xref: /openbmc/linux/drivers/tty/n_gsm.c (revision 09138ba68c1487a42c400485e999386a74911dbc)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * n_gsm.c GSM 0710 tty multiplexor
4  * Copyright (c) 2009/10 Intel Corporation
5  *
6  *	* THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7  *
8  * Outgoing path:
9  * tty -> DLCI fifo -> scheduler -> GSM MUX data queue    ---o-> ldisc
10  * control message               -> GSM MUX control queue --´
11  *
12  * Incoming path:
13  * ldisc -> gsm_queue() -o--> tty
14  *                        `-> gsm_control_response()
15  *
16  * TO DO:
17  *	Mostly done:	ioctls for setting modes/timing
18  *	Partly done:	hooks so you can pull off frames to non tty devs
19  *	Restart DLCI 0 when it closes ?
20  *	Improve the tx engine
21  *	Resolve tx side locking by adding a queue_head and routing
22  *		all control traffic via it
23  *	General tidy/document
24  *	Review the locking/move to refcounts more (mux now moved to an
25  *		alloc/free model ready)
26  *	Use newest tty open/close port helpers and install hooks
27  *	What to do about power functions ?
28  *	Termios setting and negotiation
29  *	Do we need a 'which mux are you' ioctl to correlate mux and tty sets
30  *
31  */
32 
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched/signal.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/bitfield.h>
42 #include <linux/ctype.h>
43 #include <linux/mm.h>
44 #include <linux/math.h>
45 #include <linux/nospec.h>
46 #include <linux/string.h>
47 #include <linux/slab.h>
48 #include <linux/poll.h>
49 #include <linux/bitops.h>
50 #include <linux/file.h>
51 #include <linux/uaccess.h>
52 #include <linux/module.h>
53 #include <linux/timer.h>
54 #include <linux/tty_flip.h>
55 #include <linux/tty_driver.h>
56 #include <linux/serial.h>
57 #include <linux/kfifo.h>
58 #include <linux/skbuff.h>
59 #include <net/arp.h>
60 #include <linux/ip.h>
61 #include <linux/netdevice.h>
62 #include <linux/etherdevice.h>
63 #include <linux/gsmmux.h>
64 #include "tty.h"
65 
66 static int debug;
67 module_param(debug, int, 0600);
68 
69 /* Module debug bits */
70 #define DBG_DUMP	BIT(0) /* Data transmission dump. */
71 #define DBG_CD_ON	BIT(1) /* Always assume CD line on. */
72 #define DBG_DATA	BIT(2) /* Data transmission details. */
73 #define DBG_ERRORS	BIT(3) /* Details for fail conditions. */
74 #define DBG_TTY		BIT(4) /* Transmission statistics for DLCI TTYs. */
75 #define DBG_PAYLOAD	BIT(5) /* Limits DBG_DUMP to payload frames. */
76 
77 /* Defaults: these are from the specification */
78 
79 #define T1	10		/* 100mS */
80 #define T2	34		/* 333mS */
81 #define T3	10		/* 10s */
82 #define N2	3		/* Retry 3 times */
83 #define K	2		/* outstanding I frames */
84 
85 #define MAX_T3 255		/* In seconds. */
86 #define MAX_WINDOW_SIZE 7	/* Limit of K in error recovery mode. */
87 
88 /* Use long timers for testing at low speed with debug on */
89 #ifdef DEBUG_TIMING
90 #define T1	100
91 #define T2	200
92 #endif
93 
94 /*
95  * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
96  * limits so this is plenty
97  */
98 #define MAX_MRU 1500
99 #define MAX_MTU 1500
100 #define MIN_MTU (PROT_OVERHEAD + 1)
101 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
102 #define PROT_OVERHEAD 7
103 #define	GSM_NET_TX_TIMEOUT (HZ*10)
104 
105 /*
106  *	struct gsm_mux_net	-	network interface
107  *
108  *	Created when net interface is initialized.
109  */
110 struct gsm_mux_net {
111 	struct kref ref;
112 	struct gsm_dlci *dlci;
113 };
114 
115 /*
116  *	Each block of data we have queued to go out is in the form of
117  *	a gsm_msg which holds everything we need in a link layer independent
118  *	format
119  */
120 
121 struct gsm_msg {
122 	struct list_head list;
123 	u8 addr;		/* DLCI address + flags */
124 	u8 ctrl;		/* Control byte + flags */
125 	unsigned int len;	/* Length of data block (can be zero) */
126 	unsigned char *data;	/* Points into buffer but not at the start */
127 	unsigned char buffer[];
128 };
129 
130 enum gsm_dlci_state {
131 	DLCI_CLOSED,
132 	DLCI_WAITING_CONFIG,	/* Waiting for DLCI configuration from user */
133 	DLCI_CONFIGURE,		/* Sending PN (for adaption > 1) */
134 	DLCI_OPENING,		/* Sending SABM not seen UA */
135 	DLCI_OPEN,		/* SABM/UA complete */
136 	DLCI_CLOSING,		/* Sending DISC not seen UA/DM */
137 };
138 
139 enum gsm_dlci_mode {
140 	DLCI_MODE_ABM,		/* Normal Asynchronous Balanced Mode */
141 	DLCI_MODE_ADM,		/* Asynchronous Disconnected Mode */
142 };
143 
144 /*
145  *	Each active data link has a gsm_dlci structure associated which ties
146  *	the link layer to an optional tty (if the tty side is open). To avoid
147  *	complexity right now these are only ever freed up when the mux is
148  *	shut down.
149  *
150  *	At the moment we don't free DLCI objects until the mux is torn down
151  *	this avoid object life time issues but might be worth review later.
152  */
153 
154 struct gsm_dlci {
155 	struct gsm_mux *gsm;
156 	int addr;
157 	enum gsm_dlci_state state;
158 	struct mutex mutex;
159 
160 	/* Link layer */
161 	enum gsm_dlci_mode mode;
162 	spinlock_t lock;	/* Protects the internal state */
163 	struct timer_list t1;	/* Retransmit timer for SABM and UA */
164 	int retries;
165 	/* Uplink tty if active */
166 	struct tty_port port;	/* The tty bound to this DLCI if there is one */
167 #define TX_SIZE		4096    /* Must be power of 2. */
168 	struct kfifo fifo;	/* Queue fifo for the DLCI */
169 	int adaption;		/* Adaption layer in use */
170 	int prev_adaption;
171 	u32 modem_rx;		/* Our incoming virtual modem lines */
172 	u32 modem_tx;		/* Our outgoing modem lines */
173 	unsigned int mtu;
174 	bool dead;		/* Refuse re-open */
175 	/* Configuration */
176 	u8 prio;		/* Priority */
177 	u8 ftype;		/* Frame type */
178 	u8 k;			/* Window size */
179 	/* Flow control */
180 	bool throttled;		/* Private copy of throttle state */
181 	bool constipated;	/* Throttle status for outgoing */
182 	/* Packetised I/O */
183 	struct sk_buff *skb;	/* Frame being sent */
184 	struct sk_buff_head skb_list;	/* Queued frames */
185 	/* Data handling callback */
186 	void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
187 	void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
188 	struct net_device *net; /* network interface, if created */
189 };
190 
191 /*
192  * Parameter bits used for parameter negotiation according to 3GPP 27.010
193  * chapter 5.4.6.3.1.
194  */
195 
196 struct gsm_dlci_param_bits {
197 	u8 d_bits;
198 	u8 i_cl_bits;
199 	u8 p_bits;
200 	u8 t_bits;
201 	__le16 n_bits;
202 	u8 na_bits;
203 	u8 k_bits;
204 };
205 
206 static_assert(sizeof(struct gsm_dlci_param_bits) == 8);
207 
208 #define PN_D_FIELD_DLCI		GENMASK(5, 0)
209 #define PN_I_CL_FIELD_FTYPE	GENMASK(3, 0)
210 #define PN_I_CL_FIELD_ADAPTION	GENMASK(7, 4)
211 #define PN_P_FIELD_PRIO		GENMASK(5, 0)
212 #define PN_T_FIELD_T1		GENMASK(7, 0)
213 #define PN_N_FIELD_N1		GENMASK(15, 0)
214 #define PN_NA_FIELD_N2		GENMASK(7, 0)
215 #define PN_K_FIELD_K		GENMASK(2, 0)
216 
217 /* Total number of supported devices */
218 #define GSM_TTY_MINORS		256
219 
220 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
221 
222 #define NUM_DLCI		64
223 
224 /*
225  *	DLCI 0 is used to pass control blocks out of band of the data
226  *	flow (and with a higher link priority). One command can be outstanding
227  *	at a time and we use this structure to manage them. They are created
228  *	and destroyed by the user context, and updated by the receive paths
229  *	and timers
230  */
231 
232 struct gsm_control {
233 	u8 cmd;		/* Command we are issuing */
234 	u8 *data;	/* Data for the command in case we retransmit */
235 	int len;	/* Length of block for retransmission */
236 	int done;	/* Done flag */
237 	int error;	/* Error if any */
238 };
239 
240 enum gsm_encoding {
241 	GSM_BASIC_OPT,
242 	GSM_ADV_OPT,
243 };
244 
245 enum gsm_mux_state {
246 	GSM_SEARCH,
247 	GSM0_ADDRESS,
248 	GSM0_CONTROL,
249 	GSM0_LEN0,
250 	GSM0_LEN1,
251 	GSM0_DATA,
252 	GSM0_FCS,
253 	GSM0_SSOF,
254 	GSM1_START,
255 	GSM1_ADDRESS,
256 	GSM1_CONTROL,
257 	GSM1_DATA,
258 	GSM1_OVERRUN,
259 };
260 
261 /*
262  *	Each GSM mux we have is represented by this structure. If we are
263  *	operating as an ldisc then we use this structure as our ldisc
264  *	state. We need to sort out lifetimes and locking with respect
265  *	to the gsm mux array. For now we don't free DLCI objects that
266  *	have been instantiated until the mux itself is terminated.
267  *
268  *	To consider further: tty open versus mux shutdown.
269  */
270 
271 struct gsm_mux {
272 	struct tty_struct *tty;		/* The tty our ldisc is bound to */
273 	spinlock_t lock;
274 	struct mutex mutex;
275 	unsigned int num;
276 	struct kref ref;
277 
278 	/* Events on the GSM channel */
279 	wait_queue_head_t event;
280 
281 	/* ldisc send work */
282 	struct work_struct tx_work;
283 
284 	/* Bits for GSM mode decoding */
285 
286 	/* Framing Layer */
287 	unsigned char *buf;
288 	enum gsm_mux_state state;
289 	unsigned int len;
290 	unsigned int address;
291 	unsigned int count;
292 	bool escape;
293 	enum gsm_encoding encoding;
294 	u8 control;
295 	u8 fcs;
296 	u8 *txframe;			/* TX framing buffer */
297 
298 	/* Method for the receiver side */
299 	void (*receive)(struct gsm_mux *gsm, u8 ch);
300 
301 	/* Link Layer */
302 	unsigned int mru;
303 	unsigned int mtu;
304 	int initiator;			/* Did we initiate connection */
305 	bool dead;			/* Has the mux been shut down */
306 	struct gsm_dlci *dlci[NUM_DLCI];
307 	int old_c_iflag;		/* termios c_iflag value before attach */
308 	bool constipated;		/* Asked by remote to shut up */
309 	bool has_devices;		/* Devices were registered */
310 
311 	spinlock_t tx_lock;
312 	unsigned int tx_bytes;		/* TX data outstanding */
313 #define TX_THRESH_HI		8192
314 #define TX_THRESH_LO		2048
315 	struct list_head tx_ctrl_list;	/* Pending control packets */
316 	struct list_head tx_data_list;	/* Pending data packets */
317 
318 	/* Control messages */
319 	struct timer_list kick_timer;	/* Kick TX queuing on timeout */
320 	struct timer_list t2_timer;	/* Retransmit timer for commands */
321 	int cretries;			/* Command retry counter */
322 	struct gsm_control *pending_cmd;/* Our current pending command */
323 	spinlock_t control_lock;	/* Protects the pending command */
324 
325 	/* Keep-alive */
326 	struct timer_list ka_timer;	/* Keep-alive response timer */
327 	u8 ka_num;			/* Keep-alive match pattern */
328 	signed int ka_retries;		/* Keep-alive retry counter, -1 if not yet initialized */
329 
330 	/* Configuration */
331 	int adaption;		/* 1 or 2 supported */
332 	u8 ftype;		/* UI or UIH */
333 	int t1, t2;		/* Timers in 1/100th of a sec */
334 	unsigned int t3;	/* Power wake-up timer in seconds. */
335 	int n2;			/* Retry count */
336 	u8 k;			/* Window size */
337 	bool wait_config;	/* Wait for configuration by ioctl before DLCI open */
338 	u32 keep_alive;		/* Control channel keep-alive in 10ms */
339 
340 	/* Statistics (not currently exposed) */
341 	unsigned long bad_fcs;
342 	unsigned long malformed;
343 	unsigned long io_error;
344 	unsigned long open_error;
345 	unsigned long bad_size;
346 	unsigned long unsupported;
347 };
348 
349 
350 /*
351  *	Mux objects - needed so that we can translate a tty index into the
352  *	relevant mux and DLCI.
353  */
354 
355 #define MAX_MUX		4			/* 256 minors */
356 static struct gsm_mux *gsm_mux[MAX_MUX];	/* GSM muxes */
357 static DEFINE_SPINLOCK(gsm_mux_lock);
358 
359 static struct tty_driver *gsm_tty_driver;
360 
361 /*
362  *	This section of the driver logic implements the GSM encodings
363  *	both the basic and the 'advanced'. Reliable transport is not
364  *	supported.
365  */
366 
367 #define CR			0x02
368 #define EA			0x01
369 #define	PF			0x10
370 
371 /* I is special: the rest are ..*/
372 #define RR			0x01
373 #define UI			0x03
374 #define RNR			0x05
375 #define REJ			0x09
376 #define DM			0x0F
377 #define SABM			0x2F
378 #define DISC			0x43
379 #define UA			0x63
380 #define	UIH			0xEF
381 
382 /* Channel commands */
383 #define CMD_NSC			0x09
384 #define CMD_TEST		0x11
385 #define CMD_PSC			0x21
386 #define CMD_RLS			0x29
387 #define CMD_FCOFF		0x31
388 #define CMD_PN			0x41
389 #define CMD_RPN			0x49
390 #define CMD_FCON		0x51
391 #define CMD_CLD			0x61
392 #define CMD_SNC			0x69
393 #define CMD_MSC			0x71
394 
395 /* Virtual modem bits */
396 #define MDM_FC			0x01
397 #define MDM_RTC			0x02
398 #define MDM_RTR			0x04
399 #define MDM_IC			0x20
400 #define MDM_DV			0x40
401 
402 #define GSM0_SOF		0xF9
403 #define GSM1_SOF		0x7E
404 #define GSM1_ESCAPE		0x7D
405 #define GSM1_ESCAPE_BITS	0x20
406 #define XON			0x11
407 #define XOFF			0x13
408 #define ISO_IEC_646_MASK	0x7F
409 
410 static const struct tty_port_operations gsm_port_ops;
411 
412 /*
413  *	CRC table for GSM 0710
414  */
415 
416 static const u8 gsm_fcs8[256] = {
417 	0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
418 	0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
419 	0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
420 	0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
421 	0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
422 	0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
423 	0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
424 	0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
425 	0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
426 	0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
427 	0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
428 	0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
429 	0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
430 	0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
431 	0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
432 	0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
433 	0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
434 	0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
435 	0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
436 	0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
437 	0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
438 	0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
439 	0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
440 	0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
441 	0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
442 	0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
443 	0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
444 	0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
445 	0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
446 	0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
447 	0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
448 	0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
449 };
450 
451 #define INIT_FCS	0xFF
452 #define GOOD_FCS	0xCF
453 
454 static void gsm_dlci_close(struct gsm_dlci *dlci);
455 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
456 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
457 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
458 								u8 ctrl);
459 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
460 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr);
461 static void gsmld_write_trigger(struct gsm_mux *gsm);
462 static void gsmld_write_task(struct work_struct *work);
463 
464 /**
465  *	gsm_fcs_add	-	update FCS
466  *	@fcs: Current FCS
467  *	@c: Next data
468  *
469  *	Update the FCS to include c. Uses the algorithm in the specification
470  *	notes.
471  */
472 
gsm_fcs_add(u8 fcs,u8 c)473 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
474 {
475 	return gsm_fcs8[fcs ^ c];
476 }
477 
478 /**
479  *	gsm_fcs_add_block	-	update FCS for a block
480  *	@fcs: Current FCS
481  *	@c: buffer of data
482  *	@len: length of buffer
483  *
484  *	Update the FCS to include c. Uses the algorithm in the specification
485  *	notes.
486  */
487 
gsm_fcs_add_block(u8 fcs,u8 * c,int len)488 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
489 {
490 	while (len--)
491 		fcs = gsm_fcs8[fcs ^ *c++];
492 	return fcs;
493 }
494 
495 /**
496  *	gsm_read_ea		-	read a byte into an EA
497  *	@val: variable holding value
498  *	@c: byte going into the EA
499  *
500  *	Processes one byte of an EA. Updates the passed variable
501  *	and returns 1 if the EA is now completely read
502  */
503 
gsm_read_ea(unsigned int * val,u8 c)504 static int gsm_read_ea(unsigned int *val, u8 c)
505 {
506 	/* Add the next 7 bits into the value */
507 	*val <<= 7;
508 	*val |= c >> 1;
509 	/* Was this the last byte of the EA 1 = yes*/
510 	return c & EA;
511 }
512 
513 /**
514  *	gsm_read_ea_val	-	read a value until EA
515  *	@val: variable holding value
516  *	@data: buffer of data
517  *	@dlen: length of data
518  *
519  *	Processes an EA value. Updates the passed variable and
520  *	returns the processed data length.
521  */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)522 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
523 {
524 	unsigned int len = 0;
525 
526 	for (; dlen > 0; dlen--) {
527 		len++;
528 		if (gsm_read_ea(val, *data++))
529 			break;
530 	}
531 	return len;
532 }
533 
534 /**
535  *	gsm_encode_modem	-	encode modem data bits
536  *	@dlci: DLCI to encode from
537  *
538  *	Returns the correct GSM encoded modem status bits (6 bit field) for
539  *	the current status of the DLCI and attached tty object
540  */
541 
gsm_encode_modem(const struct gsm_dlci * dlci)542 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
543 {
544 	u8 modembits = 0;
545 	/* FC is true flow control not modem bits */
546 	if (dlci->throttled)
547 		modembits |= MDM_FC;
548 	if (dlci->modem_tx & TIOCM_DTR)
549 		modembits |= MDM_RTC;
550 	if (dlci->modem_tx & TIOCM_RTS)
551 		modembits |= MDM_RTR;
552 	if (dlci->modem_tx & TIOCM_RI)
553 		modembits |= MDM_IC;
554 	if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
555 		modembits |= MDM_DV;
556 	/* special mappings for passive side to operate as UE */
557 	if (dlci->modem_tx & TIOCM_OUT1)
558 		modembits |= MDM_IC;
559 	if (dlci->modem_tx & TIOCM_OUT2)
560 		modembits |= MDM_DV;
561 	return modembits;
562 }
563 
gsm_hex_dump_bytes(const char * fname,const u8 * data,unsigned long len)564 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
565 			       unsigned long len)
566 {
567 	char *prefix;
568 
569 	if (!fname) {
570 		print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
571 			       true);
572 		return;
573 	}
574 
575 	prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
576 	if (!prefix)
577 		return;
578 	print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
579 		       true);
580 	kfree(prefix);
581 }
582 
583 /**
584  * gsm_encode_params	-	encode DLCI parameters
585  * @dlci: DLCI to encode from
586  * @params: buffer to fill with the encoded parameters
587  *
588  * Encodes the parameters according to GSM 07.10 section 5.4.6.3.1
589  * table 3.
