Loading...
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 */
27
28#include <linux/module.h>
29
30#include <linux/tty.h>
31#include <linux/tty_driver.h>
32#include <linux/tty_flip.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41#define RFCOMM_TTY_MINOR 0
42
43static DEFINE_MUTEX(rfcomm_ioctl_mutex);
44static struct tty_driver *rfcomm_tty_driver;
45
46struct rfcomm_dev {
47 struct tty_port port;
48 struct list_head list;
49
50 char name[12];
51 int id;
52 unsigned long flags;
53 int err;
54
55 unsigned long status; /* don't export to userspace */
56
57 bdaddr_t src;
58 bdaddr_t dst;
59 u8 channel;
60
61 uint modem_status;
62
63 struct rfcomm_dlc *dlc;
64
65 struct device *tty_dev;
66
67 atomic_t wmem_alloc;
68
69 struct sk_buff_head pending;
70};
71
72static LIST_HEAD(rfcomm_dev_list);
73static DEFINE_MUTEX(rfcomm_dev_lock);
74
75static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
77static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
78
79/* ---- Device functions ---- */
80
81static void rfcomm_dev_destruct(struct tty_port *port)
82{
83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
84 struct rfcomm_dlc *dlc = dev->dlc;
85
86 BT_DBG("dev %p dlc %p", dev, dlc);
87
88 rfcomm_dlc_lock(dlc);
89 /* Detach DLC if it's owned by this dev */
90 if (dlc->owner == dev)
91 dlc->owner = NULL;
92 rfcomm_dlc_unlock(dlc);
93
94 rfcomm_dlc_put(dlc);
95
96 if (dev->tty_dev)
97 tty_unregister_device(rfcomm_tty_driver, dev->id);
98
99 mutex_lock(&rfcomm_dev_lock);
100 list_del(&dev->list);
101 mutex_unlock(&rfcomm_dev_lock);
102
103 kfree(dev);
104
105 /* It's safe to call module_put() here because socket still
106 holds reference to this module. */
107 module_put(THIS_MODULE);
108}
109
110/* device-specific initialization: open the dlc */
111static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
112{
113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
114 int err;
115
116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
117 if (err)
118 set_bit(TTY_IO_ERROR, &tty->flags);
119 return err;
120}
121
122/* we block the open until the dlc->state becomes BT_CONNECTED */
123static int rfcomm_dev_carrier_raised(struct tty_port *port)
124{
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126
127 return (dev->dlc->state == BT_CONNECTED);
128}
129
130/* device-specific cleanup: close the dlc */
131static void rfcomm_dev_shutdown(struct tty_port *port)
132{
133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
134
135 if (dev->tty_dev->parent)
136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
137
138 /* close the dlc */
139 rfcomm_dlc_close(dev->dlc, 0);
140}
141
142static const struct tty_port_operations rfcomm_port_ops = {
143 .destruct = rfcomm_dev_destruct,
144 .activate = rfcomm_dev_activate,
145 .shutdown = rfcomm_dev_shutdown,
146 .carrier_raised = rfcomm_dev_carrier_raised,
147};
148
149static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
150{
151 struct rfcomm_dev *dev;
152
153 list_for_each_entry(dev, &rfcomm_dev_list, list)
154 if (dev->id == id)
155 return dev;
156
157 return NULL;
158}
159
160static struct rfcomm_dev *rfcomm_dev_get(int id)
161{
162 struct rfcomm_dev *dev;
163
164 mutex_lock(&rfcomm_dev_lock);
165
166 dev = __rfcomm_dev_lookup(id);
167
168 if (dev && !tty_port_get(&dev->port))
169 dev = NULL;
170
171 mutex_unlock(&rfcomm_dev_lock);
172
173 return dev;
174}
175
176static void rfcomm_reparent_device(struct rfcomm_dev *dev)
177{
178 struct hci_dev *hdev;
179 struct hci_conn *conn;
180
181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
182 if (!hdev)
183 return;
184
185 /* The lookup results are unsafe to access without the
186 * hci device lock (FIXME: why is this not documented?)
187 */
188 hci_dev_lock(hdev);
189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
190
191 /* Just because the acl link is in the hash table is no
192 * guarantee the sysfs device has been added ...
193 */
194 if (conn && device_is_registered(&conn->dev))
195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
196
197 hci_dev_unlock(hdev);
198 hci_dev_put(hdev);
199}
200
201static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
202{
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sprintf(buf, "%pMR\n", &dev->dst);
205}
206
207static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
208{
209 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
210 return sprintf(buf, "%d\n", dev->channel);
211}
212
213static DEVICE_ATTR(address, 0444, show_address, NULL);
214static DEVICE_ATTR(channel, 0444, show_channel, NULL);
215
216static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
217 struct rfcomm_dlc *dlc)
218{
219 struct rfcomm_dev *dev, *entry;
220 struct list_head *head = &rfcomm_dev_list;
221 int err = 0;
222
223 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
224 if (!dev)
225 return ERR_PTR(-ENOMEM);
226
227 mutex_lock(&rfcomm_dev_lock);
228
229 if (req->dev_id < 0) {
230 dev->id = 0;
231
232 list_for_each_entry(entry, &rfcomm_dev_list, list) {
233 if (entry->id != dev->id)
234 break;
235
236 dev->id++;
237 head = &entry->list;
238 }
239 } else {
240 dev->id = req->dev_id;
241
242 list_for_each_entry(entry, &rfcomm_dev_list, list) {
243 if (entry->id == dev->id) {
244 err = -EADDRINUSE;
245 goto out;
246 }
247
248 if (entry->id > dev->id - 1)
249 break;
250
251 head = &entry->list;
252 }
253 }
254
255 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
256 err = -ENFILE;
257 goto out;
258 }
259
260 sprintf(dev->name, "rfcomm%d", dev->id);
261
262 list_add(&dev->list, head);
263
264 bacpy(&dev->src, &req->src);
265 bacpy(&dev->dst, &req->dst);
266 dev->channel = req->channel;
267
268 dev->flags = req->flags &
269 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
270
271 tty_port_init(&dev->port);
272 dev->port.ops = &rfcomm_port_ops;
273
274 skb_queue_head_init(&dev->pending);
275
276 rfcomm_dlc_lock(dlc);
277
278 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
279 struct sock *sk = dlc->owner;
280 struct sk_buff *skb;
281
282 BUG_ON(!sk);
283
284 rfcomm_dlc_throttle(dlc);
285
286 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
287 skb_orphan(skb);
288 skb_queue_tail(&dev->pending, skb);
289 atomic_sub(skb->len, &sk->sk_rmem_alloc);
290 }
291 }
292
293 dlc->data_ready = rfcomm_dev_data_ready;
294 dlc->state_change = rfcomm_dev_state_change;
295 dlc->modem_status = rfcomm_dev_modem_status;
296
297 dlc->owner = dev;
298 dev->dlc = dlc;
299
300 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
301
302 rfcomm_dlc_unlock(dlc);
303
304 /* It's safe to call __module_get() here because socket already
305 holds reference to this module. */
306 __module_get(THIS_MODULE);
307
308 mutex_unlock(&rfcomm_dev_lock);
309 return dev;
310
311out:
312 mutex_unlock(&rfcomm_dev_lock);
313 kfree(dev);
314 return ERR_PTR(err);
315}
316
317static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
318{
319 struct rfcomm_dev *dev;
320 struct device *tty;
321
322 BT_DBG("id %d channel %d", req->dev_id, req->channel);
323
324 dev = __rfcomm_dev_add(req, dlc);
325 if (IS_ERR(dev)) {
326 rfcomm_dlc_put(dlc);
327 return PTR_ERR(dev);
328 }
329
330 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
331 dev->id, NULL);
332 if (IS_ERR(tty)) {
333 tty_port_put(&dev->port);
334 return PTR_ERR(tty);
335 }
336
337 dev->tty_dev = tty;
338 rfcomm_reparent_device(dev);
339 dev_set_drvdata(dev->tty_dev, dev);
340
341 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
342 BT_ERR("Failed to create address attribute");
343
