search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bluetooth: Fix RFCOMM tty teardown race
[linux-2.6/btrfs-unstable.git] / net / bluetooth / rfcomm / tty.c
blob6ea08b05b53a0ed19db047cc69c780aca7c05389
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * RFCOMM TTY.
26 */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
39 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
40 #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
41 #define RFCOMM_TTY_MINOR 0
42
43 static struct tty_driver *rfcomm_tty_driver;
44
45 struct rfcomm_dev {
46 struct tty_port port;
47 struct list_head list;
48
49 char name[12];
50 int id;
51 unsigned long flags;
52 int err;
53
54 unsigned long status; /* don't export to userspace */
55
56 bdaddr_t src;
57 bdaddr_t dst;
58 u8 channel;
59
60 uint modem_status;
61
62 struct rfcomm_dlc *dlc;
63
64 struct device *tty_dev;
65
66 atomic_t wmem_alloc;
67
68 struct sk_buff_head pending;
69 };
70
71 static LIST_HEAD(rfcomm_dev_list);
72 static DEFINE_SPINLOCK(rfcomm_dev_lock);
73
74 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
75 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
76 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
77
78 /* ---- Device functions ---- */
79
80 static void rfcomm_dev_destruct(struct tty_port *port)
81 {
82 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
83 struct rfcomm_dlc *dlc = dev->dlc;
84
85 BT_DBG("dev %p dlc %p", dev, dlc);
86
87 rfcomm_dlc_lock(dlc);
88 /* Detach DLC if it's owned by this dev */
89 if (dlc->owner == dev)
90 dlc->owner = NULL;
91 rfcomm_dlc_unlock(dlc);
92
93 rfcomm_dlc_put(dlc);
94
95 tty_unregister_device(rfcomm_tty_driver, dev->id);
96
97 spin_lock(&rfcomm_dev_lock);
98 list_del(&dev->list);
99 spin_unlock(&rfcomm_dev_lock);
100
101 kfree(dev);
102
103 /* It's safe to call module_put() here because socket still
104 holds reference to this module. */
105 module_put(THIS_MODULE);
106 }
107
108 /* device-specific initialization: open the dlc */
109 static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
110 {
111 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
112
113 return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
114 }
115
116 /* we block the open until the dlc->state becomes BT_CONNECTED */
117 static int rfcomm_dev_carrier_raised(struct tty_port *port)
118 {
119 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
120
121 return (dev->dlc->state == BT_CONNECTED);
122 }
123
124 /* device-specific cleanup: close the dlc */
125 static void rfcomm_dev_shutdown(struct tty_port *port)
126 {
127 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
128
129 if (dev->tty_dev->parent)
130 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
131
132 /* close the dlc */
133 rfcomm_dlc_close(dev->dlc, 0);
134 }
135
136 static const struct tty_port_operations rfcomm_port_ops = {
137 .destruct = rfcomm_dev_destruct,
138 .activate = rfcomm_dev_activate,
139 .shutdown = rfcomm_dev_shutdown,
140 .carrier_raised = rfcomm_dev_carrier_raised,
141 };
142
143 static struct rfcomm_dev *__rfcomm_dev_get(int id)
144 {
145 struct rfcomm_dev *dev;
146
147 list_for_each_entry(dev, &rfcomm_dev_list, list)
148 if (dev->id == id)
149 return dev;
150
151 return NULL;
152 }
153
154 static struct rfcomm_dev *rfcomm_dev_get(int id)
155 {
156 struct rfcomm_dev *dev;
157
158 spin_lock(&rfcomm_dev_lock);
159
160 dev = __rfcomm_dev_get(id);
161
162 if (dev && !tty_port_get(&dev->port))
163 dev = NULL;
164
165 spin_unlock(&rfcomm_dev_lock);
166
167 return dev;
168 }
169
170 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
171 {
172 struct hci_dev *hdev;
173 struct hci_conn *conn;
174
175 hdev = hci_get_route(&dev->dst, &dev->src);
176 if (!hdev)
177 return NULL;
178
179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
180
181 hci_dev_put(hdev);
182
183 return conn ? &conn->dev : NULL;
184 }
185
186 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
187 {
188 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
189 return sprintf(buf, "%pMR\n", &dev->dst);
190 }
191
192 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
193 {
194 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
195 return sprintf(buf, "%d\n", dev->channel);
196 }
197
198 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
199 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
200
201 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
202 {
203 struct rfcomm_dev *dev, *entry;
204 struct list_head *head = &rfcomm_dev_list;
205 int err = 0;
206
207 BT_DBG("id %d channel %d", req->dev_id, req->channel);
208
209 dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
