Merge git://oss.sgi.com:8090/xfs/xfs-2.6
[linux-drm-fsl-dcu.git] / net / bluetooth / rfcomm / tty.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  *
27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28  */
29
30 #include <linux/module.h>
31
32 #include <linux/tty.h>
33 #include <linux/tty_driver.h>
34 #include <linux/tty_flip.h>
35
36 #include <linux/capability.h>
37 #include <linux/slab.h>
38 #include <linux/skbuff.h>
39
40 #include <net/bluetooth/bluetooth.h>
41 #include <net/bluetooth/hci_core.h>
42 #include <net/bluetooth/rfcomm.h>
43
44 #ifndef CONFIG_BT_RFCOMM_DEBUG
45 #undef  BT_DBG
46 #define BT_DBG(D...)
47 #endif
48
49 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
51 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
52 #define RFCOMM_TTY_MINOR 0
53
54 static struct tty_driver *rfcomm_tty_driver;
55
56 struct rfcomm_dev {
57         struct list_head        list;
58         atomic_t                refcnt;
59
60         char                    name[12];
61         int                     id;
62         unsigned long           flags;
63         int                     opened;
64         int                     err;
65
66         bdaddr_t                src;
67         bdaddr_t                dst;
68         u8                      channel;
69
70         uint                    modem_status;
71
72         struct rfcomm_dlc       *dlc;
73         struct tty_struct       *tty;
74         wait_queue_head_t       wait;
75         struct tasklet_struct   wakeup_task;
76
77         atomic_t                wmem_alloc;
78 };
79
80 static LIST_HEAD(rfcomm_dev_list);
81 static DEFINE_RWLOCK(rfcomm_dev_lock);
82
83 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
84 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
85 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
86
87 static void rfcomm_tty_wakeup(unsigned long arg);
88
89 /* ---- Device functions ---- */
90 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
91 {
92         struct rfcomm_dlc *dlc = dev->dlc;
93
94         BT_DBG("dev %p dlc %p", dev, dlc);
95
96         rfcomm_dlc_lock(dlc);
97         /* Detach DLC if it's owned by this dev */
98         if (dlc->owner == dev)
99                 dlc->owner = NULL;
100         rfcomm_dlc_unlock(dlc);
101
102         rfcomm_dlc_put(dlc);
103
104         tty_unregister_device(rfcomm_tty_driver, dev->id);
105
106         /* Refcount should only hit zero when called from rfcomm_dev_del()
107            which will have taken us off the list. Everything else are
108            refcounting bugs. */
109         BUG_ON(!list_empty(&dev->list));
110
111         kfree(dev);
112
113         /* It's safe to call module_put() here because socket still
114            holds reference to this module. */
115         module_put(THIS_MODULE);
116 }
117
118 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
119 {
120         atomic_inc(&dev->refcnt);
121 }
122
123 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
124 {
125         /* The reason this isn't actually a race, as you no
126            doubt have a little voice screaming at you in your
127            head, is that the refcount should never actually
128            reach zero unless the device has already been taken
129            off the list, in rfcomm_dev_del(). And if that's not
130            true, we'll hit the BUG() in rfcomm_dev_destruct()
131            anyway. */
132         if (atomic_dec_and_test(&dev->refcnt))
133                 rfcomm_dev_destruct(dev);
134 }
135
136 static struct rfcomm_dev *__rfcomm_dev_get(int id)
137 {
138         struct rfcomm_dev *dev;
139         struct list_head  *p;
140
141         list_for_each(p, &rfcomm_dev_list) {
142                 dev = list_entry(p, struct rfcomm_dev, list);
143                 if (dev->id == id)
144                         return dev;
145         }
146
147         return NULL;
148 }
149
150 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
151 {
152         struct rfcomm_dev *dev;
153
154         read_lock(&rfcomm_dev_lock);
155
156         dev = __rfcomm_dev_get(id);
157         if (dev)
158                 rfcomm_dev_hold(dev);
159
160         read_unlock(&rfcomm_dev_lock);
161
162         return dev;
163 }
164
165 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
166 {
167         struct hci_dev *hdev;
168         struct hci_conn *conn;
169
170         hdev = hci_get_route(&dev->dst, &dev->src);
171         if (!hdev)
172                 return NULL;
173
174         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
175
176         hci_dev_put(hdev);
177
178         return conn ? &conn->dev : NULL;
179 }
180
181 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
182 {
183         struct rfcomm_dev *dev;
184         struct list_head *head = &rfcomm_dev_list, *p;
185         int err = 0;
186
187         BT_DBG("id %d channel %d", req->dev_id, req->channel);
188
189         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
190         if (!dev)
191                 return -ENOMEM;
192
193         write_lock_bh(&rfcomm_dev_lock);
194
195         if (req->dev_id < 0) {
196                 dev->id = 0;
