1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/debugfs.h> 37 #include <linux/seq_file.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <linux/slab.h> 42 43 #include <net/sock.h> 44 #include <asm/uaccess.h> 45 #include <asm/unaligned.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 #include <net/bluetooth/rfcomm.h> 51 52 #define VERSION "1.11" 53 54 static int disable_cfc = 0; 55 static int channel_mtu = -1; 56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 57 static int l2cap_ertm = 0; 58 59 static struct task_struct *rfcomm_thread; 60 61 static DEFINE_MUTEX(rfcomm_mutex); 62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 64 65 static unsigned long rfcomm_event; 66 67 static LIST_HEAD(session_list); 68 69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80 static void rfcomm_process_connect(struct rfcomm_session *s); 81 82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 83 bdaddr_t *dst, 84 u8 sec_level, 85 int *err); 86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87 static void rfcomm_session_del(struct rfcomm_session *s); 88 89 /* ---- RFCOMM frame parsing macros ---- */ 90 #define __get_dlci(b) ((b & 0xfc) >> 2) 91 #define __get_channel(b) ((b & 0xf8) >> 3) 92 #define __get_dir(b) ((b & 0x04) >> 2) 93 #define __get_type(b) ((b & 0xef)) 94 95 #define __test_ea(b) ((b & 0x01)) 96 #define __test_cr(b) ((b & 0x02)) 97 #define __test_pf(b) ((b & 0x10)) 98 99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102 #define __srv_channel(dlci) (dlci >> 1) 103 #define __dir(dlci) (dlci & 0x01) 104 105 #define __len8(len) (((len) << 1) | 1) 106 #define __len16(len) ((len) << 1) 107 108 /* MCC macros */ 109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 111 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113 /* RPN macros */ 114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115 #define __get_rpn_data_bits(line) ((line) & 0x3) 116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119 static inline void rfcomm_schedule(void) 120 { 121 if (!rfcomm_thread) 122 return; 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 124 wake_up_process(rfcomm_thread); 125 } 126 127 static inline void rfcomm_session_put(struct rfcomm_session *s) 128 { 129 if (atomic_dec_and_test(&s->refcnt)) 130 rfcomm_session_del(s); 131 } 132 133 /* ---- RFCOMM FCS computation ---- */ 134 135 /* reversed, 8-bit, poly=0x07 */ 136 static unsigned char rfcomm_crc_table[256] = { 137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 141 142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 146 147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 151 152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 156 157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 161 162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 166 167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 171 172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 176 }; 177 178 /* CRC on 2 bytes */ 179 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 180 181 /* FCS on 2 bytes */ 182 static inline u8 __fcs(u8 *data) 183 { 184 return 0xff - __crc(data); 185 } 186 187 /* FCS on 3 bytes */ 188 static inline u8 __fcs2(u8 *data) 189 { 190 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]]; 191 } 192 193 /* Check FCS */ 194 static inline int __check_fcs(u8 *data, int type, u8 fcs) 195 { 196 u8 f = __crc(data); 197 198 if (type != RFCOMM_UIH) 199 f = rfcomm_crc_table[f ^ data[2]]; 200 201 return rfcomm_crc_table[f ^ fcs] != 0xcf; 202 } 203 204 /* ---- L2CAP callbacks ---- */ 205 static void rfcomm_l2state_change(struct sock *sk) 206 { 207 BT_DBG("%p state %d", sk, sk->sk_state); 208 rfcomm_schedule(); 209 } 210 211 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 212 { 213 BT_DBG("%p bytes %d", sk, bytes); 214 rfcomm_schedule(); 215 } 216 217 static int rfcomm_l2sock_create(struct socket **sock) 218 { 219 int err; 220 221 BT_DBG(""); 222 223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 224 if (!err) { 225 struct sock *sk = (*sock)->sk; 226 sk->sk_data_ready = rfcomm_l2data_ready; 227 sk->sk_state_change = rfcomm_l2state_change; 228 } 229 return err; 230 } 231 232 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 233 { 234 struct sock *sk = d->session->sock->sk; 235 __u8 auth_type; 236 237 switch (d->sec_level) { 238 case BT_SECURITY_HIGH: 239 auth_type = HCI_AT_GENERAL_BONDING_MITM; 240 break; 241 case BT_SECURITY_MEDIUM: 242 auth_type = HCI_AT_GENERAL_BONDING; 243 break; 244 default: 245 auth_type = HCI_AT_NO_BONDING; 246 break; 247 } 248 249 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 250 auth_type); 251 } 252 253 static void rfcomm_session_timeout(unsigned long arg) 254 { 255 struct rfcomm_session *s = (void *) arg; 256 257 BT_DBG("session %p state %ld", s, s->state); 258 259 set_bit(RFCOMM_TIMED_OUT, &s->flags); 260 rfcomm_schedule(); 261 } 262 263 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 264 { 265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 266 267 if (!mod_timer(&s->timer, jiffies + timeout)) 268 rfcomm_session_hold(s); 269 } 270 271 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 272 { 273 BT_DBG("session %p state %ld", s, s->state); 274 275 if (timer_pending(&s->timer) && del_timer(&s->timer)) 276 rfcomm_session_put(s); 277 } 278 279 /* ---- RFCOMM DLCs ---- */ 280 static void rfcomm_dlc_timeout(unsigned long arg) 281 { 282 struct rfcomm_dlc *d = (void *) arg; 283 284 BT_DBG("dlc %p state %ld", d, d->state); 285 286 set_bit(RFCOMM_TIMED_OUT, &d->flags); 287 rfcomm_dlc_put(d); 288 rfcomm_schedule(); 289 } 290 291 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 292 { 293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 294 295 if (!mod_timer(&d->timer, jiffies + timeout)) 296 rfcomm_dlc_hold(d); 297 } 298 299 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 300 { 301 BT_DBG("dlc %p state %ld", d, d->state); 302 303 if (timer_pending(&d->timer) && del_timer(&d->timer)) 304 rfcomm_dlc_put(d); 305 } 306 307 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 308 { 309 BT_DBG("%p", d); 310 311 d->state = BT_OPEN; 312 d->flags = 0; 313 d->mscex = 0; 314 d->mtu = RFCOMM_DEFAULT_MTU; 315 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 316 317 d->cfc = RFCOMM_CFC_DISABLED; 318 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 319 } 320 321 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 322 { 323 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 324 325 if (!d) 326 return NULL; 327 328 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 329 330 skb_queue_head_init(&d->tx_queue); 331 spin_lock_init(&d->lock); 332 atomic_set(&d->refcnt, 1); 333 334 rfcomm_dlc_clear_state(d); 