aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/rfcomm
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-04-16 18:20:36 -0400
commit1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch)
tree0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/bluetooth/rfcomm
Linux-2.6.12-rc2v2.6.12-rc2
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
Diffstat (limited to 'net/bluetooth/rfcomm')
-rw-r--r--net/bluetooth/rfcomm/Kconfig17
-rw-r--r--net/bluetooth/rfcomm/Makefile8
-rw-r--r--net/bluetooth/rfcomm/core.c2127
-rw-r--r--net/bluetooth/rfcomm/crc.c71
-rw-r--r--net/bluetooth/rfcomm/sock.c1010
-rw-r--r--net/bluetooth/rfcomm/tty.c930
6 files changed, 4163 insertions, 0 deletions
diff --git a/net/bluetooth/rfcomm/Kconfig b/net/bluetooth/rfcomm/Kconfig
new file mode 100644
index 000000000000..405a0e61e7dc
--- /dev/null
+++ b/net/bluetooth/rfcomm/Kconfig
@@ -0,0 +1,17 @@
1config BT_RFCOMM
2 tristate "RFCOMM protocol support"
3 depends on BT && BT_L2CAP
4 help
5 RFCOMM provides connection oriented stream transport. RFCOMM
6 support is required for Dialup Networking, OBEX and other Bluetooth
7 applications.
8
9 Say Y here to compile RFCOMM support into the kernel or say M to
10 compile it as module (rfcomm).
11
12config BT_RFCOMM_TTY
13 bool "RFCOMM TTY support"
14 depends on BT_RFCOMM
15 help
16 This option enables TTY emulation support for RFCOMM channels.
17
diff --git a/net/bluetooth/rfcomm/Makefile b/net/bluetooth/rfcomm/Makefile
new file mode 100644
index 000000000000..aecec45ec68d
--- /dev/null
+++ b/net/bluetooth/rfcomm/Makefile
@@ -0,0 +1,8 @@
1#
2# Makefile for the Linux Bluetooth RFCOMM layer.
3#
4
5obj-$(CONFIG_BT_RFCOMM) += rfcomm.o
6
7rfcomm-y := core.o sock.o crc.o
8rfcomm-$(CONFIG_BT_RFCOMM_TTY) += tty.o
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
new file mode 100644
index 000000000000..e9e6fda66f1a
--- /dev/null
+++ b/net/bluetooth/rfcomm/core.c
@@ -0,0 +1,2127 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 RPN support - Dirk Husemann <hud@zurich.ibm.com>
26*/
27
28/*
29 * Bluetooth RFCOMM core.
30 *
31 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
32 */
33
34#include <linux/config.h>
35#include <linux/module.h>
36#include <linux/errno.h>
37#include <linux/kernel.h>
38#include <linux/sched.h>
39#include <linux/signal.h>
40#include <linux/init.h>
41#include <linux/wait.h>
42#include <linux/net.h>
43#include <linux/proc_fs.h>
44#include <linux/seq_file.h>
45#include <net/sock.h>
46#include <asm/uaccess.h>
47#include <asm/unaligned.h>
48
49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h>
52#include <net/bluetooth/rfcomm.h>
53
54#define VERSION "1.5"
55
56#ifndef CONFIG_BT_RFCOMM_DEBUG
57#undef BT_DBG
58#define BT_DBG(D...)
59#endif
60
61#ifdef CONFIG_PROC_FS
62struct proc_dir_entry *proc_bt_rfcomm;
63#endif
64
65static struct task_struct *rfcomm_thread;
66
67static DECLARE_MUTEX(rfcomm_sem);
68#define rfcomm_lock() down(&rfcomm_sem);
69#define rfcomm_unlock() up(&rfcomm_sem);
70
71static unsigned long rfcomm_event;
72
73static LIST_HEAD(session_list);
74static atomic_t terminate, running;
75
76static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
86
87static void rfcomm_process_connect(struct rfcomm_session *s);
88
89static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91static void rfcomm_session_del(struct rfcomm_session *s);
92
93/* ---- RFCOMM frame parsing macros ---- */
94#define __get_dlci(b) ((b & 0xfc) >> 2)
95#define __get_channel(b) ((b & 0xf8) >> 3)
96#define __get_dir(b) ((b & 0x04) >> 2)
97#define __get_type(b) ((b & 0xef))
98
99#define __test_ea(b) ((b & 0x01))
100#define __test_cr(b) ((b & 0x02))
101#define __test_pf(b) ((b & 0x10))
102
103#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
105#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
106#define __srv_channel(dlci) (dlci >> 1)
107#define __dir(dlci) (dlci & 0x01)
108
109#define __len8(len) (((len) << 1) | 1)
110#define __len16(len) ((len) << 1)
111
112/* MCC macros */
113#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
114#define __get_mcc_type(b) ((b & 0xfc) >> 2)
115#define __get_mcc_len(b) ((b & 0xfe) >> 1)
116
117/* RPN macros */
118#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119#define __get_rpn_data_bits(line) ((line) & 0x3)
120#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121#define __get_rpn_parity(line) (((line) >> 3) & 0x3)
122
123static inline void rfcomm_schedule(uint event)
124{
125 if (!rfcomm_thread)
126 return;
127 //set_bit(event, &rfcomm_event);
128 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129 wake_up_process(rfcomm_thread);
130}
131
132static inline void rfcomm_session_put(struct rfcomm_session *s)
133{
134 if (atomic_dec_and_test(&s->refcnt))
135 rfcomm_session_del(s);
136}
137
138/* ---- RFCOMM FCS computation ---- */
139
140/* CRC on 2 bytes */
141#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
142
143/* FCS on 2 bytes */
144static inline u8 __fcs(u8 *data)
145{
146 return (0xff - __crc(data));
147}
148
149/* FCS on 3 bytes */
150static inline u8 __fcs2(u8 *data)
151{
152 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
153}
154
155/* Check FCS */
156static inline int __check_fcs(u8 *data, int type, u8 fcs)
157{
158 u8 f = __crc(data);
159
160 if (type != RFCOMM_UIH)
161 f = rfcomm_crc_table[f ^ data[2]];
162
163 return rfcomm_crc_table[f ^ fcs] != 0xcf;
164}
165
166/* ---- L2CAP callbacks ---- */
167static void rfcomm_l2state_change(struct sock *sk)
168{
169 BT_DBG("%p state %d", sk, sk->sk_state);
170 rfcomm_schedule(RFCOMM_SCHED_STATE);
171}
172
173static void rfcomm_l2data_ready(struct sock *sk, int bytes)
174{
175 BT_DBG("%p bytes %d", sk, bytes);
176 rfcomm_schedule(RFCOMM_SCHED_RX);
177}
178
179static int rfcomm_l2sock_create(struct socket **sock)
180{
181 int err;
182
183 BT_DBG("");
184
185 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
186 if (!err) {
187 struct sock *sk = (*sock)->sk;
188 sk->sk_data_ready = rfcomm_l2data_ready;
189 sk->sk_state_change = rfcomm_l2state_change;
190 }
191 return err;
192}
193
194/* ---- RFCOMM DLCs ---- */
195static void rfcomm_dlc_timeout(unsigned long arg)
196{
197 struct rfcomm_dlc *d = (void *) arg;
198
199 BT_DBG("dlc %p state %ld", d, d->state);
200
201 set_bit(RFCOMM_TIMED_OUT, &d->flags);
202 rfcomm_dlc_put(d);
203 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
204}
205
206static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
207{
208 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
209
210 if (!mod_timer(&d->timer, jiffies + timeout))
211 rfcomm_dlc_hold(d);
212}
213
214static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
215{
216 BT_DBG("dlc %p state %ld", d, d->state);
217
218 if (timer_pending(&d->timer) && del_timer(&d->timer))
219 rfcomm_dlc_put(d);
220}
221
222static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
223{
224 BT_DBG("%p", d);
225
226 d->state = BT_OPEN;
227 d->flags = 0;
228 d->mscex = 0;
229 d->mtu = RFCOMM_DEFAULT_MTU;
230 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
231
232 d->cfc = RFCOMM_CFC_DISABLED;
233 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
234}
235
236struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
237{
238 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
239 if (!d)
240 return NULL;
241 memset(d, 0, sizeof(*d));
242
243 init_timer(&d->timer);
244 d->timer.function = rfcomm_dlc_timeout;
245 d->timer.data = (unsigned long) d;
246
247 skb_queue_head_init(&d->tx_queue);
248 spin_lock_init(&d->lock);
249 atomic_set(&d->refcnt, 1);
250
251 rfcomm_dlc_clear_state(d);
252
253 BT_DBG("%p", d);
254 return d;
255}
256
257void rfcomm_dlc_free(struct rfcomm_dlc *d)
258{
259 BT_DBG("%p", d);
260
261 skb_queue_purge(&d->tx_queue);
262 kfree(d);
263}
264
265static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
266{
267 BT_DBG("dlc %p session %p", d, s);
268
269 rfcomm_session_hold(s);
270
271 rfcomm_dlc_hold(d);
272 list_add(&d->list, &s->dlcs);
273 d->session = s;
274}
275
276static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
277{
278 struct rfcomm_session *s = d->session;
279
280 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
281
282 list_del(&d->list);
283 d->session = NULL;
284 rfcomm_dlc_put(d);
285
286 rfcomm_session_put(s);
287}
288
289static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
290{
291 struct rfcomm_dlc *d;
292 struct list_head *p;
293
294 list_for_each(p, &s->dlcs) {
295 d = list_entry(p, struct rfcomm_dlc, list);
296 if (d->dlci == dlci)
297 return d;
298 }
299 return NULL;
300}
301
302static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
303{
304 struct rfcomm_session *s;
305 int err = 0;
306 u8 dlci;
307
308 BT_DBG("dlc %p state %ld %s %s channel %d",
309 d, d->state, batostr(src), batostr(dst), channel);
310
311 if (channel < 1 || channel > 30)
312 return -EINVAL;
313
314 if (d->state != BT_OPEN && d->state != BT_CLOSED)
315 return 0;
316
317 s = rfcomm_session_get(src, dst);
318 if (!s) {
319 s = rfcomm_session_create(src, dst, &err);
320 if (!s)
321 return err;
322 }
323
324 dlci = __dlci(!s->initiator, channel);
325
326 /* Check if DLCI already exists */
327 if (rfcomm_dlc_get(s, dlci))
328 return -EBUSY;
329
330 rfcomm_dlc_clear_state(d);
331
332 d->dlci = dlci;
333 d->addr = __addr(s->initiator, dlci);
334 d->priority = 7;
335
336 d->state = BT_CONFIG;
337 rfcomm_dlc_link(s, d);
338
339 d->mtu = s->mtu;
340 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
341
342 if (s->state == BT_CONNECTED)
343 rfcomm_send_pn(s, 1, d);
344 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
345 return 0;
346}
347
348int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
349{
350 int r;
351
352 rfcomm_lock();
353
354 r = __rfcomm_dlc_open(d, src, dst, channel);
355
356 rfcomm_unlock();
357 return r;
358}
359
360static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
361{
362 struct rfcomm_session *s = d->session;
363 if (!s)
364 return 0;
365
366 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367 d, d->state, d->dlci, err, s);
368
369 switch (d->state) {
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 case BT_CONNECT:
373 d->state = BT_DISCONN;
374 if (skb_queue_empty(&d->tx_queue)) {
375 rfcomm_send_disc(s, d->dlci);
376 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
377 } else {
378 rfcomm_queue_disc(d);
379 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
380 }
381 break;
382
383 default:
384 rfcomm_dlc_clear_timer(d);
385
386 rfcomm_dlc_lock(d);
387 d->state = BT_CLOSED;
388 d->state_change(d, err);
389 rfcomm_dlc_unlock(d);
390
391 skb_queue_purge(&d->tx_queue);
392 rfcomm_session_put(s);
393
394 rfcomm_dlc_unlink(d);
395 }
396
397 return 0;
398}
399
400int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401{
402 int r;
403
404 rfcomm_lock();
405
406 r = __rfcomm_dlc_close(d, err);
407
408 rfcomm_unlock();
409 return r;
410}
411
412int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
413{
414 int len = skb->len;
415
416 if (d->state != BT_CONNECTED)
417 return -ENOTCONN;
418
419 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
420
421 if (len > d->mtu)
422 return -EINVAL;
423
424 rfcomm_make_uih(skb, d->addr);
425 skb_queue_tail(&d->tx_queue, skb);
426
427 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
428 rfcomm_schedule(RFCOMM_SCHED_TX);
429 return len;
430}
431
432void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
433{
434 BT_DBG("dlc %p state %ld", d, d->state);
435
436 if (!d->cfc) {
437 d->v24_sig |= RFCOMM_V24_FC;
438 set_bit(RFCOMM_MSC_PENDING, &d->flags);
439 }
440 rfcomm_schedule(RFCOMM_SCHED_TX);
441}
442
443void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
444{
445 BT_DBG("dlc %p state %ld", d, d->state);
446
447 if (!d->cfc) {
448 d->v24_sig &= ~RFCOMM_V24_FC;
449 set_bit(RFCOMM_MSC_PENDING, &d->flags);
450 }
451 rfcomm_schedule(RFCOMM_SCHED_TX);
452}
453
454/*
455 Set/get modem status functions use _local_ status i.e. what we report
456 to the other side.
