1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/signal.h> 35 #include <linux/init.h> 36 #include <linux/wait.h> 37 #include <linux/device.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 42 #include <net/sock.h> 43 #include <asm/uaccess.h> 44 #include <asm/unaligned.h> 45 46 #include <net/bluetooth/bluetooth.h> 47 #include <net/bluetooth/hci_core.h> 48 #include <net/bluetooth/l2cap.h> 49 #include <net/bluetooth/rfcomm.h> 50 51 #ifndef CONFIG_BT_RFCOMM_DEBUG 52 #undef BT_DBG 53 #define BT_DBG(D...) 54 #endif 55 56 #define VERSION "1.8" 57 58 static int disable_cfc = 0; 59 static int channel_mtu = -1; 60 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 61 62 static struct task_struct *rfcomm_thread; 63 64 static DEFINE_MUTEX(rfcomm_mutex); 65 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 66 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 67 68 static unsigned long rfcomm_event; 69 70 static LIST_HEAD(session_list); 71 72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 75 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 82 83 static void rfcomm_process_connect(struct rfcomm_session *s); 84 85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87 static void rfcomm_session_del(struct rfcomm_session *s); 88 89 /* ---- RFCOMM frame parsing macros ---- */ 90 #define __get_dlci(b) ((b & 0xfc) >> 2) 91 #define __get_channel(b) ((b & 0xf8) >> 3) 92 #define __get_dir(b) ((b & 0x04) >> 2) 93 #define __get_type(b) ((b & 0xef)) 94 95 #define __test_ea(b) ((b & 0x01)) 96 #define __test_cr(b) ((b & 0x02)) 97 #define __test_pf(b) ((b & 0x10)) 98 99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102 #define __srv_channel(dlci) (dlci >> 1) 103 #define __dir(dlci) (dlci & 0x01) 104 105 #define __len8(len) (((len) << 1) | 1) 106 #define __len16(len) ((len) << 1) 107 108 /* MCC macros */ 109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 111 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113 /* RPN macros */ 114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115 #define __get_rpn_data_bits(line) ((line) & 0x3) 116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119 static inline void rfcomm_schedule(uint event) 120 { 121 if (!rfcomm_thread) 122 return; 123 //set_bit(event, &rfcomm_event); 124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 125 wake_up_process(rfcomm_thread); 126 } 127 128 static inline void rfcomm_session_put(struct rfcomm_session *s) 129 { 130 if (atomic_dec_and_test(&s->refcnt)) 131 rfcomm_session_del(s); 132 } 133 134 /* ---- RFCOMM FCS computation ---- */ 135 136 /* reversed, 8-bit, poly=0x07 */ 137 static unsigned char rfcomm_crc_table[256] = { 138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 142 143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 147 148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 152 153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 157 158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 162 163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 167 168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 172 173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 177 }; 178 179 /* CRC on 2 bytes */ 180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 181 182 /* FCS on 2 bytes */ 183 static inline u8 __fcs(u8 *data) 184 { 185 return (0xff - __crc(data)); 186 } 187 188 /* FCS on 3 bytes */ 189 static inline u8 __fcs2(u8 *data) 190 { 191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 192 } 193 194 /* Check FCS */ 195 static inline int __check_fcs(u8 *data, int type, u8 fcs) 196 { 197 u8 f = __crc(data); 198 199 if (type != RFCOMM_UIH) 200 f = rfcomm_crc_table[f ^ data[2]]; 201 202 return rfcomm_crc_table[f ^ fcs] != 0xcf; 203 } 204 205 /* ---- L2CAP callbacks ---- */ 206 static void rfcomm_l2state_change(struct sock *sk) 207 { 208 BT_DBG("%p state %d", sk, sk->sk_state); 209 rfcomm_schedule(RFCOMM_SCHED_STATE); 210 } 211 212 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 213 { 214 BT_DBG("%p bytes %d", sk, bytes); 215 rfcomm_schedule(RFCOMM_SCHED_RX); 216 } 217 218 static int rfcomm_l2sock_create(struct socket **sock) 219 { 220 int err; 221 222 BT_DBG(""); 223 224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 225 if (!err) { 226 struct sock *sk = (*sock)->sk; 227 sk->sk_data_ready = rfcomm_l2data_ready; 228 sk->sk_state_change = rfcomm_l2state_change; 229 } 230 return err; 231 } 232 233 /* ---- RFCOMM DLCs ---- */ 234 static void rfcomm_dlc_timeout(unsigned long arg) 235 { 236 struct rfcomm_dlc *d = (void *) arg; 237 238 BT_DBG("dlc %p state %ld", d, d->state); 239 240 set_bit(RFCOMM_TIMED_OUT, &d->flags); 241 rfcomm_dlc_put(d); 242 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 243 } 244 245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 246 { 247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 248 249 if (!mod_timer(&d->timer, jiffies + timeout)) 250 rfcomm_dlc_hold(d); 251 } 252 253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 254 { 255 BT_DBG("dlc %p state %ld", d, d->state); 256 257 if (timer_pending(&d->timer) && del_timer(&d->timer)) 258 rfcomm_dlc_put(d); 259 } 260 261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 262 { 263 BT_DBG("%p", d); 264 265 d->state = BT_OPEN; 266 d->flags = 0; 267 d->mscex = 0; 268 d->mtu = RFCOMM_DEFAULT_MTU; 269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 270 271 d->cfc = RFCOMM_CFC_DISABLED; 272 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 273 } 274 275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 276 { 277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 278 279 if (!d) 280 return NULL; 281 282 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 283 284 skb_queue_head_init(&d->tx_queue); 285 spin_lock_init(&d->lock); 286 atomic_set(&d->refcnt, 1); 287 288 rfcomm_dlc_clear_state(d); 289 290 BT_DBG("%p", d); 291 292 return d; 293 } 294 295 void rfcomm_dlc_free(struct rfcomm_dlc *d) 296 { 297 BT_DBG("%p", d); 298 299 skb_queue_purge(&d->tx_queue); 300 kfree(d); 301 } 302 303 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 304 { 305 BT_DBG("dlc %p session %p", d, s); 306 307 rfcomm_session_hold(s); 308 309 rfcomm_dlc_hold(d); 310 list_add(&d->list, &s->dlcs); 311 d->session = s; 312 } 313 314 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 315 { 