1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 /* Refcount should only hit zero when called from rfcomm_dev_del() 99 which will have taken us off the list. Everything else are 100 refcounting bugs. */ 101 BUG_ON(!list_empty(&dev->list)); 102 103 rfcomm_dlc_lock(dlc); 104 /* Detach DLC if it's owned by this dev */ 105 if (dlc->owner == dev) 106 dlc->owner = NULL; 107 rfcomm_dlc_unlock(dlc); 108 109 rfcomm_dlc_put(dlc); 110 111 tty_unregister_device(rfcomm_tty_driver, dev->id); 112 113 kfree(dev); 114 115 /* It's safe to call module_put() here because socket still 116 holds reference to this module. */ 117 module_put(THIS_MODULE); 118 } 119 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 121 { 122 atomic_inc(&dev->refcnt); 123 } 124 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 126 { 127 /* The reason this isn't actually a race, as you no 128 doubt have a little voice screaming at you in your 129 head, is that the refcount should never actually 130 reach zero unless the device has already been taken 131 off the list, in rfcomm_dev_del(). And if that's not 132 true, we'll hit the BUG() in rfcomm_dev_destruct() 133 anyway. */ 134 if (atomic_dec_and_test(&dev->refcnt)) 135 rfcomm_dev_destruct(dev); 136 } 137 138 static struct rfcomm_dev *__rfcomm_dev_get(int id) 139 { 140 struct rfcomm_dev *dev; 141 struct list_head *p; 142 143 list_for_each(p, &rfcomm_dev_list) { 144 dev = list_entry(p, struct rfcomm_dev, list); 145 if (dev->id == id) 146 return dev; 147 } 148 149 return NULL; 150 } 151 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 read_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 160 if (dev) { 161 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 162 dev = NULL; 163 else 164 rfcomm_dev_hold(dev); 165 } 166 167 read_unlock(&rfcomm_dev_lock); 168 169 return dev; 170 } 171 172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 173 { 174 struct hci_dev *hdev; 175 struct hci_conn *conn; 176 177 hdev = hci_get_route(&dev->dst, &dev->src); 178 if (!hdev) 179 return NULL; 180 181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 182 183 hci_dev_put(hdev); 184 185 return conn ? &conn->dev : NULL; 186 } 187 188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 189 { 190 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 191 bdaddr_t bdaddr; 192 baswap(&bdaddr, &dev->dst); 193 return sprintf(buf, "%s\n", batostr(&bdaddr)); 194 } 195 196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 197 { 198 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 199 return sprintf(buf, "%d\n", dev->channel); 200 } 201 202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 204 205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 206 { 207 struct rfcomm_dev *dev; 208 struct list_head *head = &rfcomm_dev_list, *p; 209 int err = 0; 210 211 BT_DBG("id %d channel %d", req->dev_id, req->channel); 212 213 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 214 if (!dev) 215 return -ENOMEM; 216 217 write_lock_bh(&rfcomm_dev_lock); 218 219 if (req->dev_id < 0) { 220 dev->id = 0; 221 222 list_for_each(p, &rfcomm_dev_list) { 223 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 224 break; 225 226 dev->id++; 227 head = p; 228 } 229 } else { 230 dev->id = req->dev_id; 231 232 list_for_each(p, &rfcomm_dev_list) { 233 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 234 235 if (entry->id == dev->id) { 236 err = -EADDRINUSE; 237 goto out; 238 } 239 240 if (entry->id > dev->id - 1) 241 break; 242 243 head = p; 244 } 245 } 246 247 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 248 err = -ENFILE; 249 goto out; 250 } 251 252 sprintf(dev->name, "rfcomm%d", dev->id); 253 254 list_add(&dev->list, head); 255 