1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 *
4 * Bluetooth HCI UART driver
5 *
6 * Copyright (C) 2000-2001 Qualcomm Incorporated
7 * Copyright (C) 2002-2003 Maxim Krasnyansky <maxk@qualcomm.com>
8 * Copyright (C) 2004-2005 Marcel Holtmann <marcel@holtmann.org>
9 */
10
11 #include <linux/module.h>
12
13 #include <linux/kernel.h>
14 #include <linux/init.h>
15 #include <linux/types.h>
16 #include <linux/fcntl.h>
17 #include <linux/interrupt.h>
18 #include <linux/ptrace.h>
19 #include <linux/poll.h>
20
21 #include <linux/slab.h>
22 #include <linux/tty.h>
23 #include <linux/errno.h>
24 #include <linux/string.h>
25 #include <linux/signal.h>
26 #include <linux/ioctl.h>
27 #include <linux/skbuff.h>
28 #include <linux/firmware.h>
29 #include <linux/serdev.h>
30
31 #include <net/bluetooth/bluetooth.h>
32 #include <net/bluetooth/hci_core.h>
33
34 #include "btintel.h"
35 #include "btbcm.h"
36 #include "hci_uart.h"
37
38 #define VERSION "2.3"
39
40 static const struct hci_uart_proto *hup[HCI_UART_MAX_PROTO];
41
hci_uart_register_proto(const struct hci_uart_proto * p)42 int hci_uart_register_proto(const struct hci_uart_proto *p)
43 {
44 if (p->id >= HCI_UART_MAX_PROTO)
45 return -EINVAL;
46
47 if (hup[p->id])
48 return -EEXIST;
49
50 hup[p->id] = p;
51
52 BT_INFO("HCI UART protocol %s registered", p->name);
53
54 return 0;
55 }
56
hci_uart_unregister_proto(const struct hci_uart_proto * p)57 int hci_uart_unregister_proto(const struct hci_uart_proto *p)
58 {
59 if (p->id >= HCI_UART_MAX_PROTO)
60 return -EINVAL;
61
62 if (!hup[p->id])
63 return -EINVAL;
64
65 hup[p->id] = NULL;
66
67 return 0;
68 }
69
hci_uart_get_proto(unsigned int id)70 static const struct hci_uart_proto *hci_uart_get_proto(unsigned int id)
71 {
72 if (id >= HCI_UART_MAX_PROTO)
73 return NULL;
74
75 return hup[id];
76 }
77
hci_uart_tx_complete(struct hci_uart * hu,int pkt_type)78 static inline void hci_uart_tx_complete(struct hci_uart *hu, int pkt_type)
79 {
80 struct hci_dev *hdev = hu->hdev;
81
82 /* Update HCI stat counters */
83 switch (pkt_type) {
84 case HCI_COMMAND_PKT:
85 hdev->stat.cmd_tx++;
86 break;
87
88 case HCI_ACLDATA_PKT:
89 hdev->stat.acl_tx++;
90 break;
91
92 case HCI_SCODATA_PKT:
93 hdev->stat.sco_tx++;
94 break;
95 }
96 }
97
hci_uart_dequeue(struct hci_uart * hu)98 static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu)
99 {
100 struct sk_buff *skb = hu->tx_skb;
101
102 if (!skb) {
103 percpu_down_read(&hu->proto_lock);
104
105 if (test_bit(HCI_UART_PROTO_READY, &hu->flags) ||
106 test_bit(HCI_UART_PROTO_INIT, &hu->flags))
107 skb = hu->proto->dequeue(hu);
108
109 percpu_up_read(&hu->proto_lock);
110 } else {
111 hu->tx_skb = NULL;
112 }
113
114 return skb;
115 }
116
hci_uart_tx_wakeup(struct hci_uart * hu)117 int hci_uart_tx_wakeup(struct hci_uart *hu)
118 {
119 /* This may be called in an IRQ context, so we can't sleep. Therefore
120 * we try to acquire the lock only, and if that fails we assume the
121 * tty is being closed because that is the only time the write lock is
122 * acquired. If, however, at some point in the future the write lock
123 * is also acquired in other situations, then this must be revisited.
