1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.11" 50 51 static int disable_cfc = 0; 52 static int channel_mtu = -1; 53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 static int l2cap_ertm = 0; 55 56 static struct task_struct *rfcomm_thread; 57 58 static DEFINE_MUTEX(rfcomm_mutex); 59 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 60 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 61 62 static unsigned long rfcomm_event; 63 64 static LIST_HEAD(session_list); 65 66 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 67 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 68 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 69 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 70 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 71 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 72 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 73 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 74 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 75 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 76 77 static void rfcomm_process_connect(struct rfcomm_session *s); 78 79 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 80 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 81 static void rfcomm_session_del(struct rfcomm_session *s); 82 83 /* ---- RFCOMM frame parsing macros ---- */ 84 #define __get_dlci(b) ((b & 0xfc) >> 2) 85 #define __get_channel(b) ((b & 0xf8) >> 3) 86 #define __get_dir(b) ((b & 0x04) >> 2) 87 #define __get_type(b) ((b & 0xef)) 88 89 #define __test_ea(b) ((b & 0x01)) 90 #define __test_cr(b) ((b & 0x02)) 91 #define __test_pf(b) ((b & 0x10)) 92 93 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 94 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 95 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 96 #define __srv_channel(dlci) (dlci >> 1) 97 #define __dir(dlci) (dlci & 0x01) 98 99 #define __len8(len) (((len) << 1) | 1) 100 #define __len16(len) ((len) << 1) 101 102 /* MCC macros */ 103 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 104 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 105 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 106 107 /* RPN macros */ 108 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 109 #define __get_rpn_data_bits(line) ((line) & 0x3) 110 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 111 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 112 113 static inline void rfcomm_schedule(uint event) 114 { 115 if (!rfcomm_thread) 116 return; 117 //set_bit(event, &rfcomm_event); 118 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 119 wake_up_process(rfcomm_thread); 120 } 121 122 static inline void rfcomm_session_put(struct rfcomm_session *s) 123 { 124 if (atomic_dec_and_test(&s->refcnt)) 125 rfcomm_session_del(s); 126 } 127 128 /* ---- RFCOMM FCS computation ---- */ 129 130 /* reversed, 8-bit, poly=0x07 */ 131 static unsigned char rfcomm_crc_table[256] = { 132 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 133 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 134 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 135 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 136 137 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 138 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 139 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 140 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 141 142 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 143 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 144 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 145 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 146 147 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 148 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 149 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 150 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 151 152 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 153 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 154 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 155 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 156 157 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 158 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 159 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 160 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 161 162 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 163 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 164 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 165 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 166 167 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 168 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 169 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 170 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 171 }; 172 173 /* CRC on 2 bytes */ 174 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 175 176 /* FCS on 2 bytes */ 177 static inline u8 __fcs(u8 *data) 178 { 179 return (0xff - __crc(data)); 180 } 181 182 /* FCS on 3 bytes */ 183 static inline u8 __fcs2(u8 *data) 184 { 185 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 186 } 187 188 /* Check FCS */ 189 static inline int __check_fcs(u8 *data, int type, u8 fcs) 190 { 191 u8 f = __crc(data); 192 193 if (type != RFCOMM_UIH) 194 f = rfcomm_crc_table[f ^ data[2]]; 195 196 return rfcomm_crc_table[f ^ fcs] != 0xcf; 197 } 198 199 /* ---- L2CAP callbacks ---- */ 200 static void rfcomm_l2state_change(struct sock *sk) 201 { 202 BT_DBG("%p state %d", sk, sk->sk_state); 203 rfcomm_schedule(RFCOMM_SCHED_STATE); 204 } 205 206 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 207 { 208 BT_DBG("%p bytes %d", sk, bytes); 209 rfcomm_schedule(RFCOMM_SCHED_RX); 210 } 211 212 static int rfcomm_l2sock_create(struct socket **sock) 213 { 214 int err; 215 216 BT_DBG(""); 217 218 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 219 if (!err) { 220 struct sock *sk = (*sock)->sk; 221 sk->sk_data_ready = rfcomm_l2data_ready; 222 sk->sk_state_change = rfcomm_l2state_change; 223 } 224 return err; 225 } 226 227 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 228 { 229 struct sock *sk = d->session->sock->sk; 230 __u8 auth_type; 231 232 switch (d->sec_level) { 233 case BT_SECURITY_HIGH: 234 auth_type = HCI_AT_GENERAL_BONDING_MITM; 235 break; 236 case BT_SECURITY_MEDIUM: 237 auth_type = HCI_AT_GENERAL_BONDING; 238 break; 239 default: 240 auth_type = HCI_AT_NO_BONDING; 241 break; 242 } 243 244 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 245 auth_type); 246 } 247 248 static void rfcomm_session_timeout(unsigned long arg) 249 { 250 struct rfcomm_session *s = (void *) arg; 251 252 BT_DBG("session %p state %ld", s, s->state); 253 254 set_bit(RFCOMM_TIMED_OUT, &s->flags); 255 rfcomm_session_put(s); 256 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 257 } 258 