1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 39 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 40 #define RFCOMM_TTY_MINOR 0 41 42 static DEFINE_MUTEX(rfcomm_ioctl_mutex); 43 static struct tty_driver *rfcomm_tty_driver; 44 45 struct rfcomm_dev { 46 struct tty_port port; 47 struct list_head list; 48 49 char name[12]; 50 int id; 51 unsigned long flags; 52 int err; 53 54 unsigned long status; /* don't export to userspace */ 55 56 bdaddr_t src; 57 bdaddr_t dst; 58 u8 channel; 59 60 uint modem_status; 61 62 struct rfcomm_dlc *dlc; 63 64 struct device *tty_dev; 65 66 atomic_t wmem_alloc; 67 68 struct sk_buff_head pending; 69 }; 70 71 static LIST_HEAD(rfcomm_dev_list); 72 static DEFINE_MUTEX(rfcomm_dev_lock); 73 74 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 75 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 76 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 77 78 /* ---- Device functions ---- */ 79 80 static void rfcomm_dev_destruct(struct tty_port *port) 81 { 82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 83 struct rfcomm_dlc *dlc = dev->dlc; 84 85 BT_DBG("dev %p dlc %p", dev, dlc); 86 87 rfcomm_dlc_lock(dlc); 88 /* Detach DLC if it's owned by this dev */ 89 if (dlc->owner == dev) 90 dlc->owner = NULL; 91 rfcomm_dlc_unlock(dlc); 92 93 rfcomm_dlc_put(dlc); 94 95 if (dev->tty_dev) 96 tty_unregister_device(rfcomm_tty_driver, dev->id); 97 98 mutex_lock(&rfcomm_dev_lock); 99 list_del(&dev->list); 100 mutex_unlock(&rfcomm_dev_lock); 101 102 kfree(dev); 103 104 /* It's safe to call module_put() here because socket still 105 holds reference to this module. */ 106 module_put(THIS_MODULE); 107 } 108 109 /* device-specific initialization: open the dlc */ 110 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 111 { 112 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 113 int err; 114 115 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 116 if (err) 117 set_bit(TTY_IO_ERROR, &tty->flags); 118 return err; 119 } 120 121 /* we block the open until the dlc->state becomes BT_CONNECTED */ 122 static bool rfcomm_dev_carrier_raised(struct tty_port *port) 123 { 124 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 125 126 return (dev->dlc->state == BT_CONNECTED); 127 } 128 129 /* device-specific cleanup: close the dlc */ 130 static void rfcomm_dev_shutdown(struct tty_port *port) 131 { 132 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 133 134 if (dev->tty_dev->parent) 135 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 136 137 /* close the dlc */ 138 rfcomm_dlc_close(dev->dlc, 0); 139 } 140 141 static const struct tty_port_operations rfcomm_port_ops = { 142 .destruct = rfcomm_dev_destruct, 143 .activate = rfcomm_dev_activate, 144 .shutdown = rfcomm_dev_shutdown, 145 .carrier_raised = rfcomm_dev_carrier_raised, 146 }; 147 148 static struct rfcomm_dev *__rfcomm_dev_lookup(int id) 149 { 150 struct rfcomm_dev *dev; 151 152 list_for_each_entry(dev, &rfcomm_dev_list, list) 153 if (dev->id == id) 154 return dev; 155 156 return NULL; 157 } 158 159 static struct rfcomm_dev *rfcomm_dev_get(int id) 160 { 161 struct rfcomm_dev *dev; 162 163 mutex_lock(&rfcomm_dev_lock); 164 165 dev = __rfcomm_dev_lookup(id); 166 167 if (dev && !tty_port_get(&dev->port)) 168 dev = NULL; 169 170 mutex_unlock(&rfcomm_dev_lock); 171 172 return dev; 173 } 174 175 static void rfcomm_reparent_device(struct rfcomm_dev *dev) 176 { 177 struct hci_dev *hdev; 178 struct hci_conn *conn; 179 180 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR); 181 if (!hdev) 182 return; 183 184 /* The lookup results are unsafe to access without the 185 * hci device lock (FIXME: why is this not documented?) 