]>
Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | RFCOMM implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> | |
4 | Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> | |
5 | ||
6 | This program is free software; you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License version 2 as | |
8 | published by the Free Software Foundation; | |
9 | ||
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | ||
8e87d142 YH |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ | |
23 | ||
24 | /* | |
25 | * RFCOMM TTY. | |
1da177e4 LT |
26 | */ |
27 | ||
1da177e4 LT |
28 | #include <linux/module.h> |
29 | ||
30 | #include <linux/tty.h> | |
31 | #include <linux/tty_driver.h> | |
32 | #include <linux/tty_flip.h> | |
33 | ||
1da177e4 | 34 | #include <net/bluetooth/bluetooth.h> |
0a85b964 | 35 | #include <net/bluetooth/hci_core.h> |
1da177e4 LT |
36 | #include <net/bluetooth/rfcomm.h> |
37 | ||
1da177e4 LT |
38 | #define RFCOMM_TTY_MAGIC 0x6d02 /* magic number for rfcomm struct */ |
39 | #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */ | |
40 | #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ | |
41 | #define RFCOMM_TTY_MINOR 0 | |
42 | ||
033ace99 | 43 | static DEFINE_MUTEX(rfcomm_ioctl_mutex); |
1da177e4 LT |
44 | static struct tty_driver *rfcomm_tty_driver; |
45 | ||
46 | struct rfcomm_dev { | |
f60db8c4 | 47 | struct tty_port port; |
1da177e4 | 48 | struct list_head list; |
1da177e4 LT |
49 | |
50 | char name[12]; | |
51 | int id; | |
52 | unsigned long flags; | |
1da177e4 LT |
53 | int err; |
54 | ||
1c64834e PH |
55 | unsigned long status; /* don't export to userspace */ |
56 | ||
1da177e4 LT |
57 | bdaddr_t src; |
58 | bdaddr_t dst; | |
285b4e90 | 59 | u8 channel; |
1da177e4 | 60 | |
285b4e90 | 61 | uint modem_status; |
1da177e4 LT |
62 | |
63 | struct rfcomm_dlc *dlc; | |
1da177e4 | 64 | |
c1a33136 MH |
65 | struct device *tty_dev; |
66 | ||
285b4e90 | 67 | atomic_t wmem_alloc; |
a0c22f22 MH |
68 | |
69 | struct sk_buff_head pending; | |
1da177e4 LT |
70 | }; |
71 | ||
72 | static LIST_HEAD(rfcomm_dev_list); | |
86aae6c7 | 73 | static DEFINE_MUTEX(rfcomm_dev_lock); |
1da177e4 LT |
74 | |
75 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb); | |
76 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err); | |
77 | static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig); | |
78 | ||
1da177e4 | 79 | /* ---- Device functions ---- */ |
67054019 | 80 | |
67054019 | 81 | static void rfcomm_dev_destruct(struct tty_port *port) |
1da177e4 | 82 | { |
67054019 | 83 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
1da177e4 LT |
84 | struct rfcomm_dlc *dlc = dev->dlc; |
85 | ||
86 | BT_DBG("dev %p dlc %p", dev, dlc); | |
87 | ||
88 | rfcomm_dlc_lock(dlc); | |
89 | /* Detach DLC if it's owned by this dev */ | |
90 | if (dlc->owner == dev) | |
91 | dlc->owner = NULL; | |
92 | rfcomm_dlc_unlock(dlc); | |
93 | ||
94 | rfcomm_dlc_put(dlc); | |
95 | ||
fb856e50 PH |
96 | if (dev->tty_dev) |
97 | tty_unregister_device(rfcomm_tty_driver, dev->id); | |
1da177e4 | 98 | |
86aae6c7 | 99 | mutex_lock(&rfcomm_dev_lock); |
