1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 #include <net/bluetooth/rfcomm.h> 41 42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 45 #define RFCOMM_TTY_MINOR 0 46 47 static struct tty_driver *rfcomm_tty_driver; 48 49 struct rfcomm_dev { 50 struct list_head list; 51 atomic_t refcnt; 52 53 char name[12]; 54 int id; 55 unsigned long flags; 56 atomic_t opened; 57 int err; 58 59 bdaddr_t src; 60 bdaddr_t dst; 61 u8 channel; 62 63 uint modem_status; 64 65 struct rfcomm_dlc *dlc; 66 struct tty_struct *tty; 67 wait_queue_head_t wait; 68 struct tasklet_struct wakeup_task; 69 70 struct device *tty_dev; 71 72 atomic_t wmem_alloc; 73 74 struct sk_buff_head pending; 75 }; 76 77 static LIST_HEAD(rfcomm_dev_list); 78 static DEFINE_RWLOCK(rfcomm_dev_lock); 79 80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 83 84 static void rfcomm_tty_wakeup(unsigned long arg); 85 86 /* ---- Device functions ---- */ 87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 88 { 89 struct rfcomm_dlc *dlc = dev->dlc; 90 91 BT_DBG("dev %p dlc %p", dev, dlc); 92 93 /* Refcount should only hit zero when called from rfcomm_dev_del() 94 which will have taken us off the list. Everything else are 95 refcounting bugs. */ 96 BUG_ON(!list_empty(&dev->list)); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 kfree(dev); 109 110 /* It's safe to call module_put() here because socket still 111 holds reference to this module. */ 112 module_put(THIS_MODULE); 113 } 114 115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 116 { 117 atomic_inc(&dev->refcnt); 118 } 119 120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 121 { 122 /* The reason this isn't actually a race, as you no 123 doubt have a little voice screaming at you in your 124 head, is that the refcount should never actually 125 reach zero unless the device has already been taken 126 off the list, in rfcomm_dev_del(). And if that's not 127 true, we'll hit the BUG() in rfcomm_dev_destruct() 128 anyway. */ 129 if (atomic_dec_and_test(&dev->refcnt)) 130 rfcomm_dev_destruct(dev); 131 } 132 133 static struct rfcomm_dev *__rfcomm_dev_get(int id) 134 { 135 struct rfcomm_dev *dev; 136 struct list_head *p; 137 138 list_for_each(p, &rfcomm_dev_list) { 139 dev = list_entry(p, struct rfcomm_dev, list); 140 if (dev->id == id) 141 return dev; 142 } 143 144 return NULL; 145 } 146 147 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 148 { 149 struct rfcomm_dev *dev; 150 151 read_lock(&rfcomm_dev_lock); 152 153 dev = __rfcomm_dev_get(id); 154 155 if (dev) { 156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 157 dev = NULL; 158 else 159 rfcomm_dev_hold(dev); 160 } 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 184 { 185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 186 return sprintf(buf, "%s\n", batostr(&dev->dst)); 187 } 188 189 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 190 { 191 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 192 return sprintf(buf, "%d\n", dev->channel); 193 } 194 195 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 196 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 197 198 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 199 { 200 struct rfcomm_dev *dev; 201 struct list_head *head = &rfcomm_dev_list, *p; 202 int err = 0; 203 204 BT_DBG("id %d channel %d", req->dev_id, req->channel); 205 206 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 207 if (!dev) 208 return -ENOMEM; 209 210 write_lock_bh(&rfcomm_dev_lock); 211 212 if (req->dev_id < 0) { 213 dev->id = 0; 214 215 list_for_each(p, &rfcomm_dev_list) { 216 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 217 break; 218 219 dev->id++; 220 head = p; 221 } 222 } else { 223 dev->id = req->dev_id; 224 225 list_for_each(p, &rfcomm_dev_list) { 226 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 227 228 if (entry->id == dev->id) { 229 err = -EADDRINUSE; 230 goto out; 231 } 232 233 