1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/signal.h> 35 #include <linux/init.h> 36 #include <linux/wait.h> 37 #include <linux/device.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 41 #include <net/sock.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 #include <net/bluetooth/rfcomm.h> 49 50 #ifndef CONFIG_BT_RFCOMM_DEBUG 51 #undef BT_DBG 52 #define BT_DBG(D...) 53 #endif 54 55 #define VERSION "1.8" 56 57 static int disable_cfc = 0; 58 static int channel_mtu = -1; 59 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 60 61 static struct task_struct *rfcomm_thread; 62 63 static DEFINE_MUTEX(rfcomm_mutex); 64 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 65 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 66 67 static unsigned long rfcomm_event; 68 69 static LIST_HEAD(session_list); 70 static atomic_t terminate, running; 71 72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 75 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 82 83 static void rfcomm_process_connect(struct rfcomm_session *s); 84 85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87 static void rfcomm_session_del(struct rfcomm_session *s); 88 89 /* ---- RFCOMM frame parsing macros ---- */ 90 #define __get_dlci(b) ((b & 0xfc) >> 2) 91 #define __get_channel(b) ((b & 0xf8) >> 3) 92 #define __get_dir(b) ((b & 0x04) >> 2) 93 #define __get_type(b) ((b & 0xef)) 94 95 #define __test_ea(b) ((b & 0x01)) 96 #define __test_cr(b) ((b & 0x02)) 97 #define __test_pf(b) ((b & 0x10)) 98 99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102 #define __srv_channel(dlci) (dlci >> 1) 103 #define __dir(dlci) (dlci & 0x01) 104 105 #define __len8(len) (((len) << 1) | 1) 106 #define __len16(len) ((len) << 1) 107 108 /* MCC macros */ 109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 111 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113 /* RPN macros */ 114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115 #define __get_rpn_data_bits(line) ((line) & 0x3) 116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119 static inline void rfcomm_schedule(uint event) 120 { 121 if (!rfcomm_thread) 122 return; 123 //set_bit(event, &rfcomm_event); 124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 125 wake_up_process(rfcomm_thread); 126 } 127 128 static inline void rfcomm_session_put(struct rfcomm_session *s) 129 { 130 if (atomic_dec_and_test(&s->refcnt)) 131 rfcomm_session_del(s); 132 } 133 134 /* ---- RFCOMM FCS computation ---- */ 135 136 /* reversed, 8-bit, poly=0x07 */ 137 static unsigned char rfcomm_crc_table[256] = { 138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 142 143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 147 148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 152 153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 157 158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 162 163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 167 168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 172 173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 177 }; 178 179 /* CRC on 2 bytes */ 180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 181 182 /* FCS on 2 bytes */ 183 static inline u8 __fcs(u8 *data) 184 { 185 return (0xff - __crc(data)); 186 } 187 188 /* FCS on 3 bytes */ 189 static inline u8 __fcs2(u8 *data) 190 { 191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 192 } 193 194 /* Check FCS */ 195 static inline int __check_fcs(u8 *data, int type, u8 fcs) 196 { 197 u8 f = __crc(data); 198 199 if (type != RFCOMM_UIH) 200 f = rfcomm_crc_table[f ^ data[2]]; 201 202 return rfcomm_crc_table[f ^ fcs] != 0xcf; 203 } 204 205 /* ---- L2CAP callbacks ---- */ 206 static void rfcomm_l2state_change(struct sock *sk) 207 { 208 BT_DBG("%p state %d", sk, sk->sk_state); 209 rfcomm_schedule(RFCOMM_SCHED_STATE); 210 } 211 212 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 213 { 214 BT_DBG("%p bytes %d", sk, bytes); 215 rfcomm_schedule(RFCOMM_SCHED_RX); 216 } 217 218 static int rfcomm_l2sock_create(struct socket **sock) 219 { 220 int err; 221 222 BT_DBG(""); 223 224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 225 if (!err) { 226 struct sock *sk = (*sock)->sk; 227 sk->sk_data_ready = rfcomm_l2data_ready; 228 sk->sk_state_change = rfcomm_l2state_change; 229 } 230 return err; 231 } 232 233 /* ---- RFCOMM DLCs ---- */ 234 static void rfcomm_dlc_timeout(unsigned long arg) 235 { 236 struct rfcomm_dlc *d = (void *) arg; 237 238 BT_DBG("dlc %p state %ld", d, d->state); 239 240 set_bit(RFCOMM_TIMED_OUT, &d->flags); 241 rfcomm_dlc_put(d); 242 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 243 } 244 245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 246 { 247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 248 249 if (!mod_timer(&d->timer, jiffies + timeout)) 250 rfcomm_dlc_hold(d); 251 } 252 253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 254 { 255 BT_DBG("dlc %p state %ld", d, d->state); 256 257 if (timer_pending(&d->timer) && del_timer(&d->timer)) 258 rfcomm_dlc_put(d); 259 } 260 261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 262 { 263 BT_DBG("%p", d); 264 265 d->state = BT_OPEN; 266 d->flags = 0; 267 d->mscex = 0; 268 d->mtu = RFCOMM_DEFAULT_MTU; 269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 270 271 d->cfc = RFCOMM_CFC_DISABLED; 272 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 273 } 274 275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 276 { 277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 278 279 if (!d) 280 return NULL; 281 282 init_timer(&d->timer); 283 d->timer.function = rfcomm_dlc_timeout; 284 d->timer.data = (unsigned long) d; 285 286 skb_queue_head_init(&d->tx_queue); 287 spin_lock_init(&d->lock); 288 atomic_set(&d->refcnt, 1); 289 290 rfcomm_dlc_clear_state(d); 291 292 BT_DBG("%p", d); 293 294 return d; 295 } 296 297 void rfcomm_dlc_free(struct rfcomm_dlc *d) 298 { 299 BT_DBG("%p", d); 300 301 skb_queue_purge(&d->tx_queue); 302 kfree(d); 303 } 304 305 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 306 { 307 BT_DBG("dlc %p session %p", d, s); 308 309 rfcomm_session_hold(s); 310 311 rfcomm_dlc_hold(d); 312 list_add(&d->list, &s->dlcs); 313 d->session = s; 314 } 315 316 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 317 { 318 struct rfcomm_session *s = d->session; 319 320 