1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
39 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
40 #define RFCOMM_TTY_MINOR 0
41
42 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
43 static struct tty_driver *rfcomm_tty_driver;
44
45 struct rfcomm_dev {
46 struct tty_port port;
47 struct list_head list;
48
49 char name[12];
50 int id;
51 unsigned long flags;
52 int err;
53
54 unsigned long status; /* don't export to userspace */
55
56 bdaddr_t src;
57 bdaddr_t dst;
58 u8 channel;
59
60 uint modem_status;
61
62 struct rfcomm_dlc *dlc;
63
64 struct device *tty_dev;
65
66 atomic_t wmem_alloc;
67
68 struct sk_buff_head pending;
69 };
70
71 static LIST_HEAD(rfcomm_dev_list);
72 static DEFINE_MUTEX(rfcomm_dev_lock);
73
74 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
75 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
76 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
77
78 /* ---- Device functions ---- */
79
rfcomm_dev_destruct(struct tty_port * port)80 static void rfcomm_dev_destruct(struct tty_port *port)
81 {
82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
83 struct rfcomm_dlc *dlc = dev->dlc;
84
85 BT_DBG("dev %p dlc %p", dev, dlc);
86
87 rfcomm_dlc_lock(dlc);
88 /* Detach DLC if it's owned by this dev */
89 if (dlc->owner == dev)
90 dlc->owner = NULL;
91 rfcomm_dlc_unlock(dlc);
92
93 rfcomm_dlc_put(dlc);
94
95 if (dev->tty_dev)
96 tty_unregister_device(rfcomm_tty_driver, dev->id);
97
98 mutex_lock(&rfcomm_dev_lock);
99 list_del(&dev->list);
100 mutex_unlock(&rfcomm_dev_lock);
101
102 kfree(dev);
103
104 /* It's safe to call module_put() here because socket still
105 holds reference to this module. */
106 module_put(THIS_MODULE);
107 }
108
109 /* device-specific initialization: open the dlc */
rfcomm_dev_activate(struct tty_port * port,struct tty_struct * tty)110 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
111 {
112 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
113 int err;
114
115 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
116 if (err)
117 set_bit(TTY_IO_ERROR, &tty->flags);
118 return err;
119 }
120
121 /* we block the open until the dlc->state becomes BT_CONNECTED */
rfcomm_dev_carrier_raised(struct tty_port * port)122 static bool rfcomm_dev_carrier_raised(struct tty_port *port)
123 {
124 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
125
126 return (dev->dlc->state == BT_CONNECTED);
127 }
128
129 /* device-specific cleanup: close the dlc */
rfcomm_dev_shutdown(struct tty_port * port)130 static void rfcomm_dev_shutdown(struct tty_port *port)
131 {
132 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
133
134 if (dev->tty_dev->parent)
135 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
136
137 /* close the dlc */
138 rfcomm_dlc_close(dev->dlc, 0);
139 }
140
141 static const struct tty_port_operations rfcomm_port_ops = {
142 .destruct = rfcomm_dev_destruct,
143 .activate = rfcomm_dev_activate,
144 .shutdown = rfcomm_dev_shutdown,
145 .carrier_raised = rfcomm_dev_carrier_raised,
146 };
147
__rfcomm_dev_lookup(int id)148 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
149 {
150 struct rfcomm_dev *dev;
151
152 list_for_each_entry(dev, &rfcomm_dev_list, list)
153 if (dev->id == id)
154 return dev;
155
156 return NULL;
157 }
158
rfcomm_dev_get(int id)159 static struct rfcomm_dev *rfcomm_dev_get(int id)
160 {
161 struct rfcomm_dev *dev;
162
163 mutex_lock(&rfcomm_dev_lock);
164
165 dev = __rfcomm_dev_lookup(id);
166
167 if (dev && !tty_port_get(&dev->port))
168 dev = NULL;
169
170 mutex_unlock(&rfcomm_dev_lock);
171
172 return dev;
173 }
174
rfcomm_reparent_device(struct rfcomm_dev * dev)175 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
176 {
177 struct hci_dev *hdev;
178 struct hci_conn *conn;
179
180 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
181 if (!hdev)
182 return;
183
184 /* The lookup results are unsafe to access without the
185 * hci device lock (FIXME: why is this not documented?)
