a6a758dd1f7d88dc322fb565494b2db42d181b69
[linux-2.6.git] / net / bluetooth / rfcomm / tty.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  *
27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28  */
29
30 #include <linux/module.h>
31
32 #include <linux/tty.h>
33 #include <linux/tty_driver.h>
34 #include <linux/tty_flip.h>
35
36 #include <linux/capability.h>
37 #include <linux/slab.h>
38 #include <linux/skbuff.h>
39
40 #include <net/bluetooth/bluetooth.h>
41 #include <net/bluetooth/hci_core.h>
42 #include <net/bluetooth/rfcomm.h>
43
44 #ifndef CONFIG_BT_RFCOMM_DEBUG
45 #undef  BT_DBG
46 #define BT_DBG(D...)
47 #endif
48
49 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
51 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
52 #define RFCOMM_TTY_MINOR 0
53
54 static struct tty_driver *rfcomm_tty_driver;
55
56 struct rfcomm_dev {
57         struct list_head        list;
58         atomic_t                refcnt;
59
60         char                    name[12];
61         int                     id;
62         unsigned long           flags;
63         int                     opened;
64         int                     err;
65
66         bdaddr_t                src;
67         bdaddr_t                dst;
68         u8                      channel;
69
70         uint                    modem_status;
71
72         struct rfcomm_dlc       *dlc;
73         struct tty_struct       *tty;
74         wait_queue_head_t       wait;
75         struct tasklet_struct   wakeup_task;
76
77         struct device           *tty_dev;
78
79         atomic_t                wmem_alloc;
80 };
81
82 static LIST_HEAD(rfcomm_dev_list);
83 static DEFINE_RWLOCK(rfcomm_dev_lock);
84
85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
88
89 static void rfcomm_tty_wakeup(unsigned long arg);
90
91 /* ---- Device functions ---- */
92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
93 {
94         struct rfcomm_dlc *dlc = dev->dlc;
95
96         BT_DBG("dev %p dlc %p", dev, dlc);
97
98         /* Refcount should only hit zero when called from rfcomm_dev_del()
99            which will have taken us off the list. Everything else are
100            refcounting bugs. */
101         BUG_ON(!list_empty(&dev->list));
102
103         rfcomm_dlc_lock(dlc);
104         /* Detach DLC if it's owned by this dev */
105         if (dlc->owner == dev)
106                 dlc->owner = NULL;
107         rfcomm_dlc_unlock(dlc);
108
109         rfcomm_dlc_put(dlc);
110
111         tty_unregister_device(rfcomm_tty_driver, dev->id);
112
113         kfree(dev);
114
115         /* It's safe to call module_put() here because socket still
116            holds reference to this module. */
117         module_put(THIS_MODULE);
118 }
119
120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
121 {
122         atomic_inc(&dev->refcnt);
123 }
124
125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
126 {
127         /* The reason this isn't actually a race, as you no
128            doubt have a little voice screaming at you in your
129            head, is that the refcount should never actually
130            reach zero unless the device has already been taken
131            off the list, in rfcomm_dev_del(). And if that's not
132            true, we'll hit the BUG() in rfcomm_dev_destruct()
133            anyway. */
134         if (atomic_dec_and_test(&dev->refcnt))
135                 rfcomm_dev_destruct(dev);
136 }
137
138 static struct rfcomm_dev *__rfcomm_dev_get(int id)
139 {
140         struct rfcomm_dev *dev;
141         struct list_head  *p;
142
143         list_for_each(p, &rfcomm_dev_list) {
144                 dev = list_entry(p, struct rfcomm_dev, list);
145                 if (dev->id == id)
146                         return dev;
147         }
148
149         return NULL;
150 }
151
152 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
153 {
154         struct rfcomm_dev *dev;
155
156         read_lock(&rfcomm_dev_lock);
157
158         dev = __rfcomm_dev_get(id);
159
160         if (dev) {
161                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
162                         dev = NULL;
163                 else
164                         rfcomm_dev_hold(dev);
165         }
166
167         read_unlock(&rfcomm_dev_lock);
168
169         return dev;
170 }
171
172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
173 {
174         struct hci_dev *hdev;
175         struct hci_conn *conn;
176
177         hdev = hci_get_route(&dev->dst, &dev->src);
178         if (!hdev)
179                 return NULL;
180
181         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
182
183         hci_dev_put(hdev);
184
185         return conn ? &conn->dev : NULL;
186 }
187
188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
189 {
190         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
191         bdaddr_t bdaddr;
192         baswap(&bdaddr, &dev->dst);
193         return sprintf(buf, "%s\n", batostr(&bdaddr));
194 }
195
196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
197 {
198         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
199         return sprintf(buf, "%d\n", dev->channel);
200 }
201
202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
204
205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
206 {
207         struct rfcomm_dev *dev;
208         struct list_head *head = &rfcomm_dev_list, *p;
209         int err = 0;
210
211         BT_DBG("id %d channel %d", req->dev_id, req->channel);
212
213         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
214         if (!dev)
215                 return -ENOMEM;
216
217         write_lock_bh(&rfcomm_dev_lock);
218
219         if (req->dev_id < 0) {
220                 dev->id = 0;
221
222                 list_for_each(p, &rfcomm_dev_list) {