if (entry->id > dev->id - 1) 234 break; 235 236 head = p; 237 } 238 } 239 240 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 241 err = -ENFILE; 242 goto out; 243 } 244 245 sprintf(dev->name, "rfcomm%d", dev->id); 246 247 list_add(&dev->list, head); 248 atomic_set(&dev->refcnt, 1); 249 250 bacpy(&dev->src, &req->src); 251 bacpy(&dev->dst, &req->dst); 252 dev->channel = req->channel; 253 254 dev->flags = req->flags & 255 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 256 257 atomic_set(&dev->opened, 0); 258 259 init_waitqueue_head(&dev->wait); 260 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 261 262 skb_queue_head_init(&dev->pending); 263 264 rfcomm_dlc_lock(dlc); 265 266 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 267 struct sock *sk = dlc->owner; 268 struct sk_buff *skb; 269 270 BUG_ON(!sk); 271 272 rfcomm_dlc_throttle(dlc); 273 274 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 275 skb_orphan(skb); 276 skb_queue_tail(&dev->pending, skb); 277 atomic_sub(skb->len, &sk->sk_rmem_alloc); 278 } 279 } 280 281 dlc->data_ready = rfcomm_dev_data_ready; 282 dlc->state_change = rfcomm_dev_state_change; 283 dlc->modem_status = rfcomm_dev_modem_status; 284 285 dlc->owner = dev; 286 dev->dlc = dlc; 287 288 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 289 290 rfcomm_dlc_unlock(dlc); 291 292 /* It's safe to call __module_get() here because socket already 293 holds reference to this module. */ 294 __module_get(THIS_MODULE); 295 296 out: 297 write_unlock_bh(&rfcomm_dev_lock); 298 299 if (err < 0) 300 goto free; 301 302 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 303 304 if (IS_ERR(dev->tty_dev)) { 305 err = PTR_ERR(dev->tty_dev); 306 list_del(&dev->list); 307 goto free; 308 } 309 310 dev_set_drvdata(dev->tty_dev, dev); 311 312 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 313 BT_ERR("Failed to create address attribute"); 314 315 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 316 BT_ERR("Failed to create channel attribute"); 317 318 return dev->id; 319 320 free: 321 kfree(dev); 322 return err; 323 } 324 325 static void rfcomm_dev_del(struct rfcomm_dev *dev) 326 { 327 BT_DBG("dev %p", dev); 328 329 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 330 331 if (atomic_read(&dev->opened) > 0) 332 return; 333 334 write_lock_bh(&rfcomm_dev_lock); 335 list_del_init(&dev->list); 336 write_unlock_bh(&rfcomm_dev_lock); 337 338 rfcomm_dev_put(dev); 339 } 340 341 /* ---- Send buffer ---- */ 342 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 343 { 344 /* We can't let it be zero, because we don't get a callback 345 when tx_credits becomes nonzero, hence we'd never wake up */ 346 return dlc->mtu * (dlc->tx_credits?:1); 347 } 348 349 static void rfcomm_wfree(struct sk_buff *skb) 350 { 351 struct rfcomm_dev *dev = (void *) skb->sk; 352 atomic_sub(skb->truesize, &dev->wmem_alloc); 353 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 354 tasklet_schedule(&dev->wakeup_task); 355 rfcomm_dev_put(dev); 356 } 357 358 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 359 { 360 rfcomm_dev_hold(dev); 361 atomic_add(skb->truesize, &dev->wmem_alloc); 362 skb->sk = (void *) dev; 363 skb->destructor = rfcomm_wfree; 364 } 365 366 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 367 { 368 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 369 struct sk_buff *skb = alloc_skb(size, priority); 370 if (skb) { 371 rfcomm_set_owner_w(skb, dev); 372 return skb; 373 } 374 } 375 return NULL; 376 } 377 378 /* ---- Device IOCTLs ---- */ 379 380 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 381 382 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 383 { 384 struct rfcomm_dev_req req; 385 struct rfcomm_dlc *dlc; 386 int id; 387 388 if (copy_from_user(&req, arg, sizeof(req))) 389 return -EFAULT; 390 391 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 392 393 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 394 return -EPERM; 395 396 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 397 /* Socket must be connected */ 398 if (sk->sk_state != BT_CONNECTED) 399 return -EBADFD; 400 401 dlc = rfcomm_pi(sk)->dlc; 402 rfcomm_dlc_hold(dlc); 403 } else { 404 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 405 if (!dlc) 406 return -ENOMEM; 407 } 408 409 id = rfcomm_dev_add(&req, dlc); 410 if (id < 0) { 411 rfcomm_dlc_put(dlc); 412 return id; 413 } 414 415 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 416 /* DLC is now used by device. 