1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/debugfs.h> 30 #include <linux/kthread.h> 31 #include <asm/unaligned.h> 32 33 #include <net/bluetooth/bluetooth.h> 34 #include <net/bluetooth/hci_core.h> 35 #include <net/bluetooth/l2cap.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define VERSION "1.11" 39 40 static bool disable_cfc; 41 static bool l2cap_ertm; 42 static int channel_mtu = -1; 43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 44 45 static struct task_struct *rfcomm_thread; 46 47 static DEFINE_MUTEX(rfcomm_mutex); 48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 50 51 52 static LIST_HEAD(session_list); 53 54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 57 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 64 65 static void rfcomm_process_connect(struct rfcomm_session *s); 66 67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 68 bdaddr_t *dst, 69 u8 sec_level, 70 int *err); 71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s); 73 74 /* ---- RFCOMM frame parsing macros ---- */ 75 #define __get_dlci(b) ((b & 0xfc) >> 2) 76 #define __get_channel(b) ((b & 0xf8) >> 3) 77 #define __get_dir(b) ((b & 0x04) >> 2) 78 #define __get_type(b) ((b & 0xef)) 79 80 #define __test_ea(b) ((b & 0x01)) 81 #define __test_cr(b) ((b & 0x02)) 82 #define __test_pf(b) ((b & 0x10)) 83 84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 87 #define __srv_channel(dlci) (dlci >> 1) 88 #define __dir(dlci) (dlci & 0x01) 89 90 #define __len8(len) (((len) << 1) | 1) 91 #define __len16(len) ((len) << 1) 92 93 /* MCC macros */ 94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 95 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 96 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 97 98 /* RPN macros */ 99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 100 #define __get_rpn_data_bits(line) ((line) & 0x3) 101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 103 104 static void rfcomm_schedule(void) 105 { 106 if (!rfcomm_thread) 107 return; 108 wake_up_process(rfcomm_thread); 109 } 110 111 /* ---- RFCOMM FCS computation ---- */ 112 113 /* reversed, 8-bit, poly=0x07 */ 114 static unsigned char rfcomm_crc_table[256] = { 115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 119 120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 124 125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 129 130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 134 135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 139 140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 144 145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 149 150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 154 }; 155 156 /* CRC on 2 bytes */ 157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 158 159 /* FCS on 2 bytes */ 160 static inline u8 __fcs(u8 *data) 161 { 162 return 0xff - __crc(data); 163 } 164 165 /* FCS on 3 bytes */ 166 static inline u8 __fcs2(u8 *data) 167 { 168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 169 } 170 171 /* Check FCS */ 172 static inline int __check_fcs(u8 *data, int type, u8 fcs) 173 { 174 u8 f = __crc(data); 175 176 if (type != RFCOMM_UIH) 177 f = rfcomm_crc_table[f ^ data[2]]; 178 179 return rfcomm_crc_table[f ^ fcs] != 0xcf; 180 } 181 182 /* ---- L2CAP callbacks ---- */ 183 static void rfcomm_l2state_change(struct sock *sk) 184 { 185 BT_DBG("%p state %d", sk, sk->sk_state); 186 rfcomm_schedule(); 187 } 188 189 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 190 { 191 BT_DBG("%p bytes %d", sk, bytes); 192 rfcomm_schedule(); 193 } 194 195 static int rfcomm_l2sock_create(struct socket **sock) 196 { 197 int err; 198 199 BT_DBG(""); 200 201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 202 if (!err) { 203 struct sock *sk = (*sock)->sk; 204 sk->sk_data_ready = rfcomm_l2data_ready; 205 sk->sk_state_change = rfcomm_l2state_change; 206 } 207 return err; 208 } 209 210 static int rfcomm_check_security(struct rfcomm_dlc *d) 211 { 212 struct sock *sk = d->session->sock->sk; 213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 214 215 __u8 auth_type; 216 217 switch (d->sec_level) { 218 case BT_SECURITY_HIGH: 219 auth_type = HCI_AT_GENERAL_BONDING_MITM; 220 break; 221 case BT_SECURITY_MEDIUM: 222 auth_type = HCI_AT_GENERAL_BONDING; 223 break; 224 default: 225 auth_type = HCI_AT_NO_BONDING; 226 break; 227 } 228 229 return hci_conn_security(conn->hcon, d->sec_level, auth_type); 230 } 231 232 static void rfcomm_session_timeout(unsigned long arg) 233 { 234 struct rfcomm_session *s = (void *) arg; 235 236 BT_DBG("session %p state %ld", s, s->state); 237 238 set_bit(RFCOMM_TIMED_OUT, &s->flags); 239 rfcomm_schedule(); 240 } 241 242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 243 { 244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 245 246 mod_timer(&s->timer, jiffies + timeout); 247 } 248 249 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 250 { 251 BT_DBG("session %p state %ld", s, s->state); 252 253 del_timer_sync(&s->timer); 254 } 255 256 /* ---- RFCOMM DLCs ---- */ 257 static void rfcomm_dlc_timeout(unsigned long arg) 258 { 259 struct rfcomm_dlc *d = (void *) arg; 260 261 BT_DBG("dlc %p state %ld", d, d->state); 262 263 set_bit(RFCOMM_TIMED_OUT, &d->flags); 264 rfcomm_dlc_put(d); 265 rfcomm_schedule(); 266 } 267 268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 269 { 270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 271 272 if (!mod_timer(&d->timer, jiffies + timeout)) 273 rfcomm_dlc_hold(d); 274 } 275 276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 277 { 278 BT_DBG("dlc %p state %ld", d, d->state); 279 280 if (del_timer(&d->timer)) 281 rfcomm_dlc_put(d); 282 } 283 284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 285 { 286 BT_DBG("%p", d); 287 288 d->state = BT_OPEN; 289 d->flags = 0; 290 d->mscex = 0; 291 d->sec_level = BT_SECURITY_LOW; 292 d->mtu = RFCOMM_DEFAULT_MTU; 293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 294 295 d->cfc = RFCOMM_CFC_DISABLED; 296 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 297 } 298 299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 300 { 301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 302 303 if (!d) 304 return NULL; 305 306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 307 308 skb_queue_head_init(&d->tx_queue); 309 spin_lock_init(&d->lock); 310 atomic_set(&d->refcnt, 1); 311 312 rfcomm_dlc_clear_state(d); 313 314 BT_DBG("%p", d); 315 316 return d; 317 } 318 319 void rfcomm_dlc_free(struct rfcomm_dlc *d) 320 { 321 BT_DBG("%p", d); 322 323 skb_queue_purge(&d->tx_queue); 324 kfree(d); 325 } 326 327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 328 { 329 