Merge branches 'release', 'bugzilla-6217', 'bugzilla-6629', 'bugzilla-6933', 'bugzill...
[linux-2.6] / net / bluetooth / rfcomm / tty.c
1 /*
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  *
27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28  */
29
30 #include <linux/module.h>
31
32 #include <linux/tty.h>
33 #include <linux/tty_driver.h>
34 #include <linux/tty_flip.h>
35
36 #include <linux/capability.h>
37 #include <linux/slab.h>
38 #include <linux/skbuff.h>
39
40 #include <net/bluetooth/bluetooth.h>
41 #include <net/bluetooth/hci_core.h>
42 #include <net/bluetooth/rfcomm.h>
43
44 #ifndef CONFIG_BT_RFCOMM_DEBUG
45 #undef  BT_DBG
46 #define BT_DBG(D...)
47 #endif
48
49 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
51 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
52 #define RFCOMM_TTY_MINOR 0
53
54 static struct tty_driver *rfcomm_tty_driver;
55
56 struct rfcomm_dev {
57         struct list_head        list;
58         atomic_t                refcnt;
59
60         char                    name[12];
61         int                     id;
62         unsigned long           flags;
63         int                     opened;
64         int                     err;
65
66         bdaddr_t                src;
67         bdaddr_t                dst;
68         u8                      channel;
69
70         uint                    modem_status;
71
72         struct rfcomm_dlc       *dlc;
73         struct tty_struct       *tty;
74         wait_queue_head_t       wait;
75         struct tasklet_struct   wakeup_task;
76
77         struct device           *tty_dev;
78
79         atomic_t                wmem_alloc;
80 };
81
82 static LIST_HEAD(rfcomm_dev_list);
83 static DEFINE_RWLOCK(rfcomm_dev_lock);
84
85 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
86 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
87 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
88
89 static void rfcomm_tty_wakeup(unsigned long arg);
90
91 /* ---- Device functions ---- */
92 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
93 {
94         struct rfcomm_dlc *dlc = dev->dlc;
95
96         BT_DBG("dev %p dlc %p", dev, dlc);
97
98         /* Refcount should only hit zero when called from rfcomm_dev_del()
99            which will have taken us off the list. Everything else are
100            refcounting bugs. */
101         BUG_ON(!list_empty(&dev->list));
102
103         rfcomm_dlc_lock(dlc);
104         /* Detach DLC if it's owned by this dev */
105         if (dlc->owner == dev)
106                 dlc->owner = NULL;
107         rfcomm_dlc_unlock(dlc);
108
109         rfcomm_dlc_put(dlc);
110
111         tty_unregister_device(rfcomm_tty_driver, dev->id);
112
113         kfree(dev);
114
115         /* It's safe to call module_put() here because socket still
116            holds reference to this module. */
117         module_put(THIS_MODULE);
118 }
119
120 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
121 {
122         atomic_inc(&dev->refcnt);
123 }
124
125 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
126 {
127         /* The reason this isn't actually a race, as you no
128            doubt have a little voice screaming at you in your
129            head, is that the refcount should never actually
130            reach zero unless the device has already been taken
131            off the list, in rfcomm_dev_del(). And if that's not
132            true, we'll hit the BUG() in rfcomm_dev_destruct()
133            anyway. */
134         if (atomic_dec_and_test(&dev->refcnt))
135                 rfcomm_dev_destruct(dev);
136 }
137
138 static struct rfcomm_dev *__rfcomm_dev_get(int id)
139 {
140         struct rfcomm_dev *dev;
141         struct list_head  *p;
142
143         list_for_each(p, &rfcomm_dev_list) {
144                 dev = list_entry(p, struct rfcomm_dev, list);
145                 if (dev->id == id)
146                         return dev;
147         }
148
149         return NULL;
150 }
151
152 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
153 {
154         struct rfcomm_dev *dev;
155
156         read_lock(&rfcomm_dev_lock);
157
158         dev = __rfcomm_dev_get(id);
159
160         if (dev) {
161                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
162                         dev = NULL;
163                 else
164                         rfcomm_dev_hold(dev);
165         }
166
167         read_unlock(&rfcomm_dev_lock);
168
169         return dev;
170 }
171
