aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
commit1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch)
tree0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/bluetooth
Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/Kconfig63
-rw-r--r--net/bluetooth/Makefile13
-rw-r--r--net/bluetooth/af_bluetooth.c355
-rw-r--r--net/bluetooth/bnep/Kconfig24
-rw-r--r--net/bluetooth/bnep/Makefile7
-rw-r--r--net/bluetooth/bnep/bnep.h184
-rw-r--r--net/bluetooth/bnep/core.c713
-rw-r--r--net/bluetooth/bnep/netdev.c247
-rw-r--r--net/bluetooth/bnep/sock.c237
-rw-r--r--net/bluetooth/cmtp/Kconfig11
-rw-r--r--net/bluetooth/cmtp/Makefile7
-rw-r--r--net/bluetooth/cmtp/capi.c600
-rw-r--r--net/bluetooth/cmtp/cmtp.h135
-rw-r--r--net/bluetooth/cmtp/core.c504
-rw-r--r--net/bluetooth/cmtp/sock.c226
-rw-r--r--net/bluetooth/hci_conn.c471
-rw-r--r--net/bluetooth/hci_core.c1434
-rw-r--r--net/bluetooth/hci_event.c1044
-rw-r--r--net/bluetooth/hci_sock.c707
-rw-r--r--net/bluetooth/hci_sysfs.c153
-rw-r--r--net/bluetooth/hidp/Kconfig12
-rw-r--r--net/bluetooth/hidp/Makefile7
-rw-r--r--net/bluetooth/hidp/core.c772
-rw-r--r--net/bluetooth/hidp/hidp.h167
-rw-r--r--net/bluetooth/hidp/sock.c232
-rw-r--r--net/bluetooth/l2cap.c2329
-rw-r--r--net/bluetooth/lib.c178
-rw-r--r--net/bluetooth/rfcomm/Kconfig17
-rw-r--r--net/bluetooth/rfcomm/Makefile8
-rw-r--r--net/bluetooth/rfcomm/core.c2127
-rw-r--r--net/bluetooth/rfcomm/crc.c71
-rw-r--r--net/bluetooth/rfcomm/sock.c1010
-rw-r--r--net/bluetooth/rfcomm/tty.c930
-rw-r--r--net/bluetooth/sco.c1071
34 files changed, 16066 insertions, 0 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
new file mode 100644
index 00000000000..6929490d095
--- /dev/null
+++ b/net/bluetooth/Kconfig
@@ -0,0 +1,63 @@
1#
2# Bluetooth subsystem configuration
3#
4
5menuconfig BT
6 depends on NET
7 tristate "Bluetooth subsystem support"
8 help
9 Bluetooth is low-cost, low-power, short-range wireless technology.
10 It was designed as a replacement for cables and other short-range
11 technologies like IrDA. Bluetooth operates in personal area range
12 that typically extends up to 10 meters. More information about
13 Bluetooth can be found at <http://www.bluetooth.com/>.
14
15 Linux Bluetooth subsystem consist of several layers:
16 Bluetooth Core (HCI device and connection manager, scheduler)
17 HCI Device drivers (Interface to the hardware)
18 SCO Module (SCO audio links)
19 L2CAP Module (Logical Link Control and Adaptation Protocol)
20 RFCOMM Module (RFCOMM Protocol)
21 BNEP Module (Bluetooth Network Encapsulation Protocol)
22 CMTP Module (CAPI Message Transport Protocol)
23 HIDP Module (Human Interface Device Protocol)
24
25 Say Y here to compile Bluetooth support into the kernel or say M to
26 compile it as module (bluetooth).
27
28 To use Linux Bluetooth subsystem, you will need several user-space
29 utilities like hciconfig and hcid. These utilities and updates to
30 Bluetooth kernel modules are provided in the BlueZ packages.
31 For more information, see <http://www.bluez.org/>.
32
33config BT_L2CAP
34 tristate "L2CAP protocol support"
35 depends on BT
36 help
37 L2CAP (Logical Link Control and Adaptation Protocol) provides
38 connection oriented and connection-less data transport. L2CAP
39 support is required for most Bluetooth applications.
40
41 Say Y here to compile L2CAP support into the kernel or say M to
42 compile it as module (l2cap).
43
44config BT_SCO
45 tristate "SCO links support"
46 depends on BT
47 help
48 SCO link provides voice transport over Bluetooth. SCO support is
49 required for voice applications like Headset and Audio.
50
51 Say Y here to compile SCO support into the kernel or say M to
52 compile it as module (sco).
53
54source "net/bluetooth/rfcomm/Kconfig"
55
56source "net/bluetooth/bnep/Kconfig"
57
58source "net/bluetooth/cmtp/Kconfig"
59
60source "net/bluetooth/hidp/Kconfig"
61
62source "drivers/bluetooth/Kconfig"
63
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
new file mode 100644
index 00000000000..d1e433f7d67
--- /dev/null
+++ b/net/bluetooth/Makefile
@@ -0,0 +1,13 @@
1#
2# Makefile for the Linux Bluetooth subsystem.
3#
4
5obj-$(CONFIG_BT) += bluetooth.o
6obj-$(CONFIG_BT_L2CAP) += l2cap.o
7obj-$(CONFIG_BT_SCO) += sco.o
8obj-$(CONFIG_BT_RFCOMM) += rfcomm/
9obj-$(CONFIG_BT_BNEP) += bnep/
10obj-$(CONFIG_BT_CMTP) += cmtp/
11obj-$(CONFIG_BT_HIDP) += hidp/
12
13bluetooth-objs := af_bluetooth.o hci_core.o hci_conn.o hci_event.o hci_sock.o hci_sysfs.o lib.o
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
new file mode 100644
index 00000000000..1650c6bf699
--- /dev/null
+++ b/net/bluetooth/af_bluetooth.c
@@ -0,0 +1,355 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth address family and sockets. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/list.h>
32#include <linux/errno.h>
33#include <linux/kernel.h>
34#include <linux/major.h>
35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/skbuff.h>
38#include <linux/init.h>
39#include <linux/poll.h>
40#include <linux/proc_fs.h>
41#include <net/sock.h>
42
43#if defined(CONFIG_KMOD)
44#include <linux/kmod.h>
45#endif
46
47#include <net/bluetooth/bluetooth.h>
48
49#ifndef CONFIG_BT_SOCK_DEBUG
50#undef BT_DBG
51#define BT_DBG(D...)
52#endif
53
54#define VERSION "2.7"
55
56struct proc_dir_entry *proc_bt;
57EXPORT_SYMBOL(proc_bt);
58
59/* Bluetooth sockets */
60#define BT_MAX_PROTO 8
61static struct net_proto_family *bt_proto[BT_MAX_PROTO];
62
63int bt_sock_register(int proto, struct net_proto_family *ops)
64{
65 if (proto < 0 || proto >= BT_MAX_PROTO)
66 return -EINVAL;
67
68 if (bt_proto[proto])
69 return -EEXIST;
70
71 bt_proto[proto] = ops;
72 return 0;
73}
74EXPORT_SYMBOL(bt_sock_register);
75
76int bt_sock_unregister(int proto)
77{
78 if (proto < 0 || proto >= BT_MAX_PROTO)
79 return -EINVAL;
80
81 if (!bt_proto[proto])
82 return -ENOENT;
83
84 bt_proto[proto] = NULL;
85 return 0;
86}
87EXPORT_SYMBOL(bt_sock_unregister);
88
89static int bt_sock_create(struct socket *sock, int proto)
90{
91 int err = 0;
92
93 if (proto < 0 || proto >= BT_MAX_PROTO)
94 return -EINVAL;
95
96#if defined(CONFIG_KMOD)
97 if (!bt_proto[proto]) {
98 request_module("bt-proto-%d", proto);
99 }
100#endif
101 err = -EPROTONOSUPPORT;
102 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
103 err = bt_proto[proto]->create(sock, proto);
104 module_put(bt_proto[proto]->owner);
105 }
106 return err;
107}
108
109void bt_sock_link(struct bt_sock_list *l, struct sock *sk)
110{
111 write_lock_bh(&l->lock);
112 sk_add_node(sk, &l->head);
113 write_unlock_bh(&l->lock);
114}
115EXPORT_SYMBOL(bt_sock_link);
116
117void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk)
118{
119 write_lock_bh(&l->lock);
120 sk_del_node_init(sk);
121 write_unlock_bh(&l->lock);
122}
123EXPORT_SYMBOL(bt_sock_unlink);
124
125void bt_accept_enqueue(struct sock *parent, struct sock *sk)
126{
127 BT_DBG("parent %p, sk %p", parent, sk);
128
129 sock_hold(sk);
130 list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q);
131 bt_sk(sk)->parent = parent;
132 parent->sk_ack_backlog++;
133}
134EXPORT_SYMBOL(bt_accept_enqueue);
135
136void bt_accept_unlink(struct sock *sk)
137{
138 BT_DBG("sk %p state %d", sk, sk->sk_state);
139
140 list_del_init(&bt_sk(sk)->accept_q);
141 bt_sk(sk)->parent->sk_ack_backlog--;
142 bt_sk(sk)->parent = NULL;
143 sock_put(sk);
144}
145EXPORT_SYMBOL(bt_accept_unlink);
146
147struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock)
148{
149 struct list_head *p, *n;
150 struct sock *sk;
151
152 BT_DBG("parent %p", parent);
153
154 list_for_each_safe(p, n, &bt_sk(parent)->accept_q) {
155 sk = (struct sock *) list_entry(p, struct bt_sock, accept_q);
156
157 lock_sock(sk);
158
159 /* FIXME: Is this check still needed */
160 if (sk->sk_state == BT_CLOSED) {
161 release_sock(sk);
162 bt_accept_unlink(sk);
163 continue;
164 }
165
166 if (sk->sk_state == BT_CONNECTED || !newsock) {
167 bt_accept_unlink(sk);
168 if (newsock)
169 sock_graft(sk, newsock);
170 release_sock(sk);
171 return sk;
172 }
173
174 release_sock(sk);
175 }
176 return NULL;
177}
178EXPORT_SYMBOL(bt_accept_dequeue);
179
180int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
181 struct msghdr *msg, size_t len, int flags)
182{
183 int noblock = flags & MSG_DONTWAIT;
184 struct sock *sk = sock->sk;
185 struct sk_buff *skb;
186 size_t copied;
187 int err;
188
189 BT_DBG("sock %p sk %p len %d", sock, sk, len);
190
191 if (flags & (MSG_OOB))
192 return -EOPNOTSUPP;
193
194 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) {
195 if (sk->sk_shutdown & RCV_SHUTDOWN)
196 return 0;
197 return err;
198 }
199
200 msg->msg_namelen = 0;
201
202 copied = skb->len;
203 if (len < copied) {
204 msg->msg_flags |= MSG_TRUNC;
205 copied = len;
206 }
207
208 skb->h.raw = skb->data;
209 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
210
211 skb_free_datagram(sk, skb);
212
213 return err ? : copied;
214}
215EXPORT_SYMBOL(bt_sock_recvmsg);
216
217static inline unsigned int bt_accept_poll(struct sock *parent)
218{
219 struct list_head *p, *n;
220 struct sock *sk;
221
222 list_for_each_safe(p, n, &bt_sk(parent)->accept_q) {
223 sk = (struct sock *) list_entry(p, struct bt_sock, accept_q);
224 if (sk->sk_state == BT_CONNECTED)
225 return POLLIN | POLLRDNORM;
226 }
227
228 return 0;
229}
230
231unsigned int bt_sock_poll(struct file * file, struct socket *sock, poll_table *wait)
232{
233 struct sock *sk = sock->sk;
234 unsigned int mask = 0;
235
236 BT_DBG("sock %p, sk %p", sock, sk);
237
238 poll_wait(file, sk->sk_sleep, wait);
239
240 if (sk->sk_state == BT_LISTEN)
241 return bt_accept_poll(sk);
242
243 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
244 mask |= POLLERR;
245
246 if (sk->sk_shutdown == SHUTDOWN_MASK)
247 mask |= POLLHUP;
248
249 if (!skb_queue_empty(&sk->sk_receive_queue) ||
250 (sk->sk_shutdown & RCV_SHUTDOWN))
251 mask |= POLLIN | POLLRDNORM;
252
253 if (sk->sk_state == BT_CLOSED)
254 mask |= POLLHUP;
255
256 if (sk->sk_state == BT_CONNECT ||
257 sk->sk_state == BT_CONNECT2 ||
258 sk->sk_state == BT_CONFIG)
259 return mask;
260
261 if (sock_writeable(sk))
262 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
263 else
264 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
265
266 return mask;
267}
268EXPORT_SYMBOL(bt_sock_poll);
269
270int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
271{
272 DECLARE_WAITQUEUE(wait, current);
273 int err = 0;
274
275 BT_DBG("sk %p", sk);
276
277 add_wait_queue(sk->sk_sleep, &wait);
278 while (sk->sk_state != state) {
279 set_current_state(TASK_INTERRUPTIBLE);
280
281 if (!timeo) {
282 err = -EAGAIN;
283 break;
284 }
285
286 if (signal_pending(current)) {
287 err = sock_intr_errno(timeo);
288 break;
289 }
290
291 release_sock(sk);
292 timeo = schedule_timeout(timeo);
293 lock_sock(sk);
294
295 if (sk->sk_err) {
296 err = sock_error(sk);
297 break;
298 }
299 }
300 set_current_state(TASK_RUNNING);
301 remove_wait_queue(sk->sk_sleep, &wait);
302 return err;
303}
304EXPORT_SYMBOL(bt_sock_wait_state);
305
306static struct net_proto_family bt_sock_family_ops = {
307 .owner = THIS_MODULE,
308 .family = PF_BLUETOOTH,
309 .create = bt_sock_create,
310};
311
312extern int hci_sock_init(void);
313extern int hci_sock_cleanup(void);
314
315extern int bt_sysfs_init(void);
316extern int bt_sysfs_cleanup(void);
317
318static int __init bt_init(void)
319{
320 BT_INFO("Core ver %s", VERSION);
321
322 proc_bt = proc_mkdir("bluetooth", NULL);
323 if (proc_bt)
324 proc_bt->owner = THIS_MODULE;
325
326 sock_register(&bt_sock_family_ops);
327
328 BT_INFO("HCI device and connection manager initialized");
329
330 bt_sysfs_init();
331
332 hci_sock_init();
333
334 return 0;
335}
336
337static void __exit bt_exit(void)
338{
339 hci_sock_cleanup();
340
341 bt_sysfs_cleanup();
342
343 sock_unregister(PF_BLUETOOTH);
344
345 remove_proc_entry("bluetooth", NULL);
346}
347
348subsys_initcall(bt_init);
349module_exit(bt_exit);
350
351MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
352MODULE_DESCRIPTION("Bluetooth Core ver " VERSION);
353MODULE_VERSION(VERSION);
354MODULE_LICENSE("GPL");
355MODULE_ALIAS_NETPROTO(PF_BLUETOOTH);
diff --git a/net/bluetooth/bnep/Kconfig b/net/bluetooth/bnep/Kconfig
new file mode 100644
index 00000000000..35158b036d5
--- /dev/null
+++ b/net/bluetooth/bnep/Kconfig
@@ -0,0 +1,24 @@
1config BT_BNEP
2 tristate "BNEP protocol support"
3 depends on BT && BT_L2CAP
4 select CRC32
5 help
6 BNEP (Bluetooth Network Encapsulation Protocol) is Ethernet
7 emulation layer on top of Bluetooth. BNEP is required for
8 Bluetooth PAN (Personal Area Network).
9
10 Say Y here to compile BNEP support into the kernel or say M to
11 compile it as module (bnep).
12
13config BT_BNEP_MC_FILTER
14 bool "Multicast filter support"
15 depends on BT_BNEP
16 help
17 This option enables the multicast filter support for BNEP.
18
19config BT_BNEP_PROTO_FILTER
20 bool "Protocol filter support"
21 depends on BT_BNEP
22 help
23 This option enables the protocol filter support for BNEP.
24
diff --git a/net/bluetooth/bnep/Makefile b/net/bluetooth/bnep/Makefile
new file mode 100644
index 00000000000..c7821e76ca5
--- /dev/null
+++ b/net/bluetooth/bnep/Makefile
@@ -0,0 +1,7 @@
1#
2# Makefile for the Linux Bluetooth BNEP layer.
3#
4
5obj-$(CONFIG_BT_BNEP) += bnep.o
6
7bnep-objs := core.o sock.o netdev.o
diff --git a/net/bluetooth/bnep/bnep.h b/net/bluetooth/bnep/bnep.h
new file mode 100644
index 00000000000..bbb1ed7097a
--- /dev/null
+++ b/net/bluetooth/bnep/bnep.h
@@ -0,0 +1,184 @@
1/*
2 BNEP protocol definition for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License, version 2, as
7 published by the Free Software Foundation.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17*/
18
19/*
20 * $Id: bnep.h,v 1.5 2002/08/04 21:23:58 maxk Exp $
21 */
22
23#ifndef _BNEP_H
24#define _BNEP_H
25
26#include <linux/types.h>
27#include <linux/crc32.h>
28#include <net/bluetooth/bluetooth.h>
29
30// Limits
31#define BNEP_MAX_PROTO_FILTERS 5
32#define BNEP_MAX_MULTICAST_FILTERS 20
33
34// UUIDs
35#define BNEP_BASE_UUID 0x0000000000001000800000805F9B34FB
36#define BNEP_UUID16 0x02
37#define BNEP_UUID32 0x04
38#define BNEP_UUID128 0x16
39
40#define BNEP_SVC_PANU 0x1115
41#define BNEP_SVC_NAP 0x1116
42#define BNEP_SVC_GN 0x1117
43
44// Packet types
45#define BNEP_GENERAL 0x00
46#define BNEP_CONTROL 0x01
47#define BNEP_COMPRESSED 0x02
48#define BNEP_COMPRESSED_SRC_ONLY 0x03
49#define BNEP_COMPRESSED_DST_ONLY 0x04
50
51// Control types
52#define BNEP_CMD_NOT_UNDERSTOOD 0x00
53#define BNEP_SETUP_CONN_REQ 0x01
54#define BNEP_SETUP_CONN_RSP 0x02
55#define BNEP_FILTER_NET_TYPE_SET 0x03
56#define BNEP_FILTER_NET_TYPE_RSP 0x04
57#define BNEP_FILTER_MULTI_ADDR_SET 0x05
58#define BNEP_FILTER_MULTI_ADDR_RSP 0x06
59
60// Extension types
61#define BNEP_EXT_CONTROL 0x00
62
63// Response messages
64#define BNEP_SUCCESS 0x00
65
66#define BNEP_CONN_INVALID_DST 0x01
67#define BNEP_CONN_INVALID_SRC 0x02
68#define BNEP_CONN_INVALID_SVC 0x03
69#define BNEP_CONN_NOT_ALLOWED 0x04
70
71#define BNEP_FILTER_UNSUPPORTED_REQ 0x01
72#define BNEP_FILTER_INVALID_RANGE 0x02
73#define BNEP_FILTER_INVALID_MCADDR 0x02
74#define BNEP_FILTER_LIMIT_REACHED 0x03
75#define BNEP_FILTER_DENIED_SECURITY 0x04
76
77// L2CAP settings
78#define BNEP_MTU 1691
79#define BNEP_PSM 0x0f
80#define BNEP_FLUSH_TO 0xffff
81#define BNEP_CONNECT_TO 15
82#define BNEP_FILTER_TO 15
83
84// Headers
85#define BNEP_TYPE_MASK 0x7f
86#define BNEP_EXT_HEADER 0x80
87
88struct bnep_setup_conn_req {
89 __u8 type;
90 __u8 ctrl;
91 __u8 uuid_size;
92 __u8 service[0];
93} __attribute__((packed));
94
95struct bnep_set_filter_req {
96 __u8 type;
97 __u8 ctrl;
98 __u16 len;
99 __u8 list[0];
100} __attribute__((packed));
101
102struct bnep_control_rsp {
103 __u8 type;
104 __u8 ctrl;
105 __u16 resp;
106} __attribute__((packed));
107
108struct bnep_ext_hdr {
109 __u8 type;
110 __u8 len;
111 __u8 data[0];
112} __attribute__((packed));
113
114/* BNEP ioctl defines */
115#define BNEPCONNADD _IOW('B', 200, int)
116#define BNEPCONNDEL _IOW('B', 201, int)
117#define BNEPGETCONNLIST _IOR('B', 210, int)
118#define BNEPGETCONNINFO _IOR('B', 211, int)
119
120struct bnep_connadd_req {
121 int sock; // Connected socket
122 __u32 flags;
123 __u16 role;
124 char device[16]; // Name of the Ethernet device
125};
126
127struct bnep_conndel_req {
128 __u32 flags;
129 __u8 dst[ETH_ALEN];
130};
131
132struct bnep_conninfo {
133 __u32 flags;
134 __u16 role;
135 __u16 state;
136 __u8 dst[ETH_ALEN];
137 char device[16];
138};
139
140struct bnep_connlist_req {
141 __u32 cnum;
142 struct bnep_conninfo __user *ci;
143};
144
145struct bnep_proto_filter {
146 __u16 start;
147 __u16 end;
148};
149
150int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock);
151int bnep_del_connection(struct bnep_conndel_req *req);
152int bnep_get_connlist(struct bnep_connlist_req *req);
153int bnep_get_conninfo(struct bnep_conninfo *ci);
154
155// BNEP sessions
156struct bnep_session {
157 struct list_head list;
158
159 unsigned int role;
160 unsigned long state;
161 unsigned long flags;
162 atomic_t killed;
163
164 struct ethhdr eh;
165 struct msghdr msg;
166
167 struct bnep_proto_filter proto_filter[BNEP_MAX_PROTO_FILTERS];
168 u64 mc_filter;
169
170 struct socket *sock;
171 struct net_device *dev;
172 struct net_device_stats stats;
173};
174
175void bnep_net_setup(struct net_device *dev);
176int bnep_sock_init(void);
177int bnep_sock_cleanup(void);
178
179static inline int bnep_mc_hash(__u8 *addr)
180{
181 return (crc32_be(~0, addr, ETH_ALEN) >> 26);
182}
183
184#endif
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
new file mode 100644
index 00000000000..682bf20af52
--- /dev/null
+++ b/net/bluetooth/bnep/core.c
@@ -0,0 +1,713 @@
1/*
2 BNEP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2001-2002 Inventel Systemes
4 Written 2001-2002 by
5 Clément Moreau <clement.moreau@inventel.fr>
6 David Libault <david.libault@inventel.fr>
7
8 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/*
29 * $Id: core.c,v 1.20 2002/08/04 21:23:58 maxk Exp $
30 */
31
32#include <linux/config.h>
33#include <linux/module.h>
34
35#include <linux/kernel.h>
36#include <linux/sched.h>
37#include <linux/signal.h>
38#include <linux/init.h>
39#include <linux/wait.h>
40#include <linux/errno.h>
41#include <linux/smp_lock.h>
42#include <linux/net.h>
43#include <net/sock.h>
44
45#include <linux/socket.h>
46#include <linux/file.h>
47
48#include <linux/netdevice.h>
49#include <linux/etherdevice.h>
50#include <linux/skbuff.h>
51
52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/l2cap.h>
56
57#include "bnep.h"
58
59#ifndef CONFIG_BT_BNEP_DEBUG
60#undef BT_DBG
61#define BT_DBG(D...)
62#endif
63
64#define VERSION "1.2"
65
66static LIST_HEAD(bnep_session_list);
67static DECLARE_RWSEM(bnep_session_sem);
68
69static struct bnep_session *__bnep_get_session(u8 *dst)
70{
71 struct bnep_session *s;
72 struct list_head *p;
73
74 BT_DBG("");
75
76 list_for_each(p, &bnep_session_list) {
77 s = list_entry(p, struct bnep_session, list);
78 if (!memcmp(dst, s->eh.h_source, ETH_ALEN))
79 return s;
80 }
81 return NULL;
82}
83
84static void __bnep_link_session(struct bnep_session *s)
85{
86 /* It's safe to call __module_get() here because sessions are added
87 by the socket layer which has to hold the refference to this module.
88 */
89 __module_get(THIS_MODULE);
90 list_add(&s->list, &bnep_session_list);
91}
92
93static void __bnep_unlink_session(struct bnep_session *s)
94{
95 list_del(&s->list);
96 module_put(THIS_MODULE);
97}
98
99static int bnep_send(struct bnep_session *s, void *data, size_t len)
100{
101 struct socket *sock = s->sock;
102 struct kvec iv = { data, len };
103
104 return kernel_sendmsg(sock, &s->msg, &iv, 1, len);
105}
106
107static int bnep_send_rsp(struct bnep_session *s, u8 ctrl, u16 resp)
108{
109 struct bnep_control_rsp rsp;
110 rsp.type = BNEP_CONTROL;
111 rsp.ctrl = ctrl;
112 rsp.resp = htons(resp);
113 return bnep_send(s, &rsp, sizeof(rsp));
114}
115
116#ifdef CONFIG_BT_BNEP_PROTO_FILTER
117static inline void bnep_set_default_proto_filter(struct bnep_session *s)
118{
119 /* (IPv4, ARP) */
120 s->proto_filter[0].start = htons(0x0800);
121 s->proto_filter[0].end = htons(0x0806);
122 /* (RARP, AppleTalk) */
123 s->proto_filter[1].start = htons(0x8035);
124 s->proto_filter[1].end = htons(0x80F3);
125 /* (IPX, IPv6) */
126 s->proto_filter[2].start = htons(0x8137);
127 s->proto_filter[2].end = htons(0x86DD);
128}
129#endif
130
131static int bnep_ctrl_set_netfilter(struct bnep_session *s, u16 *data, int len)
132{
133 int n;
134
135 if (len < 2)
136 return -EILSEQ;
137
138 n = ntohs(get_unaligned(data));
139 data++; len -= 2;
140
141 if (len < n)
142 return -EILSEQ;
143
144 BT_DBG("filter len %d", n);
145
146#ifdef CONFIG_BT_BNEP_PROTO_FILTER
147 n /= 4;
148 if (n <= BNEP_MAX_PROTO_FILTERS) {
149 struct bnep_proto_filter *f = s->proto_filter;
150 int i;
151
152 for (i = 0; i < n; i++) {
153 f[i].start = get_unaligned(data++);
154 f[i].end = get_unaligned(data++);
155
156 BT_DBG("proto filter start %d end %d",
157 f[i].start, f[i].end);
158 }
159
160 if (i < BNEP_MAX_PROTO_FILTERS)
161 memset(f + i, 0, sizeof(*f));
162
163 if (n == 0)
164 bnep_set_default_proto_filter(s);
165
166 bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_SUCCESS);
167 } else {
168 bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_FILTER_LIMIT_REACHED);
169 }
170#else
171 bnep_send_rsp(s, BNEP_FILTER_NET_TYPE_RSP, BNEP_FILTER_UNSUPPORTED_REQ);
172#endif
173 return 0;
174}
175
176static int bnep_ctrl_set_mcfilter(struct bnep_session *s, u8 *data, int len)
177{
178 int n;
179
180 if (len < 2)
181 return -EILSEQ;
182
183 n = ntohs(get_unaligned((u16 *) data));
184 data += 2; len -= 2;
185
186 if (len < n)
187 return -EILSEQ;
188
189 BT_DBG("filter len %d", n);
190
191#ifdef CONFIG_BT_BNEP_MC_FILTER
192 n /= (ETH_ALEN * 2);
193
194 if (n > 0) {
195 s->mc_filter = 0;
196
197 /* Always send broadcast */
198 set_bit(bnep_mc_hash(s->dev->broadcast), (ulong *) &s->mc_filter);
199
200 /* Add address ranges to the multicast hash */
201 for (; n > 0; n--) {
202 u8 a1[6], *a2;
203
204 memcpy(a1, data, ETH_ALEN); data += ETH_ALEN;
205 a2 = data; data += ETH_ALEN;
206
207 BT_DBG("mc filter %s -> %s",
208 batostr((void *) a1), batostr((void *) a2));
209
210 #define INCA(a) { int i = 5; while (i >=0 && ++a[i--] == 0); }
211
212 /* Iterate from a1 to a2 */
213 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter);
214 while (memcmp(a1, a2, 6) < 0 && s->mc_filter != ~0LL) {
215 INCA(a1);
216 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter);
217 }
218 }
219 }
220
221 BT_DBG("mc filter hash 0x%llx", s->mc_filter);
222
223 bnep_send_rsp(s, BNEP_FILTER_MULTI_ADDR_RSP, BNEP_SUCCESS);
224#else
225 bnep_send_rsp(s, BNEP_FILTER_MULTI_ADDR_RSP, BNEP_FILTER_UNSUPPORTED_REQ);
226#endif
227 return 0;
228}
229
230static int bnep_rx_control(struct bnep_session *s, void *data, int len)
231{
232 u8 cmd = *(u8 *)data;
233 int err = 0;
234
235 data++; len--;
236
237 switch (cmd) {
238 case BNEP_CMD_NOT_UNDERSTOOD:
239 case BNEP_SETUP_CONN_REQ:
240 case BNEP_SETUP_CONN_RSP:
241 case BNEP_FILTER_NET_TYPE_RSP:
242 case BNEP_FILTER_MULTI_ADDR_RSP:
243 /* Ignore these for now */
244 break;
245
246 case BNEP_FILTER_NET_TYPE_SET:
247 err = bnep_ctrl_set_netfilter(s, data, len);
248 break;
249
250 case BNEP_FILTER_MULTI_ADDR_SET:
251 err = bnep_ctrl_set_mcfilter(s, data, len);
252 break;
253
254 default: {
255 u8 pkt[3];
256 pkt[0] = BNEP_CONTROL;
257 pkt[1] = BNEP_CMD_NOT_UNDERSTOOD;
258 pkt[2] = cmd;
259 bnep_send(s, pkt, sizeof(pkt));
260 }
261 break;
262 }
263
264 return err;
265}
266
267static int bnep_rx_extension(struct bnep_session *s, struct sk_buff *skb)
268{
269 struct bnep_ext_hdr *h;
270 int err = 0;
271
272 do {
273 h = (void *) skb->data;
274 if (!skb_pull(skb, sizeof(*h))) {
275 err = -EILSEQ;
276 break;
277 }
278
279 BT_DBG("type 0x%x len %d", h->type, h->len);
280
281 switch (h->type & BNEP_TYPE_MASK) {
282 case BNEP_EXT_CONTROL:
283 bnep_rx_control(s, skb->data, skb->len);
284 break;
285
286 default:
287 /* Unknown extension, skip it. */
288 break;
289 }
290
291 if (!skb_pull(skb, h->len)) {
292 err = -EILSEQ;
293 break;
294 }
295 } while (!err && (h->type & BNEP_EXT_HEADER));
296
297 return err;
298}
299
300static u8 __bnep_rx_hlen[] = {
301 ETH_HLEN, /* BNEP_GENERAL */
302 0, /* BNEP_CONTROL */
303 2, /* BNEP_COMPRESSED */
304 ETH_ALEN + 2, /* BNEP_COMPRESSED_SRC_ONLY */
305 ETH_ALEN + 2 /* BNEP_COMPRESSED_DST_ONLY */
306};
307#define BNEP_RX_TYPES (sizeof(__bnep_rx_hlen) - 1)
308
309static inline int bnep_rx_frame(struct bnep_session *s, struct sk_buff *skb)
310{
311 struct net_device *dev = s->dev;
312 struct sk_buff *nskb;
313 u8 type;
314
315 dev->last_rx = jiffies;
316 s->stats.rx_bytes += skb->len;
317
318 type = *(u8 *) skb->data; skb_pull(skb, 1);
319
320 if ((type & BNEP_TYPE_MASK) > BNEP_RX_TYPES)
321 goto badframe;
322
323 if ((type & BNEP_TYPE_MASK) == BNEP_CONTROL) {
324 bnep_rx_control(s, skb->data, skb->len);
325 kfree_skb(skb);
326 return 0;
327 }
328
329 skb->mac.raw = skb->data;
330
331 /* Verify and pull out header */
332 if (!skb_pull(skb, __bnep_rx_hlen[type & BNEP_TYPE_MASK]))
333 goto badframe;
334
335 s->eh.h_proto = get_unaligned((u16 *) (skb->data - 2));
336
337 if (type & BNEP_EXT_HEADER) {
338 if (bnep_rx_extension(s, skb) < 0)
339 goto badframe;
340 }
341
342 /* Strip 802.1p header */
343 if (ntohs(s->eh.h_proto) == 0x8100) {
344 if (!skb_pull(skb, 4))
345 goto badframe;
346 s->eh.h_proto = get_unaligned((u16 *) (skb->data - 2));
347 }
348
349 /* We have to alloc new skb and copy data here :(. Because original skb
350 * may not be modified and because of the alignment requirements. */
351 nskb = alloc_skb(2 + ETH_HLEN + skb->len, GFP_KERNEL);
352 if (!nskb) {
353 s->stats.rx_dropped++;
354 kfree_skb(skb);
355 return -ENOMEM;
356 }
357 skb_reserve(nskb, 2);
358
359 /* Decompress header and construct ether frame */
360 switch (type & BNEP_TYPE_MASK) {
361 case BNEP_COMPRESSED:
362 memcpy(__skb_put(nskb, ETH_HLEN), &s->eh, ETH_HLEN);
363 break;
364
365 case BNEP_COMPRESSED_SRC_ONLY:
366 memcpy(__skb_put(nskb, ETH_ALEN), s->eh.h_dest, ETH_ALEN);
367 memcpy(__skb_put(nskb, ETH_ALEN), skb->mac.raw, ETH_ALEN);
368 put_unaligned(s->eh.h_proto, (u16 *) __skb_put(nskb, 2));
369 break;
370
371 case BNEP_COMPRESSED_DST_ONLY:
372 memcpy(__skb_put(nskb, ETH_ALEN), skb->mac.raw, ETH_ALEN);
373 memcpy(__skb_put(nskb, ETH_ALEN + 2), s->eh.h_source, ETH_ALEN + 2);
374 break;
375
376 case BNEP_GENERAL:
377 memcpy(__skb_put(nskb, ETH_ALEN * 2), skb->mac.raw, ETH_ALEN * 2);
378 put_unaligned(s->eh.h_proto, (u16 *) __skb_put(nskb, 2));
379 break;
380 }
381
382 memcpy(__skb_put(nskb, skb->len), skb->data, skb->len);
383 kfree_skb(skb);
384
385 s->stats.rx_packets++;
386 nskb->dev = dev;
387 nskb->ip_summed = CHECKSUM_NONE;
388 nskb->protocol = eth_type_trans(nskb, dev);
389 netif_rx_ni(nskb);
390 return 0;
391
392badframe:
393 s->stats.rx_errors++;
394 kfree_skb(skb);
395 return 0;
396}
397
398static u8 __bnep_tx_types[] = {
399 BNEP_GENERAL,
400 BNEP_COMPRESSED_SRC_ONLY,
401 BNEP_COMPRESSED_DST_ONLY,
402 BNEP_COMPRESSED
403};
404
405static inline int bnep_tx_frame(struct bnep_session *s, struct sk_buff *skb)
406{
407 struct ethhdr *eh = (void *) skb->data;
408 struct socket *sock = s->sock;
409 struct kvec iv[3];
410 int len = 0, il = 0;
411 u8 type = 0;
412
413 BT_DBG("skb %p dev %p type %d", skb, skb->dev, skb->pkt_type);
414
415 if (!skb->dev) {
416 /* Control frame sent by us */
417 goto send;
418 }
419
420 iv[il++] = (struct kvec) { &type, 1 };
421 len++;
422
423 if (!memcmp(eh->h_dest, s->eh.h_source, ETH_ALEN))
424 type |= 0x01;
425
426 if (!memcmp(eh->h_source, s->eh.h_dest, ETH_ALEN))
427 type |= 0x02;
428
429 if (type)
430 skb_pull(skb, ETH_ALEN * 2);
431
432 type = __bnep_tx_types[type];
433 switch (type) {
434 case BNEP_COMPRESSED_SRC_ONLY:
435 iv[il++] = (struct kvec) { eh->h_source, ETH_ALEN };
436 len += ETH_ALEN;
437 break;
438
439 case BNEP_COMPRESSED_DST_ONLY:
440 iv[il++] = (struct kvec) { eh->h_dest, ETH_ALEN };
441 len += ETH_ALEN;
442 break;
443 }
444
445send:
446 iv[il++] = (struct kvec) { skb->data, skb->len };
447 len += skb->len;
448
449 /* FIXME: linearize skb */
450 {
451 len = kernel_sendmsg(sock, &s->msg, iv, il, len);
452 }
453 kfree_skb(skb);
454
455 if (len > 0) {
456 s->stats.tx_bytes += len;
457 s->stats.tx_packets++;
458 return 0;
459 }
460
461 return len;
462}
463
464static int bnep_session(void *arg)
465{
466 struct bnep_session *s = arg;
467 struct net_device *dev = s->dev;
468 struct sock *sk = s->sock->sk;
469 struct sk_buff *skb;
470 wait_queue_t wait;
471
472 BT_DBG("");
473
474 daemonize("kbnepd %s", dev->name);
475 set_user_nice(current, -15);
476 current->flags |= PF_NOFREEZE;
477
478 init_waitqueue_entry(&wait, current);
479 add_wait_queue(sk->sk_sleep, &wait);
480 while (!atomic_read(&s->killed)) {
481 set_current_state(TASK_INTERRUPTIBLE);
482
483 // RX
484 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
485 skb_orphan(skb);
486 bnep_rx_frame(s, skb);
487 }
488
489 if (sk->sk_state != BT_CONNECTED)
490 break;
491
492 // TX
493 while ((skb = skb_dequeue(&sk->sk_write_queue)))
494 if (bnep_tx_frame(s, skb))
495 break;
496 netif_wake_queue(dev);
497
498 schedule();
499 }
500 set_current_state(TASK_RUNNING);
501 remove_wait_queue(sk->sk_sleep, &wait);
502
503 /* Cleanup session */
504 down_write(&bnep_session_sem);
505
506 /* Delete network device */
507 unregister_netdev(dev);
508
509 /* Release the socket */
510 fput(s->sock->file);
511
512 __bnep_unlink_session(s);
513
514 up_write(&bnep_session_sem);
515 free_netdev(dev);
516 return 0;
517}
518
519int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
520{
521 struct net_device *dev;
522 struct bnep_session *s, *ss;
523 u8 dst[ETH_ALEN], src[ETH_ALEN];
524 int err;
525
526 BT_DBG("");
527
528 baswap((void *) dst, &bt_sk(sock->sk)->dst);
529 baswap((void *) src, &bt_sk(sock->sk)->src);
530
531 /* session struct allocated as private part of net_device */
532 dev = alloc_netdev(sizeof(struct bnep_session),
533 (*req->device) ? req->device : "bnep%d",
534 bnep_net_setup);
535 if (!dev)
536 return ENOMEM;
537
538
539 down_write(&bnep_session_sem);
540
541 ss = __bnep_get_session(dst);
542 if (ss && ss->state == BT_CONNECTED) {
543 err = -EEXIST;
544 goto failed;
545 }
546
547 s = dev->priv;
548
549 /* This is rx header therefore addresses are swapped.
550 * ie eh.h_dest is our local address. */
551 memcpy(s->eh.h_dest, &src, ETH_ALEN);
552 memcpy(s->eh.h_source, &dst, ETH_ALEN);
553 memcpy(dev->dev_addr, s->eh.h_dest, ETH_ALEN);
554
555 s->dev = dev;
556 s->sock = sock;
557 s->role = req->role;
558 s->state = BT_CONNECTED;
559
560 s->msg.msg_flags = MSG_NOSIGNAL;
561
562#ifdef CONFIG_BT_BNEP_MC_FILTER
563 /* Set default mc filter */
564 set_bit(bnep_mc_hash(dev->broadcast), (ulong *) &s->mc_filter);
565#endif
566
567#ifdef CONFIG_BT_BNEP_PROTO_FILTER
568 /* Set default protocol filter */
569 bnep_set_default_proto_filter(s);
570#endif
571
572 err = register_netdev(dev);
573 if (err) {
574 goto failed;
575 }
576
577 __bnep_link_session(s);
578
579 err = kernel_thread(bnep_session, s, CLONE_KERNEL);
580 if (err < 0) {
581 /* Session thread start failed, gotta cleanup. */
582 unregister_netdev(dev);
583 __bnep_unlink_session(s);
584 goto failed;
585 }
586
587 up_write(&bnep_session_sem);
588 strcpy(req->device, dev->name);
589 return 0;
590
591failed:
592 up_write(&bnep_session_sem);
593 free_netdev(dev);
594 return err;
595}
596
597int bnep_del_connection(struct bnep_conndel_req *req)
598{
599 struct bnep_session *s;
600 int err = 0;
601
602 BT_DBG("");
603
604 down_read(&bnep_session_sem);
605
606 s = __bnep_get_session(req->dst);
607 if (s) {
608 /* Wakeup user-space which is polling for socket errors.
609 * This is temporary hack untill we have shutdown in L2CAP */
610 s->sock->sk->sk_err = EUNATCH;
611
612 /* Kill session thread */
613 atomic_inc(&s->killed);
614 wake_up_interruptible(s->sock->sk->sk_sleep);
615 } else
616 err = -ENOENT;
617
618 up_read(&bnep_session_sem);
619 return err;
620}
621
622static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
623{
624 memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
625 strcpy(ci->device, s->dev->name);
626 ci->flags = s->flags;
627 ci->state = s->state;
628 ci->role = s->role;
629}
630
631int bnep_get_connlist(struct bnep_connlist_req *req)
632{
633 struct list_head *p;
634 int err = 0, n = 0;
635
636 down_read(&bnep_session_sem);
637
638 list_for_each(p, &bnep_session_list) {
639 struct bnep_session *s;
640 struct bnep_conninfo ci;
641
642 s = list_entry(p, struct bnep_session, list);
643
644 __bnep_copy_ci(&ci, s);
645
646 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
647 err = -EFAULT;
648 break;
649 }
650
651 if (++n >= req->cnum)
652 break;
653
654 req->ci++;
655 }
656 req->cnum = n;
657
658 up_read(&bnep_session_sem);
659 return err;
660}
661
662int bnep_get_conninfo(struct bnep_conninfo *ci)
663{
664 struct bnep_session *s;
665 int err = 0;
666
667 down_read(&bnep_session_sem);
668
669 s = __bnep_get_session(ci->dst);
670 if (s)
671 __bnep_copy_ci(ci, s);
672 else
673 err = -ENOENT;
674
675 up_read(&bnep_session_sem);
676 return err;
677}
678
679static int __init bnep_init(void)
680{
681 char flt[50] = "";
682
683 l2cap_load();
684
685#ifdef CONFIG_BT_BNEP_PROTO_FILTER
686 strcat(flt, "protocol ");
687#endif
688
689#ifdef CONFIG_BT_BNEP_MC_FILTER
690 strcat(flt, "multicast");
691#endif
692
693 BT_INFO("BNEP (Ethernet Emulation) ver %s", VERSION);
694 if (flt[0])
695 BT_INFO("BNEP filters: %s", flt);
696
697 bnep_sock_init();
698 return 0;
699}
700
701static void __exit bnep_exit(void)
702{
703 bnep_sock_cleanup();
704}
705
706module_init(bnep_init);
707module_exit(bnep_exit);
708
709MODULE_AUTHOR("David Libault <david.libault@inventel.fr>, Maxim Krasnyansky <maxk@qualcomm.com>");
710MODULE_DESCRIPTION("Bluetooth BNEP ver " VERSION);
711MODULE_VERSION(VERSION);
712MODULE_LICENSE("GPL");
713MODULE_ALIAS("bt-proto-4");
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
new file mode 100644
index 00000000000..921204f95f4
--- /dev/null
+++ b/net/bluetooth/bnep/netdev.c
@@ -0,0 +1,247 @@
1/*
2 BNEP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2001-2002 Inventel Systemes
4 Written 2001-2002 by
5 Clément Moreau <clement.moreau@inventel.fr>
6 David Libault <david.libault@inventel.fr>
7
8 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
25 SOFTWARE IS DISCLAIMED.
26*/
27
28/*
29 * $Id: netdev.c,v 1.8 2002/08/04 21:23:58 maxk Exp $
30 */
31
32#include <linux/config.h>
33#include <linux/module.h>
34
35#include <linux/socket.h>
36#include <linux/netdevice.h>
37#include <linux/etherdevice.h>
38#include <linux/skbuff.h>
39#include <linux/wait.h>
40
41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45#include <net/bluetooth/l2cap.h>
46
47#include "bnep.h"
48
49#ifndef CONFIG_BT_BNEP_DEBUG
50#undef BT_DBG
51#define BT_DBG( A... )
52#endif
53
54#define BNEP_TX_QUEUE_LEN 20
55
56static int bnep_net_open(struct net_device *dev)
57{
58 netif_start_queue(dev);
59 return 0;
60}
61
62static int bnep_net_close(struct net_device *dev)
63{
64 netif_stop_queue(dev);
65 return 0;
66}
67
68static struct net_device_stats *bnep_net_get_stats(struct net_device *dev)
69{
70 struct bnep_session *s = dev->priv;
71 return &s->stats;
72}
73
74static void bnep_net_set_mc_list(struct net_device *dev)
75{
76#ifdef CONFIG_BT_BNEP_MC_FILTER
77 struct bnep_session *s = dev->priv;
78 struct sock *sk = s->sock->sk;
79 struct bnep_set_filter_req *r;
80 struct sk_buff *skb;
81 int size;
82
83 BT_DBG("%s mc_count %d", dev->name, dev->mc_count);
84
85 size = sizeof(*r) + (BNEP_MAX_MULTICAST_FILTERS + 1) * ETH_ALEN * 2;
86 skb = alloc_skb(size, GFP_ATOMIC);
87 if (!skb) {
88 BT_ERR("%s Multicast list allocation failed", dev->name);
89 return;
90 }
91
92 r = (void *) skb->data;
93 __skb_put(skb, sizeof(*r));
94
95 r->type = BNEP_CONTROL;
96 r->ctrl = BNEP_FILTER_MULTI_ADDR_SET;
97
98 if (dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) {
99 u8 start[ETH_ALEN] = { 0x01 };
100
101 /* Request all addresses */
102 memcpy(__skb_put(skb, ETH_ALEN), start, ETH_ALEN);
103 memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
104 r->len = htons(ETH_ALEN * 2);
105 } else {
106 struct dev_mc_list *dmi = dev->mc_list;
107 int i, len = skb->len;
108
109 if (dev->flags & IFF_BROADCAST) {
110 memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
111 memcpy(__skb_put(skb, ETH_ALEN), dev->broadcast, ETH_ALEN);
112 }
113
114 /* FIXME: We should group addresses here. */
115
116 for (i = 0; i < dev->mc_count && i < BNEP_MAX_MULTICAST_FILTERS; i++) {
117 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
118 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
119 dmi = dmi->next;
120 }
121 r->len = htons(skb->len - len);
122 }
123
124 skb_queue_tail(&sk->sk_write_queue, skb);
125 wake_up_interruptible(sk->sk_sleep);
126#endif
127}
128
129static int bnep_net_set_mac_addr(struct net_device *dev, void *arg)
130{
131 BT_DBG("%s", dev->name);
132 return 0;
133}
134
135static void bnep_net_timeout(struct net_device *dev)
136{
137 BT_DBG("net_timeout");
138 netif_wake_queue(dev);
139}
140
141static int bnep_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
142{
143 return -EINVAL;
144}
145
146#ifdef CONFIG_BT_BNEP_MC_FILTER
147static inline int bnep_net_mc_filter(struct sk_buff *skb, struct bnep_session *s)
148{
149 struct ethhdr *eh = (void *) skb->data;
150
151 if ((eh->h_dest[0] & 1) && !test_bit(bnep_mc_hash(eh->h_dest), (ulong *) &s->mc_filter))
152 return 1;
153 return 0;
154}
155#endif
156
157#ifdef CONFIG_BT_BNEP_PROTO_FILTER
158/* Determine ether protocol. Based on eth_type_trans. */
159static inline u16 bnep_net_eth_proto(struct sk_buff *skb)
160{
161 struct ethhdr *eh = (void *) skb->data;
162
163 if (ntohs(eh->h_proto) >= 1536)
164 return eh->h_proto;
165
166 if (get_unaligned((u16 *) skb->data) == 0xFFFF)
167 return htons(ETH_P_802_3);
168
169 return htons(ETH_P_802_2);
170}
171
172static inline int bnep_net_proto_filter(struct sk_buff *skb, struct bnep_session *s)
173{
174 u16 proto = bnep_net_eth_proto(skb);
175 struct bnep_proto_filter *f = s->proto_filter;
176 int i;
177
178 for (i = 0; i < BNEP_MAX_PROTO_FILTERS && f[i].end; i++) {
179 if (proto >= f[i].start && proto <= f[i].end)
180 return 0;
181 }
182
183 BT_DBG("BNEP: filtered skb %p, proto 0x%.4x", skb, proto);
184 return 1;
185}
186#endif
187
188static int bnep_net_xmit(struct sk_buff *skb, struct net_device *dev)
189{
190 struct bnep_session *s = dev->priv;
191 struct sock *sk = s->sock->sk;
192
193 BT_DBG("skb %p, dev %p", skb, dev);
194
195#ifdef CONFIG_BT_BNEP_MC_FILTER
196 if (bnep_net_mc_filter(skb, s)) {
197 kfree_skb(skb);
198 return 0;
199 }
200#endif
201
202#ifdef CONFIG_BT_BNEP_PROTO_FILTER
203 if (bnep_net_proto_filter(skb, s)) {
204 kfree_skb(skb);
205 return 0;
206 }
207#endif
208
209 /*
210 * We cannot send L2CAP packets from here as we are potentially in a bh.
211 * So we have to queue them and wake up session thread which is sleeping
212 * on the sk->sk_sleep.
213 */
214 dev->trans_start = jiffies;
215 skb_queue_tail(&sk->sk_write_queue, skb);
216 wake_up_interruptible(sk->sk_sleep);
217
218 if (skb_queue_len(&sk->sk_write_queue) >= BNEP_TX_QUEUE_LEN) {
219 BT_DBG("tx queue is full");
220
221 /* Stop queuing.