BT_DBG("dlc %p session %p", d, s); 330 331 rfcomm_session_clear_timer(s); 332 rfcomm_dlc_hold(d); 333 list_add(&d->list, &s->dlcs); 334 d->session = s; 335 } 336 337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 338 { 339 struct rfcomm_session *s = d->session; 340 341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 342 343 list_del(&d->list); 344 d->session = NULL; 345 rfcomm_dlc_put(d); 346 347 if (list_empty(&s->dlcs)) 348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 349 } 350 351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 352 { 353 struct rfcomm_dlc *d; 354 355 list_for_each_entry(d, &s->dlcs, list) 356 if (d->dlci == dlci) 357 return d; 358 359 return NULL; 360 } 361 362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 363 { 364 struct rfcomm_session *s; 365 int err = 0; 366 u8 dlci; 367 368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d", 369 d, d->state, src, dst, channel); 370 371 if (channel < 1 || channel > 30) 372 return -EINVAL; 373 374 if (d->state != BT_OPEN && d->state != BT_CLOSED) 375 return 0; 376 377 s = rfcomm_session_get(src, dst); 378 if (!s) { 379 s = rfcomm_session_create(src, dst, d->sec_level, &err); 380 if (!s) 381 return err; 382 } 383 384 dlci = __dlci(!s->initiator, channel); 385 386 /* Check if DLCI already exists */ 387 if (rfcomm_dlc_get(s, dlci)) 388 return -EBUSY; 389 390 rfcomm_dlc_clear_state(d); 391 392 d->dlci = dlci; 393 d->addr = __addr(s->initiator, dlci); 394 d->priority = 7; 395 396 d->state = BT_CONFIG; 397 rfcomm_dlc_link(s, d); 398 399 d->out = 1; 400 401 d->mtu = s->mtu; 402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 403 404 if (s->state == BT_CONNECTED) { 405 if (rfcomm_check_security(d)) 406 rfcomm_send_pn(s, 1, d); 407 else 408 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 409 } 410 411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 412 413 return 0; 414 } 415 416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 417 { 418 int r; 419 420 rfcomm_lock(); 421 422 r = __rfcomm_dlc_open(d, src, dst, channel); 423 424 rfcomm_unlock(); 425 return r; 426 } 427 428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 429 { 430 struct rfcomm_session *s = d->session; 431 if (!s) 432 return 0; 433 434 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 435 d, d->state, d->dlci, err, s); 436 437 switch (d->state) { 438 case BT_CONNECT: 439 case BT_CONFIG: 440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 441 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 442 rfcomm_schedule(); 443 break; 444 } 445 /* Fall through */ 446 447 case BT_CONNECTED: 448 d->state = BT_DISCONN; 449 if (skb_queue_empty(&d->tx_queue)) { 450 rfcomm_send_disc(s, d->dlci); 451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 452 } else { 453 rfcomm_queue_disc(d); 454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 455 } 456 break; 457 458 case BT_OPEN: 459 case BT_CONNECT2: 460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 461 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 462 rfcomm_schedule(); 463 break; 464 } 465 /* Fall through */ 466 467 default: 468 rfcomm_dlc_clear_timer(d); 469 470 rfcomm_dlc_lock(d); 471 d->state = BT_CLOSED; 472 d->state_change(d, err); 473 rfcomm_dlc_unlock(d); 474 475 skb_queue_purge(&d->tx_queue); 476 rfcomm_dlc_unlink(d); 477 } 478 479 return 0; 480 } 481 482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 483 { 484 int r = 0; 485 struct rfcomm_dlc *d_list; 486 struct rfcomm_session *s, *s_list; 487 488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err); 489 490 rfcomm_lock(); 491 492 s = d->session; 493 if (!s) 494 goto no_session; 495 496 /* after waiting on the mutex check the session still exists 497 * then check the dlc still exists 498 */ 499 list_for_each_entry(s_list, &session_list, list) { 500 if (s_list == s) { 501 list_for_each_entry(d_list, &s->dlcs, list) { 502 if (d_list == d) { 503 r = __rfcomm_dlc_close(d, err); 504 break; 505 } 506 } 507 break; 508 } 509 } 510 511 no_session: 512 rfcomm_unlock(); 513 return r; 514 } 515 516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 517 { 518 int len = skb->len; 519 520 if (d->state != BT_CONNECTED) 521 return -ENOTCONN; 522 523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 524 525 if (len > d->mtu) 526 return -EINVAL; 527 528 rfcomm_make_uih(skb, d->addr); 529 skb_queue_tail(&d->tx_queue, skb); 530 531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 532 rfcomm_schedule(); 533 return len; 534 } 535 536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 537 { 538 BT_DBG("dlc %p state %ld", d, d->state); 539 540 if (!d->cfc) { 541 d->v24_sig |= RFCOMM_V24_FC; 542 set_bit(RFCOMM_MSC_PENDING, &d->flags); 543 } 544 rfcomm_schedule(); 545 } 546 547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 548 { 549 BT_DBG("dlc %p state %ld", d, d->state); 550 551 if (!d->cfc) { 552 d->v24_sig &= ~RFCOMM_V24_FC; 553 set_bit(RFCOMM_MSC_PENDING, &d->flags); 554 } 555 rfcomm_schedule(); 556 } 557 558 /* 559 Set/get modem status functions use _local_ status i.e. what we report 560 to the other side. 561 Remote status is provided by dlc->modem_status() callback. 562 */ 563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 564 { 565 BT_DBG("dlc %p state %ld v24_sig 0x%x", 566 d, d->state, v24_sig); 567 568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 569 v24_sig |= RFCOMM_V24_FC; 570 else 571 v24_sig &= ~RFCOMM_V24_FC; 572 573 d->v24_sig = v24_sig; 574 575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 576 rfcomm_schedule(); 577 578 return 0; 579 } 580 581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 582 { 583 BT_DBG("dlc %p state %ld v24_sig 0x%x", 584 d, d->state, d->v24_sig); 585 586 *v24_sig = d->v24_sig; 587 return 0; 588 } 589 590 /* ---- RFCOMM sessions ---- */ 591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 592 { 593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 594 595 if (!s) 596 return NULL; 597 598 BT_DBG("session %p sock %p", s, sock); 599 600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 601 602 INIT_LIST_HEAD(&s->dlcs); 603 s->state = state; 604 s->sock = sock; 605 606 s->mtu = RFCOMM_DEFAULT_MTU; 607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 608 609 /* Do not increment module usage count for listening sessions. 