[Bluetooth] Remaining transitions to use kzalloc()
[pandora-kernel.git] / net / bluetooth / rfcomm / tty.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * RFCOMM TTY.
26  *
27  * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28  */
29
30 #include <linux/module.h>
31
32 #include <linux/tty.h>
33 #include <linux/tty_driver.h>
34 #include <linux/tty_flip.h>
35
36 #include <linux/capability.h>
37 #include <linux/slab.h>
38 #include <linux/skbuff.h>
39
40 #include <net/bluetooth/bluetooth.h>
41 #include <net/bluetooth/rfcomm.h>
42
43 #ifndef CONFIG_BT_RFCOMM_DEBUG
44 #undef  BT_DBG
45 #define BT_DBG(D...)
46 #endif
47
48 #define RFCOMM_TTY_MAGIC 0x6d02         /* magic number for rfcomm struct */
49 #define RFCOMM_TTY_PORTS RFCOMM_MAX_DEV /* whole lotta rfcomm devices */
50 #define RFCOMM_TTY_MAJOR 216            /* device node major id of the usb/bluetooth.c driver */
51 #define RFCOMM_TTY_MINOR 0
52
53 static struct tty_driver *rfcomm_tty_driver;
54
55 struct rfcomm_dev {
56         struct list_head        list;
57         atomic_t                refcnt;
58
59         char                    name[12];
60         int                     id;
61         unsigned long           flags;
62         int                     opened;
63         int                     err;
64
65         bdaddr_t                src;
66         bdaddr_t                dst;
67         u8                      channel;
68
69         uint                    modem_status;
70
71         struct rfcomm_dlc       *dlc;
72         struct tty_struct       *tty;
73         wait_queue_head_t       wait;
74         struct tasklet_struct   wakeup_task;
75
76         atomic_t                wmem_alloc;
77 };
78
79 static LIST_HEAD(rfcomm_dev_list);
80 static DEFINE_RWLOCK(rfcomm_dev_lock);
81
82 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
83 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
84 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
85
86 static void rfcomm_tty_wakeup(unsigned long arg);
87
88 /* ---- Device functions ---- */
89 static void rfcomm_dev_destruct(struct rfcomm_dev *dev)
90 {
91         struct rfcomm_dlc *dlc = dev->dlc;
92
93         BT_DBG("dev %p dlc %p", dev, dlc);
94
95         rfcomm_dlc_lock(dlc);
96         /* Detach DLC if it's owned by this dev */
97         if (dlc->owner == dev)
98                 dlc->owner = NULL;
99         rfcomm_dlc_unlock(dlc);
100
101         rfcomm_dlc_put(dlc);
102
103         tty_unregister_device(rfcomm_tty_driver, dev->id);
104
105         /* Refcount should only hit zero when called from rfcomm_dev_del()
106            which will have taken us off the list. Everything else are
107            refcounting bugs. */
108         BUG_ON(!list_empty(&dev->list));
109
110         kfree(dev);
111
112         /* It's safe to call module_put() here because socket still 
113            holds reference to this module. */
114         module_put(THIS_MODULE);
115 }
116
117 static inline void rfcomm_dev_hold(struct rfcomm_dev *dev)
118 {
119         atomic_inc(&dev->refcnt);
120 }
121
122 static inline void rfcomm_dev_put(struct rfcomm_dev *dev)
123 {
124         /* The reason this isn't actually a race, as you no
125            doubt have a little voice screaming at you in your
126            head, is that the refcount should never actually
127            reach zero unless the device has already been taken
128            off the list, in rfcomm_dev_del(). And if that's not
129            true, we'll hit the BUG() in rfcomm_dev_destruct()
130            anyway. */
131         if (atomic_dec_and_test(&dev->refcnt))
132                 rfcomm_dev_destruct(dev);
133 }
134
135 static struct rfcomm_dev *__rfcomm_dev_get(int id)
136 {
137         struct rfcomm_dev *dev;
138         struct list_head  *p;
139
140         list_for_each(p, &rfcomm_dev_list) {
141                 dev = list_entry(p, struct rfcomm_dev, list);
142                 if (dev->id == id)
143                         return dev;
144         }
145
146         return NULL;
147 }
148
149 static inline struct rfcomm_dev *rfcomm_dev_get(int id)
150 {
151         struct rfcomm_dev *dev;
152
153         read_lock(&rfcomm_dev_lock);
154
