1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 7 * 8 * Outgoing path: 9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc 10 * control message -> GSM MUX control queue --´ 11 * 12 * Incoming path: 13 * ldisc -> gsm_queue() -o--> tty 14 * `-> gsm_control_response() 15 * 16 * TO DO: 17 * Mostly done: ioctls for setting modes/timing 18 * Partly done: hooks so you can pull off frames to non tty devs 19 * Restart DLCI 0 when it closes ? 20 * Improve the tx engine 21 * Resolve tx side locking by adding a queue_head and routing 22 * all control traffic via it 23 * General tidy/document 24 * Review the locking/move to refcounts more (mux now moved to an 25 * alloc/free model ready) 26 * Use newest tty open/close port helpers and install hooks 27 * What to do about power functions ? 28 * Termios setting and negotiation 29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 30 * 31 */ 32 33 #include <linux/types.h> 34 #include <linux/major.h> 35 #include <linux/errno.h> 36 #include <linux/signal.h> 37 #include <linux/fcntl.h> 38 #include <linux/sched/signal.h> 39 #include <linux/interrupt.h> 40 #include <linux/tty.h> 41 #include <linux/bitfield.h> 42 #include <linux/ctype.h> 43 #include <linux/mm.h> 44 #include <linux/math.h> 45 #include <linux/nospec.h> 46 #include <linux/string.h> 47 #include <linux/slab.h> 48 #include <linux/poll.h> 49 #include <linux/bitops.h> 50 #include <linux/file.h> 51 #include <linux/uaccess.h> 52 #include <linux/module.h> 53 #include <linux/timer.h> 54 #include <linux/tty_flip.h> 55 #include <linux/tty_driver.h> 56 #include <linux/serial.h> 57 #include <linux/kfifo.h> 58 #include <linux/skbuff.h> 59 #include <net/arp.h> 60 #include <linux/ip.h> 61 #include <linux/netdevice.h> 62 #include <linux/etherdevice.h> 63 #include <linux/gsmmux.h> 64 #include "tty.h" 65 66 static int debug; 67 module_param(debug, int, 0600); 68 69 /* Module debug bits */ 70 #define DBG_DUMP BIT(0) /* Data transmission dump. */ 71 #define DBG_CD_ON BIT(1) /* Always assume CD line on. */ 72 #define DBG_DATA BIT(2) /* Data transmission details. */ 73 #define DBG_ERRORS BIT(3) /* Details for fail conditions. */ 74 #define DBG_TTY BIT(4) /* Transmission statistics for DLCI TTYs. */ 75 #define DBG_PAYLOAD BIT(5) /* Limits DBG_DUMP to payload frames. */ 76 77 /* Defaults: these are from the specification */ 78 79 #define T1 10 /* 100mS */ 80 #define T2 34 /* 333mS */ 81 #define T3 10 /* 10s */ 82 #define N2 3 /* Retry 3 times */ 83 #define K 2 /* outstanding I frames */ 84 85 #define MAX_T3 255 /* In seconds. */ 86 #define MAX_WINDOW_SIZE 7 /* Limit of K in error recovery mode. */ 87 88 /* Use long timers for testing at low speed with debug on */ 89 #ifdef DEBUG_TIMING 90 #define T1 100 91 #define T2 200 92 #endif 93 94 /* 95 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 96 * limits so this is plenty 97 */ 98 #define MAX_MRU 1500 99 #define MAX_MTU 1500 100 #define MIN_MTU (PROT_OVERHEAD + 1) 101 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */ 102 #define PROT_OVERHEAD 7 103 #define GSM_NET_TX_TIMEOUT (HZ*10) 104 105 /* 106 * struct gsm_mux_net - network interface 107 * 108 * Created when net interface is initialized. 109 */ 110 struct gsm_mux_net { 111 struct kref ref; 112 struct gsm_dlci *dlci; 113 }; 114 115 /* 116 * Each block of data we have queued to go out is in the form of 117 * a gsm_msg which holds everything we need in a link layer independent 118 * format 119 */ 120 121 struct gsm_msg { 122 struct list_head list; 123 u8 addr; /* DLCI address + flags */ 124 u8 ctrl; /* Control byte + flags */ 125 unsigned int len; /* Length of data block (can be zero) */ 126 unsigned char *data; /* Points into buffer but not at the start */ 127 unsigned char buffer[]; 128 }; 129 130 enum gsm_dlci_state { 131 DLCI_CLOSED, 132 DLCI_WAITING_CONFIG, /* Waiting for DLCI configuration from user */ 133 DLCI_CONFIGURE, /* Sending PN (for adaption > 1) */ 134 DLCI_OPENING, /* Sending SABM not seen UA */ 135 DLCI_OPEN, /* SABM/UA complete */ 136 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 137 }; 138 139 enum gsm_dlci_mode { 140 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 141 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 142 }; 143 144 /* 145 * Each active data link has a gsm_dlci structure associated which ties 146 * the link layer to an optional tty (if the tty side is open). To avoid 147 * complexity right now these are only ever freed up when the mux is 148 * shut down. 149 * 150 * At the moment we don't free DLCI objects until the mux is torn down 151 * this avoid object life time issues but might be worth review later. 152 */ 153 154 struct gsm_dlci { 155 struct gsm_mux *gsm; 156 int addr; 157 enum gsm_dlci_state state; 158 struct mutex mutex; 159 160 /* Link layer */ 161 enum gsm_dlci_mode mode; 162 spinlock_t lock; /* Protects the internal state */ 163 struct timer_list t1; /* Retransmit timer for SABM and UA */ 164 int retries; 165 /* Uplink tty if active */ 166 struct tty_port port; /* The tty bound to this DLCI if there is one */ 167 #define TX_SIZE 4096 /* Must be power of 2. */ 168 struct kfifo fifo; /* Queue fifo for the DLCI */ 169 int adaption; /* Adaption layer in use */ 170 int prev_adaption; 171 u32 modem_rx; /* Our incoming virtual modem lines */ 172 u32 modem_tx; /* Our outgoing modem lines */ 173 unsigned int mtu; 174 bool dead; /* Refuse re-open */ 175 /* Configuration */ 176 u8 prio; /* Priority */ 177 u8 ftype; /* Frame type */ 178 u8 k; /* Window size */ 179 /* Flow control */ 180 bool throttled; /* Private copy of throttle state */ 181 bool constipated; /* Throttle status for outgoing */ 182 /* Packetised I/O */ 183 struct sk_buff *skb; /* Frame being sent */ 184 struct sk_buff_head skb_list; /* Queued frames */ 185 /* Data handling callback */ 186 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 187 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 188 struct net_device *net; /* network interface, if created */ 189 }; 190 191 /* 192 * Parameter bits used for parameter negotiation according to 3GPP 27.010 193 * chapter 5.4.6.3.1. 194 */ 195 196 struct gsm_dlci_param_bits { 197 u8 d_bits; 198 u8 i_cl_bits; 199 u8 p_bits; 200 u8 t_bits; 201 __le16 n_bits; 202 u8 na_bits; 203 u8 k_bits; 204 }; 205 206 static_assert(sizeof(struct gsm_dlci_param_bits) == 8); 207 208 #define PN_D_FIELD_DLCI GENMASK(5, 0) 209 #define PN_I_CL_FIELD_FTYPE GENMASK(3, 0) 210 #define PN_I_CL_FIELD_ADAPTION GENMASK(7, 4) 211 #define PN_P_FIELD_PRIO GENMASK(5, 0) 212 #define PN_T_FIELD_T1 GENMASK(7, 0) 213 #define PN_N_FIELD_N1 GENMASK(15, 0) 214 #define PN_NA_FIELD_N2 GENMASK(7, 0) 215 #define PN_K_FIELD_K GENMASK(2, 0) 216 217 /* Total number of supported devices */ 218 #define GSM_TTY_MINORS 256 219 220 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 221 222 #define NUM_DLCI 64 223 224 /* 225 * DLCI 0 is used to pass control blocks out of band of the data 226 * flow (and with a higher link priority). One command can be outstanding 227 * at a time and we use this structure to manage them. They are created 228 * and destroyed by the user context, and updated by the receive paths 229 * and timers 230 */ 231 232 struct gsm_control { 233 u8 cmd; /* Command we are issuing */ 234 u8 *data; /* Data for the command in case we retransmit */ 235 int len; /* Length of block for retransmission */ 236 int done; /* Done flag */ 237 int error; /* Error if any */ 238 }; 239 240 enum gsm_encoding { 241 GSM_BASIC_OPT, 242 GSM_ADV_OPT, 243 }; 244 245 enum gsm_mux_state { 246 GSM_SEARCH, 247 GSM0_ADDRESS, 248 GSM0_CONTROL, 249 GSM0_LEN0, 250 GSM0_LEN1, 251 GSM0_DATA, 252 GSM0_FCS, 253 GSM0_SSOF, 254 GSM1_START, 255 GSM1_ADDRESS, 256 GSM1_CONTROL, 257 GSM1_DATA, 258 GSM1_OVERRUN, 259 }; 260 261 /* 262 * Each GSM mux we have is represented by this structure. If we are 263 * operating as an ldisc then we use this structure as our ldisc 264 * state. We need to sort out lifetimes and locking with respect 265 * to the gsm mux array. For now we don't free DLCI objects that 266 * have been instantiated until the mux itself is terminated. 267 * 268 * To consider further: tty open versus mux shutdown. 269 */ 270 271 struct gsm_mux { 272 struct tty_struct *tty; /* The tty our ldisc is bound to */ 273 spinlock_t lock; 274 struct mutex mutex; 275 unsigned int num; 276 struct kref ref; 277 278 /* Events on the GSM channel */ 279 wait_queue_head_t event; 280 281 /* ldisc send work */ 282 struct work_struct tx_work; 283 284 /* Bits for GSM mode decoding */ 285 286 /* Framing Layer */ 287 unsigned char *buf; 288 enum gsm_mux_state state; 289 unsigned int len; 290 unsigned int address; 291 unsigned int count; 292 bool escape; 293 enum gsm_encoding encoding; 294 u8 control; 295 u8 fcs; 296 u8 *txframe; /* TX framing buffer */ 297 298 /* Method for the receiver side */ 299 void (*receive)(struct gsm_mux *gsm, u8 ch); 300 301 /* Link Layer */ 302 unsigned int mru; 303 unsigned int mtu; 304 int initiator; /* Did we initiate connection */ 305 bool dead; /* Has the mux been shut down */ 306 struct gsm_dlci *dlci[NUM_DLCI]; 307 int old_c_iflag; /* termios c_iflag value before attach */ 308 bool constipated; /* Asked by remote to shut up */ 309 bool has_devices; /* Devices were registered */ 310 311 spinlock_t tx_lock; 312 unsigned int tx_bytes; /* TX data outstanding */ 313 #define TX_THRESH_HI 8192 314 #define TX_THRESH_LO 2048 315 struct list_head tx_ctrl_list; /* Pending control packets */ 316 struct list_head tx_data_list; /* Pending data packets */ 317 318 /* Control messages */ 319 struct timer_list kick_timer; /* Kick TX queuing on timeout */ 320 struct timer_list t2_timer; /* Retransmit timer for commands */ 321 int cretries; /* Command retry counter */ 322 struct gsm_control *pending_cmd;/* Our current pending command */ 323 spinlock_t control_lock; /* Protects the pending command */ 324 325 /* Keep-alive */ 326 struct timer_list ka_timer; /* Keep-alive response timer */ 327 u8 ka_num; /* Keep-alive match pattern */ 328 signed int ka_retries; /* Keep-alive retry counter, -1 if not yet initialized */ 329 330 /* Configuration */ 331 int adaption; /* 1 or 2 supported */ 332 u8 ftype; /* UI or UIH */ 333 int t1, t2; /* Timers in 1/100th of a sec */ 334 unsigned int t3; /* Power wake-up timer in seconds. */ 335 int n2; /* Retry count */ 336 u8 k; /* Window size */ 337 bool wait_config; /* Wait for configuration by ioctl before DLCI open */ 338 u32 keep_alive; /* Control channel keep-alive in 10ms */ 339 340 /* Statistics (not currently exposed) */ 341 unsigned long bad_fcs; 342 unsigned long malformed; 343 unsigned long io_error; 344 unsigned long open_error; 345 unsigned long bad_size; 346 unsigned long unsupported; 347 }; 348 349 350 /* 351 * Mux objects - needed so that we can translate a tty index into the 352 * relevant mux and DLCI. 353 */ 354 355 #define MAX_MUX 4 /* 256 minors */ 356 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 357 static DEFINE_SPINLOCK(gsm_mux_lock); 358 359 static struct tty_driver *gsm_tty_driver; 360 361 /* 362 * This section of the driver logic implements the GSM encodings 363 * both the basic and the 'advanced'. Reliable transport is not 364 * supported. 365 */ 366 367 #define CR 0x02 368 #define EA 0x01 369 #define PF 0x10 370 371 /* I is special: the rest are ..*/ 372 #define RR 0x01 373 #define UI 0x03 374 #define RNR 0x05 375 #define REJ 0x09 376 #define DM 0x0F 377 #define SABM 0x2F 378 #define DISC 0x43 379 #define UA 0x63 380 #define UIH 0xEF 381 382 /* Channel commands */ 383 #define CMD_NSC 0x09 384 #define CMD_TEST 0x11 385 #define CMD_PSC 0x21 386 #define CMD_RLS 0x29 387 #define CMD_FCOFF 0x31 388 #define CMD_PN 0x41 389 #define CMD_RPN 0x49 390 #define CMD_FCON 0x51 391 #define CMD_CLD 0x61 392 #define CMD_SNC 0x69 393 #define CMD_MSC 0x71 394 395 /* Virtual modem bits */ 396 #define MDM_FC 0x01 397 #define MDM_RTC 0x02 398 #define MDM_RTR 0x04 399 #define MDM_IC 0x20 400 #define MDM_DV 0x40 401 402 #define GSM0_SOF 0xF9 403 #define GSM1_SOF 0x7E 404 #define GSM1_ESCAPE 0x7D 405 #define GSM1_ESCAPE_BITS 0x20 406 #define XON 0x11 407 #define XOFF 0x13 408 #define ISO_IEC_646_MASK 0x7F 409 410 static const struct tty_port_operations gsm_port_ops; 411 412 /* 413 * CRC table for GSM 0710 414 */ 415 416 static const u8 gsm_fcs8[256] = { 417 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 418 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 419 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 420 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 421 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 422 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 423 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 424 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 425 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 426 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 427 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 428 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 429 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 430 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 431 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 432 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 433 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 434 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 435 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 436 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 437 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 438 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 439 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 440 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 441 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 442 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 443 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 444 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 445 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 446 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 447 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 448 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 449 }; 450 451 #define INIT_FCS 0xFF 452 #define GOOD_FCS 0xCF 453 454 static void gsm_dlci_close(struct gsm_dlci *dlci); 455 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len); 456 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk); 457 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 458 u8 ctrl); 459 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg); 460 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr); 461 static void gsmld_write_trigger(struct gsm_mux *gsm); 462 static void gsmld_write_task(struct work_struct *work); 463 464 /** 465 * gsm_fcs_add - update FCS 466 * @fcs: Current FCS 467 * @c: Next data 468 * 469 * Update the FCS to include c. Uses the algorithm in the specification 470 * notes. 471 */ 472 473 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 474 { 475 return gsm_fcs8[fcs ^ c]; 476 } 477 478 /** 479 * gsm_fcs_add_block - update FCS for a block 480 * @fcs: Current FCS 481 * @c: buffer of data 482 * @len: length of buffer 483 * 484 * Update the FCS to include c. Uses the algorithm in the specification 485 * notes. 486 */ 487 488 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 489 { 490 while (len--) 491 fcs = gsm_fcs8[fcs ^ *c++]; 492 return fcs; 493 } 494 495 /** 496 * gsm_read_ea - read a byte into an EA 497 * @val: variable holding value 498 * @c: byte going into the EA 499 * 500 * Processes one byte of an EA. Updates the passed variable 501 * and returns 1 if the EA is now completely read 502 */ 503 504 static int gsm_read_ea(unsigned int *val, u8 c) 505 { 506 /* Add the next 7 bits into the value */ 507 *val <<= 7; 508 *val |= c >> 1; 509 /* Was this the last byte of the EA 1 = yes*/ 510 return c & EA; 511 } 512 513 /** 514 * gsm_read_ea_val - read a value until EA 515 * @val: variable holding value 516 * @data: buffer of data 517 * @dlen: length of data 518 * 519 * Processes an EA value. Updates the passed variable and 520 * returns the processed data length. 