1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <linux/capability.h>
35 #include <linux/slab.h>
36 #include <linux/skbuff.h>
37
38 #include <net/bluetooth/bluetooth.h>
39 #include <net/bluetooth/hci_core.h>
40 #include <net/bluetooth/rfcomm.h>
41
42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
45 #define RFCOMM_TTY_MINOR 0
46
47 static struct tty_driver *rfcomm_tty_driver;
48
49 struct rfcomm_dev {
50 struct list_head list;
51 atomic_t refcnt;
52
53 char name[12];
54 int id;
55 unsigned long flags;
56 atomic_t opened;
57 int err;
58
59 bdaddr_t src;
60 bdaddr_t dst;
61 u8 channel;
62
63 uint modem_status;
64
65 struct rfcomm_dlc *dlc;
66 struct tty_struct *tty;
67 wait_queue_head_t wait;
68 struct tasklet_struct wakeup_task;
69
70 struct device *tty_dev;
71
72 atomic_t wmem_alloc;
73
74 struct sk_buff_head pending;
75 };
76
77 static LIST_HEAD(rfcomm_dev_list);
78 static DEFINE_RWLOCK(rfcomm_dev_lock);
79
80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
83
84 static void rfcomm_tty_wakeup(unsigned long arg);
85
86 /* ---- Device functions ---- */
87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
88 {
89 struct rfcomm_dlc *dlc = dev->dlc;
90
91 BT_DBG("dev %p dlc %p", dev, dlc);
92
93 /* Refcount should only hit zero when called from rfcomm_dev_del()
94 which will have taken us off the list. Everything else are
95 refcounting bugs. */
96 BUG_ON(!list_empty(&dev->list));
97
98 rfcomm_dlc_lock(dlc);
99 /* Detach DLC if it's owned by this dev */
100 if (dlc->owner == dev)
101 dlc->owner = NULL;
102 rfcomm_dlc_unlock(dlc);
103
104 rfcomm_dlc_put(dlc);
105
106 tty_unregister_device(rfcomm_tty_driver, dev->id);
107
108 kfree(dev);
109
110 /* It's safe to call module_put() here because socket still
111 holds reference to this module. */
112 module_put(THIS_MODULE);
113 }
114
115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
116 {
117 atomic_inc(&dev->refcnt);
118 }
119
120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
121 {
122 /* The reason this isn't actually a race, as you no
123 doubt have a little voice screaming at you in your
124 head, is that the refcount should never actually
125 reach zero unless the device has already been taken
126 off the list, in rfcomm_dev_del(). And if that's not
127 true, we'll hit the BUG() in rfcomm_dev_destruct()
128 anyway. */
129 if (atomic_dec_and_test(&dev->refcnt))
130 rfcomm_dev_destruct(dev);
131 }
132
133 static struct rfcomm_dev *__rfcomm_dev_get(int id)
134 {
135 struct rfcomm_dev *dev;
136 struct list_head *p;
137
138 list_for_each(p, &rfcomm_dev_list) {
139 dev = list_entry(p, struct rfcomm_dev, list);
140 if (dev->id == id)
141 return dev;
142 }
143
144 return NULL;
145 }
146
147 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
148 {
149 struct rfcomm_dev *dev;
150
151 read_lock(&rfcomm_dev_lock);
152
153 dev = __rfcomm_dev_get(id);
154
155 if (dev) {
156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
157 dev = NULL;
158 else
159 rfcomm_dev_hold(dev);
160 }
161
162 read_unlock(&rfcomm_dev_lock);
163
164 return dev;
165 }
166
167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
168 {
169 struct hci_dev *hdev;
170 struct hci_conn *conn;
171
172 hdev = hci_get_route(&dev->dst, &dev->src);
173 if (!hdev)
174 return NULL;
175
176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
177
178 hci_dev_put(hdev);
179
180 return conn ? &conn->dev : NULL;
181 }
182
183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
184 {
185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