590  */
gsm_encode_params(const struct gsm_dlci * dlci,struct gsm_dlci_param_bits * params)591 static int gsm_encode_params(const struct gsm_dlci *dlci,
592 			     struct gsm_dlci_param_bits *params)
593 {
594 	const struct gsm_mux *gsm = dlci->gsm;
595 	unsigned int i, cl;
596 
597 	switch (dlci->ftype) {
598 	case UIH:
599 		i = 0; /* UIH */
600 		break;
601 	case UI:
602 		i = 1; /* UI */
603 		break;
604 	default:
605 		pr_debug("unsupported frame type %d\n", dlci->ftype);
606 		return -EINVAL;
607 	}
608 
609 	switch (dlci->adaption) {
610 	case 1: /* Unstructured */
611 		cl = 0; /* convergence layer type 1 */
612 		break;
613 	case 2: /* Unstructured with modem bits. */
614 		cl = 1; /* convergence layer type 2 */
615 		break;
616 	default:
617 		pr_debug("unsupported adaption %d\n", dlci->adaption);
618 		return -EINVAL;
619 	}
620 
621 	params->d_bits = FIELD_PREP(PN_D_FIELD_DLCI, dlci->addr);
622 	/* UIH, convergence layer type 1 */
623 	params->i_cl_bits = FIELD_PREP(PN_I_CL_FIELD_FTYPE, i) |
624 			    FIELD_PREP(PN_I_CL_FIELD_ADAPTION, cl);
625 	params->p_bits = FIELD_PREP(PN_P_FIELD_PRIO, dlci->prio);
626 	params->t_bits = FIELD_PREP(PN_T_FIELD_T1, gsm->t1);
627 	params->n_bits = cpu_to_le16(FIELD_PREP(PN_N_FIELD_N1, dlci->mtu));
628 	params->na_bits = FIELD_PREP(PN_NA_FIELD_N2, gsm->n2);
629 	params->k_bits = FIELD_PREP(PN_K_FIELD_K, dlci->k);
630 
631 	return 0;
632 }
633 
634 /**
635  *	gsm_register_devices	-	register all tty devices for a given mux index
636  *
637  *	@driver: the tty driver that describes the tty devices
638  *	@index:  the mux number is used to calculate the minor numbers of the
639  *	         ttys for this mux and may differ from the position in the
640  *	         mux array.
641  */
gsm_register_devices(struct tty_driver * driver,unsigned int index)642 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
643 {
644 	struct device *dev;
645 	int i;
646 	unsigned int base;
647 
648 	if (!driver || index >= MAX_MUX)
649 		return -EINVAL;
650 
651 	base = index * NUM_DLCI; /* first minor for this index */
652 	for (i = 1; i < NUM_DLCI; i++) {
653 		/* Don't register device 0 - this is the control channel
654 		 * and not a usable tty interface
655 		 */
656 		dev = tty_register_device(gsm_tty_driver, base + i, NULL);
657 		if (IS_ERR(dev)) {
658 			if (debug & DBG_ERRORS)
659 				pr_info("%s failed to register device minor %u",
660 					__func__, base + i);
661 			for (i--; i >= 1; i--)
662 				tty_unregister_device(gsm_tty_driver, base + i);
663 			return PTR_ERR(dev);
664 		}
665 	}
666 
667 	return 0;
668 }
669 
670 /**
671  *	gsm_unregister_devices	-	unregister all tty devices for a given mux index
672  *
673  *	@driver: the tty driver that describes the tty devices
674  *	@index:  the mux number is used to calculate the minor numbers of the
675  *	         ttys for this mux and may differ from the position in the
676  *	         mux array.
677  */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)678 static void gsm_unregister_devices(struct tty_driver *driver,
679 				   unsigned int index)
680 {
681 	int i;
682 	unsigned int base;
683 
684 	if (!driver || index >= MAX_MUX)
685 		return;
686 
687 	base = index * NUM_DLCI; /* first minor for this index */
688 	for (i = 1; i < NUM_DLCI; i++) {
689 		/* Don't unregister device 0 - this is the control
690 		 * channel and not a usable tty interface
691 		 */
692 		tty_unregister_device(gsm_tty_driver, base + i);
693 	}
694 }
695 
696 /**
697  *	gsm_print_packet	-	display a frame for debug
698  *	@hdr: header to print before decode
699  *	@addr: address EA from the frame
700  *	@cr: C/R bit seen as initiator
701  *	@control: control including PF bit
702  *	@data: following data bytes
703  *	@dlen: length of data
704  *
705  *	Displays a packet in human readable format for debugging purposes. The
706  *	style is based on amateur radio LAP-B dump display.
707  */
708 
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)709 static void gsm_print_packet(const char *hdr, int addr, int cr,
710 					u8 control, const u8 *data, int dlen)
711 {
712 	if (!(debug & DBG_DUMP))
713 		return;
714 	/* Only show user payload frames if debug & DBG_PAYLOAD */
715 	if (!(debug & DBG_PAYLOAD) && addr != 0)
716 		if ((control & ~PF) == UI || (control & ~PF) == UIH)
717 			return;
718 
719 	pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
720 
721 	switch (control & ~PF) {
722 	case SABM:
723 		pr_cont("SABM");
724 		break;
725 	case UA:
726 		pr_cont("UA");
727 		break;
728 	case DISC:
729 		pr_cont("DISC");
730 		break;
731 	case DM:
732 		pr_cont("DM");
733 		break;
734 	case UI:
735 		pr_cont("UI");
736 		break;
737 	case UIH:
738 		pr_cont("UIH");
739 		break;
740 	default:
741 		if (!(control & 0x01)) {
742 			pr_cont("I N(S)%d N(R)%d",
743 				(control & 0x0E) >> 1, (control & 0xE0) >> 5);
744 		} else switch (control & 0x0F) {
745 			case RR:
746 				pr_cont("RR(%d)", (control & 0xE0) >> 5);
747 				break;
748 			case RNR:
749 				pr_cont("RNR(%d)", (control & 0xE0) >> 5);
750 				break;
751 			case REJ:
752 				pr_cont("REJ(%d)", (control & 0xE0) >> 5);
753 				break;
754 			default:
755 				pr_cont("[%02X]", control);
756 		}
757 	}
758 
759 	if (control & PF)
760 		pr_cont("(P)");
761 	else
762 		pr_cont("(F)");
763 
764 	gsm_hex_dump_bytes(NULL, data, dlen);
765 }
766 
767 
768 /*
769  *	Link level transmission side
770  */
771 
772 /**
773  *	gsm_stuff_frame	-	bytestuff a packet
774  *	@input: input buffer
775  *	@output: output buffer
776  *	@len: length of input
777  *
778  *	Expand a buffer by bytestuffing it. The worst case size change
779  *	is doubling and the caller is responsible for handing out
780  *	suitable sized buffers.
781  */
782 
gsm_stuff_frame(const u8 * input,u8 * output,int len)783 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
784 {
785 	int olen = 0;
786 	while (len--) {
787 		if (*input == GSM1_SOF || *input == GSM1_ESCAPE
788 		    || (*input & ISO_IEC_646_MASK) == XON
789 		    || (*input & ISO_IEC_646_MASK) == XOFF) {
790 			*output++ = GSM1_ESCAPE;
791 			*output++ = *input++ ^ GSM1_ESCAPE_BITS;
792 			olen++;
793 		} else
794 			*output++ = *input++;
795 		olen++;
796 	}
797 	return olen;
798 }
799 
800 /**
801  *	gsm_send	-	send a control frame
802  *	@gsm: our GSM mux
803  *	@addr: address for control frame
804  *	@cr: command/response bit seen as initiator
805  *	@control:  control byte including PF bit
806  *
807  *	Format up and transmit a control frame. These should be transmitted
808  *	ahead of data when they are needed.
809  */
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)810 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
811 {
812 	struct gsm_msg *msg;
813 	u8 *dp;
814 	int ocr;
815 	unsigned long flags;
816 
817 	msg = gsm_data_alloc(gsm, addr, 0, control);
818 	if (!msg)
819 		return -ENOMEM;
820 
821 	/* toggle C/R coding if not initiator */
822 	ocr = cr ^ (gsm->initiator ? 0 : 1);
823 
824 	msg->data -= 3;
825 	dp = msg->data;
826 	*dp++ = (addr << 2) | (ocr << 1) | EA;
827 	*dp++ = control;
828 
829 	if (gsm->encoding == GSM_BASIC_OPT)
830 		*dp++ = EA; /* Length of data = 0 */
831 
832 	*dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
833 	msg->len = (dp - msg->data) + 1;
834 
835 	gsm_print_packet("Q->", addr, cr, control, NULL, 0);
836 
837 	spin_lock_irqsave(&gsm->tx_lock, flags);
838 	list_add_tail(&msg->list, &gsm->tx_ctrl_list);
839 	gsm->tx_bytes += msg->len;
840 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
841 	gsmld_write_trigger(gsm);
842 
843 	return 0;
844 }
845 
846 /**
847  *	gsm_dlci_clear_queues	-	remove outstanding data for a DLCI
848  *	@gsm: mux
849  *	@dlci: clear for this DLCI
850  *
851  *	Clears the data queues for a given DLCI.
852  */
gsm_dlci_clear_queues(struct gsm_mux * gsm,struct gsm_dlci * dlci)853 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
854 {
855 	struct gsm_msg *msg, *nmsg;
856 	int addr = dlci->addr;
857 	unsigned long flags;
858 
859 	/* Clear DLCI write fifo first */
860 	spin_lock_irqsave(&dlci->lock, flags);
861 	kfifo_reset(&dlci->fifo);
862 	spin_unlock_irqrestore(&dlci->lock, flags);
863 
864 	/* Clear data packets in MUX write queue */
865 	spin_lock_irqsave(&gsm->tx_lock, flags);
866 	list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
867 		if (msg->addr != addr)
868 			continue;
869 		gsm->tx_bytes -= msg->len;
870 		list_del(&msg->list);
871 		kfree(msg);
872 	}
873 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
874 }
875 
876 /**
877  *	gsm_response	-	send a control response
878  *	@gsm: our GSM mux
879  *	@addr: address for control frame
880  *	@control:  control byte including PF bit
881  *
882  *	Format up and transmit a link level response frame.
883  */
884 
gsm_response(struct gsm_mux * gsm,int addr,int control)885 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
886 {
887 	gsm_send(gsm, addr, 0, control);
888 }
889 
890 /**
891  *	gsm_command	-	send a control command
892  *	@gsm: our GSM mux
893  *	@addr: address for control frame
894  *	@control:  control byte including PF bit
895  *
896  *	Format up and transmit a link level command frame.
897  */
898 
gsm_command(struct gsm_mux * gsm,int addr,int control)899 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
900 {
901 	gsm_send(gsm, addr, 1, control);
902 }
903 
904 /* Data transmission */
905 
906 #define HDR_LEN		6	/* ADDR CTRL [LEN.2] DATA FCS */
907 
908 /**
909  *	gsm_data_alloc		-	allocate data frame
910  *	@gsm: GSM mux
911  *	@addr: DLCI address
912  *	@len: length excluding header and FCS
913  *	@ctrl: control byte
914  *
915  *	Allocate a new data buffer for sending frames with data. Space is left
916  *	at the front for header bytes but that is treated as an implementation
917  *	detail and not for the high level code to use
918  */
919 
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)920 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
921 								u8 ctrl)
922 {
923 	struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
924 								GFP_ATOMIC);
925 	if (m == NULL)
926 		return NULL;
927 	m->data = m->buffer + HDR_LEN - 1;	/* Allow for FCS */
928 	m->len = len;
929 	m->addr = addr;
930 	m->ctrl = ctrl;
931 	INIT_LIST_HEAD(&m->list);
932 	return m;
933 }
934 
935 /**
936  *	gsm_send_packet	-	sends a single packet
937  *	@gsm: GSM Mux
938  *	@msg: packet to send
939  *
940  *	The given packet is encoded and sent out. No memory is freed.
941  *	The caller must hold the gsm tx lock.
942  */
gsm_send_packet(struct gsm_mux * gsm,struct gsm_msg * msg)943 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
944 {
945 	int len, ret;
946 
947 
948 	if (gsm->encoding == GSM_BASIC_OPT) {
949 		gsm->txframe[0] = GSM0_SOF;
950 		memcpy(gsm->txframe + 1, msg->data, msg->len);
951 		gsm->txframe[msg->len + 1] = GSM0_SOF;
952 		len = msg->len + 2;
953 	} else {
954 		gsm->txframe[0] = GSM1_SOF;
955 		len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
956 		gsm->txframe[len + 1] = GSM1_SOF;
957 		len += 2;
958 	}
959 
960 	if (debug & DBG_DATA)
961 		gsm_hex_dump_bytes(__func__, gsm->txframe, len);
962 	gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
963 			 msg->len);
964 
965 	ret = gsmld_output(gsm, gsm->txframe, len);
966 	if (ret <= 0)
967 		return ret;
968 	/* FIXME: Can eliminate one SOF in many more cases */
969 	gsm->tx_bytes -= msg->len;
970 
971 	return 0;
972 }
973 
974 /**
975  *	gsm_is_flow_ctrl_msg	-	checks if flow control message
976  *	@msg: message to check
977  *
978  *	Returns true if the given message is a flow control command of the
979  *	control channel. False is returned in any other case.
980  */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)981 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
982 {
983 	unsigned int cmd;
984 
985 	if (msg->addr > 0)
986 		return false;
987 
988 	switch (msg->ctrl & ~PF) {
989 	case UI:
990 	case UIH:
991 		cmd = 0;
992 		if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
993 			break;
994 		switch (cmd & ~PF) {
995 		case CMD_FCOFF:
996 		case CMD_FCON:
997 			return true;
998 		}
999 		break;
1000 	}
1001 
1002 	return false;
1003 }
1004 
1005 /**
1006  *	gsm_data_kick	-	poke the queue
1007  *	@gsm: GSM Mux
1008  *
1009  *	The tty device has called us to indicate that room has appeared in
1010  *	the transmit queue. Ram more data into the pipe if we have any.
1011  *	If we have been flow-stopped by a CMD_FCOFF, then we can only
1012  *	send messages on DLCI0 until CMD_FCON. The caller must hold
1013  *	the gsm tx lock.
1014  */
gsm_data_kick(struct gsm_mux * gsm)1015 static int gsm_data_kick(struct gsm_mux *gsm)
1016 {
1017 	struct gsm_msg *msg, *nmsg;
1018 	struct gsm_dlci *dlci;
1019 	int ret;
1020 
1021 	clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
1022 
1023 	/* Serialize control messages and control channel messages first */
1024 	list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
1025 		if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
1026 			continue;
1027 		ret = gsm_send_packet(gsm, msg);
1028 		switch (ret) {
1029 		case -ENOSPC:
1030 			return -ENOSPC;
1031 		case -ENODEV:
1032 			/* ldisc not open */
1033 			gsm->tx_bytes -= msg->len;
1034 			list_del(&msg->list);
1035 			kfree(msg);
1036 			continue;
1037 		default:
1038 			if (ret >= 0) {
1039 				list_del(&msg->list);
1040 				kfree(msg);
1041 			}
1042 			break;
1043 		}
1044 	}
1045 
1046 	if (gsm->constipated)
1047 		return -EAGAIN;
1048 
1049 	/* Serialize other channels */
1050 	if (list_empty(&gsm->tx_data_list))
1051 		return 0;
1052 	list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
1053 		dlci = gsm->dlci[msg->addr];
1054 		/* Send only messages for DLCIs with valid state */
1055 		if (dlci->state != DLCI_OPEN) {
1056 			gsm->tx_bytes -= msg->len;
1057 			list_del(&msg->list);
1058 			kfree(msg);
1059 			continue;
1060 		}
1061 		ret = gsm_send_packet(gsm, msg);
1062 		switch (ret) {
1063 		case -ENOSPC:
1064 			return -ENOSPC;
1065 		case -ENODEV:
1066 			/* ldisc not open */
1067 			gsm->tx_bytes -= msg->len;
1068 			list_del(&msg->list);
1069 			kfree(msg);
1070 			continue;
1071 		default:
1072 			if (ret >= 0) {
1073 				list_del(&msg->list);
1074 				kfree(msg);
1075 			}
1076 			break;
1077 		}
1078 	}
1079 
1080 	return 1;
1081 }
1082 
1083 /**
1084  *	__gsm_data_queue		-	queue a UI or UIH frame
1085  *	@dlci: DLCI sending the data
1086  *	@msg: message queued
1087  *
1088  *	Add data to the transmit queue and try and get stuff moving
1089  *	out of the mux tty if not already doing so. The Caller must hold
1090  *	the gsm tx lock.
1091  */
1092 
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1093 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1094 {
1095 	struct gsm_mux *gsm = dlci->gsm;
1096 	u8 *dp = msg->data;
1097 	u8 *fcs = dp + msg->len;
1098 
1099 	/* Fill in the header */
1100 	if (gsm->encoding == GSM_BASIC_OPT) {
1101 		if (msg->len < 128)
1102 			*--dp = (msg->len << 1) | EA;
1103 		else {
1104 			*--dp = (msg->len >> 7);	/* bits 7 - 15 */
1105 			*--dp = (msg->len & 127) << 1;	/* bits 0 - 6 */
1106 		}
1107 	}
1108 
1109 	*--dp = msg->ctrl;
1110 	if (gsm->initiator)
1111 		*--dp = (msg->addr << 2) | CR | EA;
1112 	else
1113 		*--dp = (msg->addr << 2) | EA;
1114 	*fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
1115 	/* Ugly protocol layering violation */
1116 	if (msg->ctrl == UI || msg->ctrl == (UI|PF))
1117 		*fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
1118 	*fcs = 0xFF - *fcs;
1119 
1120 	gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
1121 							msg->data, msg->len);
1122 
1123 	/* Move the header back and adjust the length, also allow for the FCS
1124 	   now tacked on the end */
1125 	msg->len += (msg->data - dp) + 1;
1126 	msg->data = dp;
1127 
1128 	/* Add to the actual output queue */
1129 	switch (msg->ctrl & ~PF) {
1130 	case UI:
1131 	case UIH:
1132 		if (msg->addr > 0) {
1133 			list_add_tail(&msg->list, &gsm->tx_data_list);
1134 			break;
1135 		}
1136 		fallthrough;
1137 	default:
1138 		list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1139 		break;
1140 	}
1141 	gsm->tx_bytes += msg->len;
1142 
1143 	gsmld_write_trigger(gsm);
1144 	mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
1145 }
1146 
1147 /**
1148  *	gsm_data_queue		-	queue a UI or UIH frame
1149  *	@dlci: DLCI sending the data
1150  *	@msg: message queued
1151  *
1152  *	Add data to the transmit queue and try and get stuff moving
1153  *	out of the mux tty if not already doing so. Take the
1154  *	the gsm tx lock and dlci lock.
1155  */
1156 
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1157 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1158 {
1159 	unsigned long flags;
1160 	spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1161 	__gsm_data_queue(dlci, msg);
1162 	spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1163 }
1164 
1165 /**
1166  *	gsm_dlci_data_output	-	try and push data out of a DLCI
1167  *	@gsm: mux
1168  *	@dlci: the DLCI to pull data from
1169  *
1170  *	Pull data from a DLCI and send it into the transmit queue if there
1171  *	is data. Keep to the MRU of the mux. This path handles the usual tty
1172  *	interface which is a byte stream with optional modem data.
1173  *
1174  *	Caller must hold the tx_lock of the mux.
1175  */
1176 
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)1177 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1178 {
1179 	struct gsm_msg *msg;
1180 	u8 *dp;
1181 	int h, len, size;
1182 
1183 	/* for modem bits without break data */
1184 	h = ((dlci->adaption == 1) ? 0 : 1);
1185 
1186 	len = kfifo_len(&dlci->fifo);
1187 	if (len == 0)
1188 		return 0;
1189 
1190 	/* MTU/MRU count only the data bits but watch adaption mode */
1191 	if ((len + h) > dlci->mtu)
1192 		len = dlci->mtu - h;
1193 
1194 	size = len + h;
1195 
1196 	msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1197 	if (!msg)
1198 		return -ENOMEM;
1199 	dp = msg->data;
1200 	switch (dlci->adaption) {
1201 	case 1: /* Unstructured */
1202 		break;
1203 	case 2: /* Unstructured with modem bits.
1204 		 * Always one byte as we never send inline break data
1205 		 */
1206 		*dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1207 		break;
1208 	default:
1209 		pr_err("%s: unsupported adaption %d\n", __func__,
1210 		       dlci->adaption);
1211 		break;
1212 	}
1213 
1214 	WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1215 		&dlci->lock));
1216 
1217 	/* Notify upper layer about available send space. */
1218 	tty_port_tty_wakeup(&dlci->port);
1219 
1220 	__gsm_data_queue(dlci, msg);
1221 	/* Bytes of data we used up */
1222 	return size;
1223 }
1224 
1225 /**
1226  *	gsm_dlci_data_output_framed  -	try and push data out of a DLCI
1227  *	@gsm: mux
1228  *	@dlci: the DLCI to pull data from
1229  *
1230  *	Pull data from a DLCI and send it into the transmit queue if there
1231  *	is data. Keep to the MRU of the mux. This path handles framed data
1232  *	queued as skbuffs to the DLCI.
1233  *
1234  *	Caller must hold the tx_lock of the mux.