521 */ 522 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen) 523 { 524 unsigned int len = 0; 525 526 for (; dlen > 0; dlen--) { 527 len++; 528 if (gsm_read_ea(val, *data++)) 529 break; 530 } 531 return len; 532 } 533 534 /** 535 * gsm_encode_modem - encode modem data bits 536 * @dlci: DLCI to encode from 537 * 538 * Returns the correct GSM encoded modem status bits (6 bit field) for 539 * the current status of the DLCI and attached tty object 540 */ 541 542 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 543 { 544 u8 modembits = 0; 545 /* FC is true flow control not modem bits */ 546 if (dlci->throttled) 547 modembits |= MDM_FC; 548 if (dlci->modem_tx & TIOCM_DTR) 549 modembits |= MDM_RTC; 550 if (dlci->modem_tx & TIOCM_RTS) 551 modembits |= MDM_RTR; 552 if (dlci->modem_tx & TIOCM_RI) 553 modembits |= MDM_IC; 554 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator) 555 modembits |= MDM_DV; 556 /* special mappings for passive side to operate as UE */ 557 if (dlci->modem_tx & TIOCM_OUT1) 558 modembits |= MDM_IC; 559 if (dlci->modem_tx & TIOCM_OUT2) 560 modembits |= MDM_DV; 561 return modembits; 562 } 563 564 static void gsm_hex_dump_bytes(const char *fname, const u8 *data, 565 unsigned long len) 566 { 567 char *prefix; 568 569 if (!fname) { 570 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len, 571 true); 572 return; 573 } 574 575 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname); 576 if (!prefix) 577 return; 578 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len, 579 true); 580 kfree(prefix); 581 } 582 583 /** 584 * gsm_encode_params - encode DLCI parameters 585 * @dlci: DLCI to encode from 586 * @params: buffer to fill with the encoded parameters 587 * 588 * Encodes the parameters according to GSM 07.10 section 5.4.6.3.1 589 * table 3. 590 */ 591 static int gsm_encode_params(const struct gsm_dlci *dlci, 592 struct gsm_dlci_param_bits *params) 593 { 594 const struct gsm_mux *gsm = dlci->gsm; 595 unsigned int i, cl; 596 597 switch (dlci->ftype) { 598 case UIH: 599 i = 0; /* UIH */ 600 break; 601 case UI: 602 i = 1; /* UI */ 603 break; 604 default: 605 pr_debug("unsupported frame type %d\n", dlci->ftype); 606 return -EINVAL; 607 } 608 609 switch (dlci->adaption) { 610 case 1: /* Unstructured */ 611 cl = 0; /* convergence layer type 1 */ 612 break; 613 case 2: /* Unstructured with modem bits. */ 614 cl = 1; /* convergence layer type 2 */ 615 break; 616 default: 617 pr_debug("unsupported adaption %d\n", dlci->adaption); 618 return -EINVAL; 619 } 620 621 params->d_bits = FIELD_PREP(PN_D_FIELD_DLCI, dlci->addr); 622 /* UIH, convergence layer type 1 */ 623 params->i_cl_bits = FIELD_PREP(PN_I_CL_FIELD_FTYPE, i) | 624 FIELD_PREP(PN_I_CL_FIELD_ADAPTION, cl); 625 params->p_bits = FIELD_PREP(PN_P_FIELD_PRIO, dlci->prio); 626 params->t_bits = FIELD_PREP(PN_T_FIELD_T1, gsm->t1); 627 params->n_bits = cpu_to_le16(FIELD_PREP(PN_N_FIELD_N1, dlci->mtu)); 628 params->na_bits = FIELD_PREP(PN_NA_FIELD_N2, gsm->n2); 629 params->k_bits = FIELD_PREP(PN_K_FIELD_K, dlci->k); 630 631 return 0; 632 } 633 634 /** 635 * gsm_register_devices - register all tty devices for a given mux index 636 * 637 * @driver: the tty driver that describes the tty devices 638 * @index: the mux number is used to calculate the minor numbers of the 639 * ttys for this mux and may differ from the position in the 640 * mux array. 641 */ 642 static int gsm_register_devices(struct tty_driver *driver, unsigned int index) 643 { 644 struct device *dev; 645 int i; 646 unsigned int base; 647 648 if (!driver || index >= MAX_MUX) 649 return -EINVAL; 650 651 base = index * NUM_DLCI; /* first minor for this index */ 652 for (i = 1; i < NUM_DLCI; i++) { 653 /* Don't register device 0 - this is the control channel 654 * and not a usable tty interface 655 */ 656 dev = tty_register_device(gsm_tty_driver, base + i, NULL); 657 if (IS_ERR(dev)) { 658 if (debug & DBG_ERRORS) 659 pr_info("%s failed to register device minor %u", 660 __func__, base + i); 661 for (i--; i >= 1; i--) 662 tty_unregister_device(gsm_tty_driver, base + i); 663 return PTR_ERR(dev); 664 } 665 } 666 667 return 0; 668 } 669 670 /** 671 * gsm_unregister_devices - unregister all tty devices for a given mux index 672 * 673 * @driver: the tty driver that describes the tty devices 674 * @index: the mux number is used to calculate the minor numbers of the 675 * ttys for this mux and may differ from the position in the 676 * mux array. 677 */ 678 static void gsm_unregister_devices(struct tty_driver *driver, 679 unsigned int index) 680 { 681 int i; 682 unsigned int base; 683 684 if (!driver || index >= MAX_MUX) 685 return; 686 687 base = index * NUM_DLCI; /* first minor for this index */ 688 for (i = 1; i < NUM_DLCI; i++) { 689 /* Don't unregister device 0 - this is the control 690 * channel and not a usable tty interface 691 */ 692 tty_unregister_device(gsm_tty_driver, base + i); 693 } 694 } 695 696 /** 697 * gsm_print_packet - display a frame for debug 698 * @hdr: header to print before decode 699 * @addr: address EA from the frame 700 * @cr: C/R bit seen as initiator 701 * @control: control including PF bit 702 * @data: following data bytes 703 * @dlen: length of data 704 * 705 * Displays a packet in human readable format for debugging purposes. The 706 * style is based on amateur radio LAP-B dump display. 707 */ 708 709 static void gsm_print_packet(const char *hdr, int addr, int cr, 710 u8 control, const u8 *data, int dlen) 711 { 712 if (!(debug & DBG_DUMP)) 713 return; 714 /* Only show user payload frames if debug & DBG_PAYLOAD */ 715 if (!(debug & DBG_PAYLOAD) && addr != 0) 716 if ((control & ~PF) == UI || (control & ~PF) == UIH) 717 return; 718 719 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 720 721 switch (control & ~PF) { 722 case SABM: 723 pr_cont("SABM"); 724 break; 725 case UA: 726 pr_cont("UA"); 727 break; 728 case DISC: 729 pr_cont("DISC"); 730 break; 731 case DM: 732 pr_cont("DM"); 733 break; 734 case UI: 735 pr_cont("UI"); 736 break; 737 case UIH: 738 pr_cont("UIH"); 739 break; 740 default: 741 if (!(control & 0x01)) { 742 pr_cont("I N(S)%d N(R)%d", 743 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 744 } else switch (control & 0x0F) { 745 case RR: 746 pr_cont("RR(%d)", (control & 0xE0) >> 5); 747 break; 748 case RNR: 749 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 750 break; 751 case REJ: 752 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 753 break; 754 default: 755 pr_cont("[%02X]", control); 756 } 757 } 758 759 if (control & PF) 760 pr_cont("(P)"); 761 else 762 pr_cont("(F)"); 763 764 gsm_hex_dump_bytes(NULL, data, dlen); 765 } 766 767 768 /* 769 * Link level transmission side 770 */ 771 772 /** 773 * gsm_stuff_frame - bytestuff a packet 774 * @input: input buffer 775 * @output: output buffer 776 * @len: length of input 777 * 778 * Expand a buffer by bytestuffing it. The worst case size change 779 * is doubling and the caller is responsible for handing out 780 * suitable sized buffers. 781 */ 782 783 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 784 { 785 int olen = 0; 786 while (len--) { 787 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 788 || (*input & ISO_IEC_646_MASK) == XON 789 || (*input & ISO_IEC_646_MASK) == XOFF) { 790 *output++ = GSM1_ESCAPE; 791 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 792 olen++; 793 } else 794 *output++ = *input++; 795 olen++; 796 } 797 return olen; 798 } 799 800 /** 801 * gsm_send - send a control frame 802 * @gsm: our GSM mux 803 * @addr: address for control frame 804 * @cr: command/response bit seen as initiator 805 * @control: control byte including PF bit 806 * 807 * Format up and transmit a control frame. These should be transmitted 808 * ahead of data when they are needed. 809 */ 810 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 811 { 812 struct gsm_msg *msg; 813 u8 *dp; 814 int ocr; 815 unsigned long flags; 816 817 msg = gsm_data_alloc(gsm, addr, 0, control); 818 if (!msg) 819 return -ENOMEM; 820 821 /* toggle C/R coding if not initiator */ 822 ocr = cr ^ (gsm->initiator ? 0 : 1); 823 824 msg->data -= 3; 825 dp = msg->data; 826 *dp++ = (addr << 2) | (ocr << 1) | EA; 827 *dp++ = control; 828 829 if (gsm->encoding == GSM_BASIC_OPT) 830 *dp++ = EA; /* Length of data = 0 */ 831 832 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data); 833 msg->len = (dp - msg->data) + 1; 834 835 gsm_print_packet("Q->", addr, cr, control, NULL, 0); 836 837 spin_lock_irqsave(&gsm->tx_lock, flags); 838 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 839 gsm->tx_bytes += msg->len; 840 spin_unlock_irqrestore(&gsm->tx_lock, flags); 841 gsmld_write_trigger(gsm); 842 843 return 0; 844 } 845 846 /** 847 * gsm_dlci_clear_queues - remove outstanding data for a DLCI 848 * @gsm: mux 849 * @dlci: clear for this DLCI 850 * 851 * Clears the data queues for a given DLCI. 852 */ 853 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci) 854 { 855 struct gsm_msg *msg, *nmsg; 856 int addr = dlci->addr; 857 unsigned long flags; 858 859 /* Clear DLCI write fifo first */ 860 spin_lock_irqsave(&dlci->lock, flags); 861 kfifo_reset(&dlci->fifo); 862 spin_unlock_irqrestore(&dlci->lock, flags); 863 864 /* Clear data packets in MUX write queue */ 865 spin_lock_irqsave(&gsm->tx_lock, flags); 866 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 867 if (msg->addr != addr) 868 continue; 869 gsm->tx_bytes -= msg->len; 870 list_del(&msg->list); 871 kfree(msg); 872 } 873 spin_unlock_irqrestore(&gsm->tx_lock, flags); 874 } 875 876 /** 877 * gsm_response - send a control response 878 * @gsm: our GSM mux 879 * @addr: address for control frame 880 * @control: control byte including PF bit 881 * 882 * Format up and transmit a link level response frame. 883 */ 884 885 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 886 { 887 gsm_send(gsm, addr, 0, control); 888 } 889 890 /** 891 * gsm_command - send a control command 892 * @gsm: our GSM mux 893 * @addr: address for control frame 894 * @control: control byte including PF bit 895 * 896 * Format up and transmit a link level command frame. 897 */ 898 899 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 900 { 901 gsm_send(gsm, addr, 1, control); 902 } 903 904 /* Data transmission */ 905 906 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 907 908 /** 909 * gsm_data_alloc - allocate data frame 910 * @gsm: GSM mux 911 * @addr: DLCI address 912 * @len: length excluding header and FCS 913 * @ctrl: control byte 914 * 915 * Allocate a new data buffer for sending frames with data. Space is left 916 * at the front for header bytes but that is treated as an implementation 917 * detail and not for the high level code to use 918 */ 919 920 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 921 u8 ctrl) 922 { 923 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 924 GFP_ATOMIC); 925 if (m == NULL) 926 return NULL; 927 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 928 m->len = len; 929 m->addr = addr; 930 m->ctrl = ctrl; 931 INIT_LIST_HEAD(&m->list); 932 return m; 933 } 934 935 /** 936 * gsm_send_packet - sends a single packet 937 * @gsm: GSM Mux 938 * @msg: packet to send 939 * 940 * The given packet is encoded and sent out. No memory is freed. 941 * The caller must hold the gsm tx lock. 942 */ 943 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg) 944 { 945 int len, ret; 946 947 948 if (gsm->encoding == GSM_BASIC_OPT) { 949 gsm->txframe[0] = GSM0_SOF; 950 memcpy(gsm->txframe + 1, msg->data, msg->len); 951 gsm->txframe[msg->len + 1] = GSM0_SOF; 952 len = msg->len + 2; 953 } else { 954 gsm->txframe[0] = GSM1_SOF; 955 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len); 956 gsm->txframe[len + 1] = GSM1_SOF; 957 len += 2; 958 } 959 960 if (debug & DBG_DATA) 961 gsm_hex_dump_bytes(__func__, gsm->txframe, len); 962 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data, 963 msg->len); 964 965 ret = gsmld_output(gsm, gsm->txframe, len); 966 if (ret <= 0) 967 return ret; 968 /* FIXME: Can eliminate one SOF in many more cases */ 969 gsm->tx_bytes -= msg->len; 970 971 return 0; 972 } 973 974 /** 975 * gsm_is_flow_ctrl_msg - checks if flow control message 976 * @msg: message to check 977 * 978 * Returns true if the given message is a flow control command of the 979 * control channel. False is returned in any other case. 980 */ 981 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg) 982 { 983 unsigned int cmd; 984 985 if (msg->addr > 0) 986 return false; 987 988 switch (msg->ctrl & ~PF) { 989 case UI: 990 case UIH: 991 cmd = 0; 992 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1) 993 break; 994 switch (cmd & ~PF) { 995 case CMD_FCOFF: 996 case CMD_FCON: 997 return true; 998 } 999 break; 1000 } 1001 1002 return false; 1003 } 1004 1005 /** 1006 * gsm_data_kick - poke the queue 1007 * @gsm: GSM Mux 1008 * 1009 * The tty device has called us to indicate that room has appeared in 1010 * the transmit queue. Ram more data into the pipe if we have any. 1011 * If we have been flow-stopped by a CMD_FCOFF, then we can only 1012 * send messages on DLCI0 until CMD_FCON. The caller must hold 1013 * the gsm tx lock. 1014 */ 1015 static int gsm_data_kick(struct gsm_mux *gsm) 1016 { 1017 struct gsm_msg *msg, *nmsg; 1018 struct gsm_dlci *dlci; 1019 int ret; 1020 1021 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 1022 1023 /* Serialize control messages and control channel messages first */ 1024 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) { 1025 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg)) 1026 continue; 1027 ret = gsm_send_packet(gsm, msg); 1028 switch (ret) { 1029 case -ENOSPC: 1030 return -ENOSPC; 1031 case -ENODEV: 1032 /* ldisc not open */ 1033 gsm->tx_bytes -= msg->len; 1034 list_del(&msg->list); 1035 kfree(msg); 1036 continue; 1037 default: 1038 if (ret >= 0) { 1039 list_del(&msg->list); 1040 kfree(msg); 1041 } 1042 break; 1043 } 1044 } 1045 1046 if (gsm->constipated) 1047 return -EAGAIN; 1048 1049 /* Serialize other channels */ 1050 if (list_empty(&gsm->tx_data_list)) 1051 return 0; 1052 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 1053 dlci = gsm->dlci[msg->addr]; 1054 /* Send only messages for DLCIs with valid state */ 1055 if (dlci->state != DLCI_OPEN) { 1056 gsm->tx_bytes -= msg->len; 1057 list_del(&msg->list); 1058 kfree(msg); 1059 continue; 1060 } 1061 ret = gsm_send_packet(gsm, msg); 1062 switch (ret) { 1063 case -ENOSPC: 1064 return -ENOSPC; 1065 case -ENODEV: 1066 /* ldisc not open */ 1067 gsm->tx_bytes -= msg->len; 1068 list_del(&msg->list); 1069 kfree(msg); 1070 continue; 1071 default: 1072 if (ret >= 0) { 1073 list_del(&msg->list); 1074 kfree(msg); 1075 } 1076 break; 1077 } 1078 } 1079 1080 return 1; 1081 } 1082 1083 /** 1084 * __gsm_data_queue - queue a UI or UIH frame 1085 * @dlci: DLCI sending the data 1086 * @msg: message queued 1087 * 1088 * Add data to the transmit queue and try and get stuff moving 1089 * out of the mux tty if not already doing so. The Caller must hold 1090 * the gsm tx lock. 1091 */ 1092 1093 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 1094 { 1095 struct gsm_mux *gsm = dlci->gsm; 1096 u8 *dp = msg->data; 1097 u8 *fcs = dp + msg->len; 1098 1099 /* Fill in the header */ 1100 if (gsm->encoding == GSM_BASIC_OPT) { 1101 if (msg->len < 128) 1102 *--dp = (msg->len << 1) | EA; 1103 else { 1104 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 1105 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 1106 } 1107 } 1108 1109 *--dp = msg->ctrl; 1110 if (gsm->initiator) 1111 *--dp = (msg->addr << 2) | CR | EA; 1112 else 1113 *--dp = (msg->addr << 2) | EA; 1114 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 1115 /* Ugly protocol layering violation */ 1116 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 1117 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 1118 *fcs = 0xFF - *fcs; 1119 1120 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 1121 msg->data, msg->len); 1122 1123 /* Move the header back and adjust the length, also allow for the FCS 1124 now tacked on the end */ 1125 msg->len += (msg->data - dp) + 1; 1126 msg->data = dp; 1127 1128 /* Add to the actual output queue */ 1129 switch (msg->ctrl & ~PF) { 1130 case UI: 1131 case UIH: 1132 if (msg->addr > 0) { 1133 list_add_tail(&msg->list, &gsm->tx_data_list); 1134 break; 1135 } 1136 fallthrough; 1137 default: 1138 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 1139 break; 1140 } 1141 gsm->tx_bytes += msg->len; 1142 1143 gsmld_write_trigger(gsm); 1144 mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100); 1145 } 1146 1147 /** 1148 * gsm_data_queue - queue a UI or UIH frame 1149 * @dlci: DLCI sending the data 1150 * @msg: message queued 1151 * 1152 * Add data to the transmit queue and try and get stuff moving 1153 * out of the mux tty if not already doing so. Take the 1154 * the gsm tx lock and dlci lock. 1155 */ 1156 1157 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 1158 { 1159 unsigned long flags; 1160 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 1161 __gsm_data_queue(dlci, msg); 1162 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 1163 } 1164 1165 /** 1166 * gsm_dlci_data_output - try and push data out of a DLCI 1167 * @gsm: mux 1168 * @dlci: the DLCI to pull data from 1169 * 1170 * Pull data from a DLCI and send it into the transmit queue if there 1171 * is data. Keep to the MRU of the mux. This path handles the usual tty 1172 * interface which is a byte stream with optional modem data. 1173 * 1174 * Caller must hold the tx_lock of the mux. 1175 */ 1176 1177 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 1178 { 1179 struct gsm_msg *msg; 1180 u8 *dp; 1181 int h, len, size; 1182 1183 /* for modem bits without break data */ 1184 h = ((dlci->adaption == 1) ? 