bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / net / bluetooth / rfcomm / tty.c
blob5f3074cb6b4db67aad4491e99e291f073e1876c5
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * RFCOMM TTY.
28 #include <linux/module.h>
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41 #define RFCOMM_TTY_MINOR 0
43 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
44 static struct tty_driver *rfcomm_tty_driver;
46 struct rfcomm_dev {
47 struct tty_port port;
48 struct list_head list;
50 char name[12];
51 int id;
52 unsigned long flags;
53 int err;
55 unsigned long status; /* don't export to userspace */
57 bdaddr_t src;
58 bdaddr_t dst;
59 u8 channel;
61 uint modem_status;
63 struct rfcomm_dlc *dlc;
65 struct device *tty_dev;
67 atomic_t wmem_alloc;
69 struct sk_buff_head pending;
72 static LIST_HEAD(rfcomm_dev_list);
73 static DEFINE_MUTEX(rfcomm_dev_lock);
75 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
77 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
79 /* ---- Device functions ---- */
81 static void rfcomm_dev_destruct(struct tty_port *port)
83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
84 struct rfcomm_dlc *dlc = dev->dlc;
86 BT_DBG("dev %p dlc %p", dev, dlc);
88 rfcomm_dlc_lock(dlc);
89 /* Detach DLC if it's owned by this dev */
90 if (dlc->owner == dev)
91 dlc->owner = NULL;
92 rfcomm_dlc_unlock(dlc);
94 rfcomm_dlc_put(dlc);
96 if (dev->tty_dev)
97 tty_unregister_device(rfcomm_tty_driver, dev->id);
99 mutex_lock(&rfcomm_dev_lock);
100 list_del(&dev->list);
101 mutex_unlock(&rfcomm_dev_lock);
103 kfree(dev);
105 /* It's safe to call module_put() here because socket still
106 holds reference to this module. */
107 module_put(THIS_MODULE);
110 /* device-specific initialization: open the dlc */
111 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
114 int err;
116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
117 if (err)
118 set_bit(TTY_IO_ERROR, &tty->flags);
119 return err;
122 /* we block the open until the dlc->state becomes BT_CONNECTED */
123 static int rfcomm_dev_carrier_raised(struct tty_port *port)
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
127 return (dev->dlc->state == BT_CONNECTED);
130 /* device-specific cleanup: close the dlc */
131 static void rfcomm_dev_shutdown(struct tty_port *port)
133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
135 if (dev->tty_dev->parent)
136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
138 /* close the dlc */
139 rfcomm_dlc_close(dev->dlc, 0);
142 static const struct tty_port_operations rfcomm_port_ops = {
143 .destruct = rfcomm_dev_destruct,
144 .activate = rfcomm_dev_activate,
145 .shutdown = rfcomm_dev_shutdown,
146 .carrier_raised = rfcomm_dev_carrier_raised,
149 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
151 struct rfcomm_dev *dev;
153 list_for_each_entry(dev, &rfcomm_dev_list, list)
154 if (dev->id == id)
155 return dev;
157 return NULL;
160 static struct rfcomm_dev *rfcomm_dev_get(int id)
162 struct rfcomm_dev *dev;
164 mutex_lock(&rfcomm_dev_lock);
166 dev = __rfcomm_dev_lookup(id);
168 if (dev && !tty_port_get(&dev->port))
169 dev = NULL;
171 mutex_unlock(&rfcomm_dev_lock);
173 return dev;
176 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
178 struct hci_dev *hdev;
179 struct hci_conn *conn;
181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
182 if (!hdev)
183 return;
185 /* The lookup results are unsafe to access without the
186 * hci device lock (FIXME: why is this not documented?)
188 hci_dev_lock(hdev);
189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
191 /* Just because the acl link is in the hash table is no
192 * guarantee the sysfs device has been added ...
