2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
 
   3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
 
   4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
 
   6    This program is free software; you can redistribute it and/or modify
 
   7    it under the terms of the GNU General Public License version 2 as
 
   8    published by the Free Software Foundation;
 
  10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 
  11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 
  12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 
  13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 
  14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
 
  15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
 
  16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
 
  17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
  19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
 
  20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
 
  21    SOFTWARE IS DISCLAIMED.
 
  27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
 
  30 #include <linux/config.h>
 
  31 #include <linux/module.h>
 
  33 #include <linux/tty.h>
 
  34 #include <linux/tty_driver.h>
 
  35 #include <linux/tty_flip.h>
 
  37 #include <linux/capability.h>
 
  38 #include <linux/slab.h>
 
  39 #include <linux/skbuff.h>
 
  41 #include <net/bluetooth/bluetooth.h>
 
  42 #include <net/bluetooth/rfcomm.h>
 
  44 #ifndef CONFIG_BT_RFCOMM_DEBUG
 
  49 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
 
  50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
 
  51 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
 
  52 #define RFCOMM_TTY_MINOR 0
 
  54 static struct tty_driver *rfcomm_tty_driver;
 
  57         struct list_head        list;
 
  72         struct rfcomm_dlc       *dlc;
 
  73         struct tty_struct       *tty;
 
  74         wait_queue_head_t       wait;
 
  75         struct tasklet_struct   wakeup_task;
 
  80 static LIST_HEAD(rfcomm_dev_list);
 
  81 static DEFINE_RWLOCK(rfcomm_dev_lock);
 
  83 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
 
  84 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
 
  85 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
 
  87 static void rfcomm_tty_wakeup(unsigned long arg);
 
  89 /* ---- Device functions ---- */
 
  90 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
 
  92         struct rfcomm_dlc *dlc = dev->dlc;
 
  94         BT_DBG("dev %p dlc %p", dev, dlc);
 
  97         /* Detach DLC if it's owned by this dev */
 
  98         if (dlc->owner == dev)
 
 100         rfcomm_dlc_unlock(dlc);
 
 104         tty_unregister_device(rfcomm_tty_driver, dev->id);
 
 106         /* Refcount should only hit zero when called from rfcomm_dev_del()
 
 107            which will have taken us off the list. Everything else are
 
 109         BUG_ON(!list_empty(&dev->list));
 
 113         /* It's safe to call module_put() here because socket still 
 
 114            holds reference to this module. */
 
 115         module_put(THIS_MODULE);
 
 118 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
 
 120         atomic_inc(&dev->refcnt);
 
 123 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
 
 125         /* The reason this isn't actually a race, as you no
 
 126            doubt have a little voice screaming at you in your
 
 127            head, is that the refcount should never actually
 
 128            reach zero unless the device has already been taken
 
 129            off the list, in rfcomm_dev_del(). And if that's not
 
 130            true, we'll hit the BUG() in rfcomm_dev_destruct()
 
 132         if (atomic_dec_and_test(&dev->refcnt))
 
 133                 rfcomm_dev_destruct(dev);
 
 136 static struct rfcomm_dev *__rfcomm_dev_get(int id)
 
 138         struct rfcomm_dev *dev;
 
 141         list_for_each(p, &rfcomm_dev_list) {
 
 142                 dev = list_entry(p, struct rfcomm_dev, list);
 
 150 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
 
 152         struct rfcomm_dev *dev;
 
 154         read_lock(&rfcomm_dev_lock);
 
 156         dev = __rfcomm_dev_get(id);
 
 158                 rfcomm_dev_hold(dev);
 
 160         read_unlock(&rfcomm_dev_lock);
 
 165 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
 
 167         struct rfcomm_dev *dev;
 
 168         struct list_head *head = &rfcomm_dev_list, *p;
 
 171         BT_DBG("id %d channel %d", req->dev_id, req->channel);
 
 173         dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
 
 176         memset(dev, 0, sizeof(struct rfcomm_dev));
 
 178         write_lock_bh(&rfcomm_dev_lock);
 
 180         if (req->dev_id < 0) {
 
 183                 list_for_each(p, &rfcomm_dev_list) {
 
 184                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
 
 191                 dev->id = req->dev_id;
 
