aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/rfcomm
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/rfcomm')
-rw-r--r--net/bluetooth/rfcomm/core.c91
-rw-r--r--net/bluetooth/rfcomm/sock.c134
-rw-r--r--net/bluetooth/rfcomm/tty.c44
3 files changed, 92 insertions, 177 deletions
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 7dca91bb8c57..5759bb7054f7 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -41,7 +41,7 @@
41#include <linux/slab.h> 41#include <linux/slab.h>
42 42
43#include <net/sock.h> 43#include <net/sock.h>
44#include <asm/uaccess.h> 44#include <linux/uaccess.h>
45#include <asm/unaligned.h> 45#include <asm/unaligned.h>
46 46
47#include <net/bluetooth/bluetooth.h> 47#include <net/bluetooth/bluetooth.h>
@@ -51,10 +51,10 @@
51 51
52#define VERSION "1.11" 52#define VERSION "1.11"
53 53
54static int disable_cfc = 0; 54static int disable_cfc;
55static int l2cap_ertm;
55static int channel_mtu = -1; 56static int channel_mtu = -1;
56static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 57static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57static int l2cap_ertm = 0;
58 58
59static struct task_struct *rfcomm_thread; 59static struct task_struct *rfcomm_thread;
60 60
@@ -79,7 +79,10 @@ static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79 79
80static void rfcomm_process_connect(struct rfcomm_session *s); 80static void rfcomm_process_connect(struct rfcomm_session *s);
81 81
82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
83 bdaddr_t *dst,
84 u8 sec_level,
85 int *err);
83static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84static void rfcomm_session_del(struct rfcomm_session *s); 87static void rfcomm_session_del(struct rfcomm_session *s);
85 88
@@ -113,11 +116,10 @@ static void rfcomm_session_del(struct rfcomm_session *s);
113#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114#define __get_rpn_parity(line) (((line) >> 3) & 0x7) 117#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
115 118
116static inline void rfcomm_schedule(uint event) 119static inline void rfcomm_schedule(void)
117{ 120{
118 if (!rfcomm_thread) 121 if (!rfcomm_thread)
119 return; 122 return;
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread); 124 wake_up_process(rfcomm_thread);
123} 125}
@@ -179,13 +181,13 @@ static unsigned char rfcomm_crc_table[256] = {
179/* FCS on 2 bytes */ 181/* FCS on 2 bytes */
180static inline u8 __fcs(u8 *data) 182static inline u8 __fcs(u8 *data)
181{ 183{
182 return (0xff - __crc(data)); 184 return 0xff - __crc(data);
183} 185}
184 186
185/* FCS on 3 bytes */ 187/* FCS on 3 bytes */
186static inline u8 __fcs2(u8 *data) 188static inline u8 __fcs2(u8 *data)
187{ 189{
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 190 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
189} 191}
190 192
191/* Check FCS */ 193/* Check FCS */
@@ -203,13 +205,13 @@ static inline int __check_fcs(u8 *data, int type, u8 fcs)
203static void rfcomm_l2state_change(struct sock *sk) 205static void rfcomm_l2state_change(struct sock *sk)
204{ 206{
205 BT_DBG("%p state %d", sk, sk->sk_state); 207 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE); 208 rfcomm_schedule();
207} 209}
208 210
209static void rfcomm_l2data_ready(struct sock *sk, int bytes) 211static void rfcomm_l2data_ready(struct sock *sk, int bytes)
210{ 212{
211 BT_DBG("%p bytes %d", sk, bytes); 213 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX); 214 rfcomm_schedule();
213} 215}
214 216
215static int rfcomm_l2sock_create(struct socket **sock) 217static int rfcomm_l2sock_create(struct socket **sock)
@@ -230,6 +232,8 @@ static int rfcomm_l2sock_create(struct socket **sock)
230static inline int rfcomm_check_security(struct rfcomm_dlc *d) 232static inline int rfcomm_check_security(struct rfcomm_dlc *d)
231{ 233{
232 struct sock *sk = d->session->sock->sk; 234 struct sock *sk = d->session->sock->sk;
235 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
236
233 __u8 auth_type; 237 __u8 auth_type;
234 238
235 switch (d->sec_level) { 239 switch (d->sec_level) {
@@ -244,8 +248,7 @@ static inline int rfcomm_check_security(struct rfcomm_dlc *d)
244 break; 248 break;
245 } 249 }
246 250
247 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 251 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
248 auth_type);
249} 252}
250 253
251static void rfcomm_session_timeout(unsigned long arg) 254static void rfcomm_session_timeout(unsigned long arg)
