1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * 4 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl> 5 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org> 6 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de> 7 */ 8 #include <linux/module.h> 9 #include <linux/bitops.h> 10 #include <linux/uaccess.h> 11 #include <linux/crc16.h> 12 #include <linux/string.h> 13 #include <linux/mm.h> 14 #include <linux/interrupt.h> 15 #include <linux/in.h> 16 #include <linux/inet.h> 17 #include <linux/slab.h> 18 #include <linux/tty.h> 19 #include <linux/errno.h> 20 #include <linux/netdevice.h> 21 #include <linux/major.h> 22 #include <linux/init.h> 23 #include <linux/rtnetlink.h> 24 #include <linux/etherdevice.h> 25 #include <linux/skbuff.h> 26 #include <linux/if_arp.h> 27 #include <linux/jiffies.h> 28 #include <linux/refcount.h> 29 30 #include <net/ax25.h> 31 32 #define AX_MTU 236 33 34 /* some arch define END as assembly function ending, just undef it */ 35 #undef END 36 /* SLIP/KISS protocol characters. */ 37 #define END 0300 /* indicates end of frame */ 38 #define ESC 0333 /* indicates byte stuffing */ 39 #define ESC_END 0334 /* ESC ESC_END means END 'data' */ 40 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */ 41 42 struct mkiss { 43 struct tty_struct *tty; /* ptr to TTY structure */ 44 struct net_device *dev; /* easy for intr handling */ 45 46 /* These are pointers to the malloc()ed frame buffers. */ 47 spinlock_t buflock;/* lock for rbuf and xbuf */ 48 unsigned char *rbuff; /* receiver buffer */ 49 int rcount; /* received chars counter */ 50 unsigned char *xbuff; /* transmitter buffer */ 51 unsigned char *xhead; /* pointer to next byte to XMIT */ 52 int xleft; /* bytes left in XMIT queue */ 53 54 /* Detailed SLIP statistics. */ 55 int mtu; /* Our mtu (to spot changes!) */ 56 int buffsize; /* Max buffers sizes */ 57 58 unsigned long flags; /* Flag values/ mode etc */ 59 /* long req'd: used by set_bit --RR */ 60 #define AXF_INUSE 0 /* Channel in use */ 61 #define AXF_ESCAPE 1 /* ESC received */ 62 #define AXF_ERROR 2 /* Parity, etc. error */ 63 #define AXF_KEEPTEST 3 /* Keepalive test flag */ 64 #define AXF_OUTWAIT 4 /* is outpacket was flag */ 65 66 int mode; 67 int crcmode; /* MW: for FlexNet, SMACK etc. */ 68 int crcauto; /* CRC auto mode */ 69 70 #define CRC_MODE_NONE 0 71 #define CRC_MODE_FLEX 1 72 #define CRC_MODE_SMACK 2 73 #define CRC_MODE_FLEX_TEST 3 74 #define CRC_MODE_SMACK_TEST 4 75 76 refcount_t refcnt; 77 struct completion dead; 78 }; 79 80 /*---------------------------------------------------------------------------*/ 81 82 static const unsigned short crc_flex_table[] = { 83 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38, 84 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770, 85 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9, 86 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1, 87 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a, 88 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672, 89 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb, 90 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3, 91 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c, 92 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574, 93 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd, 94 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5, 95 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e, 96 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476, 97 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf, 98 