1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
39 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
40 #define RFCOMM_TTY_MINOR 0
41
42 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
43 static struct tty_driver *rfcomm_tty_driver;
44
45 struct rfcomm_dev {
46 struct tty_port port;
47 struct list_head list;
48
49 char name[12];
50 int id;
51 unsigned long flags;
52 int err;
53
54 unsigned long status; /* don't export to userspace */
55
56 bdaddr_t src;
57 bdaddr_t dst;
58 u8 channel;
59
60 uint modem_status;
61
62 struct rfcomm_dlc *dlc;
63
64 struct device *tty_dev;
65
66 atomic_t wmem_alloc;
67
68 struct sk_buff_head pending;
69 };
70
71 static LIST_HEAD(rfcomm_dev_list);
72 static DEFINE_MUTEX(rfcomm_dev_lock);
73
74 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
75 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
76 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
77
78 /* ---- Device functions ---- */
79
rfcomm_dev_destruct(struct tty_port * port)80 static void rfcomm_dev_destruct(struct tty_port *port)
81 {
82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
83 struct rfcomm_dlc *dlc = dev->dlc;
84
85 BT_DBG("dev %p dlc %p", dev, dlc);
86
87 rfcomm_dlc_lock(dlc);
88 /* Detach DLC if it's owned by this dev */
89 if (dlc->owner == dev)
90 dlc->owner = NULL;
91 rfcomm_dlc_unlock(dlc);
92
93 rfcomm_dlc_put(dlc);
94
95 if (dev->tty_dev)
96 tty_unregister_device(rfcomm_tty_driver, dev->id);
97
98 mutex_lock(&rfcomm_dev_lock);
99 list_del(&dev->list);
100 mutex_unlock(&rfcomm_dev_lock);
101
102 kfree(dev);
103
104 /* It's safe to call module_put() here because socket still
105 holds reference to this module. */
106 module_put(THIS_MODULE);
107 }
108
109 /* device-specific initialization: open the dlc */
rfcomm_dev_activate(struct tty_port * port,struct tty_struct * tty)110 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
111 {
112 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
113 int err;
114
115 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
116 if (err)
117 set_bit(TTY_IO_ERROR, &tty->flags);
118 return err;
119 }
120
121 /* we block the open until the dlc->state becomes BT_CONNECTED */
rfcomm_dev_carrier_raised(struct tty_port * port)122 static bool rfcomm_dev_carrier_raised(struct tty_port *port)
123 {
124 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
125
126 return (dev->dlc->state == BT_CONNECTED);
127 }
128
129 /* device-specific cleanup: close the dlc */
rfcomm_dev_shutdown(struct tty_port * port)130 static void rfcomm_dev_shutdown(struct tty_port *port)
131 {
132 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
133
134 if (dev->tty_dev->parent)
135 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
136
137 /* close the dlc */
138 rfcomm_dlc_close(dev->dlc, 0);
139 }
140
141 static const struct tty_port_operations rfcomm_port_ops = {
142 .destruct = rfcomm_dev_destruct,
143 .activate = rfcomm_dev_activate,
144 .shutdown = rfcomm_dev_shutdown,
145 .carrier_raised = rfcomm_dev_carrier_raised,
146 };
147
__rfcomm_dev_lookup(int id)148 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
149 {
150 struct rfcomm_dev *dev;
151
152 list_for_each_entry(dev, &rfcomm_dev_list, list)
153 if (dev->id == id)
154 return dev;
155
156 return NULL;
157 }
158
rfcomm_dev_get(int id)159 static struct rfcomm_dev *rfcomm_dev_get(int id)
160 {
161 struct rfcomm_dev *dev;
162
163 mutex_lock(&rfcomm_dev_lock);
164
165 dev = __rfcomm_dev_lookup(id);
166
167 if (dev && !tty_port_get(&dev->port))
168 dev = NULL;
169
170 mutex_unlock(&rfcomm_dev_lock);
171
172 return dev;
173 }
174
rfcomm_reparent_device(struct rfcomm_dev * dev)175 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
176 {
177 struct hci_dev *hdev;
178 struct hci_conn *conn;
179
180 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
181 if (!hdev)
182 return;
183
184 /* The lookup results are unsafe to access without the
185 * hci device lock (FIXME: why is this not documented?)