344 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
345 BT_ERR("Failed to create channel attribute");
346
347 return dev->id;
348}
349
350/* ---- Send buffer ---- */
351static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
352{
353 struct rfcomm_dlc *dlc = dev->dlc;
354
355 /* Limit the outstanding number of packets not yet sent to 40 */
356 int pending = 40 - atomic_read(&dev->wmem_alloc);
357
358 return max(0, pending) * dlc->mtu;
359}
360
361static void rfcomm_wfree(struct sk_buff *skb)
362{
363 struct rfcomm_dev *dev = (void *) skb->sk;
364 atomic_dec(&dev->wmem_alloc);
365 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
366 tty_port_tty_wakeup(&dev->port);
367 tty_port_put(&dev->port);
368}
369
370static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
371{
372 tty_port_get(&dev->port);
373 atomic_inc(&dev->wmem_alloc);
374 skb->sk = (void *) dev;
375 skb->destructor = rfcomm_wfree;
376}
377
378static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
379{
380 struct sk_buff *skb = alloc_skb(size, priority);
381 if (skb)
382 rfcomm_set_owner_w(skb, dev);
383 return skb;
384}
385
386/* ---- Device IOCTLs ---- */
387
388#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
389
390static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
391{
392 struct rfcomm_dev_req req;
393 struct rfcomm_dlc *dlc;
394 int id;
395
396 if (copy_from_user(&req, arg, sizeof(req)))
397 return -EFAULT;
398
399 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
400
401 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
402 return -EPERM;
403
404 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
405 /* Socket must be connected */
406 if (sk->sk_state != BT_CONNECTED)
407 return -EBADFD;
408
409 dlc = rfcomm_pi(sk)->dlc;
410 rfcomm_dlc_hold(dlc);
411 } else {
412 /* Validate the channel is unused */
413 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
414 if (IS_ERR(dlc))
415 return PTR_ERR(dlc);
416 else if (dlc) {
417 rfcomm_dlc_put(dlc);
418 return -EBUSY;
419 }
420 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
421 if (!dlc)
422 return -ENOMEM;
423 }
424
425 id = rfcomm_dev_add(&req, dlc);
426 if (id < 0)
427 return id;
428
429 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
430 /* DLC is now used by device.
431 * Socket must be disconnected */
432 sk->sk_state = BT_CLOSED;
433 }
434
435 return id;
436}
437
438static int __rfcomm_release_dev(void __user *arg)
439{
440 struct rfcomm_dev_req req;
441 struct rfcomm_dev *dev;
442 struct tty_struct *tty;
443
444 if (copy_from_user(&req, arg, sizeof(req)))
445 return -EFAULT;
446
447 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
448
449 dev = rfcomm_dev_get(req.dev_id);
450 if (!dev)
451 return -ENODEV;
452
453 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
454 tty_port_put(&dev->port);
455 return -EPERM;
456 }
457
458 /* only release once */
459 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
460 tty_port_put(&dev->port);
461 return -EALREADY;
462 }
463
464 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
465 rfcomm_dlc_close(dev->dlc, 0);
466
467 /* Shut down TTY synchronously before freeing rfcomm_dev */
468 tty = tty_port_tty_get(&dev->port);
469 if (tty) {
470 tty_vhangup(tty);
471 tty_kref_put(tty);
472 }
473
474 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
475 tty_port_put(&dev->port);
476
477 tty_port_put(&dev->port);
478 return 0;
479}
480
481static int rfcomm_create_dev(struct sock *sk, void __user *arg)
482{
483 int ret;
484
485 mutex_lock(&rfcomm_ioctl_mutex);
486 ret = __rfcomm_create_dev(sk, arg);
487 mutex_unlock(&rfcomm_ioctl_mutex);
488
489 return ret;
490}
491
492static int rfcomm_release_dev(void __user *arg)
493{
494 int ret;
495
496 mutex_lock(&rfcomm_ioctl_mutex);
497 ret = __rfcomm_release_dev(arg);
498 mutex_unlock(&rfcomm_ioctl_mutex);
499
500 return ret;
501}
502
503static int rfcomm_get_dev_list(void __user *arg)
504{
505 struct rfcomm_dev *dev;
506 struct rfcomm_dev_list_req *dl;
507 struct rfcomm_dev_info *di;
508 int n = 0, size, err;
509 u16 dev_num;
510
511 BT_DBG("");
512
513 if (get_user(dev_num, (u16 __user *) arg))
514 return -EFAULT;
515
516 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
517 return -EINVAL;
518
519 size = sizeof(*dl) + dev_num * sizeof(*di);
520
521 dl = kzalloc(size, GFP_KERNEL);
522 if (!dl)
523 return -ENOMEM;
524
525 di = dl->dev_info;
526
527 mutex_lock(&rfcomm_dev_lock);
528
529 list_for_each_entry(dev, &rfcomm_dev_list, list) {
530 if (!tty_port_get(&dev->port))
531 continue;
532 (di + n)->id = dev->id;
533 (di + n)->flags = dev->flags;
534 (di + n)->state = dev->dlc->state;
535 (di + n)->channel = dev->channel;
536 bacpy(&(di + n)->src, &dev->src);
537 bacpy(&(di + n)->dst, &dev->dst);
538 tty_port_put(&dev->port);
539 if (++n >= dev_num)
540 break;
541 }
542
543 mutex_unlock(&rfcomm_dev_lock);
544
545 dl->dev_num = n;
546 size = sizeof(*dl) + n * sizeof(*di);
547
548 err = copy_to_user(arg, dl, size);
549 kfree(dl);
550
551 return err ? -EFAULT : 0;
552}
553
554static int rfcomm_get_dev_info(void __user *arg)
555{
556 struct rfcomm_dev *dev;
557 struct rfcomm_dev_info di;
558 int err = 0;
559
560 BT_DBG("");
561
562 if (copy_from_user(&di, arg, sizeof(di)))
563 return -EFAULT;
564
565 dev = rfcomm_dev_get(di.id);
566 if (!dev)
567 return -ENODEV;
568
569 di.flags = dev->flags;
570 di.channel = dev->channel;
571 di.state = dev->dlc->state;
572 bacpy(&di.src, &dev->src);
573 bacpy(&di.dst, &dev->dst);
574
575 if (copy_to_user(arg, &di, sizeof(di)))
576 err = -EFAULT;
577
578 tty_port_put(&dev->port);
579 return err;
580}
581
582int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
583{
584 BT_DBG("cmd %d arg %p", cmd, arg);
585
586 switch (cmd) {
587 case RFCOMMCREATEDEV:
588 return rfcomm_create_dev(sk, arg);
589
590 case RFCOMMRELEASEDEV:
591 return rfcomm_release_dev(arg);
592
593 case RFCOMMGETDEVLIST:
594 return rfcomm_get_dev_list(arg);
595
596 case RFCOMMGETDEVINFO:
597 return rfcomm_get_dev_info(arg);
598 }
599
600 return -EINVAL;
601}
602
603/* ---- DLC callbacks ---- */
604static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
605{
606 struct rfcomm_dev *dev = dlc->owner;
607
608 if (!dev) {
609 kfree_skb(skb);
610 return;
611 }
612
613 if (!skb_queue_empty(&dev->pending)) {
614 skb_queue_tail(&dev->pending, skb);
615 return;
616 }
617
618 BT_DBG("dlc %p len %d", dlc, skb->len);
619
620 tty_insert_flip_string(&dev->port, skb->data, skb->len);
621 tty_flip_buffer_push(&dev->port);
622
623 kfree_skb(skb);
624}
625
626static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
627{
628 struct rfcomm_dev *dev = dlc->owner;
629 if (!dev)
630 return;
631
632 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
633
634 dev->err = err;
635 if (dlc->state == BT_CONNECTED) {
636 rfcomm_reparent_device(dev);
637
638 wake_up_interruptible(&dev->port.open_wait);
639 } else if (dlc->state == BT_CLOSED)
640 tty_port_tty_hangup(&dev->port, false);
641}
642
643static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
644{
645 struct rfcomm_dev *dev = dlc->owner;
646 if (!dev)
647 return;
648
649 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
650
651 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
652 tty_port_tty_hangup(&dev->port, true);
653
654 dev->modem_status =
655 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
656 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
657 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
658 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
659}
660