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 321 322 list_del(&d->list); 323 d->session = NULL; 324 rfcomm_dlc_put(d); 325 326 rfcomm_session_put(s); 327 } 328 329 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 330 { 331 struct rfcomm_dlc *d; 332 struct list_head *p; 333 334 list_for_each(p, &s->dlcs) { 335 d = list_entry(p, struct rfcomm_dlc, list); 336 if (d->dlci == dlci) 337 return d; 338 } 339 return NULL; 340 } 341 342 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 343 { 344 struct rfcomm_session *s; 345 int err = 0; 346 u8 dlci; 347 348 BT_DBG("dlc %p state %ld %s %s channel %d", 349 d, d->state, batostr(src), batostr(dst), channel); 350 351 if (channel < 1 || channel > 30) 352 return -EINVAL; 353 354 if (d->state != BT_OPEN && d->state != BT_CLOSED) 355 return 0; 356 357 s = rfcomm_session_get(src, dst); 358 if (!s) { 359 s = rfcomm_session_create(src, dst, &err); 360 if (!s) 361 return err; 362 } 363 364 dlci = __dlci(!s->initiator, channel); 365 366 /* Check if DLCI already exists */ 367 if (rfcomm_dlc_get(s, dlci)) 368 return -EBUSY; 369 370 rfcomm_dlc_clear_state(d); 371 372 d->dlci = dlci; 373 d->addr = __addr(s->initiator, dlci); 374 d->priority = 7; 375 376 d->state = BT_CONFIG; 377 rfcomm_dlc_link(s, d); 378 379 d->mtu = s->mtu; 380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 381 382 if (s->state == BT_CONNECTED) 383 rfcomm_send_pn(s, 1, d); 384 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 385 return 0; 386 } 387 388 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 389 { 390 int r; 391 392 rfcomm_lock(); 393 394 r = __rfcomm_dlc_open(d, src, dst, channel); 395 396 rfcomm_unlock(); 397 return r; 398 } 399 400 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 401 { 402 struct rfcomm_session *s = d->session; 403 if (!s) 404 return 0; 405 406 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 407 d, d->state, d->dlci, err, s); 408 409 switch (d->state) { 410 case BT_CONNECTED: 411 case BT_CONFIG: 412 case BT_CONNECT: 413 d->state = BT_DISCONN; 414 if (skb_queue_empty(&d->tx_queue)) { 415 rfcomm_send_disc(s, d->dlci); 416 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 417 } else { 418 rfcomm_queue_disc(d); 419 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 420 } 421 break; 422 423 default: 424 rfcomm_dlc_clear_timer(d); 425 426 rfcomm_dlc_lock(d); 427 d->state = BT_CLOSED; 428 d->state_change(d, err); 429 rfcomm_dlc_unlock(d); 430 431 skb_queue_purge(&d->tx_queue); 432 rfcomm_dlc_unlink(d); 433 } 434 435 return 0; 436 } 437 438 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 439 { 440 int r; 441 442 rfcomm_lock(); 443 444 r = __rfcomm_dlc_close(d, err); 445 446 rfcomm_unlock(); 447 return r; 448 } 449 450 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 451 { 452 int len = skb->len; 453 454 if (d->state != BT_CONNECTED) 455 return -ENOTCONN; 456 457 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 458 459 if (len > d->mtu) 460 return -EINVAL; 461 462 rfcomm_make_uih(skb, d->addr); 463 skb_queue_tail(&d->tx_queue, skb); 464 465 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 466 rfcomm_schedule(RFCOMM_SCHED_TX); 467 return len; 468 } 469 470 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 471 { 472 BT_DBG("dlc %p state %ld", d, d->state); 473 474 if (!d->cfc) { 475 d->v24_sig |= RFCOMM_V24_FC; 476 set_bit(RFCOMM_MSC_PENDING, &d->flags); 477 } 478 rfcomm_schedule(RFCOMM_SCHED_TX); 479 } 480 481 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 482 { 483 BT_DBG("dlc %p state %ld", d, d->state); 484 485 if (!d->cfc) { 486 d->v24_sig &= ~RFCOMM_V24_FC; 487 set_bit(RFCOMM_MSC_PENDING, &d->flags); 488 } 489 rfcomm_schedule(RFCOMM_SCHED_TX); 490 } 491 492 /* 493 Set/get modem status functions use _local_ status i.e. what we report 494 to the other side. 495 Remote status is provided by dlc->modem_status() callback. 496 */ 497 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 498 { 499 BT_DBG("dlc %p state %ld v24_sig 0x%x", 500 d, d->state, v24_sig); 501 502 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 503 v24_sig |= RFCOMM_V24_FC; 504 else 505 v24_sig &= ~RFCOMM_V24_FC; 506 507 d->v24_sig = v24_sig; 508 509 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 510 rfcomm_schedule(RFCOMM_SCHED_TX); 511 512 return 0; 513 } 514 515 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 516 { 517 BT_DBG("dlc %p state %ld v24_sig 0x%x", 518 d, d->state, d->v24_sig); 519 520 *v24_sig = d->v24_sig; 521 return 0; 522 } 523 524 /* ---- RFCOMM sessions ---- */ 525 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 526 { 527 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 528 529 if (!s) 530 return NULL; 531 532 BT_DBG("session %p sock %p", s, sock); 533 534 INIT_LIST_HEAD(&s->dlcs); 535 s->state = state; 536 s->sock = sock; 537 538 s->mtu = RFCOMM_DEFAULT_MTU; 539 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 540 541 /* Do not increment module usage count for listening sessions. 542 * Otherwise we won't be able to unload the module. */ 543 if (state != BT_LISTEN) 544 if (!try_module_get(THIS_MODULE)) { 545 kfree(s); 546 return NULL; 547 } 548 549 list_add(&s->list, &session_list); 550 551 return s; 552 } 553 554 static void rfcomm_session_del(struct rfcomm_session *s) 555 { 556 int state = s->state; 557 558 BT_DBG("session %p state %ld", s, s->state); 559 560 list_del(&s->list); 561 562 if (state == BT_CONNECTED) 563 rfcomm_send_disc(s, 0); 564 565 sock_release(s->sock); 566 kfree(s); 567 568 if (state != BT_LISTEN) 569 module_put(THIS_MODULE); 570 } 571 572 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 573 { 574 struct rfcomm_session *s; 575 struct list_head *p, *n; 576 struct bt_sock *sk; 577 list_for_each_safe(p, n, &session_list) { 578 s = list_entry(p, struct rfcomm_session, list); 579 sk = bt_sk(s->sock->sk); 580 581 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 582 !bacmp(&sk->dst, dst)) 583 return s; 584 } 585 return NULL; 586 } 587 588 static void rfcomm_session_close(struct rfcomm_session *s, int err) 589 { 590 struct rfcomm_dlc *d; 591 struct list_head *p, *n; 592 593 BT_DBG("session %p state %ld err %d", s, s->state, err); 594 595 rfcomm_session_hold(s); 596 597 s->state = BT_CLOSED; 598 599 /* Close all dlcs */ 600 list_for_each_safe(p, n, &s->dlcs) { 601 d = list_entry(p, struct