316 struct rfcomm_session *s = d->session; 317 318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 319 320 list_del(&d->list); 321 d->session = NULL; 322 rfcomm_dlc_put(d); 323 324 rfcomm_session_put(s); 325 } 326 327 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 328 { 329 struct rfcomm_dlc *d; 330 struct list_head *p; 331 332 list_for_each(p, &s->dlcs) { 333 d = list_entry(p, struct rfcomm_dlc, list); 334 if (d->dlci == dlci) 335 return d; 336 } 337 return NULL; 338 } 339 340 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 341 { 342 struct rfcomm_session *s; 343 int err = 0; 344 u8 dlci; 345 346 BT_DBG("dlc %p state %ld %s %s channel %d", 347 d, d->state, batostr(src), batostr(dst), channel); 348 349 if (channel < 1 || channel > 30) 350 return -EINVAL; 351 352 if (d->state != BT_OPEN && d->state != BT_CLOSED) 353 return 0; 354 355 s = rfcomm_session_get(src, dst); 356 if (!s) { 357 s = rfcomm_session_create(src, dst, &err); 358 if (!s) 359 return err; 360 } 361 362 dlci = __dlci(!s->initiator, channel); 363 364 /* Check if DLCI already exists */ 365 if (rfcomm_dlc_get(s, dlci)) 366 return -EBUSY; 367 368 rfcomm_dlc_clear_state(d); 369 370 d->dlci = dlci; 371 d->addr = __addr(s->initiator, dlci); 372 d->priority = 7; 373 374 d->state = BT_CONFIG; 375 rfcomm_dlc_link(s, d); 376 377 d->mtu = s->mtu; 378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 379 380 if (s->state == BT_CONNECTED) 381 rfcomm_send_pn(s, 1, d); 382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 383 return 0; 384 } 385 386 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 387 { 388 int r; 389 390 rfcomm_lock(); 391 392 r = __rfcomm_dlc_open(d, src, dst, channel); 393 394 rfcomm_unlock(); 395 return r; 396 } 397 398 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 399 { 400 struct rfcomm_session *s = d->session; 401 if (!s) 402 return 0; 403 404 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 405 d, d->state, d->dlci, err, s); 406 407 switch (d->state) { 408 case BT_CONNECTED: 409 case BT_CONFIG: 410 case BT_CONNECT: 411 d->state = BT_DISCONN; 412 if (skb_queue_empty(&d->tx_queue)) { 413 rfcomm_send_disc(s, d->dlci); 414 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 415 } else { 416 rfcomm_queue_disc(d); 417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 418 } 419 break; 420 421 default: 422 rfcomm_dlc_clear_timer(d); 423 424 rfcomm_dlc_lock(d); 425 d->state = BT_CLOSED; 426 d->state_change(d, err); 427 rfcomm_dlc_unlock(d); 428 429 skb_queue_purge(&d->tx_queue); 430 rfcomm_dlc_unlink(d); 431 } 432 433 return 0; 434 } 435 436 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 437 { 438 int r; 439 440 rfcomm_lock(); 441 442 r = __rfcomm_dlc_close(d, err); 443 444 rfcomm_unlock(); 445 return r; 446 } 447 448 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 449 { 450 int len = skb->len; 451 452 if (d->state != BT_CONNECTED) 453 return -ENOTCONN; 454 455 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 456 457 if (len > d->mtu) 458 return -EINVAL; 459 460 rfcomm_make_uih(skb, d->addr); 461 skb_queue_tail(&d->tx_queue, skb); 462 463 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 464 rfcomm_schedule(RFCOMM_SCHED_TX); 465 return len; 466 } 467 468 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 469 { 470 BT_DBG("dlc %p state %ld", d, d->state); 471 472 if (!d->cfc) { 473 d->v24_sig |= RFCOMM_V24_FC; 474 set_bit(RFCOMM_MSC_PENDING, &d->flags); 475 } 476 rfcomm_schedule(RFCOMM_SCHED_TX); 477 } 478 479 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 480 { 481 BT_DBG("dlc %p state %ld", d, d->state); 482 483 if (!d->cfc) { 484 d->v24_sig &= ~RFCOMM_V24_FC; 485 set_bit(RFCOMM_MSC_PENDING, &d->flags); 486 } 487 rfcomm_schedule(RFCOMM_SCHED_TX); 488 } 489 490 /* 491 Set/get modem status functions use _local_ status i.e. what we report 492 to the other side. 493 Remote status is provided by dlc->modem_status() callback. 494 */ 495 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 496 { 497 BT_DBG("dlc %p state %ld v24_sig 0x%x", 498 d, d->state, v24_sig); 499 500 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 501 v24_sig |= RFCOMM_V24_FC; 502 else 503 v24_sig &= ~RFCOMM_V24_FC; 504 505 d->v24_sig = v24_sig; 506 507 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 508 rfcomm_schedule(RFCOMM_SCHED_TX); 509 510 return 0; 511 } 512 513 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 514 { 515 BT_DBG("dlc %p state %ld v24_sig 0x%x", 516 d, d->state, d->v24_sig); 517 518 *v24_sig = d->v24_sig; 519 return 0; 520 } 521 522 /* ---- RFCOMM sessions ---- */ 523 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 524 { 525 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 526 527 if (!s) 528 return NULL; 529 530 BT_DBG("session %p sock %p", s, sock); 531 532 INIT_LIST_HEAD(&s->dlcs); 533 s->state = state; 534 s->sock = sock; 535 536 s->mtu = RFCOMM_DEFAULT_MTU; 537 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 538 539 /* Do not increment module usage count for listening sessions. 540 * Otherwise we won't be able to unload the module. */ 541 if (state != BT_LISTEN) 542 if (!try_module_get(THIS_MODULE)) { 543 kfree(s); 544 return NULL; 545 } 546 547 list_add(&s->list, &session_list); 548 549 return s; 550 } 551 552 static void rfcomm_session_del(struct rfcomm_session *s) 553 { 554 int state = s->state; 555 556 BT_DBG("session %p state %ld", s, s->state); 557 558 list_del(&s->list); 559 560 if (state == BT_CONNECTED) 561 rfcomm_send_disc(s, 0); 562 563 sock_release(s->sock); 564 kfree(s); 565 566 if (state != BT_LISTEN) 567 module_put(THIS_MODULE); 568 } 569 570 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 571 { 572 struct rfcomm_session *s; 573 struct list_head *p, *n; 574 struct bt_sock *sk; 575 list_for_each_safe(p, n, &session_list) { 576 s = list_entry(p, struct rfcomm_session, list); 577 sk = bt_sk(s->sock->sk); 578 579 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 580 !bacmp(&sk->dst, dst)) 581 return s; 582 } 583 return NULL; 584 } 585 586 static void rfcomm_session_close(struct rfcomm_session *s, int err) 587 { 588 struct rfcomm_dlc *d; 589 struct list_head *p, *n; 590 591 BT_DBG("session %p state %ld err %d", s, s->state, err); 592 593 rfcomm_session_hold(s); 594 595 s->state = BT_CLOSED; 596 597 /* Close all dlcs */ 598 list_for_each_safe(p, n, &s->dlcs) { 599 d = list_entry(p, struct rfcomm_dlc, list); 600 d->state = BT_CLOSED; 601 __rfcomm_dlc_close(d, err); 602 } 603 604 rfcomm_session_put(s); 605 } 606 607 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 608 { 609 struct rfcomm_session *s = NULL; 610 struct sockaddr_l2 addr; 611 struct socket *sock; 612 struct sock *sk; 613 614 BT_DBG("%s %s", batostr(src), batostr(dst)); 615 616 *err = rfcomm_l2sock_create(&sock); 617 if (*err < 0) 618 return NULL; 619 620 bacpy(&addr.l2_bdaddr, src); 621 addr.l2_family = AF_BLUETOOTH; 622 addr.l2_psm = 0; 623 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 624 if (*err < 0) 625 goto failed; 626 627 /* Set L2CAP options */ 628 sk = sock->sk; 629 lock_sock(sk); 630 l2cap_pi(sk)->imtu = l2cap_mtu; 631 release_sock(sk); 632 633 s = rfcomm_session_add(sock, BT_BOUND); 634 if (!s) { 635 *err = -ENOMEM; 636 goto failed; 637 } 638 639 s->initiator = 1; 640 641 bacpy(&addr.l2_bdaddr, dst); 642 addr.l2_family = AF_BLUETOOTH; 643 addr.l2_psm = htobs(RFCOMM_PSM); 644 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 645 if (*err == 0 || *err == -EINPROGRESS) 646 return s; 647 648 rfcomm_session_del(s); 649 return NULL; 650 651 failed: 652 sock_release(sock); 653 return NULL; 654 } 655 656 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 657 { 658 struct sock *sk = s->sock->sk; 659 if (src) 660 bacpy(src, &bt_sk(sk)->src); 661 if (dst) 662 bacpy(dst, &bt_sk(sk)->dst); 663 } 664 665 /* ---- RFCOMM frame sending ---- */ 666 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 667 { 668 struct socket *sock = s->sock; 669 struct kvec iv = { data, len }; 670 struct msghdr msg; 671 672 BT_DBG("session %p len %d", s, len); 673 674 memset(&msg, 0, sizeof(msg)); 675 676 return kernel_sendmsg(sock, &msg, &iv, 1, len); 677 } 678 679 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 680 { 681 struct rfcomm_cmd cmd; 682 683 BT_DBG("%p dlci %d", s, dlci); 684 685 cmd.addr = __addr(s->initiator, dlci); 686 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 687 cmd.len = __len8(0); 688 cmd.fcs = __fcs2((u8 *) &cmd); 689 690 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 691 } 692 693 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 694 { 695 struct rfcomm_cmd cmd; 696 697 BT_DBG("%p dlci %d", s, dlci); 698 699 cmd.addr = __addr(!s->initiator, dlci); 700 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 701 cmd.len = __len8(0); 702 cmd.fcs = __fcs2((u8 *) &cmd); 703 704 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 705 } 706 707 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 708 { 709 struct rfcomm_cmd cmd; 710 711 BT_DBG("%p dlci %d", s, dlci); 712 713 cmd.addr = __addr(s->initiator, dlci); 714 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 715 cmd.len = __len8(0); 716 cmd.fcs = __fcs2((u8 *) &cmd); 717 718 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 719 } 720 721 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 722 { 723 struct rfcomm_cmd *cmd; 724 struct sk_buff *skb; 725 726 BT_DBG("dlc %p dlci %d", d, d->dlci); 727 728 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 729 if (!skb) 730 return -ENOMEM; 731 732 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 733 cmd->addr = d->addr; 734 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 735 cmd->len = __len8(0); 736 cmd->fcs = __fcs2((u8 *) cmd); 737 738 skb_queue_tail(&d->tx_queue, skb); 739 rfcomm_schedule(RFCOMM_SCHED_TX); 740 return 0; 741 } 742 743 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 744 { 745 struct rfcomm_cmd cmd; 746 747 BT_DBG("%p dlci %d", s, dlci); 748 749 cmd.addr = __addr(!s->initiator, dlci); 750 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 751 cmd.len = __len8(0); 752 cmd.fcs = __fcs2((u8 *) &cmd); 753 754 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 755 } 756 757 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 758 { 759 struct rfcomm_hdr *hdr; 760 struct rfcomm_mcc *mcc; 761 u8 buf[16], *ptr = buf; 762 763 BT_DBG("%p cr %d type %d", s, cr, type); 764 765 hdr = (void *) ptr; ptr += sizeof(*hdr); 766 hdr->addr = __addr(s->initiator, 0); 767 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 768 hdr->len = __len8(sizeof(*mcc) + 1); 769 770 mcc = (void *) ptr; ptr += sizeof(*mcc); 771 mcc->type = __mcc_type(cr, RFCOMM_NSC); 772 mcc->len = __len8(1); 773 774 /* Type that we didn't like */ 775 *ptr = __mcc_type(cr, type); ptr++; 776 777 *ptr = __fcs(buf); ptr++; 778 779 return rfcomm_send_frame(s, buf, ptr - buf); 780 } 781 782 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 783 { 784 struct rfcomm_hdr *hdr; 785 struct rfcomm_mcc *mcc; 786 struct rfcomm_pn *pn; 787 u8 buf[16], *ptr = buf; 788 789 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 790 791 hdr = (void *) ptr; ptr += sizeof(*hdr); 792 hdr->addr = __addr(s->initiator, 0); 793 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 794 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 795 796 mcc = (void *) ptr; ptr += sizeof(*mcc); 797 mcc->type = __mcc_type(cr, RFCOMM_PN); 798 mcc->len = __len8(sizeof(*pn)); 799 800 pn = (void *) ptr; ptr += sizeof(*pn); 801 pn->dlci = d->dlci; 802 pn->priority = d->priority; 803 pn->ack_timer = 0; 804 pn->max_retrans = 0; 805 806 if (s->cfc) { 807 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 808 pn->credits = RFCOMM_DEFAULT_CREDITS; 809 } else { 810 pn->flow_ctrl = 0; 811 pn->credits = 0; 812 } 813 814 if (cr && channel_mtu >= 0) 815 pn->mtu = htobs(channel_mtu); 816 else 817 pn->mtu = htobs(d->mtu); 818 819 *ptr = __fcs(buf); ptr++; 820 821 return rfcomm_send_frame(s, buf, ptr - buf); 822 } 823 824 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 825 u8 bit_rate, u8 data_bits, u8 stop_bits, 826 u8 parity, u8 flow_ctrl_settings, 827 u8 xon_char, u8 xoff_char, u16 param_mask) 828 { 829 struct rfcomm_hdr *hdr; 830 struct rfcomm_mcc *mcc; 831 struct rfcomm_rpn *rpn; 832 u8 buf[16], *ptr = buf; 833 834 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 835 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 836 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 837 flow_ctrl_settings, xon_char, xoff_char, param_mask); 838 839 hdr = (void *) ptr; ptr += sizeof(*hdr); 840 hdr->addr = __addr(s->initiator, 0); 841 