1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
24/*
25 * RFCOMM TTY.
26 */
27
28#include <linux/module.h>
29
30#include <linux/tty.h>
31#include <linux/tty_driver.h>
32#include <linux/tty_flip.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36#include <net/bluetooth/rfcomm.h>
37
38#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
39#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
40#define RFCOMM_TTY_MINOR 0
41
42static DEFINE_MUTEX(rfcomm_ioctl_mutex);
43static struct tty_driver *rfcomm_tty_driver;
44
45struct rfcomm_dev {
46 struct tty_port port;
47 struct list_head list;
48
49 char name[12];
50 int id;
51 unsigned long flags;
52 int err;
53
54 unsigned long status; /* don't export to userspace */
55
56 bdaddr_t src;
57 bdaddr_t dst;
58 u8 channel;
59
60 uint modem_status;
61
62 struct rfcomm_dlc *dlc;
63
64 struct device *tty_dev;
65
66 atomic_t wmem_alloc;
67
68 struct sk_buff_head pending;
69};
70
71static LIST_HEAD(rfcomm_dev_list);
72static DEFINE_MUTEX(rfcomm_dev_lock);
73
74static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
75static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
76static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
77
78/* ---- Device functions ---- */
79
80static void rfcomm_dev_destruct(struct tty_port *port)
81{
82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
83 struct rfcomm_dlc *dlc = dev->dlc;
84
85 BT_DBG("dev %p dlc %p", dev, dlc);
86
87 rfcomm_dlc_lock(dlc);
88 /* Detach DLC if it's owned by this dev */
89 if (dlc->owner == dev)
90 dlc->owner = NULL;
91 rfcomm_dlc_unlock(dlc);
92
93 rfcomm_dlc_put(d: dlc);
94
95 if (dev->tty_dev)
96 tty_unregister_device(driver: rfcomm_tty_driver, index: dev->id);
97
98 mutex_lock(&rfcomm_dev_lock);
99 list_del(entry: &dev->list);
100 mutex_unlock(lock: &rfcomm_dev_lock);
101
102 kfree(objp: dev);
103
104 /* It's safe to call module_put() here because socket still
105 holds reference to this module. */
106 module_put(THIS_MODULE);
107}
108
109/* device-specific initialization: open the dlc */
110static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
111{
112 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
113 int err;
114
115 err = rfcomm_dlc_open(d: dev->dlc, src: &dev->src, dst: &dev->dst, channel: dev->channel);
116 if (err)
117 set_bit(TTY_IO_ERROR, addr: &tty->flags);
118 return err;
119}
120
121/* we block the open until the dlc->state becomes BT_CONNECTED */
122static bool rfcomm_dev_carrier_raised(struct tty_port *port)
123{
124 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
125
126 return (dev->dlc->state == BT_CONNECTED);
127}
128
129/* device-specific cleanup: close the dlc */
130static void rfcomm_dev_shutdown(struct tty_port *port)
131{
132 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
133
134 if (dev->tty_dev->parent)
135 device_move(dev: dev->tty_dev, NULL, dpm_order: DPM_ORDER_DEV_LAST);
136
137 /* close the dlc */
138 rfcomm_dlc_close(d: dev->dlc, reason: 0);
139}
140
141static const struct tty_port_operations rfcomm_port_ops = {
142 .destruct = rfcomm_dev_destruct,
143 .activate = rfcomm_dev_activate,
144 .shutdown = rfcomm_dev_shutdown,
145 .carrier_raised = rfcomm_dev_carrier_raised,
146};
147
148static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
149{
150 struct rfcomm_dev *dev;
151
152 list_for_each_entry(dev, &rfcomm_dev_list, list)
153 if (dev->id == id)
154 return dev;
155
156 return NULL;
157}
158
159static struct rfcomm_dev *rfcomm_dev_get(int id)
160{
161 struct rfcomm_dev *dev;
162
163 mutex_lock(&rfcomm_dev_lock);
164
165 dev = __rfcomm_dev_lookup(id);
166
167 if (dev && !tty_port_get(port: &dev->port))
168 dev = NULL;
169
170 mutex_unlock(lock: &rfcomm_dev_lock);
171
172 return dev;
173}
174
175static void rfcomm_reparent_device(struct rfcomm_dev *dev)
176{
177 struct hci_dev *hdev;
178 struct hci_conn *conn;
179
180 hdev = hci_get_route(dst: &dev->dst, src: &dev->src, BDADDR_BREDR);
181 if (!hdev)
182 return;
183
184 /* The lookup results are unsafe to access without the
185 * hci device lock (FIXME: why is this not documented?)
