xref: /openbmc/linux/net/bluetooth/rfcomm/tty.c (revision 960603a54aa0d5f4f1c4f1037bcaee571d03cb1e) 
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5 
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9 
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23 
24 /*
25  * RFCOMM TTY.
26  */
27 
28 #include <linux/module.h>
29 
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33 
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37 
38 #define RFCOMM_TTY_MAGIC 0x6d02		/* magic number for rfcomm struct */
39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV	/* whole lotta rfcomm devices */
40 #define RFCOMM_TTY_MAJOR 216		/* device node major id of the usb/bluetooth.c driver */
41 #define RFCOMM_TTY_MINOR 0
42 
43 static struct tty_driver *rfcomm_tty_driver;
44 
45 struct rfcomm_dev {
46 	struct tty_port		port;
47 	struct list_head	list;
48 
49 	char			name[12];
50 	int			id;
51 	unsigned long		flags;
52 	int			err;
53 
54 	bdaddr_t		src;
55 	bdaddr_t		dst;
56 	u8			channel;
57 
58 	uint			modem_status;
59 
60 	struct rfcomm_dlc	*dlc;
61 
62 	struct device		*tty_dev;
63 
64 	atomic_t		wmem_alloc;
65 
66 	struct sk_buff_head	pending;
67 };
68 
69 static LIST_HEAD(rfcomm_dev_list);
70 static DEFINE_SPINLOCK(rfcomm_dev_lock);
71 
72 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
73 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
74 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
75 
76 /* ---- Device functions ---- */
77 
78 static void rfcomm_dev_destruct(struct tty_port *port)
79 {
80 	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
81 	struct rfcomm_dlc *dlc = dev->dlc;
82 
83 	BT_DBG("dev %p dlc %p", dev, dlc);
84 
85 	spin_lock(&rfcomm_dev_lock);
86 	list_del(&dev->list);
87 	spin_unlock(&rfcomm_dev_lock);
88 
89 	rfcomm_dlc_lock(dlc);
90 	/* Detach DLC if it's owned by this dev */
91 	if (dlc->owner == dev)
92 		dlc->owner = NULL;
93 	rfcomm_dlc_unlock(dlc);
94 
95 	rfcomm_dlc_put(dlc);
96 
97 	tty_unregister_device(rfcomm_tty_driver, dev->id);
98 
99 	kfree(dev);
100 
101 	/* It's safe to call module_put() here because socket still
102 	   holds reference to this module. */
103 	module_put(THIS_MODULE);
104 }
105 
106 /* device-specific initialization: open the dlc */
107 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
108 {
109 	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
110 
111 	return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
112 }
113 
114 /* we block the open until the dlc->state becomes BT_CONNECTED */
115 static int rfcomm_dev_carrier_raised(struct tty_port *port)
116 {
117 	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
118 
119 	return (dev->dlc->state == BT_CONNECTED);
120 }
121 
122 /* device-specific cleanup: close the dlc */
123 static void rfcomm_dev_shutdown(struct tty_port *port)
124 {
125 	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126 
127 	if (dev->tty_dev->parent)
128 		device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
129 
130 	/* close the dlc */
131 	rfcomm_dlc_close(dev->dlc, 0);
132 }
133 
134 static const struct tty_port_operations rfcomm_port_ops = {
135 	.destruct = rfcomm_dev_destruct,
136 	.activate = rfcomm_dev_activate,
137 	.shutdown = rfcomm_dev_shutdown,
138 	.carrier_raised = rfcomm_dev_carrier_raised,
139 };
140 
141 static struct rfcomm_dev *__rfcomm_dev_get(int id)
142 {
143 	struct rfcomm_dev *dev;
144 
145 	list_for_each_entry(dev, &rfcomm_dev_list, list)
146 		if (dev->id == id)
147 			return dev;
148 
149 	return NULL;
150 }
151 
152 static struct rfcomm_dev *rfcomm_dev_get(int id)
153 {
154 	struct rfcomm_dev *dev;