atomic_set(&dev->refcnt, 1); 256 257 bacpy(&dev->src, &req->src); 258 bacpy(&dev->dst, &req->dst); 259 dev->channel = req->channel; 260 261 dev->flags = req->flags & 262 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 263 264 init_waitqueue_head(&dev->wait); 265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 266 267 rfcomm_dlc_lock(dlc); 268 dlc->data_ready = rfcomm_dev_data_ready; 269 dlc->state_change = rfcomm_dev_state_change; 270 dlc->modem_status = rfcomm_dev_modem_status; 271 272 dlc->owner = dev; 273 dev->dlc = dlc; 274 275 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 276 277 rfcomm_dlc_unlock(dlc); 278 279 /* It's safe to call __module_get() here because socket already 280 holds reference to this module. */ 281 __module_get(THIS_MODULE); 282 283 out: 284 write_unlock_bh(&rfcomm_dev_lock); 285 286 if (err < 0) { 287 kfree(dev); 288 return err; 289 } 290 291 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 292 293 if (IS_ERR(dev->tty_dev)) { 294 err = PTR_ERR(dev->tty_dev); 295 list_del(&dev->list); 296 kfree(dev); 297 return err; 298 } 299 300 dev_set_drvdata(dev->tty_dev, dev); 301 302 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 303 BT_ERR("Failed to create address attribute"); 304 305 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 306 BT_ERR("Failed to create channel attribute"); 307 308 return dev->id; 309 } 310 311 static void rfcomm_dev_del(struct rfcomm_dev *dev) 312 { 313 BT_DBG("dev %p", dev); 314 315 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 316 BUG_ON(1); 317 else 318 set_bit(RFCOMM_TTY_RELEASED, &dev->flags); 319 320 write_lock_bh(&rfcomm_dev_lock); 321 list_del_init(&dev->list); 322 write_unlock_bh(&rfcomm_dev_lock); 323 324 rfcomm_dev_put(dev); 325 } 326 327 /* ---- Send buffer ---- */ 328 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 329 { 330 /* We can't let it be zero, because we don't get a callback 331 when tx_credits becomes nonzero, hence we'd never wake up */ 332 return dlc->mtu * (dlc->tx_credits?:1); 333 } 334 335 static void rfcomm_wfree(struct sk_buff *skb) 336 { 337 struct rfcomm_dev *dev = (void *) skb->sk; 338 atomic_sub(skb->truesize, &dev->wmem_alloc); 339 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 340 tasklet_schedule(&dev->wakeup_task); 341 rfcomm_dev_put(dev); 342 } 343 344 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 345 { 346 rfcomm_dev_hold(dev); 347 atomic_add(skb->truesize, &dev->wmem_alloc); 348 skb->sk = (void *) dev; 349 skb->destructor = rfcomm_wfree; 350 } 351 352 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 353 { 354 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 355 struct sk_buff *skb = alloc_skb(size, priority); 356 if (skb) { 357 rfcomm_set_owner_w(skb, dev); 358 return skb; 359 } 360 } 361 return NULL; 362 } 363 364 /* ---- Device IOCTLs ---- */ 365 366 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 367 368 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 369 { 370 struct rfcomm_dev_req req; 371 struct rfcomm_dlc *dlc; 372 int id; 373 374 if (copy_from_user(&req, arg, sizeof(req))) 375 return -EFAULT; 376 377 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 378 379 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 380 return -EPERM; 381 382 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 383 /* Socket must be connected */ 384 if (sk->sk_state != BT_CONNECTED) 385 return -EBADFD; 386 387 dlc = rfcomm_pi(sk)->dlc; 388 rfcomm_dlc_hold(dlc); 389 } else { 390 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 391 if (!dlc) 392 return -ENOMEM; 393 } 394 395 id = rfcomm_dev_add(&req, dlc); 396 if (id < 0) { 397 rfcomm_dlc_put(dlc); 398 return id; 399 } 400 401 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 402 /* DLC is now used by device. 