1235  */
1236 
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)1237 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1238 						struct gsm_dlci *dlci)
1239 {
1240 	struct gsm_msg *msg;
1241 	u8 *dp;
1242 	int len, size;
1243 	int last = 0, first = 0;
1244 	int overhead = 0;
1245 
1246 	/* One byte per frame is used for B/F flags */
1247 	if (dlci->adaption == 4)
1248 		overhead = 1;
1249 
1250 	/* dlci->skb is locked by tx_lock */
1251 	if (dlci->skb == NULL) {
1252 		dlci->skb = skb_dequeue_tail(&dlci->skb_list);
1253 		if (dlci->skb == NULL)
1254 			return 0;
1255 		first = 1;
1256 	}
1257 	len = dlci->skb->len + overhead;
1258 
1259 	/* MTU/MRU count only the data bits */
1260 	if (len > dlci->mtu) {
1261 		if (dlci->adaption == 3) {
1262 			/* Over long frame, bin it */
1263 			dev_kfree_skb_any(dlci->skb);
1264 			dlci->skb = NULL;
1265 			return 0;
1266 		}
1267 		len = dlci->mtu;
1268 	} else
1269 		last = 1;
1270 
1271 	size = len + overhead;
1272 	msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1273 	if (msg == NULL) {
1274 		skb_queue_tail(&dlci->skb_list, dlci->skb);
1275 		dlci->skb = NULL;
1276 		return -ENOMEM;
1277 	}
1278 	dp = msg->data;
1279 
1280 	if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1281 		/* Flag byte to carry the start/end info */
1282 		*dp++ = last << 7 | first << 6 | 1;	/* EA */
1283 		len--;
1284 	}
1285 	memcpy(dp, dlci->skb->data, len);
1286 	skb_pull(dlci->skb, len);
1287 	__gsm_data_queue(dlci, msg);
1288 	if (last) {
1289 		dev_kfree_skb_any(dlci->skb);
1290 		dlci->skb = NULL;
1291 	}
1292 	return size;
1293 }
1294 
1295 /**
1296  *	gsm_dlci_modem_output	-	try and push modem status out of a DLCI
1297  *	@gsm: mux
1298  *	@dlci: the DLCI to pull modem status from
1299  *	@brk: break signal
1300  *
1301  *	Push an empty frame in to the transmit queue to update the modem status
1302  *	bits and to transmit an optional break.
1303  *
1304  *	Caller must hold the tx_lock of the mux.
1305  */
1306 
gsm_dlci_modem_output(struct gsm_mux * gsm,struct gsm_dlci * dlci,u8 brk)1307 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1308 				 u8 brk)
1309 {
1310 	u8 *dp = NULL;
1311 	struct gsm_msg *msg;
1312 	int size = 0;
1313 
1314 	/* for modem bits without break data */
1315 	switch (dlci->adaption) {
1316 	case 1: /* Unstructured */
1317 		break;
1318 	case 2: /* Unstructured with modem bits. */
1319 		size++;
1320 		if (brk > 0)
1321 			size++;
1322 		break;
1323 	default:
1324 		pr_err("%s: unsupported adaption %d\n", __func__,
1325 		       dlci->adaption);
1326 		return -EINVAL;
1327 	}
1328 
1329 	msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1330 	if (!msg) {
1331 		pr_err("%s: gsm_data_alloc error", __func__);
1332 		return -ENOMEM;
1333 	}
1334 	dp = msg->data;
1335 	switch (dlci->adaption) {
1336 	case 1: /* Unstructured */
1337 		break;
1338 	case 2: /* Unstructured with modem bits. */
1339 		if (brk == 0) {
1340 			*dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1341 		} else {
1342 			*dp++ = gsm_encode_modem(dlci) << 1;
1343 			*dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1344 		}
1345 		break;
1346 	default:
1347 		/* Handled above */
1348 		break;
1349 	}
1350 
1351 	__gsm_data_queue(dlci, msg);
1352 	return size;
1353 }
1354 
1355 /**
1356  *	gsm_dlci_data_sweep		-	look for data to send
1357  *	@gsm: the GSM mux
1358  *
1359  *	Sweep the GSM mux channels in priority order looking for ones with
1360  *	data to send. We could do with optimising this scan a bit. We aim
1361  *	to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1362  *	TX_THRESH_LO we get called again
1363  *
1364  *	FIXME: We should round robin between groups and in theory you can
1365  *	renegotiate DLCI priorities with optional stuff. Needs optimising.
1366  */
1367 
gsm_dlci_data_sweep(struct gsm_mux * gsm)1368 static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
1369 {
1370 	/* Priority ordering: We should do priority with RR of the groups */
1371 	int i, len, ret = 0;
1372 	bool sent;
1373 	struct gsm_dlci *dlci;
1374 
1375 	while (gsm->tx_bytes < TX_THRESH_HI) {
1376 		for (sent = false, i = 1; i < NUM_DLCI; i++) {
1377 			dlci = gsm->dlci[i];
1378 			/* skip unused or blocked channel */
1379 			if (!dlci || dlci->constipated)
1380 				continue;
1381 			/* skip channels with invalid state */
1382 			if (dlci->state != DLCI_OPEN)
1383 				continue;
1384 			/* count the sent data per adaption */
1385 			if (dlci->adaption < 3 && !dlci->net)
1386 				len = gsm_dlci_data_output(gsm, dlci);
1387 			else
1388 				len = gsm_dlci_data_output_framed(gsm, dlci);
1389 			/* on error exit */
1390 			if (len < 0)
1391 				return ret;
1392 			if (len > 0) {
1393 				ret++;
1394 				sent = true;
1395 				/* The lower DLCs can starve the higher DLCs! */
1396 				break;
1397 			}
1398 			/* try next */
1399 		}
1400 		if (!sent)
1401 			break;
1402 	}
1403 
1404 	return ret;
1405 }
1406 
1407 /**
1408  *	gsm_dlci_data_kick	-	transmit if possible
1409  *	@dlci: DLCI to kick
1410  *
1411  *	Transmit data from this DLCI if the queue is empty. We can't rely on
1412  *	a tty wakeup except when we filled the pipe so we need to fire off
1413  *	new data ourselves in other cases.
1414  */
1415 
gsm_dlci_data_kick(struct gsm_dlci * dlci)1416 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1417 {
1418 	unsigned long flags;
1419 	int sweep;
1420 
1421 	if (dlci->constipated)
1422 		return;
1423 
1424 	spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1425 	/* If we have nothing running then we need to fire up */
1426 	sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1427 	if (dlci->gsm->tx_bytes == 0) {
1428 		if (dlci->net)
1429 			gsm_dlci_data_output_framed(dlci->gsm, dlci);
1430 		else
1431 			gsm_dlci_data_output(dlci->gsm, dlci);
1432 	}
1433 	if (sweep)
1434 		gsm_dlci_data_sweep(dlci->gsm);
1435 	spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1436 }
1437 
1438 /*
1439  *	Control message processing
1440  */
1441 
1442 
1443 /**
1444  * gsm_control_command	-	send a command frame to a control
1445  * @gsm: gsm channel
1446  * @cmd: the command to use
1447  * @data: data to follow encoded info
1448  * @dlen: length of data
1449  *
1450  * Encode up and queue a UI/UIH frame containing our command.
1451  */
gsm_control_command(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1452 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data,
1453 			       int dlen)
1454 {
1455 	struct gsm_msg *msg;
1456 	struct gsm_dlci *dlci = gsm->dlci[0];
1457 
1458 	msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1459 	if (msg == NULL)
1460 		return -ENOMEM;
1461 
1462 	msg->data[0] = (cmd << 1) | CR | EA;	/* Set C/R */
1463 	msg->data[1] = (dlen << 1) | EA;
1464 	memcpy(msg->data + 2, data, dlen);
1465 	gsm_data_queue(dlci, msg);
1466 
1467 	return 0;
1468 }
1469 
1470 /**
1471  *	gsm_control_reply	-	send a response frame to a control
1472  *	@gsm: gsm channel
1473  *	@cmd: the command to use
1474  *	@data: data to follow encoded info
1475  *	@dlen: length of data
1476  *
1477  *	Encode up and queue a UI/UIH frame containing our response.
1478  */
1479 
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1480 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1481 					int dlen)
1482 {
1483 	struct gsm_msg *msg;
1484 	struct gsm_dlci *dlci = gsm->dlci[0];
1485 
1486 	msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1487 	if (msg == NULL)
1488 		return;
1489 	msg->data[0] = (cmd & 0xFE) << 1 | EA;	/* Clear C/R */
1490 	msg->data[1] = (dlen << 1) | EA;
1491 	memcpy(msg->data + 2, data, dlen);
1492 	gsm_data_queue(dlci, msg);
1493 }
1494 
1495 /**
1496  *	gsm_process_modem	-	process received modem status
1497  *	@tty: virtual tty bound to the DLCI
1498  *	@dlci: DLCI to affect
1499  *	@modem: modem bits (full EA)
1500  *	@slen: number of signal octets
1501  *
1502  *	Used when a modem control message or line state inline in adaption
1503  *	layer 2 is processed. Sort out the local modem state and throttles
1504  */
1505 
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int slen)1506 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1507 							u32 modem, int slen)
1508 {
1509 	int  mlines = 0;
1510 	u8 brk = 0;
1511 	int fc;
1512 
1513 	/* The modem status command can either contain one octet (V.24 signals)
1514 	 * or two octets (V.24 signals + break signals). This is specified in
1515 	 * section 5.4.6.3.7 of the 07.10 mux spec.
1516 	 */
1517 
1518 	if (slen == 1)
1519 		modem = modem & 0x7f;
1520 	else {
1521 		brk = modem & 0x7f;
1522 		modem = (modem >> 7) & 0x7f;
1523 	}
1524 
1525 	/* Flow control/ready to communicate */
1526 	fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1527 	if (fc && !dlci->constipated) {
1528 		/* Need to throttle our output on this device */
1529 		dlci->constipated = true;
1530 	} else if (!fc && dlci->constipated) {
1531 		dlci->constipated = false;
1532 		gsm_dlci_data_kick(dlci);
1533 	}
1534 
1535 	/* Map modem bits */
1536 	if (modem & MDM_RTC)
1537 		mlines |= TIOCM_DSR | TIOCM_DTR;
1538 	if (modem & MDM_RTR)
1539 		mlines |= TIOCM_RTS | TIOCM_CTS;
1540 	if (modem & MDM_IC)
1541 		mlines |= TIOCM_RI;
1542 	if (modem & MDM_DV)
1543 		mlines |= TIOCM_CD;
1544 
1545 	/* Carrier drop -> hangup */
1546 	if (tty) {
1547 		if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1548 			if (!C_CLOCAL(tty))
1549 				tty_hangup(tty);
1550 	}
1551 	if (brk & 0x01)
1552 		tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1553 	dlci->modem_rx = mlines;
1554 	wake_up_interruptible(&dlci->gsm->event);
1555 }
1556 
1557 /**
1558  * gsm_process_negotiation	-	process received parameters
1559  * @gsm: GSM channel
1560  * @addr: DLCI address
1561  * @cr: command/response
1562  * @params: encoded parameters from the parameter negotiation message
1563  *
1564  * Used when the response for our parameter negotiation command was
1565  * received.
1566  */
gsm_process_negotiation(struct gsm_mux * gsm,unsigned int addr,unsigned int cr,const struct gsm_dlci_param_bits * params)1567 static int gsm_process_negotiation(struct gsm_mux *gsm, unsigned int addr,
1568 				   unsigned int cr,
1569 				   const struct gsm_dlci_param_bits *params)
1570 {
1571 	struct gsm_dlci *dlci = gsm->dlci[addr];
1572 	unsigned int ftype, i, adaption, prio, n1, k;
1573 
1574 	i = FIELD_GET(PN_I_CL_FIELD_FTYPE, params->i_cl_bits);
1575 	adaption = FIELD_GET(PN_I_CL_FIELD_ADAPTION, params->i_cl_bits) + 1;
1576 	prio = FIELD_GET(PN_P_FIELD_PRIO, params->p_bits);
1577 	n1 = FIELD_GET(PN_N_FIELD_N1, get_unaligned_le16(&params->n_bits));
1578 	k = FIELD_GET(PN_K_FIELD_K, params->k_bits);
1579 
1580 	if (n1 < MIN_MTU) {
1581 		if (debug & DBG_ERRORS)
1582 			pr_info("%s N1 out of range in PN\n", __func__);
1583 		return -EINVAL;
1584 	}
1585 
1586 	switch (i) {
1587 	case 0x00:
1588 		ftype = UIH;
1589 		break;
1590 	case 0x01:
1591 		ftype = UI;
1592 		break;
1593 	case 0x02: /* I frames are not supported */
1594 		if (debug & DBG_ERRORS)
1595 			pr_info("%s unsupported I frame request in PN\n",
1596 				__func__);
1597 		gsm->unsupported++;
1598 		return -EINVAL;
1599 	default:
1600 		if (debug & DBG_ERRORS)
1601 			pr_info("%s i out of range in PN\n", __func__);
1602 		return -EINVAL;
1603 	}
1604 
1605 	if (!cr && gsm->initiator) {
1606 		if (adaption != dlci->adaption) {
1607 			if (debug & DBG_ERRORS)
1608 				pr_info("%s invalid adaption %d in PN\n",
1609 					__func__, adaption);
1610 			return -EINVAL;
1611 		}
1612 		if (prio != dlci->prio) {
1613 			if (debug & DBG_ERRORS)
1614 				pr_info("%s invalid priority %d in PN",
1615 					__func__, prio);
1616 			return -EINVAL;
1617 		}
1618 		if (n1 > gsm->mru || n1 > dlci->mtu) {
1619 			/* We requested a frame size but the other party wants
1620 			 * to send larger frames. The standard allows only a
1621 			 * smaller response value than requested (5.4.6.3.1).
1622 			 */
1623 			if (debug & DBG_ERRORS)
1624 				pr_info("%s invalid N1 %d in PN\n", __func__,
1625 					n1);
1626 			return -EINVAL;
1627 		}
1628 		dlci->mtu = n1;
1629 		if (ftype != dlci->ftype) {
1630 			if (debug & DBG_ERRORS)
1631 				pr_info("%s invalid i %d in PN\n", __func__, i);
1632 			return -EINVAL;
1633 		}
1634 		if (ftype != UI && ftype != UIH && k > dlci->k) {
1635 			if (debug & DBG_ERRORS)
1636 				pr_info("%s invalid k %d in PN\n", __func__, k);
1637 			return -EINVAL;
1638 		}
1639 		dlci->k = k;
1640 	} else if (cr && !gsm->initiator) {
1641 		/* Only convergence layer type 1 and 2 are supported. */
1642 		if (adaption != 1 && adaption != 2) {
1643 			if (debug & DBG_ERRORS)
1644 				pr_info("%s invalid adaption %d in PN\n",
1645 					__func__, adaption);
1646 			return -EINVAL;
1647 		}
1648 		dlci->adaption = adaption;
1649 		if (n1 > gsm->mru) {
1650 			/* Propose a smaller value */
1651 			dlci->mtu = gsm->mru;
1652 		} else if (n1 > MAX_MTU) {
1653 			/* Propose a smaller value */
1654 			dlci->mtu = MAX_MTU;
1655 		} else {
1656 			dlci->mtu = n1;
1657 		}
1658 		dlci->prio = prio;
1659 		dlci->ftype = ftype;
1660 		dlci->k = k;
1661 	} else {
1662 		return -EINVAL;
1663 	}
1664 
1665 	return 0;
1666 }
1667 
1668 /**
1669  *	gsm_control_modem	-	modem status received
1670  *	@gsm: GSM channel
1671  *	@data: data following command
1672  *	@clen: command length
1673  *
1674  *	We have received a modem status control message. This is used by
1675  *	the GSM mux protocol to pass virtual modem line status and optionally
1676  *	to indicate break signals. Unpack it, convert to Linux representation
1677  *	and if need be stuff a break message down the tty.
1678  */
1679 
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1680 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1681 {
1682 	unsigned int addr = 0;
1683 	unsigned int modem = 0;
1684 	struct gsm_dlci *dlci;
1685 	int len = clen;
1686 	int cl = clen;
1687 	const u8 *dp = data;
1688 	struct tty_struct *tty;
1689 
1690 	len = gsm_read_ea_val(&addr, data, cl);
1691 	if (len < 1)
1692 		return;
1693 
1694 	addr >>= 1;
1695 	/* Closed port, or invalid ? */
1696 	if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1697 		return;
1698 	dlci = gsm->dlci[addr];
1699 
1700 	/* Must be at least one byte following the EA */
1701 	if ((cl - len) < 1)
1702 		return;
1703 
1704 	dp += len;
1705 	cl -= len;
1706 
1707 	/* get the modem status */
1708 	len = gsm_read_ea_val(&modem, dp, cl);
1709 	if (len < 1)
1710 		return;
1711 
1712 	tty = tty_port_tty_get(&dlci->port);
1713 	gsm_process_modem(tty, dlci, modem, cl);
1714 	if (tty) {
1715 		tty_wakeup(tty);
1716 		tty_kref_put(tty);
1717 	}
1718 	gsm_control_reply(gsm, CMD_MSC, data, clen);
1719 }
1720 
1721 /**
1722  * gsm_control_negotiation	-	parameter negotiation received
1723  * @gsm: GSM channel
1724  * @cr: command/response flag
1725  * @data: data following command
1726  * @dlen: data length
1727  *
1728  * We have received a parameter negotiation message. This is used by
1729  * the GSM mux protocol to configure protocol parameters for a new DLCI.
1730  */
gsm_control_negotiation(struct gsm_mux * gsm,unsigned int cr,const u8 * data,unsigned int dlen)1731 static void gsm_control_negotiation(struct gsm_mux *gsm, unsigned int cr,
1732 				    const u8 *data, unsigned int dlen)
1733 {
1734 	unsigned int addr;
1735 	struct gsm_dlci_param_bits pn_reply;
1736 	struct gsm_dlci *dlci;
1737 	struct gsm_dlci_param_bits *params;
1738 
1739 	if (dlen < sizeof(struct gsm_dlci_param_bits)) {
1740 		gsm->open_error++;
1741 		return;
1742 	}
1743 
1744 	/* Invalid DLCI? */
1745 	params = (struct gsm_dlci_param_bits *)data;
1746 	addr = FIELD_GET(PN_D_FIELD_DLCI, params->d_bits);
1747 	if (addr == 0 || addr >= NUM_DLCI || !gsm->dlci[addr]) {
1748 		gsm->open_error++;
1749 		return;
1750 	}
1751 	dlci = gsm->dlci[addr];
1752 
1753 	/* Too late for parameter negotiation? */
1754 	if ((!cr && dlci->state == DLCI_OPENING) || dlci->state == DLCI_OPEN) {
1755 		gsm->open_error++;
1756 		return;
1757 	}
1758 
1759 	/* Process the received parameters */
1760 	if (gsm_process_negotiation(gsm, addr, cr, params) != 0) {
1761 		/* Negotiation failed. Close the link. */
1762 		if (debug & DBG_ERRORS)
1763 			pr_info("%s PN failed\n", __func__);
1764 		gsm->open_error++;
1765 		gsm_dlci_close(dlci);
1766 		return;
1767 	}
1768 
1769 	if (cr) {
1770 		/* Reply command with accepted parameters. */
1771 		if (gsm_encode_params(dlci, &pn_reply) == 0)
1772 			gsm_control_reply(gsm, CMD_PN, (const u8 *)&pn_reply,
1773 					  sizeof(pn_reply));
1774 		else if (debug & DBG_ERRORS)
1775 			pr_info("%s PN invalid\n", __func__);
1776 	} else if (dlci->state == DLCI_CONFIGURE) {
1777 		/* Proceed with link setup by sending SABM before UA */
1778 		dlci->state = DLCI_OPENING;
1779 		gsm_command(gsm, dlci->addr, SABM|PF);
1780 		mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1781 	} else {
1782 		if (debug & DBG_ERRORS)
1783 			pr_info("%s PN in invalid state\n", __func__);
1784 		gsm->open_error++;
1785 	}
1786 }
1787 
1788 /**
1789  *	gsm_control_rls		-	remote line status
1790  *	@gsm: GSM channel
1791  *	@data: data bytes
1792  *	@clen: data length
1793  *
1794  *	The modem sends us a two byte message on the control channel whenever
1795  *	it wishes to send us an error state from the virtual link. Stuff
1796  *	this into the uplink tty if present
1797  */
1798 
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1799 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1800 {
1801 	struct tty_port *port;
1802 	unsigned int addr = 0;
1803 	u8 bits;
1804 	int len = clen;
1805 	const u8 *dp = data;
1806 
1807 	while (gsm_read_ea(&addr, *dp++) == 0) {
1808 		len--;
1809 		if (len == 0)
1810 			return;
1811 	}
1812 	/* Must be at least one byte following ea */
1813 	len--;
1814 	if (len <= 0)
1815 		return;
1816 	addr >>= 1;
1817 	/* Closed port, or invalid ? */
1818 	if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1819 		return;
1820 	/* No error ? */
1821 	bits = *dp;
1822 	if ((bits & 1) == 0)
1823 		return;
1824 
1825 	port = &gsm->dlci[addr]->port;
1826 
1827 	if (bits & 2)
1828 		tty_insert_flip_char(port, 0, TTY_OVERRUN);
1829 	if (bits & 4)
1830 		tty_insert_flip_char(port, 0, TTY_PARITY);
1831 	if (bits & 8)
1832 		tty_insert_flip_char(port, 0, TTY_FRAME);
1833 
1834 	tty_flip_buffer_push(port);
1835 
1836 	gsm_control_reply(gsm, CMD_RLS, data, clen);
1837 }
1838 
1839 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1840 
1841 /**
1842  *	gsm_control_message	-	DLCI 0 control processing
1843  *	@gsm: our GSM mux
1844  *	@command:  the command EA
1845  *	@data: data beyond the command/length EAs
1846  *	@clen: length
1847  *
1848  *	Input processor for control messages from the other end of the link.
