1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * Outgoing path:
9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc
10 * control message -> GSM MUX control queue --´
11 *
12 * Incoming path:
13 * ldisc -> gsm_queue() -o--> tty
14 * `-> gsm_control_response()
15 *
16 * TO DO:
17 * Mostly done: ioctls for setting modes/timing
18 * Partly done: hooks so you can pull off frames to non tty devs
19 * Restart DLCI 0 when it closes ?
20 * Improve the tx engine
21 * Resolve tx side locking by adding a queue_head and routing
22 * all control traffic via it
23 * General tidy/document
24 * Review the locking/move to refcounts more (mux now moved to an
25 * alloc/free model ready)
26 * Use newest tty open/close port helpers and install hooks
27 * What to do about power functions ?
28 * Termios setting and negotiation
29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
30 *
31 */
32
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched/signal.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/bitfield.h>
42 #include <linux/ctype.h>
43 #include <linux/mm.h>
44 #include <linux/math.h>
45 #include <linux/nospec.h>
46 #include <linux/string.h>
47 #include <linux/slab.h>
48 #include <linux/poll.h>
49 #include <linux/bitops.h>
50 #include <linux/file.h>
51 #include <linux/uaccess.h>
52 #include <linux/module.h>
53 #include <linux/timer.h>
54 #include <linux/tty_flip.h>
55 #include <linux/tty_driver.h>
56 #include <linux/serial.h>
57 #include <linux/kfifo.h>
58 #include <linux/skbuff.h>
59 #include <net/arp.h>
60 #include <linux/ip.h>
61 #include <linux/netdevice.h>
62 #include <linux/etherdevice.h>
63 #include <linux/gsmmux.h>
64 #include "tty.h"
65
66 static int debug;
67 module_param(debug, int, 0600);
68
69 /* Module debug bits */
70 #define DBG_DUMP BIT(0) /* Data transmission dump. */
71 #define DBG_CD_ON BIT(1) /* Always assume CD line on. */
72 #define DBG_DATA BIT(2) /* Data transmission details. */
73 #define DBG_ERRORS BIT(3) /* Details for fail conditions. */
74 #define DBG_TTY BIT(4) /* Transmission statistics for DLCI TTYs. */
75 #define DBG_PAYLOAD BIT(5) /* Limits DBG_DUMP to payload frames. */
76
77 /* Defaults: these are from the specification */
78
79 #define T1 10 /* 100mS */
80 #define T2 34 /* 333mS */
81 #define T3 10 /* 10s */
82 #define N2 3 /* Retry 3 times */
83 #define K 2 /* outstanding I frames */
84
85 #define MAX_T3 255 /* In seconds. */
86 #define MAX_WINDOW_SIZE 7 /* Limit of K in error recovery mode. */
87
88 /* Use long timers for testing at low speed with debug on */
89 #ifdef DEBUG_TIMING
90 #define T1 100
91 #define T2 200
92 #endif
93
94 /*
95 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
96 * limits so this is plenty
97 */
98 #define MAX_MRU 1500
99 #define MAX_MTU 1500
100 #define MIN_MTU (PROT_OVERHEAD + 1)
101 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
102 #define PROT_OVERHEAD 7
103 #define GSM_NET_TX_TIMEOUT (HZ*10)
104
105 /*
106 * struct gsm_mux_net - network interface
107 *
108 * Created when net interface is initialized.
109 */
110 struct gsm_mux_net {
111 struct kref ref;
112 struct gsm_dlci *dlci;
113 };
114
115 /*
116 * Each block of data we have queued to go out is in the form of
117 * a gsm_msg which holds everything we need in a link layer independent
118 * format
119 */
120
121 struct gsm_msg {
122 struct list_head list;
123 u8 addr; /* DLCI address + flags */
124 u8 ctrl; /* Control byte + flags */
125 unsigned int len; /* Length of data block (can be zero) */
126 unsigned char *data; /* Points into buffer but not at the start */
127 unsigned char buffer[];
128 };
129
130 enum gsm_dlci_state {
131 DLCI_CLOSED,
132 DLCI_WAITING_CONFIG, /* Waiting for DLCI configuration from user */
133 DLCI_CONFIGURE, /* Sending PN (for adaption > 1) */
134 DLCI_OPENING, /* Sending SABM not seen UA */
135 DLCI_OPEN, /* SABM/UA complete */
136 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
137 };
138
139 enum gsm_dlci_mode {
140 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
141 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
142 };
143
144 /*
145 * Each active data link has a gsm_dlci structure associated which ties
146 * the link layer to an optional tty (if the tty side is open). To avoid
147 * complexity right now these are only ever freed up when the mux is
148 * shut down.
149 *
150 * At the moment we don't free DLCI objects until the mux is torn down
151 * this avoid object life time issues but might be worth review later.
152 */
153
154 struct gsm_dlci {
155 struct gsm_mux *gsm;
156 int addr;
157 enum gsm_dlci_state state;
158 struct mutex mutex;
159
160 /* Link layer */
161 enum gsm_dlci_mode mode;
162 spinlock_t lock; /* Protects the internal state */
163 struct timer_list t1; /* Retransmit timer for SABM and UA */
164 int retries;
165 /* Uplink tty if active */
166 struct tty_port port; /* The tty bound to this DLCI if there is one */
167 #define TX_SIZE 4096 /* Must be power of 2. */
168 struct kfifo fifo; /* Queue fifo for the DLCI */
169 int adaption; /* Adaption layer in use */
170 int prev_adaption;
171 u32 modem_rx; /* Our incoming virtual modem lines */
172 u32 modem_tx; /* Our outgoing modem lines */
173 unsigned int mtu;
174 bool dead; /* Refuse re-open */
175 /* Configuration */
176 u8 prio; /* Priority */
177 u8 ftype; /* Frame type */
178 u8 k; /* Window size */
179 /* Flow control */
180 bool throttled; /* Private copy of throttle state */
181 bool constipated; /* Throttle status for outgoing */
182 /* Packetised I/O */
183 struct sk_buff *skb; /* Frame being sent */
184 struct sk_buff_head skb_list; /* Queued frames */
185 /* Data handling callback */
186 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
187 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
188 struct net_device *net; /* network interface, if created */
189 };
190
191 /*
192 * Parameter bits used for parameter negotiation according to 3GPP 27.010
193 * chapter 5.4.6.3.1.
194 */
195
196 struct gsm_dlci_param_bits {
197 u8 d_bits;
198 u8 i_cl_bits;
199 u8 p_bits;
200 u8 t_bits;
201 __le16 n_bits;
202 u8 na_bits;
203 u8 k_bits;
204 };
205
206 static_assert(sizeof(struct gsm_dlci_param_bits) == 8);
207
208 #define PN_D_FIELD_DLCI GENMASK(5, 0)
209 #define PN_I_CL_FIELD_FTYPE GENMASK(3, 0)
210 #define PN_I_CL_FIELD_ADAPTION GENMASK(7, 4)
211 #define PN_P_FIELD_PRIO GENMASK(5, 0)
212 #define PN_T_FIELD_T1 GENMASK(7, 0)
213 #define PN_N_FIELD_N1 GENMASK(15, 0)
214 #define PN_NA_FIELD_N2 GENMASK(7, 0)
215 #define PN_K_FIELD_K GENMASK(2, 0)
216
217 /* Total number of supported devices */
218 #define GSM_TTY_MINORS 256
219
220 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
221
222 #define NUM_DLCI 64
223
224 /*
225 * DLCI 0 is used to pass control blocks out of band of the data
226 * flow (and with a higher link priority). One command can be outstanding
227 * at a time and we use this structure to manage them. They are created
228 * and destroyed by the user context, and updated by the receive paths
229 * and timers
230 */
231
232 struct gsm_control {
233 u8 cmd; /* Command we are issuing */
234 u8 *data; /* Data for the command in case we retransmit */
235 int len; /* Length of block for retransmission */
236 int done; /* Done flag */
237 int error; /* Error if any */
238 };
239
240 enum gsm_encoding {
241 GSM_BASIC_OPT,
242 GSM_ADV_OPT,
243 };
244
245 enum gsm_mux_state {
246 GSM_SEARCH,
247 GSM0_ADDRESS,
248 GSM0_CONTROL,
249 GSM0_LEN0,
250 GSM0_LEN1,
251 GSM0_DATA,
252 GSM0_FCS,
253 GSM0_SSOF,
254 GSM1_START,
255 GSM1_ADDRESS,
256 GSM1_CONTROL,
257 GSM1_DATA,
258 GSM1_OVERRUN,
259 };
260
261 /*
262 * Each GSM mux we have is represented by this structure. If we are
263 * operating as an ldisc then we use this structure as our ldisc
264 * state. We need to sort out lifetimes and locking with respect
265 * to the gsm mux array. For now we don't free DLCI objects that
266 * have been instantiated until the mux itself is terminated.
267 *
268 * To consider further: tty open versus mux shutdown.
269 */
270
271 struct gsm_mux {
272 struct tty_struct *tty; /* The tty our ldisc is bound to */
273 spinlock_t lock;
274 struct mutex mutex;
275 unsigned int num;
276 struct kref ref;
277
278 /* Events on the GSM channel */
279 wait_queue_head_t event;
280
281 /* ldisc send work */
282 struct work_struct tx_work;
283
284 /* Bits for GSM mode decoding */
285
286 /* Framing Layer */
287 unsigned char *buf;
288 enum gsm_mux_state state;
289 unsigned int len;
290 unsigned int address;
291 unsigned int count;
292 bool escape;
293 enum gsm_encoding encoding;
294 u8 control;
295 u8 fcs;
296 u8 *txframe; /* TX framing buffer */
297
298 /* Method for the receiver side */
299 void (*receive)(struct gsm_mux *gsm, u8 ch);
300
301 /* Link Layer */
302 unsigned int mru;
303 unsigned int mtu;
304 int initiator; /* Did we initiate connection */
305 bool dead; /* Has the mux been shut down */
306 struct gsm_dlci *dlci[NUM_DLCI];
307 int old_c_iflag; /* termios c_iflag value before attach */
308 bool constipated; /* Asked by remote to shut up */
309 bool has_devices; /* Devices were registered */
310
311 spinlock_t tx_lock;
312 unsigned int tx_bytes; /* TX data outstanding */
313 #define TX_THRESH_HI 8192
314 #define TX_THRESH_LO 2048
315 struct list_head tx_ctrl_list; /* Pending control packets */
316 struct list_head tx_data_list; /* Pending data packets */
317
318 /* Control messages */
319 struct timer_list kick_timer; /* Kick TX queuing on timeout */
320 struct timer_list t2_timer; /* Retransmit timer for commands */
321 int cretries; /* Command retry counter */
322 struct gsm_control *pending_cmd;/* Our current pending command */
323 spinlock_t control_lock; /* Protects the pending command */
324
325 /* Keep-alive */
326 struct timer_list ka_timer; /* Keep-alive response timer */
327 u8 ka_num; /* Keep-alive match pattern */
328 signed int ka_retries; /* Keep-alive retry counter, -1 if not yet initialized */
329
330 /* Configuration */
331 int adaption; /* 1 or 2 supported */
332 u8 ftype; /* UI or UIH */
333 int t1, t2; /* Timers in 1/100th of a sec */
334 unsigned int t3; /* Power wake-up timer in seconds. */
335 int n2; /* Retry count */
336 u8 k; /* Window size */
337 bool wait_config; /* Wait for configuration by ioctl before DLCI open */
338 u32 keep_alive; /* Control channel keep-alive in 10ms */
339
340 /* Statistics (not currently exposed) */
341 unsigned long bad_fcs;
342 unsigned long malformed;
343 unsigned long io_error;
344 unsigned long open_error;
345 unsigned long bad_size;
346 unsigned long unsupported;
347 };
348
349
350 /*
351 * Mux objects - needed so that we can translate a tty index into the
352 * relevant mux and DLCI.
353 */
354
355 #define MAX_MUX 4 /* 256 minors */
356 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
357 static DEFINE_SPINLOCK(gsm_mux_lock);
358
359 static struct tty_driver *gsm_tty_driver;
360
361 /*
362 * This section of the driver logic implements the GSM encodings
363 * both the basic and the 'advanced'. Reliable transport is not
364 * supported.
365 */
366
367 #define CR 0x02
368 #define EA 0x01
369 #define PF 0x10
370
371 /* I is special: the rest are ..*/
372 #define RR 0x01
373 #define UI 0x03
374 #define RNR 0x05
375 #define REJ 0x09
376 #define DM 0x0F
377 #define SABM 0x2F
378 #define DISC 0x43
379 #define UA 0x63
380 #define UIH 0xEF
381
382 /* Channel commands */
383 #define CMD_NSC 0x09
384 #define CMD_TEST 0x11
385 #define CMD_PSC 0x21
386 #define CMD_RLS 0x29
387 #define CMD_FCOFF 0x31
388 #define CMD_PN 0x41
389 #define CMD_RPN 0x49
390 #define CMD_FCON 0x51
391 #define CMD_CLD 0x61
392 #define CMD_SNC 0x69
393 #define CMD_MSC 0x71
394
395 /* Virtual modem bits */
396 #define MDM_FC 0x01
397 #define MDM_RTC 0x02
398 #define MDM_RTR 0x04
399 #define MDM_IC 0x20
400 #define MDM_DV 0x40
401
402 #define GSM0_SOF 0xF9
403 #define GSM1_SOF 0x7E
404 #define GSM1_ESCAPE 0x7D
405 #define GSM1_ESCAPE_BITS 0x20
406 #define XON 0x11
407 #define XOFF 0x13
408 #define ISO_IEC_646_MASK 0x7F
409
410 static const struct tty_port_operations gsm_port_ops;
411
412 /*
413 * CRC table for GSM 0710
414 */
415
416 static const u8 gsm_fcs8[256] = {
417 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
418 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
419 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
420 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
421 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
422 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
423 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
424 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
425 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
426 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
427 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
428 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
429 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
430 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
431 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
432 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
433 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
434 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
435 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
436 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
437 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
438 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
439 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
440 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
441 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
442 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
443 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
444 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
445 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
446 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
447 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
448 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
449 };
450
451 #define INIT_FCS 0xFF
452 #define GOOD_FCS 0xCF
453
454 static void gsm_dlci_close(struct gsm_dlci *dlci);
455 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
456 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
457 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
458 u8 ctrl);
459 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
460 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr);
461 static void gsmld_write_trigger(struct gsm_mux *gsm);
462 static void gsmld_write_task(struct work_struct *work);
463
464 /**
465 * gsm_fcs_add - update FCS
466 * @fcs: Current FCS
467 * @c: Next data
468 *
469 * Update the FCS to include c. Uses the algorithm in the specification
470 * notes.
471 */
472
gsm_fcs_add(u8 fcs,u8 c)473 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
474 {
475 return gsm_fcs8[fcs ^ c];
476 }
477
478 /**
479 * gsm_fcs_add_block - update FCS for a block
480 * @fcs: Current FCS
481 * @c: buffer of data
482 * @len: length of buffer
483 *
484 * Update the FCS to include c. Uses the algorithm in the specification
485 * notes.
486 */
487
gsm_fcs_add_block(u8 fcs,u8 * c,int len)488 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
489 {
490 while (len--)
491 fcs = gsm_fcs8[fcs ^ *c++];
492 return fcs;
493 }
494
495 /**
496 * gsm_read_ea - read a byte into an EA
497 * @val: variable holding value
498 * @c: byte going into the EA
499 *
500 * Processes one byte of an EA. Updates the passed variable
501 * and returns 1 if the EA is now completely read
502 */
503
gsm_read_ea(unsigned int * val,u8 c)504 static int gsm_read_ea(unsigned int *val, u8 c)
505 {
506 /* Add the next 7 bits into the value */
507 *val <<= 7;
508 *val |= c >> 1;
509 /* Was this the last byte of the EA 1 = yes*/
510 return c & EA;
511 }
512
513 /**
514 * gsm_read_ea_val - read a value until EA
515 * @val: variable holding value
516 * @data: buffer of data
517 * @dlen: length of data
518 *
519 * Processes an EA value. Updates the passed variable and
520 * returns the processed data length.
521 */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)522 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
523 {
524 unsigned int len = 0;
525
526 for (; dlen > 0; dlen--) {
527 len++;
528 if (gsm_read_ea(val, *data++))
529 break;
530 }
531 return len;
532 }
533
534 /**
535 * gsm_encode_modem - encode modem data bits
536 * @dlci: DLCI to encode from
537 *
538 * Returns the correct GSM encoded modem status bits (6 bit field) for
539 * the current status of the DLCI and attached tty object
540 */
541
gsm_encode_modem(const struct gsm_dlci * dlci)542 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
543 {
544 u8 modembits = 0;
545 /* FC is true flow control not modem bits */
546 if (dlci->throttled)
547 modembits |= MDM_FC;
548 if (dlci->modem_tx & TIOCM_DTR)
549 modembits |= MDM_RTC;
550 if (dlci->modem_tx & TIOCM_RTS)
551 modembits |= MDM_RTR;
552 if (dlci->modem_tx & TIOCM_RI)
553 modembits |= MDM_IC;
554 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
555 modembits |= MDM_DV;
556 /* special mappings for passive side to operate as UE */
557 if (dlci->modem_tx & TIOCM_OUT1)
558 modembits |= MDM_IC;
559 if (dlci->modem_tx & TIOCM_OUT2)
560 modembits |= MDM_DV;
561 return modembits;
562 }
563
gsm_hex_dump_bytes(const char * fname,const u8 * data,unsigned long len)564 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
565 unsigned long len)
566 {
567 char *prefix;
568
569 if (!fname) {
570 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
571 true);
572 return;
573 }
574
575 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
576 if (!prefix)
577 return;
578 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
579 true);
580 kfree(prefix);
581 }
582
583 /**
584 * gsm_encode_params - encode DLCI parameters
585 * @dlci: DLCI to encode from
586 * @params: buffer to fill with the encoded parameters
587 *
588 * Encodes the parameters according to GSM 07.10 section 5.4.6.3.1
589 * table 3.
590 */
gsm_encode_params(const struct gsm_dlci * dlci,struct gsm_dlci_param_bits * params)591 static int gsm_encode_params(const struct gsm_dlci *dlci,
592 struct gsm_dlci_param_bits *params)
593 {
594 const struct gsm_mux *gsm = dlci->gsm;
595 unsigned int i, cl;
596
597 switch (dlci->ftype) {
598 case UIH:
599 i = 0; /* UIH */
600 break;
601 case UI:
602 i = 1; /* UI */
603 break;
604 default:
605 pr_debug("unsupported frame type %d\n", dlci->ftype);
606 return -EINVAL;
607 }
608
609 switch (dlci->adaption) {
610 case 1: /* Unstructured */
611 cl = 0; /* convergence layer type 1 */
612 break;
613 case 2: /* Unstructured with modem bits. */
614 cl = 1; /* convergence layer type 2 */
615 break;
616 default:
617 pr_debug("unsupported adaption %d\n", dlci->adaption);
618 return -EINVAL;
619 }
620
621 params->d_bits = FIELD_PREP(PN_D_FIELD_DLCI, dlci->addr);
622 /* UIH, convergence layer type 1 */
623 params->i_cl_bits = FIELD_PREP(PN_I_CL_FIELD_FTYPE, i) |
624 FIELD_PREP(PN_I_CL_FIELD_ADAPTION, cl);
625 params->p_bits = FIELD_PREP(PN_P_FIELD_PRIO, dlci->prio);
626 params->t_bits = FIELD_PREP(PN_T_FIELD_T1, gsm->t1);
627 params->n_bits = cpu_to_le16(FIELD_PREP(PN_N_FIELD_N1, dlci->mtu));
628 params->na_bits = FIELD_PREP(PN_NA_FIELD_N2, gsm->n2);
629 params->k_bits = FIELD_PREP(PN_K_FIELD_K, dlci->k);
630
631 return 0;
632 }
633
634 /**
635 * gsm_register_devices - register all tty devices for a given mux index
636 *
637 * @driver: the tty driver that describes the tty devices
638 * @index: the mux number is used to calculate the minor numbers of the
639 * ttys for this mux and may differ from the position in the
640 * mux array.
