LXR linux-old/net/bluetooth/rfcomm/tty.c

   1/* 
   2   RFCOMM implementation for Linux Bluetooth stack (BlueZ).
   3   Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
   4   Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
   5
   6   This program is free software; you can redistribute it and/or modify
   7   it under the terms of the GNU General Public License version 2 as
   8   published by the Free Software Foundation;
   9
  10   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  11   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  12   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  13   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  14   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
  15   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
  16   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
  17   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18
  19   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
  20   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
  21   SOFTWARE IS DISCLAIMED.
  22*/
  23
  24/*
  25 * RFCOMM TTY.
  26 *
  27 * $Id: tty.c,v 1.26 2002/10/18 20:12:12 maxk Exp $
  28 */
  29
  30#include <linux/config.h>
  31#include <linux/module.h>
  32
  33#include <linux/tty.h>
  34#include <linux/tty_driver.h>
  35#include <linux/tty_flip.h>
  36
  37#include <linux/slab.h>
  38#include <linux/skbuff.h>
  39
  40#include <net/bluetooth/bluetooth.h>
  41#include <net/bluetooth/rfcomm.h>
  42
  43#ifndef CONFIG_BLUEZ_RFCOMM_DEBUG
  44#undef  BT_DBG
  45#define BT_DBG(D...)
  46#endif
  47
  48#define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
  49#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
  50#define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
  51#define RFCOMM_TTY_MINOR 0
  52
  53struct rfcomm_dev {
  54        struct list_head        list;
  55        atomic_t                refcnt;
  56
  57        char                    name[12];
  58        int                     id;
  59        unsigned long           flags;
  60        int                     opened;
  61        int                     err;
  62
  63        bdaddr_t                src;
  64        bdaddr_t                dst;
  65        u8                      channel;
  66
  67        uint                    modem_status;
  68
  69        struct rfcomm_dlc       *dlc;
  70        struct tty_struct       *tty;
  71        wait_queue_head_t       wait;
  72        struct tasklet_struct   wakeup_task;
  73
  74        atomic_t                wmem_alloc;
  75};
  76
  77static LIST_HEAD(rfcomm_dev_list);
  78static rwlock_t rfcomm_dev_lock = RW_LOCK_UNLOCKED;
  79
  80static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
  81static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
  82static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
  83
  84static void rfcomm_tty_wakeup(unsigned long arg);
  85
  86/* ---- Device functions ---- */
  87static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
  88{
  89        struct rfcomm_dlc *dlc = dev->dlc;
  90
  91        BT_DBG("dev %p dlc %p", dev, dlc);
  92
  93        rfcomm_dlc_lock(dlc);
  94        /* Detach DLC if it's owned by this dev */
  95        if (dlc->owner == dev)
  96                dlc->owner = NULL;
  97        rfcomm_dlc_unlock(dlc);
  98
  99        rfcomm_dlc_put(dlc);
 100        kfree(dev);
 101
 102        MOD_DEC_USE_COUNT;
 103}
 104
 105static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
 106{
 107        atomic_inc(&dev->refcnt);
 108}
 109
 110static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
 111{
 112        /* The reason this isn't actually a race, as you no
 113           doubt have a little voice screaming at you in your
 114           head, is that the refcount should never actually
 115           reach zero unless the device has already been taken
 116           off the list, in rfcomm_dev_del(). And if that's not
 117           true, we'll hit the BUG() in rfcomm_dev_destruct()
 118           anyway. */
 119        if (atomic_dec_and_test(&dev->refcnt))
 120                rfcomm_dev_destruct(dev);
 121}
 122
 123static struct rfcomm_dev *__rfcomm_dev_get(int id)
 124{
 125        struct rfcomm_dev *dev;
 126        struct list_head  *p;
 127
 128        list_for_each(p, &rfcomm_dev_list) {
 129                dev = list_entry(p, struct rfcomm_dev, list);
 130                if (dev->id == id)
 131                        return dev;
 132        }
 133
 134        return NULL;
 135}
 136
 137static inline struct rfcomm_dev *rfcomm_dev_get(int id)
 138{
 139        struct rfcomm_dev *dev;
 140
 141        read_lock(&rfcomm_dev_lock);
 142
 143        dev = __rfcomm_dev_get(id);
 144        if (dev)
 145                rfcomm_dev_hold(dev);
 146
 147        read_unlock(&rfcomm_dev_lock);
 148
 149        return dev;
 150}
 151
 152static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
 153{
 154        struct rfcomm_dev *dev;
 155        struct list_head *head = &rfcomm_dev_list, *p;
 156        int err = 0;
 157
 158        BT_DBG("id %d channel %d", req->dev_id, req->channel);
 159        
 160        dev = kmalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
 161        if (!dev)