172 static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
173 {
174         struct hci_dev *hdev;
175         struct hci_conn *conn;
176
177         hdev = hci_get_route(&dev->dst, &dev->src);
178         if (!hdev)
179                 return NULL;
180
181         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
182
183         hci_dev_put(hdev);
184
185         return conn ? &conn->dev : NULL;
186 }
187
188 static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
189 {
190         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
191         bdaddr_t bdaddr;
192         baswap(&bdaddr, &dev->dst);
193         return sprintf(buf, "%s\n", batostr(&bdaddr));
194 }
195
196 static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
197 {
198         struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
199         return sprintf(buf, "%d\n", dev->channel);
200 }
201
202 static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
203 static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
204
205 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
206 {
207         struct rfcomm_dev *dev;
208         struct list_head *head = &rfcomm_dev_list, *p;
209         int err = 0;
210
211         BT_DBG("id %d channel %d", req->dev_id, req->channel);
212
213         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
214         if (!dev)
215                 return -ENOMEM;
216
217         write_lock_bh(&rfcomm_dev_lock);
218
219         if (req->dev_id < 0) {
220                 dev->id = 0;
221
222                 list_for_each(p, &rfcomm_dev_list) {
223                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
224                                 break;
225
226                         dev->id++;
227                         head = p;
228                 }
229         } else {
230                 dev->id = req->dev_id;
231
232                 list_for_each(p, &rfcomm_dev_list) {
233                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
234
235                         if (entry->id == dev->id) {
236                                 err = -EADDRINUSE;
237                                 goto out;
238                         }
239
240                         if (entry->id > dev->id - 1)
241                                 break;
242
243                         head = p;
244                 }
245         }
246
247         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
248                 err = -ENFILE;
249                 goto out;
250         }
251
252         sprintf(dev->name, "rfcomm%d", dev->id);
253
254         list_add(&dev->list, head);
255         atomic_set(&dev->refcnt, 1);
256
257         bacpy(&dev->src, &req->src);
258         bacpy(&dev->dst, &req->dst);
259         dev->channel = req->channel;
260
261         dev->flags = req->flags &
262                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
263
264         init_waitqueue_head(&dev->wait);
265         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
266
267         rfcomm_dlc_lock(dlc);
268         dlc->data_ready   = rfcomm_dev_data_ready;
269         dlc->state_change = rfcomm_dev_state_change;
270         dlc->modem_status = rfcomm_dev_modem_status;
271
272         dlc->owner = dev;
273         dev->dlc   = dlc;
274         rfcomm_dlc_unlock(dlc);
275
276         /* It's safe to call __module_get() here because socket already
277            holds reference to this module. */
278         __module_get(THIS_MODULE);
279
280 out:
281         write_unlock_bh(&rfcomm_dev_lock);
282
283         if (err < 0) {
284                 kfree(dev);
285                 return err;
286         }
287
288         dev->tty_dev = tty_register_device(rfcomm_tty_driver, dev->id, NULL);
289
290         if (IS_ERR(dev->tty_dev)) {
291                 err = PTR_ERR(dev->tty_dev);
292                 list_del(&dev->list);
293                 kfree(dev);
294                 return err;
295         }
296
297         dev_set_drvdata(dev->tty_dev, dev);
298
299         if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
300                 BT_ERR("Failed to create address attribute");
301
302         if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
303                 BT_ERR("Failed to create channel attribute");
304
305         return dev->id;
306 }
307
308 static void rfcomm_dev_del(struct rfcomm_dev *dev)
309 {
310         BT_DBG("dev %p", dev);
311
312         if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
313                 BUG_ON(1);
