1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 write_lock_bh(&rfcomm_dev_lock); 99 list_del_init(&dev->list); 100 write_unlock_bh(&rfcomm_dev_lock); 101 102 rfcomm_dlc_lock(dlc); 103 /* Detach DLC if it's owned by this dev */ 104 if (dlc->owner == dev) 105 dlc->owner = NULL; 106 rfcomm_dlc_unlock(dlc); 107 108 rfcomm_dlc_put(dlc); 109 110 tty_unregister_device(rfcomm_tty_driver, dev->id); 111 112 /* Refcount should only hit zero when called from rfcomm_dev_del() 113 which will have taken us off the list. Everything else are 114 refcounting bugs. */ 115 BUG_ON(!list_empty(&dev->list)); 116 117 kfree(dev); 118 119 /* It's safe to call module_put() here because socket still 120 holds reference to this module. */ 121 module_put(THIS_MODULE); 122 } 123 124 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 125 { 126 atomic_inc(&dev->refcnt); 127 } 128 129 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 130 { 131 /* The reason this isn't actually a race, as you no 132 doubt have a little voice screaming at you in your 133 head, is that the refcount should never actually 134 reach zero unless the device has already been taken 135 off the list, in rfcomm_dev_del(). And if that's not 136 true, we'll hit the BUG() in rfcomm_dev_destruct() 137 anyway. */ 138 if (atomic_dec_and_test(&dev->refcnt)) 139 rfcomm_dev_destruct(dev); 140 } 141 142 static struct rfcomm_dev *__rfcomm_dev_get(int id) 143 { 144 struct rfcomm_dev *dev; 145 struct list_head *p; 146 147 list_for_each(p, &rfcomm_dev_list) { 148 dev = list_entry(p, struct rfcomm_dev, list); 149 if (dev->id == id) 150 return dev; 151 } 152 153 return NULL; 154 } 155 156 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 157 { 158 struct rfcomm_dev *dev; 159 160 read_lock(&rfcomm_dev_lock); 161 162 dev = __rfcomm_dev_get(id); 163 164 if (dev) { 165 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 166 dev = NULL; 167 else 168 rfcomm_dev_hold(dev); 169 } 170 171 read_unlock(&rfcomm_dev_lock); 172 173 return dev; 174 } 175 176 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 177 { 178 struct hci_dev *hdev; 179 struct hci_conn *conn; 180 181 hdev = hci_get_route(&dev->dst, &dev->src); 182 if (!hdev) 183 return NULL; 184 185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 186 187 hci_dev_put(hdev); 188 189 return conn ? &conn->dev : NULL; 190 } 191 192 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 193 { 194 struct rfcomm_dev *dev; 195 struct list_head *head = &rfcomm_dev_list, *p; 196 int err = 0; 197 198 BT_DBG("id %d channel %d", req->dev_id, req->channel); 199 200 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 201 if (!dev) 202 return -ENOMEM; 203 204 write_lock_bh(&rfcomm_dev_lock); 205 206 if (req->dev_id < 0) { 207 dev->id = 0; 208 209 list_for_each(p, &rfcomm_dev_list) { 210 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 211 break; 212 213 dev->id++; 214 head = p; 215 } 216 } else { 217 dev->id = req->dev_id; 218 219 list_for_each(p, &rfcomm_dev_list) { 220 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 221 222 if (entry->id == dev->id) { 223 err = -EADDRINUSE; 224 goto out; 225 } 226 227 if (entry->id > dev->id - 1) 228 break; 229 230 head = p; 231 } 232 } 233 234 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 235 err = -ENFILE; 236 goto out; 237 } 238 239 sprintf(dev->name, "rfcomm%d", dev->id); 240 241 list_add(&dev->list, head); 242 atomic_set(&dev->refcnt, 1); 243 244 bacpy(&dev->src, &req->src); 245 bacpy(&dev->dst, &req->dst); 246 dev->channel = req->channel; 