1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 #include <net/bluetooth/rfcomm.h> 41 42 #ifndef CONFIG_BT_RFCOMM_DEBUG 43 #undef BT_DBG 44 #define BT_DBG(D...) 45 #endif 46 47 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 48 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 49 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 50 #define RFCOMM_TTY_MINOR 0 51 52 static struct tty_driver *rfcomm_tty_driver; 53 54 struct rfcomm_dev { 55 struct list_head list; 56 atomic_t refcnt; 57 58 char name[12]; 59 int id; 60 unsigned long flags; 61 int opened; 62 int err; 63 64 bdaddr_t src; 65 bdaddr_t dst; 66 u8 channel; 67 68 uint modem_status; 69 70 struct rfcomm_dlc *dlc; 71 struct tty_struct *tty; 72 wait_queue_head_t wait; 73 struct tasklet_struct wakeup_task; 74 75 struct device *tty_dev; 76 77 atomic_t wmem_alloc; 78 79 struct sk_buff_head pending; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 /* Refcount should only hit zero when called from rfcomm_dev_del() 99 which will have taken us off the list. Everything else are 100 refcounting bugs. */ 101 BUG_ON(!list_empty(&dev->list)); 102 103 rfcomm_dlc_lock(dlc); 104 /* Detach DLC if it's owned by this dev */ 105 if (dlc->owner == dev) 106 dlc->owner = NULL; 107 rfcomm_dlc_unlock(dlc); 108 109 rfcomm_dlc_put(dlc); 110 111 tty_unregister_device(rfcomm_tty_driver, dev->id); 112 113 kfree(dev); 114 115 /* It's safe to call module_put() here because socket still 116 holds reference to this module. */ 117 module_put(THIS_MODULE); 118 } 119 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 121 { 122 atomic_inc(&dev->refcnt); 123 } 124 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 126 { 127 /* The reason this isn't actually a race, as you no 128 doubt have a little voice screaming at you in your 129 head, is that the refcount should never actually 130 reach zero unless the device has already been taken 131 off the list, in rfcomm_dev_del(). And if that's not 132 true, we'll hit the BUG() in rfcomm_dev_destruct() 133 anyway. */ 134 if (atomic_dec_and_test(&dev->refcnt)) 135 rfcomm_dev_destruct(dev); 136 } 137 138 static struct rfcomm_dev *__rfcomm_dev_get(int id) 139 { 140 struct rfcomm_dev *dev; 141 struct list_head *p; 142 143 list_for_each(p, &rfcomm_dev_list) { 144 dev = list_entry(p, struct rfcomm_dev, list); 145 if (dev->id == id) 146 return dev; 147 } 148 149 return NULL; 150 } 151 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 read_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 160 if (dev) { 161 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 162 dev = NULL; 163 else 164 rfcomm_dev_hold(dev); 165 } 166 167 read_unlock(&rfcomm_dev_lock); 168 169 return dev; 170 } 171 172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 173 { 174 struct hci_dev *hdev; 175 struct hci_conn *conn; 176 177 hdev = hci_get_route(&dev->dst, &dev->src); 178 if (!hdev) 179 return NULL; 180 181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 182 183 hci_dev_put(hdev); 184 185 return conn ? &conn->dev : NULL; 186 } 187 188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 189 { 190 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 191 bdaddr_t bdaddr; 192 baswap(&bdaddr, &dev->dst); 193 return sprintf(buf, "%s\n", batostr(&bdaddr)); 194 } 195 196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 197 { 198 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 199 return sprintf(buf, "%d\n", dev->channel); 200 } 201 202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 204 205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 206 { 207 struct rfcomm_dev *dev; 208 struct list_head *head = &rfcomm_dev_list, *p; 209 int err = 0; 210 211 BT_DBG("id %d channel %d", req->dev_id, req->channel); 212 213 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 214 if (!dev) 215 return -ENOMEM; 216 217 write_lock_bh(&rfcomm_dev_lock); 218 219 if (req->dev_id < 0) { 220 dev->id = 0; 221 222 