223                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
224                                 break;
225
226                         dev->id++;
227                         head = p;
228                 }
229         } else {
230                 dev->id = req->dev_id;
231
232                 list_for_each(p, &rfcomm_dev_list) {
233                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
234
235                         if (entry->id == dev->id) {
236                                 err = -EADDRINUSE;
237                                 goto out;
238                         }
239
240                         if (entry->id > dev->id - 1)
241                                 break;
242
243                         head = p;
244                 }
245         }
246
247         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
248                 err = -ENFILE;
249                 goto out;
250         }
251
252         sprintf(dev->name, "rfcomm%d", dev->id);
253
254         list_add(&dev->list, head);
255         atomic_set(&dev->refcnt, 1);
256
257         bacpy(&dev->src, &req->src);
258         bacpy(&dev->dst, &req->dst);
259         dev->channel = req->channel;
260
261         dev->flags = req->flags &
262                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
263
264         init_waitqueue_head(&dev->wait);
265         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
266
267         rfcomm_dlc_lock(dlc);
268         dlc->data_ready   = rfcomm_dev_data_ready;
269         dlc->state_change = rfcomm_dev_state_change;
270         dlc->modem_status = rfcomm_dev_modem_status;
271
272         dlc->owner = dev;
273         dev->dlc   = dlc;
274         rfcomm_dlc_unlock(dlc);
275
276         /* It's safe to call __module_get() here because socket already
277            holds reference to this module. */
278         __module_get(THIS_MODULE);
279
280 out:
281         write_unlock_bh(&rfcomm_dev_lock);
282
283         if (err < 0) {
284                 kfree(dev);
285                 return err;
286         }
287
288         dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
289
290         if (IS_ERR(dev->tty_dev)) {
291                 err = PTR_ERR(dev->tty_dev);
292                 list_del(&dev->list);
293                 kfree(dev);
294                 return err;
295         }
296
297         dev_set_drvdata(dev->tty_dev, dev);
298
299         if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
300                 BT_ERR("Failed to create address attribute");
301
302         if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
303                 BT_ERR("Failed to create channel attribute");
304
305         return dev->id;
306 }
307
308 static void rfcomm_dev_del(struct rfcomm_dev *dev)
309 {
310         BT_DBG("dev %p", dev);
311
312         if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
313                 BUG_ON(1);
314         else
315                 set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
316
317         write_lock_bh(&rfcomm_dev_lock);
318         list_del_init(&dev->list);
319         write_unlock_bh(&rfcomm_dev_lock);
320
321         rfcomm_dev_put(dev);
322 }
323
324 /* ---- Send buffer ---- */
325 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
326 {
327         /* We can't let it be zero, because we don't get a callback
328            when tx_credits becomes nonzero, hence we'd never wake up */
329         return dlc->mtu * (dlc->tx_credits?:1);
330 }
331
332 static void rfcomm_wfree(struct sk_buff *skb)
333 {
334         struct rfcomm_dev *dev = (void *) skb->sk;
335         atomic_sub(skb->truesize, &dev->wmem_alloc);
336         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
337                 tasklet_schedule(&dev->wakeup_task);
338         rfcomm_dev_put(dev);
339 }
340
341 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
342 {
343         rfcomm_dev_hold(dev);
344         atomic_add(skb->truesize, &dev->wmem_alloc);
345         skb->sk = (void *) dev;
346         skb->destructor = rfcomm_wfree;
347 }
348
349 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
350 {
351         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
352                 struct sk_buff *skb = alloc_skb(size, priority);
353                 if (skb) {
354                         rfcomm_set_owner_w(skb, dev);
355                         return skb;
356                 }
357         }
358         return NULL;
359 }
360
361 /* ---- Device IOCTLs ---- */
362
363 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
364
365 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
366 {
367         struct rfcomm_dev_req req;
368         struct rfcomm_dlc *dlc;
369         int id;
370
371         if (copy_from_user(&req, arg, sizeof(req)))
372                 return -EFAULT;
373
374         BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
375
376         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
377                 return -EPERM;
378
379         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
380                 /* Socket must be connected */
381                 if (sk->sk_state != BT_CONNECTED)
382                         return -EBADFD;
383
384                 dlc = rfcomm_pi(sk)->dlc;
385                 rfcomm_dlc_hold(dlc);
386         } else {
387                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
388                 if (!dlc)
389                         return -ENOMEM;
390         }
391
392         id = rfcomm_dev_add(&req, dlc);
393         if (id < 0) {
394                 rfcomm_dlc_put(dlc);
395                 return id;
396         }
397
398         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
399                 /* DLC is now used by device.