457 Remote status is provided by dlc->modem_status() callback.
458 */
459int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
460{
461 BT_DBG("dlc %p state %ld v24_sig 0x%x",
462 d, d->state, v24_sig);
463
464 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
465 v24_sig |= RFCOMM_V24_FC;
466 else
467 v24_sig &= ~RFCOMM_V24_FC;
468
469 d->v24_sig = v24_sig;
470
471 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
472 rfcomm_schedule(RFCOMM_SCHED_TX);
473
474 return 0;
475}
476
477int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
478{
479 BT_DBG("dlc %p state %ld v24_sig 0x%x",
480 d, d->state, d->v24_sig);
481
482 *v24_sig = d->v24_sig;
483 return 0;
484}
485
486/* ---- RFCOMM sessions ---- */
487static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
488{
489 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
490 if (!s)
491 return NULL;
492 memset(s, 0, sizeof(*s));
493
494 BT_DBG("session %p sock %p", s, sock);
495
496 INIT_LIST_HEAD(&s->dlcs);
497 s->state = state;
498 s->sock = sock;
499
500 s->mtu = RFCOMM_DEFAULT_MTU;
501 s->cfc = RFCOMM_CFC_UNKNOWN;
502
503 /* Do not increment module usage count for listening sessions.
504 * Otherwise we won't be able to unload the module. */
505 if (state != BT_LISTEN)
506 if (!try_module_get(THIS_MODULE)) {
507 kfree(s);
508 return NULL;
509 }
510
511 list_add(&s->list, &session_list);
512
513 return s;
514}
515
516static void rfcomm_session_del(struct rfcomm_session *s)
517{
518 int state = s->state;
519
520 BT_DBG("session %p state %ld", s, s->state);
521
522 list_del(&s->list);
523
524 if (state == BT_CONNECTED)
525 rfcomm_send_disc(s, 0);
526
527 sock_release(s->sock);
528 kfree(s);
529
530 if (state != BT_LISTEN)
531 module_put(THIS_MODULE);
532}
533
534static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
535{
536 struct rfcomm_session *s;
537 struct list_head *p, *n;
538 struct bt_sock *sk;
539 list_for_each_safe(p, n, &session_list) {
540 s = list_entry(p, struct rfcomm_session, list);
541 sk = bt_sk(s->sock->sk);
542
543 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
544 !bacmp(&sk->dst, dst))
545 return s;
546 }
547 return NULL;
548}
549
550static void rfcomm_session_close(struct rfcomm_session *s, int err)
551{
552 struct rfcomm_dlc *d;
553 struct list_head *p, *n;
554
555 BT_DBG("session %p state %ld err %d", s, s->state, err);
556
557 rfcomm_session_hold(s);
558
559 s->state = BT_CLOSED;
560
561 /* Close all dlcs */
562 list_for_each_safe(p, n, &s->dlcs) {
563 d = list_entry(p, struct rfcomm_dlc, list);
564 d->state = BT_CLOSED;
565 __rfcomm_dlc_close(d, err);
566 }
567
568 rfcomm_session_put(s);
569}
570
571static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
572{
573 struct rfcomm_session *s = NULL;
574 struct sockaddr_l2 addr;
575 struct socket *sock;
576 struct sock *sk;
577
578 BT_DBG("%s %s", batostr(src), batostr(dst));
579
580 *err = rfcomm_l2sock_create(&sock);
581 if (*err < 0)
582 return NULL;
583
584 bacpy(&addr.l2_bdaddr, src);
585 addr.l2_family = AF_BLUETOOTH;
586 addr.l2_psm = 0;
587 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
588 if (*err < 0)
589 goto failed;
590
591 /* Set L2CAP options */
592 sk = sock->sk;
593 lock_sock(sk);
594 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
595 release_sock(sk);
596
597 s = rfcomm_session_add(sock, BT_BOUND);
598 if (!s) {
599 *err = -ENOMEM;
600 goto failed;
601 }
602
603 rfcomm_session_hold(s);
604
605 s->initiator = 1;
606
607 bacpy(&addr.l2_bdaddr, dst);
608 addr.l2_family = AF_BLUETOOTH;
609 addr.l2_psm = htobs(RFCOMM_PSM);
610 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
611 if (*err == 0 || *err == -EAGAIN)
612 return s;
613
614 rfcomm_session_del(s);
615 return NULL;
616
617failed:
618 sock_release(sock);
619 return NULL;
620}
621
622void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
623{
624 struct sock *sk = s->sock->sk;
625 if (src)
626 bacpy(src, &bt_sk(sk)->src);
627 if (dst)
628 bacpy(dst, &bt_sk(sk)->dst);
629}
630
631/* ---- RFCOMM frame sending ---- */
632static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
633{
634 struct socket *sock = s->sock;
635 struct kvec iv = { data, len };
636 struct msghdr msg;
637
638 BT_DBG("session %p len %d", s, len);
639
640 memset(&msg, 0, sizeof(msg));
641
642 return kernel_sendmsg(sock, &msg, &iv, 1, len);
643}
644
645static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
646{
647 struct rfcomm_cmd cmd;
648
649 BT_DBG("%p dlci %d", s, dlci);
650
651 cmd.addr = __addr(s->initiator, dlci);
652 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
653 cmd.len = __len8(0);
654 cmd.fcs = __fcs2((u8 *) &cmd);
655
656 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
657}
658
659static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
660{
661 struct rfcomm_cmd cmd;
662
663 BT_DBG("%p dlci %d", s, dlci);
664
665 cmd.addr = __addr(!s->initiator, dlci);
666 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
667 cmd.len = __len8(0);
668 cmd.fcs = __fcs2((u8 *) &cmd);
669
670 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
671}
672
673static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
674{
675 struct rfcomm_cmd cmd;
676
677 BT_DBG("%p dlci %d", s, dlci);
678
679 cmd.addr = __addr(s->initiator, dlci);
680 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
681 cmd.len = __len8(0);
682 cmd.fcs = __fcs2((u8 *) &cmd);
683
684 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
685}
686
687static int rfcomm_queue_disc(struct rfcomm_dlc *d)
688{
689 struct rfcomm_cmd *cmd;
690 struct sk_buff *skb;
691
692 BT_DBG("dlc %p dlci %d", d, d->dlci);
693
694 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
695 if (!skb)
696 return -ENOMEM;
697
698 cmd = (void *) __skb_put(skb, sizeof(*cmd));
699 cmd->addr = d->addr;
700 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
701 cmd->len = __len8(0);
702 cmd->fcs = __fcs2((u8 *) cmd);
703
704 skb_queue_tail(&d->tx_queue, skb);
705 rfcomm_schedule(RFCOMM_SCHED_TX);
706 return 0;
707}
708
709static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
710{
711 struct rfcomm_cmd cmd;
712
713 BT_DBG("%p dlci %d", s, dlci);
714
715 cmd.addr = __addr(!s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
717 cmd.len = __len8(0);
718 cmd.fcs = __fcs2((u8 *) &cmd);
719
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
721}
722
723static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
724{
725 struct rfcomm_hdr *hdr;
726 struct rfcomm_mcc *mcc;
727 u8 buf[16], *ptr = buf;
728
729 BT_DBG("%p cr %d type %d", s, cr, type);
730
731 hdr = (void *) ptr; ptr += sizeof(*hdr);
732 hdr->addr = __addr(s->initiator, 0);
733 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
734 hdr->len = __len8(sizeof(*mcc) + 1);
735
736 mcc = (void *) ptr; ptr += sizeof(*mcc);
737 mcc->type = __mcc_type(cr, RFCOMM_NSC);
738 mcc->len = __len8(1);
739
740 /* Type that we didn't like */
741 *ptr = __mcc_type(cr, type); ptr++;
742
743 *ptr = __fcs(buf); ptr++;
744
745 return rfcomm_send_frame(s, buf, ptr - buf);
746}
747
748static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
749{
750 struct rfcomm_hdr *hdr;
751 struct rfcomm_mcc *mcc;
752 struct rfcomm_pn *pn;
753 u8 buf[16], *ptr = buf;
754
755 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
756
757 hdr = (void *) ptr; ptr += sizeof(*hdr);
758 hdr->addr = __addr(s->initiator, 0);
759 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
760 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
761
762 mcc = (void *) ptr; ptr += sizeof(*mcc);
763 mcc->type = __mcc_type(cr, RFCOMM_PN);
764 mcc->len = __len8(sizeof(*pn));
765
766 pn = (void *) ptr; ptr += sizeof(*pn);
767 pn->dlci = d->dlci;
768 pn->priority = d->priority;
769 pn->ack_timer = 0;
770 pn->max_retrans = 0;
771
772 if (s->cfc) {
773 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
774 pn->credits = RFCOMM_DEFAULT_CREDITS;
775 } else {
776 pn->flow_ctrl = 0;
777 pn->credits = 0;
778 }
779
780 pn->mtu = htobs(d->mtu);
781
782 *ptr = __fcs(buf); ptr++;
783
784 return rfcomm_send_frame(s, buf, ptr - buf);
785}
786
787static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
788 u8 bit_rate, u8 data_bits, u8 stop_bits,
789 u8 parity, u8 flow_ctrl_settings,
790 u8 xon_char, u8 xoff_char, u16 param_mask)
791{
792 struct rfcomm_hdr *hdr;
793 struct rfcomm_mcc *mcc;
794 struct rfcomm_rpn *rpn;
795 u8 buf[16], *ptr = buf;
796
797 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
798 "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
799 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
800 flow_ctrl_settings, xon_char, xoff_char, param_mask);
801
802 hdr = (void *) ptr; ptr += sizeof(*hdr);
803 hdr->addr = __addr(s->initiator, 0);
804 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
805 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
806
807 mcc = (void *) ptr; ptr += sizeof(*mcc);
808 mcc->type = __mcc_type(cr, RFCOMM_RPN);
809 mcc->len = __len8(sizeof(*rpn));
810
811 rpn = (void *) ptr; ptr += sizeof(*rpn);
812 rpn->dlci = __addr(1, dlci);
813 rpn->bit_rate = bit_rate;
814 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
815 rpn->flow_ctrl = flow_ctrl_settings;
816 rpn->xon_char = xon_char;
817 rpn->xoff_char = xoff_char;
818 rpn->param_mask = param_mask;
819
820 *ptr = __fcs(buf); ptr++;
821
822 return rfcomm_send_frame(s, buf, ptr - buf);
823}
824
825static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
826{
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rls *rls;
830 u8 buf[16], *ptr = buf;
831
832 BT_DBG("%p cr %d status 0x%x", s, cr, status);
833
834 hdr = (void *) ptr; ptr += sizeof(*hdr);
835 hdr->addr = __addr(s->initiator, 0);
836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
838
839 mcc = (void *) ptr; ptr += sizeof(*mcc);
840 mcc->type = __mcc_type(cr, RFCOMM_RLS);
841 mcc->len = __len8(sizeof(*rls));
842
843 rls = (void *) ptr; ptr += sizeof(*rls);
844 rls->dlci = __addr(1, dlci);
845 rls->status = status;
846
847 *ptr = __fcs(buf); ptr++;
848
849 return rfcomm_send_frame(s, buf, ptr - buf);
850}
851
852static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
853{
854 struct rfcomm_hdr *hdr;
855 struct rfcomm_mcc *mcc;
856 struct rfcomm_msc *msc;
857 u8 buf[16], *ptr = buf;
858
859 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
860
861 hdr = (void *) ptr; ptr += sizeof(*hdr);
862 hdr->addr = __addr(s->initiator, 0);
863 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
864 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
865
866 mcc = (void *) ptr; ptr += sizeof(*mcc);
867 mcc->type = __mcc_type(cr, RFCOMM_MSC);
868 mcc->len = __len8(sizeof(*msc));
869
870 msc = (void *) ptr; ptr += sizeof(*msc);
871 msc->dlci = __addr(1, dlci);
872 msc->v24_sig = v24_sig | 0x01;
873
874 *ptr = __fcs(buf); ptr++;
875
876 return rfcomm_send_frame(s, buf, ptr - buf);
877}
878
879static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
880{
881 struct rfcomm_hdr *hdr;
882 struct rfcomm_mcc *mcc;
883 u8 buf[16], *ptr = buf;
884
885 BT_DBG("%p cr %d", s, cr);
886
887 hdr = (void *) ptr; ptr += sizeof(*hdr);
888 hdr->addr = __addr(s->initiator, 0);
889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890 hdr->len = __len8(sizeof(*mcc));
891
892 mcc = (void *) ptr; ptr += sizeof(*mcc);
893 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
894 mcc->len = __len8(0);
895
896 *ptr = __fcs(buf); ptr++;
897
898 return rfcomm_send_frame(s, buf, ptr - buf);
899}
900
901static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
902{
903 struct rfcomm_hdr *hdr;
904 struct rfcomm_mcc *mcc;
905 u8 buf[16], *ptr = buf;
906
907 BT_DBG("%p cr %d", s, cr);
908
909 hdr = (void *) ptr; ptr += sizeof(*hdr);
910 hdr->addr = __addr(s->initiator, 0);
911 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912 hdr->len = __len8(sizeof(*mcc));
913
914 mcc = (void *) ptr; ptr += sizeof(*mcc);
915 mcc->type = __mcc_type(cr, RFCOMM_FCON);
916 mcc->len = __len8(0);
917
918 *ptr = __fcs(buf); ptr++;
919
920 return rfcomm_send_frame(s, buf, ptr - buf);
921}
922
923static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
924{
925 struct socket *sock = s->sock;
926 struct kvec iv[3];
927 struct msghdr msg;
928 unsigned char hdr[5], crc[1];
929
930 if (len > 125)
931 return -EINVAL;
932
933 BT_DBG("%p cr %d", s, cr);
934
935 hdr[0] = __addr(s->initiator, 0);
936 hdr[1] = __ctrl(RFCOMM_UIH, 0);
937 hdr[2] = 0x01 | ((len + 2) << 1);
938 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
939 hdr[4] = 0x01 | (len << 1);
940
941 crc[0] = __fcs(hdr);
942
943 iv[0].iov_base = hdr;
944 iv[0].iov_len = 5;
945 iv[1].iov_base = pattern;
946 iv[1].iov_len = len;
947 iv[2].iov_base = crc;
948 iv[2].iov_len = 1;
949
950 memset(&msg, 0, sizeof(msg));
951
952 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
953}
954
955static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
956{
957 struct rfcomm_hdr *hdr;
958 u8 buf[16], *ptr = buf;
959
960 BT_DBG("%p addr %d credits %d", s, addr, credits);
961
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = addr;
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
965 hdr->len = __len8(0);
966
967 *ptr = credits; ptr++;
968
969 *ptr = __fcs(buf); ptr++;
970
971 return rfcomm_send_frame(s, buf, ptr - buf);
972}
973
974static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
975{
976 struct rfcomm_hdr *hdr;
977 int len = skb->len;
978 u8 *crc;
979
980 if (len > 127) {
981 hdr = (void *) skb_push(skb, 4);
982 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
983 } else {
984 hdr = (void *) skb_push(skb, 3);
985 hdr->len = __len8(len);
986 }
987 hdr->addr = addr;
988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
989
990 crc = skb_put(skb, 1);
991 *crc = __fcs((void *) hdr);
992}
993
994/* ---- RFCOMM frame reception ---- */
995static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
996{
997 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
998
999 if (dlci) {
1000 /* Data channel */
1001 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1002 if (!d) {
1003 rfcomm_send_dm(s, dlci);
1004 return 0;
1005 }
1006
1007 switch (d->state) {
1008 case BT_CONNECT:
1009 rfcomm_dlc_clear_timer(d);
1010