155 
156 	spin_lock(&rfcomm_dev_lock);
157 
158 	dev = __rfcomm_dev_get(id);
159 
160 	if (dev && !tty_port_get(&dev->port))
161 		dev = NULL;
162 
163 	spin_unlock(&rfcomm_dev_lock);
164 
165 	return dev;
166 }
167 
168 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
169 {
170 	struct hci_dev *hdev;
171 	struct hci_conn *conn;
172 
173 	hdev = hci_get_route(&dev->dst, &dev->src);
174 	if (!hdev)
175 		return NULL;
176 
177 	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
178 
179 	hci_dev_put(hdev);
180 
181 	return conn ? &conn->dev : NULL;
182 }
183 
184 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
185 {
186 	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
187 	return sprintf(buf, "%pMR\n", &dev->dst);
188 }
189 
190 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
191 {
192 	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
193 	return sprintf(buf, "%d\n", dev->channel);
194 }
195 
196 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
197 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
198 
199 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
200 {
201 	struct rfcomm_dev *dev, *entry;
202 	struct list_head *head = &rfcomm_dev_list;
203 	int err = 0;
204 
205 	BT_DBG("id %d channel %d", req->dev_id, req->channel);
206 
207 	dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
208 	if (!dev)
209 		return -ENOMEM;
210 
211 	spin_lock(&rfcomm_dev_lock);
212 
213 	if (req->dev_id < 0) {
214 		dev->id = 0;
215 
216 		list_for_each_entry(entry, &rfcomm_dev_list, list) {
217 			if (entry->id != dev->id)
218 				break;
219 
220 			dev->id++;
221 			head = &entry->list;
222 		}
223 	} else {
224 		dev->id = req->dev_id;
225 
226 		list_for_each_entry(entry, &rfcomm_dev_list, list) {
227 			if (entry->id == dev->id) {
228 				err = -EADDRINUSE;
229 				goto out;
230 			}
231 
232 			if (entry->id > dev->id - 1)
233 				break;
234 
235 			head = &entry->list;
236 		}
237 	}
238 
239 	if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
240 		err = -ENFILE;
241 		goto out;
242 	}
243 
244 	sprintf(dev->name, "rfcomm%d", dev->id);
245 
246 	list_add(&dev->list, head);
247 
248 	bacpy(&dev->src, &req->src);
249 	bacpy(&dev->dst, &req->dst);
250 	dev->channel = req->channel;
251 
252 	dev->flags = req->flags &
253 		((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
254 
255 	tty_port_init(&dev->port);
256 	dev->port.ops = &rfcomm_port_ops;
257 
258 	skb_queue_head_init(&dev->pending);
259 
260 	rfcomm_dlc_lock(dlc);
261 
262 	if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
263 		struct sock *sk = dlc->owner;
264 		struct sk_buff *skb;
265 
266 		BUG_ON(!sk);
267 
268 		rfcomm_dlc_throttle(dlc);
269 
270 		while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
271 			skb_orphan(skb);
272 			skb_queue_tail(&dev->pending, skb);
273 			atomic_sub(skb->len, &sk->sk_rmem_alloc);
274 		}
275 	}
276 
277 	dlc->data_ready   = rfcomm_dev_data_ready;
278 	dlc->state_change = rfcomm_dev_state_change;
279 	dlc->modem_status = rfcomm_dev_modem_status;
280 
281 	dlc->owner = dev;
282 	dev->dlc   = dlc;
283 
284 	rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
285 
286 	rfcomm_dlc_unlock(dlc);
287 
288 	/* It's safe to call __module_get() here because socket already
289 	   holds reference to this module. */
290 	__module_get(THIS_MODULE);
291 
292 out:
293 	spin_unlock(&rfcomm_dev_lock);
294 
295 	if (err < 0)
296 		goto free;
297 
298 	dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver,
299 			dev->id, NULL);
300 	if (IS_ERR(dev->tty_dev)) {
301 		err = PTR_ERR(dev->tty_dev);