 162                return -ENOMEM;
 163        memset(dev, 0, sizeof(struct rfcomm_dev));
 164
 165        write_lock_bh(&rfcomm_dev_lock);
 166
 167        if (req->dev_id < 0) {
 168                dev->id = 0;
 169
 170                list_for_each(p, &rfcomm_dev_list) {
 171                        if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
 172                                break;
 173
 174                        dev->id++;
 175                        head = p;
 176                }
 177        } else {
 178                dev->id = req->dev_id;
 179
 180                list_for_each(p, &rfcomm_dev_list) {
 181                        struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
 182
 183                        if (entry->id == dev->id) {
 184                                err = -EADDRINUSE;
 185                                goto out;
 186                        }
 187
 188                        if (entry->id > dev->id - 1)
 189                                break;
 190
 191                        head = p;
 192                }
 193        }
 194
 195        if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
 196                err = -ENFILE;
 197                goto out;
 198        }
 199
 200        sprintf(dev->name, "rfcomm%d", dev->id);
 201
 202        list_add(&dev->list, head);
 203        atomic_set(&dev->refcnt, 1);
 204
 205        bacpy(&dev->src, &req->src);
 206        bacpy(&dev->dst, &req->dst);
 207        dev->channel = req->channel;
 208
 209        dev->flags = req->flags & 
 210                ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
 211
 212        init_waitqueue_head(&dev->wait);
 213        tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
 214
 215        rfcomm_dlc_lock(dlc);
 216        dlc->data_ready   = rfcomm_dev_data_ready;
 217        dlc->state_change = rfcomm_dev_state_change;
 218        dlc->modem_status = rfcomm_dev_modem_status;
 219
 220        dlc->owner = dev;
 221        dev->dlc   = dlc;
 222        rfcomm_dlc_unlock(dlc);
 223
 224        MOD_INC_USE_COUNT;
 225        
 226out:
 227        write_unlock_bh(&rfcomm_dev_lock);
 228
 229        if (err) {
 230                kfree(dev);
 231                return err;
 232        } else
 233                return dev->id;
 234}
 235
 236static void rfcomm_dev_del(struct rfcomm_dev *dev)
 237{
 238        BT_DBG("dev %p", dev);
 239
 240        write_lock_bh(&rfcomm_dev_lock);
 241        list_del_init(&dev->list);
 242        write_unlock_bh(&rfcomm_dev_lock);
 243
 244        rfcomm_dev_put(dev);
 245}
 246
 247/* ---- Send buffer ---- */
 248
 249static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
 250{
 251        /* We can't let it be zero, because we don't get a callback 
 252           when tx_credits becomes nonzero, hence we'd never wake up */
 253        return dlc->mtu * (dlc->tx_credits?:1);
 254}
 255
 256static void rfcomm_wfree(struct sk_buff *skb)
 257{
 258        struct rfcomm_dev *dev = (void *) skb->sk;
 259        atomic_sub(skb->truesize, &dev->wmem_alloc);
 260        if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
 261                tasklet_schedule(&dev->wakeup_task);
 262        rfcomm_dev_put(dev);
 263}
 264
 265static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
 266{
 267        rfcomm_dev_hold(dev);
 268        atomic_add(skb->truesize, &dev->wmem_alloc);
 269        skb->sk = (void *) dev;
 270        skb->destructor = rfcomm_wfree;
 271}
 272
 273static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, int force, int priority)
 274{
 275        if (force || atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
 276                struct sk_buff *skb = alloc_skb(size, priority);
 277                if (skb) {
 278                        rfcomm_set_owner_w(skb, dev);
 279                        return skb;
 280                }
 281        }
 282        return NULL;
 283}
 284
 285/* ---- Device IOCTLs ---- */
 286
 287#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
 288
 289static int rfcomm_create_dev(struct sock *sk, unsigned long arg)
 290{
 291        struct rfcomm_dev_req req;
 292        struct rfcomm_dlc *dlc;
 293        int id;
 294
 295        if (copy_from_user(&req, (void *) arg, sizeof(req)))
 296                return -EFAULT;
 297
 298        BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
 299
 300        if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
 301                return -EPERM;
 302
 303        if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 304                /* Socket must be connected */
 305                if (sk->state != BT_CONNECTED)
 306                        return -EBADFD;
 307
 308                dlc = rfcomm_pi(sk)->dlc;
 309                rfcomm_dlc_hold(dlc);
 310        } else {
 311                dlc = rfcomm_dlc_alloc(GFP_KERNEL);
 312                if (!dlc)
 313                        return -ENOMEM;
 314        }
 315
 316        id = rfcomm_dev_add(&req, dlc);
 317        if (id < 0) {
 318                rfcomm_dlc_put(dlc);
 319                return id;
 320        }
 321
 322        if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
 323                /* DLC is now used by device.
