1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 39 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 40 #define RFCOMM_TTY_MINOR 0 41 42 static DEFINE_MUTEX(rfcomm_ioctl_mutex); 43 static struct tty_driver *rfcomm_tty_driver; 44 45 struct rfcomm_dev { 46 struct tty_port port; 47 struct list_head list; 48 49 char name[12]; 50 int id; 51 unsigned long flags; 52 int err; 53 54 unsigned long status; /* don't export to userspace */ 55 56 bdaddr_t src; 57 bdaddr_t dst; 58 u8 channel; 59 60 uint modem_status; 61 62 struct rfcomm_dlc *dlc; 63 64 struct device *tty_dev; 65 66 atomic_t wmem_alloc; 67 68 struct sk_buff_head pending; 69 }; 70 71 static LIST_HEAD(rfcomm_dev_list); 72 static DEFINE_MUTEX(rfcomm_dev_lock); 73 74 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 75 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 76 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 77 78 /* ---- Device functions ---- */ 79 80 static void rfcomm_dev_destruct(struct tty_port *port) 81 { 82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 83 struct rfcomm_dlc *dlc = dev->dlc; 84 85 BT_DBG("dev %p dlc %p", dev, dlc); 86 87 rfcomm_dlc_lock(dlc); 88 /* Detach DLC if it's owned by this dev */ 89 if (dlc->owner == dev) 90 dlc->owner = NULL; 91 rfcomm_dlc_unlock(dlc); 92 93 rfcomm_dlc_put(dlc); 94 95 if (dev->tty_dev) 96 tty_unregister_device(rfcomm_tty_driver, dev->id); 97 98 mutex_lock(&rfcomm_dev_lock); 99 list_del(&dev->list); 100 mutex_unlock(&rfcomm_dev_lock); 101 102 kfree(dev); 103 104 /* It's safe to call module_put() here because socket still 105 holds reference to this module. */ 106 module_put(THIS_MODULE); 107 } 108 109 /* device-specific initialization: open the dlc */ 110 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 111 { 112 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 113 int err; 114 115 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 116 if (err) 117 set_bit(TTY_IO_ERROR, &tty->flags); 118 return err; 119 } 120 121 /* we block the open until the dlc->state becomes BT_CONNECTED */ 122 static bool rfcomm_dev_carrier_raised(struct tty_port *port) 123 { 124 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 125 126 return (dev->dlc->state == BT_CONNECTED); 127 } 128 129 /* device-specific cleanup: close the dlc */ 130 static void rfcomm_dev_shutdown(struct tty_port *port) 131 { 132 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 133 134 if (dev->tty_dev->parent) 135 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 136 137 /* close the dlc */ 138 rfcomm_dlc_close(dev->dlc, 0); 139 } 140 141 static const struct tty_port_operations rfcomm_port_ops = { 142 .destruct = rfcomm_dev_destruct, 143 .activate = rfcomm_dev_activate, 144 .shutdown = rfcomm_dev_shutdown, 145 .carrier_raised = rfcomm_dev_carrier_raised, 146 }; 147 148 static struct rfcomm_dev *__rfcomm_dev_lookup(int id) 149 { 150 struct rfcomm_dev *dev; 151 152 list_for_each_entry(dev, &rfcomm_dev_list, list) 153 if (dev->id == id) 154 return dev; 155 156 return NULL; 157 } 158 159 static struct rfcomm_dev *rfcomm_dev_get(int id) 160 { 161 struct rfcomm_dev *dev; 162 163 mutex_lock(&rfcomm_dev_lock); 164 165 dev = __rfcomm_dev_lookup(id); 166 167 if (dev && !tty_port_get(&dev->port)) 168 dev = NULL; 169 170 mutex_unlock(&rfcomm_dev_lock); 171 172 return dev; 173 } 174 175 static void rfcomm_reparent_device(struct rfcomm_dev *dev) 176 { 177 struct hci_dev *hdev; 178 struct hci_conn *conn; 179 180 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR); 181 if (!hdev) 182 return; 183 184 /* The lookup results are unsafe to access without the 185 * hci device lock (FIXME: why is this not documented?) 