197
198                 list_for_each(p, &rfcomm_dev_list) {
199                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
200                                 break;
201
202                         dev->id++;
203                         head = p;
204                 }
205         } else {
206                 dev->id = req->dev_id;
207
208                 list_for_each(p, &rfcomm_dev_list) {
209                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
210
211                         if (entry->id == dev->id) {
212                                 err = -EADDRINUSE;
213                                 goto out;
214                         }
215
216                         if (entry->id > dev->id - 1)
217                                 break;
218
219                         head = p;
220                 }
221         }
222
223         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
224                 err = -ENFILE;
225                 goto out;
226         }
227
228         sprintf(dev->name, "rfcomm%d", dev->id);
229
230         list_add(&dev->list, head);
231         atomic_set(&dev->refcnt, 1);
232
233         bacpy(&dev->src, &req->src);
234         bacpy(&dev->dst, &req->dst);
235         dev->channel = req->channel;
236
237         dev->flags = req->flags &
238                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
239
240         init_waitqueue_head(&dev->wait);
241         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
242
243         rfcomm_dlc_lock(dlc);
244         dlc->data_ready   = rfcomm_dev_data_ready;
245         dlc->state_change = rfcomm_dev_state_change;
246         dlc->modem_status = rfcomm_dev_modem_status;
247
248         dlc->owner = dev;
249         dev->dlc   = dlc;
250         rfcomm_dlc_unlock(dlc);
251
252         /* It's safe to call __module_get() here because socket already
253            holds reference to this module. */
254         __module_get(THIS_MODULE);
255
256 out:
257         write_unlock_bh(&rfcomm_dev_lock);
258
259         if (err) {
260                 kfree(dev);
261                 return err;
262         }
263
264         tty_register_device(rfcomm_tty_driver, dev->id, rfcomm_get_device(dev));
265
266         return dev->id;
267 }
268
269 static void rfcomm_dev_del(struct rfcomm_dev *dev)
270 {
271         BT_DBG("dev %p", dev);
272
273         write_lock_bh(&rfcomm_dev_lock);
274         list_del_init(&dev->list);
275         write_unlock_bh(&rfcomm_dev_lock);
276
277         rfcomm_dev_put(dev);
278 }
279
280 /* ---- Send buffer ---- */
281 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
282 {
283         /* We can't let it be zero, because we don't get a callback
284            when tx_credits becomes nonzero, hence we'd never wake up */
285         return dlc->mtu * (dlc->tx_credits?:1);
286 }
287
288 static void rfcomm_wfree(struct sk_buff *skb)
289 {
290         struct rfcomm_dev *dev = (void *) skb->sk;
291         atomic_sub(skb->truesize, &dev->wmem_alloc);
292         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
293                 tasklet_schedule(&dev->wakeup_task);
294         rfcomm_dev_put(dev);
295 }
296
297 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
298 {
299         rfcomm_dev_hold(dev);
300         atomic_add(skb->truesize, &dev->wmem_alloc);
301         skb->sk = (void *) dev;
302         skb->destructor = rfcomm_wfree;
303 }
304
305 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
306 {
307         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
308                 struct sk_buff *skb = alloc_skb(size, priority);
309                 if (skb) {
310                         rfcomm_set_owner_w(skb, dev);
311                         return skb;
312                 }
313         }
314         return NULL;
315 }
316
317 /* ---- Device IOCTLs ---- */
318
319 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
320
321 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
322 {
323         struct rfcomm_dev_req req;
324         struct rfcomm_dlc *dlc;
325         int id;
326
327         if (copy_from_user(&req, arg, sizeof(req)))
328                 return -EFAULT;
329
330         BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
331
332         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
333                 return -EPERM;
334
335         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
336                 /* Socket must be connected */
337                 if (sk->sk_state != BT_CONNECTED)
338                         return -EBADFD;
339
340                 dlc = rfcomm_pi(sk)->dlc;
341                 rfcomm_dlc_hold(dlc);
342         } else {
343                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
344                 if (!dlc)
345                         return -ENOMEM;
346         }
347
348         id = rfcomm_dev_add(&req, dlc);
349         if (id < 0) {
350                 rfcomm_dlc_put(dlc);
351                 return id;
352         }
353
354         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
355                 /* DLC is now used by device.
