]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blame - net/bluetooth/rfcomm/core.c
projects / mirror_ubuntu-focal-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branches 'acpi-fan', 'acpi-video' and 'acpi-ec'
[mirror_ubuntu-focal-kernel.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4 28#include <linux/module.h>
aef7d97c 29#include <linux/debugfs.h>
a524eccc 30#include <linux/kthread.h>
1da177e4
LT		 31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
5f9018af 38#define VERSION "1.11"
56f3a40a 39
eb939922
RR		 40static bool disable_cfc;
41static bool l2cap_ertm;
98bcd08b 42static int channel_mtu = -1;
56f3a40a
MH		 43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
1da177e4
LT		 45static struct task_struct *rfcomm_thread;
46
4a3e2f71
AV		 47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4 50
1da177e4
LT		 51
52static LIST_HEAD(session_list);
1da177e4 53
5436538f 54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
1da177e4
LT		 55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
63ce0900
LAD		 67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
1da177e4 71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
8ff52f7d 72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
1da177e4
LT		 73
74/* ---- RFCOMM frame parsing macros ---- */
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) ((b & 0x02))
82#define __test_pf(b) ((b & 0x10))
83
84#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87#define __srv_channel(dlci) (dlci >> 1)
88#define __dir(dlci) (dlci & 0x01)
89
90#define __len8(len) (((len) << 1) | 1)
91#define __len16(len) ((len) << 1)
92
93/* MCC macros */
94#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95#define __get_mcc_type(b) ((b & 0xfc) >> 2)
96#define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98/* RPN macros */
3a5e903c 99#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 100#define __get_rpn_data_bits(line) ((line) & 0x3)
101#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 102#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4 103
eedf7e47
PZ		 104static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
105
6039aa73 106static void rfcomm_schedule(void)
1da177e4 107{
eedf7e47 108 wake_up_all(&rfcomm_wq);
1da177e4
LT		 109}
110
1da177e4
LT		 111/* ---- RFCOMM FCS computation ---- */
112
408c1ce2 113/* reversed, 8-bit, poly=0x07 */
8e87d142 114static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154};
155
1da177e4
LT		 156/* CRC on 2 bytes */
157#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
8e87d142 159/* FCS on 2 bytes */
1da177e4
LT		 160static inline u8 __fcs(u8 *data)
161{
a02cec21 162 return 0xff - __crc(data);
1da177e4
LT		 163}
164
8e87d142 165/* FCS on 3 bytes */
1da177e4
LT		 166static inline u8 __fcs2(u8 *data)
167{
a02cec21 168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
1da177e4
LT		 169}
170
171/* Check FCS */
172static inline int __check_fcs(u8 *data, int type, u8 fcs)
173{
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180}
181
182/* ---- L2CAP callbacks ---- */
183static void rfcomm_l2state_change(struct sock *sk)
184{
185 BT_DBG("%p state %d", sk, sk->sk_state);
534c92fd 186 rfcomm_schedule();
1da177e4
LT		 187}
188
676d2369 189static void rfcomm_l2data_ready(struct sock *sk)
1da177e4 190{
676d2369 191 BT_DBG("%p", sk);
534c92fd 192 rfcomm_schedule();
1da177e4
LT		 193}
194
195static int rfcomm_l2sock_create(struct socket **sock)
196{
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208}
209
6039aa73 210static int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 211{
212 struct sock *sk = d->session->sock->sk;
8c1d787b
GP		 213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
0684e5f9
MH		 215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
2c068e0b 219 case BT_SECURITY_FIPS:
0684e5f9
MH		 220 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 break;
222 case BT_SECURITY_MEDIUM:
223 auth_type = HCI_AT_GENERAL_BONDING;
224 break;
225 default:
226 auth_type = HCI_AT_NO_BONDING;
227 break;
228 }
77db1980 229
e7cafc45
JH		 230 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
231 d->out);
77db1980
MH		 232}
233
9e726b17
LAD		 234static void rfcomm_session_timeout(unsigned long arg)
235{
236 struct rfcomm_session *s = (void *) arg;
237
238 BT_DBG("session %p state %ld", s, s->state);
239
240 set_bit(RFCOMM_TIMED_OUT, &s->flags);
534c92fd 241 rfcomm_schedule();
9e726b17
LAD		 242}
243
244static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
245{
246 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
247
08c30aca 248 mod_timer(&s->timer, jiffies + timeout);
9e726b17
LAD		 249}
250
251static void rfcomm_session_clear_timer(struct rfcomm_session *s)
252{
253 BT_DBG("session %p state %ld", s, s->state);
254
08c30aca 255 del_timer_sync(&s->timer);
9e726b17
LAD		 256}
257
1da177e4
LT		 258/* ---- RFCOMM DLCs ---- */
259static void rfcomm_dlc_timeout(unsigned long arg)
260{
261 struct rfcomm_dlc *d = (void *) arg;
262
263 BT_DBG("dlc %p state %ld", d, d->state);
264
265 set_bit(RFCOMM_TIMED_OUT, &d->flags);
266 rfcomm_dlc_put(d);
534c92fd 267 rfcomm_schedule();
1da177e4
LT		 268}
269
270static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
271{
272 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
273
274 if (!mod_timer(&d->timer, jiffies + timeout))
275 rfcomm_dlc_hold(d);
276}
277
278static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
279{
280 BT_DBG("dlc %p state %ld", d, d->state);
281
25cc4ae9 282 if (del_timer(&d->timer))
1da177e4
LT		 283 rfcomm_dlc_put(d);
284}
285
286static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
287{
288 BT_DBG("%p", d);
289
290 d->state = BT_OPEN;
291 d->flags = 0;
292 d->mscex = 0;
183f732c 293 d->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 294 d->mtu = RFCOMM_DEFAULT_MTU;
295 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
296
297 d->cfc = RFCOMM_CFC_DISABLED;
298 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299}
300
dd0fc66f 301struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 302{
25ea6db0
MH		 303 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
304
1da177e4
LT		 305 if (!d)
306 return NULL;
1da177e4 307
b24b8a24 308 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 309
310 skb_queue_head_init(&d->tx_queue);
86aae6c7 311 mutex_init(&d->lock);
1da177e4
LT		 312 atomic_set(&d->refcnt, 1);
313
314 rfcomm_dlc_clear_state(d);
8e87d142 315
1da177e4 316 BT_DBG("%p", d);
25ea6db0 317
1da177e4
LT		 318 return d;
319}
320
321void rfcomm_dlc_free(struct rfcomm_dlc *d)
322{
323 BT_DBG("%p", d);
324
325 skb_queue_purge(&d->tx_queue);
326 kfree(d);
327}
328
329static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
330{
331 BT_DBG("dlc %p session %p", d, s);
332
9e726b17 333 rfcomm_session_clear_timer(s);
1da177e4
LT		 334 rfcomm_dlc_hold(d);
335 list_add(&d->list, &s->dlcs);
336 d->session = s;
337}
338
339static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
340{
341 struct rfcomm_session *s = d->session;
342
343 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
344
345 list_del(&d->list);
346 d->session = NULL;
347 rfcomm_dlc_put(d);
348
9e726b17
LAD		 349 if (list_empty(&s->dlcs))
350 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
1da177e4
LT		 351}
352
353static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
354{
355 struct rfcomm_dlc *d;
1da177e4 356
8035ded4 357 list_for_each_entry(d, &s->dlcs, list)
1da177e4
LT		 358 if (d->dlci == dlci)
359 return d;
8035ded4 360
1da177e4
LT		 361 return NULL;
362}
363
c10a848c
