]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/rfcomm/core.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'topic/cs5535audio' into to-push
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
be9d1227 35#include <linux/device.h>
1da177e4 36#include <linux/net.h>
4a3e2f71 37#include <linux/mutex.h>
a524eccc 38#include <linux/kthread.h>
4a3e2f71 39
1da177e4
LT		 40#include <net/sock.h>
41#include <asm/uaccess.h>
42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h>
48
1da177e4
LT		 49#ifndef CONFIG_BT_RFCOMM_DEBUG
50#undef BT_DBG
51#define BT_DBG(D...)
52#endif
53
a0c22f22 54#define VERSION "1.10"
56f3a40a 55
7c2660b0 56static int disable_cfc = 0;
98bcd08b 57static int channel_mtu = -1;
56f3a40a
MH		 58static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59
1da177e4
LT		 60static struct task_struct *rfcomm_thread;
61
4a3e2f71
AV		 62static DEFINE_MUTEX(rfcomm_mutex);
63#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 65
66static unsigned long rfcomm_event;
67
68static LIST_HEAD(session_list);
1da177e4
LT		 69
70static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
71static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
72static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
73static int rfcomm_queue_disc(struct rfcomm_dlc *d);
74static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
75static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
76static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
77static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
78static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
79static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80
81static void rfcomm_process_connect(struct rfcomm_session *s);
82
83static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
84static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
85static void rfcomm_session_del(struct rfcomm_session *s);
86
87/* ---- RFCOMM frame parsing macros ---- */
88#define __get_dlci(b) ((b & 0xfc) >> 2)
89#define __get_channel(b) ((b & 0xf8) >> 3)
90#define __get_dir(b) ((b & 0x04) >> 2)
91#define __get_type(b) ((b & 0xef))
92
93#define __test_ea(b) ((b & 0x01))
94#define __test_cr(b) ((b & 0x02))
95#define __test_pf(b) ((b & 0x10))
96
97#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
98#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
99#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
100#define __srv_channel(dlci) (dlci >> 1)
101#define __dir(dlci) (dlci & 0x01)
102
103#define __len8(len) (((len) << 1) | 1)
104#define __len16(len) ((len) << 1)
105
106/* MCC macros */
107#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
108#define __get_mcc_type(b) ((b & 0xfc) >> 2)
109#define __get_mcc_len(b) ((b & 0xfe) >> 1)
110
111/* RPN macros */
3a5e903c 112#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 113#define __get_rpn_data_bits(line) ((line) & 0x3)
114#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 115#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 116
117static inline void rfcomm_schedule(uint event)
118{
119 if (!rfcomm_thread)
120 return;
121 //set_bit(event, &rfcomm_event);
122 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123 wake_up_process(rfcomm_thread);
124}
125
126static inline void rfcomm_session_put(struct rfcomm_session *s)
127{
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
130}
131
132/* ---- RFCOMM FCS computation ---- */
133
408c1ce2 134/* reversed, 8-bit, poly=0x07 */
8e87d142 135static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175};
176
1da177e4
LT		 177/* CRC on 2 bytes */
178#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
179
8e87d142 180/* FCS on 2 bytes */
1da177e4
LT		 181static inline u8 __fcs(u8 *data)
182{
183 return (0xff - __crc(data));
184}
185
8e87d142 186/* FCS on 3 bytes */
1da177e4
LT		 187static inline u8 __fcs2(u8 *data)
188{
189 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
190}
191
192/* Check FCS */
193static inline int __check_fcs(u8 *data, int type, u8 fcs)
194{
195 u8 f = __crc(data);
196
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
199
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
201}
202
203/* ---- L2CAP callbacks ---- */
204static void rfcomm_l2state_change(struct sock *sk)
205{
206 BT_DBG("%p state %d", sk, sk->sk_state);
207 rfcomm_schedule(RFCOMM_SCHED_STATE);
208}
209
210static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211{
212 BT_DBG("%p bytes %d", sk, bytes);
213 rfcomm_schedule(RFCOMM_SCHED_RX);
214}
215
216static int rfcomm_l2sock_create(struct socket **sock)
217{
218 int err;
219
220 BT_DBG("");
221
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 if (!err) {
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
227 }
228 return err;
229}
230
77db1980
MH		 231static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
232{
233 struct sock *sk = d->session->sock->sk;
234
235 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
236 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
237 return 1;
238 } else if (d->link_mode & RFCOMM_LM_AUTH) {
239 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
240 return 1;
241 }
242
243 return 0;
244}
245
1da177e4
LT		 246/* ---- RFCOMM DLCs ---- */
247static void rfcomm_dlc_timeout(unsigned long arg)
248{
249 struct rfcomm_dlc *d = (void *) arg;
250
251 BT_DBG("dlc %p state %ld", d, d->state);
252
253 set_bit(RFCOMM_TIMED_OUT, &d->flags);
254 rfcomm_dlc_put(d);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
256}
257
258static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
259{
260 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
261
262 if (!mod_timer(&d->timer, jiffies + timeout))
263 rfcomm_dlc_hold(d);
264}
265
266static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
267{
268 BT_DBG("dlc %p state %ld", d, d->state);
269
270 if (timer_pending(&d->timer) && del_timer(&d->timer))
271 rfcomm_dlc_put(d);
272}
273
274static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
275{
276 BT_DBG("%p", d);
277
278 d->state = BT_OPEN;
279 d->flags = 0;
280 d->mscex = 0;
281 d->mtu = RFCOMM_DEFAULT_MTU;
282 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
283
284 d->cfc = RFCOMM_CFC_DISABLED;
285 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
286}
287
dd0fc66f 288struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 289{
25ea6db0