186 bdaddr_t bdaddr;
187 baswap(&bdaddr, &dev->dst);
188 return sprintf(buf, "%s\n", batostr(&bdaddr));
189 }
190
191 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
192 {
193 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
194 return sprintf(buf, "%d\n", dev->channel);
195 }
196
197 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
198 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
199
200 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
201 {
202 struct rfcomm_dev *dev;
203 struct list_head *head = &rfcomm_dev_list, *p;
204 int err = 0;
205
206 BT_DBG("id %d channel %d", req->dev_id, req->channel);
207
208 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
209 if (!dev)
210 return -ENOMEM;
211
212 write_lock_bh(&rfcomm_dev_lock);
213
214 if (req->dev_id < 0) {
215 dev->id = 0;
216
217 list_for_each(p, &rfcomm_dev_list) {
218 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
219 break;
220
221 dev->id++;
222 head = p;
223 }
224 } else {
225 dev->id = req->dev_id;
226
227 list_for_each(p, &rfcomm_dev_list) {
228 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
229
230 if (entry->id == dev->id) {
231 err = -EADDRINUSE;
232 goto out;
233 }
234
235 if (entry->id > dev->id - 1)
236 break;
237
238 head = p;
239 }
240 }
241
242 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
243 err = -ENFILE;
244 goto out;
245 }
246
247 sprintf(dev->name, "rfcomm%d", dev->id);
248
249 list_add(&dev->list, head);
250 atomic_set(&dev->refcnt, 1);
251
252 bacpy(&dev->src, &req->src);
253 bacpy(&dev->dst, &req->dst);
254 dev->channel = req->channel;
255
256 dev->flags = req->flags &
257 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
258
259 atomic_set(&dev->opened, 0);
260
261 init_waitqueue_head(&dev->wait);
262 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
263
264 skb_queue_head_init(&dev->pending);
265
266 rfcomm_dlc_lock(dlc);
267
268 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
269 struct sock *sk = dlc->owner;
270 struct sk_buff *skb;
271
272 BUG_ON(!sk);
273
274 rfcomm_dlc_throttle(dlc);
275
276 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
277 skb_orphan(skb);
278 skb_queue_tail(&dev->pending, skb);
279 atomic_sub(skb->len, &sk->sk_rmem_alloc);
280 }
281 }
282
283 dlc->data_ready = rfcomm_dev_data_ready;
284 dlc->state_change = rfcomm_dev_state_change;
285 dlc->modem_status = rfcomm_dev_modem_status;
286
287 dlc->owner = dev;
288 dev->dlc = dlc;
289
290 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
291
292 rfcomm_dlc_unlock(dlc);
293
294 /* It's safe to call __module_get() here because socket already
295 holds reference to this module. */
296 __module_get(THIS_MODULE);
297
298 out:
299 write_unlock_bh(&rfcomm_dev_lock);
300
301 if (err < 0)
302 goto free;
303
304 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
305
306 if (IS_ERR(dev->tty_dev)) {
307 err = PTR_ERR(dev->tty_dev);
308 list_del(&dev->list);
309 goto free;
310 }
311
312 dev_set_drvdata(dev->tty_dev, dev);
313
314 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
315 BT_ERR("Failed to create address attribute");
316
317 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
318 BT_ERR("Failed to create channel attribute");
319
320 return dev->id;
321
322 free:
323 kfree(dev);
324 return err;
325 }
326
327 static void rfcomm_dev_del(struct rfcomm_dev *dev)
328 {
329 BT_DBG("dev %p", dev);
330
331 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
332
333 if (atomic_read(&dev->opened) > 0)
334 return;
335
336 write_lock_bh(&rfcomm_dev_lock);