1011 rfcomm_dlc_lock(d);
1012 d->state = BT_CONNECTED;
1013 d->state_change(d, 0);
1014 rfcomm_dlc_unlock(d);
1015
1016 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1017 break;
1018
1019 case BT_DISCONN:
1020 d->state = BT_CLOSED;
1021 __rfcomm_dlc_close(d, 0);
1022 break;
1023 }
1024 } else {
1025 /* Control channel */
1026 switch (s->state) {
1027 case BT_CONNECT:
1028 s->state = BT_CONNECTED;
1029 rfcomm_process_connect(s);
1030 break;
1031 }
1032 }
1033 return 0;
1034}
1035
1036static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1037{
1038 int err = 0;
1039
1040 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1041
1042 if (dlci) {
1043 /* Data DLC */
1044 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1045 if (d) {
1046 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1047 err = ECONNREFUSED;
1048 else
1049 err = ECONNRESET;
1050
1051 d->state = BT_CLOSED;
1052 __rfcomm_dlc_close(d, err);
1053 }
1054 } else {
1055 if (s->state == BT_CONNECT)
1056 err = ECONNREFUSED;
1057 else
1058 err = ECONNRESET;
1059
1060 s->state = BT_CLOSED;
1061 rfcomm_session_close(s, err);
1062 }
1063 return 0;
1064}
1065
1066static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1067{
1068 int err = 0;
1069
1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1071
1072 if (dlci) {
1073 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1074 if (d) {
1075 rfcomm_send_ua(s, dlci);
1076
1077 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1078 err = ECONNREFUSED;
1079 else
1080 err = ECONNRESET;
1081
1082 d->state = BT_CLOSED;
1083 __rfcomm_dlc_close(d, err);
1084 } else
1085 rfcomm_send_dm(s, dlci);
1086
1087 } else {
1088 rfcomm_send_ua(s, 0);
1089
1090 if (s->state == BT_CONNECT)
1091 err = ECONNREFUSED;
1092 else
1093 err = ECONNRESET;
1094
1095 s->state = BT_CLOSED;
1096 rfcomm_session_close(s, err);
1097 }
1098
1099 return 0;
1100}
1101
1102static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1103{
1104 struct sock *sk = d->session->sock->sk;
1105
1106 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1107 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1108 return 1;
1109 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1110 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1111 return 1;
1112 }
1113
1114 return 0;
1115}
1116
1117static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1118{
1119 BT_DBG("dlc %p", d);
1120
1121 rfcomm_send_ua(d->session, d->dlci);
1122
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1127
1128 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1129}
1130
1131static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1132{
1133 struct rfcomm_dlc *d;
1134 u8 channel;
1135
1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1137
1138 if (!dlci) {
1139 rfcomm_send_ua(s, 0);
1140
1141 if (s->state == BT_OPEN) {
1142 s->state = BT_CONNECTED;
1143 rfcomm_process_connect(s);
1144 }
1145 return 0;
1146 }
1147
1148 /* Check if DLC exists */
1149 d = rfcomm_dlc_get(s, dlci);
1150 if (d) {
1151 if (d->state == BT_OPEN) {
1152 /* DLC was previously opened by PN request */
1153 if (rfcomm_check_link_mode(d)) {
1154 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1155 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1156 return 0;
1157 }
1158
1159 rfcomm_dlc_accept(d);
1160 }
1161 return 0;
1162 }
1163
1164 /* Notify socket layer about incoming connection */
1165 channel = __srv_channel(dlci);
1166 if (rfcomm_connect_ind(s, channel, &d)) {
1167 d->dlci = dlci;
1168 d->addr = __addr(s->initiator, dlci);
1169 rfcomm_dlc_link(s, d);
1170
1171 if (rfcomm_check_link_mode(d)) {
1172 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1173 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1174 return 0;
1175 }
1176
1177 rfcomm_dlc_accept(d);
1178 } else {
1179 rfcomm_send_dm(s, dlci);
1180 }
1181
1182 return 0;
1183}
1184
1185static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1186{
1187 struct rfcomm_session *s = d->session;
1188
1189 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1190 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1191
1192 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1193 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1194 d->tx_credits = pn->credits;
1195 } else {
1196 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1197 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1198 }
1199
1200 d->priority = pn->priority;
1201
1202 d->mtu = s->mtu = btohs(pn->mtu);
1203
1204 return 0;
1205}
1206
1207static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1208{
1209 struct rfcomm_pn *pn = (void *) skb->data;
1210 struct rfcomm_dlc *d;
1211 u8 dlci = pn->dlci;
1212
1213 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1214
1215 if (!dlci)
1216 return 0;
1217
1218 d = rfcomm_dlc_get(s, dlci);
1219 if (d) {
1220 if (cr) {
1221 /* PN request */
1222 rfcomm_apply_pn(d, cr, pn);
1223 rfcomm_send_pn(s, 0, d);
1224 } else {
1225 /* PN response */
1226 switch (d->state) {
1227 case BT_CONFIG:
1228 rfcomm_apply_pn(d, cr, pn);
1229
1230 d->state = BT_CONNECT;
1231 rfcomm_send_sabm(s, d->dlci);
1232 break;
1233 }
1234 }
1235 } else {
1236 u8 channel = __srv_channel(dlci);
1237
1238 if (!cr)
1239 return 0;
1240
1241 /* PN request for non existing DLC.
1242 * Assume incoming connection. */
1243 if (rfcomm_connect_ind(s, channel, &d)) {
1244 d->dlci = dlci;
1245 d->addr = __addr(s->initiator, dlci);
1246 rfcomm_dlc_link(s, d);
1247
1248 rfcomm_apply_pn(d, cr, pn);
1249
1250 d->state = BT_OPEN;
1251 rfcomm_send_pn(s, 0, d);
1252 } else {
1253 rfcomm_send_dm(s, dlci);
1254 }
1255 }
1256 return 0;
1257}
1258
1259static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1260{
1261 struct rfcomm_rpn *rpn = (void *) skb->data;
1262 u8 dlci = __get_dlci(rpn->dlci);
1263
1264 u8 bit_rate = 0;
1265 u8 data_bits = 0;
1266 u8 stop_bits = 0;
1267 u8 parity = 0;
1268 u8 flow_ctrl = 0;
1269 u8 xon_char = 0;
1270 u8 xoff_char = 0;
1271 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1272
1273 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1274 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1275 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1276
1277 if (!cr)
1278 return 0;
1279
1280 if (len == 1) {
1281 /* request: return default setting */
1282 bit_rate = RFCOMM_RPN_BR_115200;
1283 data_bits = RFCOMM_RPN_DATA_8;
1284 stop_bits = RFCOMM_RPN_STOP_1;
1285 parity = RFCOMM_RPN_PARITY_NONE;
1286 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1287 xon_char = RFCOMM_RPN_XON_CHAR;
1288 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1289
1290 goto rpn_out;
1291 }
1292 /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1293 no flow control lines, normal XON/XOFF chars */
1294 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1295 bit_rate = rpn->bit_rate;
1296 if (bit_rate != RFCOMM_RPN_BR_115200) {
1297 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1298 bit_rate = RFCOMM_RPN_BR_115200;
1299 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1300 }
1301 }
1302 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1303 data_bits = __get_rpn_data_bits(rpn->line_settings);
1304 if (data_bits != RFCOMM_RPN_DATA_8) {
1305 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1306 data_bits = RFCOMM_RPN_DATA_8;
1307 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1308 }
1309 }
1310 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1311 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1312 if (stop_bits != RFCOMM_RPN_STOP_1) {
1313 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1314 stop_bits = RFCOMM_RPN_STOP_1;
1315 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1316 }
1317 }
1318 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1319 parity = __get_rpn_parity(rpn->line_settings);
1320 if (parity != RFCOMM_RPN_PARITY_NONE) {
1321 BT_DBG("RPN parity mismatch 0x%x", parity);
1322 parity = RFCOMM_RPN_PARITY_NONE;
1323 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1324 }
1325 }
1326 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1327 flow_ctrl = rpn->flow_ctrl;
1328 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1329 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1330 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1331 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1332 }
1333 }
1334 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1335 xon_char = rpn->xon_char;
1336 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1337 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1338 xon_char = RFCOMM_RPN_XON_CHAR;
1339 rpn_mask ^= RFCOMM_RPN_PM_XON;
1340 }
1341 }
1342 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1343 xoff_char = rpn->xoff_char;
1344 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1345 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1346 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1347 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1348 }
1349 }
1350
1351rpn_out:
1352 rfcomm_send_rpn(s, 0, dlci,
1353 bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1354 xon_char, xoff_char, rpn_mask);
1355
1356 return 0;
1357}
1358
1359static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1360{
1361 struct rfcomm_rls *rls = (void *) skb->data;
1362 u8 dlci = __get_dlci(rls->dlci);
1363
1364 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1365
1366 if (!cr)
1367 return 0;
1368
1369 /* FIXME: We should probably do something with this
1370 information here. But for now it's sufficient just
1371 to reply -- Bluetooth 1.1 says it's mandatory to
1372 recognise and respond to RLS */
1373
1374 rfcomm_send_rls(s, 0, dlci, rls->status);
1375
1376 return 0;
1377}
1378
1379static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1380{
1381 struct rfcomm_msc *msc = (void *) skb->data;
1382 struct rfcomm_dlc *d;
1383 u8 dlci = __get_dlci(msc->dlci);
1384
1385 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1386
1387 d = rfcomm_dlc_get(s, dlci);
1388 if (!d)
1389 return 0;
1390
1391 if (cr) {
1392 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1393 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1394 else
1395 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1396
1397 rfcomm_dlc_lock(d);
1398 if (d->modem_status)
1399 d->modem_status(d, msc->v24_sig);
1400 rfcomm_dlc_unlock(d);
1401
1402 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1403
1404 d->mscex |= RFCOMM_MSCEX_RX;
1405 } else
1406 d->mscex |= RFCOMM_MSCEX_TX;
1407
1408 return 0;
1409}
1410
1411static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1412{
1413 struct rfcomm_mcc *mcc = (void *) skb->data;
1414 u8 type, cr, len;
1415
1416 cr = __test_cr(mcc->type);
1417 type = __get_mcc_type(mcc->type);
1418 len = __get_mcc_len(mcc->len);
1419
1420 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1421
1422 skb_pull(skb, 2);
1423
1424 switch (type) {
1425 case RFCOMM_PN:
1426 rfcomm_recv_pn(s, cr, skb);
1427 break;
1428
1429 case RFCOMM_RPN:
1430 rfcomm_recv_rpn(s, cr, len, skb);
1431 break;
1432
1433 case RFCOMM_RLS:
1434 rfcomm_recv_rls(s, cr, skb);
1435 break;
1436
1437 case RFCOMM_MSC:
1438 rfcomm_recv_msc(s, cr, skb);
1439 break;
1440
1441 case RFCOMM_FCOFF:
1442 if (cr) {
1443 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1444 rfcomm_send_fcoff(s, 0);
1445 }
1446 break;
1447
1448 case RFCOMM_FCON:
1449 if (cr) {
1450 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1451 rfcomm_send_fcon(s, 0);
1452 }
1453 break;
1454
1455 case RFCOMM_TEST:
1456 if (cr)
1457 rfcomm_send_test(s, 0, skb->data, skb->len);
1458 break;
1459
1460 case RFCOMM_NSC:
1461 break;
1462
1463 default:
1464 BT_ERR("Unknown control type 0x%02x", type);
1465 rfcomm_send_nsc(s, cr, type);
1466 break;
1467 }
1468 return 0;
1469}
1470
1471static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1472{
1473 struct rfcomm_dlc *d;
1474
1475 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1476
1477 d = rfcomm_dlc_get(s, dlci);
1478 if (!d) {
1479 rfcomm_send_dm(s, dlci);
1480 goto drop;
1481 }
1482
1483 if (pf && d->cfc) {
1484 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1485
1486 d->tx_credits += credits;
1487 if (d->tx_credits)
1488 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1489 }
1490
1491 if (skb->len && d->state == BT_CONNECTED) {
1492 rfcomm_dlc_lock(d);
1493 d->rx_credits--;
1494 d->data_ready(d, skb);
1495 rfcomm_dlc_unlock(d);
1496 return 0;
1497 }
1498
1499drop:
1500 kfree_skb(skb);
1501 return 0;
1502}
1503
1504static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1505{
1506 struct rfcomm_hdr *hdr = (void *) skb->data;
1507 u8 type, dlci, fcs;
1508
1509 dlci = __get_dlci(hdr->addr);
1510 type = __get_type(hdr->ctrl);
1511
1512 /* Trim FCS */
1513 skb->len--; skb->tail--;
1514 fcs = *(u8 *) skb->tail;
1515
1516 if (__check_fcs(skb->data, type, fcs)) {
1517 BT_ERR("bad checksum in packet");
1518 kfree_skb(skb);
1519 return -EILSEQ;
1520 }
1521
1522 if (__test_ea(hdr->len))
1523 skb_pull(skb, 3);
1524 else
1525 skb_pull(skb, 4);
1526
1527 switch (type) {
1528 case RFCOMM_SABM:
1529 if (__test_pf(hdr->ctrl))
1530 rfcomm_recv_sabm(s, dlci);
1531 break;
1532
1533 case RFCOMM_DISC:
1534 if (__test_pf(hdr->ctrl))
1535 rfcomm_recv_disc(s, dlci);
1536 break;
1537
1538 case RFCOMM_UA:
1539 if (__test_pf(hdr->ctrl))
1540 rfcomm_recv_ua(s, dlci);
1541 break;
1542
1543 case RFCOMM_DM:
1544 rfcomm_recv_dm(s, dlci);
1545 break;
1546
1547 case RFCOMM_UIH:
1548 if (dlci)
1549 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1550
1551 rfcomm_recv_mcc(s, skb);
1552 break;
1553
1554 default:
1555 BT_ERR("Unknown packet type 0x%02x\n", type);
1556 break;
1557 }
1558 kfree_skb(skb);
1559 return 0;
1560}
1561
1562/* ---- Connection and data processing ---- */
1563
1564static void rfcomm_process_connect(struct rfcomm_session *s)
1565{
1566 struct rfcomm_dlc *d;
1567 struct list_head *p, *n;
1568
1569 BT_DBG("session %p state %ld", s, s->state);
1570
1571 list_for_each_safe(p, n, &s->dlcs) {
1572 d = list_entry(p, struct rfcomm_dlc, list);
1573 if (d->state == BT_CONFIG) {
1574 d->mtu = s->mtu;
1575 rfcomm_send_pn(s, 1, d);
1576 }
1577 }
1578}
1579
1580/* Send data queued for the DLC.