0 : 1); 1185 1186 len = kfifo_len(&dlci->fifo); 1187 if (len == 0) 1188 return 0; 1189 1190 /* MTU/MRU count only the data bits but watch adaption mode */ 1191 if ((len + h) > dlci->mtu) 1192 len = dlci->mtu - h; 1193 1194 size = len + h; 1195 1196 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1197 if (!msg) 1198 return -ENOMEM; 1199 dp = msg->data; 1200 switch (dlci->adaption) { 1201 case 1: /* Unstructured */ 1202 break; 1203 case 2: /* Unstructured with modem bits. 1204 * Always one byte as we never send inline break data 1205 */ 1206 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1207 break; 1208 default: 1209 pr_err("%s: unsupported adaption %d\n", __func__, 1210 dlci->adaption); 1211 break; 1212 } 1213 1214 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len, 1215 &dlci->lock)); 1216 1217 /* Notify upper layer about available send space. */ 1218 tty_port_tty_wakeup(&dlci->port); 1219 1220 __gsm_data_queue(dlci, msg); 1221 /* Bytes of data we used up */ 1222 return size; 1223 } 1224 1225 /** 1226 * gsm_dlci_data_output_framed - try and push data out of a DLCI 1227 * @gsm: mux 1228 * @dlci: the DLCI to pull data from 1229 * 1230 * Pull data from a DLCI and send it into the transmit queue if there 1231 * is data. Keep to the MRU of the mux. This path handles framed data 1232 * queued as skbuffs to the DLCI. 1233 * 1234 * Caller must hold the tx_lock of the mux. 1235 */ 1236 1237 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 1238 struct gsm_dlci *dlci) 1239 { 1240 struct gsm_msg *msg; 1241 u8 *dp; 1242 int len, size; 1243 int last = 0, first = 0; 1244 int overhead = 0; 1245 1246 /* One byte per frame is used for B/F flags */ 1247 if (dlci->adaption == 4) 1248 overhead = 1; 1249 1250 /* dlci->skb is locked by tx_lock */ 1251 if (dlci->skb == NULL) { 1252 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 1253 if (dlci->skb == NULL) 1254 return 0; 1255 first = 1; 1256 } 1257 len = dlci->skb->len + overhead; 1258 1259 /* MTU/MRU count only the data bits */ 1260 if (len > dlci->mtu) { 1261 if (dlci->adaption == 3) { 1262 /* Over long frame, bin it */ 1263 dev_kfree_skb_any(dlci->skb); 1264 dlci->skb = NULL; 1265 return 0; 1266 } 1267 len = dlci->mtu; 1268 } else 1269 last = 1; 1270 1271 size = len + overhead; 1272 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1273 if (msg == NULL) { 1274 skb_queue_tail(&dlci->skb_list, dlci->skb); 1275 dlci->skb = NULL; 1276 return -ENOMEM; 1277 } 1278 dp = msg->data; 1279 1280 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 1281 /* Flag byte to carry the start/end info */ 1282 *dp++ = last << 7 | first << 6 | 1; /* EA */ 1283 len--; 1284 } 1285 memcpy(dp, dlci->skb->data, len); 1286 skb_pull(dlci->skb, len); 1287 __gsm_data_queue(dlci, msg); 1288 if (last) { 1289 dev_kfree_skb_any(dlci->skb); 1290 dlci->skb = NULL; 1291 } 1292 return size; 1293 } 1294 1295 /** 1296 * gsm_dlci_modem_output - try and push modem status out of a DLCI 1297 * @gsm: mux 1298 * @dlci: the DLCI to pull modem status from 1299 * @brk: break signal 1300 * 1301 * Push an empty frame in to the transmit queue to update the modem status 1302 * bits and to transmit an optional break. 1303 * 1304 * Caller must hold the tx_lock of the mux. 1305 */ 1306 1307 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci, 1308 u8 brk) 1309 { 1310 u8 *dp = NULL; 1311 struct gsm_msg *msg; 1312 int size = 0; 1313 1314 /* for modem bits without break data */ 1315 switch (dlci->adaption) { 1316 case 1: /* Unstructured */ 1317 break; 1318 case 2: /* Unstructured with modem bits. */ 1319 size++; 1320 if (brk > 0) 1321 size++; 1322 break; 1323 default: 1324 pr_err("%s: unsupported adaption %d\n", __func__, 1325 dlci->adaption); 1326 return -EINVAL; 1327 } 1328 1329 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1330 if (!msg) { 1331 pr_err("%s: gsm_data_alloc error", __func__); 1332 return -ENOMEM; 1333 } 1334 dp = msg->data; 1335 switch (dlci->adaption) { 1336 case 1: /* Unstructured */ 1337 break; 1338 case 2: /* Unstructured with modem bits. */ 1339 if (brk == 0) { 1340 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1341 } else { 1342 *dp++ = gsm_encode_modem(dlci) << 1; 1343 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */ 1344 } 1345 break; 1346 default: 1347 /* Handled above */ 1348 break; 1349 } 1350 1351 __gsm_data_queue(dlci, msg); 1352 return size; 1353 } 1354 1355 /** 1356 * gsm_dlci_data_sweep - look for data to send 1357 * @gsm: the GSM mux 1358 * 1359 * Sweep the GSM mux channels in priority order looking for ones with 1360 * data to send. We could do with optimising this scan a bit. We aim 1361 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 1362 * TX_THRESH_LO we get called again 1363 * 1364 * FIXME: We should round robin between groups and in theory you can 1365 * renegotiate DLCI priorities with optional stuff. Needs optimising. 1366 */ 1367 1368 static int gsm_dlci_data_sweep(struct gsm_mux *gsm) 1369 { 1370 /* Priority ordering: We should do priority with RR of the groups */ 1371 int i, len, ret = 0; 1372 bool sent; 1373 struct gsm_dlci *dlci; 1374 1375 while (gsm->tx_bytes < TX_THRESH_HI) { 1376 for (sent = false, i = 1; i < NUM_DLCI; i++) { 1377 dlci = gsm->dlci[i]; 1378 /* skip unused or blocked channel */ 1379 if (!dlci || dlci->constipated) 1380 continue; 1381 /* skip channels with invalid state */ 1382 if (dlci->state != DLCI_OPEN) 1383 continue; 1384 /* count the sent data per adaption */ 1385 if (dlci->adaption < 3 && !dlci->net) 1386 len = gsm_dlci_data_output(gsm, dlci); 1387 else 1388 len = gsm_dlci_data_output_framed(gsm, dlci); 1389 /* on error exit */ 1390 if (len < 0) 1391 return ret; 1392 if (len > 0) { 1393 ret++; 1394 sent = true; 1395 /* The lower DLCs can starve the higher DLCs! */ 1396 break; 1397 } 1398 /* try next */ 1399 } 1400 if (!sent) 1401 break; 1402 } 1403 1404 return ret; 1405 } 1406 1407 /** 1408 * gsm_dlci_data_kick - transmit if possible 1409 * @dlci: DLCI to kick 1410 * 1411 * Transmit data from this DLCI if the queue is empty. We can't rely on 1412 * a tty wakeup except when we filled the pipe so we need to fire off 1413 * new data ourselves in other cases. 1414 */ 1415 1416 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 1417 { 1418 unsigned long flags; 1419 int sweep; 1420 1421 if (dlci->constipated) 1422 return; 1423 1424 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 1425 /* If we have nothing running then we need to fire up */ 1426 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 1427 if (dlci->gsm->tx_bytes == 0) { 1428 if (dlci->net) 1429 gsm_dlci_data_output_framed(dlci->gsm, dlci); 1430 else 1431 gsm_dlci_data_output(dlci->gsm, dlci); 1432 } 1433 if (sweep) 1434 gsm_dlci_data_sweep(dlci->gsm); 1435 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 1436 } 1437 1438 /* 1439 * Control message processing 1440 */ 1441 1442 1443 /** 1444 * gsm_control_command - send a command frame to a control 1445 * @gsm: gsm channel 1446 * @cmd: the command to use 1447 * @data: data to follow encoded info 1448 * @dlen: length of data 1449 * 1450 * Encode up and queue a UI/UIH frame containing our command. 1451 */ 1452 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data, 1453 int dlen) 1454 { 1455 struct gsm_msg *msg; 1456 struct gsm_dlci *dlci = gsm->dlci[0]; 1457 1458 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype); 1459 if (msg == NULL) 1460 return -ENOMEM; 1461 1462 msg->data[0] = (cmd << 1) | CR | EA; /* Set C/R */ 1463 msg->data[1] = (dlen << 1) | EA; 1464 memcpy(msg->data + 2, data, dlen); 1465 gsm_data_queue(dlci, msg); 1466 1467 return 0; 1468 } 1469 1470 /** 1471 * gsm_control_reply - send a response frame to a control 1472 * @gsm: gsm channel 1473 * @cmd: the command to use 1474 * @data: data to follow encoded info 1475 * @dlen: length of data 1476 * 1477 * Encode up and queue a UI/UIH frame containing our response. 1478 */ 1479 1480 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 1481 int dlen) 1482 { 1483 struct gsm_msg *msg; 1484 struct gsm_dlci *dlci = gsm->dlci[0]; 1485 1486 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype); 1487 if (msg == NULL) 1488 return; 1489 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 1490 msg->data[1] = (dlen << 1) | EA; 1491 memcpy(msg->data + 2, data, dlen); 1492 gsm_data_queue(dlci, msg); 1493 } 1494 1495 /** 1496 * gsm_process_modem - process received modem status 1497 * @tty: virtual tty bound to the DLCI 1498 * @dlci: DLCI to affect 1499 * @modem: modem bits (full EA) 1500 * @slen: number of signal octets 1501 * 1502 * Used when a modem control message or line state inline in adaption 1503 * layer 2 is processed. Sort out the local modem state and throttles 1504 */ 1505 1506 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1507 u32 modem, int slen) 1508 { 1509 int mlines = 0; 1510 u8 brk = 0; 1511 int fc; 1512 1513 /* The modem status command can either contain one octet (V.24 signals) 1514 * or two octets (V.24 signals + break signals). This is specified in 1515 * section 5.4.6.3.7 of the 07.10 mux spec. 1516 */ 1517 1518 if (slen == 1) 1519 modem = modem & 0x7f; 1520 else { 1521 brk = modem & 0x7f; 1522 modem = (modem >> 7) & 0x7f; 1523 } 1524 1525 /* Flow control/ready to communicate */ 1526 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1527 if (fc && !dlci->constipated) { 1528 /* Need to throttle our output on this device */ 1529 dlci->constipated = true; 1530 } else if (!fc && dlci->constipated) { 1531 dlci->constipated = false; 1532 gsm_dlci_data_kick(dlci); 1533 } 1534 1535 /* Map modem bits */ 1536 if (modem & MDM_RTC) 1537 mlines |= TIOCM_DSR | TIOCM_DTR; 1538 if (modem & MDM_RTR) 1539 mlines |= TIOCM_RTS | TIOCM_CTS; 1540 if (modem & MDM_IC) 1541 mlines |= TIOCM_RI; 1542 if (modem & MDM_DV) 1543 mlines |= TIOCM_CD; 1544 1545 /* Carrier drop -> hangup */ 1546 if (tty) { 1547 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1548 if (!C_CLOCAL(tty)) 1549 tty_hangup(tty); 1550 } 1551 if (brk & 0x01) 1552 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1553 dlci->modem_rx = mlines; 1554 wake_up_interruptible(&dlci->gsm->event); 1555 } 1556 1557 /** 1558 * gsm_process_negotiation - process received parameters 1559 * @gsm: GSM channel 1560 * @addr: DLCI address 1561 * @cr: command/response 1562 * @params: encoded parameters from the parameter negotiation message 1563 * 1564 * Used when the response for our parameter negotiation command was 1565 * received. 1566 */ 1567 static int gsm_process_negotiation(struct gsm_mux *gsm, unsigned int addr, 1568 unsigned int cr, 1569 const struct gsm_dlci_param_bits *params) 1570 { 1571 struct gsm_dlci *dlci = gsm->dlci[addr]; 1572 unsigned int ftype, i, adaption, prio, n1, k; 1573 1574 i = FIELD_GET(PN_I_CL_FIELD_FTYPE, params->i_cl_bits); 1575 adaption = FIELD_GET(PN_I_CL_FIELD_ADAPTION, params->i_cl_bits) + 1; 1576 prio = FIELD_GET(PN_P_FIELD_PRIO, params->p_bits); 1577 n1 = FIELD_GET(PN_N_FIELD_N1, get_unaligned_le16(¶ms->n_bits)); 1578 k = FIELD_GET(PN_K_FIELD_K, params->k_bits); 1579 1580 if (n1 < MIN_MTU) { 1581 if (debug & DBG_ERRORS) 1582 pr_info("%s N1 out of range in PN\n", __func__); 1583 return -EINVAL; 1584 } 1585 1586 switch (i) { 1587 case 0x00: 1588 ftype = UIH; 1589 break; 1590 case 0x01: 1591 ftype = UI; 1592 break; 1593 case 0x02: /* I frames are not supported */ 1594 if (debug & DBG_ERRORS) 1595 pr_info("%s unsupported I frame request in PN\n", 1596 __func__); 1597 gsm->unsupported++; 1598 return -EINVAL; 1599 default: 1600 if (debug & DBG_ERRORS) 1601 pr_info("%s i out of range in PN\n", __func__); 1602 return -EINVAL; 1603 } 1604 1605 if (!cr && gsm->initiator) { 1606 if (adaption != dlci->adaption) { 1607 if (debug & DBG_ERRORS) 1608 pr_info("%s invalid adaption %d in PN\n", 1609 __func__, adaption); 1610 return -EINVAL; 1611 } 1612 if (prio != dlci->prio) { 1613 if (debug & DBG_ERRORS) 1614 pr_info("%s invalid priority %d in PN", 1615 __func__, prio); 1616 return -EINVAL; 1617 } 1618 if (n1 > gsm->mru || n1 > dlci->mtu) { 1619 /* We requested a frame size but the other party wants 1620 * to send larger frames. The standard allows only a 1621 * smaller response value than requested (5.4.6.3.1). 1622 */ 1623 if (debug & DBG_ERRORS) 1624 pr_info("%s invalid N1 %d in PN\n", __func__, 1625 n1); 1626 return -EINVAL; 1627 } 1628 dlci->mtu = n1; 1629 if (ftype != dlci->ftype) { 1630 if (debug & DBG_ERRORS) 1631 pr_info("%s invalid i %d in PN\n", __func__, i); 1632 return -EINVAL; 1633 } 1634 if (ftype != UI && ftype != UIH && k > dlci->k) { 1635 if (debug & DBG_ERRORS) 1636 pr_info("%s invalid k %d in PN\n", __func__, k); 1637 return -EINVAL; 1638 } 1639 dlci->k = k; 1640 } else if (cr && !gsm->initiator) { 1641 /* Only convergence layer type 1 and 2 are supported. */ 1642 if (adaption != 1 && adaption != 2) { 1643 if (debug & DBG_ERRORS) 1644 pr_info("%s invalid adaption %d in PN\n", 1645 __func__, adaption); 1646 return -EINVAL; 1647 } 1648 dlci->adaption = adaption; 1649 if (n1 > gsm->mru) { 1650 /* Propose a smaller value */ 1651 dlci->mtu = gsm->mru; 1652 } else if (n1 > MAX_MTU) { 1653 /* Propose a smaller value */ 1654 dlci->mtu = MAX_MTU; 1655 } else { 1656 dlci->mtu = n1; 1657 } 1658 dlci->prio = prio; 1659 dlci->ftype = ftype; 1660 dlci->k = k; 1661 } else { 1662 return -EINVAL; 1663 } 1664 1665 return 0; 1666 } 1667 1668 /** 1669 * gsm_control_modem - modem status received 1670 * @gsm: GSM channel 1671 * @data: data following command 1672 * @clen: command length 1673 * 1674 * We have received a modem status control message. This is used by 1675 * the GSM mux protocol to pass virtual modem line status and optionally 1676 * to indicate break signals. Unpack it, convert to Linux representation 1677 * and if need be stuff a break message down the tty. 1678 */ 1679 1680 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1681 { 1682 unsigned int addr = 0; 1683 unsigned int modem = 0; 1684 struct gsm_dlci *dlci; 1685 int len = clen; 1686 int cl = clen; 1687 const u8 *dp = data; 1688 struct tty_struct *tty; 1689 1690 len = gsm_read_ea_val(&addr, data, cl); 1691 if (len < 1) 1692 return; 1693 1694 addr >>= 1; 1695 /* Closed port, or invalid ? */ 1696 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1697 return; 1698 dlci = gsm->dlci[addr]; 1699 1700 /* Must be at least one byte following the EA */ 1701 if ((cl - len) < 1) 1702 return; 1703 1704 dp += len; 1705 cl -= len; 1706 1707 /* get the modem status */ 1708 len = gsm_read_ea_val(&modem, dp, cl); 1709 if (len < 1) 1710 return; 1711 1712 tty = tty_port_tty_get(&dlci->port); 1713 gsm_process_modem(tty, dlci, modem, cl); 1714 if (tty) { 1715 tty_wakeup(tty); 1716 tty_kref_put(tty); 1717 } 1718 gsm_control_reply(gsm, CMD_MSC, data, clen); 1719 } 1720 1721 /** 1722 * gsm_control_negotiation - parameter negotiation received 1723 * @gsm: GSM channel 1724 * @cr: command/response flag 1725 * @data: data following command 1726 * @dlen: data length 1727 * 1728 * We have received a parameter negotiation message. This is used by 1729 * the GSM mux protocol to configure protocol parameters for a