2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
 
   3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
 
   4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
 
   6    This program is free software; you can redistribute it and/or modify
 
   7    it under the terms of the GNU General Public License version 2 as
 
   8    published by the Free Software Foundation;
 
  10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 
  11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 
  12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 
  13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 
  14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 
  15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 
  16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 
  17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
  19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 
  20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 
  21    SOFTWARE IS DISCLAIMED.
 
  28 #include <linux/module.h>
 
  30 #include <linux/tty.h>
 
  31 #include <linux/tty_driver.h>
 
  32 #include <linux/tty_flip.h>
 
  34 #include <linux/capability.h>
 
  35 #include <linux/slab.h>
 
  36 #include <linux/skbuff.h>
 
  38 #include <net/bluetooth/bluetooth.h>
 
  39 #include <net/bluetooth/hci_core.h>
 
  40 #include <net/bluetooth/rfcomm.h>
 
  42 #ifndef CONFIG_BT_RFCOMM_DEBUG
 
  47 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
 
  48 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
 
  49 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
 
  50 #define RFCOMM_TTY_MINOR 0
 
  52 static struct tty_driver *rfcomm_tty_driver;
 
  55         struct list_head        list;
 
  70         struct rfcomm_dlc       *dlc;
 
  71         struct tty_struct       *tty;
 
  72         wait_queue_head_t       wait;
 
  73         struct tasklet_struct   wakeup_task;
 
  75         struct device           *tty_dev;
 
  79         struct sk_buff_head     pending;
 
  82 static LIST_HEAD(rfcomm_dev_list);
 
  83 static DEFINE_RWLOCK(rfcomm_dev_lock);
 
  85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
 
  86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
 
  87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
 
  89 static void rfcomm_tty_wakeup(unsigned long arg);
 
  91 /* ---- Device functions ---- */
 
  92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
 
  94         struct rfcomm_dlc *dlc = dev->dlc;
 
  96         BT_DBG("dev %p dlc %p", dev, dlc);
 
  98         /* Refcount should only hit zero when called from rfcomm_dev_del()
 
  99            which will have taken us off the list. Everything else are
 
 101         BUG_ON(!list_empty(&dev->list));
 
 103         rfcomm_dlc_lock(dlc);
 
 104         /* Detach DLC if it's owned by this dev */
 
 105         if (dlc->owner == dev)
 
 107         rfcomm_dlc_unlock(dlc);
 
 111         tty_unregister_device(rfcomm_tty_driver, dev->id);
 
 115         /* It's safe to call module_put() here because socket still
 
 116            holds reference to this module. */
 
 117         module_put(THIS_MODULE);
 
 120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
 
 122         atomic_inc(&dev->refcnt);
 
 125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
 
 127         /* The reason this isn't actually a race, as you no
 
 128            doubt have a little voice screaming at you in your
 
 129            head, is that the refcount should never actually
 
 130            reach zero unless the device has already been taken
 
 131            off the list, in rfcomm_dev_del(). And if that's not
 
 132            true, we'll hit the BUG() in rfcomm_dev_destruct()
 
 134         if (atomic_dec_and_test(&dev->refcnt))
 
 135                 rfcomm_dev_destruct(dev);
 
 138 static struct rfcomm_dev *__rfcomm_dev_get(int id)
 
 140         struct rfcomm_dev *dev;
 
 143         list_for_each(p, &rfcomm_dev_list) {
 
 144                 dev = list_entry(p, struct rfcomm_dev, list);
 
 152 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
 
 154         struct rfcomm_dev *dev;
 
 156         read_lock(&rfcomm_dev_lock);
 
 158         dev = __rfcomm_dev_get(id);
 
 161                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
 
 164                         rfcomm_dev_hold(dev);
 
 167         read_unlock(&rfcomm_dev_lock);
 
 172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
 
 174         struct hci_dev *hdev;
 
 175         struct hci_conn *conn;
 