210 if (!dev)
211 return -ENOMEM;
212
213 spin_lock(&rfcomm_dev_lock);
214
215 if (req->dev_id < 0) {
216 dev->id = 0;
217
218 list_for_each_entry(entry, &rfcomm_dev_list, list) {
219 if (entry->id != dev->id)
220 break;
221
222 dev->id++;
223 head = &entry->list;
224 }
225 } else {
226 dev->id = req->dev_id;
227
228 list_for_each_entry(entry, &rfcomm_dev_list, list) {
229 if (entry->id == dev->id) {
230 err = -EADDRINUSE;
231 goto out;
232 }
233
234 if (entry->id > dev->id - 1)
235 break;
236
237 head = &entry->list;
238 }
239 }
240
241 if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
242 err = -ENFILE;
243 goto out;
244 }
245
246 sprintf(dev->name, "rfcomm%d", dev->id);
247
248 list_add(&dev->list, head);
249
250 bacpy(&dev->src, &req->src);
251 bacpy(&dev->dst, &req->dst);
252 dev->channel = req->channel;
253
254 dev->flags = req->flags &
255 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
256
257 tty_port_init(&dev->port);
258 dev->port.ops = &rfcomm_port_ops;
259
260 skb_queue_head_init(&dev->pending);
261
262 rfcomm_dlc_lock(dlc);
263
264 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
265 struct sock *sk = dlc->owner;
266 struct sk_buff *skb;
267
268 BUG_ON(!sk);
269
270 rfcomm_dlc_throttle(dlc);
271
272 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
273 skb_orphan(skb);
274 skb_queue_tail(&dev->pending, skb);
275 atomic_sub(skb->len, &sk->sk_rmem_alloc);
276 }
277 }
278
279 dlc->data_ready = rfcomm_dev_data_ready;
280 dlc->state_change = rfcomm_dev_state_change;
281 dlc->modem_status = rfcomm_dev_modem_status;
282
283 dlc->owner = dev;
284 dev->dlc = dlc;
285
286 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
287
288 rfcomm_dlc_unlock(dlc);
289
290 /* It's safe to call __module_get() here because socket already
291 holds reference to this module. */
292 __module_get(THIS_MODULE);
293
294 out:
295 spin_unlock(&rfcomm_dev_lock);
296
297 if (err < 0)
298 goto free;
299
300 dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver,
301 dev->id, NULL);
302 if (IS_ERR(dev->tty_dev)) {
303 err = PTR_ERR(dev->tty_dev);
304 spin_lock(&rfcomm_dev_lock);
305 list_del(&dev->list);
306 spin_unlock(&rfcomm_dev_lock);
307 goto free;
308 }
309
310 dev_set_drvdata(dev->tty_dev, dev);
311
312 if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
313 BT_ERR("Failed to create address attribute");
314
315 if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
316 BT_ERR("Failed to create channel attribute");
317
318 return dev->id;
319
320 free:
321 kfree(dev);
322 return err;
323 }
324
325 /* ---- Send buffer ---- */
326 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
327 {
328 /* We can't let it be zero, because we don't get a callback
329 when tx_credits becomes nonzero, hence we'd never wake up */
330 return dlc->mtu * (dlc->tx_credits?:1);
331 }
332
333 static void rfcomm_wfree(struct sk_buff *skb)
334 {
335 struct rfcomm_dev *dev = (void *) skb->sk;
336 atomic_sub(skb->truesize, &dev->wmem_alloc);
337 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
338 tty_port_tty_wakeup(&dev->port);
339 tty_port_put(&dev->port);
340 }
341
342 static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
343 {
344 tty_port_get(&dev->port);
345 atomic_add(skb->truesize, &dev->wmem_alloc);
346 skb->sk = (void *) dev;
347 skb->destructor = rfcomm_wfree;
348 }
349
350 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
351 {
352 if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
353 struct sk_buff *skb = alloc_skb(size, priority);
354 if (skb) {
355 rfcomm_set_owner_w(skb, dev);
356 return skb;
357 }
358 }
359 return NULL;
360 }
361
362 /* ---- Device IOCTLs ---- */
363
364 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
365
366 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
367 {
368 struct rfcomm_dev_req req;
369 struct rfcomm_dlc *dlc;
370 int id;
371
372 if (copy_from_user(&req, arg, sizeof(req)))
373 return -EFAULT;
374
375 BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
376
377 if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
378 return -EPERM;
379
380 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
381 /* Socket must be connected */
382 if (sk->sk_state != BT_CONNECTED)
383 return -EBADFD;
384
385 dlc = rfcomm_pi(sk)->dlc;
386 rfcomm_dlc_hold(dlc);
387 } else {
388 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
389 if (!dlc)
390 return -ENOMEM;
391 }
392
393 id = rfcomm_dev_add(&req, dlc);
394 if (id < 0) {
395 rfcomm_dlc_put(dlc);
396 return id;
397 }
398
399 if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
400 /* DLC is now used by device.