1849  *	Processes the incoming request and queues a response frame or an
1850  *	NSC response if not supported
1851  */
1852 
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1853 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1854 						const u8 *data, int clen)
1855 {
1856 	u8 buf[1];
1857 
1858 	switch (command) {
1859 	case CMD_CLD: {
1860 		struct gsm_dlci *dlci = gsm->dlci[0];
1861 		/* Modem wishes to close down */
1862 		if (dlci) {
1863 			dlci->dead = true;
1864 			gsm->dead = true;
1865 			gsm_dlci_begin_close(dlci);
1866 		}
1867 		}
1868 		break;
1869 	case CMD_TEST:
1870 		/* Modem wishes to test, reply with the data */
1871 		gsm_control_reply(gsm, CMD_TEST, data, clen);
1872 		break;
1873 	case CMD_FCON:
1874 		/* Modem can accept data again */
1875 		gsm->constipated = false;
1876 		gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1877 		/* Kick the link in case it is idling */
1878 		gsmld_write_trigger(gsm);
1879 		break;
1880 	case CMD_FCOFF:
1881 		/* Modem wants us to STFU */
1882 		gsm->constipated = true;
1883 		gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1884 		break;
1885 	case CMD_MSC:
1886 		/* Out of band modem line change indicator for a DLCI */
1887 		gsm_control_modem(gsm, data, clen);
1888 		break;
1889 	case CMD_RLS:
1890 		/* Out of band error reception for a DLCI */
1891 		gsm_control_rls(gsm, data, clen);
1892 		break;
1893 	case CMD_PSC:
1894 		/* Modem wishes to enter power saving state */
1895 		gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1896 		break;
1897 		/* Optional commands */
1898 	case CMD_PN:
1899 		/* Modem sends a parameter negotiation command */
1900 		gsm_control_negotiation(gsm, 1, data, clen);
1901 		break;
1902 		/* Optional unsupported commands */
1903 	case CMD_RPN:	/* Remote port negotiation */
1904 	case CMD_SNC:	/* Service negotiation command */
1905 		gsm->unsupported++;
1906 		fallthrough;
1907 	default:
1908 		/* Reply to bad commands with an NSC */
1909 		buf[0] = command;
1910 		gsm_control_reply(gsm, CMD_NSC, buf, 1);
1911 		break;
1912 	}
1913 }
1914 
1915 /**
1916  *	gsm_control_response	-	process a response to our control
1917  *	@gsm: our GSM mux
1918  *	@command: the command (response) EA
1919  *	@data: data beyond the command/length EA
1920  *	@clen: length
1921  *
1922  *	Process a response to an outstanding command. We only allow a single
1923  *	control message in flight so this is fairly easy. All the clean up
1924  *	is done by the caller, we just update the fields, flag it as done
1925  *	and return
1926  */
1927 
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1928 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1929 						const u8 *data, int clen)
1930 {
1931 	struct gsm_control *ctrl;
1932 	struct gsm_dlci *dlci;
1933 	unsigned long flags;
1934 
1935 	spin_lock_irqsave(&gsm->control_lock, flags);
1936 
1937 	ctrl = gsm->pending_cmd;
1938 	dlci = gsm->dlci[0];
1939 	command |= 1;
1940 	/* Does the reply match our command */
1941 	if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1942 		/* Our command was replied to, kill the retry timer */
1943 		del_timer(&gsm->t2_timer);
1944 		gsm->pending_cmd = NULL;
1945 		/* Rejected by the other end */
1946 		if (command == CMD_NSC)
1947 			ctrl->error = -EOPNOTSUPP;
1948 		ctrl->done = 1;
1949 		wake_up(&gsm->event);
1950 	/* Or did we receive the PN response to our PN command */
1951 	} else if (command == CMD_PN) {
1952 		gsm_control_negotiation(gsm, 0, data, clen);
1953 	/* Or did we receive the TEST response to our TEST command */
1954 	} else if (command == CMD_TEST && clen == 1 && *data == gsm->ka_num) {
1955 		gsm->ka_retries = -1; /* trigger new keep-alive message */
1956 		if (dlci && !dlci->dead)
1957 			mod_timer(&gsm->ka_timer, jiffies + gsm->keep_alive * HZ / 100);
1958 	}
1959 	spin_unlock_irqrestore(&gsm->control_lock, flags);
1960 }
1961 
1962 /**
1963  * gsm_control_keep_alive	-	check timeout or start keep-alive
1964  * @t: timer contained in our gsm object
1965  *
1966  * Called off the keep-alive timer expiry signaling that our link
1967  * partner is not responding anymore. Link will be closed.
1968  * This is also called to startup our timer.
1969  */
1970 
gsm_control_keep_alive(struct timer_list * t)1971 static void gsm_control_keep_alive(struct timer_list *t)
1972 {
1973 	struct gsm_mux *gsm = from_timer(gsm, t, ka_timer);
1974 	unsigned long flags;
1975 
1976 	spin_lock_irqsave(&gsm->control_lock, flags);
1977 	if (gsm->ka_num && gsm->ka_retries == 0) {
1978 		/* Keep-alive expired -> close the link */
1979 		if (debug & DBG_ERRORS)
1980 			pr_debug("%s keep-alive timed out\n", __func__);
1981 		spin_unlock_irqrestore(&gsm->control_lock, flags);
1982 		if (gsm->dlci[0])
1983 			gsm_dlci_begin_close(gsm->dlci[0]);
1984 		return;
1985 	} else if (gsm->keep_alive && gsm->dlci[0] && !gsm->dlci[0]->dead) {
1986 		if (gsm->ka_retries > 0) {
1987 			/* T2 expired for keep-alive -> resend */
1988 			gsm->ka_retries--;
1989 		} else {
1990 			/* Start keep-alive timer */
1991 			gsm->ka_num++;
1992 			if (!gsm->ka_num)
1993 				gsm->ka_num++;
1994 			gsm->ka_retries = (signed int)gsm->n2;
1995 		}
1996 		gsm_control_command(gsm, CMD_TEST, &gsm->ka_num,
1997 				    sizeof(gsm->ka_num));
1998 		mod_timer(&gsm->ka_timer,
1999 			  jiffies + gsm->t2 * HZ / 100);
2000 	}
2001 	spin_unlock_irqrestore(&gsm->control_lock, flags);
2002 }
2003 
2004 /**
2005  *	gsm_control_transmit	-	send control packet
2006  *	@gsm: gsm mux
2007  *	@ctrl: frame to send
2008  *
2009  *	Send out a pending control command (called under control lock)
2010  */
2011 
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)2012 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
2013 {
2014 	gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len);
2015 }
2016 
2017 /**
2018  *	gsm_control_retransmit	-	retransmit a control frame
2019  *	@t: timer contained in our gsm object
2020  *
2021  *	Called off the T2 timer expiry in order to retransmit control frames
2022  *	that have been lost in the system somewhere. The control_lock protects
2023  *	us from colliding with another sender or a receive completion event.
2024  *	In that situation the timer may still occur in a small window but
2025  *	gsm->pending_cmd will be NULL and we just let the timer expire.
2026  */
2027 
gsm_control_retransmit(struct timer_list * t)2028 static void gsm_control_retransmit(struct timer_list *t)
2029 {
2030 	struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
2031 	struct gsm_control *ctrl;
2032 	unsigned long flags;
2033 	spin_lock_irqsave(&gsm->control_lock, flags);
2034 	ctrl = gsm->pending_cmd;
2035 	if (ctrl) {
2036 		if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
2037 			gsm->pending_cmd = NULL;
2038 			ctrl->error = -ETIMEDOUT;
2039 			ctrl->done = 1;
2040 			spin_unlock_irqrestore(&gsm->control_lock, flags);
2041 			wake_up(&gsm->event);
2042 			return;
2043 		}
2044 		gsm->cretries--;
2045 		gsm_control_transmit(gsm, ctrl);
2046 		mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2047 	}
2048 	spin_unlock_irqrestore(&gsm->control_lock, flags);
2049 }
2050 
2051 /**
2052  *	gsm_control_send	-	send a control frame on DLCI 0
2053  *	@gsm: the GSM channel
2054  *	@command: command  to send including CR bit
2055  *	@data: bytes of data (must be kmalloced)
2056  *	@clen: length of the block to send
2057  *
2058  *	Queue and dispatch a control command. Only one command can be
2059  *	active at a time. In theory more can be outstanding but the matching
2060  *	gets really complicated so for now stick to one outstanding.
2061  */
2062 
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)2063 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
2064 		unsigned int command, u8 *data, int clen)
2065 {
2066 	struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
2067 						GFP_ATOMIC);
2068 	unsigned long flags;
2069 	if (ctrl == NULL)
2070 		return NULL;
2071 retry:
2072 	wait_event(gsm->event, gsm->pending_cmd == NULL);
2073 	spin_lock_irqsave(&gsm->control_lock, flags);
2074 	if (gsm->pending_cmd != NULL) {
2075 		spin_unlock_irqrestore(&gsm->control_lock, flags);
2076 		goto retry;
2077 	}
2078 	ctrl->cmd = command;
2079 	ctrl->data = data;
2080 	ctrl->len = clen;
2081 	gsm->pending_cmd = ctrl;
2082 
2083 	/* If DLCI0 is in ADM mode skip retries, it won't respond */
2084 	if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
2085 		gsm->cretries = 0;
2086 	else
2087 		gsm->cretries = gsm->n2;
2088 
2089 	mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2090 	gsm_control_transmit(gsm, ctrl);
2091 	spin_unlock_irqrestore(&gsm->control_lock, flags);
2092 	return ctrl;
2093 }
2094 
2095 /**
2096  *	gsm_control_wait	-	wait for a control to finish
2097  *	@gsm: GSM mux
2098  *	@control: control we are waiting on
2099  *
2100  *	Waits for the control to complete or time out. Frees any used
2101  *	resources and returns 0 for success, or an error if the remote
2102  *	rejected or ignored the request.
2103  */
2104 
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)2105 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
2106 {
2107 	int err;
2108 	wait_event(gsm->event, control->done == 1);
2109 	err = control->error;
2110 	kfree(control);
2111 	return err;
2112 }
2113 
2114 
2115 /*
2116  *	DLCI level handling: Needs krefs
2117  */
2118 
2119 /*
2120  *	State transitions and timers
2121  */
2122 
2123 /**
2124  *	gsm_dlci_close		-	a DLCI has closed
2125  *	@dlci: DLCI that closed
2126  *
2127  *	Perform processing when moving a DLCI into closed state. If there
2128  *	is an attached tty this is hung up
2129  */
2130 
gsm_dlci_close(struct gsm_dlci * dlci)2131 static void gsm_dlci_close(struct gsm_dlci *dlci)
2132 {
2133 	del_timer(&dlci->t1);
2134 	if (debug & DBG_ERRORS)
2135 		pr_debug("DLCI %d goes closed.\n", dlci->addr);
2136 	dlci->state = DLCI_CLOSED;
2137 	/* Prevent us from sending data before the link is up again */
2138 	dlci->constipated = true;
2139 	if (dlci->addr != 0) {
2140 		tty_port_tty_hangup(&dlci->port, false);
2141 		gsm_dlci_clear_queues(dlci->gsm, dlci);
2142 		/* Ensure that gsmtty_open() can return. */
2143 		tty_port_set_initialized(&dlci->port, false);
2144 		wake_up_interruptible(&dlci->port.open_wait);
2145 	} else {
2146 		del_timer(&dlci->gsm->ka_timer);
2147 		dlci->gsm->dead = true;
2148 	}
2149 	/* A DLCI 0 close is a MUX termination so we need to kick that
2150 	   back to userspace somehow */
2151 	gsm_dlci_data_kick(dlci);
2152 	wake_up_all(&dlci->gsm->event);
2153 }
2154 
2155 /**
2156  *	gsm_dlci_open		-	a DLCI has opened
2157  *	@dlci: DLCI that opened
2158  *
2159  *	Perform processing when moving a DLCI into open state.
2160  */
2161 
gsm_dlci_open(struct gsm_dlci * dlci)2162 static void gsm_dlci_open(struct gsm_dlci *dlci)
2163 {
2164 	struct gsm_mux *gsm = dlci->gsm;
2165 
2166 	/* Note that SABM UA .. SABM UA first UA lost can mean that we go
2167 	   open -> open */
2168 	del_timer(&dlci->t1);
2169 	/* This will let a tty open continue */
2170 	dlci->state = DLCI_OPEN;
2171 	dlci->constipated = false;
2172 	if (debug & DBG_ERRORS)
2173 		pr_debug("DLCI %d goes open.\n", dlci->addr);
2174 	/* Send current modem state */
2175 	if (dlci->addr) {
2176 		gsm_modem_update(dlci, 0);
2177 	} else {
2178 		/* Start keep-alive control */
2179 		gsm->ka_num = 0;
2180 		gsm->ka_retries = -1;
2181 		mod_timer(&gsm->ka_timer,
2182 			  jiffies + gsm->keep_alive * HZ / 100);
2183 	}
2184 	gsm_dlci_data_kick(dlci);
2185 	wake_up(&dlci->gsm->event);
2186 }
2187 
2188 /**
2189  * gsm_dlci_negotiate	-	start parameter negotiation
2190  * @dlci: DLCI to open
2191  *
2192  * Starts the parameter negotiation for the new DLCI. This needs to be done
2193  * before the DLCI initialized the channel via SABM.
2194  */
gsm_dlci_negotiate(struct gsm_dlci * dlci)2195 static int gsm_dlci_negotiate(struct gsm_dlci *dlci)
2196 {
2197 	struct gsm_mux *gsm = dlci->gsm;
2198 	struct gsm_dlci_param_bits params;
2199 	int ret;
2200 
2201 	ret = gsm_encode_params(dlci, &params);
2202 	if (ret != 0)
2203 		return ret;
2204 
2205 	/* We cannot asynchronous wait for the command response with
2206 	 * gsm_command() and gsm_control_wait() at this point.
2207 	 */
2208 	ret = gsm_control_command(gsm, CMD_PN, (const u8 *)&params,
2209 				  sizeof(params));
2210 
2211 	return ret;
2212 }
2213 
2214 /**
2215  *	gsm_dlci_t1		-	T1 timer expiry
2216  *	@t: timer contained in the DLCI that opened
2217  *
2218  *	The T1 timer handles retransmits of control frames (essentially of
2219  *	SABM and DISC). We resend the command until the retry count runs out
2220  *	in which case an opening port goes back to closed and a closing port
2221  *	is simply put into closed state (any further frames from the other
2222  *	end will get a DM response)
2223  *
2224  *	Some control dlci can stay in ADM mode with other dlci working just
2225  *	fine. In that case we can just keep the control dlci open after the
2226  *	DLCI_OPENING retries time out.
2227  */
2228 
gsm_dlci_t1(struct timer_list * t)2229 static void gsm_dlci_t1(struct timer_list *t)
2230 {
2231 	struct gsm_dlci *dlci = from_timer(dlci, t, t1);
2232 	struct gsm_mux *gsm = dlci->gsm;
2233 
2234 	switch (dlci->state) {
2235 	case DLCI_CONFIGURE:
2236 		if (dlci->retries && gsm_dlci_negotiate(dlci) == 0) {
2237 			dlci->retries--;
2238 			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2239 		} else {
2240 			gsm->open_error++;
2241 			gsm_dlci_begin_close(dlci); /* prevent half open link */
2242 		}
2243 		break;
2244 	case DLCI_OPENING:
2245 		if (dlci->retries) {
2246 			dlci->retries--;
2247 			gsm_command(dlci->gsm, dlci->addr, SABM|PF);
2248 			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2249 		} else if (!dlci->addr && gsm->control == (DM | PF)) {
2250 			if (debug & DBG_ERRORS)
2251 				pr_info("DLCI %d opening in ADM mode.\n",
2252 					dlci->addr);
2253 			dlci->mode = DLCI_MODE_ADM;
2254 			gsm_dlci_open(dlci);
2255 		} else {
2256 			gsm->open_error++;
2257 			gsm_dlci_begin_close(dlci); /* prevent half open link */
2258 		}
2259 
2260 		break;
2261 	case DLCI_CLOSING:
2262 		if (dlci->retries) {
2263 			dlci->retries--;
2264 			gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2265 			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2266 		} else
2267 			gsm_dlci_close(dlci);
2268 		break;
2269 	default:
2270 		pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
2271 		break;
2272 	}
2273 }
2274 
2275 /**
2276  *	gsm_dlci_begin_open	-	start channel open procedure
2277  *	@dlci: DLCI to open
2278  *
2279  *	Commence opening a DLCI from the Linux side. We issue SABM messages
2280  *	to the modem which should then reply with a UA or ADM, at which point
2281  *	we will move into open state. Opening is done asynchronously with retry
2282  *	running off timers and the responses.
2283  *	Parameter negotiation is performed before SABM if required.
2284  */
2285 
gsm_dlci_begin_open(struct gsm_dlci * dlci)2286 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
2287 {
2288 	struct gsm_mux *gsm = dlci ? dlci->gsm : NULL;
2289 	bool need_pn = false;
2290 
2291 	if (!gsm)
2292 		return;
2293 
2294 	if (dlci->addr != 0) {
2295 		if (gsm->adaption != 1 || gsm->adaption != dlci->adaption)
2296 			need_pn = true;
2297 		if (dlci->prio != (roundup(dlci->addr + 1, 8) - 1))
2298 			need_pn = true;
2299 		if (gsm->ftype != dlci->ftype)
2300 			need_pn = true;
2301 	}
2302 
2303 	switch (dlci->state) {
2304 	case DLCI_CLOSED:
2305 	case DLCI_WAITING_CONFIG:
2306 	case DLCI_CLOSING:
2307 		dlci->retries = gsm->n2;
2308 		if (!need_pn) {
2309 			dlci->state = DLCI_OPENING;
2310 			gsm_command(gsm, dlci->addr, SABM|PF);
2311 		} else {
2312 			/* Configure DLCI before setup */
2313 			dlci->state = DLCI_CONFIGURE;
2314 			if (gsm_dlci_negotiate(dlci) != 0) {
2315 				gsm_dlci_close(dlci);
2316 				return;
2317 			}
2318 		}
2319 		mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2320 		break;
2321 	default:
2322 		break;
2323 	}
2324 }
2325 
2326 /**
2327  *	gsm_dlci_set_opening	-	change state to opening
2328  *	@dlci: DLCI to open
2329  *
2330  *	Change internal state to wait for DLCI open from initiator side.
2331  *	We set off timers and responses upon reception of an SABM.
2332  */
gsm_dlci_set_opening(struct gsm_dlci * dlci)2333 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
2334 {
2335 	switch (dlci->state) {
2336 	case DLCI_CLOSED:
2337 	case DLCI_WAITING_CONFIG:
2338 	case DLCI_CLOSING:
2339 		dlci->state = DLCI_OPENING;
2340 		break;
2341 	default:
2342 		break;
2343 	}
2344 }
2345 
2346 /**
2347  * gsm_dlci_set_wait_config	-	wait for channel configuration
2348  * @dlci: DLCI to configure
2349  *
2350  * Wait for a DLCI configuration from the application.
2351  */
gsm_dlci_set_wait_config(struct gsm_dlci * dlci)2352 static void gsm_dlci_set_wait_config(struct gsm_dlci *dlci)
2353 {
2354 	switch (dlci->state) {
2355 	case DLCI_CLOSED:
2356 	case DLCI_CLOSING:
2357 		dlci->state = DLCI_WAITING_CONFIG;
2358 		break;
2359 	default:
2360 		break;
2361 	}
2362 }
2363 
2364 /**
2365  *	gsm_dlci_begin_close	-	start channel open procedure
2366  *	@dlci: DLCI to open
2367  *
2368  *	Commence closing a DLCI from the Linux side. We issue DISC messages
2369  *	to the modem which should then reply with a UA, at which point we
2370  *	will move into closed state. Closing is done asynchronously with retry
2371  *	off timers. We may also receive a DM reply from the other end which
2372  *	indicates the channel was already closed.
