xref: /openbmc/linux/drivers/net/hamradio/mkiss.c (revision 3d3337de)
1 /*
2  *  This program is free software; you can distribute it and/or modify it
3  *  under the terms of the GNU General Public License (Version 2) as
4  *  published by the Free Software Foundation.
5  *
6  *  This program is distributed in the hope it will be useful, but WITHOUT
7  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
9  *  for more details.
10  *
11  *  You should have received a copy of the GNU General Public License along
12  *  with this program; if not, see <http://www.gnu.org/licenses/>.
13  *
14  * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
15  * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
16  * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
17  */
18 #include <linux/module.h>
19 #include <linux/bitops.h>
20 #include <asm/uaccess.h>
21 #include <linux/crc16.h>
22 #include <linux/string.h>
23 #include <linux/mm.h>
24 #include <linux/interrupt.h>
25 #include <linux/in.h>
26 #include <linux/inet.h>
27 #include <linux/slab.h>
28 #include <linux/tty.h>
29 #include <linux/errno.h>
30 #include <linux/netdevice.h>
31 #include <linux/major.h>
32 #include <linux/init.h>
33 #include <linux/rtnetlink.h>
34 #include <linux/etherdevice.h>
35 #include <linux/skbuff.h>
36 #include <linux/if_arp.h>
37 #include <linux/jiffies.h>
38 #include <linux/compat.h>
39 
40 #include <net/ax25.h>
41 
42 #define AX_MTU		236
43 
44 /* SLIP/KISS protocol characters. */
45 #define END             0300		/* indicates end of frame	*/
46 #define ESC             0333		/* indicates byte stuffing	*/
47 #define ESC_END         0334		/* ESC ESC_END means END 'data'	*/
48 #define ESC_ESC         0335		/* ESC ESC_ESC means ESC 'data'	*/
49 
50 struct mkiss {
51 	struct tty_struct	*tty;	/* ptr to TTY structure		*/
52 	struct net_device	*dev;	/* easy for intr handling	*/
53 
54 	/* These are pointers to the malloc()ed frame buffers. */
55 	spinlock_t		buflock;/* lock for rbuf and xbuf */
56 	unsigned char		*rbuff;	/* receiver buffer		*/
57 	int			rcount;	/* received chars counter       */
58 	unsigned char		*xbuff;	/* transmitter buffer		*/
59 	unsigned char		*xhead;	/* pointer to next byte to XMIT */
60 	int			xleft;	/* bytes left in XMIT queue     */
61 
62 	/* Detailed SLIP statistics. */
63 	int		mtu;		/* Our mtu (to spot changes!)   */
64 	int		buffsize;	/* Max buffers sizes            */
65 
66 	unsigned long	flags;		/* Flag values/ mode etc	*/
67 					/* long req'd: used by set_bit --RR */
68 #define AXF_INUSE	0		/* Channel in use               */
69 #define AXF_ESCAPE	1               /* ESC received                 */
70 #define AXF_ERROR	2               /* Parity, etc. error           */
71 #define AXF_KEEPTEST	3		/* Keepalive test flag		*/
72 #define AXF_OUTWAIT	4		/* is outpacket was flag	*/
73 
74 	int		mode;
75         int		crcmode;	/* MW: for FlexNet, SMACK etc.  */
76 	int		crcauto;	/* CRC auto mode */
77 
78 #define CRC_MODE_NONE		0
79 #define CRC_MODE_FLEX		1
80 #define CRC_MODE_SMACK		2
81 #define CRC_MODE_FLEX_TEST	3
82 #define CRC_MODE_SMACK_TEST	4
83 
84 	atomic_t		refcnt;
85 	struct semaphore	dead_sem;
86 };
87 
88 /*---------------------------------------------------------------------------*/
89 
90 static const unsigned short crc_flex_table[] = {
91 	0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
92 	0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
93 	0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
