1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 /* Refcount should only hit zero when called from rfcomm_dev_del() 109 which will have taken us off the list. Everything else are 110 refcounting bugs. */ 111 BUG_ON(!list_empty(&dev->list)); 112 113 kfree(dev); 114 115 /* It's safe to call module_put() here because socket still 116 holds reference to this module. */ 117 module_put(THIS_MODULE); 118 } 119 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 121 { 122 atomic_inc(&dev->refcnt); 123 } 124 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 126 { 127 /* The reason this isn't actually a race, as you no 128 doubt have a little voice screaming at you in your 129 head, is that the refcount should never actually 130 reach zero unless the device has already been taken 131 off the list, in rfcomm_dev_del(). And if that's not 132 true, we'll hit the BUG() in rfcomm_dev_destruct() 133 anyway. */ 134 if (atomic_dec_and_test(&dev->refcnt)) 135 rfcomm_dev_destruct(dev); 136 } 137 138 static struct rfcomm_dev *__rfcomm_dev_get(int id) 139 { 140 struct rfcomm_dev *dev; 141 struct list_head *p; 142 143 list_for_each(p, &rfcomm_dev_list) { 144 dev = list_entry(p, struct rfcomm_dev, list); 145 if (dev->id == id) 146 return dev; 147 } 148 149 return NULL; 150 } 151 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 read_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 if (dev) 160 rfcomm_dev_hold(dev); 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 184 { 185 struct rfcomm_dev *dev; 186 struct list_head *head = &rfcomm_dev_list, *p; 187 int err = 0; 188 189 BT_DBG("id %d channel %d", req->dev_id, req->channel); 190 191 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 192 if (!dev) 193 return -ENOMEM; 194 195 write_lock_bh(&rfcomm_dev_lock); 196 197 if (req->dev_id < 0) { 198 dev->id = 0; 199 200 list_for_each(p, &rfcomm_dev_list) { 201 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 202 break; 203 204 dev->id++; 205 head = p; 206 } 207 } else { 208 dev->id = req->dev_id; 209 210 list_for_each(p, &rfcomm_dev_list) { 211 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 212 213 if (entry->id == dev->id) { 214 err = -EADDRINUSE; 215 goto out; 216 } 217 218 if (entry->id > dev->id - 1) 219 break; 220 221 head = p; 222 } 223 } 224 225 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 226 err = -ENFILE; 227 goto out; 228 } 229 230 sprintf(dev->name, "rfcomm%d", dev->id); 231 232 list_add(&dev->list, head); 233 atomic_set(&dev->refcnt, 1); 234 235 bacpy(&dev->src, &req->src); 236 bacpy(&dev->dst, &req->dst); 237 dev->channel = req->channel; 238 239 dev->flags = req->flags & 240 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 241 242 init_waitqueue_head(&dev->wait); 243 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 244 245 rfcomm_dlc_lock(dlc); 246 dlc->data_ready = rfcomm_dev_data_ready; 247 dlc->state_change = rfcomm_dev_state_change; 248 dlc->modem_status = rfcomm_dev_modem_status; 249 250 dlc->owner = dev; 251 dev->dlc = dlc; 252 rfcomm_dlc_unlock(dlc); 253 254 /* It's safe to call __module_get() here because socket already 255 holds reference to this module. */ 256 __module_get(THIS_MODULE); 257 258 out: 259 write_unlock_bh(&rfcomm_dev_lock); 260 261 if (err) { 262 kfree(dev); 263 return err; 264 } 265 266 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 267 268 return dev->id; 269 } 270 271 static void rfcomm_dev_del(struct rfcomm_dev *dev) 272 { 273 BT_DBG("dev %p", dev); 274 275 write_lock_bh(&rfcomm_dev_lock); 276 list_del_init(&dev->list); 277 write_unlock_bh(&rfcomm_dev_lock); 278 279 rfcomm_dev_put(dev); 280 } 281 282 /* ---- Send buffer ---- */ 283 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 284 { 285 /* We can't let it be zero, because we don't get a callback 286 when tx_credits becomes nonzero, hence we'd never wake up */ 287 return dlc->mtu * (dlc->tx_credits?:1); 288 } 289 290 static