Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
[linux-2.6.git] / net / bluetooth / rfcomm / tty.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <linux/capability.h>
35 #include <linux/slab.h>
36 #include <linux/skbuff.h>
37 #include <linux/workqueue.h>
38
39 #include <net/bluetooth/bluetooth.h>
40 #include <net/bluetooth/hci_core.h>
41 #include <net/bluetooth/rfcomm.h>
42
43 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
44 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
45 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
46 #define RFCOMM_TTY_MINOR 0
47
48 static struct tty_driver *rfcomm_tty_driver;
49
50 struct rfcomm_dev {
51         struct list_head        list;
52         atomic_t                refcnt;
53
54         char                    name[12];
55         int                     id;
56         unsigned long           flags;
57         atomic_t                opened;
58         int                     err;
59
60         bdaddr_t                src;
61         bdaddr_t                dst;
62         u8                      channel;
63
64         uint                    modem_status;
65
66         struct rfcomm_dlc       *dlc;
67         struct tty_struct       *tty;
68         wait_queue_head_t       wait;
69         struct work_struct      wakeup_task;
70
71         struct device           *tty_dev;
72
73         atomic_t                wmem_alloc;
74
75         struct sk_buff_head     pending;
76 };
77
78 static LIST_HEAD(rfcomm_dev_list);
79 static DEFINE_SPINLOCK(rfcomm_dev_lock);
80
81 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
82 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
83 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
84
85 static void rfcomm_tty_wakeup(struct work_struct *work);
86
87 /* ---- Device functions ---- */
88 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
89 {
90         struct rfcomm_dlc *dlc = dev->dlc;
91
92         BT_DBG("dev %p dlc %p", dev, dlc);
93
94         /* Refcount should only hit zero when called from rfcomm_dev_del()
95            which will have taken us off the list. Everything else are
96            refcounting bugs. */
97         BUG_ON(!list_empty(&dev->list));
98
99         rfcomm_dlc_lock(dlc);
100         /* Detach DLC if it's owned by this dev */
101         if (dlc->owner == dev)
102                 dlc->owner = NULL;
103         rfcomm_dlc_unlock(dlc);
104
105         rfcomm_dlc_put(dlc);
106
107         tty_unregister_device(rfcomm_tty_driver, dev->id);
108
109         kfree(dev);
110
111         /* It's safe to call module_put() here because socket still
112            holds reference to this module. */
113         module_put(THIS_MODULE);
114 }
115
116 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
117 {
118         atomic_inc(&dev->refcnt);
119 }
120
121 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
122 {
123         /* The reason this isn't actually a race, as you no
124            doubt have a little voice screaming at you in your
125            head, is that the refcount should never actually
126            reach zero unless the device has already been taken
127            off the list, in rfcomm_dev_del(). And if that's not
128            true, we'll hit the BUG() in rfcomm_dev_destruct()
129            anyway. */
130         if (atomic_dec_and_test(&dev->refcnt))
131                 rfcomm_dev_destruct(dev);
132 }
133
134 static struct rfcomm_dev *__rfcomm_dev_get(int id)
135 {
136         struct rfcomm_dev *dev;
137
138         list_for_each_entry(dev, &rfcomm_dev_list, list)
139                 if (dev->id == id)
140                         return dev;
141
142         return NULL;
143 }
144
145 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
146 {
147         struct rfcomm_dev *dev;
148
149         spin_lock(&rfcomm_dev_lock);
150
151         dev = __rfcomm_dev_get(id);
152
153         if (dev) {
154                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
155                         dev = NULL;
156                 else
157                         rfcomm_dev_hold(dev);
158         }
159
160         spin_unlock(&rfcomm_dev_lock);
161
162         return dev;
163 }
164
165 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
166 {
167         struct hci_dev *hdev;
168         struct hci_conn *conn;
169
170         hdev = hci_get_route(&dev->dst, &dev->src);
171         if (!hdev)
172                 return NULL;
173
174         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
175
176         hci_dev_put(hdev);
177
178         return conn ? &conn->dev : NULL;
179 }
180
181 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
182 {
183         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
