1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * RFCOMM TTY. 26 */ 27 28#include <linux/module.h> 29 30#include <linux/tty.h> 31#include <linux/tty_driver.h> 32#include <linux/tty_flip.h> 33 34#include <net/bluetooth/bluetooth.h> 35#include <net/bluetooth/hci_core.h> 36#include <net/bluetooth/rfcomm.h> 37 38#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ 39#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ 40#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ 41#define RFCOMM_TTY_MINOR 0 42 43static DEFINE_MUTEX(rfcomm_ioctl_mutex); 44static struct tty_driver *rfcomm_tty_driver; 45 46struct rfcomm_dev { 47 struct tty_port port; 48 struct list_head list; 49 50 char name[12]; 51 int id; 52 unsigned long flags; 53 int err; 54 55 unsigned long status; /* don't export to userspace */ 56 57 bdaddr_t src; 58 bdaddr_t dst; 59 u8 channel; 60 61 uint modem_status; 62 63 struct rfcomm_dlc *dlc; 64 65 struct device *tty_dev; 66 67 atomic_t wmem_alloc; 68 69 struct sk_buff_head pending; 70}; 71 72static LIST_HEAD(rfcomm_dev_list); 73static DEFINE_MUTEX(rfcomm_dev_lock); 74 75static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); 76static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); 77static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); 78 79/* ---- Device functions ---- */ 80 81static void rfcomm_dev_destruct(struct tty_port *port) 82{ 83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 84 struct rfcomm_dlc *dlc = dev->dlc; 85 86 BT_DBG("dev %p dlc %p", dev, dlc); 87 88 rfcomm_dlc_lock(dlc); 89 /* Detach DLC if it's owned by this dev */ 90 if (dlc->owner == dev) 91 dlc->owner = NULL; 92 rfcomm_dlc_unlock(dlc); 93 94 rfcomm_dlc_put(dlc); 95 96 if (dev->tty_dev) 97 tty_unregister_device(rfcomm_tty_driver, dev->id); 98 99 mutex_lock(&rfcomm_dev_lock); 100 list_del(&dev->list); 101 mutex_unlock(&rfcomm_dev_lock); 102 103 kfree(dev); 104 105 /* It's safe to call module_put() here because socket still 106 holds reference to this module. */ 107 module_put(THIS_MODULE); 108} 109 110/* device-specific initialization: open the dlc */ 111static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) 112{ 113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 114 int err; 115 116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); 117 if (err) 118 set_bit(TTY_IO_ERROR, &tty->flags); 119 return err; 120} 121 122/* we block the open until the dlc->state becomes BT_CONNECTED */ 123static int rfcomm_dev_carrier_raised(struct tty_port *port) 124{ 125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 126 127 return (dev->dlc->state == BT_CONNECTED); 128} 129 130/* device-specific cleanup: close the dlc */ 131static void rfcomm_dev_shutdown(struct tty_port *port) 132{ 133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 134 135 if (dev->tty_dev->parent) 136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); 137 138 /* close the dlc */ 139 rfcomm_dlc_close(dev->dlc, 0); 140} 141 142static const struct tty_port_operations rfcomm_port_ops = { 143 .destruct = rfcomm_dev_destruct, 144 .activate = rfcomm_dev_activate, 145 .shutdown = rfcomm_dev_shutdown, 146 .carrier_raised = rfcomm_dev_carrier_raised, 147}; 148 149static struct rfcomm_dev *__rfcomm_dev_lookup(int id) 150{ 151 struct rfcomm_dev *dev; 152 153 list_for_each_entry(dev, &rfcomm_dev_list, list) 154 if (dev->id == id) 155 return dev; 156 157 return NULL; 158} 159 160static struct rfcomm_dev *rfcomm_dev_get(int id) 161{ 162 struct rfcomm_dev *dev; 163 164 mutex_lock(&rfcomm_dev_lock); 165 166 dev = __rfcomm_dev_lookup(id); 167 168 if (dev && !tty_port_get(&dev->port)) 169 dev = NULL; 170 171 mutex_unlock(&rfcomm_dev_lock); 172 173 return dev; 174} 175 176static void rfcomm_reparent_device(struct rfcomm_dev *dev) 177{ 178 struct hci_dev *hdev; 179 struct hci_conn *conn; 180 181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR); 182 if (!hdev) 183 return; 184 185 /* The lookup results are unsafe to access without the 186 * hci device lock (FIXME: why is this not documented?) 