155         dev = __rfcomm_dev_get(id);
156         if (dev)
157                 rfcomm_dev_hold(dev);
158
159         read_unlock(&rfcomm_dev_lock);
160
161         return dev;
162 }
163
164 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
165 {
166         struct rfcomm_dev *dev;
167         struct list_head *head = &rfcomm_dev_list, *p;
168         int err = 0;
169
170         BT_DBG("id %d channel %d", req->dev_id, req->channel);
171         
172         dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL);
173         if (!dev)
174                 return -ENOMEM;
175
176         write_lock_bh(&rfcomm_dev_lock);
177
178         if (req->dev_id < 0) {
179                 dev->id = 0;
180
181                 list_for_each(p, &rfcomm_dev_list) {
182                         if (list_entry(p, struct rfcomm_dev, list)->id != dev->id)
183                                 break;
184
185                         dev->id++;
186                         head = p;
187                 }
188         } else {
189                 dev->id = req->dev_id;
190
191                 list_for_each(p, &rfcomm_dev_list) {
192                         struct rfcomm_dev *entry = list_entry(p, struct rfcomm_dev, list);
193
194                         if (entry->id == dev->id) {
195                                 err = -EADDRINUSE;
196                                 goto out;
197                         }
198
199                         if (entry->id > dev->id - 1)
200                                 break;
201
202                         head = p;
203                 }
204         }
205
206         if ((dev->id < 0) || (dev->id > RFCOMM_MAX_DEV - 1)) {
207                 err = -ENFILE;
208                 goto out;
209         }
210
211         sprintf(dev->name, "rfcomm%d", dev->id);
212
213         list_add(&dev->list, head);
214         atomic_set(&dev->refcnt, 1);
215
216         bacpy(&dev->src, &req->src);
217         bacpy(&dev->dst, &req->dst);
218         dev->channel = req->channel;
219
220         dev->flags = req->flags & 
221                 ((1 << RFCOMM_RELEASE_ONHUP) | (1 << RFCOMM_REUSE_DLC));
222
223         init_waitqueue_head(&dev->wait);
224         tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
225
226         rfcomm_dlc_lock(dlc);
227         dlc->data_ready   = rfcomm_dev_data_ready;
228         dlc->state_change = rfcomm_dev_state_change;
229         dlc->modem_status = rfcomm_dev_modem_status;
230
231         dlc->owner = dev;
232         dev->dlc   = dlc;
233         rfcomm_dlc_unlock(dlc);
234
235         /* It's safe to call __module_get() here because socket already 
236            holds reference to this module. */
237         __module_get(THIS_MODULE);
238
239 out:
240         write_unlock_bh(&rfcomm_dev_lock);
241
242         if (err) {
243                 kfree(dev);
244                 return err;
245         }
246
247         tty_register_device(rfcomm_tty_driver, dev->id, NULL);
248
249         return dev->id;
250 }
251
252 static void rfcomm_dev_del(struct rfcomm_dev *dev)
253 {
254         BT_DBG("dev %p", dev);
255
256         write_lock_bh(&rfcomm_dev_lock);
257         list_del_init(&dev->list);
258         write_unlock_bh(&rfcomm_dev_lock);
259
260         rfcomm_dev_put(dev);
261 }
262
263 /* ---- Send buffer ---- */
264 static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
265 {
266         /* We can't let it be zero, because we don't get a callback
267            when tx_credits becomes nonzero, hence we'd never wake up */
268         return dlc->mtu * (dlc->tx_credits?:1);
269 }
270
271 static void rfcomm_wfree(struct sk_buff *skb)
272 {
273         struct rfcomm_dev *dev = (void *) skb->sk;
274         atomic_sub(skb->truesize, &dev->wmem_alloc);
275         if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
276                 tasklet_schedule(&dev->wakeup_task);
277         rfcomm_dev_put(dev);
278 }
279
280 static inline void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev)
281 {
282         rfcomm_dev_hold(dev);
283         atomic_add(skb->truesize, &dev->wmem_alloc);
284         skb->sk = (void *) dev;
285         skb->destructor = rfcomm_wfree;
286 }
287
288 static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority)
