1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 /* Refcount should only hit zero when called from rfcomm_dev_del() 99 which will have taken us off the list. Everything else are 100 refcounting bugs. */ 101 BUG_ON(!list_empty(&dev->list)); 102 103 rfcomm_dlc_lock(dlc); 104 /* Detach DLC if it's owned by this dev */ 105 if (dlc->owner == dev) 106 dlc->owner = NULL; 107 rfcomm_dlc_unlock(dlc); 108 109 rfcomm_dlc_put(dlc); 110 111 tty_unregister_device(rfcomm_tty_driver, dev->id); 112 113 kfree(dev); 114 115 /* It's safe to call module_put() here because socket still 116 holds reference to this module. */ 117 module_put(THIS_MODULE); 118 } 119 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 121 { 122 atomic_inc(&dev->refcnt); 123 } 124 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 126 { 127 /* The reason this isn't actually a race, as you no 128 doubt have a little voice screaming at you in your 129 head, is that the refcount should never actually 130 reach zero unless the device has already been taken 131 off the list, in rfcomm_dev_del(). And if that's not 132 true, we'll hit the BUG() in rfcomm_dev_destruct() 133 anyway. */ 134 if (atomic_dec_and_test(&dev->refcnt)) 135 rfcomm_dev_destruct(dev); 136 } 137 138 static struct rfcomm_dev *__rfcomm_dev_get(int id) 139 { 140 struct rfcomm_dev *dev; 141 struct list_head *p; 142 143 list_for_each(p, &rfcomm_dev_list) { 144 dev = list_entry(p, struct rfcomm_dev, list); 145 if (dev->id == id) 146 return dev; 147 } 148 149 return NULL; 150 } 151 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 read_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 160 if (dev) { 161 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 162 dev = NULL; 163 else 164 rfcomm_dev_hold(dev); 165 } 166 167 read_unlock(&rfcomm_dev_lock); 168 169 return dev; 170 } 171 172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 173 { 174 struct hci_dev *hdev; 175 struct hci_conn *conn; 176 177 hdev = hci_get_route(&dev->dst, &dev->src); 178 if (!hdev) 179 return NULL; 180 181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 182 183 hci_dev_put(hdev); 184 185 return conn ? &conn->dev : NULL; 186 } 187 188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 189 { 190 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 191 bdaddr_t bdaddr; 192 baswap(&bdaddr, &dev->dst); 193 return sprintf(buf, "%s\n", batostr(&bdaddr)); 194 } 195 196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 197 { 198 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 199 return sprintf(buf, "%d\n", dev->channel); 200 } 201 202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 204 205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 206 { 207 struct rfcomm_dev *dev; 208 struct list_head *head = &rfcomm_dev_list, *p; 209 int err = 0; 210 211 BT_DBG("id %d channel %d", req->dev_id, req->channel); 212 213 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 214 if (!dev) 215 return -ENOMEM; 216 217 write_lock_bh(&rfcomm_dev_lock); 218 219 if (req->dev_id < 0) { 220 dev->id = 0; 221 222 list_for_each(p, &rfcomm_dev_list) { 223 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 224 break; 225 226 dev->id++; 227 head = p; 228 } 229 } else { 230 dev->id = req->dev_id; 231 232 list_for_each(p, &rfcomm_dev_list) { 233 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 234 235 if (entry->id == dev->id) { 236 err = -EADDRINUSE; 237 goto out; 238 } 239 240 if (entry->id > dev->id - 1) 241 break; 242 243 head = p; 244 } 245 } 246 247 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 248 err = -ENFILE; 249 goto out; 250 } 251 252 sprintf(dev->name, "rfcomm%d", dev->id); 253 254 