187 */ 188 hci_dev_lock(hdev); 189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); 190 191 /* Just because the acl link is in the hash table is no 192 * guarantee the sysfs device has been added ... 193 */ 194 if (conn && device_is_registered(&conn->dev)) 195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); 196 197 hci_dev_unlock(hdev); 198 hci_dev_put(hdev); 199} 200 201static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 202{ 203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 204 return sprintf(buf, "%pMR\n", &dev->dst); 205} 206 207static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 208{ 209 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 210 return sprintf(buf, "%d\n", dev->channel); 211} 212 213static DEVICE_ATTR(address, 0444, show_address, NULL); 214static DEVICE_ATTR(channel, 0444, show_channel, NULL); 215 216static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, 217 struct rfcomm_dlc *dlc) 218{ 219 struct rfcomm_dev *dev, *entry; 220 struct list_head *head = &rfcomm_dev_list; 221 int err = 0; 222 223 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); 224 if (!dev) 225 return ERR_PTR(-ENOMEM); 226 227 mutex_lock(&rfcomm_dev_lock); 228 229 if (req->dev_id < 0) { 230 dev->id = 0; 231 232 list_for_each_entry(entry, &rfcomm_dev_list, list) { 233 if (entry->id != dev->id) 234 break; 235 236 dev->id++; 237 head = &entry->list; 238 } 239 } else { 240 dev->id = req->dev_id; 241 242 list_for_each_entry(entry, &rfcomm_dev_list, list) { 243 if (entry->id == dev->id) { 244 err = -EADDRINUSE; 245 goto out; 246 } 247 248 if (entry->id > dev->id - 1) 249 break; 250 251 head = &entry->list; 252 } 253 } 254 255 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { 256 err = -ENFILE; 257 goto out; 258 } 259 260 sprintf(dev->name, "rfcomm%d", dev->id); 261 262 list_add(&dev->list, head); 263 264 bacpy(&dev->src, &req->src); 265 bacpy(&dev->dst, &req->dst); 266 dev->channel = req->channel; 267 268 dev->flags = req->flags & 269 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); 270 271 tty_port_init(&dev->port); 272 dev->port.ops = &rfcomm_port_ops; 273 274 skb_queue_head_init(&dev->pending); 275 276 rfcomm_dlc_lock(dlc); 277 278 if (req->flags & (1 << RFCOMM_REUSE_DLC)) { 279 struct sock *sk = dlc->owner; 280 struct sk_buff *skb; 281 282 BUG_ON(!sk); 283 284 rfcomm_dlc_throttle(dlc); 285 286 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 287 skb_orphan(skb); 288 skb_queue_tail(&dev->pending, skb); 289 atomic_sub(skb->len, &sk->sk_rmem_alloc); 290 } 291 } 292 293 dlc->data_ready = rfcomm_dev_data_ready; 294 dlc->state_change = rfcomm_dev_state_change; 295 dlc->modem_status = rfcomm_dev_modem_status; 296 297 dlc->owner = dev; 298 dev->dlc = dlc; 299 300 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); 301 302 rfcomm_dlc_unlock(dlc); 303 304 /* It's safe to call __module_get() here because socket already 305 holds reference to this module. */ 306 __module_get(THIS_MODULE); 307 308 mutex_unlock(&rfcomm_dev_lock); 309 return dev; 310 311out: 312 