302 		spin_lock(&rfcomm_dev_lock);
303 		list_del(&dev->list);
304 		spin_unlock(&rfcomm_dev_lock);
305 		goto free;
306 	}
307 
308 	dev_set_drvdata(dev->tty_dev, dev);
309 
310 	if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
311 		BT_ERR("Failed to create address attribute");
312 
313 	if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
314 		BT_ERR("Failed to create channel attribute");
315 
316 	return dev->id;
317 
318 free:
319 	kfree(dev);
320 	return err;
321 }
322 
323 /* ---- Send buffer ---- */
324 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
325 {
326 	/* We can't let it be zero, because we don't get a callback
327 	   when tx_credits becomes nonzero, hence we'd never wake up */
328 	return dlc->mtu * (dlc->tx_credits?:1);
329 }
330 
331 static void rfcomm_wfree(struct sk_buff *skb)
332 {
333 	struct rfcomm_dev *dev = (void *) skb->sk;
334 	atomic_sub(skb->truesize, &dev->wmem_alloc);
335 	if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
336 		tty_port_tty_wakeup(&dev->port);
337 	tty_port_put(&dev->port);
338 }
339 
340 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
341 {
342 	tty_port_get(&dev->port);
343 	atomic_add(skb->truesize, &dev->wmem_alloc);
344 	skb->sk = (void *) dev;
345 	skb->destructor = rfcomm_wfree;
346 }
347 
348 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
349 {
350 	if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
351 		struct sk_buff *skb = alloc_skb(size, priority);
352 		if (skb) {
353 			rfcomm_set_owner_w(skb, dev);
354 			return skb;
355 		}
356 	}
357 	return NULL;
358 }
359 
360 /* ---- Device IOCTLs ---- */
361 
362 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
363 
364 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
365 {
366 	struct rfcomm_dev_req req;
367 	struct rfcomm_dlc *dlc;
368 	int id;
369 
370 	if (copy_from_user(&req, arg, sizeof(req)))
371 		return -EFAULT;
372 
373 	BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
374 
375 	if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
376 		return -EPERM;
377 
378 	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
379 		/* Socket must be connected */
380 		if (sk->sk_state != BT_CONNECTED)
381 			return -EBADFD;
382 
383 		dlc = rfcomm_pi(sk)->dlc;
384 		rfcomm_dlc_hold(dlc);
385 	} else {
386 		dlc = rfcomm_dlc_alloc(GFP_KERNEL);
387 		if (!dlc)
388 			return -ENOMEM;
389 	}
390 
391 	id = rfcomm_dev_add(&req, dlc);
392 	if (id < 0) {
393 		rfcomm_dlc_put(dlc);
394 		return id;
395 	}
396 
397 	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
398 		/* DLC is now used by device.
399 		 * Socket must be disconnected */
400 		sk->sk_state = BT_CLOSED;
401 	}
402 
403 	return id;
404 }
405 
406 static int rfcomm_release_dev(void __user *arg)
407 {
408 	struct rfcomm_dev_req req;
409 	struct rfcomm_dev *dev;
410 	struct tty_struct *tty;
411 
412 	if (copy_from_user(&req, arg, sizeof(req)))
413 		return -EFAULT;
414 
415 	BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
416 
417 	dev = rfcomm_dev_get(req.dev_id);
418 	if (!dev)
419 		return -ENODEV;
420 
421 	if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
422 		tty_port_put(&dev->port);
423 		return -EPERM;
424 	}
425 
426 	if (req.flags & (1 << RFCOMM_HANGUP_NOW))
427 		rfcomm_dlc_close(dev->dlc, 0);
428 
429 	/* Shut down TTY synchronously before freeing rfcomm_dev */
430 	tty = tty_port_tty_get(&dev->port);
431 	if (tty) {
432 		tty_vhangup(tty);
433 		tty_kref_put(tty);
434 	}
435 
436 	if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags) &&
437 	    !test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags))
