1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/debugfs.h> 37 #include <linux/seq_file.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <linux/slab.h> 42 43 #include <net/sock.h> 44 #include <asm/uaccess.h> 45 #include <asm/unaligned.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 #include <net/bluetooth/rfcomm.h> 51 52 #define VERSION "1.11" 53 54 static int disable_cfc = 0; 55 static int channel_mtu = -1; 56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 57 static int l2cap_ertm = 0; 58 59 static struct task_struct *rfcomm_thread; 60 61 static DEFINE_MUTEX(rfcomm_mutex); 62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 64 65 static unsigned long rfcomm_event; 66 67 static LIST_HEAD(session_list); 68 69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80 static void rfcomm_process_connect(struct rfcomm_session *s); 81 82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 84 static void rfcomm_session_del(struct rfcomm_session *s); 85 86 /* ---- RFCOMM frame parsing macros ---- */ 87 #define __get_dlci(b) ((b & 0xfc) >> 2) 88 #define __get_channel(b) ((b & 0xf8) >> 3) 89 #define __get_dir(b) ((b & 0x04) >> 2) 90 #define __get_type(b) ((b & 0xef)) 91 92 #define __test_ea(b) ((b & 0x01)) 93 #define __test_cr(b) ((b & 0x02)) 94 #define __test_pf(b) ((b & 0x10)) 95 96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 99 #define __srv_channel(dlci) (dlci >> 1) 100 #define __dir(dlci) (dlci & 0x01) 101 102 #define __len8(len) (((len) << 1) | 1) 103 #define __len16(len) ((len) << 1) 104 105 /* MCC macros */ 106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 107 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 108 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 109 110 /* RPN macros */ 111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 112 #define __get_rpn_data_bits(line) ((line) & 0x3) 113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 115 116 static inline void rfcomm_schedule(uint event) 117 { 118 if (!rfcomm_thread) 119 return; 120 //set_bit(event, &rfcomm_event); 121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 122 wake_up_process(rfcomm_thread); 123 } 124 125 static inline void rfcomm_session_put(struct rfcomm_session *s) 126 { 127 if (atomic_dec_and_test(&s->refcnt)) 128 rfcomm_session_del(s); 129 } 130 131 /* ---- RFCOMM FCS computation ---- */ 132 133 /* reversed, 8-bit, poly=0x07 */ 134 static unsigned char rfcomm_crc_table[256] = { 135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 139 140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 144 145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 149 150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 154 155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 159 160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 164 165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 169 170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 174 }; 175 176 /* CRC on 2 bytes */ 177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 178 179 /* FCS on 2 bytes */ 180 static inline u8 __fcs(u8 *data) 181 { 182 return (0xff - __crc(data)); 183 } 184 185 /* FCS on 3 bytes */ 186 static inline u8 __fcs2(u8 *data) 187 { 188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 189 } 190 191 /* Check FCS */ 192 static inline int __check_fcs(u8 *data, int type, u8 fcs) 193 { 194 u8 f = __crc(data); 195 196 if (type != RFCOMM_UIH) 197 f = rfcomm_crc_table[f ^ data[2]]; 198 199 return rfcomm_crc_table[f ^ fcs] != 0xcf; 200 } 201 202 /* ---- L2CAP callbacks ---- */ 203 static void rfcomm_l2state_change(struct sock *sk) 204 { 205 BT_DBG("%p state %d", sk, sk->sk_state); 206 rfcomm_schedule(RFCOMM_SCHED_STATE); 207 } 208 209 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 210 { 211 BT_DBG("%p bytes %d", sk, bytes); 212 rfcomm_schedule(RFCOMM_SCHED_RX); 213 } 214 215 static int rfcomm_l2sock_create(struct socket **sock) 216 { 217 int err; 218 219 BT_DBG(""); 220 221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 222 if (!err) { 223 struct sock *sk = (*sock)->sk; 224 sk->sk_data_ready = rfcomm_l2data_ready; 225 sk->sk_state_change = rfcomm_l2state_change; 226 } 227 return err; 228 } 229 230 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 231 { 232 struct sock *sk = d->session->sock->sk; 233 __u8 auth_type; 234 235 switch (d->sec_level) { 236 case BT_SECURITY_HIGH: 237 auth_type = HCI_AT_GENERAL_BONDING_MITM; 238 break; 239 case BT_SECURITY_MEDIUM: 240 auth_type = HCI_AT_GENERAL_BONDING; 241 break; 242 default: 243 auth_type = HCI_AT_NO_BONDING; 244 break; 245 } 246 247 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 248 auth_type); 249 } 250 251 static void rfcomm_session_timeout(unsigned long arg) 252 { 253 struct rfcomm_session *s = (void *) arg; 254 255 BT_DBG("session %p state %ld", s, s->state); 256 257 set_bit(RFCOMM_TIMED_OUT, &s->flags); 258 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 259 } 260 261 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 262 { 263 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout); 264 265 if (!mod_timer(&s->timer, jiffies + timeout)) 266 rfcomm_session_hold(s); 267 } 268 269 static void rfcomm_session_clear_timer(struct rfcomm_session *s) 270 { 271 BT_DBG("session %p state %ld", s, s->state); 272 273 if (timer_pending(&s->timer) && del_timer(&s->timer)) 274 rfcomm_session_put(s); 275 } 276 277 /* ---- RFCOMM DLCs ---- */ 278 static void rfcomm_dlc_timeout(unsigned long arg) 279 { 280 struct rfcomm_dlc *d = (void *) arg; 281 282 BT_DBG("dlc %p state %ld", d, d->state); 283 284 set_bit(RFCOMM_TIMED_OUT, &d->flags); 285 rfcomm_dlc_put(d); 286 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 287 } 288 289 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 290 { 291 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 292 293 if (!mod_timer(&d->timer, jiffies + timeout)) 294 rfcomm_dlc_hold(d); 295 } 296 297 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 298 { 299 BT_DBG("dlc %p state %ld", d, d->state); 300 301 if (timer_pending(&d->timer) && del_timer(&d->timer)) 302 rfcomm_dlc_put(d); 303 } 304 305 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 306 { 307 BT_DBG("%p", d); 308 309 d->state = BT_OPEN; 310 d->flags = 0; 311 d->mscex = 0; 312 d->mtu = RFCOMM_DEFAULT_MTU; 313 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 314 315 d->cfc = RFCOMM_CFC_DISABLED; 316 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 317 } 318 319 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 320 { 321 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 322 323 if (!d) 324 return NULL; 325 326 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 327 328 skb_queue_head_init(&d->tx_queue); 