641 */
gsm_register_devices(struct tty_driver * driver,unsigned int index)642 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
643 {
644 struct device *dev;
645 int i;
646 unsigned int base;
647
648 if (!driver || index >= MAX_MUX)
649 return -EINVAL;
650
651 base = index * NUM_DLCI; /* first minor for this index */
652 for (i = 1; i < NUM_DLCI; i++) {
653 /* Don't register device 0 - this is the control channel
654 * and not a usable tty interface
655 */
656 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
657 if (IS_ERR(dev)) {
658 if (debug & DBG_ERRORS)
659 pr_info("%s failed to register device minor %u",
660 __func__, base + i);
661 for (i--; i >= 1; i--)
662 tty_unregister_device(gsm_tty_driver, base + i);
663 return PTR_ERR(dev);
664 }
665 }
666
667 return 0;
668 }
669
670 /**
671 * gsm_unregister_devices - unregister all tty devices for a given mux index
672 *
673 * @driver: the tty driver that describes the tty devices
674 * @index: the mux number is used to calculate the minor numbers of the
675 * ttys for this mux and may differ from the position in the
676 * mux array.
677 */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)678 static void gsm_unregister_devices(struct tty_driver *driver,
679 unsigned int index)
680 {
681 int i;
682 unsigned int base;
683
684 if (!driver || index >= MAX_MUX)
685 return;
686
687 base = index * NUM_DLCI; /* first minor for this index */
688 for (i = 1; i < NUM_DLCI; i++) {
689 /* Don't unregister device 0 - this is the control
690 * channel and not a usable tty interface
691 */
692 tty_unregister_device(gsm_tty_driver, base + i);
693 }
694 }
695
696 /**
697 * gsm_print_packet - display a frame for debug
698 * @hdr: header to print before decode
699 * @addr: address EA from the frame
700 * @cr: C/R bit seen as initiator
701 * @control: control including PF bit
702 * @data: following data bytes
703 * @dlen: length of data
704 *
705 * Displays a packet in human readable format for debugging purposes. The
706 * style is based on amateur radio LAP-B dump display.
707 */
708
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)709 static void gsm_print_packet(const char *hdr, int addr, int cr,
710 u8 control, const u8 *data, int dlen)
711 {
712 if (!(debug & DBG_DUMP))
713 return;
714 /* Only show user payload frames if debug & DBG_PAYLOAD */
715 if (!(debug & DBG_PAYLOAD) && addr != 0)
716 if ((control & ~PF) == UI || (control & ~PF) == UIH)
717 return;
718
719 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
720
721 switch (control & ~PF) {
722 case SABM:
723 pr_cont("SABM");
724 break;
725 case UA:
726 pr_cont("UA");
727 break;
728 case DISC:
729 pr_cont("DISC");
730 break;
731 case DM:
732 pr_cont("DM");
733 break;
734 case UI:
735 pr_cont("UI");
736 break;
737 case UIH:
738 pr_cont("UIH");
739 break;
740 default:
741 if (!(control & 0x01)) {
742 pr_cont("I N(S)%d N(R)%d",
743 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
744 } else switch (control & 0x0F) {
745 case RR:
746 pr_cont("RR(%d)", (control & 0xE0) >> 5);
747 break;
748 case RNR:
749 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
750 break;
751 case REJ:
752 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
753 break;
754 default:
755 pr_cont("[%02X]", control);
756 }
757 }
758
759 if (control & PF)
760 pr_cont("(P)");
761 else
762 pr_cont("(F)");
763
764 gsm_hex_dump_bytes(NULL, data, dlen);
765 }
766
767
768 /*
769 * Link level transmission side
770 */
771
772 /**
773 * gsm_stuff_frame - bytestuff a packet
774 * @input: input buffer
775 * @output: output buffer
776 * @len: length of input
777 *
778 * Expand a buffer by bytestuffing it. The worst case size change
779 * is doubling and the caller is responsible for handing out
780 * suitable sized buffers.
781 */
782
gsm_stuff_frame(const u8 * input,u8 * output,int len)783 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
784 {
785 int olen = 0;
786 while (len--) {
787 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
788 || (*input & ISO_IEC_646_MASK) == XON
789 || (*input & ISO_IEC_646_MASK) == XOFF) {
790 *output++ = GSM1_ESCAPE;
791 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
792 olen++;
793 } else
794 *output++ = *input++;
795 olen++;
796 }
797 return olen;
798 }
799
800 /**
801 * gsm_send - send a control frame
802 * @gsm: our GSM mux
803 * @addr: address for control frame
804 * @cr: command/response bit seen as initiator
805 * @control: control byte including PF bit
806 *
807 * Format up and transmit a control frame. These should be transmitted
808 * ahead of data when they are needed.
809 */
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)810 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
811 {
812 struct gsm_msg *msg;
813 u8 *dp;
814 int ocr;
815 unsigned long flags;
816
817 msg = gsm_data_alloc(gsm, addr, 0, control);
818 if (!msg)
819 return -ENOMEM;
820
821 /* toggle C/R coding if not initiator */
822 ocr = cr ^ (gsm->initiator ? 0 : 1);
823
824 msg->data -= 3;
825 dp = msg->data;
826 *dp++ = (addr << 2) | (ocr << 1) | EA;
827 *dp++ = control;
828
829 if (gsm->encoding == GSM_BASIC_OPT)
830 *dp++ = EA; /* Length of data = 0 */
831
832 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
833 msg->len = (dp - msg->data) + 1;
834
835 gsm_print_packet("Q->", addr, cr, control, NULL, 0);
836
837 spin_lock_irqsave(&gsm->tx_lock, flags);
838 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
839 gsm->tx_bytes += msg->len;
840 spin_unlock_irqrestore(&gsm->tx_lock, flags);
841 gsmld_write_trigger(gsm);
842
843 return 0;
844 }
845
846 /**
847 * gsm_dlci_clear_queues - remove outstanding data for a DLCI
848 * @gsm: mux
849 * @dlci: clear for this DLCI
850 *
851 * Clears the data queues for a given DLCI.
852 */
gsm_dlci_clear_queues(struct gsm_mux * gsm,struct gsm_dlci * dlci)853 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
854 {
855 struct gsm_msg *msg, *nmsg;
856 int addr = dlci->addr;
857 unsigned long flags;
858
859 /* Clear DLCI write fifo first */
860 spin_lock_irqsave(&dlci->lock, flags);
861 kfifo_reset(&dlci->fifo);
862 spin_unlock_irqrestore(&dlci->lock, flags);
863
864 /* Clear data packets in MUX write queue */
865 spin_lock_irqsave(&gsm->tx_lock, flags);
866 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
867 if (msg->addr != addr)
868 continue;
869 gsm->tx_bytes -= msg->len;
870 list_del(&msg->list);
871 kfree(msg);
872 }
873 spin_unlock_irqrestore(&gsm->tx_lock, flags);
874 }
875
876 /**
877 * gsm_response - send a control response
878 * @gsm: our GSM mux
879 * @addr: address for control frame
880 * @control: control byte including PF bit
881 *
882 * Format up and transmit a link level response frame.
883 */
884
gsm_response(struct gsm_mux * gsm,int addr,int control)885 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
886 {
887 gsm_send(gsm, addr, 0, control);
888 }
889
890 /**
891 * gsm_command - send a control command
892 * @gsm: our GSM mux
893 * @addr: address for control frame
894 * @control: control byte including PF bit
895 *
896 * Format up and transmit a link level command frame.
897 */
898
gsm_command(struct gsm_mux * gsm,int addr,int control)899 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
900 {
901 gsm_send(gsm, addr, 1, control);
902 }
903
904 /* Data transmission */
905
906 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
907
908 /**
909 * gsm_data_alloc - allocate data frame
910 * @gsm: GSM mux
911 * @addr: DLCI address
912 * @len: length excluding header and FCS
913 * @ctrl: control byte
914 *
915 * Allocate a new data buffer for sending frames with data. Space is left
916 * at the front for header bytes but that is treated as an implementation
917 * detail and not for the high level code to use
918 */
919
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)920 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
921 u8 ctrl)
922 {
923 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
924 GFP_ATOMIC);
925 if (m == NULL)
926 return NULL;
927 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
928 m->len = len;
929 m->addr = addr;
930 m->ctrl = ctrl;
931 INIT_LIST_HEAD(&m->list);
932 return m;
933 }
934
935 /**
936 * gsm_send_packet - sends a single packet
937 * @gsm: GSM Mux
938 * @msg: packet to send
939 *
940 * The given packet is encoded and sent out. No memory is freed.
941 * The caller must hold the gsm tx lock.
942 */
gsm_send_packet(struct gsm_mux * gsm,struct gsm_msg * msg)943 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
944 {
945 int len, ret;
946
947
948 if (gsm->encoding == GSM_BASIC_OPT) {
949 gsm->txframe[0] = GSM0_SOF;
950 memcpy(gsm->txframe + 1, msg->data, msg->len);
951 gsm->txframe[msg->len + 1] = GSM0_SOF;
952 len = msg->len + 2;
953 } else {
954 gsm->txframe[0] = GSM1_SOF;
955 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
956 gsm->txframe[len + 1] = GSM1_SOF;
957 len += 2;
958 }
959
960 if (debug & DBG_DATA)
961 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
962 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
963 msg->len);
964
965 ret = gsmld_output(gsm, gsm->txframe, len);
966 if (ret <= 0)
967 return ret;
968 /* FIXME: Can eliminate one SOF in many more cases */
969 gsm->tx_bytes -= msg->len;
970
971 return 0;
972 }
973
974 /**
975 * gsm_is_flow_ctrl_msg - checks if flow control message
976 * @msg: message to check
977 *
978 * Returns true if the given message is a flow control command of the
979 * control channel. False is returned in any other case.
980 */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)981 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
982 {
983 unsigned int cmd;
984
985 if (msg->addr > 0)
986 return false;
987
988 switch (msg->ctrl & ~PF) {
989 case UI:
990 case UIH:
991 cmd = 0;
992 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
993 break;
994 switch (cmd & ~PF) {
995 case CMD_FCOFF:
996 case CMD_FCON:
997 return true;
998 }
999 break;
1000 }
1001
1002 return false;
1003 }
1004
1005 /**
1006 * gsm_data_kick - poke the queue
1007 * @gsm: GSM Mux
1008 *
1009 * The tty device has called us to indicate that room has appeared in
1010 * the transmit queue. Ram more data into the pipe if we have any.
1011 * If we have been flow-stopped by a CMD_FCOFF, then we can only
1012 * send messages on DLCI0 until CMD_FCON. The caller must hold
1013 * the gsm tx lock.
1014 */
gsm_data_kick(struct gsm_mux * gsm)1015 static int gsm_data_kick(struct gsm_mux *gsm)
1016 {
1017 struct gsm_msg *msg, *nmsg;
1018 struct gsm_dlci *dlci;
1019 int ret;
1020
1021 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
1022
1023 /* Serialize control messages and control channel messages first */
1024 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
1025 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
1026 continue;
1027 ret = gsm_send_packet(gsm, msg);
1028 switch (ret) {
1029 case -ENOSPC:
1030 return -ENOSPC;
1031 case -ENODEV:
1032 /* ldisc not open */
1033 gsm->tx_bytes -= msg->len;
1034 list_del(&msg->list);
1035 kfree(msg);
1036 continue;
1037 default:
1038 if (ret >= 0) {
1039 list_del(&msg->list);
1040 kfree(msg);
1041 }
1042 break;
1043 }
1044 }
1045
1046 if (gsm->constipated)
1047 return -EAGAIN;
1048
1049 /* Serialize other channels */
1050 if (list_empty(&gsm->tx_data_list))
1051 return 0;
1052 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
1053 dlci = gsm->dlci[msg->addr];
1054 /* Send only messages for DLCIs with valid state */
1055 if (dlci->state != DLCI_OPEN) {
1056 gsm->tx_bytes -= msg->len;
1057 list_del(&msg->list);
1058 kfree(msg);
1059 continue;
1060 }
1061 ret = gsm_send_packet(gsm, msg);
1062 switch (ret) {
1063 case -ENOSPC:
1064 return -ENOSPC;
1065 case -ENODEV:
1066 /* ldisc not open */
1067 gsm->tx_bytes -= msg->len;
1068 list_del(&msg->list);
1069 kfree(msg);
1070 continue;
1071 default:
1072 if (ret >= 0) {
1073 list_del(&msg->list);
1074 kfree(msg);
1075 }
1076 break;
1077 }
1078 }
1079
1080 return 1;
1081 }
1082
1083 /**
1084 * __gsm_data_queue - queue a UI or UIH frame
1085 * @dlci: DLCI sending the data
1086 * @msg: message queued
1087 *
1088 * Add data to the transmit queue and try and get stuff moving
1089 * out of the mux tty if not already doing so. The Caller must hold
1090 * the gsm tx lock.
1091 */
1092
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1093 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1094 {
1095 struct gsm_mux *gsm = dlci->gsm;
1096 u8 *dp = msg->data;
1097 u8 *fcs = dp + msg->len;
1098
1099 /* Fill in the header */
1100 if (gsm->encoding == GSM_BASIC_OPT) {
1101 if (msg->len < 128)
1102 *--dp = (msg->len << 1) | EA;
1103 else {
1104 *--dp = (msg->len >> 7); /* bits 7 - 15 */
1105 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
1106 }
1107 }
1108
1109 *--dp = msg->ctrl;
1110 if (gsm->initiator)
1111 *--dp = (msg->addr << 2) | CR | EA;
1112 else
1113 *--dp = (msg->addr << 2) | EA;
1114 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
1115 /* Ugly protocol layering violation */
1116 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
1117 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
1118 *fcs = 0xFF - *fcs;
1119
1120 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
1121 msg->data, msg->len);
1122
1123 /* Move the header back and adjust the length, also allow for the FCS
1124 now tacked on the end */
1125 msg->len += (msg->data - dp) + 1;
1126 msg->data = dp;
1127
1128 /* Add to the actual output queue */
1129 switch (msg->ctrl & ~PF) {
1130 case UI:
1131 case UIH:
1132 if (msg->addr > 0) {
1133 list_add_tail(&msg->list, &gsm->tx_data_list);
1134 break;
1135 }
1136 fallthrough;
1137 default:
1138 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1139 break;
1140 }
1141 gsm->tx_bytes += msg->len;
1142
1143 gsmld_write_trigger(gsm);
1144 mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
1145 }
1146
1147 /**
1148 * gsm_data_queue - queue a UI or UIH frame
1149 * @dlci: DLCI sending the data
1150 * @msg: message queued
1151 *
1152 * Add data to the transmit queue and try and get stuff moving
1153 * out of the mux tty if not already doing so. Take the
1154 * the gsm tx lock and dlci lock.
1155 */
1156
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1157 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1158 {
1159 unsigned long flags;
1160 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1161 __gsm_data_queue(dlci, msg);
1162 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1163 }
1164
1165 /**
1166 * gsm_dlci_data_output - try and push data out of a DLCI
1167 * @gsm: mux
1168 * @dlci: the DLCI to pull data from
1169 *
1170 * Pull data from a DLCI and send it into the transmit queue if there
1171 * is data. Keep to the MRU of the mux. This path handles the usual tty
1172 * interface which is a byte stream with optional modem data.
1173 *
1174 * Caller must hold the tx_lock of the mux.
1175 */
1176
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)1177 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1178 {
1179 struct gsm_msg *msg;
1180 u8 *dp;
1181 int h, len, size;
1182
1183 /* for modem bits without break data */
1184 h = ((dlci->adaption == 1) ? 0 : 1);
1185
1186 len = kfifo_len(&dlci->fifo);
1187 if (len == 0)
1188 return 0;
1189
1190 /* MTU/MRU count only the data bits but watch adaption mode */
1191 if ((len + h) > dlci->mtu)
1192 len = dlci->mtu - h;
1193
1194 size = len + h;
1195
1196 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1197 if (!msg)
1198 return -ENOMEM;
1199 dp = msg->data;
1200 switch (dlci->adaption) {
1201 case 1: /* Unstructured */
1202 break;
1203 case 2: /* Unstructured with modem bits.
1204 * Always one byte as we never send inline break data
1205 */
1206 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1207 break;
1208 default:
1209 pr_err("%s: unsupported adaption %d\n", __func__,
1210 dlci->adaption);
1211 break;
1212 }
1213
1214 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1215 &dlci->lock));
1216
1217 /* Notify upper layer about available send space. */
1218 tty_port_tty_wakeup(&dlci->port);
1219
1220 __gsm_data_queue(dlci, msg);
1221 /* Bytes of data we used up */
1222 return size;
1223 }
1224
1225 /**
1226 * gsm_dlci_data_output_framed - try and push data out of a DLCI
1227 * @gsm: mux
1228 * @dlci: the DLCI to pull data from
1229 *
1230 * Pull data from a DLCI and send it into the transmit queue if there
1231 * is data. Keep to the MRU of the mux. This path handles framed data
1232 * queued as skbuffs to the DLCI.
1233 *
1234 * Caller must hold the tx_lock of the mux.
1235 */
1236
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)1237 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1238 struct gsm_dlci *dlci)
1239 {
1240 struct gsm_msg *msg;
1241 u8 *dp;
1242 int len, size;
1243 int last = 0, first = 0;
1244 int overhead = 0;
1245
1246 /* One byte per frame is used for B/F flags */
1247 if (dlci->adaption == 4)
1248 overhead = 1;
1249
1250 /* dlci->skb is locked by tx_lock */
1251 if (dlci->skb == NULL) {
1252 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
1253 if (dlci->skb == NULL)
1254 return 0;
1255 first = 1;
1256 }
1257 len = dlci->skb->len + overhead;
1258
1259 /* MTU/MRU count only the data bits */
1260 if (len > dlci->mtu) {
1261 if (dlci->adaption == 3) {
1262 /* Over long frame, bin it */
1263 dev_kfree_skb_any(dlci->skb);
1264 dlci->skb = NULL;
1265 return 0;
1266 }
1267 len = dlci->mtu;
1268 } else
1269 last = 1;
1270
1271 size = len + overhead;
1272 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1273 if (msg == NULL) {
1274 skb_queue_tail(&dlci->skb_list, dlci->skb);
1275 dlci->skb = NULL;
1276 return -ENOMEM;
1277 }
1278 dp = msg->data;
1279
1280 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1281 /* Flag byte to carry the start/end info */
1282 *dp++ = last << 7 | first << 6 | 1; /* EA */
1283 len--;
1284 }
1285 memcpy(dp, dlci->skb->data, len);
1286 skb_pull(dlci->skb, len);
1287 __gsm_data_queue(dlci, msg);
1288 if (last) {
1289 dev_kfree_skb_any(dlci->skb);
1290 dlci->skb = NULL;
1291 }
1292 return size;
1293 }
1294
1295 /**
1296 * gsm_dlci_modem_output - try and push modem status out of a DLCI
1297 * @gsm: mux
1298 * @dlci: the DLCI to pull modem status from
1299 * @brk: break signal
1300 *
1301 * Push an empty frame in to the transmit queue to update the modem status
1302 * bits and to transmit an optional break.