c949c224 | 100 | list_del(&dev->list); |
86aae6c7 | 101 | mutex_unlock(&rfcomm_dev_lock); |
c949c224 | 102 | |
1da177e4 LT |
103 | kfree(dev); |
104 | ||
8e87d142 | 105 | /* It's safe to call module_put() here because socket still |
1da177e4 LT |
106 | holds reference to this module. */ |
107 | module_put(THIS_MODULE); | |
108 | } | |
109 | ||
cad348a1 GA |
110 | /* device-specific initialization: open the dlc */ |
111 | static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) | |
112 | { | |
113 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); | |
5326a4ee | 114 | int err; |
cad348a1 | 115 | |
5326a4ee PH |
116 | err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); |
117 | if (err) | |
118 | set_bit(TTY_IO_ERROR, &tty->flags); | |
119 | return err; | |
cad348a1 GA |
120 | } |
121 | ||
7f717b91 PH |
122 | /* we block the open until the dlc->state becomes BT_CONNECTED */ |
123 | static int rfcomm_dev_carrier_raised(struct tty_port *port) | |
124 | { | |
125 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); | |
126 | ||
127 | return (dev->dlc->state == BT_CONNECTED); | |
128 | } | |
129 | ||
cad348a1 GA |
130 | /* device-specific cleanup: close the dlc */ |
131 | static void rfcomm_dev_shutdown(struct tty_port *port) | |
132 | { | |
133 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); | |
134 | ||
135 | if (dev->tty_dev->parent) | |
136 | device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); | |
137 | ||
138 | /* close the dlc */ | |
139 | rfcomm_dlc_close(dev->dlc, 0); | |
140 | } | |
141 | ||
67054019 JS |
142 | static const struct tty_port_operations rfcomm_port_ops = { |
143 | .destruct = rfcomm_dev_destruct, | |
cad348a1 GA |
144 | .activate = rfcomm_dev_activate, |
145 | .shutdown = rfcomm_dev_shutdown, | |
136c373b | 146 | .carrier_raised = rfcomm_dev_carrier_raised, |
67054019 | 147 | }; |
1da177e4 | 148 | |
7611fced | 149 | static struct rfcomm_dev *__rfcomm_dev_lookup(int id) |
1da177e4 LT |
150 | { |
151 | struct rfcomm_dev *dev; | |
1da177e4 | 152 | |
8035ded4 | 153 | list_for_each_entry(dev, &rfcomm_dev_list, list) |
1da177e4 LT |
154 | if (dev->id == id) |
155 | return dev; | |
1da177e4 LT |
156 | |
157 | return NULL; | |
158 | } | |
159 | ||
6039aa73 | 160 | static struct rfcomm_dev *rfcomm_dev_get(int id) |
1da177e4 LT |
161 | { |
162 | struct rfcomm_dev *dev; | |
163 | ||
86aae6c7 | 164 | mutex_lock(&rfcomm_dev_lock); |
1da177e4 | 165 | |
7611fced | 166 | dev = __rfcomm_dev_lookup(id); |
8de0a154 | 167 | |
082a1532 PH |
168 | if (dev && !tty_port_get(&dev->port)) |
169 | dev = NULL; | |
1da177e4 | 170 | |
86aae6c7 | 171 | mutex_unlock(&rfcomm_dev_lock); |
1da177e4 LT |
172 | |
173 | return dev; | |
174 | } | |
175 | ||
b92483d5 | 176 | static void rfcomm_reparent_device(struct rfcomm_dev *dev) |
f87c24e7 PH |
177 | { |
178 | struct hci_dev *hdev; | |
179 | struct hci_conn *conn; | |
180 | ||
181 | hdev = hci_get_route(&dev->dst, &dev->src); | |
182 | if (!hdev) | |
b92483d5 | 183 | return; |
f87c24e7 | 184 | |
b92483d5 PH |