401 * Socket must be disconnected */
402 sk->sk_state = BT_CLOSED;
403 }
404
405 return id;
406 }
407
408 static int rfcomm_release_dev(void __user *arg)
409 {
410 struct rfcomm_dev_req req;
411 struct rfcomm_dev *dev;
412 struct tty_struct *tty;
413
414 if (copy_from_user(&req, arg, sizeof(req)))
415 return -EFAULT;
416
417 BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
418
419 dev = rfcomm_dev_get(req.dev_id);
420 if (!dev)
421 return -ENODEV;
422
423 if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
424 tty_port_put(&dev->port);
425 return -EPERM;
426 }
427
428 /* only release once */
429 if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
430 tty_port_put(&dev->port);
431 return -EALREADY;
432 }
433
434 if (req.flags & (1 << RFCOMM_HANGUP_NOW))
435 rfcomm_dlc_close(dev->dlc, 0);
436
437 /* Shut down TTY synchronously before freeing rfcomm_dev */
438 tty = tty_port_tty_get(&dev->port);
439 if (tty) {
440 tty_vhangup(tty);
441 tty_kref_put(tty);
442 }
443
444 if (!test_bit(RFCOMM_TTY_OWNED, &dev->status))
445 tty_port_put(&dev->port);
446
447 tty_port_put(&dev->port);
448 return 0;
449 }
450
451 static int rfcomm_get_dev_list(void __user *arg)
452 {
453 struct rfcomm_dev *dev;
454 struct rfcomm_dev_list_req *dl;
455 struct rfcomm_dev_info *di;
456 int n = 0, size, err;
457 u16 dev_num;
458
459 BT_DBG("");
460
461 if (get_user(dev_num, (u16 __user *) arg))
462 return -EFAULT;
463
464 if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
465 return -EINVAL;
466
467 size = sizeof(*dl) + dev_num * sizeof(*di);
468
469 dl = kzalloc(size, GFP_KERNEL);
470 if (!dl)
471 return -ENOMEM;
472
473 di = dl->dev_info;
474
475 spin_lock(&rfcomm_dev_lock);
476
477 list_for_each_entry(dev, &rfcomm_dev_list, list) {
478 if (!tty_port_get(&dev->port))
479 continue;
480 (di + n)->id = dev->id;
481 (di + n)->flags = dev->flags;
482 (di + n)->state = dev->dlc->state;
483 (di + n)->channel = dev->channel;
484 bacpy(&(di + n)->src, &dev->src);
485 bacpy(&(di + n)->dst, &dev->dst);
486 tty_port_put(&dev->port);
487 if (++n >= dev_num)
488 break;
489 }
490
491 spin_unlock(&rfcomm_dev_lock);
492
493 dl->dev_num = n;
494 size = sizeof(*dl) + n * sizeof(*di);
495
496 err = copy_to_user(arg, dl, size);
497 kfree(dl);
498
499 return err ? -EFAULT : 0;
500 }
501
502 static int rfcomm_get_dev_info(void __user *arg)
503 {
504 struct rfcomm_dev *dev;
505 struct rfcomm_dev_info di;
506 int err = 0;
507
508 BT_DBG("");
509
510 if (copy_from_user(&di, arg, sizeof(di)))
511 return -EFAULT;
512
513 dev = rfcomm_dev_get(di.id);
514 if (!dev)
515 return -ENODEV;
516
517 di.flags = dev->flags;
518 di.channel = dev->channel;
519 di.state = dev->dlc->state;
520 bacpy(&di.src, &dev->src);
521 bacpy(&di.dst, &dev->dst);
522
523 if (copy_to_user(arg, &di, sizeof(di)))
524 err = -EFAULT;
525
526 tty_port_put(&dev->port);
527 return err;
528 }
529
530 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
531 {
532 BT_DBG("cmd %d arg %p", cmd, arg);
533
534 switch (cmd) {
535 case RFCOMMCREATEDEV:
536 return rfcomm_create_dev(sk, arg);
537
538 case RFCOMMRELEASEDEV:
539 return rfcomm_release_dev(arg);
540
541 case RFCOMMGETDEVLIST:
542 return rfcomm_get_dev_list(arg);
543
544 case RFCOMMGETDEVINFO:
545 return rfcomm_get_dev_info(arg);
546 }
547
548 return -EINVAL;
549 }
550
551 /* ---- DLC callbacks ---- */
552 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
553 {
554 struct rfcomm_dev *dev = dlc->owner;
555