438 		tty_port_put(&dev->port);
439 
440 	tty_port_put(&dev->port);
441 	return 0;
442 }
443 
444 static int rfcomm_get_dev_list(void __user *arg)
445 {
446 	struct rfcomm_dev *dev;
447 	struct rfcomm_dev_list_req *dl;
448 	struct rfcomm_dev_info *di;
449 	int n = 0, size, err;
450 	u16 dev_num;
451 
452 	BT_DBG("");
453 
454 	if (get_user(dev_num, (u16 __user *) arg))
455 		return -EFAULT;
456 
457 	if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
458 		return -EINVAL;
459 
460 	size = sizeof(*dl) + dev_num * sizeof(*di);
461 
462 	dl = kzalloc(size, GFP_KERNEL);
463 	if (!dl)
464 		return -ENOMEM;
465 
466 	di = dl->dev_info;
467 
468 	spin_lock(&rfcomm_dev_lock);
469 
470 	list_for_each_entry(dev, &rfcomm_dev_list, list) {
471 		if (!tty_port_get(&dev->port))
472 			continue;
473 		(di + n)->id      = dev->id;
474 		(di + n)->flags   = dev->flags;
475 		(di + n)->state   = dev->dlc->state;
476 		(di + n)->channel = dev->channel;
477 		bacpy(&(di + n)->src, &dev->src);
478 		bacpy(&(di + n)->dst, &dev->dst);
479 		tty_port_put(&dev->port);
480 		if (++n >= dev_num)
481 			break;
482 	}
483 
484 	spin_unlock(&rfcomm_dev_lock);
485 
486 	dl->dev_num = n;
487 	size = sizeof(*dl) + n * sizeof(*di);
488 
489 	err = copy_to_user(arg, dl, size);
490 	kfree(dl);
491 
492 	return err ? -EFAULT : 0;
493 }
494 
495 static int rfcomm_get_dev_info(void __user *arg)
496 {
497 	struct rfcomm_dev *dev;
498 	struct rfcomm_dev_info di;
499 	int err = 0;
500 
501 	BT_DBG("");
502 
503 	if (copy_from_user(&di, arg, sizeof(di)))
504 		return -EFAULT;
505 
506 	dev = rfcomm_dev_get(di.id);
507 	if (!dev)
508 		return -ENODEV;
509 
510 	di.flags   = dev->flags;
511 	di.channel = dev->channel;
512 	di.state   = dev->dlc->state;
513 	bacpy(&di.src, &dev->src);
514 	bacpy(&di.dst, &dev->dst);
515 
516 	if (copy_to_user(arg, &di, sizeof(di)))
517 		err = -EFAULT;
518 
519 	tty_port_put(&dev->port);
520 	return err;
521 }
522 
523 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
524 {
525 	BT_DBG("cmd %d arg %p", cmd, arg);
526 
527 	switch (cmd) {
528 	case RFCOMMCREATEDEV:
529 		return rfcomm_create_dev(sk, arg);
530 
531 	case RFCOMMRELEASEDEV:
532 		return rfcomm_release_dev(arg);
533 
534 	case RFCOMMGETDEVLIST:
535 		return rfcomm_get_dev_list(arg);
536 
537 	case RFCOMMGETDEVINFO:
538 		return rfcomm_get_dev_info(arg);
539 	}
540 
541 	return -EINVAL;
542 }
543 
544 /* ---- DLC callbacks ---- */
545 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
546 {
547 	struct rfcomm_dev *dev = dlc->owner;
548 
549 	if (!dev) {
550 		kfree_skb(skb);
551 		return;
552 	}
553 
554 	if (!skb_queue_empty(&dev->pending)) {
555 		skb_queue_tail(&dev->pending, skb);
556 		return;
557 	}
558 
559 	BT_DBG("dlc %p len %d", dlc, skb->len);
560 
561 	tty_insert_flip_string(&dev->port, skb->data, skb->len);
562 	tty_flip_buffer_push(&dev->port);
563 
564 	kfree_skb(skb);
565 }
566 
567 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
568 {
569 	struct rfcomm_dev *dev = dlc->owner;
570 	if (!dev)
571 		return;
572 
573 	BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
574 
575 	dev->err = err;
576 	if (dlc->state == BT_CONNECTED) {
577 		device_move(dev->tty_dev, rfcomm_get_device(dev),
578 			    DPM_ORDER_DEV_AFTER_PARENT);
579 
580 		wake_up_interruptible(&dev->port.open_wait);
581 	} else if (dlc->state == BT_CLOSED)
582 		tty_port_tty_hangup(&dev->port, false);
583 }
584 
585 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
586 {
587 	struct rfcomm_dev *dev = dlc->owner;
588 	if (!dev)
589 		return;
590 
591 	BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
