1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 #include <net/bluetooth/rfcomm.h> 41 42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 45 #define RFCOMM_TTY_MINOR 0 46 47 static struct tty_driver *rfcomm_tty_driver; 48 49 struct rfcomm_dev { 50 struct list_head list; 51 atomic_t refcnt; 52 53 char name[12]; 54 int id; 55 unsigned long flags; 56 atomic_t opened; 57 int err; 58 59 bdaddr_t src; 60 bdaddr_t dst; 61 u8 channel; 62 63 uint modem_status; 64 65 struct rfcomm_dlc *dlc; 66 struct tty_struct *tty; 67 wait_queue_head_t wait; 68 struct tasklet_struct wakeup_task; 69 70 struct device *tty_dev; 71 72 atomic_t wmem_alloc; 73 74 struct sk_buff_head pending; 75 }; 76 77 static LIST_HEAD(rfcomm_dev_list); 78 static DEFINE_RWLOCK(rfcomm_dev_lock); 79 80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 83 84 static void rfcomm_tty_wakeup(unsigned long arg); 85 86 /* ---- Device functions ---- */ 87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 88 { 89 struct rfcomm_dlc *dlc = dev->dlc; 90 91 BT_DBG("dev %p dlc %p", dev, dlc); 92 93 /* Refcount should only hit zero when called from rfcomm_dev_del() 94 which will have taken us off the list. Everything else are 95 refcounting bugs. */ 96 BUG_ON(!list_empty(&dev->list)); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 kfree(dev); 109 110 /* It's safe to call module_put() here because socket still 111 holds reference to this module. */ 112 module_put(THIS_MODULE); 113 } 114 115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 116 { 117 atomic_inc(&dev->refcnt); 118 } 119 120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 121 { 122 /* The reason this isn't actually a race, as you no 123 doubt have a little voice screaming at you in your 124 head, is that the refcount should never actually 125 reach zero unless the device has already been taken 126 off the list, in rfcomm_dev_del(). And if that's not 127 true, we'll hit the BUG() in rfcomm_dev_destruct() 128 anyway. */ 129 if (atomic_dec_and_test(&dev->refcnt)) 130 rfcomm_dev_destruct(dev); 131 } 132 133 static struct rfcomm_dev *__rfcomm_dev_get(int id) 134 { 135 struct rfcomm_dev *dev; 136 struct list_head *p; 137 138 list_for_each(p, &rfcomm_dev_list) { 139 dev = list_entry(p, struct rfcomm_dev, list); 140 if (dev->id == id) 141 return dev; 142 } 143 144 return NULL; 145 } 146 147 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 148 { 149 struct rfcomm_dev *dev; 150 151 read_lock(&rfcomm_dev_lock); 152 153 dev = __rfcomm_dev_get(id); 154 155 if (dev) { 156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 157 dev = NULL; 158 else 159 rfcomm_dev_hold(dev); 160 } 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 184 { 185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 186 return sprintf(buf, "%s\n", batostr(&dev->dst)); 187 } 188 189 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 190 { 191 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 192 return sprintf(buf, "%d\n", dev->channel); 193 } 194 195 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 196 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 197 198 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 199 { 200 struct rfcomm_dev *dev; 201 struct list_head *head = &rfcomm_dev_list, *p; 202 int err = 0; 203 204 BT_DBG("id %d channel %d", req->dev_id, req->channel); 205 206 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 207 if (!dev) 208 return -ENOMEM; 209 210 write_lock_bh(&rfcomm_dev_lock); 211 212 if (req->dev_id < 0) { 213 dev->id = 0; 214 215 list_for_each(p, &rfcomm_dev_list) { 216 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 217 break; 218 219 dev->id++; 220 head = p; 221 } 222 } else { 223 dev->id = req->dev_id; 224 225 list_for_each(p, &rfcomm_dev_list) { 226 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 227 228 if (entry->id == dev->id) { 229 err = -EADDRINUSE; 230 goto out; 231 } 232 233 