556 if (!dev) {
557 kfree_skb(skb);
558 return;
559 }
560
561 if (!skb_queue_empty(&dev->pending)) {
562 skb_queue_tail(&dev->pending, skb);
563 return;
564 }
565
566 BT_DBG("dlc %p len %d", dlc, skb->len);
567
568 tty_insert_flip_string(&dev->port, skb->data, skb->len);
569 tty_flip_buffer_push(&dev->port);
570
571 kfree_skb(skb);
572 }
573
574 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
575 {
576 struct rfcomm_dev *dev = dlc->owner;
577 if (!dev)
578 return;
579
580 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
581
582 dev->err = err;
583 if (dlc->state == BT_CONNECTED) {
584 device_move(dev->tty_dev, rfcomm_get_device(dev),
585 DPM_ORDER_DEV_AFTER_PARENT);
586
587 wake_up_interruptible(&dev->port.open_wait);
588 } else if (dlc->state == BT_CLOSED)
589 tty_port_tty_hangup(&dev->port, false);
590 }
591
592 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
593 {
594 struct rfcomm_dev *dev = dlc->owner;
595 if (!dev)
596 return;
597
598 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
599
600 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
601 tty_port_tty_hangup(&dev->port, true);
602
603 dev->modem_status =
604 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
605 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
606 ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) |
607 ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0);
608 }
609
610 /* ---- TTY functions ---- */
611 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
612 {
613 struct sk_buff *skb;
614 int inserted = 0;
615
616 BT_DBG("dev %p", dev);
617
618 rfcomm_dlc_lock(dev->dlc);
619
620 while ((skb = skb_dequeue(&dev->pending))) {
621 inserted += tty_insert_flip_string(&dev->port, skb->data,
622 skb->len);
623 kfree_skb(skb);
624 }
625
626 rfcomm_dlc_unlock(dev->dlc);
627
628 if (inserted > 0)
629 tty_flip_buffer_push(&dev->port);
630 }
631
632 /* do the reverse of install, clearing the tty fields and releasing the
633 * reference to tty_port
634 */
635 static void rfcomm_tty_cleanup(struct tty_struct *tty)
636 {
637 struct rfcomm_dev *dev = tty->driver_data;
638
639 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
640
641 rfcomm_dlc_lock(dev->dlc);
642 tty->driver_data = NULL;
643 rfcomm_dlc_unlock(dev->dlc);
644
645 /*
646 * purge the dlc->tx_queue to avoid circular dependencies
647 * between dev and dlc
648 */
649 skb_queue_purge(&dev->dlc->tx_queue);
650
651 tty_port_put(&dev->port);
652 }
653
654 /* we acquire the tty_port reference since it's here the tty is first used
655 * by setting the termios. We also populate the driver_data field and install
656 * the tty port
657 */
658 static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
659 {
660 struct rfcomm_dev *dev;
661 struct rfcomm_dlc *dlc;
662 int err;
663
664 dev = rfcomm_dev_get(tty->index);
665 if (!dev)
666 return -ENODEV;
667
668 dlc = dev->dlc;
669
670 /* Attach TTY and open DLC */
671 rfcomm_dlc_lock(dlc);
672 tty->driver_data = dev;
673 rfcomm_dlc_unlock(dlc);
674 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
675
676 /* install the tty_port */
677 err = tty_port_install(&dev->port, driver, tty);
678 if (err) {
679 rfcomm_tty_cleanup(tty);
680 return err;
681 }
682
683 /* take over the tty_port reference if the port was created with the
684 * flag RFCOMM_RELEASE_ONHUP. This will force the release of the port
685 * when the last process closes the tty. The behaviour is expected by
686 * userspace.
