1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 #include <net/bluetooth/rfcomm.h> 41 42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 45 #define RFCOMM_TTY_MINOR 0 46 47 static struct tty_driver *rfcomm_tty_driver; 48 49 struct rfcomm_dev { 50 struct list_head list; 51 atomic_t refcnt; 52 53 char name[12]; 54 int id; 55 unsigned long flags; 56 atomic_t opened; 57 int err; 58 59 bdaddr_t src; 60 bdaddr_t dst; 61 u8 channel; 62 63 uint modem_status; 64 65 struct rfcomm_dlc *dlc; 66 struct tty_struct *tty; 67 wait_queue_head_t wait; 68 struct tasklet_struct wakeup_task; 69 70 struct device *tty_dev; 71 72 atomic_t wmem_alloc; 73 74 struct sk_buff_head pending; 75 }; 76 77 static LIST_HEAD(rfcomm_dev_list); 78 static DEFINE_RWLOCK(rfcomm_dev_lock); 79 80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 83 84 static void rfcomm_tty_wakeup(unsigned long arg); 85 86 /* ---- Device functions ---- */ 87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 88 { 89 struct rfcomm_dlc *dlc = dev->dlc; 90 91 BT_DBG("dev %p dlc %p", dev, dlc); 92 93 /* Refcount should only hit zero when called from rfcomm_dev_del() 94 which will have taken us off the list. Everything else are 95 refcounting bugs. */ 96 BUG_ON(!list_empty(&dev->list)); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 kfree(dev); 109 110 /* It's safe to call module_put() here because socket still 111 holds reference to this module. */ 112 module_put(THIS_MODULE); 113 } 114 115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 116 { 117 atomic_inc(&dev->refcnt); 118 } 119 120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 121 { 122 /* The reason this isn't actually a race, as you no 123 doubt have a little voice screaming at you in your 124 head, is that the refcount should never actually 125 reach zero unless the device has already been taken 126 off the list, in rfcomm_dev_del(). And if that's not 127 true, we'll hit the BUG() in rfcomm_dev_destruct() 128 anyway. */ 129 if (atomic_dec_and_test(&dev->refcnt)) 130 rfcomm_dev_destruct(dev); 131 } 132 133 static struct rfcomm_dev *__rfcomm_dev_get(int id) 134 { 135 struct rfcomm_dev *dev; 136 struct list_head *p; 137 138 list_for_each(p, &rfcomm_dev_list) { 139 dev = list_entry(p, struct rfcomm_dev, list); 140 if (dev->id == id) 141 return dev; 142 } 143 144 return NULL; 145 } 146 147 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 148 { 149 struct rfcomm_dev *dev; 150 151 read_lock(&rfcomm_dev_lock); 152 153 dev = __rfcomm_dev_get(id); 154 155 if (dev) { 156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 157 dev = NULL; 158 else 159 rfcomm_dev_hold(dev); 160 } 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 184 { 185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 186 bdaddr_t bdaddr; 187 baswap(&bdaddr, &dev->dst); 188 return sprintf(buf, "%s\n", batostr(&bdaddr)); 189 } 190 191 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 192 { 193 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 194 return sprintf(buf, "%d\n", dev->channel); 195 } 196 197 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 198 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 199 200 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 201 { 202 struct rfcomm_dev *dev; 203 struct list_head *head = &rfcomm_dev_list, *p; 204 int err = 0; 205 206 BT_DBG("id %d channel %d", req->dev_id, req->channel); 207 208 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 209 if (!dev) 210 return -ENOMEM; 211 212 write_lock_bh(&rfcomm_dev_lock); 213 214 if (req->dev_id < 0) { 215 dev->id = 0; 216 217 list_for_each(p, &rfcomm_dev_list) { 218 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 219 break; 220 221 dev->id++; 222 head = p; 223 } 224 } else { 225 dev->id = req->dev_id; 226 227 list_for_each(p, &rfcomm_dev_list) { 228 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 229 230 if (entry->id == dev->id) { 231 err = -EADDRINUSE; 