661/* ---- TTY functions ---- */
662static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
663{
664 struct sk_buff *skb;
665 int inserted = 0;
666
667 BT_DBG("dev %p", dev);
668
669 rfcomm_dlc_lock(dev->dlc);
670
671 while ((skb = skb_dequeue(&dev->pending))) {
672 inserted += tty_insert_flip_string(&dev->port, skb->data,
673 skb->len);
674 kfree_skb(skb);
675 }
676
677 rfcomm_dlc_unlock(dev->dlc);
678
679 if (inserted > 0)
680 tty_flip_buffer_push(&dev->port);
681}
682
683/* do the reverse of install, clearing the tty fields and releasing the
684 * reference to tty_port
685 */
686static void rfcomm_tty_cleanup(struct tty_struct *tty)
687{
688 struct rfcomm_dev *dev = tty->driver_data;
689
690 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
691
692 rfcomm_dlc_lock(dev->dlc);
693 tty->driver_data = NULL;
694 rfcomm_dlc_unlock(dev->dlc);
695
696 /*
697 * purge the dlc->tx_queue to avoid circular dependencies
698 * between dev and dlc
699 */
700 skb_queue_purge(&dev->dlc->tx_queue);
701
702 tty_port_put(&dev->port);
703}
704
705/* we acquire the tty_port reference since it's here the tty is first used
706 * by setting the termios. We also populate the driver_data field and install
707 * the tty port
708 */
709static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
710{
711 struct rfcomm_dev *dev;
712 struct rfcomm_dlc *dlc;
713 int err;
714
715 dev = rfcomm_dev_get(tty->index);
716 if (!dev)
717 return -ENODEV;
718
719 dlc = dev->dlc;
720
721 /* Attach TTY and open DLC */
722 rfcomm_dlc_lock(dlc);
723 tty->driver_data = dev;
724 rfcomm_dlc_unlock(dlc);
725 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
726
727 /* install the tty_port */
728 err = tty_port_install(&dev->port, driver, tty);
729 if (err) {
730 rfcomm_tty_cleanup(tty);
731 return err;
732 }
733
734 /* take over the tty_port reference if the port was created with the
735 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
736 * when the last process closes the tty. The behaviour is expected by
737 * userspace.
738 */
739 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
740 set_bit(RFCOMM_TTY_OWNED, &dev->status);
741 tty_port_put(&dev->port);
742 }
743
744 return 0;
745}
746
747static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
748{
749 struct rfcomm_dev *dev = tty->driver_data;
750 int err;
751
752 BT_DBG("tty %p id %d", tty, tty->index);
753
754 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
755 dev->channel, dev->port.count);
756
757 err = tty_port_open(&dev->port, tty, filp);
758 if (err)
759 return err;
760
761 /*
762 * FIXME: rfcomm should use proper flow control for
763 * received data. This hack will be unnecessary and can
764 * be removed when that's implemented
765 */
766 rfcomm_tty_copy_pending(dev);
767
768 rfcomm_dlc_unthrottle(dev->dlc);
769
770 return 0;
771}
772
773static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
774{
775 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
776
777 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
778 dev->port.count);
779
780 tty_port_close(&dev->port, tty, filp);
781}
782
783static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
784{
785 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
786 struct rfcomm_dlc *dlc = dev->dlc;
787 struct sk_buff *skb;
788 int sent = 0, size;
789
790 BT_DBG("tty %p count %d", tty, count);
791
792 while (count) {
793 size = min_t(uint, count, dlc->mtu);
794
795 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
796 if (!skb)
797 break;
798
799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
800
801 skb_put_data(skb, buf + sent, size);
802
803 rfcomm_dlc_send_noerror(dlc, skb);
804
805 sent += size;
806 count -= size;
807 }
808
809 return sent;
810}
811
812static int rfcomm_tty_write_room(struct tty_struct *tty)
813{
814 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
815 int room = 0;
816
817 if (dev && dev->dlc)
818 room = rfcomm_room(dev);
819
820 BT_DBG("tty %p room %d", tty, room);
821
822 return room;
823}
824
825static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
826{
827 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
828
829 switch (cmd) {
830 case TCGETS:
831 BT_DBG("TCGETS is not supported");
832 return -ENOIOCTLCMD;
833
834 case TCSETS:
835 BT_DBG("TCSETS is not supported");
836 return -ENOIOCTLCMD;
837
838 case TIOCMIWAIT:
839 BT_DBG("TIOCMIWAIT");
840 break;
841
842 case TIOCSERGETLSR:
843 BT_ERR("TIOCSERGETLSR is not supported");
844 return -ENOIOCTLCMD;
845
846 case TIOCSERCONFIG:
847 BT_ERR("TIOCSERCONFIG is not supported");
848 return -ENOIOCTLCMD;
849
850 default:
851 return -ENOIOCTLCMD; /* ioctls which we must ignore */
852
853 }
854
855 return -ENOIOCTLCMD;
856}
857
858static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
859{
860 struct ktermios *new = &tty->termios;
861 int old_baud_rate = tty_termios_baud_rate(old);
862 int new_baud_rate = tty_termios_baud_rate(new);
863
864 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
865 u16 changes = 0;
866
867 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
868
869 BT_DBG("tty %p termios %p", tty, old);
870
871 if (!dev || !dev->dlc || !dev->dlc->session)
872 return;
873
874 /* Handle turning off CRTSCTS */
875 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
876 BT_DBG("Turning off CRTSCTS unsupported");
877
878 /* Parity on/off and when on, odd/even */
879 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
880 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
881 changes |= RFCOMM_RPN_PM_PARITY;
882 BT_DBG("Parity change detected.");
883 }
884
885 /* Mark and space parity are not supported! */
886 if (new->c_cflag & PARENB) {
887 if (new->c_cflag & PARODD) {
888 BT_DBG("Parity is ODD");
889 parity = RFCOMM_RPN_PARITY_ODD;
890 } else {
891 BT_DBG("Parity is EVEN");
892 parity = RFCOMM_RPN_PARITY_EVEN;
893 }
894 } else {
895 BT_DBG("Parity is OFF");
896 parity = RFCOMM_RPN_PARITY_NONE;
897 }
898
899 /* Setting the x_on / x_off characters */
900 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
901 BT_DBG("XOFF custom");
902 x_on = new->c_cc[VSTOP];
903 changes |= RFCOMM_RPN_PM_XON;
904 } else {
905 BT_DBG("XOFF default");
906 x_on = RFCOMM_RPN_XON_CHAR;
907 }
908
909 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
910 BT_DBG("XON custom");
911 x_off = new->c_cc[VSTART];
912 changes |= RFCOMM_RPN_PM_XOFF;
913 } else {
914 BT_DBG("XON default");
915 x_off = RFCOMM_RPN_XOFF_CHAR;
916 }
917
918 /* Handle setting of stop bits */
919 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
920 changes |= RFCOMM_RPN_PM_STOP;
921
922 /* POSIX does not support 1.5 stop bits and RFCOMM does not
923 * support 2 stop bits. So a request for 2 stop bits gets
924 * translated to 1.5 stop bits */
925 if (new->c_cflag & CSTOPB)
926 stop_bits = RFCOMM_RPN_STOP_15;
927 else
928 stop_bits = RFCOMM_RPN_STOP_1;
929
930 /* Handle number of data bits [5-8] */
931 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
932 changes |= RFCOMM_RPN_PM_DATA;
933
934 switch (new->c_cflag & CSIZE) {
935 case CS5:
936 data_bits = RFCOMM_RPN_DATA_5;
937 break;
938 case CS6:
939 data_bits = RFCOMM_RPN_DATA_6;
940 break;
941 case CS7:
942 data_bits = RFCOMM_RPN_DATA_7;
943 break;
944 case CS8:
945 data_bits = RFCOMM_RPN_DATA_8;
946 break;
947 default:
948 data_bits = RFCOMM_RPN_DATA_8;
949 break;
950 }
951
952 /* Handle baudrate settings */
953 if (old_baud_rate != new_baud_rate)
954 changes |= RFCOMM_RPN_PM_BITRATE;
955
956 switch (new_baud_rate) {
957 case 2400:
958 baud = RFCOMM_RPN_BR_2400;
