1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 7 * 8 * TO DO: 9 * Mostly done: ioctls for setting modes/timing 10 * Partly done: hooks so you can pull off frames to non tty devs 11 * Restart DLCI 0 when it closes ? 12 * Improve the tx engine 13 * Resolve tx side locking by adding a queue_head and routing 14 * all control traffic via it 15 * General tidy/document 16 * Review the locking/move to refcounts more (mux now moved to an 17 * alloc/free model ready) 18 * Use newest tty open/close port helpers and install hooks 19 * What to do about power functions ? 20 * Termios setting and negotiation 21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 22 * 23 */ 24 25 #include <linux/types.h> 26 #include <linux/major.h> 27 #include <linux/errno.h> 28 #include <linux/signal.h> 29 #include <linux/fcntl.h> 30 #include <linux/sched/signal.h> 31 #include <linux/interrupt.h> 32 #include <linux/tty.h> 33 #include <linux/ctype.h> 34 #include <linux/mm.h> 35 #include <linux/string.h> 36 #include <linux/slab.h> 37 #include <linux/poll.h> 38 #include <linux/bitops.h> 39 #include <linux/file.h> 40 #include <linux/uaccess.h> 41 #include <linux/module.h> 42 #include <linux/timer.h> 43 #include <linux/tty_flip.h> 44 #include <linux/tty_driver.h> 45 #include <linux/serial.h> 46 #include <linux/kfifo.h> 47 #include <linux/skbuff.h> 48 #include <net/arp.h> 49 #include <linux/ip.h> 50 #include <linux/netdevice.h> 51 #include <linux/etherdevice.h> 52 #include <linux/gsmmux.h> 53 #include "tty.h" 54 55 static int debug; 56 module_param(debug, int, 0600); 57 58 /* Defaults: these are from the specification */ 59 60 #define T1 10 /* 100mS */ 61 #define T2 34 /* 333mS */ 62 #define N2 3 /* Retry 3 times */ 63 64 /* Use long timers for testing at low speed with debug on */ 65 #ifdef DEBUG_TIMING 66 #define T1 100 67 #define T2 200 68 #endif 69 70 /* 71 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 72 * limits so this is plenty 73 */ 74 #define MAX_MRU 1500 75 #define MAX_MTU 1500 76 #define GSM_NET_TX_TIMEOUT (HZ*10) 77 78 /* 79 * struct gsm_mux_net - network interface 80 * 81 * Created when net interface is initialized. 82 */ 83 struct gsm_mux_net { 84 struct kref ref; 85 struct gsm_dlci *dlci; 86 }; 87 88 /* 89 * Each block of data we have queued to go out is in the form of 90 * a gsm_msg which holds everything we need in a link layer independent 91 * format 92 */ 93 94 struct gsm_msg { 95 struct list_head list; 96 u8 addr; /* DLCI address + flags */ 97 u8 ctrl; /* Control byte + flags */ 98 unsigned int len; /* Length of data block (can be zero) */ 99 unsigned char *data; /* Points into buffer but not at the start */ 100 unsigned char buffer[]; 101 }; 102 103 enum gsm_dlci_state { 104 DLCI_CLOSED, 105 DLCI_OPENING, /* Sending SABM not seen UA */ 106 DLCI_OPEN, /* SABM/UA complete */ 107 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 108 }; 109 110 enum gsm_dlci_mode { 111 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 112 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 113 }; 114 115 /* 116 * Each active data link has a gsm_dlci structure associated which ties 117 * the link layer to an optional tty (if the tty side is open). To avoid 118 * complexity right now these are only ever freed up when the mux is 119 * shut down. 120 * 121 * At the moment we don't free DLCI objects until the mux is torn down 122 * this avoid object life time issues but might be worth review later. 123 */ 124 125 struct gsm_dlci { 126 struct gsm_mux *gsm; 127 int addr; 128 enum gsm_dlci_state state; 129 struct mutex mutex; 130 131 /* Link layer */ 132 enum gsm_dlci_mode mode; 133 spinlock_t lock; /* Protects the internal state */ 134 struct timer_list t1; /* Retransmit timer for SABM and UA */ 135 int retries; 136 /* Uplink tty if active */ 137 struct tty_port port; /* The tty bound to this DLCI if there is one */ 138 struct kfifo fifo; /* Queue fifo for the DLCI */ 139 int adaption; /* Adaption layer in use */ 140 int prev_adaption; 141 u32 modem_rx; /* Our incoming virtual modem lines */ 142 u32 modem_tx; /* Our outgoing modem lines */ 143 bool dead; /* Refuse re-open */ 144 /* Flow control */ 145 bool throttled; /* Private copy of throttle state */ 146 bool constipated; /* Throttle status for outgoing */ 147 /* Packetised I/O */ 148 struct sk_buff *skb; /* Frame being sent */ 149 struct sk_buff_head skb_list; /* Queued frames */ 150 /* Data handling callback */ 151 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 152 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 153 struct net_device *net; /* network interface, if created */ 154 }; 155 156 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 157 158 #define NUM_DLCI 64 159 160 /* 161 * DLCI 0 is used to pass control blocks out of band of the data 162 * flow (and with a higher link priority). One command can be outstanding 163 * at a time and we use this structure to manage them. They are created 164 * and destroyed by the