rfcomm_dlc, list); 602 d->state = BT_CLOSED; 603 __rfcomm_dlc_close(d, err); 604 } 605 606 rfcomm_session_put(s); 607 } 608 609 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 610 { 611 struct rfcomm_session *s = NULL; 612 struct sockaddr_l2 addr; 613 struct socket *sock; 614 struct sock *sk; 615 616 BT_DBG("%s %s", batostr(src), batostr(dst)); 617 618 *err = rfcomm_l2sock_create(&sock); 619 if (*err < 0) 620 return NULL; 621 622 bacpy(&addr.l2_bdaddr, src); 623 addr.l2_family = AF_BLUETOOTH; 624 addr.l2_psm = 0; 625 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 626 if (*err < 0) 627 goto failed; 628 629 /* Set L2CAP options */ 630 sk = sock->sk; 631 lock_sock(sk); 632 l2cap_pi(sk)->imtu = l2cap_mtu; 633 release_sock(sk); 634 635 s = rfcomm_session_add(sock, BT_BOUND); 636 if (!s) { 637 *err = -ENOMEM; 638 goto failed; 639 } 640 641 s->initiator = 1; 642 643 bacpy(&addr.l2_bdaddr, dst); 644 addr.l2_family = AF_BLUETOOTH; 645 addr.l2_psm = htobs(RFCOMM_PSM); 646 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 647 if (*err == 0 || *err == -EINPROGRESS) 648 return s; 649 650 rfcomm_session_del(s); 651 return NULL; 652 653 failed: 654 sock_release(sock); 655 return NULL; 656 } 657 658 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 659 { 660 struct sock *sk = s->sock->sk; 661 if (src) 662 bacpy(src, &bt_sk(sk)->src); 663 if (dst) 664 bacpy(dst, &bt_sk(sk)->dst); 665 } 666 667 /* ---- RFCOMM frame sending ---- */ 668 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 669 { 670 struct socket *sock = s->sock; 671 struct kvec iv = { data, len }; 672 struct msghdr msg; 673 674 BT_DBG("session %p len %d", s, len); 675 676 memset(&msg, 0, sizeof(msg)); 677 678 return kernel_sendmsg(sock, &msg, &iv, 1, len); 679 } 680 681 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 682 { 683 struct rfcomm_cmd cmd; 684 685 BT_DBG("%p dlci %d", s, dlci); 686 687 cmd.addr = __addr(s->initiator, dlci); 688 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 689 cmd.len = __len8(0); 690 cmd.fcs = __fcs2((u8 *) &cmd); 691 692 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 693 } 694 695 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 696 { 697 struct rfcomm_cmd cmd; 698 699 BT_DBG("%p dlci %d", s, dlci); 700 701 cmd.addr = __addr(!s->initiator, dlci); 702 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 703 cmd.len = __len8(0); 704 cmd.fcs = __fcs2((u8 *) &cmd); 705 706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 707 } 708 709 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 710 { 711 struct rfcomm_cmd cmd; 712 713 BT_DBG("%p dlci %d", s, dlci); 714 715 cmd.addr = __addr(s->initiator, dlci); 716 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 717 cmd.len = __len8(0); 718 cmd.fcs = __fcs2((u8 *) &cmd); 719 720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 721 } 722 723 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 724 { 725 struct rfcomm_cmd *cmd; 726 struct sk_buff *skb; 727 728 BT_DBG("dlc %p dlci %d", d, d->dlci); 729 730 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 731 if (!skb) 732 return -ENOMEM; 733 734 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 735 cmd->addr = d->addr; 736 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 737 cmd->len = __len8(0); 738 cmd->fcs = __fcs2((u8 *) cmd); 739 740 skb_queue_tail(&d->tx_queue, skb); 741 rfcomm_schedule(RFCOMM_SCHED_TX); 742 return 0; 743 } 744 745 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 746 { 747 struct rfcomm_cmd cmd; 748 749 BT_DBG("%p dlci %d", s, dlci); 750 751 cmd.addr = __addr(!s->initiator, dlci); 752 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 753 cmd.len = __len8(0); 754 cmd.fcs = __fcs2((u8 *) &cmd); 755 756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 757 } 758 759 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 760 { 761 struct rfcomm_hdr *hdr; 762 struct rfcomm_mcc *mcc; 763 u8 buf[16], *ptr = buf; 764 765 BT_DBG("%p cr %d type %d", s, cr, type); 766 767 hdr = (void *) ptr; ptr += sizeof(*hdr); 768 hdr->addr = __addr(s->initiator, 0); 769 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 770 hdr->len = __len8(sizeof(*mcc) + 1); 771 772 mcc = (void *) ptr; ptr += sizeof(*mcc); 773 mcc->type = __mcc_type(cr, RFCOMM_NSC); 774 mcc->len = __len8(1); 775 776 /* Type that we didn't like */ 777 *ptr = __mcc_type(cr, type); ptr++; 778 779 *ptr = __fcs(buf); ptr++; 780 781 return rfcomm_send_frame(s, buf, ptr - buf); 782 } 783 784 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 785 { 786 struct rfcomm_hdr *hdr; 787 struct rfcomm_mcc *mcc; 788 struct rfcomm_pn *pn; 789 u8 buf[16], *ptr = buf; 790 791 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 792 793 hdr = (void *) ptr; ptr += sizeof(*hdr); 794 hdr->addr = __addr(s->initiator, 0); 795 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 796 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 797 798 mcc = (void *) ptr; ptr += sizeof(*mcc); 799 mcc->type = __mcc_type(cr, RFCOMM_PN); 800 mcc->len = __len8(sizeof(*pn)); 801 802 pn = (void *) ptr; ptr += sizeof(*pn); 803 pn->dlci = d->dlci; 804 pn->priority = d->priority; 805 pn->ack_timer = 0; 806 pn->max_retrans = 0; 807 808 if (s->cfc) { 809 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 810 pn->credits = RFCOMM_DEFAULT_CREDITS; 811 } else { 812 pn->flow_ctrl = 0; 813 pn->credits = 0; 814 } 815 816 if (cr && channel_mtu >= 0) 817 pn->mtu = htobs(channel_mtu); 818 else 819 pn->mtu = htobs(d->mtu); 820 821 *ptr = __fcs(buf); ptr++; 822 823 return rfcomm_send_frame(s, buf, ptr - buf); 824 } 825 826 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 827 u8 bit_rate, u8 data_bits, u8 stop_bits, 828 u8 parity, u8 flow_ctrl_settings, 829 u8 xon_char, u8 xoff_char, u16 param_mask) 830 { 831 struct rfcomm_hdr *hdr; 832 struct rfcomm_mcc *mcc; 833 struct rfcomm_rpn *rpn; 834 u8 buf[16], *ptr = buf; 835 836 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 839 flow_ctrl_settings, xon_char, xoff_char, param_mask); 840 841 hdr = (void *) ptr; ptr += sizeof(*hdr); 842 hdr->addr = __addr(s->initiator, 0); 843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 845 846 mcc = (void *) ptr; ptr += sizeof(*mcc); 847 mcc->type = __mcc_type(cr, RFCOMM_RPN); 848 mcc->len = __len8(sizeof(*rpn)); 849 850 rpn = (void *) ptr; ptr += sizeof(*rpn); 