@@ -255,7 +258,7 @@ static void rfcomm_session_timeout(unsigned long arg)
255 BT_DBG("session %p state %ld", s, s->state); 258 BT_DBG("session %p state %ld", s, s->state);
256 259
257 set_bit(RFCOMM_TIMED_OUT, &s->flags); 260 set_bit(RFCOMM_TIMED_OUT, &s->flags);
258 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 261 rfcomm_schedule();
259} 262}
260 263
261static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout) 264static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
@@ -283,7 +286,7 @@ static void rfcomm_dlc_timeout(unsigned long arg)
283 286
284 set_bit(RFCOMM_TIMED_OUT, &d->flags); 287 set_bit(RFCOMM_TIMED_OUT, &d->flags);
285 rfcomm_dlc_put(d); 288 rfcomm_dlc_put(d);
286 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 289 rfcomm_schedule();
287} 290}
288 291
289static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 292static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
@@ -309,6 +312,7 @@ static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
309 d->state = BT_OPEN; 312 d->state = BT_OPEN;
310 d->flags = 0; 313 d->flags = 0;
311 d->mscex = 0; 314 d->mscex = 0;
315 d->sec_level = BT_SECURITY_LOW;
312 d->mtu = RFCOMM_DEFAULT_MTU; 316 d->mtu = RFCOMM_DEFAULT_MTU;
313 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 317 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
314 318
@@ -402,7 +406,7 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
402 406
403 s = rfcomm_session_get(src, dst); 407 s = rfcomm_session_get(src, dst);
404 if (!s) { 408 if (!s) {
405 s = rfcomm_session_create(src, dst, &err); 409 s = rfcomm_session_create(src, dst, d->sec_level, &err);
406 if (!s) 410 if (!s)
407 return err; 411 return err;
408 } 412 }
@@ -465,7 +469,7 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
465 case BT_CONFIG: 469 case BT_CONFIG:
466 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 470 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
467 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 471 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_schedule(RFCOMM_SCHED_AUTH); 472 rfcomm_schedule();
469 break; 473 break;
470 } 474 }
471 /* Fall through */ 475 /* Fall through */
@@ -485,7 +489,7 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
485 case BT_CONNECT2: 489 case BT_CONNECT2:
486 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 490 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
487 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 491 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
488 rfcomm_schedule(RFCOMM_SCHED_AUTH); 492 rfcomm_schedule();
489 break; 493 break;
490 } 494 }
491 /* Fall through */ 495 /* Fall through */
@@ -533,7 +537,7 @@ int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
533 skb_queue_tail(&d->tx_queue, skb); 537 skb_queue_tail(&d->tx_queue, skb);
534 538
535 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 539 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 rfcomm_schedule(RFCOMM_SCHED_TX); 540 rfcomm_schedule();
537 return len; 541 return len;
538} 542}
539 543
@@ -545,7 +549,7 @@ void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
545 d->v24_sig |= RFCOMM_V24_FC; 549 d->v24_sig |= RFCOMM_V24_FC;
546 set_bit(RFCOMM_MSC_PENDING, &d->flags); 550 set_bit(RFCOMM_MSC_PENDING, &d->flags);
547 } 551 }
548 rfcomm_schedule(RFCOMM_SCHED_TX); 552 rfcomm_schedule();
549} 553}
550 554
551void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 555void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
@@ -556,7 +560,7 @@ void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
556 d->v24_sig &= ~RFCOMM_V24_FC; 560 d->v24_sig &= ~RFCOMM_V24_FC;
557 set_bit(RFCOMM_MSC_PENDING, &d->flags); 561 set_bit(RFCOMM_MSC_PENDING, &d->flags);
558 } 562 }
559 rfcomm_schedule(RFCOMM_SCHED_TX); 563 rfcomm_schedule();
560} 564}
561 565
562/* 566/*
@@ -577,7 +581,7 @@ int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
577 d->v24_sig = v24_sig; 581 d->v24_sig = v24_sig;
578 582
579 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 583 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
580 rfcomm_schedule(RFCOMM_SCHED_TX); 584 rfcomm_schedule();
581 585
582 return 0; 586 return 0;
583} 587}
@@ -680,7 +684,10 @@ static void rfcomm_session_close(struct rfcomm_session *s, int err)
680 rfcomm_session_put(s); 684 rfcomm_session_put(s);
681} 685}
682 686
