1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * RFCOMM TTY. 26 */ 27 28 #include <linux/module.h> 29 30 #include <linux/tty.h> 31 #include <linux/tty_driver.h> 32 #include <linux/tty_flip.h> 33 34 #include <net/bluetooth/bluetooth.h> 35 #include <net/bluetooth/hci_core.h> 36 #include <net/bluetooth/rfcomm.h> 37 38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 41 #define RFCOMM_TTY_MINOR 0 42 43 static struct tty_driver *rfcomm_tty_driver; 44 45 struct rfcomm_dev { 46 struct tty_port port; 47 struct list_head list; 48 49 char name[12]; 50 int id; 51 unsigned long flags; 52 int err; 53 54 bdaddr_t src; 55 bdaddr_t dst; 56 u8 channel; 57 58 uint modem_status; 59 60 struct rfcomm_dlc *dlc; 61 wait_queue_head_t wait; 62 63 struct device *tty_dev; 64 65 atomic_t wmem_alloc; 66 67 struct sk_buff_head pending; 68 }; 69 70 static LIST_HEAD(rfcomm_dev_list); 71 static DEFINE_SPINLOCK(rfcomm_dev_lock); 72 73 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 74 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 75 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 76 77 /* ---- Device functions ---- */ 78 79 /* 80 * The reason this isn't actually a race, as you no doubt have a little voice 81 * screaming at you in your head, is that the refcount should never actually 82 * reach zero unless the device has already been taken off the list, in 83 * rfcomm_dev_del(). And if that's not true, we'll hit the BUG() in 84 * rfcomm_dev_destruct() anyway. 85 */ 86 static void rfcomm_dev_destruct(struct tty_port *port) 87 { 88 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 89 struct rfcomm_dlc *dlc = dev->dlc; 90 91 BT_DBG("dev %p dlc %p", dev, dlc); 92 93 /* Refcount should only hit zero when called from rfcomm_dev_del() 94 which will have taken us off the list. Everything else are 95 refcounting bugs. */ 96 BUG_ON(!list_empty(&dev->list)); 97 98 rfcomm_dlc_lock(dlc); 99 /* Detach DLC if it's owned by this dev */ 100 if (dlc->owner == dev) 101 dlc->owner = NULL; 102 rfcomm_dlc_unlock(dlc); 103 104 rfcomm_dlc_put(dlc); 105 106 tty_unregister_device(rfcomm_tty_driver, dev->id); 107 108 kfree(dev); 109 110 /* It's safe to call module_put() here because socket still 111 holds reference to this module. */ 112 module_put(THIS_MODULE); 113 } 114 115 static const struct tty_port_operations rfcomm_port_ops = { 116 .destruct = rfcomm_dev_destruct, 117 }; 118 119 static struct rfcomm_dev *__rfcomm_dev_get(int id) 120 { 121 struct rfcomm_dev *dev; 122 123 list_for_each_entry(dev, &rfcomm_dev_list, list) 124 if (dev->id == id) 125 return dev; 126 127 return NULL; 128 } 129 130 static struct rfcomm_dev *rfcomm_dev_get(int id) 131 { 132 struct rfcomm_dev *dev; 133 134 spin_lock(&rfcomm_dev_lock); 135 136 dev = __rfcomm_dev_get(id); 137 138 if (dev) { 139 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 140 dev = NULL; 141 else 142 tty_port_get(&dev->port); 143 } 144 145 spin_unlock(&rfcomm_dev_lock); 146 147 return dev; 148 } 149 150 static struct device *rfcomm_get_device(struct rfcomm_dev *dev) 151 { 152 struct hci_dev *hdev; 153 struct hci_conn *conn; 154 155 hdev = hci_get_route(&dev->dst, &dev->src); 156 if (!hdev) 157 return NULL; 158 159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 160 161 hci_dev_put(hdev); 162 163 return conn ? &conn->dev : NULL; 164 } 165 166 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 167 { 168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 169 return sprintf(buf, "%s\n", batostr(&dev->dst)); 170 } 171 172 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 