]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/bluetooth/rfcomm/core.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[Bluetooth] Check that device is in rfcomm_dev_list before deleting
[mirror_ubuntu-bionic-kernel.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
1da177e4
LT		 30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/signal.h>
35#include <linux/init.h>
36#include <linux/wait.h>
be9d1227 37#include <linux/device.h>
1da177e4 38#include <linux/net.h>
4a3e2f71
AV		 39#include <linux/mutex.h>
40
1da177e4
LT		 41#include <net/sock.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47#include <net/bluetooth/l2cap.h>
48#include <net/bluetooth/rfcomm.h>
49
1da177e4
LT		 50#ifndef CONFIG_BT_RFCOMM_DEBUG
51#undef BT_DBG
52#define BT_DBG(D...)
53#endif
54
7c2660b0 55#define VERSION "1.8"
56f3a40a 56
7c2660b0 57static int disable_cfc = 0;
98bcd08b 58static int channel_mtu = -1;
56f3a40a
MH		 59static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
60
1da177e4
LT		 61static struct task_struct *rfcomm_thread;
62
4a3e2f71
AV		 63static DEFINE_MUTEX(rfcomm_mutex);
64#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
65#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 66
67static unsigned long rfcomm_event;
68
69static LIST_HEAD(session_list);
70static atomic_t terminate, running;
71
72static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
82
83static void rfcomm_process_connect(struct rfcomm_session *s);
84
85static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87static void rfcomm_session_del(struct rfcomm_session *s);
88
89/* ---- RFCOMM frame parsing macros ---- */
90#define __get_dlci(b) ((b & 0xfc) >> 2)
91#define __get_channel(b) ((b & 0xf8) >> 3)
92#define __get_dir(b) ((b & 0x04) >> 2)
93#define __get_type(b) ((b & 0xef))
94
95#define __test_ea(b) ((b & 0x01))
96#define __test_cr(b) ((b & 0x02))
97#define __test_pf(b) ((b & 0x10))
98
99#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102#define __srv_channel(dlci) (dlci >> 1)
103#define __dir(dlci) (dlci & 0x01)
104
105#define __len8(len) (((len) << 1) | 1)
106#define __len16(len) ((len) << 1)
107
108/* MCC macros */
109#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110#define __get_mcc_type(b) ((b & 0xfc) >> 2)
111#define __get_mcc_len(b) ((b & 0xfe) >> 1)
112
113/* RPN macros */
3a5e903c 114#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 115#define __get_rpn_data_bits(line) ((line) & 0x3)
116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 117#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 118
119static inline void rfcomm_schedule(uint event)
120{
121 if (!rfcomm_thread)
122 return;
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
126}
127
128static inline void rfcomm_session_put(struct rfcomm_session *s)
129{
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
132}
133
134/* ---- RFCOMM FCS computation ---- */
135
408c1ce2 136/* reversed, 8-bit, poly=0x07 */
8e87d142 137static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
142
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
147
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
152
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
157
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
162
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
167
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
172
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177};
178
1da177e4
LT		 179/* CRC on 2 bytes */
180#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
181
8e87d142 182/* FCS on 2 bytes */
1da177e4
LT		 183static inline u8 __fcs(u8 *data)
184{
185 return (0xff - __crc(data));
186}
187
8e87d142 188/* FCS on 3 bytes */
1da177e4
LT		 189static inline u8 __fcs2(u8 *data)
190{
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192}
193
194/* Check FCS */
195static inline int __check_fcs(u8 *data, int type, u8 fcs)
196{
197 u8 f = __crc(data);
198
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
201
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
203}
204
205/* ---- L2CAP callbacks ---- */
206static void rfcomm_l2state_change(struct sock *sk)
207{
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
210}
211
212static void rfcomm_l2data_ready(struct sock *sk, int bytes)
213{
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
216}
217
218static int rfcomm_l2sock_create(struct socket **sock)
219{
220 int err;
221
222 BT_DBG("");
223
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
225 if (!err) {
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
229 }
230 return err;
231}
232
233/* ---- RFCOMM DLCs ---- */
234static void rfcomm_dlc_timeout(unsigned long arg)
235{
236 struct rfcomm_dlc *d = (void *) arg;
237
238 BT_DBG("dlc %p state %ld", d, d->state);
239
240 set_bit(RFCOMM_TIMED_OUT, &d->flags);
241 rfcomm_dlc_put(d);
242 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
243}
244
245static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
246{
247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
248
249 if (!mod_timer(&d->timer, jiffies + timeout))
250 rfcomm_dlc_hold(d);
251}
252
253static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
254{
255 BT_DBG("dlc %p state %ld", d, d->state);
256
257 if (timer_pending(&d->timer) && del_timer(&d->timer))
258 rfcomm_dlc_put(d);
259}
260
261static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
262{
263 BT_DBG("%p", d);
264
265 d->state = BT_OPEN;
266 d->flags = 0;
267 d->mscex = 0;
268 d->mtu = RFCOMM_DEFAULT_MTU;
269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
270
271 d->cfc = RFCOMM_CFC_DISABLED;
272 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
273}
274
dd0fc66f 275struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 276{
25ea6db0
MH		 277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
278
1da177e4
LT		 279 if (!d)
280 return NULL;
1da177e4
LT		 281
282 init_timer(&d->timer);
283 d->timer.function = rfcomm_dlc_timeout;