335 336 BT_DBG("%p", d); 337 338 return d; 339 } 340 341 void rfcomm_dlc_free(struct rfcomm_dlc *d) 342 { 343 BT_DBG("%p", d); 344 345 skb_queue_purge(&d->tx_queue); 346 kfree(d); 347 } 348 349 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 350 { 351 BT_DBG("dlc %p session %p", d, s); 352 353 rfcomm_session_hold(s); 354 355 rfcomm_session_clear_timer(s); 356 rfcomm_dlc_hold(d); 357 list_add(&d->list, &s->dlcs); 358 d->session = s; 359 } 360 361 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 362 { 363 struct rfcomm_session *s = d->session; 364 365 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 366 367 list_del(&d->list); 368 d->session = NULL; 369 rfcomm_dlc_put(d); 370 371 if (list_empty(&s->dlcs)) 372 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 373 374 rfcomm_session_put(s); 375 } 376 377 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 378 { 379 struct rfcomm_dlc *d; 380 struct list_head *p; 381 382 list_for_each(p, &s->dlcs) { 383 d = list_entry(p, struct rfcomm_dlc, list); 384 if (d->dlci == dlci) 385 return d; 386 } 387 return NULL; 388 } 389 390 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 391 { 392 struct rfcomm_session *s; 393 int err = 0; 394 u8 dlci; 395 396 BT_DBG("dlc %p state %ld %s %s channel %d", 397 d, d->state, batostr(src), batostr(dst), channel); 398 399 if (channel < 1 || channel > 30) 400 return -EINVAL; 401 402 if (d->state != BT_OPEN && d->state != BT_CLOSED) 403 return 0; 404 405 s = rfcomm_session_get(src, dst); 406 if (!s) { 407 s = rfcomm_session_create(src, dst, d->sec_level, &err); 408 if (!s) 409 return err; 410 } 411 412 dlci = __dlci(!s->initiator, channel); 413 414 /* Check if DLCI already exists */ 415 if (rfcomm_dlc_get(s, dlci)) 416 return -EBUSY; 417 418 rfcomm_dlc_clear_state(d); 419 420 d->dlci = dlci; 421 d->addr = __addr(s->initiator, dlci); 422 d->priority = 7; 423 424 d->state = BT_CONFIG; 425 rfcomm_dlc_link(s, d); 426 427 d->out = 1; 428 429 d->mtu = s->mtu; 430 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 431 432 if (s->state == BT_CONNECTED) { 433 if (rfcomm_check_security(d)) 434 rfcomm_send_pn(s, 1, d); 435 else 436 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 437 } 438 439 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 440 441 return 0; 442 } 443 444 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 445 { 446 int r; 447 448 rfcomm_lock(); 449 450 r = __rfcomm_dlc_open(d, src, dst, channel); 451 452 rfcomm_unlock(); 453 return r; 454 } 455 456 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 457 { 458 struct rfcomm_session *s = d->session; 459 if (!s) 460 return 0; 461 462 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 463 d, d->state, d->dlci, err, s); 464 465 switch (d->state) { 466 case BT_CONNECT: 467 case BT_CONFIG: 468 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 469 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 470 rfcomm_schedule(); 471 break; 472 } 473 /* Fall through */ 474 475 case BT_CONNECTED: 476 d->state = BT_DISCONN; 477 if (skb_queue_empty(&d->tx_queue)) { 478 rfcomm_send_disc(s, d->dlci); 479 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 480 } else { 481 rfcomm_queue_disc(d); 482 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 483 } 484 break; 485 486 case BT_OPEN: 487 case BT_CONNECT2: 488 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 489 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 490 rfcomm_schedule(); 491 break; 492 } 493 /* Fall through */ 494 495 default: 496 rfcomm_dlc_clear_timer(d); 497 498 rfcomm_dlc_lock(d); 499 d->state = BT_CLOSED; 500 d->state_change(d, err); 501 rfcomm_dlc_unlock(d); 502 503 skb_queue_purge(&d->tx_queue); 504 rfcomm_dlc_unlink(d); 505 } 506 507 return 0; 508 } 509 510 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 511 { 512 int r; 513 514 rfcomm_lock(); 515 516 r = __rfcomm_dlc_close(d, err); 517 518 rfcomm_unlock(); 519 return r; 520 } 521 522 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 523 { 524 int len = skb->len; 525 526 if (d->state != BT_CONNECTED) 527 return -ENOTCONN; 528 529 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 530 531 if (len > d->mtu) 532 return -EINVAL; 533 534 rfcomm_make_uih(skb, d->addr); 535 skb_queue_tail(&d->tx_queue, skb); 536 537 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 538 rfcomm_schedule(); 539 return len; 540 } 541 542 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 543 { 544 BT_DBG("dlc %p state %ld", d, d->state); 545 546 if (!d->cfc) { 547 d->v24_sig |= RFCOMM_V24_FC; 548 set_bit(RFCOMM_MSC_PENDING, &d->flags); 549 } 550 rfcomm_schedule(); 551 } 552 553 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 554 { 555 BT_DBG("dlc %p state %ld", d, d->state); 556 557 if (!d->cfc) { 558 d->v24_sig &= ~RFCOMM_V24_FC; 559 set_bit(RFCOMM_MSC_PENDING, &d->flags); 560 } 561 rfcomm_schedule(); 562 } 563 564 /* 565 Set/get modem status functions use _local_ status i.e. what we report 566 to the other side. 567 Remote status is provided by dlc->modem_status() callback. 568 */ 569 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 570 { 571 BT_DBG("dlc %p state %ld v24_sig 0x%x", 572 d, d->state, v24_sig); 573 574 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 575 v24_sig |= RFCOMM_V24_FC; 576 else 577 v24_sig &= ~RFCOMM_V24_FC; 578 579 d->v24_sig = v24_sig; 580 581 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 582 rfcomm_schedule(); 583 584 return 0; 585 } 586 587 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 588 { 589 BT_DBG("dlc %p state %ld v24_sig 0x%x", 590 d, d->state, d->v24_sig); 591 592 *v24_sig = d->v24_sig; 593 return 0; 594 } 595 596 /* ---- RFCOMM sessions ---- */ 597 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 598 { 599 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 600 601 if (!s) 602 return NULL; 603 604 BT_DBG("session %p sock %p", s, sock); 605 606 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 607 608 INIT_LIST_HEAD(&s->dlcs); 609 s->state = state; 610 s->sock = sock; 611 612 s->mtu = RFCOMM_DEFAULT_MTU; 613 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 614 615 /* Do not increment module usage count for listening sessions. 