94 	0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
95 	0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
96 	0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
97 	0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
98 	0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
99 	0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
100 	0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
101 	0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
102 	0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
103 	0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
104 	0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
105 	0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
106 	0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
107 	0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
108 	0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
109 	0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
110 	0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
111 	0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
112 	0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
113 	0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
114 	0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
115 	0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
116 	0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
117 	0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
118 	0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
119 	0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
120 	0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
121 	0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
122 	0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
123 };
124 
125 static unsigned short calc_crc_flex(unsigned char *cp, int size)
126 {
127 	unsigned short crc = 0xffff;
128 
129 	while (size--)
130 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
131 
132 	return crc;
133 }
134 
135 static int check_crc_flex(unsigned char *cp, int size)
136 {
137 	unsigned short crc = 0xffff;
138 
139 	if (size < 3)
140 		return -1;
141 
142 	while (size--)
143 		crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
144 
145 	if ((crc & 0xffff) != 0x7070)
146 		return -1;
147 
148 	return 0;
149 }
150 
151 static int check_crc_16(unsigned char *cp, int size)
152 {
153 	unsigned short crc = 0x0000;
154 
155 	if (size < 3)
156 		return -1;
157 
158 	crc = crc16(0, cp, size);
159 
160 	if (crc != 0x0000)
161 		return -1;
162 
163 	return 0;
164 }
165 
166 /*
167  * Standard encapsulation
168  */
169 
170 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
171 {
172 	unsigned char *ptr = d;
173 	unsigned char c;
174 
175 	/*
176 	 * Send an initial END character to flush out any data that may have
177 	 * accumulated in the receiver due to line noise.
178 	 */
179 
180 	*ptr++ = END;
181 
182 	while (len-- > 0) {
183 		switch (c = *s++) {
184 		case END:
185 			*ptr++ = ESC;
186 			*ptr++ = ESC_END;
187 			break;
188 		case ESC:
189 			*ptr++ = ESC;
190 			*ptr++ = ESC_ESC;
191 			break;
192 		default:
193 			*ptr++ = c;
194 			break;
195 		}
196 	}
197 
198 	*ptr++ = END;
199 
200 	return ptr - d;
201 }
202 
203 /*
204  * MW:
205  * OK its ugly, but tell me a better solution without copying the
206  * packet to a temporary buffer :-)
207  */
208 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
209 	int len)
210 {
211 	unsigned char *ptr = d;
212 	unsigned char c=0;
213 
