1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 4 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 5 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 6 7 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 8 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 9 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 10 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 11 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 12 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 17 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 18 SOFTWARE IS DISCLAIMED. 19 */ 20 21 /* 22 * RFCOMM TTY. 23 */ 24 25 #include <linux/module.h> 26 27 #include <linux/tty.h> 28 #include <linux/tty_driver.h> 29 #include <linux/tty_flip.h> 30 31 #include <net/bluetooth/bluetooth.h> 32 #include <net/bluetooth/hci_core.h> 33 #include <net/bluetooth/rfcomm.h> 34 35 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 36 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 37 #define RFCOMM_TTY_MINOR 0 38 39 static DEFINE_MUTEX(rfcomm_ioctl_mutex); 40 static struct tty_driver *rfcomm_tty_driver; 41 42 struct rfcomm_dev { 43 struct tty_port port; 44 struct list_head list; 45 46 char name[12]; 47 int id; 48 unsigned long flags; 49 int err; 50 51 unsigned long status; /* don't export to userspace */ 52 53 bdaddr_t src; 54 bdaddr_t dst; 55 u8 channel; 56 57 uint modem_status; 58 59 struct rfcomm_dlc *dlc; 60 61 struct device *tty_dev; 62 63 atomic_t wmem_alloc; 64 65 struct sk_buff_head pending; 66 }; 67 68 static LIST_HEAD(rfcomm_dev_list); 69 static DEFINE_MUTEX(rfcomm_dev_lock); 70 71 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 72 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 73 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 74 75 /* ---- Device functions ---- */ 76 77 static void rfcomm_dev_destruct(struct tty_port *port) 78 { 79 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 80 struct rfcomm_dlc *dlc = dev->dlc; 81 82 BT_DBG("dev %p dlc %p", dev, dlc); 83 84 rfcomm_dlc_lock(dlc); 85 /* Detach DLC if it's owned by this dev */ 86 if (dlc->owner == dev) 87 dlc->owner = NULL; 88 rfcomm_dlc_unlock(dlc); 89 90 rfcomm_dlc_put(dlc); 91 92 if (dev->tty_dev) 93 tty_unregister_device(rfcomm_tty_driver, dev->id); 94 95 mutex_lock(&rfcomm_dev_lock); 96 list_del(&dev->list); 97 mutex_unlock(&rfcomm_dev_lock); 98 99 kfree(dev); 100 101 /* It's safe to call module_put() here because socket still 102 holds reference to this module. */ 103 module_put(THIS_MODULE); 104 } 105 106 /* device-specific initialization: open the dlc */ 107 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 108 { 109 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 110 int err; 111 112 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 113 if (err) 114 set_bit(TTY_IO_ERROR, &tty->flags); 115 return err; 116 } 117 118 /* we block the open until the dlc->state becomes BT_CONNECTED */ 119 static bool rfcomm_dev_carrier_raised(struct tty_port *port) 120 { 121 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 122 123 return (dev->dlc->state == BT_CONNECTED); 124 } 125 126 /* device-specific cleanup: close the dlc */ 127 static void rfcomm_dev_shutdown(struct tty_port *port) 128 { 129 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 130 131 if (dev->tty_dev->parent) 132 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 133 134 /* close the dlc */ 135 rfcomm_dlc_close(dev->dlc, 0); 136 } 137 138 static const struct tty_port_operations rfcomm_port_ops = { 139 .destruct = rfcomm_dev_destruct, 140 .activate = rfcomm_dev_activate, 141 .shutdown = rfcomm_dev_shutdown, 142 .carrier_raised = rfcomm_dev_carrier_raised, 143 }; 144 145 static struct rfcomm_dev *__rfcomm_dev_lookup(int id) 146 { 147 struct rfcomm_dev *dev; 148 149 list_for_each_entry(dev, &rfcomm_dev_list, list) 150 if (dev->id == id) 151 return dev; 152 153 return NULL; 154 } 155 156 static struct rfcomm_dev *rfcomm_dev_get(int id) 157 { 158 struct rfcomm_dev *dev; 159 160 mutex_lock(&rfcomm_dev_lock); 161 162 dev = __rfcomm_dev_lookup(id); 163 164 if (dev && !tty_port_get(&dev->port)) 165 dev = NULL; 166 167 mutex_unlock(&rfcomm_dev_lock); 168 169 return dev; 170 } 171 172 static void rfcomm_reparent_device(struct rfcomm_dev *dev) 173 { 174 struct hci_dev *hdev; 175 struct hci_conn *conn; 176 177 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR); 178 if (!hdev) 179 return; 180 181 /* The lookup results are unsafe to access without the 182 * hci device lock (FIXME: why is this not documented?) 183 */ 184 hci_dev_lock(hdev); 185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 186 187 /* Just because the acl link is in the hash table is no 188 * guarantee the sysfs device has been added ... 189 */ 190 if (conn && device_is_registered(&conn->dev)) 191 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); 192 193 hci_dev_unlock(hdev); 194 hci_dev_put(hdev); 195 } 196 197 static ssize_t address_show(struct device *tty_dev, 198 struct device_attribute *attr, char *buf) 199 { 200 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 201 return sysfs_emit(buf, "%pMR\n", &dev->dst); 202 } 203 204 static ssize_t channel_show(struct device *tty_dev, 205 struct device_attribute *attr, char *buf) 206 { 207 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 208 return sysfs_emit(buf, "%d\n", dev->channel); 209 } 210 211 static DEVICE_ATTR_RO(address); 212 static DEVICE_ATTR_RO(channel); 213 214 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, 215 struct rfcomm_dlc *dlc) 216 { 217 struct rfcomm_dev *dev, *entry; 218 struct list_head *head = &rfcomm_dev_list; 219 int err = 0; 220 221 dev = kzalloc_obj(struct rfcomm_dev); 222 if (!dev) 223 return ERR_PTR(-ENOMEM); 224 225 mutex_lock(&rfcomm_dev_lock); 226 227 if (req->dev_id < 0) { 228 dev->id = 0; 229 230 list_for_each_entry(entry, &rfcomm_dev_list, list) { 231 if (entry->id != dev->id) 232 break; 233 234 dev->id++; 235 head = &entry->list; 236 } 237 } else { 238 dev->id = req->dev_id; 239 240 list_for_each_entry(entry, &rfcomm_dev_list, list) { 241 if (entry->id == dev->id) { 242 err = -EADDRINUSE; 243 goto out; 244 } 245 246 if (entry->id > dev->id - 1) 247 break; 248 249 head = &entry->list; 250 } 251 } 252 253 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 254 err = -ENFILE; 255 goto out; 256 } 257 258 sprintf(dev->name, "rfcomm%d", dev->id); 259 260 list_add(&dev->list, head); 261 262 bacpy(&dev->src, &req->src); 263 bacpy(&dev->dst, &req->dst); 264 dev->channel = req->channel; 265 266 dev->flags = req->flags & 267 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 268 269 tty_port_init(&dev->port); 270 dev->port.ops = &rfcomm_port_ops; 271 272 skb_queue_head_init(&dev->pending); 273 274 rfcomm_dlc_lock(dlc); 275 276 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 277 struct sock *sk = dlc->owner; 278 struct sk_buff *skb; 279 280 BUG_ON(!sk); 281 282 rfcomm_dlc_throttle(dlc); 283 284 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 285 skb_orphan(skb); 286 skb_queue_tail(&dev->pending, skb); 287 atomic_sub(skb->len, &sk->sk_rmem_alloc); 288 } 289 } 290 291 dlc->data_ready = rfcomm_dev_data_ready; 292 dlc->state_change = rfcomm_dev_state_change; 293 dlc->modem_status = rfcomm_dev_modem_status; 294 295 dlc->owner = dev; 296 dev->dlc = dlc; 297 298 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 299 300 rfcomm_dlc_unlock(dlc); 301 302 /* It's safe to call __module_get() here because socket already 303 holds reference to this module. */ 304 __module_get(THIS_MODULE); 305 306 mutex_unlock(&rfcomm_dev_lock); 307 return dev; 308 309 out: 310 mutex_unlock(&rfcomm_dev_lock); 311 kfree(dev); 312 return ERR_PTR(err); 313 } 314 315 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 316 { 317 struct rfcomm_dev *dev; 318 struct device *tty; 319 320 BT_DBG("id %d channel %d", req->dev_id, req->channel); 321 322 dev = __rfcomm_dev_add(req, dlc); 323 if (IS_ERR(dev)) { 324 rfcomm_dlc_put(dlc); 325 return PTR_ERR(dev); 326 } 327 328 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, 329 dev->id, NULL); 330 if (IS_ERR(tty)) { 331 tty_port_put(&dev->port); 332 return PTR_ERR(tty); 333 } 334 335 dev->tty_dev = tty; 336 rfcomm_reparent_device(dev); 337 dev_set_drvdata(dev->tty_dev, dev); 338 339 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 340 BT_ERR("Failed to create address attribute"); 341 342 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 343 BT_ERR("Failed to create channel attribute"); 344 345 return dev->id; 346 } 347 348 /* ---- Send buffer ---- */ 349 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) 350 { 351 struct rfcomm_dlc *dlc = dev->dlc; 352 353 /* Limit the outstanding number of packets not yet sent to 40 */ 354 int pending = 40 - atomic_read(&dev->wmem_alloc); 355 356 return max(0, pending) * dlc->mtu; 357 } 358 359 static void rfcomm_wfree(struct sk_buff *skb) 360 { 361 struct rfcomm_dev *dev = (void *) skb->sk; 362 atomic_dec(&dev->wmem_alloc); 363 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 364 tty_port_tty_wakeup(&dev->port); 365 tty_port_put(&dev->port); 366 } 367 368 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 369 { 370 tty_port_get(&dev->port); 371 atomic_inc(&dev->wmem_alloc); 372 skb->sk = (void *) dev; 373 skb->destructor = rfcomm_wfree; 374 } 375 376 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 377 { 378 struct sk_buff *skb = alloc_skb(size, priority); 379 if (skb) 380 rfcomm_set_owner_w(skb, dev); 381 return skb; 382 } 383 384 /* ---- Device IOCTLs ---- */ 385 386 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 387 388 static int __rfcomm_create_dev(struct sock *sk, void __user *arg) 389 { 390 struct rfcomm_dev_req req; 391 struct rfcomm_dlc *dlc; 392 int id; 393 394 if (copy_from_user(&req, arg, sizeof(req))) 395 return -EFAULT; 396 397 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 398 399 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 400 return -EPERM; 401 402 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 403 /* Socket must be connected */ 404 if (sk->sk_state != BT_CONNECTED) 405 return -EBADFD; 406 407 dlc = rfcomm_pi(sk)->dlc; 408 rfcomm_dlc_hold(dlc); 409 } else { 410 /* Validate the channel is unused */ 411 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); 412 if (IS_ERR(dlc)) 413 return PTR_ERR(dlc); 414 if (dlc) 415 return -EBUSY; 416 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 417 if (!dlc) 418 return -ENOMEM; 419 } 420 421 id = rfcomm_dev_add(&req, dlc); 422 if (id < 0) 423 return id; 424 425 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 426 /* DLC is now used by device. 