user context, and updated by the receive paths 165 * and timers 166 */ 167 168 struct gsm_control { 169 u8 cmd; /* Command we are issuing */ 170 u8 *data; /* Data for the command in case we retransmit */ 171 int len; /* Length of block for retransmission */ 172 int done; /* Done flag */ 173 int error; /* Error if any */ 174 }; 175 176 enum gsm_mux_state { 177 GSM_SEARCH, 178 GSM_START, 179 GSM_ADDRESS, 180 GSM_CONTROL, 181 GSM_LEN, 182 GSM_DATA, 183 GSM_FCS, 184 GSM_OVERRUN, 185 GSM_LEN0, 186 GSM_LEN1, 187 GSM_SSOF, 188 }; 189 190 /* 191 * Each GSM mux we have is represented by this structure. If we are 192 * operating as an ldisc then we use this structure as our ldisc 193 * state. We need to sort out lifetimes and locking with respect 194 * to the gsm mux array. For now we don't free DLCI objects that 195 * have been instantiated until the mux itself is terminated. 196 * 197 * To consider further: tty open versus mux shutdown. 198 */ 199 200 struct gsm_mux { 201 struct tty_struct *tty; /* The tty our ldisc is bound to */ 202 spinlock_t lock; 203 struct mutex mutex; 204 unsigned int num; 205 struct kref ref; 206 207 /* Events on the GSM channel */ 208 wait_queue_head_t event; 209 210 /* Bits for GSM mode decoding */ 211 212 /* Framing Layer */ 213 unsigned char *buf; 214 enum gsm_mux_state state; 215 unsigned int len; 216 unsigned int address; 217 unsigned int count; 218 bool escape; 219 int encoding; 220 u8 control; 221 u8 fcs; 222 u8 received_fcs; 223 u8 *txframe; /* TX framing buffer */ 224 225 /* Method for the receiver side */ 226 void (*receive)(struct gsm_mux *gsm, u8 ch); 227 228 /* Link Layer */ 229 unsigned int mru; 230 unsigned int mtu; 231 int initiator; /* Did we initiate connection */ 232 bool dead; /* Has the mux been shut down */ 233 struct gsm_dlci *dlci[NUM_DLCI]; 234 bool constipated; /* Asked by remote to shut up */ 235 236 spinlock_t tx_lock; 237 unsigned int tx_bytes; /* TX data outstanding */ 238 #define TX_THRESH_HI 8192 239 #define TX_THRESH_LO 2048 240 struct list_head tx_list; /* Pending data packets */ 241 242 /* Control messages */ 243 struct timer_list t2_timer; /* Retransmit timer for commands */ 244 int cretries; /* Command retry counter */ 245 struct gsm_control *pending_cmd;/* Our current pending command */ 246 spinlock_t control_lock; /* Protects the pending command */ 247 248 /* Configuration */ 249 int adaption; /* 1 or 2 supported */ 250 u8 ftype; /* UI or UIH */ 251 int t1, t2; /* Timers in 1/100th of a sec */ 252 int n2; /* Retry count */ 253 254 /* Statistics (not currently exposed) */ 255 unsigned long bad_fcs; 256 unsigned long malformed; 257 unsigned long io_error; 258 unsigned long bad_size; 259 unsigned long unsupported; 260 }; 261 262 263 /* 264 * Mux objects - needed so that we can translate a tty index into the 265 * relevant mux and DLCI. 266 */ 267 268 #define MAX_MUX 4 /* 256 minors */ 269 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 270 static DEFINE_SPINLOCK(gsm_mux_lock); 271 272 static struct tty_driver *gsm_tty_driver; 273 274 /* Save dlci open address */ 275 static int addr_open[256] = { 0 }; 276 /* Save dlci open count */ 277 static int addr_cnt; 278 /* 279 * This section of the driver logic implements the GSM encodings 280 * both the basic and the 'advanced'. Reliable transport is not 281 * supported. 282 */ 283 284 #define CR 0x02 285 #define EA 0x01 286 #define PF 0x10 287 288 /* I is special: the rest are ..*/ 289 #define RR 0x01 290 #define UI 0x03 291 #define RNR 0x05 292 #define REJ 0x09 293 #define DM 0x0F 294 #define SABM 0x2F 295 #define DISC 0x43 296 #define UA 0x63 297 #define UIH 0xEF 298 299 /* Channel commands */ 300 #define CMD_NSC 0x09 301 #define CMD_TEST 0x11 302 #define CMD_PSC 0x21 303 #define CMD_RLS 0x29 304 #define CMD_FCOFF 0x31 305 #define CMD_PN 0x41 306 #define CMD_RPN 0x49 307 #define CMD_FCON 0x51 308 #define CMD_CLD 0x61 309 #define CMD_SNC 0x69 310 #define CMD_MSC 0x71 311 312 /* Virtual modem bits */ 313 #define MDM_FC 0x01 314 #define MDM_RTC 0x02 315 #define MDM_RTR 0x04 316 #define MDM_IC 0x20 317 #define MDM_DV 0x40 318 319 #define GSM0_SOF 0xF9 320 #define GSM1_SOF 0x7E 321 #define GSM1_ESCAPE 0x7D 322 #define GSM1_ESCAPE_BITS 0x20 323 #define XON 0x11 324 #define XOFF 0x13 325 #define ISO_IEC_646_MASK 0x7F 326 327 static const struct tty_port_operations gsm_port_ops; 328 329 /* 330 * CRC table for GSM 0710 331 */ 332 333 static const u8 gsm_fcs8[256] = { 334 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 335 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 336 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 337 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 338 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 339 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 340 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 341 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 342 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 343 