222 * Session thread will do netif_wake_queue() */
223 netif_stop_queue(dev);
224 }
225
226 return 0;
227}
228
229void bnep_net_setup(struct net_device *dev)
230{
231
232 memset(dev->broadcast, 0xff, ETH_ALEN);
233 dev->addr_len = ETH_ALEN;
234
235 ether_setup(dev);
236
237 dev->open = bnep_net_open;
238 dev->stop = bnep_net_close;
239 dev->hard_start_xmit = bnep_net_xmit;
240 dev->get_stats = bnep_net_get_stats;
241 dev->do_ioctl = bnep_net_ioctl;
242 dev->set_mac_address = bnep_net_set_mac_addr;
243 dev->set_multicast_list = bnep_net_set_mc_list;
244
245 dev->watchdog_timeo = HZ * 2;
246 dev->tx_timeout = bnep_net_timeout;
247}
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
new file mode 100644
index 00000000000..9a8d99a39b6
--- /dev/null
+++ b/net/bluetooth/bnep/sock.c
@@ -0,0 +1,237 @@
1/*
2 BNEP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2001-2002 Inventel Systemes
4 Written 2001-2002 by
5 David Libault <david.libault@inventel.fr>
6
7 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
25*/
26
27/*
28 * $Id: sock.c,v 1.4 2002/08/04 21:23:58 maxk Exp $
29 */
30
31#include <linux/config.h>
32#include <linux/module.h>
33
34#include <linux/types.h>
35#include <linux/errno.h>
36#include <linux/kernel.h>
37#include <linux/major.h>
38#include <linux/sched.h>
39#include <linux/slab.h>
40#include <linux/poll.h>
41#include <linux/fcntl.h>
42#include <linux/skbuff.h>
43#include <linux/socket.h>
44#include <linux/ioctl.h>
45#include <linux/file.h>
46#include <linux/init.h>
47#include <net/sock.h>
48
49#include <asm/system.h>
50#include <asm/uaccess.h>
51
52#include "bnep.h"
53
54#ifndef CONFIG_BT_BNEP_DEBUG
55#undef BT_DBG
56#define BT_DBG( A... )
57#endif
58
59static int bnep_sock_release(struct socket *sock)
60{
61 struct sock *sk = sock->sk;
62
63 BT_DBG("sock %p sk %p", sock, sk);
64
65 if (!sk)
66 return 0;
67
68 sock_orphan(sk);
69 sock_put(sk);
70 return 0;
71}
72
73static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
74{
75 struct bnep_connlist_req cl;
76 struct bnep_connadd_req ca;
77 struct bnep_conndel_req cd;
78 struct bnep_conninfo ci;
79 struct socket *nsock;
80 void __user *argp = (void __user *)arg;
81 int err;
82
83 BT_DBG("cmd %x arg %lx", cmd, arg);
84
85 switch (cmd) {
86 case BNEPCONNADD:
87 if (!capable(CAP_NET_ADMIN))
88 return -EACCES;
89
90 if (copy_from_user(&ca, argp, sizeof(ca)))
91 return -EFAULT;
92
93 nsock = sockfd_lookup(ca.sock, &err);
94 if (!nsock)
95 return err;
96
97 if (nsock->sk->sk_state != BT_CONNECTED) {
98 fput(nsock->file);
99 return -EBADFD;
100 }
101
102 err = bnep_add_connection(&ca, nsock);
103 if (!err) {
104 if (copy_to_user(argp, &ca, sizeof(ca)))
105 err = -EFAULT;
106 } else
107 fput(nsock->file);
108
109 return err;
110
111 case BNEPCONNDEL:
112 if (!capable(CAP_NET_ADMIN))
113 return -EACCES;
114
115 if (copy_from_user(&cd, argp, sizeof(cd)))
116 return -EFAULT;
117
118 return bnep_del_connection(&cd);
119
120 case BNEPGETCONNLIST:
121 if (copy_from_user(&cl, argp, sizeof(cl)))
122 return -EFAULT;
123
124 if (cl.cnum <= 0)
125 return -EINVAL;
126
127 err = bnep_get_connlist(&cl);
128 if (!err && copy_to_user(argp, &cl, sizeof(cl)))
129 return -EFAULT;
130
131 return err;
132
133 case BNEPGETCONNINFO:
134 if (copy_from_user(&ci, argp, sizeof(ci)))
135 return -EFAULT;
136
137 err = bnep_get_conninfo(&ci);
138 if (!err && copy_to_user(argp, &ci, sizeof(ci)))
139 return -EFAULT;
140
141 return err;
142
143 default:
144 return -EINVAL;
145 }
146
147 return 0;
148}
149
150static struct proto_ops bnep_sock_ops = {
151 .family = PF_BLUETOOTH,
152 .owner = THIS_MODULE,
153 .release = bnep_sock_release,
154 .ioctl = bnep_sock_ioctl,
155 .bind = sock_no_bind,
156 .getname = sock_no_getname,
157 .sendmsg = sock_no_sendmsg,
158 .recvmsg = sock_no_recvmsg,
159 .poll = sock_no_poll,
160 .listen = sock_no_listen,
161 .shutdown = sock_no_shutdown,
162 .setsockopt = sock_no_setsockopt,
163 .getsockopt = sock_no_getsockopt,
164 .connect = sock_no_connect,
165 .socketpair = sock_no_socketpair,
166 .accept = sock_no_accept,
167 .mmap = sock_no_mmap
168};
169
170static struct proto bnep_proto = {
171 .name = "BNEP",
172 .owner = THIS_MODULE,
173 .obj_size = sizeof(struct bt_sock)
174};
175
176static int bnep_sock_create(struct socket *sock, int protocol)
177{
178 struct sock *sk;
179
180 BT_DBG("sock %p", sock);
181
182 if (sock->type != SOCK_RAW)
183 return -ESOCKTNOSUPPORT;
184
185 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &bnep_proto, 1);
186 if (!sk)
187 return -ENOMEM;
188
189 sock_init_data(sock, sk);
190
191 sock->ops = &bnep_sock_ops;
192
193 sock->state = SS_UNCONNECTED;
194
195 sock_reset_flag(sk, SOCK_ZAPPED);
196
197 sk->sk_protocol = protocol;
198 sk->sk_state = BT_OPEN;
199
200 return 0;
201}
202
203static struct net_proto_family bnep_sock_family_ops = {
204 .family = PF_BLUETOOTH,
205 .owner = THIS_MODULE,
206 .create = bnep_sock_create
207};
208
209int __init bnep_sock_init(void)
210{
211 int err;
212
213 err = proto_register(&bnep_proto, 0);
214 if (err < 0)
215 return err;
216
217 err = bt_sock_register(BTPROTO_BNEP, &bnep_sock_family_ops);
218 if (err < 0)
219 goto error;
220
221 return 0;
222
223error:
224 BT_ERR("Can't register BNEP socket");
225 proto_unregister(&bnep_proto);
226 return err;
227}
228
229int __exit bnep_sock_cleanup(void)
230{
231 if (bt_sock_unregister(BTPROTO_BNEP) < 0)
232 BT_ERR("Can't unregister BNEP socket");
233
234 proto_unregister(&bnep_proto);
235
236 return 0;
237}
diff --git a/net/bluetooth/cmtp/Kconfig b/net/bluetooth/cmtp/Kconfig
new file mode 100644
index 00000000000..d6b0382f6f3
--- /dev/null
+++ b/net/bluetooth/cmtp/Kconfig
@@ -0,0 +1,11 @@
1config BT_CMTP
2 tristate "CMTP protocol support"
3 depends on BT && BT_L2CAP && ISDN_CAPI
4 help
5 CMTP (CAPI Message Transport Protocol) is a transport layer
6 for CAPI messages. CMTP is required for the Bluetooth Common
7 ISDN Access Profile.
8
9 Say Y here to compile CMTP support into the kernel or say M to
10 compile it as module (cmtp).
11
diff --git a/net/bluetooth/cmtp/Makefile b/net/bluetooth/cmtp/Makefile
new file mode 100644
index 00000000000..890a9a5a686
--- /dev/null
+++ b/net/bluetooth/cmtp/Makefile
@@ -0,0 +1,7 @@
1#
2# Makefile for the Linux Bluetooth CMTP layer
3#
4
5obj-$(CONFIG_BT_CMTP) += cmtp.o
6
7cmtp-objs := core.o sock.o capi.o
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c
new file mode 100644
index 00000000000..1e5c030b72a
--- /dev/null
+++ b/net/bluetooth/cmtp/capi.c
@@ -0,0 +1,600 @@
1/*
2 CMTP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/config.h>
24#include <linux/module.h>
25
26#include <linux/types.h>
27#include <linux/errno.h>
28#include <linux/kernel.h>
29#include <linux/major.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/poll.h>
33#include <linux/fcntl.h>
34#include <linux/skbuff.h>
35#include <linux/socket.h>
36#include <linux/ioctl.h>
37#include <linux/file.h>
38#include <linux/wait.h>
39#include <net/sock.h>
40
41#include <linux/isdn/capilli.h>
42#include <linux/isdn/capicmd.h>
43#include <linux/isdn/capiutil.h>
44
45#include "cmtp.h"
46
47#ifndef CONFIG_BT_CMTP_DEBUG
48#undef BT_DBG
49#define BT_DBG(D...)
50#endif
51
52#define CAPI_INTEROPERABILITY 0x20
53
54#define CAPI_INTEROPERABILITY_REQ CAPICMD(CAPI_INTEROPERABILITY, CAPI_REQ)
55#define CAPI_INTEROPERABILITY_CONF CAPICMD(CAPI_INTEROPERABILITY, CAPI_CONF)
56#define CAPI_INTEROPERABILITY_IND CAPICMD(CAPI_INTEROPERABILITY, CAPI_IND)
57#define CAPI_INTEROPERABILITY_RESP CAPICMD(CAPI_INTEROPERABILITY, CAPI_RESP)
58
59#define CAPI_INTEROPERABILITY_REQ_LEN (CAPI_MSG_BASELEN + 2)
60#define CAPI_INTEROPERABILITY_CONF_LEN (CAPI_MSG_BASELEN + 4)
61#define CAPI_INTEROPERABILITY_IND_LEN (CAPI_MSG_BASELEN + 2)
62#define CAPI_INTEROPERABILITY_RESP_LEN (CAPI_MSG_BASELEN + 2)
63
64#define CAPI_FUNCTION_REGISTER 0
65#define CAPI_FUNCTION_RELEASE 1
66#define CAPI_FUNCTION_GET_PROFILE 2
67#define CAPI_FUNCTION_GET_MANUFACTURER 3
68#define CAPI_FUNCTION_GET_VERSION 4
69#define CAPI_FUNCTION_GET_SERIAL_NUMBER 5
70#define CAPI_FUNCTION_MANUFACTURER 6
71#define CAPI_FUNCTION_LOOPBACK 7
72
73
74#define CMTP_MSGNUM 1
75#define CMTP_APPLID 2
76#define CMTP_MAPPING 3
77
78static struct cmtp_application *cmtp_application_add(struct cmtp_session *session, __u16 appl)
79{
80 struct cmtp_application *app = kmalloc(sizeof(*app), GFP_KERNEL);
81
82 BT_DBG("session %p application %p appl %d", session, app, appl);
83
84 if (!app)
85 return NULL;
86
87 memset(app, 0, sizeof(*app));
88
89 app->state = BT_OPEN;
90 app->appl = appl;
91
92 list_add_tail(&app->list, &session->applications);
93
94 return app;
95}
96
97static void cmtp_application_del(struct cmtp_session *session, struct cmtp_application *app)
98{
99 BT_DBG("session %p application %p", session, app);
100
101 if (app) {
102 list_del(&app->list);
103 kfree(app);
104 }
105}
106
107static struct cmtp_application *cmtp_application_get(struct cmtp_session *session, int pattern, __u16 value)
108{
109 struct cmtp_application *app;
110 struct list_head *p, *n;
111
112 list_for_each_safe(p, n, &session->applications) {
113 app = list_entry(p, struct cmtp_application, list);
114 switch (pattern) {
115 case CMTP_MSGNUM:
116 if (app->msgnum == value)
117 return app;
118 break;
119 case CMTP_APPLID:
120 if (app->appl == value)
121 return app;
122 break;
123 case CMTP_MAPPING:
124 if (app->mapping == value)
125 return app;
126 break;
127 }
128 }
129
130 return NULL;
131}
132
133static int cmtp_msgnum_get(struct cmtp_session *session)
134{
135 session->msgnum++;
136
137 if ((session->msgnum & 0xff) > 200)
138 session->msgnum = CMTP_INITIAL_MSGNUM + 1;
139
140 return session->msgnum;
141}
142
143static void cmtp_send_capimsg(struct cmtp_session *session, struct sk_buff *skb)
144{
145 struct cmtp_scb *scb = (void *) skb->cb;
146
147 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
148
149 scb->id = -1;
150 scb->data = (CAPIMSG_COMMAND(skb->data) == CAPI_DATA_B3);
151
152 skb_queue_tail(&session->transmit, skb);
153
154 cmtp_schedule(session);
155}
156
157static void cmtp_send_interopmsg(struct cmtp_session *session,
158 __u8 subcmd, __u16 appl, __u16 msgnum,
159 __u16 function, unsigned char *buf, int len)
160{
161 struct sk_buff *skb;
162 unsigned char *s;
163
164 BT_DBG("session %p subcmd 0x%02x appl %d msgnum %d", session, subcmd, appl, msgnum);
165
166 if (!(skb = alloc_skb(CAPI_MSG_BASELEN + 6 + len, GFP_ATOMIC))) {
167 BT_ERR("Can't allocate memory for interoperability packet");
168 return;
169 }
170
171 s = skb_put(skb, CAPI_MSG_BASELEN + 6 + len);
172
173 capimsg_setu16(s, 0, CAPI_MSG_BASELEN + 6 + len);
174 capimsg_setu16(s, 2, appl);
175 capimsg_setu8 (s, 4, CAPI_INTEROPERABILITY);
176 capimsg_setu8 (s, 5, subcmd);
177 capimsg_setu16(s, 6, msgnum);
178
179 /* Interoperability selector (Bluetooth Device Management) */
180 capimsg_setu16(s, 8, 0x0001);
181
182 capimsg_setu8 (s, 10, 3 + len);
183 capimsg_setu16(s, 11, function);
184 capimsg_setu8 (s, 13, len);
185
186 if (len > 0)
187 memcpy(s + 14, buf, len);
188
189 cmtp_send_capimsg(session, skb);
190}
191
192static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *skb)
193{
194 struct capi_ctr *ctrl = &session->ctrl;
195 struct cmtp_application *application;
196 __u16 appl, msgnum, func, info;
197 __u32 controller;
198
199 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
200
201 switch (CAPIMSG_SUBCOMMAND(skb->data)) {
202 case CAPI_CONF:
203 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
204 info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
205
206 switch (func) {
207 case CAPI_FUNCTION_REGISTER:
208 msgnum = CAPIMSG_MSGID(skb->data);
209
210 application = cmtp_application_get(session, CMTP_MSGNUM, msgnum);
211 if (application) {
212 application->state = BT_CONNECTED;
213 application->msgnum = 0;
214 application->mapping = CAPIMSG_APPID(skb->data);
215 wake_up_interruptible(&session->wait);
216 }
217
218 break;
219
220 case CAPI_FUNCTION_RELEASE:
221 appl = CAPIMSG_APPID(skb->data);
222
223 application = cmtp_application_get(session, CMTP_MAPPING, appl);
224 if (application) {
225 application->state = BT_CLOSED;
226 application->msgnum = 0;
227 wake_up_interruptible(&session->wait);
228 }
229
230 break;
231
232 case CAPI_FUNCTION_GET_PROFILE:
233 controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
234 msgnum = CAPIMSG_MSGID(skb->data);
235
236 if (!info && (msgnum == CMTP_INITIAL_MSGNUM)) {
237 session->ncontroller = controller;
238 wake_up_interruptible(&session->wait);
239 break;
240 }
241
242 if (!info && ctrl) {
243 memcpy(&ctrl->profile,
244 skb->data + CAPI_MSG_BASELEN + 11,
245 sizeof(capi_profile));
246 session->state = BT_CONNECTED;
247 capi_ctr_ready(ctrl);
248 }
249
250 break;
251
252 case CAPI_FUNCTION_GET_MANUFACTURER:
253 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
254
255 if (!info && ctrl) {
256 strncpy(ctrl->manu,
257 skb->data + CAPI_MSG_BASELEN + 15,
258 skb->data[CAPI_MSG_BASELEN + 14]);
259 }
260
261 break;
262
263 case CAPI_FUNCTION_GET_VERSION:
264 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
265
266 if (!info && ctrl) {
267 ctrl->version.majorversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 16);
268 ctrl->version.minorversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 20);
269 ctrl->version.majormanuversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 24);
270 ctrl->version.minormanuversion = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 28);
271 }
272
273 break;
274
275 case CAPI_FUNCTION_GET_SERIAL_NUMBER:
276 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
277
278 if (!info && ctrl) {
279 memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
280 strncpy(ctrl->serial,
281 skb->data + CAPI_MSG_BASELEN + 17,
282 skb->data[CAPI_MSG_BASELEN + 16]);
283 }
284
285 break;
286 }
287
288 break;
289
290 case CAPI_IND:
291 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
292
293 if (func == CAPI_FUNCTION_LOOPBACK) {
294 appl = CAPIMSG_APPID(skb->data);
295 msgnum = CAPIMSG_MSGID(skb->data);
296 cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
297 skb->data + CAPI_MSG_BASELEN + 6,
298 skb->data[CAPI_MSG_BASELEN + 5]);
299 }
300
301 break;
302 }
303
304 kfree_skb(skb);
305}
306
307void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb)
308{
309 struct capi_ctr *ctrl = &session->ctrl;
310 struct cmtp_application *application;
311 __u16 cmd, appl;
312 __u32 contr;
313
314 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
315
316 if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
317 cmtp_recv_interopmsg(session, skb);
318 return;
319 }
320
321 if (session->flags & (1 << CMTP_LOOPBACK)) {
322 kfree_skb(skb);
323 return;
324 }
325
326 cmd = CAPICMD(CAPIMSG_COMMAND(skb->data), CAPIMSG_SUBCOMMAND(skb->data));
327 appl = CAPIMSG_APPID(skb->data);
328 contr = CAPIMSG_CONTROL(skb->data);
329
330 application = cmtp_application_get(session, CMTP_MAPPING, appl);
331 if (application) {
332 appl = application->appl;
333 CAPIMSG_SETAPPID(skb->data, appl);
334 } else {
335 BT_ERR("Can't find application with id %d", appl);
336 kfree_skb(skb);
337 return;
338 }
339
340 if ((contr & 0x7f) == 0x01) {
341 contr = (contr & 0xffffff80) | session->num;
342 CAPIMSG_SETCONTROL(skb->data, contr);
343 }
344
345 if (!ctrl) {
346 BT_ERR("Can't find controller %d for message", session->num);
347 kfree_skb(skb);
348 return;
349 }
350
351 capi_ctr_handle_message(ctrl, appl, skb);
352}
353
354static int cmtp_load_firmware(struct capi_ctr *ctrl, capiloaddata *data)
355{
356 BT_DBG("ctrl %p data %p", ctrl, data);
357
358 return 0;
359}
360
361static void cmtp_reset_ctr(struct capi_ctr *ctrl)
362{
363 struct cmtp_session *session = ctrl->driverdata;
364
365 BT_DBG("ctrl %p", ctrl);
366
367 capi_ctr_reseted(ctrl);
368
369 atomic_inc(&session->terminate);
370 cmtp_schedule(session);
371}
372
373static void cmtp_register_appl(struct capi_ctr *ctrl, __u16 appl, capi_register_params *rp)
374{
375 DECLARE_WAITQUEUE(wait, current);
376 struct cmtp_session *session = ctrl->driverdata;
377 struct cmtp_application *application;
378 unsigned long timeo = CMTP_INTEROP_TIMEOUT;
379 unsigned char buf[8];
380 int err = 0, nconn, want = rp->level3cnt;
381
382 BT_DBG("ctrl %p appl %d level3cnt %d datablkcnt %d datablklen %d",
383 ctrl, appl, rp->level3cnt, rp->datablkcnt, rp->datablklen);
384
385 application = cmtp_application_add(session, appl);
386 if (!application) {
387 BT_ERR("Can't allocate memory for new application");
388 return;
389 }
390
391 if (want < 0)
392 nconn = ctrl->profile.nbchannel * -want;
393 else
394 nconn = want;
395
396 if (nconn == 0)
397 nconn = ctrl->profile.nbchannel;
398
399 capimsg_setu16(buf, 0, nconn);
400 capimsg_setu16(buf, 2, rp->datablkcnt);
401 capimsg_setu16(buf, 4, rp->datablklen);
402
403 application->state = BT_CONFIG;
404 application->msgnum = cmtp_msgnum_get(session);
405
406 cmtp_send_interopmsg(session, CAPI_REQ, 0x0000, application->msgnum,
407 CAPI_FUNCTION_REGISTER, buf, 6);
408
409 add_wait_queue(&session->wait, &wait);
410 while (1) {
411 set_current_state(TASK_INTERRUPTIBLE);
412
413 if (!timeo) {
414 err = -EAGAIN;
415 break;
416 }
417
418 if (application->state == BT_CLOSED) {
419 err = -application->err;
420 break;
421 }
422
423 if (application->state == BT_CONNECTED)
424 break;
425
426 if (signal_pending(current)) {
427 err = -EINTR;
428 break;
429 }
430
431 timeo = schedule_timeout(timeo);
432 }
433 set_current_state(TASK_RUNNING);
434 remove_wait_queue(&session->wait, &wait);
435
436 if (err) {
437 cmtp_application_del(session, application);
438 return;
439 }
440}
441
442static void cmtp_release_appl(struct capi_ctr *ctrl, __u16 appl)
443{
444 struct cmtp_session *session = ctrl->driverdata;
445 struct cmtp_application *application;
446
447 BT_DBG("ctrl %p appl %d", ctrl, appl);
448
449 application = cmtp_application_get(session, CMTP_APPLID, appl);
450 if (!application) {
451 BT_ERR("Can't find application");
452 return;
453 }
454
455 application->msgnum = cmtp_msgnum_get(session);
456
457 cmtp_send_interopmsg(session, CAPI_REQ, application->mapping, application->msgnum,
458 CAPI_FUNCTION_RELEASE, NULL, 0);
459
460 wait_event_interruptible_timeout(session->wait,
461 (application->state == BT_CLOSED), CMTP_INTEROP_TIMEOUT);
462
463 cmtp_application_del(session, application);
464}
465
466static u16 cmtp_send_message(struct capi_ctr *ctrl, struct sk_buff *skb)
467{
468 struct cmtp_session *session = ctrl->driverdata;
469 struct cmtp_application *application;
470 __u16 appl;
471 __u32 contr;
472
473 BT_DBG("ctrl %p skb %p", ctrl, skb);
474
475 appl = CAPIMSG_APPID(skb->data);
476 contr = CAPIMSG_CONTROL(skb->data);
477
478 application = cmtp_application_get(session, CMTP_APPLID, appl);
479 if ((!application) || (application->state != BT_CONNECTED)) {
480 BT_ERR("Can't find application with id %d", appl);
481 return CAPI_ILLAPPNR;
482 }
483
484 CAPIMSG_SETAPPID(skb->data, application->mapping);
485
486 if ((contr & 0x7f) == session->num) {
487 contr = (contr & 0xffffff80) | 0x01;
488 CAPIMSG_SETCONTROL(skb->data, contr);
489 }
490
491 cmtp_send_capimsg(session, skb);
492
493 return CAPI_NOERROR;
494}
495
496static char *cmtp_procinfo(struct capi_ctr *ctrl)
497{
498 return "CAPI Message Transport Protocol";
499}
500
501static int cmtp_ctr_read_proc(char *page, char **start, off_t off, int count, int *eof, struct capi_ctr *ctrl)
502{
503 struct cmtp_session *session = ctrl->driverdata;
504 struct cmtp_application *app;
505 struct list_head *p, *n;
506 int len = 0;
507
508 len += sprintf(page + len, "%s\n\n", cmtp_procinfo(ctrl));
509 len += sprintf(page + len, "addr %s\n", session->name);
510 len += sprintf(page + len, "ctrl %d\n", session->num);
511
512 list_for_each_safe(p, n, &session->applications) {
513 app = list_entry(p, struct cmtp_application, list);
514 len += sprintf(page + len, "appl %d -> %d\n", app->appl, app->mapping);
515 }
516
517 if (off + count >= len)
518 *eof = 1;
519
520 if (len < off)
521 return 0;
522
523 *start = page + off;
524
525 return ((count < len - off) ? count : len - off);
526}
527
528
529int cmtp_attach_device(struct cmtp_session *session)
530{
531 unsigned char buf[4];
532 long ret;
533
534 BT_DBG("session %p", session);
535
536 capimsg_setu32(buf, 0, 0);
537
538 cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, CMTP_INITIAL_MSGNUM,
539 CAPI_FUNCTION_GET_PROFILE, buf, 4);
540
541 ret = wait_event_interruptible_timeout(session->wait,
542 session->ncontroller, CMTP_INTEROP_TIMEOUT);
543
544 BT_INFO("Found %d CAPI controller(s) on device %s", session->ncontroller, session->name);
545
546 if (!ret)
547 return -ETIMEDOUT;
548
549 if (!session->ncontroller)
550 return -ENODEV;
551
552 if (session->ncontroller > 1)
553 BT_INFO("Setting up only CAPI controller 1");
554
555 session->ctrl.owner = THIS_MODULE;
556 session->ctrl.driverdata = session;
557 strcpy(session->ctrl.name, session->name);
558
559 session->ctrl.driver_name = "cmtp";
560 session->ctrl.load_firmware = cmtp_load_firmware;
561 session->ctrl.reset_ctr = cmtp_reset_ctr;
562 session->ctrl.register_appl = cmtp_register_appl;
563 session->ctrl.release_appl = cmtp_release_appl;
564 session->ctrl.send_message = cmtp_send_message;
565
566 session->ctrl.procinfo = cmtp_procinfo;
567 session->ctrl.ctr_read_proc = cmtp_ctr_read_proc;
568
569 if (attach_capi_ctr(&session->ctrl) < 0) {
570 BT_ERR("Can't attach new controller");
571 return -EBUSY;
572 }
573
574 session->num = session->ctrl.cnr;
575
576 BT_DBG("session %p num %d", session, session->num);
577
578 capimsg_setu32(buf, 0, 1);
579
580 cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
581 CAPI_FUNCTION_GET_MANUFACTURER, buf, 4);
582
583 cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
584 CAPI_FUNCTION_GET_VERSION, buf, 4);
585
586 cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
587 CAPI_FUNCTION_GET_SERIAL_NUMBER, buf, 4);
588
589 cmtp_send_interopmsg(session, CAPI_REQ, 0xffff, cmtp_msgnum_get(session),
590 CAPI_FUNCTION_GET_PROFILE, buf, 4);
591
592 return 0;
593}
594
595void cmtp_detach_device(struct cmtp_session *session)
596{
597 BT_DBG("session %p", session);
598
599 detach_capi_ctr(&session->ctrl);
600}
diff --git a/net/bluetooth/cmtp/cmtp.h b/net/bluetooth/cmtp/cmtp.h
new file mode 100644
index 00000000000..40e3dfec0cc
--- /dev/null
+++ b/net/bluetooth/cmtp/cmtp.h
@@ -0,0 +1,135 @@
1/*
2 CMTP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#ifndef __CMTP_H
24#define __CMTP_H
25
26#include <linux/types.h>
27#include <net/bluetooth/bluetooth.h>
28
29#define BTNAMSIZ 18
30
31/* CMTP ioctl defines */
32#define CMTPCONNADD _IOW('C', 200, int)
33#define CMTPCONNDEL _IOW('C', 201, int)
34#define CMTPGETCONNLIST _IOR('C', 210, int)
35#define CMTPGETCONNINFO _IOR('C', 211, int)
36
37#define CMTP_LOOPBACK 0
38
39struct cmtp_connadd_req {
40 int sock; // Connected socket
41 __u32 flags;
42};
43
44struct cmtp_conndel_req {
45 bdaddr_t bdaddr;
46 __u32 flags;
47};
48
49struct cmtp_conninfo {
50 bdaddr_t bdaddr;
51 __u32 flags;
52 __u16 state;
53 int num;
54};
55
56struct cmtp_connlist_req {
57 __u32 cnum;
58 struct cmtp_conninfo __user *ci;
59};
60
61int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock);
62int cmtp_del_connection(struct cmtp_conndel_req *req);
63int cmtp_get_connlist(struct cmtp_connlist_req *req);
64int cmtp_get_conninfo(struct cmtp_conninfo *ci);
65
66/* CMTP session defines */
67#define CMTP_INTEROP_TIMEOUT (HZ * 5)
68#define CMTP_INITIAL_MSGNUM 0xff00
69
70struct cmtp_session {
71 struct list_head list;
72
73 struct socket *sock;
74
75 bdaddr_t bdaddr;
76
77 unsigned long state;
78 unsigned long flags;
79
80 uint mtu;
81
82 char name[BTNAMSIZ];
83
84 atomic_t terminate;
85
86 wait_queue_head_t wait;
87
88 int ncontroller;
89 int num;
90 struct capi_ctr ctrl;
91
92 struct list_head applications;
93
94 unsigned long blockids;
95 int msgnum;
96
97 struct sk_buff_head transmit;
98
99 struct sk_buff *reassembly[16];
100};
101
102struct cmtp_application {
103 struct list_head list;
104
105 unsigned long state;
106 int err;
107
108 __u16 appl;
109 __u16 mapping;
110
111 __u16 msgnum;
112};
113
114struct cmtp_scb {
115 int id;
116 int data;
117};
118
119int cmtp_attach_device(struct cmtp_session *session);
120void cmtp_detach_device(struct cmtp_session *session);
121
122void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb);
123
124static inline void cmtp_schedule(struct cmtp_session *session)
125{
126 struct sock *sk = session->sock->sk;
127
128 wake_up_interruptible(sk->sk_sleep);
129}
130
131/* CMTP init defines */
132int cmtp_init_sockets(void);
133void cmtp_cleanup_sockets(void);
134
135#endif /* __CMTP_H */
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
new file mode 100644
index 00000000000..20ce04f2be8
--- /dev/null
+++ b/net/bluetooth/cmtp/core.c
@@ -0,0 +1,504 @@
1/*
2 CMTP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/config.h>
24#include <linux/module.h>
25
26#include <linux/types.h>
27#include <linux/errno.h>
28#include <linux/kernel.h>
29#include <linux/major.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/poll.h>
33#include <linux/fcntl.h>
34#include <linux/skbuff.h>
35#include <linux/socket.h>
36#include <linux/ioctl.h>
37#include <linux/file.h>
38#include <linux/init.h>
39#include <net/sock.h>
40
41#include <linux/isdn/capilli.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/l2cap.h>
45
46#include "cmtp.h"
47
48#ifndef CONFIG_BT_CMTP_DEBUG
49#undef BT_DBG
50#define BT_DBG(D...)
51#endif
52
53#define VERSION "1.0"
54
55static DECLARE_RWSEM(cmtp_session_sem);
56static LIST_HEAD(cmtp_session_list);
57
58static struct cmtp_session *__cmtp_get_session(bdaddr_t *bdaddr)
59{
60 struct cmtp_session *session;
61 struct list_head *p;
62
63 BT_DBG("");
64
65 list_for_each(p, &cmtp_session_list) {
66 session = list_entry(p, struct cmtp_session, list);
67 if (!bacmp(bdaddr, &session->bdaddr))
68 return session;
69 }
70 return NULL;
71}
72
73static void __cmtp_link_session(struct cmtp_session *session)
74{
75 __module_get(THIS_MODULE);
76 list_add(&session->list, &cmtp_session_list);
77}
78
79static void __cmtp_unlink_session(struct cmtp_session *session)
80{
81 list_del(&session->list);
82 module_put(THIS_MODULE);
83}
84
85static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
86{
87 bacpy(&ci->bdaddr, &session->bdaddr);
88
89 ci->flags = session->flags;
90 ci->state = session->state;
91
92 ci->num = session->num;
93}
94
95
96static inline int cmtp_alloc_block_id(struct cmtp_session *session)
97{
98 int i, id = -1;
99
100 for (i = 0; i < 16; i++)
101 if (!test_and_set_bit(i, &session->blockids)) {
102 id = i;
103 break;
104 }
105
106 return id;
107}
108
109static inline void cmtp_free_block_id(struct cmtp_session *session, int id)
110{
111 clear_bit(id, &session->blockids);
112}
113
114static inline void cmtp_add_msgpart(struct cmtp_session *session, int id, const unsigned char *buf, int count)
115{
116 struct sk_buff *skb = session->reassembly[id], *nskb;
117 int size;
118
119 BT_DBG("session %p buf %p count %d", session, buf, count);
120
121 size = (skb) ? skb->len + count : count;
122
123 if (!(nskb = alloc_skb(size, GFP_ATOMIC))) {
124 BT_ERR("Can't allocate memory for CAPI message");
125 return;
126 }
127
128 if (skb && (skb->len > 0))
129 memcpy(skb_put(nskb, skb->len), skb->data, skb->len);
130
131 memcpy(skb_put(nskb, count), buf, count);
132
133 session->reassembly[id] = nskb;
134
135 if (skb)
136 kfree_skb(skb);
137}
138
139static inline int cmtp_recv_frame(struct cmtp_session *session, struct sk_buff *skb)
140{
141 __u8 hdr, hdrlen, id;
142 __u16 len;
143
144 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
145
146 while (skb->len > 0) {
147 hdr = skb->data[0];
148
149 switch (hdr & 0xc0) {
150 case 0x40:
151 hdrlen = 2;
152 len = skb->data[1];
153 break;
154 case 0x80:
155 hdrlen = 3;
156 len = skb->data[1] | (skb->data[2] << 8);
157 break;
158 default:
159 hdrlen = 1;
160 len = 0;
161 break;
162 }
163
164 id = (hdr & 0x3c) >> 2;
165
166 BT_DBG("hdr 0x%02x hdrlen %d len %d id %d", hdr, hdrlen, len, id);
167
168 if (hdrlen + len > skb->len) {
169 BT_ERR("Wrong size or header information in CMTP frame");
170 break;
171 }
172
173 if (len == 0) {
174 skb_pull(skb, hdrlen);
175 continue;
176 }
177
178 switch (hdr & 0x03) {
179 case 0x00:
180 cmtp_add_msgpart(session, id, skb->data + hdrlen, len);
181 cmtp_recv_capimsg(session, session->reassembly[id]);
182 session->reassembly[id] = NULL;
183 break;
184 case 0x01:
185 cmtp_add_msgpart(session, id, skb->data + hdrlen, len);
186 break;
187 default:
188 if (session->reassembly[id] != NULL)
189 kfree_skb(session->reassembly[id]);
190 session->reassembly[id] = NULL;
191 break;
192 }
193
194 skb_pull(skb, hdrlen + len);
195 }
196
197 kfree_skb(skb);
198 return 0;
199}
200
201static int cmtp_send_frame(struct cmtp_session *session, unsigned char *data, int len)
202{
203 struct socket *sock = session->sock;
204 struct kvec iv = { data, len };
205 struct msghdr msg;
206
207 BT_DBG("session %p data %p len %d", session, data, len);
208
209 if (!len)
210 return 0;
211
212 memset(&msg, 0, sizeof(msg));
213
214 return kernel_sendmsg(sock, &msg, &iv, 1, len);
215}
216
217static int cmtp_process_transmit(struct cmtp_session *session)
218{
219 struct sk_buff *skb, *nskb;
220 unsigned char *hdr;
221 unsigned int size, tail;
222
223 BT_DBG("session %p", session);
224
225 if (!(nskb = alloc_skb(session->mtu, GFP_ATOMIC))) {
226 BT_ERR("Can't allocate memory for new frame");
227 return -ENOMEM;
228 }
229
230 while ((skb = skb_dequeue(&session->transmit))) {
231 struct cmtp_scb *scb = (void *) skb->cb;
232
233 if ((tail = (session->mtu - nskb->len)) < 5) {
234 cmtp_send_frame(session, nskb->data, nskb->len);
235 skb_trim(nskb, 0);
236 tail = session->mtu;
237 }
238
239 size = min_t(uint, ((tail < 258) ? (tail - 2) : (tail - 3)), skb->len);
240
241 if ((scb->id < 0) && ((scb->id = cmtp_alloc_block_id(session)) < 0)) {
242 skb_queue_head(&session->transmit, skb);
243 break;
244 }
245
246 if (size < 256) {
247 hdr = skb_put(nskb, 2);
248 hdr[0] = 0x40
249 | ((scb->id << 2) & 0x3c)
250 | ((skb->len == size) ? 0x00 : 0x01);
251 hdr[1] = size;
252 } else {
253 hdr = skb_put(nskb, 3);
254 hdr[0] = 0x80
255 | ((scb->id << 2) & 0x3c)
256 | ((skb->len == size) ? 0x00 : 0x01);
257 hdr[1] = size & 0xff;
258 hdr[2] = size >> 8;
259 }
260
261 memcpy(skb_put(nskb, size), skb->data, size);
262 skb_pull(skb, size);
263
264 if (skb->len > 0) {
265 skb_queue_head(&session->transmit, skb);
266 } else {
267 cmtp_free_block_id(session, scb->id);
268 if (scb->data) {
269 cmtp_send_frame(session, nskb->data, nskb->len);
270 skb_trim(nskb, 0);
271 }
272 kfree_skb(skb);
273 }
274 }
275
276 cmtp_send_frame(session, nskb->data, nskb->len);
277
278 kfree_skb(nskb);
279
280 return skb_queue_len(&session->transmit);
281}
282
283static int cmtp_session(void *arg)
284{
285 struct cmtp_session *session = arg;
286 struct sock *sk = session->sock->sk;
287 struct sk_buff *skb;
288 wait_queue_t wait;
289
290 BT_DBG("session %p", session);
291
292 daemonize("kcmtpd_ctr_%d", session->num);
293 set_user_nice(current, -15);
294 current->flags |= PF_NOFREEZE;
295
296 init_waitqueue_entry(&wait, current);
297 add_wait_queue(sk->sk_sleep, &wait);
298 while (!atomic_read(&session->terminate)) {
299 set_current_state(TASK_INTERRUPTIBLE);
300
301 if (sk->sk_state != BT_CONNECTED)
302 break;
303
304 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
305 skb_orphan(skb);
306 cmtp_recv_frame(session, skb);
307 }
308
309 cmtp_process_transmit(session);
310
311 schedule();
312 }
313 set_current_state(TASK_RUNNING);
314 remove_wait_queue(sk->sk_sleep, &wait);
315
316 down_write(&cmtp_session_sem);
317
318 if (!(session->flags & (1 << CMTP_LOOPBACK)))
319 cmtp_detach_device(session);
320
321 fput(session->sock->file);
322
323 __cmtp_unlink_session(session);
324
325 up_write(&cmtp_session_sem);
326
327 kfree(session);
328 return 0;
329}
330
331int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
332{
333 struct cmtp_session *session, *s;
334 bdaddr_t src, dst;
335 int i, err;
336
337 BT_DBG("");
338
339 baswap(&src, &bt_sk(sock->sk)->src);
340 baswap(&dst, &bt_sk(sock->sk)->dst);
341
342 session = kmalloc(sizeof(struct cmtp_session), GFP_KERNEL);
343 if (!session)
344 return -ENOMEM;
345 memset(session, 0, sizeof(struct cmtp_session));
346
347 down_write(&cmtp_session_sem);
348
349 s = __cmtp_get_session(&bt_sk(sock->sk)->dst);
350 if (s && s->state == BT_CONNECTED) {
351 err = -EEXIST;
352 goto failed;
353 }
354
355 bacpy(&session->bdaddr, &bt_sk(sock->sk)->dst);
356
357 session->mtu = min_t(uint, l2cap_pi(sock->sk)->omtu, l2cap_pi(sock->sk)->imtu);
358
359 BT_DBG("mtu %d", session->mtu);
360
361 sprintf(session->name, "%s", batostr(&dst));
362
363 session->sock = sock;
364 session->state = BT_CONFIG;
365
366 init_waitqueue_head(&session->wait);
367
368 session->msgnum = CMTP_INITIAL_MSGNUM;
369
370 INIT_LIST_HEAD(&session->applications);
371
372 skb_queue_head_init(&session->transmit);
373
374 for (i = 0; i < 16; i++)
375 session->reassembly[i] = NULL;
376
377 session->flags = req->flags;
378
379 __cmtp_link_session(session);
380
381 err = kernel_thread(cmtp_session, session, CLONE_KERNEL);
382 if (err < 0)
383 goto unlink;
384
385 if (!(session->flags & (1 << CMTP_LOOPBACK))) {
386 err = cmtp_attach_device(session);
387 if (err < 0)
388 goto detach;
389 }
390
391 up_write(&cmtp_session_sem);
392 return 0;
393
394detach:
395 cmtp_detach_device(session);
396
397unlink:
398 __cmtp_unlink_session(session);
399
400failed:
401 up_write(&cmtp_session_sem);
402 kfree(session);
403 return err;
404}
405
406int cmtp_del_connection(struct cmtp_conndel_req *req)
407{
408 struct cmtp_session *session;
409 int err = 0;
410
411 BT_DBG("");
412
413 down_read(&cmtp_session_sem);
414
415 session = __cmtp_get_session(&req->bdaddr);
416 if (session) {
417 /* Flush the transmit queue */
418 skb_queue_purge(&session->transmit);
419
420 /* Kill session thread */
421 atomic_inc(&session->terminate);
422 cmtp_schedule(session);
423 } else
424 err = -ENOENT;
425
426 up_read(&cmtp_session_sem);
427 return err;
428}
429
430int cmtp_get_connlist(struct cmtp_connlist_req *req)
431{
432 struct list_head *p;
433 int err = 0, n = 0;
434
435 BT_DBG("");
436
437 down_read(&cmtp_session_sem);
438
439 list_for_each(p, &cmtp_session_list) {
440 struct cmtp_session *session;
441 struct cmtp_conninfo ci;
442
443 session = list_entry(p, struct cmtp_session, list);
444
445 __cmtp_copy_session(session, &ci);
446
447 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
448 err = -EFAULT;
449 break;
450 }
451
452 if (++n >= req->cnum)
453 break;
454
455 req->ci++;
456 }
457 req->cnum = n;
458
459 up_read(&cmtp_session_sem);
460 return err;
461}
462
463int cmtp_get_conninfo(struct cmtp_conninfo *ci)
464{
465 struct cmtp_session *session;
466 int err = 0;
467
468 down_read(&cmtp_session_sem);
469
470 session = __cmtp_get_session(&ci->bdaddr);
471 if (session)
472 __cmtp_copy_session(session, ci);
473 else
474 err = -ENOENT;
475
476 up_read(&cmtp_session_sem);
477 return err;
478}
479
480
481static int __init cmtp_init(void)
482{
483 l2cap_load();
484
485 BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION);
486
487 cmtp_init_sockets();
488
489 return 0;
490}
491
492static void __exit cmtp_exit(void)
493{
494 cmtp_cleanup_sockets();
495}
496
497module_init(cmtp_init);
498module_exit(cmtp_exit);
499
500MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
501MODULE_DESCRIPTION("Bluetooth CMTP ver " VERSION);
502MODULE_VERSION(VERSION);
503MODULE_LICENSE("GPL");
504MODULE_ALIAS("bt-proto-5");
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
new file mode 100644
index 00000000000..4c7f9e20dad
--- /dev/null
+++ b/net/bluetooth/cmtp/sock.c
@@ -0,0 +1,226 @@
1/*
2 CMTP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002-2003 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/config.h>
24#include <linux/module.h>
25
26#include <linux/types.h>
27#include <linux/errno.h>
28#include <linux/kernel.h>
29#include <linux/major.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/poll.h>
33#include <linux/fcntl.h>
34#include <linux/skbuff.h>
35#include <linux/socket.h>
36#include <linux/ioctl.h>
37#include <linux/file.h>
38#include <net/sock.h>
39
40#include <linux/isdn/capilli.h>
41
42#include <asm/system.h>
43#include <asm/uaccess.h>
44
45#include "cmtp.h"
46
47#ifndef CONFIG_BT_CMTP_DEBUG
48#undef BT_DBG
49#define BT_DBG(D...)
50#endif
51
52static int cmtp_sock_release(struct socket *sock)
53{
54 struct sock *sk = sock->sk;
55
56 BT_DBG("sock %p sk %p", sock, sk);
57
58 if (!sk)
59 return 0;
60
61 sock_orphan(sk);
62 sock_put(sk);
63
64 return 0;
65}
66
67static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
68{
69 struct cmtp_connadd_req ca;
70 struct cmtp_conndel_req cd;
71 struct cmtp_connlist_req cl;
72 struct cmtp_conninfo ci;
73 struct socket *nsock;
74 void __user *argp = (void __user *)arg;
75 int err;
76
77 BT_DBG("cmd %x arg %lx", cmd, arg);
78
79 switch (cmd) {
80 case CMTPCONNADD:
81 if (!capable(CAP_NET_ADMIN))
82 return -EACCES;
83
84 if (copy_from_user(&ca, argp, sizeof(ca)))
85 return -EFAULT;
86
87 nsock = sockfd_lookup(ca.sock, &err);
88 if (!nsock)
89 return err;
90
91 if (nsock->sk->sk_state != BT_CONNECTED) {
92 fput(nsock->file);
93 return -EBADFD;
94 }
95
96 err = cmtp_add_connection(&ca, nsock);
97 if (!err) {
98 if (copy_to_user(argp, &ca, sizeof(ca)))
99 err = -EFAULT;
100 } else
101 fput(nsock->file);
102
103 return err;
104
105 case CMTPCONNDEL:
106 if (!capable(CAP_NET_ADMIN))
107 return -EACCES;
108
109 if (copy_from_user(&cd, argp, sizeof(cd)))
110 return -EFAULT;
111
112 return cmtp_del_connection(&cd);
113
114 case CMTPGETCONNLIST:
115 if (copy_from_user(&cl, argp, sizeof(cl)))
116 return -EFAULT;
117
118 if (cl.cnum <= 0)
119 return -EINVAL;
120
121 err = cmtp_get_connlist(&cl);
122 if (!err && copy_to_user(argp, &cl, sizeof(cl)))
123 return -EFAULT;
124
125 return err;
126
127 case CMTPGETCONNINFO:
128 if (copy_from_user(&ci, argp, sizeof(ci)))
129 return -EFAULT;
130
131 err = cmtp_get_conninfo(&ci);
132 if (!err && copy_to_user(argp, &ci, sizeof(ci)))
133 return -EFAULT;
134
135 return err;
136 }
137
138 return -EINVAL;
139}
140
141static struct proto_ops cmtp_sock_ops = {
142 .family = PF_BLUETOOTH,
143 .owner = THIS_MODULE,
144 .release = cmtp_sock_release,
145 .ioctl = cmtp_sock_ioctl,
146 .bind = sock_no_bind,
147 .getname = sock_no_getname,
148 .sendmsg = sock_no_sendmsg,
149 .recvmsg = sock_no_recvmsg,
150 .poll = sock_no_poll,
151 .listen = sock_no_listen,
152 .shutdown = sock_no_shutdown,
153 .setsockopt = sock_no_setsockopt,
154 .getsockopt = sock_no_getsockopt,
155 .connect = sock_no_connect,
156 .socketpair = sock_no_socketpair,
157 .accept = sock_no_accept,
158 .mmap = sock_no_mmap
159};
160
161static struct proto cmtp_proto = {
162 .name = "CMTP",
163 .owner = THIS_MODULE,
164 .obj_size = sizeof(struct bt_sock)
165};
166
167static int cmtp_sock_create(struct socket *sock, int protocol)
168{
169 struct sock *sk;
170
171 BT_DBG("sock %p", sock);
172
173 if (sock->type != SOCK_RAW)
174 return -ESOCKTNOSUPPORT;
175
176 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &cmtp_proto, 1);
177 if (!sk)
178 return -ENOMEM;
179
180 sock_init_data(sock, sk);
181
182 sock->ops = &cmtp_sock_ops;
183
184 sock->state = SS_UNCONNECTED;
185
186 sock_reset_flag(sk, SOCK_ZAPPED);
187
188 sk->sk_protocol = protocol;
189 sk->sk_state = BT_OPEN;
190
191 return 0;
192}
193
194static struct net_proto_family cmtp_sock_family_ops = {
195 .family = PF_BLUETOOTH,
196 .owner = THIS_MODULE,
197 .create = cmtp_sock_create
198};
199
200int cmtp_init_sockets(void)
201{
202 int err;
203
204 err = proto_register(&cmtp_proto, 0);
205 if (err < 0)
206 return err;
207
208 err = bt_sock_register(BTPROTO_CMTP, &cmtp_sock_family_ops);
209 if (err < 0)
210 goto error;
211
212 return 0;
213
214error:
215 BT_ERR("Can't register CMTP socket");
216 proto_unregister(&cmtp_proto);
217 return err;
218}
219
220void cmtp_cleanup_sockets(void)
221{
222 if (bt_sock_unregister(BTPROTO_CMTP) < 0)
223 BT_ERR("Can't unregister CMTP socket");
224
225 proto_unregister(&cmtp_proto);
226}
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
new file mode 100644
index 00000000000..71762d7e997
--- /dev/null
+++ b/net/bluetooth/hci_conn.c
@@ -0,0 +1,471 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI connection handling. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/skbuff.h>
40#include <linux/interrupt.h>
41#include <linux/notifier.h>
42#include <net/sock.h>
43
44#include <asm/system.h>
45#include <asm/uaccess.h>
46#include <asm/unaligned.h>
47
48#include <net/bluetooth/bluetooth.h>
49#include <net/bluetooth/hci_core.h>
50
51#ifndef CONFIG_BT_HCI_CORE_DEBUG
52#undef BT_DBG
53#define BT_DBG(D...)
54#endif
55
56static void hci_acl_connect(struct hci_conn *conn)
57{
58 struct hci_dev *hdev = conn->hdev;
59 struct inquiry_entry *ie;
60 struct hci_cp_create_conn cp;
61
62 BT_DBG("%p", conn);
63
64 conn->state = BT_CONNECT;
65 conn->out = 1;
66 conn->link_mode = HCI_LM_MASTER;
67
68 memset(&cp, 0, sizeof(cp));
69 bacpy(&cp.bdaddr, &conn->dst);
70 cp.pscan_rep_mode = 0x02;
71
72 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
73 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
74 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
75 cp.pscan_mode = ie->data.pscan_mode;
76 cp.clock_offset = ie->data.clock_offset | __cpu_to_le16(0x8000);
77 memcpy(conn->dev_class, ie->data.dev_class, 3);
78 }
79
80 cp.pkt_type = __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK);
81 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
82 cp.role_switch = 0x01;
83 else
84 cp.role_switch = 0x00;
85
86 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
87}
88
89void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
90{
91 struct hci_cp_disconnect cp;
92
93 BT_DBG("%p", conn);
94
95 conn->state = BT_DISCONN;
96
97 cp.handle = __cpu_to_le16(conn->handle);
98 cp.reason = reason;
99 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, sizeof(cp), &cp);
100}
101
102void hci_add_sco(struct hci_conn *conn, __u16 handle)
103{
104 struct hci_dev *hdev = conn->hdev;
105 struct hci_cp_add_sco cp;
106
107 BT_DBG("%p", conn);
108
109 conn->state = BT_CONNECT;
110 conn->out = 1;
111
112 cp.pkt_type = __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
113 cp.handle = __cpu_to_le16(handle);
114
115 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ADD_SCO, sizeof(cp), &cp);
116}
117
118static void hci_conn_timeout(unsigned long arg)
119{
120 struct hci_conn *conn = (void *)arg;
121 struct hci_dev *hdev = conn->hdev;
122
123 BT_DBG("conn %p state %d", conn, conn->state);
124
125 if (atomic_read(&conn->refcnt))
126 return;
127
128 hci_dev_lock(hdev);
129 if (conn->state == BT_CONNECTED)
130 hci_acl_disconn(conn, 0x13);
131 else
132 conn->state = BT_CLOSED;
133 hci_dev_unlock(hdev);
134 return;
135}
136
137static void hci_conn_init_timer(struct hci_conn *conn)
138{
139 init_timer(&conn->timer);
140 conn->timer.function = hci_conn_timeout;
141 conn->timer.data = (unsigned long)conn;
142}
143
144struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
145{
146 struct hci_conn *conn;
147
148 BT_DBG("%s dst %s", hdev->name, batostr(dst));
149
150 if (!(conn = kmalloc(sizeof(struct hci_conn), GFP_ATOMIC)))
151 return NULL;
152 memset(conn, 0, sizeof(struct hci_conn));
153
154 bacpy(&conn->dst, dst);
155 conn->type = type;
156 conn->hdev = hdev;
157 conn->state = BT_OPEN;
158
159 skb_queue_head_init(&conn->data_q);
160 hci_conn_init_timer(conn);
161
162 atomic_set(&conn->refcnt, 0);
163
164 hci_dev_hold(hdev);
165
166 tasklet_disable(&hdev->tx_task);
167
168 hci_conn_hash_add(hdev, conn);
169 if (hdev->notify)
170 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
171
172 tasklet_enable(&hdev->tx_task);
173
174 return conn;
175}
176
177int hci_conn_del(struct hci_conn *conn)
178{
179 struct hci_dev *hdev = conn->hdev;
180
181 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
182
183 hci_conn_del_timer(conn);
184
185 if (conn->type == SCO_LINK) {
186 struct hci_conn *acl = conn->link;
187 if (acl) {
188 acl->link = NULL;
189 hci_conn_put(acl);
190 }
191 } else {
192 struct hci_conn *sco = conn->link;
193 if (sco)
194 sco->link = NULL;
195
196 /* Unacked frames */
197 hdev->acl_cnt += conn->sent;
198 }
199
200 tasklet_disable(&hdev->tx_task);
201
202 hci_conn_hash_del(hdev, conn);
203 if (hdev->notify)
204 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
205
206 tasklet_enable(&hdev->tx_task);
207
208 skb_queue_purge(&conn->data_q);
209
210 hci_dev_put(hdev);
211
212 kfree(conn);
213 return 0;
214}
215
216struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
217{
218 int use_src = bacmp(src, BDADDR_ANY);
219 struct hci_dev *hdev = NULL;
220 struct list_head *p;
221
222 BT_DBG("%s -> %s", batostr(src), batostr(dst));
223
224 read_lock_bh(&hci_dev_list_lock);
225
226 list_for_each(p, &hci_dev_list) {
227 struct hci_dev *d = list_entry(p, struct hci_dev, list);
228
229 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
230 continue;
231
232 /* Simple routing:
233 * No source address - find interface with bdaddr != dst
234 * Source address - find interface with bdaddr == src
235 */
236
237 if (use_src) {
238 if (!bacmp(&d->bdaddr, src)) {
239 hdev = d; break;
240 }
241 } else {
242 if (bacmp(&d->bdaddr, dst)) {
243 hdev = d; break;
244 }
245 }
246 }
247
248 if (hdev)
249 hdev = hci_dev_hold(hdev);
250
251 read_unlock_bh(&hci_dev_list_lock);
252 return hdev;
253}
254EXPORT_SYMBOL(hci_get_route);
255
256/* Create SCO or ACL connection.
