LXR linux/net/bluetooth/rfcomm/tty.c

   1/*
   2   RFCOMM implementation for Linux Bluetooth stack (BlueZ).
   3   Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
   4   Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
   5
   6   This program is free software; you can redistribute it and/or modify
   7   it under the terms of the GNU General Public License version 2 as
   8   published by the Free Software Foundation;
   9
  10   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  11   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  12   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  13   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  14   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  15   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  16   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  17   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18
  19   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  20   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  21   SOFTWARE IS DISCLAIMED.
  22*/
  23
  24/*
  25 * RFCOMM TTY.
  26 */
  27
  28#include <linux/module.h>
  29
  30#include <linux/tty.h>
  31#include <linux/tty_driver.h>
  32#include <linux/tty_flip.h>
  33
  34#include <net/bluetooth/bluetooth.h>
  35#include <net/bluetooth/hci_core.h>
  36#include <net/bluetooth/rfcomm.h>
  37
  38#define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
  39#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
  40#define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
  41#define RFCOMM_TTY_MINOR 0
  42
  43static DEFINE_MUTEX(rfcomm_ioctl_mutex);
  44static struct tty_driver *rfcomm_tty_driver;
  45
  46struct rfcomm_dev {
  47        struct tty_port         port;
  48        struct list_head        list;
  49
  50        char                    name[12];
  51        int                     id;
  52        unsigned long           flags;
  53        int                     err;
  54
  55        unsigned long           status;         /* don't export to userspace */
  56
  57        bdaddr_t                src;
  58        bdaddr_t                dst;
  59        u8                      channel;
  60
  61        uint                    modem_status;
  62
  63        struct rfcomm_dlc       *dlc;
  64
  65        struct device           *tty_dev;
  66
  67        atomic_t                wmem_alloc;
  68
  69        struct sk_buff_head     pending;
  70};
  71
  72static LIST_HEAD(rfcomm_dev_list);
  73static DEFINE_MUTEX(rfcomm_dev_lock);
  74
  75static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
  76static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
  77static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
  78
  79/* ---- Device functions ---- */
  80
  81static void rfcomm_dev_destruct(struct tty_port *port)
  82{
  83        struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
  84        struct rfcomm_dlc *dlc = dev->dlc;
  85
  86        BT_DBG("dev %p dlc %p", dev, dlc);
  87
  88        rfcomm_dlc_lock(dlc);
  89        /* Detach DLC if it's owned by this dev */
  90        if (dlc->owner == dev)
  91                dlc->owner = NULL;
  92        rfcomm_dlc_unlock(dlc);
  93
  94        rfcomm_dlc_put(dlc);
  95
  96        if (dev->tty_dev)
  97                tty_unregister_device(rfcomm_tty_driver, dev->id);
  98
  99        mutex_lock(&rfcomm_dev_lock);
 100        list_del(&dev->list);
 101        mutex_unlock(&rfcomm_dev_lock);
 102
 103        kfree(dev);
 104
 105        /* It's safe to call module_put() here because socket still
 106           holds reference to this module. */
 107        module_put(THIS_MODULE);
 108}
 109
 110/* device-specific initialization: open the dlc */
 111static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
 112{
 113        struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
 114        int err;
 115
 116        err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
 117        if (err)
 118                set_bit(TTY_IO_ERROR, &tty->flags);
 119        return err;
 120}
 121
 122/* we block the open until the dlc->state becomes BT_CONNECTED */
 123static int rfcomm_dev_carrier_raised(struct tty_port *port)
 124{
 125        struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
 126
 127        return (dev->dlc->state == BT_CONNECTED);
 128}
 129
 130/* device-specific cleanup: close the dlc */
 131static void rfcomm_dev_shutdown(struct tty_port *port)
 132{
 133        struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
 134
 135        if (dev->tty_dev->parent)
 136                device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
 137
 138        /* close the dlc */
 139        rfcomm_dlc_close(dev->dlc, 0);
 140}
 141
 142static const struct tty_port_operations rfcomm_port_ops = {
 143        .destruct = rfcomm_dev_destruct,
 144        .activate = rfcomm_dev_activate,
 145        .shutdown = rfcomm_dev_shutdown,
 146        .carrier_raised = rfcomm_dev_carrier_raised,
 147};
 148
 149static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
 150{
 151        struct rfcomm_dev *dev;
 152
 153        list_for_each_entry(dev, &rfcomm_dev_list, list)
 154                if (dev->id == id)
 155                        return dev;
 156
 157        return NULL;
 158}
 159
 160static struct rfcomm_dev *rfcomm_dev_get(int id)
 161{
 162        struct rfcomm_dev *dev;
 163
 164        mutex_lock(&rfcomm_dev_lock);
 165
 166        dev = __rfcomm_dev_lookup(id);
 167
 168        if (dev && !tty_port_get(&dev->port))
 169                dev = NULL;
 170
 171        mutex_unlock(&rfcomm_dev_lock);
 172
 173        return dev;
 174}
 175
 176static void rfcomm_reparent_device(struct rfcomm_dev *dev)
 177{
 178        struct hci_dev *hdev;
 179        struct hci_conn *conn;
 180
 181        hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
 182        if (!hdev)
 183                return;
 184
 185        /* The lookup results are unsafe to access without the
 186         * hci device lock (FIXME: why is this not documented?)
