1 | /* |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> |
5 | |
6 | This program is free software; you can redistribute it and/or modify |
7 | it under the terms of the GNU General Public License version 2 as |
8 | published by the Free Software Foundation; |
9 | |
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ |
23 | |
24 | /* |
25 | * RFCOMM TTY. |
26 | */ |
27 | |
28 | #include <linux/module.h> |
29 | |
30 | #include <linux/tty.h> |
31 | #include <linux/tty_driver.h> |
32 | #include <linux/tty_flip.h> |
33 | |
34 | #include <net/bluetooth/bluetooth.h> |
35 | #include <net/bluetooth/hci_core.h> |
36 | #include <net/bluetooth/rfcomm.h> |
37 | |
38 | #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ |
39 | #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ |
40 | #define RFCOMM_TTY_MINOR 0 |
41 | |
42 | static DEFINE_MUTEX(rfcomm_ioctl_mutex); |
43 | static struct tty_driver *rfcomm_tty_driver; |
44 | |
45 | struct rfcomm_dev { |
46 | struct tty_port port; |
47 | struct list_head list; |
48 | |
49 | char name[12]; |
50 | int id; |
51 | unsigned long flags; |
52 | int err; |
53 | |
54 | unsigned long status; /* don't export to userspace */ |
55 | |
56 | bdaddr_t src; |
57 | bdaddr_t dst; |
58 | u8 channel; |
59 | |
60 | uint modem_status; |
61 | |
62 | struct rfcomm_dlc *dlc; |
63 | |
64 | struct device *tty_dev; |
65 | |
66 | atomic_t wmem_alloc; |
67 | |
68 | struct sk_buff_head pending; |
69 | }; |
70 | |
71 | static LIST_HEAD(rfcomm_dev_list); |
72 | static DEFINE_MUTEX(rfcomm_dev_lock); |
73 | |
74 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); |
75 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); |
76 | static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); |
77 | |
78 | /* ---- Device functions ---- */ |
79 | |
80 | static void rfcomm_dev_destruct(struct tty_port *port) |
81 | { |
82 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
83 | struct rfcomm_dlc *dlc = dev->dlc; |
84 | |
85 | BT_DBG("dev %p dlc %p" , dev, dlc); |
86 | |
87 | rfcomm_dlc_lock(dlc); |
88 | /* Detach DLC if it's owned by this dev */ |
89 | if (dlc->owner == dev) |
90 | dlc->owner = NULL; |
91 | rfcomm_dlc_unlock(dlc); |
92 | |
93 | rfcomm_dlc_put(d: dlc); |
94 | |
95 | if (dev->tty_dev) |
96 | tty_unregister_device(driver: rfcomm_tty_driver, index: dev->id); |
97 | |
98 | mutex_lock(&rfcomm_dev_lock); |
99 | list_del(entry: &dev->list); |
100 | mutex_unlock(lock: &rfcomm_dev_lock); |
101 | |
102 | kfree(objp: dev); |
103 | |
104 | /* It's safe to call module_put() here because socket still |
105 | holds reference to this module. */ |
106 | module_put(THIS_MODULE); |
107 | } |
108 | |
109 | /* device-specific initialization: open the dlc */ |
110 | static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) |
111 | { |
112 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
113 | int err; |
114 | |
115 | err = rfcomm_dlc_open(d: dev->dlc, src: &dev->src, dst: &dev->dst, channel: dev->channel); |
116 | if (err) |
117 | set_bit(TTY_IO_ERROR, addr: &tty->flags); |
118 | return err; |
119 | } |
120 | |
121 | /* we block the open until the dlc->state becomes BT_CONNECTED */ |
122 | static bool rfcomm_dev_carrier_raised(struct tty_port *port) |
123 | { |
124 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
125 | |
126 | return (dev->dlc->state == BT_CONNECTED); |
127 | } |
128 | |
129 | /* device-specific cleanup: close the dlc */ |
130 | static void rfcomm_dev_shutdown(struct tty_port *port) |
131 | { |
132 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
133 | |
134 | if (dev->tty_dev->parent) |
135 | device_move(dev: dev->tty_dev, NULL, dpm_order: DPM_ORDER_DEV_LAST); |
136 | |
137 | /* close the dlc */ |
138 | rfcomm_dlc_close(d: dev->dlc, reason: 0); |
139 | } |
140 | |
141 | static const struct tty_port_operations rfcomm_port_ops = { |
142 | .destruct = rfcomm_dev_destruct, |
143 | .activate = rfcomm_dev_activate, |
144 | .shutdown = rfcomm_dev_shutdown, |
145 | .carrier_raised = rfcomm_dev_carrier_raised, |
146 | }; |
147 | |
148 | static struct rfcomm_dev *__rfcomm_dev_lookup(int id) |
149 | { |
150 | struct rfcomm_dev *dev; |
151 | |
152 | list_for_each_entry(dev, &rfcomm_dev_list, list) |
153 | if (dev->id == id) |
154 | return dev; |
155 | |
156 | return NULL; |
157 | } |
158 | |