259 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 260 { 261 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 262 263 if (!mod_timer(&s->timer, jiffies + timeout)) 264 rfcomm_session_hold(s); 265 } 266 267 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 268 { 269 BT_DBG("session %p state %ld", s, s->state); 270 271 if (timer_pending(&s->timer) && del_timer(&s->timer)) 272 rfcomm_session_put(s); 273 } 274 275 /* ---- RFCOMM DLCs ---- */ 276 static void rfcomm_dlc_timeout(unsigned long arg) 277 { 278 struct rfcomm_dlc *d = (void *) arg; 279 280 BT_DBG("dlc %p state %ld", d, d->state); 281 282 set_bit(RFCOMM_TIMED_OUT, &d->flags); 283 rfcomm_dlc_put(d); 284 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 285 } 286 287 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 288 { 289 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 290 291 if (!mod_timer(&d->timer, jiffies + timeout)) 292 rfcomm_dlc_hold(d); 293 } 294 295 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 296 { 297 BT_DBG("dlc %p state %ld", d, d->state); 298 299 if (timer_pending(&d->timer) && del_timer(&d->timer)) 300 rfcomm_dlc_put(d); 301 } 302 303 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 304 { 305 BT_DBG("%p", d); 306 307 d->state = BT_OPEN; 308 d->flags = 0; 309 d->mscex = 0; 310 d->mtu = RFCOMM_DEFAULT_MTU; 311 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 312 313 d->cfc = RFCOMM_CFC_DISABLED; 314 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 315 } 316 317 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 318 { 319 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 320 321 if (!d) 322 return NULL; 323 324 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 325 326 skb_queue_head_init(&d->tx_queue); 327 spin_lock_init(&d->lock); 328 atomic_set(&d->refcnt, 1); 329 330 rfcomm_dlc_clear_state(d); 331 332 BT_DBG("%p", d); 333 334 return d; 335 } 336 337 void rfcomm_dlc_free(struct rfcomm_dlc *d) 338 { 339 BT_DBG("%p", d); 340 341 skb_queue_purge(&d->tx_queue); 342 kfree(d); 343 } 344 345 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 346 { 347 BT_DBG("dlc %p session %p", d, s); 348 349 rfcomm_session_hold(s); 350 351 rfcomm_session_clear_timer(s); 352 rfcomm_dlc_hold(d); 353 list_add(&d->list, &s->dlcs); 354 d->session = s; 355 } 356 357 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 358 { 359 struct rfcomm_session *s = d->session; 360 361 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 362 363 list_del(&d->list); 364 d->session = NULL; 365 rfcomm_dlc_put(d); 366 367 if (list_empty(&s->dlcs)) 368 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 369 370 rfcomm_session_put(s); 371 } 372 373 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 374 { 375 struct rfcomm_dlc *d; 376 struct list_head *p; 377 378 list_for_each(p, &s->dlcs) { 379 d = list_entry(p, struct rfcomm_dlc, list); 380 if (d->dlci == dlci) 381 return d; 382 } 383 return NULL; 384 } 385 386 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 387 { 388 struct rfcomm_session *s; 389 int err = 0; 390 u8 dlci; 391 392 BT_DBG("dlc %p state %ld %s %s channel %d", 393 d, d->state, batostr(src), batostr(dst), channel); 394 395 if (channel < 1 || channel > 30) 396 return -EINVAL; 397 398 if (d->state != BT_OPEN && d->state != BT_CLOSED) 399 return 0; 400 401 s = rfcomm_session_get(src, dst); 402 if (!s) { 403 s = rfcomm_session_create(src, dst, &err); 404 if (!s) 405 return err; 406 } 407 408 dlci = __dlci(!s->initiator, channel); 409 410 /* Check if DLCI already exists */ 411 if (rfcomm_dlc_get(s, dlci)) 412 return -EBUSY; 413 414 rfcomm_dlc_clear_state(d); 415 416 d->dlci = dlci; 417 d->addr = __addr(s->initiator, dlci); 418 d->priority = 7; 419 420 d->state = BT_CONFIG; 421 rfcomm_dlc_link(s, d); 422 423 d->out = 1; 424 425 d->mtu = s->mtu; 426 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 427 428 if (s->state == BT_CONNECTED) { 429 if (rfcomm_check_security(d)) 430 rfcomm_send_pn(s, 1, d); 431 else 432 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 433 } 434 435 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 436 437 return 0; 438 } 439 440 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 441 { 442 int r; 443 444 rfcomm_lock(); 445 446 r = __rfcomm_dlc_open(d, src, dst, channel); 447 448 rfcomm_unlock(); 449 return r; 450 } 451 452 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 453 { 454 struct rfcomm_session *s = d->session; 455 if (!s) 456 return 0; 457 458 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 459 d, d->state, d->dlci, err, s); 460 461 switch (d->state) { 462 case BT_CONNECT: 463 case BT_CONFIG: 464 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 465 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 466 rfcomm_schedule(RFCOMM_SCHED_AUTH); 467 break; 468 } 469 /* Fall through */ 470 471 case BT_CONNECTED: 472 d->state = BT_DISCONN; 473 if (skb_queue_empty(&d->tx_queue)) { 474 rfcomm_send_disc(s, d->dlci); 475 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 476 } else { 477 rfcomm_queue_disc(d); 478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 479 } 480 break; 481 482 case BT_OPEN: 483 case BT_CONNECT2: 484 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 485 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 486 rfcomm_schedule(RFCOMM_SCHED_AUTH); 487 break; 488 } 489 /* Fall through */ 490 491 default: 492 rfcomm_dlc_clear_timer(d); 493 494 rfcomm_dlc_lock(d); 495 d->state = BT_CLOSED; 496 d->state_change(d, err); 497 rfcomm_dlc_unlock(d); 498 499 skb_queue_purge(&d->tx_queue); 500 rfcomm_dlc_unlink(d); 501 } 502 503 return 0; 504 } 505 506 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 507 { 508 int r; 509 510 rfcomm_lock(); 511 512 r = __rfcomm_dlc_close(d, err); 513 514 rfcomm_unlock(); 515 return r; 516 } 517 518 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 519 { 520 int len = skb->len; 521 522 if (d->state != BT_CONNECTED) 523 return -ENOTCONN; 524 525 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 526 527 if (len > d->mtu) 528 return -EINVAL; 529 530 rfcomm_make_uih(skb, d->addr); 531 skb_queue_tail(&d->tx_queue, skb); 532 533 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 534 rfcomm_schedule(RFCOMM_SCHED_TX); 535 return len; 536 } 537 538 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 539 { 540 BT_DBG("dlc %p state %ld", d, d->state); 541 542 if (!d->cfc) { 543 d->v24_sig |= RFCOMM_V24_FC; 544 set_bit(RFCOMM_MSC_PENDING, &d->flags); 545 } 546 rfcomm_schedule(RFCOMM_SCHED_TX); 547 } 548 549 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 550 { 551 BT_DBG("dlc %p state %ld", d, d->state); 552 553 if (!d->cfc) { 554 d->v24_sig &= ~RFCOMM_V24_FC; 555 set_bit(RFCOMM_MSC_PENDING, &d->flags); 556 } 557 rfcomm_schedule(RFCOMM_SCHED_TX); 558 } 559 560 /* 561 Set/get modem status functions use _local_ status i.e. what we report 562 to the other side. 563 Remote status is provided by dlc->modem_status() callback. 