Loading...
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 */
27
28#include <linux/module.h>
29
30#include <linux/tty.h>
31#include <linux/tty_driver.h>
32#include <linux/tty_flip.h>
33
34#include <linux/capability.h>
35#include <linux/slab.h>
36#include <linux/skbuff.h>
37#include <linux/workqueue.h>
38
39#include <net/bluetooth/bluetooth.h>
40#include <net/bluetooth/hci_core.h>
41#include <net/bluetooth/rfcomm.h>
42
43#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
44#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
45#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
46#define RFCOMM_TTY_MINOR 0
47
48static struct tty_driver *rfcomm_tty_driver;
49
50struct rfcomm_dev {
51 struct tty_port port;
52 struct list_head list;
53
54 char name[12];
55 int id;
56 unsigned long flags;
57 int err;
58
59 bdaddr_t src;
60 bdaddr_t dst;
61 u8 channel;
62
63 uint modem_status;
64
65 struct rfcomm_dlc *dlc;
66 wait_queue_head_t wait;
67
68 struct device *tty_dev;
69
70 atomic_t wmem_alloc;
71
72 struct sk_buff_head pending;
73};
74
75static LIST_HEAD(rfcomm_dev_list);
76static DEFINE_SPINLOCK(rfcomm_dev_lock);
77
78static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
79static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
80static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
81
82/* ---- Device functions ---- */
83
84/*
85 * The reason this isn't actually a race, as you no doubt have a little voice
86 * screaming at you in your head, is that the refcount should never actually
87 * reach zero unless the device has already been taken off the list, in
88 * rfcomm_dev_del(). And if that's not true, we'll hit the BUG() in
89 * rfcomm_dev_destruct() anyway.
90 */
91static void rfcomm_dev_destruct(struct tty_port *port)
92{
93 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
94 struct rfcomm_dlc *dlc = dev->dlc;
95
96 BT_DBG("dev %p dlc %p", dev, dlc);
97
98 /* Refcount should only hit zero when called from rfcomm_dev_del()
99 which will have taken us off the list. Everything else are
100 refcounting bugs. */
101 BUG_ON(!list_empty(&dev->list));
102
103 rfcomm_dlc_lock(dlc);
104 /* Detach DLC if it's owned by this dev */
105 if (dlc->owner == dev)
106 dlc->owner = NULL;
107 rfcomm_dlc_unlock(dlc);
108
109 rfcomm_dlc_put(dlc);
110
111 tty_unregister_device(rfcomm_tty_driver, dev->id);
112
113 kfree(dev);
114
115 /* It's safe to call module_put() here because socket still
116 holds reference to this module. */
117 module_put(THIS_MODULE);
118}
119
120static const struct tty_port_operations rfcomm_port_ops = {
121 .destruct = rfcomm_dev_destruct,
122};
123
124static struct rfcomm_dev *__rfcomm_dev_get(int id)
125{
126 struct rfcomm_dev *dev;
127
128 list_for_each_entry(dev, &rfcomm_dev_list, list)
129 if (dev->id == id)
130 return dev;
131
132 return NULL;
133}
134
135static inline struct rfcomm_dev *rfcomm_dev_get(int id)
136{
137 struct rfcomm_dev *dev;
138
139 spin_lock(&rfcomm_dev_lock);
140
141 dev = __rfcomm_dev_get(id);
142
143 if (dev) {
144 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
145 dev = NULL;
146 else
147 tty_port_get(&dev->port);
148 }
149
150 spin_unlock(&rfcomm_dev_lock);
151
152 return dev;
153}
154
155static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
156{
157 struct hci_dev *hdev;
158 struct hci_conn *conn;
159
160 hdev = hci_get_route(&dev->dst, &dev->src);
161 if (!hdev)
162 return NULL;
163
164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
165
166 hci_dev_put(hdev);
167
168 return conn ? &conn->dev : NULL;
169}
170
171static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
172{
173 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
174 return sprintf(buf, "%s\n", batostr(&dev->dst));
175}
176
177static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
178{
179 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
180 return sprintf(buf, "%d\n", dev->channel);
181}
182
183static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
184static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
185
186static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
187{
188 struct rfcomm_dev *dev, *entry;
189 struct list_head *head = &rfcomm_dev_list;
190 int err = 0;
191
192 BT_DBG("id %d channel %d", req->dev_id, req->channel);
193
194 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
195 if (!dev)
196 return -ENOMEM;
197
198 spin_lock(&rfcomm_dev_lock);
199
200 if (req->dev_id < 0) {
201 dev->id = 0;
202
203 list_for_each_entry(entry, &rfcomm_dev_list, list) {
204 if (entry->id != dev->id)
205 break;
206
207 dev->id++;
208 head = &entry->list;
209 }
210 } else {
211 dev->id = req->dev_id;
212
213 list_for_each_entry(entry, &rfcomm_dev_list, list) {
214 if (entry->id == dev->id) {
215 err = -EADDRINUSE;
216 goto out;
217 }
218
219 if (entry->id > dev->id - 1)
220 break;
221
222 head = &entry->list;
223 }
224 }
225
226 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
227 err = -ENFILE;
228 goto out;
229 }
230
231 sprintf(dev->name, "rfcomm%d", dev->id);
232
233 list_add(&dev->list, head);
234
235 bacpy(&dev->src, &req->src);
236 bacpy(&dev->dst, &req->dst);
237 dev->channel = req->channel;
238
239 dev->flags = req->flags &
240 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
241
242 tty_port_init(&dev->port);
243 dev->port.ops = &rfcomm_port_ops;
244 init_waitqueue_head(&dev->wait);
245
246 skb_queue_head_init(&dev->pending);
247
248 rfcomm_dlc_lock(dlc);
249
250 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
251 struct sock *sk = dlc->owner;
252 struct sk_buff *skb;
253
254 BUG_ON(!sk);
255
256 rfcomm_dlc_throttle(dlc);
257
258 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
259 skb_orphan(skb);
260 skb_queue_tail(&dev->pending, skb);
261 atomic_sub(skb->len, &sk->sk_rmem_alloc);
262 }
263 }
264
265 dlc->data_ready = rfcomm_dev_data_ready;
266 dlc->state_change = rfcomm_dev_state_change;
267 dlc->modem_status = rfcomm_dev_modem_status;
268
269 dlc->owner = dev;
270 dev->dlc = dlc;
271
272 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
273
274 rfcomm_dlc_unlock(dlc);
275
276 /* It's safe to call __module_get() here because socket already
277 holds reference to this module. */
278 __module_get(THIS_MODULE);
279
280out:
281 spin_unlock(&rfcomm_dev_lock);
282
283 if (err < 0)
284 goto free;
285
286 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
287
288 if (IS_ERR(dev->tty_dev)) {
289 err = PTR_ERR(dev->tty_dev);
290 list_del(&dev->list);
291 goto free;
292 }
293
294 dev_set_drvdata(dev->tty_dev, dev);
295
296 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
297 BT_ERR("Failed to create address attribute");
298
299 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
300 BT_ERR("Failed to create channel attribute");
301
302 return dev->id;
303
304free:
305 kfree(dev);
306 return err;
307}
308
309static void rfcomm_dev_del(struct rfcomm_dev *dev)
310{
311 unsigned long flags;
312 BT_DBG("dev %p", dev);
313
314 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
315
316 spin_lock_irqsave(&dev->port.lock, flags);
317 if (dev->port.count > 0) {
318 spin_unlock_irqrestore(&dev->port.lock, flags);
319 return;
320 }
321 spin_unlock_irqrestore(&dev->port.lock, flags);
322
323 spin_lock(&rfcomm_dev_lock);
324 list_del_init(&dev->list);
325 spin_unlock(&rfcomm_dev_lock);
326
327 tty_port_put(&dev->port);
328}
329
330/* ---- Send buffer ---- */
331static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
332{
333 /* We can't let it be zero, because we don't get a callback
334 when tx_credits becomes nonzero, hence we'd never wake up */
335 return dlc->mtu * (dlc->tx_credits?:1);
336}
337
338static void rfcomm_wfree(struct sk_buff *skb)
339{
340 struct rfcomm_dev *dev = (void *) skb->sk;
341 struct tty_struct *tty = dev->port.tty;
342 atomic_sub(skb->truesize, &dev->wmem_alloc);
343 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags) && tty)
344 tty_wakeup(tty);
345 tty_port_put(&dev->port);
346}
347
348static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
349{
350 tty_port_get(&dev->port);
351 atomic_add(skb->truesize, &dev->wmem_alloc);
352 skb->sk = (void *) dev;
353 skb->destructor = rfcomm_wfree;
354}
355
356static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
357{
358 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
359 struct sk_buff *skb = alloc_skb(size, priority);
360 if (skb) {
361 rfcomm_set_owner_w(skb, dev);
362 return skb;
363 }
364 }
365 return NULL;
366}
367
368/* ---- Device IOCTLs ---- */
369
370#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
371
372static int rfcomm_create_dev(struct sock *sk, void __user *arg)
373{
374 struct rfcomm_dev_req req;
375 struct rfcomm_dlc *dlc;
376 int id;
377
378 if (copy_from_user(&req, arg, sizeof(req)))
379 return -EFAULT;
380
381 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
382
383 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
384 return -EPERM;
385
386 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
387 /* Socket must be connected */
388 if (sk->sk_state != BT_CONNECTED)
389 return -EBADFD;
390
391 dlc = rfcomm_pi(sk)->dlc;
392 rfcomm_dlc_hold(dlc);
393 } else {
394 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
395 if (!dlc)
396 return -ENOMEM;
397 }
398
399 id = rfcomm_dev_add(&req, dlc);
400 if (id < 0) {
401 rfcomm_dlc_put(dlc);
402 return id;
403 }
404
405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
406 /* DLC is now used by device.
