Merge branch 'upstream-fixes' into upstream
[linux-2.6] / net / bluetooth / rfcomm / tty.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  *
27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28  */
29
30 #include <linux/config.h>
31 #include <linux/module.h>
32
33 #include <linux/tty.h>
34 #include <linux/tty_driver.h>
35 #include <linux/tty_flip.h>
36
37 #include <linux/capability.h>
38 #include <linux/slab.h>
39 #include <linux/skbuff.h>
40
41 #include <net/bluetooth/bluetooth.h>
42 #include <net/bluetooth/rfcomm.h>
43
44 #ifndef CONFIG_BT_RFCOMM_DEBUG
45 #undef  BT_DBG
46 #define BT_DBG(D...)
47 #endif
48
49 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
50 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
51 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
52 #define RFCOMM_TTY_MINOR 0
53
54 static struct tty_driver *rfcomm_tty_driver;
55
56 struct rfcomm_dev {
57         struct list_head        list;
58         atomic_t                refcnt;
59
60         char                    name[12];
61         int                     id;
62         unsigned long           flags;
63         int                     opened;
64         int                     err;
65
66         bdaddr_t                src;
67         bdaddr_t                dst;
68         u8                      channel;
69
70         uint                    modem_status;
71
72         struct rfcomm_dlc       *dlc;
73         struct tty_struct       *tty;
74         wait_queue_head_t       wait;
75         struct tasklet_struct   wakeup_task;
76
77         atomic_t                wmem_alloc;
78 };
79
80 static LIST_HEAD(rfcomm_dev_list);
81 static DEFINE_RWLOCK(rfcomm_dev_lock);
82
83 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
84 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
85 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
86
87 static void rfcomm_tty_wakeup(unsigned long arg);
88
89 /* ---- Device functions ---- */
90 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
91 {
92         struct rfcomm_dlc *dlc = dev->dlc;
93
94         BT_DBG("dev %p dlc %p", dev, dlc);
95
96         rfcomm_dlc_lock(dlc);
97         /* Detach DLC if it's owned by this dev */
98         if (dlc->owner == dev)
99                 dlc->owner = NULL;
100         rfcomm_dlc_unlock(dlc);
101
102         rfcomm_dlc_put(dlc);
103
104         tty_unregister_device(rfcomm_tty_driver, dev->id);
105
106         /* Refcount should only hit zero when called from rfcomm_dev_del()
107            which will have taken us off the list. Everything else are
108            refcounting bugs. */
109         BUG_ON(!list_empty(&dev->list));
110
111         kfree(dev);
112
113         /* It's safe to call module_put() here because socket still 
114            holds reference to this module. */
115         module_put(THIS_MODULE);
116 }
117
118 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
119 {
120         atomic_inc(&dev->refcnt);
121 }
122
123 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
124 {
125         /* The reason this isn't actually a race, as you no
126            doubt have a little voice screaming at you in your
127            head, is that the refcount should never actually
128            reach zero unless the device has already been taken
129            off the list, in rfcomm_dev_del(). And if that's not
130            true, we'll hit the BUG() in rfcomm_dev_destruct()
131            anyway. */
132         if (atomic_dec_and_test(&dev->refcnt))
133                 rfcomm_dev_destruct(dev);
134 }
135
136 static struct rfcomm_dev *__rfcomm_dev_get(int id)
137 {
138         struct rfcomm_dev *dev;
139         struct list_head  *p;
140
141         list_for_each(p, &rfcomm_dev_list) {
142                 dev = list_entry(p, struct rfcomm_dev, list);
143                 if (dev->id == id)
144                         return dev;
145         }
146
147         return NULL;
148 }
149
150 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
151 {
152         struct rfcomm_dev *dev;
153
154         read_lock(&rfcomm_dev_lock);
155
156         dev = __rfcomm_dev_get(id);
157         if (dev)
158                 rfcomm_dev_hold(dev);
159
160         read_unlock(&rfcomm_dev_lock);
161
162         return dev;
163 }
164
165 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
166 {
167         struct rfcomm_dev *dev;
168         struct list_head *head = &rfcomm_dev_list, *p;
169         int err = 0;
170
171         BT_DBG("id %d channel %d", req->dev_id, req->channel);
172         
173         dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
174         if (!dev)
175                 return -ENOMEM;
176         memset(dev, 0, sizeof(struct rfcomm_dev));
177
178         write_lock_bh(&rfcomm_dev_lock);
179
180         if (req->dev_id < 0) {
181                 dev->id = 0;
182
183                 list_for_each(p, &rfcomm_dev_list) {
184                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