616 * Otherwise we won't be able to unload the module. */ 617 if (state != BT_LISTEN) 618 if (!try_module_get(THIS_MODULE)) { 619 kfree(s); 620 return NULL; 621 } 622 623 list_add(&s->list, &session_list); 624 625 return s; 626 } 627 628 static void rfcomm_session_del(struct rfcomm_session *s) 629 { 630 int state = s->state; 631 632 BT_DBG("session %p state %ld", s, s->state); 633 634 list_del(&s->list); 635 636 if (state == BT_CONNECTED) 637 rfcomm_send_disc(s, 0); 638 639 rfcomm_session_clear_timer(s); 640 sock_release(s->sock); 641 kfree(s); 642 643 if (state != BT_LISTEN) 644 module_put(THIS_MODULE); 645 } 646 647 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 648 { 649 struct rfcomm_session *s; 650 struct list_head *p, *n; 651 struct bt_sock *sk; 652 list_for_each_safe(p, n, &session_list) { 653 s = list_entry(p, struct rfcomm_session, list); 654 sk = bt_sk(s->sock->sk); 655 656 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 657 !bacmp(&sk->dst, dst)) 658 return s; 659 } 660 return NULL; 661 } 662 663 static void rfcomm_session_close(struct rfcomm_session *s, int err) 664 { 665 struct rfcomm_dlc *d; 666 struct list_head *p, *n; 667 668 BT_DBG("session %p state %ld err %d", s, s->state, err); 669 670 rfcomm_session_hold(s); 671 672 s->state = BT_CLOSED; 673 674 /* Close all dlcs */ 675 list_for_each_safe(p, n, &s->dlcs) { 676 d = list_entry(p, struct rfcomm_dlc, list); 677 d->state = BT_CLOSED; 678 __rfcomm_dlc_close(d, err); 679 } 680 681 rfcomm_session_clear_timer(s); 682 rfcomm_session_put(s); 683 } 684 685 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, 686 bdaddr_t *dst, 687 u8 sec_level, 688 int *err) 689 { 690 struct rfcomm_session *s = NULL; 691 struct sockaddr_l2 addr; 692 struct socket *sock; 693 struct sock *sk; 694 695 BT_DBG("%s %s", batostr(src), batostr(dst)); 696 697 *err = rfcomm_l2sock_create(&sock); 698 if (*err < 0) 699 return NULL; 700 701 bacpy(&addr.l2_bdaddr, src); 702 addr.l2_family = AF_BLUETOOTH; 703 addr.l2_psm = 0; 704 addr.l2_cid = 0; 705 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 706 if (*err < 0) 707 goto failed; 708 709 /* Set L2CAP options */ 710 sk = sock->sk; 711 lock_sock(sk); 712 l2cap_pi(sk)->imtu = l2cap_mtu; 713 l2cap_pi(sk)->sec_level = sec_level; 714 if (l2cap_ertm) 715 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 716 release_sock(sk); 717 718 s = rfcomm_session_add(sock, BT_BOUND); 719 if (!s) { 720 *err = -ENOMEM; 721 goto failed; 722 } 723 724 s->initiator = 1; 725 726 bacpy(&addr.l2_bdaddr, dst); 727 addr.l2_family = AF_BLUETOOTH; 728 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 729 addr.l2_cid = 0; 730 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 731 if (*err == 0 || *err == -EINPROGRESS) 732 return s; 733 734 rfcomm_session_del(s); 735 return NULL; 736 737 failed: 738 sock_release(sock); 739 return NULL; 740 } 741 742 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 743 { 744 struct sock *sk = s->sock->sk; 745 if (src) 746 bacpy(src, &bt_sk(sk)->src); 747 if (dst) 748 bacpy(dst, &bt_sk(sk)->dst); 749 } 750 751 /* ---- RFCOMM frame sending ---- */ 752 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 753 { 754 struct socket *sock = s->sock; 755 struct kvec iv = { data, len }; 756 struct msghdr msg; 757 758 BT_DBG("session %p len %d", s, len); 759 760 memset(&msg, 0, sizeof(msg)); 761 762 return kernel_sendmsg(sock, &msg, &iv, 1, len); 763 } 764 765 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 766 { 767 struct rfcomm_cmd cmd; 768 769 BT_DBG("%p dlci %d", s, dlci); 770 771 cmd.addr = __addr(s->initiator, dlci); 772 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 773 cmd.len = __len8(0); 774 cmd.fcs = __fcs2((u8 *) &cmd); 775 776 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 777 } 778 779 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 780 { 781 struct rfcomm_cmd cmd; 782 783 BT_DBG("%p dlci %d", s, dlci); 784 785 cmd.addr = __addr(!s->initiator, dlci); 786 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 787 cmd.len = __len8(0); 788 cmd.fcs = __fcs2((u8 *) &cmd); 789 790 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 791 } 792 793 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 794 { 795 struct rfcomm_cmd cmd; 796 797 BT_DBG("%p dlci %d", s, dlci); 798 799 cmd.addr = __addr(s->initiator, dlci); 800 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 801 cmd.len = __len8(0); 802 cmd.fcs = __fcs2((u8 *) &cmd); 803 804 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 805 } 806 807 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 808 { 809 struct rfcomm_cmd *cmd; 810 struct sk_buff *skb; 811 812 BT_DBG("dlc %p dlci %d", d, d->dlci); 813 814 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 815 if (!skb) 816 return -ENOMEM; 817 818 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 819 cmd->addr = d->addr; 820 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 821 cmd->len = __len8(0); 822 cmd->fcs = __fcs2((u8 *) cmd); 823 824 skb_queue_tail(&d->tx_queue, skb); 825 rfcomm_schedule(); 826 return 0; 827 } 828 829 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 830 { 831 struct rfcomm_cmd cmd; 832 833 BT_DBG("%p dlci %d", s, dlci); 834 835 cmd.addr = __addr(!s->initiator, dlci); 836 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 837 cmd.len = __len8(0); 838 cmd.fcs = __fcs2((u8 *) &cmd); 839 840 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 841 } 842 843 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 844 { 845 struct rfcomm_hdr *hdr; 846 struct rfcomm_mcc *mcc; 847 u8 buf[16], *ptr = buf; 848 849 BT_DBG("%p cr %d type %d", s, cr, type); 850 851 hdr = (void *) ptr; ptr += sizeof(*hdr); 852 hdr->addr = __addr(s->initiator, 0); 853 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 854 hdr->len = __len8(sizeof(*mcc) + 1); 855 856 mcc = (void *) ptr; ptr += sizeof(*mcc); 857 mcc->type = __mcc_type(cr, RFCOMM_NSC); 858 mcc->len = __len8(1); 859 860 /* Type that we didn't like */ 861 *ptr = __mcc_type(cr, type); ptr++; 862 863 *ptr = __fcs(buf); ptr++; 864 865 return rfcomm_send_frame(s, buf, ptr - buf); 866 } 867 868 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 869 { 870 struct rfcomm_hdr *hdr; 871 struct rfcomm_mcc *mcc; 872 struct rfcomm_pn *pn; 873 u8 buf[16], *ptr = buf; 874 875 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 876 877 hdr = (void *) ptr; ptr += sizeof(*hdr); 878 hdr->addr = __addr(s->initiator, 0); 879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 880 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 881 882 mcc = (void *) ptr; ptr += sizeof(*mcc); 883 mcc->type = __mcc_type(cr, RFCOMM_PN); 884 mcc->len = __len8(sizeof(*pn)); 885 886 pn = (void *) ptr; ptr += sizeof(*pn); 887 pn->dlci = d->dlci; 888 pn->priority = d->priority; 889 pn->ack_timer = 0; 890 pn->max_retrans = 0; 891 892 if (s->cfc) { 893 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 894 pn->credits = RFCOMM_DEFAULT_CREDITS; 895 } else { 896 pn->flow_ctrl = 0; 897 pn->credits = 0; 898 } 899 900 if (cr && channel_mtu >= 0) 901 pn->mtu = cpu_to_le16(channel_mtu); 902 else 903 pn->mtu = cpu_to_le16(d->mtu); 904 905 *ptr = __fcs(buf); ptr++; 906 