184         return sprintf(buf, "%s\n", batostr(&dev->dst));
185 }
186
187 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
188 {
189         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
190         return sprintf(buf, "%d\n", dev->channel);
191 }
192
193 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
194 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
195
196 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
197 {
198         struct rfcomm_dev *dev, *entry;
199         struct list_head *head = &rfcomm_dev_list;
200         int err = 0;
201
202         BT_DBG("id %d channel %d", req->dev_id, req->channel);
203
204         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
205         if (!dev)
206                 return -ENOMEM;
207
208         spin_lock(&rfcomm_dev_lock);
209
210         if (req->dev_id < 0) {
211                 dev->id = 0;
212
213                 list_for_each_entry(entry, &rfcomm_dev_list, list) {
214                         if (entry->id != dev->id)
215                                 break;
216
217                         dev->id++;
218                         head = &entry->list;
219                 }
220         } else {
221                 dev->id = req->dev_id;
222
223                 list_for_each_entry(entry, &rfcomm_dev_list, list) {
224                         if (entry->id == dev->id) {
225                                 err = -EADDRINUSE;
226                                 goto out;
227                         }
228
229                         if (entry->id > dev->id - 1)
230                                 break;
231
232                         head = &entry->list;
233                 }
234         }
235
236         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
237                 err = -ENFILE;
238                 goto out;
239         }
240
241         sprintf(dev->name, "rfcomm%d", dev->id);
242
243         list_add(&dev->list, head);
244         atomic_set(&dev->refcnt, 1);
245
246         bacpy(&dev->src, &req->src);
247         bacpy(&dev->dst, &req->dst);
248         dev->channel = req->channel;
249
250         dev->flags = req->flags &
251                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
252
253         atomic_set(&dev->opened, 0);
254
255         init_waitqueue_head(&dev->wait);
256         INIT_WORK(&dev->wakeup_task, rfcomm_tty_wakeup);
257
258         skb_queue_head_init(&dev->pending);
259
260         rfcomm_dlc_lock(dlc);
261
262         if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
263                 struct sock *sk = dlc->owner;
264                 struct sk_buff *skb;
265
266                 BUG_ON(!sk);
267
268                 rfcomm_dlc_throttle(dlc);
269
270                 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
271                         skb_orphan(skb);
272                         skb_queue_tail(&dev->pending, skb);
273                         atomic_sub(skb->len, &sk->sk_rmem_alloc);
274                 }
275         }
276
277         dlc->data_ready   = rfcomm_dev_data_ready;
278         dlc->state_change = rfcomm_dev_state_change;
279         dlc->modem_status = rfcomm_dev_modem_status;
280
281         dlc->owner = dev;
282         dev->dlc   = dlc;
283
284         rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
285
286         rfcomm_dlc_unlock(dlc);
287
288         /* It's safe to call __module_get() here because socket already
289            holds reference to this module. */
290         __module_get(THIS_MODULE);
291
292 out:
293         spin_unlock(&rfcomm_dev_lock);
294
295         if (err < 0)
296                 goto free;
297
298         dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
299
300         if (IS_ERR(dev->tty_dev)) {
301                 err = PTR_ERR(dev->tty_dev);
302                 list_del(&dev->list);
303                 goto free;
304         }
305
306         dev_set_drvdata(dev->tty_dev, dev);
307
308         if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
309                 BT_ERR("Failed to create address attribute");
310
311         if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
312                 BT_ERR("Failed to create channel attribute");
313
314         return dev->id;
315
316 free:
317         kfree(dev);
318         return err;
319 }
320
321 static void rfcomm_dev_del(struct rfcomm_dev *dev)
322 {
323         BT_DBG("dev %p", dev);
324
325         BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
326
327         if (atomic_read(&dev->opened) > 0)
328                 return;
329
330         spin_lock(&rfcomm_dev_lock);
331         list_del_init(&dev->list);
332         spin_unlock(&rfcomm_dev_lock);
333