247 248 dev->flags = req->flags & 249 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 250 251 init_waitqueue_head(&dev->wait); 252 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 253 254 rfcomm_dlc_lock(dlc); 255 dlc->data_ready = rfcomm_dev_data_ready; 256 dlc->state_change = rfcomm_dev_state_change; 257 dlc->modem_status = rfcomm_dev_modem_status; 258 259 dlc->owner = dev; 260 dev->dlc = dlc; 261 rfcomm_dlc_unlock(dlc); 262 263 /* It's safe to call __module_get() here because socket already 264 holds reference to this module. */ 265 __module_get(THIS_MODULE); 266 267 out: 268 write_unlock_bh(&rfcomm_dev_lock); 269 270 if (err) { 271 kfree(dev); 272 return err; 273 } 274 275 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 276 277 if (IS_ERR(dev->tty_dev)) { 278 list_del(&dev->list); 279 kfree(dev); 280 return PTR_ERR(dev->tty_dev); 281 } 282 283 return dev->id; 284 } 285 286 static void rfcomm_dev_del(struct rfcomm_dev *dev) 287 { 288 BT_DBG("dev %p", dev); 289 290 set_bit(RFCOMM_TTY_RELEASED, &dev->flags); 291 rfcomm_dev_put(dev); 292 } 293 294 /* ---- Send buffer ---- */ 295 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 296 { 297 /* We can't let it be zero, because we don't get a callback 298 when tx_credits becomes nonzero, hence we'd never wake up */ 299 return dlc->mtu * (dlc->tx_credits?:1); 300 } 301 302 static void rfcomm_wfree(struct sk_buff *skb) 303 { 304 struct rfcomm_dev *dev = (void *) skb->sk; 305 atomic_sub(skb->truesize, &dev->wmem_alloc); 306 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 307 tasklet_schedule(&dev->wakeup_task); 308 rfcomm_dev_put(dev); 309 } 310 311 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 312 { 313 rfcomm_dev_hold(dev); 314 atomic_add(skb->truesize, &dev->wmem_alloc); 315 skb->sk = (void *) dev; 316 skb->destructor = rfcomm_wfree; 317 } 318 319 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 320 { 321 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 322 struct sk_buff *skb = alloc_skb(size, priority); 323 if (skb) { 324 rfcomm_set_owner_w(skb, dev); 325 return skb; 326 } 327 } 328 return NULL; 329 } 330 331 /* ---- Device IOCTLs ---- */ 332 333 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 334 335 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 336 { 337 struct rfcomm_dev_req req; 338 struct rfcomm_dlc *dlc; 339 int id; 340 341 if (copy_from_user(&req, arg, sizeof(req))) 342 return -EFAULT; 343 344 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 345 346 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 347 return -EPERM; 348 349 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 350 /* Socket must be connected */ 351 if (sk->sk_state != BT_CONNECTED) 352 return -EBADFD; 353 354 dlc = rfcomm_pi(sk)->dlc; 355 rfcomm_dlc_hold(dlc); 356 } else { 357 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 358 if (!dlc) 359 return -ENOMEM; 360 } 361 362 id = rfcomm_dev_add(&req, dlc); 363 if (id < 0) { 364 rfcomm_dlc_put(dlc); 365 return id; 366 } 367 368 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 369 /* DLC is now used by device. 370 * Socket must be disconnected */ 371 sk->sk_state = BT_CLOSED; 372 } 373 374 return id; 375 } 376 377 static int rfcomm_release_dev(void __user *arg) 378 { 379 struct rfcomm_dev_req req; 380 struct rfcomm_dev *dev; 381 382 if (copy_from_user(&req, arg, sizeof(req))) 383 return -EFAULT; 384 385 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 386 387 if (!