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7, 99 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30, 100 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378, 101 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1, 102 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9, 103 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32, 104 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a, 105 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3, 106 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb, 107 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34, 108 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c, 109 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5, 110 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd, 111 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36, 112 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e, 113 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7, 114 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff 115 }; 116 117 static unsigned short calc_crc_flex(unsigned char *cp, int size) 118 { 119 unsigned short crc = 0xffff; 120 121 while (size--) 122 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 123 124 return crc; 125 } 126 127 static int check_crc_flex(unsigned char *cp, int size) 128 { 129 unsigned short crc = 0xffff; 130 131 if (size < 3) 132 return -1; 133 134 while (size--) 135 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff]; 136 137 if ((crc & 0xffff) != 0x7070) 138 return -1; 139 140 return 0; 141 } 142 143 static int check_crc_16(unsigned char *cp, int size) 144 { 145 unsigned short crc = 0x0000; 146 147 if (size < 3) 148 return -1; 149 150 crc = crc16(0, cp, size); 151 152 if (crc != 0x0000) 153 return -1; 154 155 return 0; 156 } 157 158 /* 159 * Standard encapsulation 160 */ 161 162 static int kiss_esc(unsigned char *s, unsigned char *d, int len) 163 { 164 unsigned char *ptr = d; 165 unsigned char c; 166 167 /* 168 * Send an initial END character to flush out any data that may have 169 * accumulated in the receiver due to line noise. 170 */ 171 172 *ptr++ = END; 173 174 while (len-- > 0) { 175 switch (c = *s++) { 176 case END: 177 *ptr++ = ESC; 178 *ptr++ = ESC_END; 179 break; 180 case ESC: 181 *ptr++ = ESC; 182 *ptr++ = ESC_ESC; 183 break; 184 default: 185 *ptr++ = c; 186 break; 187 } 188 } 189 190 *ptr++ = END; 191 192 return ptr - d; 193 } 194 195 /* 196 * MW: 197 * OK its ugly, but tell me a better solution without copying the 198 * packet to a temporary buffer :-) 199 */ 200 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc, 201 int len) 202 { 203 unsigned char *ptr = d; 204 unsigned char c=0; 205 206 *ptr++ = END; 207 while (len > 0) { 208 if (len > 2) 209 c = *s++; 210 else if (len > 1) 211 c = crc >> 8; 212 else 213 c = crc & 0xff; 214 215 len--; 216 217 switch (c) { 218 case END: 219 *ptr++ = ESC; 220 *ptr++ = ESC_END; 221 break; 222 case ESC: 223 *ptr++ = ESC; 224 *ptr++ = ESC_ESC; 225 break; 226 default: 227 *ptr++ = c; 228 break; 229 } 230 } 231 *ptr++ = END; 232 233 return ptr - d; 234 } 235 236 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */ 237 static void ax_bump(struct mkiss *ax) 238 { 239 struct sk_buff *skb; 240 int count; 241 242 spin_lock_bh(&ax->buflock); 243 if (ax->rbuff[0] > 0x0f) { 244 if (ax->rbuff[0] & 0x80) { 245 if (check_crc_16(ax->rbuff, ax->rcount) < 0) { 246 ax->dev->stats.rx_errors++; 247 spin_unlock_bh(&ax->buflock); 248 249 return; 250 } 251 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) { 252 printk(KERN_INFO 