959 break;
960 case 4800:
961 baud = RFCOMM_RPN_BR_4800;
962 break;
963 case 7200:
964 baud = RFCOMM_RPN_BR_7200;
965 break;
966 case 9600:
967 baud = RFCOMM_RPN_BR_9600;
968 break;
969 case 19200:
970 baud = RFCOMM_RPN_BR_19200;
971 break;
972 case 38400:
973 baud = RFCOMM_RPN_BR_38400;
974 break;
975 case 57600:
976 baud = RFCOMM_RPN_BR_57600;
977 break;
978 case 115200:
979 baud = RFCOMM_RPN_BR_115200;
980 break;
981 case 230400:
982 baud = RFCOMM_RPN_BR_230400;
983 break;
984 default:
985 /* 9600 is standard accordinag to the RFCOMM specification */
986 baud = RFCOMM_RPN_BR_9600;
987 break;
988
989 }
990
991 if (changes)
992 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
993 data_bits, stop_bits, parity,
994 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
995}
996
997static void rfcomm_tty_throttle(struct tty_struct *tty)
998{
999 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1000
1001 BT_DBG("tty %p dev %p", tty, dev);
1002
1003 rfcomm_dlc_throttle(dev->dlc);
1004}
1005
1006static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1007{
1008 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1009
1010 BT_DBG("tty %p dev %p", tty, dev);
1011
1012 rfcomm_dlc_unthrottle(dev->dlc);
1013}
1014
1015static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1016{
1017 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019 BT_DBG("tty %p dev %p", tty, dev);
1020
1021 if (!dev || !dev->dlc)
1022 return 0;
1023
1024 if (!skb_queue_empty(&dev->dlc->tx_queue))
1025 return dev->dlc->mtu;
1026
1027 return 0;
1028}
1029
1030static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1031{
1032 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1033
1034 BT_DBG("tty %p dev %p", tty, dev);
1035
1036 if (!dev || !dev->dlc)
1037 return;
1038
1039 skb_queue_purge(&dev->dlc->tx_queue);
1040 tty_wakeup(tty);
1041}
1042
1043static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1044{
1045 BT_DBG("tty %p ch %c", tty, ch);
1046}
1047
1048static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1049{
1050 BT_DBG("tty %p timeout %d", tty, timeout);
1051}
1052
1053static void rfcomm_tty_hangup(struct tty_struct *tty)
1054{
1055 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1056
1057 BT_DBG("tty %p dev %p", tty, dev);
1058
1059 tty_port_hangup(&dev->port);
1060}
1061
1062static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1063{
1064 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1065
1066 BT_DBG("tty %p dev %p", tty, dev);
1067
1068 return dev->modem_status;
1069}
1070
1071static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1072{
1073 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1074 struct rfcomm_dlc *dlc = dev->dlc;
1075 u8 v24_sig;
1076
1077 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1078
1079 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1080
1081 if (set & TIOCM_DSR || set & TIOCM_DTR)
1082 v24_sig |= RFCOMM_V24_RTC;
1083 if (set & TIOCM_RTS || set & TIOCM_CTS)
1084 v24_sig |= RFCOMM_V24_RTR;
1085 if (set & TIOCM_RI)
1086 v24_sig |= RFCOMM_V24_IC;
1087 if (set & TIOCM_CD)
1088 v24_sig |= RFCOMM_V24_DV;
1089
1090 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1091 v24_sig &= ~RFCOMM_V24_RTC;
1092 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1093 v24_sig &= ~RFCOMM_V24_RTR;
1094 if (clear & TIOCM_RI)
1095 v24_sig &= ~RFCOMM_V24_IC;
1096 if (clear & TIOCM_CD)
1097 v24_sig &= ~RFCOMM_V24_DV;
1098
1099 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1100
1101 return 0;
1102}
1103
1104/* ---- TTY structure ---- */
1105
1106static const struct tty_operations rfcomm_ops = {
1107 .open = rfcomm_tty_open,
1108 .close = rfcomm_tty_close,
1109 .write = rfcomm_tty_write,
1110 .write_room = rfcomm_tty_write_room,
1111 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1112 .flush_buffer = rfcomm_tty_flush_buffer,
1113 .ioctl = rfcomm_tty_ioctl,
1114 .throttle = rfcomm_tty_throttle,
1115 .unthrottle = rfcomm_tty_unthrottle,
1116 .set_termios = rfcomm_tty_set_termios,
1117 .send_xchar = rfcomm_tty_send_xchar,
1118 .hangup = rfcomm_tty_hangup,
1119 .wait_until_sent = rfcomm_tty_wait_until_sent,
1120 .tiocmget = rfcomm_tty_tiocmget,
1121 .tiocmset = rfcomm_tty_tiocmset,
1122 .install = rfcomm_tty_install,
1123 .cleanup = rfcomm_tty_cleanup,
1124};
1125
1126int __init rfcomm_init_ttys(void)
1127{
1128 int error;
1129
1130 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1131 if (!rfcomm_tty_driver)
1132 return -ENOMEM;
1133
1134 rfcomm_tty_driver->driver_name = "rfcomm";
1135 rfcomm_tty_driver->name = "rfcomm";
1136 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1137 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1138 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1139 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1140 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1141 rfcomm_tty_driver->init_termios = tty_std_termios;
1142 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1143 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1144 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1145
1146 error = tty_register_driver(rfcomm_tty_driver);
1147 if (error) {
1148 BT_ERR("Can't register RFCOMM TTY driver");
1149 put_tty_driver(rfcomm_tty_driver);
1150 return error;
1151 }
1152
1153 BT_INFO("RFCOMM TTY layer initialized");
1154
1155 return 0;
1156}
1157
1158void rfcomm_cleanup_ttys(void)
1159{
1160 tty_unregister_driver(rfcomm_tty_driver);
1161 put_tty_driver(rfcomm_tty_driver);
1162}
1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 */
27
28#include <linux/module.h>
29
30#include <linux/tty.h>
31#include <linux/tty_driver.h>
32#include <linux/tty_flip.h>
33
34#include <linux/capability.h>
35#include <linux/slab.h>
36#include <linux/skbuff.h>
37
38#include <net/bluetooth/bluetooth.h>
39#include <net/bluetooth/hci_core.h>
40#include <net/bluetooth/rfcomm.h>
41
42#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
43#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
44#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
45#define RFCOMM_TTY_MINOR 0
46
47static struct tty_driver *rfcomm_tty_driver;
48
49struct rfcomm_dev {
50 struct list_head list;
51 atomic_t refcnt;
52
53 char name[12];
54 int id;
55 unsigned long flags;
56 atomic_t opened;
57 int err;
58
59 bdaddr_t src;
60 bdaddr_t dst;
61 u8 channel;
62
63 uint modem_status;
64
65 struct rfcomm_dlc *dlc;
66 struct tty_struct *tty;
67 wait_queue_head_t wait;
68 struct tasklet_struct wakeup_task;
69
70 struct device *tty_dev;
71
72 atomic_t wmem_alloc;
73
74 struct sk_buff_head pending;
75};
76
77static LIST_HEAD(rfcomm_dev_list);
78static DEFINE_RWLOCK(rfcomm_dev_lock);
79
80static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
81static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
82static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
83
84static void rfcomm_tty_wakeup(unsigned long arg);
85
86/* ---- Device functions ---- */
87static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
88{
89 struct rfcomm_dlc *dlc = dev->dlc;
90
91 BT_DBG("dev %p dlc %p", dev, dlc);
92
93 /* Refcount should only hit zero when called from rfcomm_dev_del()
94 which will have taken us off the list. Everything else are
95 refcounting bugs. */
96 BUG_ON(!list_empty(&dev->list));
97
98 rfcomm_dlc_lock(dlc);
99 /* Detach DLC if it's owned by this dev */
100 if (dlc->owner == dev)
101 dlc->owner = NULL;
102 rfcomm_dlc_unlock(dlc);
103
104 rfcomm_dlc_put(dlc);
105
106 tty_unregister_device(rfcomm_tty_driver, dev->id);
107
