1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41 #define RFCOMM_TTY_MINOR 0
42
43 static DEFINE_MUTEX(rfcomm_ioctl_mutex);
44 static struct tty_driver *rfcomm_tty_driver;
45
46 struct rfcomm_dev {
47 struct tty_port port;
48 struct list_head list;
49
50 char name[12];
51 int id;
52 unsigned long flags;
53 int err;
54
55 unsigned long status; /* don't export to userspace */
56
57 bdaddr_t src;
58 bdaddr_t dst;
59 u8 channel;
60
61 uint modem_status;
62
63 struct rfcomm_dlc *dlc;
64
65 struct device *tty_dev;
66
67 atomic_t wmem_alloc;
68
69 struct sk_buff_head pending;
70 };
71
72 static LIST_HEAD(rfcomm_dev_list);
73 static DEFINE_MUTEX(rfcomm_dev_lock);
74
75 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
77 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
78
79 /* ---- Device functions ---- */
80
rfcomm_dev_destruct(struct tty_port * port)81 static void rfcomm_dev_destruct(struct tty_port *port)
82 {
83 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
84 struct rfcomm_dlc *dlc = dev->dlc;
85
86 BT_DBG("dev %p dlc %p", dev, dlc);
87
88 rfcomm_dlc_lock(dlc);
89 /* Detach DLC if it's owned by this dev */
90 if (dlc->owner == dev)
91 dlc->owner = NULL;
92 rfcomm_dlc_unlock(dlc);
93
94 rfcomm_dlc_put(dlc);
95
96 if (dev->tty_dev)
97 tty_unregister_device(rfcomm_tty_driver, dev->id);
98
99 mutex_lock(&rfcomm_dev_lock);
100 list_del(&dev->list);
101 mutex_unlock(&rfcomm_dev_lock);
102
103 kfree(dev);
104
105 /* It's safe to call module_put() here because socket still
106 holds reference to this module. */
107 module_put(THIS_MODULE);
108 }
109
110 /* device-specific initialization: open the dlc */
rfcomm_dev_activate(struct tty_port * port,struct tty_struct * tty)111 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
112 {
113 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
114 int err;
115
116 err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
117 if (err)
118 set_bit(TTY_IO_ERROR, &tty->flags);
119 return err;
120 }
121
122 /* we block the open until the dlc->state becomes BT_CONNECTED */
rfcomm_dev_carrier_raised(struct tty_port * port)123 static int rfcomm_dev_carrier_raised(struct tty_port *port)
124 {
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126
127 return (dev->dlc->state == BT_CONNECTED);
128 }
129
130 /* device-specific cleanup: close the dlc */
rfcomm_dev_shutdown(struct tty_port * port)131 static void rfcomm_dev_shutdown(struct tty_port *port)
132 {
133 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
134
135 if (dev->tty_dev->parent)
136 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
137
138 /* close the dlc */
139 rfcomm_dlc_close(dev->dlc, 0);
140 }
141
142 static const struct tty_port_operations rfcomm_port_ops = {
143 .destruct = rfcomm_dev_destruct,
144 .activate = rfcomm_dev_activate,
145 .shutdown = rfcomm_dev_shutdown,
146 .carrier_raised = rfcomm_dev_carrier_raised,
147 };
148
__rfcomm_dev_lookup(int id)149 static struct rfcomm_dev *__rfcomm_dev_lookup(int id)
150 {
151 struct rfcomm_dev *dev;
152
153 list_for_each_entry(dev, &rfcomm_dev_list, list)
154 if (dev->id == id)
155 return dev;
156
157 return NULL;
158 }
159
rfcomm_dev_get(int id)160 static struct rfcomm_dev *rfcomm_dev_get(int id)
161 {
162 struct rfcomm_dev *dev;
163
164 mutex_lock(&rfcomm_dev_lock);
165
166 dev = __rfcomm_dev_lookup(id);
167
168 if (dev && !tty_port_get(&dev->port))
169 dev = NULL;
170
171 mutex_unlock(&rfcomm_dev_lock);
172
173 return dev;
174 }
175
rfcomm_reparent_device(struct rfcomm_dev * dev)176 static void rfcomm_reparent_device(struct rfcomm_dev *dev)
177 {
178 struct hci_dev *hdev;
179 struct hci_conn *conn;
180
181 hdev = hci_get_route(&dev->dst, &dev->src, BDADDR_BREDR);
182 if (!hdev)
183 return;
184
185 /* The lookup results are unsafe to access without the
186 * hci device lock (FIXME: why is this not documented?)