185 | /* The lookup results are unsafe to access without the |
186 | * hci device lock (FIXME: why is this not documented?) | |
187 | */ | |
188 | hci_dev_lock(hdev); | |
f87c24e7 PH |
189 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); |
190 | ||
b92483d5 PH |
191 | /* Just because the acl link is in the hash table is no |
192 | * guarantee the sysfs device has been added ... | |
193 | */ | |
194 | if (conn && device_is_registered(&conn->dev)) | |
195 | device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); | |
f87c24e7 | 196 | |
b92483d5 PH |
197 | hci_dev_unlock(hdev); |
198 | hci_dev_put(hdev); | |
f87c24e7 PH |
199 | } |
200 | ||
dae6a0f6 MH |
201 | static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) |
202 | { | |
203 | struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); | |
fcb73338 | 204 | return sprintf(buf, "%pMR\n", &dev->dst); |
dae6a0f6 MH |
205 | } |
206 | ||
207 | static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) | |
208 | { | |
209 | struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); | |
210 | return sprintf(buf, "%d\n", dev->channel); | |
211 | } | |
212 | ||
213 | static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); | |
214 | static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); | |
215 | ||
f3550957 PH |
216 | static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, |
217 | struct rfcomm_dlc *dlc) | |
1da177e4 | 218 | { |
8035ded4 | 219 | struct rfcomm_dev *dev, *entry; |
e57d758a | 220 | struct list_head *head = &rfcomm_dev_list; |
1da177e4 LT |
221 | int err = 0; |
222 | ||
25ea6db0 | 223 | dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); |
1da177e4 | 224 | if (!dev) |
f3550957 | 225 | return ERR_PTR(-ENOMEM); |
1da177e4 | 226 | |
86aae6c7 | 227 | mutex_lock(&rfcomm_dev_lock); |
1da177e4 LT |
228 | |
229 | if (req->dev_id < 0) { | |
230 | dev->id = 0; | |
231 | ||
8035ded4 LAD |
232 | list_for_each_entry(entry, &rfcomm_dev_list, list) { |
233 | if (entry->id != dev->id) | |
1da177e4 LT |
234 | break; |
235 | ||
236 | dev->id++; | |
e57d758a | 237 | head = &entry->list; |
1da177e4 LT |
238 | } |
239 | } else { | |
240 | dev->id = req->dev_id; | |
241 | ||
8035ded4 | 242 | list_for_each_entry(entry, &rfcomm_dev_list, list) { |
1da177e4 LT |
243 | if (entry->id == dev->id) { |
244 | err = -EADDRINUSE; | |
245 | goto out; | |
246 | } | |
247 | ||
248 | if (entry->id > dev->id - 1) | |
249 | break; | |
250 | ||
e57d758a | 251 | head = &entry->list; |
1da177e4 LT |
252 | } |
253 | } | |
254 | ||
255 | if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) { | |
256 | err = -ENFILE; | |
257 | goto out; | |
258 | } | |
259 | ||
260 | sprintf(dev->name, "rfcomm%d", dev->id); | |
261 | ||
262 | list_add(&dev->list, head); | |
1da177e4 LT |
263 | |
264 | bacpy(&dev->src, &req->src); | |
265 | bacpy(&dev->dst, &req->dst); | |
266 | dev->channel = req->channel; | |
267 | ||
8e87d142 | 268 | dev->flags = req->flags & |
1da177e4 LT |
269 | ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC)); |
270 | ||
f60db8c4 | 271 | tty_port_init(&dev->port); |