list_for_each(p, &rfcomm_dev_list) { 223 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 224 break; 225 226 dev->id++; 227 head = p; 228 } 229 } else { 230 dev->id = req->dev_id; 231 232 list_for_each(p, &rfcomm_dev_list) { 233 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 234 235 if (entry->id == dev->id) { 236 err = -EADDRINUSE; 237 goto out; 238 } 239 240 if (entry->id > dev->id - 1) 241 break; 242 243 head = p; 244 } 245 } 246 247 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 248 err = -ENFILE; 249 goto out; 250 } 251 252 sprintf(dev->name, "rfcomm%d", dev->id); 253 254 list_add(&dev->list, head); 255 atomic_set(&dev->refcnt, 1); 256 257 bacpy(&dev->src, &req->src); 258 bacpy(&dev->dst, &req->dst); 259 dev->channel = req->channel; 260 261 dev->flags = req->flags & 262 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 263 264 init_waitqueue_head(&dev->wait); 265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 266 267 skb_queue_head_init(&dev->pending); 268 269 rfcomm_dlc_lock(dlc); 270 271 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 272 struct sock *sk = dlc->owner; 273 struct sk_buff *skb; 274 275 BUG_ON(!sk); 276 277 rfcomm_dlc_throttle(dlc); 278 279 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 280 skb_orphan(skb); 281 skb_queue_tail(&dev->pending, skb); 282 atomic_sub(skb->len, &sk->sk_rmem_alloc); 283 } 284 } 285 286 dlc->data_ready = rfcomm_dev_data_ready; 287 dlc->state_change = rfcomm_dev_state_change; 288 dlc->modem_status = rfcomm_dev_modem_status; 289 290 dlc->owner = dev; 291 dev->dlc = dlc; 292 293 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 294 295 rfcomm_dlc_unlock(dlc); 296 297 /* It's safe to call __module_get() here because socket already 298 holds reference to this module. */ 299 __module_get(THIS_MODULE); 300 301 out: 302 write_unlock_bh(&rfcomm_dev_lock); 303 304 if (err < 0) { 305 kfree(dev); 306 return err; 307 } 308 309 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 310 311 if (IS_ERR(dev->tty_dev)) { 312 err = PTR_ERR(dev->tty_dev); 313 list_del(&dev->list); 314 kfree(dev); 315 return err; 316 } 317 318 dev_set_drvdata(dev->tty_dev, dev); 319 320 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 321 BT_ERR("Failed to create address attribute"); 322 323 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 324 BT_ERR("Failed to create channel attribute"); 325 326 return dev->id; 327 } 328 329 static void rfcomm_dev_del(struct rfcomm_dev *dev) 330 { 331 BT_DBG("dev %p", dev); 332 333 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 334 BUG_ON(1); 335 else 336 set_bit(RFCOMM_TTY_RELEASED, &dev->flags); 337 338 write_lock_bh(&rfcomm_dev_lock); 339 list_del_init(&dev->list); 340 write_unlock_bh(&rfcomm_dev_lock); 341 342 rfcomm_dev_put(dev); 343 } 344 345 /* ---- Send buffer ---- */ 346 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 347 { 348 /* We can't let it be zero, because we don't get a callback 349 when tx_credits becomes nonzero, hence we'd never wake up */ 350 return dlc->mtu * (dlc->tx_credits?:1); 351 } 352 353 static void rfcomm_wfree(struct sk_buff *skb) 354 { 355 struct rfcomm_dev *dev = (void *) skb->sk; 356 atomic_sub(skb->truesize, &dev->wmem_alloc); 357 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 358 tasklet_schedule(&dev->wakeup_task); 359 rfcomm_dev_put(dev); 360 } 361 362 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 363 { 364 rfcomm_dev_hold(dev); 365 atomic_add(skb->truesize, &dev->wmem_alloc); 366 skb->sk = (void *) dev; 367 skb->destructor = rfcomm_wfree; 368 } 369 370 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 371 { 372 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 373 struct sk_buff *skb = alloc_skb(size, priority); 374 if (skb) { 375 rfcomm_set_owner_w(skb, dev); 376 return skb; 377 } 378 } 379 return NULL; 380 } 381 382 /* ---- Device IOCTLs ---- */ 383 384 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 