232 goto out; 233 } 234 235 if (entry->id > dev->id - 1) 236 break; 237 238 head = p; 239 } 240 } 241 242 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 243 err = -ENFILE; 244 goto out; 245 } 246 247 sprintf(dev->name, "rfcomm%d", dev->id); 248 249 list_add(&dev->list, head); 250 atomic_set(&dev->refcnt, 1); 251 252 bacpy(&dev->src, &req->src); 253 bacpy(&dev->dst, &req->dst); 254 dev->channel = req->channel; 255 256 dev->flags = req->flags & 257 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 258 259 atomic_set(&dev->opened, 0); 260 261 init_waitqueue_head(&dev->wait); 262 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 263 264 skb_queue_head_init(&dev->pending); 265 266 rfcomm_dlc_lock(dlc); 267 268 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 269 struct sock *sk = dlc->owner; 270 struct sk_buff *skb; 271 272 BUG_ON(!sk); 273 274 rfcomm_dlc_throttle(dlc); 275 276 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 277 skb_orphan(skb); 278 skb_queue_tail(&dev->pending, skb); 279 atomic_sub(skb->len, &sk->sk_rmem_alloc); 280 } 281 } 282 283 dlc->data_ready = rfcomm_dev_data_ready; 284 dlc->state_change = rfcomm_dev_state_change; 285 dlc->modem_status = rfcomm_dev_modem_status; 286 287 dlc->owner = dev; 288 dev->dlc = dlc; 289 290 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 291 292 rfcomm_dlc_unlock(dlc); 293 294 /* It's safe to call __module_get() here because socket already 295 holds reference to this module. */ 296 __module_get(THIS_MODULE); 297 298 out: 299 write_unlock_bh(&rfcomm_dev_lock); 300 301 if (err < 0) 302 goto free; 303 304 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 305 306 if (IS_ERR(dev->tty_dev)) { 307 err = PTR_ERR(dev->tty_dev); 308 list_del(&dev->list); 309 goto free; 310 } 311 312 dev_set_drvdata(dev->tty_dev, dev); 313 314 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 315 BT_ERR("Failed to create address attribute"); 316 317 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 318 BT_ERR("Failed to create channel attribute"); 319 320 return dev->id; 321 322 free: 323 kfree(dev); 324 return err; 325 } 326 327 static void rfcomm_dev_del(struct rfcomm_dev *dev) 328 { 329 BT_DBG("dev %p", dev); 330 331 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 332 333 if (atomic_read(&dev->opened) > 0) 334 return; 335 336 write_lock_bh(&rfcomm_dev_lock); 337 list_del_init(&dev->list); 338 write_unlock_bh(&rfcomm_dev_lock); 339 340 rfcomm_dev_put(dev); 341 } 342 343 /* ---- Send buffer ---- */ 344 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 345 { 346 /* We can't let it be zero, because we don't get a callback 347 when tx_credits becomes nonzero, hence we'd never wake up */ 348 return dlc->mtu * (dlc->tx_credits?:1); 349 } 350 351 static void rfcomm_wfree(struct sk_buff *skb) 352 { 353 struct rfcomm_dev *dev = (void *) skb->sk; 354 atomic_sub(skb->truesize, &dev->wmem_alloc); 355 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 356 tasklet_schedule(&dev->wakeup_task); 357 rfcomm_dev_put(dev); 358 } 359 360 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 361 { 362 rfcomm_dev_hold(dev); 363 atomic_add(skb->truesize, &dev->wmem_alloc); 364 skb->sk = (void *) dev; 365 skb->destructor = rfcomm_wfree; 366 } 367 368 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 369 { 370 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 371 struct sk_buff *skb = alloc_skb(size, priority); 372 if (skb) { 373 rfcomm_set_owner_w(skb, dev); 374 return skb; 375 } 376 } 377 return NULL; 378 } 379 380 /* ---- Device IOCTLs ---- */ 381 382 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 383 384 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 385 { 386 struct rfcomm_dev_req req; 387 struct rfcomm_dlc *dlc; 388 int id; 389 390 if (copy_from_user(&req, arg, sizeof(req))) 391 return -EFAULT; 392 393 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 394 395 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 396 return -EPERM; 397 398 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 399 /* Socket must be connected */ 400 if (sk->sk_state != BT_CONNECTED) 401 return -EBADFD; 402 403 dlc = rfcomm_pi(sk)->dlc; 404 rfcomm_dlc_hold(dlc); 405 } else { 406 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 407 if (!dlc) 408 return -ENOMEM; 409 } 410 411 id = rfcomm_dev_add(&req, dlc); 412 if (id < 0) { 413 rfcomm_dlc_put(dlc); 414 return id; 415 } 416 417 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 418 /* DLC is now used by device. 