407 * Socket must be disconnected */
408 sk->sk_state = BT_CLOSED;
409 }
410
411 return id;
412}
413
414static int rfcomm_release_dev(void __user *arg)
415{
416 struct rfcomm_dev_req req;
417 struct rfcomm_dev *dev;
418
419 if (copy_from_user(&req, arg, sizeof(req)))
420 return -EFAULT;
421
422 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
423
424 dev = rfcomm_dev_get(req.dev_id);
425 if (!dev)
426 return -ENODEV;
427
428 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
429 tty_port_put(&dev->port);
430 return -EPERM;
431 }
432
433 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
434 rfcomm_dlc_close(dev->dlc, 0);
435
436 /* Shut down TTY synchronously before freeing rfcomm_dev */
437 if (dev->port.tty)
438 tty_vhangup(dev->port.tty);
439
440 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
441 rfcomm_dev_del(dev);
442 tty_port_put(&dev->port);
443 return 0;
444}
445
446static int rfcomm_get_dev_list(void __user *arg)
447{
448 struct rfcomm_dev *dev;
449 struct rfcomm_dev_list_req *dl;
450 struct rfcomm_dev_info *di;
451 int n = 0, size, err;
452 u16 dev_num;
453
454 BT_DBG("");
455
456 if (get_user(dev_num, (u16 __user *) arg))
457 return -EFAULT;
458
459 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
460 return -EINVAL;
461
462 size = sizeof(*dl) + dev_num * sizeof(*di);
463
464 dl = kzalloc(size, GFP_KERNEL);
465 if (!dl)
466 return -ENOMEM;
467
468 di = dl->dev_info;
469
470 spin_lock(&rfcomm_dev_lock);
471
472 list_for_each_entry(dev, &rfcomm_dev_list, list) {
473 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
474 continue;
475 (di + n)->id = dev->id;
476 (di + n)->flags = dev->flags;
477 (di + n)->state = dev->dlc->state;
478 (di + n)->channel = dev->channel;
479 bacpy(&(di + n)->src, &dev->src);
480 bacpy(&(di + n)->dst, &dev->dst);
481 if (++n >= dev_num)
482 break;
483 }
484
485 spin_unlock(&rfcomm_dev_lock);
486
487 dl->dev_num = n;
488 size = sizeof(*dl) + n * sizeof(*di);
489
490 err = copy_to_user(arg, dl, size);
491 kfree(dl);
492
493 return err ? -EFAULT : 0;
494}
495
496static int rfcomm_get_dev_info(void __user *arg)
497{
498 struct rfcomm_dev *dev;
499 struct rfcomm_dev_info di;
500 int err = 0;
501
502 BT_DBG("");
503
504 if (copy_from_user(&di, arg, sizeof(di)))
505 return -EFAULT;
506
507 dev = rfcomm_dev_get(di.id);
508 if (!dev)
509 return -ENODEV;
510
511 di.flags = dev->flags;
512 di.channel = dev->channel;
513 di.state = dev->dlc->state;
514 bacpy(&di.src, &dev->src);
515 bacpy(&di.dst, &dev->dst);
516
517 if (copy_to_user(arg, &di, sizeof(di)))
518 err = -EFAULT;
519
520 tty_port_put(&dev->port);
521 return err;
522}
523
524int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
525{
526 BT_DBG("cmd %d arg %p", cmd, arg);
527
528 switch (cmd) {
529 case RFCOMMCREATEDEV:
530 return rfcomm_create_dev(sk, arg);
531
532 case RFCOMMRELEASEDEV:
533 return rfcomm_release_dev(arg);
534
535 case RFCOMMGETDEVLIST:
536 return rfcomm_get_dev_list(arg);
537
538 case RFCOMMGETDEVINFO:
539 return rfcomm_get_dev_info(arg);
540 }
541
542 return -EINVAL;
543}
544
545/* ---- DLC callbacks ---- */
546static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
547{
548 struct rfcomm_dev *dev = dlc->owner;
549 struct tty_struct *tty;
550
551 if (!dev) {
552 kfree_skb(skb);
553 return;
554 }
555
556 tty = dev->port.tty;
557 if (!tty || !skb_queue_empty(&dev->pending)) {
558 skb_queue_tail(&dev->pending, skb);
559 return;
560 }
561
562 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
563
564 tty_insert_flip_string(tty, skb->data, skb->len);
565 tty_flip_buffer_push(tty);
566
567 kfree_skb(skb);
568}
569
570static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
571{
572 struct rfcomm_dev *dev = dlc->owner;
573 if (!dev)
574 return;
575
576 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
577
578 dev->err = err;
579 wake_up_interruptible(&dev->wait);
580
581 if (dlc->state == BT_CLOSED) {
582 if (!dev->port.tty) {
583 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
584 /* Drop DLC lock here to avoid deadlock
585 * 1. rfcomm_dev_get will take rfcomm_dev_lock
586 * but in rfcomm_dev_add there's lock order:
587 * rfcomm_dev_lock -> dlc lock
588 * 2. tty_port_put will deadlock if it's
589 * the last reference
590 */
591 rfcomm_dlc_unlock(dlc);
592 if (rfcomm_dev_get(dev->id) == NULL) {
593 rfcomm_dlc_lock(dlc);
594 return;
595 }
596
597 rfcomm_dev_del(dev);
598 tty_port_put(&dev->port);
599 rfcomm_dlc_lock(dlc);
600 }
601 } else
602 tty_hangup(dev->port.tty);
603 }
604}
605
606static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
607{
608 struct rfcomm_dev *dev = dlc->owner;
609 if (!dev)
610 return;
611
612 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
613
614 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
615 if (dev->port.tty && !C_CLOCAL(dev->port.tty))
616 tty_hangup(dev->port.tty);
617 }
618
619 dev->modem_status =
620 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
621 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
622 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
623 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
624}
625
626/* ---- TTY functions ---- */
627static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
628{
629 struct tty_struct *tty = dev->port.tty;
630 struct sk_buff *skb;
631 int inserted = 0;
632
633 if (!tty)
634 return;
635
636 BT_DBG("dev %p tty %p", dev, tty);
637
638 rfcomm_dlc_lock(dev->dlc);
639
640 while ((skb = skb_dequeue(&dev->pending))) {
641 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
642 kfree_skb(skb);
643 }
644
645 rfcomm_dlc_unlock(dev->dlc);
646
647 if (inserted > 0)
648 tty_flip_buffer_push(tty);
649}
650
651static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
652{
653 DECLARE_WAITQUEUE(wait, current);
654 struct rfcomm_dev *dev;
655 struct rfcomm_dlc *dlc;
656 unsigned long flags;
657 int err, id;
658
659 id = tty->index;
660
661 BT_DBG("tty %p id %d", tty, id);
662
663 /* We don't leak this refcount. For reasons which are not entirely
664 clear, the TTY layer will call our ->close() method even if the
665 open fails. We decrease the refcount there, and decreasing it
666 here too would cause breakage. */
667 dev = rfcomm_dev_get(id);
668 if (!dev)
669 return -ENODEV;
670
671 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
672 dev->channel, dev->port.count);
673
674 spin_lock_irqsave(&dev->port.lock, flags);
675 if (++dev->port.count > 1) {
676 spin_unlock_irqrestore(&dev->port.lock, flags);
677 return 0;
678 }
679 spin_unlock_irqrestore(&dev->port.lock, flags);
680
681 dlc = dev->dlc;
682
683 /* Attach TTY and open DLC */
684
685 rfcomm_dlc_lock(dlc);
686 tty->driver_data = dev;
687 dev->port.tty = tty;
688 rfcomm_dlc_unlock(dlc);