void rfcomm_wfree(struct sk_buff *skb) 291 { 292 struct rfcomm_dev *dev = (void *) skb->sk; 293 atomic_sub(skb->truesize, &dev->wmem_alloc); 294 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 295 tasklet_schedule(&dev->wakeup_task); 296 rfcomm_dev_put(dev); 297 } 298 299 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 300 { 301 rfcomm_dev_hold(dev); 302 atomic_add(skb->truesize, &dev->wmem_alloc); 303 skb->sk = (void *) dev; 304 skb->destructor = rfcomm_wfree; 305 } 306 307 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 308 { 309 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 310 struct sk_buff *skb = alloc_skb(size, priority); 311 if (skb) { 312 rfcomm_set_owner_w(skb, dev); 313 return skb; 314 } 315 } 316 return NULL; 317 } 318 319 /* ---- Device IOCTLs ---- */ 320 321 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 322 323 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 324 { 325 struct rfcomm_dev_req req; 326 struct rfcomm_dlc *dlc; 327 int id; 328 329 if (copy_from_user(&req, arg, sizeof(req))) 330 return -EFAULT; 331 332 BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags); 333 334 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 335 return -EPERM; 336 337 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 338 /* Socket must be connected */ 339 if (sk->sk_state != BT_CONNECTED) 340 return -EBADFD; 341 342 dlc = rfcomm_pi(sk)->dlc; 343 rfcomm_dlc_hold(dlc); 344 } else { 345 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 346 if (!dlc) 347 return -ENOMEM; 348 } 349 350 id = rfcomm_dev_add(&req, dlc); 351 if (id < 0) { 352 rfcomm_dlc_put(dlc); 353 return id; 354 } 355 356 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 357 /* DLC is now used by device. 358 * Socket must be disconnected */ 359 sk->sk_state = BT_CLOSED; 360 } 361 362 return id; 363 } 364 365 static int rfcomm_release_dev(void __user *arg) 366 { 367 struct rfcomm_dev_req req; 368 struct rfcomm_dev *dev; 369 370 if (copy_from_user(&req, arg, sizeof(req))) 371 return -EFAULT; 372 373 BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags); 374 375 if (!(dev = rfcomm_dev_get(req.dev_id))) 376 return -ENODEV; 377 378 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 379 rfcomm_dev_put(dev); 380 return -EPERM; 381 } 382 383 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 384 rfcomm_dlc_close(dev->dlc, 0); 385 386 rfcomm_dev_del(dev); 387 rfcomm_dev_put(dev); 388 return 0; 389 } 390 391 static int rfcomm_get_dev_list(void __user *arg) 392 { 393 struct rfcomm_dev_list_req *dl; 394 struct rfcomm_dev_info *di; 395 struct list_head *p; 396 int n = 0, size, err; 397 u16 dev_num; 398 399 BT_DBG(""); 400 401 if (get_user(dev_num, (u16 __user *) arg)) 402 return -EFAULT; 403 404 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 405 return -EINVAL; 406 407 size = sizeof(*dl) + dev_num * sizeof(*di); 408 409 if (!(dl = kmalloc(size, GFP_KERNEL))) 410 return -ENOMEM; 411 412 di = dl->dev_info; 413 414 read_lock_bh(&rfcomm_dev_lock); 415 416 list_for_each(p, &rfcomm_dev_list) { 417 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 418 (di + n)->id = dev->id; 419 (di + n)->flags = dev->flags; 420 (di + n)->state = dev->dlc->state; 421 (di + n)->channel = dev->channel; 422 bacpy(&(di + n)->src, &dev->src); 423 bacpy(&(di + n)->dst, &dev->dst); 424 if (++n >= dev_num) 425 break; 426 } 427 428 read_unlock_bh(&rfcomm_dev_lock); 429 430 dl->dev_num = n; 431 size = sizeof(*dl) + n * sizeof(*di); 432 433 err = copy_to_user(arg, dl, size); 434 kfree(dl); 435 436 return err ? -EFAULT : 0; 437 } 438 439 static int rfcomm_get_dev_info(void __user *arg) 440 { 441 struct rfcomm_dev *dev; 442 struct rfcomm_dev_info di; 443 int err = 0; 444 445 BT_DBG(""); 446 447 if (copy_from_user(&di, arg, sizeof(di))) 448 return -EFAULT; 449 450 if (!