bluetooth/rfcomm/tty.c

0001 /*
0002    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
0003    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
0004    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
0005
0006    This program is free software; you can redistribute it and/or modify
0007    it under the terms of the GNU General Public License version 2 as
0008    published by the Free Software Foundation;
0009
0010    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
0011    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
0012    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
0013    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
0014    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
0015    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
0016    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
0017    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0018
0019    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
0020    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
0021    SOFTWARE IS DISCLAIMED.
0022 */
0023
0024 /*
0025  * RFCOMM TTY.
0026  */
0027
0028 #include <linux/module.h>
0029
0030 #include <linux/tty.h>
0031 #include <linux/tty_driver.h>
0032 #include <linux/tty_flip.h>
0033
0034 #include <net/bluetooth/bluetooth.h>
0035 #include <net/bluetooth/hci_core.h>
0036 #include <net/bluetooth/rfcomm.h>
0037
0038 #define RFCOMM_TTY_MAGIC 0x6d02     /* magic number for rfcomm struct */
0039 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
0040 #define RFCOMM_TTY_MAJOR 216        /* device node major id of the usb/bluetooth.c driver */
0041 #define RFCOMM_TTY_MINOR 0
0042
0043 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
0044 static struct tty_driver *rfcomm_tty_driver;
0045
0046 struct rfcomm_dev {
0047     struct tty_port     port;
0048     struct list_head    list;
0049
0050     char            name[12];
0051     int         id;
0052     unsigned long       flags;
0053     int         err;
0054
0055     unsigned long       status;     /* don't export to userspace */
0056
0057     bdaddr_t        src;
0058     bdaddr_t        dst;
0059     u8          channel;
0060
0061     uint            modem_status;
0062
0063     struct rfcomm_dlc   *dlc;
0064
0065     struct device       *tty_dev;
0066
0067     atomic_t        wmem_alloc;
0068
0069     struct sk_buff_head pending;
0070 };
0071
0072 static LIST_HEAD(rfcomm_dev_list);
0073 static DEFINE_MUTEX(rfcomm_dev_lock);
0074
0075 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
0076 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
0077 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
0078
0079 /* ---- Device functions ---- */
0080
0081 static void rfcomm_dev_destruct(struct tty_port *port)
0082 {
0083     struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
0084     struct rfcomm_dlc *dlc = dev->dlc;
0085
0086     BT_DBG("dev %p dlc %p", dev, dlc);
0087
0088     rfcomm_dlc_lock(dlc);
0089     /* Detach DLC if it's owned by this dev */
0090     if (dlc->owner == dev)
0091         dlc->owner = NULL;
0092     rfcomm_dlc_unlock(dlc);
0093
0094     rfcomm_dlc_put(dlc);
0095
0096     if (dev->tty_dev)
0097         tty_unregister_device(rfcomm_tty_driver, dev->id);
0098
0099     mutex_lock(&rfcomm_dev_lock);
0100     list_del(&dev->list);
0101     mutex_unlock(&rfcomm_dev_lock);
0102
0103     kfree(dev);
0104
0105     /* It's safe to call module_put() here because socket still
0106        holds reference to this module. */
0107     module_put(THIS_MODULE);
0108 }
0109
0110 /* device-specific initialization: open the dlc */
0111 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
0112 {
0113     struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
0114     int err;
0115
0116     err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
0117     if (err)
0118         set_bit(TTY_IO_ERROR, &tty->flags);
0119     return err;
0120 }
0121
0122 /* we block the open until the dlc->state becomes BT_CONNECTED */
0123 static int rfcomm_dev_carrier_raised(struct tty_port *port)
0124 {
0125     struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
0126
0127     return (dev->dlc->state == BT_CONNECTED);
0128 }
0129
0130 /* device-specific cleanup: close the dlc */
0131 static void rfcomm_dev_shutdown(struct tty_port *port)
0132 {
0133     struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
0134
0135     if (dev->tty_dev->parent)
0136         device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
0137
0138     /* close the dlc */
0139     rfcomm_dlc_close(dev->dlc, 0);
0140 }
0141
0142 static const struct tty_port_operations rfcomm_port_ops = {
0143     .destruct = rfcomm_dev_destruct,
0144     .activate = rfcomm_dev_activate,
0145     .shutdown = rfcomm_dev_shutdown,
0146     .carrier_raised = rfcomm_dev_carrier_raised,
0147 };
0148
0149 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
0150 {
0151     struct rfcomm_dev *dev;
0152
0153     list_for_each_entry(dev, &rfcomm_dev_list, list)
0154         if (dev->id == id)
0155             return dev;
0156
0157     return NULL;
0158 }
0159
0160 static struct rfcomm_dev *rfcomm_dev_get(int id)
0161 {
0162     struct rfcomm_dev *dev;
0163
0164     mutex_lock(&rfcomm_dev_lock);
0165
0166     dev = __rfcomm_dev_lookup(id);
0167
0168     if (dev && !tty_port_get(&dev->port))
0169         dev = NULL;
0170
0171     mutex_unlock(&rfcomm_dev_lock);
0172
0173     return dev;
0174 }
0175
0176 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
0177 {
0178     struct hci_dev *hdev;
0179     struct hci_conn *conn;
0180
0181     hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
0182     if (!hdev)
0183         return;
0184
0185     /* The lookup results are unsafe to access without the
0186      * hci device lock (FIXME: why is this not documented?)