new DLCI. 1730 */ 1731 static void gsm_control_negotiation(struct gsm_mux *gsm, unsigned int cr, 1732 const u8 *data, unsigned int dlen) 1733 { 1734 unsigned int addr; 1735 struct gsm_dlci_param_bits pn_reply; 1736 struct gsm_dlci *dlci; 1737 struct gsm_dlci_param_bits *params; 1738 1739 if (dlen < sizeof(struct gsm_dlci_param_bits)) { 1740 gsm->open_error++; 1741 return; 1742 } 1743 1744 /* Invalid DLCI? */ 1745 params = (struct gsm_dlci_param_bits *)data; 1746 addr = FIELD_GET(PN_D_FIELD_DLCI, params->d_bits); 1747 if (addr == 0 || addr >= NUM_DLCI || !gsm->dlci[addr]) { 1748 gsm->open_error++; 1749 return; 1750 } 1751 dlci = gsm->dlci[addr]; 1752 1753 /* Too late for parameter negotiation? */ 1754 if ((!cr && dlci->state == DLCI_OPENING) || dlci->state == DLCI_OPEN) { 1755 gsm->open_error++; 1756 return; 1757 } 1758 1759 /* Process the received parameters */ 1760 if (gsm_process_negotiation(gsm, addr, cr, params) != 0) { 1761 /* Negotiation failed. Close the link. */ 1762 if (debug & DBG_ERRORS) 1763 pr_info("%s PN failed\n", __func__); 1764 gsm->open_error++; 1765 gsm_dlci_close(dlci); 1766 return; 1767 } 1768 1769 if (cr) { 1770 /* Reply command with accepted parameters. */ 1771 if (gsm_encode_params(dlci, &pn_reply) == 0) 1772 gsm_control_reply(gsm, CMD_PN, (const u8 *)&pn_reply, 1773 sizeof(pn_reply)); 1774 else if (debug & DBG_ERRORS) 1775 pr_info("%s PN invalid\n", __func__); 1776 } else if (dlci->state == DLCI_CONFIGURE) { 1777 /* Proceed with link setup by sending SABM before UA */ 1778 dlci->state = DLCI_OPENING; 1779 gsm_command(gsm, dlci->addr, SABM|PF); 1780 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1781 } else { 1782 if (debug & DBG_ERRORS) 1783 pr_info("%s PN in invalid state\n", __func__); 1784 gsm->open_error++; 1785 } 1786 } 1787 1788 /** 1789 * gsm_control_rls - remote line status 1790 * @gsm: GSM channel 1791 * @data: data bytes 1792 * @clen: data length 1793 * 1794 * The modem sends us a two byte message on the control channel whenever 1795 * it wishes to send us an error state from the virtual link. Stuff 1796 * this into the uplink tty if present 1797 */ 1798 1799 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1800 { 1801 struct tty_port *port; 1802 unsigned int addr = 0; 1803 u8 bits; 1804 int len = clen; 1805 const u8 *dp = data; 1806 1807 while (gsm_read_ea(&addr, *dp++) == 0) { 1808 len--; 1809 if (len == 0) 1810 return; 1811 } 1812 /* Must be at least one byte following ea */ 1813 len--; 1814 if (len <= 0) 1815 return; 1816 addr >>= 1; 1817 /* Closed port, or invalid ? */ 1818 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1819 return; 1820 /* No error ? */ 1821 bits = *dp; 1822 if ((bits & 1) == 0) 1823 return; 1824 1825 port = &gsm->dlci[addr]->port; 1826 1827 if (bits & 2) 1828 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1829 if (bits & 4) 1830 tty_insert_flip_char(port, 0, TTY_PARITY); 1831 if (bits & 8) 1832 tty_insert_flip_char(port, 0, TTY_FRAME); 1833 1834 tty_flip_buffer_push(port); 1835 1836 gsm_control_reply(gsm, CMD_RLS, data, clen); 1837 } 1838 1839 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1840 1841 /** 1842 * gsm_control_message - DLCI 0 control processing 1843 * @gsm: our GSM mux 1844 * @command: the command EA 1845 * @data: data beyond the command/length EAs 1846 * @clen: length 1847 * 1848 * Input processor for control messages from the other end of the link. 1849 * Processes the incoming request and queues a response frame or an 1850 * NSC response if not supported 1851 */ 1852 1853 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1854 const u8 *data, int clen) 1855 { 1856 u8 buf[1]; 1857 1858 switch (command) { 1859 case CMD_CLD: { 1860 struct gsm_dlci *dlci = gsm->dlci[0]; 1861 /* Modem wishes to close down */ 1862 if (dlci) { 1863 dlci->dead = true; 1864 gsm->dead = true; 1865 gsm_dlci_begin_close(dlci); 1866 } 1867 } 1868 break; 1869 case CMD_TEST: 1870 /* Modem wishes to test, reply with the data */ 1871 gsm_control_reply(gsm, CMD_TEST, data, clen); 1872 break; 1873 case CMD_FCON: 1874 /* Modem can accept data again */ 1875 gsm->constipated = false; 1876 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1877 /* Kick the link in case it is idling */ 1878 gsmld_write_trigger(gsm); 1879 break; 1880 case CMD_FCOFF: 1881 /* Modem wants us to STFU */ 1882 gsm->constipated = true; 1883 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1884 break; 1885 case CMD_MSC: 1886 /* Out of band modem line change indicator for a DLCI */ 1887 gsm_control_modem(gsm, data, clen); 1888 break; 1889 case CMD_RLS: 1890 /* Out of band error reception for a DLCI */ 1891 gsm_control_rls(gsm, data, clen); 1892 break; 1893 case CMD_PSC: 1894 /* Modem wishes to enter power saving state */ 1895 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1896 break; 1897 /* Optional commands */ 1898 case CMD_PN: 1899 /* Modem sends a parameter negotiation command */ 1900 gsm_control_negotiation(gsm, 1, data, clen); 1901 break; 1902 /* Optional unsupported commands */ 1903 case CMD_RPN: /* Remote port negotiation */ 1904 case CMD_SNC: /* Service negotiation command */ 1905 gsm->unsupported++; 1906 fallthrough; 1907 default: 1908 /* Reply to bad commands with an NSC */ 1909 buf[0] = command; 1910 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1911 break; 1912 } 1913 } 1914 1915 /** 1916 * gsm_control_response - process a response to our control 1917 * @gsm: our GSM mux 1918 * @command: the command (response) EA 1919 * @data: data beyond the command/length EA 1920 * @clen: length 1921 * 1922 * Process a response to an outstanding command. We only allow a single 1923 * control message in flight so this is fairly easy. All the clean up 1924 * is done by the caller, we just update the fields, flag it as done 1925 * and return 1926 */ 1927 1928 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1929 const u8 *data, int clen) 1930 { 1931 struct gsm_control *ctrl; 1932 struct gsm_dlci *dlci; 1933 unsigned long flags; 1934 1935 spin_lock_irqsave(&gsm->control_lock, flags); 1936 1937 ctrl = gsm->pending_cmd; 1938 dlci = gsm->dlci[0]; 1939 command |= 1; 1940 /* Does the reply match our command */ 1941 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1942 /* Our command was replied to, kill the retry timer */ 1943 del_timer(&gsm->t2_timer); 1944 gsm->pending_cmd = NULL; 1945 /* Rejected by the other end */ 1946 if (command == CMD_NSC) 1947 ctrl->error = -EOPNOTSUPP; 1948 ctrl->done = 1; 1949 wake_up(&gsm->event); 1950 /* Or did we receive the PN response to our PN command */ 1951 } else if (command == CMD_PN) { 1952 gsm_control_negotiation(gsm, 0, data, clen); 1953 /* Or did we receive the TEST response to our TEST command */ 1954 } else if (command == CMD_TEST && clen == 1 && *data == gsm->ka_num) { 1955 gsm->ka_retries = -1; /* trigger new keep-alive message */ 1956 if (dlci && !dlci->dead) 1957 mod_timer(&gsm->ka_timer, jiffies + gsm->keep_alive * HZ / 100); 1958 } 1959 spin_unlock_irqrestore(&gsm->control_lock, flags); 1960 } 1961 1962 /** 1963 * gsm_control_keep_alive - check timeout or start keep-alive 1964 * @t: timer contained in our gsm object 1965 * 1966 * Called off the keep-alive timer expiry signaling that our link 1967 * partner is not responding anymore. Link will be closed. 1968 * This is also called to startup our timer. 1969 */ 1970 1971 static void gsm_control_keep_alive(struct timer_list *t) 1972 { 1973 struct gsm_mux *gsm = from_timer(gsm, t, ka_timer); 1974 unsigned long flags; 1975 1976 spin_lock_irqsave(&gsm->control_lock, flags); 1977 if (gsm->ka_num && gsm->ka_retries == 0) { 1978 /* Keep-alive expired -> close the link */ 1979 if (debug & DBG_ERRORS) 1980 pr_debug("%s keep-alive timed out\n", __func__); 1981 spin_unlock_irqrestore(&gsm->control_lock, flags); 1982 if (gsm->dlci[0]) 1983 gsm_dlci_begin_close(gsm->dlci[0]); 1984 return; 1985 } else if (gsm->keep_alive && gsm->dlci[0] && !gsm->dlci[0]->dead) { 1986 if (gsm->ka_retries > 0) { 1987 /* T2 expired for keep-alive -> resend */ 1988 gsm->ka_retries--; 1989 } else { 1990 /* Start keep-alive timer */ 1991 gsm->ka_num++; 1992 if (!gsm->ka_num) 1993 gsm->ka_num++; 1994 gsm->ka_retries = (signed int)gsm->n2; 1995 } 1996 gsm_control_command(gsm, CMD_TEST, &gsm->ka_num, 1997 sizeof(gsm->ka_num)); 1998 mod_timer(&gsm->ka_timer, 1999 jiffies + gsm->t2 * HZ / 100); 2000 } 2001 spin_unlock_irqrestore(&gsm->control_lock, flags); 2002 } 2003 2004 /** 2005 * gsm_control_transmit - send control packet 2006 * @gsm: gsm mux 2007 * @ctrl: frame to send 2008 * 2009 * Send out a pending control command (called under control lock) 2010 */ 2011 2012 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 2013 { 2014 gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len); 2015 } 2016 2017 /** 2018 * gsm_control_retransmit - retransmit a control frame 2019 * @t: timer contained in our gsm object 2020 * 2021 * Called off the T2 timer expiry in order to retransmit control frames 2022 * that have been lost in the system somewhere. The control_lock protects 2023 * us from colliding with another sender or a receive completion event. 2024 * In that situation the timer may still occur in a small window but 2025 * gsm->pending_cmd will be NULL and we just let the timer expire. 2026 */ 2027 2028 static void gsm_control_retransmit(struct timer_list *t) 2029 { 2030 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer); 2031 struct gsm_control *ctrl; 2032 unsigned long flags; 2033 spin_lock_irqsave(&gsm->control_lock, flags); 2034 ctrl = gsm->pending_cmd; 2035 if (ctrl) { 2036 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) { 2037 gsm->pending_cmd = NULL; 2038 ctrl->error = -ETIMEDOUT; 2039 ctrl->done = 1; 2040 spin_unlock_irqrestore(&gsm->control_lock, flags); 2041 wake_up(&gsm->event); 2042 return; 2043 } 2044 gsm->cretries--; 2045 gsm_control_transmit(gsm, ctrl); 2046 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 2047 } 2048 spin_unlock_irqrestore(&gsm->control_lock, flags); 2049 } 2050 2051 /** 2052 * gsm_control_send - send a control frame on DLCI 0 2053 * @gsm: the GSM channel 2054 * @command: command to send including CR bit 2055 * @data: bytes of data (must be kmalloced) 2056 * @clen: length of the block to send 2057 * 2058 * Queue and dispatch a control command. Only one command can be 2059 * active at a time. In theory more can be outstanding but the matching 2060 * gets really complicated so for now stick to one outstanding. 2061 */ 2062 2063 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 2064 unsigned int command, u8 *data, int clen) 2065 { 2066 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), 2067 GFP_ATOMIC); 2068 unsigned long flags; 2069 if (ctrl == NULL) 2070 return NULL; 2071 retry: 2072 wait_event(gsm->event, gsm->pending_cmd == NULL); 2073 spin_lock_irqsave(&gsm->control_lock, flags); 2074 if (gsm->pending_cmd != NULL) { 2075 spin_unlock_irqrestore(&gsm->control_lock, flags); 2076 goto retry; 2077 } 2078 ctrl->cmd = command; 2079 ctrl->data = data; 2080 ctrl->len = clen; 2081 gsm->pending_cmd = ctrl; 2082 2083 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 2084 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 2085 gsm->cretries = 0; 2086 else 2087 gsm->cretries = gsm->n2; 2088 2089 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 2090 gsm_control_transmit(gsm, ctrl); 2091 spin_unlock_irqrestore(&gsm->control_lock, flags); 2092 return ctrl; 2093 } 2094 2095 /** 2096 * gsm_control_wait - wait for a control to finish 2097 * @gsm: GSM mux 2098 * @control: control we are waiting on 2099 * 2100 * Waits for the control to complete or time out. Frees any used 2101 * resources and returns 0 for success, or an error if the remote 2102 * rejected or ignored the request. 2103 */ 2104 2105 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 2106 { 2107 int err; 2108 wait_event(gsm->event, control->done == 1); 2109 err = control->error; 2110 kfree(control); 2111 return err; 2112 } 2113 2114 2115 /* 2116 * DLCI level handling: Needs krefs 2117 */ 2118 2119 /* 2120 * State transitions and timers 2121 */ 2122 2123 /** 2124 * gsm_dlci_close - a DLCI has closed 2125 * @dlci: DLCI that closed 2126 * 2127 * Perform processing when moving a DLCI into closed state. If there 2128 * is an attached tty this is hung up 2129 */ 2130 2131 static void gsm_dlci_close(struct gsm_dlci *dlci) 2132 { 2133 del_timer(&dlci->t1); 2134 if (debug & DBG_ERRORS) 2135 pr_debug("DLCI %d goes closed.\n", dlci->addr); 2136 dlci->state = DLCI_CLOSED; 2137 /* Prevent us from sending data before the link is up again */ 2138 dlci->constipated = true; 2139 if (dlci->addr != 0) { 2140 tty_port_tty_hangup(&dlci->port, false); 2141 gsm_dlci_clear_queues(dlci->gsm, dlci); 2142 /* Ensure that gsmtty_open() can return. */ 2143 tty_port_set_initialized(&dlci->port, false); 2144 wake_up_interruptible(&dlci->port.open_wait); 2145 } else { 2146 del_timer(&dlci->gsm->ka_timer); 2147 dlci->gsm->dead = true; 2148 } 2149 /* A DLCI 0 close is a MUX termination so we need to kick that 2150 back to userspace somehow */ 2151 gsm_dlci_data_kick(dlci); 2152 wake_up_all(&dlci->gsm->event); 2153 } 2154 2155 /** 2156 * gsm_dlci_open - a DLCI has opened 2157 * @dlci: DLCI that opened 2158 * 2159 * Perform processing when moving a DLCI into open state. 2160 */ 2161 2162 static void gsm_dlci_open(struct gsm_dlci *dlci) 2163 { 2164 struct gsm_mux *gsm = dlci->gsm; 2165 2166 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 2167 open -> open */ 2168 del_timer(&dlci->t1); 2169 /* This will let a tty open continue */ 2170 dlci->state = DLCI_OPEN; 2171 dlci->constipated = false; 2172 if (debug & DBG_ERRORS) 2173 pr_debug("DLCI %d goes open.\n", dlci->addr); 2174 /* Send current modem state */ 2175 if (dlci->addr) { 2176 gsm_modem_update(dlci, 0); 2177 } else { 2178 /* Start keep-alive control */ 2179 gsm->ka_num = 0; 2180 gsm->ka_retries = -1; 2181 mod_timer(&gsm->ka_timer, 2182 jiffies + gsm->keep_alive * HZ / 100); 2183 } 2184 gsm_dlci_data_kick(dlci); 2185 wake_up(&dlci->gsm->event); 2186 } 2187 2188 /** 2189 * gsm_dlci_negotiate - start parameter negotiation 2190 * @dlci: DLCI to open 2191 * 2192 * Starts the parameter negotiation for the new DLCI. This needs to be done 2193 * before the DLCI initialized the channel via SABM. 2194 */ 2195 static int gsm_dlci_negotiate(struct gsm_dlci *dlci) 2196 { 2197 struct gsm_mux *gsm = dlci->gsm; 2198 struct gsm_dlci_param_bits params; 2199 int ret; 2200 2201 ret = gsm_encode_params(dlci, ¶ms); 2202 if (ret != 0) 2203 return ret; 2204 2205 /* We cannot asynchronous wait for the command response with 2206 * gsm_command() and gsm_control_wait() at this point. 2207 */ 2208 ret = gsm_control_command(gsm, CMD_PN, (const u8 *)¶ms, 2209 sizeof(params)); 2210 2211 return ret; 2212 } 2213 2214 /** 2215 * gsm_dlci_t1 - T1 timer expiry 2216 * @t: timer contained in the DLCI that opened 2217 * 2218 * The T1 timer handles retransmits of control frames (essentially of 2219 * SABM and DISC). We resend the command until the retry count runs out 2220 * in which case an opening port goes back to closed and a closing port 2221 * is simply put into closed state (any further frames from the other 2222 * end will get a DM response) 2223 * 2224 * Some control dlci can stay in ADM mode with other dlci working just 2225 * fine. In that case we can just keep the control dlci open after the 2226 * DLCI_OPENING retries time out. 2227 */ 2228 2229 static void gsm_dlci_t1(struct timer_list *t) 2230 { 2231 struct gsm_dlci *dlci = from_timer(dlci, t, t1); 2232 struct gsm_mux *gsm = dlci->gsm; 2233 2234 switch (dlci->state) { 2235 case DLCI_CONFIGURE: 2236 if (dlci->retries && gsm_dlci_negotiate(dlci) == 0) { 2237 dlci->retries--; 2238 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2239 } else { 2240 gsm->open_error++; 2241 gsm_dlci_begin_close(dlci); /* prevent half open link */ 2242 } 2243 break; 2244 case DLCI_OPENING: 2245 if (dlci->retries) { 2246 dlci->retries--; 2247 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 2248 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2249 } else if (!dlci->addr && gsm->control == (DM | PF)) { 2250 if (debug & DBG_ERRORS) 2251 pr_info("DLCI %d opening in ADM mode.