projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Remove RFCOMM session refcnt
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define VERSION "1.11"
39
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45 static struct task_struct *rfcomm_thread;
46
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52 static LIST_HEAD(session_list);
53
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65 static void rfcomm_process_connect(struct rfcomm_session *s);
66
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
79
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
83
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
89
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
92
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
103
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
110
111 /* ---- RFCOMM FCS computation ---- */
112
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154 };
155
156 /* CRC on 2 bytes */
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
159 /* FCS on 2 bytes */
160 static inline u8 __fcs(u8 *data)
161 {
162 return 0xff - __crc(data);
163 }
164
165 /* FCS on 3 bytes */
166 static inline u8 __fcs2(u8 *data)
167 {
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
169 }
170
171 /* Check FCS */
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
173 {
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 }
181
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
184 {
185 BT_DBG("%p state %d", sk, sk->sk_state);
186 rfcomm_schedule();
187 }
188
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190 {
191 BT_DBG("%p bytes %d", sk, bytes);
192 rfcomm_schedule();
193 }
194
195 static int rfcomm_l2sock_create(struct socket **sock)
196 {
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208 }
209
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
211 {
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 break;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
223 break;
224 default:
225 auth_type = HCI_AT_NO_BONDING;
226 break;
227 }
228
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
230 }
231
232 static void rfcomm_session_timeout(unsigned long arg)
233 {
234 struct rfcomm_session *s = (void *) arg;
235
236 BT_DBG("session %p state %ld", s, s->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
239 rfcomm_schedule();
240 }
241
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
243 {
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
245
246 mod_timer(&s->timer, jiffies + timeout);
247 }
248
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
250 {
251 BT_DBG("session %p state %ld", s, s->state);
252
253 del_timer_sync(&s->timer);
254 }
255
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
258 {
259 struct rfcomm_dlc *d = (void *) arg;
260
261 BT_DBG("dlc %p state %ld", d, d->state);
262
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
264 rfcomm_dlc_put(d);
265 rfcomm_schedule();
266 }
267
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
269 {
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
271
272 if (!mod_timer(&d->timer, jiffies + timeout))
273 rfcomm_dlc_hold(d);
274 }
275
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
277 {
278 BT_DBG("dlc %p state %ld", d, d->state);
279
280 if (del_timer(&d->timer))
281 rfcomm_dlc_put(d);
282 }
283
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
285 {
286 BT_DBG("%p", d);
287
288 d->state = BT_OPEN;
289 d->flags = 0;
290 d->mscex = 0;
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
294
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
297 }
298
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
300 {
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
302
303 if (!d)
304 return NULL;
305
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
307
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
311
312 rfcomm_dlc_clear_state(d);
313
314 BT_DBG("%p", d);
315
316 return d;
317 }
318
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
320 {
321 BT_DBG("%p", d);
322
323 skb_queue_purge(&d->tx_queue);
324 kfree(d);
325 }
326
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
328 {
329 BT_DBG("dlc %p session %p", d, s);
330
331 rfcomm_session_clear_timer(s);
332 rfcomm_dlc_hold(d);
333 list_add(&d->list, &s->dlcs);
334 d->session = s;
335 }
336
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
338 {
339 struct rfcomm_session *s = d->session;
340
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342
343 list_del(&d->list);
344 d->session = NULL;
345 rfcomm_dlc_put(d);
346
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
349 }
350
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
352 {
353 struct rfcomm_dlc *d;
354
355 list_for_each_entry(d, &s->dlcs, list)
356 if (d->dlci == dlci)
357 return d;
358
359 return NULL;
360 }
361
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
363 {
364 struct rfcomm_session *s;
365 int err = 0;
366 u8 dlci;
367
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
370
371 if (channel < 1 || channel > 30)
372 return -EINVAL;
373
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
375 return 0;
376
377 s = rfcomm_session_get(src, dst);
378 if (!s) {
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
380 if (!s)
381 return err;
382 }
383
384 dlci = __dlci(!s->initiator, channel);
385
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
388 return -EBUSY;
389
390 rfcomm_dlc_clear_state(d);
391
392 d->dlci = dlci;
393 d->addr = __addr(s->initiator, dlci);
394 d->priority = 7;
395
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
398
399 d->out = 1;
400
401 d->mtu = s->mtu;
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
403
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
407 else
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
409 }
410
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
412
413 return 0;
414 }
415
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
417 {
418 int r;
419
420 rfcomm_lock();
421
422 r = __rfcomm_dlc_open(d, src, dst, channel);
423
424 rfcomm_unlock();
425 return r;
426 }
427
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
429 {
430 struct rfcomm_session *s = d->session;
431 if (!s)
432 return 0;
433
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
436
437 switch (d->state) {
438 case BT_CONNECT:
439 case BT_CONFIG:
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
442 rfcomm_schedule();
443 break;
444 }
445 /* Fall through */
446
447 case BT_CONNECTED:
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
452 } else {
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
455 }
456 break;
457
458 case BT_OPEN:
459 case BT_CONNECT2:
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
462 rfcomm_schedule();
463 break;
464 }
465 /* Fall through */
466
467 default:
468 rfcomm_dlc_clear_timer(d);
469
470 rfcomm_dlc_lock(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
474
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
477 }
478
479 return 0;
480 }
481
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
483 {
484 int r = 0;
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
487
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
489
490 rfcomm_lock();
491
492 s = d->session;
493 if (!s)
494 goto no_session;
495
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
498 */
499 list_for_each_entry(s_list, &session_list, list) {
500 if (s_list == s) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
502 if (d_list == d) {
503 r = __rfcomm_dlc_close(d, err);
504 break;
505 }
506 }
507 break;
508 }
509 }
510
511 no_session:
512 rfcomm_unlock();
513 return r;
514 }
515
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
517 {
518 int len = skb->len;
519
520 if (d->state != BT_CONNECTED)
521 return -ENOTCONN;
522
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
524
525 if (len > d->mtu)
526 return -EINVAL;
527
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
530
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
532 rfcomm_schedule();
533 return len;
534 }
535
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
537 {
538 BT_DBG("dlc %p state %ld", d, d->state);
539
540 if (!d->cfc) {
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
544 rfcomm_schedule();
545 }
546
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
548 {
549 BT_DBG("dlc %p state %ld", d, d->state);
550
551 if (!d->cfc) {
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
554 }
555 rfcomm_schedule();
556 }
557
558 /*
559 Set/get modem status functions use _local_ status i.e. what we report
560 to the other side.