159 | static struct rfcomm_dev *rfcomm_dev_get(int id) |
160 | { |
161 | struct rfcomm_dev *dev; |
162 | |
163 | mutex_lock(&rfcomm_dev_lock); |
164 | |
165 | dev = __rfcomm_dev_lookup(id); |
166 | |
167 | if (dev && !tty_port_get(port: &dev->port)) |
168 | dev = NULL; |
169 | |
170 | mutex_unlock(lock: &rfcomm_dev_lock); |
171 | |
172 | return dev; |
173 | } |
174 | |
175 | static void rfcomm_reparent_device(struct rfcomm_dev *dev) |
176 | { |
177 | struct hci_dev *hdev; |
178 | struct hci_conn *conn; |
179 | |
180 | hdev = hci_get_route(dst: &dev->dst, src: &dev->src, BDADDR_BREDR); |
181 | if (!hdev) |
182 | return; |
183 | |
184 | /* The lookup results are unsafe to access without the |
185 | * hci device lock (FIXME: why is this not documented?) |
186 | */ |
187 | hci_dev_lock(hdev); |
188 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, ba: &dev->dst); |
189 | |
190 | /* Just because the acl link is in the hash table is no |
191 | * guarantee the sysfs device has been added ... |
192 | */ |
193 | if (conn && device_is_registered(dev: &conn->dev)) |
194 | device_move(dev: dev->tty_dev, new_parent: &conn->dev, dpm_order: DPM_ORDER_DEV_AFTER_PARENT); |
195 | |
196 | hci_dev_unlock(hdev); |
197 | hci_dev_put(d: hdev); |
198 | } |
199 | |
200 | static ssize_t address_show(struct device *tty_dev, |
201 | struct device_attribute *attr, char *buf) |
202 | { |
203 | struct rfcomm_dev *dev = dev_get_drvdata(dev: tty_dev); |
204 | return sprintf(buf, fmt: "%pMR\n" , &dev->dst); |
205 | } |
206 | |
207 | static ssize_t channel_show(struct device *tty_dev, |
208 | struct device_attribute *attr, char *buf) |
209 | { |
210 | struct rfcomm_dev *dev = dev_get_drvdata(dev: tty_dev); |
211 | return sprintf(buf, fmt: "%d\n" , dev->channel); |
212 | } |
213 | |
214 | static DEVICE_ATTR_RO(address); |
215 | static DEVICE_ATTR_RO(channel); |
216 | |
217 | static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, |
218 | struct rfcomm_dlc *dlc) |
219 | { |
220 | struct rfcomm_dev *dev, *entry; |
221 | struct list_head *head = &rfcomm_dev_list; |
222 | int err = 0; |
223 | |
224 | dev = kzalloc(size: sizeof(struct rfcomm_dev), GFP_KERNEL); |
225 | if (!dev) |
226 | return ERR_PTR(error: -ENOMEM); |
227 | |
228 | mutex_lock(&rfcomm_dev_lock); |
229 | |
230 | if (req->dev_id < 0) { |
231 | dev->id = 0; |
232 | |
233 | list_for_each_entry(entry, &rfcomm_dev_list, list) { |
234 | if (entry->id != dev->id) |
235 | break; |
236 | |
237 | dev->id++; |
238 | head = &entry->list; |
239 | } |
240 | } else { |
241 | dev->id = req->dev_id; |
242 | |
243 | list_for_each_entry(entry, &rfcomm_dev_list, list) { |
244 | if (entry->id == dev->id) { |
245 | err = -EADDRINUSE; |
246 | goto out; |
247 | } |
248 | |
249 | if (entry->id > dev->id - 1) |
250 | break; |
251 | |
252 | head = &entry->list; |
253 | } |
254 | } |
255 | |
256 | if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { |
257 | err = -ENFILE; |
258 | goto out; |
259 | } |
260 | |
261 | sprintf(buf: dev->name, fmt: "rfcomm%d" , dev->id); |
262 | |
263 | list_add(new: &dev->list, head); |
264 | |
265 | bacpy(dst: &dev->src, src: &req->src); |
266 | bacpy(dst: &dev->dst, src: &req->dst); |
267 | dev->channel = req->channel; |
268 | |
269 | dev->flags = req->flags & |
270 | ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); |
271 | |
272 | tty_port_init(port: &dev->port); |
273 | dev->port.ops = &rfcomm_port_ops; |
274 | |
275 | skb_queue_head_init(list: &dev->pending); |
276 | |
277 | rfcomm_dlc_lock(dlc); |
278 | |
279 | if (req->flags & (1 << RFCOMM_REUSE_DLC)) { |
280 | struct sock *sk = dlc->owner; |
281 | struct sk_buff *skb; |
282 | |
283 | BUG_ON(!sk); |
284 | |
285 | rfcomm_dlc_throttle(d: dlc); |
286 | |
287 | while ((skb = skb_dequeue(list: &sk->sk_receive_queue))) { |
288 | skb_orphan(skb); |
289 | skb_queue_tail(list: &dev->pending, newsk: skb); |
290 | atomic_sub(i: skb->len, v: &sk->sk_rmem_alloc); |
291 | } |
292 | } |
293 | |
294 | dlc->data_ready = rfcomm_dev_data_ready; |
295 | dlc->state_change = rfcomm_dev_state_change; |
296 | dlc->modem_status = rfcomm_dev_modem_status; |
297 | |
298 | dlc->owner = dev; |
299 | dev->dlc = dlc; |
300 | |
301 | rfcomm_dev_modem_status(dlc, v24_sig: dlc->remote_v24_sig); |
302 | |
303 | rfcomm_dlc_unlock(dlc); |
304 | |
305 | /* It's safe to call __module_get() here because socket already |
