[linux-2.6-block.git] / net / bluetooth / rfcomm / tty.c

/*
   RFCOMM implementation for Linux Bluetooth stack (BlueZ).
   Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
   Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation;

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
   SOFTWARE IS DISCLAIMED.
*/

/*
 * RFCOMM TTY.
 */

#include <linux/module.h>

#include <linux/tty.h>
#include <linux/tty_driver.h>
#include <linux/tty_flip.h>

#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/rfcomm.h>

#define RFCOMM_TTY_MAGIC 0x6d02		/* magic number for rfcomm struct */
#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV	/* whole lotta rfcomm devices */
#define RFCOMM_TTY_MAJOR 216		/* device node major id of the usb/bluetooth.c driver */
#define RFCOMM_TTY_MINOR 0

static struct tty_driver *rfcomm_tty_driver;

struct rfcomm_dev {
	struct tty_port		port;
	struct list_head	list;

	char			name[12];
	int			id;
	unsigned long		flags;
	int			err;

	unsigned long		status;		/* don't export to userspace */

	bdaddr_t		src;
	bdaddr_t		dst;
	u8			channel;

	uint			modem_status;

	struct rfcomm_dlc	*dlc;

	struct device		*tty_dev;

	atomic_t		wmem_alloc;

	struct sk_buff_head	pending;
};

static LIST_HEAD(rfcomm_dev_list);
static DEFINE_SPINLOCK(rfcomm_dev_lock);

static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);

/* ---- Device functions ---- */

static void rfcomm_dev_destruct(struct tty_port *port)
{
	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
	struct rfcomm_dlc *dlc = dev->dlc;

	BT_DBG("dev %p dlc %p", dev, dlc);

	spin_lock(&rfcomm_dev_lock);
	list_del(&dev->list);
	spin_unlock(&rfcomm_dev_lock);

	rfcomm_dlc_lock(dlc);
	/* Detach DLC if it's owned by this dev */
	if (dlc->owner == dev)
		dlc->owner = NULL;
	rfcomm_dlc_unlock(dlc);

	rfcomm_dlc_put(dlc);

	tty_unregister_device(rfcomm_tty_driver, dev->id);

	kfree(dev);

	/* It's safe to call module_put() here because socket still
	   holds reference to this module. */
	module_put(THIS_MODULE);
}

/* device-specific initialization: open the dlc */
static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
{
	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);

	return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
}

/* we block the open until the dlc->state becomes BT_CONNECTED */
static int rfcomm_dev_carrier_raised(struct tty_port *port)
{
	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);

	return (dev->dlc->state == BT_CONNECTED);
}

/* device-specific cleanup: close the dlc */
static void rfcomm_dev_shutdown(struct tty_port *port)
{
	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);

	if (dev->tty_dev->parent)
		device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);

	/* close the dlc */
	rfcomm_dlc_close(dev->dlc, 0);
}

static const struct tty_port_operations rfcomm_port_ops = {
	.destruct = rfcomm_dev_destruct,
	.activate = rfcomm_dev_activate,
	.shutdown = rfcomm_dev_shutdown,
	.carrier_raised = rfcomm_dev_carrier_raised,
};

static struct rfcomm_dev *__rfcomm_dev_get(int id)
{
	struct rfcomm_dev *dev;

	list_for_each_entry(dev, &rfcomm_dev_list, list)
		if (dev->id == id)
			return dev;

	return NULL;
}

static struct rfcomm_dev *rfcomm_dev_get(int id)
{
	struct rfcomm_dev *dev;

	spin_lock(&rfcomm_dev_lock);

	dev = __rfcomm_dev_get(id);

	if (dev && !tty_port_get(&dev->port))
		dev = NULL;

	spin_unlock(&rfcomm_dev_lock);

	return dev;
}

static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
{
	struct hci_dev *hdev;
	struct hci_conn *conn;

	hdev = hci_get_route(&dev->dst, &dev->src);
	if (!hdev)
		return NULL;

	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);

	hci_dev_put(hdev);

	return conn ? &conn->dev : NULL;
}

static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
{
	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
	return sprintf(buf, "%pMR\n", &dev->dst);
}

static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
{
	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
	return sprintf(buf, "%d\n", dev->channel);
}

static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);

static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
{
	struct rfcomm_dev *dev, *entry;
	struct list_head *head = &rfcomm_dev_list;
	int err = 0;