186 */
187 hci_dev_lock(hdev);
188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
189
190 /* Just because the acl link is in the hash table is no
191 * guarantee the sysfs device has been added ...
192 */
193 if (conn && device_is_registered(&conn->dev))
194 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
195
196 hci_dev_unlock(hdev);
197 hci_dev_put(hdev);
198 }
199
address_show(struct device * tty_dev,struct device_attribute * attr,char * buf)200 static ssize_t address_show(struct device *tty_dev,
201 struct device_attribute *attr, char *buf)
202 {
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sysfs_emit(buf, "%pMR\n", &dev->dst);
205 }
206
channel_show(struct device * tty_dev,struct device_attribute * attr,char * buf)207 static ssize_t channel_show(struct device *tty_dev,
208 struct device_attribute *attr, char *buf)
209 {
210 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
211 return sysfs_emit(buf, "%d\n", dev->channel);
212 }
213
214 static DEVICE_ATTR_RO(address);
215 static DEVICE_ATTR_RO(channel);
216
__rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)217 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
218 struct rfcomm_dlc *dlc)
219 {
220 struct rfcomm_dev *dev, *entry;
221 struct list_head *head = &rfcomm_dev_list;
222 int err = 0;
223
224 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
225 if (!dev)
226 return ERR_PTR(-ENOMEM);
227
228 mutex_lock(&rfcomm_dev_lock);
229
230 if (req->dev_id < 0) {
231 dev->id = 0;
232
233 list_for_each_entry(entry, &rfcomm_dev_list, list) {
234 if (entry->id != dev->id)
235 break;
236
237 dev->id++;
238 head = &entry->list;
239 }
240 } else {
241 dev->id = req->dev_id;
242
243 list_for_each_entry(entry, &rfcomm_dev_list, list) {
244 if (entry->id == dev->id) {
245 err = -EADDRINUSE;
246 goto out;
247 }
248
249 if (entry->id > dev->id - 1)
250 break;
251
252 head = &entry->list;
253 }
254 }
255
256 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
257 err = -ENFILE;
258 goto out;
259 }
260
261 sprintf(dev->name, "rfcomm%d", dev->id);
262
263 list_add(&dev->list, head);
264
265 bacpy(&dev->src, &req->src);
266 bacpy(&dev->dst, &req->dst);
267 dev->channel = req->channel;
268
269 dev->flags = req->flags &
270 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
271
272 tty_port_init(&dev->port);
273 dev->port.ops = &rfcomm_port_ops;
274
275 skb_queue_head_init(&dev->pending);
276
277 rfcomm_dlc_lock(dlc);
278
279 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
280 struct sock *sk = dlc->owner;
281 struct sk_buff *skb;
282
283 BUG_ON(!sk);
284
285 rfcomm_dlc_throttle(dlc);
286
287 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
288 skb_orphan(skb);
289 skb_queue_tail(&dev->pending, skb);
290 atomic_sub(skb->len, &sk->sk_rmem_alloc);
291 }
292 }
293
294 dlc->data_ready = rfcomm_dev_data_ready;
295 dlc->state_change = rfcomm_dev_state_change;
296 dlc->modem_status = rfcomm_dev_modem_status;
297
298 dlc->owner = dev;
299 dev->dlc = dlc;
300
301 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
302
303 rfcomm_dlc_unlock(dlc);
304
305 /* It's safe to call __module_get() here because socket already
306 holds reference to this module. */
307 __module_get(THIS_MODULE);
308
309 mutex_unlock(&rfcomm_dev_lock);
310 return dev;
311
312 out:
313 mutex_unlock(&rfcomm_dev_lock);
314 kfree(dev);
315 return ERR_PTR(err);
316 }
317
rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)318 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
319 {
320 struct rfcomm_dev *dev;
321 struct device *tty;
322
323 BT_DBG("id %d channel %d", req->dev_id, req->channel);