253 "mkiss: %s: Switching to crc-smack\n", 254 ax->dev->name); 255 ax->crcmode = CRC_MODE_SMACK; 256 } 257 ax->rcount -= 2; 258 *ax->rbuff &= ~0x80; 259 } else if (ax->rbuff[0] & 0x20) { 260 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) { 261 ax->dev->stats.rx_errors++; 262 spin_unlock_bh(&ax->buflock); 263 return; 264 } 265 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) { 266 printk(KERN_INFO 267 "mkiss: %s: Switching to crc-flexnet\n", 268 ax->dev->name); 269 ax->crcmode = CRC_MODE_FLEX; 270 } 271 ax->rcount -= 2; 272 273 /* 274 * dl9sau bugfix: the trailling two bytes flexnet crc 275 * will not be passed to the kernel. thus we have to 276 * correct the kissparm signature, because it indicates 277 * a crc but there's none 278 */ 279 *ax->rbuff &= ~0x20; 280 } 281 } 282 283 count = ax->rcount; 284 285 if ((skb = dev_alloc_skb(count)) == NULL) { 286 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n", 287 ax->dev->name); 288 ax->dev->stats.rx_dropped++; 289 spin_unlock_bh(&ax->buflock); 290 return; 291 } 292 293 skb_put_data(skb, ax->rbuff, count); 294 skb->protocol = ax25_type_trans(skb, ax->dev); 295 netif_rx(skb); 296 ax->dev->stats.rx_packets++; 297 ax->dev->stats.rx_bytes += count; 298 spin_unlock_bh(&ax->buflock); 299 } 300 301 static void kiss_unesc(struct mkiss *ax, unsigned char s) 302 { 303 switch (s) { 304 case END: 305 /* drop keeptest bit = VSV */ 306 if (test_bit(AXF_KEEPTEST, &ax->flags)) 307 clear_bit(AXF_KEEPTEST, &ax->flags); 308 309 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2)) 310 ax_bump(ax); 311 312 clear_bit(AXF_ESCAPE, &ax->flags); 313 ax->rcount = 0; 314 return; 315 316 case ESC: 317 set_bit(AXF_ESCAPE, &ax->flags); 318 return; 319 case ESC_ESC: 320 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 321 s = ESC; 322 break; 323 case ESC_END: 324 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags)) 325 s = END; 326 break; 327 } 328 329 spin_lock_bh(&ax->buflock); 330 if (!test_bit(AXF_ERROR, &ax->flags)) { 331 if (ax->rcount < ax->buffsize) { 332 ax->rbuff[ax->rcount++] = s; 333 spin_unlock_bh(&ax->buflock); 334 return; 335 } 336 337 ax->dev->stats.rx_over_errors++; 338 set_bit(AXF_ERROR, &ax->flags); 339 } 340 spin_unlock_bh(&ax->buflock); 341 } 342 343 static int ax_set_mac_address(struct net_device *dev, void *addr) 344 { 345 struct sockaddr_ax25 *sa = addr; 346 347 netif_tx_lock_bh(dev); 348 netif_addr_lock(dev); 349 __dev_addr_set(dev, &sa->sax25_call, AX25_ADDR_LEN); 350 netif_addr_unlock(dev); 351 netif_tx_unlock_bh(dev); 352 353 return 0; 354 } 355 356 /*---------------------------------------------------------------------------*/ 357 358 static void ax_changedmtu(struct mkiss *ax) 359 { 360 struct net_device *dev = ax->dev; 361 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff; 362 int len; 363 364 len = dev->mtu * 2; 365 366 /* 367 * allow for arrival of larger UDP packets, even if we say not to 368 * also fixes a bug in which SunOS sends 512-byte packets even with 369 * an MSS of 128 370 */ 371 if (len < 576 * 2) 372 len = 576 * 2; 373 374 xbuff = kmalloc(len + 4, GFP_ATOMIC); 375 rbuff = kmalloc(len + 4, GFP_ATOMIC); 376 377 if (xbuff == NULL || rbuff == NULL) { 378 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, " 379 "MTU change cancelled.