214 	*ptr++ = END;
215 	while (len > 0) {
216 		if (len > 2)
217 			c = *s++;
218 		else if (len > 1)
219 			c = crc >> 8;
220 		else if (len > 0)
221 			c = crc & 0xff;
222 
223 		len--;
224 
225 		switch (c) {
226 		case END:
227 			*ptr++ = ESC;
228 			*ptr++ = ESC_END;
229 			break;
230 		case ESC:
231 			*ptr++ = ESC;
232 			*ptr++ = ESC_ESC;
233 			break;
234 		default:
235 			*ptr++ = c;
236 			break;
237 		}
238 	}
239 	*ptr++ = END;
240 
241 	return ptr - d;
242 }
243 
244 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
245 static void ax_bump(struct mkiss *ax)
246 {
247 	struct sk_buff *skb;
248 	int count;
249 
250 	spin_lock_bh(&ax->buflock);
251 	if (ax->rbuff[0] > 0x0f) {
252 		if (ax->rbuff[0] & 0x80) {
253 			if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
254 				ax->dev->stats.rx_errors++;
255 				spin_unlock_bh(&ax->buflock);
256 
257 				return;
258 			}
259 			if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
260 				printk(KERN_INFO
261 				       "mkiss: %s: Switching to crc-smack\n",
262 				       ax->dev->name);
263 				ax->crcmode = CRC_MODE_SMACK;
264 			}
265 			ax->rcount -= 2;
266 			*ax->rbuff &= ~0x80;
267 		} else if (ax->rbuff[0] & 0x20)  {
268 			if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
269 				ax->dev->stats.rx_errors++;
270 				spin_unlock_bh(&ax->buflock);
271 				return;
272 			}
273 			if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
274 				printk(KERN_INFO
275 				       "mkiss: %s: Switching to crc-flexnet\n",
276 				       ax->dev->name);
277 				ax->crcmode = CRC_MODE_FLEX;
278 			}
279 			ax->rcount -= 2;
280 
281 			/*
282 			 * dl9sau bugfix: the trailling two bytes flexnet crc
283 			 * will not be passed to the kernel. thus we have to
284 			 * correct the kissparm signature, because it indicates
285 			 * a crc but there's none
286 			 */
287 			*ax->rbuff &= ~0x20;
288 		}
289  	}
290 
291 	count = ax->rcount;
292 
293 	if ((skb = dev_alloc_skb(count)) == NULL) {
294 		printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
295 		       ax->dev->name);
296 		ax->dev->stats.rx_dropped++;
297 		spin_unlock_bh(&ax->buflock);
298 		return;
299 	}
300 
301 	memcpy(skb_put(skb,count), ax->rbuff, count);
302 	skb->protocol = ax25_type_trans(skb, ax->dev);
303 	netif_rx(skb);
304 	ax->dev->stats.rx_packets++;
305 	ax->dev->stats.rx_bytes += count;
306 	spin_unlock_bh(&ax->buflock);
307 }
308 
309 static void kiss_unesc(struct mkiss *ax, unsigned char s)
310 {
311 	switch (s) {
312 	case END:
313 		/* drop keeptest bit = VSV */
314 		if (test_bit(AXF_KEEPTEST, &ax->flags))
315 			clear_bit(AXF_KEEPTEST, &ax->flags);
316 
317 		if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
318 			ax_bump(ax);
319 
320 		clear_bit(AXF_ESCAPE, &ax->flags);
321 		ax->rcount = 0;
322 		return;
323 
324 	case ESC:
325 		set_bit(AXF_ESCAPE, &ax->flags);
326 		return;
327 	case ESC_ESC:
328 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
329 			s = ESC;
330 		break;
331 	case ESC_END:
332 		if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
333 			s = END;
334 		break;
335 	}
336 
337 	spin_lock_bh(&ax->buflock);
338 	if (!test_bit(AXF_ERROR, &ax->flags)) {
339 		if (ax->rcount < ax->buffsize) {
340 			ax->rbuff[ax->rcount++] = s;
341 			spin_unlock_bh(&ax->buflock);
342 			return;
343 		}
344 
345 		ax->dev->stats.rx_over_errors++;
346 		set_bit(AXF_ERROR, &ax->flags);
347 	}
348 	spin_unlock_bh(&ax->buflock);
349 }
350 