385 386 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 387 { 388 struct rfcomm_dev_req req; 389 struct rfcomm_dlc *dlc; 390 int id; 391 392 if (copy_from_user(&req, arg, sizeof(req))) 393 return -EFAULT; 394 395 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 396 397 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 398 return -EPERM; 399 400 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 401 /* Socket must be connected */ 402 if (sk->sk_state != BT_CONNECTED) 403 return -EBADFD; 404 405 dlc = rfcomm_pi(sk)->dlc; 406 rfcomm_dlc_hold(dlc); 407 } else { 408 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 409 if (!dlc) 410 return -ENOMEM; 411 } 412 413 id = rfcomm_dev_add(&req, dlc); 414 if (id < 0) { 415 rfcomm_dlc_put(dlc); 416 return id; 417 } 418 419 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 420 /* DLC is now used by device. 421 * Socket must be disconnected */ 422 sk->sk_state = BT_CLOSED; 423 } 424 425 return id; 426 } 427 428 static int rfcomm_release_dev(void __user *arg) 429 { 430 struct rfcomm_dev_req req; 431 struct rfcomm_dev *dev; 432 433 if (copy_from_user(&req, arg, sizeof(req))) 434 return -EFAULT; 435 436 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 437 438 if (!(dev = rfcomm_dev_get(req.dev_id))) 439 return -ENODEV; 440 441 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 442 rfcomm_dev_put(dev); 443 return -EPERM; 444 } 445 446 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 447 rfcomm_dlc_close(dev->dlc, 0); 448 449 /* Shut down TTY synchronously before freeing rfcomm_dev */ 450 if (dev->tty) 451 tty_vhangup(dev->tty); 452 453 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 454 rfcomm_dev_del(dev); 455 rfcomm_dev_put(dev); 456 return 0; 457 } 458 459 static int rfcomm_get_dev_list(void __user *arg) 460 { 461 struct rfcomm_dev_list_req *dl; 462 struct rfcomm_dev_info *di; 463 struct list_head *p; 464 int n = 0, size, err; 465 u16 dev_num; 466 467 BT_DBG(""); 468 469 if (get_user(dev_num, (u16 __user *) arg)) 470 return -EFAULT; 471 472 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 473 return -EINVAL; 474 475 size = sizeof(*dl) + dev_num * sizeof(*di); 476 477 if (!(dl = kmalloc(size, GFP_KERNEL))) 478 return -ENOMEM; 479 480 di = dl->dev_info; 481 482 read_lock_bh(&rfcomm_dev_lock); 483 484 list_for_each(p, &rfcomm_dev_list) { 485 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 486 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 487 continue; 488 (di + n)->id = dev->id; 489 (di + n)->flags = dev->flags; 490 (di + n)->state = dev->dlc->state; 491 (di + n)->channel = dev->channel; 492 bacpy(&(di + n)->src, &dev->src); 493 bacpy(&(di + n)->dst, &dev->dst); 494 if (++n >= dev_num) 495 break; 496 } 497 498 read_unlock_bh(&rfcomm_dev_lock); 499 500 dl->dev_num = n; 501 size = sizeof(*dl) + n * sizeof(*di); 502 503 err = copy_to_user(arg, dl, size); 504 kfree(dl); 505 506 return err ? -EFAULT : 0; 507 } 508 509 static int rfcomm_get_dev_info(void __user *arg) 510 { 511 struct rfcomm_dev *dev; 512 struct rfcomm_dev_info di; 513 int err = 0; 514 515 BT_DBG(""); 516 517 if (copy_from_user(&di, arg, sizeof(di))) 518 return -EFAULT; 519 520 if (!(dev = rfcomm_dev_get(di.id))) 521 return -ENODEV; 522 523 di.flags = dev->flags; 524 di.channel = dev->channel; 525 di.state = dev->dlc->state; 526 bacpy(&di.src, &dev->src); 527 bacpy(&di.dst, &dev->dst); 528 529 if (copy_to_user(arg, &di, sizeof(di))) 530 err = -EFAULT; 531 532 rfcomm_dev_put(dev); 533 return err; 534 } 535 536 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 537 { 538 BT_DBG("cmd %d arg %p", cmd, arg); 539 540 switch (cmd) { 541 case RFCOMMCREATEDEV: 542 return rfcomm_create_dev(sk, arg); 543 544 case RFCOMMRELEASEDEV: 545 return rfcomm_release_dev(arg); 546 547 case RFCOMMGETDEVLIST: 548 return rfcomm_get_dev_list(arg); 549 550 case RFCOMMGETDEVINFO: 551 return rfcomm_get_dev_info(arg); 552 } 553 554 return -EINVAL; 555 } 556 557 /* ---- DLC callbacks ---- */ 558 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 559 { 560 struct rfcomm_dev *dev = dlc->owner; 561 struct tty_struct *tty; 562 563 if (!dev) { 564 kfree_skb(skb); 565 return; 566 } 567 568 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) { 569 skb_queue_tail(&dev->pending, skb); 570 return; 571 } 572 573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 574 575 tty_insert_flip_string(tty, skb->data, skb->len); 576 tty_flip_buffer_push(tty); 577 578 kfree_skb(skb); 579 } 580 581 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 582 { 583 struct rfcomm_dev *dev = dlc->owner; 584 if (!dev) 585 return; 586 587 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 588 589 dev->err = err; 590 wake_up_interruptible(&dev->wait); 591 592 if (dlc->state == BT_CLOSED) { 593 if (!dev->tty) { 594 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 595 /* Drop DLC lock here to avoid deadlock 596 * 1. rfcomm_dev_get will take rfcomm_dev_lock 597 * but in rfcomm_dev_add there's lock order: 598 * rfcomm_dev_lock -> dlc lock 599 * 2. rfcomm_dev_put will deadlock if it's 600 * the last reference 601 */ 602 rfcomm_dlc_unlock(dlc); 603 if (rfcomm_dev_get(dev->id) == NULL) { 604 rfcomm_dlc_lock(dlc); 605 return; 606 } 607 608 rfcomm_dev_del(dev); 609 rfcomm_dev_put(dev); 610 rfcomm_dlc_lock(dlc); 611 } 612 } else 613 tty_hangup(dev->tty); 614 } 615 } 616 617 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 618 { 619 struct rfcomm_dev *dev = dlc->owner; 620 if (!dev) 621 return; 622 623 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 624 625 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 626 if (dev->tty && !C_CLOCAL(dev->tty)) 627 tty_hangup(dev->tty); 628 } 629 630 dev->modem_status = 631 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 632 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 633 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 634 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 635 } 636 637 /* ---- TTY functions ---- */ 638 static void rfcomm_tty_wakeup(unsigned long arg) 639 { 640 struct rfcomm_dev *dev = (void *) arg; 641 struct tty_struct *tty = dev->tty; 642 if (!tty) 643 return; 644 645 BT_DBG("dev %p tty %p", dev, tty); 646 tty_wakeup(tty); 647 } 648 649 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 650 { 651 struct tty_struct *tty = dev->tty; 652 struct sk_buff *skb; 653 int inserted = 0; 654 655 if (!tty) 656 return; 657 658 BT_DBG("dev %p tty %p", dev, tty); 659 660 rfcomm_dlc_lock(dev->dlc); 661 662 while ((skb = skb_dequeue(&dev->pending))) { 663 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 664 kfree_skb(skb); 665 } 666 667 rfcomm_dlc_unlock(dev->dlc); 668 669 if (inserted > 0) 670 tty_flip_buffer_push(tty); 671 } 672 673 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 674 { 675 DECLARE_WAITQUEUE(wait, current); 676 struct rfcomm_dev *dev; 677 struct rfcomm_dlc *dlc; 678 int err, id; 679 680 id = tty->index; 681 682 BT_DBG("tty %p id %d", tty, id); 683 684 /* We don't leak this refcount. For reasons which are not entirely 685 clear, the TTY layer will call our ->close() method even if the 686 open fails. We decrease the refcount there, and decreasing it 687 here too would cause breakage. */ 688 dev = rfcomm_dev_get(id); 689 if (!dev) 690 return -ENODEV; 691 692 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 693 694 if (dev->opened++ != 0) 695 return 0; 696 697 dlc = dev->dlc; 698 699 /* Attach TTY and open DLC */ 700 701 rfcomm_dlc_lock(dlc); 702 tty->driver_data = dev; 703 dev->tty = tty; 704 rfcomm_dlc_unlock(dlc); 705 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 706 707 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 708 if (err < 0) 709 return err; 710 711 /* Wait for DLC to connect */ 712 add_wait_queue(&dev->wait, &wait); 713 while (1) { 714 set_current_state(TASK_INTERRUPTIBLE); 715 716 if (dlc->state == BT_CLOSED) { 