bt/rfcomm/tty: join error paths
[linux-2.6.git] / net / bluetooth / rfcomm / tty.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  */
27
28 #include <linux/module.h>
29
30 #include <linux/tty.h>
31 #include <linux/tty_driver.h>
32 #include <linux/tty_flip.h>
33
34 #include <linux/capability.h>
35 #include <linux/slab.h>
36 #include <linux/skbuff.h>
37
38 #include <net/bluetooth/bluetooth.h>
39 #include <net/bluetooth/hci_core.h>
40 #include <net/bluetooth/rfcomm.h>
41
42 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
43 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
44 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
45 #define RFCOMM_TTY_MINOR 0
46
47 static struct tty_driver *rfcomm_tty_driver;
48
49 struct rfcomm_dev {
50         struct list_head        list;
51         atomic_t                refcnt;
52
53         char                    name[12];
54         int                     id;
55         unsigned long           flags;
56         atomic_t                opened;
57         int                     err;
58
59         bdaddr_t                src;
60         bdaddr_t                dst;
61         u8                      channel;
62
63         uint                    modem_status;
64
65         struct rfcomm_dlc       *dlc;
66         struct tty_struct       *tty;
67         wait_queue_head_t       wait;
68         struct tasklet_struct   wakeup_task;
69
70         struct device           *tty_dev;
71
72         atomic_t                wmem_alloc;
73
74         struct sk_buff_head     pending;
75 };
76
77 static LIST_HEAD(rfcomm_dev_list);
78 static DEFINE_RWLOCK(rfcomm_dev_lock);
79
80 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
81 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
82 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
83
84 static void rfcomm_tty_wakeup(unsigned long arg);
85
86 /* ---- Device functions ---- */
87 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
88 {
89         struct rfcomm_dlc *dlc = dev->dlc;
90
91         BT_DBG("dev %p dlc %p", dev, dlc);
92
93         /* Refcount should only hit zero when called from rfcomm_dev_del()
94            which will have taken us off the list. Everything else are
95            refcounting bugs. */
96         BUG_ON(!list_empty(&dev->list));
97
98         rfcomm_dlc_lock(dlc);
99         /* Detach DLC if it's owned by this dev */
100         if (dlc->owner == dev)
101                 dlc->owner = NULL;
102         rfcomm_dlc_unlock(dlc);
103
104         rfcomm_dlc_put(dlc);
105
106         tty_unregister_device(rfcomm_tty_driver, dev->id);
107
108         kfree(dev);
109
110         /* It's safe to call module_put() here because socket still
111            holds reference to this module. */
112         module_put(THIS_MODULE);
113 }
114
115 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
116 {
117         atomic_inc(&dev->refcnt);
118 }
119
120 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
121 {
122         /* The reason this isn't actually a race, as you no
123            doubt have a little voice screaming at you in your
124            head, is that the refcount should never actually
125            reach zero unless the device has already been taken
126            off the list, in rfcomm_dev_del(). And if that's not
127            true, we'll hit the BUG() in rfcomm_dev_destruct()
128            anyway. */
129         if (atomic_dec_and_test(&dev->refcnt))
130                 rfcomm_dev_destruct(dev);
131 }
132
133 static struct rfcomm_dev *__rfcomm_dev_get(int id)
134 {
135         struct rfcomm_dev *dev;
136         struct list_head  *p;
137
138         list_for_each(p, &rfcomm_dev_list) {
139                 dev = list_entry(p, struct rfcomm_dev, list);
140                 if (dev->id == id)
141                         return dev;
142         }
143
144         return NULL;
145 }
146
147 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
148 {
149         struct rfcomm_dev *dev;
150
151         read_lock(&rfcomm_dev_lock);
152
153         dev = __rfcomm_dev_get(id);
154
155         if (dev) {
156                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
157                         dev = NULL;
158                 else
159                         rfcomm_dev_hold(dev);
160         }
161
162         read_unlock(&rfcomm_dev_lock);
163
164         return dev;
165 }
166
167 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
168 {
169         struct hci_dev *hdev;
170         struct hci_conn *conn;
171
172         hdev = hci_get_route(&dev->dst, &dev->src);
173         if (!hdev)
174                 return NULL;
175
176         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
177
178         hci_dev_put(hdev);
179
180         return conn ? &conn->dev : NULL;