289 {
290         if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) {
291                 struct sk_buff *skb = alloc_skb(size, priority);
292                 if (skb) {
293                         rfcomm_set_owner_w(skb, dev);
294                         return skb;
295                 }
296         }
297         return NULL;
298 }
299
300 /* ---- Device IOCTLs ---- */
301
302 #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP))
303
304 static int rfcomm_create_dev(struct sock *sk, void __user *arg)
305 {
306         struct rfcomm_dev_req req;
307         struct rfcomm_dlc *dlc;
308         int id;
309
310         if (copy_from_user(&req, arg, sizeof(req)))
311                 return -EFAULT;
312
313         BT_DBG("sk %p dev_id %id flags 0x%x", sk, req.dev_id, req.flags);
314
315         if (req.flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN))
316                 return -EPERM;
317
318         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
319                 /* Socket must be connected */
320                 if (sk->sk_state != BT_CONNECTED)
321                         return -EBADFD;
322
323                 dlc = rfcomm_pi(sk)->dlc;
324                 rfcomm_dlc_hold(dlc);
325         } else {
326                 dlc = rfcomm_dlc_alloc(GFP_KERNEL);
327                 if (!dlc)
328                         return -ENOMEM;
329         }
330
331         id = rfcomm_dev_add(&req, dlc);
332         if (id < 0) {
333                 rfcomm_dlc_put(dlc);
334                 return id;
335         }
336
337         if (req.flags & (1 << RFCOMM_REUSE_DLC)) {
338                 /* DLC is now used by device.
339                  * Socket must be disconnected */
340                 sk->sk_state = BT_CLOSED;
341         }
342
343         return id;
344 }
345
346 static int rfcomm_release_dev(void __user *arg)
347 {
348         struct rfcomm_dev_req req;
349         struct rfcomm_dev *dev;
350
351         if (copy_from_user(&req, arg, sizeof(req)))
352                 return -EFAULT;
353
354         BT_DBG("dev_id %id flags 0x%x", req.dev_id, req.flags);
355
356         if (!(dev = rfcomm_dev_get(req.dev_id)))
357                 return -ENODEV;
358
359         if (dev->flags != NOCAP_FLAGS && !capable(CAP_NET_ADMIN)) {
360                 rfcomm_dev_put(dev);
361                 return -EPERM;
362         }
363
364         if (req.flags & (1 << RFCOMM_HANGUP_NOW))
365                 rfcomm_dlc_close(dev->dlc, 0);
366
367         rfcomm_dev_del(dev);
368         rfcomm_dev_put(dev);
369         return 0;
370 }
371
372 static int rfcomm_get_dev_list(void __user *arg)
373 {
374         struct rfcomm_dev_list_req *dl;
375         struct rfcomm_dev_info *di;
376         struct list_head *p;
377         int n = 0, size, err;
378         u16 dev_num;
379
380         BT_DBG("");
381
382         if (get_user(dev_num, (u16 __user *) arg))
383                 return -EFAULT;
384
385         if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di))
386                 return -EINVAL;
387
388         size = sizeof(*dl) + dev_num * sizeof(*di);
389
390         if (!(dl = kmalloc(size, GFP_KERNEL)))
391                 return -ENOMEM;
392
393         di = dl->dev_info;
394
395         read_lock_bh(&rfcomm_dev_lock);
396
397         list_for_each(p, &rfcomm_dev_list) {
398                 struct rfcomm_dev *dev = list_entry(p, struct rfcomm_dev, list);
399                 (di + n)->id      = dev->id;
400                 (di + n)->flags   = dev->flags;
401                 (di + n)->state   = dev->dlc->state;
402                 (di + n)->channel = dev->channel;
403                 bacpy(&(di + n)->src, &dev->src);
404                 bacpy(&(di + n)->dst, &dev->dst);
405                 if (++n >= dev_num)
406                         break;
407         }
408
409         read_unlock_bh(&rfcomm_dev_lock);
410
411         dl->dev_num = n;
412         size = sizeof(*dl) + n * sizeof(*di);
413
414         err = copy_to_user(arg, dl, size);
415         kfree(dl);
416
417         return err ? -EFAULT : 0;
418 }
419
420 static int rfcomm_get_dev_info(void __user *arg)
421 {
422         struct rfcomm_dev *dev;