427 * Socket must be disconnected */ 428 sk->sk_state = BT_CLOSED; 429 } 430 431 return id; 432 } 433 434 static int __rfcomm_release_dev(void __user *arg) 435 { 436 struct rfcomm_dev_req req; 437 struct rfcomm_dev *dev; 438 439 if (copy_from_user(&req, arg, sizeof(req))) 440 return -EFAULT; 441 442 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 443 444 dev = rfcomm_dev_get(req.dev_id); 445 if (!dev) 446 return -ENODEV; 447 448 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 449 tty_port_put(&dev->port); 450 return -EPERM; 451 } 452 453 /* only release once */ 454 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { 455 tty_port_put(&dev->port); 456 return -EALREADY; 457 } 458 459 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 460 rfcomm_dlc_close(dev->dlc, 0); 461 462 /* Shut down TTY synchronously before freeing rfcomm_dev */ 463 tty_port_tty_vhangup(&dev->port); 464 465 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) 466 tty_port_put(&dev->port); 467 468 tty_port_put(&dev->port); 469 return 0; 470 } 471 472 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 473 { 474 int ret; 475 476 mutex_lock(&rfcomm_ioctl_mutex); 477 ret = __rfcomm_create_dev(sk, arg); 478 mutex_unlock(&rfcomm_ioctl_mutex); 479 480 return ret; 481 } 482 483 static int rfcomm_release_dev(void __user *arg) 484 { 485 int ret; 486 487 mutex_lock(&rfcomm_ioctl_mutex); 488 ret = __rfcomm_release_dev(arg); 489 mutex_unlock(&rfcomm_ioctl_mutex); 490 491 return ret; 492 } 493 494 static int rfcomm_get_dev_list(void __user *arg) 495 { 496 struct rfcomm_dev *dev; 497 struct rfcomm_dev_list_req *dl; 498 struct rfcomm_dev_info *di; 499 int n = 0, err; 500 u16 dev_num; 501 502 BT_DBG(""); 503 504 if (get_user(dev_num, (u16 __user *) arg)) 505 return -EFAULT; 506 507 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 508 return -EINVAL; 509 510 dl = kzalloc_flex(*dl, dev_info, dev_num); 511 if (!dl) 512 return -ENOMEM; 513 514 dl->dev_num = dev_num; 515 di = dl->dev_info; 516 517 mutex_lock(&rfcomm_dev_lock); 518 519 list_for_each_entry(dev, &rfcomm_dev_list, list) { 520 if (!tty_port_get(&dev->port)) 521 continue; 522 di[n].id = dev->id; 523 di[n].flags = dev->flags; 524 di[n].state = dev->dlc->state; 525 di[n].channel = dev->channel; 526 bacpy(&di[n].src, &dev->src); 527 bacpy(&di[n].dst, &dev->dst); 528 tty_port_put(&dev->port); 529 if (++n >= dev_num) 530 break; 531 } 532 533 mutex_unlock(&rfcomm_dev_lock); 534 535 dl->dev_num = n; 536 err = copy_to_user(arg, dl, struct_size(dl, dev_info, n)); 537 kfree(dl); 538 539 return err ? -EFAULT : 0; 540 } 541 542 static int rfcomm_get_dev_info(void __user *arg) 543 { 544 struct rfcomm_dev *dev; 545 struct rfcomm_dev_info di; 546 int err = 0; 547 548 BT_DBG(""); 549 550 if (copy_from_user(&di, arg, sizeof(di))) 551 return -EFAULT; 552 553 dev = rfcomm_dev_get(di.id); 554 if (!dev) 555 return -ENODEV; 556 557 di.flags = dev->flags; 558 di.channel = dev->channel; 559 di.state = dev->dlc->state; 560 bacpy(&di.src, &dev->src); 561 bacpy(&di.dst, &dev->dst); 562 563 if (copy_to_user(arg, &di, sizeof(di))) 564 err = -EFAULT; 565 566 tty_port_put(&dev->port); 567 return err; 568 } 569 570 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 571 { 572 BT_DBG("cmd %d arg %p", cmd, arg); 573 574 switch (cmd) { 575 case RFCOMMCREATEDEV: 576 return rfcomm_create_dev(sk, arg); 577 578 case RFCOMMRELEASEDEV: 579 return rfcomm_release_dev(arg); 580 581 case RFCOMMGETDEVLIST: 582 return rfcomm_get_dev_list(arg); 583 584 case RFCOMMGETDEVINFO: 585 return rfcomm_get_dev_info(arg); 586 } 587 588 return -EINVAL; 589 } 590 591 /* ---- DLC callbacks ---- */ 592 