187 */
188 hci_dev_lock(hdev);
189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
190
191 /* Just because the acl link is in the hash table is no
192 * guarantee the sysfs device has been added ...
193 */
194 if (conn && device_is_registered(&conn->dev))
195 device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT);
196
197 hci_dev_unlock(hdev);
198 hci_dev_put(hdev);
199 }
200
address_show(struct device * tty_dev,struct device_attribute * attr,char * buf)201 static ssize_t address_show(struct device *tty_dev,
202 struct device_attribute *attr, char *buf)
203 {
204 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
205 return sprintf(buf, "%pMR\n", &dev->dst);
206 }
207
channel_show(struct device * tty_dev,struct device_attribute * attr,char * buf)208 static ssize_t channel_show(struct device *tty_dev,
209 struct device_attribute *attr, char *buf)
210 {
211 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
212 return sprintf(buf, "%d\n", dev->channel);
213 }
214
215 static DEVICE_ATTR_RO(address);
216 static DEVICE_ATTR_RO(channel);
217
__rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)218 static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req,
219 struct rfcomm_dlc *dlc)
220 {
221 struct rfcomm_dev *dev, *entry;
222 struct list_head *head = &rfcomm_dev_list;
223 int err = 0;
224
225 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
226 if (!dev)
227 return ERR_PTR(-ENOMEM);
228
229 mutex_lock(&rfcomm_dev_lock);
230
231 if (req->dev_id < 0) {
232 dev->id = 0;
233
234 list_for_each_entry(entry, &rfcomm_dev_list, list) {
235 if (entry->id != dev->id)
236 break;
237
238 dev->id++;
239 head = &entry->list;
240 }
241 } else {
242 dev->id = req->dev_id;
243
244 list_for_each_entry(entry, &rfcomm_dev_list, list) {
245 if (entry->id == dev->id) {
246 err = -EADDRINUSE;
247 goto out;
248 }
249
250 if (entry->id > dev->id - 1)
251 break;
252
253 head = &entry->list;
254 }
255 }
256
257 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
258 err = -ENFILE;
259 goto out;
260 }
261
262 sprintf(dev->name, "rfcomm%d", dev->id);
263
264 list_add(&dev->list, head);
265
266 bacpy(&dev->src, &req->src);
267 bacpy(&dev->dst, &req->dst);
268 dev->channel = req->channel;
269
270 dev->flags = req->flags &
271 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
272
273 tty_port_init(&dev->port);
274 dev->port.ops = &rfcomm_port_ops;
275
276 skb_queue_head_init(&dev->pending);
277
278 rfcomm_dlc_lock(dlc);
279
280 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
281 struct sock *sk = dlc->owner;
282 struct sk_buff *skb;
283
284 BUG_ON(!sk);
285
286 rfcomm_dlc_throttle(dlc);
287
288 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
289 skb_orphan(skb);
290 skb_queue_tail(&dev->pending, skb);
291 atomic_sub(skb->len, &sk->sk_rmem_alloc);
292 }
293 }
294
295 dlc->data_ready = rfcomm_dev_data_ready;
296 dlc->state_change = rfcomm_dev_state_change;
297 dlc->modem_status = rfcomm_dev_modem_status;
298
299 dlc->owner = dev;
300 dev->dlc = dlc;
301
302 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
303
304 rfcomm_dlc_unlock(dlc);
305
306 /* It's safe to call __module_get() here because socket already
307 holds reference to this module. */
308 __module_get(THIS_MODULE);
309
310 mutex_unlock(&rfcomm_dev_lock);
311 return dev;
312
313 out:
314 mutex_unlock(&rfcomm_dev_lock);
