search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'media_fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab...
[cris-mirror.git] / net / bluetooth / rfcomm / tty.c
blob2575c2db64047021080131d47d37a9f5ad49584a
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <linux/capability.h>
35 #include <linux/slab.h>
36 #include <linux/skbuff.h>
37
38 #include <net/bluetooth/bluetooth.h>
39 #include <net/bluetooth/hci_core.h>
40 #include <net/bluetooth/rfcomm.h>
41
42 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
44 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
45 #define RFCOMM_TTY_MINOR 0
46
47 static struct tty_driver *rfcomm_tty_driver;
48
49 struct rfcomm_dev {
50 struct list_head list;
51 atomic_t refcnt;
52
53 char name[12];
54 int id;
55 unsigned long flags;
56 atomic_t opened;
57 int err;
58
59 bdaddr_t src;
60 bdaddr_t dst;
61 u8 channel;
62
63 uint modem_status;
64
65 struct rfcomm_dlc *dlc;
66 struct tty_struct *tty;
67 wait_queue_head_t wait;
68 struct tasklet_struct wakeup_task;
69
70 struct device *tty_dev;
71
72 atomic_t wmem_alloc;
73
74 struct sk_buff_head pending;
75 };
76
77 static LIST_HEAD(rfcomm_dev_list);
78 static DEFINE_RWLOCK(rfcomm_dev_lock);
79
80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
83
84 static void rfcomm_tty_wakeup(unsigned long arg);
85
86 /* ---- Device functions ---- */
87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
88 {
89 struct rfcomm_dlc *dlc = dev->dlc;
90
91 BT_DBG("dev %p dlc %p", dev, dlc);
92
93 /* Refcount should only hit zero when called from rfcomm_dev_del()
94 which will have taken us off the list. Everything else are
95 refcounting bugs. */
96 BUG_ON(!list_empty(&dev->list));
97
98 rfcomm_dlc_lock(dlc);
99 /* Detach DLC if it's owned by this dev */
100 if (dlc->owner == dev)
101 dlc->owner = NULL;
102 rfcomm_dlc_unlock(dlc);
103
104 rfcomm_dlc_put(dlc);
105
106 tty_unregister_device(rfcomm_tty_driver, dev->id);
107
108 kfree(dev);
109
110 /* It's safe to call module_put() here because socket still
111 holds reference to this module. */
112 module_put(THIS_MODULE);
113 }
114
115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
116 {
117 atomic_inc(&dev->refcnt);
118 }
119
120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
121 {
122 /* The reason this isn't actually a race, as you no
123 doubt have a little voice screaming at you in your
124 head, is that the refcount should never actually
125 reach zero unless the device has already been taken
126 off the list, in rfcomm_dev_del(). And if that's not
127 true, we'll hit the BUG() in rfcomm_dev_destruct()
128 anyway. */
129 if (atomic_dec_and_test(&dev->refcnt))
130 rfcomm_dev_destruct(dev);
131 }
132
133 static struct rfcomm_dev *__rfcomm_dev_get(int id)
134 {
135 struct rfcomm_dev *dev;
136 struct list_head *p;
137
138 list_for_each(p, &rfcomm_dev_list) {
139 dev = list_entry(p, struct rfcomm_dev, list);
140 if (dev->id == id)
141 return dev;
142 }
143
144 return NULL;
145 }
146
147 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
148 {
149 struct rfcomm_dev *dev;
150
151 read_lock(&rfcomm_dev_lock);
152
153 dev = __rfcomm_dev_get(id);
154
155 if (dev) {
156 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
157 dev = NULL;
158 else
159 rfcomm_dev_hold(dev);
160 }
161
162 read_unlock(&rfcomm_dev_lock);
163
164 return dev;
165 }
166
167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
168 {
169 struct hci_dev *hdev;
170 struct hci_conn *conn;
171
172 hdev = hci_get_route(&dev->dst, &dev->src);
173 if (!hdev)
174 return NULL;
175