683static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 687static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
688 bdaddr_t *dst,
689 u8 sec_level,
690 int *err)
684{ 691{
685 struct rfcomm_session *s = NULL; 692 struct rfcomm_session *s = NULL;
686 struct sockaddr_l2 addr; 693 struct sockaddr_l2 addr;
@@ -704,9 +711,10 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst
704 /* Set L2CAP options */ 711 /* Set L2CAP options */
705 sk = sock->sk; 712 sk = sock->sk;
706 lock_sock(sk); 713 lock_sock(sk);
707 l2cap_pi(sk)->imtu = l2cap_mtu; 714 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
715 l2cap_pi(sk)->chan->sec_level = sec_level;
708 if (l2cap_ertm) 716 if (l2cap_ertm)
709 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM; 717 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
710 release_sock(sk); 718 release_sock(sk);
711 719
712 s = rfcomm_session_add(sock, BT_BOUND); 720 s = rfcomm_session_add(sock, BT_BOUND);
@@ -816,7 +824,7 @@ static int rfcomm_queue_disc(struct rfcomm_dlc *d)
816 cmd->fcs = __fcs2((u8 *) cmd); 824 cmd->fcs = __fcs2((u8 *) cmd);
817 825
818 skb_queue_tail(&d->tx_queue, skb); 826 skb_queue_tail(&d->tx_queue, skb);
819 rfcomm_schedule(RFCOMM_SCHED_TX); 827 rfcomm_schedule();
820 return 0; 828 return 0;
821} 829}
822 830
@@ -1157,7 +1165,8 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1157 * initiator rfcomm_process_rx already calls 1165 * initiator rfcomm_process_rx already calls
1158 * rfcomm_session_put() */ 1166 * rfcomm_session_put() */
1159 if (s->sock->sk->sk_state != BT_CLOSED) 1167 if (s->sock->sk->sk_state != BT_CLOSED)
1160 rfcomm_session_put(s); 1168 if (list_empty(&s->dlcs))
1169 rfcomm_session_put(s);
1161 break; 1170 break;
1162 } 1171 }
1163 } 1172 }
@@ -1233,6 +1242,7 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1233void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1242void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1234{ 1243{
1235 struct sock *sk = d->session->sock->sk; 1244 struct sock *sk = d->session->sock->sk;
1245 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1236 1246
1237 BT_DBG("dlc %p", d); 1247 BT_DBG("dlc %p", d);
1238 1248
@@ -1246,7 +1256,7 @@ void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1246 rfcomm_dlc_unlock(d); 1256 rfcomm_dlc_unlock(d);
1247 1257
1248 if (d->role_switch) 1258 if (d->role_switch)
1249 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1259 hci_conn_switch_role(conn->hcon, 0x00);
1250 1260
1251 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1261 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1252} 1262}
@@ -1415,8 +1425,8 @@ static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_
1415 return 0; 1425 return 0;
1416 1426
1417 if (len == 1) { 1427 if (len == 1) {
1418 /* This is a request, return default settings */ 1428 /* This is a request, return default (according to ETSI TS 07.10) settings */
1419 bit_rate = RFCOMM_RPN_BR_115200; 1429 bit_rate = RFCOMM_RPN_BR_9600;
1420 data_bits = RFCOMM_RPN_DATA_8; 1430 data_bits = RFCOMM_RPN_DATA_8;
1421 stop_bits = RFCOMM_RPN_STOP_1; 1431 stop_bits = RFCOMM_RPN_STOP_1;
1422 parity = RFCOMM_RPN_PARITY_NONE; 1432 parity = RFCOMM_RPN_PARITY_NONE;
@@ -1431,9 +1441,9 @@ static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_
1431 1441
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1442 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1433 bit_rate = rpn->bit_rate; 1443 bit_rate = rpn->bit_rate;
1434 if (bit_rate != RFCOMM_RPN_BR_115200) { 1444 if (bit_rate > RFCOMM_RPN_BR_230400) {
1435 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1445 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1436 bit_rate = RFCOMM_RPN_BR_115200; 1446 bit_rate = RFCOMM_RPN_BR_9600;
1437 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1447 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1438 } 1448 }
1439 } 1449 }
@@ -1698,7 +1708,7 @@ static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1698 break; 1708 break;
1699 1709
1700 default: 1710 default:
1701 BT_ERR("Unknown packet type 0x%02x\n", type); 1711 BT_ERR("Unknown packet type 0x%02x", type);
1702 break; 1712 break;
1703 } 1713 }
1704 kfree_skb(skb); 1714 kfree_skb(skb);
@@ -1882,9 +1892,10 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1882 1892
1883 /* We should adjust MTU on incoming sessions. 1893 /* We should adjust MTU on incoming sessions.