403 * Socket must be disconnected */ 404 sk->sk_state = BT_CLOSED; 405 } 406 407 return id; 408 } 409 410 static int rfcomm_release_dev(void __user *arg) 411 { 412 struct rfcomm_dev_req req; 413 struct rfcomm_dev *dev; 414 415 if (copy_from_user(&req, arg, sizeof(req))) 416 return -EFAULT; 417 418 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 419 420 if (!(dev = rfcomm_dev_get(req.dev_id))) 421 return -ENODEV; 422 423 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 424 rfcomm_dev_put(dev); 425 return -EPERM; 426 } 427 428 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 429 rfcomm_dlc_close(dev->dlc, 0); 430 431 /* Shut down TTY synchronously before freeing rfcomm_dev */ 432 if (dev->tty) 433 tty_vhangup(dev->tty); 434 435 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 436 rfcomm_dev_del(dev); 437 rfcomm_dev_put(dev); 438 return 0; 439 } 440 441 static int rfcomm_get_dev_list(void __user *arg) 442 { 443 struct rfcomm_dev_list_req *dl; 444 struct rfcomm_dev_info *di; 445 struct list_head *p; 446 int n = 0, size, err; 447 u16 dev_num; 448 449 BT_DBG(""); 450 451 if (get_user(dev_num, (u16 __user *) arg)) 452 return -EFAULT; 453 454 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 455 return -EINVAL; 456 457 size = sizeof(*dl) + dev_num * sizeof(*di); 458 459 if (!(dl = kmalloc(size, GFP_KERNEL))) 460 return -ENOMEM; 461 462 di = dl->dev_info; 463 464 read_lock_bh(&rfcomm_dev_lock); 465 466 list_for_each(p, &rfcomm_dev_list) { 467 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 468 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 469 continue; 470 (di + n)->id = dev->id; 471 (di + n)->flags = dev->flags; 472 (di + n)->state = dev->dlc->state; 473 (di + n)->channel = dev->channel; 474 bacpy(&(di + n)->src, &dev->src); 475 bacpy(&(di + n)->dst, &dev->dst); 476 if (++n >= dev_num) 477 break; 478 } 479 480 read_unlock_bh(&rfcomm_dev_lock); 481 482 dl->dev_num = n; 483 size = sizeof(*dl) + n * sizeof(*di); 484 485 err = copy_to_user(arg, dl, size); 486 kfree(dl); 487 488 return err ? -EFAULT : 0; 489 } 490 491 static int rfcomm_get_dev_info(void __user *arg) 492 { 493 struct rfcomm_dev *dev; 494 struct rfcomm_dev_info di; 495 int err = 0; 496 497 BT_DBG(""); 498 499 if (copy_from_user(&di, arg, sizeof(di))) 500 return -EFAULT; 501 502 if (!(dev = rfcomm_dev_get(di.id))) 503 return -ENODEV; 504 505 di.flags = dev->flags; 506 di.channel = dev->channel; 507 di.state = dev->dlc->state; 508 bacpy(&di.src, &dev->src); 509 bacpy(&di.dst, &dev->dst); 510 511 if (copy_to_user(arg, &di, sizeof(di))) 512 err = -EFAULT; 513 514 rfcomm_dev_put(dev); 515 return err; 516 } 517 518 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 519 { 520 BT_DBG("cmd %d arg %p", cmd, arg); 521 522 switch (cmd) { 523 case RFCOMMCREATEDEV: 524 return rfcomm_create_dev(sk, arg); 525 526 case RFCOMMRELEASEDEV: 527 return rfcomm_release_dev(arg); 528 529 case RFCOMMGETDEVLIST: 530 return rfcomm_get_dev_list(arg); 531 532 case RFCOMMGETDEVINFO: 533 return rfcomm_get_dev_info(arg); 534 } 535 536 return -EINVAL; 537 } 538 539 /* ---- DLC callbacks ---- */ 540 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 541 { 542 struct rfcomm_dev *dev = dlc->owner; 543 struct tty_struct *tty; 544 545 if (!dev || !