1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 write_lock_bh(&rfcomm_dev_lock); 99 list_del_init(&dev->list); 100 write_unlock_bh(&rfcomm_dev_lock); 101 102 rfcomm_dlc_lock(dlc); 103 /* Detach DLC if it's owned by this dev */ 104 if (dlc->owner == dev) 105 dlc->owner = NULL; 106 rfcomm_dlc_unlock(dlc); 107 108 rfcomm_dlc_put(dlc); 109 110 tty_unregister_device(rfcomm_tty_driver, dev->id); 111 112 /* Refcount should only hit zero when called from rfcomm_dev_del() 113 which will have taken us off the list. Everything else are 114 refcounting bugs. */ 115 BUG_ON(!list_empty(&dev->list)); 116 117 kfree(dev); 118 119 /* It's safe to call module_put() here because socket still 120 holds reference to this module. */ 121 module_put(THIS_MODULE); 122 } 123 124 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 125 { 126 atomic_inc(&dev->refcnt); 127 } 128 129 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 130 { 131 /* The reason this isn't actually a race, as you no 132 doubt have a little voice screaming at you in your 133 head, is that the refcount should never actually 134 reach zero unless the device has already been taken 135 off the list, in rfcomm_dev_del(). And if that's not 136 true, we'll hit the BUG() in rfcomm_dev_destruct() 137 anyway. */ 138 if (atomic_dec_and_test(&dev->refcnt)) 139 rfcomm_dev_destruct(dev); 140 } 141 142 static struct rfcomm_dev *__rfcomm_dev_get(int id) 143 { 144 struct rfcomm_dev *dev; 145 struct list_head *p; 146 147 list_for_each(p, &rfcomm_dev_list) { 148 dev = list_entry(p, struct rfcomm_dev, list); 149 if (dev->id == id) 150 return dev; 151 } 152 153 return NULL; 154 } 155 156 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 157 { 158 struct rfcomm_dev *dev; 159 160 read_lock(&rfcomm_dev_lock); 161 162 dev = __rfcomm_dev_get(id); 163 164 if (dev) { 165 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 166 dev = NULL; 167 else 168 rfcomm_dev_hold(dev); 169 } 170 171 read_unlock(&rfcomm_dev_lock); 172 173 return dev; 174 } 175 176 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 177 { 178 struct hci_dev *hdev; 179 struct hci_conn *conn; 180 181 hdev = hci_get_route(&dev->dst, &dev->src); 182 if (!hdev) 183 return NULL; 184 185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 186 187 hci_dev_put(hdev); 188 189 return conn ? &conn->dev : NULL; 190 } 191 192 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 193 { 194 struct rfcomm_dev *dev; 195 struct list_head *head = &rfcomm_dev_list, *p; 196 int err = 0; 197 198 BT_DBG("id %d channel %d", req->dev_id, req->channel); 199 200 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 201 if (!dev) 202 return -ENOMEM; 203 204 write_lock_bh(&rfcomm_dev_lock); 205 206 if (req->dev_id < 0) { 207 dev->id = 0; 208 209 list_for_each(p, &rfcomm_dev_list) { 210 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 211 break; 212 213 dev->id++; 214 head = p; 215 } 216 } else { 217 dev->id = req->dev_id; 218 219 list_for_each(p, &rfcomm_dev_list) { 220 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 221 222 if (entry->id == dev->id) { 223 err = -EADDRINUSE; 224 goto out; 225 } 226 227 if (entry->id > dev->id - 1) 228 break; 229 230 head = p; 231 } 232 } 233 234 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 235 err = -ENFILE; 236 goto out; 237 } 238 239 sprintf(dev->name, "rfcomm%d", dev->id); 240 241 list_add(&dev->list, head); 242 atomic_set(&dev->refcnt, 1); 243 244 bacpy(&dev->src, &req->src); 245 bacpy(&dev->dst, &req->dst); 246 dev->channel = req->channel; 