 193                 list_for_each(p, &rfcomm_dev_list) {
 
 194                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
 
 196                         if (entry->id == dev->id) {
 
 201                         if (entry->id > dev->id - 1)
 
 208         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
 
 213         sprintf(dev->name, "rfcomm%d", dev->id);
 
 215         list_add(&dev->list, head);
 
 216         atomic_set(&dev->refcnt, 1);
 
 218         bacpy(&dev->src, &req->src);
 
 219         bacpy(&dev->dst, &req->dst);
 
 220         dev->channel = req->channel;
 
 222         dev->flags = req->flags & 
 
 223                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
 
 225         init_waitqueue_head(&dev->wait);
 
 226         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
 
 228         rfcomm_dlc_lock(dlc);
 
 229         dlc->data_ready   = rfcomm_dev_data_ready;
 
 230         dlc->state_change = rfcomm_dev_state_change;
 
 231         dlc->modem_status = rfcomm_dev_modem_status;
 
 235         rfcomm_dlc_unlock(dlc);
 
 237         /* It's safe to call __module_get() here because socket already 
 
 238            holds reference to this module. */
 
 239         __module_get(THIS_MODULE);
 
 242         write_unlock_bh(&rfcomm_dev_lock);
 
 249         tty_register_device(rfcomm_tty_driver, dev->id, NULL);
 
 254 static void rfcomm_dev_del(struct rfcomm_dev *dev)
 
 256         BT_DBG("dev %p", dev);
 
 258         write_lock_bh(&rfcomm_dev_lock);
 
 259         list_del_init(&dev->list);
 
 260         write_unlock_bh(&rfcomm_dev_lock);
 
 265 /* ---- Send buffer ---- */
 
 266 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
 
 268         /* We can't let it be zero, because we don't get a callback
 
 269            when tx_credits becomes nonzero, hence we'd never wake up */
 
 270         return dlc->mtu * (dlc->tx_credits?:1);
 
 273 static void rfcomm_wfree(struct sk_buff *skb)
 
 275         struct rfcomm_dev *dev = (void *) skb->sk;
 
 276         atomic_sub(skb->truesize, &dev->wmem_alloc);
 
 277         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
 
 278                 tasklet_schedule(&dev->wakeup_task);
 
 282 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
 
 284         rfcomm_dev_hold(dev);
 
 285         atomic_add(skb->truesize, &dev->wmem_alloc);
 
 286         skb->sk = (void *) dev;
 
 287         skb->destructor = rfcomm_wfree;
 
 290 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
 
 292         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
 
 293                 struct sk_buff *skb = alloc_skb(size, priority);
 
 295                         rfcomm_set_owner_w(skb, dev);
 
 302 /* ---- Device IOCTLs ---- */
 
 304 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
 
 306 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
 
 308         struct rfcomm_dev_req req;
 
 309         struct rfcomm_dlc *dlc;
 
 312         if (copy_from_user(&req, arg, sizeof(req)))
 
 315         BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
 
 317         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
 
 320         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 
 321                 /* Socket must be connected */
 
 322                 if (sk->sk_state != BT_CONNECTED)
 
 325                 dlc = rfcomm_pi(sk)->dlc;
 
 326                 rfcomm_dlc_hold(dlc);
 
 328                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
 
 333         id = rfcomm_dev_add(&req, dlc);
 
 339         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 
 340                 /* DLC is now used by device.
 
 341                  * Socket must be disconnected */
 
 342                 sk->sk_state = BT_CLOSED;
 
 348 static int rfcomm_release_dev(void __user *arg)
 
 350         struct rfcomm_dev_req req;
 
 351         struct rfcomm_dev *dev;
 
 353         if (copy_from_user(&req, arg, sizeof(req)))
 
 356         BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
 
 358         if (!(dev = rfcomm_dev_get(req.dev_id)))
 
 361         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
 
 366         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
 
 367                 rfcomm_dlc_close(dev->dlc, 0);
 
 374 static int rfcomm_get_dev_list(void __user *arg)
 
 376         struct rfcomm_dev_list_req *dl;
 