561 Remote status is provided by dlc->modem_status() callback.
562 */
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564 {
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
567
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
570 else
571 v24_sig &= ~RFCOMM_V24_FC;
572
573 d->v24_sig = v24_sig;
574
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
576 rfcomm_schedule();
577
578 return 0;
579 }
580
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582 {
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
585
586 *v24_sig = d->v24_sig;
587 return 0;
588 }
589
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592 {
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
594
595 if (!s)
596 return NULL;
597
598 BT_DBG("session %p sock %p", s, sock);
599
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601
602 INIT_LIST_HEAD(&s->dlcs);
603 s->state = state;
604 s->sock = sock;
605
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
608
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
613 kfree(s);
614 return NULL;
615 }
616
617 list_add(&s->list, &session_list);
618
619 return s;
620 }
621
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
623 {
624 int state = s->state;
625
626 BT_DBG("session %p state %ld", s, s->state);
627
628 list_del(&s->list);
629
630 if (state == BT_CONNECTED)
631 rfcomm_send_disc(s, 0);
632
633 rfcomm_session_clear_timer(s);
634 sock_release(s->sock);
635 kfree(s);
636
637 if (state != BT_LISTEN)
638 module_put(THIS_MODULE);
639
640 return NULL;
641 }
642
643 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
644 {
645 struct rfcomm_session *s;
646 struct list_head *p, *n;
647 struct bt_sock *sk;
648 list_for_each_safe(p, n, &session_list) {
649 s = list_entry(p, struct rfcomm_session, list);
650 sk = bt_sk(s->sock->sk);
651
652 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
653 !bacmp(&sk->dst, dst))
654 return s;
655 }
656 return NULL;
657 }
658
659 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
660 int err)
661 {
662 struct rfcomm_dlc *d;
663 struct list_head *p, *n;
664
665 BT_DBG("session %p state %ld err %d", s, s->state, err);
666
667 s->state = BT_CLOSED;
668
669 /* Close all dlcs */
670 list_for_each_safe(p, n, &s->dlcs) {
671 d = list_entry(p, struct rfcomm_dlc, list);
672 d->state = BT_CLOSED;
673 __rfcomm_dlc_close(d, err);
674 }
675
676 rfcomm_session_clear_timer(s);
677 return rfcomm_session_del(s);
678 }
679
680 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
681 bdaddr_t *dst,
682 u8 sec_level,
683 int *err)
684 {
685 struct rfcomm_session *s = NULL;
686 struct sockaddr_l2 addr;
687 struct socket *sock;
688 struct sock *sk;
689
690 BT_DBG("%pMR -> %pMR", src, dst);
691
692 *err = rfcomm_l2sock_create(&sock);
693 if (*err < 0)
694 return NULL;
695
696 bacpy(&addr.l2_bdaddr, src);
697 addr.l2_family = AF_BLUETOOTH;
698 addr.l2_psm = 0;
699 addr.l2_cid = 0;
700 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
701 if (*err < 0)
702 goto failed;
703
704 /* Set L2CAP options */
705 sk = sock->sk;
706 lock_sock(sk);
707 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
708 l2cap_pi(sk)->chan->sec_level = sec_level;
709 if (l2cap_ertm)
710 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
711 release_sock(sk);
712
713 s = rfcomm_session_add(sock, BT_BOUND);
714 if (!s) {
715 *err = -ENOMEM;
716 goto failed;
717 }
718
719 s->initiator = 1;
720
721 bacpy(&addr.l2_bdaddr, dst);
722 addr.l2_family = AF_BLUETOOTH;
723 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
724 addr.l2_cid = 0;
725 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
726 if (*err == 0 || *err == -EINPROGRESS)
727 return s;
728
729 return rfcomm_session_del(s);
730
731 failed:
732 sock_release(sock);
733 return NULL;
734 }
735
736 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
737 {
738 struct sock *sk = s->sock->sk;
739 if (src)
740 bacpy(src, &bt_sk(sk)->src);
741 if (dst)
742 bacpy(dst, &bt_sk(sk)->dst);
743 }
744
745 /* ---- RFCOMM frame sending ---- */
746 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
747 {
748 struct kvec iv = { data, len };
749 struct msghdr msg;
750
751 BT_DBG("session %p len %d", s, len);
752
753 memset(&msg, 0, sizeof(msg));
754
755 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
756 }
757
758 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
759 {
760 BT_DBG("%p cmd %u", s, cmd->ctrl);
761
762 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
763 }
764
765 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
766 {
767 struct rfcomm_cmd cmd;
768
769 BT_DBG("%p dlci %d", s, dlci);
770
771 cmd.addr = __addr(s->initiator, dlci);
772 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
773 cmd.len = __len8(0);
774 cmd.fcs = __fcs2((u8 *) &cmd);
775
776 return rfcomm_send_cmd(s, &cmd);
777 }
778
779 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
780 {
781 struct rfcomm_cmd cmd;
782
783 BT_DBG("%p dlci %d", s, dlci);
784
785 cmd.addr = __addr(!s->initiator, dlci);
786 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
787 cmd.len = __len8(0);
788 cmd.fcs = __fcs2((u8 *) &cmd);
789
790 return rfcomm_send_cmd(s, &cmd);
791 }
792
793 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
794 {
795 struct rfcomm_cmd cmd;
796
797 BT_DBG("%p dlci %d", s, dlci);
798
799 cmd.addr = __addr(s->initiator, dlci);
800 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
801 cmd.len = __len8(0);
802 cmd.fcs = __fcs2((u8 *) &cmd);
803
804 return rfcomm_send_cmd(s, &cmd);
805 }
806
807 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
808 {
809 struct rfcomm_cmd *cmd;
810 struct sk_buff *skb;
811
812 BT_DBG("dlc %p dlci %d", d, d->dlci);
813
814 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
815 if (!skb)
816 return -ENOMEM;
817
818 cmd = (void *) __skb_put(skb, sizeof(*cmd));