334         rfcomm_dev_put(dev);
335 }
336
337 /* ---- Send buffer ---- */
338 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
339 {
340         /* We can't let it be zero, because we don't get a callback
341            when tx_credits becomes nonzero, hence we'd never wake up */
342         return dlc->mtu * (dlc->tx_credits?:1);
343 }
344
345 static void rfcomm_wfree(struct sk_buff *skb)
346 {
347         struct rfcomm_dev *dev = (void *) skb->sk;
348         atomic_sub(skb->truesize, &dev->wmem_alloc);
349         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
350                 queue_work(system_nrt_wq, &dev->wakeup_task);
351         rfcomm_dev_put(dev);
352 }
353
354 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
355 {
356         rfcomm_dev_hold(dev);
357         atomic_add(skb->truesize, &dev->wmem_alloc);
358         skb->sk = (void *) dev;
359         skb->destructor = rfcomm_wfree;
360 }
361
362 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
363 {
364         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
365                 struct sk_buff *skb = alloc_skb(size, priority);
366                 if (skb) {
367                         rfcomm_set_owner_w(skb, dev);
368                         return skb;
369                 }
370         }
371         return NULL;
372 }
373
374 /* ---- Device IOCTLs ---- */
375
376 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
377
378 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
379 {
380         struct rfcomm_dev_req req;
381         struct rfcomm_dlc *dlc;
382         int id;
383
384         if (copy_from_user(&req, arg, sizeof(req)))
385                 return -EFAULT;
386
387         BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
388
389         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
390                 return -EPERM;
391
392         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
393                 /* Socket must be connected */
394                 if (sk->sk_state != BT_CONNECTED)
395                         return -EBADFD;
396
397                 dlc = rfcomm_pi(sk)->dlc;
398                 rfcomm_dlc_hold(dlc);
399         } else {
400                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
401                 if (!dlc)
402                         return -ENOMEM;
403         }
404
405         id = rfcomm_dev_add(&req, dlc);
406         if (id < 0) {
407                 rfcomm_dlc_put(dlc);
408                 return id;
409         }
410
411         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
412                 /* DLC is now used by device.
413                  * Socket must be disconnected */
414                 sk->sk_state = BT_CLOSED;
415         }
416
417         return id;
418 }
419
420 static int rfcomm_release_dev(void __user *arg)
421 {
422         struct rfcomm_dev_req req;
423         struct rfcomm_dev *dev;
424
425         if (copy_from_user(&req, arg, sizeof(req)))
426                 return -EFAULT;
427
428         BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
429
430         dev = rfcomm_dev_get(req.dev_id);
431         if (!dev)
432                 return -ENODEV;
433
434         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
435                 rfcomm_dev_put(dev);
436                 return -EPERM;
437         }
438
439         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
440                 rfcomm_dlc_close(dev->dlc, 0);
441
442         /* Shut down TTY synchronously before freeing rfcomm_dev */
443         if (dev->tty)
444                 tty_vhangup(dev->tty);
445
446         if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
447                 rfcomm_dev_del(dev);
448         rfcomm_dev_put(dev);
449         return 0;
450 }
451
452 static int rfcomm_get_dev_list(void __user *arg)
453 {
454         struct rfcomm_dev *dev;
455         struct rfcomm_dev_list_req *dl;
456         struct rfcomm_dev_info *di;
457         int n = 0, size, err;
458         u16 dev_num;
459
460         BT_DBG("");
461
462         if (get_user(dev_num, (u16 __user *) arg))
463                 return -EFAULT;
464
465         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
466                 return -EINVAL;
467
468         size = sizeof(*dl) + dev_num * sizeof(*di);
469
470         dl = kmalloc(size, GFP_KERNEL);
471         if (!dl)
472                 return -ENOMEM;
473
474         di = dl->dev_info;
475
476         spin_lock(&rfcomm_dev_lock);
477
478         list_for_each_entry(dev, &rfcomm_dev_list, list) {
479                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
480                         continue;
481                 (di + n)->id      = dev->id;