315 kfree(dev);
316 return ERR_PTR(err);
317 }
318
rfcomm_dev_add(struct rfcomm_dev_req * req,struct rfcomm_dlc * dlc)319 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
320 {
321 struct rfcomm_dev *dev;
322 struct device *tty;
323
324 BT_DBG("id %d channel %d", req->dev_id, req->channel);
325
326 dev = __rfcomm_dev_add(req, dlc);
327 if (IS_ERR(dev)) {
328 rfcomm_dlc_put(dlc);
329 return PTR_ERR(dev);
330 }
331
332 tty = tty_port_register_device(&dev->port, rfcomm_tty_driver,
333 dev->id, NULL);
334 if (IS_ERR(tty)) {
335 tty_port_put(&dev->port);
336 return PTR_ERR(tty);
337 }
338
339 dev->tty_dev = tty;
340 rfcomm_reparent_device(dev);
341 dev_set_drvdata(dev->tty_dev, dev);
342
343 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
344 BT_ERR("Failed to create address attribute");
345
346 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
347 BT_ERR("Failed to create channel attribute");
348
349 return dev->id;
350 }
351
352 /* ---- Send buffer ---- */
rfcomm_room(struct rfcomm_dev * dev)353 static inline unsigned int rfcomm_room(struct rfcomm_dev *dev)
354 {
355 struct rfcomm_dlc *dlc = dev->dlc;
356
357 /* Limit the outstanding number of packets not yet sent to 40 */
358 int pending = 40 - atomic_read(&dev->wmem_alloc);
359
360 return max(0, pending) * dlc->mtu;
361 }
362
rfcomm_wfree(struct sk_buff * skb)363 static void rfcomm_wfree(struct sk_buff *skb)
364 {
365 struct rfcomm_dev *dev = (void *) skb->sk;
366 atomic_dec(&dev->wmem_alloc);
367 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
368 tty_port_tty_wakeup(&dev->port);
369 tty_port_put(&dev->port);
370 }
371
rfcomm_set_owner_w(struct sk_buff * skb,struct rfcomm_dev * dev)372 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
373 {
374 tty_port_get(&dev->port);
375 atomic_inc(&dev->wmem_alloc);
376 skb->sk = (void *) dev;
377 skb->destructor = rfcomm_wfree;
378 }
379
rfcomm_wmalloc(struct rfcomm_dev * dev,unsigned long size,gfp_t priority)380 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
381 {
382 struct sk_buff *skb = alloc_skb(size, priority);
383 if (skb)
384 rfcomm_set_owner_w(skb, dev);
385 return skb;
386 }
387
388 /* ---- Device IOCTLs ---- */
389
390 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
391
__rfcomm_create_dev(struct sock * sk,void __user * arg)392 static int __rfcomm_create_dev(struct sock *sk, void __user *arg)
393 {
394 struct rfcomm_dev_req req;
395 struct rfcomm_dlc *dlc;
396 int id;
397
398 if (copy_from_user(&req, arg, sizeof(req)))
399 return -EFAULT;
400
401 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
402
403 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
404 return -EPERM;
405
406 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
407 /* Socket must be connected */
408 if (sk->sk_state != BT_CONNECTED)
409 return -EBADFD;
410
411 dlc = rfcomm_pi(sk)->dlc;
412 rfcomm_dlc_hold(dlc);
413 } else {
414 /* Validate the channel is unused */
415 dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
416 if (IS_ERR(dlc))
417 return PTR_ERR(dlc);
418 if (dlc)
419 return -EBUSY;
420 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
421 if (!dlc)
422 return -ENOMEM;
423 }
424
425 id = rfcomm_dev_add(&req, dlc);
426 if (id < 0)
427 return id;
428
429 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
430 /* DLC is now used by device.