329 spin_lock_init(&d->lock); 330 atomic_set(&d->refcnt, 1); 331 332 rfcomm_dlc_clear_state(d); 333 334 BT_DBG("%p", d); 335 336 return d; 337 } 338 339 void rfcomm_dlc_free(struct rfcomm_dlc *d) 340 { 341 BT_DBG("%p", d); 342 343 skb_queue_purge(&d->tx_queue); 344 kfree(d); 345 } 346 347 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 348 { 349 BT_DBG("dlc %p session %p", d, s); 350 351 rfcomm_session_hold(s); 352 353 rfcomm_session_clear_timer(s); 354 rfcomm_dlc_hold(d); 355 list_add(&d->list, &s->dlcs); 356 d->session = s; 357 } 358 359 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 360 { 361 struct rfcomm_session *s = d->session; 362 363 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 364 365 list_del(&d->list); 366 d->session = NULL; 367 rfcomm_dlc_put(d); 368 369 if (list_empty(&s->dlcs)) 370 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT); 371 372 rfcomm_session_put(s); 373 } 374 375 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 376 { 377 struct rfcomm_dlc *d; 378 struct list_head *p; 379 380 list_for_each(p, &s->dlcs) { 381 d = list_entry(p, struct rfcomm_dlc, list); 382 if (d->dlci == dlci) 383 return d; 384 } 385 return NULL; 386 } 387 388 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 389 { 390 struct rfcomm_session *s; 391 int err = 0; 392 u8 dlci; 393 394 BT_DBG("dlc %p state %ld %s %s channel %d", 395 d, d->state, batostr(src), batostr(dst), channel); 396 397 if (channel < 1 || channel > 30) 398 return -EINVAL; 399 400 if (d->state != BT_OPEN && d->state != BT_CLOSED) 401 return 0; 402 403 s = rfcomm_session_get(src, dst); 404 if (!s) { 405 s = rfcomm_session_create(src, dst, &err); 406 if (!s) 407 return err; 408 } 409 410 dlci = __dlci(!s->initiator, channel); 411 412 /* Check if DLCI already exists */ 413 if (rfcomm_dlc_get(s, dlci)) 414 return -EBUSY; 415 416 rfcomm_dlc_clear_state(d); 417 418 d->dlci = dlci; 419 d->addr = __addr(s->initiator, dlci); 420 d->priority = 7; 421 422 d->state = BT_CONFIG; 423 rfcomm_dlc_link(s, d); 424 425 d->out = 1; 426 427 d->mtu = s->mtu; 428 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 429 430 if (s->state == BT_CONNECTED) { 431 if (rfcomm_check_security(d)) 432 rfcomm_send_pn(s, 1, d); 433 else 434 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 435 } 436 437 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 438 439 return 0; 440 } 441 442 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 443 { 444 int r; 445 446 rfcomm_lock(); 447 448 r = __rfcomm_dlc_open(d, src, dst, channel); 449 450 rfcomm_unlock(); 451 return r; 452 } 453 454 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 455 { 456 struct rfcomm_session *s = d->session; 457 if (!s) 458 return 0; 459 460 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 461 d, d->state, d->dlci, err, s); 462 463 switch (d->state) { 464 case BT_CONNECT: 465 case BT_CONFIG: 466 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 467 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 468 rfcomm_schedule(RFCOMM_SCHED_AUTH); 469 break; 470 } 471 /* Fall through */ 472 473 case BT_CONNECTED: 474 d->state = BT_DISCONN; 475 if (skb_queue_empty(&d->tx_queue)) { 476 rfcomm_send_disc(s, d->dlci); 477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 478 } else { 479 rfcomm_queue_disc(d); 480 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 481 } 482 break; 483 484 case BT_OPEN: 485 case BT_CONNECT2: 486 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 487 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 488 rfcomm_schedule(RFCOMM_SCHED_AUTH); 489 break; 490 } 491 /* Fall through */ 492 493 default: 494 rfcomm_dlc_clear_timer(d); 495 496 rfcomm_dlc_lock(d); 497 d->state = BT_CLOSED; 498 d->state_change(d, err); 499 rfcomm_dlc_unlock(d); 500 501 skb_queue_purge(&d->tx_queue); 502 rfcomm_dlc_unlink(d); 503 } 504 505 return 0; 506 } 507 508 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 509 { 510 int r; 511 512 rfcomm_lock(); 513 514 r = __rfcomm_dlc_close(d, err); 515 516 rfcomm_unlock(); 517 return r; 518 } 519 520 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 521 { 522 int len = skb->len; 523 524 if (d->state != BT_CONNECTED) 525 return -ENOTCONN; 526 527 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 528 529 if (len > d->mtu) 530 return -EINVAL; 531 532 rfcomm_make_uih(skb, d->addr); 533 skb_queue_tail(&d->tx_queue, skb); 534 535 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 536 rfcomm_schedule(RFCOMM_SCHED_TX); 537 return len; 538 } 539 540 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 541 { 542 BT_DBG("dlc %p state %ld", d, d->state); 543 544 if (!d->cfc) { 545 d->v24_sig |= RFCOMM_V24_FC; 546 set_bit(RFCOMM_MSC_PENDING, &d->flags); 547 } 548 rfcomm_schedule(RFCOMM_SCHED_TX); 549 } 550 551 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 552 { 553 BT_DBG("dlc %p state %ld", d, d->state); 554 555 if (!d->cfc) { 556 d->v24_sig &= ~RFCOMM_V24_FC; 557 set_bit(RFCOMM_MSC_PENDING, &d->flags); 558 } 559 rfcomm_schedule(RFCOMM_SCHED_TX); 560 } 561 562 /* 563 Set/get modem status functions use _local_ status i.e. what we report 564 to the other side. 565 Remote status is provided by dlc->modem_status() callback. 566 */ 567 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 568 { 569 BT_DBG("dlc %p state %ld v24_sig 0x%x", 570 d, d->state, v24_sig); 571 572 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 573 v24_sig |= RFCOMM_V24_FC; 574 else 575 v24_sig &= ~RFCOMM_V24_FC; 576 577 d->v24_sig = v24_sig; 578 579 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 580 rfcomm_schedule(RFCOMM_SCHED_TX); 581 582 return 0; 583 } 584 585 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 586 { 587 BT_DBG("dlc %p state %ld v24_sig 0x%x", 588 d, d->state, d->v24_sig); 589 590 *v24_sig = d->v24_sig; 591 return 0; 592 } 593 594 /* ---- RFCOMM sessions ---- */ 595 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 596 { 597 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 598 599 if (!s) 600 return NULL; 601 602 BT_DBG("session %p sock %p", s, sock); 603 604 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s); 605 606 INIT_LIST_HEAD(&s->dlcs); 607 s->state = state; 608 s->sock = sock; 609 610 s->mtu = RFCOMM_DEFAULT_MTU; 611 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 612 613 /* Do not increment module usage count for listening sessions. 