1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.11" 50 51 static int disable_cfc = 0; 52 static int channel_mtu = -1; 53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 55 static struct task_struct *rfcomm_thread; 56 57 static DEFINE_MUTEX(rfcomm_mutex); 58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 60 61 static unsigned long rfcomm_event; 62 63 static LIST_HEAD(session_list); 64 65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 68 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 75 76 static void rfcomm_process_connect(struct rfcomm_session *s); 77 78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 80 static void rfcomm_session_del(struct rfcomm_session *s); 81 82 /* ---- RFCOMM frame parsing macros ---- */ 83 #define __get_dlci(b) ((b & 0xfc) >> 2) 84 #define __get_channel(b) ((b & 0xf8) >> 3) 85 #define __get_dir(b) ((b & 0x04) >> 2) 86 #define __get_type(b) ((b & 0xef)) 87 88 #define __test_ea(b) ((b & 0x01)) 89 #define __test_cr(b) ((b & 0x02)) 90 #define __test_pf(b) ((b & 0x10)) 91 92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 95 #define __srv_channel(dlci) (dlci >> 1) 96 #define __dir(dlci) (dlci & 0x01) 97 98 #define __len8(len) (((len) << 1) | 1) 99 #define __len16(len) ((len) << 1) 100 101 /* MCC macros */ 102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 103 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 104 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 105 106 /* RPN macros */ 107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 108 #define __get_rpn_data_bits(line) ((line) & 0x3) 109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 111 112 static inline void rfcomm_schedule(uint event) 113 { 114 if (!rfcomm_thread) 115 return; 116 //set_bit(event, &rfcomm_event); 117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 118 wake_up_process(rfcomm_thread); 119 } 120 121 static inline void rfcomm_session_put(struct rfcomm_session *s) 122 { 123 if (atomic_dec_and_test(&s->refcnt)) 124 rfcomm_session_del(s); 125 } 126 127 /* ---- RFCOMM FCS computation ---- */ 128 129 /* reversed, 8-bit, poly=0x07 */ 130 static unsigned char rfcomm_crc_table[256] = { 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 135 136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 140 141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 145 146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 150 151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 155 156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 160 161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 165 166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 170 }; 171 172 /* CRC on 2 bytes */ 173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 174 175 /* FCS on 2 bytes */ 176 static inline u8 __fcs(u8 *data) 177 { 178 return (0xff - __crc(data)); 179 } 180 181 /* FCS on 3 bytes */ 182 static inline u8 __fcs2(u8 *data) 183 { 184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 185 } 186 187 /* Check FCS */ 188 static inline int __check_fcs(u8 *data, int type, u8 fcs) 189 { 190 u8 f = __crc(data); 191 192 if (type != RFCOMM_UIH) 193 f = rfcomm_crc_table[f ^ data[2]]; 194 195 return rfcomm_crc_table[f ^ fcs] != 0xcf; 196 } 197 198 /* ---- L2CAP callbacks ---- */ 199 static void rfcomm_l2state_change(struct sock *sk) 200 { 201 BT_DBG("%p state %d", sk, sk->sk_state); 202 rfcomm_schedule(RFCOMM_SCHED_STATE); 203 } 204 205 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 206 { 207 BT_DBG("%p bytes %d", sk, bytes); 208 rfcomm_schedule(RFCOMM_SCHED_RX); 209 } 210 211 static int rfcomm_l2sock_create(struct socket **sock) 212 { 213 int err; 214 215 BT_DBG(""); 216 217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 218 if (!err) { 219 struct sock *sk = (*sock)->sk; 220 sk->sk_data_ready = rfcomm_l2data_ready; 221 sk->sk_state_change = rfcomm_l2state_change; 222 } 223 return err; 224 } 225 226 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 227 { 228 struct sock *sk = d->session->sock->sk; 229 __u8 auth_type; 230 231 switch (d->sec_level) { 232 case BT_SECURITY_HIGH: 233 auth_type = HCI_AT_GENERAL_BONDING_MITM; 234 break; 235 case BT_SECURITY_MEDIUM: 236 auth_type = HCI_AT_GENERAL_BONDING; 237 break; 238 default: 239 auth_type = HCI_AT_NO_BONDING; 240 break; 241 } 242 243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 244 auth_type); 245 } 246 247 /* ---- RFCOMM DLCs ---- */ 248 static void rfcomm_dlc_timeout(unsigned long arg) 249 { 250 struct rfcomm_dlc *d = (void *) arg; 251 252 BT_DBG("dlc %p state %ld", d, d->state); 253 254 set_bit(RFCOMM_TIMED_OUT, &d->flags); 255 rfcomm_dlc_put(d); 256 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 257 } 258 259 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 260 { 261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 262 263 if (!mod_timer(&d->timer, jiffies + timeout)) 264 rfcomm_dlc_hold(d); 265 } 266 267 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 268 { 269 BT_DBG("dlc %p state %ld", d, d->state); 270 271 if (timer_pending(&d->timer) && del_timer(&d->timer)) 272 rfcomm_dlc_put(d); 273 } 274 275 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 276 { 277 BT_DBG("%p", d); 278 279 d->state = BT_OPEN; 280 d->flags = 0; 281 d->mscex = 0; 282 d->mtu = RFCOMM_DEFAULT_MTU; 283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 284 285 d->cfc = RFCOMM_CFC_DISABLED; 286 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 287 } 288 289 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 290 { 291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 292 293 if (!d) 294 return NULL; 295 296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 297 298 skb_queue_head_init(&d->tx_queue); 299 spin_lock_init(&d->lock); 300 atomic_set(&d->refcnt, 1); 301 302 rfcomm_dlc_clear_state(d); 303 304 BT_DBG("%p", d); 305 306 return d; 307 } 308 309 void rfcomm_dlc_free(struct rfcomm_dlc *d) 310 { 311 BT_DBG("%p", d); 312 313 skb_queue_purge(&d->tx_queue); 314 kfree(d); 315 } 316 317 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 318 { 319 BT_DBG("dlc %p session %p", d, s); 320 321 rfcomm_session_hold(s); 322 323 rfcomm_dlc_hold(d); 324 list_add(&d->list, &s->dlcs); 325 d->session = s; 326 } 327 328 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 329 { 330 struct rfcomm_session *s = d->session; 331 332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 