185                                 break;
186
187                         dev->id++;
188                         head = p;
189                 }
190         } else {
191                 dev->id = req->dev_id;
192
193                 list_for_each(p, &rfcomm_dev_list) {
194                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
195
196                         if (entry->id == dev->id) {
197                                 err = -EADDRINUSE;
198                                 goto out;
199                         }
200
201                         if (entry->id > dev->id - 1)
202                                 break;
203
204                         head = p;
205                 }
206         }
207
208         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
209                 err = -ENFILE;
210                 goto out;
211         }
212
213         sprintf(dev->name, "rfcomm%d", dev->id);
214
215         list_add(&dev->list, head);
216         atomic_set(&dev->refcnt, 1);
217
218         bacpy(&dev->src, &req->src);
219         bacpy(&dev->dst, &req->dst);
220         dev->channel = req->channel;
221
222         dev->flags = req->flags & 
223                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
224
225         init_waitqueue_head(&dev->wait);
226         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
227
228         rfcomm_dlc_lock(dlc);
229         dlc->data_ready   = rfcomm_dev_data_ready;
230         dlc->state_change = rfcomm_dev_state_change;
231         dlc->modem_status = rfcomm_dev_modem_status;
232
233         dlc->owner = dev;
234         dev->dlc   = dlc;
235         rfcomm_dlc_unlock(dlc);
236
237         /* It's safe to call __module_get() here because socket already 
238            holds reference to this module. */
239         __module_get(THIS_MODULE);
240
241 out:
242         write_unlock_bh(&rfcomm_dev_lock);
243
244         if (err) {
245                 kfree(dev);
246                 return err;
247         }
248
249         tty_register_device(rfcomm_tty_driver, dev->id, NULL);
250
251         return dev->id;
252 }
253
254 static void rfcomm_dev_del(struct rfcomm_dev *dev)
255 {
256         BT_DBG("dev %p", dev);
257
258         write_lock_bh(&rfcomm_dev_lock);
259         list_del_init(&dev->list);
260         write_unlock_bh(&rfcomm_dev_lock);
261
262         rfcomm_dev_put(dev);
263 }
264
265 /* ---- Send buffer ---- */
266 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
267 {
268         /* We can't let it be zero, because we don't get a callback
269            when tx_credits becomes nonzero, hence we'd never wake up */
270         return dlc->mtu * (dlc->tx_credits?:1);
271 }
272
273 static void rfcomm_wfree(struct sk_buff *skb)
274 {
275         struct rfcomm_dev *dev = (void *) skb->sk;
276         atomic_sub(skb->truesize, &dev->wmem_alloc);
277         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
278                 tasklet_schedule(&dev->wakeup_task);
279         rfcomm_dev_put(dev);
280 }
281
282 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
283 {
284         rfcomm_dev_hold(dev);
285         atomic_add(skb->truesize, &dev->wmem_alloc);
286         skb->sk = (void *) dev;
287         skb->destructor = rfcomm_wfree;
288 }
289
290 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
291 {
292         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
293                 struct sk_buff *skb = alloc_skb(size, priority);
294                 if (skb) {
295                         rfcomm_set_owner_w(skb, dev);
296                         return skb;
297                 }
298         }
299         return NULL;
300 }
301
302 /* ---- Device IOCTLs ---- */
303
304 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
305
306 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
307 {
308         struct rfcomm_dev_req req;
309         struct rfcomm_dlc *dlc;
310         int id;
311
312         if (copy_from_user(&req, arg, sizeof(req)))
313                 return -EFAULT;
314
315         BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
316
317         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
318                 return -EPERM;
319
320         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
321                 /* Socket must be connected */
322                 if (sk->sk_state != BT_CONNECTED)
323                         return -EBADFD;
324
325                 dlc = rfcomm_pi(sk)->dlc;
326                 rfcomm_dlc_hold(dlc);
327         } else {
328                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
329                 if (!dlc)
330                         return -ENOMEM;
331         }
332
333         id = rfcomm_dev_add(&req, dlc);
334         if (id < 0) {
335                 rfcomm_dlc_put(dlc);
336                 return id;
337         }
338
339         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
340                 /* DLC is now used by device.