181 }
182
183 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
184 {
185         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
186         bdaddr_t bdaddr;
187         baswap(&bdaddr, &dev->dst);
188         return sprintf(buf, "%s\n", batostr(&bdaddr));
189 }
190
191 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
192 {
193         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
194         return sprintf(buf, "%d\n", dev->channel);
195 }
196
197 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
198 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
199
200 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
201 {
202         struct rfcomm_dev *dev;
203         struct list_head *head = &rfcomm_dev_list, *p;
204         int err = 0;
205
206         BT_DBG("id %d channel %d", req->dev_id, req->channel);
207
208         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
209         if (!dev)
210                 return -ENOMEM;
211
212         write_lock_bh(&rfcomm_dev_lock);
213
214         if (req->dev_id < 0) {
215                 dev->id = 0;
216
217                 list_for_each(p, &rfcomm_dev_list) {
218                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
219                                 break;
220
221                         dev->id++;
222                         head = p;
223                 }
224         } else {
225                 dev->id = req->dev_id;
226
227                 list_for_each(p, &rfcomm_dev_list) {
228                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
229
230                         if (entry->id == dev->id) {
231                                 err = -EADDRINUSE;
232                                 goto out;
233                         }
234
235                         if (entry->id > dev->id - 1)
236                                 break;
237
238                         head = p;
239                 }
240         }
241
242         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
243                 err = -ENFILE;
244                 goto out;
245         }
246
247         sprintf(dev->name, "rfcomm%d", dev->id);
248
249         list_add(&dev->list, head);
250         atomic_set(&dev->refcnt, 1);
251
252         bacpy(&dev->src, &req->src);
253         bacpy(&dev->dst, &req->dst);
254         dev->channel = req->channel;
255
256         dev->flags = req->flags &
257                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
258
259         atomic_set(&dev->opened, 0);
260
261         init_waitqueue_head(&dev->wait);
262         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
263
264         skb_queue_head_init(&dev->pending);
265
266         rfcomm_dlc_lock(dlc);
267
268         if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
269                 struct sock *sk = dlc->owner;
270                 struct sk_buff *skb;
271
272                 BUG_ON(!sk);
273
274                 rfcomm_dlc_throttle(dlc);
275
276                 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
277                         skb_orphan(skb);
278                         skb_queue_tail(&dev->pending, skb);
279                         atomic_sub(skb->len, &sk->sk_rmem_alloc);
280                 }
281         }
282
283         dlc->data_ready   = rfcomm_dev_data_ready;
284         dlc->state_change = rfcomm_dev_state_change;
285         dlc->modem_status = rfcomm_dev_modem_status;
286
287         dlc->owner = dev;
288         dev->dlc   = dlc;
289
290         rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
291
292         rfcomm_dlc_unlock(dlc);
293
294         /* It's safe to call __module_get() here because socket already
295            holds reference to this module. */
296         __module_get(THIS_MODULE);
297
298 out:
299         write_unlock_bh(&rfcomm_dev_lock);
300
301         if (err < 0)
302                 goto free;
303
304         dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
305
306         if (IS_ERR(dev->tty_dev)) {
307                 err = PTR_ERR(dev->tty_dev);
308                 list_del(&dev->list);
309                 goto free;
310         }
311
312         dev_set_drvdata(dev->tty_dev, dev);
313
314         if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
315                 BT_ERR("Failed to create address attribute");
316
317         if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
318                 BT_ERR("Failed to create channel attribute");
319
320         return dev->id;
321
322 free:
323         kfree(dev);
324         return err;
325 }
326
327 static void rfcomm_dev_del(struct rfcomm_dev *dev)
328 {
329         BT_DBG("dev %p", dev);
330
331         BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