417 * Socket must be disconnected */ 418 sk->sk_state = BT_CLOSED; 419 } 420 421 return id; 422 } 423 424 static int rfcomm_release_dev(void __user *arg) 425 { 426 struct rfcomm_dev_req req; 427 struct rfcomm_dev *dev; 428 429 if (copy_from_user(&req, arg, sizeof(req))) 430 return -EFAULT; 431 432 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 433 434 if (!(dev = rfcomm_dev_get(req.dev_id))) 435 return -ENODEV; 436 437 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 438 rfcomm_dev_put(dev); 439 return -EPERM; 440 } 441 442 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 443 rfcomm_dlc_close(dev->dlc, 0); 444 445 /* Shut down TTY synchronously before freeing rfcomm_dev */ 446 if (dev->tty) 447 tty_vhangup(dev->tty); 448 449 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 450 rfcomm_dev_del(dev); 451 rfcomm_dev_put(dev); 452 return 0; 453 } 454 455 static int rfcomm_get_dev_list(void __user *arg) 456 { 457 struct rfcomm_dev_list_req *dl; 458 struct rfcomm_dev_info *di; 459 struct list_head *p; 460 int n = 0, size, err; 461 u16 dev_num; 462 463 BT_DBG(""); 464 465 if (get_user(dev_num, (u16 __user *) arg)) 466 return -EFAULT; 467 468 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 469 return -EINVAL; 470 471 size = sizeof(*dl) + dev_num * sizeof(*di); 472 473 if (!(dl = kmalloc(size, GFP_KERNEL))) 474 return -ENOMEM; 475 476 di = dl->dev_info; 477 478 read_lock_bh(&rfcomm_dev_lock); 479 480 list_for_each(p, &rfcomm_dev_list) { 481 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 482 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 483 continue; 484 (di + n)->id = dev->id; 485 (di + n)->flags = dev->flags; 486 (di + n)->state = dev->dlc->state; 487 (di + n)->channel = dev->channel; 488 bacpy(&(di + n)->src, &dev->src); 489 bacpy(&(di + n)->dst, &dev->dst); 490 if (++n >= dev_num) 491 break; 492 } 493 494 read_unlock_bh(&rfcomm_dev_lock); 495 496 dl->dev_num = n; 497 size = sizeof(*dl) + n * sizeof(*di); 498 499 err = copy_to_user(arg, dl, size); 500 kfree(dl); 501 502 return err ? -EFAULT : 0; 503 } 504 505 static int rfcomm_get_dev_info(void __user *arg) 506 { 507 struct rfcomm_dev *dev; 508 struct rfcomm_dev_info di; 509 int err = 0; 510 511 BT_DBG(""); 512 513 if (copy_from_user(&di, arg, sizeof(di))) 514 return -EFAULT; 515 516 if (!(dev = rfcomm_dev_get(di.id))) 517 return -ENODEV; 518 519 di.flags = dev->flags; 520 di.channel = dev->channel; 521 di.state = dev->dlc->state; 522 bacpy(&di.src, &dev->src); 523 bacpy(&di.dst, &dev->dst); 524 525 if (copy_to_user(arg, &di, sizeof(di))) 526 err = -EFAULT; 527 528 rfcomm_dev_put(dev); 529 return err; 530 } 531 532 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 533 { 534 BT_DBG("cmd %d arg %p", cmd, arg); 535 536 switch (cmd) { 537 case RFCOMMCREATEDEV: 538 return rfcomm_create_dev(sk, arg); 539 540 case RFCOMMRELEASEDEV: 541 return rfcomm_release_dev(arg); 542 543 case RFCOMMGETDEVLIST: 544 return rfcomm_get_dev_list(arg); 545 546 case RFCOMMGETDEVINFO: 547 return rfcomm_get_dev_info(arg); 548 } 549 550 return -EINVAL; 551 } 552 553 /* ---- DLC callbacks ---- */ 554 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 555 { 556 struct rfcomm_dev *dev = dlc->owner; 557 struct tty_struct *tty; 558 559 if (!dev) { 560 kfree_skb(skb); 561 return; 562 } 563 564 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) { 