819 cmd->addr = d->addr;
820 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
821 cmd->len = __len8(0);
822 cmd->fcs = __fcs2((u8 *) cmd);
823
824 skb_queue_tail(&d->tx_queue, skb);
825 rfcomm_schedule();
826 return 0;
827 }
828
829 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
830 {
831 struct rfcomm_cmd cmd;
832
833 BT_DBG("%p dlci %d", s, dlci);
834
835 cmd.addr = __addr(!s->initiator, dlci);
836 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
837 cmd.len = __len8(0);
838 cmd.fcs = __fcs2((u8 *) &cmd);
839
840 return rfcomm_send_cmd(s, &cmd);
841 }
842
843 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
844 {
845 struct rfcomm_hdr *hdr;
846 struct rfcomm_mcc *mcc;
847 u8 buf[16], *ptr = buf;
848
849 BT_DBG("%p cr %d type %d", s, cr, type);
850
851 hdr = (void *) ptr; ptr += sizeof(*hdr);
852 hdr->addr = __addr(s->initiator, 0);
853 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
854 hdr->len = __len8(sizeof(*mcc) + 1);
855
856 mcc = (void *) ptr; ptr += sizeof(*mcc);
857 mcc->type = __mcc_type(cr, RFCOMM_NSC);
858 mcc->len = __len8(1);
859
860 /* Type that we didn't like */
861 *ptr = __mcc_type(cr, type); ptr++;
862
863 *ptr = __fcs(buf); ptr++;
864
865 return rfcomm_send_frame(s, buf, ptr - buf);
866 }
867
868 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
869 {
870 struct rfcomm_hdr *hdr;
871 struct rfcomm_mcc *mcc;
872 struct rfcomm_pn *pn;
873 u8 buf[16], *ptr = buf;
874
875 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
876
877 hdr = (void *) ptr; ptr += sizeof(*hdr);
878 hdr->addr = __addr(s->initiator, 0);
879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
881
882 mcc = (void *) ptr; ptr += sizeof(*mcc);
883 mcc->type = __mcc_type(cr, RFCOMM_PN);
884 mcc->len = __len8(sizeof(*pn));
885
886 pn = (void *) ptr; ptr += sizeof(*pn);
887 pn->dlci = d->dlci;
888 pn->priority = d->priority;
889 pn->ack_timer = 0;
890 pn->max_retrans = 0;
891
892 if (s->cfc) {
893 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
894 pn->credits = RFCOMM_DEFAULT_CREDITS;
895 } else {
896 pn->flow_ctrl = 0;
897 pn->credits = 0;
898 }
899
900 if (cr && channel_mtu >= 0)
901 pn->mtu = cpu_to_le16(channel_mtu);
902 else
903 pn->mtu = cpu_to_le16(d->mtu);
904
905 *ptr = __fcs(buf); ptr++;
906
907 return rfcomm_send_frame(s, buf, ptr - buf);
908 }
909
910 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
911 u8 bit_rate, u8 data_bits, u8 stop_bits,
912 u8 parity, u8 flow_ctrl_settings,
913 u8 xon_char, u8 xoff_char, u16 param_mask)
914 {
915 struct rfcomm_hdr *hdr;
916 struct rfcomm_mcc *mcc;
917 struct rfcomm_rpn *rpn;
918 u8 buf[16], *ptr = buf;
919
920 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
921 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
922 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
923 flow_ctrl_settings, xon_char, xoff_char, param_mask);
924
925 hdr = (void *) ptr; ptr += sizeof(*hdr);
926 hdr->addr = __addr(s->initiator, 0);
927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
929
930 mcc = (void *) ptr; ptr += sizeof(*mcc);
931 mcc->type = __mcc_type(cr, RFCOMM_RPN);
932 mcc->len = __len8(sizeof(*rpn));
933
934 rpn = (void *) ptr; ptr += sizeof(*rpn);
935 rpn->dlci = __addr(1, dlci);
936 rpn->bit_rate = bit_rate;
937 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
938 rpn->flow_ctrl = flow_ctrl_settings;
939 rpn->xon_char = xon_char;
940 rpn->xoff_char = xoff_char;
941 rpn->param_mask = cpu_to_le16(param_mask);
942
943 *ptr = __fcs(buf); ptr++;
944
945 return rfcomm_send_frame(s, buf, ptr - buf);
946 }
947
948 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
949 {
950 struct rfcomm_hdr *hdr;
951 struct rfcomm_mcc *mcc;
952 struct rfcomm_rls *rls;
953 u8 buf[16], *ptr = buf;
954
955 BT_DBG("%p cr %d status 0x%x", s, cr, status);
956
957 hdr = (void *) ptr; ptr += sizeof(*hdr);
958 hdr->addr = __addr(s->initiator, 0);
959 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
960 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
961
962 mcc = (void *) ptr; ptr += sizeof(*mcc);
963 mcc->type = __mcc_type(cr, RFCOMM_RLS);
964 mcc->len = __len8(sizeof(*rls));
965
966 rls = (void *) ptr; ptr += sizeof(*rls);
967 rls->dlci = __addr(1, dlci);
968 rls->status = status;
969
970 *ptr = __fcs(buf); ptr++;
971
972 return rfcomm_send_frame(s, buf, ptr - buf);
973 }
974
975 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
976 {
977 struct rfcomm_hdr *hdr;
978 struct rfcomm_mcc *mcc;
979 struct rfcomm_msc *msc;
980 u8 buf[16], *ptr = buf;
981
982 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
983
984 hdr = (void *) ptr; ptr += sizeof(*hdr);
985 hdr->addr = __addr(s->initiator, 0);
986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
988
989 mcc = (void *) ptr; ptr += sizeof(*mcc);
990 mcc->type = __mcc_type(cr, RFCOMM_MSC);
991 mcc->len = __len8(sizeof(*msc));
992
993 msc = (void *) ptr; ptr += sizeof(*msc);
994 msc->dlci = __addr(1, dlci);
995 msc->v24_sig = v24_sig | 0x01;
996
997 *ptr = __fcs(buf); ptr++;
998
999 return rfcomm_send_frame(s, buf, ptr - buf);
1000 }
1001
1002 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1003 {
1004 struct rfcomm_hdr *hdr;
1005 struct rfcomm_mcc *mcc;
1006 u8 buf[16], *ptr = buf;
1007
1008 BT_DBG("%p cr %d", s, cr);
1009
1010 hdr = (void *) ptr; ptr += sizeof(*hdr);
1011 hdr->addr = __addr(s->initiator, 0);
1012 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1013 hdr->len = __len8(sizeof(*mcc));
1014
1015 mcc = (void *) ptr; ptr += sizeof(*mcc);
1016 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1017 mcc->len = __len8(0);
1018
1019 *ptr = __fcs(buf); ptr++;
1020
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1022 }
1023
1024 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1025 {
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 u8 buf[16], *ptr = buf;
1029
