1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 41 #define RFCOMM_TTY_MINOR 0 42 43 static struct tty_driver *rfcomm_tty_driver; 44 45 struct rfcomm_dev { 46 struct tty_port port; 47 struct list_head list; 48 49 char name[12]; 50 int id; 51 unsigned long flags; 52 int err; 53 54 bdaddr_t src; 55 bdaddr_t dst; 56 u8 channel; 57 58 uint modem_status; 59 60 struct rfcomm_dlc *dlc; 61 62 struct device *tty_dev; 63 64 atomic_t wmem_alloc; 65 66 struct sk_buff_head pending; 67 }; 68 69 static LIST_HEAD(rfcomm_dev_list); 70 static DEFINE_SPINLOCK(rfcomm_dev_lock); 71 72 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 73 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 74 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 75 76 /* ---- Device functions ---- */ 77 78 static void rfcomm_dev_destruct(struct tty_port *port) 79 { 80 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 81 struct rfcomm_dlc *dlc = dev->dlc; 82 83 BT_DBG("dev %p dlc %p", dev, dlc); 84 85 spin_lock(&rfcomm_dev_lock); 86 list_del(&dev->list); 87 spin_unlock(&rfcomm_dev_lock); 88 89 rfcomm_dlc_lock(dlc); 90 /* Detach DLC if it's owned by this dev */ 91 if (dlc->owner == dev) 92 dlc->owner = NULL; 93 rfcomm_dlc_unlock(dlc); 94 95 rfcomm_dlc_put(dlc); 96 97 tty_unregister_device(rfcomm_tty_driver, dev->id); 98 99 kfree(dev); 100 101 /* It's safe to call module_put() here because socket still 102 holds reference to this module. */ 103 module_put(THIS_MODULE); 104 } 105 106 /* device-specific initialization: open the dlc */ 107 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 108 { 109 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 110 111 return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 112 } 113 114 /* we block the open until the dlc->state becomes BT_CONNECTED */ 115 static int rfcomm_dev_carrier_raised(struct tty_port *port) 116 { 117 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 118 119 return (dev->dlc->state == BT_CONNECTED); 120 } 121 122 /* device-specific cleanup: close the dlc */ 123 static void rfcomm_dev_shutdown(struct tty_port *port) 124 { 125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 126 127 if (dev->tty_dev->parent) 128 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 129 130 /* close the dlc */ 131 rfcomm_dlc_close(dev->dlc, 0); 132 } 133 134 static const struct tty_port_operations rfcomm_port_ops = { 135 .destruct = rfcomm_dev_destruct, 136 .activate = rfcomm_dev_activate, 137 .shutdown = rfcomm_dev_shutdown, 138 .carrier_raised = rfcomm_dev_carrier_raised, 139 }; 140 141 static struct rfcomm_dev *__rfcomm_dev_get(int id) 142 { 143 struct rfcomm_dev *dev; 144 145 list_for_each_entry(dev, &rfcomm_dev_list, list) 146 if (dev->id == id) 147 return dev; 148 149 return NULL; 150 } 151 152 static struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 spin_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 160 if (dev) { 161 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 162 dev = NULL; 163 else 164 tty_port_get(&dev->port); 165 } 166 167 spin_unlock(&rfcomm_dev_lock); 168 169 return dev; 170 } 171 172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 173 { 174 struct hci_dev *hdev; 175 struct hci_conn *conn; 176 177 hdev = hci_get_route(&dev->dst, &dev->src); 178 if (!hdev) 179 return NULL; 180 181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 182 183 hci_dev_put(hdev); 184 185 return conn ? &conn->dev : NULL; 186 } 187 188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 189 { 190 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 191 return sprintf(buf, "%pMR\n", &dev->dst); 192 } 193 194 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 195 { 196 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 197 return sprintf(buf, "%d\n", dev->channel); 198 } 199 200 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 201 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 202 203 