689 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
690
691 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
692 if (err < 0)
693 return err;
694
695 /* Wait for DLC to connect */
696 add_wait_queue(&dev->wait, &wait);
697 while (1) {
698 set_current_state(TASK_INTERRUPTIBLE);
699
700 if (dlc->state == BT_CLOSED) {
701 err = -dev->err;
702 break;
703 }
704
705 if (dlc->state == BT_CONNECTED)
706 break;
707
708 if (signal_pending(current)) {
709 err = -EINTR;
710 break;
711 }
712
713 tty_unlock();
714 schedule();
715 tty_lock();
716 }
717 set_current_state(TASK_RUNNING);
718 remove_wait_queue(&dev->wait, &wait);
719
720 if (err == 0)
721 device_move(dev->tty_dev, rfcomm_get_device(dev),
722 DPM_ORDER_DEV_AFTER_PARENT);
723
724 rfcomm_tty_copy_pending(dev);
725
726 rfcomm_dlc_unthrottle(dev->dlc);
727
728 return err;
729}
730
731static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
732{
733 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
734 unsigned long flags;
735
736 if (!dev)
737 return;
738
739 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
740 dev->port.count);
741
742 spin_lock_irqsave(&dev->port.lock, flags);
743 if (!--dev->port.count) {
744 spin_unlock_irqrestore(&dev->port.lock, flags);
745 if (dev->tty_dev->parent)
746 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
747
748 /* Close DLC and dettach TTY */
749 rfcomm_dlc_close(dev->dlc, 0);
750
751 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
752
753 rfcomm_dlc_lock(dev->dlc);
754 tty->driver_data = NULL;
755 dev->port.tty = NULL;
756 rfcomm_dlc_unlock(dev->dlc);
757
758 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
759 spin_lock(&rfcomm_dev_lock);
760 list_del_init(&dev->list);
761 spin_unlock(&rfcomm_dev_lock);
762
763 tty_port_put(&dev->port);
764 }
765 } else
766 spin_unlock_irqrestore(&dev->port.lock, flags);
767
768 tty_port_put(&dev->port);
769}
770
771static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
772{
773 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
774 struct rfcomm_dlc *dlc = dev->dlc;
775 struct sk_buff *skb;
776 int err = 0, sent = 0, size;
777
778 BT_DBG("tty %p count %d", tty, count);
779
780 while (count) {
781 size = min_t(uint, count, dlc->mtu);
782
783 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
784
785 if (!skb)
786 break;
787
788 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
789
790 memcpy(skb_put(skb, size), buf + sent, size);
791
792 err = rfcomm_dlc_send(dlc, skb);
793 if (err < 0) {
794 kfree_skb(skb);
795 break;
796 }
797
798 sent += size;
799 count -= size;
800 }
801
802 return sent ? sent : err;
803}
804
805static int rfcomm_tty_write_room(struct tty_struct *tty)
806{
807 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
808 int room;
809
810 BT_DBG("tty %p", tty);
811
812 if (!dev || !dev->dlc)
813 return 0;
814
815 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
816 if (room < 0)
817 room = 0;
818
819 return room;
820}
821
822static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
823{
824 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
825
826 switch (cmd) {
827 case TCGETS:
828 BT_DBG("TCGETS is not supported");
829 return -ENOIOCTLCMD;
830
831 case TCSETS:
832 BT_DBG("TCSETS is not supported");
833 return -ENOIOCTLCMD;
834
835 case TIOCMIWAIT:
836 BT_DBG("TIOCMIWAIT");
837 break;
838
839 case TIOCGSERIAL:
840 BT_ERR("TIOCGSERIAL is not supported");
841 return -ENOIOCTLCMD;
842
843 case TIOCSSERIAL:
844 BT_ERR("TIOCSSERIAL is not supported");
845 return -ENOIOCTLCMD;
846
847 case TIOCSERGSTRUCT:
848 BT_ERR("TIOCSERGSTRUCT is not supported");
849 return -ENOIOCTLCMD;
850
851 case TIOCSERGETLSR:
852 BT_ERR("TIOCSERGETLSR is not supported");
853 return -ENOIOCTLCMD;
854
855 case TIOCSERCONFIG:
856 BT_ERR("TIOCSERCONFIG is not supported");
857 return -ENOIOCTLCMD;
858
859 default:
860 return -ENOIOCTLCMD; /* ioctls which we must ignore */
861
862 }
863
864 return -ENOIOCTLCMD;
865}
866
867static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
868{
869 struct ktermios *new = tty->termios;
870 int old_baud_rate = tty_termios_baud_rate(old);
871 int new_baud_rate = tty_termios_baud_rate(new);
872
873 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
874 u16 changes = 0;
875
876 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
877
878 BT_DBG("tty %p termios %p", tty, old);
879
880 if (!dev || !dev->dlc || !dev->dlc->session)
881 return;
882
883 /* Handle turning off CRTSCTS */
884 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
885 BT_DBG("Turning off CRTSCTS unsupported");
886
887 /* Parity on/off and when on, odd/even */
888 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
889 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
890 changes |= RFCOMM_RPN_PM_PARITY;
891 BT_DBG("Parity change detected.");
892 }
893
894 /* Mark and space parity are not supported! */
895 if (new->c_cflag & PARENB) {
896 if (new->c_cflag & PARODD) {
897 BT_DBG("Parity is ODD");
898 parity = RFCOMM_RPN_PARITY_ODD;
899 } else {
900 BT_DBG("Parity is EVEN");
901 parity = RFCOMM_RPN_PARITY_EVEN;
902 }
903 } else {
904 BT_DBG("Parity is OFF");
905 parity = RFCOMM_RPN_PARITY_NONE;
906 }
907
908 /* Setting the x_on / x_off characters */
909 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
910 BT_DBG("XOFF custom");
911 x_on = new->c_cc[VSTOP];
912 changes |= RFCOMM_RPN_PM_XON;
913 } else {
914 BT_DBG("XOFF default");
915 x_on = RFCOMM_RPN_XON_CHAR;
916 }
917
918 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
919 BT_DBG("XON custom");
920 x_off = new->c_cc[VSTART];
921 changes |= RFCOMM_RPN_PM_XOFF;
922 } else {
923 BT_DBG("XON default");
924 x_off = RFCOMM_RPN_XOFF_CHAR;
925 }
926
927 /* Handle setting of stop bits */
928 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
929 changes |= RFCOMM_RPN_PM_STOP;
930
931 /* POSIX does not support 1.5 stop bits and RFCOMM does not
932 * support 2 stop bits. So a request for 2 stop bits gets
933 * translated to 1.5 stop bits */
934 if (new->c_cflag & CSTOPB)
935 stop_bits = RFCOMM_RPN_STOP_15;
936 else
937 stop_bits = RFCOMM_RPN_STOP_1;
938
939 /* Handle number of data bits [5-8] */
940 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
941 changes |= RFCOMM_RPN_PM_DATA;
942
943 switch (new->c_cflag & CSIZE) {
944 case CS5:
945 data_bits = RFCOMM_RPN_DATA_5;
946 break;
947 case CS6:
948 data_bits = RFCOMM_RPN_DATA_6;
949 break;
950 case CS7:
951 data_bits = RFCOMM_RPN_DATA_7;
952 break;
953 case CS8:
954 data_bits = RFCOMM_RPN_DATA_8;
955 break;
956 default:
957 data_bits = RFCOMM_RPN_DATA_8;
958 break;
959 }
960
961 /* Handle baudrate settings */
962 if (old_baud_rate != new_baud_rate)
963 changes |= RFCOMM_RPN_PM_BITRATE;
964
965 switch (new_baud_rate) {
966 case 2400:
967 baud = RFCOMM_RPN_BR_2400;
968 break;
969 case 4800:
970 baud = RFCOMM_RPN_BR_4800;
971 break;
972 case 7200:
973 baud = RFCOMM_RPN_BR_7200;
974 break;
975 case 9600:
976 baud = RFCOMM_RPN_BR_9600;
977 break;
978 case 19200:
979 baud = RFCOMM_RPN_BR_19200;
980 break;
981 case 38400:
982 baud = RFCOMM_RPN_BR_38400;
983 break;
984 case 57600:
985 baud = RFCOMM_RPN_BR_57600;
986 break;
987 case 115200:
988 baud = RFCOMM_RPN_BR_115200;
989 break;
990 case 230400:
991 baud = RFCOMM_RPN_BR_230400;
992 break;
993 default:
994 /* 9600 is standard accordinag to the RFCOMM specification */
995 baud = RFCOMM_RPN_BR_9600;
996 break;
997
998 }
999
1000 if (changes)
1001 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1002 data_bits, stop_bits, parity,
1003 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1004}
1005
1006static void rfcomm_tty_throttle(struct tty_struct *tty)
1007{
1008 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1009
1010 BT_DBG("tty %p dev %p", tty, dev);
1011
1012 rfcomm_dlc_throttle(dev->dlc);
1013}
1014
1015static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1016{
1017 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019 BT_DBG("tty %p dev %p", tty, dev);
1020
1021 rfcomm_dlc_unthrottle(dev->dlc);
1022}
1023
1024static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1025{
1026 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1027
1028 BT_DBG("tty %p dev %p", tty, dev);
1029
1030 if (!dev || !dev->dlc)
1031 return 0;
1032
1033 if (!skb_queue_empty(&dev->dlc->tx_queue))
1034 return dev->dlc->mtu;
1035
1036 return 0;
1037}
1038
1039static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1040{
1041 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1042
1043 BT_DBG("tty %p dev %p", tty, dev);
1044
1045 if (!dev || !dev->dlc)
1046 return;
1047
1048 skb_queue_purge(&dev->dlc->tx_queue);
1049 tty_wakeup(tty);
1050}
1051
1052static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1053{
1054 BT_DBG("tty %p ch %c", tty, ch);
1055}
1056
1057static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1058{
1059 BT_DBG("tty %p timeout %d", tty, timeout);
1060}
1061
1062static void rfcomm_tty_hangup(struct tty_struct *tty)
1063{
1064 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1065
1066 BT_DBG("tty %p dev %p", tty, dev);
1067
1068 if (!dev)
1069 return;
1070
1071 rfcomm_tty_flush_buffer(tty);
1072
1073 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1074 if (rfcomm_dev_get(dev->id) == NULL)
1075 return;
1076 rfcomm_dev_del(dev);
1077 tty_port_put(&dev->port);
1078 }
1079}
1080
1081static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1082{
1083 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1084
1085 BT_DBG("tty %p dev %p", tty, dev);
1086
1087 return dev->modem_status;
1088}
1089
1090static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1091{
1092 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1093 struct rfcomm_dlc *dlc = dev->dlc;
1094 u8 v24_sig;
1095
1096 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1097
1098 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1099
1100 if (set & TIOCM_DSR || set & TIOCM_DTR)
1101 v24_sig |= RFCOMM_V24_RTC;
1102 if (set & TIOCM_RTS || set & TIOCM_CTS)
1103 v24_sig |= RFCOMM_V24_RTR;
1104 if (set & TIOCM_RI)
1105 v24_sig |= RFCOMM_V24_IC;
1106 if (set & TIOCM_CD)
1107 v24_sig |= RFCOMM_V24_DV;
1108
1109 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1110 v24_sig &= ~RFCOMM_V24_RTC;
1111 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1112 v24_sig &= ~RFCOMM_V24_RTR;
1113 if (clear & TIOCM_RI)
1114 v24_sig &= ~RFCOMM_V24_IC;
1115 if (clear & TIOCM_CD)
1116 v24_sig &= ~RFCOMM_V24_DV;
1117
1118 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1119
1120 return 0;
1121}
1122
1123/* ---- TTY structure ---- */
1124
1125static const struct tty_operations rfcomm_ops = {
1126 .open = rfcomm_tty_open,
1127 .close = rfcomm_tty_close,
1128 .write = rfcomm_tty_write,
1129 .write_room = rfcomm_tty_write_room,
1130 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1131 .flush_buffer = rfcomm_tty_flush_buffer,
1132 .ioctl = rfcomm_tty_ioctl,
1133 .throttle = rfcomm_tty_throttle,
1134 .unthrottle = rfcomm_tty_unthrottle,
1135 .set_termios = rfcomm_tty_set_termios,
1136 .send_xchar = rfcomm_tty_send_xchar,
1137 .hangup = rfcomm_tty_hangup,
1138 .wait_until_sent = rfcomm_tty_wait_until_sent,
1139 .tiocmget = rfcomm_tty_tiocmget,
1140 .tiocmset = rfcomm_tty_tiocmset,
1141};
1142
1143int __init rfcomm_init_ttys(void)
1144{
1145 int error;
1146
1147 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1148 if (!rfcomm_tty_driver)
1149 return -ENOMEM;
1150
1151 rfcomm_tty_driver->driver_name = "rfcomm";
1152 rfcomm_tty_driver->name = "rfcomm";
1153 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1154 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1155 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1156 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1157 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1158 rfcomm_tty_driver->init_termios = tty_std_termios;
1159 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1160 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1161 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1162
1163 error = tty_register_driver(rfcomm_tty_driver);
1164 if (error) {
1165 BT_ERR("Can't register RFCOMM TTY driver");
1166 put_tty_driver(rfcomm_tty_driver);
1167 return error;
1168 }
1169
1170 BT_INFO("RFCOMM TTY layer initialized");
1171
1172 return 0;
1173}
1174
1175void rfcomm_cleanup_ttys(void)
1176{
1177 tty_unregister_driver(rfcomm_tty_driver);
1178 put_tty_driver(rfcomm_tty_driver);
1179}
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 */
27
28#include <linux/module.h>
29
30#include <linux/tty.h>
31#include <linux/tty_driver.h>
32#include <linux/tty_flip.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41#define RFCOMM_TTY_MINOR 0
42
43static DEFINE_MUTEX(rfcomm_ioctl_mutex);
44static struct tty_driver *rfcomm_tty_driver;
45
46struct rfcomm_dev {
47 struct tty_port port;
48 struct list_head list;
49
50 char name[12];
51 int id;
52 unsigned long flags;
53 int err;
54
55 unsigned long status; /* don't export to userspace */
56
57 bdaddr_t src;
58 bdaddr_t dst;
59 u8 channel;
60
61 uint modem_status;
62
63 struct rfcomm_dlc *dlc;
64
65 struct device *tty_dev;
66
67 atomic_t wmem_alloc;
68
69 struct sk_buff_head pending;
70};
71
72static LIST_HEAD(rfcomm_dev_list);
73static DEFINE_MUTEX(rfcomm_dev_lock);
74
75static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
77static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
78
79/* ---- Device functions ---- */
80
81static void rfcomm_dev_destruct(struct tty_port *port)
82{