306 | holds reference to this module. */ |
307 | __module_get(THIS_MODULE); |
308 | |
309 | mutex_unlock(lock: &rfcomm_dev_lock); |
310 | return dev; |
311 | |
312 | out: |
313 | mutex_unlock(lock: &rfcomm_dev_lock); |
314 | kfree(objp: dev); |
315 | return ERR_PTR(error: err); |
316 | } |
317 | |
318 | static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) |
319 | { |
320 | struct rfcomm_dev *dev; |
321 | struct device *tty; |
322 | |
323 | BT_DBG("id %d channel %d" , req->dev_id, req->channel); |
324 | |
325 | dev = __rfcomm_dev_add(req, dlc); |
326 | if (IS_ERR(ptr: dev)) { |
327 | rfcomm_dlc_put(d: dlc); |
328 | return PTR_ERR(ptr: dev); |
329 | } |
330 | |
331 | tty = tty_port_register_device(port: &dev->port, driver: rfcomm_tty_driver, |
332 | index: dev->id, NULL); |
333 | if (IS_ERR(ptr: tty)) { |
334 | tty_port_put(port: &dev->port); |
335 | return PTR_ERR(ptr: tty); |
336 | } |
337 | |
338 | dev->tty_dev = tty; |
339 | rfcomm_reparent_device(dev); |
340 | dev_set_drvdata(dev: dev->tty_dev, data: dev); |
341 | |
342 | if (device_create_file(device: dev->tty_dev, entry: &dev_attr_address) < 0) |
343 | BT_ERR("Failed to create address attribute" ); |
344 | |
345 | if (device_create_file(device: dev->tty_dev, entry: &dev_attr_channel) < 0) |
346 | BT_ERR("Failed to create channel attribute" ); |
347 | |
348 | return dev->id; |
349 | } |
350 | |
351 | /* ---- Send buffer ---- */ |
352 | static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) |
353 | { |
354 | struct rfcomm_dlc *dlc = dev->dlc; |
355 | |
356 | /* Limit the outstanding number of packets not yet sent to 40 */ |
357 | int pending = 40 - atomic_read(v: &dev->wmem_alloc); |
358 | |
359 | return max(0, pending) * dlc->mtu; |
360 | } |
361 | |
362 | static void rfcomm_wfree(struct sk_buff *skb) |
363 | { |
364 | struct rfcomm_dev *dev = (void *) skb->sk; |
365 | atomic_dec(v: &dev->wmem_alloc); |
366 | if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) |
367 | tty_port_tty_wakeup(port: &dev->port); |
368 | tty_port_put(port: &dev->port); |
369 | } |
370 | |
371 | static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) |
372 | { |
373 | tty_port_get(port: &dev->port); |
374 | atomic_inc(v: &dev->wmem_alloc); |
375 | skb->sk = (void *) dev; |
376 | skb->destructor = rfcomm_wfree; |
377 | } |
378 | |
379 | static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) |
380 | { |
381 | struct sk_buff *skb = alloc_skb(size, priority); |
382 | if (skb) |
383 | rfcomm_set_owner_w(skb, dev); |
384 | return skb; |
385 | } |
386 | |
387 | /* ---- Device IOCTLs ---- */ |
388 | |
389 | #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) |
390 | |
391 | static int __rfcomm_create_dev(struct sock *sk, void __user *arg) |
392 | { |
393 | struct rfcomm_dev_req req; |
394 | struct rfcomm_dlc *dlc; |
395 | int id; |
396 | |
397 | if (copy_from_user(to: &req, from: arg, n: sizeof(req))) |
398 | return -EFAULT; |
399 | |
400 | BT_DBG("sk %p dev_id %d flags 0x%x" , sk, req.dev_id, req.flags); |
401 | |
402 | if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) |
403 | return -EPERM; |
404 | |
405 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { |
406 | /* Socket must be connected */ |
407 | if (sk->sk_state != BT_CONNECTED) |
408 | return -EBADFD; |
409 | |
410 | dlc = rfcomm_pi(sk)->dlc; |
411 | rfcomm_dlc_hold(d: dlc); |
412 | } else { |
413 | /* Validate the channel is unused */ |
414 | dlc = rfcomm_dlc_exists(src: &req.src, dst: &req.dst, channel: req.channel); |
415 | if (IS_ERR(ptr: dlc)) |
416 | return PTR_ERR(ptr: dlc); |
417 | if (dlc) |
418 | return -EBUSY; |
419 | dlc = rfcomm_dlc_alloc(GFP_KERNEL); |
420 | if (!dlc) |
421 | return -ENOMEM; |
422 | } |
423 | |
424 | id = rfcomm_dev_add(req: &req, dlc); |
425 | if (id < 0) |
426 | return id; |
427 | |
428 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { |
429 | /* DLC is now used by device. |
430 | * Socket must be disconnected */ |
431 | sk->sk_state = BT_CLOSED; |
432 | } |
433 | |
434 | return id; |
435 | } |
436 | |
437 | static int __rfcomm_release_dev(void __user *arg) |
438 | { |
439 | struct rfcomm_dev_req req; |
440 | struct rfcomm_dev *dev; |
441 | struct tty_struct *tty; |
442 | |
443 | if (copy_from_user(to: &req, from: arg, n: sizeof(req))) |