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 204 { 205 struct rfcomm_dev *dev, *entry; 206 struct list_head *head = &rfcomm_dev_list; 207 int err = 0; 208 209 BT_DBG("id %d channel %d", req->dev_id, req->channel); 210 211 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 212 if (!dev) 213 return -ENOMEM; 214 215 spin_lock(&rfcomm_dev_lock); 216 217 if (req->dev_id < 0) { 218 dev->id = 0; 219 220 list_for_each_entry(entry, &rfcomm_dev_list, list) { 221 if (entry->id != dev->id) 222 break; 223 224 dev->id++; 225 head = &entry->list; 226 } 227 } else { 228 dev->id = req->dev_id; 229 230 list_for_each_entry(entry, &rfcomm_dev_list, list) { 231 if (entry->id == dev->id) { 232 err = -EADDRINUSE; 233 goto out; 234 } 235 236 if (entry->id > dev->id - 1) 237 break; 238 239 head = &entry->list; 240 } 241 } 242 243 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 244 err = -ENFILE; 245 goto out; 246 } 247 248 sprintf(dev->name, "rfcomm%d", dev->id); 249 250 list_add(&dev->list, head); 251 252 bacpy(&dev->src, &req->src); 253 bacpy(&dev->dst, &req->dst); 254 dev->channel = req->channel; 255 256 dev->flags = req->flags & 257 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 258 259 tty_port_init(&dev->port); 260 dev->port.ops = &rfcomm_port_ops; 261 262 skb_queue_head_init(&dev->pending); 263 264 rfcomm_dlc_lock(dlc); 265 266 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 267 struct sock *sk = dlc->owner; 268 struct sk_buff *skb; 269 270 BUG_ON(!sk); 271 272 rfcomm_dlc_throttle(dlc); 273 274 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 275 skb_orphan(skb); 276 skb_queue_tail(&dev->pending, skb); 277 atomic_sub(skb->len, &sk->sk_rmem_alloc); 278 } 279 } 280 281 dlc->data_ready = rfcomm_dev_data_ready; 282 dlc->state_change = rfcomm_dev_state_change; 283 dlc->modem_status = rfcomm_dev_modem_status; 284 285 dlc->owner = dev; 286 dev->dlc = dlc; 287 288 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 289 290 rfcomm_dlc_unlock(dlc); 291 292 /* It's safe to call __module_get() here because socket already 293 holds reference to this module. */ 294 __module_get(THIS_MODULE); 295 296 out: 297 spin_unlock(&rfcomm_dev_lock); 298 299 if (err < 0) 300 goto free; 301 302 dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver, 303 dev->id, NULL); 304 if (IS_ERR(dev->tty_dev)) { 305 err = PTR_ERR(dev->tty_dev); 306 spin_lock(&rfcomm_dev_lock); 307 list_del(&dev->list); 308 spin_unlock(&rfcomm_dev_lock); 309 goto free; 310 } 311 312 dev_set_drvdata(dev->tty_dev, dev); 313 314 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 315 BT_ERR("Failed to create address attribute"); 316 317 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 318 BT_ERR("Failed to create channel attribute"); 319 320 return dev->id; 321 322 free: 323 kfree(dev); 324 return err; 325 } 326 327 /* ---- Send buffer ---- */ 328 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 329 { 330 /* We can't let it be zero, because we don't get a callback 331 when tx_credits becomes nonzero, hence we'd never wake up */ 332 return dlc->mtu * (dlc->tx_credits?:1); 333 } 334 335 static void rfcomm_wfree(struct sk_buff *skb) 336 { 337 struct rfcomm_dev *dev = (void *) skb->sk; 338 atomic_sub(skb->truesize, &dev->wmem_alloc); 339 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 340 tty_port_tty_wakeup(&dev->port); 341 tty_port_put(&dev->port); 342 } 343 344 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 345 { 346 tty_port_get(&dev->port); 347 atomic_add(skb->truesize, &dev->wmem_alloc); 348 skb->sk = (void *) dev; 349 skb->destructor = rfcomm_wfree; 350 } 351 352 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 353 { 354 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 355 struct sk_buff *skb = alloc_skb(size, priority); 356 if (skb) { 357 rfcomm_set_owner_w(skb, dev); 358 return skb; 359 } 360 } 361 return NULL; 362 } 363 364 /* ---- Device IOCTLs ---- */ 365 366 