332
333         if (atomic_read(&dev->opened) > 0)
334                 return;
335
336         write_lock_bh(&rfcomm_dev_lock);
337         list_del_init(&dev->list);
338         write_unlock_bh(&rfcomm_dev_lock);
339
340         rfcomm_dev_put(dev);
341 }
342
343 /* ---- Send buffer ---- */
344 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
345 {
346         /* We can't let it be zero, because we don't get a callback
347            when tx_credits becomes nonzero, hence we'd never wake up */
348         return dlc->mtu * (dlc->tx_credits?:1);
349 }
350
351 static void rfcomm_wfree(struct sk_buff *skb)
352 {
353         struct rfcomm_dev *dev = (void *) skb->sk;
354         atomic_sub(skb->truesize, &dev->wmem_alloc);
355         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
356                 tasklet_schedule(&dev->wakeup_task);
357         rfcomm_dev_put(dev);
358 }
359
360 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
361 {
362         rfcomm_dev_hold(dev);
363         atomic_add(skb->truesize, &dev->wmem_alloc);
364         skb->sk = (void *) dev;
365         skb->destructor = rfcomm_wfree;
366 }
367
368 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
369 {
370         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
371                 struct sk_buff *skb = alloc_skb(size, priority);
372                 if (skb) {
373                         rfcomm_set_owner_w(skb, dev);
374                         return skb;
375                 }
376         }
377         return NULL;
378 }
379
380 /* ---- Device IOCTLs ---- */
381
382 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
383
384 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
385 {
386         struct rfcomm_dev_req req;
387         struct rfcomm_dlc *dlc;
388         int id;
389
390         if (copy_from_user(&req, arg, sizeof(req)))
391                 return -EFAULT;
392
393         BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
394
395         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
396                 return -EPERM;
397
398         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
399                 /* Socket must be connected */
400                 if (sk->sk_state != BT_CONNECTED)
401                         return -EBADFD;
402
403                 dlc = rfcomm_pi(sk)->dlc;
404                 rfcomm_dlc_hold(dlc);
405         } else {
406                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
407                 if (!dlc)
408                         return -ENOMEM;
409         }
410
411         id = rfcomm_dev_add(&req, dlc);
412         if (id < 0) {
413                 rfcomm_dlc_put(dlc);
414                 return id;
415         }
416
417         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
418                 /* DLC is now used by device.
419                  * Socket must be disconnected */
420                 sk->sk_state = BT_CLOSED;
421         }
422
423         return id;
424 }
425
426 static int rfcomm_release_dev(void __user *arg)
427 {
428         struct rfcomm_dev_req req;
429         struct rfcomm_dev *dev;
430
431         if (copy_from_user(&req, arg, sizeof(req)))
432                 return -EFAULT;
433
434         BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
435
436         if (!(dev = rfcomm_dev_get(req.dev_id)))
437                 return -ENODEV;
438
439         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
440                 rfcomm_dev_put(dev);
441                 return -EPERM;
442         }
443
444         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
445                 rfcomm_dlc_close(dev->dlc, 0);
446
447         /* Shut down TTY synchronously before freeing rfcomm_dev */
448         if (dev->tty)
449                 tty_vhangup(dev->tty);
450
451         if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
452                 rfcomm_dev_del(dev);
453         rfcomm_dev_put(dev);
454         return 0;
455 }
456
457 static int rfcomm_get_dev_list(void __user *arg)
458 {
459         struct rfcomm_dev_list_req *dl;
460         struct rfcomm_dev_info *di;
461         struct list_head *p;
462         int n = 0, size, err;
463         u16 dev_num;
464
465         BT_DBG("");
466
467         if (get_user(dev_num, (u16 __user *) arg))
468                 return -EFAULT;
469
470         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
471                 return -EINVAL;
472
473         size = sizeof(*dl) + dev_num * sizeof(*di);
474
475         if (!(dl = kmalloc(size, GFP_KERNEL)))
476                 return -ENOMEM;
477
478         di = dl->dev_info;
479
480         read_lock_bh(&rfcomm_dev_lock);
481
482         list_for_each(p, &rfcomm_dev_list) {