MH		 290 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
291
1da177e4
LT		 292 if (!d)
293 return NULL;
1da177e4 294
b24b8a24 295 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 296
297 skb_queue_head_init(&d->tx_queue);
298 spin_lock_init(&d->lock);
299 atomic_set(&d->refcnt, 1);
300
301 rfcomm_dlc_clear_state(d);
8e87d142 302
1da177e4 303 BT_DBG("%p", d);
25ea6db0 304
1da177e4
LT		 305 return d;
306}
307
308void rfcomm_dlc_free(struct rfcomm_dlc *d)
309{
310 BT_DBG("%p", d);
311
312 skb_queue_purge(&d->tx_queue);
313 kfree(d);
314}
315
316static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
317{
318 BT_DBG("dlc %p session %p", d, s);
319
320 rfcomm_session_hold(s);
321
322 rfcomm_dlc_hold(d);
323 list_add(&d->list, &s->dlcs);
324 d->session = s;
325}
326
327static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
328{
329 struct rfcomm_session *s = d->session;
330
331 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
332
333 list_del(&d->list);
334 d->session = NULL;
335 rfcomm_dlc_put(d);
336
337 rfcomm_session_put(s);
338}
339
340static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
341{
342 struct rfcomm_dlc *d;
343 struct list_head *p;
344
345 list_for_each(p, &s->dlcs) {
346 d = list_entry(p, struct rfcomm_dlc, list);
347 if (d->dlci == dlci)
348 return d;
349 }
350 return NULL;
351}
352
353static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
354{
355 struct rfcomm_session *s;
356 int err = 0;
357 u8 dlci;
358
8e87d142 359 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 360 d, d->state, batostr(src), batostr(dst), channel);
361
362 if (channel < 1 || channel > 30)
363 return -EINVAL;
364
365 if (d->state != BT_OPEN && d->state != BT_CLOSED)
366 return 0;
367
368 s = rfcomm_session_get(src, dst);
369 if (!s) {
370 s = rfcomm_session_create(src, dst, &err);
371 if (!s)
372 return err;
373 }
374
375 dlci = __dlci(!s->initiator, channel);
376
377 /* Check if DLCI already exists */
378 if (rfcomm_dlc_get(s, dlci))
379 return -EBUSY;
380
381 rfcomm_dlc_clear_state(d);
382
383 d->dlci = dlci;
384 d->addr = __addr(s->initiator, dlci);
385 d->priority = 7;
386
77db1980 387 d->state = BT_CONFIG;
1da177e4
LT		 388 rfcomm_dlc_link(s, d);
389
77db1980
MH		 390 d->out = 1;
391
1da177e4
LT		 392 d->mtu = s->mtu;
393 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
394
77db1980
MH		 395 if (s->state == BT_CONNECTED) {
396 if (rfcomm_check_link_mode(d))
397 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
398 else
399 rfcomm_send_pn(s, 1, d);
400 }
401
1da177e4 402 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 403
1da177e4
LT		 404 return 0;
405}
406
407int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
408{
409 int r;
410
411 rfcomm_lock();
412
413 r = __rfcomm_dlc_open(d, src, dst, channel);
414
415 rfcomm_unlock();
416 return r;
417}
418
419static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
420{
421 struct rfcomm_session *s = d->session;
422 if (!s)
423 return 0;
424
425 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
426 d, d->state, d->dlci, err, s);
427
428 switch (d->state) {
429 case BT_CONNECTED:
430 case BT_CONFIG:
431 case BT_CONNECT:
432 d->state = BT_DISCONN;
433 if (skb_queue_empty(&d->tx_queue)) {
434 rfcomm_send_disc(s, d->dlci);
435 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
436 } else {
437 rfcomm_queue_disc(d);
438 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
439 }
440 break;
441
442 default:
443 rfcomm_dlc_clear_timer(d);
444
445 rfcomm_dlc_lock(d);
446 d->state = BT_CLOSED;
1905f6c7 447 d->state_change(d, err);
4c8411f8 448 rfcomm_dlc_unlock(d);
1da177e4
LT		 449
450 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 451 rfcomm_dlc_unlink(d);
452 }
453
454 return 0;
455}
456
457int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
458{
459 int r;
460
461 rfcomm_lock();
462
463 r = __rfcomm_dlc_close(d, err);
464
465 rfcomm_unlock();
466 return r;
467}
468
469int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
470{
471 int len = skb->len;
472
473 if (d->state != BT_CONNECTED)
474 return -ENOTCONN;
475
476 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
477
478 if (len > d->mtu)
479 return -EINVAL;
480
481 rfcomm_make_uih(skb, d->addr);
482 skb_queue_tail(&d->tx_queue, skb);
483
484 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
485 rfcomm_schedule(RFCOMM_SCHED_TX);
486 return len;
487}
488
b5606c2d 489void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 490{
491 BT_DBG("dlc %p state %ld", d, d->state);
492
493 if (!d->cfc) {
494 d->v24_sig |= RFCOMM_V24_FC;
495 set_bit(RFCOMM_MSC_PENDING, &d->flags);
496 }
497 rfcomm_schedule(RFCOMM_SCHED_TX);
498}
499
b5606c2d 500void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 501{
502 BT_DBG("dlc %p state %ld", d, d->state);
503
504 if (!d->cfc) {
505 d->v24_sig &= ~RFCOMM_V24_FC;
506 set_bit(RFCOMM_MSC_PENDING, &d->flags);
507 }
508 rfcomm_schedule(RFCOMM_SCHED_TX);
509}
510
8e87d142 511/*
1da177e4
LT		 512 Set/get modem status functions use _local_ status i.e. what we report
513 to the other side.
514 Remote status is provided by dlc->modem_status() callback.
515 */
516int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
517{
8e87d142 518 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 519 d, d->state, v24_sig);
520
521 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
522 v24_sig |= RFCOMM_V24_FC;
523 else
524 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 525
1da177e4
LT		 526 d->v24_sig = v24_sig;
527
528 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
529 rfcomm_schedule(RFCOMM_SCHED_TX);
530
531 return 0;
532}
533
534int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
535{
8e87d142 536 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 537 d, d->state, d->v24_sig);
538
539 *v24_sig = d->v24_sig;
540 return 0;
541}
542
543/* ---- RFCOMM sessions ---- */
544static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
545{
25ea6db0
MH		 546 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
547
1da177e4
LT		 548 if (!s)
549 return NULL;
1da177e4
LT		 550
551 BT_DBG("session %p sock %p", s, sock);
552
553 INIT_LIST_HEAD(&s->dlcs);
554 s->state = state;
555 s->sock = sock;
556
557 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 558 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 559
560 /* Do not increment module usage count for listening sessions.
