1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.11" 50 51 static int disable_cfc = 0; 52 static int channel_mtu = -1; 53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 55 static struct task_struct *rfcomm_thread; 56 57 static DEFINE_MUTEX(rfcomm_mutex); 58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 60 61 static unsigned long rfcomm_event; 62 63 static LIST_HEAD(session_list); 64 65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 68 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 75 76 static void rfcomm_process_connect(struct rfcomm_session *s); 77 78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 80 static void rfcomm_session_del(struct rfcomm_session *s); 81 82 /* ---- RFCOMM frame parsing macros ---- */ 83 #define __get_dlci(b) ((b & 0xfc) >> 2) 84 #define __get_channel(b) ((b & 0xf8) >> 3) 85 #define __get_dir(b) ((b & 0x04) >> 2) 86 #define __get_type(b) ((b & 0xef)) 87 88 #define __test_ea(b) ((b & 0x01)) 89 #define __test_cr(b) ((b & 0x02)) 90 #define __test_pf(b) ((b & 0x10)) 91 92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 95 #define __srv_channel(dlci) (dlci >> 1) 96 #define __dir(dlci) (dlci & 0x01) 97 98 #define __len8(len) (((len) << 1) | 1) 99 #define __len16(len) ((len) << 1) 100 101 /* MCC macros */ 102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 103 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 104 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 105 106 /* RPN macros */ 107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 108 #define __get_rpn_data_bits(line) ((line) & 0x3) 109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 111 112 static inline void rfcomm_schedule(uint event) 113 { 114 if (!rfcomm_thread) 115 return; 116 //set_bit(event, &rfcomm_event); 117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 118 wake_up_process(rfcomm_thread); 119 } 120 121 static inline void rfcomm_session_put(struct rfcomm_session *s) 122 { 123 if (atomic_dec_and_test(&s->refcnt)) 124 rfcomm_session_del(s); 125 } 126 127 /* ---- RFCOMM FCS computation ---- */ 128 129 /* reversed, 8-bit, poly=0x07 */ 130 static unsigned char rfcomm_crc_table[256] = { 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 135 136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 140 141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 145 146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 150 151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 155 156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 160 161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 165 166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 170 }; 171 172 /* CRC on 2 bytes */ 173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 174 175 /* FCS on 2 bytes */ 176 static inline u8 __fcs(u8 *data) 177 { 178 return (0xff - __crc(data)); 179 } 180 181 /* FCS on 3 bytes */ 182 static inline u8 __fcs2(u8 *data) 183 { 184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 185 } 186 187 /* Check FCS */ 188 static inline int __check_fcs(u8 *data, int type, u8 fcs) 189 { 190 u8 f = __crc(data); 191 192 if (type != RFCOMM_UIH) 193 f = rfcomm_crc_table[f ^ data[2]]; 194 195 return rfcomm_crc_table[f ^ fcs] != 0xcf; 196 } 197 198 /* ---- L2CAP callbacks ---- */ 199 static void rfcomm_l2state_change(struct sock *sk) 200 { 201 BT_DBG("%p state %d", sk, sk->sk_state); 202 rfcomm_schedule(RFCOMM_SCHED_STATE); 203 } 204 205 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 206 { 207 BT_DBG("%p bytes %d", sk, bytes); 208 rfcomm_schedule(RFCOMM_SCHED_RX); 209 } 210 211 static int rfcomm_l2sock_create(struct socket **sock) 212 { 213 int err; 214 215 BT_DBG(""); 216 217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 218 if (!err) { 219 struct sock *sk = (*sock)->sk; 220 sk->sk_data_ready = rfcomm_l2data_ready; 221 sk->sk_state_change = rfcomm_l2state_change; 222 } 223 return err; 224 } 225 226 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 227 { 228 struct sock *sk = d->session->sock->sk; 229 __u8 auth_type; 230 231 switch (d->sec_level) { 232 case BT_SECURITY_HIGH: 233 auth_type = HCI_AT_GENERAL_BONDING_MITM; 234 break; 235 case BT_SECURITY_MEDIUM: 236 auth_type = HCI_AT_GENERAL_BONDING; 237 break; 238 default: 239 auth_type = HCI_AT_NO_BONDING; 240 break; 241 } 242 243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 244 auth_type); 245 } 246 247 static void rfcomm_session_timeout(unsigned long arg) 248 { 249 struct rfcomm_session *s = (void *) arg; 250 251 BT_DBG("session %p state %ld", s, s->state); 252 253 set_bit(RFCOMM_TIMED_OUT, &s->flags); 254 rfcomm_session_put(s); 255 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 256 } 257 258 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 259 { 260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 261 262 if (!mod_timer(&s->timer, jiffies + timeout)) 263 rfcomm_session_hold(s); 264 } 265 266 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 267 { 268 BT_DBG("session %p state %ld", s, s->state); 269 270 if (timer_pending(&s->timer) && del_timer(&s->timer)) 271 rfcomm_session_put(s); 272 } 273 274 /* ---- RFCOMM DLCs ---- */ 275 static void rfcomm_dlc_timeout(unsigned long arg) 276 { 277 struct rfcomm_dlc *d = (void *) arg; 278 279 BT_DBG("dlc %p state %ld", d, d->state); 280 281 set_bit(RFCOMM_TIMED_OUT, &d->flags); 282 rfcomm_dlc_put(d); 283 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 284 } 285 286 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 287 { 288 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 289 290 if (!mod_timer(&d->timer, jiffies + timeout)) 291 rfcomm_dlc_hold(d); 292 } 293 294 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 295 { 296 BT_DBG("dlc %p state %ld", d, d->state); 297 298 if (timer_pending(&d->timer) && del_timer(&d->timer)) 299 rfcomm_dlc_put(d); 300 } 301 302 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 303 { 304 BT_DBG("%p", d); 305 306 d->state = BT_OPEN; 307 d->flags = 0; 308 d->mscex = 0; 309 d->mtu = RFCOMM_DEFAULT_MTU; 310 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 311 312 d->cfc = RFCOMM_CFC_DISABLED; 313 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 314 } 315 316 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 317 { 318 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 319 320 if (!d) 321 return NULL; 322 323 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 324 325 skb_queue_head_init(&d->tx_queue); 326 spin_lock_init(&d->lock); 327 atomic_set(&d->refcnt, 1); 328 329 rfcomm_dlc_clear_state(d); 330 331 BT_DBG("%p", d); 