 377         struct rfcomm_dev_info *di;
 
 379         int n = 0, size, err;
 
 384         if (get_user(dev_num, (u16 __user *) arg))
 
 387         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
 
 390         size = sizeof(*dl) + dev_num * sizeof(*di);
 
 392         if (!(dl = kmalloc(size, GFP_KERNEL)))
 
 397         read_lock_bh(&rfcomm_dev_lock);
 
 399         list_for_each(p, &rfcomm_dev_list) {
 
 400                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
 
 401                 (di + n)->id      = dev->id;
 
 402                 (di + n)->flags   = dev->flags;
 
 403                 (di + n)->state   = dev->dlc->state;
 
 404                 (di + n)->channel = dev->channel;
 
 405                 bacpy(&(di + n)->src, &dev->src);
 
 406                 bacpy(&(di + n)->dst, &dev->dst);
 
 411         read_unlock_bh(&rfcomm_dev_lock);
 
 414         size = sizeof(*dl) + n * sizeof(*di);
 
 416         err = copy_to_user(arg, dl, size);
 
 419         return err ? -EFAULT : 0;
 
 422 static int rfcomm_get_dev_info(void __user *arg)
 
 424         struct rfcomm_dev *dev;
 
 425         struct rfcomm_dev_info di;
 
 430         if (copy_from_user(&di, arg, sizeof(di)))
 
 433         if (!(dev = rfcomm_dev_get(di.id)))
 
 436         di.flags   = dev->flags;
 
 437         di.channel = dev->channel;
 
 438         di.state   = dev->dlc->state;
 
 439         bacpy(&di.src, &dev->src);
 
 440         bacpy(&di.dst, &dev->dst);
 
 442         if (copy_to_user(arg, &di, sizeof(di)))
 
 449 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
 
 451         BT_DBG("cmd %d arg %p", cmd, arg);
 
 454         case RFCOMMCREATEDEV:
 
 455                 return rfcomm_create_dev(sk, arg);
 
 457         case RFCOMMRELEASEDEV:
 
 458                 return rfcomm_release_dev(arg);
 
 460         case RFCOMMGETDEVLIST:
 
 461                 return rfcomm_get_dev_list(arg);
 
 463         case RFCOMMGETDEVINFO:
 
 464                 return rfcomm_get_dev_info(arg);
 
 470 /* ---- DLC callbacks ---- */
 
 471 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
 
 473         struct rfcomm_dev *dev = dlc->owner;
 
 474         struct tty_struct *tty;
 
 476         if (!dev || !(tty = dev->tty)) {
 
 481         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
 
 483         if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
 
 484                 tty_buffer_request_room(tty, skb->len);
 
 485                 tty_insert_flip_string(tty, skb->data, skb->len);
 
 486                 tty_flip_buffer_push(tty);
 
 488                 tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
 
 493 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
 
 495         struct rfcomm_dev *dev = dlc->owner;
 
 499         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
 
 502         wake_up_interruptible(&dev->wait);
 
 504         if (dlc->state == BT_CLOSED) {
 
 506                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
 
 507                                 rfcomm_dev_hold(dev);
 
 510                                 /* We have to drop DLC lock here, otherwise
 
 511                                    rfcomm_dev_put() will dead lock if it's
 
 512                                    the last reference. */
 
 513                                 rfcomm_dlc_unlock(dlc);
 
 515                                 rfcomm_dlc_lock(dlc);
 
 518                         tty_hangup(dev->tty);
 
 522 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
 
 524         struct rfcomm_dev *dev = dlc->owner;
 
 528         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
 
 530         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
 
 531                 if (dev->tty && !C_CLOCAL(dev->tty))
 
 532                         tty_hangup(dev->tty);
 
 536                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
 
 537                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
 
 538                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
 
 539                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
 
 542 /* ---- TTY functions ---- */
 
 543 static void rfcomm_tty_wakeup(unsigned long arg)
 
 545         struct rfcomm_dev *dev = (void *) arg;
 
 546         struct tty_struct *tty = dev->tty;
 
 550         BT_DBG("dev %p tty %p", dev, tty);
 
 552         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
 
 553                 (tty->ldisc.write_wakeup)(tty);
 