 177         hdev = hci_get_route(&dev->dst, &dev->src);
 
 181         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
 
 185         return conn ? &conn->dev : NULL;
 
 188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
 
 190         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
 
 192         baswap(&bdaddr, &dev->dst);
 
 193         return sprintf(buf, "%s\n", batostr(&bdaddr));
 
 196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
 
 198         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
 
 199         return sprintf(buf, "%d\n", dev->channel);
 
 202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
 
 203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
 
 205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
 
 207         struct rfcomm_dev *dev;
 
 208         struct list_head *head = &rfcomm_dev_list, *p;
 
 211         BT_DBG("id %d channel %d", req->dev_id, req->channel);
 
 213         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
 
 217         write_lock_bh(&rfcomm_dev_lock);
 
 219         if (req->dev_id < 0) {
 
 222                 list_for_each(p, &rfcomm_dev_list) {
 
 223                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
 
 230                 dev->id = req->dev_id;
 
 232                 list_for_each(p, &rfcomm_dev_list) {
 
 233                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
 
 235                         if (entry->id == dev->id) {
 
 240                         if (entry->id > dev->id - 1)
 
 247         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
 
 252         sprintf(dev->name, "rfcomm%d", dev->id);
 
 254         list_add(&dev->list, head);
 
 255         atomic_set(&dev->refcnt, 1);
 
 257         bacpy(&dev->src, &req->src);
 
 258         bacpy(&dev->dst, &req->dst);
 
 259         dev->channel = req->channel;
 
 261         dev->flags = req->flags &
 
 262                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
 
 264         init_waitqueue_head(&dev->wait);
 
 265         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
 
 267         skb_queue_head_init(&dev->pending);
 
 269         rfcomm_dlc_lock(dlc);
 
 271         if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
 
 272                 struct sock *sk = dlc->owner;
 
 277                 rfcomm_dlc_throttle(dlc);
 
 279                 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
 
 281                         skb_queue_tail(&dev->pending, skb);
 
 282                         atomic_sub(skb->len, &sk->sk_rmem_alloc);
 
 286         dlc->data_ready   = rfcomm_dev_data_ready;
 
 287         dlc->state_change = rfcomm_dev_state_change;
 
 288         dlc->modem_status = rfcomm_dev_modem_status;
 
 293         rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
 
 295         rfcomm_dlc_unlock(dlc);
 
 297         /* It's safe to call __module_get() here because socket already
 
 298            holds reference to this module. */
 
 299         __module_get(THIS_MODULE);
 
 302         write_unlock_bh(&rfcomm_dev_lock);
 
 309         dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
 
 311         if (IS_ERR(dev->tty_dev)) {
 
 312                 err = PTR_ERR(dev->tty_dev);
 
 313                 list_del(&dev->list);
 
 318         dev_set_drvdata(dev->tty_dev, dev);
 
 320         if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
 
 321                 BT_ERR("Failed to create address attribute");
 
 323         if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
 
 324                 BT_ERR("Failed to create channel attribute");
 
 329 static void rfcomm_dev_del(struct rfcomm_dev *dev)
 
 331         BT_DBG("dev %p", dev);
 
 333         if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
 
 336                 set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
 
 338         write_lock_bh(&rfcomm_dev_lock);
 
 339         list_del_init(&dev->list);
 
 340         write_unlock_bh(&rfcomm_dev_lock);
 
 345 /* ---- Send buffer ---- */
 
 346 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
 
 348         /* We can't let it be zero, because we don't get a callback
 
 349            when tx_credits becomes nonzero, hence we'd never wake up */
 
 350         return dlc->mtu * (dlc->tx_credits?:1);
 
 353 static void rfcomm_wfree(struct sk_buff *skb)
 
 355         struct rfcomm_dev *dev = (void *) skb->sk;
 
 356         atomic_sub(skb->truesize, &dev->wmem_alloc);
 