1884 * L2CAP MTU minus UIH header and FCS. */ 1894 * L2CAP MTU minus UIH header and FCS. */
1885 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1895 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1896 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1886 1897
1887 rfcomm_schedule(RFCOMM_SCHED_RX); 1898 rfcomm_schedule();
1888 } else 1899 } else
1889 sock_release(nsock); 1900 sock_release(nsock);
1890} 1901}
@@ -1895,13 +1906,13 @@ static inline void rfcomm_check_connection(struct rfcomm_session *s)
1895 1906
1896 BT_DBG("%p state %ld", s, s->state); 1907 BT_DBG("%p state %ld", s, s->state);
1897 1908
1898 switch(sk->sk_state) { 1909 switch (sk->sk_state) {
1899 case BT_CONNECTED: 1910 case BT_CONNECTED:
1900 s->state = BT_CONNECT; 1911 s->state = BT_CONNECT;
1901 1912
1902 /* We can adjust MTU on outgoing sessions. 1913 /* We can adjust MTU on outgoing sessions.
1903 * L2CAP MTU minus UIH header and FCS. */ 1914 * L2CAP MTU minus UIH header and FCS. */
1904 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1915 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1905 1916
1906 rfcomm_send_sabm(s, 0); 1917 rfcomm_send_sabm(s, 0);
1907 break; 1918 break;
@@ -1984,7 +1995,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1984 /* Set L2CAP options */ 1995 /* Set L2CAP options */
1985 sk = sock->sk; 1996 sk = sock->sk;
1986 lock_sock(sk); 1997 lock_sock(sk);
1987 l2cap_pi(sk)->imtu = l2cap_mtu; 1998 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1988 release_sock(sk); 1999 release_sock(sk);
1989 2000
1990 /* Start listening on the socket */ 2001 /* Start listening on the socket */
@@ -2085,7 +2096,7 @@ static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2085 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2096 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2086 continue; 2097 continue;
2087 2098
2088 if (!status) 2099 if (!status && hci_conn_check_secure(conn, d->sec_level))
2089 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2100 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2090 else 2101 else
2091 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2102 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
@@ -2093,7 +2104,7 @@ static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2093 2104
2094 rfcomm_session_put(s); 2105 rfcomm_session_put(s);
2095 2106
2096 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2107 rfcomm_schedule();
2097} 2108}
2098 2109
2099static struct hci_cb rfcomm_cb = { 2110static struct hci_cb rfcomm_cb = {
@@ -2146,8 +2157,6 @@ static int __init rfcomm_init(void)
2146{ 2157{
2147 int err; 2158 int err;
2148 2159
2149 l2cap_load();
2150
2151 hci_register_cb(&rfcomm_cb); 2160 hci_register_cb(&rfcomm_cb);
2152 2161
2153 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2162 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 194b3a04cfd3..1b10727ce523 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -45,7 +45,7 @@
45#include <net/sock.h> 45#include <net/sock.h>
46 46
47#include <asm/system.h> 47#include <asm/system.h>
48#include <asm/uaccess.h> 48#include <linux/uaccess.h>
49 49
50#include <net/bluetooth/bluetooth.h> 50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h> 51#include <net/bluetooth/hci_core.h>
@@ -140,11 +140,13 @@ static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
140/* Find socket with channel and source bdaddr. 140/* Find socket with channel and source bdaddr.
141 * Returns closest match. 141 * Returns closest match.
142 */ 142 */
143static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src) 143static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
144{ 144{
145 struct sock *sk = NULL, *sk1 = NULL; 145 struct sock *sk = NULL, *sk1 = NULL;
146 struct hlist_node *node; 146 struct hlist_node *node;
147 147
148 read_lock(&rfcomm_sk_list.lock);
149
148 sk_for_each(sk, node, &rfcomm_sk_list.head) { 150 sk_for_each(sk, node, &rfcomm_sk_list.head) {
149 if (state && sk->sk_state != state) 151 if (state && sk->sk_state != state)
150 continue; 152 continue;
@@ -159,19 +161,10 @@ static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t
159 sk1 = sk; 161 sk1 = sk;
160 } 162 }
161 } 163 }
162 return node ? sk : sk1;
163}
164 164
165/* Find socket with given address (channel, src).