0187      */
0188     hci_dev_lock(hdev);
0189     conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
0190
0191     /* Just because the acl link is in the hash table is no
0192      * guarantee the sysfs device has been added ...
0193      */
0194     if (conn && device_is_registered(&conn->dev))
0195         device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
0196
0197     hci_dev_unlock(hdev);
0198     hci_dev_put(hdev);
0199 }
0200
0201 static ssize_t address_show(struct device *tty_dev,
0202                 struct device_attribute *attr, char *buf)
0203 {
0204     struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
0205     return sprintf(buf, "%pMR\n", &dev->dst);
0206 }
0207
0208 static ssize_t channel_show(struct device *tty_dev,
0209                 struct device_attribute *attr, char *buf)
0210 {
0211     struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
0212     return sprintf(buf, "%d\n", dev->channel);
0213 }
0214
0215 static DEVICE_ATTR_RO(address);
0216 static DEVICE_ATTR_RO(channel);
0217
0218 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
0219                        struct rfcomm_dlc *dlc)
0220 {
0221     struct rfcomm_dev *dev, *entry;
0222     struct list_head *head = &rfcomm_dev_list;
0223     int err = 0;
0224
0225     dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
0226     if (!dev)
0227         return ERR_PTR(-ENOMEM);
0228
0229     mutex_lock(&rfcomm_dev_lock);
0230
0231     if (req->dev_id < 0) {
0232         dev->id = 0;
0233
0234         list_for_each_entry(entry, &rfcomm_dev_list, list) {
0235             if (entry->id != dev->id)
0236                 break;
0237
0238             dev->id++;
0239             head = &entry->list;
0240         }
0241     } else {
0242         dev->id = req->dev_id;
0243
0244         list_for_each_entry(entry, &rfcomm_dev_list, list) {
0245             if (entry->id == dev->id) {
0246                 err = -EADDRINUSE;
0247                 goto out;
0248             }
0249
0250             if (entry->id > dev->id - 1)
0251                 break;
0252
0253             head = &entry->list;
0254         }
0255     }
0256
0257     if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
0258         err = -ENFILE;
0259         goto out;
0260     }
0261
0262     sprintf(dev->name, "rfcomm%d", dev->id);
0263
0264     list_add(&dev->list, head);
0265
0266     bacpy(&dev->src, &req->src);
0267     bacpy(&dev->dst, &req->dst);
0268     dev->channel = req->channel;
0269
0270     dev->flags = req->flags &
0271         ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
0272
0273     tty_port_init(&dev->port);
0274     dev->port.ops = &rfcomm_port_ops;
0275
0276     skb_queue_head_init(&dev->pending);
0277
0278     rfcomm_dlc_lock(dlc);
0279
0280     if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
0281         struct sock *sk = dlc->owner;
0282         struct sk_buff *skb;
0283
0284         BUG_ON(!sk);
0285
0286         rfcomm_dlc_throttle(dlc);
0287
0288         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
0289             skb_orphan(skb);
0290             skb_queue_tail(&dev->pending, skb);
0291             atomic_sub(skb->len, &sk->sk_rmem_alloc);
0292         }
0293     }
0294
0295     dlc->data_ready   = rfcomm_dev_data_ready;
0296     dlc->state_change = rfcomm_dev_state_change;
0297     dlc->modem_status = rfcomm_dev_modem_status;
0298
0299     dlc->owner = dev;
0300     dev->dlc   = dlc;
0301
0302     rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
0303
0304     rfcomm_dlc_unlock(dlc);
0305
0306     /* It's safe to call __module_get() here because socket already
0307        holds reference to this module. */