 357         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
 
 358                 tasklet_schedule(&dev->wakeup_task);
 
 362 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
 
 364         rfcomm_dev_hold(dev);
 
 365         atomic_add(skb->truesize, &dev->wmem_alloc);
 
 366         skb->sk = (void *) dev;
 
 367         skb->destructor = rfcomm_wfree;
 
 370 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
 
 372         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
 
 373                 struct sk_buff *skb = alloc_skb(size, priority);
 
 375                         rfcomm_set_owner_w(skb, dev);
 
 382 /* ---- Device IOCTLs ---- */
 
 384 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
 
 386 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
 
 388         struct rfcomm_dev_req req;
 
 389         struct rfcomm_dlc *dlc;
 
 392         if (copy_from_user(&req, arg, sizeof(req)))
 
 395         BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
 
 397         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
 
 400         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 
 401                 /* Socket must be connected */
 
 402                 if (sk->sk_state != BT_CONNECTED)
 
 405                 dlc = rfcomm_pi(sk)->dlc;
 
 406                 rfcomm_dlc_hold(dlc);
 
 408                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
 
 413         id = rfcomm_dev_add(&req, dlc);
 
 419         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 
 420                 /* DLC is now used by device.
 
 421                  * Socket must be disconnected */
 
 422                 sk->sk_state = BT_CLOSED;
 
 428 static int rfcomm_release_dev(void __user *arg)
 
 430         struct rfcomm_dev_req req;
 
 431         struct rfcomm_dev *dev;
 
 433         if (copy_from_user(&req, arg, sizeof(req)))
 
 436         BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
 
 438         if (!(dev = rfcomm_dev_get(req.dev_id)))
 
 441         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
 
 446         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
 
 447                 rfcomm_dlc_close(dev->dlc, 0);
 
 449         /* Shut down TTY synchronously before freeing rfcomm_dev */
 
 451                 tty_vhangup(dev->tty);
 
 453         if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
 
 459 static int rfcomm_get_dev_list(void __user *arg)
 
 461         struct rfcomm_dev_list_req *dl;
 
 462         struct rfcomm_dev_info *di;
 
 464         int n = 0, size, err;
 
 469         if (get_user(dev_num, (u16 __user *) arg))
 
 472         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
 
 475         size = sizeof(*dl) + dev_num * sizeof(*di);
 
 477         if (!(dl = kmalloc(size, GFP_KERNEL)))
 
 482         read_lock_bh(&rfcomm_dev_lock);
 
 484         list_for_each(p, &rfcomm_dev_list) {
 
 485                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
 
 486                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
 
 488                 (di + n)->id      = dev->id;
 
 489                 (di + n)->flags   = dev->flags;
 
 490                 (di + n)->state   = dev->dlc->state;
 
 491                 (di + n)->channel = dev->channel;
 
 492                 bacpy(&(di + n)->src, &dev->src);
 
 493                 bacpy(&(di + n)->dst, &dev->dst);
 
 498         read_unlock_bh(&rfcomm_dev_lock);
 
 501         size = sizeof(*dl) + n * sizeof(*di);
 
 503         err = copy_to_user(arg, dl, size);
 
 506         return err ? -EFAULT : 0;
 
 509 static int rfcomm_get_dev_info(void __user *arg)
 
 511         struct rfcomm_dev *dev;
 
 512         struct rfcomm_dev_info di;
 
 517         if (copy_from_user(&di, arg, sizeof(di)))
 
 520         if (!(dev = rfcomm_dev_get(di.id)))
 
 523         di.flags   = dev->flags;
 
 524         di.channel = dev->channel;
 
 525         di.state   = dev->dlc->state;
 
 526         bacpy(&di.src, &dev->src);
 
 527         bacpy(&di.dst, &dev->dst);
 
 529         if (copy_to_user(arg, &di, sizeof(di)))
 
 536 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
 
 538         BT_DBG("cmd %d arg %p", cmd, arg);
 
 541         case RFCOMMCREATEDEV:
 