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 367 368 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 369 { 370 struct rfcomm_dev_req req; 371 struct rfcomm_dlc *dlc; 372 int id; 373 374 if (copy_from_user(&req, arg, sizeof(req))) 375 return -EFAULT; 376 377 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 378 379 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 380 return -EPERM; 381 382 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 383 /* Socket must be connected */ 384 if (sk->sk_state != BT_CONNECTED) 385 return -EBADFD; 386 387 dlc = rfcomm_pi(sk)->dlc; 388 rfcomm_dlc_hold(dlc); 389 } else { 390 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 391 if (!dlc) 392 return -ENOMEM; 393 } 394 395 id = rfcomm_dev_add(&req, dlc); 396 if (id < 0) { 397 rfcomm_dlc_put(dlc); 398 return id; 399 } 400 401 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 402 /* DLC is now used by device. 403 * Socket must be disconnected */ 404 sk->sk_state = BT_CLOSED; 405 } 406 407 return id; 408 } 409 410 static int rfcomm_release_dev(void __user *arg) 411 { 412 struct rfcomm_dev_req req; 413 struct rfcomm_dev *dev; 414 struct tty_struct *tty; 415 416 if (copy_from_user(&req, arg, sizeof(req))) 417 return -EFAULT; 418 419 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 420 421 dev = rfcomm_dev_get(req.dev_id); 422 if (!dev) 423 return -ENODEV; 424 425 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 426 tty_port_put(&dev->port); 427 return -EPERM; 428 } 429 430 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 431 rfcomm_dlc_close(dev->dlc, 0); 432 433 /* Shut down TTY synchronously before freeing rfcomm_dev */ 434 tty = tty_port_tty_get(&dev->port); 435 if (tty) { 436 tty_vhangup(tty); 437 tty_kref_put(tty); 438 } 439 440 if (!test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 441 tty_port_put(&dev->port); 442 443 tty_port_put(&dev->port); 444 return 0; 445 } 446 447 static int rfcomm_get_dev_list(void __user *arg) 448 { 449 struct rfcomm_dev *dev; 450 struct rfcomm_dev_list_req *dl; 451 struct rfcomm_dev_info *di; 452 int n = 0, size, err; 453 u16 dev_num; 454 455 BT_DBG(""); 456 457 if (get_user(dev_num, (u16 __user *) arg)) 458 return -EFAULT; 459 460 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 461 return -EINVAL; 462 463 size = sizeof(*dl) + dev_num * sizeof(*di); 464 465 dl = kzalloc(size, GFP_KERNEL); 466 if (!dl) 467 return -ENOMEM; 468 469 di = dl->dev_info; 470 471 spin_lock(&rfcomm_dev_lock); 472 473 list_for_each_entry(dev, &rfcomm_dev_list, list) { 474 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 475 continue; 476 (di + n)->id = dev->id; 477 (di + n)->flags = dev->flags; 478 (di + n)->state = dev->dlc->state; 479 (di + n)->channel = dev->channel; 480 bacpy(&(di + n)->src, &dev->src); 481 bacpy(&(di + n)->dst, &dev->dst); 482 if (++n >= dev_num) 483 break; 484 } 485 486 spin_unlock(&rfcomm_dev_lock); 487 488 dl->dev_num = n; 489 size = sizeof(*dl) + n * sizeof(*di); 490 491 err = copy_to_user(arg, dl, size); 492 kfree(dl); 493 494 return err ? -EFAULT : 0; 495 } 496 497 static int rfcomm_get_dev_info(void __user *arg) 498 { 499 struct rfcomm_dev *dev; 500 struct rfcomm_dev_info di; 501 int err = 0; 502 503 BT_DBG(""); 504 505 if (copy_from_user(&di, arg, sizeof(di))) 506 return -EFAULT; 507 508 dev = rfcomm_dev_get(di.id); 509 if (!dev) 510 return -ENODEV; 511 512 di.flags = dev->flags; 513 di.channel = dev->channel; 514 di.state = dev->dlc->state; 515 bacpy(&di.src, &dev->src); 516 bacpy(&di.dst, &dev->dst); 517 518 if (copy_to_user(arg, &di, sizeof(di))) 519 err = -EFAULT; 520 521 tty_port_put(&dev->port); 522 return err; 523 } 524 525 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 526 { 527 BT_DBG("cmd %d arg %p", cmd, arg); 528 529 switch (cmd) { 530 case RFCOMMCREATEDEV: 531 return rfcomm_create_dev(sk, arg); 532 533 case RFCOMMRELEASEDEV: 534 return rfcomm_release_dev(arg); 535 536 case