444 | return -EFAULT; |
445 | |
446 | BT_DBG("dev_id %d flags 0x%x" , req.dev_id, req.flags); |
447 | |
448 | dev = rfcomm_dev_get(id: req.dev_id); |
449 | if (!dev) |
450 | return -ENODEV; |
451 | |
452 | if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { |
453 | tty_port_put(port: &dev->port); |
454 | return -EPERM; |
455 | } |
456 | |
457 | /* only release once */ |
458 | if (test_and_set_bit(RFCOMM_DEV_RELEASED, addr: &dev->status)) { |
459 | tty_port_put(port: &dev->port); |
460 | return -EALREADY; |
461 | } |
462 | |
463 | if (req.flags & (1 << RFCOMM_HANGUP_NOW)) |
464 | rfcomm_dlc_close(d: dev->dlc, reason: 0); |
465 | |
466 | /* Shut down TTY synchronously before freeing rfcomm_dev */ |
467 | tty = tty_port_tty_get(port: &dev->port); |
468 | if (tty) { |
469 | tty_vhangup(tty); |
470 | tty_kref_put(tty); |
471 | } |
472 | |
473 | if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) |
474 | tty_port_put(port: &dev->port); |
475 | |
476 | tty_port_put(port: &dev->port); |
477 | return 0; |
478 | } |
479 | |
480 | static int rfcomm_create_dev(struct sock *sk, void __user *arg) |
481 | { |
482 | int ret; |
483 | |
484 | mutex_lock(&rfcomm_ioctl_mutex); |
485 | ret = __rfcomm_create_dev(sk, arg); |
486 | mutex_unlock(lock: &rfcomm_ioctl_mutex); |
487 | |
488 | return ret; |
489 | } |
490 | |
491 | static int rfcomm_release_dev(void __user *arg) |
492 | { |
493 | int ret; |
494 | |
495 | mutex_lock(&rfcomm_ioctl_mutex); |
496 | ret = __rfcomm_release_dev(arg); |
497 | mutex_unlock(lock: &rfcomm_ioctl_mutex); |
498 | |
499 | return ret; |
500 | } |
501 | |
502 | static int rfcomm_get_dev_list(void __user *arg) |
503 | { |
504 | struct rfcomm_dev *dev; |
505 | struct rfcomm_dev_list_req *dl; |
506 | struct rfcomm_dev_info *di; |
507 | int n = 0, size, err; |
508 | u16 dev_num; |
509 | |
510 | BT_DBG("" ); |
511 | |
512 | if (get_user(dev_num, (u16 __user *) arg)) |
513 | return -EFAULT; |
514 | |
515 | if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) |
516 | return -EINVAL; |
517 | |
518 | size = sizeof(*dl) + dev_num * sizeof(*di); |
519 | |
520 | dl = kzalloc(size, GFP_KERNEL); |
521 | if (!dl) |
522 | return -ENOMEM; |
523 | |
524 | di = dl->dev_info; |
525 | |
526 | mutex_lock(&rfcomm_dev_lock); |
527 | |
528 | list_for_each_entry(dev, &rfcomm_dev_list, list) { |
529 | if (!tty_port_get(port: &dev->port)) |
530 | continue; |
531 | (di + n)->id = dev->id; |
532 | (di + n)->flags = dev->flags; |
533 | (di + n)->state = dev->dlc->state; |
534 | (di + n)->channel = dev->channel; |
535 | bacpy(dst: &(di + n)->src, src: &dev->src); |
536 | bacpy(dst: &(di + n)->dst, src: &dev->dst); |
537 | tty_port_put(port: &dev->port); |
538 | if (++n >= dev_num) |
539 | break; |
540 | } |
541 | |
542 | mutex_unlock(lock: &rfcomm_dev_lock); |
543 | |
544 | dl->dev_num = n; |
545 | size = sizeof(*dl) + n * sizeof(*di); |
546 | |
547 | err = copy_to_user(to: arg, from: dl, n: size); |
548 | kfree(objp: dl); |
549 | |
550 | return err ? -EFAULT : 0; |
551 | } |
552 | |
553 | static int rfcomm_get_dev_info(void __user *arg) |
554 | { |
555 | struct rfcomm_dev *dev; |
556 | struct rfcomm_dev_info di; |
557 | int err = 0; |
558 | |
559 | BT_DBG("" ); |
560 | |
561 | if (copy_from_user(to: &di, from: arg, n: sizeof(di))) |
562 | return -EFAULT; |
563 | |
564 | dev = rfcomm_dev_get(id: di.id); |
565 | if (!dev) |
566 | return -ENODEV; |
567 | |
568 | di.flags = dev->flags; |
569 | di.channel = dev->channel; |
570 | di.state = dev->dlc->state; |
571 | bacpy(dst: &di.src, src: &dev->src); |
572 | bacpy(dst: &di.dst, src: &dev->dst); |
573 | |
574 | if (copy_to_user(to: arg, from: &di, n: sizeof(di))) |
575 | err = -EFAULT; |
576 | |
577 | tty_port_put(port: &dev->port); |
578 | return err; |
579 | } |
580 | |
581 | int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) |
582 | { |
583 | BT_DBG("cmd %d arg %p" , cmd, arg); |
584 | |
585 | switch (cmd) { |
586 | case RFCOMMCREATEDEV: |
587 | return rfcomm_create_dev(sk, arg); |
588 | |
589 | case RFCOMMRELEASEDEV: |
590 | return rfcomm_release_dev(arg); |
591 | |
592 | case RFCOMMGETDEVLIST: |
593 | return rfcomm_get_dev_list(arg); |
594 | |
595 | case RFCOMMGETDEVINFO: |
596 | return rfcomm_get_dev_info(arg); |
597 | } |
598 | |
599 | return -EINVAL; |
600 | } |
601 | |
602 | /* ---- DLC callbacks ---- */ |