(dev = rfcomm_dev_get(di.id))) 451 return -ENODEV; 452 453 di.flags = dev->flags; 454 di.channel = dev->channel; 455 di.state = dev->dlc->state; 456 bacpy(&di.src, &dev->src); 457 bacpy(&di.dst, &dev->dst); 458 459 if (copy_to_user(arg, &di, sizeof(di))) 460 err = -EFAULT; 461 462 rfcomm_dev_put(dev); 463 return err; 464 } 465 466 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 467 { 468 BT_DBG("cmd %d arg %p", cmd, arg); 469 470 switch (cmd) { 471 case RFCOMMCREATEDEV: 472 return rfcomm_create_dev(sk, arg); 473 474 case RFCOMMRELEASEDEV: 475 return rfcomm_release_dev(arg); 476 477 case RFCOMMGETDEVLIST: 478 return rfcomm_get_dev_list(arg); 479 480 case RFCOMMGETDEVINFO: 481 return rfcomm_get_dev_info(arg); 482 } 483 484 return -EINVAL; 485 } 486 487 /* ---- DLC callbacks ---- */ 488 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 489 { 490 struct rfcomm_dev *dev = dlc->owner; 491 struct tty_struct *tty; 492 493 if (!dev || !(tty = dev->tty)) { 494 kfree_skb(skb); 495 return; 496 } 497 498 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 499 500 tty_insert_flip_string(tty, skb->data, skb->len); 501 tty_flip_buffer_push(tty); 502 503 kfree_skb(skb); 504 } 505 506 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 507 { 508 struct rfcomm_dev *dev = dlc->owner; 509 if (!dev) 510 return; 511 512 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 513 514 dev->err = err; 515 wake_up_interruptible(&dev->wait); 516 517 if (dlc->state == BT_CLOSED) { 518 if (!dev->tty) { 519 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 520 if (rfcomm_dev_get(dev->id) == NULL) 521 return; 522 523 rfcomm_dev_del(dev); 524 /* We have to drop DLC lock here, otherwise 525 rfcomm_dev_put() will dead lock if it's 526 the last reference. */ 527 rfcomm_dlc_unlock(dlc); 528 rfcomm_dev_put(dev); 529 rfcomm_dlc_lock(dlc); 530 } 531 } else 532 tty_hangup(dev->tty); 533 } 534 } 535 536 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 537 { 538 struct rfcomm_dev *dev = dlc->owner; 539 if (!dev) 540 return; 541 542 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 543 544 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 545 if (dev->tty && !C_CLOCAL(dev->tty)) 546 tty_hangup(dev->tty); 547 } 548 549 dev->modem_status = 550 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 551 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 552 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 553 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 554 } 555 556 /* ---- TTY functions ---- */ 557 static void rfcomm_tty_wakeup(unsigned long arg) 558 { 559 struct rfcomm_dev *dev = (void *) arg; 560 struct tty_struct *tty = dev->tty; 561 if (!tty) 562 return; 563 564 BT_DBG("dev %p tty %p", dev, tty); 565 566 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 567 (tty->ldisc.write_wakeup)(tty); 568 569 wake_up_interruptible(&tty->write_wait); 570 #ifdef SERIAL_HAVE_POLL_WAIT 571 wake_up_interruptible(&tty->poll_wait); 572 #endif 573 } 574 575 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 576 { 577 DECLARE_WAITQUEUE(wait, current); 578 struct rfcomm_dev *dev; 579 struct rfcomm_dlc *dlc; 580 int err, id; 581 582 id = tty->index; 583 584 BT_DBG("tty %p id %d", tty, id); 585 586 /* We don't leak this refcount. For reasons which are not entirely 587 clear, the TTY layer will call our ->close() method even if the 588 open fails. We decrease the refcount there, and decreasing it 589 here too would cause breakage. */ 590 dev = rfcomm_dev_get(id); 591 if (!dev) 592 return -ENODEV; 593 594 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 595 596 if (dev->opened++ != 0) 597 return 0; 598 599 dlc = dev->dlc; 600 601 /* Attach TTY and open DLC */ 602 603 rfcomm_dlc_lock(dlc); 604 tty->driver_data = dev; 605 dev->tty = tty; 606 rfcomm_dlc_unlock(dlc); 607 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 608 609 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 610 if (err < 0) 611 return err; 612 613 /* Wait for DLC to connect */ 614 