717 err = -dev->err; 718 break; 719 } 720 721 if (dlc->state == BT_CONNECTED) 722 break; 723 724 if (signal_pending(current)) { 725 err = -EINTR; 726 break; 727 } 728 729 schedule(); 730 } 731 set_current_state(TASK_RUNNING); 732 remove_wait_queue(&dev->wait, &wait); 733 734 if (err == 0) 735 device_move(dev->tty_dev, rfcomm_get_device(dev)); 736 737 rfcomm_tty_copy_pending(dev); 738 739 rfcomm_dlc_unthrottle(dev->dlc); 740 741 return err; 742 } 743 744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 745 { 746 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 747 if (!dev) 748 return; 749 750 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 751 752 if (--dev->opened == 0) { 753 if (dev->tty_dev->parent) 754 device_move(dev->tty_dev, NULL); 755 756 /* Close DLC and dettach TTY */ 757 rfcomm_dlc_close(dev->dlc, 0); 758 759 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 760 tasklet_kill(&dev->wakeup_task); 761 762 rfcomm_dlc_lock(dev->dlc); 763 tty->driver_data = NULL; 764 dev->tty = NULL; 765 rfcomm_dlc_unlock(dev->dlc); 766 } 767 768 rfcomm_dev_put(dev); 769 } 770 771 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 772 { 773 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 774 struct rfcomm_dlc *dlc = dev->dlc; 775 struct sk_buff *skb; 776 int err = 0, sent = 0, size; 777 778 BT_DBG("tty %p count %d", tty, count); 779 780 while (count) { 781 size = min_t(uint, count, dlc->mtu); 782 783 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 784 785 if (!skb) 786 break; 787 788 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 789 790 memcpy(skb_put(skb, size), buf + sent, size); 791 792 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 793 kfree_skb(skb); 794 break; 795 } 796 797 sent += size; 798 count -= size; 799 } 800 801 return sent ? sent : err; 802 } 803 804 static int rfcomm_tty_write_room(struct tty_struct *tty) 805 { 806 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 807 int room; 808 809 BT_DBG("tty %p", tty); 810 811 if (!dev || !dev->dlc) 812 return 0; 813 814 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 815 if (room < 0) 816 room = 0; 817 818 return room; 819 } 820 821 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 822 { 823 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 824 825 switch (cmd) { 826 case TCGETS: 827 BT_DBG("TCGETS is not supported"); 828 return -ENOIOCTLCMD; 829 830 case TCSETS: 831 BT_DBG("TCSETS is not supported"); 832 return -ENOIOCTLCMD; 833 834 case TIOCMIWAIT: 835 BT_DBG("TIOCMIWAIT"); 836 break; 837 838 case TIOCGICOUNT: 839 BT_DBG("TIOCGICOUNT"); 840 break; 841 842 case TIOCGSERIAL: 843 BT_ERR("TIOCGSERIAL is not supported"); 844 return -ENOIOCTLCMD; 845 846 case TIOCSSERIAL: 847 BT_ERR("TIOCSSERIAL is not supported"); 848 return -ENOIOCTLCMD; 849 850 case TIOCSERGSTRUCT: 851 BT_ERR("TIOCSERGSTRUCT is not supported"); 852 return -ENOIOCTLCMD; 853 854 case TIOCSERGETLSR: 855 BT_ERR("TIOCSERGETLSR is not supported"); 856 return -ENOIOCTLCMD; 857 858 case TIOCSERCONFIG: 859 BT_ERR("TIOCSERCONFIG is not supported"); 860 return -ENOIOCTLCMD; 861 862 default: 863 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 864 865 } 866 867 return -ENOIOCTLCMD; 868 } 869 870 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 871 { 872 struct ktermios *new = tty->termios; 873 int old_baud_rate = tty_termios_baud_rate(old); 874 int new_baud_rate = tty_termios_baud_rate(new); 875 876 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 877 u16 changes = 0; 878 879 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 880 881 BT_DBG("tty %p termios %p", tty, old); 882 883 if (!dev || !dev->dlc || !dev->dlc->session) 884 return; 885 886 /* Handle turning off CRTSCTS */ 887 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 888 BT_DBG("Turning off CRTSCTS unsupported"); 889 890 /* Parity on/off and when on, odd/even */ 891 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 892 