482                 (di + n)->flags   = dev->flags;
483                 (di + n)->state   = dev->dlc->state;
484                 (di + n)->channel = dev->channel;
485                 bacpy(&(di + n)->src, &dev->src);
486                 bacpy(&(di + n)->dst, &dev->dst);
487                 if (++n >= dev_num)
488                         break;
489         }
490
491         spin_unlock(&rfcomm_dev_lock);
492
493         dl->dev_num = n;
494         size = sizeof(*dl) + n * sizeof(*di);
495
496         err = copy_to_user(arg, dl, size);
497         kfree(dl);
498
499         return err ? -EFAULT : 0;
500 }
501
502 static int rfcomm_get_dev_info(void __user *arg)
503 {
504         struct rfcomm_dev *dev;
505         struct rfcomm_dev_info di;
506         int err = 0;
507
508         BT_DBG("");
509
510         if (copy_from_user(&di, arg, sizeof(di)))
511                 return -EFAULT;
512
513         dev = rfcomm_dev_get(di.id);
514         if (!dev)
515                 return -ENODEV;
516
517         di.flags   = dev->flags;
518         di.channel = dev->channel;
519         di.state   = dev->dlc->state;
520         bacpy(&di.src, &dev->src);
521         bacpy(&di.dst, &dev->dst);
522
523         if (copy_to_user(arg, &di, sizeof(di)))
524                 err = -EFAULT;
525
526         rfcomm_dev_put(dev);
527         return err;
528 }
529
530 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
531 {
532         BT_DBG("cmd %d arg %p", cmd, arg);
533
534         switch (cmd) {
535         case RFCOMMCREATEDEV:
536                 return rfcomm_create_dev(sk, arg);
537
538         case RFCOMMRELEASEDEV:
539                 return rfcomm_release_dev(arg);
540
541         case RFCOMMGETDEVLIST:
542                 return rfcomm_get_dev_list(arg);
543
544         case RFCOMMGETDEVINFO:
545                 return rfcomm_get_dev_info(arg);
546         }
547
548         return -EINVAL;
549 }
550
551 /* ---- DLC callbacks ---- */
552 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
553 {
554         struct rfcomm_dev *dev = dlc->owner;
555         struct tty_struct *tty;
556
557         if (!dev) {
558                 kfree_skb(skb);
559                 return;
560         }
561
562         tty = dev->tty;
563         if (!tty || !skb_queue_empty(&dev->pending)) {
564                 skb_queue_tail(&dev->pending, skb);
565                 return;
566         }
567
568         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
569
570         tty_insert_flip_string(tty, skb->data, skb->len);
571         tty_flip_buffer_push(tty);
572
573         kfree_skb(skb);
574 }
575
576 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
577 {
578         struct rfcomm_dev *dev = dlc->owner;
579         if (!dev)
580                 return;
581
582         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
583
584         dev->err = err;
585         wake_up_interruptible(&dev->wait);
586
587         if (dlc->state == BT_CLOSED) {
588                 if (!dev->tty) {
589                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
590                                 /* Drop DLC lock here to avoid deadlock
591                                  * 1. rfcomm_dev_get will take rfcomm_dev_lock
592                                  *    but in rfcomm_dev_add there's lock order:
593                                  *    rfcomm_dev_lock -> dlc lock
594                                  * 2. rfcomm_dev_put will deadlock if it's
595                                  *    the last reference
596                                  */
597                                 rfcomm_dlc_unlock(dlc);
598                                 if (rfcomm_dev_get(dev->id) == NULL) {
599                                         rfcomm_dlc_lock(dlc);
600                                         return;
601                                 }
602
603                                 rfcomm_dev_del(dev);
604                                 rfcomm_dev_put(dev);
605                                 rfcomm_dlc_lock(dlc);
606                         }
607                 } else
608                         tty_hangup(dev->tty);
609         }
610 }
611
612 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
613 {
614         struct rfcomm_dev *dev = dlc->owner;
615         if (!dev)
616                 return;
617
618         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
619
620         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
621                 if (dev->tty && !C_CLOCAL(dev->tty))
622                         tty_hangup(dev->tty);
623         }
624
625         dev->modem_status =
626                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