186 */ 187 hci_dev_lock(hdev); 188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 189 190 /* Just because the acl link is in the hash table is no 191 * guarantee the sysfs device has been added ... 192 */ 193 if (conn && device_is_registered(&conn->dev)) 194 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); 195 196 hci_dev_unlock(hdev); 197 hci_dev_put(hdev); 198 } 199 200 static ssize_t address_show(struct device *tty_dev, 201 struct device_attribute *attr, char *buf) 202 { 203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 204 return sysfs_emit(buf, "%pMR\n", &dev->dst); 205 } 206 207 static ssize_t channel_show(struct device *tty_dev, 208 struct device_attribute *attr, char *buf) 209 { 210 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 211 return sysfs_emit(buf, "%d\n", dev->channel); 212 } 213 214 static DEVICE_ATTR_RO(address); 215 static DEVICE_ATTR_RO(channel); 216 217 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, 218 struct rfcomm_dlc *dlc) 219 { 220 struct rfcomm_dev *dev, *entry; 221 struct list_head *head = &rfcomm_dev_list; 222 int err = 0; 223 224 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 225 if (!dev) 226 return ERR_PTR(-ENOMEM); 227 228 mutex_lock(&rfcomm_dev_lock); 229 230 if (req->dev_id < 0) { 231 dev->id = 0; 232 233 list_for_each_entry(entry, &rfcomm_dev_list, list) { 234 if (entry->id != dev->id) 235 break; 236 237 dev->id++; 238 head = &entry->list; 239 } 240 } else { 241 dev->id = req->dev_id; 242 243 list_for_each_entry(entry, &rfcomm_dev_list, list) { 244 if (entry->id == dev->id) { 245 err = -EADDRINUSE; 246 goto out; 247 } 248 249 if (entry->id > dev->id - 1) 250 break; 251 252 head = &entry->list; 253 } 254 } 255 256 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 257 err = -ENFILE; 258 goto out; 259 } 260 261 sprintf(dev->name, "rfcomm%d", dev->id); 262 263 list_add(&dev->list, head); 264 265 bacpy(&dev->src, &req->src); 266 bacpy(&dev->dst, &req->dst); 267 dev->channel = req->channel; 268 269 dev->flags = req->flags & 270 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 271 272 tty_port_init(&dev->port); 273 dev->port.ops = &rfcomm_port_ops; 274 275 skb_queue_head_init(&dev->pending); 276 277 rfcomm_dlc_lock(dlc); 278 279 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 280 struct sock *sk = dlc->owner; 281 struct sk_buff *skb; 282 283 BUG_ON(!sk); 284 285 rfcomm_dlc_throttle(dlc); 286 287 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 288 skb_orphan(skb); 289 skb_queue_tail(&dev->pending, skb); 290 atomic_sub(skb->len, &sk->sk_rmem_alloc); 291 } 292 } 293 294 dlc->data_ready = rfcomm_dev_data_ready; 295 dlc->state_change = rfcomm_dev_state_change; 296 dlc->modem_status = rfcomm_dev_modem_status; 297 298 dlc->owner = dev; 299 dev->dlc = dlc; 300 301 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 302 303 rfcomm_dlc_unlock(dlc); 304 305 /* It's safe to call __module_get() here because socket already 306 holds reference to this module. */ 307 __module_get(THIS_MODULE); 308 309 mutex_unlock(&rfcomm_dev_lock); 310 return dev; 311 312 out: 313 mutex_unlock(&rfcomm_dev_lock); 314 kfree(dev); 315 return ERR_PTR(err); 316 } 317 318 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 319 { 320 struct rfcomm_dev *dev; 321 struct device *tty; 322 323 BT_DBG("id %d channel %d", req->dev_id, req->channel); 324 325 dev = __rfcomm_dev_add(req, dlc); 326 if (IS_ERR(dev)) { 327 rfcomm_dlc_put(dlc); 328 return PTR_ERR(dev); 329 } 330 331 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, 332 dev->id, NULL); 333 if (IS_ERR(tty)) { 334 tty_port_put(&dev->port); 335 return PTR_ERR(tty); 336 } 337 338 dev->tty_dev = tty; 339 rfcomm_reparent_device(dev); 340 dev_set_drvdata(dev->tty_dev, dev); 341 342 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 343 BT_ERR("Failed to create address attribute"); 344 345 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 346 BT_ERR("Failed to create channel attribute"); 347 348 return dev->id; 349 } 350 351 /* ---- Send buffer ---- */ 352 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) 353 { 354 struct rfcomm_dlc *dlc = dev->dlc; 355 356 /* Limit the outstanding number of packets not yet sent to 40 */ 357 int pending = 40 - atomic_read(&dev->wmem_alloc); 358 359 return max(0, pending) * dlc->mtu; 360 } 361 362 static void rfcomm_wfree(struct sk_buff *skb) 363 { 364 struct rfcomm_dev *dev = (void *) skb->sk; 365 atomic_dec(&dev->wmem_alloc); 366 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 367 tty_port_tty_wakeup(&dev->port); 368 tty_port_put(&dev->port); 369 } 370 371 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 372 { 373 tty_port_get(&dev->port); 374 atomic_inc(&dev->wmem_alloc); 375 skb->sk = (void *) dev; 376 skb->destructor = rfcomm_wfree; 377 } 378 379 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 380 { 381 struct sk_buff *skb = alloc_skb(size, priority); 382 if (skb) 383 rfcomm_set_owner_w(skb, dev); 384 return skb; 385 } 386 387 /* ---- Device IOCTLs ---- */ 388 389 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 390 391 static int __rfcomm_create_dev(struct sock *sk, void __user *arg) 392 { 393 struct rfcomm_dev_req req; 394 struct rfcomm_dlc *dlc; 395 int id; 396 397 if (copy_from_user(&req, arg, sizeof(req))) 398 return -EFAULT; 399 400 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 401 402 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 403 return -EPERM; 404 405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 406 /* Socket must be connected */ 407 if (sk->sk_state != BT_CONNECTED) 408 return -EBADFD; 409 410 dlc = rfcomm_pi(sk)->dlc; 411 rfcomm_dlc_hold(dlc); 412 } else { 413 /* Validate the channel is unused */ 414 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); 415 if (IS_ERR(dlc)) 416 return PTR_ERR(dlc); 417 if (dlc) 418 return -EBUSY; 419 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 420 if (!dlc) 421 return -ENOMEM; 422 } 423 424 id = rfcomm_dev_add(&req, dlc); 425 if (id < 0) 426 return id; 427 428 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 429 /* DLC is now used by device. 430 * Socket must be disconnected */ 431 sk->sk_state = BT_CLOSED; 432 } 433 434 return id; 435 } 436 437 static int __rfcomm_release_dev(void __user *arg) 438 { 439 struct rfcomm_dev_req req; 440 struct rfcomm_dev *dev; 441 442 if (copy_from_user(&req, arg, sizeof(req))) 443 return -EFAULT; 444 445 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 446 447 dev = rfcomm_dev_get(req.dev_id); 448 if (!dev) 449 return -ENODEV; 450 451 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 452 tty_port_put(&dev->port); 453 return -EPERM; 454 } 455 456 /* only release once */ 457 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { 458 tty_port_put(&dev->port); 459 return -EALREADY; 