431 * Socket must be disconnected */
432 sk->sk_state = BT_CLOSED;
433 }
434
435 return id;
436 }
437
__rfcomm_release_dev(void __user * arg)438 static int __rfcomm_release_dev(void __user *arg)
439 {
440 struct rfcomm_dev_req req;
441 struct rfcomm_dev *dev;
442 struct tty_struct *tty;
443
444 if (copy_from_user(&req, arg, sizeof(req)))
445 return -EFAULT;
446
447 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
448
449 dev = rfcomm_dev_get(req.dev_id);
450 if (!dev)
451 return -ENODEV;
452
453 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
454 tty_port_put(&dev->port);
455 return -EPERM;
456 }
457
458 /* only release once */
459 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
460 tty_port_put(&dev->port);
461 return -EALREADY;
462 }
463
464 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
465 rfcomm_dlc_close(dev->dlc, 0);
466
467 /* Shut down TTY synchronously before freeing rfcomm_dev */
468 tty = tty_port_tty_get(&dev->port);
469 if (tty) {
470 tty_vhangup(tty);
471 tty_kref_put(tty);
472 }
473
474 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
475 tty_port_put(&dev->port);
476
477 tty_port_put(&dev->port);
478 return 0;
479 }
480
rfcomm_create_dev(struct sock * sk,void __user * arg)481 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
482 {
483 int ret;
484
485 mutex_lock(&rfcomm_ioctl_mutex);
486 ret = __rfcomm_create_dev(sk, arg);
487 mutex_unlock(&rfcomm_ioctl_mutex);
488
489 return ret;
490 }
491
rfcomm_release_dev(void __user * arg)492 static int rfcomm_release_dev(void __user *arg)
493 {
494 int ret;
495
496 mutex_lock(&rfcomm_ioctl_mutex);
497 ret = __rfcomm_release_dev(arg);
498 mutex_unlock(&rfcomm_ioctl_mutex);
499
500 return ret;
501 }
502
rfcomm_get_dev_list(void __user * arg)503 static int rfcomm_get_dev_list(void __user *arg)
504 {
505 struct rfcomm_dev *dev;
506 struct rfcomm_dev_list_req *dl;
507 struct rfcomm_dev_info *di;
508 int n = 0, size, err;
509 u16 dev_num;
510
511 BT_DBG("");
512
513 if (get_user(dev_num, (u16 __user *) arg))
514 return -EFAULT;
515
516 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
517 return -EINVAL;
518
519 size = sizeof(*dl) + dev_num * sizeof(*di);
520
521 dl = kzalloc(size, GFP_KERNEL);
522 if (!dl)
523 return -ENOMEM;
524
525 di = dl->dev_info;
526
527 mutex_lock(&rfcomm_dev_lock);
528
529 list_for_each_entry(dev, &rfcomm_dev_list, list) {
530 if (!tty_port_get(&dev->port))
531 continue;
532 (di + n)->id = dev->id;
533 (di + n)->flags = dev->flags;
534 (di + n)->state = dev->dlc->state;
535 (di + n)->channel = dev->channel;
536 bacpy(&(di + n)->src, &dev->src);
537 bacpy(&(di + n)->dst, &dev->dst);
538 tty_port_put(&dev->port);
539 if (++n >= dev_num)
540 break;
541 }
542
543 mutex_unlock(&rfcomm_dev_lock);
544
545 dl->dev_num = n;
546 size = sizeof(*dl) + n * sizeof(*di);
547
548 err = copy_to_user(arg, dl, size);
549 kfree(dl);
550
551 return err ? -EFAULT : 0;
552 }
553
rfcomm_get_dev_info(void __user * arg)554 static int rfcomm_get_dev_info(void __user *arg)
555 {
556 struct rfcomm_dev *dev;
557 struct rfcomm_dev_info di;
558 int err = 0;
559
560 BT_DBG("");
561
562 if (copy_from_user(&di, arg, sizeof(di)))
563 return -EFAULT;
564
565 dev = rfcomm_dev_get(di.id);
566 if (!dev)
567 return -ENODEV;
568
569 di.flags = dev->flags;
570 di.channel = dev->channel;
571 di.state = dev->dlc->state;
572 bacpy(&di.src, &dev->src);
573 bacpy(&di.dst, &dev->dst);
574
575 if (copy_to_user(arg, &di, sizeof(di)))
576 err = -EFAULT;
577
578 tty_port_put(&dev->port);
579 return err;
580 }
581
rfcomm_dev_ioctl(struct sock * sk,unsigned int cmd,void __user * arg)582 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
583 {
584 BT_DBG("cmd %d arg %p", cmd, arg);
585
586 switch (cmd) {
587 case RFCOMMCREATEDEV:
588 return rfcomm_create_dev(sk, arg);
589
590 case RFCOMMRELEASEDEV:
591 return rfcomm_release_dev(arg);
592
593 case RFCOMMGETDEVLIST:
594 return rfcomm_get_dev_list(arg);
595
