1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41 #define RFCOMM_TTY_MINOR 0
42
43 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
44 static struct tty_driver *rfcomm_tty_driver;
45
46 struct rfcomm_dev {
47 struct tty_port port;
48 struct list_head list;
49
50 char name[12];
51 int id;
52 unsigned long flags;
53 int err;
54
55 unsigned long status; /* don't export to userspace */
56
57 bdaddr_t src;
58 bdaddr_t dst;
59 u8 channel;
60
61 uint modem_status;
62
63 struct rfcomm_dlc *dlc;
64
65 struct device *tty_dev;
66
67 atomic_t wmem_alloc;
68
69 struct sk_buff_head pending;
70 };
71
72 static LIST_HEAD(rfcomm_dev_list);
73 static DEFINE_MUTEX(rfcomm_dev_lock);
74
75 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
77 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
78
79 /* ---- Device functions ---- */
80
rfcomm_dev_destruct(struct tty_port * port)81 static void rfcomm_dev_destruct(struct tty_port *port)
82 {
83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
84 struct rfcomm_dlc *dlc = dev->dlc;
85
86 BT_DBG("dev %p dlc %p", dev, dlc);
87
88 rfcomm_dlc_lock(dlc);
89 /* Detach DLC if it's owned by this dev */
90 if (dlc->owner == dev)
91 dlc->owner = NULL;
92 rfcomm_dlc_unlock(dlc);
93
94 rfcomm_dlc_put(dlc);
95
96 if (dev->tty_dev)
97 tty_unregister_device(rfcomm_tty_driver, dev->id);
98
99 mutex_lock(&rfcomm_dev_lock);
100 list_del(&dev->list);
101 mutex_unlock(&rfcomm_dev_lock);
102
103 kfree(dev);
104
105 /* It's safe to call module_put() here because socket still
106 holds reference to this module. */
107 module_put(THIS_MODULE);
108 }
109
110 /* device-specific initialization: open the dlc */
rfcomm_dev_activate(struct tty_port * port,struct tty_struct * tty)111 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
112 {
113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
114 int err;
115
116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
117 if (err)
118 set_bit(TTY_IO_ERROR, &tty->flags);
119 return err;
120 }
121
122 /* we block the open until the dlc->state becomes BT_CONNECTED */
rfcomm_dev_carrier_raised(struct tty_port * port)123 static int rfcomm_dev_carrier_raised(struct tty_port *port)
124 {
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126
127 return (dev->dlc->state == BT_CONNECTED);
128 }
129
130 /* device-specific cleanup: close the dlc */
rfcomm_dev_shutdown(struct tty_port * port)131 static void rfcomm_dev_shutdown(struct tty_port *port)
132 {
133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
134
135 if (dev->tty_dev->parent)
136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
137
138 /* close the dlc */
139 rfcomm_dlc_close(dev->dlc, 0);
140 }
141
142 static const struct tty_port_operations rfcomm_port_ops = {
143 .destruct = rfcomm_dev_destruct,
144 .activate = rfcomm_dev_activate,
145 .shutdown = rfcomm_dev_shutdown,
146 .carrier_raised = rfcomm_dev_carrier_raised,
147 };
148
__rfcomm_dev_lookup(int id)149 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
150 {
151 struct rfcomm_dev *dev;
152
153 list_for_each_entry(dev, &rfcomm_dev_list, list)
154 if (dev->id == id)
155 return dev;
156
157 return NULL;
158 }
159
rfcomm_dev_get(int id)160 static struct rfcomm_dev *rfcomm_dev_get(int id)
161 {
162 struct rfcomm_dev *dev;
163
164 mutex_lock(&rfcomm_dev_lock);
165
166 dev = __rfcomm_dev_lookup(id);
167
168 if (dev && !tty_port_get(&dev->port))
169 dev = NULL;
170
171 mutex_unlock(&rfcomm_dev_lock);
172
173 return dev;
174 }
175
rfcomm_reparent_device(struct rfcomm_dev * dev)176 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
177 {
178 struct hci_dev *hdev;
179 struct hci_conn *conn;
180
181 hdev = hci_get_route(&dev->dst, &dev->src);
182 if (!hdev)
183 return;
184
185 /* The lookup results are unsafe to access without the
186 * hci device lock (FIXME: why is this not documented?)