332 333 return d; 334 } 335 336 void rfcomm_dlc_free(struct rfcomm_dlc *d) 337 { 338 BT_DBG("%p", d); 339 340 skb_queue_purge(&d->tx_queue); 341 kfree(d); 342 } 343 344 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 345 { 346 BT_DBG("dlc %p session %p", d, s); 347 348 rfcomm_session_hold(s); 349 350 rfcomm_session_clear_timer(s); 351 rfcomm_dlc_hold(d); 352 list_add(&d->list, &s->dlcs); 353 d->session = s; 354 } 355 356 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 357 { 358 struct rfcomm_session *s = d->session; 359 360 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 361 362 list_del(&d->list); 363 d->session = NULL; 364 rfcomm_dlc_put(d); 365 366 if (list_empty(&s->dlcs)) 367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 368 369 rfcomm_session_put(s); 370 } 371 372 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 373 { 374 struct rfcomm_dlc *d; 375 struct list_head *p; 376 377 list_for_each(p, &s->dlcs) { 378 d = list_entry(p, struct rfcomm_dlc, list); 379 if (d->dlci == dlci) 380 return d; 381 } 382 return NULL; 383 } 384 385 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 386 { 387 struct rfcomm_session *s; 388 int err = 0; 389 u8 dlci; 390 391 BT_DBG("dlc %p state %ld %s %s channel %d", 392 d, d->state, batostr(src), batostr(dst), channel); 393 394 if (channel < 1 || channel > 30) 395 return -EINVAL; 396 397 if (d->state != BT_OPEN && d->state != BT_CLOSED) 398 return 0; 399 400 s = rfcomm_session_get(src, dst); 401 if (!s) { 402 s = rfcomm_session_create(src, dst, &err); 403 if (!s) 404 return err; 405 } 406 407 dlci = __dlci(!s->initiator, channel); 408 409 /* Check if DLCI already exists */ 410 if (rfcomm_dlc_get(s, dlci)) 411 return -EBUSY; 412 413 rfcomm_dlc_clear_state(d); 414 415 d->dlci = dlci; 416 d->addr = __addr(s->initiator, dlci); 417 d->priority = 7; 418 419 d->state = BT_CONFIG; 420 rfcomm_dlc_link(s, d); 421 422 d->out = 1; 423 424 d->mtu = s->mtu; 425 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 426 427 if (s->state == BT_CONNECTED) { 428 if (rfcomm_check_security(d)) 429 rfcomm_send_pn(s, 1, d); 430 else 431 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 432 } 433 434 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 435 436 return 0; 437 } 438 439 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 440 { 441 int r; 442 443 rfcomm_lock(); 444 445 r = __rfcomm_dlc_open(d, src, dst, channel); 446 447 rfcomm_unlock(); 448 return r; 449 } 450 451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 452 { 453 struct rfcomm_session *s = d->session; 454 if (!s) 455 return 0; 456 457 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 458 d, d->state, d->dlci, err, s); 459 460 switch (d->state) { 461 case BT_CONNECT: 462 case BT_CONFIG: 463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 464 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 465 rfcomm_schedule(RFCOMM_SCHED_AUTH); 466 break; 467 } 468 /* Fall through */ 469 470 case BT_CONNECTED: 471 d->state = BT_DISCONN; 472 if (skb_queue_empty(&d->tx_queue)) { 473 rfcomm_send_disc(s, d->dlci); 474 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 475 } else { 476 rfcomm_queue_disc(d); 477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 478 } 479 break; 480 481 case BT_OPEN: 482 case BT_CONNECT2: 483 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 484 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 485 rfcomm_schedule(RFCOMM_SCHED_AUTH); 486 break; 487 } 488 /* Fall through */ 489 490 default: 491 rfcomm_dlc_clear_timer(d); 492 493 rfcomm_dlc_lock(d); 494 d->state = BT_CLOSED; 495 d->state_change(d, err); 496 rfcomm_dlc_unlock(d); 497 498 skb_queue_purge(&d->tx_queue); 499 rfcomm_dlc_unlink(d); 500 } 501 502 return 0; 503 } 504 505 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 506 { 507 int r; 508 509 rfcomm_lock(); 510 511 r = __rfcomm_dlc_close(d, err); 512 513 rfcomm_unlock(); 514 return r; 515 } 516 517 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 518 { 519 int len = skb->len; 520 521 if (d->state != BT_CONNECTED) 522 return -ENOTCONN; 523 524 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 525 526 if (len > d->mtu) 527 return -EINVAL; 528 529 rfcomm_make_uih(skb, d->addr); 530 skb_queue_tail(&d->tx_queue, skb); 531 532 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 533 rfcomm_schedule(RFCOMM_SCHED_TX); 534 return len; 535 } 536 537 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 538 { 539 BT_DBG("dlc %p state %ld", d, d->state); 540 541 if (!d->cfc) { 542 d->v24_sig |= RFCOMM_V24_FC; 543 set_bit(RFCOMM_MSC_PENDING, &d->flags); 544 } 545 rfcomm_schedule(RFCOMM_SCHED_TX); 546 } 547 548 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 549 { 550 BT_DBG("dlc %p state %ld", d, d->state); 551 552 if (!d->cfc) { 553 d->v24_sig &= ~RFCOMM_V24_FC; 554 set_bit(RFCOMM_MSC_PENDING, &d->flags); 555 } 556 rfcomm_schedule(RFCOMM_SCHED_TX); 557 } 558 559 /* 560 Set/get modem status functions use _local_ status i.e. what we report 561 to the other side. 562 Remote status is provided by dlc->modem_status() callback. 563 */ 564 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 565 { 566 BT_DBG("dlc %p state %ld v24_sig 0x%x", 567 d, d->state, v24_sig); 568 569 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 570 v24_sig |= RFCOMM_V24_FC; 571 else 572 v24_sig &= ~RFCOMM_V24_FC; 573 574 d->v24_sig = v24_sig; 575 576 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 577 rfcomm_schedule(RFCOMM_SCHED_TX); 578 579 return 0; 580 } 581 582 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 583 { 584 BT_DBG("dlc %p state %ld v24_sig 0x%x", 585 d, d->state, d->v24_sig); 586 587 *v24_sig = d->v24_sig; 588 return 0; 589 } 590 591 /* ---- RFCOMM sessions ---- */ 592 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 593 { 594 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 595 596 if (!s) 597 return NULL; 598 599 BT_DBG("session %p sock %p", s, sock); 600 601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 602 603 INIT_LIST_HEAD(&s->dlcs); 604 s->state = state; 605 s->sock = sock; 606 607 s->mtu = RFCOMM_DEFAULT_MTU; 608 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 609 610 /* Do not increment module usage count for listening sessions. 