614 * Otherwise we won't be able to unload the module. */ 615 if (state != BT_LISTEN) 616 if (!try_module_get(THIS_MODULE)) { 617 kfree(s); 618 return NULL; 619 } 620 621 list_add(&s->list, &session_list); 622 623 return s; 624 } 625 626 static void rfcomm_session_del(struct rfcomm_session *s) 627 { 628 int state = s->state; 629 630 BT_DBG("session %p state %ld", s, s->state); 631 632 list_del(&s->list); 633 634 if (state == BT_CONNECTED) 635 rfcomm_send_disc(s, 0); 636 637 rfcomm_session_clear_timer(s); 638 sock_release(s->sock); 639 kfree(s); 640 641 if (state != BT_LISTEN) 642 module_put(THIS_MODULE); 643 } 644 645 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 646 { 647 struct rfcomm_session *s; 648 struct list_head *p, *n; 649 struct bt_sock *sk; 650 list_for_each_safe(p, n, &session_list) { 651 s = list_entry(p, struct rfcomm_session, list); 652 sk = bt_sk(s->sock->sk); 653 654 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 655 !bacmp(&sk->dst, dst)) 656 return s; 657 } 658 return NULL; 659 } 660 661 static void rfcomm_session_close(struct rfcomm_session *s, int err) 662 { 663 struct rfcomm_dlc *d; 664 struct list_head *p, *n; 665 666 BT_DBG("session %p state %ld err %d", s, s->state, err); 667 668 rfcomm_session_hold(s); 669 670 s->state = BT_CLOSED; 671 672 /* Close all dlcs */ 673 list_for_each_safe(p, n, &s->dlcs) { 674 d = list_entry(p, struct rfcomm_dlc, list); 675 d->state = BT_CLOSED; 676 __rfcomm_dlc_close(d, err); 677 } 678 679 rfcomm_session_clear_timer(s); 680 rfcomm_session_put(s); 681 } 682 683 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 684 { 685 struct rfcomm_session *s = NULL; 686 struct sockaddr_l2 addr; 687 struct socket *sock; 688 struct sock *sk; 689 690 BT_DBG("%s %s", batostr(src), batostr(dst)); 691 692 *err = rfcomm_l2sock_create(&sock); 693 if (*err < 0) 694 return NULL; 695 696 bacpy(&addr.l2_bdaddr, src); 697 addr.l2_family = AF_BLUETOOTH; 698 addr.l2_psm = 0; 699 addr.l2_cid = 0; 700 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 701 if (*err < 0) 702 goto failed; 703 704 /* Set L2CAP options */ 705 sk = sock->sk; 706 lock_sock(sk); 707 l2cap_pi(sk)->imtu = l2cap_mtu; 708 if (l2cap_ertm) 709 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 710 release_sock(sk); 711 712 s = rfcomm_session_add(sock, BT_BOUND); 713 if (!s) { 714 *err = -ENOMEM; 715 goto failed; 716 } 717 718 s->initiator = 1; 719 720 bacpy(&addr.l2_bdaddr, dst); 721 addr.l2_family = AF_BLUETOOTH; 722 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 723 addr.l2_cid = 0; 724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 725 if (*err == 0 || *err == -EINPROGRESS) 726 return s; 727 728 rfcomm_session_del(s); 729 return NULL; 730 731 failed: 732 sock_release(sock); 733 return NULL; 734 } 735 736 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 737 { 738 struct sock *sk = s->sock->sk; 739 if (src) 740 bacpy(src, &bt_sk(sk)->src); 741 if (dst) 742 bacpy(dst, &bt_sk(sk)->dst); 743 } 744 745 /* ---- RFCOMM frame sending ---- */ 746 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 747 { 748 struct socket *sock = s->sock; 749 struct kvec iv = { data, len }; 750 struct msghdr msg; 751 752 BT_DBG("session %p len %d", s, len); 753 754 memset(&msg, 0, sizeof(msg)); 755 756 return kernel_sendmsg(sock, &msg, &iv, 1, len); 757 } 758 759 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 760 { 761 struct rfcomm_cmd cmd; 762 763 BT_DBG("%p dlci %d", s, dlci); 764 765 cmd.addr = __addr(s->initiator, dlci); 766 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 767 cmd.len = __len8(0); 768 cmd.fcs = __fcs2((u8 *) &cmd); 769 770 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 771 } 772 773 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 774 { 775 struct rfcomm_cmd cmd; 776 777 BT_DBG("%p dlci %d", s, dlci); 778 779 cmd.addr = __addr(!s->initiator, dlci); 780 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 781 cmd.len = __len8(0); 782 cmd.fcs = __fcs2((u8 *) &cmd); 783 784 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 785 } 786 787 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 788 { 789 struct rfcomm_cmd cmd; 790 791 BT_DBG("%p dlci %d", s, dlci); 792 793 cmd.addr = __addr(s->initiator, dlci); 794 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 795 cmd.len = __len8(0); 796 cmd.fcs = __fcs2((u8 *) &cmd); 797 798 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 799 } 800 801 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 802 { 803 struct rfcomm_cmd *cmd; 804 struct sk_buff *skb; 805 806 BT_DBG("dlc %p dlci %d", d, d->dlci); 807 808 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 809 if (!skb) 810 return -ENOMEM; 811 812 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 813 cmd->addr = d->addr; 814 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 815 cmd->len = __len8(0); 816 cmd->fcs = __fcs2((u8 *) cmd); 817 818 skb_queue_tail(&d->tx_queue, skb); 819 rfcomm_schedule(RFCOMM_SCHED_TX); 820 return 0; 821 } 822 823 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 824 { 825 struct rfcomm_cmd cmd; 826 827 BT_DBG("%p dlci %d", s, dlci); 828 829 cmd.addr = __addr(!s->initiator, dlci); 830 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 831 cmd.len = __len8(0); 832 cmd.fcs = __fcs2((u8 *) &cmd); 833 834 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 835 } 836 837 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 838 { 839 struct rfcomm_hdr *hdr; 840 struct rfcomm_mcc *mcc; 841 u8 buf[16], *ptr = buf; 842 843 BT_DBG("%p cr %d type %d", s, cr, type); 844 845 hdr = (void *) ptr; ptr += sizeof(*hdr); 846 hdr->addr = __addr(s->initiator, 0); 847 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 848 hdr->len = __len8(sizeof(*mcc) + 1); 849 850 mcc = (void *) ptr; ptr += sizeof(*mcc); 851 mcc->type = __mcc_type(cr, RFCOMM_NSC); 852 mcc->len = __len8(1); 853 854 /* Type that we didn't like */ 855 *ptr = __mcc_type(cr, type); ptr++; 856 857 *ptr = __fcs(buf); ptr++; 858 859 return rfcomm_send_frame(s, buf, ptr - buf); 860 } 861 862 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 863 { 864 struct rfcomm_hdr *hdr; 865 struct rfcomm_mcc *mcc; 866 struct rfcomm_pn *pn; 867 u8 buf[16], *ptr = buf; 868 869 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 870 871 hdr = (void *) ptr; ptr += sizeof(*hdr); 872 hdr->addr = __addr(s->initiator, 0); 873 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 874 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 875 876 mcc = (void *) ptr; ptr += sizeof(*mcc); 877 mcc->type = __mcc_type(cr, RFCOMM_PN); 878 mcc->len = __len8(sizeof(*pn)); 879 880 pn = (void *) ptr; ptr += sizeof(*pn); 881 pn->dlci = d->dlci; 882 pn->priority = d->priority; 883 pn->ack_timer = 0; 884 pn->max_retrans = 0; 885 886 if (s->cfc) { 887 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 888 pn->credits = RFCOMM_DEFAULT_CREDITS; 889 } else { 890 pn->flow_ctrl = 0; 891 pn->credits = 0; 892 } 893 894 if (cr && channel_mtu >= 0) 895 pn->mtu = cpu_to_le16(channel_mtu); 