247 248 dev->flags = req->flags & 249 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 250 251 init_waitqueue_head(&dev->wait); 252 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 253 254 rfcomm_dlc_lock(dlc); 255 dlc->data_ready = rfcomm_dev_data_ready; 256 dlc->state_change = rfcomm_dev_state_change; 257 dlc->modem_status = rfcomm_dev_modem_status; 258 259 dlc->owner = dev; 260 dev->dlc = dlc; 261 rfcomm_dlc_unlock(dlc); 262 263 /* It's safe to call __module_get() here because socket already 264 holds reference to this module. */ 265 __module_get(THIS_MODULE); 266 267 out: 268 write_unlock_bh(&rfcomm_dev_lock); 269 270 if (err < 0) { 271 kfree(dev); 272 return err; 273 } 274 275 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 276 277 if (IS_ERR(dev->tty_dev)) { 278 err = PTR_ERR(dev->tty_dev); 279 list_del(&dev->list); 280 kfree(dev); 281 return err; 282 } 283 284 return dev->id; 285 } 286 287 static void rfcomm_dev_del(struct rfcomm_dev *dev) 288 { 289 BT_DBG("dev %p", dev); 290 291 set_bit(RFCOMM_TTY_RELEASED, &dev->flags); 292 rfcomm_dev_put(dev); 293 } 294 295 /* ---- Send buffer ---- */ 296 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 297 { 298 /* We can't let it be zero, because we don't get a callback 299 when tx_credits becomes nonzero, hence we'd never wake up */ 300 return dlc->mtu * (dlc->tx_credits?:1); 301 } 302 303 static void rfcomm_wfree(struct sk_buff *skb) 304 { 305 struct rfcomm_dev *dev = (void *) skb->sk; 306 atomic_sub(skb->truesize, &dev->wmem_alloc); 307 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 308 tasklet_schedule(&dev->wakeup_task); 309 rfcomm_dev_put(dev); 310 } 311 312 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 313 { 314 rfcomm_dev_hold(dev); 315 atomic_add(skb->truesize, &dev->wmem_alloc); 316 skb->sk = (void *) dev; 317 skb->destructor = rfcomm_wfree; 318 } 319 320 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 321 { 322 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 323 struct sk_buff *skb = alloc_skb(size, priority); 324 if (skb) { 325 rfcomm_set_owner_w(skb, dev); 326 return skb; 327 } 328 } 329 return NULL; 330 } 331 332 /* ---- Device IOCTLs ---- */ 333 334 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 335 336 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 337 { 338 struct rfcomm_dev_req req; 339 struct rfcomm_dlc *dlc; 340 int id; 341 342 if (copy_from_user(&req, arg, sizeof(req))) 343 return -EFAULT; 344 345 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 346 347 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 348 return -EPERM; 349 350 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 351 /* Socket must be connected */ 352 if (sk->sk_state != BT_CONNECTED) 353 return -EBADFD; 354 355 dlc = rfcomm_pi(sk)->dlc; 356 rfcomm_dlc_hold(dlc); 357 } else { 358 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 359 if (!dlc) 360 return -ENOMEM; 361 } 362 363 id = rfcomm_dev_add(&req, dlc); 364 if (id < 0) { 365 rfcomm_dlc_put(dlc); 366 return id; 367 } 368 369 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 370 /* DLC is now used by device. 371 * Socket must be disconnected */ 372 sk->sk_state = BT_CLOSED; 373 } 374 375 return id; 376 } 377 378 static int rfcomm_release_dev(void __user *arg) 379 { 380 struct rfcomm_dev_req req; 381 struct rfcomm_dev *dev; 382 383 if (copy_from_user(&req, arg, sizeof(req))) 384 return -EFAULT; 385 386 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 387 388 if (!