 324                 * Socket must be disconnected */
 325                sk->state = BT_CLOSED;
 326        }
 327
 328        return id;
 329}
 330
 331static int rfcomm_release_dev(unsigned long arg)
 332{
 333        struct rfcomm_dev_req req;
 334        struct rfcomm_dev *dev;
 335
 336        if (copy_from_user(&req, (void *) arg, sizeof(req)))
 337                return -EFAULT;
 338
 339        BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
 340
 341        if (!(dev = rfcomm_dev_get(req.dev_id)))
 342                return -ENODEV;
 343
 344        if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
 345                rfcomm_dev_put(dev);
 346                return -EPERM;
 347        }
 348
 349        if (req.flags & (1 << RFCOMM_HANGUP_NOW))
 350                rfcomm_dlc_close(dev->dlc, 0);
 351
 352        rfcomm_dev_del(dev);
 353        rfcomm_dev_put(dev);
 354        return 0;
 355}
 356
 357static int rfcomm_get_dev_list(unsigned long arg)
 358{
 359        struct rfcomm_dev_list_req *dl;
 360        struct rfcomm_dev_info *di;
 361        struct list_head *p;
 362        int n = 0, size, err;
 363        u16 dev_num;
 364
 365        BT_DBG("");
 366
 367        if (get_user(dev_num, (u16 *) arg))
 368                return -EFAULT;
 369
 370        if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
 371                return -EINVAL;
 372
 373        size = sizeof(*dl) + dev_num * sizeof(*di);
 374
 375        if (!(dl = kmalloc(size, GFP_KERNEL)))
 376                return -ENOMEM;
 377
 378        di = dl->dev_info;
 379
 380        read_lock_bh(&rfcomm_dev_lock);
 381
 382        list_for_each(p, &rfcomm_dev_list) {
 383                struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
 384                (di + n)->id      = dev->id;
 385                (di + n)->flags   = dev->flags;
 386                (di + n)->state   = dev->dlc->state;
 387                (di + n)->channel = dev->channel;
 388                bacpy(&(di + n)->src, &dev->src);
 389                bacpy(&(di + n)->dst, &dev->dst);
 390                if (++n >= dev_num)
 391                        break;
 392        }
 393
 394        read_unlock_bh(&rfcomm_dev_lock);
 395
 396        dl->dev_num = n;
 397        size = sizeof(*dl) + n * sizeof(*di);
 398
 399        err = copy_to_user((void *) arg, dl, size);
 400        kfree(dl);
 401
 402        return err ? -EFAULT : 0;
 403}
 404
 405static int rfcomm_get_dev_info(unsigned long arg)
 406{
 407        struct rfcomm_dev *dev;
 408        struct rfcomm_dev_info di;
 409        int err = 0;
 410
 411        BT_DBG("");
 412
 413        if (copy_from_user(&di, (void *)arg, sizeof(di)))
 414                return -EFAULT;
 415
 416        if (!(dev = rfcomm_dev_get(di.id)))
 417                return -ENODEV;
 418
 419        di.flags   = dev->flags;
 420        di.channel = dev->channel;
 421        di.state   = dev->dlc->state;
 422        bacpy(&di.src, &dev->src);
 423        bacpy(&di.dst, &dev->dst);
 424
 425        if (copy_to_user((void *)arg, &di, sizeof(di)))
 426                err = -EFAULT;
 427
 428        rfcomm_dev_put(dev);
 429        return err;
 430}
 431
 432int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
 433{
 434        BT_DBG("cmd %d arg %ld", cmd, arg);
 435
 436        switch (cmd) {
 437        case RFCOMMCREATEDEV:
 438                return rfcomm_create_dev(sk, arg);
 439
 440        case RFCOMMRELEASEDEV:
 441                return rfcomm_release_dev(arg);
 442
 443        case RFCOMMGETDEVLIST:
 444                return rfcomm_get_dev_list(arg);
 445
 446        case RFCOMMGETDEVINFO:
 447                return rfcomm_get_dev_info(arg);
 448        }
 449
 450        return -EINVAL;
 451}
 452
 453/* ---- DLC callbacks ---- */
 454static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
 455{
 456        struct rfcomm_dev *dev = dlc->owner;
 457        struct tty_struct *tty;
 458       
 459        if (!dev || !(tty = dev->tty)) {
 460                kfree_skb(skb);
 461                return;
 462        }
 463
 464        BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
 465