351 static int ax_set_mac_address(struct net_device *dev, void *addr)
352 {
353 	struct sockaddr_ax25 *sa = addr;
354 
355 	netif_tx_lock_bh(dev);
356 	netif_addr_lock(dev);
357 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
358 	netif_addr_unlock(dev);
359 	netif_tx_unlock_bh(dev);
360 
361 	return 0;
362 }
363 
364 /*---------------------------------------------------------------------------*/
365 
366 static void ax_changedmtu(struct mkiss *ax)
367 {
368 	struct net_device *dev = ax->dev;
369 	unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
370 	int len;
371 
372 	len = dev->mtu * 2;
373 
374 	/*
375 	 * allow for arrival of larger UDP packets, even if we say not to
376 	 * also fixes a bug in which SunOS sends 512-byte packets even with
377 	 * an MSS of 128
378 	 */
379 	if (len < 576 * 2)
380 		len = 576 * 2;
381 
382 	xbuff = kmalloc(len + 4, GFP_ATOMIC);
383 	rbuff = kmalloc(len + 4, GFP_ATOMIC);
384 
385 	if (xbuff == NULL || rbuff == NULL)  {
386 		printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
387 		       "MTU change cancelled.\n",
388 		       ax->dev->name);
389 		dev->mtu = ax->mtu;
390 		kfree(xbuff);
391 		kfree(rbuff);
392 		return;
393 	}
394 
395 	spin_lock_bh(&ax->buflock);
396 
397 	oxbuff    = ax->xbuff;
398 	ax->xbuff = xbuff;
399 	orbuff    = ax->rbuff;
400 	ax->rbuff = rbuff;
401 
402 	if (ax->xleft) {
403 		if (ax->xleft <= len) {
404 			memcpy(ax->xbuff, ax->xhead, ax->xleft);
405 		} else  {
406 			ax->xleft = 0;
407 			dev->stats.tx_dropped++;
408 		}
409 	}
410 
411 	ax->xhead = ax->xbuff;
412 
413 	if (ax->rcount) {
414 		if (ax->rcount <= len) {
415 			memcpy(ax->rbuff, orbuff, ax->rcount);
416 		} else  {
417 			ax->rcount = 0;
418 			dev->stats.rx_over_errors++;
419 			set_bit(AXF_ERROR, &ax->flags);
420 		}
421 	}
422 
423 	ax->mtu      = dev->mtu + 73;
424 	ax->buffsize = len;
425 
426 	spin_unlock_bh(&ax->buflock);
427 
428 	kfree(oxbuff);
429 	kfree(orbuff);
430 }
431 
432 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
433 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
434 {
435 	struct mkiss *ax = netdev_priv(dev);
436 	unsigned char *p;
437 	int actual, count;
438 
439 	if (ax->mtu != ax->dev->mtu + 73)	/* Someone has been ifconfigging */
440 		ax_changedmtu(ax);
441 
442 	if (len > ax->mtu) {		/* Sigh, shouldn't occur BUT ... */
443 		len = ax->mtu;
444 		printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
445 		dev->stats.tx_dropped++;
446 		netif_start_queue(dev);
447 		return;
448 	}
449 
450 	p = icp;
451 
452 	spin_lock_bh(&ax->buflock);
453 	if ((*p & 0x0f) != 0) {
454 		/* Configuration Command (kissparms(1).
455 		 * Protocol spec says: never append CRC.
456 		 * This fixes a very old bug in the linux
457 		 * kiss driver. -- dl9sau */
458 		switch (*p & 0xff) {
459 		case 0x85:
460 			/* command from userspace especially for us,
461 			 * not for delivery to the tnc */
462 			if (len > 1) {
463 				int cmd = (p[1] & 0xff);
464 				switch(cmd) {
465 				case 3:
466 				  ax->crcmode = CRC_MODE_SMACK;
467 				  break;
468 				case 2:
469 				  ax->crcmode = CRC_MODE_FLEX;
470 				  break;
471 				case 1:
472 				  ax->crcmode = CRC_MODE_NONE;
473 				  break;
474 				case 0:
475 				default:
476 				  ax->crcmode = CRC_MODE_SMACK_TEST;
477 				  cmd = 0;
478 				}
479 				ax->crcauto = (cmd ? 0 : 1);
480 				printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
481 			}
482 			spin_unlock_bh(&ax->buflock);
483 			netif_start_queue(dev);