176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
177
178 hci_dev_put(hdev);
179
180 return conn ? &conn->dev : NULL;
181 }
182
183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
184 {
185 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
186 return sprintf(buf, "%s\n", batostr(&dev->dst));
187 }
188
189 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
190 {
191 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
192 return sprintf(buf, "%d\n", dev->channel);
193 }
194
195 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
196 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
197
198 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
199 {
200 struct rfcomm_dev *dev;
201 struct list_head *head = &rfcomm_dev_list, *p;
202 int err = 0;
203
204 BT_DBG("id %d channel %d", req->dev_id, req->channel);
205
206 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
207 if (!dev)
208 return -ENOMEM;
209
210 write_lock_bh(&rfcomm_dev_lock);
211
212 if (req->dev_id < 0) {
213 dev->id = 0;
214
215 list_for_each(p, &rfcomm_dev_list) {
216 if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
217 break;
218
219 dev->id++;
220 head = p;
221 }
222 } else {
223 dev->id = req->dev_id;
224
225 list_for_each(p, &rfcomm_dev_list) {
226 struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
227
228 if (entry->id == dev->id) {
229 err = -EADDRINUSE;
230 goto out;
231 }
232
233 if (entry->id > dev->id - 1)
234 break;
235
236 head = p;
237 }
238 }
239
240 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
241 err = -ENFILE;
242 goto out;
243 }
244
245 sprintf(dev->name, "rfcomm%d", dev->id);
246
247 list_add(&dev->list, head);
248 atomic_set(&dev->refcnt, 1);
249
250 bacpy(&dev->src, &req->src);
251 bacpy(&dev->dst, &req->dst);
252 dev->channel = req->channel;
253
254 dev->flags = req->flags &
255 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
256
257 atomic_set(&dev->opened, 0);
258
259 init_waitqueue_head(&dev->wait);
260 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
261
262 skb_queue_head_init(&dev->pending);
263
264 rfcomm_dlc_lock(dlc);
265
266 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
267 struct sock *sk = dlc->owner;
268 struct sk_buff *skb;
269
270 BUG_ON(!sk);
271
272 rfcomm_dlc_throttle(dlc);
273
274 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
275 skb_orphan(skb);
276 skb_queue_tail(&dev->pending, skb);
277 atomic_sub(skb->len, &sk->sk_rmem_alloc);
278 }
279 }
280
281 dlc->data_ready = rfcomm_dev_data_ready;
282 dlc->state_change = rfcomm_dev_state_change;
283 dlc->modem_status = rfcomm_dev_modem_status;
284
285 dlc->owner = dev;
286 dev->dlc = dlc;
287
288 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
289
290 rfcomm_dlc_unlock(dlc);
291
292 /* It's safe to call __module_get() here because socket already
293 holds reference to this module. */
294 __module_get(THIS_MODULE);
295
296 out:
297 write_unlock_bh(&rfcomm_dev_lock);
298
299 if (err < 0)
300 goto free;
301
302 dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
303
304 if (IS_ERR(dev->tty_dev)) {
305 err = PTR_ERR(dev->tty_dev);
306 list_del(&dev->list);
307 goto free;
308 }
309
310 dev_set_drvdata(dev->tty_dev, dev);
311
312 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
313 BT_ERR("Failed to create address attribute");
314
315 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
316 BT_ERR("Failed to create channel attribute");
317
318 return dev->id;
319
320 free:
321 kfree(dev);
322 return err;
323 }
324
325 static void rfcomm_dev_del(struct rfcomm_dev *dev)
326 {