186 */
187 hci_dev_lock(hdev);
188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
189
190 /* Just because the acl link is in the hash table is no
191 * guarantee the sysfs device has been added ...
192 */
193 if (conn && device_is_registered(&conn->dev))
194 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
195
196 hci_dev_unlock(hdev);
197 hci_dev_put(hdev);
198 }
199
address_show(struct device * tty_dev,struct device_attribute * attr,char * buf)200 static ssize_t address_show(struct device *tty_dev,
201 struct device_attribute *attr, char *buf)
202 {
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sprintf(buf, "%pMR\n", &dev->dst);
205 }
206
channel_show(struct device * tty_dev,struct device_attribute * attr,char * buf)207 static ssize_t channel_show(struct device *tty_dev,
208 struct device_attribute *attr, char *buf)
209 {
210 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
211 return sprintf(buf, "%d\n", dev->channel);
212 }
213
214 static DEVICE_ATTR_RO(address);
215 static DEVICE_ATTR_RO(channel);
216
__rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)217 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
218 struct rfcomm_dlc *dlc)
219 {
220 struct rfcomm_dev *dev, *entry;
221 struct list_head *head = &rfcomm_dev_list;
222 int err = 0;
223
224 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
225 if (!dev)
226 return ERR_PTR(-ENOMEM);
227
228 mutex_lock(&rfcomm_dev_lock);
229
230 if (req->dev_id < 0) {
231 dev->id = 0;
232
233 list_for_each_entry(entry, &rfcomm_dev_list, list) {
234 if (entry->id != dev->id)
235 break;
236
237 dev->id++;
238 head = &entry->list;
239 }
240 } else {
241 dev->id = req->dev_id;
242
243 list_for_each_entry(entry, &rfcomm_dev_list, list) {
244 if (entry->id == dev->id) {
245 err = -EADDRINUSE;
246 goto out;
247 }
248
249 if (entry->id > dev->id - 1)
250 break;
251
252 head = &entry->list;
253 }
254 }
255
256 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
257 err = -ENFILE;
258 goto out;
259 }
260
261 sprintf(dev->name, "rfcomm%d", dev->id);
262
263 list_add(&dev->list, head);
264
265 bacpy(&dev->src, &req->src);
266 bacpy(&dev->dst, &req->dst);
267 dev->channel = req->channel;
268
269 dev->flags = req->flags &
270 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
271
272 tty_port_init(&dev->port);
273 dev->port.ops = &rfcomm_port_ops;
274
275 skb_queue_head_init(&dev->pending);
276
277 rfcomm_dlc_lock(dlc);
278
279 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
280 struct sock *sk = dlc->owner;
281 struct sk_buff *skb;
282
283 BUG_ON(!sk);
284
285 rfcomm_dlc_throttle(dlc);
286
287 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
288 skb_orphan(skb);
289 skb_queue_tail(&dev->pending, skb);
290 atomic_sub(skb->len, &sk->sk_rmem_alloc);
291 }
292 }
293
294 dlc->data_ready = rfcomm_dev_data_ready;
295 dlc->state_change = rfcomm_dev_state_change;
296 dlc->modem_status = rfcomm_dev_modem_status;
297
298 dlc->owner = dev;
299 dev->dlc = dlc;
300
301 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
302
303 rfcomm_dlc_unlock(dlc);
304
305 /* It's safe to call __module_get() here because socket already
306 holds reference to this module. */
307 __module_get(THIS_MODULE);
308
309 mutex_unlock(&rfcomm_dev_lock);
310 return dev;
311
312 out:
313 mutex_unlock(&rfcomm_dev_lock);
314 kfree(dev);
315 return ERR_PTR(err);
316 }
317
rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)318 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
319 {
320 struct rfcomm_dev *dev;
321 struct device *tty;
322
323 BT_DBG("id %d channel %d", req->dev_id, req->channel);
324