907 return rfcomm_send_frame(s, buf, ptr - buf); 908 } 909 910 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 911 u8 bit_rate, u8 data_bits, u8 stop_bits, 912 u8 parity, u8 flow_ctrl_settings, 913 u8 xon_char, u8 xoff_char, u16 param_mask) 914 { 915 struct rfcomm_hdr *hdr; 916 struct rfcomm_mcc *mcc; 917 struct rfcomm_rpn *rpn; 918 u8 buf[16], *ptr = buf; 919 920 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 921 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 922 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 923 flow_ctrl_settings, xon_char, xoff_char, param_mask); 924 925 hdr = (void *) ptr; ptr += sizeof(*hdr); 926 hdr->addr = __addr(s->initiator, 0); 927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 928 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 929 930 mcc = (void *) ptr; ptr += sizeof(*mcc); 931 mcc->type = __mcc_type(cr, RFCOMM_RPN); 932 mcc->len = __len8(sizeof(*rpn)); 933 934 rpn = (void *) ptr; ptr += sizeof(*rpn); 935 rpn->dlci = __addr(1, dlci); 936 rpn->bit_rate = bit_rate; 937 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 938 rpn->flow_ctrl = flow_ctrl_settings; 939 rpn->xon_char = xon_char; 940 rpn->xoff_char = xoff_char; 941 rpn->param_mask = cpu_to_le16(param_mask); 942 943 *ptr = __fcs(buf); ptr++; 944 945 return rfcomm_send_frame(s, buf, ptr - buf); 946 } 947 948 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 949 { 950 struct rfcomm_hdr *hdr; 951 struct rfcomm_mcc *mcc; 952 struct rfcomm_rls *rls; 953 u8 buf[16], *ptr = buf; 954 955 BT_DBG("%p cr %d status 0x%x", s, cr, status); 956 957 hdr = (void *) ptr; ptr += sizeof(*hdr); 958 hdr->addr = __addr(s->initiator, 0); 959 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 960 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 961 962 mcc = (void *) ptr; ptr += sizeof(*mcc); 963 mcc->type = __mcc_type(cr, RFCOMM_RLS); 964 mcc->len = __len8(sizeof(*rls)); 965 966 rls = (void *) ptr; ptr += sizeof(*rls); 967 rls->dlci = __addr(1, dlci); 968 rls->status = status; 969 970 *ptr = __fcs(buf); ptr++; 971 972 return rfcomm_send_frame(s, buf, ptr - buf); 973 } 974 975 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 976 { 977 struct rfcomm_hdr *hdr; 978 struct rfcomm_mcc *mcc; 979 struct rfcomm_msc *msc; 980 u8 buf[16], *ptr = buf; 981 982 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 983 984 hdr = (void *) ptr; ptr += sizeof(*hdr); 985 hdr->addr = __addr(s->initiator, 0); 986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 987 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 988 989 mcc = (void *) ptr; ptr += sizeof(*mcc); 990 mcc->type = __mcc_type(cr, RFCOMM_MSC); 991 mcc->len = __len8(sizeof(*msc)); 992 993 msc = (void *) ptr; ptr += sizeof(*msc); 994 msc->dlci = __addr(1, dlci); 995 msc->v24_sig = v24_sig | 0x01; 996 997 *ptr = __fcs(buf); ptr++; 998 999 return rfcomm_send_frame(s, buf, ptr - buf); 1000 } 1001 1002 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 1003 { 1004 struct rfcomm_hdr *hdr; 1005 struct rfcomm_mcc *mcc; 1006 u8 buf[16], *ptr = buf; 1007 1008 BT_DBG("%p cr %d", s, cr); 1009 1010 hdr = (void *) ptr; ptr += sizeof(*hdr); 1011 hdr->addr = __addr(s->initiator, 0); 1012 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1013 hdr->len = __len8(sizeof(*mcc)); 1014 1015 mcc = (void *) ptr; ptr += sizeof(*mcc); 1016 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1017 mcc->len = __len8(0); 1018 1019 *ptr = __fcs(buf); ptr++; 1020 1021 return rfcomm_send_frame(s, buf, ptr - buf); 1022 } 1023 1024 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1025 { 1026 struct rfcomm_hdr *hdr; 1027 struct rfcomm_mcc *mcc; 1028 u8 buf[16], *ptr = buf; 1029 1030 BT_DBG("%p cr %d", s, cr); 1031 1032 hdr = (void *) ptr; ptr += sizeof(*hdr); 1033 hdr->addr = __addr(s->initiator, 0); 1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1035 hdr->len = __len8(sizeof(*mcc)); 1036 1037 mcc = (void *) ptr; ptr += sizeof(*mcc); 1038 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1039 mcc->len = __len8(0); 1040 1041 *ptr = __fcs(buf); ptr++; 1042 1043 return rfcomm_send_frame(s, buf, ptr - buf); 1044 } 1045 1046 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1047 { 1048 struct socket *sock = s->sock; 1049 struct kvec iv[3]; 1050 struct msghdr msg; 1051 unsigned char hdr[5], crc[1]; 1052 1053 if (len > 125) 1054 return -EINVAL; 1055 1056 BT_DBG("%p cr %d", s, cr); 1057 1058 hdr[0] = __addr(s->initiator, 0); 1059 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1060 hdr[2] = 0x01 | ((len + 2) << 1); 1061 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1062 hdr[4] = 0x01 | (len << 1); 1063 1064 crc[0] = __fcs(hdr); 1065 1066 iv[0].iov_base = hdr; 1067 iv[0].iov_len = 5; 1068 iv[1].iov_base = pattern; 1069 iv[1].iov_len = len; 1070 iv[2].iov_base = crc; 1071 iv[2].iov_len = 1; 1072 1073 memset(&msg, 0, sizeof(msg)); 1074 1075 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1076 } 1077 1078 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1079 { 1080 struct rfcomm_hdr *hdr; 1081 u8 buf[16], *ptr = buf; 1082 1083 BT_DBG("%p addr %d credits %d", s, addr, credits); 1084 1085 hdr = (void *) ptr; ptr += sizeof(*hdr); 1086 hdr->addr = addr; 1087 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1088 hdr->len = __len8(0); 1089 1090 *ptr = credits; ptr++; 1091 1092 *ptr = __fcs(buf); ptr++; 1093 1094 return rfcomm_send_frame(s, buf, ptr - buf); 1095 } 1096 1097 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1098 { 1099 struct rfcomm_hdr *hdr; 1100 int len = skb->len; 1101 u8 *crc; 1102 1103 if (len > 127) { 1104 hdr = (void *) skb_push(skb, 4); 1105 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1106 } else { 1107 hdr = (void *) skb_push(skb, 3); 1108 hdr->len = __len8(len); 1109 } 1110 hdr->addr = addr; 1111 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1112 1113 crc = skb_put(skb, 1); 1114 *crc = __fcs((void *) hdr); 1115 } 1116 1117 /* ---- RFCOMM frame reception ---- */ 1118 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1119 { 1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1121 1122 if (dlci) { 1123 /* Data channel */ 1124 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1125 if (!d) { 1126 rfcomm_send_dm(s, dlci); 1127 return 0; 1128 } 1129 1130 switch (d->state) { 1131 case BT_CONNECT: 1132 rfcomm_dlc_clear_timer(d); 1133 1134 rfcomm_dlc_lock(d); 1135 d->state = BT_CONNECTED; 1136 d->state_change(d, 0); 1137 rfcomm_dlc_unlock(d); 1138 1139 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1140 break; 1141 1142 case BT_DISCONN: 1143 d->state = BT_CLOSED; 1144 __rfcomm_dlc_close(d, 0); 1145 1146 if (list_empty(&s->dlcs)) { 1147 s->state = BT_DISCONN; 1148 