1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/debugfs.h> 37 #include <linux/seq_file.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <linux/slab.h> 42 43 #include <net/sock.h> 44 #include <linux/uaccess.h> 45 #include <asm/unaligned.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 #include <net/bluetooth/rfcomm.h> 51 52 #define VERSION "1.11" 53 54 static int disable_cfc; 55 static int l2cap_ertm; 56 static int channel_mtu = -1; 57 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 58 59 static struct task_struct *rfcomm_thread; 60 61 static DEFINE_MUTEX(rfcomm_mutex); 62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 64 65 static unsigned long rfcomm_event; 66 67 static LIST_HEAD(session_list); 68 69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80 static void rfcomm_process_connect(struct rfcomm_session *s); 81 82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 83 bdaddr_t *dst, 84 u8 sec_level, 85 int *err); 86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87 static void rfcomm_session_del(struct rfcomm_session *s); 88 89 /* ---- RFCOMM frame parsing macros ---- */ 90 #define __get_dlci(b) ((b & 0xfc) >> 2) 91 #define __get_channel(b) ((b & 0xf8) >> 3) 92 #define __get_dir(b) ((b & 0x04) >> 2) 93 #define __get_type(b) ((b & 0xef)) 94 95 #define __test_ea(b) ((b & 0x01)) 96 #define __test_cr(b) ((b & 0x02)) 97 #define __test_pf(b) ((b & 0x10)) 98 99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102 #define __srv_channel(dlci) (dlci >> 1) 103 #define __dir(dlci) (dlci & 0x01) 104 105 #define __len8(len) (((len) << 1) | 1) 106 #define __len16(len) ((len) << 1) 107 108 /* MCC macros */ 109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 111 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113 /* RPN macros */ 114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115 #define __get_rpn_data_bits(line) ((line) & 0x3) 116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119 static inline void rfcomm_schedule(void) 120 { 121 if (!rfcomm_thread) 122 return; 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 124 wake_up_process(rfcomm_thread); 125 } 126 127 static inline void rfcomm_session_put(struct rfcomm_session *s) 128 { 129 if (atomic_dec_and_test(&s->refcnt)) 130 rfcomm_session_del(s); 131 } 132 133 /* ---- RFCOMM FCS computation ---- */ 134 135 /* reversed, 8-bit, poly=0x07 */ 136 static unsigned char rfcomm_crc_table[256] = { 137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 141 142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 146 147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 151 152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 156 157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 161 162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 166 167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 171 172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 176 }; 177 178 /* CRC on 2 bytes */ 179 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 180 181 /* FCS on 2 bytes */ 182 static inline u8 __fcs(u8 *data) 183 { 184 return 0xff - __crc(data); 185 } 186 187 /* FCS on 3 bytes */ 188 static inline u8 __fcs2(u8 *data) 189 { 190 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 191 } 192 193 /* Check FCS */ 194 static inline int __check_fcs(u8 *data, int type, u8 fcs) 195 { 196 u8 f = __crc(data); 197 198 if (type != RFCOMM_UIH) 199 f = rfcomm_crc_table[f ^ data[2]]; 200 201 return rfcomm_crc_table[f ^ fcs] != 0xcf; 202 } 203 204 /* ---- L2CAP callbacks ---- */ 205 static void rfcomm_l2state_change(struct sock *sk) 206 { 207 BT_DBG("%p state %d", sk, sk->sk_state); 208 rfcomm_schedule(); 209 } 210 211 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 212 { 213 BT_DBG("%p bytes %d", sk, bytes); 214 rfcomm_schedule(); 215 } 216 217 static int rfcomm_l2sock_create(struct socket **sock) 218 { 219 int err; 220 221 BT_DBG(""); 222 223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 224 if (!err) { 225 struct sock *sk = (*sock)->sk; 226 sk->sk_data_ready = rfcomm_l2data_ready; 227 sk->sk_state_change = rfcomm_l2state_change; 228 } 229 return err; 230 } 231 232 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 233 { 234 struct sock *sk = d->session->sock->sk; 235 __u8 auth_type; 236 237 switch (d->sec_level) { 238 case BT_SECURITY_HIGH: 239 auth_type = HCI_AT_GENERAL_BONDING_MITM; 240 break; 241 case BT_SECURITY_MEDIUM: 242 auth_type = HCI_AT_GENERAL_BONDING; 243 break; 244 default: 245 auth_type = HCI_AT_NO_BONDING; 246 break; 247 } 248 249 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 250 auth_type); 251 } 252 253 static void rfcomm_session_timeout(unsigned long arg) 254 { 255 struct rfcomm_session *s = (void *) arg; 256 257 BT_DBG("session %p state %ld", s, s->state); 258 259 set_bit(RFCOMM_TIMED_OUT, &s->flags); 260 rfcomm_schedule(); 261 } 262 263 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 264 { 265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 266 267 if (!mod_timer(&s->timer, jiffies + timeout)) 268 rfcomm_session_hold(s); 269 } 270 271 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 272 { 273 BT_DBG("session %p state %ld", s, s->state); 274 275 if (timer_pending(&s->timer) && del_timer(&s->timer)) 276 rfcomm_session_put(s); 277 } 278 279 /* ---- RFCOMM DLCs ---- */ 280 static void rfcomm_dlc_timeout(unsigned long arg) 281 { 282 struct rfcomm_dlc *d = (void *) arg; 283 284 BT_DBG("dlc %p state %ld", d, d->state); 285 286 set_bit(RFCOMM_TIMED_OUT, &d->flags); 287 rfcomm_dlc_put(d); 288 rfcomm_schedule(); 289 } 290 291 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 292 { 293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 294 295 if (!mod_timer(&d->timer, jiffies + timeout)) 296 rfcomm_dlc_hold(d); 297 } 298 299 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 300 { 301 BT_DBG("dlc %p state %ld", d, d->state); 302 303 if (timer_pending(&d->timer) && del_timer(&d->timer)) 304 rfcomm_dlc_put(d); 305 } 306 307 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 308 { 309 BT_DBG("%p", d); 310 311 d->state = BT_OPEN; 312 d->flags = 0; 313 d->mscex = 0; 314 d->sec_level = BT_SECURITY_LOW; 315 d->mtu = RFCOMM_DEFAULT_MTU; 316 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 317 318 d->cfc = RFCOMM_CFC_DISABLED; 319 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 320 } 321 322 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 323 { 324 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 325 326 if (!d) 327 return NULL; 328 329 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 330 331 skb_queue_head_init(&d->tx_queue); 332 spin_lock_init(&d->lock); 333 atomic_set(&d->refcnt, 1); 334 335 