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 842 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 843 844 mcc = (void *) ptr; ptr += sizeof(*mcc); 845 mcc->type = __mcc_type(cr, RFCOMM_RPN); 846 mcc->len = __len8(sizeof(*rpn)); 847 848 rpn = (void *) ptr; ptr += sizeof(*rpn); 849 rpn->dlci = __addr(1, dlci); 850 rpn->bit_rate = bit_rate; 851 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 852 rpn->flow_ctrl = flow_ctrl_settings; 853 rpn->xon_char = xon_char; 854 rpn->xoff_char = xoff_char; 855 rpn->param_mask = cpu_to_le16(param_mask); 856 857 *ptr = __fcs(buf); ptr++; 858 859 return rfcomm_send_frame(s, buf, ptr - buf); 860 } 861 862 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 863 { 864 struct rfcomm_hdr *hdr; 865 struct rfcomm_mcc *mcc; 866 struct rfcomm_rls *rls; 867 u8 buf[16], *ptr = buf; 868 869 BT_DBG("%p cr %d status 0x%x", s, cr, status); 870 871 hdr = (void *) ptr; ptr += sizeof(*hdr); 872 hdr->addr = __addr(s->initiator, 0); 873 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 874 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 875 876 mcc = (void *) ptr; ptr += sizeof(*mcc); 877 mcc->type = __mcc_type(cr, RFCOMM_RLS); 878 mcc->len = __len8(sizeof(*rls)); 879 880 rls = (void *) ptr; ptr += sizeof(*rls); 881 rls->dlci = __addr(1, dlci); 882 rls->status = status; 883 884 *ptr = __fcs(buf); ptr++; 885 886 return rfcomm_send_frame(s, buf, ptr - buf); 887 } 888 889 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 890 { 891 struct rfcomm_hdr *hdr; 892 struct rfcomm_mcc *mcc; 893 struct rfcomm_msc *msc; 894 u8 buf[16], *ptr = buf; 895 896 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 897 898 hdr = (void *) ptr; ptr += sizeof(*hdr); 899 hdr->addr = __addr(s->initiator, 0); 900 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 901 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 902 903 mcc = (void *) ptr; ptr += sizeof(*mcc); 904 mcc->type = __mcc_type(cr, RFCOMM_MSC); 905 mcc->len = __len8(sizeof(*msc)); 906 907 msc = (void *) ptr; ptr += sizeof(*msc); 908 msc->dlci = __addr(1, dlci); 909 msc->v24_sig = v24_sig | 0x01; 910 911 *ptr = __fcs(buf); ptr++; 912 913 return rfcomm_send_frame(s, buf, ptr - buf); 914 } 915 916 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 917 { 918 struct rfcomm_hdr *hdr; 919 struct rfcomm_mcc *mcc; 920 u8 buf[16], *ptr = buf; 921 922 BT_DBG("%p cr %d", s, cr); 923 924 hdr = (void *) ptr; ptr += sizeof(*hdr); 925 hdr->addr = __addr(s->initiator, 0); 926 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 927 hdr->len = __len8(sizeof(*mcc)); 928 929 mcc = (void *) ptr; ptr += sizeof(*mcc); 930 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 931 mcc->len = __len8(0); 932 933 *ptr = __fcs(buf); ptr++; 934 935 return rfcomm_send_frame(s, buf, ptr - buf); 936 } 937 938 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 939 { 940 struct rfcomm_hdr *hdr; 941 struct rfcomm_mcc *mcc; 942 u8 buf[16], *ptr = buf; 943 944 BT_DBG("%p cr %d", s, cr); 945 946 hdr = (void *) ptr; ptr += sizeof(*hdr); 947 hdr->addr = __addr(s->initiator, 0); 948 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 949 hdr->len = __len8(sizeof(*mcc)); 950 951 mcc = (void *) ptr; ptr += sizeof(*mcc); 952 mcc->type = __mcc_type(cr, RFCOMM_FCON); 953 mcc->len = __len8(0); 954 955 *ptr = __fcs(buf); ptr++; 956 957 return rfcomm_send_frame(s, buf, ptr - buf); 958 } 959 960 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 961 { 962 struct socket *sock = s->sock; 963 struct kvec iv[3]; 964 struct msghdr msg; 965 unsigned char hdr[5], crc[1]; 966 967 if (len > 125) 968 return -EINVAL; 969 970 BT_DBG("%p cr %d", s, cr); 971 972 hdr[0] = __addr(s->initiator, 0); 973 hdr[1] = __ctrl(RFCOMM_UIH, 0); 974 hdr[2] = 0x01 | ((len + 2) << 1); 975 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 976 hdr[4] = 0x01 | (len << 1); 977 978 crc[0] = __fcs(hdr); 979 980 iv[0].iov_base = hdr; 981 iv[0].iov_len = 5; 982 iv[1].iov_base = pattern; 983 iv[1].iov_len = len; 984 iv[2].iov_base = crc; 985 iv[2].iov_len = 1; 986 987 memset(&msg, 0, sizeof(msg)); 988 989 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 990 } 991 992 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 993 { 994 struct rfcomm_hdr *hdr; 995 u8 buf[16], *ptr = buf; 996 997 BT_DBG("%p addr %d credits %d", s, addr, credits); 998 999 hdr = (void *) ptr; ptr += sizeof(*hdr); 1000 hdr->addr = addr; 1001 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1002 hdr->len = __len8(0); 1003 1004 *ptr = credits; ptr++; 1005 1006 *ptr = __fcs(buf); ptr++; 1007 1008 return rfcomm_send_frame(s, buf, ptr - buf); 1009 } 1010 1011 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1012 { 1013 struct rfcomm_hdr *hdr; 1014 int len = skb->len; 1015 u8 *crc; 1016 1017 if (len > 127) { 1018 hdr = (void *) skb_push(skb, 4); 1019 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1020 } else { 1021 hdr = (void *) skb_push(skb, 3); 1022 hdr->len = __len8(len); 1023 } 1024 hdr->addr = addr; 1025 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1026 1027 crc = skb_put(skb, 1); 1028 *crc = __fcs((void *) hdr); 1029 } 1030 1031 /* ---- RFCOMM frame reception ---- */ 1032 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1033 { 1034 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1035 1036 if (dlci) { 1037 /* Data channel */ 1038 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1039 if (!d) { 1040 rfcomm_send_dm(s, dlci); 1041 return 0; 1042 } 1043 1044 switch (d->state) { 1045 case BT_CONNECT: 1046 rfcomm_dlc_clear_timer(d); 1047 1048 rfcomm_dlc_lock(d); 1049 d->state = BT_CONNECTED; 1050 d->state_change(d, 0); 1051 rfcomm_dlc_unlock(d); 1052 1053 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1054 break; 1055 1056 case BT_DISCONN: 1057 d->state = BT_CLOSED; 1058 __rfcomm_dlc_close(d, 0); 1059 1060 if (list_empty(&s->dlcs)) { 1061 s->state = BT_DISCONN; 1062 rfcomm_send_disc(s, 0); 1063 } 1064 1065 break; 1066 } 1067 } else { 1068 /* Control channel */ 1069 switch (s->state) { 1070 case BT_CONNECT: 1071 s->state = BT_CONNECTED; 1072 rfcomm_process_connect(s); 1073 break; 1074 1075 case BT_DISCONN: 1076 rfcomm_session_put(s); 1077 break; 1078 } 1079 } 1080 return 0; 1081 } 1082 1083 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1084 { 1085 int err = 0; 1086 1087 