257 * Device _must_ be locked */
258struct hci_conn * hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
259{
260 struct hci_conn *acl;
261
262 BT_DBG("%s dst %s", hdev->name, batostr(dst));
263
264 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
265 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
266 return NULL;
267 }
268
269 hci_conn_hold(acl);
270
271 if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
272 hci_acl_connect(acl);
273
274 if (type == SCO_LINK) {
275 struct hci_conn *sco;
276
277 if (!(sco = hci_conn_hash_lookup_ba(hdev, SCO_LINK, dst))) {
278 if (!(sco = hci_conn_add(hdev, SCO_LINK, dst))) {
279 hci_conn_put(acl);
280 return NULL;
281 }
282 }
283 acl->link = sco;
284 sco->link = acl;
285
286 hci_conn_hold(sco);
287
288 if (acl->state == BT_CONNECTED &&
289 (sco->state == BT_OPEN || sco->state == BT_CLOSED))
290 hci_add_sco(sco, acl->handle);
291
292 return sco;
293 } else {
294 return acl;
295 }
296}
297EXPORT_SYMBOL(hci_connect);
298
299/* Authenticate remote device */
300int hci_conn_auth(struct hci_conn *conn)
301{
302 BT_DBG("conn %p", conn);
303
304 if (conn->link_mode & HCI_LM_AUTH)
305 return 1;
306
307 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
308 struct hci_cp_auth_requested cp;
309 cp.handle = __cpu_to_le16(conn->handle);
310 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_AUTH_REQUESTED, sizeof(cp), &cp);
311 }
312 return 0;
313}
314EXPORT_SYMBOL(hci_conn_auth);
315
316/* Enable encryption */
317int hci_conn_encrypt(struct hci_conn *conn)
318{
319 BT_DBG("conn %p", conn);
320
321 if (conn->link_mode & HCI_LM_ENCRYPT)
322 return 1;
323
324 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
325 return 0;
326
327 if (hci_conn_auth(conn)) {
328 struct hci_cp_set_conn_encrypt cp;
329 cp.handle = __cpu_to_le16(conn->handle);
330 cp.encrypt = 1;
331 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
332 }
333 return 0;
334}
335EXPORT_SYMBOL(hci_conn_encrypt);
336
337/* Change link key */
338int hci_conn_change_link_key(struct hci_conn *conn)
339{
340 BT_DBG("conn %p", conn);
341
342 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
343 struct hci_cp_change_conn_link_key cp;
344 cp.handle = __cpu_to_le16(conn->handle);
345 hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
346 }
347 return 0;
348}
349EXPORT_SYMBOL(hci_conn_change_link_key);
350
351/* Switch role */
352int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
353{
354 BT_DBG("conn %p", conn);
355
356 if (!role && conn->link_mode & HCI_LM_MASTER)
357 return 1;
358
359 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
360 struct hci_cp_switch_role cp;
361 bacpy(&cp.bdaddr, &conn->dst);
362 cp.role = role;
363 hci_send_cmd(conn->hdev, OGF_LINK_POLICY, OCF_SWITCH_ROLE, sizeof(cp), &cp);
364 }
365 return 0;
366}
367EXPORT_SYMBOL(hci_conn_switch_role);
368
369/* Drop all connection on the device */
370void hci_conn_hash_flush(struct hci_dev *hdev)
371{
372 struct hci_conn_hash *h = &hdev->conn_hash;
373 struct list_head *p;
374
375 BT_DBG("hdev %s", hdev->name);
376
377 p = h->list.next;
378 while (p != &h->list) {
379 struct hci_conn *c;
380
381 c = list_entry(p, struct hci_conn, list);
382 p = p->next;
383
384 c->state = BT_CLOSED;
385
386 hci_proto_disconn_ind(c, 0x16);
387 hci_conn_del(c);
388 }
389}
390
391int hci_get_conn_list(void __user *arg)
392{
393 struct hci_conn_list_req req, *cl;
394 struct hci_conn_info *ci;
395 struct hci_dev *hdev;
396 struct list_head *p;
397 int n = 0, size, err;
398
399 if (copy_from_user(&req, arg, sizeof(req)))
400 return -EFAULT;
401
402 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
403 return -EINVAL;
404
405 size = sizeof(req) + req.conn_num * sizeof(*ci);
406
407 if (!(cl = (void *) kmalloc(size, GFP_KERNEL)))
408 return -ENOMEM;
409
410 if (!(hdev = hci_dev_get(req.dev_id))) {
411 kfree(cl);
412 return -ENODEV;
413 }
414
415 ci = cl->conn_info;
416
417 hci_dev_lock_bh(hdev);
418 list_for_each(p, &hdev->conn_hash.list) {
419 register struct hci_conn *c;
420 c = list_entry(p, struct hci_conn, list);
421
422 bacpy(&(ci + n)->bdaddr, &c->dst);
423 (ci + n)->handle = c->handle;
424 (ci + n)->type = c->type;
425 (ci + n)->out = c->out;
426 (ci + n)->state = c->state;
427 (ci + n)->link_mode = c->link_mode;
428 if (++n >= req.conn_num)
429 break;
430 }
431 hci_dev_unlock_bh(hdev);
432
433 cl->dev_id = hdev->id;
434 cl->conn_num = n;
435 size = sizeof(req) + n * sizeof(*ci);
436
437 hci_dev_put(hdev);
438
439 err = copy_to_user(arg, cl, size);
440 kfree(cl);
441
442 return err ? -EFAULT : 0;
443}
444
445int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
446{
447 struct hci_conn_info_req req;
448 struct hci_conn_info ci;
449 struct hci_conn *conn;
450 char __user *ptr = arg + sizeof(req);
451
452 if (copy_from_user(&req, arg, sizeof(req)))
453 return -EFAULT;
454
455 hci_dev_lock_bh(hdev);
456 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
457 if (conn) {
458 bacpy(&ci.bdaddr, &conn->dst);
459 ci.handle = conn->handle;
460 ci.type = conn->type;
461 ci.out = conn->out;
462 ci.state = conn->state;
463 ci.link_mode = conn->link_mode;
464 }
465 hci_dev_unlock_bh(hdev);
466
467 if (!conn)
468 return -ENOENT;
469
470 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
471}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
new file mode 100644
index 00000000000..860dba7bdd8
--- /dev/null
+++ b/net/bluetooth/hci_core.c
@@ -0,0 +1,1434 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI core. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29#include <linux/kmod.h>
30
31#include <linux/types.h>
32#include <linux/errno.h>
33#include <linux/kernel.h>
34#include <linux/major.h>
35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/skbuff.h>
41#include <linux/interrupt.h>
42#include <linux/notifier.h>
43#include <net/sock.h>
44
45#include <asm/system.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51
52#ifndef CONFIG_BT_HCI_CORE_DEBUG
53#undef BT_DBG
54#define BT_DBG(D...)
55#endif
56
57static void hci_cmd_task(unsigned long arg);
58static void hci_rx_task(unsigned long arg);
59static void hci_tx_task(unsigned long arg);
60static void hci_notify(struct hci_dev *hdev, int event);
61
62static DEFINE_RWLOCK(hci_task_lock);
63
64/* HCI device list */
65LIST_HEAD(hci_dev_list);
66DEFINE_RWLOCK(hci_dev_list_lock);
67
68/* HCI callback list */
69LIST_HEAD(hci_cb_list);
70DEFINE_RWLOCK(hci_cb_list_lock);
71
72/* HCI protocols */
73#define HCI_MAX_PROTO 2
74struct hci_proto *hci_proto[HCI_MAX_PROTO];
75
76/* HCI notifiers list */
77static struct notifier_block *hci_notifier;
78
79/* ---- HCI notifications ---- */
80
81int hci_register_notifier(struct notifier_block *nb)
82{
83 return notifier_chain_register(&hci_notifier, nb);
84}
85
86int hci_unregister_notifier(struct notifier_block *nb)
87{
88 return notifier_chain_unregister(&hci_notifier, nb);
89}
90
91void hci_notify(struct hci_dev *hdev, int event)
92{
93 notifier_call_chain(&hci_notifier, event, hdev);
94}
95
96/* ---- HCI requests ---- */
97
98void hci_req_complete(struct hci_dev *hdev, int result)
99{
100 BT_DBG("%s result 0x%2.2x", hdev->name, result);
101
102 if (hdev->req_status == HCI_REQ_PEND) {
103 hdev->req_result = result;
104 hdev->req_status = HCI_REQ_DONE;
105 wake_up_interruptible(&hdev->req_wait_q);
106 }
107}
108
109static void hci_req_cancel(struct hci_dev *hdev, int err)
110{
111 BT_DBG("%s err 0x%2.2x", hdev->name, err);
112
113 if (hdev->req_status == HCI_REQ_PEND) {
114 hdev->req_result = err;
115 hdev->req_status = HCI_REQ_CANCELED;
116 wake_up_interruptible(&hdev->req_wait_q);
117 }
118}
119
120/* Execute request and wait for completion. */
121static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
122 unsigned long opt, __u32 timeout)
123{
124 DECLARE_WAITQUEUE(wait, current);
125 int err = 0;
126
127 BT_DBG("%s start", hdev->name);
128
129 hdev->req_status = HCI_REQ_PEND;
130
131 add_wait_queue(&hdev->req_wait_q, &wait);
132 set_current_state(TASK_INTERRUPTIBLE);
133
134 req(hdev, opt);
135 schedule_timeout(timeout);
136
137 remove_wait_queue(&hdev->req_wait_q, &wait);
138
139 if (signal_pending(current))
140 return -EINTR;
141
142 switch (hdev->req_status) {
143 case HCI_REQ_DONE:
144 err = -bt_err(hdev->req_result);
145 break;
146
147 case HCI_REQ_CANCELED:
148 err = -hdev->req_result;
149 break;
150
151 default:
152 err = -ETIMEDOUT;
153 break;
154 };
155
156 hdev->req_status = hdev->req_result = 0;
157
158 BT_DBG("%s end: err %d", hdev->name, err);
159
160 return err;
161}
162
163static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
164 unsigned long opt, __u32 timeout)
165{
166 int ret;
167
168 /* Serialize all requests */
169 hci_req_lock(hdev);
170 ret = __hci_request(hdev, req, opt, timeout);
171 hci_req_unlock(hdev);
172
173 return ret;
174}
175
176static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
177{
178 BT_DBG("%s %ld", hdev->name, opt);
179
180 /* Reset device */
181 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_RESET, 0, NULL);
182}
183
184static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
185{
186 struct sk_buff *skb;
187 __u16 param;
188
189 BT_DBG("%s %ld", hdev->name, opt);
190
191 /* Driver initialization */
192
193 /* Special commands */
194 while ((skb = skb_dequeue(&hdev->driver_init))) {
195 skb->pkt_type = HCI_COMMAND_PKT;
196 skb->dev = (void *) hdev;
197 skb_queue_tail(&hdev->cmd_q, skb);
198 hci_sched_cmd(hdev);
199 }
200 skb_queue_purge(&hdev->driver_init);
201
202 /* Mandatory initialization */
203
204 /* Reset */
205 if (test_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks))
206 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_RESET, 0, NULL);
207
208 /* Read Local Supported Features */
209 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_LOCAL_FEATURES, 0, NULL);
210
211 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
212 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BUFFER_SIZE, 0, NULL);
213
214#if 0
215 /* Host buffer size */
216 {
217 struct hci_cp_host_buffer_size cp;
218 cp.acl_mtu = __cpu_to_le16(HCI_MAX_ACL_SIZE);
219 cp.sco_mtu = HCI_MAX_SCO_SIZE;
220 cp.acl_max_pkt = __cpu_to_le16(0xffff);
221 cp.sco_max_pkt = __cpu_to_le16(0xffff);
222 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_HOST_BUFFER_SIZE, sizeof(cp), &cp);
223 }
224#endif
225
226 /* Read BD Address */
227 hci_send_cmd(hdev, OGF_INFO_PARAM, OCF_READ_BD_ADDR, 0, NULL);
228
229 /* Read Voice Setting */
230 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_READ_VOICE_SETTING, 0, NULL);
231
232 /* Optional initialization */
233
234 /* Clear Event Filters */
235 {
236 struct hci_cp_set_event_flt cp;
237 cp.flt_type = HCI_FLT_CLEAR_ALL;
238 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_SET_EVENT_FLT, sizeof(cp), &cp);
239 }
240
241 /* Page timeout ~20 secs */
242 param = __cpu_to_le16(0x8000);
243 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_PG_TIMEOUT, 2, &param);
244
245 /* Connection accept timeout ~20 secs */
246 param = __cpu_to_le16(0x7d00);
247 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_CA_TIMEOUT, 2, &param);
248}
249
250static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
251{
252 __u8 scan = opt;
253
254 BT_DBG("%s %x", hdev->name, scan);
255
256 /* Inquiry and Page scans */
257 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE, 1, &scan);
258}
259
260static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
261{
262 __u8 auth = opt;
263
264 BT_DBG("%s %x", hdev->name, auth);
265
266 /* Authentication */
267 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE, 1, &auth);
268}
269
270static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
271{
272 __u8 encrypt = opt;
273
274 BT_DBG("%s %x", hdev->name, encrypt);
275
276 /* Authentication */
277 hci_send_cmd(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE, 1, &encrypt);
278}
279
280/* Get HCI device by index.
281 * Device is held on return. */
282struct hci_dev *hci_dev_get(int index)
283{
284 struct hci_dev *hdev = NULL;
285 struct list_head *p;
286
287 BT_DBG("%d", index);
288
289 if (index < 0)
290 return NULL;
291
292 read_lock(&hci_dev_list_lock);
293 list_for_each(p, &hci_dev_list) {
294 struct hci_dev *d = list_entry(p, struct hci_dev, list);
295 if (d->id == index) {
296 hdev = hci_dev_hold(d);
297 break;
298 }
299 }
300 read_unlock(&hci_dev_list_lock);
301 return hdev;
302}
303EXPORT_SYMBOL(hci_dev_get);
304
305/* ---- Inquiry support ---- */
306static void inquiry_cache_flush(struct hci_dev *hdev)
307{
308 struct inquiry_cache *cache = &hdev->inq_cache;
309 struct inquiry_entry *next = cache->list, *e;
310
311 BT_DBG("cache %p", cache);
312
313 cache->list = NULL;
314 while ((e = next)) {
315 next = e->next;
316 kfree(e);
317 }
318}
319
320struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
321{
322 struct inquiry_cache *cache = &hdev->inq_cache;
323 struct inquiry_entry *e;
324
325 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
326
327 for (e = cache->list; e; e = e->next)
328 if (!bacmp(&e->data.bdaddr, bdaddr))
329 break;
330 return e;
331}
332
333void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
334{
335 struct inquiry_cache *cache = &hdev->inq_cache;
336 struct inquiry_entry *e;
337
338 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
339
340 if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) {
341 /* Entry not in the cache. Add new one. */
342 if (!(e = kmalloc(sizeof(struct inquiry_entry), GFP_ATOMIC)))
343 return;
344 memset(e, 0, sizeof(struct inquiry_entry));
345 e->next = cache->list;
346 cache->list = e;
347 }
348
349 memcpy(&e->data, data, sizeof(*data));
350 e->timestamp = jiffies;
351 cache->timestamp = jiffies;
352}
353
354static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
355{
356 struct inquiry_cache *cache = &hdev->inq_cache;
357 struct inquiry_info *info = (struct inquiry_info *) buf;
358 struct inquiry_entry *e;
359 int copied = 0;
360
361 for (e = cache->list; e && copied < num; e = e->next, copied++) {
362 struct inquiry_data *data = &e->data;
363 bacpy(&info->bdaddr, &data->bdaddr);
364 info->pscan_rep_mode = data->pscan_rep_mode;
365 info->pscan_period_mode = data->pscan_period_mode;
366 info->pscan_mode = data->pscan_mode;
367 memcpy(info->dev_class, data->dev_class, 3);
368 info->clock_offset = data->clock_offset;
369 info++;
370 }
371
372 BT_DBG("cache %p, copied %d", cache, copied);
373 return copied;
374}
375
376static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
377{
378 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
379 struct hci_cp_inquiry cp;
380
381 BT_DBG("%s", hdev->name);
382
383 if (test_bit(HCI_INQUIRY, &hdev->flags))
384 return;
385
386 /* Start Inquiry */
387 memcpy(&cp.lap, &ir->lap, 3);
388 cp.length = ir->length;
389 cp.num_rsp = ir->num_rsp;
390 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_INQUIRY, sizeof(cp), &cp);
391}
392
393int hci_inquiry(void __user *arg)
394{
395 __u8 __user *ptr = arg;
396 struct hci_inquiry_req ir;
397 struct hci_dev *hdev;
398 int err = 0, do_inquiry = 0, max_rsp;
399 long timeo;
400 __u8 *buf;
401
402 if (copy_from_user(&ir, ptr, sizeof(ir)))
403 return -EFAULT;
404
405 if (!(hdev = hci_dev_get(ir.dev_id)))
406 return -ENODEV;
407
408 hci_dev_lock_bh(hdev);
409 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
410 inquiry_cache_empty(hdev) ||
411 ir.flags & IREQ_CACHE_FLUSH) {
412 inquiry_cache_flush(hdev);
413 do_inquiry = 1;
414 }
415 hci_dev_unlock_bh(hdev);
416
417 timeo = ir.length * 2 * HZ;
418 if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0)
419 goto done;
420
421 /* for unlimited number of responses we will use buffer with 255 entries */
422 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
423
424 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
425 * copy it to the user space.
426 */
427 if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) {
428 err = -ENOMEM;
429 goto done;
430 }
431
432 hci_dev_lock_bh(hdev);
433 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
434 hci_dev_unlock_bh(hdev);
435
436 BT_DBG("num_rsp %d", ir.num_rsp);
437
438 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
439 ptr += sizeof(ir);
440 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
441 ir.num_rsp))
442 err = -EFAULT;
443 } else
444 err = -EFAULT;
445
446 kfree(buf);
447
448done:
449 hci_dev_put(hdev);
450 return err;
451}
452
453/* ---- HCI ioctl helpers ---- */
454
455int hci_dev_open(__u16 dev)
456{
457 struct hci_dev *hdev;
458 int ret = 0;
459
460 if (!(hdev = hci_dev_get(dev)))
461 return -ENODEV;
462
463 BT_DBG("%s %p", hdev->name, hdev);
464
465 hci_req_lock(hdev);
466
467 if (test_bit(HCI_UP, &hdev->flags)) {
468 ret = -EALREADY;
469 goto done;
470 }
471
472 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
473 set_bit(HCI_RAW, &hdev->flags);
474
475 if (hdev->open(hdev)) {
476 ret = -EIO;
477 goto done;
478 }
479
480 if (!test_bit(HCI_RAW, &hdev->flags)) {
481 atomic_set(&hdev->cmd_cnt, 1);
482 set_bit(HCI_INIT, &hdev->flags);
483
484 //__hci_request(hdev, hci_reset_req, 0, HZ);
485 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
486
487 clear_bit(HCI_INIT, &hdev->flags);
488 }
489
490 if (!ret) {
491 hci_dev_hold(hdev);
492 set_bit(HCI_UP, &hdev->flags);
493 hci_notify(hdev, HCI_DEV_UP);
494 } else {
495 /* Init failed, cleanup */
496 tasklet_kill(&hdev->rx_task);
497 tasklet_kill(&hdev->tx_task);
498 tasklet_kill(&hdev->cmd_task);
499
500 skb_queue_purge(&hdev->cmd_q);
501 skb_queue_purge(&hdev->rx_q);
502
503 if (hdev->flush)
504 hdev->flush(hdev);
505
506 if (hdev->sent_cmd) {
507 kfree_skb(hdev->sent_cmd);
508 hdev->sent_cmd = NULL;
509 }
510
511 hdev->close(hdev);
512 hdev->flags = 0;
513 }
514
515done:
516 hci_req_unlock(hdev);
517 hci_dev_put(hdev);
518 return ret;
519}
520
521static int hci_dev_do_close(struct hci_dev *hdev)
522{
523 BT_DBG("%s %p", hdev->name, hdev);
524
525 hci_req_cancel(hdev, ENODEV);
526 hci_req_lock(hdev);
527
528 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
529 hci_req_unlock(hdev);
530 return 0;
531 }
532
533 /* Kill RX and TX tasks */
534 tasklet_kill(&hdev->rx_task);
535 tasklet_kill(&hdev->tx_task);
536
537 hci_dev_lock_bh(hdev);
538 inquiry_cache_flush(hdev);
539 hci_conn_hash_flush(hdev);
540 hci_dev_unlock_bh(hdev);
541
542 hci_notify(hdev, HCI_DEV_DOWN);
543
544 if (hdev->flush)
545 hdev->flush(hdev);
546
547 /* Reset device */
548 skb_queue_purge(&hdev->cmd_q);
549 atomic_set(&hdev->cmd_cnt, 1);
550 if (!test_bit(HCI_RAW, &hdev->flags)) {
551 set_bit(HCI_INIT, &hdev->flags);
552 __hci_request(hdev, hci_reset_req, 0, HZ/4);
553 clear_bit(HCI_INIT, &hdev->flags);
554 }
555
556 /* Kill cmd task */
557 tasklet_kill(&hdev->cmd_task);
558
559 /* Drop queues */
560 skb_queue_purge(&hdev->rx_q);
561 skb_queue_purge(&hdev->cmd_q);
562 skb_queue_purge(&hdev->raw_q);
563
564 /* Drop last sent command */
565 if (hdev->sent_cmd) {
566 kfree_skb(hdev->sent_cmd);
567 hdev->sent_cmd = NULL;
568 }
569
570 /* After this point our queues are empty
571 * and no tasks are scheduled. */
572 hdev->close(hdev);
573
574 /* Clear flags */
575 hdev->flags = 0;
576
577 hci_req_unlock(hdev);
578
579 hci_dev_put(hdev);
580 return 0;
581}
582
583int hci_dev_close(__u16 dev)
584{
585 struct hci_dev *hdev;
586 int err;
587
588 if (!(hdev = hci_dev_get(dev)))
589 return -ENODEV;
590 err = hci_dev_do_close(hdev);
591 hci_dev_put(hdev);
592 return err;
593}
594
595int hci_dev_reset(__u16 dev)
596{
597 struct hci_dev *hdev;
598 int ret = 0;
599
600 if (!(hdev = hci_dev_get(dev)))
601 return -ENODEV;
602
603 hci_req_lock(hdev);
604 tasklet_disable(&hdev->tx_task);
605
606 if (!test_bit(HCI_UP, &hdev->flags))
607 goto done;
608
609 /* Drop queues */
610 skb_queue_purge(&hdev->rx_q);
611 skb_queue_purge(&hdev->cmd_q);
612
613 hci_dev_lock_bh(hdev);
614 inquiry_cache_flush(hdev);
615 hci_conn_hash_flush(hdev);
616 hci_dev_unlock_bh(hdev);
617
618 if (hdev->flush)
619 hdev->flush(hdev);
620
621 atomic_set(&hdev->cmd_cnt, 1);
622 hdev->acl_cnt = 0; hdev->sco_cnt = 0;
623
624 if (!test_bit(HCI_RAW, &hdev->flags))
625 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
626
627done:
628 tasklet_enable(&hdev->tx_task);
629 hci_req_unlock(hdev);
630 hci_dev_put(hdev);
631 return ret;
632}
633
634int hci_dev_reset_stat(__u16 dev)
635{
636 struct hci_dev *hdev;
637 int ret = 0;
638
639 if (!(hdev = hci_dev_get(dev)))
640 return -ENODEV;
641
642 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
643
644 hci_dev_put(hdev);
645
646 return ret;
647}
648
649int hci_dev_cmd(unsigned int cmd, void __user *arg)
650{
651 struct hci_dev *hdev;
652 struct hci_dev_req dr;
653 int err = 0;
654
655 if (copy_from_user(&dr, arg, sizeof(dr)))
656 return -EFAULT;
657
658 if (!(hdev = hci_dev_get(dr.dev_id)))
659 return -ENODEV;
660
661 switch (cmd) {
662 case HCISETAUTH:
663 err = hci_request(hdev, hci_auth_req, dr.dev_opt, HCI_INIT_TIMEOUT);
664 break;
665
666 case HCISETENCRYPT:
667 if (!lmp_encrypt_capable(hdev)) {
668 err = -EOPNOTSUPP;
669 break;
670 }
671
672 if (!test_bit(HCI_AUTH, &hdev->flags)) {
673 /* Auth must be enabled first */
674 err = hci_request(hdev, hci_auth_req,
675 dr.dev_opt, HCI_INIT_TIMEOUT);
676 if (err)
677 break;
678 }
679
680 err = hci_request(hdev, hci_encrypt_req,
681 dr.dev_opt, HCI_INIT_TIMEOUT);
682 break;
683
684 case HCISETSCAN:
685 err = hci_request(hdev, hci_scan_req, dr.dev_opt, HCI_INIT_TIMEOUT);
686 break;
687
688 case HCISETPTYPE:
689 hdev->pkt_type = (__u16) dr.dev_opt;
690 break;
691
692 case HCISETLINKPOL:
693 hdev->link_policy = (__u16) dr.dev_opt;
694 break;
695
696 case HCISETLINKMODE:
697 hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT);
698 break;
699
700 case HCISETACLMTU:
701 hdev->acl_mtu = *((__u16 *)&dr.dev_opt + 1);
702 hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0);
703 break;
704
705 case HCISETSCOMTU:
706 hdev->sco_mtu = *((__u16 *)&dr.dev_opt + 1);
707 hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0);
708 break;
709
710 default:
711 err = -EINVAL;
712 break;
713 }
714 hci_dev_put(hdev);
715 return err;
716}
717
718int hci_get_dev_list(void __user *arg)
719{
720 struct hci_dev_list_req *dl;
721 struct hci_dev_req *dr;
722 struct list_head *p;
723 int n = 0, size, err;
724 __u16 dev_num;
725
726 if (get_user(dev_num, (__u16 __user *) arg))
727 return -EFAULT;
728
729 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
730 return -EINVAL;
731
732 size = sizeof(*dl) + dev_num * sizeof(*dr);
733
734 if (!(dl = kmalloc(size, GFP_KERNEL)))
735 return -ENOMEM;
736
737 dr = dl->dev_req;
738
739 read_lock_bh(&hci_dev_list_lock);
740 list_for_each(p, &hci_dev_list) {
741 struct hci_dev *hdev;
742 hdev = list_entry(p, struct hci_dev, list);
743 (dr + n)->dev_id = hdev->id;
744 (dr + n)->dev_opt = hdev->flags;
745 if (++n >= dev_num)
746 break;
747 }
748 read_unlock_bh(&hci_dev_list_lock);
749
750 dl->dev_num = n;
751 size = sizeof(*dl) + n * sizeof(*dr);
752
753 err = copy_to_user(arg, dl, size);
754 kfree(dl);
755
756 return err ? -EFAULT : 0;
757}
758
759int hci_get_dev_info(void __user *arg)
760{
761 struct hci_dev *hdev;
762 struct hci_dev_info di;
763 int err = 0;
764
765 if (copy_from_user(&di, arg, sizeof(di)))
766 return -EFAULT;
767
768 if (!(hdev = hci_dev_get(di.dev_id)))
769 return -ENODEV;
770
771 strcpy(di.name, hdev->name);
772 di.bdaddr = hdev->bdaddr;
773 di.type = hdev->type;
774 di.flags = hdev->flags;
775 di.pkt_type = hdev->pkt_type;
776 di.acl_mtu = hdev->acl_mtu;
777 di.acl_pkts = hdev->acl_pkts;
778 di.sco_mtu = hdev->sco_mtu;
779 di.sco_pkts = hdev->sco_pkts;
780 di.link_policy = hdev->link_policy;
781 di.link_mode = hdev->link_mode;
782
783 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
784 memcpy(&di.features, &hdev->features, sizeof(di.features));
785
786 if (copy_to_user(arg, &di, sizeof(di)))
787 err = -EFAULT;
788
789 hci_dev_put(hdev);
790
791 return err;
792}
793
794/* ---- Interface to HCI drivers ---- */
795
796/* Alloc HCI device */
797struct hci_dev *hci_alloc_dev(void)
798{
799 struct hci_dev *hdev;
800
801 hdev = kmalloc(sizeof(struct hci_dev), GFP_KERNEL);
802 if (!hdev)
803 return NULL;
804
805 memset(hdev, 0, sizeof(struct hci_dev));
806
807 skb_queue_head_init(&hdev->driver_init);
808
809 return hdev;
810}
811EXPORT_SYMBOL(hci_alloc_dev);
812
813/* Free HCI device */
814void hci_free_dev(struct hci_dev *hdev)
815{
816 skb_queue_purge(&hdev->driver_init);
817
818 /* will free via class release */
819 class_device_put(&hdev->class_dev);
820}
821EXPORT_SYMBOL(hci_free_dev);
822
823/* Register HCI device */
824int hci_register_dev(struct hci_dev *hdev)
825{
826 struct list_head *head = &hci_dev_list, *p;
827 int id = 0;
828
829 BT_DBG("%p name %s type %d owner %p", hdev, hdev->name, hdev->type, hdev->owner);
830
831 if (!hdev->open || !hdev->close || !hdev->destruct)
832 return -EINVAL;
833
834 write_lock_bh(&hci_dev_list_lock);
835
836 /* Find first available device id */
837 list_for_each(p, &hci_dev_list) {
838 if (list_entry(p, struct hci_dev, list)->id != id)
839 break;
840 head = p; id++;
841 }
842
843 sprintf(hdev->name, "hci%d", id);
844 hdev->id = id;
845 list_add(&hdev->list, head);
846
847 atomic_set(&hdev->refcnt, 1);
848 spin_lock_init(&hdev->lock);
849
850 hdev->flags = 0;
851 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
852 hdev->link_mode = (HCI_LM_ACCEPT);
853
854 tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev);
855 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
856 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
857
858 skb_queue_head_init(&hdev->rx_q);
859 skb_queue_head_init(&hdev->cmd_q);
860 skb_queue_head_init(&hdev->raw_q);
861
862 init_waitqueue_head(&hdev->req_wait_q);
863 init_MUTEX(&hdev->req_lock);
864
865 inquiry_cache_init(hdev);
866
867 hci_conn_hash_init(hdev);
868
869 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
870
871 atomic_set(&hdev->promisc, 0);
872
873 write_unlock_bh(&hci_dev_list_lock);
874
875 hci_register_sysfs(hdev);
876
877 hci_notify(hdev, HCI_DEV_REG);
878
879 return id;
880}
881EXPORT_SYMBOL(hci_register_dev);
882
883/* Unregister HCI device */
884int hci_unregister_dev(struct hci_dev *hdev)
885{
886 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
887
888 hci_unregister_sysfs(hdev);
889
890 write_lock_bh(&hci_dev_list_lock);
891 list_del(&hdev->list);
892 write_unlock_bh(&hci_dev_list_lock);
893
894 hci_dev_do_close(hdev);
895
896 hci_notify(hdev, HCI_DEV_UNREG);
897
898 __hci_dev_put(hdev);
899 return 0;
900}
901EXPORT_SYMBOL(hci_unregister_dev);
902
903/* Suspend HCI device */
904int hci_suspend_dev(struct hci_dev *hdev)
905{
906 hci_notify(hdev, HCI_DEV_SUSPEND);
907 return 0;
908}
909EXPORT_SYMBOL(hci_suspend_dev);
910
911/* Resume HCI device */
912int hci_resume_dev(struct hci_dev *hdev)
913{
914 hci_notify(hdev, HCI_DEV_RESUME);
915 return 0;
916}
917EXPORT_SYMBOL(hci_resume_dev);
918
919/* ---- Interface to upper protocols ---- */
920
921/* Register/Unregister protocols.
922 * hci_task_lock is used to ensure that no tasks are running. */
923int hci_register_proto(struct hci_proto *hp)
924{
925 int err = 0;
926
927 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
928
929 if (hp->id >= HCI_MAX_PROTO)
930 return -EINVAL;
931
932 write_lock_bh(&hci_task_lock);
933
934 if (!hci_proto[hp->id])
935 hci_proto[hp->id] = hp;
936 else
937 err = -EEXIST;
938
939 write_unlock_bh(&hci_task_lock);
940
941 return err;
942}
943EXPORT_SYMBOL(hci_register_proto);
944
945int hci_unregister_proto(struct hci_proto *hp)
946{
947 int err = 0;
948
949 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
950
951 if (hp->id >= HCI_MAX_PROTO)
952 return -EINVAL;
953
954 write_lock_bh(&hci_task_lock);
955
956 if (hci_proto[hp->id])
957 hci_proto[hp->id] = NULL;
958 else
959 err = -ENOENT;
960
961 write_unlock_bh(&hci_task_lock);
962
963 return err;
964}
965EXPORT_SYMBOL(hci_unregister_proto);
966
967int hci_register_cb(struct hci_cb *cb)
968{
969 BT_DBG("%p name %s", cb, cb->name);
970
971 write_lock_bh(&hci_cb_list_lock);
972 list_add(&cb->list, &hci_cb_list);
973 write_unlock_bh(&hci_cb_list_lock);
974
975 return 0;
976}
977EXPORT_SYMBOL(hci_register_cb);
978
979int hci_unregister_cb(struct hci_cb *cb)
980{
981 BT_DBG("%p name %s", cb, cb->name);
982
983 write_lock_bh(&hci_cb_list_lock);
984 list_del(&cb->list);
985 write_unlock_bh(&hci_cb_list_lock);
986
987 return 0;
988}
989EXPORT_SYMBOL(hci_unregister_cb);
990
991static int hci_send_frame(struct sk_buff *skb)
992{
993 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
994
995 if (!hdev) {
996 kfree_skb(skb);
997 return -ENODEV;
998 }
999
1000 BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len);
1001
1002 if (atomic_read(&hdev->promisc)) {
1003 /* Time stamp */
1004 do_gettimeofday(&skb->stamp);
1005
1006 hci_send_to_sock(hdev, skb);
1007 }
1008
1009 /* Get rid of skb owner, prior to sending to the driver. */
1010 skb_orphan(skb);
1011
1012 return hdev->send(skb);
1013}
1014
1015/* Send HCI command */
1016int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void *param)
1017{
1018 int len = HCI_COMMAND_HDR_SIZE + plen;
1019 struct hci_command_hdr *hdr;
1020 struct sk_buff *skb;
1021
1022 BT_DBG("%s ogf 0x%x ocf 0x%x plen %d", hdev->name, ogf, ocf, plen);
1023
1024 skb = bt_skb_alloc(len, GFP_ATOMIC);
1025 if (!skb) {
1026 BT_ERR("%s Can't allocate memory for HCI command", hdev->name);
1027 return -ENOMEM;
1028 }
1029
1030 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1031 hdr->opcode = __cpu_to_le16(hci_opcode_pack(ogf, ocf));
1032 hdr->plen = plen;
1033
1034 if (plen)
1035 memcpy(skb_put(skb, plen), param, plen);
1036
1037 BT_DBG("skb len %d", skb->len);
1038
1039 skb->pkt_type = HCI_COMMAND_PKT;
1040 skb->dev = (void *) hdev;
1041 skb_queue_tail(&hdev->cmd_q, skb);
1042 hci_sched_cmd(hdev);
1043
1044 return 0;
1045}
1046EXPORT_SYMBOL(hci_send_cmd);
1047
1048/* Get data from the previously sent command */
1049void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 ogf, __u16 ocf)
1050{
1051 struct hci_command_hdr *hdr;
1052
1053 if (!hdev->sent_cmd)
1054 return NULL;
1055
1056 hdr = (void *) hdev->sent_cmd->data;
1057
1058 if (hdr->opcode != __cpu_to_le16(hci_opcode_pack(ogf, ocf)))
1059 return NULL;
1060
1061 BT_DBG("%s ogf 0x%x ocf 0x%x", hdev->name, ogf, ocf);
1062
1063 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1064}
1065
1066/* Send ACL data */
1067static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1068{
1069 struct hci_acl_hdr *hdr;
1070 int len = skb->len;
1071
1072 hdr = (struct hci_acl_hdr *) skb_push(skb, HCI_ACL_HDR_SIZE);
1073 hdr->handle = __cpu_to_le16(hci_handle_pack(handle, flags));
1074 hdr->dlen = __cpu_to_le16(len);
1075
1076 skb->h.raw = (void *) hdr;
1077}
1078
1079int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1080{
1081 struct hci_dev *hdev = conn->hdev;
1082 struct sk_buff *list;
1083
1084 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1085
1086 skb->dev = (void *) hdev;
1087 skb->pkt_type = HCI_ACLDATA_PKT;
1088 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1089
1090 if (!(list = skb_shinfo(skb)->frag_list)) {
1091 /* Non fragmented */
1092 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1093
1094 skb_queue_tail(&conn->data_q, skb);
1095 } else {
1096 /* Fragmented */
1097 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1098
1099 skb_shinfo(skb)->frag_list = NULL;
1100
1101 /* Queue all fragments atomically */
1102 spin_lock_bh(&conn->data_q.lock);
1103
1104 __skb_queue_tail(&conn->data_q, skb);
1105 do {
1106 skb = list; list = list->next;
1107
1108 skb->dev = (void *) hdev;
1109 skb->pkt_type = HCI_ACLDATA_PKT;
1110 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
1111
1112 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1113
1114 __skb_queue_tail(&conn->data_q, skb);
1115 } while (list);
1116
1117 spin_unlock_bh(&conn->data_q.lock);
1118 }
1119
1120 hci_sched_tx(hdev);
1121 return 0;
1122}
1123EXPORT_SYMBOL(hci_send_acl);
1124
1125/* Send SCO data */
1126int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1127{
1128 struct hci_dev *hdev = conn->hdev;
1129 struct hci_sco_hdr hdr;
1130
1131 BT_DBG("%s len %d", hdev->name, skb->len);
1132
1133 if (skb->len > hdev->sco_mtu) {
1134 kfree_skb(skb);
1135 return -EINVAL;
1136 }
1137
1138 hdr.handle = __cpu_to_le16(conn->handle);
1139 hdr.dlen = skb->len;
1140
1141 skb->h.raw = skb_push(skb, HCI_SCO_HDR_SIZE);
1142 memcpy(skb->h.raw, &hdr, HCI_SCO_HDR_SIZE);
1143
1144 skb->dev = (void *) hdev;
1145 skb->pkt_type = HCI_SCODATA_PKT;
1146 skb_queue_tail(&conn->data_q, skb);
1147 hci_sched_tx(hdev);
1148 return 0;
1149}
1150EXPORT_SYMBOL(hci_send_sco);
1151
1152/* ---- HCI TX task (outgoing data) ---- */
1153
1154/* HCI Connection scheduler */
1155static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
1156{
1157 struct hci_conn_hash *h = &hdev->conn_hash;
1158 struct hci_conn *conn = NULL;
1159 int num = 0, min = ~0;
1160 struct list_head *p;
1161
1162 /* We don't have to lock device here. Connections are always
1163 * added and removed with TX task disabled. */
1164 list_for_each(p, &h->list) {
1165 struct hci_conn *c;
1166 c = list_entry(p, struct hci_conn, list);
1167
1168 if (c->type != type || c->state != BT_CONNECTED
1169 || skb_queue_empty(&c->data_q))
1170 continue;
1171 num++;
1172
1173 if (c->sent < min) {
1174 min = c->sent;
1175 conn = c;
1176 }
1177 }
1178
1179 if (conn) {
1180 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt);
1181 int q = cnt / num;
1182 *quote = q ? q : 1;
1183 } else
1184 *quote = 0;
1185
1186 BT_DBG("conn %p quote %d", conn, *quote);
1187 return conn;
1188}
1189
1190static inline void hci_acl_tx_to(struct hci_dev *hdev)
1191{
1192 struct hci_conn_hash *h = &hdev->conn_hash;
1193 struct list_head *p;
1194 struct hci_conn *c;
1195
1196 BT_ERR("%s ACL tx timeout", hdev->name);
1197
1198 /* Kill stalled connections */
1199 list_for_each(p, &h->list) {
1200 c = list_entry(p, struct hci_conn, list);
1201 if (c->type == ACL_LINK && c->sent) {
1202 BT_ERR("%s killing stalled ACL connection %s",
1203 hdev->name, batostr(&c->dst));
1204 hci_acl_disconn(c, 0x13);
1205 }
1206 }
1207}
1208
1209static inline void hci_sched_acl(struct hci_dev *hdev)
1210{
1211 struct hci_conn *conn;
1212 struct sk_buff *skb;
1213 int quote;
1214
1215 BT_DBG("%s", hdev->name);
1216
1217 if (!test_bit(HCI_RAW, &hdev->flags)) {
1218 /* ACL tx timeout must be longer than maximum
1219 * link supervision timeout (40.9 seconds) */
1220 if (!hdev->acl_cnt && (jiffies - hdev->acl_last_tx) > (HZ * 45))
1221 hci_acl_tx_to(hdev);
1222 }
1223
1224 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) {
1225 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1226 BT_DBG("skb %p len %d", skb, skb->len);
1227 hci_send_frame(skb);
1228 hdev->acl_last_tx = jiffies;
1229
1230 hdev->acl_cnt--;
1231 conn->sent++;
1232 }
1233 }
1234}
1235
1236/* Schedule SCO */
1237static inline void hci_sched_sco(struct hci_dev *hdev)
1238{
1239 struct hci_conn *conn;
1240 struct sk_buff *skb;
1241 int quote;
1242
1243 BT_DBG("%s", hdev->name);
1244
1245 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
1246 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1247 BT_DBG("skb %p len %d", skb, skb->len);
1248 hci_send_frame(skb);
1249
1250 conn->sent++;
1251 if (conn->sent == ~0)
1252 conn->sent = 0;
1253 }
1254 }
1255}
1256
1257static void hci_tx_task(unsigned long arg)
1258{
1259 struct hci_dev *hdev = (struct hci_dev *) arg;
1260 struct sk_buff *skb;
1261
1262 read_lock(&hci_task_lock);
1263
1264 BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
1265
1266 /* Schedule queues and send stuff to HCI driver */
1267
1268 hci_sched_acl(hdev);
1269
1270 hci_sched_sco(hdev);
1271
1272 /* Send next queued raw (unknown type) packet */
1273 while ((skb = skb_dequeue(&hdev->raw_q)))
1274 hci_send_frame(skb);
1275
1276 read_unlock(&hci_task_lock);
1277}
1278
1279/* ----- HCI RX task (incoming data proccessing) ----- */
1280
1281/* ACL data packet */
1282static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1283{
1284 struct hci_acl_hdr *hdr = (void *) skb->data;
1285 struct hci_conn *conn;
1286 __u16 handle, flags;
1287
1288 skb_pull(skb, HCI_ACL_HDR_SIZE);
1289
1290 handle = __le16_to_cpu(hdr->handle);
1291 flags = hci_flags(handle);
1292 handle = hci_handle(handle);
1293
1294 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
1295
1296 hdev->stat.acl_rx++;
1297
1298 hci_dev_lock(hdev);
1299 conn = hci_conn_hash_lookup_handle(hdev, handle);
1300 hci_dev_unlock(hdev);
1301
1302 if (conn) {
1303 register struct hci_proto *hp;
1304
1305 /* Send to upper protocol */
1306 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) {
1307 hp->recv_acldata(conn, skb, flags);
1308 return;
1309 }
1310 } else {
1311 BT_ERR("%s ACL packet for unknown connection handle %d",
1312 hdev->name, handle);
1313 }
1314
1315 kfree_skb(skb);
1316}
1317
1318/* SCO data packet */
1319static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1320{
1321 struct hci_sco_hdr *hdr = (void *) skb->data;
1322 struct hci_conn *conn;
1323 __u16 handle;
1324
1325 skb_pull(skb, HCI_SCO_HDR_SIZE);
1326
1327 handle = __le16_to_cpu(hdr->handle);
1328
1329 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
1330
1331 hdev->stat.sco_rx++;
1332
1333 hci_dev_lock(hdev);
1334 conn = hci_conn_hash_lookup_handle(hdev, handle);
1335 hci_dev_unlock(hdev);
1336
1337 if (conn) {
1338 register struct hci_proto *hp;
1339
1340 /* Send to upper protocol */
1341 if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) {
1342 hp->recv_scodata(conn, skb);
1343 return;
1344 }
1345 } else {
1346 BT_ERR("%s SCO packet for unknown connection handle %d",
1347 hdev->name, handle);
1348 }
1349
1350 kfree_skb(skb);
1351}
1352
1353void hci_rx_task(unsigned long arg)
1354{
1355 struct hci_dev *hdev = (struct hci_dev *) arg;
1356 struct sk_buff *skb;
1357
1358 BT_DBG("%s", hdev->name);
1359
1360 read_lock(&hci_task_lock);
1361
1362 while ((skb = skb_dequeue(&hdev->rx_q))) {
1363 if (atomic_read(&hdev->promisc)) {
1364 /* Send copy to the sockets */
1365 hci_send_to_sock(hdev, skb);
1366 }
1367
1368 if (test_bit(HCI_RAW, &hdev->flags)) {
1369 kfree_skb(skb);
1370 continue;
1371 }
1372
1373 if (test_bit(HCI_INIT, &hdev->flags)) {
1374 /* Don't process data packets in this states. */
1375 switch (skb->pkt_type) {
1376 case HCI_ACLDATA_PKT:
1377 case HCI_SCODATA_PKT:
1378 kfree_skb(skb);
1379 continue;
1380 };
1381 }
1382
1383 /* Process frame */
1384 switch (skb->pkt_type) {
1385 case HCI_EVENT_PKT:
1386 hci_event_packet(hdev, skb);
1387 break;
1388
1389 case HCI_ACLDATA_PKT:
1390 BT_DBG("%s ACL data packet", hdev->name);
1391 hci_acldata_packet(hdev, skb);
1392 break;
1393
1394 case HCI_SCODATA_PKT:
1395 BT_DBG("%s SCO data packet", hdev->name);
1396 hci_scodata_packet(hdev, skb);
1397 break;
1398
1399 default:
1400 kfree_skb(skb);
1401 break;
1402 }
1403 }
1404
1405 read_unlock(&hci_task_lock);
1406}
1407
1408static void hci_cmd_task(unsigned long arg)
1409{
1410 struct hci_dev *hdev = (struct hci_dev *) arg;
1411 struct sk_buff *skb;
1412
1413 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
1414
1415 if (!atomic_read(&hdev->cmd_cnt) && (jiffies - hdev->cmd_last_tx) > HZ) {
1416 BT_ERR("%s command tx timeout", hdev->name);
1417 atomic_set(&hdev->cmd_cnt, 1);
1418 }
1419
1420 /* Send queued commands */
1421 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
1422 if (hdev->sent_cmd)
1423 kfree_skb(hdev->sent_cmd);
1424
1425 if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) {
1426 atomic_dec(&hdev->cmd_cnt);
1427 hci_send_frame(skb);
1428 hdev->cmd_last_tx = jiffies;
1429 } else {
1430 skb_queue_head(&hdev->cmd_q, skb);
1431 hci_sched_cmd(hdev);
1432 }
1433 }
1434}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
new file mode 100644
index 00000000000..8ccba8ee997
--- /dev/null
+++ b/net/bluetooth/hci_event.c
@@ -0,0 +1,1044 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/skbuff.h>
40#include <linux/interrupt.h>
41#include <linux/notifier.h>
42#include <net/sock.h>
43
44#include <asm/system.h>
45#include <asm/uaccess.h>
46#include <asm/unaligned.h>
47
48#include <net/bluetooth/bluetooth.h>
49#include <net/bluetooth/hci_core.h>
50
51#ifndef CONFIG_BT_HCI_CORE_DEBUG
52#undef BT_DBG
53#define BT_DBG(D...)
54#endif
55
56/* Handle HCI Event packets */
57
58/* Command Complete OGF LINK_CTL */
59static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
60{
61 __u8 status;
62
63 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
64
65 switch (ocf) {
66 case OCF_INQUIRY_CANCEL:
67 status = *((__u8 *) skb->data);
68
69 if (status) {
70 BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
71 } else {
72 clear_bit(HCI_INQUIRY, &hdev->flags);
73 hci_req_complete(hdev, status);
74 }
75 break;
76
77 default:
78 BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
79 break;
80 }
81}
82
83/* Command Complete OGF LINK_POLICY */
84static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
85{
86 struct hci_conn *conn;
87 struct hci_rp_role_discovery *rd;
88
89 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
90
91 switch (ocf) {
92 case OCF_ROLE_DISCOVERY:
93 rd = (void *) skb->data;
94
95 if (rd->status)
96 break;
97
98 hci_dev_lock(hdev);
99
100 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
101 if (conn) {
102 if (rd->role)
103 conn->link_mode &= ~HCI_LM_MASTER;
104 else
105 conn->link_mode |= HCI_LM_MASTER;
106 }
107
108 hci_dev_unlock(hdev);
109 break;
110
111 default:
112 BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x",
113 hdev->name, ocf);
114 break;
115 }
116}
117
118/* Command Complete OGF HOST_CTL */
119static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
120{
121 __u8 status, param;
122 __u16 setting;
123 struct hci_rp_read_voice_setting *vs;
124 void *sent;
125
126 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
127
128 switch (ocf) {
129 case OCF_RESET:
130 status = *((__u8 *) skb->data);
131 hci_req_complete(hdev, status);
132 break;
133
134 case OCF_SET_EVENT_FLT:
135 status = *((__u8 *) skb->data);
136 if (status) {
137 BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
138 } else {
139 BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
140 }
141 break;
142
143 case OCF_WRITE_AUTH_ENABLE:
144 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
145 if (!sent)
146 break;
147
148 status = *((__u8 *) skb->data);
149 param = *((__u8 *) sent);
150
151 if (!status) {
152 if (param == AUTH_ENABLED)
153 set_bit(HCI_AUTH, &hdev->flags);
154 else
155 clear_bit(HCI_AUTH, &hdev->flags);
156 }
157 hci_req_complete(hdev, status);
158 break;
159
160 case OCF_WRITE_ENCRYPT_MODE:
161 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
162 if (!sent)
163 break;
164
165 status = *((__u8 *) skb->data);
166 param = *((__u8 *) sent);
167
168 if (!status) {
169 if (param)
170 set_bit(HCI_ENCRYPT, &hdev->flags);
171 else
172 clear_bit(HCI_ENCRYPT, &hdev->flags);
173 }
174 hci_req_complete(hdev, status);
175 break;
176
177 case OCF_WRITE_CA_TIMEOUT:
178 status = *((__u8 *) skb->data);
179 if (status) {
180 BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
181 } else {
182 BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
183 }
184 break;
185
186 case OCF_WRITE_PG_TIMEOUT:
187 status = *((__u8 *) skb->data);
188 if (status) {
189 BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
190 } else {
191 BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
192 }
193 break;
194
195 case OCF_WRITE_SCAN_ENABLE:
196 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
197 if (!sent)
198 break;
199
200 status = *((__u8 *) skb->data);
201 param = *((__u8 *) sent);
202
203 BT_DBG("param 0x%x", param);
204
205 if (!status) {
206 clear_bit(HCI_PSCAN, &hdev->flags);
207 clear_bit(HCI_ISCAN, &hdev->flags);
208 if (param & SCAN_INQUIRY)
209 set_bit(HCI_ISCAN, &hdev->flags);
210
211 if (param & SCAN_PAGE)
212 set_bit(HCI_PSCAN, &hdev->flags);
213 }
214 hci_req_complete(hdev, status);
215 break;
216
217 case OCF_READ_VOICE_SETTING:
218 vs = (struct hci_rp_read_voice_setting *) skb->data;
219
220 if (vs->status) {
221 BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vs->status);
222 break;
223 }
224
225 setting = __le16_to_cpu(vs->voice_setting);
226
227 if (hdev->voice_setting != setting ) {
228 hdev->voice_setting = setting;
229
230 BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
231
232 if (hdev->notify) {
233 tasklet_disable(&hdev->tx_task);
234 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
235 tasklet_enable(&hdev->tx_task);
236 }
237 }
238 break;
239
240 case OCF_WRITE_VOICE_SETTING:
241 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
242 if (!sent)
243 break;
244
245 status = *((__u8 *) skb->data);
246 setting = __le16_to_cpu(get_unaligned((__u16 *) sent));
247
248 if (!status && hdev->voice_setting != setting) {
249 hdev->voice_setting = setting;
250
251 BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
252
253 if (hdev->notify) {
254 tasklet_disable(&hdev->tx_task);
255 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
256 tasklet_enable(&hdev->tx_task);
257 }
258 }
259 hci_req_complete(hdev, status);
260 break;
261
262 case OCF_HOST_BUFFER_SIZE:
263 status = *((__u8 *) skb->data);
264 if (status) {
265 BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
266 hci_req_complete(hdev, status);
267 }
268 break;
269
270 default:
271 BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
272 break;
273 }
274}
275
276/* Command Complete OGF INFO_PARAM */
277static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
278{
279 struct hci_rp_read_loc_features *lf;
280 struct hci_rp_read_buffer_size *bs;
281 struct hci_rp_read_bd_addr *ba;
282
283 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
284
285 switch (ocf) {
286 case OCF_READ_LOCAL_FEATURES:
287 lf = (struct hci_rp_read_loc_features *) skb->data;
288
289 if (lf->status) {
290 BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
291 break;
292 }
293
294 memcpy(hdev->features, lf->features, sizeof(hdev->features));
295
296 /* Adjust default settings according to features
297 * supported by device. */
298 if (hdev->features[0] & LMP_3SLOT)
299 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
300
301 if (hdev->features[0] & LMP_5SLOT)
302 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
303
304 if (hdev->features[1] & LMP_HV2)
305 hdev->pkt_type |= (HCI_HV2);
306
307 if (hdev->features[1] & LMP_HV3)
308 hdev->pkt_type |= (HCI_HV3);
309
310 BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name, lf->features[0], lf->features[1], lf->features[2]);
311
312 break;
313
314 case OCF_READ_BUFFER_SIZE:
315 bs = (struct hci_rp_read_buffer_size *) skb->data;
316
317 if (bs->status) {
318 BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
319 hci_req_complete(hdev, bs->status);
320 break;
321 }
322
323 hdev->acl_mtu = __le16_to_cpu(bs->acl_mtu);
324 hdev->sco_mtu = bs->sco_mtu ? bs->sco_mtu : 64;
325 hdev->acl_pkts = hdev->acl_cnt = __le16_to_cpu(bs->acl_max_pkt);
326 hdev->sco_pkts = hdev->sco_cnt = __le16_to_cpu(bs->sco_max_pkt);
327
328 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
329 hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
330 break;
331
332 case OCF_READ_BD_ADDR:
333 ba = (struct hci_rp_read_bd_addr *) skb->data;
334
335 if (!ba->status) {
336 bacpy(&hdev->bdaddr, &ba->bdaddr);
337 } else {
338 BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
339 }
340
341 hci_req_complete(hdev, ba->status);
342 break;
343
344 default:
345 BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
346 break;
347 }
348}
349
350/* Command Status OGF LINK_CTL */
351static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
352{
353 struct hci_conn *conn;
354 struct hci_cp_create_conn *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
355
356 if (!cp)
357 return;
358
359 hci_dev_lock(hdev);
360
361 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
362
363 BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
364 status, batostr(&cp->bdaddr), conn);
365
366 if (status) {
367 if (conn && conn->state == BT_CONNECT) {
368 conn->state = BT_CLOSED;
369 hci_proto_connect_cfm(conn, status);
370 hci_conn_del(conn);
371 }
372 } else {
373 if (!conn) {
374 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
375 if (conn) {
376 conn->out = 1;
377 conn->link_mode |= HCI_LM_MASTER;
378 } else
379 BT_ERR("No memmory for new connection");
380 }
381 }
382
383 hci_dev_unlock(hdev);
384}
385
386static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
387{
388 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
389
390 switch (ocf) {
391 case OCF_CREATE_CONN:
392 hci_cs_create_conn(hdev, status);
393 break;
394
395 case OCF_ADD_SCO:
396 if (status) {
397 struct hci_conn *acl, *sco;
398 struct hci_cp_add_sco *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_ADD_SCO);
399 __u16 handle;
400
401 if (!cp)
402 break;
403
404 handle = __le16_to_cpu(cp->handle);
405
406 BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
407
408 hci_dev_lock(hdev);
409
410 acl = hci_conn_hash_lookup_handle(hdev, handle);
411 if (acl && (sco = acl->link)) {
412 sco->state = BT_CLOSED;
413
414 hci_proto_connect_cfm(sco, status);
415 hci_conn_del(sco);
416 }
417
418 hci_dev_unlock(hdev);
419 }
420 break;
421
422 case OCF_INQUIRY:
423 if (status) {
424 BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
425 hci_req_complete(hdev, status);
426 } else {
427 set_bit(HCI_INQUIRY, &hdev->flags);
428 }
429 break;
430
431 default:
432 BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d",
433 hdev->name, ocf, status);
434 break;
435 }
436}
437
438/* Command Status OGF LINK_POLICY */
439static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
440{
441 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
442
443 switch (ocf) {
444 default:
445 BT_DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf);
446 break;
447 }
448}
449
450/* Command Status OGF HOST_CTL */
451static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
452{
453 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
454
455 switch (ocf) {
456 default:
457 BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
458 break;
459 }
460}
461
462/* Command Status OGF INFO_PARAM */
463static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
464{
465 BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
466
467 switch (ocf) {
468 default:
469 BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
470 break;
471 }
472}
473
474/* Inquiry Complete */
475static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
476{
477 __u8 status = *((__u8 *) skb->data);
478
479 BT_DBG("%s status %d", hdev->name, status);
480
481 clear_bit(HCI_INQUIRY, &hdev->flags);
482 hci_req_complete(hdev, status);
483}
484
485/* Inquiry Result */
486static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
487{
488 struct inquiry_info *info = (struct inquiry_info *) (skb->data + 1);
489 int num_rsp = *((__u8 *) skb->data);
490
491 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
492
493 hci_dev_lock(hdev);
494 for (; num_rsp; num_rsp--) {
495 struct inquiry_data data;
496 bacpy(&data.bdaddr, &info->bdaddr);
497 data.pscan_rep_mode = info->pscan_rep_mode;
498 data.pscan_period_mode = info->pscan_period_mode;
499 data.pscan_mode = info->pscan_mode;
500 memcpy(data.dev_class, info->dev_class, 3);
501 data.clock_offset = info->clock_offset;
502 data.rssi = 0x00;
503 info++;
504 hci_inquiry_cache_update(hdev, &data);
505 }
506 hci_dev_unlock(hdev);
507}
508
509/* Inquiry Result With RSSI */
510static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
511{
512 struct inquiry_info_with_rssi *info = (struct inquiry_info_with_rssi *) (skb->data + 1);
513 int num_rsp = *((__u8 *) skb->data);
514
515 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
516
517 hci_dev_lock(hdev);
518 for (; num_rsp; num_rsp--) {
519 struct inquiry_data data;
520 bacpy(&data.bdaddr, &info->bdaddr);
521 data.pscan_rep_mode = info->pscan_rep_mode;
522 data.pscan_period_mode = info->pscan_period_mode;
523 data.pscan_mode = 0x00;
524 memcpy(data.dev_class, info->dev_class, 3);
525 data.clock_offset = info->clock_offset;
526 data.rssi = info->rssi;
527 info++;
528 hci_inquiry_cache_update(hdev, &data);
529 }
530 hci_dev_unlock(hdev);
531}
532
533/* Connect Request */
534static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
535{
536 struct hci_ev_conn_request *ev = (struct hci_ev_conn_request *) skb->data;
537 int mask = hdev->link_mode;
538
539 BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
540 batostr(&ev->bdaddr), ev->link_type);
541
542 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
543
544 if (mask & HCI_LM_ACCEPT) {
545 /* Connection accepted */
546 struct hci_conn *conn;
547 struct hci_cp_accept_conn_req cp;
548
549 hci_dev_lock(hdev);
550 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
551 if (!conn) {
552 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
553 BT_ERR("No memmory for new connection");
554 hci_dev_unlock(hdev);
555 return;
556 }
557 }
558 memcpy(conn->dev_class, ev->dev_class, 3);
559 conn->state = BT_CONNECT;
560 hci_dev_unlock(hdev);
561
562 bacpy(&cp.bdaddr, &ev->bdaddr);
563
564 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
565 cp.role = 0x00; /* Become master */
566 else
567 cp.role = 0x01; /* Remain slave */
568
569 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp);
570 } else {
571 /* Connection rejected */
572 struct hci_cp_reject_conn_req cp;
573
574 bacpy(&cp.bdaddr, &ev->bdaddr);
575 cp.reason = 0x0f;
576 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_REJECT_CONN_REQ, sizeof(cp), &cp);
577 }
578}
579
580/* Connect Complete */
581static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
582{
583 struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
584 struct hci_conn *conn = NULL;
585
586 BT_DBG("%s", hdev->name);
587
588 hci_dev_lock(hdev);
589
590 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
591 if (!conn) {
592 hci_dev_unlock(hdev);
593 return;
594 }
595
596 if (!ev->status) {
597 conn->handle = __le16_to_cpu(ev->handle);
598 conn->state = BT_CONNECTED;
599
600 if (test_bit(HCI_AUTH, &hdev->flags))
601 conn->link_mode |= HCI_LM_AUTH;
602
603 if (test_bit(HCI_ENCRYPT, &hdev->flags))
604 conn->link_mode |= HCI_LM_ENCRYPT;
605
606 /* Set link policy */
607 if (conn->type == ACL_LINK && hdev->link_policy) {
608 struct hci_cp_write_link_policy cp;
609 cp.handle = ev->handle;
610 cp.policy = __cpu_to_le16(hdev->link_policy);
611 hci_send_cmd(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY, sizeof(cp), &cp);
612 }
613
614 /* Set packet type for incoming connection */
615 if (!conn->out) {
616 struct hci_cp_change_conn_ptype cp;
617 cp.handle = ev->handle;
618 cp.pkt_type = (conn->type == ACL_LINK) ?