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 344 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 345 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 346 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 347 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 348 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 349 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 350 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 351 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 352 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 353 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 354 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 355 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 356 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 357 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 358 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 359 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 360 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 361 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 362 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 363 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 364 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 365 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 366 }; 367 368 #define INIT_FCS 0xFF 369 #define GOOD_FCS 0xCF 370 371 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len); 372 373 /** 374 * gsm_fcs_add - update FCS 375 * @fcs: Current FCS 376 * @c: Next data 377 * 378 * Update the FCS to include c. Uses the algorithm in the specification 379 * notes. 380 */ 381 382 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 383 { 384 return gsm_fcs8[fcs ^ c]; 385 } 386 387 /** 388 * gsm_fcs_add_block - update FCS for a block 389 * @fcs: Current FCS 390 * @c: buffer of data 391 * @len: length of buffer 392 * 393 * Update the FCS to include c. Uses the algorithm in the specification 394 * notes. 395 */ 396 397 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 398 { 399 while (len--) 400 fcs = gsm_fcs8[fcs ^ *c++]; 401 return fcs; 402 } 403 404 /** 405 * gsm_read_ea - read a byte into an EA 406 * @val: variable holding value 407 * @c: byte going into the EA 408 * 409 * Processes one byte of an EA. Updates the passed variable 410 * and returns 1 if the EA is now completely read 411 */ 412 413 static int gsm_read_ea(unsigned int *val, u8 c) 414 { 415 /* Add the next 7 bits into the value */ 416 *val <<= 7; 417 *val |= c >> 1; 418 /* Was this the last byte of the EA 1 = yes*/ 419 return c & EA; 420 } 421 422 /** 423 * gsm_encode_modem - encode modem data bits 424 * @dlci: DLCI to encode from 425 * 426 * Returns the correct GSM encoded modem status bits (6 bit field) for 427 * the current status of the DLCI and attached tty object 428 */ 429 430 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 431 { 432 u8 modembits = 0; 433 /* FC is true flow control not modem bits */ 434 if (dlci->throttled) 435 modembits |= MDM_FC; 436 if (dlci->modem_tx & TIOCM_DTR) 437 modembits |= MDM_RTC; 438 if (dlci->modem_tx & TIOCM_RTS) 439 modembits |= MDM_RTR; 440 if (dlci->modem_tx & TIOCM_RI) 441 modembits |= MDM_IC; 442 if (dlci->modem_tx & TIOCM_CD) 443 modembits |= MDM_DV; 444 return modembits; 445 } 446 447 /** 448 * gsm_print_packet - display a frame for debug 449 * @hdr: header to print before decode 450 * @addr: address EA from the frame 451 * @cr: C/R bit from the frame 452 * @control: control including PF bit 453 * @data: following data bytes 454 * @dlen: length of data 455 * 456 * Displays a packet in human readable format for debugging purposes. The 457 * style is based on amateur radio LAP-B dump display. 458 */ 459 460 static void gsm_print_packet(const char *hdr, int addr, int cr, 461 u8 control, const u8 *data, int dlen) 462 { 463 if (!(debug & 1)) 464 return; 465 466 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 467 468 switch (control & ~PF) { 469 case SABM: 470 pr_cont("SABM"); 471 break; 472 case UA: 473 pr_cont("UA"); 474 break; 475 case DISC: 476 pr_cont("DISC"); 477 break; 478 case DM: 479 pr_cont("DM"); 480 break; 481 case UI: 482 pr_cont("UI"); 483 break; 484 case UIH: 485 pr_cont("UIH"); 486 break; 487 default: 488 if (!(control & 0x01)) { 489 pr_cont("I N(S)%d N(R)%d", 490 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 491 } else switch (control & 0x0F) { 492 case RR: 493 pr_cont("RR(%d)", (control & 0xE0) >> 5); 494 break; 495 case RNR: 496 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 497 break; 498 case REJ: 499 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 500 break; 501 default: 502 pr_cont("[%02X]", control); 503 } 504 } 505 506 if (control & PF) 507 pr_cont("(P)"); 508 else 509 pr_cont("(F)"); 510 511 print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen); 512 } 513 514 515 /* 516 * Link level transmission side 517 */ 518 519 /** 520 * gsm_stuff_frame - bytestuff a packet 521 * @input: input buffer 522 * @output: output buffer 523 * @len: length of input 524 * 525 * Expand a buffer by bytestuffing it. The worst case size change 526 * is doubling and the caller is responsible for handing out 527 * suitable sized buffers. 