add_wait_queue(&dev->wait, &wait); 615 while (1) { 616 set_current_state(TASK_INTERRUPTIBLE); 617 618 if (dlc->state == BT_CLOSED) { 619 err = -dev->err; 620 break; 621 } 622 623 if (dlc->state == BT_CONNECTED) 624 break; 625 626 if (signal_pending(current)) { 627 err = -EINTR; 628 break; 629 } 630 631 schedule(); 632 } 633 set_current_state(TASK_RUNNING); 634 remove_wait_queue(&dev->wait, &wait); 635 636 if (err == 0) 637 device_move(dev->tty_dev, rfcomm_get_device(dev)); 638 639 return err; 640 } 641 642 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 643 { 644 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 645 if (!dev) 646 return; 647 648 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 649 650 if (--dev->opened == 0) { 651 device_move(dev->tty_dev, NULL); 652 653 /* Close DLC and dettach TTY */ 654 rfcomm_dlc_close(dev->dlc, 0); 655 656 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 657 tasklet_kill(&dev->wakeup_task); 658 659 rfcomm_dlc_lock(dev->dlc); 660 tty->driver_data = NULL; 661 dev->tty = NULL; 662 rfcomm_dlc_unlock(dev->dlc); 663 } 664 665 rfcomm_dev_put(dev); 666 } 667 668 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 669 { 670 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 671 struct rfcomm_dlc *dlc = dev->dlc; 672 struct sk_buff *skb; 673 int err = 0, sent = 0, size; 674 675 BT_DBG("tty %p count %d", tty, count); 676 677 while (count) { 678 size = min_t(uint, count, dlc->mtu); 679 680 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 681 682 if (!skb) 683 break; 684 685 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 686 687 memcpy(skb_put(skb, size), buf + sent, size); 688 689 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 690 kfree_skb(skb); 691 break; 692 } 693 694 sent += size; 695 count -= size; 696 } 697 698 return sent ? sent : err; 699 } 700 701 static int rfcomm_tty_write_room(struct tty_struct *tty) 702 { 703 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 704 int room; 705 706 BT_DBG("tty %p", tty); 707 708 if (!dev || !dev->dlc) 709 return 0; 710 711 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 712 if (room < 0) 713 room = 0; 714 715 return room; 716 } 717 718 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 719 { 720 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 721 722 switch (cmd) { 723 case TCGETS: 724 BT_DBG("TCGETS is not supported"); 725 return -ENOIOCTLCMD; 726 727 case TCSETS: 728 BT_DBG("TCSETS is not supported"); 729 return -ENOIOCTLCMD; 730 731 case TIOCMIWAIT: 732 BT_DBG("TIOCMIWAIT"); 733 break; 734 735 case TIOCGICOUNT: 736 BT_DBG("TIOCGICOUNT"); 737 break; 738 739 case TIOCGSERIAL: 740 BT_ERR("TIOCGSERIAL is not supported"); 741 return -ENOIOCTLCMD; 742 743 case TIOCSSERIAL: 744 BT_ERR("TIOCSSERIAL is not supported"); 745 return -ENOIOCTLCMD; 746 747 case TIOCSERGSTRUCT: 748 BT_ERR("TIOCSERGSTRUCT is not supported"); 749 return -ENOIOCTLCMD; 750 751 case TIOCSERGETLSR: 752 BT_ERR("TIOCSERGETLSR is not supported"); 753 return -ENOIOCTLCMD; 754 755 case TIOCSERCONFIG: 756 BT_ERR("TIOCSERCONFIG is not supported"); 757 return -ENOIOCTLCMD; 758 759 default: 760 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 761 762 } 763 764 return -ENOIOCTLCMD; 765 } 766 767 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 768 { 769 struct ktermios *new = tty->termios; 770 int old_baud_rate = tty_termios_baud_rate(old); 771 int new_baud_rate = tty_termios_baud_rate(new); 772 773 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 774 u16 changes = 0; 775 776 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 777 778 BT_DBG("tty %p termios %p", tty, old); 779 780 if (!dev || !dev->dlc || !dev->dlc->session) 781 return; 782 783 /* Handle turning off CRTSCTS */ 784 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 785 BT_DBG("Turning off CRTSCTS unsupported"); 786 787 /* Parity on/off and when on, odd/even */ 788 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 