611 * Otherwise we won't be able to unload the module. */ 612 if (state != BT_LISTEN) 613 if (!try_module_get(THIS_MODULE)) { 614 kfree(s); 615 return NULL; 616 } 617 618 list_add(&s->list, &session_list); 619 620 return s; 621 } 622 623 static void rfcomm_session_del(struct rfcomm_session *s) 624 { 625 int state = s->state; 626 627 BT_DBG("session %p state %ld", s, s->state); 628 629 list_del(&s->list); 630 631 if (state == BT_CONNECTED) 632 rfcomm_send_disc(s, 0); 633 634 rfcomm_session_clear_timer(s); 635 sock_release(s->sock); 636 kfree(s); 637 638 if (state != BT_LISTEN) 639 module_put(THIS_MODULE); 640 } 641 642 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 643 { 644 struct rfcomm_session *s; 645 struct list_head *p, *n; 646 struct bt_sock *sk; 647 list_for_each_safe(p, n, &session_list) { 648 s = list_entry(p, struct rfcomm_session, list); 649 sk = bt_sk(s->sock->sk); 650 651 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 652 !bacmp(&sk->dst, dst)) 653 return s; 654 } 655 return NULL; 656 } 657 658 static void rfcomm_session_close(struct rfcomm_session *s, int err) 659 { 660 struct rfcomm_dlc *d; 661 struct list_head *p, *n; 662 663 BT_DBG("session %p state %ld err %d", s, s->state, err); 664 665 rfcomm_session_hold(s); 666 667 s->state = BT_CLOSED; 668 669 /* Close all dlcs */ 670 list_for_each_safe(p, n, &s->dlcs) { 671 d = list_entry(p, struct rfcomm_dlc, list); 672 d->state = BT_CLOSED; 673 __rfcomm_dlc_close(d, err); 674 } 675 676 rfcomm_session_clear_timer(s); 677 rfcomm_session_put(s); 678 } 679 680 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 681 { 682 struct rfcomm_session *s = NULL; 683 struct sockaddr_l2 addr; 684 struct socket *sock; 685 struct sock *sk; 686 687 BT_DBG("%s %s", batostr(src), batostr(dst)); 688 689 *err = rfcomm_l2sock_create(&sock); 690 if (*err < 0) 691 return NULL; 692 693 bacpy(&addr.l2_bdaddr, src); 694 addr.l2_family = AF_BLUETOOTH; 695 addr.l2_psm = 0; 696 addr.l2_cid = 0; 697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 698 if (*err < 0) 699 goto failed; 700 701 /* Set L2CAP options */ 702 sk = sock->sk; 703 lock_sock(sk); 704 l2cap_pi(sk)->imtu = l2cap_mtu; 705 release_sock(sk); 706 707 s = rfcomm_session_add(sock, BT_BOUND); 708 if (!s) { 709 *err = -ENOMEM; 710 goto failed; 711 } 712 713 s->initiator = 1; 714 715 bacpy(&addr.l2_bdaddr, dst); 716 addr.l2_family = AF_BLUETOOTH; 717 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 718 addr.l2_cid = 0; 719 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 720 if (*err == 0 || *err == -EINPROGRESS) 721 return s; 722 723 rfcomm_session_del(s); 724 return NULL; 725 726 failed: 727 sock_release(sock); 728 return NULL; 729 } 730 731 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 732 { 733 struct sock *sk = s->sock->sk; 734 if (src) 735 bacpy(src, &bt_sk(sk)->src); 736 if (dst) 737 bacpy(dst, &bt_sk(sk)->dst); 738 } 739 740 /* ---- RFCOMM frame sending ---- */ 741 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 742 { 743 struct socket *sock = s->sock; 744 struct kvec iv = { data, len }; 745 struct msghdr msg; 746 747 BT_DBG("session %p len %d", s, len); 748 749 memset(&msg, 0, sizeof(msg)); 750 751 return kernel_sendmsg(sock, &msg, &iv, 1, len); 752 } 753 754 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 755 { 756 struct rfcomm_cmd cmd; 757 758 BT_DBG("%p dlci %d", s, dlci); 759 760 cmd.addr = __addr(s->initiator, dlci); 761 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 762 cmd.len = __len8(0); 763 cmd.fcs = __fcs2((u8 *) &cmd); 764 765 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 766 } 767 768 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 769 { 770 struct rfcomm_cmd cmd; 771 772 BT_DBG("%p dlci %d", s, dlci); 773 774 cmd.addr = __addr(!s->initiator, dlci); 775 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 776 cmd.len = __len8(0); 777 cmd.fcs = __fcs2((u8 *) &cmd); 778 779 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 780 } 781 782 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 783 { 784 struct rfcomm_cmd cmd; 785 786 BT_DBG("%p dlci %d", s, dlci); 787 788 cmd.addr = __addr(s->initiator, dlci); 789 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 790 cmd.len = __len8(0); 791 cmd.fcs = __fcs2((u8 *) &cmd); 792 793 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 794 } 795 796 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 797 { 798 struct rfcomm_cmd *cmd; 799 struct sk_buff *skb; 800 801 BT_DBG("dlc %p dlci %d", d, d->dlci); 802 803 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 804 if (!skb) 805 return -ENOMEM; 806 807 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 808 cmd->addr = d->addr; 809 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 810 cmd->len = __len8(0); 811 cmd->fcs = __fcs2((u8 *) cmd); 812 813 skb_queue_tail(&d->tx_queue, skb); 814 rfcomm_schedule(RFCOMM_SCHED_TX); 815 return 0; 816 } 817 818 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 819 { 820 struct rfcomm_cmd cmd; 821 822 BT_DBG("%p dlci %d", s, dlci); 823 824 cmd.addr = __addr(!s->initiator, dlci); 825 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 826 cmd.len = __len8(0); 827 cmd.fcs = __fcs2((u8 *) &cmd); 828 829 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 830 } 831 832 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 833 { 834 struct rfcomm_hdr *hdr; 835 struct rfcomm_mcc *mcc; 836 u8 buf[16], *ptr = buf; 837 838 BT_DBG("%p cr %d type %d", s, cr, type); 839 840 hdr = (void *) ptr; ptr += sizeof(*hdr); 841 hdr->addr = __addr(s->initiator, 0); 842 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 843 hdr->len = __len8(sizeof(*mcc) + 1); 844 845 mcc = (void *) ptr; ptr += sizeof(*mcc); 846 mcc->type = __mcc_type(cr, RFCOMM_NSC); 847 mcc->len = __len8(1); 848 849 /* Type that we didn't like */ 850 *ptr = __mcc_type(cr, type); ptr++; 851 852 *ptr = __fcs(buf); ptr++; 853 854 return rfcomm_send_frame(s, buf, ptr - buf); 855 } 856 857 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 858 { 859 struct rfcomm_hdr *hdr; 860 struct rfcomm_mcc *mcc; 861 struct rfcomm_pn *pn; 862 u8 buf[16], *ptr = buf; 863 864 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 865 866 hdr = (void *) ptr; ptr += sizeof(*hdr); 867 hdr->addr = __addr(s->initiator, 0); 868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 869 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 870 871 mcc = (void *) ptr; ptr += sizeof(*mcc); 872 mcc->type = __mcc_type(cr, RFCOMM_PN); 873 mcc->len = __len8(sizeof(*pn)); 874 875 pn = (void *) ptr; ptr += sizeof(*pn); 876 pn->dlci = d->dlci; 877 pn->priority = d->priority; 878 pn->ack_timer = 0; 879 pn->max_retrans = 0; 880 881 if (s->cfc) { 882 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 883 pn->credits = RFCOMM_DEFAULT_CREDITS; 884 } else { 885 pn->flow_ctrl = 0; 886 pn->credits = 0; 887 } 888 889 if (cr && channel_mtu >= 0) 890 pn->mtu = cpu_to_le16(channel_mtu); 891 else 892 pn->mtu = cpu_to_le16(d->mtu); 893 894 *ptr = __fcs(buf); ptr++; 895 896 return rfcomm_send_frame(s, buf, ptr - buf); 897 } 898 899 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 900 u8 bit_rate, u8 data_bits, u8 stop_bits, 901 u8 parity, u8 flow_ctrl_settings, 902 u8 xon_char, u8 xoff_char, u16 param_mask) 903 { 904 struct rfcomm_hdr *hdr; 905 struct rfcomm_mcc *mcc; 906 struct rfcomm_rpn *rpn; 907 u8 buf[16], *ptr = buf; 908 909 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 910 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 911 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 912 flow_ctrl_settings, xon_char, xoff_char, param_mask); 913 914 hdr = (void *) ptr; ptr += sizeof(*hdr); 915 hdr->addr = __addr(s->initiator, 0); 916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 917 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 918 919 mcc = (void *) ptr; ptr += sizeof(*mcc); 920 mcc->type = __mcc_type(cr, RFCOMM_RPN); 921 mcc->len = __len8(sizeof(*rpn)); 922 923 rpn = (void *) ptr; ptr += sizeof(*rpn); 924 rpn->dlci = __addr(1, dlci); 925 rpn->bit_rate = bit_rate; 926 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 927 rpn->flow_ctrl = flow_ctrl_settings; 928 rpn->xon_char = xon_char; 929 rpn->xoff_char = xoff_char; 930 rpn->param_mask = cpu_to_le16(param_mask); 931 932 *ptr = __fcs(buf); ptr++; 933 934 return rfcomm_send_frame(s, buf, ptr - buf); 935 } 936 937 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 938 { 939 struct rfcomm_hdr *hdr; 940 struct rfcomm_mcc *mcc; 941 struct rfcomm_rls *rls; 942 u8 buf[16], *ptr = buf; 943 944 BT_DBG("%p cr %d status 0x%x", s, cr, status); 945 946 hdr = (void *) ptr; ptr += sizeof(*hdr); 947 hdr->addr = __addr(s->initiator, 0); 948 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 949 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 950 951 mcc = (void *) ptr; ptr += sizeof(*mcc); 952 mcc->type = __mcc_type(cr, RFCOMM_RLS); 953 mcc->len = __len8(sizeof(*rls)); 954 955 rls = (void *) ptr; ptr += sizeof(*rls); 956 rls->dlci = __addr(1, dlci); 957 rls->status = status; 958 959 *ptr = __fcs(buf); ptr++; 960 961 return rfcomm_send_frame(s, buf, ptr - buf); 962 } 963 964 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 965 { 966 struct rfcomm_hdr *hdr; 967 struct rfcomm_mcc *mcc; 968 struct rfcomm_msc *msc; 969 u8 buf[16], *ptr = buf; 970 971 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 972 973 hdr = (void *) ptr; ptr += sizeof(*hdr); 974 hdr->addr = __addr(s->initiator, 0); 975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 976 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 977 978 mcc = (void *) ptr; ptr += sizeof(*mcc); 979 mcc->type = __mcc_type(cr, RFCOMM_MSC); 980 mcc->len = __len8(sizeof(*msc)); 981 982 msc = (void *) ptr; ptr += sizeof(*msc); 983 msc->dlci = __addr(1, dlci); 984 msc->v24_sig = v24_sig | 0x01; 985 986 *ptr = __fcs(buf); ptr++; 987 988 return rfcomm_send_frame(s, buf, ptr - buf); 989 } 990 991 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 992 { 993 struct rfcomm_hdr *hdr; 994 struct rfcomm_mcc *mcc; 995 u8 buf[16], *ptr = buf; 996 997 BT_DBG("%p cr %d", s, cr); 998 999 hdr = (void *) ptr; ptr += sizeof(*hdr); 1000 hdr->addr = __addr(s->initiator, 0); 1001 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1002 hdr->len = __len8(sizeof(*mcc)); 1003 1004 mcc = (void *) ptr; ptr += sizeof(*mcc); 1005 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1006 mcc->len = __len8(0); 1007 1008 *ptr = __fcs(buf); ptr++; 1009 1010 return rfcomm_send_frame(s, buf, ptr - buf); 1011 } 1012 1013 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1014 { 1015 struct rfcomm_hdr *hdr; 1016 struct rfcomm_mcc *mcc; 1017 u8 buf[16], *ptr = buf; 1018 1019 BT_DBG("%p cr %d", s, cr); 1020 1021 hdr = (void *) ptr; ptr += sizeof(*hdr); 1022 hdr->addr = __addr(s->initiator, 0); 1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1024 hdr->len = __len8(sizeof(*mcc)); 1025 1026 mcc = (void *) ptr; ptr += sizeof(*mcc); 1027 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1028 mcc->len = __len8(0); 1029 1030 *ptr = __fcs(buf); ptr++; 1031 1032 return rfcomm_send_frame(s, buf, ptr - buf); 1033 } 1034 1035 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1036 { 1037 struct socket *sock = s->sock; 1038 struct kvec iv[3]; 1039 struct msghdr msg; 1040 unsigned char hdr[5], crc[1]; 1041 1042 if (len > 125) 1043 return -EINVAL; 1044 1045 BT_DBG("%p cr %d", s, cr); 1046 1047 hdr[0] = __addr(s->initiator, 0); 1048 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1049 hdr[2] = 0x01 | ((len + 2) << 1); 1050 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1051 hdr[4] = 0x01 | (len << 1); 1052 1053 crc[0] = __fcs(hdr); 1054 1055 iv[0].iov_base = hdr; 1056 iv[0].iov_len = 5; 1057 iv[1].iov_base = pattern; 1058 iv[1].iov_len = len; 1059 iv[2].iov_base = crc; 1060 iv[2].iov_len = 1; 1061 1062 memset(&msg, 0, sizeof(msg)); 1063 1064 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1065 } 1066 1067 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1068 { 1069 struct rfcomm_hdr *hdr; 1070 u8 buf[16], *ptr = buf; 1071 1072 BT_DBG("%p addr %d credits %d", s, addr, credits); 1073 1074 hdr = (void *) ptr; ptr += sizeof(*hdr); 1075 hdr->addr = addr; 1076 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1077 hdr->len = __len8(0); 1078 1079 *ptr = credits; ptr++; 1080 1081 *ptr = __fcs(buf); ptr++; 1082 1083 return rfcomm_send_frame(s, buf, ptr - buf); 1084 } 1085 1086 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1087 { 1088 struct rfcomm_hdr *hdr; 1089 int len = skb->len; 1090 u8 *crc; 1091 1092 if (len > 127) { 1093 hdr = (void *) skb_push(skb, 4); 1094 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1095 } else { 1096 hdr = (void *) skb_push(skb, 3); 1097 hdr->len = __len8(len); 1098 } 1099 hdr->addr = addr; 1100 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1101 1102 crc = skb_put(skb, 1); 1103 *crc = __fcs((void *) hdr); 1104 } 1105 1106 /* ---- RFCOMM frame reception ---- */ 1107 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1108 { 1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1110 1111 if (dlci) { 1112 /* Data channel */ 1113 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1114 if (!d) { 1115 rfcomm_send_dm(s, dlci); 1116 return 0; 1117 } 1118 1119 switch (d->state) { 1120 case BT_CONNECT: 1121 rfcomm_dlc_clear_timer(d); 1122 1123 rfcomm_dlc_lock(d); 1124 d->state = BT_CONNECTED; 1125 d->state_change(d, 0); 1126 rfcomm_dlc_unlock(d); 