 187         */
 188        hci_dev_lock(hdev);
 189        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
 190
 191        /* Just because the acl link is in the hash table is no
 192         * guarantee the sysfs device has been added ...
 193         */
 194        if (conn && device_is_registered(&conn->dev))
 195                device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
 196
 197        hci_dev_unlock(hdev);
 198        hci_dev_put(hdev);
 199}
 200
 201static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
 202{
 203        struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
 204        return sprintf(buf, "%pMR\n", &dev->dst);
 205}
 206
 207static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
 208{
 209        struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
 210        return sprintf(buf, "%d\n", dev->channel);
 211}
 212
 213static DEVICE_ATTR(address, 0444, show_address, NULL);
 214static DEVICE_ATTR(channel, 0444, show_channel, NULL);
 215
 216static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
 217                                           struct rfcomm_dlc *dlc)
 218{
 219        struct rfcomm_dev *dev, *entry;
 220        struct list_head *head = &rfcomm_dev_list;
 221        int err = 0;
 222
 223        dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
 224        if (!dev)
 225                return ERR_PTR(-ENOMEM);
 226
 227        mutex_lock(&rfcomm_dev_lock);
 228
 229        if (req->dev_id < 0) {
 230                dev->id = 0;
 231
 232                list_for_each_entry(entry, &rfcomm_dev_list, list) {
 233                        if (entry->id != dev->id)
 234                                break;
 235
 236                        dev->id++;
 237                        head = &entry->list;
 238                }
 239        } else {
 240                dev->id = req->dev_id;
 241
 242                list_for_each_entry(entry, &rfcomm_dev_list, list) {
 243                        if (entry->id == dev->id) {
 244                                err = -EADDRINUSE;
 245                                goto out;
 246                        }
 247
 248                        if (entry->id > dev->id - 1)
 249                                break;
 250
 251                        head = &entry->list;
 252                }
 253        }
 254
 255        if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
 256                err = -ENFILE;
 257                goto out;
 258        }
 259
 260        sprintf(dev->name, "rfcomm%d", dev->id);
 261
 262        list_add(&dev->list, head);
 263
 264        bacpy(&dev->src, &req->src);
 265        bacpy(&dev->dst, &req->dst);
 266        dev->channel = req->channel;
 267
 268        dev->flags = req->flags &
 269                ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
 270
 271        tty_port_init(&dev->port);
 272        dev->port.ops = &rfcomm_port_ops;
 273
 274        skb_queue_head_init(&dev->pending);
 275
 276        rfcomm_dlc_lock(dlc);
 277
 278        if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
 279                struct sock *sk = dlc->owner;
 280                struct sk_buff *skb;
 281
 282                BUG_ON(!sk);
 283
 284                rfcomm_dlc_throttle(dlc);
 285
 286                while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
 287                        skb_orphan(skb);
 288                        skb_queue_tail(&dev->pending, skb);
 289                        atomic_sub(skb->len, &sk->sk_rmem_alloc);
 290                }
 291        }
 292
 293        dlc->data_ready   = rfcomm_dev_data_ready;
 294        dlc->state_change = rfcomm_dev_state_change;
 295        dlc->modem_status = rfcomm_dev_modem_status;
 296
 297        dlc->owner = dev;
 298        dev->dlc   = dlc;
 299
 300        rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
 301
 302        rfcomm_dlc_unlock(dlc);
 303
 304        /* It's safe to call __module_get() here because socket already