627                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
628                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
629                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
630 }
631
632 /* ---- TTY functions ---- */
633 static void rfcomm_tty_wakeup(struct work_struct *work)
634 {
635         struct rfcomm_dev *dev = container_of(work, struct rfcomm_dev,
636                                                                 wakeup_task);
637         struct tty_struct *tty = dev->tty;
638         if (!tty)
639                 return;
640
641         BT_DBG("dev %p tty %p", dev, tty);
642         tty_wakeup(tty);
643 }
644
645 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
646 {
647         struct tty_struct *tty = dev->tty;
648         struct sk_buff *skb;
649         int inserted = 0;
650
651         if (!tty)
652                 return;
653
654         BT_DBG("dev %p tty %p", dev, tty);
655
656         rfcomm_dlc_lock(dev->dlc);
657
658         while ((skb = skb_dequeue(&dev->pending))) {
659                 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
660                 kfree_skb(skb);
661         }
662
663         rfcomm_dlc_unlock(dev->dlc);
664
665         if (inserted > 0)
666                 tty_flip_buffer_push(tty);
667 }
668
669 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
670 {
671         DECLARE_WAITQUEUE(wait, current);
672         struct rfcomm_dev *dev;
673         struct rfcomm_dlc *dlc;
674         int err, id;
675
676         id = tty->index;
677
678         BT_DBG("tty %p id %d", tty, id);
679
680         /* We don't leak this refcount. For reasons which are not entirely
681            clear, the TTY layer will call our ->close() method even if the
682            open fails. We decrease the refcount there, and decreasing it
683            here too would cause breakage. */
684         dev = rfcomm_dev_get(id);
685         if (!dev)
686                 return -ENODEV;
687
688         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
689                                 dev->channel, atomic_read(&dev->opened));
690
691         if (atomic_inc_return(&dev->opened) > 1)
692                 return 0;
693
694         dlc = dev->dlc;
695
696         /* Attach TTY and open DLC */
697
698         rfcomm_dlc_lock(dlc);
699         tty->driver_data = dev;
700         dev->tty = tty;
701         rfcomm_dlc_unlock(dlc);
702         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
703
704         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
705         if (err < 0)
706                 return err;
707
708         /* Wait for DLC to connect */
709         add_wait_queue(&dev->wait, &wait);
710         while (1) {
711                 set_current_state(TASK_INTERRUPTIBLE);
712
713                 if (dlc->state == BT_CLOSED) {
714                         err = -dev->err;
715                         break;
716                 }
717
718                 if (dlc->state == BT_CONNECTED)
719                         break;
720
721                 if (signal_pending(current)) {
722                         err = -EINTR;
723                         break;
724                 }
725
726                 tty_unlock();
727                 schedule();
728                 tty_lock();
729         }
730         set_current_state(TASK_RUNNING);
731         remove_wait_queue(&dev->wait, &wait);
732
733         if (err == 0)
734                 device_move(dev->tty_dev, rfcomm_get_device(dev),
735                             DPM_ORDER_DEV_AFTER_PARENT);
736
737         rfcomm_tty_copy_pending(dev);
738
739         rfcomm_dlc_unthrottle(dev->dlc);
740
741         return err;
742 }
743
744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
745 {
746         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
747         if (!dev)
748                 return;
749
750         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
751                                                 atomic_read(&dev->opened));
752
753         if (atomic_dec_and_test(&dev->opened)) {
754                 if (dev->tty_dev->parent)
755                         device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
756
757                 /* Close DLC and dettach TTY */
758                 rfcomm_dlc_close(dev->dlc, 0);
759
760                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
761                 cancel_work_sync(&dev->wakeup_task);
762
763                 rfcomm_dlc_lock(dev->dlc);
764                 tty->driver_data = NULL;
765                 dev->tty = NULL;
766                 rfcomm_dlc_unlock(dev->dlc);
767
768                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
769                         spin_lock(&rfcomm_dev_lock);