564 */ 565 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 566 { 567 BT_DBG("dlc %p state %ld v24_sig 0x%x", 568 d, d->state, v24_sig); 569 570 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 571 v24_sig |= RFCOMM_V24_FC; 572 else 573 v24_sig &= ~RFCOMM_V24_FC; 574 575 d->v24_sig = v24_sig; 576 577 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 578 rfcomm_schedule(RFCOMM_SCHED_TX); 579 580 return 0; 581 } 582 583 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 584 { 585 BT_DBG("dlc %p state %ld v24_sig 0x%x", 586 d, d->state, d->v24_sig); 587 588 *v24_sig = d->v24_sig; 589 return 0; 590 } 591 592 /* ---- RFCOMM sessions ---- */ 593 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 594 { 595 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 596 597 if (!s) 598 return NULL; 599 600 BT_DBG("session %p sock %p", s, sock); 601 602 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 603 604 INIT_LIST_HEAD(&s->dlcs); 605 s->state = state; 606 s->sock = sock; 607 608 s->mtu = RFCOMM_DEFAULT_MTU; 609 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 610 611 /* Do not increment module usage count for listening sessions. 612 * Otherwise we won't be able to unload the module. */ 613 if (state != BT_LISTEN) 614 if (!try_module_get(THIS_MODULE)) { 615 kfree(s); 616 return NULL; 617 } 618 619 list_add(&s->list, &session_list); 620 621 return s; 622 } 623 624 static void rfcomm_session_del(struct rfcomm_session *s) 625 { 626 int state = s->state; 627 628 BT_DBG("session %p state %ld", s, s->state); 629 630 list_del(&s->list); 631 632 if (state == BT_CONNECTED) 633 rfcomm_send_disc(s, 0); 634 635 rfcomm_session_clear_timer(s); 636 sock_release(s->sock); 637 kfree(s); 638 639 if (state != BT_LISTEN) 640 module_put(THIS_MODULE); 641 } 642 643 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 644 { 645 struct rfcomm_session *s; 646 struct list_head *p, *n; 647 struct bt_sock *sk; 648 list_for_each_safe(p, n, &session_list) { 649 s = list_entry(p, struct rfcomm_session, list); 650 sk = bt_sk(s->sock->sk); 651 652 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 653 !bacmp(&sk->dst, dst)) 654 return s; 655 } 656 return NULL; 657 } 658 659 static void rfcomm_session_close(struct rfcomm_session *s, int err) 660 { 661 struct rfcomm_dlc *d; 662 struct list_head *p, *n; 663 664 BT_DBG("session %p state %ld err %d", s, s->state, err); 665 666 rfcomm_session_hold(s); 667 668 s->state = BT_CLOSED; 669 670 /* Close all dlcs */ 671 list_for_each_safe(p, n, &s->dlcs) { 672 d = list_entry(p, struct rfcomm_dlc, list); 673 d->state = BT_CLOSED; 674 __rfcomm_dlc_close(d, err); 675 } 676 677 rfcomm_session_clear_timer(s); 678 rfcomm_session_put(s); 679 } 680 681 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 682 { 683 struct rfcomm_session *s = NULL; 684 struct sockaddr_l2 addr; 685 struct socket *sock; 686 struct sock *sk; 687 688 BT_DBG("%s %s", batostr(src), batostr(dst)); 689 690 *err = rfcomm_l2sock_create(&sock); 691 if (*err < 0) 692 return NULL; 693 694 bacpy(&addr.l2_bdaddr, src); 695 addr.l2_family = AF_BLUETOOTH; 696 addr.l2_psm = 0; 697 addr.l2_cid = 0; 698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 699 if (*err < 0) 700 goto failed; 701 702 /* Set L2CAP options */ 703 sk = sock->sk; 704 lock_sock(sk); 705 l2cap_pi(sk)->imtu = l2cap_mtu; 706 if (l2cap_ertm) 707 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 708 release_sock(sk); 709 710 s = rfcomm_session_add(sock, BT_BOUND); 711 if (!s) { 712 *err = -ENOMEM; 713 goto failed; 714 } 715 716 s->initiator = 1; 717 718 bacpy(&addr.l2_bdaddr, dst); 719 addr.l2_family = AF_BLUETOOTH; 720 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 721 addr.l2_cid = 0; 722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 723 if (*err == 0 || *err == -EINPROGRESS) 724 return s; 725 726 rfcomm_session_del(s); 727 return NULL; 728 729 failed: 730 sock_release(sock); 731 return NULL; 732 } 733 734 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 735 { 736 struct sock *sk = s->sock->sk; 737 if (src) 738 bacpy(src, &bt_sk(sk)->src); 739 if (dst) 740 bacpy(dst, &bt_sk(sk)->dst); 741 } 742 743 /* ---- RFCOMM frame sending ---- */ 744 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 745 { 746 struct socket *sock = s->sock; 747 struct kvec iv = { data, len }; 748 struct msghdr msg; 749 750 BT_DBG("session %p len %d", s, len); 751 752 memset(&msg, 0, sizeof(msg)); 753 754 return kernel_sendmsg(sock, &msg, &iv, 1, len); 755 } 756 757 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 758 { 759 struct rfcomm_cmd cmd; 760 761 BT_DBG("%p dlci %d", s, dlci); 762 763 cmd.addr = __addr(s->initiator, dlci); 764 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 765 cmd.len = __len8(0); 766 cmd.fcs = __fcs2((u8 *) &cmd); 767 768 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 769 } 770 771 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 772 { 773 struct rfcomm_cmd cmd; 774 775 BT_DBG("%p dlci %d", s, dlci); 776 777 cmd.addr = __addr(!s->initiator, dlci); 778 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 779 cmd.len = __len8(0); 780 cmd.fcs = __fcs2((u8 *) &cmd); 781 782 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 783 } 784 785 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 786 { 787 struct rfcomm_cmd cmd; 788 789 BT_DBG("%p dlci %d", s, dlci); 790 791 cmd.addr = __addr(s->initiator, dlci); 792 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 793 cmd.len = __len8(0); 794 cmd.fcs = __fcs2((u8 *) &cmd); 795 796 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 797 } 798 799 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 800 { 801 struct rfcomm_cmd *cmd; 802 struct sk_buff *skb; 803 804 BT_DBG("dlc %p dlci %d", d, d->dlci); 805 806 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 807 if (!skb) 808 return -ENOMEM; 809 810 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 811 cmd->addr = d->addr; 812 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 813 cmd->len = __len8(0); 814 cmd->fcs = __fcs2((u8 *) cmd); 815 816 skb_queue_tail(&d->tx_queue, skb); 817 rfcomm_schedule(RFCOMM_SCHED_TX); 818 return 0; 819 } 820 821 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 822 { 823 struct rfcomm_cmd cmd; 824 825 BT_DBG("%p dlci %d", s, dlci); 826 827 cmd.addr = __addr(!s->initiator, dlci); 828 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 829 cmd.len = __len8(0); 830 cmd.fcs = __fcs2((u8 *) &cmd); 831 832 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 833 } 834 835 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 836 { 837 struct rfcomm_hdr *hdr; 838 struct rfcomm_mcc *mcc; 839 u8 buf[16], *ptr = buf; 840 841 BT_DBG("%p cr %d type %d", s, cr, type); 842 843 hdr = (void *) ptr; ptr += sizeof(*hdr); 844 