RFCOMMGETDEVLIST: 537 return rfcomm_get_dev_list(arg); 538 539 case RFCOMMGETDEVINFO: 540 return rfcomm_get_dev_info(arg); 541 } 542 543 return -EINVAL; 544 } 545 546 /* ---- DLC callbacks ---- */ 547 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 548 { 549 struct rfcomm_dev *dev = dlc->owner; 550 551 if (!dev) { 552 kfree_skb(skb); 553 return; 554 } 555 556 if (!skb_queue_empty(&dev->pending)) { 557 skb_queue_tail(&dev->pending, skb); 558 return; 559 } 560 561 BT_DBG("dlc %p len %d", dlc, skb->len); 562 563 tty_insert_flip_string(&dev->port, skb->data, skb->len); 564 tty_flip_buffer_push(&dev->port); 565 566 kfree_skb(skb); 567 } 568 569 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 570 { 571 struct rfcomm_dev *dev = dlc->owner; 572 struct tty_struct *tty; 573 if (!dev) 574 return; 575 576 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 577 578 dev->err = err; 579 if (dlc->state == BT_CONNECTED) { 580 device_move(dev->tty_dev, rfcomm_get_device(dev), 581 DPM_ORDER_DEV_AFTER_PARENT); 582 583 wake_up_interruptible(&dev->port.open_wait); 584 } else if (dlc->state == BT_CLOSED) { 585 tty = tty_port_tty_get(&dev->port); 586 if (!tty) { 587 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 588 /* Drop DLC lock here to avoid deadlock 589 * 1. rfcomm_dev_get will take rfcomm_dev_lock 590 * but in rfcomm_dev_add there's lock order: 591 * rfcomm_dev_lock -> dlc lock 592 * 2. tty_port_put will deadlock if it's 593 * the last reference 594 * 595 * FIXME: when we release the lock anything 596 * could happen to dev, even its destruction 597 */ 598 rfcomm_dlc_unlock(dlc); 599 if (rfcomm_dev_get(dev->id) == NULL) { 600 rfcomm_dlc_lock(dlc); 601 return; 602 } 603 604 if (!test_and_set_bit(RFCOMM_TTY_RELEASED, 605 &dev->flags)) 606 tty_port_put(&dev->port); 607 608 tty_port_put(&dev->port); 609 rfcomm_dlc_lock(dlc); 610 } 611 } else { 612 tty_hangup(tty); 613 tty_kref_put(tty); 614 } 615 } 616 } 617 618 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 619 { 620 struct rfcomm_dev *dev = dlc->owner; 621 if (!dev) 622 return; 623 624 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 625 626 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 627 tty_port_tty_hangup(&dev->port, true); 628 629 dev->modem_status = 630 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 631 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 632 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 633 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 634 } 635 636 /* ---- TTY functions ---- */ 637 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 638 { 639 struct sk_buff *skb; 640 int inserted = 0; 641 642 BT_DBG("dev %p", dev); 643 644 rfcomm_dlc_lock(dev->dlc); 645 646 while ((skb = skb_dequeue(&dev->pending))) { 647 inserted += tty_insert_flip_string(&dev->port, skb->data, 648 skb->len); 649 kfree_skb(skb); 650 } 651 652 rfcomm_dlc_unlock(dev->dlc); 653 654 if (inserted > 0) 655 tty_flip_buffer_push(&dev->port); 656 } 657 658 /* do the reverse of install, clearing the tty fields and releasing the 659 * reference to tty_port 660 */ 661 static void rfcomm_tty_cleanup(struct tty_struct *tty) 662 { 663 struct rfcomm_dev *dev = tty->driver_data; 664 665 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 666 667 rfcomm_dlc_lock(dev->dlc); 668 tty->driver_data = NULL; 669 rfcomm_dlc_unlock(dev->dlc); 670 671 /* 672 * purge the dlc->tx_queue to avoid circular dependencies 673 * between dev and dlc 674 */ 675 skb_queue_purge(&dev->dlc->tx_queue); 676 677 tty_port_put(&dev->port); 678 } 679 680 /* we acquire the tty_port reference since it's here the tty is first used 681 * by setting the termios. We also populate the driver_data field and install 682 * the tty port 683 */ 684 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 685 { 686 struct rfcomm_dev *dev; 687 struct rfcomm_dlc *dlc; 688 int err; 689 690 dev = rfcomm_dev_get(tty->index); 691 if (!dev) 