186 */ 187 hci_dev_lock(hdev); 188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 189 190 /* Just because the acl link is in the hash table is no 191 * guarantee the sysfs device has been added ... 192 */ 193 if (conn && device_is_registered(&conn->dev)) 194 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); 195 196 hci_dev_unlock(hdev); 197 hci_dev_put(hdev); 198 } 199 200 static ssize_t address_show(struct device *tty_dev, 201 struct device_attribute *attr, char *buf) 202 { 203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 204 return sprintf(buf, "%pMR\n", &dev->dst); 205 } 206 207 static ssize_t channel_show(struct device *tty_dev, 208 struct device_attribute *attr, char *buf) 209 { 210 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 211 return sprintf(buf, "%d\n", dev->channel); 212 } 213 214 static DEVICE_ATTR_RO(address); 215 static DEVICE_ATTR_RO(channel); 216 217 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, 218 struct rfcomm_dlc *dlc) 219 { 220 struct rfcomm_dev *dev, *entry; 221 struct list_head *head = &rfcomm_dev_list; 222 int err = 0; 223 224 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 225 if (!dev) 226 return ERR_PTR(-ENOMEM); 227 228 mutex_lock(&rfcomm_dev_lock); 229 230 if (req->dev_id < 0) { 231 dev->id = 0; 232 233 list_for_each_entry(entry, &rfcomm_dev_list, list) { 234 if (entry->id != dev->id) 235 break; 236 237 dev->id++; 238 head = &entry->list; 239 } 240 } else { 241 dev->id = req->dev_id; 242 243 list_for_each_entry(entry, &rfcomm_dev_list, list) { 244 if (entry->id == dev->id) { 245 err = -EADDRINUSE; 246 goto out; 247 } 248 249 if (entry->id > dev->id - 1) 250 break; 251 252 head = &entry->list; 253 } 254 } 255 256 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 257 err = -ENFILE; 258 goto out; 259 } 260 261 sprintf(dev->name, "rfcomm%d", dev->id); 262 263 list_add(&dev->list, head); 264 265 bacpy(&dev->src, &req->src); 266 bacpy(&dev->dst, &req->dst); 267 dev->channel = req->channel; 268 269 dev->flags = req->flags & 270 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 271 272 tty_port_init(&dev->port); 273 dev->port.ops = &rfcomm_port_ops; 274 275 skb_queue_head_init(&dev->pending); 276 277 rfcomm_dlc_lock(dlc); 278 279 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 280 struct sock *sk = dlc->owner; 281 struct sk_buff *skb; 282 283 BUG_ON(!sk); 284 285 rfcomm_dlc_throttle(dlc); 286 287 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 288 skb_orphan(skb); 289 skb_queue_tail(&dev->pending, skb); 290 atomic_sub(skb->len, &sk->sk_rmem_alloc); 291 } 292 } 293 294 dlc->data_ready = rfcomm_dev_data_ready; 295 dlc->state_change = rfcomm_dev_state_change; 296 dlc->modem_status = rfcomm_dev_modem_status; 297 298 dlc->owner = dev; 299 dev->dlc = dlc; 300 301 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 302 303 rfcomm_dlc_unlock(dlc); 304 305 /* It's safe to call __module_get() here because socket already 306 holds reference to this module. */ 307 __module_get(THIS_MODULE); 308 309 mutex_unlock(&rfcomm_dev_lock); 310 return dev; 311 312 out: 313 mutex_unlock(&rfcomm_dev_lock); 314 kfree(dev); 315 return ERR_PTR(err); 316 } 317 318 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 319 { 320 struct rfcomm_dev *dev; 321 struct device *tty; 322 323 BT_DBG("id %d channel %d", req->dev_id, req->channel); 324 325 dev = __rfcomm_dev_add(req, dlc); 326 if (IS_ERR(dev)) { 327 rfcomm_dlc_put(dlc); 328 return PTR_ERR(dev); 329 } 330 331 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, 332 dev->id, NULL); 333 if (IS_ERR(tty)) { 334 tty_port_put(&dev->port); 335 return PTR_ERR(tty); 336 } 337 338 dev->tty_dev = tty; 339 rfcomm_reparent_device(dev); 340 dev_set_drvdata(dev->tty_dev, dev); 341 342 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 343 BT_ERR("Failed to create address attribute"); 344 345 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 346 BT_ERR("Failed to create channel attribute"); 347 348 return dev->id; 349 } 350 351 /* ---- Send buffer ---- */ 352 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) 353 { 354 struct rfcomm_dlc *dlc = dev->dlc; 355 356 /* Limit the outstanding number of packets not yet sent to 40 */ 357 int pending = 40 - atomic_read(&dev->wmem_alloc); 358 359 return max(0, pending) * dlc->mtu; 360 } 361 362 static void rfcomm_wfree(struct sk_buff *skb) 363 { 364 struct rfcomm_dev *dev = (void *) skb->sk; 365 atomic_dec(&dev->wmem_alloc); 366 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 367 tty_port_tty_wakeup(&dev->port); 368 tty_port_put(&dev->port); 369 } 370 371 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 372 { 373 tty_port_get(&dev->port); 374 atomic_inc(&dev->wmem_alloc); 375 skb->sk = (void *) dev; 376 skb->destructor = rfcomm_wfree; 377 } 378 379 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 380 { 381 struct sk_buff *skb = alloc_skb(size, priority); 382 if (skb) 383 rfcomm_set_owner_w(skb, dev); 384 return skb; 385 } 386 387 /* ---- Device IOCTLs ---- */ 388 389 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 390 391 static int __rfcomm_create_dev(struct sock *sk, void __user *arg) 392 { 393 struct rfcomm_dev_req req; 394 struct rfcomm_dlc *dlc; 395 int id; 396 397 if (copy_from_user(&req, arg, sizeof(req))) 398 return -EFAULT; 399 400 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 401 402 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 403 return -EPERM; 404 405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 406 /* Socket must be connected */ 407 if (sk->sk_state != BT_CONNECTED) 408 return -EBADFD; 409 410 dlc = rfcomm_pi(sk)->dlc; 411 rfcomm_dlc_hold(dlc); 412 } else { 413 /* Validate the channel is unused */ 414 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); 415 if (IS_ERR(dlc)) 416 return PTR_ERR(dlc); 417 if (dlc) 418 return -EBUSY; 419 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 420 if (!dlc) 421 return -ENOMEM; 422 } 423 424 id = rfcomm_dev_add(&req, dlc); 425 if (id < 0) 426 return id; 427 428 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 429 /* DLC is now used by device. 430 * Socket must be disconnected */ 431 sk->sk_state = BT_CLOSED; 432 } 433 434 return id; 435 } 436 437 static int __rfcomm_release_dev(void __user *arg) 438 { 439 struct rfcomm_dev_req req; 440 struct rfcomm_dev *dev; 441 struct tty_struct *tty; 442 443 if (copy_from_user(&req, arg, sizeof(req))) 444 return -EFAULT; 445 446 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 447 448 dev = rfcomm_dev_get(req.dev_id); 449 if (!dev) 450 return -ENODEV; 451 452 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 453 tty_port_put(&dev->port); 454 return -EPERM; 455 } 456 457 /* only release once */ 458 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { 459 tty_port_put(&dev->port); 460 return -EALREADY; 461 } 462 463 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 