hdr->addr = __addr(s->initiator, 0); 845 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 846 hdr->len = __len8(sizeof(*mcc) + 1); 847 848 mcc = (void *) ptr; ptr += sizeof(*mcc); 849 mcc->type = __mcc_type(cr, RFCOMM_NSC); 850 mcc->len = __len8(1); 851 852 /* Type that we didn't like */ 853 *ptr = __mcc_type(cr, type); ptr++; 854 855 *ptr = __fcs(buf); ptr++; 856 857 return rfcomm_send_frame(s, buf, ptr - buf); 858 } 859 860 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 861 { 862 struct rfcomm_hdr *hdr; 863 struct rfcomm_mcc *mcc; 864 struct rfcomm_pn *pn; 865 u8 buf[16], *ptr = buf; 866 867 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 868 869 hdr = (void *) ptr; ptr += sizeof(*hdr); 870 hdr->addr = __addr(s->initiator, 0); 871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 872 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 873 874 mcc = (void *) ptr; ptr += sizeof(*mcc); 875 mcc->type = __mcc_type(cr, RFCOMM_PN); 876 mcc->len = __len8(sizeof(*pn)); 877 878 pn = (void *) ptr; ptr += sizeof(*pn); 879 pn->dlci = d->dlci; 880 pn->priority = d->priority; 881 pn->ack_timer = 0; 882 pn->max_retrans = 0; 883 884 if (s->cfc) { 885 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 886 pn->credits = RFCOMM_DEFAULT_CREDITS; 887 } else { 888 pn->flow_ctrl = 0; 889 pn->credits = 0; 890 } 891 892 if (cr && channel_mtu >= 0) 893 pn->mtu = cpu_to_le16(channel_mtu); 894 else 895 pn->mtu = cpu_to_le16(d->mtu); 896 897 *ptr = __fcs(buf); ptr++; 898 899 return rfcomm_send_frame(s, buf, ptr - buf); 900 } 901 902 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 903 u8 bit_rate, u8 data_bits, u8 stop_bits, 904 u8 parity, u8 flow_ctrl_settings, 905 u8 xon_char, u8 xoff_char, u16 param_mask) 906 { 907 struct rfcomm_hdr *hdr; 908 struct rfcomm_mcc *mcc; 909 struct rfcomm_rpn *rpn; 910 u8 buf[16], *ptr = buf; 911 912 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 913 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 914 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 915 flow_ctrl_settings, xon_char, xoff_char, param_mask); 916 917 hdr = (void *) ptr; ptr += sizeof(*hdr); 918 hdr->addr = __addr(s->initiator, 0); 919 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 920 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 921 922 mcc = (void *) ptr; ptr += sizeof(*mcc); 923 mcc->type = __mcc_type(cr, RFCOMM_RPN); 924 mcc->len = __len8(sizeof(*rpn)); 925 926 rpn = (void *) ptr; ptr += sizeof(*rpn); 927 rpn->dlci = __addr(1, dlci); 928 rpn->bit_rate = bit_rate; 929 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 930 rpn->flow_ctrl = flow_ctrl_settings; 931 rpn->xon_char = xon_char; 932 rpn->xoff_char = xoff_char; 933 rpn->param_mask = cpu_to_le16(param_mask); 934 935 *ptr = __fcs(buf); ptr++; 936 937 return rfcomm_send_frame(s, buf, ptr - buf); 938 } 939 940 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 941 { 942 struct rfcomm_hdr *hdr; 943 struct rfcomm_mcc *mcc; 944 struct rfcomm_rls *rls; 945 u8 buf[16], *ptr = buf; 946 947 BT_DBG("%p cr %d status 0x%x", s, cr, status); 948 949 hdr = (void *) ptr; ptr += sizeof(*hdr); 950 hdr->addr = __addr(s->initiator, 0); 951 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 952 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 953 954 mcc = (void *) ptr; ptr += sizeof(*mcc); 955 mcc->type = __mcc_type(cr, RFCOMM_RLS); 956 mcc->len = __len8(sizeof(*rls)); 957 958 rls = (void *) ptr; ptr += sizeof(*rls); 959 rls->dlci = __addr(1, dlci); 960 rls->status = status; 961 962 *ptr = __fcs(buf); ptr++; 963 964 return rfcomm_send_frame(s, buf, ptr - buf); 965 } 966 967 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 968 { 969 struct rfcomm_hdr *hdr; 970 struct rfcomm_mcc *mcc; 971 struct rfcomm_msc *msc; 972 u8 buf[16], *ptr = buf; 973 974 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 975 976 hdr = (void *) ptr; ptr += sizeof(*hdr); 977 hdr->addr = __addr(s->initiator, 0); 978 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 979 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 980 981 mcc = (void *) ptr; ptr += sizeof(*mcc); 982 mcc->type = __mcc_type(cr, RFCOMM_MSC); 983 mcc->len = __len8(sizeof(*msc)); 984 985 msc = (void *) ptr; ptr += sizeof(*msc); 986 msc->dlci = __addr(1, dlci); 987 msc->v24_sig = v24_sig | 0x01; 988 989 *ptr = __fcs(buf); ptr++; 990 991 return rfcomm_send_frame(s, buf, ptr - buf); 992 } 993 994 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 995 { 996 struct rfcomm_hdr *hdr; 997 struct rfcomm_mcc *mcc; 998 u8 buf[16], *ptr = buf; 999 1000 BT_DBG("%p cr %d", s, cr); 1001 1002 hdr = (void *) ptr; ptr += sizeof(*hdr); 1003 hdr->addr = __addr(s->initiator, 0); 1004 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1005 hdr->len = __len8(sizeof(*mcc)); 1006 1007 mcc = (void *) ptr; ptr += sizeof(*mcc); 1008 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1009 mcc->len = __len8(0); 1010 1011 *ptr = __fcs(buf); ptr++; 1012 1013 return rfcomm_send_frame(s, buf, ptr - buf); 1014 } 1015 1016 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1017 { 1018 struct rfcomm_hdr *hdr; 1019 struct rfcomm_mcc *mcc; 1020 u8 buf[16], *ptr = buf; 1021 1022 BT_DBG("%p cr %d", s, cr); 1023 1024 hdr = (void *) ptr; ptr += sizeof(*hdr); 1025 hdr->addr = __addr(s->initiator, 0); 1026 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1027 hdr->len = __len8(sizeof(*mcc)); 1028 1029 mcc = (void *) ptr; ptr += sizeof(*mcc); 1030 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1031 mcc->len = __len8(0); 1032 1033 *ptr = __fcs(buf); ptr++; 1034 1035 return rfcomm_send_frame(s, buf, ptr - buf); 1036 } 1037 1038 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1039 { 1040 struct socket *sock = s->sock; 1041 struct kvec iv[3]; 1042 struct msghdr msg; 1043 unsigned char hdr[5], crc[1]; 1044 1045 if (len > 125) 1046 return -EINVAL; 1047 1048 BT_DBG("%p cr %d", s, cr); 1049 1050 hdr[0] = __addr(s->initiator, 0); 1051 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1052 hdr[2] = 0x01 | ((len + 2) << 1); 1053 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1054 hdr[4] = 0x01 | (len << 1); 1055 1056 crc[0] = __fcs(hdr); 1057 1058 iv[0].iov_base = hdr; 1059 iv[0].iov_len = 5; 1060 iv[1].iov_base = pattern; 1061 iv[1].iov_len = len; 1062 iv[2].iov_base = crc; 1063 iv[2].iov_len = 1; 1064 1065 memset(&msg, 0, sizeof(msg)); 1066 1067 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1068 } 1069 1070 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1071 { 1072 struct rfcomm_hdr *hdr; 1073 u8 buf[16], *ptr = buf; 1074 1075 BT_DBG("%p addr %d credits %d", s, addr, credits); 1076 1077 hdr = (void *) ptr; ptr += sizeof(*hdr); 1078 hdr->addr = addr; 1079 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1080 hdr->len = __len8(0); 1081 1082 *ptr = credits; ptr++; 1083 1084 *ptr = __fcs(buf); ptr++; 1085 1086 return