\n", 380 ax->dev->name); 381 dev->mtu = ax->mtu; 382 kfree(xbuff); 383 kfree(rbuff); 384 return; 385 } 386 387 spin_lock_bh(&ax->buflock); 388 389 oxbuff = ax->xbuff; 390 ax->xbuff = xbuff; 391 orbuff = ax->rbuff; 392 ax->rbuff = rbuff; 393 394 if (ax->xleft) { 395 if (ax->xleft <= len) { 396 memcpy(ax->xbuff, ax->xhead, ax->xleft); 397 } else { 398 ax->xleft = 0; 399 dev->stats.tx_dropped++; 400 } 401 } 402 403 ax->xhead = ax->xbuff; 404 405 if (ax->rcount) { 406 if (ax->rcount <= len) { 407 memcpy(ax->rbuff, orbuff, ax->rcount); 408 } else { 409 ax->rcount = 0; 410 dev->stats.rx_over_errors++; 411 set_bit(AXF_ERROR, &ax->flags); 412 } 413 } 414 415 ax->mtu = dev->mtu + 73; 416 ax->buffsize = len; 417 418 spin_unlock_bh(&ax->buflock); 419 420 kfree(oxbuff); 421 kfree(orbuff); 422 } 423 424 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */ 425 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len) 426 { 427 struct mkiss *ax = netdev_priv(dev); 428 unsigned char *p; 429 int actual, count; 430 431 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */ 432 ax_changedmtu(ax); 433 434 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */ 435 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name); 436 dev->stats.tx_dropped++; 437 netif_start_queue(dev); 438 return; 439 } 440 441 p = icp; 442 443 spin_lock_bh(&ax->buflock); 444 if ((*p & 0x0f) != 0) { 445 /* Configuration Command (kissparms(1). 446 * Protocol spec says: never append CRC. 447 * This fixes a very old bug in the linux 448 * kiss driver. -- dl9sau */ 449 switch (*p & 0xff) { 450 case 0x85: 451 /* command from userspace especially for us, 452 * not for delivery to the tnc */ 453 if (len > 1) { 454 int cmd = (p[1] & 0xff); 455 switch(cmd) { 456 case 3: 457 ax->crcmode = CRC_MODE_SMACK; 458 break; 459 case 2: 460 ax->crcmode = CRC_MODE_FLEX; 461 break; 462 case 1: 463 ax->crcmode = CRC_MODE_NONE; 464 break; 465 case 0: 466 default: 467 ax->crcmode = CRC_MODE_SMACK_TEST; 468 cmd = 0; 469 } 470 ax->crcauto = (cmd ? 0 : 1); 471 printk(KERN_INFO "mkiss: %s: crc mode set to %d\n", 472 ax->dev->name, cmd); 473 } 474 spin_unlock_bh(&ax->buflock); 475 netif_start_queue(dev); 476 477 return; 478 default: 479 count = kiss_esc(p, ax->xbuff, len); 480 } 481 } else { 482 unsigned short crc; 483 switch (ax->crcmode) { 484 case CRC_MODE_SMACK_TEST: 485 ax->crcmode = CRC_MODE_FLEX_TEST; 486 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name); 487 fallthrough; 488 case CRC_MODE_SMACK: 489 *p |= 0x80; 490 crc = swab16(crc16(0, p, len)); 491 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 492 break; 493 case CRC_MODE_FLEX_TEST: 494 ax->crcmode = CRC_MODE_NONE; 495 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name); 496 fallthrough; 497 case CRC_MODE_FLEX: 498 *p |= 0x20; 499 crc = calc_crc_flex(p, len); 500 count = kiss_esc_crc(p, ax->xbuff, crc, len+2); 501 break; 502 503 default: 504 count = kiss_esc(p, ax->xbuff, len); 505 } 506 } 507 spin_unlock_bh(&ax->buflock); 508 509 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 510 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count); 511 dev->stats.tx_packets++; 512 dev->stats.tx_bytes += actual; 513 514 netif_trans_update(ax->dev); 515 ax->xleft = count - actual; 516 ax->xhead = ax->xbuff + actual; 517 } 518 519 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */ 520 static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev) 521 { 522 struct mkiss *ax = netdev_priv(dev); 523 524 if (skb->protocol == htons(ETH_P_IP)) 525 return ax25_ip_xmit(skb); 526 527 if (!netif_running(dev)) { 528 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name); 529 return NETDEV_TX_BUSY; 530 } 531 532 if (netif_queue_stopped(dev)) { 533 /* 534 * May be we must check transmitter timeout here ? 535 * 14 Oct 1994 Dmitry Gorodchanin. 