325 dev = __rfcomm_dev_add(req, dlc);
326 if (IS_ERR(dev)) {
327 rfcomm_dlc_put(dlc);
328 return PTR_ERR(dev);
329 }
330
331 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
332 dev->id, NULL);
333 if (IS_ERR(tty)) {
334 tty_port_put(&dev->port);
335 return PTR_ERR(tty);
336 }
337
338 dev->tty_dev = tty;
339 rfcomm_reparent_device(dev);
340 dev_set_drvdata(dev->tty_dev, dev);
341
342 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
343 BT_ERR("Failed to create address attribute");
344
345 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
346 BT_ERR("Failed to create channel attribute");
347
348 return dev->id;
349 }
350
351 /* ---- Send buffer ---- */
rfcomm_room(struct rfcomm_dev * dev)352 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
353 {
354 struct rfcomm_dlc *dlc = dev->dlc;
355
356 /* Limit the outstanding number of packets not yet sent to 40 */
357 int pending = 40 - atomic_read(&dev->wmem_alloc);
358
359 return max(0, pending) * dlc->mtu;
360 }
361
rfcomm_wfree(struct sk_buff * skb)362 static void rfcomm_wfree(struct sk_buff *skb)
363 {
364 struct rfcomm_dev *dev = (void *) skb->sk;
365 atomic_dec(&dev->wmem_alloc);
366 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
367 tty_port_tty_wakeup(&dev->port);
368 tty_port_put(&dev->port);
369 }
370
rfcomm_set_owner_w(struct sk_buff * skb,struct rfcomm_dev * dev)371 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
372 {
373 tty_port_get(&dev->port);
374 atomic_inc(&dev->wmem_alloc);
375 skb->sk = (void *) dev;
376 skb->destructor = rfcomm_wfree;
377 }
378
rfcomm_wmalloc(struct rfcomm_dev * dev,unsigned long size,gfp_t priority)379 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
380 {
381 struct sk_buff *skb = alloc_skb(size, priority);
382 if (skb)
383 rfcomm_set_owner_w(skb, dev);
384 return skb;
385 }
386
387 /* ---- Device IOCTLs ---- */
388
389 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
390
__rfcomm_create_dev(struct sock * sk,void __user * arg)391 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
392 {
393 struct rfcomm_dev_req req;
394 struct rfcomm_dlc *dlc;
395 int id;
396
397 if (copy_from_user(&req, arg, sizeof(req)))
398 return -EFAULT;
399
400 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
401
402 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
403 return -EPERM;
404
405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
406 /* Socket must be connected */
407 if (sk->sk_state != BT_CONNECTED)
408 return -EBADFD;
409
410 dlc = rfcomm_pi(sk)->dlc;
411 rfcomm_dlc_hold(dlc);
412 } else {
413 /* Validate the channel is unused */
414 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
415 if (IS_ERR(dlc))
416 return PTR_ERR(dlc);
417 if (dlc)
418 return -EBUSY;
419 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
420 if (!dlc)
421 return -ENOMEM;
422 }
423
424 id = rfcomm_dev_add(&req, dlc);
425 if (id < 0)
426 return id;
427
428 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
429 /* DLC is now used by device.
430 * Socket must be disconnected */
431 sk->sk_state = BT_CLOSED;
432 }
433
434 return id;
435 }
436
__rfcomm_release_dev(void __user * arg)437 static int __rfcomm_release_dev(void __user *arg)
438 {
439 struct rfcomm_dev_req req;
440 struct rfcomm_dev *dev;
441 struct tty_struct *tty;
442
443 if (copy_from_user(&req, arg, sizeof(req)))
444 return -EFAULT;
445
446 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
447
448 dev = rfcomm_dev_get(req.dev_id);
449 if (!dev)
450 return -ENODEV;
451
452 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
453 tty_port_put(&dev->port);
454 return -EPERM;
455 }
456