561 * Otherwise we won't be able to unload the module. */
562 if (state != BT_LISTEN)
563 if (!try_module_get(THIS_MODULE)) {
564 kfree(s);
565 return NULL;
566 }
567
568 list_add(&s->list, &session_list);
569
570 return s;
571}
572
573static void rfcomm_session_del(struct rfcomm_session *s)
574{
575 int state = s->state;
576
577 BT_DBG("session %p state %ld", s, s->state);
578
579 list_del(&s->list);
580
581 if (state == BT_CONNECTED)
582 rfcomm_send_disc(s, 0);
583
584 sock_release(s->sock);
585 kfree(s);
586
587 if (state != BT_LISTEN)
588 module_put(THIS_MODULE);
589}
590
591static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
592{
593 struct rfcomm_session *s;
594 struct list_head *p, *n;
595 struct bt_sock *sk;
596 list_for_each_safe(p, n, &session_list) {
597 s = list_entry(p, struct rfcomm_session, list);
8e87d142 598 sk = bt_sk(s->sock->sk);
1da177e4
LT		 599
600 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
601 !bacmp(&sk->dst, dst))
602 return s;
603 }
604 return NULL;
605}
606
607static void rfcomm_session_close(struct rfcomm_session *s, int err)
608{
609 struct rfcomm_dlc *d;
610 struct list_head *p, *n;
611
612 BT_DBG("session %p state %ld err %d", s, s->state, err);
613
614 rfcomm_session_hold(s);
615
616 s->state = BT_CLOSED;
617
618 /* Close all dlcs */
619 list_for_each_safe(p, n, &s->dlcs) {
620 d = list_entry(p, struct rfcomm_dlc, list);
621 d->state = BT_CLOSED;
622 __rfcomm_dlc_close(d, err);
623 }
624
625 rfcomm_session_put(s);
626}
627
628static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
629{
630 struct rfcomm_session *s = NULL;
631 struct sockaddr_l2 addr;
632 struct socket *sock;
633 struct sock *sk;
634
635 BT_DBG("%s %s", batostr(src), batostr(dst));
636
637 *err = rfcomm_l2sock_create(&sock);
638 if (*err < 0)
639 return NULL;
640
641 bacpy(&addr.l2_bdaddr, src);
642 addr.l2_family = AF_BLUETOOTH;
643 addr.l2_psm = 0;
48db9ca4 644 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 645 if (*err < 0)
646 goto failed;
647
648 /* Set L2CAP options */
649 sk = sock->sk;
650 lock_sock(sk);
56f3a40a 651 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 652 release_sock(sk);
653
654 s = rfcomm_session_add(sock, BT_BOUND);
655 if (!s) {
656 *err = -ENOMEM;
657 goto failed;
658 }
659
1da177e4
LT		 660 s->initiator = 1;
661
662 bacpy(&addr.l2_bdaddr, dst);
663 addr.l2_family = AF_BLUETOOTH;
664 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 665 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 666 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 667 return s;
668
669 rfcomm_session_del(s);
670 return NULL;
671
672failed:
673 sock_release(sock);
674 return NULL;
675}
676
677void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
678{
679 struct sock *sk = s->sock->sk;
680 if (src)
681 bacpy(src, &bt_sk(sk)->src);
682 if (dst)
683 bacpy(dst, &bt_sk(sk)->dst);
684}
685
686/* ---- RFCOMM frame sending ---- */
687static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
688{
689 struct socket *sock = s->sock;
690 struct kvec iv = { data, len };
691 struct msghdr msg;
692
693 BT_DBG("session %p len %d", s, len);
694
695 memset(&msg, 0, sizeof(msg));
696
697 return kernel_sendmsg(sock, &msg, &iv, 1, len);
698}
699
700static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
701{
702 struct rfcomm_cmd cmd;
703
704 BT_DBG("%p dlci %d", s, dlci);
705
706 cmd.addr = __addr(s->initiator, dlci);
707 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
708 cmd.len = __len8(0);
709 cmd.fcs = __fcs2((u8 *) &cmd);
710
711 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
712}
713
714static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
715{
716 struct rfcomm_cmd cmd;
717
718 BT_DBG("%p dlci %d", s, dlci);
719
720 cmd.addr = __addr(!s->initiator, dlci);
721 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
722 cmd.len = __len8(0);
723 cmd.fcs = __fcs2((u8 *) &cmd);
724
725 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
726}
727
728static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
729{
730 struct rfcomm_cmd cmd;
731
732 BT_DBG("%p dlci %d", s, dlci);
733
734 cmd.addr = __addr(s->initiator, dlci);
735 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
736 cmd.len = __len8(0);
737 cmd.fcs = __fcs2((u8 *) &cmd);
738
739 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
740}
741
742static int rfcomm_queue_disc(struct rfcomm_dlc *d)
743{
744 struct rfcomm_cmd *cmd;
745 struct sk_buff *skb;
746
747 BT_DBG("dlc %p dlci %d", d, d->dlci);
748
749 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
750 if (!skb)
751 return -ENOMEM;
752
753 cmd = (void *) __skb_put(skb, sizeof(*cmd));
754 cmd->addr = d->addr;
755 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
756 cmd->len = __len8(0);
757 cmd->fcs = __fcs2((u8 *) cmd);
758
759 skb_queue_tail(&d->tx_queue, skb);
760 rfcomm_schedule(RFCOMM_SCHED_TX);
761 return 0;
762}
763
764static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
765{
766 struct rfcomm_cmd cmd;
767
768 BT_DBG("%p dlci %d", s, dlci);
769
770 cmd.addr = __addr(!s->initiator, dlci);
771 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
772 cmd.len = __len8(0);
773 cmd.fcs = __fcs2((u8 *) &cmd);
774
775 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
776}
777
778static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
779{
780 struct rfcomm_hdr *hdr;
781 struct rfcomm_mcc *mcc;
782 u8 buf[16], *ptr = buf;
783
784 BT_DBG("%p cr %d type %d", s, cr, type);
785
786 hdr = (void *) ptr; ptr += sizeof(*hdr);
787 hdr->addr = __addr(s->initiator, 0);
788 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
789 hdr->len = __len8(sizeof(*mcc) + 1);
790
791 mcc = (void *) ptr; ptr += sizeof(*mcc);
792 mcc->type = __mcc_type(cr, RFCOMM_NSC);
793 mcc->len = __len8(1);
794
795 /* Type that we didn't like */
796 *ptr = __mcc_type(cr, type); ptr++;
797
798 *ptr = __fcs(buf); ptr++;
799
800 return rfcomm_send_frame(s, buf, ptr - buf);
801}
802
803static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
804{
805 struct rfcomm_hdr *hdr;
806 struct rfcomm_mcc *mcc;
807 struct rfcomm_pn *pn;
808 u8 buf[16], *ptr = buf;
809
810 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
811
812 hdr = (void *) ptr; ptr += sizeof(*hdr);
813 hdr->addr = __addr(s->initiator, 0);
814 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