687 */
688 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
689 set_bit(RFCOMM_TTY_OWNED, &dev->status);
690 tty_port_put(&dev->port);
691 }
692
693 return 0;
694 }
695
696 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
697 {
698 struct rfcomm_dev *dev = tty->driver_data;
699 int err;
700
701 BT_DBG("tty %p id %d", tty, tty->index);
702
703 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
704 dev->channel, dev->port.count);
705
706 err = tty_port_open(&dev->port, tty, filp);
707 if (err)
708 return err;
709
710 /*
711 * FIXME: rfcomm should use proper flow control for
712 * received data. This hack will be unnecessary and can
713 * be removed when that's implemented
714 */
715 rfcomm_tty_copy_pending(dev);
716
717 rfcomm_dlc_unthrottle(dev->dlc);
718
719 return 0;
720 }
721
722 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
723 {
724 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
725
726 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
727 dev->port.count);
728
729 tty_port_close(&dev->port, tty, filp);
730 }
731
732 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
733 {
734 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
735 struct rfcomm_dlc *dlc = dev->dlc;
736 struct sk_buff *skb;
737 int err = 0, sent = 0, size;
738
739 BT_DBG("tty %p count %d", tty, count);
740
741 while (count) {
742 size = min_t(uint, count, dlc->mtu);
743
744 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
745
746 if (!skb)
747 break;
748
749 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
750
751 memcpy(skb_put(skb, size), buf + sent, size);
752
753 err = rfcomm_dlc_send(dlc, skb);
754 if (err < 0) {
755 kfree_skb(skb);
756 break;
757 }
758
759 sent += size;
760 count -= size;
761 }
762
763 return sent ? sent : err;
764 }
765
766 static int rfcomm_tty_write_room(struct tty_struct *tty)
767 {
768 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
769 int room;
770
771 BT_DBG("tty %p", tty);
772
773 if (!dev || !dev->dlc)
774 return 0;
775
776 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
777 if (room < 0)
778 room = 0;
779
780 return room;
781 }
782
783 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
784 {
785 BT_DBG("tty %p cmd 0x%02x", tty, cmd);
786
787 switch (cmd) {
788 case TCGETS:
789 BT_DBG("TCGETS is not supported");
790 return -ENOIOCTLCMD;
791
792 case TCSETS:
793 BT_DBG("TCSETS is not supported");
794 return -ENOIOCTLCMD;
795
796 case TIOCMIWAIT:
797 BT_DBG("TIOCMIWAIT");
798 break;
799
800 case TIOCGSERIAL:
801 BT_ERR("TIOCGSERIAL is not supported");
802 return -ENOIOCTLCMD;
803
804 case TIOCSSERIAL:
805 BT_ERR("TIOCSSERIAL is not supported");
806 return -ENOIOCTLCMD;
807
808 case TIOCSERGSTRUCT:
809 BT_ERR("TIOCSERGSTRUCT is not supported");
810 return -ENOIOCTLCMD;
811
812 case TIOCSERGETLSR:
813 BT_ERR("TIOCSERGETLSR is not supported");
814 return -ENOIOCTLCMD;
815
816 case TIOCSERCONFIG:
817 BT_ERR("TIOCSERCONFIG is not supported");
818 return -ENOIOCTLCMD;
819
820 default:
821 return -ENOIOCTLCMD; /* ioctls which we must ignore */
822
823 }
824
825 return -ENOIOCTLCMD;
826 }
827
828 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
829 {
830 struct ktermios *new = &tty->termios;
831 int old_baud_rate = tty_termios_baud_rate(old);
832 int new_baud_rate = tty_termios_baud_rate(new);
833
834 u8 baud, data_bits, stop_bits, parity, x_on, x_off;
835 u16 changes = 0;
836
837 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
838
839 BT_DBG("tty %p termios %p", tty, old);
840
841 if (!dev || !dev->dlc || !dev->dlc->session)
842 return;
843
844 /* Handle turning off CRTSCTS */
845 if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
846 BT_DBG("Turning off CRTSCTS unsupported");
847
848 /* Parity on/off and when on, odd/even */
849 if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