423         struct rfcomm_dev_info di;
424         int err = 0;
425
426         BT_DBG("");
427
428         if (copy_from_user(&di, arg, sizeof(di)))
429                 return -EFAULT;
430
431         if (!(dev = rfcomm_dev_get(di.id)))
432                 return -ENODEV;
433
434         di.flags   = dev->flags;
435         di.channel = dev->channel;
436         di.state   = dev->dlc->state;
437         bacpy(&di.src, &dev->src);
438         bacpy(&di.dst, &dev->dst);
439
440         if (copy_to_user(arg, &di, sizeof(di)))
441                 err = -EFAULT;
442
443         rfcomm_dev_put(dev);
444         return err;
445 }
446
447 int rfcomm_dev_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
448 {
449         BT_DBG("cmd %d arg %p", cmd, arg);
450
451         switch (cmd) {
452         case RFCOMMCREATEDEV:
453                 return rfcomm_create_dev(sk, arg);
454
455         case RFCOMMRELEASEDEV:
456                 return rfcomm_release_dev(arg);
457
458         case RFCOMMGETDEVLIST:
459                 return rfcomm_get_dev_list(arg);
460
461         case RFCOMMGETDEVINFO:
462                 return rfcomm_get_dev_info(arg);
463         }
464
465         return -EINVAL;
466 }
467
468 /* ---- DLC callbacks ---- */
469 static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
470 {
471         struct rfcomm_dev *dev = dlc->owner;
472         struct tty_struct *tty;
473        
474         if (!dev || !(tty = dev->tty)) {
475                 kfree_skb(skb);
476                 return;
477         }
478
479         BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
480
481         tty_insert_flip_string(tty, skb->data, skb->len);
482         tty_flip_buffer_push(tty);
483
484         kfree_skb(skb);
485 }
486
487 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
488 {
489         struct rfcomm_dev *dev = dlc->owner;
490         if (!dev)
491                 return;
492         
493         BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
494
495         dev->err = err;
496         wake_up_interruptible(&dev->wait);
497
498         if (dlc->state == BT_CLOSED) {
499                 if (!dev->tty) {
500                         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
501                                 rfcomm_dev_hold(dev);
502                                 rfcomm_dev_del(dev);
503
504                                 /* We have to drop DLC lock here, otherwise
505                                    rfcomm_dev_put() will dead lock if it's
506                                    the last reference. */
507                                 rfcomm_dlc_unlock(dlc);
508                                 rfcomm_dev_put(dev);
509                                 rfcomm_dlc_lock(dlc);
510                         }
511                 } else 
512                         tty_hangup(dev->tty);
513         }
514 }
515
516 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
517 {
518         struct rfcomm_dev *dev = dlc->owner;
519         if (!dev)
520                 return;
521
522         BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
523
524         if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) {
525                 if (dev->tty && !C_CLOCAL(dev->tty))
526                         tty_hangup(dev->tty);
527         }
528
529         dev->modem_status = 
530                 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
531                 ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) |
532                 ((v24_sig & RFCOMM_V24_IC)  ? TIOCM_RI : 0) |
533                 ((v24_sig & RFCOMM_V24_DV)  ? TIOCM_CD : 0);
534 }
535
536 /* ---- TTY functions ---- */
537 static void rfcomm_tty_wakeup(unsigned long arg)
538 {
539         struct rfcomm_dev *dev = (void *) arg;
540         struct tty_struct *tty = dev->tty;
541         if (!tty)
542                 return;
543
544         BT_DBG("dev %p tty %p", dev, tty);
545
546         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
547                 (tty->ldisc.write_wakeup)(tty);
548
549         wake_up_interruptible(&tty->write_wait);
550 #ifdef SERIAL_HAVE_POLL_WAIT
551         wake_up_interruptible(&tty->poll_wait);
552 #endif
553 }