815 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
816
817 mcc = (void *) ptr; ptr += sizeof(*mcc);
818 mcc->type = __mcc_type(cr, RFCOMM_PN);
819 mcc->len = __len8(sizeof(*pn));
820
821 pn = (void *) ptr; ptr += sizeof(*pn);
822 pn->dlci = d->dlci;
823 pn->priority = d->priority;
824 pn->ack_timer = 0;
825 pn->max_retrans = 0;
826
827 if (s->cfc) {
828 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
829 pn->credits = RFCOMM_DEFAULT_CREDITS;
830 } else {
831 pn->flow_ctrl = 0;
832 pn->credits = 0;
833 }
834
98bcd08b
MH		 835 if (cr && channel_mtu >= 0)
836 pn->mtu = htobs(channel_mtu);
837 else
838 pn->mtu = htobs(d->mtu);
1da177e4
LT		 839
840 *ptr = __fcs(buf); ptr++;
841
842 return rfcomm_send_frame(s, buf, ptr - buf);
843}
844
3a5e903c
S		 845int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
846 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 847 u8 parity, u8 flow_ctrl_settings,
3a5e903c 848 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 849{
850 struct rfcomm_hdr *hdr;
851 struct rfcomm_mcc *mcc;
852 struct rfcomm_rpn *rpn;
853 u8 buf[16], *ptr = buf;
854
855 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 856 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
857 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 858 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 859
860 hdr = (void *) ptr; ptr += sizeof(*hdr);
861 hdr->addr = __addr(s->initiator, 0);
862 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
863 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
864
865 mcc = (void *) ptr; ptr += sizeof(*mcc);
866 mcc->type = __mcc_type(cr, RFCOMM_RPN);
867 mcc->len = __len8(sizeof(*rpn));
868
869 rpn = (void *) ptr; ptr += sizeof(*rpn);
870 rpn->dlci = __addr(1, dlci);
871 rpn->bit_rate = bit_rate;
872 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
873 rpn->flow_ctrl = flow_ctrl_settings;
874 rpn->xon_char = xon_char;
875 rpn->xoff_char = xoff_char;
e8db8c99 876 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 877
878 *ptr = __fcs(buf); ptr++;
879
880 return rfcomm_send_frame(s, buf, ptr - buf);
881}
882
883static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
884{
885 struct rfcomm_hdr *hdr;
886 struct rfcomm_mcc *mcc;
887 struct rfcomm_rls *rls;
888 u8 buf[16], *ptr = buf;
889
890 BT_DBG("%p cr %d status 0x%x", s, cr, status);
891
892 hdr = (void *) ptr; ptr += sizeof(*hdr);
893 hdr->addr = __addr(s->initiator, 0);
894 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
895 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
896
897 mcc = (void *) ptr; ptr += sizeof(*mcc);
898 mcc->type = __mcc_type(cr, RFCOMM_RLS);
899 mcc->len = __len8(sizeof(*rls));
900
901 rls = (void *) ptr; ptr += sizeof(*rls);
902 rls->dlci = __addr(1, dlci);
903 rls->status = status;
904
905 *ptr = __fcs(buf); ptr++;
906
907 return rfcomm_send_frame(s, buf, ptr - buf);
908}
909
910static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
911{
912 struct rfcomm_hdr *hdr;
913 struct rfcomm_mcc *mcc;
914 struct rfcomm_msc *msc;
915 u8 buf[16], *ptr = buf;
916
917 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
918
919 hdr = (void *) ptr; ptr += sizeof(*hdr);
920 hdr->addr = __addr(s->initiator, 0);
921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
923
924 mcc = (void *) ptr; ptr += sizeof(*mcc);
925 mcc->type = __mcc_type(cr, RFCOMM_MSC);
926 mcc->len = __len8(sizeof(*msc));
927
928 msc = (void *) ptr; ptr += sizeof(*msc);
929 msc->dlci = __addr(1, dlci);
930 msc->v24_sig = v24_sig | 0x01;
931
932 *ptr = __fcs(buf); ptr++;
933
934 return rfcomm_send_frame(s, buf, ptr - buf);
935}
936
937static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
938{
939 struct rfcomm_hdr *hdr;
940 struct rfcomm_mcc *mcc;
941 u8 buf[16], *ptr = buf;
942
943 BT_DBG("%p cr %d", s, cr);
944
945 hdr = (void *) ptr; ptr += sizeof(*hdr);
946 hdr->addr = __addr(s->initiator, 0);
947 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
948 hdr->len = __len8(sizeof(*mcc));
949
950 mcc = (void *) ptr; ptr += sizeof(*mcc);
951 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
952 mcc->len = __len8(0);
953
954 *ptr = __fcs(buf); ptr++;
955
956 return rfcomm_send_frame(s, buf, ptr - buf);
957}
958
959static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
960{
961 struct rfcomm_hdr *hdr;
962 struct rfcomm_mcc *mcc;
963 u8 buf[16], *ptr = buf;
964
965 BT_DBG("%p cr %d", s, cr);
966
967 hdr = (void *) ptr; ptr += sizeof(*hdr);
968 hdr->addr = __addr(s->initiator, 0);
969 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
970 hdr->len = __len8(sizeof(*mcc));
971
972 mcc = (void *) ptr; ptr += sizeof(*mcc);
973 mcc->type = __mcc_type(cr, RFCOMM_FCON);
974 mcc->len = __len8(0);
975
976 *ptr = __fcs(buf); ptr++;
977
978 return rfcomm_send_frame(s, buf, ptr - buf);
979}
980
981static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
982{
983 struct socket *sock = s->sock;
984 struct kvec iv[3];
985 struct msghdr msg;
986 unsigned char hdr[5], crc[1];
987
988 if (len > 125)
989 return -EINVAL;
990
991 BT_DBG("%p cr %d", s, cr);
992
993 hdr[0] = __addr(s->initiator, 0);
994 hdr[1] = __ctrl(RFCOMM_UIH, 0);
995 hdr[2] = 0x01 | ((len + 2) << 1);
996 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
997 hdr[4] = 0x01 | (len << 1);
998
999 crc[0] = __fcs(hdr);
1000
1001 iv[0].iov_base = hdr;
1002 iv[0].iov_len = 5;
1003 iv[1].iov_base = pattern;
1004 iv[1].iov_len = len;
1005 iv[2].iov_base = crc;
1006 iv[2].iov_len = 1;
1007
1008 memset(&msg, 0, sizeof(msg));
1009
1010 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1011}
1012
1013static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1014{
1015 struct rfcomm_hdr *hdr;
1016 u8 buf[16], *ptr = buf;
1017
1018 BT_DBG("%p addr %d credits %d", s, addr, credits);
1019
1020 hdr = (void *) ptr; ptr += sizeof(*hdr);
1021 hdr->addr = addr;
1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1023 hdr->len = __len8(0);
1024
1025 *ptr = credits; ptr++;
1026
1027 *ptr = __fcs(buf); ptr++;
1028
1029 return rfcomm_send_frame(s, buf, ptr - buf);
1030}
1031
1032static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1033{
1034 struct rfcomm_hdr *hdr;
1035 int len = skb->len;
1036 u8 *crc;
1037
1038 if (len > 127) {
1039 hdr = (void *) skb_push(skb, 4);
6ba9c755 1040 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1041 } else {