356                  * Socket must be disconnected */
357                 sk->sk_state = BT_CLOSED;
358         }
359
360         return id;
361 }
362
363 static int rfcomm_release_dev(void __user *arg)
364 {
365         struct rfcomm_dev_req req;
366         struct rfcomm_dev *dev;
367
368         if (copy_from_user(&req, arg, sizeof(req)))
369                 return -EFAULT;
370
371         BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
372
373         if (!(dev = rfcomm_dev_get(req.dev_id)))
374                 return -ENODEV;
375
376         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
377                 rfcomm_dev_put(dev);
378                 return -EPERM;
379         }
380
381         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
382                 rfcomm_dlc_close(dev->dlc, 0);
383
384         rfcomm_dev_del(dev);
385         rfcomm_dev_put(dev);
386         return 0;
387 }
388
389 static int rfcomm_get_dev_list(void __user *arg)
390 {
391         struct rfcomm_dev_list_req *dl;
392         struct rfcomm_dev_info *di;
393         struct list_head *p;
394         int n = 0, size, err;
395         u16 dev_num;
396
397         BT_DBG("");
398
399         if (get_user(dev_num, (u16 __user *) arg))
400                 return -EFAULT;
401
402         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
403                 return -EINVAL;
404
405         size = sizeof(*dl) + dev_num * sizeof(*di);
406
407         if (!(dl = kmalloc(size, GFP_KERNEL)))
408                 return -ENOMEM;
409
410         di = dl->dev_info;
411
412         read_lock_bh(&rfcomm_dev_lock);
413
414         list_for_each(p, &rfcomm_dev_list) {
415                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
416                 (di + n)->id      = dev->id;
417                 (di + n)->flags   = dev->flags;
418                 (di + n)->state   = dev->dlc->state;
419                 (di + n)->channel = dev->channel;
420                 bacpy(&(di + n)->src, &dev->src);
421                 bacpy(&(di + n)->dst, &dev->dst);
422                 if (++n >= dev_num)
423                         break;
424         }
425
426         read_unlock_bh(&rfcomm_dev_lock);
427
428         dl->dev_num = n;
429         size = sizeof(*dl) + n * sizeof(*di);
430
431         err = copy_to_user(arg, dl, size);
432         kfree(dl);
433
434         return err ? -EFAULT : 0;
435 }
436
437 static int rfcomm_get_dev_info(void __user *arg)
438 {
439         struct rfcomm_dev *dev;
440         struct rfcomm_dev_info di;
441         int err = 0;
442
443         BT_DBG("");
444
445         if (copy_from_user(&di, arg, sizeof(di)))
446                 return -EFAULT;
447
448         if (!(dev = rfcomm_dev_get(di.id)))
449                 return -ENODEV;
450
451         di.flags   = dev->flags;
452         di.channel = dev->channel;
453         di.state   = dev->dlc->state;
454         bacpy(&di.src, &dev->src);
455         bacpy(&di.dst, &dev->dst);
456
457         if (copy_to_user(arg, &di, sizeof(di)))
458                 err = -EFAULT;
459
460         rfcomm_dev_put(dev);
461         return err;
462 }
463
464 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
465 {
466         BT_DBG("cmd %d arg %p", cmd, arg);
467
468         switch (cmd) {
469         case RFCOMMCREATEDEV:
470                 return rfcomm_create_dev(sk, arg);
471
472         case RFCOMMRELEASEDEV:
473                 return rfcomm_release_dev(arg);
474
475         case RFCOMMGETDEVLIST:
476                 return rfcomm_get_dev_list(arg);
477
478         case RFCOMMGETDEVINFO:
479                 return rfcomm_get_dev_info(arg);
480         }
481
482         return -EINVAL;
483 }
484
485 /* ---- DLC callbacks ---- */
486 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
487 {
488         struct rfcomm_dev *dev = dlc->owner;
489         struct tty_struct *tty;
490
491         if (!dev || !(tty = dev->tty)) {
492                 kfree_skb(skb);
493                 return;
494         }
495
496         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
497
498         tty_insert_flip_string(tty, skb->data, skb->len);
499         tty_flip_buffer_push(tty);
500
501         kfree_skb(skb);
502 }
503
504 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
505 {
506         struct rfcomm_dev *dev = dlc->owner;
507         if (!dev)
508                 return;
509
510         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
511
512         dev->err = err;
513         wake_up_interruptible(&dev->wait);
514
515         if (dlc->state == BT_CLOSED) {
516                 if (!dev->tty) {
517                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