124 */
125 if (!percpu_down_read_trylock(&hu->proto_lock))
126 return 0;
127
128 if (!test_bit(HCI_UART_PROTO_READY, &hu->flags) &&
129 !test_bit(HCI_UART_PROTO_INIT, &hu->flags))
130 goto no_schedule;
131
132 set_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
133 if (test_and_set_bit(HCI_UART_SENDING, &hu->tx_state))
134 goto no_schedule;
135
136 BT_DBG("");
137
138 schedule_work(&hu->write_work);
139
140 no_schedule:
141 percpu_up_read(&hu->proto_lock);
142
143 return 0;
144 }
145 EXPORT_SYMBOL_GPL(hci_uart_tx_wakeup);
146
hci_uart_write_work(struct work_struct * work)147 static void hci_uart_write_work(struct work_struct *work)
148 {
149 struct hci_uart *hu = container_of(work, struct hci_uart, write_work);
150 struct tty_struct *tty = hu->tty;
151 struct hci_dev *hdev = hu->hdev;
152 struct sk_buff *skb;
153
154 /* REVISIT: should we cope with bad skbs or ->write() returning
155 * and error value ?
156 */
157
158 restart:
159 clear_bit(HCI_UART_TX_WAKEUP, &hu->tx_state);
160
161 while ((skb = hci_uart_dequeue(hu))) {
162 int len;
163
164 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
165 len = tty->ops->write(tty, skb->data, skb->len);
166 hdev->stat.byte_tx += len;
167
168 skb_pull(skb, len);
169 if (skb->len) {
170 hu->tx_skb = skb;
171 break;
172 }
173
174 hci_uart_tx_complete(hu, hci_skb_pkt_type(skb));
175 kfree_skb(skb);
176 }
177
178 clear_bit(HCI_UART_SENDING, &hu->tx_state);
179 if (test_bit(HCI_UART_TX_WAKEUP, &hu->tx_state))
180 goto restart;
181
182 wake_up_bit(&hu->tx_state, HCI_UART_SENDING);
183 }
184
hci_uart_init_work(struct work_struct * work)185 void hci_uart_init_work(struct work_struct *work)
186 {
187 struct hci_uart *hu = container_of(work, struct hci_uart, init_ready);
188 int err;
189 struct hci_dev *hdev;
190
191 if (!test_and_clear_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
192 return;
193
194 err = hci_register_dev(hu->hdev);
195 if (err < 0) {
196 BT_ERR("Can't register HCI device");
197
198 percpu_down_write(&hu->proto_lock);
199 clear_bit(HCI_UART_PROTO_READY, &hu->flags);
200 percpu_up_write(&hu->proto_lock);
201
202 /* Safely cancel work after clearing flags */
203 cancel_work_sync(&hu->write_work);
204
205 /* Close protocol before freeing hdev */
206 hu->proto->close(hu);
207 hdev = hu->hdev;
208 hu->hdev = NULL;
209 hci_free_dev(hdev);
210 return;
211 }
212
213 set_bit(HCI_UART_REGISTERED, &hu->flags);
214 }
215
hci_uart_init_ready(struct hci_uart * hu)216 int hci_uart_init_ready(struct hci_uart *hu)
217 {
218 if (!test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
219 return -EALREADY;
220
221 schedule_work(&hu->init_ready);
222
223 return 0;
224 }
225
hci_uart_wait_until_sent(struct hci_uart * hu)226 int hci_uart_wait_until_sent(struct hci_uart *hu)
227 {
228 return wait_on_bit_timeout(&hu->tx_state, HCI_UART_SENDING,
229 TASK_INTERRUPTIBLE,
230 msecs_to_jiffies(2000));
231 }
232
233 /* ------- Interface to HCI layer ------ */
234 /* Reset device */
hci_uart_flush(struct hci_dev * hdev)235 static int hci_uart_flush(struct hci_dev *hdev)
236 {
237 struct hci_uart *hu = hci_get_drvdata(hdev);
238 struct tty_struct *tty = hu->tty;
239
240 BT_DBG("hdev %p tty %p", hdev, tty);
241
242 if (hu->tx_skb) {
243 kfree_skb(hu->tx_skb); hu->tx_skb = NULL;
244 }
245
246 /* Flush any pending characters in the driver and discipline. */
247 tty_ldisc_flush(tty);
