1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 #include <linux/workqueue.h> 38 39 #include <net/bluetooth/bluetooth.h> 40 #include <net/bluetooth/hci_core.h> 41 #include <net/bluetooth/rfcomm.h> 42 43 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 44 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 45 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 46 #define RFCOMM_TTY_MINOR 0 47 48 static struct tty_driver *rfcomm_tty_driver; 49 50 struct rfcomm_dev { 51 struct list_head list; 52 atomic_t refcnt; 53 54 char name[12]; 55 int id; 56 unsigned long flags; 57 atomic_t opened; 58 int err; 59 60 bdaddr_t src; 61 bdaddr_t dst; 62 u8 channel; 63 64 uint modem_status; 65 66 struct rfcomm_dlc *dlc; 67 struct tty_struct *tty; 68 wait_queue_head_t wait; 69 struct work_struct wakeup_task; 70 71 struct device *tty_dev; 72 73 atomic_t wmem_alloc; 74 75 struct sk_buff_head pending; 76 }; 77 78 static LIST_HEAD(rfcomm_dev_list); 79 static DEFINE_SPINLOCK(rfcomm_dev_lock); 80 81 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 82 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 83 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 84 85 static void rfcomm_tty_wakeup(struct work_struct *work); 86 87 /* ---- Device functions ---- */ 88 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 89 { 90 struct rfcomm_dlc *dlc = dev->dlc; 91 92 BT_DBG("dev %p dlc %p", dev, dlc); 93 94 /* Refcount should only hit zero when called from rfcomm_dev_del() 95 which will have taken us off the list. Everything else are 96 refcounting bugs. */ 97 BUG_ON(!list_empty(&dev->list)); 98 99 rfcomm_dlc_lock(dlc); 100 /* Detach DLC if it's owned by this dev */ 101 if (dlc->owner == dev) 102 dlc->owner = NULL; 103 rfcomm_dlc_unlock(dlc); 104 105 rfcomm_dlc_put(dlc); 106 107 tty_unregister_device(rfcomm_tty_driver, dev->id); 108 109 kfree(dev); 110 111 /* It's safe to call module_put() here because socket still 112 holds reference to this module. */ 113 module_put(THIS_MODULE); 114 } 115 116 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 117 { 118 atomic_inc(&dev->refcnt); 119 } 120 121 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 122 { 123 /* The reason this isn't actually a race, as you no 124 doubt have a little voice screaming at you in your 125 head, is that the refcount should never actually 126 reach zero unless the device has already been taken 127 off the list, in rfcomm_dev_del(). And if that's not 128 true, we'll hit the BUG() in rfcomm_dev_destruct() 129 anyway. */ 130 if (atomic_dec_and_test(&dev->refcnt)) 131 rfcomm_dev_destruct(dev); 132 } 133 134 static struct rfcomm_dev *__rfcomm_dev_get(int id) 135 { 136 struct rfcomm_dev *dev; 137 138 list_for_each_entry(dev, &rfcomm_dev_list, list) 139 if (dev->id == id) 140 return dev; 141 142 return NULL; 143 } 144 145 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 146 { 147 struct rfcomm_dev *dev; 148 149 spin_lock(&rfcomm_dev_lock); 150 151 dev = __rfcomm_dev_get(id); 152 153 if (dev) { 154 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 155 dev = NULL; 156 else 157 rfcomm_dev_hold(dev); 158 } 159 160 spin_unlock(&rfcomm_dev_lock); 161 162 return dev; 163 } 164 165 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 166 { 167 struct hci_dev *hdev; 168 struct hci_conn *conn; 169 170 hdev = hci_get_route(&dev->dst, &dev->src); 171 if (!hdev) 172 return NULL; 173 174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 175 176 hci_dev_put(hdev); 177 178 return conn ? &conn->dev : NULL; 179 } 180 181 