(dev = rfcomm_dev_get(req.dev_id))) 389 return -ENODEV; 390 391 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 392 rfcomm_dev_put(dev); 393 return -EPERM; 394 } 395 396 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 397 rfcomm_dlc_close(dev->dlc, 0); 398 399 /* Shut down TTY synchronously before freeing rfcomm_dev */ 400 if (dev->tty) 401 tty_vhangup(dev->tty); 402 403 rfcomm_dev_del(dev); 404 rfcomm_dev_put(dev); 405 return 0; 406 } 407 408 static int rfcomm_get_dev_list(void __user *arg) 409 { 410 struct rfcomm_dev_list_req *dl; 411 struct rfcomm_dev_info *di; 412 struct list_head *p; 413 int n = 0, size, err; 414 u16 dev_num; 415 416 BT_DBG(""); 417 418 if (get_user(dev_num, (u16 __user *) arg)) 419 return -EFAULT; 420 421 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 422 return -EINVAL; 423 424 size = sizeof(*dl) + dev_num * sizeof(*di); 425 426 if (!(dl = kmalloc(size, GFP_KERNEL))) 427 return -ENOMEM; 428 429 di = dl->dev_info; 430 431 read_lock_bh(&rfcomm_dev_lock); 432 433 list_for_each(p, &rfcomm_dev_list) { 434 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 435 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 436 continue; 437 (di + n)->id = dev->id; 438 (di + n)->flags = dev->flags; 439 (di + n)->state = dev->dlc->state; 440 (di + n)->channel = dev->channel; 441 bacpy(&(di + n)->src, &dev->src); 442 bacpy(&(di + n)->dst, &dev->dst); 443 if (++n >= dev_num) 444 break; 445 } 446 447 read_unlock_bh(&rfcomm_dev_lock); 448 449 dl->dev_num = n; 450 size = sizeof(*dl) + n * sizeof(*di); 451 452 err = copy_to_user(arg, dl, size); 453 kfree(dl); 454 455 return err ? -EFAULT : 0; 456 } 457 458 static int rfcomm_get_dev_info(void __user *arg) 459 { 460 struct rfcomm_dev *dev; 461 struct rfcomm_dev_info di; 462 int err = 0; 463 464 BT_DBG(""); 465 466 if (copy_from_user(&di, arg, sizeof(di))) 467 return -EFAULT; 468 469 if (!(dev = rfcomm_dev_get(di.id))) 470 return -ENODEV; 471 472 di.flags = dev->flags; 473 di.channel = dev->channel; 474 di.state = dev->dlc->state; 475 bacpy(&di.src, &dev->src); 476 bacpy(&di.dst, &dev->dst); 477 478 if (copy_to_user(arg, &di, sizeof(di))) 479 err = -EFAULT; 480 481 rfcomm_dev_put(dev); 482 return err; 483 } 484 485 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 486 { 487 BT_DBG("cmd %d arg %p", cmd, arg); 488 489 switch (cmd) { 490 case RFCOMMCREATEDEV: 491 return rfcomm_create_dev(sk, arg); 492 493 case RFCOMMRELEASEDEV: 494 return rfcomm_release_dev(arg); 495 496 case RFCOMMGETDEVLIST: 497 return rfcomm_get_dev_list(arg); 498 499 case RFCOMMGETDEVINFO: 500 return rfcomm_get_dev_info(arg); 501 } 502 503 return -EINVAL; 504 } 505 506 /* ---- DLC callbacks ---- */ 507 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 508 { 509 struct rfcomm_dev *dev = dlc->owner; 510 struct tty_struct *tty; 511 512 if (!dev || !(tty = dev->tty)) { 513 kfree_skb(skb); 514 return; 515 } 516 517 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 518 519 tty_insert_flip_string(tty, skb->data, skb->len); 520 tty_flip_buffer_push(tty); 521 522 kfree_skb(skb); 523 } 524 525 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 526 { 527 struct rfcomm_dev *dev = dlc->owner; 528 if (!dev) 529 return; 530 531 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 532 533 dev->err = err; 534 wake_up_interruptible(&dev->wait); 535 536 if (dlc->state == BT_CLOSED) { 537 if (!dev->tty) { 538 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 539 if (rfcomm_dev_get(dev->id) == NULL) 540 return; 541 542 rfcomm_dev_del(dev); 543 /* We have to drop DLC lock