337 list_del_init(&dev->list);
338 write_unlock_bh(&rfcomm_dev_lock);
339
340 rfcomm_dev_put(dev);
341 }
342
343 /* ---- Send buffer ---- */
344 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
345 {
346 /* We can't let it be zero, because we don't get a callback
347 when tx_credits becomes nonzero, hence we'd never wake up */
348 return dlc->mtu * (dlc->tx_credits?:1);
349 }
350
351 static void rfcomm_wfree(struct sk_buff *skb)
352 {
353 struct rfcomm_dev *dev = (void *) skb->sk;
354 atomic_sub(skb->truesize, &dev->wmem_alloc);
355 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
356 tasklet_schedule(&dev->wakeup_task);
357 rfcomm_dev_put(dev);
358 }
359
360 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
361 {
362 rfcomm_dev_hold(dev);
363 atomic_add(skb->truesize, &dev->wmem_alloc);
364 skb->sk = (void *) dev;
365 skb->destructor = rfcomm_wfree;
366 }
367
368 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
369 {
370 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
371 struct sk_buff *skb = alloc_skb(size, priority);
372 if (skb) {
373 rfcomm_set_owner_w(skb, dev);
374 return skb;
375 }
376 }
377 return NULL;
378 }
379
380 /* ---- Device IOCTLs ---- */
381
382 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
383
384 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
385 {
386 struct rfcomm_dev_req req;
387 struct rfcomm_dlc *dlc;
388 int id;
389
390 if (copy_from_user(&req, arg, sizeof(req)))
391 return -EFAULT;
392
393 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
394
395 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
396 return -EPERM;
397
398 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
399 /* Socket must be connected */
400 if (sk->sk_state != BT_CONNECTED)
401 return -EBADFD;
402
403 dlc = rfcomm_pi(sk)->dlc;
404 rfcomm_dlc_hold(dlc);
405 } else {
406 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
407 if (!dlc)
408 return -ENOMEM;
409 }
410
411 id = rfcomm_dev_add(&req, dlc);
412 if (id < 0) {
413 rfcomm_dlc_put(dlc);
414 return id;
415 }
416
417 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
418 /* DLC is now used by device.
419 * Socket must be disconnected */
420 sk->sk_state = BT_CLOSED;
421 }
422
423 return id;
424 }
425
426 static int rfcomm_release_dev(void __user *arg)
427 {
428 struct rfcomm_dev_req req;
429 struct rfcomm_dev *dev;
430
431 if (copy_from_user(&req, arg, sizeof(req)))
432 return -EFAULT;
433
434 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
435
436 if (!(dev = rfcomm_dev_get(req.dev_id)))
437 return -ENODEV;
438
439 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
440 rfcomm_dev_put(dev);
441 return -EPERM;
442 }
443
444 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
445 rfcomm_dlc_close(dev->dlc, 0);
446
447 /* Shut down TTY synchronously before freeing rfcomm_dev */
448 if (dev->tty)
449 tty_vhangup(dev->tty);
450
451 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
452 rfcomm_dev_del(dev);
453 rfcomm_dev_put(dev);
454 return 0;
455 }
456
457 static int rfcomm_get_dev_list(void __user *arg)
458 {
459 struct rfcomm_dev_list_req *dl;
460 struct rfcomm_dev_info *di;
461 struct list_head *p;
462 int n = 0, size, err;
463 u16 dev_num;
464
465 BT_DBG("");
466
467 if (get_user(dev_num, (u16 __user *) arg))
468 return -EFAULT;
469
470 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
471 return -EINVAL;
472
473 size = sizeof(*dl) + dev_num * sizeof(*di);
474
475 if (!(dl = kmalloc(size, GFP_KERNEL)))
476 return -ENOMEM;
477
478 di = dl->dev_info;
479