2373  */
2374 
gsm_dlci_begin_close(struct gsm_dlci * dlci)2375 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
2376 {
2377 	struct gsm_mux *gsm = dlci->gsm;
2378 	if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
2379 		return;
2380 	dlci->retries = gsm->n2;
2381 	dlci->state = DLCI_CLOSING;
2382 	gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2383 	mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2384 	wake_up_interruptible(&gsm->event);
2385 }
2386 
2387 /**
2388  *	gsm_dlci_data		-	data arrived
2389  *	@dlci: channel
2390  *	@data: block of bytes received
2391  *	@clen: length of received block
2392  *
2393  *	A UI or UIH frame has arrived which contains data for a channel
2394  *	other than the control channel. If the relevant virtual tty is
2395  *	open we shovel the bits down it, if not we drop them.
2396  */
2397 
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)2398 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
2399 {
2400 	/* krefs .. */
2401 	struct tty_port *port = &dlci->port;
2402 	struct tty_struct *tty;
2403 	unsigned int modem = 0;
2404 	int len;
2405 
2406 	if (debug & DBG_TTY)
2407 		pr_debug("%d bytes for tty\n", clen);
2408 	switch (dlci->adaption)  {
2409 	/* Unsupported types */
2410 	case 4:		/* Packetised interruptible data */
2411 		break;
2412 	case 3:		/* Packetised uininterruptible voice/data */
2413 		break;
2414 	case 2:		/* Asynchronous serial with line state in each frame */
2415 		len = gsm_read_ea_val(&modem, data, clen);
2416 		if (len < 1)
2417 			return;
2418 		tty = tty_port_tty_get(port);
2419 		if (tty) {
2420 			gsm_process_modem(tty, dlci, modem, len);
2421 			tty_wakeup(tty);
2422 			tty_kref_put(tty);
2423 		}
2424 		/* Skip processed modem data */
2425 		data += len;
2426 		clen -= len;
2427 		fallthrough;
2428 	case 1:		/* Line state will go via DLCI 0 controls only */
2429 	default:
2430 		tty_insert_flip_string(port, data, clen);
2431 		tty_flip_buffer_push(port);
2432 	}
2433 }
2434 
2435 /**
2436  *	gsm_dlci_command	-	data arrived on control channel
2437  *	@dlci: channel
2438  *	@data: block of bytes received
2439  *	@len: length of received block
2440  *
2441  *	A UI or UIH frame has arrived which contains data for DLCI 0 the
2442  *	control channel. This should contain a command EA followed by
2443  *	control data bytes. The command EA contains a command/response bit
2444  *	and we divide up the work accordingly.
2445  */
2446 
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)2447 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
2448 {
2449 	/* See what command is involved */
2450 	unsigned int command = 0;
2451 	unsigned int clen = 0;
2452 	unsigned int dlen;
2453 
2454 	/* read the command */
2455 	dlen = gsm_read_ea_val(&command, data, len);
2456 	len -= dlen;
2457 	data += dlen;
2458 
2459 	/* read any control data */
2460 	dlen = gsm_read_ea_val(&clen, data, len);
2461 	len -= dlen;
2462 	data += dlen;
2463 
2464 	/* Malformed command? */
2465 	if (clen > len) {
2466 		dlci->gsm->malformed++;
2467 		return;
2468 	}
2469 
2470 	if (command & 1)
2471 		gsm_control_message(dlci->gsm, command, data, clen);
2472 	else
2473 		gsm_control_response(dlci->gsm, command, data, clen);
2474 }
2475 
2476 /**
2477  *	gsm_kick_timer	-	transmit if possible
2478  *	@t: timer contained in our gsm object
2479  *
2480  *	Transmit data from DLCIs if the queue is empty. We can't rely on
2481  *	a tty wakeup except when we filled the pipe so we need to fire off
2482  *	new data ourselves in other cases.
2483  */
gsm_kick_timer(struct timer_list * t)2484 static void gsm_kick_timer(struct timer_list *t)
2485 {
2486 	struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
2487 	unsigned long flags;
2488 	int sent = 0;
2489 
2490 	spin_lock_irqsave(&gsm->tx_lock, flags);
2491 	/* If we have nothing running then we need to fire up */
2492 	if (gsm->tx_bytes < TX_THRESH_LO)
2493 		sent = gsm_dlci_data_sweep(gsm);
2494 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
2495 
2496 	if (sent && debug & DBG_DATA)
2497 		pr_info("%s TX queue stalled\n", __func__);
2498 }
2499 
2500 /**
2501  * gsm_dlci_copy_config_values	-	copy DLCI configuration
2502  * @dlci: source DLCI
2503  * @dc: configuration structure to fill
2504  */
gsm_dlci_copy_config_values(struct gsm_dlci * dlci,struct gsm_dlci_config * dc)2505 static void gsm_dlci_copy_config_values(struct gsm_dlci *dlci, struct gsm_dlci_config *dc)
2506 {
2507 	memset(dc, 0, sizeof(*dc));
2508 	dc->channel = (u32)dlci->addr;
2509 	dc->adaption = (u32)dlci->adaption;
2510 	dc->mtu = (u32)dlci->mtu;
2511 	dc->priority = (u32)dlci->prio;
2512 	if (dlci->ftype == UIH)
2513 		dc->i = 1;
2514 	else
2515 		dc->i = 2;
2516 	dc->k = (u32)dlci->k;
2517 }
2518 
2519 /**
2520  * gsm_dlci_config	-	configure DLCI from configuration
2521  * @dlci: DLCI to configure
2522  * @dc: DLCI configuration
2523  * @open: open DLCI after configuration?
2524  */
gsm_dlci_config(struct gsm_dlci * dlci,struct gsm_dlci_config * dc,int open)2525 static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, int open)
2526 {
2527 	struct gsm_mux *gsm;
2528 	bool need_restart = false;
2529 	bool need_open = false;
2530 	unsigned int i;
2531 
2532 	/*
2533 	 * Check that userspace doesn't put stuff in here to prevent breakages
2534 	 * in the future.
2535 	 */
2536 	for (i = 0; i < ARRAY_SIZE(dc->reserved); i++)
2537 		if (dc->reserved[i])
2538 			return -EINVAL;
2539 
2540 	if (!dlci)
2541 		return -EINVAL;
2542 	gsm = dlci->gsm;
2543 
2544 	/* Stuff we don't support yet - I frame transport */
2545 	if (dc->adaption != 1 && dc->adaption != 2)
2546 		return -EOPNOTSUPP;
2547 	if (dc->mtu > MAX_MTU || dc->mtu < MIN_MTU || dc->mtu > gsm->mru)
2548 		return -EINVAL;
2549 	if (dc->priority >= 64)
2550 		return -EINVAL;
2551 	if (dc->i == 0 || dc->i > 2)  /* UIH and UI only */
2552 		return -EINVAL;
2553 	if (dc->k > 7)
2554 		return -EINVAL;
2555 	if (dc->flags & ~GSM_FL_RESTART)   /* allow future extensions */
2556 		return -EINVAL;
2557 
2558 	/*
2559 	 * See what is needed for reconfiguration
2560 	 */
2561 	/* Framing fields */
2562 	if (dc->adaption != dlci->adaption)
2563 		need_restart = true;
2564 	if (dc->mtu != dlci->mtu)
2565 		need_restart = true;
2566 	if (dc->i != dlci->ftype)
2567 		need_restart = true;
2568 	/* Requires care */
2569 	if (dc->priority != dlci->prio)
2570 		need_restart = true;
2571 	if (dc->flags & GSM_FL_RESTART)
2572 		need_restart = true;
2573 
2574 	if ((open && gsm->wait_config) || need_restart)
2575 		need_open = true;
2576 	if (dlci->state == DLCI_WAITING_CONFIG) {
2577 		need_restart = false;
2578 		need_open = true;
2579 	}
2580 
2581 	/*
2582 	 * Close down what is needed, restart and initiate the new
2583 	 * configuration.
2584 	 */
2585 	if (need_restart) {
2586 		gsm_dlci_begin_close(dlci);
2587 		wait_event_interruptible(gsm->event, dlci->state == DLCI_CLOSED);
2588 		if (signal_pending(current))
2589 			return -EINTR;
2590 	}
2591 	/*
2592 	 * Setup the new configuration values
2593 	 */
2594 	dlci->adaption = (int)dc->adaption;
2595 
2596 	if (dc->mtu)
2597 		dlci->mtu = (unsigned int)dc->mtu;
2598 	else
2599 		dlci->mtu = gsm->mtu;
2600 
2601 	if (dc->priority)
2602 		dlci->prio = (u8)dc->priority;
2603 	else
2604 		dlci->prio = roundup(dlci->addr + 1, 8) - 1;
2605 
2606 	if (dc->i == 1)
2607 		dlci->ftype = UIH;
2608 	else if (dc->i == 2)
2609 		dlci->ftype = UI;
2610 
2611 	if (dc->k)
2612 		dlci->k = (u8)dc->k;
2613 	else
2614 		dlci->k = gsm->k;
2615 
2616 	if (need_open) {
2617 		if (gsm->initiator)
2618 			gsm_dlci_begin_open(dlci);
2619 		else
2620 			gsm_dlci_set_opening(dlci);
2621 	}
2622 
2623 	return 0;
2624 }
2625 
2626 /*
2627  *	Allocate/Free DLCI channels
2628  */
2629 
2630 /**
2631  *	gsm_dlci_alloc		-	allocate a DLCI
2632  *	@gsm: GSM mux
2633  *	@addr: address of the DLCI
2634  *
2635  *	Allocate and install a new DLCI object into the GSM mux.
2636  *
2637  *	FIXME: review locking races
2638  */
2639 
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)2640 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2641 {
2642 	struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2643 	if (dlci == NULL)
2644 		return NULL;
2645 	spin_lock_init(&dlci->lock);
2646 	mutex_init(&dlci->mutex);
2647 	if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
2648 		kfree(dlci);
2649 		return NULL;
2650 	}
2651 
2652 	skb_queue_head_init(&dlci->skb_list);
2653 	timer_setup(&dlci->t1, gsm_dlci_t1, 0);
2654 	tty_port_init(&dlci->port);
2655 	dlci->port.ops = &gsm_port_ops;
2656 	dlci->gsm = gsm;
2657 	dlci->addr = addr;
2658 	dlci->adaption = gsm->adaption;
2659 	dlci->mtu = gsm->mtu;
2660 	if (addr == 0)
2661 		dlci->prio = 0;
2662 	else
2663 		dlci->prio = roundup(addr + 1, 8) - 1;
2664 	dlci->ftype = gsm->ftype;
2665 	dlci->k = gsm->k;
2666 	dlci->state = DLCI_CLOSED;
2667 	if (addr) {
2668 		dlci->data = gsm_dlci_data;
2669 		/* Prevent us from sending data before the link is up */
2670 		dlci->constipated = true;
2671 	} else {
2672 		dlci->data = gsm_dlci_command;
2673 	}
2674 	gsm->dlci[addr] = dlci;
2675 	return dlci;
2676 }
2677 
2678 /**
2679  *	gsm_dlci_free		-	free DLCI
2680  *	@port: tty port for DLCI to free
2681  *
2682  *	Free up a DLCI.
2683  *
2684  *	Can sleep.
2685  */
gsm_dlci_free(struct tty_port * port)2686 static void gsm_dlci_free(struct tty_port *port)
2687 {
2688 	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2689 
2690 	timer_shutdown_sync(&dlci->t1);
2691 	dlci->gsm->dlci[dlci->addr] = NULL;
2692 	kfifo_free(&dlci->fifo);
2693 	while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
2694 		dev_kfree_skb(dlci->skb);
2695 	kfree(dlci);
2696 }
2697 
dlci_get(struct gsm_dlci * dlci)2698 static inline void dlci_get(struct gsm_dlci *dlci)
2699 {
2700 	tty_port_get(&dlci->port);
2701 }
2702 
dlci_put(struct gsm_dlci * dlci)2703 static inline void dlci_put(struct gsm_dlci *dlci)
2704 {
2705 	tty_port_put(&dlci->port);
2706 }
2707 
2708 static void gsm_destroy_network(struct gsm_dlci *dlci);
2709 
2710 /**
2711  *	gsm_dlci_release		-	release DLCI
2712  *	@dlci: DLCI to destroy
2713  *
2714  *	Release a DLCI. Actual free is deferred until either
2715  *	mux is closed or tty is closed - whichever is last.
2716  *
2717  *	Can sleep.
2718  */
gsm_dlci_release(struct gsm_dlci * dlci)2719 static void gsm_dlci_release(struct gsm_dlci *dlci)
2720 {
2721 	struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2722 	if (tty) {
2723 		mutex_lock(&dlci->mutex);
2724 		gsm_destroy_network(dlci);
2725 		mutex_unlock(&dlci->mutex);
2726 
2727 		/* We cannot use tty_hangup() because in tty_kref_put() the tty
2728 		 * driver assumes that the hangup queue is free and reuses it to
2729 		 * queue release_one_tty() -> NULL pointer panic in
2730 		 * process_one_work().
2731 		 */
2732 		tty_vhangup(tty);
2733 
2734 		tty_port_tty_set(&dlci->port, NULL);
2735 		tty_kref_put(tty);
2736 	}
2737 	dlci->state = DLCI_CLOSED;
2738 	dlci_put(dlci);
2739 }
2740 
2741 /*
2742  *	LAPBish link layer logic
2743  */
2744 
2745 /**
2746  *	gsm_queue		-	a GSM frame is ready to process
2747  *	@gsm: pointer to our gsm mux
2748  *
2749  *	At this point in time a frame has arrived and been demangled from
2750  *	the line encoding. All the differences between the encodings have
2751  *	been handled below us and the frame is unpacked into the structures.
2752  *	The fcs holds the header FCS but any data FCS must be added here.
2753  */
2754 
gsm_queue(struct gsm_mux * gsm)2755 static void gsm_queue(struct gsm_mux *gsm)
2756 {
2757 	struct gsm_dlci *dlci;
2758 	u8 cr;
2759 	int address;
2760 
2761 	if (gsm->fcs != GOOD_FCS) {
2762 		gsm->bad_fcs++;
2763 		if (debug & DBG_DATA)
2764 			pr_debug("BAD FCS %02x\n", gsm->fcs);
2765 		return;
2766 	}
2767 	address = gsm->address >> 1;
2768 	if (address >= NUM_DLCI)
2769 		goto invalid;
2770 
2771 	cr = gsm->address & 1;		/* C/R bit */
2772 	cr ^= gsm->initiator ? 0 : 1;	/* Flip so 1 always means command */
2773 
2774 	gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2775 
2776 	dlci = gsm->dlci[address];
2777 
2778 	switch (gsm->control) {
2779 	case SABM|PF:
2780 		if (cr == 1) {
2781 			gsm->open_error++;
2782 			goto invalid;
2783 		}
2784 		if (dlci == NULL)
2785 			dlci = gsm_dlci_alloc(gsm, address);
2786 		if (dlci == NULL) {
2787 			gsm->open_error++;
2788 			return;
2789 		}
2790 		if (dlci->dead)
2791 			gsm_response(gsm, address, DM|PF);
2792 		else {
2793 			gsm_response(gsm, address, UA|PF);
2794 			gsm_dlci_open(dlci);
2795 		}
2796 		break;
2797 	case DISC|PF:
2798 		if (cr == 1)
2799 			goto invalid;
2800 		if (dlci == NULL || dlci->state == DLCI_CLOSED) {
2801 			gsm_response(gsm, address, DM|PF);
2802 			return;
2803 		}
2804 		/* Real close complete */
2805 		gsm_response(gsm, address, UA|PF);
2806 		gsm_dlci_close(dlci);
2807 		break;
2808 	case UA|PF:
2809 		if (cr == 0 || dlci == NULL)
2810 			break;
2811 		switch (dlci->state) {
2812 		case DLCI_CLOSING:
2813 			gsm_dlci_close(dlci);
2814 			break;
2815 		case DLCI_OPENING:
2816 			gsm_dlci_open(dlci);
2817 			break;
2818 		default:
2819 			pr_debug("%s: unhandled state: %d\n", __func__,
2820 					dlci->state);
2821 			break;
2822 		}
2823 		break;
2824 	case DM:	/* DM can be valid unsolicited */
2825 	case DM|PF:
2826 		if (cr)
2827 			goto invalid;
2828 		if (dlci == NULL)
2829 			return;
2830 		gsm_dlci_close(dlci);
2831 		break;
2832 	case UI:
2833 	case UI|PF:
2834 	case UIH:
2835 	case UIH|PF:
2836 		if (dlci == NULL || dlci->state != DLCI_OPEN) {
2837 			gsm_response(gsm, address, DM|PF);
2838 			return;
2839 		}
2840 		dlci->data(dlci, gsm->buf, gsm->len);
2841 		break;
2842 	default:
2843 		goto invalid;
2844 	}
2845 	return;
2846 invalid:
2847 	gsm->malformed++;
2848 	return;
2849 }
2850 
2851 /**
2852  * gsm0_receive_state_check_and_fix	-	check and correct receive state
2853  * @gsm: gsm data for this ldisc instance
2854  *
2855  * Ensures that the current receive state is valid for basic option mode.
2856  */
2857 
gsm0_receive_state_check_and_fix(struct gsm_mux * gsm)2858 static void gsm0_receive_state_check_and_fix(struct gsm_mux *gsm)
2859 {
2860 	switch (gsm->state) {
2861 	case GSM_SEARCH:
2862 	case GSM0_ADDRESS:
2863 	case GSM0_CONTROL:
2864 	case GSM0_LEN0:
2865 	case GSM0_LEN1:
2866 	case GSM0_DATA:
2867 	case GSM0_FCS:
2868 	case GSM0_SSOF:
2869 		break;
2870 	default:
2871 		gsm->state = GSM_SEARCH;
2872 		break;
2873 	}
2874 }
2875 
2876 /**
2877  *	gsm0_receive	-	perform processing for non-transparency
2878  *	@gsm: gsm data for this ldisc instance
2879  *	@c: character
2880  *
2881  *	Receive bytes in gsm mode 0
2882  */
2883 
gsm0_receive(struct gsm_mux * gsm,unsigned char c)2884 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2885 {
2886 	unsigned int len;
2887 
2888 	gsm0_receive_state_check_and_fix(gsm);
2889 	switch (gsm->state) {
2890 	case GSM_SEARCH:	/* SOF marker */
2891 		if (c == GSM0_SOF) {
2892 			gsm->state = GSM0_ADDRESS;
2893 			gsm->address = 0;
2894 			gsm->len = 0;
2895 			gsm->fcs = INIT_FCS;
2896 		}
2897 		break;
2898 	case GSM0_ADDRESS:	/* Address EA */
2899 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2900 		if (gsm_read_ea(&gsm->address, c))
2901 			gsm->state = GSM0_CONTROL;
2902 		break;
2903 	case GSM0_CONTROL:	/* Control Byte */
2904 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2905 		gsm->control = c;
2906 		gsm->state = GSM0_LEN0;
2907 		break;
2908 	case GSM0_LEN0:		/* Length EA */
2909 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2910 		if (gsm_read_ea(&gsm->len, c)) {
2911 			if (gsm->len > gsm->mru) {
2912 				gsm->bad_size++;
2913 				gsm->state = GSM_SEARCH;
2914 				break;
2915 			}
2916 			gsm->count = 0;
2917 			if (!gsm->len)
2918 				gsm->state = GSM0_FCS;
2919 			else
2920 				gsm->state = GSM0_DATA;
2921 			break;
2922 		}
2923 		gsm->state = GSM0_LEN1;
2924 		break;
2925 	case GSM0_LEN1:
2926 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2927 		len = c;
2928 		gsm->len |= len << 7;
2929 		if (gsm->len > gsm->mru) {
2930 			gsm->bad_size++;
2931 			gsm->state = GSM_SEARCH;
2932 			break;
2933 		}
2934 		gsm->count = 0;
2935 		if (!gsm->len)
2936 			gsm->state = GSM0_FCS;
2937 		else
2938 			gsm->state = GSM0_DATA;
2939 		break;
2940 	case GSM0_DATA:		/* Data */
2941 		gsm->buf[gsm->count++] = c;
2942 		if (gsm->count >= MAX_MRU) {
2943 			gsm->bad_size++;
2944 			gsm->state = GSM_SEARCH;
2945 		} else if (gsm->count >= gsm->len) {
2946 			/* Calculate final FCS for UI frames over all data */
2947 			if ((gsm->control & ~PF) != UIH) {
2948 				gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2949 							     gsm->count);
2950 			}
2951 			gsm->state = GSM0_FCS;
2952 		}
2953 		break;
2954 	case GSM0_FCS:		/* FCS follows the packet */
2955 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2956 		gsm->state = GSM0_SSOF;
2957 		break;
2958 	case GSM0_SSOF:
2959 		gsm->state = GSM_SEARCH;
2960 		if (c == GSM0_SOF)
2961 			gsm_queue(gsm);
2962 		else
2963 			gsm->bad_size++;
2964 		break;
2965 	default:
2966 		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2967 		break;
2968 	}
2969 }
2970 
2971 /**
2972  * gsm1_receive_state_check_and_fix	-	check and correct receive state
2973  * @gsm: gsm data for this ldisc instance
2974  *
2975  * Ensures that the current receive state is valid for advanced option mode.