	BT_DBG("id %d channel %d", req->dev_id, req->channel);

	dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
	if (!dev)
		return -ENOMEM;

	spin_lock(&rfcomm_dev_lock);

	if (req->dev_id < 0) {
		dev->id = 0;

		list_for_each_entry(entry, &rfcomm_dev_list, list) {
			if (entry->id != dev->id)
				break;

			dev->id++;
			head = &entry->list;
		}
	} else {
		dev->id = req->dev_id;

		list_for_each_entry(entry, &rfcomm_dev_list, list) {
			if (entry->id == dev->id) {
				err = -EADDRINUSE;
				goto out;
			}

			if (entry->id > dev->id - 1)
				break;

			head = &entry->list;
		}
	}

	if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
		err = -ENFILE;
		goto out;
	}

	sprintf(dev->name, "rfcomm%d", dev->id);

	list_add(&dev->list, head);

	bacpy(&dev->src, &req->src);
	bacpy(&dev->dst, &req->dst);
	dev->channel = req->channel;

	dev->flags = req->flags &
		((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));

	tty_port_init(&dev->port);
	dev->port.ops = &rfcomm_port_ops;

	skb_queue_head_init(&dev->pending);

	rfcomm_dlc_lock(dlc);

	if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
		struct sock *sk = dlc->owner;
		struct sk_buff *skb;

		BUG_ON(!sk);

		rfcomm_dlc_throttle(dlc);

		while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
			skb_orphan(skb);
			skb_queue_tail(&dev->pending, skb);
			atomic_sub(skb->len, &sk->sk_rmem_alloc);
		}
	}

	dlc->data_ready   = rfcomm_dev_data_ready;
	dlc->state_change = rfcomm_dev_state_change;
	dlc->modem_status = rfcomm_dev_modem_status;

	dlc->owner = dev;
	dev->dlc   = dlc;

	rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);

	rfcomm_dlc_unlock(dlc);

	/* It's safe to call __module_get() here because socket already
	   holds reference to this module. */
	__module_get(THIS_MODULE);

out:
	spin_unlock(&rfcomm_dev_lock);

	if (err < 0)
		goto free;

	dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver,
			dev->id, NULL);
	if (IS_ERR(dev->tty_dev)) {
		err = PTR_ERR(dev->tty_dev);
		spin_lock(&rfcomm_dev_lock);
		list_del(&dev->list);
		spin_unlock(&rfcomm_dev_lock);
		goto free;
	}

	dev_set_drvdata(dev->tty_dev, dev);

	if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
		BT_ERR("Failed to create address attribute");

	if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
		BT_ERR("Failed to create channel attribute");

	return dev->id;

free:
	kfree(dev);
	return err;
}

/* ---- Send buffer ---- */
static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
{
	/* We can't let it be zero, because we don't get a callback
	   when tx_credits becomes nonzero, hence we'd never wake up */
	return dlc->mtu * (dlc->tx_credits?:1);
}

static void rfcomm_wfree(struct sk_buff *skb)
{
	struct rfcomm_dev *dev = (void *) skb->sk;
	atomic_sub(skb->truesize, &dev->wmem_alloc);
	if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
		tty_port_tty_wakeup(&dev->port);
	tty_port_put(&dev->port);
}

static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
{
	tty_port_get(&dev->port);
	atomic_add(skb->truesize, &dev->wmem_alloc);
	skb->sk = (void *) dev;
	skb->destructor = rfcomm_wfree;
}

static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
{
	if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
		struct sk_buff *skb = alloc_skb(size, priority);
		if (skb) {
			rfcomm_set_owner_w(skb, dev);
			return skb;
		}
	}
	return NULL;
}

/* ---- Device IOCTLs ---- */

#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))

static int rfcomm_create_dev(struct sock *sk, void __user *arg)
{
	struct rfcomm_dev_req req;
	struct rfcomm_dlc *dlc;
	int id;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);

	if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
		return -EPERM;

	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
		/* Socket must be connected */
		if (sk->sk_state != BT_CONNECTED)
			return -EBADFD;

		dlc = rfcomm_pi(sk)->dlc;
		rfcomm_dlc_hold(dlc);
	} else {
		dlc = rfcomm_dlc_alloc(GFP_KERNEL);
		if (!dlc)
			return -ENOMEM;
	}

	id = rfcomm_dev_add(&req, dlc);
	if (id < 0) {
		rfcomm_dlc_put(dlc);
		return id;
	}

	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
		/* DLC is now used by device.
		 * Socket must be disconnected */
		sk->sk_state = BT_CLOSED;
	}

	return id;
}

static int rfcomm_release_dev(void __user *arg)
{
	struct rfcomm_dev_req req;
	struct rfcomm_dev *dev;
	struct tty_struct *tty;

	if (copy_from_user(&req, arg, sizeof(req)))
		return -EFAULT;

	BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);

	dev = rfcomm_dev_get(req.dev_id);
	if (!dev)
		return -ENODEV;

	if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
		tty_port_put(&dev->port);
		return -EPERM;
	}

	/* only release once */
	if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
		tty_port_put(&dev->port);
		return -EALREADY;
	}

	if (req.flags & (1 << RFCOMM_HANGUP_NOW))
		rfcomm_dlc_close(dev->dlc, 0);

	/* Shut down TTY synchronously before freeing rfcomm_dev */
	tty = tty_port_tty_get(&dev->port);
	if (tty) {
		tty_vhangup(tty);
		tty_kref_put(tty);
	}

	if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
		tty_port_put(&dev->port);

	tty_port_put(&dev->port);
	return 0;
}

static int rfcomm_get_dev_list(void __user *arg)
{
	struct rfcomm_dev *dev;
	struct rfcomm_dev_list_req *dl;
	struct rfcomm_dev_info *di;
	int n = 0, size, err;
	u16 dev_num;

	BT_DBG("");

	if (get_user(dev_num, (u16 __user *) arg))
		return -EFAULT;

	if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
		return -EINVAL;

	size = sizeof(*dl) + dev_num * sizeof(*di);

	dl = kzalloc(size, GFP_KERNEL);
	if (!dl)
		return -ENOMEM;

	di = dl->dev_info;

	spin_lock(&rfcomm_dev_lock);

	list_for_each_entry(dev, &rfcomm_dev_list, list) {
		if (!tty_port_get(&dev->port))
			continue;
		(di + n)->id      = dev->id;
		(di + n)->flags   = dev->flags;
		(di + n)->state   = dev->dlc->state;
		(di + n)->channel = dev->channel;
		bacpy(&(di + n)->src, &dev->src);
		bacpy(&(di + n)->dst, &dev->dst);
		tty_port_put(&dev->port);
		if (++n >= dev_num)
			break;
	}

	spin_unlock(&rfcomm_dev_lock);

	dl->dev_num = n;
	size = sizeof(*dl) + n * sizeof(*di);

	err = copy_to_user(arg, dl, size);
	kfree(dl);

	return err ? -EFAULT : 0;
}

static int rfcomm_get_dev_info(void __user *arg)
{
	struct rfcomm_dev *dev;
	struct rfcomm_dev_info di;
	int err = 0;

	BT_DBG("");

	if (copy_from_user(&di, arg, sizeof(di)))
		return -EFAULT;

	dev = rfcomm_dev_get(di.id);
	if (!dev)
		return -ENODEV;

	di.flags   = dev->flags;
	di.channel = dev->channel;
	di.state   = dev->dlc->state;
	bacpy(&di.src, &dev->src);
	bacpy(&di.dst, &dev->dst);

	if (copy_to_user(arg, &di, sizeof(di)))
		err = -EFAULT;

	tty_port_put(&dev->port);
	return err;
}

int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
{
	BT_DBG("cmd %d arg %p", cmd, arg);

	switch (cmd) {
	case RFCOMMCREATEDEV:
		return rfcomm_create_dev(sk, arg);

	case RFCOMMRELEASEDEV:
		return rfcomm_release_dev(arg);

	case RFCOMMGETDEVLIST:
		return rfcomm_get_dev_list(arg);

	case RFCOMMGETDEVINFO:
		return rfcomm_get_dev_info(arg);
	}

	return -EINVAL;
}

/* ---- DLC callbacks ---- */
static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
{
	struct rfcomm_dev *dev = dlc->owner;

	if (!dev) {
		kfree_skb(skb);
		return;
	}

	if (!skb_queue_empty(&dev->pending)) {
		skb_queue_tail(&dev->pending, skb);
		return;
	}

	BT_DBG("dlc %p len %d", dlc, skb->len);

	tty_insert_flip_string(&dev->port, skb->data, skb->len);
	tty_flip_buffer_push(&dev->port);

	kfree_skb(skb);
}

static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
{
	struct rfcomm_dev *dev = dlc->owner;
	if (!dev)
		return;