333 334 list_del(&d->list); 335 d->session = NULL; 336 rfcomm_dlc_put(d); 337 338 rfcomm_session_put(s); 339 } 340 341 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 342 { 343 struct rfcomm_dlc *d; 344 struct list_head *p; 345 346 list_for_each(p, &s->dlcs) { 347 d = list_entry(p, struct rfcomm_dlc, list); 348 if (d->dlci == dlci) 349 return d; 350 } 351 return NULL; 352 } 353 354 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 355 { 356 struct rfcomm_session *s; 357 int err = 0; 358 u8 dlci; 359 360 BT_DBG("dlc %p state %ld %s %s channel %d", 361 d, d->state, batostr(src), batostr(dst), channel); 362 363 if (channel < 1 || channel > 30) 364 return -EINVAL; 365 366 if (d->state != BT_OPEN && d->state != BT_CLOSED) 367 return 0; 368 369 s = rfcomm_session_get(src, dst); 370 if (!s) { 371 s = rfcomm_session_create(src, dst, &err); 372 if (!s) 373 return err; 374 } 375 376 dlci = __dlci(!s->initiator, channel); 377 378 /* Check if DLCI already exists */ 379 if (rfcomm_dlc_get(s, dlci)) 380 return -EBUSY; 381 382 rfcomm_dlc_clear_state(d); 383 384 d->dlci = dlci; 385 d->addr = __addr(s->initiator, dlci); 386 d->priority = 7; 387 388 d->state = BT_CONFIG; 389 rfcomm_dlc_link(s, d); 390 391 d->out = 1; 392 393 d->mtu = s->mtu; 394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 395 396 if (s->state == BT_CONNECTED) { 397 if (rfcomm_check_security(d)) 398 rfcomm_send_pn(s, 1, d); 399 else 400 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 401 } 402 403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 404 405 return 0; 406 } 407 408 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 409 { 410 int r; 411 412 rfcomm_lock(); 413 414 r = __rfcomm_dlc_open(d, src, dst, channel); 415 416 rfcomm_unlock(); 417 return r; 418 } 419 420 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 421 { 422 struct rfcomm_session *s = d->session; 423 if (!s) 424 return 0; 425 426 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 427 d, d->state, d->dlci, err, s); 428 429 switch (d->state) { 430 case BT_CONNECT: 431 case BT_CONFIG: 432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 433 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 434 rfcomm_schedule(RFCOMM_SCHED_AUTH); 435 break; 436 } 437 /* Fall through */ 438 439 case BT_CONNECTED: 440 d->state = BT_DISCONN; 441 if (skb_queue_empty(&d->tx_queue)) { 442 rfcomm_send_disc(s, d->dlci); 443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 444 } else { 445 rfcomm_queue_disc(d); 446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 447 } 448 break; 449 450 case BT_OPEN: 451 case BT_CONNECT2: 452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 453 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 454 rfcomm_schedule(RFCOMM_SCHED_AUTH); 455 break; 456 } 457 /* Fall through */ 458 459 default: 460 rfcomm_dlc_clear_timer(d); 461 462 rfcomm_dlc_lock(d); 463 d->state = BT_CLOSED; 464 d->state_change(d, err); 465 rfcomm_dlc_unlock(d); 466 467 skb_queue_purge(&d->tx_queue); 468 rfcomm_dlc_unlink(d); 469 } 470 471 return 0; 472 } 473 474 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 475 { 476 int r; 477 478 rfcomm_lock(); 479 480 r = __rfcomm_dlc_close(d, err); 481 482 rfcomm_unlock(); 483 return r; 484 } 485 486 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 487 { 488 int len = skb->len; 489 490 if (d->state != BT_CONNECTED) 491 return -ENOTCONN; 492 493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 494 495 if (len > d->mtu) 496 return -EINVAL; 497 498 rfcomm_make_uih(skb, d->addr); 499 skb_queue_tail(&d->tx_queue, skb); 500 501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 502 rfcomm_schedule(RFCOMM_SCHED_TX); 503 return len; 504 } 505 506 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 507 { 508 BT_DBG("dlc %p state %ld", d, d->state); 509 510 if (!d->cfc) { 511 d->v24_sig |= RFCOMM_V24_FC; 512 set_bit(RFCOMM_MSC_PENDING, &d->flags); 513 } 514 rfcomm_schedule(RFCOMM_SCHED_TX); 515 } 516 517 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 518 { 519 BT_DBG("dlc %p state %ld", d, d->state); 520 521 if (!d->cfc) { 522 d->v24_sig &= ~RFCOMM_V24_FC; 523 set_bit(RFCOMM_MSC_PENDING, &d->flags); 524 } 525 rfcomm_schedule(RFCOMM_SCHED_TX); 526 } 527 528 /* 529 Set/get modem status functions use _local_ status i.e. what we report 530 to the other side. 531 Remote status is provided by dlc->modem_status() callback. 532 */ 533 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 534 { 535 BT_DBG("dlc %p state %ld v24_sig 0x%x", 536 d, d->state, v24_sig); 537 538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 539 v24_sig |= RFCOMM_V24_FC; 540 else 541 v24_sig &= ~RFCOMM_V24_FC; 542 543 d->v24_sig = v24_sig; 544 545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 546 rfcomm_schedule(RFCOMM_SCHED_TX); 547 548 return 0; 549 } 550 551 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 552 { 553 BT_DBG("dlc %p state %ld v24_sig 0x%x", 554 d, d->state, d->v24_sig); 555 556 *v24_sig = d->v24_sig; 557 return 0; 558 } 559 560 /* ---- RFCOMM sessions ---- */ 561 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 562 { 563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 564 565 if (!s) 566 return NULL; 567 568 BT_DBG("session %p sock %p", s, sock); 569 570 INIT_LIST_HEAD(&s->dlcs); 571 s->state = state; 572 s->sock = sock; 573 574 s->mtu = RFCOMM_DEFAULT_MTU; 575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 576 577 /* Do not increment module usage count for listening sessions. 