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1088 1089 if (dlci) { 1090 /* Data DLC */ 1091 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1092 if (d) { 1093 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1094 err = ECONNREFUSED; 1095 else 1096 err = ECONNRESET; 1097 1098 d->state = BT_CLOSED; 1099 __rfcomm_dlc_close(d, err); 1100 } 1101 } else { 1102 if (s->state == BT_CONNECT) 1103 err = ECONNREFUSED; 1104 else 1105 err = ECONNRESET; 1106 1107 s->state = BT_CLOSED; 1108 rfcomm_session_close(s, err); 1109 } 1110 return 0; 1111 } 1112 1113 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1114 { 1115 int err = 0; 1116 1117 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1118 1119 if (dlci) { 1120 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1121 if (d) { 1122 rfcomm_send_ua(s, dlci); 1123 1124 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1125 err = ECONNREFUSED; 1126 else 1127 err = ECONNRESET; 1128 1129 d->state = BT_CLOSED; 1130 __rfcomm_dlc_close(d, err); 1131 } else 1132 rfcomm_send_dm(s, dlci); 1133 1134 } else { 1135 rfcomm_send_ua(s, 0); 1136 1137 if (s->state == BT_CONNECT) 1138 err = ECONNREFUSED; 1139 else 1140 err = ECONNRESET; 1141 1142 s->state = BT_CLOSED; 1143 rfcomm_session_close(s, err); 1144 } 1145 1146 return 0; 1147 } 1148 1149 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1150 { 1151 struct sock *sk = d->session->sock->sk; 1152 1153 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1154 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1155 return 1; 1156 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1157 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1158 return 1; 1159 } 1160 1161 return 0; 1162 } 1163 1164 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1165 { 1166 struct sock *sk = d->session->sock->sk; 1167 1168 BT_DBG("dlc %p", d); 1169 1170 rfcomm_send_ua(d->session, d->dlci); 1171 1172 rfcomm_dlc_lock(d); 1173 d->state = BT_CONNECTED; 1174 d->state_change(d, 0); 1175 rfcomm_dlc_unlock(d); 1176 1177 if (d->link_mode & RFCOMM_LM_MASTER) 1178 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1179 1180 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1181 } 1182 1183 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1184 { 1185 struct rfcomm_dlc *d; 1186 u8 channel; 1187 1188 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1189 1190 if (!dlci) { 1191 rfcomm_send_ua(s, 0); 1192 1193 if (s->state == BT_OPEN) { 1194 s->state = BT_CONNECTED; 1195 rfcomm_process_connect(s); 1196 } 1197 return 0; 1198 } 1199 1200 /* Check if DLC exists */ 1201 d = rfcomm_dlc_get(s, dlci); 1202 if (d) { 1203 if (d->state == BT_OPEN) { 1204 /* DLC was previously opened by PN request */ 1205 if (rfcomm_check_link_mode(d)) { 1206 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1207 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1208 return 0; 1209 } 1210 1211 rfcomm_dlc_accept(d); 1212 } 1213 return 0; 1214 } 1215 1216 /* Notify socket layer about incoming connection */ 1217 channel = __srv_channel(dlci); 1218 if (rfcomm_connect_ind(s, channel, &d)) { 1219 d->dlci = dlci; 1220 d->addr = __addr(s->initiator, dlci); 1221 rfcomm_dlc_link(s, d); 1222 1223 if (rfcomm_check_link_mode(d)) { 1224 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1225 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1226 return 0; 1227 } 1228 1229 rfcomm_dlc_accept(d); 1230 } else { 1231 rfcomm_send_dm(s, dlci); 1232 } 1233 1234 return 0; 1235 } 1236 1237 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1238 { 1239 struct rfcomm_session *s = d->session; 1240 1241 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1242 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1243 1244 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1245 pn->flow_ctrl == 0xe0) { 1246 d->cfc = RFCOMM_CFC_ENABLED; 1247 d->tx_credits = pn->credits; 1248 } else { 1249 d->cfc = RFCOMM_CFC_DISABLED; 1250 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1251 } 1252 1253 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1254 s->cfc = d->cfc; 1255 1256 d->priority = pn->priority; 1257 1258 d->mtu = btohs(pn->mtu); 1259 1260 if (cr && d->mtu > s->mtu) 1261 d->mtu = s->mtu; 1262 1263 return 0; 1264 } 1265 1266 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1267 { 1268 struct rfcomm_pn *pn = (void *) skb->data; 1269 struct rfcomm_dlc *d; 1270 u8 dlci = pn->dlci; 1271 1272 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1273 1274 if (!dlci) 1275 return 0; 1276 1277 d = rfcomm_dlc_get(s, dlci); 1278 if (d) { 1279 if (cr) { 1280 /* PN request */ 1281 rfcomm_apply_pn(d, cr, pn); 1282 rfcomm_send_pn(s, 0, d); 1283 } else { 1284 /* PN response */ 1285 switch (d->state) { 1286 case BT_CONFIG: 1287 rfcomm_apply_pn(d, cr, pn); 1288 1289 d->state = BT_CONNECT; 1290 rfcomm_send_sabm(s, d->dlci); 1291 break; 1292 } 1293 } 1294 } else { 1295 u8 channel = __srv_channel(dlci); 1296 1297 if (!cr) 1298 return 0; 1299 1300 /* PN request for non existing DLC. 1301 * Assume incoming connection. */ 1302 if (rfcomm_connect_ind(s, channel, &d)) { 1303 d->dlci = dlci; 1304 d->addr = __addr(s->initiator, dlci); 1305 rfcomm_dlc_link(s, d); 1306 1307 rfcomm_apply_pn(d, cr, pn); 1308 1309 d->state = BT_OPEN; 1310 rfcomm_send_pn(s, 0, d); 1311 } else { 1312 rfcomm_send_dm(s, dlci); 1313 } 1314 } 1315 return 0; 1316 } 1317 1318 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1319 { 1320 struct rfcomm_rpn *rpn = (void *) skb->data; 1321 u8 dlci = __get_dlci(rpn->dlci); 1322 1323 u8 bit_rate = 0; 1324 u8 data_bits = 0; 1325 u8 stop_bits = 0; 1326 u8 parity = 0; 1327 u8 flow_ctrl = 0; 1328 u8 xon_char = 0; 1329 u8 xoff_char = 0; 1330 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1331 1332 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1333 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1334 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1335 1336 if (!cr) 1337 return 0; 1338 1339 if (len == 1) { 1340 /* This is a request, return default settings */ 1341 bit_rate = RFCOMM_RPN_BR_115200; 1342 data_bits = RFCOMM_RPN_DATA_8; 1343 stop_bits = RFCOMM_RPN_STOP_1; 1344 parity = RFCOMM_RPN_PARITY_NONE; 1345 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1346 xon_char = RFCOMM_RPN_XON_CHAR; 1347 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1348 