 305           holds reference to this module. */
 306        __module_get(THIS_MODULE);
 307
 308        mutex_unlock(&rfcomm_dev_lock);
 309        return dev;
 310
 311out:
 312        mutex_unlock(&rfcomm_dev_lock);
 313        kfree(dev);
 314        return ERR_PTR(err);
 315}
 316
 317static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
 318{
 319        struct rfcomm_dev *dev;
 320        struct device *tty;
 321
 322        BT_DBG("id %d channel %d", req->dev_id, req->channel);
 323
 324        dev = __rfcomm_dev_add(req, dlc);
 325        if (IS_ERR(dev)) {
 326                rfcomm_dlc_put(dlc);
 327                return PTR_ERR(dev);
 328        }
 329
 330        tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
 331                        dev->id, NULL);
 332        if (IS_ERR(tty)) {
 333                tty_port_put(&dev->port);
 334                return PTR_ERR(tty);
 335        }
 336
 337        dev->tty_dev = tty;
 338        rfcomm_reparent_device(dev);
 339        dev_set_drvdata(dev->tty_dev, dev);
 340
 341        if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
 342                BT_ERR("Failed to create address attribute");
 343
 344        if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
 345                BT_ERR("Failed to create channel attribute");
 346
 347        return dev->id;
 348}
 349
 350/* ---- Send buffer ---- */
 351static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
 352{
 353        struct rfcomm_dlc *dlc = dev->dlc;
 354
 355        /* Limit the outstanding number of packets not yet sent to 40 */
 356        int pending = 40 - atomic_read(&dev->wmem_alloc);
 357
 358        return max(0, pending) * dlc->mtu;
 359}
 360
 361static void rfcomm_wfree(struct sk_buff *skb)
 362{
 363        struct rfcomm_dev *dev = (void *) skb->sk;
 364        atomic_dec(&dev->wmem_alloc);
 365        if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
 366                tty_port_tty_wakeup(&dev->port);
 367        tty_port_put(&dev->port);
 368}
 369
 370static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
 371{
 372        tty_port_get(&dev->port);
 373        atomic_inc(&dev->wmem_alloc);
 374        skb->sk = (void *) dev;
 375        skb->destructor = rfcomm_wfree;
 376}
 377
 378static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
 379{
 380        struct sk_buff *skb = alloc_skb(size, priority);
 381        if (skb)
 382                rfcomm_set_owner_w(skb, dev);
 383        return skb;
 384}
 385
 386/* ---- Device IOCTLs ---- */
 387
 388#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
 389
 390static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
 391{
 392        struct rfcomm_dev_req req;
 393        struct rfcomm_dlc *dlc;
 394        int id;
 395
 396        if (copy_from_user(&req, arg, sizeof(req)))
 397                return -EFAULT;
 398
 399        BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
 400
 401        if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
 402                return -EPERM;
 403
 404        if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 405                /* Socket must be connected */
 406                if (sk->sk_state != BT_CONNECTED)
 407                        return -EBADFD;
 408
 409                dlc = rfcomm_pi(sk)->dlc;
 410                rfcomm_dlc_hold(dlc);
 411        } else {
 412                /* Validate the channel is unused */
 413                dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
 414                if (IS_ERR(dlc))
 415                        return PTR_ERR(dlc);
 416                if (dlc)
 417                        return -EBUSY;
 418                dlc = rfcomm_dlc_alloc(GFP_KERNEL);
 419                if (!dlc)
 420                        return -ENOMEM;
 421        }
 422
 423        id = rfcomm_dev_add(&req, dlc);
 424        if (id < 0)
 425                return id;
 426
 427        if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 428                /* DLC is now used by device.