851 rpn->dlci = __addr(1, dlci); 852 rpn->bit_rate = bit_rate; 853 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 854 rpn->flow_ctrl = flow_ctrl_settings; 855 rpn->xon_char = xon_char; 856 rpn->xoff_char = xoff_char; 857 rpn->param_mask = cpu_to_le16(param_mask); 858 859 *ptr = __fcs(buf); ptr++; 860 861 return rfcomm_send_frame(s, buf, ptr - buf); 862 } 863 864 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 865 { 866 struct rfcomm_hdr *hdr; 867 struct rfcomm_mcc *mcc; 868 struct rfcomm_rls *rls; 869 u8 buf[16], *ptr = buf; 870 871 BT_DBG("%p cr %d status 0x%x", s, cr, status); 872 873 hdr = (void *) ptr; ptr += sizeof(*hdr); 874 hdr->addr = __addr(s->initiator, 0); 875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 876 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 877 878 mcc = (void *) ptr; ptr += sizeof(*mcc); 879 mcc->type = __mcc_type(cr, RFCOMM_RLS); 880 mcc->len = __len8(sizeof(*rls)); 881 882 rls = (void *) ptr; ptr += sizeof(*rls); 883 rls->dlci = __addr(1, dlci); 884 rls->status = status; 885 886 *ptr = __fcs(buf); ptr++; 887 888 return rfcomm_send_frame(s, buf, ptr - buf); 889 } 890 891 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 892 { 893 struct rfcomm_hdr *hdr; 894 struct rfcomm_mcc *mcc; 895 struct rfcomm_msc *msc; 896 u8 buf[16], *ptr = buf; 897 898 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 899 900 hdr = (void *) ptr; ptr += sizeof(*hdr); 901 hdr->addr = __addr(s->initiator, 0); 902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 903 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 904 905 mcc = (void *) ptr; ptr += sizeof(*mcc); 906 mcc->type = __mcc_type(cr, RFCOMM_MSC); 907 mcc->len = __len8(sizeof(*msc)); 908 909 msc = (void *) ptr; ptr += sizeof(*msc); 910 msc->dlci = __addr(1, dlci); 911 msc->v24_sig = v24_sig | 0x01; 912 913 *ptr = __fcs(buf); ptr++; 914 915 return rfcomm_send_frame(s, buf, ptr - buf); 916 } 917 918 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 919 { 920 struct rfcomm_hdr *hdr; 921 struct rfcomm_mcc *mcc; 922 u8 buf[16], *ptr = buf; 923 924 BT_DBG("%p cr %d", s, cr); 925 926 hdr = (void *) ptr; ptr += sizeof(*hdr); 927 hdr->addr = __addr(s->initiator, 0); 928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 929 hdr->len = __len8(sizeof(*mcc)); 930 931 mcc = (void *) ptr; ptr += sizeof(*mcc); 932 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 933 mcc->len = __len8(0); 934 935 *ptr = __fcs(buf); ptr++; 936 937 return rfcomm_send_frame(s, buf, ptr - buf); 938 } 939 940 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 941 { 942 struct rfcomm_hdr *hdr; 943 struct rfcomm_mcc *mcc; 944 u8 buf[16], *ptr = buf; 945 946 BT_DBG("%p cr %d", s, cr); 947 948 hdr = (void *) ptr; ptr += sizeof(*hdr); 949 hdr->addr = __addr(s->initiator, 0); 950 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 951 hdr->len = __len8(sizeof(*mcc)); 952 953 mcc = (void *) ptr; ptr += sizeof(*mcc); 954 mcc->type = __mcc_type(cr, RFCOMM_FCON); 955 mcc->len = __len8(0); 956 957 *ptr = __fcs(buf); ptr++; 958 959 return rfcomm_send_frame(s, buf, ptr - buf); 960 } 961 962 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 963 { 964 struct socket *sock = s->sock; 965 struct kvec iv[3]; 966 struct msghdr msg; 967 unsigned char hdr[5], crc[1]; 968 969 if (len > 125) 970 return -EINVAL; 971 972 BT_DBG("%p cr %d", s, cr); 973 974 hdr[0] = __addr(s->initiator, 0); 975 hdr[1] = __ctrl(RFCOMM_UIH, 0); 976 hdr[2] = 0x01 | ((len + 2) << 1); 977 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 978 hdr[4] = 0x01 | (len << 1); 979 980 crc[0] = __fcs(hdr); 981 982 iv[0].iov_base = hdr; 983 iv[0].iov_len = 5; 984 iv[1].iov_base = pattern; 985 iv[1].iov_len = len; 986 iv[2].iov_base = crc; 987 iv[2].iov_len = 1; 988 989 memset(&msg, 0, sizeof(msg)); 990 991 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 992 } 993 994 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 995 { 996 struct rfcomm_hdr *hdr; 997 u8 buf[16], *ptr = buf; 998 999 BT_DBG("%p addr %d credits %d", s, addr, credits); 1000 1001 hdr = (void *) ptr; ptr += sizeof(*hdr); 1002 hdr->addr = addr; 1003 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1004 hdr->len = __len8(0); 1005 1006 *ptr = credits; ptr++; 1007 1008 *ptr = __fcs(buf); ptr++; 1009 1010 return rfcomm_send_frame(s, buf, ptr - buf); 1011 } 1012 1013 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1014 { 1015 struct rfcomm_hdr *hdr; 1016 int len = skb->len; 1017 u8 *crc; 1018 1019 if (len > 127) { 1020 hdr = (void *) skb_push(skb, 4); 1021 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1022 } else { 1023 hdr = (void *) skb_push(skb, 3); 1024 hdr->len = __len8(len); 1025 } 1026 hdr->addr = addr; 1027 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1028 1029 crc = skb_put(skb, 1); 1030 *crc = __fcs((void *) hdr); 1031 } 1032 1033 /* ---- RFCOMM frame reception ---- */ 1034 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1035 { 1036 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1037 1038 if (dlci) { 1039 /* Data channel */ 1040 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1041 if (!d) { 1042 rfcomm_send_dm(s, dlci); 1043 return 0; 1044 } 1045 1046 switch (d->state) { 1047 case BT_CONNECT: 1048 rfcomm_dlc_clear_timer(d); 1049 1050 rfcomm_dlc_lock(d); 1051 d->state = BT_CONNECTED; 1052 d->state_change(d, 0); 1053 rfcomm_dlc_unlock(d); 1054 1055 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1056 break; 1057 1058 case BT_DISCONN: 1059 d->state = BT_CLOSED; 1060 __rfcomm_dlc_close(d, 0); 1061 1062 if (list_empty(&s->dlcs)) { 1063 s->state = BT_DISCONN; 1064 rfcomm_send_disc(s, 0); 1065 } 1066 1067 break; 1068 } 1069 } else { 1070 /* Control channel */ 1071 switch (s->state) { 1072 case BT_CONNECT: 1073 s->state = BT_CONNECTED; 1074 rfcomm_process_connect(s); 1075 break; 1076 1077 case BT_DISCONN: 1078 rfcomm_session_put(s); 1079 break; 1080 } 1081 } 1082 return 0; 1083 } 1084 1085 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1086 { 1087 int err = 0; 1088 1089 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1090 1091 if (dlci) { 1092 /* Data DLC */ 1093 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1094 if (d) { 1095 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1096 err = ECONNREFUSED; 1097 else 1098 err = ECONNRESET; 1099 1100 d->state = BT_CLOSED; 1101 __rfcomm_dlc_close(d, err); 1102 } 1103 } else { 1104 if (s->state == BT_CONNECT) 1105 err = ECONNREFUSED; 1106 else 1107 err = ECONNRESET; 1108 1109 s->state = BT_CLOSED; 1110 rfcomm_session_close(s, err); 1111 } 1112 return 0; 1113 } 1114 1115 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1116 { 1117 int err = 0; 1118 1119 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1120 1121 if (dlci) { 1122 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1123 if (d) { 1124 rfcomm_send_ua(s, dlci); 1125 1126 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1127 err = ECONNREFUSED; 1128 else 1129 err = ECONNRESET; 1130 1131 d->state = BT_CLOSED; 1132 __rfcomm_dlc_close(d, err); 1133 } else 1134 rfcomm_send_dm(s, dlci); 1135 1136 } else { 1137 rfcomm_send_ua(s, 0); 1138 1139 if (s->state == BT_CONNECT) 1140 err = ECONNREFUSED; 1141 else 1142 err = ECONNRESET; 1143 1144 s->state = BT_CLOSED; 1145 rfcomm_session_close(s, err); 1146 } 1147 1148 return 0; 1149 } 1150 1151 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1152 { 1153 struct sock *sk = d->session->sock->sk; 1154 1155 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1156 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1157 return 1; 1158 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1159 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1160 return 1; 1161 } 1162 1163 return 0; 1164 } 1165 1166 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1167 { 1168 struct sock *sk = d->session->sock->sk; 1169 1170 BT_DBG("dlc %p", d); 1171 1172 rfcomm_send_ua(d->session, d->dlci); 1173 1174 rfcomm_dlc_lock(d); 1175 d->state = BT_CONNECTED; 1176 d->state_change(d, 0); 1177 rfcomm_dlc_unlock(d); 1178 1179 if (d->link_mode & RFCOMM_LM_MASTER) 1180 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1181 1182 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1183 } 1184 1185 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1186 { 1187 struct rfcomm_dlc *d; 1188 u8 channel; 1189 1190 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1191 1192 if (!dlci) { 1193 rfcomm_send_ua(s, 0); 1194 1195 if (s->state == BT_OPEN) { 1196 s->state = BT_CONNECTED; 1197 rfcomm_process_connect(s); 1198 } 1199 return 0; 1200 } 1201 1202 /* Check if DLC exists */ 1203 d = rfcomm_dlc_get(s, dlci); 1204 if (d) { 1205 if (d->state == BT_OPEN) { 1206 /* DLC was previously opened by PN request */ 1207 if (rfcomm_check_link_mode(d)) { 1208 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1209 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1210 return 0; 1211 } 1212 1213 rfcomm_dlc_accept(d); 1214 } 1215 return 0; 1216 } 1217 1218 /* Notify socket layer about incoming connection */ 1219 channel = __srv_channel(dlci); 1220 if (rfcomm_connect_ind(s, channel, &d)) { 1221 d->dlci = dlci; 1222 d->addr = __addr(s->initiator, dlci); 1223 rfcomm_dlc_link(s, d); 1224 1225 if (rfcomm_check_link_mode(d)) { 1226 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1227 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1228 return 0; 1229 } 1230 1231 rfcomm_dlc_accept(d); 1232 } else { 1233 rfcomm_send_dm(s, dlci); 1234 } 1235 1236 return 0; 1237 } 1238 1239 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1240 { 1241 struct rfcomm_session *s = d->session; 1242 1243 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1244 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1245 1246 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1247 pn->flow_ctrl == 0xe0) { 1248 d->cfc = RFCOMM_CFC_ENABLED; 1249 d->tx_credits = pn->credits; 1250 } else { 1251 d->cfc = RFCOMM_CFC_DISABLED; 1252 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1253 } 1254 1255 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1256 s->cfc = d->cfc; 1257 1258 d->priority = pn->priority; 1259 1260 d->mtu = btohs(pn->mtu); 1261 1262 if (cr && d->mtu > s->mtu) 1263 d->mtu = s->mtu; 1264 1265 return 0; 1266 } 1267 1268 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1269 { 1270 struct rfcomm_pn *pn = (void *) skb->data; 1271 struct rfcomm_dlc *d; 1272 u8 dlci = pn->dlci; 1273 1274 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1275 1276 if (!dlci) 1277 return 0; 1278 1279 d = rfcomm_dlc_get(s, dlci); 1280 if (d) { 1281 if (cr) { 1282 /* PN request */ 1283 rfcomm_apply_pn(d, cr, pn); 1284 rfcomm_send_pn(s, 0, d); 1285 } else { 1286 /* PN response */ 1287 switch (d->state) { 1288 case BT_CONFIG: 1289 rfcomm_apply_pn(d, cr, pn); 1290 1291 d->state = BT_CONNECT; 1292 rfcomm_send_sabm(s, d->dlci); 1293 break; 1294 } 1295 } 1296 } else { 1297 u8 channel = __srv_channel(dlci); 1298 1299 if (!cr) 1300 return 0; 1301 1302 /* PN request for non existing DLC. 1303 * Assume incoming connection. */ 1304 if (rfcomm_connect_ind(s, channel, &d)) { 1305 d->dlci = dlci; 1306 d->addr = __addr(s->initiator, dlci); 1307 rfcomm_dlc_link(s, d); 1308 1309 rfcomm_apply_pn(d, cr, pn); 1310 1311 d->state = BT_OPEN; 1312 rfcomm_send_pn(s, 0, d); 1313 } else { 1314 rfcomm_send_dm(s, dlci); 1315 } 1316 } 1317 return 0; 1318 } 1319 1320 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1321 { 1322 struct rfcomm_rpn *rpn = (void *) skb->data; 1323 u8 dlci = __get_dlci(rpn->dlci); 1324 1325 u8 bit_rate = 0; 1326 u8 data_bits = 0; 1327 u8 stop_bits = 0; 1328 u8 parity = 0; 1329 u8 flow_ctrl = 0; 1330 u8 xon_char = 0; 1331 u8 xoff_char = 0; 1332 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1333 1334 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1335 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1336 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1337 1338 if (!cr) 1339 return 0; 1340 1341 if (len == 1) { 1342 /* This is a request, return default settings */ 1343 bit_rate = RFCOMM_RPN_BR_115200; 1344 data_bits = RFCOMM_RPN_DATA_8; 1345 stop_bits = RFCOMM_RPN_STOP_1; 1346 parity = RFCOMM_RPN_PARITY_NONE; 1347 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1348 xon_char = RFCOMM_RPN_XON_CHAR; 1349 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1350 goto rpn_out; 1351 } 1352 1353 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1354 * no parity, no flow control lines, normal XON/XOFF chars */ 1355 1356 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1357 bit_rate = rpn->bit_rate; 1358 if (bit_rate != RFCOMM_RPN_BR_115200) { 1359 