 542                 return rfcomm_create_dev(sk, arg);
 
 544         case RFCOMMRELEASEDEV:
 
 545                 return rfcomm_release_dev(arg);
 
 547         case RFCOMMGETDEVLIST:
 
 548                 return rfcomm_get_dev_list(arg);
 
 550         case RFCOMMGETDEVINFO:
 
 551                 return rfcomm_get_dev_info(arg);
 
 557 /* ---- DLC callbacks ---- */
 
 558 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
 
 560         struct rfcomm_dev *dev = dlc->owner;
 
 561         struct tty_struct *tty;
 
 568         if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) {
 
 569                 skb_queue_tail(&dev->pending, skb);
 
 573         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
 
 575         tty_insert_flip_string(tty, skb->data, skb->len);
 
 576         tty_flip_buffer_push(tty);
 
 581 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
 
 583         struct rfcomm_dev *dev = dlc->owner;
 
 587         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
 
 590         wake_up_interruptible(&dev->wait);
 
 592         if (dlc->state == BT_CLOSED) {
 
 594                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
 
 595                                 /* Drop DLC lock here to avoid deadlock
 
 596                                  * 1. rfcomm_dev_get will take rfcomm_dev_lock
 
 597                                  *    but in rfcomm_dev_add there's lock order:
 
 598                                  *    rfcomm_dev_lock -> dlc lock
 
 599                                  * 2. rfcomm_dev_put will deadlock if it's
 
 602                                 rfcomm_dlc_unlock(dlc);
 
 603                                 if (rfcomm_dev_get(dev->id) == NULL) {
 
 604                                         rfcomm_dlc_lock(dlc);
 
 610                                 rfcomm_dlc_lock(dlc);
 
 613                         tty_hangup(dev->tty);
 
 617 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
 
 619         struct rfcomm_dev *dev = dlc->owner;
 
 623         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
 
 625         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
 
 626                 if (dev->tty && !C_CLOCAL(dev->tty))
 
 627                         tty_hangup(dev->tty);
 
 631                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
 
 632                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
 
 633                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
 
 634                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
 
 637 /* ---- TTY functions ---- */
 
 638 static void rfcomm_tty_wakeup(unsigned long arg)
 
 640         struct rfcomm_dev *dev = (void *) arg;
 
 641         struct tty_struct *tty = dev->tty;
 
 645         BT_DBG("dev %p tty %p", dev, tty);
 
 649 static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
 
 651         struct tty_struct *tty = dev->tty;
 
 658         BT_DBG("dev %p tty %p", dev, tty);
 
 660         rfcomm_dlc_lock(dev->dlc);
 
 662         while ((skb = skb_dequeue(&dev->pending))) {
 
 663                 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
 
 667         rfcomm_dlc_unlock(dev->dlc);
 
 670                 tty_flip_buffer_push(tty);
 
 673 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
 
 675         DECLARE_WAITQUEUE(wait, current);
 
 676         struct rfcomm_dev *dev;
 
 677         struct rfcomm_dlc *dlc;
 
 682         BT_DBG("tty %p id %d", tty, id);
 
 684         /* We don't leak this refcount. For reasons which are not entirely
 
 685            clear, the TTY layer will call our ->close() method even if the
 
 686            open fails. We decrease the refcount there, and decreasing it
 
 687            here too would cause breakage. */
 
 688         dev = rfcomm_dev_get(id);
 
 692         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
 
 694         if (dev->opened++ != 0)
 
 699         /* Attach TTY and open DLC */
 
 701         rfcomm_dlc_lock(dlc);
 
 702         tty->driver_data = dev;
 
 704         rfcomm_dlc_unlock(dlc);
 
 705         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 
 707         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
 
 711         /* Wait for DLC to connect */
 
 712         add_wait_queue(&dev->wait, &wait);
 