186 */
187 hci_dev_lock(hdev);
188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, ba: &dev->dst);
189
190 /* Just because the acl link is in the hash table is no
191 * guarantee the sysfs device has been added ...
192 */
193 if (conn && device_is_registered(dev: &conn->dev))
194 device_move(dev: dev->tty_dev, new_parent: &conn->dev, dpm_order: DPM_ORDER_DEV_AFTER_PARENT);
195
196 hci_dev_unlock(hdev);
197 hci_dev_put(d: hdev);
198}
199
200static ssize_t address_show(struct device *tty_dev,
201 struct device_attribute *attr, char *buf)
202{
203 struct rfcomm_dev *dev = dev_get_drvdata(dev: tty_dev);
204 return sprintf(buf, fmt: "%pMR\n", &dev->dst);
205}
206
207static ssize_t channel_show(struct device *tty_dev,
208 struct device_attribute *attr, char *buf)
209{
210 struct rfcomm_dev *dev = dev_get_drvdata(dev: tty_dev);
211 return sprintf(buf, fmt: "%d\n", dev->channel);
212}
213
214static DEVICE_ATTR_RO(address);
215static DEVICE_ATTR_RO(channel);
216
217static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
218 struct rfcomm_dlc *dlc)
219{
220 struct rfcomm_dev *dev, *entry;
221 struct list_head *head = &rfcomm_dev_list;
222 int err = 0;
223
224 dev = kzalloc(size: sizeof(struct rfcomm_dev), GFP_KERNEL);
225 if (!dev)
226 return ERR_PTR(error: -ENOMEM);
227
228 mutex_lock(&rfcomm_dev_lock);
229
230 if (req->dev_id < 0) {
231 dev->id = 0;
232
233 list_for_each_entry(entry, &rfcomm_dev_list, list) {
234 if (entry->id != dev->id)
235 break;
236
237 dev->id++;
238 head = &entry->list;
239 }
240 } else {
241 dev->id = req->dev_id;
242
243 list_for_each_entry(entry, &rfcomm_dev_list, list) {
244 if (entry->id == dev->id) {
245 err = -EADDRINUSE;
246 goto out;
247 }
248
249 if (entry->id > dev->id - 1)
250 break;
251
252 head = &entry->list;
253 }
254 }
255
256 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
257 err = -ENFILE;
258 goto out;
259 }
260
261 sprintf(buf: dev->name, fmt: "rfcomm%d", dev->id);
262
263 list_add(new: &dev->list, head);
264
265 bacpy(dst: &dev->src, src: &req->src);
266 bacpy(dst: &dev->dst, src: &req->dst);
267 dev->channel = req->channel;
268
269 dev->flags = req->flags &
270 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
271
272 tty_port_init(port: &dev->port);
273 dev->port.ops = &rfcomm_port_ops;
274
275 skb_queue_head_init(list: &dev->pending);
276
277 rfcomm_dlc_lock(dlc);
278
279 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
280 struct sock *sk = dlc->owner;
281 struct sk_buff *skb;
282
283 BUG_ON(!sk);
284
285 rfcomm_dlc_throttle(d: dlc);
286
287 while ((skb = skb_dequeue(list: &sk->sk_receive_queue))) {
288 skb_orphan(skb);
289 skb_queue_tail(list: &dev->pending, newsk: skb);
290 atomic_sub(i: skb->len, v: &sk->sk_rmem_alloc);
291 }
292 }
293
294 dlc->data_ready = rfcomm_dev_data_ready;
295 dlc->state_change = rfcomm_dev_state_change;
296 dlc->modem_status = rfcomm_dev_modem_status;
297
298 dlc->owner = dev;
299 dev->dlc = dlc;
300
301 rfcomm_dev_modem_status(dlc, v24_sig: dlc->remote_v24_sig);
302
303 rfcomm_dlc_unlock(dlc);
304
305 /* It's safe to call __module_get() here because socket already
306 holds reference to this module. */
307 __module_get(THIS_MODULE);
308
309 mutex_unlock(lock: &rfcomm_dev_lock);
310 return dev;
