1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 * 27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $ 28 */ 29 30 #include <linux/module.h> 31 32 #include <linux/tty.h> 33 #include <linux/tty_driver.h> 34 #include <linux/tty_flip.h> 35 36 #include <linux/capability.h> 37 #include <linux/slab.h> 38 #include <linux/skbuff.h> 39 40 #include <net/bluetooth/bluetooth.h> 41 #include <net/bluetooth/hci_core.h> 42 #include <net/bluetooth/rfcomm.h> 43 44 #ifndef CONFIG_BT_RFCOMM_DEBUG 45 #undef BT_DBG 46 #define BT_DBG(D...) 47 #endif 48 49 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 51 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 52 #define RFCOMM_TTY_MINOR 0 53 54 static struct tty_driver *rfcomm_tty_driver; 55 56 struct rfcomm_dev { 57 struct list_head list; 58 atomic_t refcnt; 59 60 char name[12]; 61 int id; 62 unsigned long flags; 63 int opened; 64 int err; 65 66 bdaddr_t src; 67 bdaddr_t dst; 68 u8 channel; 69 70 uint modem_status; 71 72 struct rfcomm_dlc *dlc; 73 struct tty_struct *tty; 74 wait_queue_head_t wait; 75 struct tasklet_struct wakeup_task; 76 77 struct device *tty_dev; 78 79 atomic_t wmem_alloc; 80 }; 81 82 static LIST_HEAD(rfcomm_dev_list); 83 static DEFINE_RWLOCK(rfcomm_dev_lock); 84 85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 88 89 static void rfcomm_tty_wakeup(unsigned long arg); 90 91 /* ---- Device functions ---- */ 92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 93 { 94 struct rfcomm_dlc *dlc = dev->dlc; 95 96 BT_DBG("dev %p dlc %p", dev, dlc); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 /* Refcount should only hit zero when called from rfcomm_dev_del() 109 which will have taken us off the list. Everything else are 110 refcounting bugs. */ 111 BUG_ON(!list_empty(&dev->list)); 112 113 kfree(dev); 114 115 /* It's safe to call module_put() here because socket still 116 holds reference to this module. */ 117 module_put(THIS_MODULE); 118 } 119 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 121 { 122 atomic_inc(&dev->refcnt); 123 } 124 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 126 { 127 /* The reason this isn't actually a race, as you no 128 doubt have a little voice screaming at you in your 129 head, is that the refcount should never actually 130 reach zero unless the device has already been taken 131 off the list, in rfcomm_dev_del(). And if that's not 132 true, we'll hit the BUG() in rfcomm_dev_destruct() 133 anyway. */ 134 if (atomic_dec_and_test(&dev->refcnt)) 135 rfcomm_dev_destruct(dev); 136 } 137 138 static struct rfcomm_dev *__rfcomm_dev_get(int id) 139 { 140 struct rfcomm_dev *dev; 141 struct list_head *p; 142 143 list_for_each(p, &rfcomm_dev_list) { 144 dev = list_entry(p, struct rfcomm_dev, list); 145 if (dev->id == id) 146 return dev; 147 } 148 149 return NULL; 150 } 151 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 153 { 154 struct rfcomm_dev *dev; 155 156 read_lock(&rfcomm_dev_lock); 157 158 dev = __rfcomm_dev_get(id); 159 if (dev) 160 rfcomm_dev_hold(dev); 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 184 { 185 struct rfcomm_dev *dev; 186 struct list_head *head = &rfcomm_dev_list, *p; 187 int err = 0; 188 189 BT_DBG("id %d channel %d", req->dev_id, req->channel); 190 191 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 192 if (!dev) 193 return -ENOMEM; 194 195 write_lock_bh(&rfcomm_dev_lock); 196 197 if (req->dev_id < 0) { 198 dev->id = 0; 199 200 list_for_each(p, &rfcomm_dev_list) { 201 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 202 break; 203 204 dev->id++; 205 head = p; 206 } 