284 d->timer.data = (unsigned long) d;
285
286 skb_queue_head_init(&d->tx_queue);
287 spin_lock_init(&d->lock);
288 atomic_set(&d->refcnt, 1);
289
290 rfcomm_dlc_clear_state(d);
8e87d142 291
1da177e4 292 BT_DBG("%p", d);
25ea6db0 293
1da177e4
LT		 294 return d;
295}
296
297void rfcomm_dlc_free(struct rfcomm_dlc *d)
298{
299 BT_DBG("%p", d);
300
301 skb_queue_purge(&d->tx_queue);
302 kfree(d);
303}
304
305static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
306{
307 BT_DBG("dlc %p session %p", d, s);
308
309 rfcomm_session_hold(s);
310
311 rfcomm_dlc_hold(d);
312 list_add(&d->list, &s->dlcs);
313 d->session = s;
314}
315
316static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
317{
318 struct rfcomm_session *s = d->session;
319
320 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
321
322 list_del(&d->list);
323 d->session = NULL;
324 rfcomm_dlc_put(d);
325
326 rfcomm_session_put(s);
327}
328
329static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
330{
331 struct rfcomm_dlc *d;
332 struct list_head *p;
333
334 list_for_each(p, &s->dlcs) {
335 d = list_entry(p, struct rfcomm_dlc, list);
336 if (d->dlci == dlci)
337 return d;
338 }
339 return NULL;
340}
341
342static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
343{
344 struct rfcomm_session *s;
345 int err = 0;
346 u8 dlci;
347
8e87d142 348 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 349 d, d->state, batostr(src), batostr(dst), channel);
350
351 if (channel < 1 || channel > 30)
352 return -EINVAL;
353
354 if (d->state != BT_OPEN && d->state != BT_CLOSED)
355 return 0;
356
357 s = rfcomm_session_get(src, dst);
358 if (!s) {
359 s = rfcomm_session_create(src, dst, &err);
360 if (!s)
361 return err;
362 }
363
364 dlci = __dlci(!s->initiator, channel);
365
366 /* Check if DLCI already exists */
367 if (rfcomm_dlc_get(s, dlci))
368 return -EBUSY;
369
370 rfcomm_dlc_clear_state(d);
371
372 d->dlci = dlci;
373 d->addr = __addr(s->initiator, dlci);
374 d->priority = 7;
375
376 d->state = BT_CONFIG;
377 rfcomm_dlc_link(s, d);
378
379 d->mtu = s->mtu;
380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
381
382 if (s->state == BT_CONNECTED)
383 rfcomm_send_pn(s, 1, d);
384 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
385 return 0;
386}
387
388int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
389{
390 int r;
391
392 rfcomm_lock();
393
394 r = __rfcomm_dlc_open(d, src, dst, channel);
395
396 rfcomm_unlock();
397 return r;
398}
399
400static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401{
402 struct rfcomm_session *s = d->session;
403 if (!s)
404 return 0;
405
406 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
407 d, d->state, d->dlci, err, s);
408
409 switch (d->state) {
410 case BT_CONNECTED:
411 case BT_CONFIG:
412 case BT_CONNECT:
413 d->state = BT_DISCONN;
414 if (skb_queue_empty(&d->tx_queue)) {
415 rfcomm_send_disc(s, d->dlci);
416 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
417 } else {
418 rfcomm_queue_disc(d);
419 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
420 }
421 break;
422
423 default:
424 rfcomm_dlc_clear_timer(d);
425
426 rfcomm_dlc_lock(d);
427 d->state = BT_CLOSED;
428 d->state_change(d, err);
429 rfcomm_dlc_unlock(d);
430
431 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 432 rfcomm_dlc_unlink(d);
433 }
434
435 return 0;
436}
437
438int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
439{
440 int r;
441
442 rfcomm_lock();
443
444 r = __rfcomm_dlc_close(d, err);
445
446 rfcomm_unlock();
447 return r;
448}
449
450int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
451{
452 int len = skb->len;
453
454 if (d->state != BT_CONNECTED)
455 return -ENOTCONN;
456
457 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
458
459 if (len > d->mtu)
460 return -EINVAL;
461
462 rfcomm_make_uih(skb, d->addr);
463 skb_queue_tail(&d->tx_queue, skb);
464
465 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
466 rfcomm_schedule(RFCOMM_SCHED_TX);
467 return len;
468}
469
470void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
471{
472 BT_DBG("dlc %p state %ld", d, d->state);
473
474 if (!d->cfc) {
475 d->v24_sig |= RFCOMM_V24_FC;
476 set_bit(RFCOMM_MSC_PENDING, &d->flags);
477 }
478 rfcomm_schedule(RFCOMM_SCHED_TX);
479}
480
481void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
482{
483 BT_DBG("dlc %p state %ld", d, d->state);
484
485 if (!d->cfc) {
486 d->v24_sig &= ~RFCOMM_V24_FC;
487 set_bit(RFCOMM_MSC_PENDING, &d->flags);
488 }
489 rfcomm_schedule(RFCOMM_SCHED_TX);
490}
491
8e87d142 492/*
1da177e4
LT		 493 Set/get modem status functions use _local_ status i.e. what we report
494 to the other side.
495 Remote status is provided by dlc->modem_status() callback.
496 */
497int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
498{
8e87d142 499 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 500 d, d->state, v24_sig);
501
502 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
503 v24_sig |= RFCOMM_V24_FC;
504 else
505 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 506
1da177e4
LT		 507 d->v24_sig = v24_sig;
508
509 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
510 rfcomm_schedule(RFCOMM_SCHED_TX);
511
512 return 0;
513}
514
515int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
516{
8e87d142 517 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 518 d, d->state, d->v24_sig);
519
520 *v24_sig = d->v24_sig;
521 return 0;
522}
523
524/* ---- RFCOMM sessions ---- */
525static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
526{
25ea6db0
MH		 527 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
528
1da177e4
LT		 529 if (!s)
530 return NULL;
1da177e4
LT		 531
532 BT_DBG("session %p sock %p", s, sock);
533
534 INIT_LIST_HEAD(&s->dlcs);
535 s->state = state;
536 s->sock = sock;
537
538 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 539 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 540
541 /* Do not increment module usage count for listening sessions.