610 * Otherwise we won't be able to unload the module. */ 611 if (state != BT_LISTEN) 612 if (!try_module_get(THIS_MODULE)) { 613 kfree(s); 614 return NULL; 615 } 616 617 list_add(&s->list, &session_list); 618 619 return s; 620 } 621 622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s) 623 { 624 int state = s->state; 625 626 BT_DBG("session %p state %ld", s, s->state); 627 628 list_del(&s->list); 629 630 rfcomm_session_clear_timer(s); 631 sock_release(s->sock); 632 kfree(s); 633 634 if (state != BT_LISTEN) 635 module_put(THIS_MODULE); 636 637 return NULL; 638 } 639 640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 641 { 642 struct rfcomm_session *s; 643 struct list_head *p, *n; 644 struct bt_sock *sk; 645 list_for_each_safe(p, n, &session_list) { 646 s = list_entry(p, struct rfcomm_session, list); 647 sk = bt_sk(s->sock->sk); 648 649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 650 !bacmp(&sk->dst, dst)) 651 return s; 652 } 653 return NULL; 654 } 655 656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s, 657 int err) 658 { 659 struct rfcomm_dlc *d; 660 struct list_head *p, *n; 661 662 s->state = BT_CLOSED; 663 664 BT_DBG("session %p state %ld err %d", s, s->state, err); 665 666 /* Close all dlcs */ 667 list_for_each_safe(p, n, &s->dlcs) { 668 d = list_entry(p, struct rfcomm_dlc, list); 669 d->state = BT_CLOSED; 670 __rfcomm_dlc_close(d, err); 671 } 672 673 rfcomm_session_clear_timer(s); 674 return rfcomm_session_del(s); 675 } 676 677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 678 bdaddr_t *dst, 679 u8 sec_level, 680 int *err) 681 { 682 struct rfcomm_session *s = NULL; 683 struct sockaddr_l2 addr; 684 struct socket *sock; 685 struct sock *sk; 686 687 BT_DBG("%pMR -> %pMR", src, dst); 688 689 *err = rfcomm_l2sock_create(&sock); 690 if (*err < 0) 691 return NULL; 692 693 bacpy(&addr.l2_bdaddr, src); 694 addr.l2_family = AF_BLUETOOTH; 695 addr.l2_psm = 0; 696 addr.l2_cid = 0; 697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 698 if (*err < 0) 699 goto failed; 700 701 /* Set L2CAP options */ 702 sk = sock->sk; 703 lock_sock(sk); 704 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 705 l2cap_pi(sk)->chan->sec_level = sec_level; 706 if (l2cap_ertm) 707 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM; 708 release_sock(sk); 709 710 s = rfcomm_session_add(sock, BT_BOUND); 711 if (!s) { 712 *err = -ENOMEM; 713 goto failed; 714 } 715 716 s->initiator = 1; 717 718 bacpy(&addr.l2_bdaddr, dst); 719 addr.l2_family = AF_BLUETOOTH; 720 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 721 addr.l2_cid = 0; 722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 723 if (*err == 0 || *err == -EINPROGRESS) 724 return s; 725 726 return rfcomm_session_del(s); 727 728 failed: 729 sock_release(sock); 730 return NULL; 731 } 732 733 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 734 { 735 struct sock *sk = s->sock->sk; 736 if (src) 737 bacpy(src, &bt_sk(sk)->src); 738 if (dst) 739 bacpy(dst, &bt_sk(sk)->dst); 740 } 741 742 /* ---- RFCOMM frame sending ---- */ 743 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 744 { 745 struct kvec iv = { data, len }; 746 struct msghdr msg; 747 748 BT_DBG("session %p len %d", s, len); 749 750 memset(&msg, 0, sizeof(msg)); 751 752 return kernel_sendmsg(s->sock, &msg, &iv, 1, len); 753 } 754 755 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd) 756 { 757 BT_DBG("%p cmd %u", s, cmd->ctrl); 758 759 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd)); 760 } 761 762 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 763 { 764 struct rfcomm_cmd cmd; 765 766 BT_DBG("%p dlci %d", s, dlci); 767 768 cmd.addr = __addr(s->initiator, dlci); 769 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 770 cmd.len = __len8(0); 771 cmd.fcs = __fcs2((u8 *) &cmd); 772 773 return rfcomm_send_cmd(s, &cmd); 774 } 775 776 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 777 { 778 struct rfcomm_cmd cmd; 779 780 BT_DBG("%p dlci %d", s, dlci); 781 782 cmd.addr = __addr(!s->initiator, dlci); 783 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 784 cmd.len = __len8(0); 785 cmd.fcs = __fcs2((u8 *) &cmd); 786 787 return rfcomm_send_cmd(s, &cmd); 788 } 789 790 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 791 { 792 struct rfcomm_cmd cmd; 793 794 BT_DBG("%p dlci %d", s, dlci); 795 796 cmd.addr = __addr(s->initiator, dlci); 797 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 798 cmd.len = __len8(0); 799 cmd.fcs = __fcs2((u8 *) &cmd); 800 801 return rfcomm_send_cmd(s, &cmd); 802 } 803 804 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 805 { 806 struct rfcomm_cmd *cmd; 807 struct sk_buff *skb; 808 809 BT_DBG("dlc %p dlci %d", d, d->dlci); 810 811 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 812 if (!skb) 813 return -ENOMEM; 814 815 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 816 cmd->addr = d->addr; 817 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 818 cmd->len = __len8(0); 819 cmd->fcs = __fcs2((u8 *) cmd); 820 821 skb_queue_tail(&d->tx_queue, skb); 822 rfcomm_schedule(); 823 return 0; 824 } 825 826 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 827 { 828 struct rfcomm_cmd cmd; 829 830 BT_DBG("%p dlci %d", s, dlci); 831 832 cmd.addr = __addr(!s->initiator, dlci); 833 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 834 cmd.len = __len8(0); 835 cmd.fcs = __fcs2((u8 *) &cmd); 836 837 return rfcomm_send_cmd(s, &cmd); 838 } 839 840 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 841 { 842 struct rfcomm_hdr *hdr; 843 struct rfcomm_mcc *mcc; 844 u8 buf[16], *ptr = buf; 845 846 BT_DBG("%p cr %d type %d", s, cr, type); 847 848 hdr = (void *) ptr; ptr += sizeof(*hdr); 849 hdr->addr = __addr(s->initiator, 0); 850 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 851 hdr->len = __len8(sizeof(*mcc) + 1); 852 853 mcc = (void *) ptr; ptr += sizeof(*mcc); 854 mcc->type = __mcc_type(cr, RFCOMM_NSC); 855 mcc->len = __len8(1); 856 857 /* Type that we didn't like */ 858 *ptr = __mcc_type(cr, type); ptr++; 859 860 *ptr = __fcs(buf); ptr++; 861 862 return rfcomm_send_frame(s, buf, ptr - buf); 863 } 864 865 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 866 { 867 struct rfcomm_hdr *hdr; 868 struct rfcomm_mcc *mcc; 869 struct rfcomm_pn *pn; 870 u8 buf[16], *ptr = buf; 871 872 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 873 874 hdr = (void *) ptr; ptr += sizeof(*hdr); 875 hdr->addr = __addr(s->initiator, 0); 876 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 877 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 878 879 mcc = (void *) ptr; ptr += sizeof(*mcc); 880 mcc->type = __mcc_type(cr, RFCOMM_PN); 881 mcc->len = __len8(sizeof(*pn)); 882 883 pn = (void *) ptr; ptr += sizeof(*pn); 884 pn->dlci = d->dlci; 885 pn->priority = d->priority; 886 pn->ack_timer = 0; 887 pn->max_retrans = 0; 888 889 if (s->cfc) { 890 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 891 pn->credits = RFCOMM_DEFAULT_CREDITS; 892 } else { 893 pn->flow_ctrl = 0; 894 pn->credits = 0; 895 } 896 897 if (cr && channel_mtu >= 0) 898 pn->mtu = cpu_to_le16(channel_mtu); 899 else 900 pn->mtu = cpu_to_le16(d->mtu); 901 902 *ptr = __fcs(buf); ptr++; 903 904 return rfcomm_send_frame(s, buf, ptr - buf); 905 } 906 907 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 908 u8 bit_rate, u8 data_bits, u8 stop_bits, 909 u8 parity, u8 flow_ctrl_settings, 910 u8 xon_char, u8 xoff_char, u16 param_mask) 911 { 912 struct rfcomm_hdr *hdr; 913 struct rfcomm_mcc *mcc; 914 struct rfcomm_rpn *rpn; 915 u8 buf[16], *ptr = buf; 916 917 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 918 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 919 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 920 flow_ctrl_settings, xon_char, xoff_char, param_mask); 921 922 hdr = (void *) ptr; ptr += sizeof(*hdr); 923 hdr->addr = __addr(s->initiator, 0); 924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 925 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 926 927 mcc = (void *) ptr; ptr += sizeof(*mcc); 928 mcc->type = __mcc_type(cr, RFCOMM_RPN); 929 mcc->len = __len8(sizeof(*rpn)); 930 931 rpn = (void *) ptr; ptr += sizeof(*rpn); 932 rpn->dlci = __addr(1, dlci); 933 rpn->bit_rate = bit_rate; 934 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 935 rpn->flow_ctrl = flow_ctrl_settings; 936 rpn->xon_char = xon_char; 937 rpn->xoff_char = xoff_char; 938 rpn->param_mask = cpu_to_le16(param_mask); 939 940 *ptr = __fcs(buf); ptr++; 941 942 return rfcomm_send_frame(s, buf, ptr - buf); 943 } 944 945 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 946 { 947 struct rfcomm_hdr *hdr; 948 struct rfcomm_mcc *mcc; 949 struct rfcomm_rls *rls; 950 u8 buf[16], *ptr = buf; 951 952 BT_DBG("%p cr %d status 0x%x", s, cr, status); 953 954 hdr = (void *) ptr; ptr += sizeof(*hdr); 955 hdr->addr = __addr(s->initiator, 0); 956 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 957 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 958 959 mcc = (void *) ptr; ptr += sizeof(*mcc); 960 mcc->type = __mcc_type(cr, RFCOMM_RLS); 961 mcc->len = __len8(sizeof(*rls)); 962 963 rls = (void *) ptr; ptr += sizeof(*rls); 964 rls->dlci = __addr(1, dlci); 965 rls->status = status; 966 967 *ptr = __fcs(buf); ptr++; 968 969 return rfcomm_send_frame(s, buf, ptr - buf); 970 } 971 972 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 973 { 974 struct rfcomm_hdr *hdr; 975 struct rfcomm_mcc *mcc; 976 struct rfcomm_msc *msc; 977 u8 buf[16], *ptr = buf; 978 979 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 980 981 hdr = (void *) ptr; ptr += sizeof(*hdr); 982 hdr->addr = __addr(s->initiator, 0); 983 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 984 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 985 986 mcc = (void *) ptr; ptr += sizeof(*mcc); 987 mcc->type = __mcc_type(cr, RFCOMM_MSC); 988 mcc->len = __len8(sizeof(*msc)); 989 990 msc = (void *) ptr; ptr += sizeof(*msc); 991 msc->dlci = __addr(1, dlci); 992 msc->v24_sig = v24_sig | 0x01; 993 994 *ptr = __fcs(buf); ptr++; 995 996 return rfcomm_send_frame(s, buf, ptr - buf); 997 } 998 999 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1000 { 1001 struct rfcomm_hdr *hdr; 1002 struct rfcomm_mcc *mcc; 1003 u8 buf[16], *ptr = buf; 1004 1005 BT_DBG("%p cr %d", s, cr); 1006 1007 hdr = (void *) ptr; ptr += sizeof(*hdr); 1008 hdr->addr = __addr(s->initiator, 0); 1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1010 hdr->len = __len8(sizeof(*mcc)); 1011 1012 mcc = (void *) ptr; ptr += sizeof(*mcc); 1013 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1014 mcc->len = __len8(0); 1015 1016 *ptr = __fcs(buf); ptr++; 1017 1018 return rfcomm_send_frame(s, buf, ptr - buf); 1019 } 1020 1021 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1022 { 1023 struct rfcomm_hdr *hdr; 1024 struct rfcomm_mcc *mcc; 1025 u8 buf[16], *ptr = buf; 1026 1027 BT_DBG("%p cr %d", s, cr); 1028 1029 hdr = (void *) ptr; ptr += sizeof(*hdr); 1030 hdr->addr = __addr(s->initiator, 0); 1031 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1032 hdr->len = __len8(sizeof(*mcc)); 1033 1034 mcc = (void *) ptr; ptr += sizeof(*mcc); 1035 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1036 mcc->len = __len8(0); 1037 1038 *ptr = __fcs(buf); ptr++; 1039 1040 return rfcomm_send_frame(s, buf, ptr - buf); 1041 } 1042 1043 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1044 { 1045 struct socket *sock = s->sock; 1046 struct kvec iv[3]; 1047 struct msghdr msg; 1048 unsigned char hdr[5], crc[1]; 1049 1050 if (len > 125) 1051 return -EINVAL; 1052 1053 BT_DBG("%p cr %d", s, cr); 1054 1055 hdr[0] = __addr(s->initiator, 0); 1056 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1057 hdr[2] = 0x01 | ((len + 2) << 1); 1058 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1059 hdr[4] = 0x01 | (len << 1); 1060 1061 crc[0] = __fcs(hdr); 1062 1063 iv[0].iov_base = hdr; 1064 iv[0].iov_len = 5; 1065 iv[1].iov_base = pattern; 1066 iv[1].iov_len = len; 1067 iv[2].iov_base = crc; 1068 iv[2].iov_len = 1; 1069 1070 memset(&msg, 0, sizeof(msg)); 1071 1072 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1073 } 1074 1075 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1076 { 1077 struct rfcomm_hdr *hdr; 1078 u8 buf[16], *ptr = buf; 1079 1080 BT_DBG("%p addr %d credits %d", s, addr, credits); 1081 1082 hdr = (void *) ptr; ptr += sizeof(*hdr); 1083 hdr->addr = addr; 1084 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1085 hdr->len = __len8(0); 1086 1087 *ptr = credits; ptr++; 1088 1089 *ptr = __fcs(buf); ptr++; 1090 1091 return rfcomm_send_frame(s, buf, ptr - buf); 1092 } 1093 1094 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1095 { 1096 struct rfcomm_hdr *hdr; 1097 int len = skb->len; 1098 u8 *crc; 1099 1100 if (len > 127) { 1101 hdr = (void *) skb_push(skb, 4); 1102 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1103 } else { 1104 hdr = (void *) skb_push(skb, 3); 1105 hdr->len = __len8(len); 1106 } 1107 hdr->addr = addr; 1108 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1109 1110 crc = skb_put(skb, 1); 1111 *crc = __fcs((void *) hdr); 1112 } 1113 1114 /* ---- RFCOMM frame reception ---- */ 1115 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1116 { 1117 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1118 1119 if (dlci) { 1120 /* Data channel */ 1121 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1122 if (!d) { 1123 rfcomm_send_dm(s, dlci); 1124 return s; 1125 } 1126 1127 switch (d->state) { 1128 case BT_CONNECT: 1129 rfcomm_dlc_clear_timer(d); 1130 1131 rfcomm_dlc_lock(d); 1132 d->state = BT_CONNECTED; 1133 d->state_change(d, 0); 1134 rfcomm_dlc_unlock(d); 1135 1136 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1137 