166 * Returns locked socket */
167static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
168{
169 struct sock *s;
170 read_lock(&rfcomm_sk_list.lock);
171 s = __rfcomm_get_sock_by_channel(state, channel, src);
172 if (s) bh_lock_sock(s);
173 read_unlock(&rfcomm_sk_list.lock); 165 read_unlock(&rfcomm_sk_list.lock);
174 return s; 166
167 return node ? sk : sk1;
175} 168}
176 169
177static void rfcomm_sock_destruct(struct sock *sk) 170static void rfcomm_sock_destruct(struct sock *sk)
@@ -621,121 +614,29 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
621 return sent; 614 return sent;
622} 615}
623 616
624static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
625{
626 DECLARE_WAITQUEUE(wait, current);
627
628 add_wait_queue(sk_sleep(sk), &wait);
629 for (;;) {
630 set_current_state(TASK_INTERRUPTIBLE);
631
632 if (!skb_queue_empty(&sk->sk_receive_queue) ||
633 sk->sk_err ||
634 (sk->sk_shutdown & RCV_SHUTDOWN) ||
635 signal_pending(current) ||
636 !timeo)
637 break;
638
639 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
640 release_sock(sk);
641 timeo = schedule_timeout(timeo);
642 lock_sock(sk);
643 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
644 }
645
646 __set_current_state(TASK_RUNNING);
647 remove_wait_queue(sk_sleep(sk), &wait);
648 return timeo;
649}
650
651static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 617static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
652 struct msghdr *msg, size_t size, int flags) 618 struct msghdr *msg, size_t size, int flags)
653{ 619{
654 struct sock *sk = sock->sk; 620 struct sock *sk = sock->sk;
655 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 621 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
656 int err = 0; 622 int len;
657 size_t target, copied = 0;
658 long timeo;
659 623
660 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 624 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
661 rfcomm_dlc_accept(d); 625 rfcomm_dlc_accept(d);
662 return 0; 626 return 0;
663 } 627 }
664 628
665 if (flags & MSG_OOB) 629 len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags);
666 return -EOPNOTSUPP;
667
668 msg->msg_namelen = 0;
669
670 BT_DBG("sk %p size %zu", sk, size);
671 630
672 lock_sock(sk); 631 lock_sock(sk);
632 if (!(flags & MSG_PEEK) && len > 0)
633 atomic_sub(len, &sk->sk_rmem_alloc);
673 634
674 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
675 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
676
677 do {
678 struct sk_buff *skb;
679 int chunk;
680
681 skb = skb_dequeue(&sk->sk_receive_queue);
682 if (!skb) {
683 if (copied >= target)
684 break;
685
686 if ((err = sock_error(sk)) != 0)
687 break;
688 if (sk->sk_shutdown & RCV_SHUTDOWN)
689 break;
690
691 err = -EAGAIN;
692 if (!timeo)
693 break;
694
695 timeo = rfcomm_sock_data_wait(sk, timeo);
696
697 if (signal_pending(current)) {
698 err = sock_intr_errno(timeo);
699 goto out;
700 }
701 continue;
702 }
703
704 chunk = min_t(unsigned int, skb->len, size);
705 if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
706 skb_queue_head(&sk->sk_receive_queue, skb);
707 if (!copied)
708 copied = -EFAULT;
709 break;
710 }
711 copied += chunk;
712 size -= chunk;
713
714 sock_recv_ts_and_drops(msg, sk, skb);
715
716 if (!(flags & MSG_PEEK)) {
717 atomic_sub(chunk, &sk->sk_rmem_alloc);
718
719 skb_pull(skb, chunk);
720 if (skb->len) {
721 skb_queue_head(&sk->sk_receive_queue, skb);
722 break;
723 }
724 kfree_skb(skb);
725
726 } else {
727 /* put message back and return */
728 skb_queue_head(&sk->sk_receive_queue, skb);
729 break;
730 }
731 } while (size);
732
733out:
734 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) 635 if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2))
735 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); 636 rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc);
736
737 release_sock(sk); 637 release_sock(sk);
738 return copied ? : err; 638
639 return len;
739} 640}
740 641
741static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 642static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
@@ -842,6 +743,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
842 struct sock *sk = sock->sk; 743 struct sock *sk = sock->sk;