542 * Otherwise we won't be able to unload the module. */
543 if (state != BT_LISTEN)
544 if (!try_module_get(THIS_MODULE)) {
545 kfree(s);
546 return NULL;
547 }
548
549 list_add(&s->list, &session_list);
550
551 return s;
552}
553
554static void rfcomm_session_del(struct rfcomm_session *s)
555{
556 int state = s->state;
557
558 BT_DBG("session %p state %ld", s, s->state);
559
560 list_del(&s->list);
561
562 if (state == BT_CONNECTED)
563 rfcomm_send_disc(s, 0);
564
565 sock_release(s->sock);
566 kfree(s);
567
568 if (state != BT_LISTEN)
569 module_put(THIS_MODULE);
570}
571
572static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
573{
574 struct rfcomm_session *s;
575 struct list_head *p, *n;
576 struct bt_sock *sk;
577 list_for_each_safe(p, n, &session_list) {
578 s = list_entry(p, struct rfcomm_session, list);
8e87d142 579 sk = bt_sk(s->sock->sk);
1da177e4
LT		 580
581 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
582 !bacmp(&sk->dst, dst))
583 return s;
584 }
585 return NULL;
586}
587
588static void rfcomm_session_close(struct rfcomm_session *s, int err)
589{
590 struct rfcomm_dlc *d;
591 struct list_head *p, *n;
592
593 BT_DBG("session %p state %ld err %d", s, s->state, err);
594
595 rfcomm_session_hold(s);
596
597 s->state = BT_CLOSED;
598
599 /* Close all dlcs */
600 list_for_each_safe(p, n, &s->dlcs) {
601 d = list_entry(p, struct rfcomm_dlc, list);
602 d->state = BT_CLOSED;
603 __rfcomm_dlc_close(d, err);
604 }
605
606 rfcomm_session_put(s);
607}
608
609static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
610{
611 struct rfcomm_session *s = NULL;
612 struct sockaddr_l2 addr;
613 struct socket *sock;
614 struct sock *sk;
615
616 BT_DBG("%s %s", batostr(src), batostr(dst));
617
618 *err = rfcomm_l2sock_create(&sock);
619 if (*err < 0)
620 return NULL;
621
622 bacpy(&addr.l2_bdaddr, src);
623 addr.l2_family = AF_BLUETOOTH;
624 addr.l2_psm = 0;
48db9ca4 625 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 626 if (*err < 0)
627 goto failed;
628
629 /* Set L2CAP options */
630 sk = sock->sk;
631 lock_sock(sk);
56f3a40a 632 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 633 release_sock(sk);
634
635 s = rfcomm_session_add(sock, BT_BOUND);
636 if (!s) {
637 *err = -ENOMEM;
638 goto failed;
639 }
640
1da177e4
LT		 641 s->initiator = 1;
642
643 bacpy(&addr.l2_bdaddr, dst);
644 addr.l2_family = AF_BLUETOOTH;
645 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 646 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 647 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 648 return s;
649
650 rfcomm_session_del(s);
651 return NULL;
652
653failed:
654 sock_release(sock);
655 return NULL;
656}
657
658void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
659{
660 struct sock *sk = s->sock->sk;
661 if (src)
662 bacpy(src, &bt_sk(sk)->src);
663 if (dst)
664 bacpy(dst, &bt_sk(sk)->dst);
665}
666
667/* ---- RFCOMM frame sending ---- */
668static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
669{
670 struct socket *sock = s->sock;
671 struct kvec iv = { data, len };
672 struct msghdr msg;
673
674 BT_DBG("session %p len %d", s, len);
675
676 memset(&msg, 0, sizeof(msg));
677
678 return kernel_sendmsg(sock, &msg, &iv, 1, len);
679}
680
681static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
682{
683 struct rfcomm_cmd cmd;
684
685 BT_DBG("%p dlci %d", s, dlci);
686
687 cmd.addr = __addr(s->initiator, dlci);
688 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
689 cmd.len = __len8(0);
690 cmd.fcs = __fcs2((u8 *) &cmd);
691
692 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
693}
694
695static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
696{
697 struct rfcomm_cmd cmd;
698
699 BT_DBG("%p dlci %d", s, dlci);
700
701 cmd.addr = __addr(!s->initiator, dlci);
702 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
703 cmd.len = __len8(0);
704 cmd.fcs = __fcs2((u8 *) &cmd);
705
706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
707}
708
709static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
710{
711 struct rfcomm_cmd cmd;
712
713 BT_DBG("%p dlci %d", s, dlci);
714
715 cmd.addr = __addr(s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
717 cmd.len = __len8(0);
718 cmd.fcs = __fcs2((u8 *) &cmd);
719
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
721}
722
723static int rfcomm_queue_disc(struct rfcomm_dlc *d)
724{
725 struct rfcomm_cmd *cmd;
726 struct sk_buff *skb;
727
728 BT_DBG("dlc %p dlci %d", d, d->dlci);
729
730 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
731 if (!skb)
732 return -ENOMEM;
733
734 cmd = (void *) __skb_put(skb, sizeof(*cmd));
735 cmd->addr = d->addr;
736 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
737 cmd->len = __len8(0);
738 cmd->fcs = __fcs2((u8 *) cmd);
739
740 skb_queue_tail(&d->tx_queue, skb);
741 rfcomm_schedule(RFCOMM_SCHED_TX);
742 return 0;
743}
744
745static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
746{
747 struct rfcomm_cmd cmd;
748
749 BT_DBG("%p dlci %d", s, dlci);
750
751 cmd.addr = __addr(!s->initiator, dlci);
752 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
753 cmd.len = __len8(0);
754 cmd.fcs = __fcs2((u8 *) &cmd);
755
756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
757}
758
759static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
760{
761 struct rfcomm_hdr *hdr;
762 struct rfcomm_mcc *mcc;
763 u8 buf[16], *ptr = buf;
764
765 BT_DBG("%p cr %d type %d", s, cr, type);
766
767 hdr = (void *) ptr; ptr += sizeof(*hdr);
768 hdr->addr = __addr(s->initiator, 0);
769 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
770 hdr->len = __len8(sizeof(*mcc) + 1);
771
772 mcc = (void *) ptr; ptr += sizeof(*mcc);
773 mcc->type = __mcc_type(cr, RFCOMM_NSC);
774 mcc->len = __len8(1);
775
776 /* Type that we didn't like */
777 *ptr = __mcc_type(cr, type); ptr++;
778
779 *ptr = __fcs(buf); ptr++;
780
781 return rfcomm_send_frame(s, buf, ptr - buf);
782}
783
784static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
785{
786 struct rfcomm_hdr *hdr;
787 struct rfcomm_mcc *mcc;
788 struct rfcomm_pn *pn;
789 u8 buf[16], *ptr = buf;
790
791 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
792
793 hdr = (void *) ptr; ptr += sizeof(*hdr);
794 hdr->addr = __addr(s->initiator, 0);
795 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
796 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
797
798 mcc = (void *) ptr; ptr += sizeof(*mcc);
799 mcc->type = __mcc_type(cr, RFCOMM_PN);
800 mcc->len = __len8(sizeof(*pn));
801
802 pn = (void *) ptr; ptr += sizeof(*pn);
803 pn->dlci = d->dlci;
804 pn->priority = d->priority;
805 pn->ack_timer = 0;
806 pn->max_retrans = 0;
807
808 if (s->cfc) {
809 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
810 pn->credits = RFCOMM_DEFAULT_CREDITS;
811 } else {
812 pn->flow_ctrl = 0;
813 pn->credits = 0;
814 }
815
98bcd08b
MH		 816 if (cr && channel_mtu >= 0)
817 pn->mtu = htobs(channel_mtu);
818 else
819 pn->mtu = htobs(d->mtu);