419 * Socket must be disconnected */ 420 sk->sk_state = BT_CLOSED; 421 } 422 423 return id; 424 } 425 426 static int rfcomm_release_dev(void __user *arg) 427 { 428 struct rfcomm_dev_req req; 429 struct rfcomm_dev *dev; 430 431 if (copy_from_user(&req, arg, sizeof(req))) 432 return -EFAULT; 433 434 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 435 436 if (!(dev = rfcomm_dev_get(req.dev_id))) 437 return -ENODEV; 438 439 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 440 rfcomm_dev_put(dev); 441 return -EPERM; 442 } 443 444 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 445 rfcomm_dlc_close(dev->dlc, 0); 446 447 /* Shut down TTY synchronously before freeing rfcomm_dev */ 448 if (dev->tty) 449 tty_vhangup(dev->tty); 450 451 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 452 rfcomm_dev_del(dev); 453 rfcomm_dev_put(dev); 454 return 0; 455 } 456 457 static int rfcomm_get_dev_list(void __user *arg) 458 { 459 struct rfcomm_dev_list_req *dl; 460 struct rfcomm_dev_info *di; 461 struct list_head *p; 462 int n = 0, size, err; 463 u16 dev_num; 464 465 BT_DBG(""); 466 467 if (get_user(dev_num, (u16 __user *) arg)) 468 return -EFAULT; 469 470 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 471 return -EINVAL; 472 473 size = sizeof(*dl) + dev_num * sizeof(*di); 474 475 if (!(dl = kmalloc(size, GFP_KERNEL))) 476 return -ENOMEM; 477 478 di = dl->dev_info; 479 480 read_lock_bh(&rfcomm_dev_lock); 481 482 list_for_each(p, &rfcomm_dev_list) { 483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 485 continue; 486 (di + n)->id = dev->id; 487 (di + n)->flags = dev->flags; 488 (di + n)->state = dev->dlc->state; 489 (di + n)->channel = dev->channel; 490 bacpy(&(di + n)->src, &dev->src); 491 bacpy(&(di + n)->dst, &dev->dst); 492 if (++n >= dev_num) 493 break; 494 } 495 496 read_unlock_bh(&rfcomm_dev_lock); 497 498 dl->dev_num = n; 499 size = sizeof(*dl) + n * sizeof(*di); 500 501 err = copy_to_user(arg, dl, size); 502 kfree(dl); 503 504 return err ? -EFAULT : 0; 505 } 506 507 static int rfcomm_get_dev_info(void __user *arg) 508 { 509 struct rfcomm_dev *dev; 510 struct rfcomm_dev_info di; 511 int err = 0; 512 513 BT_DBG(""); 514 515 if (copy_from_user(&di, arg, sizeof(di))) 516 return -EFAULT; 517 518 if (!(dev = rfcomm_dev_get(di.id))) 519 return -ENODEV; 520 521 di.flags = dev->flags; 522 di.channel = dev->channel; 523 di.state = dev->dlc->state; 524 bacpy(&di.src, &dev->src); 525 bacpy(&di.dst, &dev->dst); 526 527 if (copy_to_user(arg, &di, sizeof(di))) 528 err = -EFAULT; 529 530 rfcomm_dev_put(dev); 531 return err; 532 } 533 534 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 535 { 536 BT_DBG("cmd %d arg %p", cmd, arg); 537 538 switch (cmd) { 539 case RFCOMMCREATEDEV: 540 return rfcomm_create_dev(sk, arg); 541 542 case RFCOMMRELEASEDEV: 543 return rfcomm_release_dev(arg); 544 545 case RFCOMMGETDEVLIST: 546 return rfcomm_get_dev_list(arg); 547 548 case RFCOMMGETDEVINFO: 549 return rfcomm_get_dev_info(arg); 550 } 551 552 return -EINVAL; 553 } 554 555 /* ---- DLC callbacks ---- */ 556 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 557 { 558 struct rfcomm_dev *dev = dlc->owner; 559 struct tty_struct *tty; 560 561 if (!dev) { 562 kfree_skb(skb); 563 return; 564 } 565 566 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) { 567 skb_queue_tail(&dev->pending, skb); 568 return; 569 } 570 