843 struct sock *l2cap_sk; 744 struct sock *l2cap_sk;
844 struct rfcomm_conninfo cinfo; 745 struct rfcomm_conninfo cinfo;
746 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
845 int len, err = 0; 747 int len, err = 0;
846 u32 opt; 748 u32 opt;
847 749
@@ -886,8 +788,9 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
886 788
887 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; 789 l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
888 790
889 cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle; 791 memset(&cinfo, 0, sizeof(cinfo));
890 memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3); 792 cinfo.hci_handle = conn->hcon->handle;
793 memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
891 794
892 len = min_t(unsigned int, len, sizeof(cinfo)); 795 len = min_t(unsigned int, len, sizeof(cinfo));
893 if (copy_to_user(optval, (char *) &cinfo, len)) 796 if (copy_to_user(optval, (char *) &cinfo, len))
@@ -987,7 +890,8 @@ static int rfcomm_sock_shutdown(struct socket *sock, int how)
987 890
988 BT_DBG("sock %p, sk %p", sock, sk); 891 BT_DBG("sock %p, sk %p", sock, sk);
989 892
990 if (!sk) return 0; 893 if (!sk)
894 return 0;
991 895
992 lock_sock(sk); 896 lock_sock(sk);
993 if (!sk->sk_shutdown) { 897 if (!sk->sk_shutdown) {
@@ -1037,6 +941,8 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
1037 if (!parent) 941 if (!parent)
1038 return 0; 942 return 0;
1039 943
944 bh_lock_sock(parent);
945
1040 /* Check for backlog size */ 946 /* Check for backlog size */
1041 if (sk_acceptq_is_full(parent)) { 947 if (sk_acceptq_is_full(parent)) {
1042 BT_DBG("backlog full %d", parent->sk_ack_backlog); 948 BT_DBG("backlog full %d", parent->sk_ack_backlog);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index befc3a52aa04..c258796313e0 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -58,9 +58,9 @@ struct rfcomm_dev {
58 58
59 bdaddr_t src; 59 bdaddr_t src;
60 bdaddr_t dst; 60 bdaddr_t dst;
61 u8 channel; 61 u8 channel;
62 62
63 uint modem_status; 63 uint modem_status;
64 64
65 struct rfcomm_dlc *dlc; 65 struct rfcomm_dlc *dlc;
66 struct tty_struct *tty; 66 struct tty_struct *tty;
@@ -69,7 +69,7 @@ struct rfcomm_dev {
69 69
70 struct device *tty_dev; 70 struct device *tty_dev;
71 71
72 atomic_t wmem_alloc; 72 atomic_t wmem_alloc;
73 73
74 struct sk_buff_head pending; 74 struct sk_buff_head pending;
75}; 75};
@@ -183,9 +183,7 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
183static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 183static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
184{ 184{
185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
186 bdaddr_t bdaddr; 186 return sprintf(buf, "%s\n", batostr(&dev->dst));
187 baswap(&bdaddr, &dev->dst);
188 return sprintf(buf, "%s\n", batostr(&bdaddr));
189} 187}
190 188
191static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 189static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
@@ -433,7 +431,8 @@ static int rfcomm_release_dev(void __user *arg)
433 431
434 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 432 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
435 433
436 if (!(dev = rfcomm_dev_get(req.dev_id))) 434 dev = rfcomm_dev_get(req.dev_id);
435 if (!dev)
437 return -ENODEV; 436 return -ENODEV;
438 437
439 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 438 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
@@ -472,7 +471,8 @@ static int rfcomm_get_dev_list(void __user *arg)
472 471
473 size = sizeof(*dl) + dev_num * sizeof(*di); 472 size = sizeof(*dl) + dev_num * sizeof(*di);
474 473
475 if (!(dl = kmalloc(size, GFP_KERNEL))) 474 dl = kmalloc(size, GFP_KERNEL);
475 if (!dl)
476 return -ENOMEM; 476 return -ENOMEM;
477 477
478 di = dl->dev_info; 478 di = dl->dev_info;
@@ -515,7 +515,8 @@ static int rfcomm_get_dev_info(void __user *arg)
515 if (copy_from_user(&di, arg, sizeof(di))) 515 if (copy_from_user(&di, arg, sizeof(di)))
516 return -EFAULT; 516 return -EFAULT;
517 517
518 if (!(dev = rfcomm_dev_get(di.id))) 518 dev = rfcomm_dev_get(di.id);
519 if (!dev)
519 return -ENODEV; 520 return -ENODEV;
520 521
521 di.flags = dev->flags; 522 di.flags = dev->flags;