108 kfree(dev);
109
110 /* It's safe to call module_put() here because socket still
111 holds reference to this module. */
112 module_put(THIS_MODULE);
113}
114
115static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
116{
117 atomic_inc(&dev->refcnt);
118}
119
120static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
121{
122 /* The reason this isn't actually a race, as you no
123 doubt have a little voice screaming at you in your
124 head, is that the refcount should never actually
125 reach zero unless the device has already been taken
126 off the list, in rfcomm_dev_del(). And if that's not
127 true, we'll hit the BUG() in rfcomm_dev_destruct()
128 anyway. */
129 if (atomic_dec_and_test(&dev->refcnt))
130 rfcomm_dev_destruct(dev);
131}
132
133static struct rfcomm_dev *__rfcomm_dev_get(int id)
134{
135 struct rfcomm_dev *dev;
136 struct list_head *p;
137
138 list_for_each(p, &rfcomm_dev_list) {
139 dev = list_entry(p, struct rfcomm_dev, list);
140 if (dev->id == id)
141 return dev;
142 }
143
144 return NULL;
145}
146
147static inline struct rfcomm_dev *rfcomm_dev_get(int id)
148{
149 struct rfcomm_dev *dev;
150
151 read_lock(&rfcomm_dev_lock);
152
153 dev = __rfcomm_dev_get(id);
154
155 if (dev) {
156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
157 dev = NULL;
158 else
159 rfcomm_dev_hold(dev);
160 }
161
162 read_unlock(&rfcomm_dev_lock);
163
164 return dev;
165}
166
167static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
168{
169 struct hci_dev *hdev;
170 struct hci_conn *conn;
171
172 hdev = hci_get_route(&dev->dst, &dev->src);
173 if (!hdev)
174 return NULL;
175
176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
177
178 hci_dev_put(hdev);
179
180 return conn ? &conn->dev : NULL;
181}
182
183static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
184{
185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
186 return sprintf(buf, "%s\n", batostr(&dev->dst));
187}
188
189static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
190{
191 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
192 return sprintf(buf, "%d\n", dev->channel);
193}
194
195static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
196static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
197
198static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
199{
200 struct rfcomm_dev *dev;
201 struct list_head *head = &rfcomm_dev_list, *p;
202 int err = 0;
203
204 BT_DBG("id %d channel %d", req->dev_id, req->channel);
205
206 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
207 if (!dev)
208 return -ENOMEM;
209
210 write_lock_bh(&rfcomm_dev_lock);
211
212 if (req->dev_id < 0) {
213 dev->id = 0;
214
215 list_for_each(p, &rfcomm_dev_list) {
216 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
217 break;
218
219 dev->id++;
220 head = p;
221 }
222 } else {
223 dev->id = req->dev_id;
224
225 list_for_each(p, &rfcomm_dev_list) {
226 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
227
228 if (entry->id == dev->id) {
229 err = -EADDRINUSE;
230 goto out;
231 }
232
233 if (entry->id > dev->id - 1)
234 break;
235
236 head = p;
237 }
238 }
239
240 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
241 err = -ENFILE;
242 goto out;
243 }
244
245 sprintf(dev->name, "rfcomm%d", dev->id);
246
247 list_add(&dev->list, head);
248 atomic_set(&dev->refcnt, 1);
249
250 bacpy(&dev->src, &req->src);
251 bacpy(&dev->dst, &req->dst);
252 dev->channel = req->channel;
253
254 dev->flags = req->flags &
255 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
256
257 atomic_set(&dev->opened, 0);
258
259 init_waitqueue_head(&dev->wait);
260 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
261
262 skb_queue_head_init(&dev->pending);
263
264 rfcomm_dlc_lock(dlc);
265
266 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
267 struct sock *sk = dlc->owner;
268 struct sk_buff *skb;
269
270 BUG_ON(!sk);
271
272 rfcomm_dlc_throttle(dlc);
273
274 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
275 skb_orphan(skb);
276 skb_queue_tail(&dev->pending, skb);
277 atomic_sub(skb->len, &sk->sk_rmem_alloc);
278 }
279 }
280
281 dlc->data_ready = rfcomm_dev_data_ready;
282 dlc->state_change = rfcomm_dev_state_change;
283 dlc->modem_status = rfcomm_dev_modem_status;
284
285 dlc->owner = dev;
286 dev->dlc = dlc;
287
288 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
289
290 rfcomm_dlc_unlock(dlc);
291
292 /* It's safe to call __module_get() here because socket already
293 holds reference to this module. */
294 __module_get(THIS_MODULE);
295
296out:
297 write_unlock_bh(&rfcomm_dev_lock);
298
299 if (err < 0)
300 goto free;
301
302 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
303
304 if (IS_ERR(dev->tty_dev)) {
305 err = PTR_ERR(dev->tty_dev);
306 list_del(&dev->list);
307 goto free;
308 }
309
310 dev_set_drvdata(dev->tty_dev, dev);
311
312 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
313 BT_ERR("Failed to create address attribute");
314
315 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
316 BT_ERR("Failed to create channel attribute");
317
318 return dev->id;
319
320free:
321 kfree(dev);
322 return err;
323}
324
325static void rfcomm_dev_del(struct rfcomm_dev *dev)
326{
327 BT_DBG("dev %p", dev);
328
329 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
330
331 if (atomic_read(&dev->opened) > 0)
332 return;
333
334 write_lock_bh(&rfcomm_dev_lock);
335 list_del_init(&dev->list);
336 write_unlock_bh(&rfcomm_dev_lock);
337
338 rfcomm_dev_put(dev);
339}
340
341/* ---- Send buffer ---- */
342static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
343{
344 /* We can't let it be zero, because we don't get a callback
345 when tx_credits becomes nonzero, hence we'd never wake up */
346 return dlc->mtu * (dlc->tx_credits?:1);
347}
348
349static void rfcomm_wfree(struct sk_buff *skb)
350{
351 struct rfcomm_dev *dev = (void *) skb->sk;
352 atomic_sub(skb->truesize, &dev->wmem_alloc);
353 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
354 tasklet_schedule(&dev->wakeup_task);
355 rfcomm_dev_put(dev);
356}
357
358static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
359{
360 rfcomm_dev_hold(dev);
361 atomic_add(skb->truesize, &dev->wmem_alloc);
362 skb->sk = (void *) dev;
363 skb->destructor = rfcomm_wfree;
364}
365
366static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
367{
368 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
369 struct sk_buff *skb = alloc_skb(size, priority);
370 if (skb) {
371 rfcomm_set_owner_w(skb, dev);
372 return skb;
373 }
374 }
375 return NULL;
376}
377
378/* ---- Device IOCTLs ---- */
379
380#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
381
382static int rfcomm_create_dev(struct sock *sk, void __user *arg)
383{
384 struct rfcomm_dev_req req;
385 struct rfcomm_dlc *dlc;
386 int id;
387
388 if (copy_from_user(&req, arg, sizeof(req)))
389 return -EFAULT;
390
391 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
392
393 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
394 return -EPERM;
395
396 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
397 /* Socket must be connected */
398 if (sk->sk_state != BT_CONNECTED)
399 return -EBADFD;
400
401 dlc = rfcomm_pi(sk)->dlc;
402 rfcomm_dlc_hold(dlc);
403 } else {
404 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
405 if (!dlc)
406 return -ENOMEM;
407 }
408
409 id = rfcomm_dev_add(&req, dlc);
410 if (id < 0) {
411 rfcomm_dlc_put(dlc);
412 return id;
413 }
414
415 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
416 /* DLC is now used by device.