 555         wake_up_interruptible(&tty->write_wait);
 
 556 #ifdef SERIAL_HAVE_POLL_WAIT
 
 557         wake_up_interruptible(&tty->poll_wait);
 
 561 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
 
 563         DECLARE_WAITQUEUE(wait, current);
 
 564         struct rfcomm_dev *dev;
 
 565         struct rfcomm_dlc *dlc;
 
 570         BT_DBG("tty %p id %d", tty, id);
 
 572         /* We don't leak this refcount. For reasons which are not entirely
 
 573            clear, the TTY layer will call our ->close() method even if the
 
 574            open fails. We decrease the refcount there, and decreasing it
 
 575            here too would cause breakage. */
 
 576         dev = rfcomm_dev_get(id);
 
 580         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
 
 582         if (dev->opened++ != 0)
 
 587         /* Attach TTY and open DLC */
 
 589         rfcomm_dlc_lock(dlc);
 
 590         tty->driver_data = dev;
 
 592         rfcomm_dlc_unlock(dlc);
 
 593         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 
 595         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
 
 599         /* Wait for DLC to connect */
 
 600         add_wait_queue(&dev->wait, &wait);
 
 602                 set_current_state(TASK_INTERRUPTIBLE);
 
 604                 if (dlc->state == BT_CLOSED) {
 
 609                 if (dlc->state == BT_CONNECTED)
 
 612                 if (signal_pending(current)) {
 
 619         set_current_state(TASK_RUNNING);
 
 620         remove_wait_queue(&dev->wait, &wait);
 
 625 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
 
 627         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 631         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
 
 633         if (--dev->opened == 0) {
 
 634                 /* Close DLC and dettach TTY */
 
 635                 rfcomm_dlc_close(dev->dlc, 0);
 
 637                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 
 638                 tasklet_kill(&dev->wakeup_task);
 
 640                 rfcomm_dlc_lock(dev->dlc);
 
 641                 tty->driver_data = NULL;
 
 643                 rfcomm_dlc_unlock(dev->dlc);
 
 649 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
 
 651         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 652         struct rfcomm_dlc *dlc = dev->dlc;
 
 654         int err = 0, sent = 0, size;
 
 656         BT_DBG("tty %p count %d", tty, count);
 
 659                 size = min_t(uint, count, dlc->mtu);
 
 661                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
 
 666                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 
 668                 memcpy(skb_put(skb, size), buf + sent, size);
 
 670                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
 
 679         return sent ? sent : err;
 
 682 static int rfcomm_tty_write_room(struct tty_struct *tty)
 
 684         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 687         BT_DBG("tty %p", tty);
 
 689         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
 
 695 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
 
 697         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
 
 701                 BT_DBG("TCGETS is not supported");
 
 705                 BT_DBG("TCSETS is not supported");
 
 709                 BT_DBG("TIOCMIWAIT");
 
 713                 BT_DBG("TIOCGICOUNT");
 
 717                 BT_ERR("TIOCGSERIAL is not supported");
 
 721                 BT_ERR("TIOCSSERIAL is not supported");
 
 725                 BT_ERR("TIOCSERGSTRUCT is not supported");
 
 729                 BT_ERR("TIOCSERGETLSR is not supported");
 
 733                 BT_ERR("TIOCSERCONFIG is not supported");
 
 737                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
 
 744 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
 
 746         struct termios *new = (struct termios *) tty->termios;
 
 747         int old_baud_rate = tty_termios_baud_rate(old);
 
 748         int new_baud_rate = tty_termios_baud_rate(new);
 
 750         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
 
 753         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 755         BT_DBG("tty %p termios %p", tty, old);
 
 757         /* Handle turning off CRTSCTS */
 
 758         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 
 
 759                 BT_DBG("Turning off CRTSCTS unsupported");
 
 761         /* Parity on/off and when on, odd/even */
 
 762         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
 
 763                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
 
 764                 changes |= RFCOMM_RPN_PM_PARITY;
 