603 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) |
604 | { |
605 | struct rfcomm_dev *dev = dlc->owner; |
606 | |
607 | if (!dev) { |
608 | kfree_skb(skb); |
609 | return; |
610 | } |
611 | |
612 | if (!skb_queue_empty(list: &dev->pending)) { |
613 | skb_queue_tail(list: &dev->pending, newsk: skb); |
614 | return; |
615 | } |
616 | |
617 | BT_DBG("dlc %p len %d" , dlc, skb->len); |
618 | |
619 | tty_insert_flip_string(port: &dev->port, chars: skb->data, size: skb->len); |
620 | tty_flip_buffer_push(port: &dev->port); |
621 | |
622 | kfree_skb(skb); |
623 | } |
624 | |
625 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) |
626 | { |
627 | struct rfcomm_dev *dev = dlc->owner; |
628 | if (!dev) |
629 | return; |
630 | |
631 | BT_DBG("dlc %p dev %p err %d" , dlc, dev, err); |
632 | |
633 | dev->err = err; |
634 | if (dlc->state == BT_CONNECTED) { |
635 | rfcomm_reparent_device(dev); |
636 | |
637 | wake_up_interruptible(&dev->port.open_wait); |
638 | } else if (dlc->state == BT_CLOSED) |
639 | tty_port_tty_hangup(port: &dev->port, check_clocal: false); |
640 | } |
641 | |
642 | static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) |
643 | { |
644 | struct rfcomm_dev *dev = dlc->owner; |
645 | if (!dev) |
646 | return; |
647 | |
648 | BT_DBG("dlc %p dev %p v24_sig 0x%02x" , dlc, dev, v24_sig); |
649 | |
650 | if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) |
651 | tty_port_tty_hangup(port: &dev->port, check_clocal: true); |
652 | |
653 | dev->modem_status = |
654 | ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | |
655 | ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | |
656 | ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | |
657 | ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); |
658 | } |
659 | |
660 | /* ---- TTY functions ---- */ |
661 | static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev) |
662 | { |
663 | struct sk_buff *skb; |
664 | int inserted = 0; |
665 | |
666 | BT_DBG("dev %p" , dev); |
667 | |
668 | rfcomm_dlc_lock(dev->dlc); |
669 | |
670 | while ((skb = skb_dequeue(list: &dev->pending))) { |
671 | inserted += tty_insert_flip_string(port: &dev->port, chars: skb->data, |
672 | size: skb->len); |
673 | kfree_skb(skb); |
674 | } |
675 | |
676 | rfcomm_dlc_unlock(dev->dlc); |
677 | |
678 | if (inserted > 0) |
679 | tty_flip_buffer_push(port: &dev->port); |
680 | } |
681 | |
682 | /* do the reverse of install, clearing the tty fields and releasing the |
683 | * reference to tty_port |
684 | */ |
685 | static void rfcomm_tty_cleanup(struct tty_struct *tty) |
686 | { |
687 | struct rfcomm_dev *dev = tty->driver_data; |
688 | |
689 | clear_bit(RFCOMM_TTY_ATTACHED, addr: &dev->flags); |
690 | |
691 | rfcomm_dlc_lock(dev->dlc); |
692 | tty->driver_data = NULL; |
693 | rfcomm_dlc_unlock(dev->dlc); |
694 | |
695 | /* |
696 | * purge the dlc->tx_queue to avoid circular dependencies |
697 | * between dev and dlc |
698 | */ |
699 | skb_queue_purge(list: &dev->dlc->tx_queue); |
700 | |
701 | tty_port_put(port: &dev->port); |
702 | } |
703 | |
704 | /* we acquire the tty_port reference since it's here the tty is first used |
705 | * by setting the termios. We also populate the driver_data field and install |
706 | * the tty port |
707 | */ |
708 | static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) |
709 | { |
710 | struct rfcomm_dev *dev; |
711 | struct rfcomm_dlc *dlc; |
712 | int err; |
713 | |
714 | dev = rfcomm_dev_get(id: tty->index); |
715 | if (!dev) |
716 | return -ENODEV; |
717 | |
718 | dlc = dev->dlc; |
719 | |
720 | /* Attach TTY and open DLC */ |
721 | rfcomm_dlc_lock(dlc); |
722 | tty->driver_data = dev; |
723 | rfcomm_dlc_unlock(dlc); |
724 | set_bit(RFCOMM_TTY_ATTACHED, addr: &dev->flags); |
725 | |
726 | /* install the tty_port */ |
727 | err = tty_port_install(port: &dev->port, driver, tty); |
728 | if (err) { |
729 | rfcomm_tty_cleanup(tty); |
730 | return err; |
731 | } |
732 | |
733 | /* take over the tty_port reference if the port was created with the |
734 | * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port |
735 | * when the last process closes the tty. The behaviour is expected by |
736 | * userspace. |
737 | */ |
738 | if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { |
739 | set_bit(RFCOMM_TTY_OWNED, addr: &dev->status); |