578 * Otherwise we won't be able to unload the module. */ 579 if (state != BT_LISTEN) 580 if (!try_module_get(THIS_MODULE)) { 581 kfree(s); 582 return NULL; 583 } 584 585 list_add(&s->list, &session_list); 586 587 return s; 588 } 589 590 static void rfcomm_session_del(struct rfcomm_session *s) 591 { 592 int state = s->state; 593 594 BT_DBG("session %p state %ld", s, s->state); 595 596 list_del(&s->list); 597 598 if (state == BT_CONNECTED) 599 rfcomm_send_disc(s, 0); 600 601 sock_release(s->sock); 602 kfree(s); 603 604 if (state != BT_LISTEN) 605 module_put(THIS_MODULE); 606 } 607 608 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 609 { 610 struct rfcomm_session *s; 611 struct list_head *p, *n; 612 struct bt_sock *sk; 613 list_for_each_safe(p, n, &session_list) { 614 s = list_entry(p, struct rfcomm_session, list); 615 sk = bt_sk(s->sock->sk); 616 617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 618 !bacmp(&sk->dst, dst)) 619 return s; 620 } 621 return NULL; 622 } 623 624 static void rfcomm_session_close(struct rfcomm_session *s, int err) 625 { 626 struct rfcomm_dlc *d; 627 struct list_head *p, *n; 628 629 BT_DBG("session %p state %ld err %d", s, s->state, err); 630 631 rfcomm_session_hold(s); 632 633 s->state = BT_CLOSED; 634 635 /* Close all dlcs */ 636 list_for_each_safe(p, n, &s->dlcs) { 637 d = list_entry(p, struct rfcomm_dlc, list); 638 d->state = BT_CLOSED; 639 __rfcomm_dlc_close(d, err); 640 } 641 642 rfcomm_session_put(s); 643 } 644 645 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 646 { 647 struct rfcomm_session *s = NULL; 648 struct sockaddr_l2 addr; 649 struct socket *sock; 650 struct sock *sk; 651 652 BT_DBG("%s %s", batostr(src), batostr(dst)); 653 654 *err = rfcomm_l2sock_create(&sock); 655 if (*err < 0) 656 return NULL; 657 658 bacpy(&addr.l2_bdaddr, src); 659 addr.l2_family = AF_BLUETOOTH; 660 addr.l2_psm = 0; 661 addr.l2_cid = 0; 662 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 663 if (*err < 0) 664 goto failed; 665 666 /* Set L2CAP options */ 667 sk = sock->sk; 668 lock_sock(sk); 669 l2cap_pi(sk)->imtu = l2cap_mtu; 670 release_sock(sk); 671 672 s = rfcomm_session_add(sock, BT_BOUND); 673 if (!s) { 674 *err = -ENOMEM; 675 goto failed; 676 } 677 678 s->initiator = 1; 679 680 bacpy(&addr.l2_bdaddr, dst); 681 addr.l2_family = AF_BLUETOOTH; 682 addr.l2_psm = htobs(RFCOMM_PSM); 683 addr.l2_cid = 0; 684 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 685 if (*err == 0 || *err == -EINPROGRESS) 686 return s; 687 688 rfcomm_session_del(s); 689 return NULL; 690 691 failed: 692 sock_release(sock); 693 return NULL; 694 } 695 696 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 697 { 698 struct sock *sk = s->sock->sk; 699 if (src) 700 bacpy(src, &bt_sk(sk)->src); 701 if (dst) 702 bacpy(dst, &bt_sk(sk)->dst); 703 } 704 705 /* ---- RFCOMM frame sending ---- */ 706 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 707 { 708 struct socket *sock = s->sock; 709 struct kvec iv = { data, len }; 710 struct msghdr msg; 711 712 BT_DBG("session %p len %d", s, len); 713 714 memset(&msg, 0, sizeof(msg)); 715 716 return kernel_sendmsg(sock, &msg, &iv, 1, len); 717 } 718 719 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 720 { 721 struct rfcomm_cmd cmd; 722 723 BT_DBG("%p dlci %d", s, dlci); 724 725 cmd.addr = __addr(s->initiator, dlci); 726 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 727 cmd.len = __len8(0); 728 cmd.fcs = __fcs2((u8 *) &cmd); 729 730 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 731 } 732 733 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 734 { 735 struct rfcomm_cmd cmd; 736 737 BT_DBG("%p dlci %d", s, dlci); 738 739 cmd.addr = __addr(!s->initiator, dlci); 740 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 741 cmd.len = __len8(0); 742 cmd.fcs = __fcs2((u8 *) &cmd); 743 744 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 745 } 746 747 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 748 { 749 struct rfcomm_cmd cmd; 750 751 BT_DBG("%p dlci %d", s, dlci); 752 753 cmd.addr = __addr(s->initiator, dlci); 754 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 755 cmd.len = __len8(0); 756 cmd.fcs = __fcs2((u8 *) &cmd); 757 758 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 759 } 760 761 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 762 { 763 struct rfcomm_cmd *cmd; 764 struct sk_buff *skb; 765 766 BT_DBG("dlc %p dlci %d", d, d->dlci); 767 768 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 769 if (!skb) 770 return -ENOMEM; 771 772 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 773 cmd->addr = d->addr; 774 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 775 cmd->len = __len8(0); 776 cmd->fcs = __fcs2((u8 *) cmd); 777 778 skb_queue_tail(&d->tx_queue, skb); 779 rfcomm_schedule(RFCOMM_SCHED_TX); 780 return 0; 781 } 782 783 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 784 { 785 struct rfcomm_cmd cmd; 786 787 BT_DBG("%p dlci %d", s, dlci); 788 789 cmd.addr = __addr(!s->initiator, dlci); 790 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 791 cmd.len = __len8(0); 792 cmd.fcs = __fcs2((u8 *) &cmd); 793 794 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 795 } 796 797 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 798 { 799 struct rfcomm_hdr *hdr; 800 struct rfcomm_mcc *mcc; 801 u8 buf[16], *ptr = buf; 802 803 BT_DBG("%p cr %d type %d", s, cr, type); 804 805 hdr = (void *) ptr; ptr += sizeof(*hdr); 806 hdr->addr = __addr(s->initiator, 0); 807 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 808 hdr->len = __len8(sizeof(*mcc) + 1); 809 810 mcc = (void *) ptr; ptr += sizeof(*mcc); 811 mcc->type = __mcc_type(cr, RFCOMM_NSC); 812 mcc->len = __len8(1); 813 814 /* Type that we didn't like */ 815 *ptr = __mcc_type(cr, type); ptr++; 816 817 *ptr = __fcs(buf); ptr++; 818 819 return rfcomm_send_frame(s, buf, ptr - buf); 820 } 821 822 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 823 { 824 struct rfcomm_hdr *hdr; 825 struct rfcomm_mcc *mcc; 826 struct rfcomm_pn *pn; 827 u8 buf[16], *ptr = buf; 828 829 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 830 831 hdr = (void *) ptr; ptr += sizeof(*hdr); 832 hdr->addr = __addr(s->initiator, 0); 833 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 834 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 835 836 mcc = (void *) ptr; ptr += sizeof(*mcc); 837 mcc->type = __mcc_type(cr, RFCOMM_PN); 838 mcc->len = __len8(sizeof(*pn)); 839 840 pn = (void *) ptr; ptr += sizeof(*pn); 841 pn->dlci = d->dlci; 842 pn->priority = d->priority; 843 pn->ack_timer = 0; 844 pn->max_retrans = 0; 845 846 if (s->cfc) { 847 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 848 pn->credits = RFCOMM_DEFAULT_CREDITS; 849 } else { 850 pn->flow_ctrl = 0; 851 pn->credits = 0; 852 } 853 854 if (cr && channel_mtu >= 0) 855 pn->mtu = htobs(channel_mtu); 856 else 857 pn->mtu = htobs(d->mtu); 858 859 *ptr = __fcs(buf); ptr++; 860 861 return rfcomm_send_frame(s, buf, ptr - buf); 862 } 863 864 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 865 u8 bit_rate, u8 data_bits, u8 stop_bits, 866 u8 parity, u8 flow_ctrl_settings, 867 u8 xon_char, u8 xoff_char, u16 param_mask) 868 { 869 struct rfcomm_hdr *hdr; 870 struct rfcomm_mcc *mcc; 871 struct rfcomm_rpn *rpn; 