536 */ 537 if (time_before(jiffies, dev_trans_start(dev) + 20 * HZ)) { 538 /* 20 sec timeout not reached */ 539 return NETDEV_TX_BUSY; 540 } 541 542 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name, 543 (tty_chars_in_buffer(ax->tty) || ax->xleft) ? 544 "bad line quality" : "driver error"); 545 546 ax->xleft = 0; 547 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 548 netif_start_queue(dev); 549 } 550 551 /* We were not busy, so we are now... :-) */ 552 netif_stop_queue(dev); 553 ax_encaps(dev, skb->data, skb->len); 554 kfree_skb(skb); 555 556 return NETDEV_TX_OK; 557 } 558 559 static int ax_open_dev(struct net_device *dev) 560 { 561 struct mkiss *ax = netdev_priv(dev); 562 563 if (ax->tty == NULL) 564 return -ENODEV; 565 566 return 0; 567 } 568 569 /* Open the low-level part of the AX25 channel. Easy! */ 570 static int ax_open(struct net_device *dev) 571 { 572 struct mkiss *ax = netdev_priv(dev); 573 unsigned long len; 574 575 if (ax->tty == NULL) 576 return -ENODEV; 577 578 /* 579 * Allocate the frame buffers: 580 * 581 * rbuff Receive buffer. 582 * xbuff Transmit buffer. 583 */ 584 len = dev->mtu * 2; 585 586 /* 587 * allow for arrival of larger UDP packets, even if we say not to 588 * also fixes a bug in which SunOS sends 512-byte packets even with 589 * an MSS of 128 590 */ 591 if (len < 576 * 2) 592 len = 576 * 2; 593 594 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 595 goto norbuff; 596 597 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL) 598 goto noxbuff; 599 600 ax->mtu = dev->mtu + 73; 601 ax->buffsize = len; 602 ax->rcount = 0; 603 ax->xleft = 0; 604 605 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */ 606 607 spin_lock_init(&ax->buflock); 608 609 return 0; 610 611 noxbuff: 612 kfree(ax->rbuff); 613 614 norbuff: 615 return -ENOMEM; 616 } 617 618 619 /* Close the low-level part of the AX25 channel. Easy! */ 620 static int ax_close(struct net_device *dev) 621 { 622 struct mkiss *ax = netdev_priv(dev); 623 624 if (ax->tty) 625 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); 626 627 netif_stop_queue(dev); 628 629 return 0; 630 } 631 632 static const struct net_device_ops ax_netdev_ops = { 633 .ndo_open = ax_open_dev, 634 .ndo_stop = ax_close, 635 .ndo_start_xmit = ax_xmit, 636 .ndo_set_mac_address = ax_set_mac_address, 637 }; 638 639 static void ax_setup(struct net_device *dev) 640 { 641 /* Finish setting up the DEVICE info. */ 642 dev->mtu = AX_MTU; 643 dev->hard_header_len = AX25_MAX_HEADER_LEN; 644 dev->addr_len = AX25_ADDR_LEN; 645 dev->type = ARPHRD_AX25; 646 dev->tx_queue_len = 10; 647 dev->header_ops = &ax25_header_ops; 648 dev->netdev_ops = &ax_netdev_ops; 649 650 651 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN); 652 dev_addr_set(dev, (u8 *)&ax25_defaddr); 653 654 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 655 } 656 657 /* 658 * We have a potential race on dereferencing tty->disc_data, because the tty 659 * layer provides no locking at all - thus one cpu could be running 660 * sixpack_receive_buf while another calls sixpack_close, which zeroes 661 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The 662 * best way to fix this is to use a rwlock in the tty struct, but for now we 663 * use a single global rwlock for all ttys in ppp line discipline. 