1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <linux/capability.h> 35 #include <linux/slab.h> 36 #include <linux/skbuff.h> 37 38 #include <net/bluetooth/bluetooth.h> 39 #include <net/bluetooth/hci_core.h> 40 #include <net/bluetooth/rfcomm.h> 41 42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 45 #define RFCOMM_TTY_MINOR 0 46 47 static struct tty_driver *rfcomm_tty_driver; 48 49 struct rfcomm_dev { 50 struct list_head list; 51 atomic_t refcnt; 52 53 char name[12]; 54 int id; 55 unsigned long flags; 56 atomic_t opened; 57 int err; 58 59 bdaddr_t src; 60 bdaddr_t dst; 61 u8 channel; 62 63 uint modem_status; 64 65 struct rfcomm_dlc *dlc; 66 struct tty_struct *tty; 67 wait_queue_head_t wait; 68 struct tasklet_struct wakeup_task; 69 70 struct device *tty_dev; 71 72 atomic_t wmem_alloc; 73 74 struct sk_buff_head pending; 75 }; 76 77 static LIST_HEAD(rfcomm_dev_list); 78 static DEFINE_RWLOCK(rfcomm_dev_lock); 79 80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 83 84 static void rfcomm_tty_wakeup(unsigned long arg); 85 86 /* ---- Device functions ---- */ 87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev) 88 { 89 struct rfcomm_dlc *dlc = dev->dlc; 90 91 BT_DBG("dev %p dlc %p", dev, dlc); 92 93 /* Refcount should only hit zero when called from rfcomm_dev_del() 94 which will have taken us off the list. Everything else are 95 refcounting bugs. */ 96 BUG_ON(!list_empty(&dev->list)); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 kfree(dev); 109 110 /* It's safe to call module_put() here because socket still 111 holds reference to this module. */ 112 module_put(THIS_MODULE); 113 } 114 115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev) 116 { 117 atomic_inc(&dev->refcnt); 118 } 119 120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev) 121 { 122 /* The reason this isn't actually a race, as you no 123 doubt have a little voice screaming at you in your 124 head, is that the refcount should never actually 125 reach zero unless the device has already been taken 126 off the list, in rfcomm_dev_del(). And if that's not 127 true, we'll hit the BUG() in rfcomm_dev_destruct() 128 anyway. */ 129 if (atomic_dec_and_test(&dev->refcnt)) 130 rfcomm_dev_destruct(dev); 131 } 132 133 static struct rfcomm_dev *__rfcomm_dev_get(int id) 134 { 135 struct rfcomm_dev *dev; 136 struct list_head *p; 137 138 list_for_each(p, &rfcomm_dev_list) { 139 dev = list_entry(p, struct rfcomm_dev, list); 140 if (dev->id == id) 141 return dev; 142 } 143 144 return NULL; 145 } 146 147 static inline struct rfcomm_dev *rfcomm_dev_get(int id) 148 { 149 struct rfcomm_dev *dev; 150 151 read_lock(&rfcomm_dev_lock); 152 153 dev = __rfcomm_dev_get(id); 154 155 if (dev) { 156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 157 dev = NULL; 158 else 159 rfcomm_dev_hold(dev); 160 } 161 162 read_unlock(&rfcomm_dev_lock); 163 164 return dev; 165 } 166 167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 168 { 169 struct hci_dev *hdev; 170 struct hci_conn *conn; 171 172 hdev = hci_get_route(&dev->dst, &dev->src); 173 if (!hdev) 174 return NULL; 175 176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 177 178 hci_dev_put(hdev); 179 180 return conn ? &conn->dev : NULL; 181 } 182 183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 184 { 185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 186 bdaddr_t bdaddr; 187 baswap(&bdaddr, &dev->dst); 188 return sprintf(buf, "%s\n", batostr(&bdaddr)); 189 } 190 191 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 