341                  * Socket must be disconnected */
342                 sk->sk_state = BT_CLOSED;
343         }
344
345         return id;
346 }
347
348 static int rfcomm_release_dev(void __user *arg)
349 {
350         struct rfcomm_dev_req req;
351         struct rfcomm_dev *dev;
352
353         if (copy_from_user(&req, arg, sizeof(req)))
354                 return -EFAULT;
355
356         BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
357
358         if (!(dev = rfcomm_dev_get(req.dev_id)))
359                 return -ENODEV;
360
361         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
362                 rfcomm_dev_put(dev);
363                 return -EPERM;
364         }
365
366         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
367                 rfcomm_dlc_close(dev->dlc, 0);
368
369         rfcomm_dev_del(dev);
370         rfcomm_dev_put(dev);
371         return 0;
372 }
373
374 static int rfcomm_get_dev_list(void __user *arg)
375 {
376         struct rfcomm_dev_list_req *dl;
377         struct rfcomm_dev_info *di;
378         struct list_head *p;
379         int n = 0, size, err;
380         u16 dev_num;
381
382         BT_DBG("");
383
384         if (get_user(dev_num, (u16 __user *) arg))
385                 return -EFAULT;
386
387         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
388                 return -EINVAL;
389
390         size = sizeof(*dl) + dev_num * sizeof(*di);
391
392         if (!(dl = kmalloc(size, GFP_KERNEL)))
393                 return -ENOMEM;
394
395         di = dl->dev_info;
396
397         read_lock_bh(&rfcomm_dev_lock);
398
399         list_for_each(p, &rfcomm_dev_list) {
400                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
401                 (di + n)->id      = dev->id;
402                 (di + n)->flags   = dev->flags;
403                 (di + n)->state   = dev->dlc->state;
404                 (di + n)->channel = dev->channel;
405                 bacpy(&(di + n)->src, &dev->src);
406                 bacpy(&(di + n)->dst, &dev->dst);
407                 if (++n >= dev_num)
408                         break;
409         }
410
411         read_unlock_bh(&rfcomm_dev_lock);
412
413         dl->dev_num = n;
414         size = sizeof(*dl) + n * sizeof(*di);
415
416         err = copy_to_user(arg, dl, size);
417         kfree(dl);
418
419         return err ? -EFAULT : 0;
420 }
421
422 static int rfcomm_get_dev_info(void __user *arg)
423 {
424         struct rfcomm_dev *dev;
425         struct rfcomm_dev_info di;
426         int err = 0;
427
428         BT_DBG("");
429
430         if (copy_from_user(&di, arg, sizeof(di)))
431                 return -EFAULT;
432
433         if (!(dev = rfcomm_dev_get(di.id)))
434                 return -ENODEV;
435
436         di.flags   = dev->flags;
437         di.channel = dev->channel;
438         di.state   = dev->dlc->state;
439         bacpy(&di.src, &dev->src);
440         bacpy(&di.dst, &dev->dst);
441
442         if (copy_to_user(arg, &di, sizeof(di)))
443                 err = -EFAULT;
444
445         rfcomm_dev_put(dev);
446         return err;
447 }
448
449 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
450 {
451         BT_DBG("cmd %d arg %p", cmd, arg);
452
453         switch (cmd) {
454         case RFCOMMCREATEDEV:
455                 return rfcomm_create_dev(sk, arg);
456
457         case RFCOMMRELEASEDEV:
458                 return rfcomm_release_dev(arg);
459
460         case RFCOMMGETDEVLIST:
461                 return rfcomm_get_dev_list(arg);
462
463         case RFCOMMGETDEVINFO:
464                 return rfcomm_get_dev_info(arg);
465         }
466
467         return -EINVAL;
468 }
469
470 /* ---- DLC callbacks ---- */
471 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
472 {
473         struct rfcomm_dev *dev = dlc->owner;
474         struct tty_struct *tty;
475        
476         if (!dev || !(tty = dev->tty)) {
477                 kfree_skb(skb);
478                 return;
479         }
480
481         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
482
483         if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
484                 tty_buffer_request_room(tty, skb->len);
485                 tty_insert_flip_string(tty, skb->data, skb->len);
486                 tty_flip_buffer_push(tty);
487         } else
488                 tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
489
490         kfree_skb(skb);
491 }
492
493 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
494 {
495         struct rfcomm_dev *dev = dlc->owner;
496         if (!dev)
497                 return;
498         
499         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