if (entry->id > dev->id - 1) 234 break; 235 236 head = p; 237 } 238 } 239 240 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 241 err = -ENFILE; 242 goto out; 243 } 244 245 sprintf(dev->name, "rfcomm%d", dev->id); 246 247 list_add(&dev->list, head); 248 atomic_set(&dev->refcnt, 1); 249 250 bacpy(&dev->src, &req->src); 251 bacpy(&dev->dst, &req->dst); 252 dev->channel = req->channel; 253 254 dev->flags = req->flags & 255 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 256 257 atomic_set(&dev->opened, 0); 258 259 init_waitqueue_head(&dev->wait); 260 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 261 262 skb_queue_head_init(&dev->pending); 263 264 rfcomm_dlc_lock(dlc); 265 266 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 267 struct sock *sk = dlc->owner; 268 struct sk_buff *skb; 269 270 BUG_ON(!sk); 271 272 rfcomm_dlc_throttle(dlc); 273 274 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 275 skb_orphan(skb); 276 skb_queue_tail(&dev->pending, skb); 277 atomic_sub(skb->len, &sk->sk_rmem_alloc); 278 } 279 } 280 281 dlc->data_ready = rfcomm_dev_data_ready; 282 dlc->state_change = rfcomm_dev_state_change; 283 dlc->modem_status = rfcomm_dev_modem_status; 284 285 dlc->owner = dev; 286 dev->dlc = dlc; 287 288 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 289 290 rfcomm_dlc_unlock(dlc); 291 292 /* It's safe to call __module_get() here because socket already 293 holds reference to this module. */ 294 __module_get(THIS_MODULE); 295 296 out: 297 write_unlock_bh(&rfcomm_dev_lock); 298 299 if (err < 0) 300 goto free; 301 302 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 303 304 if (IS_ERR(dev->tty_dev)) { 305 err = PTR_ERR(dev->tty_dev); 306 list_del(&dev->list); 307 goto free; 308 } 309 310 dev_set_drvdata(dev->tty_dev, dev); 311 312 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 313 BT_ERR("Failed to create address attribute"); 314 315 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 316 BT_ERR("Failed to create channel attribute"); 317 318 return dev->id; 319 320 free: 321 kfree(dev); 322 return err; 323 } 324 325 static void rfcomm_dev_del(struct rfcomm_dev *dev) 326 { 327 BT_DBG("dev %p", dev); 328 329 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 330 331 if (atomic_read(&dev->opened) > 0) 332 return; 333 334 write_lock_bh(&rfcomm_dev_lock); 335 list_del_init(&dev->list); 336 write_unlock_bh(&rfcomm_dev_lock); 337 338 rfcomm_dev_put(dev); 339 } 340 341 /* ---- Send buffer ---- */ 342 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 343 { 344 /* We can't let it be zero, because we don't get a callback 345 when tx_credits becomes nonzero, hence we'd never wake up */ 346 return dlc->mtu * (dlc->tx_credits?:1); 347 } 348 349 static void rfcomm_wfree(struct sk_buff *skb) 350 { 351 struct rfcomm_dev *dev = (void *) skb->sk; 352 atomic_sub(skb->truesize, &dev->wmem_alloc); 353 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 354 tasklet_schedule(&dev->wakeup_task); 355 rfcomm_dev_put(dev); 356 } 357 358 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 359 { 360 rfcomm_dev_hold(dev); 361 atomic_add(skb->truesize, &dev->wmem_alloc); 362 skb->sk = (void *) dev; 363 skb->destructor = rfcomm_wfree; 364 } 365 366 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 367 { 368 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 369 struct sk_buff *skb = alloc_skb(size, priority); 370 if (skb) { 371 rfcomm_set_owner_w(skb, dev); 372 return skb; 373 } 374 } 375 return NULL; 376 } 377 378 /* ---- Device IOCTLs ---- */ 379 380 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 381 382 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 383 { 384 struct rfcomm_dev_req req; 385 struct rfcomm_dlc *dlc; 386 int id; 387 388 if (copy_from_user(&req, arg, sizeof(req))) 389 return -EFAULT; 390 391 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 392 393 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 394 return -EPERM; 395 396 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 397 /* Socket must be connected */ 398 if (sk->sk_state != BT_CONNECTED) 399 return -EBADFD; 400 401 dlc = rfcomm_pi(sk)->dlc; 402 rfcomm_dlc_hold(dlc); 403 } else { 404 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 405 if (!dlc) 406 return -ENOMEM; 407 } 408 409 id = rfcomm_dev_add(&req, dlc); 410 if (id < 0) { 411 rfcomm_dlc_put(dlc); 412 return id; 413 } 414 415 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 416 /* DLC is now used by device. 