1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/signal.h> 35 #include <linux/init.h> 36 #include <linux/freezer.h> 37 #include <linux/wait.h> 38 #include <linux/device.h> 39 #include <linux/net.h> 40 #include <linux/mutex.h> 41 42 #include <net/sock.h> 43 #include <asm/uaccess.h> 44 #include <asm/unaligned.h> 45 46 #include <net/bluetooth/bluetooth.h> 47 #include <net/bluetooth/hci_core.h> 48 #include <net/bluetooth/l2cap.h> 49 #include <net/bluetooth/rfcomm.h> 50 51 #ifndef CONFIG_BT_RFCOMM_DEBUG 52 #undef BT_DBG 53 #define BT_DBG(D...) 54 #endif 55 56 #define VERSION "1.8" 57 58 static int disable_cfc = 0; 59 static int channel_mtu = -1; 60 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 61 62 static struct task_struct *rfcomm_thread; 63 64 static DEFINE_MUTEX(rfcomm_mutex); 65 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 66 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 67 68 static unsigned long rfcomm_event; 69 70 static LIST_HEAD(session_list); 71 static atomic_t terminate, running; 72 73 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 74 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 75 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 76 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 77 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 78 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 79 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 80 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 81 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 82 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 83 84 static void rfcomm_process_connect(struct rfcomm_session *s); 85 86 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 87 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 88 static void rfcomm_session_del(struct rfcomm_session *s); 89 90 /* ---- RFCOMM frame parsing macros ---- */ 91 #define __get_dlci(b) ((b & 0xfc) >> 2) 92 #define __get_channel(b) ((b & 0xf8) >> 3) 93 #define __get_dir(b) ((b & 0x04) >> 2) 94 #define __get_type(b) ((b & 0xef)) 95 96 #define __test_ea(b) ((b & 0x01)) 97 #define __test_cr(b) ((b & 0x02)) 98 #define __test_pf(b) ((b & 0x10)) 99 100 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 101 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 102 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 103 #define __srv_channel(dlci) (dlci >> 1) 104 #define __dir(dlci) (dlci & 0x01) 105 106 #define __len8(len) (((len) << 1) | 1) 107 #define __len16(len) ((len) << 1) 108 109 /* MCC macros */ 110 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 111 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 112 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 113 114 /* RPN macros */ 115 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 116 #define __get_rpn_data_bits(line) ((line) & 0x3) 117 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 118 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 119 120 static inline void rfcomm_schedule(uint event) 121 { 122 if (!rfcomm_thread) 123 return; 124 //set_bit(event, &rfcomm_event); 125 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 126 wake_up_process(rfcomm_thread); 127 } 128 129 static inline void rfcomm_session_put(struct rfcomm_session *s) 130 { 131 if (atomic_dec_and_test(&s->refcnt)) 132 rfcomm_session_del(s); 133 } 134 135 /* ---- RFCOMM FCS computation ---- */ 136 137 /* reversed, 8-bit, poly=0x07 */ 138 static unsigned char rfcomm_crc_table[256] = { 139 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 140 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 141 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 142 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 143 144 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 145 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 146 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 147 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 148 149 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 150 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 151 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 152 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 153 154 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 155 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 156 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 157 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 158 159 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 160 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 161 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 162 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 163 164 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 165 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 166 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 167 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 168 169 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 170 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 171 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 172 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 173 174 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 175 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 176 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 177 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 178 }; 179 180 /* CRC on 2 bytes */ 181 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 182 183 /* FCS on 2 bytes */ 184 static inline u8 __fcs(u8 *data) 185 { 186 return (0xff - __crc(data)); 187 } 188 189 /* FCS on 3 bytes */ 190 static inline u8 __fcs2(u8 *data) 191 { 192 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 193 } 194 195 /* Check FCS */ 196 static inline int __check_fcs(u8 *data, int type, u8 fcs) 197 { 198 u8 f = __crc(data); 199 200 if (type != RFCOMM_UIH) 201 f = rfcomm_crc_table[f ^ data[2]]; 202 203 return rfcomm_crc_table[f ^ fcs] != 0xcf; 204 } 205 206 /* ---- L2CAP callbacks ---- */ 207 static void rfcomm_l2state_change(struct sock *sk) 208 { 209 BT_DBG("%p state %d", sk, sk->sk_state); 210 rfcomm_schedule(RFCOMM_SCHED_STATE); 211 } 212 213 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 214 { 215 BT_DBG("%p bytes %d", sk, bytes); 216 rfcomm_schedule(RFCOMM_SCHED_RX); 217 } 218 219 static int rfcomm_l2sock_create(struct socket **sock) 220 { 221 int err; 222 223 BT_DBG(""); 224 225 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 226 if (!err) { 227 struct sock *sk = (*sock)->sk; 228 sk->sk_data_ready = rfcomm_l2data_ready; 229 sk->sk_state_change = rfcomm_l2state_change; 230 } 231 return err; 232 } 233 234 /* ---- RFCOMM DLCs ---- */ 235 static void rfcomm_dlc_timeout(unsigned long arg) 236 { 237 struct rfcomm_dlc *d = (void *) arg; 238 239 BT_DBG("dlc %p state %ld", d, d->state); 240 241 set_bit(RFCOMM_TIMED_OUT, &d->flags); 242 rfcomm_dlc_put(d); 243 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 244 } 245 246 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 247 { 248 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 249 250 if (!mod_timer(&d->timer, jiffies + timeout)) 251 rfcomm_dlc_hold(d); 252 } 253 254 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 255 { 256 BT_DBG("dlc %p state %ld", d, d->state); 257 258 if (timer_pending(&d->timer) && del_timer(&d->timer)) 259 rfcomm_dlc_put(d); 260 } 261 262 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 263 { 264 BT_DBG("%p", d); 265 266 d->state = BT_OPEN; 267 d->flags = 0; 268 d->mscex = 0; 269 d->mtu = RFCOMM_DEFAULT_MTU; 270 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 271 272 d->cfc = RFCOMM_CFC_DISABLED; 273 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 274 } 275 276 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 277 { 278 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 279 280 if (!d) 281 return NULL; 282 283 init_timer(&d->timer); 284 d->timer.function = rfcomm_dlc_timeout; 285 d->timer.data = (unsigned long) d; 286 287 skb_queue_head_init(&d->tx_queue); 288 spin_lock_init(&d->lock); 289 atomic_set(&d->refcnt, 1); 290 291 rfcomm_dlc_clear_state(d); 292 293 BT_DBG("%p", d); 294 295 return d; 296 } 297 298 void rfcomm_dlc_free(struct rfcomm_dlc *d) 299 { 300 BT_DBG("%p", d); 301 302 skb_queue_purge(&d->tx_queue); 303 kfree(d); 304 } 305 306 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 307 { 308 BT_DBG("dlc %p session %p", d, s); 309 310 rfcomm_session_hold(s); 311 312 rfcomm_dlc_hold(d); 313 list_add(&d->list, &s->dlcs); 314 d->session = s; 315 } 316 317 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 318 { 319 struct rfcomm_session *s = d->session; 320 321 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 322 323 list_del(&d->list); 324 d->session = NULL; 325 rfcomm_dlc_put(d); 326 327 rfcomm_session_put(s); 328 } 329 330 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 331 { 332 struct rfcomm_dlc *d; 333 struct list_head *p; 334 335 list_for_each(p, &s->dlcs) { 336 d = list_entry(p, struct rfcomm_dlc, list); 337 if (d->dlci == dlci) 338 return d; 339 } 340 return NULL; 341 } 342 343 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 344 { 345 struct rfcomm_session *s; 346 int err = 0; 347 u8 dlci; 348 349 BT_DBG("dlc %p state %ld %s %s channel %d", 350 d, d->state, batostr(src), batostr(dst), channel); 351 352 if (channel < 1 || channel > 30) 353 return -EINVAL; 354 355 if (d->state != BT_OPEN && d->state != BT_CLOSED) 356 return 0; 357 358 s = rfcomm_session_get(src, dst); 359 if (!s) { 360 s = rfcomm_session_create(src, dst, &err); 361 if (!s) 362 return err; 363 } 364 365 dlci = __dlci(!s->initiator, channel); 366 367 /* Check if DLCI already exists */ 368 if (rfcomm_dlc_get(s, dlci)) 369 return -EBUSY; 370 371 rfcomm_dlc_clear_state(d); 372 373 d->dlci = dlci; 374 d->addr = __addr(s->initiator, dlci); 375 d->priority = 7; 376 377 d->state = BT_CONFIG; 378 rfcomm_dlc_link(s, d); 379 380 d->mtu = s->mtu; 381 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 382 383 if (s->state == BT_CONNECTED) 384 rfcomm_send_pn(s, 1, d); 385 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 386 return 0; 387 } 388 389 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 390 { 391 int r; 392 393 rfcomm_lock(); 394 395 r = __rfcomm_dlc_open(d, src, dst, channel); 396 397 rfcomm_unlock(); 398 return r; 399 } 400 401 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 402 { 403 struct rfcomm_session *s = d->session; 404 if (!s) 405 return 0; 406 407 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 408 d, d->state, d->dlci, err, s); 409 410 switch (d->state) { 411 case BT_CONNECTED: 412 case BT_CONFIG: 413 case BT_CONNECT: 414 d->state = BT_DISCONN; 415 if (skb_queue_empty(&d->tx_queue)) { 416 rfcomm_send_disc(s, d->dlci); 417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 418 } else { 419 rfcomm_queue_disc(d); 420 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 421 } 422 break; 423 424 default: 425 rfcomm_dlc_clear_timer(d); 426 427 rfcomm_dlc_lock(d); 428 d->state = BT_CLOSED; 429 d->state_change(d, err); 430 rfcomm_dlc_unlock(d); 431 432 skb_queue_purge(&d->tx_queue); 433 rfcomm_dlc_unlink(d); 434 } 435 436 return 0; 437 } 438 439 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 440 { 441 int r; 442 443 rfcomm_lock(); 444 445 r = __rfcomm_dlc_close(d, err); 446 447 rfcomm_unlock(); 448 return r; 449 } 450 451 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 452 { 453 int len = skb->len; 454 455 if (d->state != BT_CONNECTED) 456 return -ENOTCONN; 457 458 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 459 460 if (len > d->mtu) 461 return -EINVAL; 462 463 rfcomm_make_uih(skb, d->addr); 464 skb_queue_tail(&d->tx_queue, skb); 465 466 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 467 rfcomm_schedule(RFCOMM_SCHED_TX); 468 return len; 469 } 470 471 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 472 { 473 BT_DBG("dlc %p state %ld", d, d->state); 474 475 if (!d->cfc) { 476 d->v24_sig |= RFCOMM_V24_FC; 477 set_bit(RFCOMM_MSC_PENDING, &d->flags); 478 } 479 rfcomm_schedule(RFCOMM_SCHED_TX); 480 } 481 482 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 483 { 484 BT_DBG("dlc %p state %ld", d, d->state); 485 486 if (!d->cfc) { 487 d->v24_sig &= ~RFCOMM_V24_FC; 488 set_bit(RFCOMM_MSC_PENDING, &d->flags); 489 } 490 rfcomm_schedule(RFCOMM_SCHED_TX); 491 } 492 493 /* 494 Set/get modem status functions use _local_ status i.e. what we report 495 to the other side. 496 Remote status is provided by dlc->modem_status() callback. 497 */ 498 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 499 { 500 BT_DBG("dlc %p state %ld v24_sig 0x%x", 501 d, d->state, v24_sig); 502 503 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 504 v24_sig |= RFCOMM_V24_FC; 505 else 506 v24_sig &= ~RFCOMM_V24_FC; 507 508 d->v24_sig = v24_sig; 509 510 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 511 rfcomm_schedule(RFCOMM_SCHED_TX); 512 513 return 0; 514 } 515 516 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 517 { 518 BT_DBG("dlc %p state %ld v24_sig 0x%x", 519 d, d->state, d->v24_sig); 520 521 *v24_sig = d->v24_sig; 522 return 0; 523 } 524 525 /* ---- RFCOMM sessions ---- */ 526 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 527 { 528 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 529 530 if (!s) 531 return NULL; 532 533 BT_DBG("session %p sock %p", s, sock); 534 535 INIT_LIST_HEAD(&s->dlcs); 536 s->state = state; 537 s->sock = sock; 538 539 s->mtu = RFCOMM_DEFAULT_MTU; 540 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 541 542 /* Do not increment module usage count for listening sessions. 