528 */ 529 530 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 531 { 532 int olen = 0; 533 while (len--) { 534 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 535 || (*input & ISO_IEC_646_MASK) == XON 536 || (*input & ISO_IEC_646_MASK) == XOFF) { 537 *output++ = GSM1_ESCAPE; 538 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 539 olen++; 540 } else 541 *output++ = *input++; 542 olen++; 543 } 544 return olen; 545 } 546 547 /** 548 * gsm_send - send a control frame 549 * @gsm: our GSM mux 550 * @addr: address for control frame 551 * @cr: command/response bit 552 * @control: control byte including PF bit 553 * 554 * Format up and transmit a control frame. These do not go via the 555 * queueing logic as they should be transmitted ahead of data when 556 * they are needed. 557 * 558 * FIXME: Lock versus data TX path 559 */ 560 561 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 562 { 563 int len; 564 u8 cbuf[10]; 565 u8 ibuf[3]; 566 567 switch (gsm->encoding) { 568 case 0: 569 cbuf[0] = GSM0_SOF; 570 cbuf[1] = (addr << 2) | (cr << 1) | EA; 571 cbuf[2] = control; 572 cbuf[3] = EA; /* Length of data = 0 */ 573 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3); 574 cbuf[5] = GSM0_SOF; 575 len = 6; 576 break; 577 case 1: 578 case 2: 579 /* Control frame + packing (but not frame stuffing) in mode 1 */ 580 ibuf[0] = (addr << 2) | (cr << 1) | EA; 581 ibuf[1] = control; 582 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2); 583 /* Stuffing may double the size worst case */ 584 len = gsm_stuff_frame(ibuf, cbuf + 1, 3); 585 /* Now add the SOF markers */ 586 cbuf[0] = GSM1_SOF; 587 cbuf[len + 1] = GSM1_SOF; 588 /* FIXME: we can omit the lead one in many cases */ 589 len += 2; 590 break; 591 default: 592 WARN_ON(1); 593 return; 594 } 595 gsmld_output(gsm, cbuf, len); 596 if (!gsm->initiator) { 597 cr = cr & gsm->initiator; 598 control = control & ~PF; 599 } 600 gsm_print_packet("-->", addr, cr, control, NULL, 0); 601 } 602 603 /** 604 * gsm_response - send a control response 605 * @gsm: our GSM mux 606 * @addr: address for control frame 607 * @control: control byte including PF bit 608 * 609 * Format up and transmit a link level response frame. 610 */ 611 612 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 613 { 614 gsm_send(gsm, addr, 1, control); 615 } 616 617 /** 618 * gsm_command - send a control command 619 * @gsm: our GSM mux 620 * @addr: address for control frame 621 * @control: control byte including PF bit 622 * 623 * Format up and transmit a link level command frame. 624 */ 625 626 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 627 { 628 gsm_send(gsm, addr, 1, control); 629 } 630 631 /* Data transmission */ 632 633 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 634 635 /** 636 * gsm_data_alloc - allocate data frame 637 * @gsm: GSM mux 638 * @addr: DLCI address 639 * @len: length excluding header and FCS 640 * @ctrl: control byte 641 * 642 * Allocate a new data buffer for sending frames with data. Space is left 643 * at the front for header bytes but that is treated as an implementation 644 * detail and not for the high level code to use 645 */ 646 647 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 648 u8 ctrl) 649 { 650 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 651 GFP_ATOMIC); 652 if (m == NULL) 653 return NULL; 654 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 655 m->len = len; 656 m->addr = addr; 657 m->ctrl = ctrl; 658 INIT_LIST_HEAD(&m->list); 659 return m; 660 } 661 662 /** 663 * gsm_data_kick - poke the queue 664 * @gsm: GSM Mux 665 * @dlci: DLCI sending the data 666 * 667 * The tty device has called us to indicate that room has appeared in 668 * the transmit queue. Ram more data into the pipe if we have any 669 * If we have been flow-stopped by a CMD_FCOFF, then we can only 670 * send messages on DLCI0 until CMD_FCON 671 * 672 * FIXME: lock against link layer control transmissions 673 */ 674 675 static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci) 676 { 677 struct gsm_msg *msg, *nmsg; 678 int len; 679 680 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) { 681 if (gsm->constipated && msg->addr) 682 continue; 683 if (gsm->encoding != 0) { 684 gsm->txframe[0] = GSM1_SOF; 685 len = gsm_stuff_frame(msg->data, 686 gsm->txframe + 1, msg->len); 687 gsm->txframe[len + 1] = GSM1_SOF; 688 len += 2; 689 } else { 690 gsm->txframe[0] = GSM0_SOF; 691 memcpy(gsm->txframe + 1 , msg->data, msg->len); 692 gsm->txframe[msg->len + 1] = GSM0_SOF; 693 len = msg->len + 2; 694 } 695 696 if (debug & 4) 697 print_hex_dump_bytes("gsm_data_kick: ", 698 DUMP_PREFIX_OFFSET, 699 gsm->txframe, len); 700 if (gsmld_output(gsm, gsm->txframe, len) <= 0) 701 break; 