rfcomm_send_disc(s, 0); 1149 } 1150 1151 break; 1152 } 1153 } else { 1154 /* Control channel */ 1155 switch (s->state) { 1156 case BT_CONNECT: 1157 s->state = BT_CONNECTED; 1158 rfcomm_process_connect(s); 1159 break; 1160 1161 case BT_DISCONN: 1162 /* When socket is closed and we are not RFCOMM 1163 * initiator rfcomm_process_rx already calls 1164 * rfcomm_session_put() */ 1165 if (s->sock->sk->sk_state != BT_CLOSED) 1166 rfcomm_session_put(s); 1167 break; 1168 } 1169 } 1170 return 0; 1171 } 1172 1173 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1174 { 1175 int err = 0; 1176 1177 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1178 1179 if (dlci) { 1180 /* Data DLC */ 1181 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1182 if (d) { 1183 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1184 err = ECONNREFUSED; 1185 else 1186 err = ECONNRESET; 1187 1188 d->state = BT_CLOSED; 1189 __rfcomm_dlc_close(d, err); 1190 } 1191 } else { 1192 if (s->state == BT_CONNECT) 1193 err = ECONNREFUSED; 1194 else 1195 err = ECONNRESET; 1196 1197 s->state = BT_CLOSED; 1198 rfcomm_session_close(s, err); 1199 } 1200 return 0; 1201 } 1202 1203 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1204 { 1205 int err = 0; 1206 1207 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1208 1209 if (dlci) { 1210 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1211 if (d) { 1212 rfcomm_send_ua(s, dlci); 1213 1214 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1215 err = ECONNREFUSED; 1216 else 1217 err = ECONNRESET; 1218 1219 d->state = BT_CLOSED; 1220 __rfcomm_dlc_close(d, err); 1221 } else 1222 rfcomm_send_dm(s, dlci); 1223 1224 } else { 1225 rfcomm_send_ua(s, 0); 1226 1227 if (s->state == BT_CONNECT) 1228 err = ECONNREFUSED; 1229 else 1230 err = ECONNRESET; 1231 1232 s->state = BT_CLOSED; 1233 rfcomm_session_close(s, err); 1234 } 1235 1236 return 0; 1237 } 1238 1239 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1240 { 1241 struct sock *sk = d->session->sock->sk; 1242 1243 BT_DBG("dlc %p", d); 1244 1245 rfcomm_send_ua(d->session, d->dlci); 1246 1247 rfcomm_dlc_clear_timer(d); 1248 1249 rfcomm_dlc_lock(d); 1250 d->state = BT_CONNECTED; 1251 d->state_change(d, 0); 1252 rfcomm_dlc_unlock(d); 1253 1254 if (d->role_switch) 1255 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1256 1257 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1258 } 1259 1260 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1261 { 1262 if (rfcomm_check_security(d)) { 1263 if (d->defer_setup) { 1264 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1265 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1266 1267 rfcomm_dlc_lock(d); 1268 d->state = BT_CONNECT2; 1269 d->state_change(d, 0); 1270 rfcomm_dlc_unlock(d); 1271 } else 1272 rfcomm_dlc_accept(d); 1273 } else { 1274 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1275 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1276 } 1277 } 1278 1279 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1280 { 1281 struct rfcomm_dlc *d; 1282 u8 channel; 1283 1284 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1285 1286 if (!dlci) { 1287 rfcomm_send_ua(s, 0); 1288 1289 if (s->state == BT_OPEN) { 1290 s->state = BT_CONNECTED; 1291 rfcomm_process_connect(s); 1292 } 1293 return 0; 1294 } 1295 1296 /* Check if DLC exists */ 1297 d = rfcomm_dlc_get(s, dlci); 1298 if (d) { 1299 if (d->state == BT_OPEN) { 1300 /* DLC was previously opened by PN request */ 1301 rfcomm_check_accept(d); 1302 } 1303 return 0; 1304 } 1305 1306 /* Notify socket layer about incoming connection */ 1307 channel = __srv_channel(dlci); 1308 if (rfcomm_connect_ind(s, channel, &d)) { 1309 d->dlci = dlci; 1310 d->addr = __addr(s->initiator, dlci); 1311 rfcomm_dlc_link(s, d); 1312 1313 rfcomm_check_accept(d); 1314 } else { 1315 rfcomm_send_dm(s, dlci); 1316 } 1317 1318 return 0; 1319 } 1320 1321 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1322 { 1323 struct rfcomm_session *s = d->session; 1324 1325 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1326 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1327 1328 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1329 pn->flow_ctrl == 0xe0) { 1330 d->cfc = RFCOMM_CFC_ENABLED; 1331 d->tx_credits = pn->credits; 1332 } else { 1333 d->cfc = RFCOMM_CFC_DISABLED; 1334 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1335 } 1336 1337 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1338 s->cfc = d->cfc; 1339 1340 d->priority = pn->priority; 1341 1342 d->mtu = __le16_to_cpu(pn->mtu); 1343 1344 if (cr && d->mtu > s->mtu) 1345 d->mtu = s->mtu; 1346 1347 return 0; 1348 } 1349 1350 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1351 { 1352 struct rfcomm_pn *pn = (void *) skb->data; 1353 struct rfcomm_dlc *d; 1354 u8 dlci = pn->dlci; 1355 1356 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1357 1358 if (!dlci) 1359 return 0; 1360 1361 d = rfcomm_dlc_get(s, dlci); 1362 if (d) { 1363 if (cr) { 1364 /* PN request */ 1365 rfcomm_apply_pn(d, cr, pn); 1366 rfcomm_send_pn(s, 0, d); 1367 } else { 1368 /* PN response */ 1369 switch (d->state) { 1370 case BT_CONFIG: 1371 rfcomm_apply_pn(d, cr, pn); 1372 1373 d->state = BT_CONNECT; 1374 rfcomm_send_sabm(s, d->dlci); 1375 break; 1376 } 1377 } 1378 } else { 1379 u8 channel = __srv_channel(dlci); 1380 1381 if (!cr) 1382 return 0; 1383 1384 /* PN request for non existing DLC. 1385 * Assume incoming connection. */ 1386 if (rfcomm_connect_ind(s, channel, &d)) { 1387 d->dlci = dlci; 1388 d->addr = __addr(s->initiator, dlci); 1389 rfcomm_dlc_link(s, d); 1390 1391 rfcomm_apply_pn(d, cr, pn); 1392 1393 d->state = BT_OPEN; 1394 rfcomm_send_pn(s, 0, d); 1395 } else { 1396 rfcomm_send_dm(s, dlci); 1397 } 1398 } 1399 return 0; 1400 } 1401 1402 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1403 { 1404 struct rfcomm_rpn *rpn = (void *) skb->data; 1405 u8 dlci = __get_dlci(rpn->dlci); 1406 1407 u8 bit_rate = 0; 1408 u8 data_bits = 0; 1409 u8 stop_bits = 0; 1410 u8 parity = 0; 1411 u8 flow_ctrl = 0; 1412 u8 xon_char = 0; 1413 u8 xoff_char = 0; 1414 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1415 1416 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1417 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1418 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1419 1420 if (!cr) 1421 return 0; 1422 1423 if (len == 1) { 1424 /* This is a request, return default (according to ETSI TS 07.10) settings */ 1425 bit_rate = RFCOMM_RPN_BR_9600; 1426 data_bits = RFCOMM_RPN_DATA_8; 1427 stop_bits = RFCOMM_RPN_STOP_1; 1428 parity = RFCOMM_RPN_PARITY_NONE; 1429 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1430 xon_char = RFCOMM_RPN_XON_CHAR; 1431 