872 u8 buf[16], *ptr = buf; 873 874 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 875 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 876 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 877 flow_ctrl_settings, xon_char, xoff_char, param_mask); 878 879 hdr = (void *) ptr; ptr += sizeof(*hdr); 880 hdr->addr = __addr(s->initiator, 0); 881 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 882 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 883 884 mcc = (void *) ptr; ptr += sizeof(*mcc); 885 mcc->type = __mcc_type(cr, RFCOMM_RPN); 886 mcc->len = __len8(sizeof(*rpn)); 887 888 rpn = (void *) ptr; ptr += sizeof(*rpn); 889 rpn->dlci = __addr(1, dlci); 890 rpn->bit_rate = bit_rate; 891 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 892 rpn->flow_ctrl = flow_ctrl_settings; 893 rpn->xon_char = xon_char; 894 rpn->xoff_char = xoff_char; 895 rpn->param_mask = cpu_to_le16(param_mask); 896 897 *ptr = __fcs(buf); ptr++; 898 899 return rfcomm_send_frame(s, buf, ptr - buf); 900 } 901 902 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 903 { 904 struct rfcomm_hdr *hdr; 905 struct rfcomm_mcc *mcc; 906 struct rfcomm_rls *rls; 907 u8 buf[16], *ptr = buf; 908 909 BT_DBG("%p cr %d status 0x%x", s, cr, status); 910 911 hdr = (void *) ptr; ptr += sizeof(*hdr); 912 hdr->addr = __addr(s->initiator, 0); 913 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 914 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 915 916 mcc = (void *) ptr; ptr += sizeof(*mcc); 917 mcc->type = __mcc_type(cr, RFCOMM_RLS); 918 mcc->len = __len8(sizeof(*rls)); 919 920 rls = (void *) ptr; ptr += sizeof(*rls); 921 rls->dlci = __addr(1, dlci); 922 rls->status = status; 923 924 *ptr = __fcs(buf); ptr++; 925 926 return rfcomm_send_frame(s, buf, ptr - buf); 927 } 928 929 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 930 { 931 struct rfcomm_hdr *hdr; 932 struct rfcomm_mcc *mcc; 933 struct rfcomm_msc *msc; 934 u8 buf[16], *ptr = buf; 935 936 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 937 938 hdr = (void *) ptr; ptr += sizeof(*hdr); 939 hdr->addr = __addr(s->initiator, 0); 940 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 941 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 942 943 mcc = (void *) ptr; ptr += sizeof(*mcc); 944 mcc->type = __mcc_type(cr, RFCOMM_MSC); 945 mcc->len = __len8(sizeof(*msc)); 946 947 msc = (void *) ptr; ptr += sizeof(*msc); 948 msc->dlci = __addr(1, dlci); 949 msc->v24_sig = v24_sig | 0x01; 950 951 *ptr = __fcs(buf); ptr++; 952 953 return rfcomm_send_frame(s, buf, ptr - buf); 954 } 955 956 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 957 { 958 struct rfcomm_hdr *hdr; 959 struct rfcomm_mcc *mcc; 960 u8 buf[16], *ptr = buf; 961 962 BT_DBG("%p cr %d", s, cr); 963 964 hdr = (void *) ptr; ptr += sizeof(*hdr); 965 hdr->addr = __addr(s->initiator, 0); 966 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 967 hdr->len = __len8(sizeof(*mcc)); 968 969 mcc = (void *) ptr; ptr += sizeof(*mcc); 970 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 971 mcc->len = __len8(0); 972 973 *ptr = __fcs(buf); ptr++; 974 975 return rfcomm_send_frame(s, buf, ptr - buf); 976 } 977 978 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 979 { 980 struct rfcomm_hdr *hdr; 981 struct rfcomm_mcc *mcc; 982 u8 buf[16], *ptr = buf; 983 984 BT_DBG("%p cr %d", s, cr); 985 986 hdr = (void *) ptr; ptr += sizeof(*hdr); 987 hdr->addr = __addr(s->initiator, 0); 988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 989 hdr->len = __len8(sizeof(*mcc)); 990 991 mcc = (void *) ptr; ptr += sizeof(*mcc); 992 mcc->type = __mcc_type(cr, RFCOMM_FCON); 993 mcc->len = __len8(0); 994 995 *ptr = __fcs(buf); ptr++; 996 997 return rfcomm_send_frame(s, buf, ptr - buf); 998 } 999 1000 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1001 { 1002 struct socket *sock = s->sock; 1003 struct kvec iv[3]; 1004 struct msghdr msg; 1005 unsigned char hdr[5], crc[1]; 1006 1007 if (len > 125) 1008 return -EINVAL; 1009 1010 BT_DBG("%p cr %d", s, cr); 1011 1012 hdr[0] = __addr(s->initiator, 0); 1013 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1014 hdr[2] = 0x01 | ((len + 2) << 1); 1015 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1016 hdr[4] = 0x01 | (len << 1); 1017 1018 crc[0] = __fcs(hdr); 1019 1020 iv[0].iov_base = hdr; 1021 iv[0].iov_len = 5; 1022 iv[1].iov_base = pattern; 1023 iv[1].iov_len = len; 1024 iv[2].iov_base = crc; 1025 iv[2].iov_len = 1; 1026 1027 memset(&msg, 0, sizeof(msg)); 1028 1029 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1030 } 1031 1032 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1033 { 1034 struct rfcomm_hdr *hdr; 1035 u8 buf[16], *ptr = buf; 1036 1037 BT_DBG("%p addr %d credits %d", s, addr, credits); 1038 1039 hdr = (void *) ptr; ptr += sizeof(*hdr); 1040 hdr->addr = addr; 1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1042 hdr->len = __len8(0); 1043 1044 *ptr = credits; ptr++; 1045 1046 *ptr = __fcs(buf); ptr++; 1047 1048 return rfcomm_send_frame(s, buf, ptr - buf); 1049 } 1050 1051 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1052 { 1053 struct rfcomm_hdr *hdr; 1054 int len = skb->len; 1055 u8 *crc; 1056 1057 if (len > 127) { 1058 hdr = (void *) skb_push(skb, 4); 1059 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1060 } else { 1061 hdr = (void *) skb_push(skb, 3); 1062 hdr->len = __len8(len); 1063 } 1064 hdr->addr = addr; 1065 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1066 1067 crc = skb_put(skb, 1); 1068 *crc = __fcs((void *) hdr); 1069 } 1070 1071 /* ---- RFCOMM frame reception ---- */ 1072 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1073 { 1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1075 1076 if (dlci) { 1077 /* Data channel */ 1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1079 if (!d) { 1080 rfcomm_send_dm(s, dlci); 1081 return 0; 1082 } 1083 1084 switch (d->state) { 1085 case BT_CONNECT: 1086 rfcomm_dlc_clear_timer(d); 1087 1088 rfcomm_dlc_lock(d); 1089 d->state = BT_CONNECTED; 1090 d->state_change(d, 0); 1091 rfcomm_dlc_unlock(d); 1092 1093 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1094 break; 1095 1096 case BT_DISCONN: 1097 d->state = BT_CLOSED; 1098 __rfcomm_dlc_close(d, 0); 1099 1100 if (list_empty(&s->dlcs)) { 1101 s->state = BT_DISCONN; 1102 rfcomm_send_disc(s, 0); 1103 } 1104 1105 break; 1106 } 1107 } else { 1108 /* Control channel */ 1109 switch (s->state) { 1110 case BT_CONNECT: 1111 s->state = BT_CONNECTED; 1112 rfcomm_process_connect(s); 1113 break; 1114 1115 case BT_DISCONN: 1116 rfcomm_session_put(s); 1117 break; 1118 } 1119 } 1120 return 0; 1121 } 1122 1123 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1124 { 1125 int err = 0; 1126 1127 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1128 1129 if (dlci) { 1130 /* Data DLC */ 1131 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1132 if (d) { 1133 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1134 err = ECONNREFUSED; 1135 else 1136 err = ECONNRESET; 1137 1138 d->state = BT_CLOSED; 1139 __rfcomm_dlc_close(d, err); 1140 } 1141 } else { 1142 if (s->state == BT_CONNECT) 1143 err = ECONNREFUSED; 1144 else 1145 err = ECONNRESET; 1146 1147 s->state = BT_CLOSED; 1148 rfcomm_session_close(s, err); 1149 } 1150 return 0; 1151 } 1152 1153 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1154 { 1155 int err = 0; 1156 1157 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1158 1159 if (dlci) { 1160 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1161 if (d) { 1162 rfcomm_send_ua(s, dlci); 1163 1164 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1165 err = ECONNREFUSED; 1166 else 1167 err = ECONNRESET; 1168 1169 d->state = BT_CLOSED; 1170 __rfcomm_dlc_close(d, err); 1171 } else 1172 rfcomm_send_dm(s, dlci); 1173 1174 } else { 1175 rfcomm_send_ua(s, 0); 1176 1177 if (s->state == BT_CONNECT) 1178 err = ECONNREFUSED; 1179 else 1180 err = ECONNRESET; 1181 1182 s->state = BT_CLOSED; 1183 rfcomm_session_close(s, err); 1184 } 1185 1186 return 0; 1187 } 1188 1189 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1190 { 1191 struct sock *sk = d->session->sock->sk; 1192 1193 BT_DBG("dlc %p", d); 1194 1195 rfcomm_send_ua(d->session, d->dlci); 1196 1197 rfcomm_dlc_lock(d); 1198 d->state = BT_CONNECTED; 1199 d->state_change(d, 0); 1200 rfcomm_dlc_unlock(d); 1201 1202 if (d->role_switch) 1203 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1204 1205 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1206 } 1207 1208 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1209 { 1210 if (rfcomm_check_security(d)) { 1211 if (d->defer_setup) { 1212 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1214 1215 rfcomm_dlc_lock(d); 1216 d->state = BT_CONNECT2; 1217 d->state_change(d, 0); 1218 rfcomm_dlc_unlock(d); 1219 } else 1220 rfcomm_dlc_accept(d); 1221 } else { 1222 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1223 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1224 } 1225 } 1226 1227 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1228 { 1229 struct rfcomm_dlc *d; 1230 u8 channel; 1231 1232 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1233 1234 if (!dlci) { 1235 rfcomm_send_ua(s, 0); 1236 1237 if (s->state == BT_OPEN) { 1238 s->state = BT_CONNECTED; 1239 rfcomm_process_connect(s); 1240 } 1241 return 0; 1242 } 1243 1244 /* Check if DLC exists */ 1245 d = rfcomm_dlc_get(s, dlci); 1246 if (d) { 1247 if (d->state == BT_OPEN) { 1248 /* DLC was previously opened by PN request */ 1249 rfcomm_check_accept(d); 1250 } 1251 return 0; 1252 } 1253 1254 /* Notify socket layer about incoming connection */ 1255 channel = __srv_channel(dlci); 1256 if (rfcomm_connect_ind(s, channel, &d)) { 1257 d->dlci = dlci; 1258 d->addr = __addr(s->initiator, dlci); 1259 rfcomm_dlc_link(s, d); 1260 1261 rfcomm_check_accept(d); 1262 } else { 1263 rfcomm_send_dm(s, dlci); 1264 } 1265 1266 return 0; 1267 } 1268 1269 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1270 { 1271 struct rfcomm_session *s = d->session; 1272 1273 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1274 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1275 1276 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1277 pn->flow_ctrl == 0xe0) { 1278 d->cfc = RFCOMM_CFC_ENABLED; 1279 d->tx_credits = pn->credits; 1280 } else { 1281 d->cfc = RFCOMM_CFC_DISABLED; 1282 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1283 } 1284 1285 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1286 s->cfc = d->cfc; 1287 1288 d->priority = pn->priority; 1289 1290 d->mtu = btohs(pn->mtu); 1291 1292 if (cr && d->mtu > s->mtu) 1293 d->mtu = s->mtu; 1294 1295 return 0; 1296 } 1297 1298 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1299 { 1300 struct rfcomm_pn *pn = (void *) skb->data; 1301 struct rfcomm_dlc *d; 1302 u8 dlci = pn->dlci; 1303 1304 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1305 1306 if (!dlci) 1307 return 0; 1308 1309 d = rfcomm_dlc_get(s, dlci); 1310 if (d) { 1311 if (cr) { 1312 /* PN request */ 1313 rfcomm_apply_pn(d, cr, pn); 1314 rfcomm_send_pn(s, 0, d); 1315 } else { 1316 /* PN response */ 1317 switch (d->state) { 1318 case BT_CONFIG: 1319 rfcomm_apply_pn(d, cr, pn); 1320 1321 d->state = BT_CONNECT; 1322 rfcomm_send_sabm(s, d->dlci); 1323 break; 1324 } 1325 } 1326 } else { 1327 u8 channel = __srv_channel(dlci); 1328 1329 if (!cr) 1330 return 0; 1331 1332 /* PN request for non existing DLC. 1333 * Assume incoming connection. */ 1334 if (rfcomm_connect_ind(s, channel, &d)) { 1335 d->dlci = dlci; 1336 d->addr = __addr(s->initiator, dlci); 1337 rfcomm_dlc_link(s, d); 1338 1339 rfcomm_apply_pn(d, cr, pn); 1340 1341 d->state = BT_OPEN; 1342 rfcomm_send_pn(s, 0, d); 1343 } else { 1344 rfcomm_send_dm(s, dlci); 1345 } 1346 } 1347 return 0; 1348 } 1349 1350 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1351 { 1352 struct rfcomm_rpn *rpn = (void *) skb->data; 1353 u8 dlci = __get_dlci(rpn->dlci); 1354 1355 u8 bit_rate = 0; 1356 u8 data_bits = 0; 1357 u8 stop_bits = 0; 1358 u8 parity = 0; 1359 u8 flow_ctrl = 0; 1360 u8 xon_char = 0; 1361 u8 xoff_char = 0; 1362 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1363 1364 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1365 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1366 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1367 1368 if (!cr) 1369 return 0; 1370 1371 if (len == 1) { 1372 /* This is a request, return default settings */ 1373 bit_rate = RFCOMM_RPN_BR_115200; 1374 data_bits = RFCOMM_RPN_DATA_8; 1375 stop_bits = RFCOMM_RPN_STOP_1; 1376 parity = RFCOMM_RPN_PARITY_NONE; 1377 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1378 xon_char = RFCOMM_RPN_XON_CHAR; 1379 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1380 goto rpn_out; 1381 } 1382 1383 