484 
485 			return;
486 		default:
487 			count = kiss_esc(p, ax->xbuff, len);
488 		}
489 	} else {
490 		unsigned short crc;
491 		switch (ax->crcmode) {
492 		case CRC_MODE_SMACK_TEST:
493 			ax->crcmode  = CRC_MODE_FLEX_TEST;
494 			printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
495 			// fall through
496 		case CRC_MODE_SMACK:
497 			*p |= 0x80;
498 			crc = swab16(crc16(0, p, len));
499 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
500 			break;
501 		case CRC_MODE_FLEX_TEST:
502 			ax->crcmode = CRC_MODE_NONE;
503 			printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
504 			// fall through
505 		case CRC_MODE_FLEX:
506 			*p |= 0x20;
507 			crc = calc_crc_flex(p, len);
508 			count = kiss_esc_crc(p, ax->xbuff, crc, len+2);
509 			break;
510 
511 		default:
512 			count = kiss_esc(p, ax->xbuff, len);
513 		}
514   	}
515 	spin_unlock_bh(&ax->buflock);
516 
517 	set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
518 	actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
519 	dev->stats.tx_packets++;
520 	dev->stats.tx_bytes += actual;
521 
522 	ax->dev->trans_start = jiffies;
523 	ax->xleft = count - actual;
524 	ax->xhead = ax->xbuff + actual;
525 }
526 
527 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
528 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
529 {
530 	struct mkiss *ax = netdev_priv(dev);
531 
532 	if (skb->protocol == htons(ETH_P_IP))
533 		return ax25_ip_xmit(skb);
534 
535 	if (!netif_running(dev))  {
536 		printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
537 		return NETDEV_TX_BUSY;
538 	}
539 
540 	if (netif_queue_stopped(dev)) {
541 		/*
542 		 * May be we must check transmitter timeout here ?
543 		 *      14 Oct 1994 Dmitry Gorodchanin.
544 		 */
545 		if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
546 			/* 20 sec timeout not reached */
547 			return NETDEV_TX_BUSY;
548 		}
549 
550 		printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
551 		       (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
552 		       "bad line quality" : "driver error");
553 
554 		ax->xleft = 0;
555 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
556 		netif_start_queue(dev);
557 	}
558 
559 	/* We were not busy, so we are now... :-) */
560 	netif_stop_queue(dev);
561 	ax_encaps(dev, skb->data, skb->len);
562 	kfree_skb(skb);
563 
564 	return NETDEV_TX_OK;
565 }
566 
567 static int ax_open_dev(struct net_device *dev)
568 {
569 	struct mkiss *ax = netdev_priv(dev);
570 
571 	if (ax->tty == NULL)
572 		return -ENODEV;
573 
574 	return 0;
575 }
576 
577 /* Open the low-level part of the AX25 channel. Easy! */
578 static int ax_open(struct net_device *dev)
579 {
580 	struct mkiss *ax = netdev_priv(dev);
581 	unsigned long len;
582 
583 	if (ax->tty == NULL)
584 		return -ENODEV;
585 
586 	/*
587 	 * Allocate the frame buffers:
588 	 *
589 	 * rbuff	Receive buffer.
590 	 * xbuff	Transmit buffer.
591 	 */
592 	len = dev->mtu * 2;
593 
594 	/*
595 	 * allow for arrival of larger UDP packets, even if we say not to
596 	 * also fixes a bug in which SunOS sends 512-byte packets even with
597 	 * an MSS of 128
598 	 */
599 	if (len < 576 * 2)
600 		len = 576 * 2;
601 
602 	if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
603 		goto norbuff;
604 
605 	if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
606 		goto noxbuff;
607 
608 	ax->mtu	     = dev->mtu + 73;
609 	ax->buffsize = len;
610 	ax->rcount   = 0;
611 	ax->xleft    = 0;