 466        if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
 467                register int i;
 468                for (i = 0; i < skb->len; i++) {
 469                        if (tty->flip.count >= TTY_FLIPBUF_SIZE)
 470                                tty_flip_buffer_push(tty);
 471
 472                        tty_insert_flip_char(tty, skb->data[i], 0);
 473                }
 474                tty_flip_buffer_push(tty);
 475        } else
 476                tty->ldisc.receive_buf(tty, skb->data, NULL, skb->len);
 477
 478        kfree_skb(skb);
 479}
 480
 481static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
 482{
 483        struct rfcomm_dev *dev = dlc->owner;
 484        if (!dev)
 485                return;
 486        
 487        BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
 488
 489        dev->err = err;
 490        wake_up_interruptible(&dev->wait);
 491
 492        if (dlc->state == BT_CLOSED) {
 493                if (!dev->tty) {
 494                        if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
 495                                rfcomm_dev_hold(dev);
 496                                rfcomm_dev_del(dev);
 497
 498                                /* We have to drop DLC lock here, otherwise
 499                                   rfcomm_dev_put() will dead lock if it's
 500                                   the last reference. */
 501                                rfcomm_dlc_unlock(dlc);
 502                                rfcomm_dev_put(dev);
 503                                rfcomm_dlc_lock(dlc);
 504                        }
 505                } else 
 506                        tty_hangup(dev->tty);
 507        }
 508}
 509
 510static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
 511{
 512        struct rfcomm_dev *dev = dlc->owner;
 513        if (!dev)
 514                return;
 515        
 516        BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
 517
 518        dev->modem_status = 
 519                ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
 520                ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
 521                ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
 522                ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
 523}
 524
 525/* ---- TTY functions ---- */
 526static void rfcomm_tty_wakeup(unsigned long arg)
 527{
 528        struct rfcomm_dev *dev = (void *) arg;
 529        struct tty_struct *tty = dev->tty;
 530        if (!tty)
 531                return;
 532
 533        BT_DBG("dev %p tty %p", dev, tty);
 534
 535        tty_wakeup(tty);
 536
 537#ifdef SERIAL_HAVE_POLL_WAIT
 538        wake_up_interruptible(&tty->poll_wait);
 539#endif
 540}
 541
 542static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
 543{
 544        DECLARE_WAITQUEUE(wait, current);
 545        struct rfcomm_dev *dev;
 546        struct rfcomm_dlc *dlc;
 547        int err, id;
 548
 549        id = MINOR(tty->device) - tty->driver.minor_start;
 550
 551        BT_DBG("tty %p id %d", tty, id);
 552
 553        /* We don't leak this refcount. For reasons which are not entirely
 554           clear, the TTY layer will call our ->close() method even if the
 555           open fails. We decrease the refcount there, and decreasing it
 556           here too would cause breakage. */
 557        dev = rfcomm_dev_get(id);
 558        if (!dev)
 559                return -ENODEV;
 560
 561        BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
 562
 563        if (dev->opened++ != 0)
 564                return 0;
 565
 566        dlc = dev->dlc;
 567
 568        /* Attach TTY and open DLC */
 569
 570        rfcomm_dlc_lock(dlc);
 571        tty->driver_data = dev;
 572        dev->tty = tty;
 573        rfcomm_dlc_unlock(dlc);
 574        set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 575
 576        err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
 577        if (err < 0)
 578                return err;
 579
 580        /* Wait for DLC to connect */
 581        add_wait_queue(&dev->wait, &wait);
 582        while (1) {
 583                set_current_state(TASK_INTERRUPTIBLE);