list_add(&dev->list, head); 255 atomic_set(&dev->refcnt, 1); 256 257 bacpy(&dev->src, &req->src); 258 bacpy(&dev->dst, &req->dst); 259 dev->channel = req->channel; 260 261 dev->flags = req->flags & 262 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 263 264 init_waitqueue_head(&dev->wait); 265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 266 267 rfcomm_dlc_lock(dlc); 268 dlc->data_ready = rfcomm_dev_data_ready; 269 dlc->state_change = rfcomm_dev_state_change; 270 dlc->modem_status = rfcomm_dev_modem_status; 271 272 dlc->owner = dev; 273 dev->dlc = dlc; 274 rfcomm_dlc_unlock(dlc); 275 276 /* It's safe to call __module_get() here because socket already 277 holds reference to this module. */ 278 __module_get(THIS_MODULE); 279 280 out: 281 write_unlock_bh(&rfcomm_dev_lock); 282 283 if (err < 0) { 284 kfree(dev); 285 return err; 286 } 287 288 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 289 290 if (IS_ERR(dev->tty_dev)) { 291 err = PTR_ERR(dev->tty_dev); 292 list_del(&dev->list); 293 kfree(dev); 294 return err; 295 } 296 297 dev_set_drvdata(dev->tty_dev, dev); 298 299 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 300 BT_ERR("Failed to create address attribute"); 301 302 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 303 BT_ERR("Failed to create channel attribute"); 304 305 return dev->id; 306 } 307 308 static void rfcomm_dev_del(struct rfcomm_dev *dev) 309 { 310 BT_DBG("dev %p", dev); 311 312 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 313 BUG_ON(1); 314 else 315 set_bit(RFCOMM_TTY_RELEASED, &dev->flags); 316 317 write_lock_bh(&rfcomm_dev_lock); 318 list_del_init(&dev->list); 319 write_unlock_bh(&rfcomm_dev_lock); 320 321 rfcomm_dev_put(dev); 322 } 323 324 /* ---- Send buffer ---- */ 325 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 326 { 327 /* We can't let it be zero, because we don't get a callback 328 when tx_credits becomes nonzero, hence we'd never wake up */ 329 return dlc->mtu * (dlc->tx_credits?:1); 330 } 331 332 static void rfcomm_wfree(struct sk_buff *skb) 333 { 334 struct rfcomm_dev *dev = (void *) skb->sk; 335 atomic_sub(skb->truesize, &dev->wmem_alloc); 336 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 337 tasklet_schedule(&dev->wakeup_task); 338 rfcomm_dev_put(dev); 339 } 340 341 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 342 { 343 rfcomm_dev_hold(dev); 344 atomic_add(skb->truesize, &dev->wmem_alloc); 345 skb->sk = (void *) dev; 346 skb->destructor = rfcomm_wfree; 347 } 348 349 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 350 { 351 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 352 struct sk_buff *skb = alloc_skb(size, priority); 353 if (skb) { 354 rfcomm_set_owner_w(skb, dev); 355 return skb; 356 } 357 } 358 return NULL; 359 } 360 361 /* ---- Device IOCTLs ---- */ 362 363 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 364 365 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 366 { 367 struct rfcomm_dev_req req; 368 struct rfcomm_dlc *dlc; 369 int id; 370 371 if (copy_from_user(&req, arg, sizeof(req))) 372 return -EFAULT; 373 374 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 375 376 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 377 return -EPERM; 378 379 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 380 /* Socket must be connected */ 381 if (sk->sk_state != BT_CONNECTED) 382 return -EBADFD; 383 384 dlc = rfcomm_pi(sk)->dlc; 385 rfcomm_dlc_hold(dlc); 386 } else { 387 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 388 if (!dlc) 389 return -ENOMEM; 390 } 391 392 id = rfcomm_dev_add(&req, dlc); 393 if (id < 0) { 394 rfcomm_dlc_put(dlc); 395 return id; 396 } 397 398 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 399 /* DLC is now used by device. 