619 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
620 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
621
622 hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
623 }
624 } else
625 conn->state = BT_CLOSED;
626
627 if (conn->type == ACL_LINK) {
628 struct hci_conn *sco = conn->link;
629 if (sco) {
630 if (!ev->status)
631 hci_add_sco(sco, conn->handle);
632 else {
633 hci_proto_connect_cfm(sco, ev->status);
634 hci_conn_del(sco);
635 }
636 }
637 }
638
639 hci_proto_connect_cfm(conn, ev->status);
640 if (ev->status)
641 hci_conn_del(conn);
642
643 hci_dev_unlock(hdev);
644}
645
646/* Disconnect Complete */
647static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
648{
649 struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data;
650 struct hci_conn *conn = NULL;
651 __u16 handle = __le16_to_cpu(ev->handle);
652
653 BT_DBG("%s status %d", hdev->name, ev->status);
654
655 if (ev->status)
656 return;
657
658 hci_dev_lock(hdev);
659
660 conn = hci_conn_hash_lookup_handle(hdev, handle);
661 if (conn) {
662 conn->state = BT_CLOSED;
663 hci_proto_disconn_ind(conn, ev->reason);
664 hci_conn_del(conn);
665 }
666
667 hci_dev_unlock(hdev);
668}
669
670/* Number of completed packets */
671static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
672{
673 struct hci_ev_num_comp_pkts *ev = (struct hci_ev_num_comp_pkts *) skb->data;
674 __u16 *ptr;
675 int i;
676
677 skb_pull(skb, sizeof(*ev));
678
679 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
680
681 if (skb->len < ev->num_hndl * 4) {
682 BT_DBG("%s bad parameters", hdev->name);
683 return;
684 }
685
686 tasklet_disable(&hdev->tx_task);
687
688 for (i = 0, ptr = (__u16 *) skb->data; i < ev->num_hndl; i++) {
689 struct hci_conn *conn;
690 __u16 handle, count;
691
692 handle = __le16_to_cpu(get_unaligned(ptr++));
693 count = __le16_to_cpu(get_unaligned(ptr++));
694
695 conn = hci_conn_hash_lookup_handle(hdev, handle);
696 if (conn) {
697 conn->sent -= count;
698
699 if (conn->type == SCO_LINK) {
700 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
701 hdev->sco_cnt = hdev->sco_pkts;
702 } else {
703 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
704 hdev->acl_cnt = hdev->acl_pkts;
705 }
706 }
707 }
708 hci_sched_tx(hdev);
709
710 tasklet_enable(&hdev->tx_task);
711}
712
713/* Role Change */
714static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
715{
716 struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data;
717 struct hci_conn *conn = NULL;
718
719 BT_DBG("%s status %d", hdev->name, ev->status);
720
721 hci_dev_lock(hdev);
722
723 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
724 if (conn) {
725 if (!ev->status) {
726 if (ev->role)
727 conn->link_mode &= ~HCI_LM_MASTER;
728 else
729 conn->link_mode |= HCI_LM_MASTER;
730 }
731
732 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
733
734 hci_role_switch_cfm(conn, ev->status, ev->role);
735 }
736
737 hci_dev_unlock(hdev);
738}
739
740/* Authentication Complete */
741static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
742{
743 struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data;
744 struct hci_conn *conn = NULL;
745 __u16 handle = __le16_to_cpu(ev->handle);
746
747 BT_DBG("%s status %d", hdev->name, ev->status);
748
749 hci_dev_lock(hdev);
750
751 conn = hci_conn_hash_lookup_handle(hdev, handle);
752 if (conn) {
753 if (!ev->status)
754 conn->link_mode |= HCI_LM_AUTH;
755
756 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
757
758 hci_auth_cfm(conn, ev->status);
759
760 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
761 if (!ev->status) {
762 struct hci_cp_set_conn_encrypt cp;
763 cp.handle = __cpu_to_le16(conn->handle);
764 cp.encrypt = 1;
765 hci_send_cmd(conn->hdev, OGF_LINK_CTL,
766 OCF_SET_CONN_ENCRYPT,
767 sizeof(cp), &cp);
768 } else {
769 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
770 hci_encrypt_cfm(conn, ev->status, 0x00);
771 }
772 }
773 }
774
775 hci_dev_unlock(hdev);
776}
777
778/* Encryption Change */
779static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
780{
781 struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data;
782 struct hci_conn *conn = NULL;
783 __u16 handle = __le16_to_cpu(ev->handle);
784
785 BT_DBG("%s status %d", hdev->name, ev->status);
786
787 hci_dev_lock(hdev);
788
789 conn = hci_conn_hash_lookup_handle(hdev, handle);
790 if (conn) {
791 if (!ev->status) {
792 if (ev->encrypt)
793 conn->link_mode |= HCI_LM_ENCRYPT;
794 else
795 conn->link_mode &= ~HCI_LM_ENCRYPT;
796 }
797
798 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
799
800 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
801 }
802
803 hci_dev_unlock(hdev);
804}
805
806/* Change Connection Link Key Complete */
807static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
808{
809 struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data;
810 struct hci_conn *conn = NULL;
811 __u16 handle = __le16_to_cpu(ev->handle);
812
813 BT_DBG("%s status %d", hdev->name, ev->status);
814
815 hci_dev_lock(hdev);
816
817 conn = hci_conn_hash_lookup_handle(hdev, handle);
818 if (conn) {
819 if (!ev->status)
820 conn->link_mode |= HCI_LM_SECURE;
821
822 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
823
824 hci_key_change_cfm(conn, ev->status);
825 }
826
827 hci_dev_unlock(hdev);
828}
829
830/* Pin Code Request*/
831static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
832{
833}
834
835/* Link Key Request */
836static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
837{
838}
839
840/* Link Key Notification */
841static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
842{
843}
844
845/* Clock Offset */
846static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data;
849 struct hci_conn *conn = NULL;
850 __u16 handle = __le16_to_cpu(ev->handle);
851
852 BT_DBG("%s status %d", hdev->name, ev->status);
853
854 hci_dev_lock(hdev);
855
856 conn = hci_conn_hash_lookup_handle(hdev, handle);
857 if (conn && !ev->status) {
858 struct inquiry_entry *ie;
859
860 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
861 ie->data.clock_offset = ev->clock_offset;
862 ie->timestamp = jiffies;
863 }
864 }
865
866 hci_dev_unlock(hdev);
867}
868
869void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
870{
871 struct hci_event_hdr *hdr = (struct hci_event_hdr *) skb->data;
872 struct hci_ev_cmd_complete *ec;
873 struct hci_ev_cmd_status *cs;
874 u16 opcode, ocf, ogf;
875
876 skb_pull(skb, HCI_EVENT_HDR_SIZE);
877
878 BT_DBG("%s evt 0x%x", hdev->name, hdr->evt);
879
880 switch (hdr->evt) {
881 case HCI_EV_NUM_COMP_PKTS:
882 hci_num_comp_pkts_evt(hdev, skb);
883 break;
884
885 case HCI_EV_INQUIRY_COMPLETE:
886 hci_inquiry_complete_evt(hdev, skb);
887 break;
888
889 case HCI_EV_INQUIRY_RESULT:
890 hci_inquiry_result_evt(hdev, skb);
891 break;
892
893 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
894 hci_inquiry_result_with_rssi_evt(hdev, skb);
895 break;
896
897 case HCI_EV_CONN_REQUEST:
898 hci_conn_request_evt(hdev, skb);
899 break;
900
901 case HCI_EV_CONN_COMPLETE:
902 hci_conn_complete_evt(hdev, skb);
903 break;
904
905 case HCI_EV_DISCONN_COMPLETE:
906 hci_disconn_complete_evt(hdev, skb);
907 break;
908
909 case HCI_EV_ROLE_CHANGE:
910 hci_role_change_evt(hdev, skb);
911 break;
912
913 case HCI_EV_AUTH_COMPLETE:
914 hci_auth_complete_evt(hdev, skb);
915 break;
916
917 case HCI_EV_ENCRYPT_CHANGE:
918 hci_encrypt_change_evt(hdev, skb);
919 break;
920
921 case HCI_EV_CHANGE_CONN_LINK_KEY_COMPLETE:
922 hci_change_conn_link_key_complete_evt(hdev, skb);
923 break;
924
925 case HCI_EV_PIN_CODE_REQ:
926 hci_pin_code_request_evt(hdev, skb);
927 break;
928
929 case HCI_EV_LINK_KEY_REQ:
930 hci_link_key_request_evt(hdev, skb);
931 break;
932
933 case HCI_EV_LINK_KEY_NOTIFY:
934 hci_link_key_notify_evt(hdev, skb);
935 break;
936
937 case HCI_EV_CLOCK_OFFSET:
938 hci_clock_offset_evt(hdev, skb);
939 break;
940
941 case HCI_EV_CMD_STATUS:
942 cs = (struct hci_ev_cmd_status *) skb->data;
943 skb_pull(skb, sizeof(cs));
944
945 opcode = __le16_to_cpu(cs->opcode);
946 ogf = hci_opcode_ogf(opcode);
947 ocf = hci_opcode_ocf(opcode);
948
949 switch (ogf) {
950 case OGF_INFO_PARAM:
951 hci_cs_info_param(hdev, ocf, cs->status);
952 break;
953
954 case OGF_HOST_CTL:
955 hci_cs_host_ctl(hdev, ocf, cs->status);
956 break;
957
958 case OGF_LINK_CTL:
959 hci_cs_link_ctl(hdev, ocf, cs->status);
960 break;
961
962 case OGF_LINK_POLICY:
963 hci_cs_link_policy(hdev, ocf, cs->status);
964 break;
965
966 default:
967 BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
968 break;
969 }
970
971 if (cs->ncmd) {
972 atomic_set(&hdev->cmd_cnt, 1);
973 if (!skb_queue_empty(&hdev->cmd_q))
974 hci_sched_cmd(hdev);
975 }
976 break;
977
978 case HCI_EV_CMD_COMPLETE:
979 ec = (struct hci_ev_cmd_complete *) skb->data;
980 skb_pull(skb, sizeof(*ec));
981
982 opcode = __le16_to_cpu(ec->opcode);
983 ogf = hci_opcode_ogf(opcode);
984 ocf = hci_opcode_ocf(opcode);
985
986 switch (ogf) {
987 case OGF_INFO_PARAM:
988 hci_cc_info_param(hdev, ocf, skb);
989 break;
990
991 case OGF_HOST_CTL:
992 hci_cc_host_ctl(hdev, ocf, skb);
993 break;
994
995 case OGF_LINK_CTL:
996 hci_cc_link_ctl(hdev, ocf, skb);
997 break;
998
999 case OGF_LINK_POLICY:
1000 hci_cc_link_policy(hdev, ocf, skb);
1001 break;
1002
1003 default:
1004 BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
1005 break;
1006 }
1007
1008 if (ec->ncmd) {
1009 atomic_set(&hdev->cmd_cnt, 1);
1010 if (!skb_queue_empty(&hdev->cmd_q))
1011 hci_sched_cmd(hdev);
1012 }
1013 break;
1014 }
1015
1016 kfree_skb(skb);
1017 hdev->stat.evt_rx++;
1018}
1019
1020/* Generate internal stack event */
1021void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1022{
1023 struct hci_event_hdr *hdr;
1024 struct hci_ev_stack_internal *ev;
1025 struct sk_buff *skb;
1026
1027 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1028 if (!skb)
1029 return;
1030
1031 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1032 hdr->evt = HCI_EV_STACK_INTERNAL;
1033 hdr->plen = sizeof(*ev) + dlen;
1034
1035 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
1036 ev->type = type;
1037 memcpy(ev->data, data, dlen);
1038
1039 skb->pkt_type = HCI_EVENT_PKT;
1040 skb->dev = (void *) hdev;
1041 hci_send_to_sock(hdev, skb);
1042 kfree_skb(skb);
1043}
1044EXPORT_SYMBOL(hci_si_event);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
new file mode 100644
index 00000000000..c9792ba7512
--- /dev/null
+++ b/net/bluetooth/hci_sock.c
@@ -0,0 +1,707 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI sockets. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/skbuff.h>
40#include <linux/workqueue.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/ioctl.h>
44#include <net/sock.h>
45
46#include <asm/system.h>
47#include <asm/uaccess.h>
48#include <asm/unaligned.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52
53#ifndef CONFIG_BT_HCI_SOCK_DEBUG
54#undef BT_DBG
55#define BT_DBG(D...)
56#endif
57
58/* ----- HCI socket interface ----- */
59
60static inline int hci_test_bit(int nr, void *addr)
61{
62 return *((__u32 *) addr + (nr >> 5)) & ((__u32) 1 << (nr & 31));
63}
64
65/* Security filter */
66static struct hci_sec_filter hci_sec_filter = {
67 /* Packet types */
68 0x10,
69 /* Events */
70 { 0x1000d9fe, 0x0000300c },
71 /* Commands */
72 {
73 { 0x0 },
74 /* OGF_LINK_CTL */
75 { 0xbe000006, 0x00000001, 0x0000, 0x00 },
76 /* OGF_LINK_POLICY */
77 { 0x00005200, 0x00000000, 0x0000, 0x00 },
78 /* OGF_HOST_CTL */
79 { 0xaab00200, 0x2b402aaa, 0x0154, 0x00 },
80 /* OGF_INFO_PARAM */
81 { 0x000002be, 0x00000000, 0x0000, 0x00 },
82 /* OGF_STATUS_PARAM */
83 { 0x000000ea, 0x00000000, 0x0000, 0x00 }
84 }
85};
86
87static struct bt_sock_list hci_sk_list = {
88 .lock = RW_LOCK_UNLOCKED
89};
90
91/* Send frame to RAW socket */
92void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
93{
94 struct sock *sk;
95 struct hlist_node *node;
96
97 BT_DBG("hdev %p len %d", hdev, skb->len);
98
99 read_lock(&hci_sk_list.lock);
100 sk_for_each(sk, node, &hci_sk_list.head) {
101 struct hci_filter *flt;
102 struct sk_buff *nskb;
103
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 continue;
106
107 /* Don't send frame to the socket it came from */
108 if (skb->sk == sk)
109 continue;
110
111 /* Apply filter */
112 flt = &hci_pi(sk)->filter;
113
114 if (!test_bit((skb->pkt_type == HCI_VENDOR_PKT) ?
115 0 : (skb->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
116 continue;
117
118 if (skb->pkt_type == HCI_EVENT_PKT) {
119 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
120
121 if (!hci_test_bit(evt, &flt->event_mask))
122 continue;
123
124 if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
125 flt->opcode != *(__u16 *)(skb->data + 3)) ||
126 (evt == HCI_EV_CMD_STATUS &&
127 flt->opcode != *(__u16 *)(skb->data + 4))))
128 continue;
129 }
130
131 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
132 continue;
133
134 /* Put type byte before the data */
135 memcpy(skb_push(nskb, 1), &nskb->pkt_type, 1);
136
137 if (sock_queue_rcv_skb(sk, nskb))
138 kfree_skb(nskb);
139 }
140 read_unlock(&hci_sk_list.lock);
141}
142
143static int hci_sock_release(struct socket *sock)
144{
145 struct sock *sk = sock->sk;
146 struct hci_dev *hdev = hci_pi(sk)->hdev;
147
148 BT_DBG("sock %p sk %p", sock, sk);
149
150 if (!sk)
151 return 0;
152
153 bt_sock_unlink(&hci_sk_list, sk);
154
155 if (hdev) {
156 atomic_dec(&hdev->promisc);
157 hci_dev_put(hdev);
158 }
159
160 sock_orphan(sk);
161
162 skb_queue_purge(&sk->sk_receive_queue);
163 skb_queue_purge(&sk->sk_write_queue);
164
165 sock_put(sk);
166 return 0;
167}
168
169/* Ioctls that require bound socket */
170static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
171{
172 struct hci_dev *hdev = hci_pi(sk)->hdev;
173
174 if (!hdev)
175 return -EBADFD;
176
177 switch (cmd) {
178 case HCISETRAW:
179 if (!capable(CAP_NET_ADMIN))
180 return -EACCES;
181
182 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
183 return -EPERM;
184
185 if (arg)
186 set_bit(HCI_RAW, &hdev->flags);
187 else
188 clear_bit(HCI_RAW, &hdev->flags);
189
190 return 0;
191
192 case HCISETSECMGR:
193 if (!capable(CAP_NET_ADMIN))
194 return -EACCES;
195
196 if (arg)
197 set_bit(HCI_SECMGR, &hdev->flags);
198 else
199 clear_bit(HCI_SECMGR, &hdev->flags);
200
201 return 0;
202
203 case HCIGETCONNINFO:
204 return hci_get_conn_info(hdev, (void __user *)arg);
205
206 default:
207 if (hdev->ioctl)
208 return hdev->ioctl(hdev, cmd, arg);
209 return -EINVAL;
210 }
211}
212
213static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
214{
215 struct sock *sk = sock->sk;
216 void __user *argp = (void __user *)arg;
217 int err;
218
219 BT_DBG("cmd %x arg %lx", cmd, arg);
220
221 switch (cmd) {
222 case HCIGETDEVLIST:
223 return hci_get_dev_list(argp);
224
225 case HCIGETDEVINFO:
226 return hci_get_dev_info(argp);
227
228 case HCIGETCONNLIST:
229 return hci_get_conn_list(argp);
230
231 case HCIDEVUP:
232 if (!capable(CAP_NET_ADMIN))
233 return -EACCES;
234 return hci_dev_open(arg);
235
236 case HCIDEVDOWN:
237 if (!capable(CAP_NET_ADMIN))
238 return -EACCES;
239 return hci_dev_close(arg);
240
241 case HCIDEVRESET:
242 if (!capable(CAP_NET_ADMIN))
243 return -EACCES;
244 return hci_dev_reset(arg);
245
246 case HCIDEVRESTAT:
247 if (!capable(CAP_NET_ADMIN))
248 return -EACCES;
249 return hci_dev_reset_stat(arg);
250
251 case HCISETSCAN:
252 case HCISETAUTH:
253 case HCISETENCRYPT:
254 case HCISETPTYPE:
255 case HCISETLINKPOL:
256 case HCISETLINKMODE:
257 case HCISETACLMTU:
258 case HCISETSCOMTU:
259 if (!capable(CAP_NET_ADMIN))
260 return -EACCES;
261 return hci_dev_cmd(cmd, argp);
262
263 case HCIINQUIRY:
264 return hci_inquiry(argp);
265
266 default:
267 lock_sock(sk);
268 err = hci_sock_bound_ioctl(sk, cmd, arg);
269 release_sock(sk);
270 return err;
271 }
272}
273
274static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
275{
276 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
277 struct sock *sk = sock->sk;
278 struct hci_dev *hdev = NULL;
279 int err = 0;
280
281 BT_DBG("sock %p sk %p", sock, sk);
282
283 if (!haddr || haddr->hci_family != AF_BLUETOOTH)
284 return -EINVAL;
285
286 lock_sock(sk);
287
288 if (hci_pi(sk)->hdev) {
289 err = -EALREADY;
290 goto done;
291 }
292
293 if (haddr->hci_dev != HCI_DEV_NONE) {
294 if (!(hdev = hci_dev_get(haddr->hci_dev))) {
295 err = -ENODEV;
296 goto done;
297 }
298
299 atomic_inc(&hdev->promisc);
300 }
301
302 hci_pi(sk)->hdev = hdev;
303 sk->sk_state = BT_BOUND;
304
305done:
306 release_sock(sk);
307 return err;
308}
309
310static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *addr_len, int peer)
311{
312 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
313 struct sock *sk = sock->sk;
314
315 BT_DBG("sock %p sk %p", sock, sk);
316
317 lock_sock(sk);
318
319 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hci_pi(sk)->hdev->id;
322
323 release_sock(sk);
324 return 0;
325}
326
327static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
328{
329 __u32 mask = hci_pi(sk)->cmsg_mask;
330
331 if (mask & HCI_CMSG_DIR)
332 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(int), &bt_cb(skb)->incoming);
333
334 if (mask & HCI_CMSG_TSTAMP)
335 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp);
336}
337
338static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
339 struct msghdr *msg, size_t len, int flags)
340{
341 int noblock = flags & MSG_DONTWAIT;
342 struct sock *sk = sock->sk;
343 struct sk_buff *skb;
344 int copied, err;
345
346 BT_DBG("sock %p, sk %p", sock, sk);
347
348 if (flags & (MSG_OOB))
349 return -EOPNOTSUPP;
350
351 if (sk->sk_state == BT_CLOSED)
352 return 0;
353
354 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
355 return err;
356
357 msg->msg_namelen = 0;
358
359 copied = skb->len;
360 if (len < copied) {
361 msg->msg_flags |= MSG_TRUNC;
362 copied = len;
363 }
364
365 skb->h.raw = skb->data;
366 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
367
368 hci_sock_cmsg(sk, msg, skb);
369
370 skb_free_datagram(sk, skb);
371
372 return err ? : copied;
373}
374
375static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
376 struct msghdr *msg, size_t len)
377{
378 struct sock *sk = sock->sk;
379 struct hci_dev *hdev;
380 struct sk_buff *skb;
381 int err;
382
383 BT_DBG("sock %p sk %p", sock, sk);
384
385 if (msg->msg_flags & MSG_OOB)
386 return -EOPNOTSUPP;
387
388 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_NOSIGNAL|MSG_ERRQUEUE))
389 return -EINVAL;
390
391 if (len < 4 || len > HCI_MAX_FRAME_SIZE)
392 return -EINVAL;
393
394 lock_sock(sk);
395
396 if (!(hdev = hci_pi(sk)->hdev)) {
397 err = -EBADFD;
398 goto done;
399 }
400
401 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
402 goto done;
403
404 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
405 err = -EFAULT;
406 goto drop;
407 }
408
409 skb->pkt_type = *((unsigned char *) skb->data);
410 skb_pull(skb, 1);
411 skb->dev = (void *) hdev;
412
413 if (skb->pkt_type == HCI_COMMAND_PKT) {
414 u16 opcode = __le16_to_cpu(get_unaligned((u16 *)skb->data));
415 u16 ogf = hci_opcode_ogf(opcode);
416 u16 ocf = hci_opcode_ocf(opcode);
417
418 if (((ogf > HCI_SFLT_MAX_OGF) ||
419 !hci_test_bit(ocf & HCI_FLT_OCF_BITS, &hci_sec_filter.ocf_mask[ogf])) &&
420 !capable(CAP_NET_RAW)) {
421 err = -EPERM;
422 goto drop;
423 }
424
425 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == OGF_VENDOR_CMD)) {
426 skb_queue_tail(&hdev->raw_q, skb);
427 hci_sched_tx(hdev);
428 } else {
429 skb_queue_tail(&hdev->cmd_q, skb);
430 hci_sched_cmd(hdev);
431 }
432 } else {
433 if (!capable(CAP_NET_RAW)) {
434 err = -EPERM;
435 goto drop;
436 }
437
438 skb_queue_tail(&hdev->raw_q, skb);
439 hci_sched_tx(hdev);
440 }
441
442 err = len;
443
444done:
445 release_sock(sk);
446 return err;
447
448drop:
449 kfree_skb(skb);
450 goto done;
451}
452
453static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int len)
454{
455 struct hci_ufilter uf = { .opcode = 0 };
456 struct sock *sk = sock->sk;
457 int err = 0, opt = 0;
458
459 BT_DBG("sk %p, opt %d", sk, optname);
460
461 lock_sock(sk);
462
463 switch (optname) {
464 case HCI_DATA_DIR:
465 if (get_user(opt, (int __user *)optval)) {
466 err = -EFAULT;
467 break;
468 }
469
470 if (opt)
471 hci_pi(sk)->cmsg_mask |= HCI_CMSG_DIR;
472 else
473 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_DIR;
474 break;
475
476 case HCI_TIME_STAMP:
477 if (get_user(opt, (int __user *)optval)) {
478 err = -EFAULT;
479 break;
480 }
481
482 if (opt)
483 hci_pi(sk)->cmsg_mask |= HCI_CMSG_TSTAMP;
484 else
485 hci_pi(sk)->cmsg_mask &= ~HCI_CMSG_TSTAMP;
486 break;
487
488 case HCI_FILTER:
489 len = min_t(unsigned int, len, sizeof(uf));
490 if (copy_from_user(&uf, optval, len)) {
491 err = -EFAULT;
492 break;
493 }
494
495 if (!capable(CAP_NET_RAW)) {
496 uf.type_mask &= hci_sec_filter.type_mask;
497 uf.event_mask[0] &= *((u32 *) hci_sec_filter.event_mask + 0);
498 uf.event_mask[1] &= *((u32 *) hci_sec_filter.event_mask + 1);
499 }
500
501 {
502 struct hci_filter *f = &hci_pi(sk)->filter;
503
504 f->type_mask = uf.type_mask;
505 f->opcode = uf.opcode;
506 *((u32 *) f->event_mask + 0) = uf.event_mask[0];
507 *((u32 *) f->event_mask + 1) = uf.event_mask[1];
508 }
509 break;
510
511 default:
512 err = -ENOPROTOOPT;
513 break;
514 }
515
516 release_sock(sk);
517 return err;
518}
519
520static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
521{
522 struct hci_ufilter uf;
523 struct sock *sk = sock->sk;
524 int len, opt;
525
526 if (get_user(len, optlen))
527 return -EFAULT;
528
529 switch (optname) {
530 case HCI_DATA_DIR:
531 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
532 opt = 1;
533 else
534 opt = 0;
535
536 if (put_user(opt, optval))
537 return -EFAULT;
538 break;
539
540 case HCI_TIME_STAMP:
541 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_TSTAMP)
542 opt = 1;
543 else
544 opt = 0;
545
546 if (put_user(opt, optval))
547 return -EFAULT;
548 break;
549
550 case HCI_FILTER:
551 {
552 struct hci_filter *f = &hci_pi(sk)->filter;
553
554 uf.type_mask = f->type_mask;
555 uf.opcode = f->opcode;
556 uf.event_mask[0] = *((u32 *) f->event_mask + 0);
557 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
558 }
559
560 len = min_t(unsigned int, len, sizeof(uf));
561 if (copy_to_user(optval, &uf, len))
562 return -EFAULT;
563 break;
564
565 default:
566 return -ENOPROTOOPT;
567 break;
568 }
569
570 return 0;
571}
572
573static struct proto_ops hci_sock_ops = {
574 .family = PF_BLUETOOTH,
575 .owner = THIS_MODULE,
576 .release = hci_sock_release,
577 .bind = hci_sock_bind,
578 .getname = hci_sock_getname,
579 .sendmsg = hci_sock_sendmsg,
580 .recvmsg = hci_sock_recvmsg,
581 .ioctl = hci_sock_ioctl,
582 .poll = datagram_poll,
583 .listen = sock_no_listen,
584 .shutdown = sock_no_shutdown,
585 .setsockopt = hci_sock_setsockopt,
586 .getsockopt = hci_sock_getsockopt,
587 .connect = sock_no_connect,
588 .socketpair = sock_no_socketpair,
589 .accept = sock_no_accept,
590 .mmap = sock_no_mmap
591};
592
593static struct proto hci_sk_proto = {
594 .name = "HCI",
595 .owner = THIS_MODULE,
596 .obj_size = sizeof(struct hci_pinfo)
597};
598
599static int hci_sock_create(struct socket *sock, int protocol)
600{
601 struct sock *sk;
602
603 BT_DBG("sock %p", sock);
604
605 if (sock->type != SOCK_RAW)
606 return -ESOCKTNOSUPPORT;
607
608 sock->ops = &hci_sock_ops;
609
610 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
611 if (!sk)
612 return -ENOMEM;
613
614 sock_init_data(sock, sk);
615
616 sock_reset_flag(sk, SOCK_ZAPPED);
617
618 sk->sk_protocol = protocol;
619
620 sock->state = SS_UNCONNECTED;
621 sk->sk_state = BT_OPEN;
622
623 bt_sock_link(&hci_sk_list, sk);
624 return 0;
625}
626
627static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
628{
629 struct hci_dev *hdev = (struct hci_dev *) ptr;
630 struct hci_ev_si_device ev;
631
632 BT_DBG("hdev %s event %ld", hdev->name, event);
633
634 /* Send event to sockets */
635 ev.event = event;
636 ev.dev_id = hdev->id;
637 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
638
639 if (event == HCI_DEV_UNREG) {
640 struct sock *sk;
641 struct hlist_node *node;
642
643 /* Detach sockets from device */
644 read_lock(&hci_sk_list.lock);
645 sk_for_each(sk, node, &hci_sk_list.head) {
646 bh_lock_sock(sk);
647 if (hci_pi(sk)->hdev == hdev) {
648 hci_pi(sk)->hdev = NULL;
649 sk->sk_err = EPIPE;
650 sk->sk_state = BT_OPEN;
651 sk->sk_state_change(sk);
652
653 hci_dev_put(hdev);
654 }
655 bh_unlock_sock(sk);
656 }
657 read_unlock(&hci_sk_list.lock);
658 }
659
660 return NOTIFY_DONE;
661}
662
663static struct net_proto_family hci_sock_family_ops = {
664 .family = PF_BLUETOOTH,
665 .owner = THIS_MODULE,
666 .create = hci_sock_create,
667};
668
669static struct notifier_block hci_sock_nblock = {
670 .notifier_call = hci_sock_dev_event
671};
672
673int __init hci_sock_init(void)
674{
675 int err;
676
677 err = proto_register(&hci_sk_proto, 0);
678 if (err < 0)
679 return err;
680
681 err = bt_sock_register(BTPROTO_HCI, &hci_sock_family_ops);
682 if (err < 0)
683 goto error;
684
685 hci_register_notifier(&hci_sock_nblock);
686
687 BT_INFO("HCI socket layer initialized");
688
689 return 0;
690
691error:
692 BT_ERR("HCI socket registration failed");
693 proto_unregister(&hci_sk_proto);
694 return err;
695}
696
697int __exit hci_sock_cleanup(void)
698{
699 if (bt_sock_unregister(BTPROTO_HCI) < 0)
700 BT_ERR("HCI socket unregistration failed");
701
702 hci_unregister_notifier(&hci_sock_nblock);
703
704 proto_unregister(&hci_sk_proto);
705
706 return 0;
707}
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
new file mode 100644
index 00000000000..7856bc26acc
--- /dev/null
+++ b/net/bluetooth/hci_sysfs.c
@@ -0,0 +1,153 @@
1/* Bluetooth HCI driver model support. */
2
3#include <linux/config.h>
4#include <linux/kernel.h>
5#include <linux/init.h>
6
7#include <net/bluetooth/bluetooth.h>
8#include <net/bluetooth/hci_core.h>
9
10#ifndef CONFIG_BT_HCI_CORE_DEBUG
11#undef BT_DBG
12#define BT_DBG(D...)
13#endif
14
15static ssize_t show_name(struct class_device *cdev, char *buf)
16{
17 struct hci_dev *hdev = class_get_devdata(cdev);
18 return sprintf(buf, "%s\n", hdev->name);
19}
20
21static ssize_t show_type(struct class_device *cdev, char *buf)
22{
23 struct hci_dev *hdev = class_get_devdata(cdev);
24 return sprintf(buf, "%d\n", hdev->type);
25}
26
27static ssize_t show_address(struct class_device *cdev, char *buf)
28{
29 struct hci_dev *hdev = class_get_devdata(cdev);
30 bdaddr_t bdaddr;
31 baswap(&bdaddr, &hdev->bdaddr);
32 return sprintf(buf, "%s\n", batostr(&bdaddr));
33}
34
35static ssize_t show_flags(struct class_device *cdev, char *buf)
36{
37 struct hci_dev *hdev = class_get_devdata(cdev);
38 return sprintf(buf, "0x%lx\n", hdev->flags);
39}
40
41static ssize_t show_inquiry_cache(struct class_device *cdev, char *buf)
42{
43 struct hci_dev *hdev = class_get_devdata(cdev);
44 struct inquiry_cache *cache = &hdev->inq_cache;
45 struct inquiry_entry *e;
46 int n = 0;
47
48 hci_dev_lock_bh(hdev);
49
50 for (e = cache->list; e; e = e->next) {
51 struct inquiry_data *data = &e->data;
52 bdaddr_t bdaddr;
53 baswap(&bdaddr, &data->bdaddr);
54 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %u\n",
55 batostr(&bdaddr),
56 data->pscan_rep_mode, data->pscan_period_mode, data->pscan_mode,
57 data->dev_class[2], data->dev_class[1], data->dev_class[0],
58 __le16_to_cpu(data->clock_offset), data->rssi, e->timestamp);
59 }
60
61 hci_dev_unlock_bh(hdev);
62 return n;
63}
64
65static CLASS_DEVICE_ATTR(name, S_IRUGO, show_name, NULL);
66static CLASS_DEVICE_ATTR(type, S_IRUGO, show_type, NULL);
67static CLASS_DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
68static CLASS_DEVICE_ATTR(flags, S_IRUGO, show_flags, NULL);
69static CLASS_DEVICE_ATTR(inquiry_cache, S_IRUGO, show_inquiry_cache, NULL);
70
71static struct class_device_attribute *bt_attrs[] = {
72 &class_device_attr_name,
73 &class_device_attr_type,
74 &class_device_attr_address,
75 &class_device_attr_flags,
76 &class_device_attr_inquiry_cache,
77 NULL
78};
79
80#ifdef CONFIG_HOTPLUG
81static int bt_hotplug(struct class_device *cdev, char **envp, int num_envp, char *buf, int size)
82{
83 struct hci_dev *hdev = class_get_devdata(cdev);
84 int n, i = 0;
85
86 envp[i++] = buf;
87 n = snprintf(buf, size, "INTERFACE=%s", hdev->name) + 1;
88 buf += n;
89 size -= n;
90
91 if ((size <= 0) || (i >= num_envp))
92 return -ENOMEM;
93
94 envp[i] = NULL;
95 return 0;
96}
97#endif
98
99static void bt_release(struct class_device *cdev)
100{
101 struct hci_dev *hdev = class_get_devdata(cdev);
102
103 kfree(hdev);
104}
105
106static struct class bt_class = {
107 .name = "bluetooth",
108 .release = bt_release,
109#ifdef CONFIG_HOTPLUG
110 .hotplug = bt_hotplug,
111#endif
112};
113
114int hci_register_sysfs(struct hci_dev *hdev)
115{
116 struct class_device *cdev = &hdev->class_dev;
117 unsigned int i;
118 int err;
119
120 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
121
122 cdev->class = &bt_class;
123 class_set_devdata(cdev, hdev);
124
125 strlcpy(cdev->class_id, hdev->name, BUS_ID_SIZE);
126 err = class_device_register(cdev);
127 if (err < 0)
128 return err;
129
130 for (i = 0; bt_attrs[i]; i++)
131 class_device_create_file(cdev, bt_attrs[i]);
132
133 return 0;
134}
135
136void hci_unregister_sysfs(struct hci_dev *hdev)
137{
138 struct class_device * cdev = &hdev->class_dev;
139
140 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
141
142 class_device_del(cdev);
143}
144
145int __init bt_sysfs_init(void)
146{
147 return class_register(&bt_class);
148}
149
150void __exit bt_sysfs_cleanup(void)
151{
152 class_unregister(&bt_class);
153}
diff --git a/net/bluetooth/hidp/Kconfig b/net/bluetooth/hidp/Kconfig
new file mode 100644
index 00000000000..4e958f7d941
--- /dev/null
+++ b/net/bluetooth/hidp/Kconfig
@@ -0,0 +1,12 @@
1config BT_HIDP
2 tristate "HIDP protocol support"
3 depends on BT && BT_L2CAP
4 select INPUT
5 help
6 HIDP (Human Interface Device Protocol) is a transport layer
7 for HID reports. HIDP is required for the Bluetooth Human
8 Interface Device Profile.
9
10 Say Y here to compile HIDP support into the kernel or say M to
11 compile it as module (hidp).
12
diff --git a/net/bluetooth/hidp/Makefile b/net/bluetooth/hidp/Makefile
new file mode 100644
index 00000000000..a9ee115696a
--- /dev/null
+++ b/net/bluetooth/hidp/Makefile
@@ -0,0 +1,7 @@
1#
2# Makefile for the Linux Bluetooth HIDP layer
3#
4
5obj-$(CONFIG_BT_HIDP) += hidp.o
6
7hidp-objs := core.o sock.o
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
new file mode 100644
index 00000000000..2cf98ceabcc
--- /dev/null
+++ b/net/bluetooth/hidp/core.c
@@ -0,0 +1,772 @@
1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/config.h>
24#include <linux/module.h>
25
26#include <linux/types.h>
27#include <linux/errno.h>
28#include <linux/kernel.h>
29#include <linux/major.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/poll.h>
33#include <linux/fcntl.h>
34#include <linux/skbuff.h>
35#include <linux/socket.h>
36#include <linux/ioctl.h>
37#include <linux/file.h>
38#include <linux/init.h>
39#include <linux/wait.h>
40#include <net/sock.h>
41
42#include <linux/input.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/l2cap.h>
46
47#include "hidp.h"
48
49#ifndef CONFIG_BT_HIDP_DEBUG
50#undef BT_DBG
51#define BT_DBG(D...)