592 
593 	if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
594 		tty_port_tty_hangup(&dev->port, true);
595 
596 	dev->modem_status =
597 		((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
598 		((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
599 		((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
600 		((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
601 }
602 
603 /* ---- TTY functions ---- */
604 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
605 {
606 	struct sk_buff *skb;
607 	int inserted = 0;
608 
609 	BT_DBG("dev %p", dev);
610 
611 	rfcomm_dlc_lock(dev->dlc);
612 
613 	while ((skb = skb_dequeue(&dev->pending))) {
614 		inserted += tty_insert_flip_string(&dev->port, skb->data,
615 				skb->len);
616 		kfree_skb(skb);
617 	}
618 
619 	rfcomm_dlc_unlock(dev->dlc);
620 
621 	if (inserted > 0)
622 		tty_flip_buffer_push(&dev->port);
623 }
624 
625 /* do the reverse of install, clearing the tty fields and releasing the
626  * reference to tty_port
627  */
628 static void rfcomm_tty_cleanup(struct tty_struct *tty)
629 {
630 	struct rfcomm_dev *dev = tty->driver_data;
631 
632 	clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
633 
634 	rfcomm_dlc_lock(dev->dlc);
635 	tty->driver_data = NULL;
636 	rfcomm_dlc_unlock(dev->dlc);
637 
638 	/*
639 	 * purge the dlc->tx_queue to avoid circular dependencies
640 	 * between dev and dlc
641 	 */
642 	skb_queue_purge(&dev->dlc->tx_queue);
643 
644 	tty_port_put(&dev->port);
645 }
646 
647 /* we acquire the tty_port reference since it's here the tty is first used
648  * by setting the termios. We also populate the driver_data field and install
649  * the tty port
650  */
651 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
652 {
653 	struct rfcomm_dev *dev;
654 	struct rfcomm_dlc *dlc;
655 	int err;
656 
657 	dev = rfcomm_dev_get(tty->index);
658 	if (!dev)
659 		return -ENODEV;
660 
661 	dlc = dev->dlc;
662 
663 	/* Attach TTY and open DLC */
664 	rfcomm_dlc_lock(dlc);
665 	tty->driver_data = dev;
666 	rfcomm_dlc_unlock(dlc);
667 	set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
668 
669 	/* install the tty_port */
670 	err = tty_port_install(&dev->port, driver, tty);
671 	if (err) {
672 		rfcomm_tty_cleanup(tty);
673 		return err;
674 	}
675 
676 	/* take over the tty_port reference if the port was created with the
677 	 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
678 	 * when the last process closes the tty. The behaviour is expected by
679 	 * userspace.
680 	 */
681 	if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
682 		tty_port_put(&dev->port);
683 
684 	return 0;
685 }
686 
687 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
688 {
689 	struct rfcomm_dev *dev = tty->driver_data;
690 	int err;
691 
692 	BT_DBG("tty %p id %d", tty, tty->index);
693 
694 	BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
695 	       dev->channel, dev->port.count);
696 
697 	err = tty_port_open(&dev->port, tty, filp);
698 	if (err)
699 		return err;
700 
701 	/*
702 	 * FIXME: rfcomm should use proper flow control for
703 	 * received data. This hack will be unnecessary and can
704 	 * be removed when that's implemented
705 	 */
706 	rfcomm_tty_copy_pending(dev);
707 
708 	rfcomm_dlc_unthrottle(dev->dlc);
709 
710 	return 0;
711 }
712 
713 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
714 {
715 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
716 
717 	BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
718 						dev->port.count);
719 
720 	tty_port_close(&dev->port, tty, filp);
721 }
722 
723 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