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1384 * no parity, no flow control lines, normal XON/XOFF chars */ 1385 1386 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1387 bit_rate = rpn->bit_rate; 1388 if (bit_rate != RFCOMM_RPN_BR_115200) { 1389 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1390 bit_rate = RFCOMM_RPN_BR_115200; 1391 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1392 } 1393 } 1394 1395 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1396 data_bits = __get_rpn_data_bits(rpn->line_settings); 1397 if (data_bits != RFCOMM_RPN_DATA_8) { 1398 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1399 data_bits = RFCOMM_RPN_DATA_8; 1400 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1401 } 1402 } 1403 1404 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1405 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1406 if (stop_bits != RFCOMM_RPN_STOP_1) { 1407 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1408 stop_bits = RFCOMM_RPN_STOP_1; 1409 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1410 } 1411 } 1412 1413 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1414 parity = __get_rpn_parity(rpn->line_settings); 1415 if (parity != RFCOMM_RPN_PARITY_NONE) { 1416 BT_DBG("RPN parity mismatch 0x%x", parity); 1417 parity = RFCOMM_RPN_PARITY_NONE; 1418 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1419 } 1420 } 1421 1422 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1423 flow_ctrl = rpn->flow_ctrl; 1424 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1425 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1426 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1427 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1428 } 1429 } 1430 1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1432 xon_char = rpn->xon_char; 1433 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1434 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1435 xon_char = RFCOMM_RPN_XON_CHAR; 1436 rpn_mask ^= RFCOMM_RPN_PM_XON; 1437 } 1438 } 1439 1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1441 xoff_char = rpn->xoff_char; 1442 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1443 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1444 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1445 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1446 } 1447 } 1448 1449 rpn_out: 1450 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1451 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1452 1453 return 0; 1454 } 1455 1456 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1457 { 1458 struct rfcomm_rls *rls = (void *) skb->data; 1459 u8 dlci = __get_dlci(rls->dlci); 1460 1461 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1462 1463 if (!cr) 1464 return 0; 1465 1466 /* We should probably do something with this information here. But 1467 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1468 * mandatory to recognise and respond to RLS */ 1469 1470 rfcomm_send_rls(s, 0, dlci, rls->status); 1471 1472 return 0; 1473 } 1474 1475 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1476 { 1477 struct rfcomm_msc *msc = (void *) skb->data; 1478 struct rfcomm_dlc *d; 1479 u8 dlci = __get_dlci(msc->dlci); 1480 1481 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1482 1483 d = rfcomm_dlc_get(s, dlci); 1484 if (!d) 1485 return 0; 1486 1487 if (cr) { 1488 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1489 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1490 else 1491 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1492 1493 rfcomm_dlc_lock(d); 1494 1495 d->remote_v24_sig = msc->v24_sig; 1496 1497 if (d->modem_status) 1498 d->modem_status(d, msc->v24_sig); 1499 1500 rfcomm_dlc_unlock(d); 1501 1502 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1503 1504 d->mscex |= RFCOMM_MSCEX_RX; 1505 } else 1506 d->mscex |= RFCOMM_MSCEX_TX; 1507 1508 return 0; 1509 } 1510 1511 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1512 { 1513 struct rfcomm_mcc *mcc = (void *) skb->data; 1514 u8 type, cr, len; 1515 1516 cr = __test_cr(mcc->type); 1517 type = __get_mcc_type(mcc->type); 1518 len = __get_mcc_len(mcc->len); 1519 1520 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1521 1522 skb_pull(skb, 2); 1523 1524 switch (type) { 1525 case RFCOMM_PN: 1526 rfcomm_recv_pn(s, cr, skb); 1527 break; 1528 1529 case RFCOMM_RPN: 1530 rfcomm_recv_rpn(s, cr, len, skb); 1531 break; 1532 1533 case RFCOMM_RLS: 1534 rfcomm_recv_rls(s, cr, skb); 1535 break; 1536 1537 case RFCOMM_MSC: 1538 rfcomm_recv_msc(s, cr, skb); 1539 break; 1540 1541 case RFCOMM_FCOFF: 1542 if (cr) { 1543 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1544 rfcomm_send_fcoff(s, 0); 1545 } 1546 break; 1547 1548 case RFCOMM_FCON: 1549 if (cr) { 1550 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1551 rfcomm_send_fcon(s, 0); 1552 } 1553 break; 1554 1555 case RFCOMM_TEST: 1556 if (cr) 1557 rfcomm_send_test(s, 0, skb->data, skb->len); 1558 break; 1559 1560 case RFCOMM_NSC: 1561 break; 1562 1563 default: 1564 BT_ERR("Unknown control type 0x%02x", type); 1565 rfcomm_send_nsc(s, cr, type); 1566 break; 1567 } 1568 return 0; 1569 } 1570 1571 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1572 { 1573 struct rfcomm_dlc *d; 1574 1575 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1576 1577 d = rfcomm_dlc_get(s, dlci); 1578 if (!d) { 1579 rfcomm_send_dm(s, dlci); 1580 goto drop; 1581 } 1582 1583 if (pf && d->cfc) { 1584 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1585 1586 d->tx_credits += credits; 1587 if (d->tx_credits) 1588 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1589 } 1590 1591 if (skb->len && d->state == BT_CONNECTED) { 1592 rfcomm_dlc_lock(d); 1593 d->rx_credits--; 1594 d->data_ready(d, skb); 1595 rfcomm_dlc_unlock(d); 1596 return 0; 1597 } 1598 1599 drop: 1600 kfree_skb(skb); 1601 return 0; 1602 } 1603 1604 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1605 { 1606 struct rfcomm_hdr *hdr = (void *) skb->data; 1607 u8 type, dlci, fcs; 1608 1609 dlci = __get_dlci(hdr->addr); 1610 type = __get_type(hdr->ctrl); 1611 1612 /* Trim FCS */ 1613 skb->len--; skb->tail--; 1614 fcs = *(u8 *)skb_tail_pointer(skb); 1615 1616 if (__check_fcs(skb->data, type, fcs)) { 1617 BT_ERR("bad checksum in packet"); 1618 kfree_skb(skb); 1619 return -EILSEQ; 1620 } 1621 1622 if (__test_ea(hdr->len)) 1623 