543 * Otherwise we won't be able to unload the module. */ 544 if (state != BT_LISTEN) 545 if (!try_module_get(THIS_MODULE)) { 546 kfree(s); 547 return NULL; 548 } 549 550 list_add(&s->list, &session_list); 551 552 return s; 553 } 554 555 static void rfcomm_session_del(struct rfcomm_session *s) 556 { 557 int state = s->state; 558 559 BT_DBG("session %p state %ld", s, s->state); 560 561 list_del(&s->list); 562 563 if (state == BT_CONNECTED) 564 rfcomm_send_disc(s, 0); 565 566 sock_release(s->sock); 567 kfree(s); 568 569 if (state != BT_LISTEN) 570 module_put(THIS_MODULE); 571 } 572 573 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 574 { 575 struct rfcomm_session *s; 576 struct list_head *p, *n; 577 struct bt_sock *sk; 578 list_for_each_safe(p, n, &session_list) { 579 s = list_entry(p, struct rfcomm_session, list); 580 sk = bt_sk(s->sock->sk); 581 582 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 583 !bacmp(&sk->dst, dst)) 584 return s; 585 } 586 return NULL; 587 } 588 589 static void rfcomm_session_close(struct rfcomm_session *s, int err) 590 { 591 struct rfcomm_dlc *d; 592 struct list_head *p, *n; 593 594 BT_DBG("session %p state %ld err %d", s, s->state, err); 595 596 rfcomm_session_hold(s); 597 598 s->state = BT_CLOSED; 599 600 /* Close all dlcs */ 601 list_for_each_safe(p, n, &s->dlcs) { 602 d = list_entry(p, struct rfcomm_dlc, list); 603 d->state = BT_CLOSED; 604 __rfcomm_dlc_close(d, err); 605 } 606 607 rfcomm_session_put(s); 608 } 609 610 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 611 { 612 struct rfcomm_session *s = NULL; 613 struct sockaddr_l2 addr; 614 struct socket *sock; 615 struct sock *sk; 616 617 BT_DBG("%s %s", batostr(src), batostr(dst)); 618 619 *err = rfcomm_l2sock_create(&sock); 620 if (*err < 0) 621 return NULL; 622 623 bacpy(&addr.l2_bdaddr, src); 624 addr.l2_family = AF_BLUETOOTH; 625 addr.l2_psm = 0; 626 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 627 if (*err < 0) 628 goto failed; 629 630 /* Set L2CAP options */ 631 sk = sock->sk; 632 lock_sock(sk); 633 l2cap_pi(sk)->imtu = l2cap_mtu; 634 release_sock(sk); 635 636 s = rfcomm_session_add(sock, BT_BOUND); 637 if (!s) { 638 *err = -ENOMEM; 639 goto failed; 640 } 641 642 s->initiator = 1; 643 644 bacpy(&addr.l2_bdaddr, dst); 645 addr.l2_family = AF_BLUETOOTH; 646 addr.l2_psm = htobs(RFCOMM_PSM); 647 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 648 if (*err == 0 || *err == -EINPROGRESS) 649 return s; 650 651 rfcomm_session_del(s); 652 return NULL; 653 654 failed: 655 sock_release(sock); 656 return NULL; 657 } 658 659 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 660 { 661 struct sock *sk = s->sock->sk; 662 if (src) 663 bacpy(src, &bt_sk(sk)->src); 664 if (dst) 665 bacpy(dst, &bt_sk(sk)->dst); 666 } 667 668 /* ---- RFCOMM frame sending ---- */ 669 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 670 { 671 struct socket *sock = s->sock; 672 struct kvec iv = { data, len }; 673 struct msghdr msg; 674 675 BT_DBG("session %p len %d", s, len); 676 677 memset(&msg, 0, sizeof(msg)); 678 679 return kernel_sendmsg(sock, &msg, &iv, 1, len); 680 } 681 682 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 683 { 684 struct rfcomm_cmd cmd; 685 686 BT_DBG("%p dlci %d", s, dlci); 687 688 cmd.addr = __addr(s->initiator, dlci); 689 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 690 cmd.len = __len8(0); 691 cmd.fcs = __fcs2((u8 *) &cmd); 692 693 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 694 } 695 696 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 697 { 698 struct rfcomm_cmd cmd; 699 700 BT_DBG("%p dlci %d", s, dlci); 701 702 cmd.addr = __addr(!s->initiator, dlci); 703 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 704 cmd.len = __len8(0); 705 cmd.fcs = __fcs2((u8 *) &cmd); 706 707 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 708 } 709 710 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 711 { 712 struct rfcomm_cmd cmd; 713 714 BT_DBG("%p dlci %d", s, dlci); 715 716 cmd.addr = __addr(s->initiator, dlci); 717 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 718 cmd.len = __len8(0); 719 cmd.fcs = __fcs2((u8 *) &cmd); 720 721 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 722 } 723 724 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 725 { 726 struct rfcomm_cmd *cmd; 727 struct sk_buff *skb; 728 729 BT_DBG("dlc %p dlci %d", d, d->dlci); 730 731 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 732 if (!skb) 733 return -ENOMEM; 734 735 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 736 cmd->addr = d->addr; 737 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 738 cmd->len = __len8(0); 739 cmd->fcs = __fcs2((u8 *) cmd); 740 741 skb_queue_tail(&d->tx_queue, skb); 742 rfcomm_schedule(RFCOMM_SCHED_TX); 743 return 0; 744 } 745 746 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 747 { 748 struct rfcomm_cmd cmd; 749 750 BT_DBG("%p dlci %d", s, dlci); 751 752 cmd.addr = __addr(!s->initiator, dlci); 753 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 754 cmd.len = __len8(0); 755 cmd.fcs = __fcs2((u8 *) &cmd); 756 757 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 758 } 759 760 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 761 { 762 struct rfcomm_hdr *hdr; 763 struct rfcomm_mcc *mcc; 764 u8 buf[16], *ptr = buf; 765 766 BT_DBG("%p cr %d type %d", s, cr, type); 767 768 hdr = (void *) ptr; ptr += sizeof(*hdr); 769 hdr->addr = __addr(s->initiator, 0); 770 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 771 hdr->len = __len8(sizeof(*mcc) + 1); 772 773 mcc = (void *) ptr; ptr += sizeof(*mcc); 774 mcc->type = __mcc_type(cr, RFCOMM_NSC); 775 mcc->len = __len8(1); 776 777 /* Type that we didn't like */ 778 *ptr = __mcc_type(cr, type); ptr++; 779 780 *ptr = __fcs(buf); ptr++; 781 782 return rfcomm_send_frame(s, buf, ptr - buf); 783 } 784 785 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 786 { 787 struct rfcomm_hdr *hdr; 788 struct rfcomm_mcc *mcc; 789 struct rfcomm_pn *pn; 790 u8 buf[16], *ptr = buf; 791 792 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 793 794 hdr = (void *) ptr; ptr += sizeof(*hdr); 795 hdr->addr = __addr(s->initiator, 0); 796 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 797 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 798 