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1432 goto rpn_out; 1433 } 1434 1435 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1436 * no parity, no flow control lines, normal XON/XOFF chars */ 1437 1438 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1439 bit_rate = rpn->bit_rate; 1440 if (bit_rate > RFCOMM_RPN_BR_230400) { 1441 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1442 bit_rate = RFCOMM_RPN_BR_9600; 1443 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1444 } 1445 } 1446 1447 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1448 data_bits = __get_rpn_data_bits(rpn->line_settings); 1449 if (data_bits != RFCOMM_RPN_DATA_8) { 1450 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1451 data_bits = RFCOMM_RPN_DATA_8; 1452 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1453 } 1454 } 1455 1456 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1457 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1458 if (stop_bits != RFCOMM_RPN_STOP_1) { 1459 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1460 stop_bits = RFCOMM_RPN_STOP_1; 1461 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1462 } 1463 } 1464 1465 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1466 parity = __get_rpn_parity(rpn->line_settings); 1467 if (parity != RFCOMM_RPN_PARITY_NONE) { 1468 BT_DBG("RPN parity mismatch 0x%x", parity); 1469 parity = RFCOMM_RPN_PARITY_NONE; 1470 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1471 } 1472 } 1473 1474 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1475 flow_ctrl = rpn->flow_ctrl; 1476 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1477 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1478 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1479 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1480 } 1481 } 1482 1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1484 xon_char = rpn->xon_char; 1485 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1486 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1487 xon_char = RFCOMM_RPN_XON_CHAR; 1488 rpn_mask ^= RFCOMM_RPN_PM_XON; 1489 } 1490 } 1491 1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1493 xoff_char = rpn->xoff_char; 1494 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1495 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1496 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1497 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1498 } 1499 } 1500 1501 rpn_out: 1502 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1503 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1504 1505 return 0; 1506 } 1507 1508 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1509 { 1510 struct rfcomm_rls *rls = (void *) skb->data; 1511 u8 dlci = __get_dlci(rls->dlci); 1512 1513 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1514 1515 if (!cr) 1516 return 0; 1517 1518 /* We should probably do something with this information here. But 1519 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1520 * mandatory to recognise and respond to RLS */ 1521 1522 rfcomm_send_rls(s, 0, dlci, rls->status); 1523 1524 return 0; 1525 } 1526 1527 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1528 { 1529 struct rfcomm_msc *msc = (void *) skb->data; 1530 struct rfcomm_dlc *d; 1531 u8 dlci = __get_dlci(msc->dlci); 1532 1533 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1534 1535 d = rfcomm_dlc_get(s, dlci); 1536 if (!d) 1537 return 0; 1538 1539 if (cr) { 1540 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1541 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1542 else 1543 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1544 1545 rfcomm_dlc_lock(d); 1546 1547 d->remote_v24_sig = msc->v24_sig; 1548 1549 if (d->modem_status) 1550 d->modem_status(d, msc->v24_sig); 1551 1552 rfcomm_dlc_unlock(d); 1553 1554 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1555 1556 d->mscex |= RFCOMM_MSCEX_RX; 1557 } else 1558 d->mscex |= RFCOMM_MSCEX_TX; 1559 1560 return 0; 1561 } 1562 1563 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1564 { 1565 struct rfcomm_mcc *mcc = (void *) skb->data; 1566 u8 type, cr, len; 1567 1568 cr = __test_cr(mcc->type); 1569 type = __get_mcc_type(mcc->type); 1570 len = __get_mcc_len(mcc->len); 1571 1572 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1573 1574 skb_pull(skb, 2); 1575 1576 switch (type) { 1577 case RFCOMM_PN: 1578 rfcomm_recv_pn(s, cr, skb); 1579 break; 1580 1581 case RFCOMM_RPN: 1582 rfcomm_recv_rpn(s, cr, len, skb); 1583 break; 1584 1585 case RFCOMM_RLS: 1586 rfcomm_recv_rls(s, cr, skb); 1587 break; 1588 1589 case RFCOMM_MSC: 1590 rfcomm_recv_msc(s, cr, skb); 1591 break; 1592 1593 case RFCOMM_FCOFF: 1594 if (cr) { 1595 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1596 rfcomm_send_fcoff(s, 0); 1597 } 1598 break; 1599 1600 case RFCOMM_FCON: 1601 if (cr) { 1602 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1603 rfcomm_send_fcon(s, 0); 1604 } 1605 break; 1606 1607 case RFCOMM_TEST: 1608 if (cr) 1609 rfcomm_send_test(s, 0, skb->data, skb->len); 1610 break; 1611 1612 case RFCOMM_NSC: 1613 break; 1614 1615 default: 1616 BT_ERR("Unknown control type 0x%02x", type); 1617 rfcomm_send_nsc(s, cr, type); 1618 break; 1619 } 1620 return 0; 1621 } 1622 1623 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1624 { 1625 struct rfcomm_dlc *d; 1626 1627 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1628 1629 d = rfcomm_dlc_get(s, dlci); 1630 if (!d) { 1631 rfcomm_send_dm(s, dlci); 1632 goto drop; 1633 } 1634 1635 if (pf && d->cfc) { 1636 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1637 1638 d->tx_credits += credits; 1639 if (d->tx_credits) 1640 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1641 } 1642 1643 if (skb->len && d->state == BT_CONNECTED) { 1644 rfcomm_dlc_lock(d); 1645 d->rx_credits--; 1646 d->data_ready(d, skb); 1647 rfcomm_dlc_unlock(d); 1648 return 0; 1649 } 1650 1651 drop: 1652 kfree_skb(skb); 1653 return 0; 1654 } 1655 1656 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1657 { 1658 struct rfcomm_hdr *hdr = (void *) skb->data; 1659 u8 type, dlci, fcs; 1660 1661 dlci = __get_dlci(hdr->addr); 1662 type = __get_type(hdr->ctrl); 1663 1664 /* Trim FCS */ 1665 skb->len--; skb->tail--; 1666 fcs = *(u8 *)skb_tail_pointer(skb); 1667 1668 if (__check_fcs(skb->data, type, fcs)) { 1669 BT_ERR("bad checksum in packet"); 1670 kfree_skb(skb); 1671 return -EILSEQ; 1672 } 1673 1674 if (__test_ea(hdr->len)) 1675 skb_pull(skb, 3); 1676 else 1677 skb_pull(skb, 4); 1678 1679 switch (type) { 1680 case RFCOMM_SABM: 1681 if (__test_pf(hdr->ctrl)) 1682 rfcomm_recv_sabm(s, dlci); 1683 break; 1684 1685 case RFCOMM_DISC: 1686 if (__test_pf(hdr->ctrl)) 