0308     __module_get(THIS_MODULE);
0309
0310     mutex_unlock(&rfcomm_dev_lock);
0311     return dev;
0312
0313 out:
0314     mutex_unlock(&rfcomm_dev_lock);
0315     kfree(dev);
0316     return ERR_PTR(err);
0317 }
0318
0319 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
0320 {
0321     struct rfcomm_dev *dev;
0322     struct device *tty;
0323
0324     BT_DBG("id %d channel %d", req->dev_id, req->channel);
0325
0326     dev = __rfcomm_dev_add(req, dlc);
0327     if (IS_ERR(dev)) {
0328         rfcomm_dlc_put(dlc);
0329         return PTR_ERR(dev);
0330     }
0331
0332     tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
0333             dev->id, NULL);
0334     if (IS_ERR(tty)) {
0335         tty_port_put(&dev->port);
0336         return PTR_ERR(tty);
0337     }
0338
0339     dev->tty_dev = tty;
0340     rfcomm_reparent_device(dev);
0341     dev_set_drvdata(dev->tty_dev, dev);
0342
0343     if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
0344         BT_ERR("Failed to create address attribute");
0345
0346     if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
0347         BT_ERR("Failed to create channel attribute");
0348
0349     return dev->id;
0350 }
0351
0352 /* ---- Send buffer ---- */
0353 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
0354 {
0355     struct rfcomm_dlc *dlc = dev->dlc;
0356
0357     /* Limit the outstanding number of packets not yet sent to 40 */
0358     int pending = 40 - atomic_read(&dev->wmem_alloc);
0359
0360     return max(0, pending) * dlc->mtu;
0361 }
0362
0363 static void rfcomm_wfree(struct sk_buff *skb)
0364 {
0365     struct rfcomm_dev *dev = (void *) skb->sk;
0366     atomic_dec(&dev->wmem_alloc);
0367     if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
0368         tty_port_tty_wakeup(&dev->port);
0369     tty_port_put(&dev->port);
0370 }
0371
0372 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
0373 {
0374     tty_port_get(&dev->port);
0375     atomic_inc(&dev->wmem_alloc);
0376     skb->sk = (void *) dev;
0377     skb->destructor = rfcomm_wfree;
0378 }
0379
0380 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
0381 {
0382     struct sk_buff *skb = alloc_skb(size, priority);
0383     if (skb)
0384         rfcomm_set_owner_w(skb, dev);
0385     return skb;
0386 }
0387
0388 /* ---- Device IOCTLs ---- */
0389
0390 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
0391
0392 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
0393 {
0394     struct rfcomm_dev_req req;
0395     struct rfcomm_dlc *dlc;
0396     int id;
0397
0398     if (copy_from_user(&req, arg, sizeof(req)))
0399         return -EFAULT;
0400
0401     BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
0402
0403     if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
0404         return -EPERM;
0405
0406     if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
0407         /* Socket must be connected */
0408         if (sk->sk_state != BT_CONNECTED)
0409             return -EBADFD;
0410
0411         dlc = rfcomm_pi(sk)->dlc;
0412         rfcomm_dlc_hold(dlc);
0413     } else {
0414         /* Validate the channel is unused */
0415         dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
0416         if (IS_ERR(dlc))
0417             return PTR_ERR(dlc);
0418         if (dlc)
0419             return -EBUSY;
0420         dlc = rfcomm_dlc_alloc(GFP_KERNEL);
0421         if (!dlc)
0422             return -ENOMEM;
0423     }
0424
0425     id = rfcomm_dev_add(&req, dlc);
0426     if (id < 0)
0427         return id;
0428
0429     if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
0430         /* DLC is now used by device.