799 mcc = (void *) ptr; ptr += sizeof(*mcc); 800 mcc->type = __mcc_type(cr, RFCOMM_PN); 801 mcc->len = __len8(sizeof(*pn)); 802 803 pn = (void *) ptr; ptr += sizeof(*pn); 804 pn->dlci = d->dlci; 805 pn->priority = d->priority; 806 pn->ack_timer = 0; 807 pn->max_retrans = 0; 808 809 if (s->cfc) { 810 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 811 pn->credits = RFCOMM_DEFAULT_CREDITS; 812 } else { 813 pn->flow_ctrl = 0; 814 pn->credits = 0; 815 } 816 817 if (cr && channel_mtu >= 0) 818 pn->mtu = htobs(channel_mtu); 819 else 820 pn->mtu = htobs(d->mtu); 821 822 *ptr = __fcs(buf); ptr++; 823 824 return rfcomm_send_frame(s, buf, ptr - buf); 825 } 826 827 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 828 u8 bit_rate, u8 data_bits, u8 stop_bits, 829 u8 parity, u8 flow_ctrl_settings, 830 u8 xon_char, u8 xoff_char, u16 param_mask) 831 { 832 struct rfcomm_hdr *hdr; 833 struct rfcomm_mcc *mcc; 834 struct rfcomm_rpn *rpn; 835 u8 buf[16], *ptr = buf; 836 837 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 838 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 839 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 840 flow_ctrl_settings, xon_char, xoff_char, param_mask); 841 842 hdr = (void *) ptr; ptr += sizeof(*hdr); 843 hdr->addr = __addr(s->initiator, 0); 844 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 845 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 846 847 mcc = (void *) ptr; ptr += sizeof(*mcc); 848 mcc->type = __mcc_type(cr, RFCOMM_RPN); 849 mcc->len = __len8(sizeof(*rpn)); 850 851 rpn = (void *) ptr; ptr += sizeof(*rpn); 852 rpn->dlci = __addr(1, dlci); 853 rpn->bit_rate = bit_rate; 854 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 855 rpn->flow_ctrl = flow_ctrl_settings; 856 rpn->xon_char = xon_char; 857 rpn->xoff_char = xoff_char; 858 rpn->param_mask = cpu_to_le16(param_mask); 859 860 *ptr = __fcs(buf); ptr++; 861 862 return rfcomm_send_frame(s, buf, ptr - buf); 863 } 864 865 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 866 { 867 struct rfcomm_hdr *hdr; 868 struct rfcomm_mcc *mcc; 869 struct rfcomm_rls *rls; 870 u8 buf[16], *ptr = buf; 871 872 BT_DBG("%p cr %d status 0x%x", s, cr, status); 873 874 hdr = (void *) ptr; ptr += sizeof(*hdr); 875 hdr->addr = __addr(s->initiator, 0); 876 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 877 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 878 879 mcc = (void *) ptr; ptr += sizeof(*mcc); 880 mcc->type = __mcc_type(cr, RFCOMM_RLS); 881 mcc->len = __len8(sizeof(*rls)); 882 883 rls = (void *) ptr; ptr += sizeof(*rls); 884 rls->dlci = __addr(1, dlci); 885 rls->status = status; 886 887 *ptr = __fcs(buf); ptr++; 888 889 return rfcomm_send_frame(s, buf, ptr - buf); 890 } 891 892 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 893 { 894 struct rfcomm_hdr *hdr; 895 struct rfcomm_mcc *mcc; 896 struct rfcomm_msc *msc; 897 u8 buf[16], *ptr = buf; 898 899 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 900 901 hdr = (void *) ptr; ptr += sizeof(*hdr); 902 hdr->addr = __addr(s->initiator, 0); 903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 904 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 905 906 mcc = (void *) ptr; ptr += sizeof(*mcc); 907 mcc->type = __mcc_type(cr, RFCOMM_MSC); 908 mcc->len = __len8(sizeof(*msc)); 909 910 msc = (void *) ptr; ptr += sizeof(*msc); 911 msc->dlci = __addr(1, dlci); 912 msc->v24_sig = v24_sig | 0x01; 913 914 *ptr = __fcs(buf); ptr++; 915 916 return rfcomm_send_frame(s, buf, ptr - buf); 917 } 918 919 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 920 { 921 struct rfcomm_hdr *hdr; 922 struct rfcomm_mcc *mcc; 923 u8 buf[16], *ptr = buf; 924 925 BT_DBG("%p cr %d", s, cr); 926 927 hdr = (void *) ptr; ptr += sizeof(*hdr); 928 hdr->addr = __addr(s->initiator, 0); 929 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 930 hdr->len = __len8(sizeof(*mcc)); 931 932 mcc = (void *) ptr; ptr += sizeof(*mcc); 933 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 934 mcc->len = __len8(0); 935 936 *ptr = __fcs(buf); ptr++; 937 938 return rfcomm_send_frame(s, buf, ptr - buf); 939 } 940 941 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 942 { 943 struct rfcomm_hdr *hdr; 944 struct rfcomm_mcc *mcc; 945 u8 buf[16], *ptr = buf; 946 947 BT_DBG("%p cr %d", s, cr); 948 949 hdr = (void *) ptr; ptr += sizeof(*hdr); 950 hdr->addr = __addr(s->initiator, 0); 951 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 952 hdr->len = __len8(sizeof(*mcc)); 953 954 mcc = (void *) ptr; ptr += sizeof(*mcc); 955 mcc->type = __mcc_type(cr, RFCOMM_FCON); 956 mcc->len = __len8(0); 957 958 *ptr = __fcs(buf); ptr++; 959 960 return rfcomm_send_frame(s, buf, ptr - buf); 961 } 962 963 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 964 { 965 struct socket *sock = s->sock; 966 struct kvec iv[3]; 967 struct msghdr msg; 968 unsigned char hdr[5], crc[1]; 969 970 if (len > 125) 971 return -EINVAL; 972 973 BT_DBG("%p cr %d", s, cr); 974 975 hdr[0] = __addr(s->initiator, 0); 976 hdr[1] = __ctrl(RFCOMM_UIH, 0); 977 hdr[2] = 0x01 | ((len + 2) << 1); 978 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 979 hdr[4] = 0x01 | (len << 1); 980 981 crc[0] = __fcs(hdr); 982 983 iv[0].iov_base = hdr; 984 iv[0].iov_len = 5; 985 iv[1].iov_base = pattern; 986 iv[1].iov_len = len; 987 iv[2].iov_base = crc; 988 iv[2].iov_len = 1; 989 990 memset(&msg, 0, sizeof(msg)); 991 992 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 993 } 994 995 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 996 { 997 struct rfcomm_hdr *hdr; 998 u8 buf[16], *ptr = buf; 999 1000 BT_DBG("%p addr %d credits %d", s, addr, credits); 1001 1002 hdr = (void *) ptr; ptr += sizeof(*hdr); 1003 hdr->addr = addr; 1004 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1005 hdr->len = __len8(0); 1006 1007 *ptr = credits; ptr++; 1008 1009 *ptr = __fcs(buf); ptr++; 1010 1011 return rfcomm_send_frame(s, buf, ptr - buf); 1012 } 1013 1014 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1015 { 1016 struct rfcomm_hdr *hdr; 1017 int len = skb->len; 1018 u8 *crc; 1019 1020 if (len > 127) { 1021 hdr = (void *) skb_push(skb, 4); 1022 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1023 } else { 1024 hdr = (void *) skb_push(skb, 3); 1025 hdr->len = __len8(len); 1026 } 1027 hdr->addr = addr; 1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1029 1030 crc = skb_put(skb, 1); 1031 *crc = __fcs((void *) hdr); 1032 } 1033 1034 /* ---- RFCOMM frame reception ---- */ 1035 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1036 { 1037 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1038 1039 if (dlci) { 1040 /* Data channel */ 