324
325 dev = __rfcomm_dev_add(req, dlc);
326 if (IS_ERR(dev)) {
327 rfcomm_dlc_put(dlc);
328 return PTR_ERR(dev);
329 }
330
331 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
332 dev->id, NULL);
333 if (IS_ERR(tty)) {
334 tty_port_put(&dev->port);
335 return PTR_ERR(tty);
336 }
337
338 dev->tty_dev = tty;
339 rfcomm_reparent_device(dev);
340 dev_set_drvdata(dev->tty_dev, dev);
341
342 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
343 BT_ERR("Failed to create address attribute");
344
345 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
346 BT_ERR("Failed to create channel attribute");
347
348 return dev->id;
349 }
350
351 /* ---- Send buffer ---- */
rfcomm_room(struct rfcomm_dev * dev)352 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
353 {
354 struct rfcomm_dlc *dlc = dev->dlc;
355
356 /* Limit the outstanding number of packets not yet sent to 40 */
357 int pending = 40 - atomic_read(&dev->wmem_alloc);
358
359 return max(0, pending) * dlc->mtu;
360 }
361
rfcomm_wfree(struct sk_buff * skb)362 static void rfcomm_wfree(struct sk_buff *skb)
363 {
364 struct rfcomm_dev *dev = (void *) skb->sk;
365 atomic_dec(&dev->wmem_alloc);
366 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
367 tty_port_tty_wakeup(&dev->port);
368 tty_port_put(&dev->port);
369 }
370
rfcomm_set_owner_w(struct sk_buff * skb,struct rfcomm_dev * dev)371 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
372 {
373 tty_port_get(&dev->port);
374 atomic_inc(&dev->wmem_alloc);
375 skb->sk = (void *) dev;
376 skb->destructor = rfcomm_wfree;
377 }
378
rfcomm_wmalloc(struct rfcomm_dev * dev,unsigned long size,gfp_t priority)379 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
380 {
381 struct sk_buff *skb = alloc_skb(size, priority);
382 if (skb)
383 rfcomm_set_owner_w(skb, dev);
384 return skb;
385 }
386
387 /* ---- Device IOCTLs ---- */
388
389 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
390
__rfcomm_create_dev(struct sock * sk,void __user * arg)391 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
392 {
393 struct rfcomm_dev_req req;
394 struct rfcomm_dlc *dlc;
395 int id;
396
397 if (copy_from_user(&req, arg, sizeof(req)))
398 return -EFAULT;
399
400 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
401
402 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
403 return -EPERM;
404
405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
406 /* Socket must be connected */
407 if (sk->sk_state != BT_CONNECTED)
408 return -EBADFD;
409
410 dlc = rfcomm_pi(sk)->dlc;
411 rfcomm_dlc_hold(dlc);
412 } else {
413 /* Validate the channel is unused */
414 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
415 if (IS_ERR(dlc))
416 return PTR_ERR(dlc);
417 if (dlc)
418 return -EBUSY;
419 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
420 if (!dlc)
421 return -ENOMEM;
422 }
423
424 id = rfcomm_dev_add(&req, dlc);
425 if (id < 0)
426 return id;
427
428 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
429 /* DLC is now used by device.
430 * Socket must be disconnected */
431 sk->sk_state = BT_CLOSED;
432 }
433
434 return id;
435 }
436
__rfcomm_release_dev(void __user * arg)437 static int __rfcomm_release_dev(void __user *arg)
438 {
439 struct rfcomm_dev_req req;
440 struct rfcomm_dev *dev;
441
442 if (copy_from_user(&req, arg, sizeof(req)))
443 return -EFAULT;
444
445 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
446
447 dev = rfcomm_dev_get(req.dev_id);
448 if (!dev)
449 return -ENODEV;
450
451 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
452 tty_port_put(&dev->port);