596 case RFCOMMGETDEVINFO:
597 return rfcomm_get_dev_info(arg);
598 }
599
600 return -EINVAL;
601 }
602
603 /* ---- DLC callbacks ---- */
rfcomm_dev_data_ready(struct rfcomm_dlc * dlc,struct sk_buff * skb)604 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
605 {
606 struct rfcomm_dev *dev = dlc->owner;
607
608 if (!dev) {
609 kfree_skb(skb);
610 return;
611 }
612
613 if (!skb_queue_empty(&dev->pending)) {
614 skb_queue_tail(&dev->pending, skb);
615 return;
616 }
617
618 BT_DBG("dlc %p len %d", dlc, skb->len);
619
620 tty_insert_flip_string(&dev->port, skb->data, skb->len);
621 tty_flip_buffer_push(&dev->port);
622
623 kfree_skb(skb);
624 }
625
rfcomm_dev_state_change(struct rfcomm_dlc * dlc,int err)626 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
627 {
628 struct rfcomm_dev *dev = dlc->owner;
629 if (!dev)
630 return;
631
632 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
633
634 dev->err = err;
635 if (dlc->state == BT_CONNECTED) {
636 rfcomm_reparent_device(dev);
637
638 wake_up_interruptible(&dev->port.open_wait);
639 } else if (dlc->state == BT_CLOSED)
640 tty_port_tty_hangup(&dev->port, false);
641 }
642
rfcomm_dev_modem_status(struct rfcomm_dlc * dlc,u8 v24_sig)643 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
644 {
645 struct rfcomm_dev *dev = dlc->owner;
646 if (!dev)
647 return;
648
649 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
650
651 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
652 tty_port_tty_hangup(&dev->port, true);
653
654 dev->modem_status =
655 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
656 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
657 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
658 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
659 }
660
661 /* ---- TTY functions ---- */
rfcomm_tty_copy_pending(struct rfcomm_dev * dev)662 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
663 {
664 struct sk_buff *skb;
665 int inserted = 0;
666
667 BT_DBG("dev %p", dev);
668
669 rfcomm_dlc_lock(dev->dlc);
670
671 while ((skb = skb_dequeue(&dev->pending))) {
672 inserted += tty_insert_flip_string(&dev->port, skb->data,
673 skb->len);
674 kfree_skb(skb);
675 }
676
677 rfcomm_dlc_unlock(dev->dlc);
678
679 if (inserted > 0)
680 tty_flip_buffer_push(&dev->port);
681 }
682
683 /* do the reverse of install, clearing the tty fields and releasing the
684 * reference to tty_port
685 */
rfcomm_tty_cleanup(struct tty_struct * tty)686 static void rfcomm_tty_cleanup(struct tty_struct *tty)
687 {
688 struct rfcomm_dev *dev = tty->driver_data;
689
690 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
691
692 rfcomm_dlc_lock(dev->dlc);
693 tty->driver_data = NULL;
694 rfcomm_dlc_unlock(dev->dlc);
695
696 /*
697 * purge the dlc->tx_queue to avoid circular dependencies
698 * between dev and dlc
699 */
700 skb_queue_purge(&dev->dlc->tx_queue);
701
702 tty_port_put(&dev->port);
703 }
704
705 /* we acquire the tty_port reference since it's here the tty is first used
706 * by setting the termios. We also populate the driver_data field and install
707 * the tty port
708 */
rfcomm_tty_install(struct tty_driver * driver,struct tty_struct * tty)709 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
710 {
711 struct rfcomm_dev *dev;
712 struct rfcomm_dlc *dlc;
713 int err;
714
715 dev = rfcomm_dev_get(tty->index);
716 if (!dev)
717 return -ENODEV;
718
719 dlc = dev->dlc;
720
721 /* Attach TTY and open DLC */
722 rfcomm_dlc_lock(dlc);
723 tty->driver_data = dev;
724 rfcomm_dlc_unlock(dlc);
725 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
726
727 /* install the tty_port */
728 err = tty_port_install(&dev->port, driver, tty);
729 if (err) {
730 rfcomm_tty_cleanup(tty);
731 return err;
732 }
733
734 /* take over the tty_port reference if the port was created with the
735 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
736 * when the last process closes the tty. The behaviour is expected by
737 * userspace.