here, otherwise 544 rfcomm_dev_put() will dead lock if it's 545 the last reference. */ 546 rfcomm_dlc_unlock(dlc); 547 rfcomm_dev_put(dev); 548 rfcomm_dlc_lock(dlc); 549 } 550 } else 551 tty_hangup(dev->tty); 552 } 553 } 554 555 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 556 { 557 struct rfcomm_dev *dev = dlc->owner; 558 if (!dev) 559 return; 560 561 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 562 563 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 564 if (dev->tty && !C_CLOCAL(dev->tty)) 565 tty_hangup(dev->tty); 566 } 567 568 dev->modem_status = 569 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 570 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 571 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 572 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 573 } 574 575 /* ---- TTY functions ---- */ 576 static void rfcomm_tty_wakeup(unsigned long arg) 577 { 578 struct rfcomm_dev *dev = (void *) arg; 579 struct tty_struct *tty = dev->tty; 580 if (!tty) 581 return; 582 583 BT_DBG("dev %p tty %p", dev, tty); 584 585 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 586 (tty->ldisc.write_wakeup)(tty); 587 588 wake_up_interruptible(&tty->write_wait); 589 #ifdef SERIAL_HAVE_POLL_WAIT 590 wake_up_interruptible(&tty->poll_wait); 591 #endif 592 } 593 594 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 595 { 596 DECLARE_WAITQUEUE(wait, current); 597 struct rfcomm_dev *dev; 598 struct rfcomm_dlc *dlc; 599 int err, id; 600 601 id = tty->index; 602 603 BT_DBG("tty %p id %d", tty, id); 604 605 /* We don't leak this refcount. For reasons which are not entirely 606 clear, the TTY layer will call our ->close() method even if the 607 open fails. We decrease the refcount there, and decreasing it 608 here too would cause breakage. */ 609 dev = rfcomm_dev_get(id); 610 if (!dev) 611 return -ENODEV; 612 613 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 614 615 if (dev->opened++ != 0) 616 return 0; 617 618 dlc = dev->dlc; 619 620 /* Attach TTY and open DLC */ 621 622 rfcomm_dlc_lock(dlc); 623 tty->driver_data = dev; 624 dev->tty = tty; 625 rfcomm_dlc_unlock(dlc); 626 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 627 628 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 629 if (err < 0) 630 return err; 631 632 /* Wait for DLC to connect */ 633 add_wait_queue(&dev->wait, &wait); 634 while (1) { 635 set_current_state(TASK_INTERRUPTIBLE); 636 637 if (dlc->state == BT_CLOSED) { 638 err = -dev->err; 639 break; 640 } 641 642 if (dlc->state == BT_CONNECTED) 643 break; 644 645 if (signal_pending(current)) { 646 err = -EINTR; 647 break; 648 } 649 650 schedule(); 651 } 652 set_current_state(TASK_RUNNING); 653 remove_wait_queue(&dev->wait, &wait); 654 655 if (err == 0) 656 device_move(dev->tty_dev, rfcomm_get_device(dev)); 657 658 return err; 659 } 660 661 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 662 { 663 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 664 if (!dev) 665 return; 666 667 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 668 669 if (--dev->opened == 0) { 670 device_move(dev->tty_dev, NULL); 671 672 /* Close DLC and dettach TTY */ 673 rfcomm_dlc_close(dev->dlc, 0); 674 675 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 676 tasklet_kill(&dev->wakeup_task); 677 678 rfcomm_dlc_lock(dev->dlc); 679 tty->driver_data = NULL; 680 dev->tty = NULL; 681 rfcomm_dlc_unlock(dev->dlc); 682 } 683 684 rfcomm_dev_put(dev); 685 } 686 687 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 688 { 689 