\n", 2252 dlci->addr); 2253 dlci->mode = DLCI_MODE_ADM; 2254 gsm_dlci_open(dlci); 2255 } else { 2256 gsm->open_error++; 2257 gsm_dlci_begin_close(dlci); /* prevent half open link */ 2258 } 2259 2260 break; 2261 case DLCI_CLOSING: 2262 if (dlci->retries) { 2263 dlci->retries--; 2264 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 2265 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2266 } else 2267 gsm_dlci_close(dlci); 2268 break; 2269 default: 2270 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 2271 break; 2272 } 2273 } 2274 2275 /** 2276 * gsm_dlci_begin_open - start channel open procedure 2277 * @dlci: DLCI to open 2278 * 2279 * Commence opening a DLCI from the Linux side. We issue SABM messages 2280 * to the modem which should then reply with a UA or ADM, at which point 2281 * we will move into open state. Opening is done asynchronously with retry 2282 * running off timers and the responses. 2283 * Parameter negotiation is performed before SABM if required. 2284 */ 2285 2286 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 2287 { 2288 struct gsm_mux *gsm = dlci ? dlci->gsm : NULL; 2289 bool need_pn = false; 2290 2291 if (!gsm) 2292 return; 2293 2294 if (dlci->addr != 0) { 2295 if (gsm->adaption != 1 || gsm->adaption != dlci->adaption) 2296 need_pn = true; 2297 if (dlci->prio != (roundup(dlci->addr + 1, 8) - 1)) 2298 need_pn = true; 2299 if (gsm->ftype != dlci->ftype) 2300 need_pn = true; 2301 } 2302 2303 switch (dlci->state) { 2304 case DLCI_CLOSED: 2305 case DLCI_WAITING_CONFIG: 2306 case DLCI_CLOSING: 2307 dlci->retries = gsm->n2; 2308 if (!need_pn) { 2309 dlci->state = DLCI_OPENING; 2310 gsm_command(gsm, dlci->addr, SABM|PF); 2311 } else { 2312 /* Configure DLCI before setup */ 2313 dlci->state = DLCI_CONFIGURE; 2314 if (gsm_dlci_negotiate(dlci) != 0) { 2315 gsm_dlci_close(dlci); 2316 return; 2317 } 2318 } 2319 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2320 break; 2321 default: 2322 break; 2323 } 2324 } 2325 2326 /** 2327 * gsm_dlci_set_opening - change state to opening 2328 * @dlci: DLCI to open 2329 * 2330 * Change internal state to wait for DLCI open from initiator side. 2331 * We set off timers and responses upon reception of an SABM. 2332 */ 2333 static void gsm_dlci_set_opening(struct gsm_dlci *dlci) 2334 { 2335 switch (dlci->state) { 2336 case DLCI_CLOSED: 2337 case DLCI_WAITING_CONFIG: 2338 case DLCI_CLOSING: 2339 dlci->state = DLCI_OPENING; 2340 break; 2341 default: 2342 break; 2343 } 2344 } 2345 2346 /** 2347 * gsm_dlci_set_wait_config - wait for channel configuration 2348 * @dlci: DLCI to configure 2349 * 2350 * Wait for a DLCI configuration from the application. 2351 */ 2352 static void gsm_dlci_set_wait_config(struct gsm_dlci *dlci) 2353 { 2354 switch (dlci->state) { 2355 case DLCI_CLOSED: 2356 case DLCI_CLOSING: 2357 dlci->state = DLCI_WAITING_CONFIG; 2358 break; 2359 default: 2360 break; 2361 } 2362 } 2363 2364 /** 2365 * gsm_dlci_begin_close - start channel open procedure 2366 * @dlci: DLCI to open 2367 * 2368 * Commence closing a DLCI from the Linux side. We issue DISC messages 2369 * to the modem which should then reply with a UA, at which point we 2370 * will move into closed state. Closing is done asynchronously with retry 2371 * off timers. We may also receive a DM reply from the other end which 2372 * indicates the channel was already closed. 2373 */ 2374 2375 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 2376 { 2377 struct gsm_mux *gsm = dlci->gsm; 2378 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 2379 return; 2380 dlci->retries = gsm->n2; 2381 dlci->state = DLCI_CLOSING; 2382 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 2383 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2384 wake_up_interruptible(&gsm->event); 2385 } 2386 2387 /** 2388 * gsm_dlci_data - data arrived 2389 * @dlci: channel 2390 * @data: block of bytes received 2391 * @clen: length of received block 2392 * 2393 * A UI or UIH frame has arrived which contains data for a channel 2394 * other than the control channel. If the relevant virtual tty is 2395 * open we shovel the bits down it, if not we drop them. 2396 */ 2397 2398 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 2399 { 2400 /* krefs .. */ 2401 struct tty_port *port = &dlci->port; 2402 struct tty_struct *tty; 2403 unsigned int modem = 0; 2404 int len; 2405 2406 if (debug & DBG_TTY) 2407 pr_debug("%d bytes for tty\n", clen); 2408 switch (dlci->adaption) { 2409 /* Unsupported types */ 2410 case 4: /* Packetised interruptible data */ 2411 break; 2412 case 3: /* Packetised uininterruptible voice/data */ 2413 break; 2414 case 2: /* Asynchronous serial with line state in each frame */ 2415 len = gsm_read_ea_val(&modem, data, clen); 2416 if (len < 1) 2417 return; 2418 tty = tty_port_tty_get(port); 2419 if (tty) { 2420 gsm_process_modem(tty, dlci, modem, len); 2421 tty_wakeup(tty); 2422 tty_kref_put(tty); 2423 } 2424 /* Skip processed modem data */ 2425 data += len; 2426 clen -= len; 2427 fallthrough; 2428 case 1: /* Line state will go via DLCI 0 controls only */ 2429 default: 2430 tty_insert_flip_string(port, data, clen); 2431 tty_flip_buffer_push(port); 2432 } 2433 } 2434 2435 /** 2436 * gsm_dlci_command - data arrived on control channel 2437 * @dlci: channel 2438 * @data: block of bytes received 2439 * @len: length of received block 2440 * 2441 * A UI or UIH frame has arrived which contains data for DLCI 0 the 2442 * control channel. This should contain a command EA followed by 2443 * control data bytes. The command EA contains a command/response bit 2444 * and we divide up the work accordingly. 2445 */ 2446 2447 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 2448 { 2449 /* See what command is involved */ 2450 unsigned int command = 0; 2451 unsigned int clen = 0; 2452 unsigned int dlen; 2453 2454 /* read the command */ 2455 dlen = gsm_read_ea_val(&command, data, len); 2456 len -= dlen; 2457 data += dlen; 2458 2459 /* read any control data */ 2460 dlen = gsm_read_ea_val(&clen, data, len); 2461 len -= dlen; 2462 data += dlen; 2463 2464 /* Malformed command? */ 2465 if (clen > len) { 2466 dlci->gsm->malformed++; 2467 return; 2468 } 2469 2470 if (command & 1) 2471 gsm_control_message(dlci->gsm, command, data, clen); 2472 else 2473 gsm_control_response(dlci->gsm, command, data, clen); 2474 } 2475 2476 /** 2477 * gsm_kick_timer - transmit if possible 2478 * @t: timer contained in our gsm object 2479 * 2480 * Transmit data from DLCIs if the queue is empty. We can't rely on 2481 * a tty wakeup except when we filled the pipe so we need to fire off 2482 * new data ourselves in other cases. 2483 */ 2484 static void gsm_kick_timer(struct timer_list *t) 2485 { 2486 struct gsm_mux *gsm = from_timer(gsm, t, kick_timer); 2487 unsigned long flags; 2488 int sent = 0; 2489 2490 spin_lock_irqsave(&gsm->tx_lock, flags); 2491 /* If we have nothing running then we need to fire up */ 2492 if (gsm->tx_bytes < TX_THRESH_LO) 2493 sent = gsm_dlci_data_sweep(gsm); 2494 spin_unlock_irqrestore(&gsm->tx_lock, flags); 2495 2496 if (sent && debug & DBG_DATA) 2497 pr_info("%s TX queue stalled\n", __func__); 2498 } 2499 2500 /** 2501 * gsm_dlci_copy_config_values - copy DLCI configuration 2502 * @dlci: source DLCI 2503 * @dc: configuration structure to fill 2504 */ 2505 static void gsm_dlci_copy_config_values(struct gsm_dlci *dlci, struct gsm_dlci_config *dc) 2506 { 2507 memset(dc, 0, sizeof(*dc)); 2508 dc->channel = (u32)dlci->addr; 2509 dc->adaption = (u32)dlci->adaption; 2510 dc->mtu = (u32)dlci->mtu; 2511 dc->priority = (u32)dlci->prio; 2512 if (dlci->ftype == UIH) 2513 dc->i = 1; 2514 else 2515 dc->i = 2; 2516 dc->k = (u32)dlci->k; 2517 } 2518 2519 /** 2520 * gsm_dlci_config - configure DLCI from configuration 2521 * @dlci: DLCI to configure 2522 * @dc: DLCI configuration 2523 * @open: open DLCI after configuration? 2524 */ 2525 static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, int open) 2526 { 2527 struct gsm_mux *gsm; 2528 bool need_restart = false; 2529 bool need_open = false; 2530 unsigned int i; 2531 2532 /* 2533 * Check that userspace doesn't put stuff in here to prevent breakages 2534 * in the future. 2535 */ 2536 for (i = 0; i < ARRAY_SIZE(dc->reserved); i++) 2537 if (dc->reserved[i]) 2538 return -EINVAL; 2539 2540 if (!dlci) 2541 return -EINVAL; 2542 gsm = dlci->gsm; 2543 2544 /* Stuff we don't support yet - I frame transport */ 2545 if (dc->adaption != 1 && dc->adaption != 2) 2546 return -EOPNOTSUPP; 2547 if (dc->mtu > MAX_MTU || dc->mtu < MIN_MTU || dc->mtu > gsm->mru) 2548 return -EINVAL; 2549 if (dc->priority >= 64) 2550 return -EINVAL; 2551 if (dc->i == 0 || dc->i > 2) /* UIH and UI only */ 2552 return -EINVAL; 2553 if (dc->k > 7) 2554 return -EINVAL; 2555 if (dc->flags & ~GSM_FL_RESTART) /* allow future extensions */ 2556 return -EINVAL; 2557 2558 /* 2559 * See what is needed for reconfiguration 2560 */ 2561 /* Framing fields */ 2562 if (dc->adaption != dlci->adaption) 2563 need_restart = true; 2564 if (dc->mtu != dlci->mtu) 2565 need_restart = true; 2566 if (dc->i != dlci->ftype) 2567 need_restart = true; 2568 /* Requires care */ 2569 if (dc->priority != dlci->prio) 2570 need_restart = true; 2571 if (dc->flags & GSM_FL_RESTART) 2572 need_restart = true; 2573 2574 if ((open && gsm->wait_config) || need_restart) 2575 need_open = true; 2576 if (dlci->state == DLCI_WAITING_CONFIG) { 2577 need_restart = false; 2578 need_open = true; 2579 } 2580 2581 /* 2582 * Close down what is needed, restart and initiate the new 2583 * configuration. 2584 */ 2585 if (need_restart) { 2586 gsm_dlci_begin_close(dlci); 2587 wait_event_interruptible(gsm->event, dlci->state == DLCI_CLOSED); 2588 if (signal_pending(current)) 2589 return -EINTR; 2590 } 2591 /* 2592 * Setup the new configuration values 2593 */ 2594 dlci->adaption = (int)dc->adaption; 2595 2596 if (dc->mtu) 2597 dlci->mtu = (unsigned int)dc->mtu; 2598 else 2599 dlci->mtu = gsm->mtu; 2600 2601 if (dc->priority) 2602 dlci->prio = (u8)dc->priority; 2603 else 2604 dlci->prio = roundup(dlci->addr + 1, 8) - 1; 2605 2606 if (dc->i == 1) 2607 dlci->ftype = UIH; 2608 else if (dc->i == 2) 2609 dlci->ftype = UI; 2610 2611 if (dc->k) 2612 dlci->k = (u8)dc->k; 2613 else 2614 dlci->k = gsm->k; 2615 2616 if (need_open) { 2617 if (gsm->initiator) 2618 gsm_dlci_begin_open(dlci); 2619 else 2620 gsm_dlci_set_opening(dlci); 2621 } 2622 2623 return 0; 2624 } 2625 2626 /* 2627 * Allocate/Free DLCI channels 2628 */ 2629 2630 /** 2631 * gsm_dlci_alloc - allocate a DLCI 2632 * @gsm: GSM mux 2633 * @addr: address of the DLCI 2634 * 2635 * Allocate and install a new DLCI object into the GSM mux. 2636 * 2637 * FIXME: review locking races 2638 */ 2639 2640 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 2641 { 2642 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC); 2643 if (dlci == NULL) 2644 return NULL; 2645 spin_lock_init(&dlci->lock); 2646 mutex_init(&dlci->mutex); 2647 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) { 2648 kfree(dlci); 2649 return NULL; 2650 } 2651 2652 skb_queue_head_init(&dlci->skb_list); 2653 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 2654 tty_port_init(&dlci->port); 2655 dlci->port.ops = &gsm_port_ops; 2656 dlci->gsm = gsm; 2657 dlci->addr = addr; 2658 dlci->adaption = gsm->adaption; 2659 dlci->mtu = gsm->mtu; 2660 if (addr == 0) 2661 dlci->prio = 0; 2662 else 2663 dlci->prio = roundup(addr + 1, 8) - 1; 2664 dlci->ftype = gsm->ftype; 2665 dlci->k = gsm->k; 2666 dlci->state = DLCI_CLOSED; 2667 if (addr) { 2668 dlci->data = gsm_dlci_data; 2669 /* Prevent us from sending data before the link is up */ 2670 dlci->constipated = true; 2671 } else { 2672 dlci->data = gsm_dlci_command; 2673 } 2674 gsm->dlci[addr] = dlci; 2675 return dlci; 2676 } 2677 2678 /** 2679 * gsm_dlci_free - free DLCI 2680 * @port: tty port for DLCI to free 2681 * 2682 * Free up a DLCI. 2683 * 2684 * Can sleep. 2685 */ 2686 static void gsm_dlci_free(struct tty_port *port) 2687 { 2688 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2689 2690 timer_shutdown_sync(&dlci->t1); 2691 dlci->gsm->dlci[dlci->addr] = NULL; 2692 kfifo_free(&dlci->fifo); 2693 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 2694 dev_kfree_skb(dlci->skb); 2695 kfree(dlci); 2696 } 2697 2698 static inline void dlci_get(struct gsm_dlci *dlci) 2699 { 2700 tty_port_get(&dlci->port); 2701 } 2702 2703 static inline void dlci_put(struct gsm_dlci *dlci) 2704 { 2705 tty_port_put(&dlci->port); 2706 } 2707 2708 static void gsm_destroy_network(struct gsm_dlci *dlci); 2709 2710 /** 2711 * gsm_dlci_release - release DLCI 2712 * @dlci: DLCI to destroy 2713 * 2714 * Release a DLCI. Actual free is deferred until either 2715 * mux is closed or tty is closed - whichever is last. 2716 * 2717 * Can sleep. 2718 */ 2719 static void gsm_dlci_release(struct gsm_dlci *dlci) 2720 { 2721 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 2722 if (tty) { 2723 mutex_lock(&dlci->mutex); 2724 gsm_destroy_network(dlci); 2725 mutex_unlock(&dlci->mutex); 2726 2727 /* We cannot use tty_hangup() because in tty_kref_put() the tty 2728 * driver assumes that the hangup queue is free and reuses it to 2729 * queue release_one_tty() -> NULL pointer panic in 2730 * process_one_work(). 2731 */ 2732 tty_vhangup(tty); 2733 2734 tty_port_tty_set(&dlci->port, NULL); 2735 tty_kref_put(tty); 2736 } 2737 dlci->state = DLCI_CLOSED; 2738 dlci_put(dlci); 2739 } 2740 2741 /* 2742 * LAPBish link layer logic 2743 */ 2744 2745 /** 2746 * gsm_queue - a GSM frame is ready to process 2747 * @gsm: pointer to our gsm mux 2748 * 2749 * At this point in time a frame has arrived and been demangled from 2750 * the line encoding. All the differences between the encodings have 2751 * been handled below us and the frame is unpacked into the structures. 2752 * The fcs holds the header FCS but any data FCS must be added here. 2753 */ 2754 2755 static void gsm_queue(struct gsm_mux *gsm) 2756 { 2757 struct gsm_dlci *dlci; 2758 u8 cr; 2759 int address; 2760 2761 if (gsm->fcs != GOOD_FCS) { 2762 gsm->bad_fcs++; 2763 if (debug & DBG_DATA) 2764 pr_debug("BAD FCS %02x\n", gsm->fcs); 2765 return; 2766 } 2767 address = gsm->address >> 1; 2768 if (address >= NUM_DLCI) 2769 goto invalid; 2770 2771 cr = gsm->address & 1; /* C/R bit */ 2772 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */ 2773 2774 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 2775 2776 dlci = gsm->dlci[address]; 2777 2778 switch (gsm->control) { 2779 case SABM|PF: 2780 if (cr == 1) { 2781 gsm->open_error++; 2782 goto invalid; 2783 } 2784 if (dlci == NULL) 2785 dlci = gsm_dlci_alloc(gsm, address); 2786 if (dlci == NULL) { 2787 gsm->open_error++; 2788 return; 2789 } 2790 if (dlci->dead) 2791 gsm_response(gsm, address, DM|PF); 2792 else { 2793 gsm_response(gsm, address, UA|PF); 2794 gsm_dlci_open(dlci); 2795 } 2796 break; 2797 case DISC|PF: 2798 if (cr == 1) 2799 goto invalid; 2800 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 2801 gsm_response(gsm, address, DM|PF); 2802 return; 2803 } 2804 /* Real close complete */ 2805 gsm_response(gsm, address, UA|PF); 2806 gsm_dlci_close(dlci); 2807 break; 2808 case UA|PF: 2809 if (cr == 0 || dlci == NULL) 2810 break; 2811 switch (dlci->state) { 2812 case DLCI_CLOSING: 2813 gsm_dlci_close(dlci); 2814 break; 2815 case DLCI_OPENING: 2816 gsm_dlci_open(dlci); 2817 break; 2818 default: 2819 pr_debug("%s: unhandled state: %d\n", __func__, 2820 dlci->state); 2821 break; 2822 } 2823 break; 2824 case DM: /* DM can be valid unsolicited */ 2825 case DM|PF: 2826 if (cr) 2827 goto invalid; 2828 if (dlci == NULL) 2829 return; 2830 gsm_dlci_close(dlci); 2831 break; 2832 case UI: 2833 case UI|PF: 2834 case UIH: 2835 case UIH|PF: 2836 if (dlci == NULL || dlci->state != DLCI_OPEN) { 2837 gsm_response(gsm, address, DM|PF); 2838 return; 2839 } 2840 dlci->data(dlci, gsm->buf, gsm->len); 2841 break; 2842 default: 2843 goto invalid; 2844 } 2845 return; 2846 invalid: 2847 gsm->malformed++; 2848 return; 2849 } 2850 2851 /** 2852 * gsm0_receive_state_check_and_fix - check and correct receive state 2853 * @gsm: gsm data for this ldisc instance 2854 * 2855 * Ensures that the current receive state is valid for basic option mode. 2856 */ 2857 2858 static void gsm0_receive_state_check_and_fix(struct gsm_mux *gsm) 2859 { 2860 switch (gsm->state) { 2861 case GSM_SEARCH: 2862 case GSM0_ADDRESS: 2863 case GSM0_CONTROL: 2864 case GSM0_LEN0: 2865 case GSM0_LEN1: 2866 case