52#endif
53
54#define VERSION "1.1"
55
56static DECLARE_RWSEM(hidp_session_sem);
57static LIST_HEAD(hidp_session_list);
58
59static unsigned char hidp_keycode[256] = {
60 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
61 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
62 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
63 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
64 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
65 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
66 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
67 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
68 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
69 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
75 150,158,159,128,136,177,178,176,142,152,173,140
76};
77
78static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
79
80static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
81{
82 struct hidp_session *session;
83 struct list_head *p;
84
85 BT_DBG("");
86
87 list_for_each(p, &hidp_session_list) {
88 session = list_entry(p, struct hidp_session, list);
89 if (!bacmp(bdaddr, &session->bdaddr))
90 return session;
91 }
92 return NULL;
93}
94
95static void __hidp_link_session(struct hidp_session *session)
96{
97 __module_get(THIS_MODULE);
98 list_add(&session->list, &hidp_session_list);
99}
100
101static void __hidp_unlink_session(struct hidp_session *session)
102{
103 list_del(&session->list);
104 module_put(THIS_MODULE);
105}
106
107static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
108{
109 bacpy(&ci->bdaddr, &session->bdaddr);
110
111 ci->flags = session->flags;
112 ci->state = session->state;
113
114 ci->vendor = 0x0000;
115 ci->product = 0x0000;
116 ci->version = 0x0000;
117 memset(ci->name, 0, 128);
118
119 if (session->input) {
120 ci->vendor = session->input->id.vendor;
121 ci->product = session->input->id.product;
122 ci->version = session->input->id.version;
123 if (session->input->name)
124 strncpy(ci->name, session->input->name, 128);
125 else
126 strncpy(ci->name, "HID Boot Device", 128);
127 }
128}
129
130static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
131{
132 struct hidp_session *session = dev->private;
133 struct sk_buff *skb;
134 unsigned char newleds;
135
136 BT_DBG("input %p type %d code %d value %d", dev, type, code, value);
137
138 if (type != EV_LED)
139 return -1;
140
141 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
142 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
143 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
144 (!!test_bit(LED_CAPSL, dev->led) << 1) |
145 (!!test_bit(LED_NUML, dev->led));
146
147 if (session->leds == newleds)
148 return 0;
149
150 session->leds = newleds;
151
152 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
153 BT_ERR("Can't allocate memory for new frame");
154 return -ENOMEM;
155 }
156
157 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
158 *skb_put(skb, 1) = 0x01;
159 *skb_put(skb, 1) = newleds;
160
161 skb_queue_tail(&session->intr_transmit, skb);
162
163 hidp_schedule(session);
164
165 return 0;
166}
167
168static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
169{
170 struct input_dev *dev = session->input;
171 unsigned char *keys = session->keys;
172 unsigned char *udata = skb->data + 1;
173 signed char *sdata = skb->data + 1;
174 int i, size = skb->len - 1;
175
176 switch (skb->data[0]) {
177 case 0x01: /* Keyboard report */
178 for (i = 0; i < 8; i++)
179 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
180
181 /* If all the key codes have been set to 0x01, it means
182 * too many keys were pressed at the same time. */
183 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
184 break;
185
186 for (i = 2; i < 8; i++) {
187 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
188 if (hidp_keycode[keys[i]])
189 input_report_key(dev, hidp_keycode[keys[i]], 0);
190 else
191 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
192 }
193
194 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
195 if (hidp_keycode[udata[i]])
196 input_report_key(dev, hidp_keycode[udata[i]], 1);
197 else
198 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
199 }
200 }
201
202 memcpy(keys, udata, 8);
203 break;
204
205 case 0x02: /* Mouse report */
206 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
207 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
208 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
209 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
210 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
211
212 input_report_rel(dev, REL_X, sdata[1]);
213 input_report_rel(dev, REL_Y, sdata[2]);
214
215 if (size > 3)
216 input_report_rel(dev, REL_WHEEL, sdata[3]);
217 break;
218 }
219
220 input_sync(dev);
221}
222
223static void hidp_idle_timeout(unsigned long arg)
224{
225 struct hidp_session *session = (struct hidp_session *) arg;
226
227 atomic_inc(&session->terminate);
228 hidp_schedule(session);
229}
230
231static inline void hidp_set_timer(struct hidp_session *session)
232{
233 if (session->idle_to > 0)
234 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
235}
236
237static inline void hidp_del_timer(struct hidp_session *session)
238{
239 if (session->idle_to > 0)
240 del_timer(&session->timer);
241}
242
243static int __hidp_send_ctrl_message(struct hidp_session *session,
244 unsigned char hdr, unsigned char *data, int size)
245{
246 struct sk_buff *skb;
247
248 BT_DBG("session %p data %p size %d", session, data, size);
249
250 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
251 BT_ERR("Can't allocate memory for new frame");
252 return -ENOMEM;
253 }
254
255 *skb_put(skb, 1) = hdr;
256 if (data && size > 0)
257 memcpy(skb_put(skb, size), data, size);
258
259 skb_queue_tail(&session->ctrl_transmit, skb);
260
261 return 0;
262}
263
264static int inline hidp_send_ctrl_message(struct hidp_session *session,
265 unsigned char hdr, unsigned char *data, int size)
266{
267 int err;
268
269 err = __hidp_send_ctrl_message(session, hdr, data, size);
270
271 hidp_schedule(session);
272
273 return err;
274}
275
276static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
277{
278 BT_DBG("session %p param 0x%02x", session, param);
279
280 switch (param) {
281 case HIDP_HSHK_SUCCESSFUL:
282 /* FIXME: Call into SET_ GET_ handlers here */
283 break;
284
285 case HIDP_HSHK_NOT_READY:
286 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
287 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
288 case HIDP_HSHK_ERR_INVALID_PARAMETER:
289 /* FIXME: Call into SET_ GET_ handlers here */
290 break;
291
292 case HIDP_HSHK_ERR_UNKNOWN:
293 break;
294
295 case HIDP_HSHK_ERR_FATAL:
296 /* Device requests a reboot, as this is the only way this error
297 * can be recovered. */
298 __hidp_send_ctrl_message(session,
299 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
300 break;
301
302 default:
303 __hidp_send_ctrl_message(session,
304 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
305 break;
306 }
307}
308
309static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
310{
311 BT_DBG("session %p param 0x%02x", session, param);
312
313 switch (param) {
314 case HIDP_CTRL_NOP:
315 break;
316
317 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG:
318 /* Flush the transmit queues */
319 skb_queue_purge(&session->ctrl_transmit);
320 skb_queue_purge(&session->intr_transmit);
321
322 /* Kill session thread */
323 atomic_inc(&session->terminate);
324 break;
325
326 case HIDP_CTRL_HARD_RESET:
327 case HIDP_CTRL_SOFT_RESET:
328 case HIDP_CTRL_SUSPEND:
329 case HIDP_CTRL_EXIT_SUSPEND:
330 /* FIXME: We have to parse these and return no error */
331 break;
332
333 default:
334 __hidp_send_ctrl_message(session,
335 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
336 break;
337 }
338}
339
340static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
341{
342 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
343
344 switch (param) {
345 case HIDP_DATA_RTYPE_INPUT:
346 hidp_set_timer(session);
347
348 if (session->input)
349 hidp_input_report(session, skb);
350 break;
351
352 case HIDP_DATA_RTYPE_OTHER:
353 case HIDP_DATA_RTYPE_OUPUT:
354 case HIDP_DATA_RTYPE_FEATURE:
355 break;
356
357 default:
358 __hidp_send_ctrl_message(session,
359 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
360 }
361}
362
363static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
364{
365 unsigned char hdr, type, param;
366
367 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
368
369 hdr = skb->data[0];
370 skb_pull(skb, 1);
371
372 type = hdr & HIDP_HEADER_TRANS_MASK;
373 param = hdr & HIDP_HEADER_PARAM_MASK;
374
375 switch (type) {
376 case HIDP_TRANS_HANDSHAKE:
377 hidp_process_handshake(session, param);
378 break;
379
380 case HIDP_TRANS_HID_CONTROL:
381 hidp_process_hid_control(session, param);
382 break;
383
384 case HIDP_TRANS_DATA:
385 hidp_process_data(session, skb, param);
386 break;
387
388 default:
389 __hidp_send_ctrl_message(session,
390 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
391 break;
392 }
393
394 kfree_skb(skb);
395}
396
397static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
398{
399 unsigned char hdr;
400
401 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
402
403 hdr = skb->data[0];
404 skb_pull(skb, 1);
405
406 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
407 hidp_set_timer(session);
408 if (session->input)
409 hidp_input_report(session, skb);
410 } else {
411 BT_DBG("Unsupported protocol header 0x%02x", hdr);
412 }
413
414 kfree_skb(skb);
415}
416
417static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
418{
419 struct kvec iv = { data, len };
420 struct msghdr msg;
421
422 BT_DBG("sock %p data %p len %d", sock, data, len);
423
424 if (!len)
425 return 0;
426
427 memset(&msg, 0, sizeof(msg));
428
429 return kernel_sendmsg(sock, &msg, &iv, 1, len);
430}
431
432static int hidp_process_transmit(struct hidp_session *session)
433{
434 struct sk_buff *skb;
435
436 BT_DBG("session %p", session);
437
438 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
439 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
440 skb_queue_head(&session->ctrl_transmit, skb);
441 break;
442 }
443
444 hidp_set_timer(session);
445 kfree_skb(skb);
446 }
447
448 while ((skb = skb_dequeue(&session->intr_transmit))) {
449 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
450 skb_queue_head(&session->intr_transmit, skb);
451 break;
452 }
453
454 hidp_set_timer(session);
455 kfree_skb(skb);
456 }
457
458 return skb_queue_len(&session->ctrl_transmit) +
459 skb_queue_len(&session->intr_transmit);
460}
461
462static int hidp_session(void *arg)
463{
464 struct hidp_session *session = arg;
465 struct sock *ctrl_sk = session->ctrl_sock->sk;
466 struct sock *intr_sk = session->intr_sock->sk;
467 struct sk_buff *skb;
468 int vendor = 0x0000, product = 0x0000;
469 wait_queue_t ctrl_wait, intr_wait;
470
471 BT_DBG("session %p", session);
472
473 if (session->input) {
474 vendor = session->input->id.vendor;
475 product = session->input->id.product;
476 }
477
478 daemonize("khidpd_%04x%04x", vendor, product);
479 set_user_nice(current, -15);
480 current->flags |= PF_NOFREEZE;
481
482 init_waitqueue_entry(&ctrl_wait, current);
483 init_waitqueue_entry(&intr_wait, current);
484 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
485 add_wait_queue(intr_sk->sk_sleep, &intr_wait);
486 while (!atomic_read(&session->terminate)) {
487 set_current_state(TASK_INTERRUPTIBLE);
488
489 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
490 break;
491
492 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
493 skb_orphan(skb);
494 hidp_recv_ctrl_frame(session, skb);
495 }
496
497 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
498 skb_orphan(skb);
499 hidp_recv_intr_frame(session, skb);
500 }
501
502 hidp_process_transmit(session);
503
504 schedule();
505 }
506 set_current_state(TASK_RUNNING);
507 remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
508 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
509
510 down_write(&hidp_session_sem);
511
512 hidp_del_timer(session);
513
514 if (intr_sk->sk_state != BT_CONNECTED)
515 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
516
517 fput(session->ctrl_sock->file);
518
519 wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ);
520
521 fput(session->intr_sock->file);
522
523 __hidp_unlink_session(session);
524
525 if (session->input) {
526 input_unregister_device(session->input);
527 kfree(session->input);
528 }
529
530 up_write(&hidp_session_sem);
531
532 kfree(session);
533 return 0;
534}
535
536static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
537{
538 struct input_dev *input = session->input;
539 int i;
540
541 input->private = session;
542
543 input->id.bustype = BUS_BLUETOOTH;
544 input->id.vendor = req->vendor;
545 input->id.product = req->product;
546 input->id.version = req->version;
547
548 if (req->subclass & 0x40) {
549 set_bit(EV_KEY, input->evbit);
550 set_bit(EV_LED, input->evbit);
551 set_bit(EV_REP, input->evbit);
552
553 set_bit(LED_NUML, input->ledbit);
554 set_bit(LED_CAPSL, input->ledbit);
555 set_bit(LED_SCROLLL, input->ledbit);
556 set_bit(LED_COMPOSE, input->ledbit);
557 set_bit(LED_KANA, input->ledbit);
558
559 for (i = 0; i < sizeof(hidp_keycode); i++)
560 set_bit(hidp_keycode[i], input->keybit);
561 clear_bit(0, input->keybit);
562 }
563
564 if (req->subclass & 0x80) {
565 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL);
566 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE);
567 input->relbit[0] = BIT(REL_X) | BIT(REL_Y);
568 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA);
569 input->relbit[0] |= BIT(REL_WHEEL);
570 }
571
572 input->event = hidp_input_event;
573
574 input_register_device(input);
575}
576
577int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
578{
579 struct hidp_session *session, *s;
580 int err;
581
582 BT_DBG("");
583
584 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
585 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
586 return -ENOTUNIQ;
587
588 session = kmalloc(sizeof(struct hidp_session), GFP_KERNEL);
589 if (!session)
590 return -ENOMEM;
591 memset(session, 0, sizeof(struct hidp_session));
592
593 session->input = kmalloc(sizeof(struct input_dev), GFP_KERNEL);
594 if (!session->input) {
595 kfree(session);
596 return -ENOMEM;
597 }
598 memset(session->input, 0, sizeof(struct input_dev));
599
600 down_write(&hidp_session_sem);
601
602 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
603 if (s && s->state == BT_CONNECTED) {
604 err = -EEXIST;
605 goto failed;
606 }
607
608 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
609
610 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
611 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
612
613 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
614
615 session->ctrl_sock = ctrl_sock;
616 session->intr_sock = intr_sock;
617 session->state = BT_CONNECTED;
618
619 init_timer(&session->timer);
620
621 session->timer.function = hidp_idle_timeout;
622 session->timer.data = (unsigned long) session;
623
624 skb_queue_head_init(&session->ctrl_transmit);
625 skb_queue_head_init(&session->intr_transmit);
626
627 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
628 session->idle_to = req->idle_to;
629
630 if (session->input)
631 hidp_setup_input(session, req);
632
633 __hidp_link_session(session);
634
635 hidp_set_timer(session);
636
637 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
638 if (err < 0)
639 goto unlink;
640
641 if (session->input) {
642 hidp_send_ctrl_message(session,
643 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
644 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
645
646 session->leds = 0xff;
647 hidp_input_event(session->input, EV_LED, 0, 0);
648 }
649
650 up_write(&hidp_session_sem);
651 return 0;
652
653unlink:
654 hidp_del_timer(session);
655
656 __hidp_unlink_session(session);
657
658 if (session->input)
659 input_unregister_device(session->input);
660
661failed:
662 up_write(&hidp_session_sem);
663
664 if (session->input)
665 kfree(session->input);
666
667 kfree(session);
668 return err;
669}
670
671int hidp_del_connection(struct hidp_conndel_req *req)
672{
673 struct hidp_session *session;
674 int err = 0;
675
676 BT_DBG("");
677
678 down_read(&hidp_session_sem);
679
680 session = __hidp_get_session(&req->bdaddr);
681 if (session) {
682 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
683 hidp_send_ctrl_message(session,
684 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
685 } else {
686 /* Flush the transmit queues */
687 skb_queue_purge(&session->ctrl_transmit);
688 skb_queue_purge(&session->intr_transmit);
689
690 /* Kill session thread */
691 atomic_inc(&session->terminate);
692 hidp_schedule(session);
693 }
694 } else
695 err = -ENOENT;
696
697 up_read(&hidp_session_sem);
698 return err;
699}
700
701int hidp_get_connlist(struct hidp_connlist_req *req)
702{
703 struct list_head *p;
704 int err = 0, n = 0;
705
706 BT_DBG("");
707
708 down_read(&hidp_session_sem);
709
710 list_for_each(p, &hidp_session_list) {
711 struct hidp_session *session;
712 struct hidp_conninfo ci;
713
714 session = list_entry(p, struct hidp_session, list);
715
716 __hidp_copy_session(session, &ci);
717
718 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
719 err = -EFAULT;
720 break;
721 }
722
723 if (++n >= req->cnum)
724 break;
725
726 req->ci++;
727 }
728 req->cnum = n;
729
730 up_read(&hidp_session_sem);
731 return err;
732}
733
734int hidp_get_conninfo(struct hidp_conninfo *ci)
735{
736 struct hidp_session *session;
737 int err = 0;
738
739 down_read(&hidp_session_sem);
740
741 session = __hidp_get_session(&ci->bdaddr);
742 if (session)
743 __hidp_copy_session(session, ci);
744 else
745 err = -ENOENT;
746
747 up_read(&hidp_session_sem);
748 return err;
749}
750
751static int __init hidp_init(void)
752{
753 l2cap_load();
754
755 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
756
757 return hidp_init_sockets();
758}
759
760static void __exit hidp_exit(void)
761{
762 hidp_cleanup_sockets();
763}
764
765module_init(hidp_init);
766module_exit(hidp_exit);
767
768MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
769MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
770MODULE_VERSION(VERSION);
771MODULE_LICENSE("GPL");
772MODULE_ALIAS("bt-proto-6");
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
new file mode 100644
index 00000000000..c2775f587d2
--- /dev/null
+++ b/net/bluetooth/hidp/hidp.h
@@ -0,0 +1,167 @@
1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#ifndef __HIDP_H
24#define __HIDP_H
25
26#include <linux/types.h>
27#include <net/bluetooth/bluetooth.h>
28
29/* HIDP header masks */
30#define HIDP_HEADER_TRANS_MASK 0xf0
31#define HIDP_HEADER_PARAM_MASK 0x0f
32
33/* HIDP transaction types */
34#define HIDP_TRANS_HANDSHAKE 0x00
35#define HIDP_TRANS_HID_CONTROL 0x10
36#define HIDP_TRANS_GET_REPORT 0x40
37#define HIDP_TRANS_SET_REPORT 0x50
38#define HIDP_TRANS_GET_PROTOCOL 0x60
39#define HIDP_TRANS_SET_PROTOCOL 0x70
40#define HIDP_TRANS_GET_IDLE 0x80
41#define HIDP_TRANS_SET_IDLE 0x90
42#define HIDP_TRANS_DATA 0xa0
43#define HIDP_TRANS_DATC 0xb0
44
45/* HIDP handshake results */
46#define HIDP_HSHK_SUCCESSFUL 0x00
47#define HIDP_HSHK_NOT_READY 0x01
48#define HIDP_HSHK_ERR_INVALID_REPORT_ID 0x02
49#define HIDP_HSHK_ERR_UNSUPPORTED_REQUEST 0x03
50#define HIDP_HSHK_ERR_INVALID_PARAMETER 0x04
51#define HIDP_HSHK_ERR_UNKNOWN 0x0e
52#define HIDP_HSHK_ERR_FATAL 0x0f
53
54/* HIDP control operation parameters */
55#define HIDP_CTRL_NOP 0x00
56#define HIDP_CTRL_HARD_RESET 0x01
57#define HIDP_CTRL_SOFT_RESET 0x02
58#define HIDP_CTRL_SUSPEND 0x03
59#define HIDP_CTRL_EXIT_SUSPEND 0x04
60#define HIDP_CTRL_VIRTUAL_CABLE_UNPLUG 0x05
61
62/* HIDP data transaction headers */
63#define HIDP_DATA_RTYPE_MASK 0x03
64#define HIDP_DATA_RSRVD_MASK 0x0c
65#define HIDP_DATA_RTYPE_OTHER 0x00
66#define HIDP_DATA_RTYPE_INPUT 0x01
67#define HIDP_DATA_RTYPE_OUPUT 0x02
68#define HIDP_DATA_RTYPE_FEATURE 0x03
69
70/* HIDP protocol header parameters */
71#define HIDP_PROTO_BOOT 0x00
72#define HIDP_PROTO_REPORT 0x01
73
74/* HIDP ioctl defines */
75#define HIDPCONNADD _IOW('H', 200, int)
76#define HIDPCONNDEL _IOW('H', 201, int)
77#define HIDPGETCONNLIST _IOR('H', 210, int)
78#define HIDPGETCONNINFO _IOR('H', 211, int)
79
80#define HIDP_VIRTUAL_CABLE_UNPLUG 0
81#define HIDP_BOOT_PROTOCOL_MODE 1
82#define HIDP_BLUETOOTH_VENDOR_ID 9
83
84struct hidp_connadd_req {
85 int ctrl_sock; // Connected control socket
86 int intr_sock; // Connteted interrupt socket
87 __u16 parser;
88 __u16 rd_size;
89 __u8 *rd_data;
90 __u8 country;
91 __u8 subclass;
92 __u16 vendor;
93 __u16 product;
94 __u16 version;
95 __u32 flags;
96 __u32 idle_to;
97 char name[128];
98};
99
100struct hidp_conndel_req {
101 bdaddr_t bdaddr;
102 __u32 flags;
103};
104
105struct hidp_conninfo {
106 bdaddr_t bdaddr;
107 __u32 flags;
108 __u16 state;
109 __u16 vendor;
110 __u16 product;
111 __u16 version;
112 char name[128];
113};
114
115struct hidp_connlist_req {
116 __u32 cnum;
117 struct hidp_conninfo __user *ci;
118};
119
120int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock);
121int hidp_del_connection(struct hidp_conndel_req *req);
122int hidp_get_connlist(struct hidp_connlist_req *req);
123int hidp_get_conninfo(struct hidp_conninfo *ci);
124
125/* HIDP session defines */
126struct hidp_session {
127 struct list_head list;
128
129 struct socket *ctrl_sock;
130 struct socket *intr_sock;
131
132 bdaddr_t bdaddr;
133
134 unsigned long state;
135 unsigned long flags;
136 unsigned long idle_to;
137
138 uint ctrl_mtu;
139 uint intr_mtu;
140
141 atomic_t terminate;
142
143 unsigned char keys[8];
144 unsigned char leds;
145
146 struct input_dev *input;
147
148 struct timer_list timer;
149
150 struct sk_buff_head ctrl_transmit;
151 struct sk_buff_head intr_transmit;
152};
153
154static inline void hidp_schedule(struct hidp_session *session)
155{
156 struct sock *ctrl_sk = session->ctrl_sock->sk;
157 struct sock *intr_sk = session->intr_sock->sk;
158
159 wake_up_interruptible(ctrl_sk->sk_sleep);
160 wake_up_interruptible(intr_sk->sk_sleep);
161}
162
163/* HIDP init defines */
164extern int __init hidp_init_sockets(void);
165extern void __exit hidp_cleanup_sockets(void);
166
167#endif /* __HIDP_H */
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
new file mode 100644
index 00000000000..fabb36d4666
--- /dev/null
+++ b/net/bluetooth/hidp/sock.c
@@ -0,0 +1,232 @@
1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/config.h>
24#include <linux/module.h>
25
26#include <linux/types.h>
27#include <linux/errno.h>
28#include <linux/kernel.h>
29#include <linux/major.h>
30#include <linux/sched.h>
31#include <linux/slab.h>
32#include <linux/poll.h>
33#include <linux/fcntl.h>
34#include <linux/skbuff.h>
35#include <linux/socket.h>
36#include <linux/ioctl.h>
37#include <linux/file.h>
38#include <linux/init.h>
39#include <net/sock.h>
40
41#include "hidp.h"
42
43#ifndef CONFIG_BT_HIDP_DEBUG
44#undef BT_DBG
45#define BT_DBG(D...)
46#endif
47
48static int hidp_sock_release(struct socket *sock)
49{
50 struct sock *sk = sock->sk;
51
52 BT_DBG("sock %p sk %p", sock, sk);
53
54 if (!sk)
55 return 0;
56
57 sock_orphan(sk);
58 sock_put(sk);
59
60 return 0;
61}
62
63static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
64{
65 void __user *argp = (void __user *) arg;
66 struct hidp_connadd_req ca;
67 struct hidp_conndel_req cd;
68 struct hidp_connlist_req cl;
69 struct hidp_conninfo ci;
70 struct socket *csock;
71 struct socket *isock;
72 int err;
73
74 BT_DBG("cmd %x arg %lx", cmd, arg);
75
76 switch (cmd) {
77 case HIDPCONNADD:
78 if (!capable(CAP_NET_ADMIN))
79 return -EACCES;
80
81 if (copy_from_user(&ca, argp, sizeof(ca)))
82 return -EFAULT;
83
84 csock = sockfd_lookup(ca.ctrl_sock, &err);
85 if (!csock)
86 return err;
87
88 isock = sockfd_lookup(ca.intr_sock, &err);
89 if (!isock) {
90 fput(csock->file);
91 return err;
92 }
93
94 if (csock->sk->sk_state != BT_CONNECTED || isock->sk->sk_state != BT_CONNECTED) {
95 fput(csock->file);
96 fput(isock->file);
97 return -EBADFD;
98 }
99
100 err = hidp_add_connection(&ca, csock, isock);
101 if (!err) {
102 if (copy_to_user(argp, &ca, sizeof(ca)))
103 err = -EFAULT;
104 } else {
105 fput(csock->file);
106 fput(isock->file);
107 }
108
109 return err;
110
111 case HIDPCONNDEL:
112 if (!capable(CAP_NET_ADMIN))
113 return -EACCES;
114
115 if (copy_from_user(&cd, argp, sizeof(cd)))
116 return -EFAULT;
117
118 return hidp_del_connection(&cd);
119
120 case HIDPGETCONNLIST:
121 if (copy_from_user(&cl, argp, sizeof(cl)))
122 return -EFAULT;
123
124 if (cl.cnum <= 0)
125 return -EINVAL;
126
127 err = hidp_get_connlist(&cl);
128 if (!err && copy_to_user(argp, &cl, sizeof(cl)))
129 return -EFAULT;
130
131 return err;
132
133 case HIDPGETCONNINFO:
134 if (copy_from_user(&ci, argp, sizeof(ci)))
135 return -EFAULT;
136
137 err = hidp_get_conninfo(&ci);
138 if (!err && copy_to_user(argp, &ci, sizeof(ci)))
139 return -EFAULT;
140
141 return err;
142 }
143
144 return -EINVAL;
145}
146
147static struct proto_ops hidp_sock_ops = {
148 .family = PF_BLUETOOTH,
149 .owner = THIS_MODULE,
150 .release = hidp_sock_release,
151 .ioctl = hidp_sock_ioctl,
152 .bind = sock_no_bind,
153 .getname = sock_no_getname,
154 .sendmsg = sock_no_sendmsg,
155 .recvmsg = sock_no_recvmsg,
156 .poll = sock_no_poll,
157 .listen = sock_no_listen,
158 .shutdown = sock_no_shutdown,
159 .setsockopt = sock_no_setsockopt,
160 .getsockopt = sock_no_getsockopt,
161 .connect = sock_no_connect,
162 .socketpair = sock_no_socketpair,
163 .accept = sock_no_accept,
164 .mmap = sock_no_mmap
165};
166
167static struct proto hidp_proto = {
168 .name = "HIDP",
169 .owner = THIS_MODULE,
170 .obj_size = sizeof(struct bt_sock)
171};
172
173static int hidp_sock_create(struct socket *sock, int protocol)
174{
175 struct sock *sk;
176
177 BT_DBG("sock %p", sock);
178
179 if (sock->type != SOCK_RAW)
180 return -ESOCKTNOSUPPORT;
181
182 sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hidp_proto, 1);
183 if (!sk)
184 return -ENOMEM;
185
186 sock_init_data(sock, sk);
187
188 sock->ops = &hidp_sock_ops;
189
190 sock->state = SS_UNCONNECTED;
191
192 sock_reset_flag(sk, SOCK_ZAPPED);
193
194 sk->sk_protocol = protocol;
195 sk->sk_state = BT_OPEN;
196
197 return 0;
198}
199
200static struct net_proto_family hidp_sock_family_ops = {
201 .family = PF_BLUETOOTH,
202 .owner = THIS_MODULE,
203 .create = hidp_sock_create
204};
205
206int __init hidp_init_sockets(void)
207{
208 int err;
209
210 err = proto_register(&hidp_proto, 0);
211 if (err < 0)
212 return err;
213
214 err = bt_sock_register(BTPROTO_HIDP, &hidp_sock_family_ops);
215 if (err < 0)
216 goto error;
217
218 return 0;
219
220error:
221 BT_ERR("Can't register HIDP socket");
222 proto_unregister(&hidp_proto);
223 return err;
224}
225
226void __exit hidp_cleanup_sockets(void)
227{
228 if (bt_sock_unregister(BTPROTO_HIDP) < 0)
229 BT_ERR("Can't unregister HIDP socket");
230
231 proto_unregister(&hidp_proto);
232}
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
new file mode 100644
index 00000000000..c12babcf0b3
--- /dev/null
+++ b/net/bluetooth/l2cap.c
@@ -0,0 +1,2329 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth L2CAP core and sockets. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/interrupt.h>
40#include <linux/socket.h>
41#include <linux/skbuff.h>
42#include <linux/proc_fs.h>
43#include <linux/seq_file.h>
44#include <linux/list.h>
45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <asm/uaccess.h>
49#include <asm/unaligned.h>
50
51#include <net/bluetooth/bluetooth.h>
52#include <net/bluetooth/hci_core.h>
53#include <net/bluetooth/l2cap.h>
54
55#ifndef CONFIG_BT_L2CAP_DEBUG
56#undef BT_DBG
57#define BT_DBG(D...)
58#endif
59
60#define VERSION "2.7"
61
62static struct proto_ops l2cap_sock_ops;
63
64static struct bt_sock_list l2cap_sk_list = {
65 .lock = RW_LOCK_UNLOCKED
66};
67
68static int l2cap_conn_del(struct hci_conn *conn, int err);
69
70static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
71static void l2cap_chan_del(struct sock *sk, int err);
72
73static void __l2cap_sock_close(struct sock *sk, int reason);
74static void l2cap_sock_close(struct sock *sk);
75static void l2cap_sock_kill(struct sock *sk);
76
77static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
78 u8 code, u8 ident, u16 dlen, void *data);
79
80/* ---- L2CAP timers ---- */
81static void l2cap_sock_timeout(unsigned long arg)
82{
83 struct sock *sk = (struct sock *) arg;
84
85 BT_DBG("sock %p state %d", sk, sk->sk_state);
86
87 bh_lock_sock(sk);
88 __l2cap_sock_close(sk, ETIMEDOUT);
89 bh_unlock_sock(sk);
90
91 l2cap_sock_kill(sk);
92 sock_put(sk);
93}
94
95static void l2cap_sock_set_timer(struct sock *sk, long timeout)
96{
97 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
98 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
99}
100
101static void l2cap_sock_clear_timer(struct sock *sk)
102{
103 BT_DBG("sock %p state %d", sk, sk->sk_state);
104 sk_stop_timer(sk, &sk->sk_timer);
105}
106
107static void l2cap_sock_init_timer(struct sock *sk)
108{
109 init_timer(&sk->sk_timer);
110 sk->sk_timer.function = l2cap_sock_timeout;
111 sk->sk_timer.data = (unsigned long)sk;
112}
113
114/* ---- L2CAP connections ---- */
115static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
116{
117 struct l2cap_conn *conn;
118
119 if ((conn = hcon->l2cap_data))
120 return conn;
121
122 if (status)
123 return conn;
124
125 if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
126 return NULL;
127 memset(conn, 0, sizeof(struct l2cap_conn));
128
129 hcon->l2cap_data = conn;
130 conn->hcon = hcon;
131
132 conn->mtu = hcon->hdev->acl_mtu;
133 conn->src = &hcon->hdev->bdaddr;
134 conn->dst = &hcon->dst;
135
136 spin_lock_init(&conn->lock);
137 rwlock_init(&conn->chan_list.lock);
138
139 BT_DBG("hcon %p conn %p", hcon, conn);
140 return conn;
141}
142
143static int l2cap_conn_del(struct hci_conn *hcon, int err)
144{
145 struct l2cap_conn *conn;
146 struct sock *sk;
147
148 if (!(conn = hcon->l2cap_data))
149 return 0;
150
151 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
152
153 if (conn->rx_skb)
154 kfree_skb(conn->rx_skb);
155
156 /* Kill channels */
157 while ((sk = conn->chan_list.head)) {
158 bh_lock_sock(sk);
159 l2cap_chan_del(sk, err);
160 bh_unlock_sock(sk);
161 l2cap_sock_kill(sk);
162 }
163
164 hcon->l2cap_data = NULL;
165 kfree(conn);
166 return 0;
167}
168
169static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
170{
171 struct l2cap_chan_list *l = &conn->chan_list;
172 write_lock(&l->lock);
173 __l2cap_chan_add(conn, sk, parent);
174 write_unlock(&l->lock);
175}
176
177static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
178{
179 u8 id;
180
181 /* Get next available identificator.
182 * 1 - 128 are used by kernel.
183 * 129 - 199 are reserved.
184 * 200 - 254 are used by utilities like l2ping, etc.
185 */
186
187 spin_lock(&conn->lock);
188
189 if (++conn->tx_ident > 128)
190 conn->tx_ident = 1;
191
192 id = conn->tx_ident;
193
194 spin_unlock(&conn->lock);
195
196 return id;
197}
198
199static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
200{
201 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
202
203 BT_DBG("code 0x%2.2x", code);
204
205 if (!skb)
206 return -ENOMEM;
207
208 return hci_send_acl(conn->hcon, skb, 0);
209}
210
211/* ---- Socket interface ---- */
212static struct sock *__l2cap_get_sock_by_addr(u16 psm, bdaddr_t *src)
213{
214 struct sock *sk;
215 struct hlist_node *node;
216 sk_for_each(sk, node, &l2cap_sk_list.head)
217 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
218 goto found;
219 sk = NULL;
220found:
221 return sk;
222}
223
224/* Find socket with psm and source bdaddr.
225 * Returns closest match.
226 */
227static struct sock *__l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
228{
229 struct sock *sk = NULL, *sk1 = NULL;
230 struct hlist_node *node;
231
232 sk_for_each(sk, node, &l2cap_sk_list.head) {
233 if (state && sk->sk_state != state)
234 continue;
235
236 if (l2cap_pi(sk)->psm == psm) {
237 /* Exact match. */
238 if (!bacmp(&bt_sk(sk)->src, src))
239 break;
240
241 /* Closest match */
242 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
243 sk1 = sk;
244 }
245 }
246 return node ? sk : sk1;
247}
248
249/* Find socket with given address (psm, src).
250 * Returns locked socket */
251static inline struct sock *l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
252{
253 struct sock *s;
254 read_lock(&l2cap_sk_list.lock);
255 s = __l2cap_get_sock_by_psm(state, psm, src);
256 if (s) bh_lock_sock(s);
257 read_unlock(&l2cap_sk_list.lock);
258 return s;
259}
260
261static void l2cap_sock_destruct(struct sock *sk)
262{
263 BT_DBG("sk %p", sk);
264
265 skb_queue_purge(&sk->sk_receive_queue);
266 skb_queue_purge(&sk->sk_write_queue);
267}
268
269static void l2cap_sock_cleanup_listen(struct sock *parent)
270{
271 struct sock *sk;
272
273 BT_DBG("parent %p", parent);
274
275 /* Close not yet accepted channels */
276 while ((sk = bt_accept_dequeue(parent, NULL)))
277 l2cap_sock_close(sk);
278
279 parent->sk_state = BT_CLOSED;
280 sock_set_flag(parent, SOCK_ZAPPED);
281}
282
283/* Kill socket (only if zapped and orphan)
284 * Must be called on unlocked socket.
285 */
286static void l2cap_sock_kill(struct sock *sk)
287{
288 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
289 return;
290
291 BT_DBG("sk %p state %d", sk, sk->sk_state);
292
293 /* Kill poor orphan */
294 bt_sock_unlink(&l2cap_sk_list, sk);
295 sock_set_flag(sk, SOCK_DEAD);
296 sock_put(sk);
297}
298
299static void __l2cap_sock_close(struct sock *sk, int reason)
300{
301 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
302
303 switch (sk->sk_state) {
304 case BT_LISTEN:
305 l2cap_sock_cleanup_listen(sk);
306 break;
307
308 case BT_CONNECTED:
309 case BT_CONFIG:
310 case BT_CONNECT2:
311 if (sk->sk_type == SOCK_SEQPACKET) {
312 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
313 struct l2cap_disconn_req req;
314
315 sk->sk_state = BT_DISCONN;
316 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
317
318 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
319 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
320 l2cap_send_cmd(conn, l2cap_get_ident(conn),
321 L2CAP_DISCONN_REQ, sizeof(req), &req);
322 } else {
323 l2cap_chan_del(sk, reason);
324 }
325 break;
326
327 case BT_CONNECT:
328 case BT_DISCONN:
329 l2cap_chan_del(sk, reason);
330 break;
331
332 default:
333 sock_set_flag(sk, SOCK_ZAPPED);
334 break;
335 }
336}
337
338/* Must be called on unlocked socket. */
339static void l2cap_sock_close(struct sock *sk)
340{
341 l2cap_sock_clear_timer(sk);
342 lock_sock(sk);
343 __l2cap_sock_close(sk, ECONNRESET);
344 release_sock(sk);
345 l2cap_sock_kill(sk);
346}
347
348static void l2cap_sock_init(struct sock *sk, struct sock *parent)
349{
350 struct l2cap_pinfo *pi = l2cap_pi(sk);
351
352 BT_DBG("sk %p", sk);
353
354 if (parent) {
355 sk->sk_type = parent->sk_type;
356 pi->imtu = l2cap_pi(parent)->imtu;
357 pi->omtu = l2cap_pi(parent)->omtu;
358 pi->link_mode = l2cap_pi(parent)->link_mode;
359 } else {
360 pi->imtu = L2CAP_DEFAULT_MTU;
361 pi->omtu = 0;
362 pi->link_mode = 0;
363 }
364
365 /* Default config options */
366 pi->conf_mtu = L2CAP_DEFAULT_MTU;
367 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
368}
369
370static struct proto l2cap_proto = {
371 .name = "L2CAP",
372 .owner = THIS_MODULE,
373 .obj_size = sizeof(struct l2cap_pinfo)
374};
375
376static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
377{
378 struct sock *sk;
379
380 sk = sk_alloc(PF_BLUETOOTH, prio, &l2cap_proto, 1);
381 if (!sk)
382 return NULL;
383
384 sock_init_data(sock, sk);
385 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
386
387 sk->sk_destruct = l2cap_sock_destruct;
388 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
389
390 sock_reset_flag(sk, SOCK_ZAPPED);
391
392 sk->sk_protocol = proto;
393 sk->sk_state = BT_OPEN;
394
395 l2cap_sock_init_timer(sk);
396
397 bt_sock_link(&l2cap_sk_list, sk);
398 return sk;
399}
400
401static int l2cap_sock_create(struct socket *sock, int protocol)
402{
403 struct sock *sk;
404
405 BT_DBG("sock %p", sock);
406
407 sock->state = SS_UNCONNECTED;
408
409 if (sock->type != SOCK_SEQPACKET &&
410 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
411 return -ESOCKTNOSUPPORT;
412
413 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
414 return -EPERM;
415
416 sock->ops = &l2cap_sock_ops;
417
418 sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL);
419 if (!sk)
420 return -ENOMEM;
421
422 l2cap_sock_init(sk, NULL);
423 return 0;
424}
425
426static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
427{
428 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
429 struct sock *sk = sock->sk;
430 int err = 0;
431
432 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
433
434 if (!addr || addr->sa_family != AF_BLUETOOTH)
435 return -EINVAL;
436
437 lock_sock(sk);
438
439 if (sk->sk_state != BT_OPEN) {
440 err = -EBADFD;
441 goto done;
442 }
443
444 write_lock_bh(&l2cap_sk_list.lock);
445
446 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
447 err = -EADDRINUSE;
448 } else {
449 /* Save source address */
450 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
451 l2cap_pi(sk)->psm = la->l2_psm;
452 l2cap_pi(sk)->sport = la->l2_psm;
453 sk->sk_state = BT_BOUND;
454 }
455
456 write_unlock_bh(&l2cap_sk_list.lock);
457
458done:
459 release_sock(sk);
460 return err;
461}
462
463static int l2cap_do_connect(struct sock *sk)
464{
465 bdaddr_t *src = &bt_sk(sk)->src;
466 bdaddr_t *dst = &bt_sk(sk)->dst;
467 struct l2cap_conn *conn;
468 struct hci_conn *hcon;
469 struct hci_dev *hdev;
470 int err = 0;
471
472 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
473
474 if (!(hdev = hci_get_route(dst, src)))
475 return -EHOSTUNREACH;
476
477 hci_dev_lock_bh(hdev);
478
479 err = -ENOMEM;
480
481 hcon = hci_connect(hdev, ACL_LINK, dst);
482 if (!hcon)
483 goto done;
484
485 conn = l2cap_conn_add(hcon, 0);
486 if (!conn) {
487 hci_conn_put(hcon);
488 goto done;
489 }
490
491 err = 0;
492
493 /* Update source addr of the socket */
494 bacpy(src, conn->src);
495
496 l2cap_chan_add(conn, sk, NULL);
497
498 sk->sk_state = BT_CONNECT;
499 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
500
501 if (hcon->state == BT_CONNECTED) {
502 if (sk->sk_type == SOCK_SEQPACKET) {
503 struct l2cap_conn_req req;
504 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
505 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
506 req.psm = l2cap_pi(sk)->psm;
507 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
508 L2CAP_CONN_REQ, sizeof(req), &req);
509 } else {
510 l2cap_sock_clear_timer(sk);
511 sk->sk_state = BT_CONNECTED;
512 }
513 }
514
515done:
516 hci_dev_unlock_bh(hdev);
517 hci_dev_put(hdev);
518 return err;
519}
520
521static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
522{
523 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
524 struct sock *sk = sock->sk;
525 int err = 0;
526
527 lock_sock(sk);
528
529 BT_DBG("sk %p", sk);
530
531 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
532 err = -EINVAL;
533 goto done;
534 }
535
536 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
537 err = -EINVAL;
538 goto done;
539 }
540
541 switch(sk->sk_state) {
542 case BT_CONNECT:
543 case BT_CONNECT2:
544 case BT_CONFIG:
545 /* Already connecting */
546 goto wait;
547
548 case BT_CONNECTED:
549 /* Already connected */
550 goto done;
551
552 case BT_OPEN:
553 case BT_BOUND:
554 /* Can connect */
555 break;
556
557 default:
558 err = -EBADFD;
559 goto done;
560 }
561
562 /* Set destination address and psm */
563 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
564 l2cap_pi(sk)->psm = la->l2_psm;
565
566 if ((err = l2cap_do_connect(sk)))
567 goto done;
568
569wait:
570 err = bt_sock_wait_state(sk, BT_CONNECTED,
571 sock_sndtimeo(sk, flags & O_NONBLOCK));
572done:
573 release_sock(sk);
574 return err;
575}
576
577static int l2cap_sock_listen(struct socket *sock, int backlog)
578{
579 struct sock *sk = sock->sk;
580 int err = 0;
581
582 BT_DBG("sk %p backlog %d", sk, backlog);
583
584 lock_sock(sk);
585
586 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
587 err = -EBADFD;
588 goto done;
589 }
590
591 if (!l2cap_pi(sk)->psm) {
592 bdaddr_t *src = &bt_sk(sk)->src;
593 u16 psm;
594
595 err = -EINVAL;
596
597 write_lock_bh(&l2cap_sk_list.lock);
598
599 for (psm = 0x1001; psm < 0x1100; psm += 2)
600 if (!__l2cap_get_sock_by_addr(psm, src)) {
601 l2cap_pi(sk)->psm = htobs(psm);
602 l2cap_pi(sk)->sport = htobs(psm);
603 err = 0;
604 break;
605 }
606
607 write_unlock_bh(&l2cap_sk_list.lock);
608
609 if (err < 0)
610 goto done;
611 }
612
613 sk->sk_max_ack_backlog = backlog;
614 sk->sk_ack_backlog = 0;
615 sk->sk_state = BT_LISTEN;
616
617done:
618 release_sock(sk);
619 return err;
620}
621
622static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
623{
624 DECLARE_WAITQUEUE(wait, current);
625 struct sock *sk = sock->sk, *nsk;
626 long timeo;
627 int err = 0;
628
629 lock_sock(sk);
630
631 if (sk->sk_state != BT_LISTEN) {
632 err = -EBADFD;
633 goto done;
634 }
635
636 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
637
638 BT_DBG("sk %p timeo %ld", sk, timeo);
639
640 /* Wait for an incoming connection. (wake-one). */
641 add_wait_queue_exclusive(sk->sk_sleep, &wait);
642 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
643 set_current_state(TASK_INTERRUPTIBLE);
644 if (!timeo) {
645 err = -EAGAIN;
646 break;
647 }
648
649 release_sock(sk);
650 timeo = schedule_timeout(timeo);
651 lock_sock(sk);
652
653 if (sk->sk_state != BT_LISTEN) {
654 err = -EBADFD;
655 break;
656 }
657
658 if (signal_pending(current)) {
659 err = sock_intr_errno(timeo);
660 break;
661 }
662 }
663 set_current_state(TASK_RUNNING);
664 remove_wait_queue(sk->sk_sleep, &wait);
665
666 if (err)
667 goto done;
668
669 newsock->state = SS_CONNECTED;
670
671 BT_DBG("new socket %p", nsk);
672
673done:
674 release_sock(sk);
675 return err;
676}
677
678static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
679{
680 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
681 struct sock *sk = sock->sk;
682
683 BT_DBG("sock %p, sk %p", sock, sk);
684
685 addr->sa_family = AF_BLUETOOTH;
686 *len = sizeof(struct sockaddr_l2);
687
688 if (peer)
689 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
690 else
691 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
692
693 la->l2_psm = l2cap_pi(sk)->psm;
694 return 0;
695}
696
697static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
698{
699 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
700 struct sk_buff *skb, **frag;
701 int err, hlen, count, sent=0;
702 struct l2cap_hdr *lh;
703
704 BT_DBG("sk %p len %d", sk, len);
705
706 /* First fragment (with L2CAP header) */
707 if (sk->sk_type == SOCK_DGRAM)
708 hlen = L2CAP_HDR_SIZE + 2;
709 else
710 hlen = L2CAP_HDR_SIZE;
711
712 count = min_t(unsigned int, (conn->mtu - hlen), len);
713
714 skb = bt_skb_send_alloc(sk, hlen + count,
715 msg->msg_flags & MSG_DONTWAIT, &err);
716 if (!skb)
717 return err;
718
719 /* Create L2CAP header */
720 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
721 lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
722 lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
723
724 if (sk->sk_type == SOCK_DGRAM)
725 put_unaligned(l2cap_pi(sk)->psm, (u16 *) skb_put(skb, 2));
726
727 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
728 err = -EFAULT;
729 goto fail;
730 }
731
732 sent += count;
733 len -= count;
734
735 /* Continuation fragments (no L2CAP header) */
736 frag = &skb_shinfo(skb)->frag_list;
737 while (len) {
738 count = min_t(unsigned int, conn->mtu, len);
739
740 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
741 if (!*frag)
742 goto fail;
743
744 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
745 err = -EFAULT;
746 goto fail;
747 }
748
749 sent += count;
750 len -= count;
751
752 frag = &(*frag)->next;
753 }
754
755 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
756 goto fail;
757
758 return sent;
759
760fail:
761 kfree_skb(skb);
762 return err;
763}
764
765static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
766{
767 struct sock *sk = sock->sk;
768 int err = 0;
769
770 BT_DBG("sock %p, sk %p", sock, sk);
771
772 if (sk->sk_err)
773 return sock_error(sk);
774
775 if (msg->msg_flags & MSG_OOB)
776 return -EOPNOTSUPP;
777
778 /* Check outgoing MTU */
779 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
780 return -EINVAL;
781
782 lock_sock(sk);
783
784 if (sk->sk_state == BT_CONNECTED)
785 err = l2cap_do_send(sk, msg, len);
786 else
787 err = -ENOTCONN;
788
789 release_sock(sk);
790 return err;
791}
792
793static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
794{
795 struct sock *sk = sock->sk;
796 struct l2cap_options opts;
797 int err = 0, len;
798 u32 opt;
799
800 BT_DBG("sk %p", sk);
801
802 lock_sock(sk);
803
804 switch (optname) {
805 case L2CAP_OPTIONS:
806 len = min_t(unsigned int, sizeof(opts), optlen);
807 if (copy_from_user((char *) &opts, optval, len)) {
808 err = -EFAULT;
809 break;
810 }
811 l2cap_pi(sk)->imtu = opts.imtu;
812 l2cap_pi(sk)->omtu = opts.omtu;
813 break;
814
815 case L2CAP_LM:
816 if (get_user(opt, (u32 __user *) optval)) {
817 err = -EFAULT;
818 break;
819 }
820
821 l2cap_pi(sk)->link_mode = opt;
822 break;
823
824 default:
825 err = -ENOPROTOOPT;
826 break;
827 }
828
829 release_sock(sk);
830 return err;
831}
832
833static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
834{
835 struct sock *sk = sock->sk;
836 struct l2cap_options opts;
837 struct l2cap_conninfo cinfo;
838 int len, err = 0;
839
840 BT_DBG("sk %p", sk);
841
842 if (get_user(len, optlen))
843 return -EFAULT;
844
845 lock_sock(sk);
846
847 switch (optname) {
848 case L2CAP_OPTIONS:
849 opts.imtu = l2cap_pi(sk)->imtu;
850 opts.omtu = l2cap_pi(sk)->omtu;
851 opts.flush_to = l2cap_pi(sk)->flush_to;
852 opts.mode = 0x00;
853
854 len = min_t(unsigned int, len, sizeof(opts));
855 if (copy_to_user(optval, (char *) &opts, len))
856 err = -EFAULT;
857
858 break;
859
860 case L2CAP_LM:
861 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
862 err = -EFAULT;
863 break;
864
865 case L2CAP_CONNINFO:
866 if (sk->sk_state != BT_CONNECTED) {
867 err = -ENOTCONN;
868 break;
869 }
870
871 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
872 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
873
874 len = min_t(unsigned int, len, sizeof(cinfo));
875 if (copy_to_user(optval, (char *) &cinfo, len))
876 err = -EFAULT;
877
878 break;
879
880 default:
881 err = -ENOPROTOOPT;
882 break;
883 }
884
885 release_sock(sk);
886 return err;
887}
888
889static int l2cap_sock_shutdown(struct socket *sock, int how)
890{
891 struct sock *sk = sock->sk;
892 int err = 0;
893
894 BT_DBG("sock %p, sk %p", sock, sk);
895
896 if (!sk)
897 return 0;
898
899 lock_sock(sk);
900 if (!sk->sk_shutdown) {
901 sk->sk_shutdown = SHUTDOWN_MASK;
902 l2cap_sock_clear_timer(sk);
903 __l2cap_sock_close(sk, 0);
904
905 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
906 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
907 }
908 release_sock(sk);
909 return err;
910}
911
912static int l2cap_sock_release(struct socket *sock)
913{
914 struct sock *sk = sock->sk;
915 int err;
916
917 BT_DBG("sock %p, sk %p", sock, sk);
918
919 if (!sk)
920 return 0;
921
922 err = l2cap_sock_shutdown(sock, 2);
923
924 sock_orphan(sk);
925 l2cap_sock_kill(sk);
926 return err;
927}
928
929/* ---- L2CAP channels ---- */
930static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
931{
932 struct sock *s;
933 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
934 if (l2cap_pi(s)->dcid == cid)
935 break;
936 }
937 return s;
938}
939
940static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
941{
942 struct sock *s;
943 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
944 if (l2cap_pi(s)->scid == cid)
945 break;
946 }
947 return s;
948}
949
950/* Find channel with given SCID.
951 * Returns locked socket */
952static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
953{
954 struct sock *s;
955 read_lock(&l->lock);
956 s = __l2cap_get_chan_by_scid(l, cid);
957 if (s) bh_lock_sock(s);
958 read_unlock(&l->lock);
959 return s;
960}
961
962static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
963{
964 struct sock *s;
965 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
966 if (l2cap_pi(s)->ident == ident)
967 break;
968 }
969 return s;
970}
971
972static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
973{
974 struct sock *s;
975 read_lock(&l->lock);
976 s = __l2cap_get_chan_by_ident(l, ident);
977 if (s) bh_lock_sock(s);
978 read_unlock(&l->lock);
979 return s;
980}
981
982static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
983{
984 u16 cid = 0x0040;
985
986 for (; cid < 0xffff; cid++) {
987 if(!__l2cap_get_chan_by_scid(l, cid))
988 return cid;
989 }
990
991 return 0;
992}
993
994static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
995{
996 sock_hold(sk);
997
998 if (l->head)
999 l2cap_pi(l->head)->prev_c = sk;
1000
1001 l2cap_pi(sk)->next_c = l->head;
1002 l2cap_pi(sk)->prev_c = NULL;
1003 l->head = sk;
1004}
1005
1006static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
1007{
1008 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
1009
1010 write_lock(&l->lock);
1011 if (sk == l->head)
1012 l->head = next;
1013
1014 if (next)
1015 l2cap_pi(next)->prev_c = prev;
1016 if (prev)
1017 l2cap_pi(prev)->next_c = next;
1018 write_unlock(&l->lock);
1019
1020 __sock_put(sk);
1021}
1022
1023static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
1024{
1025 struct l2cap_chan_list *l = &conn->chan_list;
1026
1027 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
1028
1029 l2cap_pi(sk)->conn = conn;
1030
1031 if (sk->sk_type == SOCK_SEQPACKET) {
1032 /* Alloc CID for connection-oriented socket */
1033 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
1034 } else if (sk->sk_type == SOCK_DGRAM) {
1035 /* Connectionless socket */
1036 l2cap_pi(sk)->scid = 0x0002;
1037 l2cap_pi(sk)->dcid = 0x0002;
1038 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
1039 } else {
1040 /* Raw socket can send/recv signalling messages only */
1041 l2cap_pi(sk)->scid = 0x0001;
1042 l2cap_pi(sk)->dcid = 0x0001;
1043 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
1044 }
1045
1046 __l2cap_chan_link(l, sk);
1047
1048 if (parent)
1049 bt_accept_enqueue(parent, sk);
1050}
1051
1052/* Delete channel.
1053 * Must be called on the locked socket. */
1054static void l2cap_chan_del(struct sock *sk, int err)
1055{
1056 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1057 struct sock *parent = bt_sk(sk)->parent;
1058
1059 l2cap_sock_clear_timer(sk);
1060
1061 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
1062
1063 if (conn) {
1064 /* Unlink from channel list */
1065 l2cap_chan_unlink(&conn->chan_list, sk);
1066 l2cap_pi(sk)->conn = NULL;
1067 hci_conn_put(conn->hcon);
1068 }
1069
1070 sk->sk_state = BT_CLOSED;
1071 sock_set_flag(sk, SOCK_ZAPPED);
1072
1073 if (err)
1074 sk->sk_err = err;
1075
1076 if (parent) {
1077 bt_accept_unlink(sk);
1078 parent->sk_data_ready(parent, 0);
1079 } else
1080 sk->sk_state_change(sk);
1081}
1082
1083static void l2cap_conn_ready(struct l2cap_conn *conn)
1084{
1085 struct l2cap_chan_list *l = &conn->chan_list;
1086 struct sock *sk;
1087
1088 BT_DBG("conn %p", conn);
1089
1090 read_lock(&l->lock);
1091
1092 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1093 bh_lock_sock(sk);
1094
1095 if (sk->sk_type != SOCK_SEQPACKET) {
1096 l2cap_sock_clear_timer(sk);
1097 sk->sk_state = BT_CONNECTED;
1098 sk->sk_state_change(sk);
1099 } else if (sk->sk_state == BT_CONNECT) {
1100 struct l2cap_conn_req req;
1101 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1102 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1103 req.psm = l2cap_pi(sk)->psm;
1104 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, L2CAP_CONN_REQ, sizeof(req), &req);
1105 }
1106
1107 bh_unlock_sock(sk);
1108 }
1109
1110 read_unlock(&l->lock);
1111}
1112
1113/* Notify sockets that we cannot guaranty reliability anymore */
1114static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1115{
1116 struct l2cap_chan_list *l = &conn->chan_list;
1117 struct sock *sk;
1118
1119 BT_DBG("conn %p", conn);
1120
1121 read_lock(&l->lock);
1122 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1123 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
1124 sk->sk_err = err;
1125 }
1126 read_unlock(&l->lock);
1127}
1128
1129static void l2cap_chan_ready(struct sock *sk)
1130{
1131 struct sock *parent = bt_sk(sk)->parent;
1132
1133 BT_DBG("sk %p, parent %p", sk, parent);
1134
1135 l2cap_pi(sk)->conf_state = 0;
1136 l2cap_sock_clear_timer(sk);
1137
1138 if (!parent) {
1139 /* Outgoing channel.
1140 * Wake up socket sleeping on connect.
1141 */
1142 sk->sk_state = BT_CONNECTED;
1143 sk->sk_state_change(sk);
1144 } else {
1145 /* Incoming channel.
1146 * Wake up socket sleeping on accept.
