfcomm_hdr *hdr = (void *) skb->data;
1643 u8 type, dlci, fcs;
1644
1645 dlci = __get_dlci(hdr->addr);
1646 type = __get_type(hdr->ctrl);
1647
1648 /* Trim FCS */
1649 skb->len--; skb->tail--;
1650 fcs = *(u8 *)skb_tail_pointer(skb);
1651
1652 if (__check_fcs(skb->data, type, fcs)) {
1653 BT_ERR("bad checksum in packet");
1654 kfree_skb(skb);
1655 return -EILSEQ;
1656 }
1657
1658 if (__test_ea(hdr->len))
1659 skb_pull(skb, 3);
1660 else
1661 skb_pull(skb, 4);
1662
1663 switch (type) {
1664 case RFCOMM_SABM:
1665 if (__test_pf(hdr->ctrl))
1666 rfcomm_recv_sabm(s, dlci);
1667 break;
1668
1669 case RFCOMM_DISC:
1670 if (__test_pf(hdr->ctrl))
1671 rfcomm_recv_disc(s, dlci);
1672 break;
1673
1674 case RFCOMM_UA:
1675 if (__test_pf(hdr->ctrl))
1676 rfcomm_recv_ua(s, dlci);
1677 break;
1678
1679 case RFCOMM_DM:
1680 rfcomm_recv_dm(s, dlci);
1681 break;
1682
1683 case RFCOMM_UIH:
1684 if (dlci)
1685 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1686
1687 rfcomm_recv_mcc(s, skb);
1688 break;
1689
1690 default:
1691 BT_ERR("Unknown packet type 0x%02x\n", type);
1692 break;
1693 }
1694 kfree_skb(skb);
1695 return 0;
1696 }
1697
1698 /* ---- Connection and data processing ---- */
1699
1700 static void rfcomm_process_connect(struct rfcomm_session *s)
1701 {
1702 struct rfcomm_dlc *d;
1703 struct list_head *p, *n;
1704
1705 BT_DBG("session %p state %ld", s, s->state);
1706
1707 list_for_each_safe(p, n, &s->dlcs) {
1708 d = list_entry(p, struct rfcomm_dlc, list);
1709 if (d->state == BT_CONFIG) {
1710 d->mtu = s->mtu;
1711 if (rfcomm_check_security(d)) {
1712 rfcomm_send_pn(s, 1, d);
1713 } else {
1714 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1715 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1716 }
1717 }
1718 }
1719 }
1720
1721 /* Send data queued for the DLC.
1722 * Return number of frames left in the queue.
1723 */
1724 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1725 {
1726 struct sk_buff *skb;
1727 int err;
1728
1729 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1730 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1731
1732 /* Send pending MSC */
1733 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1734 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1735
1736 if (d->cfc) {
1737 /* CFC enabled.
1738 * Give them some credits */
1739 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1740 d->rx_credits <= (d->cfc >> 2)) {
1741 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1742 d->rx_credits = d->cfc;
1743 }
1744 } else {
1745 /* CFC disabled.
1746 * Give ourselves some credits */
1747 d->tx_credits = 5;
1748 }
1749
1750 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1751 return skb_queue_len(&d->tx_queue);
1752
1753 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1754 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1755 if (err < 0) {
1756 skb_queue_head(&d->tx_queue, skb);
1757 break;
1758 }
1759 kfree_skb(skb);
1760 d->tx_credits--;
1761 }
1762
1763 if (d->cfc && !d->tx_credits) {
1764 /* We're out of TX credits.
1765 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1766 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1767 }
1768
1769 return skb_queue_len(&d->tx_queue);
1770 }
1771
1772 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1773 {
1774 struct rfcomm_dlc *d;
1775 struct list_head *p, *n;
1776
1777 BT_DBG("session %p state %ld", s, s->state);
1778
1779 list_for_each_safe(p, n, &s->dlcs) {
1780 d = list_entry(p, struct rfcomm_dlc, list);
1781
1782 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1783 __rfcomm_dlc_close(d, ETIMEDOUT);
1784 continue;
1785 }
1786
1787 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1788 rfcomm_dlc_clear_timer(d);
1789 if (d->out) {
1790 rfcomm_send_pn(s, 1, d);
1791 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1792 } else {
1793 if (d->defer_setup) {
1794 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1795 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1796
1797 rfcomm_dlc_lock(d);
1798 d->state = BT_CONNECT2;
1799 d->state_change(d, 0);
1800 rfcomm_dlc_unlock(d);
1801 } else
1802 rfcomm_dlc_accept(d);
1803 }
1804 continue;
1805 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1806 rfcomm_dlc_clear_timer(d);
1807 if (!d->out)
1808 rfcomm_send_dm(s, d->dlci);
1809 else
1810 d->state = BT_CLOSED;
1811 __rfcomm_dlc_close(d, ECONNREFUSED);
1812 continue;
1813 }
1814
1815 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1816 continue;
1817
1818 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1819 continue;
1820
1821 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1822 d->mscex == RFCOMM_MSCEX_OK)
1823 rfcomm_process_tx(d);
1824 }
1825 }
1826
1827 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1828 {
1829 struct socket *sock = s->sock;
1830 struct sock *sk = sock->sk;
1831 struct sk_buff *skb;
1832
1833 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1834
1835 /* Get data directly from socket receive queue without copying it. */
1836 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1837 skb_orphan(skb);
1838 rfcomm_recv_frame(s, skb);
1839 }
1840
1841 if (sk->sk_state == BT_CLOSED) {
1842 if (!s->initiator)
1843 rfcomm_session_put(s);
1844
1845 rfcomm_session_close(s, sk->sk_err);
1846 }
1847 }
1848
1849 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1850 {
1851 struct socket *sock = s->sock, *nsock;
1852 int err;
1853
1854 /* Fast check for a new connection.