207 } else { 208 dev->id = req->dev_id; 209 210 list_for_each(p, &rfcomm_dev_list) { 211 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 212 213 if (entry->id == dev->id) { 214 err = -EADDRINUSE; 215 goto out; 216 } 217 218 if (entry->id > dev->id - 1) 219 break; 220 221 head = p; 222 } 223 } 224 225 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 226 err = -ENFILE; 227 goto out; 228 } 229 230 sprintf(dev->name, "rfcomm%d", dev->id); 231 232 list_add(&dev->list, head); 233 atomic_set(&dev->refcnt, 1); 234 235 bacpy(&dev->src, &req->src); 236 bacpy(&dev->dst, &req->dst); 237 dev->channel = req->channel; 238 239 dev->flags = req->flags & 240 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 241 242 init_waitqueue_head(&dev->wait); 243 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 244 245 rfcomm_dlc_lock(dlc); 246 dlc->data_ready = rfcomm_dev_data_ready; 247 dlc->state_change = rfcomm_dev_state_change; 248 dlc->modem_status = rfcomm_dev_modem_status; 249 250 dlc->owner = dev; 251 dev->dlc = dlc; 252 rfcomm_dlc_unlock(dlc); 253 254 /* It's safe to call __module_get() here because socket already 255 holds reference to this module. */ 256 __module_get(THIS_MODULE); 257 258 out: 259 write_unlock_bh(&rfcomm_dev_lock); 260 261 if (err) { 262 kfree(dev); 263 return err; 264 } 265 266 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 267 268 return dev->id; 269 } 270 271 static void rfcomm_dev_del(struct rfcomm_dev *dev) 272 { 273 BT_DBG("dev %p", dev); 274 275 write_lock_bh(&rfcomm_dev_lock); 276 list_del_init(&dev->list); 277 write_unlock_bh(&rfcomm_dev_lock); 278 279 rfcomm_dev_put(dev); 280 } 281 282 /* ---- Send buffer ---- */ 283 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 284 { 285 /* We can't let it be zero, because we don't get a callback 286 when tx_credits becomes nonzero, hence we'd never wake up */ 287 return dlc->mtu * (dlc->tx_credits?:1); 288 } 289 290 static void rfcomm_wfree(struct sk_buff *skb) 291 { 292 struct rfcomm_dev *dev = (void *) skb->sk; 293 atomic_sub(skb->truesize, &dev->wmem_alloc); 294 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 295 tasklet_schedule(&dev->wakeup_task); 296 rfcomm_dev_put(dev); 297 } 298 299 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 300 { 301 rfcomm_dev_hold(dev); 302 atomic_add(skb->truesize, &dev->wmem_alloc); 303 skb->sk = (void *) dev; 304 skb->destructor = rfcomm_wfree; 305 } 306 307 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 308 { 309 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 310 struct sk_buff *skb = alloc_skb(size, priority); 311 if (skb) { 312 rfcomm_set_owner_w(skb, dev); 313 return skb; 314 } 315 } 316 return NULL; 317 } 318 319 /* ---- Device IOCTLs ---- */ 320 321 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 322 323 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 324 { 325 struct rfcomm_dev_req req; 326 struct rfcomm_dlc *dlc; 327 int id; 328 329 if (copy_from_user(&req, arg, sizeof(req))) 330 return -EFAULT; 331 332 BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags); 333 334 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 335 return -EPERM; 336 337 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 338 /* Socket must be connected */ 339 if (sk->sk_state != BT_CONNECTED) 340 return -EBADFD; 341 342 dlc = rfcomm_pi(sk)->dlc; 343 rfcomm_dlc_hold(dlc); 344 } else { 345 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 346 if (!dlc) 347 return -ENOMEM; 348 } 349 350 id = rfcomm_dev_add(&req, dlc); 351 if (id < 0) { 352 rfcomm_dlc_put(dlc); 353 return id; 354 } 355 356 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 357 /* DLC is now used by device. 