173 { 174 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 175 return sprintf(buf, "%d\n", dev->channel); 176 } 177 178 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 179 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); 180 181 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 182 { 183 struct rfcomm_dev *dev, *entry; 184 struct list_head *head = &rfcomm_dev_list; 185 int err = 0; 186 187 BT_DBG("id %d channel %d", req->dev_id, req->channel); 188 189 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 190 if (!dev) 191 return -ENOMEM; 192 193 spin_lock(&rfcomm_dev_lock); 194 195 if (req->dev_id < 0) { 196 dev->id = 0; 197 198 list_for_each_entry(entry, &rfcomm_dev_list, list) { 199 if (entry->id != dev->id) 200 break; 201 202 dev->id++; 203 head = &entry->list; 204 } 205 } else { 206 dev->id = req->dev_id; 207 208 list_for_each_entry(entry, &rfcomm_dev_list, list) { 209 if (entry->id == dev->id) { 210 err = -EADDRINUSE; 211 goto out; 212 } 213 214 if (entry->id > dev->id - 1) 215 break; 216 217 head = &entry->list; 218 } 219 } 220 221 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 222 err = -ENFILE; 223 goto out; 224 } 225 226 sprintf(dev->name, "rfcomm%d", dev->id); 227 228 list_add(&dev->list, head); 229 230 bacpy(&dev->src, &req->src); 231 bacpy(&dev->dst, &req->dst); 232 dev->channel = req->channel; 233 234 dev->flags = req->flags & 235 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 236 237 tty_port_init(&dev->port); 238 dev->port.ops = &rfcomm_port_ops; 239 init_waitqueue_head(&dev->wait); 240 241 skb_queue_head_init(&dev->pending); 242 243 rfcomm_dlc_lock(dlc); 244 245 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 246 struct sock *sk = dlc->owner; 247 struct sk_buff *skb; 248 249 BUG_ON(!sk); 250 251 rfcomm_dlc_throttle(dlc); 252 253 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 254 skb_orphan(skb); 255 skb_queue_tail(&dev->pending, skb); 256 atomic_sub(skb->len, &sk->sk_rmem_alloc); 257 } 258 } 259 260 dlc->data_ready = rfcomm_dev_data_ready; 261 dlc->state_change = rfcomm_dev_state_change; 262 dlc->modem_status = rfcomm_dev_modem_status; 263 264 dlc->owner = dev; 265 dev->dlc = dlc; 266 267 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 268 269 rfcomm_dlc_unlock(dlc); 270 271 /* It's safe to call __module_get() here because socket already 272 holds reference to this module. */ 273 __module_get(THIS_MODULE); 274 275 out: 276 spin_unlock(&rfcomm_dev_lock); 277 278 if (err < 0) 279 goto free; 280 281 dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver, 282 dev->id, NULL); 283 if (IS_ERR(dev->tty_dev)) { 284 err = PTR_ERR(dev->tty_dev); 285 list_del(&dev->list); 286 goto free; 287 } 288 289 dev_set_drvdata(dev->tty_dev, dev); 290 291 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 292 BT_ERR("Failed to create address attribute"); 293 294 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 295 BT_ERR("Failed to create channel attribute"); 296 297 return dev->id; 298 299 free: 300 kfree(dev); 301 return err; 302 } 303 304 static void rfcomm_dev_del(struct rfcomm_dev *dev) 305 { 306 unsigned long flags; 307 BT_DBG("dev %p", dev); 308 309 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); 310 311 spin_lock_irqsave(&dev->port.lock, flags); 312 if (dev->port.count > 0) { 313 spin_unlock_irqrestore(&dev->port.lock, flags); 314 return; 315 } 316 spin_unlock_irqrestore(&dev->port.lock, flags); 317 318 spin_lock(&rfcomm_dev_lock); 319 list_del_init(&dev->list); 320 spin_unlock(&rfcomm_dev_lock); 