PH		 364static int rfcomm_check_channel(u8 channel)
365{
366 return channel < 1 || channel > 30;
367}
368
1da177e4
LT		 369static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
370{
371 struct rfcomm_session *s;
372 int err = 0;
373 u8 dlci;
374
6ed93dc6
AE		 375 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
376 d, d->state, src, dst, channel);
1da177e4 377
c10a848c 378 if (rfcomm_check_channel(channel))
1da177e4
LT		 379 return -EINVAL;
380
381 if (d->state != BT_OPEN && d->state != BT_CLOSED)
382 return 0;
383
384 s = rfcomm_session_get(src, dst);
385 if (!s) {
63ce0900 386 s = rfcomm_session_create(src, dst, d->sec_level, &err);
1da177e4
LT		 387 if (!s)
388 return err;
389 }
390
391 dlci = __dlci(!s->initiator, channel);
392
393 /* Check if DLCI already exists */
394 if (rfcomm_dlc_get(s, dlci))
395 return -EBUSY;
396
397 rfcomm_dlc_clear_state(d);
398
399 d->dlci = dlci;
400 d->addr = __addr(s->initiator, dlci);
401 d->priority = 7;
402
77db1980 403 d->state = BT_CONFIG;
1da177e4
LT		 404 rfcomm_dlc_link(s, d);
405
77db1980
MH		 406 d->out = 1;
407
1da177e4
LT		 408 d->mtu = s->mtu;
409 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
410
77db1980 411 if (s->state == BT_CONNECTED) {
9f2c8a03 412 if (rfcomm_check_security(d))
77db1980 413 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 414 else
415 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 416 }
417
1da177e4 418 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 419
1da177e4
LT		 420 return 0;
421}
422
423int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
424{
425 int r;
426
427 rfcomm_lock();
428
429 r = __rfcomm_dlc_open(d, src, dst, channel);
430
431 rfcomm_unlock();
432 return r;
433}
434
f622357a
PH		 435static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
436{
437 struct rfcomm_session *s = d->session;
438
439 d->state = BT_DISCONN;
440 if (skb_queue_empty(&d->tx_queue)) {
441 rfcomm_send_disc(s, d->dlci);
442 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
443 } else {
444 rfcomm_queue_disc(d);
445 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
446 }
447}
448
1da177e4
LT		 449static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
450{
451 struct rfcomm_session *s = d->session;
452 if (!s)
453 return 0;
454
455 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
456 d, d->state, d->dlci, err, s);
457
458 switch (d->state) {
1da177e4 459 case BT_CONNECT:
bb23c0ab 460 case BT_CONFIG:
5998e040
PH		 461 case BT_OPEN:
462 case BT_CONNECT2:
bb23c0ab
MH		 463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
464 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 465 rfcomm_schedule();
5998e040 466 return 0;
bb23c0ab 467 }
5998e040
PH		 468 }
469
470 switch (d->state) {
471 case BT_CONNECT:
bb23c0ab 472 case BT_CONNECTED:
f622357a 473 __rfcomm_dlc_disconn(d);
1da177e4
LT		 474 break;
475
c4fd318d
PH		 476 case BT_CONFIG:
477 if (s->state != BT_BOUND) {
478 __rfcomm_dlc_disconn(d);
479 break;
480 }
481 /* if closing a dlc in a session that hasn't been started,
482 * just close and unlink the dlc
483 */
484
1da177e4
LT		 485 default:
486 rfcomm_dlc_clear_timer(d);
487
488 rfcomm_dlc_lock(d);
489 d->state = BT_CLOSED;
1905f6c7 490 d->state_change(d, err);
4c8411f8 491 rfcomm_dlc_unlock(d);
1da177e4
LT		 492
493 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 494 rfcomm_dlc_unlink(d);
495 }
496
497 return 0;
498}
499
500int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
501{
c06f7d53
DJ		 502 int r = 0;
503 struct rfcomm_dlc *d_list;
504 struct rfcomm_session *s, *s_list;
505
506 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
1da177e4
LT		 507
508 rfcomm_lock();
509
c06f7d53
DJ		 510 s = d->session;
511 if (!s)
512 goto no_session;
513
514 /* after waiting on the mutex check the session still exists
515 * then check the dlc still exists
516 */
517 list_for_each_entry(s_list, &session_list, list) {
518 if (s_list == s) {
519 list_for_each_entry(d_list, &s->dlcs, list) {
520 if (d_list == d) {
521 r = __rfcomm_dlc_close(d, err);
522 break;
523 }
524 }
525 break;
526 }
527 }
1da177e4 528
c06f7d53 529no_session:
1da177e4
LT		 530 rfcomm_unlock();
531 return r;
532}
533
c10a848c
PH		 534struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
535{
536 struct rfcomm_session *s;
537 struct rfcomm_dlc *dlc = NULL;
538 u8 dlci;
539
540 if (rfcomm_check_channel(channel))
541 return ERR_PTR(-EINVAL);
542
543 rfcomm_lock();
544 s = rfcomm_session_get(src, dst);
545 if (s) {
546 dlci = __dlci(!s->initiator, channel);
547 dlc = rfcomm_dlc_get(s, dlci);
548 }
549 rfcomm_unlock();
550 return dlc;
551}
552
1da177e4
LT		 553int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
554{
555 int len = skb->len;
556
557 if (d->state != BT_CONNECTED)
558 return -ENOTCONN;
559
560 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
561
562 if (len > d->mtu)
563 return -EINVAL;
564
565 rfcomm_make_uih(skb, d->addr);
566 skb_queue_tail(&d->tx_queue, skb);
567
568 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
534c92fd 569 rfcomm_schedule();
1da177e4
LT		 570 return len;
571}
572
72e5108c
PH		 573void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
574{
575 int len = skb->len;
576
577 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
578
579 rfcomm_make_uih(skb, d->addr);
580 skb_queue_tail(&d->tx_queue, skb);
581
582 if (d->state == BT_CONNECTED &&
583 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
584 rfcomm_schedule();
585}
586
b5606c2d 587void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 588{
589 BT_DBG("dlc %p state %ld", d, d->state);
590
591 if (!d->cfc) {
592 d->v24_sig |= RFCOMM_V24_FC;
593 set_bit(RFCOMM_MSC_PENDING, &d->flags);
594 }
534c92fd 595 rfcomm_schedule();
1da177e4
LT		 596}
597
b5606c2d 598void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 599{
600 BT_DBG("dlc %p state %ld", d, d->state);
601
602 if (!d->cfc) {
603 d->v24_sig &= ~RFCOMM_V24_FC;
604 set_bit(RFCOMM_MSC_PENDING, &d->flags);
605 }
534c92fd 606 rfcomm_schedule();
1da177e4
LT		 607}
608
8e87d142 609/*
1da177e4
LT		 610 Set/get modem status functions use _local_ status i.e. what we report
611 to the other side.
612 Remote status is provided by dlc->modem_status() callback.
613 */
614int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
615{
8e87d142 616 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 617 d, d->state, v24_sig);
618
619 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
620 v24_sig |= RFCOMM_V24_FC;
621 else
622 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 623
1da177e4
LT		 624 d->v24_sig = v24_sig;
625
626 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
534c92fd 627 rfcomm_schedule();
1da177e4
LT		 628
629 return 0;
630}
631
632int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
633{
8e87d142 634 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 635 d, d->state, d->v24_sig);
636
637 *v24_sig = d->v24_sig;
638 return 0;
639}
640
641/* ---- RFCOMM sessions ---- */
642static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
643{
25ea6db0
MH		 644 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
645
1da177e4
LT		 646 if (!s)
647 return NULL;
1da177e4
LT		 648
649 BT_DBG("session %p sock %p", s, sock);
650
9e726b17
LAD		 651 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
652
1da177e4
LT		 653 INIT_LIST_HEAD(&s->dlcs);
654 s->state = state;
655 s->sock = sock;
656
657 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 658 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 659
660 /* Do not increment module usage count for listening sessions.