483                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
484                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
485                         continue;
486                 (di + n)->id      = dev->id;
487                 (di + n)->flags   = dev->flags;
488                 (di + n)->state   = dev->dlc->state;
489                 (di + n)->channel = dev->channel;
490                 bacpy(&(di + n)->src, &dev->src);
491                 bacpy(&(di + n)->dst, &dev->dst);
492                 if (++n >= dev_num)
493                         break;
494         }
495
496         read_unlock_bh(&rfcomm_dev_lock);
497
498         dl->dev_num = n;
499         size = sizeof(*dl) + n * sizeof(*di);
500
501         err = copy_to_user(arg, dl, size);
502         kfree(dl);
503
504         return err ? -EFAULT : 0;
505 }
506
507 static int rfcomm_get_dev_info(void __user *arg)
508 {
509         struct rfcomm_dev *dev;
510         struct rfcomm_dev_info di;
511         int err = 0;
512
513         BT_DBG("");
514
515         if (copy_from_user(&di, arg, sizeof(di)))
516                 return -EFAULT;
517
518         if (!(dev = rfcomm_dev_get(di.id)))
519                 return -ENODEV;
520
521         di.flags   = dev->flags;
522         di.channel = dev->channel;
523         di.state   = dev->dlc->state;
524         bacpy(&di.src, &dev->src);
525         bacpy(&di.dst, &dev->dst);
526
527         if (copy_to_user(arg, &di, sizeof(di)))
528                 err = -EFAULT;
529
530         rfcomm_dev_put(dev);
531         return err;
532 }
533
534 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
535 {
536         BT_DBG("cmd %d arg %p", cmd, arg);
537
538         switch (cmd) {
539         case RFCOMMCREATEDEV:
540                 return rfcomm_create_dev(sk, arg);
541
542         case RFCOMMRELEASEDEV:
543                 return rfcomm_release_dev(arg);
544
545         case RFCOMMGETDEVLIST:
546                 return rfcomm_get_dev_list(arg);
547
548         case RFCOMMGETDEVINFO:
549                 return rfcomm_get_dev_info(arg);
550         }
551
552         return -EINVAL;
553 }
554
555 /* ---- DLC callbacks ---- */
556 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
557 {
558         struct rfcomm_dev *dev = dlc->owner;
559         struct tty_struct *tty;
560
561         if (!dev) {
562                 kfree_skb(skb);
563                 return;
564         }
565
566         if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) {
567                 skb_queue_tail(&dev->pending, skb);
568                 return;
569         }
570
571         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
572
573         tty_insert_flip_string(tty, skb->data, skb->len);
574         tty_flip_buffer_push(tty);
575
576         kfree_skb(skb);
577 }
578
579 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
580 {
581         struct rfcomm_dev *dev = dlc->owner;
582         if (!dev)
583                 return;
584
585         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
586
587         dev->err = err;
588         wake_up_interruptible(&dev->wait);
589
590         if (dlc->state == BT_CLOSED) {
591                 if (!dev->tty) {
592                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
593                                 /* Drop DLC lock here to avoid deadlock
594                                  * 1. rfcomm_dev_get will take rfcomm_dev_lock
595                                  *    but in rfcomm_dev_add there's lock order:
596                                  *    rfcomm_dev_lock -> dlc lock
597                                  * 2. rfcomm_dev_put will deadlock if it's
598                                  *    the last reference
599                                  */
600                                 rfcomm_dlc_unlock(dlc);
601                                 if (rfcomm_dev_get(dev->id) == NULL) {
602                                         rfcomm_dlc_lock(dlc);
603                                         return;
604                                 }
605
606                                 rfcomm_dev_del(dev);
607                                 rfcomm_dev_put(dev);
608                                 rfcomm_dlc_lock(dlc);
609                         }
610                 } else
611                         tty_hangup(dev->tty);
612         }
613 }
614
615 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
616 {
617         struct rfcomm_dev *dev = dlc->owner;
618         if (!dev)
619                 return;
620
621         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
622
623         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
624                 if (dev->tty && !C_CLOCAL(dev->tty))
625                         tty_hangup(dev->tty);
626         }