460 } 461 462 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 463 rfcomm_dlc_close(dev->dlc, 0); 464 465 /* Shut down TTY synchronously before freeing rfcomm_dev */ 466 tty_port_tty_vhangup(&dev->port); 467 468 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) 469 tty_port_put(&dev->port); 470 471 tty_port_put(&dev->port); 472 return 0; 473 } 474 475 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 476 { 477 int ret; 478 479 mutex_lock(&rfcomm_ioctl_mutex); 480 ret = __rfcomm_create_dev(sk, arg); 481 mutex_unlock(&rfcomm_ioctl_mutex); 482 483 return ret; 484 } 485 486 static int rfcomm_release_dev(void __user *arg) 487 { 488 int ret; 489 490 mutex_lock(&rfcomm_ioctl_mutex); 491 ret = __rfcomm_release_dev(arg); 492 mutex_unlock(&rfcomm_ioctl_mutex); 493 494 return ret; 495 } 496 497 static int rfcomm_get_dev_list(void __user *arg) 498 { 499 struct rfcomm_dev *dev; 500 struct rfcomm_dev_list_req *dl; 501 struct rfcomm_dev_info *di; 502 int n = 0, err; 503 u16 dev_num; 504 505 BT_DBG(""); 506 507 if (get_user(dev_num, (u16 __user *) arg)) 508 return -EFAULT; 509 510 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 511 return -EINVAL; 512 513 dl = kzalloc(struct_size(dl, dev_info, dev_num), GFP_KERNEL); 514 if (!dl) 515 return -ENOMEM; 516 517 dl->dev_num = dev_num; 518 di = dl->dev_info; 519 520 mutex_lock(&rfcomm_dev_lock); 521 522 list_for_each_entry(dev, &rfcomm_dev_list, list) { 523 if (!tty_port_get(&dev->port)) 524 continue; 525 di[n].id = dev->id; 526 di[n].flags = dev->flags; 527 di[n].state = dev->dlc->state; 528 di[n].channel = dev->channel; 529 bacpy(&di[n].src, &dev->src); 530 bacpy(&di[n].dst, &dev->dst); 531 tty_port_put(&dev->port); 532 if (++n >= dev_num) 533 break; 534 } 535 536 mutex_unlock(&rfcomm_dev_lock); 537 538 dl->dev_num = n; 539 err = copy_to_user(arg, dl, struct_size(dl, dev_info, n)); 540 kfree(dl); 541 542 return err ? -EFAULT : 0; 543 } 544 545 static int rfcomm_get_dev_info(void __user *arg) 546 { 547 struct rfcomm_dev *dev; 548 struct rfcomm_dev_info di; 549 int err = 0; 550 551 BT_DBG(""); 552 553 if (copy_from_user(&di, arg, sizeof(di))) 554 return -EFAULT; 555 556 dev = rfcomm_dev_get(di.id); 557 if (!dev) 558 return -ENODEV; 559 560 di.flags = dev->flags; 561 di.channel = dev->channel; 562 di.state = dev->dlc->state; 563 bacpy(&di.src, &dev->src); 564 bacpy(&di.dst, &dev->dst); 565 566 if (copy_to_user(arg, &di, sizeof(di))) 567 err = -EFAULT; 568 569 tty_port_put(&dev->port); 570 return err; 571 } 572 573 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 574 { 575 BT_DBG("cmd %d arg %p", cmd, arg); 576 577 switch (cmd) { 578 case RFCOMMCREATEDEV: 579 return rfcomm_create_dev(sk, arg); 580 581 case RFCOMMRELEASEDEV: 582 return rfcomm_release_dev(arg); 583 584 case RFCOMMGETDEVLIST: 585 return rfcomm_get_dev_list(arg); 586 587 case RFCOMMGETDEVINFO: 588 return rfcomm_get_dev_info(arg); 589 } 590 591 return -EINVAL; 592 } 593 594 /* ---- DLC callbacks ---- */ 595 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 596 { 597 struct rfcomm_dev *dev = dlc->owner; 598 599 if (!dev) { 600 kfree_skb(skb); 601 return; 602 } 603 604 if (!skb_queue_empty(&dev->pending)) { 605 skb_queue_tail(&dev->pending, skb); 606 return; 607 } 608 609 BT_DBG("dlc %p len %d", dlc, skb->len); 610 611 tty_insert_flip_string(&dev->port, skb->data, skb->len); 612 tty_flip_buffer_push(&dev->port); 613 614 kfree_skb(skb); 615 } 616 617 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 618 { 619 