702 /* FIXME: Can eliminate one SOF in many more cases */ 703 gsm->tx_bytes -= msg->len; 704 705 list_del(&msg->list); 706 kfree(msg); 707 708 if (dlci) { 709 tty_port_tty_wakeup(&dlci->port); 710 } else { 711 int i = 0; 712 713 for (i = 0; i < NUM_DLCI; i++) 714 if (gsm->dlci[i]) 715 tty_port_tty_wakeup(&gsm->dlci[i]->port); 716 } 717 } 718 } 719 720 /** 721 * __gsm_data_queue - queue a UI or UIH frame 722 * @dlci: DLCI sending the data 723 * @msg: message queued 724 * 725 * Add data to the transmit queue and try and get stuff moving 726 * out of the mux tty if not already doing so. The Caller must hold 727 * the gsm tx lock. 728 */ 729 730 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 731 { 732 struct gsm_mux *gsm = dlci->gsm; 733 u8 *dp = msg->data; 734 u8 *fcs = dp + msg->len; 735 736 /* Fill in the header */ 737 if (gsm->encoding == 0) { 738 if (msg->len < 128) 739 *--dp = (msg->len << 1) | EA; 740 else { 741 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 742 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 743 } 744 } 745 746 *--dp = msg->ctrl; 747 if (gsm->initiator) 748 *--dp = (msg->addr << 2) | 2 | EA; 749 else 750 *--dp = (msg->addr << 2) | EA; 751 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 752 /* Ugly protocol layering violation */ 753 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 754 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 755 *fcs = 0xFF - *fcs; 756 757 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 758 msg->data, msg->len); 759 760 /* Move the header back and adjust the length, also allow for the FCS 761 now tacked on the end */ 762 msg->len += (msg->data - dp) + 1; 763 msg->data = dp; 764 765 /* Add to the actual output queue */ 766 list_add_tail(&msg->list, &gsm->tx_list); 767 gsm->tx_bytes += msg->len; 768 gsm_data_kick(gsm, dlci); 769 } 770 771 /** 772 * gsm_data_queue - queue a UI or UIH frame 773 * @dlci: DLCI sending the data 774 * @msg: message queued 775 * 776 * Add data to the transmit queue and try and get stuff moving 777 * out of the mux tty if not already doing so. Take the 778 * the gsm tx lock and dlci lock. 779 */ 780 781 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 782 { 783 unsigned long flags; 784 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 785 __gsm_data_queue(dlci, msg); 786 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 787 } 788 789 /** 790 * gsm_dlci_data_output - try and push data out of a DLCI 791 * @gsm: mux 792 * @dlci: the DLCI to pull data from 793 * 794 * Pull data from a DLCI and send it into the transmit queue if there 795 * is data. Keep to the MRU of the mux. This path handles the usual tty 796 * interface which is a byte stream with optional modem data. 797 * 798 * Caller must hold the tx_lock of the mux. 799 */ 800 801 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 802 { 803 struct gsm_msg *msg; 804 u8 *dp; 805 int len, total_size, size; 806 int h = dlci->adaption - 1; 807 808 total_size = 0; 809 while (1) { 810 len = kfifo_len(&dlci->fifo); 811 if (len == 0) 812 return total_size; 813 814 /* MTU/MRU count only the data bits */ 815 if (len > gsm->mtu) 816 len = gsm->mtu; 817 818 size = len + h; 819 820 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 821 /* FIXME: need a timer or something to kick this so it can't 822 get stuck with no work outstanding and no buffer free */ 823 if (msg == NULL) 824 return -ENOMEM; 825 dp = msg->data; 826 switch (dlci->adaption) { 827 case 1: /* Unstructured */ 828 break; 829 case 2: /* Unstructed with modem bits. 830 Always one byte as we never send inline break data */ 831 *dp++ = gsm_encode_modem(dlci); 832 break; 833 } 834 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len); 835 __gsm_data_queue(dlci, msg); 836 total_size += size; 837 } 838 /* Bytes of data we used up */ 839 return total_size; 840 } 841 842 /** 843 * gsm_dlci_data_output_framed - try and push data out of a DLCI 844 * @gsm: mux 845 * @dlci: the DLCI to pull data from 846 * 847 * Pull data from a DLCI and send it into the transmit queue if there 848 * is data. Keep to the MRU of the mux. This path handles framed data 849 * queued as skbuffs to the DLCI. 850 * 851 * Caller must hold the tx_lock of the mux. 852 */ 853 854 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 855 struct gsm_dlci *dlci) 856 { 857 struct gsm_msg *msg; 858 u8 *dp; 859 int len, size; 860 int last = 0, first = 0; 861 int overhead = 0; 862 863 /* One byte per frame is used for B/F flags */ 864 if (dlci->adaption == 4) 865 overhead = 1; 866 867 /* dlci->skb is locked by tx_lock */ 868 if (dlci->skb == NULL) { 869 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 870 if (dlci->skb == NULL) 871 return 0; 872 first = 1; 873 } 874 len = dlci->skb->len + overhead; 875 876 /* MTU/MRU count only the data bits */ 877 if (len > gsm->mtu) { 878 if (dlci->adaption == 3) { 879 /* Over long frame, bin it */ 880 dev_kfree_skb_any(dlci->skb); 881 dlci->skb = NULL; 882 return 0; 883 } 884 len = gsm->mtu; 885 } else 886 last = 1; 887 888 size = len + overhead; 889 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 890 891 /* FIXME: need a timer or something to kick this so it can't 892 get stuck with no work outstanding and no buffer free */ 893 if (msg == NULL) { 894 skb_queue_tail(&dlci->skb_list, dlci->skb); 895 dlci->skb = NULL; 896 return -ENOMEM; 897 } 898 dp = msg->data; 899 900 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 901 /* Flag byte to carry the start/end info */ 902 *dp++ = last << 7 | first << 6 | 1; /* EA */ 903 len--; 904 } 905 memcpy(dp, dlci->skb->data, len); 906 skb_pull(dlci->skb, len); 907 __gsm_data_queue(dlci, msg); 908 if (last) { 909 dev_kfree_skb_any(dlci->skb); 910 dlci->skb = NULL; 911 } 912 return size; 913 } 914 915 /** 916 * gsm_dlci_data_sweep - look for data to send 917 * @gsm: the GSM mux 918 * 919 * Sweep the GSM mux channels in priority order looking for ones with 920 * data to send. We could do with optimising this scan a bit. We aim 921 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 922 * TX_THRESH_LO we get called again 923 * 924 * FIXME: We should round robin between groups and in theory you can 925 * renegotiate DLCI priorities with optional stuff. Needs optimising. 926 */ 927 928 static void gsm_dlci_data_sweep(struct gsm_mux *gsm) 929 { 930 int len; 931 /* Priority ordering: We should do priority with RR of the groups */ 932 int i = 1; 933 934 while (i < NUM_DLCI) { 935 struct gsm_dlci *dlci; 936 937 if (gsm->tx_bytes > TX_THRESH_HI) 938 break; 939 dlci = gsm->dlci[i]; 940 if (dlci == NULL || dlci->constipated) { 941 i++; 942 continue; 943 } 944 if (dlci->adaption < 3 && !dlci->net) 945 len = gsm_dlci_data_output(gsm, dlci); 946 else 947 len = gsm_dlci_data_output_framed(gsm, dlci); 948 if (len < 0) 949 break; 950 /* DLCI empty - try the next */ 951 if (len == 0) 952 i++; 953 } 954 } 955 956 /** 957 * gsm_dlci_data_kick - transmit if possible 958 * @dlci: DLCI to kick 959 * 960 * Transmit data from this DLCI if the queue is empty. We can't rely on 961 * a tty wakeup except when we filled the pipe so we need to fire off 962 * new data ourselves in other cases. 963 */ 964 965 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 966 { 967 unsigned long flags; 968 int sweep; 969 970 if (dlci->constipated) 971 return; 972 973 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 974 /* If we have nothing running then we need to fire up */ 975 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 976 if (dlci->gsm->tx_bytes == 0) { 977 if (dlci->net) 978 gsm_dlci_data_output_framed(dlci->gsm, dlci); 979 else 980 gsm_dlci_data_output(dlci->gsm, dlci); 981 } 982 if (sweep) 983 gsm_dlci_data_sweep(dlci->gsm); 984 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 985 } 986 987 /* 988 * Control message processing 989 */ 990 991 992 /** 993 * gsm_control_reply - send a response frame to a control 994 * @gsm: gsm channel 995 * @cmd: the command to use 996 * @data: data to follow encoded info 997 * @dlen: length of data 998 * 999 * Encode up and queue a UI/UIH frame containing our response. 1000 */ 1001 1002 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 1003 int dlen) 1004 { 1005 struct gsm_msg *msg; 1006 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype); 1007 if (msg == NULL) 1008 return; 1009 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 1010 msg->data[1] = (dlen << 1) | EA; 1011 memcpy(msg->data + 2, data, dlen); 1012 gsm_data_queue(gsm->dlci[0], msg); 1013 } 1014 1015 /** 1016 * gsm_process_modem - process received modem status 1017 * @tty: virtual tty bound to the DLCI 1018 * @dlci: DLCI to affect 1019 * @modem: modem bits (full EA) 1020 * @clen: command length 1021 * 1022 * Used when a modem control message or line state inline in adaption 1023 * layer 2 is processed. Sort out the local modem state and throttles 1024 */ 1025 1026 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1027 u32 modem, int clen) 1028 { 1029 int mlines = 0; 1030 u8 brk = 0; 1031 int fc; 1032 1033 /* The modem status command can either contain one octet (v.24 signals) 1034 or two octets (v.24 signals + break signals). The length field will 1035 either be 2 or 3 respectively. This is specified in section 1036 5.4.6.3.7 of the 27.010 mux spec. */ 1037 1038 if (clen == 2) 1039 modem = modem & 0x7f; 1040 else { 1041 brk = modem & 0x7f; 1042 modem = (modem >> 7) & 0x7f; 1043 } 1044 1045 /* Flow control/ready to communicate */ 1046 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1047 if (fc && !dlci->constipated) { 1048 /* Need to throttle our output on this device */ 1049 dlci->constipated = true; 1050 } else if (!fc && dlci->constipated) { 1051 dlci->constipated = false; 1052 gsm_dlci_data_kick(dlci); 1053 } 1054 1055 /* Map modem bits */ 1056 if (modem & MDM_RTC) 1057 mlines |= TIOCM_DSR | TIOCM_DTR; 1058 if (modem & MDM_RTR) 1059 mlines |= TIOCM_RTS | TIOCM_CTS; 1060 