 429                 * Socket must be disconnected */
 430                sk->sk_state = BT_CLOSED;
 431        }
 432
 433        return id;
 434}
 435
 436static int __rfcomm_release_dev(void __user *arg)
 437{
 438        struct rfcomm_dev_req req;
 439        struct rfcomm_dev *dev;
 440        struct tty_struct *tty;
 441
 442        if (copy_from_user(&req, arg, sizeof(req)))
 443                return -EFAULT;
 444
 445        BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
 446
 447        dev = rfcomm_dev_get(req.dev_id);
 448        if (!dev)
 449                return -ENODEV;
 450
 451        if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
 452                tty_port_put(&dev->port);
 453                return -EPERM;
 454        }
 455
 456        /* only release once */
 457        if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
 458                tty_port_put(&dev->port);
 459                return -EALREADY;
 460        }
 461
 462        if (req.flags & (1 << RFCOMM_HANGUP_NOW))
 463                rfcomm_dlc_close(dev->dlc, 0);
 464
 465        /* Shut down TTY synchronously before freeing rfcomm_dev */
 466        tty = tty_port_tty_get(&dev->port);
 467        if (tty) {
 468                tty_vhangup(tty);
 469                tty_kref_put(tty);
 470        }
 471
 472        if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
 473                tty_port_put(&dev->port);
 474
 475        tty_port_put(&dev->port);
 476        return 0;
 477}
 478
 479static int rfcomm_create_dev(struct sock *sk, void __user *arg)
 480{
 481        int ret;
 482
 483        mutex_lock(&rfcomm_ioctl_mutex);
 484        ret = __rfcomm_create_dev(sk, arg);
 485        mutex_unlock(&rfcomm_ioctl_mutex);
 486
 487        return ret;
 488}
 489
 490static int rfcomm_release_dev(void __user *arg)
 491{
 492        int ret;
 493
 494        mutex_lock(&rfcomm_ioctl_mutex);
 495        ret = __rfcomm_release_dev(arg);
 496        mutex_unlock(&rfcomm_ioctl_mutex);
 497
 498        return ret;
 499}
 500
 501static int rfcomm_get_dev_list(void __user *arg)
 502{
 503        struct rfcomm_dev *dev;
 504        struct rfcomm_dev_list_req *dl;
 505        struct rfcomm_dev_info *di;
 506        int n = 0, size, err;
 507        u16 dev_num;
 508
 509        BT_DBG("");
 510
 511        if (get_user(dev_num, (u16 __user *) arg))
 512                return -EFAULT;
 513
 514        if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
 515                return -EINVAL;
 516
 517        size = sizeof(*dl) + dev_num * sizeof(*di);
 518
 519        dl = kzalloc(size, GFP_KERNEL);
 520        if (!dl)
 521                return -ENOMEM;
 522
 523        di = dl->dev_info;
 524
 525        mutex_lock(&rfcomm_dev_lock);
 526
 527        list_for_each_entry(dev, &rfcomm_dev_list, list) {
 528                if (!tty_port_get(&dev->port))
 529                        continue;
 530                (di + n)->id      = dev->id;
 531                (di + n)->flags   = dev->flags;
 532                (di + n)->state   = dev->dlc->state;
 533                (di + n)->channel = dev->channel;
 534                bacpy(&(di + n)->src, &dev->src);
 535                bacpy(&(di + n)->dst, &dev->dst);
 536                tty_port_put(&dev->port);
 537                if (++n >= dev_num)
 538                        break;
 539        }
 540
 541        mutex_unlock(&rfcomm_dev_lock);
 542
 543        dl->dev_num = n;
 544        size = sizeof(*dl) + n * sizeof(*di);
 545
 546        err = copy_to_user(arg, dl, size);
 547        kfree(dl);
 548
 549        return err ? -EFAULT : 0;
 550}
 551
 552static int rfcomm_get_dev_info(void __user *arg)
 553{
 554        struct rfcomm_dev *dev;
 555        struct rfcomm_dev_info di;
 556        int err = 0;
 557
 558        BT_DBG("");
 559
 560        if (copy_from_user(&di, arg, sizeof(di)))
 561                return -EFAULT;
 562
 563        dev = rfcomm_dev_get(di.id);
 564        if (!dev)
 565                return -ENODEV;
 566
 567        di.flags   = dev->flags;
 568        di.channel = dev->channel;
 569        di.state   = dev->dlc->state;
 570        bacpy(&di.src, &dev->src);
 571        bacpy(&di.dst, &dev->dst);
 572
 573        if (copy_to_user(arg, &di, sizeof(di)))
 574                err = -EFAULT;
 575
 576        tty_port_put(&dev->port);
 577        return err;
 578}
 579
 580int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
 581{
 582        BT_DBG("cmd %d arg %p", cmd, arg);
 583
 584        switch (cmd) {
 585        case RFCOMMCREATEDEV:
 586                return rfcomm_create_dev(sk, arg);
 587
 588        case RFCOMMRELEASEDEV:
 589                return rfcomm_release_dev(arg);
 590
 591        case RFCOMMGETDEVLIST:
 592                return rfcomm_get_dev_list(arg);
 593
 594        case RFCOMMGETDEVINFO:
 595                return rfcomm_get_dev_info(arg);
 596        }
 597
 598        return -EINVAL;
 599}
 600
 601/* ---- DLC callbacks ---- */
 602static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
 603{
 604        struct rfcomm_dev *dev = dlc->owner;
 605
 606        if (!dev) {
 607                kfree_skb(skb);
 608                return;
 609        }
 610
 611        if (!skb_queue_empty(&dev->pending)) {
 612                skb_queue_tail(&dev->pending, skb);
 613                return;
 614        }
 615
 616        BT_DBG("dlc %p len %d", dlc, skb->len);
 617
 618        tty_insert_flip_string(&dev->port, skb->data, skb->len);
 619        tty_flip_buffer_push(&dev->port);
 620
 621        kfree_skb(skb);
 622}
 623
 624static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
 625{
 626        struct rfcomm_dev *dev = dlc->owner;
 627        if (!dev)
 628                return;
 629
 630        BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
 631
 632        dev->err = err;
 633        if (dlc->state == BT_CONNECTED) {
 634                rfcomm_reparent_device(dev);
 635
 636                wake_up_interruptible(&dev->port.open_wait);
 637        } else if (dlc->state == BT_CLOSED)
 638                tty_port_tty_hangup(&dev->port, false);
 639}
 640
 641static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
 642{
 643        struct rfcomm_dev *dev = dlc->owner;
 644        if (!dev)
 645                return;
 646
 647        BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
 648
 649        if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
 650                tty_port_tty_hangup(&dev->port, true);
 651
 652        dev->modem_status =
 653                ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
 654                ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
 655                ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
 656                ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
 657}
 658
 659/* ---- TTY functions ---- */
 660static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
 661{
 662        struct sk_buff *skb;
 663        int inserted = 0;
 664
 665        BT_DBG("dev %p", dev);
 666
 667        rfcomm_dlc_lock(dev->dlc);
 668
 669        while ((skb = skb_dequeue(&dev->pending))) {
 670                inserted += tty_insert_flip_string(&dev->port, skb->data,
 671                                skb->len);
 672                kfree_skb(skb);
 673        }
 674
 675        rfcomm_dlc_unlock(dev->dlc);
 676
 677        if (inserted > 0)
 678                tty_flip_buffer_push(&dev->port);
 679}
 680
 681/* do the reverse of install, clearing the tty fields and releasing the
 682 * reference to tty_port
 683 */
 684static void rfcomm_tty_cleanup(struct tty_struct *tty)
 685{
 686        struct rfcomm_dev *dev = tty->driver_data;
 687
 688        clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 689
 690        rfcomm_dlc_lock(dev->dlc);
 691        tty->driver_data = NULL;
 692        rfcomm_dlc_unlock(dev->dlc);
 693
 694        /*
 695         * purge the dlc->tx_queue to avoid circular dependencies
 696         * between dev and dlc
 697         */
 698        skb_queue_purge(&dev->dlc->tx_queue);
 699
 700        tty_port_put(&dev->port);
 701}
 702
 703/* we acquire the tty_port reference since it's here the tty is first used
 704 * by setting the termios. We also populate the driver_data field and install
 705 * the tty port
 706 */
 707static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
 708{
 709        struct rfcomm_dev *dev;
 710        struct rfcomm_dlc *dlc;
 711        int err;
 712
 713        dev = rfcomm_dev_get(tty->index);
 714        if (!dev)
 715                return -ENODEV;
 716
 717        dlc = dev->dlc;
 718
 719        /* Attach TTY and open DLC */
 720        rfcomm_dlc_lock(dlc);
 721        tty->driver_data = dev;
 722        rfcomm_dlc_unlock(dlc);
 723        set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 724
 725        /* install the tty_port */
 726        err = tty_port_install(&dev->port, driver, tty);
 727        if (err) {
 728                rfcomm_tty_cleanup(tty);
 729                return err;
 730        }
 731
 732        /* take over the tty_port reference if the port was created with the
 733         * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
 734         * when the last process closes the tty. The behaviour is expected by
 735         * userspace.