1041 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1042 if (!d) { 1043 rfcomm_send_dm(s, dlci); 1044 return 0; 1045 } 1046 1047 switch (d->state) { 1048 case BT_CONNECT: 1049 rfcomm_dlc_clear_timer(d); 1050 1051 rfcomm_dlc_lock(d); 1052 d->state = BT_CONNECTED; 1053 d->state_change(d, 0); 1054 rfcomm_dlc_unlock(d); 1055 1056 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1057 break; 1058 1059 case BT_DISCONN: 1060 d->state = BT_CLOSED; 1061 __rfcomm_dlc_close(d, 0); 1062 1063 if (list_empty(&s->dlcs)) { 1064 s->state = BT_DISCONN; 1065 rfcomm_send_disc(s, 0); 1066 } 1067 1068 break; 1069 } 1070 } else { 1071 /* Control channel */ 1072 switch (s->state) { 1073 case BT_CONNECT: 1074 s->state = BT_CONNECTED; 1075 rfcomm_process_connect(s); 1076 break; 1077 1078 case BT_DISCONN: 1079 rfcomm_session_put(s); 1080 break; 1081 } 1082 } 1083 return 0; 1084 } 1085 1086 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1087 { 1088 int err = 0; 1089 1090 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1091 1092 if (dlci) { 1093 /* Data DLC */ 1094 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1095 if (d) { 1096 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1097 err = ECONNREFUSED; 1098 else 1099 err = ECONNRESET; 1100 1101 d->state = BT_CLOSED; 1102 __rfcomm_dlc_close(d, err); 1103 } 1104 } else { 1105 if (s->state == BT_CONNECT) 1106 err = ECONNREFUSED; 1107 else 1108 err = ECONNRESET; 1109 1110 s->state = BT_CLOSED; 1111 rfcomm_session_close(s, err); 1112 } 1113 return 0; 1114 } 1115 1116 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1117 { 1118 int err = 0; 1119 1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1121 1122 if (dlci) { 1123 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1124 if (d) { 1125 rfcomm_send_ua(s, dlci); 1126 1127 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1128 err = ECONNREFUSED; 1129 else 1130 err = ECONNRESET; 1131 1132 d->state = BT_CLOSED; 1133 __rfcomm_dlc_close(d, err); 1134 } else 1135 rfcomm_send_dm(s, dlci); 1136 1137 } else { 1138 rfcomm_send_ua(s, 0); 1139 1140 if (s->state == BT_CONNECT) 1141 err = ECONNREFUSED; 1142 else 1143 err = ECONNRESET; 1144 1145 s->state = BT_CLOSED; 1146 rfcomm_session_close(s, err); 1147 } 1148 1149 return 0; 1150 } 1151 1152 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1153 { 1154 struct sock *sk = d->session->sock->sk; 1155 1156 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1157 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1158 return 1; 1159 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1160 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1161 return 1; 1162 } 1163 1164 return 0; 1165 } 1166 1167 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1168 { 1169 struct sock *sk = d->session->sock->sk; 1170 1171 BT_DBG("dlc %p", d); 1172 1173 rfcomm_send_ua(d->session, d->dlci); 1174 1175 rfcomm_dlc_lock(d); 1176 d->state = BT_CONNECTED; 1177 d->state_change(d, 0); 1178 rfcomm_dlc_unlock(d); 1179 1180 if (d->link_mode & RFCOMM_LM_MASTER) 1181 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1182 1183 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1184 } 1185 1186 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1187 { 1188 struct rfcomm_dlc *d; 1189 u8 channel; 1190 1191 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1192 1193 if (!dlci) { 1194 rfcomm_send_ua(s, 0); 1195 1196 if (s->state == BT_OPEN) { 1197 s->state = BT_CONNECTED; 1198 rfcomm_process_connect(s); 1199 } 1200 return 0; 1201 } 1202 1203 /* Check if DLC exists */ 1204 d = rfcomm_dlc_get(s, dlci); 1205 if (d) { 1206 if (d->state == BT_OPEN) { 1207 /* DLC was previously opened by PN request */ 1208 if (rfcomm_check_link_mode(d)) { 1209 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1210 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1211 return 0; 1212 } 1213 1214 rfcomm_dlc_accept(d); 1215 } 1216 return 0; 1217 } 1218 1219 /* Notify socket layer about incoming connection */ 1220 channel = __srv_channel(dlci); 1221 if (rfcomm_connect_ind(s, channel, &d)) { 1222 d->dlci = dlci; 1223 d->addr = __addr(s->initiator, dlci); 1224 rfcomm_dlc_link(s, d); 1225 1226 if (rfcomm_check_link_mode(d)) { 1227 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1228 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1229 return 0; 1230 } 1231 1232 rfcomm_dlc_accept(d); 1233 } else { 1234 rfcomm_send_dm(s, dlci); 1235 } 1236 1237 return 0; 1238 } 1239 1240 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1241 { 1242 struct rfcomm_session *s = d->session; 1243 1244 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1245 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1246 1247 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1248 pn->flow_ctrl == 0xe0) { 1249 d->cfc = RFCOMM_CFC_ENABLED; 1250 d->tx_credits = pn->credits; 1251 } else { 1252 d->cfc = RFCOMM_CFC_DISABLED; 1253 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1254 } 1255 1256 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1257 s->cfc = d->cfc; 1258 1259 d->priority = pn->priority; 1260 1261 d->mtu = btohs(pn->mtu); 1262 1263 if (cr && d->mtu > s->mtu) 1264 d->mtu = s->mtu; 1265 1266 return 0; 1267 } 1268 1269 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1270 { 1271 struct rfcomm_pn *pn = (void *) skb->data; 1272 struct rfcomm_dlc *d; 1273 u8 dlci = pn->dlci; 1274 1275 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1276 1277 if (!dlci) 1278 return 0; 1279 1280 d = rfcomm_dlc_get(s, dlci); 1281 if (d) { 1282 if (cr) { 1283 /* PN request */ 1284 rfcomm_apply_pn(d, cr, pn); 1285 rfcomm_send_pn(s, 0, d); 1286 } else { 1287 /* PN response */ 1288 switch (d->state) { 1289 case BT_CONFIG: 1290 rfcomm_apply_pn(d, cr, pn); 1291 1292 d->state = BT_CONNECT; 1293 rfcomm_send_sabm(s, d->dlci); 1294 break; 1295 } 1296 } 1297 } else { 1298 u8 channel = __srv_channel(dlci); 1299 1300 if (!cr) 1301 return 0; 1302 1303 /* PN request for non existing DLC. 1304 * Assume incoming connection. */ 1305 if (rfcomm_connect_ind(s, channel, &d)) { 1306 d->dlci = dlci; 1307 d->addr = __addr(s->initiator, dlci); 1308 rfcomm_dlc_link(s, d); 1309 1310 rfcomm_apply_pn(d, cr, pn); 1311 1312 d->state = BT_OPEN; 1313 rfcomm_send_pn(s, 0, d); 1314 } else { 1315 rfcomm_send_dm(s, dlci); 1316 } 1317 } 1318 return 0; 1319 } 1320 1321 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1322 { 1323 struct rfcomm_rpn *rpn = (void *) skb->data; 1324 u8 dlci = __get_dlci(rpn->dlci); 1325 1326 u8 bit_rate = 0; 1327 u8 data_bits = 0; 1328 u8 stop_bits = 0; 1329 u8 parity = 0; 1330 u8 flow_ctrl = 0; 1331 u8 xon_char = 0; 1332 u8 xoff_char = 0; 1333 