2976  */
2977 
gsm1_receive_state_check_and_fix(struct gsm_mux * gsm)2978 static void gsm1_receive_state_check_and_fix(struct gsm_mux *gsm)
2979 {
2980 	switch (gsm->state) {
2981 	case GSM_SEARCH:
2982 	case GSM1_START:
2983 	case GSM1_ADDRESS:
2984 	case GSM1_CONTROL:
2985 	case GSM1_DATA:
2986 	case GSM1_OVERRUN:
2987 		break;
2988 	default:
2989 		gsm->state = GSM_SEARCH;
2990 		break;
2991 	}
2992 }
2993 
2994 /**
2995  *	gsm1_receive	-	perform processing for non-transparency
2996  *	@gsm: gsm data for this ldisc instance
2997  *	@c: character
2998  *
2999  *	Receive bytes in mode 1 (Advanced option)
3000  */
3001 
gsm1_receive(struct gsm_mux * gsm,unsigned char c)3002 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
3003 {
3004 	gsm1_receive_state_check_and_fix(gsm);
3005 	/* handle XON/XOFF */
3006 	if ((c & ISO_IEC_646_MASK) == XON) {
3007 		gsm->constipated = true;
3008 		return;
3009 	} else if ((c & ISO_IEC_646_MASK) == XOFF) {
3010 		gsm->constipated = false;
3011 		/* Kick the link in case it is idling */
3012 		gsmld_write_trigger(gsm);
3013 		return;
3014 	}
3015 	if (c == GSM1_SOF) {
3016 		/* EOF is only valid in frame if we have got to the data state */
3017 		if (gsm->state == GSM1_DATA) {
3018 			if (gsm->count < 1) {
3019 				/* Missing FSC */
3020 				gsm->malformed++;
3021 				gsm->state = GSM1_START;
3022 				return;
3023 			}
3024 			/* Remove the FCS from data */
3025 			gsm->count--;
3026 			if ((gsm->control & ~PF) != UIH) {
3027 				/* Calculate final FCS for UI frames over all
3028 				 * data but FCS
3029 				 */
3030 				gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
3031 							     gsm->count);
3032 			}
3033 			/* Add the FCS itself to test against GOOD_FCS */
3034 			gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
3035 			gsm->len = gsm->count;
3036 			gsm_queue(gsm);
3037 			gsm->state  = GSM1_START;
3038 			return;
3039 		}
3040 		/* Any partial frame was a runt so go back to start */
3041 		if (gsm->state != GSM1_START) {
3042 			if (gsm->state != GSM_SEARCH)
3043 				gsm->malformed++;
3044 			gsm->state = GSM1_START;
3045 		}
3046 		/* A SOF in GSM_START means we are still reading idling or
3047 		   framing bytes */
3048 		return;
3049 	}
3050 
3051 	if (c == GSM1_ESCAPE) {
3052 		gsm->escape = true;
3053 		return;
3054 	}
3055 
3056 	/* Only an unescaped SOF gets us out of GSM search */
3057 	if (gsm->state == GSM_SEARCH)
3058 		return;
3059 
3060 	if (gsm->escape) {
3061 		c ^= GSM1_ESCAPE_BITS;
3062 		gsm->escape = false;
3063 	}
3064 	switch (gsm->state) {
3065 	case GSM1_START:		/* First byte after SOF */
3066 		gsm->address = 0;
3067 		gsm->state = GSM1_ADDRESS;
3068 		gsm->fcs = INIT_FCS;
3069 		fallthrough;
3070 	case GSM1_ADDRESS:	/* Address continuation */
3071 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3072 		if (gsm_read_ea(&gsm->address, c))
3073 			gsm->state = GSM1_CONTROL;
3074 		break;
3075 	case GSM1_CONTROL:	/* Control Byte */
3076 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3077 		gsm->control = c;
3078 		gsm->count = 0;
3079 		gsm->state = GSM1_DATA;
3080 		break;
3081 	case GSM1_DATA:		/* Data */
3082 		if (gsm->count > gsm->mru || gsm->count > MAX_MRU) {	/* Allow one for the FCS */
3083 			gsm->state = GSM1_OVERRUN;
3084 			gsm->bad_size++;
3085 		} else
3086 			gsm->buf[gsm->count++] = c;
3087 		break;
3088 	case GSM1_OVERRUN:	/* Over-long - eg a dropped SOF */
3089 		break;
3090 	default:
3091 		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
3092 		break;
3093 	}
3094 }
3095 
3096 /**
3097  *	gsm_error		-	handle tty error
3098  *	@gsm: ldisc data
3099  *
3100  *	Handle an error in the receipt of data for a frame. Currently we just
3101  *	go back to hunting for a SOF.
3102  *
3103  *	FIXME: better diagnostics ?
3104  */
3105 
gsm_error(struct gsm_mux * gsm)3106 static void gsm_error(struct gsm_mux *gsm)
3107 {
3108 	gsm->state = GSM_SEARCH;
3109 	gsm->io_error++;
3110 }
3111 
3112 /**
3113  *	gsm_cleanup_mux		-	generic GSM protocol cleanup
3114  *	@gsm: our mux
3115  *	@disc: disconnect link?
3116  *
3117  *	Clean up the bits of the mux which are the same for all framing
3118  *	protocols. Remove the mux from the mux table, stop all the timers
3119  *	and then shut down each device hanging up the channels as we go.
3120  */
3121 
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)3122 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
3123 {
3124 	int i;
3125 	struct gsm_dlci *dlci;
3126 	struct gsm_msg *txq, *ntxq;
3127 
3128 	gsm->dead = true;
3129 	mutex_lock(&gsm->mutex);
3130 
3131 	dlci = gsm->dlci[0];
3132 	if (dlci) {
3133 		if (disc && dlci->state != DLCI_CLOSED) {
3134 			gsm_dlci_begin_close(dlci);
3135 			wait_event(gsm->event, dlci->state == DLCI_CLOSED);
3136 		}
3137 		dlci->dead = true;
3138 	}
3139 
3140 	/* Finish outstanding timers, making sure they are done */
3141 	del_timer_sync(&gsm->kick_timer);
3142 	del_timer_sync(&gsm->t2_timer);
3143 	del_timer_sync(&gsm->ka_timer);
3144 
3145 	/* Finish writing to ldisc */
3146 	flush_work(&gsm->tx_work);
3147 
3148 	/* Free up any link layer users and finally the control channel */
3149 	if (gsm->has_devices) {
3150 		gsm_unregister_devices(gsm_tty_driver, gsm->num);
3151 		gsm->has_devices = false;
3152 	}
3153 	for (i = NUM_DLCI - 1; i >= 0; i--)
3154 		if (gsm->dlci[i])
3155 			gsm_dlci_release(gsm->dlci[i]);
3156 	mutex_unlock(&gsm->mutex);
3157 	/* Now wipe the queues */
3158 	tty_ldisc_flush(gsm->tty);
3159 
3160 	guard(spinlock_irqsave)(&gsm->tx_lock);
3161 	list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
3162 		kfree(txq);
3163 	INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3164 	list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
3165 		kfree(txq);
3166 	INIT_LIST_HEAD(&gsm->tx_data_list);
3167 }
3168 
3169 /**
3170  *	gsm_activate_mux	-	generic GSM setup
3171  *	@gsm: our mux
3172  *
3173  *	Set up the bits of the mux which are the same for all framing
3174  *	protocols. Add the mux to the mux table so it can be opened and
3175  *	finally kick off connecting to DLCI 0 on the modem.
3176  */
3177 
gsm_activate_mux(struct gsm_mux * gsm)3178 static int gsm_activate_mux(struct gsm_mux *gsm)
3179 {
3180 	struct gsm_dlci *dlci;
3181 	int ret;
3182 
3183 	dlci = gsm_dlci_alloc(gsm, 0);
3184 	if (dlci == NULL)
3185 		return -ENOMEM;
3186 
3187 	if (gsm->encoding == GSM_BASIC_OPT)
3188 		gsm->receive = gsm0_receive;
3189 	else
3190 		gsm->receive = gsm1_receive;
3191 
3192 	ret = gsm_register_devices(gsm_tty_driver, gsm->num);
3193 	if (ret)
3194 		return ret;
3195 
3196 	gsm->has_devices = true;
3197 	gsm->dead = false;		/* Tty opens are now permissible */
3198 	return 0;
3199 }
3200 
3201 /**
3202  *	gsm_free_mux		-	free up a mux
3203  *	@gsm: mux to free
3204  *
3205  *	Dispose of allocated resources for a dead mux
3206  */
gsm_free_mux(struct gsm_mux * gsm)3207 static void gsm_free_mux(struct gsm_mux *gsm)
3208 {
3209 	int i;
3210 
3211 	for (i = 0; i < MAX_MUX; i++) {
3212 		if (gsm == gsm_mux[i]) {
3213 			gsm_mux[i] = NULL;
3214 			break;
3215 		}
3216 	}
3217 	mutex_destroy(&gsm->mutex);
3218 	kfree(gsm->txframe);
3219 	kfree(gsm->buf);
3220 	kfree(gsm);
3221 }
3222 
3223 /**
3224  *	gsm_free_muxr		-	free up a mux
3225  *	@ref: kreference to the mux to free
3226  *
3227  *	Dispose of allocated resources for a dead mux
3228  */
gsm_free_muxr(struct kref * ref)3229 static void gsm_free_muxr(struct kref *ref)
3230 {
3231 	struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
3232 	gsm_free_mux(gsm);
3233 }
3234 
mux_get(struct gsm_mux * gsm)3235 static inline void mux_get(struct gsm_mux *gsm)
3236 {
3237 	unsigned long flags;
3238 
3239 	spin_lock_irqsave(&gsm_mux_lock, flags);
3240 	kref_get(&gsm->ref);
3241 	spin_unlock_irqrestore(&gsm_mux_lock, flags);
3242 }
3243 
mux_put(struct gsm_mux * gsm)3244 static inline void mux_put(struct gsm_mux *gsm)
3245 {
3246 	unsigned long flags;
3247 
3248 	spin_lock_irqsave(&gsm_mux_lock, flags);
3249 	kref_put(&gsm->ref, gsm_free_muxr);
3250 	spin_unlock_irqrestore(&gsm_mux_lock, flags);
3251 }
3252 
mux_num_to_base(struct gsm_mux * gsm)3253 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
3254 {
3255 	return gsm->num * NUM_DLCI;
3256 }
3257 
mux_line_to_num(unsigned int line)3258 static inline unsigned int mux_line_to_num(unsigned int line)
3259 {
3260 	return line / NUM_DLCI;
3261 }
3262 
3263 /**
3264  *	gsm_alloc_mux		-	allocate a mux
3265  *
3266  *	Creates a new mux ready for activation.
3267  */
3268 
gsm_alloc_mux(void)3269 static struct gsm_mux *gsm_alloc_mux(void)
3270 {
3271 	int i;
3272 	struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
3273 	if (gsm == NULL)
3274 		return NULL;
3275 	gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
3276 	if (gsm->buf == NULL) {
3277 		kfree(gsm);
3278 		return NULL;
3279 	}
3280 	gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
3281 	if (gsm->txframe == NULL) {
3282 		kfree(gsm->buf);
3283 		kfree(gsm);
3284 		return NULL;
3285 	}
3286 	spin_lock_init(&gsm->lock);
3287 	mutex_init(&gsm->mutex);
3288 	kref_init(&gsm->ref);
3289 	INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3290 	INIT_LIST_HEAD(&gsm->tx_data_list);
3291 	timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
3292 	timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
3293 	timer_setup(&gsm->ka_timer, gsm_control_keep_alive, 0);
3294 	INIT_WORK(&gsm->tx_work, gsmld_write_task);
3295 	init_waitqueue_head(&gsm->event);
3296 	spin_lock_init(&gsm->control_lock);
3297 	spin_lock_init(&gsm->tx_lock);
3298 
3299 	gsm->t1 = T1;
3300 	gsm->t2 = T2;
3301 	gsm->t3 = T3;
3302 	gsm->n2 = N2;
3303 	gsm->k = K;
3304 	gsm->ftype = UIH;
3305 	gsm->adaption = 1;
3306 	gsm->encoding = GSM_ADV_OPT;
3307 	gsm->mru = 64;	/* Default to encoding 1 so these should be 64 */
3308 	gsm->mtu = 64;
3309 	gsm->dead = true;	/* Avoid early tty opens */
3310 	gsm->wait_config = false; /* Disabled */
3311 	gsm->keep_alive = 0;	/* Disabled */
3312 
3313 	/* Store the instance to the mux array or abort if no space is
3314 	 * available.
3315 	 */
3316 	spin_lock(&gsm_mux_lock);
3317 	for (i = 0; i < MAX_MUX; i++) {
3318 		if (!gsm_mux[i]) {
3319 			gsm_mux[i] = gsm;
3320 			gsm->num = i;
3321 			break;
3322 		}
3323 	}
3324 	spin_unlock(&gsm_mux_lock);
3325 	if (i == MAX_MUX) {
3326 		mutex_destroy(&gsm->mutex);
3327 		kfree(gsm->txframe);
3328 		kfree(gsm->buf);
3329 		kfree(gsm);
3330 		return NULL;
3331 	}
3332 
3333 	return gsm;
3334 }
3335 
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)3336 static void gsm_copy_config_values(struct gsm_mux *gsm,
3337 				   struct gsm_config *c)
3338 {
3339 	memset(c, 0, sizeof(*c));
3340 	c->adaption = gsm->adaption;
3341 	c->encapsulation = gsm->encoding;
3342 	c->initiator = gsm->initiator;
3343 	c->t1 = gsm->t1;
3344 	c->t2 = gsm->t2;
3345 	c->t3 = gsm->t3;
3346 	c->n2 = gsm->n2;
3347 	if (gsm->ftype == UIH)
3348 		c->i = 1;
3349 	else
3350 		c->i = 2;
3351 	pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
3352 	c->mru = gsm->mru;
3353 	c->mtu = gsm->mtu;
3354 	c->k = gsm->k;
3355 }
3356 
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)3357 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
3358 {
3359 	int need_close = 0;
3360 	int need_restart = 0;
3361 
3362 	/* Stuff we don't support yet - UI or I frame transport */
3363 	if (c->adaption != 1 && c->adaption != 2)
3364 		return -EOPNOTSUPP;
3365 	/* Check the MRU/MTU range looks sane */
3366 	if (c->mru < MIN_MTU || c->mtu < MIN_MTU)
3367 		return -EINVAL;
3368 	if (c->mru > MAX_MRU || c->mtu > MAX_MTU)
3369 		return -EINVAL;
3370 	if (c->t3 > MAX_T3)
3371 		return -EINVAL;
3372 	if (c->n2 > 255)
3373 		return -EINVAL;
3374 	if (c->encapsulation > 1)	/* Basic, advanced, no I */
3375 		return -EINVAL;
3376 	if (c->initiator > 1)
3377 		return -EINVAL;
3378 	if (c->k > MAX_WINDOW_SIZE)
3379 		return -EINVAL;
3380 	if (c->i == 0 || c->i > 2)	/* UIH and UI only */
3381 		return -EINVAL;
3382 	/*
3383 	 * See what is needed for reconfiguration
3384 	 */
3385 
3386 	/* Timing fields */
3387 	if (c->t1 != 0 && c->t1 != gsm->t1)
3388 		need_restart = 1;
3389 	if (c->t2 != 0 && c->t2 != gsm->t2)
3390 		need_restart = 1;
3391 	if (c->encapsulation != gsm->encoding)
3392 		need_restart = 1;
3393 	if (c->adaption != gsm->adaption)
3394 		need_restart = 1;
3395 	/* Requires care */
3396 	if (c->initiator != gsm->initiator)
3397 		need_close = 1;
3398 	if (c->mru != gsm->mru)
3399 		need_restart = 1;
3400 	if (c->mtu != gsm->mtu)
3401 		need_restart = 1;
3402 
3403 	/*
3404 	 * Close down what is needed, restart and initiate the new
3405 	 * configuration. On the first time there is no DLCI[0]
3406 	 * and closing or cleaning up is not necessary.
3407 	 */
3408 	if (need_close || need_restart)
3409 		gsm_cleanup_mux(gsm, true);
3410 
3411 	gsm->initiator = c->initiator;
3412 	gsm->mru = c->mru;
3413 	gsm->mtu = c->mtu;
3414 	gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT;
3415 	gsm->adaption = c->adaption;
3416 	gsm->n2 = c->n2;
3417 
3418 	if (c->i == 1)
3419 		gsm->ftype = UIH;
3420 	else if (c->i == 2)
3421 		gsm->ftype = UI;
3422 
3423 	if (c->t1)
3424 		gsm->t1 = c->t1;
3425 	if (c->t2)
3426 		gsm->t2 = c->t2;
3427 	if (c->t3)
3428 		gsm->t3 = c->t3;
3429 	if (c->k)
3430 		gsm->k = c->k;
3431 
3432 	/*
3433 	 * FIXME: We need to separate activation/deactivation from adding
3434 	 * and removing from the mux array
3435 	 */
3436 	if (gsm->dead) {
3437 		int ret = gsm_activate_mux(gsm);
3438 		if (ret)
3439 			return ret;
3440 		if (gsm->initiator)
3441 			gsm_dlci_begin_open(gsm->dlci[0]);
3442 	}
3443 	return 0;
3444 }
3445 
gsm_copy_config_ext_values(struct gsm_mux * gsm,struct gsm_config_ext * ce)3446 static void gsm_copy_config_ext_values(struct gsm_mux *gsm,
3447 				       struct gsm_config_ext *ce)
3448 {
3449 	memset(ce, 0, sizeof(*ce));
3450 	ce->wait_config = gsm->wait_config ? 1 : 0;
3451 	ce->keep_alive = gsm->keep_alive;
3452 }
3453 
gsm_config_ext(struct gsm_mux * gsm,struct gsm_config_ext * ce)3454 static int gsm_config_ext(struct gsm_mux *gsm, struct gsm_config_ext *ce)
3455 {
3456 	bool need_restart = false;
3457 	unsigned int i;
3458 
3459 	/*
3460 	 * Check that userspace doesn't put stuff in here to prevent breakages
3461 	 * in the future.
3462 	 */
3463 	for (i = 0; i < ARRAY_SIZE(ce->reserved); i++)
3464 		if (ce->reserved[i])
3465 			return -EINVAL;
3466 	if (ce->flags & ~GSM_FL_RESTART)
3467 		return -EINVAL;
3468 
3469 	/* Requires care */
3470 	if (ce->flags & GSM_FL_RESTART)
3471 		need_restart = true;
3472 
3473 	/*
3474 	 * Close down what is needed, restart and initiate the new
3475 	 * configuration. On the first time there is no DLCI[0]
3476 	 * and closing or cleaning up is not necessary.
3477 	 */
3478 	if (need_restart)
3479 		gsm_cleanup_mux(gsm, true);
3480 
3481 	/*
3482 	 * Setup the new configuration values
3483 	 */
3484 	gsm->wait_config = ce->wait_config ? true : false;
3485 	gsm->keep_alive = ce->keep_alive;
3486 
3487 	if (gsm->dead) {
3488 		int ret = gsm_activate_mux(gsm);
3489 		if (ret)
3490 			return ret;
3491 		if (gsm->initiator)
3492 			gsm_dlci_begin_open(gsm->dlci[0]);
3493 	}
3494 
3495 	return 0;
3496 }
3497 
3498 /**
3499  *	gsmld_output		-	write to link
3500  *	@gsm: our mux
3501  *	@data: bytes to output
3502  *	@len: size
3503  *
3504  *	Write a block of data from the GSM mux to the data channel. This
3505  *	will eventually be serialized from above but at the moment isn't.
3506  */
3507 
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)3508 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
3509 {
3510 	if (tty_write_room(gsm->tty) < len) {
3511 		set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
3512 		return -ENOSPC;
3513 	}
3514 	if (debug & DBG_DATA)
3515 		gsm_hex_dump_bytes(__func__, data, len);
3516 	return gsm->tty->ops->write(gsm->tty, data, len);
3517 }
3518 
3519 
3520 /**
3521  *	gsmld_write_trigger	-	schedule ldisc write task
3522  *	@gsm: our mux
3523  */
gsmld_write_trigger(struct gsm_mux * gsm)3524 static void gsmld_write_trigger(struct gsm_mux *gsm)
3525 {
3526 	if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
3527 		return;
3528 	schedule_work(&gsm->tx_work);
3529 }
3530 
3531 
3532 /**
3533  *	gsmld_write_task	-	ldisc write task
3534  *	@work: our tx write work
3535  *
3536  *	Writes out data to the ldisc if possible. We are doing this here to
3537  *	avoid dead-locking. This returns if no space or data is left for output.