struct rfcomm_dev *dev = dlc->owner; 620 if (!dev) 621 return; 622 623 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 624 625 dev->err = err; 626 if (dlc->state == BT_CONNECTED) { 627 rfcomm_reparent_device(dev); 628 629 wake_up_interruptible(&dev->port.open_wait); 630 } else if (dlc->state == BT_CLOSED) 631 tty_port_tty_hangup(&dev->port, false); 632 } 633 634 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 635 { 636 struct rfcomm_dev *dev = dlc->owner; 637 if (!dev) 638 return; 639 640 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 641 642 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 643 tty_port_tty_hangup(&dev->port, true); 644 645 dev->modem_status = 646 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 647 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 648 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 649 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 650 } 651 652 /* ---- TTY functions ---- */ 653 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 654 { 655 struct sk_buff *skb; 656 int inserted = 0; 657 658 BT_DBG("dev %p", dev); 659 660 rfcomm_dlc_lock(dev->dlc); 661 662 while ((skb = skb_dequeue(&dev->pending))) { 663 inserted += tty_insert_flip_string(&dev->port, skb->data, 664 skb->len); 665 kfree_skb(skb); 666 } 667 668 rfcomm_dlc_unlock(dev->dlc); 669 670 if (inserted > 0) 671 tty_flip_buffer_push(&dev->port); 672 } 673 674 /* do the reverse of install, clearing the tty fields and releasing the 675 * reference to tty_port 676 */ 677 static void rfcomm_tty_cleanup(struct tty_struct *tty) 678 { 679 struct rfcomm_dev *dev = tty->driver_data; 680 681 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 682 683 rfcomm_dlc_lock(dev->dlc); 684 tty->driver_data = NULL; 685 rfcomm_dlc_unlock(dev->dlc); 686 687 /* 688 * purge the dlc->tx_queue to avoid circular dependencies 689 * between dev and dlc 690 */ 691 skb_queue_purge(&dev->dlc->tx_queue); 692 693 tty_port_put(&dev->port); 694 } 695 696 /* we acquire the tty_port reference since it's here the tty is first used 697 * by setting the termios. We also populate the driver_data field and install 698 * the tty port 699 */ 700 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 701 { 702 struct rfcomm_dev *dev; 703 struct rfcomm_dlc *dlc; 704 int err; 705 706 dev = rfcomm_dev_get(tty->index); 707 if (!dev) 708 return -ENODEV; 709 710 dlc = dev->dlc; 711 712 /* Attach TTY and open DLC */ 713 rfcomm_dlc_lock(dlc); 714 tty->driver_data = dev; 715 rfcomm_dlc_unlock(dlc); 716 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 717 718 /* install the tty_port */ 719 err = tty_port_install(&dev->port, driver, tty); 720 if (err) { 721 rfcomm_tty_cleanup(tty); 722 return err; 723 } 724 725 /* take over the tty_port reference if the port was created with the 726 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port 727 * when the last process closes the tty. The behaviour is expected by 728 * userspace. 729 */ 730 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 731 set_bit(RFCOMM_TTY_OWNED, &dev->status); 732 tty_port_put(&dev->port); 733 } 734 735 return 0; 736 } 737 738 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 739 { 740 struct rfcomm_dev *dev = tty->driver_data; 741 int err; 742 743 BT_DBG("tty %p id %d", tty, tty->index); 744 745 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 746 dev->channel, dev->port.count); 747 748 err = tty_port_open(&dev->port, tty, filp); 749 if (err) 750 return err; 