457 /* only release once */
458 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
459 tty_port_put(&dev->port);
460 return -EALREADY;
461 }
462
463 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
464 rfcomm_dlc_close(dev->dlc, 0);
465
466 /* Shut down TTY synchronously before freeing rfcomm_dev */
467 tty = tty_port_tty_get(&dev->port);
468 if (tty) {
469 tty_vhangup(tty);
470 tty_kref_put(tty);
471 }
472
473 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
474 tty_port_put(&dev->port);
475
476 tty_port_put(&dev->port);
477 return 0;
478 }
479
rfcomm_create_dev(struct sock * sk,void __user * arg)480 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
481 {
482 int ret;
483
484 mutex_lock(&rfcomm_ioctl_mutex);
485 ret = __rfcomm_create_dev(sk, arg);
486 mutex_unlock(&rfcomm_ioctl_mutex);
487
488 return ret;
489 }
490
rfcomm_release_dev(void __user * arg)491 static int rfcomm_release_dev(void __user *arg)
492 {
493 int ret;
494
495 mutex_lock(&rfcomm_ioctl_mutex);
496 ret = __rfcomm_release_dev(arg);
497 mutex_unlock(&rfcomm_ioctl_mutex);
498
499 return ret;
500 }
501
rfcomm_get_dev_list(void __user * arg)502 static int rfcomm_get_dev_list(void __user *arg)
503 {
504 struct rfcomm_dev *dev;
505 struct rfcomm_dev_list_req *dl;
506 struct rfcomm_dev_info *di;
507 int n = 0, err;
508 u16 dev_num;
509
510 BT_DBG("");
511
512 if (get_user(dev_num, (u16 __user *) arg))
513 return -EFAULT;
514
515 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
516 return -EINVAL;
517
518 dl = kzalloc(struct_size(dl, dev_info, dev_num), GFP_KERNEL);
519 if (!dl)
520 return -ENOMEM;
521
522 dl->dev_num = dev_num;
523 di = dl->dev_info;
524
525 mutex_lock(&rfcomm_dev_lock);
526
527 list_for_each_entry(dev, &rfcomm_dev_list, list) {
528 if (!tty_port_get(&dev->port))
529 continue;
530 di[n].id = dev->id;
531 di[n].flags = dev->flags;
532 di[n].state = dev->dlc->state;
533 di[n].channel = dev->channel;
534 bacpy(&di[n].src, &dev->src);
535 bacpy(&di[n].dst, &dev->dst);
536 tty_port_put(&dev->port);
537 if (++n >= dev_num)
538 break;
539 }
540
541 mutex_unlock(&rfcomm_dev_lock);
542
543 dl->dev_num = n;
544 err = copy_to_user(arg, dl, struct_size(dl, dev_info, n));
545 kfree(dl);
546
547 return err ? -EFAULT : 0;
548 }
549
rfcomm_get_dev_info(void __user * arg)550 static int rfcomm_get_dev_info(void __user *arg)
551 {
552 struct rfcomm_dev *dev;
553 struct rfcomm_dev_info di;
554 int err = 0;
555
556 BT_DBG("");
557
558 if (copy_from_user(&di, arg, sizeof(di)))
559 return -EFAULT;
560
561 dev = rfcomm_dev_get(di.id);
562 if (!dev)
563 return -ENODEV;
564
565 di.flags = dev->flags;
566 di.channel = dev->channel;
567 di.state = dev->dlc->state;
568 bacpy(&di.src, &dev->src);
569 bacpy(&di.dst, &dev->dst);
570
571 if (copy_to_user(arg, &di, sizeof(di)))
572 err = -EFAULT;
573
574 tty_port_put(&dev->port);
575 return err;
576 }
577
rfcomm_dev_ioctl(struct sock * sk,unsigned int cmd,void __user * arg)578 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
579 {
580 BT_DBG("cmd %d arg %p", cmd, arg);
581
582 switch (cmd) {
583 case RFCOMMCREATEDEV:
584 return rfcomm_create_dev(sk, arg);
585
586 case RFCOMMRELEASEDEV:
587 return rfcomm_release_dev(arg);
588
589 case RFCOMMGETDEVLIST:
590 return rfcomm_get_dev_list(arg);
591
592 case RFCOMMGETDEVINFO:
593 return rfcomm_get_dev_info(arg);
594 }
595
596 return -EINVAL;
597 }
598
599 /* ---- DLC callbacks ---- */
rfcomm_dev_data_ready(struct rfcomm_dlc * dlc,struct sk_buff * skb)600 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
601 {
602 struct rfcomm_dev *dev = dlc->owner;
603
604 if (!dev) {
605 kfree_skb(skb);