565 skb_queue_tail(&dev->pending, skb); 566 return; 567 } 568 569 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 570 571 tty_insert_flip_string(tty, skb->data, skb->len); 572 tty_flip_buffer_push(tty); 573 574 kfree_skb(skb); 575 } 576 577 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 578 { 579 struct rfcomm_dev *dev = dlc->owner; 580 if (!dev) 581 return; 582 583 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 584 585 dev->err = err; 586 wake_up_interruptible(&dev->wait); 587 588 if (dlc->state == BT_CLOSED) { 589 if (!dev->tty) { 590 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 591 /* Drop DLC lock here to avoid deadlock 592 * 1. rfcomm_dev_get will take rfcomm_dev_lock 593 * but in rfcomm_dev_add there's lock order: 594 * rfcomm_dev_lock -> dlc lock 595 * 2. rfcomm_dev_put will deadlock if it's 596 * the last reference 597 */ 598 rfcomm_dlc_unlock(dlc); 599 if (rfcomm_dev_get(dev->id) == NULL) { 600 rfcomm_dlc_lock(dlc); 601 return; 602 } 603 604 rfcomm_dev_del(dev); 605 rfcomm_dev_put(dev); 606 rfcomm_dlc_lock(dlc); 607 } 608 } else 609 tty_hangup(dev->tty); 610 } 611 } 612 613 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 614 { 615 struct rfcomm_dev *dev = dlc->owner; 616 if (!dev) 617 return; 618 619 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 620 621 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 622 if (dev->tty && !C_CLOCAL(dev->tty)) 623 tty_hangup(dev->tty); 624 } 625 626 dev->modem_status = 627 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 628 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 629 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 630 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 631 } 632 633 /* ---- TTY functions ---- */ 634 static void rfcomm_tty_wakeup(unsigned long arg) 635 { 636 struct rfcomm_dev *dev = (void *) arg; 637 struct tty_struct *tty = dev->tty; 638 if (!tty) 639 return; 640 641 BT_DBG("dev %p tty %p", dev, tty); 642 tty_wakeup(tty); 643 } 644 645 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 646 { 647 struct tty_struct *tty = dev->tty; 648 struct sk_buff *skb; 649 int inserted = 0; 650 651 if (!tty) 652 return; 653 654 BT_DBG("dev %p tty %p", dev, tty); 655 656 rfcomm_dlc_lock(dev->dlc); 657 658 while ((skb = skb_dequeue(&dev->pending))) { 659 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 660 kfree_skb(skb); 661 } 662 663 rfcomm_dlc_unlock(dev->dlc); 664 665 if (inserted > 0) 666 tty_flip_buffer_push(tty); 667 } 668 669 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 670 { 671 DECLARE_WAITQUEUE(wait, current); 672 struct rfcomm_dev *dev; 673 struct rfcomm_dlc *dlc; 674 int err, id; 675 676 id = tty->index; 677 678 BT_DBG("tty %p id %d", tty, id); 679 680 /* We don't leak this refcount. For reasons which are not entirely 681 clear, the TTY layer will call our ->close() method even if the 682 open fails. We decrease the refcount there, and decreasing it 683 here too would cause breakage. */ 684 dev = rfcomm_dev_get(id); 685 if (!dev) 686 return -ENODEV; 687 688 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 689 dev->channel, atomic_read(&dev->opened)); 690 691 if (atomic_inc_return(&dev->opened) > 1) 692 return 0; 693 694 dlc = dev->dlc; 695 696 /* Attach TTY and open DLC */ 697 698 rfcomm_dlc_lock(dlc); 699 tty->driver_data = dev; 700 dev->tty = tty; 701 rfcomm_dlc_unlock(dlc); 702 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 703 704 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 705 if (err < 0) 706 return err; 707 708 /* Wait for DLC to connect */ 709 add_wait_queue(&dev->wait, &wait); 710 while (1) { 711 set_current_state(TASK_INTERRUPTIBLE); 712 713 if (dlc->state == BT_CLOSED) { 714 err = -dev->err; 715 break; 716 } 717 718 if (dlc->state == BT_CONNECTED) 719 break; 720 721 if (signal_pending(current)) { 722 err = -EINTR; 723 break; 724 } 725 726 schedule(); 727 } 728 