 765                 BT_DBG("Parity change detected.");
 
 768         /* Mark and space parity are not supported! */
 
 769         if (new->c_cflag & PARENB) {
 
 770                 if (new->c_cflag & PARODD) {
 
 771                         BT_DBG("Parity is ODD");
 
 772                         parity = RFCOMM_RPN_PARITY_ODD;
 
 774                         BT_DBG("Parity is EVEN");
 
 775                         parity = RFCOMM_RPN_PARITY_EVEN;
 
 778                 BT_DBG("Parity is OFF");
 
 779                 parity = RFCOMM_RPN_PARITY_NONE;
 
 782         /* Setting the x_on / x_off characters */
 
 783         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
 
 784                 BT_DBG("XOFF custom");
 
 785                 x_on = new->c_cc[VSTOP];
 
 786                 changes |= RFCOMM_RPN_PM_XON;
 
 788                 BT_DBG("XOFF default");
 
 789                 x_on = RFCOMM_RPN_XON_CHAR;
 
 792         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
 
 793                 BT_DBG("XON custom");
 
 794                 x_off = new->c_cc[VSTART];
 
 795                 changes |= RFCOMM_RPN_PM_XOFF;
 
 797                 BT_DBG("XON default");
 
 798                 x_off = RFCOMM_RPN_XOFF_CHAR;
 
 801         /* Handle setting of stop bits */
 
 802         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
 
 803                 changes |= RFCOMM_RPN_PM_STOP;
 
 805         /* POSIX does not support 1.5 stop bits and RFCOMM does not
 
 806          * support 2 stop bits. So a request for 2 stop bits gets
 
 807          * translated to 1.5 stop bits */
 
 808         if (new->c_cflag & CSTOPB) {
 
 809                 stop_bits = RFCOMM_RPN_STOP_15;
 
 811                 stop_bits = RFCOMM_RPN_STOP_1;
 
 814         /* Handle number of data bits [5-8] */
 
 815         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 
 
 816                 changes |= RFCOMM_RPN_PM_DATA;
 
 818         switch (new->c_cflag & CSIZE) {
 
 820                 data_bits = RFCOMM_RPN_DATA_5;
 
 823                 data_bits = RFCOMM_RPN_DATA_6;
 
 826                 data_bits = RFCOMM_RPN_DATA_7;
 
 829                 data_bits = RFCOMM_RPN_DATA_8;
 
 832                 data_bits = RFCOMM_RPN_DATA_8;
 
 836         /* Handle baudrate settings */
 
 837         if (old_baud_rate != new_baud_rate)
 
 838                 changes |= RFCOMM_RPN_PM_BITRATE;
 
 840         switch (new_baud_rate) {
 
 842                 baud = RFCOMM_RPN_BR_2400;
 
 845                 baud = RFCOMM_RPN_BR_4800;
 
 848                 baud = RFCOMM_RPN_BR_7200;
 
 851                 baud = RFCOMM_RPN_BR_9600;
 
 854                 baud = RFCOMM_RPN_BR_19200;
 
 857                 baud = RFCOMM_RPN_BR_38400;
 
 860                 baud = RFCOMM_RPN_BR_57600;
 
 863                 baud = RFCOMM_RPN_BR_115200;
 
 866                 baud = RFCOMM_RPN_BR_230400;
 
 869                 /* 9600 is standard accordinag to the RFCOMM specification */
 
 870                 baud = RFCOMM_RPN_BR_9600;
 
 876                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
 
 877                                 data_bits, stop_bits, parity,
 
 878                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
 
 883 static void rfcomm_tty_throttle(struct tty_struct *tty)
 
 885         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 887         BT_DBG("tty %p dev %p", tty, dev);
 
 889         rfcomm_dlc_throttle(dev->dlc);
 
 892 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
 
 894         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 896         BT_DBG("tty %p dev %p", tty, dev);
 
 898         rfcomm_dlc_unthrottle(dev->dlc);
 
 901 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
 
 903         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 904         struct rfcomm_dlc *dlc = dev->dlc;
 
 906         BT_DBG("tty %p dev %p", tty, dev);
 
 908         if (!skb_queue_empty(&dlc->tx_queue))
 
 914 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
 
 916         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 920         BT_DBG("tty %p dev %p", tty, dev);
 