314         else
315                 set_bit(RFCOMM_TTY_RELEASED, &dev->flags);
316
317         write_lock_bh(&rfcomm_dev_lock);
318         list_del_init(&dev->list);
319         write_unlock_bh(&rfcomm_dev_lock);
320
321         rfcomm_dev_put(dev);
322 }
323
324 /* ---- Send buffer ---- */
325 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
326 {
327         /* We can't let it be zero, because we don't get a callback
328            when tx_credits becomes nonzero, hence we'd never wake up */
329         return dlc->mtu * (dlc->tx_credits?:1);
330 }
331
332 static void rfcomm_wfree(struct sk_buff *skb)
333 {
334         struct rfcomm_dev *dev = (void *) skb->sk;
335         atomic_sub(skb->truesize, &dev->wmem_alloc);
336         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
337                 tasklet_schedule(&dev->wakeup_task);
338         rfcomm_dev_put(dev);
339 }
340
341 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
342 {
343         rfcomm_dev_hold(dev);
344         atomic_add(skb->truesize, &dev->wmem_alloc);
345         skb->sk = (void *) dev;
346         skb->destructor = rfcomm_wfree;
347 }
348
349 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
350 {
351         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
352                 struct sk_buff *skb = alloc_skb(size, priority);
353                 if (skb) {
354                         rfcomm_set_owner_w(skb, dev);
355                         return skb;
356                 }
357         }
358         return NULL;
359 }
360
361 /* ---- Device IOCTLs ---- */
362
363 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
364
365 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
366 {
367         struct rfcomm_dev_req req;
368         struct rfcomm_dlc *dlc;
369         int id;
370
371         if (copy_from_user(&req, arg, sizeof(req)))
372                 return -EFAULT;
373
374         BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
375
376         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
377                 return -EPERM;
378
379         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
380                 /* Socket must be connected */
381                 if (sk->sk_state != BT_CONNECTED)
382                         return -EBADFD;
383
384                 dlc = rfcomm_pi(sk)->dlc;
385                 rfcomm_dlc_hold(dlc);
386         } else {
387                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
388                 if (!dlc)
389                         return -ENOMEM;
390         }
391
392         id = rfcomm_dev_add(&req, dlc);
393         if (id < 0) {
394                 rfcomm_dlc_put(dlc);
395                 return id;
396         }
397
398         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
399                 /* DLC is now used by device.
400                  * Socket must be disconnected */
401                 sk->sk_state = BT_CLOSED;
402         }
403
404         return id;
405 }
406
407 static int rfcomm_release_dev(void __user *arg)
408 {
409         struct rfcomm_dev_req req;
410         struct rfcomm_dev *dev;
411
412         if (copy_from_user(&req, arg, sizeof(req)))
413                 return -EFAULT;
414
415         BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
416
417         if (!(dev = rfcomm_dev_get(req.dev_id)))
418                 return -ENODEV;
419
420         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
421                 rfcomm_dev_put(dev);
422                 return -EPERM;
423         }
424
425         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
426                 rfcomm_dlc_close(dev->dlc, 0);
427
428         /* Shut down TTY synchronously before freeing rfcomm_dev */
429         if (dev->tty)
430                 tty_vhangup(dev->tty);
431
432         if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
433                 rfcomm_dev_del(dev);
434         rfcomm_dev_put(dev);
435         return 0;
436 }
437
438 static int rfcomm_get_dev_list(void __user *arg)
439 {
440         struct rfcomm_dev_list_req *dl;
441         struct rfcomm_dev_info *di;
442         struct list_head *p;
443         int n = 0, size, err;
444         u16 dev_num;
445
446         BT_DBG("");
447
448         if (get_user(dev_num, (u16 __user *) arg))
449                 return -EFAULT;
450
451         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
452                 return -EINVAL;
453
454         size = sizeof(*dl) + dev_num * sizeof(*di);