327 BT_DBG("dev %p", dev);
328
329 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
330
331 if (atomic_read(&dev->opened) > 0)
332 return;
333
334 write_lock_bh(&rfcomm_dev_lock);
335 list_del_init(&dev->list);
336 write_unlock_bh(&rfcomm_dev_lock);
337
338 rfcomm_dev_put(dev);
339 }
340
341 /* ---- Send buffer ---- */
342 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
343 {
344 /* We can't let it be zero, because we don't get a callback
345 when tx_credits becomes nonzero, hence we'd never wake up */
346 return dlc->mtu * (dlc->tx_credits?:1);
347 }
348
349 static void rfcomm_wfree(struct sk_buff *skb)
350 {
351 struct rfcomm_dev *dev = (void *) skb->sk;
352 atomic_sub(skb->truesize, &dev->wmem_alloc);
353 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
354 tasklet_schedule(&dev->wakeup_task);
355 rfcomm_dev_put(dev);
356 }
357
358 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
359 {
360 rfcomm_dev_hold(dev);
361 atomic_add(skb->truesize, &dev->wmem_alloc);
362 skb->sk = (void *) dev;
363 skb->destructor = rfcomm_wfree;
364 }
365
366 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
367 {
368 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
369 struct sk_buff *skb = alloc_skb(size, priority);
370 if (skb) {
371 rfcomm_set_owner_w(skb, dev);
372 return skb;
373 }
374 }
375 return NULL;
376 }
377
378 /* ---- Device IOCTLs ---- */
379
380 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
381
382 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
383 {
384 struct rfcomm_dev_req req;
385 struct rfcomm_dlc *dlc;
386 int id;
387
388 if (copy_from_user(&req, arg, sizeof(req)))
389 return -EFAULT;
390
391 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
392
393 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
394 return -EPERM;
395
396 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
397 /* Socket must be connected */
398 if (sk->sk_state != BT_CONNECTED)
399 return -EBADFD;
400
401 dlc = rfcomm_pi(sk)->dlc;
402 rfcomm_dlc_hold(dlc);
403 } else {
404 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
405 if (!dlc)
406 return -ENOMEM;
407 }
408
409 id = rfcomm_dev_add(&req, dlc);
410 if (id < 0) {
411 rfcomm_dlc_put(dlc);
412 return id;
413 }
414
415 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
416 /* DLC is now used by device.
417 * Socket must be disconnected */
418 sk->sk_state = BT_CLOSED;
419 }
420
421 return id;
422 }
423
424 static int rfcomm_release_dev(void __user *arg)
425 {
426 struct rfcomm_dev_req req;
427 struct rfcomm_dev *dev;
428
429 if (copy_from_user(&req, arg, sizeof(req)))
430 return -EFAULT;
431
432 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
433
434 dev = rfcomm_dev_get(req.dev_id);
435 if (!dev)
436 return -ENODEV;
437
438 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
439 rfcomm_dev_put(dev);
440 return -EPERM;
441 }
442
443 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
444 rfcomm_dlc_close(dev->dlc, 0);
445
446 /* Shut down TTY synchronously before freeing rfcomm_dev */
447 if (dev->tty)
448 tty_vhangup(dev->tty);
449
450 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
451 rfcomm_dev_del(dev);
452 rfcomm_dev_put(dev);
453 return 0;
454 }
455
456 static int rfcomm_get_dev_list(void __user *arg)
457 {
458 struct rfcomm_dev_list_req *dl;
459 struct rfcomm_dev_info *di;
460 struct list_head *p;
461 int n = 0, size, err;
462 u16 dev_num;
463
464 BT_DBG("");
465
466 if (get_user(dev_num, (u16 __user *) arg))
467 return -EFAULT;
468
469 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