1581 * Return number of frames left in the queue.
1582 */
1583static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1584{
1585 struct sk_buff *skb;
1586 int err;
1587
1588 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1589 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1590
1591 /* Send pending MSC */
1592 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1593 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1594
1595 if (d->cfc) {
1596 /* CFC enabled.
1597 * Give them some credits */
1598 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1599 d->rx_credits <= (d->cfc >> 2)) {
1600 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1601 d->rx_credits = d->cfc;
1602 }
1603 } else {
1604 /* CFC disabled.
1605 * Give ourselves some credits */
1606 d->tx_credits = 5;
1607 }
1608
1609 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1610 return skb_queue_len(&d->tx_queue);
1611
1612 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1613 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1614 if (err < 0) {
1615 skb_queue_head(&d->tx_queue, skb);
1616 break;
1617 }
1618 kfree_skb(skb);
1619 d->tx_credits--;
1620 }
1621
1622 if (d->cfc && !d->tx_credits) {
1623 /* We're out of TX credits.
1624 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1625 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1626 }
1627
1628 return skb_queue_len(&d->tx_queue);
1629}
1630
1631static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1632{
1633 struct rfcomm_dlc *d;
1634 struct list_head *p, *n;
1635
1636 BT_DBG("session %p state %ld", s, s->state);
1637
1638 list_for_each_safe(p, n, &s->dlcs) {
1639 d = list_entry(p, struct rfcomm_dlc, list);
1640
1641 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1642 __rfcomm_dlc_close(d, ETIMEDOUT);
1643 continue;
1644 }
1645
1646 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1647 rfcomm_dlc_clear_timer(d);
1648 rfcomm_dlc_accept(d);
1649 if (d->link_mode & RFCOMM_LM_SECURE) {
1650 struct sock *sk = s->sock->sk;
1651 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1652 }
1653 continue;
1654 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1655 rfcomm_dlc_clear_timer(d);
1656 rfcomm_send_dm(s, d->dlci);
1657 __rfcomm_dlc_close(d, ECONNREFUSED);
1658 continue;
1659 }
1660
1661 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1662 continue;
1663
1664 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1665 d->mscex == RFCOMM_MSCEX_OK)
1666 rfcomm_process_tx(d);
1667 }
1668}
1669
1670static inline void rfcomm_process_rx(struct rfcomm_session *s)
1671{
1672 struct socket *sock = s->sock;
1673 struct sock *sk = sock->sk;
1674 struct sk_buff *skb;
1675
1676 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1677
1678 /* Get data directly from socket receive queue without copying it. */
1679 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1680 skb_orphan(skb);
1681 rfcomm_recv_frame(s, skb);
1682 }
1683
1684 if (sk->sk_state == BT_CLOSED) {
1685 if (!s->initiator)
1686 rfcomm_session_put(s);
1687
1688 rfcomm_session_close(s, sk->sk_err);
1689 }
1690}
1691
1692static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1693{
1694 struct socket *sock = s->sock, *nsock;
1695 int err;
1696
1697 /* Fast check for a new connection.
1698 * Avoids unnesesary socket allocations. */
1699 if (list_empty(&bt_sk(sock->sk)->accept_q))
1700 return;
1701
1702 BT_DBG("session %p", s);
1703
1704 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1705 return;
1706
1707 nsock->ops = sock->ops;
1708
1709 __module_get(nsock->ops->owner);
1710
1711 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1712 if (err < 0) {
1713 sock_release(nsock);
1714 return;
1715 }
1716
1717 /* Set our callbacks */
1718 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1719 nsock->sk->sk_state_change = rfcomm_l2state_change;
1720
1721 s = rfcomm_session_add(nsock, BT_OPEN);
1722 if (s) {
1723 rfcomm_session_hold(s);
1724 rfcomm_schedule(RFCOMM_SCHED_RX);
1725 } else
1726 sock_release(nsock);
1727}
1728
1729static inline void rfcomm_check_connection(struct rfcomm_session *s)
1730{
1731 struct sock *sk = s->sock->sk;
1732
1733 BT_DBG("%p state %ld", s, s->state);
1734
1735 switch(sk->sk_state) {
1736 case BT_CONNECTED:
1737 s->state = BT_CONNECT;
1738
1739 /* We can adjust MTU on outgoing sessions.
1740 * L2CAP MTU minus UIH header and FCS. */
1741 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1742
1743 rfcomm_send_sabm(s, 0);
1744 break;
1745
1746 case BT_CLOSED:
1747 s->state = BT_CLOSED;
1748 rfcomm_session_close(s, sk->sk_err);
1749 break;
1750 }
1751}
1752
1753static inline void rfcomm_process_sessions(void)
1754{
1755 struct list_head *p, *n;
1756
1757 rfcomm_lock();
1758
1759 list_for_each_safe(p, n, &session_list) {
1760 struct rfcomm_session *s;
1761 s = list_entry(p, struct rfcomm_session, list);
1762
1763 if (s->state == BT_LISTEN) {
1764 rfcomm_accept_connection(s);
1765 continue;
1766 }
1767
1768 rfcomm_session_hold(s);
1769
1770 switch (s->state) {
1771 case BT_BOUND:
1772 rfcomm_check_connection(s);
1773 break;
1774
1775 default:
1776 rfcomm_process_rx(s);
1777 break;
1778 }
1779
1780 rfcomm_process_dlcs(s);
1781
1782 rfcomm_session_put(s);
1783 }
1784
1785 rfcomm_unlock();
1786}
1787
1788static void rfcomm_worker(void)
1789{
1790 BT_DBG("");
1791
1792 while (!atomic_read(&terminate)) {
1793 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1794 /* No pending events. Let's sleep.
1795 * Incoming connections and data will wake us up. */
1796 set_current_state(TASK_INTERRUPTIBLE);
1797 schedule();
1798 }
1799
1800 /* Process stuff */
1801 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1802 rfcomm_process_sessions();
1803 }
1804 set_current_state(TASK_RUNNING);
1805 return;
1806}
1807
1808static int rfcomm_add_listener(bdaddr_t *ba)
1809{
1810 struct sockaddr_l2 addr;
1811 struct socket *sock;
1812 struct sock *sk;
1813 struct rfcomm_session *s;
1814 int err = 0;
1815
1816 /* Create socket */
1817 err = rfcomm_l2sock_create(&sock);
1818 if (err < 0) {
1819 BT_ERR("Create socket failed %d", err);
1820 return err;
1821 }
1822
1823 /* Bind socket */
1824 bacpy(&addr.l2_bdaddr, ba);
1825 addr.l2_family = AF_BLUETOOTH;
1826 addr.l2_psm = htobs(RFCOMM_PSM);
1827 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1828 if (err < 0) {
1829 BT_ERR("Bind failed %d", err);
1830 goto failed;
1831 }
1832
1833 /* Set L2CAP options */
1834 sk = sock->sk;
1835 lock_sock(sk);
1836 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1837 release_sock(sk);
1838
1839 /* Start listening on the socket */
1840 err = sock->ops->listen(sock, 10);
1841 if (err) {
1842 BT_ERR("Listen failed %d", err);
1843 goto failed;
1844 }
1845
1846 /* Add listening session */
1847 s = rfcomm_session_add(sock, BT_LISTEN);
1848 if (!s)
1849 goto failed;
1850
1851 rfcomm_session_hold(s);
1852 return 0;
1853failed:
1854 sock_release(sock);
1855 return err;
1856}
1857
1858static void rfcomm_kill_listener(void)
1859{
1860 struct rfcomm_session *s;
1861 struct list_head *p, *n;
1862
1863 BT_DBG("");
1864
1865 list_for_each_safe(p, n, &session_list) {
1866 s = list_entry(p, struct rfcomm_session, list);
1867 rfcomm_session_del(s);
1868 }
1869}
1870
1871static int rfcomm_run(void *unused)
1872{
1873 rfcomm_thread = current;
1874
1875 atomic_inc(&running);
1876
1877 daemonize("krfcommd");
1878 set_user_nice(current, -10);
1879 current->flags |= PF_NOFREEZE;
1880
1881 BT_DBG("");
1882
1883 rfcomm_add_listener(BDADDR_ANY);
1884
1885 rfcomm_worker();
1886
1887 rfcomm_kill_listener();
1888
1889 atomic_dec(&running);
1890 return 0;
1891}
1892
1893static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1894{
1895 struct rfcomm_session *s;
1896 struct rfcomm_dlc *d;
1897 struct list_head *p, *n;
1898
1899 BT_DBG("conn %p status 0x%02x", conn, status);
1900
1901 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1902 if (!s)
1903 return;
1904
1905 rfcomm_session_hold(s);
1906
1907 list_for_each_safe(p, n, &s->dlcs) {
1908 d = list_entry(p, struct rfcomm_dlc, list);
1909
1910 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1911 continue;
1912
1913 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1914 continue;
1915
1916 if (!status)
1917 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1918 else
1919 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1920 }
1921
1922 rfcomm_session_put(s);
1923
1924 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1925}
1926
1927static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1928{
1929 struct rfcomm_session *s;
1930 struct rfcomm_dlc *d;
1931 struct list_head *p, *n;
1932
1933 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1934
1935 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1936 if (!s)
1937 return;
1938
1939 rfcomm_session_hold(s);
1940
1941 list_for_each_safe(p, n, &s->dlcs) {
1942 d = list_entry(p, struct rfcomm_dlc, list);
1943
1944 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1945 continue;
1946
1947 if (!status && encrypt)
1948 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1949 else
1950 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1951 }
1952
1953 rfcomm_session_put(s);
1954
1955 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1956}
1957
1958static struct hci_cb rfcomm_cb = {
1959 .name = "RFCOMM",
1960 .auth_cfm = rfcomm_auth_cfm,
1961 .encrypt_cfm = rfcomm_encrypt_cfm
1962};
1963
1964/* ---- Proc fs support ---- */
1965#ifdef CONFIG_PROC_FS
1966static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1967{
1968 struct rfcomm_session *s;
1969 struct list_head *pp, *p;
1970 loff_t l = *pos;
1971
1972 rfcomm_lock();
1973
1974 list_for_each(p, &session_list) {
1975 s = list_entry(p, struct rfcomm_session, list);
1976 list_for_each(pp, &s->dlcs)
1977 if (!l--) {
1978 seq->private = s;
1979 return pp;
1980 }
1981 }
1982 return NULL;
1983}
1984
1985static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1986{
1987 struct rfcomm_session *s = seq->private;
1988 struct list_head *pp, *p = e;
1989 (*pos)++;
1990
1991 if (p->next != &s->dlcs)
1992 return p->next;
1993
1994 list_for_each(p, &session_list) {
1995 s = list_entry(p, struct rfcomm_session, list);
1996 __list_for_each(pp, &s->dlcs) {
1997 seq->private = s;
1998 return pp;
1999 }
2000 }
2001 return NULL;
2002}
2003
2004static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2005{
2006 rfcomm_unlock();
2007}
2008
2009static int rfcomm_seq_show(struct seq_file *seq, void *e)
2010{
2011 struct rfcomm_session *s = seq->private;
2012 struct sock *sk = s->sock->sk;
2013 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2014
2015 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018 return 0;
2019}
2020
2021static struct seq_operations rfcomm_seq_ops = {
2022 .start = rfcomm_seq_start,
2023 .next = rfcomm_seq_next,
2024 .stop = rfcomm_seq_stop,
2025 .show = rfcomm_seq_show
2026};
2027
2028static int rfcomm_seq_open(struct inode *inode, struct file *file)
2029{
2030 return seq_open(file, &rfcomm_seq_ops);
2031}
2032
2033static struct file_operations rfcomm_seq_fops = {
2034 .owner = THIS_MODULE,
2035 .open = rfcomm_seq_open,
2036 .read = seq_read,
2037 .llseek = seq_lseek,
2038 .release = seq_release,
2039};
2040
2041static int __init rfcomm_proc_init(void)
2042{
2043 struct proc_dir_entry *p;
2044
2045 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2046 if (proc_bt_rfcomm) {
2047 proc_bt_rfcomm->owner = THIS_MODULE;
2048
2049 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2050 if (p)
2051 p->proc_fops = &rfcomm_seq_fops;
2052 }
2053 return 0;
2054}
2055
2056static void __exit rfcomm_proc_cleanup(void)
2057{
2058 remove_proc_entry("dlc", proc_bt_rfcomm);
2059
2060 remove_proc_entry("rfcomm", proc_bt);
2061}
2062
2063#else /* CONFIG_PROC_FS */
2064
2065static int __init rfcomm_proc_init(void)
2066{
2067 return 0;
2068}
2069
2070static void __exit rfcomm_proc_cleanup(void)
2071{
2072 return;
2073}
2074#endif /* CONFIG_PROC_FS */
2075
2076/* ---- Initialization ---- */
2077static int __init rfcomm_init(void)
2078{
2079 l2cap_load();
2080
2081 hci_register_cb(&rfcomm_cb);
2082
2083 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2084
2085 BT_INFO("RFCOMM ver %s", VERSION);
2086
2087 rfcomm_proc_init();
2088
2089 rfcomm_init_sockets();
2090
2091#ifdef CONFIG_BT_RFCOMM_TTY
2092 rfcomm_init_ttys();
2093#endif
2094
2095 return 0;
2096}
2097
2098static void __exit rfcomm_exit(void)
2099{
2100 hci_unregister_cb(&rfcomm_cb);
2101
2102 /* Terminate working thread.