400                  * Socket must be disconnected */
401                 sk->sk_state = BT_CLOSED;
402         }
403
404         return id;
405 }
406
407 static int rfcomm_release_dev(void __user *arg)
408 {
409         struct rfcomm_dev_req req;
410         struct rfcomm_dev *dev;
411
412         if (copy_from_user(&req, arg, sizeof(req)))
413                 return -EFAULT;
414
415         BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
416
417         if (!(dev = rfcomm_dev_get(req.dev_id)))
418                 return -ENODEV;
419
420         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
421                 rfcomm_dev_put(dev);
422                 return -EPERM;
423         }
424
425         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
426                 rfcomm_dlc_close(dev->dlc, 0);
427
428         /* Shut down TTY synchronously before freeing rfcomm_dev */
429         if (dev->tty)
430                 tty_vhangup(dev->tty);
431
432         rfcomm_dev_del(dev);
433         rfcomm_dev_put(dev);
434         return 0;
435 }
436
437 static int rfcomm_get_dev_list(void __user *arg)
438 {
439         struct rfcomm_dev_list_req *dl;
440         struct rfcomm_dev_info *di;
441         struct list_head *p;
442         int n = 0, size, err;
443         u16 dev_num;
444
445         BT_DBG("");
446
447         if (get_user(dev_num, (u16 __user *) arg))
448                 return -EFAULT;
449
450         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
451                 return -EINVAL;
452
453         size = sizeof(*dl) + dev_num * sizeof(*di);
454
455         if (!(dl = kmalloc(size, GFP_KERNEL)))
456                 return -ENOMEM;
457
458         di = dl->dev_info;
459
460         read_lock_bh(&rfcomm_dev_lock);
461
462         list_for_each(p, &rfcomm_dev_list) {
463                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
464                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
465                         continue;
466                 (di + n)->id      = dev->id;
467                 (di + n)->flags   = dev->flags;
468                 (di + n)->state   = dev->dlc->state;
469                 (di + n)->channel = dev->channel;
470                 bacpy(&(di + n)->src, &dev->src);
471                 bacpy(&(di + n)->dst, &dev->dst);
472                 if (++n >= dev_num)
473                         break;
474         }
475
476         read_unlock_bh(&rfcomm_dev_lock);
477
478         dl->dev_num = n;
479         size = sizeof(*dl) + n * sizeof(*di);
480
481         err = copy_to_user(arg, dl, size);
482         kfree(dl);
483
484         return err ? -EFAULT : 0;
485 }
486
487 static int rfcomm_get_dev_info(void __user *arg)
488 {
489         struct rfcomm_dev *dev;
490         struct rfcomm_dev_info di;
491         int err = 0;
492
493         BT_DBG("");
494
495         if (copy_from_user(&di, arg, sizeof(di)))
496                 return -EFAULT;
497
498         if (!(dev = rfcomm_dev_get(di.id)))
499                 return -ENODEV;
500
501         di.flags   = dev->flags;
502         di.channel = dev->channel;
503         di.state   = dev->dlc->state;
504         bacpy(&di.src, &dev->src);
505         bacpy(&di.dst, &dev->dst);
506
507         if (copy_to_user(arg, &di, sizeof(di)))
508                 err = -EFAULT;
509
510         rfcomm_dev_put(dev);
511         return err;
512 }
513
514 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
515 {
516         BT_DBG("cmd %d arg %p", cmd, arg);
517
518         switch (cmd) {
519         case RFCOMMCREATEDEV:
520                 return rfcomm_create_dev(sk, arg);
521
522         case RFCOMMRELEASEDEV:
523                 return rfcomm_release_dev(arg);
524
525         case RFCOMMGETDEVLIST:
526                 return rfcomm_get_dev_list(arg);
527
528         case RFCOMMGETDEVINFO:
529                 return rfcomm_get_dev_info(arg);
530         }
531
532         return -EINVAL;
533 }
534
535 /* ---- DLC callbacks ---- */
536 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
537 {
538         struct rfcomm_dev *dev = dlc->owner;
539         struct tty_struct *tty;
540
541         if (!dev || !(tty = dev->tty)) {
542                 kfree_skb(skb);
543                 return;
544         }
545
546         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
547
548         tty_insert_flip_string(tty, skb->data, skb->len);
549         tty_flip_buffer_push(tty);
550
551         kfree_skb(skb);
552 }
553
554 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
555 {
556         struct rfcomm_dev *dev = dlc->owner;
557         if (!dev)
558                 return;
559
560         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
561
562         dev->err = err;
563         wake_up_interruptible(&dev->wait);
564