rfcomm_dlc_clear_state(d); 336 337 BT_DBG("%p", d); 338 339 return d; 340 } 341 342 void rfcomm_dlc_free(struct rfcomm_dlc *d) 343 { 344 BT_DBG("%p", d); 345 346 skb_queue_purge(&d->tx_queue); 347 kfree(d); 348 } 349 350 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 351 { 352 BT_DBG("dlc %p session %p", d, s); 353 354 rfcomm_session_hold(s); 355 356 rfcomm_session_clear_timer(s); 357 rfcomm_dlc_hold(d); 358 list_add(&d->list, &s->dlcs); 359 d->session = s; 360 } 361 362 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 363 { 364 struct rfcomm_session *s = d->session; 365 366 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 367 368 list_del(&d->list); 369 d->session = NULL; 370 rfcomm_dlc_put(d); 371 372 if (list_empty(&s->dlcs)) 373 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 374 375 rfcomm_session_put(s); 376 } 377 378 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 379 { 380 struct rfcomm_dlc *d; 381 struct list_head *p; 382 383 list_for_each(p, &s->dlcs) { 384 d = list_entry(p, struct rfcomm_dlc, list); 385 if (d->dlci == dlci) 386 return d; 387 } 388 return NULL; 389 } 390 391 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 392 { 393 struct rfcomm_session *s; 394 int err = 0; 395 u8 dlci; 396 397 BT_DBG("dlc %p state %ld %s %s channel %d", 398 d, d->state, batostr(src), batostr(dst), channel); 399 400 if (channel < 1 || channel > 30) 401 return -EINVAL; 402 403 if (d->state != BT_OPEN && d->state != BT_CLOSED) 404 return 0; 405 406 s = rfcomm_session_get(src, dst); 407 if (!s) { 408 s = rfcomm_session_create(src, dst, d->sec_level, &err); 409 if (!s) 410 return err; 411 } 412 413 dlci = __dlci(!s->initiator, channel); 414 415 /* Check if DLCI already exists */ 416 if (rfcomm_dlc_get(s, dlci)) 417 return -EBUSY; 418 419 rfcomm_dlc_clear_state(d); 420 421 d->dlci = dlci; 422 d->addr = __addr(s->initiator, dlci); 423 d->priority = 7; 424 425 d->state = BT_CONFIG; 426 rfcomm_dlc_link(s, d); 427 428 d->out = 1; 429 430 d->mtu = s->mtu; 431 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 432 433 if (s->state == BT_CONNECTED) { 434 if (rfcomm_check_security(d)) 435 rfcomm_send_pn(s, 1, d); 436 else 437 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 438 } 439 440 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 441 442 return 0; 443 } 444 445 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 446 { 447 int r; 448 449 rfcomm_lock(); 450 451 r = __rfcomm_dlc_open(d, src, dst, channel); 452 453 rfcomm_unlock(); 454 return r; 455 } 456 457 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 458 { 459 struct rfcomm_session *s = d->session; 460 if (!s) 461 return 0; 462 463 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 464 d, d->state, d->dlci, err, s); 465 466 switch (d->state) { 467 case BT_CONNECT: 468 case BT_CONFIG: 469 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 470 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 471 rfcomm_schedule(); 472 break; 473 } 474 /* Fall through */ 475 476 case BT_CONNECTED: 477 d->state = BT_DISCONN; 478 if (skb_queue_empty(&d->tx_queue)) { 479 rfcomm_send_disc(s, d->dlci); 480 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 481 } else { 482 rfcomm_queue_disc(d); 483 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 484 } 485 break; 486 487 case BT_OPEN: 488 case BT_CONNECT2: 489 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 490 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 491 rfcomm_schedule(); 492 break; 493 } 494 /* Fall through */ 495 496 default: 497 rfcomm_dlc_clear_timer(d); 498 499 rfcomm_dlc_lock(d); 500 d->state = BT_CLOSED; 501 d->state_change(d, err); 502 rfcomm_dlc_unlock(d); 503 504 skb_queue_purge(&d->tx_queue); 505 rfcomm_dlc_unlink(d); 506 } 507 508 return 0; 509 } 510 511 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 512 { 513 int r; 514 515 rfcomm_lock(); 516 517 r = __rfcomm_dlc_close(d, err); 518 519 rfcomm_unlock(); 520 return r; 521 } 522 523 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 524 { 525 int len = skb->len; 526 527 if (d->state != BT_CONNECTED) 528 return -ENOTCONN; 529 530 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 531 532 if (len > d->mtu) 533 return -EINVAL; 534 535 rfcomm_make_uih(skb, d->addr); 536 skb_queue_tail(&d->tx_queue, skb); 537 538 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 539 rfcomm_schedule(); 540 return len; 541 } 542 543 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 544 { 545 BT_DBG("dlc %p state %ld", d, d->state); 546 547 if (!d->cfc) { 548 d->v24_sig |= RFCOMM_V24_FC; 549 set_bit(RFCOMM_MSC_PENDING, &d->flags); 550 } 551 rfcomm_schedule(); 552 } 553 554 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 555 { 556 BT_DBG("dlc %p state %ld", d, d->state); 557 558 if (!d->cfc) { 559 d->v24_sig &= ~RFCOMM_V24_FC; 560 set_bit(RFCOMM_MSC_PENDING, &d->flags); 561 } 562 rfcomm_schedule(); 563 } 564 565 /* 566 Set/get modem status functions use _local_ status i.e. what we report 567 to the other side. 568 Remote status is provided by dlc->modem_status() callback. 569 */ 570 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 571 { 572 BT_DBG("dlc %p state %ld v24_sig 0x%x", 573 d, d->state, v24_sig); 574 575 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 576 v24_sig |= RFCOMM_V24_FC; 577 else 578 v24_sig &= ~RFCOMM_V24_FC; 579 580 d->v24_sig = v24_sig; 581 582 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 583 rfcomm_schedule(); 584 585 return 0; 586 } 587 588 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 589 { 590 BT_DBG("dlc %p state %ld v24_sig 0x%x", 591 d, d->state, d->v24_sig); 592 593 *v24_sig = d->v24_sig; 594 return 0; 595 } 596 597 /* ---- RFCOMM sessions ---- */ 598 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 599 { 600 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 601 602 if (!s) 603 return NULL; 604 605 BT_DBG("session %p sock %p", s, sock); 606 607 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 608 609 INIT_LIST_HEAD(&s->dlcs); 610 s->state = state; 611 s->sock = sock; 612 613 s->mtu = RFCOMM_DEFAULT_MTU; 614 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 615 616 /* Do not increment module usage count for listening sessions. 