1147 */
1148 parent->sk_data_ready(parent, 0);
1149 }
1150}
1151
1152/* Copy frame to all raw sockets on that connection */
1153static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1154{
1155 struct l2cap_chan_list *l = &conn->chan_list;
1156 struct sk_buff *nskb;
1157 struct sock * sk;
1158
1159 BT_DBG("conn %p", conn);
1160
1161 read_lock(&l->lock);
1162 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1163 if (sk->sk_type != SOCK_RAW)
1164 continue;
1165
1166 /* Don't send frame to the socket it came from */
1167 if (skb->sk == sk)
1168 continue;
1169
1170 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1171 continue;
1172
1173 if (sock_queue_rcv_skb(sk, nskb))
1174 kfree_skb(nskb);
1175 }
1176 read_unlock(&l->lock);
1177}
1178
1179/* ---- L2CAP signalling commands ---- */
1180static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1181 u8 code, u8 ident, u16 dlen, void *data)
1182{
1183 struct sk_buff *skb, **frag;
1184 struct l2cap_cmd_hdr *cmd;
1185 struct l2cap_hdr *lh;
1186 int len, count;
1187
1188 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1189
1190 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1191 count = min_t(unsigned int, conn->mtu, len);
1192
1193 skb = bt_skb_alloc(count, GFP_ATOMIC);
1194 if (!skb)
1195 return NULL;
1196
1197 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1198 lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1199 lh->cid = __cpu_to_le16(0x0001);
1200
1201 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1202 cmd->code = code;
1203 cmd->ident = ident;
1204 cmd->len = __cpu_to_le16(dlen);
1205
1206 if (dlen) {
1207 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1208 memcpy(skb_put(skb, count), data, count);
1209 data += count;
1210 }
1211
1212 len -= skb->len;
1213
1214 /* Continuation fragments (no L2CAP header) */
1215 frag = &skb_shinfo(skb)->frag_list;
1216 while (len) {
1217 count = min_t(unsigned int, conn->mtu, len);
1218
1219 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1220 if (!*frag)
1221 goto fail;
1222
1223 memcpy(skb_put(*frag, count), data, count);
1224
1225 len -= count;
1226 data += count;
1227
1228 frag = &(*frag)->next;
1229 }
1230
1231 return skb;
1232
1233fail:
1234 kfree_skb(skb);
1235 return NULL;
1236}
1237
1238static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1239{
1240 struct l2cap_conf_opt *opt = *ptr;
1241 int len;
1242
1243 len = L2CAP_CONF_OPT_SIZE + opt->len;
1244 *ptr += len;
1245
1246 *type = opt->type;
1247 *olen = opt->len;
1248
1249 switch (opt->len) {
1250 case 1:
1251 *val = *((u8 *) opt->val);
1252 break;
1253
1254 case 2:
1255 *val = __le16_to_cpu(*((u16 *)opt->val));
1256 break;
1257
1258 case 4:
1259 *val = __le32_to_cpu(*((u32 *)opt->val));
1260 break;
1261
1262 default:
1263 *val = (unsigned long) opt->val;
1264 break;
1265 }
1266
1267 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1268 return len;
1269}
1270
1271static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
1272{
1273 int type, hint, olen;
1274 unsigned long val;
1275 void *ptr = data;
1276
1277 BT_DBG("sk %p len %d", sk, len);
1278
1279 while (len >= L2CAP_CONF_OPT_SIZE) {
1280 len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
1281
1282 hint = type & 0x80;
1283 type &= 0x7f;
1284
1285 switch (type) {
1286 case L2CAP_CONF_MTU:
1287 l2cap_pi(sk)->conf_mtu = val;
1288 break;
1289
1290 case L2CAP_CONF_FLUSH_TO:
1291 l2cap_pi(sk)->flush_to = val;
1292 break;
1293
1294 case L2CAP_CONF_QOS:
1295 break;
1296
1297 default:
1298 if (hint)
1299 break;
1300
1301 /* FIXME: Reject unknown option */
1302 break;
1303 }
1304 }
1305}
1306
1307static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1308{
1309 struct l2cap_conf_opt *opt = *ptr;
1310
1311 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1312
1313 opt->type = type;
1314 opt->len = len;
1315
1316 switch (len) {
1317 case 1:
1318 *((u8 *) opt->val) = val;
1319 break;
1320
1321 case 2:
1322 *((u16 *) opt->val) = __cpu_to_le16(val);
1323 break;
1324
1325 case 4:
1326 *((u32 *) opt->val) = __cpu_to_le32(val);
1327 break;
1328
1329 default:
1330 memcpy(opt->val, (void *) val, len);
1331 break;
1332 }
1333
1334 *ptr += L2CAP_CONF_OPT_SIZE + len;
1335}
1336
1337static int l2cap_build_conf_req(struct sock *sk, void *data)
1338{
1339 struct l2cap_pinfo *pi = l2cap_pi(sk);
1340 struct l2cap_conf_req *req = data;
1341 void *ptr = req->data;
1342
1343 BT_DBG("sk %p", sk);
1344
1345 if (pi->imtu != L2CAP_DEFAULT_MTU)
1346 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1347
1348 /* FIXME: Need actual value of the flush timeout */
1349 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1350 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1351
1352 req->dcid = __cpu_to_le16(pi->dcid);
1353 req->flags = __cpu_to_le16(0);
1354
1355 return ptr - data;
1356}
1357
1358static inline int l2cap_conf_output(struct sock *sk, void **ptr)
1359{
1360 struct l2cap_pinfo *pi = l2cap_pi(sk);
1361 int result = 0;
1362
1363 /* Configure output options and let the other side know
1364 * which ones we don't like. */
1365 if (pi->conf_mtu < pi->omtu) {
1366 l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1367 result = L2CAP_CONF_UNACCEPT;
1368 } else {
1369 pi->omtu = pi->conf_mtu;
1370 }
1371
1372 BT_DBG("sk %p result %d", sk, result);
1373 return result;
1374}
1375
1376static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
1377{
1378 struct l2cap_conf_rsp *rsp = data;
1379 void *ptr = rsp->data;
1380 u16 flags = 0;
1381
1382 BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
1383
1384 if (result)
1385 *result = l2cap_conf_output(sk, &ptr);
1386 else
1387 flags = 0x0001;
1388
1389 rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1390 rsp->result = __cpu_to_le16(result ? *result : 0);
1391 rsp->flags = __cpu_to_le16(flags);
1392
1393 return ptr - data;
1394}
1395
1396static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1397{
1398 struct l2cap_chan_list *list = &conn->chan_list;
1399 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1400 struct l2cap_conn_rsp rsp;
1401 struct sock *sk, *parent;
1402 int result = 0, status = 0;
1403
1404 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1405 u16 psm = req->psm;
1406
1407 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1408
1409 /* Check if we have socket listening on psm */
1410 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1411 if (!parent) {
1412 result = L2CAP_CR_BAD_PSM;
1413 goto sendresp;
1414 }
1415
1416 result = L2CAP_CR_NO_MEM;
1417
1418 /* Check for backlog size */
1419 if (sk_acceptq_is_full(parent)) {
1420 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1421 goto response;
1422 }
1423
1424 sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1425 if (!sk)
1426 goto response;
1427
1428 write_lock(&list->lock);
1429
1430 /* Check if we already have channel with that dcid */
1431 if (__l2cap_get_chan_by_dcid(list, scid)) {
1432 write_unlock(&list->lock);
1433 sock_set_flag(sk, SOCK_ZAPPED);
1434 l2cap_sock_kill(sk);
1435 goto response;
1436 }
1437
1438 hci_conn_hold(conn->hcon);
1439
1440 l2cap_sock_init(sk, parent);
1441 bacpy(&bt_sk(sk)->src, conn->src);
1442 bacpy(&bt_sk(sk)->dst, conn->dst);
1443 l2cap_pi(sk)->psm = psm;
1444 l2cap_pi(sk)->dcid = scid;
1445
1446 __l2cap_chan_add(conn, sk, parent);
1447 dcid = l2cap_pi(sk)->scid;
1448
1449 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1450
1451 /* Service level security */
1452 result = L2CAP_CR_PEND;
1453 status = L2CAP_CS_AUTHEN_PEND;
1454 sk->sk_state = BT_CONNECT2;
1455 l2cap_pi(sk)->ident = cmd->ident;
1456
1457 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
1458 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
1459 if (!hci_conn_encrypt(conn->hcon))
1460 goto done;
1461 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
1462 if (!hci_conn_auth(conn->hcon))
1463 goto done;
1464 }
1465
1466 sk->sk_state = BT_CONFIG;
1467 result = status = 0;
1468
1469done:
1470 write_unlock(&list->lock);
1471
1472response:
1473 bh_unlock_sock(parent);
1474
1475sendresp:
1476 rsp.scid = __cpu_to_le16(scid);
1477 rsp.dcid = __cpu_to_le16(dcid);
1478 rsp.result = __cpu_to_le16(result);
1479 rsp.status = __cpu_to_le16(status);
1480 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1481 return 0;
1482}
1483
1484static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1485{
1486 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1487 u16 scid, dcid, result, status;
1488 struct sock *sk;
1489 u8 req[128];
1490
1491 scid = __le16_to_cpu(rsp->scid);
1492 dcid = __le16_to_cpu(rsp->dcid);
1493 result = __le16_to_cpu(rsp->result);
1494 status = __le16_to_cpu(rsp->status);
1495
1496 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1497
1498 if (scid) {
1499 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1500 return 0;
1501 } else {
1502 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1503 return 0;
1504 }
1505
1506 switch (result) {
1507 case L2CAP_CR_SUCCESS:
1508 sk->sk_state = BT_CONFIG;
1509 l2cap_pi(sk)->ident = 0;
1510 l2cap_pi(sk)->dcid = dcid;
1511 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1512
1513 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1514 l2cap_build_conf_req(sk, req), req);
1515 break;
1516
1517 case L2CAP_CR_PEND:
1518 break;
1519
1520 default:
1521 l2cap_chan_del(sk, ECONNREFUSED);
1522 break;
1523 }
1524
1525 bh_unlock_sock(sk);
1526 return 0;
1527}
1528
1529static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1530{
1531 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1532 u16 dcid, flags;
1533 u8 rsp[64];
1534 struct sock *sk;
1535 int result;
1536
1537 dcid = __le16_to_cpu(req->dcid);
1538 flags = __le16_to_cpu(req->flags);
1539
1540 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1541
1542 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1543 return -ENOENT;
1544
1545 l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req));
1546
1547 if (flags & 0x0001) {
1548 /* Incomplete config. Send empty response. */
1549 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1550 l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
1551 goto unlock;
1552 }
1553
1554 /* Complete config. */
1555 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1556 l2cap_build_conf_rsp(sk, rsp, &result), rsp);
1557
1558 if (result)
1559 goto unlock;
1560
1561 /* Output config done */
1562 l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1563
1564 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1565 sk->sk_state = BT_CONNECTED;
1566 l2cap_chan_ready(sk);
1567 } else if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1568 u8 req[64];
1569 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1570 l2cap_build_conf_req(sk, req), req);
1571 }
1572
1573unlock:
1574 bh_unlock_sock(sk);
1575 return 0;
1576}
1577
1578static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1579{
1580 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1581 u16 scid, flags, result;
1582 struct sock *sk;
1583
1584 scid = __le16_to_cpu(rsp->scid);
1585 flags = __le16_to_cpu(rsp->flags);
1586 result = __le16_to_cpu(rsp->result);
1587
1588 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1589
1590 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1591 return 0;
1592
1593 switch (result) {
1594 case L2CAP_CONF_SUCCESS:
1595 break;
1596
1597 case L2CAP_CONF_UNACCEPT:
1598 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1599 char req[128];
1600 /* It does not make sense to adjust L2CAP parameters
1601 * that are currently defined in the spec. We simply
1602 * resend config request that we sent earlier. It is
1603 * stupid, but it helps qualification testing which
1604 * expects at least some response from us. */
1605 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1606 l2cap_build_conf_req(sk, req), req);
1607 goto done;
1608 }
1609
1610 default:
1611 sk->sk_state = BT_DISCONN;
1612 sk->sk_err = ECONNRESET;
1613 l2cap_sock_set_timer(sk, HZ * 5);
1614 {
1615 struct l2cap_disconn_req req;
1616 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1617 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1618 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1619 L2CAP_DISCONN_REQ, sizeof(req), &req);
1620 }
1621 goto done;
1622 }
1623
1624 if (flags & 0x01)
1625 goto done;
1626
1627 /* Input config done */
1628 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1629
1630 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1631 sk->sk_state = BT_CONNECTED;
1632 l2cap_chan_ready(sk);
1633 }
1634
1635done:
1636 bh_unlock_sock(sk);
1637 return 0;
1638}
1639
1640static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1641{
1642 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1643 struct l2cap_disconn_rsp rsp;
1644 u16 dcid, scid;
1645 struct sock *sk;
1646
1647 scid = __le16_to_cpu(req->scid);
1648 dcid = __le16_to_cpu(req->dcid);
1649
1650 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1651
1652 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1653 return 0;
1654
1655 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1656 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1657 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
1658
1659 sk->sk_shutdown = SHUTDOWN_MASK;
1660
1661 l2cap_chan_del(sk, ECONNRESET);
1662 bh_unlock_sock(sk);
1663
1664 l2cap_sock_kill(sk);
1665 return 0;
1666}
1667
1668static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1669{
1670 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
1671 u16 dcid, scid;
1672 struct sock *sk;
1673
1674 scid = __le16_to_cpu(rsp->scid);
1675 dcid = __le16_to_cpu(rsp->dcid);
1676
1677 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1678
1679 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1680 return 0;
1681
1682 l2cap_chan_del(sk, 0);
1683 bh_unlock_sock(sk);
1684
1685 l2cap_sock_kill(sk);
1686 return 0;
1687}
1688
1689static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1690{
1691 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1692 struct l2cap_info_rsp rsp;
1693 u16 type;
1694
1695 type = __le16_to_cpu(req->type);
1696
1697 BT_DBG("type 0x%4.4x", type);
1698
1699 rsp.type = __cpu_to_le16(type);
1700 rsp.result = __cpu_to_le16(L2CAP_IR_NOTSUPP);
1701 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1702
1703 return 0;
1704}
1705
1706static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1707{
1708 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
1709 u16 type, result;
1710
1711 type = __le16_to_cpu(rsp->type);
1712 result = __le16_to_cpu(rsp->result);
1713
1714 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1715
1716 return 0;
1717}
1718
1719static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1720{
1721 u8 *data = skb->data;
1722 int len = skb->len;
1723 struct l2cap_cmd_hdr cmd;
1724 int err = 0;
1725
1726 l2cap_raw_recv(conn, skb);
1727
1728 while (len >= L2CAP_CMD_HDR_SIZE) {
1729 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1730 data += L2CAP_CMD_HDR_SIZE;
1731 len -= L2CAP_CMD_HDR_SIZE;
1732
1733 cmd.len = __le16_to_cpu(cmd.len);
1734
1735 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
1736
1737 if (cmd.len > len || !cmd.ident) {
1738 BT_DBG("corrupted command");
1739 break;
1740 }
1741
1742 switch (cmd.code) {
1743 case L2CAP_COMMAND_REJ:
1744 /* FIXME: We should process this */
1745 break;
1746
1747 case L2CAP_CONN_REQ:
1748 err = l2cap_connect_req(conn, &cmd, data);
1749 break;
1750
1751 case L2CAP_CONN_RSP:
1752 err = l2cap_connect_rsp(conn, &cmd, data);
1753 break;
1754
1755 case L2CAP_CONF_REQ:
1756 err = l2cap_config_req(conn, &cmd, data);
1757 break;
1758
1759 case L2CAP_CONF_RSP:
1760 err = l2cap_config_rsp(conn, &cmd, data);
1761 break;
1762
1763 case L2CAP_DISCONN_REQ:
1764 err = l2cap_disconnect_req(conn, &cmd, data);
1765 break;
1766
1767 case L2CAP_DISCONN_RSP:
1768 err = l2cap_disconnect_rsp(conn, &cmd, data);
1769 break;
1770
1771 case L2CAP_ECHO_REQ:
1772 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
1773 break;
1774
1775 case L2CAP_ECHO_RSP:
1776 break;
1777
1778 case L2CAP_INFO_REQ:
1779 err = l2cap_information_req(conn, &cmd, data);
1780 break;
1781
1782 case L2CAP_INFO_RSP:
1783 err = l2cap_information_rsp(conn, &cmd, data);
1784 break;
1785
1786 default:
1787 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
1788 err = -EINVAL;
1789 break;
1790 }
1791
1792 if (err) {
1793 struct l2cap_cmd_rej rej;
1794 BT_DBG("error %d", err);
1795
1796 /* FIXME: Map err to a valid reason */
1797 rej.reason = __cpu_to_le16(0);
1798 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
1799 }
1800
1801 data += cmd.len;
1802 len -= cmd.len;
1803 }
1804
1805 kfree_skb(skb);
1806}
1807
1808static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
1809{
1810 struct sock *sk;
1811
1812 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
1813 if (!sk) {
1814 BT_DBG("unknown cid 0x%4.4x", cid);
1815 goto drop;
1816 }
1817
1818 BT_DBG("sk %p, len %d", sk, skb->len);
1819
1820 if (sk->sk_state != BT_CONNECTED)
1821 goto drop;
1822
1823 if (l2cap_pi(sk)->imtu < skb->len)
1824 goto drop;
1825
1826 /* If socket recv buffers overflows we drop data here
1827 * which is *bad* because L2CAP has to be reliable.
1828 * But we don't have any other choice. L2CAP doesn't
1829 * provide flow control mechanism. */
1830
1831 if (!sock_queue_rcv_skb(sk, skb))
1832 goto done;
1833
1834drop:
1835 kfree_skb(skb);
1836
1837done:
1838 if (sk) bh_unlock_sock(sk);
1839 return 0;
1840}
1841
1842static inline int l2cap_conless_channel(struct l2cap_conn *conn, u16 psm, struct sk_buff *skb)
1843{
1844 struct sock *sk;
1845
1846 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
1847 if (!sk)
1848 goto drop;
1849
1850 BT_DBG("sk %p, len %d", sk, skb->len);
1851
1852 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
1853 goto drop;
1854
1855 if (l2cap_pi(sk)->imtu < skb->len)
1856 goto drop;
1857
1858 if (!sock_queue_rcv_skb(sk, skb))
1859 goto done;
1860
1861drop:
1862 kfree_skb(skb);
1863
1864done:
1865 if (sk) bh_unlock_sock(sk);
1866 return 0;
1867}
1868
1869static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
1870{
1871 struct l2cap_hdr *lh = (void *) skb->data;
1872 u16 cid, psm, len;
1873
1874 skb_pull(skb, L2CAP_HDR_SIZE);
1875 cid = __le16_to_cpu(lh->cid);
1876 len = __le16_to_cpu(lh->len);
1877
1878 BT_DBG("len %d, cid 0x%4.4x", len, cid);
1879
1880 switch (cid) {
1881 case 0x0001:
1882 l2cap_sig_channel(conn, skb);
1883 break;
1884
1885 case 0x0002:
1886 psm = get_unaligned((u16 *) skb->data);
1887 skb_pull(skb, 2);
1888 l2cap_conless_channel(conn, psm, skb);
1889 break;
1890
1891 default:
1892 l2cap_data_channel(conn, cid, skb);
1893 break;
1894 }
1895}
1896
1897/* ---- L2CAP interface with lower layer (HCI) ---- */
1898
1899static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1900{
1901 int exact = 0, lm1 = 0, lm2 = 0;
1902 register struct sock *sk;
1903 struct hlist_node *node;
1904
1905 if (type != ACL_LINK)
1906 return 0;
1907
1908 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
1909
1910 /* Find listening sockets and check their link_mode */
1911 read_lock(&l2cap_sk_list.lock);
1912 sk_for_each(sk, node, &l2cap_sk_list.head) {
1913 if (sk->sk_state != BT_LISTEN)
1914 continue;
1915
1916 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
1917 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1918 exact++;
1919 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
1920 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1921 }
1922 read_unlock(&l2cap_sk_list.lock);
1923
1924 return exact ? lm1 : lm2;
1925}
1926
1927static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1928{
1929 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
1930
1931 if (hcon->type != ACL_LINK)
1932 return 0;
1933
1934 if (!status) {
1935 struct l2cap_conn *conn;
1936
1937 conn = l2cap_conn_add(hcon, status);
1938 if (conn)
1939 l2cap_conn_ready(conn);
1940 } else
1941 l2cap_conn_del(hcon, bt_err(status));
1942
1943 return 0;
1944}
1945
1946static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
1947{
1948 BT_DBG("hcon %p reason %d", hcon, reason);
1949
1950 if (hcon->type != ACL_LINK)
1951 return 0;
1952
1953 l2cap_conn_del(hcon, bt_err(reason));
1954 return 0;
1955}
1956
1957static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
1958{
1959 struct l2cap_chan_list *l;
1960 struct l2cap_conn *conn;
1961 struct l2cap_conn_rsp rsp;
1962 struct sock *sk;
1963 int result;
1964
1965 if (!(conn = hcon->l2cap_data))
1966 return 0;
1967 l = &conn->chan_list;
1968
1969 BT_DBG("conn %p", conn);
1970
1971 read_lock(&l->lock);
1972
1973 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1974 bh_lock_sock(sk);
1975
1976 if (sk->sk_state != BT_CONNECT2 ||
1977 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
1978 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
1979 bh_unlock_sock(sk);
1980 continue;
1981 }
1982
1983 if (!status) {
1984 sk->sk_state = BT_CONFIG;
1985 result = 0;
1986 } else {
1987 sk->sk_state = BT_DISCONN;
1988 l2cap_sock_set_timer(sk, HZ/10);
1989 result = L2CAP_CR_SEC_BLOCK;
1990 }
1991
1992 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1993 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1994 rsp.result = __cpu_to_le16(result);
1995 rsp.status = __cpu_to_le16(0);
1996 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
1997 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1998
1999 bh_unlock_sock(sk);
2000 }
2001
2002 read_unlock(&l->lock);
2003 return 0;
2004}
2005
2006static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
2007{
2008 struct l2cap_chan_list *l;
2009 struct l2cap_conn *conn;
2010 struct l2cap_conn_rsp rsp;
2011 struct sock *sk;
2012 int result;
2013
2014 if (!(conn = hcon->l2cap_data))
2015 return 0;
2016 l = &conn->chan_list;
2017
2018 BT_DBG("conn %p", conn);
2019
2020 read_lock(&l->lock);
2021
2022 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2023 bh_lock_sock(sk);
2024
2025 if (sk->sk_state != BT_CONNECT2) {
2026 bh_unlock_sock(sk);
2027 continue;
2028 }
2029
2030 if (!status) {
2031 sk->sk_state = BT_CONFIG;
2032 result = 0;
2033 } else {
2034 sk->sk_state = BT_DISCONN;
2035 l2cap_sock_set_timer(sk, HZ/10);
2036 result = L2CAP_CR_SEC_BLOCK;
2037 }
2038
2039 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
2040 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
2041 rsp.result = __cpu_to_le16(result);
2042 rsp.status = __cpu_to_le16(0);
2043 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2044 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2045
2046 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)
2047 hci_conn_change_link_key(hcon);
2048
2049 bh_unlock_sock(sk);
2050 }
2051
2052 read_unlock(&l->lock);
2053 return 0;
2054}
2055
2056static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2057{
2058 struct l2cap_conn *conn = hcon->l2cap_data;
2059
2060 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2061 goto drop;
2062
2063 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2064
2065 if (flags & ACL_START) {
2066 struct l2cap_hdr *hdr;
2067 int len;
2068
2069 if (conn->rx_len) {
2070 BT_ERR("Unexpected start frame (len %d)", skb->len);
2071 kfree_skb(conn->rx_skb);
2072 conn->rx_skb = NULL;
2073 conn->rx_len = 0;
2074 l2cap_conn_unreliable(conn, ECOMM);
2075 }
2076
2077 if (skb->len < 2) {
2078 BT_ERR("Frame is too short (len %d)", skb->len);
2079 l2cap_conn_unreliable(conn, ECOMM);
2080 goto drop;
2081 }
2082
2083 hdr = (struct l2cap_hdr *) skb->data;
2084 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2085
2086 if (len == skb->len) {
2087 /* Complete frame received */
2088 l2cap_recv_frame(conn, skb);
2089 return 0;
2090 }
2091
2092 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2093
2094 if (skb->len > len) {
2095 BT_ERR("Frame is too long (len %d, expected len %d)",
2096 skb->len, len);
2097 l2cap_conn_unreliable(conn, ECOMM);
2098 goto drop;
2099 }
2100
2101 /* Allocate skb for the complete frame (with header) */
2102 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2103 goto drop;
2104
2105 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2106 conn->rx_len = len - skb->len;
2107 } else {
2108 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2109
2110 if (!conn->rx_len) {
2111 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2112 l2cap_conn_unreliable(conn, ECOMM);
2113 goto drop;
2114 }
2115
2116 if (skb->len > conn->rx_len) {
2117 BT_ERR("Fragment is too long (len %d, expected %d)",
2118 skb->len, conn->rx_len);
2119 kfree_skb(conn->rx_skb);
2120 conn->rx_skb = NULL;
2121 conn->rx_len = 0;
2122 l2cap_conn_unreliable(conn, ECOMM);
2123 goto drop;
2124 }
2125
2126 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2127 conn->rx_len -= skb->len;
2128
2129 if (!conn->rx_len) {
2130 /* Complete frame received */
2131 l2cap_recv_frame(conn, conn->rx_skb);
2132 conn->rx_skb = NULL;
2133 }
2134 }
2135
2136drop:
2137 kfree_skb(skb);
2138 return 0;
2139}
2140
2141/* ---- Proc fs support ---- */
2142#ifdef CONFIG_PROC_FS
2143static void *l2cap_seq_start(struct seq_file *seq, loff_t *pos)
2144{
2145 struct sock *sk;
2146 struct hlist_node *node;
2147 loff_t l = *pos;
2148
2149 read_lock_bh(&l2cap_sk_list.lock);
2150
2151 sk_for_each(sk, node, &l2cap_sk_list.head)
2152 if (!l--)
2153 goto found;
2154 sk = NULL;
2155found:
2156 return sk;
2157}
2158
2159static void *l2cap_seq_next(struct seq_file *seq, void *e, loff_t *pos)
2160{
2161 (*pos)++;
2162 return sk_next(e);
2163}
2164
2165static void l2cap_seq_stop(struct seq_file *seq, void *e)
2166{
2167 read_unlock_bh(&l2cap_sk_list.lock);
2168}
2169
2170static int l2cap_seq_show(struct seq_file *seq, void *e)
2171{
2172 struct sock *sk = e;
2173 struct l2cap_pinfo *pi = l2cap_pi(sk);
2174
2175 seq_printf(seq, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2176 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2177 sk->sk_state, pi->psm, pi->scid, pi->dcid, pi->imtu,
2178 pi->omtu, pi->link_mode);
2179 return 0;
2180}
2181
2182static struct seq_operations l2cap_seq_ops = {
2183 .start = l2cap_seq_start,
2184 .next = l2cap_seq_next,
2185 .stop = l2cap_seq_stop,
2186 .show = l2cap_seq_show
2187};
2188
2189static int l2cap_seq_open(struct inode *inode, struct file *file)
2190{
2191 return seq_open(file, &l2cap_seq_ops);
2192}
2193
2194static struct file_operations l2cap_seq_fops = {
2195 .owner = THIS_MODULE,
2196 .open = l2cap_seq_open,
2197 .read = seq_read,
2198 .llseek = seq_lseek,
2199 .release = seq_release,
2200};
2201
2202static int __init l2cap_proc_init(void)
2203{
2204 struct proc_dir_entry *p = create_proc_entry("l2cap", S_IRUGO, proc_bt);
2205 if (!p)
2206 return -ENOMEM;
2207 p->owner = THIS_MODULE;
2208 p->proc_fops = &l2cap_seq_fops;
2209 return 0;
2210}
2211
2212static void __exit l2cap_proc_cleanup(void)
2213{
2214 remove_proc_entry("l2cap", proc_bt);
2215}
2216
2217#else /* CONFIG_PROC_FS */
2218
2219static int __init l2cap_proc_init(void)
2220{
2221 return 0;
2222}
2223
2224static void __exit l2cap_proc_cleanup(void)
2225{
2226 return;
2227}
2228#endif /* CONFIG_PROC_FS */
2229
2230static struct proto_ops l2cap_sock_ops = {
2231 .family = PF_BLUETOOTH,
2232 .owner = THIS_MODULE,
2233 .release = l2cap_sock_release,
2234 .bind = l2cap_sock_bind,
2235 .connect = l2cap_sock_connect,
2236 .listen = l2cap_sock_listen,
2237 .accept = l2cap_sock_accept,
2238 .getname = l2cap_sock_getname,
2239 .sendmsg = l2cap_sock_sendmsg,
2240 .recvmsg = bt_sock_recvmsg,
2241 .poll = bt_sock_poll,
2242 .mmap = sock_no_mmap,
2243 .socketpair = sock_no_socketpair,
2244 .ioctl = sock_no_ioctl,
2245 .shutdown = l2cap_sock_shutdown,
2246 .setsockopt = l2cap_sock_setsockopt,
2247 .getsockopt = l2cap_sock_getsockopt
2248};
2249
2250static struct net_proto_family l2cap_sock_family_ops = {
2251 .family = PF_BLUETOOTH,
2252 .owner = THIS_MODULE,
2253 .create = l2cap_sock_create,
2254};
2255
2256static struct hci_proto l2cap_hci_proto = {
2257 .name = "L2CAP",
2258 .id = HCI_PROTO_L2CAP,
2259 .connect_ind = l2cap_connect_ind,
2260 .connect_cfm = l2cap_connect_cfm,
2261 .disconn_ind = l2cap_disconn_ind,
2262 .auth_cfm = l2cap_auth_cfm,
2263 .encrypt_cfm = l2cap_encrypt_cfm,
2264 .recv_acldata = l2cap_recv_acldata
2265};
2266
2267static int __init l2cap_init(void)
2268{
2269 int err;
2270
2271 err = proto_register(&l2cap_proto, 0);
2272 if (err < 0)
2273 return err;
2274
2275 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2276 if (err < 0) {
2277 BT_ERR("L2CAP socket registration failed");
2278 goto error;
2279 }
2280
2281 err = hci_register_proto(&l2cap_hci_proto);
2282 if (err < 0) {
2283 BT_ERR("L2CAP protocol registration failed");
2284 bt_sock_unregister(BTPROTO_L2CAP);
2285 goto error;
2286 }
2287
2288 l2cap_proc_init();
2289
2290 BT_INFO("L2CAP ver %s", VERSION);
2291 BT_INFO("L2CAP socket layer initialized");
2292
2293 return 0;
2294
2295error:
2296 proto_unregister(&l2cap_proto);
2297 return err;
2298}
2299
2300static void __exit l2cap_exit(void)
2301{
2302 l2cap_proc_cleanup();
2303
2304 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2305 BT_ERR("L2CAP socket unregistration failed");
2306
2307 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2308 BT_ERR("L2CAP protocol unregistration failed");
2309
2310 proto_unregister(&l2cap_proto);
2311}
2312
2313void l2cap_load(void)
2314{
2315 /* Dummy function to trigger automatic L2CAP module loading by
2316 * other modules that use L2CAP sockets but don't use any other
2317 * symbols from it. */
2318 return;
2319}
2320EXPORT_SYMBOL(l2cap_load);
2321
2322module_init(l2cap_init);
2323module_exit(l2cap_exit);
2324
2325MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2326MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2327MODULE_VERSION(VERSION);
2328MODULE_LICENSE("GPL");
2329MODULE_ALIAS("bt-proto-0");
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c
new file mode 100644
index 00000000000..9efb0a09361
--- /dev/null
+++ b/net/bluetooth/lib.c
@@ -0,0 +1,178 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth kernel library. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/kernel.h>
31#include <linux/stddef.h>
32#include <linux/string.h>
33#include <asm/errno.h>
34
35#include <net/bluetooth/bluetooth.h>
36
37void bt_dump(char *pref, __u8 *buf, int count)
38{
39 char *ptr;
40 char line[100];
41 unsigned int i;
42
43 printk(KERN_INFO "%s: dump, len %d\n", pref, count);
44
45 ptr = line;
46 *ptr = 0;
47 for (i = 0; i < count; i++) {
48 ptr += sprintf(ptr, " %2.2X", buf[i]);
49
50 if (i && !((i + 1) % 20)) {
51 printk(KERN_INFO "%s:%s\n", pref, line);
52 ptr = line;
53 *ptr = 0;
54 }
55 }
56
57 if (line[0])
58 printk(KERN_INFO "%s:%s\n", pref, line);
59}
60EXPORT_SYMBOL(bt_dump);
61
62void baswap(bdaddr_t *dst, bdaddr_t *src)
63{
64 unsigned char *d = (unsigned char *) dst;
65 unsigned char *s = (unsigned char *) src;
66 unsigned int i;
67
68 for (i = 0; i < 6; i++)
69 d[i] = s[5 - i];
70}
71EXPORT_SYMBOL(baswap);
72
73char *batostr(bdaddr_t *ba)
74{
75 static char str[2][18];
76 static int i = 1;
77
78 i ^= 1;
79 sprintf(str[i], "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
80 ba->b[0], ba->b[1], ba->b[2],
81 ba->b[3], ba->b[4], ba->b[5]);
82
83 return str[i];
84}
85EXPORT_SYMBOL(batostr);
86
87/* Bluetooth error codes to Unix errno mapping */
88int bt_err(__u16 code)
89{
90 switch (code) {
91 case 0:
92 return 0;
93
94 case 0x01:
95 return EBADRQC;
96
97 case 0x02:
98 return ENOTCONN;
99
100 case 0x03:
101 return EIO;
102
103 case 0x04:
104 return EHOSTDOWN;
105
106 case 0x05:
107 return EACCES;
108
109 case 0x06:
110 return EBADE;
111
112 case 0x07:
113 return ENOMEM;
114
115 case 0x08:
116 return ETIMEDOUT;
117
118 case 0x09:
119 return EMLINK;
120
121 case 0x0a:
122 return EMLINK;
123
124 case 0x0b:
125 return EALREADY;
126
127 case 0x0c:
128 return EBUSY;
129
130 case 0x0d:
131 case 0x0e:
132 case 0x0f:
133 return ECONNREFUSED;
134
135 case 0x10:
136 return ETIMEDOUT;
137
138 case 0x11:
139 case 0x27:
140 case 0x29:
141 case 0x20:
142 return EOPNOTSUPP;
143
144 case 0x12:
145 return EINVAL;
146
147 case 0x13:
148 case 0x14:
149 case 0x15:
150 return ECONNRESET;
151
152 case 0x16:
153 return ECONNABORTED;
154
155 case 0x17:
156 return ELOOP;
157
158 case 0x18:
159 return EACCES;
160
161 case 0x1a:
162 return EPROTONOSUPPORT;
163
164 case 0x1b:
165 return ECONNREFUSED;
166
167 case 0x19:
168 case 0x1e:
169 case 0x23:
170 case 0x24:
171 case 0x25:
172 return EPROTO;
173
174 default:
175 return ENOSYS;
176 }
177}
178EXPORT_SYMBOL(bt_err);
diff --git a/net/bluetooth/rfcomm/Kconfig b/net/bluetooth/rfcomm/Kconfig
new file mode 100644
index 00000000000..405a0e61e7d
--- /dev/null
+++ b/net/bluetooth/rfcomm/Kconfig
@@ -0,0 +1,17 @@
1config BT_RFCOMM
2 tristate "RFCOMM protocol support"
3 depends on BT && BT_L2CAP
4 help
5 RFCOMM provides connection oriented stream transport. RFCOMM
6 support is required for Dialup Networking, OBEX and other Bluetooth
7 applications.
8
9 Say Y here to compile RFCOMM support into the kernel or say M to
10 compile it as module (rfcomm).
11
12config BT_RFCOMM_TTY
13 bool "RFCOMM TTY support"
14 depends on BT_RFCOMM
15 help
16 This option enables TTY emulation support for RFCOMM channels.
17
diff --git a/net/bluetooth/rfcomm/Makefile b/net/bluetooth/rfcomm/Makefile
new file mode 100644
index 00000000000..aecec45ec68
--- /dev/null
+++ b/net/bluetooth/rfcomm/Makefile
@@ -0,0 +1,8 @@
1#
2# Makefile for the Linux Bluetooth RFCOMM layer.
3#
4
5obj-$(CONFIG_BT_RFCOMM) += rfcomm.o
6
7rfcomm-y := core.o sock.o crc.o
8rfcomm-$(CONFIG_BT_RFCOMM_TTY) += tty.o
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
new file mode 100644
index 00000000000..e9e6fda66f1
--- /dev/null
+++ b/net/bluetooth/rfcomm/core.c
@@ -0,0 +1,2127 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 RPN support - Dirk Husemann <hud@zurich.ibm.com>
26*/
27
28/*
29 * Bluetooth RFCOMM core.
30 *
31 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
32 */
33
34#include <linux/config.h>
35#include <linux/module.h>
36#include <linux/errno.h>
37#include <linux/kernel.h>
38#include <linux/sched.h>
39#include <linux/signal.h>
40#include <linux/init.h>
41#include <linux/wait.h>
42#include <linux/net.h>
43#include <linux/proc_fs.h>
44#include <linux/seq_file.h>
45#include <net/sock.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52#include <net/bluetooth/rfcomm.h>
53
54#define VERSION "1.5"
55
56#ifndef CONFIG_BT_RFCOMM_DEBUG
57#undef BT_DBG
58#define BT_DBG(D...)
59#endif
60
61#ifdef CONFIG_PROC_FS
62struct proc_dir_entry *proc_bt_rfcomm;
63#endif
64
65static struct task_struct *rfcomm_thread;
66
67static DECLARE_MUTEX(rfcomm_sem);
68#define rfcomm_lock() down(&rfcomm_sem);
69#define rfcomm_unlock() up(&rfcomm_sem);
70
71static unsigned long rfcomm_event;
72
73static LIST_HEAD(session_list);
74static atomic_t terminate, running;
75
76static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
86
87static void rfcomm_process_connect(struct rfcomm_session *s);
88
89static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91static void rfcomm_session_del(struct rfcomm_session *s);
92
93/* ---- RFCOMM frame parsing macros ---- */
94#define __get_dlci(b) ((b & 0xfc) >> 2)
95#define __get_channel(b) ((b & 0xf8) >> 3)
96#define __get_dir(b) ((b & 0x04) >> 2)
97#define __get_type(b) ((b & 0xef))
98
99#define __test_ea(b) ((b & 0x01))
100#define __test_cr(b) ((b & 0x02))
101#define __test_pf(b) ((b & 0x10))
102
103#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
105#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
106#define __srv_channel(dlci) (dlci >> 1)
107#define __dir(dlci) (dlci & 0x01)
108
109#define __len8(len) (((len) << 1) | 1)
110#define __len16(len) ((len) << 1)
111
112/* MCC macros */
113#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
114#define __get_mcc_type(b) ((b & 0xfc) >> 2)
115#define __get_mcc_len(b) ((b & 0xfe) >> 1)
116
117/* RPN macros */
118#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119#define __get_rpn_data_bits(line) ((line) & 0x3)
120#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121#define __get_rpn_parity(line) (((line) >> 3) & 0x3)
122
123static inline void rfcomm_schedule(uint event)
124{
125 if (!rfcomm_thread)
126 return;
127 //set_bit(event, &rfcomm_event);
128 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129 wake_up_process(rfcomm_thread);
130}
131
132static inline void rfcomm_session_put(struct rfcomm_session *s)
133{
134 if (atomic_dec_and_test(&s->refcnt))
135 rfcomm_session_del(s);
136}
137
138/* ---- RFCOMM FCS computation ---- */
139
140/* CRC on 2 bytes */
141#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
142
143/* FCS on 2 bytes */
144static inline u8 __fcs(u8 *data)
145{
146 return (0xff - __crc(data));
147}
148
149/* FCS on 3 bytes */
150static inline u8 __fcs2(u8 *data)
151{
152 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
153}
154
155/* Check FCS */
156static inline int __check_fcs(u8 *data, int type, u8 fcs)
157{
158 u8 f = __crc(data);
159
160 if (type != RFCOMM_UIH)
161 f = rfcomm_crc_table[f ^ data[2]];
162
163 return rfcomm_crc_table[f ^ fcs] != 0xcf;
164}
165
166/* ---- L2CAP callbacks ---- */
167static void rfcomm_l2state_change(struct sock *sk)
168{
169 BT_DBG("%p state %d", sk, sk->sk_state);
170 rfcomm_schedule(RFCOMM_SCHED_STATE);
171}
172
173static void rfcomm_l2data_ready(struct sock *sk, int bytes)
174{
175 BT_DBG("%p bytes %d", sk, bytes);
176 rfcomm_schedule(RFCOMM_SCHED_RX);
177}
178
179static int rfcomm_l2sock_create(struct socket **sock)
180{
181 int err;
182
183 BT_DBG("");
184
185 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
186 if (!err) {
187 struct sock *sk = (*sock)->sk;
188 sk->sk_data_ready = rfcomm_l2data_ready;
189 sk->sk_state_change = rfcomm_l2state_change;
190 }
191 return err;
192}
193
194/* ---- RFCOMM DLCs ---- */
195static void rfcomm_dlc_timeout(unsigned long arg)
196{
197 struct rfcomm_dlc *d = (void *) arg;
198
199 BT_DBG("dlc %p state %ld", d, d->state);
200
201 set_bit(RFCOMM_TIMED_OUT, &d->flags);
202 rfcomm_dlc_put(d);
203 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
204}
205
206static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
207{
208 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
209
210 if (!mod_timer(&d->timer, jiffies + timeout))
211 rfcomm_dlc_hold(d);
212}
213
214static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
215{
216 BT_DBG("dlc %p state %ld", d, d->state);
217
218 if (timer_pending(&d->timer) && del_timer(&d->timer))
219 rfcomm_dlc_put(d);
220}
221
222static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
223{
224 BT_DBG("%p", d);
225
226 d->state = BT_OPEN;
227 d->flags = 0;
228 d->mscex = 0;
229 d->mtu = RFCOMM_DEFAULT_MTU;
230 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
231
232 d->cfc = RFCOMM_CFC_DISABLED;
233 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
234}
235
236struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
237{
238 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
239 if (!d)
240 return NULL;
241 memset(d, 0, sizeof(*d));
242
243 init_timer(&d->timer);
244 d->timer.function = rfcomm_dlc_timeout;
245 d->timer.data = (unsigned long) d;
246
247 skb_queue_head_init(&d->tx_queue);
248 spin_lock_init(&d->lock);
249 atomic_set(&d->refcnt, 1);
250
251 rfcomm_dlc_clear_state(d);
252
253 BT_DBG("%p", d);
254 return d;
255}
256
257void rfcomm_dlc_free(struct rfcomm_dlc *d)
258{
259 BT_DBG("%p", d);
260
261 skb_queue_purge(&d->tx_queue);
262 kfree(d);
263}
264
265static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
266{
267 BT_DBG("dlc %p session %p", d, s);
268
269 rfcomm_session_hold(s);
270
271 rfcomm_dlc_hold(d);
272 list_add(&d->list, &s->dlcs);
273 d->session = s;
274}
275
276static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
277{
278 struct rfcomm_session *s = d->session;
279
280 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
281
282 list_del(&d->list);
283 d->session = NULL;
284 rfcomm_dlc_put(d);
285
286 rfcomm_session_put(s);
287}
288
289static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
290{
291 struct rfcomm_dlc *d;
292 struct list_head *p;
293
294 list_for_each(p, &s->dlcs) {
295 d = list_entry(p, struct rfcomm_dlc, list);
296 if (d->dlci == dlci)
297 return d;
298 }
299 return NULL;
300}
301
302static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
303{
304 struct rfcomm_session *s;
305 int err = 0;
306 u8 dlci;
307
308 BT_DBG("dlc %p state %ld %s %s channel %d",
309 d, d->state, batostr(src), batostr(dst), channel);
310
311 if (channel < 1 || channel > 30)
312 return -EINVAL;
313
314 if (d->state != BT_OPEN && d->state != BT_CLOSED)
315 return 0;
316
317 s = rfcomm_session_get(src, dst);
318 if (!s) {
319 s = rfcomm_session_create(src, dst, &err);
320 if (!s)
321 return err;
322 }
323
324 dlci = __dlci(!s->initiator, channel);
325
326 /* Check if DLCI already exists */
327 if (rfcomm_dlc_get(s, dlci))
328 return -EBUSY;
329
330 rfcomm_dlc_clear_state(d);
331
332 d->dlci = dlci;
333 d->addr = __addr(s->initiator, dlci);
334 d->priority = 7;
335
336 d->state = BT_CONFIG;
337 rfcomm_dlc_link(s, d);
338
339 d->mtu = s->mtu;
340 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
341
342 if (s->state == BT_CONNECTED)
343 rfcomm_send_pn(s, 1, d);
344 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
345 return 0;
346}
347
348int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
349{
350 int r;
351
352 rfcomm_lock();
353
354 r = __rfcomm_dlc_open(d, src, dst, channel);
355
356 rfcomm_unlock();
357 return r;
358}
359
360static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
361{
362 struct rfcomm_session *s = d->session;
363 if (!s)
364 return 0;
365
366 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367 d, d->state, d->dlci, err, s);
368
369 switch (d->state) {
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 case BT_CONNECT:
373 d->state = BT_DISCONN;
374 if (skb_queue_empty(&d->tx_queue)) {
375 rfcomm_send_disc(s, d->dlci);
376 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
377 } else {
378 rfcomm_queue_disc(d);
379 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
380 }
381 break;
382
383 default:
384 rfcomm_dlc_clear_timer(d);
385
386 rfcomm_dlc_lock(d);
387 d->state = BT_CLOSED;
388 d->state_change(d, err);
389 rfcomm_dlc_unlock(d);
390
391 skb_queue_purge(&d->tx_queue);
392 rfcomm_session_put(s);
393
394 rfcomm_dlc_unlink(d);
395 }
396
397 return 0;
398}
399
400int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401{
402 int r;
403
404 rfcomm_lock();
405
406 r = __rfcomm_dlc_close(d, err);
407
408 rfcomm_unlock();
409 return r;
410}
411
412int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
413{
414 int len = skb->len;
415
416 if (d->state != BT_CONNECTED)
417 return -ENOTCONN;
418
419 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
420
421 if (len > d->mtu)
422 return -EINVAL;
423
424 rfcomm_make_uih(skb, d->addr);
425 skb_queue_tail(&d->tx_queue, skb);
426
427 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
428 rfcomm_schedule(RFCOMM_SCHED_TX);
429 return len;
430}
431
432void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
433{
434 BT_DBG("dlc %p state %ld", d, d->state);
435
436 if (!d->cfc) {
437 d->v24_sig |= RFCOMM_V24_FC;
438 set_bit(RFCOMM_MSC_PENDING, &d->flags);
439 }
440 rfcomm_schedule(RFCOMM_SCHED_TX);
441}
442
443void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
444{
445 BT_DBG("dlc %p state %ld", d, d->state);
446
447 if (!d->cfc) {
448 d->v24_sig &= ~RFCOMM_V24_FC;
449 set_bit(RFCOMM_MSC_PENDING, &d->flags);
450 }
451 rfcomm_schedule(RFCOMM_SCHED_TX);
452}
453
454/*
455 Set/get modem status functions use _local_ status i.e. what we report
456 to the other side.
457 Remote status is provided by dlc->modem_status() callback.
458 */
459int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
460{
461 BT_DBG("dlc %p state %ld v24_sig 0x%x",
462 d, d->state, v24_sig);
463
464 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
465 v24_sig |= RFCOMM_V24_FC;
466 else
467 v24_sig &= ~RFCOMM_V24_FC;
468
469 d->v24_sig = v24_sig;
470
471 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
472 rfcomm_schedule(RFCOMM_SCHED_TX);
473
474 return 0;
475}
476
477int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
478{
479 BT_DBG("dlc %p state %ld v24_sig 0x%x",
480 d, d->state, d->v24_sig);
481
482 *v24_sig = d->v24_sig;
483 return 0;
484}
485
486/* ---- RFCOMM sessions ---- */
487static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
488{
489 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
490 if (!s)
491 return NULL;
492 memset(s, 0, sizeof(*s));
493
494 BT_DBG("session %p sock %p", s, sock);
495
496 INIT_LIST_HEAD(&s->dlcs);
497 s->state = state;
498 s->sock = sock;
499
500 s->mtu = RFCOMM_DEFAULT_MTU;
501 s->cfc = RFCOMM_CFC_UNKNOWN;
502
503 /* Do not increment module usage count for listening sessions.
504 * Otherwise we won't be able to unload the module. */
505 if (state != BT_LISTEN)
506 if (!try_module_get(THIS_MODULE)) {
507 kfree(s);
508 return NULL;
509 }
510
511 list_add(&s->list, &session_list);
512
513 return s;
514}
515
516static void rfcomm_session_del(struct rfcomm_session *s)
517{
518 int state = s->state;
519
520 BT_DBG("session %p state %ld", s, s->state);
521
522 list_del(&s->list);
523
524 if (state == BT_CONNECTED)
525 rfcomm_send_disc(s, 0);
526
527 sock_release(s->sock);
528 kfree(s);
529
530 if (state != BT_LISTEN)
531 module_put(THIS_MODULE);
532}
533
534static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
535{
536 struct rfcomm_session *s;
537 struct list_head *p, *n;
538 struct bt_sock *sk;
539 list_for_each_safe(p, n, &session_list) {
540 s = list_entry(p, struct rfcomm_session, list);
541 sk = bt_sk(s->sock->sk);
542
543 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
544 !bacmp(&sk->dst, dst))
545 return s;
546 }
547 return NULL;
548}
549
550static void rfcomm_session_close(struct rfcomm_session *s, int err)
551{
552 struct rfcomm_dlc *d;
553 struct list_head *p, *n;
554
555 BT_DBG("session %p state %ld err %d", s, s->state, err);
556
557 rfcomm_session_hold(s);
558
559 s->state = BT_CLOSED;
560
561 /* Close all dlcs */
562 list_for_each_safe(p, n, &s->dlcs) {
563 d = list_entry(p, struct rfcomm_dlc, list);
564 d->state = BT_CLOSED;
565 __rfcomm_dlc_close(d, err);
566 }
567
568 rfcomm_session_put(s);
569}
570
571static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
572{
573 struct rfcomm_session *s = NULL;
574 struct sockaddr_l2 addr;
575 struct socket *sock;
576 struct sock *sk;
577
578 BT_DBG("%s %s", batostr(src), batostr(dst));
579
580 *err = rfcomm_l2sock_create(&sock);
581 if (*err < 0)
582 return NULL;
583
584 bacpy(&addr.l2_bdaddr, src);
585 addr.l2_family = AF_BLUETOOTH;
586 addr.l2_psm = 0;
587 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
588 if (*err < 0)
589 goto failed;
590
591 /* Set L2CAP options */
592 sk = sock->sk;
593 lock_sock(sk);
594 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
595 release_sock(sk);
596
597 s = rfcomm_session_add(sock, BT_BOUND);
598 if (!s) {
599 *err = -ENOMEM;
600 goto failed;
601 }
602
603 rfcomm_session_hold(s);
604
605 s->initiator = 1;
606
607 bacpy(&addr.l2_bdaddr, dst);
608 addr.l2_family = AF_BLUETOOTH;
609 addr.l2_psm = htobs(RFCOMM_PSM);
610 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
611 if (*err == 0 || *err == -EAGAIN)
612 return s;
613
614 rfcomm_session_del(s);
615 return NULL;
616
617failed:
618 sock_release(sock);
619 return NULL;
620}
621
622void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
623{
624 struct sock *sk = s->sock->sk;
625 if (src)
626 bacpy(src, &bt_sk(sk)->src);
627 if (dst)
628 bacpy(dst, &bt_sk(sk)->dst);
629}
630
631/* ---- RFCOMM frame sending ---- */
632static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
633{
634 struct socket *sock = s->sock;
635 struct kvec iv = { data, len };
636 struct msghdr msg;
637
638 BT_DBG("session %p len %d", s, len);
639
640 memset(&msg, 0, sizeof(msg));
641
642 return kernel_sendmsg(sock, &msg, &iv, 1, len);
643}
644
645static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
646{
647 struct rfcomm_cmd cmd;
648
649 BT_DBG("%p dlci %d", s, dlci);
650
651 cmd.addr = __addr(s->initiator, dlci);
652 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
653 cmd.len = __len8(0);
654 cmd.fcs = __fcs2((u8 *) &cmd);
655
656 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
657}
658
659static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
660{
661 struct rfcomm_cmd cmd;
662
663 BT_DBG("%p dlci %d", s, dlci);
664
665 cmd.addr = __addr(!s->initiator, dlci);
666 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
667 cmd.len = __len8(0);
668 cmd.fcs = __fcs2((u8 *) &cmd);
669
670 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
671}
672
673static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
674{
675 struct rfcomm_cmd cmd;
676
677 BT_DBG("%p dlci %d", s, dlci);
678
679 cmd.addr = __addr(s->initiator, dlci);
680 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
681 cmd.len = __len8(0);
682 cmd.fcs = __fcs2((u8 *) &cmd);
683
684 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
685}
686
687static int rfcomm_queue_disc(struct rfcomm_dlc *d)
688{
689 struct rfcomm_cmd *cmd;
690 struct sk_buff *skb;
691
692 BT_DBG("dlc %p dlci %d", d, d->dlci);
693
694 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
695 if (!skb)
696 return -ENOMEM;
697
698 cmd = (void *) __skb_put(skb, sizeof(*cmd));
699 cmd->addr = d->addr;
700 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
701 cmd->len = __len8(0);
702 cmd->fcs = __fcs2((u8 *) cmd);
703
704 skb_queue_tail(&d->tx_queue, skb);
705 rfcomm_schedule(RFCOMM_SCHED_TX);
706 return 0;
707}
708
709static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
710{
711 struct rfcomm_cmd cmd;
712
713 BT_DBG("%p dlci %d", s, dlci);
714
715 cmd.addr = __addr(!s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
717 cmd.len = __len8(0);
718 cmd.fcs = __fcs2((u8 *) &cmd);
719
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
721}
722
723static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
724{
725 struct rfcomm_hdr *hdr;
726 struct rfcomm_mcc *mcc;
727 u8 buf[16], *ptr = buf;
728
729 BT_DBG("%p cr %d type %d", s, cr, type);
730
731 hdr = (void *) ptr; ptr += sizeof(*hdr);
732 hdr->addr = __addr(s->initiator, 0);
733 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
734 hdr->len = __len8(sizeof(*mcc) + 1);
735
736 mcc = (void *) ptr; ptr += sizeof(*mcc);
737 mcc->type = __mcc_type(cr, RFCOMM_NSC);
738 mcc->len = __len8(1);
739
740 /* Type that we didn't like */
741 *ptr = __mcc_type(cr, type); ptr++;
742
743 *ptr = __fcs(buf); ptr++;
744
745 return rfcomm_send_frame(s, buf, ptr - buf);
746}
747
748static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
749{
750 struct rfcomm_hdr *hdr;
751 struct rfcomm_mcc *mcc;
752 struct rfcomm_pn *pn;
753 u8 buf[16], *ptr = buf;
754
755 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
756
757 hdr = (void *) ptr; ptr += sizeof(*hdr);
758 hdr->addr = __addr(s->initiator, 0);
759 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
760 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
761
762 mcc = (void *) ptr; ptr += sizeof(*mcc);
763 mcc->type = __mcc_type(cr, RFCOMM_PN);
764 mcc->len = __len8(sizeof(*pn));
765
766 pn = (void *) ptr; ptr += sizeof(*pn);
767 pn->dlci = d->dlci;
768 pn->priority = d->priority;
769 pn->ack_timer = 0;
770 pn->max_retrans = 0;
771
772 if (s->cfc) {
773 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
774 pn->credits = RFCOMM_DEFAULT_CREDITS;
775 } else {
776 pn->flow_ctrl = 0;
777 pn->credits = 0;
778 }
779
780 pn->mtu = htobs(d->mtu);
781
782 *ptr = __fcs(buf); ptr++;
783
784 return rfcomm_send_frame(s, buf, ptr - buf);
785}
786
787static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
788 u8 bit_rate, u8 data_bits, u8 stop_bits,
789 u8 parity, u8 flow_ctrl_settings,
790 u8 xon_char, u8 xoff_char, u16 param_mask)
791{
792 struct rfcomm_hdr *hdr;
793 struct rfcomm_mcc *mcc;
794 struct rfcomm_rpn *rpn;
795 u8 buf[16], *ptr = buf;
796
797 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
798 "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
799 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
800 flow_ctrl_settings, xon_char, xoff_char, param_mask);
801
802 hdr = (void *) ptr; ptr += sizeof(*hdr);
803 hdr->addr = __addr(s->initiator, 0);
804 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
805 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
806
807 mcc = (void *) ptr; ptr += sizeof(*mcc);
808 mcc->type = __mcc_type(cr, RFCOMM_RPN);
809 mcc->len = __len8(sizeof(*rpn));
810
811 rpn = (void *) ptr; ptr += sizeof(*rpn);
812 rpn->dlci = __addr(1, dlci);
813 rpn->bit_rate = bit_rate;
814 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
815 rpn->flow_ctrl = flow_ctrl_settings;
816 rpn->xon_char = xon_char;
817 rpn->xoff_char = xoff_char;
818 rpn->param_mask = param_mask;
819
820 *ptr = __fcs(buf); ptr++;
821
822 return rfcomm_send_frame(s, buf, ptr - buf);
823}
824
825static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
826{
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rls *rls;
830 u8 buf[16], *ptr = buf;
831
832 BT_DBG("%p cr %d status 0x%x", s, cr, status);
833
834 hdr = (void *) ptr; ptr += sizeof(*hdr);
835 hdr->addr = __addr(s->initiator, 0);
836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
838
839 mcc = (void *) ptr; ptr += sizeof(*mcc);
840 mcc->type = __mcc_type(cr, RFCOMM_RLS);
841 mcc->len = __len8(sizeof(*rls));
842
843 rls = (void *) ptr; ptr += sizeof(*rls);
844 rls->dlci = __addr(1, dlci);
845 rls->status = status;
846
847 *ptr = __fcs(buf); ptr++;
848
849 return rfcomm_send_frame(s, buf, ptr - buf);
850}
851
852static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
853{
854 struct rfcomm_hdr *hdr;
855 struct rfcomm_mcc *mcc;
856 struct rfcomm_msc *msc;
857 u8 buf[16], *ptr = buf;
858
859 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
860
861 hdr = (void *) ptr; ptr += sizeof(*hdr);
862 hdr->addr = __addr(s->initiator, 0);
863 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
864 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
865
866 mcc = (void *) ptr; ptr += sizeof(*mcc);
867 mcc->type = __mcc_type(cr, RFCOMM_MSC);
868 mcc->len = __len8(sizeof(*msc));
869
870 msc = (void *) ptr; ptr += sizeof(*msc);
871 msc->dlci = __addr(1, dlci);
872 msc->v24_sig = v24_sig | 0x01;
873
874 *ptr = __fcs(buf); ptr++;
875
876 return rfcomm_send_frame(s, buf, ptr - buf);
877}
878
879static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
880{
881 struct rfcomm_hdr *hdr;
882 struct rfcomm_mcc *mcc;
883 u8 buf[16], *ptr = buf;
884
885 BT_DBG("%p cr %d", s, cr);
886
887 hdr = (void *) ptr; ptr += sizeof(*hdr);
888 hdr->addr = __addr(s->initiator, 0);
889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890 hdr->len = __len8(sizeof(*mcc));
891
892 mcc = (void *) ptr; ptr += sizeof(*mcc);
893 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
894 mcc->len = __len8(0);
895
896 *ptr = __fcs(buf); ptr++;
897
898 return rfcomm_send_frame(s, buf, ptr - buf);
899}
900
901static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
902{
903 struct rfcomm_hdr *hdr;
904 struct rfcomm_mcc *mcc;
905 u8 buf[16], *ptr = buf;
906
907 BT_DBG("%p cr %d", s, cr);
908
909 hdr = (void *) ptr; ptr += sizeof(*hdr);
910 hdr->addr = __addr(s->initiator, 0);
911 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912 hdr->len = __len8(sizeof(*mcc));
913
914 mcc = (void *) ptr; ptr += sizeof(*mcc);
915 mcc->type = __mcc_type(cr, RFCOMM_FCON);
916 mcc->len = __len8(0);
917
918 *ptr = __fcs(buf); ptr++;
919
920 return rfcomm_send_frame(s, buf, ptr - buf);
921}
922
923static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
924{
925 struct socket *sock = s->sock;
926 struct kvec iv[3];
927 struct msghdr msg;
928 unsigned char hdr[5], crc[1];
929
930 if (len > 125)
931 return -EINVAL;
932
933 BT_DBG("%p cr %d", s, cr);
934
935 hdr[0] = __addr(s->initiator, 0);
936 hdr[1] = __ctrl(RFCOMM_UIH, 0);
937 hdr[2] = 0x01 | ((len + 2) << 1);
938 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
939 hdr[4] = 0x01 | (len << 1);
940
941 crc[0] = __fcs(hdr);
942
943 iv[0].iov_base = hdr;
944 iv[0].iov_len = 5;
945 iv[1].iov_base = pattern;
946 iv[1].iov_len = len;
947 iv[2].iov_base = crc;
948 iv[2].iov_len = 1;
949
950 memset(&msg, 0, sizeof(msg));
951
952 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
953}
954
955static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
956{
957 struct rfcomm_hdr *hdr;
958 u8 buf[16], *ptr = buf;
959
960 BT_DBG("%p addr %d credits %d", s, addr, credits);
961
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = addr;
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
965 hdr->len = __len8(0);
966
967 *ptr = credits; ptr++;
968
969 *ptr = __fcs(buf); ptr++;
970
971 return rfcomm_send_frame(s, buf, ptr - buf);
972}
973
974static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
975{
976 struct rfcomm_hdr *hdr;
977 int len = skb->len;
978 u8 *crc;
979
980 if (len > 127) {
981 hdr = (void *) skb_push(skb, 4);
982 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
983 } else {
984 hdr = (void *) skb_push(skb, 3);
985 hdr->len = __len8(len);
986 }
987 hdr->addr = addr;
988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
989
990 crc = skb_put(skb, 1);
991 *crc = __fcs((void *) hdr);
992}
993
994/* ---- RFCOMM frame reception ---- */
995static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
996{
997 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
998
999 if (dlci) {
1000 /* Data channel */
1001 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1002 if (!d) {
1003 rfcomm_send_dm(s, dlci);
1004 return 0;
1005 }
1006
1007 switch (d->state) {
1008 case BT_CONNECT:
1009 rfcomm_dlc_clear_timer(d);
1010
1011 rfcomm_dlc_lock(d);
1012 d->state = BT_CONNECTED;
1013 d->state_change(d, 0);
1014 rfcomm_dlc_unlock(d);
1015
1016 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1017 break;
1018
1019 case BT_DISCONN:
1020 d->state = BT_CLOSED;
1021 __rfcomm_dlc_close(d, 0);
1022 break;
1023 }
1024 } else {
1025 /* Control channel */
1026 switch (s->state) {
1027 case BT_CONNECT:
1028 s->state = BT_CONNECTED;
1029 rfcomm_process_connect(s);
1030 break;
1031 }
1032 }
1033 return 0;
1034}
1035
1036static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1037{
1038 int err = 0;
1039
1040 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1041
1042 if (dlci) {
1043 /* Data DLC */
1044 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1045 if (d) {
1046 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1047 err = ECONNREFUSED;
1048 else
1049 err = ECONNRESET;
1050
1051 d->state = BT_CLOSED;
1052 __rfcomm_dlc_close(d, err);
1053 }
1054 } else {
1055 if (s->state == BT_CONNECT)
1056 err = ECONNREFUSED;
1057 else
1058 err = ECONNRESET;
1059
1060 s->state = BT_CLOSED;
1061 rfcomm_session_close(s, err);
1062 }
1063 return 0;
1064}
1065
1066static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1067{
1068 int err = 0;
1069
1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1071
1072 if (dlci) {
1073 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1074 if (d) {
1075 rfcomm_send_ua(s, dlci);
1076
1077 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1078 err = ECONNREFUSED;
1079 else
1080 err = ECONNRESET;
1081
1082 d->state = BT_CLOSED;
1083 __rfcomm_dlc_close(d, err);
1084 } else
1085 rfcomm_send_dm(s, dlci);
1086
1087 } else {
1088 rfcomm_send_ua(s, 0);
1089
1090 if (s->state == BT_CONNECT)
1091 err = ECONNREFUSED;
1092 else
1093 err = ECONNRESET;
1094
1095 s->state = BT_CLOSED;
1096 rfcomm_session_close(s, err);
1097 }
1098
1099 return 0;
1100}
1101
1102static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1103{
1104 struct sock *sk = d->session->sock->sk;
1105
1106 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1107 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1108 return 1;
1109 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1110 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1111 return 1;
1112 }
1113
1114 return 0;
1115}
1116
1117static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1118{
1119 BT_DBG("dlc %p", d);
1120
1121 rfcomm_send_ua(d->session, d->dlci);
1122
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1127
1128 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1129}
1130
1131static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1132{
1133 struct rfcomm_dlc *d;
1134 u8 channel;
1135
1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1137
1138 if (!dlci) {
1139 rfcomm_send_ua(s, 0);
1140
1141 if (s->state == BT_OPEN) {
1142 s->state = BT_CONNECTED;
1143 rfcomm_process_connect(s);
1144 }
1145 return 0;
1146 }
1147
1148 /* Check if DLC exists */
1149 d = rfcomm_dlc_get(s, dlci);
1150 if (d) {
1151 if (d->state == BT_OPEN) {
1152 /* DLC was previously opened by PN request */
1153 if (rfcomm_check_link_mode(d)) {
1154 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1155 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1156 return 0;
1157 }
1158
1159 rfcomm_dlc_accept(d);
1160 }
1161 return 0;
1162 }
1163
1164 /* Notify socket layer about incoming connection */
1165 channel = __srv_channel(dlci);
1166 if (rfcomm_connect_ind(s, channel, &d)) {
1167 d->dlci = dlci;
1168 d->addr = __addr(s->initiator, dlci);
1169 rfcomm_dlc_link(s, d);
1170
1171 if (rfcomm_check_link_mode(d)) {
1172 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1173 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1174 return 0;
1175 }
1176
1177 rfcomm_dlc_accept(d);
1178 } else {
1179 rfcomm_send_dm(s, dlci);
1180 }
1181
1182 return 0;
1183}
1184
1185static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1186{
1187 struct rfcomm_session *s = d->session;
1188
1189 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1190 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1191
1192 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1193 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1194 d->tx_credits = pn->credits;
1195 } else {
1196 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1197 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1198 }
1199
1200 d->priority = pn->priority;
1201
1202 d->mtu = s->mtu = btohs(pn->mtu);
1203
1204 return 0;
1205}
1206
1207static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1208{
1209 struct rfcomm_pn *pn = (void *) skb->data;
1210 struct rfcomm_dlc *d;
1211 u8 dlci = pn->dlci;
1212
1213 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1214
1215 if (!dlci)
1216 return 0;
1217
1218 d = rfcomm_dlc_get(s, dlci);
1219 if (d) {
1220 if (cr) {
1221 /* PN request */
1222 rfcomm_apply_pn(d, cr, pn);
1223 rfcomm_send_pn(s, 0, d);
1224 } else {
1225 /* PN response */
1226 switch (d->state) {
1227 case BT_CONFIG:
1228 rfcomm_apply_pn(d, cr, pn);
1229
1230 d->state = BT_CONNECT;
1231 rfcomm_send_sabm(s, d->dlci);
1232 break;
1233 }
1234 }
1235 } else {
1236 u8 channel = __srv_channel(dlci);
1237
1238 if (!cr)
1239 return 0;
1240
1241 /* PN request for non existing DLC.