83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
84 struct rfcomm_dlc *dlc = dev->dlc;
85
86 BT_DBG("dev %p dlc %p", dev, dlc);
87
88 rfcomm_dlc_lock(dlc);
89 /* Detach DLC if it's owned by this dev */
90 if (dlc->owner == dev)
91 dlc->owner = NULL;
92 rfcomm_dlc_unlock(dlc);
93
94 rfcomm_dlc_put(dlc);
95
96 if (dev->tty_dev)
97 tty_unregister_device(rfcomm_tty_driver, dev->id);
98
99 mutex_lock(&rfcomm_dev_lock);
100 list_del(&dev->list);
101 mutex_unlock(&rfcomm_dev_lock);
102
103 kfree(dev);
104
105 /* It's safe to call module_put() here because socket still
106 holds reference to this module. */
107 module_put(THIS_MODULE);
108}
109
110/* device-specific initialization: open the dlc */
111static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
112{
113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
114 int err;
115
116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
117 if (err)
118 set_bit(TTY_IO_ERROR, &tty->flags);
119 return err;
120}
121
122/* we block the open until the dlc->state becomes BT_CONNECTED */
123static int rfcomm_dev_carrier_raised(struct tty_port *port)
124{
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126
127 return (dev->dlc->state == BT_CONNECTED);
128}
129
130/* device-specific cleanup: close the dlc */
131static void rfcomm_dev_shutdown(struct tty_port *port)
132{
133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
134
135 if (dev->tty_dev->parent)
136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
137
138 /* close the dlc */
139 rfcomm_dlc_close(dev->dlc, 0);
140}
141
142static const struct tty_port_operations rfcomm_port_ops = {
143 .destruct = rfcomm_dev_destruct,
144 .activate = rfcomm_dev_activate,
145 .shutdown = rfcomm_dev_shutdown,
146 .carrier_raised = rfcomm_dev_carrier_raised,
147};
148
149static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
150{
151 struct rfcomm_dev *dev;
152
153 list_for_each_entry(dev, &rfcomm_dev_list, list)
154 if (dev->id == id)
155 return dev;
156
157 return NULL;
158}
159
160static struct rfcomm_dev *rfcomm_dev_get(int id)
161{
162 struct rfcomm_dev *dev;
163
164 mutex_lock(&rfcomm_dev_lock);
165
166 dev = __rfcomm_dev_lookup(id);
167
168 if (dev && !tty_port_get(&dev->port))
169 dev = NULL;
170
171 mutex_unlock(&rfcomm_dev_lock);
172
173 return dev;
174}
175
176static void rfcomm_reparent_device(struct rfcomm_dev *dev)
177{
178 struct hci_dev *hdev;
179 struct hci_conn *conn;
180
181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
182 if (!hdev)
183 return;
184
185 /* The lookup results are unsafe to access without the
186 * hci device lock (FIXME: why is this not documented?)
187 */
188 hci_dev_lock(hdev);
189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
190
191 /* Just because the acl link is in the hash table is no
192 * guarantee the sysfs device has been added ...
193 */
194 if (conn && device_is_registered(&conn->dev))
195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
196
197 hci_dev_unlock(hdev);
198 hci_dev_put(hdev);
199}
200
201static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
202{
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sprintf(buf, "%pMR\n", &dev->dst);
205}
206
207static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
208{
209 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
210 return sprintf(buf, "%d\n", dev->channel);
211}
212
213static DEVICE_ATTR(address, 0444, show_address, NULL);
214static DEVICE_ATTR(channel, 0444, show_channel, NULL);
215
216static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
217 struct rfcomm_dlc *dlc)
218{
219 struct rfcomm_dev *dev, *entry;
220 struct list_head *head = &rfcomm_dev_list;
221 int err = 0;
222
223 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
224 if (!dev)
225 return ERR_PTR(-ENOMEM);
226
227 mutex_lock(&rfcomm_dev_lock);
228
229 if (req->dev_id < 0) {
230 dev->id = 0;
231
232 list_for_each_entry(entry, &rfcomm_dev_list, list) {
233 if (entry->id != dev->id)
234 break;
235
236 dev->id++;
237 head = &entry->list;
238 }
239 } else {
240 dev->id = req->dev_id;
241
242 list_for_each_entry(entry, &rfcomm_dev_list, list) {
243 if (entry->id == dev->id) {
244 err = -EADDRINUSE;
245 goto out;
246 }
247
248 if (entry->id > dev->id - 1)
249 break;
250
251 head = &entry->list;
252 }
253 }
254
255 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
256 err = -ENFILE;
257 goto out;
258 }
259
260 sprintf(dev->name, "rfcomm%d", dev->id);
261
262 list_add(&dev->list, head);
263
264 bacpy(&dev->src, &req->src);
265 bacpy(&dev->dst, &req->dst);
266 dev->channel = req->channel;
267
268 dev->flags = req->flags &
269 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
270
271 tty_port_init(&dev->port);
272 dev->port.ops = &rfcomm_port_ops;
273
274 skb_queue_head_init(&dev->pending);
275
276 rfcomm_dlc_lock(dlc);
277
278 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
279 struct sock *sk = dlc->owner;
280 struct sk_buff *skb;
281
282 BUG_ON(!sk);
283
284 rfcomm_dlc_throttle(dlc);
285
286 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
287 skb_orphan(skb);
288 skb_queue_tail(&dev->pending, skb);
289 atomic_sub(skb->len, &sk->sk_rmem_alloc);
290 }
291 }
292
293 dlc->data_ready = rfcomm_dev_data_ready;
294 dlc->state_change = rfcomm_dev_state_change;
295 dlc->modem_status = rfcomm_dev_modem_status;
296
297 dlc->owner = dev;
298 dev->dlc = dlc;
299
300 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
301
302 rfcomm_dlc_unlock(dlc);
303
304 /* It's safe to call __module_get() here because socket already
305 holds reference to this module. */
306 __module_get(THIS_MODULE);
307
308 mutex_unlock(&rfcomm_dev_lock);
309 return dev;
310
311out:
312 mutex_unlock(&rfcomm_dev_lock);
313 kfree(dev);
314 return ERR_PTR(err);
315}
316
317static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
318{
319 struct rfcomm_dev *dev;
320 struct device *tty;
321
322 BT_DBG("id %d channel %d", req->dev_id, req->channel);
323
324 dev = __rfcomm_dev_add(req, dlc);
325 if (IS_ERR(dev)) {
326 rfcomm_dlc_put(dlc);
327 return PTR_ERR(dev);
328 }
329
330 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
331 dev->id, NULL);
332 if (IS_ERR(tty)) {
333 tty_port_put(&dev->port);
334 return PTR_ERR(tty);
335 }
336
337 dev->tty_dev = tty;
338 rfcomm_reparent_device(dev);
339 dev_set_drvdata(dev->tty_dev, dev);
340
341 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
342 BT_ERR("Failed to create address attribute");
343
344 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
345 BT_ERR("Failed to create channel attribute");
346
347 return dev->id;
348}
349
350/* ---- Send buffer ---- */
351static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
352{
353 struct rfcomm_dlc *dlc = dev->dlc;
354