break; 1138 1139 case BT_DISCONN: 1140 d->state = BT_CLOSED; 1141 __rfcomm_dlc_close(d, 0); 1142 1143 if (list_empty(&s->dlcs)) { 1144 s->state = BT_DISCONN; 1145 rfcomm_send_disc(s, 0); 1146 rfcomm_session_clear_timer(s); 1147 } 1148 1149 break; 1150 } 1151 } else { 1152 /* Control channel */ 1153 switch (s->state) { 1154 case BT_CONNECT: 1155 s->state = BT_CONNECTED; 1156 rfcomm_process_connect(s); 1157 break; 1158 1159 case BT_DISCONN: 1160 s = rfcomm_session_close(s, ECONNRESET); 1161 break; 1162 } 1163 } 1164 return s; 1165 } 1166 1167 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1168 { 1169 int err = 0; 1170 1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1172 1173 if (dlci) { 1174 /* Data DLC */ 1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1176 if (d) { 1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1178 err = ECONNREFUSED; 1179 else 1180 err = ECONNRESET; 1181 1182 d->state = BT_CLOSED; 1183 __rfcomm_dlc_close(d, err); 1184 } 1185 } else { 1186 if (s->state == BT_CONNECT) 1187 err = ECONNREFUSED; 1188 else 1189 err = ECONNRESET; 1190 1191 s = rfcomm_session_close(s, err); 1192 } 1193 return s; 1194 } 1195 1196 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s, 1197 u8 dlci) 1198 { 1199 int err = 0; 1200 1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1202 1203 if (dlci) { 1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1205 if (d) { 1206 rfcomm_send_ua(s, dlci); 1207 1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1209 err = ECONNREFUSED; 1210 else 1211 err = ECONNRESET; 1212 1213 d->state = BT_CLOSED; 1214 __rfcomm_dlc_close(d, err); 1215 } else 1216 rfcomm_send_dm(s, dlci); 1217 1218 } else { 1219 rfcomm_send_ua(s, 0); 1220 1221 if (s->state == BT_CONNECT) 1222 err = ECONNREFUSED; 1223 else 1224 err = ECONNRESET; 1225 1226 s = rfcomm_session_close(s, err); 1227 } 1228 return s; 1229 } 1230 1231 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1232 { 1233 struct sock *sk = d->session->sock->sk; 1234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 1235 1236 BT_DBG("dlc %p", d); 1237 1238 rfcomm_send_ua(d->session, d->dlci); 1239 1240 rfcomm_dlc_clear_timer(d); 1241 1242 rfcomm_dlc_lock(d); 1243 d->state = BT_CONNECTED; 1244 d->state_change(d, 0); 1245 rfcomm_dlc_unlock(d); 1246 1247 if (d->role_switch) 1248 hci_conn_switch_role(conn->hcon, 0x00); 1249 1250 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1251 } 1252 1253 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1254 { 1255 if (rfcomm_check_security(d)) { 1256 if (d->defer_setup) { 1257 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1258 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1259 1260 rfcomm_dlc_lock(d); 1261 d->state = BT_CONNECT2; 1262 d->state_change(d, 0); 1263 rfcomm_dlc_unlock(d); 1264 } else 1265 rfcomm_dlc_accept(d); 1266 } else { 1267 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1268 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1269 } 1270 } 1271 1272 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1273 { 1274 struct rfcomm_dlc *d; 1275 u8 channel; 1276 1277 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1278 1279 if (!dlci) { 1280 rfcomm_send_ua(s, 0); 1281 1282 if (s->state == BT_OPEN) { 1283 s->state = BT_CONNECTED; 1284 rfcomm_process_connect(s); 1285 } 1286 return 0; 1287 } 1288 1289 /* Check if DLC exists */ 1290 d = rfcomm_dlc_get(s, dlci); 1291 if (d) { 1292 if (d->state == BT_OPEN) { 1293 /* DLC was previously opened by PN request */ 1294 rfcomm_check_accept(d); 1295 } 1296 return 0; 1297 } 1298 1299 /* Notify socket layer about incoming connection */ 1300 channel = __srv_channel(dlci); 1301 if (rfcomm_connect_ind(s, channel, &d)) { 1302 d->dlci = dlci; 1303 d->addr = __addr(s->initiator, dlci); 1304 rfcomm_dlc_link(s, d); 1305 1306 rfcomm_check_accept(d); 1307 } else { 1308 rfcomm_send_dm(s, dlci); 1309 } 1310 1311 return 0; 1312 } 1313 1314 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1315 { 1316 struct rfcomm_session *s = d->session; 1317 1318 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1319 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1320 1321 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1322 pn->flow_ctrl == 0xe0) { 1323 d->cfc = RFCOMM_CFC_ENABLED; 1324 d->tx_credits = pn->credits; 1325 } else { 1326 d->cfc = RFCOMM_CFC_DISABLED; 1327 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1328 } 1329 1330 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1331 s->cfc = d->cfc; 1332 1333 d->priority = pn->priority; 1334 1335 d->mtu = __le16_to_cpu(pn->mtu); 1336 1337 if (cr && d->mtu > s->mtu) 1338 d->mtu = s->mtu; 1339 1340 return 0; 1341 } 1342 1343 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1344 { 1345 struct rfcomm_pn *pn = (void *) skb->data; 1346 struct rfcomm_dlc *d; 1347 u8 dlci = pn->dlci; 1348 1349 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1350 1351 if (!dlci) 1352 return 0; 1353 1354 d = rfcomm_dlc_get(s, dlci); 1355 if (d) { 1356 if (cr) { 1357 /* PN request */ 1358 rfcomm_apply_pn(d, cr, pn); 1359 rfcomm_send_pn(s, 0, d); 1360 } else { 1361 /* PN response */ 1362 switch (d->state) { 1363 case BT_CONFIG: 1364 rfcomm_apply_pn(d, cr, pn); 1365 1366 d->state = BT_CONNECT; 1367 rfcomm_send_sabm(s, d->dlci); 1368 break; 1369 } 1370 } 1371 } else { 1372 u8 channel = __srv_channel(dlci); 1373 1374 if (!cr) 1375 return 0; 1376 1377 /* PN request for non existing DLC. 1378 * Assume incoming connection. */ 1379 if (rfcomm_connect_ind(s, channel, &d)) { 1380 d->dlci = dlci; 1381 d->addr = __addr(s->initiator, dlci); 1382 rfcomm_dlc_link(s, d); 1383 1384 rfcomm_apply_pn(d, cr, pn); 1385 1386 d->state = BT_OPEN; 1387 rfcomm_send_pn(s, 0, d); 1388 } else { 1389 rfcomm_send_dm(s, dlci); 1390 } 1391 } 1392 return 0; 1393 } 1394 1395 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1396 { 1397 struct rfcomm_rpn *rpn = (void *) skb->data; 1398 u8 dlci = __get_dlci(rpn->dlci); 1399 1400 u8 bit_rate = 0; 1401 u8 data_bits = 0; 1402 u8 stop_bits = 0; 1403 u8 parity = 0; 1404 u8 flow_ctrl = 0; 1405 u8 xon_char = 0; 1406 u8 xoff_char = 0; 1407 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1408 1409 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1410 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1411 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1412 1413 if (!cr) 1414 return 0; 1415 1416 if (len == 1) { 1417 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1418 bit_rate = RFCOMM_RPN_BR_9600; 1419 data_bits = RFCOMM_RPN_DATA_8; 1420 stop_bits = RFCOMM_RPN_STOP_1; 1421 parity = RFCOMM_RPN_PARITY_NONE; 1422 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1423 xon_char = RFCOMM_RPN_XON_CHAR; 1424 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1425 goto rpn_out; 1426 } 1427 1428 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1429 * no parity, no flow control lines, normal XON/XOFF chars */ 1430 1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1432 bit_rate = rpn->bit_rate; 1433 if (bit_rate > RFCOMM_RPN_BR_230400) { 1434 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1435 bit_rate = RFCOMM_RPN_BR_9600; 1436 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1437 } 1438 } 1439 1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1441 data_bits = __get_rpn_data_bits(rpn->line_settings); 1442 if (data_bits != RFCOMM_RPN_DATA_8) { 1443 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1444 data_bits = RFCOMM_RPN_DATA_8; 1445 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1446 } 1447 } 1448 1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1450 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1451 if (stop_bits != RFCOMM_RPN_STOP_1) { 1452 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1453 stop_bits = RFCOMM_RPN_STOP_1; 1454 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1455 } 1456 } 1457 1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1459 parity = __get_rpn_parity(rpn->line_settings); 1460 if (parity != RFCOMM_RPN_PARITY_NONE) { 1461 BT_DBG("RPN parity mismatch 0x%x", parity); 1462 parity = RFCOMM_RPN_PARITY_NONE; 1463 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1464 } 1465 } 1466 1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1468 flow_ctrl = rpn->flow_ctrl; 1469 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1470 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1471 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1472 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1473 } 1474 } 1475 1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1477 xon_char = rpn->xon_char; 1478 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1479 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1480 xon_char = RFCOMM_RPN_XON_CHAR; 1481 rpn_mask ^= RFCOMM_RPN_PM_XON; 1482 } 1483 } 1484 1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1486 xoff_char = rpn->xoff_char; 1487 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1488 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1489 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1490 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1491 } 1492 } 1493 1494 rpn_out: 1495 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1496 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1497 1498 return 0; 1499 } 1500 1501 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1502 { 1503 struct rfcomm_rls *rls = (void *) skb->data; 1504 u8 dlci = __get_dlci(rls->dlci); 1505 1506 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1507 1508 if (!cr) 1509 return 0; 1510 1511 /* We should probably do something with this information here. But 1512 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1513 * mandatory to recognise and respond to RLS */ 1514 1515 rfcomm_send_rls(s, 0, dlci, rls->status); 1516 1517 return 0; 1518 } 1519 1520 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1521 { 1522 struct rfcomm_msc *msc = (void *) skb->data; 1523 struct rfcomm_dlc *d; 1524 u8 dlci = __get_dlci(msc->dlci); 1525 1526 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1527 1528 d = rfcomm_dlc_get(s, dlci); 1529 if (!d) 1530 return 0; 1531 1532 if (cr) { 1533 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1534 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1535 else 1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1537 1538 rfcomm_dlc_lock(d); 1539 1540 d->remote_v24_sig = msc->v24_sig; 1541 1542 if (d->modem_status) 1543 d->modem_status(d, msc->v24_sig); 1544 1545 rfcomm_dlc_unlock(d); 1546 1547 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1548 1549 d->mscex |= RFCOMM_MSCEX_RX; 1550 } else 1551 d->mscex |= RFCOMM_MSCEX_TX; 1552 1553 return 0; 1554 } 1555 1556 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1557 { 1558 struct rfcomm_mcc *mcc = (void *) skb->data; 1559 u8 type, cr, len; 1560 1561 cr = __test_cr(mcc->type); 1562 type = __get_mcc_type(mcc->type); 1563 len = __get_mcc_len(mcc->len); 1564 1565 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1566 1567 skb_pull(skb, 2); 1568 1569 switch (type) { 1570 case RFCOMM_PN: 1571 rfcomm_recv_pn(s, cr, skb); 1572 break; 1573 1574 case RFCOMM_RPN: 1575 rfcomm_recv_rpn(s, cr, len, skb); 1576 break; 1577 1578 case RFCOMM_RLS: 1579 rfcomm_recv_rls(s, cr, skb); 1580 break; 1581 1582 case RFCOMM_MSC: 1583 rfcomm_recv_msc(s, cr, skb); 1584 break; 1585 1586 case RFCOMM_FCOFF: 1587 if (cr) { 1588 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1589 rfcomm_send_fcoff(s, 0); 1590 } 1591 break; 1592 1593 case RFCOMM_FCON: 1594 if (cr) { 1595 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1596 rfcomm_send_fcon(s, 0); 1597 } 1598 break; 1599 1600 case RFCOMM_TEST: 1601 if (cr) 1602 rfcomm_send_test(s, 0, skb->data, skb->len); 1603 break; 1604 1605 case RFCOMM_NSC: 1606 break; 1607 1608 default: 1609 BT_ERR("Unknown control type 0x%02x", type); 1610 rfcomm_send_nsc(s, cr, type); 1611 break; 1612 } 1613 return 0; 1614 } 1615 1616 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1617 { 1618 struct rfcomm_dlc *d; 1619 1620 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1621 1622 d = rfcomm_dlc_get(s, dlci); 1623 if (!d) { 1624 rfcomm_send_dm(s, dlci); 1625 goto drop; 1626 } 1627 1628 if (pf && d->cfc) { 1629 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1630 1631 d->tx_credits += credits; 1632 if (d->tx_credits) 1633 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1634 } 1635 1636 if (skb->len && d->state == BT_CONNECTED) { 1637 rfcomm_dlc_lock(d); 1638 d->rx_credits--; 1639 d->data_ready(d, skb); 1640 rfcomm_dlc_unlock(d); 1641 return 0; 1642 } 1643 1644 drop: 1645 kfree_skb(skb); 1646 return 0; 1647 } 1648 1649 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s, 1650 struct sk_buff *skb) 1651 { 1652 struct rfcomm_hdr *hdr = (void *) skb->data; 1653 u8 type, dlci, fcs; 1654 1655 if (!s) { 1656 /* no session, so free socket data */ 1657 kfree_skb(skb); 1658 return s; 1659 } 1660 1661 dlci = __get_dlci(hdr->addr); 1662 type = __get_type(hdr->ctrl); 1663 1664 /* Trim FCS */ 1665 skb->len--; skb->tail--; 1666 fcs = *(u8 *)skb_tail_pointer(skb); 1667 1668 if (__check_fcs(skb->data, type, fcs)) { 1669 BT_ERR("bad checksum in packet"); 1670 kfree_skb(skb); 1671 return s; 1672 } 1673 1674 if (__test_ea(hdr->len)) 1675 skb_pull(skb, 3); 1676 else 1677 skb_pull(skb, 4); 1678 1679 switch (type) { 1680 case RFCOMM_SABM: 1681 if (__test_pf(hdr->ctrl)) 1682 rfcomm_recv_sabm(s, dlci); 1683 break; 1684 1685 case RFCOMM_DISC: 1686 if (__test_pf(hdr->ctrl)) 1687 s = rfcomm_recv_disc(s, dlci); 1688 break; 1689 1690 case RFCOMM_UA: 1691 if (__test_pf(hdr->ctrl)) 1692 s = rfcomm_recv_ua(s, dlci); 1693 break; 1694 1695 case RFCOMM_DM: 1696 s = rfcomm_recv_dm(s, dlci); 1697 break; 1698 1699 case RFCOMM_UIH: 1700 if (dlci) { 1701 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1702 return s; 1703 } 1704 rfcomm_recv_mcc(s, skb); 1705 break; 1706 1707 default: 1708 BT_ERR("Unknown packet type 0x%02x", type); 1709 break; 1710 } 1711 kfree_skb(skb); 1712 return s; 1713 } 1714 1715 /* ---- Connection and data processing ---- */ 1716 1717 static void rfcomm_process_connect(struct rfcomm_session *s) 1718 { 1719 struct rfcomm_dlc *d; 1720 struct list_head *p, *n; 1721 1722 BT_DBG("session %p state %ld", s, s->state); 1723 1724 list_for_each_safe(p, n, &s->dlcs) { 1725 d = list_entry(p, struct rfcomm_dlc, list); 1726 if (d->state == BT_CONFIG) { 1727 d->mtu = s->mtu; 1728 if (rfcomm_check_security(d)) { 1729 rfcomm_send_pn(s, 1, d); 1730 } else { 1731 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1732 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1733 } 1734 } 1735 } 1736 } 1737 1738 /* Send data queued for the DLC. 1739 * Return number of frames left in the queue. 1740 */ 1741 static int rfcomm_process_tx(struct rfcomm_dlc *d) 1742 { 1743 struct sk_buff *skb; 1744 int err; 1745 1746 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1747 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1748 1749 /* Send pending MSC */ 1750 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1751 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1752 1753 if (d->cfc) { 1754 /* CFC enabled. 1755 * Give them some credits */ 1756 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1757 d->rx_credits <= (d->cfc >> 2)) { 1758 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1759 d->rx_credits = d->cfc; 1760 } 1761 } else { 1762 /* CFC disabled. 1763 * Give ourselves some credits */ 1764 d->tx_credits = 5; 1765 } 1766 1767 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1768 return skb_queue_len(&d->tx_queue); 1769 1770 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1771 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1772 if (err < 0) { 1773 skb_queue_head(&d->tx_queue, skb); 1774 break; 1775 } 1776 kfree_skb(skb); 1777 d->tx_credits--; 1778 } 1779 1780 if (d->cfc && !d->tx_credits) { 1781 /* We're out of TX credits. 1782 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1783 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1784 } 1785 1786 return skb_queue_len(&d->tx_queue); 1787 } 1788 1789 static void rfcomm_process_dlcs(struct rfcomm_session *s) 1790 { 1791 struct rfcomm_dlc *d; 1792 struct list_head *p, *n; 1793 1794 BT_DBG("session %p state %ld", s, s->state); 1795 1796 list_for_each_safe(p, n, &s->dlcs) { 1797 d = list_entry(p, struct rfcomm_dlc, list); 1798 1799 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1800 __rfcomm_dlc_close(d, ETIMEDOUT); 1801 continue; 1802 } 1803 1804 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) { 1805 __rfcomm_dlc_close(d, ECONNREFUSED); 1806 continue; 1807 } 1808 1809 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1810 rfcomm_dlc_clear_timer(d); 1811 if (d->out) { 1812 rfcomm_send_pn(s, 1, d); 1813 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1814 } else { 1815 if (d->defer_setup) { 1816 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1817 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1818 1819 rfcomm_dlc_lock(d); 1820 d->state = BT_CONNECT2; 1821 d->state_change(d, 0); 1822 rfcomm_dlc_unlock(d); 1823 } else 1824 rfcomm_dlc_accept(d); 1825 } 1826 continue; 1827 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1828 rfcomm_dlc_clear_timer(d); 1829 if (!d->out) 1830 rfcomm_send_dm(s, d->dlci); 1831 else 1832 d->state = BT_CLOSED; 1833 __rfcomm_dlc_close(d, ECONNREFUSED); 1834 continue; 1835 } 1836 1837 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1838 continue; 1839 1840 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1841 continue; 1842 1843 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1844 d->mscex == RFCOMM_MSCEX_OK) 1845 rfcomm_process_tx(d); 1846 } 1847 } 1848 1849 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s) 1850 { 1851 struct socket *sock = s->sock; 1852 struct sock *sk = sock->sk; 1853 struct sk_buff *skb; 1854 1855 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1856 1857 /* Get data directly from socket receive queue without copying it. */ 1858 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1859 skb_orphan(skb); 1860 if (!skb_linearize(skb)) 1861 s = rfcomm_recv_frame(s, skb); 1862 else 1863 kfree_skb(skb); 1864 } 1865 1866 if (s && (sk->sk_state == BT_CLOSED)) 1867 s = rfcomm_session_close(s, sk->sk_err); 1868 1869 return s; 1870 } 1871 1872 static void rfcomm_accept_connection(struct rfcomm_session *s) 1873 { 1874 struct socket *sock = s->sock, *nsock; 1875 int err; 1876 1877 /* Fast check for a new connection. 1878 * Avoids unnesesary socket allocations. */ 1879 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1880 return; 1881 1882 BT_DBG("session %p", s); 1883 1884 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1885 if (err < 0) 1886 return; 1887 1888 /* Set our callbacks */ 1889 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1890 nsock->sk->sk_state_change = rfcomm_l2state_change; 1891 1892 s = rfcomm_session_add(nsock, BT_OPEN); 1893 if (s) { 1894 /* We should adjust MTU on incoming sessions. 1895 * L2CAP MTU minus UIH header and FCS. */ 1896 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu, 1897 l2cap_pi(nsock->sk)->chan->imtu) - 5; 1898 1899 rfcomm_schedule(); 1900 } else 1901 sock_release(nsock); 1902 } 1903 1904 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s) 1905 { 1906 struct sock *sk = s->sock->sk; 1907 1908 BT_DBG("%p state %ld", s, s->state); 1909 1910 switch (sk->sk_state) { 1911 case BT_CONNECTED: 1912 s->state = BT_CONNECT; 1913 1914 /* We can adjust MTU on outgoing sessions. 