248 tty_driver_flush_buffer(tty);
249
250 percpu_down_read(&hu->proto_lock);
251
252 if (test_bit(HCI_UART_PROTO_READY, &hu->flags))
253 hu->proto->flush(hu);
254
255 percpu_up_read(&hu->proto_lock);
256
257 return 0;
258 }
259
260 /* Initialize device */
hci_uart_open(struct hci_dev * hdev)261 static int hci_uart_open(struct hci_dev *hdev)
262 {
263 BT_DBG("%s %p", hdev->name, hdev);
264
265 /* Undo clearing this from hci_uart_close() */
266 hdev->flush = hci_uart_flush;
267
268 return 0;
269 }
270
271 /* Close device */
hci_uart_close(struct hci_dev * hdev)272 static int hci_uart_close(struct hci_dev *hdev)
273 {
274 struct hci_uart *hu = hci_get_drvdata(hdev);
275
276 BT_DBG("hdev %p", hdev);
277
278 cancel_work_sync(&hu->write_work);
279
280 hci_uart_flush(hdev);
281 hdev->flush = NULL;
282 return 0;
283 }
284
285 /* Send frames from HCI layer */
hci_uart_send_frame(struct hci_dev * hdev,struct sk_buff * skb)286 static int hci_uart_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
287 {
288 struct hci_uart *hu = hci_get_drvdata(hdev);
289
290 BT_DBG("%s: type %d len %d", hdev->name, hci_skb_pkt_type(skb),
291 skb->len);
292
293 percpu_down_read(&hu->proto_lock);
294
295 if (!test_bit(HCI_UART_PROTO_READY, &hu->flags) &&
296 !test_bit(HCI_UART_PROTO_INIT, &hu->flags)) {
297 percpu_up_read(&hu->proto_lock);
298 return -EUNATCH;
299 }
300
301 hu->proto->enqueue(hu, skb);
302 percpu_up_read(&hu->proto_lock);
303
304 hci_uart_tx_wakeup(hu);
305
306 return 0;
307 }
308
309 /* Check the underlying device or tty has flow control support */
hci_uart_has_flow_control(struct hci_uart * hu)310 bool hci_uart_has_flow_control(struct hci_uart *hu)
311 {
312 /* serdev nodes check if the needed operations are present */
313 if (hu->serdev)
314 return true;
315
316 if (hu->tty->driver->ops->tiocmget && hu->tty->driver->ops->tiocmset)
317 return true;
318
319 return false;
320 }
321
322 /* Flow control or un-flow control the device */
hci_uart_set_flow_control(struct hci_uart * hu,bool enable)323 void hci_uart_set_flow_control(struct hci_uart *hu, bool enable)
324 {
325 struct tty_struct *tty = hu->tty;
326 struct ktermios ktermios;
327 int status;
328 unsigned int set = 0;
329 unsigned int clear = 0;
330
331 if (hu->serdev) {
332 serdev_device_set_flow_control(hu->serdev, !enable);
333 serdev_device_set_rts(hu->serdev, !enable);
334 return;
335 }
336
337 if (enable) {
338 /* Disable hardware flow control */
339 ktermios = tty->termios;
340 ktermios.c_cflag &= ~CRTSCTS;
341 tty_set_termios(tty, &ktermios);
342 BT_DBG("Disabling hardware flow control: %s",
343 (tty->termios.c_cflag & CRTSCTS) ? "failed" : "success");
344
345 /* Clear RTS to prevent the device from sending */
346 /* Most UARTs need OUT2 to enable interrupts */
347 status = tty->driver->ops->tiocmget(tty);
348 BT_DBG("Current tiocm 0x%x", status);
349
350 set &= ~(TIOCM_OUT2 | TIOCM_RTS);
351 clear = ~set;
352 set &= TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
353 TIOCM_OUT2 | TIOCM_LOOP;
354 clear &= TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
355 TIOCM_OUT2 | TIOCM_LOOP;
356 status = tty->driver->ops->tiocmset(tty, set, clear);
357 BT_DBG("Clearing RTS: %s", status ? "failed" : "success");
358 } else {
359 /* Set RTS to allow the device to send again */
360 status = tty->driver->ops->tiocmget(tty);
361 BT_DBG("Current tiocm 0x%x", status);
362