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 593 { 594 struct rfcomm_dev *dev = dlc->owner; 595 596 if (!dev) { 597 kfree_skb(skb); 598 return; 599 } 600 601 if (!skb_queue_empty(&dev->pending)) { 602 skb_queue_tail(&dev->pending, skb); 603 return; 604 } 605 606 BT_DBG("dlc %p len %d", dlc, skb->len); 607 608 tty_insert_flip_string(&dev->port, skb->data, skb->len); 609 tty_flip_buffer_push(&dev->port); 610 611 kfree_skb(skb); 612 } 613 614 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 615 { 616 struct rfcomm_dev *dev = dlc->owner; 617 if (!dev) 618 return; 619 620 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 621 622 dev->err = err; 623 if (dlc->state == BT_CONNECTED) { 624 rfcomm_reparent_device(dev); 625 626 wake_up_interruptible(&dev->port.open_wait); 627 } else if (dlc->state == BT_CLOSED) 628 tty_port_tty_hangup(&dev->port, false); 629 } 630 631 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 632 { 633 struct rfcomm_dev *dev = dlc->owner; 634 if (!dev) 635 return; 636 637 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 638 639 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 640 tty_port_tty_hangup(&dev->port, true); 641 642 dev->modem_status = 643 ((v24_sig & RFCOMM_V24_RTC) ? TIOCM_DSR : 0) | 644 ((v24_sig & RFCOMM_V24_RTR) ? TIOCM_CTS : 0) | 645 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 646 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 647 } 648 649 /* ---- TTY functions ---- */ 650 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 651 { 652 struct sk_buff *skb; 653 int inserted = 0; 654 655 BT_DBG("dev %p", dev); 656 657 rfcomm_dlc_lock(dev->dlc); 658 659 while ((skb = skb_dequeue(&dev->pending))) { 660 inserted += tty_insert_flip_string(&dev->port, skb->data, 661 skb->len); 662 kfree_skb(skb); 663 } 664 665 rfcomm_dlc_unlock(dev->dlc); 666 667 if (inserted > 0) 668 tty_flip_buffer_push(&dev->port); 669 } 670 671 /* do the reverse of install, clearing the tty fields and releasing the 672 * reference to tty_port 673 */ 674 static void rfcomm_tty_cleanup(struct tty_struct *tty) 675 { 676 struct rfcomm_dev *dev = tty->driver_data; 677 678 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 679 680 rfcomm_dlc_lock(dev->dlc); 681 tty->driver_data = NULL; 682 rfcomm_dlc_unlock(dev->dlc); 683 684 /* 685 * purge the dlc->tx_queue to avoid circular dependencies 686 * between dev and dlc 687 */ 688 skb_queue_purge(&dev->dlc->tx_queue); 689 690 tty_port_put(&dev->port); 691 } 692 693 /* we acquire the tty_port reference since it's here the tty is first used 694 * by setting the termios. We also populate the driver_data field and install 695 * the tty port 696 */ 697 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 698 { 699 struct rfcomm_dev *dev; 700 struct rfcomm_dlc *dlc; 701 int err; 702 703 dev = rfcomm_dev_get(tty->index); 704 if (!dev) 705 return -ENODEV; 706 707 dlc = dev->dlc; 708 709 /* Attach TTY and open DLC */ 710 rfcomm_dlc_lock(dlc); 711 tty->driver_data = dev; 712 rfcomm_dlc_unlock(dlc); 713 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 714 715 /* install the tty_port */ 716 err = tty_port_install(&dev->port, driver, tty); 717 if (err) { 718 rfcomm_tty_cleanup(tty); 719 return err; 720 } 721 722 /* take over the tty_port reference if the port was created with the 723 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port 724 * when the last process closes the tty. The behaviour is expected by 725 * userspace. 