554
555 static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
556 {
557         DECLARE_WAITQUEUE(wait, current);
558         struct rfcomm_dev *dev;
559         struct rfcomm_dlc *dlc;
560         int err, id;
561
562         id = tty->index;
563
564         BT_DBG("tty %p id %d", tty, id);
565
566         /* We don't leak this refcount. For reasons which are not entirely
567            clear, the TTY layer will call our ->close() method even if the
568            open fails. We decrease the refcount there, and decreasing it
569            here too would cause breakage. */
570         dev = rfcomm_dev_get(id);
571         if (!dev)
572                 return -ENODEV;
573
574         BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), dev->channel, dev->opened);
575
576         if (dev->opened++ != 0)
577                 return 0;
578
579         dlc = dev->dlc;
580
581         /* Attach TTY and open DLC */
582
583         rfcomm_dlc_lock(dlc);
584         tty->driver_data = dev;
585         dev->tty = tty;
586         rfcomm_dlc_unlock(dlc);
587         set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
588
589         err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel);
590         if (err < 0)
591                 return err;
592
593         /* Wait for DLC to connect */
594         add_wait_queue(&dev->wait, &wait);
595         while (1) {
596                 set_current_state(TASK_INTERRUPTIBLE);
597
598                 if (dlc->state == BT_CLOSED) {
599                         err = -dev->err;
600                         break;
601                 }
602
603                 if (dlc->state == BT_CONNECTED)
604                         break;
605
606                 if (signal_pending(current)) {
607                         err = -EINTR;
608                         break;
609                 }
610
611                 schedule();
612         }
613         set_current_state(TASK_RUNNING);
614         remove_wait_queue(&dev->wait, &wait);
615
616         return err;
617 }
618
619 static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
620 {
621         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
622         if (!dev)
623                 return;
624
625         BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, dev->opened);
626
627         if (--dev->opened == 0) {
628                 /* Close DLC and dettach TTY */
629                 rfcomm_dlc_close(dev->dlc, 0);
630
631                 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
632                 tasklet_kill(&dev->wakeup_task);
633
634                 rfcomm_dlc_lock(dev->dlc);
635                 tty->driver_data = NULL;
636                 dev->tty = NULL;
637                 rfcomm_dlc_unlock(dev->dlc);
638         }
639
640         rfcomm_dev_put(dev);
641 }
642
643 static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
644 {
645         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
646         struct rfcomm_dlc *dlc = dev->dlc;
647         struct sk_buff *skb;
648         int err = 0, sent = 0, size;
649
650         BT_DBG("tty %p count %d", tty, count);
651
652         while (count) {
653                 size = min_t(uint, count, dlc->mtu);
654
655                 skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC);
656                 
657                 if (!skb)
658                         break;
659
660                 skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
661
662                 memcpy(skb_put(skb, size), buf + sent, size);
663
664                 if ((err = rfcomm_dlc_send(dlc, skb)) < 0) {
665                         kfree_skb(skb);
666                         break;
667                 }
668
669                 sent  += size;
670                 count -= size;
671         }
672
673         return sent ? sent : err;
674 }
675
676 static int rfcomm_tty_write_room(struct tty_struct *tty)
677 {
678         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
679         int room;
680
681         BT_DBG("tty %p", tty);
682
683         room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
684         if (room < 0)
685                 room = 0;
686         return room;
687 }
688