1687 rfcomm_recv_disc(s, dlci); 1688 break; 1689 1690 case RFCOMM_UA: 1691 if (__test_pf(hdr->ctrl)) 1692 rfcomm_recv_ua(s, dlci); 1693 break; 1694 1695 case RFCOMM_DM: 1696 rfcomm_recv_dm(s, dlci); 1697 break; 1698 1699 case RFCOMM_UIH: 1700 if (dlci) 1701 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1702 1703 rfcomm_recv_mcc(s, skb); 1704 break; 1705 1706 default: 1707 BT_ERR("Unknown packet type 0x%02x", type); 1708 break; 1709 } 1710 kfree_skb(skb); 1711 return 0; 1712 } 1713 1714 /* ---- Connection and data processing ---- */ 1715 1716 static void rfcomm_process_connect(struct rfcomm_session *s) 1717 { 1718 struct rfcomm_dlc *d; 1719 struct list_head *p, *n; 1720 1721 BT_DBG("session %p state %ld", s, s->state); 1722 1723 list_for_each_safe(p, n, &s->dlcs) { 1724 d = list_entry(p, struct rfcomm_dlc, list); 1725 if (d->state == BT_CONFIG) { 1726 d->mtu = s->mtu; 1727 if (rfcomm_check_security(d)) { 1728 rfcomm_send_pn(s, 1, d); 1729 } else { 1730 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1731 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1732 } 1733 } 1734 } 1735 } 1736 1737 /* Send data queued for the DLC. 1738 * Return number of frames left in the queue. 1739 */ 1740 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1741 { 1742 struct sk_buff *skb; 1743 int err; 1744 1745 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1746 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1747 1748 /* Send pending MSC */ 1749 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1750 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1751 1752 if (d->cfc) { 1753 /* CFC enabled. 1754 * Give them some credits */ 1755 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1756 d->rx_credits <= (d->cfc >> 2)) { 1757 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1758 d->rx_credits = d->cfc; 1759 } 1760 } else { 1761 /* CFC disabled. 1762 * Give ourselves some credits */ 1763 d->tx_credits = 5; 1764 } 1765 1766 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1767 return skb_queue_len(&d->tx_queue); 1768 1769 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1770 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1771 if (err < 0) { 1772 skb_queue_head(&d->tx_queue, skb); 1773 break; 1774 } 1775 kfree_skb(skb); 1776 d->tx_credits--; 1777 } 1778 1779 if (d->cfc && !d->tx_credits) { 1780 /* We're out of TX credits. 1781 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1782 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1783 } 1784 1785 return skb_queue_len(&d->tx_queue); 1786 } 1787 1788 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1789 { 1790 struct rfcomm_dlc *d; 1791 struct list_head *p, *n; 1792 1793 BT_DBG("session %p state %ld", s, s->state); 1794 1795 list_for_each_safe(p, n, &s->dlcs) { 1796 d = list_entry(p, struct rfcomm_dlc, list); 1797 1798 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1799 __rfcomm_dlc_close(d, ETIMEDOUT); 1800 continue; 1801 } 1802 1803 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1804 rfcomm_dlc_clear_timer(d); 1805 if (d->out) { 1806 rfcomm_send_pn(s, 1, d); 1807 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1808 } else { 1809 if (d->defer_setup) { 1810 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1811 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1812 1813 rfcomm_dlc_lock(d); 1814 d->state = BT_CONNECT2; 1815 d->state_change(d, 0); 1816 rfcomm_dlc_unlock(d); 1817 } else 1818 rfcomm_dlc_accept(d); 1819 } 1820 continue; 1821 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1822 rfcomm_dlc_clear_timer(d); 1823 if (!d->out) 1824 rfcomm_send_dm(s, d->dlci); 1825 else 1826 d->state = BT_CLOSED; 1827 __rfcomm_dlc_close(d, ECONNREFUSED); 1828 continue; 1829 } 1830 1831 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1832 continue; 1833 1834 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1835 continue; 1836 1837 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1838 d->mscex == RFCOMM_MSCEX_OK) 1839 rfcomm_process_tx(d); 1840 } 1841 } 1842 1843 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1844 { 1845 struct socket *sock = s->sock; 1846 struct sock *sk = sock->sk; 1847 struct sk_buff *skb; 1848 1849 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1850 1851 /* Get data directly from socket receive queue without copying it. */ 1852 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1853 skb_orphan(skb); 1854 rfcomm_recv_frame(s, skb); 1855 } 1856 1857 if (sk->sk_state == BT_CLOSED) { 1858 if (!s->initiator) 1859 rfcomm_session_put(s); 1860 1861 rfcomm_session_close(s, sk->sk_err); 1862 } 1863 } 1864 1865 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1866 { 1867 struct socket *sock = s->sock, *nsock; 1868 int err; 1869 1870 /* Fast check for a new connection. 1871 * Avoids unnesesary socket allocations. */ 1872 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1873 return; 1874 1875 BT_DBG("session %p", s); 1876 1877 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1878 if (err < 0) 1879 return; 1880 1881 /* Set our callbacks */ 1882 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1883 nsock->sk->sk_state_change = rfcomm_l2state_change; 1884 1885 s = rfcomm_session_add(nsock, BT_OPEN); 1886 if (s) { 1887 rfcomm_session_hold(s); 1888 1889 /* We should adjust MTU on incoming sessions. 1890 * L2CAP MTU minus UIH header and FCS. */ 1891 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1892 1893 rfcomm_schedule(); 1894 } else 1895 sock_release(nsock); 1896 } 1897 1898 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1899 { 1900 struct sock *sk = s->sock->sk; 1901 1902 BT_DBG("%p state %ld", s, s->state); 1903 1904 switch(sk->sk_state) { 1905 case BT_CONNECTED: 1906 s->state = BT_CONNECT; 1907 1908 /* We can adjust MTU on outgoing sessions. 