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 182 { 183 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 184 return sprintf(buf, "%s\n", batostr(&dev->dst)); 185 } 186 187 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 188 { 189 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 190 return sprintf(buf, "%d\n", dev->channel); 191 } 192 193 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 194 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 195 196 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 197 { 198 struct rfcomm_dev *dev, *entry; 199 struct list_head *head = &rfcomm_dev_list, *p; 200 int err = 0; 201 202 BT_DBG("id %d channel %d", req->dev_id, req->channel); 203 204 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 205 if (!dev) 206 return -ENOMEM; 207 208 spin_lock(&rfcomm_dev_lock); 209 210 if (req->dev_id < 0) { 211 dev->id = 0; 212 213 list_for_each_entry(entry, &rfcomm_dev_list, list) { 214 if (entry->id != dev->id) 215 break; 216 217 dev->id++; 218 head = p; 219 } 220 } else { 221 dev->id = req->dev_id; 222 223 list_for_each_entry(entry, &rfcomm_dev_list, list) { 224 if (entry->id == dev->id) { 225 err = -EADDRINUSE; 226 goto out; 227 } 228 229 if (entry->id > dev->id - 1) 230 break; 231 232 head = p; 233 } 234 } 235 236 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 237 err = -ENFILE; 238 goto out; 239 } 240 241 sprintf(dev->name, "rfcomm%d", dev->id); 242 243 list_add(&dev->list, head); 244 atomic_set(&dev->refcnt, 1); 245 246 bacpy(&dev->src, &req->src); 247 bacpy(&dev->dst, &req->dst); 248 dev->channel = req->channel; 249 250 dev->flags = req->flags & 251 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 252 253 atomic_set(&dev->opened, 0); 254 255 init_waitqueue_head(&dev->wait); 256 INIT_WORK(&dev->wakeup_task, rfcomm_tty_wakeup); 257 258 skb_queue_head_init(&dev->pending); 259 260 rfcomm_dlc_lock(dlc); 261 262 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 263 struct sock *sk = dlc->owner; 264 struct sk_buff *skb; 265 266 BUG_ON(!sk); 267 268 rfcomm_dlc_throttle(dlc); 269 270 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 271 skb_orphan(skb); 272 skb_queue_tail(&dev->pending, skb); 273 atomic_sub(skb->len, &sk->sk_rmem_alloc); 274 } 275 } 276 277 dlc->data_ready = rfcomm_dev_data_ready; 278 dlc->state_change = rfcomm_dev_state_change; 279 dlc->modem_status = rfcomm_dev_modem_status; 280 281 dlc->owner = dev; 282 dev->dlc = dlc; 283 284 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 285 286 rfcomm_dlc_unlock(dlc); 287 288 /* It's safe to call __module_get() here because socket already 289 holds reference to this module. */ 290 __module_get(THIS_MODULE); 291 292 out: 293 spin_unlock(&rfcomm_dev_lock); 294 295 if (err < 0) 296 goto free; 297 298 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 299 300 if (IS_ERR(dev->tty_dev)) { 301 err = PTR_ERR(dev->tty_dev); 302 list_del(&dev->list); 303 goto free; 304 } 305 306 dev_set_drvdata(dev->tty_dev, dev); 307 308 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 309 BT_ERR("Failed to create address attribute"); 310 311 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 312 BT_ERR("Failed to create channel attribute"); 313 314 return dev->id; 315 316 free: 317 kfree(dev); 318 return err; 319 } 320 321 static void rfcomm_dev_del(struct rfcomm_dev *dev) 322 { 323 BT_DBG("dev %p", dev); 324 325 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 326 327 if (atomic_read(&dev->opened) > 0) 328 return; 329 330 spin_lock(&rfcomm_dev_lock); 331 