192 { 193 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 194 return sprintf(buf, "%d\n", dev->channel); 195 } 196 197 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 198 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 199 200 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 201 { 202 struct rfcomm_dev *dev; 203 struct list_head *head = &rfcomm_dev_list, *p; 204 int err = 0; 205 206 BT_DBG("id %d channel %d", req->dev_id, req->channel); 207 208 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 209 if (!dev) 210 return -ENOMEM; 211 212 write_lock_bh(&rfcomm_dev_lock); 213 214 if (req->dev_id < 0) { 215 dev->id = 0; 216 217 list_for_each(p, &rfcomm_dev_list) { 218 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id) 219 break; 220 221 dev->id++; 222 head = p; 223 } 224 } else { 225 dev->id = req->dev_id; 226 227 list_for_each(p, &rfcomm_dev_list) { 228 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list); 229 230 if (entry->id == dev->id) { 231 err = -EADDRINUSE; 232 goto out; 233 } 234 235 if (entry->id > dev->id - 1) 236 break; 237 238 head = p; 239 } 240 } 241 242 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 243 err = -ENFILE; 244 goto out; 245 } 246 247 sprintf(dev->name, "rfcomm%d", dev->id); 248 249 list_add(&dev->list, head); 250 atomic_set(&dev->refcnt, 1); 251 252 bacpy(&dev->src, &req->src); 253 bacpy(&dev->dst, &req->dst); 254 dev->channel = req->channel; 255 256 dev->flags = req->flags & 257 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 258 259 atomic_set(&dev->opened, 0); 260 261 init_waitqueue_head(&dev->wait); 262 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 263 264 skb_queue_head_init(&dev->pending); 265 266 rfcomm_dlc_lock(dlc); 267 268 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 269 struct sock *sk = dlc->owner; 270 struct sk_buff *skb; 271 272 BUG_ON(!sk); 273 274 rfcomm_dlc_throttle(dlc); 275 276 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 277 skb_orphan(skb); 278 skb_queue_tail(&dev->pending, skb); 279 atomic_sub(skb->len, &sk->sk_rmem_alloc); 280 } 281 } 282 283 dlc->data_ready = rfcomm_dev_data_ready; 284 dlc->state_change = rfcomm_dev_state_change; 285 dlc->modem_status = rfcomm_dev_modem_status; 286 287 dlc->owner = dev; 288 dev->dlc = dlc; 289 290 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 291 292 rfcomm_dlc_unlock(dlc); 293 294 /* It's safe to call __module_get() here because socket already 295 holds reference to this module. */ 296 __module_get(THIS_MODULE); 297 298 out: 299 write_unlock_bh(&rfcomm_dev_lock); 300 301 if (err < 0) 302 goto free; 303 304 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL); 305 306 if (IS_ERR(dev->tty_dev)) { 307 err = PTR_ERR(dev->tty_dev); 308 list_del(&dev->list); 309 goto free; 310 } 311 312 dev_set_drvdata(dev->tty_dev, dev); 313 314 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 315 BT_ERR("Failed to create address attribute"); 316 317 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 318 BT_ERR("Failed to create channel attribute"); 319 320 return dev->id; 321 322 free: 323 kfree(dev); 324 return err; 325 } 326 327 static void rfcomm_dev_del(struct rfcomm_dev *dev) 328 { 329 BT_DBG("dev %p", dev); 330 331 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 332 333 if (atomic_read(&dev->opened) > 0) 334 return; 335 336 write_lock_bh(&rfcomm_dev_lock); 337 list_del_init(&dev->list); 338 write_unlock_bh(&rfcomm_dev_lock); 339 340 rfcomm_dev_put(dev); 341 } 342 343 /* ---- Send buffer ---- */ 344 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 345 { 346 /* We can't let it be zero, because we don't get a callback 347 when tx_credits becomes nonzero, hence we'd never wake up */ 348 return dlc->mtu * (dlc->tx_credits?:1); 349 } 350 351 static void rfcomm_wfree(struct sk_buff *skb) 352 { 353 struct rfcomm_dev *dev = (void *) skb->sk; 354 atomic_sub(skb->truesize, &dev->wmem_alloc); 355 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 356 tasklet_schedule(&dev->wakeup_task); 357 rfcomm_dev_put(dev); 358 } 359 360 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 361 { 362 rfcomm_dev_hold(dev); 363 atomic_add(skb->truesize, &dev->wmem_alloc); 364 skb->sk = (void *) dev; 365 skb->destructor = rfcomm_wfree; 366 } 367 368 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 369 { 370 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 371 struct sk_buff *skb = alloc_skb(size, priority); 372 if (skb) { 373 rfcomm_set_owner_w(skb, dev); 374 return skb; 375 } 376 } 377 return NULL; 378 } 379 380 /* ---- Device IOCTLs ---- */ 381 382 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 383 384 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 385 { 386 struct rfcomm_dev_req req; 387 struct rfcomm_dlc *dlc; 388 int id; 389 390 if (copy_from_user(&req, arg, sizeof(req))) 391 return -EFAULT; 392 393 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 394 395 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 396 return -EPERM; 397 398 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 399 /* Socket must be connected */ 400 if (sk->sk_state != BT_CONNECTED) 401 return -EBADFD; 402 403 dlc = rfcomm_pi(sk)->dlc; 404 rfcomm_dlc_hold(dlc); 405 } else { 406 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 407 if (!dlc) 408 return -ENOMEM; 409 } 410 411 id = rfcomm_dev_add(&req, dlc); 412 if (id < 0) { 413 rfcomm_dlc_put(dlc); 414 return id; 415 } 416 417 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 418 /* DLC is now used by device. 419 * Socket must be disconnected */ 420 sk->sk_state = BT_CLOSED; 421 } 422 423 return id; 424 } 425 426 static int rfcomm_release_dev(void __user *arg) 427 { 428 struct rfcomm_dev_req req; 429 struct rfcomm_dev *dev; 430 431 if (copy_from_user(&req, arg, sizeof(req))) 432 return -EFAULT; 433 434 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 435 436 if (!(dev = rfcomm_dev_get(req.dev_id))) 437 return -ENODEV; 438 439 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 440 rfcomm_dev_put(dev); 441 return -EPERM; 442 } 443 444 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 445 rfcomm_dlc_close(dev->dlc, 0); 446 447 /* Shut down TTY synchronously before freeing rfcomm_dev */ 448 if (dev->tty) 449 tty_vhangup(dev->tty); 450 451 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 452 rfcomm_dev_del(dev); 453 rfcomm_dev_put(dev); 454 return 0; 455 } 456 457 static int rfcomm_get_dev_list(void __user *arg) 458 { 459 struct rfcomm_dev_list_req *dl; 460 struct rfcomm_dev_info *di; 461 struct list_head *p; 462 int n = 0, size, err; 463 u16 dev_num; 464 465 BT_DBG(""); 466 467 if (get_user(dev_num, (u16 __user *) arg)) 468 return -EFAULT; 469 470 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 471 return -EINVAL; 472 473 size = sizeof(*dl) + dev_num * sizeof(*di); 474 475 if (!