617 * Otherwise we won't be able to unload the module. */ 618 if (state != BT_LISTEN) 619 if (!try_module_get(THIS_MODULE)) { 620 kfree(s); 621 return NULL; 622 } 623 624 list_add(&s->list, &session_list); 625 626 return s; 627 } 628 629 static void rfcomm_session_del(struct rfcomm_session *s) 630 { 631 int state = s->state; 632 633 BT_DBG("session %p state %ld", s, s->state); 634 635 list_del(&s->list); 636 637 if (state == BT_CONNECTED) 638 rfcomm_send_disc(s, 0); 639 640 rfcomm_session_clear_timer(s); 641 sock_release(s->sock); 642 kfree(s); 643 644 if (state != BT_LISTEN) 645 module_put(THIS_MODULE); 646 } 647 648 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 649 { 650 struct rfcomm_session *s; 651 struct list_head *p, *n; 652 struct bt_sock *sk; 653 list_for_each_safe(p, n, &session_list) { 654 s = list_entry(p, struct rfcomm_session, list); 655 sk = bt_sk(s->sock->sk); 656 657 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 658 !bacmp(&sk->dst, dst)) 659 return s; 660 } 661 return NULL; 662 } 663 664 static void rfcomm_session_close(struct rfcomm_session *s, int err) 665 { 666 struct rfcomm_dlc *d; 667 struct list_head *p, *n; 668 669 BT_DBG("session %p state %ld err %d", s, s->state, err); 670 671 rfcomm_session_hold(s); 672 673 s->state = BT_CLOSED; 674 675 /* Close all dlcs */ 676 list_for_each_safe(p, n, &s->dlcs) { 677 d = list_entry(p, struct rfcomm_dlc, list); 678 d->state = BT_CLOSED; 679 __rfcomm_dlc_close(d, err); 680 } 681 682 rfcomm_session_clear_timer(s); 683 rfcomm_session_put(s); 684 } 685 686 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 687 bdaddr_t *dst, 688 u8 sec_level, 689 int *err) 690 { 691 struct rfcomm_session *s = NULL; 692 struct sockaddr_l2 addr; 693 struct socket *sock; 694 struct sock *sk; 695 696 BT_DBG("%s %s", batostr(src), batostr(dst)); 697 698 *err = rfcomm_l2sock_create(&sock); 699 if (*err < 0) 700 return NULL; 701 702 bacpy(&addr.l2_bdaddr, src); 703 addr.l2_family = AF_BLUETOOTH; 704 addr.l2_psm = 0; 705 addr.l2_cid = 0; 706 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 707 if (*err < 0) 708 goto failed; 709 710 /* Set L2CAP options */ 711 sk = sock->sk; 712 lock_sock(sk); 713 l2cap_pi(sk)->imtu = l2cap_mtu; 714 l2cap_pi(sk)->sec_level = sec_level; 715 if (l2cap_ertm) 716 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 717 release_sock(sk); 718 719 s = rfcomm_session_add(sock, BT_BOUND); 720 if (!s) { 721 *err = -ENOMEM; 722 goto failed; 723 } 724 725 s->initiator = 1; 726 727 bacpy(&addr.l2_bdaddr, dst); 728 addr.l2_family = AF_BLUETOOTH; 729 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 730 addr.l2_cid = 0; 731 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 732 if (*err == 0 || *err == -EINPROGRESS) 733 return s; 734 735 rfcomm_session_del(s); 736 return NULL; 737 738 failed: 739 sock_release(sock); 740 return NULL; 741 } 742 743 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 744 { 745 struct sock *sk = s->sock->sk; 746 if (src) 747 bacpy(src, &bt_sk(sk)->src); 748 if (dst) 749 bacpy(dst, &bt_sk(sk)->dst); 750 } 751 752 /* ---- RFCOMM frame sending ---- */ 753 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 754 { 755 struct socket *sock = s->sock; 756 struct kvec iv = { data, len }; 757 struct msghdr msg; 758 759 BT_DBG("session %p len %d", s, len); 760 761 memset(&msg, 0, sizeof(msg)); 762 763 return kernel_sendmsg(sock, &msg, &iv, 1, len); 764 } 765 766 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 767 { 768 struct rfcomm_cmd cmd; 769 770 BT_DBG("%p dlci %d", s, dlci); 771 772 cmd.addr = __addr(s->initiator, dlci); 773 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 774 cmd.len = __len8(0); 775 cmd.fcs = __fcs2((u8 *) &cmd); 776 777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 778 } 779 780 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 781 { 782 struct rfcomm_cmd cmd; 783 784 BT_DBG("%p dlci %d", s, dlci); 785 786 cmd.addr = __addr(!s->initiator, dlci); 787 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 788 cmd.len = __len8(0); 789 cmd.fcs = __fcs2((u8 *) &cmd); 790 791 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 792 } 793 794 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 795 { 796 struct rfcomm_cmd cmd; 797 798 BT_DBG("%p dlci %d", s, dlci); 799 800 cmd.addr = __addr(s->initiator, dlci); 801 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 802 cmd.len = __len8(0); 803 cmd.fcs = __fcs2((u8 *) &cmd); 804 805 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 806 } 807 808 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 809 { 810 struct rfcomm_cmd *cmd; 811 struct sk_buff *skb; 812 813 BT_DBG("dlc %p dlci %d", d, d->dlci); 814 815 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 816 if (!skb) 817 return -ENOMEM; 818 819 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 820 cmd->addr = d->addr; 821 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 822 cmd->len = __len8(0); 823 cmd->fcs = __fcs2((u8 *) cmd); 824 825 skb_queue_tail(&d->tx_queue, skb); 826 rfcomm_schedule(); 827 return 0; 828 } 829 830 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 831 { 832 struct rfcomm_cmd cmd; 833 834 BT_DBG("%p dlci %d", s, dlci); 835 836 cmd.addr = __addr(!s->initiator, dlci); 837 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 838 cmd.len = __len8(0); 839 cmd.fcs = __fcs2((u8 *) &cmd); 840 841 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 842 } 843 844 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 845 { 846 struct rfcomm_hdr *hdr; 847 struct rfcomm_mcc *mcc; 848 u8 buf[16], *ptr = buf; 849 850 BT_DBG("%p cr %d type %d", s, cr, type); 851 852 hdr = (void *) ptr; ptr += sizeof(*hdr); 853 hdr->addr = __addr(s->initiator, 0); 854 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 855 hdr->len = __len8(sizeof(*mcc) + 1); 856 857 mcc = (void *) ptr; ptr += sizeof(*mcc); 858 mcc->type = __mcc_type(cr, RFCOMM_NSC); 859 mcc->len = __len8(1); 860 861 /* Type that we didn't like */ 862 *ptr = __mcc_type(cr, type); ptr++; 863 864 *ptr = __fcs(buf); ptr++; 865 866 return rfcomm_send_frame(s, buf, ptr - buf); 867 } 868 869 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 870 { 871 struct rfcomm_hdr *hdr; 872 struct rfcomm_mcc *mcc; 873 struct rfcomm_pn *pn; 874 u8 buf[16], *ptr = buf; 875 876 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 877 878 hdr = (void *) ptr; ptr += sizeof(*hdr); 879 hdr->addr = __addr(s->initiator, 0); 880 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 881 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 882 883 mcc = (void *) ptr; ptr += sizeof(*mcc); 884 mcc->type = __mcc_type(cr, RFCOMM_PN); 885 mcc->len = __len8(sizeof(*pn)); 886 887 pn = (void *) ptr; ptr += sizeof(*pn); 888 pn->dlci = d->dlci; 889 pn->priority = d->priority; 890 pn->ack_timer = 0; 891 pn->max_retrans = 0; 892 893 if (s->cfc) { 894 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 895 pn->credits = RFCOMM_DEFAULT_CREDITS; 896 } else { 897 pn->flow_ctrl = 0; 898 pn->credits = 0; 899 } 900 901 if (cr && channel_mtu >= 0) 902 pn->mtu = cpu_to_le16(channel_mtu); 903 else 904 pn->mtu = cpu_to_le16(d->mtu); 905 906 *ptr = __fcs(buf); ptr++; 907 908 return rfcomm_send_frame(s, buf, ptr - buf); 909 } 910 911 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 912 u8 bit_rate, u8 data_bits, u8 stop_bits, 913 u8 parity, u8 flow_ctrl_settings, 914 u8 xon_char, u8 xoff_char, u16 param_mask) 915 { 916 struct rfcomm_hdr *hdr; 917 struct rfcomm_mcc *mcc; 918 struct rfcomm_rpn *rpn; 919 u8 buf[16], *ptr = buf; 920 921 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 922 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 923 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 924 flow_ctrl_settings, xon_char, xoff_char, param_mask); 925 926 hdr = (void *) ptr; ptr += sizeof(*hdr); 927 hdr->addr = __addr(s->initiator, 0); 928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 929 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 930 931 mcc = (void *) ptr; ptr += sizeof(*mcc); 932 mcc->type = __mcc_type(cr, RFCOMM_RPN); 933 mcc->len = __len8(sizeof(*rpn)); 934 935 rpn = (void *) ptr; ptr += sizeof(*rpn); 936 rpn->dlci = __addr(1, dlci); 937 rpn->bit_rate = bit_rate; 938 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 939 rpn->flow_ctrl = flow_ctrl_settings; 940 rpn->xon_char = xon_char; 941 rpn->xoff_char = xoff_char; 942 rpn->param_mask = cpu_to_le16(param_mask); 943 944 *ptr = __fcs(buf); ptr++; 945 946 return rfcomm_send_frame(s, buf, ptr - buf); 947 } 948 949 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 950 { 951 struct rfcomm_hdr *hdr; 952 struct rfcomm_mcc *mcc; 953 struct rfcomm_rls *rls; 954 u8 buf[16], *ptr = buf; 955 956 BT_DBG("%p cr %d status 0x%x", s, cr, status); 957 958 hdr = (void *) ptr; ptr += sizeof(*hdr); 959 hdr->addr = __addr(s->initiator, 0); 960 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 961 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 962 963 mcc = (void *) ptr; ptr += sizeof(*mcc); 964 mcc->type = __mcc_type(cr, RFCOMM_RLS); 965 mcc->len = __len8(sizeof(*rls)); 966 967 rls = (void *) ptr; ptr += sizeof(*rls); 968 rls->dlci = __addr(1, dlci); 969 rls->status = status; 970 971 *ptr = __fcs(buf); ptr++; 972 973 return rfcomm_send_frame(s, buf, ptr - buf); 974 } 975 976 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 977 { 978 struct rfcomm_hdr *hdr; 979 struct rfcomm_mcc *mcc; 980 struct rfcomm_msc *msc; 981 u8 buf[16], *ptr = buf; 982 983 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 984 985 hdr = (void *) ptr; ptr += sizeof(*hdr); 986 hdr->addr = __addr(s->initiator, 0); 987 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 988 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 989 990 mcc = (void *) ptr; ptr += sizeof(*mcc); 991 mcc->type = __mcc_type(cr, RFCOMM_MSC); 992 mcc->len = __len8(sizeof(*msc)); 993 994 msc = (void *) ptr; ptr += sizeof(*msc); 995 msc->dlci = __addr(1, dlci); 996 msc->v24_sig = v24_sig | 0x01; 997 998 *ptr = __fcs(buf); ptr++; 999 1000 return rfcomm_send_frame(s, buf, ptr - buf); 1001 } 1002 1003 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1004 { 1005 struct rfcomm_hdr *hdr; 1006 struct rfcomm_mcc *mcc; 1007 u8 buf[16], *ptr = buf; 1008 1009 BT_DBG("%p cr %d", s, cr); 1010 1011 hdr = (void *) ptr; ptr += sizeof(*hdr); 1012 hdr->addr = __addr(s->initiator, 0); 1013 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1014 hdr->len = __len8(sizeof(*mcc)); 1015 1016 mcc = (void *) ptr; ptr += sizeof(*mcc); 1017 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1018 mcc->len = __len8(0); 1019 1020 *ptr = __fcs(buf); ptr++; 1021 1022 return rfcomm_send_frame(s, buf, ptr - buf); 1023 } 1024 1025 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1026 { 1027 struct rfcomm_hdr *hdr; 1028 struct rfcomm_mcc *mcc; 1029 u8 buf[16], *ptr = buf; 1030 1031 BT_DBG("%p cr %d", s, cr); 1032 1033 hdr = (void *) ptr; ptr += sizeof(*hdr); 1034 hdr->addr = __addr(s->initiator, 0); 1035 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1036 hdr->len = __len8(sizeof(*mcc)); 1037 1038 mcc = (void *) ptr; ptr += sizeof(*mcc); 1039 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1040 mcc->len = __len8(0); 1041 1042 *ptr = __fcs(buf); ptr++; 1043 1044 return rfcomm_send_frame(s, buf, ptr - buf); 1045 } 1046 1047 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1048 { 1049 struct socket *sock = s->sock; 1050 struct kvec iv[3]; 1051 struct msghdr msg; 1052 unsigned char hdr[5], crc[1]; 1053 1054 if (len > 125) 1055 return -EINVAL; 1056 1057 BT_DBG("%p cr %d", s, cr); 1058 1059 hdr[0] = __addr(s->initiator, 0); 1060 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1061 hdr[2] = 0x01 | ((len + 2) << 1); 1062 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1063 hdr[4] = 0x01 | (len << 1); 1064 1065 crc[0] = __fcs(hdr); 1066 1067 iv[0].iov_base = hdr; 1068 iv[0].iov_len = 5; 1069 iv[1].iov_base = pattern; 1070 iv[1].iov_len = len; 1071 iv[2].iov_base = crc; 1072 iv[2].iov_len = 1; 1073 1074 memset(&msg, 0, sizeof(msg)); 1075 1076 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1077 } 1078 1079 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1080 { 1081 struct rfcomm_hdr *hdr; 1082 u8 buf[16], *ptr = buf; 1083 1084 BT_DBG("%p addr %d credits %d", s, addr, credits); 1085 1086 hdr = (void *) ptr; ptr += sizeof(*hdr); 1087 hdr->addr = addr; 1088 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1089 hdr->len = __len8(0); 1090 1091 *ptr = credits; ptr++; 1092 1093 *ptr = __fcs(buf); ptr++; 1094 1095 return rfcomm_send_frame(s, buf, ptr - buf); 1096 } 1097 1098 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1099 { 1100 struct rfcomm_hdr *hdr; 1101 int len = skb->len; 1102 u8 *crc; 1103 1104 if (len > 127) { 1105 hdr = (void *) skb_push(skb, 4); 1106 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1107 } else { 1108 hdr = (void *) skb_push(skb, 3); 1109 hdr->len = __len8(len); 1110 } 1111 hdr->addr = addr; 1112 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1113 1114 crc = skb_put(skb, 1); 1115 *crc = __fcs((void *) hdr); 1116 } 1117 1118 /* ---- RFCOMM frame reception ---- */ 1119 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1120 { 1121 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1122 1123 if (dlci) { 1124 /* Data channel */ 1125 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1126 if (!d) { 1127 rfcomm_send_dm(s, dlci); 1128 return 0; 1129 } 1130 1131 switch (d->state) { 1132 case BT_CONNECT: 1133 rfcomm_dlc_clear_timer(d); 1134 1135 rfcomm_dlc_lock(d); 1136 d->state = BT_CONNECTED; 1137 d->state_change(d, 0); 1138 rfcomm_dlc_unlock(d); 1139 1140 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1141 break; 1142 1143 case BT_DISCONN: 1144 d->state = BT_CLOSED; 1145 __rfcomm_dlc_close(d, 0); 1146 1147 if (list_empty(&s->dlcs)) { 