	BT_DBG("dlc %p dev %p err %d", dlc, dev, err);

	dev->err = err;
	if (dlc->state == BT_CONNECTED) {
		device_move(dev->tty_dev, rfcomm_get_device(dev),
			    DPM_ORDER_DEV_AFTER_PARENT);

		wake_up_interruptible(&dev->port.open_wait);
	} else if (dlc->state == BT_CLOSED)
		tty_port_tty_hangup(&dev->port, false);
}

static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
{
	struct rfcomm_dev *dev = dlc->owner;
	if (!dev)
		return;
Commit	Line	Data
8e87d142	1	/*
1da177e4 LT	2	RFCOMM implementation for Linux Bluetooth stack (BlueZ).
	3	Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
	4	Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
	5
	6	This program is free software; you can redistribute it and/or modify
	7	it under the terms of the GNU General Public License version 2 as
	8	published by the Free Software Foundation;
	9
	10	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	11	OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	12	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	13	IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142 YH	14	CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	15	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	16	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4 LT	17	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1da177e4 LT	18
8e87d142 YH	19	ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
8e87d142 YH	20	COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4 LT	21	SOFTWARE IS DISCLAIMED.
	22	*/
	23
	24	/*
	25	* RFCOMM TTY.
1da177e4 LT	26	*/
1da177e4 LT	27
1da177e4 LT	28	#include <linux/module.h>
	29
	30	#include <linux/tty.h>
	31	#include <linux/tty_driver.h>
	32	#include <linux/tty_flip.h>
	33
1da177e4	34	#include <net/bluetooth/bluetooth.h>
0a85b964	35	#include <net/bluetooth/hci_core.h>
1da177e4 LT	36	#include <net/bluetooth/rfcomm.h>
1da177e4 LT	37
1da177e4 LT	38	#define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */
	39	#define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
	40	#define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */
	41	#define RFCOMM_TTY_MINOR 0
	42
	43	static struct tty_driver *rfcomm_tty_driver;
	44
	45	struct rfcomm_dev {
f60db8c4	46	struct tty_port port;
1da177e4	47	struct list_head list;
1da177e4 LT	48
	49	char name[12];
	50	int id;
	51	unsigned long flags;
1da177e4 LT	52	int err;
1da177e4 LT	53
1c64834e PH	54	unsigned long status; /* don't export to userspace */
1c64834e PH	55
1da177e4 LT	56	bdaddr_t src;
1da177e4 LT	57	bdaddr_t dst;
285b4e90	58	u8 channel;
1da177e4	59
285b4e90	60	uint modem_status;
1da177e4 LT	61
1da177e4 LT	62	struct rfcomm_dlc *dlc;
1da177e4	63
c1a33136 MH	64	struct device *tty_dev;
c1a33136 MH	65
285b4e90	66	atomic_t wmem_alloc;
a0c22f22 MH	67
a0c22f22 MH	68	struct sk_buff_head pending;
1da177e4 LT	69	};
	70
	71	static LIST_HEAD(rfcomm_dev_list);
393432cd	72	static DEFINE_SPINLOCK(rfcomm_dev_lock);
1da177e4 LT	73
	74	static void rfcomm_dev_data_ready(struct rfcomm_dlc dlc, struct sk_buff skb);
	75	static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
	76	static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
	77
1da177e4	78	/* ---- Device functions ---- */
67054019	79
67054019	80	static void rfcomm_dev_destruct(struct tty_port *port)
1da177e4	81	{
67054019	82	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
1da177e4 LT	83	struct rfcomm_dlc *dlc = dev->dlc;
	84
	85	BT_DBG("dev %p dlc %p", dev, dlc);
	86
ebe937f7 GA	87	spin_lock(&rfcomm_dev_lock);
	88	list_del(&dev->list);
	89	spin_unlock(&rfcomm_dev_lock);
8de0a154	90
1da177e4 LT	91	rfcomm_dlc_lock(dlc);
	92	/* Detach DLC if it's owned by this dev */