770                         list_del_init(&dev->list);
771                         spin_unlock(&rfcomm_dev_lock);
772
773                         rfcomm_dev_put(dev);
774                 }
775         }
776
777         rfcomm_dev_put(dev);
778 }
779
780 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
781 {
782         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
783         struct rfcomm_dlc *dlc = dev->dlc;
784         struct sk_buff *skb;
785         int err = 0, sent = 0, size;
786
787         BT_DBG("tty %p count %d", tty, count);
788
789         while (count) {
790                 size = min_t(uint, count, dlc->mtu);
791
792                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
793
794                 if (!skb)
795                         break;
796
797                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
798
799                 memcpy(skb_put(skb, size), buf + sent, size);
800
801                 err = rfcomm_dlc_send(dlc, skb);
802                 if (err < 0) {
803                         kfree_skb(skb);
804                         break;
805                 }
806
807                 sent  += size;
808                 count -= size;
809         }
810
811         return sent ? sent : err;
812 }
813
814 static int rfcomm_tty_write_room(struct tty_struct *tty)
815 {
816         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
817         int room;
818
819         BT_DBG("tty %p", tty);
820
821         if (!dev || !dev->dlc)
822                 return 0;
823
824         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
825         if (room < 0)
826                 room = 0;
827
828         return room;
829 }
830
831 static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
832 {
833         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
834
835         switch (cmd) {
836         case TCGETS:
837                 BT_DBG("TCGETS is not supported");
838                 return -ENOIOCTLCMD;
839
840         case TCSETS:
841                 BT_DBG("TCSETS is not supported");
842                 return -ENOIOCTLCMD;
843
844         case TIOCMIWAIT:
845                 BT_DBG("TIOCMIWAIT");
846                 break;
847
848         case TIOCGSERIAL:
849                 BT_ERR("TIOCGSERIAL is not supported");
850                 return -ENOIOCTLCMD;
851
852         case TIOCSSERIAL:
853                 BT_ERR("TIOCSSERIAL is not supported");
854                 return -ENOIOCTLCMD;
855
856         case TIOCSERGSTRUCT:
857                 BT_ERR("TIOCSERGSTRUCT is not supported");
858                 return -ENOIOCTLCMD;
859
860         case TIOCSERGETLSR:
861                 BT_ERR("TIOCSERGETLSR is not supported");
862                 return -ENOIOCTLCMD;
863
864         case TIOCSERCONFIG:
865                 BT_ERR("TIOCSERCONFIG is not supported");
866                 return -ENOIOCTLCMD;
867
868         default:
869                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
870
871         }
872
873         return -ENOIOCTLCMD;
874 }
875
876 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
877 {
878         struct ktermios *new = tty->termios;
879         int old_baud_rate = tty_termios_baud_rate(old);
880         int new_baud_rate = tty_termios_baud_rate(new);
881
882         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
883         u16 changes = 0;
884
885         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
886
887         BT_DBG("tty %p termios %p", tty, old);
888
889         if (!dev || !dev->dlc || !dev->dlc->session)
890                 return;
891
892         /* Handle turning off CRTSCTS */
893         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
894                 BT_DBG("Turning off CRTSCTS unsupported");
895
896         /* Parity on/off and when on, odd/even */
897         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
898                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD))) {
899                 changes |= RFCOMM_RPN_PM_PARITY;
900                 BT_DBG("Parity change detected.");
901         }
902
903         /* Mark and space parity are not supported! */
904         if (new->c_cflag & PARENB) {
905                 if (new->c_cflag & PARODD) {
906                         BT_DBG("Parity is ODD");
907                         parity = RFCOMM_RPN_PARITY_ODD;
908                 } else {
909                         BT_DBG("Parity is EVEN");
910                         parity = RFCOMM_RPN_PARITY_EVEN;
911                 }
912         } else {
913                 BT_DBG("Parity is OFF");
914                 parity = RFCOMM_RPN_PARITY_NONE;
915         }
916