1030 BT_DBG("%p cr %d", s, cr);
1031
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc));
1036
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1039 mcc->len = __len8(0);
1040
1041 *ptr = __fcs(buf); ptr++;
1042
1043 return rfcomm_send_frame(s, buf, ptr - buf);
1044 }
1045
1046 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1047 {
1048 struct socket *sock = s->sock;
1049 struct kvec iv[3];
1050 struct msghdr msg;
1051 unsigned char hdr[5], crc[1];
1052
1053 if (len > 125)
1054 return -EINVAL;
1055
1056 BT_DBG("%p cr %d", s, cr);
1057
1058 hdr[0] = __addr(s->initiator, 0);
1059 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1060 hdr[2] = 0x01 | ((len + 2) << 1);
1061 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1062 hdr[4] = 0x01 | (len << 1);
1063
1064 crc[0] = __fcs(hdr);
1065
1066 iv[0].iov_base = hdr;
1067 iv[0].iov_len = 5;
1068 iv[1].iov_base = pattern;
1069 iv[1].iov_len = len;
1070 iv[2].iov_base = crc;
1071 iv[2].iov_len = 1;
1072
1073 memset(&msg, 0, sizeof(msg));
1074
1075 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1076 }
1077
1078 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1079 {
1080 struct rfcomm_hdr *hdr;
1081 u8 buf[16], *ptr = buf;
1082
1083 BT_DBG("%p addr %d credits %d", s, addr, credits);
1084
1085 hdr = (void *) ptr; ptr += sizeof(*hdr);
1086 hdr->addr = addr;
1087 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1088 hdr->len = __len8(0);
1089
1090 *ptr = credits; ptr++;
1091
1092 *ptr = __fcs(buf); ptr++;
1093
1094 return rfcomm_send_frame(s, buf, ptr - buf);
1095 }
1096
1097 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1098 {
1099 struct rfcomm_hdr *hdr;
1100 int len = skb->len;
1101 u8 *crc;
1102
1103 if (len > 127) {
1104 hdr = (void *) skb_push(skb, 4);
1105 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1106 } else {
1107 hdr = (void *) skb_push(skb, 3);
1108 hdr->len = __len8(len);
1109 }
1110 hdr->addr = addr;
1111 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1112
1113 crc = skb_put(skb, 1);
1114 *crc = __fcs((void *) hdr);
1115 }
1116
1117 /* ---- RFCOMM frame reception ---- */
1118 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1119 {
1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1121
1122 if (dlci) {
1123 /* Data channel */
1124 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 if (!d) {
1126 rfcomm_send_dm(s, dlci);
1127 return s;
1128 }
1129
1130 switch (d->state) {
1131 case BT_CONNECT:
1132 rfcomm_dlc_clear_timer(d);
1133
1134 rfcomm_dlc_lock(d);
1135 d->state = BT_CONNECTED;
1136 d->state_change(d, 0);
1137 rfcomm_dlc_unlock(d);
1138
1139 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1140 break;
1141
1142 case BT_DISCONN:
1143 d->state = BT_CLOSED;
1144 __rfcomm_dlc_close(d, 0);
1145
1146 if (list_empty(&s->dlcs)) {
1147 s->state = BT_DISCONN;
1148 rfcomm_send_disc(s, 0);
1149 rfcomm_session_clear_timer(s);
1150 }
1151
1152 break;
1153 }
1154 } else {
1155 /* Control channel */
1156 switch (s->state) {
1157 case BT_CONNECT:
1158 s->state = BT_CONNECTED;
1159 rfcomm_process_connect(s);
1160 break;
1161
1162 case BT_DISCONN:
1163 s = rfcomm_session_close(s, ECONNRESET);
1164 break;
1165 }
1166 }
1167 return s;
1168 }
1169
1170 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1171 {
1172 int err = 0;
1173
1174 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175
1176 if (dlci) {
1177 /* Data DLC */
1178 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1179 if (d) {
1180 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1181 err = ECONNREFUSED;
1182 else
1183 err = ECONNRESET;
1184
1185 d->state = BT_CLOSED;
1186 __rfcomm_dlc_close(d, err);
1187 }
1188 } else {
1189 if (s->state == BT_CONNECT)
1190 err = ECONNREFUSED;
1191 else
1192 err = ECONNRESET;
1193
1194 s->state = BT_CLOSED;
1195 s = rfcomm_session_close(s, err);
1196 }
1197 return s;
1198 }
1199
1200 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1201 u8 dlci)
1202 {
1203 int err = 0;
1204
1205 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206
1207 if (dlci) {
1208 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1209 if (d) {
1210 rfcomm_send_ua(s, dlci);
1211
1212 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1213 err = ECONNREFUSED;
1214 else
1215 err = ECONNRESET;
1216
1217 d->state = BT_CLOSED;
1218 __rfcomm_dlc_close(d, err);
1219 } else
1220 rfcomm_send_dm(s, dlci);
1221
1222 } else {
1223 rfcomm_send_ua(s, 0);
1224
1225 if (s->state == BT_CONNECT)
1226 err = ECONNREFUSED;
1227 else
1228 err = ECONNRESET;
1229
1230 s->state = BT_CLOSED;
1231 s = rfcomm_session_close(s, err);
1232 }
1233 return s;
1234 }
1235
1236 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1237 {
1238 struct sock *sk = d->session->sock->sk;
1239 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1240
1241 BT_DBG("dlc %p", d);
1242
1243 rfcomm_send_ua(d->session, d->dlci);
1244
1245 rfcomm_dlc_clear_timer(d);
1246
1247 rfcomm_dlc_lock(d);
1248 d->state = BT_CONNECTED;
1249 d->state_change(d, 0);
1250 rfcomm_dlc_unlock(d);
1251
1252 if (d->role_switch)
1253 hci_conn_switch_role(conn->hcon, 0x00);
1254
1255 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1256 }
1257
1258 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1259 {
1260 if (rfcomm_check_security(d)) {
1261 if (d->defer_setup) {
1262 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1263 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1264
1265 rfcomm_dlc_lock(d);
1266 d->state = BT_CONNECT2;
1267 d->state_change(d, 0);
1268 rfcomm_dlc_unlock(d);
1269 } else
1270 rfcomm_dlc_accept(d);
1271 } else {
1272 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1273 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1274 }
1275 }
1276
1277 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1278 {
1279 struct rfcomm_dlc *d;
1280 u8 channel;
1281