453 return -EPERM;
454 }
455
456 /* only release once */
457 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
458 tty_port_put(&dev->port);
459 return -EALREADY;
460 }
461
462 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
463 rfcomm_dlc_close(dev->dlc, 0);
464
465 /* Shut down TTY synchronously before freeing rfcomm_dev */
466 tty_port_tty_vhangup(&dev->port);
467
468 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
469 tty_port_put(&dev->port);
470
471 tty_port_put(&dev->port);
472 return 0;
473 }
474
rfcomm_create_dev(struct sock * sk,void __user * arg)475 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
476 {
477 int ret;
478
479 mutex_lock(&rfcomm_ioctl_mutex);
480 ret = __rfcomm_create_dev(sk, arg);
481 mutex_unlock(&rfcomm_ioctl_mutex);
482
483 return ret;
484 }
485
rfcomm_release_dev(void __user * arg)486 static int rfcomm_release_dev(void __user *arg)
487 {
488 int ret;
489
490 mutex_lock(&rfcomm_ioctl_mutex);
491 ret = __rfcomm_release_dev(arg);
492 mutex_unlock(&rfcomm_ioctl_mutex);
493
494 return ret;
495 }
496
rfcomm_get_dev_list(void __user * arg)497 static int rfcomm_get_dev_list(void __user *arg)
498 {
499 struct rfcomm_dev *dev;
500 struct rfcomm_dev_list_req *dl;
501 struct rfcomm_dev_info *di;
502 int n = 0, err;
503 u16 dev_num;
504
505 BT_DBG("");
506
507 if (get_user(dev_num, (u16 __user *) arg))
508 return -EFAULT;
509
510 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
511 return -EINVAL;
512
513 dl = kzalloc(struct_size(dl, dev_info, dev_num), GFP_KERNEL);
514 if (!dl)
515 return -ENOMEM;
516
517 dl->dev_num = dev_num;
518 di = dl->dev_info;
519
520 mutex_lock(&rfcomm_dev_lock);
521
522 list_for_each_entry(dev, &rfcomm_dev_list, list) {
523 if (!tty_port_get(&dev->port))
524 continue;
525 di[n].id = dev->id;
526 di[n].flags = dev->flags;
527 di[n].state = dev->dlc->state;
528 di[n].channel = dev->channel;
529 bacpy(&di[n].src, &dev->src);
530 bacpy(&di[n].dst, &dev->dst);
531 tty_port_put(&dev->port);
532 if (++n >= dev_num)
533 break;
534 }
535
536 mutex_unlock(&rfcomm_dev_lock);
537
538 dl->dev_num = n;
539 err = copy_to_user(arg, dl, struct_size(dl, dev_info, n));
540 kfree(dl);
541
542 return err ? -EFAULT : 0;
543 }
544
rfcomm_get_dev_info(void __user * arg)545 static int rfcomm_get_dev_info(void __user *arg)
546 {
547 struct rfcomm_dev *dev;
548 struct rfcomm_dev_info di;
549 int err = 0;
550
551 BT_DBG("");
552
553 if (copy_from_user(&di, arg, sizeof(di)))
554 return -EFAULT;
555
556 dev = rfcomm_dev_get(di.id);
557 if (!dev)
558 return -ENODEV;
559
560 di.flags = dev->flags;
561 di.channel = dev->channel;
562 di.state = dev->dlc->state;
563 bacpy(&di.src, &dev->src);
564 bacpy(&di.dst, &dev->dst);
565
566 if (copy_to_user(arg, &di, sizeof(di)))
567 err = -EFAULT;
568
569 tty_port_put(&dev->port);
570 return err;
571 }
572
rfcomm_dev_ioctl(struct sock * sk,unsigned int cmd,void __user * arg)573 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
574 {
575 BT_DBG("cmd %d arg %p", cmd, arg);
576
577 switch (cmd) {
578 case RFCOMMCREATEDEV:
579 return rfcomm_create_dev(sk, arg);
580
581 case RFCOMMRELEASEDEV:
582 return rfcomm_release_dev(arg);
583
584 case RFCOMMGETDEVLIST:
585 return rfcomm_get_dev_list(arg);
586
587 case RFCOMMGETDEVINFO:
588 return rfcomm_get_dev_info(arg);
589 }
590
591 return -EINVAL;
592 }
593
594 /* ---- DLC callbacks ---- */
rfcomm_dev_data_ready(struct rfcomm_dlc * dlc,struct sk_buff * skb)595 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
596 {
597 struct rfcomm_dev *dev = dlc->owner;
598
599 if (!dev) {
600 kfree_skb(skb);
601 return;
602 }