751 752 /* 753 * FIXME: rfcomm should use proper flow control for 754 * received data. This hack will be unnecessary and can 755 * be removed when that's implemented 756 */ 757 rfcomm_tty_copy_pending(dev); 758 759 rfcomm_dlc_unthrottle(dev->dlc); 760 761 return 0; 762 } 763 764 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 765 { 766 struct rfcomm_dev *dev = tty->driver_data; 767 768 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 769 dev->port.count); 770 771 tty_port_close(&dev->port, tty, filp); 772 } 773 774 static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf, 775 size_t count) 776 { 777 struct rfcomm_dev *dev = tty->driver_data; 778 struct rfcomm_dlc *dlc = dev->dlc; 779 struct sk_buff *skb; 780 size_t sent = 0, size; 781 782 BT_DBG("tty %p count %zu", tty, count); 783 784 while (count) { 785 size = min_t(size_t, count, dlc->mtu); 786 787 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 788 if (!skb) 789 break; 790 791 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 792 793 skb_put_data(skb, buf + sent, size); 794 795 rfcomm_dlc_send_noerror(dlc, skb); 796 797 sent += size; 798 count -= size; 799 } 800 801 return sent; 802 } 803 804 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty) 805 { 806 struct rfcomm_dev *dev = tty->driver_data; 807 int room = 0; 808 809 if (dev && dev->dlc) 810 room = rfcomm_room(dev); 811 812 BT_DBG("tty %p room %d", tty, room); 813 814 return room; 815 } 816 817 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 818 { 819 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 820 821 switch (cmd) { 822 case TCGETS: 823 BT_DBG("TCGETS is not supported"); 824 return -ENOIOCTLCMD; 825 826 case TCSETS: 827 BT_DBG("TCSETS is not supported"); 828 return -ENOIOCTLCMD; 829 830 case TIOCMIWAIT: 831 BT_DBG("TIOCMIWAIT"); 832 break; 833 834 case TIOCSERGETLSR: 835 BT_ERR("TIOCSERGETLSR is not supported"); 836 return -ENOIOCTLCMD; 837 838 case TIOCSERCONFIG: 839 BT_ERR("TIOCSERCONFIG is not supported"); 840 return -ENOIOCTLCMD; 841 842 default: 843 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 844 845 } 846 847 return -ENOIOCTLCMD; 848 } 849 850 static void rfcomm_tty_set_termios(struct tty_struct *tty, 851 const struct ktermios *old) 852 { 853 struct ktermios *new = &tty->termios; 854 int old_baud_rate = tty_termios_baud_rate(old); 855 int new_baud_rate = tty_termios_baud_rate(new); 856 857 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 858 u16 changes = 0; 859 860 struct rfcomm_dev *dev = tty->driver_data; 861 862 BT_DBG("tty %p termios %p", tty, old); 863 864 if (!dev || !dev->dlc || !dev->dlc->session) 865 return; 866 867 /* Handle turning off CRTSCTS */ 868 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 869 BT_DBG("Turning off CRTSCTS unsupported"); 870 871 /* Parity on/off and when on, odd/even */ 872 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 873 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 874 changes |= RFCOMM_RPN_PM_PARITY; 875 BT_DBG("Parity change detected."); 876 } 877 878 /* Mark and space parity are not supported! */ 879 if (new->c_cflag & PARENB) { 880 if (new->c_cflag & PARODD) { 881 BT_DBG("Parity is ODD"); 882 parity = RFCOMM_RPN_PARITY_ODD; 883 } else { 884 BT_DBG("Parity is EVEN"); 885 parity = RFCOMM_RPN_PARITY_EVEN; 886 } 887 } else { 888 BT_DBG("Parity is OFF"); 889 parity = RFCOMM_RPN_PARITY_NONE; 890 } 891 892 /* Setting the x_on / x_off characters */ 893 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 