 714                 set_current_state(TASK_INTERRUPTIBLE);
 
 716                 if (dlc->state == BT_CLOSED) {
 
 721                 if (dlc->state == BT_CONNECTED)
 
 724                 if (signal_pending(current)) {
 
 731         set_current_state(TASK_RUNNING);
 
 732         remove_wait_queue(&dev->wait, &wait);
 
 735                 device_move(dev->tty_dev, rfcomm_get_device(dev));
 
 737         rfcomm_tty_copy_pending(dev);
 
 739         rfcomm_dlc_unthrottle(dev->dlc);
 
 744 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
 
 746         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 750         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
 
 752         if (--dev->opened == 0) {
 
 753                 if (dev->tty_dev->parent)
 
 754                         device_move(dev->tty_dev, NULL);
 
 756                 /* Close DLC and dettach TTY */
 
 757                 rfcomm_dlc_close(dev->dlc, 0);
 
 759                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 
 760                 tasklet_kill(&dev->wakeup_task);
 
 762                 rfcomm_dlc_lock(dev->dlc);
 
 763                 tty->driver_data = NULL;
 
 765                 rfcomm_dlc_unlock(dev->dlc);
 
 771 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
 
 773         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 774         struct rfcomm_dlc *dlc = dev->dlc;
 
 776         int err = 0, sent = 0, size;
 
 778         BT_DBG("tty %p count %d", tty, count);
 
 781                 size = min_t(uint, count, dlc->mtu);
 
 783                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
 
 788                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 
 790                 memcpy(skb_put(skb, size), buf + sent, size);
 
 792                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
 
 801         return sent ? sent : err;
 
 804 static int rfcomm_tty_write_room(struct tty_struct *tty)
 
 806         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 809         BT_DBG("tty %p", tty);
 
 811         if (!dev || !dev->dlc)
 
 814         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
 
 821 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
 
 823         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
 
 827                 BT_DBG("TCGETS is not supported");
 
 831                 BT_DBG("TCSETS is not supported");
 
 835                 BT_DBG("TIOCMIWAIT");
 
 839                 BT_DBG("TIOCGICOUNT");
 
 843                 BT_ERR("TIOCGSERIAL is not supported");
 
 847                 BT_ERR("TIOCSSERIAL is not supported");
 
 851                 BT_ERR("TIOCSERGSTRUCT is not supported");
 
 855                 BT_ERR("TIOCSERGETLSR is not supported");
 
 859                 BT_ERR("TIOCSERCONFIG is not supported");
 
 863                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
 
 870 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
 
 872         struct ktermios *new = tty->termios;
 
 873         int old_baud_rate = tty_termios_baud_rate(old);
 
 874         int new_baud_rate = tty_termios_baud_rate(new);
 
 876         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
 
 879         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 881         BT_DBG("tty %p termios %p", tty, old);
 
 883         if (!dev || !dev->dlc || !dev->dlc->session)
 
 886         /* Handle turning off CRTSCTS */
 
 887         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
 
 888                 BT_DBG("Turning off CRTSCTS unsupported");
 
 890         /* Parity on/off and when on, odd/even */
 
 891         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
 
 892                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
 
 893                 changes |= RFCOMM_RPN_PM_PARITY;
 
 894                 BT_DBG("Parity change detected.");
 
 897         /* Mark and space parity are not supported! */
 
 898         if (new->c_cflag & PARENB) {
 
 899                 if (new->c_cflag & PARODD) {
 
 900                         BT_DBG("Parity is ODD");
 
 901                         parity = RFCOMM_RPN_PARITY_ODD;
 
 903                         BT_DBG("Parity is EVEN");
 
 904                         parity = RFCOMM_RPN_PARITY_EVEN;
 
 907                 BT_DBG("Parity is OFF");
 
 908                 parity = RFCOMM_RPN_PARITY_NONE;
 