 736         */
 737        if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
 738                set_bit(RFCOMM_TTY_OWNED, &dev->status);
 739                tty_port_put(&dev->port);
 740        }
 741
 742        return 0;
 743}
 744
 745static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
 746{
 747        struct rfcomm_dev *dev = tty->driver_data;
 748        int err;
 749
 750        BT_DBG("tty %p id %d", tty, tty->index);
 751
 752        BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
 753               dev->channel, dev->port.count);
 754
 755        err = tty_port_open(&dev->port, tty, filp);
 756        if (err)
 757                return err;
 758
 759        /*
 760         * FIXME: rfcomm should use proper flow control for
 761         * received data. This hack will be unnecessary and can
 762         * be removed when that's implemented
 763         */
 764        rfcomm_tty_copy_pending(dev);
 765
 766        rfcomm_dlc_unthrottle(dev->dlc);
 767
 768        return 0;
 769}
 770
 771static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
 772{
 773        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 774
 775        BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
 776                                                dev->port.count);
 777
 778        tty_port_close(&dev->port, tty, filp);
 779}
 780
 781static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
 782{
 783        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 784        struct rfcomm_dlc *dlc = dev->dlc;
 785        struct sk_buff *skb;
 786        int sent = 0, size;
 787
 788        BT_DBG("tty %p count %d", tty, count);
 789
 790        while (count) {
 791                size = min_t(uint, count, dlc->mtu);
 792
 793                skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
 794                if (!skb)
 795                        break;
 796
 797                skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 798
 799                skb_put_data(skb, buf + sent, size);
 800
 801                rfcomm_dlc_send_noerror(dlc, skb);
 802
 803                sent  += size;
 804                count -= size;
 805        }
 806
 807        return sent;
 808}
 809
 810static int rfcomm_tty_write_room(struct tty_struct *tty)
 811{
 812        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 813        int room = 0;
 814
 815        if (dev && dev->dlc)
 816                room = rfcomm_room(dev);
 817
 818        BT_DBG("tty %p room %d", tty, room);
 819
 820        return room;
 821}
 822
 823static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
 824{
 825        BT_DBG("tty %p cmd 0x%02x", tty, cmd);
 826
 827        switch (cmd) {
 828        case TCGETS:
 829                BT_DBG("TCGETS is not supported");
 830                return -ENOIOCTLCMD;
 831
 832        case TCSETS:
 833                BT_DBG("TCSETS is not supported");
 834                return -ENOIOCTLCMD;
 835
 836        case TIOCMIWAIT:
 837                BT_DBG("TIOCMIWAIT");
 838                break;
 839
 840        case TIOCSERGETLSR:
 841                BT_ERR("TIOCSERGETLSR is not supported");
 842                return -ENOIOCTLCMD;
 843
 844        case TIOCSERCONFIG:
 845                BT_ERR("TIOCSERCONFIG is not supported");
 846                return -ENOIOCTLCMD;
 847
 848        default:
 849                return -ENOIOCTLCMD;    /* ioctls which we must ignore */
 850
 851        }
 852
 853        return -ENOIOCTLCMD;
 854}
 855
 856static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
 857{
 858        struct ktermios *new = &tty->termios;
 859        int old_baud_rate = tty_termios_baud_rate(old);
 860        int new_baud_rate = tty_termios_baud_rate(new);
 861
 862        u8 baud, data_bits, stop_bits, parity, x_on, x_off;
 863        u16 changes = 0;
 864
 865        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 866
 867        BT_DBG("tty %p termios %p", tty, old);
 868
 869        if (!dev || !dev->dlc || !dev->dlc->session)
 870                return;
 871
 872        /* Handle turning off CRTSCTS */
 873        if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
 874                BT_DBG("Turning off CRTSCTS unsupported");
 875
 876        /* Parity on/off and when on, odd/even */
 877        if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
 878                        ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
 879                changes |= RFCOMM_RPN_PM_PARITY;
 880                BT_DBG("Parity change detected.");
 881        }
 882
 883        /* Mark and space parity are not supported! */
 884        if (new->c_cflag & PARENB) {
 885                if (new->c_cflag & PARODD) {
 886                        BT_DBG("Parity is ODD");