363 set |= (TIOCM_OUT2 | TIOCM_RTS);
364 clear = ~set;
365 set &= TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
366 TIOCM_OUT2 | TIOCM_LOOP;
367 clear &= TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
368 TIOCM_OUT2 | TIOCM_LOOP;
369 status = tty->driver->ops->tiocmset(tty, set, clear);
370 BT_DBG("Setting RTS: %s", status ? "failed" : "success");
371
372 /* Re-enable hardware flow control */
373 ktermios = tty->termios;
374 ktermios.c_cflag |= CRTSCTS;
375 tty_set_termios(tty, &ktermios);
376 BT_DBG("Enabling hardware flow control: %s",
377 !(tty->termios.c_cflag & CRTSCTS) ? "failed" : "success");
378 }
379 }
380
hci_uart_set_speeds(struct hci_uart * hu,unsigned int init_speed,unsigned int oper_speed)381 void hci_uart_set_speeds(struct hci_uart *hu, unsigned int init_speed,
382 unsigned int oper_speed)
383 {
384 hu->init_speed = init_speed;
385 hu->oper_speed = oper_speed;
386 }
387
hci_uart_set_baudrate(struct hci_uart * hu,unsigned int speed)388 void hci_uart_set_baudrate(struct hci_uart *hu, unsigned int speed)
389 {
390 struct tty_struct *tty = hu->tty;
391 struct ktermios ktermios;
392
393 ktermios = tty->termios;
394 ktermios.c_cflag &= ~CBAUD;
395 tty_termios_encode_baud_rate(&ktermios, speed, speed);
396
397 /* tty_set_termios() return not checked as it is always 0 */
398 tty_set_termios(tty, &ktermios);
399
400 BT_DBG("%s: New tty speeds: %d/%d", hu->hdev->name,
401 tty->termios.c_ispeed, tty->termios.c_ospeed);
402 }
403
hci_uart_setup(struct hci_dev * hdev)404 static int hci_uart_setup(struct hci_dev *hdev)
405 {
406 struct hci_uart *hu = hci_get_drvdata(hdev);
407 struct hci_rp_read_local_version *ver;
408 struct sk_buff *skb;
409 unsigned int speed;
410 int err;
411
412 /* Init speed if any */
413 if (hu->init_speed)
414 speed = hu->init_speed;
415 else if (hu->proto->init_speed)
416 speed = hu->proto->init_speed;
417 else
418 speed = 0;
419
420 if (speed)
421 hci_uart_set_baudrate(hu, speed);
422
423 /* Operational speed if any */
424 if (hu->oper_speed)
425 speed = hu->oper_speed;
426 else if (hu->proto->oper_speed)
427 speed = hu->proto->oper_speed;
428 else
429 speed = 0;
430
431 if (hu->proto->set_baudrate && speed) {
432 err = hu->proto->set_baudrate(hu, speed);
433 if (!err)
434 hci_uart_set_baudrate(hu, speed);
435 }
436
437 if (hu->proto->setup)
438 return hu->proto->setup(hu);
439
440 if (!test_bit(HCI_UART_VND_DETECT, &hu->hdev_flags))
441 return 0;
442
443 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
444 HCI_INIT_TIMEOUT);
445 if (IS_ERR(skb)) {
446 BT_ERR("%s: Reading local version information failed (%ld)",
447 hdev->name, PTR_ERR(skb));
448 return 0;
449 }
450
451 if (skb->len != sizeof(*ver)) {
452 BT_ERR("%s: Event length mismatch for version information",
453 hdev->name);
454 goto done;
455 }
456
457 ver = (struct hci_rp_read_local_version *)skb->data;
458
459 switch (le16_to_cpu(ver->manufacturer)) {
460 #ifdef CONFIG_BT_HCIUART_INTEL
461 case 2:
462 hdev->set_bdaddr = btintel_set_bdaddr;
463 btintel_check_bdaddr(hdev);
464 break;
465 #endif
466 #ifdef CONFIG_BT_HCIUART_BCM
467 case 15:
468 hdev->set_bdaddr = btbcm_set_bdaddr;
469 btbcm_check_bdaddr(hdev);
470 break;
471 #endif
472 default:
473 break;
474 }
475
476 done:
477 kfree_skb(skb);
478 return 0;
479 }
480
481 /* ------ LDISC part ------ */
482 /* hci_uart_tty_open
483 *
484 * Called when line discipline changed to HCI_UART.