1303 *
1304 * Caller must hold the tx_lock of the mux.
1305 */
1306
gsm_dlci_modem_output(struct gsm_mux * gsm,struct gsm_dlci * dlci,u8 brk)1307 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1308 u8 brk)
1309 {
1310 u8 *dp = NULL;
1311 struct gsm_msg *msg;
1312 int size = 0;
1313
1314 /* for modem bits without break data */
1315 switch (dlci->adaption) {
1316 case 1: /* Unstructured */
1317 break;
1318 case 2: /* Unstructured with modem bits. */
1319 size++;
1320 if (brk > 0)
1321 size++;
1322 break;
1323 default:
1324 pr_err("%s: unsupported adaption %d\n", __func__,
1325 dlci->adaption);
1326 return -EINVAL;
1327 }
1328
1329 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1330 if (!msg) {
1331 pr_err("%s: gsm_data_alloc error", __func__);
1332 return -ENOMEM;
1333 }
1334 dp = msg->data;
1335 switch (dlci->adaption) {
1336 case 1: /* Unstructured */
1337 break;
1338 case 2: /* Unstructured with modem bits. */
1339 if (brk == 0) {
1340 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1341 } else {
1342 *dp++ = gsm_encode_modem(dlci) << 1;
1343 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1344 }
1345 break;
1346 default:
1347 /* Handled above */
1348 break;
1349 }
1350
1351 __gsm_data_queue(dlci, msg);
1352 return size;
1353 }
1354
1355 /**
1356 * gsm_dlci_data_sweep - look for data to send
1357 * @gsm: the GSM mux
1358 *
1359 * Sweep the GSM mux channels in priority order looking for ones with
1360 * data to send. We could do with optimising this scan a bit. We aim
1361 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1362 * TX_THRESH_LO we get called again
1363 *
1364 * FIXME: We should round robin between groups and in theory you can
1365 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1366 */
1367
gsm_dlci_data_sweep(struct gsm_mux * gsm)1368 static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
1369 {
1370 /* Priority ordering: We should do priority with RR of the groups */
1371 int i, len, ret = 0;
1372 bool sent;
1373 struct gsm_dlci *dlci;
1374
1375 while (gsm->tx_bytes < TX_THRESH_HI) {
1376 for (sent = false, i = 1; i < NUM_DLCI; i++) {
1377 dlci = gsm->dlci[i];
1378 /* skip unused or blocked channel */
1379 if (!dlci || dlci->constipated)
1380 continue;
1381 /* skip channels with invalid state */
1382 if (dlci->state != DLCI_OPEN)
1383 continue;
1384 /* count the sent data per adaption */
1385 if (dlci->adaption < 3 && !dlci->net)
1386 len = gsm_dlci_data_output(gsm, dlci);
1387 else
1388 len = gsm_dlci_data_output_framed(gsm, dlci);
1389 /* on error exit */
1390 if (len < 0)
1391 return ret;
1392 if (len > 0) {
1393 ret++;
1394 sent = true;
1395 /* The lower DLCs can starve the higher DLCs! */
1396 break;
1397 }
1398 /* try next */
1399 }
1400 if (!sent)
1401 break;
1402 }
1403
1404 return ret;
1405 }
1406
1407 /**
1408 * gsm_dlci_data_kick - transmit if possible
1409 * @dlci: DLCI to kick
1410 *
1411 * Transmit data from this DLCI if the queue is empty. We can't rely on
1412 * a tty wakeup except when we filled the pipe so we need to fire off
1413 * new data ourselves in other cases.
1414 */
1415
gsm_dlci_data_kick(struct gsm_dlci * dlci)1416 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1417 {
1418 unsigned long flags;
1419 int sweep;
1420
1421 if (dlci->constipated)
1422 return;
1423
1424 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1425 /* If we have nothing running then we need to fire up */
1426 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1427 if (dlci->gsm->tx_bytes == 0) {
1428 if (dlci->net)
1429 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1430 else
1431 gsm_dlci_data_output(dlci->gsm, dlci);
1432 }
1433 if (sweep)
1434 gsm_dlci_data_sweep(dlci->gsm);
1435 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1436 }
1437
1438 /*
1439 * Control message processing
1440 */
1441
1442
1443 /**
1444 * gsm_control_command - send a command frame to a control
1445 * @gsm: gsm channel
1446 * @cmd: the command to use
1447 * @data: data to follow encoded info
1448 * @dlen: length of data
1449 *
1450 * Encode up and queue a UI/UIH frame containing our command.
1451 */
gsm_control_command(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1452 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data,
1453 int dlen)
1454 {
1455 struct gsm_msg *msg;
1456 struct gsm_dlci *dlci = gsm->dlci[0];
1457
1458 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1459 if (msg == NULL)
1460 return -ENOMEM;
1461
1462 msg->data[0] = (cmd << 1) | CR | EA; /* Set C/R */
1463 msg->data[1] = (dlen << 1) | EA;
1464 memcpy(msg->data + 2, data, dlen);
1465 gsm_data_queue(dlci, msg);
1466
1467 return 0;
1468 }
1469
1470 /**
1471 * gsm_control_reply - send a response frame to a control
1472 * @gsm: gsm channel
1473 * @cmd: the command to use
1474 * @data: data to follow encoded info
1475 * @dlen: length of data
1476 *
1477 * Encode up and queue a UI/UIH frame containing our response.
1478 */
1479
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1480 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1481 int dlen)
1482 {
1483 struct gsm_msg *msg;
1484 struct gsm_dlci *dlci = gsm->dlci[0];
1485
1486 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1487 if (msg == NULL)
1488 return;
1489 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1490 msg->data[1] = (dlen << 1) | EA;
1491 memcpy(msg->data + 2, data, dlen);
1492 gsm_data_queue(dlci, msg);
1493 }
1494
1495 /**
1496 * gsm_process_modem - process received modem status
1497 * @tty: virtual tty bound to the DLCI
1498 * @dlci: DLCI to affect
1499 * @modem: modem bits (full EA)
1500 * @slen: number of signal octets
1501 *
1502 * Used when a modem control message or line state inline in adaption
1503 * layer 2 is processed. Sort out the local modem state and throttles
1504 */
1505
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int slen)1506 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1507 u32 modem, int slen)
1508 {
1509 int mlines = 0;
1510 u8 brk = 0;
1511 int fc;
1512
1513 /* The modem status command can either contain one octet (V.24 signals)
1514 * or two octets (V.24 signals + break signals). This is specified in
1515 * section 5.4.6.3.7 of the 07.10 mux spec.
1516 */
1517
1518 if (slen == 1)
1519 modem = modem & 0x7f;
1520 else {
1521 brk = modem & 0x7f;
1522 modem = (modem >> 7) & 0x7f;
1523 }
1524
1525 /* Flow control/ready to communicate */
1526 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1527 if (fc && !dlci->constipated) {
1528 /* Need to throttle our output on this device */
1529 dlci->constipated = true;
1530 } else if (!fc && dlci->constipated) {
1531 dlci->constipated = false;
1532 gsm_dlci_data_kick(dlci);
1533 }
1534
1535 /* Map modem bits */
1536 if (modem & MDM_RTC)
1537 mlines |= TIOCM_DSR | TIOCM_DTR;
1538 if (modem & MDM_RTR)
1539 mlines |= TIOCM_RTS | TIOCM_CTS;
1540 if (modem & MDM_IC)
1541 mlines |= TIOCM_RI;
1542 if (modem & MDM_DV)
1543 mlines |= TIOCM_CD;
1544
1545 /* Carrier drop -> hangup */
1546 if (tty) {
1547 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1548 if (!C_CLOCAL(tty))
1549 tty_hangup(tty);
1550 }
1551 if (brk & 0x01)
1552 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1553 dlci->modem_rx = mlines;
1554 wake_up_interruptible(&dlci->gsm->event);
1555 }
1556
1557 /**
1558 * gsm_process_negotiation - process received parameters
1559 * @gsm: GSM channel
1560 * @addr: DLCI address
1561 * @cr: command/response
1562 * @params: encoded parameters from the parameter negotiation message
1563 *
1564 * Used when the response for our parameter negotiation command was
1565 * received.
1566 */
gsm_process_negotiation(struct gsm_mux * gsm,unsigned int addr,unsigned int cr,const struct gsm_dlci_param_bits * params)1567 static int gsm_process_negotiation(struct gsm_mux *gsm, unsigned int addr,
1568 unsigned int cr,
1569 const struct gsm_dlci_param_bits *params)
1570 {
1571 struct gsm_dlci *dlci = gsm->dlci[addr];
1572 unsigned int ftype, i, adaption, prio, n1, k;
1573
1574 i = FIELD_GET(PN_I_CL_FIELD_FTYPE, params->i_cl_bits);
1575 adaption = FIELD_GET(PN_I_CL_FIELD_ADAPTION, params->i_cl_bits) + 1;
1576 prio = FIELD_GET(PN_P_FIELD_PRIO, params->p_bits);
1577 n1 = FIELD_GET(PN_N_FIELD_N1, get_unaligned_le16(¶ms->n_bits));
1578 k = FIELD_GET(PN_K_FIELD_K, params->k_bits);
1579
1580 if (n1 < MIN_MTU) {
1581 if (debug & DBG_ERRORS)
1582 pr_info("%s N1 out of range in PN\n", __func__);
1583 return -EINVAL;
1584 }
1585
1586 switch (i) {
1587 case 0x00:
1588 ftype = UIH;
1589 break;
1590 case 0x01:
1591 ftype = UI;
1592 break;
1593 case 0x02: /* I frames are not supported */
1594 if (debug & DBG_ERRORS)
1595 pr_info("%s unsupported I frame request in PN\n",
1596 __func__);
1597 gsm->unsupported++;
1598 return -EINVAL;
1599 default:
1600 if (debug & DBG_ERRORS)
1601 pr_info("%s i out of range in PN\n", __func__);
1602 return -EINVAL;
1603 }
1604
1605 if (!cr && gsm->initiator) {
1606 if (adaption != dlci->adaption) {
1607 if (debug & DBG_ERRORS)
1608 pr_info("%s invalid adaption %d in PN\n",
1609 __func__, adaption);
1610 return -EINVAL;
1611 }
1612 if (prio != dlci->prio) {
1613 if (debug & DBG_ERRORS)
1614 pr_info("%s invalid priority %d in PN",
1615 __func__, prio);
1616 return -EINVAL;
1617 }
1618 if (n1 > gsm->mru || n1 > dlci->mtu) {
1619 /* We requested a frame size but the other party wants
1620 * to send larger frames. The standard allows only a
1621 * smaller response value than requested (5.4.6.3.1).
1622 */
1623 if (debug & DBG_ERRORS)
1624 pr_info("%s invalid N1 %d in PN\n", __func__,
1625 n1);
1626 return -EINVAL;
1627 }
1628 dlci->mtu = n1;
1629 if (ftype != dlci->ftype) {
1630 if (debug & DBG_ERRORS)
1631 pr_info("%s invalid i %d in PN\n", __func__, i);
1632 return -EINVAL;
1633 }
1634 if (ftype != UI && ftype != UIH && k > dlci->k) {
1635 if (debug & DBG_ERRORS)
1636 pr_info("%s invalid k %d in PN\n", __func__, k);
1637 return -EINVAL;
1638 }
1639 dlci->k = k;
1640 } else if (cr && !gsm->initiator) {
1641 /* Only convergence layer type 1 and 2 are supported. */
1642 if (adaption != 1 && adaption != 2) {
1643 if (debug & DBG_ERRORS)
1644 pr_info("%s invalid adaption %d in PN\n",
1645 __func__, adaption);
1646 return -EINVAL;
1647 }
1648 dlci->adaption = adaption;
1649 if (n1 > gsm->mru) {
1650 /* Propose a smaller value */
1651 dlci->mtu = gsm->mru;
1652 } else if (n1 > MAX_MTU) {
1653 /* Propose a smaller value */
1654 dlci->mtu = MAX_MTU;
1655 } else {
1656 dlci->mtu = n1;
1657 }
1658 dlci->prio = prio;
1659 dlci->ftype = ftype;
1660 dlci->k = k;
1661 } else {
1662 return -EINVAL;
1663 }
1664
1665 return 0;
1666 }
1667
1668 /**
1669 * gsm_control_modem - modem status received
1670 * @gsm: GSM channel
1671 * @data: data following command
1672 * @clen: command length
1673 *
1674 * We have received a modem status control message. This is used by
1675 * the GSM mux protocol to pass virtual modem line status and optionally
1676 * to indicate break signals. Unpack it, convert to Linux representation
1677 * and if need be stuff a break message down the tty.
1678 */
1679
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1680 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1681 {
1682 unsigned int addr = 0;
1683 unsigned int modem = 0;
1684 struct gsm_dlci *dlci;
1685 int len = clen;
1686 int cl = clen;
1687 const u8 *dp = data;
1688 struct tty_struct *tty;
1689
1690 len = gsm_read_ea_val(&addr, data, cl);
1691 if (len < 1)
1692 return;
1693
1694 addr >>= 1;
1695 /* Closed port, or invalid ? */
1696 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1697 return;
1698 dlci = gsm->dlci[addr];
1699
1700 /* Must be at least one byte following the EA */
1701 if ((cl - len) < 1)
1702 return;
1703
1704 dp += len;
1705 cl -= len;
1706
1707 /* get the modem status */
1708 len = gsm_read_ea_val(&modem, dp, cl);
1709 if (len < 1)
1710 return;
1711
1712 tty = tty_port_tty_get(&dlci->port);
1713 gsm_process_modem(tty, dlci, modem, cl);
1714 if (tty) {
1715 tty_wakeup(tty);
1716 tty_kref_put(tty);
1717 }
1718 gsm_control_reply(gsm, CMD_MSC, data, clen);
1719 }
1720
1721 /**
1722 * gsm_control_negotiation - parameter negotiation received
1723 * @gsm: GSM channel
1724 * @cr: command/response flag
1725 * @data: data following command
1726 * @dlen: data length
1727 *
1728 * We have received a parameter negotiation message. This is used by
1729 * the GSM mux protocol to configure protocol parameters for a new DLCI.
1730 */
gsm_control_negotiation(struct gsm_mux * gsm,unsigned int cr,const u8 * data,unsigned int dlen)1731 static void gsm_control_negotiation(struct gsm_mux *gsm, unsigned int cr,
1732 const u8 *data, unsigned int dlen)
1733 {
1734 unsigned int addr;
1735 struct gsm_dlci_param_bits pn_reply;
1736 struct gsm_dlci *dlci;
1737 struct gsm_dlci_param_bits *params;
1738
1739 if (dlen < sizeof(struct gsm_dlci_param_bits)) {
1740 gsm->open_error++;
1741 return;
1742 }
1743
1744 /* Invalid DLCI? */
1745 params = (struct gsm_dlci_param_bits *)data;
1746 addr = FIELD_GET(PN_D_FIELD_DLCI, params->d_bits);
1747 if (addr == 0 || addr >= NUM_DLCI || !gsm->dlci[addr]) {
1748 gsm->open_error++;
1749 return;
1750 }
1751 dlci = gsm->dlci[addr];
1752
1753 /* Too late for parameter negotiation? */
1754 if ((!cr && dlci->state == DLCI_OPENING) || dlci->state == DLCI_OPEN) {
1755 gsm->open_error++;
1756 return;
1757 }
1758
1759 /* Process the received parameters */
1760 if (gsm_process_negotiation(gsm, addr, cr, params) != 0) {
1761 /* Negotiation failed. Close the link. */
1762 if (debug & DBG_ERRORS)
1763 pr_info("%s PN failed\n", __func__);
1764 gsm->open_error++;
1765 gsm_dlci_close(dlci);
1766 return;
1767 }
1768
1769 if (cr) {
1770 /* Reply command with accepted parameters. */
1771 if (gsm_encode_params(dlci, &pn_reply) == 0)
1772 gsm_control_reply(gsm, CMD_PN, (const u8 *)&pn_reply,
1773 sizeof(pn_reply));
1774 else if (debug & DBG_ERRORS)
1775 pr_info("%s PN invalid\n", __func__);
1776 } else if (dlci->state == DLCI_CONFIGURE) {
1777 /* Proceed with link setup by sending SABM before UA */
1778 dlci->state = DLCI_OPENING;
1779 gsm_command(gsm, dlci->addr, SABM|PF);
1780 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1781 } else {
1782 if (debug & DBG_ERRORS)
1783 pr_info("%s PN in invalid state\n", __func__);
1784 gsm->open_error++;
1785 }
1786 }
1787
1788 /**
1789 * gsm_control_rls - remote line status
1790 * @gsm: GSM channel
1791 * @data: data bytes
1792 * @clen: data length
1793 *
1794 * The modem sends us a two byte message on the control channel whenever
1795 * it wishes to send us an error state from the virtual link. Stuff
1796 * this into the uplink tty if present
1797 */
1798
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1799 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1800 {
1801 struct tty_port *port;
1802 unsigned int addr = 0;
1803 u8 bits;
1804 int len = clen;
1805 const u8 *dp = data;
1806
1807 while (gsm_read_ea(&addr, *dp++) == 0) {
1808 len--;
1809 if (len == 0)
1810 return;
1811 }
1812 /* Must be at least one byte following ea */
1813 len--;
1814 if (len <= 0)
1815 return;
1816 addr >>= 1;
1817 /* Closed port, or invalid ? */
1818 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1819 return;
1820 /* No error ? */
1821 bits = *dp;
1822 if ((bits & 1) == 0)
1823 return;
1824
1825 port = &gsm->dlci[addr]->port;
1826
1827 if (bits & 2)
1828 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1829 if (bits & 4)
1830 tty_insert_flip_char(port, 0, TTY_PARITY);
1831 if (bits & 8)
1832 tty_insert_flip_char(port, 0, TTY_FRAME);
1833
1834 tty_flip_buffer_push(port);
1835
1836 gsm_control_reply(gsm, CMD_RLS, data, clen);
1837 }
1838
1839 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1840
1841 /**
1842 * gsm_control_message - DLCI 0 control processing
1843 * @gsm: our GSM mux
1844 * @command: the command EA
1845 * @data: data beyond the command/length EAs
1846 * @clen: length
1847 *
1848 * Input processor for control messages from the other end of the link.