724 {
725 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
726 	struct rfcomm_dlc *dlc = dev->dlc;
727 	struct sk_buff *skb;
728 	int err = 0, sent = 0, size;
729 
730 	BT_DBG("tty %p count %d", tty, count);
731 
732 	while (count) {
733 		size = min_t(uint, count, dlc->mtu);
734 
735 		skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
736 
737 		if (!skb)
738 			break;
739 
740 		skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
741 
742 		memcpy(skb_put(skb, size), buf + sent, size);
743 
744 		err = rfcomm_dlc_send(dlc, skb);
745 		if (err < 0) {
746 			kfree_skb(skb);
747 			break;
748 		}
749 
750 		sent  += size;
751 		count -= size;
752 	}
753 
754 	return sent ? sent : err;
755 }
756 
757 static int rfcomm_tty_write_room(struct tty_struct *tty)
758 {
759 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
760 	int room;
761 
762 	BT_DBG("tty %p", tty);
763 
764 	if (!dev || !dev->dlc)
765 		return 0;
766 
767 	room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
768 	if (room < 0)
769 		room = 0;
770 
771 	return room;
772 }
773 
774 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
775 {
776 	BT_DBG("tty %p cmd 0x%02x", tty, cmd);
777 
778 	switch (cmd) {
779 	case TCGETS:
780 		BT_DBG("TCGETS is not supported");
781 		return -ENOIOCTLCMD;
782 
783 	case TCSETS:
784 		BT_DBG("TCSETS is not supported");
785 		return -ENOIOCTLCMD;
786 
787 	case TIOCMIWAIT:
788 		BT_DBG("TIOCMIWAIT");
789 		break;
790 
791 	case TIOCGSERIAL:
792 		BT_ERR("TIOCGSERIAL is not supported");
793 		return -ENOIOCTLCMD;
794 
795 	case TIOCSSERIAL:
796 		BT_ERR("TIOCSSERIAL is not supported");
797 		return -ENOIOCTLCMD;
798 
799 	case TIOCSERGSTRUCT:
800 		BT_ERR("TIOCSERGSTRUCT is not supported");
801 		return -ENOIOCTLCMD;
802 
803 	case TIOCSERGETLSR:
804 		BT_ERR("TIOCSERGETLSR is not supported");
805 		return -ENOIOCTLCMD;
806 
807 	case TIOCSERCONFIG:
808 		BT_ERR("TIOCSERCONFIG is not supported");
809 		return -ENOIOCTLCMD;
810 
811 	default:
812 		return -ENOIOCTLCMD;	/* ioctls which we must ignore */
813 
814 	}
815 
816 	return -ENOIOCTLCMD;
817 }
818 
819 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
820 {
821 	struct ktermios *new = &tty->termios;
822 	int old_baud_rate = tty_termios_baud_rate(old);
823 	int new_baud_rate = tty_termios_baud_rate(new);
824 
825 	u8 baud, data_bits, stop_bits, parity, x_on, x_off;
826 	u16 changes = 0;
827 
828 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
829 
830 	BT_DBG("tty %p termios %p", tty, old);
831 
832 	if (!dev || !dev->dlc || !dev->dlc->session)
833 		return;
834 
835 	/* Handle turning off CRTSCTS */
836 	if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
837 		BT_DBG("Turning off CRTSCTS unsupported");
838 
839 	/* Parity on/off and when on, odd/even */
840 	if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
841 			((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
842 		changes |= RFCOMM_RPN_PM_PARITY;
843 		BT_DBG("Parity change detected.");
844 	}
845 
846 	/* Mark and space parity are not supported! */
847 	if (new->c_cflag & PARENB) {
848 		if (new->c_cflag & PARODD) {
849 			BT_DBG("Parity is ODD");
850 			parity = RFCOMM_RPN_PARITY_ODD;
851 		} else {
852 			BT_DBG("Parity is EVEN");
853 			parity = RFCOMM_RPN_PARITY_EVEN;
854 		}
855 	} else {
856 		BT_DBG("Parity is OFF");
857 		parity = RFCOMM_RPN_PARITY_NONE;
858 	}
859 
860 	/* Setting the x_on / x_off characters */
861 	if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
862 		BT_DBG("XOFF custom");
863 		x_on = new->c_cc[VSTOP];
864 		changes |= RFCOMM_RPN_PM_XON;