571 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 572 573 tty_insert_flip_string(tty, skb->data, skb->len); 574 tty_flip_buffer_push(tty); 575 576 kfree_skb(skb); 577 } 578 579 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 580 { 581 struct rfcomm_dev *dev = dlc->owner; 582 if (!dev) 583 return; 584 585 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 586 587 dev->err = err; 588 wake_up_interruptible(&dev->wait); 589 590 if (dlc->state == BT_CLOSED) { 591 if (!dev->tty) { 592 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 593 /* Drop DLC lock here to avoid deadlock 594 * 1. rfcomm_dev_get will take rfcomm_dev_lock 595 * but in rfcomm_dev_add there's lock order: 596 * rfcomm_dev_lock -> dlc lock 597 * 2. rfcomm_dev_put will deadlock if it's 598 * the last reference 599 */ 600 rfcomm_dlc_unlock(dlc); 601 if (rfcomm_dev_get(dev->id) == NULL) { 602 rfcomm_dlc_lock(dlc); 603 return; 604 } 605 606 rfcomm_dev_del(dev); 607 rfcomm_dev_put(dev); 608 rfcomm_dlc_lock(dlc); 609 } 610 } else 611 tty_hangup(dev->tty); 612 } 613 } 614 615 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 616 { 617 struct rfcomm_dev *dev = dlc->owner; 618 if (!dev) 619 return; 620 621 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 622 623 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 624 if (dev->tty && !C_CLOCAL(dev->tty)) 625 tty_hangup(dev->tty); 626 } 627 628 dev->modem_status = 629 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 630 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 631 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 632 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 633 } 634 635 /* ---- TTY functions ---- */ 636 static void rfcomm_tty_wakeup(unsigned long arg) 637 { 638 struct rfcomm_dev *dev = (void *) arg; 639 struct tty_struct *tty = dev->tty; 640 if (!tty) 641 return; 642 643 BT_DBG("dev %p tty %p", dev, tty); 644 tty_wakeup(tty); 645 } 646 647 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 648 { 649 struct tty_struct *tty = dev->tty; 650 struct sk_buff *skb; 651 int inserted = 0; 652 653 if (!tty) 654 return; 655 656 BT_DBG("dev %p tty %p", dev, tty); 657 658 rfcomm_dlc_lock(dev->dlc); 659 660 while ((skb = skb_dequeue(&dev->pending))) { 661 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 662 kfree_skb(skb); 663 } 664 665 rfcomm_dlc_unlock(dev->dlc); 666 667 if (inserted > 0) 668 tty_flip_buffer_push(tty); 669 } 670 671 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 672 { 673 DECLARE_WAITQUEUE(wait, current); 674 struct rfcomm_dev *dev; 675 struct rfcomm_dlc *dlc; 676 int err, id; 677 678 id = tty->index; 679 680 BT_DBG("tty %p id %d", tty, id); 681 682 /* We don't leak this refcount. For reasons which are not entirely 683 clear, the TTY layer will call our ->close() method even if the 684 open fails. We decrease the refcount there, and decreasing it 685 here too would cause breakage. */ 686 dev = rfcomm_dev_get(id); 687 if (!dev) 688 return -ENODEV; 689 690 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 691 dev->channel, atomic_read(&dev->opened)); 692 693 if (atomic_inc_return(&dev->opened) > 1) 694 return 0; 695 696 dlc = dev->dlc; 697 698 /* Attach TTY and open DLC */ 699 700 rfcomm_dlc_lock(dlc); 701 tty->driver_data = dev; 702 dev->tty = tty; 703 rfcomm_dlc_unlock(dlc); 704 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 705 706 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 707 if (err < 0) 708 return err; 709 710 /* Wait for DLC to connect */ 711 add_wait_queue(&dev->wait, &wait); 712 while (1) { 713 set_current_state(TASK_INTERRUPTIBLE); 714 715 if (dlc->state == BT_CLOSED) { 716 err = -dev->err; 717 break; 718 } 719 720 if (dlc->state == BT_CONNECTED) 721 break; 722 723 if (signal_pending(current)) { 724 err = -EINTR; 725 break; 726 } 727 728 schedule(); 729 } 730 set_current_state(TASK_RUNNING); 731 remove_wait_queue(&dev->wait, &wait); 732 733 if (err == 