rfcomm_send_frame(s, buf, ptr - buf); 1087 } 1088 1089 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1090 { 1091 struct rfcomm_hdr *hdr; 1092 int len = skb->len; 1093 u8 *crc; 1094 1095 if (len > 127) { 1096 hdr = (void *) skb_push(skb, 4); 1097 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1098 } else { 1099 hdr = (void *) skb_push(skb, 3); 1100 hdr->len = __len8(len); 1101 } 1102 hdr->addr = addr; 1103 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1104 1105 crc = skb_put(skb, 1); 1106 *crc = __fcs((void *) hdr); 1107 } 1108 1109 /* ---- RFCOMM frame reception ---- */ 1110 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1111 { 1112 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1113 1114 if (dlci) { 1115 /* Data channel */ 1116 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1117 if (!d) { 1118 rfcomm_send_dm(s, dlci); 1119 return 0; 1120 } 1121 1122 switch (d->state) { 1123 case BT_CONNECT: 1124 rfcomm_dlc_clear_timer(d); 1125 1126 rfcomm_dlc_lock(d); 1127 d->state = BT_CONNECTED; 1128 d->state_change(d, 0); 1129 rfcomm_dlc_unlock(d); 1130 1131 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1132 break; 1133 1134 case BT_DISCONN: 1135 d->state = BT_CLOSED; 1136 __rfcomm_dlc_close(d, 0); 1137 1138 if (list_empty(&s->dlcs)) { 1139 s->state = BT_DISCONN; 1140 rfcomm_send_disc(s, 0); 1141 } 1142 1143 break; 1144 } 1145 } else { 1146 /* Control channel */ 1147 switch (s->state) { 1148 case BT_CONNECT: 1149 s->state = BT_CONNECTED; 1150 rfcomm_process_connect(s); 1151 break; 1152 1153 case BT_DISCONN: 1154 rfcomm_session_put(s); 1155 break; 1156 } 1157 } 1158 return 0; 1159 } 1160 1161 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1162 { 1163 int err = 0; 1164 1165 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1166 1167 if (dlci) { 1168 /* Data DLC */ 1169 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1170 if (d) { 1171 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1172 err = ECONNREFUSED; 1173 else 1174 err = ECONNRESET; 1175 1176 d->state = BT_CLOSED; 1177 __rfcomm_dlc_close(d, err); 1178 } 1179 } else { 1180 if (s->state == BT_CONNECT) 1181 err = ECONNREFUSED; 1182 else 1183 err = ECONNRESET; 1184 1185 s->state = BT_CLOSED; 1186 rfcomm_session_close(s, err); 1187 } 1188 return 0; 1189 } 1190 1191 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1192 { 1193 int err = 0; 1194 1195 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1196 1197 if (dlci) { 1198 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1199 if (d) { 1200 rfcomm_send_ua(s, dlci); 1201 1202 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1203 err = ECONNREFUSED; 1204 else 1205 err = ECONNRESET; 1206 1207 d->state = BT_CLOSED; 1208 __rfcomm_dlc_close(d, err); 1209 } else 1210 rfcomm_send_dm(s, dlci); 1211 1212 } else { 1213 rfcomm_send_ua(s, 0); 1214 1215 if (s->state == BT_CONNECT) 1216 err = ECONNREFUSED; 1217 else 1218 err = ECONNRESET; 1219 1220 s->state = BT_CLOSED; 1221 rfcomm_session_close(s, err); 1222 } 1223 1224 return 0; 1225 } 1226 1227 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1228 { 1229 struct sock *sk = d->session->sock->sk; 1230 1231 BT_DBG("dlc %p", d); 1232 1233 rfcomm_send_ua(d->session, d->dlci); 1234 1235 rfcomm_dlc_clear_timer(d); 1236 1237 rfcomm_dlc_lock(d); 1238 d->state = BT_CONNECTED; 1239 d->state_change(d, 0); 1240 rfcomm_dlc_unlock(d); 1241 1242 if (d->role_switch) 1243 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1244 1245 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1246 } 1247 1248 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1249 { 1250 if (rfcomm_check_security(d)) { 1251 if (d->defer_setup) { 1252 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1253 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1254 1255 rfcomm_dlc_lock(d); 1256 d->state = BT_CONNECT2; 1257 d->state_change(d, 0); 1258 rfcomm_dlc_unlock(d); 1259 } else 1260 rfcomm_dlc_accept(d); 1261 } else { 1262 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1263 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1264 } 1265 } 1266 1267 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1268 { 1269 struct rfcomm_dlc *d; 1270 u8 channel; 1271 1272 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1273 1274 if (!dlci) { 1275 rfcomm_send_ua(s, 0); 1276 1277 if (s->state == BT_OPEN) { 1278 s->state = BT_CONNECTED; 1279 rfcomm_process_connect(s); 1280 } 1281 return 0; 1282 } 1283 1284 /* Check if DLC exists */ 1285 d = rfcomm_dlc_get(s, dlci); 1286 if (d) { 1287 if (d->state == BT_OPEN) { 1288 /* DLC was previously opened by PN request */ 1289 rfcomm_check_accept(d); 1290 } 1291 return 0; 1292 } 1293 1294 /* Notify socket layer about incoming connection */ 1295 channel = __srv_channel(dlci); 1296 if (rfcomm_connect_ind(s, channel, &d)) { 1297 d->dlci = dlci; 1298 d->addr = __addr(s->initiator, dlci); 1299 rfcomm_dlc_link(s, d); 1300 1301 rfcomm_check_accept(d); 1302 } else { 1303 rfcomm_send_dm(s, dlci); 1304 } 1305 1306 return 0; 1307 } 1308 1309 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1310 { 1311 struct rfcomm_session *s = d->session; 1312 1313 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1314 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1315 1316 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1317 pn->flow_ctrl == 0xe0) { 1318 d->cfc = RFCOMM_CFC_ENABLED; 1319 d->tx_credits = pn->credits; 1320 } else { 1321 d->cfc = RFCOMM_CFC_DISABLED; 1322 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1323 } 1324 1325 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1326 s->cfc = d->cfc; 1327 1328 d->priority = pn->priority; 1329 1330 d->mtu = __le16_to_cpu(pn->mtu); 1331 1332 if (cr && d->mtu > s->mtu) 1333 d->mtu = s->mtu; 1334 1335 return 0; 1336 } 1337 1338 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1339 { 1340 struct rfcomm_pn *pn = (void *) skb->data; 1341 struct rfcomm_dlc *d; 1342 u8 dlci = pn->dlci; 1343 1344 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1345 1346 if (!dlci) 1347 return 0; 1348 1349 d = rfcomm_dlc_get(s, dlci); 1350 if (d) { 1351 if (cr) { 1352 /* PN request */ 1353 rfcomm_apply_pn(d, cr, pn); 1354 rfcomm_send_pn(s, 0, d); 1355 } else { 1356 /* PN response */ 1357 switch (d->state) { 1358 case BT_CONFIG: 1359 rfcomm_apply_pn(d, cr, pn); 1360 1361 d->state = BT_CONNECT; 1362 rfcomm_send_sabm(s, d->dlci); 1363 break; 1364 } 1365 } 1366 } else { 1367 u8 channel = __srv_channel(dlci); 1368 1369 if (!cr) 1370 return 0; 1371 1372 /* PN request for non existing DLC. 1373 * Assume incoming connection. */ 1374 if (rfcomm_connect_ind(s, channel, &d)) { 1375 d->dlci = dlci; 1376 d->addr = __addr(s->initiator, dlci); 1377 rfcomm_dlc_link(s, d); 1378 1379 rfcomm_apply_pn(d, cr, pn); 1380 1381 d->state = BT_OPEN; 1382 rfcomm_send_pn(s, 0, d); 1383 } else { 1384 rfcomm_send_dm(s, dlci); 1385 } 1386 } 1387 return 0; 