358 * Socket must be disconnected */ 359 sk->sk_state = BT_CLOSED; 360 } 361 362 return id; 363 } 364 365 static int rfcomm_release_dev(void __user *arg) 366 { 367 struct rfcomm_dev_req req; 368 struct rfcomm_dev *dev; 369 370 if (copy_from_user(&req, arg, sizeof(req))) 371 return -EFAULT; 372 373 BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags); 374 375 if (!(dev = rfcomm_dev_get(req.dev_id))) 376 return -ENODEV; 377 378 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 379 rfcomm_dev_put(dev); 380 return -EPERM; 381 } 382 383 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 384 rfcomm_dlc_close(dev->dlc, 0); 385 386 rfcomm_dev_del(dev); 387 rfcomm_dev_put(dev); 388 return 0; 389 } 390 391 static int rfcomm_get_dev_list(void __user *arg) 392 { 393 struct rfcomm_dev_list_req *dl; 394 struct rfcomm_dev_info *di; 395 struct list_head *p; 396 int n = 0, size, err; 397 u16 dev_num; 398 399 BT_DBG(""); 400 401 if (get_user(dev_num, (u16 __user *) arg)) 402 return -EFAULT; 403 404 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 405 return -EINVAL; 406 407 size = sizeof(*dl) + dev_num * sizeof(*di); 408 409 if (!(dl = kmalloc(size, GFP_KERNEL))) 410 return -ENOMEM; 411 412 di = dl->dev_info; 413 414 read_lock_bh(&rfcomm_dev_lock); 415 416 list_for_each(p, &rfcomm_dev_list) { 417 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 418 (di + n)->id = dev->id; 419 (di + n)->flags = dev->flags; 420 (di + n)->state = dev->dlc->state; 421 (di + n)->channel = dev->channel; 422 bacpy(&(di + n)->src, &dev->src); 423 bacpy(&(di + n)->dst, &dev->dst); 424 if (++n >= dev_num) 425 break; 426 } 427 428 read_unlock_bh(&rfcomm_dev_lock); 429 430 dl->dev_num = n; 431 size = sizeof(*dl) + n * sizeof(*di); 432 433 err = copy_to_user(arg, dl, size); 434 kfree(dl); 435 436 return err ? -EFAULT : 0; 437 } 438 439 static int rfcomm_get_dev_info(void __user *arg) 440 { 441 struct rfcomm_dev *dev; 442 struct rfcomm_dev_info di; 443 int err = 0; 444 445 BT_DBG(""); 446 447 if (copy_from_user(&di, arg, sizeof(di))) 448 return -EFAULT; 449 450 if (!(dev = rfcomm_dev_get(di.id))) 451 return -ENODEV; 452 453 di.flags = dev->flags; 454 di.channel = dev->channel; 455 di.state = dev->dlc->state; 456 bacpy(&di.src, &dev->src); 457 bacpy(&di.dst, &dev->dst); 458 459 if (copy_to_user(arg, &di, sizeof(di))) 460 err = -EFAULT; 461 462 rfcomm_dev_put(dev); 463 return err; 464 } 465 466 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 467 { 468 BT_DBG("cmd %d arg %p", cmd, arg); 469 470 switch (cmd) { 471 case RFCOMMCREATEDEV: 472 return rfcomm_create_dev(sk, arg); 473 474 case RFCOMMRELEASEDEV: 475 return rfcomm_release_dev(arg); 476 477 case RFCOMMGETDEVLIST: 478 return rfcomm_get_dev_list(arg); 479 480 case RFCOMMGETDEVINFO: 481 return rfcomm_get_dev_info(arg); 482 } 483 484 return -EINVAL; 485 } 486 487 /* ---- DLC callbacks ---- */ 488 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 489 { 490 struct rfcomm_dev *dev = dlc->owner; 491 struct tty_struct *tty; 492 493 if (!dev || !