500
501         dev->err = err;
502         wake_up_interruptible(&dev->wait);
503
504         if (dlc->state == BT_CLOSED) {
505                 if (!dev->tty) {
506                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
507                                 rfcomm_dev_hold(dev);
508                                 rfcomm_dev_del(dev);
509
510                                 /* We have to drop DLC lock here, otherwise
511                                    rfcomm_dev_put() will dead lock if it's
512                                    the last reference. */
513                                 rfcomm_dlc_unlock(dlc);
514                                 rfcomm_dev_put(dev);
515                                 rfcomm_dlc_lock(dlc);
516                         }
517                 } else 
518                         tty_hangup(dev->tty);
519         }
520 }
521
522 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
523 {
524         struct rfcomm_dev *dev = dlc->owner;
525         if (!dev)
526                 return;
527
528         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
529
530         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
531                 if (dev->tty && !C_CLOCAL(dev->tty))
532                         tty_hangup(dev->tty);
533         }
534
535         dev->modem_status = 
536                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
537                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
538                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
539                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
540 }
541
542 /* ---- TTY functions ---- */
543 static void rfcomm_tty_wakeup(unsigned long arg)
544 {
545         struct rfcomm_dev *dev = (void *) arg;
546         struct tty_struct *tty = dev->tty;
547         if (!tty)
548                 return;
549
550         BT_DBG("dev %p tty %p", dev, tty);
551
552         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
553                 (tty->ldisc.write_wakeup)(tty);
554
555         wake_up_interruptible(&tty->write_wait);
556 #ifdef SERIAL_HAVE_POLL_WAIT
557         wake_up_interruptible(&tty->poll_wait);
558 #endif
559 }
560
561 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
562 {
563         DECLARE_WAITQUEUE(wait, current);
564         struct rfcomm_dev *dev;
565         struct rfcomm_dlc *dlc;
566         int err, id;
567
568         id = tty->index;
569
570         BT_DBG("tty %p id %d", tty, id);
571
572         /* We don't leak this refcount. For reasons which are not entirely
573            clear, the TTY layer will call our ->close() method even if the
574            open fails. We decrease the refcount there, and decreasing it
575            here too would cause breakage. */
576         dev = rfcomm_dev_get(id);
577         if (!dev)
578                 return -ENODEV;
579
580         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
581
582         if (dev->opened++ != 0)
583                 return 0;
584
585         dlc = dev->dlc;
586
587         /* Attach TTY and open DLC */
588
589         rfcomm_dlc_lock(dlc);
590         tty->driver_data = dev;
591         dev->tty = tty;
592         rfcomm_dlc_unlock(dlc);
593         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
594
595         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
596         if (err < 0)
597                 return err;
598
599         /* Wait for DLC to connect */
600         add_wait_queue(&dev->wait, &wait);
601         while (1) {
602                 set_current_state(TASK_INTERRUPTIBLE);
603
604                 if (dlc->state == BT_CLOSED) {
605                         err = -dev->err;
606                         break;
607                 }
608
609                 if (dlc->state == BT_CONNECTED)
610                         break;
611
612                 if (signal_pending(current)) {
613                         err = -EINTR;
614                         break;
615                 }
616
617                 schedule();
618         }
619         set_current_state(TASK_RUNNING);
620         remove_wait_queue(&dev->wait, &wait);
621
622         return err;
623 }
624
625 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
626 {
627         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
628         if (!dev)
629                 return;
630
631         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
632
633         if (--dev->opened == 0) {
634                 /* Close DLC and dettach TTY */
635                 rfcomm_dlc_close(dev->dlc, 0);
636
637                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