1042 hdr = (void *) skb_push(skb, 3);
1043 hdr->len = __len8(len);
1044 }
1045 hdr->addr = addr;
1046 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1047
1048 crc = skb_put(skb, 1);
1049 *crc = __fcs((void *) hdr);
1050}
1051
1052/* ---- RFCOMM frame reception ---- */
1053static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1054{
1055 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1056
1057 if (dlci) {
1058 /* Data channel */
1059 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1060 if (!d) {
1061 rfcomm_send_dm(s, dlci);
1062 return 0;
1063 }
1064
1065 switch (d->state) {
1066 case BT_CONNECT:
1067 rfcomm_dlc_clear_timer(d);
1068
1069 rfcomm_dlc_lock(d);
1070 d->state = BT_CONNECTED;
1071 d->state_change(d, 0);
1072 rfcomm_dlc_unlock(d);
1073
1074 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1075 break;
1076
1077 case BT_DISCONN:
1078 d->state = BT_CLOSED;
1079 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1080
1081 if (list_empty(&s->dlcs)) {
1082 s->state = BT_DISCONN;
1083 rfcomm_send_disc(s, 0);
1084 }
1085
1da177e4
LT		 1086 break;
1087 }
1088 } else {
1089 /* Control channel */
1090 switch (s->state) {
1091 case BT_CONNECT:
1092 s->state = BT_CONNECTED;
1093 rfcomm_process_connect(s);
1094 break;
9cf5b0ea
MH		 1095
1096 case BT_DISCONN:
1097 rfcomm_session_put(s);
1098 break;
1da177e4
LT		 1099 }
1100 }
1101 return 0;
1102}
1103
1104static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1105{
1106 int err = 0;
1107
1108 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1109
1110 if (dlci) {
1111 /* Data DLC */
1112 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1113 if (d) {
1114 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1115 err = ECONNREFUSED;
1116 else
1117 err = ECONNRESET;
1118
1119 d->state = BT_CLOSED;
1120 __rfcomm_dlc_close(d, err);
1121 }
1122 } else {
1123 if (s->state == BT_CONNECT)
1124 err = ECONNREFUSED;
1125 else
1126 err = ECONNRESET;
1127
1128 s->state = BT_CLOSED;
1129 rfcomm_session_close(s, err);
1130 }
1131 return 0;
1132}
1133
1134static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1135{
1136 int err = 0;
1137
1138 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1139
1140 if (dlci) {
1141 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1142 if (d) {
1143 rfcomm_send_ua(s, dlci);
1144
1145 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1146 err = ECONNREFUSED;
1147 else
1148 err = ECONNRESET;
1149
1150 d->state = BT_CLOSED;
1151 __rfcomm_dlc_close(d, err);
8e87d142 1152 } else
1da177e4 1153 rfcomm_send_dm(s, dlci);
8e87d142 1154
1da177e4
LT		 1155 } else {
1156 rfcomm_send_ua(s, 0);
1157
1158 if (s->state == BT_CONNECT)
1159 err = ECONNREFUSED;
1160 else
1161 err = ECONNRESET;
1162
1163 s->state = BT_CLOSED;
1164 rfcomm_session_close(s, err);
1165 }
1166
1167 return 0;
1168}
1169
1da177e4
LT		 1170static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1171{
300b9397
MH		 1172 struct sock *sk = d->session->sock->sk;
1173
1da177e4
LT		 1174 BT_DBG("dlc %p", d);
1175
1176 rfcomm_send_ua(d->session, d->dlci);
1177
1178 rfcomm_dlc_lock(d);
1179 d->state = BT_CONNECTED;
1180 d->state_change(d, 0);
1181 rfcomm_dlc_unlock(d);
1182
300b9397
MH		 1183 if (d->link_mode & RFCOMM_LM_MASTER)
1184 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1185
1da177e4
LT		 1186 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1187}
1188
1189static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1190{
1191 struct rfcomm_dlc *d;
1192 u8 channel;
1193
1194 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1195
1196 if (!dlci) {
1197 rfcomm_send_ua(s, 0);
1198
1199 if (s->state == BT_OPEN) {
1200 s->state = BT_CONNECTED;
1201 rfcomm_process_connect(s);
1202 }
1203 return 0;
1204 }
1205
1206 /* Check if DLC exists */
1207 d = rfcomm_dlc_get(s, dlci);
1208 if (d) {
1209 if (d->state == BT_OPEN) {
1210 /* DLC was previously opened by PN request */
1211 if (rfcomm_check_link_mode(d)) {
1212 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
77db1980
MH		 1214 } else
1215 rfcomm_dlc_accept(d);
1da177e4
LT		 1216 }
1217 return 0;
1218 }
1219
1220 /* Notify socket layer about incoming connection */
1221 channel = __srv_channel(dlci);
1222 if (rfcomm_connect_ind(s, channel, &d)) {
1223 d->dlci = dlci;
1224 d->addr = __addr(s->initiator, dlci);
1225 rfcomm_dlc_link(s, d);
1226
1227 if (rfcomm_check_link_mode(d)) {
1228 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1229 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
77db1980
MH		 1230 } else
1231 rfcomm_dlc_accept(d);
1da177e4
LT		 1232 } else {
1233 rfcomm_send_dm(s, dlci);
1234 }
1235
1236 return 0;
1237}
1238
1239static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1240{
1241 struct rfcomm_session *s = d->session;
1242
8e87d142 1243 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1244 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1245
7c2660b0
MH		 1246 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1247 pn->flow_ctrl == 0xe0) {
1248 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1249 d->tx_credits = pn->credits;
1250 } else {
7c2660b0 1251 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1252 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1253 }
1254
7c2660b0
MH		 1255 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1256 s->cfc = d->cfc;
1257
1da177e4
LT		 1258 d->priority = pn->priority;
1259
98bcd08b
MH		 1260 d->mtu = btohs(pn->mtu);
1261
1262 if (cr && d->mtu > s->mtu)
1263 d->mtu = s->mtu;
1da177e4
LT		 1264
1265 return 0;
1266}
1267
1268static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1269{
1270 struct rfcomm_pn *pn = (void *) skb->data;
1271 struct rfcomm_dlc *d;
1272 u8 dlci = pn->dlci;
1273
1274 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1275
1276 if (!dlci)
1277 return 0;
1278
1279 d = rfcomm_dlc_get(s, dlci);
1280 if (d) {
1281 if (cr) {
1282 /* PN request */
1283 rfcomm_apply_pn(d, cr, pn);
1284 rfcomm_send_pn(s, 0, d);
1285 } else {
1286 /* PN response */
1287 switch (d->state) {
1288 case BT_CONFIG:
1289 rfcomm_apply_pn(d, cr, pn);
1290
1291 d->state = BT_CONNECT;
1292 rfcomm_send_sabm(s, d->dlci);
1293 break;
1294 }
1295 }
1296 } else {
1297 u8 channel = __srv_channel(dlci);
1298
1299 if (!cr)
1300 return 0;
1301
1302 /* PN request for non existing DLC.