480 read_lock_bh(&rfcomm_dev_lock);
481
482 list_for_each(p, &rfcomm_dev_list) {
483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
485 continue;
486 (di + n)->id = dev->id;
487 (di + n)->flags = dev->flags;
488 (di + n)->state = dev->dlc->state;
489 (di + n)->channel = dev->channel;
490 bacpy(&(di + n)->src, &dev->src);
491 bacpy(&(di + n)->dst, &dev->dst);
492 if (++n >= dev_num)
493 break;
494 }
495
496 read_unlock_bh(&rfcomm_dev_lock);
497
498 dl->dev_num = n;
499 size = sizeof(*dl) + n * sizeof(*di);
500
501 err = copy_to_user(arg, dl, size);
502 kfree(dl);
503
504 return err ? -EFAULT : 0;
505 }
506
507 static int rfcomm_get_dev_info(void __user *arg)
508 {
509 struct rfcomm_dev *dev;
510 struct rfcomm_dev_info di;
511 int err = 0;
512
513 BT_DBG("");
514
515 if (copy_from_user(&di, arg, sizeof(di)))
516 return -EFAULT;
517
518 if (!(dev = rfcomm_dev_get(di.id)))
519 return -ENODEV;
520
521 di.flags = dev->flags;
522 di.channel = dev->channel;
523 di.state = dev->dlc->state;
524 bacpy(&di.src, &dev->src);
525 bacpy(&di.dst, &dev->dst);
526
527 if (copy_to_user(arg, &di, sizeof(di)))
528 err = -EFAULT;
529
530 rfcomm_dev_put(dev);
531 return err;
532 }
533
534 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
535 {
536 BT_DBG("cmd %d arg %p", cmd, arg);
537
538 switch (cmd) {
539 case RFCOMMCREATEDEV:
540 return rfcomm_create_dev(sk, arg);
541
542 case RFCOMMRELEASEDEV:
543 return rfcomm_release_dev(arg);
544
545 case RFCOMMGETDEVLIST:
546 return rfcomm_get_dev_list(arg);
547
548 case RFCOMMGETDEVINFO:
549 return rfcomm_get_dev_info(arg);
550 }
551
552 return -EINVAL;
553 }
554
555 /* ---- DLC callbacks ---- */
556 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
557 {
558 struct rfcomm_dev *dev = dlc->owner;
559 struct tty_struct *tty;
560
561 if (!dev) {
562 kfree_skb(skb);
563 return;
564 }
565
566 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) {
567 skb_queue_tail(&dev->pending, skb);
568 return;
569 }
570
571 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
572
573 tty_insert_flip_string(tty, skb->data, skb->len);
574 tty_flip_buffer_push(tty);
575
576 kfree_skb(skb);
577 }
578
579 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
580 {
581 struct rfcomm_dev *dev = dlc->owner;
582 if (!dev)
583 return;
584
585 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
586
587 dev->err = err;
588 wake_up_interruptible(&dev->wait);
589
590 if (dlc->state == BT_CLOSED) {
591 if (!dev->tty) {
592 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
593 /* Drop DLC lock here to avoid deadlock
594 * 1. rfcomm_dev_get will take rfcomm_dev_lock
595 * but in rfcomm_dev_add there's lock order:
596 * rfcomm_dev_lock -> dlc lock
597 * 2. rfcomm_dev_put will deadlock if it's
598 * the last reference
599 */
600 rfcomm_dlc_unlock(dlc);
601 if (rfcomm_dev_get(dev->id) == NULL) {
602 rfcomm_dlc_lock(dlc);
603 return;
604 }
605
606 rfcomm_dev_del(dev);
607 rfcomm_dev_put(dev);
608 rfcomm_dlc_lock(dlc);
609 }
610 } else
611 tty_hangup(dev->tty);
612 }
613 }
614
615 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
616 {
617 struct rfcomm_dev *dev = dlc->owner;
618 if (!dev)
619 return;
620
621 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
622
623 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
624 if (dev->tty && !C_CLOCAL(dev->tty))
625 tty_hangup(dev->tty);
626 }
627
628 dev->modem_status =
629 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
630 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
631 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
