1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 41 #define RFCOMM_TTY_MINOR 0 42 43 static DEFINE_MUTEX(rfcomm_ioctl_mutex); 44 static struct tty_driver *rfcomm_tty_driver; 45 46 struct rfcomm_dev { 47 struct tty_port port; 48 struct list_head list; 49 50 char name[12]; 51 int id; 52 unsigned long flags; 53 int err; 54 55 unsigned long status; /* don't export to userspace */ 56 57 bdaddr_t src; 58 bdaddr_t dst; 59 u8 channel; 60 61 uint modem_status; 62 63 struct rfcomm_dlc *dlc; 64 65 struct device *tty_dev; 66 67 atomic_t wmem_alloc; 68 69 struct sk_buff_head pending; 70 }; 71 72 static LIST_HEAD(rfcomm_dev_list); 73 static DEFINE_MUTEX(rfcomm_dev_lock); 74 75 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 76 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 77 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 78 79 /* ---- Device functions ---- */ 80 81 static void rfcomm_dev_destruct(struct tty_port *port) 82 { 83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 84 struct rfcomm_dlc *dlc = dev->dlc; 85 86 BT_DBG("dev %p dlc %p", dev, dlc); 87 88 rfcomm_dlc_lock(dlc); 89 /* Detach DLC if it's owned by this dev */ 90 if (dlc->owner == dev) 91 dlc->owner = NULL; 92 rfcomm_dlc_unlock(dlc); 93 94 rfcomm_dlc_put(dlc); 95 96 if (dev->tty_dev) 97 tty_unregister_device(rfcomm_tty_driver, dev->id); 98 99 mutex_lock(&rfcomm_dev_lock); 100 list_del(&dev->list); 101 mutex_unlock(&rfcomm_dev_lock); 102 103 kfree(dev); 104 105 /* It's safe to call module_put() here because socket still 106 holds reference to this module. */ 107 module_put(THIS_MODULE); 108 } 109 110 /* device-specific initialization: open the dlc */ 111 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 112 { 113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 114 int err; 115 116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 117 if (err) 118 set_bit(TTY_IO_ERROR, &tty->flags); 119 return err; 120 } 121 122 /* we block the open until the dlc->state becomes BT_CONNECTED */ 123 static int rfcomm_dev_carrier_raised(struct tty_port *port) 124 { 125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 126 127 return (dev->dlc->state == BT_CONNECTED); 128 } 129 130 /* device-specific cleanup: close the dlc */ 131 static void rfcomm_dev_shutdown(struct tty_port *port) 132 { 133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 134 135 if (dev->tty_dev->parent) 136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 137 138 /* close the dlc */ 139 rfcomm_dlc_close(dev->dlc, 0); 140 } 141 142 static const struct tty_port_operations rfcomm_port_ops = { 143 .destruct = rfcomm_dev_destruct, 144 .activate = rfcomm_dev_activate, 145 .shutdown = rfcomm_dev_shutdown, 146 .carrier_raised = rfcomm_dev_carrier_raised, 147 }; 148 149 static struct rfcomm_dev *__rfcomm_dev_lookup(int id) 150 { 151 struct rfcomm_dev *dev; 152 153 list_for_each_entry(dev, &rfcomm_dev_list, list) 154 if (dev->id == id) 155 return dev; 156 157 return NULL; 158 } 159 160 static struct rfcomm_dev *rfcomm_dev_get(int id) 161 { 162 struct rfcomm_dev *dev; 163 164 mutex_lock(&rfcomm_dev_lock); 165 166 dev = __rfcomm_dev_lookup(id); 167 168 if (dev && !tty_port_get(&dev->port)) 169 dev = NULL; 170 171 mutex_unlock(&rfcomm_dev_lock); 172 173 return dev; 174 } 175 176 static void rfcomm_reparent_device(struct rfcomm_dev *dev) 177 { 178 struct hci_dev *hdev; 179 struct hci_conn *conn; 180 181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR); 182 if (!hdev) 183 return; 184 185 /* The lookup results are unsafe to access without the 186 * hci device lock (FIXME: why is this not documented?) 