1303 * Assume incoming connection. */
1304 if (rfcomm_connect_ind(s, channel, &d)) {
1305 d->dlci = dlci;
1306 d->addr = __addr(s->initiator, dlci);
1307 rfcomm_dlc_link(s, d);
1308
1309 rfcomm_apply_pn(d, cr, pn);
1310
1311 d->state = BT_OPEN;
1312 rfcomm_send_pn(s, 0, d);
1313 } else {
1314 rfcomm_send_dm(s, dlci);
1315 }
1316 }
1317 return 0;
1318}
1319
1320static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1321{
1322 struct rfcomm_rpn *rpn = (void *) skb->data;
1323 u8 dlci = __get_dlci(rpn->dlci);
1324
1325 u8 bit_rate = 0;
1326 u8 data_bits = 0;
1327 u8 stop_bits = 0;
1328 u8 parity = 0;
1329 u8 flow_ctrl = 0;
1330 u8 xon_char = 0;
1331 u8 xoff_char = 0;
1332 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1333
1334 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1335 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1336 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1337
1338 if (!cr)
1da177e4 1339 return 0;
3a5e903c 1340
1da177e4 1341 if (len == 1) {
3a5e903c 1342 /* This is a request, return default settings */
1da177e4
LT		 1343 bit_rate = RFCOMM_RPN_BR_115200;
1344 data_bits = RFCOMM_RPN_DATA_8;
1345 stop_bits = RFCOMM_RPN_STOP_1;
1346 parity = RFCOMM_RPN_PARITY_NONE;
1347 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1348 xon_char = RFCOMM_RPN_XON_CHAR;
1349 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1350 goto rpn_out;
1351 }
3a5e903c
S		 1352
1353 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1354 * no parity, no flow control lines, normal XON/XOFF chars */
1355
e8db8c99 1356 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4
LT		 1357 bit_rate = rpn->bit_rate;
1358 if (bit_rate != RFCOMM_RPN_BR_115200) {
1359 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1360 bit_rate = RFCOMM_RPN_BR_115200;
1361 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1362 }
1363 }
3a5e903c 1364
e8db8c99 1365 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1366 data_bits = __get_rpn_data_bits(rpn->line_settings);
1367 if (data_bits != RFCOMM_RPN_DATA_8) {
1368 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1369 data_bits = RFCOMM_RPN_DATA_8;
1370 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1371 }
1372 }
3a5e903c 1373
e8db8c99 1374 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1375 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1376 if (stop_bits != RFCOMM_RPN_STOP_1) {
1377 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1378 stop_bits = RFCOMM_RPN_STOP_1;
1379 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1380 }
1381 }
3a5e903c 1382
e8db8c99 1383 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1384 parity = __get_rpn_parity(rpn->line_settings);
1385 if (parity != RFCOMM_RPN_PARITY_NONE) {
1386 BT_DBG("RPN parity mismatch 0x%x", parity);
1387 parity = RFCOMM_RPN_PARITY_NONE;
1388 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1389 }
1390 }
3a5e903c 1391
e8db8c99 1392 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1393 flow_ctrl = rpn->flow_ctrl;
1394 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1395 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1396 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1397 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1398 }
1399 }
3a5e903c 1400
e8db8c99 1401 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1402 xon_char = rpn->xon_char;
1403 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1404 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1405 xon_char = RFCOMM_RPN_XON_CHAR;
1406 rpn_mask ^= RFCOMM_RPN_PM_XON;
1407 }
1408 }
3a5e903c 1409
e8db8c99 1410 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1411 xoff_char = rpn->xoff_char;
1412 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1413 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1414 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1415 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1416 }
1417 }
1418
1419rpn_out:
3a5e903c
S		 1420 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1421 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1422
1423 return 0;
1424}
1425
1426static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1427{
1428 struct rfcomm_rls *rls = (void *) skb->data;
1429 u8 dlci = __get_dlci(rls->dlci);
1430
1431 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1432
1da177e4
LT		 1433 if (!cr)
1434 return 0;
1435
3a5e903c
S		 1436 /* We should probably do something with this information here. But
1437 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1438 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1439
1440 rfcomm_send_rls(s, 0, dlci, rls->status);
1441
1442 return 0;
1443}
1444
1445static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1446{
1447 struct rfcomm_msc *msc = (void *) skb->data;
1448 struct rfcomm_dlc *d;
1449 u8 dlci = __get_dlci(msc->dlci);
1450
1451 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1452
1453 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1454 if (!d)
1da177e4
LT		 1455 return 0;
1456
1457 if (cr) {
1458 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1459 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1460 else
1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1462
1da177e4 1463 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1464
1465 d->remote_v24_sig = msc->v24_sig;
1466
1da177e4
LT		 1467 if (d->modem_status)
1468 d->modem_status(d, msc->v24_sig);
8b6b3da7 1469
1da177e4 1470 rfcomm_dlc_unlock(d);
8e87d142 1471
1da177e4
LT		 1472 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1473
1474 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1475 } else
1da177e4
LT		 1476 d->mscex |= RFCOMM_MSCEX_TX;
1477
1478 return 0;
1479}
1480
1481static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1482{
1483 struct rfcomm_mcc *mcc = (void *) skb->data;
1484 u8 type, cr, len;
1485
1486 cr = __test_cr(mcc->type);
1487 type = __get_mcc_type(mcc->type);
1488 len = __get_mcc_len(mcc->len);
1489
1490 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1491
1492 skb_pull(skb, 2);
1493
1494 switch (type) {
1495 case RFCOMM_PN:
1496 rfcomm_recv_pn(s, cr, skb);
1497 break;
1498
1499 case RFCOMM_RPN:
1500 rfcomm_recv_rpn(s, cr, len, skb);
1501 break;
1502
1503 case RFCOMM_RLS:
1504 rfcomm_recv_rls(s, cr, skb);
1505 break;
1506
1507 case RFCOMM_MSC:
1508 rfcomm_recv_msc(s, cr, skb);
1509 break;
1510
1511 case RFCOMM_FCOFF:
1512 if (cr) {
1513 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1514 rfcomm_send_fcoff(s, 0);
1515 }
1516 break;
1517
1518 case RFCOMM_FCON:
1519 if (cr) {
1520 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1521 rfcomm_send_fcon(s, 0);
1522 }
1523 break;
1524
1525 case RFCOMM_TEST:
1526 if (cr)
1527 rfcomm_send_test(s, 0, skb->data, skb->len);
1528 break;
1529
1530 case RFCOMM_NSC:
1531 break;
1532
1533 default:
1534 BT_ERR("Unknown control type 0x%02x", type);
1535 rfcomm_send_nsc(s, cr, type);
1536 break;
1537 }
1538 return 0;
1539}
1540
1541static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1542{
1543 struct rfcomm_dlc *d;
1544
1545 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1546
1547 d = rfcomm_dlc_get(s, dlci);
1548 if (!d) {
1549 rfcomm_send_dm(s, dlci);
1550 goto drop;
1551 }
1552
1553 if (pf && d->cfc) {
1554 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1555
1556 d->tx_credits += credits;
1557 if (d->tx_credits)
1558 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1559 }
1560
1561 if (skb->len && d->state == BT_CONNECTED) {
1562 rfcomm_dlc_lock(d);
1563 d->rx_credits--;
1564 d->data_ready(d, skb);
1565 rfcomm_dlc_unlock(d);
1566 return 0;
1567 }
1568
1569drop:
1570 kfree_skb(skb);
1571 return 0;
1572}
1573
1574static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1575{
1576 struct rfcomm_hdr *hdr = (void *) skb->data;
1577 u8 type, dlci, fcs;
1578
1579 dlci = __get_dlci(hdr->addr);
1580 type = __get_type(hdr->ctrl);
1581
1582 /* Trim FCS */
1583 skb->len--; skb->tail--;
27a884dc 1584 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1585
1586 if (__check_fcs(skb->data, type, fcs)) {
1587 BT_ERR("bad checksum in packet");
1588 kfree_skb(skb);
1589 return -EILSEQ;
1590 }
1591
1592 if (__test_ea(hdr->len))
1593 skb_pull(skb, 3);
1594 else
1595 skb_pull(skb, 4);
1596
1597 switch (type) {
1598 case RFCOMM_SABM:
1599 if (__test_pf(hdr->ctrl))
1600 rfcomm_recv_sabm(s, dlci);
1601 break;
1602
1603 case RFCOMM_DISC:
1604 if (__test_pf(hdr->ctrl))
1605 rfcomm_recv_disc(s, dlci);
1606 break;
1607
1608 case RFCOMM_UA:
1609 if (__test_pf(hdr->ctrl))
1610 rfcomm_recv_ua(s, dlci);
1611 break;
1612
1613 case RFCOMM_DM:
1614 rfcomm_recv_dm(s, dlci);
1615 break;
1616
1617 case RFCOMM_UIH:
1618 if (dlci)
1619 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1620
1621 rfcomm_recv_mcc(s, skb);
1622 break;
1623
1624 default:
1625 BT_ERR("Unknown packet type 0x%02x\n", type);
1626 break;
1627 }
1628 kfree_skb(skb);
1629 return 0;
1630}
1631
1632/* ---- Connection and data processing ---- */
1633
1634static void rfcomm_process_connect(struct rfcomm_session *s)
1635{
1636 struct rfcomm_dlc *d;
1637 struct list_head *p, *n;
1638
1639 BT_DBG("session %p state %ld", s, s->state);
1640
1641 list_for_each_safe(p, n, &s->dlcs) {
1642 d = list_entry(p, struct rfcomm_dlc, list);
1643 if (d->state == BT_CONFIG) {
1644 d->mtu = s->mtu;
77db1980
MH		 1645 if (rfcomm_check_link_mode(d)) {
1646 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1647 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1648 } else
1649 rfcomm_send_pn(s, 1, d);
1da177e4
LT		 1650 }
1651 }
1652}
1653
1654/* Send data queued for the DLC.