865 	} else {
866 		BT_DBG("XOFF default");
867 		x_on = RFCOMM_RPN_XON_CHAR;
868 	}
869 
870 	if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
871 		BT_DBG("XON custom");
872 		x_off = new->c_cc[VSTART];
873 		changes |= RFCOMM_RPN_PM_XOFF;
874 	} else {
875 		BT_DBG("XON default");
876 		x_off = RFCOMM_RPN_XOFF_CHAR;
877 	}
878 
879 	/* Handle setting of stop bits */
880 	if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
881 		changes |= RFCOMM_RPN_PM_STOP;
882 
883 	/* POSIX does not support 1.5 stop bits and RFCOMM does not
884 	 * support 2 stop bits. So a request for 2 stop bits gets
885 	 * translated to 1.5 stop bits */
886 	if (new->c_cflag & CSTOPB)
887 		stop_bits = RFCOMM_RPN_STOP_15;
888 	else
889 		stop_bits = RFCOMM_RPN_STOP_1;
890 
891 	/* Handle number of data bits [5-8] */
892 	if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
893 		changes |= RFCOMM_RPN_PM_DATA;
894 
895 	switch (new->c_cflag & CSIZE) {
896 	case CS5:
897 		data_bits = RFCOMM_RPN_DATA_5;
898 		break;
899 	case CS6:
900 		data_bits = RFCOMM_RPN_DATA_6;
901 		break;
902 	case CS7:
903 		data_bits = RFCOMM_RPN_DATA_7;
904 		break;
905 	case CS8:
906 		data_bits = RFCOMM_RPN_DATA_8;
907 		break;
908 	default:
909 		data_bits = RFCOMM_RPN_DATA_8;
910 		break;
911 	}
912 
913 	/* Handle baudrate settings */
914 	if (old_baud_rate != new_baud_rate)
915 		changes |= RFCOMM_RPN_PM_BITRATE;
916 
917 	switch (new_baud_rate) {
918 	case 2400:
919 		baud = RFCOMM_RPN_BR_2400;
920 		break;
921 	case 4800:
922 		baud = RFCOMM_RPN_BR_4800;
923 		break;
924 	case 7200:
925 		baud = RFCOMM_RPN_BR_7200;
926 		break;
927 	case 9600:
928 		baud = RFCOMM_RPN_BR_9600;
929 		break;
930 	case 19200:
931 		baud = RFCOMM_RPN_BR_19200;
932 		break;
933 	case 38400:
934 		baud = RFCOMM_RPN_BR_38400;
935 		break;
936 	case 57600:
937 		baud = RFCOMM_RPN_BR_57600;
938 		break;
939 	case 115200:
940 		baud = RFCOMM_RPN_BR_115200;
941 		break;
942 	case 230400:
943 		baud = RFCOMM_RPN_BR_230400;
944 		break;
945 	default:
946 		/* 9600 is standard accordinag to the RFCOMM specification */
947 		baud = RFCOMM_RPN_BR_9600;
948 		break;
949 
950 	}
951 
952 	if (changes)
953 		rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
954 				data_bits, stop_bits, parity,
955 				RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
956 }
957 
958 static void rfcomm_tty_throttle(struct tty_struct *tty)
959 {
960 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
961 
962 	BT_DBG("tty %p dev %p", tty, dev);
963 
964 	rfcomm_dlc_throttle(dev->dlc);
965 }
966 
967 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
968 {
969 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
970 
971 	BT_DBG("tty %p dev %p", tty, dev);
972 
973 	rfcomm_dlc_unthrottle(dev->dlc);
974 }
975 
976 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
977 {
978 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
979 
980 	BT_DBG("tty %p dev %p", tty, dev);
981 
982 	if (!dev || !dev->dlc)
983 		return 0;
984 
985 	if (!skb_queue_empty(&dev->dlc->tx_queue))
986 		return dev->dlc->mtu;
987 
988 	return 0;
989 }
990 
991 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
992 {
993 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
994 
995 	BT_DBG("tty %p dev %p", tty, dev);
996 
997 	if (!dev || !dev->dlc)
998 		return;
999 
1000 	skb_queue_purge(&dev->dlc->tx_queue);
1001 	tty_wakeup(tty);
1002 }
1003 
1004 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1005 {
1006 	BT_DBG("tty %p ch %c", tty, ch);
1007 }
1008 
1009 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1010 {