692 return -ENODEV; 693 694 dlc = dev->dlc; 695 696 /* Attach TTY and open DLC */ 697 rfcomm_dlc_lock(dlc); 698 tty->driver_data = dev; 699 rfcomm_dlc_unlock(dlc); 700 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 701 702 /* install the tty_port */ 703 err = tty_port_install(&dev->port, driver, tty); 704 if (err) 705 rfcomm_tty_cleanup(tty); 706 707 return err; 708 } 709 710 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 711 { 712 struct rfcomm_dev *dev = tty->driver_data; 713 int err; 714 715 BT_DBG("tty %p id %d", tty, tty->index); 716 717 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 718 dev->channel, dev->port.count); 719 720 err = tty_port_open(&dev->port, tty, filp); 721 if (err) 722 return err; 723 724 /* 725 * FIXME: rfcomm should use proper flow control for 726 * received data. This hack will be unnecessary and can 727 * be removed when that's implemented 728 */ 729 rfcomm_tty_copy_pending(dev); 730 731 rfcomm_dlc_unthrottle(dev->dlc); 732 733 return 0; 734 } 735 736 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 737 { 738 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 739 740 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 741 dev->port.count); 742 743 tty_port_close(&dev->port, tty, filp); 744 } 745 746 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 747 { 748 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 749 struct rfcomm_dlc *dlc = dev->dlc; 750 struct sk_buff *skb; 751 int err = 0, sent = 0, size; 752 753 BT_DBG("tty %p count %d", tty, count); 754 755 while (count) { 756 size = min_t(uint, count, dlc->mtu); 757 758 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 759 760 if (!skb) 761 break; 762 763 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 764 765 memcpy(skb_put(skb, size), buf + sent, size); 766 767 err = rfcomm_dlc_send(dlc, skb); 768 if (err < 0) { 769 kfree_skb(skb); 770 break; 771 } 772 773 sent += size; 774 count -= size; 775 } 776 777 return sent ? sent : err; 778 } 779 780 static int rfcomm_tty_write_room(struct tty_struct *tty) 781 { 782 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 783 int room; 784 785 BT_DBG("tty %p", tty); 786 787 if (!dev || !dev->dlc) 788 return 0; 789 790 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 791 if (room < 0) 792 room = 0; 793 794 return room; 795 } 796 797 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 798 { 799 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 800 801 switch (cmd) { 802 case TCGETS: 803 BT_DBG("TCGETS is not supported"); 804 return -ENOIOCTLCMD; 805 806 case TCSETS: 807 BT_DBG("TCSETS is not supported"); 808 return -ENOIOCTLCMD; 809 810 case TIOCMIWAIT: 811 BT_DBG("TIOCMIWAIT"); 812 break; 813 814 case TIOCGSERIAL: 815 BT_ERR("TIOCGSERIAL is not supported"); 816 return -ENOIOCTLCMD; 817 818 case TIOCSSERIAL: 819 BT_ERR("TIOCSSERIAL is not supported"); 820 return -ENOIOCTLCMD; 821 822 case TIOCSERGSTRUCT: 823 BT_ERR("TIOCSERGSTRUCT is not supported"); 824 return -ENOIOCTLCMD; 825 826 case TIOCSERGETLSR: 827 BT_ERR("TIOCSERGETLSR is not supported"); 828 return -ENOIOCTLCMD; 829 830 case TIOCSERCONFIG: 831 BT_ERR("TIOCSERCONFIG is not supported"); 832 return -ENOIOCTLCMD; 833 834 default: 835 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 836 837 } 838 839 return -ENOIOCTLCMD; 840 } 841 842 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 843 { 844 struct ktermios *new = &tty->termios; 845 int old_baud_rate = tty_termios_baud_rate(old); 846 int new_baud_rate = tty_termios_baud_rate(new); 847 848 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 849 u16 changes = 0; 850 851 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 852 853 BT_DBG("tty %p termios %p", tty, old); 854 855 if (!dev || !dev->dlc || !dev->dlc->session) 856 return; 857 858 /* Handle turning off CRTSCTS */ 859 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 860 BT_DBG("Turning off CRTSCTS unsupported"); 