0) 734 device_move(dev->tty_dev, rfcomm_get_device(dev)); 735 736 rfcomm_tty_copy_pending(dev); 737 738 rfcomm_dlc_unthrottle(dev->dlc); 739 740 return err; 741 } 742 743 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 744 { 745 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 746 if (!dev) 747 return; 748 749 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 750 atomic_read(&dev->opened)); 751 752 if (atomic_dec_and_test(&dev->opened)) { 753 if (dev->tty_dev->parent) 754 device_move(dev->tty_dev, NULL); 755 756 /* Close DLC and dettach TTY */ 757 rfcomm_dlc_close(dev->dlc, 0); 758 759 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 760 tasklet_kill(&dev->wakeup_task); 761 762 rfcomm_dlc_lock(dev->dlc); 763 tty->driver_data = NULL; 764 dev->tty = NULL; 765 rfcomm_dlc_unlock(dev->dlc); 766 767 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 768 write_lock_bh(&rfcomm_dev_lock); 769 list_del_init(&dev->list); 770 write_unlock_bh(&rfcomm_dev_lock); 771 772 rfcomm_dev_put(dev); 773 } 774 } 775 776 rfcomm_dev_put(dev); 777 } 778 779 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 780 { 781 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 782 struct rfcomm_dlc *dlc = dev->dlc; 783 struct sk_buff *skb; 784 int err = 0, sent = 0, size; 785 786 BT_DBG("tty %p count %d", tty, count); 787 788 while (count) { 789 size = min_t(uint, count, dlc->mtu); 790 791 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 792 793 if (!skb) 794 break; 795 796 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 797 798 memcpy(skb_put(skb, size), buf + sent, size); 799 800 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 801 kfree_skb(skb); 802 break; 803 } 804 805 sent += size; 806 count -= size; 807 } 808 809 return sent ? sent : err; 810 } 811 812 static int rfcomm_tty_write_room(struct tty_struct *tty) 813 { 814 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 815 int room; 816 817 BT_DBG("tty %p", tty); 818 819 if (!dev || !dev->dlc) 820 return 0; 821 822 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 823 if (room < 0) 824 room = 0; 825 826 return room; 827 } 828 829 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 830 { 831 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 832 833 switch (cmd) { 834 case TCGETS: 835 BT_DBG("TCGETS is not supported"); 836 return -ENOIOCTLCMD; 837 838 case TCSETS: 839 BT_DBG("TCSETS is not supported"); 840 return -ENOIOCTLCMD; 841 842 case TIOCMIWAIT: 843 BT_DBG("TIOCMIWAIT"); 844 break; 845 846 case TIOCGICOUNT: 847 BT_DBG("TIOCGICOUNT"); 848 break; 849 850 case TIOCGSERIAL: 851 BT_ERR("TIOCGSERIAL is not supported"); 852 return -ENOIOCTLCMD; 853 854 case TIOCSSERIAL: 855 BT_ERR("TIOCSSERIAL is not supported"); 856 return -ENOIOCTLCMD; 857 858 case TIOCSERGSTRUCT: 859 BT_ERR("TIOCSERGSTRUCT is not supported"); 860 return -ENOIOCTLCMD; 861 862 case TIOCSERGETLSR: 863 BT_ERR("TIOCSERGETLSR is not supported"); 864 return -ENOIOCTLCMD; 865 866 case TIOCSERCONFIG: 867 BT_ERR("TIOCSERCONFIG is not supported"); 868 return -ENOIOCTLCMD; 869 870 default: 871 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 872 873 } 874 875 return -ENOIOCTLCMD; 876 } 877 878 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 879 { 880 struct ktermios *new = tty->termios; 881 int old_baud_rate = tty_termios_baud_rate(old); 882 int new_baud_rate = tty_termios_baud_rate(new); 883 884 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 885 u16 changes = 0; 886 887 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 888 889 BT_DBG("tty %p termios %p", tty, old); 890 891 if (!dev || !dev->dlc || !dev->dlc->session) 892 return; 893 894 /* Handle turning off CRTSCTS */ 895 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 896 BT_DBG("Turning off CRTSCTS unsupported"); 897 898 /* Parity on/off and when on, odd/even */ 899 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 900 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 