518                                 rfcomm_dev_hold(dev);
519                                 rfcomm_dev_del(dev);
520
521                                 /* We have to drop DLC lock here, otherwise
522                                    rfcomm_dev_put() will dead lock if it's
523                                    the last reference. */
524                                 rfcomm_dlc_unlock(dlc);
525                                 rfcomm_dev_put(dev);
526                                 rfcomm_dlc_lock(dlc);
527                         }
528                 } else
529                         tty_hangup(dev->tty);
530         }
531 }
532
533 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
534 {
535         struct rfcomm_dev *dev = dlc->owner;
536         if (!dev)
537                 return;
538
539         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
540
541         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
542                 if (dev->tty && !C_CLOCAL(dev->tty))
543                         tty_hangup(dev->tty);
544         }
545
546         dev->modem_status =
547                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
548                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
549                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
550                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
551 }
552
553 /* ---- TTY functions ---- */
554 static void rfcomm_tty_wakeup(unsigned long arg)
555 {
556         struct rfcomm_dev *dev = (void *) arg;
557         struct tty_struct *tty = dev->tty;
558         if (!tty)
559                 return;
560
561         BT_DBG("dev %p tty %p", dev, tty);
562
563         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
564                 (tty->ldisc.write_wakeup)(tty);
565
566         wake_up_interruptible(&tty->write_wait);
567 #ifdef SERIAL_HAVE_POLL_WAIT
568         wake_up_interruptible(&tty->poll_wait);
569 #endif
570 }
571
572 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
573 {
574         DECLARE_WAITQUEUE(wait, current);
575         struct rfcomm_dev *dev;
576         struct rfcomm_dlc *dlc;
577         int err, id;
578
579         id = tty->index;
580
581         BT_DBG("tty %p id %d", tty, id);
582
583         /* We don't leak this refcount. For reasons which are not entirely
584            clear, the TTY layer will call our ->close() method even if the
585            open fails. We decrease the refcount there, and decreasing it
586            here too would cause breakage. */
587         dev = rfcomm_dev_get(id);
588         if (!dev)
589                 return -ENODEV;
590
591         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
592
593         if (dev->opened++ != 0)
594                 return 0;
595
596         dlc = dev->dlc;
597
598         /* Attach TTY and open DLC */
599
600         rfcomm_dlc_lock(dlc);
601         tty->driver_data = dev;
602         dev->tty = tty;
603         rfcomm_dlc_unlock(dlc);
604         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
605
606         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
607         if (err < 0)
608                 return err;
609
610         /* Wait for DLC to connect */
611         add_wait_queue(&dev->wait, &wait);
612         while (1) {
613                 set_current_state(TASK_INTERRUPTIBLE);
614
615                 if (dlc->state == BT_CLOSED) {
616                         err = -dev->err;
617                         break;
618                 }
619
620                 if (dlc->state == BT_CONNECTED)
621                         break;
622
623                 if (signal_pending(current)) {
624                         err = -EINTR;
625                         break;
626                 }
627
628                 schedule();
629         }
630         set_current_state(TASK_RUNNING);
631         remove_wait_queue(&dev->wait, &wait);
632
633         return err;
634 }
635
636 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
637 {
638         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
639         if (!dev)
640                 return;
641
642         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
643
644         if (--dev->opened == 0) {
645                 /* Close DLC and dettach TTY */
646                 rfcomm_dlc_close(dev->dlc, 0);
647
648                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
649                 tasklet_kill(&dev->wakeup_task);
650
651                 rfcomm_dlc_lock(dev->dlc);
652                 tty->driver_data = NULL;
653                 dev->tty = NULL;
654                 rfcomm_dlc_unlock(dev->dlc);