896 else 897 pn->mtu = cpu_to_le16(d->mtu); 898 899 *ptr = __fcs(buf); ptr++; 900 901 return rfcomm_send_frame(s, buf, ptr - buf); 902 } 903 904 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 905 u8 bit_rate, u8 data_bits, u8 stop_bits, 906 u8 parity, u8 flow_ctrl_settings, 907 u8 xon_char, u8 xoff_char, u16 param_mask) 908 { 909 struct rfcomm_hdr *hdr; 910 struct rfcomm_mcc *mcc; 911 struct rfcomm_rpn *rpn; 912 u8 buf[16], *ptr = buf; 913 914 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 915 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 916 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 917 flow_ctrl_settings, xon_char, xoff_char, param_mask); 918 919 hdr = (void *) ptr; ptr += sizeof(*hdr); 920 hdr->addr = __addr(s->initiator, 0); 921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 922 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 923 924 mcc = (void *) ptr; ptr += sizeof(*mcc); 925 mcc->type = __mcc_type(cr, RFCOMM_RPN); 926 mcc->len = __len8(sizeof(*rpn)); 927 928 rpn = (void *) ptr; ptr += sizeof(*rpn); 929 rpn->dlci = __addr(1, dlci); 930 rpn->bit_rate = bit_rate; 931 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 932 rpn->flow_ctrl = flow_ctrl_settings; 933 rpn->xon_char = xon_char; 934 rpn->xoff_char = xoff_char; 935 rpn->param_mask = cpu_to_le16(param_mask); 936 937 *ptr = __fcs(buf); ptr++; 938 939 return rfcomm_send_frame(s, buf, ptr - buf); 940 } 941 942 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 943 { 944 struct rfcomm_hdr *hdr; 945 struct rfcomm_mcc *mcc; 946 struct rfcomm_rls *rls; 947 u8 buf[16], *ptr = buf; 948 949 BT_DBG("%p cr %d status 0x%x", s, cr, status); 950 951 hdr = (void *) ptr; ptr += sizeof(*hdr); 952 hdr->addr = __addr(s->initiator, 0); 953 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 954 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 955 956 mcc = (void *) ptr; ptr += sizeof(*mcc); 957 mcc->type = __mcc_type(cr, RFCOMM_RLS); 958 mcc->len = __len8(sizeof(*rls)); 959 960 rls = (void *) ptr; ptr += sizeof(*rls); 961 rls->dlci = __addr(1, dlci); 962 rls->status = status; 963 964 *ptr = __fcs(buf); ptr++; 965 966 return rfcomm_send_frame(s, buf, ptr - buf); 967 } 968 969 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 970 { 971 struct rfcomm_hdr *hdr; 972 struct rfcomm_mcc *mcc; 973 struct rfcomm_msc *msc; 974 u8 buf[16], *ptr = buf; 975 976 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 977 978 hdr = (void *) ptr; ptr += sizeof(*hdr); 979 hdr->addr = __addr(s->initiator, 0); 980 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 981 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 982 983 mcc = (void *) ptr; ptr += sizeof(*mcc); 984 mcc->type = __mcc_type(cr, RFCOMM_MSC); 985 mcc->len = __len8(sizeof(*msc)); 986 987 msc = (void *) ptr; ptr += sizeof(*msc); 988 msc->dlci = __addr(1, dlci); 989 msc->v24_sig = v24_sig | 0x01; 990 991 *ptr = __fcs(buf); ptr++; 992 993 return rfcomm_send_frame(s, buf, ptr - buf); 994 } 995 996 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 997 { 998 struct rfcomm_hdr *hdr; 999 struct rfcomm_mcc *mcc; 1000 u8 buf[16], *ptr = buf; 1001 1002 BT_DBG("%p cr %d", s, cr); 1003 1004 hdr = (void *) ptr; ptr += sizeof(*hdr); 1005 hdr->addr = __addr(s->initiator, 0); 1006 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1007 hdr->len = __len8(sizeof(*mcc)); 1008 1009 mcc = (void *) ptr; ptr += sizeof(*mcc); 1010 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 1011 mcc->len = __len8(0); 1012 1013 *ptr = __fcs(buf); ptr++; 1014 1015 return rfcomm_send_frame(s, buf, ptr - buf); 1016 } 1017 1018 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 1019 { 1020 struct rfcomm_hdr *hdr; 1021 struct rfcomm_mcc *mcc; 1022 u8 buf[16], *ptr = buf; 1023 1024 BT_DBG("%p cr %d", s, cr); 1025 1026 hdr = (void *) ptr; ptr += sizeof(*hdr); 1027 hdr->addr = __addr(s->initiator, 0); 1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1029 hdr->len = __len8(sizeof(*mcc)); 1030 1031 mcc = (void *) ptr; ptr += sizeof(*mcc); 1032 mcc->type = __mcc_type(cr, RFCOMM_FCON); 1033 mcc->len = __len8(0); 1034 1035 *ptr = __fcs(buf); ptr++; 1036 1037 return rfcomm_send_frame(s, buf, ptr - buf); 1038 } 1039 1040 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1041 { 1042 struct socket *sock = s->sock; 1043 struct kvec iv[3]; 1044 struct msghdr msg; 1045 unsigned char hdr[5], crc[1]; 1046 1047 if (len > 125) 1048 return -EINVAL; 1049 1050 BT_DBG("%p cr %d", s, cr); 1051 1052 hdr[0] = __addr(s->initiator, 0); 1053 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1054 hdr[2] = 0x01 | ((len + 2) << 1); 1055 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1056 hdr[4] = 0x01 | (len << 1); 1057 1058 crc[0] = __fcs(hdr); 1059 1060 iv[0].iov_base = hdr; 1061 iv[0].iov_len = 5; 1062 iv[1].iov_base = pattern; 1063 iv[1].iov_len = len; 1064 iv[2].iov_base = crc; 1065 iv[2].iov_len = 1; 1066 1067 memset(&msg, 0, sizeof(msg)); 1068 1069 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1070 } 1071 1072 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1073 { 1074 struct rfcomm_hdr *hdr; 1075 u8 buf[16], *ptr = buf; 1076 1077 BT_DBG("%p addr %d credits %d", s, addr, credits); 1078 1079 hdr = (void *) ptr; ptr += sizeof(*hdr); 1080 hdr->addr = addr; 1081 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1082 hdr->len = __len8(0); 1083 1084 *ptr = credits; ptr++; 1085 1086 *ptr = __fcs(buf); ptr++; 1087 1088 return rfcomm_send_frame(s, buf, ptr - buf); 1089 } 1090 1091 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1092 { 1093 struct rfcomm_hdr *hdr; 1094 int len = skb->len; 1095 u8 *crc; 1096 1097 if (len > 127) { 1098 hdr = (void *) skb_push(skb, 4); 1099 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len); 1100 } else { 1101 hdr = (void *) skb_push(skb, 3); 1102 hdr->len = __len8(len); 1103 } 1104 hdr->addr = addr; 1105 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1106 1107 crc = skb_put(skb, 1); 1108 *crc = __fcs((void *) hdr); 1109 } 1110 1111 /* ---- RFCOMM frame reception ---- */ 1112 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1113 { 1114 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1115 1116 if (dlci) { 1117 /* Data channel */ 1118 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1119 if (!d) { 1120 rfcomm_send_dm(s, dlci); 1121 return 0; 1122 } 1123 1124 switch (d->state) { 1125 case BT_CONNECT: 1126 rfcomm_dlc_clear_timer(d); 1127 1128 rfcomm_dlc_lock(d); 1129 d->state = BT_CONNECTED; 1130 d->state_change(d, 0); 1131 rfcomm_dlc_unlock(d); 1132 1133 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1134 break; 1135 1136 case BT_DISCONN: 1137 d->state = BT_CLOSED; 1138 __rfcomm_dlc_close(d, 0); 1139 1140 if (list_empty(&s->dlcs)) { 1141 s->state = BT_DISCONN; 1142 rfcomm_send_disc(s, 0); 1143 } 1144 1145 break; 1146 } 1147 } else { 1148 /* Control channel */ 1149 switch (s->state) { 1150 case BT_CONNECT: 1151 s->state = BT_CONNECTED; 1152 rfcomm_process_connect(s); 1153 break; 1154 1155 case BT_DISCONN: 1156 /* When socket is closed and we are not RFCOMM 1157 * initiator rfcomm_process_rx already calls 1158 * rfcomm_session_put() */ 1159 if (s->sock->sk->sk_state != BT_CLOSED) 1160 rfcomm_session_put(s); 1161 break; 1162 } 1163 } 1164 return 0; 1165 } 1166 1167 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1168 { 1169 int err = 0; 1170 1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1172 1173 if (dlci) { 1174 /* Data DLC */ 1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1176 if (d) { 1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1178 err = ECONNREFUSED; 1179 else 1180 err = ECONNRESET; 1181 1182 d->state = BT_CLOSED; 1183 __rfcomm_dlc_close(d, err); 1184 } 1185 } else { 1186 if (s->state == BT_CONNECT) 1187 err = ECONNREFUSED; 1188 else 1189 err = ECONNRESET; 1190 1191 s->state = BT_CLOSED; 1192 rfcomm_session_close(s, err); 1193 } 1194 return 0; 1195 } 1196 1197 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1198 { 1199 int err = 0; 1200 1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1202 1203 if (dlci) { 1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1205 if (d) { 1206 rfcomm_send_ua(s, dlci); 1207 1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1209 err = ECONNREFUSED; 1210 else 1211 err = ECONNRESET; 1212 1213 d->state = BT_CLOSED; 1214 __rfcomm_dlc_close(d, err); 1215 } else 1216 rfcomm_send_dm(s, dlci); 1217 1218 } else { 1219 rfcomm_send_ua(s, 0); 1220 1221 if (s->state == BT_CONNECT) 1222 err = ECONNREFUSED; 1223 else 1224 err = ECONNRESET; 1225 1226 s->state = BT_CLOSED; 1227 rfcomm_session_close(s, err); 1228 } 1229 1230 return 0; 1231 } 1232 1233 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1234 { 1235 struct sock *sk = d->session->sock->sk; 1236 1237 BT_DBG("dlc %p", d); 1238 1239 rfcomm_send_ua(d->session, d->dlci); 1240 1241 rfcomm_dlc_clear_timer(d); 1242 1243 rfcomm_dlc_lock(d); 1244 d->state = BT_CONNECTED; 1245 d->state_change(d, 0); 1246 rfcomm_dlc_unlock(d); 1247 1248 if (d->role_switch) 1249 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1250 1251 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1252 } 1253 1254 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1255 { 1256 if (rfcomm_check_security(d)) { 1257 if (d->defer_setup) { 1258 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1259 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1260 1261 rfcomm_dlc_lock(d); 1262 d->state = BT_CONNECT2; 1263 d->state_change(d, 0); 1264 rfcomm_dlc_unlock(d); 1265 } else 1266 rfcomm_dlc_accept(d); 1267 } else { 1268 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1269 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1270 } 1271 } 1272 1273 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1274 { 1275 struct rfcomm_dlc *d; 1276 u8 channel; 1277 1278 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1279 1280 if (!dlci) { 1281 rfcomm_send_ua(s, 0); 1282 1283 if (s->state == BT_OPEN) { 1284 s->state = BT_CONNECTED; 1285 rfcomm_process_connect(s); 1286 } 1287 return 0; 1288 } 1289 1290 /* Check if DLC exists */ 1291 d = rfcomm_dlc_get(s, dlci); 1292 if (d) { 1293 if (d->state == BT_OPEN) { 1294 /* DLC was previously opened by PN request */ 1295 rfcomm_check_accept(d); 1296 } 1297 return 0; 1298 } 1299 1300 /* Notify socket layer about incoming connection */ 1301 channel = __srv_channel(dlci); 1302 if (rfcomm_connect_ind(s, channel, &d)) { 1303 d->dlci = dlci; 1304 d->addr = __addr(s->initiator, dlci); 1305 rfcomm_dlc_link(s, d); 1306 1307 rfcomm_check_accept(d); 1308 } else { 1309 rfcomm_send_dm(s, dlci); 1310 } 1311 1312 return 0; 1313 } 1314 1315 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1316 { 1317 struct rfcomm_session *s = d->session; 1318 1319 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1320 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1321 1322 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1323 pn->flow_ctrl == 0xe0) { 1324 d->cfc = RFCOMM_CFC_ENABLED; 1325 d->tx_credits = pn->credits; 1326 } else { 1327 d->cfc = RFCOMM_CFC_DISABLED; 1328 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1329 } 1330 1331 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1332 s->cfc = d->cfc; 1333 1334 d->priority = pn->priority; 1335 1336 d->mtu = __le16_to_cpu(pn->mtu); 1337 1338 if (cr && d->mtu > s->mtu) 1339 d->mtu = s->mtu; 1340 1341 return 0; 1342 } 1343 1344 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1345 { 1346 struct rfcomm_pn *pn = (void *) skb->data; 1347 struct rfcomm_dlc *d; 1348 u8 dlci = pn->dlci; 1349 1350 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1351 1352 if (!dlci) 1353 return 0; 1354 1355 d = rfcomm_dlc_get(s, dlci); 1356 if (d) { 1357 if (cr) { 1358 /* PN request */ 1359 rfcomm_apply_pn(d, cr, pn); 1360 rfcomm_send_pn(s, 0, d); 1361 } else { 1362 /* PN response */ 1363 switch (d->state) { 1364 case BT_CONFIG: 1365 rfcomm_apply_pn(d, cr, pn); 1366 1367 d->state = BT_CONNECT; 1368 rfcomm_send_sabm(s, d->dlci); 1369 break; 1370 } 1371 } 1372 } else { 1373 u8 channel = __srv_channel(dlci); 1374 1375 if (!cr) 1376 return 0; 1377 1378 /* PN request for non existing DLC. 1379 * Assume incoming connection. */ 1380 if (rfcomm_connect_ind(s, channel, &d)) { 1381 d->dlci = dlci; 1382 d->addr = __addr(s->initiator, dlci); 1383 rfcomm_dlc_link(s, d); 1384 1385 rfcomm_apply_pn(d, cr, pn); 1386 1387 d->state = BT_OPEN; 1388 rfcomm_send_pn(s, 0, d); 1389 } else { 1390 rfcomm_send_dm(s, dlci); 1391 } 1392 } 1393 return 0; 1394 } 1395 1396 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1397 { 1398 struct rfcomm_rpn *rpn = (void *) skb->data; 1399 u8 dlci = __get_dlci(rpn->dlci); 1400 1401 u8 bit_rate = 0; 1402 u8 data_bits = 0; 1403 u8 stop_bits = 0; 1404 u8 parity = 0; 1405 u8 flow_ctrl = 0; 1406 u8 xon_char = 0; 1407 u8 xoff_char = 0; 1408 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1409 1410 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1411 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1412 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1413 1414 if (!cr) 1415 return 0; 1416 1417 if (len == 1) { 1418 /* This is a request, return default settings */ 1419 bit_rate = RFCOMM_RPN_BR_115200; 1420 data_bits = RFCOMM_RPN_DATA_8; 1421 stop_bits = RFCOMM_RPN_STOP_1; 1422 parity = RFCOMM_RPN_PARITY_NONE; 1423 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1424 xon_char = RFCOMM_RPN_XON_CHAR; 1425 