606 return;
607 }
608
609 if (!skb_queue_empty(&dev->pending)) {
610 skb_queue_tail(&dev->pending, skb);
611 return;
612 }
613
614 BT_DBG("dlc %p len %d", dlc, skb->len);
615
616 tty_insert_flip_string(&dev->port, skb->data, skb->len);
617 tty_flip_buffer_push(&dev->port);
618
619 kfree_skb(skb);
620 }
621
rfcomm_dev_state_change(struct rfcomm_dlc * dlc,int err)622 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
623 {
624 struct rfcomm_dev *dev = dlc->owner;
625 if (!dev)
626 return;
627
628 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
629
630 dev->err = err;
631 if (dlc->state == BT_CONNECTED) {
632 rfcomm_reparent_device(dev);
633
634 wake_up_interruptible(&dev->port.open_wait);
635 } else if (dlc->state == BT_CLOSED)
636 tty_port_tty_hangup(&dev->port, false);
637 }
638
rfcomm_dev_modem_status(struct rfcomm_dlc * dlc,u8 v24_sig)639 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
640 {
641 struct rfcomm_dev *dev = dlc->owner;
642 if (!dev)
643 return;
644
645 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
646
647 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
648 tty_port_tty_hangup(&dev->port, true);
649
650 dev->modem_status =
651 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
652 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
653 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
654 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
655 }
656
657 /* ---- TTY functions ---- */
rfcomm_tty_copy_pending(struct rfcomm_dev * dev)658 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
659 {
660 struct sk_buff *skb;
661 int inserted = 0;
662
663 BT_DBG("dev %p", dev);
664
665 rfcomm_dlc_lock(dev->dlc);
666
667 while ((skb = skb_dequeue(&dev->pending))) {
668 inserted += tty_insert_flip_string(&dev->port, skb->data,
669 skb->len);
670 kfree_skb(skb);
671 }
672
673 rfcomm_dlc_unlock(dev->dlc);
674
675 if (inserted > 0)
676 tty_flip_buffer_push(&dev->port);
677 }
678
679 /* do the reverse of install, clearing the tty fields and releasing the
680 * reference to tty_port
681 */
rfcomm_tty_cleanup(struct tty_struct * tty)682 static void rfcomm_tty_cleanup(struct tty_struct *tty)
683 {
684 struct rfcomm_dev *dev = tty->driver_data;
685
686 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
687
688 rfcomm_dlc_lock(dev->dlc);
689 tty->driver_data = NULL;
690 rfcomm_dlc_unlock(dev->dlc);
691
692 /*
693 * purge the dlc->tx_queue to avoid circular dependencies
694 * between dev and dlc
695 */
696 skb_queue_purge(&dev->dlc->tx_queue);
697
698 tty_port_put(&dev->port);
699 }
700
701 /* we acquire the tty_port reference since it's here the tty is first used
702 * by setting the termios. We also populate the driver_data field and install
703 * the tty port
704 */
rfcomm_tty_install(struct tty_driver * driver,struct tty_struct * tty)705 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
706 {
707 struct rfcomm_dev *dev;
708 struct rfcomm_dlc *dlc;
709 int err;
710
711 dev = rfcomm_dev_get(tty->index);
712 if (!dev)
713 return -ENODEV;
714
715 dlc = dev->dlc;
716
717 /* Attach TTY and open DLC */
718 rfcomm_dlc_lock(dlc);
719 tty->driver_data = dev;
720 rfcomm_dlc_unlock(dlc);
721 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
722
723 /* install the tty_port */
724 err = tty_port_install(&dev->port, driver, tty);
725 if (err) {
726 rfcomm_tty_cleanup(tty);
727 return err;
728 }
729
730 /* take over the tty_port reference if the port was created with the
731 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
732 * when the last process closes the tty. The behaviour is expected by
733 * userspace.