1282 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1283
1284 if (!dlci) {
1285 rfcomm_send_ua(s, 0);
1286
1287 if (s->state == BT_OPEN) {
1288 s->state = BT_CONNECTED;
1289 rfcomm_process_connect(s);
1290 }
1291 return 0;
1292 }
1293
1294 /* Check if DLC exists */
1295 d = rfcomm_dlc_get(s, dlci);
1296 if (d) {
1297 if (d->state == BT_OPEN) {
1298 /* DLC was previously opened by PN request */
1299 rfcomm_check_accept(d);
1300 }
1301 return 0;
1302 }
1303
1304 /* Notify socket layer about incoming connection */
1305 channel = __srv_channel(dlci);
1306 if (rfcomm_connect_ind(s, channel, &d)) {
1307 d->dlci = dlci;
1308 d->addr = __addr(s->initiator, dlci);
1309 rfcomm_dlc_link(s, d);
1310
1311 rfcomm_check_accept(d);
1312 } else {
1313 rfcomm_send_dm(s, dlci);
1314 }
1315
1316 return 0;
1317 }
1318
1319 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1320 {
1321 struct rfcomm_session *s = d->session;
1322
1323 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1324 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1325
1326 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1327 pn->flow_ctrl == 0xe0) {
1328 d->cfc = RFCOMM_CFC_ENABLED;
1329 d->tx_credits = pn->credits;
1330 } else {
1331 d->cfc = RFCOMM_CFC_DISABLED;
1332 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1333 }
1334
1335 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1336 s->cfc = d->cfc;
1337
1338 d->priority = pn->priority;
1339
1340 d->mtu = __le16_to_cpu(pn->mtu);
1341
1342 if (cr && d->mtu > s->mtu)
1343 d->mtu = s->mtu;
1344
1345 return 0;
1346 }
1347
1348 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1349 {
1350 struct rfcomm_pn *pn = (void *) skb->data;
1351 struct rfcomm_dlc *d;
1352 u8 dlci = pn->dlci;
1353
1354 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1355
1356 if (!dlci)
1357 return 0;
1358
1359 d = rfcomm_dlc_get(s, dlci);
1360 if (d) {
1361 if (cr) {
1362 /* PN request */
1363 rfcomm_apply_pn(d, cr, pn);
1364 rfcomm_send_pn(s, 0, d);
1365 } else {
1366 /* PN response */
1367 switch (d->state) {
1368 case BT_CONFIG:
1369 rfcomm_apply_pn(d, cr, pn);
1370
1371 d->state = BT_CONNECT;
1372 rfcomm_send_sabm(s, d->dlci);
1373 break;
1374 }
1375 }
1376 } else {
1377 u8 channel = __srv_channel(dlci);
1378
1379 if (!cr)
1380 return 0;
1381
1382 /* PN request for non existing DLC.
1383 * Assume incoming connection. */
1384 if (rfcomm_connect_ind(s, channel, &d)) {
1385 d->dlci = dlci;
1386 d->addr = __addr(s->initiator, dlci);
1387 rfcomm_dlc_link(s, d);
1388
1389 rfcomm_apply_pn(d, cr, pn);
1390
1391 d->state = BT_OPEN;
1392 rfcomm_send_pn(s, 0, d);
1393 } else {
1394 rfcomm_send_dm(s, dlci);
1395 }
1396 }
1397 return 0;
1398 }
1399
1400 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1401 {
1402 struct rfcomm_rpn *rpn = (void *) skb->data;
1403 u8 dlci = __get_dlci(rpn->dlci);
1404
1405 u8 bit_rate = 0;
1406 u8 data_bits = 0;
1407 u8 stop_bits = 0;
1408 u8 parity = 0;
1409 u8 flow_ctrl = 0;
1410 u8 xon_char = 0;
1411 u8 xoff_char = 0;
1412 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1413
1414 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1415 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1416 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1417
1418 if (!cr)
1419 return 0;
1420
1421 if (len == 1) {
1422 /* This is a request, return default (according to ETSI TS 07.10) settings */
1423 bit_rate = RFCOMM_RPN_BR_9600;
1424 data_bits = RFCOMM_RPN_DATA_8;
1425 stop_bits = RFCOMM_RPN_STOP_1;
1426 parity = RFCOMM_RPN_PARITY_NONE;
1427 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1428 xon_char = RFCOMM_RPN_XON_CHAR;
1429 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1430 goto rpn_out;
1431 }
1432
1433 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1434 * no parity, no flow control lines, normal XON/XOFF chars */
1435
1436 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1437 bit_rate = rpn->bit_rate;
1438 if (bit_rate > RFCOMM_RPN_BR_230400) {
1439 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1440 bit_rate = RFCOMM_RPN_BR_9600;
1441 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1442 }
1443 }
1444
1445 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1446 data_bits = __get_rpn_data_bits(rpn->line_settings);
1447 if (data_bits != RFCOMM_RPN_DATA_8) {
1448 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1449 data_bits = RFCOMM_RPN_DATA_8;
1450 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1451 }
1452 }
1453
1454 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1455 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1456 if (stop_bits != RFCOMM_RPN_STOP_1) {
1457 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1458 stop_bits = RFCOMM_RPN_STOP_1;
1459 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1460 }
1461 }
1462
1463 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1464 parity = __get_rpn_parity(rpn->line_settings);
1465 if (parity != RFCOMM_RPN_PARITY_NONE) {
1466 BT_DBG("RPN parity mismatch 0x%x", parity);
1467 parity = RFCOMM_RPN_PARITY_NONE;
1468 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1469 }
1470 }
1471
1472 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1473 flow_ctrl = rpn->flow_ctrl;
1474 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1475 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1476 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1477 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1478 }
1479 }
1480
1481 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1482 xon_char = rpn->xon_char;
1483 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1484 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1485 xon_char = RFCOMM_RPN_XON_CHAR;
1486 rpn_mask ^= RFCOMM_RPN_PM_XON;
1487 }
1488 }
1489
1490 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1491 xoff_char = rpn->xoff_char;