661 * Otherwise we won't be able to unload the module. */
662 if (state != BT_LISTEN)
663 if (!try_module_get(THIS_MODULE)) {
664 kfree(s);
665 return NULL;
666 }
667
668 list_add(&s->list, &session_list);
669
670 return s;
671}
672
8ff52f7d 673static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
1da177e4
LT		 674{
675 int state = s->state;
676
677 BT_DBG("session %p state %ld", s, s->state);
678
679 list_del(&s->list);
680
9e726b17 681 rfcomm_session_clear_timer(s);
1da177e4
LT		 682 sock_release(s->sock);
683 kfree(s);
684
685 if (state != BT_LISTEN)
686 module_put(THIS_MODULE);
8ff52f7d
DJ		 687
688 return NULL;
1da177e4
LT		 689}
690
691static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
692{
693 struct rfcomm_session *s;
694 struct list_head *p, *n;
24bc10ca 695 struct l2cap_chan *chan;
1da177e4
LT		 696 list_for_each_safe(p, n, &session_list) {
697 s = list_entry(p, struct rfcomm_session, list);
24bc10ca 698 chan = l2cap_pi(s->sock->sk)->chan;
1da177e4 699
24bc10ca
MH		 700 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
701 !bacmp(&chan->dst, dst))
1da177e4
LT		 702 return s;
703 }
704 return NULL;
705}
706
8ff52f7d
DJ		 707static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
708 int err)
1da177e4
LT		 709{
710 struct rfcomm_dlc *d;
711 struct list_head *p, *n;
712
1da177e4
LT		 713 s->state = BT_CLOSED;
714
24fd642c
DJ		 715 BT_DBG("session %p state %ld err %d", s, s->state, err);
716
1da177e4
LT		 717 /* Close all dlcs */
718 list_for_each_safe(p, n, &s->dlcs) {
719 d = list_entry(p, struct rfcomm_dlc, list);
720 d->state = BT_CLOSED;
721 __rfcomm_dlc_close(d, err);
722 }
723
9e726b17 724 rfcomm_session_clear_timer(s);
08c30aca 725 return rfcomm_session_del(s);
1da177e4
LT		 726}
727
63ce0900
LAD		 728static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
729 bdaddr_t *dst,
730 u8 sec_level,
731 int *err)
1da177e4
LT		 732{
733 struct rfcomm_session *s = NULL;
734 struct sockaddr_l2 addr;
735 struct socket *sock;
736 struct sock *sk;
737
6ed93dc6 738 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4
LT		 739
740 *err = rfcomm_l2sock_create(&sock);
741 if (*err < 0)
742 return NULL;
743
744 bacpy(&addr.l2_bdaddr, src);
745 addr.l2_family = AF_BLUETOOTH;
746 addr.l2_psm = 0;
37e62f55 747 addr.l2_cid = 0;
c507f138 748 addr.l2_bdaddr_type = BDADDR_BREDR;
48db9ca4 749 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 750 if (*err < 0)
751 goto failed;
752
753 /* Set L2CAP options */
754 sk = sock->sk;
755 lock_sock(sk);
0c1bc5c6 756 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
47d1ec61 757 l2cap_pi(sk)->chan->sec_level = sec_level;
eae38eed 758 if (l2cap_ertm)
0c1bc5c6 759 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
1da177e4
LT		 760 release_sock(sk);
761
762 s = rfcomm_session_add(sock, BT_BOUND);
763 if (!s) {
764 *err = -ENOMEM;
765 goto failed;
766 }
767
1da177e4
LT		 768 s->initiator = 1;
769
770 bacpy(&addr.l2_bdaddr, dst);
771 addr.l2_family = AF_BLUETOOTH;
dcf4adbf 772 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 773 addr.l2_cid = 0;
8992da09 774 addr.l2_bdaddr_type = BDADDR_BREDR;
48db9ca4 775 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 776 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 777 return s;
778
8ff52f7d 779 return rfcomm_session_del(s);
1da177e4
LT		 780
781failed:
782 sock_release(sock);
783 return NULL;
784}
785
786void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
787{
24bc10ca 788 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
1da177e4 789 if (src)
24bc10ca 790 bacpy(src, &chan->src);
1da177e4 791 if (dst)
24bc10ca 792 bacpy(dst, &chan->dst);
1da177e4
LT		 793}
794
795/* ---- RFCOMM frame sending ---- */
5436538f 796static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
1da177e4 797{
1da177e4
LT		 798 struct kvec iv = { data, len };
799 struct msghdr msg;
800
5436538f 801 BT_DBG("session %p len %d", s, len);
1da177e4
LT		 802
803 memset(&msg, 0, sizeof(msg));
804
5436538f 805 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
1da177e4
LT		 806}
807
262038fc
LAD		 808static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
809{
810 BT_DBG("%p cmd %u", s, cmd->ctrl);
811
5436538f 812 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
262038fc
LAD		 813}
814
1da177e4
LT		 815static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
816{
817 struct rfcomm_cmd cmd;
818
819 BT_DBG("%p dlci %d", s, dlci);
820
821 cmd.addr = __addr(s->initiator, dlci);
822 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
823 cmd.len = __len8(0);
824 cmd.fcs = __fcs2((u8 *) &cmd);
825
262038fc 826 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 827}
828
829static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
830{
831 struct rfcomm_cmd cmd;
832
833 BT_DBG("%p dlci %d", s, dlci);
834
835 cmd.addr = __addr(!s->initiator, dlci);
836 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
837 cmd.len = __len8(0);
838 cmd.fcs = __fcs2((u8 *) &cmd);
839
262038fc 840 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 841}
842
843static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
844{
845 struct rfcomm_cmd cmd;
846
847 BT_DBG("%p dlci %d", s, dlci);
848
849 cmd.addr = __addr(s->initiator, dlci);
850 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
851 cmd.len = __len8(0);
852 cmd.fcs = __fcs2((u8 *) &cmd);
853
262038fc 854 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 855}
856
857static int rfcomm_queue_disc(struct rfcomm_dlc *d)
858{
859 struct rfcomm_cmd *cmd;
860 struct sk_buff *skb;
861
862 BT_DBG("dlc %p dlci %d", d, d->dlci);
863
864 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
865 if (!skb)
866 return -ENOMEM;
867
868 cmd = (void *) __skb_put(skb, sizeof(*cmd));
869 cmd->addr = d->addr;
870 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
871 cmd->len = __len8(0);
872 cmd->fcs = __fcs2((u8 *) cmd);
873
874 skb_queue_tail(&d->tx_queue, skb);
534c92fd 875 rfcomm_schedule();
1da177e4
LT		 876 return 0;
877}
878
879static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
880{
881 struct rfcomm_cmd cmd;
882
883 BT_DBG("%p dlci %d", s, dlci);
884
885 cmd.addr = __addr(!s->initiator, dlci);
886 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
887 cmd.len = __len8(0);
888 cmd.fcs = __fcs2((u8 *) &cmd);
889
262038fc 890 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 891}
892
893static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
894{
895 struct rfcomm_hdr *hdr;
896 struct rfcomm_mcc *mcc;
897 u8 buf[16], *ptr = buf;
898
899 BT_DBG("%p cr %d type %d", s, cr, type);
900
901 hdr = (void *) ptr; ptr += sizeof(*hdr);
902 hdr->addr = __addr(s->initiator, 0);
903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
904 hdr->len = __len8(sizeof(*mcc) + 1);
905
906 mcc = (void *) ptr; ptr += sizeof(*mcc);
907 mcc->type = __mcc_type(cr, RFCOMM_NSC);
908 mcc->len = __len8(1);
909
910 /* Type that we didn't like */
911 *ptr = __mcc_type(cr, type); ptr++;
912
913 *ptr = __fcs(buf); ptr++;
914