187 */
188 hci_dev_lock(hdev);
189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
190
191 /* Just because the acl link is in the hash table is no
192 * guarantee the sysfs device has been added ...
193 */
194 if (conn && device_is_registered(&conn->dev))
195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
196
197 hci_dev_unlock(hdev);
198 hci_dev_put(hdev);
199 }
200
show_address(struct device * tty_dev,struct device_attribute * attr,char * buf)201 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
202 {
203 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
204 return sprintf(buf, "%pMR\n", &dev->dst);
205 }
206
show_channel(struct device * tty_dev,struct device_attribute * attr,char * buf)207 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
208 {
209 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
210 return sprintf(buf, "%d\n", dev->channel);
211 }
212
213 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
214 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
215
__rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)216 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
217 struct rfcomm_dlc *dlc)
218 {
219 struct rfcomm_dev *dev, *entry;
220 struct list_head *head = &rfcomm_dev_list;
221 int err = 0;
222
223 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
224 if (!dev)
225 return ERR_PTR(-ENOMEM);
226
227 mutex_lock(&rfcomm_dev_lock);
228
229 if (req->dev_id < 0) {
230 dev->id = 0;
231
232 list_for_each_entry(entry, &rfcomm_dev_list, list) {
233 if (entry->id != dev->id)
234 break;
235
236 dev->id++;
237 head = &entry->list;
238 }
239 } else {
240 dev->id = req->dev_id;
241
242 list_for_each_entry(entry, &rfcomm_dev_list, list) {
243 if (entry->id == dev->id) {
244 err = -EADDRINUSE;
245 goto out;
246 }
247
248 if (entry->id > dev->id - 1)
249 break;
250
251 head = &entry->list;
252 }
253 }
254
255 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
256 err = -ENFILE;
257 goto out;
258 }
259
260 sprintf(dev->name, "rfcomm%d", dev->id);
261
262 list_add(&dev->list, head);
263
264 bacpy(&dev->src, &req->src);
265 bacpy(&dev->dst, &req->dst);
266 dev->channel = req->channel;
267
268 dev->flags = req->flags &
269 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
270
271 tty_port_init(&dev->port);
272 dev->port.ops = &rfcomm_port_ops;
273
274 skb_queue_head_init(&dev->pending);
275
276 rfcomm_dlc_lock(dlc);
277
278 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
279 struct sock *sk = dlc->owner;
280 struct sk_buff *skb;
281
282 BUG_ON(!sk);
283
284 rfcomm_dlc_throttle(dlc);
285
286 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
287 skb_orphan(skb);
288 skb_queue_tail(&dev->pending, skb);
289 atomic_sub(skb->len, &sk->sk_rmem_alloc);
290 }
291 }
292
293 dlc->data_ready = rfcomm_dev_data_ready;
294 dlc->state_change = rfcomm_dev_state_change;
295 dlc->modem_status = rfcomm_dev_modem_status;
296
297 dlc->owner = dev;
298 dev->dlc = dlc;
299
300 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
301
302 rfcomm_dlc_unlock(dlc);
303
304 /* It's safe to call __module_get() here because socket already
305 holds reference to this module. */
306 __module_get(THIS_MODULE);
307
308 mutex_unlock(&rfcomm_dev_lock);
309 return dev;
310
311 out:
312 mutex_unlock(&rfcomm_dev_lock);
313 kfree(dev);
314 return ERR_PTR(err);
315 }
316
rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)317 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
318 {
319 struct rfcomm_dev *dev;
320 struct device *tty;
321
322 BT_DBG("id %d channel %d", req->dev_id, req->channel);
323
324 dev = __rfcomm_dev_add(req, dlc);