627
628         dev->modem_status =
629                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
630                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
631                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
632                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
633 }
634
635 /* ---- TTY functions ---- */
636 static void rfcomm_tty_wakeup(unsigned long arg)
637 {
638         struct rfcomm_dev *dev = (void *) arg;
639         struct tty_struct *tty = dev->tty;
640         if (!tty)
641                 return;
642
643         BT_DBG("dev %p tty %p", dev, tty);
644         tty_wakeup(tty);
645 }
646
647 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
648 {
649         struct tty_struct *tty = dev->tty;
650         struct sk_buff *skb;
651         int inserted = 0;
652
653         if (!tty)
654                 return;
655
656         BT_DBG("dev %p tty %p", dev, tty);
657
658         rfcomm_dlc_lock(dev->dlc);
659
660         while ((skb = skb_dequeue(&dev->pending))) {
661                 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
662                 kfree_skb(skb);
663         }
664
665         rfcomm_dlc_unlock(dev->dlc);
666
667         if (inserted > 0)
668                 tty_flip_buffer_push(tty);
669 }
670
671 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
672 {
673         DECLARE_WAITQUEUE(wait, current);
674         struct rfcomm_dev *dev;
675         struct rfcomm_dlc *dlc;
676         int err, id;
677
678         id = tty->index;
679
680         BT_DBG("tty %p id %d", tty, id);
681
682         /* We don't leak this refcount. For reasons which are not entirely
683            clear, the TTY layer will call our ->close() method even if the
684            open fails. We decrease the refcount there, and decreasing it
685            here too would cause breakage. */
686         dev = rfcomm_dev_get(id);
687         if (!dev)
688                 return -ENODEV;
689
690         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
691                                 dev->channel, atomic_read(&dev->opened));
692
693         if (atomic_inc_return(&dev->opened) > 1)
694                 return 0;
695
696         dlc = dev->dlc;
697
698         /* Attach TTY and open DLC */
699
700         rfcomm_dlc_lock(dlc);
701         tty->driver_data = dev;
702         dev->tty = tty;
703         rfcomm_dlc_unlock(dlc);
704         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
705
706         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
707         if (err < 0)
708                 return err;
709
710         /* Wait for DLC to connect */
711         add_wait_queue(&dev->wait, &wait);
712         while (1) {
713                 set_current_state(TASK_INTERRUPTIBLE);
714
715                 if (dlc->state == BT_CLOSED) {
716                         err = -dev->err;
717                         break;
718                 }
719
720                 if (dlc->state == BT_CONNECTED)
721                         break;
722
723                 if (signal_pending(current)) {
724                         err = -EINTR;
725                         break;
726                 }
727
728                 schedule();
729         }
730         set_current_state(TASK_RUNNING);
731         remove_wait_queue(&dev->wait, &wait);
732
733         if (err == 0)
734                 device_move(dev->tty_dev, rfcomm_get_device(dev));
735
736         rfcomm_tty_copy_pending(dev);
737
738         rfcomm_dlc_unthrottle(dev->dlc);
739
740         return err;
741 }
742
743 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
744 {
745         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
746         if (!dev)
747                 return;
748
749         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
750                                                 atomic_read(&dev->opened));
751
752         if (atomic_dec_and_test(&dev->opened)) {
753                 if (dev->tty_dev->parent)
754                         device_move(dev->tty_dev, NULL);
755
756                 /* Close DLC and dettach TTY */
757                 rfcomm_dlc_close(dev->dlc, 0);
758
759                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
760                 tasklet_kill(&dev->wakeup_task);
761
762                 rfcomm_dlc_lock(dev->dlc);
763                 tty->driver_data = NULL;
764                 dev->tty = NULL;
765                 rfcomm_dlc_unlock(dev->dlc);
766
767                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
768                         write_lock_bh(&rfcomm_dev_lock);
769                         list_del_init(&dev->list);
770                         write_unlock_bh(&rfcomm_dev_lock);
771