455
456         if (!(dl = kmalloc(size, GFP_KERNEL)))
457                 return -ENOMEM;
458
459         di = dl->dev_info;
460
461         read_lock_bh(&rfcomm_dev_lock);
462
463         list_for_each(p, &rfcomm_dev_list) {
464                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
465                 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
466                         continue;
467                 (di + n)->id      = dev->id;
468                 (di + n)->flags   = dev->flags;
469                 (di + n)->state   = dev->dlc->state;
470                 (di + n)->channel = dev->channel;
471                 bacpy(&(di + n)->src, &dev->src);
472                 bacpy(&(di + n)->dst, &dev->dst);
473                 if (++n >= dev_num)
474                         break;
475         }
476
477         read_unlock_bh(&rfcomm_dev_lock);
478
479         dl->dev_num = n;
480         size = sizeof(*dl) + n * sizeof(*di);
481
482         err = copy_to_user(arg, dl, size);
483         kfree(dl);
484
485         return err ? -EFAULT : 0;
486 }
487
488 static int rfcomm_get_dev_info(void __user *arg)
489 {
490         struct rfcomm_dev *dev;
491         struct rfcomm_dev_info di;
492         int err = 0;
493
494         BT_DBG("");
495
496         if (copy_from_user(&di, arg, sizeof(di)))
497                 return -EFAULT;
498
499         if (!(dev = rfcomm_dev_get(di.id)))
500                 return -ENODEV;
501
502         di.flags   = dev->flags;
503         di.channel = dev->channel;
504         di.state   = dev->dlc->state;
505         bacpy(&di.src, &dev->src);
506         bacpy(&di.dst, &dev->dst);
507
508         if (copy_to_user(arg, &di, sizeof(di)))
509                 err = -EFAULT;
510
511         rfcomm_dev_put(dev);
512         return err;
513 }
514
515 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
516 {
517         BT_DBG("cmd %d arg %p", cmd, arg);
518
519         switch (cmd) {
520         case RFCOMMCREATEDEV:
521                 return rfcomm_create_dev(sk, arg);
522
523         case RFCOMMRELEASEDEV:
524                 return rfcomm_release_dev(arg);
525
526         case RFCOMMGETDEVLIST:
527                 return rfcomm_get_dev_list(arg);
528
529         case RFCOMMGETDEVINFO:
530                 return rfcomm_get_dev_info(arg);
531         }
532
533         return -EINVAL;
534 }
535
536 /* ---- DLC callbacks ---- */
537 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
538 {
539         struct rfcomm_dev *dev = dlc->owner;
540         struct tty_struct *tty;
541
542         if (!dev || !(tty = dev->tty)) {
543                 kfree_skb(skb);
544                 return;
545         }
546
547         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
548
549         tty_insert_flip_string(tty, skb->data, skb->len);
550         tty_flip_buffer_push(tty);
551
552         kfree_skb(skb);
553 }
554
555 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
556 {
557         struct rfcomm_dev *dev = dlc->owner;
558         if (!dev)
559                 return;
560
561         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
562
563         dev->err = err;
564         wake_up_interruptible(&dev->wait);
565
566         if (dlc->state == BT_CLOSED) {
567                 if (!dev->tty) {
568                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
569                                 if (rfcomm_dev_get(dev->id) == NULL)
570                                         return;
571
572                                 rfcomm_dev_del(dev);
573                                 /* We have to drop DLC lock here, otherwise
574                                    rfcomm_dev_put() will dead lock if it's
575                                    the last reference. */
576                                 rfcomm_dlc_unlock(dlc);
577                                 rfcomm_dev_put(dev);
578                                 rfcomm_dlc_lock(dlc);
579                         }
580                 } else
581                         tty_hangup(dev->tty);
582         }
583 }
584
585 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
586 {
587         struct rfcomm_dev *dev = dlc->owner;
588         if (!dev)
589                 return;
590
591         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
592
593         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
594                 if (dev->tty && !C_CLOCAL(dev->tty))
595                         tty_hangup(dev->tty);
596         }