470 return -EINVAL;
471
472 size = sizeof(*dl) + dev_num * sizeof(*di);
473
474 dl = kmalloc(size, GFP_KERNEL);
475 if (!dl)
476 return -ENOMEM;
477
478 di = dl->dev_info;
479
480 read_lock_bh(&rfcomm_dev_lock);
481
482 list_for_each(p, &rfcomm_dev_list) {
483 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
484 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
485 continue;
486 (di + n)->id = dev->id;
487 (di + n)->flags = dev->flags;
488 (di + n)->state = dev->dlc->state;
489 (di + n)->channel = dev->channel;
490 bacpy(&(di + n)->src, &dev->src);
491 bacpy(&(di + n)->dst, &dev->dst);
492 if (++n >= dev_num)
493 break;
494 }
495
496 read_unlock_bh(&rfcomm_dev_lock);
497
498 dl->dev_num = n;
499 size = sizeof(*dl) + n * sizeof(*di);
500
501 err = copy_to_user(arg, dl, size);
502 kfree(dl);
503
504 return err ? -EFAULT : 0;
505 }
506
507 static int rfcomm_get_dev_info(void __user *arg)
508 {
509 struct rfcomm_dev *dev;
510 struct rfcomm_dev_info di;
511 int err = 0;
512
513 BT_DBG("");
514
515 if (copy_from_user(&di, arg, sizeof(di)))
516 return -EFAULT;
517
518 dev = rfcomm_dev_get(di.id);
519 if (!dev)
520 return -ENODEV;
521
522 di.flags = dev->flags;
523 di.channel = dev->channel;
524 di.state = dev->dlc->state;
525 bacpy(&di.src, &dev->src);
526 bacpy(&di.dst, &dev->dst);
527
528 if (copy_to_user(arg, &di, sizeof(di)))
529 err = -EFAULT;
530
531 rfcomm_dev_put(dev);
532 return err;
533 }
534
535 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
536 {
537 BT_DBG("cmd %d arg %p", cmd, arg);
538
539 switch (cmd) {
540 case RFCOMMCREATEDEV:
541 return rfcomm_create_dev(sk, arg);
542
543 case RFCOMMRELEASEDEV:
544 return rfcomm_release_dev(arg);
545
546 case RFCOMMGETDEVLIST:
547 return rfcomm_get_dev_list(arg);
548
549 case RFCOMMGETDEVINFO:
550 return rfcomm_get_dev_info(arg);
551 }
552
553 return -EINVAL;
554 }
555
556 /* ---- DLC callbacks ---- */
557 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
558 {
559 struct rfcomm_dev *dev = dlc->owner;
560 struct tty_struct *tty;
561
562 if (!dev) {
563 kfree_skb(skb);
564 return;
565 }
566
567 tty = dev->tty;
568 if (!tty || !skb_queue_empty(&dev->pending)) {
569 skb_queue_tail(&dev->pending, skb);
570 return;
571 }
572
573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
574
575 tty_insert_flip_string(tty, skb->data, skb->len);
576 tty_flip_buffer_push(tty);
577
578 kfree_skb(skb);
579 }
580
581 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
582 {
583 struct rfcomm_dev *dev = dlc->owner;
584 if (!dev)
585 return;
586
587 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
588
589 dev->err = err;
590 wake_up_interruptible(&dev->wait);
591
592 if (dlc->state == BT_CLOSED) {
593 if (!dev->tty) {
594 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
595 /* Drop DLC lock here to avoid deadlock
596 * 1. rfcomm_dev_get will take rfcomm_dev_lock
597 * but in rfcomm_dev_add there's lock order:
598 * rfcomm_dev_lock -> dlc lock
599 * 2. rfcomm_dev_put will deadlock if it's
600 * the last reference
601 */
602 rfcomm_dlc_unlock(dlc);
603 if (rfcomm_dev_get(dev->id) == NULL) {
604 rfcomm_dlc_lock(dlc);
605 return;
606 }
607
608 rfcomm_dev_del(dev);
609 rfcomm_dev_put(dev);
610 rfcomm_dlc_lock(dlc);
611 }
612 } else
613 tty_hangup(dev->tty);
614 }
615 }
616
617 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
618 {
619 struct rfcomm_dev *dev = dlc->owner;
620 if (!dev)
621 return;
622
623 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
624
625 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
626 if (dev->tty && !C_CLOCAL(dev->tty))