goto rpn_out; 1349 } 1350 1351 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1352 * no parity, no flow control lines, normal XON/XOFF chars */ 1353 1354 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1355 bit_rate = rpn->bit_rate; 1356 if (bit_rate != RFCOMM_RPN_BR_115200) { 1357 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1358 bit_rate = RFCOMM_RPN_BR_115200; 1359 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1360 } 1361 } 1362 1363 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1364 data_bits = __get_rpn_data_bits(rpn->line_settings); 1365 if (data_bits != RFCOMM_RPN_DATA_8) { 1366 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1367 data_bits = RFCOMM_RPN_DATA_8; 1368 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1369 } 1370 } 1371 1372 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1373 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1374 if (stop_bits != RFCOMM_RPN_STOP_1) { 1375 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1376 stop_bits = RFCOMM_RPN_STOP_1; 1377 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1378 } 1379 } 1380 1381 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1382 parity = __get_rpn_parity(rpn->line_settings); 1383 if (parity != RFCOMM_RPN_PARITY_NONE) { 1384 BT_DBG("RPN parity mismatch 0x%x", parity); 1385 parity = RFCOMM_RPN_PARITY_NONE; 1386 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1387 } 1388 } 1389 1390 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1391 flow_ctrl = rpn->flow_ctrl; 1392 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1393 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1394 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1395 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1396 } 1397 } 1398 1399 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1400 xon_char = rpn->xon_char; 1401 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1402 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1403 xon_char = RFCOMM_RPN_XON_CHAR; 1404 rpn_mask ^= RFCOMM_RPN_PM_XON; 1405 } 1406 } 1407 1408 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1409 xoff_char = rpn->xoff_char; 1410 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1411 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1412 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1413 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1414 } 1415 } 1416 1417 rpn_out: 1418 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1419 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1420 1421 return 0; 1422 } 1423 1424 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1425 { 1426 struct rfcomm_rls *rls = (void *) skb->data; 1427 u8 dlci = __get_dlci(rls->dlci); 1428 1429 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1430 1431 if (!cr) 1432 return 0; 1433 1434 /* We should probably do something with this information here. But 1435 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1436 * mandatory to recognise and respond to RLS */ 1437 1438 rfcomm_send_rls(s, 0, dlci, rls->status); 1439 1440 return 0; 1441 } 1442 1443 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1444 { 1445 struct rfcomm_msc *msc = (void *) skb->data; 1446 struct rfcomm_dlc *d; 1447 u8 dlci = __get_dlci(msc->dlci); 1448 1449 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1450 1451 d = rfcomm_dlc_get(s, dlci); 1452 if (!d) 1453 return 0; 1454 1455 if (cr) { 1456 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1457 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1458 else 1459 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1460 1461 rfcomm_dlc_lock(d); 1462 if (d->modem_status) 1463 d->modem_status(d, msc->v24_sig); 1464 rfcomm_dlc_unlock(d); 1465 1466 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1467 1468 d->mscex |= RFCOMM_MSCEX_RX; 1469 } else 1470 d->mscex |= RFCOMM_MSCEX_TX; 1471 1472 return 0; 1473 } 1474 1475 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1476 { 1477 struct rfcomm_mcc *mcc = (void *) skb->data; 1478 u8 type, cr, len; 1479 1480 cr = __test_cr(mcc->type); 1481 type = __get_mcc_type(mcc->type); 1482 len = __get_mcc_len(mcc->len); 1483 1484 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1485 1486 skb_pull(skb, 2); 1487 1488 switch (type) { 1489 case RFCOMM_PN: 1490 rfcomm_recv_pn(s, cr, skb); 1491 break; 1492 1493 case RFCOMM_RPN: 1494 rfcomm_recv_rpn(s, cr, len, skb); 1495 break; 1496 1497 case RFCOMM_RLS: 1498 rfcomm_recv_rls(s, cr, skb); 1499 break; 1500 1501 case RFCOMM_MSC: 1502 rfcomm_recv_msc(s, cr, skb); 1503 break; 1504 1505 case RFCOMM_FCOFF: 1506 if (cr) { 1507 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1508 rfcomm_send_fcoff(s, 0); 1509 } 1510 break; 1511 1512 case RFCOMM_FCON: 1513 if (cr) { 1514 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1515 rfcomm_send_fcon(s, 0); 1516 } 1517 break; 1518 1519 case RFCOMM_TEST: 1520 if (cr) 1521 rfcomm_send_test(s, 0, skb->data, skb->len); 1522 break; 1523 1524 case RFCOMM_NSC: 1525 break; 1526 1527 default: 1528 BT_ERR("Unknown control type 0x%02x", type); 1529 rfcomm_send_nsc(s, cr, type); 1530 break; 1531 } 1532 return 0; 1533 } 1534 1535 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1536 { 1537 struct rfcomm_dlc *d; 1538 1539 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1540 1541 d = rfcomm_dlc_get(s, dlci); 1542 if (!d) { 1543 rfcomm_send_dm(s, dlci); 1544 goto drop; 1545 } 1546 1547 if (pf && d->cfc) { 1548 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1549 1550 d->tx_credits += credits; 1551 if (d->tx_credits) 1552 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1553 } 1554 1555 if (skb->len && d->state == BT_CONNECTED) { 1556 rfcomm_dlc_lock(d); 1557 d->rx_credits--; 1558 d->data_ready(d, skb); 1559 rfcomm_dlc_unlock(d); 1560 return 0; 1561 } 1562 1563 drop: 1564 kfree_skb(skb); 1565 return 0; 1566 } 1567 1568 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1569 { 1570 struct rfcomm_hdr *hdr = (void *) skb->data; 1571 u8 type, dlci, fcs; 1572 1573 dlci = __get_dlci(hdr->addr); 1574 type = __get_type(hdr->ctrl); 1575 1576 /* Trim FCS */ 1577 skb->len--; skb->tail--; 1578 fcs = *(u8 *)skb_tail_pointer(skb); 1579 1580 if (__check_fcs(skb->data, type, fcs)) { 1581 BT_ERR("bad checksum in packet"); 1582 kfree_skb(skb); 1583 return -EILSEQ; 1584 } 1585 1586 if (__test_ea(hdr->len)) 1587 skb_pull(skb, 3); 1588 else 1589 skb_pull(skb, 4); 1590 1591 switch (type) { 1592 case RFCOMM_SABM: 1593 if (__test_pf(hdr->ctrl)) 1594 rfcomm_recv_sabm(s, dlci); 1595 break; 1596 1597 case RFCOMM_DISC: 1598 if (__test_pf(hdr->ctrl)) 1599 rfcomm_recv_disc(s, dlci); 1600 break; 1601 1602 case RFCOMM_UA: 1603 if (__test_pf(hdr->ctrl)) 1604 rfcomm_recv_ua(s, dlci); 1605 break; 1606 1607 case RFCOMM_DM: 1608 rfcomm_recv_dm(s, dlci); 1609 break; 1610 1611 case RFCOMM_UIH: 1612 if (dlci) 1613 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1614 1615 rfcomm_recv_mcc(s, skb); 1616 break; 1617 1618 default: 1619 BT_ERR("Unknown packet type 0x%02x\n", type); 1620 break; 1621 } 1622 kfree_skb(skb); 1623 return 0; 1624 } 1625 1626 /* ---- Connection and data processing ---- */ 1627 1628 static void rfcomm_process_connect(struct rfcomm_session *s) 1629 { 1630 struct rfcomm_dlc *d; 1631 struct list_head *p, *n; 1632 1633 BT_DBG("session %p state %ld", s, s->state); 1634 1635 list_for_each_safe(p, n, &s->dlcs) { 1636 d = list_entry(p, struct rfcomm_dlc, list); 1637 if (d->state == BT_CONFIG) { 1638 d->mtu = s->mtu; 1639 rfcomm_send_pn(s, 1, d); 1640 } 1641 } 1642 } 1643 1644 /* Send data queued for the DLC. 1645 * Return number of frames left in the queue. 1646 */ 1647 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1648 { 1649 struct sk_buff *skb; 1650 int err; 1651 1652 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1653 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1654 1655 /* Send pending MSC */ 1656 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1657 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1658 1659 if (d->cfc) { 1660 /* CFC enabled. 1661 * Give them some credits */ 1662 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1663 d->rx_credits <= (d->cfc >> 2)) { 1664 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1665 d->rx_credits = d->cfc; 1666 } 1667 } else { 1668 /* CFC disabled. 1669 * Give ourselves some credits */ 1670 d->tx_credits = 5; 1671 } 1672 1673 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1674 return skb_queue_len(&d->tx_queue); 1675 1676 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1677 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1678 if (err < 0) { 1679 skb_queue_head(&d->tx_queue, skb); 1680 break; 1681 } 1682 kfree_skb(skb); 1683 d->tx_credits--; 1684 } 1685 1686 if (d->cfc && !d->tx_credits) { 1687 /* We're out of TX credits. 1688 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1689 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1690 } 1691 1692 return skb_queue_len(&d->tx_queue); 1693 } 1694 1695 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1696 { 1697 struct rfcomm_dlc *d; 1698 struct list_head *p, *n; 1699 1700 BT_DBG("session %p state %ld", s, s->state); 1701 1702 list_for_each_safe(p, n, &s->dlcs) { 1703 d = list_entry(p, struct rfcomm_dlc, list); 1704 1705 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1706 __rfcomm_dlc_close(d, ETIMEDOUT); 1707 continue; 1708 } 1709 1710 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1711 rfcomm_dlc_clear_timer(d); 1712 rfcomm_dlc_accept(d); 1713 if (d->link_mode & RFCOMM_LM_SECURE) { 1714 struct sock *sk = s->sock->sk; 1715 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1716 } 1717 continue; 1718 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1719 rfcomm_dlc_clear_timer(d); 1720 rfcomm_send_dm(s, d->dlci); 1721 __rfcomm_dlc_close(d, ECONNREFUSED); 1722 continue; 1723 } 1724 1725 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1726 continue; 1727 1728 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1729 d->mscex == RFCOMM_MSCEX_OK) 1730 rfcomm_process_tx(d); 1731 } 1732 } 1733 1734 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1735 { 1736 struct socket *sock = s->sock; 1737 struct sock *sk = sock->sk; 1738 struct sk_buff *skb; 1739 1740 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1741 1742 /* Get data directly from socket receive queue without copying it. */ 1743 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1744 skb_orphan(skb); 1745 rfcomm_recv_frame(s, skb); 1746 } 1747 1748 if (sk->sk_state == BT_CLOSED) { 1749 if (!s->initiator) 1750 rfcomm_session_put(s); 1751 1752 rfcomm_session_close(s, sk->sk_err); 1753 } 1754 } 1755 1756 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1757 { 1758 struct socket *sock = s->sock, *nsock; 1759 int err; 1760 1761 /* Fast check for a new connection. 1762 * Avoids unnesesary socket allocations. */ 1763 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1764 return; 1765 1766 BT_DBG("session %p", s); 1767 1768 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1769 if (err < 0) 1770 return; 1771 1772 __module_get(nsock->ops->owner); 1773 1774 /* Set our callbacks */ 1775 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1776 nsock->sk->sk_state_change = rfcomm_l2state_change; 1777 1778 s = rfcomm_session_add(nsock, BT_OPEN); 1779 if (s) { 1780 rfcomm_session_hold(s); 1781 1782 /* We should adjust MTU on incoming sessions. 1783 * L2CAP MTU minus UIH header and FCS. */ 1784 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1785 1786 rfcomm_schedule(RFCOMM_SCHED_RX); 1787 } else 1788 sock_release(nsock); 1789 } 1790 1791 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1792 { 1793 struct sock *sk = s->sock->sk; 1794 1795 BT_DBG("%p state %ld", s, s->state); 1796 1797 switch(sk->sk_state) { 1798 case BT_CONNECTED: 1799 s->state = BT_CONNECT; 1800 1801 /* We can adjust MTU on outgoing sessions. 