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1426 goto rpn_out; 1427 } 1428 1429 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1430 * no parity, no flow control lines, normal XON/XOFF chars */ 1431 1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1433 bit_rate = rpn->bit_rate; 1434 if (bit_rate != RFCOMM_RPN_BR_115200) { 1435 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1436 bit_rate = RFCOMM_RPN_BR_115200; 1437 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1438 } 1439 } 1440 1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1442 data_bits = __get_rpn_data_bits(rpn->line_settings); 1443 if (data_bits != RFCOMM_RPN_DATA_8) { 1444 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1445 data_bits = RFCOMM_RPN_DATA_8; 1446 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1447 } 1448 } 1449 1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1451 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1452 if (stop_bits != RFCOMM_RPN_STOP_1) { 1453 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1454 stop_bits = RFCOMM_RPN_STOP_1; 1455 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1456 } 1457 } 1458 1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1460 parity = __get_rpn_parity(rpn->line_settings); 1461 if (parity != RFCOMM_RPN_PARITY_NONE) { 1462 BT_DBG("RPN parity mismatch 0x%x", parity); 1463 parity = RFCOMM_RPN_PARITY_NONE; 1464 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1465 } 1466 } 1467 1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1469 flow_ctrl = rpn->flow_ctrl; 1470 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1471 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1472 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1473 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1474 } 1475 } 1476 1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1478 xon_char = rpn->xon_char; 1479 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1480 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1481 xon_char = RFCOMM_RPN_XON_CHAR; 1482 rpn_mask ^= RFCOMM_RPN_PM_XON; 1483 } 1484 } 1485 1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1487 xoff_char = rpn->xoff_char; 1488 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1489 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1490 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1491 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1492 } 1493 } 1494 1495 rpn_out: 1496 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1497 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1498 1499 return 0; 1500 } 1501 1502 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1503 { 1504 struct rfcomm_rls *rls = (void *) skb->data; 1505 u8 dlci = __get_dlci(rls->dlci); 1506 1507 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1508 1509 if (!cr) 1510 return 0; 1511 1512 /* We should probably do something with this information here. But 1513 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1514 * mandatory to recognise and respond to RLS */ 1515 1516 rfcomm_send_rls(s, 0, dlci, rls->status); 1517 1518 return 0; 1519 } 1520 1521 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1522 { 1523 struct rfcomm_msc *msc = (void *) skb->data; 1524 struct rfcomm_dlc *d; 1525 u8 dlci = __get_dlci(msc->dlci); 1526 1527 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1528 1529 d = rfcomm_dlc_get(s, dlci); 1530 if (!d) 1531 return 0; 1532 1533 if (cr) { 1534 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1535 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1536 else 1537 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1538 1539 rfcomm_dlc_lock(d); 1540 1541 d->remote_v24_sig = msc->v24_sig; 1542 1543 if (d->modem_status) 1544 d->modem_status(d, msc->v24_sig); 1545 1546 rfcomm_dlc_unlock(d); 1547 1548 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1549 1550 d->mscex |= RFCOMM_MSCEX_RX; 1551 } else 1552 d->mscex |= RFCOMM_MSCEX_TX; 1553 1554 return 0; 1555 } 1556 1557 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1558 { 1559 struct rfcomm_mcc *mcc = (void *) skb->data; 1560 u8 type, cr, len; 1561 1562 cr = __test_cr(mcc->type); 1563 type = __get_mcc_type(mcc->type); 1564 len = __get_mcc_len(mcc->len); 1565 1566 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1567 1568 skb_pull(skb, 2); 1569 1570 switch (type) { 1571 case RFCOMM_PN: 1572 rfcomm_recv_pn(s, cr, skb); 1573 break; 1574 1575 case RFCOMM_RPN: 1576 rfcomm_recv_rpn(s, cr, len, skb); 1577 break; 1578 1579 case RFCOMM_RLS: 1580 rfcomm_recv_rls(s, cr, skb); 1581 break; 1582 1583 case RFCOMM_MSC: 1584 rfcomm_recv_msc(s, cr, skb); 1585 break; 1586 1587 case RFCOMM_FCOFF: 1588 if (cr) { 1589 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1590 rfcomm_send_fcoff(s, 0); 1591 } 1592 break; 1593 1594 case RFCOMM_FCON: 1595 if (cr) { 1596 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1597 rfcomm_send_fcon(s, 0); 1598 } 1599 break; 1600 1601 case RFCOMM_TEST: 1602 if (cr) 1603 rfcomm_send_test(s, 0, skb->data, skb->len); 1604 break; 1605 1606 case RFCOMM_NSC: 1607 break; 1608 1609 default: 1610 BT_ERR("Unknown control type 0x%02x", type); 1611 rfcomm_send_nsc(s, cr, type); 1612 break; 1613 } 1614 return 0; 1615 } 1616 1617 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1618 { 1619 struct rfcomm_dlc *d; 1620 1621 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1622 1623 d = rfcomm_dlc_get(s, dlci); 1624 if (!d) { 1625 rfcomm_send_dm(s, dlci); 1626 goto drop; 1627 } 1628 1629 if (pf && d->cfc) { 1630 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1631 1632 d->tx_credits += credits; 1633 if (d->tx_credits) 1634 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1635 } 1636 1637 if (skb->len && d->state == BT_CONNECTED) { 1638 rfcomm_dlc_lock(d); 1639 d->rx_credits--; 1640 d->data_ready(d, skb); 1641 rfcomm_dlc_unlock(d); 1642 return 0; 1643 } 1644 1645 drop: 1646 kfree_skb(skb); 1647 return 0; 1648 } 1649 1650 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1651 { 1652 struct rfcomm_hdr *hdr = (void *) skb->data; 1653 u8 type, dlci, fcs; 1654 1655 dlci = __get_dlci(hdr->addr); 1656 type = __get_type(hdr->ctrl); 1657 1658 /* Trim FCS */ 1659 skb->len--; skb->tail--; 1660 fcs = *(u8 *)skb_tail_pointer(skb); 1661 1662 if (__check_fcs(skb->data, type, fcs)) { 1663 BT_ERR("bad checksum in packet"); 1664 kfree_skb(skb); 1665 return -EILSEQ; 1666 } 1667 1668 if (__test_ea(hdr->len)) 1669 skb_pull(skb, 3); 1670 else 1671 skb_pull(skb, 4); 1672 1673 switch (type) { 1674 case RFCOMM_SABM: 1675 if (__test_pf(hdr->ctrl)) 1676 rfcomm_recv_sabm(s, dlci); 1677 break; 1678 1679 case RFCOMM_DISC: 1680 if (__test_pf(hdr->ctrl)) 1681 rfcomm_recv_disc(s, dlci); 1682 break; 