1492 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1493 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1494 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1495 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1496 }
1497 }
1498
1499 rpn_out:
1500 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1501 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1502
1503 return 0;
1504 }
1505
1506 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1507 {
1508 struct rfcomm_rls *rls = (void *) skb->data;
1509 u8 dlci = __get_dlci(rls->dlci);
1510
1511 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1512
1513 if (!cr)
1514 return 0;
1515
1516 /* We should probably do something with this information here. But
1517 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1518 * mandatory to recognise and respond to RLS */
1519
1520 rfcomm_send_rls(s, 0, dlci, rls->status);
1521
1522 return 0;
1523 }
1524
1525 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1526 {
1527 struct rfcomm_msc *msc = (void *) skb->data;
1528 struct rfcomm_dlc *d;
1529 u8 dlci = __get_dlci(msc->dlci);
1530
1531 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1532
1533 d = rfcomm_dlc_get(s, dlci);
1534 if (!d)
1535 return 0;
1536
1537 if (cr) {
1538 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1539 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540 else
1541 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1542
1543 rfcomm_dlc_lock(d);
1544
1545 d->remote_v24_sig = msc->v24_sig;
1546
1547 if (d->modem_status)
1548 d->modem_status(d, msc->v24_sig);
1549
1550 rfcomm_dlc_unlock(d);
1551
1552 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1553
1554 d->mscex |= RFCOMM_MSCEX_RX;
1555 } else
1556 d->mscex |= RFCOMM_MSCEX_TX;
1557
1558 return 0;
1559 }
1560
1561 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1562 {
1563 struct rfcomm_mcc *mcc = (void *) skb->data;
1564 u8 type, cr, len;
1565
1566 cr = __test_cr(mcc->type);
1567 type = __get_mcc_type(mcc->type);
1568 len = __get_mcc_len(mcc->len);
1569
1570 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1571
1572 skb_pull(skb, 2);
1573
1574 switch (type) {
1575 case RFCOMM_PN:
1576 rfcomm_recv_pn(s, cr, skb);
1577 break;
1578
1579 case RFCOMM_RPN:
1580 rfcomm_recv_rpn(s, cr, len, skb);
1581 break;
1582
1583 case RFCOMM_RLS:
1584 rfcomm_recv_rls(s, cr, skb);
1585 break;
1586
1587 case RFCOMM_MSC:
1588 rfcomm_recv_msc(s, cr, skb);
1589 break;
1590
1591 case RFCOMM_FCOFF:
1592 if (cr) {
1593 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1594 rfcomm_send_fcoff(s, 0);
1595 }
1596 break;
1597
1598 case RFCOMM_FCON:
1599 if (cr) {
1600 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1601 rfcomm_send_fcon(s, 0);
1602 }
1603 break;
1604
1605 case RFCOMM_TEST:
1606 if (cr)
1607 rfcomm_send_test(s, 0, skb->data, skb->len);
1608 break;
1609
1610 case RFCOMM_NSC:
1611 break;
1612
1613 default:
1614 BT_ERR("Unknown control type 0x%02x", type);
1615 rfcomm_send_nsc(s, cr, type);
1616 break;
1617 }
1618 return 0;
1619 }
1620
1621 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1622 {
1623 struct rfcomm_dlc *d;
1624
1625 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1626
1627 d = rfcomm_dlc_get(s, dlci);
1628 if (!d) {
1629 rfcomm_send_dm(s, dlci);
1630 goto drop;
1631 }
1632
1633 if (pf && d->cfc) {
1634 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1635
1636 d->tx_credits += credits;
1637 if (d->tx_credits)
1638 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1639 }
1640
1641 if (skb->len && d->state == BT_CONNECTED) {
1642 rfcomm_dlc_lock(d);
1643 d->rx_credits--;
1644 d->data_ready(d, skb);
1645 rfcomm_dlc_unlock(d);
1646 return 0;
1647 }
1648
1649 drop:
1650 kfree_skb(skb);
1651 return 0;
1652 }
1653
1654 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1655 struct sk_buff *skb)
1656 {
1657 struct rfcomm_hdr *hdr = (void *) skb->data;
1658 u8 type, dlci, fcs;
1659
1660 if (!s) {
1661 /* no session, so free socket data */
1662 kfree_skb(skb);
1663 return s;
1664 }
1665
1666 dlci = __get_dlci(hdr->addr);
1667 type = __get_type(hdr->ctrl);
1668
1669 /* Trim FCS */
1670 skb->len--; skb->tail--;
1671 fcs = *(u8 *)skb_tail_pointer(skb);
1672
1673 if (__check_fcs(skb->data, type, fcs)) {
1674 BT_ERR("bad checksum in packet");
1675 kfree_skb(skb);
1676 return s;
1677 }
1678
1679 if (__test_ea(hdr->len))
1680 skb_pull(skb, 3);
1681 else
1682 skb_pull(skb, 4);
1683
1684 switch (type) {
1685 case RFCOMM_SABM:
1686 if (__test_pf(hdr->ctrl))
1687 rfcomm_recv_sabm(s, dlci);
1688 break;
1689
1690 case RFCOMM_DISC:
1691 if (__test_pf(hdr->ctrl))
1692 s = rfcomm_recv_disc(s, dlci);
1693 break;
1694
1695 case RFCOMM_UA:
1696 if (__test_pf(hdr->ctrl))
1697 s = rfcomm_recv_ua(s, dlci);
1698 break;
1699
1700 case RFCOMM_DM:
1701 s = rfcomm_recv_dm(s, dlci);
1702 break;
1703
1704 case RFCOMM_UIH:
1705 if (dlci) {
1706 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1707 return s;
1708 }
1709 rfcomm_recv_mcc(s, skb);
1710 break;
1711
1712 default:
1713 BT_ERR("Unknown packet type 0x%02x", type);
1714 break;
1715 }
1716 kfree_skb(skb);
1717 return s;
1718 }
1719
1720 /* ---- Connection and data processing ---- */
1721
1722 static void rfcomm_process_connect(struct rfcomm_session *s)
1723 {
1724 struct rfcomm_dlc *d;
1725 struct list_head *p, *n;
1726
1727 BT_DBG("session %p state %ld", s, s->state);
1728
1729 list_for_each_safe(p, n, &s->dlcs) {
1730 d = list_entry(p, struct rfcomm_dlc, list);
1731 if (d->state == BT_CONFIG) {
1732 d->mtu = s->mtu;
1733 if (rfcomm_check_security(d)) {
1734 rfcomm_send_pn(s, 1, d);
1735 } else {
1736 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1737 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1738 }
1739 }
1740 }
1741 }
1742
1743 /* Send data queued for the DLC.