skb_pull(skb, 3); 1624 else 1625 skb_pull(skb, 4); 1626 1627 switch (type) { 1628 case RFCOMM_SABM: 1629 if (__test_pf(hdr->ctrl)) 1630 rfcomm_recv_sabm(s, dlci); 1631 break; 1632 1633 case RFCOMM_DISC: 1634 if (__test_pf(hdr->ctrl)) 1635 rfcomm_recv_disc(s, dlci); 1636 break; 1637 1638 case RFCOMM_UA: 1639 if (__test_pf(hdr->ctrl)) 1640 rfcomm_recv_ua(s, dlci); 1641 break; 1642 1643 case RFCOMM_DM: 1644 rfcomm_recv_dm(s, dlci); 1645 break; 1646 1647 case RFCOMM_UIH: 1648 if (dlci) 1649 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1650 1651 rfcomm_recv_mcc(s, skb); 1652 break; 1653 1654 default: 1655 BT_ERR("Unknown packet type 0x%02x\n", type); 1656 break; 1657 } 1658 kfree_skb(skb); 1659 return 0; 1660 } 1661 1662 /* ---- Connection and data processing ---- */ 1663 1664 static void rfcomm_process_connect(struct rfcomm_session *s) 1665 { 1666 struct rfcomm_dlc *d; 1667 struct list_head *p, *n; 1668 1669 BT_DBG("session %p state %ld", s, s->state); 1670 1671 list_for_each_safe(p, n, &s->dlcs) { 1672 d = list_entry(p, struct rfcomm_dlc, list); 1673 if (d->state == BT_CONFIG) { 1674 d->mtu = s->mtu; 1675 if (rfcomm_check_security(d)) { 1676 rfcomm_send_pn(s, 1, d); 1677 } else { 1678 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1679 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1680 } 1681 } 1682 } 1683 } 1684 1685 /* Send data queued for the DLC. 1686 * Return number of frames left in the queue. 1687 */ 1688 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1689 { 1690 struct sk_buff *skb; 1691 int err; 1692 1693 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1694 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1695 1696 /* Send pending MSC */ 1697 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1698 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1699 1700 if (d->cfc) { 1701 /* CFC enabled. 1702 * Give them some credits */ 1703 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1704 d->rx_credits <= (d->cfc >> 2)) { 1705 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1706 d->rx_credits = d->cfc; 1707 } 1708 } else { 1709 /* CFC disabled. 1710 * Give ourselves some credits */ 1711 d->tx_credits = 5; 1712 } 1713 1714 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1715 return skb_queue_len(&d->tx_queue); 1716 1717 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1718 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1719 if (err < 0) { 1720 skb_queue_head(&d->tx_queue, skb); 1721 break; 1722 } 1723 kfree_skb(skb); 1724 d->tx_credits--; 1725 } 1726 1727 if (d->cfc && !d->tx_credits) { 1728 /* We're out of TX credits. 1729 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1730 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1731 } 1732 1733 return skb_queue_len(&d->tx_queue); 1734 } 1735 1736 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1737 { 1738 struct rfcomm_dlc *d; 1739 struct list_head *p, *n; 1740 1741 BT_DBG("session %p state %ld", s, s->state); 1742 1743 list_for_each_safe(p, n, &s->dlcs) { 1744 d = list_entry(p, struct rfcomm_dlc, list); 1745 1746 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1747 __rfcomm_dlc_close(d, ETIMEDOUT); 1748 continue; 1749 } 1750 1751 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1752 rfcomm_dlc_clear_timer(d); 1753 if (d->out) { 1754 rfcomm_send_pn(s, 1, d); 1755 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1756 } else { 1757 if (d->defer_setup) { 1758 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1759 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1760 1761 rfcomm_dlc_lock(d); 1762 d->state = BT_CONNECT2; 1763 d->state_change(d, 0); 1764 rfcomm_dlc_unlock(d); 1765 } else 1766 rfcomm_dlc_accept(d); 1767 } 1768 continue; 1769 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1770 rfcomm_dlc_clear_timer(d); 1771 if (!d->out) 1772 rfcomm_send_dm(s, d->dlci); 1773 else 1774 d->state = BT_CLOSED; 1775 __rfcomm_dlc_close(d, ECONNREFUSED); 1776 continue; 1777 } 1778 1779 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1780 continue; 1781 1782 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1783 continue; 1784 1785 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1786 d->mscex == RFCOMM_MSCEX_OK) 1787 rfcomm_process_tx(d); 1788 } 1789 } 1790 1791 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1792 { 1793 struct socket *sock = s->sock; 1794 struct sock *sk = sock->sk; 1795 struct sk_buff *skb; 1796 1797 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1798 1799 /* Get data directly from socket receive queue without copying it. */ 1800 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1801 skb_orphan(skb); 1802 rfcomm_recv_frame(s, skb); 1803 } 1804 1805 if (sk->sk_state == BT_CLOSED) { 1806 if (!s->initiator) 1807 rfcomm_session_put(s); 1808 1809 rfcomm_session_close(s, sk->sk_err); 1810 } 1811 } 1812 1813 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1814 { 1815 struct socket *sock = s->sock, *nsock; 1816 int err; 1817 1818 /* Fast check for a new connection. 1819 * Avoids unnesesary socket allocations. */ 1820 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1821 return; 1822 1823 BT_DBG("session %p", s); 1824 1825 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1826 if (err < 0) 1827 return; 1828 1829 /* Set our callbacks */ 1830 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1831 nsock->sk->sk_state_change = rfcomm_l2state_change; 1832 1833 s = rfcomm_session_add(nsock, BT_OPEN); 1834 if (s) { 1835 rfcomm_session_hold(s); 1836 1837 /* We should adjust MTU on incoming sessions. 1838 * L2CAP MTU minus UIH header and FCS. */ 1839 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1840 1841 rfcomm_schedule(RFCOMM_SCHED_RX); 1842 } else 1843 sock_release(nsock); 1844 } 1845 1846 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1847 { 1848 struct sock *sk = s->sock->sk; 1849 1850 BT_DBG("%p state %ld", s, s->state); 1851 1852 switch(sk->sk_state) { 1853 case BT_CONNECTED: 1854 s->state = BT_CONNECT; 1855 1856 /* We can adjust MTU on outgoing sessions. 