(dev = rfcomm_dev_get(req.dev_id))) 388 return -ENODEV; 389 390 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 391 rfcomm_dev_put(dev); 392 return -EPERM; 393 } 394 395 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 396 rfcomm_dlc_close(dev->dlc, 0); 397 398 /* Shut down TTY synchronously before freeing rfcomm_dev */ 399 if (dev->tty) 400 tty_vhangup(dev->tty); 401 402 rfcomm_dev_del(dev); 403 rfcomm_dev_put(dev); 404 return 0; 405 } 406 407 static int rfcomm_get_dev_list(void __user *arg) 408 { 409 struct rfcomm_dev_list_req *dl; 410 struct rfcomm_dev_info *di; 411 struct list_head *p; 412 int n = 0, size, err; 413 u16 dev_num; 414 415 BT_DBG(""); 416 417 if (get_user(dev_num, (u16 __user *) arg)) 418 return -EFAULT; 419 420 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 421 return -EINVAL; 422 423 size = sizeof(*dl) + dev_num * sizeof(*di); 424 425 if (!(dl = kmalloc(size, GFP_KERNEL))) 426 return -ENOMEM; 427 428 di = dl->dev_info; 429 430 read_lock_bh(&rfcomm_dev_lock); 431 432 list_for_each(p, &rfcomm_dev_list) { 433 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 434 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 435 continue; 436 (di + n)->id = dev->id; 437 (di + n)->flags = dev->flags; 438 (di + n)->state = dev->dlc->state; 439 (di + n)->channel = dev->channel; 440 bacpy(&(di + n)->src, &dev->src); 441 bacpy(&(di + n)->dst, &dev->dst); 442 if (++n >= dev_num) 443 break; 444 } 445 446 read_unlock_bh(&rfcomm_dev_lock); 447 448 dl->dev_num = n; 449 size = sizeof(*dl) + n * sizeof(*di); 450 451 err = copy_to_user(arg, dl, size); 452 kfree(dl); 453 454 return err ? -EFAULT : 0; 455 } 456 457 static int rfcomm_get_dev_info(void __user *arg) 458 { 459 struct rfcomm_dev *dev; 460 struct rfcomm_dev_info di; 461 int err = 0; 462 463 BT_DBG(""); 464 465 if (copy_from_user(&di, arg, sizeof(di))) 466 return -EFAULT; 467 468 if (!(dev = rfcomm_dev_get(di.id))) 469 return -ENODEV; 470 471 di.flags = dev->flags; 472 di.channel = dev->channel; 473 di.state = dev->dlc->state; 474 bacpy(&di.src, &dev->src); 475 bacpy(&di.dst, &dev->dst); 476 477 if (copy_to_user(arg, &di, sizeof(di))) 478 err = -EFAULT; 479 480 rfcomm_dev_put(dev); 481 return err; 482 } 483 484 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 485 { 486 BT_DBG("cmd %d arg %p", cmd, arg); 487 488 switch (cmd) { 489 case RFCOMMCREATEDEV: 490 return rfcomm_create_dev(sk, arg); 491 492 case RFCOMMRELEASEDEV: 493 return rfcomm_release_dev(arg); 494 495 case RFCOMMGETDEVLIST: 496 return rfcomm_get_dev_list(arg); 497 498 case RFCOMMGETDEVINFO: 499 return rfcomm_get_dev_info(arg); 500 } 501 502 return -EINVAL; 503 } 504 505 /* ---- DLC callbacks ---- */ 506 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 507 { 508 struct rfcomm_dev *dev = dlc->owner; 509 struct tty_struct *tty; 510 511 if (!dev || !(tty = dev->tty)) { 512 kfree_skb(skb); 513 return; 514 } 515 516 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 517 518 tty_insert_flip_string(tty, skb->data, skb->len); 519 tty_flip_buffer_push(tty); 520 521 kfree_skb(skb); 522 } 523 524 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 525 { 526 struct rfcomm_dev *dev = dlc->owner; 527 if (!dev) 528 return; 529 530 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 531 532 dev->err = err; 533 wake_up_interruptible(&dev->wait); 534 535 if (dlc->state == BT_CLOSED) { 536 if (!dev->tty) { 537 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 538 if (rfcomm_dev_get(dev->id) == NULL) 539 return; 540 541 rfcomm_dev_del(dev); 542 /* We have to drop DLC lock here, otherwise 