355 /* Limit the outstanding number of packets not yet sent to 40 */
356 int pending = 40 - atomic_read(&dev->wmem_alloc);
357
358 return max(0, pending) * dlc->mtu;
359}
360
361static void rfcomm_wfree(struct sk_buff *skb)
362{
363 struct rfcomm_dev *dev = (void *) skb->sk;
364 atomic_dec(&dev->wmem_alloc);
365 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
366 tty_port_tty_wakeup(&dev->port);
367 tty_port_put(&dev->port);
368}
369
370static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
371{
372 tty_port_get(&dev->port);
373 atomic_inc(&dev->wmem_alloc);
374 skb->sk = (void *) dev;
375 skb->destructor = rfcomm_wfree;
376}
377
378static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
379{
380 struct sk_buff *skb = alloc_skb(size, priority);
381 if (skb)
382 rfcomm_set_owner_w(skb, dev);
383 return skb;
384}
385
386/* ---- Device IOCTLs ---- */
387
388#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
389
390static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
391{
392 struct rfcomm_dev_req req;
393 struct rfcomm_dlc *dlc;
394 int id;
395
396 if (copy_from_user(&req, arg, sizeof(req)))
397 return -EFAULT;
398
399 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
400
401 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
402 return -EPERM;
403
404 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
405 /* Socket must be connected */
406 if (sk->sk_state != BT_CONNECTED)
407 return -EBADFD;
408
409 dlc = rfcomm_pi(sk)->dlc;
410 rfcomm_dlc_hold(dlc);
411 } else {
412 /* Validate the channel is unused */
413 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
414 if (IS_ERR(dlc))
415 return PTR_ERR(dlc);
416 if (dlc)
417 return -EBUSY;
418 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
419 if (!dlc)
420 return -ENOMEM;
421 }
422
423 id = rfcomm_dev_add(&req, dlc);
424 if (id < 0)
425 return id;
426
427 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
428 /* DLC is now used by device.
429 * Socket must be disconnected */
430 sk->sk_state = BT_CLOSED;
431 }
432
433 return id;
434}
435
436static int __rfcomm_release_dev(void __user *arg)
437{
438 struct rfcomm_dev_req req;
439 struct rfcomm_dev *dev;
440 struct tty_struct *tty;
441
442 if (copy_from_user(&req, arg, sizeof(req)))
443 return -EFAULT;
444
445 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
446
447 dev = rfcomm_dev_get(req.dev_id);
448 if (!dev)
449 return -ENODEV;
450
451 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
452 tty_port_put(&dev->port);
453 return -EPERM;
454 }
455
456 /* only release once */
457 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
458 tty_port_put(&dev->port);
459 return -EALREADY;
460 }
461
462 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
463 rfcomm_dlc_close(dev->dlc, 0);
464
465 /* Shut down TTY synchronously before freeing rfcomm_dev */
466 tty = tty_port_tty_get(&dev->port);
467 if (tty) {
468 tty_vhangup(tty);
469 tty_kref_put(tty);
470 }
471
472 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
473 tty_port_put(&dev->port);
474
475 tty_port_put(&dev->port);
476 return 0;
477}
478
479static int rfcomm_create_dev(struct sock *sk, void __user *arg)
480{
481 int ret;
482
483 mutex_lock(&rfcomm_ioctl_mutex);
484 ret = __rfcomm_create_dev(sk, arg);
485 mutex_unlock(&rfcomm_ioctl_mutex);
486
487 return ret;
488}
489
490static int rfcomm_release_dev(void __user *arg)
491{
492 int ret;
493
494 mutex_lock(&rfcomm_ioctl_mutex);
495 ret = __rfcomm_release_dev(arg);
496 mutex_unlock(&rfcomm_ioctl_mutex);
497
498 return ret;
499}
500
501static int rfcomm_get_dev_list(void __user *arg)
502{
503 struct rfcomm_dev *dev;
504 struct rfcomm_dev_list_req *dl;
505 struct rfcomm_dev_info *di;
506 int n = 0, size, err;
507 u16 dev_num;
508
509 BT_DBG("");
510
511 if (get_user(dev_num, (u16 __user *) arg))
512 return -EFAULT;
513
514 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
515 return -EINVAL;
516
517 size = sizeof(*dl) + dev_num * sizeof(*di);
518
519 dl = kzalloc(size, GFP_KERNEL);
520 if (!dl)
521 return -ENOMEM;
522
523 di = dl->dev_info;
524
525 mutex_lock(&rfcomm_dev_lock);
526
527 list_for_each_entry(dev, &rfcomm_dev_list, list) {
528 if (!tty_port_get(&dev->port))
529 continue;
530 (di + n)->id = dev->id;
531 (di + n)->flags = dev->flags;
532 (di + n)->state = dev->dlc->state;
533 (di + n)->channel = dev->channel;
534 bacpy(&(di + n)->src, &dev->src);
535 bacpy(&(di + n)->dst, &dev->dst);
536 tty_port_put(&dev->port);
537 if (++n >= dev_num)
538 break;
539 }
540
541 mutex_unlock(&rfcomm_dev_lock);
542
543 dl->dev_num = n;
544 size = sizeof(*dl) + n * sizeof(*di);
545
546 err = copy_to_user(arg, dl, size);
547 kfree(dl);
548
549 return err ? -EFAULT : 0;
550}
551
552static int rfcomm_get_dev_info(void __user *arg)
553{
554 struct rfcomm_dev *dev;
555 struct rfcomm_dev_info di;
556 int err = 0;
557
558 BT_DBG("");
559
560 if (copy_from_user(&di, arg, sizeof(di)))
561 return -EFAULT;
562
563 dev = rfcomm_dev_get(di.id);
564 if (!dev)
565 return -ENODEV;
566
567 di.flags = dev->flags;
568 di.channel = dev->channel;
569 di.state = dev->dlc->state;
570 bacpy(&di.src, &dev->src);
571 bacpy(&di.dst, &dev->dst);
572
573 if (copy_to_user(arg, &di, sizeof(di)))
574 err = -EFAULT;
575
576 tty_port_put(&dev->port);
577 return err;
578}
579
580int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
581{
582 BT_DBG("cmd %d arg %p", cmd, arg);
583
584 switch (cmd) {
585 case RFCOMMCREATEDEV:
586 return rfcomm_create_dev(sk, arg);
587
588 case RFCOMMRELEASEDEV:
589 return rfcomm_release_dev(arg);
590
591 case RFCOMMGETDEVLIST:
592 return rfcomm_get_dev_list(arg);
593
594 case RFCOMMGETDEVINFO:
595 return rfcomm_get_dev_info(arg);
596 }
597
598 return -EINVAL;
599}
600
601/* ---- DLC callbacks ---- */
602static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
603{
604 struct rfcomm_dev *dev = dlc->owner;
605
606 if (!dev) {
607 kfree_skb(skb);
608 return;
609 }
610
611 if (!skb_queue_empty(&dev->pending)) {
612 skb_queue_tail(&dev->pending, skb);
613 return;
614 }
615
616 BT_DBG("dlc %p len %d", dlc, skb->len);
617
618 tty_insert_flip_string(&dev->port, skb->data, skb->len);
619 tty_flip_buffer_push(&dev->port);
620
621 kfree_skb(skb);
622}
623
624static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
625{
626 struct rfcomm_dev *dev = dlc->owner;
627 if (!dev)
628 return;
629
630 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
631
632 dev->err = err;
633 if (dlc->state == BT_CONNECTED) {
634 rfcomm_reparent_device(dev);
635
636 wake_up_interruptible(&dev->port.open_wait);
637 } else if (dlc->state == BT_CLOSED)
638 tty_port_tty_hangup(&dev->port, false);
639}
640
641static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
642{
643 struct rfcomm_dev *dev = dlc->owner;