1148 s->state = BT_DISCONN; 1149 rfcomm_send_disc(s, 0); 1150 } 1151 1152 break; 1153 } 1154 } else { 1155 /* Control channel */ 1156 switch (s->state) { 1157 case BT_CONNECT: 1158 s->state = BT_CONNECTED; 1159 rfcomm_process_connect(s); 1160 break; 1161 1162 case BT_DISCONN: 1163 /* When socket is closed and we are not RFCOMM 1164 * initiator rfcomm_process_rx already calls 1165 * rfcomm_session_put() */ 1166 if (s->sock->sk->sk_state != BT_CLOSED) 1167 rfcomm_session_put(s); 1168 break; 1169 } 1170 } 1171 return 0; 1172 } 1173 1174 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1175 { 1176 int err = 0; 1177 1178 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1179 1180 if (dlci) { 1181 /* Data DLC */ 1182 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1183 if (d) { 1184 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1185 err = ECONNREFUSED; 1186 else 1187 err = ECONNRESET; 1188 1189 d->state = BT_CLOSED; 1190 __rfcomm_dlc_close(d, err); 1191 } 1192 } else { 1193 if (s->state == BT_CONNECT) 1194 err = ECONNREFUSED; 1195 else 1196 err = ECONNRESET; 1197 1198 s->state = BT_CLOSED; 1199 rfcomm_session_close(s, err); 1200 } 1201 return 0; 1202 } 1203 1204 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1205 { 1206 int err = 0; 1207 1208 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1209 1210 if (dlci) { 1211 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1212 if (d) { 1213 rfcomm_send_ua(s, dlci); 1214 1215 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1216 err = ECONNREFUSED; 1217 else 1218 err = ECONNRESET; 1219 1220 d->state = BT_CLOSED; 1221 __rfcomm_dlc_close(d, err); 1222 } else 1223 rfcomm_send_dm(s, dlci); 1224 1225 } else { 1226 rfcomm_send_ua(s, 0); 1227 1228 if (s->state == BT_CONNECT) 1229 err = ECONNREFUSED; 1230 else 1231 err = ECONNRESET; 1232 1233 s->state = BT_CLOSED; 1234 rfcomm_session_close(s, err); 1235 } 1236 1237 return 0; 1238 } 1239 1240 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1241 { 1242 struct sock *sk = d->session->sock->sk; 1243 1244 BT_DBG("dlc %p", d); 1245 1246 rfcomm_send_ua(d->session, d->dlci); 1247 1248 rfcomm_dlc_clear_timer(d); 1249 1250 rfcomm_dlc_lock(d); 1251 d->state = BT_CONNECTED; 1252 d->state_change(d, 0); 1253 rfcomm_dlc_unlock(d); 1254 1255 if (d->role_switch) 1256 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1257 1258 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1259 } 1260 1261 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1262 { 1263 if (rfcomm_check_security(d)) { 1264 if (d->defer_setup) { 1265 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1266 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1267 1268 rfcomm_dlc_lock(d); 1269 d->state = BT_CONNECT2; 1270 d->state_change(d, 0); 1271 rfcomm_dlc_unlock(d); 1272 } else 1273 rfcomm_dlc_accept(d); 1274 } else { 1275 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1276 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1277 } 1278 } 1279 1280 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1281 { 1282 struct rfcomm_dlc *d; 1283 u8 channel; 1284 1285 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1286 1287 if (!dlci) { 1288 rfcomm_send_ua(s, 0); 1289 1290 if (s->state == BT_OPEN) { 1291 s->state = BT_CONNECTED; 1292 rfcomm_process_connect(s); 1293 } 1294 return 0; 1295 } 1296 1297 /* Check if DLC exists */ 1298 d = rfcomm_dlc_get(s, dlci); 1299 if (d) { 1300 if (d->state == BT_OPEN) { 1301 /* DLC was previously opened by PN request */ 1302 rfcomm_check_accept(d); 1303 } 1304 return 0; 1305 } 1306 1307 /* Notify socket layer about incoming connection */ 1308 channel = __srv_channel(dlci); 1309 if (rfcomm_connect_ind(s, channel, &d)) { 1310 d->dlci = dlci; 1311 d->addr = __addr(s->initiator, dlci); 1312 rfcomm_dlc_link(s, d); 1313 1314 rfcomm_check_accept(d); 1315 } else { 1316 rfcomm_send_dm(s, dlci); 1317 } 1318 1319 return 0; 1320 } 1321 1322 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1323 { 1324 struct rfcomm_session *s = d->session; 1325 1326 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1327 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1328 1329 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1330 pn->flow_ctrl == 0xe0) { 1331 d->cfc = RFCOMM_CFC_ENABLED; 1332 d->tx_credits = pn->credits; 1333 } else { 1334 d->cfc = RFCOMM_CFC_DISABLED; 1335 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1336 } 1337 1338 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1339 s->cfc = d->cfc; 1340 1341 d->priority = pn->priority; 1342 1343 d->mtu = __le16_to_cpu(pn->mtu); 1344 1345 if (cr && d->mtu > s->mtu) 1346 d->mtu = s->mtu; 1347 1348 return 0; 1349 } 1350 1351 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1352 { 1353 struct rfcomm_pn *pn = (void *) skb->data; 1354 struct rfcomm_dlc *d; 1355 u8 dlci = pn->dlci; 1356 1357 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1358 1359 if (!dlci) 1360 return 0; 1361 1362 d = rfcomm_dlc_get(s, dlci); 1363 if (d) { 1364 if (cr) { 1365 /* PN request */ 1366 rfcomm_apply_pn(d, cr, pn); 1367 rfcomm_send_pn(s, 0, d); 1368 } else { 1369 /* PN response */ 1370 switch (d->state) { 1371 case BT_CONFIG: 1372 rfcomm_apply_pn(d, cr, pn); 1373 1374 d->state = BT_CONNECT; 1375 rfcomm_send_sabm(s, d->dlci); 1376 break; 1377 } 1378 } 1379 } else { 1380 u8 channel = __srv_channel(dlci); 1381 1382 if (!cr) 1383 return 0; 1384 1385 /* PN request for non existing DLC. 1386 * Assume incoming connection. */ 1387 if (rfcomm_connect_ind(s, channel, &d)) { 1388 d->dlci = dlci; 1389 d->addr = __addr(s->initiator, dlci); 1390 rfcomm_dlc_link(s, d); 1391 1392 rfcomm_apply_pn(d, cr, pn); 1393 1394 d->state = BT_OPEN; 1395 rfcomm_send_pn(s, 0, d); 1396 } else { 1397 rfcomm_send_dm(s, dlci); 1398 } 1399 } 1400 return 0; 1401 } 1402 1403 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1404 { 1405 struct rfcomm_rpn *rpn = (void *) skb->data; 1406 u8 dlci = __get_dlci(rpn->dlci); 1407 1408 u8 bit_rate = 0; 1409 u8 data_bits = 0; 1410 u8 stop_bits = 0; 1411 u8 parity = 0; 1412 u8 flow_ctrl = 0; 1413 u8 xon_char = 0; 1414 u8 xoff_char = 0; 1415 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1416 1417 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1418 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1419 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1420 1421 if (!cr) 1422 return 0; 1423 1424 if (len == 1) { 1425 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1426 bit_rate = RFCOMM_RPN_BR_9600; 1427 data_bits = RFCOMM_RPN_DATA_8; 1428 stop_bits = RFCOMM_RPN_STOP_1; 1429 parity = RFCOMM_RPN_PARITY_NONE; 1430 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1431 xon_char = RFCOMM_RPN_XON_CHAR; 