67054019 | 272 | dev->port.ops = &rfcomm_port_ops; |
1da177e4 | 273 | |
a0c22f22 MH |
274 | skb_queue_head_init(&dev->pending); |
275 | ||
1da177e4 | 276 | rfcomm_dlc_lock(dlc); |
a0c22f22 MH |
277 | |
278 | if (req->flags & (1 << RFCOMM_REUSE_DLC)) { | |
279 | struct sock *sk = dlc->owner; | |
280 | struct sk_buff *skb; | |
281 | ||
282 | BUG_ON(!sk); | |
283 | ||
284 | rfcomm_dlc_throttle(dlc); | |
285 | ||
286 | while ((skb = skb_dequeue(&sk->sk_receive_queue))) { | |
287 | skb_orphan(skb); | |
288 | skb_queue_tail(&dev->pending, skb); | |
289 | atomic_sub(skb->len, &sk->sk_rmem_alloc); | |
290 | } | |
291 | } | |
292 | ||
1da177e4 LT |
293 | dlc->data_ready = rfcomm_dev_data_ready; |
294 | dlc->state_change = rfcomm_dev_state_change; | |
295 | dlc->modem_status = rfcomm_dev_modem_status; | |
296 | ||
297 | dlc->owner = dev; | |
298 | dev->dlc = dlc; | |
8b6b3da7 MH |
299 | |
300 | rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig); | |
301 | ||
1da177e4 LT |
302 | rfcomm_dlc_unlock(dlc); |
303 | ||
8e87d142 | 304 | /* It's safe to call __module_get() here because socket already |
1da177e4 LT |
305 | holds reference to this module. */ |
306 | __module_get(THIS_MODULE); | |
307 | ||
86aae6c7 | 308 | mutex_unlock(&rfcomm_dev_lock); |
f3550957 PH |
309 | return dev; |
310 | ||
1da177e4 | 311 | out: |
86aae6c7 | 312 | mutex_unlock(&rfcomm_dev_lock); |
f3550957 PH |
313 | kfree(dev); |
314 | return ERR_PTR(err); | |
315 | } | |
1da177e4 | 316 | |
f3550957 PH |
317 | static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) |
318 | { | |
319 | struct rfcomm_dev *dev; | |
320 | struct device *tty; | |
321 | ||
322 | BT_DBG("id %d channel %d", req->dev_id, req->channel); | |
323 | ||
324 | dev = __rfcomm_dev_add(req, dlc); | |
fb856e50 PH |
325 | if (IS_ERR(dev)) { |
326 | rfcomm_dlc_put(dlc); | |
f3550957 | 327 | return PTR_ERR(dev); |
fb856e50 | 328 | } |
1da177e4 | 329 | |
f3550957 | 330 | tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, |
734cc178 | 331 | dev->id, NULL); |
f3550957 | 332 | if (IS_ERR(tty)) { |
fb856e50 | 333 | tty_port_put(&dev->port); |
f3550957 | 334 | return PTR_ERR(tty); |
8de0a154 VT |
335 | } |
336 | ||
f3550957 | 337 | dev->tty_dev = tty; |
b4d21f19 | 338 | rfcomm_reparent_device(dev); |
dae6a0f6 MH |
339 | dev_set_drvdata(dev->tty_dev, dev); |
340 | ||
341 | if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) | |
342 | BT_ERR("Failed to create address attribute"); | |
343 | ||
344 | if (device_create_file(dev->tty_dev, &dev_attr_channel) < 0) | |
345 | BT_ERR("Failed to create channel attribute"); | |
346 | ||
1da177e4 LT |
347 | return dev->id; |
348 | } | |
349 | ||
1da177e4 | 350 | /* ---- Send buffer ---- */ |
b16b4351 | 351 | static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) |
1da177e4 | 352 | { |
b16b4351 PH |
353 | struct rfcomm_dlc *dlc = dev->dlc; |
354 | ||
8981be9b PH |
355 | /* Limit the outstanding number of packets not yet sent to 40 */ |
356 | int pending = 40 - atomic_read(&dev->wmem_alloc); | |
b16b4351 | 357 | |
8981be9b | 358 | return max(0, pending) * dlc->mtu; |