0431          * Socket must be disconnected */
0432         sk->sk_state = BT_CLOSED;
0433     }
0434
0435     return id;
0436 }
0437
0438 static int __rfcomm_release_dev(void __user *arg)
0439 {
0440     struct rfcomm_dev_req req;
0441     struct rfcomm_dev *dev;
0442     struct tty_struct *tty;
0443
0444     if (copy_from_user(&req, arg, sizeof(req)))
0445         return -EFAULT;
0446
0447     BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
0448
0449     dev = rfcomm_dev_get(req.dev_id);
0450     if (!dev)
0451         return -ENODEV;
0452
0453     if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
0454         tty_port_put(&dev->port);
0455         return -EPERM;
0456     }
0457
0458     /* only release once */
0459     if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
0460         tty_port_put(&dev->port);
0461         return -EALREADY;
0462     }
0463
0464     if (req.flags & (1 << RFCOMM_HANGUP_NOW))
0465         rfcomm_dlc_close(dev->dlc, 0);
0466
0467     /* Shut down TTY synchronously before freeing rfcomm_dev */
0468     tty = tty_port_tty_get(&dev->port);
0469     if (tty) {
0470         tty_vhangup(tty);
0471         tty_kref_put(tty);
0472     }
0473
0474     if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
0475         tty_port_put(&dev->port);
0476
0477     tty_port_put(&dev->port);
0478     return 0;
0479 }
0480
0481 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
0482 {
0483     int ret;
0484
0485     mutex_lock(&rfcomm_ioctl_mutex);
0486     ret = __rfcomm_create_dev(sk, arg);
0487     mutex_unlock(&rfcomm_ioctl_mutex);
0488
0489     return ret;
0490 }
0491
0492 static int rfcomm_release_dev(void __user *arg)
0493 {
0494     int ret;
0495
0496     mutex_lock(&rfcomm_ioctl_mutex);
0497     ret = __rfcomm_release_dev(arg);
0498     mutex_unlock(&rfcomm_ioctl_mutex);
0499
0500     return ret;
0501 }
0502
0503 static int rfcomm_get_dev_list(void __user *arg)
0504 {
0505     struct rfcomm_dev *dev;
0506     struct rfcomm_dev_list_req *dl;
0507     struct rfcomm_dev_info *di;
0508     int n = 0, size, err;
0509     u16 dev_num;
0510
0511     BT_DBG("");
0512
0513     if (get_user(dev_num, (u16 __user *) arg))
0514         return -EFAULT;
0515
0516     if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
0517         return -EINVAL;
0518
0519     size = sizeof(*dl) + dev_num * sizeof(*di);
0520
0521     dl = kzalloc(size, GFP_KERNEL);
0522     if (!dl)
0523         return -ENOMEM;
0524
0525     di = dl->dev_info;
0526
0527     mutex_lock(&rfcomm_dev_lock);
0528
0529     list_for_each_entry(dev, &rfcomm_dev_list, list) {
0530         if (!tty_port_get(&dev->port))
0531             continue;
0532         (di + n)->id      = dev->id;
0533         (di + n)->flags   = dev->flags;
0534         (di + n)->state   = dev->dlc->state;
0535         (di + n)->channel = dev->channel;
0536         bacpy(&(di + n)->src, &dev->src);
0537         bacpy(&(di + n)->dst, &dev->dst);
0538         tty_port_put(&dev->port);
0539         if (++n >= dev_num)
0540             break;
0541     }
0542
0543     mutex_unlock(&rfcomm_dev_lock);
0544
0545     dl->dev_num = n;
0546     size = sizeof(*dl) + n * sizeof(*di);
0547
0548     err = copy_to_user(arg, dl, size);
0549     kfree(dl);
0550
0551     return err ? -EFAULT : 0;
0552 }
0553
0554 static int rfcomm_get_dev_info(void __user *arg)
0555 {
0556     struct rfcomm_dev *dev;
0557     struct rfcomm_dev_info di;
0558     int err = 0;
0559
0560     BT_DBG("");
0561
0562     if (copy_from_user(&di, arg, sizeof(di)))
0563         return -EFAULT;
0564
0565     dev = rfcomm_dev_get(di.id);
0566     if (!dev)
0567         return -ENODEV;
0568
0569     di.flags   = dev->flags;
0570     di.channel = dev->channel;
0571     di.state   = dev->dlc->state;
0572     bacpy(&di.src, &dev->src);
0573     bacpy(&di.dst, &dev->dst);
0574
0575     if (copy_to_user(arg, &di, sizeof(di)))
0576         err = -EFAULT;
0577
0578     tty_port_put(&dev->port);
0579     return err;
0580 }
0581
0582 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
0583 {
0584     BT_DBG("cmd %d arg %p", cmd, arg);
0585
0586     switch (cmd) {
0587     case RFCOMMCREATEDEV:
0588         return rfcomm_create_dev(sk, arg);
0589
0590     case RFCOMMRELEASEDEV:
0591         return rfcomm_release_dev(arg);