311
312out:
313 mutex_unlock(lock: &rfcomm_dev_lock);
314 kfree(objp: dev);
315 return ERR_PTR(error: err);
316}
317
318static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
319{
320 struct rfcomm_dev *dev;
321 struct device *tty;
322
323 BT_DBG("id %d channel %d", req->dev_id, req->channel);
324
325 dev = __rfcomm_dev_add(req, dlc);
326 if (IS_ERR(ptr: dev)) {
327 rfcomm_dlc_put(d: dlc);
328 return PTR_ERR(ptr: dev);
329 }
330
331 tty = tty_port_register_device(port: &dev->port, driver: rfcomm_tty_driver,
332 index: dev->id, NULL);
333 if (IS_ERR(ptr: tty)) {
334 tty_port_put(port: &dev->port);
335 return PTR_ERR(ptr: tty);
336 }
337
338 dev->tty_dev = tty;
339 rfcomm_reparent_device(dev);
340 dev_set_drvdata(dev: dev->tty_dev, data: dev);
341
342 if (device_create_file(device: dev->tty_dev, entry: &dev_attr_address) < 0)
343 BT_ERR("Failed to create address attribute");
344
345 if (device_create_file(device: dev->tty_dev, entry: &dev_attr_channel) < 0)
346 BT_ERR("Failed to create channel attribute");
347
348 return dev->id;
349}
350
351/* ---- Send buffer ---- */
352static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
353{
354 struct rfcomm_dlc *dlc = dev->dlc;
355
356 /* Limit the outstanding number of packets not yet sent to 40 */
357 int pending = 40 - atomic_read(v: &dev->wmem_alloc);
358
359 return max(0, pending) * dlc->mtu;
360}
361
362static void rfcomm_wfree(struct sk_buff *skb)
363{
364 struct rfcomm_dev *dev = (void *) skb->sk;
365 atomic_dec(v: &dev->wmem_alloc);
366 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
367 tty_port_tty_wakeup(port: &dev->port);
368 tty_port_put(port: &dev->port);
369}
370
371static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
372{
373 tty_port_get(port: &dev->port);
374 atomic_inc(v: &dev->wmem_alloc);
375 skb->sk = (void *) dev;
376 skb->destructor = rfcomm_wfree;
377}
378
379static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
380{
381 struct sk_buff *skb = alloc_skb(size, priority);
382 if (skb)
383 rfcomm_set_owner_w(skb, dev);
384 return skb;
385}
386
387/* ---- Device IOCTLs ---- */
388
389#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
390
391static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
392{
393 struct rfcomm_dev_req req;
394 struct rfcomm_dlc *dlc;
395 int id;
396
397 if (copy_from_user(to: &req, from: arg, n: sizeof(req)))
398 return -EFAULT;
399
400 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
401
402 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
403 return -EPERM;
404
405 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
406 /* Socket must be connected */
407 if (sk->sk_state != BT_CONNECTED)
408 return -EBADFD;
409
410 dlc = rfcomm_pi(sk)->dlc;
411 rfcomm_dlc_hold(d: dlc);
412 } else {
413 /* Validate the channel is unused */
414 dlc = rfcomm_dlc_exists(src: &req.src, dst: &req.dst, channel: req.channel);
415 if (IS_ERR(ptr: dlc))
416 return PTR_ERR(ptr: dlc);
417 if (dlc)
418 return -EBUSY;
419 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
420 if (!dlc)
421 return -ENOMEM;
422 }
423
424 id = rfcomm_dev_add(req: &req, dlc);
425 if (id < 0)
426 return id;
427
428 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
429 /* DLC is now used by device.