set_current_state(TASK_RUNNING); 729 remove_wait_queue(&dev->wait, &wait); 730 731 if (err == 0) 732 device_move(dev->tty_dev, rfcomm_get_device(dev), 733 DPM_ORDER_DEV_AFTER_PARENT); 734 735 rfcomm_tty_copy_pending(dev); 736 737 rfcomm_dlc_unthrottle(dev->dlc); 738 739 return err; 740 } 741 742 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 743 { 744 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 745 if (!dev) 746 return; 747 748 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 749 atomic_read(&dev->opened)); 750 751 if (atomic_dec_and_test(&dev->opened)) { 752 if (dev->tty_dev->parent) 753 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 754 755 /* Close DLC and dettach TTY */ 756 rfcomm_dlc_close(dev->dlc, 0); 757 758 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 759 tasklet_kill(&dev->wakeup_task); 760 761 rfcomm_dlc_lock(dev->dlc); 762 tty->driver_data = NULL; 763 dev->tty = NULL; 764 rfcomm_dlc_unlock(dev->dlc); 765 766 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 767 write_lock_bh(&rfcomm_dev_lock); 768 list_del_init(&dev->list); 769 write_unlock_bh(&rfcomm_dev_lock); 770 771 rfcomm_dev_put(dev); 772 } 773 } 774 775 rfcomm_dev_put(dev); 776 } 777 778 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 779 { 780 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 781 struct rfcomm_dlc *dlc = dev->dlc; 782 struct sk_buff *skb; 783 int err = 0, sent = 0, size; 784 785 BT_DBG("tty %p count %d", tty, count); 786 787 while (count) { 788 size = min_t(uint, count, dlc->mtu); 789 790 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 791 792 if (!skb) 793 break; 794 795 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 796 797 memcpy(skb_put(skb, size), buf + sent, size); 798 799 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 800 kfree_skb(skb); 801 break; 802 } 803 804 sent += size; 805 count -= size; 806 } 807 808 return sent ? sent : err; 809 } 810 811 static int rfcomm_tty_write_room(struct tty_struct *tty) 812 { 813 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 814 int room; 815 816 BT_DBG("tty %p", tty); 817 818 if (!dev || !dev->dlc) 819 return 0; 820 821 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 822 if (room < 0) 823 room = 0; 824 825 return room; 826 } 827 828 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 829 { 830 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 831 832 switch (cmd) { 833 case TCGETS: 834 BT_DBG("TCGETS is not supported"); 835 return -ENOIOCTLCMD; 836 837 case TCSETS: 838 BT_DBG("TCSETS is not supported"); 839 return -ENOIOCTLCMD; 840 841 case TIOCMIWAIT: 842 BT_DBG("TIOCMIWAIT"); 843 break; 844 845 case TIOCGSERIAL: 846 BT_ERR("TIOCGSERIAL is not supported"); 847 return -ENOIOCTLCMD; 848 849 case TIOCSSERIAL: 850 BT_ERR("TIOCSSERIAL is not supported"); 851 return -ENOIOCTLCMD; 852 853 case TIOCSERGSTRUCT: 854 BT_ERR("TIOCSERGSTRUCT is not supported"); 855 return -ENOIOCTLCMD; 856 857 case TIOCSERGETLSR: 858 BT_ERR("TIOCSERGETLSR is not supported"); 859 return -ENOIOCTLCMD; 860 861 case TIOCSERCONFIG: 862 BT_ERR("TIOCSERCONFIG is not supported"); 863 return -ENOIOCTLCMD; 864 865 default: 866 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 867 868 } 869 870 return -ENOIOCTLCMD; 871 } 872 873 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 874 { 875 struct ktermios *new = tty->termios; 876 int old_baud_rate = tty_termios_baud_rate(old); 877 int new_baud_rate = tty_termios_baud_rate(new); 878 879 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 880 u16 changes = 0; 881 882 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 883 884 BT_DBG("tty %p termios %p", tty, old); 885 886 if (!dev || !dev->dlc || !dev->dlc->session) 887 return; 888 889 /* Handle turning off CRTSCTS */ 890 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 891 BT_DBG("Turning off CRTSCTS unsupported"); 892 893 /* Parity on/off and when