612 
613 	ax->flags   &= (1 << AXF_INUSE);      /* Clear ESCAPE & ERROR flags */
614 
615 	spin_lock_init(&ax->buflock);
616 
617 	return 0;
618 
619 noxbuff:
620 	kfree(ax->rbuff);
621 
622 norbuff:
623 	return -ENOMEM;
624 }
625 
626 
627 /* Close the low-level part of the AX25 channel. Easy! */
628 static int ax_close(struct net_device *dev)
629 {
630 	struct mkiss *ax = netdev_priv(dev);
631 
632 	if (ax->tty)
633 		clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
634 
635 	netif_stop_queue(dev);
636 
637 	return 0;
638 }
639 
640 static const struct net_device_ops ax_netdev_ops = {
641 	.ndo_open            = ax_open_dev,
642 	.ndo_stop            = ax_close,
643 	.ndo_start_xmit	     = ax_xmit,
644 	.ndo_set_mac_address = ax_set_mac_address,
645 };
646 
647 static void ax_setup(struct net_device *dev)
648 {
649 	/* Finish setting up the DEVICE info. */
650 	dev->mtu             = AX_MTU;
651 	dev->hard_header_len = 0;
652 	dev->addr_len        = 0;
653 	dev->type            = ARPHRD_AX25;
654 	dev->tx_queue_len    = 10;
655 	dev->header_ops      = &ax25_header_ops;
656 	dev->netdev_ops	     = &ax_netdev_ops;
657 
658 
659 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
660 	memcpy(dev->dev_addr,  &ax25_defaddr,  AX25_ADDR_LEN);
661 
662 	dev->flags      = IFF_BROADCAST | IFF_MULTICAST;
663 }
664 
665 /*
666  * We have a potential race on dereferencing tty->disc_data, because the tty
667  * layer provides no locking at all - thus one cpu could be running
668  * sixpack_receive_buf while another calls sixpack_close, which zeroes
669  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
670  * best way to fix this is to use a rwlock in the tty struct, but for now we
671  * use a single global rwlock for all ttys in ppp line discipline.
672  */
673 static DEFINE_RWLOCK(disc_data_lock);
674 
675 static struct mkiss *mkiss_get(struct tty_struct *tty)
676 {
677 	struct mkiss *ax;
678 
679 	read_lock(&disc_data_lock);
680 	ax = tty->disc_data;
681 	if (ax)
682 		atomic_inc(&ax->refcnt);
683 	read_unlock(&disc_data_lock);
684 
685 	return ax;
686 }
687 
688 static void mkiss_put(struct mkiss *ax)
689 {
690 	if (atomic_dec_and_test(&ax->refcnt))
691 		up(&ax->dead_sem);
692 }
693 
694 static int crc_force = 0;	/* Can be overridden with insmod */
695 
696 static int mkiss_open(struct tty_struct *tty)
697 {
698 	struct net_device *dev;
699 	struct mkiss *ax;
700 	int err;
701 
702 	if (!capable(CAP_NET_ADMIN))
703 		return -EPERM;
704 	if (tty->ops->write == NULL)
705 		return -EOPNOTSUPP;
706 
707 	dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN,
708 			   ax_setup);
709 	if (!dev) {
710 		err = -ENOMEM;
711 		goto out;
712 	}
713 
714 	ax = netdev_priv(dev);
715 	ax->dev = dev;
716 
717 	spin_lock_init(&ax->buflock);
718 	atomic_set(&ax->refcnt, 1);
719 	sema_init(&ax->dead_sem, 0);
720 
721 	ax->tty = tty;
722 	tty->disc_data = ax;
723 	tty->receive_room = 65535;
724 
725 	tty_driver_flush_buffer(tty);
726 
727 	/* Restore default settings */
728 	dev->type = ARPHRD_AX25;
729 
730 	/* Perform the low-level AX25 initialization. */
731 	if ((err = ax_open(ax->dev))) {
732 		goto out_free_netdev;
733 	}
734 
735 	if (register_netdev(dev))
736 		goto out_free_buffers;
737 
738 	/* after register_netdev() - because else printk smashes the kernel */
739 	switch (crc_force) {
740 	case 3:
741 		ax->crcmode  = CRC_MODE_SMACK;
742 		printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