734 */
735 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
736 set_bit(RFCOMM_TTY_OWNED, &dev->status);
737 tty_port_put(&dev->port);
738 }
739
740 return 0;
741 }
742
rfcomm_tty_open(struct tty_struct * tty,struct file * filp)743 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
744 {
745 struct rfcomm_dev *dev = tty->driver_data;
746 int err;
747
748 BT_DBG("tty %p id %d", tty, tty->index);
749
750 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
751 dev->channel, dev->port.count);
752
753 err = tty_port_open(&dev->port, tty, filp);
754 if (err)
755 return err;
756
757 /*
758 * FIXME: rfcomm should use proper flow control for
759 * received data. This hack will be unnecessary and can
760 * be removed when that's implemented
761 */
762 rfcomm_tty_copy_pending(dev);
763
764 rfcomm_dlc_unthrottle(dev->dlc);
765
766 return 0;
767 }
768
rfcomm_tty_close(struct tty_struct * tty,struct file * filp)769 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
770 {
771 struct rfcomm_dev *dev = tty->driver_data;
772
773 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
774 dev->port.count);
775
776 tty_port_close(&dev->port, tty, filp);
777 }
778
rfcomm_tty_write(struct tty_struct * tty,const u8 * buf,size_t count)779 static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf,
780 size_t count)
781 {
782 struct rfcomm_dev *dev = tty->driver_data;
783 struct rfcomm_dlc *dlc = dev->dlc;
784 struct sk_buff *skb;
785 size_t sent = 0, size;
786
787 BT_DBG("tty %p count %zu", tty, count);
788
789 while (count) {
790 size = min_t(size_t, count, dlc->mtu);
791
792 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
793 if (!skb)
794 break;
795
796 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
797
798 skb_put_data(skb, buf + sent, size);
799
800 rfcomm_dlc_send_noerror(dlc, skb);
801
802 sent += size;
803 count -= size;
804 }
805
806 return sent;
807 }
808
rfcomm_tty_write_room(struct tty_struct * tty)809 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty)
810 {
811 struct rfcomm_dev *dev = tty->driver_data;
812 int room = 0;
813
814 if (dev && dev->dlc)
815 room = rfcomm_room(dev);
816
817 BT_DBG("tty %p room %d", tty, room);
818
819 return room;
820 }
821
rfcomm_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)822 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
823 {
824 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
825
826 switch (cmd) {
827 case TCGETS:
828 BT_DBG("TCGETS is not supported");
829 return -ENOIOCTLCMD;
830
831 case TCSETS:
832 BT_DBG("TCSETS is not supported");
833 return -ENOIOCTLCMD;
834
835 case TIOCMIWAIT:
836 BT_DBG("TIOCMIWAIT");
837 break;
838
839 case TIOCSERGETLSR:
840 BT_ERR("TIOCSERGETLSR is not supported");
841 return -ENOIOCTLCMD;
842
843 case TIOCSERCONFIG:
844 BT_ERR("TIOCSERCONFIG is not supported");
845 return -ENOIOCTLCMD;
846
847 default:
848 return -ENOIOCTLCMD; /* ioctls which we must ignore */
849
850 }
851
852 return -ENOIOCTLCMD;
853 }
854
rfcomm_tty_set_termios(struct tty_struct * tty,const struct ktermios * old)855 static void rfcomm_tty_set_termios(struct tty_struct *tty,
856 const struct ktermios *old)
857 {
858 struct ktermios *new = &tty->termios;
859 int old_baud_rate = tty_termios_baud_rate(old);
860 int new_baud_rate = tty_termios_baud_rate(new);
861
862 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
863 u16 changes = 0;
864
865 struct rfcomm_dev *dev = tty->driver_data;
866
867 BT_DBG("tty %p termios %p", tty, old);
868
869 if (!dev || !dev->dlc || !dev->dlc->session)
870 return;
871
872 /* Handle turning off CRTSCTS */
873 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
874 BT_DBG("Turning off CRTSCTS unsupported");
875
876 /* Parity on/off and when on, odd/even */
877 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
878 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
879 changes |= RFCOMM_RPN_PM_PARITY;
880 BT_DBG("Parity change detected.");
881 }
882