1432 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1433 goto rpn_out; 1434 } 1435 1436 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1437 * no parity, no flow control lines, normal XON/XOFF chars */ 1438 1439 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1440 bit_rate = rpn->bit_rate; 1441 if (bit_rate > RFCOMM_RPN_BR_230400) { 1442 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1443 bit_rate = RFCOMM_RPN_BR_9600; 1444 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1445 } 1446 } 1447 1448 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1449 data_bits = __get_rpn_data_bits(rpn->line_settings); 1450 if (data_bits != RFCOMM_RPN_DATA_8) { 1451 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1452 data_bits = RFCOMM_RPN_DATA_8; 1453 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1454 } 1455 } 1456 1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1458 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1459 if (stop_bits != RFCOMM_RPN_STOP_1) { 1460 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1461 stop_bits = RFCOMM_RPN_STOP_1; 1462 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1463 } 1464 } 1465 1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1467 parity = __get_rpn_parity(rpn->line_settings); 1468 if (parity != RFCOMM_RPN_PARITY_NONE) { 1469 BT_DBG("RPN parity mismatch 0x%x", parity); 1470 parity = RFCOMM_RPN_PARITY_NONE; 1471 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1472 } 1473 } 1474 1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1476 flow_ctrl = rpn->flow_ctrl; 1477 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1478 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1479 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1480 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1481 } 1482 } 1483 1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1485 xon_char = rpn->xon_char; 1486 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1487 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1488 xon_char = RFCOMM_RPN_XON_CHAR; 1489 rpn_mask ^= RFCOMM_RPN_PM_XON; 1490 } 1491 } 1492 1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1494 xoff_char = rpn->xoff_char; 1495 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1496 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1497 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1498 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1499 } 1500 } 1501 1502 rpn_out: 1503 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1504 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1505 1506 return 0; 1507 } 1508 1509 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1510 { 1511 struct rfcomm_rls *rls = (void *) skb->data; 1512 u8 dlci = __get_dlci(rls->dlci); 1513 1514 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1515 1516 if (!cr) 1517 return 0; 1518 1519 /* We should probably do something with this information here. But 1520 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1521 * mandatory to recognise and respond to RLS */ 1522 1523 rfcomm_send_rls(s, 0, dlci, rls->status); 1524 1525 return 0; 1526 } 1527 1528 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1529 { 1530 struct rfcomm_msc *msc = (void *) skb->data; 1531 struct rfcomm_dlc *d; 1532 u8 dlci = __get_dlci(msc->dlci); 1533 1534 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1535 1536 d = rfcomm_dlc_get(s, dlci); 1537 if (!d) 1538 return 0; 1539 1540 if (cr) { 1541 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1542 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1543 else 1544 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1545 1546 rfcomm_dlc_lock(d); 1547 1548 d->remote_v24_sig = msc->v24_sig; 1549 1550 if (d->modem_status) 1551 d->modem_status(d, msc->v24_sig); 1552 1553 rfcomm_dlc_unlock(d); 1554 1555 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1556 1557 d->mscex |= RFCOMM_MSCEX_RX; 1558 } else 1559 d->mscex |= RFCOMM_MSCEX_TX; 1560 1561 return 0; 1562 } 1563 1564 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1565 { 1566 struct rfcomm_mcc *mcc = (void *) skb->data; 1567 u8 type, cr, len; 1568 1569 cr = __test_cr(mcc->type); 1570 type = __get_mcc_type(mcc->type); 1571 len = __get_mcc_len(mcc->len); 1572 1573 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1574 1575 skb_pull(skb, 2); 1576 1577 switch (type) { 1578 case RFCOMM_PN: 1579 rfcomm_recv_pn(s, cr, skb); 1580 break; 1581 1582 case RFCOMM_RPN: 1583 rfcomm_recv_rpn(s, cr, len, skb); 1584 break; 1585 1586 case RFCOMM_RLS: 1587 rfcomm_recv_rls(s, cr, skb); 1588 break; 1589 1590 case RFCOMM_MSC: 1591 rfcomm_recv_msc(s, cr, skb); 1592 break; 1593 1594 case RFCOMM_FCOFF: 1595 if (cr) { 1596 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1597 rfcomm_send_fcoff(s, 0); 1598 } 1599 break; 1600 1601 case RFCOMM_FCON: 1602 if (cr) { 1603 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1604 rfcomm_send_fcon(s, 0); 1605 } 1606 break; 1607 1608 case RFCOMM_TEST: 1609 if (cr) 1610 rfcomm_send_test(s, 0, skb->data, skb->len); 1611 break; 1612 1613 case RFCOMM_NSC: 1614 break; 1615 1616 default: 1617 BT_ERR("Unknown control type 0x%02x", type); 1618 rfcomm_send_nsc(s, cr, type); 1619 break; 1620 } 1621 return 0; 1622 } 1623 1624 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1625 { 1626 struct rfcomm_dlc *d; 1627 1628 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1629 1630 d = rfcomm_dlc_get(s, dlci); 1631 if (!d) { 1632 rfcomm_send_dm(s, dlci); 1633 goto drop; 1634 } 1635 1636 if (pf && d->cfc) { 1637 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1638 1639 d->tx_credits += credits; 1640 if (d->tx_credits) 1641 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1642 } 1643 1644 if (skb->len && d->state == BT_CONNECTED) { 1645 rfcomm_dlc_lock(d); 1646 d->rx_credits--; 1647 d->data_ready(d, skb); 1648 rfcomm_dlc_unlock(d); 1649 return 0; 1650 } 1651 1652 drop: 1653 kfree_skb(skb); 1654 return 0; 1655 } 1656 1657 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1658 { 1659 struct rfcomm_hdr *hdr = (void *) skb->data; 1660 u8 type, dlci, fcs; 1661 1662 dlci = __get_dlci(hdr->addr); 1663 type = __get_type(hdr->ctrl); 1664 1665 /* Trim FCS */ 1666 skb->len--; skb->tail--; 1667 fcs = *(u8 *)skb_tail_pointer(skb); 1668 1669 if (__check_fcs(skb->data, type, fcs)) { 1670 BT_ERR("bad checksum in packet"); 1671 kfree_skb(skb); 1672 return -EILSEQ; 1673 } 1674 1675 if (__test_ea(hdr->len)) 1676 skb_pull(skb, 3); 1677 else 1678 skb_pull(skb, 4); 1679 1680 switch (type) { 1681 case RFCOMM_SABM: 1682 if (__test_pf(hdr->ctrl)) 1683 rfcomm_recv_sabm(s, dlci); 1684 break; 1685 1686 case RFCOMM_DISC: 1687 if (__test_pf(hdr->ctrl)) 