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1360 bit_rate = RFCOMM_RPN_BR_115200; 1361 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1362 } 1363 } 1364 1365 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1366 data_bits = __get_rpn_data_bits(rpn->line_settings); 1367 if (data_bits != RFCOMM_RPN_DATA_8) { 1368 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1369 data_bits = RFCOMM_RPN_DATA_8; 1370 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1371 } 1372 } 1373 1374 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1375 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1376 if (stop_bits != RFCOMM_RPN_STOP_1) { 1377 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1378 stop_bits = RFCOMM_RPN_STOP_1; 1379 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1380 } 1381 } 1382 1383 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1384 parity = __get_rpn_parity(rpn->line_settings); 1385 if (parity != RFCOMM_RPN_PARITY_NONE) { 1386 BT_DBG("RPN parity mismatch 0x%x", parity); 1387 parity = RFCOMM_RPN_PARITY_NONE; 1388 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1389 } 1390 } 1391 1392 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1393 flow_ctrl = rpn->flow_ctrl; 1394 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1395 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1396 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1397 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1398 } 1399 } 1400 1401 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1402 xon_char = rpn->xon_char; 1403 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1404 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1405 xon_char = RFCOMM_RPN_XON_CHAR; 1406 rpn_mask ^= RFCOMM_RPN_PM_XON; 1407 } 1408 } 1409 1410 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1411 xoff_char = rpn->xoff_char; 1412 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1413 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1414 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1415 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1416 } 1417 } 1418 1419 rpn_out: 1420 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1421 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1422 1423 return 0; 1424 } 1425 1426 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1427 { 1428 struct rfcomm_rls *rls = (void *) skb->data; 1429 u8 dlci = __get_dlci(rls->dlci); 1430 1431 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1432 1433 if (!cr) 1434 return 0; 1435 1436 /* We should probably do something with this information here. But 1437 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1438 * mandatory to recognise and respond to RLS */ 1439 1440 rfcomm_send_rls(s, 0, dlci, rls->status); 1441 1442 return 0; 1443 } 1444 1445 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1446 { 1447 struct rfcomm_msc *msc = (void *) skb->data; 1448 struct rfcomm_dlc *d; 1449 u8 dlci = __get_dlci(msc->dlci); 1450 1451 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1452 1453 d = rfcomm_dlc_get(s, dlci); 1454 if (!d) 1455 return 0; 1456 1457 if (cr) { 1458 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1459 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1460 else 1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1462 1463 rfcomm_dlc_lock(d); 1464 if (d->modem_status) 1465 d->modem_status(d, msc->v24_sig); 1466 rfcomm_dlc_unlock(d); 1467 1468 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1469 1470 d->mscex |= RFCOMM_MSCEX_RX; 1471 } else 1472 d->mscex |= RFCOMM_MSCEX_TX; 1473 1474 return 0; 1475 } 1476 1477 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1478 { 1479 struct rfcomm_mcc *mcc = (void *) skb->data; 1480 u8 type, cr, len; 1481 1482 cr = __test_cr(mcc->type); 1483 type = __get_mcc_type(mcc->type); 1484 len = __get_mcc_len(mcc->len); 1485 1486 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1487 1488 skb_pull(skb, 2); 1489 1490 switch (type) { 1491 case RFCOMM_PN: 1492 rfcomm_recv_pn(s, cr, skb); 1493 break; 1494 1495 case RFCOMM_RPN: 1496 rfcomm_recv_rpn(s, cr, len, skb); 1497 break; 1498 1499 case RFCOMM_RLS: 1500 rfcomm_recv_rls(s, cr, skb); 1501 break; 1502 1503 case RFCOMM_MSC: 1504 rfcomm_recv_msc(s, cr, skb); 1505 break; 1506 1507 case RFCOMM_FCOFF: 1508 if (cr) { 1509 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1510 rfcomm_send_fcoff(s, 0); 1511 } 1512 break; 1513 1514 case RFCOMM_FCON: 1515 if (cr) { 1516 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1517 rfcomm_send_fcon(s, 0); 1518 } 1519 break; 1520 1521 case RFCOMM_TEST: 1522 if (cr) 1523 rfcomm_send_test(s, 0, skb->data, skb->len); 1524 break; 1525 1526 case RFCOMM_NSC: 1527 break; 1528 1529 default: 1530 BT_ERR("Unknown control type 0x%02x", type); 1531 rfcomm_send_nsc(s, cr, type); 1532 break; 1533 } 1534 return 0; 1535 } 1536 1537 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1538 { 1539 struct rfcomm_dlc *d; 1540 1541 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1542 1543 d = rfcomm_dlc_get(s, dlci); 1544 if (!d) { 1545 rfcomm_send_dm(s, dlci); 1546 goto drop; 1547 } 1548 1549 if (pf && d->cfc) { 1550 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1551 1552 d->tx_credits += credits; 1553 if (d->tx_credits) 1554 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1555 } 1556 1557 if (skb->len && d->state == BT_CONNECTED) { 1558 rfcomm_dlc_lock(d); 1559 d->rx_credits--; 1560 d->data_ready(d, skb); 1561 rfcomm_dlc_unlock(d); 1562 return 0; 1563 } 1564 1565 drop: 1566 kfree_skb(skb); 1567 return 0; 1568 } 1569 1570 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1571 { 1572 struct rfcomm_hdr *hdr = (void *) skb->data; 1573 u8 type, dlci, fcs; 1574 1575 dlci = __get_dlci(hdr->addr); 1576 type = __get_type(hdr->ctrl); 1577 1578 /* Trim FCS */ 1579 skb->len--; skb->tail--; 1580 fcs = *(u8 *)skb_tail_pointer(skb); 1581 1582 if (__check_fcs(skb->data, type, fcs)) { 1583 BT_ERR("bad checksum in packet"); 1584 kfree_skb(skb); 1585 return -EILSEQ; 1586 } 1587 1588 if (__test_ea(hdr->len)) 1589 skb_pull(skb, 3); 1590 else 1591 skb_pull(skb, 4); 1592 1593 switch (type) { 1594 case RFCOMM_SABM: 1595 if (__test_pf(hdr->ctrl)) 1596 rfcomm_recv_sabm(s, dlci); 1597 break; 1598 1599 case RFCOMM_DISC: 1600 if (__test_pf(hdr->ctrl)) 1601 rfcomm_recv_disc(s, dlci); 1602 break; 