485 *
486 * Arguments:
487 * tty pointer to tty info structure
488 * Return Value:
489 * 0 if success, otherwise error code
490 */
hci_uart_tty_open(struct tty_struct * tty)491 static int hci_uart_tty_open(struct tty_struct *tty)
492 {
493 struct hci_uart *hu;
494
495 BT_DBG("tty %p", tty);
496
497 if (!capable(CAP_NET_ADMIN))
498 return -EPERM;
499
500 /* Error if the tty has no write op instead of leaving an exploitable
501 * hole
502 */
503 if (tty->ops->write == NULL)
504 return -EOPNOTSUPP;
505
506 hu = kzalloc_obj(*hu);
507 if (!hu) {
508 BT_ERR("Can't allocate control structure");
509 return -ENFILE;
510 }
511 if (percpu_init_rwsem(&hu->proto_lock)) {
512 BT_ERR("Can't allocate semaphore structure");
513 kfree(hu);
514 return -ENOMEM;
515 }
516
517 tty->disc_data = hu;
518 hu->tty = tty;
519 tty->receive_room = 65536;
520
521 /* disable alignment support by default */
522 hu->alignment = 1;
523 hu->padding = 0;
524
525 /* Use serial port speed as oper_speed */
526 hu->oper_speed = tty->termios.c_ospeed;
527
528 INIT_WORK(&hu->init_ready, hci_uart_init_work);
529 INIT_WORK(&hu->write_work, hci_uart_write_work);
530
531 /* Flush any pending characters in the driver */
532 tty_driver_flush_buffer(tty);
533
534 return 0;
535 }
536
537 /* hci_uart_tty_close()
538 *
539 * Called when the line discipline is changed to something
540 * else, the tty is closed, or the tty detects a hangup.
541 */
hci_uart_tty_close(struct tty_struct * tty)542 static void hci_uart_tty_close(struct tty_struct *tty)
543 {
544 struct hci_uart *hu = tty->disc_data;
545 struct hci_dev *hdev;
546 bool proto_ready;
547
548 BT_DBG("tty %p", tty);
549
550 /* Detach from the tty */
551 tty->disc_data = NULL;
552
553 if (!hu)
554 return;
555
556 /* Wait for init_ready to finish to prevent registration races */
557 cancel_work_sync(&hu->init_ready);
558
559 proto_ready = test_bit(HCI_UART_PROTO_READY, &hu->flags);
560 if (proto_ready) {
561 percpu_down_write(&hu->proto_lock);
562 clear_bit(HCI_UART_PROTO_READY, &hu->flags);
563 percpu_up_write(&hu->proto_lock);
564 }
565
566 /*
567 * Unconditionally cancel write_work AFTER clearing PROTO_READY.
568 * This ensures that concurrent protocol timers cannot requeue
569 * write_work via hci_uart_tx_wakeup(), permanently preventing
570 * double-free races and UAFs.
571 */
572 cancel_work_sync(&hu->write_work);
573
574 hdev = hu->hdev;
575 if (hdev)
576 hci_uart_close(hdev); /* proto->flush is safely skipped */
577
578 if (proto_ready) {
579 if (hdev) {
580 if (test_bit(HCI_UART_REGISTERED, &hu->flags))
581 hci_unregister_dev(hdev);
582 }
583 /* Close protocol before freeing hdev (intrinsically purges queues) */
584 hu->proto->close(hu);
585
586 if (hdev)
587 hci_free_dev(hdev);
588 }
589 clear_bit(HCI_UART_PROTO_SET, &hu->flags);
590
591 percpu_free_rwsem(&hu->proto_lock);
592
593 kfree(hu);
594 }
595
596 /* hci_uart_tty_wakeup()
597 *
598 * Callback for transmit wakeup. Called when low level
599 * device driver can accept more send data.