430 * Socket must be disconnected */
431 sk->sk_state = BT_CLOSED;
432 }
433
434 return id;
435}
436
437static int __rfcomm_release_dev(void __user *arg)
438{
439 struct rfcomm_dev_req req;
440 struct rfcomm_dev *dev;
441 struct tty_struct *tty;
442
443 if (copy_from_user(to: &req, from: arg, n: sizeof(req)))
444 return -EFAULT;
445
446 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
447
448 dev = rfcomm_dev_get(id: req.dev_id);
449 if (!dev)
450 return -ENODEV;
451
452 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
453 tty_port_put(port: &dev->port);
454 return -EPERM;
455 }
456
457 /* only release once */
458 if (test_and_set_bit(RFCOMM_DEV_RELEASED, addr: &dev->status)) {
459 tty_port_put(port: &dev->port);
460 return -EALREADY;
461 }
462
463 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
464 rfcomm_dlc_close(d: dev->dlc, reason: 0);
465
466 /* Shut down TTY synchronously before freeing rfcomm_dev */
467 tty = tty_port_tty_get(port: &dev->port);
468 if (tty) {
469 tty_vhangup(tty);
470 tty_kref_put(tty);
471 }
472
473 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
474 tty_port_put(port: &dev->port);
475
476 tty_port_put(port: &dev->port);
477 return 0;
478}
479
480static int rfcomm_create_dev(struct sock *sk, void __user *arg)
481{
482 int ret;
483
484 mutex_lock(&rfcomm_ioctl_mutex);
485 ret = __rfcomm_create_dev(sk, arg);
486 mutex_unlock(lock: &rfcomm_ioctl_mutex);
487
488 return ret;
489}
490
491static int rfcomm_release_dev(void __user *arg)
492{
493 int ret;
494
495 mutex_lock(&rfcomm_ioctl_mutex);
496 ret = __rfcomm_release_dev(arg);
497 mutex_unlock(lock: &rfcomm_ioctl_mutex);
498
499 return ret;
500}
501
502static int rfcomm_get_dev_list(void __user *arg)
503{
504 struct rfcomm_dev *dev;
505 struct rfcomm_dev_list_req *dl;
506 struct rfcomm_dev_info *di;
507 int n = 0, size, err;
508 u16 dev_num;
509
510 BT_DBG("");
511
512 if (get_user(dev_num, (u16 __user *) arg))
513 return -EFAULT;
514
515 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
516 return -EINVAL;
517
518 size = sizeof(*dl) + dev_num * sizeof(*di);
519
520 dl = kzalloc(size, GFP_KERNEL);
521 if (!dl)
522 return -ENOMEM;
523
524 di = dl->dev_info;
525
526 mutex_lock(&rfcomm_dev_lock);
527
528 list_for_each_entry(dev, &rfcomm_dev_list, list) {
529 if (!tty_port_get(port: &dev->port))
530 continue;
531 (di + n)->id = dev->id;
532 (di + n)->flags = dev->flags;
533 (di + n)->state = dev->dlc->state;
534 (di + n)->channel = dev->channel;
535 bacpy(dst: &(di + n)->src, src: &dev->src);
536 bacpy(dst: &(di + n)->dst, src: &dev->dst);
537 tty_port_put(port: &dev->port);
538 if (++n >= dev_num)
539 break;
540 }
541
542 mutex_unlock(lock: &rfcomm_dev_lock);
543
544 dl->dev_num = n;
545 size = sizeof(*dl) + n * sizeof(*di);
546
547 err = copy_to_user(to: arg, from: dl, n: size);
548 kfree(objp: dl);
549
550 return err ? -EFAULT : 0;
551}
552
553static int rfcomm_get_dev_info(void __user *arg)
554{
555 struct rfcomm_dev *dev;
556 struct rfcomm_dev_info di;
557 int err = 0;
558
559 BT_DBG("");
560
561 if (copy_from_user(to: &di, from: arg, n: sizeof(di)))
562 return -EFAULT;
563
564 dev = rfcomm_dev_get(id: di.id);
565 if (!dev)
566 return -ENODEV;
567
568 di.flags = dev->flags;
569 di.channel = dev->channel;
570 di.state = dev->dlc->state;
571 bacpy(dst: &di.src, src: &dev->src);
572 bacpy(dst: &di.dst, src: &dev->dst);
573
574 if (copy_to_user(to: arg, from: &di, n: sizeof(di)))
575 err = -EFAULT;
576
577 tty_port_put(port: &dev->port);
578 return err;
579}
580
581int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
582{
583 BT_DBG("cmd %d arg %p", cmd, arg);
584
585 switch (cmd) {
586 case RFCOMMCREATEDEV:
587 return rfcomm_create_dev(sk, arg);
588
589 case RFCOMMRELEASEDEV:
590 return rfcomm_release_dev(arg);
591
592 case RFCOMMGETDEVLIST:
593 return rfcomm_get_dev_list(arg);
594
595 case RFCOMMGETDEVINFO:
596 return rfcomm_get_dev_info(arg);
597 }
598
599 return -EINVAL;
600}
601
602/* ---- DLC callbacks ---- */
603static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
604{
605 struct rfcomm_dev *dev = dlc->owner;
606
607 if (!dev) {
608 kfree_skb(skb);
609 return;
610 }
611
612 if (!skb_queue_empty(list: &dev->pending)) {
613 skb_queue_tail(list: &dev->pending, newsk: skb);
614 return;
615 }
616
617 BT_DBG("dlc %p len %d", dlc, skb->len);
618
619 tty_insert_flip_string(port: &dev->port, chars: skb->data, size: skb->len);
620 tty_flip_buffer_push(port: &dev->port);
621
622 kfree_skb(skb);
623}
624
625static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
626{
627 struct rfcomm_dev *dev = dlc->owner;
628 if (!dev)
629 return;
630
631 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
632
633 dev->err = err;
634 if (dlc->state == BT_CONNECTED) {
635 rfcomm_reparent_device(dev);
636
637 wake_up_interruptible(&dev->port.open_wait);
638 } else if (dlc->state == BT_CLOSED)
639 tty_port_tty_hangup(port: &dev->port, check_clocal: false);
640}
641
642static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
643{
644 struct rfcomm_dev *dev = dlc->owner;
645 if (!dev)
646 return;
647
648 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
649
650 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
651 tty_port_tty_hangup(port: &dev->port, check_clocal: true);
652
653 dev->modem_status =
654 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
655 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
656 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
657 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
658}
659
660/* ---- TTY functions ---- */
661static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
662{
663 struct sk_buff *skb;
664 int inserted = 0;
665
666 BT_DBG("dev %p", dev);
667
668 rfcomm_dlc_lock(dev->dlc);
669
670 while ((skb = skb_dequeue(list: &dev->pending))) {
671 inserted += tty_insert_flip_string(port: &dev->port, chars: skb->data,
672 size: skb->len);
673 kfree_skb(skb);
674 }
675
676 rfcomm_dlc_unlock(dev->dlc);
677
678 if (inserted > 0)
679 tty_flip_buffer_push(port: &dev->port);
680}
681
682/* do the reverse of install, clearing the tty fields and releasing the
683 * reference to tty_port
684 */
685static void rfcomm_tty_cleanup(struct tty_struct *tty)
686{
687 struct rfcomm_dev *dev = tty->driver_data;
688
689 clear_bit(RFCOMM_TTY_ATTACHED, addr: &dev->flags);
690
691 rfcomm_dlc_lock(dev->dlc);
692 tty->driver_data = NULL;
693 rfcomm_dlc_unlock(dev->dlc);
694
695 /*
696 * purge the dlc->tx_queue to avoid circular dependencies
697 * between dev and dlc
698 */
699 skb_queue_purge(list: &dev->dlc->tx_queue);
700
701 tty_port_put(port: &dev->port);
702}
703
704/* we acquire the tty_port reference since it's here the tty is first used
705 * by setting the termios. We also populate the driver_data field and install
706 * the tty port
707 */
708static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
709{
710 struct rfcomm_dev *dev;
711 struct rfcomm_dlc *dlc;
712 int err;
713
714 dev = rfcomm_dev_get(id: tty->index);
715 if (!dev)
716 return -ENODEV;
717
718 dlc = dev->dlc;
719
720 /* Attach TTY and open DLC */
721 rfcomm_dlc_lock(dlc);
722 tty->driver_data = dev;
723 rfcomm_dlc_unlock(dlc);
724 set_bit(RFCOMM_TTY_ATTACHED, addr: &dev->flags);
725
726 /* install the tty_port */
727 err = tty_port_install(port: &dev->port, driver, tty);
728 if (err) {
729 rfcomm_tty_cleanup(tty);
730 return err;
731 }
732
733 /* take over the tty_port reference if the port was created with the
734 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
735 * when the last process closes the tty. The behaviour is expected by
736 * userspace.