1849 * Processes the incoming request and queues a response frame or an
1850 * NSC response if not supported
1851 */
1852
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1853 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1854 const u8 *data, int clen)
1855 {
1856 u8 buf[1];
1857
1858 switch (command) {
1859 case CMD_CLD: {
1860 struct gsm_dlci *dlci = gsm->dlci[0];
1861 /* Modem wishes to close down */
1862 if (dlci) {
1863 dlci->dead = true;
1864 gsm->dead = true;
1865 gsm_dlci_begin_close(dlci);
1866 }
1867 }
1868 break;
1869 case CMD_TEST:
1870 /* Modem wishes to test, reply with the data */
1871 gsm_control_reply(gsm, CMD_TEST, data, clen);
1872 break;
1873 case CMD_FCON:
1874 /* Modem can accept data again */
1875 gsm->constipated = false;
1876 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1877 /* Kick the link in case it is idling */
1878 gsmld_write_trigger(gsm);
1879 break;
1880 case CMD_FCOFF:
1881 /* Modem wants us to STFU */
1882 gsm->constipated = true;
1883 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1884 break;
1885 case CMD_MSC:
1886 /* Out of band modem line change indicator for a DLCI */
1887 gsm_control_modem(gsm, data, clen);
1888 break;
1889 case CMD_RLS:
1890 /* Out of band error reception for a DLCI */
1891 gsm_control_rls(gsm, data, clen);
1892 break;
1893 case CMD_PSC:
1894 /* Modem wishes to enter power saving state */
1895 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1896 break;
1897 /* Optional commands */
1898 case CMD_PN:
1899 /* Modem sends a parameter negotiation command */
1900 gsm_control_negotiation(gsm, 1, data, clen);
1901 break;
1902 /* Optional unsupported commands */
1903 case CMD_RPN: /* Remote port negotiation */
1904 case CMD_SNC: /* Service negotiation command */
1905 gsm->unsupported++;
1906 fallthrough;
1907 default:
1908 /* Reply to bad commands with an NSC */
1909 buf[0] = command;
1910 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1911 break;
1912 }
1913 }
1914
1915 /**
1916 * gsm_control_response - process a response to our control
1917 * @gsm: our GSM mux
1918 * @command: the command (response) EA
1919 * @data: data beyond the command/length EA
1920 * @clen: length
1921 *
1922 * Process a response to an outstanding command. We only allow a single
1923 * control message in flight so this is fairly easy. All the clean up
1924 * is done by the caller, we just update the fields, flag it as done
1925 * and return
1926 */
1927
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1928 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1929 const u8 *data, int clen)
1930 {
1931 struct gsm_control *ctrl;
1932 struct gsm_dlci *dlci;
1933 unsigned long flags;
1934
1935 spin_lock_irqsave(&gsm->control_lock, flags);
1936
1937 ctrl = gsm->pending_cmd;
1938 dlci = gsm->dlci[0];
1939 command |= 1;
1940 /* Does the reply match our command */
1941 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1942 /* Our command was replied to, kill the retry timer */
1943 del_timer(&gsm->t2_timer);
1944 gsm->pending_cmd = NULL;
1945 /* Rejected by the other end */
1946 if (command == CMD_NSC)
1947 ctrl->error = -EOPNOTSUPP;
1948 ctrl->done = 1;
1949 wake_up(&gsm->event);
1950 /* Or did we receive the PN response to our PN command */
1951 } else if (command == CMD_PN) {
1952 gsm_control_negotiation(gsm, 0, data, clen);
1953 /* Or did we receive the TEST response to our TEST command */
1954 } else if (command == CMD_TEST && clen == 1 && *data == gsm->ka_num) {
1955 gsm->ka_retries = -1; /* trigger new keep-alive message */
1956 if (dlci && !dlci->dead)
1957 mod_timer(&gsm->ka_timer, jiffies + gsm->keep_alive * HZ / 100);
1958 }
1959 spin_unlock_irqrestore(&gsm->control_lock, flags);
1960 }
1961
1962 /**
1963 * gsm_control_keep_alive - check timeout or start keep-alive
1964 * @t: timer contained in our gsm object
1965 *
1966 * Called off the keep-alive timer expiry signaling that our link
1967 * partner is not responding anymore. Link will be closed.
1968 * This is also called to startup our timer.
1969 */
1970
gsm_control_keep_alive(struct timer_list * t)1971 static void gsm_control_keep_alive(struct timer_list *t)
1972 {
1973 struct gsm_mux *gsm = from_timer(gsm, t, ka_timer);
1974 unsigned long flags;
1975
1976 spin_lock_irqsave(&gsm->control_lock, flags);
1977 if (gsm->ka_num && gsm->ka_retries == 0) {
1978 /* Keep-alive expired -> close the link */
1979 if (debug & DBG_ERRORS)
1980 pr_debug("%s keep-alive timed out\n", __func__);
1981 spin_unlock_irqrestore(&gsm->control_lock, flags);
1982 if (gsm->dlci[0])
1983 gsm_dlci_begin_close(gsm->dlci[0]);
1984 return;
1985 } else if (gsm->keep_alive && gsm->dlci[0] && !gsm->dlci[0]->dead) {
1986 if (gsm->ka_retries > 0) {
1987 /* T2 expired for keep-alive -> resend */
1988 gsm->ka_retries--;
1989 } else {
1990 /* Start keep-alive timer */
1991 gsm->ka_num++;
1992 if (!gsm->ka_num)
1993 gsm->ka_num++;
1994 gsm->ka_retries = (signed int)gsm->n2;
1995 }
1996 gsm_control_command(gsm, CMD_TEST, &gsm->ka_num,
1997 sizeof(gsm->ka_num));
1998 mod_timer(&gsm->ka_timer,
1999 jiffies + gsm->t2 * HZ / 100);
2000 }
2001 spin_unlock_irqrestore(&gsm->control_lock, flags);
2002 }
2003
2004 /**
2005 * gsm_control_transmit - send control packet
2006 * @gsm: gsm mux
2007 * @ctrl: frame to send
2008 *
2009 * Send out a pending control command (called under control lock)
2010 */
2011
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)2012 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
2013 {
2014 gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len);
2015 }
2016
2017 /**
2018 * gsm_control_retransmit - retransmit a control frame
2019 * @t: timer contained in our gsm object
2020 *
2021 * Called off the T2 timer expiry in order to retransmit control frames
2022 * that have been lost in the system somewhere. The control_lock protects
2023 * us from colliding with another sender or a receive completion event.
2024 * In that situation the timer may still occur in a small window but
2025 * gsm->pending_cmd will be NULL and we just let the timer expire.
2026 */
2027
gsm_control_retransmit(struct timer_list * t)2028 static void gsm_control_retransmit(struct timer_list *t)
2029 {
2030 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
2031 struct gsm_control *ctrl;
2032 unsigned long flags;
2033 spin_lock_irqsave(&gsm->control_lock, flags);
2034 ctrl = gsm->pending_cmd;
2035 if (ctrl) {
2036 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
2037 gsm->pending_cmd = NULL;
2038 ctrl->error = -ETIMEDOUT;
2039 ctrl->done = 1;
2040 spin_unlock_irqrestore(&gsm->control_lock, flags);
2041 wake_up(&gsm->event);
2042 return;
2043 }
2044 gsm->cretries--;
2045 gsm_control_transmit(gsm, ctrl);
2046 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2047 }
2048 spin_unlock_irqrestore(&gsm->control_lock, flags);
2049 }
2050
2051 /**
2052 * gsm_control_send - send a control frame on DLCI 0
2053 * @gsm: the GSM channel
2054 * @command: command to send including CR bit
2055 * @data: bytes of data (must be kmalloced)
2056 * @clen: length of the block to send
2057 *
2058 * Queue and dispatch a control command. Only one command can be
2059 * active at a time. In theory more can be outstanding but the matching
2060 * gets really complicated so for now stick to one outstanding.
2061 */
2062
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)2063 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
2064 unsigned int command, u8 *data, int clen)
2065 {
2066 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
2067 GFP_ATOMIC);
2068 unsigned long flags;
2069 if (ctrl == NULL)
2070 return NULL;
2071 retry:
2072 wait_event(gsm->event, gsm->pending_cmd == NULL);
2073 spin_lock_irqsave(&gsm->control_lock, flags);
2074 if (gsm->pending_cmd != NULL) {
2075 spin_unlock_irqrestore(&gsm->control_lock, flags);
2076 goto retry;
2077 }
2078 ctrl->cmd = command;
2079 ctrl->data = data;
2080 ctrl->len = clen;
2081 gsm->pending_cmd = ctrl;
2082
2083 /* If DLCI0 is in ADM mode skip retries, it won't respond */
2084 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
2085 gsm->cretries = 0;
2086 else
2087 gsm->cretries = gsm->n2;
2088
2089 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2090 gsm_control_transmit(gsm, ctrl);
2091 spin_unlock_irqrestore(&gsm->control_lock, flags);
2092 return ctrl;
2093 }
2094
2095 /**
2096 * gsm_control_wait - wait for a control to finish
2097 * @gsm: GSM mux
2098 * @control: control we are waiting on
2099 *
2100 * Waits for the control to complete or time out. Frees any used
2101 * resources and returns 0 for success, or an error if the remote
2102 * rejected or ignored the request.
2103 */
2104
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)2105 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
2106 {
2107 int err;
2108 wait_event(gsm->event, control->done == 1);
2109 err = control->error;
2110 kfree(control);
2111 return err;
2112 }
2113
2114
2115 /*
2116 * DLCI level handling: Needs krefs
2117 */
2118
2119 /*
2120 * State transitions and timers
2121 */
2122
2123 /**
2124 * gsm_dlci_close - a DLCI has closed
2125 * @dlci: DLCI that closed
2126 *
2127 * Perform processing when moving a DLCI into closed state. If there
2128 * is an attached tty this is hung up
2129 */
2130
gsm_dlci_close(struct gsm_dlci * dlci)2131 static void gsm_dlci_close(struct gsm_dlci *dlci)
2132 {
2133 del_timer(&dlci->t1);
2134 if (debug & DBG_ERRORS)
2135 pr_debug("DLCI %d goes closed.\n", dlci->addr);
2136 dlci->state = DLCI_CLOSED;
2137 /* Prevent us from sending data before the link is up again */
2138 dlci->constipated = true;
2139 if (dlci->addr != 0) {
2140 tty_port_tty_hangup(&dlci->port, false);
2141 gsm_dlci_clear_queues(dlci->gsm, dlci);
2142 /* Ensure that gsmtty_open() can return. */
2143 tty_port_set_initialized(&dlci->port, false);
2144 wake_up_interruptible(&dlci->port.open_wait);
2145 } else {
2146 del_timer(&dlci->gsm->ka_timer);
2147 dlci->gsm->dead = true;
2148 }
2149 /* A DLCI 0 close is a MUX termination so we need to kick that
2150 back to userspace somehow */
2151 gsm_dlci_data_kick(dlci);
2152 wake_up_all(&dlci->gsm->event);
2153 }
2154
2155 /**
2156 * gsm_dlci_open - a DLCI has opened
2157 * @dlci: DLCI that opened
2158 *
2159 * Perform processing when moving a DLCI into open state.
2160 */
2161
gsm_dlci_open(struct gsm_dlci * dlci)2162 static void gsm_dlci_open(struct gsm_dlci *dlci)
2163 {
2164 struct gsm_mux *gsm = dlci->gsm;
2165
2166 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
2167 open -> open */
2168 del_timer(&dlci->t1);
2169 /* This will let a tty open continue */
2170 dlci->state = DLCI_OPEN;
2171 dlci->constipated = false;
2172 if (debug & DBG_ERRORS)
2173 pr_debug("DLCI %d goes open.\n", dlci->addr);
2174 /* Send current modem state */
2175 if (dlci->addr) {
2176 gsm_modem_update(dlci, 0);
2177 } else {
2178 /* Start keep-alive control */
2179 gsm->ka_num = 0;
2180 gsm->ka_retries = -1;
2181 mod_timer(&gsm->ka_timer,
2182 jiffies + gsm->keep_alive * HZ / 100);
2183 }
2184 gsm_dlci_data_kick(dlci);
2185 wake_up(&dlci->gsm->event);
2186 }
2187
2188 /**
2189 * gsm_dlci_negotiate - start parameter negotiation
2190 * @dlci: DLCI to open
2191 *
2192 * Starts the parameter negotiation for the new DLCI. This needs to be done
2193 * before the DLCI initialized the channel via SABM.
2194 */
gsm_dlci_negotiate(struct gsm_dlci * dlci)2195 static int gsm_dlci_negotiate(struct gsm_dlci *dlci)
2196 {
2197 struct gsm_mux *gsm = dlci->gsm;
2198 struct gsm_dlci_param_bits params;
2199 int ret;
2200
2201 ret = gsm_encode_params(dlci, ¶ms);
2202 if (ret != 0)
2203 return ret;
2204
2205 /* We cannot asynchronous wait for the command response with
2206 * gsm_command() and gsm_control_wait() at this point.
2207 */
2208 ret = gsm_control_command(gsm, CMD_PN, (const u8 *)¶ms,
2209 sizeof(params));
2210
2211 return ret;
2212 }
2213
2214 /**
2215 * gsm_dlci_t1 - T1 timer expiry
2216 * @t: timer contained in the DLCI that opened
2217 *
2218 * The T1 timer handles retransmits of control frames (essentially of
2219 * SABM and DISC). We resend the command until the retry count runs out
2220 * in which case an opening port goes back to closed and a closing port
2221 * is simply put into closed state (any further frames from the other
2222 * end will get a DM response)
2223 *
2224 * Some control dlci can stay in ADM mode with other dlci working just
2225 * fine. In that case we can just keep the control dlci open after the
2226 * DLCI_OPENING retries time out.
2227 */
2228
gsm_dlci_t1(struct timer_list * t)2229 static void gsm_dlci_t1(struct timer_list *t)
2230 {
2231 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
2232 struct gsm_mux *gsm = dlci->gsm;
2233
2234 switch (dlci->state) {
2235 case DLCI_CONFIGURE:
2236 if (dlci->retries && gsm_dlci_negotiate(dlci) == 0) {
2237 dlci->retries--;
2238 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2239 } else {
2240 gsm->open_error++;
2241 gsm_dlci_begin_close(dlci); /* prevent half open link */
2242 }
2243 break;
2244 case DLCI_OPENING:
2245 if (dlci->retries) {
2246 dlci->retries--;
2247 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
2248 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2249 } else if (!dlci->addr && gsm->control == (DM | PF)) {
2250 if (debug & DBG_ERRORS)
2251 pr_info("DLCI %d opening in ADM mode.\n",
2252 dlci->addr);
2253 dlci->mode = DLCI_MODE_ADM;
2254 gsm_dlci_open(dlci);
2255 } else {
2256 gsm->open_error++;
2257 gsm_dlci_begin_close(dlci); /* prevent half open link */
2258 }
2259
2260 break;
2261 case DLCI_CLOSING:
2262 if (dlci->retries) {
2263 dlci->retries--;
2264 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2265 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2266 } else
2267 gsm_dlci_close(dlci);
2268 break;
2269 default:
2270 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
2271 break;
2272 }
2273 }
2274
2275 /**
2276 * gsm_dlci_begin_open - start channel open procedure
2277 * @dlci: DLCI to open
2278 *
2279 * Commence opening a DLCI from the Linux side. We issue SABM messages
2280 * to the modem which should then reply with a UA or ADM, at which point
2281 * we will move into open state. Opening is done asynchronously with retry
2282 * running off timers and the responses.
2283 * Parameter negotiation is performed before SABM if required.
2284 */
2285
gsm_dlci_begin_open(struct gsm_dlci * dlci)2286 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
2287 {
2288 struct gsm_mux *gsm = dlci ? dlci->gsm : NULL;
2289 bool need_pn = false;
2290
2291 if (!gsm)
2292 return;
2293
2294 if (dlci->addr != 0) {
2295 if (gsm->adaption != 1 || gsm->adaption != dlci->adaption)
2296 need_pn = true;
2297 if (dlci->prio != (roundup(dlci->addr + 1, 8) - 1))
2298 need_pn = true;
2299 if (gsm->ftype != dlci->ftype)
2300 need_pn = true;
2301 }
2302
2303 switch (dlci->state) {
2304 case DLCI_CLOSED:
2305 case DLCI_WAITING_CONFIG:
2306 case DLCI_CLOSING:
2307 dlci->retries = gsm->n2;
2308 if (!need_pn) {
2309 dlci->state = DLCI_OPENING;
2310 gsm_command(gsm, dlci->addr, SABM|PF);
2311 } else {
2312 /* Configure DLCI before setup */
2313 dlci->state = DLCI_CONFIGURE;
2314 if (gsm_dlci_negotiate(dlci) != 0) {
2315 gsm_dlci_close(dlci);
2316 return;
2317 }
2318 }
2319 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2320 break;
2321 default:
2322 break;
2323 }
2324 }
2325
2326 /**
2327 * gsm_dlci_set_opening - change state to opening
2328 * @dlci: DLCI to open
2329 *
2330 * Change internal state to wait for DLCI open from initiator side.
2331 * We set off timers and responses upon reception of an SABM.
2332 */
gsm_dlci_set_opening(struct gsm_dlci * dlci)2333 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
2334 {
2335 switch (dlci->state) {
2336 case DLCI_CLOSED:
2337 case DLCI_WAITING_CONFIG:
2338 case DLCI_CLOSING:
2339 dlci->state = DLCI_OPENING;
2340 break;
2341 default:
2342 break;
2343 }
2344 }
2345
2346 /**
2347 * gsm_dlci_set_wait_config - wait for channel configuration
2348 * @dlci: DLCI to configure
2349 *
2350 * Wait for a DLCI configuration from the application.
2351 */
gsm_dlci_set_wait_config(struct gsm_dlci * dlci)2352 static void gsm_dlci_set_wait_config(struct gsm_dlci *dlci)
2353 {
2354 switch (dlci->state) {
2355 case DLCI_CLOSED:
2356 case DLCI_CLOSING:
2357 dlci->state = DLCI_WAITING_CONFIG;
2358 break;
2359 default:
2360 break;
2361 }
2362 }
2363
2364 /**
2365 * gsm_dlci_begin_close - start channel open procedure
2366 * @dlci: DLCI to open
2367 *
2368 * Commence closing a DLCI from the Linux side. We issue DISC messages
2369 * to the modem which should then reply with a UA, at which point we
2370 * will move into closed state. Closing is done asynchronously with retry
2371 * off timers. We may also receive a DM reply from the other end which
2372 * indicates the channel was already closed.
2373 */
2374
gsm_dlci_begin_close(struct gsm_dlci * dlci)2375 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
2376 {
2377 struct gsm_mux *gsm = dlci->gsm;
2378 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
2379 return;
2380 dlci->retries = gsm->n2;
2381 dlci->state = DLCI_CLOSING;
2382 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2383 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2384 wake_up_interruptible(&gsm->event);
2385 }
2386
2387 /**
2388 * gsm_dlci_data - data arrived
2389 * @dlci: channel
2390 * @data: block of bytes received
2391 * @clen: length of received block
2392 *
2393 * A UI or UIH frame has arrived which contains data for a channel
2394 * other than the control channel. If the relevant virtual tty is
2395 * open we shovel the bits down it, if not we drop them.