638                 tasklet_kill(&dev->wakeup_task);
639
640                 rfcomm_dlc_lock(dev->dlc);
641                 tty->driver_data = NULL;
642                 dev->tty = NULL;
643                 rfcomm_dlc_unlock(dev->dlc);
644         }
645
646         rfcomm_dev_put(dev);
647 }
648
649 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
650 {
651         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
652         struct rfcomm_dlc *dlc = dev->dlc;
653         struct sk_buff *skb;
654         int err = 0, sent = 0, size;
655
656         BT_DBG("tty %p count %d", tty, count);
657
658         while (count) {
659                 size = min_t(uint, count, dlc->mtu);
660
661                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
662                 
663                 if (!skb)
664                         break;
665
666                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
667
668                 memcpy(skb_put(skb, size), buf + sent, size);
669
670                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
671                         kfree_skb(skb);
672                         break;
673                 }
674
675                 sent  += size;
676                 count -= size;
677         }
678
679         return sent ? sent : err;
680 }
681
682 static int rfcomm_tty_write_room(struct tty_struct *tty)
683 {
684         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
685         int room;
686
687         BT_DBG("tty %p", tty);
688
689         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
690         if (room < 0)
691                 room = 0;
692         return room;
693 }
694
695 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
696 {
697         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
698
699         switch (cmd) {
700         case TCGETS:
701                 BT_DBG("TCGETS is not supported");
702                 return -ENOIOCTLCMD;
703
704         case TCSETS:
705                 BT_DBG("TCSETS is not supported");
706                 return -ENOIOCTLCMD;
707
708         case TIOCMIWAIT:
709                 BT_DBG("TIOCMIWAIT");
710                 break;
711
712         case TIOCGICOUNT:
713                 BT_DBG("TIOCGICOUNT");
714                 break;
715
716         case TIOCGSERIAL:
717                 BT_ERR("TIOCGSERIAL is not supported");
718                 return -ENOIOCTLCMD;
719
720         case TIOCSSERIAL:
721                 BT_ERR("TIOCSSERIAL is not supported");
722                 return -ENOIOCTLCMD;
723
724         case TIOCSERGSTRUCT:
725                 BT_ERR("TIOCSERGSTRUCT is not supported");
726                 return -ENOIOCTLCMD;
727
728         case TIOCSERGETLSR:
729                 BT_ERR("TIOCSERGETLSR is not supported");
730                 return -ENOIOCTLCMD;
731
732         case TIOCSERCONFIG:
733                 BT_ERR("TIOCSERCONFIG is not supported");
734                 return -ENOIOCTLCMD;
735
736         default:
737                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
738
739         }
740
741         return -ENOIOCTLCMD;
742 }
743
744 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
745 {
746         struct termios *new = (struct termios *) tty->termios;
747         int old_baud_rate = tty_termios_baud_rate(old);
748         int new_baud_rate = tty_termios_baud_rate(new);
749
750         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
751         u16 changes = 0;
752
753         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
754
755         BT_DBG("tty %p termios %p", tty, old);
756
757         /* Handle turning off CRTSCTS */
758         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 
759                 BT_DBG("Turning off CRTSCTS unsupported");
760
761         /* Parity on/off and when on, odd/even */
762         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
763                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
764                 changes |= RFCOMM_RPN_PM_PARITY;
765                 BT_DBG("Parity change detected.");
766         }
767
768         /* Mark and space parity are not supported! */
769         if (new->c_cflag & PARENB) {
770                 if (new->c_cflag & PARODD) {
771                         BT_DBG("Parity is ODD");
772                         parity = RFCOMM_RPN_PARITY_ODD;
773                 } else {
774                         BT_DBG("Parity is EVEN");
775                         parity = RFCOMM_RPN_PARITY_EVEN;
776                 }
777         } else {
778                 BT_DBG("Parity is OFF");
779                 parity = RFCOMM_RPN_PARITY_NONE;
780         }
781
782         /* Setting the x_on / x_off characters */