list_del_init(&dev->list); 332 spin_unlock(&rfcomm_dev_lock); 333 334 rfcomm_dev_put(dev); 335 } 336 337 /* ---- Send buffer ---- */ 338 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 339 { 340 /* We can't let it be zero, because we don't get a callback 341 when tx_credits becomes nonzero, hence we'd never wake up */ 342 return dlc->mtu * (dlc->tx_credits?:1); 343 } 344 345 static void rfcomm_wfree(struct sk_buff *skb) 346 { 347 struct rfcomm_dev *dev = (void *) skb->sk; 348 atomic_sub(skb->truesize, &dev->wmem_alloc); 349 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 350 queue_work(system_nrt_wq, &dev->wakeup_task); 351 rfcomm_dev_put(dev); 352 } 353 354 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 355 { 356 rfcomm_dev_hold(dev); 357 atomic_add(skb->truesize, &dev->wmem_alloc); 358 skb->sk = (void *) dev; 359 skb->destructor = rfcomm_wfree; 360 } 361 362 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 363 { 364 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 365 struct sk_buff *skb = alloc_skb(size, priority); 366 if (skb) { 367 rfcomm_set_owner_w(skb, dev); 368 return skb; 369 } 370 } 371 return NULL; 372 } 373 374 /* ---- Device IOCTLs ---- */ 375 376 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 377 378 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 379 { 380 struct rfcomm_dev_req req; 381 struct rfcomm_dlc *dlc; 382 int id; 383 384 if (copy_from_user(&req, arg, sizeof(req))) 385 return -EFAULT; 386 387 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 388 389 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 390 return -EPERM; 391 392 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 393 /* Socket must be connected */ 394 if (sk->sk_state != BT_CONNECTED) 395 return -EBADFD; 396 397 dlc = rfcomm_pi(sk)->dlc; 398 rfcomm_dlc_hold(dlc); 399 } else { 400 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 401 if (!dlc) 402 return -ENOMEM; 403 } 404 405 id = rfcomm_dev_add(&req, dlc); 406 if (id < 0) { 407 rfcomm_dlc_put(dlc); 408 return id; 409 } 410 411 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 412 /* DLC is now used by device. 413 * Socket must be disconnected */ 414 sk->sk_state = BT_CLOSED; 415 } 416 417 return id; 418 } 419 420 static int rfcomm_release_dev(void __user *arg) 421 { 422 struct rfcomm_dev_req req; 423 struct rfcomm_dev *dev; 424 425 if (copy_from_user(&req, arg, sizeof(req))) 426 return -EFAULT; 427 428 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 429 430 dev = rfcomm_dev_get(req.dev_id); 431 if (!dev) 432 return -ENODEV; 433 434 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 435 rfcomm_dev_put(dev); 436 return -EPERM; 437 } 438 439 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 440 rfcomm_dlc_close(dev->dlc, 0); 441 442 /* Shut down TTY synchronously before freeing rfcomm_dev */ 443 if (dev->tty) 444 tty_vhangup(dev->tty); 445 446 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 447 rfcomm_dev_del(dev); 448 rfcomm_dev_put(dev); 449 return 0; 450 } 451 452 static int rfcomm_get_dev_list(void __user *arg) 453 { 454 struct rfcomm_dev *dev; 455 struct rfcomm_dev_list_req *dl; 456 struct rfcomm_dev_info *di; 457 int n = 0, size, err; 458 u16 dev_num; 459 460 BT_DBG(""); 461 462 if (get_user(dev_num, (u16 __user *) arg)) 463 return -EFAULT; 464 465 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 466 return -EINVAL; 467 468 size = sizeof(*dl) + dev_num * sizeof(*di); 469 470 dl = kmalloc(size, GFP_KERNEL); 471 if (!dl) 472 return -ENOMEM; 473 474 di = dl->dev_info; 