5436538f 915 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 916}
917
918static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
919{
920 struct rfcomm_hdr *hdr;
921 struct rfcomm_mcc *mcc;
922 struct rfcomm_pn *pn;
923 u8 buf[16], *ptr = buf;
924
925 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
926
927 hdr = (void *) ptr; ptr += sizeof(*hdr);
928 hdr->addr = __addr(s->initiator, 0);
929 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
930 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
931
932 mcc = (void *) ptr; ptr += sizeof(*mcc);
933 mcc->type = __mcc_type(cr, RFCOMM_PN);
934 mcc->len = __len8(sizeof(*pn));
935
936 pn = (void *) ptr; ptr += sizeof(*pn);
937 pn->dlci = d->dlci;
938 pn->priority = d->priority;
939 pn->ack_timer = 0;
940 pn->max_retrans = 0;
941
942 if (s->cfc) {
943 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
944 pn->credits = RFCOMM_DEFAULT_CREDITS;
945 } else {
946 pn->flow_ctrl = 0;
947 pn->credits = 0;
948 }
949
98bcd08b 950 if (cr && channel_mtu >= 0)
b4324b5d 951 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 952 else
b4324b5d 953 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 954
955 *ptr = __fcs(buf); ptr++;
956
5436538f 957 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 958}
959
3a5e903c
S		 960int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
961 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 962 u8 parity, u8 flow_ctrl_settings,
3a5e903c 963 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 964{
965 struct rfcomm_hdr *hdr;
966 struct rfcomm_mcc *mcc;
967 struct rfcomm_rpn *rpn;
968 u8 buf[16], *ptr = buf;
969
970 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 971 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
972 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 973 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 974
975 hdr = (void *) ptr; ptr += sizeof(*hdr);
976 hdr->addr = __addr(s->initiator, 0);
977 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
978 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
979
980 mcc = (void *) ptr; ptr += sizeof(*mcc);
981 mcc->type = __mcc_type(cr, RFCOMM_RPN);
982 mcc->len = __len8(sizeof(*rpn));
983
984 rpn = (void *) ptr; ptr += sizeof(*rpn);
985 rpn->dlci = __addr(1, dlci);
986 rpn->bit_rate = bit_rate;
987 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
988 rpn->flow_ctrl = flow_ctrl_settings;
989 rpn->xon_char = xon_char;
990 rpn->xoff_char = xoff_char;
e8db8c99 991 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 992
993 *ptr = __fcs(buf); ptr++;
994
5436538f 995 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 996}
997
998static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
999{
1000 struct rfcomm_hdr *hdr;
1001 struct rfcomm_mcc *mcc;
1002 struct rfcomm_rls *rls;
1003 u8 buf[16], *ptr = buf;
1004
1005 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1006
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1011
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1014 mcc->len = __len8(sizeof(*rls));
1015
1016 rls = (void *) ptr; ptr += sizeof(*rls);
1017 rls->dlci = __addr(1, dlci);
1018 rls->status = status;
1019
1020 *ptr = __fcs(buf); ptr++;
1021
5436538f 1022 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1023}
1024
1025static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1026{
1027 struct rfcomm_hdr *hdr;
1028 struct rfcomm_mcc *mcc;
1029 struct rfcomm_msc *msc;
1030 u8 buf[16], *ptr = buf;
1031
1032 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1033
1034 hdr = (void *) ptr; ptr += sizeof(*hdr);
1035 hdr->addr = __addr(s->initiator, 0);
1036 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1037 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1038
1039 mcc = (void *) ptr; ptr += sizeof(*mcc);
1040 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1041 mcc->len = __len8(sizeof(*msc));
1042
1043 msc = (void *) ptr; ptr += sizeof(*msc);
1044 msc->dlci = __addr(1, dlci);
1045 msc->v24_sig = v24_sig | 0x01;
1046
1047 *ptr = __fcs(buf); ptr++;
1048
5436538f 1049 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1050}
1051
1052static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1053{
1054 struct rfcomm_hdr *hdr;
1055 struct rfcomm_mcc *mcc;
1056 u8 buf[16], *ptr = buf;
1057
1058 BT_DBG("%p cr %d", s, cr);
1059
1060 hdr = (void *) ptr; ptr += sizeof(*hdr);
1061 hdr->addr = __addr(s->initiator, 0);
1062 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1063 hdr->len = __len8(sizeof(*mcc));
1064
1065 mcc = (void *) ptr; ptr += sizeof(*mcc);
1066 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1067 mcc->len = __len8(0);
1068
1069 *ptr = __fcs(buf); ptr++;
1070
5436538f 1071 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1072}
1073
1074static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1075{
1076 struct rfcomm_hdr *hdr;
1077 struct rfcomm_mcc *mcc;
1078 u8 buf[16], *ptr = buf;
1079
1080 BT_DBG("%p cr %d", s, cr);
1081
1082 hdr = (void *) ptr; ptr += sizeof(*hdr);
1083 hdr->addr = __addr(s->initiator, 0);
1084 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1085 hdr->len = __len8(sizeof(*mcc));
1086
1087 mcc = (void *) ptr; ptr += sizeof(*mcc);
1088 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1089 mcc->len = __len8(0);
1090
1091 *ptr = __fcs(buf); ptr++;
1092
5436538f 1093 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1094}
1095
1096static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1097{
1098 struct socket *sock = s->sock;
1099 struct kvec iv[3];
1100 struct msghdr msg;
1101 unsigned char hdr[5], crc[1];
1102
1103 if (len > 125)
1104 return -EINVAL;
1105
1106 BT_DBG("%p cr %d", s, cr);
1107
1108 hdr[0] = __addr(s->initiator, 0);
1109 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1110 hdr[2] = 0x01 | ((len + 2) << 1);
1111 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1112 hdr[4] = 0x01 | (len << 1);
1113
1114 crc[0] = __fcs(hdr);
1115
1116 iv[0].iov_base = hdr;
1117 iv[0].iov_len = 5;
1118 iv[1].iov_base = pattern;
1119 iv[1].iov_len = len;
1120 iv[2].iov_base = crc;
1121 iv[2].iov_len = 1;
1122
1123 memset(&msg, 0, sizeof(msg));
1124
1125 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1126}
1127
1128static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1129{
1130 struct rfcomm_hdr *hdr;
1131 u8 buf[16], *ptr = buf;
1132
1133 BT_DBG("%p addr %d credits %d", s, addr, credits);
1134
1135 hdr = (void *) ptr; ptr += sizeof(*hdr);
1136 hdr->addr = addr;
1137 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1138 hdr->len = __len8(0);
1139
1140 *ptr = credits; ptr++;
1141
1142 *ptr = __fcs(buf); ptr++;
1143
5436538f 1144 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1145}
1146
1147static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1148{
1149 struct rfcomm_hdr *hdr;
1150 int len = skb->len;
1151 u8 *crc;
1152
1153 if (len > 127) {
1154 hdr = (void *) skb_push(skb, 4);
b4324b5d 1155 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1156 } else {
1157 hdr = (void *) skb_push(skb, 3);