1855 * Avoids unnesesary socket allocations. */
1856 if (list_empty(&bt_sk(sock->sk)->accept_q))
1857 return;
1858
1859 BT_DBG("session %p", s);
1860
1861 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1862 if (err < 0)
1863 return;
1864
1865 /* Set our callbacks */
1866 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1867 nsock->sk->sk_state_change = rfcomm_l2state_change;
1868
1869 s = rfcomm_session_add(nsock, BT_OPEN);
1870 if (s) {
1871 rfcomm_session_hold(s);
1872
1873 /* We should adjust MTU on incoming sessions.
1874 * L2CAP MTU minus UIH header and FCS. */
1875 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1876
1877 rfcomm_schedule(RFCOMM_SCHED_RX);
1878 } else
1879 sock_release(nsock);
1880 }
1881
1882 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1883 {
1884 struct sock *sk = s->sock->sk;
1885
1886 BT_DBG("%p state %ld", s, s->state);
1887
1888 switch(sk->sk_state) {
1889 case BT_CONNECTED:
1890 s->state = BT_CONNECT;
1891
1892 /* We can adjust MTU on outgoing sessions.
1893 * L2CAP MTU minus UIH header and FCS. */
1894 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1895
1896 rfcomm_send_sabm(s, 0);
1897 break;
1898
1899 case BT_CLOSED:
1900 s->state = BT_CLOSED;
1901 rfcomm_session_close(s, sk->sk_err);
1902 break;
1903 }
1904 }
1905
1906 static inline void rfcomm_process_sessions(void)
1907 {
1908 struct list_head *p, *n;
1909
1910 rfcomm_lock();
1911
1912 list_for_each_safe(p, n, &session_list) {
1913 struct rfcomm_session *s;
1914 s = list_entry(p, struct rfcomm_session, list);
1915
1916 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1917 s->state = BT_DISCONN;
1918 rfcomm_send_disc(s, 0);
1919 rfcomm_session_put(s);
1920 continue;
1921 }
1922
1923 if (s->state == BT_LISTEN) {
1924 rfcomm_accept_connection(s);
1925 continue;
1926 }
1927
1928 rfcomm_session_hold(s);
1929
1930 switch (s->state) {
1931 case BT_BOUND:
1932 rfcomm_check_connection(s);
1933 break;
1934
1935 default:
1936 rfcomm_process_rx(s);
1937 break;
1938 }
1939
1940 rfcomm_process_dlcs(s);
1941
1942 rfcomm_session_put(s);
1943 }
1944
1945 rfcomm_unlock();
1946 }
1947
1948 static int rfcomm_add_listener(bdaddr_t *ba)
1949 {
1950 struct sockaddr_l2 addr;
1951 struct socket *sock;
1952 struct sock *sk;
1953 struct rfcomm_session *s;
1954 int err = 0;
1955
1956 /* Create socket */
1957 err = rfcomm_l2sock_create(&sock);
1958 if (err < 0) {
1959 BT_ERR("Create socket failed %d", err);
1960 return err;
1961 }
1962
1963 /* Bind socket */
1964 bacpy(&addr.l2_bdaddr, ba);
1965 addr.l2_family = AF_BLUETOOTH;
1966 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1967 addr.l2_cid = 0;
1968 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1969 if (err < 0) {
1970 BT_ERR("Bind failed %d", err);
1971 goto failed;
1972 }
1973
1974 /* Set L2CAP options */
1975 sk = sock->sk;
1976 lock_sock(sk);
1977 l2cap_pi(sk)->imtu = l2cap_mtu;
1978 release_sock(sk);
1979
1980 /* Start listening on the socket */
1981 err = kernel_listen(sock, 10);
1982 if (err) {
1983 BT_ERR("Listen failed %d", err);
1984 goto failed;
1985 }
1986
1987 /* Add listening session */
1988 s = rfcomm_session_add(sock, BT_LISTEN);
1989 if (!s)
1990 goto failed;
1991
1992 rfcomm_session_hold(s);
1993 return 0;
1994 failed:
1995 sock_release(sock);
1996 return err;
1997 }
1998
1999 static void rfcomm_kill_listener(void)
2000 {
2001 struct rfcomm_session *s;
2002 struct list_head *p, *n;
2003
2004 BT_DBG("");
2005
2006 list_for_each_safe(p, n, &session_list) {
2007 s = list_entry(p, struct rfcomm_session, list);
2008 rfcomm_session_del(s);
2009 }
2010 }
2011
2012 static int rfcomm_run(void *unused)
2013 {
2014 BT_DBG("");
2015
2016 set_user_nice(current, -10);
2017
2018 rfcomm_add_listener(BDADDR_ANY);
2019
2020 while (!kthread_should_stop()) {
2021 set_current_state(TASK_INTERRUPTIBLE);
2022 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2023 /* No pending events. Let's sleep.