194 if (conn && device_is_registered(&conn->dev))
195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
197 hci_dev_unlock(hdev);
198 hci_dev_put(hdev);
201 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sprintf(buf, "%pMR\n", &dev->dst);
207 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
209 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
210 return sprintf(buf, "%d\n", dev->channel);
213 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
214 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
216 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
217 struct rfcomm_dlc *dlc)
219 struct rfcomm_dev *dev, *entry;
220 struct list_head *head = &rfcomm_dev_list;
221 int err = 0;
223 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
224 if (!dev)
225 return ERR_PTR(-ENOMEM);
227 mutex_lock(&rfcomm_dev_lock);
229 if (req->dev_id < 0) {
230 dev->id = 0;
232 list_for_each_entry(entry, &rfcomm_dev_list, list) {
233 if (entry->id != dev->id)
234 break;
236 dev->id++;
237 head = &entry->list;
239 } else {
240 dev->id = req->dev_id;
242 list_for_each_entry(entry, &rfcomm_dev_list, list) {
243 if (entry->id == dev->id) {
244 err = -EADDRINUSE;
245 goto out;
248 if (entry->id > dev->id - 1)
249 break;
251 head = &entry->list;
255 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
256 err = -ENFILE;
257 goto out;
260 sprintf(dev->name, "rfcomm%d", dev->id);
262 list_add(&dev->list, head);
264 bacpy(&dev->src, &req->src);
265 bacpy(&dev->dst, &req->dst);
266 dev->channel = req->channel;
268 dev->flags = req->flags &
269 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
271 tty_port_init(&dev->port);
272 dev->port.ops = &rfcomm_port_ops;
274 skb_queue_head_init(&dev->pending);
276 rfcomm_dlc_lock(dlc);
278 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
279 struct sock *sk = dlc->owner;
280 struct sk_buff *skb;
282 BUG_ON(!sk);
284 rfcomm_dlc_throttle(dlc);
286 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
287 skb_orphan(skb);
288 skb_queue_tail(&dev->pending, skb);
289 atomic_sub(skb->len, &sk->sk_rmem_alloc);
293 dlc->data_ready = rfcomm_dev_data_ready;
294 dlc->state_change = rfcomm_dev_state_change;
295 dlc->modem_status = rfcomm_dev_modem_status;
297 dlc->owner = dev;
298 dev->dlc = dlc;
300 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
302 rfcomm_dlc_unlock(dlc);
304 /* It's safe to call __module_get() here because socket already
305 holds reference to this module. */
306 __module_get(THIS_MODULE);
308 mutex_unlock(&rfcomm_dev_lock);
309 return dev;
311 out:
312 mutex_unlock(&rfcomm_dev_lock);
313 kfree(dev);
314 return ERR_PTR(err);
317 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
319 struct rfcomm_dev *dev;
320 struct device *tty;
322 BT_DBG("id %d channel %d", req->dev_id, req->channel);
324 dev = __rfcomm_dev_add(req, dlc);
325 if (IS_ERR(dev)) {
326 rfcomm_dlc_put(dlc);
327 return PTR_ERR(dev);
330 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
331 dev->id, NULL);
332 if (IS_ERR(tty)) {
333 tty_port_put(&dev->port);
334 return PTR_ERR(tty);
337 dev->tty_dev = tty;
338 rfcomm_reparent_device(dev);
339 dev_set_drvdata(dev->tty_dev, dev);
341 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
342 BT_ERR("Failed to create address attribute");
344 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
345 BT_ERR("Failed to create channel attribute");
347 return dev->id;
350 /* ---- Send buffer ---- */
351 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
353 struct rfcomm_dlc *dlc = dev->dlc;
355 /* Limit the outstanding number of packets not yet sent to 40 */
356 int pending = 40 - atomic_read(&dev->wmem_alloc);
358 return max(0, pending) * dlc->mtu;
361 static void rfcomm_wfree(struct sk_buff *skb)
363 struct rfcomm_dev *dev = (void *) skb->sk;
364 atomic_dec(&dev->wmem_alloc);
365 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
366 tty_port_tty_wakeup(&dev->port);
367 tty_port_put(&dev->port);
370 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
372 tty_port_get(&dev->port);
373 atomic_inc(&dev->wmem_alloc);
374 skb->sk = (void *) dev;
375 skb->destructor = rfcomm_wfree;
378 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
380 struct sk_buff *skb = alloc_skb(size, priority);
381 if (skb)
382 rfcomm_set_owner_w(skb, dev);
383 return skb;
386 /* ---- Device IOCTLs ---- */
388 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
390 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
392 struct rfcomm_dev_req req;
393 struct rfcomm_dlc *dlc;
394 int id;
396 if (copy_from_user(&req, arg, sizeof(req)))
397 return -EFAULT;
399 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
401 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
402 return -EPERM;
404 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
405 /* Socket must be connected */
406 if (sk->sk_state != BT_CONNECTED)
407 return -EBADFD;
409 dlc = rfcomm_pi(sk)->dlc;
410 rfcomm_dlc_hold(dlc);
411 } else {
412 /* Validate the channel is unused */
413 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
414 if (IS_ERR(dlc))
415 return PTR_ERR(dlc);
416 else if (dlc) {
417 rfcomm_dlc_put(dlc);
418 return -EBUSY;
420 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
421 if (!dlc)
422 return -ENOMEM;
425 id = rfcomm_dev_add(&req, dlc);
426 if (id < 0)
427 return id;
429 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
430 /* DLC is now used by device.