737 */
738 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
739 set_bit(RFCOMM_TTY_OWNED, addr: &dev->status);
740 tty_port_put(port: &dev->port);
741 }
742
743 return 0;
744}
745
746static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
747{
748 struct rfcomm_dev *dev = tty->driver_data;
749 int err;
750
751 BT_DBG("tty %p id %d", tty, tty->index);
752
753 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
754 dev->channel, dev->port.count);
755
756 err = tty_port_open(port: &dev->port, tty, filp);
757 if (err)
758 return err;
759
760 /*
761 * FIXME: rfcomm should use proper flow control for
762 * received data. This hack will be unnecessary and can
763 * be removed when that's implemented
764 */
765 rfcomm_tty_copy_pending(dev);
766
767 rfcomm_dlc_unthrottle(d: dev->dlc);
768
769 return 0;
770}
771
772static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
773{
774 struct rfcomm_dev *dev = tty->driver_data;
775
776 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
777 dev->port.count);
778
779 tty_port_close(port: &dev->port, tty, filp);
780}
781
782static ssize_t rfcomm_tty_write(struct tty_struct *tty, const u8 *buf,
783 size_t count)
784{
785 struct rfcomm_dev *dev = tty->driver_data;
786 struct rfcomm_dlc *dlc = dev->dlc;
787 struct sk_buff *skb;
788 size_t sent = 0, size;
789
790 BT_DBG("tty %p count %zu", tty, count);
791
792 while (count) {
793 size = min_t(size_t, count, dlc->mtu);
794
795 skb = rfcomm_wmalloc(dev, size: size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
796 if (!skb)
797 break;
798
799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
800
801 skb_put_data(skb, data: buf + sent, len: size);
802
803 rfcomm_dlc_send_noerror(d: dlc, skb);
804
805 sent += size;
806 count -= size;
807 }
808
809 return sent;
810}
811
812static unsigned int rfcomm_tty_write_room(struct tty_struct *tty)
813{
814 struct rfcomm_dev *dev = tty->driver_data;
815 int room = 0;
816
817 if (dev && dev->dlc)
818 room = rfcomm_room(dev);
819
820 BT_DBG("tty %p room %d", tty, room);
821
822 return room;
823}
824
825static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
826{
827 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
828
829 switch (cmd) {
830 case TCGETS:
831 BT_DBG("TCGETS is not supported");
832 return -ENOIOCTLCMD;
833
834 case TCSETS:
835 BT_DBG("TCSETS is not supported");
836 return -ENOIOCTLCMD;
837
838 case TIOCMIWAIT:
839 BT_DBG("TIOCMIWAIT");
840 break;
841
842 case TIOCSERGETLSR:
843 BT_ERR("TIOCSERGETLSR is not supported");
844 return -ENOIOCTLCMD;
845
846 case TIOCSERCONFIG:
847 BT_ERR("TIOCSERCONFIG is not supported");
848 return -ENOIOCTLCMD;
849
850 default:
851 return -ENOIOCTLCMD; /* ioctls which we must ignore */
852
853 }
854
855 return -ENOIOCTLCMD;
856}
857
858static void rfcomm_tty_set_termios(struct tty_struct *tty,
859 const struct ktermios *old)
860{
861 struct ktermios *new = &tty->termios;
862 int old_baud_rate = tty_termios_baud_rate(termios: old);
863 int new_baud_rate = tty_termios_baud_rate(termios: new);
864
865 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
866 u16 changes = 0;
867
868 struct rfcomm_dev *dev = tty->driver_data;
869
870 BT_DBG("tty %p termios %p", tty, old);
871
872 if (!dev || !dev->dlc || !dev->dlc->session)
873 return;
874
875 /* Handle turning off CRTSCTS */
876 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
877 BT_DBG("Turning off CRTSCTS unsupported");
878
879 /* Parity on/off and when on, odd/even */
880 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
881 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
882 changes |= RFCOMM_RPN_PM_PARITY;
883 BT_DBG("Parity change detected.");
884 }
885
886 /* Mark and space parity are not supported! */
887 if (new->c_cflag & PARENB) {