600 *
601 * Arguments: tty pointer to associated tty instance data
602 * Return Value: None
603 */
hci_uart_tty_wakeup(struct tty_struct * tty)604 static void hci_uart_tty_wakeup(struct tty_struct *tty)
605 {
606 struct hci_uart *hu = tty->disc_data;
607
608 BT_DBG("");
609
610 if (!hu)
611 return;
612
613 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
614
615 if (tty != hu->tty)
616 return;
617
618 if (test_bit(HCI_UART_PROTO_READY, &hu->flags) ||
619 test_bit(HCI_UART_PROTO_INIT, &hu->flags))
620 hci_uart_tx_wakeup(hu);
621 }
622
623 /* hci_uart_tty_receive()
624 *
625 * Called by tty low level driver when receive data is
626 * available.
627 *
628 * Arguments: tty pointer to tty instance data
629 * data pointer to received data
630 * flags pointer to flags for data
631 * count count of received data in bytes
632 *
633 * Return Value: None
634 */
hci_uart_tty_receive(struct tty_struct * tty,const u8 * data,const u8 * flags,size_t count)635 static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data,
636 const u8 *flags, size_t count)
637 {
638 struct hci_uart *hu = tty->disc_data;
639
640 if (!hu || tty != hu->tty)
641 return;
642
643 percpu_down_read(&hu->proto_lock);
644
645 if (!test_bit(HCI_UART_PROTO_READY, &hu->flags) &&
646 !test_bit(HCI_UART_PROTO_INIT, &hu->flags)) {
647 percpu_up_read(&hu->proto_lock);
648 return;
649 }
650
651 /* It does not need a lock here as it is already protected by a mutex in
652 * tty caller
653 */
654 hu->proto->recv(hu, data, count);
655
656 if (hu->hdev)
657 hu->hdev->stat.byte_rx += count;
658
659 percpu_up_read(&hu->proto_lock);
660
661 tty_unthrottle(tty);
662 }
663
hci_uart_register_dev(struct hci_uart * hu)664 static int hci_uart_register_dev(struct hci_uart *hu)
665 {
666 struct hci_dev *hdev;
667 int err;
668
669 BT_DBG("");
670
671 /* Initialize and register HCI device */
672 hdev = hci_alloc_dev();
673 if (!hdev) {
674 BT_ERR("Can't allocate HCI device");
675 return -ENOMEM;
676 }
677
678 hu->hdev = hdev;
679
680 hdev->bus = HCI_UART;
681 hci_set_drvdata(hdev, hu);
682
683 /* Only when vendor specific setup callback is provided, consider
684 * the manufacturer information valid. This avoids filling in the
685 * value for Ericsson when nothing is specified.
686 */
687 if (hu->proto->setup)
688 hdev->manufacturer = hu->proto->manufacturer;
689
690 hdev->open = hci_uart_open;
691 hdev->close = hci_uart_close;
692 hdev->flush = hci_uart_flush;
693 hdev->send = hci_uart_send_frame;
694 hdev->setup = hci_uart_setup;
695 SET_HCIDEV_DEV(hdev, hu->tty->dev);
696
697 if (test_bit(HCI_UART_RAW_DEVICE, &hu->hdev_flags))
698 hci_set_quirk(hdev, HCI_QUIRK_RAW_DEVICE);
699
700 if (test_bit(HCI_UART_EXT_CONFIG, &hu->hdev_flags))
701 hci_set_quirk(hdev, HCI_QUIRK_EXTERNAL_CONFIG);
702
703 if (!test_bit(HCI_UART_RESET_ON_INIT, &hu->hdev_flags))
704 hci_set_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE);
705
706 /* Only call open() for the protocol after hdev is fully initialized as
707 * open() (or a timer/workqueue it starts) may attempt to reference it.