726 */ 727 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 728 set_bit(RFCOMM_TTY_OWNED, &dev->status); 729 tty_port_put(&dev->port); 730 } 731 732 return 0; 733 } 734 735 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 736 { 737 struct rfcomm_dev *dev = tty->driver_data; 738 int err; 739 740 BT_DBG("tty %p id %d", tty, tty->index); 741 742 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 743 dev->channel, dev->port.count); 744 745 err = tty_port_open(&dev->port, tty, filp); 746 if (err) 747 return err; 748 749 /* 750 * FIXME: rfcomm should use proper flow control for 751 * received data. This hack will be unnecessary and can 752 * be removed when that's implemented 753 */ 754 rfcomm_tty_copy_pending(dev); 755 756 rfcomm_dlc_unthrottle(dev->dlc); 757 758 return 0; 759 } 760 761 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 762 { 763 struct rfcomm_dev *dev = tty->driver_data; 764 765 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 766 dev->port.count); 767 768 tty_port_close(&dev->port, tty, filp); 769 } 770 771 static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf, 772 size_t count) 773 { 774 struct rfcomm_dev *dev = tty->driver_data; 775 struct rfcomm_dlc *dlc = dev->dlc; 776 struct sk_buff *skb; 777 size_t sent = 0, size; 778 779 BT_DBG("tty %p count %zu", tty, count); 780 781 while (count) { 782 size = min_t(size_t, count, dlc->mtu); 783 784 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 785 if (!skb) 786 break; 787 788 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 789 790 skb_put_data(skb, buf + sent, size); 791 792 rfcomm_dlc_send_noerror(dlc, skb); 793 794 sent += size; 795 count -= size; 796 } 797 798 return sent; 799 } 800 801 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty) 802 { 803 struct rfcomm_dev *dev = tty->driver_data; 804 int room = 0; 805 806 if (dev && dev->dlc) 807 room = rfcomm_room(dev); 808 809 BT_DBG("tty %p room %d", tty, room); 810 811 return room; 812 } 813 814 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 815 { 816 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 817 818 switch (cmd) { 819 case TCGETS: 820 BT_DBG("TCGETS is not supported"); 821 return -ENOIOCTLCMD; 822 823 case TCSETS: 824 BT_DBG("TCSETS is not supported"); 825 return -ENOIOCTLCMD; 826 827 case TIOCMIWAIT: 828 BT_DBG("TIOCMIWAIT"); 829 break; 830 831 case TIOCSERGETLSR: 832 BT_ERR("TIOCSERGETLSR is not supported"); 833 return -ENOIOCTLCMD; 834 835 case TIOCSERCONFIG: 836 BT_ERR("TIOCSERCONFIG is not supported"); 837 return -ENOIOCTLCMD; 838 839 default: 840 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 841 842 } 843 844 return -ENOIOCTLCMD; 845 } 846 847 static void rfcomm_tty_set_termios(struct tty_struct *tty, 848 const struct ktermios *old) 849 { 850 struct ktermios *new = &tty->termios; 851 int old_baud_rate = tty_termios_baud_rate(old); 852 int new_baud_rate = tty_termios_baud_rate(new); 853 854 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 855 u16 changes = 0; 856 857 struct rfcomm_dev *dev = tty->driver_data; 858 859 BT_DBG("tty %p termios %p", tty, old); 860 861 if (!dev || !dev->dlc || !dev->dlc->session) 862 return; 863 864 /* Handle turning off CRTSCTS */ 865 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 866 BT_DBG("Turning off CRTSCTS unsupported"); 867 868 /* Parity on/off and when on, odd/even */ 869 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 870 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 871 changes |= RFCOMM_RPN_PM_PARITY; 872 BT_DBG("Parity change detected."); 873 } 874 875 /* Mark and space parity are not supported! */ 876 if (new->c_cflag & PARENB) { 877 if (new->c_cflag & PARODD) { 