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1334 1335 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1336 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1337 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1338 1339 if (!cr) 1340 return 0; 1341 1342 if (len == 1) { 1343 /* This is a request, return default settings */ 1344 bit_rate = RFCOMM_RPN_BR_115200; 1345 data_bits = RFCOMM_RPN_DATA_8; 1346 stop_bits = RFCOMM_RPN_STOP_1; 1347 parity = RFCOMM_RPN_PARITY_NONE; 1348 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1349 xon_char = RFCOMM_RPN_XON_CHAR; 1350 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1351 goto rpn_out; 1352 } 1353 1354 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1355 * no parity, no flow control lines, normal XON/XOFF chars */ 1356 1357 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1358 bit_rate = rpn->bit_rate; 1359 if (bit_rate != RFCOMM_RPN_BR_115200) { 1360 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1361 bit_rate = RFCOMM_RPN_BR_115200; 1362 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1363 } 1364 } 1365 1366 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1367 data_bits = __get_rpn_data_bits(rpn->line_settings); 1368 if (data_bits != RFCOMM_RPN_DATA_8) { 1369 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1370 data_bits = RFCOMM_RPN_DATA_8; 1371 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1372 } 1373 } 1374 1375 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1376 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1377 if (stop_bits != RFCOMM_RPN_STOP_1) { 1378 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1379 stop_bits = RFCOMM_RPN_STOP_1; 1380 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1381 } 1382 } 1383 1384 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1385 parity = __get_rpn_parity(rpn->line_settings); 1386 if (parity != RFCOMM_RPN_PARITY_NONE) { 1387 BT_DBG("RPN parity mismatch 0x%x", parity); 1388 parity = RFCOMM_RPN_PARITY_NONE; 1389 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1390 } 1391 } 1392 1393 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1394 flow_ctrl = rpn->flow_ctrl; 1395 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1396 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1397 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1398 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1399 } 1400 } 1401 1402 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1403 xon_char = rpn->xon_char; 1404 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1405 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1406 xon_char = RFCOMM_RPN_XON_CHAR; 1407 rpn_mask ^= RFCOMM_RPN_PM_XON; 1408 } 1409 } 1410 1411 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1412 xoff_char = rpn->xoff_char; 1413 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1414 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1415 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1416 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1417 } 1418 } 1419 1420 rpn_out: 1421 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1422 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1423 1424 return 0; 1425 } 1426 1427 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1428 { 1429 struct rfcomm_rls *rls = (void *) skb->data; 1430 u8 dlci = __get_dlci(rls->dlci); 1431 1432 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1433 1434 if (!cr) 1435 return 0; 1436 1437 /* We should probably do something with this information here. But 1438 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1439 * mandatory to recognise and respond to RLS */ 1440 1441 rfcomm_send_rls(s, 0, dlci, rls->status); 1442 1443 return 0; 1444 } 1445 1446 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1447 { 1448 struct rfcomm_msc *msc = (void *) skb->data; 1449 struct rfcomm_dlc *d; 1450 u8 dlci = __get_dlci(msc->dlci); 1451 1452 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1453 1454 d = rfcomm_dlc_get(s, dlci); 1455 if (!d) 1456 return 0; 1457 1458 if (cr) { 1459 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1460 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1461 else 1462 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1463 1464 rfcomm_dlc_lock(d); 1465 if (d->modem_status) 1466 d->modem_status(d, msc->v24_sig); 1467 rfcomm_dlc_unlock(d); 1468 1469 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1470 1471 d->mscex |= RFCOMM_MSCEX_RX; 1472 } else 1473 d->mscex |= RFCOMM_MSCEX_TX; 1474 1475 return 0; 1476 } 1477 1478 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1479 { 1480 struct rfcomm_mcc *mcc = (void *) skb->data; 1481 u8 type, cr, len; 1482 1483 cr = __test_cr(mcc->type); 1484 type = __get_mcc_type(mcc->type); 1485 len = __get_mcc_len(mcc->len); 1486 1487 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1488 1489 skb_pull(skb, 2); 1490 1491 switch (type) { 1492 case RFCOMM_PN: 1493 rfcomm_recv_pn(s, cr, skb); 1494 break; 1495 1496 case RFCOMM_RPN: 1497 rfcomm_recv_rpn(s, cr, len, skb); 1498 break; 1499 1500 case RFCOMM_RLS: 1501 rfcomm_recv_rls(s, cr, skb); 1502 break; 1503 1504 case RFCOMM_MSC: 1505 rfcomm_recv_msc(s, cr, skb); 1506 break; 1507 1508 case RFCOMM_FCOFF: 1509 if (cr) { 1510 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1511 rfcomm_send_fcoff(s, 0); 1512 } 1513 break; 1514 1515 case RFCOMM_FCON: 1516 if (cr) { 1517 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1518 rfcomm_send_fcon(s, 0); 1519 } 1520 break; 1521 1522 case RFCOMM_TEST: 1523 if (cr) 1524 rfcomm_send_test(s, 0, skb->data, skb->len); 1525 break; 1526 1527 case RFCOMM_NSC: 1528 break; 1529 1530 default: 1531 BT_ERR("Unknown control type 0x%02x", type); 1532 rfcomm_send_nsc(s, cr, type); 1533 break; 1534 } 1535 return 0; 1536 } 1537 1538 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1539 { 1540 struct rfcomm_dlc *d; 1541 1542 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1543 1544 d = rfcomm_dlc_get(s, dlci); 1545 if (!d) { 1546 rfcomm_send_dm(s, dlci); 1547 goto drop; 1548 } 1549 1550 if (pf && d->cfc) { 1551 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1552 1553 d->tx_credits += credits; 1554 if (d->tx_credits) 1555 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1556 } 1557 1558 if (skb->len && d->state == BT_CONNECTED) { 1559 rfcomm_dlc_lock(d); 1560 d->rx_credits--; 1561 d->data_ready(d, skb); 1562 rfcomm_dlc_unlock(d); 1563 return 0; 1564 } 1565 1566 drop: 1567 kfree_skb(skb); 1568 return 0; 1569 } 1570 1571 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1572 { 1573 struct rfcomm_hdr *hdr = (void *) skb->data; 