 887                        parity = RFCOMM_RPN_PARITY_ODD;
 888                } else {
 889                        BT_DBG("Parity is EVEN");
 890                        parity = RFCOMM_RPN_PARITY_EVEN;
 891                }
 892        } else {
 893                BT_DBG("Parity is OFF");
 894                parity = RFCOMM_RPN_PARITY_NONE;
 895        }
 896
 897        /* Setting the x_on / x_off characters */
 898        if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
 899                BT_DBG("XOFF custom");
 900                x_on = new->c_cc[VSTOP];
 901                changes |= RFCOMM_RPN_PM_XON;
 902        } else {
 903                BT_DBG("XOFF default");
 904                x_on = RFCOMM_RPN_XON_CHAR;
 905        }
 906
 907        if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
 908                BT_DBG("XON custom");
 909                x_off = new->c_cc[VSTART];
 910                changes |= RFCOMM_RPN_PM_XOFF;
 911        } else {
 912                BT_DBG("XON default");
 913                x_off = RFCOMM_RPN_XOFF_CHAR;
 914        }
 915
 916        /* Handle setting of stop bits */
 917        if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
 918                changes |= RFCOMM_RPN_PM_STOP;
 919
 920        /* POSIX does not support 1.5 stop bits and RFCOMM does not
 921         * support 2 stop bits. So a request for 2 stop bits gets
 922         * translated to 1.5 stop bits */
 923        if (new->c_cflag & CSTOPB)
 924                stop_bits = RFCOMM_RPN_STOP_15;
 925        else
 926                stop_bits = RFCOMM_RPN_STOP_1;
 927
 928        /* Handle number of data bits [5-8] */
 929        if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
 930                changes |= RFCOMM_RPN_PM_DATA;
 931
 932        switch (new->c_cflag & CSIZE) {
 933        case CS5:
 934                data_bits = RFCOMM_RPN_DATA_5;
 935                break;
 936        case CS6:
 937                data_bits = RFCOMM_RPN_DATA_6;
 938                break;
 939        case CS7:
 940                data_bits = RFCOMM_RPN_DATA_7;
 941                break;
 942        case CS8:
 943                data_bits = RFCOMM_RPN_DATA_8;
 944                break;
 945        default:
 946                data_bits = RFCOMM_RPN_DATA_8;
 947                break;
 948        }
 949
 950        /* Handle baudrate settings */
 951        if (old_baud_rate != new_baud_rate)
 952                changes |= RFCOMM_RPN_PM_BITRATE;
 953
 954        switch (new_baud_rate) {
 955        case 2400:
 956                baud = RFCOMM_RPN_BR_2400;
 957                break;
 958        case 4800:
 959                baud = RFCOMM_RPN_BR_4800;
 960                break;
 961        case 7200:
 962                baud = RFCOMM_RPN_BR_7200;
 963                break;
 964        case 9600:
 965                baud = RFCOMM_RPN_BR_9600;
 966                break;
 967        case 19200:
 968                baud = RFCOMM_RPN_BR_19200;
 969                break;
 970        case 38400:
 971                baud = RFCOMM_RPN_BR_38400;
 972                break;
 973        case 57600:
 974                baud = RFCOMM_RPN_BR_57600;
 975                break;
 976        case 115200:
 977                baud = RFCOMM_RPN_BR_115200;
 978                break;
 979        case 230400:
 980                baud = RFCOMM_RPN_BR_230400;
 981                break;
 982        default:
 983                /* 9600 is standard accordinag to the RFCOMM specification */
 984                baud = RFCOMM_RPN_BR_9600;
 985                break;
 986
 987        }
 988
 989        if (changes)
 990                rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
 991                                data_bits, stop_bits, parity,
 992                                RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
 993}
 994
 995static void rfcomm_tty_throttle(struct tty_struct *tty)
 996{
 997        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 998
 999        BT_DBG("tty %p dev %p", tty, dev);
1000

1001        rfcomm_dlc_throttle(dev->dlc);
1002}
1003
1004static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1005{
1006        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1007
1008        BT_DBG("tty %p dev %p", tty, dev);
1009
1010        rfcomm_dlc_unthrottle(dev->dlc);
1011}
1012
1013static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1014{
1015        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1016
1017        BT_DBG("tty %p dev %p", tty, dev);
1018
1019        if (!dev || !dev->dlc)
1020                return 0;
1021
1022        if (!skb_queue_empty(&dev->dlc->tx_queue))
1023                return dev->dlc->mtu;
1024
1025        return 0;
1026}
1027