464 rfcomm_dlc_close(dev->dlc, 0); 465 466 /* Shut down TTY synchronously before freeing rfcomm_dev */ 467 tty = tty_port_tty_get(&dev->port); 468 if (tty) { 469 tty_vhangup(tty); 470 tty_kref_put(tty); 471 } 472 473 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) 474 tty_port_put(&dev->port); 475 476 tty_port_put(&dev->port); 477 return 0; 478 } 479 480 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 481 { 482 int ret; 483 484 mutex_lock(&rfcomm_ioctl_mutex); 485 ret = __rfcomm_create_dev(sk, arg); 486 mutex_unlock(&rfcomm_ioctl_mutex); 487 488 return ret; 489 } 490 491 static int rfcomm_release_dev(void __user *arg) 492 { 493 int ret; 494 495 mutex_lock(&rfcomm_ioctl_mutex); 496 ret = __rfcomm_release_dev(arg); 497 mutex_unlock(&rfcomm_ioctl_mutex); 498 499 return ret; 500 } 501 502 static int rfcomm_get_dev_list(void __user *arg) 503 { 504 struct rfcomm_dev *dev; 505 struct rfcomm_dev_list_req *dl; 506 struct rfcomm_dev_info *di; 507 int n = 0, size, err; 508 u16 dev_num; 509 510 BT_DBG(""); 511 512 if (get_user(dev_num, (u16 __user *) arg)) 513 return -EFAULT; 514 515 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 516 return -EINVAL; 517 518 size = sizeof(*dl) + dev_num * sizeof(*di); 519 520 dl = kzalloc(size, GFP_KERNEL); 521 if (!dl) 522 return -ENOMEM; 523 524 di = dl->dev_info; 525 526 mutex_lock(&rfcomm_dev_lock); 527 528 list_for_each_entry(dev, &rfcomm_dev_list, list) { 529 if (!tty_port_get(&dev->port)) 530 continue; 531 (di + n)->id = dev->id; 532 (di + n)->flags = dev->flags; 533 (di + n)->state = dev->dlc->state; 534 (di + n)->channel = dev->channel; 535 bacpy(&(di + n)->src, &dev->src); 536 bacpy(&(di + n)->dst, &dev->dst); 537 tty_port_put(&dev->port); 538 if (++n >= dev_num) 539 break; 540 } 541 542 mutex_unlock(&rfcomm_dev_lock); 543 544 dl->dev_num = n; 545 size = sizeof(*dl) + n * sizeof(*di); 546 547 err = copy_to_user(arg, dl, size); 548 kfree(dl); 549 550 return err ? -EFAULT : 0; 551 } 552 553 static int rfcomm_get_dev_info(void __user *arg) 554 { 555 struct rfcomm_dev *dev; 556 struct rfcomm_dev_info di; 557 int err = 0; 558 559 BT_DBG(""); 560 561 if (copy_from_user(&di, arg, sizeof(di))) 562 return -EFAULT; 563 564 dev = rfcomm_dev_get(di.id); 565 if (!dev) 566 return -ENODEV; 567 568 di.flags = dev->flags; 569 di.channel = dev->channel; 570 di.state = dev->dlc->state; 571 bacpy(&di.src, &dev->src); 572 bacpy(&di.dst, &dev->dst); 573 574 if (copy_to_user(arg, &di, sizeof(di))) 575 err = -EFAULT; 576 577 tty_port_put(&dev->port); 578 return err; 579 } 580 581 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 582 { 583 BT_DBG("cmd %d arg %p", cmd, arg); 584 585 switch (cmd) { 586 case RFCOMMCREATEDEV: 587 return rfcomm_create_dev(sk, arg); 588 589 case RFCOMMRELEASEDEV: 590 return rfcomm_release_dev(arg); 591 592 case RFCOMMGETDEVLIST: 593 return rfcomm_get_dev_list(arg); 594 595 case RFCOMMGETDEVINFO: 596 return rfcomm_get_dev_info(arg); 597 } 598 599 return -EINVAL; 600 } 601 602 /* ---- DLC callbacks ---- */ 603 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 604 { 605 struct rfcomm_dev *dev = dlc->owner; 606 607 if (!dev) { 608 kfree_skb(skb); 609 return; 610 } 611 612 if (!skb_queue_empty(&dev->pending)) { 613 skb_queue_tail(&dev->pending, skb); 614 return; 615 } 616 617 BT_DBG("dlc %p len %d", dlc, skb->len); 618 619 tty_insert_flip_string(&dev->port, skb->data, skb->len); 620 tty_flip_buffer_push(&dev->port); 621 622 kfree_skb(skb); 623 } 624 625 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 