mutex_unlock(&rfcomm_dev_lock); 313 kfree(dev); 314 return ERR_PTR(err); 315} 316 317static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 318{ 319 struct rfcomm_dev *dev; 320 struct device *tty; 321 322 BT_DBG("id %d channel %d", req->dev_id, req->channel); 323 324 dev = __rfcomm_dev_add(req, dlc); 325 if (IS_ERR(dev)) { 326 rfcomm_dlc_put(dlc); 327 return PTR_ERR(dev); 328 } 329 330 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, 331 dev->id, NULL); 332 if (IS_ERR(tty)) { 333 tty_port_put(&dev->port); 334 return PTR_ERR(tty); 335 } 336 337 dev->tty_dev = tty; 338 rfcomm_reparent_device(dev); 339 dev_set_drvdata(dev->tty_dev, dev); 340 341 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) 342 BT_ERR("Failed to create address attribute"); 343 344 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) 345 BT_ERR("Failed to create channel attribute"); 346 347 return dev->id; 348} 349 350/* ---- Send buffer ---- */ 351static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) 352{ 353 struct rfcomm_dlc *dlc = dev->dlc; 354 355 /* Limit the outstanding number of packets not yet sent to 40 */ 356 int pending = 40 - atomic_read(&dev->wmem_alloc); 357 358 return max(0, pending) * dlc->mtu; 359} 360 361static void rfcomm_wfree(struct sk_buff *skb) 362{ 363 struct rfcomm_dev *dev = (void *) skb->sk; 364 atomic_dec(&dev->wmem_alloc); 365 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) 366 tty_port_tty_wakeup(&dev->port); 367 tty_port_put(&dev->port); 368} 369 370static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) 371{ 372 tty_port_get(&dev->port); 373 atomic_inc(&dev->wmem_alloc); 374 skb->sk = (void *) dev; 375 skb->destructor = rfcomm_wfree; 376} 377 378static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) 379{ 380 struct sk_buff *skb = alloc_skb(size, priority); 381 if (skb) 382 rfcomm_set_owner_w(skb, dev); 383 return skb; 384} 385 386/* ---- Device IOCTLs ---- */ 387 388#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) 389 390static int __rfcomm_create_dev(struct sock *sk, void __user *arg) 391{ 392 struct rfcomm_dev_req req; 393 struct rfcomm_dlc *dlc; 394 int id; 395 396 if (copy_from_user(&req, arg, sizeof(req))) 397 return -EFAULT; 398 399 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); 400 401 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) 402 return -EPERM; 403 404 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 405 /* Socket must be connected */ 406 if (sk->sk_state != BT_CONNECTED) 407 return -EBADFD; 408 409 dlc = rfcomm_pi(sk)->dlc; 410 rfcomm_dlc_hold(dlc); 411 } else { 412 /* Validate the channel is unused */ 413 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); 414 if (IS_ERR(dlc)) 415 return PTR_ERR(dlc); 416 if (dlc) 417 return -EBUSY; 418 dlc = rfcomm_dlc_alloc(GFP_KERNEL); 419 if (!dlc) 420 return -ENOMEM; 421 } 422 423 id = rfcomm_dev_add(&req, dlc); 424 if (id < 0) 425 return id; 426 427 if (req.flags & (1 << RFCOMM_REUSE_DLC)) { 428 /* DLC is now used by device. 429 * Socket must be disconnected */ 430 sk->sk_state = BT_CLOSED; 431 } 432 433 return id; 434} 435 436static int __rfcomm_release_dev(void __user *arg) 437{ 438 struct rfcomm_dev_req req; 439 struct rfcomm_dev *dev; 440 struct tty_struct *tty; 441 442 if (copy_from_user(&req, arg, sizeof(req))) 443 return -EFAULT; 444 445 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); 446 447 dev = rfcomm_dev_get(req.dev_id); 448 if (!dev) 449 return -ENODEV; 450 451 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { 452 tty_port_put(&dev->port); 