708 */
709 err = hu->proto->open(hu);
710 if (err) {
711 hu->hdev = NULL;
712 hci_free_dev(hdev);
713 return err;
714 }
715
716 set_bit(HCI_UART_PROTO_INIT, &hu->flags);
717
718 if (test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
719 return 0;
720
721 if (hci_register_dev(hdev) < 0) {
722 BT_ERR("Can't register HCI device");
723 percpu_down_write(&hu->proto_lock);
724 clear_bit(HCI_UART_PROTO_INIT, &hu->flags);
725 percpu_up_write(&hu->proto_lock);
726 /* Cancel work after clearing flags */
727 cancel_work_sync(&hu->write_work);
728
729 /* Close protocol before freeing hdev */
730 hu->proto->close(hu);
731 hu->hdev = NULL;
732 hci_free_dev(hdev);
733 return -ENODEV;
734 }
735
736 set_bit(HCI_UART_REGISTERED, &hu->flags);
737
738 return 0;
739 }
740
hci_uart_set_proto(struct hci_uart * hu,int id)741 static int hci_uart_set_proto(struct hci_uart *hu, int id)
742 {
743 const struct hci_uart_proto *p;
744 int err;
745
746 p = hci_uart_get_proto(id);
747 if (!p)
748 return -EPROTONOSUPPORT;
749
750 hu->proto = p;
751
752 err = hci_uart_register_dev(hu);
753 if (err) {
754 return err;
755 }
756
757 set_bit(HCI_UART_PROTO_READY, &hu->flags);
758 clear_bit(HCI_UART_PROTO_INIT, &hu->flags);
759
760 return 0;
761 }
762
hci_uart_set_flags(struct hci_uart * hu,unsigned long flags)763 static int hci_uart_set_flags(struct hci_uart *hu, unsigned long flags)
764 {
765 unsigned long valid_flags = BIT(HCI_UART_RAW_DEVICE) |
766 BIT(HCI_UART_RESET_ON_INIT) |
767 BIT(HCI_UART_INIT_PENDING) |
768 BIT(HCI_UART_EXT_CONFIG) |
769 BIT(HCI_UART_VND_DETECT);
770
771 if (flags & ~valid_flags)
772 return -EINVAL;
773
774 hu->hdev_flags = flags;
775
776 return 0;
777 }
778
779 /* hci_uart_tty_ioctl()
780 *
781 * Process IOCTL system call for the tty device.
782 *
783 * Arguments:
784 *
785 * tty pointer to tty instance data
786 * cmd IOCTL command code
787 * arg argument for IOCTL call (cmd dependent)
788 *
789 * Return Value: Command dependent
790 */
hci_uart_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)791 static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
792 unsigned long arg)
793 {
794 struct hci_uart *hu = tty->disc_data;
795 int err = 0;
796
797 BT_DBG("");
798
799 /* Verify the status of the device */
800 if (!hu)
801 return -EBADF;
802
803 switch (cmd) {
804 case HCIUARTSETPROTO:
805 if (!test_and_set_bit(HCI_UART_PROTO_SET, &hu->flags)) {
806 err = hci_uart_set_proto(hu, arg);
807 if (err)
808 clear_bit(HCI_UART_PROTO_SET, &hu->flags);
809 } else
810 err = -EBUSY;
811 break;
812
813 case HCIUARTGETPROTO:
814 if (test_bit(HCI_UART_PROTO_SET, &hu->flags) &&
815 test_bit(HCI_UART_PROTO_READY, &hu->flags))
816 err = hu->proto->id;
817 else
818 err = -EUNATCH;
819 break;
820
821 case HCIUARTGETDEVICE:
822 if (test_bit(HCI_UART_REGISTERED, &hu->flags))
823 err = hu->hdev->id;
824 else
825 err = -EUNATCH;
826 break;
827
828 case HCIUARTSETFLAGS:
829 if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
830 err = -EBUSY;
831 else
832 err = hci_uart_set_flags(hu, arg);
833 break;
834
835 case HCIUARTGETFLAGS:
836 err = hu->hdev_flags;
837 break;
838
839 default:
840 err = n_tty_ioctl_helper(tty, cmd, arg);
841 break;
842 }
843
844 return err;
845 }
846
847 /*
848 * We don't provide read/write/poll interface for user space.