(dl = kmalloc(size, GFP_KERNEL))) 476 return -ENOMEM; 477 478 di = dl->dev_info; 479 480 read_lock_bh(&rfcomm_dev_lock); 481 482 list_for_each(p, &rfcomm_dev_list) { 483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list); 484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 485 continue; 486 (di + n)->id = dev->id; 487 (di + n)->flags = dev->flags; 488 (di + n)->state = dev->dlc->state; 489 (di + n)->channel = dev->channel; 490 bacpy(&(di + n)->src, &dev->src); 491 bacpy(&(di + n)->dst, &dev->dst); 492 if (++n >= dev_num) 493 break; 494 } 495 496 read_unlock_bh(&rfcomm_dev_lock); 497 498 dl->dev_num = n; 499 size = sizeof(*dl) + n * sizeof(*di); 500 501 err = copy_to_user(arg, dl, size); 502 kfree(dl); 503 504 return err ? -EFAULT : 0; 505 } 506 507 static int rfcomm_get_dev_info(void __user *arg) 508 { 509 struct rfcomm_dev *dev; 510 struct rfcomm_dev_info di; 511 int err = 0; 512 513 BT_DBG(""); 514 515 if (copy_from_user(&di, arg, sizeof(di))) 516 return -EFAULT; 517 518 if (!(dev = rfcomm_dev_get(di.id))) 519 return -ENODEV; 520 521 di.flags = dev->flags; 522 di.channel = dev->channel; 523 di.state = dev->dlc->state; 524 bacpy(&di.src, &dev->src); 525 bacpy(&di.dst, &dev->dst); 526 527 if (copy_to_user(arg, &di, sizeof(di))) 528 err = -EFAULT; 529 530 rfcomm_dev_put(dev); 531 return err; 532 } 533 534 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 535 { 536 BT_DBG("cmd %d arg %p", cmd, arg); 537 538 switch (cmd) { 539 case RFCOMMCREATEDEV: 540 return rfcomm_create_dev(sk, arg); 541 542 case RFCOMMRELEASEDEV: 543 return rfcomm_release_dev(arg); 544 545 case RFCOMMGETDEVLIST: 546 return rfcomm_get_dev_list(arg); 547 548 case RFCOMMGETDEVINFO: 549 return rfcomm_get_dev_info(arg); 550 } 551 552 return -EINVAL; 553 } 554 555 /* ---- DLC callbacks ---- */ 556 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 557 { 558 struct rfcomm_dev *dev = dlc->owner; 559 struct tty_struct *tty; 560 561 if (!dev) { 562 kfree_skb(skb); 563 return; 564 } 565 566 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) { 567 skb_queue_tail(&dev->pending, skb); 568 return; 569 } 570 571 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 572 573 tty_insert_flip_string(tty, skb->data, skb->len); 574 tty_flip_buffer_push(tty); 575 576 kfree_skb(skb); 577 } 578 579 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 580 { 581 struct rfcomm_dev *dev = dlc->owner; 582 if (!dev) 583 return; 584 585 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 586 587 dev->err = err; 588 wake_up_interruptible(&dev->wait); 589 590 if (dlc->state == BT_CLOSED) { 591 if (!dev->tty) { 592 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 593 /* Drop DLC lock here to avoid deadlock 594 * 1. rfcomm_dev_get will take rfcomm_dev_lock 595 * but in rfcomm_dev_add there's lock order: 596 * rfcomm_dev_lock -> dlc lock 597 * 2. rfcomm_dev_put will deadlock if it's 598 * the last reference 599 */ 600 rfcomm_dlc_unlock(dlc); 601 if (rfcomm_dev_get(dev->id) == NULL) { 602 rfcomm_dlc_lock(dlc); 603 return; 604 } 605 606 rfcomm_dev_del(dev); 607 rfcomm_dev_put(dev); 608 rfcomm_dlc_lock(dlc); 609 } 610 } else 611 tty_hangup(dev->tty); 612 } 613 } 614 615 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 616 { 617 struct rfcomm_dev *dev = dlc->owner; 618 if (!dev) 619 return; 620 621 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 622 623 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 624 if (dev->tty && !C_CLOCAL(dev->tty)) 625 tty_hangup(dev->tty); 626 } 627 628 dev->modem_status = 629 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 630 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 631 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 632 