1da177e4 LT |
359 | } |
360 | ||
361 | static void rfcomm_wfree(struct sk_buff *skb) | |
362 | { | |
363 | struct rfcomm_dev *dev = (void *) skb->sk; | |
8981be9b | 364 | atomic_dec(&dev->wmem_alloc); |
396dc223 GA |
365 | if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) |
366 | tty_port_tty_wakeup(&dev->port); | |
67054019 | 367 | tty_port_put(&dev->port); |
1da177e4 LT |
368 | } |
369 | ||
6039aa73 | 370 | static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) |
1da177e4 | 371 | { |
67054019 | 372 | tty_port_get(&dev->port); |
8981be9b | 373 | atomic_inc(&dev->wmem_alloc); |
1da177e4 LT |
374 | skb->sk = (void *) dev; |
375 | skb->destructor = rfcomm_wfree; | |
376 | } | |
377 | ||
dd0fc66f | 378 | static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) |
1da177e4 | 379 | { |
72e5108c PH |
380 | struct sk_buff *skb = alloc_skb(size, priority); |
381 | if (skb) | |
382 | rfcomm_set_owner_w(skb, dev); | |
383 | return skb; | |
1da177e4 LT |
384 | } |
385 | ||
386 | /* ---- Device IOCTLs ---- */ | |
387 | ||
388 | #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) | |
389 | ||
033ace99 | 390 | static int __rfcomm_create_dev(struct sock *sk, void __user *arg) |
1da177e4 LT |
391 | { |
392 | struct rfcomm_dev_req req; | |
393 | struct rfcomm_dlc *dlc; | |
394 | int id; | |
395 | ||
396 | if (copy_from_user(&req, arg, sizeof(req))) | |
397 | return -EFAULT; | |
398 | ||
8de0a154 | 399 | BT_DBG("sk %p dev_id %d flags 0x%x", sk, req.dev_id, req.flags); |
1da177e4 LT |
400 | |
401 | if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) | |
402 | return -EPERM; | |
403 | ||
404 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { | |
405 | /* Socket must be connected */ | |
406 | if (sk->sk_state != BT_CONNECTED) | |
407 | return -EBADFD; | |
408 | ||
409 | dlc = rfcomm_pi(sk)->dlc; | |
410 | rfcomm_dlc_hold(dlc); | |
411 | } else { | |
c10a848c PH |
412 | /* Validate the channel is unused */ |
413 | dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); | |
414 | if (IS_ERR(dlc)) | |
415 | return PTR_ERR(dlc); | |
416 | else if (dlc) { | |
417 | rfcomm_dlc_put(dlc); | |
418 | return -EBUSY; | |
419 | } | |
1da177e4 LT |
420 | dlc = rfcomm_dlc_alloc(GFP_KERNEL); |
421 | if (!dlc) | |
422 | return -ENOMEM; | |
423 | } | |
424 | ||
425 | id = rfcomm_dev_add(&req, dlc); | |
fb856e50 | 426 | if (id < 0) |
1da177e4 | 427 | return id; |
1da177e4 LT |
428 | |
429 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { | |
430 | /* DLC is now used by device. | |
431 | * Socket must be disconnected */ | |
432 | sk->sk_state = BT_CLOSED; | |
433 | } | |
434 | ||
435 | return id; | |
436 | } | |
437 | ||
033ace99 | 438 | static int __rfcomm_release_dev(void __user *arg) |
1da177e4 LT |
439 | { |
440 | struct rfcomm_dev_req req; | |
441 | struct rfcomm_dev *dev; | |
396dc223 | 442 | struct tty_struct *tty; |
1da177e4 LT |
443 | |
444 | if (copy_from_user(&req, arg, sizeof(req))) | |
445 | return -EFAULT; | |
446 | ||
8de0a154 | 447 | BT_DBG("dev_id %d flags 0x%x", req.dev_id, req.flags); |
1da177e4 | 448 | |