1158 hdr->len = __len8(len);
1159 }
1160 hdr->addr = addr;
1161 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1162
1163 crc = skb_put(skb, 1);
1164 *crc = __fcs((void *) hdr);
1165}
1166
1167/* ---- RFCOMM frame reception ---- */
8ff52f7d 1168static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1169{
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1171
1172 if (dlci) {
1173 /* Data channel */
1174 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1175 if (!d) {
1176 rfcomm_send_dm(s, dlci);
8ff52f7d 1177 return s;
1da177e4
LT		 1178 }
1179
1180 switch (d->state) {
1181 case BT_CONNECT:
1182 rfcomm_dlc_clear_timer(d);
1183
1184 rfcomm_dlc_lock(d);
1185 d->state = BT_CONNECTED;
1186 d->state_change(d, 0);
1187 rfcomm_dlc_unlock(d);
1188
1189 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1190 break;
1191
1192 case BT_DISCONN:
1193 d->state = BT_CLOSED;
1194 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1195
1196 if (list_empty(&s->dlcs)) {
1197 s->state = BT_DISCONN;
1198 rfcomm_send_disc(s, 0);
79e65478 1199 rfcomm_session_clear_timer(s);
9cf5b0ea
MH		 1200 }
1201
1da177e4
LT		 1202 break;
1203 }
1204 } else {
1205 /* Control channel */
1206 switch (s->state) {
1207 case BT_CONNECT:
1208 s->state = BT_CONNECTED;
1209 rfcomm_process_connect(s);
1210 break;
9cf5b0ea
MH		 1211
1212 case BT_DISCONN:
8ff52f7d 1213 s = rfcomm_session_close(s, ECONNRESET);
9cf5b0ea 1214 break;
1da177e4
LT		 1215 }
1216 }
8ff52f7d 1217 return s;
1da177e4
LT		 1218}
1219
8ff52f7d 1220static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1221{
1222 int err = 0;
1223
1224 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1225
1226 if (dlci) {
1227 /* Data DLC */
1228 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1229 if (d) {
1230 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1231 err = ECONNREFUSED;
1232 else
1233 err = ECONNRESET;
1234
1235 d->state = BT_CLOSED;
1236 __rfcomm_dlc_close(d, err);
1237 }
1238 } else {
1239 if (s->state == BT_CONNECT)
1240 err = ECONNREFUSED;
1241 else
1242 err = ECONNRESET;
1243
8ff52f7d 1244 s = rfcomm_session_close(s, err);
1da177e4 1245 }
8ff52f7d 1246 return s;
1da177e4
LT		 1247}
1248
8ff52f7d
DJ		 1249static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1250 u8 dlci)
1da177e4
LT		 1251{
1252 int err = 0;
1253
1254 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1255
1256 if (dlci) {
1257 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1258 if (d) {
1259 rfcomm_send_ua(s, dlci);
1260
1261 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1262 err = ECONNREFUSED;
1263 else
1264 err = ECONNRESET;
1265
1266 d->state = BT_CLOSED;
1267 __rfcomm_dlc_close(d, err);
8e87d142 1268 } else
1da177e4 1269 rfcomm_send_dm(s, dlci);
8e87d142 1270
1da177e4
LT		 1271 } else {
1272 rfcomm_send_ua(s, 0);
1273
1274 if (s->state == BT_CONNECT)
1275 err = ECONNREFUSED;
1276 else
1277 err = ECONNRESET;
1278
8ff52f7d 1279 s = rfcomm_session_close(s, err);
1da177e4 1280 }
8ff52f7d 1281 return s;
1da177e4
LT		 1282}
1283
bb23c0ab 1284void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1285{
300b9397 1286 struct sock *sk = d->session->sock->sk;
8c1d787b 1287 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
300b9397 1288
1da177e4
LT		 1289 BT_DBG("dlc %p", d);
1290
1291 rfcomm_send_ua(d->session, d->dlci);
1292
e2139b32
JH		 1293 rfcomm_dlc_clear_timer(d);
1294
1da177e4
LT		 1295 rfcomm_dlc_lock(d);
1296 d->state = BT_CONNECTED;
1297 d->state_change(d, 0);
1298 rfcomm_dlc_unlock(d);
1299
9f2c8a03 1300 if (d->role_switch)
8c1d787b 1301 hci_conn_switch_role(conn->hcon, 0x00);
300b9397 1302
1da177e4
LT		 1303 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1304}
1305
bb23c0ab
MH		 1306static void rfcomm_check_accept(struct rfcomm_dlc *d)
1307{
9f2c8a03 1308 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1309 if (d->defer_setup) {
1310 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1311 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1312
1313 rfcomm_dlc_lock(d);
1314 d->state = BT_CONNECT2;
1315 d->state_change(d, 0);
1316 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1317 } else
1318 rfcomm_dlc_accept(d);
8c1b2355
MH		 1319 } else {
1320 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1321 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1322 }
1323}
1324
1da177e4
LT		 1325static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1326{
1327 struct rfcomm_dlc *d;
1328 u8 channel;
1329
1330 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1331
1332 if (!dlci) {
1333 rfcomm_send_ua(s, 0);
1334
1335 if (s->state == BT_OPEN) {
1336 s->state = BT_CONNECTED;
1337 rfcomm_process_connect(s);
1338 }
1339 return 0;
1340 }
1341
1342 /* Check if DLC exists */
1343 d = rfcomm_dlc_get(s, dlci);
1344 if (d) {
1345 if (d->state == BT_OPEN) {
1346 /* DLC was previously opened by PN request */
bb23c0ab 1347 rfcomm_check_accept(d);
1da177e4
LT		 1348 }
1349 return 0;
1350 }
1351
1352 /* Notify socket layer about incoming connection */
1353 channel = __srv_channel(dlci);
1354 if (rfcomm_connect_ind(s, channel, &d)) {
1355 d->dlci = dlci;
1356 d->addr = __addr(s->initiator, dlci);
1357 rfcomm_dlc_link(s, d);
1358
bb23c0ab 1359 rfcomm_check_accept(d);
1da177e4
LT		 1360 } else {
1361 rfcomm_send_dm(s, dlci);
1362 }
1363
1364 return 0;
1365}
1366
1367static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1368{
1369 struct rfcomm_session *s = d->session;
1370
8e87d142 1371 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1372 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1373
7c2660b0
MH		 1374 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1375 pn->flow_ctrl == 0xe0) {
1376 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1377 d->tx_credits = pn->credits;
1378 } else {
7c2660b0 1379 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1380 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1381 }
1382
7c2660b0
MH		 1383 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1384 s->cfc = d->cfc;
1385
1da177e4
LT		 1386 d->priority = pn->priority;
1387
b4324b5d 1388 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1389
1390 if (cr && d->mtu > s->mtu)
1391 d->mtu = s->mtu;
1da177e4
LT		 1392
1393 return 0;
1394}
1395
1396static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1397{
1398 struct rfcomm_pn *pn = (void *) skb->data;
1399 struct rfcomm_dlc *d;
1400 u8 dlci = pn->dlci;
1401
1402 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1403
1404 if (!dlci)
1405 return 0;
1406
1407 d = rfcomm_dlc_get(s, dlci);
1408 if (d) {
1409 if (cr) {
1410 /* PN request */
1411 rfcomm_apply_pn(d, cr, pn);
1412 rfcomm_send_pn(s, 0, d);
1413 } else {
1414 /* PN response */
1415 switch (d->state) {
1416 case BT_CONFIG:
1417 rfcomm_apply_pn(d, cr, pn);
1418
1419 d->state = BT_CONNECT;
1420 rfcomm_send_sabm(s, d->dlci);
1421 break;
1422 }
1423 }
1424 } else {
1425 u8 channel = __srv_channel(dlci);
1426
1427 if (!cr)
1428 return 0;
1429
1430 /* PN request for non existing DLC.