917         /* Setting the x_on / x_off characters */
918         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
919                 BT_DBG("XOFF custom");
920                 x_on = new->c_cc[VSTOP];
921                 changes |= RFCOMM_RPN_PM_XON;
922         } else {
923                 BT_DBG("XOFF default");
924                 x_on = RFCOMM_RPN_XON_CHAR;
925         }
926
927         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
928                 BT_DBG("XON custom");
929                 x_off = new->c_cc[VSTART];
930                 changes |= RFCOMM_RPN_PM_XOFF;
931         } else {
932                 BT_DBG("XON default");
933                 x_off = RFCOMM_RPN_XOFF_CHAR;
934         }
935
936         /* Handle setting of stop bits */
937         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
938                 changes |= RFCOMM_RPN_PM_STOP;
939
940         /* POSIX does not support 1.5 stop bits and RFCOMM does not
941          * support 2 stop bits. So a request for 2 stop bits gets
942          * translated to 1.5 stop bits */
943         if (new->c_cflag & CSTOPB)
944                 stop_bits = RFCOMM_RPN_STOP_15;
945         else
946                 stop_bits = RFCOMM_RPN_STOP_1;
947
948         /* Handle number of data bits [5-8] */
949         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
950                 changes |= RFCOMM_RPN_PM_DATA;
951
952         switch (new->c_cflag & CSIZE) {
953         case CS5:
954                 data_bits = RFCOMM_RPN_DATA_5;
955                 break;
956         case CS6:
957                 data_bits = RFCOMM_RPN_DATA_6;
958                 break;
959         case CS7:
960                 data_bits = RFCOMM_RPN_DATA_7;
961                 break;
962         case CS8:
963                 data_bits = RFCOMM_RPN_DATA_8;
964                 break;
965         default:
966                 data_bits = RFCOMM_RPN_DATA_8;
967                 break;
968         }
969
970         /* Handle baudrate settings */
971         if (old_baud_rate != new_baud_rate)
972                 changes |= RFCOMM_RPN_PM_BITRATE;
973
974         switch (new_baud_rate) {
975         case 2400:
976                 baud = RFCOMM_RPN_BR_2400;
977                 break;
978         case 4800:
979                 baud = RFCOMM_RPN_BR_4800;
980                 break;
981         case 7200:
982                 baud = RFCOMM_RPN_BR_7200;
983                 break;
984         case 9600:
985                 baud = RFCOMM_RPN_BR_9600;
986                 break;
987         case 19200:
988                 baud = RFCOMM_RPN_BR_19200;
989                 break;
990         case 38400:
991                 baud = RFCOMM_RPN_BR_38400;
992                 break;
993         case 57600:
994                 baud = RFCOMM_RPN_BR_57600;
995                 break;
996         case 115200:
997                 baud = RFCOMM_RPN_BR_115200;
998                 break;
999         case 230400:
1000                 baud = RFCOMM_RPN_BR_230400;
1001                 break;
1002         default:
1003                 /* 9600 is standard accordinag to the RFCOMM specification */
1004                 baud = RFCOMM_RPN_BR_9600;
1005                 break;
1006
1007         }
1008
1009         if (changes)
1010                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1011                                 data_bits, stop_bits, parity,
1012                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1013 }
1014
1015 static void rfcomm_tty_throttle(struct tty_struct *tty)
1016 {
1017         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019         BT_DBG("tty %p dev %p", tty, dev);
1020
1021         rfcomm_dlc_throttle(dev->dlc);
1022 }
1023
1024 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1025 {
1026         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1027
1028         BT_DBG("tty %p dev %p", tty, dev);
1029
1030         rfcomm_dlc_unthrottle(dev->dlc);
1031 }
1032
1033 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1034 {
1035         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1036
1037         BT_DBG("tty %p dev %p", tty, dev);
1038
1039         if (!dev || !dev->dlc)
1040                 return 0;
1041
1042         if (!skb_queue_empty(&dev->dlc->tx_queue))
1043                 return dev->dlc->mtu;
1044
1045         return 0;
1046 }
1047
1048 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1049 {
1050         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1051
1052         BT_DBG("tty %p dev %p", tty, dev);
1053
1054         if (!dev || !dev->dlc)
1055                 return;
1056
1057         skb_queue_purge(&dev->dlc->tx_queue);
1058         tty_wakeup(tty);
1059 }
1060