1da177e4
LT		 820
821 *ptr = __fcs(buf); ptr++;
822
823 return rfcomm_send_frame(s, buf, ptr - buf);
824}
825
3a5e903c
S		 826int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
827 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 828 u8 parity, u8 flow_ctrl_settings,
3a5e903c 829 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 830{
831 struct rfcomm_hdr *hdr;
832 struct rfcomm_mcc *mcc;
833 struct rfcomm_rpn *rpn;
834 u8 buf[16], *ptr = buf;
835
836 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 839 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 840
841 hdr = (void *) ptr; ptr += sizeof(*hdr);
842 hdr->addr = __addr(s->initiator, 0);
843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
845
846 mcc = (void *) ptr; ptr += sizeof(*mcc);
847 mcc->type = __mcc_type(cr, RFCOMM_RPN);
848 mcc->len = __len8(sizeof(*rpn));
849
850 rpn = (void *) ptr; ptr += sizeof(*rpn);
851 rpn->dlci = __addr(1, dlci);
852 rpn->bit_rate = bit_rate;
853 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
854 rpn->flow_ctrl = flow_ctrl_settings;
855 rpn->xon_char = xon_char;
856 rpn->xoff_char = xoff_char;
e8db8c99 857 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 858
859 *ptr = __fcs(buf); ptr++;
860
861 return rfcomm_send_frame(s, buf, ptr - buf);
862}
863
864static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
865{
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_rls *rls;
869 u8 buf[16], *ptr = buf;
870
871 BT_DBG("%p cr %d status 0x%x", s, cr, status);
872
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
877
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_RLS);
880 mcc->len = __len8(sizeof(*rls));
881
882 rls = (void *) ptr; ptr += sizeof(*rls);
883 rls->dlci = __addr(1, dlci);
884 rls->status = status;
885
886 *ptr = __fcs(buf); ptr++;
887
888 return rfcomm_send_frame(s, buf, ptr - buf);
889}
890
891static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
892{
893 struct rfcomm_hdr *hdr;
894 struct rfcomm_mcc *mcc;
895 struct rfcomm_msc *msc;
896 u8 buf[16], *ptr = buf;
897
898 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
899
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
904
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(cr, RFCOMM_MSC);
907 mcc->len = __len8(sizeof(*msc));
908
909 msc = (void *) ptr; ptr += sizeof(*msc);
910 msc->dlci = __addr(1, dlci);
911 msc->v24_sig = v24_sig | 0x01;
912
913 *ptr = __fcs(buf); ptr++;
914
915 return rfcomm_send_frame(s, buf, ptr - buf);
916}
917
918static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
919{
920 struct rfcomm_hdr *hdr;
921 struct rfcomm_mcc *mcc;
922 u8 buf[16], *ptr = buf;
923
924 BT_DBG("%p cr %d", s, cr);
925
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc));
930
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
933 mcc->len = __len8(0);
934
935 *ptr = __fcs(buf); ptr++;
936
937 return rfcomm_send_frame(s, buf, ptr - buf);
938}
939
940static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
941{
942 struct rfcomm_hdr *hdr;
943 struct rfcomm_mcc *mcc;
944 u8 buf[16], *ptr = buf;
945
946 BT_DBG("%p cr %d", s, cr);
947
948 hdr = (void *) ptr; ptr += sizeof(*hdr);
949 hdr->addr = __addr(s->initiator, 0);
950 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
951 hdr->len = __len8(sizeof(*mcc));
952
953 mcc = (void *) ptr; ptr += sizeof(*mcc);
954 mcc->type = __mcc_type(cr, RFCOMM_FCON);
955 mcc->len = __len8(0);
956
957 *ptr = __fcs(buf); ptr++;
958
959 return rfcomm_send_frame(s, buf, ptr - buf);
960}
961
962static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
963{
964 struct socket *sock = s->sock;
965 struct kvec iv[3];
966 struct msghdr msg;
967 unsigned char hdr[5], crc[1];
968
969 if (len > 125)
970 return -EINVAL;
971
972 BT_DBG("%p cr %d", s, cr);
973
974 hdr[0] = __addr(s->initiator, 0);
975 hdr[1] = __ctrl(RFCOMM_UIH, 0);
976 hdr[2] = 0x01 | ((len + 2) << 1);
977 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
978 hdr[4] = 0x01 | (len << 1);
979
980 crc[0] = __fcs(hdr);
981
982 iv[0].iov_base = hdr;
983 iv[0].iov_len = 5;
984 iv[1].iov_base = pattern;
985 iv[1].iov_len = len;
986 iv[2].iov_base = crc;
987 iv[2].iov_len = 1;
988
989 memset(&msg, 0, sizeof(msg));
990
991 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
992}
993
994static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
995{
996 struct rfcomm_hdr *hdr;
997 u8 buf[16], *ptr = buf;
998
999 BT_DBG("%p addr %d credits %d", s, addr, credits);
1000
1001 hdr = (void *) ptr; ptr += sizeof(*hdr);
1002 hdr->addr = addr;
1003 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1004 hdr->len = __len8(0);
1005
1006 *ptr = credits; ptr++;
1007
1008 *ptr = __fcs(buf); ptr++;
1009
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1011}
1012
1013static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1014{
1015 struct rfcomm_hdr *hdr;
1016 int len = skb->len;
1017 u8 *crc;
1018
1019 if (len > 127) {
1020 hdr = (void *) skb_push(skb, 4);
6ba9c755 1021 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1022 } else {
1023 hdr = (void *) skb_push(skb, 3);
1024 hdr->len = __len8(len);
1025 }
1026 hdr->addr = addr;
1027 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1028
1029 crc = skb_put(skb, 1);
1030 *crc = __fcs((void *) hdr);
1031}
1032
1033/* ---- RFCOMM frame reception ---- */
1034static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1035{
1036 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1037
1038 if (dlci) {
1039 /* Data channel */
1040 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1041 if (!d) {
1042 rfcomm_send_dm(s, dlci);
1043 return 0;
1044 }
1045
1046 switch (d->state) {
1047 case BT_CONNECT:
1048 rfcomm_dlc_clear_timer(d);
1049
1050 rfcomm_dlc_lock(d);
1051 d->state = BT_CONNECTED;
1052 d->state_change(d, 0);
1053 rfcomm_dlc_unlock(d);
1054
1055 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1056 break;
1057
1058 case BT_DISCONN:
1059 d->state = BT_CLOSED;
1060 __rfcomm_dlc_close(d, 0);
1061 break;
1062 }
1063 } else {
1064 /* Control channel */
1065 switch (s->state) {
1066 case BT_CONNECT:
1067 s->state = BT_CONNECTED;
1068 rfcomm_process_connect(s);
1069 break;
1070 }
1071 }
1072 return 0;
1073}
1074
1075static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1076{
1077 int err = 0;
1078
1079 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1080
1081 if (dlci) {
1082 /* Data DLC */
1083 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1084 if (d) {
1085 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1086 err = ECONNREFUSED;
1087 else
1088 err = ECONNRESET;
1089
1090 d->state = BT_CLOSED;
1091 __rfcomm_dlc_close(d, err);
1092 }
1093 } else {
1094 if (s->state == BT_CONNECT)
1095 err = ECONNREFUSED;
1096 else
1097 err = ECONNRESET;
1098
1099 s->state = BT_CLOSED;
1100 rfcomm_session_close(s, err);
1101 }
1102 return 0;
1103}
1104
1105static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1106{
1107 int err = 0;
1108