on, odd/even */ 894 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 895 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 896 changes |= RFCOMM_RPN_PM_PARITY; 897 BT_DBG("Parity change detected."); 898 } 899 900 /* Mark and space parity are not supported! */ 901 if (new->c_cflag & PARENB) { 902 if (new->c_cflag & PARODD) { 903 BT_DBG("Parity is ODD"); 904 parity = RFCOMM_RPN_PARITY_ODD; 905 } else { 906 BT_DBG("Parity is EVEN"); 907 parity = RFCOMM_RPN_PARITY_EVEN; 908 } 909 } else { 910 BT_DBG("Parity is OFF"); 911 parity = RFCOMM_RPN_PARITY_NONE; 912 } 913 914 /* Setting the x_on / x_off characters */ 915 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 916 BT_DBG("XOFF custom"); 917 x_on = new->c_cc[VSTOP]; 918 changes |= RFCOMM_RPN_PM_XON; 919 } else { 920 BT_DBG("XOFF default"); 921 x_on = RFCOMM_RPN_XON_CHAR; 922 } 923 924 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 925 BT_DBG("XON custom"); 926 x_off = new->c_cc[VSTART]; 927 changes |= RFCOMM_RPN_PM_XOFF; 928 } else { 929 BT_DBG("XON default"); 930 x_off = RFCOMM_RPN_XOFF_CHAR; 931 } 932 933 /* Handle setting of stop bits */ 934 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 935 changes |= RFCOMM_RPN_PM_STOP; 936 937 /* POSIX does not support 1.5 stop bits and RFCOMM does not 938 * support 2 stop bits. So a request for 2 stop bits gets 939 * translated to 1.5 stop bits */ 940 if (new->c_cflag & CSTOPB) { 941 stop_bits = RFCOMM_RPN_STOP_15; 942 } else { 943 stop_bits = RFCOMM_RPN_STOP_1; 944 } 945 946 /* Handle number of data bits [5-8] */ 947 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 948 changes |= RFCOMM_RPN_PM_DATA; 949 950 switch (new->c_cflag & CSIZE) { 951 case CS5: 952 data_bits = RFCOMM_RPN_DATA_5; 953 break; 954 case CS6: 955 data_bits = RFCOMM_RPN_DATA_6; 956 break; 957 case CS7: 958 data_bits = RFCOMM_RPN_DATA_7; 959 break; 960 case CS8: 961 data_bits = RFCOMM_RPN_DATA_8; 962 break; 963 default: 964 data_bits = RFCOMM_RPN_DATA_8; 965 break; 966 } 967 968 /* Handle baudrate settings */ 969 if (old_baud_rate != new_baud_rate) 970 changes |= RFCOMM_RPN_PM_BITRATE; 971 972 switch (new_baud_rate) { 973 case 2400: 974 baud = RFCOMM_RPN_BR_2400; 975 break; 976 case 4800: 977 baud = RFCOMM_RPN_BR_4800; 978 break; 979 case 7200: 980 baud = RFCOMM_RPN_BR_7200; 981 break; 982 case 9600: 983 baud = RFCOMM_RPN_BR_9600; 984 break; 985 case 19200: 986 baud = RFCOMM_RPN_BR_19200; 987 break; 988 case 38400: 989 baud = RFCOMM_RPN_BR_38400; 990 break; 991 case 57600: 992 baud = RFCOMM_RPN_BR_57600; 993 break; 994 case 115200: 995 baud = RFCOMM_RPN_BR_115200; 996 break; 997 case 230400: 998 baud = RFCOMM_RPN_BR_230400; 999 break; 1000 default: 1001 /* 9600 is standard accordinag to the RFCOMM specification */ 1002 baud = RFCOMM_RPN_BR_9600; 1003 break; 1004 1005 } 1006 1007 if (changes) 1008 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1009 data_bits, stop_bits, parity, 1010 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1011 } 1012 1013 static void rfcomm_tty_throttle(struct tty_struct *tty) 1014 { 1015 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1016 1017 BT_DBG("tty %p dev %p", tty, dev); 1018 1019 rfcomm_dlc_throttle(dev->dlc); 1020 } 1021 1022 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1023 { 1024 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1025 1026 BT_DBG("tty %p dev %p", tty, dev); 1027 1028 rfcomm_dlc_unthrottle(dev->dlc); 1029 } 1030 1031 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1032 { 1033 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1034 1035 BT_DBG("tty %p dev %p", tty, dev); 1036 1037 if (!dev || !dev->dlc) 1038 return 0; 1039 1040 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1041 return dev->dlc->mtu; 1042 1043 return 0; 1044 } 1045 1046 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1047 { 1048 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1049 1050 BT_DBG("tty %p