(tty = dev->tty)) { 546 kfree_skb(skb); 547 return; 548 } 549 550 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 551 552 tty_insert_flip_string(tty, skb->data, skb->len); 553 tty_flip_buffer_push(tty); 554 555 kfree_skb(skb); 556 } 557 558 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 559 { 560 struct rfcomm_dev *dev = dlc->owner; 561 if (!dev) 562 return; 563 564 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 565 566 dev->err = err; 567 wake_up_interruptible(&dev->wait); 568 569 if (dlc->state == BT_CLOSED) { 570 if (!dev->tty) { 571 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 572 /* Drop DLC lock here to avoid deadlock 573 * 1. rfcomm_dev_get will take rfcomm_dev_lock 574 * but in rfcomm_dev_add there's lock order: 575 * rfcomm_dev_lock -> dlc lock 576 * 2. rfcomm_dev_put will deadlock if it's 577 * the last reference 578 */ 579 rfcomm_dlc_unlock(dlc); 580 if (rfcomm_dev_get(dev->id) == NULL) { 581 rfcomm_dlc_lock(dlc); 582 return; 583 } 584 585 rfcomm_dev_del(dev); 586 rfcomm_dev_put(dev); 587 rfcomm_dlc_lock(dlc); 588 } 589 } else 590 tty_hangup(dev->tty); 591 } 592 } 593 594 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 595 { 596 struct rfcomm_dev *dev = dlc->owner; 597 if (!dev) 598 return; 599 600 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 601 602 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 603 if (dev->tty && !C_CLOCAL(dev->tty)) 604 tty_hangup(dev->tty); 605 } 606 607 dev->modem_status = 608 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 609 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 610 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 611 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 612 } 613 614 /* ---- TTY functions ---- */ 615 static void rfcomm_tty_wakeup(unsigned long arg) 616 { 617 struct rfcomm_dev *dev = (void *) arg; 618 struct tty_struct *tty = dev->tty; 619 if (!tty) 620 return; 621 622 BT_DBG("dev %p tty %p", dev, tty); 623 624 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 625 (tty->ldisc.write_wakeup)(tty); 626 627 wake_up_interruptible(&tty->write_wait); 628 #ifdef SERIAL_HAVE_POLL_WAIT 629 wake_up_interruptible(&tty->poll_wait); 630 #endif 631 } 632 633 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 634 { 635 DECLARE_WAITQUEUE(wait, current); 636 struct rfcomm_dev *dev; 637 struct rfcomm_dlc *dlc; 638 int err, id; 639 640 id = tty->index; 641 642 BT_DBG("tty %p id %d", tty, id); 643 644 /* We don't leak this refcount. For reasons which are not entirely 645 clear, the TTY layer will call our ->close() method even if the 646 open fails. We decrease the refcount there, and decreasing it 647 here too would cause breakage. */ 648 dev = rfcomm_dev_get(id); 649 if (!dev) 650 return -ENODEV; 651 652 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 653 654 if (dev->opened++ != 0) 655 return 0; 656 657 dlc = dev->dlc; 658 659 /* Attach TTY and open DLC */ 660 661 rfcomm_dlc_lock(dlc); 662 tty->driver_data = dev; 663 dev->tty = tty; 664 rfcomm_dlc_unlock(dlc); 665 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 666 667 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 668 if (err < 0) 669 return err; 670 671 /* Wait for DLC to connect */ 672 add_wait_queue(&dev->wait, &wait); 673 while (1) { 674 set_current_state(TASK_INTERRUPTIBLE); 675 676 if (dlc->state == BT_CLOSED) { 677 err = -dev->err; 678 break; 679 } 680 681 if (dlc->state == BT_CONNECTED) 682 break; 683 684 if (signal_pending(current)) { 685 err = -EINTR; 686 break; 687 } 688 689 schedule(); 690 } 691 set_current_state(TASK_RUNNING); 692 remove_wait_queue(&dev->wait, &wait); 693 694 if (err == 0) 695 device_move(dev->tty_dev, rfcomm_get_device(dev)); 696 697 return err; 698 } 699 700 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 701 { 702 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 703 if (!dev) 704 return; 705 706 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 707 708 if (--dev->opened == 0) { 709 if (dev->tty_dev->parent) 710 device_move(dev->tty_dev, NULL); 711 