655         }
656
657         rfcomm_dev_put(dev);
658 }
659
660 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
661 {
662         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
663         struct rfcomm_dlc *dlc = dev->dlc;
664         struct sk_buff *skb;
665         int err = 0, sent = 0, size;
666
667         BT_DBG("tty %p count %d", tty, count);
668
669         while (count) {
670                 size = min_t(uint, count, dlc->mtu);
671
672                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
673
674                 if (!skb)
675                         break;
676
677                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
678
679                 memcpy(skb_put(skb, size), buf + sent, size);
680
681                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
682                         kfree_skb(skb);
683                         break;
684                 }
685
686                 sent  += size;
687                 count -= size;
688         }
689
690         return sent ? sent : err;
691 }
692
693 static int rfcomm_tty_write_room(struct tty_struct *tty)
694 {
695         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
696         int room;
697
698         BT_DBG("tty %p", tty);
699
700         if (!dev || !dev->dlc)
701                 return 0;
702
703         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
704         if (room < 0)
705                 room = 0;
706
707         return room;
708 }
709
710 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
711 {
712         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
713
714         switch (cmd) {
715         case TCGETS:
716                 BT_DBG("TCGETS is not supported");
717                 return -ENOIOCTLCMD;
718
719         case TCSETS:
720                 BT_DBG("TCSETS is not supported");
721                 return -ENOIOCTLCMD;
722
723         case TIOCMIWAIT:
724                 BT_DBG("TIOCMIWAIT");
725                 break;
726
727         case TIOCGICOUNT:
728                 BT_DBG("TIOCGICOUNT");
729                 break;
730
731         case TIOCGSERIAL:
732                 BT_ERR("TIOCGSERIAL is not supported");
733                 return -ENOIOCTLCMD;
734
735         case TIOCSSERIAL:
736                 BT_ERR("TIOCSSERIAL is not supported");
737                 return -ENOIOCTLCMD;
738
739         case TIOCSERGSTRUCT:
740                 BT_ERR("TIOCSERGSTRUCT is not supported");
741                 return -ENOIOCTLCMD;
742
743         case TIOCSERGETLSR:
744                 BT_ERR("TIOCSERGETLSR is not supported");
745                 return -ENOIOCTLCMD;
746
747         case TIOCSERCONFIG:
748                 BT_ERR("TIOCSERCONFIG is not supported");
749                 return -ENOIOCTLCMD;
750
751         default:
752                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
753
754         }
755
756         return -ENOIOCTLCMD;
757 }
758
759 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
760 {
761         struct ktermios *new = tty->termios;
762         int old_baud_rate = tty_termios_baud_rate(old);
763         int new_baud_rate = tty_termios_baud_rate(new);
764
765         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
766         u16 changes = 0;
767
768         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
769
770         BT_DBG("tty %p termios %p", tty, old);
771
772         if (!dev || !dev->dlc || !dev->dlc->session)
773                 return;
774
775         /* Handle turning off CRTSCTS */
776         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
777                 BT_DBG("Turning off CRTSCTS unsupported");
778
779         /* Parity on/off and when on, odd/even */
780         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
781                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
782                 changes |= RFCOMM_RPN_PM_PARITY;
783                 BT_DBG("Parity change detected.");
784         }
785
786         /* Mark and space parity are not supported! */
787         if (new->c_cflag & PARENB) {
788                 if (new->c_cflag & PARODD) {
789                         BT_DBG("Parity is ODD");
790                         parity = RFCOMM_RPN_PARITY_ODD;
791                 } else {
792                         BT_DBG("Parity is EVEN");
793                         parity = RFCOMM_RPN_PARITY_EVEN;
794                 }
795         } else {
796                 BT_DBG("Parity is OFF");
797                 parity = RFCOMM_RPN_PARITY_NONE;
798         }
799
800         /* Setting the x_on / x_off characters */
801         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