1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1110
1111 if (dlci) {
1112 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1113 if (d) {
1114 rfcomm_send_ua(s, dlci);
1115
1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1117 err = ECONNREFUSED;
1118 else
1119 err = ECONNRESET;
1120
1121 d->state = BT_CLOSED;
1122 __rfcomm_dlc_close(d, err);
8e87d142 1123 } else
1da177e4 1124 rfcomm_send_dm(s, dlci);
8e87d142 1125
1da177e4
LT		 1126 } else {
1127 rfcomm_send_ua(s, 0);
1128
1129 if (s->state == BT_CONNECT)
1130 err = ECONNREFUSED;
1131 else
1132 err = ECONNRESET;
1133
1134 s->state = BT_CLOSED;
1135 rfcomm_session_close(s, err);
1136 }
1137
1138 return 0;
1139}
1140
1141static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1142{
1143 struct sock *sk = d->session->sock->sk;
1144
1145 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1146 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1147 return 1;
1148 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1149 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1150 return 1;
1151 }
1152
1153 return 0;
1154}
1155
1156static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1157{
300b9397
MH		 1158 struct sock *sk = d->session->sock->sk;
1159
1da177e4
LT		 1160 BT_DBG("dlc %p", d);
1161
1162 rfcomm_send_ua(d->session, d->dlci);
1163
1164 rfcomm_dlc_lock(d);
1165 d->state = BT_CONNECTED;
1166 d->state_change(d, 0);
1167 rfcomm_dlc_unlock(d);
1168
300b9397
MH		 1169 if (d->link_mode & RFCOMM_LM_MASTER)
1170 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1171
1da177e4
LT		 1172 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1173}
1174
1175static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1176{
1177 struct rfcomm_dlc *d;
1178 u8 channel;
1179
1180 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1181
1182 if (!dlci) {
1183 rfcomm_send_ua(s, 0);
1184
1185 if (s->state == BT_OPEN) {
1186 s->state = BT_CONNECTED;
1187 rfcomm_process_connect(s);
1188 }
1189 return 0;
1190 }
1191
1192 /* Check if DLC exists */
1193 d = rfcomm_dlc_get(s, dlci);
1194 if (d) {
1195 if (d->state == BT_OPEN) {
1196 /* DLC was previously opened by PN request */
1197 if (rfcomm_check_link_mode(d)) {
1198 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1199 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1200 return 0;
1201 }
1202
1203 rfcomm_dlc_accept(d);
1204 }
1205 return 0;
1206 }
1207
1208 /* Notify socket layer about incoming connection */
1209 channel = __srv_channel(dlci);
1210 if (rfcomm_connect_ind(s, channel, &d)) {
1211 d->dlci = dlci;
1212 d->addr = __addr(s->initiator, dlci);
1213 rfcomm_dlc_link(s, d);
1214
1215 if (rfcomm_check_link_mode(d)) {
1216 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1217 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1218 return 0;
1219 }
1220
1221 rfcomm_dlc_accept(d);
1222 } else {
1223 rfcomm_send_dm(s, dlci);
1224 }
1225
1226 return 0;
1227}
1228
1229static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1230{
1231 struct rfcomm_session *s = d->session;
1232
8e87d142 1233 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1234 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1235
7c2660b0
MH		 1236 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1237 pn->flow_ctrl == 0xe0) {
1238 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1239 d->tx_credits = pn->credits;
1240 } else {
7c2660b0 1241 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1242 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1243 }
1244
7c2660b0
MH		 1245 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1246 s->cfc = d->cfc;
1247
1da177e4
LT		 1248 d->priority = pn->priority;
1249
98bcd08b
MH		 1250 d->mtu = btohs(pn->mtu);
1251
1252 if (cr && d->mtu > s->mtu)
1253 d->mtu = s->mtu;
1da177e4
LT		 1254
1255 return 0;
1256}
1257
1258static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1259{
1260 struct rfcomm_pn *pn = (void *) skb->data;
1261 struct rfcomm_dlc *d;
1262 u8 dlci = pn->dlci;
1263
1264 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1265
1266 if (!dlci)
1267 return 0;
1268
1269 d = rfcomm_dlc_get(s, dlci);
1270 if (d) {
1271 if (cr) {
1272 /* PN request */
1273 rfcomm_apply_pn(d, cr, pn);
1274 rfcomm_send_pn(s, 0, d);
1275 } else {
1276 /* PN response */
1277 switch (d->state) {
1278 case BT_CONFIG:
1279 rfcomm_apply_pn(d, cr, pn);
1280
1281 d->state = BT_CONNECT;
1282 rfcomm_send_sabm(s, d->dlci);
1283 break;
1284 }
1285 }
1286 } else {
1287 u8 channel = __srv_channel(dlci);
1288
1289 if (!cr)
1290 return 0;
1291
1292 /* PN request for non existing DLC.
1293 * Assume incoming connection. */
1294 if (rfcomm_connect_ind(s, channel, &d)) {
1295 d->dlci = dlci;
1296 d->addr = __addr(s->initiator, dlci);
1297 rfcomm_dlc_link(s, d);
1298
1299 rfcomm_apply_pn(d, cr, pn);
1300
1301 d->state = BT_OPEN;
1302 rfcomm_send_pn(s, 0, d);
1303 } else {
1304 rfcomm_send_dm(s, dlci);
1305 }
1306 }
1307 return 0;
1308}
1309
1310static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1311{
1312 struct rfcomm_rpn *rpn = (void *) skb->data;
1313 u8 dlci = __get_dlci(rpn->dlci);
1314
1315 u8 bit_rate = 0;
1316 u8 data_bits = 0;
1317 u8 stop_bits = 0;
1318 u8 parity = 0;
1319 u8 flow_ctrl = 0;
1320 u8 xon_char = 0;
1321 u8 xoff_char = 0;
1322 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1323
1324 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1325 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1326 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1327
1328 if (!cr)
1da177e4 1329 return 0;
3a5e903c 1330
1da177e4 1331 if (len == 1) {
3a5e903c 1332 /* This is a request, return default settings */
1da177e4
LT		 1333 bit_rate = RFCOMM_RPN_BR_115200;
1334 data_bits = RFCOMM_RPN_DATA_8;
1335 stop_bits = RFCOMM_RPN_STOP_1;
1336 parity = RFCOMM_RPN_PARITY_NONE;
1337 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1338 xon_char = RFCOMM_RPN_XON_CHAR;
1339 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1340 goto rpn_out;
1341 }
3a5e903c
S		 1342
1343 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1344 * no parity, no flow control lines, normal XON/XOFF chars */
1345
e8db8c99 1346 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4
LT		 1347 bit_rate = rpn->bit_rate;
1348 if (bit_rate != RFCOMM_RPN_BR_115200) {
1349 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1350 bit_rate = RFCOMM_RPN_BR_115200;
1351 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1352 }
1353 }
3a5e903c 1354
e8db8c99 1355 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1356 data_bits = __get_rpn_data_bits(rpn->line_settings);
1357 if (data_bits != RFCOMM_RPN_DATA_8) {
1358 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1359 data_bits = RFCOMM_RPN_DATA_8;
1360 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1361 }
1362 }
3a5e903c 1363
e8db8c99 1364 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1365 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1366 if (stop_bits != RFCOMM_RPN_STOP_1) {