740 | tty_port_put(port: &dev->port); |
741 | } |
742 | |
743 | return 0; |
744 | } |
745 | |
746 | static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) |
747 | { |
748 | struct rfcomm_dev *dev = tty->driver_data; |
749 | int err; |
750 | |
751 | BT_DBG("tty %p id %d" , tty, tty->index); |
752 | |
753 | BT_DBG("dev %p dst %pMR channel %d opened %d" , dev, &dev->dst, |
754 | dev->channel, dev->port.count); |
755 | |
756 | err = tty_port_open(port: &dev->port, tty, filp); |
757 | if (err) |
758 | return err; |
759 | |
760 | /* |
761 | * FIXME: rfcomm should use proper flow control for |
762 | * received data. This hack will be unnecessary and can |
763 | * be removed when that's implemented |
764 | */ |
765 | rfcomm_tty_copy_pending(dev); |
766 | |
767 | rfcomm_dlc_unthrottle(d: dev->dlc); |
768 | |
769 | return 0; |
770 | } |
771 | |
772 | static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) |
773 | { |
774 | struct rfcomm_dev *dev = tty->driver_data; |
775 | |
776 | BT_DBG("tty %p dev %p dlc %p opened %d" , tty, dev, dev->dlc, |
777 | dev->port.count); |
778 | |
779 | tty_port_close(port: &dev->port, tty, filp); |
780 | } |
781 | |
782 | static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf, |
783 | size_t count) |
784 | { |
785 | struct rfcomm_dev *dev = tty->driver_data; |
786 | struct rfcomm_dlc *dlc = dev->dlc; |
787 | struct sk_buff *skb; |
788 | size_t sent = 0, size; |
789 | |
790 | BT_DBG("tty %p count %zu" , tty, count); |
791 | |
792 | while (count) { |
793 | size = min_t(size_t, count, dlc->mtu); |
794 | |
795 | skb = rfcomm_wmalloc(dev, size: size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); |
796 | if (!skb) |
797 | break; |
798 | |
799 | skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); |
800 | |
801 | skb_put_data(skb, data: buf + sent, len: size); |
802 | |
803 | rfcomm_dlc_send_noerror(d: dlc, skb); |
804 | |
805 | sent += size; |
806 | count -= size; |
807 | } |
808 | |
809 | return sent; |
810 | } |
811 | |
812 | static unsigned int rfcomm_tty_write_room(struct tty_struct *tty) |
813 | { |
814 | struct rfcomm_dev *dev = tty->driver_data; |
815 | int room = 0; |
816 | |
817 | if (dev && dev->dlc) |
818 | room = rfcomm_room(dev); |
819 | |
820 | BT_DBG("tty %p room %d" , tty, room); |
821 | |
822 | return room; |
823 | } |
824 | |
825 | static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) |
826 | { |
827 | BT_DBG("tty %p cmd 0x%02x" , tty, cmd); |
828 | |
829 | switch (cmd) { |
830 | case TCGETS: |
831 | BT_DBG("TCGETS is not supported" ); |
832 | return -ENOIOCTLCMD; |
833 | |
834 | case TCSETS: |
835 | BT_DBG("TCSETS is not supported" ); |
836 | return -ENOIOCTLCMD; |
837 | |
838 | case TIOCMIWAIT: |
839 | BT_DBG("TIOCMIWAIT" ); |
840 | break; |
841 | |
842 | case TIOCSERGETLSR: |
843 | BT_ERR("TIOCSERGETLSR is not supported" ); |
844 | return -ENOIOCTLCMD; |
845 | |
846 | case TIOCSERCONFIG: |
847 | BT_ERR("TIOCSERCONFIG is not supported" ); |
848 | return -ENOIOCTLCMD; |
849 | |
850 | default: |
851 | return -ENOIOCTLCMD; /* ioctls which we must ignore */ |
852 | |
853 | } |
854 | |
855 | return -ENOIOCTLCMD; |
856 | } |
857 | |
858 | static void rfcomm_tty_set_termios(struct tty_struct *tty, |
859 | const struct ktermios *old) |
860 | { |
861 | struct ktermios *new = &tty->termios; |
862 | int old_baud_rate = tty_termios_baud_rate(termios: old); |
863 | int new_baud_rate = tty_termios_baud_rate(termios: new); |
864 | |
865 | u8 baud, data_bits, stop_bits, parity, x_on, x_off; |
866 | u16 changes = 0; |
867 | |
868 | struct rfcomm_dev *dev = tty->driver_data; |
869 | |
870 | BT_DBG("tty %p termios %p" , tty, old); |
871 | |
872 | if (!dev || !dev->dlc || !dev->dlc->session) |
873 | return; |
874 | |
875 | /* Handle turning off CRTSCTS */ |
876 | if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) |
877 | BT_DBG("Turning off CRTSCTS unsupported" ); |
878 | |
879 | /* Parity on/off and when on, odd/even */ |
880 | if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) || |
881 | ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) { |
882 | changes |= RFCOMM_RPN_PM_PARITY; |
883 | BT_DBG("Parity change detected." ); |
884 | } |
885 | |
886 | /* Mark and space parity are not supported! */ |
887 | if (new->c_cflag & PARENB) { |
888 | if (new->c_cflag & PARODD) { |