187 */ 188 hci_dev_lock(hdev); 189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 190 191 /* Just because the acl link is in the hash table is no 192 * guarantee the sysfs device has been added ... 193 */ 194 if (conn && device_is_registered(&conn->dev)) 195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); 196 197 hci_dev_unlock(hdev); 198 hci_dev_put(hdev); 199 } 200 201 static ssize_t address_show(struct device *tty_dev, 202 struct device_attribute *attr, char *buf) 203 { 204 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 205 return sprintf(buf, "%pMR\n", &dev->dst); 206 } 207 208 static ssize_t channel_show(struct device *tty_dev, 209 struct device_attribute *attr, char *buf) 210 { 211 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 212 return sprintf(buf, "%d\n", dev->channel); 213 } 214 215 static DEVICE_ATTR_RO(address); 216 static DEVICE_ATTR_RO(channel); 217 218 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, 219 struct rfcomm_dlc *dlc) 220 { 221 struct rfcomm_dev *dev, *entry; 222 struct list_head *head = &rfcomm_dev_list; 223 int err = 0; 224 225 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 226 if (!dev) 227 return ERR_PTR(-ENOMEM); 228 229 mutex_lock(&rfcomm_dev_lock); 230 231 if (req->dev_id < 0) { 232 dev->id = 0; 233 234 list_for_each_entry(entry, &rfcomm_dev_list, list) { 235 if (entry->id != dev->id) 236 break; 237 238 dev->id++; 239 head = &entry->list; 240 } 241 } else { 242 dev->id = req->dev_id; 243 244 list_for_each_entry(entry, &rfcomm_dev_list, list) { 245 if (entry->id == dev->id) { 246 err = -EADDRINUSE; 247 goto out; 248 } 249 250 if (entry->id > dev->id - 1) 251 break; 252 253 head = &entry->list; 254 } 255 } 256 257 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 258 err = -ENFILE; 259 goto out; 260 } 261 262 sprintf(dev->name, "rfcomm%d", dev->id); 263 264 list_add(&dev->list, head); 265 266 bacpy(&dev->src, &req->src); 267 bacpy(&dev->dst, &req->dst); 268 dev->channel = req->channel; 269 270 dev->flags = req->flags & 271 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 272 273 tty_port_init(&dev->port); 274 dev->port.ops = &rfcomm_port_ops; 275 276 skb_queue_head_init(&dev->pending); 277 278 rfcomm_dlc_lock(dlc); 279 280 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 281 struct sock *sk = dlc->owner; 282 struct sk_buff *skb; 283 284 BUG_ON(!sk); 285 286 rfcomm_dlc_throttle(dlc); 287 288 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 289 skb_orphan(skb); 290 skb_queue_tail(&dev->pending, skb); 291 atomic_sub(skb->len, &sk->sk_rmem_alloc); 292 } 293 } 294 295 dlc->data_ready = rfcomm_dev_data_ready; 296 dlc->state_change = rfcomm_dev_state_change; 297 dlc->modem_status = rfcomm_dev_modem_status; 298 299 dlc->owner = dev; 300 dev->dlc = dlc; 301 302 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 303 304 rfcomm_dlc_unlock(dlc); 305 306 /* It's safe to call __module_get() here because socket already 307 holds reference to this module. */ 308 __module_get(THIS_MODULE); 309 310 mutex_unlock(&rfcomm_dev_lock); 311 return dev; 312 313 out: 314 mutex_unlock(&rfcomm_dev_lock); 315 kfree(dev); 316 return ERR_PTR(err); 317 } 318 319 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 320 { 321 struct rfcomm_dev *dev; 322 struct device *tty; 323 324 BT_DBG("id %d channel %d", req->dev_id, req->channel); 325 326 dev = __rfcomm_dev_add(req, dlc); 327 if (IS_ERR(dev)) { 