1367 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1368 stop_bits = RFCOMM_RPN_STOP_1;
1369 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1370 }
1371 }
3a5e903c 1372
e8db8c99 1373 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1374 parity = __get_rpn_parity(rpn->line_settings);
1375 if (parity != RFCOMM_RPN_PARITY_NONE) {
1376 BT_DBG("RPN parity mismatch 0x%x", parity);
1377 parity = RFCOMM_RPN_PARITY_NONE;
1378 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1379 }
1380 }
3a5e903c 1381
e8db8c99 1382 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1383 flow_ctrl = rpn->flow_ctrl;
1384 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1385 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1386 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1387 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1388 }
1389 }
3a5e903c 1390
e8db8c99 1391 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1392 xon_char = rpn->xon_char;
1393 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1394 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1395 xon_char = RFCOMM_RPN_XON_CHAR;
1396 rpn_mask ^= RFCOMM_RPN_PM_XON;
1397 }
1398 }
3a5e903c 1399
e8db8c99 1400 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1401 xoff_char = rpn->xoff_char;
1402 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1403 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1404 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1405 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1406 }
1407 }
1408
1409rpn_out:
3a5e903c
S		 1410 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1411 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1412
1413 return 0;
1414}
1415
1416static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1417{
1418 struct rfcomm_rls *rls = (void *) skb->data;
1419 u8 dlci = __get_dlci(rls->dlci);
1420
1421 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1422
1da177e4
LT		 1423 if (!cr)
1424 return 0;
1425
3a5e903c
S		 1426 /* We should probably do something with this information here. But
1427 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1428 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1429
1430 rfcomm_send_rls(s, 0, dlci, rls->status);
1431
1432 return 0;
1433}
1434
1435static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1436{
1437 struct rfcomm_msc *msc = (void *) skb->data;
1438 struct rfcomm_dlc *d;
1439 u8 dlci = __get_dlci(msc->dlci);
1440
1441 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1442
1443 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1444 if (!d)
1da177e4
LT		 1445 return 0;
1446
1447 if (cr) {
1448 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1449 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1450 else
1451 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1452
1da177e4
LT		 1453 rfcomm_dlc_lock(d);
1454 if (d->modem_status)
1455 d->modem_status(d, msc->v24_sig);
1456 rfcomm_dlc_unlock(d);
8e87d142 1457
1da177e4
LT		 1458 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1459
1460 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1461 } else
1da177e4
LT		 1462 d->mscex |= RFCOMM_MSCEX_TX;
1463
1464 return 0;
1465}
1466
1467static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1468{
1469 struct rfcomm_mcc *mcc = (void *) skb->data;
1470 u8 type, cr, len;
1471
1472 cr = __test_cr(mcc->type);
1473 type = __get_mcc_type(mcc->type);
1474 len = __get_mcc_len(mcc->len);
1475
1476 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1477
1478 skb_pull(skb, 2);
1479
1480 switch (type) {
1481 case RFCOMM_PN:
1482 rfcomm_recv_pn(s, cr, skb);
1483 break;
1484
1485 case RFCOMM_RPN:
1486 rfcomm_recv_rpn(s, cr, len, skb);
1487 break;
1488
1489 case RFCOMM_RLS:
1490 rfcomm_recv_rls(s, cr, skb);
1491 break;
1492
1493 case RFCOMM_MSC:
1494 rfcomm_recv_msc(s, cr, skb);
1495 break;
1496
1497 case RFCOMM_FCOFF:
1498 if (cr) {
1499 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1500 rfcomm_send_fcoff(s, 0);
1501 }
1502 break;
1503
1504 case RFCOMM_FCON:
1505 if (cr) {
1506 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1507 rfcomm_send_fcon(s, 0);
1508 }
1509 break;
1510
1511 case RFCOMM_TEST:
1512 if (cr)
1513 rfcomm_send_test(s, 0, skb->data, skb->len);
1514 break;
1515
1516 case RFCOMM_NSC:
1517 break;
1518
1519 default:
1520 BT_ERR("Unknown control type 0x%02x", type);
1521 rfcomm_send_nsc(s, cr, type);
1522 break;
1523 }
1524 return 0;
1525}
1526
1527static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1528{
1529 struct rfcomm_dlc *d;
1530
1531 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1532
1533 d = rfcomm_dlc_get(s, dlci);
1534 if (!d) {
1535 rfcomm_send_dm(s, dlci);
1536 goto drop;
1537 }
1538
1539 if (pf && d->cfc) {
1540 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1541
1542 d->tx_credits += credits;
1543 if (d->tx_credits)
1544 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1545 }
1546
1547 if (skb->len && d->state == BT_CONNECTED) {
1548 rfcomm_dlc_lock(d);
1549 d->rx_credits--;
1550 d->data_ready(d, skb);
1551 rfcomm_dlc_unlock(d);
1552 return 0;
1553 }
1554
1555drop:
1556 kfree_skb(skb);
1557 return 0;
1558}
1559
1560static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1561{
1562 struct rfcomm_hdr *hdr = (void *) skb->data;
1563 u8 type, dlci, fcs;
1564
1565 dlci = __get_dlci(hdr->addr);
1566 type = __get_type(hdr->ctrl);
1567
1568 /* Trim FCS */
1569 skb->len--; skb->tail--;
27a884dc 1570 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1571
1572 if (__check_fcs(skb->data, type, fcs)) {
1573 BT_ERR("bad checksum in packet");
1574 kfree_skb(skb);
1575 return -EILSEQ;
1576 }
1577
1578 if (__test_ea(hdr->len))
1579 skb_pull(skb, 3);
1580 else
1581 skb_pull(skb, 4);
1582
1583 switch (type) {
1584 case RFCOMM_SABM:
1585 if (__test_pf(hdr->ctrl))
1586 rfcomm_recv_sabm(s, dlci);
1587 break;
1588
1589 case RFCOMM_DISC:
1590 if (__test_pf(hdr->ctrl))
1591 rfcomm_recv_disc(s, dlci);
1592 break;
1593
1594 case RFCOMM_UA:
1595 if (__test_pf(hdr->ctrl))
1596 rfcomm_recv_ua(s, dlci);
1597 break;
1598
1599 case RFCOMM_DM:
1600 rfcomm_recv_dm(s, dlci);
1601 break;
1602
1603 case RFCOMM_UIH:
1604 if (dlci)
1605 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1606
1607 rfcomm_recv_mcc(s, skb);
1608 break;
1609
1610 default:
1611 BT_ERR("Unknown packet type 0x%02x\n", type);
1612 break;
1613 }
1614 kfree_skb(skb);
1615 return 0;
1616}
1617
1618/* ---- Connection and data processing ---- */
1619
1620static void rfcomm_process_connect(struct rfcomm_session *s)
1621{
1622 struct rfcomm_dlc *d;
1623 struct list_head *p, *n;
1624
1625 BT_DBG("session %p state %ld", s, s->state);
1626
1627 list_for_each_safe(p, n, &s->dlcs) {
1628 d = list_entry(p, struct rfcomm_dlc, list);
1629 if (d->state == BT_CONFIG) {
1630 d->mtu = s->mtu;
1631 rfcomm_send_pn(s, 1, d);
1632 }
1633 }
1634}
1635
1636/* Send data queued for the DLC.