0592
0593     case RFCOMMGETDEVLIST:
0594         return rfcomm_get_dev_list(arg);
0595
0596     case RFCOMMGETDEVINFO:
0597         return rfcomm_get_dev_info(arg);
0598     }
0599
0600     return -EINVAL;
0601 }
0602
0603 /* ---- DLC callbacks ---- */
0604 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
0605 {
0606     struct rfcomm_dev *dev = dlc->owner;
0607
0608     if (!dev) {
0609         kfree_skb(skb);
0610         return;
0611     }
0612
0613     if (!skb_queue_empty(&dev->pending)) {
0614         skb_queue_tail(&dev->pending, skb);
0615         return;
0616     }
0617
0618     BT_DBG("dlc %p len %d", dlc, skb->len);
0619
0620     tty_insert_flip_string(&dev->port, skb->data, skb->len);
0621     tty_flip_buffer_push(&dev->port);
0622
0623     kfree_skb(skb);
0624 }
0625
0626 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
0627 {
0628     struct rfcomm_dev *dev = dlc->owner;
0629     if (!dev)
0630         return;
0631
0632     BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
0633
0634     dev->err = err;
0635     if (dlc->state == BT_CONNECTED) {
0636         rfcomm_reparent_device(dev);
0637
0638         wake_up_interruptible(&dev->port.open_wait);
0639     } else if (dlc->state == BT_CLOSED)
0640         tty_port_tty_hangup(&dev->port, false);
0641 }
0642
0643 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
0644 {
0645     struct rfcomm_dev *dev = dlc->owner;
0646     if (!dev)
0647         return;
0648
0649     BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
0650
0651     if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
0652         tty_port_tty_hangup(&dev->port, true);
0653
0654     dev->modem_status =
0655         ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
0656         ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
0657         ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
0658         ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
0659 }
0660
0661 /* ---- TTY functions ---- */
0662 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
0663 {
0664     struct sk_buff *skb;
0665     int inserted = 0;
0666
0667     BT_DBG("dev %p", dev);
0668
0669     rfcomm_dlc_lock(dev->dlc);
0670
0671     while ((skb = skb_dequeue(&dev->pending))) {
0672         inserted += tty_insert_flip_string(&dev->port, skb->data,
0673                 skb->len);
0674         kfree_skb(skb);
0675     }
0676
0677     rfcomm_dlc_unlock(dev->dlc);
0678
0679     if (inserted > 0)
0680         tty_flip_buffer_push(&dev->port);
0681 }
0682
0683 /* do the reverse of install, clearing the tty fields and releasing the
0684  * reference to tty_port
0685  */
0686 static void rfcomm_tty_cleanup(struct tty_struct *tty)
0687 {
0688     struct rfcomm_dev *dev = tty->driver_data;
0689
0690     clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
0691
0692     rfcomm_dlc_lock(dev->dlc);
0693     tty->driver_data = NULL;
0694     rfcomm_dlc_unlock(dev->dlc);
0695
0696     /*
0697      * purge the dlc->tx_queue to avoid circular dependencies
0698      * between dev and dlc
0699      */
0700     skb_queue_purge(&dev->dlc->tx_queue);
0701
0702     tty_port_put(&dev->port);
0703 }
0704
0705 /* we acquire the tty_port reference since it's here the tty is first used
0706  * by setting the termios. We also populate the driver_data field and install
0707  * the tty port
0708  */
0709 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
0710 {
0711     struct rfcomm_dev *dev;
0712     struct rfcomm_dlc *dlc;
0713     int err;
0714
0715     dev = rfcomm_dev_get(tty->index);
0716     if (!dev)
0717         return -ENODEV;
0718
0719     dlc = dev->dlc;
0720
0721     /* Attach TTY and open DLC */
0722     rfcomm_dlc_lock(dlc);
0723     tty->driver_data = dev;
0724     rfcomm_dlc_unlock(dlc);
0725     set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
0726
0727     /* install the tty_port */
0728     err = tty_port_install(&dev->port, driver, tty);
0729     if (err) {
0730         rfcomm_tty_cleanup(tty);
0731         return err;
0732     }
0733
0734     /* take over the tty_port reference if the port was created with the
0735      * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
0736      * when the last process closes the tty. The behaviour is expected by
0737      * userspace.