328 rfcomm_dlc_put(dlc); 329 return PTR_ERR(dev); 330 } 331 332 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, 333 dev->id, NULL); 334 if (IS_ERR(tty)) { 335 tty_port_put(&dev->port); 336 return PTR_ERR(tty); 337 } 338 339 dev->tty_dev = tty; 340 rfcomm_reparent_device(dev); 341 dev_set_drvdata(dev->tty_dev, dev); 342 343 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 344 BT_ERR("Failed to create address attribute"); 345 346 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 347 BT_ERR("Failed to create channel attribute"); 348 349 return dev->id; 350 } 351 352 /* ---- Send buffer ---- */ 353 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) 354 { 355 struct rfcomm_dlc *dlc = dev->dlc; 356 357 /* Limit the outstanding number of packets not yet sent to 40 */ 358 int pending = 40 - atomic_read(&dev->wmem_alloc); 359 360 return max(0, pending) * dlc->mtu; 361 } 362 363 static void rfcomm_wfree(struct sk_buff *skb) 364 { 365 struct rfcomm_dev *dev = (void *) skb->sk; 366 atomic_dec(&dev->wmem_alloc); 367 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 368 tty_port_tty_wakeup(&dev->port); 369 tty_port_put(&dev->port); 370 } 371 372 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 373 { 374 tty_port_get(&dev->port); 375 atomic_inc(&dev->wmem_alloc); 376 skb->sk = (void *) dev; 377 skb->destructor = rfcomm_wfree; 378 } 379 380 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 381 { 382 struct sk_buff *skb = alloc_skb(size, priority); 383 if (skb) 384 rfcomm_set_owner_w(skb, dev); 385 return skb; 386 } 387 388 /* ---- Device IOCTLs ---- */ 389 390 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 391 392 static int __rfcomm_create_dev(struct sock *sk, void __user *arg) 393 { 394 struct rfcomm_dev_req req; 395 struct rfcomm_dlc *dlc; 396 int id; 397 398 if (copy_from_user(&req, arg, sizeof(req))) 399 return -EFAULT; 400 401 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 402 403 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 404 return -EPERM; 405 406 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 407 /* Socket must be connected */ 408 if (sk->sk_state != BT_CONNECTED) 409 return -EBADFD; 410 411 dlc = rfcomm_pi(sk)->dlc; 412 rfcomm_dlc_hold(dlc); 413 } else { 414 /* Validate the channel is unused */ 415 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); 416 if (IS_ERR(dlc)) 417 return PTR_ERR(dlc); 418 if (dlc) 419 return -EBUSY; 420 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 421 if (!dlc) 422 return -ENOMEM; 423 } 424 425 id = rfcomm_dev_add(&req, dlc); 426 if (id < 0) 427 return id; 428 429 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 430 /* DLC is now used by device. 431 * Socket must be disconnected */ 432 sk->sk_state = BT_CLOSED; 433 } 434 435 return id; 436 } 437 438 static int __rfcomm_release_dev(void __user *arg) 439 { 440 struct rfcomm_dev_req req; 441 struct rfcomm_dev *dev; 442 struct tty_struct *tty; 443 444 if (copy_from_user(&req, arg, sizeof(req))) 445 return -EFAULT; 446 447 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 448 449 dev = rfcomm_dev_get(req.dev_id); 450 if (!dev) 451 return -ENODEV; 452 453 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 454 tty_port_put(&dev->port); 455 return -EPERM; 456 } 457 458 /* only release once */ 459 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { 460 tty_port_put(&dev->port); 461 return -EALREADY; 462 } 463 464 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 465 rfcomm_dlc_close(dev->dlc, 