453 return -EPERM; 454 } 455 456 /* only release once */ 457 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { 458 tty_port_put(&dev->port); 459 return -EALREADY; 460 } 461 462 if (req.flags & (1 << RFCOMM_HANGUP_NOW)) 463 rfcomm_dlc_close(dev->dlc, 0); 464 465 /* Shut down TTY synchronously before freeing rfcomm_dev */ 466 tty = tty_port_tty_get(&dev->port); 467 if (tty) { 468 tty_vhangup(tty); 469 tty_kref_put(tty); 470 } 471 472 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) 473 tty_port_put(&dev->port); 474 475 tty_port_put(&dev->port); 476 return 0; 477} 478 479static int rfcomm_create_dev(struct sock *sk, void __user *arg) 480{ 481 int ret; 482 483 mutex_lock(&rfcomm_ioctl_mutex); 484 ret = __rfcomm_create_dev(sk, arg); 485 mutex_unlock(&rfcomm_ioctl_mutex); 486 487 return ret; 488} 489 490static int rfcomm_release_dev(void __user *arg) 491{ 492 int ret; 493 494 mutex_lock(&rfcomm_ioctl_mutex); 495 ret = __rfcomm_release_dev(arg); 496 mutex_unlock(&rfcomm_ioctl_mutex); 497 498 return ret; 499} 500 501static int rfcomm_get_dev_list(void __user *arg) 502{ 503 struct rfcomm_dev *dev; 504 struct rfcomm_dev_list_req *dl; 505 struct rfcomm_dev_info *di; 506 int n = 0, size, err; 507 u16 dev_num; 508 509 BT_DBG(""); 510 511 if (get_user(dev_num, (u16 __user *) arg)) 512 return -EFAULT; 513 514 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) 515 return -EINVAL; 516 517 size = sizeof(*dl) + dev_num * sizeof(*di); 518 519 dl = kzalloc(size, GFP_KERNEL); 520 if (!dl) 521 return -ENOMEM; 522 523 di = dl->dev_info; 524 525 mutex_lock(&rfcomm_dev_lock); 526 527 list_for_each_entry(dev, &rfcomm_dev_list, list) { 528 if (!tty_port_get(&dev->port)) 529 continue; 530 (di + n)->id = dev->id; 531 (di + n)->flags = dev->flags; 532 (di + n)->state = dev->dlc->state; 533 (di + n)->channel = dev->channel; 534 bacpy(&(di + n)->src, &dev->src); 535 bacpy(&(di + n)->dst, &dev->dst); 536 tty_port_put(&dev->port); 537 if (++n >= dev_num) 538 break; 539 } 540 541 mutex_unlock(&rfcomm_dev_lock); 542 543 dl->dev_num = n; 544 size = sizeof(*dl) + n * sizeof(*di); 545 546 err = copy_to_user(arg, dl, size); 547 kfree(dl); 548 549 return err ? -EFAULT : 0; 550} 551 552static int rfcomm_get_dev_info(void __user *arg) 553{ 554 struct rfcomm_dev *dev; 555 struct rfcomm_dev_info di; 556 int err = 0; 557 558 BT_DBG(""); 559 560 if (copy_from_user(&di, arg, sizeof(di))) 561 return -EFAULT; 562 563 dev = rfcomm_dev_get(di.id); 564 if (!dev) 565 return -ENODEV; 566 567 di.flags = dev->flags; 568 di.channel = dev->channel; 569 di.state = dev->dlc->state; 570 bacpy(&di.src, &dev->src); 571 bacpy(&di.dst, &dev->dst); 572 573 if (copy_to_user(arg, &di, sizeof(di))) 574 err = -EFAULT; 575 576 tty_port_put(&dev->port); 577 return err; 578} 579 580int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) 581{ 582 BT_DBG("cmd %d arg %p", cmd, arg); 583 584 switch (cmd) { 585 case RFCOMMCREATEDEV: 586 return rfcomm_create_dev(sk, arg); 587 588 case RFCOMMRELEASEDEV: 589 return rfcomm_release_dev(arg); 590 591 case RFCOMMGETDEVLIST: 592 return rfcomm_get_dev_list(arg); 593 594 case RFCOMMGETDEVINFO: 595 return rfcomm_get_dev_info(arg); 596 } 597 598 return -EINVAL; 599} 600 601/* ---- DLC callbacks ---- */ 602static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) 603{ 604 struct rfcomm_dev *dev = dlc->owner; 605 606 if (!dev) { 607 kfree_skb(skb); 608 return; 609 } 610 611 if (!skb_queue_empty(&dev->pending)) { 612 skb_queue_tail(&dev->pending, skb); 613 return; 614 } 615 616 BT_DBG("dlc %p len %d", dlc, skb->len); 617 618 tty_insert_flip_string(&dev->port, skb->data, skb->len); 619 tty_flip_buffer_push(&dev->port); 620 621 kfree_skb(skb); 622} 623 624static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 625{ 626 struct rfcomm_dev *dev = dlc->owner; 627 if (!dev) 628 return; 629 630 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 631 632 dev->err = err; 633 if (dlc->state == BT_CONNECTED) { 634 rfcomm_reparent_device(dev); 635 636 wake_up_interruptible(&dev->port.open_wait); 637 } else if (dlc->state == BT_CLOSED) 638 tty_port_tty_hangup(&dev->port, false); 639} 640 641static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) 642{ 643 struct rfcomm_dev *dev = dlc->owner; 644 if (!dev) 645 return; 646 647 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 648 649 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) 650 tty_port_tty_hangup(&dev->port, true); 651 652 dev->modem_status = 653 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 654 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | 655 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | 656 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); 657} 658 659/* ---- TTY functions ---- */ 660static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) 661{ 662 struct sk_buff *skb; 663 int inserted = 0; 664 665 BT_DBG("dev %p", dev); 666 667 rfcomm_dlc_lock(dev->dlc); 668 669 while ((skb = skb_dequeue(&dev->pending))) { 670 inserted += tty_insert_flip_string(&dev->port, skb->data, 671 skb->len); 672 kfree_skb(skb); 673 } 674 675 rfcomm_dlc_unlock(dev->dlc); 676 677 if (inserted > 0) 678 tty_flip_buffer_push(&dev->port); 679} 680 681/* do the reverse of install, clearing the tty fields and releasing the 682 * reference to tty_port 683 */ 684static void rfcomm_tty_cleanup(struct tty_struct *tty) 685{ 686 struct rfcomm_dev *dev = tty->driver_data; 687 688 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 689 690 rfcomm_dlc_lock(dev->dlc); 691 tty->driver_data = NULL; 692 rfcomm_dlc_unlock(dev->dlc); 693 694 /* 695 * purge the dlc->tx_queue to avoid circular dependencies 696 * between dev and dlc 697 */ 698 skb_queue_purge(&dev->dlc->tx_queue); 699 700 tty_port_put(&dev->port); 701} 702 703/* we acquire the tty_port reference since it's here the tty is first used 704 * by setting the termios. We also populate the driver_data field and install 705 * the tty port 706 */ 707static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) 708{ 709 struct rfcomm_dev *dev; 710 struct rfcomm_dlc *dlc; 711 int err; 712 713 dev = rfcomm_dev_get(tty->index); 714 if (!dev) 715 return -ENODEV; 716 717 dlc = dev->dlc; 718 719 /* Attach TTY and open DLC */ 720 rfcomm_dlc_lock(dlc); 721 tty->driver_data = dev; 722 rfcomm_dlc_unlock(dlc); 723 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 724 725 /* install the tty_port */ 726 err = tty_port_install(&dev->port, driver, tty); 727 if (err) { 728 rfcomm_tty_cleanup(tty); 729 return err; 730 } 731 732 /* take over the tty_port reference if the port was created with the 733 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port 734 * when the last process closes the tty. The behaviour is expected by 735 * userspace. 