889 | BT_DBG("Parity is ODD" ); |
890 | parity = RFCOMM_RPN_PARITY_ODD; |
891 | } else { |
892 | BT_DBG("Parity is EVEN" ); |
893 | parity = RFCOMM_RPN_PARITY_EVEN; |
894 | } |
895 | } else { |
896 | BT_DBG("Parity is OFF" ); |
897 | parity = RFCOMM_RPN_PARITY_NONE; |
898 | } |
899 | |
900 | /* Setting the x_on / x_off characters */ |
901 | if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) { |
902 | BT_DBG("XOFF custom" ); |
903 | x_on = new->c_cc[VSTOP]; |
904 | changes |= RFCOMM_RPN_PM_XON; |
905 | } else { |
906 | BT_DBG("XOFF default" ); |
907 | x_on = RFCOMM_RPN_XON_CHAR; |
908 | } |
909 | |
910 | if (old->c_cc[VSTART] != new->c_cc[VSTART]) { |
911 | BT_DBG("XON custom" ); |
912 | x_off = new->c_cc[VSTART]; |
913 | changes |= RFCOMM_RPN_PM_XOFF; |
914 | } else { |
915 | BT_DBG("XON default" ); |
916 | x_off = RFCOMM_RPN_XOFF_CHAR; |
917 | } |
918 | |
919 | /* Handle setting of stop bits */ |
920 | if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB)) |
921 | changes |= RFCOMM_RPN_PM_STOP; |
922 | |
923 | /* POSIX does not support 1.5 stop bits and RFCOMM does not |
924 | * support 2 stop bits. So a request for 2 stop bits gets |
925 | * translated to 1.5 stop bits */ |
926 | if (new->c_cflag & CSTOPB) |
927 | stop_bits = RFCOMM_RPN_STOP_15; |
928 | else |
929 | stop_bits = RFCOMM_RPN_STOP_1; |
930 | |
931 | /* Handle number of data bits [5-8] */ |
932 | if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) |
933 | changes |= RFCOMM_RPN_PM_DATA; |
934 | |
935 | switch (new->c_cflag & CSIZE) { |
936 | case CS5: |
937 | data_bits = RFCOMM_RPN_DATA_5; |
938 | break; |
939 | case CS6: |
940 | data_bits = RFCOMM_RPN_DATA_6; |
941 | break; |
942 | case CS7: |
943 | data_bits = RFCOMM_RPN_DATA_7; |
944 | break; |
945 | case CS8: |
946 | data_bits = RFCOMM_RPN_DATA_8; |
947 | break; |
948 | default: |
949 | data_bits = RFCOMM_RPN_DATA_8; |
950 | break; |
951 | } |
952 | |
953 | /* Handle baudrate settings */ |
954 | if (old_baud_rate != new_baud_rate) |
955 | changes |= RFCOMM_RPN_PM_BITRATE; |
956 | |
957 | switch (new_baud_rate) { |
958 | case 2400: |
959 | baud = RFCOMM_RPN_BR_2400; |
960 | break; |
961 | case 4800: |
962 | baud = RFCOMM_RPN_BR_4800; |
963 | break; |
964 | case 7200: |
965 | baud = RFCOMM_RPN_BR_7200; |
966 | break; |
967 | case 9600: |
968 | baud = RFCOMM_RPN_BR_9600; |
969 | break; |
970 | case 19200: |
971 | baud = RFCOMM_RPN_BR_19200; |
972 | break; |
973 | case 38400: |
974 | baud = RFCOMM_RPN_BR_38400; |
975 | break; |
976 | case 57600: |
977 | baud = RFCOMM_RPN_BR_57600; |
978 | break; |
979 | case 115200: |
980 | baud = RFCOMM_RPN_BR_115200; |
981 | break; |
982 | case 230400: |
983 | baud = RFCOMM_RPN_BR_230400; |
984 | break; |
985 | default: |
986 | /* 9600 is standard accordinag to the RFCOMM specification */ |
987 | baud = RFCOMM_RPN_BR_9600; |
988 | break; |
989 | |
990 | } |
991 | |
992 | if (changes) |
993 | rfcomm_send_rpn(s: dev->dlc->session, cr: 1, dlci: dev->dlc->dlci, bit_rate: baud, |
994 | data_bits, stop_bits, parity, |
995 | RFCOMM_RPN_FLOW_NONE, xon_char: x_on, xoff_char: x_off, param_mask: changes); |
996 | } |
997 | |
998 | static void rfcomm_tty_throttle(struct tty_struct *tty) |
999 | { |
1000 | struct rfcomm_dev *dev = tty->driver_data; |
1001 | |
1002 | BT_DBG("tty %p dev %p" , tty, dev); |
1003 | |
1004 | rfcomm_dlc_throttle(d: dev->dlc); |
1005 | } |
1006 | |
1007 | static void rfcomm_tty_unthrottle(struct tty_struct *tty) |
1008 | { |
1009 | struct rfcomm_dev *dev = tty->driver_data; |
1010 | |
1011 | BT_DBG("tty %p dev %p" , tty, dev); |
1012 | |
1013 | rfcomm_dlc_unthrottle(d: dev->dlc); |
1014 | } |
1015 | |
1016 | static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) |
1017 | { |
1018 | struct rfcomm_dev *dev = tty->driver_data; |
1019 | |
1020 | BT_DBG("tty %p dev %p" , tty, dev); |
1021 | |
1022 | if (!dev || !dev->dlc) |
1023 | return 0; |
1024 | |
1025 | if (!skb_queue_empty(list: &dev->dlc->tx_queue)) |
1026 | return dev->dlc->mtu; |
1027 | |
1028 | return 0; |
1029 | } |
1030 | |
1031 | static void rfcomm_tty_flush_buffer(struct tty_struct *tty) |
1032 | { |
1033 | struct rfcomm_dev *dev = tty->driver_data; |
1034 | |
1035 | BT_DBG("tty %p dev %p" , tty, dev); |
1036 | |
1037 | if (!dev || !dev->dlc) |
1038 | return; |
1039 | |
1040 | skb_queue_purge(list: &dev->dlc->tx_queue); |