783         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
784                 BT_DBG("XOFF custom");
785                 x_on = new->c_cc[VSTOP];
786                 changes |= RFCOMM_RPN_PM_XON;
787         } else {
788                 BT_DBG("XOFF default");
789                 x_on = RFCOMM_RPN_XON_CHAR;
790         }
791
792         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
793                 BT_DBG("XON custom");
794                 x_off = new->c_cc[VSTART];
795                 changes |= RFCOMM_RPN_PM_XOFF;
796         } else {
797                 BT_DBG("XON default");
798                 x_off = RFCOMM_RPN_XOFF_CHAR;
799         }
800
801         /* Handle setting of stop bits */
802         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
803                 changes |= RFCOMM_RPN_PM_STOP;
804
805         /* POSIX does not support 1.5 stop bits and RFCOMM does not
806          * support 2 stop bits. So a request for 2 stop bits gets
807          * translated to 1.5 stop bits */
808         if (new->c_cflag & CSTOPB) {
809                 stop_bits = RFCOMM_RPN_STOP_15;
810         } else {
811                 stop_bits = RFCOMM_RPN_STOP_1;
812         }
813
814         /* Handle number of data bits [5-8] */
815         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 
816                 changes |= RFCOMM_RPN_PM_DATA;
817
818         switch (new->c_cflag & CSIZE) {
819         case CS5:
820                 data_bits = RFCOMM_RPN_DATA_5;
821                 break;
822         case CS6:
823                 data_bits = RFCOMM_RPN_DATA_6;
824                 break;
825         case CS7:
826                 data_bits = RFCOMM_RPN_DATA_7;
827                 break;
828         case CS8:
829                 data_bits = RFCOMM_RPN_DATA_8;
830                 break;
831         default:
832                 data_bits = RFCOMM_RPN_DATA_8;
833                 break;
834         }
835
836         /* Handle baudrate settings */
837         if (old_baud_rate != new_baud_rate)
838                 changes |= RFCOMM_RPN_PM_BITRATE;
839
840         switch (new_baud_rate) {
841         case 2400:
842                 baud = RFCOMM_RPN_BR_2400;
843                 break;
844         case 4800:
845                 baud = RFCOMM_RPN_BR_4800;
846                 break;
847         case 7200:
848                 baud = RFCOMM_RPN_BR_7200;
849                 break;
850         case 9600:
851                 baud = RFCOMM_RPN_BR_9600;
852                 break;
853         case 19200: 
854                 baud = RFCOMM_RPN_BR_19200;
855                 break;
856         case 38400:
857                 baud = RFCOMM_RPN_BR_38400;
858                 break;
859         case 57600:
860                 baud = RFCOMM_RPN_BR_57600;
861                 break;
862         case 115200:
863                 baud = RFCOMM_RPN_BR_115200;
864                 break;
865         case 230400:
866                 baud = RFCOMM_RPN_BR_230400;
867                 break;
868         default:
869                 /* 9600 is standard accordinag to the RFCOMM specification */
870                 baud = RFCOMM_RPN_BR_9600;
871                 break;
872         
873         }
874
875         if (changes)
876                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
877                                 data_bits, stop_bits, parity,
878                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
879
880         return;
881 }
882
883 static void rfcomm_tty_throttle(struct tty_struct *tty)
884 {
885         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
886
887         BT_DBG("tty %p dev %p", tty, dev);
888
889         rfcomm_dlc_throttle(dev->dlc);
890 }
891
892 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
893 {
894         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
895
896         BT_DBG("tty %p dev %p", tty, dev);
897
898         rfcomm_dlc_unthrottle(dev->dlc);
899 }
900
901 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
902 {
903         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
904         struct rfcomm_dlc *dlc = dev->dlc;
905
906         BT_DBG("tty %p dev %p", tty, dev);
907
908         if (!skb_queue_empty(&dlc->tx_queue))
909                 return dlc->mtu;
910
911         return 0;
912 }
913
914 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
915 {
916         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
917         if (!dev)
918                 return;
919
920         BT_DBG("tty %p dev %p", tty, dev);
921
922         skb_queue_purge(&dev->dlc->tx_queue);
923
924         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