1688 rfcomm_recv_disc(s, dlci); 1689 break; 1690 1691 case RFCOMM_UA: 1692 if (__test_pf(hdr->ctrl)) 1693 rfcomm_recv_ua(s, dlci); 1694 break; 1695 1696 case RFCOMM_DM: 1697 rfcomm_recv_dm(s, dlci); 1698 break; 1699 1700 case RFCOMM_UIH: 1701 if (dlci) 1702 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1703 1704 rfcomm_recv_mcc(s, skb); 1705 break; 1706 1707 default: 1708 BT_ERR("Unknown packet type 0x%02x", type); 1709 break; 1710 } 1711 kfree_skb(skb); 1712 return 0; 1713 } 1714 1715 /* ---- Connection and data processing ---- */ 1716 1717 static void rfcomm_process_connect(struct rfcomm_session *s) 1718 { 1719 struct rfcomm_dlc *d; 1720 struct list_head *p, *n; 1721 1722 BT_DBG("session %p state %ld", s, s->state); 1723 1724 list_for_each_safe(p, n, &s->dlcs) { 1725 d = list_entry(p, struct rfcomm_dlc, list); 1726 if (d->state == BT_CONFIG) { 1727 d->mtu = s->mtu; 1728 if (rfcomm_check_security(d)) { 1729 rfcomm_send_pn(s, 1, d); 1730 } else { 1731 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1732 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1733 } 1734 } 1735 } 1736 } 1737 1738 /* Send data queued for the DLC. 1739 * Return number of frames left in the queue. 1740 */ 1741 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1742 { 1743 struct sk_buff *skb; 1744 int err; 1745 1746 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1747 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1748 1749 /* Send pending MSC */ 1750 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1751 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1752 1753 if (d->cfc) { 1754 /* CFC enabled. 1755 * Give them some credits */ 1756 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1757 d->rx_credits <= (d->cfc >> 2)) { 1758 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1759 d->rx_credits = d->cfc; 1760 } 1761 } else { 1762 /* CFC disabled. 1763 * Give ourselves some credits */ 1764 d->tx_credits = 5; 1765 } 1766 1767 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1768 return skb_queue_len(&d->tx_queue); 1769 1770 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1771 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1772 if (err < 0) { 1773 skb_queue_head(&d->tx_queue, skb); 1774 break; 1775 } 1776 kfree_skb(skb); 1777 d->tx_credits--; 1778 } 1779 1780 if (d->cfc && !d->tx_credits) { 1781 /* We're out of TX credits. 1782 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1783 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1784 } 1785 1786 return skb_queue_len(&d->tx_queue); 1787 } 1788 1789 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1790 { 1791 struct rfcomm_dlc *d; 1792 struct list_head *p, *n; 1793 1794 BT_DBG("session %p state %ld", s, s->state); 1795 1796 list_for_each_safe(p, n, &s->dlcs) { 1797 d = list_entry(p, struct rfcomm_dlc, list); 1798 1799 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1800 __rfcomm_dlc_close(d, ETIMEDOUT); 1801 continue; 1802 } 1803 1804 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1805 rfcomm_dlc_clear_timer(d); 1806 if (d->out) { 1807 rfcomm_send_pn(s, 1, d); 1808 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1809 } else { 1810 if (d->defer_setup) { 1811 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1812 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1813 1814 rfcomm_dlc_lock(d); 1815 d->state = BT_CONNECT2; 1816 d->state_change(d, 0); 1817 rfcomm_dlc_unlock(d); 1818 } else 1819 rfcomm_dlc_accept(d); 1820 } 1821 continue; 1822 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1823 rfcomm_dlc_clear_timer(d); 1824 if (!d->out) 1825 rfcomm_send_dm(s, d->dlci); 1826 else 1827 d->state = BT_CLOSED; 1828 __rfcomm_dlc_close(d, ECONNREFUSED); 1829 continue; 1830 } 1831 1832 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1833 continue; 1834 1835 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1836 continue; 1837 1838 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1839 d->mscex == RFCOMM_MSCEX_OK) 1840 rfcomm_process_tx(d); 1841 } 1842 } 1843 1844 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1845 { 1846 struct socket *sock = s->sock; 1847 struct sock *sk = sock->sk; 1848 struct sk_buff *skb; 1849 1850 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1851 1852 /* Get data directly from socket receive queue without copying it. */ 1853 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1854 skb_orphan(skb); 1855 rfcomm_recv_frame(s, skb); 1856 } 1857 1858 if (sk->sk_state == BT_CLOSED) { 1859 if (!s->initiator) 1860 rfcomm_session_put(s); 1861 1862 rfcomm_session_close(s, sk->sk_err); 1863 } 1864 } 1865 1866 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1867 { 1868 struct socket *sock = s->sock, *nsock; 1869 int err; 1870 1871 /* Fast check for a new connection. 1872 * Avoids unnesesary socket allocations. */ 1873 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1874 return; 1875 1876 BT_DBG("session %p", s); 1877 1878 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1879 if (err < 0) 1880 return; 1881 1882 /* Set our callbacks */ 1883 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1884 nsock->sk->sk_state_change = rfcomm_l2state_change; 1885 1886 s = rfcomm_session_add(nsock, BT_OPEN); 1887 if (s) { 1888 rfcomm_session_hold(s); 1889 1890 /* We should adjust MTU on incoming sessions. 1891 * L2CAP MTU minus UIH header and FCS. */ 1892 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1893 1894 rfcomm_schedule(); 1895 } else 1896 sock_release(nsock); 1897 } 1898 1899 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1900 { 1901 struct sock *sk = s->sock->sk; 1902 1903 BT_DBG("%p state %ld", s, s->state); 1904 1905 switch (sk->sk_state) { 1906 case BT_CONNECTED: 1907 s->state = BT_CONNECT; 1908 1909 /* We can adjust MTU on outgoing sessions. 