3538  */
gsmld_write_task(struct work_struct * work)3539 static void gsmld_write_task(struct work_struct *work)
3540 {
3541 	struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
3542 	unsigned long flags;
3543 	int i, ret;
3544 
3545 	/* All outstanding control channel and control messages and one data
3546 	 * frame is sent.
3547 	 */
3548 	ret = -ENODEV;
3549 	spin_lock_irqsave(&gsm->tx_lock, flags);
3550 	if (gsm->tty)
3551 		ret = gsm_data_kick(gsm);
3552 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
3553 
3554 	if (ret >= 0)
3555 		for (i = 0; i < NUM_DLCI; i++)
3556 			if (gsm->dlci[i])
3557 				tty_port_tty_wakeup(&gsm->dlci[i]->port);
3558 }
3559 
3560 /**
3561  *	gsmld_attach_gsm	-	mode set up
3562  *	@tty: our tty structure
3563  *	@gsm: our mux
3564  *
3565  *	Set up the MUX for basic mode and commence connecting to the
3566  *	modem. Currently called from the line discipline set up but
3567  *	will need moving to an ioctl path.
3568  */
3569 
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3570 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3571 {
3572 	gsm->tty = tty_kref_get(tty);
3573 	/* Turn off tty XON/XOFF handling to handle it explicitly. */
3574 	gsm->old_c_iflag = tty->termios.c_iflag;
3575 	tty->termios.c_iflag &= (IXON | IXOFF);
3576 }
3577 
3578 /**
3579  *	gsmld_detach_gsm	-	stop doing 0710 mux
3580  *	@tty: tty attached to the mux
3581  *	@gsm: mux
3582  *
3583  *	Shutdown and then clean up the resources used by the line discipline
3584  */
3585 
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3586 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3587 {
3588 	WARN_ON(tty != gsm->tty);
3589 	/* Restore tty XON/XOFF handling. */
3590 	gsm->tty->termios.c_iflag = gsm->old_c_iflag;
3591 	tty_kref_put(gsm->tty);
3592 	gsm->tty = NULL;
3593 }
3594 
gsmld_receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)3595 static void gsmld_receive_buf(struct tty_struct *tty, const u8 *cp,
3596 			      const u8 *fp, size_t count)
3597 {
3598 	struct gsm_mux *gsm = tty->disc_data;
3599 	char flags = TTY_NORMAL;
3600 
3601 	if (debug & DBG_DATA)
3602 		gsm_hex_dump_bytes(__func__, cp, count);
3603 
3604 	for (; count; count--, cp++) {
3605 		if (fp)
3606 			flags = *fp++;
3607 		switch (flags) {
3608 		case TTY_NORMAL:
3609 			if (gsm->receive)
3610 				gsm->receive(gsm, *cp);
3611 			break;
3612 		case TTY_OVERRUN:
3613 		case TTY_BREAK:
3614 		case TTY_PARITY:
3615 		case TTY_FRAME:
3616 			gsm_error(gsm);
3617 			break;
3618 		default:
3619 			WARN_ONCE(1, "%s: unknown flag %d\n",
3620 			       tty_name(tty), flags);
3621 			break;
3622 		}
3623 	}
3624 	/* FASYNC if needed ? */
3625 	/* If clogged call tty_throttle(tty); */
3626 }
3627 
3628 /**
3629  *	gsmld_flush_buffer	-	clean input queue
3630  *	@tty:	terminal device
3631  *
3632  *	Flush the input buffer. Called when the line discipline is
3633  *	being closed, when the tty layer wants the buffer flushed (eg
3634  *	at hangup).
3635  */
3636 
gsmld_flush_buffer(struct tty_struct * tty)3637 static void gsmld_flush_buffer(struct tty_struct *tty)
3638 {
3639 }
3640 
3641 /**
3642  *	gsmld_close		-	close the ldisc for this tty
3643  *	@tty: device
3644  *
3645  *	Called from the terminal layer when this line discipline is
3646  *	being shut down, either because of a close or becsuse of a
3647  *	discipline change. The function will not be called while other
3648  *	ldisc methods are in progress.
3649  */
3650 
gsmld_close(struct tty_struct * tty)3651 static void gsmld_close(struct tty_struct *tty)
3652 {
3653 	struct gsm_mux *gsm = tty->disc_data;
3654 
3655 	/* The ldisc locks and closes the port before calling our close. This
3656 	 * means we have no way to do a proper disconnect. We will not bother
3657 	 * to do one.
3658 	 */
3659 	gsm_cleanup_mux(gsm, false);
3660 
3661 	gsmld_detach_gsm(tty, gsm);
3662 
3663 	gsmld_flush_buffer(tty);
3664 	/* Do other clean up here */
3665 	mux_put(gsm);
3666 }
3667 
3668 /**
3669  *	gsmld_open		-	open an ldisc
3670  *	@tty: terminal to open
3671  *
3672  *	Called when this line discipline is being attached to the
3673  *	terminal device. Can sleep. Called serialized so that no
3674  *	other events will occur in parallel. No further open will occur
3675  *	until a close.
3676  */
3677 
gsmld_open(struct tty_struct * tty)3678 static int gsmld_open(struct tty_struct *tty)
3679 {
3680 	struct gsm_mux *gsm;
3681 
3682 	if (!capable(CAP_NET_ADMIN))
3683 		return -EPERM;
3684 
3685 	if (tty->ops->write == NULL)
3686 		return -EINVAL;
3687 
3688 	/* Attach our ldisc data */
3689 	gsm = gsm_alloc_mux();
3690 	if (gsm == NULL)
3691 		return -ENOMEM;
3692 
3693 	tty->disc_data = gsm;
3694 	tty->receive_room = 65536;
3695 
3696 	/* Attach the initial passive connection */
3697 	gsmld_attach_gsm(tty, gsm);
3698 
3699 	/* The mux will not be activated yet, we wait for correct
3700 	 * configuration first.
3701 	 */
3702 	if (gsm->encoding == GSM_BASIC_OPT)
3703 		gsm->receive = gsm0_receive;
3704 	else
3705 		gsm->receive = gsm1_receive;
3706 
3707 	return 0;
3708 }
3709 
3710 /**
3711  *	gsmld_write_wakeup	-	asynchronous I/O notifier
3712  *	@tty: tty device
3713  *
3714  *	Required for the ptys, serial driver etc. since processes
3715  *	that attach themselves to the master and rely on ASYNC
3716  *	IO must be woken up
3717  */
3718 
gsmld_write_wakeup(struct tty_struct * tty)3719 static void gsmld_write_wakeup(struct tty_struct *tty)
3720 {
3721 	struct gsm_mux *gsm = tty->disc_data;
3722 
3723 	/* Queue poll */
3724 	gsmld_write_trigger(gsm);
3725 }
3726 
3727 /**
3728  *	gsmld_read		-	read function for tty
3729  *	@tty: tty device
3730  *	@file: file object
3731  *	@buf: userspace buffer pointer
3732  *	@nr: size of I/O
3733  *	@cookie: unused
3734  *	@offset: unused
3735  *
3736  *	Perform reads for the line discipline. We are guaranteed that the
3737  *	line discipline will not be closed under us but we may get multiple
3738  *	parallel readers and must handle this ourselves. We may also get
3739  *	a hangup. Always called in user context, may sleep.
3740  *
3741  *	This code must be sure never to sleep through a hangup.
3742  */
3743 
gsmld_read(struct tty_struct * tty,struct file * file,u8 * buf,size_t nr,void ** cookie,unsigned long offset)3744 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, u8 *buf,
3745 			  size_t nr, void **cookie, unsigned long offset)
3746 {
3747 	return -EOPNOTSUPP;
3748 }
3749 
3750 /**
3751  *	gsmld_write		-	write function for tty
3752  *	@tty: tty device
3753  *	@file: file object
3754  *	@buf: userspace buffer pointer
3755  *	@nr: size of I/O
3756  *
3757  *	Called when the owner of the device wants to send a frame
3758  *	itself (or some other control data). The data is transferred
3759  *	as-is and must be properly framed and checksummed as appropriate
3760  *	by userspace. Frames are either sent whole or not at all as this
3761  *	avoids pain user side.
3762  */
3763 
gsmld_write(struct tty_struct * tty,struct file * file,const u8 * buf,size_t nr)3764 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3765 			   const u8 *buf, size_t nr)
3766 {
3767 	struct gsm_mux *gsm = tty->disc_data;
3768 	unsigned long flags;
3769 	int space;
3770 	int ret;
3771 
3772 	if (!gsm)
3773 		return -ENODEV;
3774 
3775 	ret = -ENOBUFS;
3776 	spin_lock_irqsave(&gsm->tx_lock, flags);
3777 	space = tty_write_room(tty);
3778 	if (space >= nr)
3779 		ret = tty->ops->write(tty, buf, nr);
3780 	else
3781 		set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
3782 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
3783 
3784 	return ret;
3785 }
3786 
3787 /**
3788  *	gsmld_poll		-	poll method for N_GSM0710
3789  *	@tty: terminal device
3790  *	@file: file accessing it
3791  *	@wait: poll table
3792  *
3793  *	Called when the line discipline is asked to poll() for data or
3794  *	for special events. This code is not serialized with respect to
3795  *	other events save open/close.
3796  *
3797  *	This code must be sure never to sleep through a hangup.
3798  *	Called without the kernel lock held - fine
3799  */
3800 
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)3801 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
3802 							poll_table *wait)
3803 {
3804 	__poll_t mask = 0;
3805 	struct gsm_mux *gsm = tty->disc_data;
3806 
3807 	poll_wait(file, &tty->read_wait, wait);
3808 	poll_wait(file, &tty->write_wait, wait);
3809 
3810 	if (gsm->dead)
3811 		mask |= EPOLLHUP;
3812 	if (tty_hung_up_p(file))
3813 		mask |= EPOLLHUP;
3814 	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3815 		mask |= EPOLLHUP;
3816 	if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
3817 		mask |= EPOLLOUT | EPOLLWRNORM;
3818 	return mask;
3819 }
3820 
gsmld_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3821 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3822 		       unsigned long arg)
3823 {
3824 	struct gsm_config c;
3825 	struct gsm_config_ext ce;
3826 	struct gsm_dlci_config dc;
3827 	struct gsm_mux *gsm = tty->disc_data;
3828 	unsigned int base, addr;
3829 	struct gsm_dlci *dlci;
3830 
3831 	switch (cmd) {
3832 	case GSMIOC_GETCONF:
3833 		gsm_copy_config_values(gsm, &c);
3834 		if (copy_to_user((void __user *)arg, &c, sizeof(c)))
3835 			return -EFAULT;
3836 		return 0;
3837 	case GSMIOC_SETCONF:
3838 		if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
3839 			return -EFAULT;
3840 		return gsm_config(gsm, &c);
3841 	case GSMIOC_GETFIRST:
3842 		base = mux_num_to_base(gsm);
3843 		return put_user(base + 1, (__u32 __user *)arg);
3844 	case GSMIOC_GETCONF_EXT:
3845 		gsm_copy_config_ext_values(gsm, &ce);
3846 		if (copy_to_user((void __user *)arg, &ce, sizeof(ce)))
3847 			return -EFAULT;
3848 		return 0;
3849 	case GSMIOC_SETCONF_EXT:
3850 		if (copy_from_user(&ce, (void __user *)arg, sizeof(ce)))
3851 			return -EFAULT;
3852 		return gsm_config_ext(gsm, &ce);
3853 	case GSMIOC_GETCONF_DLCI:
3854 		if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3855 			return -EFAULT;
3856 		if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3857 			return -EINVAL;
3858 		addr = array_index_nospec(dc.channel, NUM_DLCI);
3859 		dlci = gsm->dlci[addr];
3860 		if (!dlci) {
3861 			dlci = gsm_dlci_alloc(gsm, addr);
3862 			if (!dlci)
3863 				return -ENOMEM;
3864 		}
3865 		gsm_dlci_copy_config_values(dlci, &dc);
3866 		if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
3867 			return -EFAULT;
3868 		return 0;
3869 	case GSMIOC_SETCONF_DLCI:
3870 		if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3871 			return -EFAULT;
3872 		if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3873 			return -EINVAL;
3874 		addr = array_index_nospec(dc.channel, NUM_DLCI);
3875 		dlci = gsm->dlci[addr];
3876 		if (!dlci) {
3877 			dlci = gsm_dlci_alloc(gsm, addr);
3878 			if (!dlci)
3879 				return -ENOMEM;
3880 		}
3881 		return gsm_dlci_config(dlci, &dc, 0);
3882 	default:
3883 		return n_tty_ioctl_helper(tty, cmd, arg);
3884 	}
3885 }
3886 
3887 /*
3888  *	Network interface
3889  *
3890  */
3891 
gsm_mux_net_open(struct net_device * net)3892 static int gsm_mux_net_open(struct net_device *net)
3893 {
3894 	pr_debug("%s called\n", __func__);
3895 	netif_start_queue(net);
3896 	return 0;
3897 }
3898 
gsm_mux_net_close(struct net_device * net)3899 static int gsm_mux_net_close(struct net_device *net)
3900 {
3901 	netif_stop_queue(net);
3902 	return 0;
3903 }
3904 
dlci_net_free(struct gsm_dlci * dlci)3905 static void dlci_net_free(struct gsm_dlci *dlci)
3906 {
3907 	if (!dlci->net) {
3908 		WARN_ON(1);
3909 		return;
3910 	}
3911 	dlci->adaption = dlci->prev_adaption;
3912 	dlci->data = dlci->prev_data;
3913 	free_netdev(dlci->net);
3914 	dlci->net = NULL;
3915 }
net_free(struct kref * ref)3916 static void net_free(struct kref *ref)
3917 {
3918 	struct gsm_mux_net *mux_net;
3919 	struct gsm_dlci *dlci;
3920 
3921 	mux_net = container_of(ref, struct gsm_mux_net, ref);
3922 	dlci = mux_net->dlci;
3923 
3924 	if (dlci->net) {
3925 		unregister_netdev(dlci->net);
3926 		dlci_net_free(dlci);
3927 	}
3928 }
3929 
muxnet_get(struct gsm_mux_net * mux_net)3930 static inline void muxnet_get(struct gsm_mux_net *mux_net)
3931 {
3932 	kref_get(&mux_net->ref);
3933 }
3934 
muxnet_put(struct gsm_mux_net * mux_net)3935 static inline void muxnet_put(struct gsm_mux_net *mux_net)
3936 {
3937 	kref_put(&mux_net->ref, net_free);
3938 }
3939 
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)3940 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
3941 				      struct net_device *net)
3942 {
3943 	struct gsm_mux_net *mux_net = netdev_priv(net);
3944 	struct gsm_dlci *dlci = mux_net->dlci;
3945 	muxnet_get(mux_net);
3946 
3947 	skb_queue_head(&dlci->skb_list, skb);
3948 	net->stats.tx_packets++;
3949 	net->stats.tx_bytes += skb->len;
3950 	gsm_dlci_data_kick(dlci);
3951 	/* And tell the kernel when the last transmit started. */
3952 	netif_trans_update(net);
3953 	muxnet_put(mux_net);
3954 	return NETDEV_TX_OK;
3955 }
3956 
3957 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)3958 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
3959 {
3960 	/* Tell syslog we are hosed. */
3961 	dev_dbg(&net->dev, "Tx timed out.\n");
3962 
3963 	/* Update statistics */
3964 	net->stats.tx_errors++;
3965 }
3966 
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const unsigned char * in_buf,int size)3967 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
3968 				const unsigned char *in_buf, int size)
3969 {
3970 	struct net_device *net = dlci->net;
3971 	struct sk_buff *skb;
3972 	struct gsm_mux_net *mux_net = netdev_priv(net);
3973 	muxnet_get(mux_net);
3974 
3975 	/* Allocate an sk_buff */
3976 	skb = dev_alloc_skb(size + NET_IP_ALIGN);
3977 	if (!skb) {
3978 		/* We got no receive buffer. */
3979 		net->stats.rx_dropped++;
3980 		muxnet_put(mux_net);
3981 		return;
3982 	}
3983 	skb_reserve(skb, NET_IP_ALIGN);
3984 	skb_put_data(skb, in_buf, size);
3985 
3986 	skb->dev = net;
3987 	skb->protocol = htons(ETH_P_IP);
3988 
3989 	/* Ship it off to the kernel */
3990 	netif_rx(skb);
3991 
3992 	/* update out statistics */
3993 	net->stats.rx_packets++;
3994 	net->stats.rx_bytes += size;
3995 	muxnet_put(mux_net);
3996 	return;
3997 }
3998 
gsm_mux_net_init(struct net_device * net)3999 static void gsm_mux_net_init(struct net_device *net)
4000 {
4001 	static const struct net_device_ops gsm_netdev_ops = {
4002 		.ndo_open		= gsm_mux_net_open,
4003 		.ndo_stop		= gsm_mux_net_close,
4004 		.ndo_start_xmit		= gsm_mux_net_start_xmit,
4005 		.ndo_tx_timeout		= gsm_mux_net_tx_timeout,
4006 	};
4007 
4008 	net->netdev_ops = &gsm_netdev_ops;
4009 
4010 	/* fill in the other fields */
4011 	net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
4012 	net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
4013 	net->type = ARPHRD_NONE;
4014 	net->tx_queue_len = 10;
4015 }
4016 
4017 
4018 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)4019 static void gsm_destroy_network(struct gsm_dlci *dlci)
4020 {
4021 	struct gsm_mux_net *mux_net;
4022 
4023 	pr_debug("destroy network interface\n");
4024 	if (!dlci->net)
4025 		return;
4026 	mux_net = netdev_priv(dlci->net);
4027 	muxnet_put(mux_net);
4028 }
4029 
4030 
4031 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)4032 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
4033 {
4034 	char *netname;
4035 	int retval = 0;
4036 	struct net_device *net;
4037 	struct gsm_mux_net *mux_net;
4038 
4039 	if (!capable(CAP_NET_ADMIN))
4040 		return -EPERM;
4041 
4042 	/* Already in a non tty mode */
4043 	if (dlci->adaption > 2)
4044 		return -EBUSY;
4045 
4046 	if (nc->protocol != htons(ETH_P_IP))
4047 		return -EPROTONOSUPPORT;
4048 
4049 	if (nc->adaption != 3 && nc->adaption != 4)
4050 		return -EPROTONOSUPPORT;
4051 
4052 	pr_debug("create network interface\n");
4053 
4054 	netname = "gsm%d";
4055 	if (nc->if_name[0] != '\0')
4056 		netname = nc->if_name;
4057 	net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
4058 			   NET_NAME_UNKNOWN, gsm_mux_net_init);
4059 	if (!net) {
4060 		pr_err("alloc_netdev failed\n");
4061 		return -ENOMEM;
4062 	}
4063 	net->mtu = dlci->mtu;
4064 	net->min_mtu = MIN_MTU;
4065 	net->max_mtu = dlci->mtu;
4066 	mux_net = netdev_priv(net);
4067 	mux_net->dlci = dlci;
4068 	kref_init(&mux_net->ref);
4069 	strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
4070 
4071 	/* reconfigure dlci for network */
4072 	dlci->prev_adaption = dlci->adaption;
4073 	dlci->prev_data = dlci->data;
4074 	dlci->adaption = nc->adaption;
4075 	dlci->data = gsm_mux_rx_netchar;
4076 	dlci->net = net;
4077 
4078 	pr_debug("register netdev\n");
4079 	retval = register_netdev(net);
4080 	if (retval) {
4081 		pr_err("network register fail %d\n", retval);
4082 		dlci_net_free(dlci);
4083 		return retval;
4084 	}
4085 	return net->ifindex;	/* return network index */
4086 }
4087 
4088 /* Line discipline for real tty */
4089 static struct tty_ldisc_ops tty_ldisc_packet = {
4090 	.owner		 = THIS_MODULE,
4091 	.num		 = N_GSM0710,
4092 	.name            = "n_gsm",
4093 	.open            = gsmld_open,
4094 	.close           = gsmld_close,
4095 	.flush_buffer    = gsmld_flush_buffer,
4096 	.read            = gsmld_read,
4097 	.write           = gsmld_write,
4098 	.ioctl           = gsmld_ioctl,
4099 	.poll            = gsmld_poll,
4100 	.receive_buf     = gsmld_receive_buf,
4101 	.write_wakeup    = gsmld_write_wakeup
4102 };
4103 
4104 /*
4105  *	Virtual tty side
4106  */
4107 
4108 /**
4109  *	gsm_modem_upd_via_data	-	send modem bits via convergence layer
4110  *	@dlci: channel
4111  *	@brk: break signal
4112  *
4113  *	Send an empty frame to signal mobile state changes and to transmit the
4114  *	break signal for adaption 2.