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 690 struct rfcomm_dlc *dlc = dev->dlc; 691 struct sk_buff *skb; 692 int err = 0, sent = 0, size; 693 694 BT_DBG("tty %p count %d", tty, count); 695 696 while (count) { 697 size = min_t(uint, count, dlc->mtu); 698 699 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 700 701 if (!skb) 702 break; 703 704 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 705 706 memcpy(skb_put(skb, size), buf + sent, size); 707 708 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 709 kfree_skb(skb); 710 break; 711 } 712 713 sent += size; 714 count -= size; 715 } 716 717 return sent ? sent : err; 718 } 719 720 static int rfcomm_tty_write_room(struct tty_struct *tty) 721 { 722 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 723 int room; 724 725 BT_DBG("tty %p", tty); 726 727 if (!dev || !dev->dlc) 728 return 0; 729 730 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 731 if (room < 0) 732 room = 0; 733 734 return room; 735 } 736 737 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 738 { 739 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 740 741 switch (cmd) { 742 case TCGETS: 743 BT_DBG("TCGETS is not supported"); 744 return -ENOIOCTLCMD; 745 746 case TCSETS: 747 BT_DBG("TCSETS is not supported"); 748 return -ENOIOCTLCMD; 749 750 case TIOCMIWAIT: 751 BT_DBG("TIOCMIWAIT"); 752 break; 753 754 case TIOCGICOUNT: 755 BT_DBG("TIOCGICOUNT"); 756 break; 757 758 case TIOCGSERIAL: 759 BT_ERR("TIOCGSERIAL is not supported"); 760 return -ENOIOCTLCMD; 761 762 case TIOCSSERIAL: 763 BT_ERR("TIOCSSERIAL is not supported"); 764 return -ENOIOCTLCMD; 765 766 case TIOCSERGSTRUCT: 767 BT_ERR("TIOCSERGSTRUCT is not supported"); 768 return -ENOIOCTLCMD; 769 770 case TIOCSERGETLSR: 771 BT_ERR("TIOCSERGETLSR is not supported"); 772 return -ENOIOCTLCMD; 773 774 case TIOCSERCONFIG: 775 BT_ERR("TIOCSERCONFIG is not supported"); 776 return -ENOIOCTLCMD; 777 778 default: 779 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 780 781 } 782 783 return -ENOIOCTLCMD; 784 } 785 786 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 787 { 788 struct ktermios *new = tty->termios; 789 int old_baud_rate = tty_termios_baud_rate(old); 790 int new_baud_rate = tty_termios_baud_rate(new); 791 792 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 793 u16 changes = 0; 794 795 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 796 797 BT_DBG("tty %p termios %p", tty, old); 798 799 if (!dev || !dev->dlc || !dev->dlc->session) 800 return; 801 802 /* Handle turning off CRTSCTS */ 803 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 804 BT_DBG("Turning off CRTSCTS unsupported"); 805 806 /* Parity on/off and when on, odd/even */ 807 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 808 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 809 changes |= RFCOMM_RPN_PM_PARITY; 810 BT_DBG("Parity change detected."); 811 } 812 813 /* Mark and space parity are not supported! */ 814 if (new->c_cflag & PARENB) { 815 if (new->c_cflag & PARODD) { 816 BT_DBG("Parity is ODD"); 817 parity = RFCOMM_RPN_PARITY_ODD; 818 } else { 819 BT_DBG("Parity is EVEN"); 820 parity = RFCOMM_RPN_PARITY_EVEN; 821 } 822 } else { 823 BT_DBG("Parity is OFF"); 824 parity = RFCOMM_RPN_PARITY_NONE; 825 } 826 827 /* Setting the x_on / x_off characters */ 828 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 829 BT_DBG("XOFF custom"); 830 x_on = new->c_cc[VSTOP]; 831 changes |= RFCOMM_RPN_PM_XON; 832 } else { 833 BT_DBG("XOFF default"); 834 x_on = RFCOMM_RPN_XON_CHAR; 835 } 