925                 tty->ldisc.write_wakeup(tty);
926 }
927
928 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
929 {
930         BT_DBG("tty %p ch %c", tty, ch);
931 }
932
933 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
934 {
935         BT_DBG("tty %p timeout %d", tty, timeout);
936 }
937
938 static void rfcomm_tty_hangup(struct tty_struct *tty)
939 {
940         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
941         if (!dev)
942                 return;
943
944         BT_DBG("tty %p dev %p", tty, dev);
945
946         rfcomm_tty_flush_buffer(tty);
947
948         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
949                 rfcomm_dev_del(dev);
950 }
951
952 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
953 {
954         return 0;
955 }
956
957 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
958 {
959         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
960
961         BT_DBG("tty %p dev %p", tty, dev);
962
963         return dev->modem_status;
964 }
965
966 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
967 {
968         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
969         struct rfcomm_dlc *dlc = dev->dlc;
970         u8 v24_sig;
971
972         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
973
974         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
975
976         if (set & TIOCM_DSR || set & TIOCM_DTR)
977                 v24_sig |= RFCOMM_V24_RTC;
978         if (set & TIOCM_RTS || set & TIOCM_CTS)
979                 v24_sig |= RFCOMM_V24_RTR;
980         if (set & TIOCM_RI)
981                 v24_sig |= RFCOMM_V24_IC;
982         if (set & TIOCM_CD)
983                 v24_sig |= RFCOMM_V24_DV;
984
985         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
986                 v24_sig &= ~RFCOMM_V24_RTC;
987         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
988                 v24_sig &= ~RFCOMM_V24_RTR;
989         if (clear & TIOCM_RI)
990                 v24_sig &= ~RFCOMM_V24_IC;
991         if (clear & TIOCM_CD)
992                 v24_sig &= ~RFCOMM_V24_DV;
993
994         rfcomm_dlc_set_modem_status(dlc, v24_sig);
995
996         return 0;
997 }
998
999 /* ---- TTY structure ---- */
1000
1001 static struct tty_operations rfcomm_ops = {
1002         .open                   = rfcomm_tty_open,
1003         .close                  = rfcomm_tty_close,
1004         .write                  = rfcomm_tty_write,
1005         .write_room             = rfcomm_tty_write_room,
1006         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1007         .flush_buffer           = rfcomm_tty_flush_buffer,
1008         .ioctl                  = rfcomm_tty_ioctl,
1009         .throttle               = rfcomm_tty_throttle,
1010         .unthrottle             = rfcomm_tty_unthrottle,
1011         .set_termios            = rfcomm_tty_set_termios,
1012         .send_xchar             = rfcomm_tty_send_xchar,
1013         .hangup                 = rfcomm_tty_hangup,
1014         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1015         .read_proc              = rfcomm_tty_read_proc,
1016         .tiocmget               = rfcomm_tty_tiocmget,
1017         .tiocmset               = rfcomm_tty_tiocmset,
1018 };
1019
1020 int rfcomm_init_ttys(void)
1021 {
1022         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1023         if (!rfcomm_tty_driver)
1024                 return -1;
1025
1026         rfcomm_tty_driver->owner        = THIS_MODULE;
1027         rfcomm_tty_driver->driver_name  = "rfcomm";
1028         rfcomm_tty_driver->devfs_name   = "bluetooth/rfcomm/";
1029         rfcomm_tty_driver->name         = "rfcomm";
1030         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1031         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1032         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1033         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1034         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_NO_DEVFS;
1035         rfcomm_tty_driver->init_termios = tty_std_termios;
1036         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1037         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1038
1039         if (tty_register_driver(rfcomm_tty_driver)) {
1040                 BT_ERR("Can't register RFCOMM TTY driver");
1041                 put_tty_driver(rfcomm_tty_driver);
1042                 return -1;
1043         }
1044
1045         BT_INFO("RFCOMM TTY layer initialized");
1046
1047         return 0;
1048 }
1049
1050 void rfcomm_cleanup_ttys(void)
1051 {
1052         tty_unregister_driver(rfcomm_tty_driver);
1053         put_tty_driver(rfcomm_tty_driver);
1054 }