1388 } 1389 1390 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1391 { 1392 struct rfcomm_rpn *rpn = (void *) skb->data; 1393 u8 dlci = __get_dlci(rpn->dlci); 1394 1395 u8 bit_rate = 0; 1396 u8 data_bits = 0; 1397 u8 stop_bits = 0; 1398 u8 parity = 0; 1399 u8 flow_ctrl = 0; 1400 u8 xon_char = 0; 1401 u8 xoff_char = 0; 1402 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1403 1404 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1405 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1406 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1407 1408 if (!cr) 1409 return 0; 1410 1411 if (len == 1) { 1412 /* This is a request, return default settings */ 1413 bit_rate = RFCOMM_RPN_BR_115200; 1414 data_bits = RFCOMM_RPN_DATA_8; 1415 stop_bits = RFCOMM_RPN_STOP_1; 1416 parity = RFCOMM_RPN_PARITY_NONE; 1417 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1418 xon_char = RFCOMM_RPN_XON_CHAR; 1419 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1420 goto rpn_out; 1421 } 1422 1423 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1424 * no parity, no flow control lines, normal XON/XOFF chars */ 1425 1426 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1427 bit_rate = rpn->bit_rate; 1428 if (bit_rate != RFCOMM_RPN_BR_115200) { 1429 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1430 bit_rate = RFCOMM_RPN_BR_115200; 1431 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1432 } 1433 } 1434 1435 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1436 data_bits = __get_rpn_data_bits(rpn->line_settings); 1437 if (data_bits != RFCOMM_RPN_DATA_8) { 1438 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1439 data_bits = RFCOMM_RPN_DATA_8; 1440 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1441 } 1442 } 1443 1444 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1445 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1446 if (stop_bits != RFCOMM_RPN_STOP_1) { 1447 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1448 stop_bits = RFCOMM_RPN_STOP_1; 1449 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1450 } 1451 } 1452 1453 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1454 parity = __get_rpn_parity(rpn->line_settings); 1455 if (parity != RFCOMM_RPN_PARITY_NONE) { 1456 BT_DBG("RPN parity mismatch 0x%x", parity); 1457 parity = RFCOMM_RPN_PARITY_NONE; 1458 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1459 } 1460 } 1461 1462 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1463 flow_ctrl = rpn->flow_ctrl; 1464 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1465 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1466 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1467 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1468 } 1469 } 1470 1471 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1472 xon_char = rpn->xon_char; 1473 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1474 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1475 xon_char = RFCOMM_RPN_XON_CHAR; 1476 rpn_mask ^= RFCOMM_RPN_PM_XON; 1477 } 1478 } 1479 1480 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1481 xoff_char = rpn->xoff_char; 1482 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1483 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1484 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1485 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1486 } 1487 } 1488 1489 rpn_out: 1490 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1491 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1492 1493 return 0; 1494 } 1495 1496 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1497 { 1498 struct rfcomm_rls *rls = (void *) skb->data; 1499 u8 dlci = __get_dlci(rls->dlci); 1500 1501 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1502 1503 if (!cr) 1504 return 0; 1505 1506 /* We should probably do something with this information here. But 1507 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1508 * mandatory to recognise and respond to RLS */ 1509 1510 rfcomm_send_rls(s, 0, dlci, rls->status); 1511 1512 return 0; 1513 } 1514 1515 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1516 { 1517 struct rfcomm_msc *msc = (void *) skb->data; 1518 struct rfcomm_dlc *d; 1519 u8 dlci = __get_dlci(msc->dlci); 1520 1521 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1522 1523 d = rfcomm_dlc_get(s, dlci); 1524 if (!d) 1525 return 0; 1526 1527 if (cr) { 1528 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1529 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1530 else 1531 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1532 1533 rfcomm_dlc_lock(d); 1534 1535 d->remote_v24_sig = msc->v24_sig; 1536 1537 if (d->modem_status) 1538 d->modem_status(d, msc->v24_sig); 1539 1540 rfcomm_dlc_unlock(d); 1541 1542 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1543 1544 d->mscex |= RFCOMM_MSCEX_RX; 1545 } else 1546 d->mscex |= RFCOMM_MSCEX_TX; 1547 1548 return 0; 1549 } 1550 1551 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1552 { 1553 struct rfcomm_mcc *mcc = (void *) skb->data; 1554 u8 type, cr, len; 1555 1556 cr = __test_cr(mcc->type); 1557 type = __get_mcc_type(mcc->type); 1558 len = __get_mcc_len(mcc->len); 1559 1560 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1561 1562 skb_pull(skb, 2); 1563 1564 switch (type) { 1565 case RFCOMM_PN: 1566 rfcomm_recv_pn(s, cr, skb); 1567 break; 1568 1569 case RFCOMM_RPN: 1570 rfcomm_recv_rpn(s, cr, len, skb); 1571 break; 1572 1573 case RFCOMM_RLS: 1574 rfcomm_recv_rls(s, cr, skb); 1575 break; 1576 1577 case RFCOMM_MSC: 1578 rfcomm_recv_msc(s, cr, skb); 1579 break; 1580 1581 case RFCOMM_FCOFF: 1582 if (cr) { 1583 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1584 rfcomm_send_fcoff(s, 0); 1585 } 1586 break; 1587 1588 case RFCOMM_FCON: 1589 if (cr) { 1590 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1591 rfcomm_send_fcon(s, 0); 1592 } 1593 break; 1594 1595 case RFCOMM_TEST: 1596 if (cr) 1597 rfcomm_send_test(s, 0, skb->data, skb->len); 1598 break; 1599 1600 case RFCOMM_NSC: 1601 break; 1602 1603 default: 1604 BT_ERR("Unknown control type 0x%02x", type); 1605 rfcomm_send_nsc(s, cr, type); 1606 break; 1607 } 1608 return 0; 1609 } 1610 1611 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1612 { 1613 struct rfcomm_dlc *d; 1614 1615 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1616 1617 d = rfcomm_dlc_get(s, dlci); 1618 if (!d) { 1619 rfcomm_send_dm(s, dlci); 1620 goto drop; 1621 } 1622 1623 if (pf && d->cfc) { 1624 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1625 1626 d->tx_credits += credits; 1627 if (d->tx_credits) 1628 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1629 } 1630 1631 if (skb->len && d->state == BT_CONNECTED) { 1632 rfcomm_dlc_lock(d); 1633 d->rx_credits--; 1634 d->data_ready(d, skb); 1635 rfcomm_dlc_unlock(d); 1636 return 0; 1637 } 1638 1639 drop: 1640 