431 * Socket must be disconnected */
432 sk->sk_state = BT_CLOSED;
435 return id;
438 static int __rfcomm_release_dev(void __user *arg)
440 struct rfcomm_dev_req req;
441 struct rfcomm_dev *dev;
442 struct tty_struct *tty;
444 if (copy_from_user(&req, arg, sizeof(req)))
445 return -EFAULT;
447 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
449 dev = rfcomm_dev_get(req.dev_id);
450 if (!dev)
451 return -ENODEV;
453 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
454 tty_port_put(&dev->port);
455 return -EPERM;
458 /* only release once */
459 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
460 tty_port_put(&dev->port);
461 return -EALREADY;
464 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
465 rfcomm_dlc_close(dev->dlc, 0);
467 /* Shut down TTY synchronously before freeing rfcomm_dev */
468 tty = tty_port_tty_get(&dev->port);
469 if (tty) {
470 tty_vhangup(tty);
471 tty_kref_put(tty);
474 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
475 tty_port_put(&dev->port);
477 tty_port_put(&dev->port);
478 return 0;
481 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
483 int ret;
485 mutex_lock(&rfcomm_ioctl_mutex);
486 ret = __rfcomm_create_dev(sk, arg);
487 mutex_unlock(&rfcomm_ioctl_mutex);
489 return ret;
492 static int rfcomm_release_dev(void __user *arg)
494 int ret;
496 mutex_lock(&rfcomm_ioctl_mutex);
497 ret = __rfcomm_release_dev(arg);
498 mutex_unlock(&rfcomm_ioctl_mutex);
500 return ret;
503 static int rfcomm_get_dev_list(void __user *arg)
505 struct rfcomm_dev *dev;
506 struct rfcomm_dev_list_req *dl;
507 struct rfcomm_dev_info *di;
508 int n = 0, size, err;
509 u16 dev_num;
511 BT_DBG("");
513 if (get_user(dev_num, (u16 __user *) arg))
514 return -EFAULT;
516 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
517 return -EINVAL;
519 size = sizeof(*dl) + dev_num * sizeof(*di);
521 dl = kzalloc(size, GFP_KERNEL);
522 if (!dl)
523 return -ENOMEM;
525 di = dl->dev_info;
527 mutex_lock(&rfcomm_dev_lock);
529 list_for_each_entry(dev, &rfcomm_dev_list, list) {
530 if (!tty_port_get(&dev->port))
531 continue;
532 (di + n)->id = dev->id;
533 (di + n)->flags = dev->flags;
534 (di + n)->state = dev->dlc->state;
535 (di + n)->channel = dev->channel;
536 bacpy(&(di + n)->src, &dev->src);
537 bacpy(&(di + n)->dst, &dev->dst);
538 tty_port_put(&dev->port);
539 if (++n >= dev_num)
540 break;
543 mutex_unlock(&rfcomm_dev_lock);
545 dl->dev_num = n;
546 size = sizeof(*dl) + n * sizeof(*di);
548 err = copy_to_user(arg, dl, size);
549 kfree(dl);
551 return err ? -EFAULT : 0;
554 static int rfcomm_get_dev_info(void __user *arg)
556 struct rfcomm_dev *dev;
557 struct rfcomm_dev_info di;
558 int err = 0;
560 BT_DBG("");
562 if (copy_from_user(&di, arg, sizeof(di)))
563 return -EFAULT;
565 dev = rfcomm_dev_get(di.id);
566 if (!dev)
567 return -ENODEV;
569 di.flags = dev->flags;
570 di.channel = dev->channel;
571 di.state = dev->dlc->state;
572 bacpy(&di.src, &dev->src);
573 bacpy(&di.dst, &dev->dst);
575 if (copy_to_user(arg, &di, sizeof(di)))
576 err = -EFAULT;
578 tty_port_put(&dev->port);
579 return err;
582 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
584 BT_DBG("cmd %d arg %p", cmd, arg);
586 switch (cmd) {
587 case RFCOMMCREATEDEV:
588 return rfcomm_create_dev(sk, arg);
590 case RFCOMMRELEASEDEV:
591 return rfcomm_release_dev(arg);
593 case RFCOMMGETDEVLIST:
594 return rfcomm_get_dev_list(arg);