475 476 spin_lock(&rfcomm_dev_lock); 477 478 list_for_each_entry(dev, &rfcomm_dev_list, list) { 479 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 480 continue; 481 (di + n)->id = dev->id; 482 (di + n)->flags = dev->flags; 483 (di + n)->state = dev->dlc->state; 484 (di + n)->channel = dev->channel; 485 bacpy(&(di + n)->src, &dev->src); 486 bacpy(&(di + n)->dst, &dev->dst); 487 if (++n >= dev_num) 488 break; 489 } 490 491 spin_unlock(&rfcomm_dev_lock); 492 493 dl->dev_num = n; 494 size = sizeof(*dl) + n * sizeof(*di); 495 496 err = copy_to_user(arg, dl, size); 497 kfree(dl); 498 499 return err ? -EFAULT : 0; 500 } 501 502 static int rfcomm_get_dev_info(void __user *arg) 503 { 504 struct rfcomm_dev *dev; 505 struct rfcomm_dev_info di; 506 int err = 0; 507 508 BT_DBG(""); 509 510 if (copy_from_user(&di, arg, sizeof(di))) 511 return -EFAULT; 512 513 dev = rfcomm_dev_get(di.id); 514 if (!dev) 515 return -ENODEV; 516 517 di.flags = dev->flags; 518 di.channel = dev->channel; 519 di.state = dev->dlc->state; 520 bacpy(&di.src, &dev->src); 521 bacpy(&di.dst, &dev->dst); 522 523 if (copy_to_user(arg, &di, sizeof(di))) 524 err = -EFAULT; 525 526 rfcomm_dev_put(dev); 527 return err; 528 } 529 530 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 531 { 532 BT_DBG("cmd %d arg %p", cmd, arg); 533 534 switch (cmd) { 535 case RFCOMMCREATEDEV: 536 return rfcomm_create_dev(sk, arg); 537 538 case RFCOMMRELEASEDEV: 539 return rfcomm_release_dev(arg); 540 541 case RFCOMMGETDEVLIST: 542 return rfcomm_get_dev_list(arg); 543 544 case RFCOMMGETDEVINFO: 545 return rfcomm_get_dev_info(arg); 546 } 547 548 return -EINVAL; 549 } 550 551 /* ---- DLC callbacks ---- */ 552 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 553 { 554 struct rfcomm_dev *dev = dlc->owner; 555 struct tty_struct *tty; 556 557 if (!dev) { 558 kfree_skb(skb); 559 return; 560 } 561 562 tty = dev->tty; 563 if (!tty || !skb_queue_empty(&dev->pending)) { 564 skb_queue_tail(&dev->pending, skb); 565 return; 566 } 567 568 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 569 570 tty_insert_flip_string(tty, skb->data, skb->len); 571 tty_flip_buffer_push(tty); 572 573 kfree_skb(skb); 574 } 575 576 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 577 { 578 struct rfcomm_dev *dev = dlc->owner; 579 if (!dev) 580 return; 581 582 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 583 584 dev->err = err; 585 wake_up_interruptible(&dev->wait); 586 587 if (dlc->state == BT_CLOSED) { 588 if (!dev->tty) { 589 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 590 /* Drop DLC lock here to avoid deadlock 591 * 1. rfcomm_dev_get will take rfcomm_dev_lock 592 * but in rfcomm_dev_add there's lock order: 593 * rfcomm_dev_lock -> dlc lock 594 * 2. rfcomm_dev_put will deadlock if it's 595 * the last reference 596 */ 597 rfcomm_dlc_unlock(dlc); 598 if (rfcomm_dev_get(dev->id) == NULL) { 599 rfcomm_dlc_lock(dlc); 600 return; 601 } 602 603 rfcomm_dev_del(dev); 604 rfcomm_dev_put(dev); 605 rfcomm_dlc_lock(dlc); 606 } 607 } else 608 tty_hangup(dev->tty); 609 } 610 } 611 612 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 613 { 614 struct rfcomm_dev *dev = dlc->owner; 615 if (!dev) 616 return; 617 618 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 619 620 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 621 if (dev->tty && !C_CLOCAL(dev->tty)) 622 tty_hangup(dev->tty); 623 } 624 625 dev->modem_status = 626 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 627 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 