dev %p", tty, dev); 1051 1052 if (!dev || !dev->dlc) 1053 return; 1054 1055 skb_queue_purge(&dev->dlc->tx_queue); 1056 tty_wakeup(tty); 1057 } 1058 1059 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1060 { 1061 BT_DBG("tty %p ch %c", tty, ch); 1062 } 1063 1064 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1065 { 1066 BT_DBG("tty %p timeout %d", tty, timeout); 1067 } 1068 1069 static void rfcomm_tty_hangup(struct tty_struct *tty) 1070 { 1071 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1072 1073 BT_DBG("tty %p dev %p", tty, dev); 1074 1075 if (!dev) 1076 return; 1077 1078 rfcomm_tty_flush_buffer(tty); 1079 1080 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1081 if (rfcomm_dev_get(dev->id) == NULL) 1082 return; 1083 rfcomm_dev_del(dev); 1084 rfcomm_dev_put(dev); 1085 } 1086 } 1087 1088 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1089 { 1090 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1091 1092 BT_DBG("tty %p dev %p", tty, dev); 1093 1094 return dev->modem_status; 1095 } 1096 1097 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1098 { 1099 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1100 struct rfcomm_dlc *dlc = dev->dlc; 1101 u8 v24_sig; 1102 1103 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1104 1105 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1106 1107 if (set & TIOCM_DSR || set & TIOCM_DTR) 1108 v24_sig |= RFCOMM_V24_RTC; 1109 if (set & TIOCM_RTS || set & TIOCM_CTS) 1110 v24_sig |= RFCOMM_V24_RTR; 1111 if (set & TIOCM_RI) 1112 v24_sig |= RFCOMM_V24_IC; 1113 if (set & TIOCM_CD) 1114 v24_sig |= RFCOMM_V24_DV; 1115 1116 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1117 v24_sig &= ~RFCOMM_V24_RTC; 1118 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1119 v24_sig &= ~RFCOMM_V24_RTR; 1120 if (clear & TIOCM_RI) 1121 v24_sig &= ~RFCOMM_V24_IC; 1122 if (clear & TIOCM_CD) 1123 v24_sig &= ~RFCOMM_V24_DV; 1124 1125 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1126 1127 return 0; 1128 } 1129 1130 /* ---- TTY structure ---- */ 1131 1132 static const struct tty_operations rfcomm_ops = { 1133 .open = rfcomm_tty_open, 1134 .close = rfcomm_tty_close, 1135 .write = rfcomm_tty_write, 1136 .write_room = rfcomm_tty_write_room, 1137 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1138 .flush_buffer = rfcomm_tty_flush_buffer, 1139 .ioctl = rfcomm_tty_ioctl, 1140 .throttle = rfcomm_tty_throttle, 1141 .unthrottle = rfcomm_tty_unthrottle, 1142 .set_termios = rfcomm_tty_set_termios, 1143 .send_xchar = rfcomm_tty_send_xchar, 1144 .hangup = rfcomm_tty_hangup, 1145 .wait_until_sent = rfcomm_tty_wait_until_sent, 1146 .tiocmget = rfcomm_tty_tiocmget, 1147 .tiocmset = rfcomm_tty_tiocmset, 1148 }; 1149 1150 int __init rfcomm_init_ttys(void) 1151 { 1152 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1153 if (!rfcomm_tty_driver) 1154 return -1; 1155 1156 rfcomm_tty_driver->owner = THIS_MODULE; 1157 rfcomm_tty_driver->driver_name = "rfcomm"; 1158 rfcomm_tty_driver->name = "rfcomm"; 1159 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1160 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1161 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1162 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1163 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1164 rfcomm_tty_driver->init_termios = tty_std_termios; 1165 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1166 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1167 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1168 1169 if (tty_register_driver(rfcomm_tty_driver)) { 1170 BT_ERR("Can't register RFCOMM TTY driver"); 1171 put_tty_driver(rfcomm_tty_driver); 1172 return -1; 1173 } 1174 1175 BT_INFO("RFCOMM TTY layer initialized"); 1176 1177 return 0; 1178 } 1179 1180 void rfcomm_cleanup_ttys(void) 1181 { 1182 tty_unregister_driver(rfcomm_tty_driver); 1183 put_tty_driver(rfcomm_tty_driver); 1184 } 1185