1242 * Assume incoming connection. */
1243 if (rfcomm_connect_ind(s, channel, &d)) {
1244 d->dlci = dlci;
1245 d->addr = __addr(s->initiator, dlci);
1246 rfcomm_dlc_link(s, d);
1247
1248 rfcomm_apply_pn(d, cr, pn);
1249
1250 d->state = BT_OPEN;
1251 rfcomm_send_pn(s, 0, d);
1252 } else {
1253 rfcomm_send_dm(s, dlci);
1254 }
1255 }
1256 return 0;
1257}
1258
1259static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1260{
1261 struct rfcomm_rpn *rpn = (void *) skb->data;
1262 u8 dlci = __get_dlci(rpn->dlci);
1263
1264 u8 bit_rate = 0;
1265 u8 data_bits = 0;
1266 u8 stop_bits = 0;
1267 u8 parity = 0;
1268 u8 flow_ctrl = 0;
1269 u8 xon_char = 0;
1270 u8 xoff_char = 0;
1271 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1272
1273 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1274 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1275 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1276
1277 if (!cr)
1278 return 0;
1279
1280 if (len == 1) {
1281 /* request: return default setting */
1282 bit_rate = RFCOMM_RPN_BR_115200;
1283 data_bits = RFCOMM_RPN_DATA_8;
1284 stop_bits = RFCOMM_RPN_STOP_1;
1285 parity = RFCOMM_RPN_PARITY_NONE;
1286 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1287 xon_char = RFCOMM_RPN_XON_CHAR;
1288 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1289
1290 goto rpn_out;
1291 }
1292 /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1293 no flow control lines, normal XON/XOFF chars */
1294 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1295 bit_rate = rpn->bit_rate;
1296 if (bit_rate != RFCOMM_RPN_BR_115200) {
1297 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1298 bit_rate = RFCOMM_RPN_BR_115200;
1299 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1300 }
1301 }
1302 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1303 data_bits = __get_rpn_data_bits(rpn->line_settings);
1304 if (data_bits != RFCOMM_RPN_DATA_8) {
1305 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1306 data_bits = RFCOMM_RPN_DATA_8;
1307 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1308 }
1309 }
1310 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1311 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1312 if (stop_bits != RFCOMM_RPN_STOP_1) {
1313 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1314 stop_bits = RFCOMM_RPN_STOP_1;
1315 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1316 }
1317 }
1318 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1319 parity = __get_rpn_parity(rpn->line_settings);
1320 if (parity != RFCOMM_RPN_PARITY_NONE) {
1321 BT_DBG("RPN parity mismatch 0x%x", parity);
1322 parity = RFCOMM_RPN_PARITY_NONE;
1323 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1324 }
1325 }
1326 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1327 flow_ctrl = rpn->flow_ctrl;
1328 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1329 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1330 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1331 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1332 }
1333 }
1334 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1335 xon_char = rpn->xon_char;
1336 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1337 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1338 xon_char = RFCOMM_RPN_XON_CHAR;
1339 rpn_mask ^= RFCOMM_RPN_PM_XON;
1340 }
1341 }
1342 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1343 xoff_char = rpn->xoff_char;
1344 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1345 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1346 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1347 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1348 }
1349 }
1350
1351rpn_out:
1352 rfcomm_send_rpn(s, 0, dlci,
1353 bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1354 xon_char, xoff_char, rpn_mask);
1355
1356 return 0;
1357}
1358
1359static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1360{
1361 struct rfcomm_rls *rls = (void *) skb->data;
1362 u8 dlci = __get_dlci(rls->dlci);
1363
1364 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1365
1366 if (!cr)
1367 return 0;
1368
1369 /* FIXME: We should probably do something with this
1370 information here. But for now it's sufficient just
1371 to reply -- Bluetooth 1.1 says it's mandatory to
1372 recognise and respond to RLS */
1373
1374 rfcomm_send_rls(s, 0, dlci, rls->status);
1375
1376 return 0;
1377}
1378
1379static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1380{
1381 struct rfcomm_msc *msc = (void *) skb->data;
1382 struct rfcomm_dlc *d;
1383 u8 dlci = __get_dlci(msc->dlci);
1384
1385 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1386
1387 d = rfcomm_dlc_get(s, dlci);
1388 if (!d)
1389 return 0;
1390
1391 if (cr) {
1392 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1393 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1394 else
1395 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1396
1397 rfcomm_dlc_lock(d);
1398 if (d->modem_status)
1399 d->modem_status(d, msc->v24_sig);
1400 rfcomm_dlc_unlock(d);
1401
1402 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1403
1404 d->mscex |= RFCOMM_MSCEX_RX;
1405 } else
1406 d->mscex |= RFCOMM_MSCEX_TX;
1407
1408 return 0;
1409}
1410
1411static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1412{
1413 struct rfcomm_mcc *mcc = (void *) skb->data;
1414 u8 type, cr, len;
1415
1416 cr = __test_cr(mcc->type);
1417 type = __get_mcc_type(mcc->type);
1418 len = __get_mcc_len(mcc->len);
1419
1420 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1421
1422 skb_pull(skb, 2);
1423
1424 switch (type) {
1425 case RFCOMM_PN:
1426 rfcomm_recv_pn(s, cr, skb);
1427 break;
1428
1429 case RFCOMM_RPN:
1430 rfcomm_recv_rpn(s, cr, len, skb);
1431 break;
1432
1433 case RFCOMM_RLS:
1434 rfcomm_recv_rls(s, cr, skb);
1435 break;
1436
1437 case RFCOMM_MSC:
1438 rfcomm_recv_msc(s, cr, skb);
1439 break;
1440
1441 case RFCOMM_FCOFF:
1442 if (cr) {
1443 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1444 rfcomm_send_fcoff(s, 0);
1445 }
1446 break;
1447
1448 case RFCOMM_FCON:
1449 if (cr) {
1450 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1451 rfcomm_send_fcon(s, 0);
1452 }
1453 break;
1454
1455 case RFCOMM_TEST:
1456 if (cr)
1457 rfcomm_send_test(s, 0, skb->data, skb->len);
1458 break;
1459
1460 case RFCOMM_NSC:
1461 break;
1462
1463 default:
1464 BT_ERR("Unknown control type 0x%02x", type);
1465 rfcomm_send_nsc(s, cr, type);
1466 break;
1467 }
1468 return 0;
1469}
1470
1471static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1472{
1473 struct rfcomm_dlc *d;
1474
1475 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1476
1477 d = rfcomm_dlc_get(s, dlci);
1478 if (!d) {
1479 rfcomm_send_dm(s, dlci);
1480 goto drop;
1481 }
1482
1483 if (pf && d->cfc) {
1484 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1485
1486 d->tx_credits += credits;
1487 if (d->tx_credits)
1488 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1489 }
1490
1491 if (skb->len && d->state == BT_CONNECTED) {
1492 rfcomm_dlc_lock(d);
1493 d->rx_credits--;
1494 d->data_ready(d, skb);
1495 rfcomm_dlc_unlock(d);
1496 return 0;
1497 }
1498
1499drop:
1500 kfree_skb(skb);
1501 return 0;
1502}
1503
1504static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1505{
1506 struct rfcomm_hdr *hdr = (void *) skb->data;
1507 u8 type, dlci, fcs;
1508
1509 dlci = __get_dlci(hdr->addr);
1510 type = __get_type(hdr->ctrl);
1511
1512 /* Trim FCS */
1513 skb->len--; skb->tail--;
1514 fcs = *(u8 *) skb->tail;
1515
1516 if (__check_fcs(skb->data, type, fcs)) {
1517 BT_ERR("bad checksum in packet");
1518 kfree_skb(skb);
1519 return -EILSEQ;
1520 }
1521
1522 if (__test_ea(hdr->len))
1523 skb_pull(skb, 3);
1524 else
1525 skb_pull(skb, 4);
1526
1527 switch (type) {
1528 case RFCOMM_SABM:
1529 if (__test_pf(hdr->ctrl))
1530 rfcomm_recv_sabm(s, dlci);
1531 break;
1532
1533 case RFCOMM_DISC:
1534 if (__test_pf(hdr->ctrl))
1535 rfcomm_recv_disc(s, dlci);
1536 break;
1537
1538 case RFCOMM_UA:
1539 if (__test_pf(hdr->ctrl))
1540 rfcomm_recv_ua(s, dlci);
1541 break;
1542
1543 case RFCOMM_DM:
1544 rfcomm_recv_dm(s, dlci);
1545 break;
1546
1547 case RFCOMM_UIH:
1548 if (dlci)
1549 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1550
1551 rfcomm_recv_mcc(s, skb);
1552 break;
1553
1554 default:
1555 BT_ERR("Unknown packet type 0x%02x\n", type);
1556 break;
1557 }
1558 kfree_skb(skb);
1559 return 0;
1560}
1561
1562/* ---- Connection and data processing ---- */
1563
1564static void rfcomm_process_connect(struct rfcomm_session *s)
1565{
1566 struct rfcomm_dlc *d;
1567 struct list_head *p, *n;
1568
1569 BT_DBG("session %p state %ld", s, s->state);
1570
1571 list_for_each_safe(p, n, &s->dlcs) {
1572 d = list_entry(p, struct rfcomm_dlc, list);
1573 if (d->state == BT_CONFIG) {
1574 d->mtu = s->mtu;
1575 rfcomm_send_pn(s, 1, d);
1576 }
1577 }
1578}
1579
1580/* Send data queued for the DLC.
1581 * Return number of frames left in the queue.
1582 */
1583static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1584{
1585 struct sk_buff *skb;
1586 int err;
1587
1588 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1589 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1590
1591 /* Send pending MSC */
1592 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1593 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1594
1595 if (d->cfc) {
1596 /* CFC enabled.
1597 * Give them some credits */
1598 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1599 d->rx_credits <= (d->cfc >> 2)) {
1600 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1601 d->rx_credits = d->cfc;
1602 }
1603 } else {
1604 /* CFC disabled.
1605 * Give ourselves some credits */
1606 d->tx_credits = 5;
1607 }
1608
1609 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1610 return skb_queue_len(&d->tx_queue);
1611
1612 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1613 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1614 if (err < 0) {
1615 skb_queue_head(&d->tx_queue, skb);
1616 break;
1617 }
1618 kfree_skb(skb);
1619 d->tx_credits--;
1620 }
1621
1622 if (d->cfc && !d->tx_credits) {
1623 /* We're out of TX credits.
1624 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1625 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1626 }
1627
1628 return skb_queue_len(&d->tx_queue);
1629}
1630
1631static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1632{
1633 struct rfcomm_dlc *d;
1634 struct list_head *p, *n;
1635
1636 BT_DBG("session %p state %ld", s, s->state);
1637
1638 list_for_each_safe(p, n, &s->dlcs) {
1639 d = list_entry(p, struct rfcomm_dlc, list);
1640
1641 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1642 __rfcomm_dlc_close(d, ETIMEDOUT);
1643 continue;
1644 }
1645
1646 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1647 rfcomm_dlc_clear_timer(d);
1648 rfcomm_dlc_accept(d);
1649 if (d->link_mode & RFCOMM_LM_SECURE) {
1650 struct sock *sk = s->sock->sk;
1651 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1652 }
1653 continue;
1654 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1655 rfcomm_dlc_clear_timer(d);
1656 rfcomm_send_dm(s, d->dlci);
1657 __rfcomm_dlc_close(d, ECONNREFUSED);
1658 continue;
1659 }
1660
1661 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1662 continue;
1663
1664 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1665 d->mscex == RFCOMM_MSCEX_OK)
1666 rfcomm_process_tx(d);
1667 }
1668}
1669
1670static inline void rfcomm_process_rx(struct rfcomm_session *s)
1671{
1672 struct socket *sock = s->sock;
1673 struct sock *sk = sock->sk;
1674 struct sk_buff *skb;
1675
1676 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1677
1678 /* Get data directly from socket receive queue without copying it. */
1679 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1680 skb_orphan(skb);
1681 rfcomm_recv_frame(s, skb);
1682 }
1683
1684 if (sk->sk_state == BT_CLOSED) {
1685 if (!s->initiator)
1686 rfcomm_session_put(s);
1687
1688 rfcomm_session_close(s, sk->sk_err);
1689 }
1690}
1691
1692static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1693{
1694 struct socket *sock = s->sock, *nsock;
1695 int err;
1696
1697 /* Fast check for a new connection.
1698 * Avoids unnesesary socket allocations. */
1699 if (list_empty(&bt_sk(sock->sk)->accept_q))
1700 return;
1701
1702 BT_DBG("session %p", s);
1703
1704 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1705 return;
1706
1707 nsock->ops = sock->ops;
1708
1709 __module_get(nsock->ops->owner);
1710
1711 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1712 if (err < 0) {
1713 sock_release(nsock);
1714 return;
1715 }
1716
1717 /* Set our callbacks */
1718 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1719 nsock->sk->sk_state_change = rfcomm_l2state_change;
1720
1721 s = rfcomm_session_add(nsock, BT_OPEN);
1722 if (s) {
1723 rfcomm_session_hold(s);
1724 rfcomm_schedule(RFCOMM_SCHED_RX);
1725 } else
1726 sock_release(nsock);
1727}
1728
1729static inline void rfcomm_check_connection(struct rfcomm_session *s)
1730{
1731 struct sock *sk = s->sock->sk;
1732
1733 BT_DBG("%p state %ld", s, s->state);
1734
1735 switch(sk->sk_state) {
1736 case BT_CONNECTED:
1737 s->state = BT_CONNECT;
1738
1739 /* We can adjust MTU on outgoing sessions.
1740 * L2CAP MTU minus UIH header and FCS. */
1741 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1742
1743 rfcomm_send_sabm(s, 0);
1744 break;
1745
1746 case BT_CLOSED:
1747 s->state = BT_CLOSED;
1748 rfcomm_session_close(s, sk->sk_err);
1749 break;
1750 }
1751}
1752
1753static inline void rfcomm_process_sessions(void)
1754{
1755 struct list_head *p, *n;
1756
1757 rfcomm_lock();
1758
1759 list_for_each_safe(p, n, &session_list) {
1760 struct rfcomm_session *s;
1761 s = list_entry(p, struct rfcomm_session, list);
1762
1763 if (s->state == BT_LISTEN) {
1764 rfcomm_accept_connection(s);
1765 continue;
1766 }
1767
1768 rfcomm_session_hold(s);
1769
1770 switch (s->state) {
1771 case BT_BOUND:
1772 rfcomm_check_connection(s);
1773 break;
1774
1775 default:
1776 rfcomm_process_rx(s);
1777 break;
1778 }
1779
1780 rfcomm_process_dlcs(s);
1781
1782 rfcomm_session_put(s);
1783 }
1784
1785 rfcomm_unlock();
1786}
1787
1788static void rfcomm_worker(void)
1789{
1790 BT_DBG("");
1791
1792 while (!atomic_read(&terminate)) {
1793 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1794 /* No pending events. Let's sleep.
1795 * Incoming connections and data will wake us up. */
1796 set_current_state(TASK_INTERRUPTIBLE);
1797 schedule();
1798 }
1799
1800 /* Process stuff */
1801 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1802 rfcomm_process_sessions();
1803 }
1804 set_current_state(TASK_RUNNING);
1805 return;
1806}
1807
1808static int rfcomm_add_listener(bdaddr_t *ba)
1809{
1810 struct sockaddr_l2 addr;
1811 struct socket *sock;
1812 struct sock *sk;
1813 struct rfcomm_session *s;
1814 int err = 0;
1815
1816 /* Create socket */
1817 err = rfcomm_l2sock_create(&sock);
1818 if (err < 0) {
1819 BT_ERR("Create socket failed %d", err);
1820 return err;
1821 }
1822
1823 /* Bind socket */
1824 bacpy(&addr.l2_bdaddr, ba);
1825 addr.l2_family = AF_BLUETOOTH;
1826 addr.l2_psm = htobs(RFCOMM_PSM);
1827 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1828 if (err < 0) {
1829 BT_ERR("Bind failed %d", err);
1830 goto failed;
1831 }
1832
1833 /* Set L2CAP options */
1834 sk = sock->sk;
1835 lock_sock(sk);
1836 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1837 release_sock(sk);
1838
1839 /* Start listening on the socket */
1840 err = sock->ops->listen(sock, 10);
1841 if (err) {
1842 BT_ERR("Listen failed %d", err);
1843 goto failed;
1844 }
1845
1846 /* Add listening session */
1847 s = rfcomm_session_add(sock, BT_LISTEN);
1848 if (!s)
1849 goto failed;
1850
1851 rfcomm_session_hold(s);
1852 return 0;
1853failed:
1854 sock_release(sock);
1855 return err;
1856}
1857
1858static void rfcomm_kill_listener(void)
1859{
1860 struct rfcomm_session *s;
1861 struct list_head *p, *n;
1862
1863 BT_DBG("");
1864
1865 list_for_each_safe(p, n, &session_list) {
1866 s = list_entry(p, struct rfcomm_session, list);
1867 rfcomm_session_del(s);
1868 }
1869}
1870
1871static int rfcomm_run(void *unused)
1872{
1873 rfcomm_thread = current;
1874
1875 atomic_inc(&running);
1876
1877 daemonize("krfcommd");
1878 set_user_nice(current, -10);
1879 current->flags |= PF_NOFREEZE;
1880
1881 BT_DBG("");
1882
1883 rfcomm_add_listener(BDADDR_ANY);
1884
1885 rfcomm_worker();
1886
1887 rfcomm_kill_listener();
1888
1889 atomic_dec(&running);
1890 return 0;
1891}
1892
1893static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1894{
1895 struct rfcomm_session *s;
1896 struct rfcomm_dlc *d;
1897 struct list_head *p, *n;
1898
1899 BT_DBG("conn %p status 0x%02x", conn, status);
1900
1901 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1902 if (!s)
1903 return;
1904
1905 rfcomm_session_hold(s);
1906
1907 list_for_each_safe(p, n, &s->dlcs) {
1908 d = list_entry(p, struct rfcomm_dlc, list);
1909
1910 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1911 continue;
1912
1913 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1914 continue;
1915
1916 if (!status)
1917 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1918 else
1919 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1920 }
1921
1922 rfcomm_session_put(s);
1923
1924 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1925}
1926
1927static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1928{
1929 struct rfcomm_session *s;
1930 struct rfcomm_dlc *d;
1931 struct list_head *p, *n;
1932
1933 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1934
1935 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1936 if (!s)
1937 return;
1938
1939 rfcomm_session_hold(s);
1940
1941 list_for_each_safe(p, n, &s->dlcs) {
1942 d = list_entry(p, struct rfcomm_dlc, list);
1943
1944 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1945 continue;
1946
1947 if (!status && encrypt)
1948 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1949 else
1950 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1951 }
1952
1953 rfcomm_session_put(s);
1954
1955 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1956}
1957
1958static struct hci_cb rfcomm_cb = {
1959 .name = "RFCOMM",
1960 .auth_cfm = rfcomm_auth_cfm,
1961 .encrypt_cfm = rfcomm_encrypt_cfm
1962};
1963
1964/* ---- Proc fs support ---- */
1965#ifdef CONFIG_PROC_FS
1966static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1967{
1968 struct rfcomm_session *s;
1969 struct list_head *pp, *p;
1970 loff_t l = *pos;
1971
1972 rfcomm_lock();
1973
1974 list_for_each(p, &session_list) {
1975 s = list_entry(p, struct rfcomm_session, list);
1976 list_for_each(pp, &s->dlcs)
1977 if (!l--) {
1978 seq->private = s;
1979 return pp;
1980 }
1981 }
1982 return NULL;
1983}
1984
1985static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1986{
1987 struct rfcomm_session *s = seq->private;
1988 struct list_head *pp, *p = e;
1989 (*pos)++;
1990
1991 if (p->next != &s->dlcs)
1992 return p->next;
1993
1994 list_for_each(p, &session_list) {
1995 s = list_entry(p, struct rfcomm_session, list);
1996 __list_for_each(pp, &s->dlcs) {
1997 seq->private = s;
1998 return pp;
1999 }
2000 }
2001 return NULL;
2002}
2003
2004static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2005{
2006 rfcomm_unlock();
2007}
2008
2009static int rfcomm_seq_show(struct seq_file *seq, void *e)
2010{
2011 struct rfcomm_session *s = seq->private;
2012 struct sock *sk = s->sock->sk;
2013 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2014
2015 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018 return 0;
2019}
2020
2021static struct seq_operations rfcomm_seq_ops = {
2022 .start = rfcomm_seq_start,
2023 .next = rfcomm_seq_next,
2024 .stop = rfcomm_seq_stop,
2025 .show = rfcomm_seq_show
2026};
2027
2028static int rfcomm_seq_open(struct inode *inode, struct file *file)
2029{
2030 return seq_open(file, &rfcomm_seq_ops);
2031}
2032
2033static struct file_operations rfcomm_seq_fops = {
2034 .owner = THIS_MODULE,
2035 .open = rfcomm_seq_open,
2036 .read = seq_read,
2037 .llseek = seq_lseek,
2038 .release = seq_release,
2039};
2040
2041static int __init rfcomm_proc_init(void)
2042{
2043 struct proc_dir_entry *p;
2044
2045 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2046 if (proc_bt_rfcomm) {
2047 proc_bt_rfcomm->owner = THIS_MODULE;
2048
2049 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2050 if (p)
2051 p->proc_fops = &rfcomm_seq_fops;
2052 }
2053 return 0;
2054}
2055
2056static void __exit rfcomm_proc_cleanup(void)
2057{
2058 remove_proc_entry("dlc", proc_bt_rfcomm);
2059
2060 remove_proc_entry("rfcomm", proc_bt);
2061}
2062
2063#else /* CONFIG_PROC_FS */
2064
2065static int __init rfcomm_proc_init(void)
2066{
2067 return 0;
2068}
2069
2070static void __exit rfcomm_proc_cleanup(void)
2071{
2072 return;
2073}
2074#endif /* CONFIG_PROC_FS */
2075
2076/* ---- Initialization ---- */
2077static int __init rfcomm_init(void)
2078{
2079 l2cap_load();
2080
2081 hci_register_cb(&rfcomm_cb);
2082
2083 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2084
2085 BT_INFO("RFCOMM ver %s", VERSION);
2086
2087 rfcomm_proc_init();
2088
2089 rfcomm_init_sockets();
2090
2091#ifdef CONFIG_BT_RFCOMM_TTY
2092 rfcomm_init_ttys();
2093#endif
2094
2095 return 0;
2096}
2097
2098static void __exit rfcomm_exit(void)
2099{
2100 hci_unregister_cb(&rfcomm_cb);
2101
2102 /* Terminate working thread.
2103 * ie. Set terminate flag and wake it up */
2104 atomic_inc(&terminate);
2105 rfcomm_schedule(RFCOMM_SCHED_STATE);
2106
2107 /* Wait until thread is running */
2108 while (atomic_read(&running))
2109 schedule();
2110
2111#ifdef CONFIG_BT_RFCOMM_TTY
2112 rfcomm_cleanup_ttys();
2113#endif
2114
2115 rfcomm_cleanup_sockets();
2116
2117 rfcomm_proc_cleanup();
2118}
2119
2120module_init(rfcomm_init);
2121module_exit(rfcomm_exit);
2122
2123MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2124MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2125MODULE_VERSION(VERSION);
2126MODULE_LICENSE("GPL");
2127MODULE_ALIAS("bt-proto-3");
diff --git a/net/bluetooth/rfcomm/crc.c b/net/bluetooth/rfcomm/crc.c
new file mode 100644
index 00000000000..1011bc4a869
--- /dev/null
+++ b/net/bluetooth/rfcomm/crc.c
@@ -0,0 +1,71 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM FCS calculation.
26 *
27 * $Id: crc.c,v 1.2 2002/09/21 09:54:32 holtmann Exp $
28 */
29
30/* reversed, 8-bit, poly=0x07 */
31unsigned char rfcomm_crc_table[256] = {
32 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
33 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
34 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
35 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
36
37 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
38 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
39 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
40 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
41
42 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
43 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
44 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
45 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
46
47 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
48 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
49 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
50 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
51
52 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
53 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
54 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
55 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
56
57 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
58 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
59 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
60 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
61
62 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
63 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
64 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
65 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
66
67 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
68 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
69 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
70 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
71};
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
new file mode 100644
index 00000000000..640028a2183
--- /dev/null
+++ b/net/bluetooth/rfcomm/sock.c
@@ -0,0 +1,1010 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 *
27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $
28 */
29
30#include <linux/config.h>
31#include <linux/module.h>
32
33#include <linux/types.h>
34#include <linux/errno.h>
35#include <linux/kernel.h>
36#include <linux/major.h>
37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
45#include <linux/list.h>
46#include <linux/proc_fs.h>
47#include <linux/seq_file.h>
48#include <net/sock.h>
49
50#include <asm/system.h>
51#include <asm/uaccess.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55#include <net/bluetooth/l2cap.h>
56#include <net/bluetooth/rfcomm.h>
57
58#ifndef CONFIG_BT_RFCOMM_DEBUG
59#undef BT_DBG
60#define BT_DBG(D...)
61#endif
62
63static struct proto_ops rfcomm_sock_ops;
64
65static struct bt_sock_list rfcomm_sk_list = {
66 .lock = RW_LOCK_UNLOCKED
67};
68
69static void rfcomm_sock_close(struct sock *sk);
70static void rfcomm_sock_kill(struct sock *sk);
71
72/* ---- DLC callbacks ----
73 *
74 * called under rfcomm_dlc_lock()
75 */
76static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
77{
78 struct sock *sk = d->owner;
79 if (!sk)
80 return;
81
82 atomic_add(skb->len, &sk->sk_rmem_alloc);
83 skb_queue_tail(&sk->sk_receive_queue, skb);
84 sk->sk_data_ready(sk, skb->len);
85
86 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
87 rfcomm_dlc_throttle(d);
88}
89
90static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
91{
92 struct sock *sk = d->owner, *parent;
93 if (!sk)
94 return;
95
96 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
97
98 bh_lock_sock(sk);
99
100 if (err)
101 sk->sk_err = err;
102
103 sk->sk_state = d->state;
104
105 parent = bt_sk(sk)->parent;
106 if (parent) {
107 if (d->state == BT_CLOSED) {
108 sock_set_flag(sk, SOCK_ZAPPED);
109 bt_accept_unlink(sk);
110 }
111 parent->sk_data_ready(parent, 0);
112 } else {
113 if (d->state == BT_CONNECTED)
114 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
115 sk->sk_state_change(sk);
116 }
117
118 bh_unlock_sock(sk);
119
120 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
121 /* We have to drop DLC lock here, otherwise
122 * rfcomm_sock_destruct() will dead lock. */
123 rfcomm_dlc_unlock(d);
124 rfcomm_sock_kill(sk);
125 rfcomm_dlc_lock(d);
126 }
127}
128
129/* ---- Socket functions ---- */
130static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
131{
132 struct sock *sk = NULL;
133 struct hlist_node *node;
134
135 sk_for_each(sk, node, &rfcomm_sk_list.head) {
136 if (rfcomm_pi(sk)->channel == channel &&
137 !bacmp(&bt_sk(sk)->src, src))
138 break;
139 }
140
141 return node ? sk : NULL;
142}
143
144/* Find socket with channel and source bdaddr.
145 * Returns closest match.
146 */
147static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
148{
149 struct sock *sk = NULL, *sk1 = NULL;
150 struct hlist_node *node;
151
152 sk_for_each(sk, node, &rfcomm_sk_list.head) {
153 if (state && sk->sk_state != state)
154 continue;
155
156 if (rfcomm_pi(sk)->channel == channel) {
157 /* Exact match. */
158 if (!bacmp(&bt_sk(sk)->src, src))
159 break;
160
161 /* Closest match */
162 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
163 sk1 = sk;
164 }
165 }
166 return node ? sk : sk1;
167}
168
169/* Find socket with given address (channel, src).
170 * Returns locked socket */
171static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
172{
173 struct sock *s;
174 read_lock(&rfcomm_sk_list.lock);
175 s = __rfcomm_get_sock_by_channel(state, channel, src);
176 if (s) bh_lock_sock(s);
177 read_unlock(&rfcomm_sk_list.lock);
178 return s;
179}
180
181static void rfcomm_sock_destruct(struct sock *sk)
182{
183 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
184
185 BT_DBG("sk %p dlc %p", sk, d);
186
187 skb_queue_purge(&sk->sk_receive_queue);
188 skb_queue_purge(&sk->sk_write_queue);
189
190 rfcomm_dlc_lock(d);
191 rfcomm_pi(sk)->dlc = NULL;
192
193 /* Detach DLC if it's owned by this socket */
194 if (d->owner == sk)
195 d->owner = NULL;
196 rfcomm_dlc_unlock(d);
197
198 rfcomm_dlc_put(d);
199}
200
201static void rfcomm_sock_cleanup_listen(struct sock *parent)
202{
203 struct sock *sk;
204
205 BT_DBG("parent %p", parent);
206
207 /* Close not yet accepted dlcs */
208 while ((sk = bt_accept_dequeue(parent, NULL))) {
209 rfcomm_sock_close(sk);
210 rfcomm_sock_kill(sk);
211 }
212
213 parent->sk_state = BT_CLOSED;
214 sock_set_flag(parent, SOCK_ZAPPED);
215}
216
217/* Kill socket (only if zapped and orphan)
218 * Must be called on unlocked socket.
219 */
220static void rfcomm_sock_kill(struct sock *sk)
221{
222 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
223 return;
224
225 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
226
227 /* Kill poor orphan */
228 bt_sock_unlink(&rfcomm_sk_list, sk);
229 sock_set_flag(sk, SOCK_DEAD);
230 sock_put(sk);
231}
232
233static void __rfcomm_sock_close(struct sock *sk)
234{
235 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
236
237 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
238
239 switch (sk->sk_state) {
240 case BT_LISTEN:
241 rfcomm_sock_cleanup_listen(sk);
242 break;
243
244 case BT_CONNECT:
245 case BT_CONNECT2:
246 case BT_CONFIG:
247 case BT_CONNECTED:
248 rfcomm_dlc_close(d, 0);
249
250 default:
251 sock_set_flag(sk, SOCK_ZAPPED);
252 break;
253 }
254}
255
256/* Close socket.
257 * Must be called on unlocked socket.
258 */
259static void rfcomm_sock_close(struct sock *sk)
260{
261 lock_sock(sk);
262 __rfcomm_sock_close(sk);
263 release_sock(sk);
264}
265
266static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
267{
268 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
269
270 BT_DBG("sk %p", sk);
271
272 if (parent) {
273 sk->sk_type = parent->sk_type;
274 pi->link_mode = rfcomm_pi(parent)->link_mode;
275 } else {
276 pi->link_mode = 0;
277 }
278
279 pi->dlc->link_mode = pi->link_mode;
280}
281
282static struct proto rfcomm_proto = {
283 .name = "RFCOMM",
284 .owner = THIS_MODULE,
285 .obj_size = sizeof(struct rfcomm_pinfo)
286};
287
288static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, int prio)
289{
290 struct rfcomm_dlc *d;
291 struct sock *sk;
292
293 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1);
294 if (!sk)
295 return NULL;
296
297 sock_init_data(sock, sk);
298 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
299
300 d = rfcomm_dlc_alloc(prio);
301 if (!d) {
302 sk_free(sk);
303 return NULL;
304 }
305
306 d->data_ready = rfcomm_sk_data_ready;
307 d->state_change = rfcomm_sk_state_change;
308
309 rfcomm_pi(sk)->dlc = d;
310 d->owner = sk;
311
312 sk->sk_destruct = rfcomm_sock_destruct;
313 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
314
315 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
316 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
317
318 sock_reset_flag(sk, SOCK_ZAPPED);
319
320 sk->sk_protocol = proto;
321 sk->sk_state = BT_OPEN;
322
323 bt_sock_link(&rfcomm_sk_list, sk);
324
325 BT_DBG("sk %p", sk);
326 return sk;
327}
328
329static int rfcomm_sock_create(struct socket *sock, int protocol)
330{
331 struct sock *sk;
332
333 BT_DBG("sock %p", sock);
334
335 sock->state = SS_UNCONNECTED;
336
337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
338 return -ESOCKTNOSUPPORT;
339
340 sock->ops = &rfcomm_sock_ops;
341
342 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL)))
343 return -ENOMEM;
344
345 rfcomm_sock_init(sk, NULL);
346 return 0;
347}
348
349static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
350{
351 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
352 struct sock *sk = sock->sk;
353 int err = 0;
354
355 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
356
357 if (!addr || addr->sa_family != AF_BLUETOOTH)
358 return -EINVAL;
359
360 lock_sock(sk);
361
362 if (sk->sk_state != BT_OPEN) {
363 err = -EBADFD;
364 goto done;
365 }
366
367 write_lock_bh(&rfcomm_sk_list.lock);
368
369 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
370 err = -EADDRINUSE;
371 } else {
372 /* Save source address */
373 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
374 rfcomm_pi(sk)->channel = sa->rc_channel;
375 sk->sk_state = BT_BOUND;
376 }
377
378 write_unlock_bh(&rfcomm_sk_list.lock);
379
380done:
381 release_sock(sk);
382 return err;
383}
384
385static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
386{
387 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
388 struct sock *sk = sock->sk;
389 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
390 int err = 0;
391
392 BT_DBG("sk %p", sk);
393
394 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
395 return -EINVAL;
396
397 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
398 return -EBADFD;
399
400 if (sk->sk_type != SOCK_STREAM)
401 return -EINVAL;
402
403 lock_sock(sk);
404
405 sk->sk_state = BT_CONNECT;
406 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
407 rfcomm_pi(sk)->channel = sa->rc_channel;
408
409 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
410 if (!err)
411 err = bt_sock_wait_state(sk, BT_CONNECTED,
412 sock_sndtimeo(sk, flags & O_NONBLOCK));
413
414 release_sock(sk);
415 return err;
416}
417
418static int rfcomm_sock_listen(struct socket *sock, int backlog)
419{
420 struct sock *sk = sock->sk;
421 int err = 0;
422
423 BT_DBG("sk %p backlog %d", sk, backlog);
424
425 lock_sock(sk);
426
427 if (sk->sk_state != BT_BOUND) {
428 err = -EBADFD;
429 goto done;
430 }
431
432 if (!rfcomm_pi(sk)->channel) {
433 bdaddr_t *src = &bt_sk(sk)->src;
434 u8 channel;
435
436 err = -EINVAL;
437
438 write_lock_bh(&rfcomm_sk_list.lock);
439
440 for (channel = 1; channel < 31; channel++)
441 if (!__rfcomm_get_sock_by_addr(channel, src)) {
442 rfcomm_pi(sk)->channel = channel;
443 err = 0;
444 break;
445 }
446
447 write_unlock_bh(&rfcomm_sk_list.lock);
448
449 if (err < 0)
450 goto done;
451 }
452
453 sk->sk_max_ack_backlog = backlog;
454 sk->sk_ack_backlog = 0;
455 sk->sk_state = BT_LISTEN;
456
457done:
458 release_sock(sk);
459 return err;
460}
461
462static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
463{
464 DECLARE_WAITQUEUE(wait, current);
465 struct sock *sk = sock->sk, *nsk;
466 long timeo;
467 int err = 0;
468
469 lock_sock(sk);
470
471 if (sk->sk_state != BT_LISTEN) {
472 err = -EBADFD;
473 goto done;
474 }
475
476 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
477
478 BT_DBG("sk %p timeo %ld", sk, timeo);
479
480 /* Wait for an incoming connection. (wake-one). */
481 add_wait_queue_exclusive(sk->sk_sleep, &wait);
482 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
483 set_current_state(TASK_INTERRUPTIBLE);
484 if (!timeo) {
485 err = -EAGAIN;
486 break;
487 }
488
489 release_sock(sk);
490 timeo = schedule_timeout(timeo);
491 lock_sock(sk);
492
493 if (sk->sk_state != BT_LISTEN) {
494 err = -EBADFD;
495 break;
496 }
497
498 if (signal_pending(current)) {
499 err = sock_intr_errno(timeo);
500 break;
501 }
502 }
503 set_current_state(TASK_RUNNING);
504 remove_wait_queue(sk->sk_sleep, &wait);
505
506 if (err)
507 goto done;
508
509 newsock->state = SS_CONNECTED;
510
511 BT_DBG("new socket %p", nsk);
512
513done:
514 release_sock(sk);
515 return err;
516}
517
518static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
519{
520 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
521 struct sock *sk = sock->sk;
522
523 BT_DBG("sock %p, sk %p", sock, sk);
524
525 sa->rc_family = AF_BLUETOOTH;
526 sa->rc_channel = rfcomm_pi(sk)->channel;
527 if (peer)
528 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
529 else
530 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
531
532 *len = sizeof(struct sockaddr_rc);
533 return 0;
534}
535
536static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
537 struct msghdr *msg, size_t len)
538{
539 struct sock *sk = sock->sk;
540 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
541 struct sk_buff *skb;
542 int err;
543 int sent = 0;
544
545 if (msg->msg_flags & MSG_OOB)
546 return -EOPNOTSUPP;
547
548 if (sk->sk_shutdown & SEND_SHUTDOWN)
549 return -EPIPE;
550
551 BT_DBG("sock %p, sk %p", sock, sk);
552
553 lock_sock(sk);
554
555 while (len) {
556 size_t size = min_t(size_t, len, d->mtu);
557
558 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
559 msg->msg_flags & MSG_DONTWAIT, &err);
560 if (!skb)
561 break;
562 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
563
564 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
565 if (err) {
566 kfree_skb(skb);
567 sent = err;
568 break;
569 }
570
571 err = rfcomm_dlc_send(d, skb);
572 if (err < 0) {
573 kfree_skb(skb);
574 break;
575 }
576
577 sent += size;
578 len -= size;
579 }
580
581 release_sock(sk);
582
583 return sent ? sent : err;
584}
585
586static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
587{
588 DECLARE_WAITQUEUE(wait, current);
589
590 add_wait_queue(sk->sk_sleep, &wait);
591 for (;;) {
592 set_current_state(TASK_INTERRUPTIBLE);
593
594 if (skb_queue_len(&sk->sk_receive_queue) || sk->sk_err || (sk->sk_shutdown & RCV_SHUTDOWN) ||
595 signal_pending(current) || !timeo)
596 break;
597
598 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
599 release_sock(sk);
600 timeo = schedule_timeout(timeo);
601 lock_sock(sk);
602 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
603 }
604
605 __set_current_state(TASK_RUNNING);
606 remove_wait_queue(sk->sk_sleep, &wait);
607 return timeo;
608}
609
610static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
611 struct msghdr *msg, size_t size, int flags)
612{
613 struct sock *sk = sock->sk;
614 int err = 0;
615 size_t target, copied = 0;
616 long timeo;
617
618 if (flags & MSG_OOB)
619 return -EOPNOTSUPP;
620
621 msg->msg_namelen = 0;
622
623 BT_DBG("sk %p size %d", sk, size);
624
625 lock_sock(sk);
626
627 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
628 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
629
630 do {
631 struct sk_buff *skb;
632 int chunk;
633
634 skb = skb_dequeue(&sk->sk_receive_queue);
635 if (!skb) {
636 if (copied >= target)
637 break;
638
639 if ((err = sock_error(sk)) != 0)
640 break;
641 if (sk->sk_shutdown & RCV_SHUTDOWN)
642 break;
643
644 err = -EAGAIN;
645 if (!timeo)
646 break;
647
648 timeo = rfcomm_sock_data_wait(sk, timeo);
649
650 if (signal_pending(current)) {
651 err = sock_intr_errno(timeo);
652 goto out;
653 }
654 continue;
655 }
656
657 chunk = min_t(unsigned int, skb->len, size);
658 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
659 skb_queue_head(&sk->sk_receive_queue, skb);
660 if (!copied)
661 copied = -EFAULT;
662 break;
663 }
664 copied += chunk;
665 size -= chunk;
666
667 if (!(flags & MSG_PEEK)) {
668 atomic_sub(chunk, &sk->sk_rmem_alloc);
669
670 skb_pull(skb, chunk);
671 if (skb->len) {
672 skb_queue_head(&sk->sk_receive_queue, skb);
673 break;
674 }
675 kfree_skb(skb);
676
677 } else {
678 /* put message back and return */
679 skb_queue_head(&sk->sk_receive_queue, skb);
680 break;
681 }
682 } while (size);
683
684out:
685 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
686 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
687
688 release_sock(sk);
689 return copied ? : err;
690}
691
692static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
693{
694 struct sock *sk = sock->sk;
695 int err = 0;
696 u32 opt;
697
698 BT_DBG("sk %p", sk);
699
700 lock_sock(sk);
701
702 switch (optname) {
703 case RFCOMM_LM:
704 if (get_user(opt, (u32 __user *) optval)) {
705 err = -EFAULT;
706 break;
707 }
708
709 rfcomm_pi(sk)->link_mode = opt;
710 break;
711
712 default:
713 err = -ENOPROTOOPT;
714 break;
715 }
716
717 release_sock(sk);
718 return err;
719}
720
721static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
722{
723 struct sock *sk = sock->sk;
724 struct sock *l2cap_sk;
725 struct rfcomm_conninfo cinfo;
726 int len, err = 0;
727
728 BT_DBG("sk %p", sk);
729
730 if (get_user(len, optlen))
731 return -EFAULT;
732
733 lock_sock(sk);
734
735 switch (optname) {
736 case RFCOMM_LM:
737 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
738 err = -EFAULT;
739 break;
740
741 case RFCOMM_CONNINFO:
742 if (sk->sk_state != BT_CONNECTED) {
743 err = -ENOTCONN;
744 break;
745 }
746
747 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
748
749 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
750 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
751
752 len = min_t(unsigned int, len, sizeof(cinfo));
753 if (copy_to_user(optval, (char *) &cinfo, len))
754 err = -EFAULT;
755
756 break;
757
758 default:
759 err = -ENOPROTOOPT;
760 break;
761 }
762
763 release_sock(sk);
764 return err;
765}
766
767static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
768{
769 struct sock *sk = sock->sk;
770 int err;
771
772 lock_sock(sk);
773
774#ifdef CONFIG_BT_RFCOMM_TTY
775 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg);
776#else
777 err = -EOPNOTSUPP;
778#endif
779
780 release_sock(sk);
781 return err;
782}
783
784static int rfcomm_sock_shutdown(struct socket *sock, int how)
785{
786 struct sock *sk = sock->sk;
787 int err = 0;
788
789 BT_DBG("sock %p, sk %p", sock, sk);
790
791 if (!sk) return 0;
792
793 lock_sock(sk);
794 if (!sk->sk_shutdown) {
795 sk->sk_shutdown = SHUTDOWN_MASK;
796 __rfcomm_sock_close(sk);
797
798 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
799 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
800 }
801 release_sock(sk);
802 return err;
803}
804
805static int rfcomm_sock_release(struct socket *sock)
806{
807 struct sock *sk = sock->sk;
808 int err;
809
810 BT_DBG("sock %p, sk %p", sock, sk);
811
812 if (!sk)
813 return 0;
814
815 err = rfcomm_sock_shutdown(sock, 2);
816
817 sock_orphan(sk);
818 rfcomm_sock_kill(sk);
819 return err;
820}
821
822/* ---- RFCOMM core layer callbacks ----
823 *
824 * called under rfcomm_lock()
825 */
826int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
827{
828 struct sock *sk, *parent;
829 bdaddr_t src, dst;
830 int result = 0;
831
832 BT_DBG("session %p channel %d", s, channel);
833
834 rfcomm_session_getaddr(s, &src, &dst);
835
836 /* Check if we have socket listening on channel */
837 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
838 if (!parent)
839 return 0;
840
841 /* Check for backlog size */
842 if (sk_acceptq_is_full(parent)) {
843 BT_DBG("backlog full %d", parent->sk_ack_backlog);
844 goto done;
845 }
846
847 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
848 if (!sk)
849 goto done;
850
851 rfcomm_sock_init(sk, parent);
852 bacpy(&bt_sk(sk)->src, &src);
853 bacpy(&bt_sk(sk)->dst, &dst);
854 rfcomm_pi(sk)->channel = channel;
855
856 sk->sk_state = BT_CONFIG;
857 bt_accept_enqueue(parent, sk);
858
859 /* Accept connection and return socket DLC */
860 *d = rfcomm_pi(sk)->dlc;
861 result = 1;
862
863done:
864 bh_unlock_sock(parent);
865 return result;
866}
867
868/* ---- Proc fs support ---- */
869#ifdef CONFIG_PROC_FS
870static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
871{
872 struct sock *sk;
873 struct hlist_node *node;
874 loff_t l = *pos;
875
876 read_lock_bh(&rfcomm_sk_list.lock);
877
878 sk_for_each(sk, node, &rfcomm_sk_list.head)
879 if (!l--)
880 return sk;
881 return NULL;
882}
883
884static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
885{
886 struct sock *sk = e;
887 (*pos)++;
888 return sk_next(sk);
889}
890
891static void rfcomm_seq_stop(struct seq_file *seq, void *e)
892{
893 read_unlock_bh(&rfcomm_sk_list.lock);
894}
895
896static int rfcomm_seq_show(struct seq_file *seq, void *e)
897{
898 struct sock *sk = e;
899 seq_printf(seq, "%s %s %d %d\n",
900 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
901 sk->sk_state, rfcomm_pi(sk)->channel);
902 return 0;
903}
904
905static struct seq_operations rfcomm_seq_ops = {
906 .start = rfcomm_seq_start,
907 .next = rfcomm_seq_next,
908 .stop = rfcomm_seq_stop,
909 .show = rfcomm_seq_show
910};
911
912static int rfcomm_seq_open(struct inode *inode, struct file *file)
913{
914 return seq_open(file, &rfcomm_seq_ops);
915}
916
917static struct file_operations rfcomm_seq_fops = {
918 .owner = THIS_MODULE,
919 .open = rfcomm_seq_open,
920 .read = seq_read,
921 .llseek = seq_lseek,
922 .release = seq_release,
923};
924
925static int __init rfcomm_sock_proc_init(void)
926{
927 struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm);
928 if (!p)
929 return -ENOMEM;
930 p->proc_fops = &rfcomm_seq_fops;
931 return 0;
932}
933
934static void __exit rfcomm_sock_proc_cleanup(void)
935{
936 remove_proc_entry("sock", proc_bt_rfcomm);
937}
938
939#else /* CONFIG_PROC_FS */
940
941static int __init rfcomm_sock_proc_init(void)
942{
943 return 0;
944}
945
946static void __exit rfcomm_sock_proc_cleanup(void)
947{
948 return;
949}
950#endif /* CONFIG_PROC_FS */
951
952static struct proto_ops rfcomm_sock_ops = {
953 .family = PF_BLUETOOTH,
954 .owner = THIS_MODULE,
955 .release = rfcomm_sock_release,
956 .bind = rfcomm_sock_bind,
957 .connect = rfcomm_sock_connect,
958 .listen = rfcomm_sock_listen,
959 .accept = rfcomm_sock_accept,
960 .getname = rfcomm_sock_getname,
961 .sendmsg = rfcomm_sock_sendmsg,
962 .recvmsg = rfcomm_sock_recvmsg,
963 .shutdown = rfcomm_sock_shutdown,
964 .setsockopt = rfcomm_sock_setsockopt,
965 .getsockopt = rfcomm_sock_getsockopt,
966 .ioctl = rfcomm_sock_ioctl,
967 .poll = bt_sock_poll,
968 .socketpair = sock_no_socketpair,
969 .mmap = sock_no_mmap
970};
971
972static struct net_proto_family rfcomm_sock_family_ops = {
973 .family = PF_BLUETOOTH,
974 .owner = THIS_MODULE,
975 .create = rfcomm_sock_create
976};
977
978int __init rfcomm_init_sockets(void)
979{
980 int err;
981
982 err = proto_register(&rfcomm_proto, 0);
983 if (err < 0)
984 return err;
985
986 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
987 if (err < 0)
988 goto error;
989
990 rfcomm_sock_proc_init();
991
992 BT_INFO("RFCOMM socket layer initialized");
993
994 return 0;
995
996error:
997 BT_ERR("RFCOMM socket layer registration failed");
998 proto_unregister(&rfcomm_proto);
999 return err;
1000}
1001
1002void __exit rfcomm_cleanup_sockets(void)
1003{
1004 rfcomm_sock_proc_cleanup();
1005
1006 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1007 BT_ERR("RFCOMM socket layer unregistration failed");
1008
1009 proto_unregister(&rfcomm_proto);
1010}
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
new file mode 100644
index 00000000000..6d689200bcf
--- /dev/null
+++ b/net/bluetooth/rfcomm/tty.c
@@ -0,0 +1,930 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 *
27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28 */
29
30#include <linux/config.h>
31#include <linux/module.h>
32
33#include <linux/tty.h>
34#include <linux/tty_driver.h>
35#include <linux/tty_flip.h>
36
37#include <linux/slab.h>
38#include <linux/skbuff.h>
39
40#include <net/bluetooth/bluetooth.h>
41#include <net/bluetooth/rfcomm.h>
42
43#ifndef CONFIG_BT_RFCOMM_DEBUG
44#undef BT_DBG
45#define BT_DBG(D...)