417 * Socket must be disconnected */
418 sk->sk_state = BT_CLOSED;
419 }
420
421 return id;
422}
423
424static int rfcomm_release_dev(void __user *arg)
425{
426 struct rfcomm_dev_req req;
427 struct rfcomm_dev *dev;
428
429 if (copy_from_user(&req, arg, sizeof(req)))
430 return -EFAULT;
431
432 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
433
434 dev = rfcomm_dev_get(req.dev_id);
435 if (!dev)
436 return -ENODEV;
437
438 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
439 rfcomm_dev_put(dev);
440 return -EPERM;
441 }
442
443 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
444 rfcomm_dlc_close(dev->dlc, 0);
445
446 /* Shut down TTY synchronously before freeing rfcomm_dev */
447 if (dev->tty)
448 tty_vhangup(dev->tty);
449
450 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
451 rfcomm_dev_del(dev);
452 rfcomm_dev_put(dev);
453 return 0;
454}
455
456static int rfcomm_get_dev_list(void __user *arg)
457{
458 struct rfcomm_dev_list_req *dl;
459 struct rfcomm_dev_info *di;
460 struct list_head *p;
461 int n = 0, size, err;
462 u16 dev_num;
463
464 BT_DBG("");
465
466 if (get_user(dev_num, (u16 __user *) arg))
467 return -EFAULT;
468
469 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
470 return -EINVAL;
471
472 size = sizeof(*dl) + dev_num * sizeof(*di);
473
474 dl = kmalloc(size, GFP_KERNEL);
475 if (!dl)
476 return -ENOMEM;
477
478 di = dl->dev_info;
479
480 read_lock_bh(&rfcomm_dev_lock);
481
482 list_for_each(p, &rfcomm_dev_list) {
483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
485 continue;
486 (di + n)->id = dev->id;
487 (di + n)->flags = dev->flags;
488 (di + n)->state = dev->dlc->state;
489 (di + n)->channel = dev->channel;
490 bacpy(&(di + n)->src, &dev->src);
491 bacpy(&(di + n)->dst, &dev->dst);
492 if (++n >= dev_num)
493 break;
494 }
495
496 read_unlock_bh(&rfcomm_dev_lock);
497
498 dl->dev_num = n;
499 size = sizeof(*dl) + n * sizeof(*di);
500
501 err = copy_to_user(arg, dl, size);
502 kfree(dl);
503
504 return err ? -EFAULT : 0;
505}
506
507static int rfcomm_get_dev_info(void __user *arg)
508{
509 struct rfcomm_dev *dev;
510 struct rfcomm_dev_info di;
511 int err = 0;
512
513 BT_DBG("");
514
515 if (copy_from_user(&di, arg, sizeof(di)))
516 return -EFAULT;
517
518 dev = rfcomm_dev_get(di.id);
519 if (!dev)
520 return -ENODEV;
521
522 di.flags = dev->flags;
523 di.channel = dev->channel;
524 di.state = dev->dlc->state;
525 bacpy(&di.src, &dev->src);
526 bacpy(&di.dst, &dev->dst);
527
528 if (copy_to_user(arg, &di, sizeof(di)))
529 err = -EFAULT;
530
531 rfcomm_dev_put(dev);
532 return err;
533}
534
535int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
536{
537 BT_DBG("cmd %d arg %p", cmd, arg);
538
539 switch (cmd) {
540 case RFCOMMCREATEDEV:
541 return rfcomm_create_dev(sk, arg);
542
543 case RFCOMMRELEASEDEV:
544 return rfcomm_release_dev(arg);
545
546 case RFCOMMGETDEVLIST:
547 return rfcomm_get_dev_list(arg);
548
549 case RFCOMMGETDEVINFO:
550 return rfcomm_get_dev_info(arg);
551 }
552
553 return -EINVAL;
554}
555
556/* ---- DLC callbacks ---- */
557static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
558{
559 struct rfcomm_dev *dev = dlc->owner;
560 struct tty_struct *tty;
561
562 if (!dev) {
563 kfree_skb(skb);
564 return;
565 }
566
567 tty = dev->tty;
568 if (!tty || !skb_queue_empty(&dev->pending)) {
569 skb_queue_tail(&dev->pending, skb);
570 return;
571 }
572
573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
574
575 tty_insert_flip_string(tty, skb->data, skb->len);
576 tty_flip_buffer_push(tty);
577
578 kfree_skb(skb);
579}
580
581static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
582{
583 struct rfcomm_dev *dev = dlc->owner;
584 if (!dev)
585 return;
586
587 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
588
589 dev->err = err;
590 wake_up_interruptible(&dev->wait);
591
592 if (dlc->state == BT_CLOSED) {
593 if (!dev->tty) {
594 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
595 /* Drop DLC lock here to avoid deadlock
596 * 1. rfcomm_dev_get will take rfcomm_dev_lock
597 * but in rfcomm_dev_add there's lock order:
598 * rfcomm_dev_lock -> dlc lock
599 * 2. rfcomm_dev_put will deadlock if it's
600 * the last reference
601 */
602 rfcomm_dlc_unlock(dlc);
603 if (rfcomm_dev_get(dev->id) == NULL) {
604 rfcomm_dlc_lock(dlc);
605 return;
606 }
607
608 rfcomm_dev_del(dev);
609 rfcomm_dev_put(dev);
610 rfcomm_dlc_lock(dlc);
611 }
612 } else
613 tty_hangup(dev->tty);
614 }
615}
616
617static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
618{
619 struct rfcomm_dev *dev = dlc->owner;
620 if (!dev)
621 return;
622
623 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
624
625 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
626 if (dev->tty && !C_CLOCAL(dev->tty))
627 tty_hangup(dev->tty);
628 }
629
630 dev->modem_status =
631 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
632 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
633 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
634 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
635}
636
637/* ---- TTY functions ---- */
638static void rfcomm_tty_wakeup(unsigned long arg)
639{
640 struct rfcomm_dev *dev = (void *) arg;
641 struct tty_struct *tty = dev->tty;
642 if (!tty)
643 return;
644
645 BT_DBG("dev %p tty %p", dev, tty);
646 tty_wakeup(tty);
647}
648
649static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
650{
651 struct tty_struct *tty = dev->tty;
652 struct sk_buff *skb;
653 int inserted = 0;
654
655 if (!tty)
656 return;
657
658 BT_DBG("dev %p tty %p", dev, tty);
659
660 rfcomm_dlc_lock(dev->dlc);
661
662 while ((skb = skb_dequeue(&dev->pending))) {
663 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
664 kfree_skb(skb);
665 }
666
667 rfcomm_dlc_unlock(dev->dlc);
668
669 if (inserted > 0)
670 tty_flip_buffer_push(tty);
671}
672
673static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
674{
675 DECLARE_WAITQUEUE(wait, current);
676 struct rfcomm_dev *dev;
677 struct rfcomm_dlc *dlc;
678 int err, id;
679
680 id = tty->index;
681
682 BT_DBG("tty %p id %d", tty, id);
683
684 /* We don't leak this refcount. For reasons which are not entirely
685 clear, the TTY layer will call our ->close() method even if the
686 open fails. We decrease the refcount there, and decreasing it
687 here too would cause breakage. */
688 dev = rfcomm_dev_get(id);