1061 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1062 {
1063         BT_DBG("tty %p ch %c", tty, ch);
1064 }
1065
1066 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1067 {
1068         BT_DBG("tty %p timeout %d", tty, timeout);
1069 }
1070
1071 static void rfcomm_tty_hangup(struct tty_struct *tty)
1072 {
1073         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1074
1075         BT_DBG("tty %p dev %p", tty, dev);
1076
1077         if (!dev)
1078                 return;
1079
1080         rfcomm_tty_flush_buffer(tty);
1081
1082         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1083                 if (rfcomm_dev_get(dev->id) == NULL)
1084                         return;
1085                 rfcomm_dev_del(dev);
1086                 rfcomm_dev_put(dev);
1087         }
1088 }
1089
1090 static int rfcomm_tty_tiocmget(struct tty_struct *tty)
1091 {
1092         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1093
1094         BT_DBG("tty %p dev %p", tty, dev);
1095
1096         return dev->modem_status;
1097 }
1098
1099 static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear)
1100 {
1101         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1102         struct rfcomm_dlc *dlc = dev->dlc;
1103         u8 v24_sig;
1104
1105         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1106
1107         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1108
1109         if (set & TIOCM_DSR || set & TIOCM_DTR)
1110                 v24_sig |= RFCOMM_V24_RTC;
1111         if (set & TIOCM_RTS || set & TIOCM_CTS)
1112                 v24_sig |= RFCOMM_V24_RTR;
1113         if (set & TIOCM_RI)
1114                 v24_sig |= RFCOMM_V24_IC;
1115         if (set & TIOCM_CD)
1116                 v24_sig |= RFCOMM_V24_DV;
1117
1118         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1119                 v24_sig &= ~RFCOMM_V24_RTC;
1120         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1121                 v24_sig &= ~RFCOMM_V24_RTR;
1122         if (clear & TIOCM_RI)
1123                 v24_sig &= ~RFCOMM_V24_IC;
1124         if (clear & TIOCM_CD)
1125                 v24_sig &= ~RFCOMM_V24_DV;
1126
1127         rfcomm_dlc_set_modem_status(dlc, v24_sig);
1128
1129         return 0;
1130 }
1131
1132 /* ---- TTY structure ---- */
1133
1134 static const struct tty_operations rfcomm_ops = {
1135         .open                   = rfcomm_tty_open,
1136         .close                  = rfcomm_tty_close,
1137         .write                  = rfcomm_tty_write,
1138         .write_room             = rfcomm_tty_write_room,
1139         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1140         .flush_buffer           = rfcomm_tty_flush_buffer,
1141         .ioctl                  = rfcomm_tty_ioctl,
1142         .throttle               = rfcomm_tty_throttle,
1143         .unthrottle             = rfcomm_tty_unthrottle,
1144         .set_termios            = rfcomm_tty_set_termios,
1145         .send_xchar             = rfcomm_tty_send_xchar,
1146         .hangup                 = rfcomm_tty_hangup,
1147         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1148         .tiocmget               = rfcomm_tty_tiocmget,
1149         .tiocmset               = rfcomm_tty_tiocmset,
1150 };
1151
1152 int __init rfcomm_init_ttys(void)
1153 {
1154         int error;
1155
1156         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1157         if (!rfcomm_tty_driver)
1158                 return -ENOMEM;
1159
1160         rfcomm_tty_driver->driver_name  = "rfcomm";
1161         rfcomm_tty_driver->name         = "rfcomm";
1162         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1163         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1164         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1165         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1166         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1167         rfcomm_tty_driver->init_termios = tty_std_termios;
1168         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1169         rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1170         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1171
1172         error = tty_register_driver(rfcomm_tty_driver);
1173         if (error) {
1174                 BT_ERR("Can't register RFCOMM TTY driver");
1175                 put_tty_driver(rfcomm_tty_driver);
1176                 return error;
1177         }
1178
1179         BT_INFO("RFCOMM TTY layer initialized");
1180
1181         return 0;
1182 }
1183
1184 void rfcomm_cleanup_ttys(void)
1185 {
1186         tty_unregister_driver(rfcomm_tty_driver);
1187         put_tty_driver(rfcomm_tty_driver);
1188 }