321 322 tty_port_put(&dev->port); 323 } 324 325 /* ---- Send buffer ---- */ 326 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 327 { 328 /* We can't let it be zero, because we don't get a callback 329 when tx_credits becomes nonzero, hence we'd never wake up */ 330 return dlc->mtu * (dlc->tx_credits?:1); 331 } 332 333 static void rfcomm_wfree(struct sk_buff *skb) 334 { 335 struct rfcomm_dev *dev = (void *) skb->sk; 336 struct tty_struct *tty = dev->port.tty; 337 atomic_sub(skb->truesize, &dev->wmem_alloc); 338 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags) && tty) 339 tty_wakeup(tty); 340 tty_port_put(&dev->port); 341 } 342 343 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 344 { 345 tty_port_get(&dev->port); 346 atomic_add(skb->truesize, &dev->wmem_alloc); 347 skb->sk = (void *) dev; 348 skb->destructor = rfcomm_wfree; 349 } 350 351 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 352 { 353 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { 354 struct sk_buff *skb = alloc_skb(size, priority); 355 if (skb) { 356 rfcomm_set_owner_w(skb, dev); 357 return skb; 358 } 359 } 360 return NULL; 361 } 362 363 /* ---- Device IOCTLs ---- */ 364 365 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 366 367 static int rfcomm_create_dev(struct sock *sk, void __user *arg) 368 { 369 struct rfcomm_dev_req req; 370 struct rfcomm_dlc *dlc; 371 int id; 372 373 if (copy_from_user(&req, arg, sizeof(req))) 374 return -EFAULT; 375 376 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 377 378 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 379 return -EPERM; 380 381 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 382 /* Socket must be connected */ 383 if (sk->sk_state != BT_CONNECTED) 384 return -EBADFD; 385 386 dlc = rfcomm_pi(sk)->dlc; 387 rfcomm_dlc_hold(dlc); 388 } else { 389 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 390 if (!dlc) 391 return -ENOMEM; 392 } 393 394 id = rfcomm_dev_add(&req, dlc); 395 if (id < 0) { 396 rfcomm_dlc_put(dlc); 397 return id; 398 } 399 400 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 401 /* DLC is now used by device. 402 * Socket must be disconnected */ 403 sk->sk_state = BT_CLOSED; 404 } 405 406 return id; 407 } 408 409 static int rfcomm_release_dev(void __user *arg) 410 { 411 struct rfcomm_dev_req req; 412 struct rfcomm_dev *dev; 413 414 if (copy_from_user(&req, arg, sizeof(req))) 415 return -EFAULT; 416 417 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 418 419 dev = rfcomm_dev_get(req.dev_id); 420 if (!dev) 421 return -ENODEV; 422 423 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 424 tty_port_put(&dev->port); 425 return -EPERM; 426 } 427 428 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 429 rfcomm_dlc_close(dev->dlc, 0); 430 431 /* Shut down TTY synchronously before freeing rfcomm_dev */ 432 if (dev->port.tty) 433 tty_vhangup(dev->port.tty); 434 435 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 436 rfcomm_dev_del(dev); 437 tty_port_put(&dev->port); 438 return 0; 439 } 440 441 static int rfcomm_get_dev_list(void __user *arg) 442 { 443 struct rfcomm_dev *dev; 444 struct rfcomm_dev_list_req *dl; 445 struct rfcomm_dev_info *di; 446 int n = 0, size, err; 447 u16 dev_num; 448 449 BT_DBG(""); 450 451 if (get_user(dev_num, (u16 __user *) arg)) 452 return -EFAULT; 453 454 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 455 return -EINVAL; 456 457 size = sizeof(*dl) + dev_num * sizeof(*di); 458 459 dl = kzalloc(size, GFP_KERNEL); 460 if (!dl) 461 return -ENOMEM; 462 463 di = dl->dev_info; 464 465 spin_lock(&rfcomm_dev_lock); 466 467 list_for_each_entry(dev, &rfcomm_dev_list, list) { 468 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) 469 continue; 470 (di + n)->id = dev->id; 471 (di + n)->flags = dev->flags; 472 (di + n)->state = dev->dlc->state; 473 (di + n)->channel = dev->channel; 474 bacpy(&(di + n)->src, &dev->src); 475 bacpy(&(di + n)->dst, &dev->dst); 476 if (++n >= dev_num) 477 break; 478 } 479 480 spin_unlock(&rfcomm_dev_lock); 481 482 dl->dev_num = n; 483 size = sizeof(*dl) + n * sizeof(*di); 484 485 err = copy_to_user(arg, dl, size); 486 kfree(dl); 487 488 return err ? -EFAULT : 0; 489 } 490 491 static int rfcomm_get_dev_info(void __user *arg) 492 { 493 struct rfcomm_dev *dev; 494 struct rfcomm_dev_info di; 495 int err = 0; 496 497 BT_DBG(""); 498 499 if (copy_from_user(&di, arg, sizeof(di))) 500 return -EFAULT; 501 502 dev = rfcomm_dev_get(di.id); 503 if (!dev) 504 return -ENODEV; 505 506 di.flags = dev->flags; 507 di.channel = dev->channel; 508 di.state = dev->dlc->state; 509 bacpy(&di.src, &dev->src); 510 bacpy(&di.dst, &dev->dst); 511 512 if (copy_to_user(arg, &di, sizeof(di))) 513 err = -EFAULT; 514 515 tty_port_put(&dev->port); 516 return err; 517 } 518 519 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 520 { 521 BT_DBG("cmd %d arg %p", cmd, arg); 522 523 switch (cmd) { 524 case RFCOMMCREATEDEV: 525 return rfcomm_create_dev(sk, arg); 526 527 case RFCOMMRELEASEDEV: 528 return rfcomm_release_dev(arg); 529 530 case RFCOMMGETDEVLIST: 531 return rfcomm_get_dev_list(arg); 532 533 case RFCOMMGETDEVINFO: 534 return rfcomm_get_dev_info(arg); 535 } 536 537 return -EINVAL; 538 } 539 540 /* ---- DLC callbacks ---- */ 541 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 542 { 543 struct rfcomm_dev *dev = dlc->owner; 544 struct tty_struct *tty; 545 546 if (!dev) { 547 kfree_skb(skb); 548 return; 549 } 550 551 tty = dev->port.tty; 552 if (!tty || !skb_queue_empty(&dev->pending)) { 553 skb_queue_tail(&dev->pending, skb); 554 return; 555 } 556 557 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 558 559 tty_insert_flip_string(tty, skb->data, skb->len); 560 tty_flip_buffer_push(tty); 561 562 kfree_skb(skb); 563 } 564 565 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 566 { 567 struct rfcomm_dev *dev = dlc->owner; 568 if (!dev) 569 return; 570 571 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 572 573 dev->err = err; 574 wake_up_interruptible(&dev->wait); 575 576 if (dlc->state == BT_CLOSED) { 577 if (!dev->port.tty) { 578 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 579 /* Drop DLC lock here to avoid deadlock 580 * 1. rfcomm_dev_get will take rfcomm_dev_lock 581 * but in rfcomm_dev_add there's lock order: 582 * rfcomm_dev_lock -> dlc lock 583 * 2. tty_port_put will deadlock if it's 584 * the last reference 585 */ 586 rfcomm_dlc_unlock(dlc); 587 if (rfcomm_dev_get(dev->id) == NULL) { 588 rfcomm_dlc_lock(dlc); 589 return; 590 } 591 592 rfcomm_dev_del(dev); 593 tty_port_put(&dev->port); 594 rfcomm_dlc_lock(dlc); 595 } 596 } else 597 tty_hangup(dev->port.tty); 598 } 599 } 600 601 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 602 { 603 struct rfcomm_dev *dev = dlc->owner; 604 if (!dev) 605 return; 606 607 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 608 609 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 610 if (dev->port.tty && !C_CLOCAL(dev->port.tty)) 611 tty_hangup(dev->port.tty); 612 } 613 614 dev->modem_status = 615 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 616 