2396 */
2397
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)2398 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
2399 {
2400 /* krefs .. */
2401 struct tty_port *port = &dlci->port;
2402 struct tty_struct *tty;
2403 unsigned int modem = 0;
2404 int len;
2405
2406 if (debug & DBG_TTY)
2407 pr_debug("%d bytes for tty\n", clen);
2408 switch (dlci->adaption) {
2409 /* Unsupported types */
2410 case 4: /* Packetised interruptible data */
2411 break;
2412 case 3: /* Packetised uininterruptible voice/data */
2413 break;
2414 case 2: /* Asynchronous serial with line state in each frame */
2415 len = gsm_read_ea_val(&modem, data, clen);
2416 if (len < 1)
2417 return;
2418 tty = tty_port_tty_get(port);
2419 if (tty) {
2420 gsm_process_modem(tty, dlci, modem, len);
2421 tty_wakeup(tty);
2422 tty_kref_put(tty);
2423 }
2424 /* Skip processed modem data */
2425 data += len;
2426 clen -= len;
2427 fallthrough;
2428 case 1: /* Line state will go via DLCI 0 controls only */
2429 default:
2430 tty_insert_flip_string(port, data, clen);
2431 tty_flip_buffer_push(port);
2432 }
2433 }
2434
2435 /**
2436 * gsm_dlci_command - data arrived on control channel
2437 * @dlci: channel
2438 * @data: block of bytes received
2439 * @len: length of received block
2440 *
2441 * A UI or UIH frame has arrived which contains data for DLCI 0 the
2442 * control channel. This should contain a command EA followed by
2443 * control data bytes. The command EA contains a command/response bit
2444 * and we divide up the work accordingly.
2445 */
2446
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)2447 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
2448 {
2449 /* See what command is involved */
2450 unsigned int command = 0;
2451 unsigned int clen = 0;
2452 unsigned int dlen;
2453
2454 /* read the command */
2455 dlen = gsm_read_ea_val(&command, data, len);
2456 len -= dlen;
2457 data += dlen;
2458
2459 /* read any control data */
2460 dlen = gsm_read_ea_val(&clen, data, len);
2461 len -= dlen;
2462 data += dlen;
2463
2464 /* Malformed command? */
2465 if (clen > len) {
2466 dlci->gsm->malformed++;
2467 return;
2468 }
2469
2470 if (command & 1)
2471 gsm_control_message(dlci->gsm, command, data, clen);
2472 else
2473 gsm_control_response(dlci->gsm, command, data, clen);
2474 }
2475
2476 /**
2477 * gsm_kick_timer - transmit if possible
2478 * @t: timer contained in our gsm object
2479 *
2480 * Transmit data from DLCIs if the queue is empty. We can't rely on
2481 * a tty wakeup except when we filled the pipe so we need to fire off
2482 * new data ourselves in other cases.
2483 */
gsm_kick_timer(struct timer_list * t)2484 static void gsm_kick_timer(struct timer_list *t)
2485 {
2486 struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
2487 unsigned long flags;
2488 int sent = 0;
2489
2490 spin_lock_irqsave(&gsm->tx_lock, flags);
2491 /* If we have nothing running then we need to fire up */
2492 if (gsm->tx_bytes < TX_THRESH_LO)
2493 sent = gsm_dlci_data_sweep(gsm);
2494 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2495
2496 if (sent && debug & DBG_DATA)
2497 pr_info("%s TX queue stalled\n", __func__);
2498 }
2499
2500 /**
2501 * gsm_dlci_copy_config_values - copy DLCI configuration
2502 * @dlci: source DLCI
2503 * @dc: configuration structure to fill
2504 */
gsm_dlci_copy_config_values(struct gsm_dlci * dlci,struct gsm_dlci_config * dc)2505 static void gsm_dlci_copy_config_values(struct gsm_dlci *dlci, struct gsm_dlci_config *dc)
2506 {
2507 memset(dc, 0, sizeof(*dc));
2508 dc->channel = (u32)dlci->addr;
2509 dc->adaption = (u32)dlci->adaption;
2510 dc->mtu = (u32)dlci->mtu;
2511 dc->priority = (u32)dlci->prio;
2512 if (dlci->ftype == UIH)
2513 dc->i = 1;
2514 else
2515 dc->i = 2;
2516 dc->k = (u32)dlci->k;
2517 }
2518
2519 /**
2520 * gsm_dlci_config - configure DLCI from configuration
2521 * @dlci: DLCI to configure
2522 * @dc: DLCI configuration
2523 * @open: open DLCI after configuration?
2524 */
gsm_dlci_config(struct gsm_dlci * dlci,struct gsm_dlci_config * dc,int open)2525 static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, int open)
2526 {
2527 struct gsm_mux *gsm;
2528 bool need_restart = false;
2529 bool need_open = false;
2530 unsigned int i;
2531
2532 /*
2533 * Check that userspace doesn't put stuff in here to prevent breakages
2534 * in the future.
2535 */
2536 for (i = 0; i < ARRAY_SIZE(dc->reserved); i++)
2537 if (dc->reserved[i])
2538 return -EINVAL;
2539
2540 if (!dlci)
2541 return -EINVAL;
2542 gsm = dlci->gsm;
2543
2544 /* Stuff we don't support yet - I frame transport */
2545 if (dc->adaption != 1 && dc->adaption != 2)
2546 return -EOPNOTSUPP;
2547 if (dc->mtu > MAX_MTU || dc->mtu < MIN_MTU || dc->mtu > gsm->mru)
2548 return -EINVAL;
2549 if (dc->priority >= 64)
2550 return -EINVAL;
2551 if (dc->i == 0 || dc->i > 2) /* UIH and UI only */
2552 return -EINVAL;
2553 if (dc->k > 7)
2554 return -EINVAL;
2555 if (dc->flags & ~GSM_FL_RESTART) /* allow future extensions */
2556 return -EINVAL;
2557
2558 /*
2559 * See what is needed for reconfiguration
2560 */
2561 /* Framing fields */
2562 if (dc->adaption != dlci->adaption)
2563 need_restart = true;
2564 if (dc->mtu != dlci->mtu)
2565 need_restart = true;
2566 if (dc->i != dlci->ftype)
2567 need_restart = true;
2568 /* Requires care */
2569 if (dc->priority != dlci->prio)
2570 need_restart = true;
2571 if (dc->flags & GSM_FL_RESTART)
2572 need_restart = true;
2573
2574 if ((open && gsm->wait_config) || need_restart)
2575 need_open = true;
2576 if (dlci->state == DLCI_WAITING_CONFIG) {
2577 need_restart = false;
2578 need_open = true;
2579 }
2580
2581 /*
2582 * Close down what is needed, restart and initiate the new
2583 * configuration.
2584 */
2585 if (need_restart) {
2586 gsm_dlci_begin_close(dlci);
2587 wait_event_interruptible(gsm->event, dlci->state == DLCI_CLOSED);
2588 if (signal_pending(current))
2589 return -EINTR;
2590 }
2591 /*
2592 * Setup the new configuration values
2593 */
2594 dlci->adaption = (int)dc->adaption;
2595
2596 if (dc->mtu)
2597 dlci->mtu = (unsigned int)dc->mtu;
2598 else
2599 dlci->mtu = gsm->mtu;
2600
2601 if (dc->priority)
2602 dlci->prio = (u8)dc->priority;
2603 else
2604 dlci->prio = roundup(dlci->addr + 1, 8) - 1;
2605
2606 if (dc->i == 1)
2607 dlci->ftype = UIH;
2608 else if (dc->i == 2)
2609 dlci->ftype = UI;
2610
2611 if (dc->k)
2612 dlci->k = (u8)dc->k;
2613 else
2614 dlci->k = gsm->k;
2615
2616 if (need_open) {
2617 if (gsm->initiator)
2618 gsm_dlci_begin_open(dlci);
2619 else
2620 gsm_dlci_set_opening(dlci);
2621 }
2622
2623 return 0;
2624 }
2625
2626 /*
2627 * Allocate/Free DLCI channels
2628 */
2629
2630 /**
2631 * gsm_dlci_alloc - allocate a DLCI
2632 * @gsm: GSM mux
2633 * @addr: address of the DLCI
2634 *
2635 * Allocate and install a new DLCI object into the GSM mux.
2636 *
2637 * FIXME: review locking races
2638 */
2639
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)2640 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2641 {
2642 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2643 if (dlci == NULL)
2644 return NULL;
2645 spin_lock_init(&dlci->lock);
2646 mutex_init(&dlci->mutex);
2647 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
2648 kfree(dlci);
2649 return NULL;
2650 }
2651
2652 skb_queue_head_init(&dlci->skb_list);
2653 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
2654 tty_port_init(&dlci->port);
2655 dlci->port.ops = &gsm_port_ops;
2656 dlci->gsm = gsm;
2657 dlci->addr = addr;
2658 dlci->adaption = gsm->adaption;
2659 dlci->mtu = gsm->mtu;
2660 if (addr == 0)
2661 dlci->prio = 0;
2662 else
2663 dlci->prio = roundup(addr + 1, 8) - 1;
2664 dlci->ftype = gsm->ftype;
2665 dlci->k = gsm->k;
2666 dlci->state = DLCI_CLOSED;
2667 if (addr) {
2668 dlci->data = gsm_dlci_data;
2669 /* Prevent us from sending data before the link is up */
2670 dlci->constipated = true;
2671 } else {
2672 dlci->data = gsm_dlci_command;
2673 }
2674 gsm->dlci[addr] = dlci;
2675 return dlci;
2676 }
2677
2678 /**
2679 * gsm_dlci_free - free DLCI
2680 * @port: tty port for DLCI to free
2681 *
2682 * Free up a DLCI.
2683 *
2684 * Can sleep.
2685 */
gsm_dlci_free(struct tty_port * port)2686 static void gsm_dlci_free(struct tty_port *port)
2687 {
2688 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2689
2690 timer_shutdown_sync(&dlci->t1);
2691 dlci->gsm->dlci[dlci->addr] = NULL;
2692 kfifo_free(&dlci->fifo);
2693 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
2694 dev_kfree_skb(dlci->skb);
2695 kfree(dlci);
2696 }
2697
dlci_get(struct gsm_dlci * dlci)2698 static inline void dlci_get(struct gsm_dlci *dlci)
2699 {
2700 tty_port_get(&dlci->port);
2701 }
2702
dlci_put(struct gsm_dlci * dlci)2703 static inline void dlci_put(struct gsm_dlci *dlci)
2704 {
2705 tty_port_put(&dlci->port);
2706 }
2707
2708 static void gsm_destroy_network(struct gsm_dlci *dlci);
2709
2710 /**
2711 * gsm_dlci_release - release DLCI
2712 * @dlci: DLCI to destroy
2713 *
2714 * Release a DLCI. Actual free is deferred until either
2715 * mux is closed or tty is closed - whichever is last.
2716 *
2717 * Can sleep.
2718 */
gsm_dlci_release(struct gsm_dlci * dlci)2719 static void gsm_dlci_release(struct gsm_dlci *dlci)
2720 {
2721 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2722 if (tty) {
2723 mutex_lock(&dlci->mutex);
2724 gsm_destroy_network(dlci);
2725 mutex_unlock(&dlci->mutex);
2726
2727 /* We cannot use tty_hangup() because in tty_kref_put() the tty
2728 * driver assumes that the hangup queue is free and reuses it to
2729 * queue release_one_tty() -> NULL pointer panic in
2730 * process_one_work().
2731 */
2732 tty_vhangup(tty);
2733
2734 tty_port_tty_set(&dlci->port, NULL);
2735 tty_kref_put(tty);
2736 }
2737 dlci->state = DLCI_CLOSED;
2738 dlci_put(dlci);
2739 }
2740
2741 /*
2742 * LAPBish link layer logic
2743 */
2744
2745 /**
2746 * gsm_queue - a GSM frame is ready to process
2747 * @gsm: pointer to our gsm mux
2748 *
2749 * At this point in time a frame has arrived and been demangled from
2750 * the line encoding. All the differences between the encodings have
2751 * been handled below us and the frame is unpacked into the structures.
2752 * The fcs holds the header FCS but any data FCS must be added here.
2753 */
2754
gsm_queue(struct gsm_mux * gsm)2755 static void gsm_queue(struct gsm_mux *gsm)
2756 {
2757 struct gsm_dlci *dlci;
2758 u8 cr;
2759 int address;
2760
2761 if (gsm->fcs != GOOD_FCS) {
2762 gsm->bad_fcs++;
2763 if (debug & DBG_DATA)
2764 pr_debug("BAD FCS %02x\n", gsm->fcs);
2765 return;
2766 }
2767 address = gsm->address >> 1;
2768 if (address >= NUM_DLCI)
2769 goto invalid;
2770
2771 cr = gsm->address & 1; /* C/R bit */
2772 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
2773
2774 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2775
2776 dlci = gsm->dlci[address];
2777
2778 switch (gsm->control) {
2779 case SABM|PF:
2780 if (cr == 1) {
2781 gsm->open_error++;
2782 goto invalid;
2783 }
2784 if (dlci == NULL)
2785 dlci = gsm_dlci_alloc(gsm, address);
2786 if (dlci == NULL) {
2787 gsm->open_error++;
2788 return;
2789 }
2790 if (dlci->dead)
2791 gsm_response(gsm, address, DM|PF);
2792 else {
2793 gsm_response(gsm, address, UA|PF);
2794 gsm_dlci_open(dlci);
2795 }
2796 break;
2797 case DISC|PF:
2798 if (cr == 1)
2799 goto invalid;
2800 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
2801 gsm_response(gsm, address, DM|PF);
2802 return;
2803 }
2804 /* Real close complete */
2805 gsm_response(gsm, address, UA|PF);
2806 gsm_dlci_close(dlci);
2807 break;
2808 case UA|PF:
2809 if (cr == 0 || dlci == NULL)
2810 break;
2811 switch (dlci->state) {
2812 case DLCI_CLOSING:
2813 gsm_dlci_close(dlci);
2814 break;
2815 case DLCI_OPENING:
2816 gsm_dlci_open(dlci);
2817 break;
2818 default:
2819 pr_debug("%s: unhandled state: %d\n", __func__,
2820 dlci->state);
2821 break;
2822 }
2823 break;
2824 case DM: /* DM can be valid unsolicited */
2825 case DM|PF:
2826 if (cr)
2827 goto invalid;
2828 if (dlci == NULL)
2829 return;
2830 gsm_dlci_close(dlci);
2831 break;
2832 case UI:
2833 case UI|PF:
2834 case UIH:
2835 case UIH|PF:
2836 if (dlci == NULL || dlci->state != DLCI_OPEN) {
2837 gsm_response(gsm, address, DM|PF);
2838 return;
2839 }
2840 dlci->data(dlci, gsm->buf, gsm->len);
2841 break;
2842 default:
2843 goto invalid;
2844 }
2845 return;
2846 invalid:
2847 gsm->malformed++;
2848 return;
2849 }
2850
2851 /**
2852 * gsm0_receive_state_check_and_fix - check and correct receive state
2853 * @gsm: gsm data for this ldisc instance
2854 *
2855 * Ensures that the current receive state is valid for basic option mode.
2856 */
2857
gsm0_receive_state_check_and_fix(struct gsm_mux * gsm)2858 static void gsm0_receive_state_check_and_fix(struct gsm_mux *gsm)
2859 {
2860 switch (gsm->state) {
2861 case GSM_SEARCH:
2862 case GSM0_ADDRESS:
2863 case GSM0_CONTROL:
2864 case GSM0_LEN0:
2865 case GSM0_LEN1:
2866 case GSM0_DATA:
2867 case GSM0_FCS:
2868 case GSM0_SSOF:
2869 break;
2870 default:
2871 gsm->state = GSM_SEARCH;
2872 break;
2873 }
2874 }
2875
2876 /**
2877 * gsm0_receive - perform processing for non-transparency
2878 * @gsm: gsm data for this ldisc instance
2879 * @c: character
2880 *
2881 * Receive bytes in gsm mode 0
2882 */
2883
gsm0_receive(struct gsm_mux * gsm,unsigned char c)2884 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2885 {
2886 unsigned int len;
2887
2888 gsm0_receive_state_check_and_fix(gsm);
2889 switch (gsm->state) {
2890 case GSM_SEARCH: /* SOF marker */
2891 if (c == GSM0_SOF) {
2892 gsm->state = GSM0_ADDRESS;
2893 gsm->address = 0;
2894 gsm->len = 0;
2895 gsm->fcs = INIT_FCS;
2896 }
2897 break;
2898 case GSM0_ADDRESS: /* Address EA */
2899 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2900 if (gsm_read_ea(&gsm->address, c))
2901 gsm->state = GSM0_CONTROL;
2902 break;
2903 case GSM0_CONTROL: /* Control Byte */
2904 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2905 gsm->control = c;
2906 gsm->state = GSM0_LEN0;
2907 break;
2908 case GSM0_LEN0: /* Length EA */
2909 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2910 if (gsm_read_ea(&gsm->len, c)) {
2911 if (gsm->len > gsm->mru) {
2912 gsm->bad_size++;
2913 gsm->state = GSM_SEARCH;
2914 break;
2915 }
2916 gsm->count = 0;
2917 if (!gsm->len)
2918 gsm->state = GSM0_FCS;
2919 else
2920 gsm->state = GSM0_DATA;
2921 break;
2922 }
2923 gsm->state = GSM0_LEN1;
2924 break;
2925 case GSM0_LEN1:
2926 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2927 len = c;
2928 gsm->len |= len << 7;
2929 if (gsm->len > gsm->mru) {
2930 gsm->bad_size++;
2931 gsm->state = GSM_SEARCH;
2932 break;
2933 }
2934 gsm->count = 0;
2935 if (!gsm->len)
2936 gsm->state = GSM0_FCS;
2937 else
2938 gsm->state = GSM0_DATA;
2939 break;
2940 case GSM0_DATA: /* Data */
2941 gsm->buf[gsm->count++] = c;
2942 if (gsm->count >= MAX_MRU) {
2943 gsm->bad_size++;
2944 gsm->state = GSM_SEARCH;
2945 } else if (gsm->count >= gsm->len) {
2946 /* Calculate final FCS for UI frames over all data */
2947 if ((gsm->control & ~PF) != UIH) {
2948 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2949 gsm->count);
2950 }
2951 gsm->state = GSM0_FCS;
2952 }
2953 break;
2954 case GSM0_FCS: /* FCS follows the packet */
2955 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2956 gsm->state = GSM0_SSOF;
2957 break;
2958 case GSM0_SSOF:
2959 gsm->state = GSM_SEARCH;
2960 if (c == GSM0_SOF)
2961 gsm_queue(gsm);
2962 else
2963 gsm->bad_size++;
2964 break;
2965 default:
2966 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2967 break;
2968 }
2969 }
2970
2971 /**
2972 * gsm1_receive_state_check_and_fix - check and correct receive state
2973 * @gsm: gsm data for this ldisc instance
2974 *
2975 * Ensures that the current receive state is valid for advanced option mode.