0738      */
0739     if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
0740         set_bit(RFCOMM_TTY_OWNED, &dev->status);
0741         tty_port_put(&dev->port);
0742     }
0743
0744     return 0;
0745 }
0746
0747 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
0748 {
0749     struct rfcomm_dev *dev = tty->driver_data;
0750     int err;
0751
0752     BT_DBG("tty %p id %d", tty, tty->index);
0753
0754     BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
0755            dev->channel, dev->port.count);
0756
0757     err = tty_port_open(&dev->port, tty, filp);
0758     if (err)
0759         return err;
0760
0761     /*
0762      * FIXME: rfcomm should use proper flow control for
0763      * received data. This hack will be unnecessary and can
0764      * be removed when that's implemented
0765      */
0766     rfcomm_tty_copy_pending(dev);
0767
0768     rfcomm_dlc_unthrottle(dev->dlc);
0769
0770     return 0;
0771 }
0772
0773 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
0774 {
0775     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
0776
0777     BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
0778                         dev->port.count);
0779
0780     tty_port_close(&dev->port, tty, filp);
0781 }
0782
0783 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
0784 {
0785     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
0786     struct rfcomm_dlc *dlc = dev->dlc;
0787     struct sk_buff *skb;
0788     int sent = 0, size;
0789
0790     BT_DBG("tty %p count %d", tty, count);
0791
0792     while (count) {
0793         size = min_t(uint, count, dlc->mtu);
0794
0795         skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
0796         if (!skb)
0797             break;
0798
0799         skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
0800
0801         skb_put_data(skb, buf + sent, size);
0802
0803         rfcomm_dlc_send_noerror(dlc, skb);
0804
0805         sent  += size;
0806         count -= size;
0807     }
0808
0809     return sent;
0810 }
0811
0812 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty)
0813 {
0814     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
0815     int room = 0;
0816
0817     if (dev && dev->dlc)
0818         room = rfcomm_room(dev);
0819
0820     BT_DBG("tty %p room %d", tty, room);
0821
0822     return room;
0823 }
0824
0825 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
0826 {
0827     BT_DBG("tty %p cmd 0x%02x", tty, cmd);
0828
0829     switch (cmd) {
0830     case TCGETS:
0831         BT_DBG("TCGETS is not supported");
0832         return -ENOIOCTLCMD;
0833
0834     case TCSETS:
0835         BT_DBG("TCSETS is not supported");
0836         return -ENOIOCTLCMD;
0837
0838     case TIOCMIWAIT:
0839         BT_DBG("TIOCMIWAIT");
0840         break;
0841
0842     case TIOCSERGETLSR:
0843         BT_ERR("TIOCSERGETLSR is not supported");
0844         return -ENOIOCTLCMD;
0845
0846     case TIOCSERCONFIG:
0847         BT_ERR("TIOCSERCONFIG is not supported");
0848         return -ENOIOCTLCMD;
0849
0850     default:
0851         return -ENOIOCTLCMD;    /* ioctls which we must ignore */
0852
0853     }
0854
0855     return -ENOIOCTLCMD;
0856 }
0857
0858 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
0859 {
0860     struct ktermios *new = &tty->termios;
0861     int old_baud_rate = tty_termios_baud_rate(old);
0862     int new_baud_rate = tty_termios_baud_rate(new);
0863
0864     u8 baud, data_bits, stop_bits, parity, x_on, x_off;
0865     u16 changes = 0;
0866
0867     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
0868
0869     BT_DBG("tty %p termios %p", tty, old);
0870
0871     if (!dev || !dev->dlc || !dev->dlc->session)
0872         return;
0873
0874     /* Handle turning off CRTSCTS */
0875     if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
0876         BT_DBG("Turning off CRTSCTS unsupported");
0877
0878     /* Parity on/off and when on, odd/even */
0879     if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
0880             ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
0881         changes |= RFCOMM_RPN_PM_PARITY;
0882         BT_DBG("Parity change detected.");
0883     }
0884
0885     /* Mark and space parity are not supported! */
0886     if (new->c_cflag & PARENB) {
0887         if (new->c_cflag & PARODD) {