596 case RFCOMMGETDEVINFO:
597 return rfcomm_get_dev_info(arg);
600 return -EINVAL;
603 /* ---- DLC callbacks ---- */
604 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
606 struct rfcomm_dev *dev = dlc->owner;
608 if (!dev) {
609 kfree_skb(skb);
610 return;
613 if (!skb_queue_empty(&dev->pending)) {
614 skb_queue_tail(&dev->pending, skb);
615 return;
618 BT_DBG("dlc %p len %d", dlc, skb->len);
620 tty_insert_flip_string(&dev->port, skb->data, skb->len);
621 tty_flip_buffer_push(&dev->port);
623 kfree_skb(skb);
626 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
628 struct rfcomm_dev *dev = dlc->owner;
629 if (!dev)
630 return;
632 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
634 dev->err = err;
635 if (dlc->state == BT_CONNECTED) {
636 rfcomm_reparent_device(dev);
638 wake_up_interruptible(&dev->port.open_wait);
639 } else if (dlc->state == BT_CLOSED)
640 tty_port_tty_hangup(&dev->port, false);
643 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
645 struct rfcomm_dev *dev = dlc->owner;
646 if (!dev)
647 return;
649 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
651 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
652 tty_port_tty_hangup(&dev->port, true);
654 dev->modem_status =
655 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
656 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
657 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
658 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
661 /* ---- TTY functions ---- */
662 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
664 struct sk_buff *skb;
665 int inserted = 0;
667 BT_DBG("dev %p", dev);
669 rfcomm_dlc_lock(dev->dlc);
671 while ((skb = skb_dequeue(&dev->pending))) {
672 inserted += tty_insert_flip_string(&dev->port, skb->data,
673 skb->len);
674 kfree_skb(skb);
677 rfcomm_dlc_unlock(dev->dlc);
679 if (inserted > 0)
680 tty_flip_buffer_push(&dev->port);
683 /* do the reverse of install, clearing the tty fields and releasing the
684 * reference to tty_port
686 static void rfcomm_tty_cleanup(struct tty_struct *tty)
688 struct rfcomm_dev *dev = tty->driver_data;
690 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
692 rfcomm_dlc_lock(dev->dlc);
693 tty->driver_data = NULL;
694 rfcomm_dlc_unlock(dev->dlc);
697 * purge the dlc->tx_queue to avoid circular dependencies
698 * between dev and dlc
700 skb_queue_purge(&dev->dlc->tx_queue);
702 tty_port_put(&dev->port);
705 /* we acquire the tty_port reference since it's here the tty is first used
706 * by setting the termios. We also populate the driver_data field and install
707 * the tty port
709 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
711 struct rfcomm_dev *dev;
712 struct rfcomm_dlc *dlc;
713 int err;
715 dev = rfcomm_dev_get(tty->index);
716 if (!dev)
717 return -ENODEV;
719 dlc = dev->dlc;
721 /* Attach TTY and open DLC */
722 rfcomm_dlc_lock(dlc);
723 tty->driver_data = dev;
724 rfcomm_dlc_unlock(dlc);
725 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
727 /* install the tty_port */
728 err = tty_port_install(&dev->port, driver, tty);
729 if (err) {
730 rfcomm_tty_cleanup(tty);
731 return err;
734 /* take over the tty_port reference if the port was created with the
735 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
736 * when the last process closes the tty. The behaviour is expected by
737 * userspace.