850 ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
851 changes |= RFCOMM_RPN_PM_PARITY;
852 BT_DBG("Parity change detected.");
853 }
854
855 /* Mark and space parity are not supported! */
856 if (new->c_cflag & PARENB) {
857 if (new->c_cflag & PARODD) {
858 BT_DBG("Parity is ODD");
859 parity = RFCOMM_RPN_PARITY_ODD;
860 } else {
861 BT_DBG("Parity is EVEN");
862 parity = RFCOMM_RPN_PARITY_EVEN;
863 }
864 } else {
865 BT_DBG("Parity is OFF");
866 parity = RFCOMM_RPN_PARITY_NONE;
867 }
868
869 /* Setting the x_on / x_off characters */
870 if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
871 BT_DBG("XOFF custom");
872 x_on = new->c_cc[VSTOP];
873 changes |= RFCOMM_RPN_PM_XON;
874 } else {
875 BT_DBG("XOFF default");
876 x_on = RFCOMM_RPN_XON_CHAR;
877 }
878
879 if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
880 BT_DBG("XON custom");
881 x_off = new->c_cc[VSTART];
882 changes |= RFCOMM_RPN_PM_XOFF;
883 } else {
884 BT_DBG("XON default");
885 x_off = RFCOMM_RPN_XOFF_CHAR;
886 }
887
888 /* Handle setting of stop bits */
889 if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
890 changes |= RFCOMM_RPN_PM_STOP;
891
892 /* POSIX does not support 1.5 stop bits and RFCOMM does not
893 * support 2 stop bits. So a request for 2 stop bits gets
894 * translated to 1.5 stop bits */
895 if (new->c_cflag & CSTOPB)
896 stop_bits = RFCOMM_RPN_STOP_15;
897 else
898 stop_bits = RFCOMM_RPN_STOP_1;
899
900 /* Handle number of data bits [5-8] */
901 if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
902 changes |= RFCOMM_RPN_PM_DATA;
903
904 switch (new->c_cflag & CSIZE) {
905 case CS5:
906 data_bits = RFCOMM_RPN_DATA_5;
907 break;
908 case CS6:
909 data_bits = RFCOMM_RPN_DATA_6;
910 break;
911 case CS7:
912 data_bits = RFCOMM_RPN_DATA_7;
913 break;
914 case CS8:
915 data_bits = RFCOMM_RPN_DATA_8;
916 break;
917 default:
918 data_bits = RFCOMM_RPN_DATA_8;
919 break;
920 }
921
922 /* Handle baudrate settings */
923 if (old_baud_rate != new_baud_rate)
924 changes |= RFCOMM_RPN_PM_BITRATE;
925
926 switch (new_baud_rate) {
927 case 2400:
928 baud = RFCOMM_RPN_BR_2400;
929 break;
930 case 4800:
931 baud = RFCOMM_RPN_BR_4800;
932 break;
933 case 7200:
934 baud = RFCOMM_RPN_BR_7200;
935 break;
936 case 9600:
937 baud = RFCOMM_RPN_BR_9600;
938 break;
939 case 19200:
940 baud = RFCOMM_RPN_BR_19200;
941 break;
942 case 38400:
943 baud = RFCOMM_RPN_BR_38400;
944 break;
945 case 57600:
946 baud = RFCOMM_RPN_BR_57600;
947 break;
948 case 115200:
949 baud = RFCOMM_RPN_BR_115200;
950 break;
951 case 230400:
952 baud = RFCOMM_RPN_BR_230400;
953 break;
954 default:
955 /* 9600 is standard accordinag to the RFCOMM specification */
956 baud = RFCOMM_RPN_BR_9600;
957 break;
958
959 }
960
961 if (changes)
962 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
963 data_bits, stop_bits, parity,
964 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
965 }
966
967 static void rfcomm_tty_throttle(struct tty_struct *tty)
968 {
969 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
970
971 BT_DBG("tty %p dev %p", tty, dev);
972
973 rfcomm_dlc_throttle(dev->dlc);
974 }
975
976 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
977 {
978 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
979
980 BT_DBG("tty %p dev %p", tty, dev);
981
982 rfcomm_dlc_unthrottle(dev->dlc);
983 }
984
985 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
986 {
987 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
988
989 BT_DBG("tty %p dev %p", tty, dev);
990
991 if (!dev || !dev->dlc)
992 return 0;
993
994 if (!skb_queue_empty(&dev->dlc->tx_queue))
995 return dev->dlc->mtu;
996
997 return 0;
998 }
999
1000 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1001 {
1002 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1003