1744 * Return number of frames left in the queue.
1745 */
1746 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1747 {
1748 struct sk_buff *skb;
1749 int err;
1750
1751 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1752 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1753
1754 /* Send pending MSC */
1755 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1756 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1757
1758 if (d->cfc) {
1759 /* CFC enabled.
1760 * Give them some credits */
1761 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1762 d->rx_credits <= (d->cfc >> 2)) {
1763 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1764 d->rx_credits = d->cfc;
1765 }
1766 } else {
1767 /* CFC disabled.
1768 * Give ourselves some credits */
1769 d->tx_credits = 5;
1770 }
1771
1772 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1773 return skb_queue_len(&d->tx_queue);
1774
1775 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1776 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1777 if (err < 0) {
1778 skb_queue_head(&d->tx_queue, skb);
1779 break;
1780 }
1781 kfree_skb(skb);
1782 d->tx_credits--;
1783 }
1784
1785 if (d->cfc && !d->tx_credits) {
1786 /* We're out of TX credits.
1787 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1788 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1789 }
1790
1791 return skb_queue_len(&d->tx_queue);
1792 }
1793
1794 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1795 {
1796 struct rfcomm_dlc *d;
1797 struct list_head *p, *n;
1798
1799 BT_DBG("session %p state %ld", s, s->state);
1800
1801 list_for_each_safe(p, n, &s->dlcs) {
1802 d = list_entry(p, struct rfcomm_dlc, list);
1803
1804 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1805 __rfcomm_dlc_close(d, ETIMEDOUT);
1806 continue;
1807 }
1808
1809 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1810 __rfcomm_dlc_close(d, ECONNREFUSED);
1811 continue;
1812 }
1813
1814 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1815 rfcomm_dlc_clear_timer(d);
1816 if (d->out) {
1817 rfcomm_send_pn(s, 1, d);
1818 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1819 } else {
1820 if (d->defer_setup) {
1821 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1822 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1823
1824 rfcomm_dlc_lock(d);
1825 d->state = BT_CONNECT2;
1826 d->state_change(d, 0);
1827 rfcomm_dlc_unlock(d);
1828 } else
1829 rfcomm_dlc_accept(d);
1830 }
1831 continue;
1832 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1833 rfcomm_dlc_clear_timer(d);
1834 if (!d->out)
1835 rfcomm_send_dm(s, d->dlci);
1836 else
1837 d->state = BT_CLOSED;
1838 __rfcomm_dlc_close(d, ECONNREFUSED);
1839 continue;
1840 }
1841
1842 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1843 continue;
1844
1845 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1846 continue;
1847
1848 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1849 d->mscex == RFCOMM_MSCEX_OK)
1850 rfcomm_process_tx(d);
1851 }
1852 }
1853
1854 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1855 {
1856 struct socket *sock = s->sock;
1857 struct sock *sk = sock->sk;
1858 struct sk_buff *skb;
1859
1860 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1861
1862 /* Get data directly from socket receive queue without copying it. */
1863 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1864 skb_orphan(skb);
1865 if (!skb_linearize(skb))
1866 s = rfcomm_recv_frame(s, skb);
1867 else
1868 kfree_skb(skb);
1869 }
1870
1871 if (s && (sk->sk_state == BT_CLOSED))
1872 s = rfcomm_session_close(s, sk->sk_err);
1873
1874 return s;
1875 }
1876
1877 static void rfcomm_accept_connection(struct rfcomm_session *s)
1878 {
1879 struct socket *sock = s->sock, *nsock;
1880 int err;
1881
1882 /* Fast check for a new connection.
1883 * Avoids unnesesary socket allocations. */
1884 if (list_empty(&bt_sk(sock->sk)->accept_q))
1885 return;
1886
1887 BT_DBG("session %p", s);
1888
1889 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1890 if (err < 0)
1891 return;
1892
1893 /* Set our callbacks */
1894 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1895 nsock->sk->sk_state_change = rfcomm_l2state_change;
1896
1897 s = rfcomm_session_add(nsock, BT_OPEN);
1898 if (s) {
1899 /* We should adjust MTU on incoming sessions.
1900 * L2CAP MTU minus UIH header and FCS. */
1901 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1902 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1903
1904 rfcomm_schedule();
1905 } else
1906 sock_release(nsock);
1907 }
1908
1909 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1910 {
1911 struct sock *sk = s->sock->sk;
1912
1913 BT_DBG("%p state %ld", s, s->state);
1914
1915 switch (sk->sk_state) {
1916 case BT_CONNECTED:
1917 s->state = BT_CONNECT;
1918
1919 /* We can adjust MTU on outgoing sessions.