1431 * Assume incoming connection. */
1432 if (rfcomm_connect_ind(s, channel, &d)) {
1433 d->dlci = dlci;
1434 d->addr = __addr(s->initiator, dlci);
1435 rfcomm_dlc_link(s, d);
1436
1437 rfcomm_apply_pn(d, cr, pn);
1438
1439 d->state = BT_OPEN;
1440 rfcomm_send_pn(s, 0, d);
1441 } else {
1442 rfcomm_send_dm(s, dlci);
1443 }
1444 }
1445 return 0;
1446}
1447
1448static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1449{
1450 struct rfcomm_rpn *rpn = (void *) skb->data;
1451 u8 dlci = __get_dlci(rpn->dlci);
1452
1453 u8 bit_rate = 0;
1454 u8 data_bits = 0;
1455 u8 stop_bits = 0;
1456 u8 parity = 0;
1457 u8 flow_ctrl = 0;
1458 u8 xon_char = 0;
1459 u8 xoff_char = 0;
1460 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1461
1462 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1463 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1464 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1465
1466 if (!cr)
1da177e4 1467 return 0;
3a5e903c 1468
1da177e4 1469 if (len == 1) {
08601469
YK		 1470 /* This is a request, return default (according to ETSI TS 07.10) settings */
1471 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1472 data_bits = RFCOMM_RPN_DATA_8;
1473 stop_bits = RFCOMM_RPN_STOP_1;
1474 parity = RFCOMM_RPN_PARITY_NONE;
1475 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1476 xon_char = RFCOMM_RPN_XON_CHAR;
1477 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1478 goto rpn_out;
1479 }
3a5e903c
S		 1480
1481 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1482 * no parity, no flow control lines, normal XON/XOFF chars */
1483
e8db8c99 1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4 1485 bit_rate = rpn->bit_rate;
08601469 1486 if (bit_rate > RFCOMM_RPN_BR_230400) {
1da177e4 1487 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
08601469 1488 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1489 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1490 }
1491 }
3a5e903c 1492
e8db8c99 1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1494 data_bits = __get_rpn_data_bits(rpn->line_settings);
1495 if (data_bits != RFCOMM_RPN_DATA_8) {
1496 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1497 data_bits = RFCOMM_RPN_DATA_8;
1498 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1499 }
1500 }
3a5e903c 1501
e8db8c99 1502 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1503 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1504 if (stop_bits != RFCOMM_RPN_STOP_1) {
1505 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1506 stop_bits = RFCOMM_RPN_STOP_1;
1507 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1508 }
1509 }
3a5e903c 1510
e8db8c99 1511 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1512 parity = __get_rpn_parity(rpn->line_settings);
1513 if (parity != RFCOMM_RPN_PARITY_NONE) {
1514 BT_DBG("RPN parity mismatch 0x%x", parity);
1515 parity = RFCOMM_RPN_PARITY_NONE;
1516 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1517 }
1518 }
3a5e903c 1519
e8db8c99 1520 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1521 flow_ctrl = rpn->flow_ctrl;
1522 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1523 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1524 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1525 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1526 }
1527 }
3a5e903c 1528
e8db8c99 1529 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1530 xon_char = rpn->xon_char;
1531 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1532 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1533 xon_char = RFCOMM_RPN_XON_CHAR;
1534 rpn_mask ^= RFCOMM_RPN_PM_XON;
1535 }
1536 }
3a5e903c 1537
e8db8c99 1538 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1539 xoff_char = rpn->xoff_char;
1540 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1541 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1542 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1543 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1544 }
1545 }
1546
1547rpn_out:
3a5e903c
S		 1548 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1549 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1550
1551 return 0;
1552}
1553
1554static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1555{
1556 struct rfcomm_rls *rls = (void *) skb->data;
1557 u8 dlci = __get_dlci(rls->dlci);
1558
1559 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1560
1da177e4
LT		 1561 if (!cr)
1562 return 0;
1563
3a5e903c
S		 1564 /* We should probably do something with this information here. But
1565 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1566 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1567
1568 rfcomm_send_rls(s, 0, dlci, rls->status);
1569
1570 return 0;
1571}
1572
1573static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1574{
1575 struct rfcomm_msc *msc = (void *) skb->data;
1576 struct rfcomm_dlc *d;
1577 u8 dlci = __get_dlci(msc->dlci);
1578
1579 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1580
1581 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1582 if (!d)
1da177e4
LT		 1583 return 0;
1584
1585 if (cr) {
1586 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1587 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1588 else
1589 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1590
1da177e4 1591 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1592
1593 d->remote_v24_sig = msc->v24_sig;
1594
1da177e4
LT		 1595 if (d->modem_status)
1596 d->modem_status(d, msc->v24_sig);
8b6b3da7 1597
1da177e4 1598 rfcomm_dlc_unlock(d);
8e87d142 1599
1da177e4
LT		 1600 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1601
1602 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1603 } else
1da177e4
LT		 1604 d->mscex |= RFCOMM_MSCEX_TX;
1605
1606 return 0;
1607}
1608
1609static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1610{
1611 struct rfcomm_mcc *mcc = (void *) skb->data;
1612 u8 type, cr, len;
1613
1614 cr = __test_cr(mcc->type);
1615 type = __get_mcc_type(mcc->type);
1616 len = __get_mcc_len(mcc->len);
1617
1618 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1619
1620 skb_pull(skb, 2);
1621
1622 switch (type) {
1623 case RFCOMM_PN:
1624 rfcomm_recv_pn(s, cr, skb);
1625 break;
1626
1627 case RFCOMM_RPN:
1628 rfcomm_recv_rpn(s, cr, len, skb);
1629 break;
1630
1631 case RFCOMM_RLS:
1632 rfcomm_recv_rls(s, cr, skb);
1633 break;
1634
1635 case RFCOMM_MSC:
1636 rfcomm_recv_msc(s, cr, skb);
1637 break;
1638
1639 case RFCOMM_FCOFF:
1640 if (cr) {
1641 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1642 rfcomm_send_fcoff(s, 0);
1643 }
1644 break;
1645
1646 case RFCOMM_FCON:
1647 if (cr) {
1648 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1649 rfcomm_send_fcon(s, 0);
1650 }
1651 break;
1652
1653 case RFCOMM_TEST:
1654 if (cr)
1655 rfcomm_send_test(s, 0, skb->data, skb->len);
1656 break;
1657
1658 case RFCOMM_NSC:
1659 break;
1660
1661 default:
1662 BT_ERR("Unknown control type 0x%02x", type);
1663 rfcomm_send_nsc(s, cr, type);
1664 break;
1665 }
1666 return 0;
1667}
1668
1669static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1670{
1671 struct rfcomm_dlc *d;
1672
1673 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1674
1675 d = rfcomm_dlc_get(s, dlci);
1676 if (!d) {
1677 rfcomm_send_dm(s, dlci);
1678 goto drop;
1679 }
1680
1681 if (pf && d->cfc) {
1682 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1683
1684 d->tx_credits += credits;
1685 if (d->tx_credits)
1686 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1687 }
1688
1689 if (skb->len && d->state == BT_CONNECTED) {
1690 rfcomm_dlc_lock(d);
1691 d->rx_credits--;
1692 d->data_ready(d, skb);
1693 rfcomm_dlc_unlock(d);
1694 return 0;
1695 }
1696
1697drop:
1698 kfree_skb(skb);
1699 return 0;
1700}
1701
8ff52f7d
DJ		 1702static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1703 struct sk_buff *skb)
1da177e4
LT		 1704{
1705 struct rfcomm_hdr *hdr = (void *) skb->data;
1706 u8 type, dlci, fcs;
1707
8ff52f7d
DJ		 1708 if (!s) {
1709 /* no session, so free socket data */
1710 kfree_skb(skb);
1711 return s;
1712 }
1713
1da177e4
LT		 1714 dlci = __get_dlci(hdr->addr);
1715 type = __get_type(hdr->ctrl);
1716
1717 /* Trim FCS */
1718 skb->len--; skb->tail--;
27a884dc 1719 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1720
1721 if (__check_fcs(skb->data, type, fcs)) {
1722 BT_ERR("bad checksum in packet");
1723 kfree_skb(skb);
8ff52f7d 1724 return s;
1da177e4
LT		 1725 }
1726
1727 if (__test_ea(hdr->len))
1728 skb_pull(skb, 3);
1729 else
1730 skb_pull(skb, 4);
1731
1732 switch (type) {
1733 case RFCOMM_SABM:
1734 if (__test_pf(hdr->ctrl))
1735 rfcomm_recv_sabm(s, dlci);
1736 break;
1737
1738 case RFCOMM_DISC:
1739 if (__test_pf(hdr->ctrl))
8ff52f7d 1740 s = rfcomm_recv_disc(s, dlci);
1da177e4
LT		 1741 break;
1742
1743 case RFCOMM_UA:
1744 if (__test_pf(hdr->ctrl))
8ff52f7d 1745 s = rfcomm_recv_ua(s, dlci);
1da177e4
LT		 1746 break;
1747
1748 case RFCOMM_DM:
8ff52f7d 1749 s = rfcomm_recv_dm(s, dlci);
1da177e4
LT		 1750 break;
1751
1752 case RFCOMM_UIH:
8ff52f7d
DJ		 1753 if (dlci) {
1754 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1755 return s;
1756 }
1da177e4
LT		 1757 rfcomm_recv_mcc(s, skb);
1758 break;
1759
1760 default:
5017d8dd 1761 BT_ERR("Unknown packet type 0x%02x", type);
1da177e4
LT		 1762 break;
1763 }
1764 kfree_skb(skb);
8ff52f7d 1765 return s;
1da177e4
LT		 1766}
1767
1768/* ---- Connection and data processing ---- */
1769
1770static void rfcomm_process_connect(struct rfcomm_session *s)
1771{
1772 struct rfcomm_dlc *d;
1773 struct list_head *p, *n;
1774
1775 BT_DBG("session %p state %ld", s, s->state);
1776
1777 list_for_each_safe(p, n, &s->dlcs) {
1778 d = list_entry(p, struct rfcomm_dlc, list);
1779 if (d->state == BT_CONFIG) {
1780 d->mtu = s->mtu;
9f2c8a03 1781 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1782 rfcomm_send_pn(s, 1, d);
1783 } else {
77db1980
MH		 1784 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1785 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1786 }
1da177e4
LT		 1787 }
1788 }
1789}
1790
1791/* Send data queued for the DLC.