632 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
633 }
634
635 /* ---- TTY functions ---- */
636 static void rfcomm_tty_wakeup(unsigned long arg)
637 {
638 struct rfcomm_dev *dev = (void *) arg;
639 struct tty_struct *tty = dev->tty;
640 if (!tty)
641 return;
642
643 BT_DBG("dev %p tty %p", dev, tty);
644 tty_wakeup(tty);
645 }
646
647 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
648 {
649 struct tty_struct *tty = dev->tty;
650 struct sk_buff *skb;
651 int inserted = 0;
652
653 if (!tty)
654 return;
655
656 BT_DBG("dev %p tty %p", dev, tty);
657
658 rfcomm_dlc_lock(dev->dlc);
659
660 while ((skb = skb_dequeue(&dev->pending))) {
661 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
662 kfree_skb(skb);
663 }
664
665 rfcomm_dlc_unlock(dev->dlc);
666
667 if (inserted > 0)
668 tty_flip_buffer_push(tty);
669 }
670
671 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
672 {
673 DECLARE_WAITQUEUE(wait, current);
674 struct rfcomm_dev *dev;
675 struct rfcomm_dlc *dlc;
676 int err, id;
677
678 id = tty->index;
679
680 BT_DBG("tty %p id %d", tty, id);
681
682 /* We don't leak this refcount. For reasons which are not entirely
683 clear, the TTY layer will call our ->close() method even if the
684 open fails. We decrease the refcount there, and decreasing it
685 here too would cause breakage. */
686 dev = rfcomm_dev_get(id);
687 if (!dev)
688 return -ENODEV;
689
690 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
691 dev->channel, atomic_read(&dev->opened));
692
693 if (atomic_inc_return(&dev->opened) > 1)
694 return 0;
695
696 dlc = dev->dlc;
697
698 /* Attach TTY and open DLC */
699
700 rfcomm_dlc_lock(dlc);
701 tty->driver_data = dev;
702 dev->tty = tty;
703 rfcomm_dlc_unlock(dlc);
704 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
705
706 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
707 if (err < 0)
708 return err;
709
710 /* Wait for DLC to connect */
711 add_wait_queue(&dev->wait, &wait);
712 while (1) {
713 set_current_state(TASK_INTERRUPTIBLE);
714
715 if (dlc->state == BT_CLOSED) {
716 err = -dev->err;
717 break;
718 }
719
720 if (dlc->state == BT_CONNECTED)
721 break;
722
723 if (signal_pending(current)) {
724 err = -EINTR;
725 break;
726 }
727
728 schedule();
729 }
730 set_current_state(TASK_RUNNING);
731 remove_wait_queue(&dev->wait, &wait);
732
733 if (err == 0)
734 device_move(dev->tty_dev, rfcomm_get_device(dev),
735 DPM_ORDER_DEV_AFTER_PARENT);
736
737 rfcomm_tty_copy_pending(dev);
738
739 rfcomm_dlc_unthrottle(dev->dlc);
740
741 return err;
742 }
743
744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
745 {
746 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
747 if (!dev)
748 return;
749
750 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
751 atomic_read(&dev->opened));
752
753 if (atomic_dec_and_test(&dev->opened)) {
754 if (dev->tty_dev->parent)
755 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
756
757 /* Close DLC and dettach TTY */
758 rfcomm_dlc_close(dev->dlc, 0);
759
760 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
761 tasklet_kill(&dev->wakeup_task);
762
763 rfcomm_dlc_lock(dev->dlc);
764 tty->driver_data = NULL;
765 dev->tty = NULL;
766 rfcomm_dlc_unlock(dev->dlc);
767
768 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
769 write_lock_bh(&rfcomm_dev_lock);
770 list_del_init(&dev->list);
771 write_unlock_bh(&rfcomm_dev_lock);
772
773 rfcomm_dev_put(dev);
774 }
775 }
776
777 rfcomm_dev_put(dev);
778 }
779
780 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