712 /* Close DLC and dettach TTY */ 713 rfcomm_dlc_close(dev->dlc, 0); 714 715 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 716 tasklet_kill(&dev->wakeup_task); 717 718 rfcomm_dlc_lock(dev->dlc); 719 tty->driver_data = NULL; 720 dev->tty = NULL; 721 rfcomm_dlc_unlock(dev->dlc); 722 } 723 724 rfcomm_dev_put(dev); 725 } 726 727 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 728 { 729 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 730 struct rfcomm_dlc *dlc = dev->dlc; 731 struct sk_buff *skb; 732 int err = 0, sent = 0, size; 733 734 BT_DBG("tty %p count %d", tty, count); 735 736 while (count) { 737 size = min_t(uint, count, dlc->mtu); 738 739 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 740 741 if (!skb) 742 break; 743 744 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 745 746 memcpy(skb_put(skb, size), buf + sent, size); 747 748 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 749 kfree_skb(skb); 750 break; 751 } 752 753 sent += size; 754 count -= size; 755 } 756 757 return sent ? sent : err; 758 } 759 760 static int rfcomm_tty_write_room(struct tty_struct *tty) 761 { 762 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 763 int room; 764 765 BT_DBG("tty %p", tty); 766 767 if (!dev || !dev->dlc) 768 return 0; 769 770 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 771 if (room < 0) 772 room = 0; 773 774 return room; 775 } 776 777 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 778 { 779 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 780 781 switch (cmd) { 782 case TCGETS: 783 BT_DBG("TCGETS is not supported"); 784 return -ENOIOCTLCMD; 785 786 case TCSETS: 787 BT_DBG("TCSETS is not supported"); 788 return -ENOIOCTLCMD; 789 790 case TIOCMIWAIT: 791 BT_DBG("TIOCMIWAIT"); 792 break; 793 794 case TIOCGICOUNT: 795 BT_DBG("TIOCGICOUNT"); 796 break; 797 798 case TIOCGSERIAL: 799 BT_ERR("TIOCGSERIAL is not supported"); 800 return -ENOIOCTLCMD; 801 802 case TIOCSSERIAL: 803 BT_ERR("TIOCSSERIAL is not supported"); 804 return -ENOIOCTLCMD; 805 806 case TIOCSERGSTRUCT: 807 BT_ERR("TIOCSERGSTRUCT is not supported"); 808 return -ENOIOCTLCMD; 809 810 case TIOCSERGETLSR: 811 BT_ERR("TIOCSERGETLSR is not supported"); 812 return -ENOIOCTLCMD; 813 814 case TIOCSERCONFIG: 815 BT_ERR("TIOCSERCONFIG is not supported"); 816 return -ENOIOCTLCMD; 817 818 default: 819 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 820 821 } 822 823 return -ENOIOCTLCMD; 824 } 825 826 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 827 { 828 struct ktermios *new = tty->termios; 829 int old_baud_rate = tty_termios_baud_rate(old); 830 int new_baud_rate = tty_termios_baud_rate(new); 831 832 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 833 u16 changes = 0; 834 835 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 836 837 BT_DBG("tty %p termios %p", tty, old); 838 839 if (!dev || !dev->dlc || !dev->dlc->session) 840 return; 841 842 /* Handle turning off CRTSCTS */ 843 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 844 BT_DBG("Turning off CRTSCTS unsupported"); 845 846 /* Parity on/off and when on, odd/even */ 847 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 848 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 849 changes |= RFCOMM_RPN_PM_PARITY; 850 BT_DBG("Parity change detected."); 851 } 852 853 /* Mark and space parity are not supported! */ 854 if (new->c_cflag & PARENB) { 855 if (new->c_cflag & PARODD) { 856 BT_DBG("Parity is ODD"); 857 parity = RFCOMM_RPN_PARITY_ODD; 858 } else { 859 BT_DBG("Parity is EVEN"); 860 parity = RFCOMM_RPN_PARITY_EVEN; 861 } 862 } else { 863 BT_DBG("Parity is OFF"); 864 parity = RFCOMM_RPN_PARITY_NONE; 865 } 866 867 /* Setting the x_on / x_off