 911         /* Setting the x_on / x_off characters */
 
 912         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
 
 913                 BT_DBG("XOFF custom");
 
 914                 x_on = new->c_cc[VSTOP];
 
 915                 changes |= RFCOMM_RPN_PM_XON;
 
 917                 BT_DBG("XOFF default");
 
 918                 x_on = RFCOMM_RPN_XON_CHAR;
 
 921         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
 
 922                 BT_DBG("XON custom");
 
 923                 x_off = new->c_cc[VSTART];
 
 924                 changes |= RFCOMM_RPN_PM_XOFF;
 
 926                 BT_DBG("XON default");
 
 927                 x_off = RFCOMM_RPN_XOFF_CHAR;
 
 930         /* Handle setting of stop bits */
 
 931         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
 
 932                 changes |= RFCOMM_RPN_PM_STOP;
 
 934         /* POSIX does not support 1.5 stop bits and RFCOMM does not
 
 935          * support 2 stop bits. So a request for 2 stop bits gets
 
 936          * translated to 1.5 stop bits */
 
 937         if (new->c_cflag & CSTOPB) {
 
 938                 stop_bits = RFCOMM_RPN_STOP_15;
 
 940                 stop_bits = RFCOMM_RPN_STOP_1;
 
 943         /* Handle number of data bits [5-8] */
 
 944         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
 
 945                 changes |= RFCOMM_RPN_PM_DATA;
 
 947         switch (new->c_cflag & CSIZE) {
 
 949                 data_bits = RFCOMM_RPN_DATA_5;
 
 952                 data_bits = RFCOMM_RPN_DATA_6;
 
 955                 data_bits = RFCOMM_RPN_DATA_7;
 
 958                 data_bits = RFCOMM_RPN_DATA_8;
 
 961                 data_bits = RFCOMM_RPN_DATA_8;
 
 965         /* Handle baudrate settings */
 
 966         if (old_baud_rate != new_baud_rate)
 
 967                 changes |= RFCOMM_RPN_PM_BITRATE;
 
 969         switch (new_baud_rate) {
 
 971                 baud = RFCOMM_RPN_BR_2400;
 
 974                 baud = RFCOMM_RPN_BR_4800;
 
 977                 baud = RFCOMM_RPN_BR_7200;
 
 980                 baud = RFCOMM_RPN_BR_9600;
 
 983                 baud = RFCOMM_RPN_BR_19200;
 
 986                 baud = RFCOMM_RPN_BR_38400;
 
 989                 baud = RFCOMM_RPN_BR_57600;
 
 992                 baud = RFCOMM_RPN_BR_115200;
 
 995                 baud = RFCOMM_RPN_BR_230400;
 
 998                 /* 9600 is standard accordinag to the RFCOMM specification */
 
 999                 baud = RFCOMM_RPN_BR_9600;
 
1005                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
 
1006                                 data_bits, stop_bits, parity,
 
1007                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
 
1012 static void rfcomm_tty_throttle(struct tty_struct *tty)
 
1014         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1016         BT_DBG("tty %p dev %p", tty, dev);
 
1018         rfcomm_dlc_throttle(dev->dlc);
 
1021 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
 
1023         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1025         BT_DBG("tty %p dev %p", tty, dev);
 
1027         rfcomm_dlc_unthrottle(dev->dlc);
 
1030 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
 
1032         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1034         BT_DBG("tty %p dev %p", tty, dev);
 
1036         if (!dev || !dev->dlc)
 
1039         if (!skb_queue_empty(&dev->dlc->tx_queue))
 
1040                 return dev->dlc->mtu;
 
1045 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
 
1047         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1049         BT_DBG("tty %p dev %p", tty, dev);
 
1051         if (!dev || !dev->dlc)
 
1054         skb_queue_purge(&dev->dlc->tx_queue);
 
1058 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
 
1060         BT_DBG("tty %p ch %c", tty, ch);
 
1063 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
 
1065         BT_DBG("tty %p timeout %d", tty, timeout);
 
1068 static void rfcomm_tty_hangup(struct tty_struct *tty)
 