2976 */
2977
gsm1_receive_state_check_and_fix(struct gsm_mux * gsm)2978 static void gsm1_receive_state_check_and_fix(struct gsm_mux *gsm)
2979 {
2980 switch (gsm->state) {
2981 case GSM_SEARCH:
2982 case GSM1_START:
2983 case GSM1_ADDRESS:
2984 case GSM1_CONTROL:
2985 case GSM1_DATA:
2986 case GSM1_OVERRUN:
2987 break;
2988 default:
2989 gsm->state = GSM_SEARCH;
2990 break;
2991 }
2992 }
2993
2994 /**
2995 * gsm1_receive - perform processing for non-transparency
2996 * @gsm: gsm data for this ldisc instance
2997 * @c: character
2998 *
2999 * Receive bytes in mode 1 (Advanced option)
3000 */
3001
gsm1_receive(struct gsm_mux * gsm,unsigned char c)3002 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
3003 {
3004 gsm1_receive_state_check_and_fix(gsm);
3005 /* handle XON/XOFF */
3006 if ((c & ISO_IEC_646_MASK) == XON) {
3007 gsm->constipated = true;
3008 return;
3009 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
3010 gsm->constipated = false;
3011 /* Kick the link in case it is idling */
3012 gsmld_write_trigger(gsm);
3013 return;
3014 }
3015 if (c == GSM1_SOF) {
3016 /* EOF is only valid in frame if we have got to the data state */
3017 if (gsm->state == GSM1_DATA) {
3018 if (gsm->count < 1) {
3019 /* Missing FSC */
3020 gsm->malformed++;
3021 gsm->state = GSM1_START;
3022 return;
3023 }
3024 /* Remove the FCS from data */
3025 gsm->count--;
3026 if ((gsm->control & ~PF) != UIH) {
3027 /* Calculate final FCS for UI frames over all
3028 * data but FCS
3029 */
3030 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
3031 gsm->count);
3032 }
3033 /* Add the FCS itself to test against GOOD_FCS */
3034 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
3035 gsm->len = gsm->count;
3036 gsm_queue(gsm);
3037 gsm->state = GSM1_START;
3038 return;
3039 }
3040 /* Any partial frame was a runt so go back to start */
3041 if (gsm->state != GSM1_START) {
3042 if (gsm->state != GSM_SEARCH)
3043 gsm->malformed++;
3044 gsm->state = GSM1_START;
3045 }
3046 /* A SOF in GSM_START means we are still reading idling or
3047 framing bytes */
3048 return;
3049 }
3050
3051 if (c == GSM1_ESCAPE) {
3052 gsm->escape = true;
3053 return;
3054 }
3055
3056 /* Only an unescaped SOF gets us out of GSM search */
3057 if (gsm->state == GSM_SEARCH)
3058 return;
3059
3060 if (gsm->escape) {
3061 c ^= GSM1_ESCAPE_BITS;
3062 gsm->escape = false;
3063 }
3064 switch (gsm->state) {
3065 case GSM1_START: /* First byte after SOF */
3066 gsm->address = 0;
3067 gsm->state = GSM1_ADDRESS;
3068 gsm->fcs = INIT_FCS;
3069 fallthrough;
3070 case GSM1_ADDRESS: /* Address continuation */
3071 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3072 if (gsm_read_ea(&gsm->address, c))
3073 gsm->state = GSM1_CONTROL;
3074 break;
3075 case GSM1_CONTROL: /* Control Byte */
3076 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3077 gsm->control = c;
3078 gsm->count = 0;
3079 gsm->state = GSM1_DATA;
3080 break;
3081 case GSM1_DATA: /* Data */
3082 if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */
3083 gsm->state = GSM1_OVERRUN;
3084 gsm->bad_size++;
3085 } else
3086 gsm->buf[gsm->count++] = c;
3087 break;
3088 case GSM1_OVERRUN: /* Over-long - eg a dropped SOF */
3089 break;
3090 default:
3091 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
3092 break;
3093 }
3094 }
3095
3096 /**
3097 * gsm_error - handle tty error
3098 * @gsm: ldisc data
3099 *
3100 * Handle an error in the receipt of data for a frame. Currently we just
3101 * go back to hunting for a SOF.
3102 *
3103 * FIXME: better diagnostics ?
3104 */
3105
gsm_error(struct gsm_mux * gsm)3106 static void gsm_error(struct gsm_mux *gsm)
3107 {
3108 gsm->state = GSM_SEARCH;
3109 gsm->io_error++;
3110 }
3111
3112 /**
3113 * gsm_cleanup_mux - generic GSM protocol cleanup
3114 * @gsm: our mux
3115 * @disc: disconnect link?
3116 *
3117 * Clean up the bits of the mux which are the same for all framing
3118 * protocols. Remove the mux from the mux table, stop all the timers
3119 * and then shut down each device hanging up the channels as we go.
3120 */
3121
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)3122 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
3123 {
3124 int i;
3125 struct gsm_dlci *dlci;
3126 struct gsm_msg *txq, *ntxq;
3127
3128 gsm->dead = true;
3129 mutex_lock(&gsm->mutex);
3130
3131 dlci = gsm->dlci[0];
3132 if (dlci) {
3133 if (disc && dlci->state != DLCI_CLOSED) {
3134 gsm_dlci_begin_close(dlci);
3135 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
3136 }
3137 dlci->dead = true;
3138 }
3139
3140 /* Finish outstanding timers, making sure they are done */
3141 del_timer_sync(&gsm->kick_timer);
3142 del_timer_sync(&gsm->t2_timer);
3143 del_timer_sync(&gsm->ka_timer);
3144
3145 /* Finish writing to ldisc */
3146 flush_work(&gsm->tx_work);
3147
3148 /* Free up any link layer users and finally the control channel */
3149 if (gsm->has_devices) {
3150 gsm_unregister_devices(gsm_tty_driver, gsm->num);
3151 gsm->has_devices = false;
3152 }
3153 for (i = NUM_DLCI - 1; i >= 0; i--)
3154 if (gsm->dlci[i])
3155 gsm_dlci_release(gsm->dlci[i]);
3156 mutex_unlock(&gsm->mutex);
3157 /* Now wipe the queues */
3158 tty_ldisc_flush(gsm->tty);
3159
3160 guard(spinlock_irqsave)(&gsm->tx_lock);
3161 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
3162 kfree(txq);
3163 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3164 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
3165 kfree(txq);
3166 INIT_LIST_HEAD(&gsm->tx_data_list);
3167 }
3168
3169 /**
3170 * gsm_activate_mux - generic GSM setup
3171 * @gsm: our mux
3172 *
3173 * Set up the bits of the mux which are the same for all framing
3174 * protocols. Add the mux to the mux table so it can be opened and
3175 * finally kick off connecting to DLCI 0 on the modem.
3176 */
3177
gsm_activate_mux(struct gsm_mux * gsm)3178 static int gsm_activate_mux(struct gsm_mux *gsm)
3179 {
3180 struct gsm_dlci *dlci;
3181 int ret;
3182
3183 dlci = gsm_dlci_alloc(gsm, 0);
3184 if (dlci == NULL)
3185 return -ENOMEM;
3186
3187 if (gsm->encoding == GSM_BASIC_OPT)
3188 gsm->receive = gsm0_receive;
3189 else
3190 gsm->receive = gsm1_receive;
3191
3192 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
3193 if (ret)
3194 return ret;
3195
3196 gsm->has_devices = true;
3197 gsm->dead = false; /* Tty opens are now permissible */
3198 return 0;
3199 }
3200
3201 /**
3202 * gsm_free_mux - free up a mux
3203 * @gsm: mux to free
3204 *
3205 * Dispose of allocated resources for a dead mux
3206 */
gsm_free_mux(struct gsm_mux * gsm)3207 static void gsm_free_mux(struct gsm_mux *gsm)
3208 {
3209 int i;
3210
3211 for (i = 0; i < MAX_MUX; i++) {
3212 if (gsm == gsm_mux[i]) {
3213 gsm_mux[i] = NULL;
3214 break;
3215 }
3216 }
3217 mutex_destroy(&gsm->mutex);
3218 kfree(gsm->txframe);
3219 kfree(gsm->buf);
3220 kfree(gsm);
3221 }
3222
3223 /**
3224 * gsm_free_muxr - free up a mux
3225 * @ref: kreference to the mux to free
3226 *
3227 * Dispose of allocated resources for a dead mux
3228 */
gsm_free_muxr(struct kref * ref)3229 static void gsm_free_muxr(struct kref *ref)
3230 {
3231 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
3232 gsm_free_mux(gsm);
3233 }
3234
mux_get(struct gsm_mux * gsm)3235 static inline void mux_get(struct gsm_mux *gsm)
3236 {
3237 unsigned long flags;
3238
3239 spin_lock_irqsave(&gsm_mux_lock, flags);
3240 kref_get(&gsm->ref);
3241 spin_unlock_irqrestore(&gsm_mux_lock, flags);
3242 }
3243
mux_put(struct gsm_mux * gsm)3244 static inline void mux_put(struct gsm_mux *gsm)
3245 {
3246 unsigned long flags;
3247
3248 spin_lock_irqsave(&gsm_mux_lock, flags);
3249 kref_put(&gsm->ref, gsm_free_muxr);
3250 spin_unlock_irqrestore(&gsm_mux_lock, flags);
3251 }
3252
mux_num_to_base(struct gsm_mux * gsm)3253 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
3254 {
3255 return gsm->num * NUM_DLCI;
3256 }
3257
mux_line_to_num(unsigned int line)3258 static inline unsigned int mux_line_to_num(unsigned int line)
3259 {
3260 return line / NUM_DLCI;
3261 }
3262
3263 /**
3264 * gsm_alloc_mux - allocate a mux
3265 *
3266 * Creates a new mux ready for activation.
3267 */
3268
gsm_alloc_mux(void)3269 static struct gsm_mux *gsm_alloc_mux(void)
3270 {
3271 int i;
3272 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
3273 if (gsm == NULL)
3274 return NULL;
3275 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
3276 if (gsm->buf == NULL) {
3277 kfree(gsm);
3278 return NULL;
3279 }
3280 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
3281 if (gsm->txframe == NULL) {
3282 kfree(gsm->buf);
3283 kfree(gsm);
3284 return NULL;
3285 }
3286 spin_lock_init(&gsm->lock);
3287 mutex_init(&gsm->mutex);
3288 kref_init(&gsm->ref);
3289 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3290 INIT_LIST_HEAD(&gsm->tx_data_list);
3291 timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
3292 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
3293 timer_setup(&gsm->ka_timer, gsm_control_keep_alive, 0);
3294 INIT_WORK(&gsm->tx_work, gsmld_write_task);
3295 init_waitqueue_head(&gsm->event);
3296 spin_lock_init(&gsm->control_lock);
3297 spin_lock_init(&gsm->tx_lock);
3298
3299 gsm->t1 = T1;
3300 gsm->t2 = T2;
3301 gsm->t3 = T3;
3302 gsm->n2 = N2;
3303 gsm->k = K;
3304 gsm->ftype = UIH;
3305 gsm->adaption = 1;
3306 gsm->encoding = GSM_ADV_OPT;
3307 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
3308 gsm->mtu = 64;
3309 gsm->dead = true; /* Avoid early tty opens */
3310 gsm->wait_config = false; /* Disabled */
3311 gsm->keep_alive = 0; /* Disabled */
3312
3313 /* Store the instance to the mux array or abort if no space is
3314 * available.
3315 */
3316 spin_lock(&gsm_mux_lock);
3317 for (i = 0; i < MAX_MUX; i++) {
3318 if (!gsm_mux[i]) {
3319 gsm_mux[i] = gsm;
3320 gsm->num = i;
3321 break;
3322 }
3323 }
3324 spin_unlock(&gsm_mux_lock);
3325 if (i == MAX_MUX) {
3326 mutex_destroy(&gsm->mutex);
3327 kfree(gsm->txframe);
3328 kfree(gsm->buf);
3329 kfree(gsm);
3330 return NULL;
3331 }
3332
3333 return gsm;
3334 }
3335
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)3336 static void gsm_copy_config_values(struct gsm_mux *gsm,
3337 struct gsm_config *c)
3338 {
3339 memset(c, 0, sizeof(*c));
3340 c->adaption = gsm->adaption;
3341 c->encapsulation = gsm->encoding;
3342 c->initiator = gsm->initiator;
3343 c->t1 = gsm->t1;
3344 c->t2 = gsm->t2;
3345 c->t3 = gsm->t3;
3346 c->n2 = gsm->n2;
3347 if (gsm->ftype == UIH)
3348 c->i = 1;
3349 else
3350 c->i = 2;
3351 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
3352 c->mru = gsm->mru;
3353 c->mtu = gsm->mtu;
3354 c->k = gsm->k;
3355 }
3356
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)3357 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
3358 {
3359 int need_close = 0;
3360 int need_restart = 0;
3361
3362 /* Stuff we don't support yet - UI or I frame transport */
3363 if (c->adaption != 1 && c->adaption != 2)
3364 return -EOPNOTSUPP;
3365 /* Check the MRU/MTU range looks sane */
3366 if (c->mru < MIN_MTU || c->mtu < MIN_MTU)
3367 return -EINVAL;
3368 if (c->mru > MAX_MRU || c->mtu > MAX_MTU)
3369 return -EINVAL;
3370 if (c->t3 > MAX_T3)
3371 return -EINVAL;
3372 if (c->n2 > 255)
3373 return -EINVAL;
3374 if (c->encapsulation > 1) /* Basic, advanced, no I */
3375 return -EINVAL;
3376 if (c->initiator > 1)
3377 return -EINVAL;
3378 if (c->k > MAX_WINDOW_SIZE)
3379 return -EINVAL;
3380 if (c->i == 0 || c->i > 2) /* UIH and UI only */
3381 return -EINVAL;
3382 /*
3383 * See what is needed for reconfiguration
3384 */
3385
3386 /* Timing fields */
3387 if (c->t1 != 0 && c->t1 != gsm->t1)
3388 need_restart = 1;
3389 if (c->t2 != 0 && c->t2 != gsm->t2)
3390 need_restart = 1;
3391 if (c->encapsulation != gsm->encoding)
3392 need_restart = 1;
3393 if (c->adaption != gsm->adaption)
3394 need_restart = 1;
3395 /* Requires care */
3396 if (c->initiator != gsm->initiator)
3397 need_close = 1;
3398 if (c->mru != gsm->mru)
3399 need_restart = 1;
3400 if (c->mtu != gsm->mtu)
3401 need_restart = 1;
3402
3403 /*
3404 * Close down what is needed, restart and initiate the new
3405 * configuration. On the first time there is no DLCI[0]
3406 * and closing or cleaning up is not necessary.
3407 */
3408 if (need_close || need_restart)
3409 gsm_cleanup_mux(gsm, true);
3410
3411 gsm->initiator = c->initiator;
3412 gsm->mru = c->mru;
3413 gsm->mtu = c->mtu;
3414 gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT;
3415 gsm->adaption = c->adaption;
3416 gsm->n2 = c->n2;
3417
3418 if (c->i == 1)
3419 gsm->ftype = UIH;
3420 else if (c->i == 2)
3421 gsm->ftype = UI;
3422
3423 if (c->t1)
3424 gsm->t1 = c->t1;
3425 if (c->t2)
3426 gsm->t2 = c->t2;
3427 if (c->t3)
3428 gsm->t3 = c->t3;
3429 if (c->k)
3430 gsm->k = c->k;
3431
3432 /*
3433 * FIXME: We need to separate activation/deactivation from adding
3434 * and removing from the mux array
3435 */
3436 if (gsm->dead) {
3437 int ret = gsm_activate_mux(gsm);
3438 if (ret)
3439 return ret;
3440 if (gsm->initiator)
3441 gsm_dlci_begin_open(gsm->dlci[0]);
3442 }
3443 return 0;
3444 }
3445
gsm_copy_config_ext_values(struct gsm_mux * gsm,struct gsm_config_ext * ce)3446 static void gsm_copy_config_ext_values(struct gsm_mux *gsm,
3447 struct gsm_config_ext *ce)
3448 {
3449 memset(ce, 0, sizeof(*ce));
3450 ce->wait_config = gsm->wait_config ? 1 : 0;
3451 ce->keep_alive = gsm->keep_alive;
3452 }
3453
gsm_config_ext(struct gsm_mux * gsm,struct gsm_config_ext * ce)3454 static int gsm_config_ext(struct gsm_mux *gsm, struct gsm_config_ext *ce)
3455 {
3456 bool need_restart = false;
3457 unsigned int i;
3458
3459 /*
3460 * Check that userspace doesn't put stuff in here to prevent breakages
3461 * in the future.
3462 */
3463 for (i = 0; i < ARRAY_SIZE(ce->reserved); i++)
3464 if (ce->reserved[i])
3465 return -EINVAL;
3466 if (ce->flags & ~GSM_FL_RESTART)
3467 return -EINVAL;
3468
3469 /* Requires care */
3470 if (ce->flags & GSM_FL_RESTART)
3471 need_restart = true;
3472
3473 /*
3474 * Close down what is needed, restart and initiate the new
3475 * configuration. On the first time there is no DLCI[0]
3476 * and closing or cleaning up is not necessary.
3477 */
3478 if (need_restart)
3479 gsm_cleanup_mux(gsm, true);
3480
3481 /*
3482 * Setup the new configuration values
3483 */
3484 gsm->wait_config = ce->wait_config ? true : false;
3485 gsm->keep_alive = ce->keep_alive;
3486
3487 if (gsm->dead) {
3488 int ret = gsm_activate_mux(gsm);
3489 if (ret)
3490 return ret;
3491 if (gsm->initiator)
3492 gsm_dlci_begin_open(gsm->dlci[0]);
3493 }
3494
3495 return 0;
3496 }
3497
3498 /**
3499 * gsmld_output - write to link
3500 * @gsm: our mux
3501 * @data: bytes to output
3502 * @len: size
3503 *
3504 * Write a block of data from the GSM mux to the data channel. This
3505 * will eventually be serialized from above but at the moment isn't.
3506 */
3507
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)3508 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
3509 {
3510 if (tty_write_room(gsm->tty) < len) {
3511 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
3512 return -ENOSPC;
3513 }
3514 if (debug & DBG_DATA)
3515 gsm_hex_dump_bytes(__func__, data, len);
3516 return gsm->tty->ops->write(gsm->tty, data, len);
3517 }
3518
3519
3520 /**
3521 * gsmld_write_trigger - schedule ldisc write task
3522 * @gsm: our mux
3523 */
gsmld_write_trigger(struct gsm_mux * gsm)3524 static void gsmld_write_trigger(struct gsm_mux *gsm)
3525 {
3526 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
3527 return;
3528 schedule_work(&gsm->tx_work);
3529 }
3530
3531
3532 /**
3533 * gsmld_write_task - ldisc write task
3534 * @work: our tx write work
3535 *
3536 * Writes out data to the ldisc if possible. We are doing this here to
3537 * avoid dead-locking. This returns if no space or data is left for output.
3538 */
gsmld_write_task(struct work_struct * work)3539 static void gsmld_write_task(struct work_struct *work)
3540 {
3541 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
3542 unsigned long flags;
3543 int i, ret;
3544
3545 /* All outstanding control channel and control messages and one data
3546 * frame is sent.