1909 * L2CAP MTU minus UIH header and FCS. */ 1910 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1911 1912 rfcomm_send_sabm(s, 0); 1913 break; 1914 1915 case BT_CLOSED: 1916 s->state = BT_CLOSED; 1917 rfcomm_session_close(s, sk->sk_err); 1918 break; 1919 } 1920 } 1921 1922 static inline void rfcomm_process_sessions(void) 1923 { 1924 struct list_head *p, *n; 1925 1926 rfcomm_lock(); 1927 1928 list_for_each_safe(p, n, &session_list) { 1929 struct rfcomm_session *s; 1930 s = list_entry(p, struct rfcomm_session, list); 1931 1932 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1933 s->state = BT_DISCONN; 1934 rfcomm_send_disc(s, 0); 1935 rfcomm_session_put(s); 1936 continue; 1937 } 1938 1939 if (s->state == BT_LISTEN) { 1940 rfcomm_accept_connection(s); 1941 continue; 1942 } 1943 1944 rfcomm_session_hold(s); 1945 1946 switch (s->state) { 1947 case BT_BOUND: 1948 rfcomm_check_connection(s); 1949 break; 1950 1951 default: 1952 rfcomm_process_rx(s); 1953 break; 1954 } 1955 1956 rfcomm_process_dlcs(s); 1957 1958 rfcomm_session_put(s); 1959 } 1960 1961 rfcomm_unlock(); 1962 } 1963 1964 static int rfcomm_add_listener(bdaddr_t *ba) 1965 { 1966 struct sockaddr_l2 addr; 1967 struct socket *sock; 1968 struct sock *sk; 1969 struct rfcomm_session *s; 1970 int err = 0; 1971 1972 /* Create socket */ 1973 err = rfcomm_l2sock_create(&sock); 1974 if (err < 0) { 1975 BT_ERR("Create socket failed %d", err); 1976 return err; 1977 } 1978 1979 /* Bind socket */ 1980 bacpy(&addr.l2_bdaddr, ba); 1981 addr.l2_family = AF_BLUETOOTH; 1982 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1983 addr.l2_cid = 0; 1984 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1985 if (err < 0) { 1986 BT_ERR("Bind failed %d", err); 1987 goto failed; 1988 } 1989 1990 /* Set L2CAP options */ 1991 sk = sock->sk; 1992 lock_sock(sk); 1993 l2cap_pi(sk)->imtu = l2cap_mtu; 1994 release_sock(sk); 1995 1996 /* Start listening on the socket */ 1997 err = kernel_listen(sock, 10); 1998 if (err) { 1999 BT_ERR("Listen failed %d", err); 2000 goto failed; 2001 } 2002 2003 /* Add listening session */ 2004 s = rfcomm_session_add(sock, BT_LISTEN); 2005 if (!s) 2006 goto failed; 2007 2008 rfcomm_session_hold(s); 2009 return 0; 2010 failed: 2011 sock_release(sock); 2012 return err; 2013 } 2014 2015 static void rfcomm_kill_listener(void) 2016 { 2017 struct rfcomm_session *s; 2018 struct list_head *p, *n; 2019 2020 BT_DBG(""); 2021 2022 list_for_each_safe(p, n, &session_list) { 2023 s = list_entry(p, struct rfcomm_session, list); 2024 rfcomm_session_del(s); 2025 } 2026 } 2027 2028 static int rfcomm_run(void *unused) 2029 { 2030 BT_DBG(""); 2031 2032 set_user_nice(current, -10); 2033 2034 rfcomm_add_listener(BDADDR_ANY); 2035 2036 while (!kthread_should_stop()) { 2037 set_current_state(TASK_INTERRUPTIBLE); 2038 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2039 /* No pending events. Let's sleep. 2040 * Incoming connections and data will wake us up. */ 2041 schedule(); 2042 } 2043 set_current_state(TASK_RUNNING); 2044 2045 /* Process stuff */ 2046 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2047 rfcomm_process_sessions(); 2048 } 2049 2050 rfcomm_kill_listener(); 2051 2052 return 0; 2053 } 2054 2055 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2056 { 2057 struct rfcomm_session *s; 2058 struct rfcomm_dlc *d; 2059 struct list_head *p, *n; 2060 2061 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2062 2063 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2064 if (!s) 2065 return; 2066 2067 rfcomm_session_hold(s); 2068 2069 list_for_each_safe(p, n, &s->dlcs) { 2070 d = list_entry(p, struct rfcomm_dlc, list); 2071 2072 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2073 rfcomm_dlc_clear_timer(d); 2074 if (status || encrypt == 0x00) { 2075 __rfcomm_dlc_close(d, ECONNREFUSED); 2076 continue; 2077 } 2078 } 2079 2080 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2081 if (d->sec_level == BT_SECURITY_MEDIUM) { 2082 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2083 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2084 continue; 2085 } else if (d->sec_level == BT_SECURITY_HIGH) { 2086 __rfcomm_dlc_close(d, ECONNREFUSED); 2087 continue; 2088 } 2089 } 2090 2091 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2092 continue; 2093 2094 if (!status) 2095 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2096 else 2097 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2098 } 2099 2100 rfcomm_session_put(s); 2101 2102 rfcomm_schedule(); 2103 } 2104 2105 static struct hci_cb rfcomm_cb = { 2106 .name = "RFCOMM", 2107 .security_cfm = rfcomm_security_cfm 2108 }; 2109 2110 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2111 { 2112 struct rfcomm_session *s; 2113 struct list_head *pp, *p; 2114 2115 rfcomm_lock(); 2116 2117 list_for_each(p, &session_list) { 2118 s = list_entry(p, struct rfcomm_session, list); 2119 list_for_each(pp, &s->dlcs) { 2120 struct sock *sk = s->sock->sk; 2121 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2122 2123 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2124 batostr(&bt_sk(sk)->src), 2125 batostr(&bt_sk(sk)->dst), 2126 d->state, d->dlci, d->mtu, 2127 d->rx_credits, d->tx_credits); 2128 } 2129 } 2130 2131 rfcomm_unlock(); 2132 2133 return 0; 2134 } 2135 2136 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2137 { 2138 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2139 } 2140 2141 static const struct file_operations rfcomm_dlc_debugfs_fops = { 2142 .open = rfcomm_dlc_debugfs_open, 2143 .read = seq_read, 2144 .llseek = seq_lseek, 2145 .release = single_release, 2146 }; 2147 2148 static struct dentry *rfcomm_dlc_debugfs; 2149 2150 /* ---- Initialization ---- */ 2151 static int __init rfcomm_init(void) 2152 { 2153 int err; 2154 2155 l2cap_load(); 2156 2157 hci_register_cb(&rfcomm_cb); 2158 2159 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2160 if (IS_ERR(rfcomm_thread)) { 2161 err = PTR_ERR(rfcomm_thread); 2162 goto unregister; 2163 } 2164 2165 if (bt_debugfs) { 2166 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2167 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2168 if (!rfcomm_dlc_debugfs) 2169 BT_ERR("Failed to create RFCOMM debug file"); 2170 } 2171 2172 err = rfcomm_init_ttys(); 2173 if (err < 0) 2174 goto stop; 2175 2176 err = rfcomm_init_sockets(); 2177 if (err < 0) 2178 goto cleanup; 2179 2180 BT_INFO("RFCOMM ver %s", VERSION); 2181 2182 return 0; 2183 2184 cleanup: 2185 rfcomm_cleanup_ttys(); 2186 2187 stop: 2188 kthread_stop(rfcomm_thread); 2189 2190 unregister: 2191 hci_unregister_cb(&rfcomm_cb); 2192 2193 return err; 2194 } 2195 2196 static void __exit rfcomm_exit(void) 2197 { 2198 debugfs_remove(rfcomm_dlc_debugfs); 2199 2200 hci_unregister_cb(&rfcomm_cb); 2201 2202 kthread_stop(rfcomm_thread); 2203 2204 rfcomm_cleanup_ttys(); 2205 2206 rfcomm_cleanup_sockets(); 2207 } 2208 2209 module_init(rfcomm_init); 2210 module_exit(rfcomm_exit); 2211 2212 module_param(disable_cfc, bool, 0644); 2213 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2214 2215 module_param(channel_mtu, int, 0644); 2216 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2217 2218 module_param(l2cap_mtu, uint, 0644); 2219 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2220 2221 module_param(l2cap_ertm, bool, 0644); 2222 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2223 2224 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2225 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2226 MODULE_VERSION(VERSION); 2227 MODULE_LICENSE("GPL"); 2228 MODULE_ALIAS("bt-proto-3"); 2229