 584
 585                if (dlc->state == BT_CLOSED) {
 586                        err = -dev->err;
 587                        break;
 588                }
 589
 590                if (dlc->state == BT_CONNECTED)
 591                        break;
 592
 593                if (signal_pending(current)) {
 594                        err = -EINTR;
 595                        break;
 596                }
 597
 598                schedule();
 599        }
 600        set_current_state(TASK_RUNNING);
 601        remove_wait_queue(&dev->wait, &wait);
 602
 603        return err;
 604}
 605
 606static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
 607{
 608        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 609        if (!dev)
 610                return;
 611
 612        BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
 613
 614        if (--dev->opened == 0) {
 615                /* Close DLC and dettach TTY */
 616                rfcomm_dlc_close(dev->dlc, 0);
 617
 618                clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
 619                tasklet_kill(&dev->wakeup_task);
 620
 621                rfcomm_dlc_lock(dev->dlc);
 622                tty->driver_data = NULL;
 623                dev->tty = NULL;
 624                rfcomm_dlc_unlock(dev->dlc);
 625        }
 626
 627        rfcomm_dev_put(dev);
 628}
 629
 630static int rfcomm_tty_write(struct tty_struct *tty, int from_user, const unsigned char *buf, int count)
 631{
 632        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 633        struct rfcomm_dlc *dlc = dev->dlc;
 634        struct sk_buff *skb;
 635        int err = 0, sent = 0, size;
 636
 637        BT_DBG("tty %p from_user %d count %d", tty, from_user, count);
 638
 639        while (count) {
 640                size = min_t(uint, count, dlc->mtu);
 641
 642                if (from_user)
 643                        skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, 0, GFP_KERNEL);
 644                else
 645                        skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, 0, GFP_ATOMIC);
 646                
 647                if (!skb)
 648                        break;
 649
 650                skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 651
 652                if (from_user)
 653                        copy_from_user(skb_put(skb, size), buf + sent, size);
 654                else
 655                        memcpy(skb_put(skb, size), buf + sent, size);
 656
 657                if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
 658                        kfree_skb(skb);
 659                        break;
 660                }
 661
 662                sent  += size;
 663                count -= size;
 664        }
 665
 666        return sent ? sent : err;
 667}
 668
 669static void rfcomm_tty_put_char(struct tty_struct *tty, unsigned char ch)
 670{
 671        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 672        struct rfcomm_dlc *dlc = dev->dlc;
 673        struct sk_buff *skb;
 674
 675        BT_DBG("tty %p char %x", tty, ch);
 676
 677        skb = rfcomm_wmalloc(dev, 1 + RFCOMM_SKB_RESERVE, 1, GFP_ATOMIC);
 678
 679        if (!skb)
 680                return;
 681
 682        skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
 683
 684        *(char *)skb_put(skb, 1) = ch;
 685
 686        if ((rfcomm_dlc_send(dlc, skb)) < 0)
 687                kfree_skb(skb); 
 688}
 689
 690static int rfcomm_tty_write_room(struct tty_struct *tty)
 691{
 692        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 693        int room;
 694        
 695        BT_DBG("tty %p", tty);
 696
 697        room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
 698        if (room < 0)
 699                room = 0;
 700
 701        return room;
 702}
 703
 704static int rfcomm_tty_set_modem_status(uint cmd, struct rfcomm_dlc *dlc, uint status)
 705{
 706        u8 v24_sig, mask;
 707
 708        BT_DBG("dlc %p cmd 0x%02x", dlc, cmd);
 709
 710        if (cmd == TIOCMSET)
 711                v24_sig = 0;
 712        else
 713                rfcomm_dlc_get_modem_status(dlc, &v24_sig);