627 tty_hangup(dev->tty);
628 }
629
630 dev->modem_status =
631 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
632 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
633 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
634 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
635 }
636
637 /* ---- TTY functions ---- */
638 static void rfcomm_tty_wakeup(unsigned long arg)
639 {
640 struct rfcomm_dev *dev = (void *) arg;
641 struct tty_struct *tty = dev->tty;
642 if (!tty)
643 return;
644
645 BT_DBG("dev %p tty %p", dev, tty);
646 tty_wakeup(tty);
647 }
648
649 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
650 {
651 struct tty_struct *tty = dev->tty;
652 struct sk_buff *skb;
653 int inserted = 0;
654
655 if (!tty)
656 return;
657
658 BT_DBG("dev %p tty %p", dev, tty);
659
660 rfcomm_dlc_lock(dev->dlc);
661
662 while ((skb = skb_dequeue(&dev->pending))) {
663 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
664 kfree_skb(skb);
665 }
666
667 rfcomm_dlc_unlock(dev->dlc);
668
669 if (inserted > 0)
670 tty_flip_buffer_push(tty);
671 }
672
673 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
674 {
675 DECLARE_WAITQUEUE(wait, current);
676 struct rfcomm_dev *dev;
677 struct rfcomm_dlc *dlc;
678 int err, id;
679
680 id = tty->index;
681
682 BT_DBG("tty %p id %d", tty, id);
683
684 /* We don't leak this refcount. For reasons which are not entirely
685 clear, the TTY layer will call our ->close() method even if the
686 open fails. We decrease the refcount there, and decreasing it
687 here too would cause breakage. */
688 dev = rfcomm_dev_get(id);
689 if (!dev)
690 return -ENODEV;
691
692 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
693 dev->channel, atomic_read(&dev->opened));
694
695 if (atomic_inc_return(&dev->opened) > 1)
696 return 0;
697
698 dlc = dev->dlc;
699
700 /* Attach TTY and open DLC */
701
702 rfcomm_dlc_lock(dlc);
703 tty->driver_data = dev;
704 dev->tty = tty;
705 rfcomm_dlc_unlock(dlc);
706 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
707
708 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
709 if (err < 0)
710 return err;
711
712 /* Wait for DLC to connect */
713 add_wait_queue(&dev->wait, &wait);
714 while (1) {
715 set_current_state(TASK_INTERRUPTIBLE);
716
717 if (dlc->state == BT_CLOSED) {
718 err = -dev->err;
719 break;
720 }
721
722 if (dlc->state == BT_CONNECTED)
723 break;
724
725 if (signal_pending(current)) {
726 err = -EINTR;
727 break;
728 }
729
730 schedule();
731 }
732 set_current_state(TASK_RUNNING);
733 remove_wait_queue(&dev->wait, &wait);
734
735 if (err == 0)
736 device_move(dev->tty_dev, rfcomm_get_device(dev),
737 DPM_ORDER_DEV_AFTER_PARENT);
738
739 rfcomm_tty_copy_pending(dev);
740
741 rfcomm_dlc_unthrottle(dev->dlc);
742
743 return err;
744 }
745
746 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
747 {
748 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
749 if (!dev)
750 return;
751
752 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
753 atomic_read(&dev->opened));
754
755 if (atomic_dec_and_test(&dev->opened)) {
756 if (dev->tty_dev->parent)
757 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
758
759 /* Close DLC and dettach TTY */
760 rfcomm_dlc_close(dev->dlc, 0);
761
762 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
763 tasklet_kill(&dev->wakeup_task);
764
765 rfcomm_dlc_lock(dev->dlc);
766 tty->driver_data = NULL;
767 dev->tty = NULL;
768 rfcomm_dlc_unlock(dev->dlc);
769
770 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
771 write_lock_bh(&rfcomm_dev_lock);