565         if (dlc->state == BT_CLOSED) {
566                 if (!dev->tty) {
567                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
568                                 if (rfcomm_dev_get(dev->id) == NULL)
569                                         return;
570
571                                 rfcomm_dev_del(dev);
572                                 /* We have to drop DLC lock here, otherwise
573                                    rfcomm_dev_put() will dead lock if it's
574                                    the last reference. */
575                                 rfcomm_dlc_unlock(dlc);
576                                 rfcomm_dev_put(dev);
577                                 rfcomm_dlc_lock(dlc);
578                         }
579                 } else
580                         tty_hangup(dev->tty);
581         }
582 }
583
584 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
585 {
586         struct rfcomm_dev *dev = dlc->owner;
587         if (!dev)
588                 return;
589
590         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
591
592         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
593                 if (dev->tty && !C_CLOCAL(dev->tty))
594                         tty_hangup(dev->tty);
595         }
596
597         dev->modem_status =
598                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
599                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
600                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
601                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
602 }
603
604 /* ---- TTY functions ---- */
605 static void rfcomm_tty_wakeup(unsigned long arg)
606 {
607         struct rfcomm_dev *dev = (void *) arg;
608         struct tty_struct *tty = dev->tty;
609         if (!tty)
610                 return;
611
612         BT_DBG("dev %p tty %p", dev, tty);
613
614         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
615                 (tty->ldisc.write_wakeup)(tty);
616
617         wake_up_interruptible(&tty->write_wait);
618 #ifdef SERIAL_HAVE_POLL_WAIT
619         wake_up_interruptible(&tty->poll_wait);
620 #endif
621 }
622
623 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
624 {
625         DECLARE_WAITQUEUE(wait, current);
626         struct rfcomm_dev *dev;
627         struct rfcomm_dlc *dlc;
628         int err, id;
629
630         id = tty->index;
631
632         BT_DBG("tty %p id %d", tty, id);
633
634         /* We don't leak this refcount. For reasons which are not entirely
635            clear, the TTY layer will call our ->close() method even if the
636            open fails. We decrease the refcount there, and decreasing it
637            here too would cause breakage. */
638         dev = rfcomm_dev_get(id);
639         if (!dev)
640                 return -ENODEV;
641
642         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
643
644         if (dev->opened++ != 0)
645                 return 0;
646
647         dlc = dev->dlc;
648
649         /* Attach TTY and open DLC */
650
651         rfcomm_dlc_lock(dlc);
652         tty->driver_data = dev;
653         dev->tty = tty;
654         rfcomm_dlc_unlock(dlc);
655         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
656
657         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
658         if (err < 0)
659                 return err;
660
661         /* Wait for DLC to connect */
662         add_wait_queue(&dev->wait, &wait);
663         while (1) {
664                 set_current_state(TASK_INTERRUPTIBLE);
665
666                 if (dlc->state == BT_CLOSED) {
667                         err = -dev->err;
668                         break;
669                 }
670
671                 if (dlc->state == BT_CONNECTED)
672                         break;
673
674                 if (signal_pending(current)) {
675                         err = -EINTR;
676                         break;
677                 }
678
679                 schedule();
680         }
681         set_current_state(TASK_RUNNING);
682         remove_wait_queue(&dev->wait, &wait);
683
684         if (err == 0)
685                 device_move(dev->tty_dev, rfcomm_get_device(dev));
686
687         return err;
688 }
689
690 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
691 {
692         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
693         if (!dev)
694                 return;
695
696         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
697
698         if (--dev->opened == 0) {
699                 device_move(dev->tty_dev, NULL);
700
701                 /* Close DLC and dettach TTY */
702                 rfcomm_dlc_close(dev->dlc, 0);
703
704                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