736 */ 737 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 738 set_bit(RFCOMM_TTY_OWNED, &dev->status); 739 tty_port_put(&dev->port); 740 } 741 742 return 0; 743} 744 745static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 746{ 747 struct rfcomm_dev *dev = tty->driver_data; 748 int err; 749 750 BT_DBG("tty %p id %d", tty, tty->index); 751 752 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 753 dev->channel, dev->port.count); 754 755 err = tty_port_open(&dev->port, tty, filp); 756 if (err) 757 return err; 758 759 /* 760 * FIXME: rfcomm should use proper flow control for 761 * received data. This hack will be unnecessary and can 762 * be removed when that's implemented 763 */ 764 rfcomm_tty_copy_pending(dev); 765 766 rfcomm_dlc_unthrottle(dev->dlc); 767 768 return 0; 769} 770 771static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 772{ 773 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 774 775 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 776 dev->port.count); 777 778 tty_port_close(&dev->port, tty, filp); 779} 780 781static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 782{ 783 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 784 struct rfcomm_dlc *dlc = dev->dlc; 785 struct sk_buff *skb; 786 int sent = 0, size; 787 788 BT_DBG("tty %p count %d", tty, count); 789 790 while (count) { 791 size = min_t(uint, count, dlc->mtu); 792 793 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); 794 if (!skb) 795 break; 796 797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); 798 799 skb_put_data(skb, buf + sent, size); 800 801 rfcomm_dlc_send_noerror(dlc, skb); 802 803 sent += size; 804 count -= size; 805 } 806 807 return sent; 808} 809 810static int rfcomm_tty_write_room(struct tty_struct *tty) 811{ 812 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 813 int room = 0; 814 815 if (dev && dev->dlc) 816 room = rfcomm_room(dev); 817 818 BT_DBG("tty %p room %d", tty, room); 819 820 return room; 821} 822 823static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) 824{ 825 BT_DBG("tty %p cmd 0x%02x", tty, cmd); 826 827 switch (cmd) { 828 case TCGETS: 829 BT_DBG("TCGETS is not supported"); 830 return -ENOIOCTLCMD; 831 832 case TCSETS: 833 BT_DBG("TCSETS is not supported"); 834 return -ENOIOCTLCMD; 835 836 case TIOCMIWAIT: 837 BT_DBG("TIOCMIWAIT"); 838 break; 839 840 case TIOCSERGETLSR: 841 BT_ERR("TIOCSERGETLSR is not supported"); 842 return -ENOIOCTLCMD; 843 844 case TIOCSERCONFIG: 845 BT_ERR("TIOCSERCONFIG is not supported"); 846 return -ENOIOCTLCMD; 847 848 default: 849 return -ENOIOCTLCMD; /* ioctls which we must ignore */ 850 851 } 852 853 return -ENOIOCTLCMD; 854} 855 856static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old) 857{ 858 struct ktermios *new = &tty->termios; 859 int old_baud_rate = tty_termios_baud_rate(old); 860 int new_baud_rate = tty_termios_baud_rate(new); 861 862 u8 baud, data_bits, stop_bits, parity, x_on, x_off; 863 u16 changes = 0; 864 865 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 866 867 BT_DBG("tty %p termios %p", tty, old); 868 869 if (!dev || !dev->dlc || !dev->dlc->session) 870 return; 871 872 /* Handle turning off CRTSCTS */ 873 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 874 BT_DBG("Turning off CRTSCTS unsupported"); 875 876 /* Parity on/off and when on, odd/even */ 877 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || 878 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { 879 changes |= RFCOMM_RPN_PM_PARITY; 880 BT_DBG("Parity change detected."); 881 } 882 883 /* Mark and space parity are not supported! */ 884 if (new->c_cflag & PARENB) { 885 if (new->c_cflag & PARODD) { 886 BT_DBG("Parity is ODD"); 887 parity = RFCOMM_RPN_PARITY_ODD; 888 } else { 889 BT_DBG("Parity is EVEN"); 890 parity = RFCOMM_RPN_PARITY_EVEN; 891 } 892 } else { 893 BT_DBG("Parity is OFF"); 894 parity = RFCOMM_RPN_PARITY_NONE; 