 922         skb_queue_purge(&dev->dlc->tx_queue);
 
 924         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
 
 925                 tty->ldisc.write_wakeup(tty);
 
 928 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
 
 930         BT_DBG("tty %p ch %c", tty, ch);
 
 933 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
 
 935         BT_DBG("tty %p timeout %d", tty, timeout);
 
 938 static void rfcomm_tty_hangup(struct tty_struct *tty)
 
 940         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 944         BT_DBG("tty %p dev %p", tty, dev);
 
 946         rfcomm_tty_flush_buffer(tty);
 
 948         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
 
 952 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
 
 957 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
 
 959         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 961         BT_DBG("tty %p dev %p", tty, dev);
 
 963         return dev->modem_status;
 
 966 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
 
 968         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 
 969         struct rfcomm_dlc *dlc = dev->dlc;
 
 972         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
 
 974         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
 
 976         if (set & TIOCM_DSR || set & TIOCM_DTR)
 
 977                 v24_sig |= RFCOMM_V24_RTC;
 
 978         if (set & TIOCM_RTS || set & TIOCM_CTS)
 
 979                 v24_sig |= RFCOMM_V24_RTR;
 
 981                 v24_sig |= RFCOMM_V24_IC;
 
 983                 v24_sig |= RFCOMM_V24_DV;
 
 985         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
 
 986                 v24_sig &= ~RFCOMM_V24_RTC;
 
 987         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
 
 988                 v24_sig &= ~RFCOMM_V24_RTR;
 
 989         if (clear & TIOCM_RI)
 
 990                 v24_sig &= ~RFCOMM_V24_IC;
 
 991         if (clear & TIOCM_CD)
 
 992                 v24_sig &= ~RFCOMM_V24_DV;
 
 994         rfcomm_dlc_set_modem_status(dlc, v24_sig);
 
 999 /* ---- TTY structure ---- */
 
1001 static struct tty_operations rfcomm_ops = {
 
1002         .open                   = rfcomm_tty_open,
 
1003         .close                  = rfcomm_tty_close,
 
1004         .write                  = rfcomm_tty_write,
 
1005         .write_room             = rfcomm_tty_write_room,
 
1006         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
 
1007         .flush_buffer           = rfcomm_tty_flush_buffer,
 
1008         .ioctl                  = rfcomm_tty_ioctl,
 
1009         .throttle               = rfcomm_tty_throttle,
 
1010         .unthrottle             = rfcomm_tty_unthrottle,
 
1011         .set_termios            = rfcomm_tty_set_termios,
 
1012         .send_xchar             = rfcomm_tty_send_xchar,
 
1013         .hangup                 = rfcomm_tty_hangup,
 
1014         .wait_until_sent        = rfcomm_tty_wait_until_sent,
 
1015         .read_proc              = rfcomm_tty_read_proc,
 
1016         .tiocmget               = rfcomm_tty_tiocmget,
 
1017         .tiocmset               = rfcomm_tty_tiocmset,
 
1020 int rfcomm_init_ttys(void)
 
1022         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
 
1023         if (!rfcomm_tty_driver)
 
1026         rfcomm_tty_driver->owner        = THIS_MODULE;
 
1027         rfcomm_tty_driver->driver_name  = "rfcomm";
 
1028         rfcomm_tty_driver->devfs_name   = "bluetooth/rfcomm/";
 
1029         rfcomm_tty_driver->name         = "rfcomm";
 
1030         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
 
1031         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
 
1032         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
 
1033         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
 
1034         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_NO_DEVFS;
 
1035         rfcomm_tty_driver->init_termios = tty_std_termios;
 
1036         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
 
1037         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
 
1039         if (tty_register_driver(rfcomm_tty_driver)) {
 
1040                 BT_ERR("Can't register RFCOMM TTY driver");
 
1041                 put_tty_driver(rfcomm_tty_driver);
 
1045         BT_INFO("RFCOMM TTY layer initialized");
 
1050 void rfcomm_cleanup_ttys(void)
 
1052         tty_unregister_driver(rfcomm_tty_driver);
 
1053         put_tty_driver(rfcomm_tty_driver);