603
604 if (!skb_queue_empty(&dev->pending)) {
605 skb_queue_tail(&dev->pending, skb);
606 return;
607 }
608
609 BT_DBG("dlc %p len %d", dlc, skb->len);
610
611 tty_insert_flip_string(&dev->port, skb->data, skb->len);
612 tty_flip_buffer_push(&dev->port);
613
614 kfree_skb(skb);
615 }
616
rfcomm_dev_state_change(struct rfcomm_dlc * dlc,int err)617 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
618 {
619 struct rfcomm_dev *dev = dlc->owner;
620 if (!dev)
621 return;
622
623 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
624
625 dev->err = err;
626 if (dlc->state == BT_CONNECTED) {
627 rfcomm_reparent_device(dev);
628
629 wake_up_interruptible(&dev->port.open_wait);
630 } else if (dlc->state == BT_CLOSED)
631 tty_port_tty_hangup(&dev->port, false);
632 }
633
rfcomm_dev_modem_status(struct rfcomm_dlc * dlc,u8 v24_sig)634 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
635 {
636 struct rfcomm_dev *dev = dlc->owner;
637 if (!dev)
638 return;
639
640 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
641
642 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
643 tty_port_tty_hangup(&dev->port, true);
644
645 dev->modem_status =
646 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
647 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
648 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
649 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
650 }
651
652 /* ---- TTY functions ---- */
rfcomm_tty_copy_pending(struct rfcomm_dev * dev)653 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
654 {
655 struct sk_buff *skb;
656 int inserted = 0;
657
658 BT_DBG("dev %p", dev);
659
660 rfcomm_dlc_lock(dev->dlc);
661
662 while ((skb = skb_dequeue(&dev->pending))) {
663 inserted += tty_insert_flip_string(&dev->port, skb->data,
664 skb->len);
665 kfree_skb(skb);
666 }
667
668 rfcomm_dlc_unlock(dev->dlc);
669
670 if (inserted > 0)
671 tty_flip_buffer_push(&dev->port);
672 }
673
674 /* do the reverse of install, clearing the tty fields and releasing the
675 * reference to tty_port
676 */
rfcomm_tty_cleanup(struct tty_struct * tty)677 static void rfcomm_tty_cleanup(struct tty_struct *tty)
678 {
679 struct rfcomm_dev *dev = tty->driver_data;
680
681 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
682
683 rfcomm_dlc_lock(dev->dlc);
684 tty->driver_data = NULL;
685 rfcomm_dlc_unlock(dev->dlc);
686
687 /*
688 * purge the dlc->tx_queue to avoid circular dependencies
689 * between dev and dlc
690 */
691 skb_queue_purge(&dev->dlc->tx_queue);
692
693 tty_port_put(&dev->port);
694 }
695
696 /* we acquire the tty_port reference since it's here the tty is first used
697 * by setting the termios. We also populate the driver_data field and install
698 * the tty port
699 */
rfcomm_tty_install(struct tty_driver * driver,struct tty_struct * tty)700 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
701 {
702 struct rfcomm_dev *dev;
703 struct rfcomm_dlc *dlc;
704 int err;
705
706 dev = rfcomm_dev_get(tty->index);
707 if (!dev)
708 return -ENODEV;
709
710 dlc = dev->dlc;
711
712 /* Attach TTY and open DLC */
713 rfcomm_dlc_lock(dlc);
714 tty->driver_data = dev;
715 rfcomm_dlc_unlock(dlc);
716 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
717
718 /* install the tty_port */
719 err = tty_port_install(&dev->port, driver, tty);
720 if (err) {
721 rfcomm_tty_cleanup(tty);
722 return err;
723 }
724
725 /* take over the tty_port reference if the port was created with the
726 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
727 * when the last process closes the tty. The behaviour is expected by
728 * userspace.