2024 * Incoming connections and data will wake us up. */
2025 schedule();
2026 }
2027 set_current_state(TASK_RUNNING);
2028
2029 /* Process stuff */
2030 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2031 rfcomm_process_sessions();
2032 }
2033
2034 rfcomm_kill_listener();
2035
2036 return 0;
2037 }
2038
2039 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2040 {
2041 struct rfcomm_session *s;
2042 struct rfcomm_dlc *d;
2043 struct list_head *p, *n;
2044
2045 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2046
2047 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2048 if (!s)
2049 return;
2050
2051 rfcomm_session_hold(s);
2052
2053 list_for_each_safe(p, n, &s->dlcs) {
2054 d = list_entry(p, struct rfcomm_dlc, list);
2055
2056 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2057 rfcomm_dlc_clear_timer(d);
2058 if (status || encrypt == 0x00) {
2059 __rfcomm_dlc_close(d, ECONNREFUSED);
2060 continue;
2061 }
2062 }
2063
2064 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2065 if (d->sec_level == BT_SECURITY_MEDIUM) {
2066 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2067 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2068 continue;
2069 } else if (d->sec_level == BT_SECURITY_HIGH) {
2070 __rfcomm_dlc_close(d, ECONNREFUSED);
2071 continue;
2072 }
2073 }
2074
2075 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2076 continue;
2077
2078 if (!status)
2079 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2080 else
2081 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2082 }
2083
2084 rfcomm_session_put(s);
2085
2086 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2087 }
2088
2089 static struct hci_cb rfcomm_cb = {
2090 .name = "RFCOMM",
2091 .security_cfm = rfcomm_security_cfm
2092 };
2093
2094 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2095 {
2096 struct rfcomm_session *s;
2097 struct list_head *pp, *p;
2098 char *str = buf;
2099 int size = PAGE_SIZE;
2100
2101 rfcomm_lock();
2102
2103 list_for_each(p, &session_list) {
2104 s = list_entry(p, struct rfcomm_session, list);
2105 list_for_each(pp, &s->dlcs) {
2106 struct sock *sk = s->sock->sk;
2107 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2108 int len;
2109
2110 len = snprintf(str, size, "%s %s %ld %d %d %d %d\n",
2111 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2112 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2113
2114 size -= len;
2115 if (size <= 0)
2116 break;
2117
2118 str += len;
2119 }
2120
2121 if (size <= 0)
2122 break;
2123 }
2124
2125 rfcomm_unlock();
2126
2127 return (str - buf);
2128 }
2129
2130 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2131
2132 /* ---- Initialization ---- */
2133 static int __init rfcomm_init(void)
2134 {
2135 int err;
2136
2137 l2cap_load();
2138
2139 hci_register_cb(&rfcomm_cb);
2140
2141 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2142 if (IS_ERR(rfcomm_thread)) {
2143 err = PTR_ERR(rfcomm_thread);
2144 goto unregister;
2145 }
2146
2147 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2148 BT_ERR("Failed to create RFCOMM info file");
2149
2150 err = rfcomm_init_ttys();
2151 if (err < 0)
2152 goto stop;
2153
2154 err = rfcomm_init_sockets();
2155 if (err < 0)
2156 goto cleanup;
2157
2158 BT_INFO("RFCOMM ver %s", VERSION);
2159
2160 return 0;
2161
2162 cleanup:
2163 rfcomm_cleanup_ttys();
2164
2165 stop:
2166 kthread_stop(rfcomm_thread);
2167
2168 unregister:
2169 hci_unregister_cb(&rfcomm_cb);
2170
2171 return err;
2172 }
2173
2174 static void __exit rfcomm_exit(void)
2175 {
2176 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2177
2178 hci_unregister_cb(&rfcomm_cb);
2179
2180 kthread_stop(rfcomm_thread);
2181
2182 rfcomm_cleanup_ttys();
2183
2184 rfcomm_cleanup_sockets();
2185 }
2186
2187 module_init(rfcomm_init);
2188 module_exit(rfcomm_exit);
2189
2190 module_param(disable_cfc, bool, 0644);
2191 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2192
2193 module_param(channel_mtu, int, 0644);
2194 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2195
2196 module_param(l2cap_mtu, uint, 0644);
2197 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2198
2199 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2200 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2201 MODULE_VERSION(VERSION);
2202 MODULE_LICENSE("GPL");
2203 MODULE_ALIAS("bt-proto-3");
Linux MOXA ART SoC ARM port