781 {
782 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
783 struct rfcomm_dlc *dlc = dev->dlc;
784 struct sk_buff *skb;
785 int err = 0, sent = 0, size;
786
787 BT_DBG("tty %p count %d", tty, count);
788
789 while (count) {
790 size = min_t(uint, count, dlc->mtu);
791
792 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
793
794 if (!skb)
795 break;
796
797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
798
799 memcpy(skb_put(skb, size), buf + sent, size);
800
801 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
802 kfree_skb(skb);
803 break;
804 }
805
806 sent += size;
807 count -= size;
808 }
809
810 return sent ? sent : err;
811 }
812
813 static int rfcomm_tty_write_room(struct tty_struct *tty)
814 {
815 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
816 int room;
817
818 BT_DBG("tty %p", tty);
819
820 if (!dev || !dev->dlc)
821 return 0;
822
823 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
824 if (room < 0)
825 room = 0;
826
827 return room;
828 }
829
830 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
831 {
832 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
833
834 switch (cmd) {
835 case TCGETS:
836 BT_DBG("TCGETS is not supported");
837 return -ENOIOCTLCMD;
838
839 case TCSETS:
840 BT_DBG("TCSETS is not supported");
841 return -ENOIOCTLCMD;
842
843 case TIOCMIWAIT:
844 BT_DBG("TIOCMIWAIT");
845 break;
846
847 case TIOCGICOUNT:
848 BT_DBG("TIOCGICOUNT");
849 break;
850
851 case TIOCGSERIAL:
852 BT_ERR("TIOCGSERIAL is not supported");
853 return -ENOIOCTLCMD;
854
855 case TIOCSSERIAL:
856 BT_ERR("TIOCSSERIAL is not supported");
857 return -ENOIOCTLCMD;
858
859 case TIOCSERGSTRUCT:
860 BT_ERR("TIOCSERGSTRUCT is not supported");
861 return -ENOIOCTLCMD;
862
863 case TIOCSERGETLSR:
864 BT_ERR("TIOCSERGETLSR is not supported");
865 return -ENOIOCTLCMD;
866
867 case TIOCSERCONFIG:
868 BT_ERR("TIOCSERCONFIG is not supported");
869 return -ENOIOCTLCMD;
870
871 default:
872 return -ENOIOCTLCMD; /* ioctls which we must ignore */
873
874 }
875
876 return -ENOIOCTLCMD;
877 }
878
879 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
880 {
881 struct ktermios *new = tty->termios;
882 int old_baud_rate = tty_termios_baud_rate(old);
883 int new_baud_rate = tty_termios_baud_rate(new);
884
885 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
886 u16 changes = 0;
887
888 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
889
890 BT_DBG("tty %p termios %p", tty, old);
891
892 if (!dev || !dev->dlc || !dev->dlc->session)
893 return;
894
895 /* Handle turning off CRTSCTS */
896 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
897 BT_DBG("Turning off CRTSCTS unsupported");
898
899 /* Parity on/off and when on, odd/even */
900 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
901 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
902 changes |= RFCOMM_RPN_PM_PARITY;
903 BT_DBG("Parity change detected.");
904 }
905
906 /* Mark and space parity are not supported! */
907 if (new->c_cflag & PARENB) {
908 if (new->c_cflag & PARODD) {
909 BT_DBG("Parity is ODD");
910 parity = RFCOMM_RPN_PARITY_ODD;
911 } else {
912 BT_DBG("Parity is EVEN");
913 parity = RFCOMM_RPN_PARITY_EVEN;
914 }
915 } else {
916 BT_DBG("Parity is OFF");
917 parity = RFCOMM_RPN_PARITY_NONE;
918 }
919
920 /* Setting the x_on / x_off characters */
921 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
922 BT_DBG("XOFF custom");
923 x_on = new->c_cc[VSTOP];
924 changes |= RFCOMM_RPN_PM_XON;
925 } else {
926 BT_DBG("XOFF default");
927 x_on = RFCOMM_RPN_XON_CHAR;