626 { 627 struct rfcomm_dev *dev = dlc->owner; 628 if (!dev) 629 return; 630 631 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 632 633 dev->err = err; 634 if (dlc->state == BT_CONNECTED) { 635 rfcomm_reparent_device(dev); 636 637 wake_up_interruptible(&dev->port.open_wait); 638 } else if (dlc->state == BT_CLOSED) 639 tty_port_tty_hangup(&dev->port, false); 640 } 641 642 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 643 { 644 struct rfcomm_dev *dev = dlc->owner; 645 if (!dev) 646 return; 647 648 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 649 650 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 651 tty_port_tty_hangup(&dev->port, true); 652 653 dev->modem_status = 654 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 655 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 656 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 657 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 658 } 659 660 /* ---- TTY functions ---- */ 661 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 662 { 663 struct sk_buff *skb; 664 int inserted = 0; 665 666 BT_DBG("dev %p", dev); 667 668 rfcomm_dlc_lock(dev->dlc); 669 670 while ((skb = skb_dequeue(&dev->pending))) { 671 inserted += tty_insert_flip_string(&dev->port, skb->data, 672 skb->len); 673 kfree_skb(skb); 674 } 675 676 rfcomm_dlc_unlock(dev->dlc); 677 678 if (inserted > 0) 679 tty_flip_buffer_push(&dev->port); 680 } 681 682 /* do the reverse of install, clearing the tty fields and releasing the 683 * reference to tty_port 684 */ 685 static void rfcomm_tty_cleanup(struct tty_struct *tty) 686 { 687 struct rfcomm_dev *dev = tty->driver_data; 688 689 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 690 691 rfcomm_dlc_lock(dev->dlc); 692 tty->driver_data = NULL; 693 rfcomm_dlc_unlock(dev->dlc); 694 695 /* 696 * purge the dlc->tx_queue to avoid circular dependencies 697 * between dev and dlc 698 */ 699 skb_queue_purge(&dev->dlc->tx_queue); 700 701 tty_port_put(&dev->port); 702 } 703 704 /* we acquire the tty_port reference since it's here the tty is first used 705 * by setting the termios. We also populate the driver_data field and install 706 * the tty port 707 */ 708 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 709 { 710 struct rfcomm_dev *dev; 711 struct rfcomm_dlc *dlc; 712 int err; 713 714 dev = rfcomm_dev_get(tty->index); 715 if (!dev) 716 return -ENODEV; 717 718 dlc = dev->dlc; 719 720 /* Attach TTY and open DLC */ 721 rfcomm_dlc_lock(dlc); 722 tty->driver_data = dev; 723 rfcomm_dlc_unlock(dlc); 724 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 725 726 /* install the tty_port */ 727 err = tty_port_install(&dev->port, driver, tty); 728 if (err) { 729 rfcomm_tty_cleanup(tty); 730 return err; 731 } 732 733 /* take over the tty_port reference if the port was created with the 734 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port 735 * when the last process closes the tty. The behaviour is expected by 736 * userspace. 