	93	if (dlc->owner == dev)
	94	dlc->owner = NULL;
	95	rfcomm_dlc_unlock(dlc);
	96
	97	rfcomm_dlc_put(dlc);
	98
	99	tty_unregister_device(rfcomm_tty_driver, dev->id);
	100
1da177e4 LT	101	kfree(dev);
1da177e4 LT	102
8e87d142	103	/* It's safe to call module_put() here because socket still
1da177e4 LT	104	holds reference to this module. */
	105	module_put(THIS_MODULE);
	106	}
	107
cad348a1 GA	108	/* device-specific initialization: open the dlc */
	109	static int rfcomm_dev_activate(struct tty_port port, struct tty_struct tty)
	110	{
	111	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
	112
136c373b	113	return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
cad348a1 GA	114	}
cad348a1 GA	115
7f717b91 PH	116	/* we block the open until the dlc->state becomes BT_CONNECTED */
	117	static int rfcomm_dev_carrier_raised(struct tty_port *port)
	118	{
	119	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
	120
	121	return (dev->dlc->state == BT_CONNECTED);
	122	}
	123
cad348a1 GA	124	/* device-specific cleanup: close the dlc */
	125	static void rfcomm_dev_shutdown(struct tty_port *port)
	126	{
	127	struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
	128
	129	if (dev->tty_dev->parent)
	130	device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
	131
	132	/* close the dlc */
	133	rfcomm_dlc_close(dev->dlc, 0);
	134	}
	135
67054019 JS	136	static const struct tty_port_operations rfcomm_port_ops = {
67054019 JS	137	.destruct = rfcomm_dev_destruct,
cad348a1 GA	138	.activate = rfcomm_dev_activate,
cad348a1 GA	139	.shutdown = rfcomm_dev_shutdown,
136c373b	140	.carrier_raised = rfcomm_dev_carrier_raised,
67054019	141	};
1da177e4 LT	142
	143	static struct rfcomm_dev *__rfcomm_dev_get(int id)
	144	{
	145	struct rfcomm_dev *dev;
1da177e4	146
8035ded4	147	list_for_each_entry(dev, &rfcomm_dev_list, list)
1da177e4 LT	148	if (dev->id == id)
1da177e4 LT	149	return dev;
1da177e4 LT	150
	151	return NULL;
	152	}
	153
6039aa73	154	static struct rfcomm_dev *rfcomm_dev_get(int id)
1da177e4 LT	155	{
	156	struct rfcomm_dev *dev;
	157
393432cd	158	spin_lock(&rfcomm_dev_lock);
1da177e4 LT	159
1da177e4 LT	160	dev = __rfcomm_dev_get(id);
8de0a154	161
082a1532 PH	162	if (dev && !tty_port_get(&dev->port))
082a1532 PH	163	dev = NULL;
1da177e4	164
393432cd	165	spin_unlock(&rfcomm_dev_lock);
1da177e4 LT	166
	167	return dev;
	168	}
	169
f87c24e7 PH	170	static struct device rfcomm_get_device(struct rfcomm_dev dev)
	171	{
	172	struct hci_dev *hdev;
	173	struct hci_conn *conn;
	174
	175	hdev = hci_get_route(&dev->dst, &dev->src);
	176	if (!hdev)
	177	return NULL;
	178
	179	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
	180
	181	hci_dev_put(hdev);
	182
	183	return conn ? &conn->dev : NULL;
	184	}
	185
dae6a0f6 MH	186	static ssize_t show_address(struct device tty_dev, struct device_attribute attr, char *buf)
	187	{
	188	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
fcb73338	189	return sprintf(buf, "%pMR\n", &dev->dst);
dae6a0f6 MH	190	}
	191
	192	static ssize_t show_channel(struct device tty_dev, struct device_attribute attr, char *buf)
	193	{
	194	struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
	195	return sprintf(buf, "%d\n", dev->channel);
	196	}
	197
	198	static DEVICE_ATTR(address, S_IRUGO, show_address, NULL);
	199	static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
	200
1da177e4 LT	201	static int rfcomm_dev_add(struct rfcomm_dev_req req, struct rfcomm_dlc dlc)
1da177e4 LT	202	{
8035ded4	203	struct rfcomm_dev dev, entry;
e57d758a	204	struct list_head *head = &rfcomm_dev_list;
1da177e4 LT	205	int err = 0;
	206
	207	BT_DBG("id %d channel %d", req->dev_id, req->channel);