543 rfcomm_dev_put() will dead lock if it's 544 the last reference. */ 545 rfcomm_dlc_unlock(dlc); 546 rfcomm_dev_put(dev); 547 rfcomm_dlc_lock(dlc); 548 } 549 } else 550 tty_hangup(dev->tty); 551 } 552 } 553 554 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 555 { 556 struct rfcomm_dev *dev = dlc->owner; 557 if (!dev) 558 return; 559 560 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 561 562 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 563 if (dev->tty && !C_CLOCAL(dev->tty)) 564 tty_hangup(dev->tty); 565 } 566 567 dev->modem_status = 568 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 569 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 570 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 571 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 572 } 573 574 /* ---- TTY functions ---- */ 575 static void rfcomm_tty_wakeup(unsigned long arg) 576 { 577 struct rfcomm_dev *dev = (void *) arg; 578 struct tty_struct *tty = dev->tty; 579 if (!tty) 580 return; 581 582 BT_DBG("dev %p tty %p", dev, tty); 583 584 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 585 (tty->ldisc.write_wakeup)(tty); 586 587 wake_up_interruptible(&tty->write_wait); 588 #ifdef SERIAL_HAVE_POLL_WAIT 589 wake_up_interruptible(&tty->poll_wait); 590 #endif 591 } 592 593 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 594 { 595 DECLARE_WAITQUEUE(wait, current); 596 struct rfcomm_dev *dev; 597 struct rfcomm_dlc *dlc; 598 int err, id; 599 600 id = tty->index; 601 602 BT_DBG("tty %p id %d", tty, id); 603 604 /* We don't leak this refcount. For reasons which are not entirely 605 clear, the TTY layer will call our ->close() method even if the 606 open fails. We decrease the refcount there, and decreasing it 607 here too would cause breakage. */ 608 dev = rfcomm_dev_get(id); 609 if (!dev) 610 return -ENODEV; 611 612 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 613 614 if (dev->opened++ != 0) 615 return 0; 616 617 dlc = dev->dlc; 618 619 /* Attach TTY and open DLC */ 620 621 rfcomm_dlc_lock(dlc); 622 tty->driver_data = dev; 623 dev->tty = tty; 624 rfcomm_dlc_unlock(dlc); 625 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 626 627 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 628 if (err < 0) 629 return err; 630 631 /* Wait for DLC to connect */ 632 add_wait_queue(&dev->wait, &wait); 633 while (1) { 634 set_current_state(TASK_INTERRUPTIBLE); 635 636 if (dlc->state == BT_CLOSED) { 637 err = -dev->err; 638 break; 639 } 640 641 if (dlc->state == BT_CONNECTED) 642 break; 643 644 if (signal_pending(current)) { 645 err = -EINTR; 646 break; 647 } 648 649 schedule(); 650 } 651 set_current_state(TASK_RUNNING); 652 remove_wait_queue(&dev->wait, &wait); 653 654 if (err == 0) 655 device_move(dev->tty_dev, rfcomm_get_device(dev)); 656 657 return err; 658 } 659 660 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 661 { 662 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 663 if (!dev) 664 return; 665 666 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 667 668 if (--dev->opened == 0) { 669 device_move(dev->tty_dev, NULL); 670 671 /* Close DLC and dettach TTY */ 672 rfcomm_dlc_close(dev->dlc, 0); 673 674 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 675 tasklet_kill(&dev->wakeup_task); 676 677 rfcomm_dlc_lock(dev->dlc); 678 tty->driver_data = NULL; 679 dev->tty = NULL; 680 rfcomm_dlc_unlock(dev->dlc); 681 } 682 683 rfcomm_dev_put(dev); 684 } 685 686 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 687 { 688 