3547 */
3548 ret = -ENODEV;
3549 spin_lock_irqsave(&gsm->tx_lock, flags);
3550 if (gsm->tty)
3551 ret = gsm_data_kick(gsm);
3552 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3553
3554 if (ret >= 0)
3555 for (i = 0; i < NUM_DLCI; i++)
3556 if (gsm->dlci[i])
3557 tty_port_tty_wakeup(&gsm->dlci[i]->port);
3558 }
3559
3560 /**
3561 * gsmld_attach_gsm - mode set up
3562 * @tty: our tty structure
3563 * @gsm: our mux
3564 *
3565 * Set up the MUX for basic mode and commence connecting to the
3566 * modem. Currently called from the line discipline set up but
3567 * will need moving to an ioctl path.
3568 */
3569
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3570 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3571 {
3572 gsm->tty = tty_kref_get(tty);
3573 /* Turn off tty XON/XOFF handling to handle it explicitly. */
3574 gsm->old_c_iflag = tty->termios.c_iflag;
3575 tty->termios.c_iflag &= (IXON | IXOFF);
3576 }
3577
3578 /**
3579 * gsmld_detach_gsm - stop doing 0710 mux
3580 * @tty: tty attached to the mux
3581 * @gsm: mux
3582 *
3583 * Shutdown and then clean up the resources used by the line discipline
3584 */
3585
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3586 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3587 {
3588 WARN_ON(tty != gsm->tty);
3589 /* Restore tty XON/XOFF handling. */
3590 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
3591 tty_kref_put(gsm->tty);
3592 gsm->tty = NULL;
3593 }
3594
gsmld_receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)3595 static void gsmld_receive_buf(struct tty_struct *tty, const u8 *cp,
3596 const u8 *fp, size_t count)
3597 {
3598 struct gsm_mux *gsm = tty->disc_data;
3599 char flags = TTY_NORMAL;
3600
3601 if (debug & DBG_DATA)
3602 gsm_hex_dump_bytes(__func__, cp, count);
3603
3604 for (; count; count--, cp++) {
3605 if (fp)
3606 flags = *fp++;
3607 switch (flags) {
3608 case TTY_NORMAL:
3609 if (gsm->receive)
3610 gsm->receive(gsm, *cp);
3611 break;
3612 case TTY_OVERRUN:
3613 case TTY_BREAK:
3614 case TTY_PARITY:
3615 case TTY_FRAME:
3616 gsm_error(gsm);
3617 break;
3618 default:
3619 WARN_ONCE(1, "%s: unknown flag %d\n",
3620 tty_name(tty), flags);
3621 break;
3622 }
3623 }
3624 /* FASYNC if needed ? */
3625 /* If clogged call tty_throttle(tty); */
3626 }
3627
3628 /**
3629 * gsmld_flush_buffer - clean input queue
3630 * @tty: terminal device
3631 *
3632 * Flush the input buffer. Called when the line discipline is
3633 * being closed, when the tty layer wants the buffer flushed (eg
3634 * at hangup).
3635 */
3636
gsmld_flush_buffer(struct tty_struct * tty)3637 static void gsmld_flush_buffer(struct tty_struct *tty)
3638 {
3639 }
3640
3641 /**
3642 * gsmld_close - close the ldisc for this tty
3643 * @tty: device
3644 *
3645 * Called from the terminal layer when this line discipline is
3646 * being shut down, either because of a close or becsuse of a
3647 * discipline change. The function will not be called while other
3648 * ldisc methods are in progress.
3649 */
3650
gsmld_close(struct tty_struct * tty)3651 static void gsmld_close(struct tty_struct *tty)
3652 {
3653 struct gsm_mux *gsm = tty->disc_data;
3654
3655 /* The ldisc locks and closes the port before calling our close. This
3656 * means we have no way to do a proper disconnect. We will not bother
3657 * to do one.
3658 */
3659 gsm_cleanup_mux(gsm, false);
3660
3661 gsmld_detach_gsm(tty, gsm);
3662
3663 gsmld_flush_buffer(tty);
3664 /* Do other clean up here */
3665 mux_put(gsm);
3666 }
3667
3668 /**
3669 * gsmld_open - open an ldisc
3670 * @tty: terminal to open
3671 *
3672 * Called when this line discipline is being attached to the
3673 * terminal device. Can sleep. Called serialized so that no
3674 * other events will occur in parallel. No further open will occur
3675 * until a close.
3676 */
3677
gsmld_open(struct tty_struct * tty)3678 static int gsmld_open(struct tty_struct *tty)
3679 {
3680 struct gsm_mux *gsm;
3681
3682 if (!capable(CAP_NET_ADMIN))
3683 return -EPERM;
3684
3685 if (tty->ops->write == NULL)
3686 return -EINVAL;
3687
3688 /* Attach our ldisc data */
3689 gsm = gsm_alloc_mux();
3690 if (gsm == NULL)
3691 return -ENOMEM;
3692
3693 tty->disc_data = gsm;
3694 tty->receive_room = 65536;
3695
3696 /* Attach the initial passive connection */
3697 gsmld_attach_gsm(tty, gsm);
3698
3699 /* The mux will not be activated yet, we wait for correct
3700 * configuration first.
3701 */
3702 if (gsm->encoding == GSM_BASIC_OPT)
3703 gsm->receive = gsm0_receive;
3704 else
3705 gsm->receive = gsm1_receive;
3706
3707 return 0;
3708 }
3709
3710 /**
3711 * gsmld_write_wakeup - asynchronous I/O notifier
3712 * @tty: tty device
3713 *
3714 * Required for the ptys, serial driver etc. since processes
3715 * that attach themselves to the master and rely on ASYNC
3716 * IO must be woken up
3717 */
3718
gsmld_write_wakeup(struct tty_struct * tty)3719 static void gsmld_write_wakeup(struct tty_struct *tty)
3720 {
3721 struct gsm_mux *gsm = tty->disc_data;
3722
3723 /* Queue poll */
3724 gsmld_write_trigger(gsm);
3725 }
3726
3727 /**
3728 * gsmld_read - read function for tty
3729 * @tty: tty device
3730 * @file: file object
3731 * @buf: userspace buffer pointer
3732 * @nr: size of I/O
3733 * @cookie: unused
3734 * @offset: unused
3735 *
3736 * Perform reads for the line discipline. We are guaranteed that the
3737 * line discipline will not be closed under us but we may get multiple
3738 * parallel readers and must handle this ourselves. We may also get
3739 * a hangup. Always called in user context, may sleep.
3740 *
3741 * This code must be sure never to sleep through a hangup.
3742 */
3743
gsmld_read(struct tty_struct * tty,struct file * file,u8 * buf,size_t nr,void ** cookie,unsigned long offset)3744 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, u8 *buf,
3745 size_t nr, void **cookie, unsigned long offset)
3746 {
3747 return -EOPNOTSUPP;
3748 }
3749
3750 /**
3751 * gsmld_write - write function for tty
3752 * @tty: tty device
3753 * @file: file object
3754 * @buf: userspace buffer pointer
3755 * @nr: size of I/O
3756 *
3757 * Called when the owner of the device wants to send a frame
3758 * itself (or some other control data). The data is transferred
3759 * as-is and must be properly framed and checksummed as appropriate
3760 * by userspace. Frames are either sent whole or not at all as this
3761 * avoids pain user side.
3762 */
3763
gsmld_write(struct tty_struct * tty,struct file * file,const u8 * buf,size_t nr)3764 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3765 const u8 *buf, size_t nr)
3766 {
3767 struct gsm_mux *gsm = tty->disc_data;
3768 unsigned long flags;
3769 int space;
3770 int ret;
3771
3772 if (!gsm)
3773 return -ENODEV;
3774
3775 ret = -ENOBUFS;
3776 spin_lock_irqsave(&gsm->tx_lock, flags);
3777 space = tty_write_room(tty);
3778 if (space >= nr)
3779 ret = tty->ops->write(tty, buf, nr);
3780 else
3781 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
3782 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3783
3784 return ret;
3785 }
3786
3787 /**
3788 * gsmld_poll - poll method for N_GSM0710
3789 * @tty: terminal device
3790 * @file: file accessing it
3791 * @wait: poll table
3792 *
3793 * Called when the line discipline is asked to poll() for data or
3794 * for special events. This code is not serialized with respect to
3795 * other events save open/close.
3796 *
3797 * This code must be sure never to sleep through a hangup.
3798 * Called without the kernel lock held - fine
3799 */
3800
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)3801 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
3802 poll_table *wait)
3803 {
3804 __poll_t mask = 0;
3805 struct gsm_mux *gsm = tty->disc_data;
3806
3807 poll_wait(file, &tty->read_wait, wait);
3808 poll_wait(file, &tty->write_wait, wait);
3809
3810 if (gsm->dead)
3811 mask |= EPOLLHUP;
3812 if (tty_hung_up_p(file))
3813 mask |= EPOLLHUP;
3814 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3815 mask |= EPOLLHUP;
3816 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
3817 mask |= EPOLLOUT | EPOLLWRNORM;
3818 return mask;
3819 }
3820
gsmld_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3821 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3822 unsigned long arg)
3823 {
3824 struct gsm_config c;
3825 struct gsm_config_ext ce;
3826 struct gsm_dlci_config dc;
3827 struct gsm_mux *gsm = tty->disc_data;
3828 unsigned int base, addr;
3829 struct gsm_dlci *dlci;
3830
3831 switch (cmd) {
3832 case GSMIOC_GETCONF:
3833 gsm_copy_config_values(gsm, &c);
3834 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
3835 return -EFAULT;
3836 return 0;
3837 case GSMIOC_SETCONF:
3838 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
3839 return -EFAULT;
3840 return gsm_config(gsm, &c);
3841 case GSMIOC_GETFIRST:
3842 base = mux_num_to_base(gsm);
3843 return put_user(base + 1, (__u32 __user *)arg);
3844 case GSMIOC_GETCONF_EXT:
3845 gsm_copy_config_ext_values(gsm, &ce);
3846 if (copy_to_user((void __user *)arg, &ce, sizeof(ce)))
3847 return -EFAULT;
3848 return 0;
3849 case GSMIOC_SETCONF_EXT:
3850 if (copy_from_user(&ce, (void __user *)arg, sizeof(ce)))
3851 return -EFAULT;
3852 return gsm_config_ext(gsm, &ce);
3853 case GSMIOC_GETCONF_DLCI:
3854 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3855 return -EFAULT;
3856 if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3857 return -EINVAL;
3858 addr = array_index_nospec(dc.channel, NUM_DLCI);
3859 dlci = gsm->dlci[addr];
3860 if (!dlci) {
3861 dlci = gsm_dlci_alloc(gsm, addr);
3862 if (!dlci)
3863 return -ENOMEM;
3864 }
3865 gsm_dlci_copy_config_values(dlci, &dc);
3866 if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
3867 return -EFAULT;
3868 return 0;
3869 case GSMIOC_SETCONF_DLCI:
3870 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3871 return -EFAULT;
3872 if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3873 return -EINVAL;
3874 addr = array_index_nospec(dc.channel, NUM_DLCI);
3875 dlci = gsm->dlci[addr];
3876 if (!dlci) {
3877 dlci = gsm_dlci_alloc(gsm, addr);
3878 if (!dlci)
3879 return -ENOMEM;
3880 }
3881 return gsm_dlci_config(dlci, &dc, 0);
3882 default:
3883 return n_tty_ioctl_helper(tty, cmd, arg);
3884 }
3885 }
3886
3887 /*
3888 * Network interface
3889 *
3890 */
3891
gsm_mux_net_open(struct net_device * net)3892 static int gsm_mux_net_open(struct net_device *net)
3893 {
3894 pr_debug("%s called\n", __func__);
3895 netif_start_queue(net);
3896 return 0;
3897 }
3898
gsm_mux_net_close(struct net_device * net)3899 static int gsm_mux_net_close(struct net_device *net)
3900 {
3901 netif_stop_queue(net);
3902 return 0;
3903 }
3904
dlci_net_free(struct gsm_dlci * dlci)3905 static void dlci_net_free(struct gsm_dlci *dlci)
3906 {
3907 if (!dlci->net) {
3908 WARN_ON(1);
3909 return;
3910 }
3911 dlci->adaption = dlci->prev_adaption;
3912 dlci->data = dlci->prev_data;
3913 free_netdev(dlci->net);
3914 dlci->net = NULL;
3915 }
net_free(struct kref * ref)3916 static void net_free(struct kref *ref)
3917 {
3918 struct gsm_mux_net *mux_net;
3919 struct gsm_dlci *dlci;
3920
3921 mux_net = container_of(ref, struct gsm_mux_net, ref);
3922 dlci = mux_net->dlci;
3923
3924 if (dlci->net) {
3925 unregister_netdev(dlci->net);
3926 dlci_net_free(dlci);
3927 }
3928 }
3929
muxnet_get(struct gsm_mux_net * mux_net)3930 static inline void muxnet_get(struct gsm_mux_net *mux_net)
3931 {
3932 kref_get(&mux_net->ref);
3933 }
3934
muxnet_put(struct gsm_mux_net * mux_net)3935 static inline void muxnet_put(struct gsm_mux_net *mux_net)
3936 {
3937 kref_put(&mux_net->ref, net_free);
3938 }
3939
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)3940 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
3941 struct net_device *net)
3942 {
3943 struct gsm_mux_net *mux_net = netdev_priv(net);
3944 struct gsm_dlci *dlci = mux_net->dlci;
3945 muxnet_get(mux_net);
3946
3947 skb_queue_head(&dlci->skb_list, skb);
3948 net->stats.tx_packets++;
3949 net->stats.tx_bytes += skb->len;
3950 gsm_dlci_data_kick(dlci);
3951 /* And tell the kernel when the last transmit started. */
3952 netif_trans_update(net);
3953 muxnet_put(mux_net);
3954 return NETDEV_TX_OK;
3955 }
3956
3957 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)3958 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
3959 {
3960 /* Tell syslog we are hosed. */
3961 dev_dbg(&net->dev, "Tx timed out.\n");
3962
3963 /* Update statistics */
3964 net->stats.tx_errors++;
3965 }
3966
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const unsigned char * in_buf,int size)3967 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
3968 const unsigned char *in_buf, int size)
3969 {
3970 struct net_device *net = dlci->net;
3971 struct sk_buff *skb;
3972 struct gsm_mux_net *mux_net = netdev_priv(net);
3973 muxnet_get(mux_net);
3974
3975 /* Allocate an sk_buff */
3976 skb = dev_alloc_skb(size + NET_IP_ALIGN);
3977 if (!skb) {
3978 /* We got no receive buffer. */
3979 net->stats.rx_dropped++;
3980 muxnet_put(mux_net);
3981 return;
3982 }
3983 skb_reserve(skb, NET_IP_ALIGN);
3984 skb_put_data(skb, in_buf, size);
3985
3986 skb->dev = net;
3987 skb->protocol = htons(ETH_P_IP);
3988
3989 /* Ship it off to the kernel */
3990 netif_rx(skb);
3991
3992 /* update out statistics */
3993 net->stats.rx_packets++;
3994 net->stats.rx_bytes += size;
3995 muxnet_put(mux_net);
3996 return;
3997 }
3998
gsm_mux_net_init(struct net_device * net)3999 static void gsm_mux_net_init(struct net_device *net)
4000 {
4001 static const struct net_device_ops gsm_netdev_ops = {
4002 .ndo_open = gsm_mux_net_open,
4003 .ndo_stop = gsm_mux_net_close,
4004 .ndo_start_xmit = gsm_mux_net_start_xmit,
4005 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
4006 };
4007
4008 net->netdev_ops = &gsm_netdev_ops;
4009
4010 /* fill in the other fields */
4011 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
4012 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
4013 net->type = ARPHRD_NONE;
4014 net->tx_queue_len = 10;
4015 }
4016
4017
4018 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)4019 static void gsm_destroy_network(struct gsm_dlci *dlci)
4020 {
4021 struct gsm_mux_net *mux_net;
4022
4023 pr_debug("destroy network interface\n");
4024 if (!dlci->net)
4025 return;
4026 mux_net = netdev_priv(dlci->net);
4027 muxnet_put(mux_net);
4028 }
4029
4030
4031 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)4032 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
4033 {
4034 char *netname;
4035 int retval = 0;
4036 struct net_device *net;
4037 struct gsm_mux_net *mux_net;
4038
4039 if (!capable(CAP_NET_ADMIN))
4040 return -EPERM;
4041
4042 /* Already in a non tty mode */
4043 if (dlci->adaption > 2)
4044 return -EBUSY;
4045
4046 if (nc->protocol != htons(ETH_P_IP))
4047 return -EPROTONOSUPPORT;
4048
4049 if (nc->adaption != 3 && nc->adaption != 4)
4050 return -EPROTONOSUPPORT;
4051
4052 pr_debug("create network interface\n");
4053
4054 netname = "gsm%d";
4055 if (nc->if_name[0] != '\0')
4056 netname = nc->if_name;
4057 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
4058 NET_NAME_UNKNOWN, gsm_mux_net_init);
4059 if (!net) {
4060 pr_err("alloc_netdev failed\n");
4061 return -ENOMEM;
4062 }
4063 net->mtu = dlci->mtu;
4064 net->min_mtu = MIN_MTU;
4065 net->max_mtu = dlci->mtu;
4066 mux_net = netdev_priv(net);
4067 mux_net->dlci = dlci;
4068 kref_init(&mux_net->ref);
4069 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
4070
4071 /* reconfigure dlci for network */
4072 dlci->prev_adaption = dlci->adaption;
4073 dlci->prev_data = dlci->data;
4074 dlci->adaption = nc->adaption;
4075 dlci->data = gsm_mux_rx_netchar;
4076 dlci->net = net;
4077
4078 pr_debug("register netdev\n");
4079 retval = register_netdev(net);
4080 if (retval) {
4081 pr_err("network register fail %d\n", retval);
4082 dlci_net_free(dlci);
4083 return retval;
4084 }
4085 return net->ifindex; /* return network index */
4086 }
4087
4088 /* Line discipline for real tty */
4089 static struct tty_ldisc_ops tty_ldisc_packet = {
4090 .owner = THIS_MODULE,
4091 .num = N_GSM0710,
4092 .name = "n_gsm",
4093 .open = gsmld_open,
4094 .close = gsmld_close,
4095 .flush_buffer = gsmld_flush_buffer,
4096 .read = gsmld_read,
4097 .write = gsmld_write,
4098 .ioctl = gsmld_ioctl,
4099 .poll = gsmld_poll,
4100 .receive_buf = gsmld_receive_buf,
4101 .write_wakeup = gsmld_write_wakeup
4102 };
4103
4104 /*
4105 * Virtual tty side
4106 */
4107
4108 /**
4109 * gsm_modem_upd_via_data - send modem bits via convergence layer
4110 * @dlci: channel
4111 * @brk: break signal
4112 *
4113 * Send an empty frame to signal mobile state changes and to transmit the
4114 * break signal for adaption 2.