644 if (!dev)
645 return;
646
647 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
648
649 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
650 tty_port_tty_hangup(&dev->port, true);
651
652 dev->modem_status =
653 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
654 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
655 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
656 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
657}
658
659/* ---- TTY functions ---- */
660static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
661{
662 struct sk_buff *skb;
663 int inserted = 0;
664
665 BT_DBG("dev %p", dev);
666
667 rfcomm_dlc_lock(dev->dlc);
668
669 while ((skb = skb_dequeue(&dev->pending))) {
670 inserted += tty_insert_flip_string(&dev->port, skb->data,
671 skb->len);
672 kfree_skb(skb);
673 }
674
675 rfcomm_dlc_unlock(dev->dlc);
676
677 if (inserted > 0)
678 tty_flip_buffer_push(&dev->port);
679}
680
681/* do the reverse of install, clearing the tty fields and releasing the
682 * reference to tty_port
683 */
684static void rfcomm_tty_cleanup(struct tty_struct *tty)
685{
686 struct rfcomm_dev *dev = tty->driver_data;
687
688 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
689
690 rfcomm_dlc_lock(dev->dlc);
691 tty->driver_data = NULL;
692 rfcomm_dlc_unlock(dev->dlc);
693
694 /*
695 * purge the dlc->tx_queue to avoid circular dependencies
696 * between dev and dlc
697 */
698 skb_queue_purge(&dev->dlc->tx_queue);
699
700 tty_port_put(&dev->port);
701}
702
703/* we acquire the tty_port reference since it's here the tty is first used
704 * by setting the termios. We also populate the driver_data field and install
705 * the tty port
706 */
707static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
708{
709 struct rfcomm_dev *dev;
710 struct rfcomm_dlc *dlc;
711 int err;
712
713 dev = rfcomm_dev_get(tty->index);
714 if (!dev)
715 return -ENODEV;
716
717 dlc = dev->dlc;
718
719 /* Attach TTY and open DLC */
720 rfcomm_dlc_lock(dlc);
721 tty->driver_data = dev;
722 rfcomm_dlc_unlock(dlc);
723 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
724
725 /* install the tty_port */
726 err = tty_port_install(&dev->port, driver, tty);
727 if (err) {
728 rfcomm_tty_cleanup(tty);
729 return err;
730 }
731
732 /* take over the tty_port reference if the port was created with the
733 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
734 * when the last process closes the tty. The behaviour is expected by
735 * userspace.
736 */
737 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
738 set_bit(RFCOMM_TTY_OWNED, &dev->status);
739 tty_port_put(&dev->port);
740 }
741
742 return 0;
743}
744
745static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
746{
747 struct rfcomm_dev *dev = tty->driver_data;
748 int err;
749
750 BT_DBG("tty %p id %d", tty, tty->index);
751
752 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
753 dev->channel, dev->port.count);
754
755 err = tty_port_open(&dev->port, tty, filp);
756 if (err)
757 return err;
758
759 /*
760 * FIXME: rfcomm should use proper flow control for
761 * received data. This hack will be unnecessary and can
762 * be removed when that's implemented
763 */
764 rfcomm_tty_copy_pending(dev);
765
766 rfcomm_dlc_unthrottle(dev->dlc);
767
768 return 0;
769}
770
771static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
772{
773 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
774
775 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
776 dev->port.count);
777
778 tty_port_close(&dev->port, tty, filp);
779}
780
781static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
782{
783 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
784 struct rfcomm_dlc *dlc = dev->dlc;
785 struct sk_buff *skb;
786 int sent = 0, size;
787
788 BT_DBG("tty %p count %d", tty, count);
789
790 while (count) {
791 size = min_t(uint, count, dlc->mtu);
792
793 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
794 if (!skb)
795 break;
796
797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
798
799 skb_put_data(skb, buf + sent, size);
800
801 rfcomm_dlc_send_noerror(dlc, skb);
802
803 sent += size;
804 count -= size;
805 }
806
807 return sent;
808}
809
810static int rfcomm_tty_write_room(struct tty_struct *tty)
811{
812 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
813 int room = 0;
814
815 if (dev && dev->dlc)
816 room = rfcomm_room(dev);
817
818 BT_DBG("tty %p room %d", tty, room);
819
820 return room;
821}
822
823static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
824{
825 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
826
827 switch (cmd) {
828 case TCGETS:
829 BT_DBG("TCGETS is not supported");
830 return -ENOIOCTLCMD;
831
832 case TCSETS:
833 BT_DBG("TCSETS is not supported");
834 return -ENOIOCTLCMD;
835
836 case TIOCMIWAIT:
837 BT_DBG("TIOCMIWAIT");
838 break;
839
840 case TIOCSERGETLSR:
841 BT_ERR("TIOCSERGETLSR is not supported");
842 return -ENOIOCTLCMD;
843
844 case TIOCSERCONFIG:
845 BT_ERR("TIOCSERCONFIG is not supported");
846 return -ENOIOCTLCMD;
847
848 default:
849 return -ENOIOCTLCMD; /* ioctls which we must ignore */
850
851 }
852
853 return -ENOIOCTLCMD;
854}
855
856static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
857{
858 struct ktermios *new = &tty->termios;
859 int old_baud_rate = tty_termios_baud_rate(old);
860 int new_baud_rate = tty_termios_baud_rate(new);
861
862 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
863 u16 changes = 0;
864
865 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
866
867 BT_DBG("tty %p termios %p", tty, old);
868
869 if (!dev || !dev->dlc || !dev->dlc->session)
870 return;
871
872 /* Handle turning off CRTSCTS */
873 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
874 BT_DBG("Turning off CRTSCTS unsupported");
875
876 /* Parity on/off and when on, odd/even */
877 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
878 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
879 changes |= RFCOMM_RPN_PM_PARITY;
880 BT_DBG("Parity change detected.");
881 }
882
883 /* Mark and space parity are not supported! */
884 if (new->c_cflag & PARENB) {
885 if (new->c_cflag & PARODD) {
886 BT_DBG("Parity is ODD");
887 parity = RFCOMM_RPN_PARITY_ODD;
888 } else {
889 BT_DBG("Parity is EVEN");
890 parity = RFCOMM_RPN_PARITY_EVEN;
891 }
892 } else {
893 BT_DBG("Parity is OFF");
894 parity = RFCOMM_RPN_PARITY_NONE;
895 }
896
897 /* Setting the x_on / x_off characters */
898 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
899 BT_DBG("XOFF custom");
900 x_on = new->c_cc[VSTOP];
901 changes |= RFCOMM_RPN_PM_XON;
902 } else {
903 BT_DBG("XOFF default");
904 x_on = RFCOMM_RPN_XON_CHAR;
905 }
906
907 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
908 BT_DBG("XON custom");