417 * Socket must be disconnected */ 418 sk->sk_state = BT_CLOSED; 419 } 420 421 return id; 422 } 423 424 static int rfcomm_release_dev(void __user *arg) 425 { 426 struct rfcomm_dev_req req; 427 struct rfcomm_dev *dev; 428 429 if (copy_from_user(&req, arg, sizeof(req))) 430 return -EFAULT; 431 432 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 433 434 dev = rfcomm_dev_get(req.dev_id); 435 if (!dev) 436 return -ENODEV; 437 438 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 439 rfcomm_dev_put(dev); 440 return -EPERM; 441 } 442 443 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 444 rfcomm_dlc_close(dev->dlc, 0); 445 446 /* Shut down TTY synchronously before freeing rfcomm_dev */ 447 if (dev->tty) 448 tty_vhangup(dev->tty); 449 450 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 451 rfcomm_dev_del(dev); 452 rfcomm_dev_put(dev); 453 return 0; 454 } 455 456 static int rfcomm_get_dev_list(void __user *arg) 457 { 458 struct rfcomm_dev_list_req *dl; 459 struct rfcomm_dev_info *di; 460 struct list_head *p; 461 int n = 0, size, err; 462 u16 dev_num; 463 464 BT_DBG(""); 465 466 if (get_user(dev_num, (u16 __user *) arg)) 467 return -EFAULT; 468 469 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 470 return -EINVAL; 471 472 size = sizeof(*dl) + dev_num * sizeof(*di); 473 474 dl = kmalloc(size, GFP_KERNEL); 475 if (!dl) 476 return -ENOMEM; 477 478 di = dl->dev_info; 479 480 read_lock_bh(&rfcomm_dev_lock); 481 482 list_for_each(p, &rfcomm_dev_list) { 483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 485 continue; 486 (di + n)->id = dev->id; 487 (di + n)->flags = dev->flags; 488 (di + n)->state = dev->dlc->state; 489 (di + n)->channel = dev->channel; 490 bacpy(&(di + n)->src, &dev->src); 491 bacpy(&(di + n)->dst, &dev->dst); 492 if (++n >= dev_num) 493 break; 494 } 495 496 read_unlock_bh(&rfcomm_dev_lock); 497 498 dl->dev_num = n; 499 size = sizeof(*dl) + n * sizeof(*di); 500 501 err = copy_to_user(arg, dl, size); 502 kfree(dl); 503 504 return err ? -EFAULT : 0; 505 } 506 507 static int rfcomm_get_dev_info(void __user *arg) 508 { 509 struct rfcomm_dev *dev; 510 struct rfcomm_dev_info di; 511 int err = 0; 512 513 BT_DBG(""); 514 515 if (copy_from_user(&di, arg, sizeof(di))) 516 return -EFAULT; 517 518 dev = rfcomm_dev_get(di.id); 519 if (!dev) 520 return -ENODEV; 521 522 di.flags = dev->flags; 523 di.channel = dev->channel; 524 di.state = dev->dlc->state; 525 bacpy(&di.src, &dev->src); 526 bacpy(&di.dst, &dev->dst); 527 528 if (copy_to_user(arg, &di, sizeof(di))) 529 err = -EFAULT; 530 531 rfcomm_dev_put(dev); 532 return err; 533 } 534 535 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 536 { 537 BT_DBG("cmd %d arg %p", cmd, arg); 538 539 switch (cmd) { 540 case RFCOMMCREATEDEV: 541 return rfcomm_create_dev(sk, arg); 542 543 case RFCOMMRELEASEDEV: 544 return rfcomm_release_dev(arg); 545 546 case RFCOMMGETDEVLIST: 547 return rfcomm_get_dev_list(arg); 548 549 case RFCOMMGETDEVINFO: 550 return rfcomm_get_dev_info(arg); 551 } 552 553 return -EINVAL; 554 } 555 556 /* ---- DLC callbacks ---- */ 557 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 558 { 559 struct rfcomm_dev *dev = dlc->owner; 560 struct tty_struct *tty; 561 562 if (!dev) { 563 kfree_skb(skb); 564 return; 565 } 566 567 tty = dev->tty; 568 if (!tty || !skb_queue_empty(&dev->pending)) { 569 