883 /* Mark and space parity are not supported! */
884 if (new->c_cflag & PARENB) {
885 if (new->c_cflag & PARODD) {
886 BT_DBG("Parity is ODD");
887 parity = RFCOMM_RPN_PARITY_ODD;
888 } else {
889 BT_DBG("Parity is EVEN");
890 parity = RFCOMM_RPN_PARITY_EVEN;
891 }
892 } else {
893 BT_DBG("Parity is OFF");
894 parity = RFCOMM_RPN_PARITY_NONE;
895 }
896
897 /* Setting the x_on / x_off characters */
898 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
899 BT_DBG("XOFF custom");
900 x_on = new->c_cc[VSTOP];
901 changes |= RFCOMM_RPN_PM_XON;
902 } else {
903 BT_DBG("XOFF default");
904 x_on = RFCOMM_RPN_XON_CHAR;
905 }
906
907 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
908 BT_DBG("XON custom");
909 x_off = new->c_cc[VSTART];
910 changes |= RFCOMM_RPN_PM_XOFF;
911 } else {
912 BT_DBG("XON default");
913 x_off = RFCOMM_RPN_XOFF_CHAR;
914 }
915
916 /* Handle setting of stop bits */
917 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
918 changes |= RFCOMM_RPN_PM_STOP;
919
920 /* POSIX does not support 1.5 stop bits and RFCOMM does not
921 * support 2 stop bits. So a request for 2 stop bits gets
922 * translated to 1.5 stop bits */
923 if (new->c_cflag & CSTOPB)
924 stop_bits = RFCOMM_RPN_STOP_15;
925 else
926 stop_bits = RFCOMM_RPN_STOP_1;
927
928 /* Handle number of data bits [5-8] */
929 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
930 changes |= RFCOMM_RPN_PM_DATA;
931
932 switch (new->c_cflag & CSIZE) {
933 case CS5:
934 data_bits = RFCOMM_RPN_DATA_5;
935 break;
936 case CS6:
937 data_bits = RFCOMM_RPN_DATA_6;
938 break;
939 case CS7:
940 data_bits = RFCOMM_RPN_DATA_7;
941 break;
942 case CS8:
943 data_bits = RFCOMM_RPN_DATA_8;
944 break;
945 default:
946 data_bits = RFCOMM_RPN_DATA_8;
947 break;
948 }
949
950 /* Handle baudrate settings */
951 if (old_baud_rate != new_baud_rate)
952 changes |= RFCOMM_RPN_PM_BITRATE;
953
954 switch (new_baud_rate) {
955 case 2400:
956 baud = RFCOMM_RPN_BR_2400;
957 break;
958 case 4800:
959 baud = RFCOMM_RPN_BR_4800;
960 break;
961 case 7200:
962 baud = RFCOMM_RPN_BR_7200;
963 break;
964 case 9600:
965 baud = RFCOMM_RPN_BR_9600;
966 break;
967 case 19200:
968 baud = RFCOMM_RPN_BR_19200;
969 break;
970 case 38400:
971 baud = RFCOMM_RPN_BR_38400;
972 break;
973 case 57600:
974 baud = RFCOMM_RPN_BR_57600;
975 break;
976 case 115200:
977 baud = RFCOMM_RPN_BR_115200;
978 break;
979 case 230400:
980 baud = RFCOMM_RPN_BR_230400;
981 break;
982 default:
983 /* 9600 is standard accordinag to the RFCOMM specification */
984 baud = RFCOMM_RPN_BR_9600;
985 break;
986
987 }
988
989 if (changes)
990 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
991 data_bits, stop_bits, parity,
992 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
993 }
994
rfcomm_tty_throttle(struct tty_struct * tty)995 static void rfcomm_tty_throttle(struct tty_struct *tty)
996 {
997 struct rfcomm_dev *dev = tty->driver_data;
998
999 BT_DBG("tty %p dev %p", tty, dev);
1000
1001 rfcomm_dlc_throttle(dev->dlc);
1002 }
1003
rfcomm_tty_unthrottle(struct tty_struct * tty)1004 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1005 {
1006 struct rfcomm_dev *dev = tty->driver_data;
1007
1008 BT_DBG("tty %p dev %p", tty, dev);
1009
1010 rfcomm_dlc_unthrottle(dev->dlc);
1011 }
1012
rfcomm_tty_chars_in_buffer(struct tty_struct * tty)1013 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1014 {
1015 struct rfcomm_dev *dev = tty->driver_data;
1016
1017 BT_DBG("tty %p dev %p", tty, dev);
1018
1019 if (!dev || !dev->dlc)
1020 return 0;
1021
1022 if (!skb_queue_empty(&dev->dlc->tx_queue))
1023 return dev->dlc->mtu;
1024
1025 return 0;
1026 }
1027
rfcomm_tty_flush_buffer(struct tty_struct * tty)1028 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1029 {
1030 struct rfcomm_dev *dev = tty->driver_data;
1031
1032 BT_DBG("tty %p dev %p", tty, dev);
1033
1034 if (!dev || !dev->dlc)
1035 return;
1036
1037 skb_queue_purge(&dev->dlc->tx_queue);
1038 tty_wakeup(tty);
1039 }
1040