1127 1128 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1129 break; 1130 1131 case BT_DISCONN: 1132 d->state = BT_CLOSED; 1133 __rfcomm_dlc_close(d, 0); 1134 1135 if (list_empty(&s->dlcs)) { 1136 s->state = BT_DISCONN; 1137 rfcomm_send_disc(s, 0); 1138 } 1139 1140 break; 1141 } 1142 } else { 1143 /* Control channel */ 1144 switch (s->state) { 1145 case BT_CONNECT: 1146 s->state = BT_CONNECTED; 1147 rfcomm_process_connect(s); 1148 break; 1149 1150 case BT_DISCONN: 1151 rfcomm_session_put(s); 1152 break; 1153 } 1154 } 1155 return 0; 1156 } 1157 1158 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1159 { 1160 int err = 0; 1161 1162 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1163 1164 if (dlci) { 1165 /* Data DLC */ 1166 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1167 if (d) { 1168 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1169 err = ECONNREFUSED; 1170 else 1171 err = ECONNRESET; 1172 1173 d->state = BT_CLOSED; 1174 __rfcomm_dlc_close(d, err); 1175 } 1176 } else { 1177 if (s->state == BT_CONNECT) 1178 err = ECONNREFUSED; 1179 else 1180 err = ECONNRESET; 1181 1182 s->state = BT_CLOSED; 1183 rfcomm_session_close(s, err); 1184 } 1185 return 0; 1186 } 1187 1188 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1189 { 1190 int err = 0; 1191 1192 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1193 1194 if (dlci) { 1195 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1196 if (d) { 1197 rfcomm_send_ua(s, dlci); 1198 1199 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1200 err = ECONNREFUSED; 1201 else 1202 err = ECONNRESET; 1203 1204 d->state = BT_CLOSED; 1205 __rfcomm_dlc_close(d, err); 1206 } else 1207 rfcomm_send_dm(s, dlci); 1208 1209 } else { 1210 rfcomm_send_ua(s, 0); 1211 1212 if (s->state == BT_CONNECT) 1213 err = ECONNREFUSED; 1214 else 1215 err = ECONNRESET; 1216 1217 s->state = BT_CLOSED; 1218 rfcomm_session_close(s, err); 1219 } 1220 1221 return 0; 1222 } 1223 1224 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1225 { 1226 struct sock *sk = d->session->sock->sk; 1227 1228 BT_DBG("dlc %p", d); 1229 1230 rfcomm_send_ua(d->session, d->dlci); 1231 1232 rfcomm_dlc_clear_timer(d); 1233 1234 rfcomm_dlc_lock(d); 1235 d->state = BT_CONNECTED; 1236 d->state_change(d, 0); 1237 rfcomm_dlc_unlock(d); 1238 1239 if (d->role_switch) 1240 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1241 1242 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1243 } 1244 1245 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1246 { 1247 if (rfcomm_check_security(d)) { 1248 if (d->defer_setup) { 1249 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1250 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1251 1252 rfcomm_dlc_lock(d); 1253 d->state = BT_CONNECT2; 1254 d->state_change(d, 0); 1255 rfcomm_dlc_unlock(d); 1256 } else 1257 rfcomm_dlc_accept(d); 1258 } else { 1259 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1260 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1261 } 1262 } 1263 1264 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1265 { 1266 struct rfcomm_dlc *d; 1267 u8 channel; 1268 1269 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1270 1271 if (!dlci) { 1272 rfcomm_send_ua(s, 0); 1273 1274 if (s->state == BT_OPEN) { 1275 s->state = BT_CONNECTED; 1276 rfcomm_process_connect(s); 1277 } 1278 return 0; 1279 } 1280 1281 /* Check if DLC exists */ 1282 d = rfcomm_dlc_get(s, dlci); 1283 if (d) { 1284 if (d->state == BT_OPEN) { 1285 /* DLC was previously opened by PN request */ 1286 rfcomm_check_accept(d); 1287 } 1288 return 0; 1289 } 1290 1291 /* Notify socket layer about incoming connection */ 1292 channel = __srv_channel(dlci); 1293 if (rfcomm_connect_ind(s, channel, &d)) { 1294 d->dlci = dlci; 1295 d->addr = __addr(s->initiator, dlci); 1296 rfcomm_dlc_link(s, d); 1297 1298 rfcomm_check_accept(d); 1299 } else { 1300 rfcomm_send_dm(s, dlci); 1301 } 1302 1303 return 0; 1304 } 1305 1306 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1307 { 1308 struct rfcomm_session *s = d->session; 1309 1310 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1311 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1312 1313 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1314 pn->flow_ctrl == 0xe0) { 1315 d->cfc = RFCOMM_CFC_ENABLED; 1316 d->tx_credits = pn->credits; 1317 } else { 1318 d->cfc = RFCOMM_CFC_DISABLED; 1319 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1320 } 1321 1322 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1323 s->cfc = d->cfc; 1324 1325 d->priority = pn->priority; 1326 1327 d->mtu = __le16_to_cpu(pn->mtu); 1328 1329 if (cr && d->mtu > s->mtu) 1330 d->mtu = s->mtu; 1331 1332 return 0; 1333 } 1334 1335 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1336 { 1337 struct rfcomm_pn *pn = (void *) skb->data; 1338 struct rfcomm_dlc *d; 1339 u8 dlci = pn->dlci; 1340 1341 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1342 1343 if (!dlci) 1344 return 0; 1345 1346 d = rfcomm_dlc_get(s, dlci); 1347 if (d) { 1348 if (cr) { 1349 /* PN request */ 1350 rfcomm_apply_pn(d, cr, pn); 1351 rfcomm_send_pn(s, 0, d); 1352 } else { 1353 /* PN response */ 1354 switch (d->state) { 1355 case BT_CONFIG: 1356 rfcomm_apply_pn(d, cr, pn); 1357 1358 d->state = BT_CONNECT; 1359 rfcomm_send_sabm(s, d->dlci); 1360 break; 1361 } 1362 } 1363 } else { 1364 u8 channel = __srv_channel(dlci); 1365 1366 if (!cr) 1367 return 0; 1368 1369 /* PN request for non existing DLC. 1370 * Assume incoming connection. */ 1371 if (rfcomm_connect_ind(s, channel, &d)) { 1372 d->dlci = dlci; 1373 d->addr = __addr(s->initiator, dlci); 1374 rfcomm_dlc_link(s, d); 1375 1376 rfcomm_apply_pn(d, cr, pn); 1377 1378 d->state = BT_OPEN; 1379 rfcomm_send_pn(s, 0, d); 1380 } else { 1381 rfcomm_send_dm(s, dlci); 1382 } 1383 } 1384 return 0; 1385 } 1386 1387 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1388 { 1389 struct rfcomm_rpn *rpn = (void *) skb->data; 1390 u8 dlci = __get_dlci(rpn->dlci); 1391 1392 u8 bit_rate = 0; 1393 u8 data_bits = 0; 1394 u8 stop_bits = 0; 1395 u8 parity = 0; 1396 u8 flow_ctrl = 0; 1397 u8 xon_char = 0; 1398 u8 xoff_char = 0; 1399 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1400 1401 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1402 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1403 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1404 1405 if (!cr) 1406 return 0; 1407 1408 if (len == 1) { 1409 /* This is a request, return default settings */ 1410 bit_rate = RFCOMM_RPN_BR_115200; 1411 data_bits = RFCOMM_RPN_DATA_8; 1412 stop_bits = RFCOMM_RPN_STOP_1; 1413 parity = RFCOMM_RPN_PARITY_NONE; 1414 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1415 xon_char = RFCOMM_RPN_XON_CHAR; 1416 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1417 goto rpn_out; 1418 } 1419 1420 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1421 * no parity, no flow control lines, normal XON/XOFF chars */ 1422 1423 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1424 bit_rate = rpn->bit_rate; 1425 if (bit_rate != RFCOMM_RPN_BR_115200) { 1426 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1427 bit_rate = RFCOMM_RPN_BR_115200; 1428 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1429 } 1430 } 1431 1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1433 data_bits = __get_rpn_data_bits(rpn->line_settings); 1434 if (data_bits != RFCOMM_RPN_DATA_8) { 1435 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1436 data_bits = RFCOMM_RPN_DATA_8; 1437 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1438 } 1439 } 1440 1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1442 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1443 if (stop_bits != RFCOMM_RPN_STOP_1) { 1444 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1445 stop_bits = RFCOMM_RPN_STOP_1; 1446 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1447 } 1448 } 1449 1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1451 parity = __get_rpn_parity(rpn->line_settings); 1452 if (parity != RFCOMM_RPN_PARITY_NONE) { 1453 BT_DBG("RPN parity mismatch 0x%x", parity); 1454 parity = RFCOMM_RPN_PARITY_NONE; 1455 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1456 } 1457 } 1458 1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1460 flow_ctrl = rpn->flow_ctrl; 1461 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1462 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1463 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1464 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1465 } 1466 } 1467 1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1469 xon_char = rpn->xon_char; 1470 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1471 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1472 xon_char = RFCOMM_RPN_XON_CHAR; 1473 rpn_mask ^= RFCOMM_RPN_PM_XON; 1474 } 1475 } 1476 1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1478 xoff_char = rpn->xoff_char; 1479 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1480 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1481 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1482 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1483 } 1484 } 1485 1486 rpn_out: 1487 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1488 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1489 1490 return 0; 1491 } 1492 1493 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1494 { 1495 struct rfcomm_rls *rls = (void *) skb->data; 1496 u8 dlci = __get_dlci(rls->dlci); 1497 1498 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1499 1500 if (!cr) 1501 return 0; 1502 1503 /* We should probably do something with this information here. But 1504 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1505 * mandatory to recognise and respond to RLS */ 1506 1507 rfcomm_send_rls(s, 0, dlci, rls->status); 1508 1509 return 0; 1510 } 1511 1512 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1513 { 1514 struct rfcomm_msc *msc = (void *) skb->data; 1515 struct rfcomm_dlc *d; 1516 u8 dlci = __get_dlci(msc->dlci); 1517 1518 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1519 1520 d = rfcomm_dlc_get(s, dlci); 1521 if (!d) 1522 return 0; 1523 1524 if (cr) { 1525 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1526 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1527 else 1528 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1529 1530 rfcomm_dlc_lock(d); 1531 1532 d->remote_v24_sig = msc->v24_sig; 1533 1534 if (d->modem_status) 1535 d->modem_status(d, msc->v24_sig); 1536 1537 rfcomm_dlc_unlock(d); 1538 1539 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1540 1541 d->mscex |= RFCOMM_MSCEX_RX; 1542 } else 1543 d->mscex |= RFCOMM_MSCEX_TX; 1544 1545 return 0; 1546 } 1547 1548 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1549 { 1550 struct rfcomm_mcc *mcc = (void *) skb->data; 1551 u8 type, cr, len; 1552 1553 cr = __test_cr(mcc->type); 1554 type = __get_mcc_type(mcc->type); 1555 len = __get_mcc_len(mcc->len); 1556 1557 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1558 1559 skb_pull(skb, 2); 1560 1561 switch (type) { 1562 case RFCOMM_PN: 1563 rfcomm_recv_pn(s, cr, skb); 1564 break; 1565 1566 case RFCOMM_RPN: 1567 rfcomm_recv_rpn(s, cr, len, skb); 1568 break; 1569 1570 case RFCOMM_RLS: 1571 rfcomm_recv_rls(s, cr, skb); 1572 break; 1573 1574 case RFCOMM_MSC: 1575 rfcomm_recv_msc(s, cr, skb); 1576 break; 1577 1578 case RFCOMM_FCOFF: 1579 if (cr) { 1580 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1581 rfcomm_send_fcoff(s, 0); 1582 } 1583 break; 1584 1585 case RFCOMM_FCON: 1586 if (cr) { 1587 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1588 rfcomm_send_fcon(s, 0); 1589 } 1590 break; 1591 1592 case RFCOMM_TEST: 1593 if (cr) 1594 rfcomm_send_test(s, 0, skb->data, skb->len); 1595 break; 1596 1597 case RFCOMM_NSC: 1598 break; 1599 1600 default: 1601 BT_ERR("Unknown control type 0x%02x", type); 1602 rfcomm_send_nsc(s, cr, type); 1603 break; 1604 } 1605 return 0; 1606 } 1607 1608 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1609 { 1610 struct rfcomm_dlc *d; 1611 1612 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1613 1614 d = rfcomm_dlc_get(s, dlci); 1615 if (!d) { 1616 rfcomm_send_dm(s, dlci); 1617 goto drop; 1618 } 1619 1620 if (pf && d->cfc) { 1621 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1622 1623 d->tx_credits += credits; 1624 if (d->tx_credits) 1625 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1626 } 1627 1628 if (skb->len && d->state == BT_CONNECTED) { 1629 rfcomm_dlc_lock(d); 1630 d->rx_credits--; 1631 d->data_ready(d, skb); 1632 rfcomm_dlc_unlock(d); 1633 return 0; 1634 } 1635 1636 drop: 1637 kfree_skb(skb); 1638 return 0; 1639 } 1640 1641 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1642 { 1643 struct rfcomm_hdr *hdr = (void *) skb->data; 1644 u8 type, dlci, fcs; 1645 1646 dlci = __get_dlci(hdr->addr); 1647 type = __get_type(hdr->ctrl); 1648 1649 /* Trim FCS */ 1650 skb->len--; skb->tail--; 1651 fcs = *(u8 *)skb_tail_pointer(skb); 1652 1653 if (__check_fcs(skb->data, type, fcs)) { 1654 BT_ERR("bad checksum in packet"); 1655 kfree_skb(skb); 1656 return -EILSEQ; 1657 } 