597
598         dev->modem_status =
599                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
600                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
601                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
602                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
603 }
604
605 /* ---- TTY functions ---- */
606 static void rfcomm_tty_wakeup(unsigned long arg)
607 {
608         struct rfcomm_dev *dev = (void *) arg;
609         struct tty_struct *tty = dev->tty;
610         if (!tty)
611                 return;
612
613         BT_DBG("dev %p tty %p", dev, tty);
614
615         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
616                 (tty->ldisc.write_wakeup)(tty);
617
618         wake_up_interruptible(&tty->write_wait);
619 #ifdef SERIAL_HAVE_POLL_WAIT
620         wake_up_interruptible(&tty->poll_wait);
621 #endif
622 }
623
624 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
625 {
626         DECLARE_WAITQUEUE(wait, current);
627         struct rfcomm_dev *dev;
628         struct rfcomm_dlc *dlc;
629         int err, id;
630
631         id = tty->index;
632
633         BT_DBG("tty %p id %d", tty, id);
634
635         /* We don't leak this refcount. For reasons which are not entirely
636            clear, the TTY layer will call our ->close() method even if the
637            open fails. We decrease the refcount there, and decreasing it
638            here too would cause breakage. */
639         dev = rfcomm_dev_get(id);
640         if (!dev)
641                 return -ENODEV;
642
643         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
644
645         if (dev->opened++ != 0)
646                 return 0;
647
648         dlc = dev->dlc;
649
650         /* Attach TTY and open DLC */
651
652         rfcomm_dlc_lock(dlc);
653         tty->driver_data = dev;
654         dev->tty = tty;
655         rfcomm_dlc_unlock(dlc);
656         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
657
658         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
659         if (err < 0)
660                 return err;
661
662         /* Wait for DLC to connect */
663         add_wait_queue(&dev->wait, &wait);
664         while (1) {
665                 set_current_state(TASK_INTERRUPTIBLE);
666
667                 if (dlc->state == BT_CLOSED) {
668                         err = -dev->err;
669                         break;
670                 }
671
672                 if (dlc->state == BT_CONNECTED)
673                         break;
674
675                 if (signal_pending(current)) {
676                         err = -EINTR;
677                         break;
678                 }
679
680                 schedule();
681         }
682         set_current_state(TASK_RUNNING);
683         remove_wait_queue(&dev->wait, &wait);
684
685         if (err == 0)
686                 device_move(dev->tty_dev, rfcomm_get_device(dev));
687
688         return err;
689 }
690
691 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
692 {
693         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
694         if (!dev)
695                 return;
696
697         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
698
699         if (--dev->opened == 0) {
700                 if (dev->tty_dev->parent)
701                         device_move(dev->tty_dev, NULL);
702
703                 /* Close DLC and dettach TTY */
704                 rfcomm_dlc_close(dev->dlc, 0);
705
706                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
707                 tasklet_kill(&dev->wakeup_task);
708
709                 rfcomm_dlc_lock(dev->dlc);
710                 tty->driver_data = NULL;
711                 dev->tty = NULL;
712                 rfcomm_dlc_unlock(dev->dlc);
713         }
714
715         rfcomm_dev_put(dev);
716 }
717
718 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
719 {
720         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
721         struct rfcomm_dlc *dlc = dev->dlc;
722         struct sk_buff *skb;
723         int err = 0, sent = 0, size;
724
725         BT_DBG("tty %p count %d", tty, count);
726
727         while (count) {
728                 size = min_t(uint, count, dlc->mtu);
729
730                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
731
732                 if (!skb)
733                         break;
734
735                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
736