1655 * Return number of frames left in the queue.
1656 */
1657static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1658{
1659 struct sk_buff *skb;
1660 int err;
1661
8e87d142 1662 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1663 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1664
1665 /* Send pending MSC */
1666 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1667 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1668
1669 if (d->cfc) {
8e87d142 1670 /* CFC enabled.
1da177e4
LT		 1671 * Give them some credits */
1672 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1673 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1674 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1675 d->rx_credits = d->cfc;
1676 }
1677 } else {
1678 /* CFC disabled.
1679 * Give ourselves some credits */
1680 d->tx_credits = 5;
1681 }
1682
1683 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1684 return skb_queue_len(&d->tx_queue);
1685
1686 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1687 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1688 if (err < 0) {
1689 skb_queue_head(&d->tx_queue, skb);
1690 break;
1691 }
1692 kfree_skb(skb);
1693 d->tx_credits--;
1694 }
1695
1696 if (d->cfc && !d->tx_credits) {
1697 /* We're out of TX credits.
1698 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1699 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1700 }
1701
1702 return skb_queue_len(&d->tx_queue);
1703}
1704
1705static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1706{
1707 struct rfcomm_dlc *d;
1708 struct list_head *p, *n;
1709
1710 BT_DBG("session %p state %ld", s, s->state);
1711
1712 list_for_each_safe(p, n, &s->dlcs) {
1713 d = list_entry(p, struct rfcomm_dlc, list);
1714
1715 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1716 __rfcomm_dlc_close(d, ETIMEDOUT);
1717 continue;
1718 }
1719
1720 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1721 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1722 if (d->out) {
1723 rfcomm_send_pn(s, 1, d);
1724 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1725 } else
1726 rfcomm_dlc_accept(d);
1da177e4
LT		 1727 if (d->link_mode & RFCOMM_LM_SECURE) {
1728 struct sock *sk = s->sock->sk;
1729 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1730 }
1731 continue;
1732 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1733 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1734 if (!d->out)
1735 rfcomm_send_dm(s, d->dlci);
1736 else
1737 d->state = BT_CLOSED;
1da177e4
LT		 1738 __rfcomm_dlc_close(d, ECONNREFUSED);
1739 continue;
1740 }
1741
1742 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1743 continue;
1744
1745 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1746 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1747 rfcomm_process_tx(d);
1748 }
1749}
1750
1751static inline void rfcomm_process_rx(struct rfcomm_session *s)
1752{
1753 struct socket *sock = s->sock;
1754 struct sock *sk = sock->sk;
1755 struct sk_buff *skb;
1756
1757 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1758
1759 /* Get data directly from socket receive queue without copying it. */
1760 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1761 skb_orphan(skb);
1762 rfcomm_recv_frame(s, skb);
1763 }
1764
1765 if (sk->sk_state == BT_CLOSED) {
1766 if (!s->initiator)
1767 rfcomm_session_put(s);
1768
1769 rfcomm_session_close(s, sk->sk_err);
1770 }
1771}
1772
1773static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1774{
1775 struct socket *sock = s->sock, *nsock;
1776 int err;
1777
1778 /* Fast check for a new connection.
1779 * Avoids unnesesary socket allocations. */
1780 if (list_empty(&bt_sk(sock->sk)->accept_q))
1781 return;
1782
1783 BT_DBG("session %p", s);
1784
48db9ca4
MH		 1785 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1786 if (err < 0)
1da177e4
LT		 1787 return;
1788
1da177e4
LT		 1789 /* Set our callbacks */
1790 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1791 nsock->sk->sk_state_change = rfcomm_l2state_change;
1792
1793 s = rfcomm_session_add(nsock, BT_OPEN);
1794 if (s) {
1795 rfcomm_session_hold(s);
98bcd08b
MH		 1796
1797 /* We should adjust MTU on incoming sessions.
1798 * L2CAP MTU minus UIH header and FCS. */
1799 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1800
1da177e4
LT		 1801 rfcomm_schedule(RFCOMM_SCHED_RX);
1802 } else
1803 sock_release(nsock);
1804}
1805
1806static inline void rfcomm_check_connection(struct rfcomm_session *s)
1807{
1808 struct sock *sk = s->sock->sk;
1809
1810 BT_DBG("%p state %ld", s, s->state);
1811
1812 switch(sk->sk_state) {
1813 case BT_CONNECTED:
1814 s->state = BT_CONNECT;
1815
1816 /* We can adjust MTU on outgoing sessions.