285b4e90 AE |
449 | dev = rfcomm_dev_get(req.dev_id); |
450 | if (!dev) | |
1da177e4 LT |
451 | return -ENODEV; |
452 | ||
453 | if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) { | |
67054019 | 454 | tty_port_put(&dev->port); |
1da177e4 LT |
455 | return -EPERM; |
456 | } | |
457 | ||
1c64834e PH |
458 | /* only release once */ |
459 | if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { | |
460 | tty_port_put(&dev->port); | |
461 | return -EALREADY; | |
462 | } | |
463 | ||
1da177e4 LT |
464 | if (req.flags & (1 << RFCOMM_HANGUP_NOW)) |
465 | rfcomm_dlc_close(dev->dlc, 0); | |
466 | ||
84950cf0 | 467 | /* Shut down TTY synchronously before freeing rfcomm_dev */ |
396dc223 GA |
468 | tty = tty_port_tty_get(&dev->port); |
469 | if (tty) { | |
470 | tty_vhangup(tty); | |
471 | tty_kref_put(tty); | |
472 | } | |
84950cf0 | 473 | |
80ea7337 | 474 | if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) |
ece3150d GA |
475 | tty_port_put(&dev->port); |
476 | ||
67054019 | 477 | tty_port_put(&dev->port); |
1da177e4 LT |
478 | return 0; |
479 | } | |
480 | ||
033ace99 PH |
481 | static int rfcomm_create_dev(struct sock *sk, void __user *arg) |
482 | { | |
483 | int ret; | |
484 | ||
485 | mutex_lock(&rfcomm_ioctl_mutex); | |
486 | ret = __rfcomm_create_dev(sk, arg); | |
487 | mutex_unlock(&rfcomm_ioctl_mutex); | |
488 | ||
489 | return ret; | |
490 | } | |
491 | ||
492 | static int rfcomm_release_dev(void __user *arg) | |
493 | { | |
494 | int ret; | |
495 | ||
496 | mutex_lock(&rfcomm_ioctl_mutex); | |
497 | ret = __rfcomm_release_dev(arg); | |
498 | mutex_unlock(&rfcomm_ioctl_mutex); | |
499 | ||
500 | return ret; | |
501 | } | |
502 | ||
1da177e4 LT |
503 | static int rfcomm_get_dev_list(void __user *arg) |
504 | { | |
8035ded4 | 505 | struct rfcomm_dev *dev; |
1da177e4 LT |
506 | struct rfcomm_dev_list_req *dl; |
507 | struct rfcomm_dev_info *di; | |
1da177e4 LT |
508 | int n = 0, size, err; |
509 | u16 dev_num; | |
510 | ||
511 | BT_DBG(""); | |
512 | ||
513 | if (get_user(dev_num, (u16 __user *) arg)) | |
514 | return -EFAULT; | |
515 | ||
516 | if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) | |
517 | return -EINVAL; | |
518 | ||
519 | size = sizeof(*dl) + dev_num * sizeof(*di); | |
520 | ||
f9432c5e | 521 | dl = kzalloc(size, GFP_KERNEL); |
285b4e90 | 522 | if (!dl) |
1da177e4 LT |
523 | return -ENOMEM; |
524 | ||
525 | di = dl->dev_info; | |
526 | ||
86aae6c7 | 527 | mutex_lock(&rfcomm_dev_lock); |
1da177e4 | 528 | |
8035ded4 | 529 | list_for_each_entry(dev, &rfcomm_dev_list, list) { |
960603a5 | 530 | if (!tty_port_get(&dev->port)) |
8de0a154 | 531 | continue; |
1da177e4 LT |
532 | (di + n)->id = dev->id; |
533 | (di + n)->flags = dev->flags; | |
534 | (di + n)->state = dev->dlc->state; | |
535 | (di + n)->channel = dev->channel; | |
536 | bacpy(&(di + n)->src, &dev->src); | |
537 | bacpy(&(di + n)->dst, &dev->dst); | |
960603a5 | 538 | tty_port_put(&dev->port); |
1da177e4 LT |
539 | if (++n >= dev_num) |
540 | break; | |
541 | } | |
542 | ||
86aae6c7 | 543 | mutex_unlock(&rfcomm_dev_lock); |
1da177e4 LT |