1603 1604 case RFCOMM_UA: 1605 if (__test_pf(hdr->ctrl)) 1606 rfcomm_recv_ua(s, dlci); 1607 break; 1608 1609 case RFCOMM_DM: 1610 rfcomm_recv_dm(s, dlci); 1611 break; 1612 1613 case RFCOMM_UIH: 1614 if (dlci) 1615 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1616 1617 rfcomm_recv_mcc(s, skb); 1618 break; 1619 1620 default: 1621 BT_ERR("Unknown packet type 0x%02x\n", type); 1622 break; 1623 } 1624 kfree_skb(skb); 1625 return 0; 1626 } 1627 1628 /* ---- Connection and data processing ---- */ 1629 1630 static void rfcomm_process_connect(struct rfcomm_session *s) 1631 { 1632 struct rfcomm_dlc *d; 1633 struct list_head *p, *n; 1634 1635 BT_DBG("session %p state %ld", s, s->state); 1636 1637 list_for_each_safe(p, n, &s->dlcs) { 1638 d = list_entry(p, struct rfcomm_dlc, list); 1639 if (d->state == BT_CONFIG) { 1640 d->mtu = s->mtu; 1641 rfcomm_send_pn(s, 1, d); 1642 } 1643 } 1644 } 1645 1646 /* Send data queued for the DLC. 1647 * Return number of frames left in the queue. 1648 */ 1649 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1650 { 1651 struct sk_buff *skb; 1652 int err; 1653 1654 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1655 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1656 1657 /* Send pending MSC */ 1658 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1659 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1660 1661 if (d->cfc) { 1662 /* CFC enabled. 1663 * Give them some credits */ 1664 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1665 d->rx_credits <= (d->cfc >> 2)) { 1666 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1667 d->rx_credits = d->cfc; 1668 } 1669 } else { 1670 /* CFC disabled. 1671 * Give ourselves some credits */ 1672 d->tx_credits = 5; 1673 } 1674 1675 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1676 return skb_queue_len(&d->tx_queue); 1677 1678 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1679 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1680 if (err < 0) { 1681 skb_queue_head(&d->tx_queue, skb); 1682 break; 1683 } 1684 kfree_skb(skb); 1685 d->tx_credits--; 1686 } 1687 1688 if (d->cfc && !d->tx_credits) { 1689 /* We're out of TX credits. 1690 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1691 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1692 } 1693 1694 return skb_queue_len(&d->tx_queue); 1695 } 1696 1697 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1698 { 1699 struct rfcomm_dlc *d; 1700 struct list_head *p, *n; 1701 1702 BT_DBG("session %p state %ld", s, s->state); 1703 1704 list_for_each_safe(p, n, &s->dlcs) { 1705 d = list_entry(p, struct rfcomm_dlc, list); 1706 1707 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1708 __rfcomm_dlc_close(d, ETIMEDOUT); 1709 continue; 1710 } 1711 1712 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1713 rfcomm_dlc_clear_timer(d); 1714 rfcomm_dlc_accept(d); 1715 if (d->link_mode & RFCOMM_LM_SECURE) { 1716 struct sock *sk = s->sock->sk; 1717 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1718 } 1719 continue; 1720 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1721 rfcomm_dlc_clear_timer(d); 1722 rfcomm_send_dm(s, d->dlci); 1723 __rfcomm_dlc_close(d, ECONNREFUSED); 1724 continue; 1725 } 1726 1727 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1728 continue; 1729 1730 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1731 d->mscex == RFCOMM_MSCEX_OK) 1732 rfcomm_process_tx(d); 1733 } 1734 } 1735 1736 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1737 { 1738 struct socket *sock = s->sock; 1739 struct sock *sk = sock->sk; 1740 struct sk_buff *skb; 1741 1742 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1743 1744 /* Get data directly from socket receive queue without copying it. */ 1745 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1746 skb_orphan(skb); 1747 rfcomm_recv_frame(s, skb); 1748 } 1749 1750 if (sk->sk_state == BT_CLOSED) { 1751 if (!s->initiator) 1752 rfcomm_session_put(s); 1753 1754 rfcomm_session_close(s, sk->sk_err); 1755 } 1756 } 1757 1758 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1759 { 1760 struct socket *sock = s->sock, *nsock; 1761 int err; 1762 1763 /* Fast check for a new connection. 1764 * Avoids unnesesary socket allocations. */ 1765 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1766 return; 1767 1768 BT_DBG("session %p", s); 1769 1770 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1771 if (err < 0) 1772 return; 1773 1774 __module_get(nsock->ops->owner); 1775 1776 /* Set our callbacks */ 1777 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1778 nsock->sk->sk_state_change = rfcomm_l2state_change; 1779 1780 s = rfcomm_session_add(nsock, BT_OPEN); 1781 if (s) { 1782 rfcomm_session_hold(s); 1783 1784 /* We should adjust MTU on incoming sessions. 1785 * L2CAP MTU minus UIH header and FCS. */ 1786 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1787 1788 rfcomm_schedule(RFCOMM_SCHED_RX); 1789 } else 1790 sock_release(nsock); 1791 } 1792 1793 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1794 { 1795 struct sock *sk = s->sock->sk; 1796 1797 BT_DBG("%p state %ld", s, s->state); 1798 1799 switch(sk->sk_state) { 1800 case BT_CONNECTED: 1801 s->state = BT_CONNECT; 1802 1803 /* We can adjust MTU on outgoing sessions. 1804 * L2CAP MTU minus UIH header and FCS. */ 1805 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1806 1807 rfcomm_send_sabm(s, 0); 1808 break; 1809 1810 case BT_CLOSED: 1811 s->state = BT_CLOSED; 1812 rfcomm_session_close(s, sk->sk_err); 1813 break; 1814 } 1815 } 1816 1817 static inline void rfcomm_process_sessions(void) 1818 { 1819 struct list_head *p, *n; 1820 1821 rfcomm_lock(); 1822 1823 list_for_each_safe(p, n, &session_list) { 1824 struct rfcomm_session *s; 1825 s = list_entry(p, struct rfcomm_session, list); 1826 1827 if (s->state == BT_LISTEN) { 1828 rfcomm_accept_connection(s); 1829 continue; 1830 } 1831 1832 rfcomm_session_hold(s); 1833 1834 switch (s->state) { 1835 case BT_BOUND: 1836 rfcomm_check_connection(s); 1837 break; 1838 1839 default: 1840 rfcomm_process_rx(s); 1841 break; 1842 } 1843 1844 rfcomm_process_dlcs(s); 1845 1846 rfcomm_session_put(s); 1847 } 1848 1849 rfcomm_unlock(); 1850 } 1851 1852 static void rfcomm_worker(void) 1853 { 1854 BT_DBG(""); 1855 1856 while (!atomic_read(&terminate)) { 1857 set_current_state(TASK_INTERRUPTIBLE); 1858 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1859 /* No pending events. Let's sleep. 