1792 * Return number of frames left in the queue.
1793 */
6039aa73 1794static int rfcomm_process_tx(struct rfcomm_dlc *d)
1da177e4
LT		 1795{
1796 struct sk_buff *skb;
1797 int err;
1798
8e87d142 1799 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1800 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1801
1802 /* Send pending MSC */
1803 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1804 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1805
1806 if (d->cfc) {
8e87d142 1807 /* CFC enabled.
1da177e4
LT		 1808 * Give them some credits */
1809 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1810 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1811 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1812 d->rx_credits = d->cfc;
1813 }
1814 } else {
1815 /* CFC disabled.
1816 * Give ourselves some credits */
1817 d->tx_credits = 5;
1818 }
1819
1820 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1821 return skb_queue_len(&d->tx_queue);
1822
1823 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
5436538f 1824 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1da177e4
LT		 1825 if (err < 0) {
1826 skb_queue_head(&d->tx_queue, skb);
1827 break;
1828 }
1829 kfree_skb(skb);
1830 d->tx_credits--;
1831 }
1832
1833 if (d->cfc && !d->tx_credits) {
1834 /* We're out of TX credits.
1835 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1836 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1837 }
1838
1839 return skb_queue_len(&d->tx_queue);
1840}
1841
6039aa73 1842static void rfcomm_process_dlcs(struct rfcomm_session *s)
1da177e4
LT		 1843{
1844 struct rfcomm_dlc *d;
1845 struct list_head *p, *n;
1846
1847 BT_DBG("session %p state %ld", s, s->state);
1848
1849 list_for_each_safe(p, n, &s->dlcs) {
1850 d = list_entry(p, struct rfcomm_dlc, list);
1851
1852 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1853 __rfcomm_dlc_close(d, ETIMEDOUT);
1854 continue;
1855 }
1856
db54467a
SJ		 1857 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1858 __rfcomm_dlc_close(d, ECONNREFUSED);
1859 continue;
1860 }
1861
1da177e4
LT		 1862 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1863 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1864 if (d->out) {
1865 rfcomm_send_pn(s, 1, d);
1866 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1867 } else {
1868 if (d->defer_setup) {
1869 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1870 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1871
1872 rfcomm_dlc_lock(d);
1873 d->state = BT_CONNECT2;
1874 d->state_change(d, 0);
1875 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1876 } else
1877 rfcomm_dlc_accept(d);
1878 }
1da177e4
LT		 1879 continue;
1880 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1881 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1882 if (!d->out)
1883 rfcomm_send_dm(s, d->dlci);
1884 else
1885 d->state = BT_CLOSED;
1da177e4
LT		 1886 __rfcomm_dlc_close(d, ECONNREFUSED);
1887 continue;
1888 }
1889
6e1031a4
JG		 1890 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1891 continue;
1892
1da177e4
LT		 1893 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1894 continue;
1895
1896 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1897 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1898 rfcomm_process_tx(d);
1899 }
1900}
1901
8ff52f7d 1902static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1da177e4
LT		 1903{
1904 struct socket *sock = s->sock;
1905 struct sock *sk = sock->sk;
1906 struct sk_buff *skb;
1907
1908 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1909
1910 /* Get data directly from socket receive queue without copying it. */
1911 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1912 skb_orphan(skb);
32333edb 1913 if (!skb_linearize(skb)) {
8ff52f7d 1914 s = rfcomm_recv_frame(s, skb);
32333edb
VR		 1915 if (!s)
1916 break;
1917 } else {
44935720 1918 kfree_skb(skb);
32333edb 1919 }
1da177e4
LT		 1920 }
1921
08c30aca
DJ		 1922 if (s && (sk->sk_state == BT_CLOSED))
1923 s = rfcomm_session_close(s, sk->sk_err);
8ff52f7d
DJ		 1924
1925 return s;
1da177e4
LT		 1926}
1927
6039aa73 1928static void rfcomm_accept_connection(struct rfcomm_session *s)
1da177e4
LT		 1929{
1930 struct socket *sock = s->sock, *nsock;
1931 int err;
1932
1933 /* Fast check for a new connection.
1934 * Avoids unnesesary socket allocations. */
1935 if (list_empty(&bt_sk(sock->sk)->accept_q))
1936 return;
1937
1938 BT_DBG("session %p", s);
1939
48db9ca4
MH		 1940 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1941 if (err < 0)
1da177e4
LT		 1942 return;
1943
1da177e4
LT		 1944 /* Set our callbacks */
1945 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1946 nsock->sk->sk_state_change = rfcomm_l2state_change;
1947
1948 s = rfcomm_session_add(nsock, BT_OPEN);
1949 if (s) {
98bcd08b
MH		 1950 /* We should adjust MTU on incoming sessions.
1951 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6
GP		 1952 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1953 l2cap_pi(nsock->sk)->chan->imtu) - 5;
98bcd08b 1954
534c92fd 1955 rfcomm_schedule();
1da177e4
LT		 1956 } else
1957 sock_release(nsock);
1958}
1959
8ff52f7d 1960static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1da177e4
LT		 1961{
1962 struct sock *sk = s->sock->sk;
1963
1964 BT_DBG("%p state %ld", s, s->state);
1965
285b4e90 1966 switch (sk->sk_state) {
1da177e4
LT		 1967 case BT_CONNECTED:
1968 s->state = BT_CONNECT;
1969
1970 /* We can adjust MTU on outgoing sessions.