1910 * L2CAP MTU minus UIH header and FCS. */ 1911 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1912 1913 rfcomm_send_sabm(s, 0); 1914 break; 1915 1916 case BT_CLOSED: 1917 s->state = BT_CLOSED; 1918 rfcomm_session_close(s, sk->sk_err); 1919 break; 1920 } 1921 } 1922 1923 static inline void rfcomm_process_sessions(void) 1924 { 1925 struct list_head *p, *n; 1926 1927 rfcomm_lock(); 1928 1929 list_for_each_safe(p, n, &session_list) { 1930 struct rfcomm_session *s; 1931 s = list_entry(p, struct rfcomm_session, list); 1932 1933 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1934 s->state = BT_DISCONN; 1935 rfcomm_send_disc(s, 0); 1936 rfcomm_session_put(s); 1937 continue; 1938 } 1939 1940 if (s->state == BT_LISTEN) { 1941 rfcomm_accept_connection(s); 1942 continue; 1943 } 1944 1945 rfcomm_session_hold(s); 1946 1947 switch (s->state) { 1948 case BT_BOUND: 1949 rfcomm_check_connection(s); 1950 break; 1951 1952 default: 1953 rfcomm_process_rx(s); 1954 break; 1955 } 1956 1957 rfcomm_process_dlcs(s); 1958 1959 rfcomm_session_put(s); 1960 } 1961 1962 rfcomm_unlock(); 1963 } 1964 1965 static int rfcomm_add_listener(bdaddr_t *ba) 1966 { 1967 struct sockaddr_l2 addr; 1968 struct socket *sock; 1969 struct sock *sk; 1970 struct rfcomm_session *s; 1971 int err = 0; 1972 1973 /* Create socket */ 1974 err = rfcomm_l2sock_create(&sock); 1975 if (err < 0) { 1976 BT_ERR("Create socket failed %d", err); 1977 return err; 1978 } 1979 1980 /* Bind socket */ 1981 bacpy(&addr.l2_bdaddr, ba); 1982 addr.l2_family = AF_BLUETOOTH; 1983 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1984 addr.l2_cid = 0; 1985 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1986 if (err < 0) { 1987 BT_ERR("Bind failed %d", err); 1988 goto failed; 1989 } 1990 1991 /* Set L2CAP options */ 1992 sk = sock->sk; 1993 lock_sock(sk); 1994 l2cap_pi(sk)->imtu = l2cap_mtu; 1995 release_sock(sk); 1996 1997 /* Start listening on the socket */ 1998 err = kernel_listen(sock, 10); 1999 if (err) { 2000 BT_ERR("Listen failed %d", err); 2001 goto failed; 2002 } 2003 2004 /* Add listening session */ 2005 s = rfcomm_session_add(sock, BT_LISTEN); 2006 if (!s) 2007 goto failed; 2008 2009 rfcomm_session_hold(s); 2010 return 0; 2011 failed: 2012 sock_release(sock); 2013 return err; 2014 } 2015 2016 static void rfcomm_kill_listener(void) 2017 { 2018 struct rfcomm_session *s; 2019 struct list_head *p, *n; 2020 2021 BT_DBG(""); 2022 2023 list_for_each_safe(p, n, &session_list) { 2024 s = list_entry(p, struct rfcomm_session, list); 2025 rfcomm_session_del(s); 2026 } 2027 } 2028 2029 static int rfcomm_run(void *unused) 2030 { 2031 BT_DBG(""); 2032 2033 set_user_nice(current, -10); 2034 2035 rfcomm_add_listener(BDADDR_ANY); 2036 2037 while (!kthread_should_stop()) { 2038 set_current_state(TASK_INTERRUPTIBLE); 2039 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2040 /* No pending events. Let's sleep. 2041 * Incoming connections and data will wake us up. */ 2042 schedule(); 2043 } 2044 set_current_state(TASK_RUNNING); 2045 2046 /* Process stuff */ 2047 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2048 rfcomm_process_sessions(); 2049 } 2050 2051 rfcomm_kill_listener(); 2052 2053 return 0; 2054 } 2055 2056 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2057 { 2058 struct rfcomm_session *s; 2059 struct rfcomm_dlc *d; 2060 struct list_head *p, *n; 2061 2062 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2063 2064 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2065 if (!s) 2066 return; 2067 2068 rfcomm_session_hold(s); 2069 2070 list_for_each_safe(p, n, &s->dlcs) { 2071 d = list_entry(p, struct rfcomm_dlc, list); 2072 2073 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2074 rfcomm_dlc_clear_timer(d); 2075 if (status || encrypt == 0x00) { 2076 __rfcomm_dlc_close(d, ECONNREFUSED); 2077 continue; 2078 } 2079 } 2080 2081 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2082 if (d->sec_level == BT_SECURITY_MEDIUM) { 2083 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2084 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2085 continue; 2086 } else if (d->sec_level == BT_SECURITY_HIGH) { 2087 __rfcomm_dlc_close(d, ECONNREFUSED); 2088 continue; 2089 } 2090 } 2091 2092 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2093 continue; 2094 2095 if (!status) 2096 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2097 else 2098 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2099 } 2100 2101 rfcomm_session_put(s); 2102 2103 rfcomm_schedule(); 2104 } 2105 2106 static struct hci_cb rfcomm_cb = { 2107 .name = "RFCOMM", 2108 .security_cfm = rfcomm_security_cfm 2109 }; 2110 2111 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2112 { 2113 struct rfcomm_session *s; 2114 struct list_head *pp, *p; 2115 2116 rfcomm_lock(); 2117 2118 list_for_each(p, &session_list) { 2119 s = list_entry(p, struct rfcomm_session, list); 2120 list_for_each(pp, &s->dlcs) { 2121 struct sock *sk = s->sock->sk; 2122 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2123 2124 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2125 batostr(&bt_sk(sk)->src), 2126 batostr(&bt_sk(sk)->dst), 2127 d->state, d->dlci, d->mtu, 2128 d->rx_credits, d->tx_credits); 2129 } 2130 } 2131 2132 rfcomm_unlock(); 2133 2134 return 0; 2135 } 2136 2137 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2138 { 2139 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2140 } 2141 2142 static const struct file_operations rfcomm_dlc_debugfs_fops = { 2143 .open = rfcomm_dlc_debugfs_open, 2144 .read = seq_read, 2145 .llseek = seq_lseek, 2146 .release = single_release, 2147 }; 2148 2149 static struct dentry *rfcomm_dlc_debugfs; 2150 2151 /* ---- Initialization ---- */ 2152 static int __init rfcomm_init(void) 2153 { 2154 int err; 2155 2156 l2cap_load(); 2157 2158 hci_register_cb(&rfcomm_cb); 2159 2160 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2161 if (IS_ERR(rfcomm_thread)) { 2162 err = PTR_ERR(rfcomm_thread); 2163 goto unregister; 2164 } 2165 2166 if (bt_debugfs) { 2167 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2168 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2169 if (!rfcomm_dlc_debugfs) 2170 BT_ERR("Failed to create RFCOMM debug file"); 2171 } 2172 2173 err = rfcomm_init_ttys(); 2174 if (err < 0) 2175 goto stop; 2176 2177 err = rfcomm_init_sockets(); 2178 if (err < 0) 2179 goto cleanup; 2180 2181 BT_INFO("RFCOMM ver %s", VERSION); 2182 2183 return 0; 2184 2185 cleanup: 2186 rfcomm_cleanup_ttys(); 2187 2188 stop: 2189 kthread_stop(rfcomm_thread); 2190 2191 unregister: 2192 hci_unregister_cb(&rfcomm_cb); 2193 2194 return err; 2195 } 2196 2197 static void __exit rfcomm_exit(void) 2198 { 2199 debugfs_remove(rfcomm_dlc_debugfs); 2200 2201 hci_unregister_cb(&rfcomm_cb); 2202 2203 kthread_stop(rfcomm_thread); 2204 2205 rfcomm_cleanup_ttys(); 2206 2207 rfcomm_cleanup_sockets(); 2208 } 2209 2210 module_init(rfcomm_init); 2211 module_exit(rfcomm_exit); 2212 2213 module_param(disable_cfc, bool, 0644); 2214 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2215 2216 module_param(channel_mtu, int, 0644); 2217 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2218 2219 module_param(l2cap_mtu, uint, 0644); 2220 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2221 2222 module_param(l2cap_ertm, bool, 0644); 2223 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2224 2225 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2226 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2227 MODULE_VERSION(VERSION); 2228 MODULE_LICENSE("GPL"); 2229 MODULE_ALIAS("bt-proto-3"); 2230