1860 * Incoming connections and data will wake us up. */ 1861 schedule(); 1862 } 1863 set_current_state(TASK_RUNNING); 1864 1865 /* Process stuff */ 1866 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1867 rfcomm_process_sessions(); 1868 } 1869 return; 1870 } 1871 1872 static int rfcomm_add_listener(bdaddr_t *ba) 1873 { 1874 struct sockaddr_l2 addr; 1875 struct socket *sock; 1876 struct sock *sk; 1877 struct rfcomm_session *s; 1878 int err = 0; 1879 1880 /* Create socket */ 1881 err = rfcomm_l2sock_create(&sock); 1882 if (err < 0) { 1883 BT_ERR("Create socket failed %d", err); 1884 return err; 1885 } 1886 1887 /* Bind socket */ 1888 bacpy(&addr.l2_bdaddr, ba); 1889 addr.l2_family = AF_BLUETOOTH; 1890 addr.l2_psm = htobs(RFCOMM_PSM); 1891 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1892 if (err < 0) { 1893 BT_ERR("Bind failed %d", err); 1894 goto failed; 1895 } 1896 1897 /* Set L2CAP options */ 1898 sk = sock->sk; 1899 lock_sock(sk); 1900 l2cap_pi(sk)->imtu = l2cap_mtu; 1901 release_sock(sk); 1902 1903 /* Start listening on the socket */ 1904 err = kernel_listen(sock, 10); 1905 if (err) { 1906 BT_ERR("Listen failed %d", err); 1907 goto failed; 1908 } 1909 1910 /* Add listening session */ 1911 s = rfcomm_session_add(sock, BT_LISTEN); 1912 if (!s) 1913 goto failed; 1914 1915 rfcomm_session_hold(s); 1916 return 0; 1917 failed: 1918 sock_release(sock); 1919 return err; 1920 } 1921 1922 static void rfcomm_kill_listener(void) 1923 { 1924 struct rfcomm_session *s; 1925 struct list_head *p, *n; 1926 1927 BT_DBG(""); 1928 1929 list_for_each_safe(p, n, &session_list) { 1930 s = list_entry(p, struct rfcomm_session, list); 1931 rfcomm_session_del(s); 1932 } 1933 } 1934 1935 static int rfcomm_run(void *unused) 1936 { 1937 rfcomm_thread = current; 1938 1939 atomic_inc(&running); 1940 1941 daemonize("krfcommd"); 1942 set_user_nice(current, -10); 1943 current->flags |= PF_NOFREEZE; 1944 1945 BT_DBG(""); 1946 1947 rfcomm_add_listener(BDADDR_ANY); 1948 1949 rfcomm_worker(); 1950 1951 rfcomm_kill_listener(); 1952 1953 atomic_dec(&running); 1954 return 0; 1955 } 1956 1957 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1958 { 1959 struct rfcomm_session *s; 1960 struct rfcomm_dlc *d; 1961 struct list_head *p, *n; 1962 1963 BT_DBG("conn %p status 0x%02x", conn, status); 1964 1965 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1966 if (!s) 1967 return; 1968 1969 rfcomm_session_hold(s); 1970 1971 list_for_each_safe(p, n, &s->dlcs) { 1972 d = list_entry(p, struct rfcomm_dlc, list); 1973 1974 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1975 continue; 1976 1977 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1978 continue; 1979 1980 if (!status) 1981 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1982 else 1983 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1984 } 1985 1986 rfcomm_session_put(s); 1987 1988 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1989 } 1990 1991 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1992 { 1993 struct rfcomm_session *s; 1994 struct rfcomm_dlc *d; 1995 struct list_head *p, *n; 1996 1997 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1998 1999 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2000 if (!s) 2001 return; 2002 2003 rfcomm_session_hold(s); 2004 2005 list_for_each_safe(p, n, &s->dlcs) { 2006 d = list_entry(p, struct rfcomm_dlc, list); 2007 2008 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2009 continue; 2010 2011 if (!status && encrypt) 2012 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2013 else 2014 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2015 } 2016 2017 rfcomm_session_put(s); 2018 2019 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2020 } 2021 2022 static struct hci_cb rfcomm_cb = { 2023 .name = "RFCOMM", 2024 .auth_cfm = rfcomm_auth_cfm, 2025 .encrypt_cfm = rfcomm_encrypt_cfm 2026 }; 2027 2028 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2029 { 2030 struct rfcomm_session *s; 2031 struct list_head *pp, *p; 2032 char *str = buf; 2033 2034 rfcomm_lock(); 2035 2036 list_for_each(p, &session_list) { 2037 s = list_entry(p, struct rfcomm_session, list); 2038 list_for_each(pp, &s->dlcs) { 2039 struct sock *sk = s->sock->sk; 2040 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2041 2042 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2043 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2044 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2045 } 2046 } 2047 2048 rfcomm_unlock(); 2049 2050 return (str - buf); 2051 } 2052 2053 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2054 2055 /* ---- Initialization ---- */ 2056 static int __init rfcomm_init(void) 2057 { 2058 l2cap_load(); 2059 2060 hci_register_cb(&rfcomm_cb); 2061 2062 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2063 2064 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2065 BT_ERR("Failed to create RFCOMM info file"); 2066 2067 rfcomm_init_sockets(); 2068 2069 #ifdef CONFIG_BT_RFCOMM_TTY 2070 rfcomm_init_ttys(); 2071 #endif 2072 2073 BT_INFO("RFCOMM ver %s", VERSION); 2074 2075 return 0; 2076 } 2077 2078 static void __exit rfcomm_exit(void) 2079 { 2080 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2081 2082 hci_unregister_cb(&rfcomm_cb); 2083 2084 /* Terminate working thread. 2085 * ie. Set terminate flag and wake it up */ 2086 atomic_inc(&terminate); 2087 rfcomm_schedule(RFCOMM_SCHED_STATE); 2088 2089 /* Wait until thread is running */ 2090 while (atomic_read(&running)) 2091 schedule(); 2092 2093 #ifdef CONFIG_BT_RFCOMM_TTY 2094 rfcomm_cleanup_ttys(); 2095 #endif 2096 2097 rfcomm_cleanup_sockets(); 2098 } 2099 2100 module_init(rfcomm_init); 2101 module_exit(rfcomm_exit); 2102 2103 module_param(disable_cfc, bool, 0644); 2104 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2105 2106 module_param(channel_mtu, int, 0644); 2107 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2108 2109 module_param(l2cap_mtu, uint, 0644); 2110 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2111 2112 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2113 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2114 MODULE_VERSION(VERSION); 2115 MODULE_LICENSE("GPL"); 2116 MODULE_ALIAS("bt-proto-3"); 2117