802                 BT_DBG("XOFF custom");
803                 x_on = new->c_cc[VSTOP];
804                 changes |= RFCOMM_RPN_PM_XON;
805         } else {
806                 BT_DBG("XOFF default");
807                 x_on = RFCOMM_RPN_XON_CHAR;
808         }
809
810         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
811                 BT_DBG("XON custom");
812                 x_off = new->c_cc[VSTART];
813                 changes |= RFCOMM_RPN_PM_XOFF;
814         } else {
815                 BT_DBG("XON default");
816                 x_off = RFCOMM_RPN_XOFF_CHAR;
817         }
818
819         /* Handle setting of stop bits */
820         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
821                 changes |= RFCOMM_RPN_PM_STOP;
822
823         /* POSIX does not support 1.5 stop bits and RFCOMM does not
824          * support 2 stop bits. So a request for 2 stop bits gets
825          * translated to 1.5 stop bits */
826         if (new->c_cflag & CSTOPB) {
827                 stop_bits = RFCOMM_RPN_STOP_15;
828         } else {
829                 stop_bits = RFCOMM_RPN_STOP_1;
830         }
831
832         /* Handle number of data bits [5-8] */
833         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
834                 changes |= RFCOMM_RPN_PM_DATA;
835
836         switch (new->c_cflag & CSIZE) {
837         case CS5:
838                 data_bits = RFCOMM_RPN_DATA_5;
839                 break;
840         case CS6:
841                 data_bits = RFCOMM_RPN_DATA_6;
842                 break;
843         case CS7:
844                 data_bits = RFCOMM_RPN_DATA_7;
845                 break;
846         case CS8:
847                 data_bits = RFCOMM_RPN_DATA_8;
848                 break;
849         default:
850                 data_bits = RFCOMM_RPN_DATA_8;
851                 break;
852         }
853
854         /* Handle baudrate settings */
855         if (old_baud_rate != new_baud_rate)
856                 changes |= RFCOMM_RPN_PM_BITRATE;
857
858         switch (new_baud_rate) {
859         case 2400:
860                 baud = RFCOMM_RPN_BR_2400;
861                 break;
862         case 4800:
863                 baud = RFCOMM_RPN_BR_4800;
864                 break;
865         case 7200:
866                 baud = RFCOMM_RPN_BR_7200;
867                 break;
868         case 9600:
869                 baud = RFCOMM_RPN_BR_9600;
870                 break;
871         case 19200:
872                 baud = RFCOMM_RPN_BR_19200;
873                 break;
874         case 38400:
875                 baud = RFCOMM_RPN_BR_38400;
876                 break;
877         case 57600:
878                 baud = RFCOMM_RPN_BR_57600;
879                 break;
880         case 115200:
881                 baud = RFCOMM_RPN_BR_115200;
882                 break;
883         case 230400:
884                 baud = RFCOMM_RPN_BR_230400;
885                 break;
886         default:
887                 /* 9600 is standard accordinag to the RFCOMM specification */
888                 baud = RFCOMM_RPN_BR_9600;
889                 break;
890
891         }
892
893         if (changes)
894                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
895                                 data_bits, stop_bits, parity,
896                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
897
898         return;
899 }
900
901 static void rfcomm_tty_throttle(struct tty_struct *tty)
902 {
903         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
904
905         BT_DBG("tty %p dev %p", tty, dev);
906
907         rfcomm_dlc_throttle(dev->dlc);
908 }
909
910 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
911 {
912         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
913
914         BT_DBG("tty %p dev %p", tty, dev);
915
916         rfcomm_dlc_unthrottle(dev->dlc);
917 }
918
919 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
920 {
921         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
922
923         BT_DBG("tty %p dev %p", tty, dev);
924
925         if (!dev || !dev->dlc)
926                 return 0;
927
928         if (!skb_queue_empty(&dev->dlc->tx_queue))
929                 return dev->dlc->mtu;
930
931         return 0;
932 }
933
934 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
935 {
936         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
937
938         BT_DBG("tty %p dev %p", tty, dev);
939
940         if (!dev || !dev->dlc)
941                 return;
942
943         skb_queue_purge(&dev->dlc->tx_queue);
944
945         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