1658 1659 if (__test_ea(hdr->len)) 1660 skb_pull(skb, 3); 1661 else 1662 skb_pull(skb, 4); 1663 1664 switch (type) { 1665 case RFCOMM_SABM: 1666 if (__test_pf(hdr->ctrl)) 1667 rfcomm_recv_sabm(s, dlci); 1668 break; 1669 1670 case RFCOMM_DISC: 1671 if (__test_pf(hdr->ctrl)) 1672 rfcomm_recv_disc(s, dlci); 1673 break; 1674 1675 case RFCOMM_UA: 1676 if (__test_pf(hdr->ctrl)) 1677 rfcomm_recv_ua(s, dlci); 1678 break; 1679 1680 case RFCOMM_DM: 1681 rfcomm_recv_dm(s, dlci); 1682 break; 1683 1684 case RFCOMM_UIH: 1685 if (dlci) 1686 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1687 1688 rfcomm_recv_mcc(s, skb); 1689 break; 1690 1691 default: 1692 BT_ERR("Unknown packet type 0x%02x\n", type); 1693 break; 1694 } 1695 kfree_skb(skb); 1696 return 0; 1697 } 1698 1699 /* ---- Connection and data processing ---- */ 1700 1701 static void rfcomm_process_connect(struct rfcomm_session *s) 1702 { 1703 struct rfcomm_dlc *d; 1704 struct list_head *p, *n; 1705 1706 BT_DBG("session %p state %ld", s, s->state); 1707 1708 list_for_each_safe(p, n, &s->dlcs) { 1709 d = list_entry(p, struct rfcomm_dlc, list); 1710 if (d->state == BT_CONFIG) { 1711 d->mtu = s->mtu; 1712 if (rfcomm_check_security(d)) { 1713 rfcomm_send_pn(s, 1, d); 1714 } else { 1715 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1716 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1717 } 1718 } 1719 } 1720 } 1721 1722 /* Send data queued for the DLC. 1723 * Return number of frames left in the queue. 1724 */ 1725 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1726 { 1727 struct sk_buff *skb; 1728 int err; 1729 1730 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1731 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1732 1733 /* Send pending MSC */ 1734 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1735 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1736 1737 if (d->cfc) { 1738 /* CFC enabled. 1739 * Give them some credits */ 1740 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1741 d->rx_credits <= (d->cfc >> 2)) { 1742 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1743 d->rx_credits = d->cfc; 1744 } 1745 } else { 1746 /* CFC disabled. 1747 * Give ourselves some credits */ 1748 d->tx_credits = 5; 1749 } 1750 1751 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1752 return skb_queue_len(&d->tx_queue); 1753 1754 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1755 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1756 if (err < 0) { 1757 skb_queue_head(&d->tx_queue, skb); 1758 break; 1759 } 1760 kfree_skb(skb); 1761 d->tx_credits--; 1762 } 1763 1764 if (d->cfc && !d->tx_credits) { 1765 /* We're out of TX credits. 1766 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1767 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1768 } 1769 1770 return skb_queue_len(&d->tx_queue); 1771 } 1772 1773 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1774 { 1775 struct rfcomm_dlc *d; 1776 struct list_head *p, *n; 1777 1778 BT_DBG("session %p state %ld", s, s->state); 1779 1780 list_for_each_safe(p, n, &s->dlcs) { 1781 d = list_entry(p, struct rfcomm_dlc, list); 1782 1783 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1784 __rfcomm_dlc_close(d, ETIMEDOUT); 1785 continue; 1786 } 1787 1788 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1789 rfcomm_dlc_clear_timer(d); 1790 if (d->out) { 1791 rfcomm_send_pn(s, 1, d); 1792 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1793 } else { 1794 if (d->defer_setup) { 1795 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1796 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1797 1798 rfcomm_dlc_lock(d); 1799 d->state = BT_CONNECT2; 1800 d->state_change(d, 0); 1801 rfcomm_dlc_unlock(d); 1802 } else 1803 rfcomm_dlc_accept(d); 1804 } 1805 continue; 1806 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1807 rfcomm_dlc_clear_timer(d); 1808 if (!d->out) 1809 rfcomm_send_dm(s, d->dlci); 1810 else 1811 d->state = BT_CLOSED; 1812 __rfcomm_dlc_close(d, ECONNREFUSED); 1813 continue; 1814 } 1815 1816 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1817 continue; 1818 1819 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1820 continue; 1821 1822 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1823 d->mscex == RFCOMM_MSCEX_OK) 1824 rfcomm_process_tx(d); 1825 } 1826 } 1827 1828 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1829 { 1830 struct socket *sock = s->sock; 1831 struct sock *sk = sock->sk; 1832 struct sk_buff *skb; 1833 1834 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1835 1836 /* Get data directly from socket receive queue without copying it. */ 1837 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1838 skb_orphan(skb); 1839 rfcomm_recv_frame(s, skb); 1840 } 1841 1842 if (sk->sk_state == BT_CLOSED) { 1843 if (!s->initiator) 1844 rfcomm_session_put(s); 1845 1846 rfcomm_session_close(s, sk->sk_err); 1847 } 1848 } 1849 1850 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1851 { 1852 struct socket *sock = s->sock, *nsock; 1853 int err; 1854 1855 /* Fast check for a new connection. 1856 * Avoids unnesesary socket allocations. */ 1857 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1858 return; 1859 1860 BT_DBG("session %p", s); 1861 1862 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1863 if (err < 0) 1864 return; 1865 1866 /* Set our callbacks */ 1867 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1868 nsock->sk->sk_state_change = rfcomm_l2state_change; 1869 1870 s = rfcomm_session_add(nsock, BT_OPEN); 1871 if (s) { 1872 rfcomm_session_hold(s); 1873 1874 /* We should adjust MTU on incoming sessions. 1875 * L2CAP MTU minus UIH header and FCS. */ 1876 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1877 1878 rfcomm_schedule(RFCOMM_SCHED_RX); 1879 } else 1880 sock_release(nsock); 1881 } 1882 1883 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1884 { 1885 struct sock *sk = s->sock->sk; 1886 1887 BT_DBG("%p state %ld", s, s->state); 1888 1889 switch(sk->sk_state) { 1890 case BT_CONNECTED: 1891 s->state = BT_CONNECT; 1892 1893 /* We can adjust MTU on outgoing sessions. 