861 862 /* Parity on/off and when on, odd/even */ 863 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 864 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 865 changes |= RFCOMM_RPN_PM_PARITY; 866 BT_DBG("Parity change detected."); 867 } 868 869 /* Mark and space parity are not supported! */ 870 if (new->c_cflag & PARENB) { 871 if (new->c_cflag & PARODD) { 872 BT_DBG("Parity is ODD"); 873 parity = RFCOMM_RPN_PARITY_ODD; 874 } else { 875 BT_DBG("Parity is EVEN"); 876 parity = RFCOMM_RPN_PARITY_EVEN; 877 } 878 } else { 879 BT_DBG("Parity is OFF"); 880 parity = RFCOMM_RPN_PARITY_NONE; 881 } 882 883 /* Setting the x_on / x_off characters */ 884 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 885 BT_DBG("XOFF custom"); 886 x_on = new->c_cc[VSTOP]; 887 changes |= RFCOMM_RPN_PM_XON; 888 } else { 889 BT_DBG("XOFF default"); 890 x_on = RFCOMM_RPN_XON_CHAR; 891 } 892 893 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 894 BT_DBG("XON custom"); 895 x_off = new->c_cc[VSTART]; 896 changes |= RFCOMM_RPN_PM_XOFF; 897 } else { 898 BT_DBG("XON default"); 899 x_off = RFCOMM_RPN_XOFF_CHAR; 900 } 901 902 /* Handle setting of stop bits */ 903 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 904 changes |= RFCOMM_RPN_PM_STOP; 905 906 /* POSIX does not support 1.5 stop bits and RFCOMM does not 907 * support 2 stop bits. So a request for 2 stop bits gets 908 * translated to 1.5 stop bits */ 909 if (new->c_cflag & CSTOPB) 910 stop_bits = RFCOMM_RPN_STOP_15; 911 else 912 stop_bits = RFCOMM_RPN_STOP_1; 913 914 /* Handle number of data bits [5-8] */ 915 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 916 changes |= RFCOMM_RPN_PM_DATA; 917 918 switch (new->c_cflag & CSIZE) { 919 case CS5: 920 data_bits = RFCOMM_RPN_DATA_5; 921 break; 922 case CS6: 923 data_bits = RFCOMM_RPN_DATA_6; 924 break; 925 case CS7: 926 data_bits = RFCOMM_RPN_DATA_7; 927 break; 928 case CS8: 929 data_bits = RFCOMM_RPN_DATA_8; 930 break; 931 default: 932 data_bits = RFCOMM_RPN_DATA_8; 933 break; 934 } 935 936 /* Handle baudrate settings */ 937 if (old_baud_rate != new_baud_rate) 938 changes |= RFCOMM_RPN_PM_BITRATE; 939 940 switch (new_baud_rate) { 941 case 2400: 942 baud = RFCOMM_RPN_BR_2400; 943 break; 944 case 4800: 945 baud = RFCOMM_RPN_BR_4800; 946 break; 947 case 7200: 948 baud = RFCOMM_RPN_BR_7200; 949 break; 950 case 9600: 951 baud = RFCOMM_RPN_BR_9600; 952 break; 953 case 19200: 954 baud = RFCOMM_RPN_BR_19200; 955 break; 956 case 38400: 957 baud = RFCOMM_RPN_BR_38400; 958 break; 959 case 57600: 960 baud = RFCOMM_RPN_BR_57600; 961 break; 962 case 115200: 963 baud = RFCOMM_RPN_BR_115200; 964 break; 965 case 230400: 966 baud = RFCOMM_RPN_BR_230400; 967 break; 968 default: 969 /* 9600 is standard accordinag to the RFCOMM specification */ 970 baud = RFCOMM_RPN_BR_9600; 971 break; 972 973 } 974 975 if (changes) 976 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 977 data_bits, stop_bits, parity, 978 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 979 } 980 981 static void rfcomm_tty_throttle(struct tty_struct *tty) 982 { 983 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 984 985 BT_DBG("tty %p dev %p", tty, dev); 986 987 rfcomm_dlc_throttle(dev->dlc); 988 } 989 990 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 991 { 992 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 993 994 BT_DBG("tty %p dev %p", tty, dev); 995 996 rfcomm_dlc_unthrottle(dev->dlc); 997 } 998 999 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1000 { 1001 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1002 1003 BT_DBG("tty %p dev %p", tty, dev); 1004 1005 if (!dev || !dev->dlc) 1006 return 0; 1007 1008 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1009 return dev->dlc->mtu; 1010 1011 return 0; 1012 } 1013 1014 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1015 { 1016 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1017 1018 BT_DBG("tty %p dev %p", tty, dev); 