 714
 715        mask =  ((status & TIOCM_DSR) ? RFCOMM_V24_RTC : 0) |
 716                ((status & TIOCM_DTR) ? RFCOMM_V24_RTC : 0) |
 717                ((status & TIOCM_RTS) ? RFCOMM_V24_RTR : 0) |
 718                ((status & TIOCM_CTS) ? RFCOMM_V24_RTR : 0) |
 719                ((status & TIOCM_RI)  ? RFCOMM_V24_IC  : 0) |
 720                ((status & TIOCM_CD)  ? RFCOMM_V24_DV  : 0);
 721
 722        if (cmd == TIOCMBIC)
 723                v24_sig &= ~mask;
 724        else
 725                v24_sig |= mask;
 726
 727        rfcomm_dlc_set_modem_status(dlc, v24_sig);
 728        return 0;
 729}
 730
 731static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
 732{
 733        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 734        struct rfcomm_dlc *dlc = dev->dlc;
 735        uint status;
 736        int err;
 737
 738        BT_DBG("tty %p cmd 0x%02x", tty, cmd);
 739
 740        switch (cmd) {
 741        case TCGETS:
 742                BT_DBG("TCGETS is not supported");
 743                return -ENOIOCTLCMD;
 744
 745        case TCSETS:
 746                BT_DBG("TCSETS is not supported");
 747                return -ENOIOCTLCMD;
 748
 749        case TIOCMGET:
 750                BT_DBG("TIOCMGET");
 751
 752                return put_user(dev->modem_status, (unsigned int *)arg);
 753
 754        case TIOCMSET: /* Turns on and off the lines as specified by the mask */
 755        case TIOCMBIS: /* Turns on the lines as specified by the mask */
 756        case TIOCMBIC: /* Turns off the lines as specified by the mask */
 757                if ((err = get_user(status, (unsigned int *)arg)))
 758                        return err;
 759                return rfcomm_tty_set_modem_status(cmd, dlc, status);
 760
 761        case TIOCMIWAIT:
 762                BT_DBG("TIOCMIWAIT");
 763                break;
 764
 765        case TIOCGICOUNT:
 766                BT_DBG("TIOCGICOUNT");
 767                break;
 768
 769        case TIOCGSERIAL:
 770                BT_ERR("TIOCGSERIAL is not supported");
 771                return -ENOIOCTLCMD;
 772
 773        case TIOCSSERIAL:
 774                BT_ERR("TIOCSSERIAL is not supported");
 775                return -ENOIOCTLCMD;
 776
 777        case TIOCSERGSTRUCT:
 778                BT_ERR("TIOCSERGSTRUCT is not supported");
 779                return -ENOIOCTLCMD;
 780
 781        case TIOCSERGETLSR:
 782                BT_ERR("TIOCSERGETLSR is not supported");
 783                return -ENOIOCTLCMD;
 784
 785        case TIOCSERCONFIG:
 786                BT_ERR("TIOCSERCONFIG is not supported");
 787                return -ENOIOCTLCMD;
 788
 789        default:
 790                return -ENOIOCTLCMD;    /* ioctls which we must ignore */
 791
 792        }
 793
 794        return -ENOIOCTLCMD;
 795}
 796
 797#define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
 798
 799static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
 800{
 801        BT_DBG("tty %p", tty);
 802
 803        if ((tty->termios->c_cflag == old->c_cflag) &&
 804                (RELEVANT_IFLAG(tty->termios->c_iflag) == RELEVANT_IFLAG(old->c_iflag)))
 805                return;
 806
 807        /* handle turning off CRTSCTS */
 808        if ((old->c_cflag & CRTSCTS) && !(tty->termios->c_cflag & CRTSCTS)) {
 809                BT_DBG("turning off CRTSCTS");
 810        }
 811}
 812
 813static void rfcomm_tty_throttle(struct tty_struct *tty)
 814{
 815        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 816
 817        BT_DBG("tty %p dev %p", tty, dev);
 818        
 819        rfcomm_dlc_throttle(dev->dlc);
 820}
 821
 822static void rfcomm_tty_unthrottle(struct tty_struct *tty)
 823{
 824        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 825
 826        BT_DBG("tty %p dev %p", tty, dev);
 827        
 828        rfcomm_dlc_unthrottle(dev->dlc);
 829}
 830
 831static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
 832{
 833        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 834        struct rfcomm_dlc *dlc = dev->dlc;
 835
 836        BT_DBG("tty %p dev %p", tty, dev);
 837