skb_queue_tail(&dev->pending, skb); 570 return; 571 } 572 573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 574 575 tty_insert_flip_string(tty, skb->data, skb->len); 576 tty_flip_buffer_push(tty); 577 578 kfree_skb(skb); 579 } 580 581 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 582 { 583 struct rfcomm_dev *dev = dlc->owner; 584 if (!dev) 585 return; 586 587 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 588 589 dev->err = err; 590 wake_up_interruptible(&dev->wait); 591 592 if (dlc->state == BT_CLOSED) { 593 if (!dev->tty) { 594 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 595 /* Drop DLC lock here to avoid deadlock 596 * 1. rfcomm_dev_get will take rfcomm_dev_lock 597 * but in rfcomm_dev_add there's lock order: 598 * rfcomm_dev_lock -> dlc lock 599 * 2. rfcomm_dev_put will deadlock if it's 600 * the last reference 601 */ 602 rfcomm_dlc_unlock(dlc); 603 if (rfcomm_dev_get(dev->id) == NULL) { 604 rfcomm_dlc_lock(dlc); 605 return; 606 } 607 608 rfcomm_dev_del(dev); 609 rfcomm_dev_put(dev); 610 rfcomm_dlc_lock(dlc); 611 } 612 } else 613 tty_hangup(dev->tty); 614 } 615 } 616 617 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 618 { 619 struct rfcomm_dev *dev = dlc->owner; 620 if (!dev) 621 return; 622 623 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 624 625 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 626 if (dev->tty && !C_CLOCAL(dev->tty)) 627 tty_hangup(dev->tty); 628 } 629 630 dev->modem_status = 631 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 632 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 633 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 634 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 635 } 636 637 /* ---- TTY functions ---- */ 638 static void rfcomm_tty_wakeup(unsigned long arg) 639 { 640 struct rfcomm_dev *dev = (void *) arg; 641 struct tty_struct *tty = dev->tty; 642 if (!tty) 643 return; 644 645 BT_DBG("dev %p tty %p", dev, tty); 646 tty_wakeup(tty); 647 } 648 649 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 650 { 651 struct tty_struct *tty = dev->tty; 652 struct sk_buff *skb; 653 int inserted = 0; 654 655 if (!tty) 656 return; 657 658 BT_DBG("dev %p tty %p", dev, tty); 659 660 rfcomm_dlc_lock(dev->dlc); 661 662 while ((skb = skb_dequeue(&dev->pending))) { 663 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 664 kfree_skb(skb); 665 } 666 667 rfcomm_dlc_unlock(dev->dlc); 668 669 if (inserted > 0) 670 tty_flip_buffer_push(tty); 671 } 672 673 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 674 { 675 DECLARE_WAITQUEUE(wait, current); 676 struct rfcomm_dev *dev; 677 struct rfcomm_dlc *dlc; 678 int err, id; 679 680 id = tty->index; 681 682 BT_DBG("tty %p id %d", tty, id); 683 684 /* We don't leak this refcount. For reasons which are not entirely 685 clear, the TTY layer will call our ->close() method even if the 686 open fails. We decrease the refcount there, and decreasing it 687 here too would cause breakage. */ 688 dev = rfcomm_dev_get(id); 689 if (!dev) 690 return -ENODEV; 691 692 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 693 dev->channel, atomic_read(&dev->opened)); 694 695 if (atomic_inc_return(&dev->opened) > 1) 696 return 0; 697 698 dlc = dev->dlc; 699 700 /* Attach TTY and open DLC */ 701 702 rfcomm_dlc_lock(dlc); 703 tty->driver_data = dev; 704 dev->tty = tty; 705 rfcomm_dlc_unlock(dlc); 706 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 707 708 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 709 if (err < 0) 710 return err; 711 712 /* Wait for DLC to connect */ 713 add_wait_queue(&dev->wait, &wait); 714 while (1) { 715 set_current_state(TASK_INTERRUPTIBLE); 716 717 if (dlc->state == BT_CLOSED) { 718 err = -dev->err; 719 break; 720 } 721 722 if (dlc->state == BT_CONNECTED) 723 break; 724 725 if (signal_pending(current)) { 726 err = -EINTR; 727 break; 728 } 729 730 tty_unlock(); 731 schedule(); 732 tty_lock(); 