0); 466 467 /* Shut down TTY synchronously before freeing rfcomm_dev */ 468 tty = tty_port_tty_get(&dev->port); 469 if (tty) { 470 tty_vhangup(tty); 471 tty_kref_put(tty); 472 } 473 474 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) 475 tty_port_put(&dev->port); 476 477 tty_port_put(&dev->port); 478 return 0; 479 } 480 481 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 482 { 483 int ret; 484 485 mutex_lock(&rfcomm_ioctl_mutex); 486 ret = __rfcomm_create_dev(sk, arg); 487 mutex_unlock(&rfcomm_ioctl_mutex); 488 489 return ret; 490 } 491 492 static int rfcomm_release_dev(void __user *arg) 493 { 494 int ret; 495 496 mutex_lock(&rfcomm_ioctl_mutex); 497 ret = __rfcomm_release_dev(arg); 498 mutex_unlock(&rfcomm_ioctl_mutex); 499 500 return ret; 501 } 502 503 static int rfcomm_get_dev_list(void __user *arg) 504 { 505 struct rfcomm_dev *dev; 506 struct rfcomm_dev_list_req *dl; 507 struct rfcomm_dev_info *di; 508 int n = 0, size, err; 509 u16 dev_num; 510 511 BT_DBG(""); 512 513 if (get_user(dev_num, (u16 __user *) arg)) 514 return -EFAULT; 515 516 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 517 return -EINVAL; 518 519 size = sizeof(*dl) + dev_num * sizeof(*di); 520 521 dl = kzalloc(size, GFP_KERNEL); 522 if (!dl) 523 return -ENOMEM; 524 525 di = dl->dev_info; 526 527 mutex_lock(&rfcomm_dev_lock); 528 529 list_for_each_entry(dev, &rfcomm_dev_list, list) { 530 if (!tty_port_get(&dev->port)) 531 continue; 532 (di + n)->id = dev->id; 533 (di + n)->flags = dev->flags; 534 (di + n)->state = dev->dlc->state; 535 (di + n)->channel = dev->channel; 536 bacpy(&(di + n)->src, &dev->src); 537 bacpy(&(di + n)->dst, &dev->dst); 538 tty_port_put(&dev->port); 539 if (++n >= dev_num) 540 break; 541 } 542 543 mutex_unlock(&rfcomm_dev_lock); 544 545 dl->dev_num = n; 546 size = sizeof(*dl) + n * sizeof(*di); 547 548 err = copy_to_user(arg, dl, size); 549 kfree(dl); 550 551 return err ? -EFAULT : 0; 552 } 553 554 static int rfcomm_get_dev_info(void __user *arg) 555 { 556 struct rfcomm_dev *dev; 557 struct rfcomm_dev_info di; 558 int err = 0; 559 560 BT_DBG(""); 561 562 if (copy_from_user(&di, arg, sizeof(di))) 563 return -EFAULT; 564 565 dev = rfcomm_dev_get(di.id); 566 if (!dev) 567 return -ENODEV; 568 569 di.flags = dev->flags; 570 di.channel = dev->channel; 571 di.state = dev->dlc->state; 572 bacpy(&di.src, &dev->src); 573 bacpy(&di.dst, &dev->dst); 574 575 if (copy_to_user(arg, &di, sizeof(di))) 576 err = -EFAULT; 577 578 tty_port_put(&dev->port); 579 return err; 580 } 581 582 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 583 { 584 BT_DBG("cmd %d arg %p", cmd, arg); 585 586 switch (cmd) { 587 case RFCOMMCREATEDEV: 588 return rfcomm_create_dev(sk, arg); 589 590 case RFCOMMRELEASEDEV: 591 return rfcomm_release_dev(arg); 592 593 case RFCOMMGETDEVLIST: 594 return rfcomm_get_dev_list(arg); 595 596 case RFCOMMGETDEVINFO: 597 return rfcomm_get_dev_info(arg); 598 } 599 600 return -EINVAL; 601 } 602 603 /* ---- DLC callbacks ---- */ 604 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 605 { 606 struct rfcomm_dev *dev = dlc->owner; 607 608 if (!dev) { 609 kfree_skb(skb); 610 return; 611 } 612 613 if (!skb_queue_empty(&dev->pending)) { 614 skb_queue_tail(&dev->pending, skb); 615 return; 616 } 617 618 BT_DBG("dlc %p len %d", dlc, skb->len); 619 620 tty_insert_flip_string(&dev->port, skb->data, skb->len); 621 tty_flip_buffer_push(&dev->port); 622 623 kfree_skb(skb); 624 } 625 626 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 627 { 628 