1683 1684 case RFCOMM_UA: 1685 if (__test_pf(hdr->ctrl)) 1686 rfcomm_recv_ua(s, dlci); 1687 break; 1688 1689 case RFCOMM_DM: 1690 rfcomm_recv_dm(s, dlci); 1691 break; 1692 1693 case RFCOMM_UIH: 1694 if (dlci) 1695 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1696 1697 rfcomm_recv_mcc(s, skb); 1698 break; 1699 1700 default: 1701 BT_ERR("Unknown packet type 0x%02x\n", type); 1702 break; 1703 } 1704 kfree_skb(skb); 1705 return 0; 1706 } 1707 1708 /* ---- Connection and data processing ---- */ 1709 1710 static void rfcomm_process_connect(struct rfcomm_session *s) 1711 { 1712 struct rfcomm_dlc *d; 1713 struct list_head *p, *n; 1714 1715 BT_DBG("session %p state %ld", s, s->state); 1716 1717 list_for_each_safe(p, n, &s->dlcs) { 1718 d = list_entry(p, struct rfcomm_dlc, list); 1719 if (d->state == BT_CONFIG) { 1720 d->mtu = s->mtu; 1721 if (rfcomm_check_security(d)) { 1722 rfcomm_send_pn(s, 1, d); 1723 } else { 1724 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1725 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1726 } 1727 } 1728 } 1729 } 1730 1731 /* Send data queued for the DLC. 1732 * Return number of frames left in the queue. 1733 */ 1734 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1735 { 1736 struct sk_buff *skb; 1737 int err; 1738 1739 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1740 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1741 1742 /* Send pending MSC */ 1743 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1744 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1745 1746 if (d->cfc) { 1747 /* CFC enabled. 1748 * Give them some credits */ 1749 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1750 d->rx_credits <= (d->cfc >> 2)) { 1751 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1752 d->rx_credits = d->cfc; 1753 } 1754 } else { 1755 /* CFC disabled. 1756 * Give ourselves some credits */ 1757 d->tx_credits = 5; 1758 } 1759 1760 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1761 return skb_queue_len(&d->tx_queue); 1762 1763 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1764 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1765 if (err < 0) { 1766 skb_queue_head(&d->tx_queue, skb); 1767 break; 1768 } 1769 kfree_skb(skb); 1770 d->tx_credits--; 1771 } 1772 1773 if (d->cfc && !d->tx_credits) { 1774 /* We're out of TX credits. 1775 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1776 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1777 } 1778 1779 return skb_queue_len(&d->tx_queue); 1780 } 1781 1782 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1783 { 1784 struct rfcomm_dlc *d; 1785 struct list_head *p, *n; 1786 1787 BT_DBG("session %p state %ld", s, s->state); 1788 1789 list_for_each_safe(p, n, &s->dlcs) { 1790 d = list_entry(p, struct rfcomm_dlc, list); 1791 1792 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1793 __rfcomm_dlc_close(d, ETIMEDOUT); 1794 continue; 1795 } 1796 1797 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1798 rfcomm_dlc_clear_timer(d); 1799 if (d->out) { 1800 rfcomm_send_pn(s, 1, d); 1801 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1802 } else { 1803 if (d->defer_setup) { 1804 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1805 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1806 1807 rfcomm_dlc_lock(d); 1808 d->state = BT_CONNECT2; 1809 d->state_change(d, 0); 1810 rfcomm_dlc_unlock(d); 1811 } else 1812 rfcomm_dlc_accept(d); 1813 } 1814 continue; 1815 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1816 rfcomm_dlc_clear_timer(d); 1817 if (!d->out) 1818 rfcomm_send_dm(s, d->dlci); 1819 else 1820 d->state = BT_CLOSED; 1821 __rfcomm_dlc_close(d, ECONNREFUSED); 1822 continue; 1823 } 1824 1825 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1826 continue; 1827 1828 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1829 continue; 1830 1831 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1832 d->mscex == RFCOMM_MSCEX_OK) 1833 rfcomm_process_tx(d); 1834 } 1835 } 1836 1837 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1838 { 1839 struct socket *sock = s->sock; 1840 struct sock *sk = sock->sk; 1841 struct sk_buff *skb; 1842 1843 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1844 1845 /* Get data directly from socket receive queue without copying it. */ 1846 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1847 skb_orphan(skb); 1848 rfcomm_recv_frame(s, skb); 1849 } 1850 1851 if (sk->sk_state == BT_CLOSED) { 1852 if (!s->initiator) 1853 rfcomm_session_put(s); 1854 1855 rfcomm_session_close(s, sk->sk_err); 1856 } 1857 } 1858 1859 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1860 { 1861 struct socket *sock = s->sock, *nsock; 1862 int err; 1863 1864 /* Fast check for a new connection. 1865 * Avoids unnesesary socket allocations. */ 1866 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1867 return; 1868 1869 BT_DBG("session %p", s); 1870 1871 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1872 if (err < 0) 1873 return; 1874 1875 /* Set our callbacks */ 1876 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1877 nsock->sk->sk_state_change = rfcomm_l2state_change; 1878 1879 s = rfcomm_session_add(nsock, BT_OPEN); 1880 if (s) { 1881 rfcomm_session_hold(s); 1882 1883 /* We should adjust MTU on incoming sessions. 1884 * L2CAP MTU minus UIH header and FCS. */ 1885 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1886 1887 rfcomm_schedule(RFCOMM_SCHED_RX); 1888 } else 1889 sock_release(nsock); 1890 } 1891 1892 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1893 { 1894 struct sock *sk = s->sock->sk; 1895 1896 BT_DBG("%p state %ld", s, s->state); 1897 1898 switch(sk->sk_state) { 1899 case BT_CONNECTED: 1900 s->state = BT_CONNECT; 1901 1902 /* We can adjust MTU on outgoing sessions. 