689 static int rfcomm_tty_ioctl(struct tty_struct *tty, struct file *filp, unsigned int cmd, unsigned long arg)
690 {
691         BT_DBG("tty %p cmd 0x%02x", tty, cmd);
692
693         switch (cmd) {
694         case TCGETS:
695                 BT_DBG("TCGETS is not supported");
696                 return -ENOIOCTLCMD;
697
698         case TCSETS:
699                 BT_DBG("TCSETS is not supported");
700                 return -ENOIOCTLCMD;
701
702         case TIOCMIWAIT:
703                 BT_DBG("TIOCMIWAIT");
704                 break;
705
706         case TIOCGICOUNT:
707                 BT_DBG("TIOCGICOUNT");
708                 break;
709
710         case TIOCGSERIAL:
711                 BT_ERR("TIOCGSERIAL is not supported");
712                 return -ENOIOCTLCMD;
713
714         case TIOCSSERIAL:
715                 BT_ERR("TIOCSSERIAL is not supported");
716                 return -ENOIOCTLCMD;
717
718         case TIOCSERGSTRUCT:
719                 BT_ERR("TIOCSERGSTRUCT is not supported");
720                 return -ENOIOCTLCMD;
721
722         case TIOCSERGETLSR:
723                 BT_ERR("TIOCSERGETLSR is not supported");
724                 return -ENOIOCTLCMD;
725
726         case TIOCSERCONFIG:
727                 BT_ERR("TIOCSERCONFIG is not supported");
728                 return -ENOIOCTLCMD;
729
730         default:
731                 return -ENOIOCTLCMD;    /* ioctls which we must ignore */
732
733         }
734
735         return -ENOIOCTLCMD;
736 }
737
738 static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
739 {
740         struct termios *new = (struct termios *) tty->termios;
741         int old_baud_rate = tty_termios_baud_rate(old);
742         int new_baud_rate = tty_termios_baud_rate(new);
743
744         u8 baud, data_bits, stop_bits, parity, x_on, x_off;
745         u16 changes = 0;
746
747         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
748
749         BT_DBG("tty %p termios %p", tty, old);
750
751         /* Handle turning off CRTSCTS */
752         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 
753                 BT_DBG("Turning off CRTSCTS unsupported");
754
755         /* Parity on/off and when on, odd/even */
756         if (((old->c_cflag & PARENB) != (new->c_cflag & PARENB)) ||
757                         ((old->c_cflag & PARODD) != (new->c_cflag & PARODD)) ) {
758                 changes |= RFCOMM_RPN_PM_PARITY;
759                 BT_DBG("Parity change detected.");
760         }
761
762         /* Mark and space parity are not supported! */
763         if (new->c_cflag & PARENB) {
764                 if (new->c_cflag & PARODD) {
765                         BT_DBG("Parity is ODD");
766                         parity = RFCOMM_RPN_PARITY_ODD;
767                 } else {
768                         BT_DBG("Parity is EVEN");
769                         parity = RFCOMM_RPN_PARITY_EVEN;
770                 }
771         } else {
772                 BT_DBG("Parity is OFF");
773                 parity = RFCOMM_RPN_PARITY_NONE;
774         }
775
776         /* Setting the x_on / x_off characters */
777         if (old->c_cc[VSTOP] != new->c_cc[VSTOP]) {
778                 BT_DBG("XOFF custom");
779                 x_on = new->c_cc[VSTOP];
780                 changes |= RFCOMM_RPN_PM_XON;
781         } else {
782                 BT_DBG("XOFF default");
783                 x_on = RFCOMM_RPN_XON_CHAR;
784         }
785
786         if (old->c_cc[VSTART] != new->c_cc[VSTART]) {
787                 BT_DBG("XON custom");
788                 x_off = new->c_cc[VSTART];
789                 changes |= RFCOMM_RPN_PM_XOFF;
790         } else {
791                 BT_DBG("XON default");
792                 x_off = RFCOMM_RPN_XOFF_CHAR;
793         }
794
795         /* Handle setting of stop bits */
796         if ((old->c_cflag & CSTOPB) != (new->c_cflag & CSTOPB))
797                 changes |= RFCOMM_RPN_PM_STOP;
798
799         /* POSIX does not support 1.5 stop bits and RFCOMM does not
800          * support 2 stop bits. So a request for 2 stop bits gets
801          * translated to 1.5 stop bits */
802         if (new->c_cflag & CSTOPB) {
803                 stop_bits = RFCOMM_RPN_STOP_15;