772                         rfcomm_dev_put(dev);
773                 }
774         }
775
776         rfcomm_dev_put(dev);
777 }
778
779 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
780 {
781         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
782         struct rfcomm_dlc *dlc = dev->dlc;
783         struct sk_buff *skb;
784         int err = 0, sent = 0, size;
785
786         BT_DBG("tty %p count %d", tty, count);
787
788         while (count) {
789                 size = min_t(uint, count, dlc->mtu);
790
791                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
792
793                 if (!skb)
794                         break;
795
796                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
797
798                 memcpy(skb_put(skb, size), buf + sent, size);
799
800                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
801                         kfree_skb(skb);
802                         break;
803                 }
804
805                 sent  += size;
806                 count -= size;
807         }
808
809         return sent ? sent : err;
810 }
811
812 static int rfcomm_tty_write_room(struct tty_struct *tty)
813 {
814         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
815         int room;
816
817         BT_DBG("tty %p", tty);
818
819         if (!dev || !dev->dlc)
820                 return 0;
821
822         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
823         if (room < 0)
824                 room = 0;
825
826         return room;
827 }
828
829 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
830 {
831         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
832
833         switch (cmd) {
834         case TCGETS:
835                 BT_DBG("TCGETS is not supported");
836                 return -ENOIOCTLCMD;
837
838         case TCSETS:
839                 BT_DBG("TCSETS is not supported");
840                 return -ENOIOCTLCMD;
841
842         case TIOCMIWAIT:
843                 BT_DBG("TIOCMIWAIT");
844                 break;
845
846         case TIOCGICOUNT:
847                 BT_DBG("TIOCGICOUNT");
848                 break;
849
850         case TIOCGSERIAL:
851                 BT_ERR("TIOCGSERIAL is not supported");
852                 return -ENOIOCTLCMD;
853
854         case TIOCSSERIAL:
855                 BT_ERR("TIOCSSERIAL is not supported");
856                 return -ENOIOCTLCMD;
857
858         case TIOCSERGSTRUCT:
859                 BT_ERR("TIOCSERGSTRUCT is not supported");
860                 return -ENOIOCTLCMD;
861
862         case TIOCSERGETLSR:
863                 BT_ERR("TIOCSERGETLSR is not supported");
864                 return -ENOIOCTLCMD;
865
866         case TIOCSERCONFIG:
867                 BT_ERR("TIOCSERCONFIG is not supported");
868                 return -ENOIOCTLCMD;
869
870         default:
871                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
872
873         }
874
875         return -ENOIOCTLCMD;
876 }
877
878 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
879 {
880         struct ktermios *new = tty->termios;
881         int old_baud_rate = tty_termios_baud_rate(old);
882         int new_baud_rate = tty_termios_baud_rate(new);
883
884         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
885         u16 changes = 0;
886
887         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
888
889         BT_DBG("tty %p termios %p", tty, old);
890
891         if (!dev || !dev->dlc || !dev->dlc->session)
892                 return;
893
894         /* Handle turning off CRTSCTS */
895         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
896                 BT_DBG("Turning off CRTSCTS unsupported");
897
898         /* Parity on/off and when on, odd/even */
899         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
900                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
901                 changes |= RFCOMM_RPN_PM_PARITY;
902                 BT_DBG("Parity change detected.");
903         }
904
905         /* Mark and space parity are not supported! */
906         if (new->c_cflag & PARENB) {
907                 if (new->c_cflag & PARODD) {
908                         BT_DBG("Parity is ODD");
909                         parity = RFCOMM_RPN_PARITY_ODD;
910                 } else {
911                         BT_DBG("Parity is EVEN");
912                         parity = RFCOMM_RPN_PARITY_EVEN;
913                 }
914         } else {
915                 BT_DBG("Parity is OFF");
916                 parity = RFCOMM_RPN_PARITY_NONE;
917         }
918
919         /* Setting the x_on / x_off characters */
920         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
921                 BT_DBG("XOFF custom");