739 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
740 set_bit(RFCOMM_TTY_OWNED, &dev->status);
741 tty_port_put(&dev->port);
744 return 0;
747 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
749 struct rfcomm_dev *dev = tty->driver_data;
750 int err;
752 BT_DBG("tty %p id %d", tty, tty->index);
754 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
755 dev->channel, dev->port.count);
757 err = tty_port_open(&dev->port, tty, filp);
758 if (err)
759 return err;
762 * FIXME: rfcomm should use proper flow control for
763 * received data. This hack will be unnecessary and can
764 * be removed when that's implemented
766 rfcomm_tty_copy_pending(dev);
768 rfcomm_dlc_unthrottle(dev->dlc);
770 return 0;
773 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
775 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
777 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
778 dev->port.count);
780 tty_port_close(&dev->port, tty, filp);
783 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
785 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
786 struct rfcomm_dlc *dlc = dev->dlc;
787 struct sk_buff *skb;
788 int sent = 0, size;
790 BT_DBG("tty %p count %d", tty, count);
792 while (count) {
793 size = min_t(uint, count, dlc->mtu);
795 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
796 if (!skb)
797 break;
799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
801 skb_put_data(skb, buf + sent, size);
803 rfcomm_dlc_send_noerror(dlc, skb);
805 sent += size;
806 count -= size;
809 return sent;
812 static int rfcomm_tty_write_room(struct tty_struct *tty)
814 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
815 int room = 0;
817 if (dev && dev->dlc)
818 room = rfcomm_room(dev);
820 BT_DBG("tty %p room %d", tty, room);
822 return room;
825 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
827 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
829 switch (cmd) {
830 case TCGETS:
831 BT_DBG("TCGETS is not supported");
832 return -ENOIOCTLCMD;
834 case TCSETS:
835 BT_DBG("TCSETS is not supported");
836 return -ENOIOCTLCMD;
838 case TIOCMIWAIT:
839 BT_DBG("TIOCMIWAIT");
840 break;
842 case TIOCGSERIAL:
843 BT_ERR("TIOCGSERIAL is not supported");
844 return -ENOIOCTLCMD;
846 case TIOCSSERIAL:
847 BT_ERR("TIOCSSERIAL is not supported");
848 return -ENOIOCTLCMD;
850 case TIOCSERGSTRUCT:
851 BT_ERR("TIOCSERGSTRUCT is not supported");
852 return -ENOIOCTLCMD;
854 case TIOCSERGETLSR:
855 BT_ERR("TIOCSERGETLSR is not supported");
856 return -ENOIOCTLCMD;
858 case TIOCSERCONFIG:
859 BT_ERR("TIOCSERCONFIG is not supported");
860 return -ENOIOCTLCMD;
862 default:
863 return -ENOIOCTLCMD; /* ioctls which we must ignore */
867 return -ENOIOCTLCMD;
870 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
872 struct ktermios *new = &tty->termios;
873 int old_baud_rate = tty_termios_baud_rate(old);
874 int new_baud_rate = tty_termios_baud_rate(new);
876 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
877 u16 changes = 0;
879 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
881 BT_DBG("tty %p termios %p", tty, old);
883 if (!dev || !dev->dlc || !dev->dlc->session)
884 return;
886 /* Handle turning off CRTSCTS */
887 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
888 BT_DBG("Turning off CRTSCTS unsupported");
890 /* Parity on/off and when on, odd/even */
891 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
892 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
893 changes |= RFCOMM_RPN_PM_PARITY;