2103 * ie. Set terminate flag and wake it up */
2104 atomic_inc(&terminate);
2105 rfcomm_schedule(RFCOMM_SCHED_STATE);
2106
2107 /* Wait until thread is running */
2108 while (atomic_read(&running))
2109 schedule();
2110
2111#ifdef CONFIG_BT_RFCOMM_TTY
2112 rfcomm_cleanup_ttys();
2113#endif
2114
2115 rfcomm_cleanup_sockets();
2116
2117 rfcomm_proc_cleanup();
2118}
2119
2120module_init(rfcomm_init);
2121module_exit(rfcomm_exit);
2122
2123MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2124MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2125MODULE_VERSION(VERSION);
2126MODULE_LICENSE("GPL");
2127MODULE_ALIAS("bt-proto-3");
diff --git a/net/bluetooth/rfcomm/crc.c b/net/bluetooth/rfcomm/crc.c
new file mode 100644
index 000000000000..1011bc4a8692
--- /dev/null
+++ b/net/bluetooth/rfcomm/crc.c
@@ -0,0 +1,71 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM FCS calculation.
26 *
27 * $Id: crc.c,v 1.2 2002/09/21 09:54:32 holtmann Exp $
28 */
29
30/* reversed, 8-bit, poly=0x07 */
31unsigned char rfcomm_crc_table[256] = {
32 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
33 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
34 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
35 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
36
37 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
38 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
39 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
40 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
41
42 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
43 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
44 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
45 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
46
47 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
48 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
49 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
50 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
51
52 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
53 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
54 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
55 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
56
57 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
58 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
59 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
60 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
61
62 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
63 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
64 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
65 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
66
67 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
68 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
69 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
70 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
71};
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
new file mode 100644
index 000000000000..640028a2183c
--- /dev/null
+++ b/net/bluetooth/rfcomm/sock.c
@@ -0,0 +1,1010 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM sockets.
26 *
27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $
28 */
29
30#include <linux/config.h>
31#include <linux/module.h>
32
33#include <linux/types.h>
34#include <linux/errno.h>
35#include <linux/kernel.h>
36#include <linux/major.h>
37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
45#include <linux/list.h>
46#include <linux/proc_fs.h>
47#include <linux/seq_file.h>
48#include <net/sock.h>
49
50#include <asm/system.h>
51#include <asm/uaccess.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55#include <net/bluetooth/l2cap.h>
56#include <net/bluetooth/rfcomm.h>
57
58#ifndef CONFIG_BT_RFCOMM_DEBUG
59#undef BT_DBG
60#define BT_DBG(D...)
61#endif
62
63static struct proto_ops rfcomm_sock_ops;
64
65static struct bt_sock_list rfcomm_sk_list = {
66 .lock = RW_LOCK_UNLOCKED
67};
68
69static void rfcomm_sock_close(struct sock *sk);
70static void rfcomm_sock_kill(struct sock *sk);
71
72/* ---- DLC callbacks ----
73 *
74 * called under rfcomm_dlc_lock()
75 */
76static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
77{
78 struct sock *sk = d->owner;
79 if (!sk)
80 return;
81
82 atomic_add(skb->len, &sk->sk_rmem_alloc);
83 skb_queue_tail(&sk->sk_receive_queue, skb);
84 sk->sk_data_ready(sk, skb->len);
85
86 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
87 rfcomm_dlc_throttle(d);
88}
89
90static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
91{
92 struct sock *sk = d->owner, *parent;
93 if (!sk)
94 return;
95
96 BT_DBG("dlc %p state %ld err %d", d, d->state, err);
97
98 bh_lock_sock(sk);
99
100 if (err)
101 sk->sk_err = err;
102
103 sk->sk_state = d->state;
104
105 parent = bt_sk(sk)->parent;
106 if (parent) {
107 if (d->state == BT_CLOSED) {
108 sock_set_flag(sk, SOCK_ZAPPED);
109 bt_accept_unlink(sk);
110 }
111 parent->sk_data_ready(parent, 0);
112 } else {
113 if (d->state == BT_CONNECTED)
114 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL);
115 sk->sk_state_change(sk);
116 }
117
118 bh_unlock_sock(sk);
119
120 if (parent && sock_flag(sk, SOCK_ZAPPED)) {
121 /* We have to drop DLC lock here, otherwise
122 * rfcomm_sock_destruct() will dead lock. */
123 rfcomm_dlc_unlock(d);
124 rfcomm_sock_kill(sk);
125 rfcomm_dlc_lock(d);
126 }
127}
128
129/* ---- Socket functions ---- */
130static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
131{
132 struct sock *sk = NULL;
133 struct hlist_node *node;
134
135 sk_for_each(sk, node, &rfcomm_sk_list.head) {
136 if (rfcomm_pi(sk)->channel == channel &&
137 !bacmp(&bt_sk(sk)->src, src))
138 break;
139 }
140
141 return node ? sk : NULL;
142}
143
144/* Find socket with channel and source bdaddr.
145 * Returns closest match.
146 */
147static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
148{
149 struct sock *sk = NULL, *sk1 = NULL;
150 struct hlist_node *node;
151
152 sk_for_each(sk, node, &rfcomm_sk_list.head) {
153 if (state && sk->sk_state != state)
154 continue;
155
156 if (rfcomm_pi(sk)->channel == channel) {
157 /* Exact match. */
158 if (!bacmp(&bt_sk(sk)->src, src))
159 break;
160
161 /* Closest match */
162 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
163 sk1 = sk;
164 }
165 }
166 return node ? sk : sk1;
167}
168
169/* Find socket with given address (channel, src).
170 * Returns locked socket */
171static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
172{
173 struct sock *s;
174 read_lock(&rfcomm_sk_list.lock);
175 s = __rfcomm_get_sock_by_channel(state, channel, src);
176 if (s) bh_lock_sock(s);
177 read_unlock(&rfcomm_sk_list.lock);
178 return s;
179}
180
181static void rfcomm_sock_destruct(struct sock *sk)
182{
183 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
184
185 BT_DBG("sk %p dlc %p", sk, d);
186
187 skb_queue_purge(&sk->sk_receive_queue);
188 skb_queue_purge(&sk->sk_write_queue);
189
190 rfcomm_dlc_lock(d);
191 rfcomm_pi(sk)->dlc = NULL;
192
193 /* Detach DLC if it's owned by this socket */
194 if (d->owner == sk)
195 d->owner = NULL;
196 rfcomm_dlc_unlock(d);
197
198 rfcomm_dlc_put(d);
199}
200
201static void rfcomm_sock_cleanup_listen(struct sock *parent)
202{
203 struct sock *sk;
204
205 BT_DBG("parent %p", parent);
206
207 /* Close not yet accepted dlcs */
208 while ((sk = bt_accept_dequeue(parent, NULL))) {
209 rfcomm_sock_close(sk);
210 rfcomm_sock_kill(sk);
211 }
212
213 parent->sk_state = BT_CLOSED;
214 sock_set_flag(parent, SOCK_ZAPPED);
215}
216
217/* Kill socket (only if zapped and orphan)
218 * Must be called on unlocked socket.
219 */
220static void rfcomm_sock_kill(struct sock *sk)
221{
222 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
223 return;
224
225 BT_DBG("sk %p state %d refcnt %d", sk, sk->sk_state, atomic_read(&sk->sk_refcnt));
226
227 /* Kill poor orphan */
228 bt_sock_unlink(&rfcomm_sk_list, sk);
229 sock_set_flag(sk, SOCK_DEAD);
230 sock_put(sk);
231}
232
233static void __rfcomm_sock_close(struct sock *sk)
234{
235 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
236
237 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
238
239 switch (sk->sk_state) {
240 case BT_LISTEN:
241 rfcomm_sock_cleanup_listen(sk);
242 break;
243
244 case BT_CONNECT:
245 case BT_CONNECT2:
246 case BT_CONFIG:
247 case BT_CONNECTED:
248 rfcomm_dlc_close(d, 0);
249
250 default:
251 sock_set_flag(sk, SOCK_ZAPPED);
252 break;
253 }
254}
255
256/* Close socket.
257 * Must be called on unlocked socket.