743 		       ax->dev->name);
744 		break;
745 	case 2:
746 		ax->crcmode  = CRC_MODE_FLEX;
747 		printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
748 		       ax->dev->name);
749 		break;
750 	case 1:
751 		ax->crcmode  = CRC_MODE_NONE;
752 		printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
753 		       ax->dev->name);
754 		break;
755 	case 0:
756 		/* fall through */
757 	default:
758 		crc_force = 0;
759 		printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
760 		       ax->dev->name);
761 		ax->crcmode  = CRC_MODE_SMACK_TEST;
762 	}
763 	ax->crcauto = (crc_force ? 0 : 1);
764 
765 	netif_start_queue(dev);
766 
767 	/* Done.  We have linked the TTY line to a channel. */
768 	return 0;
769 
770 out_free_buffers:
771 	kfree(ax->rbuff);
772 	kfree(ax->xbuff);
773 
774 out_free_netdev:
775 	free_netdev(dev);
776 
777 out:
778 	return err;
779 }
780 
781 static void mkiss_close(struct tty_struct *tty)
782 {
783 	struct mkiss *ax;
784 
785 	write_lock_bh(&disc_data_lock);
786 	ax = tty->disc_data;
787 	tty->disc_data = NULL;
788 	write_unlock_bh(&disc_data_lock);
789 
790 	if (!ax)
791 		return;
792 
793 	/*
794 	 * We have now ensured that nobody can start using ap from now on, but
795 	 * we have to wait for all existing users to finish.
796 	 */
797 	if (!atomic_dec_and_test(&ax->refcnt))
798 		down(&ax->dead_sem);
799 
800 	unregister_netdev(ax->dev);
801 
802 	/* Free all AX25 frame buffers. */
803 	kfree(ax->rbuff);
804 	kfree(ax->xbuff);
805 
806 	ax->tty = NULL;
807 }
808 
809 /* Perform I/O control on an active ax25 channel. */
810 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
811 	unsigned int cmd, unsigned long arg)
812 {
813 	struct mkiss *ax = mkiss_get(tty);
814 	struct net_device *dev;
815 	unsigned int tmp, err;
816 
817 	/* First make sure we're connected. */
818 	if (ax == NULL)
819 		return -ENXIO;
820 	dev = ax->dev;
821 
822 	switch (cmd) {
823  	case SIOCGIFNAME:
824 		err = copy_to_user((void __user *) arg, ax->dev->name,
825 		                   strlen(ax->dev->name) + 1) ? -EFAULT : 0;
826 		break;
827 
828 	case SIOCGIFENCAP:
829 		err = put_user(4, (int __user *) arg);
830 		break;
831 
832 	case SIOCSIFENCAP:
833 		if (get_user(tmp, (int __user *) arg)) {
834 			err = -EFAULT;
835 			break;
836 		}
837 
838 		ax->mode = tmp;
839 		dev->addr_len        = AX25_ADDR_LEN;
840 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
841 		                       AX25_MAX_HEADER_LEN + 3;
842 		dev->type            = ARPHRD_AX25;
843 
844 		err = 0;
845 		break;
846 
847 	case SIOCSIFHWADDR: {
848 		char addr[AX25_ADDR_LEN];
849 
850 		if (copy_from_user(&addr,
851 		                   (void __user *) arg, AX25_ADDR_LEN)) {
852 			err = -EFAULT;
853 			break;
854 		}
855 
856 		netif_tx_lock_bh(dev);
857 		memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
858 		netif_tx_unlock_bh(dev);
859 
860 		err = 0;
861 		break;
862 	}
863 	default:
864 		err = -ENOIOCTLCMD;
865 	}
866 
867 	mkiss_put(ax);
868 
869 	return err;
870 }
871 
872 #ifdef CONFIG_COMPAT
873 static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
874 	unsigned int cmd, unsigned long arg)
875 {
876 	switch (cmd) {
877 	case SIOCGIFNAME:
878 	case SIOCGIFENCAP:
879 	case SIOCSIFENCAP:
880 	case SIOCSIFHWADDR:
881 		return mkiss_ioctl(tty, file, cmd,
882 				   (unsigned long)compat_ptr(arg));
883 	}
884 
885 	return -ENOIOCTLCMD;
886 }
887 #endif
888 
889 /*
890  * Handle the 'receiver data ready' interrupt.