4115  */
4116 
gsm_modem_upd_via_data(struct gsm_dlci * dlci,u8 brk)4117 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
4118 {
4119 	struct gsm_mux *gsm = dlci->gsm;
4120 	unsigned long flags;
4121 
4122 	if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
4123 		return;
4124 
4125 	spin_lock_irqsave(&gsm->tx_lock, flags);
4126 	gsm_dlci_modem_output(gsm, dlci, brk);
4127 	spin_unlock_irqrestore(&gsm->tx_lock, flags);
4128 }
4129 
4130 /**
4131  *	gsm_modem_upd_via_msc	-	send modem bits via control frame
4132  *	@dlci: channel
4133  *	@brk: break signal
4134  */
4135 
gsm_modem_upd_via_msc(struct gsm_dlci * dlci,u8 brk)4136 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
4137 {
4138 	u8 modembits[3];
4139 	struct gsm_control *ctrl;
4140 	int len = 2;
4141 
4142 	if (dlci->gsm->encoding != GSM_BASIC_OPT)
4143 		return 0;
4144 
4145 	modembits[0] = (dlci->addr << 2) | 2 | EA;  /* DLCI, Valid, EA */
4146 	if (!brk) {
4147 		modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
4148 	} else {
4149 		modembits[1] = gsm_encode_modem(dlci) << 1;
4150 		modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
4151 		len++;
4152 	}
4153 	ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
4154 	if (ctrl == NULL)
4155 		return -ENOMEM;
4156 	return gsm_control_wait(dlci->gsm, ctrl);
4157 }
4158 
4159 /**
4160  *	gsm_modem_update	-	send modem status line state
4161  *	@dlci: channel
4162  *	@brk: break signal
4163  */
4164 
gsm_modem_update(struct gsm_dlci * dlci,u8 brk)4165 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
4166 {
4167 	if (dlci->gsm->dead)
4168 		return -EL2HLT;
4169 	if (dlci->adaption == 2) {
4170 		/* Send convergence layer type 2 empty data frame. */
4171 		gsm_modem_upd_via_data(dlci, brk);
4172 		return 0;
4173 	} else if (dlci->gsm->encoding == GSM_BASIC_OPT) {
4174 		/* Send as MSC control message. */
4175 		return gsm_modem_upd_via_msc(dlci, brk);
4176 	}
4177 
4178 	/* Modem status lines are not supported. */
4179 	return -EPROTONOSUPPORT;
4180 }
4181 
4182 /**
4183  * gsm_wait_modem_change - wait for modem status line change
4184  * @dlci: channel
4185  * @mask: modem status line bits
4186  *
4187  * The function returns if:
4188  * - any given modem status line bit changed
4189  * - the wait event function got interrupted (e.g. by a signal)
4190  * - the underlying DLCI was closed
4191  * - the underlying ldisc device was removed
4192  */
gsm_wait_modem_change(struct gsm_dlci * dlci,u32 mask)4193 static int gsm_wait_modem_change(struct gsm_dlci *dlci, u32 mask)
4194 {
4195 	struct gsm_mux *gsm = dlci->gsm;
4196 	u32 old = dlci->modem_rx;
4197 	int ret;
4198 
4199 	ret = wait_event_interruptible(gsm->event, gsm->dead ||
4200 				       dlci->state != DLCI_OPEN ||
4201 				       (old ^ dlci->modem_rx) & mask);
4202 	if (gsm->dead)
4203 		return -ENODEV;
4204 	if (dlci->state != DLCI_OPEN)
4205 		return -EL2NSYNC;
4206 	return ret;
4207 }
4208 
gsm_carrier_raised(struct tty_port * port)4209 static bool gsm_carrier_raised(struct tty_port *port)
4210 {
4211 	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4212 	struct gsm_mux *gsm = dlci->gsm;
4213 
4214 	/* Not yet open so no carrier info */
4215 	if (dlci->state != DLCI_OPEN)
4216 		return false;
4217 	if (debug & DBG_CD_ON)
4218 		return true;
4219 
4220 	/*
4221 	 * Basic mode with control channel in ADM mode may not respond
4222 	 * to CMD_MSC at all and modem_rx is empty.
4223 	 */
4224 	if (gsm->encoding == GSM_BASIC_OPT &&
4225 	    gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx)
4226 		return true;
4227 
4228 	return dlci->modem_rx & TIOCM_CD;
4229 }
4230 
gsm_dtr_rts(struct tty_port * port,bool active)4231 static void gsm_dtr_rts(struct tty_port *port, bool active)
4232 {
4233 	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4234 	unsigned int modem_tx = dlci->modem_tx;
4235 	if (active)
4236 		modem_tx |= TIOCM_DTR | TIOCM_RTS;
4237 	else
4238 		modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
4239 	if (modem_tx != dlci->modem_tx) {
4240 		dlci->modem_tx = modem_tx;
4241 		gsm_modem_update(dlci, 0);
4242 	}
4243 }
4244 
4245 static const struct tty_port_operations gsm_port_ops = {
4246 	.carrier_raised = gsm_carrier_raised,
4247 	.dtr_rts = gsm_dtr_rts,
4248 	.destruct = gsm_dlci_free,
4249 };
4250 
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)4251 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
4252 {
4253 	struct gsm_mux *gsm;
4254 	struct gsm_dlci *dlci;
4255 	unsigned int line = tty->index;
4256 	unsigned int mux = mux_line_to_num(line);
4257 	bool alloc = false;
4258 	int ret;
4259 
4260 	line = line & 0x3F;
4261 
4262 	if (mux >= MAX_MUX)
4263 		return -ENXIO;
4264 	/* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
4265 	if (gsm_mux[mux] == NULL)
4266 		return -EUNATCH;
4267 	if (line == 0 || line > 61)	/* 62/63 reserved */
4268 		return -ECHRNG;
4269 	gsm = gsm_mux[mux];
4270 	if (gsm->dead)
4271 		return -EL2HLT;
4272 	/* If DLCI 0 is not yet fully open return an error.
4273 	This is ok from a locking
4274 	perspective as we don't have to worry about this
4275 	if DLCI0 is lost */
4276 	mutex_lock(&gsm->mutex);
4277 	if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
4278 		mutex_unlock(&gsm->mutex);
4279 		return -EL2NSYNC;
4280 	}
4281 	dlci = gsm->dlci[line];
4282 	if (dlci == NULL) {
4283 		alloc = true;
4284 		dlci = gsm_dlci_alloc(gsm, line);
4285 	}
4286 	if (dlci == NULL) {
4287 		mutex_unlock(&gsm->mutex);
4288 		return -ENOMEM;
4289 	}
4290 	ret = tty_port_install(&dlci->port, driver, tty);
4291 	if (ret) {
4292 		if (alloc)
4293 			dlci_put(dlci);
4294 		mutex_unlock(&gsm->mutex);
4295 		return ret;
4296 	}
4297 
4298 	dlci_get(dlci);
4299 	dlci_get(gsm->dlci[0]);
4300 	mux_get(gsm);
4301 	tty->driver_data = dlci;
4302 	mutex_unlock(&gsm->mutex);
4303 
4304 	return 0;
4305 }
4306 
gsmtty_open(struct tty_struct * tty,struct file * filp)4307 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
4308 {
4309 	struct gsm_dlci *dlci = tty->driver_data;
4310 	struct tty_port *port = &dlci->port;
4311 
4312 	port->count++;
4313 	tty_port_tty_set(port, tty);
4314 
4315 	dlci->modem_rx = 0;
4316 	/* We could in theory open and close before we wait - eg if we get
4317 	   a DM straight back. This is ok as that will have caused a hangup */
4318 	tty_port_set_initialized(port, true);
4319 	/* Start sending off SABM messages */
4320 	if (!dlci->gsm->wait_config) {
4321 		/* Start sending off SABM messages */
4322 		if (dlci->gsm->initiator)
4323 			gsm_dlci_begin_open(dlci);
4324 		else
4325 			gsm_dlci_set_opening(dlci);
4326 	} else {
4327 		gsm_dlci_set_wait_config(dlci);
4328 	}
4329 	/* And wait for virtual carrier */
4330 	return tty_port_block_til_ready(port, tty, filp);
4331 }
4332 
gsmtty_close(struct tty_struct * tty,struct file * filp)4333 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
4334 {
4335 	struct gsm_dlci *dlci = tty->driver_data;
4336 
4337 	if (dlci == NULL)
4338 		return;
4339 	if (dlci->state == DLCI_CLOSED)
4340 		return;
4341 	mutex_lock(&dlci->mutex);
4342 	gsm_destroy_network(dlci);
4343 	mutex_unlock(&dlci->mutex);
4344 	if (tty_port_close_start(&dlci->port, tty, filp) == 0)
4345 		return;
4346 	gsm_dlci_begin_close(dlci);
4347 	if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
4348 		tty_port_lower_dtr_rts(&dlci->port);
4349 	tty_port_close_end(&dlci->port, tty);
4350 	tty_port_tty_set(&dlci->port, NULL);
4351 	return;
4352 }
4353 
gsmtty_hangup(struct tty_struct * tty)4354 static void gsmtty_hangup(struct tty_struct *tty)
4355 {
4356 	struct gsm_dlci *dlci = tty->driver_data;
4357 	if (dlci->state == DLCI_CLOSED)
4358 		return;
4359 	tty_port_hangup(&dlci->port);
4360 	gsm_dlci_begin_close(dlci);
4361 }
4362 
gsmtty_write(struct tty_struct * tty,const u8 * buf,size_t len)4363 static ssize_t gsmtty_write(struct tty_struct *tty, const u8 *buf, size_t len)
4364 {
4365 	int sent;
4366 	struct gsm_dlci *dlci = tty->driver_data;
4367 	if (dlci->state == DLCI_CLOSED)
4368 		return -EINVAL;
4369 	/* Stuff the bytes into the fifo queue */
4370 	sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
4371 	/* Need to kick the channel */
4372 	gsm_dlci_data_kick(dlci);
4373 	return sent;
4374 }
4375 
gsmtty_write_room(struct tty_struct * tty)4376 static unsigned int gsmtty_write_room(struct tty_struct *tty)
4377 {
4378 	struct gsm_dlci *dlci = tty->driver_data;
4379 	if (dlci->state == DLCI_CLOSED)
4380 		return 0;
4381 	return kfifo_avail(&dlci->fifo);
4382 }
4383 
gsmtty_chars_in_buffer(struct tty_struct * tty)4384 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
4385 {
4386 	struct gsm_dlci *dlci = tty->driver_data;
4387 	if (dlci->state == DLCI_CLOSED)
4388 		return 0;
4389 	return kfifo_len(&dlci->fifo);
4390 }
4391 
gsmtty_flush_buffer(struct tty_struct * tty)4392 static void gsmtty_flush_buffer(struct tty_struct *tty)
4393 {
4394 	struct gsm_dlci *dlci = tty->driver_data;
4395 	unsigned long flags;
4396 
4397 	if (dlci->state == DLCI_CLOSED)
4398 		return;
4399 	/* Caution needed: If we implement reliable transport classes
4400 	   then the data being transmitted can't simply be junked once
4401 	   it has first hit the stack. Until then we can just blow it
4402 	   away */
4403 	spin_lock_irqsave(&dlci->lock, flags);
4404 	kfifo_reset(&dlci->fifo);
4405 	spin_unlock_irqrestore(&dlci->lock, flags);
4406 	/* Need to unhook this DLCI from the transmit queue logic */
4407 }
4408 
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)4409 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
4410 {
4411 	/* The FIFO handles the queue so the kernel will do the right
4412 	   thing waiting on chars_in_buffer before calling us. No work
4413 	   to do here */
4414 }
4415 
gsmtty_tiocmget(struct tty_struct * tty)4416 static int gsmtty_tiocmget(struct tty_struct *tty)
4417 {
4418 	struct gsm_dlci *dlci = tty->driver_data;
4419 	if (dlci->state == DLCI_CLOSED)
4420 		return -EINVAL;
4421 	return dlci->modem_rx;
4422 }
4423 
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)4424 static int gsmtty_tiocmset(struct tty_struct *tty,
4425 	unsigned int set, unsigned int clear)
4426 {
4427 	struct gsm_dlci *dlci = tty->driver_data;
4428 	unsigned int modem_tx = dlci->modem_tx;
4429 
4430 	if (dlci->state == DLCI_CLOSED)
4431 		return -EINVAL;
4432 	modem_tx &= ~clear;
4433 	modem_tx |= set;
4434 
4435 	if (modem_tx != dlci->modem_tx) {
4436 		dlci->modem_tx = modem_tx;
4437 		return gsm_modem_update(dlci, 0);
4438 	}
4439 	return 0;
4440 }
4441 
4442 
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)4443 static int gsmtty_ioctl(struct tty_struct *tty,
4444 			unsigned int cmd, unsigned long arg)
4445 {
4446 	struct gsm_dlci *dlci = tty->driver_data;
4447 	struct gsm_netconfig nc;
4448 	struct gsm_dlci_config dc;
4449 	int index;
4450 
4451 	if (dlci->state == DLCI_CLOSED)
4452 		return -EINVAL;
4453 	switch (cmd) {
4454 	case GSMIOC_ENABLE_NET:
4455 		if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
4456 			return -EFAULT;
4457 		nc.if_name[IFNAMSIZ-1] = '\0';
4458 		/* return net interface index or error code */
4459 		mutex_lock(&dlci->mutex);
4460 		index = gsm_create_network(dlci, &nc);
4461 		mutex_unlock(&dlci->mutex);
4462 		if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
4463 			return -EFAULT;
4464 		return index;
4465 	case GSMIOC_DISABLE_NET:
4466 		if (!capable(CAP_NET_ADMIN))
4467 			return -EPERM;
4468 		mutex_lock(&dlci->mutex);
4469 		gsm_destroy_network(dlci);
4470 		mutex_unlock(&dlci->mutex);
4471 		return 0;
4472 	case GSMIOC_GETCONF_DLCI:
4473 		if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4474 			return -EFAULT;
4475 		if (dc.channel != dlci->addr)
4476 			return -EPERM;
4477 		gsm_dlci_copy_config_values(dlci, &dc);
4478 		if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
4479 			return -EFAULT;
4480 		return 0;
4481 	case GSMIOC_SETCONF_DLCI:
4482 		if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4483 			return -EFAULT;
4484 		if (dc.channel >= NUM_DLCI)
4485 			return -EINVAL;
4486 		if (dc.channel != 0 && dc.channel != dlci->addr)
4487 			return -EPERM;
4488 		return gsm_dlci_config(dlci, &dc, 1);
4489 	case TIOCMIWAIT:
4490 		return gsm_wait_modem_change(dlci, (u32)arg);
4491 	default:
4492 		return -ENOIOCTLCMD;
4493 	}
4494 }
4495 
gsmtty_set_termios(struct tty_struct * tty,const struct ktermios * old)4496 static void gsmtty_set_termios(struct tty_struct *tty,
4497 			       const struct ktermios *old)
4498 {
4499 	struct gsm_dlci *dlci = tty->driver_data;
4500 	if (dlci->state == DLCI_CLOSED)
4501 		return;
4502 	/* For the moment its fixed. In actual fact the speed information
4503 	   for the virtual channel can be propogated in both directions by
4504 	   the RPN control message. This however rapidly gets nasty as we
4505 	   then have to remap modem signals each way according to whether
4506 	   our virtual cable is null modem etc .. */
4507 	tty_termios_copy_hw(&tty->termios, old);
4508 }
4509 
gsmtty_throttle(struct tty_struct * tty)4510 static void gsmtty_throttle(struct tty_struct *tty)
4511 {
4512 	struct gsm_dlci *dlci = tty->driver_data;
4513 	if (dlci->state == DLCI_CLOSED)
4514 		return;
4515 	if (C_CRTSCTS(tty))
4516 		dlci->modem_tx &= ~TIOCM_RTS;
4517 	dlci->throttled = true;
4518 	/* Send an MSC with RTS cleared */
4519 	gsm_modem_update(dlci, 0);
4520 }
4521 
gsmtty_unthrottle(struct tty_struct * tty)4522 static void gsmtty_unthrottle(struct tty_struct *tty)
4523 {
4524 	struct gsm_dlci *dlci = tty->driver_data;
4525 	if (dlci->state == DLCI_CLOSED)
4526 		return;
4527 	if (C_CRTSCTS(tty))
4528 		dlci->modem_tx |= TIOCM_RTS;
4529 	dlci->throttled = false;
4530 	/* Send an MSC with RTS set */
4531 	gsm_modem_update(dlci, 0);
4532 }
4533 
gsmtty_break_ctl(struct tty_struct * tty,int state)4534 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
4535 {
4536 	struct gsm_dlci *dlci = tty->driver_data;
4537 	int encode = 0;	/* Off */
4538 	if (dlci->state == DLCI_CLOSED)
4539 		return -EINVAL;
4540 
4541 	if (state == -1)	/* "On indefinitely" - we can't encode this
4542 				    properly */
4543 		encode = 0x0F;
4544 	else if (state > 0) {
4545 		encode = state / 200;	/* mS to encoding */
4546 		if (encode > 0x0F)
4547 			encode = 0x0F;	/* Best effort */
4548 	}
4549 	return gsm_modem_update(dlci, encode);
4550 }
4551 
gsmtty_cleanup(struct tty_struct * tty)4552 static void gsmtty_cleanup(struct tty_struct *tty)
4553 {
4554 	struct gsm_dlci *dlci = tty->driver_data;
4555 	struct gsm_mux *gsm = dlci->gsm;
4556 
4557 	dlci_put(dlci);
4558 	dlci_put(gsm->dlci[0]);
4559 	mux_put(gsm);
4560 }
4561 
4562 /* Virtual ttys for the demux */
4563 static const struct tty_operations gsmtty_ops = {
4564 	.install		= gsmtty_install,
4565 	.open			= gsmtty_open,
4566 	.close			= gsmtty_close,
4567 	.write			= gsmtty_write,
4568 	.write_room		= gsmtty_write_room,
4569 	.chars_in_buffer	= gsmtty_chars_in_buffer,
4570 	.flush_buffer		= gsmtty_flush_buffer,
4571 	.ioctl			= gsmtty_ioctl,
4572 	.throttle		= gsmtty_throttle,
4573 	.unthrottle		= gsmtty_unthrottle,
4574 	.set_termios		= gsmtty_set_termios,
4575 	.hangup			= gsmtty_hangup,
4576 	.wait_until_sent	= gsmtty_wait_until_sent,
4577 	.tiocmget		= gsmtty_tiocmget,
4578 	.tiocmset		= gsmtty_tiocmset,
4579 	.break_ctl		= gsmtty_break_ctl,
4580 	.cleanup		= gsmtty_cleanup,
4581 };
4582 
4583 
4584 
gsm_init(void)4585 static int __init gsm_init(void)
4586 {
4587 	/* Fill in our line protocol discipline, and register it */
4588 	int status = tty_register_ldisc(&tty_ldisc_packet);
4589 	if (status != 0) {
4590 		pr_err("n_gsm: can't register line discipline (err = %d)\n",
4591 								status);
4592 		return status;
4593 	}
4594 
4595 	gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW |
4596 			TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
4597 	if (IS_ERR(gsm_tty_driver)) {
4598 		pr_err("gsm_init: tty allocation failed.\n");
4599 		status = PTR_ERR(gsm_tty_driver);
4600 		goto err_unreg_ldisc;
4601 	}
4602 	gsm_tty_driver->driver_name	= "gsmtty";
4603 	gsm_tty_driver->name		= "gsmtty";
4604 	gsm_tty_driver->major		= 0;	/* Dynamic */
4605 	gsm_tty_driver->minor_start	= 0;
4606 	gsm_tty_driver->type		= TTY_DRIVER_TYPE_SERIAL;
4607 	gsm_tty_driver->subtype	= SERIAL_TYPE_NORMAL;
4608 	gsm_tty_driver->init_termios	= tty_std_termios;
4609 	/* Fixme */
4610 	gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
4611 	tty_set_operations(gsm_tty_driver, &gsmtty_ops);
4612 
4613 	if (tty_register_driver(gsm_tty_driver)) {
4614 		pr_err("gsm_init: tty registration failed.\n");
4615 		status = -EBUSY;
4616 		goto err_put_driver;
4617 	}
4618 	pr_debug("gsm_init: loaded as %d,%d.\n",
4619 			gsm_tty_driver->major, gsm_tty_driver->minor_start);
4620 	return 0;
4621 err_put_driver:
4622 	tty_driver_kref_put(gsm_tty_driver);
4623 err_unreg_ldisc:
4624 	tty_unregister_ldisc(&tty_ldisc_packet);
4625 	return status;
4626 }
4627 
gsm_exit(void)4628 static void __exit gsm_exit(void)
4629 {
4630 	tty_unregister_ldisc(&tty_ldisc_packet);
4631 	tty_unregister_driver(gsm_tty_driver);
4632 	tty_driver_kref_put(gsm_tty_driver);
4633 }
4634 
4635 module_init(gsm_init);
4636 module_exit(gsm_exit);
4637 
4638 
4639 MODULE_LICENSE("GPL");
4640 MODULE_ALIAS_LDISC(N_GSM0710);
4641