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 689 struct rfcomm_dlc *dlc = dev->dlc; 690 struct sk_buff *skb; 691 int err = 0, sent = 0, size; 692 693 BT_DBG("tty %p count %d", tty, count); 694 695 while (count) { 696 size = min_t(uint, count, dlc->mtu); 697 698 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 699 700 if (!skb) 701 break; 702 703 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 704 705 memcpy(skb_put(skb, size), buf + sent, size); 706 707 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 708 kfree_skb(skb); 709 break; 710 } 711 712 sent += size; 713 count -= size; 714 } 715 716 return sent ? sent : err; 717 } 718 719 static int rfcomm_tty_write_room(struct tty_struct *tty) 720 { 721 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 722 int room; 723 724 BT_DBG("tty %p", tty); 725 726 if (!dev || !dev->dlc) 727 return 0; 728 729 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 730 if (room < 0) 731 room = 0; 732 733 return room; 734 } 735 736 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 737 { 738 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 739 740 switch (cmd) { 741 case TCGETS: 742 BT_DBG("TCGETS is not supported"); 743 return -ENOIOCTLCMD; 744 745 case TCSETS: 746 BT_DBG("TCSETS is not supported"); 747 return -ENOIOCTLCMD; 748 749 case TIOCMIWAIT: 750 BT_DBG("TIOCMIWAIT"); 751 break; 752 753 case TIOCGICOUNT: 754 BT_DBG("TIOCGICOUNT"); 755 break; 756 757 case TIOCGSERIAL: 758 BT_ERR("TIOCGSERIAL is not supported"); 759 return -ENOIOCTLCMD; 760 761 case TIOCSSERIAL: 762 BT_ERR("TIOCSSERIAL is not supported"); 763 return -ENOIOCTLCMD; 764 765 case TIOCSERGSTRUCT: 766 BT_ERR("TIOCSERGSTRUCT is not supported"); 767 return -ENOIOCTLCMD; 768 769 case TIOCSERGETLSR: 770 BT_ERR("TIOCSERGETLSR is not supported"); 771 return -ENOIOCTLCMD; 772 773 case TIOCSERCONFIG: 774 BT_ERR("TIOCSERCONFIG is not supported"); 775 return -ENOIOCTLCMD; 776 777 default: 778 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 779 780 } 781 782 return -ENOIOCTLCMD; 783 } 784 785 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 786 { 787 struct ktermios *new = tty->termios; 788 int old_baud_rate = tty_termios_baud_rate(old); 789 int new_baud_rate = tty_termios_baud_rate(new); 790 791 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 792 u16 changes = 0; 793 794 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 795 796 BT_DBG("tty %p termios %p", tty, old); 797 798 if (!dev || !dev->dlc || !dev->dlc->session) 799 return; 800 801 /* Handle turning off CRTSCTS */ 802 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 803 BT_DBG("Turning off CRTSCTS unsupported"); 804 805 /* Parity on/off and when on, odd/even */ 806 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 807 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 808 changes |= RFCOMM_RPN_PM_PARITY; 809 BT_DBG("Parity change detected."); 810 } 811 812 /* Mark and space parity are not supported! */ 813 if (new->c_cflag & PARENB) { 814 if (new->c_cflag & PARODD) { 815 BT_DBG("Parity is ODD"); 816 parity = RFCOMM_RPN_PARITY_ODD; 817 } else { 818 BT_DBG("Parity is EVEN"); 819 parity = RFCOMM_RPN_PARITY_EVEN; 820 } 821 } else { 822 BT_DBG("Parity is OFF"); 823 parity = RFCOMM_RPN_PARITY_NONE; 824 } 825 826 /* Setting the x_on / x_off characters */ 827 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 828 BT_DBG("XOFF custom"); 829 x_on = new->c_cc[VSTOP]; 830 changes |= RFCOMM_RPN_PM_XON; 831 } else { 832 BT_DBG("XOFF default"); 833 x_on = RFCOMM_RPN_XON_CHAR; 834 } 835 836 