(tty = dev->tty)) { 494 kfree_skb(skb); 495 return; 496 } 497 498 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 499 500 tty_insert_flip_string(tty, skb->data, skb->len); 501 tty_flip_buffer_push(tty); 502 503 kfree_skb(skb); 504 } 505 506 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 507 { 508 struct rfcomm_dev *dev = dlc->owner; 509 if (!dev) 510 return; 511 512 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 513 514 dev->err = err; 515 wake_up_interruptible(&dev->wait); 516 517 if (dlc->state == BT_CLOSED) { 518 if (!dev->tty) { 519 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 520 rfcomm_dev_hold(dev); 521 rfcomm_dev_del(dev); 522 523 /* We have to drop DLC lock here, otherwise 524 rfcomm_dev_put() will dead lock if it's 525 the last reference. */ 526 rfcomm_dlc_unlock(dlc); 527 rfcomm_dev_put(dev); 528 rfcomm_dlc_lock(dlc); 529 } 530 } else 531 tty_hangup(dev->tty); 532 } 533 } 534 535 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 536 { 537 struct rfcomm_dev *dev = dlc->owner; 538 if (!dev) 539 return; 540 541 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 542 543 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 544 if (dev->tty && !C_CLOCAL(dev->tty)) 545 tty_hangup(dev->tty); 546 } 547 548 dev->modem_status = 549 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 550 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 551 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 552 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 553 } 554 555 /* ---- TTY functions ---- */ 556 static void rfcomm_tty_wakeup(unsigned long arg) 557 { 558 struct rfcomm_dev *dev = (void *) arg; 559 struct tty_struct *tty = dev->tty; 560 if (!tty) 561 return; 562 563 BT_DBG("dev %p tty %p", dev, tty); 564 565 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 566 (tty->ldisc.write_wakeup)(tty); 567 568 wake_up_interruptible(&tty->write_wait); 569 #ifdef SERIAL_HAVE_POLL_WAIT 570 wake_up_interruptible(&tty->poll_wait); 571 #endif 572 } 573 574 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 575 { 576 DECLARE_WAITQUEUE(wait, current); 577 struct rfcomm_dev *dev; 578 struct rfcomm_dlc *dlc; 579 int err, id; 580 581 id = tty->index; 582 583 BT_DBG("tty %p id %d", tty, id); 584 585 /* We don't leak this refcount. For reasons which are not entirely 586 clear, the TTY layer will call our ->close() method even if the 587 open fails. We decrease the refcount there, and decreasing it 588 here too would cause breakage. */ 589 dev = rfcomm_dev_get(id); 590 if (!dev) 591 return -ENODEV; 592 593 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened); 594 595 if (dev->opened++ != 0) 596 return 0; 597 598 dlc = dev->dlc; 599 600 /* Attach TTY and open DLC */ 601 602 rfcomm_dlc_lock(dlc); 603 tty->driver_data = dev; 604 dev->tty = tty; 605 rfcomm_dlc_unlock(dlc); 606 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 607 608 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 609 if (err < 0) 610 return err; 611 612 /* Wait for DLC to connect */ 613 add_wait_queue(&dev->wait, &wait); 614 while (1) { 615 set_current_state(TASK_INTERRUPTIBLE); 616 617 if (dlc->state == BT_CLOSED) { 618 err = -dev->err; 619 break; 620 } 621 622 if (dlc->state == BT_CONNECTED) 623 break; 624 625 if (signal_pending(current)) { 626 err = -EINTR; 627 break; 628 } 629 630 schedule(); 631 } 632 set_current_state(TASK_RUNNING); 633 remove_wait_queue(&dev->wait, &wait); 634 635 if (err == 0) 636 device_move(dev->tty_dev, rfcomm_get_device(dev)); 637 638 return err; 639 } 640 641 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 642 { 643 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 644 if (!dev) 645 return; 646 647 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened); 648 649 if (--dev->opened == 0) { 650 device_move(dev->tty_dev, NULL); 651 652 /* Close DLC and dettach TTY */ 653 rfcomm_dlc_close(dev->dlc, 0); 654 655 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 656 tasklet_kill(&dev->wakeup_task); 657 658 