733 } 734 set_current_state(TASK_RUNNING); 735 remove_wait_queue(&dev->wait, &wait); 736 737 if (err == 0) 738 device_move(dev->tty_dev, rfcomm_get_device(dev), 739 DPM_ORDER_DEV_AFTER_PARENT); 740 741 rfcomm_tty_copy_pending(dev); 742 743 rfcomm_dlc_unthrottle(dev->dlc); 744 745 return err; 746 } 747 748 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 749 { 750 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 751 if (!dev) 752 return; 753 754 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 755 atomic_read(&dev->opened)); 756 757 if (atomic_dec_and_test(&dev->opened)) { 758 if (dev->tty_dev->parent) 759 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 760 761 /* Close DLC and dettach TTY */ 762 rfcomm_dlc_close(dev->dlc, 0); 763 764 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 765 tasklet_kill(&dev->wakeup_task); 766 767 rfcomm_dlc_lock(dev->dlc); 768 tty->driver_data = NULL; 769 dev->tty = NULL; 770 rfcomm_dlc_unlock(dev->dlc); 771 772 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 773 write_lock_bh(&rfcomm_dev_lock); 774 list_del_init(&dev->list); 775 write_unlock_bh(&rfcomm_dev_lock); 776 777 rfcomm_dev_put(dev); 778 } 779 } 780 781 rfcomm_dev_put(dev); 782 } 783 784 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 785 { 786 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 787 struct rfcomm_dlc *dlc = dev->dlc; 788 struct sk_buff *skb; 789 int err = 0, sent = 0, size; 790 791 BT_DBG("tty %p count %d", tty, count); 792 793 while (count) { 794 size = min_t(uint, count, dlc->mtu); 795 796 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 797 798 if (!skb) 799 break; 800 801 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 802 803 memcpy(skb_put(skb, size), buf + sent, size); 804 805 err = rfcomm_dlc_send(dlc, skb); 806 if (err < 0) { 807 kfree_skb(skb); 808 break; 809 } 810 811 sent += size; 812 count -= size; 813 } 814 815 return sent ? sent : err; 816 } 817 818 static int rfcomm_tty_write_room(struct tty_struct *tty) 819 { 820 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 821 int room; 822 823 BT_DBG("tty %p", tty); 824 825 if (!dev || !dev->dlc) 826 return 0; 827 828 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 829 if (room < 0) 830 room = 0; 831 832 return room; 833 } 834 835 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 836 { 837 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 838 839 switch (cmd) { 840 case TCGETS: 841 BT_DBG("TCGETS is not supported"); 842 return -ENOIOCTLCMD; 843 844 case TCSETS: 845 BT_DBG("TCSETS is not supported"); 846 return -ENOIOCTLCMD; 847 848 case TIOCMIWAIT: 849 BT_DBG("TIOCMIWAIT"); 850 break; 851 852 case TIOCGSERIAL: 853 BT_ERR("TIOCGSERIAL is not supported"); 854 return -ENOIOCTLCMD; 855 856 case TIOCSSERIAL: 857 BT_ERR("TIOCSSERIAL is not supported"); 858 return -ENOIOCTLCMD; 859 860 case TIOCSERGSTRUCT: 861 BT_ERR("TIOCSERGSTRUCT is not supported"); 862 return -ENOIOCTLCMD; 863 864 case TIOCSERGETLSR: 865 BT_ERR("TIOCSERGETLSR is not supported"); 866 return -ENOIOCTLCMD; 867 868 case TIOCSERCONFIG: 869 BT_ERR("TIOCSERCONFIG is not supported"); 870 return -ENOIOCTLCMD; 871 872 default: 873 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 874 875 } 876 877 return -ENOIOCTLCMD; 878 } 879 880 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 881 { 882 struct ktermios *new = tty->termios; 883 int old_baud_rate = tty_termios_baud_rate(old); 884 int new_baud_rate = tty_termios_baud_rate(new); 885 886 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 887 u16 changes = 0; 888 889 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 890 891 BT_DBG("tty %p termios %p", tty, old); 892 893 if (!dev || !dev->dlc || !dev->dlc->session) 894 return; 895 896 /* Handle turning off CRTSCTS */ 897 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 898 BT_DBG("Turning off CRTSCTS unsupported"); 899 900 /* Parity on/off and