901 changes |= RFCOMM_RPN_PM_PARITY; 902 BT_DBG("Parity change detected."); 903 } 904 905 /* Mark and space parity are not supported! */ 906 if (new->c_cflag & PARENB) { 907 if (new->c_cflag & PARODD) { 908 BT_DBG("Parity is ODD"); 909 parity = RFCOMM_RPN_PARITY_ODD; 910 } else { 911 BT_DBG("Parity is EVEN"); 912 parity = RFCOMM_RPN_PARITY_EVEN; 913 } 914 } else { 915 BT_DBG("Parity is OFF"); 916 parity = RFCOMM_RPN_PARITY_NONE; 917 } 918 919 /* Setting the x_on / x_off characters */ 920 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 921 BT_DBG("XOFF custom"); 922 x_on = new->c_cc[VSTOP]; 923 changes |= RFCOMM_RPN_PM_XON; 924 } else { 925 BT_DBG("XOFF default"); 926 x_on = RFCOMM_RPN_XON_CHAR; 927 } 928 929 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 930 BT_DBG("XON custom"); 931 x_off = new->c_cc[VSTART]; 932 changes |= RFCOMM_RPN_PM_XOFF; 933 } else { 934 BT_DBG("XON default"); 935 x_off = RFCOMM_RPN_XOFF_CHAR; 936 } 937 938 /* Handle setting of stop bits */ 939 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 940 changes |= RFCOMM_RPN_PM_STOP; 941 942 /* POSIX does not support 1.5 stop bits and RFCOMM does not 943 * support 2 stop bits. So a request for 2 stop bits gets 944 * translated to 1.5 stop bits */ 945 if (new->c_cflag & CSTOPB) { 946 stop_bits = RFCOMM_RPN_STOP_15; 947 } else { 948 stop_bits = RFCOMM_RPN_STOP_1; 949 } 950 951 /* Handle number of data bits [5-8] */ 952 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 953 changes |= RFCOMM_RPN_PM_DATA; 954 955 switch (new->c_cflag & CSIZE) { 956 case CS5: 957 data_bits = RFCOMM_RPN_DATA_5; 958 break; 959 case CS6: 960 data_bits = RFCOMM_RPN_DATA_6; 961 break; 962 case CS7: 963 data_bits = RFCOMM_RPN_DATA_7; 964 break; 965 case CS8: 966 data_bits = RFCOMM_RPN_DATA_8; 967 break; 968 default: 969 data_bits = RFCOMM_RPN_DATA_8; 970 break; 971 } 972 973 /* Handle baudrate settings */ 974 if (old_baud_rate != new_baud_rate) 975 changes |= RFCOMM_RPN_PM_BITRATE; 976 977 switch (new_baud_rate) { 978 case 2400: 979 baud = RFCOMM_RPN_BR_2400; 980 break; 981 case 4800: 982 baud = RFCOMM_RPN_BR_4800; 983 break; 984 case 7200: 985 baud = RFCOMM_RPN_BR_7200; 986 break; 987 case 9600: 988 baud = RFCOMM_RPN_BR_9600; 989 break; 990 case 19200: 991 baud = RFCOMM_RPN_BR_19200; 992 break; 993 case 38400: 994 baud = RFCOMM_RPN_BR_38400; 995 break; 996 case 57600: 997 baud = RFCOMM_RPN_BR_57600; 998 break; 999 case 115200: 1000 baud = RFCOMM_RPN_BR_115200; 1001 break; 1002 case 230400: 1003 baud = RFCOMM_RPN_BR_230400; 1004 break; 1005 default: 1006 /* 9600 is standard accordinag to the RFCOMM specification */ 1007 baud = RFCOMM_RPN_BR_9600; 1008 break; 1009 1010 } 1011 1012 if (changes) 1013 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1014 data_bits, stop_bits, parity, 1015 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1016 1017 return; 1018 } 1019 1020 static void rfcomm_tty_throttle(struct tty_struct *tty) 1021 { 1022 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1023 1024 BT_DBG("tty %p dev %p", tty, dev); 1025 1026 rfcomm_dlc_throttle(dev->dlc); 1027 } 1028 1029 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1030 { 1031 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1032 1033 BT_DBG("tty %p dev %p", tty, dev); 1034 1035 rfcomm_dlc_unthrottle(dev->dlc); 1036 } 1037 1038 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1039 { 1040 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1041 1042 BT_DBG("tty %p dev %p", tty, dev); 1043 1044 if (!dev || !dev->dlc) 1045 return 0; 1046 1047 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1048 return dev->dlc->mtu; 1049 1050 return 0; 1051 } 1052 1053 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1054 { 1055 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1056 1057 BT_DBG("tty %p dev %p", tty, dev); 1058 1059 if (!dev || !dev->dlc) 1060 return; 1061 1062 skb_queue_purge(&dev->dlc->tx_queue); 