kfree_skb(skb); 1641 return 0; 1642 } 1643 1644 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1645 { 1646 struct rfcomm_hdr *hdr = (void *) skb->data; 1647 u8 type, dlci, fcs; 1648 1649 dlci = __get_dlci(hdr->addr); 1650 type = __get_type(hdr->ctrl); 1651 1652 /* Trim FCS */ 1653 skb->len--; skb->tail--; 1654 fcs = *(u8 *)skb_tail_pointer(skb); 1655 1656 if (__check_fcs(skb->data, type, fcs)) { 1657 BT_ERR("bad checksum in packet"); 1658 kfree_skb(skb); 1659 return -EILSEQ; 1660 } 1661 1662 if (__test_ea(hdr->len)) 1663 skb_pull(skb, 3); 1664 else 1665 skb_pull(skb, 4); 1666 1667 switch (type) { 1668 case RFCOMM_SABM: 1669 if (__test_pf(hdr->ctrl)) 1670 rfcomm_recv_sabm(s, dlci); 1671 break; 1672 1673 case RFCOMM_DISC: 1674 if (__test_pf(hdr->ctrl)) 1675 rfcomm_recv_disc(s, dlci); 1676 break; 1677 1678 case RFCOMM_UA: 1679 if (__test_pf(hdr->ctrl)) 1680 rfcomm_recv_ua(s, dlci); 1681 break; 1682 1683 case RFCOMM_DM: 1684 rfcomm_recv_dm(s, dlci); 1685 break; 1686 1687 case RFCOMM_UIH: 1688 if (dlci) 1689 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1690 1691 rfcomm_recv_mcc(s, skb); 1692 break; 1693 1694 default: 1695 BT_ERR("Unknown packet type 0x%02x\n", type); 1696 break; 1697 } 1698 kfree_skb(skb); 1699 return 0; 1700 } 1701 1702 /* ---- Connection and data processing ---- */ 1703 1704 static void rfcomm_process_connect(struct rfcomm_session *s) 1705 { 1706 struct rfcomm_dlc *d; 1707 struct list_head *p, *n; 1708 1709 BT_DBG("session %p state %ld", s, s->state); 1710 1711 list_for_each_safe(p, n, &s->dlcs) { 1712 d = list_entry(p, struct rfcomm_dlc, list); 1713 if (d->state == BT_CONFIG) { 1714 d->mtu = s->mtu; 1715 if (rfcomm_check_security(d)) { 1716 rfcomm_send_pn(s, 1, d); 1717 } else { 1718 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1719 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1720 } 1721 } 1722 } 1723 } 1724 1725 /* Send data queued for the DLC. 1726 * Return number of frames left in the queue. 1727 */ 1728 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1729 { 1730 struct sk_buff *skb; 1731 int err; 1732 1733 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1734 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1735 1736 /* Send pending MSC */ 1737 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1738 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1739 1740 if (d->cfc) { 1741 /* CFC enabled. 1742 * Give them some credits */ 1743 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1744 d->rx_credits <= (d->cfc >> 2)) { 1745 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1746 d->rx_credits = d->cfc; 1747 } 1748 } else { 1749 /* CFC disabled. 1750 * Give ourselves some credits */ 1751 d->tx_credits = 5; 1752 } 1753 1754 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1755 return skb_queue_len(&d->tx_queue); 1756 1757 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1758 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1759 if (err < 0) { 1760 skb_queue_head(&d->tx_queue, skb); 1761 break; 1762 } 1763 kfree_skb(skb); 1764 d->tx_credits--; 1765 } 1766 1767 if (d->cfc && !d->tx_credits) { 1768 /* We're out of TX credits. 1769 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1770 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1771 } 1772 1773 return skb_queue_len(&d->tx_queue); 1774 } 1775 1776 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1777 { 1778 struct rfcomm_dlc *d; 1779 struct list_head *p, *n; 1780 1781 BT_DBG("session %p state %ld", s, s->state); 1782 1783 list_for_each_safe(p, n, &s->dlcs) { 1784 d = list_entry(p, struct rfcomm_dlc, list); 1785 1786 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1787 __rfcomm_dlc_close(d, ETIMEDOUT); 1788 continue; 1789 } 1790 1791 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1792 rfcomm_dlc_clear_timer(d); 1793 if (d->out) { 1794 rfcomm_send_pn(s, 1, d); 1795 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1796 } else { 1797 if (d->defer_setup) { 1798 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1799 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1800 1801 rfcomm_dlc_lock(d); 1802 d->state = BT_CONNECT2; 1803 d->state_change(d, 0); 1804 rfcomm_dlc_unlock(d); 1805 } else 1806 rfcomm_dlc_accept(d); 1807 } 1808 continue; 1809 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1810 rfcomm_dlc_clear_timer(d); 1811 if (!d->out) 1812 rfcomm_send_dm(s, d->dlci); 1813 else 1814 d->state = BT_CLOSED; 1815 __rfcomm_dlc_close(d, ECONNREFUSED); 1816 continue; 1817 } 1818 1819 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1820 continue; 1821 1822 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1823 continue; 1824 1825 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1826 d->mscex == RFCOMM_MSCEX_OK) 1827 rfcomm_process_tx(d); 1828 } 1829 } 1830 1831 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1832 { 1833 struct socket *sock = s->sock; 1834 struct sock *sk = sock->sk; 1835 struct sk_buff *skb; 1836 1837 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1838 1839 /* Get data directly from socket receive queue without copying it. */ 1840 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1841 skb_orphan(skb); 1842 rfcomm_recv_frame(s, skb); 1843 } 1844 1845 if (sk->sk_state == BT_CLOSED) { 1846 if (!s->initiator) 1847 rfcomm_session_put(s); 1848 1849 rfcomm_session_close(s, sk->sk_err); 1850 } 1851 } 1852 1853 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1854 { 1855 struct socket *sock = s->sock, *nsock; 1856 int err; 1857 1858 /* Fast check for a new connection. 1859 * Avoids unnesesary socket allocations. */ 1860 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1861 return; 1862 1863 BT_DBG("session %p", s); 1864 1865 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1866 if (err < 0) 1867 return; 1868 1869 /* Set our callbacks */ 1870 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1871 nsock->sk->sk_state_change = rfcomm_l2state_change; 1872 1873 s = rfcomm_session_add(nsock, BT_OPEN); 1874 if (s) { 1875 rfcomm_session_hold(s); 1876 1877 /* We should adjust MTU on incoming sessions. 1878 * L2CAP MTU minus UIH header and FCS. */ 1879 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1880 1881 rfcomm_schedule(RFCOMM_SCHED_RX); 1882 } else 1883 sock_release(nsock); 1884 } 1885 1886 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1887 { 1888 struct sock *sk = s->sock->sk; 1889 1890 BT_DBG("%p state %ld", s, s->state); 1891 1892 switch(sk->sk_state) { 1893 case BT_CONNECTED: 1894 s->state = BT_CONNECT; 1895 1896 /* We can adjust MTU on outgoing sessions. 