1041 | tty_wakeup(tty); |
1042 | } |
1043 | |
1044 | static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) |
1045 | { |
1046 | BT_DBG("tty %p ch %c" , tty, ch); |
1047 | } |
1048 | |
1049 | static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) |
1050 | { |
1051 | BT_DBG("tty %p timeout %d" , tty, timeout); |
1052 | } |
1053 | |
1054 | static void rfcomm_tty_hangup(struct tty_struct *tty) |
1055 | { |
1056 | struct rfcomm_dev *dev = tty->driver_data; |
1057 | |
1058 | BT_DBG("tty %p dev %p" , tty, dev); |
1059 | |
1060 | tty_port_hangup(port: &dev->port); |
1061 | } |
1062 | |
1063 | static int rfcomm_tty_tiocmget(struct tty_struct *tty) |
1064 | { |
1065 | struct rfcomm_dev *dev = tty->driver_data; |
1066 | |
1067 | BT_DBG("tty %p dev %p" , tty, dev); |
1068 | |
1069 | return dev->modem_status; |
1070 | } |
1071 | |
1072 | static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) |
1073 | { |
1074 | struct rfcomm_dev *dev = tty->driver_data; |
1075 | struct rfcomm_dlc *dlc = dev->dlc; |
1076 | u8 v24_sig; |
1077 | |
1078 | BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x" , tty, dev, set, clear); |
1079 | |
1080 | rfcomm_dlc_get_modem_status(d: dlc, v24_sig: &v24_sig); |
1081 | |
1082 | if (set & TIOCM_DSR || set & TIOCM_DTR) |
1083 | v24_sig |= RFCOMM_V24_RTC; |
1084 | if (set & TIOCM_RTS || set & TIOCM_CTS) |
1085 | v24_sig |= RFCOMM_V24_RTR; |
1086 | if (set & TIOCM_RI) |
1087 | v24_sig |= RFCOMM_V24_IC; |
1088 | if (set & TIOCM_CD) |
1089 | v24_sig |= RFCOMM_V24_DV; |
1090 | |
1091 | if (clear & TIOCM_DSR || clear & TIOCM_DTR) |
1092 | v24_sig &= ~RFCOMM_V24_RTC; |
1093 | if (clear & TIOCM_RTS || clear & TIOCM_CTS) |
1094 | v24_sig &= ~RFCOMM_V24_RTR; |
1095 | if (clear & TIOCM_RI) |
1096 | v24_sig &= ~RFCOMM_V24_IC; |
1097 | if (clear & TIOCM_CD) |
1098 | v24_sig &= ~RFCOMM_V24_DV; |
1099 | |
1100 | rfcomm_dlc_set_modem_status(d: dlc, v24_sig); |
1101 | |
1102 | return 0; |
1103 | } |
1104 | |
1105 | /* ---- TTY structure ---- */ |
1106 | |
1107 | static const struct tty_operations rfcomm_ops = { |
1108 | .open = rfcomm_tty_open, |
1109 | .close = rfcomm_tty_close, |
1110 | .write = rfcomm_tty_write, |
1111 | .write_room = rfcomm_tty_write_room, |
1112 | .chars_in_buffer = rfcomm_tty_chars_in_buffer, |
1113 | .flush_buffer = rfcomm_tty_flush_buffer, |
1114 | .ioctl = rfcomm_tty_ioctl, |
1115 | .throttle = rfcomm_tty_throttle, |
1116 | .unthrottle = rfcomm_tty_unthrottle, |
1117 | .set_termios = rfcomm_tty_set_termios, |
1118 | .send_xchar = rfcomm_tty_send_xchar, |
1119 | .hangup = rfcomm_tty_hangup, |
1120 | .wait_until_sent = rfcomm_tty_wait_until_sent, |
1121 | .tiocmget = rfcomm_tty_tiocmget, |
1122 | .tiocmset = rfcomm_tty_tiocmset, |
1123 | .install = rfcomm_tty_install, |
1124 | .cleanup = rfcomm_tty_cleanup, |
1125 | }; |
1126 | |
1127 | int __init rfcomm_init_ttys(void) |
1128 | { |
1129 | int error; |
1130 | |
1131 | rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS, |
1132 | TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV); |
1133 | if (IS_ERR(ptr: rfcomm_tty_driver)) |
1134 | return PTR_ERR(ptr: rfcomm_tty_driver); |
1135 | |
1136 | rfcomm_tty_driver->driver_name = "rfcomm" ; |
1137 | rfcomm_tty_driver->name = "rfcomm" ; |
1138 | rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR; |
1139 | rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR; |
1140 | rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; |
1141 | rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; |
1142 | rfcomm_tty_driver->init_termios = tty_std_termios; |
1143 | rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; |
1144 | rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; |
1145 | tty_set_operations(driver: rfcomm_tty_driver, op: &rfcomm_ops); |
1146 | |
1147 | error = tty_register_driver(driver: rfcomm_tty_driver); |
1148 | if (error) { |
1149 | BT_ERR("Can't register RFCOMM TTY driver" ); |
1150 | tty_driver_kref_put(driver: rfcomm_tty_driver); |
1151 | return error; |
1152 | } |
1153 | |
1154 | BT_INFO("RFCOMM TTY layer initialized" ); |
1155 | |
1156 | return 0; |
1157 | } |
1158 | |
1159 | void rfcomm_cleanup_ttys(void) |
1160 | { |
1161 | tty_unregister_driver(driver: rfcomm_tty_driver); |
1162 | tty_driver_kref_put(driver: rfcomm_tty_driver); |
1163 | } |
1164 | |