325 if (IS_ERR(dev)) {
326 rfcomm_dlc_put(dlc);
327 return PTR_ERR(dev);
328 }
329
330 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
331 dev->id, NULL);
332 if (IS_ERR(tty)) {
333 tty_port_put(&dev->port);
334 return PTR_ERR(tty);
335 }
336
337 dev->tty_dev = tty;
338 rfcomm_reparent_device(dev);
339 dev_set_drvdata(dev->tty_dev, dev);
340
341 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
342 BT_ERR("Failed to create address attribute");
343
344 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
345 BT_ERR("Failed to create channel attribute");
346
347 return dev->id;
348 }
349
350 /* ---- Send buffer ---- */
rfcomm_room(struct rfcomm_dev * dev)351 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
352 {
353 struct rfcomm_dlc *dlc = dev->dlc;
354
355 /* Limit the outstanding number of packets not yet sent to 40 */
356 int pending = 40 - atomic_read(&dev->wmem_alloc);
357
358 return max(0, pending) * dlc->mtu;
359 }
360
rfcomm_wfree(struct sk_buff * skb)361 static void rfcomm_wfree(struct sk_buff *skb)
362 {
363 struct rfcomm_dev *dev = (void *) skb->sk;
364 atomic_dec(&dev->wmem_alloc);
365 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
366 tty_port_tty_wakeup(&dev->port);
367 tty_port_put(&dev->port);
368 }
369
rfcomm_set_owner_w(struct sk_buff * skb,struct rfcomm_dev * dev)370 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
371 {
372 tty_port_get(&dev->port);
373 atomic_inc(&dev->wmem_alloc);
374 skb->sk = (void *) dev;
375 skb->destructor = rfcomm_wfree;
376 }
377
rfcomm_wmalloc(struct rfcomm_dev * dev,unsigned long size,gfp_t priority)378 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
379 {
380 struct sk_buff *skb = alloc_skb(size, priority);
381 if (skb)
382 rfcomm_set_owner_w(skb, dev);
383 return skb;
384 }
385
386 /* ---- Device IOCTLs ---- */
387
388 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
389
__rfcomm_create_dev(struct sock * sk,void __user * arg)390 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
391 {
392 struct rfcomm_dev_req req;
393 struct rfcomm_dlc *dlc;
394 int id;
395
396 if (copy_from_user(&req, arg, sizeof(req)))
397 return -EFAULT;
398
399 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
400
401 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
402 return -EPERM;
403
404 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
405 /* Socket must be connected */
406 if (sk->sk_state != BT_CONNECTED)
407 return -EBADFD;
408
409 dlc = rfcomm_pi(sk)->dlc;
410 rfcomm_dlc_hold(dlc);
411 } else {
412 /* Validate the channel is unused */
413 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
414 if (IS_ERR(dlc))
415 return PTR_ERR(dlc);
416 if (dlc)
417 return -EBUSY;
418 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
419 if (!dlc)
420 return -ENOMEM;
421 }
422
423 id = rfcomm_dev_add(&req, dlc);
424 if (id < 0)
425 return id;
426
427 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
428 /* DLC is now used by device.
429 * Socket must be disconnected */
430 sk->sk_state = BT_CLOSED;
431 }
432
433 return id;
434 }
435
__rfcomm_release_dev(void __user * arg)436 static int __rfcomm_release_dev(void __user *arg)
437 {
438 struct rfcomm_dev_req req;
439 struct rfcomm_dev *dev;
440 struct tty_struct *tty;
441
442 if (copy_from_user(&req, arg, sizeof(req)))
443 return -EFAULT;
444
445 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
446
447 dev = rfcomm_dev_get(req.dev_id);
448 if (!dev)
449 return -ENODEV;
450
451 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
452 tty_port_put(&dev->port);
453 return -EPERM;
454 }
455
456 /* only release once */