894 BT_DBG("Parity change detected.");
897 /* Mark and space parity are not supported! */
898 if (new->c_cflag & PARENB) {
899 if (new->c_cflag & PARODD) {
900 BT_DBG("Parity is ODD");
901 parity = RFCOMM_RPN_PARITY_ODD;
902 } else {
903 BT_DBG("Parity is EVEN");
904 parity = RFCOMM_RPN_PARITY_EVEN;
906 } else {
907 BT_DBG("Parity is OFF");
908 parity = RFCOMM_RPN_PARITY_NONE;
911 /* Setting the x_on / x_off characters */
912 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
913 BT_DBG("XOFF custom");
914 x_on = new->c_cc[VSTOP];
915 changes |= RFCOMM_RPN_PM_XON;
916 } else {
917 BT_DBG("XOFF default");
918 x_on = RFCOMM_RPN_XON_CHAR;
921 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
922 BT_DBG("XON custom");
923 x_off = new->c_cc[VSTART];
924 changes |= RFCOMM_RPN_PM_XOFF;
925 } else {
926 BT_DBG("XON default");
927 x_off = RFCOMM_RPN_XOFF_CHAR;
930 /* Handle setting of stop bits */
931 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
932 changes |= RFCOMM_RPN_PM_STOP;
934 /* POSIX does not support 1.5 stop bits and RFCOMM does not
935 * support 2 stop bits. So a request for 2 stop bits gets
936 * translated to 1.5 stop bits */
937 if (new->c_cflag & CSTOPB)
938 stop_bits = RFCOMM_RPN_STOP_15;
939 else
940 stop_bits = RFCOMM_RPN_STOP_1;
942 /* Handle number of data bits [5-8] */
943 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
944 changes |= RFCOMM_RPN_PM_DATA;
946 switch (new->c_cflag & CSIZE) {
947 case CS5:
948 data_bits = RFCOMM_RPN_DATA_5;
949 break;
950 case CS6:
951 data_bits = RFCOMM_RPN_DATA_6;
952 break;
953 case CS7:
954 data_bits = RFCOMM_RPN_DATA_7;
955 break;
956 case CS8:
957 data_bits = RFCOMM_RPN_DATA_8;
958 break;
959 default:
960 data_bits = RFCOMM_RPN_DATA_8;
961 break;
964 /* Handle baudrate settings */
965 if (old_baud_rate != new_baud_rate)
966 changes |= RFCOMM_RPN_PM_BITRATE;
968 switch (new_baud_rate) {
969 case 2400:
970 baud = RFCOMM_RPN_BR_2400;
971 break;
972 case 4800:
973 baud = RFCOMM_RPN_BR_4800;
974 break;
975 case 7200:
976 baud = RFCOMM_RPN_BR_7200;
977 break;
978 case 9600:
979 baud = RFCOMM_RPN_BR_9600;
980 break;
981 case 19200:
982 baud = RFCOMM_RPN_BR_19200;
983 break;
984 case 38400:
985 baud = RFCOMM_RPN_BR_38400;
986 break;
987 case 57600:
988 baud = RFCOMM_RPN_BR_57600;
989 break;
990 case 115200:
991 baud = RFCOMM_RPN_BR_115200;
992 break;
993 case 230400:
994 baud = RFCOMM_RPN_BR_230400;
995 break;
996 default:
997 /* 9600 is standard accordinag to the RFCOMM specification */
998 baud = RFCOMM_RPN_BR_9600;
999 break;
1003 if (changes)
1004 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1005 data_bits, stop_bits, parity,
1006 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1009 static void rfcomm_tty_throttle(struct tty_struct *tty)
1011 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1013 BT_DBG("tty %p dev %p", tty, dev);
1015 rfcomm_dlc_throttle(dev->dlc);
1018 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1020 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1022 BT_DBG("tty %p dev %p", tty, dev);
1024 rfcomm_dlc_unthrottle(dev->dlc);
1027 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1029 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1031 BT_DBG("tty %p dev %p", tty, dev);
1033 if (!dev || !dev->dlc)
1034 return 0;
1036 if (!skb_queue_empty(&dev->dlc->tx_queue))
1037 return dev->dlc->mtu;
1039 return 0;
1042 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1044 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1046 BT_DBG("tty %p dev %p", tty, dev);