628 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 629 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 630 } 631 632 /* ---- TTY functions ---- */ 633 static void rfcomm_tty_wakeup(struct work_struct *work) 634 { 635 struct rfcomm_dev *dev = container_of(work, struct rfcomm_dev, 636 wakeup_task); 637 struct tty_struct *tty = dev->tty; 638 if (!tty) 639 return; 640 641 BT_DBG("dev %p tty %p", dev, tty); 642 tty_wakeup(tty); 643 } 644 645 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 646 { 647 struct tty_struct *tty = dev->tty; 648 struct sk_buff *skb; 649 int inserted = 0; 650 651 if (!tty) 652 return; 653 654 BT_DBG("dev %p tty %p", dev, tty); 655 656 rfcomm_dlc_lock(dev->dlc); 657 658 while ((skb = skb_dequeue(&dev->pending))) { 659 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 660 kfree_skb(skb); 661 } 662 663 rfcomm_dlc_unlock(dev->dlc); 664 665 if (inserted > 0) 666 tty_flip_buffer_push(tty); 667 } 668 669 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 670 { 671 DECLARE_WAITQUEUE(wait, current); 672 struct rfcomm_dev *dev; 673 struct rfcomm_dlc *dlc; 674 int err, id; 675 676 id = tty->index; 677 678 BT_DBG("tty %p id %d", tty, id); 679 680 /* We don't leak this refcount. For reasons which are not entirely 681 clear, the TTY layer will call our ->close() method even if the 682 open fails. We decrease the refcount there, and decreasing it 683 here too would cause breakage. */ 684 dev = rfcomm_dev_get(id); 685 if (!dev) 686 return -ENODEV; 687 688 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 689 dev->channel, atomic_read(&dev->opened)); 690 691 if (atomic_inc_return(&dev->opened) > 1) 692 return 0; 693 694 dlc = dev->dlc; 695 696 /* Attach TTY and open DLC */ 697 698 rfcomm_dlc_lock(dlc); 699 tty->driver_data = dev; 700 dev->tty = tty; 701 rfcomm_dlc_unlock(dlc); 702 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 703 704 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 705 if (err < 0) 706 return err; 707 708 /* Wait for DLC to connect */ 709 add_wait_queue(&dev->wait, &wait); 710 while (1) { 711 set_current_state(TASK_INTERRUPTIBLE); 712 713 if (dlc->state == BT_CLOSED) { 714 err = -dev->err; 715 break; 716 } 717 718 if (dlc->state == BT_CONNECTED) 719 break; 720 721 if (signal_pending(current)) { 722 err = -EINTR; 723 break; 724 } 725 726 tty_unlock(); 727 schedule(); 728 tty_lock(); 729 } 730 set_current_state(TASK_RUNNING); 731 remove_wait_queue(&dev->wait, &wait); 732 733 if (err == 0) 734 device_move(dev->tty_dev, rfcomm_get_device(dev), 735 DPM_ORDER_DEV_AFTER_PARENT); 736 737 rfcomm_tty_copy_pending(dev); 738 739 rfcomm_dlc_unthrottle(dev->dlc); 740 741 return err; 742 } 743 744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 745 { 746 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 747 if (!dev) 748 return; 749 750 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 751 atomic_read(&dev->opened)); 752 753 if (atomic_dec_and_test(&dev->opened)) { 754 if (dev->tty_dev->parent) 755 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 756 757 /* Close DLC and dettach TTY */ 758 rfcomm_dlc_close(dev->dlc, 0); 759 760 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 761 cancel_work_sync(&dev->wakeup_task); 762 763 rfcomm_dlc_lock(dev->dlc); 764 tty->driver_data = NULL; 765 dev->tty = NULL; 766 rfcomm_dlc_unlock(dev->dlc); 767 768 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 769 spin_lock(&rfcomm_dev_lock); 770 list_del_init(&dev->list); 771 spin_unlock(&rfcomm_dev_lock); 772 773 rfcomm_dev_put(dev); 