 838        if (skb_queue_len(&dlc->tx_queue))
 839                return dlc->mtu;
 840
 841        return 0;
 842}
 843
 844static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
 845{
 846        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 847        if (!dev)
 848                return;
 849
 850        BT_DBG("tty %p dev %p", tty, dev);
 851
 852        skb_queue_purge(&dev->dlc->tx_queue);
 853
 854        tty_wakeup(tty);
 855}
 856
 857static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
 858{
 859        BT_DBG("tty %p ch %c", tty, ch);
 860}
 861
 862static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
 863{
 864        BT_DBG("tty %p timeout %d", tty, timeout);
 865}
 866
 867static void rfcomm_tty_hangup(struct tty_struct *tty)
 868{
 869        struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
 870        if (!dev)
 871                return;
 872
 873        BT_DBG("tty %p dev %p", tty, dev);
 874
 875        rfcomm_tty_flush_buffer(tty);
 876
 877        if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
 878                rfcomm_dev_del(dev);
 879}
 880
 881static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
 882{
 883        return 0;
 884}
 885
 886/* ---- TTY structure ---- */
 887static int    rfcomm_tty_refcount;       /* If we manage several devices */
 888
 889static struct tty_struct *rfcomm_tty_table[RFCOMM_TTY_PORTS];
 890static struct termios *rfcomm_tty_termios[RFCOMM_TTY_PORTS];
 891static struct termios *rfcomm_tty_termios_locked[RFCOMM_TTY_PORTS];
 892
 893static struct tty_driver rfcomm_tty_driver = {
 894        magic:                  TTY_DRIVER_MAGIC,
 895        driver_name:            "rfcomm",
 896#ifdef CONFIG_DEVFS_FS
 897        name:                   "bluetooth/rfcomm/%d",
 898#else
 899        name:                   "rfcomm",
 900#endif
 901        major:                  RFCOMM_TTY_MAJOR,
 902        minor_start:            RFCOMM_TTY_MINOR,
 903        num:                    RFCOMM_TTY_PORTS,
 904        type:                   TTY_DRIVER_TYPE_SERIAL,
 905        subtype:                SERIAL_TYPE_NORMAL,
 906        flags:                  TTY_DRIVER_REAL_RAW,
 907
 908        refcount:               &rfcomm_tty_refcount,
 909        table:                  rfcomm_tty_table,
 910        termios:                rfcomm_tty_termios,
 911        termios_locked:         rfcomm_tty_termios_locked,
 912
 913        open:                   rfcomm_tty_open,
 914        close:                  rfcomm_tty_close,
 915        put_char:               rfcomm_tty_put_char,
 916        write:                  rfcomm_tty_write,
 917        write_room:             rfcomm_tty_write_room,
 918        chars_in_buffer:        rfcomm_tty_chars_in_buffer,
 919        flush_buffer:           rfcomm_tty_flush_buffer,
 920        ioctl:                  rfcomm_tty_ioctl,
 921        throttle:               rfcomm_tty_throttle,
 922        unthrottle:             rfcomm_tty_unthrottle,
 923        set_termios:            rfcomm_tty_set_termios,
 924        send_xchar:             rfcomm_tty_send_xchar,
 925        stop:                   NULL,
 926        start:                  NULL,
 927        hangup:                 rfcomm_tty_hangup,
 928        wait_until_sent:        rfcomm_tty_wait_until_sent,
 929        read_proc:              rfcomm_tty_read_proc,
 930};
 931
 932int rfcomm_init_ttys(void)
 933{
 934        int i;
 935
 936        /* Initalize our global data */
 937        for (i = 0; i < RFCOMM_TTY_PORTS; i++)
 938                rfcomm_tty_table[i] = NULL;
 939
 940        /* Register the TTY driver */
 941        rfcomm_tty_driver.init_termios = tty_std_termios;
 942        rfcomm_tty_driver.init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
 943        rfcomm_tty_driver.flags = TTY_DRIVER_REAL_RAW;
 944
 945        if (tty_register_driver(&rfcomm_tty_driver)) {
 946                BT_ERR("Can't register RFCOMM TTY driver");
 947                return -1;
 948        }
 949
 950        return 0;
 951}
 952
 953void rfcomm_cleanup_ttys(void)
 954{
 955        tty_unregister_driver(&rfcomm_tty_driver);
 956        return;
 957}
 958