789 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 790 changes |= RFCOMM_RPN_PM_PARITY; 791 BT_DBG("Parity change detected."); 792 } 793 794 /* Mark and space parity are not supported! */ 795 if (new->c_cflag & PARENB) { 796 if (new->c_cflag & PARODD) { 797 BT_DBG("Parity is ODD"); 798 parity = RFCOMM_RPN_PARITY_ODD; 799 } else { 800 BT_DBG("Parity is EVEN"); 801 parity = RFCOMM_RPN_PARITY_EVEN; 802 } 803 } else { 804 BT_DBG("Parity is OFF"); 805 parity = RFCOMM_RPN_PARITY_NONE; 806 } 807 808 /* Setting the x_on / x_off characters */ 809 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 810 BT_DBG("XOFF custom"); 811 x_on = new->c_cc[VSTOP]; 812 changes |= RFCOMM_RPN_PM_XON; 813 } else { 814 BT_DBG("XOFF default"); 815 x_on = RFCOMM_RPN_XON_CHAR; 816 } 817 818 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 819 BT_DBG("XON custom"); 820 x_off = new->c_cc[VSTART]; 821 changes |= RFCOMM_RPN_PM_XOFF; 822 } else { 823 BT_DBG("XON default"); 824 x_off = RFCOMM_RPN_XOFF_CHAR; 825 } 826 827 /* Handle setting of stop bits */ 828 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 829 changes |= RFCOMM_RPN_PM_STOP; 830 831 /* POSIX does not support 1.5 stop bits and RFCOMM does not 832 * support 2 stop bits. So a request for 2 stop bits gets 833 * translated to 1.5 stop bits */ 834 if (new->c_cflag & CSTOPB) { 835 stop_bits = RFCOMM_RPN_STOP_15; 836 } else { 837 stop_bits = RFCOMM_RPN_STOP_1; 838 } 839 840 /* Handle number of data bits [5-8] */ 841 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 842 changes |= RFCOMM_RPN_PM_DATA; 843 844 switch (new->c_cflag & CSIZE) { 845 case CS5: 846 data_bits = RFCOMM_RPN_DATA_5; 847 break; 848 case CS6: 849 data_bits = RFCOMM_RPN_DATA_6; 850 break; 851 case CS7: 852 data_bits = RFCOMM_RPN_DATA_7; 853 break; 854 case CS8: 855 data_bits = RFCOMM_RPN_DATA_8; 856 break; 857 default: 858 data_bits = RFCOMM_RPN_DATA_8; 859 break; 860 } 861 862 /* Handle baudrate settings */ 863 if (old_baud_rate != new_baud_rate) 864 changes |= RFCOMM_RPN_PM_BITRATE; 865 866 switch (new_baud_rate) { 867 case 2400: 868 baud = RFCOMM_RPN_BR_2400; 869 break; 870 case 4800: 871 baud = RFCOMM_RPN_BR_4800; 872 break; 873 case 7200: 874 baud = RFCOMM_RPN_BR_7200; 875 break; 876 case 9600: 877 baud = RFCOMM_RPN_BR_9600; 878 break; 879 case 19200: 880 baud = RFCOMM_RPN_BR_19200; 881 break; 882 case 38400: 883 baud = RFCOMM_RPN_BR_38400; 884 break; 885 case 57600: 886 baud = RFCOMM_RPN_BR_57600; 887 break; 888 case 115200: 889 baud = RFCOMM_RPN_BR_115200; 890 break; 891 case 230400: 892 baud = RFCOMM_RPN_BR_230400; 893 break; 894 default: 895 /* 9600 is standard accordinag to the RFCOMM specification */ 896 baud = RFCOMM_RPN_BR_9600; 897 break; 898 899 } 900 901 if (changes) 902 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 903 data_bits, stop_bits, parity, 904 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 905 906 return; 907 } 908 909 static void rfcomm_tty_throttle(struct tty_struct *tty) 910 { 911 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 912 913 BT_DBG("tty %p dev %p", tty, dev); 914 915 rfcomm_dlc_throttle(dev->dlc); 916 } 917 918 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 919 { 920 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 921 922 BT_DBG("tty %p dev %p", tty, dev); 923 924 rfcomm_dlc_unthrottle(dev->dlc); 925 } 926 927 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 928 { 929 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 930 931 BT_DBG("tty %p dev %p", tty, dev); 932 933 if (!dev || !dev->dlc) 934 return 0; 935 936 if (!skb_queue_empty(&dev->dlc->tx_queue)) 937 return dev->dlc->mtu; 938 939 return 0; 940 } 941 942 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 943 { 944 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 945 946 BT_DBG("tty %p dev %p", tty, dev); 947 948 if (!dev || !dev->dlc) 949 return; 950 951 skb_queue_purge(&dev->dlc->tx_queue); 