664 */ 665 static DEFINE_RWLOCK(disc_data_lock); 666 667 static struct mkiss *mkiss_get(struct tty_struct *tty) 668 { 669 struct mkiss *ax; 670 671 read_lock(&disc_data_lock); 672 ax = tty->disc_data; 673 if (ax) 674 refcount_inc(&ax->refcnt); 675 read_unlock(&disc_data_lock); 676 677 return ax; 678 } 679 680 static void mkiss_put(struct mkiss *ax) 681 { 682 if (refcount_dec_and_test(&ax->refcnt)) 683 complete(&ax->dead); 684 } 685 686 static int crc_force = 0; /* Can be overridden with insmod */ 687 688 static int mkiss_open(struct tty_struct *tty) 689 { 690 struct net_device *dev; 691 struct mkiss *ax; 692 int err; 693 694 if (!capable(CAP_NET_ADMIN)) 695 return -EPERM; 696 if (tty->ops->write == NULL) 697 return -EOPNOTSUPP; 698 699 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", NET_NAME_UNKNOWN, 700 ax_setup); 701 if (!dev) { 702 err = -ENOMEM; 703 goto out; 704 } 705 706 ax = netdev_priv(dev); 707 ax->dev = dev; 708 709 spin_lock_init(&ax->buflock); 710 refcount_set(&ax->refcnt, 1); 711 init_completion(&ax->dead); 712 713 ax->tty = tty; 714 tty->disc_data = ax; 715 tty->receive_room = 65535; 716 717 tty_driver_flush_buffer(tty); 718 719 /* Restore default settings */ 720 dev->type = ARPHRD_AX25; 721 722 /* Perform the low-level AX25 initialization. */ 723 err = ax_open(ax->dev); 724 if (err) 725 goto out_free_netdev; 726 727 err = register_netdev(dev); 728 if (err) 729 goto out_free_buffers; 730 731 /* after register_netdev() - because else printk smashes the kernel */ 732 switch (crc_force) { 733 case 3: 734 ax->crcmode = CRC_MODE_SMACK; 735 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n", 736 ax->dev->name); 737 break; 738 case 2: 739 ax->crcmode = CRC_MODE_FLEX; 740 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n", 741 ax->dev->name); 742 break; 743 case 1: 744 ax->crcmode = CRC_MODE_NONE; 745 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n", 746 ax->dev->name); 747 break; 748 case 0: 749 default: 750 crc_force = 0; 751 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n", 752 ax->dev->name); 753 ax->crcmode = CRC_MODE_SMACK_TEST; 754 } 755 ax->crcauto = (crc_force ? 0 : 1); 756 757 netif_start_queue(dev); 758 759 /* Done. We have linked the TTY line to a channel. */ 760 return 0; 761 762 out_free_buffers: 763 kfree(ax->rbuff); 764 kfree(ax->xbuff); 765 766 out_free_netdev: 767 free_netdev(dev); 768 769 out: 770 return err; 771 } 772 773 static void mkiss_close(struct tty_struct *tty) 774 { 775 struct mkiss *ax; 776 777 write_lock_irq(&disc_data_lock); 778 ax = tty->disc_data; 779 tty->disc_data = NULL; 780 write_unlock_irq(&disc_data_lock); 781 782 if (!ax) 783 return; 784 785 /* 786 * We have now ensured that nobody can start using ap from now on, but 787 * we have to wait for all existing users to finish. 788 */ 789 if (!refcount_dec_and_test(&ax->refcnt)) 790 wait_for_completion(&ax->dead); 791 /* 792 * Halt the transmit queue so that a new transmit cannot scribble 793 * on our buffers 794 */ 795 netif_stop_queue(ax->dev); 796 797 ax->tty = NULL; 798 799 unregister_netdev(ax->dev); 800 801 /* Free all AX25 frame buffers after unreg. */ 802 kfree(ax->rbuff); 803 kfree(ax->xbuff); 804 805 free_netdev(ax->dev); 806 } 807 808 /* Perform I/O control on an active ax25 channel. */ 809 static int mkiss_ioctl(struct tty_struct *tty, struct file *file, 810 unsigned int cmd, unsigned long arg) 811 { 812 struct mkiss *ax = mkiss_get(tty); 813 struct net_device *dev; 814 unsigned int tmp, err; 815 816 /* First make sure we're connected. */ 817 if (ax == NULL) 818 return -ENXIO; 819 dev = ax->dev; 820 821 switch (cmd) { 822 case SIOCGIFNAME: 823 err = copy_to_user((void __user *) arg, ax->dev->name, 824 strlen(ax->dev->name) + 1) ? -EFAULT : 0; 825 break; 826 827 case SIOCGIFENCAP: 828 err = put_user(4, (int __user *) arg); 829 break; 830 831 case SIOCSIFENCAP: 832 if (get_user(tmp, (int __user *) arg)) { 833 err = -EFAULT; 834 break; 835 } 836 837 ax->mode = tmp; 838 dev->addr_len = AX25_ADDR_LEN; 839 dev->hard_header_len = AX25_KISS_HEADER_LEN + 840 AX25_MAX_HEADER_LEN + 3; 841 dev->type = ARPHRD_AX25; 842 843 err = 0; 844 break; 845 846 case SIOCSIFHWADDR: { 847 char addr[AX25_ADDR_LEN]; 848 849 if (copy_from_user(&addr, 850 (void __user *) arg, AX25_ADDR_LEN)) { 851 err = -EFAULT; 852 break; 853 } 854 855 netif_tx_lock_bh(dev); 856 __dev_addr_set(dev, addr, AX25_ADDR_LEN); 857 netif_tx_unlock_bh(dev); 858 859 err = 0; 860 break; 861 } 862 default: 863 err = -ENOIOCTLCMD; 864 } 865 866 mkiss_put(ax); 867 868 return err; 869 } 870 871 /* 872 * Handle the 'receiver data ready' interrupt. 873 * This function is called by the 'tty_io' module in the kernel when 874 * a block of data has been received, which can now be decapsulated 875 * and sent on to the AX.25 layer for further processing. 876 */ 877 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp, 878 const char *fp, int count) 879 { 880 struct mkiss *ax = mkiss_get(tty); 881 882 if (!ax) 883 return; 884 885 /* 886 * Argh! mtu change time! - costs us the packet part received 887 * at the change 888 */ 889 if (ax->mtu != ax->dev->mtu + 73) 890 ax_changedmtu(ax); 891 892 /* Read the characters out of the buffer */ 893 while (count--) { 894 if (fp != NULL && *fp++) { 895 if (!test_and_set_bit(AXF_ERROR, &ax->flags)) 896 ax->dev->stats.rx_errors++; 897 cp++; 898 continue; 899 } 900 901 kiss_unesc(ax, *cp++); 902 } 903 904 mkiss_put(ax); 905 tty_unthrottle(tty); 906 } 907 908 /* 909 * Called by the driver when there's room for more data. If we have 910 * more packets to send, we send them here. 911 */ 912 static void mkiss_write_wakeup(struct tty_struct *tty) 913 { 914 struct mkiss *ax = mkiss_get(tty); 915 int actual; 916 917 if (!ax) 918 return; 919 920 if (ax->xleft <= 0) { 921 /* Now serial buffer is almost free & we can start 922 * transmission of another packet 923 */ 924 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 925 926 netif_wake_queue(ax->dev); 927 goto out; 928 } 929 930 actual = tty->ops->write(tty, ax->xhead, ax->xleft); 931 ax->xleft -= actual; 932 ax->xhead += actual; 933 934 out: 935 mkiss_put(ax); 936 } 937 938 static struct tty_ldisc_ops ax_ldisc = { 939 .owner = THIS_MODULE, 940 .num = N_AX25, 941 .name = "mkiss", 942 .open = mkiss_open, 943 .close = mkiss_close, 944 .ioctl = mkiss_ioctl, 945 .receive_buf = mkiss_receive_buf, 946 .write_wakeup = mkiss_write_wakeup 947 }; 948 949 static const char banner[] __initconst = KERN_INFO \ 950 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n"; 951 static const char msg_regfail[] __initconst = KERN_ERR \ 952 "mkiss: can't register line discipline (err = %d)\n"; 953 954 static int __init mkiss_init_driver(void) 955 { 956 int status; 957 958 printk(banner); 959 960 status = tty_register_ldisc(&ax_ldisc); 961 if (status != 0) 962 printk(msg_regfail, status); 963 964 return status; 965 } 966 967 static void __exit mkiss_exit_driver(void) 968 { 969 tty_unregister_ldisc(&ax_ldisc); 970 } 971 972 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>"); 973 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs"); 974 module_param(crc_force, int, 0); 975 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]"); 976 MODULE_LICENSE("GPL"); 977 MODULE_ALIAS_LDISC(N_AX25); 978 979 module_init(mkiss_init_driver); 980 module_exit(mkiss_exit_driver); 981