when on, odd/even */ 901 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 902 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 903 changes |= RFCOMM_RPN_PM_PARITY; 904 BT_DBG("Parity change detected."); 905 } 906 907 /* Mark and space parity are not supported! */ 908 if (new->c_cflag & PARENB) { 909 if (new->c_cflag & PARODD) { 910 BT_DBG("Parity is ODD"); 911 parity = RFCOMM_RPN_PARITY_ODD; 912 } else { 913 BT_DBG("Parity is EVEN"); 914 parity = RFCOMM_RPN_PARITY_EVEN; 915 } 916 } else { 917 BT_DBG("Parity is OFF"); 918 parity = RFCOMM_RPN_PARITY_NONE; 919 } 920 921 /* Setting the x_on / x_off characters */ 922 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 923 BT_DBG("XOFF custom"); 924 x_on = new->c_cc[VSTOP]; 925 changes |= RFCOMM_RPN_PM_XON; 926 } else { 927 BT_DBG("XOFF default"); 928 x_on = RFCOMM_RPN_XON_CHAR; 929 } 930 931 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 932 BT_DBG("XON custom"); 933 x_off = new->c_cc[VSTART]; 934 changes |= RFCOMM_RPN_PM_XOFF; 935 } else { 936 BT_DBG("XON default"); 937 x_off = RFCOMM_RPN_XOFF_CHAR; 938 } 939 940 /* Handle setting of stop bits */ 941 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 942 changes |= RFCOMM_RPN_PM_STOP; 943 944 /* POSIX does not support 1.5 stop bits and RFCOMM does not 945 * support 2 stop bits. So a request for 2 stop bits gets 946 * translated to 1.5 stop bits */ 947 if (new->c_cflag & CSTOPB) 948 stop_bits = RFCOMM_RPN_STOP_15; 949 else 950 stop_bits = RFCOMM_RPN_STOP_1; 951 952 /* Handle number of data bits [5-8] */ 953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 954 changes |= RFCOMM_RPN_PM_DATA; 955 956 switch (new->c_cflag & CSIZE) { 957 case CS5: 958 data_bits = RFCOMM_RPN_DATA_5; 959 break; 960 case CS6: 961 data_bits = RFCOMM_RPN_DATA_6; 962 break; 963 case CS7: 964 data_bits = RFCOMM_RPN_DATA_7; 965 break; 966 case CS8: 967 data_bits = RFCOMM_RPN_DATA_8; 968 break; 969 default: 970 data_bits = RFCOMM_RPN_DATA_8; 971 break; 972 } 973 974 /* Handle baudrate settings */ 975 if (old_baud_rate != new_baud_rate) 976 changes |= RFCOMM_RPN_PM_BITRATE; 977 978 switch (new_baud_rate) { 979 case 2400: 980 baud = RFCOMM_RPN_BR_2400; 981 break; 982 case 4800: 983 baud = RFCOMM_RPN_BR_4800; 984 break; 985 case 7200: 986 baud = RFCOMM_RPN_BR_7200; 987 break; 988 case 9600: 989 baud = RFCOMM_RPN_BR_9600; 990 break; 991 case 19200: 992 baud = RFCOMM_RPN_BR_19200; 993 break; 994 case 38400: 995 baud = RFCOMM_RPN_BR_38400; 996 break; 997 case 57600: 998 baud = RFCOMM_RPN_BR_57600; 999 break; 1000 case 115200: 1001 baud = RFCOMM_RPN_BR_115200; 1002 break; 1003 case 230400: 1004 baud = RFCOMM_RPN_BR_230400; 1005 break; 1006 default: 1007 /* 9600 is standard accordinag to the RFCOMM specification */ 1008 baud = RFCOMM_RPN_BR_9600; 1009 break; 1010 1011 } 1012 1013 if (changes) 1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1015 data_bits, stop_bits, parity, 1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1017 } 1018 1019 static void rfcomm_tty_throttle(struct tty_struct *tty) 1020 { 1021 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1022 1023 BT_DBG("tty %p dev %p", tty, dev); 1024 1025 rfcomm_dlc_throttle(dev->dlc); 1026 } 1027 1028 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1029 { 1030 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1031 1032 BT_DBG("tty %p dev %p", tty, dev); 1033 1034 rfcomm_dlc_unthrottle(dev->dlc); 1035 } 1036 1037 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1038 { 1039 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1040 1041 BT_DBG("tty %p dev %p", tty, dev); 1042 1043 if (!dev || !dev->dlc) 1044 return 0; 1045 1046 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1047 return dev->dlc->mtu; 1048 1049 return 0; 1050 } 1051 1052 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1053 { 1054 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1055 1056 BT_DBG("tty %p dev %p", tty, dev); 1057 1058 if (!dev || !dev->dlc) 1059 return; 1060 1061 skb_queue_purge(&dev->dlc->tx_queue); 1062 tty_wakeup(tty); 1063 } 1064 1065 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1066 { 1067 BT_DBG("tty %p ch %c", tty, ch); 1068 } 1069 1070 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1071 { 1072 BT_DBG("tty %p timeout %d", tty, timeout); 1073 } 1074 1075 static void rfcomm_tty_hangup(struct tty_struct *tty) 1076 { 1077 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1078 1079 BT_DBG("tty %p dev %p", tty, dev); 1080 1081 if (!dev) 1082 return; 1083 1084 rfcomm_tty_flush_buffer(tty); 1085 1086 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1087 if (rfcomm_dev_get(dev->id) == NULL) 1088 return; 1089 rfcomm_dev_del(dev); 1090 rfcomm_dev_put(dev); 1091 } 1092 } 1093 1094 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1095 { 1096 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1097 1098 BT_DBG("tty %p dev %p", tty, dev); 1099 1100 return dev->modem_status; 1101 } 1102 1103 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1104 { 1105 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1106 struct rfcomm_dlc *dlc = dev->dlc; 1107 u8 v24_sig; 1108 1109 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1110 1111 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1112 1113 if (set & TIOCM_DSR || set & TIOCM_DTR) 1114 v24_sig |= RFCOMM_V24_RTC; 1115 if (set & TIOCM_RTS || set & TIOCM_CTS) 1116 v24_sig |= RFCOMM_V24_RTR; 1117 if (set & TIOCM_RI) 1118 v24_sig |= RFCOMM_V24_IC; 1119 if (set & TIOCM_CD) 1120 v24_sig |= RFCOMM_V24_DV; 1121 1122 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1123 v24_sig &= ~RFCOMM_V24_RTC; 1124 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1125 v24_sig &= ~RFCOMM_V24_RTR; 1126 if (clear & TIOCM_RI) 1127 v24_sig &= ~RFCOMM_V24_IC; 1128 if (clear & TIOCM_CD) 1129 v24_sig &= ~RFCOMM_V24_DV; 1130 1131 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1132 1133 return 0; 1134 } 1135 1136 /* ---- TTY structure ---- */ 1137 1138 static const struct tty_operations rfcomm_ops = { 1139 .open = rfcomm_tty_open, 1140 .close = rfcomm_tty_close, 1141 .write = rfcomm_tty_write, 1142 .write_room = rfcomm_tty_write_room, 1143 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1144 .flush_buffer = rfcomm_tty_flush_buffer, 1145 .ioctl = rfcomm_tty_ioctl, 1146 .throttle = rfcomm_tty_throttle, 1147 .unthrottle = rfcomm_tty_unthrottle, 1148 .set_termios = rfcomm_tty_set_termios, 1149 .send_xchar = rfcomm_tty_send_xchar, 1150 .hangup = rfcomm_tty_hangup, 1151 .wait_until_sent = rfcomm_tty_wait_until_sent, 1152 .tiocmget = rfcomm_tty_tiocmget, 1153 .tiocmset = rfcomm_tty_tiocmset, 1154 }; 1155 1156 int __init rfcomm_init_ttys(void) 1157 { 1158 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1159 if (!rfcomm_tty_driver) 1160 return -1; 1161 1162 rfcomm_tty_driver->owner = THIS_MODULE; 1163 rfcomm_tty_driver->driver_name = "rfcomm"; 1164 rfcomm_tty_driver->name = "rfcomm"; 1165 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1166 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1167 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1168 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1169 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1170 rfcomm_tty_driver->init_termios = tty_std_termios; 1171 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1172 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1173 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1174 1175 if (tty_register_driver(rfcomm_tty_driver)) { 1176 BT_ERR("Can't register RFCOMM TTY driver"); 1177 put_tty_driver(rfcomm_tty_driver); 1178 return -1; 1179 } 1180 1181 BT_INFO("RFCOMM TTY layer initialized"); 1182 1183 return 0; 1184 } 1185 1186 void rfcomm_cleanup_ttys(void) 1187 { 1188 tty_unregister_driver(rfcomm_tty_driver); 1189 put_tty_driver(rfcomm_tty_driver); 1190 } 1191