928 }
929
930 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
931 BT_DBG("XON custom");
932 x_off = new->c_cc[VSTART];
933 changes |= RFCOMM_RPN_PM_XOFF;
934 } else {
935 BT_DBG("XON default");
936 x_off = RFCOMM_RPN_XOFF_CHAR;
937 }
938
939 /* Handle setting of stop bits */
940 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
941 changes |= RFCOMM_RPN_PM_STOP;
942
943 /* POSIX does not support 1.5 stop bits and RFCOMM does not
944 * support 2 stop bits. So a request for 2 stop bits gets
945 * translated to 1.5 stop bits */
946 if (new->c_cflag & CSTOPB) {
947 stop_bits = RFCOMM_RPN_STOP_15;
948 } else {
949 stop_bits = RFCOMM_RPN_STOP_1;
950 }
951
952 /* Handle number of data bits [5-8] */
953 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
954 changes |= RFCOMM_RPN_PM_DATA;
955
956 switch (new->c_cflag & CSIZE) {
957 case CS5:
958 data_bits = RFCOMM_RPN_DATA_5;
959 break;
960 case CS6:
961 data_bits = RFCOMM_RPN_DATA_6;
962 break;
963 case CS7:
964 data_bits = RFCOMM_RPN_DATA_7;
965 break;
966 case CS8:
967 data_bits = RFCOMM_RPN_DATA_8;
968 break;
969 default:
970 data_bits = RFCOMM_RPN_DATA_8;
971 break;
972 }
973
974 /* Handle baudrate settings */
975 if (old_baud_rate != new_baud_rate)
976 changes |= RFCOMM_RPN_PM_BITRATE;
977
978 switch (new_baud_rate) {
979 case 2400:
980 baud = RFCOMM_RPN_BR_2400;
981 break;
982 case 4800:
983 baud = RFCOMM_RPN_BR_4800;
984 break;
985 case 7200:
986 baud = RFCOMM_RPN_BR_7200;
987 break;
988 case 9600:
989 baud = RFCOMM_RPN_BR_9600;
990 break;
991 case 19200:
992 baud = RFCOMM_RPN_BR_19200;
993 break;
994 case 38400:
995 baud = RFCOMM_RPN_BR_38400;
996 break;
997 case 57600:
998 baud = RFCOMM_RPN_BR_57600;
999 break;
1000 case 115200:
1001 baud = RFCOMM_RPN_BR_115200;
1002 break;
1003 case 230400:
1004 baud = RFCOMM_RPN_BR_230400;
1005 break;
1006 default:
1007 /* 9600 is standard accordinag to the RFCOMM specification */
1008 baud = RFCOMM_RPN_BR_9600;
1009 break;
1010
1011 }
1012
1013 if (changes)
1014 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1015 data_bits, stop_bits, parity,
1016 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1017
1018 return;
1019 }
1020
1021 static void rfcomm_tty_throttle(struct tty_struct *tty)
1022 {
1023 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1024
1025 BT_DBG("tty %p dev %p", tty, dev);
1026
1027 rfcomm_dlc_throttle(dev->dlc);
1028 }
1029
1030 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1031 {
1032 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1033
1034 BT_DBG("tty %p dev %p", tty, dev);
1035
1036 rfcomm_dlc_unthrottle(dev->dlc);
1037 }
1038
1039 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1040 {
1041 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1042
1043 BT_DBG("tty %p dev %p", tty, dev);
1044
1045 if (!dev || !dev->dlc)
1046 return 0;
1047
1048 if (!skb_queue_empty(&dev->dlc->tx_queue))
1049 return dev->dlc->mtu;
1050
1051 return 0;
1052 }
1053
1054 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1055 {
1056 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1057
1058 BT_DBG("tty %p dev %p", tty, dev);
1059
1060 if (!dev || !dev->dlc)
1061 return;
1062
1063 skb_queue_purge(&dev->dlc->tx_queue);
1064 tty_wakeup(tty);
1065 }
1066
1067 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1068 {
1069 BT_DBG("tty %p ch %c", tty, ch);
1070 }
1071
1072 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1073 {
1074 BT_DBG("tty %p timeout %d", tty, timeout);
1075 }
1076
1077 static void rfcomm_tty_hangup(struct tty_struct *tty)