rfcomm_dlc_lock(dev->dlc); 659 tty->driver_data = NULL; 660 dev->tty = NULL; 661 rfcomm_dlc_unlock(dev->dlc); 662 } 663 664 rfcomm_dev_put(dev); 665 } 666 667 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 668 { 669 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 670 struct rfcomm_dlc *dlc = dev->dlc; 671 struct sk_buff *skb; 672 int err = 0, sent = 0, size; 673 674 BT_DBG("tty %p count %d", tty, count); 675 676 while (count) { 677 size = min_t(uint, count, dlc->mtu); 678 679 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 680 681 if (!skb) 682 break; 683 684 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 685 686 memcpy(skb_put(skb, size), buf + sent, size); 687 688 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 689 kfree_skb(skb); 690 break; 691 } 692 693 sent += size; 694 count -= size; 695 } 696 697 return sent ? sent : err; 698 } 699 700 static int rfcomm_tty_write_room(struct tty_struct *tty) 701 { 702 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 703 int room; 704 705 BT_DBG("tty %p", tty); 706 707 if (!dev || !dev->dlc) 708 return 0; 709 710 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 711 if (room < 0) 712 room = 0; 713 714 return room; 715 } 716 717 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 718 { 719 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 720 721 switch (cmd) { 722 case TCGETS: 723 BT_DBG("TCGETS is not supported"); 724 return -ENOIOCTLCMD; 725 726 case TCSETS: 727 BT_DBG("TCSETS is not supported"); 728 return -ENOIOCTLCMD; 729 730 case TIOCMIWAIT: 731 BT_DBG("TIOCMIWAIT"); 732 break; 733 734 case TIOCGICOUNT: 735 BT_DBG("TIOCGICOUNT"); 736 break; 737 738 case TIOCGSERIAL: 739 BT_ERR("TIOCGSERIAL is not supported"); 740 return -ENOIOCTLCMD; 741 742 case TIOCSSERIAL: 743 BT_ERR("TIOCSSERIAL is not supported"); 744 return -ENOIOCTLCMD; 745 746 case TIOCSERGSTRUCT: 747 BT_ERR("TIOCSERGSTRUCT is not supported"); 748 return -ENOIOCTLCMD; 749 750 case TIOCSERGETLSR: 751 BT_ERR("TIOCSERGETLSR is not supported"); 752 return -ENOIOCTLCMD; 753 754 case TIOCSERCONFIG: 755 BT_ERR("TIOCSERCONFIG is not supported"); 756 return -ENOIOCTLCMD; 757 758 default: 759 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 760 761 } 762 763 return -ENOIOCTLCMD; 764 } 765 766 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 767 { 768 struct ktermios *new = tty->termios; 769 int old_baud_rate = tty_termios_baud_rate(old); 770 int new_baud_rate = tty_termios_baud_rate(new); 771 772 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 773 u16 changes = 0; 774 775 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 776 777 BT_DBG("tty %p termios %p", tty, old); 778 779 if (!dev || !dev->dlc || !dev->dlc->session) 780 return; 781 782 /* Handle turning off CRTSCTS */ 783 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 784 BT_DBG("Turning off CRTSCTS unsupported"); 785 786 /* Parity on/off and when on, odd/even */ 787 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 788 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 789 changes |= RFCOMM_RPN_PM_PARITY; 790 BT_DBG("Parity change detected."); 791 } 792 793 /* Mark and space parity are not supported! */ 794 if (new->c_cflag & PARENB) { 795 if (new->c_cflag & PARODD) { 796 BT_DBG("Parity is ODD"); 797 parity = RFCOMM_RPN_PARITY_ODD; 798 } else { 799 BT_DBG("Parity is EVEN"); 800 parity = RFCOMM_RPN_PARITY_EVEN; 801 } 802 } else { 803 BT_DBG("Parity is OFF"); 804 parity = RFCOMM_RPN_PARITY_NONE; 805 } 806 807 /* Setting the x_on / x_off characters */ 808 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 