774 } 775 } 776 777 rfcomm_dev_put(dev); 778 } 779 780 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 781 { 782 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 783 struct rfcomm_dlc *dlc = dev->dlc; 784 struct sk_buff *skb; 785 int err = 0, sent = 0, size; 786 787 BT_DBG("tty %p count %d", tty, count); 788 789 while (count) { 790 size = min_t(uint, count, dlc->mtu); 791 792 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 793 794 if (!skb) 795 break; 796 797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 798 799 memcpy(skb_put(skb, size), buf + sent, size); 800 801 err = rfcomm_dlc_send(dlc, skb); 802 if (err < 0) { 803 kfree_skb(skb); 804 break; 805 } 806 807 sent += size; 808 count -= size; 809 } 810 811 return sent ? sent : err; 812 } 813 814 static int rfcomm_tty_write_room(struct tty_struct *tty) 815 { 816 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 817 int room; 818 819 BT_DBG("tty %p", tty); 820 821 if (!dev || !dev->dlc) 822 return 0; 823 824 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 825 if (room < 0) 826 room = 0; 827 828 return room; 829 } 830 831 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 832 { 833 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 834 835 switch (cmd) { 836 case TCGETS: 837 BT_DBG("TCGETS is not supported"); 838 return -ENOIOCTLCMD; 839 840 case TCSETS: 841 BT_DBG("TCSETS is not supported"); 842 return -ENOIOCTLCMD; 843 844 case TIOCMIWAIT: 845 BT_DBG("TIOCMIWAIT"); 846 break; 847 848 case TIOCGSERIAL: 849 BT_ERR("TIOCGSERIAL is not supported"); 850 return -ENOIOCTLCMD; 851 852 case TIOCSSERIAL: 853 BT_ERR("TIOCSSERIAL is not supported"); 854 return -ENOIOCTLCMD; 855 856 case TIOCSERGSTRUCT: 857 BT_ERR("TIOCSERGSTRUCT is not supported"); 858 return -ENOIOCTLCMD; 859 860 case TIOCSERGETLSR: 861 BT_ERR("TIOCSERGETLSR is not supported"); 862 return -ENOIOCTLCMD; 863 864 case TIOCSERCONFIG: 865 BT_ERR("TIOCSERCONFIG is not supported"); 866 return -ENOIOCTLCMD; 867 868 default: 869 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 870 871 } 872 873 return -ENOIOCTLCMD; 874 } 875 876 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 877 { 878 struct ktermios *new = tty->termios; 879 int old_baud_rate = tty_termios_baud_rate(old); 880 int new_baud_rate = tty_termios_baud_rate(new); 881 882 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 883 u16 changes = 0; 884 885 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 886 887 BT_DBG("tty %p termios %p", tty, old); 888 889 if (!dev || !dev->dlc || !dev->dlc->session) 890 return; 891 892 /* Handle turning off CRTSCTS */ 893 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 894 BT_DBG("Turning off CRTSCTS unsupported"); 895 896 /* Parity on/off and when on, odd/even */ 897 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 898 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 899 changes |= RFCOMM_RPN_PM_PARITY; 900 BT_DBG("Parity change detected."); 901 } 902 903 /* Mark and space parity are not supported! */ 904 if (new->c_cflag & PARENB) { 905 if (new->c_cflag & PARODD) { 906 BT_DBG("Parity is ODD"); 907 parity = RFCOMM_RPN_PARITY_ODD; 908 } else { 909 BT_DBG("Parity is EVEN"); 910 parity = RFCOMM_RPN_PARITY_EVEN; 911 } 912 } else { 913 BT_DBG("Parity is OFF"); 914 parity = RFCOMM_RPN_PARITY_NONE; 915 } 916 917 /* Setting the x_on / x_off characters */ 918 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 919 BT_DBG("XOFF custom"); 920 x_on = new->c_cc[VSTOP]; 921 changes |= RFCOMM_RPN_PM_XON; 922 } else { 923 