738 */
739 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
740 set_bit(RFCOMM_TTY_OWNED, &dev->status);
741 tty_port_put(&dev->port);
742 }
743
744 return 0;
745 }
746
rfcomm_tty_open(struct tty_struct * tty,struct file * filp)747 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
748 {
749 struct rfcomm_dev *dev = tty->driver_data;
750 int err;
751
752 BT_DBG("tty %p id %d", tty, tty->index);
753
754 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
755 dev->channel, dev->port.count);
756
757 err = tty_port_open(&dev->port, tty, filp);
758 if (err)
759 return err;
760
761 /*
762 * FIXME: rfcomm should use proper flow control for
763 * received data. This hack will be unnecessary and can
764 * be removed when that's implemented
765 */
766 rfcomm_tty_copy_pending(dev);
767
768 rfcomm_dlc_unthrottle(dev->dlc);
769
770 return 0;
771 }
772
rfcomm_tty_close(struct tty_struct * tty,struct file * filp)773 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
774 {
775 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
776
777 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
778 dev->port.count);
779
780 tty_port_close(&dev->port, tty, filp);
781 }
782
rfcomm_tty_write(struct tty_struct * tty,const unsigned char * buf,int count)783 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
784 {
785 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
786 struct rfcomm_dlc *dlc = dev->dlc;
787 struct sk_buff *skb;
788 int sent = 0, size;
789
790 BT_DBG("tty %p count %d", tty, count);
791
792 while (count) {
793 size = min_t(uint, count, dlc->mtu);
794
795 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
796 if (!skb)
797 break;
798
799 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
800
801 skb_put_data(skb, buf + sent, size);
802
803 rfcomm_dlc_send_noerror(dlc, skb);
804
805 sent += size;
806 count -= size;
807 }
808
809 return sent;
810 }
811
rfcomm_tty_write_room(struct tty_struct * tty)812 static unsigned int rfcomm_tty_write_room(struct tty_struct *tty)
813 {
814 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
815 int room = 0;
816
817 if (dev && dev->dlc)
818 room = rfcomm_room(dev);
819
820 BT_DBG("tty %p room %d", tty, room);
821
822 return room;
823 }
824
rfcomm_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)825 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
826 {
827 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
828
829 switch (cmd) {
830 case TCGETS:
831 BT_DBG("TCGETS is not supported");
832 return -ENOIOCTLCMD;
833
834 case TCSETS:
835 BT_DBG("TCSETS is not supported");
836 return -ENOIOCTLCMD;
837
838 case TIOCMIWAIT:
839 BT_DBG("TIOCMIWAIT");
840 break;
841
842 case TIOCSERGETLSR:
843 BT_ERR("TIOCSERGETLSR is not supported");
844 return -ENOIOCTLCMD;
845
846 case TIOCSERCONFIG:
847 BT_ERR("TIOCSERCONFIG is not supported");
848 return -ENOIOCTLCMD;
849
850 default:
851 return -ENOIOCTLCMD; /* ioctls which we must ignore */
852
853 }
854
855 return -ENOIOCTLCMD;
856 }
857
rfcomm_tty_set_termios(struct tty_struct * tty,struct ktermios * old)858 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
859 {
860 struct ktermios *new = &tty->termios;
861 int old_baud_rate = tty_termios_baud_rate(old);
862 int new_baud_rate = tty_termios_baud_rate(new);
863
864 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
865 u16 changes = 0;
866
867 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
868
869 BT_DBG("tty %p termios %p", tty, old);
870
871 if (!dev || !dev->dlc || !dev->dlc->session)
872 return;
873
874 /* Handle turning off CRTSCTS */
875 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
876 BT_DBG("Turning off CRTSCTS unsupported");
877
878 /* Parity on/off and when on, odd/even */
879 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
880 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
881 changes |= RFCOMM_RPN_PM_PARITY;
882 BT_DBG("Parity change detected.");
883 }
884
885 /* Mark and space parity are not supported! */