1817 * L2CAP MTU minus UIH header and FCS. */
1818 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1819
1820 rfcomm_send_sabm(s, 0);
1821 break;
1822
1823 case BT_CLOSED:
1824 s->state = BT_CLOSED;
1825 rfcomm_session_close(s, sk->sk_err);
1826 break;
1827 }
1828}
1829
1830static inline void rfcomm_process_sessions(void)
1831{
1832 struct list_head *p, *n;
1833
1834 rfcomm_lock();
1835
1836 list_for_each_safe(p, n, &session_list) {
1837 struct rfcomm_session *s;
1838 s = list_entry(p, struct rfcomm_session, list);
1839
1840 if (s->state == BT_LISTEN) {
1841 rfcomm_accept_connection(s);
1842 continue;
1843 }
1844
1845 rfcomm_session_hold(s);
1846
1847 switch (s->state) {
1848 case BT_BOUND:
1849 rfcomm_check_connection(s);
1850 break;
1851
1852 default:
1853 rfcomm_process_rx(s);
1854 break;
1855 }
1856
1857 rfcomm_process_dlcs(s);
1858
1859 rfcomm_session_put(s);
1860 }
1861
1862 rfcomm_unlock();
1863}
1864
1da177e4
LT		 1865static int rfcomm_add_listener(bdaddr_t *ba)
1866{
1867 struct sockaddr_l2 addr;
1868 struct socket *sock;
1869 struct sock *sk;
1870 struct rfcomm_session *s;
1871 int err = 0;
1872
1873 /* Create socket */
1874 err = rfcomm_l2sock_create(&sock);
8e87d142 1875 if (err < 0) {
1da177e4
LT		 1876 BT_ERR("Create socket failed %d", err);
1877 return err;
1878 }
1879
1880 /* Bind socket */
1881 bacpy(&addr.l2_bdaddr, ba);
1882 addr.l2_family = AF_BLUETOOTH;
1883 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 1884 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1885 if (err < 0) {
1886 BT_ERR("Bind failed %d", err);
1887 goto failed;
1888 }
1889
1890 /* Set L2CAP options */
1891 sk = sock->sk;
1892 lock_sock(sk);
56f3a40a 1893 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1894 release_sock(sk);
1895
1896 /* Start listening on the socket */
48db9ca4 1897 err = kernel_listen(sock, 10);
1da177e4
LT		 1898 if (err) {
1899 BT_ERR("Listen failed %d", err);
1900 goto failed;
1901 }
1902
1903 /* Add listening session */
1904 s = rfcomm_session_add(sock, BT_LISTEN);
1905 if (!s)
1906 goto failed;
1907
1908 rfcomm_session_hold(s);
1909 return 0;
1910failed:
1911 sock_release(sock);
1912 return err;
1913}
1914
1915static void rfcomm_kill_listener(void)
1916{
1917 struct rfcomm_session *s;
1918 struct list_head *p, *n;
1919
1920 BT_DBG("");
1921
1922 list_for_each_safe(p, n, &session_list) {
1923 s = list_entry(p, struct rfcomm_session, list);
1924 rfcomm_session_del(s);
1925 }
1926}
1927
1928static int rfcomm_run(void *unused)
1929{
a524eccc 1930 BT_DBG("");
1da177e4 1931
1da177e4 1932 set_user_nice(current, -10);
1da177e4 1933
1da177e4
LT		 1934 rfcomm_add_listener(BDADDR_ANY);
1935
a524eccc
MH		 1936 while (!kthread_should_stop()) {
1937 set_current_state(TASK_INTERRUPTIBLE);
1938 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1939 /* No pending events. Let's sleep.
1940 * Incoming connections and data will wake us up. */
1941 schedule();
1942 }
1943 set_current_state(TASK_RUNNING);
1944
1945 /* Process stuff */
1946 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1947 rfcomm_process_sessions();
1948 }
1da177e4
LT		 1949
1950 rfcomm_kill_listener();
1951
1da177e4
LT		 1952 return 0;
1953}
1954
1955static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1956{
1957 struct rfcomm_session *s;
1958 struct rfcomm_dlc *d;
1959 struct list_head *p, *n;
1960
1961 BT_DBG("conn %p status 0x%02x", conn, status);
1962
1963 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1964 if (!s)
1965 return;
1966
1967 rfcomm_session_hold(s);
1968
1969 list_for_each_safe(p, n, &s->dlcs) {
1970 d = list_entry(p, struct rfcomm_dlc, list);
1971
40be492f
MH		 1972 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1973 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1da177e4
LT		 1974 continue;
1975
1976 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1977 continue;
1978
1979 if (!status)
1980 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1981 else
1982 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1983 }
1984
1985 rfcomm_session_put(s);
1986
1987 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1988}
1989
1990static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1991{
1992 struct rfcomm_session *s;
1993 struct rfcomm_dlc *d;
1994 struct list_head *p, *n;
1995
1996 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1997
1998 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1999 if (!s)
2000 return;
2001
2002 rfcomm_session_hold(s);
2003
2004 list_for_each_safe(p, n, &s->dlcs) {
2005 d = list_entry(p, struct rfcomm_dlc, list);
2006
9719f8af
MH		 2007 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2008 (d->state == BT_CONNECTED ||
2009 d->state == BT_CONFIG) &&
2010 !status && encrypt == 0x00) {
2011 __rfcomm_dlc_close(d, ECONNREFUSED);
2012 continue;
2013 }
2014
1da177e4
LT		 2015 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2016 continue;
2017
2018 if (!status && encrypt)
2019 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2020 else
2021 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2022 }
2023
2024 rfcomm_session_put(s);
2025
2026 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2027}
2028
2029static struct hci_cb rfcomm_cb = {
2030 .name = "RFCOMM",
2031 .auth_cfm = rfcomm_auth_cfm,
2032 .encrypt_cfm = rfcomm_encrypt_cfm
2033};
2034
be9d1227 2035static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2036{
2037 struct rfcomm_session *s;
2038 struct list_head *pp, *p;
be9d1227 2039 char *str = buf;
1da177e4
LT		 2040
2041 rfcomm_lock();
2042
2043 list_for_each(p, &session_list) {
2044 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2045 list_for_each(pp, &s->dlcs) {
2046 struct sock *sk = s->sock->sk;
2047 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2048
be9d1227
MH		 2049 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2050 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2051 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2052 }
2053 }
1da177e4 2054
1da177e4 2055 rfcomm_unlock();
1da177e4 2056
be9d1227 2057 return (str - buf);
1da177e4
LT		 2058}
2059
be9d1227 2060static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2061
2062/* ---- Initialization ---- */
2063static int __init rfcomm_init(void)
2064{
2065 l2cap_load();
2066
2067 hci_register_cb(&rfcomm_cb);
2068
a524eccc
MH		 2069 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2070 if (IS_ERR(rfcomm_thread)) {
2071 hci_unregister_cb(&rfcomm_cb);
2072 return PTR_ERR(rfcomm_thread);
2073 }
1da177e4 2074
df5c37ea
MH		 2075 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2076 BT_ERR("Failed to create RFCOMM info file");
1da177e4
LT		 2077
2078 rfcomm_init_sockets();
2079
2080#ifdef CONFIG_BT_RFCOMM_TTY
2081 rfcomm_init_ttys();
2082#endif
2083
be9d1227
MH		 2084 BT_INFO("RFCOMM ver %s", VERSION);
2085
1da177e4
LT		 2086 return 0;
2087}
2088
2089static void __exit rfcomm_exit(void)
2090{
a91f2e39 2091 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2092
1da177e4
LT		 2093 hci_unregister_cb(&rfcomm_cb);
2094
a524eccc 2095 kthread_stop(rfcomm_thread);
1da177e4
LT		 2096
2097#ifdef CONFIG_BT_RFCOMM_TTY
2098 rfcomm_cleanup_ttys();
2099#endif
2100
2101 rfcomm_cleanup_sockets();
1da177e4
LT		 2102}
2103
2104module_init(rfcomm_init);
2105module_exit(rfcomm_exit);
2106
7c2660b0
MH		 2107module_param(disable_cfc, bool, 0644);
2108MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2109
98bcd08b
MH		 2110module_param(channel_mtu, int, 0644);
2111MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2112
56f3a40a
MH		 2113module_param(l2cap_mtu, uint, 0644);
2114MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2115
63fbd24e 2116MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2117MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2118MODULE_VERSION(VERSION);
2119MODULE_LICENSE("GPL");
2120MODULE_ALIAS("bt-proto-3");
Ubuntu Jammy Linux kernel mirror