0888             BT_DBG("Parity is ODD");
0889             parity = RFCOMM_RPN_PARITY_ODD;
0890         } else {
0891             BT_DBG("Parity is EVEN");
0892             parity = RFCOMM_RPN_PARITY_EVEN;
0893         }
0894     } else {
0895         BT_DBG("Parity is OFF");
0896         parity = RFCOMM_RPN_PARITY_NONE;
0897     }
0898
0899     /* Setting the x_on / x_off characters */
0900     if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
0901         BT_DBG("XOFF custom");
0902         x_on = new->c_cc[VSTOP];
0903         changes |= RFCOMM_RPN_PM_XON;
0904     } else {
0905         BT_DBG("XOFF default");
0906         x_on = RFCOMM_RPN_XON_CHAR;
0907     }
0908
0909     if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
0910         BT_DBG("XON custom");
0911         x_off = new->c_cc[VSTART];
0912         changes |= RFCOMM_RPN_PM_XOFF;
0913     } else {
0914         BT_DBG("XON default");
0915         x_off = RFCOMM_RPN_XOFF_CHAR;
0916     }
0917
0918     /* Handle setting of stop bits */
0919     if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
0920         changes |= RFCOMM_RPN_PM_STOP;
0921
0922     /* POSIX does not support 1.5 stop bits and RFCOMM does not
0923      * support 2 stop bits. So a request for 2 stop bits gets
0924      * translated to 1.5 stop bits */
0925     if (new->c_cflag & CSTOPB)
0926         stop_bits = RFCOMM_RPN_STOP_15;
0927     else
0928         stop_bits = RFCOMM_RPN_STOP_1;
0929
0930     /* Handle number of data bits [5-8] */
0931     if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
0932         changes |= RFCOMM_RPN_PM_DATA;
0933
0934     switch (new->c_cflag & CSIZE) {
0935     case CS5:
0936         data_bits = RFCOMM_RPN_DATA_5;
0937         break;
0938     case CS6:
0939         data_bits = RFCOMM_RPN_DATA_6;
0940         break;
0941     case CS7:
0942         data_bits = RFCOMM_RPN_DATA_7;
0943         break;
0944     case CS8:
0945         data_bits = RFCOMM_RPN_DATA_8;
0946         break;
0947     default:
0948         data_bits = RFCOMM_RPN_DATA_8;
0949         break;
0950     }
0951
0952     /* Handle baudrate settings */
0953     if (old_baud_rate != new_baud_rate)
0954         changes |= RFCOMM_RPN_PM_BITRATE;
0955
0956     switch (new_baud_rate) {
0957     case 2400:
0958         baud = RFCOMM_RPN_BR_2400;
0959         break;
0960     case 4800:
0961         baud = RFCOMM_RPN_BR_4800;
0962         break;
0963     case 7200:
0964         baud = RFCOMM_RPN_BR_7200;
0965         break;
0966     case 9600:
0967         baud = RFCOMM_RPN_BR_9600;
0968         break;
0969     case 19200:
0970         baud = RFCOMM_RPN_BR_19200;
0971         break;
0972     case 38400:
0973         baud = RFCOMM_RPN_BR_38400;
0974         break;
0975     case 57600:
0976         baud = RFCOMM_RPN_BR_57600;
0977         break;
0978     case 115200:
0979         baud = RFCOMM_RPN_BR_115200;
0980         break;
0981     case 230400:
0982         baud = RFCOMM_RPN_BR_230400;
0983         break;
0984     default:
0985         /* 9600 is standard accordinag to the RFCOMM specification */
0986         baud = RFCOMM_RPN_BR_9600;
0987         break;
0988
0989     }
0990
0991     if (changes)
0992         rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
0993                 data_bits, stop_bits, parity,
0994                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
0995 }
0996
0997 static void rfcomm_tty_throttle(struct tty_struct *tty)
0998 {
0999     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1000
1001     BT_DBG("tty %p dev %p", tty, dev);
1002
1003     rfcomm_dlc_throttle(dev->dlc);
1004 }
1005
1006 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1007 {
1008     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1009
1010     BT_DBG("tty %p dev %p", tty, dev);
1011
1012     rfcomm_dlc_unthrottle(dev->dlc);
1013 }
1014
1015 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1016 {
1017     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019     BT_DBG("tty %p dev %p", tty, dev);
1020
1021     if (!dev || !dev->dlc)
1022         return 0;
1023
1024     if (!skb_queue_empty(&dev->dlc->tx_queue))
1025         return dev->dlc->mtu;
1026
1027     return 0;
1028 }
1029
1030 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1031 {
1032     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1033