1920 * L2CAP MTU minus UIH header and FCS. */
1921 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1922
1923 rfcomm_send_sabm(s, 0);
1924 break;
1925
1926 case BT_CLOSED:
1927 s->state = BT_CLOSED;
1928 s = rfcomm_session_close(s, sk->sk_err);
1929 break;
1930 }
1931 return s;
1932 }
1933
1934 static void rfcomm_process_sessions(void)
1935 {
1936 struct list_head *p, *n;
1937
1938 rfcomm_lock();
1939
1940 list_for_each_safe(p, n, &session_list) {
1941 struct rfcomm_session *s;
1942 s = list_entry(p, struct rfcomm_session, list);
1943
1944 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1945 s->state = BT_DISCONN;
1946 rfcomm_send_disc(s, 0);
1947 continue;
1948 }
1949
1950 if (s->state == BT_LISTEN) {
1951 rfcomm_accept_connection(s);
1952 continue;
1953 }
1954
1955 switch (s->state) {
1956 case BT_BOUND:
1957 s = rfcomm_check_connection(s);
1958 break;
1959
1960 default:
1961 s = rfcomm_process_rx(s);
1962 break;
1963 }
1964
1965 if (s)
1966 rfcomm_process_dlcs(s);
1967 }
1968
1969 rfcomm_unlock();
1970 }
1971
1972 static int rfcomm_add_listener(bdaddr_t *ba)
1973 {
1974 struct sockaddr_l2 addr;
1975 struct socket *sock;
1976 struct sock *sk;
1977 struct rfcomm_session *s;
1978 int err = 0;
1979
1980 /* Create socket */
1981 err = rfcomm_l2sock_create(&sock);
1982 if (err < 0) {
1983 BT_ERR("Create socket failed %d", err);
1984 return err;
1985 }
1986
1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH;
1990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1991 addr.l2_cid = 0;
1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1993 if (err < 0) {
1994 BT_ERR("Bind failed %d", err);
1995 goto failed;
1996 }
1997
1998 /* Set L2CAP options */
1999 sk = sock->sk;
2000 lock_sock(sk);
2001 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2002 release_sock(sk);
2003
2004 /* Start listening on the socket */
2005 err = kernel_listen(sock, 10);
2006 if (err) {
2007 BT_ERR("Listen failed %d", err);
2008 goto failed;
2009 }
2010
2011 /* Add listening session */
2012 s = rfcomm_session_add(sock, BT_LISTEN);
2013 if (!s)
2014 goto failed;
2015
2016 return 0;
2017 failed:
2018 sock_release(sock);
2019 return err;
2020 }
2021
2022 static void rfcomm_kill_listener(void)
2023 {
2024 struct rfcomm_session *s;
2025 struct list_head *p, *n;
2026
2027 BT_DBG("");
2028
2029 list_for_each_safe(p, n, &session_list) {
2030 s = list_entry(p, struct rfcomm_session, list);
2031 rfcomm_session_del(s);
2032 }
2033 }
2034
2035 static int rfcomm_run(void *unused)
2036 {
2037 BT_DBG("");
2038
2039 set_user_nice(current, -10);
2040
2041 rfcomm_add_listener(BDADDR_ANY);
2042
2043 while (1) {
2044 set_current_state(TASK_INTERRUPTIBLE);
2045
2046 if (kthread_should_stop())
2047 break;
2048
2049 /* Process stuff */
2050 rfcomm_process_sessions();
2051
2052 schedule();
2053 }
2054 __set_current_state(TASK_RUNNING);
2055
2056 rfcomm_kill_listener();
2057
2058 return 0;
2059 }
2060
2061 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2062 {
2063 struct rfcomm_session *s;
2064 struct rfcomm_dlc *d;
2065 struct list_head *p, *n;
2066
2067 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2068
2069 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2070 if (!s)
2071 return;
2072
2073 list_for_each_safe(p, n, &s->dlcs) {
2074 d = list_entry(p, struct rfcomm_dlc, list);
2075
2076 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2077 rfcomm_dlc_clear_timer(d);
2078 if (status || encrypt == 0x00) {
2079 set_bit(RFCOMM_ENC_DROP, &d->flags);
2080 continue;
2081 }
2082 }
2083
2084 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2085 if (d->sec_level == BT_SECURITY_MEDIUM) {
2086 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2087 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2088 continue;
2089 } else if (d->sec_level == BT_SECURITY_HIGH) {
2090 set_bit(RFCOMM_ENC_DROP, &d->flags);
2091 continue;
2092 }
2093 }
2094
2095 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2096 continue;
2097
2098 if (!status && hci_conn_check_secure(conn, d->sec_level))
2099 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2100 else
2101 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2102 }
2103
2104 rfcomm_schedule();
2105 }
2106
2107 static struct hci_cb rfcomm_cb = {
2108 .name = "RFCOMM",
2109 .security_cfm = rfcomm_security_cfm
2110 };
2111
2112 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2113 {
2114 struct rfcomm_session *s;
2115
2116 rfcomm_lock();
2117
2118 list_for_each_entry(s, &session_list, list) {
2119 struct rfcomm_dlc *d;
2120 list_for_each_entry(d, &s->dlcs, list) {
2121 struct sock *sk = s->sock->sk;
2122
2123 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2124 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2125 d->state, d->dlci, d->mtu,
2126 d->rx_credits, d->tx_credits);
2127 }
2128 }
2129
2130 rfcomm_unlock();
2131
2132 return 0;
2133 }
2134
2135 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2136 {
2137 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2138 }
2139
2140 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2141 .open = rfcomm_dlc_debugfs_open,
2142 .read = seq_read,
2143 .llseek = seq_lseek,
2144 .release = single_release,
2145 };
2146
2147 static struct dentry *rfcomm_dlc_debugfs;
2148
2149 /* ---- Initialization ---- */
2150 static int __init rfcomm_init(void)
2151 {
2152 int err;
2153
2154 hci_register_cb(&rfcomm_cb);
2155
2156 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2157 if (IS_ERR(rfcomm_thread)) {
2158 err = PTR_ERR(rfcomm_thread);
2159 goto unregister;
2160 }
2161
2162 if (bt_debugfs) {
2163 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2164 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2165 if (!rfcomm_dlc_debugfs)
2166 BT_ERR("Failed to create RFCOMM debug file");
2167 }
2168
2169 err = rfcomm_init_ttys();
2170 if (err < 0)
2171 goto stop;
2172
2173 err = rfcomm_init_sockets();
2174 if (err < 0)
2175 goto cleanup;
2176
2177 BT_INFO("RFCOMM ver %s", VERSION);
2178
2179 return 0;
2180
2181 cleanup:
2182 rfcomm_cleanup_ttys();
2183
2184 stop:
2185 kthread_stop(rfcomm_thread);
2186
2187 unregister:
2188 hci_unregister_cb(&rfcomm_cb);
2189
2190 return err;
2191 }
2192
2193 static void __exit rfcomm_exit(void)
2194 {
2195 debugfs_remove(rfcomm_dlc_debugfs);
2196
2197 hci_unregister_cb(&rfcomm_cb);
2198
2199 kthread_stop(rfcomm_thread);
2200
2201 rfcomm_cleanup_ttys();
2202
2203 rfcomm_cleanup_sockets();
2204 }
2205
2206 module_init(rfcomm_init);
2207 module_exit(rfcomm_exit);
2208
2209 module_param(disable_cfc, bool, 0644);
2210 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2211
2212 module_param(channel_mtu, int, 0644);
2213 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2214
2215 module_param(l2cap_mtu, uint, 0644);
2216 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2217
2218 module_param(l2cap_ertm, bool, 0644);
2219 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2220
2221 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2222 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2223 MODULE_VERSION(VERSION);
2224 MODULE_LICENSE("GPL");
2225 MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)