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 633 } 634 635 /* ---- TTY functions ---- */ 636 static void rfcomm_tty_wakeup(unsigned long arg) 637 { 638 struct rfcomm_dev *dev = (void *) arg; 639 struct tty_struct *tty = dev->tty; 640 if (!tty) 641 return; 642 643 BT_DBG("dev %p tty %p", dev, tty); 644 tty_wakeup(tty); 645 } 646 647 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 648 { 649 struct tty_struct *tty = dev->tty; 650 struct sk_buff *skb; 651 int inserted = 0; 652 653 if (!tty) 654 return; 655 656 BT_DBG("dev %p tty %p", dev, tty); 657 658 rfcomm_dlc_lock(dev->dlc); 659 660 while ((skb = skb_dequeue(&dev->pending))) { 661 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 662 kfree_skb(skb); 663 } 664 665 rfcomm_dlc_unlock(dev->dlc); 666 667 if (inserted > 0) 668 tty_flip_buffer_push(tty); 669 } 670 671 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 672 { 673 DECLARE_WAITQUEUE(wait, current); 674 struct rfcomm_dev *dev; 675 struct rfcomm_dlc *dlc; 676 int err, id; 677 678 id = tty->index; 679 680 BT_DBG("tty %p id %d", tty, id); 681 682 /* We don't leak this refcount. For reasons which are not entirely 683 clear, the TTY layer will call our ->close() method even if the 684 open fails. We decrease the refcount there, and decreasing it 685 here too would cause breakage. */ 686 dev = rfcomm_dev_get(id); 687 if (!dev) 688 return -ENODEV; 689 690 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 691 dev->channel, atomic_read(&dev->opened)); 692 693 if (atomic_inc_return(&dev->opened) > 1) 694 return 0; 695 696 dlc = dev->dlc; 697 698 /* Attach TTY and open DLC */ 699 700 rfcomm_dlc_lock(dlc); 701 tty->driver_data = dev; 702 dev->tty = tty; 703 rfcomm_dlc_unlock(dlc); 704 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 705 706 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 707 if (err < 0) 708 return err; 709 710 /* Wait for DLC to connect */ 711 add_wait_queue(&dev->wait, &wait); 712 while (1) { 713 set_current_state(TASK_INTERRUPTIBLE); 714 715 if (dlc->state == BT_CLOSED) { 716 err = -dev->err; 717 break; 718 } 719 720 if (dlc->state == BT_CONNECTED) 721 break; 722 723 if (signal_pending(current)) { 724 err = -EINTR; 725 break; 726 } 727 728 schedule(); 729 } 730 set_current_state(TASK_RUNNING); 731 remove_wait_queue(&dev->wait, &wait); 732 733 if (err == 0) 734 device_move(dev->tty_dev, rfcomm_get_device(dev), 735 DPM_ORDER_DEV_AFTER_PARENT); 736 737 rfcomm_tty_copy_pending(dev); 738 739 rfcomm_dlc_unthrottle(dev->dlc); 740 741 return err; 742 } 743 744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 745 { 746 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 747 if (!dev) 748 return; 749 750 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 751 atomic_read(&dev->opened)); 752 753 if (atomic_dec_and_test(&dev->opened)) { 754 if (dev->tty_dev->parent) 755 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 756 757 /* Close DLC and dettach TTY */ 758 rfcomm_dlc_close(dev->dlc, 0); 759 760 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 761 tasklet_kill(&dev->wakeup_task); 762 763 rfcomm_dlc_lock(dev->dlc); 764 tty->driver_data = NULL; 765 dev->tty = NULL; 766 rfcomm_dlc_unlock(dev->dlc); 767 768 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 769 write_lock_bh(&rfcomm_dev_lock); 770 list_del_init(&dev->list); 771 write_unlock_bh(&rfcomm_dev_lock); 772 773 rfcomm_dev_put(dev); 774 } 775 } 776 777 rfcomm_dev_put(dev); 778 } 779 780 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 781 { 782 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 783 struct rfcomm_dlc *dlc = dev->dlc; 784 struct sk_buff *skb; 785 int err = 0, sent = 0, size; 786 787 BT_DBG("tty %p count %d", tty, count); 788 789 while (count) { 790 size = min_t(uint, count, dlc->mtu); 791 792 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 793 794 if (!skb) 795 break; 796 797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 798 799 memcpy(skb_put(skb, size), buf + sent, size); 800 801 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) { 802 kfree_skb(skb); 803 break; 804 } 805 806 sent += size; 807 count -= size; 808 } 809 810 return sent ? sent : err; 811 } 812 813 static int rfcomm_tty_write_room(struct tty_struct *tty) 814 { 815 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 816 int room; 817 818 BT_DBG("tty %p", tty); 819 820 if (!dev || !dev->dlc) 821 return 0; 822 823 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 824 if (room < 0) 825 room = 0; 826 827 return room; 828 } 829 830 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg) 831 { 832 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 833 834 switch (cmd) { 835 case TCGETS: 836 BT_DBG("TCGETS is not supported"); 837 return -ENOIOCTLCMD; 838 839 case TCSETS: 840 BT_DBG("TCSETS is not supported"); 841 return -ENOIOCTLCMD; 842 843 case TIOCMIWAIT: 844 BT_DBG("TIOCMIWAIT"); 845 break; 846 847 case TIOCGICOUNT: 848 BT_DBG("TIOCGICOUNT"); 849 break; 850 851 case TIOCGSERIAL: 852 BT_ERR("TIOCGSERIAL is not supported"); 853 return -ENOIOCTLCMD; 854 855 case TIOCSSERIAL: 856 BT_ERR("TIOCSSERIAL is not supported"); 857 return -ENOIOCTLCMD; 858 859 case TIOCSERGSTRUCT: 860 BT_ERR("TIOCSERGSTRUCT is not supported"); 861 return -ENOIOCTLCMD; 862 863 case TIOCSERGETLSR: 864 BT_ERR("TIOCSERGETLSR is not supported"); 865 return -ENOIOCTLCMD; 866 867 case TIOCSERCONFIG: 868 BT_ERR("TIOCSERCONFIG is not supported"); 869 return -ENOIOCTLCMD; 870 871 default: 872 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 873 874 } 875 876 return -ENOIOCTLCMD; 877 } 878 879 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 880 { 881 struct ktermios *new = tty->termios; 882 int old_baud_rate = tty_termios_baud_rate(old); 883 int new_baud_rate = tty_termios_baud_rate(new); 884 885 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 886 u16 changes = 0; 887 888 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 889 890 BT_DBG("tty %p termios %p", tty, old); 891 892 if (!dev || !dev->dlc || !dev->dlc->session) 893 return; 894 895 /* Handle turning off CRTSCTS */ 896 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 897 BT_DBG("Turning off CRTSCTS unsupported"); 898 899 /* Parity on/off and when on, odd/even */ 900 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 901 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) { 902 changes |= RFCOMM_RPN_PM_PARITY; 903 BT_DBG("Parity change detected."); 904 } 905 906 /* Mark and space parity are not supported! */ 907 if (new->c_cflag & PARENB) { 908 if (new->c_cflag & PARODD) { 909 BT_DBG("Parity is ODD"); 910 parity = RFCOMM_RPN_PARITY_ODD; 911 } else { 912 BT_DBG("Parity is EVEN"); 913 parity = RFCOMM_RPN_PARITY_EVEN; 914 } 915 } else { 916 BT_DBG("Parity is OFF"); 917 parity = RFCOMM_RPN_PARITY_NONE; 918 } 919 920 /* Setting the x_on / x_off characters */ 921 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 922 BT_DBG("XOFF custom"); 923 x_on = new->c_cc[VSTOP]; 924 changes |= RFCOMM_RPN_PM_XON; 925 } else { 926 BT_DBG("XOFF default"); 