737                 memcpy(skb_put(skb, size), buf + sent, size);
738
739                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
740                         kfree_skb(skb);
741                         break;
742                 }
743
744                 sent  += size;
745                 count -= size;
746         }
747
748         return sent ? sent : err;
749 }
750
751 static int rfcomm_tty_write_room(struct tty_struct *tty)
752 {
753         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
754         int room;
755
756         BT_DBG("tty %p", tty);
757
758         if (!dev || !dev->dlc)
759                 return 0;
760
761         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
762         if (room < 0)
763                 room = 0;
764
765         return room;
766 }
767
768 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
769 {
770         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
771
772         switch (cmd) {
773         case TCGETS:
774                 BT_DBG("TCGETS is not supported");
775                 return -ENOIOCTLCMD;
776
777         case TCSETS:
778                 BT_DBG("TCSETS is not supported");
779                 return -ENOIOCTLCMD;
780
781         case TIOCMIWAIT:
782                 BT_DBG("TIOCMIWAIT");
783                 break;
784
785         case TIOCGICOUNT:
786                 BT_DBG("TIOCGICOUNT");
787                 break;
788
789         case TIOCGSERIAL:
790                 BT_ERR("TIOCGSERIAL is not supported");
791                 return -ENOIOCTLCMD;
792
793         case TIOCSSERIAL:
794                 BT_ERR("TIOCSSERIAL is not supported");
795                 return -ENOIOCTLCMD;
796
797         case TIOCSERGSTRUCT:
798                 BT_ERR("TIOCSERGSTRUCT is not supported");
799                 return -ENOIOCTLCMD;
800
801         case TIOCSERGETLSR:
802                 BT_ERR("TIOCSERGETLSR is not supported");
803                 return -ENOIOCTLCMD;
804
805         case TIOCSERCONFIG:
806                 BT_ERR("TIOCSERCONFIG is not supported");
807                 return -ENOIOCTLCMD;
808
809         default:
810                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
811
812         }
813
814         return -ENOIOCTLCMD;
815 }
816
817 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
818 {
819         struct ktermios *new = tty->termios;
820         int old_baud_rate = tty_termios_baud_rate(old);
821         int new_baud_rate = tty_termios_baud_rate(new);
822
823         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
824         u16 changes = 0;
825
826         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
827
828         BT_DBG("tty %p termios %p", tty, old);
829
830         if (!dev || !dev->dlc || !dev->dlc->session)
831                 return;
832
833         /* Handle turning off CRTSCTS */
834         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS))
835                 BT_DBG("Turning off CRTSCTS unsupported");
836
837         /* Parity on/off and when on, odd/even */
838         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
839                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
840                 changes |= RFCOMM_RPN_PM_PARITY;
841                 BT_DBG("Parity change detected.");
842         }
843
844         /* Mark and space parity are not supported! */
845         if (new->c_cflag & PARENB) {
846                 if (new->c_cflag & PARODD) {
847                         BT_DBG("Parity is ODD");
848                         parity = RFCOMM_RPN_PARITY_ODD;
849                 } else {
850                         BT_DBG("Parity is EVEN");
851                         parity = RFCOMM_RPN_PARITY_EVEN;
852                 }
853         } else {
854                 BT_DBG("Parity is OFF");
855                 parity = RFCOMM_RPN_PARITY_NONE;
856         }
857
858         /* Setting the x_on / x_off characters */
859         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
860                 BT_DBG("XOFF custom");
861                 x_on = new->c_cc[VSTOP];
862                 changes |= RFCOMM_RPN_PM_XON;
863         } else {
864                 BT_DBG("XOFF default");
865                 x_on = RFCOMM_RPN_XON_CHAR;
866         }
867
868         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
869                 BT_DBG("XON custom");
870                 x_off = new->c_cc[VSTART];
871                 changes |= RFCOMM_RPN_PM_XOFF;
872         } else {
873                 BT_DBG("XON default");