922                 x_on = new->c_cc[VSTOP];
923                 changes |= RFCOMM_RPN_PM_XON;
924         } else {
925                 BT_DBG("XOFF default");
926                 x_on = RFCOMM_RPN_XON_CHAR;
927         }
928
929         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
930                 BT_DBG("XON custom");
931                 x_off = new->c_cc[VSTART];
932                 changes |= RFCOMM_RPN_PM_XOFF;
933         } else {
934                 BT_DBG("XON default");
935                 x_off = RFCOMM_RPN_XOFF_CHAR;
936         }
937
938         /* Handle setting of stop bits */
939         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
940                 changes |= RFCOMM_RPN_PM_STOP;
941
942         /* POSIX does not support 1.5 stop bits and RFCOMM does not
943          * support 2 stop bits. So a request for 2 stop bits gets
944          * translated to 1.5 stop bits */
945         if (new->c_cflag & CSTOPB) {
946                 stop_bits = RFCOMM_RPN_STOP_15;
947         } else {
948                 stop_bits = RFCOMM_RPN_STOP_1;
949         }
950
951         /* Handle number of data bits [5-8] */
952         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
953                 changes |= RFCOMM_RPN_PM_DATA;
954
955         switch (new->c_cflag & CSIZE) {
956         case CS5:
957                 data_bits = RFCOMM_RPN_DATA_5;
958                 break;
959         case CS6:
960                 data_bits = RFCOMM_RPN_DATA_6;
961                 break;
962         case CS7:
963                 data_bits = RFCOMM_RPN_DATA_7;
964                 break;
965         case CS8:
966                 data_bits = RFCOMM_RPN_DATA_8;
967                 break;
968         default:
969                 data_bits = RFCOMM_RPN_DATA_8;
970                 break;
971         }
972
973         /* Handle baudrate settings */
974         if (old_baud_rate != new_baud_rate)
975                 changes |= RFCOMM_RPN_PM_BITRATE;
976
977         switch (new_baud_rate) {
978         case 2400:
979                 baud = RFCOMM_RPN_BR_2400;
980                 break;
981         case 4800:
982                 baud = RFCOMM_RPN_BR_4800;
983                 break;
984         case 7200:
985                 baud = RFCOMM_RPN_BR_7200;
986                 break;
987         case 9600:
988                 baud = RFCOMM_RPN_BR_9600;
989                 break;
990         case 19200:
991                 baud = RFCOMM_RPN_BR_19200;
992                 break;
993         case 38400:
994                 baud = RFCOMM_RPN_BR_38400;
995                 break;
996         case 57600:
997                 baud = RFCOMM_RPN_BR_57600;
998                 break;
999         case 115200:
1000                 baud = RFCOMM_RPN_BR_115200;
1001                 break;
1002         case 230400:
1003                 baud = RFCOMM_RPN_BR_230400;
1004                 break;
1005         default:
1006                 /* 9600 is standard accordinag to the RFCOMM specification */
1007                 baud = RFCOMM_RPN_BR_9600;
1008                 break;
1009
1010         }
1011
1012         if (changes)
1013                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
1014                                 data_bits, stop_bits, parity,
1015                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
1016
1017         return;
1018 }
1019
1020 static void rfcomm_tty_throttle(struct tty_struct *tty)
1021 {
1022         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1023
1024         BT_DBG("tty %p dev %p", tty, dev);
1025
1026         rfcomm_dlc_throttle(dev->dlc);
1027 }
1028
1029 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
1030 {
1031         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1032
1033         BT_DBG("tty %p dev %p", tty, dev);
1034
1035         rfcomm_dlc_unthrottle(dev->dlc);
1036 }
1037
1038 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
1039 {
1040         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1041
1042         BT_DBG("tty %p dev %p", tty, dev);
1043
1044         if (!dev || !dev->dlc)
1045                 return 0;
1046
1047         if (!skb_queue_empty(&dev->dlc->tx_queue))
1048                 return dev->dlc->mtu;
1049
1050         return 0;
1051 }
1052
1053 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
1054 {
1055         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1056
1057         BT_DBG("tty %p dev %p", tty, dev);
1058
1059         if (!dev || !dev->dlc)
1060                 return;
1061
1062         skb_queue_purge(&dev->dlc->tx_queue);
1063         tty_wakeup(tty);
1064 }
1065
1066 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1067 {
1068         BT_DBG("tty %p ch %c", tty, ch);