849 */
hci_uart_tty_read(struct tty_struct * tty,struct file * file,u8 * buf,size_t nr,void ** cookie,unsigned long offset)850 static ssize_t hci_uart_tty_read(struct tty_struct *tty, struct file *file,
851 u8 *buf, size_t nr, void **cookie,
852 unsigned long offset)
853 {
854 return 0;
855 }
856
hci_uart_tty_write(struct tty_struct * tty,struct file * file,const u8 * data,size_t count)857 static ssize_t hci_uart_tty_write(struct tty_struct *tty, struct file *file,
858 const u8 *data, size_t count)
859 {
860 return 0;
861 }
862
863 static struct tty_ldisc_ops hci_uart_ldisc = {
864 .owner = THIS_MODULE,
865 .num = N_HCI,
866 .name = "n_hci",
867 .open = hci_uart_tty_open,
868 .close = hci_uart_tty_close,
869 .read = hci_uart_tty_read,
870 .write = hci_uart_tty_write,
871 .ioctl = hci_uart_tty_ioctl,
872 .compat_ioctl = hci_uart_tty_ioctl,
873 .receive_buf = hci_uart_tty_receive,
874 .write_wakeup = hci_uart_tty_wakeup,
875 };
876
hci_uart_init(void)877 static int __init hci_uart_init(void)
878 {
879 int err;
880
881 BT_INFO("HCI UART driver ver %s", VERSION);
882
883 /* Register the tty discipline */
884 err = tty_register_ldisc(&hci_uart_ldisc);
885 if (err) {
886 BT_ERR("HCI line discipline registration failed. (%d)", err);
887 return err;
888 }
889
890 #ifdef CONFIG_BT_HCIUART_H4
891 h4_init();
892 #endif
893 #ifdef CONFIG_BT_HCIUART_BCSP
894 bcsp_init();
895 #endif
896 #ifdef CONFIG_BT_HCIUART_LL
897 ll_init();
898 #endif
899 #ifdef CONFIG_BT_HCIUART_ATH3K
900 ath_init();
901 #endif
902 #ifdef CONFIG_BT_HCIUART_3WIRE
903 h5_init();
904 #endif
905 #ifdef CONFIG_BT_HCIUART_INTEL
906 intel_init();
907 #endif
908 #ifdef CONFIG_BT_HCIUART_BCM
909 bcm_init();
910 #endif
911 #ifdef CONFIG_BT_HCIUART_QCA
912 qca_init();
913 #endif
914 #ifdef CONFIG_BT_HCIUART_AG6XX
915 ag6xx_init();
916 #endif
917 #ifdef CONFIG_BT_HCIUART_MRVL
918 mrvl_init();
919 #endif
920 #ifdef CONFIG_BT_HCIUART_AML
921 aml_init();
922 #endif
923 return 0;
924 }
925
hci_uart_exit(void)926 static void __exit hci_uart_exit(void)
927 {
928 #ifdef CONFIG_BT_HCIUART_H4
929 h4_deinit();
930 #endif
931 #ifdef CONFIG_BT_HCIUART_BCSP
932 bcsp_deinit();
933 #endif
934 #ifdef CONFIG_BT_HCIUART_LL
935 ll_deinit();
936 #endif
937 #ifdef CONFIG_BT_HCIUART_ATH3K
938 ath_deinit();
939 #endif
940 #ifdef CONFIG_BT_HCIUART_3WIRE
941 h5_deinit();
942 #endif
943 #ifdef CONFIG_BT_HCIUART_INTEL
944 intel_deinit();
945 #endif
946 #ifdef CONFIG_BT_HCIUART_BCM
947 bcm_deinit();
948 #endif
949 #ifdef CONFIG_BT_HCIUART_QCA
950 qca_deinit();
951 #endif
952 #ifdef CONFIG_BT_HCIUART_AG6XX
953 ag6xx_deinit();
954 #endif
955 #ifdef CONFIG_BT_HCIUART_MRVL
956 mrvl_deinit();
957 #endif
958 #ifdef CONFIG_BT_HCIUART_AML
959 aml_deinit();
960 #endif
961 tty_unregister_ldisc(&hci_uart_ldisc);
962 }
963
964 module_init(hci_uart_init);
965 module_exit(hci_uart_exit);
966
967 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
968 MODULE_DESCRIPTION("Bluetooth HCI UART driver ver " VERSION);
969 MODULE_VERSION(VERSION);
970 MODULE_LICENSE("GPL");
971 MODULE_ALIAS_LDISC(N_HCI);
972