874                 x_off = RFCOMM_RPN_XOFF_CHAR;
875         }
876
877         /* Handle setting of stop bits */
878         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
879                 changes |= RFCOMM_RPN_PM_STOP;
880
881         /* POSIX does not support 1.5 stop bits and RFCOMM does not
882          * support 2 stop bits. So a request for 2 stop bits gets
883          * translated to 1.5 stop bits */
884         if (new->c_cflag & CSTOPB) {
885                 stop_bits = RFCOMM_RPN_STOP_15;
886         } else {
887                 stop_bits = RFCOMM_RPN_STOP_1;
888         }
889
890         /* Handle number of data bits [5-8] */
891         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE))
892                 changes |= RFCOMM_RPN_PM_DATA;
893
894         switch (new->c_cflag & CSIZE) {
895         case CS5:
896                 data_bits = RFCOMM_RPN_DATA_5;
897                 break;
898         case CS6:
899                 data_bits = RFCOMM_RPN_DATA_6;
900                 break;
901         case CS7:
902                 data_bits = RFCOMM_RPN_DATA_7;
903                 break;
904         case CS8:
905                 data_bits = RFCOMM_RPN_DATA_8;
906                 break;
907         default:
908                 data_bits = RFCOMM_RPN_DATA_8;
909                 break;
910         }
911
912         /* Handle baudrate settings */
913         if (old_baud_rate != new_baud_rate)
914                 changes |= RFCOMM_RPN_PM_BITRATE;
915
916         switch (new_baud_rate) {
917         case 2400:
918                 baud = RFCOMM_RPN_BR_2400;
919                 break;
920         case 4800:
921                 baud = RFCOMM_RPN_BR_4800;
922                 break;
923         case 7200:
924                 baud = RFCOMM_RPN_BR_7200;
925                 break;
926         case 9600:
927                 baud = RFCOMM_RPN_BR_9600;
928                 break;
929         case 19200:
930                 baud = RFCOMM_RPN_BR_19200;
931                 break;
932         case 38400:
933                 baud = RFCOMM_RPN_BR_38400;
934                 break;
935         case 57600:
936                 baud = RFCOMM_RPN_BR_57600;
937                 break;
938         case 115200:
939                 baud = RFCOMM_RPN_BR_115200;
940                 break;
941         case 230400:
942                 baud = RFCOMM_RPN_BR_230400;
943                 break;
944         default:
945                 /* 9600 is standard accordinag to the RFCOMM specification */
946                 baud = RFCOMM_RPN_BR_9600;
947                 break;
948
949         }
950
951         if (changes)
952                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
953                                 data_bits, stop_bits, parity,
954                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
955
956         return;
957 }
958
959 static void rfcomm_tty_throttle(struct tty_struct *tty)
960 {
961         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
962
963         BT_DBG("tty %p dev %p", tty, dev);
964
965         rfcomm_dlc_throttle(dev->dlc);
966 }
967
968 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
969 {
970         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
971
972         BT_DBG("tty %p dev %p", tty, dev);
973
974         rfcomm_dlc_unthrottle(dev->dlc);
975 }
976
977 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
978 {
979         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
980
981         BT_DBG("tty %p dev %p", tty, dev);
982
983         if (!dev || !dev->dlc)
984                 return 0;
985
986         if (!skb_queue_empty(&dev->dlc->tx_queue))
987                 return dev->dlc->mtu;
988
989         return 0;
990 }
991
992 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
993 {
994         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
995
996         BT_DBG("tty %p dev %p", tty, dev);
997
998         if (!dev || !dev->dlc)
999                 return;
1000
1001         skb_queue_purge(&dev->dlc->tx_queue);
1002
1003         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
1004                 tty->ldisc.write_wakeup(tty);
1005 }
1006
1007 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
1008 {
1009         BT_DBG("tty %p ch %c", tty, ch);
1010 }
1011
1012 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
1013 {
1014         BT_DBG("tty %p timeout %d", tty, timeout);
1015 }
1016
1017 static void rfcomm_tty_hangup(struct tty_struct *tty)