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 617 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 618 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 619 } 620 621 /* ---- TTY functions ---- */ 622 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 623 { 624 struct tty_struct *tty = dev->port.tty; 625 struct sk_buff *skb; 626 int inserted = 0; 627 628 if (!tty) 629 return; 630 631 BT_DBG("dev %p tty %p", dev, tty); 632 633 rfcomm_dlc_lock(dev->dlc); 634 635 while ((skb = skb_dequeue(&dev->pending))) { 636 inserted += tty_insert_flip_string(tty, skb->data, skb->len); 637 kfree_skb(skb); 638 } 639 640 rfcomm_dlc_unlock(dev->dlc); 641 642 if (inserted > 0) 643 tty_flip_buffer_push(tty); 644 } 645 646 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 647 { 648 DECLARE_WAITQUEUE(wait, current); 649 struct rfcomm_dev *dev; 650 struct rfcomm_dlc *dlc; 651 unsigned long flags; 652 int err, id; 653 654 id = tty->index; 655 656 BT_DBG("tty %p id %d", tty, id); 657 658 /* We don't leak this refcount. For reasons which are not entirely 659 clear, the TTY layer will call our ->close() method even if the 660 open fails. We decrease the refcount there, and decreasing it 661 here too would cause breakage. */ 662 dev = rfcomm_dev_get(id); 663 if (!dev) 664 return -ENODEV; 665 666 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 667 dev->channel, dev->port.count); 668 669 spin_lock_irqsave(&dev->port.lock, flags); 670 if (++dev->port.count > 1) { 671 spin_unlock_irqrestore(&dev->port.lock, flags); 672 return 0; 673 } 674 spin_unlock_irqrestore(&dev->port.lock, flags); 675 676 dlc = dev->dlc; 677 678 /* Attach TTY and open DLC */ 679 680 rfcomm_dlc_lock(dlc); 681 tty->driver_data = dev; 682 dev->port.tty = tty; 683 rfcomm_dlc_unlock(dlc); 684 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 685 686 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 687 if (err < 0) 688 return err; 689 690 /* Wait for DLC to connect */ 691 add_wait_queue(&dev->wait, &wait); 692 while (1) { 693 set_current_state(TASK_INTERRUPTIBLE); 694 695 if (dlc->state == BT_CLOSED) { 696 err = -dev->err; 697 break; 698 } 699 700 if (dlc->state == BT_CONNECTED) 701 break; 702 703 if (signal_pending(current)) { 704 err = -EINTR; 705 break; 706 } 707 708 tty_unlock(tty); 709 schedule(); 710 tty_lock(tty); 711 } 712 set_current_state(TASK_RUNNING); 713 remove_wait_queue(&dev->wait, &wait); 714 715 if (err == 0) 716 device_move(dev->tty_dev, rfcomm_get_device(dev), 717 DPM_ORDER_DEV_AFTER_PARENT); 718 719 rfcomm_tty_copy_pending(dev); 720 721 rfcomm_dlc_unthrottle(dev->dlc); 722 723 return err; 724 } 725 726 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 727 { 728 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 729 unsigned long flags; 730 731 if (!dev) 732 return; 733 734 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 735 dev->port.count); 736 737 spin_lock_irqsave(&dev->port.lock, flags); 738 if (!--dev->port.count) { 739 spin_unlock_irqrestore(&dev->port.lock, flags); 740 if (dev->tty_dev->parent) 741 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 742 743 /* Close DLC and dettach TTY */ 744 rfcomm_dlc_close(dev->dlc, 0); 745 746 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 747 748 rfcomm_dlc_lock(dev->dlc); 749 tty->driver_data = NULL; 750 dev->port.tty = NULL; 751 rfcomm_dlc_unlock(dev->dlc); 752 753 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) { 754 spin_lock(&rfcomm_dev_lock); 755 list_del_init(&dev->list); 756 spin_unlock(&rfcomm_dev_lock); 757 758 tty_port_put(&dev->port); 