895 } 896 897 /* Setting the x_on / x_off characters */ 898 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { 899 BT_DBG("XOFF custom"); 900 x_on = new->c_cc[VSTOP]; 901 changes |= RFCOMM_RPN_PM_XON; 902 } else { 903 BT_DBG("XOFF default"); 904 x_on = RFCOMM_RPN_XON_CHAR; 905 } 906 907 if (old->c_cc[VSTART] != new->c_cc[VSTART]) { 908 BT_DBG("XON custom"); 909 x_off = new->c_cc[VSTART]; 910 changes |= RFCOMM_RPN_PM_XOFF; 911 } else { 912 BT_DBG("XON default"); 913 x_off = RFCOMM_RPN_XOFF_CHAR; 914 } 915 916 /* Handle setting of stop bits */ 917 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) 918 changes |= RFCOMM_RPN_PM_STOP; 919 920 /* POSIX does not support 1.5 stop bits and RFCOMM does not 921 * support 2 stop bits. So a request for 2 stop bits gets 922 * translated to 1.5 stop bits */ 923 if (new->c_cflag & CSTOPB) 924 stop_bits = RFCOMM_RPN_STOP_15; 925 else 926 stop_bits = RFCOMM_RPN_STOP_1; 927 928 /* Handle number of data bits [5-8] */ 929 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 930 changes |= RFCOMM_RPN_PM_DATA; 931 932 switch (new->c_cflag & CSIZE) { 933 case CS5: 934 data_bits = RFCOMM_RPN_DATA_5; 935 break; 936 case CS6: 937 data_bits = RFCOMM_RPN_DATA_6; 938 break; 939 case CS7: 940 data_bits = RFCOMM_RPN_DATA_7; 941 break; 942 case CS8: 943 data_bits = RFCOMM_RPN_DATA_8; 944 break; 945 default: 946 data_bits = RFCOMM_RPN_DATA_8; 947 break; 948 } 949 950 /* Handle baudrate settings */ 951 if (old_baud_rate != new_baud_rate) 952 changes |= RFCOMM_RPN_PM_BITRATE; 953 954 switch (new_baud_rate) { 955 case 2400: 956 baud = RFCOMM_RPN_BR_2400; 957 break; 958 case 4800: 959 baud = RFCOMM_RPN_BR_4800; 960 break; 961 case 7200: 962 baud = RFCOMM_RPN_BR_7200; 963 break; 964 case 9600: 965 baud = RFCOMM_RPN_BR_9600; 966 break; 967 case 19200: 968 baud = RFCOMM_RPN_BR_19200; 969 break; 970 case 38400: 971 baud = RFCOMM_RPN_BR_38400; 972 break; 973 case 57600: 974 baud = RFCOMM_RPN_BR_57600; 975 break; 976 case 115200: 977 baud = RFCOMM_RPN_BR_115200; 978 break; 979 case 230400: 980 baud = RFCOMM_RPN_BR_230400; 981 break; 982 default: 983 /* 9600 is standard accordinag to the RFCOMM specification */ 984 baud = RFCOMM_RPN_BR_9600; 985 break; 986 987 } 988 989 if (changes) 990 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud, 991 data_bits, stop_bits, parity, 992 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes); 993} 994 995static void rfcomm_tty_throttle(struct tty_struct *tty) 996{ 997 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 998 999 BT_DBG("tty %p dev %p", tty, dev); 1000 1001 rfcomm_dlc_throttle(dev->dlc); 1002} 1003 1004static void rfcomm_tty_unthrottle(struct tty_struct *tty) 1005{ 1006 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1007 1008 BT_DBG("tty %p dev %p", tty, dev); 1009 1010 rfcomm_dlc_unthrottle(dev->dlc); 1011} 1012 1013static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 1014{ 1015 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1016 1017 BT_DBG("tty %p dev %p", tty, dev); 1018 1019 if (!dev || !dev->dlc) 1020 return 0; 1021 1022 if (!skb_queue_empty(&dev->dlc->tx_queue)) 1023 return dev->dlc->mtu; 1024 1025 return 0; 1026} 1027 1028static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 1029{ 1030 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1031 1032 BT_DBG("tty %p dev %p", tty, dev); 1033 1034 if (!dev || !dev->dlc) 1035 return; 1036 1037 skb_queue_purge(&dev->dlc->tx_queue); 1038 tty_wakeup(tty); 1039} 1040 1041static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1042{ 