GSM0_DATA: 2867 case GSM0_FCS: 2868 case GSM0_SSOF: 2869 break; 2870 default: 2871 gsm->state = GSM_SEARCH; 2872 break; 2873 } 2874 } 2875 2876 /** 2877 * gsm0_receive - perform processing for non-transparency 2878 * @gsm: gsm data for this ldisc instance 2879 * @c: character 2880 * 2881 * Receive bytes in gsm mode 0 2882 */ 2883 2884 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c) 2885 { 2886 unsigned int len; 2887 2888 gsm0_receive_state_check_and_fix(gsm); 2889 switch (gsm->state) { 2890 case GSM_SEARCH: /* SOF marker */ 2891 if (c == GSM0_SOF) { 2892 gsm->state = GSM0_ADDRESS; 2893 gsm->address = 0; 2894 gsm->len = 0; 2895 gsm->fcs = INIT_FCS; 2896 } 2897 break; 2898 case GSM0_ADDRESS: /* Address EA */ 2899 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2900 if (gsm_read_ea(&gsm->address, c)) 2901 gsm->state = GSM0_CONTROL; 2902 break; 2903 case GSM0_CONTROL: /* Control Byte */ 2904 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2905 gsm->control = c; 2906 gsm->state = GSM0_LEN0; 2907 break; 2908 case GSM0_LEN0: /* Length EA */ 2909 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2910 if (gsm_read_ea(&gsm->len, c)) { 2911 if (gsm->len > gsm->mru) { 2912 gsm->bad_size++; 2913 gsm->state = GSM_SEARCH; 2914 break; 2915 } 2916 gsm->count = 0; 2917 if (!gsm->len) 2918 gsm->state = GSM0_FCS; 2919 else 2920 gsm->state = GSM0_DATA; 2921 break; 2922 } 2923 gsm->state = GSM0_LEN1; 2924 break; 2925 case GSM0_LEN1: 2926 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2927 len = c; 2928 gsm->len |= len << 7; 2929 if (gsm->len > gsm->mru) { 2930 gsm->bad_size++; 2931 gsm->state = GSM_SEARCH; 2932 break; 2933 } 2934 gsm->count = 0; 2935 if (!gsm->len) 2936 gsm->state = GSM0_FCS; 2937 else 2938 gsm->state = GSM0_DATA; 2939 break; 2940 case GSM0_DATA: /* Data */ 2941 gsm->buf[gsm->count++] = c; 2942 if (gsm->count >= MAX_MRU) { 2943 gsm->bad_size++; 2944 gsm->state = GSM_SEARCH; 2945 } else if (gsm->count >= gsm->len) { 2946 /* Calculate final FCS for UI frames over all data */ 2947 if ((gsm->control & ~PF) != UIH) { 2948 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 2949 gsm->count); 2950 } 2951 gsm->state = GSM0_FCS; 2952 } 2953 break; 2954 case GSM0_FCS: /* FCS follows the packet */ 2955 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2956 gsm->state = GSM0_SSOF; 2957 break; 2958 case GSM0_SSOF: 2959 gsm->state = GSM_SEARCH; 2960 if (c == GSM0_SOF) 2961 gsm_queue(gsm); 2962 else 2963 gsm->bad_size++; 2964 break; 2965 default: 2966 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2967 break; 2968 } 2969 } 2970 2971 /** 2972 * gsm1_receive_state_check_and_fix - check and correct receive state 2973 * @gsm: gsm data for this ldisc instance 2974 * 2975 * Ensures that the current receive state is valid for advanced option mode. 2976 */ 2977 2978 static void gsm1_receive_state_check_and_fix(struct gsm_mux *gsm) 2979 { 2980 switch (gsm->state) { 2981 case GSM_SEARCH: 2982 case GSM1_START: 2983 case GSM1_ADDRESS: 2984 case GSM1_CONTROL: 2985 case GSM1_DATA: 2986 case GSM1_OVERRUN: 2987 break; 2988 default: 2989 gsm->state = GSM_SEARCH; 2990 break; 2991 } 2992 } 2993 2994 /** 2995 * gsm1_receive - perform processing for non-transparency 2996 * @gsm: gsm data for this ldisc instance 2997 * @c: character 2998 * 2999 * Receive bytes in mode 1 (Advanced option) 3000 */ 3001 3002 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c) 3003 { 3004 gsm1_receive_state_check_and_fix(gsm); 3005 /* handle XON/XOFF */ 3006 if ((c & ISO_IEC_646_MASK) == XON) { 3007 gsm->constipated = true; 3008 return; 3009 } else if ((c & ISO_IEC_646_MASK) == XOFF) { 3010 gsm->constipated = false; 3011 /* Kick the link in case it is idling */ 3012 gsmld_write_trigger(gsm); 3013 return; 3014 } 3015 if (c == GSM1_SOF) { 3016 /* EOF is only valid in frame if we have got to the data state */ 3017 if (gsm->state == GSM1_DATA) { 3018 if (gsm->count < 1) { 3019 /* Missing FSC */ 3020 gsm->malformed++; 3021 gsm->state = GSM1_START; 3022 return; 3023 } 3024 /* Remove the FCS from data */ 3025 gsm->count--; 3026 if ((gsm->control & ~PF) != UIH) { 3027 /* Calculate final FCS for UI frames over all 3028 * data but FCS 3029 */ 3030 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 3031 gsm->count); 3032 } 3033 /* Add the FCS itself to test against GOOD_FCS */ 3034 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 3035 gsm->len = gsm->count; 3036 gsm_queue(gsm); 3037 gsm->state = GSM1_START; 3038 return; 3039 } 3040 /* Any partial frame was a runt so go back to start */ 3041 if (gsm->state != GSM1_START) { 3042 if (gsm->state != GSM_SEARCH) 3043 gsm->malformed++; 3044 gsm->state = GSM1_START; 3045 } 3046 /* A SOF in GSM_START means we are still reading idling or 3047 framing bytes */ 3048 return; 3049 } 3050 3051 if (c == GSM1_ESCAPE) { 3052 gsm->escape = true; 3053 return; 3054 } 3055 3056 /* Only an unescaped SOF gets us out of GSM search */ 3057 if (gsm->state == GSM_SEARCH) 3058 return; 3059 3060 if (gsm->escape) { 3061 c ^= GSM1_ESCAPE_BITS; 3062 gsm->escape = false; 3063 } 3064 switch (gsm->state) { 3065 case GSM1_START: /* First byte after SOF */ 3066 gsm->address = 0; 3067 gsm->state = GSM1_ADDRESS; 3068 gsm->fcs = INIT_FCS; 3069 fallthrough; 3070 case GSM1_ADDRESS: /* Address continuation */ 3071 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 3072 if (gsm_read_ea(&gsm->address, c)) 3073 gsm->state = GSM1_CONTROL; 3074 break; 3075 case GSM1_CONTROL: /* Control Byte */ 3076 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 3077 gsm->control = c; 3078 gsm->count = 0; 3079 gsm->state = GSM1_DATA; 3080 break; 3081 case GSM1_DATA: /* Data */ 3082 if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ 3083 gsm->state = GSM1_OVERRUN; 3084 gsm->bad_size++; 3085 } else 3086 gsm->buf[gsm->count++] = c; 3087 break; 3088 case GSM1_OVERRUN: /* Over-long - eg a dropped SOF */ 3089 break; 3090 default: 3091 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 3092 break; 3093 } 3094 } 3095 3096 /** 3097 * gsm_error - handle tty error 3098 * @gsm: ldisc data 3099 * 3100 * Handle an error in the receipt of data for a frame. Currently we just 3101 * go back to hunting for a SOF. 3102 * 3103 * FIXME: better diagnostics ? 3104 */ 3105 3106 static void gsm_error(struct gsm_mux *gsm) 3107 { 3108 gsm->state = GSM_SEARCH; 3109 gsm->io_error++; 3110 } 3111 3112 /** 3113 * gsm_cleanup_mux - generic GSM protocol cleanup 3114 * @gsm: our mux 3115 * @disc: disconnect link? 3116 * 3117 * Clean up the bits of the mux which are the same for all framing 3118 * protocols. Remove the mux from the mux table, stop all the timers 3119 * and then shut down each device hanging up the channels as we go. 3120 */ 3121 3122 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) 3123 { 3124 int i; 3125 struct gsm_dlci *dlci; 3126 struct gsm_msg *txq, *ntxq; 3127 3128 gsm->dead = true; 3129 mutex_lock(&gsm->mutex); 3130 3131 dlci = gsm->dlci[0]; 3132 if (dlci) { 3133 if (disc && dlci->state != DLCI_CLOSED) { 3134 gsm_dlci_begin_close(dlci); 3135 wait_event(gsm->event, dlci->state == DLCI_CLOSED); 3136 } 3137 dlci->dead = true; 3138 } 3139 3140 /* Finish outstanding timers, making sure they are done */ 3141 del_timer_sync(&gsm->kick_timer); 3142 del_timer_sync(&gsm->t2_timer); 3143 del_timer_sync(&gsm->ka_timer); 3144 3145 /* Finish writing to ldisc */ 3146 flush_work(&gsm->tx_work); 3147 3148 /* Free up any link layer users and finally the control channel */ 3149 if (gsm->has_devices) { 3150 gsm_unregister_devices(gsm_tty_driver, gsm->num); 3151 gsm->has_devices = false; 3152 } 3153 for (i = NUM_DLCI - 1; i >= 0; i--) 3154 if (gsm->dlci[i]) 3155 gsm_dlci_release(gsm->dlci[i]); 3156 mutex_unlock(&gsm->mutex); 3157 /* Now wipe the queues */ 3158 tty_ldisc_flush(gsm->tty); 3159 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list) 3160 kfree(txq); 3161 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 3162 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list) 3163 kfree(txq); 3164 INIT_LIST_HEAD(&gsm->tx_data_list); 3165 } 3166 3167 /** 3168 * gsm_activate_mux - generic GSM setup 3169 * @gsm: our mux 3170 * 3171 * Set up the bits of the mux which are the same for all framing 3172 * protocols. Add the mux to the mux table so it can be opened and 3173 * finally kick off connecting to DLCI 0 on the modem. 3174 */ 3175 3176 static int gsm_activate_mux(struct gsm_mux *gsm) 3177 { 3178 struct gsm_dlci *dlci; 3179 int ret; 3180 3181 dlci = gsm_dlci_alloc(gsm, 0); 3182 if (dlci == NULL) 3183 return -ENOMEM; 3184 3185 if (gsm->encoding == GSM_BASIC_OPT) 3186 gsm->receive = gsm0_receive; 3187 else 3188 gsm->receive = gsm1_receive; 3189 3190 ret = gsm_register_devices(gsm_tty_driver, gsm->num); 3191 if (ret) 3192 return ret; 3193 3194 gsm->has_devices = true; 3195 gsm->dead = false; /* Tty opens are now permissible */ 3196 return 0; 3197 } 3198 3199 /** 3200 * gsm_free_mux - free up a mux 3201 * @gsm: mux to free 3202 * 3203 * Dispose of allocated resources for a dead mux 3204 */ 3205 static void gsm_free_mux(struct gsm_mux *gsm) 3206 { 3207 int i; 3208 3209 for (i = 0; i < MAX_MUX; i++) { 3210 if (gsm == gsm_mux[i]) { 3211 gsm_mux[i] = NULL; 3212 break; 3213 } 3214 } 3215 mutex_destroy(&gsm->mutex); 3216 kfree(gsm->txframe); 3217 kfree(gsm->buf); 3218 kfree(gsm); 3219 } 3220 3221 /** 3222 * gsm_free_muxr - free up a mux 3223 * @ref: kreference to the mux to free 3224 * 3225 * Dispose of allocated resources for a dead mux 3226 */ 3227 static void gsm_free_muxr(struct kref *ref) 3228 { 3229 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 3230 gsm_free_mux(gsm); 3231 } 3232 3233 static inline void mux_get(struct gsm_mux *gsm) 3234 { 3235 unsigned long flags; 3236 3237 spin_lock_irqsave(&gsm_mux_lock, flags); 3238 kref_get(&gsm->ref); 3239 spin_unlock_irqrestore(&gsm_mux_lock, flags); 3240 } 3241 3242 static inline void mux_put(struct gsm_mux *gsm) 3243 { 3244 unsigned long flags; 3245 3246 spin_lock_irqsave(&gsm_mux_lock, flags); 3247 kref_put(&gsm->ref, gsm_free_muxr); 3248 spin_unlock_irqrestore(&gsm_mux_lock, flags); 3249 } 3250 3251 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 3252 { 3253 return gsm->num * NUM_DLCI; 3254 } 3255 3256 static inline unsigned int mux_line_to_num(unsigned int line) 3257 { 3258 return line / NUM_DLCI; 3259 } 3260 3261 /** 3262 * gsm_alloc_mux - allocate a mux 3263 * 3264 * Creates a new mux ready for activation. 3265 */ 3266 3267 static struct gsm_mux *gsm_alloc_mux(void) 3268 { 3269 int i; 3270 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL); 3271 if (gsm == NULL) 3272 return NULL; 3273 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 3274 if (gsm->buf == NULL) { 3275 kfree(gsm); 3276 return NULL; 3277 } 3278 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL); 3279 if (gsm->txframe == NULL) { 3280 kfree(gsm->buf); 3281 kfree(gsm); 3282 return NULL; 3283 } 3284 spin_lock_init(&gsm->lock); 3285 mutex_init(&gsm->mutex); 3286 kref_init(&gsm->ref); 3287 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 3288 INIT_LIST_HEAD(&gsm->tx_data_list); 3289 timer_setup(&gsm->kick_timer, gsm_kick_timer, 0); 3290 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 3291 timer_setup(&gsm->ka_timer, gsm_control_keep_alive, 0); 3292 INIT_WORK(&gsm->tx_work, gsmld_write_task); 3293 init_waitqueue_head(&gsm->event); 3294 spin_lock_init(&gsm->control_lock); 3295 spin_lock_init(&gsm->tx_lock); 3296 3297 gsm->t1 = T1; 3298 gsm->t2 = T2; 3299 gsm->t3 = T3; 3300 gsm->n2 = N2; 3301 gsm->k = K; 3302 gsm->ftype = UIH; 3303 gsm->adaption = 1; 3304 gsm->encoding = GSM_ADV_OPT; 3305 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 3306 gsm->mtu = 64; 3307 gsm->dead = true; /* Avoid early tty opens */ 3308 gsm->wait_config = false; /* Disabled */ 3309 gsm->keep_alive = 0; /* Disabled */ 3310 3311 /* Store the instance to the mux array or abort if no space is 3312 * available. 3313 */ 3314 spin_lock(&gsm_mux_lock); 3315 for (i = 0; i < MAX_MUX; i++) { 3316 if (!gsm_mux[i]) { 3317 gsm_mux[i] = gsm; 3318 gsm->num = i; 3319 break; 3320 } 3321 } 3322 spin_unlock(&gsm_mux_lock); 3323 if (i == MAX_MUX) { 3324 mutex_destroy(&gsm->mutex); 3325 kfree(gsm->txframe); 3326 kfree(gsm->buf); 3327 kfree(gsm); 3328 return NULL; 3329 } 3330 3331 return gsm; 3332 } 3333 3334 static void gsm_copy_config_values(struct gsm_mux *gsm, 3335 struct gsm_config *c) 3336 { 3337 memset(c, 0, sizeof(*c)); 3338 c->adaption = gsm->adaption; 3339 c->encapsulation = gsm->encoding; 3340 c->initiator = gsm->initiator; 3341 c->t1 = gsm->t1; 3342 c->t2 = gsm->t2; 3343 c->t3 = gsm->t3; 3344 c->n2 = gsm->n2; 3345 if (gsm->ftype == UIH) 3346 c->i = 1; 3347 else 3348 c->i = 2; 3349 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 3350 c->mru = gsm->mru; 3351 c->mtu = gsm->mtu; 3352 c->k = gsm->k; 3353 } 3354 3355 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 3356 { 3357 int need_close = 0; 3358 int need_restart = 0; 3359 3360 /* Stuff we don't support yet - UI or I frame transport */ 3361 if (c->adaption != 1 && c->adaption != 2) 3362 return -EOPNOTSUPP; 3363 /* Check the MRU/MTU range looks sane */ 3364 if (c->mru < MIN_MTU || c->mtu < MIN_MTU) 3365 return -EINVAL; 3366 if (c->mru > MAX_MRU || c->mtu > MAX_MTU) 3367 return -EINVAL; 3368 if (c->t3 > MAX_T3) 3369 return -EINVAL; 3370 if (c->n2 > 255) 3371 return -EINVAL; 3372 if (c->encapsulation > 1) /* Basic, advanced, no I */ 3373 return -EINVAL; 3374 if (c->initiator > 1) 3375 return -EINVAL; 3376 if (c->k > MAX_WINDOW_SIZE) 3377 return -EINVAL; 3378 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 3379 return -EINVAL; 3380 /* 3381 * See what is needed for reconfiguration 3382 */ 3383 3384 /* Timing fields */ 3385 if (c->t1 != 0 && c->t1 != gsm->t1) 3386 need_restart = 1; 3387 if (c->t2 != 0 && c->t2 != gsm->t2) 3388 need_restart = 1; 3389 if (c->encapsulation != gsm->encoding) 3390 need_restart = 1; 3391 if (c->adaption != gsm->adaption) 3392 need_restart = 1; 3393 /* Requires care */ 3394 if (c->initiator != gsm->initiator) 3395 need_close = 1; 3396 if (c->mru != gsm->mru) 3397 need_restart = 1; 3398 if (c->mtu != gsm->mtu) 3399 need_restart = 1; 3400 3401 /* 3402 * Close down what is needed, restart and initiate the new 3403 * configuration. On the first time there is no DLCI[0] 3404 * and closing or cleaning up is not necessary. 3405 */ 3406 if (need_close || need_restart) 3407 gsm_cleanup_mux(gsm, true); 3408 3409 gsm->initiator = c->initiator; 3410 gsm->mru = c->mru; 3411 gsm->mtu = c->mtu; 3412 gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT; 3413 gsm->adaption = c->adaption; 3414 gsm->n2 = c->n2; 3415 3416 if (c->i == 1) 3417 gsm->ftype = UIH; 3418 else if (c->i == 2) 3419 gsm->ftype = UI; 3420 3421 if (c->t1) 3422 gsm->t1 = c->t1; 3423 if (c->t2) 3424 gsm->t2 = c->t2; 3425 if (c->t3) 3426 gsm->t3 = c->t3; 3427 if (c->k) 3428 gsm->k = c->k; 3429 3430 /* 3431 * FIXME: We need to separate activation/deactivation from adding 3432 * and removing from the mux array 3433 */ 3434 if (gsm->dead) { 3435 int ret = gsm_activate_mux(gsm); 3436 if (ret) 3437 return ret; 3438 if (gsm->initiator) 3439 gsm_dlci_begin_open(gsm->dlci[0]); 3440 } 3441 return 0; 3442 } 3443 3444 static void gsm_copy_config_ext_values(struct gsm_mux *gsm, 3445 struct gsm_config_ext *ce) 3446 { 3447 memset(ce, 0, sizeof(*ce)); 3448 ce->wait_config = gsm->wait_config ? 1 : 0; 3449 ce->keep_alive = gsm->keep_alive; 3450 } 3451 3452 static int gsm_config_ext(struct gsm_mux *gsm, struct gsm_config_ext *ce) 3453 { 3454 bool need_restart = false; 3455 unsigned int i; 3456 3457 /* 3458 * Check that userspace doesn't put stuff in here to prevent breakages 3459 * in the future. 3460 */ 3461 for (i = 0; i < ARRAY_SIZE(ce->reserved); i++) 3462 if (ce->reserved[i]) 3463 return -EINVAL; 3464 if (ce->flags & ~GSM_FL_RESTART) 3465 return -EINVAL; 3466 3467 /* Requires care */ 3468 if (ce->flags & GSM_FL_RESTART) 3469 need_restart = true; 3470 3471 /* 3472 * Close down what is needed, restart and initiate the new 3473 * configuration. On the first time there is no DLCI[0] 3474 * and closing or cleaning up is not necessary. 