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 893 changes |= RFCOMM_RPN_PM_PARITY; 894 BT_DBG("Parity change detected."); 895 } 896 897 /* Mark and space parity are not supported! */ 898 if (new->c_cflag & PARENB) { 899 if (new->c_cflag & PARODD) { 900 BT_DBG("Parity is ODD"); 901 parity = RFCOMM_RPN_PARITY_ODD; 902 } else { 903 BT_DBG("Parity is EVEN"); 904 parity = RFCOMM_RPN_PARITY_EVEN; 905 } 906 } else { 907 BT_DBG("Parity is OFF"); 908 parity = RFCOMM_RPN_PARITY_NONE; 909 } 910 911 /* Setting the x_on / x_off characters */ 912 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 913 BT_DBG("XOFF custom"); 914 x_on = new->c_cc[VSTOP]; 915 changes |= RFCOMM_RPN_PM_XON; 916 } else { 917 BT_DBG("XOFF default"); 918 x_on = RFCOMM_RPN_XON_CHAR; 919 } 920 921 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 922 BT_DBG("XON custom"); 923 x_off = new->c_cc[VSTART]; 924 changes |= RFCOMM_RPN_PM_XOFF; 925 } else { 926 BT_DBG("XON default"); 927 x_off = RFCOMM_RPN_XOFF_CHAR; 928 } 929 930 /* Handle setting of stop bits */ 931 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 932 changes |= RFCOMM_RPN_PM_STOP; 933 934 /* POSIX does not support 1.5 stop bits and RFCOMM does not 935 * support 2 stop bits. So a request for 2 stop bits gets 936 * translated to 1.5 stop bits */ 937 if (new->c_cflag & CSTOPB) { 938 stop_bits = RFCOMM_RPN_STOP_15; 939 } else { 940 stop_bits = RFCOMM_RPN_STOP_1; 941 } 942 943 /* Handle number of data bits [5-8] */ 944 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 945 changes |= RFCOMM_RPN_PM_DATA; 946 947 switch (new->c_cflag & CSIZE) { 948 case CS5: 949 data_bits = RFCOMM_RPN_DATA_5; 950 break; 951 case CS6: 952 data_bits = RFCOMM_RPN_DATA_6; 953 break; 954 case CS7: 955 data_bits = RFCOMM_RPN_DATA_7; 956 break; 957 case CS8: 958 data_bits = RFCOMM_RPN_DATA_8; 959 break; 960 default: 961 data_bits = RFCOMM_RPN_DATA_8; 962 break; 963 } 964 965 /* Handle baudrate settings */ 966 if (old_baud_rate != new_baud_rate) 967 changes |= RFCOMM_RPN_PM_BITRATE; 968 969 switch (new_baud_rate) { 970 case 2400: 971 baud = RFCOMM_RPN_BR_2400; 972 break; 973 case 4800: 974 baud = RFCOMM_RPN_BR_4800; 975 break; 976 case 7200: 977 baud = RFCOMM_RPN_BR_7200; 978 break; 979 case 9600: 980 baud = RFCOMM_RPN_BR_9600; 981 break; 982 case 19200: 983 baud = RFCOMM_RPN_BR_19200; 984 break; 985 case 38400: 986 baud = RFCOMM_RPN_BR_38400; 987 break; 988 case 57600: 989 baud = RFCOMM_RPN_BR_57600; 990 break; 991 case 115200: 992 baud = RFCOMM_RPN_BR_115200; 993 break; 994 case 230400: 995 baud = RFCOMM_RPN_BR_230400; 996 break; 997 default: 998 /* 9600 is standard accordinag to the RFCOMM specification */ 999 baud = RFCOMM_RPN_BR_9600; 1000 break; 1001 1002 } 1003 1004 if (changes) 1005 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1006 data_bits, stop_bits, parity, 1007 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1008 1009 return; 1010 } 1011 1012 static void rfcomm_tty_throttle(struct tty_struct *tty) 1013 { 1014 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1015 1016 BT_DBG("tty %p dev %p", tty, dev); 1017 1018 rfcomm_dlc_throttle(dev->dlc); 1019 } 1020 1021 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1022 { 1023 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1024 1025 BT_DBG("tty %p dev %p", tty, dev); 1026 1027 rfcomm_dlc_unthrottle(dev->dlc); 1028 } 1029 1030 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1031 { 1032 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1033 1034 BT_DBG("tty %p dev %p", tty, dev); 1035 1036 if (!dev || !dev->dlc) 1037 return 0; 1038 1039 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1040 return dev->dlc->mtu; 1041 1042 return 0; 1043 } 1044 1045 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1046 { 1047 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1048 1049 BT_DBG("tty %p dev %p", tty, dev); 1050 1051 if (!dev || !dev->dlc) 1052 return; 1053 1054 skb_queue_purge(&dev->dlc->tx_queue); 