457 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
458 tty_port_put(&dev->port);
459 return -EALREADY;
460 }
461
462 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
463 rfcomm_dlc_close(dev->dlc, 0);
464
465 /* Shut down TTY synchronously before freeing rfcomm_dev */
466 tty = tty_port_tty_get(&dev->port);
467 if (tty) {
468 tty_vhangup(tty);
469 tty_kref_put(tty);
470 }
471
472 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
473 tty_port_put(&dev->port);
474
475 tty_port_put(&dev->port);
476 return 0;
477 }
478
rfcomm_create_dev(struct sock * sk,void __user * arg)479 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
480 {
481 int ret;
482
483 mutex_lock(&rfcomm_ioctl_mutex);
484 ret = __rfcomm_create_dev(sk, arg);
485 mutex_unlock(&rfcomm_ioctl_mutex);
486
487 return ret;
488 }
489
rfcomm_release_dev(void __user * arg)490 static int rfcomm_release_dev(void __user *arg)
491 {
492 int ret;
493
494 mutex_lock(&rfcomm_ioctl_mutex);
495 ret = __rfcomm_release_dev(arg);
496 mutex_unlock(&rfcomm_ioctl_mutex);
497
498 return ret;
499 }
500
rfcomm_get_dev_list(void __user * arg)501 static int rfcomm_get_dev_list(void __user *arg)
502 {
503 struct rfcomm_dev *dev;
504 struct rfcomm_dev_list_req *dl;
505 struct rfcomm_dev_info *di;
506 int n = 0, size, err;
507 u16 dev_num;
508
509 BT_DBG("");
510
511 if (get_user(dev_num, (u16 __user *) arg))
512 return -EFAULT;
513
514 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
515 return -EINVAL;
516
517 size = sizeof(*dl) + dev_num * sizeof(*di);
518
519 dl = kzalloc(size, GFP_KERNEL);
520 if (!dl)
521 return -ENOMEM;
522
523 di = dl->dev_info;
524
525 mutex_lock(&rfcomm_dev_lock);
526
527 list_for_each_entry(dev, &rfcomm_dev_list, list) {
528 if (!tty_port_get(&dev->port))
529 continue;
530 (di + n)->id = dev->id;
531 (di + n)->flags = dev->flags;
532 (di + n)->state = dev->dlc->state;
533 (di + n)->channel = dev->channel;
534 bacpy(&(di + n)->src, &dev->src);
535 bacpy(&(di + n)->dst, &dev->dst);
536 tty_port_put(&dev->port);
537 if (++n >= dev_num)
538 break;
539 }
540
541 mutex_unlock(&rfcomm_dev_lock);
542
543 dl->dev_num = n;
544 size = sizeof(*dl) + n * sizeof(*di);
545
546 err = copy_to_user(arg, dl, size);
547 kfree(dl);
548
549 return err ? -EFAULT : 0;
550 }
551
rfcomm_get_dev_info(void __user * arg)552 static int rfcomm_get_dev_info(void __user *arg)
553 {
554 struct rfcomm_dev *dev;
555 struct rfcomm_dev_info di;
556 int err = 0;
557
558 BT_DBG("");
559
560 if (copy_from_user(&di, arg, sizeof(di)))
561 return -EFAULT;
562
563 dev = rfcomm_dev_get(di.id);
564 if (!dev)
565 return -ENODEV;
566
567 di.flags = dev->flags;
568 di.channel = dev->channel;
569 di.state = dev->dlc->state;
570 bacpy(&di.src, &dev->src);
571 bacpy(&di.dst, &dev->dst);
572
573 if (copy_to_user(arg, &di, sizeof(di)))
574 err = -EFAULT;
575
576 tty_port_put(&dev->port);
577 return err;
578 }
579
rfcomm_dev_ioctl(struct sock * sk,unsigned int cmd,void __user * arg)580 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
581 {
582 BT_DBG("cmd %d arg %p", cmd, arg);
583
584 switch (cmd) {
585 case RFCOMMCREATEDEV:
586 return rfcomm_create_dev(sk, arg);
587
588 case RFCOMMRELEASEDEV:
589 return rfcomm_release_dev(arg);
590
591 case RFCOMMGETDEVLIST:
592 return rfcomm_get_dev_list(arg);
593
594 case RFCOMMGETDEVINFO:
595 return rfcomm_get_dev_info(arg);
596 }
597
598 return -EINVAL;
599 }
600
601 /* ---- DLC callbacks ---- */
rfcomm_dev_data_ready(struct rfcomm_dlc * dlc,struct sk_buff * skb)602 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
603 {
604 struct rfcomm_dev *dev = dlc->owner;
605
606 if (!dev) {
607 kfree_skb(skb);