8e87d142	208
25ea6db0	209	dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
1da177e4 LT	210	if (!dev)
1da177e4 LT	211	return -ENOMEM;
1da177e4	212
393432cd	213	spin_lock(&rfcomm_dev_lock);
1da177e4 LT	214
	215	if (req->dev_id < 0) {
	216	dev->id = 0;
	217
8035ded4 LAD	218	list_for_each_entry(entry, &rfcomm_dev_list, list) {
8035ded4 LAD	219	if (entry->id != dev->id)
1da177e4 LT	220	break;
	221
	222	dev->id++;
e57d758a	223	head = &entry->list;
1da177e4 LT	224	}
	225	} else {
	226	dev->id = req->dev_id;
	227
8035ded4	228	list_for_each_entry(entry, &rfcomm_dev_list, list) {
1da177e4 LT	229	if (entry->id == dev->id) {
	230	err = -EADDRINUSE;
	231	goto out;
	232	}
	233
	234	if (entry->id > dev->id - 1)
	235	break;
	236
e57d758a	237	head = &entry->list;
1da177e4 LT	238	}
	239	}
	240
	241	if ((dev->id < 0) \|\| (dev->id > RFCOMM_MAX_DEV - 1)) {
	242	err = -ENFILE;
	243	goto out;
	244	}
	245
	246	sprintf(dev->name, "rfcomm%d", dev->id);
	247
	248	list_add(&dev->list, head);
1da177e4 LT	249
	250	bacpy(&dev->src, &req->src);
	251	bacpy(&dev->dst, &req->dst);
	252	dev->channel = req->channel;
	253
8e87d142	254	dev->flags = req->flags &
1da177e4 LT	255	((1 << RFCOMM_RELEASE_ONHUP) \| (1 << RFCOMM_REUSE_DLC));
1da177e4 LT	256
f60db8c4	257	tty_port_init(&dev->port);
67054019	258	dev->port.ops = &rfcomm_port_ops;
1da177e4	259
a0c22f22 MH	260	skb_queue_head_init(&dev->pending);
a0c22f22 MH	261
1da177e4	262	rfcomm_dlc_lock(dlc);
a0c22f22 MH	263
	264	if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
	265	struct sock *sk = dlc->owner;
	266	struct sk_buff *skb;
	267
	268	BUG_ON(!sk);
	269
	270	rfcomm_dlc_throttle(dlc);
	271
	272	while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
	273	skb_orphan(skb);
	274	skb_queue_tail(&dev->pending, skb);
	275	atomic_sub(skb->len, &sk->sk_rmem_alloc);
	276	}
	277	}
	278
1da177e4 LT	279	dlc->data_ready = rfcomm_dev_data_ready;
	280	dlc->state_change = rfcomm_dev_state_change;
	281	dlc->modem_status = rfcomm_dev_modem_status;
	282
	283	dlc->owner = dev;
	284	dev->dlc = dlc;
8b6b3da7 MH	285
	286	rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
	287
1da177e4 LT	288	rfcomm_dlc_unlock(dlc);
1da177e4 LT	289
8e87d142	290	/* It's safe to call __module_get() here because socket already
1da177e4 LT	291	holds reference to this module. */
	292	__module_get(THIS_MODULE);
	293
	294	out:
393432cd	295	spin_unlock(&rfcomm_dev_lock);
1da177e4	296
037322ab IJ	297	if (err < 0)
037322ab IJ	298	goto free;
1da177e4	299
734cc178 JS	300	dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver,
734cc178 JS	301	dev->id, NULL);
8de0a154	302	if (IS_ERR(dev->tty_dev)) {
09c7d829	303	err = PTR_ERR(dev->tty_dev);
ebe937f7	304	spin_lock(&rfcomm_dev_lock);
8de0a154	305	list_del(&dev->list);
ebe937f7	306	spin_unlock(&rfcomm_dev_lock);
037322ab	307	goto free;
8de0a154 VT	308	}
8de0a154 VT	309
dae6a0f6 MH	310	dev_set_drvdata(dev->tty_dev, dev);
	311
	312	if (device_create_file(dev->tty_dev, &dev_attr_address) < 0)
	313	BT_ERR("Failed to create address attribute");
	314
	315	if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0)
	316	BT_ERR("Failed to create channel attribute");
	317
1da177e4	318	return dev->id;
037322ab IJ	319
	320	free:
	321	kfree(dev);
	322	return err;
1da177e4 LT	323	}
1da177e4 LT	324
1da177e4 LT	325	/* ---- Send buffer ---- */
	326	static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
	327	{
	328	/* We can't let it be zero, because we don't get a callback
	329	when tx_credits becomes nonzero, hence we'd never wake up */
	330	return dlc->mtu * (dlc->tx_credits?:1);
	331	}
	332
	333	static void rfcomm_wfree(struct sk_buff *skb)