1802 * L2CAP MTU minus UIH header and FCS. */ 1803 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1804 1805 rfcomm_send_sabm(s, 0); 1806 break; 1807 1808 case BT_CLOSED: 1809 s->state = BT_CLOSED; 1810 rfcomm_session_close(s, sk->sk_err); 1811 break; 1812 } 1813 } 1814 1815 static inline void rfcomm_process_sessions(void) 1816 { 1817 struct list_head *p, *n; 1818 1819 rfcomm_lock(); 1820 1821 list_for_each_safe(p, n, &session_list) { 1822 struct rfcomm_session *s; 1823 s = list_entry(p, struct rfcomm_session, list); 1824 1825 if (s->state == BT_LISTEN) { 1826 rfcomm_accept_connection(s); 1827 continue; 1828 } 1829 1830 rfcomm_session_hold(s); 1831 1832 switch (s->state) { 1833 case BT_BOUND: 1834 rfcomm_check_connection(s); 1835 break; 1836 1837 default: 1838 rfcomm_process_rx(s); 1839 break; 1840 } 1841 1842 rfcomm_process_dlcs(s); 1843 1844 rfcomm_session_put(s); 1845 } 1846 1847 rfcomm_unlock(); 1848 } 1849 1850 static int rfcomm_add_listener(bdaddr_t *ba) 1851 { 1852 struct sockaddr_l2 addr; 1853 struct socket *sock; 1854 struct sock *sk; 1855 struct rfcomm_session *s; 1856 int err = 0; 1857 1858 /* Create socket */ 1859 err = rfcomm_l2sock_create(&sock); 1860 if (err < 0) { 1861 BT_ERR("Create socket failed %d", err); 1862 return err; 1863 } 1864 1865 /* Bind socket */ 1866 bacpy(&addr.l2_bdaddr, ba); 1867 addr.l2_family = AF_BLUETOOTH; 1868 addr.l2_psm = htobs(RFCOMM_PSM); 1869 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1870 if (err < 0) { 1871 BT_ERR("Bind failed %d", err); 1872 goto failed; 1873 } 1874 1875 /* Set L2CAP options */ 1876 sk = sock->sk; 1877 lock_sock(sk); 1878 l2cap_pi(sk)->imtu = l2cap_mtu; 1879 release_sock(sk); 1880 1881 /* Start listening on the socket */ 1882 err = kernel_listen(sock, 10); 1883 if (err) { 1884 BT_ERR("Listen failed %d", err); 1885 goto failed; 1886 } 1887 1888 /* Add listening session */ 1889 s = rfcomm_session_add(sock, BT_LISTEN); 1890 if (!s) 1891 goto failed; 1892 1893 rfcomm_session_hold(s); 1894 return 0; 1895 failed: 1896 sock_release(sock); 1897 return err; 1898 } 1899 1900 static void rfcomm_kill_listener(void) 1901 { 1902 struct rfcomm_session *s; 1903 struct list_head *p, *n; 1904 1905 BT_DBG(""); 1906 1907 list_for_each_safe(p, n, &session_list) { 1908 s = list_entry(p, struct rfcomm_session, list); 1909 rfcomm_session_del(s); 1910 } 1911 } 1912 1913 static int rfcomm_run(void *unused) 1914 { 1915 BT_DBG(""); 1916 1917 set_user_nice(current, -10); 1918 1919 rfcomm_add_listener(BDADDR_ANY); 1920 1921 while (!kthread_should_stop()) { 1922 set_current_state(TASK_INTERRUPTIBLE); 1923 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1924 /* No pending events. Let's sleep. 1925 * Incoming connections and data will wake us up. */ 1926 schedule(); 1927 } 1928 set_current_state(TASK_RUNNING); 1929 1930 /* Process stuff */ 1931 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1932 rfcomm_process_sessions(); 1933 } 1934 1935 rfcomm_kill_listener(); 1936 1937 return 0; 1938 } 1939 1940 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1941 { 1942 struct rfcomm_session *s; 1943 struct rfcomm_dlc *d; 1944 struct list_head *p, *n; 1945 1946 BT_DBG("conn %p status 0x%02x", conn, status); 1947 1948 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1949 if (!s) 1950 return; 1951 1952 rfcomm_session_hold(s); 1953 1954 list_for_each_safe(p, n, &s->dlcs) { 1955 d = list_entry(p, struct rfcomm_dlc, list); 1956 1957 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1958 continue; 1959 1960 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1961 continue; 1962 1963 if (!status) 1964 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1965 else 1966 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1967 } 1968 1969 rfcomm_session_put(s); 1970 1971 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1972 } 1973 1974 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1975 { 1976 struct rfcomm_session *s; 1977 struct rfcomm_dlc *d; 1978 struct list_head *p, *n; 1979 1980 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1981 1982 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1983 if (!s) 1984 return; 1985 1986 rfcomm_session_hold(s); 1987 1988 list_for_each_safe(p, n, &s->dlcs) { 1989 d = list_entry(p, struct rfcomm_dlc, list); 1990 1991 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1992 continue; 1993 1994 if (!status && encrypt) 1995 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1996 else 1997 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1998 } 1999 2000 rfcomm_session_put(s); 2001 2002 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2003 } 2004 2005 static struct hci_cb rfcomm_cb = { 2006 .name = "RFCOMM", 2007 .auth_cfm = rfcomm_auth_cfm, 2008 .encrypt_cfm = rfcomm_encrypt_cfm 2009 }; 2010 2011 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2012 { 2013 struct rfcomm_session *s; 2014 struct list_head *pp, *p; 2015 char *str = buf; 2016 2017 rfcomm_lock(); 2018 2019 list_for_each(p, &session_list) { 2020 s = list_entry(p, struct rfcomm_session, list); 2021 list_for_each(pp, &s->dlcs) { 2022 struct sock *sk = s->sock->sk; 2023 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2024 2025 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2026 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2027 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2028 } 2029 } 2030 2031 rfcomm_unlock(); 2032 2033 return (str - buf); 2034 } 2035 2036 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2037 2038 /* ---- Initialization ---- */ 2039 static int __init rfcomm_init(void) 2040 { 2041 l2cap_load(); 2042 2043 hci_register_cb(&rfcomm_cb); 2044 2045 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2046 if (IS_ERR(rfcomm_thread)) { 2047 hci_unregister_cb(&rfcomm_cb); 2048 return PTR_ERR(rfcomm_thread); 2049 } 2050 2051 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2052 BT_ERR("Failed to create RFCOMM info file"); 2053 2054 rfcomm_init_sockets(); 2055 2056 #ifdef CONFIG_BT_RFCOMM_TTY 2057 rfcomm_init_ttys(); 2058 #endif 2059 2060 BT_INFO("RFCOMM ver %s", VERSION); 2061 2062 return 0; 2063 } 2064 2065 static void __exit rfcomm_exit(void) 2066 { 2067 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2068 2069 hci_unregister_cb(&rfcomm_cb); 2070 2071 kthread_stop(rfcomm_thread); 2072 2073 #ifdef CONFIG_BT_RFCOMM_TTY 2074 rfcomm_cleanup_ttys(); 2075 #endif 2076 2077 rfcomm_cleanup_sockets(); 2078 } 2079 2080 module_init(rfcomm_init); 2081 module_exit(rfcomm_exit); 2082 2083 module_param(disable_cfc, bool, 0644); 2084 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2085 2086 module_param(channel_mtu, int, 0644); 2087 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2088 2089 module_param(l2cap_mtu, uint, 0644); 2090 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2091 2092 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2093 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2094 MODULE_VERSION(VERSION); 2095 MODULE_LICENSE("GPL"); 2096 MODULE_ALIAS("bt-proto-3"); 2097