1034     BT_DBG("tty %p dev %p", tty, dev);
1035
1036     if (!dev || !dev->dlc)
1037         return;
1038
1039     skb_queue_purge(&dev->dlc->tx_queue);
1040     tty_wakeup(tty);
1041 }
1042
1043 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1044 {
1045     BT_DBG("tty %p ch %c", tty, ch);
1046 }
1047
1048 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1049 {
1050     BT_DBG("tty %p timeout %d", tty, timeout);
1051 }
1052
1053 static void rfcomm_tty_hangup(struct tty_struct *tty)
1054 {
1055     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1056
1057     BT_DBG("tty %p dev %p", tty, dev);
1058
1059     tty_port_hangup(&dev->port);
1060 }
1061
1062 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1063 {
1064     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1065
1066     BT_DBG("tty %p dev %p", tty, dev);
1067
1068     return dev->modem_status;
1069 }
1070
1071 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1072 {
1073     struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1074     struct rfcomm_dlc *dlc = dev->dlc;
1075     u8 v24_sig;
1076
1077     BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1078
1079     rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1080
1081     if (set & TIOCM_DSR || set & TIOCM_DTR)
1082         v24_sig |= RFCOMM_V24_RTC;
1083     if (set & TIOCM_RTS || set & TIOCM_CTS)
1084         v24_sig |= RFCOMM_V24_RTR;
1085     if (set & TIOCM_RI)
1086         v24_sig |= RFCOMM_V24_IC;
1087     if (set & TIOCM_CD)
1088         v24_sig |= RFCOMM_V24_DV;
1089
1090     if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1091         v24_sig &= ~RFCOMM_V24_RTC;
1092     if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1093         v24_sig &= ~RFCOMM_V24_RTR;
1094     if (clear & TIOCM_RI)
1095         v24_sig &= ~RFCOMM_V24_IC;
1096     if (clear & TIOCM_CD)
1097         v24_sig &= ~RFCOMM_V24_DV;
1098
1099     rfcomm_dlc_set_modem_status(dlc, v24_sig);
1100
1101     return 0;
1102 }
1103
1104 /* ---- TTY structure ---- */
1105
1106 static const struct tty_operations rfcomm_ops = {
1107     .open           = rfcomm_tty_open,
1108     .close          = rfcomm_tty_close,
1109     .write          = rfcomm_tty_write,
1110     .write_room     = rfcomm_tty_write_room,
1111     .chars_in_buffer    = rfcomm_tty_chars_in_buffer,
1112     .flush_buffer       = rfcomm_tty_flush_buffer,
1113     .ioctl          = rfcomm_tty_ioctl,
1114     .throttle       = rfcomm_tty_throttle,
1115     .unthrottle     = rfcomm_tty_unthrottle,
1116     .set_termios        = rfcomm_tty_set_termios,
1117     .send_xchar     = rfcomm_tty_send_xchar,
1118     .hangup         = rfcomm_tty_hangup,
1119     .wait_until_sent    = rfcomm_tty_wait_until_sent,
1120     .tiocmget       = rfcomm_tty_tiocmget,
1121     .tiocmset       = rfcomm_tty_tiocmset,
1122     .install                = rfcomm_tty_install,
1123     .cleanup                = rfcomm_tty_cleanup,
1124 };
1125
1126 int __init rfcomm_init_ttys(void)
1127 {
1128     int error;
1129
1130     rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS,
1131             TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV);
1132     if (IS_ERR(rfcomm_tty_driver))
1133         return PTR_ERR(rfcomm_tty_driver);
1134
1135     rfcomm_tty_driver->driver_name  = "rfcomm";
1136     rfcomm_tty_driver->name     = "rfcomm";
1137     rfcomm_tty_driver->major    = RFCOMM_TTY_MAJOR;
1138     rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1139     rfcomm_tty_driver->type     = TTY_DRIVER_TYPE_SERIAL;
1140     rfcomm_tty_driver->subtype  = SERIAL_TYPE_NORMAL;
1141     rfcomm_tty_driver->init_termios = tty_std_termios;
1142     rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1143     rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1144     tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1145
1146     error = tty_register_driver(rfcomm_tty_driver);
1147     if (error) {
1148         BT_ERR("Can't register RFCOMM TTY driver");
1149         tty_driver_kref_put(rfcomm_tty_driver);
1150         return error;
1151     }
1152
1153     BT_INFO("RFCOMM TTY layer initialized");
1154
1155     return 0;
1156 }
1157
1158 void rfcomm_cleanup_ttys(void)
1159 {
1160     tty_unregister_driver(rfcomm_tty_driver);
1161     tty_driver_kref_put(rfcomm_tty_driver);
1162 }