886 if (new->c_cflag & PARENB) {
887 if (new->c_cflag & PARODD) {
888 BT_DBG("Parity is ODD");
889 parity = RFCOMM_RPN_PARITY_ODD;
890 } else {
891 BT_DBG("Parity is EVEN");
892 parity = RFCOMM_RPN_PARITY_EVEN;
893 }
894 } else {
895 BT_DBG("Parity is OFF");
896 parity = RFCOMM_RPN_PARITY_NONE;
897 }
898
899 /* Setting the x_on / x_off characters */
900 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
901 BT_DBG("XOFF custom");
902 x_on = new->c_cc[VSTOP];
903 changes |= RFCOMM_RPN_PM_XON;
904 } else {
905 BT_DBG("XOFF default");
906 x_on = RFCOMM_RPN_XON_CHAR;
907 }
908
909 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
910 BT_DBG("XON custom");
911 x_off = new->c_cc[VSTART];
912 changes |= RFCOMM_RPN_PM_XOFF;
913 } else {
914 BT_DBG("XON default");
915 x_off = RFCOMM_RPN_XOFF_CHAR;
916 }
917
918 /* Handle setting of stop bits */
919 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
920 changes |= RFCOMM_RPN_PM_STOP;
921
922 /* POSIX does not support 1.5 stop bits and RFCOMM does not
923 * support 2 stop bits. So a request for 2 stop bits gets
924 * translated to 1.5 stop bits */
925 if (new->c_cflag & CSTOPB)
926 stop_bits = RFCOMM_RPN_STOP_15;
927 else
928 stop_bits = RFCOMM_RPN_STOP_1;
929
930 /* Handle number of data bits [5-8] */
931 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
932 changes |= RFCOMM_RPN_PM_DATA;
933
934 switch (new->c_cflag & CSIZE) {
935 case CS5:
936 data_bits = RFCOMM_RPN_DATA_5;
937 break;
938 case CS6:
939 data_bits = RFCOMM_RPN_DATA_6;
940 break;
941 case CS7:
942 data_bits = RFCOMM_RPN_DATA_7;
943 break;
944 case CS8:
945 data_bits = RFCOMM_RPN_DATA_8;
946 break;
947 default:
948 data_bits = RFCOMM_RPN_DATA_8;
949 break;
950 }
951
952 /* Handle baudrate settings */
953 if (old_baud_rate != new_baud_rate)
954 changes |= RFCOMM_RPN_PM_BITRATE;
955
956 switch (new_baud_rate) {
957 case 2400:
958 baud = RFCOMM_RPN_BR_2400;
959 break;
960 case 4800:
961 baud = RFCOMM_RPN_BR_4800;
962 break;
963 case 7200:
964 baud = RFCOMM_RPN_BR_7200;
965 break;
966 case 9600:
967 baud = RFCOMM_RPN_BR_9600;
968 break;
969 case 19200:
970 baud = RFCOMM_RPN_BR_19200;
971 break;
972 case 38400:
973 baud = RFCOMM_RPN_BR_38400;
974 break;
975 case 57600:
976 baud = RFCOMM_RPN_BR_57600;
977 break;
978 case 115200:
979 baud = RFCOMM_RPN_BR_115200;
980 break;
981 case 230400:
982 baud = RFCOMM_RPN_BR_230400;
983 break;
984 default:
985 /* 9600 is standard accordinag to the RFCOMM specification */
986 baud = RFCOMM_RPN_BR_9600;
987 break;
988
989 }
990
991 if (changes)
992 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
993 data_bits, stop_bits, parity,
994 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
995 }
996
rfcomm_tty_throttle(struct tty_struct * tty)997 static void rfcomm_tty_throttle(struct tty_struct *tty)
998 {
999 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1000
1001 BT_DBG("tty %p dev %p", tty, dev);
1002
1003 rfcomm_dlc_throttle(dev->dlc);
1004 }
1005
rfcomm_tty_unthrottle(struct tty_struct * tty)1006 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1007 {
1008 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1009
1010 BT_DBG("tty %p dev %p", tty, dev);
1011
1012 rfcomm_dlc_unthrottle(dev->dlc);
1013 }
1014
rfcomm_tty_chars_in_buffer(struct tty_struct * tty)1015 static unsigned int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1016 {
1017 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019 BT_DBG("tty %p dev %p", tty, dev);
1020
1021 if (!dev || !dev->dlc)
1022 return 0;
1023
1024 if (!skb_queue_empty(&dev->dlc->tx_queue))
1025 return dev->dlc->mtu;
1026
1027 return 0;
1028 }
1029
rfcomm_tty_flush_buffer(struct tty_struct * tty)1030 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1031 {
1032 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1033
1034 BT_DBG("tty %p dev %p", tty, dev);
1035
1036 if (!dev || !dev->dlc)
1037 return;
1038
1039 skb_queue_purge(&dev->dlc->tx_queue);
1040 tty_wakeup(tty);
1041 }
1042