729 */
730 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
731 set_bit(RFCOMM_TTY_OWNED, &dev->status);
732 tty_port_put(&dev->port);
733 }
734
735 return 0;
736 }
737
rfcomm_tty_open(struct tty_struct * tty,struct file * filp)738 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
739 {
740 struct rfcomm_dev *dev = tty->driver_data;
741 int err;
742
743 BT_DBG("tty %p id %d", tty, tty->index);
744
745 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
746 dev->channel, dev->port.count);
747
748 err = tty_port_open(&dev->port, tty, filp);
749 if (err)
750 return err;
751
752 /*
753 * FIXME: rfcomm should use proper flow control for
754 * received data. This hack will be unnecessary and can
755 * be removed when that's implemented
756 */
757 rfcomm_tty_copy_pending(dev);
758
759 rfcomm_dlc_unthrottle(dev->dlc);
760
761 return 0;
762 }
763
rfcomm_tty_close(struct tty_struct * tty,struct file * filp)764 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
765 {
766 struct rfcomm_dev *dev = tty->driver_data;
767
768 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
769 dev->port.count);
770
771 tty_port_close(&dev->port, tty, filp);
772 }
773
rfcomm_tty_write(struct tty_struct * tty,const u8 * buf,size_t count)774 static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf,
775 size_t count)
776 {
777 struct rfcomm_dev *dev = tty->driver_data;
778 struct rfcomm_dlc *dlc = dev->dlc;
779 struct sk_buff *skb;
780 size_t sent = 0, size;
781
782 BT_DBG("tty %p count %zu", tty, count);
783
784 while (count) {
785 size = min_t(size_t, count, dlc->mtu);
786
787 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
788 if (!skb)
789 break;
790
791 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
792
793 skb_put_data(skb, buf + sent, size);
794
795 rfcomm_dlc_send_noerror(dlc, skb);
796
797 sent += size;
798 count -= size;
799 }
800
801 return sent;
802 }
803
rfcomm_tty_write_room(struct tty_struct * tty)804 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty)
805 {
806 struct rfcomm_dev *dev = tty->driver_data;
807 int room = 0;
808
809 if (dev && dev->dlc)
810 room = rfcomm_room(dev);
811
812 BT_DBG("tty %p room %d", tty, room);
813
814 return room;
815 }
816
rfcomm_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)817 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
818 {
819 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
820
821 switch (cmd) {
822 case TCGETS:
823 BT_DBG("TCGETS is not supported");
824 return -ENOIOCTLCMD;
825
826 case TCSETS:
827 BT_DBG("TCSETS is not supported");
828 return -ENOIOCTLCMD;
829
830 case TIOCMIWAIT:
831 BT_DBG("TIOCMIWAIT");
832 break;
833
834 case TIOCSERGETLSR:
835 BT_ERR("TIOCSERGETLSR is not supported");
836 return -ENOIOCTLCMD;
837
838 case TIOCSERCONFIG:
839 BT_ERR("TIOCSERCONFIG is not supported");
840 return -ENOIOCTLCMD;
841
842 default:
843 return -ENOIOCTLCMD; /* ioctls which we must ignore */
844
845 }
846
847 return -ENOIOCTLCMD;
848 }
849
rfcomm_tty_set_termios(struct tty_struct * tty,const struct ktermios * old)850 static void rfcomm_tty_set_termios(struct tty_struct *tty,
851 const struct ktermios *old)
852 {
853 struct ktermios *new = &tty->termios;
854 int old_baud_rate = tty_termios_baud_rate(old);
855 int new_baud_rate = tty_termios_baud_rate(new);
856
857 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
858 u16 changes = 0;
859
860 struct rfcomm_dev *dev = tty->driver_data;
861
862 BT_DBG("tty %p termios %p", tty, old);
863
864 if (!dev || !dev->dlc || !dev->dlc->session)
865 return;
866
867 /* Handle turning off CRTSCTS */
868 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
869 BT_DBG("Turning off CRTSCTS unsupported");
870
871 /* Parity on/off and when on, odd/even */
872 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
873 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
874 changes |= RFCOMM_RPN_PM_PARITY;
875 BT_DBG("Parity change detected.");
876 }
877