rfcomm_tty_send_xchar(struct tty_struct * tty,u8 ch)1041 static void rfcomm_tty_send_xchar(struct tty_struct *tty, u8 ch)
1042 {
1043 BT_DBG("tty %p ch %c", tty, ch);
1044 }
1045
rfcomm_tty_wait_until_sent(struct tty_struct * tty,int timeout)1046 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1047 {
1048 BT_DBG("tty %p timeout %d", tty, timeout);
1049 }
1050
rfcomm_tty_hangup(struct tty_struct * tty)1051 static void rfcomm_tty_hangup(struct tty_struct *tty)
1052 {
1053 struct rfcomm_dev *dev = tty->driver_data;
1054
1055 BT_DBG("tty %p dev %p", tty, dev);
1056
1057 tty_port_hangup(&dev->port);
1058 }
1059
rfcomm_tty_tiocmget(struct tty_struct * tty)1060 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1061 {
1062 struct rfcomm_dev *dev = tty->driver_data;
1063
1064 BT_DBG("tty %p dev %p", tty, dev);
1065
1066 return dev->modem_status;
1067 }
1068
rfcomm_tty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)1069 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1070 {
1071 struct rfcomm_dev *dev = tty->driver_data;
1072 struct rfcomm_dlc *dlc = dev->dlc;
1073 u8 v24_sig;
1074
1075 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1076
1077 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1078
1079 if (set & TIOCM_DSR || set & TIOCM_DTR)
1080 v24_sig |= RFCOMM_V24_RTC;
1081 if (set & TIOCM_RTS || set & TIOCM_CTS)
1082 v24_sig |= RFCOMM_V24_RTR;
1083 if (set & TIOCM_RI)
1084 v24_sig |= RFCOMM_V24_IC;
1085 if (set & TIOCM_CD)
1086 v24_sig |= RFCOMM_V24_DV;
1087
1088 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1089 v24_sig &= ~RFCOMM_V24_RTC;
1090 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1091 v24_sig &= ~RFCOMM_V24_RTR;
1092 if (clear & TIOCM_RI)
1093 v24_sig &= ~RFCOMM_V24_IC;
1094 if (clear & TIOCM_CD)
1095 v24_sig &= ~RFCOMM_V24_DV;
1096
1097 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1098
1099 return 0;
1100 }
1101
1102 /* ---- TTY structure ---- */
1103
1104 static const struct tty_operations rfcomm_ops = {
1105 .open = rfcomm_tty_open,
1106 .close = rfcomm_tty_close,
1107 .write = rfcomm_tty_write,
1108 .write_room = rfcomm_tty_write_room,
1109 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1110 .flush_buffer = rfcomm_tty_flush_buffer,
1111 .ioctl = rfcomm_tty_ioctl,
1112 .throttle = rfcomm_tty_throttle,
1113 .unthrottle = rfcomm_tty_unthrottle,
1114 .set_termios = rfcomm_tty_set_termios,
1115 .send_xchar = rfcomm_tty_send_xchar,
1116 .hangup = rfcomm_tty_hangup,
1117 .wait_until_sent = rfcomm_tty_wait_until_sent,
1118 .tiocmget = rfcomm_tty_tiocmget,
1119 .tiocmset = rfcomm_tty_tiocmset,
1120 .install = rfcomm_tty_install,
1121 .cleanup = rfcomm_tty_cleanup,
1122 };
1123
rfcomm_init_ttys(void)1124 int __init rfcomm_init_ttys(void)
1125 {
1126 int error;
1127
1128 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS,
1129 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV);
1130 if (IS_ERR(rfcomm_tty_driver))
1131 return PTR_ERR(rfcomm_tty_driver);
1132
1133 rfcomm_tty_driver->driver_name = "rfcomm";
1134 rfcomm_tty_driver->name = "rfcomm";
1135 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1136 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1137 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1138 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1139 rfcomm_tty_driver->init_termios = tty_std_termios;
1140 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1141 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1142 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1143
1144 error = tty_register_driver(rfcomm_tty_driver);
1145 if (error) {
1146 BT_ERR("Can't register RFCOMM TTY driver");
1147 tty_driver_kref_put(rfcomm_tty_driver);
1148 return error;
1149 }
1150
1151 BT_INFO("RFCOMM TTY layer initialized");
1152
1153 return 0;
1154 }
1155
rfcomm_cleanup_ttys(void)1156 void rfcomm_cleanup_ttys(void)
1157 {
1158 tty_unregister_driver(rfcomm_tty_driver);
1159 tty_driver_kref_put(rfcomm_tty_driver);
1160 }
1161