400 * Socket must be disconnected */ 401 sk->sk_state = BT_CLOSED; 402 } 403 404 return id; 405 } 406 407 static int rfcomm_release_dev(void __user *arg) 408 { 409 struct rfcomm_dev_req req; 410 struct rfcomm_dev *dev; 411 412 if (copy_from_user(&req, arg, sizeof(req))) 413 return -EFAULT; 414 415 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 416 417 if (!(dev = rfcomm_dev_get(req.dev_id))) 418 return -ENODEV; 419 420 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 421 rfcomm_dev_put(dev); 422 return -EPERM; 423 } 424 425 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 426 rfcomm_dlc_close(dev->dlc, 0); 427 428 /* Shut down TTY synchronously before freeing rfcomm_dev */ 429 if (dev->tty) 430 tty_vhangup(dev->tty); 431 432 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 433 rfcomm_dev_del(dev); 434 rfcomm_dev_put(dev); 435 return 0; 436 } 437 438 static int rfcomm_get_dev_list(void __user *arg) 439 { 440 struct rfcomm_dev_list_req *dl; 441 struct rfcomm_dev_info *di; 442 struct list_head *p; 443 int n = 0, size, err; 444 u16 dev_num; 445 446 BT_DBG(""); 447 448 if (get_user(dev_num, (u16 __user *) arg)) 449 return -EFAULT; 450 451 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 452 return -EINVAL; 453 454 size = sizeof(*dl) + dev_num * sizeof(*di); 455 456 if (!(dl = kmalloc(size, GFP_KERNEL))) 457 return -ENOMEM; 458 459 di = dl->dev_info; 460 461 read_lock_bh(&rfcomm_dev_lock); 462 463 list_for_each(p, &rfcomm_dev_list) { 464 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 465 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 466 continue; 467 (di + n)->id = dev->id; 468 (di + n)->flags = dev->flags; 469 (di + n)->state = dev->dlc->state; 470 (di + n)->channel = dev->channel; 471 bacpy(&(di + n)->src, &dev->src); 472 bacpy(&(di + n)->dst, &dev->dst); 473 if (++n >= dev_num) 474 break; 475 } 476 477 read_unlock_bh(&rfcomm_dev_lock); 478 479 dl->dev_num = n; 480 size = sizeof(*dl) + n * sizeof(*di); 481 482 err = copy_to_user(arg, dl, size); 483 kfree(dl); 484 485 return err ? -EFAULT : 0; 486 } 487 488 static int rfcomm_get_dev_info(void __user *arg) 489 { 490 struct rfcomm_dev *dev; 491 struct rfcomm_dev_info di; 492 int err = 0; 493 494 BT_DBG(""); 495 496 if (copy_from_user(&di, arg, sizeof(di))) 497 return -EFAULT; 498 499 if (!(dev = rfcomm_dev_get(di.id))) 500 return -ENODEV; 501 502 di.flags = dev->flags; 503 di.channel = dev->channel; 504 di.state = dev->dlc->state; 505 bacpy(&di.src, &dev->src); 506 bacpy(&di.dst, &dev->dst); 507 508 if (copy_to_user(arg, &di, sizeof(di))) 509 err = -EFAULT; 510 511 rfcomm_dev_put(dev); 512 return err; 513 } 514 515 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 516 { 517 BT_DBG("cmd %d arg %p", cmd, arg); 518 519 switch (cmd) { 520 case RFCOMMCREATEDEV: 521 return rfcomm_create_dev(sk, arg); 522 523 case RFCOMMRELEASEDEV: 524 return rfcomm_release_dev(arg); 525 526 case RFCOMMGETDEVLIST: 527 return rfcomm_get_dev_list(arg); 528 529 case RFCOMMGETDEVINFO: 530 return rfcomm_get_dev_info(arg); 531 } 532 533 return -EINVAL; 534 } 535 536 /* ---- DLC callbacks ---- */ 537 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 538 { 539 struct rfcomm_dev *dev = dlc->owner; 540 struct tty_struct *tty; 541 542 if (!dev || !