705                 tasklet_kill(&dev->wakeup_task);
706
707                 rfcomm_dlc_lock(dev->dlc);
708                 tty->driver_data = NULL;
709                 dev->tty = NULL;
710                 rfcomm_dlc_unlock(dev->dlc);
711         }
712
713         rfcomm_dev_put(dev);
714 }
715
716 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
717 {
718         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
719         struct rfcomm_dlc *dlc = dev->dlc;
720         struct sk_buff *skb;
721         int err = 0, sent = 0, size;
722
723         BT_DBG("tty %p count %d", tty, count);
724
725         while (count) {
726                 size = min_t(uint, count, dlc->mtu);
727
728                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
729
730                 if (!skb)
731                         break;
732
733                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
734
735                 memcpy(skb_put(skb, size), buf + sent, size);
736
737                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
738                         kfree_skb(skb);
739                         break;
740                 }
741
742                 sent  += size;
743                 count -= size;
744         }
745
746         return sent ? sent : err;
747 }
748
749 static int rfcomm_tty_write_room(struct tty_struct *tty)
750 {
751         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
752         int room;
753
754         BT_DBG("tty %p", tty);
755
756         if (!dev || !dev->dlc)
757                 return 0;
758
759         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
760         if (room < 0)
761                 room = 0;
762
763         return room;
764 }
765
766 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
767 {
768         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
769
770         switch (cmd) {
771         case TCGETS:
772                 BT_DBG("TCGETS is not supported");
773                 return -ENOIOCTLCMD;
774
775         case TCSETS:
776                 BT_DBG("TCSETS is not supported");
777                 return -ENOIOCTLCMD;
778
779         case TIOCMIWAIT:
780                 BT_DBG("TIOCMIWAIT");
781                 break;
782
783         case TIOCGICOUNT:
784                 BT_DBG("TIOCGICOUNT");
785                 break;
786
787         case TIOCGSERIAL:
788                 BT_ERR("TIOCGSERIAL is not supported");
789                 return -ENOIOCTLCMD;
790
791         case TIOCSSERIAL:
792                 BT_ERR("TIOCSSERIAL is not supported");
793                 return -ENOIOCTLCMD;
794
795         case TIOCSERGSTRUCT:
796                 BT_ERR("TIOCSERGSTRUCT is not supported");
797                 return -ENOIOCTLCMD;
798
799         case TIOCSERGETLSR:
800                 BT_ERR("TIOCSERGETLSR is not supported");
801                 return -ENOIOCTLCMD;
802
803         case TIOCSERCONFIG:
804                 BT_ERR("TIOCSERCONFIG is not supported");
805                 return -ENOIOCTLCMD;
806
807         default:
808                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
809
810         }
811
812         return -ENOIOCTLCMD;
813 }
814
815 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
816 {
817         struct ktermios *new = tty->termios;
818         int old_baud_rate = tty_termios_baud_rate(old);
819         int new_baud_rate = tty_termios_baud_rate(new);
820
821         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
822         u16 changes = 0;
823
824         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
825
826         BT_DBG("tty %p termios %p", tty, old);
827
828         if (!dev || !dev->dlc || !dev->dlc->session)
829                 return;
830
831         /* Handle turning off CRTSCTS */
832         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
833                 BT_DBG("Turning off CRTSCTS unsupported");
834
835         /* Parity on/off and when on, odd/even */
836         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
837                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
838                 changes |= RFCOMM_RPN_PM_PARITY;
839                 BT_DBG("Parity change detected.");
840         }
841
842         /* Mark and space parity are not supported! */
843         if (new->c_cflag & PARENB) {
844                 if (new->c_cflag & PARODD) {
845                         BT_DBG("Parity is ODD");
846                         parity = RFCOMM_RPN_PARITY_ODD;
847                 } else {
848                         BT_DBG("Parity is EVEN");
849                         parity = RFCOMM_RPN_PARITY_EVEN;
850                 }
851         } else {
852                 BT_DBG("Parity is OFF");
853                 parity = RFCOMM_RPN_PARITY_NONE;
854         }
855