struct rfcomm_dev *dev = dlc->owner; 629 if (!dev) 630 return; 631 632 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 633 634 dev->err = err; 635 if (dlc->state == BT_CONNECTED) { 636 rfcomm_reparent_device(dev); 637 638 wake_up_interruptible(&dev->port.open_wait); 639 } else if (dlc->state == BT_CLOSED) 640 tty_port_tty_hangup(&dev->port, false); 641 } 642 643 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 644 { 645 struct rfcomm_dev *dev = dlc->owner; 646 if (!dev) 647 return; 648 649 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 650 651 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 652 tty_port_tty_hangup(&dev->port, true); 653 654 dev->modem_status = 655 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 656 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 657 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 658 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 659 } 660 661 /* ---- TTY functions ---- */ 662 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 663 { 664 struct sk_buff *skb; 665 int inserted = 0; 666 667 BT_DBG("dev %p", dev); 668 669 rfcomm_dlc_lock(dev->dlc); 670 671 while ((skb = skb_dequeue(&dev->pending))) { 672 inserted += tty_insert_flip_string(&dev->port, skb->data, 673 skb->len); 674 kfree_skb(skb); 675 } 676 677 rfcomm_dlc_unlock(dev->dlc); 678 679 if (inserted > 0) 680 tty_flip_buffer_push(&dev->port); 681 } 682 683 /* do the reverse of install, clearing the tty fields and releasing the 684 * reference to tty_port 685 */ 686 static void rfcomm_tty_cleanup(struct tty_struct *tty) 687 { 688 struct rfcomm_dev *dev = tty->driver_data; 689 690 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 691 692 rfcomm_dlc_lock(dev->dlc); 693 tty->driver_data = NULL; 694 rfcomm_dlc_unlock(dev->dlc); 695 696 /* 697 * purge the dlc->tx_queue to avoid circular dependencies 698 * between dev and dlc 699 */ 700 skb_queue_purge(&dev->dlc->tx_queue); 701 702 tty_port_put(&dev->port); 703 } 704 705 /* we acquire the tty_port reference since it's here the tty is first used 706 * by setting the termios. We also populate the driver_data field and install 707 * the tty port 708 */ 709 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 710 { 711 struct rfcomm_dev *dev; 712 struct rfcomm_dlc *dlc; 713 int err; 714 715 dev = rfcomm_dev_get(tty->index); 716 if (!dev) 717 return -ENODEV; 718 719 dlc = dev->dlc; 720 721 /* Attach TTY and open DLC */ 722 rfcomm_dlc_lock(dlc); 723 tty->driver_data = dev; 724 rfcomm_dlc_unlock(dlc); 725 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 726 727 /* install the tty_port */ 728 err = tty_port_install(&dev->port, driver, tty); 729 if (err) { 730 rfcomm_tty_cleanup(tty); 731 return err; 732 } 733 734 /* take over the tty_port reference if the port was created with the 735 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port 736 * when the last process closes the tty. The behaviour is expected by 737 * userspace. 738 */ 739 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 740 set_bit(RFCOMM_TTY_OWNED, &dev->status); 741 tty_port_put(&dev->port); 742 } 743 744 return 0; 745 } 746 747 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 748 { 749 struct rfcomm_dev *dev = tty->driver_data; 750 int err; 751 752 BT_DBG("tty %p id %d", tty, tty->index); 753 754 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 755 dev->channel, dev->port.count); 756 757 err = tty_port_open(&dev->port, tty, filp); 758 if (err) 759 return err; 760 761 /* 762 * FIXME: rfcomm should use proper flow control for 763 * received data. This hack will be unnecessary and can 764 * be removed when that's implemented 765 */ 766 rfcomm_tty_copy_pending(dev); 767 768 rfcomm_dlc_unthrottle(dev->dlc); 769 770 return 0; 771 } 772 773 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 774 { 775 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 776 777 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 778 dev->port.count); 779 780 tty_port_close(&dev->port, tty, filp); 781 } 782 783 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 784 { 785 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 786 struct rfcomm_dlc *dlc = dev->dlc; 787 struct sk_buff *skb; 788 int sent = 0, size; 789 790 BT_DBG("tty %p count %d", tty, count); 791 792 while (count) { 793 size = min_t(uint, count, dlc->mtu); 794 795 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 796 if (!skb) 797 break; 798 799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 800 801 skb_put_data(skb, buf + sent, size); 802 803 rfcomm_dlc_send_noerror(dlc, skb); 804 805 sent += size; 806 count -= size; 807 } 808 809 return sent; 810 } 811 812 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty) 813 { 814 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 815 int room = 0; 816 817 if (dev && dev->dlc) 818 room = rfcomm_room(dev); 819 820 BT_DBG("tty %p room %d", tty, room); 821 822 return room; 823 } 824 825 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 826 { 827 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 828 829 switch (cmd) { 830 case TCGETS: 831 BT_DBG("TCGETS is not supported"); 832 return -ENOIOCTLCMD; 833 834 case TCSETS: 835 BT_DBG("TCSETS is not supported"); 836 return -ENOIOCTLCMD; 837 838 case TIOCMIWAIT: 839 BT_DBG("TIOCMIWAIT"); 840 break; 841 842 case TIOCSERGETLSR: 843 BT_ERR("TIOCSERGETLSR is not supported"); 844 return -ENOIOCTLCMD; 845 846 case TIOCSERCONFIG: 847 BT_ERR("TIOCSERCONFIG is not supported"); 848 return -ENOIOCTLCMD; 849 850 default: 851 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 852 853 } 854 855 return -ENOIOCTLCMD; 856 } 857 858 static void rfcomm_tty_set_termios(struct tty_struct *tty, 859 const struct ktermios *old) 860 { 861 struct ktermios *new = &tty->termios; 862 int old_baud_rate = tty_termios_baud_rate(old); 863 int new_baud_rate = tty_termios_baud_rate(new); 864 865 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 866 u16 changes = 0; 867 868 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 869 870 BT_DBG("tty %p termios %p", tty, old); 871 872 if (!dev || !dev->dlc || !dev->dlc->session) 873 return; 874 875 /* Handle turning off CRTSCTS */ 876 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 877 BT_DBG("Turning off CRTSCTS unsupported"); 878 879 /* Parity on/off and when on, odd/even */ 880 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 881 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 882 changes |= RFCOMM_RPN_PM_PARITY; 883 BT_DBG("Parity change detected."); 884 } 885 886 /* Mark and space parity are not supported! */ 887 if (new->c_cflag & PARENB) { 888 if (new->c_cflag & PARODD) { 889 BT_DBG("Parity is ODD"); 890 parity = RFCOMM_RPN_PARITY_ODD; 891 } else { 892 BT_DBG("Parity is EVEN"); 893 parity = RFCOMM_RPN_PARITY_EVEN; 894 } 895 } else { 896 BT_DBG("Parity is OFF"); 897 parity = RFCOMM_RPN_PARITY_NONE; 898 } 899 900 /* Setting the x_on / x_off characters */ 901 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 902 BT_DBG("XOFF custom"); 