258 */
259static void rfcomm_sock_close(struct sock *sk)
260{
261 lock_sock(sk);
262 __rfcomm_sock_close(sk);
263 release_sock(sk);
264}
265
266static void rfcomm_sock_init(struct sock *sk, struct sock *parent)
267{
268 struct rfcomm_pinfo *pi = rfcomm_pi(sk);
269
270 BT_DBG("sk %p", sk);
271
272 if (parent) {
273 sk->sk_type = parent->sk_type;
274 pi->link_mode = rfcomm_pi(parent)->link_mode;
275 } else {
276 pi->link_mode = 0;
277 }
278
279 pi->dlc->link_mode = pi->link_mode;
280}
281
282static struct proto rfcomm_proto = {
283 .name = "RFCOMM",
284 .owner = THIS_MODULE,
285 .obj_size = sizeof(struct rfcomm_pinfo)
286};
287
288static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, int prio)
289{
290 struct rfcomm_dlc *d;
291 struct sock *sk;
292
293 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1);
294 if (!sk)
295 return NULL;
296
297 sock_init_data(sock, sk);
298 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
299
300 d = rfcomm_dlc_alloc(prio);
301 if (!d) {
302 sk_free(sk);
303 return NULL;
304 }
305
306 d->data_ready = rfcomm_sk_data_ready;
307 d->state_change = rfcomm_sk_state_change;
308
309 rfcomm_pi(sk)->dlc = d;
310 d->owner = sk;
311
312 sk->sk_destruct = rfcomm_sock_destruct;
313 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
314
315 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
316 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
317
318 sock_reset_flag(sk, SOCK_ZAPPED);
319
320 sk->sk_protocol = proto;
321 sk->sk_state = BT_OPEN;
322
323 bt_sock_link(&rfcomm_sk_list, sk);
324
325 BT_DBG("sk %p", sk);
326 return sk;
327}
328
329static int rfcomm_sock_create(struct socket *sock, int protocol)
330{
331 struct sock *sk;
332
333 BT_DBG("sock %p", sock);
334
335 sock->state = SS_UNCONNECTED;
336
337 if (sock->type != SOCK_STREAM && sock->type != SOCK_RAW)
338 return -ESOCKTNOSUPPORT;
339
340 sock->ops = &rfcomm_sock_ops;
341
342 if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL)))
343 return -ENOMEM;
344
345 rfcomm_sock_init(sk, NULL);
346 return 0;
347}
348
349static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
350{
351 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
352 struct sock *sk = sock->sk;
353 int err = 0;
354
355 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr));
356
357 if (!addr || addr->sa_family != AF_BLUETOOTH)
358 return -EINVAL;
359
360 lock_sock(sk);
361
362 if (sk->sk_state != BT_OPEN) {
363 err = -EBADFD;
364 goto done;
365 }
366
367 write_lock_bh(&rfcomm_sk_list.lock);
368
369 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
370 err = -EADDRINUSE;
371 } else {
372 /* Save source address */
373 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr);
374 rfcomm_pi(sk)->channel = sa->rc_channel;
375 sk->sk_state = BT_BOUND;
376 }
377
378 write_unlock_bh(&rfcomm_sk_list.lock);
379
380done:
381 release_sock(sk);
382 return err;
383}
384
385static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
386{
387 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
388 struct sock *sk = sock->sk;
389 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
390 int err = 0;
391
392 BT_DBG("sk %p", sk);
393
394 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
395 return -EINVAL;
396
397 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
398 return -EBADFD;
399
400 if (sk->sk_type != SOCK_STREAM)
401 return -EINVAL;
402
403 lock_sock(sk);
404
405 sk->sk_state = BT_CONNECT;
406 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
407 rfcomm_pi(sk)->channel = sa->rc_channel;
408
409 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
410 if (!err)
411 err = bt_sock_wait_state(sk, BT_CONNECTED,
412 sock_sndtimeo(sk, flags & O_NONBLOCK));
413
414 release_sock(sk);
415 return err;
416}
417
418static int rfcomm_sock_listen(struct socket *sock, int backlog)
419{
420 struct sock *sk = sock->sk;
421 int err = 0;
422
423 BT_DBG("sk %p backlog %d", sk, backlog);
424
425 lock_sock(sk);
426
427 if (sk->sk_state != BT_BOUND) {
428 err = -EBADFD;
429 goto done;
430 }
431
432 if (!rfcomm_pi(sk)->channel) {
433 bdaddr_t *src = &bt_sk(sk)->src;
434 u8 channel;
435
436 err = -EINVAL;
437
438 write_lock_bh(&rfcomm_sk_list.lock);
439
440 for (channel = 1; channel < 31; channel++)
441 if (!__rfcomm_get_sock_by_addr(channel, src)) {
442 rfcomm_pi(sk)->channel = channel;
443 err = 0;
444 break;
445 }
446
447 write_unlock_bh(&rfcomm_sk_list.lock);
448
449 if (err < 0)
450 goto done;
451 }
452
453 sk->sk_max_ack_backlog = backlog;
454 sk->sk_ack_backlog = 0;
455 sk->sk_state = BT_LISTEN;
456
457done:
458 release_sock(sk);
459 return err;
460}
461
462static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int flags)
463{
464 DECLARE_WAITQUEUE(wait, current);
465 struct sock *sk = sock->sk, *nsk;
466 long timeo;
467 int err = 0;
468
469 lock_sock(sk);
470
471 if (sk->sk_state != BT_LISTEN) {
472 err = -EBADFD;
473 goto done;
474 }
475
476 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
477
478 BT_DBG("sk %p timeo %ld", sk, timeo);
479
480 /* Wait for an incoming connection. (wake-one). */
481 add_wait_queue_exclusive(sk->sk_sleep, &wait);
482 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
483 set_current_state(TASK_INTERRUPTIBLE);
484 if (!timeo) {
485 err = -EAGAIN;
486 break;
487 }
488
489 release_sock(sk);
490 timeo = schedule_timeout(timeo);
491 lock_sock(sk);
492
493 if (sk->sk_state != BT_LISTEN) {
494 err = -EBADFD;
495 break;
496 }
497
498 if (signal_pending(current)) {
499 err = sock_intr_errno(timeo);
500 break;
501 }
502 }
503 set_current_state(TASK_RUNNING);
504 remove_wait_queue(sk->sk_sleep, &wait);
505
506 if (err)
507 goto done;
508
509 newsock->state = SS_CONNECTED;
510
511 BT_DBG("new socket %p", nsk);
512
513done:
514 release_sock(sk);
515 return err;
516}
517
518static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
519{
520 struct sockaddr_rc *sa = (struct sockaddr_rc *) addr;
521 struct sock *sk = sock->sk;
522
523 BT_DBG("sock %p, sk %p", sock, sk);
524
525 sa->rc_family = AF_BLUETOOTH;
526 sa->rc_channel = rfcomm_pi(sk)->channel;
527 if (peer)
528 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst);
529 else
530 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src);
531
532 *len = sizeof(struct sockaddr_rc);
533 return 0;
534}
535
536static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
537 struct msghdr *msg, size_t len)
538{
539 struct sock *sk = sock->sk;
540 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
541 struct sk_buff *skb;
542 int err;
543 int sent = 0;
544
545 if (msg->msg_flags & MSG_OOB)
546 return -EOPNOTSUPP;
547
548 if (sk->sk_shutdown & SEND_SHUTDOWN)
549 return -EPIPE;
550
551 BT_DBG("sock %p, sk %p", sock, sk);
552
553 lock_sock(sk);
554
555 while (len) {
556 size_t size = min_t(size_t, len, d->mtu);
557
558 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
559 msg->msg_flags & MSG_DONTWAIT, &err);
560 if (!skb)
561 break;
562 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
563
564 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
565 if (err) {
566 kfree_skb(skb);
567 sent = err;
568 break;
569 }
570
571 err = rfcomm_dlc_send(d, skb);
572 if (err < 0) {
573 kfree_skb(skb);
574 break;
575 }
576
577 sent += size;
578 len -= size;
579 }
580
581 release_sock(sk);
582
583 return sent ? sent : err;
584}
585
586static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
587{
588 DECLARE_WAITQUEUE(wait, current);
589
590 add_wait_queue(sk->sk_sleep, &wait);
591 for (;;) {
592 set_current_state(TASK_INTERRUPTIBLE);
593
594 if (skb_queue_len(&sk->sk_receive_queue) || sk->sk_err || (sk->sk_shutdown & RCV_SHUTDOWN) ||
595 signal_pending(current) || !timeo)
596 break;
597
598 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
599 release_sock(sk);
600 timeo = schedule_timeout(timeo);
601 lock_sock(sk);
602 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
603 }
604
605 __set_current_state(TASK_RUNNING);
606 remove_wait_queue(sk->sk_sleep, &wait);
607 return timeo;
608}
609
610static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
611 struct msghdr *msg, size_t size, int flags)
612{
613 struct sock *sk = sock->sk;
614 int err = 0;
615 size_t target, copied = 0;
616 long timeo;
617
618 if (flags & MSG_OOB)
619 return -EOPNOTSUPP;
620
621 msg->msg_namelen = 0;
622
623 BT_DBG("sk %p size %d", sk, size);
624
625 lock_sock(sk);
626
627 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
628 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
629
630 do {
631 struct sk_buff *skb;
632 int chunk;
633
634 skb = skb_dequeue(&sk->sk_receive_queue);
635 if (!skb) {
636 if (copied >= target)
637 break;
638
639 if ((err = sock_error(sk)) != 0)
640 break;
641 if (sk->sk_shutdown & RCV_SHUTDOWN)
642 break;
643
644 err = -EAGAIN;
645 if (!timeo)
646 break;
647
648 timeo = rfcomm_sock_data_wait(sk, timeo);
649
650 if (signal_pending(current)) {
651 err = sock_intr_errno(timeo);
652 goto out;
653 }
654 continue;
655 }
656
657 chunk = min_t(unsigned int, skb->len, size);
658 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
659 skb_queue_head(&sk->sk_receive_queue, skb);
660 if (!copied)
661 copied = -EFAULT;
662 break;
663 }
664 copied += chunk;
665 size -= chunk;
666
667 if (!(flags & MSG_PEEK)) {
668 atomic_sub(chunk, &sk->sk_rmem_alloc);
669
670 skb_pull(skb, chunk);
671 if (skb->len) {
672 skb_queue_head(&sk->sk_receive_queue, skb);
673 break;
674 }
675 kfree_skb(skb);
676
677 } else {
678 /* put message back and return */
679 skb_queue_head(&sk->sk_receive_queue, skb);
680 break;
681 }
682 } while (size);
683
684out:
685 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
686 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
687
688 release_sock(sk);
689 return copied ? : err;
690}
691
692static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
693{
694 struct sock *sk = sock->sk;
695 int err = 0;
696 u32 opt;
697
698 BT_DBG("sk %p", sk);
699
700 lock_sock(sk);
701
702 switch (optname) {
703 case RFCOMM_LM:
704 if (get_user(opt, (u32 __user *) optval)) {
705 err = -EFAULT;
706 break;
707 }
708
709 rfcomm_pi(sk)->link_mode = opt;
710 break;
711
712 default:
713 err = -ENOPROTOOPT;
714 break;
715 }
716
717 release_sock(sk);
718 return err;
719}
720
721static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
722{
723 struct sock *sk = sock->sk;
724 struct sock *l2cap_sk;
725 struct rfcomm_conninfo cinfo;
726 int len, err = 0;
727
728 BT_DBG("sk %p", sk);
729
730 if (get_user(len, optlen))
731 return -EFAULT;
732
733 lock_sock(sk);
734
735 switch (optname) {
736 case RFCOMM_LM:
737 if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval))
738 err = -EFAULT;
739 break;
740
741 case RFCOMM_CONNINFO:
742 if (sk->sk_state != BT_CONNECTED) {
743 err = -ENOTCONN;
744 break;
745 }
746
747 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
748
749 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
750 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
751
752 len = min_t(unsigned int, len, sizeof(cinfo));
753 if (copy_to_user(optval, (char *) &cinfo, len))
754 err = -EFAULT;
755
756 break;
757
758 default:
759 err = -ENOPROTOOPT;
760 break;
761 }
762
763 release_sock(sk);
764 return err;
765}
766
767static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
768{
769 struct sock *sk = sock->sk;
770 int err;
771
772 lock_sock(sk);
773
774#ifdef CONFIG_BT_RFCOMM_TTY
775 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg);
776#else
777 err = -EOPNOTSUPP;
778#endif
779
780 release_sock(sk);
781 return err;
782}
783
784static int rfcomm_sock_shutdown(struct socket *sock, int how)
785{
786 struct sock *sk = sock->sk;
787 int err = 0;
788
789 BT_DBG("sock %p, sk %p", sock, sk);
790
791 if (!sk) return 0;
792
793 lock_sock(sk);
794 if (!sk->sk_shutdown) {
795 sk->sk_shutdown = SHUTDOWN_MASK;
796 __rfcomm_sock_close(sk);
797
798 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
799 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
800 }
801 release_sock(sk);
802 return err;
803}
804
805static int rfcomm_sock_release(struct socket *sock)
806{
807 struct sock *sk = sock->sk;
808 int err;
809
810 BT_DBG("sock %p, sk %p", sock, sk);
811
812 if (!sk)
813 return 0;
814
815 err = rfcomm_sock_shutdown(sock, 2);
816
817 sock_orphan(sk);
818 rfcomm_sock_kill(sk);
819 return err;
820}
821
822/* ---- RFCOMM core layer callbacks ----
823 *
824 * called under rfcomm_lock()
825 */
826int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc **d)
827{
828 struct sock *sk, *parent;
829 bdaddr_t src, dst;
830 int result = 0;
831
832 BT_DBG("session %p channel %d", s, channel);
833
834 rfcomm_session_getaddr(s, &src, &dst);
835
836 /* Check if we have socket listening on channel */
837 parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
838 if (!parent)
839 return 0;
840
841 /* Check for backlog size */
842 if (sk_acceptq_is_full(parent)) {
843 BT_DBG("backlog full %d", parent->sk_ack_backlog);
844 goto done;
845 }
846
847 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
848 if (!sk)
849 goto done;
850
851 rfcomm_sock_init(sk, parent);
852 bacpy(&bt_sk(sk)->src, &src);
853 bacpy(&bt_sk(sk)->dst, &dst);
854 rfcomm_pi(sk)->channel = channel;
855
856 sk->sk_state = BT_CONFIG;
857 bt_accept_enqueue(parent, sk);
858
859 /* Accept connection and return socket DLC */
860 *d = rfcomm_pi(sk)->dlc;
861 result = 1;
862
863done:
864 bh_unlock_sock(parent);
865 return result;
866}
867
868/* ---- Proc fs support ---- */
869#ifdef CONFIG_PROC_FS
870static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
871{
872 struct sock *sk;
873 struct hlist_node *node;
874 loff_t l = *pos;
875
876 read_lock_bh(&rfcomm_sk_list.lock);
877
878 sk_for_each(sk, node, &rfcomm_sk_list.head)
879 if (!l--)
880 return sk;
881 return NULL;
882}
883
884static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
885{
886 struct sock *sk = e;
887 (*pos)++;
888 return sk_next(sk);
889}
890
891static void rfcomm_seq_stop(struct seq_file *seq, void *e)
892{
893 read_unlock_bh(&rfcomm_sk_list.lock);
894}
895
896static int rfcomm_seq_show(struct seq_file *seq, void *e)
897{
898 struct sock *sk = e;
899 seq_printf(seq, "%s %s %d %d\n",
900 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
901 sk->sk_state, rfcomm_pi(sk)->channel);
902 return 0;
903}
904
905static struct seq_operations rfcomm_seq_ops = {
906 .start = rfcomm_seq_start,
907 .next = rfcomm_seq_next,
908 .stop = rfcomm_seq_stop,
909 .show = rfcomm_seq_show
910};
911
912static int rfcomm_seq_open(struct inode *inode, struct file *file)
913{
914 return seq_open(file, &rfcomm_seq_ops);
915}
916
917static struct file_operations rfcomm_seq_fops = {
918 .owner = THIS_MODULE,
919 .open = rfcomm_seq_open,
920 .read = seq_read,
921 .llseek = seq_lseek,
922 .release = seq_release,
923};
924
925static int __init rfcomm_sock_proc_init(void)
926{
927 struct proc_dir_entry *p = create_proc_entry("sock", S_IRUGO, proc_bt_rfcomm);
928 if (!p)
929 return -ENOMEM;
930 p->proc_fops = &rfcomm_seq_fops;
931 return 0;
932}
933
934static void __exit rfcomm_sock_proc_cleanup(void)
935{
936 remove_proc_entry("sock", proc_bt_rfcomm);
937}
938
939#else /* CONFIG_PROC_FS */
940
941static int __init rfcomm_sock_proc_init(void)
942{
943 return 0;
944}
945
946static void __exit rfcomm_sock_proc_cleanup(void)
947{
948 return;
949}
950#endif /* CONFIG_PROC_FS */
951
952static struct proto_ops rfcomm_sock_ops = {
953 .family = PF_BLUETOOTH,
954 .owner = THIS_MODULE,
955 .release = rfcomm_sock_release,
956 .bind = rfcomm_sock_bind,
957 .connect = rfcomm_sock_connect,
958 .listen = rfcomm_sock_listen,
959 .accept = rfcomm_sock_accept,
960 .getname = rfcomm_sock_getname,
961 .sendmsg = rfcomm_sock_sendmsg,
962 .recvmsg = rfcomm_sock_recvmsg,
963 .shutdown = rfcomm_sock_shutdown,
964 .setsockopt = rfcomm_sock_setsockopt,
965 .getsockopt = rfcomm_sock_getsockopt,
966 .ioctl = rfcomm_sock_ioctl,
967 .poll = bt_sock_poll,
968 .socketpair = sock_no_socketpair,
969 .mmap = sock_no_mmap
970};
971
972static struct net_proto_family rfcomm_sock_family_ops = {
973 .family = PF_BLUETOOTH,
974 .owner = THIS_MODULE,
975 .create = rfcomm_sock_create
976};
977
978int __init rfcomm_init_sockets(void)
979{
980 int err;
981
982 err = proto_register(&rfcomm_proto, 0);
983 if (err < 0)
984 return err;
985
986 err = bt_sock_register(BTPROTO_RFCOMM, &rfcomm_sock_family_ops);
987 if (err < 0)
988 goto error;
989
990 rfcomm_sock_proc_init();
991
992 BT_INFO("RFCOMM socket layer initialized");
993
994 return 0;
995
996error:
997 BT_ERR("RFCOMM socket layer registration failed");
998 proto_unregister(&rfcomm_proto);
999 return err;
1000}
1001
1002void __exit rfcomm_cleanup_sockets(void)
1003{
1004 rfcomm_sock_proc_cleanup();
1005
1006 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1007 BT_ERR("RFCOMM socket layer unregistration failed");
1008
1009 proto_unregister(&rfcomm_proto);
1010}
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
new file mode 100644
index 000000000000..6d689200bcf3
--- /dev/null
+++ b/net/bluetooth/rfcomm/tty.c
@@ -0,0 +1,930 @@
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 *
27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28 */
29
30#include <linux/config.h>
31#include <linux/module.h>
32
33#include <linux/tty.h>
34#include <linux/tty_driver.h>
35#include <linux/tty_flip.h>
36
37#include <linux/slab.h>
38#include <linux/skbuff.h>
39
40#include <net/bluetooth/bluetooth.h>
41#include <net/bluetooth/rfcomm.h>
42
43#ifndef CONFIG_BT_RFCOMM_DEBUG
44#undef BT_DBG
45#define BT_DBG(D...)