1574 u8 type, dlci, fcs; 1575 1576 dlci = __get_dlci(hdr->addr); 1577 type = __get_type(hdr->ctrl); 1578 1579 /* Trim FCS */ 1580 skb->len--; skb->tail--; 1581 fcs = *(u8 *)skb_tail_pointer(skb); 1582 1583 if (__check_fcs(skb->data, type, fcs)) { 1584 BT_ERR("bad checksum in packet"); 1585 kfree_skb(skb); 1586 return -EILSEQ; 1587 } 1588 1589 if (__test_ea(hdr->len)) 1590 skb_pull(skb, 3); 1591 else 1592 skb_pull(skb, 4); 1593 1594 switch (type) { 1595 case RFCOMM_SABM: 1596 if (__test_pf(hdr->ctrl)) 1597 rfcomm_recv_sabm(s, dlci); 1598 break; 1599 1600 case RFCOMM_DISC: 1601 if (__test_pf(hdr->ctrl)) 1602 rfcomm_recv_disc(s, dlci); 1603 break; 1604 1605 case RFCOMM_UA: 1606 if (__test_pf(hdr->ctrl)) 1607 rfcomm_recv_ua(s, dlci); 1608 break; 1609 1610 case RFCOMM_DM: 1611 rfcomm_recv_dm(s, dlci); 1612 break; 1613 1614 case RFCOMM_UIH: 1615 if (dlci) 1616 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1617 1618 rfcomm_recv_mcc(s, skb); 1619 break; 1620 1621 default: 1622 BT_ERR("Unknown packet type 0x%02x\n", type); 1623 break; 1624 } 1625 kfree_skb(skb); 1626 return 0; 1627 } 1628 1629 /* ---- Connection and data processing ---- */ 1630 1631 static void rfcomm_process_connect(struct rfcomm_session *s) 1632 { 1633 struct rfcomm_dlc *d; 1634 struct list_head *p, *n; 1635 1636 BT_DBG("session %p state %ld", s, s->state); 1637 1638 list_for_each_safe(p, n, &s->dlcs) { 1639 d = list_entry(p, struct rfcomm_dlc, list); 1640 if (d->state == BT_CONFIG) { 1641 d->mtu = s->mtu; 1642 rfcomm_send_pn(s, 1, d); 1643 } 1644 } 1645 } 1646 1647 /* Send data queued for the DLC. 1648 * Return number of frames left in the queue. 1649 */ 1650 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1651 { 1652 struct sk_buff *skb; 1653 int err; 1654 1655 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1656 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1657 1658 /* Send pending MSC */ 1659 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1660 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1661 1662 if (d->cfc) { 1663 /* CFC enabled. 1664 * Give them some credits */ 1665 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1666 d->rx_credits <= (d->cfc >> 2)) { 1667 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1668 d->rx_credits = d->cfc; 1669 } 1670 } else { 1671 /* CFC disabled. 1672 * Give ourselves some credits */ 1673 d->tx_credits = 5; 1674 } 1675 1676 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1677 return skb_queue_len(&d->tx_queue); 1678 1679 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1680 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1681 if (err < 0) { 1682 skb_queue_head(&d->tx_queue, skb); 1683 break; 1684 } 1685 kfree_skb(skb); 1686 d->tx_credits--; 1687 } 1688 1689 if (d->cfc && !d->tx_credits) { 1690 /* We're out of TX credits. 1691 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1692 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1693 } 1694 1695 return skb_queue_len(&d->tx_queue); 1696 } 1697 1698 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1699 { 1700 struct rfcomm_dlc *d; 1701 struct list_head *p, *n; 1702 1703 BT_DBG("session %p state %ld", s, s->state); 1704 1705 list_for_each_safe(p, n, &s->dlcs) { 1706 d = list_entry(p, struct rfcomm_dlc, list); 1707 1708 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1709 __rfcomm_dlc_close(d, ETIMEDOUT); 1710 continue; 1711 } 1712 1713 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1714 rfcomm_dlc_clear_timer(d); 1715 rfcomm_dlc_accept(d); 1716 if (d->link_mode & RFCOMM_LM_SECURE) { 1717 struct sock *sk = s->sock->sk; 1718 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1719 } 1720 continue; 1721 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1722 rfcomm_dlc_clear_timer(d); 1723 rfcomm_send_dm(s, d->dlci); 1724 __rfcomm_dlc_close(d, ECONNREFUSED); 1725 continue; 1726 } 1727 1728 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1729 continue; 1730 1731 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1732 d->mscex == RFCOMM_MSCEX_OK) 1733 rfcomm_process_tx(d); 1734 } 1735 } 1736 1737 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1738 { 1739 struct socket *sock = s->sock; 1740 struct sock *sk = sock->sk; 1741 struct sk_buff *skb; 1742 1743 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1744 1745 /* Get data directly from socket receive queue without copying it. */ 1746 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1747 skb_orphan(skb); 1748 rfcomm_recv_frame(s, skb); 1749 } 1750 1751 if (sk->sk_state == BT_CLOSED) { 1752 if (!s->initiator) 1753 rfcomm_session_put(s); 1754 1755 rfcomm_session_close(s, sk->sk_err); 1756 } 1757 } 1758 1759 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1760 { 1761 struct socket *sock = s->sock, *nsock; 1762 int err; 1763 1764 /* Fast check for a new connection. 1765 * Avoids unnesesary socket allocations. */ 1766 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1767 return; 1768 1769 BT_DBG("session %p", s); 1770 1771 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1772 if (err < 0) 1773 return; 1774 1775 __module_get(nsock->ops->owner); 1776 1777 /* Set our callbacks */ 1778 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1779 nsock->sk->sk_state_change = rfcomm_l2state_change; 1780 1781 s = rfcomm_session_add(nsock, BT_OPEN); 1782 if (s) { 1783 rfcomm_session_hold(s); 1784 1785 /* We should adjust MTU on incoming sessions. 1786 * L2CAP MTU minus UIH header and FCS. */ 1787 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1788 1789 rfcomm_schedule(RFCOMM_SCHED_RX); 1790 } else 1791 sock_release(nsock); 1792 } 1793 1794 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1795 { 1796 struct sock *sk = s->sock->sk; 1797 1798 BT_DBG("%p state %ld", s, s->state); 1799 1800 switch(sk->sk_state) { 1801 case BT_CONNECTED: 1802 s->state = BT_CONNECT; 1803 1804 /* We can adjust MTU on outgoing sessions. 1805 * L2CAP MTU minus UIH header and FCS. */ 1806 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1807 1808 rfcomm_send_sabm(s, 0); 1809 break; 1810 1811 case BT_CLOSED: 1812 s->state = BT_CLOSED; 1813 rfcomm_session_close(s, sk->sk_err); 1814 break; 1815 } 1816 } 1817 1818 static inline void rfcomm_process_sessions(void) 1819 { 1820 struct list_head *p, *n; 1821 1822 rfcomm_lock(); 1823 1824 list_for_each_safe(p, n, &session_list) { 1825 struct rfcomm_session *s; 1826 s = list_entry(p, struct rfcomm_session, list); 1827 1828 if (s->state == BT_LISTEN) { 1829 rfcomm_accept_connection(s); 1830 continue; 1831 } 1832 1833 rfcomm_session_hold(s); 1834 1835 switch (s->state) { 1836 case BT_BOUND: 1837 rfcomm_check_connection(s); 1838 break; 1839 1840 default: 1841 rfcomm_process_rx(s); 1842 break; 1843 } 1844 1845 rfcomm_process_dlcs(s); 1846 1847 rfcomm_session_put(s); 1848 } 1849 1850 rfcomm_unlock(); 1851 } 1852 1853 static void rfcomm_worker(void) 1854 { 1855 BT_DBG(""); 1856 1857 while (!atomic_read(&terminate)) { 1858 set_current_state(TASK_INTERRUPTIBLE); 1859 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1860 /* No pending events. Let's sleep. 