46#endif
47
48#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
49#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
50#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
51#define RFCOMM_TTY_MINOR 0
52
53static struct tty_driver *rfcomm_tty_driver;
54
55struct rfcomm_dev {
56 struct list_head list;
57 atomic_t refcnt;
58
59 char name[12];
60 int id;
61 unsigned long flags;
62 int opened;
63 int err;
64
65 bdaddr_t src;
66 bdaddr_t dst;
67 u8 channel;
68
69 uint modem_status;
70
71 struct rfcomm_dlc *dlc;
72 struct tty_struct *tty;
73 wait_queue_head_t wait;
74 struct tasklet_struct wakeup_task;
75
76 atomic_t wmem_alloc;
77};
78
79static LIST_HEAD(rfcomm_dev_list);
80static DEFINE_RWLOCK(rfcomm_dev_lock);
81
82static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
83static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
84static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
85
86static void rfcomm_tty_wakeup(unsigned long arg);
87
88/* ---- Device functions ---- */
89static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
90{
91 struct rfcomm_dlc *dlc = dev->dlc;
92
93 BT_DBG("dev %p dlc %p", dev, dlc);
94
95 rfcomm_dlc_lock(dlc);
96 /* Detach DLC if it's owned by this dev */
97 if (dlc->owner == dev)
98 dlc->owner = NULL;
99 rfcomm_dlc_unlock(dlc);
100
101 rfcomm_dlc_put(dlc);
102
103 tty_unregister_device(rfcomm_tty_driver, dev->id);
104
105 /* Refcount should only hit zero when called from rfcomm_dev_del()
106 which will have taken us off the list. Everything else are
107 refcounting bugs. */
108 BUG_ON(!list_empty(&dev->list));
109
110 kfree(dev);
111
112 /* It's safe to call module_put() here because socket still
113 holds reference to this module. */
114 module_put(THIS_MODULE);
115}
116
117static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
118{
119 atomic_inc(&dev->refcnt);
120}
121
122static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
123{
124 /* The reason this isn't actually a race, as you no
125 doubt have a little voice screaming at you in your
126 head, is that the refcount should never actually
127 reach zero unless the device has already been taken
128 off the list, in rfcomm_dev_del(). And if that's not
129 true, we'll hit the BUG() in rfcomm_dev_destruct()
130 anyway. */
131 if (atomic_dec_and_test(&dev->refcnt))
132 rfcomm_dev_destruct(dev);
133}
134
135static struct rfcomm_dev *__rfcomm_dev_get(int id)
136{
137 struct rfcomm_dev *dev;
138 struct list_head *p;
139
140 list_for_each(p, &rfcomm_dev_list) {
141 dev = list_entry(p, struct rfcomm_dev, list);
142 if (dev->id == id)
143 return dev;
144 }
145
146 return NULL;
147}
148
149static inline struct rfcomm_dev *rfcomm_dev_get(int id)
150{
151 struct rfcomm_dev *dev;
152
153 read_lock(&rfcomm_dev_lock);
154
155 dev = __rfcomm_dev_get(id);
156 if (dev)
157 rfcomm_dev_hold(dev);
158
159 read_unlock(&rfcomm_dev_lock);
160
161 return dev;
162}
163
164static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
165{
166 struct rfcomm_dev *dev;
167 struct list_head *head = &rfcomm_dev_list, *p;
168 int err = 0;
169
170 BT_DBG("id %d channel %d", req->dev_id, req->channel);
171
172 dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
173 if (!dev)
174 return -ENOMEM;
175 memset(dev, 0, sizeof(struct rfcomm_dev));
176
177 write_lock_bh(&rfcomm_dev_lock);
178
179 if (req->dev_id < 0) {
180 dev->id = 0;
181
182 list_for_each(p, &rfcomm_dev_list) {
183 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
184 break;
185
186 dev->id++;
187 head = p;
188 }
189 } else {
190 dev->id = req->dev_id;
191
192 list_for_each(p, &rfcomm_dev_list) {
193 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
194
195 if (entry->id == dev->id) {
196 err = -EADDRINUSE;
197 goto out;
198 }
199
200 if (entry->id > dev->id - 1)
201 break;
202
203 head = p;
204 }
205 }
206
207 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
208 err = -ENFILE;
209 goto out;
210 }
211
212 sprintf(dev->name, "rfcomm%d", dev->id);
213
214 list_add(&dev->list, head);
215 atomic_set(&dev->refcnt, 1);
216
217 bacpy(&dev->src, &req->src);
218 bacpy(&dev->dst, &req->dst);
219 dev->channel = req->channel;
220
221 dev->flags = req->flags &
222 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
223
224 init_waitqueue_head(&dev->wait);
225 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
226
227 rfcomm_dlc_lock(dlc);
228 dlc->data_ready = rfcomm_dev_data_ready;
229 dlc->state_change = rfcomm_dev_state_change;
230 dlc->modem_status = rfcomm_dev_modem_status;
231
232 dlc->owner = dev;
233 dev->dlc = dlc;
234 rfcomm_dlc_unlock(dlc);
235
236 /* It's safe to call __module_get() here because socket already
237 holds reference to this module. */
238 __module_get(THIS_MODULE);
239
240out:
241 write_unlock_bh(&rfcomm_dev_lock);
242
243 if (err) {
244 kfree(dev);
245 return err;
246 }
247
248 tty_register_device(rfcomm_tty_driver, dev->id, NULL);
249
250 return dev->id;
251}
252
253static void rfcomm_dev_del(struct rfcomm_dev *dev)
254{
255 BT_DBG("dev %p", dev);
256
257 write_lock_bh(&rfcomm_dev_lock);
258 list_del_init(&dev->list);
259 write_unlock_bh(&rfcomm_dev_lock);
260
261 rfcomm_dev_put(dev);
262}
263
264/* ---- Send buffer ---- */
265static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
266{
267 /* We can't let it be zero, because we don't get a callback
268 when tx_credits becomes nonzero, hence we'd never wake up */
269 return dlc->mtu * (dlc->tx_credits?:1);
270}
271
272static void rfcomm_wfree(struct sk_buff *skb)
273{
274 struct rfcomm_dev *dev = (void *) skb->sk;
275 atomic_sub(skb->truesize, &dev->wmem_alloc);
276 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
277 tasklet_schedule(&dev->wakeup_task);
278 rfcomm_dev_put(dev);
279}
280
281static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
282{
283 rfcomm_dev_hold(dev);
284 atomic_add(skb->truesize, &dev->wmem_alloc);
285 skb->sk = (void *) dev;
286 skb->destructor = rfcomm_wfree;
287}
288
289static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, int priority)
290{
291 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
292 struct sk_buff *skb = alloc_skb(size, priority);
293 if (skb) {
294 rfcomm_set_owner_w(skb, dev);
295 return skb;
296 }
297 }
298 return NULL;
299}
300
301/* ---- Device IOCTLs ---- */
302
303#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
304
305static int rfcomm_create_dev(struct sock *sk, void __user *arg)
306{
307 struct rfcomm_dev_req req;
308 struct rfcomm_dlc *dlc;
309 int id;
310
311 if (copy_from_user(&req, arg, sizeof(req)))
312 return -EFAULT;
313
314 BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
315
316 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
317 return -EPERM;
318
319 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
320 /* Socket must be connected */
321 if (sk->sk_state != BT_CONNECTED)
322 return -EBADFD;
323
324 dlc = rfcomm_pi(sk)->dlc;
325 rfcomm_dlc_hold(dlc);
326 } else {
327 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
328 if (!dlc)
329 return -ENOMEM;
330 }
331
332 id = rfcomm_dev_add(&req, dlc);
333 if (id < 0) {
334 rfcomm_dlc_put(dlc);
335 return id;
336 }
337
338 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
339 /* DLC is now used by device.
340 * Socket must be disconnected */
341 sk->sk_state = BT_CLOSED;
342 }
343
344 return id;
345}
346
347static int rfcomm_release_dev(void __user *arg)
348{
349 struct rfcomm_dev_req req;
350 struct rfcomm_dev *dev;
351
352 if (copy_from_user(&req, arg, sizeof(req)))
353 return -EFAULT;
354
355 BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
356
357 if (!(dev = rfcomm_dev_get(req.dev_id)))
358 return -ENODEV;
359
360 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
361 rfcomm_dev_put(dev);
362 return -EPERM;
363 }
364
365 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
366 rfcomm_dlc_close(dev->dlc, 0);
367
368 rfcomm_dev_del(dev);
369 rfcomm_dev_put(dev);
370 return 0;
371}
372
373static int rfcomm_get_dev_list(void __user *arg)
374{
375 struct rfcomm_dev_list_req *dl;
376 struct rfcomm_dev_info *di;
377 struct list_head *p;
378 int n = 0, size, err;
379 u16 dev_num;
380
381 BT_DBG("");
382
383 if (get_user(dev_num, (u16 __user *) arg))
384 return -EFAULT;
385
386 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
387 return -EINVAL;
388
389 size = sizeof(*dl) + dev_num * sizeof(*di);
390
391 if (!(dl = kmalloc(size, GFP_KERNEL)))
392 return -ENOMEM;
393
394 di = dl->dev_info;
395
396 read_lock_bh(&rfcomm_dev_lock);
397
398 list_for_each(p, &rfcomm_dev_list) {
399 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
400 (di + n)->id = dev->id;
401 (di + n)->flags = dev->flags;
402 (di + n)->state = dev->dlc->state;
403 (di + n)->channel = dev->channel;
404 bacpy(&(di + n)->src, &dev->src);
405 bacpy(&(di + n)->dst, &dev->dst);
406 if (++n >= dev_num)
407 break;
408 }
409
410 read_unlock_bh(&rfcomm_dev_lock);
411
412 dl->dev_num = n;
413 size = sizeof(*dl) + n * sizeof(*di);
414
415 err = copy_to_user(arg, dl, size);
416 kfree(dl);
417
418 return err ? -EFAULT : 0;
419}
420
421static int rfcomm_get_dev_info(void __user *arg)
422{
423 struct rfcomm_dev *dev;
424 struct rfcomm_dev_info di;
425 int err = 0;
426
427 BT_DBG("");
428
429 if (copy_from_user(&di, arg, sizeof(di)))
430 return -EFAULT;
431
432 if (!(dev = rfcomm_dev_get(di.id)))
433 return -ENODEV;
434
435 di.flags = dev->flags;
436 di.channel = dev->channel;
437 di.state = dev->dlc->state;
438 bacpy(&di.src, &dev->src);
439 bacpy(&di.dst, &dev->dst);
440
441 if (copy_to_user(arg, &di, sizeof(di)))
442 err = -EFAULT;
443
444 rfcomm_dev_put(dev);
445 return err;
446}
447
448int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
449{
450 BT_DBG("cmd %d arg %p", cmd, arg);
451
452 switch (cmd) {
453 case RFCOMMCREATEDEV:
454 return rfcomm_create_dev(sk, arg);
455
456 case RFCOMMRELEASEDEV:
457 return rfcomm_release_dev(arg);
458
459 case RFCOMMGETDEVLIST:
460 return rfcomm_get_dev_list(arg);
461
462 case RFCOMMGETDEVINFO:
463 return rfcomm_get_dev_info(arg);
464 }
465
466 return -EINVAL;
467}
468
469/* ---- DLC callbacks ---- */
470static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
471{
472 struct rfcomm_dev *dev = dlc->owner;
473 struct tty_struct *tty;
474
475 if (!dev || !(tty = dev->tty)) {
476 kfree_skb(skb);
477 return;
478 }
479
480 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
481
482 if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
483 register int i;
484 for (i = 0; i < skb->len; i++) {
485 if (tty->flip.count >= TTY_FLIPBUF_SIZE)
486 tty_flip_buffer_push(tty);
487
488 tty_insert_flip_char(tty, skb->data[i], 0);
489 }
490 tty_flip_buffer_push(tty);
491 } else
492 tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
493
494 kfree_skb(skb);
495}
496
497static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
498{
499 struct rfcomm_dev *dev = dlc->owner;
500 if (!dev)
501 return;
502
503 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
504
505 dev->err = err;
506 wake_up_interruptible(&dev->wait);
507
508 if (dlc->state == BT_CLOSED) {
509 if (!dev->tty) {
510 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
511 rfcomm_dev_hold(dev);
512 rfcomm_dev_del(dev);
513
514 /* We have to drop DLC lock here, otherwise
515 rfcomm_dev_put() will dead lock if it's
516 the last reference. */
517 rfcomm_dlc_unlock(dlc);
518 rfcomm_dev_put(dev);
519 rfcomm_dlc_lock(dlc);
520 }
521 } else
522 tty_hangup(dev->tty);
523 }
524}
525
526static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
527{
528 struct rfcomm_dev *dev = dlc->owner;
529 if (!dev)
530 return;
531
532 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
533
534 dev->modem_status =
535 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
536 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
537 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
538 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
539}
540
541/* ---- TTY functions ---- */
542static void rfcomm_tty_wakeup(unsigned long arg)
543{
544 struct rfcomm_dev *dev = (void *) arg;
545 struct tty_struct *tty = dev->tty;
546 if (!tty)
547 return;
548
549 BT_DBG("dev %p tty %p", dev, tty);
550
551 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
552 (tty->ldisc.write_wakeup)(tty);
553
554 wake_up_interruptible(&tty->write_wait);
555#ifdef SERIAL_HAVE_POLL_WAIT
556 wake_up_interruptible(&tty->poll_wait);
557#endif
558}
559
560static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
561{
562 DECLARE_WAITQUEUE(wait, current);
563 struct rfcomm_dev *dev;
564 struct rfcomm_dlc *dlc;
565 int err, id;
566
567 id = tty->index;
568
569 BT_DBG("tty %p id %d", tty, id);
570
571 /* We don't leak this refcount. For reasons which are not entirely
572 clear, the TTY layer will call our ->close() method even if the
573 open fails. We decrease the refcount there, and decreasing it
574 here too would cause breakage. */
575 dev = rfcomm_dev_get(id);
576 if (!dev)
577 return -ENODEV;
578
579 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
580
581 if (dev->opened++ != 0)
582 return 0;
583
584 dlc = dev->dlc;
585
586 /* Attach TTY and open DLC */
587
588 rfcomm_dlc_lock(dlc);
589 tty->driver_data = dev;
590 dev->tty = tty;
591 rfcomm_dlc_unlock(dlc);
592 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
593
594 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
595 if (err < 0)
596 return err;
597
598 /* Wait for DLC to connect */
599 add_wait_queue(&dev->wait, &wait);
600 while (1) {
601 set_current_state(TASK_INTERRUPTIBLE);
602
603 if (dlc->state == BT_CLOSED) {
604 err = -dev->err;
605 break;
606 }
607
608 if (dlc->state == BT_CONNECTED)
609 break;
610
611 if (signal_pending(current)) {
612 err = -EINTR;
613 break;
614 }
615
616 schedule();
617 }
618 set_current_state(TASK_RUNNING);
619 remove_wait_queue(&dev->wait, &wait);
620
621 return err;
622}
623
624static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
625{
626 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
627 if (!dev)
628 return;
629
630 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
631
632 if (--dev->opened == 0) {
633 /* Close DLC and dettach TTY */
634 rfcomm_dlc_close(dev->dlc, 0);
635
636 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
637 tasklet_kill(&dev->wakeup_task);
638
639 rfcomm_dlc_lock(dev->dlc);
640 tty->driver_data = NULL;
641 dev->tty = NULL;
642 rfcomm_dlc_unlock(dev->dlc);
643 }
644
645 rfcomm_dev_put(dev);
646}
647
648static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
649{
650 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
651 struct rfcomm_dlc *dlc = dev->dlc;
652 struct sk_buff *skb;
653 int err = 0, sent = 0, size;
654
655 BT_DBG("tty %p count %d", tty, count);
656
657 while (count) {
658 size = min_t(uint, count, dlc->mtu);
659
660 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
661
662 if (!skb)
663 break;
664
665 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
666
667 memcpy(skb_put(skb, size), buf + sent, size);
668
669 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
670 kfree_skb(skb);
671 break;
672 }
673
674 sent += size;
675 count -= size;
676 }
677
678 return sent ? sent : err;
679}
680
681static int rfcomm_tty_write_room(struct tty_struct *tty)
682{
683 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
684 int room;
685
686 BT_DBG("tty %p", tty);
687
688 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
689 if (room < 0)
690 room = 0;
691 return room;
692}
693
694static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
695{
696 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
697
698 switch (cmd) {
699 case TCGETS:
700 BT_DBG("TCGETS is not supported");
701 return -ENOIOCTLCMD;
702
703 case TCSETS:
704 BT_DBG("TCSETS is not supported");
705 return -ENOIOCTLCMD;
706
707 case TIOCMIWAIT:
708 BT_DBG("TIOCMIWAIT");
709 break;
710
711 case TIOCGICOUNT:
712 BT_DBG("TIOCGICOUNT");
713 break;
714
715 case TIOCGSERIAL:
716 BT_ERR("TIOCGSERIAL is not supported");
717 return -ENOIOCTLCMD;
718
719 case TIOCSSERIAL:
720 BT_ERR("TIOCSSERIAL is not supported");
721 return -ENOIOCTLCMD;
722
723 case TIOCSERGSTRUCT:
724 BT_ERR("TIOCSERGSTRUCT is not supported");
725 return -ENOIOCTLCMD;
726
727 case TIOCSERGETLSR:
728 BT_ERR("TIOCSERGETLSR is not supported");
729 return -ENOIOCTLCMD;
730
731 case TIOCSERCONFIG:
732 BT_ERR("TIOCSERCONFIG is not supported");
733 return -ENOIOCTLCMD;
734
735 default:
736 return -ENOIOCTLCMD; /* ioctls which we must ignore */
737
738 }
739
740 return -ENOIOCTLCMD;
741}
742
743#define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
744
745static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
746{
747 BT_DBG("tty %p", tty);
748
749 if ((tty->termios->c_cflag == old->c_cflag) &&
750 (RELEVANT_IFLAG(tty->termios->c_iflag) == RELEVANT_IFLAG(old->c_iflag)))
751 return;
752
753 /* handle turning off CRTSCTS */
754 if ((old->c_cflag & CRTSCTS) && !(tty->termios->c_cflag & CRTSCTS)) {
755 BT_DBG("turning off CRTSCTS");
756 }
757}
758
759static void rfcomm_tty_throttle(struct tty_struct *tty)
760{
761 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
762
763 BT_DBG("tty %p dev %p", tty, dev);
764
765 rfcomm_dlc_throttle(dev->dlc);
766}
767
768static void rfcomm_tty_unthrottle(struct tty_struct *tty)
769{
770 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
771
772 BT_DBG("tty %p dev %p", tty, dev);
773
774 rfcomm_dlc_unthrottle(dev->dlc);
775}
776
777static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
778{
779 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
780 struct rfcomm_dlc *dlc = dev->dlc;
781
782 BT_DBG("tty %p dev %p", tty, dev);
783
784 if (skb_queue_len(&dlc->tx_queue))
785 return dlc->mtu;
786
787 return 0;
788}
789
790static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
791{
792 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
793 if (!dev)
794 return;
795
796 BT_DBG("tty %p dev %p", tty, dev);
797
798 skb_queue_purge(&dev->dlc->tx_queue);
799
800 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
801 tty->ldisc.write_wakeup(tty);
802}
803
804static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
805{
806 BT_DBG("tty %p ch %c", tty, ch);
807}
808
809static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
810{
811 BT_DBG("tty %p timeout %d", tty, timeout);
812}
813
814static void rfcomm_tty_hangup(struct tty_struct *tty)
815{
816 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
817 if (!dev)
818 return;
819
820 BT_DBG("tty %p dev %p", tty, dev);
821
822 rfcomm_tty_flush_buffer(tty);
823
824 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
825 rfcomm_dev_del(dev);
826}
827
828static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
829{
830 return 0;
831}
832
833static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
834{
835 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
836
837 BT_DBG("tty %p dev %p", tty, dev);
838
839 return dev->modem_status;
840}
841
842static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
843{
844 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
845 struct rfcomm_dlc *dlc = dev->dlc;
846 u8 v24_sig;
847
848 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
849
850 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
851
852 if (set & TIOCM_DSR || set & TIOCM_DTR)
853 v24_sig |= RFCOMM_V24_RTC;
854 if (set & TIOCM_RTS || set & TIOCM_CTS)
855 v24_sig |= RFCOMM_V24_RTR;
856 if (set & TIOCM_RI)
857 v24_sig |= RFCOMM_V24_IC;
858 if (set & TIOCM_CD)
859 v24_sig |= RFCOMM_V24_DV;
860
861 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
862 v24_sig &= ~RFCOMM_V24_RTC;
863 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
864 v24_sig &= ~RFCOMM_V24_RTR;
865 if (clear & TIOCM_RI)
866 v24_sig &= ~RFCOMM_V24_IC;
867 if (clear & TIOCM_CD)
868 v24_sig &= ~RFCOMM_V24_DV;
869
870 rfcomm_dlc_set_modem_status(dlc, v24_sig);
871
872 return 0;
873}
874
875/* ---- TTY structure ---- */
876
877static struct tty_operations rfcomm_ops = {
878 .open = rfcomm_tty_open,
879 .close = rfcomm_tty_close,
880 .write = rfcomm_tty_write,
881 .write_room = rfcomm_tty_write_room,
882 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
883 .flush_buffer = rfcomm_tty_flush_buffer,
884 .ioctl = rfcomm_tty_ioctl,
885 .throttle = rfcomm_tty_throttle,
886 .unthrottle = rfcomm_tty_unthrottle,
887 .set_termios = rfcomm_tty_set_termios,
888 .send_xchar = rfcomm_tty_send_xchar,
889 .hangup = rfcomm_tty_hangup,
890 .wait_until_sent = rfcomm_tty_wait_until_sent,
891 .read_proc = rfcomm_tty_read_proc,
892 .tiocmget = rfcomm_tty_tiocmget,
893 .tiocmset = rfcomm_tty_tiocmset,
894};
895
896int rfcomm_init_ttys(void)
897{
898 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
899 if (!rfcomm_tty_driver)
900 return -1;
901
902 rfcomm_tty_driver->owner = THIS_MODULE;
903 rfcomm_tty_driver->driver_name = "rfcomm";
904 rfcomm_tty_driver->devfs_name = "bluetooth/rfcomm/";
905 rfcomm_tty_driver->name = "rfcomm";
906 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
907 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
908 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
909 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
910 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_NO_DEVFS;
911 rfcomm_tty_driver->init_termios = tty_std_termios;
912 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
913 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
914
915 if (tty_register_driver(rfcomm_tty_driver)) {
916 BT_ERR("Can't register RFCOMM TTY driver");
917 put_tty_driver(rfcomm_tty_driver);
918 return -1;
919 }
920
921 BT_INFO("RFCOMM TTY layer initialized");
922
923 return 0;
924}
925
926void rfcomm_cleanup_ttys(void)
927{
928 tty_unregister_driver(rfcomm_tty_driver);
929 put_tty_driver(rfcomm_tty_driver);
930}
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
new file mode 100644
index 00000000000..3e750ef09e6
--- /dev/null
+++ b/net/bluetooth/sco.c
@@ -0,0 +1,1071 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth SCO sockets. */
26
27#include <linux/config.h>
28#include <linux/module.h>
29
30#include <linux/types.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/major.h>
34#include <linux/sched.h>
35#include <linux/slab.h>
36#include <linux/poll.h>
37#include <linux/fcntl.h>
38#include <linux/init.h>
39#include <linux/interrupt.h>
40#include <linux/socket.h>
41#include <linux/skbuff.h>
42#include <linux/proc_fs.h>
43#include <linux/seq_file.h>
44#include <linux/list.h>
45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <asm/uaccess.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/sco.h>
53
54#ifndef CONFIG_BT_SCO_DEBUG
55#undef BT_DBG
56#define BT_DBG(D...)
57#endif
58
59#define VERSION "0.4"
60
61static struct proto_ops sco_sock_ops;
62
63static struct bt_sock_list sco_sk_list = {
64 .lock = RW_LOCK_UNLOCKED
65};
66
67static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent);
68static void sco_chan_del(struct sock *sk, int err);
69
70static int sco_conn_del(struct hci_conn *conn, int err);
71
72static void sco_sock_close(struct sock *sk);
73static void sco_sock_kill(struct sock *sk);
74
75/* ---- SCO timers ---- */
76static void sco_sock_timeout(unsigned long arg)
77{
78 struct sock *sk = (struct sock *) arg;
79
80 BT_DBG("sock %p state %d", sk, sk->sk_state);
81
82 bh_lock_sock(sk);
83 sk->sk_err = ETIMEDOUT;
84 sk->sk_state_change(sk);
85 bh_unlock_sock(sk);
86
87 sco_sock_kill(sk);
88 sock_put(sk);
89}
90
91static void sco_sock_set_timer(struct sock *sk, long timeout)
92{
93 BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout);
94 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
95}
96
97static void sco_sock_clear_timer(struct sock *sk)
98{
99 BT_DBG("sock %p state %d", sk, sk->sk_state);
100 sk_stop_timer(sk, &sk->sk_timer);
101}
102
103static void sco_sock_init_timer(struct sock *sk)
104{
105 init_timer(&sk->sk_timer);
106 sk->sk_timer.function = sco_sock_timeout;
107 sk->sk_timer.data = (unsigned long)sk;
108}
109
110/* ---- SCO connections ---- */
111static struct sco_conn *sco_conn_add(struct hci_conn *hcon, __u8 status)
112{
113 struct hci_dev *hdev = hcon->hdev;
114 struct sco_conn *conn;
115
116 if ((conn = hcon->sco_data))
117 return conn;
118
119 if (status)
120 return conn;
121
122 if (!(conn = kmalloc(sizeof(struct sco_conn), GFP_ATOMIC)))
123 return NULL;
124 memset(conn, 0, sizeof(struct sco_conn));
125
126 spin_lock_init(&conn->lock);
127
128 hcon->sco_data = conn;
129 conn->hcon = hcon;
130
131 conn->src = &hdev->bdaddr;
132 conn->dst = &hcon->dst;
133
134 if (hdev->sco_mtu > 0)
135 conn->mtu = hdev->sco_mtu;
136 else
137 conn->mtu = 60;
138
139 BT_DBG("hcon %p conn %p", hcon, conn);
140 return conn;
141}
142
143static inline struct sock *sco_chan_get(struct sco_conn *conn)
144{
145 struct sock *sk = NULL;
146 sco_conn_lock(conn);
147 sk = conn->sk;
148 sco_conn_unlock(conn);
149 return sk;
150}
151
152static int sco_conn_del(struct hci_conn *hcon, int err)
153{
154 struct sco_conn *conn;
155 struct sock *sk;
156
157 if (!(conn = hcon->sco_data))
158 return 0;
159
160 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
161
162 /* Kill socket */
163 if ((sk = sco_chan_get(conn))) {
164 bh_lock_sock(sk);
165 sco_sock_clear_timer(sk);
166 sco_chan_del(sk, err);
167 bh_unlock_sock(sk);
168 sco_sock_kill(sk);
169 }
170
171 hcon->sco_data = NULL;
172 kfree(conn);
173 return 0;
174}
175
176static inline int sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
177{
178 int err = 0;
179
180 sco_conn_lock(conn);
181 if (conn->sk) {
182 err = -EBUSY;
183 } else {
184 __sco_chan_add(conn, sk, parent);
185 }
186 sco_conn_unlock(conn);
187 return err;
188}
189
190static int sco_connect(struct sock *sk)
191{
192 bdaddr_t *src = &bt_sk(sk)->src;
193 bdaddr_t *dst = &bt_sk(sk)->dst;
194 struct sco_conn *conn;
195 struct hci_conn *hcon;
196 struct hci_dev *hdev;
197 int err = 0;
198
199 BT_DBG("%s -> %s", batostr(src), batostr(dst));
200
201 if (!(hdev = hci_get_route(dst, src)))
202 return -EHOSTUNREACH;
203
204 hci_dev_lock_bh(hdev);
205
206 err = -ENOMEM;
207
208 hcon = hci_connect(hdev, SCO_LINK, dst);
209 if (!hcon)
210 goto done;
211
212 conn = sco_conn_add(hcon, 0);
213 if (!conn) {
214 hci_conn_put(hcon);
215 goto done;
216 }
217
218 /* Update source addr of the socket */
219 bacpy(src, conn->src);
220
221 err = sco_chan_add(conn, sk, NULL);
222 if (err)
223 goto done;
224
225 if (hcon->state == BT_CONNECTED) {
226 sco_sock_clear_timer(sk);
227 sk->sk_state = BT_CONNECTED;
228 } else {
229 sk->sk_state = BT_CONNECT;
230 sco_sock_set_timer(sk, sk->sk_sndtimeo);
231 }
232done:
233 hci_dev_unlock_bh(hdev);
234 hci_dev_put(hdev);
235 return err;
236}
237
238static inline int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
239{
240 struct sco_conn *conn = sco_pi(sk)->conn;
241 struct sk_buff *skb;
242 int err, count;
243
244 /* Check outgoing MTU */
245 if (len > conn->mtu)
246 return -EINVAL;
247
248 BT_DBG("sk %p len %d", sk, len);
249
250 count = min_t(unsigned int, conn->mtu, len);
251 if (!(skb = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err)))
252 return err;
253
254 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
255 err = -EFAULT;
256 goto fail;
257 }
258
259 if ((err = hci_send_sco(conn->hcon, skb)) < 0)
260 goto fail;
261
262 return count;
263
264fail:
265 kfree_skb(skb);
266 return err;
267}
268
269static inline void sco_recv_frame(struct sco_conn *conn, struct sk_buff *skb)
270{
271 struct sock *sk = sco_chan_get(conn);
272
273 if (!sk)
274 goto drop;
275
276 BT_DBG("sk %p len %d", sk, skb->len);
277
278 if (sk->sk_state != BT_CONNECTED)
279 goto drop;
280
281 if (!sock_queue_rcv_skb(sk, skb))
282 return;
283
284drop:
285 kfree_skb(skb);
286 return;
287}
288
289/* -------- Socket interface ---------- */
290static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba)
291{
292 struct sock *sk;
293 struct hlist_node *node;
294
295 sk_for_each(sk, node, &sco_sk_list.head)
296 if (!bacmp(&bt_sk(sk)->src, ba))
297 goto found;
298 sk = NULL;
299found:
300 return sk;
301}
302
303/* Find socket listening on source bdaddr.
304 * Returns closest match.
305 */
306static struct sock *sco_get_sock_listen(bdaddr_t *src)
307{
308 struct sock *sk = NULL, *sk1 = NULL;
309 struct hlist_node *node;
310
311 read_lock(&sco_sk_list.lock);
312
313 sk_for_each(sk, node, &sco_sk_list.head) {
314 if (sk->sk_state != BT_LISTEN)
315 continue;
316
317 /* Exact match. */
318 if (!bacmp(&bt_sk(sk)->src, src))
319 break;
320
321 /* Closest match */
322 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
323 sk1 = sk;
324 }
325
326 read_unlock(&sco_sk_list.lock);
327
328 return node ? sk : sk1;
329}
330
331static void sco_sock_destruct(struct sock *sk)
332{
333 BT_DBG("sk %p", sk);
334
335 skb_queue_purge(&sk->sk_receive_queue);
336 skb_queue_purge(&sk->sk_write_queue);
337}
338
339static void sco_sock_cleanup_listen(struct sock *parent)
340{
341 struct sock *sk;
342
343 BT_DBG("parent %p", parent);
344
345 /* Close not yet accepted channels */
346 while ((sk = bt_accept_dequeue(parent, NULL))) {
347 sco_sock_close(sk);
348 sco_sock_kill(sk);
349 }
350
351 parent->sk_state = BT_CLOSED;
352 sock_set_flag(parent, SOCK_ZAPPED);
353}
354
355/* Kill socket (only if zapped and orphan)
356 * Must be called on unlocked socket.
357 */
358static void sco_sock_kill(struct sock *sk)
359{
360 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
361 return;
362
363 BT_DBG("sk %p state %d", sk, sk->sk_state);
364
365 /* Kill poor orphan */
366 bt_sock_unlink(&sco_sk_list, sk);
367 sock_set_flag(sk, SOCK_DEAD);
368 sock_put(sk);
369}
370
371/* Close socket.
372 * Must be called on unlocked socket.
373 */
374static void sco_sock_close(struct sock *sk)
375{
376 struct sco_conn *conn;
377
378 sco_sock_clear_timer(sk);
379
380 lock_sock(sk);
381
382 conn = sco_pi(sk)->conn;
383
384 BT_DBG("sk %p state %d conn %p socket %p", sk, sk->sk_state, conn, sk->sk_socket);
385
386 switch (sk->sk_state) {
387 case BT_LISTEN:
388 sco_sock_cleanup_listen(sk);
389 break;
390
391 case BT_CONNECTED:
392 case BT_CONFIG:
393 case BT_CONNECT:
394 case BT_DISCONN:
395 sco_chan_del(sk, ECONNRESET);
396 break;
397
398 default:
399 sock_set_flag(sk, SOCK_ZAPPED);
400 break;
401 };
402
403 release_sock(sk);
404
405 sco_sock_kill(sk);
406}
407
408static void sco_sock_init(struct sock *sk, struct sock *parent)
409{
410 BT_DBG("sk %p", sk);
411
412 if (parent)
413 sk->sk_type = parent->sk_type;
414}
415
416static struct proto sco_proto = {
417 .name = "SCO",
418 .owner = THIS_MODULE,
419 .obj_size = sizeof(struct sco_pinfo)
420};
421
422static struct sock *sco_sock_alloc(struct socket *sock, int proto, int prio)
423{
424 struct sock *sk;
425
426 sk = sk_alloc(PF_BLUETOOTH, prio, &sco_proto, 1);
427 if (!sk)
428 return NULL;
429
430 sock_init_data(sock, sk);
431 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
432
433 sk->sk_destruct = sco_sock_destruct;
434 sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
435
436 sock_reset_flag(sk, SOCK_ZAPPED);
437
438 sk->sk_protocol = proto;
439 sk->sk_state = BT_OPEN;
440
441 sco_sock_init_timer(sk);
442
443 bt_sock_link(&sco_sk_list, sk);
444 return sk;
445}
446
447static int sco_sock_create(struct socket *sock, int protocol)
448{
449 struct sock *sk;
450
451 BT_DBG("sock %p", sock);
452
453 sock->state = SS_UNCONNECTED;
454
455 if (sock->type != SOCK_SEQPACKET)
456 return -ESOCKTNOSUPPORT;
457
458 sock->ops = &sco_sock_ops;
459
460 if (!(sk = sco_sock_alloc(sock, protocol, GFP_KERNEL)))
461 return -ENOMEM;
462
463 sco_sock_init(sk, NULL);
464 return 0;
465}
466
467static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
468{
469 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
470 struct sock *sk = sock->sk;
471 bdaddr_t *src = &sa->sco_bdaddr;
472 int err = 0;
473
474 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr));
475
476 if (!addr || addr->sa_family != AF_BLUETOOTH)
477 return -EINVAL;
478
479 lock_sock(sk);
480
481 if (sk->sk_state != BT_OPEN) {
482 err = -EBADFD;
483 goto done;
484 }
485
486 write_lock_bh(&sco_sk_list.lock);
487
488 if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
489 err = -EADDRINUSE;
490 } else {
491 /* Save source address */
492 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr);
493 sk->sk_state = BT_BOUND;
494 }
495
496 write_unlock_bh(&sco_sk_list.lock);
497
498done:
499 release_sock(sk);
500 return err;
501}
502
503static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
504{
505 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
506 struct sock *sk = sock->sk;
507 int err = 0;
508
509
510 BT_DBG("sk %p", sk);
511
512 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco))
513 return -EINVAL;
514
515 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
516 return -EBADFD;
517
518 if (sk->sk_type != SOCK_SEQPACKET)
519 return -EINVAL;
520
521 lock_sock(sk);
522
523 /* Set destination address and psm */
524 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr);
525
526 if ((err = sco_connect(sk)))
527 goto done;
528
529 err = bt_sock_wait_state(sk, BT_CONNECTED,
530 sock_sndtimeo(sk, flags & O_NONBLOCK));
531
532done:
533 release_sock(sk);
534 return err;
535}
536
537static int sco_sock_listen(struct socket *sock, int backlog)
538{
539 struct sock *sk = sock->sk;
540 int err = 0;
541
542 BT_DBG("sk %p backlog %d", sk, backlog);
543
544 lock_sock(sk);
545
546 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
547 err = -EBADFD;
548 goto done;
549 }
550
551 sk->sk_max_ack_backlog = backlog;
552 sk->sk_ack_backlog = 0;
553 sk->sk_state = BT_LISTEN;
554
555done:
556 release_sock(sk);
557 return err;
558}
559
560static int sco_sock_accept(struct socket *sock, struct socket *newsock, int flags)
561{
562 DECLARE_WAITQUEUE(wait, current);
563 struct sock *sk = sock->sk, *ch;
564 long timeo;
565 int err = 0;
566
567 lock_sock(sk);
568
569 if (sk->sk_state != BT_LISTEN) {
570 err = -EBADFD;
571 goto done;
572 }
573
574 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
575
576 BT_DBG("sk %p timeo %ld", sk, timeo);
577
578 /* Wait for an incoming connection. (wake-one). */
579 add_wait_queue_exclusive(sk->sk_sleep, &wait);
580 while (!(ch = bt_accept_dequeue(sk, newsock))) {
581 set_current_state(TASK_INTERRUPTIBLE);
582 if (!timeo) {
583 err = -EAGAIN;
584 break;
585 }
586
587 release_sock(sk);
588 timeo = schedule_timeout(timeo);
589 lock_sock(sk);
590
591 if (sk->sk_state != BT_LISTEN) {
592 err = -EBADFD;
593 break;
594 }
595
596 if (signal_pending(current)) {
597 err = sock_intr_errno(timeo);
598 break;
599 }
600 }
601 set_current_state(TASK_RUNNING);
602 remove_wait_queue(sk->sk_sleep, &wait);
603
604 if (err)
605 goto done;
606
607 newsock->state = SS_CONNECTED;
608
609 BT_DBG("new socket %p", ch);
610
611done:
612 release_sock(sk);
613 return err;
614}
615
616static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
617{
618 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
619 struct sock *sk = sock->sk;
620
621 BT_DBG("sock %p, sk %p", sock, sk);
622
623 addr->sa_family = AF_BLUETOOTH;
624 *len = sizeof(struct sockaddr_sco);
625
626 if (peer)
627 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst);
628 else
629 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src);
630
631 return 0;
632}
633
634static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
635 struct msghdr *msg, size_t len)
636{
637 struct sock *sk = sock->sk;
638 int err = 0;
639
640 BT_DBG("sock %p, sk %p", sock, sk);
641
642 if (sk->sk_err)
643 return sock_error(sk);
644
645 if (msg->msg_flags & MSG_OOB)
646 return -EOPNOTSUPP;
647
648 lock_sock(sk);
649
650 if (sk->sk_state == BT_CONNECTED)
651 err = sco_send_frame(sk, msg, len);
652 else
653 err = -ENOTCONN;
654
655 release_sock(sk);
656 return err;
657}
658
659static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
660{
661 struct sock *sk = sock->sk;
662 int err = 0;
663
664 BT_DBG("sk %p", sk);
665
666 lock_sock(sk);
667
668 switch (optname) {
669 default:
670 err = -ENOPROTOOPT;
671 break;
672 }
673
674 release_sock(sk);
675 return err;
676}
677
678static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
679{
680 struct sock *sk = sock->sk;
681 struct sco_options opts;
682 struct sco_conninfo cinfo;
683 int len, err = 0;
684
685 BT_DBG("sk %p", sk);
686
687 if (get_user(len, optlen))
688 return -EFAULT;
689
690 lock_sock(sk);
691
692 switch (optname) {
693 case SCO_OPTIONS:
694 if (sk->sk_state != BT_CONNECTED) {
695 err = -ENOTCONN;
696 break;
697 }
698
699 opts.mtu = sco_pi(sk)->conn->mtu;
700
701 BT_DBG("mtu %d", opts.mtu);
702
703 len = min_t(unsigned int, len, sizeof(opts));
704 if (copy_to_user(optval, (char *)&opts, len))
705 err = -EFAULT;
706
707 break;
708
709 case SCO_CONNINFO:
710 if (sk->sk_state != BT_CONNECTED) {
711 err = -ENOTCONN;
712 break;
713 }
714
715 cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
716 memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
717
718 len = min_t(unsigned int, len, sizeof(cinfo));
719 if (copy_to_user(optval, (char *)&cinfo, len))
720 err = -EFAULT;
721
722 break;
723
724 default:
725 err = -ENOPROTOOPT;
726 break;
727 }
728
729 release_sock(sk);
730 return err;
731}
732
733static int sco_sock_release(struct socket *sock)
734{
735 struct sock *sk = sock->sk;
736 int err = 0;
737
738 BT_DBG("sock %p, sk %p", sock, sk);
739
740 if (!sk)
741 return 0;
742
743 sco_sock_close(sk);
744
745 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) {
746 lock_sock(sk);
747 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
748 release_sock(sk);
749 }
750
751 sock_orphan(sk);
752 sco_sock_kill(sk);
753 return err;
754}
755
756static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, struct sock *parent)
757{
758 BT_DBG("conn %p", conn);
759
760 sco_pi(sk)->conn = conn;
761 conn->sk = sk;
762
763 if (parent)
764 bt_accept_enqueue(parent, sk);
765}
766
767/* Delete channel.
768 * Must be called on the locked socket. */
769static void sco_chan_del(struct sock *sk, int err)
770{
771 struct sco_conn *conn;
772
773 conn = sco_pi(sk)->conn;
774
775 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
776
777 if (conn) {
778 sco_conn_lock(conn);
779 conn->sk = NULL;
780 sco_pi(sk)->conn = NULL;
781 sco_conn_unlock(conn);
782 hci_conn_put(conn->hcon);
783 }
784
785 sk->sk_state = BT_CLOSED;
786 sk->sk_err = err;
787 sk->sk_state_change(sk);
788
789 sock_set_flag(sk, SOCK_ZAPPED);
790}
791
792static void sco_conn_ready(struct sco_conn *conn)
793{
794 struct sock *parent, *sk;
795
796 BT_DBG("conn %p", conn);
797
798 sco_conn_lock(conn);
799
800 if ((sk = conn->sk)) {
801 sco_sock_clear_timer(sk);
802 bh_lock_sock(sk);
803 sk->sk_state = BT_CONNECTED;
804 sk->sk_state_change(sk);
805 bh_unlock_sock(sk);
806 } else {
807 parent = sco_get_sock_listen(conn->src);
808 if (!parent)
809 goto done;
810
811 bh_lock_sock(parent);
812
813 sk = sco_sock_alloc(NULL, BTPROTO_SCO, GFP_ATOMIC);
814 if (!sk) {
815 bh_unlock_sock(parent);
816 goto done;
817 }
818
819 sco_sock_init(sk, parent);
820
821 bacpy(&bt_sk(sk)->src, conn->src);
822 bacpy(&bt_sk(sk)->dst, conn->dst);
823
824 hci_conn_hold(conn->hcon);
825 __sco_chan_add(conn, sk, parent);
826
827 sk->sk_state = BT_CONNECTED;
828
829 /* Wake up parent */
830 parent->sk_data_ready(parent, 1);
831
832 bh_unlock_sock(parent);
833 }
834
835done:
836 sco_conn_unlock(conn);
837}
838
839/* ----- SCO interface with lower layer (HCI) ----- */
840static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
841{
842 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
843
844 /* Always accept connection */
845 return HCI_LM_ACCEPT;
846}
847
848static int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
849{
850 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
851
852 if (hcon->type != SCO_LINK)
853 return 0;
854
855 if (!status) {
856 struct sco_conn *conn;
857
858 conn = sco_conn_add(hcon, status);
859 if (conn)
860 sco_conn_ready(conn);
861 } else
862 sco_conn_del(hcon, bt_err(status));
863
864 return 0;
865}
866
867static int sco_disconn_ind(struct hci_conn *hcon, __u8 reason)
868{
869 BT_DBG("hcon %p reason %d", hcon, reason);
870
871 if (hcon->type != SCO_LINK)
872 return 0;
873
874 sco_conn_del(hcon, bt_err(reason));
875 return 0;
876}
877
878static int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
879{
880 struct sco_conn *conn = hcon->sco_data;
881
882 if (!conn)
883 goto drop;
884
885 BT_DBG("conn %p len %d", conn, skb->len);
886
887 if (skb->len) {
888 sco_recv_frame(conn, skb);
889 return 0;
890 }
891
892drop:
893 kfree_skb(skb);
894 return 0;
895}
896
897/* ---- Proc fs support ---- */
898#ifdef CONFIG_PROC_FS
899static void *sco_seq_start(struct seq_file *seq, loff_t *pos)
900{
901 struct sock *sk;
902 struct hlist_node *node;
903 loff_t l = *pos;
904
905 read_lock_bh(&sco_sk_list.lock);
906
907 sk_for_each(sk, node, &sco_sk_list.head)
908 if (!l--)
909 goto found;
910 sk = NULL;
911found:
912 return sk;
913}
914
915static void *sco_seq_next(struct seq_file *seq, void *e, loff_t *pos)
916{
917 struct sock *sk = e;
918 (*pos)++;
919 return sk_next(sk);
920}
921
922static void sco_seq_stop(struct seq_file *seq, void *e)
923{
924 read_unlock_bh(&sco_sk_list.lock);
925}
926
927static int sco_seq_show(struct seq_file *seq, void *e)
928{
929 struct sock *sk = e;
930 seq_printf(seq, "%s %s %d\n",
931 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), sk->sk_state);
932 return 0;
933}
934
935static struct seq_operations sco_seq_ops = {
936 .start = sco_seq_start,
937 .next = sco_seq_next,
938 .stop = sco_seq_stop,
939 .show = sco_seq_show
940};
941
942static int sco_seq_open(struct inode *inode, struct file *file)
943{
944 return seq_open(file, &sco_seq_ops);
945}
946
947static struct file_operations sco_seq_fops = {
948 .owner = THIS_MODULE,
949 .open = sco_seq_open,
950 .read = seq_read,
951 .llseek = seq_lseek,
952 .release = seq_release,
953};
954
955static int __init sco_proc_init(void)
956{
957 struct proc_dir_entry *p = create_proc_entry("sco", S_IRUGO, proc_bt);
958 if (!p)
959 return -ENOMEM;
960 p->owner = THIS_MODULE;
961 p->proc_fops = &sco_seq_fops;
962 return 0;
963}
964
965static void __exit sco_proc_cleanup(void)
966{
967 remove_proc_entry("sco", proc_bt);
968}
969
970#else /* CONFIG_PROC_FS */
971
972static int __init sco_proc_init(void)
973{
974 return 0;
975}
976
977static void __exit sco_proc_cleanup(void)
978{
979 return;
980}
981#endif /* CONFIG_PROC_FS */
982
983static struct proto_ops sco_sock_ops = {
984 .family = PF_BLUETOOTH,
985 .owner = THIS_MODULE,
986 .release = sco_sock_release,
987 .bind = sco_sock_bind,
988 .connect = sco_sock_connect,
989 .listen = sco_sock_listen,
990 .accept = sco_sock_accept,
991 .getname = sco_sock_getname,
992 .sendmsg = sco_sock_sendmsg,
993 .recvmsg = bt_sock_recvmsg,
994 .poll = bt_sock_poll,
995 .ioctl = sock_no_ioctl,
996 .mmap = sock_no_mmap,
997 .socketpair = sock_no_socketpair,
998 .shutdown = sock_no_shutdown,
999 .setsockopt = sco_sock_setsockopt,
1000 .getsockopt = sco_sock_getsockopt
1001};
1002
1003static struct net_proto_family sco_sock_family_ops = {
1004 .family = PF_BLUETOOTH,
1005 .owner = THIS_MODULE,
1006 .create = sco_sock_create,
1007};
1008
1009static struct hci_proto sco_hci_proto = {
1010 .name = "SCO",
1011 .id = HCI_PROTO_SCO,
1012 .connect_ind = sco_connect_ind,
1013 .connect_cfm = sco_connect_cfm,
1014 .disconn_ind = sco_disconn_ind,
1015 .recv_scodata = sco_recv_scodata
1016};
1017
1018static int __init sco_init(void)
1019{
1020 int err;
1021
1022 err = proto_register(&sco_proto, 0);
1023 if (err < 0)
1024 return err;
1025
1026 err = bt_sock_register(BTPROTO_SCO, &sco_sock_family_ops);
1027 if (err < 0) {
1028 BT_ERR("SCO socket registration failed");
1029 goto error;
1030 }
1031
1032 err = hci_register_proto(&sco_hci_proto);
1033 if (err < 0) {
1034 BT_ERR("SCO protocol registration failed");
1035 bt_sock_unregister(BTPROTO_SCO);
1036 goto error;
1037 }
1038
1039 sco_proc_init();
1040
1041 BT_INFO("SCO (Voice Link) ver %s", VERSION);
1042 BT_INFO("SCO socket layer initialized");
1043
1044 return 0;
1045
1046error:
1047 proto_unregister(&sco_proto);
1048 return err;
1049}
1050
1051static void __exit sco_exit(void)
1052{
1053 sco_proc_cleanup();
1054
1055 if (bt_sock_unregister(BTPROTO_SCO) < 0)
1056 BT_ERR("SCO socket unregistration failed");
1057
1058 if (hci_unregister_proto(&sco_hci_proto) < 0)
1059 BT_ERR("SCO protocol unregistration failed");
1060
1061 proto_unregister(&sco_proto);
1062}
1063
1064module_init(sco_init);
1065module_exit(sco_exit);
1066
1067MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1068MODULE_DESCRIPTION("Bluetooth SCO ver " VERSION);
1069MODULE_VERSION(VERSION);
1070MODULE_LICENSE("GPL");
1071MODULE_ALIAS("bt-proto-2");