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 837 BT_DBG("XON custom"); 838 x_off = new->c_cc[VSTART]; 839 changes |= RFCOMM_RPN_PM_XOFF; 840 } else { 841 BT_DBG("XON default"); 842 x_off = RFCOMM_RPN_XOFF_CHAR; 843 } 844 845 /* Handle setting of stop bits */ 846 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 847 changes |= RFCOMM_RPN_PM_STOP; 848 849 /* POSIX does not support 1.5 stop bits and RFCOMM does not 850 * support 2 stop bits. So a request for 2 stop bits gets 851 * translated to 1.5 stop bits */ 852 if (new->c_cflag & CSTOPB) { 853 stop_bits = RFCOMM_RPN_STOP_15; 854 } else { 855 stop_bits = RFCOMM_RPN_STOP_1; 856 } 857 858 /* Handle number of data bits [5-8] */ 859 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 860 changes |= RFCOMM_RPN_PM_DATA; 861 862 switch (new->c_cflag & CSIZE) { 863 case CS5: 864 data_bits = RFCOMM_RPN_DATA_5; 865 break; 866 case CS6: 867 data_bits = RFCOMM_RPN_DATA_6; 868 break; 869 case CS7: 870 data_bits = RFCOMM_RPN_DATA_7; 871 break; 872 case CS8: 873 data_bits = RFCOMM_RPN_DATA_8; 874 break; 875 default: 876 data_bits = RFCOMM_RPN_DATA_8; 877 break; 878 } 879 880 /* Handle baudrate settings */ 881 if (old_baud_rate != new_baud_rate) 882 changes |= RFCOMM_RPN_PM_BITRATE; 883 884 switch (new_baud_rate) { 885 case 2400: 886 baud = RFCOMM_RPN_BR_2400; 887 break; 888 case 4800: 889 baud = RFCOMM_RPN_BR_4800; 890 break; 891 case 7200: 892 baud = RFCOMM_RPN_BR_7200; 893 break; 894 case 9600: 895 baud = RFCOMM_RPN_BR_9600; 896 break; 897 case 19200: 898 baud = RFCOMM_RPN_BR_19200; 899 break; 900 case 38400: 901 baud = RFCOMM_RPN_BR_38400; 902 break; 903 case 57600: 904 baud = RFCOMM_RPN_BR_57600; 905 break; 906 case 115200: 907 baud = RFCOMM_RPN_BR_115200; 908 break; 909 case 230400: 910 baud = RFCOMM_RPN_BR_230400; 911 break; 912 default: 913 /* 9600 is standard accordinag to the RFCOMM specification */ 914 baud = RFCOMM_RPN_BR_9600; 915 break; 916 917 } 918 919 if (changes) 920 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 921 data_bits, stop_bits, parity, 922 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 923 924 return; 925 } 926 927 static void rfcomm_tty_throttle(struct tty_struct *tty) 928 { 929 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 930 931 BT_DBG("tty %p dev %p", tty, dev); 932 933 rfcomm_dlc_throttle(dev->dlc); 934 } 935 936 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 937 { 938 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 939 940 BT_DBG("tty %p dev %p", tty, dev); 941 942 rfcomm_dlc_unthrottle(dev->dlc); 943 } 944 945 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 946 { 947 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 948 949 BT_DBG("tty %p dev %p", tty, dev); 950 951 if (!dev || !dev->dlc) 952 return 0; 953 954 if (!skb_queue_empty(&dev->dlc->tx_queue)) 955 return dev->dlc->mtu; 956 957 return 0; 958 } 959 960 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 961 { 962 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 963 964 BT_DBG("tty %p dev %p", tty, dev); 965 966 if (!dev || !dev->dlc) 967 return; 968 969 skb_queue_purge(&dev->dlc->tx_queue); 970 971 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 972 tty->ldisc.write_wakeup(tty); 973 } 974 975 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 976 { 977 BT_DBG("tty %p ch %c", tty, ch); 978 } 979 980 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 981 { 982 BT_DBG("tty %p timeout %d", tty, timeout); 983 } 984 985 static void rfcomm_tty_hangup(struct tty_struct *tty) 986 { 987 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 988 989 BT_DBG("tty %p dev %p", tty, dev); 990 991 if (!dev) 992 return; 993 994 rfcomm_tty_flush_buffer(tty); 995 996 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 997 if (rfcomm_dev_get(dev->id) == NULL) 998 return; 999 rfcomm_dev_del(dev); 1000 rfcomm_dev_put(dev); 1001 } 1002 } 1003 1004 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1005 { 1006 return 0; 1007 } 1008 1009 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1010 { 1011 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1012 1013 BT_DBG("tty %p dev %p", tty, dev); 1014 1015 return dev->modem_status; 1016 } 1017 1018 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1019 { 1020 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1021 struct rfcomm_dlc *dlc = dev->dlc; 1022 u8 v24_sig; 1023 1024 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1025 1026 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1027 1028 if (set & TIOCM_DSR || set & TIOCM_DTR) 1029 v24_sig |= RFCOMM_V24_RTC; 1030 if (set & TIOCM_RTS || set & TIOCM_CTS) 1031 v24_sig |= RFCOMM_V24_RTR; 1032 if (set & TIOCM_RI) 1033 v24_sig |= RFCOMM_V24_IC; 1034 if (set & TIOCM_CD) 1035 v24_sig |= RFCOMM_V24_DV; 1036 1037 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1038 v24_sig &= ~RFCOMM_V24_RTC; 1039 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1040 v24_sig &= ~RFCOMM_V24_RTR; 1041 if (clear & TIOCM_RI) 1042 v24_sig &= ~RFCOMM_V24_IC; 1043 if (clear & TIOCM_CD) 1044 v24_sig &= ~RFCOMM_V24_DV; 1045 1046 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1047 1048 return 0; 1049 } 1050 1051 /* ---- TTY structure ---- */ 1052 1053 static const struct tty_operations rfcomm_ops = { 1054 .open = rfcomm_tty_open, 1055 .close = rfcomm_tty_close, 1056 .write = rfcomm_tty_write, 1057 .write_room = rfcomm_tty_write_room, 1058 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1059 .flush_buffer = rfcomm_tty_flush_buffer, 1060 .ioctl = rfcomm_tty_ioctl, 1061 .throttle = rfcomm_tty_throttle, 1062 .unthrottle = rfcomm_tty_unthrottle, 1063 .set_termios = rfcomm_tty_set_termios, 1064 .send_xchar = rfcomm_tty_send_xchar, 1065 .hangup = rfcomm_tty_hangup, 1066 .wait_until_sent = rfcomm_tty_wait_until_sent, 1067 .read_proc = rfcomm_tty_read_proc, 1068 .tiocmget = rfcomm_tty_tiocmget, 1069 .tiocmset = rfcomm_tty_tiocmset, 1070 }; 1071 1072 int rfcomm_init_ttys(void) 1073 { 1074 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1075 if (!rfcomm_tty_driver) 1076 return -1; 1077 1078 rfcomm_tty_driver->owner = THIS_MODULE; 1079 rfcomm_tty_driver->driver_name = "rfcomm"; 1080 rfcomm_tty_driver->name = "rfcomm"; 1081 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1082 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1083 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1084 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1085 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1086 rfcomm_tty_driver->init_termios = tty_std_termios; 1087 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1088 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1089 1090 if (tty_register_driver(rfcomm_tty_driver)) { 1091 BT_ERR("Can't register RFCOMM TTY driver"); 1092 put_tty_driver(rfcomm_tty_driver); 1093 return -1; 1094 } 1095 1096 BT_INFO("RFCOMM TTY layer initialized"); 1097 1098 return 0; 1099 } 1100 1101 void rfcomm_cleanup_ttys(void) 1102 { 1103 tty_unregister_driver(rfcomm_tty_driver); 1104 put_tty_driver(rfcomm_tty_driver); 1105 } 1106