737 */ 738 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 739 set_bit(RFCOMM_TTY_OWNED, &dev->status); 740 tty_port_put(&dev->port); 741 } 742 743 return 0; 744 } 745 746 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 747 { 748 struct rfcomm_dev *dev = tty->driver_data; 749 int err; 750 751 BT_DBG("tty %p id %d", tty, tty->index); 752 753 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 754 dev->channel, dev->port.count); 755 756 err = tty_port_open(&dev->port, tty, filp); 757 if (err) 758 return err; 759 760 /* 761 * FIXME: rfcomm should use proper flow control for 762 * received data. This hack will be unnecessary and can 763 * be removed when that's implemented 764 */ 765 rfcomm_tty_copy_pending(dev); 766 767 rfcomm_dlc_unthrottle(dev->dlc); 768 769 return 0; 770 } 771 772 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 773 { 774 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 775 776 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 777 dev->port.count); 778 779 tty_port_close(&dev->port, tty, filp); 780 } 781 782 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 783 { 784 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 785 struct rfcomm_dlc *dlc = dev->dlc; 786 struct sk_buff *skb; 787 int sent = 0, size; 788 789 BT_DBG("tty %p count %d", tty, count); 790 791 while (count) { 792 size = min_t(uint, count, dlc->mtu); 793 794 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 795 if (!skb) 796 break; 797 798 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 799 800 skb_put_data(skb, buf + sent, size); 801 802 rfcomm_dlc_send_noerror(dlc, skb); 803 804 sent += size; 805 count -= size; 806 } 807 808 return sent; 809 } 810 811 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty) 812 { 813 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 814 int room = 0; 815 816 if (dev && dev->dlc) 817 room = rfcomm_room(dev); 818 819 BT_DBG("tty %p room %d", tty, room); 820 821 return room; 822 } 823 824 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 825 { 826 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 827 828 switch (cmd) { 829 case TCGETS: 830 BT_DBG("TCGETS is not supported"); 831 return -ENOIOCTLCMD; 832 833 case TCSETS: 834 BT_DBG("TCSETS is not supported"); 835 return -ENOIOCTLCMD; 836 837 case TIOCMIWAIT: 838 BT_DBG("TIOCMIWAIT"); 839 break; 840 841 case TIOCSERGETLSR: 842 BT_ERR("TIOCSERGETLSR is not supported"); 843 return -ENOIOCTLCMD; 844 845 case TIOCSERCONFIG: 846 BT_ERR("TIOCSERCONFIG is not supported"); 847 return -ENOIOCTLCMD; 848 849 default: 850 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 851 852 } 853 854 return -ENOIOCTLCMD; 855 } 856 857 static void rfcomm_tty_set_termios(struct tty_struct *tty, 858 const struct ktermios *old) 859 { 860 struct ktermios *new = &tty->termios; 861 int old_baud_rate = tty_termios_baud_rate(old); 862 int new_baud_rate = tty_termios_baud_rate(new); 863 864 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 865 u16 changes = 0; 866 867 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 868 869 BT_DBG("tty %p termios %p", tty, old); 870 871 if (!dev || !dev->dlc || !dev->dlc->session) 872 return; 873 874 /* Handle turning off CRTSCTS */ 875 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 876 BT_DBG("Turning off CRTSCTS unsupported"); 877 878 /* Parity on/off and when on, odd/even */ 879 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 880 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 881 changes |= RFCOMM_RPN_PM_PARITY; 882 BT_DBG("Parity change detected."); 883 } 884 885 /* Mark and space parity are not supported! */ 886 if (new->c_cflag & PARENB) { 887 if (new->c_cflag & PARODD) { 888 BT_DBG("Parity is ODD"); 889 parity = RFCOMM_RPN_PARITY_ODD; 890 } else { 891 BT_DBG("Parity is EVEN"); 892 parity = RFCOMM_RPN_PARITY_EVEN; 893 } 894 } else { 895 BT_DBG("Parity is OFF"); 896 parity = RFCOMM_RPN_PARITY_NONE; 897 } 898 899 /* Setting the x_on / x_off characters */ 900 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 901 