909 x_off = new->c_cc[VSTART];
910 changes |= RFCOMM_RPN_PM_XOFF;
911 } else {
912 BT_DBG("XON default");
913 x_off = RFCOMM_RPN_XOFF_CHAR;
914 }
915
916 /* Handle setting of stop bits */
917 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
918 changes |= RFCOMM_RPN_PM_STOP;
919
920 /* POSIX does not support 1.5 stop bits and RFCOMM does not
921 * support 2 stop bits. So a request for 2 stop bits gets
922 * translated to 1.5 stop bits */
923 if (new->c_cflag & CSTOPB)
924 stop_bits = RFCOMM_RPN_STOP_15;
925 else
926 stop_bits = RFCOMM_RPN_STOP_1;
927
928 /* Handle number of data bits [5-8] */
929 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
930 changes |= RFCOMM_RPN_PM_DATA;
931
932 switch (new->c_cflag & CSIZE) {
933 case CS5:
934 data_bits = RFCOMM_RPN_DATA_5;
935 break;
936 case CS6:
937 data_bits = RFCOMM_RPN_DATA_6;
938 break;
939 case CS7:
940 data_bits = RFCOMM_RPN_DATA_7;
941 break;
942 case CS8:
943 data_bits = RFCOMM_RPN_DATA_8;
944 break;
945 default:
946 data_bits = RFCOMM_RPN_DATA_8;
947 break;
948 }
949
950 /* Handle baudrate settings */
951 if (old_baud_rate != new_baud_rate)
952 changes |= RFCOMM_RPN_PM_BITRATE;
953
954 switch (new_baud_rate) {
955 case 2400:
956 baud = RFCOMM_RPN_BR_2400;
957 break;
958 case 4800:
959 baud = RFCOMM_RPN_BR_4800;
960 break;
961 case 7200:
962 baud = RFCOMM_RPN_BR_7200;
963 break;
964 case 9600:
965 baud = RFCOMM_RPN_BR_9600;
966 break;
967 case 19200:
968 baud = RFCOMM_RPN_BR_19200;
969 break;
970 case 38400:
971 baud = RFCOMM_RPN_BR_38400;
972 break;
973 case 57600:
974 baud = RFCOMM_RPN_BR_57600;
975 break;
976 case 115200:
977 baud = RFCOMM_RPN_BR_115200;
978 break;
979 case 230400:
980 baud = RFCOMM_RPN_BR_230400;
981 break;
982 default:
983 /* 9600 is standard accordinag to the RFCOMM specification */
984 baud = RFCOMM_RPN_BR_9600;
985 break;
986
987 }
988
989 if (changes)
990 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
991 data_bits, stop_bits, parity,
992 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
993}
994
995static void rfcomm_tty_throttle(struct tty_struct *tty)
996{
997 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
998
999 BT_DBG("tty %p dev %p", tty, dev);
1000
1001 rfcomm_dlc_throttle(dev->dlc);
1002}
1003
1004static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1005{
1006 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1007
1008 BT_DBG("tty %p dev %p", tty, dev);
1009
1010 rfcomm_dlc_unthrottle(dev->dlc);
1011}
1012
1013static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1014{
1015 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1016
1017 BT_DBG("tty %p dev %p", tty, dev);
1018
1019 if (!dev || !dev->dlc)
1020 return 0;
1021
1022 if (!skb_queue_empty(&dev->dlc->tx_queue))
1023 return dev->dlc->mtu;
1024
1025 return 0;
1026}
1027
1028static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1029{
1030 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1031
1032 BT_DBG("tty %p dev %p", tty, dev);
1033
1034 if (!dev || !dev->dlc)
1035 return;
1036
1037 skb_queue_purge(&dev->dlc->tx_queue);
1038 tty_wakeup(tty);
1039}
1040
1041static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1042{
1043 BT_DBG("tty %p ch %c", tty, ch);
1044}
1045
1046static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1047{
1048 BT_DBG("tty %p timeout %d", tty, timeout);
1049}
1050
1051static void rfcomm_tty_hangup(struct tty_struct *tty)
1052{
1053 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1054
1055 BT_DBG("tty %p dev %p", tty, dev);
1056
1057 tty_port_hangup(&dev->port);
1058}
1059
1060static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1061{
1062 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1063
1064 BT_DBG("tty %p dev %p", tty, dev);
1065
1066 return dev->modem_status;
1067}
1068
1069static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1070{
1071 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1072 struct rfcomm_dlc *dlc = dev->dlc;
1073 u8 v24_sig;
1074
1075 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1076
1077 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1078
1079 if (set & TIOCM_DSR || set & TIOCM_DTR)
1080 v24_sig |= RFCOMM_V24_RTC;
1081 if (set & TIOCM_RTS || set & TIOCM_CTS)
1082 v24_sig |= RFCOMM_V24_RTR;
1083 if (set & TIOCM_RI)
1084 v24_sig |= RFCOMM_V24_IC;
1085 if (set & TIOCM_CD)
1086 v24_sig |= RFCOMM_V24_DV;
1087
1088 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1089 v24_sig &= ~RFCOMM_V24_RTC;
1090 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1091 v24_sig &= ~RFCOMM_V24_RTR;
1092 if (clear & TIOCM_RI)
1093 v24_sig &= ~RFCOMM_V24_IC;
1094 if (clear & TIOCM_CD)
1095 v24_sig &= ~RFCOMM_V24_DV;
1096
1097 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1098
1099 return 0;
1100}
1101
1102/* ---- TTY structure ---- */
1103
1104static const struct tty_operations rfcomm_ops = {
1105 .open = rfcomm_tty_open,
1106 .close = rfcomm_tty_close,
1107 .write = rfcomm_tty_write,
1108 .write_room = rfcomm_tty_write_room,
1109 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1110 .flush_buffer = rfcomm_tty_flush_buffer,
1111 .ioctl = rfcomm_tty_ioctl,
1112 .throttle = rfcomm_tty_throttle,
1113 .unthrottle = rfcomm_tty_unthrottle,
1114 .set_termios = rfcomm_tty_set_termios,
1115 .send_xchar = rfcomm_tty_send_xchar,
1116 .hangup = rfcomm_tty_hangup,
1117 .wait_until_sent = rfcomm_tty_wait_until_sent,
1118 .tiocmget = rfcomm_tty_tiocmget,
1119 .tiocmset = rfcomm_tty_tiocmset,
1120 .install = rfcomm_tty_install,
1121 .cleanup = rfcomm_tty_cleanup,
1122};
1123
1124int __init rfcomm_init_ttys(void)
1125{
1126 int error;
1127
1128 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1129 if (!rfcomm_tty_driver)
1130 return -ENOMEM;
1131
1132 rfcomm_tty_driver->driver_name = "rfcomm";
1133 rfcomm_tty_driver->name = "rfcomm";
1134 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1135 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1136 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1137 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1138 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1139 rfcomm_tty_driver->init_termios = tty_std_termios;
1140 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1141 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1142 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1143
1144 error = tty_register_driver(rfcomm_tty_driver);
1145 if (error) {
1146 BT_ERR("Can't register RFCOMM TTY driver");
1147 put_tty_driver(rfcomm_tty_driver);
1148 return error;
1149 }
1150
1151 BT_INFO("RFCOMM TTY layer initialized");
1152
1153 return 0;
1154}
1155
1156void rfcomm_cleanup_ttys(void)
1157{
1158 tty_unregister_driver(rfcomm_tty_driver);
1159 put_tty_driver(rfcomm_tty_driver);
1160}