1069 }
1070
1071 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1072 {
1073         BT_DBG("tty %p timeout %d", tty, timeout);
1074 }
1075
1076 static void rfcomm_tty_hangup(struct tty_struct *tty)
1077 {
1078         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1079
1080         BT_DBG("tty %p dev %p", tty, dev);
1081
1082         if (!dev)
1083                 return;
1084
1085         rfcomm_tty_flush_buffer(tty);
1086
1087         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1088                 if (rfcomm_dev_get(dev->id) == NULL)
1089                         return;
1090                 rfcomm_dev_del(dev);
1091                 rfcomm_dev_put(dev);
1092         }
1093 }
1094
1095 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
1096 {
1097         return 0;
1098 }
1099
1100 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1101 {
1102         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1103
1104         BT_DBG("tty %p dev %p", tty, dev);
1105
1106         return dev->modem_status;
1107 }
1108
1109 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
1110 {
1111         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1112         struct rfcomm_dlc *dlc = dev->dlc;
1113         u8 v24_sig;
1114
1115         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1116
1117         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1118
1119         if (set & TIOCM_DSR || set & TIOCM_DTR)
1120                 v24_sig |= RFCOMM_V24_RTC;
1121         if (set & TIOCM_RTS || set & TIOCM_CTS)
1122                 v24_sig |= RFCOMM_V24_RTR;
1123         if (set & TIOCM_RI)
1124                 v24_sig |= RFCOMM_V24_IC;
1125         if (set & TIOCM_CD)
1126                 v24_sig |= RFCOMM_V24_DV;
1127
1128         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1129                 v24_sig &= ~RFCOMM_V24_RTC;
1130         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1131                 v24_sig &= ~RFCOMM_V24_RTR;
1132         if (clear & TIOCM_RI)
1133                 v24_sig &= ~RFCOMM_V24_IC;
1134         if (clear & TIOCM_CD)
1135                 v24_sig &= ~RFCOMM_V24_DV;
1136
1137         rfcomm_dlc_set_modem_status(dlc, v24_sig);
1138
1139         return 0;
1140 }
1141
1142 /* ---- TTY structure ---- */
1143
1144 static const struct tty_operations rfcomm_ops = {
1145         .open                   = rfcomm_tty_open,
1146         .close                  = rfcomm_tty_close,
1147         .write                  = rfcomm_tty_write,
1148         .write_room             = rfcomm_tty_write_room,
1149         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1150         .flush_buffer           = rfcomm_tty_flush_buffer,
1151         .ioctl                  = rfcomm_tty_ioctl,
1152         .throttle               = rfcomm_tty_throttle,
1153         .unthrottle             = rfcomm_tty_unthrottle,
1154         .set_termios            = rfcomm_tty_set_termios,
1155         .send_xchar             = rfcomm_tty_send_xchar,
1156         .hangup                 = rfcomm_tty_hangup,
1157         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1158         .read_proc              = rfcomm_tty_read_proc,
1159         .tiocmget               = rfcomm_tty_tiocmget,
1160         .tiocmset               = rfcomm_tty_tiocmset,
1161 };
1162
1163 int rfcomm_init_ttys(void)
1164 {
1165         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1166         if (!rfcomm_tty_driver)
1167                 return -1;
1168
1169         rfcomm_tty_driver->owner        = THIS_MODULE;
1170         rfcomm_tty_driver->driver_name  = "rfcomm";
1171         rfcomm_tty_driver->name         = "rfcomm";
1172         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1173         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1174         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1175         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1176         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1177         rfcomm_tty_driver->init_termios = tty_std_termios;
1178         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1179         rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1180         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1181
1182         if (tty_register_driver(rfcomm_tty_driver)) {
1183                 BT_ERR("Can't register RFCOMM TTY driver");
1184                 put_tty_driver(rfcomm_tty_driver);
1185                 return -1;
1186         }
1187
1188         BT_INFO("RFCOMM TTY layer initialized");
1189
1190         return 0;
1191 }
1192
1193 void rfcomm_cleanup_ttys(void)
1194 {
1195         tty_unregister_driver(rfcomm_tty_driver);
1196         put_tty_driver(rfcomm_tty_driver);
1197 }