608 return;
609 }
610
611 if (!skb_queue_empty(&dev->pending)) {
612 skb_queue_tail(&dev->pending, skb);
613 return;
614 }
615
616 BT_DBG("dlc %p len %d", dlc, skb->len);
617
618 tty_insert_flip_string(&dev->port, skb->data, skb->len);
619 tty_flip_buffer_push(&dev->port);
620
621 kfree_skb(skb);
622 }
623
rfcomm_dev_state_change(struct rfcomm_dlc * dlc,int err)624 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
625 {
626 struct rfcomm_dev *dev = dlc->owner;
627 if (!dev)
628 return;
629
630 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
631
632 dev->err = err;
633 if (dlc->state == BT_CONNECTED) {
634 rfcomm_reparent_device(dev);
635
636 wake_up_interruptible(&dev->port.open_wait);
637 } else if (dlc->state == BT_CLOSED)
638 tty_port_tty_hangup(&dev->port, false);
639 }
640
rfcomm_dev_modem_status(struct rfcomm_dlc * dlc,u8 v24_sig)641 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
642 {
643 struct rfcomm_dev *dev = dlc->owner;
644 if (!dev)
645 return;
646
647 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
648
649 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
650 tty_port_tty_hangup(&dev->port, true);
651
652 dev->modem_status =
653 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
654 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
655 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
656 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
657 }
658
659 /* ---- TTY functions ---- */
rfcomm_tty_copy_pending(struct rfcomm_dev * dev)660 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
661 {
662 struct sk_buff *skb;
663 int inserted = 0;
664
665 BT_DBG("dev %p", dev);
666
667 rfcomm_dlc_lock(dev->dlc);
668
669 while ((skb = skb_dequeue(&dev->pending))) {
670 inserted += tty_insert_flip_string(&dev->port, skb->data,
671 skb->len);
672 kfree_skb(skb);
673 }
674
675 rfcomm_dlc_unlock(dev->dlc);
676
677 if (inserted > 0)
678 tty_flip_buffer_push(&dev->port);
679 }
680
681 /* do the reverse of install, clearing the tty fields and releasing the
682 * reference to tty_port
683 */
rfcomm_tty_cleanup(struct tty_struct * tty)684 static void rfcomm_tty_cleanup(struct tty_struct *tty)
685 {
686 struct rfcomm_dev *dev = tty->driver_data;
687
688 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
689
690 rfcomm_dlc_lock(dev->dlc);
691 tty->driver_data = NULL;
692 rfcomm_dlc_unlock(dev->dlc);
693
694 /*
695 * purge the dlc->tx_queue to avoid circular dependencies
696 * between dev and dlc
697 */
698 skb_queue_purge(&dev->dlc->tx_queue);
699
700 tty_port_put(&dev->port);
701 }
702
703 /* we acquire the tty_port reference since it's here the tty is first used
704 * by setting the termios. We also populate the driver_data field and install
705 * the tty port
706 */
rfcomm_tty_install(struct tty_driver * driver,struct tty_struct * tty)707 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
708 {
709 struct rfcomm_dev *dev;
710 struct rfcomm_dlc *dlc;
711 int err;
712
713 dev = rfcomm_dev_get(tty->index);
714 if (!dev)
715 return -ENODEV;
716
717 dlc = dev->dlc;
718
719 /* Attach TTY and open DLC */
720 rfcomm_dlc_lock(dlc);
721 tty->driver_data = dev;
722 rfcomm_dlc_unlock(dlc);
723 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
724
725 /* install the tty_port */
726 err = tty_port_install(&dev->port, driver, tty);
727 if (err) {
728 rfcomm_tty_cleanup(tty);
729 return err;
730 }
731
732 /* take over the tty_port reference if the port was created with the
733 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
734 * when the last process closes the tty. The behaviour is expected by
735 * userspace.