544 | |
545 | dl->dev_num = n; | |
546 | size = sizeof(*dl) + n * sizeof(*di); | |
547 | ||
548 | err = copy_to_user(arg, dl, size); | |
549 | kfree(dl); | |
550 | ||
551 | return err ? -EFAULT : 0; | |
552 | } | |
553 | ||
554 | static int rfcomm_get_dev_info(void __user *arg) | |
555 | { | |
556 | struct rfcomm_dev *dev; | |
557 | struct rfcomm_dev_info di; | |
558 | int err = 0; | |
559 | ||
560 | BT_DBG(""); | |
561 | ||
562 | if (copy_from_user(&di, arg, sizeof(di))) | |
563 | return -EFAULT; | |
564 | ||
285b4e90 AE |
565 | dev = rfcomm_dev_get(di.id); |
566 | if (!dev) | |
1da177e4 LT |
567 | return -ENODEV; |
568 | ||
569 | di.flags = dev->flags; | |
570 | di.channel = dev->channel; | |
571 | di.state = dev->dlc->state; | |
572 | bacpy(&di.src, &dev->src); | |
573 | bacpy(&di.dst, &dev->dst); | |
574 | ||
575 | if (copy_to_user(arg, &di, sizeof(di))) | |
576 | err = -EFAULT; | |
577 | ||
67054019 | 578 | tty_port_put(&dev->port); |
1da177e4 LT |
579 | return err; |
580 | } | |
581 | ||
582 | int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) | |
583 | { | |
584 | BT_DBG("cmd %d arg %p", cmd, arg); | |
585 | ||
586 | switch (cmd) { | |
587 | case RFCOMMCREATEDEV: | |
588 | return rfcomm_create_dev(sk, arg); | |
589 | ||
590 | case RFCOMMRELEASEDEV: | |
591 | return rfcomm_release_dev(arg); | |
592 | ||
593 | case RFCOMMGETDEVLIST: | |
594 | return rfcomm_get_dev_list(arg); | |
595 | ||
596 | case RFCOMMGETDEVINFO: | |
597 | return rfcomm_get_dev_info(arg); | |
598 | } | |
599 | ||
600 | return -EINVAL; | |
601 | } | |
602 | ||
603 | /* ---- DLC callbacks ---- */ | |
604 | static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb) | |
605 | { | |
606 | struct rfcomm_dev *dev = dlc->owner; | |
8e87d142 | 607 | |
a0c22f22 | 608 | if (!dev) { |
1da177e4 LT |
609 | kfree_skb(skb); |
610 | return; | |
611 | } | |
612 | ||
2e124b4a | 613 | if (!skb_queue_empty(&dev->pending)) { |
a0c22f22 MH |
614 | skb_queue_tail(&dev->pending, skb); |
615 | return; | |
616 | } | |
617 | ||
2e124b4a | 618 | BT_DBG("dlc %p len %d", dlc, skb->len); |
1da177e4 | 619 | |
05c7cd39 | 620 | tty_insert_flip_string(&dev->port, skb->data, skb->len); |
2e124b4a | 621 | tty_flip_buffer_push(&dev->port); |
1da177e4 LT |
622 | |
623 | kfree_skb(skb); | |
624 | } | |
625 | ||
626 | static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) | |
627 | { | |
628 | struct rfcomm_dev *dev = dlc->owner; | |
629 | if (!dev) | |
630 | return; | |
8e87d142 | 631 | |
1da177e4 LT |
632 | BT_DBG("dlc %p dev %p err %d", dlc, dev, err); |
633 | ||
634 | dev->err = err; | |
136c373b | 635 | if (dlc->state == BT_CONNECTED) { |
b92483d5 | 636 | rfcomm_reparent_device(dev); |
1da177e4 | 637 | |
136c373b PH |
638 | wake_up_interruptible(&dev->port.open_wait); |
639 | } else if (dlc->state == BT_CLOSED) | |
29cd718b | 640 | tty_port_tty_hangup(&dev->port, false); |
1da177e4 LT |
641 | } |
642 | ||
643 | static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) | |
644 | { | |
645 | struct rfcomm_dev *dev = dlc->owner; | |
646 | if (!dev) | |
647 | return; | |