888 if (new->c_cflag & PARODD) {
889 BT_DBG("Parity is ODD");
890 parity = RFCOMM_RPN_PARITY_ODD;
891 } else {
892 BT_DBG("Parity is EVEN");
893 parity = RFCOMM_RPN_PARITY_EVEN;
894 }
895 } else {
896 BT_DBG("Parity is OFF");
897 parity = RFCOMM_RPN_PARITY_NONE;
898 }
899
900 /* Setting the x_on / x_off characters */
901 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
902 BT_DBG("XOFF custom");
903 x_on = new->c_cc[VSTOP];
904 changes |= RFCOMM_RPN_PM_XON;
905 } else {
906 BT_DBG("XOFF default");
907 x_on = RFCOMM_RPN_XON_CHAR;
908 }
909
910 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
911 BT_DBG("XON custom");
912 x_off = new->c_cc[VSTART];
913 changes |= RFCOMM_RPN_PM_XOFF;
914 } else {
915 BT_DBG("XON default");
916 x_off = RFCOMM_RPN_XOFF_CHAR;
917 }
918
919 /* Handle setting of stop bits */
920 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
921 changes |= RFCOMM_RPN_PM_STOP;
922
923 /* POSIX does not support 1.5 stop bits and RFCOMM does not
924 * support 2 stop bits. So a request for 2 stop bits gets
925 * translated to 1.5 stop bits */
926 if (new->c_cflag & CSTOPB)
927 stop_bits = RFCOMM_RPN_STOP_15;
928 else
929 stop_bits = RFCOMM_RPN_STOP_1;
930
931 /* Handle number of data bits [5-8] */
932 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
933 changes |= RFCOMM_RPN_PM_DATA;
934
935 switch (new->c_cflag & CSIZE) {
936 case CS5:
937 data_bits = RFCOMM_RPN_DATA_5;
938 break;
939 case CS6:
940 data_bits = RFCOMM_RPN_DATA_6;
941 break;
942 case CS7:
943 data_bits = RFCOMM_RPN_DATA_7;
944 break;
945 case CS8:
946 data_bits = RFCOMM_RPN_DATA_8;
947 break;
948 default:
949 data_bits = RFCOMM_RPN_DATA_8;
950 break;
951 }
952
953 /* Handle baudrate settings */
954 if (old_baud_rate != new_baud_rate)
955 changes |= RFCOMM_RPN_PM_BITRATE;
956
957 switch (new_baud_rate) {
958 case 2400:
959 baud = RFCOMM_RPN_BR_2400;
960 break;
961 case 4800:
962 baud = RFCOMM_RPN_BR_4800;
963 break;
964 case 7200:
965 baud = RFCOMM_RPN_BR_7200;
966 break;
967 case 9600:
968 baud = RFCOMM_RPN_BR_9600;
969 break;
970 case 19200:
971 baud = RFCOMM_RPN_BR_19200;
972 break;
973 case 38400:
974 baud = RFCOMM_RPN_BR_38400;
975 break;
976 case 57600:
977 baud = RFCOMM_RPN_BR_57600;
978 break;
979 case 115200:
980 baud = RFCOMM_RPN_BR_115200;
981 break;
982 case 230400:
983 baud = RFCOMM_RPN_BR_230400;
984 break;
985 default:
986 /* 9600 is standard accordinag to the RFCOMM specification */
987 baud = RFCOMM_RPN_BR_9600;
988 break;
989
990 }
991
992 if (changes)
993 rfcomm_send_rpn(s: dev->dlc->session, cr: 1, dlci: dev->dlc->dlci, bit_rate: baud,
994 data_bits, stop_bits, parity,
995 RFCOMM_RPN_FLOW_NONE, xon_char: x_on, xoff_char: x_off, param_mask: changes);
996}
997
998static void rfcomm_tty_throttle(struct tty_struct *tty)
999{
1000 struct rfcomm_dev *dev = tty->driver_data;
1001
1002 BT_DBG("tty %p dev %p", tty, dev);
1003
1004 rfcomm_dlc_throttle(d: dev->dlc);
1005}
1006
1007static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1008{
1009 struct rfcomm_dev *dev = tty->driver_data;
1010
1011 BT_DBG("tty %p dev %p", tty, dev);
1012
1013 rfcomm_dlc_unthrottle(d: dev->dlc);
1014}
1015
1016static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1017{
1018 struct rfcomm_dev *dev = tty->driver_data;
1019
1020 BT_DBG("tty %p dev %p", tty, dev);
1021
1022 if (!dev || !dev->dlc)
1023 return 0;
1024
1025 if (!skb_queue_empty(list: &dev->dlc->tx_queue))
1026 return dev->dlc->mtu;
1027
1028 return 0;
1029}
1030
1031static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1032{
1033 struct rfcomm_dev *dev = tty->driver_data;
1034
1035 BT_DBG("tty %p dev %p", tty, dev);
1036
1037 if (!dev || !dev->dlc)
1038 return;
1039
1040 skb_queue_purge(list: &dev->dlc->tx_queue);
1041 tty_wakeup(tty);