894 BT_DBG("XOFF custom"); 895 x_on = new->c_cc[VSTOP]; 896 changes |= RFCOMM_RPN_PM_XON; 897 } else { 898 BT_DBG("XOFF default"); 899 x_on = RFCOMM_RPN_XON_CHAR; 900 } 901 902 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 903 BT_DBG("XON custom"); 904 x_off = new->c_cc[VSTART]; 905 changes |= RFCOMM_RPN_PM_XOFF; 906 } else { 907 BT_DBG("XON default"); 908 x_off = RFCOMM_RPN_XOFF_CHAR; 909 } 910 911 /* Handle setting of stop bits */ 912 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 913 changes |= RFCOMM_RPN_PM_STOP; 914 915 /* POSIX does not support 1.5 stop bits and RFCOMM does not 916 * support 2 stop bits. So a request for 2 stop bits gets 917 * translated to 1.5 stop bits */ 918 if (new->c_cflag & CSTOPB) 919 stop_bits = RFCOMM_RPN_STOP_15; 920 else 921 stop_bits = RFCOMM_RPN_STOP_1; 922 923 /* Handle number of data bits [5-8] */ 924 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 925 changes |= RFCOMM_RPN_PM_DATA; 926 927 switch (new->c_cflag & CSIZE) { 928 case CS5: 929 data_bits = RFCOMM_RPN_DATA_5; 930 break; 931 case CS6: 932 data_bits = RFCOMM_RPN_DATA_6; 933 break; 934 case CS7: 935 data_bits = RFCOMM_RPN_DATA_7; 936 break; 937 case CS8: 938 data_bits = RFCOMM_RPN_DATA_8; 939 break; 940 default: 941 data_bits = RFCOMM_RPN_DATA_8; 942 break; 943 } 944 945 /* Handle baudrate settings */ 946 if (old_baud_rate != new_baud_rate) 947 changes |= RFCOMM_RPN_PM_BITRATE; 948 949 switch (new_baud_rate) { 950 case 2400: 951 baud = RFCOMM_RPN_BR_2400; 952 break; 953 case 4800: 954 baud = RFCOMM_RPN_BR_4800; 955 break; 956 case 7200: 957 baud = RFCOMM_RPN_BR_7200; 958 break; 959 case 9600: 960 baud = RFCOMM_RPN_BR_9600; 961 break; 962 case 19200: 963 baud = RFCOMM_RPN_BR_19200; 964 break; 965 case 38400: 966 baud = RFCOMM_RPN_BR_38400; 967 break; 968 case 57600: 969 baud = RFCOMM_RPN_BR_57600; 970 break; 971 case 115200: 972 baud = RFCOMM_RPN_BR_115200; 973 break; 974 case 230400: 975 baud = RFCOMM_RPN_BR_230400; 976 break; 977 default: 978 /* 9600 is standard according to the RFCOMM specification */ 979 baud = RFCOMM_RPN_BR_9600; 980 break; 981 982 } 983 984 if (changes) 985 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 986 data_bits, stop_bits, parity, 987 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 988 } 989 990 static void rfcomm_tty_throttle(struct tty_struct *tty) 991 { 992 struct rfcomm_dev *dev = tty->driver_data; 993 994 BT_DBG("tty %p dev %p", tty, dev); 995 996 rfcomm_dlc_throttle(dev->dlc); 997 } 998 999 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1000 { 1001 struct rfcomm_dev *dev = tty->driver_data; 1002 1003 BT_DBG("tty %p dev %p", tty, dev); 1004 1005 rfcomm_dlc_unthrottle(dev->dlc); 1006 } 1007 1008 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1009 { 1010 struct rfcomm_dev *dev = tty->driver_data; 1011 1012 BT_DBG("tty %p dev %p", tty, dev); 1013 1014 if (!dev || !dev->dlc) 1015 return 0; 1016 1017 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1018 return dev->dlc->mtu; 1019 1020 return 0; 1021 } 1022 1023 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1024 { 1025 struct rfcomm_dev *dev = tty->driver_data; 1026 1027 BT_DBG("tty %p dev %p", tty, dev); 1028 1029 if (!dev || !dev->dlc) 1030 return; 1031 1032 skb_queue_purge(&dev->dlc->tx_queue); 1033 tty_wakeup(tty); 1034 } 1035 1036 static void rfcomm_tty_send_xchar(struct tty_struct *tty, u8 ch) 1037 { 1038 BT_DBG("tty %p ch %c", tty, ch); 1039 } 1040 1041 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1042 { 1043 BT_DBG("tty %p timeout %d", tty, timeout); 1044 } 1045 1046 static void rfcomm_tty_hangup(struct tty_struct *tty) 1047 { 1048 struct rfcomm_dev *dev = tty->driver_data; 1049 1050 BT_DBG("tty %p dev %p", tty, dev); 1051 1052 tty_port_hangup(&dev->port); 1053 } 1054 1055 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1056 { 1057 struct rfcomm_dev *dev = tty->driver_data; 1058 1059 BT_DBG("tty %p dev %p", tty, dev); 1060 1061 return dev->modem_status; 1062 } 1063 1064 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1065 { 1066 struct rfcomm_dev *dev = tty->driver_data; 1067 struct rfcomm_dlc *dlc = dev->dlc; 1068 u8 v24_sig; 1069 1070 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1071 1072 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1073 1074 if (set & TIOCM_DSR || set & TIOCM_DTR) 1075 v24_sig |= RFCOMM_V24_RTC; 1076 if (set & TIOCM_RTS || set & TIOCM_CTS) 1077 v24_sig |= RFCOMM_V24_RTR; 1078 if (set & TIOCM_RI) 1079 v24_sig |= RFCOMM_V24_IC; 1080 if (set & TIOCM_CD) 1081 v24_sig |= RFCOMM_V24_DV; 1082 1083 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1084 v24_sig &= ~RFCOMM_V24_RTC; 1085 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1086 v24_sig &= ~RFCOMM_V24_RTR; 1087 if (clear & TIOCM_RI) 1088 v24_sig &= ~RFCOMM_V24_IC; 1089 if (clear & TIOCM_CD) 1090 v24_sig &= ~RFCOMM_V24_DV; 1091 1092 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1093 1094 return 0; 1095 } 1096 1097 /* ---- TTY structure ---- */ 1098 1099 static const struct tty_operations rfcomm_ops = { 1100 .open = rfcomm_tty_open, 1101 .close = rfcomm_tty_close, 1102 .write = rfcomm_tty_write, 1103 .write_room = rfcomm_tty_write_room, 1104 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1105 .flush_buffer = rfcomm_tty_flush_buffer, 1106 .ioctl = rfcomm_tty_ioctl, 1107 .throttle = rfcomm_tty_throttle, 1108 .unthrottle = rfcomm_tty_unthrottle, 1109 .set_termios = rfcomm_tty_set_termios, 1110 .send_xchar = rfcomm_tty_send_xchar, 1111 .hangup = rfcomm_tty_hangup, 1112 .wait_until_sent = rfcomm_tty_wait_until_sent, 1113 .tiocmget = rfcomm_tty_tiocmget, 1114 .tiocmset = rfcomm_tty_tiocmset, 1115 .install = rfcomm_tty_install, 1116 .cleanup = rfcomm_tty_cleanup, 1117 }; 1118 1119 int __init rfcomm_init_ttys(void) 1120 { 1121 int error; 1122 1123 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS, 1124 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV); 1125 if (IS_ERR(rfcomm_tty_driver)) 1126 return PTR_ERR(rfcomm_tty_driver); 1127 1128 rfcomm_tty_driver->driver_name = "rfcomm"; 1129 rfcomm_tty_driver->name = "rfcomm"; 1130 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1131 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1132 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1133 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1134 rfcomm_tty_driver->init_termios = tty_std_termios; 1135 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1136 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1137 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1138 1139 error = tty_register_driver(rfcomm_tty_driver); 1140 if (error) { 1141 BT_ERR("Can't register RFCOMM TTY driver"); 1142 tty_driver_kref_put(rfcomm_tty_driver); 1143 return error; 1144 } 1145 1146 BT_INFO("RFCOMM TTY layer initialized"); 1147 1148 return 0; 1149 } 1150 1151 void rfcomm_cleanup_ttys(void) 1152 { 1153 tty_unregister_driver(rfcomm_tty_driver); 1154 tty_driver_kref_put(rfcomm_tty_driver); 1155 } 1156