BT_DBG("XOFF default"); 924 x_on = RFCOMM_RPN_XON_CHAR; 925 } 926 927 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 928 BT_DBG("XON custom"); 929 x_off = new->c_cc[VSTART]; 930 changes |= RFCOMM_RPN_PM_XOFF; 931 } else { 932 BT_DBG("XON default"); 933 x_off = RFCOMM_RPN_XOFF_CHAR; 934 } 935 936 /* Handle setting of stop bits */ 937 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 938 changes |= RFCOMM_RPN_PM_STOP; 939 940 /* POSIX does not support 1.5 stop bits and RFCOMM does not 941 * support 2 stop bits. So a request for 2 stop bits gets 942 * translated to 1.5 stop bits */ 943 if (new->c_cflag & CSTOPB) 944 stop_bits = RFCOMM_RPN_STOP_15; 945 else 946 stop_bits = RFCOMM_RPN_STOP_1; 947 948 /* Handle number of data bits [5-8] */ 949 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 950 changes |= RFCOMM_RPN_PM_DATA; 951 952 switch (new->c_cflag & CSIZE) { 953 case CS5: 954 data_bits = RFCOMM_RPN_DATA_5; 955 break; 956 case CS6: 957 data_bits = RFCOMM_RPN_DATA_6; 958 break; 959 case CS7: 960 data_bits = RFCOMM_RPN_DATA_7; 961 break; 962 case CS8: 963 data_bits = RFCOMM_RPN_DATA_8; 964 break; 965 default: 966 data_bits = RFCOMM_RPN_DATA_8; 967 break; 968 } 969 970 /* Handle baudrate settings */ 971 if (old_baud_rate != new_baud_rate) 972 changes |= RFCOMM_RPN_PM_BITRATE; 973 974 switch (new_baud_rate) { 975 case 2400: 976 baud = RFCOMM_RPN_BR_2400; 977 break; 978 case 4800: 979 baud = RFCOMM_RPN_BR_4800; 980 break; 981 case 7200: 982 baud = RFCOMM_RPN_BR_7200; 983 break; 984 case 9600: 985 baud = RFCOMM_RPN_BR_9600; 986 break; 987 case 19200: 988 baud = RFCOMM_RPN_BR_19200; 989 break; 990 case 38400: 991 baud = RFCOMM_RPN_BR_38400; 992 break; 993 case 57600: 994 baud = RFCOMM_RPN_BR_57600; 995 break; 996 case 115200: 997 baud = RFCOMM_RPN_BR_115200; 998 break; 999 case 230400: 1000 baud = RFCOMM_RPN_BR_230400; 1001 break; 1002 default: 1003 /* 9600 is standard accordinag to the RFCOMM specification */ 1004 baud = RFCOMM_RPN_BR_9600; 1005 break; 1006 1007 } 1008 1009 if (changes) 1010 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1011 data_bits, stop_bits, parity, 1012 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1013 } 1014 1015 static void rfcomm_tty_throttle(struct tty_struct *tty) 1016 { 1017 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1018 1019 BT_DBG("tty %p dev %p", tty, dev); 1020 1021 rfcomm_dlc_throttle(dev->dlc); 1022 } 1023 1024 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1025 { 1026 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1027 1028 BT_DBG("tty %p dev %p", tty, dev); 1029 1030 rfcomm_dlc_unthrottle(dev->dlc); 1031 } 1032 1033 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1034 { 1035 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1036 1037 BT_DBG("tty %p dev %p", tty, dev); 1038 1039 if (!dev || !dev->dlc) 1040 return 0; 1041 1042 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1043 return dev->dlc->mtu; 1044 1045 return 0; 1046 } 1047 1048 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1049 { 1050 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1051 1052 BT_DBG("tty %p dev %p", tty, dev); 1053 1054 if (!dev || !dev->dlc) 1055 return; 1056 1057 skb_queue_purge(&dev->dlc->tx_queue); 1058 tty_wakeup(tty); 1059 } 1060 1061 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1062 { 1063 BT_DBG("tty %p ch %c", tty, ch); 1064 } 1065 1066 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1067 { 1068 BT_DBG("tty %p timeout %d", tty, timeout); 1069 } 1070 1071 static void rfcomm_tty_hangup(struct