1042}
1043
1044static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1045{
1046 BT_DBG("tty %p ch %c", tty, ch);
1047}
1048
1049static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1050{
1051 BT_DBG("tty %p timeout %d", tty, timeout);
1052}
1053
1054static void rfcomm_tty_hangup(struct tty_struct *tty)
1055{
1056 struct rfcomm_dev *dev = tty->driver_data;
1057
1058 BT_DBG("tty %p dev %p", tty, dev);
1059
1060 tty_port_hangup(port: &dev->port);
1061}
1062
1063static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1064{
1065 struct rfcomm_dev *dev = tty->driver_data;
1066
1067 BT_DBG("tty %p dev %p", tty, dev);
1068
1069 return dev->modem_status;
1070}
1071
1072static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1073{
1074 struct rfcomm_dev *dev = tty->driver_data;
1075 struct rfcomm_dlc *dlc = dev->dlc;
1076 u8 v24_sig;
1077
1078 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1079
1080 rfcomm_dlc_get_modem_status(d: dlc, v24_sig: &v24_sig);
1081
1082 if (set & TIOCM_DSR || set & TIOCM_DTR)
1083 v24_sig |= RFCOMM_V24_RTC;
1084 if (set & TIOCM_RTS || set & TIOCM_CTS)
1085 v24_sig |= RFCOMM_V24_RTR;
1086 if (set & TIOCM_RI)
1087 v24_sig |= RFCOMM_V24_IC;
1088 if (set & TIOCM_CD)
1089 v24_sig |= RFCOMM_V24_DV;
1090
1091 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1092 v24_sig &= ~RFCOMM_V24_RTC;
1093 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1094 v24_sig &= ~RFCOMM_V24_RTR;
1095 if (clear & TIOCM_RI)
1096 v24_sig &= ~RFCOMM_V24_IC;
1097 if (clear & TIOCM_CD)
1098 v24_sig &= ~RFCOMM_V24_DV;
1099
1100 rfcomm_dlc_set_modem_status(d: dlc, v24_sig);
1101
1102 return 0;
1103}
1104
1105/* ---- TTY structure ---- */
1106
1107static const struct tty_operations rfcomm_ops = {
1108 .open = rfcomm_tty_open,
1109 .close = rfcomm_tty_close,
1110 .write = rfcomm_tty_write,
1111 .write_room = rfcomm_tty_write_room,
1112 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1113 .flush_buffer = rfcomm_tty_flush_buffer,
1114 .ioctl = rfcomm_tty_ioctl,
1115 .throttle = rfcomm_tty_throttle,
1116 .unthrottle = rfcomm_tty_unthrottle,
1117 .set_termios = rfcomm_tty_set_termios,
1118 .send_xchar = rfcomm_tty_send_xchar,
1119 .hangup = rfcomm_tty_hangup,
1120 .wait_until_sent = rfcomm_tty_wait_until_sent,
1121 .tiocmget = rfcomm_tty_tiocmget,
1122 .tiocmset = rfcomm_tty_tiocmset,
1123 .install = rfcomm_tty_install,
1124 .cleanup = rfcomm_tty_cleanup,
1125};
1126
1127int __init rfcomm_init_ttys(void)
1128{
1129 int error;
1130
1131 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS,
1132 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV);
1133 if (IS_ERR(ptr: rfcomm_tty_driver))
1134 return PTR_ERR(ptr: rfcomm_tty_driver);
1135
1136 rfcomm_tty_driver->driver_name = "rfcomm";
1137 rfcomm_tty_driver->name = "rfcomm";
1138 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1139 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1140 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1141 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1142 rfcomm_tty_driver->init_termios = tty_std_termios;
1143 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1144 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1145 tty_set_operations(driver: rfcomm_tty_driver, op: &rfcomm_ops);
1146
1147 error = tty_register_driver(driver: rfcomm_tty_driver);
1148 if (error) {
1149 BT_ERR("Can't register RFCOMM TTY driver");
1150 tty_driver_kref_put(driver: rfcomm_tty_driver);
1151 return error;
1152 }
1153
1154 BT_INFO("RFCOMM TTY layer initialized");
1155
1156 return 0;
1157}
1158
1159void rfcomm_cleanup_ttys(void)
1160{
1161 tty_unregister_driver(driver: rfcomm_tty_driver);
1162 tty_driver_kref_put(driver: rfcomm_tty_driver);
1163}
1164

source code of linux/net/bluetooth/rfcomm/tty.c