836 837 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 838 BT_DBG("XON custom"); 839 x_off = new->c_cc[VSTART]; 840 changes |= RFCOMM_RPN_PM_XOFF; 841 } else { 842 BT_DBG("XON default"); 843 x_off = RFCOMM_RPN_XOFF_CHAR; 844 } 845 846 /* Handle setting of stop bits */ 847 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 848 changes |= RFCOMM_RPN_PM_STOP; 849 850 /* POSIX does not support 1.5 stop bits and RFCOMM does not 851 * support 2 stop bits. So a request for 2 stop bits gets 852 * translated to 1.5 stop bits */ 853 if (new->c_cflag & CSTOPB) { 854 stop_bits = RFCOMM_RPN_STOP_15; 855 } else { 856 stop_bits = RFCOMM_RPN_STOP_1; 857 } 858 859 /* Handle number of data bits [5-8] */ 860 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 861 changes |= RFCOMM_RPN_PM_DATA; 862 863 switch (new->c_cflag & CSIZE) { 864 case CS5: 865 data_bits = RFCOMM_RPN_DATA_5; 866 break; 867 case CS6: 868 data_bits = RFCOMM_RPN_DATA_6; 869 break; 870 case CS7: 871 data_bits = RFCOMM_RPN_DATA_7; 872 break; 873 case CS8: 874 data_bits = RFCOMM_RPN_DATA_8; 875 break; 876 default: 877 data_bits = RFCOMM_RPN_DATA_8; 878 break; 879 } 880 881 /* Handle baudrate settings */ 882 if (old_baud_rate != new_baud_rate) 883 changes |= RFCOMM_RPN_PM_BITRATE; 884 885 switch (new_baud_rate) { 886 case 2400: 887 baud = RFCOMM_RPN_BR_2400; 888 break; 889 case 4800: 890 baud = RFCOMM_RPN_BR_4800; 891 break; 892 case 7200: 893 baud = RFCOMM_RPN_BR_7200; 894 break; 895 case 9600: 896 baud = RFCOMM_RPN_BR_9600; 897 break; 898 case 19200: 899 baud = RFCOMM_RPN_BR_19200; 900 break; 901 case 38400: 902 baud = RFCOMM_RPN_BR_38400; 903 break; 904 case 57600: 905 baud = RFCOMM_RPN_BR_57600; 906 break; 907 case 115200: 908 baud = RFCOMM_RPN_BR_115200; 909 break; 910 case 230400: 911 baud = RFCOMM_RPN_BR_230400; 912 break; 913 default: 914 /* 9600 is standard accordinag to the RFCOMM specification */ 915 baud = RFCOMM_RPN_BR_9600; 916 break; 917 918 } 919 920 if (changes) 921 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 922 data_bits, stop_bits, parity, 923 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 924 925 return; 926 } 927 928 static void rfcomm_tty_throttle(struct tty_struct *tty) 929 { 930 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 931 932 BT_DBG("tty %p dev %p", tty, dev); 933 934 rfcomm_dlc_throttle(dev->dlc); 935 } 936 937 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 938 { 939 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 940 941 BT_DBG("tty %p dev %p", tty, dev); 942 943 rfcomm_dlc_unthrottle(dev->dlc); 944 } 945 946 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 947 { 948 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 949 950 BT_DBG("tty %p dev %p", tty, dev); 951 952 if (!dev || !dev->dlc) 953 return 0; 954 955 if (!skb_queue_empty(&dev->dlc->tx_queue)) 956 return dev->dlc->mtu; 957 958 return 0; 959 } 960 961 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 962 { 963 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 964 965 BT_DBG("tty %p dev %p", tty, dev); 966 967 if (!dev || !dev->dlc) 968 return; 969 970 skb_queue_purge(&dev->dlc->tx_queue); 971 972 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 973 tty->ldisc.write_wakeup(tty); 974 } 975 976 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 977 { 978 BT_DBG("tty %p ch %c", tty, ch); 979 } 980 981 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 982 { 983 BT_DBG("tty %p timeout %d", tty, timeout); 984 } 985 986 static void rfcomm_tty_hangup(struct tty_struct *tty) 987 { 988 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 989 990 BT_DBG("tty %p dev %p", tty, dev); 991 992 if (!dev) 993 return; 994 995 rfcomm_tty_flush_buffer(tty); 996 997 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 998 if (rfcomm_dev_get(dev->id) == NULL) 999 return; 1000 rfcomm_dev_del(dev); 1001 rfcomm_dev_put(dev); 1002 } 1003 } 1004 1005 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1006 { 1007 return 0; 1008 } 1009 1010 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1011 { 1012 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1013 1014 BT_DBG("tty %p dev %p", tty, dev); 1015 1016 return dev->modem_status; 1017 } 1018 1019 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1020 { 1021 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1022 struct rfcomm_dlc *dlc = dev->dlc; 1023 u8 v24_sig; 1024 1025 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1026 1027 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1028 1029 if (set & TIOCM_DSR || set & TIOCM_DTR) 1030 v24_sig |= RFCOMM_V24_RTC; 1031 if (set & TIOCM_RTS || set & TIOCM_CTS) 1032 v24_sig |= RFCOMM_V24_RTR; 1033 if (set & TIOCM_RI) 1034 v24_sig |= RFCOMM_V24_IC; 1035 if (set & TIOCM_CD) 1036 v24_sig |= RFCOMM_V24_DV; 1037 1038 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1039 v24_sig &= ~RFCOMM_V24_RTC; 1040 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1041 v24_sig &= ~RFCOMM_V24_RTR; 1042 if (clear & TIOCM_RI) 1043 v24_sig &= ~RFCOMM_V24_IC; 1044 if (clear & TIOCM_CD) 1045 v24_sig &= ~RFCOMM_V24_DV; 1046 1047 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1048 1049 return 0; 1050 } 1051 1052 /* ---- TTY structure ---- */ 1053 1054 static const struct tty_operations rfcomm_ops = { 1055 .open = rfcomm_tty_open, 1056 .close = rfcomm_tty_close, 1057 .write = rfcomm_tty_write, 1058 .write_room = rfcomm_tty_write_room, 1059 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1060 .flush_buffer = rfcomm_tty_flush_buffer, 1061 .ioctl = rfcomm_tty_ioctl, 1062 .throttle = rfcomm_tty_throttle, 1063 .unthrottle = rfcomm_tty_unthrottle, 1064 .set_termios = rfcomm_tty_set_termios, 1065 .send_xchar = rfcomm_tty_send_xchar, 1066 .hangup = rfcomm_tty_hangup, 1067 .wait_until_sent = rfcomm_tty_wait_until_sent, 1068 .read_proc = rfcomm_tty_read_proc, 1069 .tiocmget = rfcomm_tty_tiocmget, 1070 .tiocmset = rfcomm_tty_tiocmset, 1071 }; 1072 1073 int rfcomm_init_ttys(void) 1074 { 1075 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1076 if (!rfcomm_tty_driver) 1077 return -1; 1078 1079 rfcomm_tty_driver->owner = THIS_MODULE; 1080 rfcomm_tty_driver->driver_name = "rfcomm"; 1081 rfcomm_tty_driver->name = "rfcomm"; 1082 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1083 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1084 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1085 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1086 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1087 rfcomm_tty_driver->init_termios = tty_std_termios; 1088 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1089 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1090 1091 if (tty_register_driver(rfcomm_tty_driver)) { 1092 BT_ERR("Can't register RFCOMM TTY driver"); 1093 put_tty_driver(rfcomm_tty_driver); 1094 return -1; 1095 } 1096 1097 BT_INFO("RFCOMM TTY layer initialized"); 1098 1099 return 0; 1100 } 1101 1102 void rfcomm_cleanup_ttys(void) 1103 { 1104 tty_unregister_driver(rfcomm_tty_driver); 1105 put_tty_driver(rfcomm_tty_driver); 1106 } 1107