1971 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6 1972 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1da177e4
LT		 1973
1974 rfcomm_send_sabm(s, 0);
1975 break;
1976
1977 case BT_CLOSED:
8ff52f7d 1978 s = rfcomm_session_close(s, sk->sk_err);
1da177e4
LT		 1979 break;
1980 }
8ff52f7d 1981 return s;
1da177e4
LT		 1982}
1983
6039aa73 1984static void rfcomm_process_sessions(void)
1da177e4
LT		 1985{
1986 struct list_head *p, *n;
1987
1988 rfcomm_lock();
1989
1990 list_for_each_safe(p, n, &session_list) {
1991 struct rfcomm_session *s;
1992 s = list_entry(p, struct rfcomm_session, list);
1993
9e726b17
LAD		 1994 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1995 s->state = BT_DISCONN;
1996 rfcomm_send_disc(s, 0);
1997 continue;
1998 }
1999
4339c25a
PH		 2000 switch (s->state) {
2001 case BT_LISTEN:
1da177e4
LT		 2002 rfcomm_accept_connection(s);
2003 continue;
1da177e4 2004
1da177e4 2005 case BT_BOUND:
8ff52f7d 2006 s = rfcomm_check_connection(s);
1da177e4
LT		 2007 break;
2008
2009 default:
8ff52f7d 2010 s = rfcomm_process_rx(s);
1da177e4
LT		 2011 break;
2012 }
2013
8ff52f7d
DJ		 2014 if (s)
2015 rfcomm_process_dlcs(s);
1da177e4
LT		 2016 }
2017
2018 rfcomm_unlock();
2019}
2020
1da177e4
LT		 2021static int rfcomm_add_listener(bdaddr_t *ba)
2022{
2023 struct sockaddr_l2 addr;
2024 struct socket *sock;
2025 struct sock *sk;
2026 struct rfcomm_session *s;
2027 int err = 0;
2028
2029 /* Create socket */
2030 err = rfcomm_l2sock_create(&sock);
8e87d142 2031 if (err < 0) {
1da177e4
LT		 2032 BT_ERR("Create socket failed %d", err);
2033 return err;
2034 }
2035
2036 /* Bind socket */
2037 bacpy(&addr.l2_bdaddr, ba);
2038 addr.l2_family = AF_BLUETOOTH;
dcf4adbf 2039 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 2040 addr.l2_cid = 0;
c507f138 2041 addr.l2_bdaddr_type = BDADDR_BREDR;
48db9ca4 2042 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 2043 if (err < 0) {
2044 BT_ERR("Bind failed %d", err);
2045 goto failed;
2046 }
2047
2048 /* Set L2CAP options */
2049 sk = sock->sk;
2050 lock_sock(sk);
0c1bc5c6 2051 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1da177e4
LT		 2052 release_sock(sk);
2053
2054 /* Start listening on the socket */
48db9ca4 2055 err = kernel_listen(sock, 10);
1da177e4
LT		 2056 if (err) {
2057 BT_ERR("Listen failed %d", err);
2058 goto failed;
2059 }
2060
2061 /* Add listening session */
2062 s = rfcomm_session_add(sock, BT_LISTEN);
0227c7b5
WY		 2063 if (!s) {
2064 err = -ENOMEM;
1da177e4 2065 goto failed;
0227c7b5 2066 }
1da177e4 2067
1da177e4
LT		 2068 return 0;
2069failed:
2070 sock_release(sock);
2071 return err;
2072}
2073
2074static void rfcomm_kill_listener(void)
2075{
2076 struct rfcomm_session *s;
2077 struct list_head *p, *n;
2078
2079 BT_DBG("");
2080
2081 list_for_each_safe(p, n, &session_list) {
2082 s = list_entry(p, struct rfcomm_session, list);
2083 rfcomm_session_del(s);
2084 }
2085}
2086
2087static int rfcomm_run(void *unused)
2088{
eedf7e47 2089 DEFINE_WAIT_FUNC(wait, woken_wake_function);
a524eccc 2090 BT_DBG("");
1da177e4 2091
1da177e4 2092 set_user_nice(current, -10);
1da177e4 2093
1da177e4
LT		 2094 rfcomm_add_listener(BDADDR_ANY);
2095
eedf7e47
PZ		 2096 add_wait_queue(&rfcomm_wq, &wait);
2097 while (!kthread_should_stop()) {
a524eccc
MH		 2098
2099 /* Process stuff */
a524eccc 2100 rfcomm_process_sessions();
e5842cdb 2101
eedf7e47 2102 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
a524eccc 2103 }
eedf7e47 2104 remove_wait_queue(&rfcomm_wq, &wait);
1da177e4
LT		 2105
2106 rfcomm_kill_listener();
2107
1da177e4
LT		 2108 return 0;
2109}
2110
8c1b2355 2111static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 2112{
2113 struct rfcomm_session *s;
2114 struct rfcomm_dlc *d;
2115 struct list_head *p, *n;
2116
2117 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2118
2119 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2120 if (!s)
2121 return;
2122
1da177e4
LT		 2123 list_for_each_safe(p, n, &s->dlcs) {
2124 d = list_entry(p, struct rfcomm_dlc, list);
2125
8c84b830
MH		 2126 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2127 rfcomm_dlc_clear_timer(d);
2128 if (status || encrypt == 0x00) {
db54467a 2129 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2130 continue;
2131 }
2132 }
2133
2134 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2135 if (d->sec_level == BT_SECURITY_MEDIUM) {
2136 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2137 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2138 continue;
2c068e0b
MH		 2139 } else if (d->sec_level == BT_SECURITY_HIGH ||
2140 d->sec_level == BT_SECURITY_FIPS) {
db54467a 2141 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2142 continue;
2143 }
9719f8af
MH		 2144 }
2145
1da177e4
LT		 2146 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2147 continue;
2148
b3b1b061 2149 if (!status && hci_conn_check_secure(conn, d->sec_level))
1da177e4
LT		 2150 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2151 else
2152 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2153 }
2154
534c92fd 2155 rfcomm_schedule();
1da177e4
LT		 2156}
2157
2158static struct hci_cb rfcomm_cb = {
2159 .name = "RFCOMM",
8c1b2355 2160 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2161};
2162
aef7d97c 2163static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
1da177e4
LT		 2164{
2165 struct rfcomm_session *s;
1da177e4
LT		 2166
2167 rfcomm_lock();
2168
8035ded4 2169 list_for_each_entry(s, &session_list, list) {
24bc10ca 2170 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
8035ded4
LAD		 2171 struct rfcomm_dlc *d;
2172 list_for_each_entry(d, &s->dlcs, list) {
fcb73338 2173 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
24bc10ca 2174 &chan->src, &chan->dst,
fcb73338
AE		 2175 d->state, d->dlci, d->mtu,
2176 d->rx_credits, d->tx_credits);
1da177e4
LT		 2177 }
2178 }
1da177e4 2179
1da177e4 2180 rfcomm_unlock();
1da177e4 2181
aef7d97c
MH		 2182 return 0;
2183}
2184
2185static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2186{
2187 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
1da177e4
LT		 2188}
2189
aef7d97c
MH		 2190static const struct file_operations rfcomm_dlc_debugfs_fops = {
2191 .open = rfcomm_dlc_debugfs_open,
2192 .read = seq_read,
2193 .llseek = seq_lseek,
2194 .release = single_release,
2195};
2196
2197static struct dentry *rfcomm_dlc_debugfs;
1da177e4
LT		 2198
2199/* ---- Initialization ---- */
2200static int __init rfcomm_init(void)
2201{
52d18347 2202 int err;
af0d3b10 2203
1da177e4
LT		 2204 hci_register_cb(&rfcomm_cb);
2205
a524eccc
MH		 2206 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2207 if (IS_ERR(rfcomm_thread)) {
52d18347
MH		 2208 err = PTR_ERR(rfcomm_thread);
2209 goto unregister;
a524eccc 2210 }
1da177e4 2211
52d18347
MH		 2212 err = rfcomm_init_ttys();
2213 if (err < 0)
2214 goto stop;
1da177e4 2215
52d18347
MH		 2216 err = rfcomm_init_sockets();
2217 if (err < 0)
2218 goto cleanup;
1da177e4 2219
be9d1227
MH		 2220 BT_INFO("RFCOMM ver %s", VERSION);
2221
1120e4bf
MH		 2222 if (IS_ERR_OR_NULL(bt_debugfs))
2223 return 0;
2224
2225 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2226 bt_debugfs, NULL,
2227 &rfcomm_dlc_debugfs_fops);
2228
1da177e4 2229 return 0;
af0d3b10 2230
52d18347 2231cleanup:
af0d3b10 2232 rfcomm_cleanup_ttys();
52d18347
MH		 2233
2234stop:
af0d3b10 2235 kthread_stop(rfcomm_thread);
52d18347
MH		 2236
2237unregister:
af0d3b10
DY		 2238 hci_unregister_cb(&rfcomm_cb);
2239
52d18347 2240 return err;
1da177e4
LT		 2241}
2242
2243static void __exit rfcomm_exit(void)
2244{
aef7d97c 2245 debugfs_remove(rfcomm_dlc_debugfs);
be9d1227 2246
1da177e4
LT		 2247 hci_unregister_cb(&rfcomm_cb);
2248
a524eccc 2249 kthread_stop(rfcomm_thread);
1da177e4 2250
1da177e4 2251 rfcomm_cleanup_ttys();
1da177e4
LT		 2252
2253 rfcomm_cleanup_sockets();
1da177e4
LT		 2254}
2255
2256module_init(rfcomm_init);
2257module_exit(rfcomm_exit);
2258
7c2660b0
MH		 2259module_param(disable_cfc, bool, 0644);
2260MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2261
98bcd08b
MH		 2262module_param(channel_mtu, int, 0644);
2263MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2264
56f3a40a
MH		 2265module_param(l2cap_mtu, uint, 0644);
2266MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2267
eae38eed
MH		 2268module_param(l2cap_ertm, bool, 0644);
2269MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2270
63fbd24e 2271MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2272MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2273MODULE_VERSION(VERSION);
2274MODULE_LICENSE("GPL");
2275MODULE_ALIAS("bt-proto-3");
Ubuntu Focal Linux kernel mirror