772 list_del_init(&dev->list);
773 write_unlock_bh(&rfcomm_dev_lock);
774
775 rfcomm_dev_put(dev);
776 }
777 }
778
779 rfcomm_dev_put(dev);
780 }
781
782 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
783 {
784 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
785 struct rfcomm_dlc *dlc = dev->dlc;
786 struct sk_buff *skb;
787 int err = 0, sent = 0, size;
788
789 BT_DBG("tty %p count %d", tty, count);
790
791 while (count) {
792 size = min_t(uint, count, dlc->mtu);
793
794 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
795
796 if (!skb)
797 break;
798
799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
800
801 memcpy(skb_put(skb, size), buf + sent, size);
802
803 err = rfcomm_dlc_send(dlc, skb);
804 if (err < 0) {
805 kfree_skb(skb);
806 break;
807 }
808
809 sent += size;
810 count -= size;
811 }
812
813 return sent ? sent : err;
814 }
815
816 static int rfcomm_tty_write_room(struct tty_struct *tty)
817 {
818 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
819 int room;
820
821 BT_DBG("tty %p", tty);
822
823 if (!dev || !dev->dlc)
824 return 0;
825
826 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
827 if (room < 0)
828 room = 0;
829
830 return room;
831 }
832
833 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
834 {
835 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
836
837 switch (cmd) {
838 case TCGETS:
839 BT_DBG("TCGETS is not supported");
840 return -ENOIOCTLCMD;
841
842 case TCSETS:
843 BT_DBG("TCSETS is not supported");
844 return -ENOIOCTLCMD;
845
846 case TIOCMIWAIT:
847 BT_DBG("TIOCMIWAIT");
848 break;
849
850 case TIOCGSERIAL:
851 BT_ERR("TIOCGSERIAL is not supported");
852 return -ENOIOCTLCMD;
853
854 case TIOCSSERIAL:
855 BT_ERR("TIOCSSERIAL is not supported");
856 return -ENOIOCTLCMD;
857
858 case TIOCSERGSTRUCT:
859 BT_ERR("TIOCSERGSTRUCT is not supported");
860 return -ENOIOCTLCMD;
861
862 case TIOCSERGETLSR:
863 BT_ERR("TIOCSERGETLSR is not supported");
864 return -ENOIOCTLCMD;
865
866 case TIOCSERCONFIG:
867 BT_ERR("TIOCSERCONFIG is not supported");
868 return -ENOIOCTLCMD;
869
870 default:
871 return -ENOIOCTLCMD; /* ioctls which we must ignore */
872
873 }
874
875 return -ENOIOCTLCMD;
876 }
877
878 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
879 {
880 struct ktermios *new = tty->termios;
881 int old_baud_rate = tty_termios_baud_rate(old);
882 int new_baud_rate = tty_termios_baud_rate(new);
883
884 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
885 u16 changes = 0;
886
887 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
888
889 BT_DBG("tty %p termios %p", tty, old);
890
891 if (!dev || !dev->dlc || !dev->dlc->session)
892 return;
893
894 /* Handle turning off CRTSCTS */
895 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
896 BT_DBG("Turning off CRTSCTS unsupported");
897
898 /* Parity on/off and when on, odd/even */
899 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
900 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
901 changes |= RFCOMM_RPN_PM_PARITY;
902 BT_DBG("Parity change detected.");
903 }
904
905 /* Mark and space parity are not supported! */
906 if (new->c_cflag & PARENB) {
907 if (new->c_cflag & PARODD) {
908 BT_DBG("Parity is ODD");
909 parity = RFCOMM_RPN_PARITY_ODD;
910 } else {
911 BT_DBG("Parity is EVEN");
912 parity = RFCOMM_RPN_PARITY_EVEN;
913 }
914 } else {
915 BT_DBG("Parity is OFF");
916 parity = RFCOMM_RPN_PARITY_NONE;
917 }
918
919 /* Setting the x_on / x_off characters */
920 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
921 BT_DBG("XOFF custom");