952 953 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 954 tty->ldisc.write_wakeup(tty); 955 } 956 957 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 958 { 959 BT_DBG("tty %p ch %c", tty, ch); 960 } 961 962 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 963 { 964 BT_DBG("tty %p timeout %d", tty, timeout); 965 } 966 967 static void rfcomm_tty_hangup(struct tty_struct *tty) 968 { 969 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 970 971 BT_DBG("tty %p dev %p", tty, dev); 972 973 if (!dev) 974 return; 975 976 rfcomm_tty_flush_buffer(tty); 977 978 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 979 if (rfcomm_dev_get(dev->id) == NULL) 980 return; 981 rfcomm_dev_del(dev); 982 rfcomm_dev_put(dev); 983 } 984 } 985 986 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 987 { 988 return 0; 989 } 990 991 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 992 { 993 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 994 995 BT_DBG("tty %p dev %p", tty, dev); 996 997 return dev->modem_status; 998 } 999 1000 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1001 { 1002 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1003 struct rfcomm_dlc *dlc = dev->dlc; 1004 u8 v24_sig; 1005 1006 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1007 1008 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1009 1010 if (set & TIOCM_DSR || set & TIOCM_DTR) 1011 v24_sig |= RFCOMM_V24_RTC; 1012 if (set & TIOCM_RTS || set & TIOCM_CTS) 1013 v24_sig |= RFCOMM_V24_RTR; 1014 if (set & TIOCM_RI) 1015 v24_sig |= RFCOMM_V24_IC; 1016 if (set & TIOCM_CD) 1017 v24_sig |= RFCOMM_V24_DV; 1018 1019 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1020 v24_sig &= ~RFCOMM_V24_RTC; 1021 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1022 v24_sig &= ~RFCOMM_V24_RTR; 1023 if (clear & TIOCM_RI) 1024 v24_sig &= ~RFCOMM_V24_IC; 1025 if (clear & TIOCM_CD) 1026 v24_sig &= ~RFCOMM_V24_DV; 1027 1028 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1029 1030 return 0; 1031 } 1032 1033 /* ---- TTY structure ---- */ 1034 1035 static const struct tty_operations rfcomm_ops = { 1036 .open = rfcomm_tty_open, 1037 .close = rfcomm_tty_close, 1038 .write = rfcomm_tty_write, 1039 .write_room = rfcomm_tty_write_room, 1040 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1041 .flush_buffer = rfcomm_tty_flush_buffer, 1042 .ioctl = rfcomm_tty_ioctl, 1043 .throttle = rfcomm_tty_throttle, 1044 .unthrottle = rfcomm_tty_unthrottle, 1045 .set_termios = rfcomm_tty_set_termios, 1046 .send_xchar = rfcomm_tty_send_xchar, 1047 .hangup = rfcomm_tty_hangup, 1048 .wait_until_sent = rfcomm_tty_wait_until_sent, 1049 .read_proc = rfcomm_tty_read_proc, 1050 .tiocmget = rfcomm_tty_tiocmget, 1051 .tiocmset = rfcomm_tty_tiocmset, 1052 }; 1053 1054 int rfcomm_init_ttys(void) 1055 { 1056 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1057 if (!rfcomm_tty_driver) 1058 return -1; 1059 1060 rfcomm_tty_driver->owner = THIS_MODULE; 1061 rfcomm_tty_driver->driver_name = "rfcomm"; 1062 rfcomm_tty_driver->name = "rfcomm"; 1063 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1064 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1065 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1066 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1067 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1068 rfcomm_tty_driver->init_termios = tty_std_termios; 1069 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1070 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1071 1072 if (tty_register_driver(rfcomm_tty_driver)) { 1073 BT_ERR("Can't register RFCOMM TTY driver"); 1074 put_tty_driver(rfcomm_tty_driver); 1075 return -1; 1076 } 1077 1078 BT_INFO("RFCOMM TTY layer initialized"); 1079 1080 return 0; 1081 } 1082 1083 void rfcomm_cleanup_ttys(void) 1084 { 1085 tty_unregister_driver(rfcomm_tty_driver); 1086 put_tty_driver(rfcomm_tty_driver); 1087 } 1088