903 x_on = new->c_cc[VSTOP]; 904 changes |= RFCOMM_RPN_PM_XON; 905 } else { 906 BT_DBG("XOFF default"); 907 x_on = RFCOMM_RPN_XON_CHAR; 908 } 909 910 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 911 BT_DBG("XON custom"); 912 x_off = new->c_cc[VSTART]; 913 changes |= RFCOMM_RPN_PM_XOFF; 914 } else { 915 BT_DBG("XON default"); 916 x_off = RFCOMM_RPN_XOFF_CHAR; 917 } 918 919 /* Handle setting of stop bits */ 920 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 921 changes |= RFCOMM_RPN_PM_STOP; 922 923 /* POSIX does not support 1.5 stop bits and RFCOMM does not 924 * support 2 stop bits. So a request for 2 stop bits gets 925 * translated to 1.5 stop bits */ 926 if (new->c_cflag & CSTOPB) 927 stop_bits = RFCOMM_RPN_STOP_15; 928 else 929 stop_bits = RFCOMM_RPN_STOP_1; 930 931 /* Handle number of data bits [5-8] */ 932 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 933 changes |= RFCOMM_RPN_PM_DATA; 934 935 switch (new->c_cflag & CSIZE) { 936 case CS5: 937 data_bits = RFCOMM_RPN_DATA_5; 938 break; 939 case CS6: 940 data_bits = RFCOMM_RPN_DATA_6; 941 break; 942 case CS7: 943 data_bits = RFCOMM_RPN_DATA_7; 944 break; 945 case CS8: 946 data_bits = RFCOMM_RPN_DATA_8; 947 break; 948 default: 949 data_bits = RFCOMM_RPN_DATA_8; 950 break; 951 } 952 953 /* Handle baudrate settings */ 954 if (old_baud_rate != new_baud_rate) 955 changes |= RFCOMM_RPN_PM_BITRATE; 956 957 switch (new_baud_rate) { 958 case 2400: 959 baud = RFCOMM_RPN_BR_2400; 960 break; 961 case 4800: 962 baud = RFCOMM_RPN_BR_4800; 963 break; 964 case 7200: 965 baud = RFCOMM_RPN_BR_7200; 966 break; 967 case 9600: 968 baud = RFCOMM_RPN_BR_9600; 969 break; 970 case 19200: 971 baud = RFCOMM_RPN_BR_19200; 972 break; 973 case 38400: 974 baud = RFCOMM_RPN_BR_38400; 975 break; 976 case 57600: 977 baud = RFCOMM_RPN_BR_57600; 978 break; 979 case 115200: 980 baud = RFCOMM_RPN_BR_115200; 981 break; 982 case 230400: 983 baud = RFCOMM_RPN_BR_230400; 984 break; 985 default: 986 /* 9600 is standard accordinag to the RFCOMM specification */ 987 baud = RFCOMM_RPN_BR_9600; 988 break; 989 990 } 991 992 if (changes) 993 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 994 data_bits, stop_bits, parity, 995 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 996 } 997 998 static void rfcomm_tty_throttle(struct tty_struct *tty) 999 { 1000 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1001 1002 BT_DBG("tty %p dev %p", tty, dev); 1003 1004 rfcomm_dlc_throttle(dev->dlc); 1005 } 1006 1007 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1008 { 1009 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1010 1011 BT_DBG("tty %p dev %p", tty, dev); 1012 1013 rfcomm_dlc_unthrottle(dev->dlc); 1014 } 1015 1016 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1017 { 1018 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1019 1020 BT_DBG("tty %p dev %p", tty, dev); 1021 1022 if (!dev || !dev->dlc) 1023 return 0; 1024 1025 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1026 return dev->dlc->mtu; 1027 1028 return 0; 1029 } 1030 1031 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1032 { 1033 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1034 1035 BT_DBG("tty %p dev %p", tty, dev); 1036 1037 if (!dev || !dev->dlc) 1038 return; 1039 1040 skb_queue_purge(&dev->dlc->tx_queue); 1041 tty_wakeup(tty); 1042 } 1043 1044 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1045 { 1046 BT_DBG("tty %p ch %c", tty, ch); 1047 } 1048 1049 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1050 { 1051 BT_DBG("tty %p timeout %d", tty, timeout); 1052 } 1053 1054 static void rfcomm_tty_hangup(struct tty_struct *tty) 1055 { 1056 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1057 1058 BT_DBG("tty %p dev %p", tty, dev); 1059 1060 tty_port_hangup(&dev->port); 1061 } 1062 1063 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1064 { 1065 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1066 1067 BT_DBG("tty %p dev %p", tty, dev); 1068 1069 return dev->modem_status; 1070 } 1071 1072 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1073 { 1074 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1075 struct rfcomm_dlc *dlc = dev->dlc; 1076 u8 v24_sig; 1077 1078 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1079 1080 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1081 1082 if (set & TIOCM_DSR || set & TIOCM_DTR) 1083 v24_sig |= RFCOMM_V24_RTC; 1084 if (set & TIOCM_RTS || set & TIOCM_CTS) 1085 v24_sig |= RFCOMM_V24_RTR; 1086 if (set & TIOCM_RI) 1087 v24_sig |= RFCOMM_V24_IC; 1088 if (set & TIOCM_CD) 1089 v24_sig |= RFCOMM_V24_DV; 1090 1091 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1092 v24_sig &= ~RFCOMM_V24_RTC; 1093 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1094 v24_sig &= ~RFCOMM_V24_RTR; 1095 if (clear & TIOCM_RI) 1096 v24_sig &= ~RFCOMM_V24_IC; 1097 if (clear & TIOCM_CD) 1098 v24_sig &= ~RFCOMM_V24_DV; 1099 1100 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1101 1102 return 0; 1103 } 1104 1105 /* ---- TTY structure ---- */ 1106 1107 static const struct tty_operations rfcomm_ops = { 1108 .open = rfcomm_tty_open, 1109 .close = rfcomm_tty_close, 1110 .write = rfcomm_tty_write, 1111 .write_room = rfcomm_tty_write_room, 1112 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1113 .flush_buffer = rfcomm_tty_flush_buffer, 1114 .ioctl = rfcomm_tty_ioctl, 1115 .throttle = rfcomm_tty_throttle, 1116 .unthrottle = rfcomm_tty_unthrottle, 1117 .set_termios = rfcomm_tty_set_termios, 1118 .send_xchar = rfcomm_tty_send_xchar, 1119 .hangup = rfcomm_tty_hangup, 1120 .wait_until_sent = rfcomm_tty_wait_until_sent, 1121 .tiocmget = rfcomm_tty_tiocmget, 1122 .tiocmset = rfcomm_tty_tiocmset, 1123 .install = rfcomm_tty_install, 1124 .cleanup = rfcomm_tty_cleanup, 1125 }; 1126 1127 int __init rfcomm_init_ttys(void) 1128 { 1129 int error; 1130 1131 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS, 1132 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV); 1133 if (IS_ERR(rfcomm_tty_driver)) 1134 return PTR_ERR(rfcomm_tty_driver); 1135 1136 rfcomm_tty_driver->driver_name = "rfcomm"; 1137 rfcomm_tty_driver->name = "rfcomm"; 1138 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1139 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1140 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1141 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1142 rfcomm_tty_driver->init_termios = tty_std_termios; 1143 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1144 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1145 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1146 1147 error = tty_register_driver(rfcomm_tty_driver); 1148 if (error) { 1149 BT_ERR("Can't register RFCOMM TTY driver"); 1150 tty_driver_kref_put(rfcomm_tty_driver); 1151 return error; 1152 } 1153 1154 BT_INFO("RFCOMM TTY layer initialized"); 1155 1156 return 0; 1157 } 1158 1159 void rfcomm_cleanup_ttys(void) 1160 { 1161 tty_unregister_driver(rfcomm_tty_driver); 1162 tty_driver_kref_put(rfcomm_tty_driver); 1163 } 1164