characters */ 868 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 869 BT_DBG("XOFF custom"); 870 x_on = new->c_cc[VSTOP]; 871 changes |= RFCOMM_RPN_PM_XON; 872 } else { 873 BT_DBG("XOFF default"); 874 x_on = RFCOMM_RPN_XON_CHAR; 875 } 876 877 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 878 BT_DBG("XON custom"); 879 x_off = new->c_cc[VSTART]; 880 changes |= RFCOMM_RPN_PM_XOFF; 881 } else { 882 BT_DBG("XON default"); 883 x_off = RFCOMM_RPN_XOFF_CHAR; 884 } 885 886 /* Handle setting of stop bits */ 887 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 888 changes |= RFCOMM_RPN_PM_STOP; 889 890 /* POSIX does not support 1.5 stop bits and RFCOMM does not 891 * support 2 stop bits. So a request for 2 stop bits gets 892 * translated to 1.5 stop bits */ 893 if (new->c_cflag & CSTOPB) { 894 stop_bits = RFCOMM_RPN_STOP_15; 895 } else { 896 stop_bits = RFCOMM_RPN_STOP_1; 897 } 898 899 /* Handle number of data bits [5-8] */ 900 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 901 changes |= RFCOMM_RPN_PM_DATA; 902 903 switch (new->c_cflag & CSIZE) { 904 case CS5: 905 data_bits = RFCOMM_RPN_DATA_5; 906 break; 907 case CS6: 908 data_bits = RFCOMM_RPN_DATA_6; 909 break; 910 case CS7: 911 data_bits = RFCOMM_RPN_DATA_7; 912 break; 913 case CS8: 914 data_bits = RFCOMM_RPN_DATA_8; 915 break; 916 default: 917 data_bits = RFCOMM_RPN_DATA_8; 918 break; 919 } 920 921 /* Handle baudrate settings */ 922 if (old_baud_rate != new_baud_rate) 923 changes |= RFCOMM_RPN_PM_BITRATE; 924 925 switch (new_baud_rate) { 926 case 2400: 927 baud = RFCOMM_RPN_BR_2400; 928 break; 929 case 4800: 930 baud = RFCOMM_RPN_BR_4800; 931 break; 932 case 7200: 933 baud = RFCOMM_RPN_BR_7200; 934 break; 935 case 9600: 936 baud = RFCOMM_RPN_BR_9600; 937 break; 938 case 19200: 939 baud = RFCOMM_RPN_BR_19200; 940 break; 941 case 38400: 942 baud = RFCOMM_RPN_BR_38400; 943 break; 944 case 57600: 945 baud = RFCOMM_RPN_BR_57600; 946 break; 947 case 115200: 948 baud = RFCOMM_RPN_BR_115200; 949 break; 950 case 230400: 951 baud = RFCOMM_RPN_BR_230400; 952 break; 953 default: 954 /* 9600 is standard accordinag to the RFCOMM specification */ 955 baud = RFCOMM_RPN_BR_9600; 956 break; 957 958 } 959 960 if (changes) 961 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 962 data_bits, stop_bits, parity, 963 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 964 965 return; 966 } 967 968 static void rfcomm_tty_throttle(struct tty_struct *tty) 969 { 970 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 971 972 BT_DBG("tty %p dev %p", tty, dev); 973 974 rfcomm_dlc_throttle(dev->dlc); 975 } 976 977 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 978 { 979 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 980 981 BT_DBG("tty %p dev %p", tty, dev); 982 983 rfcomm_dlc_unthrottle(dev->dlc); 984 } 985 986 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 987 { 988 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 989 990 BT_DBG("tty %p dev %p", tty, dev); 991 992 if (!dev || !dev->dlc) 993 return 0; 994 995 if (!skb_queue_empty(&dev->dlc->tx_queue)) 996 return dev->dlc->mtu; 997 998 return 0; 999 } 1000 1001 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1002 { 1003 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1004 1005 BT_DBG("tty %p dev %p", tty, dev); 1006 1007 if (!dev || !dev->dlc) 1008 return; 1009 1010 skb_queue_purge(&dev->dlc->tx_queue); 1011 1012 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 1013 tty->ldisc.write_wakeup(tty); 1014 } 1015 1016 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1017 { 1018 BT_DBG("tty %p ch %c", tty, ch); 1019 } 1020 1021 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1022 { 1023 BT_DBG("tty %p timeout %d", tty, timeout); 1024 } 1025 1026 static void rfcomm_tty_hangup(struct tty_struct *tty) 1027 { 1028 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1029 1030 BT_DBG("tty %p dev %p", tty, dev); 1031 1032 if (!dev) 1033 return; 1034 1035 rfcomm_tty_flush_buffer(tty); 1036 1037 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1038 if (rfcomm_dev_get(dev->id) == NULL) 1039 return; 1040 rfcomm_dev_del(dev); 1041 rfcomm_dev_put(dev); 1042 } 1043 } 1044 1045 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1046 { 1047 return 0; 1048 } 1049 1050 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1051 { 1052 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1053 1054 BT_DBG("tty %p dev %p", tty, dev); 1055 1056 return dev->modem_status; 1057 } 1058 1059 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1060 { 1061 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1062 struct rfcomm_dlc *dlc = dev->dlc; 1063 u8 v24_sig; 1064 1065 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1066 1067 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1068 1069 if (set & TIOCM_DSR || set & TIOCM_DTR) 1070 v24_sig |= RFCOMM_V24_RTC; 1071 if (set & TIOCM_RTS || set & TIOCM_CTS) 1072 v24_sig |= RFCOMM_V24_RTR; 1073 if (set & TIOCM_RI) 1074 v24_sig |= RFCOMM_V24_IC; 1075 if (set & TIOCM_CD) 1076 v24_sig |= RFCOMM_V24_DV; 1077 1078 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1079 v24_sig &= ~RFCOMM_V24_RTC; 1080 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1081 v24_sig &= ~RFCOMM_V24_RTR; 1082 if (clear & TIOCM_RI) 1083 v24_sig &= ~RFCOMM_V24_IC; 1084 if (clear & TIOCM_CD) 1085 v24_sig &= ~RFCOMM_V24_DV; 1086 1087 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1088 1089 return 0; 1090 } 1091 1092 /* ---- TTY structure ---- */ 1093 1094 static const struct tty_operations rfcomm_ops = { 1095 .open = rfcomm_tty_open, 1096 .close = rfcomm_tty_close, 1097 .write = rfcomm_tty_write, 1098 .write_room = rfcomm_tty_write_room, 1099 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1100 .flush_buffer = rfcomm_tty_flush_buffer, 1101 .ioctl = rfcomm_tty_ioctl, 1102 .throttle = rfcomm_tty_throttle, 1103 .unthrottle = rfcomm_tty_unthrottle, 1104 .set_termios = rfcomm_tty_set_termios, 1105 .send_xchar = rfcomm_tty_send_xchar, 1106 .hangup = rfcomm_tty_hangup, 1107 .wait_until_sent = rfcomm_tty_wait_until_sent, 1108 .read_proc = rfcomm_tty_read_proc, 1109 .tiocmget = rfcomm_tty_tiocmget, 1110 .tiocmset = rfcomm_tty_tiocmset, 1111 }; 1112 1113 int rfcomm_init_ttys(void) 1114 { 1115 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1116 if (!rfcomm_tty_driver) 1117 return -1; 1118 1119 rfcomm_tty_driver->owner = THIS_MODULE; 1120 rfcomm_tty_driver->driver_name = "rfcomm"; 1121 rfcomm_tty_driver->name = "rfcomm"; 1122 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1123 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1124 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1125 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1126 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1127 rfcomm_tty_driver->init_termios = tty_std_termios; 1128 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1129 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1130 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1131 1132 if (tty_register_driver(rfcomm_tty_driver)) { 1133 BT_ERR("Can't register RFCOMM TTY driver"); 1134 put_tty_driver(rfcomm_tty_driver); 1135 return -1; 1136 } 1137 1138 BT_INFO("RFCOMM TTY layer initialized"); 1139 1140 return 0; 1141 } 1142 1143 void rfcomm_cleanup_ttys(void) 1144 { 1145 tty_unregister_driver(rfcomm_tty_driver); 1146 put_tty_driver(rfcomm_tty_driver); 1147 } 1148