804         } else {
805                 stop_bits = RFCOMM_RPN_STOP_1;
806         }
807
808         /* Handle number of data bits [5-8] */
809         if ((old->c_cflag & CSIZE) != (new->c_cflag & CSIZE)) 
810                 changes |= RFCOMM_RPN_PM_DATA;
811
812         switch (new->c_cflag & CSIZE) {
813         case CS5:
814                 data_bits = RFCOMM_RPN_DATA_5;
815                 break;
816         case CS6:
817                 data_bits = RFCOMM_RPN_DATA_6;
818                 break;
819         case CS7:
820                 data_bits = RFCOMM_RPN_DATA_7;
821                 break;
822         case CS8:
823                 data_bits = RFCOMM_RPN_DATA_8;
824                 break;
825         default:
826                 data_bits = RFCOMM_RPN_DATA_8;
827                 break;
828         }
829
830         /* Handle baudrate settings */
831         if (old_baud_rate != new_baud_rate)
832                 changes |= RFCOMM_RPN_PM_BITRATE;
833
834         switch (new_baud_rate) {
835         case 2400:
836                 baud = RFCOMM_RPN_BR_2400;
837                 break;
838         case 4800:
839                 baud = RFCOMM_RPN_BR_4800;
840                 break;
841         case 7200:
842                 baud = RFCOMM_RPN_BR_7200;
843                 break;
844         case 9600:
845                 baud = RFCOMM_RPN_BR_9600;
846                 break;
847         case 19200: 
848                 baud = RFCOMM_RPN_BR_19200;
849                 break;
850         case 38400:
851                 baud = RFCOMM_RPN_BR_38400;
852                 break;
853         case 57600:
854                 baud = RFCOMM_RPN_BR_57600;
855                 break;
856         case 115200:
857                 baud = RFCOMM_RPN_BR_115200;
858                 break;
859         case 230400:
860                 baud = RFCOMM_RPN_BR_230400;
861                 break;
862         default:
863                 /* 9600 is standard accordinag to the RFCOMM specification */
864                 baud = RFCOMM_RPN_BR_9600;
865                 break;
866         
867         }
868
869         if (changes)
870                 rfcomm_send_rpn(dev->dlc->session, 1, dev->dlc->dlci, baud,
871                                 data_bits, stop_bits, parity,
872                                 RFCOMM_RPN_FLOW_NONE, x_on, x_off, changes);
873
874         return;
875 }
876
877 static void rfcomm_tty_throttle(struct tty_struct *tty)
878 {
879         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
880
881         BT_DBG("tty %p dev %p", tty, dev);
882
883         rfcomm_dlc_throttle(dev->dlc);
884 }
885
886 static void rfcomm_tty_unthrottle(struct tty_struct *tty)
887 {
888         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
889
890         BT_DBG("tty %p dev %p", tty, dev);
891
892         rfcomm_dlc_unthrottle(dev->dlc);
893 }
894
895 static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
896 {
897         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
898         struct rfcomm_dlc *dlc = dev->dlc;
899
900         BT_DBG("tty %p dev %p", tty, dev);
901
902         if (!skb_queue_empty(&dlc->tx_queue))
903                 return dlc->mtu;
904
905         return 0;
906 }
907
908 static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
909 {
910         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
911         if (!dev)
912                 return;
913
914         BT_DBG("tty %p dev %p", tty, dev);
915
916         skb_queue_purge(&dev->dlc->tx_queue);
917
918         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
919                 tty->ldisc.write_wakeup(tty);
920 }
921
922 static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
923 {
924         BT_DBG("tty %p ch %c", tty, ch);
925 }
926
927 static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
928 {
929         BT_DBG("tty %p timeout %d", tty, timeout);
930 }
931
932 static void rfcomm_tty_hangup(struct tty_struct *tty)
933 {
934         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
935         if (!dev)
936                 return;
937
938         BT_DBG("tty %p dev %p", tty, dev);
939
940         rfcomm_tty_flush_buffer(tty);
941