856         /* Setting the x_on / x_off characters */
857         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
858                 BT_DBG("XOFF custom");
859                 x_on = new->c_cc[VSTOP];
860                 changes |= RFCOMM_RPN_PM_XON;
861         } else {
862                 BT_DBG("XOFF default");
863                 x_on = RFCOMM_RPN_XON_CHAR;
864         }
865
866         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
867                 BT_DBG("XON custom");
868                 x_off = new->c_cc[VSTART];
869                 changes |= RFCOMM_RPN_PM_XOFF;
870         } else {
871                 BT_DBG("XON default");
872                 x_off = RFCOMM_RPN_XOFF_CHAR;
873         }
874
875         /* Handle setting of stop bits */
876         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
877                 changes |= RFCOMM_RPN_PM_STOP;
878
879         /* POSIX does not support 1.5 stop bits and RFCOMM does not
880          * support 2 stop bits. So a request for 2 stop bits gets
881          * translated to 1.5 stop bits */
882         if (new->c_cflag & CSTOPB) {
883                 stop_bits = RFCOMM_RPN_STOP_15;
884         } else {
885                 stop_bits = RFCOMM_RPN_STOP_1;
886         }
887
888         /* Handle number of data bits [5-8] */
889         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
890                 changes |= RFCOMM_RPN_PM_DATA;
891
892         switch (new->c_cflag & CSIZE) {
893         case CS5:
894                 data_bits = RFCOMM_RPN_DATA_5;
895                 break;
896         case CS6:
897                 data_bits = RFCOMM_RPN_DATA_6;
898                 break;
899         case CS7:
900                 data_bits = RFCOMM_RPN_DATA_7;
901                 break;
902         case CS8:
903                 data_bits = RFCOMM_RPN_DATA_8;
904                 break;
905         default:
906                 data_bits = RFCOMM_RPN_DATA_8;
907                 break;
908         }
909
910         /* Handle baudrate settings */
911         if (old_baud_rate != new_baud_rate)
912                 changes |= RFCOMM_RPN_PM_BITRATE;
913
914         switch (new_baud_rate) {
915         case 2400:
916                 baud = RFCOMM_RPN_BR_2400;
917                 break;
918         case 4800:
919                 baud = RFCOMM_RPN_BR_4800;
920                 break;
921         case 7200:
922                 baud = RFCOMM_RPN_BR_7200;
923                 break;
924         case 9600:
925                 baud = RFCOMM_RPN_BR_9600;
926                 break;
927         case 19200:
928                 baud = RFCOMM_RPN_BR_19200;
929                 break;
930         case 38400:
931                 baud = RFCOMM_RPN_BR_38400;
932                 break;
933         case 57600:
934                 baud = RFCOMM_RPN_BR_57600;
935                 break;
936         case 115200:
937                 baud = RFCOMM_RPN_BR_115200;
938                 break;
939         case 230400:
940                 baud = RFCOMM_RPN_BR_230400;
941                 break;
942         default:
943                 /* 9600 is standard accordinag to the RFCOMM specification */
944                 baud = RFCOMM_RPN_BR_9600;
945                 break;
946
947         }
948
949         if (changes)
950                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
951                                 data_bits, stop_bits, parity,
952                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
953
954         return;
955 }
956
957 static void rfcomm_tty_throttle(struct tty_struct *tty)
958 {
959         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
960
961         BT_DBG("tty %p dev %p", tty, dev);
962
963         rfcomm_dlc_throttle(dev->dlc);
964 }
965
966 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
967 {
968         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
969
970         BT_DBG("tty %p dev %p", tty, dev);
971
972         rfcomm_dlc_unthrottle(dev->dlc);
973 }
974
975 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
976 {
977         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
978
979         BT_DBG("tty %p dev %p", tty, dev);
980
981         if (!dev || !dev->dlc)
982                 return 0;
983
984         if (!skb_queue_empty(&dev->dlc->tx_queue))
985                 return dev->dlc->mtu;
986
987         return 0;
988 }
989
990 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
991 {
992         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
993
994         BT_DBG("tty %p dev %p", tty, dev);
995
996         if (!dev || !dev->dlc)
997                 return;
998
999         skb_queue_purge(&dev->dlc->tx_queue);
1000
1001         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
1002                 tty->ldisc.write_wakeup(tty);
1003 }
1004