1857 * L2CAP MTU minus UIH header and FCS. */ 1858 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1859 1860 rfcomm_send_sabm(s, 0); 1861 break; 1862 1863 case BT_CLOSED: 1864 s->state = BT_CLOSED; 1865 rfcomm_session_close(s, sk->sk_err); 1866 break; 1867 } 1868 } 1869 1870 static inline void rfcomm_process_sessions(void) 1871 { 1872 struct list_head *p, *n; 1873 1874 rfcomm_lock(); 1875 1876 list_for_each_safe(p, n, &session_list) { 1877 struct rfcomm_session *s; 1878 s = list_entry(p, struct rfcomm_session, list); 1879 1880 if (s->state == BT_LISTEN) { 1881 rfcomm_accept_connection(s); 1882 continue; 1883 } 1884 1885 rfcomm_session_hold(s); 1886 1887 switch (s->state) { 1888 case BT_BOUND: 1889 rfcomm_check_connection(s); 1890 break; 1891 1892 default: 1893 rfcomm_process_rx(s); 1894 break; 1895 } 1896 1897 rfcomm_process_dlcs(s); 1898 1899 rfcomm_session_put(s); 1900 } 1901 1902 rfcomm_unlock(); 1903 } 1904 1905 static int rfcomm_add_listener(bdaddr_t *ba) 1906 { 1907 struct sockaddr_l2 addr; 1908 struct socket *sock; 1909 struct sock *sk; 1910 struct rfcomm_session *s; 1911 int err = 0; 1912 1913 /* Create socket */ 1914 err = rfcomm_l2sock_create(&sock); 1915 if (err < 0) { 1916 BT_ERR("Create socket failed %d", err); 1917 return err; 1918 } 1919 1920 /* Bind socket */ 1921 bacpy(&addr.l2_bdaddr, ba); 1922 addr.l2_family = AF_BLUETOOTH; 1923 addr.l2_psm = htobs(RFCOMM_PSM); 1924 addr.l2_cid = 0; 1925 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1926 if (err < 0) { 1927 BT_ERR("Bind failed %d", err); 1928 goto failed; 1929 } 1930 1931 /* Set L2CAP options */ 1932 sk = sock->sk; 1933 lock_sock(sk); 1934 l2cap_pi(sk)->imtu = l2cap_mtu; 1935 release_sock(sk); 1936 1937 /* Start listening on the socket */ 1938 err = kernel_listen(sock, 10); 1939 if (err) { 1940 BT_ERR("Listen failed %d", err); 1941 goto failed; 1942 } 1943 1944 /* Add listening session */ 1945 s = rfcomm_session_add(sock, BT_LISTEN); 1946 if (!s) 1947 goto failed; 1948 1949 rfcomm_session_hold(s); 1950 return 0; 1951 failed: 1952 sock_release(sock); 1953 return err; 1954 } 1955 1956 static void rfcomm_kill_listener(void) 1957 { 1958 struct rfcomm_session *s; 1959 struct list_head *p, *n; 1960 1961 BT_DBG(""); 1962 1963 list_for_each_safe(p, n, &session_list) { 1964 s = list_entry(p, struct rfcomm_session, list); 1965 rfcomm_session_del(s); 1966 } 1967 } 1968 1969 static int rfcomm_run(void *unused) 1970 { 1971 BT_DBG(""); 1972 1973 set_user_nice(current, -10); 1974 1975 rfcomm_add_listener(BDADDR_ANY); 1976 1977 while (!kthread_should_stop()) { 1978 set_current_state(TASK_INTERRUPTIBLE); 1979 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1980 /* No pending events. Let's sleep. 1981 * Incoming connections and data will wake us up. */ 1982 schedule(); 1983 } 1984 set_current_state(TASK_RUNNING); 1985 1986 /* Process stuff */ 1987 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1988 rfcomm_process_sessions(); 1989 } 1990 1991 rfcomm_kill_listener(); 1992 1993 return 0; 1994 } 1995 1996 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1997 { 1998 struct rfcomm_session *s; 1999 struct rfcomm_dlc *d; 2000 struct list_head *p, *n; 2001 2002 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2003 2004 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2005 if (!s) 2006 return; 2007 2008 rfcomm_session_hold(s); 2009 2010 list_for_each_safe(p, n, &s->dlcs) { 2011 d = list_entry(p, struct rfcomm_dlc, list); 2012 2013 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2014 rfcomm_dlc_clear_timer(d); 2015 if (status || encrypt == 0x00) { 2016 __rfcomm_dlc_close(d, ECONNREFUSED); 2017 continue; 2018 } 2019 } 2020 2021 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2022 if (d->sec_level == BT_SECURITY_MEDIUM) { 2023 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2024 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2025 continue; 2026 } else if (d->sec_level == BT_SECURITY_HIGH) { 2027 __rfcomm_dlc_close(d, ECONNREFUSED); 2028 continue; 2029 } 2030 } 2031 2032 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2033 continue; 2034 2035 if (!status) 2036 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2037 else 2038 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2039 } 2040 2041 rfcomm_session_put(s); 2042 2043 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2044 } 2045 2046 static struct hci_cb rfcomm_cb = { 2047 .name = "RFCOMM", 2048 .security_cfm = rfcomm_security_cfm 2049 }; 2050 2051 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2052 { 2053 struct rfcomm_session *s; 2054 struct list_head *pp, *p; 2055 char *str = buf; 2056 2057 rfcomm_lock(); 2058 2059 list_for_each(p, &session_list) { 2060 s = list_entry(p, struct rfcomm_session, list); 2061 list_for_each(pp, &s->dlcs) { 2062 struct sock *sk = s->sock->sk; 2063 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2064 2065 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2066 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2067 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2068 } 2069 } 2070 2071 rfcomm_unlock(); 2072 2073 return (str - buf); 2074 } 2075 2076 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2077 2078 /* ---- Initialization ---- */ 2079 static int __init rfcomm_init(void) 2080 { 2081 l2cap_load(); 2082 2083 hci_register_cb(&rfcomm_cb); 2084 2085 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2086 if (IS_ERR(rfcomm_thread)) { 2087 hci_unregister_cb(&rfcomm_cb); 2088 return PTR_ERR(rfcomm_thread); 2089 } 2090 2091 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2092 BT_ERR("Failed to create RFCOMM info file"); 2093 2094 rfcomm_init_sockets(); 2095 2096 #ifdef CONFIG_BT_RFCOMM_TTY 2097 rfcomm_init_ttys(); 2098 #endif 2099 2100 BT_INFO("RFCOMM ver %s", VERSION); 2101 2102 return 0; 2103 } 2104 2105 static void __exit rfcomm_exit(void) 2106 { 2107 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2108 2109 hci_unregister_cb(&rfcomm_cb); 2110 2111 kthread_stop(rfcomm_thread); 2112 2113 #ifdef CONFIG_BT_RFCOMM_TTY 2114 rfcomm_cleanup_ttys(); 2115 #endif 2116 2117 rfcomm_cleanup_sockets(); 2118 } 2119 2120 module_init(rfcomm_init); 2121 module_exit(rfcomm_exit); 2122 2123 module_param(disable_cfc, bool, 0644); 2124 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2125 2126 module_param(channel_mtu, int, 0644); 2127 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2128 2129 module_param(l2cap_mtu, uint, 0644); 2130 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2131 2132 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2133 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2134 MODULE_VERSION(VERSION); 2135 MODULE_LICENSE("GPL"); 2136 MODULE_ALIAS("bt-proto-3"); 2137