759 } 760 } else 761 spin_unlock_irqrestore(&dev->port.lock, flags); 762 763 tty_port_put(&dev->port); 764 } 765 766 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 767 { 768 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 769 struct rfcomm_dlc *dlc = dev->dlc; 770 struct sk_buff *skb; 771 int err = 0, sent = 0, size; 772 773 BT_DBG("tty %p count %d", tty, count); 774 775 while (count) { 776 size = min_t(uint, count, dlc->mtu); 777 778 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 779 780 if (!skb) 781 break; 782 783 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 784 785 memcpy(skb_put(skb, size), buf + sent, size); 786 787 err = rfcomm_dlc_send(dlc, skb); 788 if (err < 0) { 789 kfree_skb(skb); 790 break; 791 } 792 793 sent += size; 794 count -= size; 795 } 796 797 return sent ? sent : err; 798 } 799 800 static int rfcomm_tty_write_room(struct tty_struct *tty) 801 { 802 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 803 int room; 804 805 BT_DBG("tty %p", tty); 806 807 if (!dev || !dev->dlc) 808 return 0; 809 810 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 811 if (room < 0) 812 room = 0; 813 814 return room; 815 } 816 817 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 818 { 819 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 820 821 switch (cmd) { 822 case TCGETS: 823 BT_DBG("TCGETS is not supported"); 824 return -ENOIOCTLCMD; 825 826 case TCSETS: 827 BT_DBG("TCSETS is not supported"); 828 return -ENOIOCTLCMD; 829 830 case TIOCMIWAIT: 831 BT_DBG("TIOCMIWAIT"); 832 break; 833 834 case TIOCGSERIAL: 835 BT_ERR("TIOCGSERIAL is not supported"); 836 return -ENOIOCTLCMD; 837 838 case TIOCSSERIAL: 839 BT_ERR("TIOCSSERIAL is not supported"); 840 return -ENOIOCTLCMD; 841 842 case TIOCSERGSTRUCT: 843 BT_ERR("TIOCSERGSTRUCT is not supported"); 844 return -ENOIOCTLCMD; 845 846 case TIOCSERGETLSR: 847 BT_ERR("TIOCSERGETLSR is not supported"); 848 return -ENOIOCTLCMD; 849 850 case TIOCSERCONFIG: 851 BT_ERR("TIOCSERCONFIG is not supported"); 852 return -ENOIOCTLCMD; 853 854 default: 855 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 856 857 } 858 859 return -ENOIOCTLCMD; 860 } 861 862 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 863 { 864 struct ktermios *new = &tty->termios; 865 int old_baud_rate = tty_termios_baud_rate(old); 866 int new_baud_rate = tty_termios_baud_rate(new); 867 868 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 869 u16 changes = 0; 870 871 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 872 873 BT_DBG("tty %p termios %p", tty, old); 874 875 if (!dev || !dev->dlc || !dev->dlc->session) 876 return; 877 878 /* Handle turning off CRTSCTS */ 879 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 880 BT_DBG("Turning off CRTSCTS unsupported"); 881 882 /* Parity on/off and when on, odd/even */ 883 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 884 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 885 changes |= RFCOMM_RPN_PM_PARITY; 886 BT_DBG("Parity change detected."); 887 } 888 889 /* Mark and space parity are not supported! */ 890 if (new->c_cflag & PARENB) { 891 if (new->c_cflag & PARODD) { 892 BT_DBG("Parity is ODD"); 893 parity = RFCOMM_RPN_PARITY_ODD; 894 } else { 895 BT_DBG("Parity is EVEN"); 896 parity = RFCOMM_RPN_PARITY_EVEN; 897 } 898 } else { 899 BT_DBG("Parity is OFF"); 900 parity = RFCOMM_RPN_PARITY_NONE; 901 } 902 903 /* Setting the x_on / x_off characters */ 904 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 905 BT_DBG("XOFF custom"); 906 x_on = new->c_cc[VSTOP]; 907 