878 BT_DBG("Parity is ODD"); 879 parity = RFCOMM_RPN_PARITY_ODD; 880 } else { 881 BT_DBG("Parity is EVEN"); 882 parity = RFCOMM_RPN_PARITY_EVEN; 883 } 884 } else { 885 BT_DBG("Parity is OFF"); 886 parity = RFCOMM_RPN_PARITY_NONE; 887 } 888 889 /* Setting the x_on / x_off characters */ 890 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 891 BT_DBG("XOFF custom"); 892 x_on = new->c_cc[VSTOP]; 893 changes |= RFCOMM_RPN_PM_XON; 894 } else { 895 BT_DBG("XOFF default"); 896 x_on = RFCOMM_RPN_XON_CHAR; 897 } 898 899 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 900 BT_DBG("XON custom"); 901 x_off = new->c_cc[VSTART]; 902 changes |= RFCOMM_RPN_PM_XOFF; 903 } else { 904 BT_DBG("XON default"); 905 x_off = RFCOMM_RPN_XOFF_CHAR; 906 } 907 908 /* Handle setting of stop bits */ 909 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 910 changes |= RFCOMM_RPN_PM_STOP; 911 912 /* POSIX does not support 1.5 stop bits and RFCOMM does not 913 * support 2 stop bits. So a request for 2 stop bits gets 914 * translated to 1.5 stop bits */ 915 if (new->c_cflag & CSTOPB) 916 stop_bits = RFCOMM_RPN_STOP_15; 917 else 918 stop_bits = RFCOMM_RPN_STOP_1; 919 920 /* Handle number of data bits [5-8] */ 921 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 922 changes |= RFCOMM_RPN_PM_DATA; 923 924 switch (new->c_cflag & CSIZE) { 925 case CS5: 926 data_bits = RFCOMM_RPN_DATA_5; 927 break; 928 case CS6: 929 data_bits = RFCOMM_RPN_DATA_6; 930 break; 931 case CS7: 932 data_bits = RFCOMM_RPN_DATA_7; 933 break; 934 case CS8: 935 data_bits = RFCOMM_RPN_DATA_8; 936 break; 937 default: 938 data_bits = RFCOMM_RPN_DATA_8; 939 break; 940 } 941 942 /* Handle baudrate settings */ 943 if (old_baud_rate != new_baud_rate) 944 changes |= RFCOMM_RPN_PM_BITRATE; 945 946 switch (new_baud_rate) { 947 case 2400: 948 baud = RFCOMM_RPN_BR_2400; 949 break; 950 case 4800: 951 baud = RFCOMM_RPN_BR_4800; 952 break; 953 case 7200: 954 baud = RFCOMM_RPN_BR_7200; 955 break; 956 case 9600: 957 baud = RFCOMM_RPN_BR_9600; 958 break; 959 case 19200: 960 baud = RFCOMM_RPN_BR_19200; 961 break; 962 case 38400: 963 baud = RFCOMM_RPN_BR_38400; 964 break; 965 case 57600: 966 baud = RFCOMM_RPN_BR_57600; 967 break; 968 case 115200: 969 baud = RFCOMM_RPN_BR_115200; 970 break; 971 case 230400: 972 baud = RFCOMM_RPN_BR_230400; 973 break; 974 default: 975 /* 9600 is standard according to the RFCOMM specification */ 976 baud = RFCOMM_RPN_BR_9600; 977 break; 978 979 } 980 981 if (changes) 982 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 983 data_bits, stop_bits, parity, 984 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 985 } 986 987 static void rfcomm_tty_throttle(struct tty_struct *tty) 988 { 989 struct rfcomm_dev *dev = tty->driver_data; 990 991 BT_DBG("tty %p dev %p", tty, dev); 992 993 rfcomm_dlc_throttle(dev->dlc); 994 } 995 996 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 997 { 998 struct rfcomm_dev *dev = tty->driver_data; 999 1000 BT_DBG("tty %p dev %p", tty, dev); 1001 1002 rfcomm_dlc_unthrottle(dev->dlc); 1003 } 1004 1005 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1006 { 1007 struct rfcomm_dev *dev = tty->driver_data; 1008 1009 BT_DBG("tty %p dev %p", tty, dev); 1010 1011 if (!dev || !dev->dlc) 1012 return 0; 1013 1014 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1015 return dev->dlc->mtu; 1016 1017 return 0; 1018 } 1019 1020 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1021 { 1022 struct rfcomm_dev *dev = tty->driver_data; 1023 1024 BT_DBG("tty %p dev %p", tty, dev); 1025 1026 if (!dev || !dev->dlc) 1027 return; 