922 x_on = new->c_cc[VSTOP];
923 changes |= RFCOMM_RPN_PM_XON;
924 } else {
925 BT_DBG("XOFF default");
926 x_on = RFCOMM_RPN_XON_CHAR;
927 }
928
929 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
930 BT_DBG("XON custom");
931 x_off = new->c_cc[VSTART];
932 changes |= RFCOMM_RPN_PM_XOFF;
933 } else {
934 BT_DBG("XON default");
935 x_off = RFCOMM_RPN_XOFF_CHAR;
936 }
937
938 /* Handle setting of stop bits */
939 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
940 changes |= RFCOMM_RPN_PM_STOP;
941
942 /* POSIX does not support 1.5 stop bits and RFCOMM does not
943 * support 2 stop bits. So a request for 2 stop bits gets
944 * translated to 1.5 stop bits */
945 if (new->c_cflag & CSTOPB)
946 stop_bits = RFCOMM_RPN_STOP_15;
947 else
948 stop_bits = RFCOMM_RPN_STOP_1;
949
950 /* Handle number of data bits [5-8] */
951 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
952 changes |= RFCOMM_RPN_PM_DATA;
953
954 switch (new->c_cflag & CSIZE) {
955 case CS5:
956 data_bits = RFCOMM_RPN_DATA_5;
957 break;
958 case CS6:
959 data_bits = RFCOMM_RPN_DATA_6;
960 break;
961 case CS7:
962 data_bits = RFCOMM_RPN_DATA_7;
963 break;
964 case CS8:
965 data_bits = RFCOMM_RPN_DATA_8;
966 break;
967 default:
968 data_bits = RFCOMM_RPN_DATA_8;
969 break;
970 }
971
972 /* Handle baudrate settings */
973 if (old_baud_rate != new_baud_rate)
974 changes |= RFCOMM_RPN_PM_BITRATE;
975
976 switch (new_baud_rate) {
977 case 2400:
978 baud = RFCOMM_RPN_BR_2400;
979 break;
980 case 4800:
981 baud = RFCOMM_RPN_BR_4800;
982 break;
983 case 7200:
984 baud = RFCOMM_RPN_BR_7200;
985 break;
986 case 9600:
987 baud = RFCOMM_RPN_BR_9600;
988 break;
989 case 19200:
990 baud = RFCOMM_RPN_BR_19200;
991 break;
992 case 38400:
993 baud = RFCOMM_RPN_BR_38400;
994 break;
995 case 57600:
996 baud = RFCOMM_RPN_BR_57600;
997 break;
998 case 115200:
999 baud = RFCOMM_RPN_BR_115200;
1000 break;
1001 case 230400:
1002 baud = RFCOMM_RPN_BR_230400;
1003 break;
1004 default:
1005 /* 9600 is standard accordinag to the RFCOMM specification */
1006 baud = RFCOMM_RPN_BR_9600;
1007 break;
1008
1009 }
1010
1011 if (changes)
1012 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1013 data_bits, stop_bits, parity,
1014 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1015 }
1016
1017 static void rfcomm_tty_throttle(struct tty_struct *tty)
1018 {
1019 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1020
1021 BT_DBG("tty %p dev %p", tty, dev);
1022
1023 rfcomm_dlc_throttle(dev->dlc);
1024 }
1025
1026 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1027 {
1028 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1029
1030 BT_DBG("tty %p dev %p", tty, dev);
1031
1032 rfcomm_dlc_unthrottle(dev->dlc);
1033 }
1034
1035 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1036 {
1037 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1038
1039 BT_DBG("tty %p dev %p", tty, dev);
1040
1041 if (!dev || !dev->dlc)
1042 return 0;
1043
1044 if (!skb_queue_empty(&dev->dlc->tx_queue))
1045 return dev->dlc->mtu;
1046
1047 return 0;
1048 }
1049
1050 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1051 {
1052 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1053
1054 BT_DBG("tty %p dev %p", tty, dev);
1055
1056 if (!dev || !dev->dlc)
1057 return;
1058
1059 skb_queue_purge(&dev->dlc->tx_queue);
1060 tty_wakeup(tty);
1061 }
1062
1063 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1064 {
1065 BT_DBG("tty %p ch %c", tty, ch);
1066 }
1067
1068 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1069 {
1070 BT_DBG("tty %p timeout %d", tty, timeout);