	334	{
	335	struct rfcomm_dev dev = (void ) skb->sk;
	336	atomic_sub(skb->truesize, &dev->wmem_alloc);
396dc223 GA	337	if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
396dc223 GA	338	tty_port_tty_wakeup(&dev->port);
67054019	339	tty_port_put(&dev->port);
1da177e4 LT	340	}
1da177e4 LT	341
6039aa73	342	static void rfcomm_set_owner_w(struct sk_buff skb, struct rfcomm_dev dev)
1da177e4	343	{
67054019	344	tty_port_get(&dev->port);
1da177e4 LT	345	atomic_add(skb->truesize, &dev->wmem_alloc);
	346	skb->sk = (void *) dev;
	347	skb->destructor = rfcomm_wfree;
	348	}
	349
dd0fc66f	350	static struct sk_buff rfcomm_wmalloc(struct rfcomm_dev dev, unsigned long size, gfp_t priority)
1da177e4 LT	351	{
	352	if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
	353	struct sk_buff *skb = alloc_skb(size, priority);
	354	if (skb) {
	355	rfcomm_set_owner_w(skb, dev);
	356	return skb;
	357	}
	358	}
	359	return NULL;
	360	}
	361
	362	/* ---- Device IOCTLs ---- */
	363
	364	#define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) \| (1 << RFCOMM_RELEASE_ONHUP))
	365
	366	static int rfcomm_create_dev(struct sock sk, void __user arg)
	367	{
	368	struct rfcomm_dev_req req;
	369	struct rfcomm_dlc *dlc;
	370	int id;
	371
	372	if (copy_from_user(&req, arg, sizeof(req)))
	373	return -EFAULT;
	374
8de0a154	375	BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags);
1da177e4 LT	376
	377	if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
	378	return -EPERM;
	379
	380	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
	381	/* Socket must be connected */
	382	if (sk->sk_state != BT_CONNECTED)
	383	return -EBADFD;
	384
	385	dlc = rfcomm_pi(sk)->dlc;
	386	rfcomm_dlc_hold(dlc);
	387	} else {
	388	dlc = rfcomm_dlc_alloc(GFP_KERNEL);
	389	if (!dlc)
	390	return -ENOMEM;
	391	}
	392
	393	id = rfcomm_dev_add(&req, dlc);
	394	if (id < 0) {
	395	rfcomm_dlc_put(dlc);
	396	return id;
	397	}
	398
	399	if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
	400	/* DLC is now used by device.
	401	* Socket must be disconnected */
	402	sk->sk_state = BT_CLOSED;
	403	}
	404
	405	return id;
	406	}
	407
	408	static int rfcomm_release_dev(void __user *arg)
	409	{
	410	struct rfcomm_dev_req req;
	411	struct rfcomm_dev *dev;
396dc223	412	struct tty_struct *tty;
1da177e4 LT	413
	414	if (copy_from_user(&req, arg, sizeof(req)))
	415	return -EFAULT;
	416
8de0a154	417	BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags);
1da177e4	418
285b4e90 AE	419	dev = rfcomm_dev_get(req.dev_id);
285b4e90 AE	420	if (!dev)
1da177e4 LT	421	return -ENODEV;
	422
	423	if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
67054019	424	tty_port_put(&dev->port);
1da177e4 LT	425	return -EPERM;
	426	}
	427
1c64834e PH	428	/* only release once */
	429	if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
	430	tty_port_put(&dev->port);
	431	return -EALREADY;
	432	}
	433
1da177e4 LT	434	if (req.flags & (1 << RFCOMM_HANGUP_NOW))
	435	rfcomm_dlc_close(dev->dlc, 0);
	436
84950cf0	437	/* Shut down TTY synchronously before freeing rfcomm_dev */
396dc223 GA	438	tty = tty_port_tty_get(&dev->port);
	439	if (tty) {
	440	tty_vhangup(tty);
	441	tty_kref_put(tty);
	442	}
84950cf0	443
1c64834e	444	if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
ece3150d GA	445	tty_port_put(&dev->port);
ece3150d GA	446
67054019	447	tty_port_put(&dev->port);
1da177e4 LT	448	return 0;
	449	}
	450
	451	static int rfcomm_get_dev_list(void __user *arg)
	452	{
8035ded4	453	struct rfcomm_dev *dev;
1da177e4 LT	454	struct rfcomm_dev_list_req *dl;
1da177e4 LT	455	struct rfcomm_dev_info *di;
1da177e4 LT	456	int n = 0, size, err;