(tty = dev->tty)) { 543 kfree_skb(skb); 544 return; 545 } 546 547 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 548 549 tty_insert_flip_string(tty, skb->data, skb->len); 550 tty_flip_buffer_push(tty); 551 552 kfree_skb(skb); 553 } 554 555 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 556 { 557 struct rfcomm_dev *dev = dlc->owner; 558 if (!dev) 559 return; 560 561 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 562 563 dev->err = err; 564 wake_up_interruptible(&dev->wait); 565 566 if (dlc->state == BT_CLOSED) { 567 if (!dev->tty) { 568 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 569 /* Drop DLC lock here to avoid deadlock 570 * 1. rfcomm_dev_get will take rfcomm_dev_lock 571 * but in rfcomm_dev_add there's lock order: 572 * rfcomm_dev_lock -> dlc lock 573 * 2. rfcomm_dev_put will deadlock if it's 574 * the last reference 575 */ 576 rfcomm_dlc_unlock(dlc); 577 if (rfcomm_dev_get(dev->id) == NULL) { 578 rfcomm_dlc_lock(dlc); 579 return; 580 } 581 582 rfcomm_dev_del(dev); 583 rfcomm_dev_put(dev); 584 rfcomm_dlc_lock(dlc); 585 } 586 } else 587 tty_hangup(dev->tty); 588 } 589 } 590 591 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 592 { 593 struct rfcomm_dev *dev = dlc->owner; 594 if (!dev) 595 return; 596 597 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 598 599 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 600 if (dev->tty && !C_CLOCAL(dev->tty)) 601 tty_hangup(dev->tty); 602 } 603 604 dev->modem_status = 605 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 606 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 607 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 608 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 609 } 610 611 /* ---- TTY functions ---- */ 612 static void rfcomm_tty_wakeup(unsigned long arg) 613 { 614 struct rfcomm_dev *dev = (void *) arg; 615 struct tty_struct *tty = dev->tty; 616 if (!tty) 617 return; 618 619 BT_DBG("dev %p tty %p", dev, tty); 620 621 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 622 (tty->ldisc.write_wakeup)(tty); 623 624 wake_up_interruptible(&tty->write_wait); 625 #ifdef SERIAL_HAVE_POLL_WAIT 626 wake_up_interruptible(&tty->poll_wait); 627 #endif 628 } 629 630 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 631 { 632 DECLARE_WAITQUEUE(wait, current); 633 struct rfcomm_dev *dev; 634 struct rfcomm_dlc *dlc; 635 int err, id; 636 637 id = tty->index; 638 639 BT_DBG("tty %p id %d", tty, id); 640 641 /* We don't leak this refcount. For reasons which are not entirely 642 clear, the TTY layer will call our ->close() method even if the 643 open fails. We decrease the refcount there, and decreasing it 644 here too would cause breakage. */ 645 dev = rfcomm_dev_get(id); 646 if (!dev) 647 return -ENODEV; 648 649 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 650 651 if (dev->opened++ != 0) 652 return 0; 653 654 dlc = dev->dlc; 655 656 /* Attach TTY and open DLC */ 657 658 rfcomm_dlc_lock(dlc); 659 tty->driver_data = dev; 660 dev->tty = tty; 661 rfcomm_dlc_unlock(dlc); 662 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 663 664 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 665 if (err < 0) 666 return err; 667 668 /* Wait for DLC to connect */ 669 add_wait_queue(&dev->wait, &wait); 670 while (1) { 671 set_current_state(TASK_INTERRUPTIBLE); 672 673 if (dlc->state == BT_CLOSED) { 674 err = -dev->err; 675 break; 676 } 677 678 if (dlc->state == BT_CONNECTED) 679 break; 680 681 if (signal_pending(current)) { 682 err = -EINTR; 683 break; 684 } 685 686 schedule(); 687 } 688 set_current_state(TASK_RUNNING); 689 remove_wait_queue(&dev->wait, &wait); 690 691 if (err == 0) 692 device_move(dev->tty_dev, rfcomm_get_device(dev)); 693 694 return err; 695 } 696 697 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 698 { 699 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 700 if (!dev) 701 return; 702 703 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 704 705 if (--dev->opened == 0) { 706 if (dev->tty_dev->parent) 707 device_move(dev->tty_dev, NULL); 