1028static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1029{
1030        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1031
1032        BT_DBG("tty %p dev %p", tty, dev);
1033
1034        if (!dev || !dev->dlc)
1035                return;
1036
1037        skb_queue_purge(&dev->dlc->tx_queue);
1038        tty_wakeup(tty);
1039}
1040
1041static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1042{
1043        BT_DBG("tty %p ch %c", tty, ch);
1044}
1045
1046static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1047{
1048        BT_DBG("tty %p timeout %d", tty, timeout);
1049}
1050
1051static void rfcomm_tty_hangup(struct tty_struct *tty)
1052{
1053        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1054
1055        BT_DBG("tty %p dev %p", tty, dev);
1056
1057        tty_port_hangup(&dev->port);
1058}
1059
1060static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1061{
1062        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1063
1064        BT_DBG("tty %p dev %p", tty, dev);
1065
1066        return dev->modem_status;
1067}
1068
1069static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1070{
1071        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1072        struct rfcomm_dlc *dlc = dev->dlc;
1073        u8 v24_sig;
1074
1075        BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1076
1077        rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1078
1079        if (set & TIOCM_DSR || set & TIOCM_DTR)
1080                v24_sig |= RFCOMM_V24_RTC;
1081        if (set & TIOCM_RTS || set & TIOCM_CTS)
1082                v24_sig |= RFCOMM_V24_RTR;
1083        if (set & TIOCM_RI)
1084                v24_sig |= RFCOMM_V24_IC;
1085        if (set & TIOCM_CD)
1086                v24_sig |= RFCOMM_V24_DV;
1087
1088        if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1089                v24_sig &= ~RFCOMM_V24_RTC;
1090        if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1091                v24_sig &= ~RFCOMM_V24_RTR;
1092        if (clear & TIOCM_RI)
1093                v24_sig &= ~RFCOMM_V24_IC;
1094        if (clear & TIOCM_CD)
1095                v24_sig &= ~RFCOMM_V24_DV;
1096
1097        rfcomm_dlc_set_modem_status(dlc, v24_sig);
1098
1099        return 0;
1100}
1101
1102/* ---- TTY structure ---- */
1103
1104static const struct tty_operations rfcomm_ops = {
1105        .open                   = rfcomm_tty_open,
1106        .close                  = rfcomm_tty_close,
1107        .write                  = rfcomm_tty_write,
1108        .write_room             = rfcomm_tty_write_room,
1109        .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1110        .flush_buffer           = rfcomm_tty_flush_buffer,
1111        .ioctl                  = rfcomm_tty_ioctl,
1112        .throttle               = rfcomm_tty_throttle,
1113        .unthrottle             = rfcomm_tty_unthrottle,
1114        .set_termios            = rfcomm_tty_set_termios,
1115        .send_xchar             = rfcomm_tty_send_xchar,
1116        .hangup                 = rfcomm_tty_hangup,
1117        .wait_until_sent        = rfcomm_tty_wait_until_sent,
1118        .tiocmget               = rfcomm_tty_tiocmget,
1119        .tiocmset               = rfcomm_tty_tiocmset,
1120        .install                = rfcomm_tty_install,
1121        .cleanup                = rfcomm_tty_cleanup,
1122};
1123
1124int __init rfcomm_init_ttys(void)
1125{
1126        int error;
1127
1128        rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1129        if (!rfcomm_tty_driver)
1130                return -ENOMEM;
1131
1132        rfcomm_tty_driver->driver_name  = "rfcomm";
1133        rfcomm_tty_driver->name         = "rfcomm";
1134        rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1135        rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1136        rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1137        rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1138        rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1139        rfcomm_tty_driver->init_termios = tty_std_termios;
1140        rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1141        rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1142        tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1143
1144        error = tty_register_driver(rfcomm_tty_driver);
1145        if (error) {
1146                BT_ERR("Can't register RFCOMM TTY driver");
1147                put_tty_driver(rfcomm_tty_driver);
1148                return error;
1149        }
1150
1151        BT_INFO("RFCOMM TTY layer initialized");
1152
1153        return 0;
1154}
1155
1156void rfcomm_cleanup_ttys(void)
1157{
1158        tty_unregister_driver(rfcomm_tty_driver);
1159        put_tty_driver(rfcomm_tty_driver);
1160}
1161