1894 * L2CAP MTU minus UIH header and FCS. */ 1895 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1896 1897 rfcomm_send_sabm(s, 0); 1898 break; 1899 1900 case BT_CLOSED: 1901 s->state = BT_CLOSED; 1902 rfcomm_session_close(s, sk->sk_err); 1903 break; 1904 } 1905 } 1906 1907 static inline void rfcomm_process_sessions(void) 1908 { 1909 struct list_head *p, *n; 1910 1911 rfcomm_lock(); 1912 1913 list_for_each_safe(p, n, &session_list) { 1914 struct rfcomm_session *s; 1915 s = list_entry(p, struct rfcomm_session, list); 1916 1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1918 s->state = BT_DISCONN; 1919 rfcomm_send_disc(s, 0); 1920 continue; 1921 } 1922 1923 if (s->state == BT_LISTEN) { 1924 rfcomm_accept_connection(s); 1925 continue; 1926 } 1927 1928 rfcomm_session_hold(s); 1929 1930 switch (s->state) { 1931 case BT_BOUND: 1932 rfcomm_check_connection(s); 1933 break; 1934 1935 default: 1936 rfcomm_process_rx(s); 1937 break; 1938 } 1939 1940 rfcomm_process_dlcs(s); 1941 1942 rfcomm_session_put(s); 1943 } 1944 1945 rfcomm_unlock(); 1946 } 1947 1948 static int rfcomm_add_listener(bdaddr_t *ba) 1949 { 1950 struct sockaddr_l2 addr; 1951 struct socket *sock; 1952 struct sock *sk; 1953 struct rfcomm_session *s; 1954 int err = 0; 1955 1956 /* Create socket */ 1957 err = rfcomm_l2sock_create(&sock); 1958 if (err < 0) { 1959 BT_ERR("Create socket failed %d", err); 1960 return err; 1961 } 1962 1963 /* Bind socket */ 1964 bacpy(&addr.l2_bdaddr, ba); 1965 addr.l2_family = AF_BLUETOOTH; 1966 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1967 addr.l2_cid = 0; 1968 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1969 if (err < 0) { 1970 BT_ERR("Bind failed %d", err); 1971 goto failed; 1972 } 1973 1974 /* Set L2CAP options */ 1975 sk = sock->sk; 1976 lock_sock(sk); 1977 l2cap_pi(sk)->imtu = l2cap_mtu; 1978 release_sock(sk); 1979 1980 /* Start listening on the socket */ 1981 err = kernel_listen(sock, 10); 1982 if (err) { 1983 BT_ERR("Listen failed %d", err); 1984 goto failed; 1985 } 1986 1987 /* Add listening session */ 1988 s = rfcomm_session_add(sock, BT_LISTEN); 1989 if (!s) 1990 goto failed; 1991 1992 rfcomm_session_hold(s); 1993 return 0; 1994 failed: 1995 sock_release(sock); 1996 return err; 1997 } 1998 1999 static void rfcomm_kill_listener(void) 2000 { 2001 struct rfcomm_session *s; 2002 struct list_head *p, *n; 2003 2004 BT_DBG(""); 2005 2006 list_for_each_safe(p, n, &session_list) { 2007 s = list_entry(p, struct rfcomm_session, list); 2008 rfcomm_session_del(s); 2009 } 2010 } 2011 2012 static int rfcomm_run(void *unused) 2013 { 2014 BT_DBG(""); 2015 2016 set_user_nice(current, -10); 2017 2018 rfcomm_add_listener(BDADDR_ANY); 2019 2020 while (!kthread_should_stop()) { 2021 set_current_state(TASK_INTERRUPTIBLE); 2022 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2023 /* No pending events. Let's sleep. 2024 * Incoming connections and data will wake us up. */ 2025 schedule(); 2026 } 2027 set_current_state(TASK_RUNNING); 2028 2029 /* Process stuff */ 2030 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2031 rfcomm_process_sessions(); 2032 } 2033 2034 rfcomm_kill_listener(); 2035 2036 return 0; 2037 } 2038 2039 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2040 { 2041 struct rfcomm_session *s; 2042 struct rfcomm_dlc *d; 2043 struct list_head *p, *n; 2044 2045 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2046 2047 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2048 if (!s) 2049 return; 2050 2051 rfcomm_session_hold(s); 2052 2053 list_for_each_safe(p, n, &s->dlcs) { 2054 d = list_entry(p, struct rfcomm_dlc, list); 2055 2056 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2057 rfcomm_dlc_clear_timer(d); 2058 if (status || encrypt == 0x00) { 2059 __rfcomm_dlc_close(d, ECONNREFUSED); 2060 continue; 2061 } 2062 } 2063 2064 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2065 if (d->sec_level == BT_SECURITY_MEDIUM) { 2066 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2067 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2068 continue; 2069 } else if (d->sec_level == BT_SECURITY_HIGH) { 2070 __rfcomm_dlc_close(d, ECONNREFUSED); 2071 continue; 2072 } 2073 } 2074 2075 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2076 continue; 2077 2078 if (!status) 2079 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2080 else 2081 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2082 } 2083 2084 rfcomm_session_put(s); 2085 2086 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2087 } 2088 2089 static struct hci_cb rfcomm_cb = { 2090 .name = "RFCOMM", 2091 .security_cfm = rfcomm_security_cfm 2092 }; 2093 2094 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2095 { 2096 struct rfcomm_session *s; 2097 struct list_head *pp, *p; 2098 char *str = buf; 2099 2100 rfcomm_lock(); 2101 2102 list_for_each(p, &session_list) { 2103 s = list_entry(p, struct rfcomm_session, list); 2104 list_for_each(pp, &s->dlcs) { 2105 struct sock *sk = s->sock->sk; 2106 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2107 2108 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2109 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2110 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2111 } 2112 } 2113 2114 rfcomm_unlock(); 2115 2116 return (str - buf); 2117 } 2118 2119 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2120 2121 /* ---- Initialization ---- */ 2122 static int __init rfcomm_init(void) 2123 { 2124 int err; 2125 2126 l2cap_load(); 2127 2128 hci_register_cb(&rfcomm_cb); 2129 2130 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2131 if (IS_ERR(rfcomm_thread)) { 2132 err = PTR_ERR(rfcomm_thread); 2133 goto unregister; 2134 } 2135 2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2137 BT_ERR("Failed to create RFCOMM info file"); 2138 2139 err = rfcomm_init_ttys(); 2140 if (err < 0) 2141 goto stop; 2142 2143 err = rfcomm_init_sockets(); 2144 if (err < 0) 2145 goto cleanup; 2146 2147 BT_INFO("RFCOMM ver %s", VERSION); 2148 2149 return 0; 2150 2151 cleanup: 2152 rfcomm_cleanup_ttys(); 2153 2154 stop: 2155 kthread_stop(rfcomm_thread); 2156 2157 unregister: 2158 hci_unregister_cb(&rfcomm_cb); 2159 2160 return err; 2161 } 2162 2163 static void __exit rfcomm_exit(void) 2164 { 2165 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2166 2167 hci_unregister_cb(&rfcomm_cb); 2168 2169 kthread_stop(rfcomm_thread); 2170 2171 rfcomm_cleanup_ttys(); 2172 2173 rfcomm_cleanup_sockets(); 2174 } 2175 2176 module_init(rfcomm_init); 2177 module_exit(rfcomm_exit); 2178 2179 module_param(disable_cfc, bool, 0644); 2180 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2181 2182 module_param(channel_mtu, int, 0644); 2183 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2184 2185 module_param(l2cap_mtu, uint, 0644); 2186 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2187 2188 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2189 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2190 MODULE_VERSION(VERSION); 2191 MODULE_LICENSE("GPL"); 2192 MODULE_ALIAS("bt-proto-3"); 2193