1011 	BT_DBG("tty %p timeout %d", tty, timeout);
1012 }
1013 
1014 static void rfcomm_tty_hangup(struct tty_struct *tty)
1015 {
1016 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1017 
1018 	BT_DBG("tty %p dev %p", tty, dev);
1019 
1020 	tty_port_hangup(&dev->port);
1021 }
1022 
1023 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1024 {
1025 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1026 
1027 	BT_DBG("tty %p dev %p", tty, dev);
1028 
1029 	return dev->modem_status;
1030 }
1031 
1032 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1033 {
1034 	struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1035 	struct rfcomm_dlc *dlc = dev->dlc;
1036 	u8 v24_sig;
1037 
1038 	BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1039 
1040 	rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1041 
1042 	if (set & TIOCM_DSR || set & TIOCM_DTR)
1043 		v24_sig |= RFCOMM_V24_RTC;
1044 	if (set & TIOCM_RTS || set & TIOCM_CTS)
1045 		v24_sig |= RFCOMM_V24_RTR;
1046 	if (set & TIOCM_RI)
1047 		v24_sig |= RFCOMM_V24_IC;
1048 	if (set & TIOCM_CD)
1049 		v24_sig |= RFCOMM_V24_DV;
1050 
1051 	if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1052 		v24_sig &= ~RFCOMM_V24_RTC;
1053 	if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1054 		v24_sig &= ~RFCOMM_V24_RTR;
1055 	if (clear & TIOCM_RI)
1056 		v24_sig &= ~RFCOMM_V24_IC;
1057 	if (clear & TIOCM_CD)
1058 		v24_sig &= ~RFCOMM_V24_DV;
1059 
1060 	rfcomm_dlc_set_modem_status(dlc, v24_sig);
1061 
1062 	return 0;
1063 }
1064 
1065 /* ---- TTY structure ---- */
1066 
1067 static const struct tty_operations rfcomm_ops = {
1068 	.open			= rfcomm_tty_open,
1069 	.close			= rfcomm_tty_close,
1070 	.write			= rfcomm_tty_write,
1071 	.write_room		= rfcomm_tty_write_room,
1072 	.chars_in_buffer	= rfcomm_tty_chars_in_buffer,
1073 	.flush_buffer		= rfcomm_tty_flush_buffer,
1074 	.ioctl			= rfcomm_tty_ioctl,
1075 	.throttle		= rfcomm_tty_throttle,
1076 	.unthrottle		= rfcomm_tty_unthrottle,
1077 	.set_termios		= rfcomm_tty_set_termios,
1078 	.send_xchar		= rfcomm_tty_send_xchar,
1079 	.hangup			= rfcomm_tty_hangup,
1080 	.wait_until_sent	= rfcomm_tty_wait_until_sent,
1081 	.tiocmget		= rfcomm_tty_tiocmget,
1082 	.tiocmset		= rfcomm_tty_tiocmset,
1083 	.install                = rfcomm_tty_install,
1084 	.cleanup                = rfcomm_tty_cleanup,
1085 };
1086 
1087 int __init rfcomm_init_ttys(void)
1088 {
1089 	int error;
1090 
1091 	rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1092 	if (!rfcomm_tty_driver)
1093 		return -ENOMEM;
1094 
1095 	rfcomm_tty_driver->driver_name	= "rfcomm";
1096 	rfcomm_tty_driver->name		= "rfcomm";
1097 	rfcomm_tty_driver->major	= RFCOMM_TTY_MAJOR;
1098 	rfcomm_tty_driver->minor_start	= RFCOMM_TTY_MINOR;
1099 	rfcomm_tty_driver->type		= TTY_DRIVER_TYPE_SERIAL;
1100 	rfcomm_tty_driver->subtype	= SERIAL_TYPE_NORMAL;
1101 	rfcomm_tty_driver->flags	= TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1102 	rfcomm_tty_driver->init_termios	= tty_std_termios;
1103 	rfcomm_tty_driver->init_termios.c_cflag	= B9600 | CS8 | CREAD | HUPCL;
1104 	rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1105 	tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1106 
1107 	error = tty_register_driver(rfcomm_tty_driver);
1108 	if (error) {
1109 		BT_ERR("Can't register RFCOMM TTY driver");
1110 		put_tty_driver(rfcomm_tty_driver);
1111 		return error;
1112 	}
1113 
1114 	BT_INFO("RFCOMM TTY layer initialized");
1115 
1116 	return 0;
1117 }
1118 
1119 void rfcomm_cleanup_ttys(void)
1120 {
1121 	tty_unregister_driver(rfcomm_tty_driver);
1122 	put_tty_driver(rfcomm_tty_driver);
1123 }
1124