736 */
737 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
738 set_bit(RFCOMM_TTY_OWNED, &dev->status);
739 tty_port_put(&dev->port);
740 }
741
742 return 0;
743 }
744
rfcomm_tty_open(struct tty_struct * tty,struct file * filp)745 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
746 {
747 struct rfcomm_dev *dev = tty->driver_data;
748 int err;
749
750 BT_DBG("tty %p id %d", tty, tty->index);
751
752 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
753 dev->channel, dev->port.count);
754
755 err = tty_port_open(&dev->port, tty, filp);
756 if (err)
757 return err;
758
759 /*
760 * FIXME: rfcomm should use proper flow control for
761 * received data. This hack will be unnecessary and can
762 * be removed when that's implemented
763 */
764 rfcomm_tty_copy_pending(dev);
765
766 rfcomm_dlc_unthrottle(dev->dlc);
767
768 return 0;
769 }
770
rfcomm_tty_close(struct tty_struct * tty,struct file * filp)771 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
772 {
773 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
774
775 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
776 dev->port.count);
777
778 tty_port_close(&dev->port, tty, filp);
779 }
780
rfcomm_tty_write(struct tty_struct * tty,const unsigned char * buf,int count)781 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
782 {
783 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
784 struct rfcomm_dlc *dlc = dev->dlc;
785 struct sk_buff *skb;
786 int sent = 0, size;
787
788 BT_DBG("tty %p count %d", tty, count);
789
790 while (count) {
791 size = min_t(uint, count, dlc->mtu);
792
793 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
794 if (!skb)
795 break;
796
797 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
798
799 memcpy(skb_put(skb, size), buf + sent, size);
800
801 rfcomm_dlc_send_noerror(dlc, skb);
802
803 sent += size;
804 count -= size;
805 }
806
807 return sent;
808 }
809
rfcomm_tty_write_room(struct tty_struct * tty)810 static int rfcomm_tty_write_room(struct tty_struct *tty)
811 {
812 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
813 int room = 0;
814
815 if (dev && dev->dlc)
816 room = rfcomm_room(dev);
817
818 BT_DBG("tty %p room %d", tty, room);
819
820 return room;
821 }
822
rfcomm_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)823 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
824 {
825 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
826
827 switch (cmd) {
828 case TCGETS:
829 BT_DBG("TCGETS is not supported");
830 return -ENOIOCTLCMD;
831
832 case TCSETS:
833 BT_DBG("TCSETS is not supported");
834 return -ENOIOCTLCMD;
835
836 case TIOCMIWAIT:
837 BT_DBG("TIOCMIWAIT");
838 break;
839
840 case TIOCGSERIAL:
841 BT_ERR("TIOCGSERIAL is not supported");
842 return -ENOIOCTLCMD;
843
844 case TIOCSSERIAL:
845 BT_ERR("TIOCSSERIAL is not supported");
846 return -ENOIOCTLCMD;
847
848 case TIOCSERGSTRUCT:
849 BT_ERR("TIOCSERGSTRUCT is not supported");
850 return -ENOIOCTLCMD;
851
852 case TIOCSERGETLSR:
853 BT_ERR("TIOCSERGETLSR is not supported");
854 return -ENOIOCTLCMD;
855
856 case TIOCSERCONFIG:
857 BT_ERR("TIOCSERCONFIG is not supported");
858 return -ENOIOCTLCMD;
859
860 default:
861 return -ENOIOCTLCMD; /* ioctls which we must ignore */
862
863 }
864
865 return -ENOIOCTLCMD;
866 }
867
rfcomm_tty_set_termios(struct tty_struct * tty,struct ktermios * old)868 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
869 {
870 struct ktermios *new = &tty->termios;
871 int old_baud_rate = tty_termios_baud_rate(old);
872 int new_baud_rate = tty_termios_baud_rate(new);
873
874 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
875 u16 changes = 0;
876
877 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
878
879 BT_DBG("tty %p termios %p", tty, old);
880
881 if (!dev || !dev->dlc || !dev->dlc->session)
882 return;
883
884 /* Handle turning off CRTSCTS */
885 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
886 BT_DBG("Turning off CRTSCTS unsupported");
887
888 /* Parity on/off and when on, odd/even */
889 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