1004 BT_DBG("tty %p dev %p", tty, dev);
1005
1006 if (!dev || !dev->dlc)
1007 return;
1008
1009 skb_queue_purge(&dev->dlc->tx_queue);
1010 tty_wakeup(tty);
1011 }
1012
1013 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1014 {
1015 BT_DBG("tty %p ch %c", tty, ch);
1016 }
1017
1018 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1019 {
1020 BT_DBG("tty %p timeout %d", tty, timeout);
1021 }
1022
1023 static void rfcomm_tty_hangup(struct tty_struct *tty)
1024 {
1025 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1026
1027 BT_DBG("tty %p dev %p", tty, dev);
1028
1029 tty_port_hangup(&dev->port);
1030 }
1031
1032 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1033 {
1034 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1035
1036 BT_DBG("tty %p dev %p", tty, dev);
1037
1038 return dev->modem_status;
1039 }
1040
1041 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1042 {
1043 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1044 struct rfcomm_dlc *dlc = dev->dlc;
1045 u8 v24_sig;
1046
1047 BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1048
1049 rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1050
1051 if (set & TIOCM_DSR || set & TIOCM_DTR)
1052 v24_sig |= RFCOMM_V24_RTC;
1053 if (set & TIOCM_RTS || set & TIOCM_CTS)
1054 v24_sig |= RFCOMM_V24_RTR;
1055 if (set & TIOCM_RI)
1056 v24_sig |= RFCOMM_V24_IC;
1057 if (set & TIOCM_CD)
1058 v24_sig |= RFCOMM_V24_DV;
1059
1060 if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1061 v24_sig &= ~RFCOMM_V24_RTC;
1062 if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1063 v24_sig &= ~RFCOMM_V24_RTR;
1064 if (clear & TIOCM_RI)
1065 v24_sig &= ~RFCOMM_V24_IC;
1066 if (clear & TIOCM_CD)
1067 v24_sig &= ~RFCOMM_V24_DV;
1068
1069 rfcomm_dlc_set_modem_status(dlc, v24_sig);
1070
1071 return 0;
1072 }
1073
1074 /* ---- TTY structure ---- */
1075
1076 static const struct tty_operations rfcomm_ops = {
1077 .open = rfcomm_tty_open,
1078 .close = rfcomm_tty_close,
1079 .write = rfcomm_tty_write,
1080 .write_room = rfcomm_tty_write_room,
1081 .chars_in_buffer = rfcomm_tty_chars_in_buffer,
1082 .flush_buffer = rfcomm_tty_flush_buffer,
1083 .ioctl = rfcomm_tty_ioctl,
1084 .throttle = rfcomm_tty_throttle,
1085 .unthrottle = rfcomm_tty_unthrottle,
1086 .set_termios = rfcomm_tty_set_termios,
1087 .send_xchar = rfcomm_tty_send_xchar,
1088 .hangup = rfcomm_tty_hangup,
1089 .wait_until_sent = rfcomm_tty_wait_until_sent,
1090 .tiocmget = rfcomm_tty_tiocmget,
1091 .tiocmset = rfcomm_tty_tiocmset,
1092 .install = rfcomm_tty_install,
1093 .cleanup = rfcomm_tty_cleanup,
1094 };
1095
1096 int __init rfcomm_init_ttys(void)
1097 {
1098 int error;
1099
1100 rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1101 if (!rfcomm_tty_driver)
1102 return -ENOMEM;
1103
1104 rfcomm_tty_driver->driver_name = "rfcomm";
1105 rfcomm_tty_driver->name = "rfcomm";
1106 rfcomm_tty_driver->major = RFCOMM_TTY_MAJOR;
1107 rfcomm_tty_driver->minor_start = RFCOMM_TTY_MINOR;
1108 rfcomm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1109 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1110 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1111 rfcomm_tty_driver->init_termios = tty_std_termios;
1112 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1113 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1114 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1115
1116 error = tty_register_driver(rfcomm_tty_driver);
1117 if (error) {
1118 BT_ERR("Can't register RFCOMM TTY driver");
1119 put_tty_driver(rfcomm_tty_driver);
1120 return error;
1121 }
1122
1123 BT_INFO("RFCOMM TTY layer initialized");
1124
1125 return 0;
1126 }
1127
1128 void rfcomm_cleanup_ttys(void)
1129 {
1130 tty_unregister_driver(rfcomm_tty_driver);
1131 put_tty_driver(rfcomm_tty_driver);
1132 }
(deprecated) Btrfs devel tree