1028 1029 skb_queue_purge(&dev->dlc->tx_queue); 1030 tty_wakeup(tty); 1031 } 1032 1033 static void rfcomm_tty_send_xchar(struct tty_struct *tty, u8 ch) 1034 { 1035 BT_DBG("tty %p ch %c", tty, ch); 1036 } 1037 1038 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1039 { 1040 BT_DBG("tty %p timeout %d", tty, timeout); 1041 } 1042 1043 static void rfcomm_tty_hangup(struct tty_struct *tty) 1044 { 1045 struct rfcomm_dev *dev = tty->driver_data; 1046 1047 BT_DBG("tty %p dev %p", tty, dev); 1048 1049 tty_port_hangup(&dev->port); 1050 } 1051 1052 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1053 { 1054 struct rfcomm_dev *dev = tty->driver_data; 1055 struct rfcomm_dlc *dlc = dev->dlc; 1056 u8 v24_sig; 1057 1058 BT_DBG("tty %p dev %p", tty, dev); 1059 1060 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1061 1062 return (v24_sig & (TIOCM_DTR | TIOCM_RTS)) | dev->modem_status; 1063 } 1064 1065 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1066 { 1067 struct rfcomm_dev *dev = tty->driver_data; 1068 struct rfcomm_dlc *dlc = dev->dlc; 1069 u8 v24_sig; 1070 1071 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1072 1073 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1074 1075 if (set & TIOCM_DTR) 1076 v24_sig |= RFCOMM_V24_RTC; 1077 if (set & TIOCM_RTS) 1078 v24_sig |= RFCOMM_V24_RTR; 1079 1080 if (clear & TIOCM_DTR) 1081 v24_sig &= ~RFCOMM_V24_RTC; 1082 if (clear & TIOCM_RTS) 1083 v24_sig &= ~RFCOMM_V24_RTR; 1084 1085 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1086 1087 return 0; 1088 } 1089 1090 /* ---- TTY structure ---- */ 1091 1092 static const struct tty_operations rfcomm_ops = { 1093 .open = rfcomm_tty_open, 1094 .close = rfcomm_tty_close, 1095 .write = rfcomm_tty_write, 1096 .write_room = rfcomm_tty_write_room, 1097 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1098 .flush_buffer = rfcomm_tty_flush_buffer, 1099 .ioctl = rfcomm_tty_ioctl, 1100 .throttle = rfcomm_tty_throttle, 1101 .unthrottle = rfcomm_tty_unthrottle, 1102 .set_termios = rfcomm_tty_set_termios, 1103 .send_xchar = rfcomm_tty_send_xchar, 1104 .hangup = rfcomm_tty_hangup, 1105 .wait_until_sent = rfcomm_tty_wait_until_sent, 1106 .tiocmget = rfcomm_tty_tiocmget, 1107 .tiocmset = rfcomm_tty_tiocmset, 1108 .install = rfcomm_tty_install, 1109 .cleanup = rfcomm_tty_cleanup, 1110 }; 1111 1112 int __init rfcomm_init_ttys(void) 1113 { 1114 int error; 1115 1116 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS, 1117 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV); 1118 if (IS_ERR(rfcomm_tty_driver)) 1119 return PTR_ERR(rfcomm_tty_driver); 1120 1121 rfcomm_tty_driver->driver_name = "rfcomm"; 1122 rfcomm_tty_driver->name = "rfcomm"; 1123 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1124 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1125 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1126 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1127 rfcomm_tty_driver->init_termios = tty_std_termios; 1128 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1129 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1130 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1131 1132 error = tty_register_driver(rfcomm_tty_driver); 1133 if (error) { 1134 BT_ERR("Can't register RFCOMM TTY driver"); 1135 tty_driver_kref_put(rfcomm_tty_driver); 1136 return error; 1137 } 1138 1139 BT_INFO("RFCOMM TTY layer initialized"); 1140 1141 return 0; 1142 } 1143 1144 void rfcomm_cleanup_ttys(void) 1145 { 1146 tty_unregister_driver(rfcomm_tty_driver); 1147 tty_driver_kref_put(rfcomm_tty_driver); 1148 } 1149