708 709 /* Close DLC and dettach TTY */ 710 rfcomm_dlc_close(dev->dlc, 0); 711 712 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 713 tasklet_kill(&dev->wakeup_task); 714 715 rfcomm_dlc_lock(dev->dlc); 716 tty->driver_data = NULL; 717 dev->tty = NULL; 718 rfcomm_dlc_unlock(dev->dlc); 719 } 720 721 rfcomm_dev_put(dev); 722 } 723 724 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 725 { 726 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 727 struct rfcomm_dlc *dlc = dev->dlc; 728 struct sk_buff *skb; 729 int err = 0, sent = 0, size; 730 731 BT_DBG("tty %p count %d", tty, count); 732 733 while (count) { 734 size = min_t(uint, count, dlc->mtu); 735 736 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 737 738 if (!skb) 739 break; 740 741 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 742 743 memcpy(skb_put(skb, size), buf + sent, size); 744 745 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 746 kfree_skb(skb); 747 break; 748 } 749 750 sent += size; 751 count -= size; 752 } 753 754 return sent ? sent : err; 755 } 756 757 static int rfcomm_tty_write_room(struct tty_struct *tty) 758 { 759 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 760 int room; 761 762 BT_DBG("tty %p", tty); 763 764 if (!dev || !dev->dlc) 765 return 0; 766 767 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 768 if (room < 0) 769 room = 0; 770 771 return room; 772 } 773 774 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 775 { 776 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 777 778 switch (cmd) { 779 case TCGETS: 780 BT_DBG("TCGETS is not supported"); 781 return -ENOIOCTLCMD; 782 783 case TCSETS: 784 BT_DBG("TCSETS is not supported"); 785 return -ENOIOCTLCMD; 786 787 case TIOCMIWAIT: 788 BT_DBG("TIOCMIWAIT"); 789 break; 790 791 case TIOCGICOUNT: 792 BT_DBG("TIOCGICOUNT"); 793 break; 794 795 case TIOCGSERIAL: 796 BT_ERR("TIOCGSERIAL is not supported"); 797 return -ENOIOCTLCMD; 798 799 case TIOCSSERIAL: 800 BT_ERR("TIOCSSERIAL is not supported"); 801 return -ENOIOCTLCMD; 802 803 case TIOCSERGSTRUCT: 804 BT_ERR("TIOCSERGSTRUCT is not supported"); 805 return -ENOIOCTLCMD; 806 807 case TIOCSERGETLSR: 808 BT_ERR("TIOCSERGETLSR is not supported"); 809 return -ENOIOCTLCMD; 810 811 case TIOCSERCONFIG: 812 BT_ERR("TIOCSERCONFIG is not supported"); 813 return -ENOIOCTLCMD; 814 815 default: 816 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 817 818 } 819 820 return -ENOIOCTLCMD; 821 } 822 823 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 824 { 825 struct ktermios *new = tty->termios; 826 int old_baud_rate = tty_termios_baud_rate(old); 827 int new_baud_rate = tty_termios_baud_rate(new); 828 829 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 830 u16 changes = 0; 831 832 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 833 834 BT_DBG("tty %p termios %p", tty, old); 835 836 if (!dev || !dev->dlc || !dev->dlc->session) 837 return; 838 839 /* Handle turning off CRTSCTS */ 840 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 841 BT_DBG("Turning off CRTSCTS unsupported"); 842 843 /* Parity on/off and when on, odd/even */ 844 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 845 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 846 changes |= RFCOMM_RPN_PM_PARITY; 847 BT_DBG("Parity change detected."); 848 } 849 850 /* Mark and space parity are not supported! */ 851 if (new->c_cflag & PARENB) { 852 if (new->c_cflag & PARODD) { 853 BT_DBG("Parity is ODD"); 854 parity = RFCOMM_RPN_PARITY_ODD; 855 } else { 856 BT_DBG("Parity is EVEN"); 857 parity = RFCOMM_RPN_PARITY_EVEN; 858 } 859 } else { 860 BT_DBG("Parity is OFF"); 861 parity = RFCOMM_RPN_PARITY_NONE; 862 } 863 864 /* Setting the x_on / x_off characters */ 865 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 866 BT_DBG("XOFF custom"); 867 x_on = new->c_cc[VSTOP]; 868 changes |= RFCOMM_RPN_PM_XON; 869 } else { 870 BT_DBG("XOFF default"); 871 x_on = RFCOMM_RPN_XON_CHAR; 872 } 873 874 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 875 BT_DBG("XON custom"); 876 x_off = new->c_cc[VSTART]; 877 changes |= RFCOMM_RPN_PM_XOFF; 878 } else { 879 BT_DBG("XON default"); 880 x_off = RFCOMM_RPN_XOFF_CHAR; 881 } 882 883 /* Handle setting of stop bits */ 884 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 885 changes |= RFCOMM_RPN_PM_STOP; 886 887 /* POSIX does not support 1.5 stop bits and RFCOMM does not 888 * support 2 stop bits. So a request for 2 stop bits gets 889 * translated to 1.5 stop bits */ 890 if (new->c_cflag & CSTOPB) { 891 stop_bits = RFCOMM_RPN_STOP_15; 892 } else { 893 stop_bits = RFCOMM_RPN_STOP_1; 894 } 895 896 /* Handle number of data bits [5-8] */ 897 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 898 changes |= RFCOMM_RPN_PM_DATA; 899 900 switch (new->c_cflag & CSIZE) { 901 case CS5: 902 data_bits = RFCOMM_RPN_DATA_5; 903 break; 904 case CS6: 905 data_bits = RFCOMM_RPN_DATA_6; 906 break; 907 case CS7: 908 data_bits = RFCOMM_RPN_DATA_7; 909 break; 910 case CS8: 911 data_bits = RFCOMM_RPN_DATA_8; 912 break; 913 default: 914 data_bits = RFCOMM_RPN_DATA_8; 915 break; 916 } 917 918 /* Handle baudrate settings */ 919 if (old_baud_rate != new_baud_rate) 920 changes |= RFCOMM_RPN_PM_BITRATE; 921 922 switch (new_baud_rate) { 923 case 2400: 924 baud = RFCOMM_RPN_BR_2400; 925 break; 926 case 4800: 927 baud = RFCOMM_RPN_BR_4800; 928 break; 929 case 7200: 930 baud = RFCOMM_RPN_BR_7200; 931 break; 932 case 9600: 933 baud = RFCOMM_RPN_BR_9600; 934 break; 935 case 19200: 936 baud = RFCOMM_RPN_BR_19200; 937 break; 938 case 38400: 939 baud = RFCOMM_RPN_BR_38400; 940 break; 941 case 57600: 942 baud = RFCOMM_RPN_BR_57600; 943 break; 944 case 115200: 945 baud = RFCOMM_RPN_BR_115200; 946 break; 947 case 230400: 948 baud = RFCOMM_RPN_BR_230400; 949 break; 950 default: 951 /* 9600 is standard accordinag to the RFCOMM specification */ 952 baud = RFCOMM_RPN_BR_9600; 953 break; 954 955 } 956 957 if (changes) 958 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 959 data_bits, stop_bits, parity, 960 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 961 962 return; 963 } 964 965 static void rfcomm_tty_throttle(struct tty_struct *tty) 966 { 967 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 968 969 BT_DBG("tty %p dev %p", tty, dev); 970 971 rfcomm_dlc_throttle(dev->dlc); 972 } 973 974 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 975 { 976 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 977 978 BT_DBG("tty %p dev %p", tty, dev); 979 980 rfcomm_dlc_unthrottle(dev->dlc); 981 } 982 983 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 984 { 985 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 986 987 BT_DBG("tty %p dev %p", tty, dev); 988 989 if (!dev || !dev->dlc) 990 return 0; 991 992 if (!skb_queue_empty(&dev->dlc->tx_queue)) 993 return dev->dlc->mtu; 994 995 return 0; 996 } 997 998 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 999 { 1000 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1001 1002 BT_DBG("tty %p dev %p", tty, dev); 1003 1004 if (!dev || !dev->dlc) 1005 return; 1006 1007 skb_queue_purge(&dev->dlc->tx_queue); 1008 1009 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 1010 tty->ldisc.write_wakeup(tty); 1011 } 1012 1013 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1014 { 1015 BT_DBG("tty %p ch %c", tty, ch); 1016 } 1017 1018 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1019 { 1020 BT_DBG("tty %p timeout %d", tty, timeout); 1021 } 1022 1023 static void rfcomm_tty_hangup(struct tty_struct *tty) 1024 { 1025 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1026 1027 BT_DBG("tty %p dev %p", tty, dev); 1028 1029 if (!dev) 1030 return; 1031 1032 rfcomm_tty_flush_buffer(tty); 1033 1034 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1035 if (rfcomm_dev_get(dev->id) == NULL) 1036 return; 1037 rfcomm_dev_del(dev); 1038 rfcomm_dev_put(dev); 1039 } 1040 } 1041 1042 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1043 { 1044 return 0; 1045 } 1046 1047 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1048 { 1049 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1050 1051 BT_DBG("tty %p dev %p", tty, dev); 1052 1053 return dev->modem_status; 1054 } 1055 1056 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1057 { 1058 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1059 struct rfcomm_dlc *dlc = dev->dlc; 1060 u8 v24_sig; 1061 1062 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1063 1064 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1065 1066 if (set & TIOCM_DSR || set & TIOCM_DTR) 1067 v24_sig |= RFCOMM_V24_RTC; 1068 if (set & TIOCM_RTS || set & TIOCM_CTS) 1069 v24_sig |= RFCOMM_V24_RTR; 1070 if (set & TIOCM_RI) 1071 v24_sig |= RFCOMM_V24_IC; 1072 if (set & TIOCM_CD) 1073 v24_sig |= RFCOMM_V24_DV; 1074 1075 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1076 v24_sig &= ~RFCOMM_V24_RTC; 1077 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1078 v24_sig &= ~RFCOMM_V24_RTR; 1079 if (clear & TIOCM_RI) 1080 v24_sig &= ~RFCOMM_V24_IC; 1081 if (clear & TIOCM_CD) 1082 v24_sig &= ~RFCOMM_V24_DV; 1083 1084 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1085 1086 return 0; 1087 } 1088 1089 /* ---- TTY structure ---- */ 1090 1091 static const struct tty_operations rfcomm_ops = { 1092 .open = rfcomm_tty_open, 1093 .close = rfcomm_tty_close, 1094 .write = rfcomm_tty_write, 1095 .write_room = rfcomm_tty_write_room, 1096 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1097 .flush_buffer = rfcomm_tty_flush_buffer, 1098 .ioctl = rfcomm_tty_ioctl, 1099 .throttle = rfcomm_tty_throttle, 1100 .unthrottle = rfcomm_tty_unthrottle, 1101 .set_termios = rfcomm_tty_set_termios, 1102 .send_xchar = rfcomm_tty_send_xchar, 1103 .hangup = rfcomm_tty_hangup, 1104 .wait_until_sent = rfcomm_tty_wait_until_sent, 1105 .read_proc = rfcomm_tty_read_proc, 1106 .tiocmget = rfcomm_tty_tiocmget, 1107 .tiocmset = rfcomm_tty_tiocmset, 1108 }; 1109 1110 int rfcomm_init_ttys(void) 1111 { 1112 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1113 if (!rfcomm_tty_driver) 1114 return -1; 1115 1116 rfcomm_tty_driver->owner = THIS_MODULE; 1117 rfcomm_tty_driver->driver_name = "rfcomm"; 1118 rfcomm_tty_driver->name = "rfcomm"; 1119 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1120 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1121 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1122 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1123 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1124 rfcomm_tty_driver->init_termios = tty_std_termios; 1125 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1126 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1127 1128 if (tty_register_driver(rfcomm_tty_driver)) { 1129 BT_ERR("Can't register RFCOMM TTY driver"); 1130 put_tty_driver(rfcomm_tty_driver); 1131 return -1; 1132 } 1133 1134 BT_INFO("RFCOMM TTY layer initialized"); 1135 1136 return 0; 1137 } 1138 1139 void rfcomm_cleanup_ttys(void) 1140 { 1141 tty_unregister_driver(rfcomm_tty_driver); 1142 put_tty_driver(rfcomm_tty_driver); 1143 } 1144