3475 */ 3476 if (need_restart) 3477 gsm_cleanup_mux(gsm, true); 3478 3479 /* 3480 * Setup the new configuration values 3481 */ 3482 gsm->wait_config = ce->wait_config ? true : false; 3483 gsm->keep_alive = ce->keep_alive; 3484 3485 if (gsm->dead) { 3486 int ret = gsm_activate_mux(gsm); 3487 if (ret) 3488 return ret; 3489 if (gsm->initiator) 3490 gsm_dlci_begin_open(gsm->dlci[0]); 3491 } 3492 3493 return 0; 3494 } 3495 3496 /** 3497 * gsmld_output - write to link 3498 * @gsm: our mux 3499 * @data: bytes to output 3500 * @len: size 3501 * 3502 * Write a block of data from the GSM mux to the data channel. This 3503 * will eventually be serialized from above but at the moment isn't. 3504 */ 3505 3506 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 3507 { 3508 if (tty_write_room(gsm->tty) < len) { 3509 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 3510 return -ENOSPC; 3511 } 3512 if (debug & DBG_DATA) 3513 gsm_hex_dump_bytes(__func__, data, len); 3514 return gsm->tty->ops->write(gsm->tty, data, len); 3515 } 3516 3517 3518 /** 3519 * gsmld_write_trigger - schedule ldisc write task 3520 * @gsm: our mux 3521 */ 3522 static void gsmld_write_trigger(struct gsm_mux *gsm) 3523 { 3524 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead) 3525 return; 3526 schedule_work(&gsm->tx_work); 3527 } 3528 3529 3530 /** 3531 * gsmld_write_task - ldisc write task 3532 * @work: our tx write work 3533 * 3534 * Writes out data to the ldisc if possible. We are doing this here to 3535 * avoid dead-locking. This returns if no space or data is left for output. 3536 */ 3537 static void gsmld_write_task(struct work_struct *work) 3538 { 3539 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work); 3540 unsigned long flags; 3541 int i, ret; 3542 3543 /* All outstanding control channel and control messages and one data 3544 * frame is sent. 3545 */ 3546 ret = -ENODEV; 3547 spin_lock_irqsave(&gsm->tx_lock, flags); 3548 if (gsm->tty) 3549 ret = gsm_data_kick(gsm); 3550 spin_unlock_irqrestore(&gsm->tx_lock, flags); 3551 3552 if (ret >= 0) 3553 for (i = 0; i < NUM_DLCI; i++) 3554 if (gsm->dlci[i]) 3555 tty_port_tty_wakeup(&gsm->dlci[i]->port); 3556 } 3557 3558 /** 3559 * gsmld_attach_gsm - mode set up 3560 * @tty: our tty structure 3561 * @gsm: our mux 3562 * 3563 * Set up the MUX for basic mode and commence connecting to the 3564 * modem. Currently called from the line discipline set up but 3565 * will need moving to an ioctl path. 3566 */ 3567 3568 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 3569 { 3570 gsm->tty = tty_kref_get(tty); 3571 /* Turn off tty XON/XOFF handling to handle it explicitly. */ 3572 gsm->old_c_iflag = tty->termios.c_iflag; 3573 tty->termios.c_iflag &= (IXON | IXOFF); 3574 } 3575 3576 /** 3577 * gsmld_detach_gsm - stop doing 0710 mux 3578 * @tty: tty attached to the mux 3579 * @gsm: mux 3580 * 3581 * Shutdown and then clean up the resources used by the line discipline 3582 */ 3583 3584 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 3585 { 3586 WARN_ON(tty != gsm->tty); 3587 /* Restore tty XON/XOFF handling. */ 3588 gsm->tty->termios.c_iflag = gsm->old_c_iflag; 3589 tty_kref_put(gsm->tty); 3590 gsm->tty = NULL; 3591 } 3592 3593 static void gsmld_receive_buf(struct tty_struct *tty, const u8 *cp, 3594 const u8 *fp, size_t count) 3595 { 3596 struct gsm_mux *gsm = tty->disc_data; 3597 char flags = TTY_NORMAL; 3598 3599 if (debug & DBG_DATA) 3600 gsm_hex_dump_bytes(__func__, cp, count); 3601 3602 for (; count; count--, cp++) { 3603 if (fp) 3604 flags = *fp++; 3605 switch (flags) { 3606 case TTY_NORMAL: 3607 if (gsm->receive) 3608 gsm->receive(gsm, *cp); 3609 break; 3610 case TTY_OVERRUN: 3611 case TTY_BREAK: 3612 case TTY_PARITY: 3613 case TTY_FRAME: 3614 gsm_error(gsm); 3615 break; 3616 default: 3617 WARN_ONCE(1, "%s: unknown flag %d\n", 3618 tty_name(tty), flags); 3619 break; 3620 } 3621 } 3622 /* FASYNC if needed ? */ 3623 /* If clogged call tty_throttle(tty); */ 3624 } 3625 3626 /** 3627 * gsmld_flush_buffer - clean input queue 3628 * @tty: terminal device 3629 * 3630 * Flush the input buffer. Called when the line discipline is 3631 * being closed, when the tty layer wants the buffer flushed (eg 3632 * at hangup). 3633 */ 3634 3635 static void gsmld_flush_buffer(struct tty_struct *tty) 3636 { 3637 } 3638 3639 /** 3640 * gsmld_close - close the ldisc for this tty 3641 * @tty: device 3642 * 3643 * Called from the terminal layer when this line discipline is 3644 * being shut down, either because of a close or becsuse of a 3645 * discipline change. The function will not be called while other 3646 * ldisc methods are in progress. 3647 */ 3648 3649 static void gsmld_close(struct tty_struct *tty) 3650 { 3651 struct gsm_mux *gsm = tty->disc_data; 3652 3653 /* The ldisc locks and closes the port before calling our close. This 3654 * means we have no way to do a proper disconnect. We will not bother 3655 * to do one. 3656 */ 3657 gsm_cleanup_mux(gsm, false); 3658 3659 gsmld_detach_gsm(tty, gsm); 3660 3661 gsmld_flush_buffer(tty); 3662 /* Do other clean up here */ 3663 mux_put(gsm); 3664 } 3665 3666 /** 3667 * gsmld_open - open an ldisc 3668 * @tty: terminal to open 3669 * 3670 * Called when this line discipline is being attached to the 3671 * terminal device. Can sleep. Called serialized so that no 3672 * other events will occur in parallel. No further open will occur 3673 * until a close. 3674 */ 3675 3676 static int gsmld_open(struct tty_struct *tty) 3677 { 3678 struct gsm_mux *gsm; 3679 3680 if (!capable(CAP_NET_ADMIN)) 3681 return -EPERM; 3682 3683 if (tty->ops->write == NULL) 3684 return -EINVAL; 3685 3686 /* Attach our ldisc data */ 3687 gsm = gsm_alloc_mux(); 3688 if (gsm == NULL) 3689 return -ENOMEM; 3690 3691 tty->disc_data = gsm; 3692 tty->receive_room = 65536; 3693 3694 /* Attach the initial passive connection */ 3695 gsmld_attach_gsm(tty, gsm); 3696 3697 /* The mux will not be activated yet, we wait for correct 3698 * configuration first. 3699 */ 3700 if (gsm->encoding == GSM_BASIC_OPT) 3701 gsm->receive = gsm0_receive; 3702 else 3703 gsm->receive = gsm1_receive; 3704 3705 return 0; 3706 } 3707 3708 /** 3709 * gsmld_write_wakeup - asynchronous I/O notifier 3710 * @tty: tty device 3711 * 3712 * Required for the ptys, serial driver etc. since processes 3713 * that attach themselves to the master and rely on ASYNC 3714 * IO must be woken up 3715 */ 3716 3717 static void gsmld_write_wakeup(struct tty_struct *tty) 3718 { 3719 struct gsm_mux *gsm = tty->disc_data; 3720 3721 /* Queue poll */ 3722 gsmld_write_trigger(gsm); 3723 } 3724 3725 /** 3726 * gsmld_read - read function for tty 3727 * @tty: tty device 3728 * @file: file object 3729 * @buf: userspace buffer pointer 3730 * @nr: size of I/O 3731 * @cookie: unused 3732 * @offset: unused 3733 * 3734 * Perform reads for the line discipline. We are guaranteed that the 3735 * line discipline will not be closed under us but we may get multiple 3736 * parallel readers and must handle this ourselves. We may also get 3737 * a hangup. Always called in user context, may sleep. 3738 * 3739 * This code must be sure never to sleep through a hangup. 3740 */ 3741 3742 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, u8 *buf, 3743 size_t nr, void **cookie, unsigned long offset) 3744 { 3745 return -EOPNOTSUPP; 3746 } 3747 3748 /** 3749 * gsmld_write - write function for tty 3750 * @tty: tty device 3751 * @file: file object 3752 * @buf: userspace buffer pointer 3753 * @nr: size of I/O 3754 * 3755 * Called when the owner of the device wants to send a frame 3756 * itself (or some other control data). The data is transferred 3757 * as-is and must be properly framed and checksummed as appropriate 3758 * by userspace. Frames are either sent whole or not at all as this 3759 * avoids pain user side. 3760 */ 3761 3762 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 3763 const u8 *buf, size_t nr) 3764 { 3765 struct gsm_mux *gsm = tty->disc_data; 3766 unsigned long flags; 3767 int space; 3768 int ret; 3769 3770 if (!gsm) 3771 return -ENODEV; 3772 3773 ret = -ENOBUFS; 3774 spin_lock_irqsave(&gsm->tx_lock, flags); 3775 space = tty_write_room(tty); 3776 if (space >= nr) 3777 ret = tty->ops->write(tty, buf, nr); 3778 else 3779 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 3780 spin_unlock_irqrestore(&gsm->tx_lock, flags); 3781 3782 return ret; 3783 } 3784 3785 /** 3786 * gsmld_poll - poll method for N_GSM0710 3787 * @tty: terminal device 3788 * @file: file accessing it 3789 * @wait: poll table 3790 * 3791 * Called when the line discipline is asked to poll() for data or 3792 * for special events. This code is not serialized with respect to 3793 * other events save open/close. 3794 * 3795 * This code must be sure never to sleep through a hangup. 3796 * Called without the kernel lock held - fine 3797 */ 3798 3799 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 3800 poll_table *wait) 3801 { 3802 __poll_t mask = 0; 3803 struct gsm_mux *gsm = tty->disc_data; 3804 3805 poll_wait(file, &tty->read_wait, wait); 3806 poll_wait(file, &tty->write_wait, wait); 3807 3808 if (gsm->dead) 3809 mask |= EPOLLHUP; 3810 if (tty_hung_up_p(file)) 3811 mask |= EPOLLHUP; 3812 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) 3813 mask |= EPOLLHUP; 3814 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 3815 mask |= EPOLLOUT | EPOLLWRNORM; 3816 return mask; 3817 } 3818 3819 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd, 3820 unsigned long arg) 3821 { 3822 struct gsm_config c; 3823 struct gsm_config_ext ce; 3824 struct gsm_dlci_config dc; 3825 struct gsm_mux *gsm = tty->disc_data; 3826 unsigned int base, addr; 3827 struct gsm_dlci *dlci; 3828 3829 switch (cmd) { 3830 case GSMIOC_GETCONF: 3831 gsm_copy_config_values(gsm, &c); 3832 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 3833 return -EFAULT; 3834 return 0; 3835 case GSMIOC_SETCONF: 3836 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 3837 return -EFAULT; 3838 return gsm_config(gsm, &c); 3839 case GSMIOC_GETFIRST: 3840 base = mux_num_to_base(gsm); 3841 return put_user(base + 1, (__u32 __user *)arg); 3842 case GSMIOC_GETCONF_EXT: 3843 gsm_copy_config_ext_values(gsm, &ce); 3844 if (copy_to_user((void __user *)arg, &ce, sizeof(ce))) 3845 return -EFAULT; 3846 return 0; 3847 case GSMIOC_SETCONF_EXT: 3848 if (copy_from_user(&ce, (void __user *)arg, sizeof(ce))) 3849 return -EFAULT; 3850 return gsm_config_ext(gsm, &ce); 3851 case GSMIOC_GETCONF_DLCI: 3852 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 3853 return -EFAULT; 3854 if (dc.channel == 0 || dc.channel >= NUM_DLCI) 3855 return -EINVAL; 3856 addr = array_index_nospec(dc.channel, NUM_DLCI); 3857 dlci = gsm->dlci[addr]; 3858 if (!dlci) { 3859 dlci = gsm_dlci_alloc(gsm, addr); 3860 if (!dlci) 3861 return -ENOMEM; 3862 } 3863 gsm_dlci_copy_config_values(dlci, &dc); 3864 if (copy_to_user((void __user *)arg, &dc, sizeof(dc))) 3865 return -EFAULT; 3866 return 0; 3867 case GSMIOC_SETCONF_DLCI: 3868 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 3869 return -EFAULT; 3870 if (dc.channel == 0 || dc.channel >= NUM_DLCI) 3871 return -EINVAL; 3872 addr = array_index_nospec(dc.channel, NUM_DLCI); 3873 dlci = gsm->dlci[addr]; 3874 if (!dlci) { 3875 dlci = gsm_dlci_alloc(gsm, addr); 3876 if (!dlci) 3877 return -ENOMEM; 3878 } 3879 return gsm_dlci_config(dlci, &dc, 0); 3880 default: 3881 return n_tty_ioctl_helper(tty, cmd, arg); 3882 } 3883 } 3884 3885 /* 3886 * Network interface 3887 * 3888 */ 3889 3890 static int gsm_mux_net_open(struct net_device *net) 3891 { 3892 pr_debug("%s called\n", __func__); 3893 netif_start_queue(net); 3894 return 0; 3895 } 3896 3897 static int gsm_mux_net_close(struct net_device *net) 3898 { 3899 netif_stop_queue(net); 3900 return 0; 3901 } 3902 3903 static void dlci_net_free(struct gsm_dlci *dlci) 3904 { 3905 if (!dlci->net) { 3906 WARN_ON(1); 3907 return; 3908 } 3909 dlci->adaption = dlci->prev_adaption; 3910 dlci->data = dlci->prev_data; 3911 free_netdev(dlci->net); 3912 dlci->net = NULL; 3913 } 3914 static void net_free(struct kref *ref) 3915 { 3916 struct gsm_mux_net *mux_net; 3917 struct gsm_dlci *dlci; 3918 3919 mux_net = container_of(ref, struct gsm_mux_net, ref); 3920 dlci = mux_net->dlci; 3921 3922 if (dlci->net) { 3923 unregister_netdev(dlci->net); 3924 dlci_net_free(dlci); 3925 } 3926 } 3927 3928 static inline void muxnet_get(struct gsm_mux_net *mux_net) 3929 { 3930 kref_get(&mux_net->ref); 3931 } 3932 3933 static inline void muxnet_put(struct gsm_mux_net *mux_net) 3934 { 3935 kref_put(&mux_net->ref, net_free); 3936 } 3937 3938 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 3939 struct net_device *net) 3940 { 3941 struct gsm_mux_net *mux_net = netdev_priv(net); 3942 struct gsm_dlci *dlci = mux_net->dlci; 3943 muxnet_get(mux_net); 3944 3945 skb_queue_head(&dlci->skb_list, skb); 3946 net->stats.tx_packets++; 3947 net->stats.tx_bytes += skb->len; 3948 gsm_dlci_data_kick(dlci); 3949 /* And tell the kernel when the last transmit started. */ 3950 netif_trans_update(net); 3951 muxnet_put(mux_net); 3952 return NETDEV_TX_OK; 3953 } 3954 3955 /* called when a packet did not ack after watchdogtimeout */ 3956 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 3957 { 3958 /* Tell syslog we are hosed. */ 3959 dev_dbg(&net->dev, "Tx timed out.\n"); 3960 3961 /* Update statistics */ 3962 net->stats.tx_errors++; 3963 } 3964 3965 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, 3966 const unsigned char *in_buf, int size) 3967 { 3968 struct net_device *net = dlci->net; 3969 struct sk_buff *skb; 3970 struct gsm_mux_net *mux_net = netdev_priv(net); 3971 muxnet_get(mux_net); 3972 3973 /* Allocate an sk_buff */ 3974 skb = dev_alloc_skb(size + NET_IP_ALIGN); 3975 if (!skb) { 3976 /* We got no receive buffer. */ 3977 net->stats.rx_dropped++; 3978 muxnet_put(mux_net); 3979 return; 3980 } 3981 skb_reserve(skb, NET_IP_ALIGN); 3982 skb_put_data(skb, in_buf, size); 3983 3984 skb->dev = net; 3985 skb->protocol = htons(ETH_P_IP); 3986 3987 /* Ship it off to the kernel */ 3988 netif_rx(skb); 3989 3990 /* update out statistics */ 3991 net->stats.rx_packets++; 3992 net->stats.rx_bytes += size; 3993 muxnet_put(mux_net); 3994 return; 3995 } 3996 3997 static void gsm_mux_net_init(struct net_device *net) 3998 { 3999 static const struct net_device_ops gsm_netdev_ops = { 4000 .ndo_open = gsm_mux_net_open, 4001 .ndo_stop = gsm_mux_net_close, 4002 .ndo_start_xmit = gsm_mux_net_start_xmit, 4003 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 4004 }; 4005 4006 net->netdev_ops = &gsm_netdev_ops; 4007 4008 /* fill in the other fields */ 4009 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 4010 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 4011 net->type = ARPHRD_NONE; 4012 net->tx_queue_len = 10; 4013 } 4014 4015 4016 /* caller holds the dlci mutex */ 4017 static void gsm_destroy_network(struct gsm_dlci *dlci) 4018 { 4019 struct gsm_mux_net *mux_net; 4020 4021 pr_debug("destroy network interface\n"); 4022 if (!dlci->net) 4023 return; 4024 mux_net = netdev_priv(dlci->net); 4025 muxnet_put(mux_net); 4026 } 4027 4028 4029 /* caller holds the dlci mutex */ 4030 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 4031 { 4032 char *netname; 4033 int retval = 0; 4034 struct net_device *net; 4035 struct gsm_mux_net *mux_net; 4036 4037 if (!capable(CAP_NET_ADMIN)) 4038 return -EPERM; 4039 4040 /* Already in a non tty mode */ 4041 if (dlci->adaption > 2) 4042 return -EBUSY; 4043 4044 if (nc->protocol != htons(ETH_P_IP)) 4045 return -EPROTONOSUPPORT; 4046 4047 if (nc->adaption != 3 && nc->adaption != 4) 4048 return -EPROTONOSUPPORT; 4049 4050 pr_debug("create network interface\n"); 4051 4052 netname = "gsm%d"; 4053 if (nc->if_name[0] != '\0') 4054 netname = nc->if_name; 4055 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 4056 NET_NAME_UNKNOWN, gsm_mux_net_init); 4057 if (!net) { 4058 pr_err("alloc_netdev failed\n"); 4059 return -ENOMEM; 4060 } 4061 net->mtu = dlci->mtu; 4062 net->min_mtu = MIN_MTU; 4063 net->max_mtu = dlci->mtu; 4064 mux_net = netdev_priv(net); 4065 mux_net->dlci = dlci; 4066 kref_init(&mux_net->ref); 4067 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */ 4068 4069 /* reconfigure dlci for network */ 4070 dlci->prev_adaption = dlci->adaption; 4071 dlci->prev_data = dlci->data; 4072 dlci->adaption = nc->adaption; 4073 dlci->data = gsm_mux_rx_netchar; 4074 dlci->net = net; 4075 4076 pr_debug("register netdev\n"); 4077 retval = register_netdev(net); 4078 if (retval) { 4079 pr_err("network register fail %d\n", retval); 4080 dlci_net_free(dlci); 4081 return retval; 4082 } 4083 return net->ifindex; /* return network index */ 4084 } 4085 4086 /* Line discipline for real tty */ 4087 static struct tty_ldisc_ops tty_ldisc_packet = { 4088 .owner = THIS_MODULE, 4089 .num = N_GSM0710, 4090 .name = "n_gsm", 4091 .open = gsmld_open, 4092 .close = gsmld_close, 4093 .flush_buffer = gsmld_flush_buffer, 4094 .read = gsmld_read, 4095 .write = gsmld_write, 4096 .ioctl = gsmld_ioctl, 4097 .poll = gsmld_poll, 4098 .receive_buf = gsmld_receive_buf, 4099 .write_wakeup = gsmld_write_wakeup 4100 }; 4101 4102 /* 4103 * Virtual tty side 4104 */ 4105 4106 /** 4107 * gsm_modem_upd_via_data - send modem bits via convergence layer 4108 * @dlci: channel 4109 * @brk: break signal 4110 * 4111 * Send an empty frame to signal mobile state changes and to transmit the 4112 * break signal for adaption 2. 