1078 {
1079 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1080
1081 BT_DBG("tty %p dev %p", tty, dev);
1082
1083 if (!dev)
1084 return;
1085
1086 rfcomm_tty_flush_buffer(tty);
1087
1088 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1089 if (rfcomm_dev_get(dev->id) == NULL)
1090 return;
1091 rfcomm_dev_del(dev);
1092 rfcomm_dev_put(dev);
1093 }
1094 }
1095
1096 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1097 {
1098 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1099
1100 BT_DBG("tty %p dev %p", tty, dev);
1101
1102 return dev->modem_status;
1103 }
1104
1105 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
1106 {
1107 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1108 struct rfcomm_dlc *dlc = dev->dlc;
1109 u8 v24_sig;
1110
1111 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1112
1113 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1114
1115 if (set & TIOCM_DSR || set & TIOCM_DTR)
1116 v24_sig |= RFCOMM_V24_RTC;
1117 if (set & TIOCM_RTS || set & TIOCM_CTS)
1118 v24_sig |= RFCOMM_V24_RTR;
1119 if (set & TIOCM_RI)
1120 v24_sig |= RFCOMM_V24_IC;
1121 if (set & TIOCM_CD)
1122 v24_sig |= RFCOMM_V24_DV;
1123
1124 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1125 v24_sig &= ~RFCOMM_V24_RTC;
1126 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1127 v24_sig &= ~RFCOMM_V24_RTR;
1128 if (clear & TIOCM_RI)
1129 v24_sig &= ~RFCOMM_V24_IC;
1130 if (clear & TIOCM_CD)
1131 v24_sig &= ~RFCOMM_V24_DV;
1132
1133 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1134
1135 return 0;
1136 }
1137
1138 /* ---- TTY structure ---- */
1139
1140 static const struct tty_operations rfcomm_ops = {
1141 .open = rfcomm_tty_open,
1142 .close = rfcomm_tty_close,
1143 .write = rfcomm_tty_write,
1144 .write_room = rfcomm_tty_write_room,
1145 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1146 .flush_buffer = rfcomm_tty_flush_buffer,
1147 .ioctl = rfcomm_tty_ioctl,
1148 .throttle = rfcomm_tty_throttle,
1149 .unthrottle = rfcomm_tty_unthrottle,
1150 .set_termios = rfcomm_tty_set_termios,
1151 .send_xchar = rfcomm_tty_send_xchar,
1152 .hangup = rfcomm_tty_hangup,
1153 .wait_until_sent = rfcomm_tty_wait_until_sent,
1154 .tiocmget = rfcomm_tty_tiocmget,
1155 .tiocmset = rfcomm_tty_tiocmset,
1156 };
1157
1158 int rfcomm_init_ttys(void)
1159 {
1160 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1161 if (!rfcomm_tty_driver)
1162 return -1;
1163
1164 rfcomm_tty_driver->owner = THIS_MODULE;
1165 rfcomm_tty_driver->driver_name = "rfcomm";
1166 rfcomm_tty_driver->name = "rfcomm";
1167 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1168 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1169 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1170 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1171 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1172 rfcomm_tty_driver->init_termios = tty_std_termios;
1173 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1174 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1175 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1176
1177 if (tty_register_driver(rfcomm_tty_driver)) {
1178 BT_ERR("Can't register RFCOMM TTY driver");
1179 put_tty_driver(rfcomm_tty_driver);
1180 return -1;
1181 }
1182
1183 BT_INFO("RFCOMM TTY layer initialized");
1184
1185 return 0;
1186 }
1187
1188 void rfcomm_cleanup_ttys(void)
1189 {
1190 tty_unregister_driver(rfcomm_tty_driver);
1191 put_tty_driver(rfcomm_tty_driver);
1192 }
1193
|
This page was automatically generated by the
LXR engine.
|