1915 * L2CAP MTU minus UIH header and FCS. */ 1916 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5; 1917 1918 rfcomm_send_sabm(s, 0); 1919 break; 1920 1921 case BT_CLOSED: 1922 s = rfcomm_session_close(s, sk->sk_err); 1923 break; 1924 } 1925 return s; 1926 } 1927 1928 static void rfcomm_process_sessions(void) 1929 { 1930 struct list_head *p, *n; 1931 1932 rfcomm_lock(); 1933 1934 list_for_each_safe(p, n, &session_list) { 1935 struct rfcomm_session *s; 1936 s = list_entry(p, struct rfcomm_session, list); 1937 1938 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1939 s->state = BT_DISCONN; 1940 rfcomm_send_disc(s, 0); 1941 continue; 1942 } 1943 1944 if (s->state == BT_LISTEN) { 1945 rfcomm_accept_connection(s); 1946 continue; 1947 } 1948 1949 switch (s->state) { 1950 case BT_BOUND: 1951 s = rfcomm_check_connection(s); 1952 break; 1953 1954 default: 1955 s = rfcomm_process_rx(s); 1956 break; 1957 } 1958 1959 if (s) 1960 rfcomm_process_dlcs(s); 1961 } 1962 1963 rfcomm_unlock(); 1964 } 1965 1966 static int rfcomm_add_listener(bdaddr_t *ba) 1967 { 1968 struct sockaddr_l2 addr; 1969 struct socket *sock; 1970 struct sock *sk; 1971 struct rfcomm_session *s; 1972 int err = 0; 1973 1974 /* Create socket */ 1975 err = rfcomm_l2sock_create(&sock); 1976 if (err < 0) { 1977 BT_ERR("Create socket failed %d", err); 1978 return err; 1979 } 1980 1981 /* Bind socket */ 1982 bacpy(&addr.l2_bdaddr, ba); 1983 addr.l2_family = AF_BLUETOOTH; 1984 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM); 1985 addr.l2_cid = 0; 1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1987 if (err < 0) { 1988 BT_ERR("Bind failed %d", err); 1989 goto failed; 1990 } 1991 1992 /* Set L2CAP options */ 1993 sk = sock->sk; 1994 lock_sock(sk); 1995 l2cap_pi(sk)->chan->imtu = l2cap_mtu; 1996 release_sock(sk); 1997 1998 /* Start listening on the socket */ 1999 err = kernel_listen(sock, 10); 2000 if (err) { 2001 BT_ERR("Listen failed %d", err); 2002 goto failed; 2003 } 2004 2005 /* Add listening session */ 2006 s = rfcomm_session_add(sock, BT_LISTEN); 2007 if (!s) { 2008 err = -ENOMEM; 2009 goto failed; 2010 } 2011 2012 return 0; 2013 failed: 2014 sock_release(sock); 2015 return err; 2016 } 2017 2018 static void rfcomm_kill_listener(void) 2019 { 2020 struct rfcomm_session *s; 2021 struct list_head *p, *n; 2022 2023 BT_DBG(""); 2024 2025 list_for_each_safe(p, n, &session_list) { 2026 s = list_entry(p, struct rfcomm_session, list); 2027 rfcomm_session_del(s); 2028 } 2029 } 2030 2031 static int rfcomm_run(void *unused) 2032 { 2033 BT_DBG(""); 2034 2035 set_user_nice(current, -10); 2036 2037 rfcomm_add_listener(BDADDR_ANY); 2038 2039 while (1) { 2040 set_current_state(TASK_INTERRUPTIBLE); 2041 2042 if (kthread_should_stop()) 2043 break; 2044 2045 /* Process stuff */ 2046 rfcomm_process_sessions(); 2047 2048 schedule(); 2049 } 2050 __set_current_state(TASK_RUNNING); 2051 2052 rfcomm_kill_listener(); 2053 2054 return 0; 2055 } 2056 2057 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2058 { 2059 struct rfcomm_session *s; 2060 struct rfcomm_dlc *d; 2061 struct list_head *p, *n; 2062 2063 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2064 2065 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2066 if (!s) 2067 return; 2068 2069 list_for_each_safe(p, n, &s->dlcs) { 2070 d = list_entry(p, struct rfcomm_dlc, list); 2071 2072 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2073 rfcomm_dlc_clear_timer(d); 2074 if (status || encrypt == 0x00) { 2075 set_bit(RFCOMM_ENC_DROP, &d->flags); 2076 continue; 2077 } 2078 } 2079 2080 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2081 if (d->sec_level == BT_SECURITY_MEDIUM) { 2082 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2083 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2084 continue; 2085 } else if (d->sec_level == BT_SECURITY_HIGH) { 2086 set_bit(RFCOMM_ENC_DROP, &d->flags); 2087 continue; 2088 } 2089 } 2090 2091 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2092 continue; 2093 2094 if (!status && hci_conn_check_secure(conn, d->sec_level)) 2095 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2096 else 2097 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2098 } 2099 2100 rfcomm_schedule(); 2101 } 2102 2103 static struct hci_cb rfcomm_cb = { 2104 .name = "RFCOMM", 2105 .security_cfm = rfcomm_security_cfm 2106 }; 2107 2108 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2109 { 2110 struct rfcomm_session *s; 2111 2112 rfcomm_lock(); 2113 2114 list_for_each_entry(s, &session_list, list) { 2115 struct rfcomm_dlc *d; 2116 list_for_each_entry(d, &s->dlcs, list) { 2117 struct sock *sk = s->sock->sk; 2118 2119 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n", 2120 &bt_sk(sk)->src, &bt_sk(sk)->dst, 2121 d->state, d->dlci, d->mtu, 2122 d->rx_credits, d->tx_credits); 2123 } 2124 } 2125 2126 rfcomm_unlock(); 2127 2128 return 0; 2129 } 2130 2131 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2132 { 2133 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2134 } 2135 2136 static const struct file_operations rfcomm_dlc_debugfs_fops = { 2137 .open = rfcomm_dlc_debugfs_open, 2138 .read = seq_read, 2139 .llseek = seq_lseek, 2140 .release = single_release, 2141 }; 2142 2143 static struct dentry *rfcomm_dlc_debugfs; 2144 2145 /* ---- Initialization ---- */ 2146 static int __init rfcomm_init(void) 2147 { 2148 int err; 2149 2150 hci_register_cb(&rfcomm_cb); 2151 2152 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2153 if (IS_ERR(rfcomm_thread)) { 2154 err = PTR_ERR(rfcomm_thread); 2155 goto unregister; 2156 } 2157 2158 if (bt_debugfs) { 2159 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2160 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2161 if (!rfcomm_dlc_debugfs) 2162 BT_ERR("Failed to create RFCOMM debug file"); 2163 } 2164 2165 err = rfcomm_init_ttys(); 2166 if (err < 0) 2167 goto stop; 2168 2169 err = rfcomm_init_sockets(); 2170 if (err < 0) 2171 goto cleanup; 2172 2173 BT_INFO("RFCOMM ver %s", VERSION); 2174 2175 return 0; 2176 2177 cleanup: 2178 rfcomm_cleanup_ttys(); 2179 2180 stop: 2181 kthread_stop(rfcomm_thread); 2182 2183 unregister: 2184 hci_unregister_cb(&rfcomm_cb); 2185 2186 return err; 2187 } 2188 2189 static void __exit rfcomm_exit(void) 2190 { 2191 debugfs_remove(rfcomm_dlc_debugfs); 2192 2193 hci_unregister_cb(&rfcomm_cb); 2194 2195 kthread_stop(rfcomm_thread); 2196 2197 rfcomm_cleanup_ttys(); 2198 2199 rfcomm_cleanup_sockets(); 2200 } 2201 2202 module_init(rfcomm_init); 2203 module_exit(rfcomm_exit); 2204 2205 module_param(disable_cfc, bool, 0644); 2206 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2207 2208 module_param(channel_mtu, int, 0644); 2209 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2210 2211 module_param(l2cap_mtu, uint, 0644); 2212 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2213 2214 module_param(l2cap_ertm, bool, 0644); 2215 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2216 2217 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2218 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2219 MODULE_VERSION(VERSION); 2220 MODULE_LICENSE("GPL"); 2221 MODULE_ALIAS("bt-proto-3"); 2222