BT_DBG("XOFF custom"); 902 x_on = new->c_cc[VSTOP]; 903 changes |= RFCOMM_RPN_PM_XON; 904 } else { 905 BT_DBG("XOFF default"); 906 x_on = RFCOMM_RPN_XON_CHAR; 907 } 908 909 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 910 BT_DBG("XON custom"); 911 x_off = new->c_cc[VSTART]; 912 changes |= RFCOMM_RPN_PM_XOFF; 913 } else { 914 BT_DBG("XON default"); 915 x_off = RFCOMM_RPN_XOFF_CHAR; 916 } 917 918 /* Handle setting of stop bits */ 919 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 920 changes |= RFCOMM_RPN_PM_STOP; 921 922 /* POSIX does not support 1.5 stop bits and RFCOMM does not 923 * support 2 stop bits. So a request for 2 stop bits gets 924 * translated to 1.5 stop bits */ 925 if (new->c_cflag & CSTOPB) 926 stop_bits = RFCOMM_RPN_STOP_15; 927 else 928 stop_bits = RFCOMM_RPN_STOP_1; 929 930 /* Handle number of data bits [5-8] */ 931 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 932 changes |= RFCOMM_RPN_PM_DATA; 933 934 switch (new->c_cflag & CSIZE) { 935 case CS5: 936 data_bits = RFCOMM_RPN_DATA_5; 937 break; 938 case CS6: 939 data_bits = RFCOMM_RPN_DATA_6; 940 break; 941 case CS7: 942 data_bits = RFCOMM_RPN_DATA_7; 943 break; 944 case CS8: 945 data_bits = RFCOMM_RPN_DATA_8; 946 break; 947 default: 948 data_bits = RFCOMM_RPN_DATA_8; 949 break; 950 } 951 952 /* Handle baudrate settings */ 953 if (old_baud_rate != new_baud_rate) 954 changes |= RFCOMM_RPN_PM_BITRATE; 955 956 switch (new_baud_rate) { 957 case 2400: 958 baud = RFCOMM_RPN_BR_2400; 959 break; 960 case 4800: 961 baud = RFCOMM_RPN_BR_4800; 962 break; 963 case 7200: 964 baud = RFCOMM_RPN_BR_7200; 965 break; 966 case 9600: 967 baud = RFCOMM_RPN_BR_9600; 968 break; 969 case 19200: 970 baud = RFCOMM_RPN_BR_19200; 971 break; 972 case 38400: 973 baud = RFCOMM_RPN_BR_38400; 974 break; 975 case 57600: 976 baud = RFCOMM_RPN_BR_57600; 977 break; 978 case 115200: 979 baud = RFCOMM_RPN_BR_115200; 980 break; 981 case 230400: 982 baud = RFCOMM_RPN_BR_230400; 983 break; 984 default: 985 /* 9600 is standard accordinag to the RFCOMM specification */ 986 baud = RFCOMM_RPN_BR_9600; 987 break; 988 989 } 990 991 if (changes) 992 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 993 data_bits, stop_bits, parity, 994 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 995 } 996 997 static void rfcomm_tty_throttle(struct tty_struct *tty) 998 { 999 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1000 1001 BT_DBG("tty %p dev %p", tty, dev); 1002 1003 rfcomm_dlc_throttle(dev->dlc); 1004 } 1005 1006 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1007 { 1008 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1009 1010 BT_DBG("tty %p dev %p", tty, dev); 1011 1012 rfcomm_dlc_unthrottle(dev->dlc); 1013 } 1014 1015 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1016 { 1017 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1018 1019 BT_DBG("tty %p dev %p", tty, dev); 1020 1021 if (!dev || !dev->dlc) 1022 return 0; 1023 1024 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1025 return dev->dlc->mtu; 1026 1027 return 0; 1028 } 1029 1030 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1031 { 1032 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1033 1034 BT_DBG("tty %p dev %p", tty, dev); 1035 1036 if (!dev || !dev->dlc) 1037 return; 1038 1039 skb_queue_purge(&dev->dlc->tx_queue); 1040 tty_wakeup(tty); 1041 } 1042 1043 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1044 { 1045 BT_DBG("tty %p ch %c", tty, ch); 1046 } 1047 1048 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1049 { 1050 BT_DBG("tty %p timeout %d", tty, timeout); 1051 } 1052 1053 static void rfcomm_tty_hangup(struct tty_struct *tty) 1054 { 1055 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1056 1057 BT_DBG("tty %p dev %p", tty, dev); 1058 1059 tty_port_hangup(&dev->port); 1060 } 1061 1062 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1063 { 1064 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1065 1066 BT_DBG("tty %p dev %p", tty, dev); 1067 1068 return dev->modem_status; 1069 } 1070 1071 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1072 { 1073 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1074 struct rfcomm_dlc *dlc = dev->dlc; 1075 u8 v24_sig; 1076 1077 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1078 1079 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1080 1081 if (set & TIOCM_DSR || set & TIOCM_DTR) 1082 v24_sig |= RFCOMM_V24_RTC; 1083 if (set & TIOCM_RTS || set & TIOCM_CTS) 1084 v24_sig |= RFCOMM_V24_RTR; 1085 if (set & TIOCM_RI) 1086 v24_sig |= RFCOMM_V24_IC; 1087 if (set & TIOCM_CD) 1088 v24_sig |= RFCOMM_V24_DV; 1089 1090 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1091 v24_sig &= ~RFCOMM_V24_RTC; 1092 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1093 v24_sig &= ~RFCOMM_V24_RTR; 1094 if (clear & TIOCM_RI) 1095 v24_sig &= ~RFCOMM_V24_IC; 1096 if (clear & TIOCM_CD) 1097 v24_sig &= ~RFCOMM_V24_DV; 1098 1099 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1100 1101 return 0; 1102 } 1103 1104 /* ---- TTY structure ---- */ 1105 1106 static const struct tty_operations rfcomm_ops = { 1107 .open = rfcomm_tty_open, 1108 .close = rfcomm_tty_close, 1109 .write = rfcomm_tty_write, 1110 .write_room = rfcomm_tty_write_room, 1111 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1112 .flush_buffer = rfcomm_tty_flush_buffer, 1113 .ioctl = rfcomm_tty_ioctl, 1114 .throttle = rfcomm_tty_throttle, 1115 .unthrottle = rfcomm_tty_unthrottle, 1116 .set_termios = rfcomm_tty_set_termios, 1117 .send_xchar = rfcomm_tty_send_xchar, 1118 .hangup = rfcomm_tty_hangup, 1119 .wait_until_sent = rfcomm_tty_wait_until_sent, 1120 .tiocmget = rfcomm_tty_tiocmget, 1121 .tiocmset = rfcomm_tty_tiocmset, 1122 .install = rfcomm_tty_install, 1123 .cleanup = rfcomm_tty_cleanup, 1124 }; 1125 1126 int __init rfcomm_init_ttys(void) 1127 { 1128 int error; 1129 1130 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS, 1131 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV); 1132 if (IS_ERR(rfcomm_tty_driver)) 1133 return PTR_ERR(rfcomm_tty_driver); 1134 1135 rfcomm_tty_driver->driver_name = "rfcomm"; 1136 rfcomm_tty_driver->name = "rfcomm"; 1137 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1138 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1139 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1140 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1141 rfcomm_tty_driver->init_termios = tty_std_termios; 1142 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1143 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1144 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1145 1146 error = tty_register_driver(rfcomm_tty_driver); 1147 if (error) { 1148 BT_ERR("Can't register RFCOMM TTY driver"); 1149 tty_driver_kref_put(rfcomm_tty_driver); 1150 return error; 1151 } 1152 1153 BT_INFO("RFCOMM TTY layer initialized"); 1154 1155 return 0; 1156 } 1157 1158 void rfcomm_cleanup_ttys(void) 1159 { 1160 tty_unregister_driver(rfcomm_tty_driver); 1161 tty_driver_kref_put(rfcomm_tty_driver); 1162 } 1163