4113 */ 4114 4115 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk) 4116 { 4117 struct gsm_mux *gsm = dlci->gsm; 4118 unsigned long flags; 4119 4120 if (dlci->state != DLCI_OPEN || dlci->adaption != 2) 4121 return; 4122 4123 spin_lock_irqsave(&gsm->tx_lock, flags); 4124 gsm_dlci_modem_output(gsm, dlci, brk); 4125 spin_unlock_irqrestore(&gsm->tx_lock, flags); 4126 } 4127 4128 /** 4129 * gsm_modem_upd_via_msc - send modem bits via control frame 4130 * @dlci: channel 4131 * @brk: break signal 4132 */ 4133 4134 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk) 4135 { 4136 u8 modembits[3]; 4137 struct gsm_control *ctrl; 4138 int len = 2; 4139 4140 if (dlci->gsm->encoding != GSM_BASIC_OPT) 4141 return 0; 4142 4143 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ 4144 if (!brk) { 4145 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; 4146 } else { 4147 modembits[1] = gsm_encode_modem(dlci) << 1; 4148 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */ 4149 len++; 4150 } 4151 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len); 4152 if (ctrl == NULL) 4153 return -ENOMEM; 4154 return gsm_control_wait(dlci->gsm, ctrl); 4155 } 4156 4157 /** 4158 * gsm_modem_update - send modem status line state 4159 * @dlci: channel 4160 * @brk: break signal 4161 */ 4162 4163 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk) 4164 { 4165 if (dlci->gsm->dead) 4166 return -EL2HLT; 4167 if (dlci->adaption == 2) { 4168 /* Send convergence layer type 2 empty data frame. */ 4169 gsm_modem_upd_via_data(dlci, brk); 4170 return 0; 4171 } else if (dlci->gsm->encoding == GSM_BASIC_OPT) { 4172 /* Send as MSC control message. */ 4173 return gsm_modem_upd_via_msc(dlci, brk); 4174 } 4175 4176 /* Modem status lines are not supported. */ 4177 return -EPROTONOSUPPORT; 4178 } 4179 4180 /** 4181 * gsm_wait_modem_change - wait for modem status line change 4182 * @dlci: channel 4183 * @mask: modem status line bits 4184 * 4185 * The function returns if: 4186 * - any given modem status line bit changed 4187 * - the wait event function got interrupted (e.g. by a signal) 4188 * - the underlying DLCI was closed 4189 * - the underlying ldisc device was removed 4190 */ 4191 static int gsm_wait_modem_change(struct gsm_dlci *dlci, u32 mask) 4192 { 4193 struct gsm_mux *gsm = dlci->gsm; 4194 u32 old = dlci->modem_rx; 4195 int ret; 4196 4197 ret = wait_event_interruptible(gsm->event, gsm->dead || 4198 dlci->state != DLCI_OPEN || 4199 (old ^ dlci->modem_rx) & mask); 4200 if (gsm->dead) 4201 return -ENODEV; 4202 if (dlci->state != DLCI_OPEN) 4203 return -EL2NSYNC; 4204 return ret; 4205 } 4206 4207 static bool gsm_carrier_raised(struct tty_port *port) 4208 { 4209 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 4210 struct gsm_mux *gsm = dlci->gsm; 4211 4212 /* Not yet open so no carrier info */ 4213 if (dlci->state != DLCI_OPEN) 4214 return false; 4215 if (debug & DBG_CD_ON) 4216 return true; 4217 4218 /* 4219 * Basic mode with control channel in ADM mode may not respond 4220 * to CMD_MSC at all and modem_rx is empty. 4221 */ 4222 if (gsm->encoding == GSM_BASIC_OPT && 4223 gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx) 4224 return true; 4225 4226 return dlci->modem_rx & TIOCM_CD; 4227 } 4228 4229 static void gsm_dtr_rts(struct tty_port *port, bool active) 4230 { 4231 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 4232 unsigned int modem_tx = dlci->modem_tx; 4233 if (active) 4234 modem_tx |= TIOCM_DTR | TIOCM_RTS; 4235 else 4236 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 4237 if (modem_tx != dlci->modem_tx) { 4238 dlci->modem_tx = modem_tx; 4239 gsm_modem_update(dlci, 0); 4240 } 4241 } 4242 4243 static const struct tty_port_operations gsm_port_ops = { 4244 .carrier_raised = gsm_carrier_raised, 4245 .dtr_rts = gsm_dtr_rts, 4246 .destruct = gsm_dlci_free, 4247 }; 4248 4249 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 4250 { 4251 struct gsm_mux *gsm; 4252 struct gsm_dlci *dlci; 4253 unsigned int line = tty->index; 4254 unsigned int mux = mux_line_to_num(line); 4255 bool alloc = false; 4256 int ret; 4257 4258 line = line & 0x3F; 4259 4260 if (mux >= MAX_MUX) 4261 return -ENXIO; 4262 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 4263 if (gsm_mux[mux] == NULL) 4264 return -EUNATCH; 4265 if (line == 0 || line > 61) /* 62/63 reserved */ 4266 return -ECHRNG; 4267 gsm = gsm_mux[mux]; 4268 if (gsm->dead) 4269 return -EL2HLT; 4270 /* If DLCI 0 is not yet fully open return an error. 4271 This is ok from a locking 4272 perspective as we don't have to worry about this 4273 if DLCI0 is lost */ 4274 mutex_lock(&gsm->mutex); 4275 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) { 4276 mutex_unlock(&gsm->mutex); 4277 return -EL2NSYNC; 4278 } 4279 dlci = gsm->dlci[line]; 4280 if (dlci == NULL) { 4281 alloc = true; 4282 dlci = gsm_dlci_alloc(gsm, line); 4283 } 4284 if (dlci == NULL) { 4285 mutex_unlock(&gsm->mutex); 4286 return -ENOMEM; 4287 } 4288 ret = tty_port_install(&dlci->port, driver, tty); 4289 if (ret) { 4290 if (alloc) 4291 dlci_put(dlci); 4292 mutex_unlock(&gsm->mutex); 4293 return ret; 4294 } 4295 4296 dlci_get(dlci); 4297 dlci_get(gsm->dlci[0]); 4298 mux_get(gsm); 4299 tty->driver_data = dlci; 4300 mutex_unlock(&gsm->mutex); 4301 4302 return 0; 4303 } 4304 4305 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 4306 { 4307 struct gsm_dlci *dlci = tty->driver_data; 4308 struct tty_port *port = &dlci->port; 4309 4310 port->count++; 4311 tty_port_tty_set(port, tty); 4312 4313 dlci->modem_rx = 0; 4314 /* We could in theory open and close before we wait - eg if we get 4315 a DM straight back. This is ok as that will have caused a hangup */ 4316 tty_port_set_initialized(port, true); 4317 /* Start sending off SABM messages */ 4318 if (!dlci->gsm->wait_config) { 4319 /* Start sending off SABM messages */ 4320 if (dlci->gsm->initiator) 4321 gsm_dlci_begin_open(dlci); 4322 else 4323 gsm_dlci_set_opening(dlci); 4324 } else { 4325 gsm_dlci_set_wait_config(dlci); 4326 } 4327 /* And wait for virtual carrier */ 4328 return tty_port_block_til_ready(port, tty, filp); 4329 } 4330 4331 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 4332 { 4333 struct gsm_dlci *dlci = tty->driver_data; 4334 4335 if (dlci == NULL) 4336 return; 4337 if (dlci->state == DLCI_CLOSED) 4338 return; 4339 mutex_lock(&dlci->mutex); 4340 gsm_destroy_network(dlci); 4341 mutex_unlock(&dlci->mutex); 4342 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 4343 return; 4344 gsm_dlci_begin_close(dlci); 4345 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 4346 tty_port_lower_dtr_rts(&dlci->port); 4347 tty_port_close_end(&dlci->port, tty); 4348 tty_port_tty_set(&dlci->port, NULL); 4349 return; 4350 } 4351 4352 static void gsmtty_hangup(struct tty_struct *tty) 4353 { 4354 struct gsm_dlci *dlci = tty->driver_data; 4355 if (dlci->state == DLCI_CLOSED) 4356 return; 4357 tty_port_hangup(&dlci->port); 4358 gsm_dlci_begin_close(dlci); 4359 } 4360 4361 static ssize_t gsmtty_write(struct tty_struct *tty, const u8 *buf, size_t len) 4362 { 4363 int sent; 4364 struct gsm_dlci *dlci = tty->driver_data; 4365 if (dlci->state == DLCI_CLOSED) 4366 return -EINVAL; 4367 /* Stuff the bytes into the fifo queue */ 4368 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 4369 /* Need to kick the channel */ 4370 gsm_dlci_data_kick(dlci); 4371 return sent; 4372 } 4373 4374 static unsigned int gsmtty_write_room(struct tty_struct *tty) 4375 { 4376 struct gsm_dlci *dlci = tty->driver_data; 4377 if (dlci->state == DLCI_CLOSED) 4378 return 0; 4379 return kfifo_avail(&dlci->fifo); 4380 } 4381 4382 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty) 4383 { 4384 struct gsm_dlci *dlci = tty->driver_data; 4385 if (dlci->state == DLCI_CLOSED) 4386 return 0; 4387 return kfifo_len(&dlci->fifo); 4388 } 4389 4390 static void gsmtty_flush_buffer(struct tty_struct *tty) 4391 { 4392 struct gsm_dlci *dlci = tty->driver_data; 4393 unsigned long flags; 4394 4395 if (dlci->state == DLCI_CLOSED) 4396 return; 4397 /* Caution needed: If we implement reliable transport classes 4398 then the data being transmitted can't simply be junked once 4399 it has first hit the stack. Until then we can just blow it 4400 away */ 4401 spin_lock_irqsave(&dlci->lock, flags); 4402 kfifo_reset(&dlci->fifo); 4403 spin_unlock_irqrestore(&dlci->lock, flags); 4404 /* Need to unhook this DLCI from the transmit queue logic */ 4405 } 4406 4407 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 4408 { 4409 /* The FIFO handles the queue so the kernel will do the right 4410 thing waiting on chars_in_buffer before calling us. No work 4411 to do here */ 4412 } 4413 4414 static int gsmtty_tiocmget(struct tty_struct *tty) 4415 { 4416 struct gsm_dlci *dlci = tty->driver_data; 4417 if (dlci->state == DLCI_CLOSED) 4418 return -EINVAL; 4419 return dlci->modem_rx; 4420 } 4421 4422 static int gsmtty_tiocmset(struct tty_struct *tty, 4423 unsigned int set, unsigned int clear) 4424 { 4425 struct gsm_dlci *dlci = tty->driver_data; 4426 unsigned int modem_tx = dlci->modem_tx; 4427 4428 if (dlci->state == DLCI_CLOSED) 4429 return -EINVAL; 4430 modem_tx &= ~clear; 4431 modem_tx |= set; 4432 4433 if (modem_tx != dlci->modem_tx) { 4434 dlci->modem_tx = modem_tx; 4435 return gsm_modem_update(dlci, 0); 4436 } 4437 return 0; 4438 } 4439 4440 4441 static int gsmtty_ioctl(struct tty_struct *tty, 4442 unsigned int cmd, unsigned long arg) 4443 { 4444 struct gsm_dlci *dlci = tty->driver_data; 4445 struct gsm_netconfig nc; 4446 struct gsm_dlci_config dc; 4447 int index; 4448 4449 if (dlci->state == DLCI_CLOSED) 4450 return -EINVAL; 4451 switch (cmd) { 4452 case GSMIOC_ENABLE_NET: 4453 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 4454 return -EFAULT; 4455 nc.if_name[IFNAMSIZ-1] = '\0'; 4456 /* return net interface index or error code */ 4457 mutex_lock(&dlci->mutex); 4458 index = gsm_create_network(dlci, &nc); 4459 mutex_unlock(&dlci->mutex); 4460 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 4461 return -EFAULT; 4462 return index; 4463 case GSMIOC_DISABLE_NET: 4464 if (!capable(CAP_NET_ADMIN)) 4465 return -EPERM; 4466 mutex_lock(&dlci->mutex); 4467 gsm_destroy_network(dlci); 4468 mutex_unlock(&dlci->mutex); 4469 return 0; 4470 case GSMIOC_GETCONF_DLCI: 4471 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 4472 return -EFAULT; 4473 if (dc.channel != dlci->addr) 4474 return -EPERM; 4475 gsm_dlci_copy_config_values(dlci, &dc); 4476 if (copy_to_user((void __user *)arg, &dc, sizeof(dc))) 4477 return -EFAULT; 4478 return 0; 4479 case GSMIOC_SETCONF_DLCI: 4480 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 4481 return -EFAULT; 4482 if (dc.channel >= NUM_DLCI) 4483 return -EINVAL; 4484 if (dc.channel != 0 && dc.channel != dlci->addr) 4485 return -EPERM; 4486 return gsm_dlci_config(dlci, &dc, 1); 4487 case TIOCMIWAIT: 4488 return gsm_wait_modem_change(dlci, (u32)arg); 4489 default: 4490 return -ENOIOCTLCMD; 4491 } 4492 } 4493 4494 static void gsmtty_set_termios(struct tty_struct *tty, 4495 const struct ktermios *old) 4496 { 4497 struct gsm_dlci *dlci = tty->driver_data; 4498 if (dlci->state == DLCI_CLOSED) 4499 return; 4500 /* For the moment its fixed. In actual fact the speed information 4501 for the virtual channel can be propogated in both directions by 4502 the RPN control message. This however rapidly gets nasty as we 4503 then have to remap modem signals each way according to whether 4504 our virtual cable is null modem etc .. */ 4505 tty_termios_copy_hw(&tty->termios, old); 4506 } 4507 4508 static void gsmtty_throttle(struct tty_struct *tty) 4509 { 4510 struct gsm_dlci *dlci = tty->driver_data; 4511 if (dlci->state == DLCI_CLOSED) 4512 return; 4513 if (C_CRTSCTS(tty)) 4514 dlci->modem_tx &= ~TIOCM_RTS; 4515 dlci->throttled = true; 4516 /* Send an MSC with RTS cleared */ 4517 gsm_modem_update(dlci, 0); 4518 } 4519 4520 static void gsmtty_unthrottle(struct tty_struct *tty) 4521 { 4522 struct gsm_dlci *dlci = tty->driver_data; 4523 if (dlci->state == DLCI_CLOSED) 4524 return; 4525 if (C_CRTSCTS(tty)) 4526 dlci->modem_tx |= TIOCM_RTS; 4527 dlci->throttled = false; 4528 /* Send an MSC with RTS set */ 4529 gsm_modem_update(dlci, 0); 4530 } 4531 4532 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 4533 { 4534 struct gsm_dlci *dlci = tty->driver_data; 4535 int encode = 0; /* Off */ 4536 if (dlci->state == DLCI_CLOSED) 4537 return -EINVAL; 4538 4539 if (state == -1) /* "On indefinitely" - we can't encode this 4540 properly */ 4541 encode = 0x0F; 4542 else if (state > 0) { 4543 encode = state / 200; /* mS to encoding */ 4544 if (encode > 0x0F) 4545 encode = 0x0F; /* Best effort */ 4546 } 4547 return gsm_modem_update(dlci, encode); 4548 } 4549 4550 static void gsmtty_cleanup(struct tty_struct *tty) 4551 { 4552 struct gsm_dlci *dlci = tty->driver_data; 4553 struct gsm_mux *gsm = dlci->gsm; 4554 4555 dlci_put(dlci); 4556 dlci_put(gsm->dlci[0]); 4557 mux_put(gsm); 4558 } 4559 4560 /* Virtual ttys for the demux */ 4561 static const struct tty_operations gsmtty_ops = { 4562 .install = gsmtty_install, 4563 .open = gsmtty_open, 4564 .close = gsmtty_close, 4565 .write = gsmtty_write, 4566 .write_room = gsmtty_write_room, 4567 .chars_in_buffer = gsmtty_chars_in_buffer, 4568 .flush_buffer = gsmtty_flush_buffer, 4569 .ioctl = gsmtty_ioctl, 4570 .throttle = gsmtty_throttle, 4571 .unthrottle = gsmtty_unthrottle, 4572 .set_termios = gsmtty_set_termios, 4573 .hangup = gsmtty_hangup, 4574 .wait_until_sent = gsmtty_wait_until_sent, 4575 .tiocmget = gsmtty_tiocmget, 4576 .tiocmset = gsmtty_tiocmset, 4577 .break_ctl = gsmtty_break_ctl, 4578 .cleanup = gsmtty_cleanup, 4579 }; 4580 4581 4582 4583 static int __init gsm_init(void) 4584 { 4585 /* Fill in our line protocol discipline, and register it */ 4586 int status = tty_register_ldisc(&tty_ldisc_packet); 4587 if (status != 0) { 4588 pr_err("n_gsm: can't register line discipline (err = %d)\n", 4589 status); 4590 return status; 4591 } 4592 4593 gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW | 4594 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK); 4595 if (IS_ERR(gsm_tty_driver)) { 4596 pr_err("gsm_init: tty allocation failed.\n"); 4597 status = PTR_ERR(gsm_tty_driver); 4598 goto err_unreg_ldisc; 4599 } 4600 gsm_tty_driver->driver_name = "gsmtty"; 4601 gsm_tty_driver->name = "gsmtty"; 4602 gsm_tty_driver->major = 0; /* Dynamic */ 4603 gsm_tty_driver->minor_start = 0; 4604 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 4605 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 4606 gsm_tty_driver->init_termios = tty_std_termios; 4607 /* Fixme */ 4608 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 4609 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 4610 4611 if (tty_register_driver(gsm_tty_driver)) { 4612 pr_err("gsm_init: tty registration failed.\n"); 4613 status = -EBUSY; 4614 goto err_put_driver; 4615 } 4616 pr_debug("gsm_init: loaded as %d,%d.\n", 4617 gsm_tty_driver->major, gsm_tty_driver->minor_start); 4618 return 0; 4619 err_put_driver: 4620 tty_driver_kref_put(gsm_tty_driver); 4621 err_unreg_ldisc: 4622 tty_unregister_ldisc(&tty_ldisc_packet); 4623 return status; 4624 } 4625 4626 static void __exit gsm_exit(void) 4627 { 4628 tty_unregister_ldisc(&tty_ldisc_packet); 4629 tty_unregister_driver(gsm_tty_driver); 4630 tty_driver_kref_put(gsm_tty_driver); 4631 } 4632 4633 module_init(gsm_init); 4634 module_exit(gsm_exit); 4635 4636 4637 MODULE_LICENSE("GPL"); 4638 MODULE_ALIAS_LDISC(N_GSM0710); 4639