1005 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1006 {
1007         BT_DBG("tty %p ch %c", tty, ch);
1008 }
1009
1010 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1011 {
1012         BT_DBG("tty %p timeout %d", tty, timeout);
1013 }
1014
1015 static void rfcomm_tty_hangup(struct tty_struct *tty)
1016 {
1017         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1018
1019         BT_DBG("tty %p dev %p", tty, dev);
1020
1021         if (!dev)
1022                 return;
1023
1024         rfcomm_tty_flush_buffer(tty);
1025
1026         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1027                 if (rfcomm_dev_get(dev->id) == NULL)
1028                         return;
1029                 rfcomm_dev_del(dev);
1030                 rfcomm_dev_put(dev);
1031         }
1032 }
1033
1034 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
1035 {
1036         return 0;
1037 }
1038
1039 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1040 {
1041         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1042
1043         BT_DBG("tty %p dev %p", tty, dev);
1044
1045         return dev->modem_status;
1046 }
1047
1048 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
1049 {
1050         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1051         struct rfcomm_dlc *dlc = dev->dlc;
1052         u8 v24_sig;
1053
1054         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1055
1056         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1057
1058         if (set & TIOCM_DSR || set & TIOCM_DTR)
1059                 v24_sig |= RFCOMM_V24_RTC;
1060         if (set & TIOCM_RTS || set & TIOCM_CTS)
1061                 v24_sig |= RFCOMM_V24_RTR;
1062         if (set & TIOCM_RI)
1063                 v24_sig |= RFCOMM_V24_IC;
1064         if (set & TIOCM_CD)
1065                 v24_sig |= RFCOMM_V24_DV;
1066
1067         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1068                 v24_sig &= ~RFCOMM_V24_RTC;
1069         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1070                 v24_sig &= ~RFCOMM_V24_RTR;
1071         if (clear & TIOCM_RI)
1072                 v24_sig &= ~RFCOMM_V24_IC;
1073         if (clear & TIOCM_CD)
1074                 v24_sig &= ~RFCOMM_V24_DV;
1075
1076         rfcomm_dlc_set_modem_status(dlc, v24_sig);
1077
1078         return 0;
1079 }
1080
1081 /* ---- TTY structure ---- */
1082
1083 static const struct tty_operations rfcomm_ops = {
1084         .open                   = rfcomm_tty_open,
1085         .close                  = rfcomm_tty_close,
1086         .write                  = rfcomm_tty_write,
1087         .write_room             = rfcomm_tty_write_room,
1088         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1089         .flush_buffer           = rfcomm_tty_flush_buffer,
1090         .ioctl                  = rfcomm_tty_ioctl,
1091         .throttle               = rfcomm_tty_throttle,
1092         .unthrottle             = rfcomm_tty_unthrottle,
1093         .set_termios            = rfcomm_tty_set_termios,
1094         .send_xchar             = rfcomm_tty_send_xchar,
1095         .hangup                 = rfcomm_tty_hangup,
1096         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1097         .read_proc              = rfcomm_tty_read_proc,
1098         .tiocmget               = rfcomm_tty_tiocmget,
1099         .tiocmset               = rfcomm_tty_tiocmset,
1100 };
1101
1102 int rfcomm_init_ttys(void)
1103 {
1104         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1105         if (!rfcomm_tty_driver)
1106                 return -1;
1107
1108         rfcomm_tty_driver->owner        = THIS_MODULE;
1109         rfcomm_tty_driver->driver_name  = "rfcomm";
1110         rfcomm_tty_driver->name         = "rfcomm";
1111         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1112         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1113         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1114         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1115         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1116         rfcomm_tty_driver->init_termios = tty_std_termios;
1117         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1118         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1119
1120         if (tty_register_driver(rfcomm_tty_driver)) {
1121                 BT_ERR("Can't register RFCOMM TTY driver");
1122                 put_tty_driver(rfcomm_tty_driver);
1123                 return -1;
1124         }
1125
1126         BT_INFO("RFCOMM TTY layer initialized");
1127
1128         return 0;
1129 }
1130
1131 void rfcomm_cleanup_ttys(void)
1132 {
1133         tty_unregister_driver(rfcomm_tty_driver);
1134         put_tty_driver(rfcomm_tty_driver);
1135 }