1063 tty_wakeup(tty); 1064 } 1065 1066 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1067 { 1068 BT_DBG("tty %p ch %c", tty, ch); 1069 } 1070 1071 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1072 { 1073 BT_DBG("tty %p timeout %d", tty, timeout); 1074 } 1075 1076 static void rfcomm_tty_hangup(struct tty_struct *tty) 1077 { 1078 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1079 1080 BT_DBG("tty %p dev %p", tty, dev); 1081 1082 if (!dev) 1083 return; 1084 1085 rfcomm_tty_flush_buffer(tty); 1086 1087 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1088 if (rfcomm_dev_get(dev->id) == NULL) 1089 return; 1090 rfcomm_dev_del(dev); 1091 rfcomm_dev_put(dev); 1092 } 1093 } 1094 1095 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 1096 { 1097 return 0; 1098 } 1099 1100 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1101 { 1102 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1103 1104 BT_DBG("tty %p dev %p", tty, dev); 1105 1106 return dev->modem_status; 1107 } 1108 1109 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1110 { 1111 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1112 struct rfcomm_dlc *dlc = dev->dlc; 1113 u8 v24_sig; 1114 1115 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1116 1117 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1118 1119 if (set & TIOCM_DSR || set & TIOCM_DTR) 1120 v24_sig |= RFCOMM_V24_RTC; 1121 if (set & TIOCM_RTS || set & TIOCM_CTS) 1122 v24_sig |= RFCOMM_V24_RTR; 1123 if (set & TIOCM_RI) 1124 v24_sig |= RFCOMM_V24_IC; 1125 if (set & TIOCM_CD) 1126 v24_sig |= RFCOMM_V24_DV; 1127 1128 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1129 v24_sig &= ~RFCOMM_V24_RTC; 1130 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1131 v24_sig &= ~RFCOMM_V24_RTR; 1132 if (clear & TIOCM_RI) 1133 v24_sig &= ~RFCOMM_V24_IC; 1134 if (clear & TIOCM_CD) 1135 v24_sig &= ~RFCOMM_V24_DV; 1136 1137 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1138 1139 return 0; 1140 } 1141 1142 /* ---- TTY structure ---- */ 1143 1144 static const struct tty_operations rfcomm_ops = { 1145 .open = rfcomm_tty_open, 1146 .close = rfcomm_tty_close, 1147 .write = rfcomm_tty_write, 1148 .write_room = rfcomm_tty_write_room, 1149 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1150 .flush_buffer = rfcomm_tty_flush_buffer, 1151 .ioctl = rfcomm_tty_ioctl, 1152 .throttle = rfcomm_tty_throttle, 1153 .unthrottle = rfcomm_tty_unthrottle, 1154 .set_termios = rfcomm_tty_set_termios, 1155 .send_xchar = rfcomm_tty_send_xchar, 1156 .hangup = rfcomm_tty_hangup, 1157 .wait_until_sent = rfcomm_tty_wait_until_sent, 1158 .read_proc = rfcomm_tty_read_proc, 1159 .tiocmget = rfcomm_tty_tiocmget, 1160 .tiocmset = rfcomm_tty_tiocmset, 1161 }; 1162 1163 int rfcomm_init_ttys(void) 1164 { 1165 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1166 if (!rfcomm_tty_driver) 1167 return -1; 1168 1169 rfcomm_tty_driver->owner = THIS_MODULE; 1170 rfcomm_tty_driver->driver_name = "rfcomm"; 1171 rfcomm_tty_driver->name = "rfcomm"; 1172 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1173 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1174 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1175 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1176 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1177 rfcomm_tty_driver->init_termios = tty_std_termios; 1178 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1179 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1180 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1181 1182 if (tty_register_driver(rfcomm_tty_driver)) { 1183 BT_ERR("Can't register RFCOMM TTY driver"); 1184 put_tty_driver(rfcomm_tty_driver); 1185 return -1; 1186 } 1187 1188 BT_INFO("RFCOMM TTY layer initialized"); 1189 1190 return 0; 1191 } 1192 1193 void rfcomm_cleanup_ttys(void) 1194 { 1195 tty_unregister_driver(rfcomm_tty_driver); 1196 put_tty_driver(rfcomm_tty_driver); 1197 } 1198