1070         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1072         BT_DBG("tty %p dev %p", tty, dev);
 
1077         rfcomm_tty_flush_buffer(tty);
 
1079         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
 
1080                 if (rfcomm_dev_get(dev->id) == NULL)
 
1082                 rfcomm_dev_del(dev);
 
1083                 rfcomm_dev_put(dev);
 
1087 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
 
1092 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
 
1094         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1096         BT_DBG("tty %p dev %p", tty, dev);
 
1098         return dev->modem_status;
 
1101 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
 
1103         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
1104         struct rfcomm_dlc *dlc = dev->dlc;
 
1107         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
 
1109         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
 
1111         if (set & TIOCM_DSR || set & TIOCM_DTR)
 
1112                 v24_sig |= RFCOMM_V24_RTC;
 
1113         if (set & TIOCM_RTS || set & TIOCM_CTS)
 
1114                 v24_sig |= RFCOMM_V24_RTR;
 
1116                 v24_sig |= RFCOMM_V24_IC;
 
1118                 v24_sig |= RFCOMM_V24_DV;
 
1120         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
 
1121                 v24_sig &= ~RFCOMM_V24_RTC;
 
1122         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
 
1123                 v24_sig &= ~RFCOMM_V24_RTR;
 
1124         if (clear & TIOCM_RI)
 
1125                 v24_sig &= ~RFCOMM_V24_IC;
 
1126         if (clear & TIOCM_CD)
 
1127                 v24_sig &= ~RFCOMM_V24_DV;
 
1129         rfcomm_dlc_set_modem_status(dlc, v24_sig);
 
1134 /* ---- TTY structure ---- */
 
1136 static const struct tty_operations rfcomm_ops = {
 
1137         .open                   = rfcomm_tty_open,
 
1138         .close                  = rfcomm_tty_close,
 
1139         .write                  = rfcomm_tty_write,
 
1140         .write_room             = rfcomm_tty_write_room,
 
1141         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
 
1142         .flush_buffer           = rfcomm_tty_flush_buffer,
 
1143         .ioctl                  = rfcomm_tty_ioctl,
 
1144         .throttle               = rfcomm_tty_throttle,
 
1145         .unthrottle             = rfcomm_tty_unthrottle,
 
1146         .set_termios            = rfcomm_tty_set_termios,
 
1147         .send_xchar             = rfcomm_tty_send_xchar,
 
1148         .hangup                 = rfcomm_tty_hangup,
 
1149         .wait_until_sent        = rfcomm_tty_wait_until_sent,
 
1150         .read_proc              = rfcomm_tty_read_proc,
 
1151         .tiocmget               = rfcomm_tty_tiocmget,
 
1152         .tiocmset               = rfcomm_tty_tiocmset,
 
1155 int rfcomm_init_ttys(void)
 
1157         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
 
1158         if (!rfcomm_tty_driver)
 
1161         rfcomm_tty_driver->owner        = THIS_MODULE;
 
1162         rfcomm_tty_driver->driver_name  = "rfcomm";
 
1163         rfcomm_tty_driver->name         = "rfcomm";
 
1164         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
 
1165         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
 
1166         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
 
1167         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
 
1168         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
 
1169         rfcomm_tty_driver->init_termios = tty_std_termios;
 
1170         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
 
1171         rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
 
1172         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
 
1174         if (tty_register_driver(rfcomm_tty_driver)) {
 
1175                 BT_ERR("Can't register RFCOMM TTY driver");
 
1176                 put_tty_driver(rfcomm_tty_driver);
 
1180         BT_INFO("RFCOMM TTY layer initialized");
 
1185 void rfcomm_cleanup_ttys(void)
 
1187         tty_unregister_driver(rfcomm_tty_driver);
 
1188         put_tty_driver(rfcomm_tty_driver);