46#endif
47
48#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
49#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
50#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
51#define RFCOMM_TTY_MINOR 0
52
53static struct tty_driver *rfcomm_tty_driver;
54
55struct rfcomm_dev {
56 struct list_head list;
57 atomic_t refcnt;
58
59 char name[12];
60 int id;
61 unsigned long flags;
62 int opened;
63 int err;
64
65 bdaddr_t src;
66 bdaddr_t dst;
67 u8 channel;
68
69 uint modem_status;
70
71 struct rfcomm_dlc *dlc;
72 struct tty_struct *tty;
73 wait_queue_head_t wait;
74 struct tasklet_struct wakeup_task;
75
76 atomic_t wmem_alloc;
77};
78
79static LIST_HEAD(rfcomm_dev_list);
80static DEFINE_RWLOCK(rfcomm_dev_lock);
81
82static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
83static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
84static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
85
86static void rfcomm_tty_wakeup(unsigned long arg);
87
88/* ---- Device functions ---- */
89static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
90{
91 struct rfcomm_dlc *dlc = dev->dlc;
92
93 BT_DBG("dev %p dlc %p", dev, dlc);
94
95 rfcomm_dlc_lock(dlc);
96 /* Detach DLC if it's owned by this dev */
97 if (dlc->owner == dev)
98 dlc->owner = NULL;
99 rfcomm_dlc_unlock(dlc);
100
101 rfcomm_dlc_put(dlc);
102
103 tty_unregister_device(rfcomm_tty_driver, dev->id);
104
105 /* Refcount should only hit zero when called from rfcomm_dev_del()
106 which will have taken us off the list. Everything else are
107 refcounting bugs. */
108 BUG_ON(!list_empty(&dev->list));
109
110 kfree(dev);
111
112 /* It's safe to call module_put() here because socket still
113 holds reference to this module. */
114 module_put(THIS_MODULE);
115}
116
117static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
118{
119 atomic_inc(&dev->refcnt);
120}
121
122static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
123{
124 /* The reason this isn't actually a race, as you no
125 doubt have a little voice screaming at you in your
126 head, is that the refcount should never actually
127 reach zero unless the device has already been taken
128 off the list, in rfcomm_dev_del(). And if that's not
129 true, we'll hit the BUG() in rfcomm_dev_destruct()
130 anyway. */
131 if (atomic_dec_and_test(&dev->refcnt))
132 rfcomm_dev_destruct(dev);
133}
134
135static struct rfcomm_dev *__rfcomm_dev_get(int id)
136{
137 struct rfcomm_dev *dev;
138 struct list_head *p;
139
140 list_for_each(p, &rfcomm_dev_list) {
141 dev = list_entry(p, struct rfcomm_dev, list);
142 if (dev->id == id)
143 return dev;
144 }
145
146 return NULL;
147}
148
149static inline struct rfcomm_dev *rfcomm_dev_get(int id)
150{
151 struct rfcomm_dev *dev;
152
153 read_lock(&rfcomm_dev_lock);
154
155 dev = __rfcomm_dev_get(id);
156 if (dev)
157 rfcomm_dev_hold(dev);
158
159 read_unlock(&rfcomm_dev_lock);
160
161 return dev;
162}
163
164static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
165{
166 struct rfcomm_dev *dev;
167 struct list_head *head = &rfcomm_dev_list, *p;
168 int err = 0;
169
170 BT_DBG("id %d channel %d", req->dev_id, req->channel);
171
172 dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
173 if (!dev)
174 return -ENOMEM;
175 memset(dev, 0, sizeof(struct rfcomm_dev));
176
177 write_lock_bh(&rfcomm_dev_lock);
178
179 if (req->dev_id < 0) {
180 dev->id = 0;
181
182 list_for_each(p, &rfcomm_dev_list) {
183 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
184 break;
185
186 dev->id++;
187 head = p;
188 }
189 } else {
190 dev->id = req->dev_id;
191
192 list_for_each(p, &rfcomm_dev_list) {
193 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
194
195 if (entry->id == dev->id) {
196 err = -EADDRINUSE;
197 goto out;
198 }
199
200 if (entry->id > dev->id - 1)
201 break;
202
203 head = p;
204 }
205 }
206
207 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
208 err = -ENFILE;
209 goto out;
210 }
211
212 sprintf(dev->name, "rfcomm%d", dev->id);
213
214 list_add(&dev->list, head);
215 atomic_set(&dev->refcnt, 1);
216
217 bacpy(&dev->src, &req->src);
218 bacpy(&dev->dst, &req->dst);
219 dev->channel = req->channel;
220
221 dev->flags = req->flags &
222 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
223
224 init_waitqueue_head(&dev->wait);
225 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
226
227 rfcomm_dlc_lock(dlc);
228 dlc->data_ready = rfcomm_dev_data_ready;
229 dlc->state_change = rfcomm_dev_state_change;
230 dlc->modem_status = rfcomm_dev_modem_status;
231
232 dlc->owner = dev;
233 dev->dlc = dlc;
234 rfcomm_dlc_unlock(dlc);
235
236 /* It's safe to call __module_get() here because socket already
237 holds reference to this module. */
238 __module_get(THIS_MODULE);
239
240out:
241 write_unlock_bh(&rfcomm_dev_lock);
242
243 if (err) {
244 kfree(dev);
245 return err;
246 }
247
248 tty_register_device(rfcomm_tty_driver, dev->id, NULL);
249
250 return dev->id;
251}
252
253static void rfcomm_dev_del(struct rfcomm_dev *dev)
254{
255 BT_DBG("dev %p", dev);
256
257 write_lock_bh(&rfcomm_dev_lock);
258 list_del_init(&dev->list);
259 write_unlock_bh(&rfcomm_dev_lock);
260
261 rfcomm_dev_put(dev);
262}
263
264/* ---- Send buffer ---- */
265static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
266{
267 /* We can't let it be zero, because we don't get a callback
268 when tx_credits becomes nonzero, hence we'd never wake up */
269 return dlc->mtu * (dlc->tx_credits?:1);
270}
271
272static void rfcomm_wfree(struct sk_buff *skb)
273{
274 struct rfcomm_dev *dev = (void *) skb->sk;
275 atomic_sub(skb->truesize, &dev->wmem_alloc);
276 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
277 tasklet_schedule(&dev->wakeup_task);
278 rfcomm_dev_put(dev);
279}
280
281static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
282{
283 rfcomm_dev_hold(dev);
284 atomic_add(skb->truesize, &dev->wmem_alloc);
285 skb->sk = (void *) dev;
286 skb->destructor = rfcomm_wfree;
287}
288
289static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, int priority)
290{
291 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
292 struct sk_buff *skb = alloc_skb(size, priority);
293 if (skb) {
294 rfcomm_set_owner_w(skb, dev);
295 return skb;
296 }
297 }
298 return NULL;
299}
300
301/* ---- Device IOCTLs ---- */
302
303#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
304
305static int rfcomm_create_dev(struct sock *sk, void __user *arg)
306{
307 struct rfcomm_dev_req req;
308 struct rfcomm_dlc *dlc;
309 int id;
310
311 if (copy_from_user(&req, arg, sizeof(req)))
312 return -EFAULT;
313
314 BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
315
316 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
317 return -EPERM;
318
319 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
320 /* Socket must be connected */
321 if (sk->sk_state != BT_CONNECTED)
322 return -EBADFD;
323
324 dlc = rfcomm_pi(sk)->dlc;
325 rfcomm_dlc_hold(dlc);
326 } else {
327 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
328 if (!dlc)
329 return -ENOMEM;
330 }
331
332 id = rfcomm_dev_add(&req, dlc);
333 if (id < 0) {
334 rfcomm_dlc_put(dlc);
335 return id;
336 }
337
338 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
339 /* DLC is now used by device.