1637 * Return number of frames left in the queue.
1638 */
1639static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1640{
1641 struct sk_buff *skb;
1642 int err;
1643
8e87d142 1644 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1645 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1646
1647 /* Send pending MSC */
1648 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1649 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1650
1651 if (d->cfc) {
8e87d142 1652 /* CFC enabled.
1da177e4
LT		 1653 * Give them some credits */
1654 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1655 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1656 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1657 d->rx_credits = d->cfc;
1658 }
1659 } else {
1660 /* CFC disabled.
1661 * Give ourselves some credits */
1662 d->tx_credits = 5;
1663 }
1664
1665 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1666 return skb_queue_len(&d->tx_queue);
1667
1668 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1669 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1670 if (err < 0) {
1671 skb_queue_head(&d->tx_queue, skb);
1672 break;
1673 }
1674 kfree_skb(skb);
1675 d->tx_credits--;
1676 }
1677
1678 if (d->cfc && !d->tx_credits) {
1679 /* We're out of TX credits.
1680 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1681 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1682 }
1683
1684 return skb_queue_len(&d->tx_queue);
1685}
1686
1687static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1688{
1689 struct rfcomm_dlc *d;
1690 struct list_head *p, *n;
1691
1692 BT_DBG("session %p state %ld", s, s->state);
1693
1694 list_for_each_safe(p, n, &s->dlcs) {
1695 d = list_entry(p, struct rfcomm_dlc, list);
1696
1697 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1698 __rfcomm_dlc_close(d, ETIMEDOUT);
1699 continue;
1700 }
1701
1702 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1703 rfcomm_dlc_clear_timer(d);
1704 rfcomm_dlc_accept(d);
1705 if (d->link_mode & RFCOMM_LM_SECURE) {
1706 struct sock *sk = s->sock->sk;
1707 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1708 }
1709 continue;
1710 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1711 rfcomm_dlc_clear_timer(d);
1712 rfcomm_send_dm(s, d->dlci);
1713 __rfcomm_dlc_close(d, ECONNREFUSED);
1714 continue;
1715 }
1716
1717 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1718 continue;
1719
1720 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1721 d->mscex == RFCOMM_MSCEX_OK)
1722 rfcomm_process_tx(d);
1723 }
1724}
1725
1726static inline void rfcomm_process_rx(struct rfcomm_session *s)
1727{
1728 struct socket *sock = s->sock;
1729 struct sock *sk = sock->sk;
1730 struct sk_buff *skb;
1731
1732 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1733
1734 /* Get data directly from socket receive queue without copying it. */
1735 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1736 skb_orphan(skb);
1737 rfcomm_recv_frame(s, skb);
1738 }
1739
1740 if (sk->sk_state == BT_CLOSED) {
1741 if (!s->initiator)
1742 rfcomm_session_put(s);
1743
1744 rfcomm_session_close(s, sk->sk_err);
1745 }
1746}
1747
1748static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1749{
1750 struct socket *sock = s->sock, *nsock;
1751 int err;
1752
1753 /* Fast check for a new connection.
1754 * Avoids unnesesary socket allocations. */
1755 if (list_empty(&bt_sk(sock->sk)->accept_q))
1756 return;
1757
1758 BT_DBG("session %p", s);
1759
48db9ca4
MH		 1760 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1761 if (err < 0)
1da177e4
LT		 1762 return;
1763
1da177e4
LT		 1764 __module_get(nsock->ops->owner);
1765
1da177e4
LT		 1766 /* Set our callbacks */
1767 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1768 nsock->sk->sk_state_change = rfcomm_l2state_change;
1769
1770 s = rfcomm_session_add(nsock, BT_OPEN);
1771 if (s) {
1772 rfcomm_session_hold(s);
98bcd08b
MH		 1773
1774 /* We should adjust MTU on incoming sessions.
1775 * L2CAP MTU minus UIH header and FCS. */
1776 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1777
1da177e4
LT		 1778 rfcomm_schedule(RFCOMM_SCHED_RX);
1779 } else
1780 sock_release(nsock);
1781}
1782
1783static inline void rfcomm_check_connection(struct rfcomm_session *s)
1784{
1785 struct sock *sk = s->sock->sk;
1786
1787 BT_DBG("%p state %ld", s, s->state);
1788
1789 switch(sk->sk_state) {
1790 case BT_CONNECTED:
1791 s->state = BT_CONNECT;
1792
1793 /* We can adjust MTU on outgoing sessions.
1794 * L2CAP MTU minus UIH header and FCS. */
1795 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1796
1797 rfcomm_send_sabm(s, 0);
1798 break;
1799
1800 case BT_CLOSED:
1801 s->state = BT_CLOSED;
1802 rfcomm_session_close(s, sk->sk_err);
1803 break;
1804 }
1805}
1806
1807static inline void rfcomm_process_sessions(void)
1808{
1809 struct list_head *p, *n;
1810
1811 rfcomm_lock();
1812
1813 list_for_each_safe(p, n, &session_list) {
1814 struct rfcomm_session *s;
1815 s = list_entry(p, struct rfcomm_session, list);
1816
1817 if (s->state == BT_LISTEN) {
1818 rfcomm_accept_connection(s);
1819 continue;
1820 }
1821
1822 rfcomm_session_hold(s);
1823
1824 switch (s->state) {
1825 case BT_BOUND:
1826 rfcomm_check_connection(s);
1827 break;
1828
1829 default:
1830 rfcomm_process_rx(s);
1831 break;
1832 }
1833
1834 rfcomm_process_dlcs(s);
1835
1836 rfcomm_session_put(s);
1837 }
1838
1839 rfcomm_unlock();
1840}
1841
1842static void rfcomm_worker(void)
1843{
1844 BT_DBG("");
1845
1846 while (!atomic_read(&terminate)) {
74da9d88 1847 set_current_state(TASK_INTERRUPTIBLE);
1da177e4
LT		 1848 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1849 /* No pending events. Let's sleep.