689 if (!dev)
690 return -ENODEV;
691
692 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
693 dev->channel, atomic_read(&dev->opened));
694
695 if (atomic_inc_return(&dev->opened) > 1)
696 return 0;
697
698 dlc = dev->dlc;
699
700 /* Attach TTY and open DLC */
701
702 rfcomm_dlc_lock(dlc);
703 tty->driver_data = dev;
704 dev->tty = tty;
705 rfcomm_dlc_unlock(dlc);
706 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
707
708 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
709 if (err < 0)
710 return err;
711
712 /* Wait for DLC to connect */
713 add_wait_queue(&dev->wait, &wait);
714 while (1) {
715 set_current_state(TASK_INTERRUPTIBLE);
716
717 if (dlc->state == BT_CLOSED) {
718 err = -dev->err;
719 break;
720 }
721
722 if (dlc->state == BT_CONNECTED)
723 break;
724
725 if (signal_pending(current)) {
726 err = -EINTR;
727 break;
728 }
729
730 tty_unlock();
731 schedule();
732 tty_lock();
733 }
734 set_current_state(TASK_RUNNING);
735 remove_wait_queue(&dev->wait, &wait);
736
737 if (err == 0)
738 device_move(dev->tty_dev, rfcomm_get_device(dev),
739 DPM_ORDER_DEV_AFTER_PARENT);
740
741 rfcomm_tty_copy_pending(dev);
742
743 rfcomm_dlc_unthrottle(dev->dlc);
744
745 return err;
746}
747
748static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
749{
750 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
751 if (!dev)
752 return;
753
754 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
755 atomic_read(&dev->opened));
756
757 if (atomic_dec_and_test(&dev->opened)) {
758 if (dev->tty_dev->parent)
759 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
760
761 /* Close DLC and dettach TTY */
762 rfcomm_dlc_close(dev->dlc, 0);
763
764 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
765 tasklet_kill(&dev->wakeup_task);
766
767 rfcomm_dlc_lock(dev->dlc);
768 tty->driver_data = NULL;
769 dev->tty = NULL;
770 rfcomm_dlc_unlock(dev->dlc);
771
772 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
773 write_lock_bh(&rfcomm_dev_lock);
774 list_del_init(&dev->list);
775 write_unlock_bh(&rfcomm_dev_lock);
776
777 rfcomm_dev_put(dev);
778 }
779 }
780
781 rfcomm_dev_put(dev);
782}
783
784static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
785{
786 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
787 struct rfcomm_dlc *dlc = dev->dlc;
788 struct sk_buff *skb;
789 int err = 0, sent = 0, size;
790
791 BT_DBG("tty %p count %d", tty, count);
792
793 while (count) {
794 size = min_t(uint, count, dlc->mtu);
795
796 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
797
798 if (!skb)
799 break;
800
801 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
802
803 memcpy(skb_put(skb, size), buf + sent, size);
804
805 err = rfcomm_dlc_send(dlc, skb);
806 if (err < 0) {
807 kfree_skb(skb);
808 break;
809 }
810
811 sent += size;
812 count -= size;
813 }
814
815 return sent ? sent : err;
816}
817
818static int rfcomm_tty_write_room(struct tty_struct *tty)
819{
820 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
821 int room;
822
823 BT_DBG("tty %p", tty);
824
825 if (!dev || !dev->dlc)
826 return 0;
827
828 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
829 if (room < 0)
830 room = 0;
831
832 return room;
833}
834
835static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
836{
837 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
838
839 switch (cmd) {
840 case TCGETS:
841 BT_DBG("TCGETS is not supported");
842 return -ENOIOCTLCMD;
843
844 case TCSETS:
845 BT_DBG("TCSETS is not supported");
846 return -ENOIOCTLCMD;
847
848 case TIOCMIWAIT:
849 BT_DBG("TIOCMIWAIT");
850 break;
851
852 case TIOCGSERIAL:
853 BT_ERR("TIOCGSERIAL is not supported");
854 return -ENOIOCTLCMD;
855
856 case TIOCSSERIAL:
857 BT_ERR("TIOCSSERIAL is not supported");
858 return -ENOIOCTLCMD;
859
860 case TIOCSERGSTRUCT:
861 BT_ERR("TIOCSERGSTRUCT is not supported");
862 return -ENOIOCTLCMD;
863
864 case TIOCSERGETLSR:
865 BT_ERR("TIOCSERGETLSR is not supported");
866 return -ENOIOCTLCMD;
867
868 case TIOCSERCONFIG:
869 BT_ERR("TIOCSERCONFIG is not supported");
870 return -ENOIOCTLCMD;
871
872 default:
873 return -ENOIOCTLCMD; /* ioctls which we must ignore */
874
875 }
876
877 return -ENOIOCTLCMD;
878}
879
880static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
881{
882 struct ktermios *new = tty->termios;
883 int old_baud_rate = tty_termios_baud_rate(old);
884 int new_baud_rate = tty_termios_baud_rate(new);
885
886 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
887 u16 changes = 0;
888
889 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
890
891 BT_DBG("tty %p termios %p", tty, old);
892
893 if (!dev || !dev->dlc || !dev->dlc->session)
894 return;
895
896 /* Handle turning off CRTSCTS */
897 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
898 BT_DBG("Turning off CRTSCTS unsupported");
899
900 /* Parity on/off and when on, odd/even */
901 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
902 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
903 changes |= RFCOMM_RPN_PM_PARITY;
904 BT_DBG("Parity change detected.");
905 }
906
907 /* Mark and space parity are not supported! */
908 if (new->c_cflag & PARENB) {
909 if (new->c_cflag & PARODD) {
910 BT_DBG("Parity is ODD");
911 parity = RFCOMM_RPN_PARITY_ODD;
912 } else {
913 BT_DBG("Parity is EVEN");
914 parity = RFCOMM_RPN_PARITY_EVEN;
915 }
916 } else {
917 BT_DBG("Parity is OFF");
918 parity = RFCOMM_RPN_PARITY_NONE;
919 }
920
921 /* Setting the x_on / x_off characters */
922 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
923 BT_DBG("XOFF custom");
924 x_on = new->c_cc[VSTOP];
925 changes |= RFCOMM_RPN_PM_XON;
926 } else {
927 BT_DBG("XOFF default");
928 x_on = RFCOMM_RPN_XON_CHAR;
929 }
930
931 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
932 BT_DBG("XON custom");
933 x_off = new->c_cc[VSTART];
934 changes |= RFCOMM_RPN_PM_XOFF;
935 } else {
936 BT_DBG("XON default");
937 x_off = RFCOMM_RPN_XOFF_CHAR;
938 }
939
940 /* Handle setting of stop bits */
941 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
942 changes |= RFCOMM_RPN_PM_STOP;
943
944 /* POSIX does not support 1.5 stop bits and RFCOMM does not
945 * support 2 stop bits. So a request for 2 stop bits gets
946 * translated to 1.5 stop bits */
947 if (new->c_cflag & CSTOPB)
948 stop_bits = RFCOMM_RPN_STOP_15;
949 else
950 stop_bits = RFCOMM_RPN_STOP_1;