809 BT_DBG("XOFF custom"); 810 x_on = new->c_cc[VSTOP]; 811 changes |= RFCOMM_RPN_PM_XON; 812 } else { 813 BT_DBG("XOFF default"); 814 x_on = RFCOMM_RPN_XON_CHAR; 815 } 816 817 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 818 BT_DBG("XON custom"); 819 x_off = new->c_cc[VSTART]; 820 changes |= RFCOMM_RPN_PM_XOFF; 821 } else { 822 BT_DBG("XON default"); 823 x_off = RFCOMM_RPN_XOFF_CHAR; 824 } 825 826 /* Handle setting of stop bits */ 827 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 828 changes |= RFCOMM_RPN_PM_STOP; 829 830 /* POSIX does not support 1.5 stop bits and RFCOMM does not 831 * support 2 stop bits. So a request for 2 stop bits gets 832 * translated to 1.5 stop bits */ 833 if (new->c_cflag & CSTOPB) { 834 stop_bits = RFCOMM_RPN_STOP_15; 835 } else { 836 stop_bits = RFCOMM_RPN_STOP_1; 837 } 838 839 /* Handle number of data bits [5-8] */ 840 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 841 changes |= RFCOMM_RPN_PM_DATA; 842 843 switch (new->c_cflag & CSIZE) { 844 case CS5: 845 data_bits = RFCOMM_RPN_DATA_5; 846 break; 847 case CS6: 848 data_bits = RFCOMM_RPN_DATA_6; 849 break; 850 case CS7: 851 data_bits = RFCOMM_RPN_DATA_7; 852 break; 853 case CS8: 854 data_bits = RFCOMM_RPN_DATA_8; 855 break; 856 default: 857 data_bits = RFCOMM_RPN_DATA_8; 858 break; 859 } 860 861 /* Handle baudrate settings */ 862 if (old_baud_rate != new_baud_rate) 863 changes |= RFCOMM_RPN_PM_BITRATE; 864 865 switch (new_baud_rate) { 866 case 2400: 867 baud = RFCOMM_RPN_BR_2400; 868 break; 869 case 4800: 870 baud = RFCOMM_RPN_BR_4800; 871 break; 872 case 7200: 873 baud = RFCOMM_RPN_BR_7200; 874 break; 875 case 9600: 876 baud = RFCOMM_RPN_BR_9600; 877 break; 878 case 19200: 879 baud = RFCOMM_RPN_BR_19200; 880 break; 881 case 38400: 882 baud = RFCOMM_RPN_BR_38400; 883 break; 884 case 57600: 885 baud = RFCOMM_RPN_BR_57600; 886 break; 887 case 115200: 888 baud = RFCOMM_RPN_BR_115200; 889 break; 890 case 230400: 891 baud = RFCOMM_RPN_BR_230400; 892 break; 893 default: 894 /* 9600 is standard accordinag to the RFCOMM specification */ 895 baud = RFCOMM_RPN_BR_9600; 896 break; 897 898 } 899 900 if (changes) 901 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 902 data_bits, stop_bits, parity, 903 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 904 905 return; 906 } 907 908 static void rfcomm_tty_throttle(struct tty_struct *tty) 909 { 910 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 911 912 BT_DBG("tty %p dev %p", tty, dev); 913 914 rfcomm_dlc_throttle(dev->dlc); 915 } 916 917 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 918 { 919 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 920 921 BT_DBG("tty %p dev %p", tty, dev); 922 923 rfcomm_dlc_unthrottle(dev->dlc); 924 } 925 926 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 927 { 928 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 929 930 BT_DBG("tty %p dev %p", tty, dev); 931 932 if (!dev || !dev->dlc) 933 return 0; 934 935 if (!skb_queue_empty(&dev->dlc->tx_queue)) 936 return dev->dlc->mtu; 937 938 return 0; 939 } 940 941 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 942 { 943 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 944 945 BT_DBG("tty %p dev %p", tty, dev); 946 947 if (!dev || !dev->dlc) 948 return; 949 950 skb_queue_purge(&dev->dlc->tx_queue); 951 952 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 953 tty->ldisc.write_wakeup(tty); 954 } 955 956 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 957 { 958 BT_DBG("tty %p ch %c", tty, ch); 959 } 960 961 