1043 BT_DBG("tty %p ch %c", tty, ch); 1044} 1045 1046static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) 1047{ 1048 BT_DBG("tty %p timeout %d", tty, timeout); 1049} 1050 1051static void rfcomm_tty_hangup(struct tty_struct *tty) 1052{ 1053 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1054 1055 BT_DBG("tty %p dev %p", tty, dev); 1056 1057 tty_port_hangup(&dev->port); 1058} 1059 1060static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1061{ 1062 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1063 1064 BT_DBG("tty %p dev %p", tty, dev); 1065 1066 return dev->modem_status; 1067} 1068 1069static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) 1070{ 1071 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 1072 struct rfcomm_dlc *dlc = dev->dlc; 1073 u8 v24_sig; 1074 1075 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear); 1076 1077 rfcomm_dlc_get_modem_status(dlc, &v24_sig); 1078 1079 if (set & TIOCM_DSR || set & TIOCM_DTR) 1080 v24_sig |= RFCOMM_V24_RTC; 1081 if (set & TIOCM_RTS || set & TIOCM_CTS) 1082 v24_sig |= RFCOMM_V24_RTR; 1083 if (set & TIOCM_RI) 1084 v24_sig |= RFCOMM_V24_IC; 1085 if (set & TIOCM_CD) 1086 v24_sig |= RFCOMM_V24_DV; 1087 1088 if (clear & TIOCM_DSR || clear & TIOCM_DTR) 1089 v24_sig &= ~RFCOMM_V24_RTC; 1090 if (clear & TIOCM_RTS || clear & TIOCM_CTS) 1091 v24_sig &= ~RFCOMM_V24_RTR; 1092 if (clear & TIOCM_RI) 1093 v24_sig &= ~RFCOMM_V24_IC; 1094 if (clear & TIOCM_CD) 1095 v24_sig &= ~RFCOMM_V24_DV; 1096 1097 rfcomm_dlc_set_modem_status(dlc, v24_sig); 1098 1099 return 0; 1100} 1101 1102/* ---- TTY structure ---- */ 1103 1104static const struct tty_operations rfcomm_ops = { 1105 .open = rfcomm_tty_open, 1106 .close = rfcomm_tty_close, 1107 .write = rfcomm_tty_write, 1108 .write_room = rfcomm_tty_write_room, 1109 .chars_in_buffer = rfcomm_tty_chars_in_buffer, 1110 .flush_buffer = rfcomm_tty_flush_buffer, 1111 .ioctl = rfcomm_tty_ioctl, 1112 .throttle = rfcomm_tty_throttle, 1113 .unthrottle = rfcomm_tty_unthrottle, 1114 .set_termios = rfcomm_tty_set_termios, 1115 .send_xchar = rfcomm_tty_send_xchar, 1116 .hangup = rfcomm_tty_hangup, 1117 .wait_until_sent = rfcomm_tty_wait_until_sent, 1118 .tiocmget = rfcomm_tty_tiocmget, 1119 .tiocmset = rfcomm_tty_tiocmset, 1120 .install = rfcomm_tty_install, 1121 .cleanup = rfcomm_tty_cleanup, 1122}; 1123 1124int __init rfcomm_init_ttys(void) 1125{ 1126 int error; 1127 1128 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS); 1129 if (!rfcomm_tty_driver) 1130 return -ENOMEM; 1131 1132 rfcomm_tty_driver->driver_name = "rfcomm"; 1133 rfcomm_tty_driver->name = "rfcomm"; 1134 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; 1135 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; 1136 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 1137 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1138 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1139 rfcomm_tty_driver->init_termios = tty_std_termios; 1140 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; 1141 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1142 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1143 1144 error = tty_register_driver(rfcomm_tty_driver); 1145 if (error) { 1146 BT_ERR("Can't register RFCOMM TTY driver"); 1147 put_tty_driver(rfcomm_tty_driver); 1148 return error; 1149 } 1150 1151 BT_INFO("RFCOMM TTY layer initialized"); 1152 1153 return 0; 1154} 1155 1156void rfcomm_cleanup_ttys(void) 1157{ 1158 tty_unregister_driver(rfcomm_tty_driver); 1159 put_tty_driver(rfcomm_tty_driver); 1160} 1161