1055 tty_wakeup(tty); 1056 } 1057 1058 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1059 { 1060 BT_DBG("tty %p ch %c", tty, ch); 1061 } 1062 1063 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1064 { 1065 BT_DBG("tty %p timeout %d", tty, timeout); 1066 } 1067 1068 static void rfcomm_tty_hangup(struct tty_struct *tty) 1069 { 1070 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1071 1072 BT_DBG("tty %p dev %p", tty, dev); 1073 1074 if (!dev) 1075 return; 1076 1077 rfcomm_tty_flush_buffer(tty); 1078 1079 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1080 if (rfcomm_dev_get(dev->id) == NULL) 1081 return; 1082 rfcomm_dev_del(dev); 1083 rfcomm_dev_put(dev); 1084 } 1085 } 1086 1087 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1088 { 1089 return 0; 1090 } 1091 1092 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1093 { 1094 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1095 1096 BT_DBG("tty %p dev %p", tty, dev); 1097 1098 return dev->modem_status; 1099 } 1100 1101 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1102 { 1103 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1104 struct rfcomm_dlc *dlc = dev->dlc; 1105 u8 v24_sig; 1106 1107 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1108 1109 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1110 1111 if (set & TIOCM_DSR || set & TIOCM_DTR) 1112 v24_sig |= RFCOMM_V24_RTC; 1113 if (set & TIOCM_RTS || set & TIOCM_CTS) 1114 v24_sig |= RFCOMM_V24_RTR; 1115 if (set & TIOCM_RI) 1116 v24_sig |= RFCOMM_V24_IC; 1117 if (set & TIOCM_CD) 1118 v24_sig |= RFCOMM_V24_DV; 1119 1120 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1121 v24_sig &= ~RFCOMM_V24_RTC; 1122 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1123 v24_sig &= ~RFCOMM_V24_RTR; 1124 if (clear & TIOCM_RI) 1125 v24_sig &= ~RFCOMM_V24_IC; 1126 if (clear & TIOCM_CD) 1127 v24_sig &= ~RFCOMM_V24_DV; 1128 1129 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1130 1131 return 0; 1132 } 1133 1134 /* ---- TTY structure ---- */ 1135 1136 static const struct tty_operations rfcomm_ops = { 1137 .open = rfcomm_tty_open, 1138 .close = rfcomm_tty_close, 1139 .write = rfcomm_tty_write, 1140 .write_room = rfcomm_tty_write_room, 1141 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1142 .flush_buffer = rfcomm_tty_flush_buffer, 1143 .ioctl = rfcomm_tty_ioctl, 1144 .throttle = rfcomm_tty_throttle, 1145 .unthrottle = rfcomm_tty_unthrottle, 1146 .set_termios = rfcomm_tty_set_termios, 1147 .send_xchar = rfcomm_tty_send_xchar, 1148 .hangup = rfcomm_tty_hangup, 1149 .wait_until_sent = rfcomm_tty_wait_until_sent, 1150 .read_proc = rfcomm_tty_read_proc, 1151 .tiocmget = rfcomm_tty_tiocmget, 1152 .tiocmset = rfcomm_tty_tiocmset, 1153 }; 1154 1155 int rfcomm_init_ttys(void) 1156 { 1157 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1158 if (!rfcomm_tty_driver) 1159 return -1; 1160 1161 rfcomm_tty_driver->owner = THIS_MODULE; 1162 rfcomm_tty_driver->driver_name = "rfcomm"; 1163 rfcomm_tty_driver->name = "rfcomm"; 1164 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1165 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1166 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1167 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1168 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1169 rfcomm_tty_driver->init_termios = tty_std_termios; 1170 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1171 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1172 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1173 1174 if (tty_register_driver(rfcomm_tty_driver)) { 1175 BT_ERR("Can't register RFCOMM TTY driver"); 1176 put_tty_driver(rfcomm_tty_driver); 1177 return -1; 1178 } 1179 1180 BT_INFO("RFCOMM TTY layer initialized"); 1181 1182 return 0; 1183 } 1184 1185 void rfcomm_cleanup_ttys(void) 1186 { 1187 tty_unregister_driver(rfcomm_tty_driver); 1188 put_tty_driver(rfcomm_tty_driver); 1189 } 1190