942         if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
943                 rfcomm_dev_del(dev);
944 }
945
946 static int rfcomm_tty_read_proc(char *buf, char **start, off_t offset, int len, int *eof, void *unused)
947 {
948         return 0;
949 }
950
951 static int rfcomm_tty_tiocmget(struct tty_struct *tty, struct file *filp)
952 {
953         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
954
955         BT_DBG("tty %p dev %p", tty, dev);
956
957         return dev->modem_status;
958 }
959
960 static int rfcomm_tty_tiocmset(struct tty_struct *tty, struct file *filp, unsigned int set, unsigned int clear)
961 {
962         struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
963         struct rfcomm_dlc *dlc = dev->dlc;
964         u8 v24_sig;
965
966         BT_DBG("tty %p dev %p set 0x%02x clear 0x%02x", tty, dev, set, clear);
967
968         rfcomm_dlc_get_modem_status(dlc, &v24_sig);
969
970         if (set & TIOCM_DSR || set & TIOCM_DTR)
971                 v24_sig |= RFCOMM_V24_RTC;
972         if (set & TIOCM_RTS || set & TIOCM_CTS)
973                 v24_sig |= RFCOMM_V24_RTR;
974         if (set & TIOCM_RI)
975                 v24_sig |= RFCOMM_V24_IC;
976         if (set & TIOCM_CD)
977                 v24_sig |= RFCOMM_V24_DV;
978
979         if (clear & TIOCM_DSR || clear & TIOCM_DTR)
980                 v24_sig &= ~RFCOMM_V24_RTC;
981         if (clear & TIOCM_RTS || clear & TIOCM_CTS)
982                 v24_sig &= ~RFCOMM_V24_RTR;
983         if (clear & TIOCM_RI)
984                 v24_sig &= ~RFCOMM_V24_IC;
985         if (clear & TIOCM_CD)
986                 v24_sig &= ~RFCOMM_V24_DV;
987
988         rfcomm_dlc_set_modem_status(dlc, v24_sig);
989
990         return 0;
991 }
992
993 /* ---- TTY structure ---- */
994
995 static struct tty_operations rfcomm_ops = {
996         .open                   = rfcomm_tty_open,
997         .close                  = rfcomm_tty_close,
998         .write                  = rfcomm_tty_write,
999         .write_room             = rfcomm_tty_write_room,
1000         .chars_in_buffer        = rfcomm_tty_chars_in_buffer,
1001         .flush_buffer           = rfcomm_tty_flush_buffer,
1002         .ioctl                  = rfcomm_tty_ioctl,
1003         .throttle               = rfcomm_tty_throttle,
1004         .unthrottle             = rfcomm_tty_unthrottle,
1005         .set_termios            = rfcomm_tty_set_termios,
1006         .send_xchar             = rfcomm_tty_send_xchar,
1007         .hangup                 = rfcomm_tty_hangup,
1008         .wait_until_sent        = rfcomm_tty_wait_until_sent,
1009         .read_proc              = rfcomm_tty_read_proc,
1010         .tiocmget               = rfcomm_tty_tiocmget,
1011         .tiocmset               = rfcomm_tty_tiocmset,
1012 };
1013
1014 int rfcomm_init_ttys(void)
1015 {
1016         rfcomm_tty_driver = alloc_tty_driver(RFCOMM_TTY_PORTS);
1017         if (!rfcomm_tty_driver)
1018                 return -1;
1019
1020         rfcomm_tty_driver->owner        = THIS_MODULE;
1021         rfcomm_tty_driver->driver_name  = "rfcomm";
1022         rfcomm_tty_driver->name         = "rfcomm";
1023         rfcomm_tty_driver->major        = RFCOMM_TTY_MAJOR;
1024         rfcomm_tty_driver->minor_start  = RFCOMM_TTY_MINOR;
1025         rfcomm_tty_driver->type         = TTY_DRIVER_TYPE_SERIAL;
1026         rfcomm_tty_driver->subtype      = SERIAL_TYPE_NORMAL;
1027         rfcomm_tty_driver->flags        = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1028         rfcomm_tty_driver->init_termios = tty_std_termios;
1029         rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1030         tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1031
1032         if (tty_register_driver(rfcomm_tty_driver)) {
1033                 BT_ERR("Can't register RFCOMM TTY driver");
1034                 put_tty_driver(rfcomm_tty_driver);
1035                 return -1;
1036         }
1037
1038         BT_INFO("RFCOMM TTY layer initialized");
1039
1040         return 0;
1041 }
1042
1043 void rfcomm_cleanup_ttys(void)
1044 {
1045         tty_unregister_driver(rfcomm_tty_driver);
1046         put_tty_driver(rfcomm_tty_driver);
1047 }