@@ -563,7 +564,8 @@ static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
563 return; 564 return;
564 } 565 }
565 566
566 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) { 567 tty = dev->tty;
568 if (!tty || !skb_queue_empty(&dev->pending)) {
567 skb_queue_tail(&dev->pending, skb); 569 skb_queue_tail(&dev->pending, skb);
568 return; 570 return;
569 } 571 }
@@ -725,7 +727,9 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
725 break; 727 break;
726 } 728 }
727 729
730 tty_unlock();
728 schedule(); 731 schedule();
732 tty_lock();
729 } 733 }
730 set_current_state(TASK_RUNNING); 734 set_current_state(TASK_RUNNING);
731 remove_wait_queue(&dev->wait, &wait); 735 remove_wait_queue(&dev->wait, &wait);
@@ -798,7 +802,8 @@ static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, in
798 802
799 memcpy(skb_put(skb, size), buf + sent, size); 803 memcpy(skb_put(skb, size), buf + sent, size);
800 804
801 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 805 err = rfcomm_dlc_send(dlc, skb);
806 if (err < 0) {
802 kfree_skb(skb); 807 kfree_skb(skb);
803 break; 808 break;
804 } 809 }
@@ -827,7 +832,7 @@ static int rfcomm_tty_write_room(struct tty_struct *tty)
827 return room; 832 return room;
828} 833}
829 834
830static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 835static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
831{ 836{
832 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 837 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
833 838
@@ -844,10 +849,6 @@ static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned
844 BT_DBG("TIOCMIWAIT"); 849 BT_DBG("TIOCMIWAIT");
845 break; 850 break;
846 851
847 case TIOCGICOUNT:
848 BT_DBG("TIOCGICOUNT");
849 break;
850
851 case TIOCGSERIAL: 852 case TIOCGSERIAL:
852 BT_ERR("TIOCGSERIAL is not supported"); 853 BT_ERR("TIOCGSERIAL is not supported");
853 return -ENOIOCTLCMD; 854 return -ENOIOCTLCMD;
@@ -898,7 +899,7 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
898 899
899 /* Parity on/off and when on, odd/even */ 900 /* Parity on/off and when on, odd/even */
900 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 901 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
901 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 902 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
902 changes |= RFCOMM_RPN_PM_PARITY; 903 changes |= RFCOMM_RPN_PM_PARITY;
903 BT_DBG("Parity change detected."); 904 BT_DBG("Parity change detected.");
904 } 905 }
@@ -943,11 +944,10 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
943 /* POSIX does not support 1.5 stop bits and RFCOMM does not 944 /* POSIX does not support 1.5 stop bits and RFCOMM does not
944 * support 2 stop bits. So a request for 2 stop bits gets 945 * support 2 stop bits. So a request for 2 stop bits gets
945 * translated to 1.5 stop bits */ 946 * translated to 1.5 stop bits */
946 if (new->c_cflag & CSTOPB) { 947 if (new->c_cflag & CSTOPB)
947 stop_bits = RFCOMM_RPN_STOP_15; 948 stop_bits = RFCOMM_RPN_STOP_15;
948 } else { 949 else
949 stop_bits = RFCOMM_RPN_STOP_1; 950 stop_bits = RFCOMM_RPN_STOP_1;
950 }
951 951
952 /* Handle number of data bits [5-8] */ 952 /* Handle number of data bits [5-8] */
953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
@@ -1091,7 +1091,7 @@ static void rfcomm_tty_hangup(struct tty_struct *tty)
1091 } 1091 }
1092} 1092}
1093 1093
1094static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1094static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1095{ 1095{
1096 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1096 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1097 1097
@@ -1100,7 +1100,7 @@ static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1100 return dev->modem_status; 1100 return dev->modem_status;
1101} 1101}
1102 1102
1103static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1103static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1104{ 1104{
1105 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1105 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1106 struct rfcomm_dlc *dlc = dev->dlc; 1106 struct rfcomm_dlc *dlc = dev->dlc;
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-14 17:49:55 -0400