890 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
891 changes |= RFCOMM_RPN_PM_PARITY;
892 BT_DBG("Parity change detected.");
893 }
894
895 /* Mark and space parity are not supported! */
896 if (new->c_cflag & PARENB) {
897 if (new->c_cflag & PARODD) {
898 BT_DBG("Parity is ODD");
899 parity = RFCOMM_RPN_PARITY_ODD;
900 } else {
901 BT_DBG("Parity is EVEN");
902 parity = RFCOMM_RPN_PARITY_EVEN;
903 }
904 } else {
905 BT_DBG("Parity is OFF");
906 parity = RFCOMM_RPN_PARITY_NONE;
907 }
908
909 /* Setting the x_on / x_off characters */
910 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
911 BT_DBG("XOFF custom");
912 x_on = new->c_cc[VSTOP];
913 changes |= RFCOMM_RPN_PM_XON;
914 } else {
915 BT_DBG("XOFF default");
916 x_on = RFCOMM_RPN_XON_CHAR;
917 }
918
919 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
920 BT_DBG("XON custom");
921 x_off = new->c_cc[VSTART];
922 changes |= RFCOMM_RPN_PM_XOFF;
923 } else {
924 BT_DBG("XON default");
925 x_off = RFCOMM_RPN_XOFF_CHAR;
926 }
927
928 /* Handle setting of stop bits */
929 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
930 changes |= RFCOMM_RPN_PM_STOP;
931
932 /* POSIX does not support 1.5 stop bits and RFCOMM does not
933 * support 2 stop bits. So a request for 2 stop bits gets
934 * translated to 1.5 stop bits */
935 if (new->c_cflag & CSTOPB)
936 stop_bits = RFCOMM_RPN_STOP_15;
937 else
938 stop_bits = RFCOMM_RPN_STOP_1;
939
940 /* Handle number of data bits [5-8] */
941 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
942 changes |= RFCOMM_RPN_PM_DATA;
943
944 switch (new->c_cflag & CSIZE) {
945 case CS5:
946 data_bits = RFCOMM_RPN_DATA_5;
947 break;
948 case CS6:
949 data_bits = RFCOMM_RPN_DATA_6;
950 break;
951 case CS7:
952 data_bits = RFCOMM_RPN_DATA_7;
953 break;
954 case CS8:
955 data_bits = RFCOMM_RPN_DATA_8;
956 break;
957 default:
958 data_bits = RFCOMM_RPN_DATA_8;
959 break;
960 }
961
962 /* Handle baudrate settings */
963 if (old_baud_rate != new_baud_rate)
964 changes |= RFCOMM_RPN_PM_BITRATE;
965
966 switch (new_baud_rate) {
967 case 2400:
968 baud = RFCOMM_RPN_BR_2400;
969 break;
970 case 4800:
971 baud = RFCOMM_RPN_BR_4800;
972 break;
973 case 7200:
974 baud = RFCOMM_RPN_BR_7200;
975 break;
976 case 9600:
977 baud = RFCOMM_RPN_BR_9600;
978 break;
979 case 19200:
980 baud = RFCOMM_RPN_BR_19200;
981 break;
982 case 38400:
983 baud = RFCOMM_RPN_BR_38400;
984 break;
985 case 57600:
986 baud = RFCOMM_RPN_BR_57600;
987 break;
988 case 115200:
989 baud = RFCOMM_RPN_BR_115200;
990 break;
991 case 230400:
992 baud = RFCOMM_RPN_BR_230400;
993 break;
994 default:
995 /* 9600 is standard accordinag to the RFCOMM specification */
996 baud = RFCOMM_RPN_BR_9600;
997 break;
998
999 }
1000
1001 if (changes)
1002 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1003 data_bits, stop_bits, parity,
1004 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1005 }
1006
rfcomm_tty_throttle(struct tty_struct * tty)1007 static void rfcomm_tty_throttle(struct tty_struct *tty)
1008 {
1009 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1010
1011 BT_DBG("tty %p dev %p", tty, dev);
1012
1013 rfcomm_dlc_throttle(dev->dlc);
1014 }
1015
rfcomm_tty_unthrottle(struct tty_struct * tty)1016 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1017 {
1018 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1019
1020 BT_DBG("tty %p dev %p", tty, dev);
1021
1022 rfcomm_dlc_unthrottle(dev->dlc);
1023 }
1024
rfcomm_tty_chars_in_buffer(struct tty_struct * tty)1025 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1026 {
1027 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1028
1029 BT_DBG("tty %p dev %p", tty, dev);
1030
1031 if (!dev || !dev->dlc)
1032 return 0;
1033
1034 if (!skb_queue_empty(&dev->dlc->tx_queue))
1035 return dev->dlc->mtu;
1036
1037 return 0;
1038 }
1039
rfcomm_tty_flush_buffer(struct tty_struct * tty)1040 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1041 {
1042 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1043
1044 BT_DBG("tty %p dev %p", tty, dev);
1045
1046 if (!dev || !dev->dlc)