4115 */
4116
gsm_modem_upd_via_data(struct gsm_dlci * dlci,u8 brk)4117 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
4118 {
4119 struct gsm_mux *gsm = dlci->gsm;
4120 unsigned long flags;
4121
4122 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
4123 return;
4124
4125 spin_lock_irqsave(&gsm->tx_lock, flags);
4126 gsm_dlci_modem_output(gsm, dlci, brk);
4127 spin_unlock_irqrestore(&gsm->tx_lock, flags);
4128 }
4129
4130 /**
4131 * gsm_modem_upd_via_msc - send modem bits via control frame
4132 * @dlci: channel
4133 * @brk: break signal
4134 */
4135
gsm_modem_upd_via_msc(struct gsm_dlci * dlci,u8 brk)4136 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
4137 {
4138 u8 modembits[3];
4139 struct gsm_control *ctrl;
4140 int len = 2;
4141
4142 if (dlci->gsm->encoding != GSM_BASIC_OPT)
4143 return 0;
4144
4145 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
4146 if (!brk) {
4147 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
4148 } else {
4149 modembits[1] = gsm_encode_modem(dlci) << 1;
4150 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
4151 len++;
4152 }
4153 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
4154 if (ctrl == NULL)
4155 return -ENOMEM;
4156 return gsm_control_wait(dlci->gsm, ctrl);
4157 }
4158
4159 /**
4160 * gsm_modem_update - send modem status line state
4161 * @dlci: channel
4162 * @brk: break signal
4163 */
4164
gsm_modem_update(struct gsm_dlci * dlci,u8 brk)4165 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
4166 {
4167 if (dlci->gsm->dead)
4168 return -EL2HLT;
4169 if (dlci->adaption == 2) {
4170 /* Send convergence layer type 2 empty data frame. */
4171 gsm_modem_upd_via_data(dlci, brk);
4172 return 0;
4173 } else if (dlci->gsm->encoding == GSM_BASIC_OPT) {
4174 /* Send as MSC control message. */
4175 return gsm_modem_upd_via_msc(dlci, brk);
4176 }
4177
4178 /* Modem status lines are not supported. */
4179 return -EPROTONOSUPPORT;
4180 }
4181
4182 /**
4183 * gsm_wait_modem_change - wait for modem status line change
4184 * @dlci: channel
4185 * @mask: modem status line bits
4186 *
4187 * The function returns if:
4188 * - any given modem status line bit changed
4189 * - the wait event function got interrupted (e.g. by a signal)
4190 * - the underlying DLCI was closed
4191 * - the underlying ldisc device was removed
4192 */
gsm_wait_modem_change(struct gsm_dlci * dlci,u32 mask)4193 static int gsm_wait_modem_change(struct gsm_dlci *dlci, u32 mask)
4194 {
4195 struct gsm_mux *gsm = dlci->gsm;
4196 u32 old = dlci->modem_rx;
4197 int ret;
4198
4199 ret = wait_event_interruptible(gsm->event, gsm->dead ||
4200 dlci->state != DLCI_OPEN ||
4201 (old ^ dlci->modem_rx) & mask);
4202 if (gsm->dead)
4203 return -ENODEV;
4204 if (dlci->state != DLCI_OPEN)
4205 return -EL2NSYNC;
4206 return ret;
4207 }
4208
gsm_carrier_raised(struct tty_port * port)4209 static bool gsm_carrier_raised(struct tty_port *port)
4210 {
4211 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4212 struct gsm_mux *gsm = dlci->gsm;
4213
4214 /* Not yet open so no carrier info */
4215 if (dlci->state != DLCI_OPEN)
4216 return false;
4217 if (debug & DBG_CD_ON)
4218 return true;
4219
4220 /*
4221 * Basic mode with control channel in ADM mode may not respond
4222 * to CMD_MSC at all and modem_rx is empty.
4223 */
4224 if (gsm->encoding == GSM_BASIC_OPT &&
4225 gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx)
4226 return true;
4227
4228 return dlci->modem_rx & TIOCM_CD;
4229 }
4230
gsm_dtr_rts(struct tty_port * port,bool active)4231 static void gsm_dtr_rts(struct tty_port *port, bool active)
4232 {
4233 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4234 unsigned int modem_tx = dlci->modem_tx;
4235 if (active)
4236 modem_tx |= TIOCM_DTR | TIOCM_RTS;
4237 else
4238 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
4239 if (modem_tx != dlci->modem_tx) {
4240 dlci->modem_tx = modem_tx;
4241 gsm_modem_update(dlci, 0);
4242 }
4243 }
4244
4245 static const struct tty_port_operations gsm_port_ops = {
4246 .carrier_raised = gsm_carrier_raised,
4247 .dtr_rts = gsm_dtr_rts,
4248 .destruct = gsm_dlci_free,
4249 };
4250
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)4251 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
4252 {
4253 struct gsm_mux *gsm;
4254 struct gsm_dlci *dlci;
4255 unsigned int line = tty->index;
4256 unsigned int mux = mux_line_to_num(line);
4257 bool alloc = false;
4258 int ret;
4259
4260 line = line & 0x3F;
4261
4262 if (mux >= MAX_MUX)
4263 return -ENXIO;
4264 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
4265 if (gsm_mux[mux] == NULL)
4266 return -EUNATCH;
4267 if (line == 0 || line > 61) /* 62/63 reserved */
4268 return -ECHRNG;
4269 gsm = gsm_mux[mux];
4270 if (gsm->dead)
4271 return -EL2HLT;
4272 /* If DLCI 0 is not yet fully open return an error.
4273 This is ok from a locking
4274 perspective as we don't have to worry about this
4275 if DLCI0 is lost */
4276 mutex_lock(&gsm->mutex);
4277 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
4278 mutex_unlock(&gsm->mutex);
4279 return -EL2NSYNC;
4280 }
4281 dlci = gsm->dlci[line];
4282 if (dlci == NULL) {
4283 alloc = true;
4284 dlci = gsm_dlci_alloc(gsm, line);
4285 }
4286 if (dlci == NULL) {
4287 mutex_unlock(&gsm->mutex);
4288 return -ENOMEM;
4289 }
4290 ret = tty_port_install(&dlci->port, driver, tty);
4291 if (ret) {
4292 if (alloc)
4293 dlci_put(dlci);
4294 mutex_unlock(&gsm->mutex);
4295 return ret;
4296 }
4297
4298 dlci_get(dlci);
4299 dlci_get(gsm->dlci[0]);
4300 mux_get(gsm);
4301 tty->driver_data = dlci;
4302 mutex_unlock(&gsm->mutex);
4303
4304 return 0;
4305 }
4306
gsmtty_open(struct tty_struct * tty,struct file * filp)4307 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
4308 {
4309 struct gsm_dlci *dlci = tty->driver_data;
4310 struct tty_port *port = &dlci->port;
4311
4312 port->count++;
4313 tty_port_tty_set(port, tty);
4314
4315 dlci->modem_rx = 0;
4316 /* We could in theory open and close before we wait - eg if we get
4317 a DM straight back. This is ok as that will have caused a hangup */
4318 tty_port_set_initialized(port, true);
4319 /* Start sending off SABM messages */
4320 if (!dlci->gsm->wait_config) {
4321 /* Start sending off SABM messages */
4322 if (dlci->gsm->initiator)
4323 gsm_dlci_begin_open(dlci);
4324 else
4325 gsm_dlci_set_opening(dlci);
4326 } else {
4327 gsm_dlci_set_wait_config(dlci);
4328 }
4329 /* And wait for virtual carrier */
4330 return tty_port_block_til_ready(port, tty, filp);
4331 }
4332
gsmtty_close(struct tty_struct * tty,struct file * filp)4333 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
4334 {
4335 struct gsm_dlci *dlci = tty->driver_data;
4336
4337 if (dlci == NULL)
4338 return;
4339 if (dlci->state == DLCI_CLOSED)
4340 return;
4341 mutex_lock(&dlci->mutex);
4342 gsm_destroy_network(dlci);
4343 mutex_unlock(&dlci->mutex);
4344 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
4345 return;
4346 gsm_dlci_begin_close(dlci);
4347 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
4348 tty_port_lower_dtr_rts(&dlci->port);
4349 tty_port_close_end(&dlci->port, tty);
4350 tty_port_tty_set(&dlci->port, NULL);
4351 return;
4352 }
4353
gsmtty_hangup(struct tty_struct * tty)4354 static void gsmtty_hangup(struct tty_struct *tty)
4355 {
4356 struct gsm_dlci *dlci = tty->driver_data;
4357 if (dlci->state == DLCI_CLOSED)
4358 return;
4359 tty_port_hangup(&dlci->port);
4360 gsm_dlci_begin_close(dlci);
4361 }
4362
gsmtty_write(struct tty_struct * tty,const u8 * buf,size_t len)4363 static ssize_t gsmtty_write(struct tty_struct *tty, const u8 *buf, size_t len)
4364 {
4365 int sent;
4366 struct gsm_dlci *dlci = tty->driver_data;
4367 if (dlci->state == DLCI_CLOSED)
4368 return -EINVAL;
4369 /* Stuff the bytes into the fifo queue */
4370 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
4371 /* Need to kick the channel */
4372 gsm_dlci_data_kick(dlci);
4373 return sent;
4374 }
4375
gsmtty_write_room(struct tty_struct * tty)4376 static unsigned int gsmtty_write_room(struct tty_struct *tty)
4377 {
4378 struct gsm_dlci *dlci = tty->driver_data;
4379 if (dlci->state == DLCI_CLOSED)
4380 return 0;
4381 return kfifo_avail(&dlci->fifo);
4382 }
4383
gsmtty_chars_in_buffer(struct tty_struct * tty)4384 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
4385 {
4386 struct gsm_dlci *dlci = tty->driver_data;
4387 if (dlci->state == DLCI_CLOSED)
4388 return 0;
4389 return kfifo_len(&dlci->fifo);
4390 }
4391
gsmtty_flush_buffer(struct tty_struct * tty)4392 static void gsmtty_flush_buffer(struct tty_struct *tty)
4393 {
4394 struct gsm_dlci *dlci = tty->driver_data;
4395 unsigned long flags;
4396
4397 if (dlci->state == DLCI_CLOSED)
4398 return;
4399 /* Caution needed: If we implement reliable transport classes
4400 then the data being transmitted can't simply be junked once
4401 it has first hit the stack. Until then we can just blow it
4402 away */
4403 spin_lock_irqsave(&dlci->lock, flags);
4404 kfifo_reset(&dlci->fifo);
4405 spin_unlock_irqrestore(&dlci->lock, flags);
4406 /* Need to unhook this DLCI from the transmit queue logic */
4407 }
4408
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)4409 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
4410 {
4411 /* The FIFO handles the queue so the kernel will do the right
4412 thing waiting on chars_in_buffer before calling us. No work
4413 to do here */
4414 }
4415
gsmtty_tiocmget(struct tty_struct * tty)4416 static int gsmtty_tiocmget(struct tty_struct *tty)
4417 {
4418 struct gsm_dlci *dlci = tty->driver_data;
4419 if (dlci->state == DLCI_CLOSED)
4420 return -EINVAL;
4421 return dlci->modem_rx;
4422 }
4423
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)4424 static int gsmtty_tiocmset(struct tty_struct *tty,
4425 unsigned int set, unsigned int clear)
4426 {
4427 struct gsm_dlci *dlci = tty->driver_data;
4428 unsigned int modem_tx = dlci->modem_tx;
4429
4430 if (dlci->state == DLCI_CLOSED)
4431 return -EINVAL;
4432 modem_tx &= ~clear;
4433 modem_tx |= set;
4434
4435 if (modem_tx != dlci->modem_tx) {
4436 dlci->modem_tx = modem_tx;
4437 return gsm_modem_update(dlci, 0);
4438 }
4439 return 0;
4440 }
4441
4442
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)4443 static int gsmtty_ioctl(struct tty_struct *tty,
4444 unsigned int cmd, unsigned long arg)
4445 {
4446 struct gsm_dlci *dlci = tty->driver_data;
4447 struct gsm_netconfig nc;
4448 struct gsm_dlci_config dc;
4449 int index;
4450
4451 if (dlci->state == DLCI_CLOSED)
4452 return -EINVAL;
4453 switch (cmd) {
4454 case GSMIOC_ENABLE_NET:
4455 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
4456 return -EFAULT;
4457 nc.if_name[IFNAMSIZ-1] = '\0';
4458 /* return net interface index or error code */
4459 mutex_lock(&dlci->mutex);
4460 index = gsm_create_network(dlci, &nc);
4461 mutex_unlock(&dlci->mutex);
4462 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
4463 return -EFAULT;
4464 return index;
4465 case GSMIOC_DISABLE_NET:
4466 if (!capable(CAP_NET_ADMIN))
4467 return -EPERM;
4468 mutex_lock(&dlci->mutex);
4469 gsm_destroy_network(dlci);
4470 mutex_unlock(&dlci->mutex);
4471 return 0;
4472 case GSMIOC_GETCONF_DLCI:
4473 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4474 return -EFAULT;
4475 if (dc.channel != dlci->addr)
4476 return -EPERM;
4477 gsm_dlci_copy_config_values(dlci, &dc);
4478 if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
4479 return -EFAULT;
4480 return 0;
4481 case GSMIOC_SETCONF_DLCI:
4482 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4483 return -EFAULT;
4484 if (dc.channel >= NUM_DLCI)
4485 return -EINVAL;
4486 if (dc.channel != 0 && dc.channel != dlci->addr)
4487 return -EPERM;
4488 return gsm_dlci_config(dlci, &dc, 1);
4489 case TIOCMIWAIT:
4490 return gsm_wait_modem_change(dlci, (u32)arg);
4491 default:
4492 return -ENOIOCTLCMD;
4493 }
4494 }
4495
gsmtty_set_termios(struct tty_struct * tty,const struct ktermios * old)4496 static void gsmtty_set_termios(struct tty_struct *tty,
4497 const struct ktermios *old)
4498 {
4499 struct gsm_dlci *dlci = tty->driver_data;
4500 if (dlci->state == DLCI_CLOSED)
4501 return;
4502 /* For the moment its fixed. In actual fact the speed information
4503 for the virtual channel can be propogated in both directions by
4504 the RPN control message. This however rapidly gets nasty as we
4505 then have to remap modem signals each way according to whether
4506 our virtual cable is null modem etc .. */
4507 tty_termios_copy_hw(&tty->termios, old);
4508 }
4509
gsmtty_throttle(struct tty_struct * tty)4510 static void gsmtty_throttle(struct tty_struct *tty)
4511 {
4512 struct gsm_dlci *dlci = tty->driver_data;
4513 if (dlci->state == DLCI_CLOSED)
4514 return;
4515 if (C_CRTSCTS(tty))
4516 dlci->modem_tx &= ~TIOCM_RTS;
4517 dlci->throttled = true;
4518 /* Send an MSC with RTS cleared */
4519 gsm_modem_update(dlci, 0);
4520 }
4521
gsmtty_unthrottle(struct tty_struct * tty)4522 static void gsmtty_unthrottle(struct tty_struct *tty)
4523 {
4524 struct gsm_dlci *dlci = tty->driver_data;
4525 if (dlci->state == DLCI_CLOSED)
4526 return;
4527 if (C_CRTSCTS(tty))
4528 dlci->modem_tx |= TIOCM_RTS;
4529 dlci->throttled = false;
4530 /* Send an MSC with RTS set */
4531 gsm_modem_update(dlci, 0);
4532 }
4533
gsmtty_break_ctl(struct tty_struct * tty,int state)4534 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
4535 {
4536 struct gsm_dlci *dlci = tty->driver_data;
4537 int encode = 0; /* Off */
4538 if (dlci->state == DLCI_CLOSED)
4539 return -EINVAL;
4540
4541 if (state == -1) /* "On indefinitely" - we can't encode this
4542 properly */
4543 encode = 0x0F;
4544 else if (state > 0) {
4545 encode = state / 200; /* mS to encoding */
4546 if (encode > 0x0F)
4547 encode = 0x0F; /* Best effort */
4548 }
4549 return gsm_modem_update(dlci, encode);
4550 }
4551
gsmtty_cleanup(struct tty_struct * tty)4552 static void gsmtty_cleanup(struct tty_struct *tty)
4553 {
4554 struct gsm_dlci *dlci = tty->driver_data;
4555 struct gsm_mux *gsm = dlci->gsm;
4556
4557 dlci_put(dlci);
4558 dlci_put(gsm->dlci[0]);
4559 mux_put(gsm);
4560 }
4561
4562 /* Virtual ttys for the demux */
4563 static const struct tty_operations gsmtty_ops = {
4564 .install = gsmtty_install,
4565 .open = gsmtty_open,
4566 .close = gsmtty_close,
4567 .write = gsmtty_write,
4568 .write_room = gsmtty_write_room,
4569 .chars_in_buffer = gsmtty_chars_in_buffer,
4570 .flush_buffer = gsmtty_flush_buffer,
4571 .ioctl = gsmtty_ioctl,
4572 .throttle = gsmtty_throttle,
4573 .unthrottle = gsmtty_unthrottle,
4574 .set_termios = gsmtty_set_termios,
4575 .hangup = gsmtty_hangup,
4576 .wait_until_sent = gsmtty_wait_until_sent,
4577 .tiocmget = gsmtty_tiocmget,
4578 .tiocmset = gsmtty_tiocmset,
4579 .break_ctl = gsmtty_break_ctl,
4580 .cleanup = gsmtty_cleanup,
4581 };
4582
4583
4584
gsm_init(void)4585 static int __init gsm_init(void)
4586 {
4587 /* Fill in our line protocol discipline, and register it */
4588 int status = tty_register_ldisc(&tty_ldisc_packet);
4589 if (status != 0) {
4590 pr_err("n_gsm: can't register line discipline (err = %d)\n",
4591 status);
4592 return status;
4593 }
4594
4595 gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW |
4596 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
4597 if (IS_ERR(gsm_tty_driver)) {
4598 pr_err("gsm_init: tty allocation failed.\n");
4599 status = PTR_ERR(gsm_tty_driver);
4600 goto err_unreg_ldisc;
4601 }
4602 gsm_tty_driver->driver_name = "gsmtty";
4603 gsm_tty_driver->name = "gsmtty";
4604 gsm_tty_driver->major = 0; /* Dynamic */
4605 gsm_tty_driver->minor_start = 0;
4606 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
4607 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
4608 gsm_tty_driver->init_termios = tty_std_termios;
4609 /* Fixme */
4610 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
4611 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
4612
4613 if (tty_register_driver(gsm_tty_driver)) {
4614 pr_err("gsm_init: tty registration failed.\n");
4615 status = -EBUSY;
4616 goto err_put_driver;
4617 }
4618 pr_debug("gsm_init: loaded as %d,%d.\n",
4619 gsm_tty_driver->major, gsm_tty_driver->minor_start);
4620 return 0;
4621 err_put_driver:
4622 tty_driver_kref_put(gsm_tty_driver);
4623 err_unreg_ldisc:
4624 tty_unregister_ldisc(&tty_ldisc_packet);
4625 return status;
4626 }
4627
gsm_exit(void)4628 static void __exit gsm_exit(void)
4629 {
4630 tty_unregister_ldisc(&tty_ldisc_packet);
4631 tty_unregister_driver(gsm_tty_driver);
4632 tty_driver_kref_put(gsm_tty_driver);
4633 }
4634
4635 module_init(gsm_init);
4636 module_exit(gsm_exit);
4637
4638
4639 MODULE_LICENSE("GPL");
4640 MODULE_ALIAS_LDISC(N_GSM0710);
4641