1897 * L2CAP MTU minus UIH header and FCS. */ 1898 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1899 1900 rfcomm_send_sabm(s, 0); 1901 break; 1902 1903 case BT_CLOSED: 1904 s->state = BT_CLOSED; 1905 rfcomm_session_close(s, sk->sk_err); 1906 break; 1907 } 1908 } 1909 1910 static inline void rfcomm_process_sessions(void) 1911 { 1912 struct list_head *p, *n; 1913 1914 rfcomm_lock(); 1915 1916 list_for_each_safe(p, n, &session_list) { 1917 struct rfcomm_session *s; 1918 s = list_entry(p, struct rfcomm_session, list); 1919 1920 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1921 s->state = BT_DISCONN; 1922 rfcomm_send_disc(s, 0); 1923 continue; 1924 } 1925 1926 if (s->state == BT_LISTEN) { 1927 rfcomm_accept_connection(s); 1928 continue; 1929 } 1930 1931 rfcomm_session_hold(s); 1932 1933 switch (s->state) { 1934 case BT_BOUND: 1935 rfcomm_check_connection(s); 1936 break; 1937 1938 default: 1939 rfcomm_process_rx(s); 1940 break; 1941 } 1942 1943 rfcomm_process_dlcs(s); 1944 1945 rfcomm_session_put(s); 1946 } 1947 1948 rfcomm_unlock(); 1949 } 1950 1951 static int rfcomm_add_listener(bdaddr_t *ba) 1952 { 1953 struct sockaddr_l2 addr; 1954 struct socket *sock; 1955 struct sock *sk; 1956 struct rfcomm_session *s; 1957 int err = 0; 1958 1959 /* Create socket */ 1960 err = rfcomm_l2sock_create(&sock); 1961 if (err < 0) { 1962 BT_ERR("Create socket failed %d", err); 1963 return err; 1964 } 1965 1966 /* Bind socket */ 1967 bacpy(&addr.l2_bdaddr, ba); 1968 addr.l2_family = AF_BLUETOOTH; 1969 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1970 addr.l2_cid = 0; 1971 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1972 if (err < 0) { 1973 BT_ERR("Bind failed %d", err); 1974 goto failed; 1975 } 1976 1977 /* Set L2CAP options */ 1978 sk = sock->sk; 1979 lock_sock(sk); 1980 l2cap_pi(sk)->imtu = l2cap_mtu; 1981 release_sock(sk); 1982 1983 /* Start listening on the socket */ 1984 err = kernel_listen(sock, 10); 1985 if (err) { 1986 BT_ERR("Listen failed %d", err); 1987 goto failed; 1988 } 1989 1990 /* Add listening session */ 1991 s = rfcomm_session_add(sock, BT_LISTEN); 1992 if (!s) 1993 goto failed; 1994 1995 rfcomm_session_hold(s); 1996 return 0; 1997 failed: 1998 sock_release(sock); 1999 return err; 2000 } 2001 2002 static void rfcomm_kill_listener(void) 2003 { 2004 struct rfcomm_session *s; 2005 struct list_head *p, *n; 2006 2007 BT_DBG(""); 2008 2009 list_for_each_safe(p, n, &session_list) { 2010 s = list_entry(p, struct rfcomm_session, list); 2011 rfcomm_session_del(s); 2012 } 2013 } 2014 2015 static int rfcomm_run(void *unused) 2016 { 2017 BT_DBG(""); 2018 2019 set_user_nice(current, -10); 2020 2021 rfcomm_add_listener(BDADDR_ANY); 2022 2023 while (!kthread_should_stop()) { 2024 set_current_state(TASK_INTERRUPTIBLE); 2025 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2026 /* No pending events. Let's sleep. 2027 * Incoming connections and data will wake us up. */ 2028 schedule(); 2029 } 2030 set_current_state(TASK_RUNNING); 2031 2032 /* Process stuff */ 2033 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2034 rfcomm_process_sessions(); 2035 } 2036 2037 rfcomm_kill_listener(); 2038 2039 return 0; 2040 } 2041 2042 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2043 { 2044 struct rfcomm_session *s; 2045 struct rfcomm_dlc *d; 2046 struct list_head *p, *n; 2047 2048 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2049 2050 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2051 if (!s) 2052 return; 2053 2054 rfcomm_session_hold(s); 2055 2056 list_for_each_safe(p, n, &s->dlcs) { 2057 d = list_entry(p, struct rfcomm_dlc, list); 2058 2059 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2060 rfcomm_dlc_clear_timer(d); 2061 if (status || encrypt == 0x00) { 2062 __rfcomm_dlc_close(d, ECONNREFUSED); 2063 continue; 2064 } 2065 } 2066 2067 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2068 if (d->sec_level == BT_SECURITY_MEDIUM) { 2069 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2070 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2071 continue; 2072 } else if (d->sec_level == BT_SECURITY_HIGH) { 2073 __rfcomm_dlc_close(d, ECONNREFUSED); 2074 continue; 2075 } 2076 } 2077 2078 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2079 continue; 2080 2081 if (!status) 2082 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2083 else 2084 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2085 } 2086 2087 rfcomm_session_put(s); 2088 2089 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2090 } 2091 2092 static struct hci_cb rfcomm_cb = { 2093 .name = "RFCOMM", 2094 .security_cfm = rfcomm_security_cfm 2095 }; 2096 2097 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2098 { 2099 struct rfcomm_session *s; 2100 struct list_head *pp, *p; 2101 char *str = buf; 2102 2103 rfcomm_lock(); 2104 2105 list_for_each(p, &session_list) { 2106 s = list_entry(p, struct rfcomm_session, list); 2107 list_for_each(pp, &s->dlcs) { 2108 struct sock *sk = s->sock->sk; 2109 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2110 2111 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2112 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2113 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2114 } 2115 } 2116 2117 rfcomm_unlock(); 2118 2119 return (str - buf); 2120 } 2121 2122 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2123 2124 /* ---- Initialization ---- */ 2125 static int __init rfcomm_init(void) 2126 { 2127 int err; 2128 2129 l2cap_load(); 2130 2131 hci_register_cb(&rfcomm_cb); 2132 2133 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2134 if (IS_ERR(rfcomm_thread)) { 2135 err = PTR_ERR(rfcomm_thread); 2136 goto unregister; 2137 } 2138 2139 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2140 BT_ERR("Failed to create RFCOMM info file"); 2141 2142 err = rfcomm_init_ttys(); 2143 if (err < 0) 2144 goto stop; 2145 2146 err = rfcomm_init_sockets(); 2147 if (err < 0) 2148 goto cleanup; 2149 2150 BT_INFO("RFCOMM ver %s", VERSION); 2151 2152 return 0; 2153 2154 cleanup: 2155 rfcomm_cleanup_ttys(); 2156 2157 stop: 2158 kthread_stop(rfcomm_thread); 2159 2160 unregister: 2161 hci_unregister_cb(&rfcomm_cb); 2162 2163 return err; 2164 } 2165 2166 static void __exit rfcomm_exit(void) 2167 { 2168 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2169 2170 hci_unregister_cb(&rfcomm_cb); 2171 2172 kthread_stop(rfcomm_thread); 2173 2174 rfcomm_cleanup_ttys(); 2175 2176 rfcomm_cleanup_sockets(); 2177 } 2178 2179 module_init(rfcomm_init); 2180 module_exit(rfcomm_exit); 2181 2182 module_param(disable_cfc, bool, 0644); 2183 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2184 2185 module_param(channel_mtu, int, 0644); 2186 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2187 2188 module_param(l2cap_mtu, uint, 0644); 2189 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2190 2191 module_param(l2cap_ertm, bool, 0644); 2192 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2193 2194 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2195 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2196 MODULE_VERSION(VERSION); 2197 MODULE_LICENSE("GPL"); 2198 MODULE_ALIAS("bt-proto-3"); 2199