1047 return;
1048
1049 skb_queue_purge(&dev->dlc->tx_queue);
1050 tty_wakeup(tty);
1051 }
1052
rfcomm_tty_send_xchar(struct tty_struct * tty,char ch)1053 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1054 {
1055 BT_DBG("tty %p ch %c", tty, ch);
1056 }
1057
rfcomm_tty_wait_until_sent(struct tty_struct * tty,int timeout)1058 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1059 {
1060 BT_DBG("tty %p timeout %d", tty, timeout);
1061 }
1062
rfcomm_tty_hangup(struct tty_struct * tty)1063 static void rfcomm_tty_hangup(struct tty_struct *tty)
1064 {
1065 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1066
1067 BT_DBG("tty %p dev %p", tty, dev);
1068
1069 tty_port_hangup(&dev->port);
1070 }
1071
rfcomm_tty_tiocmget(struct tty_struct * tty)1072 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1073 {
1074 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1075
1076 BT_DBG("tty %p dev %p", tty, dev);
1077
1078 return dev->modem_status;
1079 }
1080
rfcomm_tty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)1081 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1082 {
1083 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1084 struct rfcomm_dlc *dlc = dev->dlc;
1085 u8 v24_sig;
1086
1087 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1088
1089 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1090
1091 if (set & TIOCM_DSR || set & TIOCM_DTR)
1092 v24_sig |= RFCOMM_V24_RTC;
1093 if (set & TIOCM_RTS || set & TIOCM_CTS)
1094 v24_sig |= RFCOMM_V24_RTR;
1095 if (set & TIOCM_RI)
1096 v24_sig |= RFCOMM_V24_IC;
1097 if (set & TIOCM_CD)
1098 v24_sig |= RFCOMM_V24_DV;
1099
1100 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1101 v24_sig &= ~RFCOMM_V24_RTC;
1102 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1103 v24_sig &= ~RFCOMM_V24_RTR;
1104 if (clear & TIOCM_RI)
1105 v24_sig &= ~RFCOMM_V24_IC;
1106 if (clear & TIOCM_CD)
1107 v24_sig &= ~RFCOMM_V24_DV;
1108
1109 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1110
1111 return 0;
1112 }
1113
1114 /* ---- TTY structure ---- */
1115
1116 static const struct tty_operations rfcomm_ops = {
1117 .open = rfcomm_tty_open,
1118 .close = rfcomm_tty_close,
1119 .write = rfcomm_tty_write,
1120 .write_room = rfcomm_tty_write_room,
1121 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1122 .flush_buffer = rfcomm_tty_flush_buffer,
1123 .ioctl = rfcomm_tty_ioctl,
1124 .throttle = rfcomm_tty_throttle,
1125 .unthrottle = rfcomm_tty_unthrottle,
1126 .set_termios = rfcomm_tty_set_termios,
1127 .send_xchar = rfcomm_tty_send_xchar,
1128 .hangup = rfcomm_tty_hangup,
1129 .wait_until_sent = rfcomm_tty_wait_until_sent,
1130 .tiocmget = rfcomm_tty_tiocmget,
1131 .tiocmset = rfcomm_tty_tiocmset,
1132 .install = rfcomm_tty_install,
1133 .cleanup = rfcomm_tty_cleanup,
1134 };
1135
rfcomm_init_ttys(void)1136 int __init rfcomm_init_ttys(void)
1137 {
1138 int error;
1139
1140 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1141 if (!rfcomm_tty_driver)
1142 return -ENOMEM;
1143
1144 rfcomm_tty_driver->driver_name = "rfcomm";
1145 rfcomm_tty_driver->name = "rfcomm";
1146 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1147 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1148 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1149 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1150 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1151 rfcomm_tty_driver->init_termios = tty_std_termios;
1152 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1153 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1154 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1155
1156 error = tty_register_driver(rfcomm_tty_driver);
1157 if (error) {
1158 BT_ERR("Can't register RFCOMM TTY driver");
1159 put_tty_driver(rfcomm_tty_driver);
1160 return error;
1161 }
1162
1163 BT_INFO("RFCOMM TTY layer initialized");
1164
1165 return 0;
1166 }
1167
rfcomm_cleanup_ttys(void)1168 void rfcomm_cleanup_ttys(void)
1169 {
1170 tty_unregister_driver(rfcomm_tty_driver);
1171 put_tty_driver(rfcomm_tty_driver);
1172 }
1173