1018 {
1019         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1020
1021         BT_DBG("tty %p dev %p", tty, dev);
1022
1023         if (!dev)
1024                 return;
1025
1026         rfcomm_tty_flush_buffer(tty);
1027
1028         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
1029                 if (rfcomm_dev_get(dev->id) == NULL)
1030                         return;
1031                 rfcomm_dev_del(dev);
1032                 rfcomm_dev_put(dev);
1033         }
1034 }
1035
1036 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
1037 {
1038         return 0;
1039 }
1040
1041 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
1042 {
1043         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1044
1045         BT_DBG("tty %p dev %p", tty, dev);
1046
1047         return dev->modem_status;
1048 }
1049
1050 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
1051 {
1052         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
1053         struct rfcomm_dlc *dlc = dev->dlc;
1054         u8 v24_sig;
1055
1056         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
1057
1058         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
1059
1060         if (set & TIOCM_DSR || set & TIOCM_DTR)
1061                 v24_sig |= RFCOMM_V24_RTC;
1062         if (set & TIOCM_RTS || set & TIOCM_CTS)
1063                 v24_sig |= RFCOMM_V24_RTR;
1064         if (set & TIOCM_RI)
1065                 v24_sig |= RFCOMM_V24_IC;
1066         if (set & TIOCM_CD)
1067                 v24_sig |= RFCOMM_V24_DV;
1068
1069         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
1070                 v24_sig &= ~RFCOMM_V24_RTC;
1071         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
1072                 v24_sig &= ~RFCOMM_V24_RTR;
1073         if (clear & TIOCM_RI)
1074                 v24_sig &= ~RFCOMM_V24_IC;
1075         if (clear & TIOCM_CD)
1076                 v24_sig &= ~RFCOMM_V24_DV;
1077
1078         rfcomm_dlc_set_modem_status(dlc, v24_sig);
1079
1080         return 0;
1081 }
1082
1083 /* ---- TTY structure ---- */
1084
1085 static const struct tty_operations rfcomm_ops = {
1086         .open                   = rfcomm_tty_open,
1087         .close                  = rfcomm_tty_close,
1088         .write                  = rfcomm_tty_write,
1089         .write_room             = rfcomm_tty_write_room,
1090         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1091         .flush_buffer           = rfcomm_tty_flush_buffer,
1092         .ioctl                  = rfcomm_tty_ioctl,
1093         .throttle               = rfcomm_tty_throttle,
1094         .unthrottle             = rfcomm_tty_unthrottle,
1095         .set_termios            = rfcomm_tty_set_termios,
1096         .send_xchar             = rfcomm_tty_send_xchar,
1097         .hangup                 = rfcomm_tty_hangup,
1098         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1099         .read_proc              = rfcomm_tty_read_proc,
1100         .tiocmget               = rfcomm_tty_tiocmget,
1101         .tiocmset               = rfcomm_tty_tiocmset,
1102 };
1103
1104 int rfcomm_init_ttys(void)
1105 {
1106         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1107         if (!rfcomm_tty_driver)
1108                 return -1;
1109
1110         rfcomm_tty_driver->owner        = THIS_MODULE;
1111         rfcomm_tty_driver->driver_name  = "rfcomm";
1112         rfcomm_tty_driver->name         = "rfcomm";
1113         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1114         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1115         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1116         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1117         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1118         rfcomm_tty_driver->init_termios = tty_std_termios;
1119         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1120         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1121
1122         if (tty_register_driver(rfcomm_tty_driver)) {
1123                 BT_ERR("Can't register RFCOMM TTY driver");
1124                 put_tty_driver(rfcomm_tty_driver);
1125                 return -1;
1126         }
1127
1128         BT_INFO("RFCOMM TTY layer initialized");
1129
1130         return 0;
1131 }
1132
1133 void rfcomm_cleanup_ttys(void)
1134 {
1135         tty_unregister_driver(rfcomm_tty_driver);
1136         put_tty_driver(rfcomm_tty_driver);
1137 }