rfcomm_tty_send_xchar(struct tty_struct * tty,char ch)1043 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1044 {
1045 BT_DBG("tty %p ch %c", tty, ch);
1046 }
1047
rfcomm_tty_wait_until_sent(struct tty_struct * tty,int timeout)1048 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1049 {
1050 BT_DBG("tty %p timeout %d", tty, timeout);
1051 }
1052
rfcomm_tty_hangup(struct tty_struct * tty)1053 static void rfcomm_tty_hangup(struct tty_struct *tty)
1054 {
1055 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1056
1057 BT_DBG("tty %p dev %p", tty, dev);
1058
1059 tty_port_hangup(&dev->port);
1060 }
1061
rfcomm_tty_tiocmget(struct tty_struct * tty)1062 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1063 {
1064 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1065
1066 BT_DBG("tty %p dev %p", tty, dev);
1067
1068 return dev->modem_status;
1069 }
1070
rfcomm_tty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)1071 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1072 {
1073 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1074 struct rfcomm_dlc *dlc = dev->dlc;
1075 u8 v24_sig;
1076
1077 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1078
1079 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1080
1081 if (set & TIOCM_DSR || set & TIOCM_DTR)
1082 v24_sig |= RFCOMM_V24_RTC;
1083 if (set & TIOCM_RTS || set & TIOCM_CTS)
1084 v24_sig |= RFCOMM_V24_RTR;
1085 if (set & TIOCM_RI)
1086 v24_sig |= RFCOMM_V24_IC;
1087 if (set & TIOCM_CD)
1088 v24_sig |= RFCOMM_V24_DV;
1089
1090 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1091 v24_sig &= ~RFCOMM_V24_RTC;
1092 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1093 v24_sig &= ~RFCOMM_V24_RTR;
1094 if (clear & TIOCM_RI)
1095 v24_sig &= ~RFCOMM_V24_IC;
1096 if (clear & TIOCM_CD)
1097 v24_sig &= ~RFCOMM_V24_DV;
1098
1099 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1100
1101 return 0;
1102 }
1103
1104 /* ---- TTY structure ---- */
1105
1106 static const struct tty_operations rfcomm_ops = {
1107 .open = rfcomm_tty_open,
1108 .close = rfcomm_tty_close,
1109 .write = rfcomm_tty_write,
1110 .write_room = rfcomm_tty_write_room,
1111 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1112 .flush_buffer = rfcomm_tty_flush_buffer,
1113 .ioctl = rfcomm_tty_ioctl,
1114 .throttle = rfcomm_tty_throttle,
1115 .unthrottle = rfcomm_tty_unthrottle,
1116 .set_termios = rfcomm_tty_set_termios,
1117 .send_xchar = rfcomm_tty_send_xchar,
1118 .hangup = rfcomm_tty_hangup,
1119 .wait_until_sent = rfcomm_tty_wait_until_sent,
1120 .tiocmget = rfcomm_tty_tiocmget,
1121 .tiocmset = rfcomm_tty_tiocmset,
1122 .install = rfcomm_tty_install,
1123 .cleanup = rfcomm_tty_cleanup,
1124 };
1125
rfcomm_init_ttys(void)1126 int __init rfcomm_init_ttys(void)
1127 {
1128 int error;
1129
1130 rfcomm_tty_driver = tty_alloc_driver(RFCOMM_TTY_PORTS,
1131 TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV);
1132 if (IS_ERR(rfcomm_tty_driver))
1133 return PTR_ERR(rfcomm_tty_driver);
1134
1135 rfcomm_tty_driver->driver_name = "rfcomm";
1136 rfcomm_tty_driver->name = "rfcomm";
1137 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1138 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1139 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1140 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1141 rfcomm_tty_driver->init_termios = tty_std_termios;
1142 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1143 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1144 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1145
1146 error = tty_register_driver(rfcomm_tty_driver);
1147 if (error) {
1148 BT_ERR("Can't register RFCOMM TTY driver");
1149 tty_driver_kref_put(rfcomm_tty_driver);
1150 return error;
1151 }
1152
1153 BT_INFO("RFCOMM TTY layer initialized");
1154
1155 return 0;
1156 }
1157
rfcomm_cleanup_ttys(void)1158 void rfcomm_cleanup_ttys(void)
1159 {
1160 tty_unregister_driver(rfcomm_tty_driver);
1161 tty_driver_kref_put(rfcomm_tty_driver);
1162 }
1163