891  * This function is called by the 'tty_io' module in the kernel when
892  * a block of data has been received, which can now be decapsulated
893  * and sent on to the AX.25 layer for further processing.
894  */
895 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
896 	char *fp, int count)
897 {
898 	struct mkiss *ax = mkiss_get(tty);
899 
900 	if (!ax)
901 		return;
902 
903 	/*
904 	 * Argh! mtu change time! - costs us the packet part received
905 	 * at the change
906 	 */
907 	if (ax->mtu != ax->dev->mtu + 73)
908 		ax_changedmtu(ax);
909 
910 	/* Read the characters out of the buffer */
911 	while (count--) {
912 		if (fp != NULL && *fp++) {
913 			if (!test_and_set_bit(AXF_ERROR, &ax->flags))
914 				ax->dev->stats.rx_errors++;
915 			cp++;
916 			continue;
917 		}
918 
919 		kiss_unesc(ax, *cp++);
920 	}
921 
922 	mkiss_put(ax);
923 	tty_unthrottle(tty);
924 }
925 
926 /*
927  * Called by the driver when there's room for more data.  If we have
928  * more packets to send, we send them here.
929  */
930 static void mkiss_write_wakeup(struct tty_struct *tty)
931 {
932 	struct mkiss *ax = mkiss_get(tty);
933 	int actual;
934 
935 	if (!ax)
936 		return;
937 
938 	if (ax->xleft <= 0)  {
939 		/* Now serial buffer is almost free & we can start
940 		 * transmission of another packet
941 		 */
942 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
943 
944 		netif_wake_queue(ax->dev);
945 		goto out;
946 	}
947 
948 	actual = tty->ops->write(tty, ax->xhead, ax->xleft);
949 	ax->xleft -= actual;
950 	ax->xhead += actual;
951 
952 out:
953 	mkiss_put(ax);
954 }
955 
956 static struct tty_ldisc_ops ax_ldisc = {
957 	.owner		= THIS_MODULE,
958 	.magic		= TTY_LDISC_MAGIC,
959 	.name		= "mkiss",
960 	.open		= mkiss_open,
961 	.close		= mkiss_close,
962 	.ioctl		= mkiss_ioctl,
963 #ifdef CONFIG_COMPAT
964 	.compat_ioctl	= mkiss_compat_ioctl,
965 #endif
966 	.receive_buf	= mkiss_receive_buf,
967 	.write_wakeup	= mkiss_write_wakeup
968 };
969 
970 static const char banner[] __initconst = KERN_INFO \
971 	"mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
972 static const char msg_regfail[] __initconst = KERN_ERR \
973 	"mkiss: can't register line discipline (err = %d)\n";
974 
975 static int __init mkiss_init_driver(void)
976 {
977 	int status;
978 
979 	printk(banner);
980 
981 	status = tty_register_ldisc(N_AX25, &ax_ldisc);
982 	if (status != 0)
983 		printk(msg_regfail, status);
984 
985 	return status;
986 }
987 
988 static const char msg_unregfail[] = KERN_ERR \
989 	"mkiss: can't unregister line discipline (err = %d)\n";
990 
991 static void __exit mkiss_exit_driver(void)
992 {
993 	int ret;
994 
995 	if ((ret = tty_unregister_ldisc(N_AX25)))
996 		printk(msg_unregfail, ret);
997 }
998 
999 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1000 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1001 module_param(crc_force, int, 0);
1002 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1003 MODULE_LICENSE("GPL");
1004 MODULE_ALIAS_LDISC(N_AX25);
1005 
1006 module_init(mkiss_init_driver);
1007 module_exit(mkiss_exit_driver);
1008