927 x_on = RFCOMM_RPN_XON_CHAR; 928 } 929 930 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 931 BT_DBG("XON custom"); 932 x_off = new->c_cc[VSTART]; 933 changes |= RFCOMM_RPN_PM_XOFF; 934 } else { 935 BT_DBG("XON default"); 936 x_off = RFCOMM_RPN_XOFF_CHAR; 937 } 938 939 /* Handle setting of stop bits */ 940 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 941 changes |= RFCOMM_RPN_PM_STOP; 942 943 /* POSIX does not support 1.5 stop bits and RFCOMM does not 944 * support 2 stop bits. So a request for 2 stop bits gets 945 * translated to 1.5 stop bits */ 946 if (new->c_cflag & CSTOPB) { 947 stop_bits = RFCOMM_RPN_STOP_15; 948 } else { 949 stop_bits = RFCOMM_RPN_STOP_1; 950 } 951 952 /* Handle number of data bits [5-8] */ 953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 954 changes |= RFCOMM_RPN_PM_DATA; 955 956 switch (new->c_cflag & CSIZE) { 957 case CS5: 958 data_bits = RFCOMM_RPN_DATA_5; 959 break; 960 case CS6: 961 data_bits = RFCOMM_RPN_DATA_6; 962 break; 963 case CS7: 964 data_bits = RFCOMM_RPN_DATA_7; 965 break; 966 case CS8: 967 data_bits = RFCOMM_RPN_DATA_8; 968 break; 969 default: 970 data_bits = RFCOMM_RPN_DATA_8; 971 break; 972 } 973 974 /* Handle baudrate settings */ 975 if (old_baud_rate != new_baud_rate) 976 changes |= RFCOMM_RPN_PM_BITRATE; 977 978 switch (new_baud_rate) { 979 case 2400: 980 baud = RFCOMM_RPN_BR_2400; 981 break; 982 case 4800: 983 baud = RFCOMM_RPN_BR_4800; 984 break; 985 case 7200: 986 baud = RFCOMM_RPN_BR_7200; 987 break; 988 case 9600: 989 baud = RFCOMM_RPN_BR_9600; 990 break; 991 case 19200: 992 baud = RFCOMM_RPN_BR_19200; 993 break; 994 case 38400: 995 baud = RFCOMM_RPN_BR_38400; 996 break; 997 case 57600: 998 baud = RFCOMM_RPN_BR_57600; 999 break; 1000 case 115200: 1001 baud = RFCOMM_RPN_BR_115200; 1002 break; 1003 case 230400: 1004 baud = RFCOMM_RPN_BR_230400; 1005 break; 1006 default: 1007 /* 9600 is standard accordinag to the RFCOMM specification */ 1008 baud = RFCOMM_RPN_BR_9600; 1009 break; 1010 1011 } 1012 1013 if (changes) 1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 1015 data_bits, stop_bits, parity, 1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 1017 } 1018 1019 static void rfcomm_tty_throttle(struct tty_struct *tty) 1020 { 1021 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1022 1023 BT_DBG("tty %p dev %p", tty, dev); 1024 1025 rfcomm_dlc_throttle(dev->dlc); 1026 } 1027 1028 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1029 { 1030 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1031 1032 BT_DBG("tty %p dev %p", tty, dev); 1033 1034 rfcomm_dlc_unthrottle(dev->dlc); 1035 } 1036 1037 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1038 { 1039 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1040 1041 BT_DBG("tty %p dev %p", tty, dev); 1042 1043 if (!dev || !dev->dlc) 1044 return 0; 1045 1046 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1047 return dev->dlc->mtu; 1048 1049 return 0; 1050 } 1051 1052 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1053 { 1054 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1055 1056 BT_DBG("tty %p dev %p", tty, dev); 1057 1058 if (!dev || !dev->dlc) 1059 return; 1060 1061 skb_queue_purge(&dev->dlc->tx_queue); 1062 tty_wakeup(tty); 1063 } 1064 1065 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1066 { 1067 BT_DBG("tty %p ch %c", tty, ch); 1068 } 1069 1070 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1071 { 1072 BT_DBG("tty %p timeout %d", tty, timeout); 1073 } 1074 1075 static void