946                 tty->ldisc.write_wakeup(tty);
947 }
948
949 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
950 {
951         BT_DBG("tty %p ch %c", tty, ch);
952 }
953
954 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
955 {
956         BT_DBG("tty %p timeout %d", tty, timeout);
957 }
958
959 static void rfcomm_tty_hangup(struct tty_struct *tty)
960 {
961         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
962
963         BT_DBG("tty %p dev %p", tty, dev);
964
965         if (!dev)
966                 return;
967
968         rfcomm_tty_flush_buffer(tty);
969
970         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
971                 rfcomm_dev_del(dev);
972 }
973
974 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
975 {
976         return 0;
977 }
978
979 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
980 {
981         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
982
983         BT_DBG("tty %p dev %p", tty, dev);
984
985         return dev->modem_status;
986 }
987
988 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
989 {
990         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
991         struct rfcomm_dlc *dlc = dev->dlc;
992         u8 v24_sig;
993
994         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
995
996         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
997
998         if (set & TIOCM_DSR || set & TIOCM_DTR)
999                 v24_sig |= RFCOMM_V24_RTC;
1000         if (set & TIOCM_RTS || set & TIOCM_CTS)
1001                 v24_sig |= RFCOMM_V24_RTR;
1002         if (set & TIOCM_RI)
1003                 v24_sig |= RFCOMM_V24_IC;
1004         if (set & TIOCM_CD)
1005                 v24_sig |= RFCOMM_V24_DV;
1006
1007         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1008                 v24_sig &= ~RFCOMM_V24_RTC;
1009         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1010                 v24_sig &= ~RFCOMM_V24_RTR;
1011         if (clear & TIOCM_RI)
1012                 v24_sig &= ~RFCOMM_V24_IC;
1013         if (clear & TIOCM_CD)
1014                 v24_sig &= ~RFCOMM_V24_DV;
1015
1016         rfcomm_dlc_set_modem_status(dlc, v24_sig);
1017
1018         return 0;
1019 }
1020
1021 /* ---- TTY structure ---- */
1022
1023 static const struct tty_operations rfcomm_ops = {
1024         .open                   = rfcomm_tty_open,
1025         .close                  = rfcomm_tty_close,
1026         .write                  = rfcomm_tty_write,
1027         .write_room             = rfcomm_tty_write_room,
1028         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1029         .flush_buffer           = rfcomm_tty_flush_buffer,
1030         .ioctl                  = rfcomm_tty_ioctl,
1031         .throttle               = rfcomm_tty_throttle,
1032         .unthrottle             = rfcomm_tty_unthrottle,
1033         .set_termios            = rfcomm_tty_set_termios,
1034         .send_xchar             = rfcomm_tty_send_xchar,
1035         .hangup                 = rfcomm_tty_hangup,
1036         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1037         .read_proc              = rfcomm_tty_read_proc,
1038         .tiocmget               = rfcomm_tty_tiocmget,
1039         .tiocmset               = rfcomm_tty_tiocmset,
1040 };
1041
1042 int rfcomm_init_ttys(void)
1043 {
1044         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1045         if (!rfcomm_tty_driver)
1046                 return -1;
1047
1048         rfcomm_tty_driver->owner        = THIS_MODULE;
1049         rfcomm_tty_driver->driver_name  = "rfcomm";
1050         rfcomm_tty_driver->name         = "rfcomm";
1051         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1052         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1053         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1054         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1055         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1056         rfcomm_tty_driver->init_termios = tty_std_termios;
1057         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1058         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1059
1060         if (tty_register_driver(rfcomm_tty_driver)) {
1061                 BT_ERR("Can't register RFCOMM TTY driver");
1062                 put_tty_driver(rfcomm_tty_driver);
1063                 return -1;
1064         }
1065
1066         BT_INFO("RFCOMM TTY layer initialized");
1067
1068         return 0;
1069 }
1070
1071 void rfcomm_cleanup_ttys(void)
1072 {
1073         tty_unregister_driver(rfcomm_tty_driver);
1074         put_tty_driver(rfcomm_tty_driver);
1075 }