878 /* Mark and space parity are not supported! */
879 if (new->c_cflag & PARENB) {
880 if (new->c_cflag & PARODD) {
881 BT_DBG("Parity is ODD");
882 parity = RFCOMM_RPN_PARITY_ODD;
883 } else {
884 BT_DBG("Parity is EVEN");
885 parity = RFCOMM_RPN_PARITY_EVEN;
886 }
887 } else {
888 BT_DBG("Parity is OFF");
889 parity = RFCOMM_RPN_PARITY_NONE;
890 }
891
892 /* Setting the x_on / x_off characters */
893 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
894 BT_DBG("XOFF custom");
895 x_on = new->c_cc[VSTOP];
896 changes |= RFCOMM_RPN_PM_XON;
897 } else {
898 BT_DBG("XOFF default");
899 x_on = RFCOMM_RPN_XON_CHAR;
900 }
901
902 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
903 BT_DBG("XON custom");
904 x_off = new->c_cc[VSTART];
905 changes |= RFCOMM_RPN_PM_XOFF;
906 } else {
907 BT_DBG("XON default");
908 x_off = RFCOMM_RPN_XOFF_CHAR;
909 }
910
911 /* Handle setting of stop bits */
912 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
913 changes |= RFCOMM_RPN_PM_STOP;
914
915 /* POSIX does not support 1.5 stop bits and RFCOMM does not
916 * support 2 stop bits. So a request for 2 stop bits gets
917 * translated to 1.5 stop bits */
918 if (new->c_cflag & CSTOPB)
919 stop_bits = RFCOMM_RPN_STOP_15;
920 else
921 stop_bits = RFCOMM_RPN_STOP_1;
922
923 /* Handle number of data bits [5-8] */
924 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
925 changes |= RFCOMM_RPN_PM_DATA;
926
927 switch (new->c_cflag & CSIZE) {
928 case CS5:
929 data_bits = RFCOMM_RPN_DATA_5;
930 break;
931 case CS6:
932 data_bits = RFCOMM_RPN_DATA_6;
933 break;
934 case CS7:
935 data_bits = RFCOMM_RPN_DATA_7;
936 break;
937 case CS8:
938 data_bits = RFCOMM_RPN_DATA_8;
939 break;
940 default:
941 data_bits = RFCOMM_RPN_DATA_8;
942 break;
943 }
944
945 /* Handle baudrate settings */
946 if (old_baud_rate != new_baud_rate)
947 changes |= RFCOMM_RPN_PM_BITRATE;
948
949 switch (new_baud_rate) {
950 case 2400:
951 baud = RFCOMM_RPN_BR_2400;
952 break;
953 case 4800:
954 baud = RFCOMM_RPN_BR_4800;
955 break;
956 case 7200:
957 baud = RFCOMM_RPN_BR_7200;
958 break;
959 case 9600:
960 baud = RFCOMM_RPN_BR_9600;
961 break;
962 case 19200:
963 baud = RFCOMM_RPN_BR_19200;
964 break;
965 case 38400:
966 baud = RFCOMM_RPN_BR_38400;
967 break;
968 case 57600:
969 baud = RFCOMM_RPN_BR_57600;
970 break;
971 case 115200:
972 baud = RFCOMM_RPN_BR_115200;
973 break;
974 case 230400:
975 baud = RFCOMM_RPN_BR_230400;
976 break;
977 default:
978 /* 9600 is standard according to the RFCOMM specification */
979 baud = RFCOMM_RPN_BR_9600;
980 break;
981
982 }
983
984 if (changes)
985 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
986 data_bits, stop_bits, parity,
987 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
988 }
989
rfcomm_tty_throttle(struct tty_struct * tty)990 static void rfcomm_tty_throttle(struct tty_struct *tty)
991 {
992 struct rfcomm_dev *dev = tty->driver_data;
993
994 BT_DBG("tty %p dev %p", tty, dev);
995
996 rfcomm_dlc_throttle(dev->dlc);
997 }
998
rfcomm_tty_unthrottle(struct tty_struct * tty)999 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1000 {
1001 struct rfcomm_dev *dev = tty->driver_data;
1002
1003 BT_DBG("tty %p dev %p", tty, dev);
1004
1005 rfcomm_dlc_unthrottle(dev->dlc);
1006 }
1007
rfcomm_tty_chars_in_buffer(struct tty_struct * tty)1008 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1009 {
1010 struct rfcomm_dev *dev = tty->driver_data;
1011
1012 BT_DBG("tty %p dev %p", tty, dev);
1013
1014 if (!dev || !dev->dlc)
1015 return 0;
1016
1017 if (!skb_queue_empty(&dev->dlc->tx_queue))
1018 return dev->dlc->mtu;
1019
1020 return 0;
1021 }
1022
rfcomm_tty_flush_buffer(struct tty_struct * tty)1023 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1024 {
1025 struct rfcomm_dev *dev = tty->driver_data;
1026
1027 BT_DBG("tty %p dev %p", tty, dev);
1028
1029 if (!dev || !dev->dlc)
1030 return;
1031
1032 skb_queue_purge(&dev->dlc->tx_queue);
1033 tty_wakeup(tty);
1034 }
1035