tty_struct *tty) 1072 { 1073 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1074 1075 BT_DBG("tty %p dev %p", tty, dev); 1076 1077 if (!dev) 1078 return; 1079 1080 rfcomm_tty_flush_buffer(tty); 1081 1082 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1083 if (rfcomm_dev_get(dev->id) == NULL) 1084 return; 1085 rfcomm_dev_del(dev); 1086 rfcomm_dev_put(dev); 1087 } 1088 } 1089 1090 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1091 { 1092 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1093 1094 BT_DBG("tty %p dev %p", tty, dev); 1095 1096 return dev->modem_status; 1097 } 1098 1099 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1100 { 1101 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1102 struct rfcomm_dlc *dlc = dev->dlc; 1103 u8 v24_sig; 1104 1105 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1106 1107 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1108 1109 if (set & TIOCM_DSR || set & TIOCM_DTR) 1110 v24_sig |= RFCOMM_V24_RTC; 1111 if (set & TIOCM_RTS || set & TIOCM_CTS) 1112 v24_sig |= RFCOMM_V24_RTR; 1113 if (set & TIOCM_RI) 1114 v24_sig |= RFCOMM_V24_IC; 1115 if (set & TIOCM_CD) 1116 v24_sig |= RFCOMM_V24_DV; 1117 1118 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1119 v24_sig &= ~RFCOMM_V24_RTC; 1120 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1121 v24_sig &= ~RFCOMM_V24_RTR; 1122 if (clear & TIOCM_RI) 1123 v24_sig &= ~RFCOMM_V24_IC; 1124 if (clear & TIOCM_CD) 1125 v24_sig &= ~RFCOMM_V24_DV; 1126 1127 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1128 1129 return 0; 1130 } 1131 1132 /* ---- TTY structure ---- */ 1133 1134 static const struct tty_operations rfcomm_ops = { 1135 .open = rfcomm_tty_open, 1136 .close = rfcomm_tty_close, 1137 .write = rfcomm_tty_write, 1138 .write_room = rfcomm_tty_write_room, 1139 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1140 .flush_buffer = rfcomm_tty_flush_buffer, 1141 .ioctl = rfcomm_tty_ioctl, 1142 .throttle = rfcomm_tty_throttle, 1143 .unthrottle = rfcomm_tty_unthrottle, 1144 .set_termios = rfcomm_tty_set_termios, 1145 .send_xchar = rfcomm_tty_send_xchar, 1146 .hangup = rfcomm_tty_hangup, 1147 .wait_until_sent = rfcomm_tty_wait_until_sent, 1148 .tiocmget = rfcomm_tty_tiocmget, 1149 .tiocmset = rfcomm_tty_tiocmset, 1150 }; 1151 1152 int __init rfcomm_init_ttys(void) 1153 { 1154 int error; 1155 1156 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1157 if (!rfcomm_tty_driver) 1158 return -ENOMEM; 1159 1160 rfcomm_tty_driver->owner = THIS_MODULE; 1161 rfcomm_tty_driver->driver_name = "rfcomm"; 1162 rfcomm_tty_driver->name = "rfcomm"; 1163 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1164 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1165 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1166 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1167 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1168 rfcomm_tty_driver->init_termios = tty_std_termios; 1169 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1170 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1171 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1172 1173 error = tty_register_driver(rfcomm_tty_driver); 1174 if (error) { 1175 BT_ERR("Can't register RFCOMM TTY driver"); 1176 put_tty_driver(rfcomm_tty_driver); 1177 return error; 1178 } 1179 1180 BT_INFO("RFCOMM TTY layer initialized"); 1181 1182 return 0; 1183 } 1184 1185 void rfcomm_cleanup_ttys(void) 1186 { 1187 tty_unregister_driver(rfcomm_tty_driver); 1188 put_tty_driver(rfcomm_tty_driver); 1189 } 1190