1071 }
1072
1073 static void rfcomm_tty_hangup(struct tty_struct *tty)
1074 {
1075 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1076
1077 BT_DBG("tty %p dev %p", tty, dev);
1078
1079 if (!dev)
1080 return;
1081
1082 rfcomm_tty_flush_buffer(tty);
1083
1084 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1085 if (rfcomm_dev_get(dev->id) == NULL)
1086 return;
1087 rfcomm_dev_del(dev);
1088 rfcomm_dev_put(dev);
1089 }
1090 }
1091
1092 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1093 {
1094 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1095
1096 BT_DBG("tty %p dev %p", tty, dev);
1097
1098 return dev->modem_status;
1099 }
1100
1101 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
1102 {
1103 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1104 struct rfcomm_dlc *dlc = dev->dlc;
1105 u8 v24_sig;
1106
1107 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1108
1109 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1110
1111 if (set & TIOCM_DSR || set & TIOCM_DTR)
1112 v24_sig |= RFCOMM_V24_RTC;
1113 if (set & TIOCM_RTS || set & TIOCM_CTS)
1114 v24_sig |= RFCOMM_V24_RTR;
1115 if (set & TIOCM_RI)
1116 v24_sig |= RFCOMM_V24_IC;
1117 if (set & TIOCM_CD)
1118 v24_sig |= RFCOMM_V24_DV;
1119
1120 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1121 v24_sig &= ~RFCOMM_V24_RTC;
1122 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1123 v24_sig &= ~RFCOMM_V24_RTR;
1124 if (clear & TIOCM_RI)
1125 v24_sig &= ~RFCOMM_V24_IC;
1126 if (clear & TIOCM_CD)
1127 v24_sig &= ~RFCOMM_V24_DV;
1128
1129 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1130
1131 return 0;
1132 }
1133
1134 /* ---- TTY structure ---- */
1135
1136 static const struct tty_operations rfcomm_ops = {
1137 .open = rfcomm_tty_open,
1138 .close = rfcomm_tty_close,
1139 .write = rfcomm_tty_write,
1140 .write_room = rfcomm_tty_write_room,
1141 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1142 .flush_buffer = rfcomm_tty_flush_buffer,
1143 .ioctl = rfcomm_tty_ioctl,
1144 .throttle = rfcomm_tty_throttle,
1145 .unthrottle = rfcomm_tty_unthrottle,
1146 .set_termios = rfcomm_tty_set_termios,
1147 .send_xchar = rfcomm_tty_send_xchar,
1148 .hangup = rfcomm_tty_hangup,
1149 .wait_until_sent = rfcomm_tty_wait_until_sent,
1150 .tiocmget = rfcomm_tty_tiocmget,
1151 .tiocmset = rfcomm_tty_tiocmset,
1152 };
1153
1154 int __init rfcomm_init_ttys(void)
1155 {
1156 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1157 if (!rfcomm_tty_driver)
1158 return -1;
1159
1160 rfcomm_tty_driver->owner = THIS_MODULE;
1161 rfcomm_tty_driver->driver_name = "rfcomm";
1162 rfcomm_tty_driver->name = "rfcomm";
1163 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1164 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1165 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1166 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1167 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1168 rfcomm_tty_driver->init_termios = tty_std_termios;
1169 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1170 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1171 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1172
1173 if (tty_register_driver(rfcomm_tty_driver)) {
1174 BT_ERR("Can't register RFCOMM TTY driver");
1175 put_tty_driver(rfcomm_tty_driver);
1176 return -1;
1177 }
1178
1179 BT_INFO("RFCOMM TTY layer initialized");
1180
1181 return 0;
1182 }
1183
1184 void rfcomm_cleanup_ttys(void)
1185 {
1186 tty_unregister_driver(rfcomm_tty_driver);
1187 put_tty_driver(rfcomm_tty_driver);
1188 }
CRIS linux kernel tree