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 962 { 963 BT_DBG("tty %p timeout %d", tty, timeout); 964 } 965 966 static void rfcomm_tty_hangup(struct tty_struct *tty) 967 { 968 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 969 970 BT_DBG("tty %p dev %p", tty, dev); 971 972 if (!dev) 973 return; 974 975 rfcomm_tty_flush_buffer(tty); 976 977 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 978 rfcomm_dev_del(dev); 979 } 980 981 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused) 982 { 983 return 0; 984 } 985 986 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 987 { 988 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 989 990 BT_DBG("tty %p dev %p", tty, dev); 991 992 return dev->modem_status; 993 } 994 995 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 996 { 997 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 998 struct rfcomm_dlc *dlc = dev->dlc; 999 u8 v24_sig; 1000 1001 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1002 1003 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1004 1005 if (set & TIOCM_DSR || set & TIOCM_DTR) 1006 v24_sig |= RFCOMM_V24_RTC; 1007 if (set & TIOCM_RTS || set & TIOCM_CTS) 1008 v24_sig |= RFCOMM_V24_RTR; 1009 if (set & TIOCM_RI) 1010 v24_sig |= RFCOMM_V24_IC; 1011 if (set & TIOCM_CD) 1012 v24_sig |= RFCOMM_V24_DV; 1013 1014 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1015 v24_sig &= ~RFCOMM_V24_RTC; 1016 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1017 v24_sig &= ~RFCOMM_V24_RTR; 1018 if (clear & TIOCM_RI) 1019 v24_sig &= ~RFCOMM_V24_IC; 1020 if (clear & TIOCM_CD) 1021 v24_sig &= ~RFCOMM_V24_DV; 1022 1023 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1024 1025 return 0; 1026 } 1027 1028 /* ---- TTY structure ---- */ 1029 1030 static const struct tty_operations rfcomm_ops = { 1031 .open = rfcomm_tty_open, 1032 .close = rfcomm_tty_close, 1033 .write = rfcomm_tty_write, 1034 .write_room = rfcomm_tty_write_room, 1035 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1036 .flush_buffer = rfcomm_tty_flush_buffer, 1037 .ioctl = rfcomm_tty_ioctl, 1038 .throttle = rfcomm_tty_throttle, 1039 .unthrottle = rfcomm_tty_unthrottle, 1040 .set_termios = rfcomm_tty_set_termios, 1041 .send_xchar = rfcomm_tty_send_xchar, 1042 .hangup = rfcomm_tty_hangup, 1043 .wait_until_sent = rfcomm_tty_wait_until_sent, 1044 .read_proc = rfcomm_tty_read_proc, 1045 .tiocmget = rfcomm_tty_tiocmget, 1046 .tiocmset = rfcomm_tty_tiocmset, 1047 }; 1048 1049 int rfcomm_init_ttys(void) 1050 { 1051 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1052 if (!rfcomm_tty_driver) 1053 return -1; 1054 1055 rfcomm_tty_driver->owner = THIS_MODULE; 1056 rfcomm_tty_driver->driver_name = "rfcomm"; 1057 rfcomm_tty_driver->name = "rfcomm"; 1058 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1059 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1060 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1061 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1062 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1063 rfcomm_tty_driver->init_termios = tty_std_termios; 1064 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1065 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1066 1067 if (tty_register_driver(rfcomm_tty_driver)) { 1068 BT_ERR("Can't register RFCOMM TTY driver"); 1069 put_tty_driver(rfcomm_tty_driver); 1070 return -1; 1071 } 1072 1073 BT_INFO("RFCOMM TTY layer initialized"); 1074 1075 return 0; 1076 } 1077 1078 void rfcomm_cleanup_ttys(void) 1079 { 1080 tty_unregister_driver(rfcomm_tty_driver); 1081 put_tty_driver(rfcomm_tty_driver); 1082 } 1083