1048 if (!dev || !dev->dlc)
1049 return;
1051 skb_queue_purge(&dev->dlc->tx_queue);
1052 tty_wakeup(tty);
1055 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1057 BT_DBG("tty %p ch %c", tty, ch);
1060 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1062 BT_DBG("tty %p timeout %d", tty, timeout);
1065 static void rfcomm_tty_hangup(struct tty_struct *tty)
1067 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1069 BT_DBG("tty %p dev %p", tty, dev);
1071 tty_port_hangup(&dev->port);
1074 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1076 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1078 BT_DBG("tty %p dev %p", tty, dev);
1080 return dev->modem_status;
1083 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1085 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1086 struct rfcomm_dlc *dlc = dev->dlc;
1087 u8 v24_sig;
1089 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1091 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1093 if (set & TIOCM_DSR || set & TIOCM_DTR)
1094 v24_sig |= RFCOMM_V24_RTC;
1095 if (set & TIOCM_RTS || set & TIOCM_CTS)
1096 v24_sig |= RFCOMM_V24_RTR;
1097 if (set & TIOCM_RI)
1098 v24_sig |= RFCOMM_V24_IC;
1099 if (set & TIOCM_CD)
1100 v24_sig |= RFCOMM_V24_DV;
1102 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1103 v24_sig &= ~RFCOMM_V24_RTC;
1104 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1105 v24_sig &= ~RFCOMM_V24_RTR;
1106 if (clear & TIOCM_RI)
1107 v24_sig &= ~RFCOMM_V24_IC;
1108 if (clear & TIOCM_CD)
1109 v24_sig &= ~RFCOMM_V24_DV;
1111 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1113 return 0;
1116 /* ---- TTY structure ---- */
1118 static const struct tty_operations rfcomm_ops = {
1119 .open = rfcomm_tty_open,
1120 .close = rfcomm_tty_close,
1121 .write = rfcomm_tty_write,
1122 .write_room = rfcomm_tty_write_room,
1123 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1124 .flush_buffer = rfcomm_tty_flush_buffer,
1125 .ioctl = rfcomm_tty_ioctl,
1126 .throttle = rfcomm_tty_throttle,
1127 .unthrottle = rfcomm_tty_unthrottle,
1128 .set_termios = rfcomm_tty_set_termios,
1129 .send_xchar = rfcomm_tty_send_xchar,
1130 .hangup = rfcomm_tty_hangup,
1131 .wait_until_sent = rfcomm_tty_wait_until_sent,
1132 .tiocmget = rfcomm_tty_tiocmget,
1133 .tiocmset = rfcomm_tty_tiocmset,
1134 .install = rfcomm_tty_install,
1135 .cleanup = rfcomm_tty_cleanup,
1138 int __init rfcomm_init_ttys(void)
1140 int error;
1142 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1143 if (!rfcomm_tty_driver)
1144 return -ENOMEM;
1146 rfcomm_tty_driver->driver_name = "rfcomm";
1147 rfcomm_tty_driver->name = "rfcomm";
1148 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1149 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1150 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1151 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1152 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1153 rfcomm_tty_driver->init_termios = tty_std_termios;
1154 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1155 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1156 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1158 error = tty_register_driver(rfcomm_tty_driver);
1159 if (error) {
1160 BT_ERR("Can't register RFCOMM TTY driver");
1161 put_tty_driver(rfcomm_tty_driver);
1162 return error;
1165 BT_INFO("RFCOMM TTY layer initialized");
1167 return 0;
1170 void rfcomm_cleanup_ttys(void)
1172 tty_unregister_driver(rfcomm_tty_driver);
1173 put_tty_driver(rfcomm_tty_driver);