changes |= RFCOMM_RPN_PM_XON; 908 } else { 909 BT_DBG("XOFF default"); 910 x_on = RFCOMM_RPN_XON_CHAR; 911 } 912 913 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 914 BT_DBG("XON custom"); 915 x_off = new->c_cc[VSTART]; 916 changes |= RFCOMM_RPN_PM_XOFF; 917 } else { 918 BT_DBG("XON default"); 919 x_off = RFCOMM_RPN_XOFF_CHAR; 920 } 921 922 /* Handle setting of stop bits */ 923 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 924 changes |= RFCOMM_RPN_PM_STOP; 925 926 /* POSIX does not support 1.5 stop bits and RFCOMM does not 927 * support 2 stop bits. So a request for 2 stop bits gets 928 * translated to 1.5 stop bits */ 929 if (new->c_cflag & CSTOPB) 930 stop_bits = RFCOMM_RPN_STOP_15; 931 else 932 stop_bits = RFCOMM_RPN_STOP_1; 933 934 /* Handle number of data bits [5-8] */ 935 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 936 changes |= RFCOMM_RPN_PM_DATA; 937 938 switch (new->c_cflag & CSIZE) { 939 case CS5: 940 data_bits = RFCOMM_RPN_DATA_5; 941 break; 942 case CS6: 943 data_bits = RFCOMM_RPN_DATA_6; 944 break; 945 case CS7: 946 data_bits = RFCOMM_RPN_DATA_7; 947 break; 948 case CS8: 949 data_bits = RFCOMM_RPN_DATA_8; 950 break; 951 default: 952 data_bits = RFCOMM_RPN_DATA_8; 953 break; 954 } 955 956 /* Handle baudrate settings */ 957 if (old_baud_rate != new_baud_rate) 958 changes |= RFCOMM_RPN_PM_BITRATE; 959 960 switch (new_baud_rate) { 961 case 2400: 962 baud = RFCOMM_RPN_BR_2400; 963 break; 964 case 4800: 965 baud = RFCOMM_RPN_BR_4800; 966 break; 967 case 7200: 968 baud = RFCOMM_RPN_BR_7200; 969 break; 970 case 9600: 971 baud = RFCOMM_RPN_BR_9600; 972 break; 973 case 19200: 974 baud = RFCOMM_RPN_BR_19200; 975 break; 976 case 38400: 977 baud = RFCOMM_RPN_BR_38400; 978 break; 979 case 57600: 980 baud = RFCOMM_RPN_BR_57600; 981 break; 982 case 115200: 983 baud = RFCOMM_RPN_BR_115200; 984 break; 985 case 230400: 986 baud = RFCOMM_RPN_BR_230400; 987 break; 988 default: 989 /* 9600 is standard accordinag to the RFCOMM specification */ 990 baud = RFCOMM_RPN_BR_9600; 991 break; 992 993 } 994 995 if (changes) 996 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 997 data_bits, stop_bits, parity, 998 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 999 } 1000 1001 static void rfcomm_tty_throttle(struct tty_struct *tty) 1002 { 1003 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1004 1005 BT_DBG("tty %p dev %p", tty, dev); 1006 1007 rfcomm_dlc_throttle(dev->dlc); 1008 } 1009 1010 static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1011 { 1012 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1013 1014 BT_DBG("tty %p dev %p", tty, dev); 1015 1016 rfcomm_dlc_unthrottle(dev->dlc); 1017 } 1018 1019 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1020 { 1021 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1022 1023 BT_DBG("tty %p dev %p", tty, dev); 1024 1025 if (!dev || !dev->dlc) 1026 return 0; 1027 1028 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1029 return dev->dlc->mtu; 1030 1031 return 0; 1032 } 1033 1034 static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1035 { 1036 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1037 1038 BT_DBG("tty %p dev %p", tty, dev); 1039 1040 if (!dev || !dev->dlc) 1041 return; 1042 1043 skb_queue_purge(&dev->dlc->tx_queue); 1044 tty_wakeup(tty); 1045 } 1046 1047 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1048 { 1049 BT_DBG("tty %p ch %c", tty, ch); 1050 } 1051 1052 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1053 { 1054 BT_DBG("tty %p timeout %d", tty, timeout); 1055 } 1056 1057 static void rfcomm_tty_hangup(struct tty_struct *tty) 1058 { 1059 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1060 1061 BT_DBG("tty %p dev %p", tty, dev); 1062 1063 if (!dev) 1064 return; 1065 1066 rfcomm_tty_flush_buffer(tty); 1067 1068 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1069 if (rfcomm_dev_get(dev->id) == NULL) 1070 return; 1071 rfcomm_dev_del(dev); 1072 tty_port_put(&dev->port); 1073 } 1074 } 1075 1076 static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1077 { 1078 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1079 1080 BT_DBG("tty %p dev %p", tty, dev); 1081 1082 return dev->modem_status; 1083 } 1084 1085 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1086 { 1087 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1088 struct rfcomm_dlc *dlc = dev->dlc; 1089 u8 v24_sig; 1090 1091 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1092 1093 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1094 1095 if (set & TIOCM_DSR || set & TIOCM_DTR) 1096 v24_sig |= RFCOMM_V24_RTC; 1097 if (set & TIOCM_RTS || set & TIOCM_CTS) 1098 v24_sig |= RFCOMM_V24_RTR; 1099 if (set & TIOCM_RI) 1100 v24_sig |= RFCOMM_V24_IC; 1101 if (set & TIOCM_CD) 1102 v24_sig |= RFCOMM_V24_DV; 1103 1104 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1105 v24_sig &= ~RFCOMM_V24_RTC; 1106 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1107 v24_sig &= ~RFCOMM_V24_RTR; 1108 if (clear & TIOCM_RI) 1109 v24_sig &= ~RFCOMM_V24_IC; 1110 if (clear & TIOCM_CD) 1111 v24_sig &= ~RFCOMM_V24_DV; 1112 1113 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1114 1115 return 0; 1116 } 1117 1118 /* ---- TTY structure ---- */ 1119 1120 static const struct tty_operations rfcomm_ops = { 1121 .open = rfcomm_tty_open, 1122 .close = rfcomm_tty_close, 1123 .write = rfcomm_tty_write, 1124 .write_room = rfcomm_tty_write_room, 1125 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1126 .flush_buffer = rfcomm_tty_flush_buffer, 1127 .ioctl = rfcomm_tty_ioctl, 1128 .throttle = rfcomm_tty_throttle, 1129 .unthrottle = rfcomm_tty_unthrottle, 1130 .set_termios = rfcomm_tty_set_termios, 1131 .send_xchar = rfcomm_tty_send_xchar, 1132 .hangup = rfcomm_tty_hangup, 1133 .wait_until_sent = rfcomm_tty_wait_until_sent, 1134 .tiocmget = rfcomm_tty_tiocmget, 1135 .tiocmset = rfcomm_tty_tiocmset, 1136 }; 1137 1138 int __init rfcomm_init_ttys(void) 1139 { 1140 int error; 1141 1142 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1143 if (!rfcomm_tty_driver) 1144 return -ENOMEM; 1145 1146 rfcomm_tty_driver->driver_name = "rfcomm"; 1147 rfcomm_tty_driver->name = "rfcomm"; 1148 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1149 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1150 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1151 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1152 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1153 rfcomm_tty_driver->init_termios = tty_std_termios; 1154 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1155 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1156 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1157 1158 error = tty_register_driver(rfcomm_tty_driver); 1159 if (error) { 1160 BT_ERR("Can't register RFCOMM TTY driver"); 1161 put_tty_driver(rfcomm_tty_driver); 1162 return error; 1163 } 1164 1165 BT_INFO("RFCOMM TTY layer initialized"); 1166 1167 return 0; 1168 } 1169 1170 void rfcomm_cleanup_ttys(void) 1171 { 1172 tty_unregister_driver(rfcomm_tty_driver); 1173 put_tty_driver(rfcomm_tty_driver); 1174 } 1175