1850 * Incoming connections and data will wake us up. */
1da177e4
LT		 1851 schedule();
1852 }
74da9d88 1853 set_current_state(TASK_RUNNING);
1da177e4
LT		 1854
1855 /* Process stuff */
1856 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1857 rfcomm_process_sessions();
1858 }
1da177e4
LT		 1859 return;
1860}
1861
1862static int rfcomm_add_listener(bdaddr_t *ba)
1863{
1864 struct sockaddr_l2 addr;
1865 struct socket *sock;
1866 struct sock *sk;
1867 struct rfcomm_session *s;
1868 int err = 0;
1869
1870 /* Create socket */
1871 err = rfcomm_l2sock_create(&sock);
8e87d142 1872 if (err < 0) {
1da177e4
LT		 1873 BT_ERR("Create socket failed %d", err);
1874 return err;
1875 }
1876
1877 /* Bind socket */
1878 bacpy(&addr.l2_bdaddr, ba);
1879 addr.l2_family = AF_BLUETOOTH;
1880 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 1881 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1882 if (err < 0) {
1883 BT_ERR("Bind failed %d", err);
1884 goto failed;
1885 }
1886
1887 /* Set L2CAP options */
1888 sk = sock->sk;
1889 lock_sock(sk);
56f3a40a 1890 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1891 release_sock(sk);
1892
1893 /* Start listening on the socket */
48db9ca4 1894 err = kernel_listen(sock, 10);
1da177e4
LT		 1895 if (err) {
1896 BT_ERR("Listen failed %d", err);
1897 goto failed;
1898 }
1899
1900 /* Add listening session */
1901 s = rfcomm_session_add(sock, BT_LISTEN);
1902 if (!s)
1903 goto failed;
1904
1905 rfcomm_session_hold(s);
1906 return 0;
1907failed:
1908 sock_release(sock);
1909 return err;
1910}
1911
1912static void rfcomm_kill_listener(void)
1913{
1914 struct rfcomm_session *s;
1915 struct list_head *p, *n;
1916
1917 BT_DBG("");
1918
1919 list_for_each_safe(p, n, &session_list) {
1920 s = list_entry(p, struct rfcomm_session, list);
1921 rfcomm_session_del(s);
1922 }
1923}
1924
1925static int rfcomm_run(void *unused)
1926{
1927 rfcomm_thread = current;
1928
1929 atomic_inc(&running);
1930
1931 daemonize("krfcommd");
1932 set_user_nice(current, -10);
1933 current->flags |= PF_NOFREEZE;
1934
1935 BT_DBG("");
1936
1937 rfcomm_add_listener(BDADDR_ANY);
1938
1939 rfcomm_worker();
1940
1941 rfcomm_kill_listener();
1942
1943 atomic_dec(&running);
1944 return 0;
1945}
1946
1947static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1948{
1949 struct rfcomm_session *s;
1950 struct rfcomm_dlc *d;
1951 struct list_head *p, *n;
1952
1953 BT_DBG("conn %p status 0x%02x", conn, status);
1954
1955 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1956 if (!s)
1957 return;
1958
1959 rfcomm_session_hold(s);
1960
1961 list_for_each_safe(p, n, &s->dlcs) {
1962 d = list_entry(p, struct rfcomm_dlc, list);
1963
1964 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1965 continue;
1966
1967 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1968 continue;
1969
1970 if (!status)
1971 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1972 else
1973 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1974 }
1975
1976 rfcomm_session_put(s);
1977
1978 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1979}
1980
1981static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1982{
1983 struct rfcomm_session *s;
1984 struct rfcomm_dlc *d;
1985 struct list_head *p, *n;
1986
1987 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1988
1989 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1990 if (!s)
1991 return;
1992
1993 rfcomm_session_hold(s);
1994
1995 list_for_each_safe(p, n, &s->dlcs) {
1996 d = list_entry(p, struct rfcomm_dlc, list);
1997
1998 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1999 continue;
2000
2001 if (!status && encrypt)
2002 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2003 else
2004 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2005 }
2006
2007 rfcomm_session_put(s);
2008
2009 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2010}
2011
2012static struct hci_cb rfcomm_cb = {
2013 .name = "RFCOMM",
2014 .auth_cfm = rfcomm_auth_cfm,
2015 .encrypt_cfm = rfcomm_encrypt_cfm
2016};
2017
be9d1227 2018static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2019{
2020 struct rfcomm_session *s;
2021 struct list_head *pp, *p;
be9d1227 2022 char *str = buf;
1da177e4
LT		 2023
2024 rfcomm_lock();
2025
2026 list_for_each(p, &session_list) {
2027 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2028 list_for_each(pp, &s->dlcs) {
2029 struct sock *sk = s->sock->sk;
2030 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2031
be9d1227
MH		 2032 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2033 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2034 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2035 }
2036 }
1da177e4 2037
1da177e4 2038 rfcomm_unlock();
1da177e4 2039
be9d1227 2040 return (str - buf);
1da177e4
LT		 2041}
2042
be9d1227 2043static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2044
2045/* ---- Initialization ---- */
2046static int __init rfcomm_init(void)
2047{
2048 l2cap_load();
2049
2050 hci_register_cb(&rfcomm_cb);
2051
2052 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2053
df5c37ea
MH		 2054 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2055 BT_ERR("Failed to create RFCOMM info file");
1da177e4
LT		 2056
2057 rfcomm_init_sockets();
2058
2059#ifdef CONFIG_BT_RFCOMM_TTY
2060 rfcomm_init_ttys();
2061#endif
2062
be9d1227
MH		 2063 BT_INFO("RFCOMM ver %s", VERSION);
2064
1da177e4
LT		 2065 return 0;
2066}
2067
2068static void __exit rfcomm_exit(void)
2069{
a91f2e39 2070 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2071
1da177e4
LT		 2072 hci_unregister_cb(&rfcomm_cb);
2073
2074 /* Terminate working thread.
2075 * ie. Set terminate flag and wake it up */
2076 atomic_inc(&terminate);
2077 rfcomm_schedule(RFCOMM_SCHED_STATE);
2078
2079 /* Wait until thread is running */
2080 while (atomic_read(&running))
2081 schedule();
2082
2083#ifdef CONFIG_BT_RFCOMM_TTY
2084 rfcomm_cleanup_ttys();
2085#endif
2086
2087 rfcomm_cleanup_sockets();
1da177e4
LT		 2088}
2089
2090module_init(rfcomm_init);
2091module_exit(rfcomm_exit);
2092
7c2660b0
MH		 2093module_param(disable_cfc, bool, 0644);
2094MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2095
98bcd08b
MH		 2096module_param(channel_mtu, int, 0644);
2097MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2098
56f3a40a
MH		 2099module_param(l2cap_mtu, uint, 0644);
2100MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2101
1da177e4
LT		 2102MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2103MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2104MODULE_VERSION(VERSION);
2105MODULE_LICENSE("GPL");
2106MODULE_ALIAS("bt-proto-3");
ubuntu-bionic-kernel mirror