rfcomm_tty_hangup(struct tty_struct *tty) 1076 { 1077 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1078 1079 BT_DBG("tty %p dev %p", tty, dev); 1080 1081 if (!dev) 1082 return; 1083 1084 rfcomm_tty_flush_buffer(tty); 1085 1086 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1087 if (rfcomm_dev_get(dev->id) == NULL) 1088 return; 1089 rfcomm_dev_del(dev); 1090 rfcomm_dev_put(dev); 1091 } 1092 } 1093 1094 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp) 1095 { 1096 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1097 1098 BT_DBG("tty %p dev %p", tty, dev); 1099 1100 return dev->modem_status; 1101 } 1102 1103 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear) 1104 { 1105 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1106 struct rfcomm_dlc *dlc = dev->dlc; 1107 u8 v24_sig; 1108 1109 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1110 1111 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1112 1113 if (set & TIOCM_DSR || set & TIOCM_DTR) 1114 v24_sig |= RFCOMM_V24_RTC; 1115 if (set & TIOCM_RTS || set & TIOCM_CTS) 1116 v24_sig |= RFCOMM_V24_RTR; 1117 if (set & TIOCM_RI) 1118 v24_sig |= RFCOMM_V24_IC; 1119 if (set & TIOCM_CD) 1120 v24_sig |= RFCOMM_V24_DV; 1121 1122 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1123 v24_sig &= ~RFCOMM_V24_RTC; 1124 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1125 v24_sig &= ~RFCOMM_V24_RTR; 1126 if (clear & TIOCM_RI) 1127 v24_sig &= ~RFCOMM_V24_IC; 1128 if (clear & TIOCM_CD) 1129 v24_sig &= ~RFCOMM_V24_DV; 1130 1131 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1132 1133 return 0; 1134 } 1135 1136 /* ---- TTY structure ---- */ 1137 1138 static const struct tty_operations rfcomm_ops = { 1139 .open = rfcomm_tty_open, 1140 .close = rfcomm_tty_close, 1141 .write = rfcomm_tty_write, 1142 .write_room = rfcomm_tty_write_room, 1143 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1144 .flush_buffer = rfcomm_tty_flush_buffer, 1145 .ioctl = rfcomm_tty_ioctl, 1146 .throttle = rfcomm_tty_throttle, 1147 .unthrottle = rfcomm_tty_unthrottle, 1148 .set_termios = rfcomm_tty_set_termios, 1149 .send_xchar = rfcomm_tty_send_xchar, 1150 .hangup = rfcomm_tty_hangup, 1151 .wait_until_sent = rfcomm_tty_wait_until_sent, 1152 .tiocmget = rfcomm_tty_tiocmget, 1153 .tiocmset = rfcomm_tty_tiocmset, 1154 }; 1155 1156 int __init rfcomm_init_ttys(void) 1157 { 1158 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1159 if (!rfcomm_tty_driver) 1160 return -1; 1161 1162 rfcomm_tty_driver->owner = THIS_MODULE; 1163 rfcomm_tty_driver->driver_name = "rfcomm"; 1164 rfcomm_tty_driver->name = "rfcomm"; 1165 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1166 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1167 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1168 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1169 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1170 rfcomm_tty_driver->init_termios = tty_std_termios; 1171 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1172 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1173 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1174 1175 if (tty_register_driver(rfcomm_tty_driver)) { 1176 BT_ERR("Can't register RFCOMM TTY driver"); 1177 put_tty_driver(rfcomm_tty_driver); 1178 return -1; 1179 } 1180 1181 BT_INFO("RFCOMM TTY layer initialized"); 1182 1183 return 0; 1184 } 1185 1186 void rfcomm_cleanup_ttys(void) 1187 { 1188 tty_unregister_driver(rfcomm_tty_driver); 1189 put_tty_driver(rfcomm_tty_driver); 1190 } 1191