	457	u16 dev_num;
	458
	459	BT_DBG("");
	460
	461	if (get_user(dev_num, (u16 __user *) arg))
	462	return -EFAULT;
	463
	464	if (!dev_num \|\| dev_num > (PAGE_SIZE * 4) / sizeof(*di))
	465	return -EINVAL;
	466
	467	size = sizeof(dl) + dev_num sizeof(*di);
	468
f9432c5e	469	dl = kzalloc(size, GFP_KERNEL);
285b4e90	470	if (!dl)
1da177e4 LT	471	return -ENOMEM;
	472
	473	di = dl->dev_info;
	474
393432cd	475	spin_lock(&rfcomm_dev_lock);
1da177e4	476
8035ded4	477	list_for_each_entry(dev, &rfcomm_dev_list, list) {
960603a5	478	if (!tty_port_get(&dev->port))
8de0a154	479	continue;
1da177e4 LT	480	(di + n)->id = dev->id;
	481	(di + n)->flags = dev->flags;
	482	(di + n)->state = dev->dlc->state;
	483	(di + n)->channel = dev->channel;
	484	bacpy(&(di + n)->src, &dev->src);
	485	bacpy(&(di + n)->dst, &dev->dst);
960603a5	486	tty_port_put(&dev->port);
1da177e4 LT	487	if (++n >= dev_num)
	488	break;
	489	}
	490
393432cd	491	spin_unlock(&rfcomm_dev_lock);
1da177e4 LT	492
	493	dl->dev_num = n;
	494	size = sizeof(dl) + n sizeof(*di);
	495
	496	err = copy_to_user(arg, dl, size);
	497	kfree(dl);
	498
	499	return err ? -EFAULT : 0;
	500	}
	501
	502	static int rfcomm_get_dev_info(void __user *arg)
	503	{
	504	struct rfcomm_dev *dev;
	505	struct rfcomm_dev_info di;
	506	int err = 0;
	507
	508	BT_DBG("");
	509
	510	if (copy_from_user(&di, arg, sizeof(di)))
	511	return -EFAULT;
	512
285b4e90 AE	513	dev = rfcomm_dev_get(di.id);
285b4e90 AE	514	if (!dev)
1da177e4 LT	515	return -ENODEV;
	516
	517	di.flags = dev->flags;
	518	di.channel = dev->channel;
	519	di.state = dev->dlc->state;
	520	bacpy(&di.src, &dev->src);
	521	bacpy(&di.dst, &dev->dst);
	522
	523	if (copy_to_user(arg, &di, sizeof(di)))
	524	err = -EFAULT;
	525
67054019	526	tty_port_put(&dev->port);
1da177e4 LT	527	return err;
	528	}
	529
	530	int rfcomm_dev_ioctl(struct sock sk, unsigned int cmd, void __user arg)
	531	{
	532	BT_DBG("cmd %d arg %p", cmd, arg);
	533
	534	switch (cmd) {
	535	case RFCOMMCREATEDEV:
	536	return rfcomm_create_dev(sk, arg);
	537
	538	case RFCOMMRELEASEDEV:
	539	return rfcomm_release_dev(arg);
	540
	541	case RFCOMMGETDEVLIST:
	542	return rfcomm_get_dev_list(arg);
	543
	544	case RFCOMMGETDEVINFO:
	545	return rfcomm_get_dev_info(arg);
	546	}
	547
	548	return -EINVAL;
	549	}
	550
	551	/* ---- DLC callbacks ---- */
	552	static void rfcomm_dev_data_ready(struct rfcomm_dlc dlc, struct sk_buff skb)
	553	{
	554	struct rfcomm_dev *dev = dlc->owner;
8e87d142	555
a0c22f22	556	if (!dev) {
1da177e4 LT	557	kfree_skb(skb);
	558	return;
	559	}
	560
2e124b4a	561	if (!skb_queue_empty(&dev->pending)) {
a0c22f22 MH	562	skb_queue_tail(&dev->pending, skb);
	563	return;
	564	}
	565
2e124b4a	566	BT_DBG("dlc %p len %d", dlc, skb->len);
1da177e4	567
05c7cd39	568	tty_insert_flip_string(&dev->port, skb->data, skb->len);
2e124b4a	569	tty_flip_buffer_push(&dev->port);
1da177e4 LT	570
	571	kfree_skb(skb);
	572	}
	573
	574	static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
	575	{
	576	struct rfcomm_dev *dev = dlc->owner;
	577	if (!dev)
	578	return;
8e87d142	579
1da177e4 LT	580	BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
	581
	582	dev->err = err;
136c373b PH	583	if (dlc->state == BT_CONNECTED) {
	584	device_move(dev->tty_dev, rfcomm_get_device(dev),
	585	DPM_ORDER_DEV_AFTER_PARENT);
1da177e4	586
136c373b PH	587	wake_up_interruptible(&dev->port.open_wait);
136c373b PH	588	} else if (dlc->state == BT_CLOSED)
29cd718b	589	tty_port_tty_hangup(&dev->port, false);
1da177e4 LT	590	}
	591
	592	static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
	593	{
	594	struct rfcomm_dev *dev = dlc->owner;
	595	if (!dev)
	596	return;