rfcomm_tty_send_xchar(struct tty_struct * tty,u8 ch)1036 static void rfcomm_tty_send_xchar(struct tty_struct *tty, u8 ch)
1037 {
1038 BT_DBG("tty %p ch %c", tty, ch);
1039 }
1040
rfcomm_tty_wait_until_sent(struct tty_struct * tty,int timeout)1041 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1042 {
1043 BT_DBG("tty %p timeout %d", tty, timeout);
1044 }
1045
rfcomm_tty_hangup(struct tty_struct * tty)1046 static void rfcomm_tty_hangup(struct tty_struct *tty)
1047 {
1048 struct rfcomm_dev *dev = tty->driver_data;
1049
1050 BT_DBG("tty %p dev %p", tty, dev);
1051
1052 tty_port_hangup(&dev->port);
1053 }
1054
rfcomm_tty_tiocmget(struct tty_struct * tty)1055 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1056 {
1057 struct rfcomm_dev *dev = tty->driver_data;
1058
1059 BT_DBG("tty %p dev %p", tty, dev);
1060
1061 return dev->modem_status;
1062 }
1063
rfcomm_tty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)1064 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1065 {
1066 struct rfcomm_dev *dev = tty->driver_data;
1067 struct rfcomm_dlc *dlc = dev->dlc;
1068 u8 v24_sig;
1069
1070 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1071
1072 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1073
1074 if (set & TIOCM_DSR || set & TIOCM_DTR)
1075 v24_sig |= RFCOMM_V24_RTC;
1076 if (set & TIOCM_RTS || set & TIOCM_CTS)
1077 v24_sig |= RFCOMM_V24_RTR;
1078 if (set & TIOCM_RI)
1079 v24_sig |= RFCOMM_V24_IC;
1080 if (set & TIOCM_CD)
1081 v24_sig |= RFCOMM_V24_DV;
1082
1083 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1084 v24_sig &= ~RFCOMM_V24_RTC;
1085 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1086 v24_sig &= ~RFCOMM_V24_RTR;
1087 if (clear & TIOCM_RI)
1088 v24_sig &= ~RFCOMM_V24_IC;
1089 if (clear & TIOCM_CD)
1090 v24_sig &= ~RFCOMM_V24_DV;
1091
1092 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1093
1094 return 0;
1095 }
1096
1097 /* ---- TTY structure ---- */
1098
1099 static const struct tty_operations rfcomm_ops = {
1100 .open = rfcomm_tty_open,
1101 .close = rfcomm_tty_close,
1102 .write = rfcomm_tty_write,
1103 .write_room = rfcomm_tty_write_room,
1104 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1105 .flush_buffer = rfcomm_tty_flush_buffer,
1106 .ioctl = rfcomm_tty_ioctl,
1107 .throttle = rfcomm_tty_throttle,
1108 .unthrottle = rfcomm_tty_unthrottle,
1109 .set_termios = rfcomm_tty_set_termios,
1110 .send_xchar = rfcomm_tty_send_xchar,
1111 .hangup = rfcomm_tty_hangup,
1112 .wait_until_sent = rfcomm_tty_wait_until_sent,
1113 .tiocmget = rfcomm_tty_tiocmget,
1114 .tiocmset = rfcomm_tty_tiocmset,
1115 .install = rfcomm_tty_install,
1116 .cleanup = rfcomm_tty_cleanup,
1117 };
1118
rfcomm_init_ttys(void)1119 int __init rfcomm_init_ttys(void)
1120 {
1121 int error;
1122
1123 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS,
1124 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV);
1125 if (IS_ERR(rfcomm_tty_driver))
1126 return PTR_ERR(rfcomm_tty_driver);
1127
1128 rfcomm_tty_driver->driver_name = "rfcomm";
1129 rfcomm_tty_driver->name = "rfcomm";
1130 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1131 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1132 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1133 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1134 rfcomm_tty_driver->init_termios = tty_std_termios;
1135 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1136 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1137 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1138
1139 error = tty_register_driver(rfcomm_tty_driver);
1140 if (error) {
1141 BT_ERR("Can't register RFCOMM TTY driver");
1142 tty_driver_kref_put(rfcomm_tty_driver);
1143 return error;
1144 }
1145
1146 BT_INFO("RFCOMM TTY layer initialized");
1147
1148 return 0;
1149 }
1150
rfcomm_cleanup_ttys(void)1151 void rfcomm_cleanup_ttys(void)
1152 {
1153 tty_unregister_driver(rfcomm_tty_driver);
1154 tty_driver_kref_put(rfcomm_tty_driver);
1155 }
1156