1903 * L2CAP MTU minus UIH header and FCS. */ 1904 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1905 1906 rfcomm_send_sabm(s, 0); 1907 break; 1908 1909 case BT_CLOSED: 1910 s->state = BT_CLOSED; 1911 rfcomm_session_close(s, sk->sk_err); 1912 break; 1913 } 1914 } 1915 1916 static inline void rfcomm_process_sessions(void) 1917 { 1918 struct list_head *p, *n; 1919 1920 rfcomm_lock(); 1921 1922 list_for_each_safe(p, n, &session_list) { 1923 struct rfcomm_session *s; 1924 s = list_entry(p, struct rfcomm_session, list); 1925 1926 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1927 s->state = BT_DISCONN; 1928 rfcomm_send_disc(s, 0); 1929 rfcomm_session_put(s); 1930 continue; 1931 } 1932 1933 if (s->state == BT_LISTEN) { 1934 rfcomm_accept_connection(s); 1935 continue; 1936 } 1937 1938 rfcomm_session_hold(s); 1939 1940 switch (s->state) { 1941 case BT_BOUND: 1942 rfcomm_check_connection(s); 1943 break; 1944 1945 default: 1946 rfcomm_process_rx(s); 1947 break; 1948 } 1949 1950 rfcomm_process_dlcs(s); 1951 1952 rfcomm_session_put(s); 1953 } 1954 1955 rfcomm_unlock(); 1956 } 1957 1958 static int rfcomm_add_listener(bdaddr_t *ba) 1959 { 1960 struct sockaddr_l2 addr; 1961 struct socket *sock; 1962 struct sock *sk; 1963 struct rfcomm_session *s; 1964 int err = 0; 1965 1966 /* Create socket */ 1967 err = rfcomm_l2sock_create(&sock); 1968 if (err < 0) { 1969 BT_ERR("Create socket failed %d", err); 1970 return err; 1971 } 1972 1973 /* Bind socket */ 1974 bacpy(&addr.l2_bdaddr, ba); 1975 addr.l2_family = AF_BLUETOOTH; 1976 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1977 addr.l2_cid = 0; 1978 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1979 if (err < 0) { 1980 BT_ERR("Bind failed %d", err); 1981 goto failed; 1982 } 1983 1984 /* Set L2CAP options */ 1985 sk = sock->sk; 1986 lock_sock(sk); 1987 l2cap_pi(sk)->imtu = l2cap_mtu; 1988 release_sock(sk); 1989 1990 /* Start listening on the socket */ 1991 err = kernel_listen(sock, 10); 1992 if (err) { 1993 BT_ERR("Listen failed %d", err); 1994 goto failed; 1995 } 1996 1997 /* Add listening session */ 1998 s = rfcomm_session_add(sock, BT_LISTEN); 1999 if (!s) 2000 goto failed; 2001 2002 rfcomm_session_hold(s); 2003 return 0; 2004 failed: 2005 sock_release(sock); 2006 return err; 2007 } 2008 2009 static void rfcomm_kill_listener(void) 2010 { 2011 struct rfcomm_session *s; 2012 struct list_head *p, *n; 2013 2014 BT_DBG(""); 2015 2016 list_for_each_safe(p, n, &session_list) { 2017 s = list_entry(p, struct rfcomm_session, list); 2018 rfcomm_session_del(s); 2019 } 2020 } 2021 2022 static int rfcomm_run(void *unused) 2023 { 2024 BT_DBG(""); 2025 2026 set_user_nice(current, -10); 2027 2028 rfcomm_add_listener(BDADDR_ANY); 2029 2030 while (!kthread_should_stop()) { 2031 set_current_state(TASK_INTERRUPTIBLE); 2032 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 2033 /* No pending events. Let's sleep. 2034 * Incoming connections and data will wake us up. */ 2035 schedule(); 2036 } 2037 set_current_state(TASK_RUNNING); 2038 2039 /* Process stuff */ 2040 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 2041 rfcomm_process_sessions(); 2042 } 2043 2044 rfcomm_kill_listener(); 2045 2046 return 0; 2047 } 2048 2049 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 2050 { 2051 struct rfcomm_session *s; 2052 struct rfcomm_dlc *d; 2053 struct list_head *p, *n; 2054 2055 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2056 2057 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2058 if (!s) 2059 return; 2060 2061 rfcomm_session_hold(s); 2062 2063 list_for_each_safe(p, n, &s->dlcs) { 2064 d = list_entry(p, struct rfcomm_dlc, list); 2065 2066 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2067 rfcomm_dlc_clear_timer(d); 2068 if (status || encrypt == 0x00) { 2069 __rfcomm_dlc_close(d, ECONNREFUSED); 2070 continue; 2071 } 2072 } 2073 2074 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2075 if (d->sec_level == BT_SECURITY_MEDIUM) { 2076 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2077 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2078 continue; 2079 } else if (d->sec_level == BT_SECURITY_HIGH) { 2080 __rfcomm_dlc_close(d, ECONNREFUSED); 2081 continue; 2082 } 2083 } 2084 2085 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2086 continue; 2087 2088 if (!status) 2089 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2090 else 2091 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2092 } 2093 2094 rfcomm_session_put(s); 2095 2096 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2097 } 2098 2099 static struct hci_cb rfcomm_cb = { 2100 .name = "RFCOMM", 2101 .security_cfm = rfcomm_security_cfm 2102 }; 2103 2104 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x) 2105 { 2106 struct rfcomm_session *s; 2107 struct list_head *pp, *p; 2108 2109 rfcomm_lock(); 2110 2111 list_for_each(p, &session_list) { 2112 s = list_entry(p, struct rfcomm_session, list); 2113 list_for_each(pp, &s->dlcs) { 2114 struct sock *sk = s->sock->sk; 2115 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2116 2117 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2118 batostr(&bt_sk(sk)->src), 2119 batostr(&bt_sk(sk)->dst), 2120 d->state, d->dlci, d->mtu, 2121 d->rx_credits, d->tx_credits); 2122 } 2123 } 2124 2125 rfcomm_unlock(); 2126 2127 return 0; 2128 } 2129 2130 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file) 2131 { 2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private); 2133 } 2134 2135 static const struct file_operations rfcomm_dlc_debugfs_fops = { 2136 .open = rfcomm_dlc_debugfs_open, 2137 .read = seq_read, 2138 .llseek = seq_lseek, 2139 .release = single_release, 2140 }; 2141 2142 static struct dentry *rfcomm_dlc_debugfs; 2143 2144 /* ---- Initialization ---- */ 2145 static int __init rfcomm_init(void) 2146 { 2147 int err; 2148 2149 l2cap_load(); 2150 2151 hci_register_cb(&rfcomm_cb); 2152 2153 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2154 if (IS_ERR(rfcomm_thread)) { 2155 err = PTR_ERR(rfcomm_thread); 2156 goto unregister; 2157 } 2158 2159 if (bt_debugfs) { 2160 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444, 2161 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops); 2162 if (!rfcomm_dlc_debugfs) 2163 BT_ERR("Failed to create RFCOMM debug file"); 2164 } 2165 2166 err = rfcomm_init_ttys(); 2167 if (err < 0) 2168 goto stop; 2169 2170 err = rfcomm_init_sockets(); 2171 if (err < 0) 2172 goto cleanup; 2173 2174 BT_INFO("RFCOMM ver %s", VERSION); 2175 2176 return 0; 2177 2178 cleanup: 2179 rfcomm_cleanup_ttys(); 2180 2181 stop: 2182 kthread_stop(rfcomm_thread); 2183 2184 unregister: 2185 hci_unregister_cb(&rfcomm_cb); 2186 2187 return err; 2188 } 2189 2190 static void __exit rfcomm_exit(void) 2191 { 2192 debugfs_remove(rfcomm_dlc_debugfs); 2193 2194 hci_unregister_cb(&rfcomm_cb); 2195 2196 kthread_stop(rfcomm_thread); 2197 2198 rfcomm_cleanup_ttys(); 2199 2200 rfcomm_cleanup_sockets(); 2201 } 2202 2203 module_init(rfcomm_init); 2204 module_exit(rfcomm_exit); 2205 2206 module_param(disable_cfc, bool, 0644); 2207 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2208 2209 module_param(channel_mtu, int, 0644); 2210 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2211 2212 module_param(l2cap_mtu, uint, 0644); 2213 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2214 2215 module_param(l2cap_ertm, bool, 0644); 2216 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection"); 2217 2218 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2219 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2220 MODULE_VERSION(VERSION); 2221 MODULE_LICENSE("GPL"); 2222 MODULE_ALIAS("bt-proto-3"); 2223