340 * Socket must be disconnected */
341 sk->sk_state = BT_CLOSED;
342 }
343
344 return id;
345}
346
347static int rfcomm_release_dev(void __user *arg)
348{
349 struct rfcomm_dev_req req;
350 struct rfcomm_dev *dev;
351
352 if (copy_from_user(&req, arg, sizeof(req)))
353 return -EFAULT;
354
355 BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
356
357 if (!(dev = rfcomm_dev_get(req.dev_id)))
358 return -ENODEV;
359
360 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
361 rfcomm_dev_put(dev);
362 return -EPERM;
363 }
364
365 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
366 rfcomm_dlc_close(dev->dlc, 0);
367
368 rfcomm_dev_del(dev);
369 rfcomm_dev_put(dev);
370 return 0;
371}
372
373static int rfcomm_get_dev_list(void __user *arg)
374{
375 struct rfcomm_dev_list_req *dl;
376 struct rfcomm_dev_info *di;
377 struct list_head *p;
378 int n = 0, size, err;
379 u16 dev_num;
380
381 BT_DBG("");
382
383 if (get_user(dev_num, (u16 __user *) arg))
384 return -EFAULT;
385
386 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
387 return -EINVAL;
388
389 size = sizeof(*dl) + dev_num * sizeof(*di);
390
391 if (!(dl = kmalloc(size, GFP_KERNEL)))
392 return -ENOMEM;
393
394 di = dl->dev_info;
395
396 read_lock_bh(&rfcomm_dev_lock);
397
398 list_for_each(p, &rfcomm_dev_list) {
399 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
400 (di + n)->id = dev->id;
401 (di + n)->flags = dev->flags;
402 (di + n)->state = dev->dlc->state;
403 (di + n)->channel = dev->channel;
404 bacpy(&(di + n)->src, &dev->src);
405 bacpy(&(di + n)->dst, &dev->dst);
406 if (++n >= dev_num)
407 break;
408 }
409
410 read_unlock_bh(&rfcomm_dev_lock);
411
412 dl->dev_num = n;
413 size = sizeof(*dl) + n * sizeof(*di);
414
415 err = copy_to_user(arg, dl, size);
416 kfree(dl);
417
418 return err ? -EFAULT : 0;
419}
420
421static int rfcomm_get_dev_info(void __user *arg)
422{
423 struct rfcomm_dev *dev;
424 struct rfcomm_dev_info di;
425 int err = 0;
426
427 BT_DBG("");
428
429 if (copy_from_user(&di, arg, sizeof(di)))
430 return -EFAULT;
431
432 if (!(dev = rfcomm_dev_get(di.id)))
433 return -ENODEV;
434
435 di.flags = dev->flags;
436 di.channel = dev->channel;
437 di.state = dev->dlc->state;
438 bacpy(&di.src, &dev->src);
439 bacpy(&di.dst, &dev->dst);
440
441 if (copy_to_user(arg, &di, sizeof(di)))
442 err = -EFAULT;
443
444 rfcomm_dev_put(dev);
445 return err;
446}
447
448int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
449{
450 BT_DBG("cmd %d arg %p", cmd, arg);
451
452 switch (cmd) {
453 case RFCOMMCREATEDEV:
454 return rfcomm_create_dev(sk, arg);
455
456 case RFCOMMRELEASEDEV:
457 return rfcomm_release_dev(arg);
458
459 case RFCOMMGETDEVLIST:
460 return rfcomm_get_dev_list(arg);
461
462 case RFCOMMGETDEVINFO:
463 return rfcomm_get_dev_info(arg);
464 }
465
466 return -EINVAL;
467}
468
469/* ---- DLC callbacks ---- */
470static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
471{
472 struct rfcomm_dev *dev = dlc->owner;
473 struct tty_struct *tty;
474
475 if (!dev || !(tty = dev->tty)) {
476 kfree_skb(skb);
477 return;
478 }
479
480 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
481
482 if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
483 register int i;
484 for (i = 0; i < skb->len; i++) {
485 if (tty->flip.count >= TTY_FLIPBUF_SIZE)
486 tty_flip_buffer_push(tty);
487
488 tty_insert_flip_char(tty, skb->data[i], 0);
489 }
490 tty_flip_buffer_push(tty);
491 } else
492 tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
493
494 kfree_skb(skb);
495}
496
497static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
498{
499 struct rfcomm_dev *dev = dlc->owner;
500 if (!dev)
501 return;
502
503 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
504
505 dev->err = err;
506 wake_up_interruptible(&dev->wait);
507
508 if (dlc->state == BT_CLOSED) {
509 if (!dev->tty) {
510 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
511 rfcomm_dev_hold(dev);
512 rfcomm_dev_del(dev);
513
514 /* We have to drop DLC lock here, otherwise
515 rfcomm_dev_put() will dead lock if it's
516 the last reference. */
517 rfcomm_dlc_unlock(dlc);
518 rfcomm_dev_put(dev);
519 rfcomm_dlc_lock(dlc);
520 }
521 } else
522 tty_hangup(dev->tty);
523 }
524}
525
526static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
527{
528 struct rfcomm_dev *dev = dlc->owner;
529 if (!dev)
530 return;
531
532 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
533
534 dev->modem_status =
535 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
536 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
537 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
538 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
539}
540
541/* ---- TTY functions ---- */
542static void rfcomm_tty_wakeup(unsigned long arg)
543{
544 struct rfcomm_dev *dev = (void *) arg;
545 struct tty_struct *tty = dev->tty;
546 if (!tty)
547 return;
548
549 BT_DBG("dev %p tty %p", dev, tty);
550
551 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
552 (tty->ldisc.write_wakeup)(tty);
553
554 wake_up_interruptible(&tty->write_wait);
555#ifdef SERIAL_HAVE_POLL_WAIT
556 wake_up_interruptible(&tty->poll_wait);
557#endif
558}
559
560static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
561{
562 DECLARE_WAITQUEUE(wait, current);
563 struct rfcomm_dev *dev;
564 struct rfcomm_dlc *dlc;
565 int err, id;
566
567 id = tty->index;
568
569 BT_DBG("tty %p id %d", tty, id);
570
571 /* We don't leak this refcount. For reasons which are not entirely
572 clear, the TTY layer will call our ->close() method even if the
573 open fails. We decrease the refcount there, and decreasing it
574 here too would cause breakage. */
575 dev = rfcomm_dev_get(id);
576 if (!dev)
577 return -ENODEV;
578
579 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
580
581 if (dev->opened++ != 0)
582 return 0;
583
584 dlc = dev->dlc;
585
586 /* Attach TTY and open DLC */
587
588 rfcomm_dlc_lock(dlc);
589 tty->driver_data = dev;
590 dev->tty = tty;
591 rfcomm_dlc_unlock(dlc);
592 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
593
594 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
595 if (err < 0)
596 return err;
597
598 /* Wait for DLC to connect */
599 add_wait_queue(&dev->wait, &wait);
600 while (1) {
601 set_current_state(TASK_INTERRUPTIBLE);
602
603 if (dlc->state == BT_CLOSED) {
604 err = -dev->err;
605 break;
606 }
607
608 if (dlc->state == BT_CONNECTED)
609 break;
610
611 if (signal_pending(current)) {
612 err = -EINTR;
613 break;
614 }
615
616 schedule();
617 }
618 set_current_state(TASK_RUNNING);
619 remove_wait_queue(&dev->wait, &wait);
620
621 return err;
622}
623
624static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
625{
626 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
627 if (!dev)
628 return;
629
630 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
631
632 if (--dev->opened == 0) {
633 /* Close DLC and dettach TTY */
634 rfcomm_dlc_close(dev->dlc, 0);
635
636 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
637 tasklet_kill(&dev->wakeup_task);
638
639 rfcomm_dlc_lock(dev->dlc);
640 tty->driver_data = NULL;
641 dev->tty = NULL;
642 rfcomm_dlc_unlock(dev->dlc);
643 }
644
645 rfcomm_dev_put(dev);
646}
647
648static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
649{
650 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
651 struct rfcomm_dlc *dlc = dev->dlc;
652 struct sk_buff *skb;
653 int err = 0, sent = 0, size;
654
655 BT_DBG("tty %p count %d", tty, count);
656
657 while (count) {
658 size = min_t(uint, count, dlc->mtu);
659
660 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
661
662 if (!skb)
663 break;
664
665 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
666
667 memcpy(skb_put(skb, size), buf + sent, size);
668
669 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
670 kfree_skb(skb);
671 break;
672 }
673
674 sent += size;
675 count -= size;
676 }
677
678 return sent ? sent : err;
679}
680
681static int rfcomm_tty_write_room(struct tty_struct *tty)
682{
683 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
684 int room;
685
686 BT_DBG("tty %p", tty);
687
688 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
689 if (room < 0)
690 room = 0;
691 return room;
692}
693
694static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
695{
696 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
697
698 switch (cmd) {
699 case TCGETS:
700 BT_DBG("TCGETS is not supported");
701 return -ENOIOCTLCMD;
702
703 case TCSETS:
704 BT_DBG("TCSETS is not supported");
705 return -ENOIOCTLCMD;
706
707 case TIOCMIWAIT:
708 BT_DBG("TIOCMIWAIT");
709 break;
710
711 case TIOCGICOUNT:
712 BT_DBG("TIOCGICOUNT");
713 break;
714
715 case TIOCGSERIAL:
716 BT_ERR("TIOCGSERIAL is not supported");
717 return -ENOIOCTLCMD;
718
719 case TIOCSSERIAL:
720 BT_ERR("TIOCSSERIAL is not supported");
721 return -ENOIOCTLCMD;
722
723 case TIOCSERGSTRUCT:
724 BT_ERR("TIOCSERGSTRUCT is not supported");
725 return -ENOIOCTLCMD;
726
727 case TIOCSERGETLSR:
728 BT_ERR("TIOCSERGETLSR is not supported");
729 return -ENOIOCTLCMD;
730
731 case TIOCSERCONFIG:
732 BT_ERR("TIOCSERCONFIG is not supported");
733 return -ENOIOCTLCMD;
734
735 default:
736 return -ENOIOCTLCMD; /* ioctls which we must ignore */
737
738 }
739
740 return -ENOIOCTLCMD;
741}
742
743#define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
744
745static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
746{
747 BT_DBG("tty %p", tty);
748
749 if ((tty->termios->c_cflag == old->c_cflag) &&
750 (RELEVANT_IFLAG(tty->termios->c_iflag) == RELEVANT_IFLAG(old->c_iflag)))
751 return;
752
753 /* handle turning off CRTSCTS */
754 if ((old->c_cflag & CRTSCTS) && !(tty->termios->c_cflag & CRTSCTS)) {
755 BT_DBG("turning off CRTSCTS");
756 }
757}
758
759static void rfcomm_tty_throttle(struct tty_struct *tty)
760{
761 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
762
763 BT_DBG("tty %p dev %p", tty, dev);
764
765 rfcomm_dlc_throttle(dev->dlc);
766}
767
768static void rfcomm_tty_unthrottle(struct tty_struct *tty)
769{
770 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
771
772 BT_DBG("tty %p dev %p", tty, dev);
773
774 rfcomm_dlc_unthrottle(dev->dlc);
775}
776
777static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
778{
779 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
780 struct rfcomm_dlc *dlc = dev->dlc;
781
782 BT_DBG("tty %p dev %p", tty, dev);
783
784 if (skb_queue_len(&dlc->tx_queue))
785 return dlc->mtu;
786
787 return 0;
788}
789
790static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
791{
792 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
793 if (!dev)
794 return;
795
796 BT_DBG("tty %p dev %p", tty, dev);
797
798 skb_queue_purge(&dev->dlc->tx_queue);
799
800 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
801 tty->ldisc.write_wakeup(tty);
802}
803
804static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
805{
806 BT_DBG("tty %p ch %c", tty, ch);
807}
808
809static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
810{
811 BT_DBG("tty %p timeout %d", tty, timeout);
812}
813
814static void rfcomm_tty_hangup(struct tty_struct *tty)
815{
816 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
817 if (!dev)
818 return;
819
820 BT_DBG("tty %p dev %p", tty, dev);
821
822 rfcomm_tty_flush_buffer(tty);
823
824 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
825 rfcomm_dev_del(dev);
826}
827
828static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
829{
830 return 0;
831}
832
833static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
834{
835 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
836
837 BT_DBG("tty %p dev %p", tty, dev);
838
839 return dev->modem_status;
840}
841
842static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
843{
844 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
845 struct rfcomm_dlc *dlc = dev->dlc;
846 u8 v24_sig;
847
848 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
849
850 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
851
852 if (set & TIOCM_DSR || set & TIOCM_DTR)
853 v24_sig |= RFCOMM_V24_RTC;
854 if (set & TIOCM_RTS || set & TIOCM_CTS)
855 v24_sig |= RFCOMM_V24_RTR;
856 if (set & TIOCM_RI)
857 v24_sig |= RFCOMM_V24_IC;
858 if (set & TIOCM_CD)
859 v24_sig |= RFCOMM_V24_DV;
860
861 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
862 v24_sig &= ~RFCOMM_V24_RTC;
863 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
864 v24_sig &= ~RFCOMM_V24_RTR;
865 if (clear & TIOCM_RI)
866 v24_sig &= ~RFCOMM_V24_IC;
867 if (clear & TIOCM_CD)
868 v24_sig &= ~RFCOMM_V24_DV;
869
870 rfcomm_dlc_set_modem_status(dlc, v24_sig);
871
872 return 0;
873}
874
875/* ---- TTY structure ---- */
876
877static struct tty_operations rfcomm_ops = {
878 .open = rfcomm_tty_open,
879 .close = rfcomm_tty_close,
880 .write = rfcomm_tty_write,
881 .write_room = rfcomm_tty_write_room,
882 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
883 .flush_buffer = rfcomm_tty_flush_buffer,
884 .ioctl = rfcomm_tty_ioctl,
885 .throttle = rfcomm_tty_throttle,
886 .unthrottle = rfcomm_tty_unthrottle,
887 .set_termios = rfcomm_tty_set_termios,
888 .send_xchar = rfcomm_tty_send_xchar,
889 .hangup = rfcomm_tty_hangup,
890 .wait_until_sent = rfcomm_tty_wait_until_sent,
891 .read_proc = rfcomm_tty_read_proc,
892 .tiocmget = rfcomm_tty_tiocmget,
893 .tiocmset = rfcomm_tty_tiocmset,
894};
895
896int rfcomm_init_ttys(void)
897{
898 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
899 if (!rfcomm_tty_driver)
900 return -1;
901
902 rfcomm_tty_driver->owner = THIS_MODULE;
903 rfcomm_tty_driver->driver_name = "rfcomm";
904 rfcomm_tty_driver->devfs_name = "bluetooth/rfcomm/";
905 rfcomm_tty_driver->name = "rfcomm";
906 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
907 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
908 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
909 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
910 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_NO_DEVFS;
911 rfcomm_tty_driver->init_termios = tty_std_termios;
912 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
913 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
914
915 if (tty_register_driver(rfcomm_tty_driver)) {
916 BT_ERR("Can't register RFCOMM TTY driver");
917 put_tty_driver(rfcomm_tty_driver);
918 return -1;
919 }
920
921 BT_INFO("RFCOMM TTY layer initialized");
922
923 return 0;
924}
925
926void rfcomm_cleanup_ttys(void)
927{
928 tty_unregister_driver(rfcomm_tty_driver);
929 put_tty_driver(rfcomm_tty_driver);
930}
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-24 11:30:25 -0400