1861 * Incoming connections and data will wake us up. */ 1862 schedule(); 1863 } 1864 set_current_state(TASK_RUNNING); 1865 1866 /* Process stuff */ 1867 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1868 rfcomm_process_sessions(); 1869 } 1870 return; 1871 } 1872 1873 static int rfcomm_add_listener(bdaddr_t *ba) 1874 { 1875 struct sockaddr_l2 addr; 1876 struct socket *sock; 1877 struct sock *sk; 1878 struct rfcomm_session *s; 1879 int err = 0; 1880 1881 /* Create socket */ 1882 err = rfcomm_l2sock_create(&sock); 1883 if (err < 0) { 1884 BT_ERR("Create socket failed %d", err); 1885 return err; 1886 } 1887 1888 /* Bind socket */ 1889 bacpy(&addr.l2_bdaddr, ba); 1890 addr.l2_family = AF_BLUETOOTH; 1891 addr.l2_psm = htobs(RFCOMM_PSM); 1892 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1893 if (err < 0) { 1894 BT_ERR("Bind failed %d", err); 1895 goto failed; 1896 } 1897 1898 /* Set L2CAP options */ 1899 sk = sock->sk; 1900 lock_sock(sk); 1901 l2cap_pi(sk)->imtu = l2cap_mtu; 1902 release_sock(sk); 1903 1904 /* Start listening on the socket */ 1905 err = kernel_listen(sock, 10); 1906 if (err) { 1907 BT_ERR("Listen failed %d", err); 1908 goto failed; 1909 } 1910 1911 /* Add listening session */ 1912 s = rfcomm_session_add(sock, BT_LISTEN); 1913 if (!s) 1914 goto failed; 1915 1916 rfcomm_session_hold(s); 1917 return 0; 1918 failed: 1919 sock_release(sock); 1920 return err; 1921 } 1922 1923 static void rfcomm_kill_listener(void) 1924 { 1925 struct rfcomm_session *s; 1926 struct list_head *p, *n; 1927 1928 BT_DBG(""); 1929 1930 list_for_each_safe(p, n, &session_list) { 1931 s = list_entry(p, struct rfcomm_session, list); 1932 rfcomm_session_del(s); 1933 } 1934 } 1935 1936 static int rfcomm_run(void *unused) 1937 { 1938 rfcomm_thread = current; 1939 1940 atomic_inc(&running); 1941 1942 daemonize("krfcommd"); 1943 set_user_nice(current, -10); 1944 1945 BT_DBG(""); 1946 1947 rfcomm_add_listener(BDADDR_ANY); 1948 1949 rfcomm_worker(); 1950 1951 rfcomm_kill_listener(); 1952 1953 atomic_dec(&running); 1954 return 0; 1955 } 1956 1957 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1958 { 1959 struct rfcomm_session *s; 1960 struct rfcomm_dlc *d; 1961 struct list_head *p, *n; 1962 1963 BT_DBG("conn %p status 0x%02x", conn, status); 1964 1965 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1966 if (!s) 1967 return; 1968 1969 rfcomm_session_hold(s); 1970 1971 list_for_each_safe(p, n, &s->dlcs) { 1972 d = list_entry(p, struct rfcomm_dlc, list); 1973 1974 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1975 continue; 1976 1977 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1978 continue; 1979 1980 if (!status) 1981 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1982 else 1983 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1984 } 1985 1986 rfcomm_session_put(s); 1987 1988 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1989 } 1990 1991 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1992 { 1993 struct rfcomm_session *s; 1994 struct rfcomm_dlc *d; 1995 struct list_head *p, *n; 1996 1997 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1998 1999 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2000 if (!s) 2001 return; 2002 2003 rfcomm_session_hold(s); 2004 2005 list_for_each_safe(p, n, &s->dlcs) { 2006 d = list_entry(p, struct rfcomm_dlc, list); 2007 2008 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2009 continue; 2010 2011 if (!status && encrypt) 2012 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2013 else 2014 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2015 } 2016 2017 rfcomm_session_put(s); 2018 2019 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2020 } 2021 2022 static struct hci_cb rfcomm_cb = { 2023 .name = "RFCOMM", 2024 .auth_cfm = rfcomm_auth_cfm, 2025 .encrypt_cfm = rfcomm_encrypt_cfm 2026 }; 2027 2028 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2029 { 2030 struct rfcomm_session *s; 2031 struct list_head *pp, *p; 2032 char *str = buf; 2033 2034 rfcomm_lock(); 2035 2036 list_for_each(p, &session_list) { 2037 s = list_entry(p, struct rfcomm_session, list); 2038 list_for_each(pp, &s->dlcs) { 2039 struct sock *sk = s->sock->sk; 2040 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2041 2042 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2043 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2044 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2045 } 2046 } 2047 2048 rfcomm_unlock(); 2049 2050 return (str - buf); 2051 } 2052 2053 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2054 2055 /* ---- Initialization ---- */ 2056 static int __init rfcomm_init(void) 2057 { 2058 l2cap_load(); 2059 2060 hci_register_cb(&rfcomm_cb); 2061 2062 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2063 2064 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2065 BT_ERR("Failed to create RFCOMM info file"); 2066 2067 rfcomm_init_sockets(); 2068 2069 #ifdef CONFIG_BT_RFCOMM_TTY 2070 rfcomm_init_ttys(); 2071 #endif 2072 2073 BT_INFO("RFCOMM ver %s", VERSION); 2074 2075 return 0; 2076 } 2077 2078 static void __exit rfcomm_exit(void) 2079 { 2080 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2081 2082 hci_unregister_cb(&rfcomm_cb); 2083 2084 /* Terminate working thread. 2085 * ie. Set terminate flag and wake it up */ 2086 atomic_inc(&terminate); 2087 rfcomm_schedule(RFCOMM_SCHED_STATE); 2088 2089 /* Wait until thread is running */ 2090 while (atomic_read(&running)) 2091 schedule(); 2092 2093 #ifdef CONFIG_BT_RFCOMM_TTY 2094 rfcomm_cleanup_ttys(); 2095 #endif 2096 2097 rfcomm_cleanup_sockets(); 2098 } 2099 2100 module_init(rfcomm_init); 2101 module_exit(rfcomm_exit); 2102 2103 module_param(disable_cfc, bool, 0644); 2104 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2105 2106 module_param(channel_mtu, int, 0644); 2107 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2108 2109 module_param(l2cap_mtu, uint, 0644); 2110 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2111 2112 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2113 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2114 MODULE_VERSION(VERSION); 2115 MODULE_LICENSE("GPL"); 2116 MODULE_ALIAS("bt-proto-3"); 2117