1019 1020 if (!dev || !dev->dlc) 1021 return; 1022 1023 skb_queue_purge(&dev->dlc->tx_queue); 1024 tty_wakeup(tty); 1025 } 1026 1027 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1028 { 1029 BT_DBG("tty %p ch %c", tty, ch); 1030 } 1031 1032 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1033 { 1034 BT_DBG("tty %p timeout %d", tty, timeout); 1035 } 1036 1037 static void rfcomm_tty_hangup(struct tty_struct *tty) 1038 { 1039 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1040 1041 BT_DBG("tty %p dev %p", tty, dev); 1042 1043 tty_port_hangup(&dev->port); 1044 1045 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags) && 1046 !test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 1047 tty_port_put(&dev->port); 1048 } 1049 1050 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1051 { 1052 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1053 1054 BT_DBG("tty %p dev %p", tty, dev); 1055 1056 return dev->modem_status; 1057 } 1058 1059 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1060 { 1061 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1062 struct rfcomm_dlc *dlc = dev->dlc; 1063 u8 v24_sig; 1064 1065 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1066 1067 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1068 1069 if (set & TIOCM_DSR || set & TIOCM_DTR) 1070 v24_sig |= RFCOMM_V24_RTC; 1071 if (set & TIOCM_RTS || set & TIOCM_CTS) 1072 v24_sig |= RFCOMM_V24_RTR; 1073 if (set & TIOCM_RI) 1074 v24_sig |= RFCOMM_V24_IC; 1075 if (set & TIOCM_CD) 1076 v24_sig |= RFCOMM_V24_DV; 1077 1078 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1079 v24_sig &= ~RFCOMM_V24_RTC; 1080 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1081 v24_sig &= ~RFCOMM_V24_RTR; 1082 if (clear & TIOCM_RI) 1083 v24_sig &= ~RFCOMM_V24_IC; 1084 if (clear & TIOCM_CD) 1085 v24_sig &= ~RFCOMM_V24_DV; 1086 1087 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1088 1089 return 0; 1090 } 1091 1092 /* ---- TTY structure ---- */ 1093 1094 static const struct tty_operations rfcomm_ops = { 1095 .open = rfcomm_tty_open, 1096 .close = rfcomm_tty_close, 1097 .write = rfcomm_tty_write, 1098 .write_room = rfcomm_tty_write_room, 1099 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1100 .flush_buffer = rfcomm_tty_flush_buffer, 1101 .ioctl = rfcomm_tty_ioctl, 1102 .throttle = rfcomm_tty_throttle, 1103 .unthrottle = rfcomm_tty_unthrottle, 1104 .set_termios = rfcomm_tty_set_termios, 1105 .send_xchar = rfcomm_tty_send_xchar, 1106 .hangup = rfcomm_tty_hangup, 1107 .wait_until_sent = rfcomm_tty_wait_until_sent, 1108 .tiocmget = rfcomm_tty_tiocmget, 1109 .tiocmset = rfcomm_tty_tiocmset, 1110 .install = rfcomm_tty_install, 1111 .cleanup = rfcomm_tty_cleanup, 1112 }; 1113 1114 int __init rfcomm_init_ttys(void) 1115 { 1116 int error; 1117 1118 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1119 if (!rfcomm_tty_driver) 1120 return -ENOMEM; 1121 1122 rfcomm_tty_driver->driver_name = "rfcomm"; 1123 rfcomm_tty_driver->name = "rfcomm"; 1124 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1125 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1126 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1127 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1128 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1129 rfcomm_tty_driver->init_termios = tty_std_termios; 1130 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1131 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1132 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1133 1134 error = tty_register_driver(rfcomm_tty_driver); 1135 if (error) { 1136 BT_ERR("Can't register RFCOMM TTY driver"); 1137 put_tty_driver(rfcomm_tty_driver); 1138 return error; 1139 } 1140 1141 BT_INFO("RFCOMM TTY layer initialized"); 1142 1143 return 0; 1144 } 1145 1146 void rfcomm_cleanup_ttys(void) 1147 { 1148 tty_unregister_driver(rfcomm_tty_driver); 1149 put_tty_driver(rfcomm_tty_driver); 1150 } 1151