951
952 /* Handle number of data bits [5-8] */
953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
954 changes |= RFCOMM_RPN_PM_DATA;
955
956 switch (new->c_cflag & CSIZE) {
957 case CS5:
958 data_bits = RFCOMM_RPN_DATA_5;
959 break;
960 case CS6:
961 data_bits = RFCOMM_RPN_DATA_6;
962 break;
963 case CS7:
964 data_bits = RFCOMM_RPN_DATA_7;
965 break;
966 case CS8:
967 data_bits = RFCOMM_RPN_DATA_8;
968 break;
969 default:
970 data_bits = RFCOMM_RPN_DATA_8;
971 break;
972 }
973
974 /* Handle baudrate settings */
975 if (old_baud_rate != new_baud_rate)
976 changes |= RFCOMM_RPN_PM_BITRATE;
977
978 switch (new_baud_rate) {
979 case 2400:
980 baud = RFCOMM_RPN_BR_2400;
981 break;
982 case 4800:
983 baud = RFCOMM_RPN_BR_4800;
984 break;
985 case 7200:
986 baud = RFCOMM_RPN_BR_7200;
987 break;
988 case 9600:
989 baud = RFCOMM_RPN_BR_9600;
990 break;
991 case 19200:
992 baud = RFCOMM_RPN_BR_19200;
993 break;
994 case 38400:
995 baud = RFCOMM_RPN_BR_38400;
996 break;
997 case 57600:
998 baud = RFCOMM_RPN_BR_57600;
999 break;
1000 case 115200:
1001 baud = RFCOMM_RPN_BR_115200;
1002 break;
1003 case 230400:
1004 baud = RFCOMM_RPN_BR_230400;
1005 break;
1006 default:
1007 /* 9600 is standard accordinag to the RFCOMM specification */
1008 baud = RFCOMM_RPN_BR_9600;
1009 break;
1010
1011 }
1012
1013 if (changes)
1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1015 data_bits, stop_bits, parity,
1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1017}
1018
1019static void rfcomm_tty_throttle(struct tty_struct *tty)
1020{
1021 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1022
1023 BT_DBG("tty %p dev %p", tty, dev);
1024
1025 rfcomm_dlc_throttle(dev->dlc);
1026}
1027
1028static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1029{
1030 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1031
1032 BT_DBG("tty %p dev %p", tty, dev);
1033
1034 rfcomm_dlc_unthrottle(dev->dlc);
1035}
1036
1037static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1038{
1039 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1040
1041 BT_DBG("tty %p dev %p", tty, dev);
1042
1043 if (!dev || !dev->dlc)
1044 return 0;
1045
1046 if (!skb_queue_empty(&dev->dlc->tx_queue))
1047 return dev->dlc->mtu;
1048
1049 return 0;
1050}
1051
1052static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1053{
1054 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1055
1056 BT_DBG("tty %p dev %p", tty, dev);
1057
1058 if (!dev || !dev->dlc)
1059 return;
1060
1061 skb_queue_purge(&dev->dlc->tx_queue);
1062 tty_wakeup(tty);
1063}
1064
1065static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1066{
1067 BT_DBG("tty %p ch %c", tty, ch);
1068}
1069
1070static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1071{
1072 BT_DBG("tty %p timeout %d", tty, timeout);
1073}
1074
1075static void rfcomm_tty_hangup(struct tty_struct *tty)
1076{
1077 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1078
1079 BT_DBG("tty %p dev %p", tty, dev);
1080
1081 if (!dev)
1082 return;
1083
1084 rfcomm_tty_flush_buffer(tty);
1085
1086 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1087 if (rfcomm_dev_get(dev->id) == NULL)
1088 return;
1089 rfcomm_dev_del(dev);
1090 rfcomm_dev_put(dev);
1091 }
1092}
1093
1094static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1095{
1096 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1097
1098 BT_DBG("tty %p dev %p", tty, dev);
1099
1100 return dev->modem_status;
1101}
1102
1103static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1104{
1105 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1106 struct rfcomm_dlc *dlc = dev->dlc;
1107 u8 v24_sig;
1108
1109 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1110
1111 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1112
1113 if (set & TIOCM_DSR || set & TIOCM_DTR)
1114 v24_sig |= RFCOMM_V24_RTC;
1115 if (set & TIOCM_RTS || set & TIOCM_CTS)
1116 v24_sig |= RFCOMM_V24_RTR;
1117 if (set & TIOCM_RI)
1118 v24_sig |= RFCOMM_V24_IC;
1119 if (set & TIOCM_CD)
1120 v24_sig |= RFCOMM_V24_DV;
1121
1122 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1123 v24_sig &= ~RFCOMM_V24_RTC;
1124 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1125 v24_sig &= ~RFCOMM_V24_RTR;
1126 if (clear & TIOCM_RI)
1127 v24_sig &= ~RFCOMM_V24_IC;
1128 if (clear & TIOCM_CD)
1129 v24_sig &= ~RFCOMM_V24_DV;
1130
1131 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1132
1133 return 0;
1134}
1135
1136/* ---- TTY structure ---- */
1137
1138static const struct tty_operations rfcomm_ops = {
1139 .open = rfcomm_tty_open,
1140 .close = rfcomm_tty_close,
1141 .write = rfcomm_tty_write,
1142 .write_room = rfcomm_tty_write_room,
1143 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1144 .flush_buffer = rfcomm_tty_flush_buffer,
1145 .ioctl = rfcomm_tty_ioctl,
1146 .throttle = rfcomm_tty_throttle,
1147 .unthrottle = rfcomm_tty_unthrottle,
1148 .set_termios = rfcomm_tty_set_termios,
1149 .send_xchar = rfcomm_tty_send_xchar,
1150 .hangup = rfcomm_tty_hangup,
1151 .wait_until_sent = rfcomm_tty_wait_until_sent,
1152 .tiocmget = rfcomm_tty_tiocmget,
1153 .tiocmset = rfcomm_tty_tiocmset,
1154};
1155
1156int __init rfcomm_init_ttys(void)
1157{
1158 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1159 if (!rfcomm_tty_driver)
1160 return -1;
1161
1162 rfcomm_tty_driver->owner = THIS_MODULE;
1163 rfcomm_tty_driver->driver_name = "rfcomm";
1164 rfcomm_tty_driver->name = "rfcomm";
1165 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1166 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1167 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1168 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1169 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1170 rfcomm_tty_driver->init_termios = tty_std_termios;
1171 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1172 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1173 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1174
1175 if (tty_register_driver(rfcomm_tty_driver)) {
1176 BT_ERR("Can't register RFCOMM TTY driver");
1177 put_tty_driver(rfcomm_tty_driver);
1178 return -1;
1179 }
1180
1181 BT_INFO("RFCOMM TTY layer initialized");
1182
1183 return 0;
1184}
1185
1186void rfcomm_cleanup_ttys(void)
1187{
1188 tty_unregister_driver(rfcomm_tty_driver);
1189 put_tty_driver(rfcomm_tty_driver);
1190}