if (modem & MDM_IC) 1061 mlines |= TIOCM_RI; 1062 if (modem & MDM_DV) 1063 mlines |= TIOCM_CD; 1064 1065 /* Carrier drop -> hangup */ 1066 if (tty) { 1067 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1068 if (!C_CLOCAL(tty)) 1069 tty_hangup(tty); 1070 } 1071 if (brk & 0x01) 1072 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1073 dlci->modem_rx = mlines; 1074 } 1075 1076 /** 1077 * gsm_control_modem - modem status received 1078 * @gsm: GSM channel 1079 * @data: data following command 1080 * @clen: command length 1081 * 1082 * We have received a modem status control message. This is used by 1083 * the GSM mux protocol to pass virtual modem line status and optionally 1084 * to indicate break signals. Unpack it, convert to Linux representation 1085 * and if need be stuff a break message down the tty. 1086 */ 1087 1088 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1089 { 1090 unsigned int addr = 0; 1091 unsigned int modem = 0; 1092 unsigned int brk = 0; 1093 struct gsm_dlci *dlci; 1094 int len = clen; 1095 const u8 *dp = data; 1096 struct tty_struct *tty; 1097 1098 while (gsm_read_ea(&addr, *dp++) == 0) { 1099 len--; 1100 if (len == 0) 1101 return; 1102 } 1103 /* Must be at least one byte following the EA */ 1104 len--; 1105 if (len <= 0) 1106 return; 1107 1108 addr >>= 1; 1109 /* Closed port, or invalid ? */ 1110 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1111 return; 1112 dlci = gsm->dlci[addr]; 1113 1114 while (gsm_read_ea(&modem, *dp++) == 0) { 1115 len--; 1116 if (len == 0) 1117 return; 1118 } 1119 len--; 1120 if (len > 0) { 1121 while (gsm_read_ea(&brk, *dp++) == 0) { 1122 len--; 1123 if (len == 0) 1124 return; 1125 } 1126 modem <<= 7; 1127 modem |= (brk & 0x7f); 1128 } 1129 tty = tty_port_tty_get(&dlci->port); 1130 gsm_process_modem(tty, dlci, modem, clen); 1131 if (tty) { 1132 tty_wakeup(tty); 1133 tty_kref_put(tty); 1134 } 1135 gsm_control_reply(gsm, CMD_MSC, data, clen); 1136 } 1137 1138 /** 1139 * gsm_control_rls - remote line status 1140 * @gsm: GSM channel 1141 * @data: data bytes 1142 * @clen: data length 1143 * 1144 * The modem sends us a two byte message on the control channel whenever 1145 * it wishes to send us an error state from the virtual link. Stuff 1146 * this into the uplink tty if present 1147 */ 1148 1149 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1150 { 1151 struct tty_port *port; 1152 unsigned int addr = 0; 1153 u8 bits; 1154 int len = clen; 1155 const u8 *dp = data; 1156 1157 while (gsm_read_ea(&addr, *dp++) == 0) { 1158 len--; 1159 if (len == 0) 1160 return; 1161 } 1162 /* Must be at least one byte following ea */ 1163 len--; 1164 if (len <= 0) 1165 return; 1166 addr >>= 1; 1167 /* Closed port, or invalid ? */ 1168 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1169 return; 1170 /* No error ? */ 1171 bits = *dp; 1172 if ((bits & 1) == 0) 1173 return; 1174 1175 port = &gsm->dlci[addr]->port; 1176 1177 if (bits & 2) 1178 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1179 if (bits & 4) 1180 tty_insert_flip_char(port, 0, TTY_PARITY); 1181 if (bits & 8) 1182 tty_insert_flip_char(port, 0, TTY_FRAME); 1183 1184 tty_flip_buffer_push(port); 1185 1186 gsm_control_reply(gsm, CMD_RLS, data, clen); 1187 } 1188 1189 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1190 static void gsm_dlci_close(struct gsm_dlci *dlci); 1191 1192 /** 1193 * gsm_control_message - DLCI 0 control processing 1194 * @gsm: our GSM mux 1195 * @command: the command EA 1196 * @data: data beyond the command/length EAs 1197 * @clen: length 1198 * 1199 * Input processor for control messages from the other end of the link. 1200 * Processes the incoming request and queues a response frame or an 1201 * NSC response if not supported 1202 */ 1203 1204 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1205 const u8 *data, int clen) 1206 { 1207 u8 buf[1]; 1208 unsigned long flags; 1209 struct gsm_dlci *dlci; 1210 int i; 1211 int address; 1212 1213 switch (command) { 1214 case CMD_CLD: { 1215 if (addr_cnt > 0) { 1216 for (i = 0; i < addr_cnt; i++) { 1217 address = addr_open[i]; 1218 dlci = gsm->dlci[address]; 1219 gsm_dlci_close(dlci); 1220 addr_open[i] = 0; 1221 } 1222 } 1223 /* Modem wishes to close down */ 1224 dlci = gsm->dlci[0]; 1225 if (dlci) { 1226 dlci->dead = true; 1227 gsm->dead = true; 1228 gsm_dlci_close(dlci); 1229 addr_cnt = 0; 1230 gsm_response(gsm, 0, UA|PF); 1231 } 1232 } 1233 break; 1234 case CMD_TEST: 1235 /* Modem wishes to test, reply with the data */ 1236 gsm_control_reply(gsm, CMD_TEST, data, clen); 1237 break; 1238 case CMD_FCON: 1239 /* Modem can accept data again */ 1240 gsm->constipated = false; 1241 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1242 /* Kick the link in case it is idling */ 1243 spin_lock_irqsave(&gsm->tx_lock, flags); 1244 gsm_data_kick(gsm, NULL); 1245 spin_unlock_irqrestore(&gsm->tx_lock, flags); 1246 break; 1247 case CMD_FCOFF: 1248 /* Modem wants us to STFU */ 1249 gsm->constipated = true; 1250 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1251 break; 1252 case CMD_MSC: 1253 /* Out of band modem line change indicator for a DLCI */ 1254 gsm_control_modem(gsm, data, clen); 1255 break; 1256 case CMD_RLS: 1257 /* Out of band error reception for a DLCI */ 1258 gsm_control_rls(gsm, data, clen); 1259 break; 1260 case CMD_PSC: 1261 /* Modem wishes to enter power saving state */ 1262 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1263 break; 1264 /* Optional unsupported commands */ 1265 case CMD_PN: /* Parameter negotiation */ 1266 case CMD_RPN: /* Remote port negotiation */ 1267 case CMD_SNC: /* Service negotiation command */ 1268 default: 1269 /* Reply to bad commands with an NSC */ 1270 buf[0] = command; 1271 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1272 break; 1273 } 1274 } 1275 1276 /** 1277 * gsm_control_response - process a response to our control 1278 * @gsm: our GSM mux 1279 * @command: the command (response) EA 1280 * @data: data beyond the command/length EA 1281 * @clen: length 1282 * 1283 * Process a response to an outstanding command. We only allow a single 1284 * control message in flight so this is fairly easy. All the clean up 1285 * is done by the caller, we just update the fields, flag it as done 1286 * and return 1287 */ 1288 1289 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1290 const u8 *data, int clen) 1291 { 1292 struct gsm_control *ctrl; 1293 unsigned long flags; 1294 1295 spin_lock_irqsave(&gsm->control_lock, flags); 1296 1297 ctrl = gsm->pending_cmd; 1298 /* Does the reply match our command */ 1299 command |= 1; 1300 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1301 /* Our command was replied to, kill the retry timer */ 1302 del_timer(&gsm->t2_timer); 1303 gsm->pending_cmd = NULL; 1304 /* Rejected by the other end */ 1305 if (command == CMD_NSC) 1306 ctrl->error = -EOPNOTSUPP; 1307 ctrl->done = 1; 1308 wake_up(&gsm->event); 1309 } 1310 spin_unlock_irqrestore(&gsm->control_lock, flags); 1311 } 1312 1313 /** 1314 * gsm_control_transmit - send control packet 1315 * @gsm: gsm mux 1316 * @ctrl: frame to send 1317 * 1318 * Send out a pending control command (called under control lock) 1319 */ 1320 1321 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 1322 { 1323 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype); 1324 if (msg == NULL) 1325 return; 1326 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */ 1327 memcpy(msg->data + 1, ctrl->data, ctrl->len); 1328 gsm_data_queue(gsm->dlci[0], msg); 1329 } 1330 1331 /** 1332 * gsm_control_retransmit - retransmit a control frame 1333 * @t: timer contained in our gsm object 1334 * 1335 * Called off the T2 timer expiry in order to retransmit control frames 1336 * that have been lost in the system somewhere. The control_lock protects 1337 * us from colliding with another sender or a receive completion event. 1338 * In that situation the timer may still occur in a small window but 1339 * gsm->pending_cmd will be NULL and we just let the timer expire. 1340 */ 1341 1342 static void gsm_control_retransmit(struct timer_list *t) 1343 { 1344 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer); 1345 struct gsm_control *ctrl; 1346 unsigned long flags; 1347 spin_lock_irqsave(&gsm->control_lock, flags); 1348 ctrl = gsm->pending_cmd; 1349 if (ctrl) { 1350 gsm->cretries--; 1351 if (gsm->cretries == 0) { 1352 gsm->pending_cmd = NULL; 1353 ctrl->error = -ETIMEDOUT; 1354 ctrl->done = 1; 1355 spin_unlock_irqrestore(&gsm->control_lock, flags); 1356 wake_up(&gsm->event); 1357 return; 1358 } 1359 gsm_control_transmit(gsm, ctrl); 1360 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1361 } 1362 spin_unlock_irqrestore(&gsm->control_lock, flags); 1363 } 1364 1365 /** 1366 * gsm_control_send - send a control frame on DLCI 0 1367 * @gsm: the GSM channel 1368 * @command: command to send including CR bit 1369 * @data: bytes of data (must be kmalloced) 1370 * @clen: length of the block to send 1371 * 1372 * Queue and dispatch a control command. Only one command can be 1373 * active at a time. In theory more can be outstanding but the matching 1374 * gets really complicated so for now stick to one outstanding. 1375 */ 1376 1377 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 1378 unsigned int command, u8 *data, int clen) 1379 { 1380 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), 1381 GFP_KERNEL); 1382 unsigned long flags; 1383 if (ctrl == NULL) 1384 return NULL; 1385 retry: 1386 wait_event(gsm->event, gsm->pending_cmd == NULL); 1387 spin_lock_irqsave(&gsm->control_lock, flags); 1388 if (gsm->pending_cmd != NULL) { 1389 spin_unlock_irqrestore(&gsm->control_lock, flags); 1390 goto retry; 1391 } 1392 ctrl->cmd = command; 1393 ctrl->data = data; 1394 ctrl->len = clen; 1395 gsm->pending_cmd = ctrl; 1396 1397 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 1398 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 1399 gsm->cretries = 1; 1400 else 1401 gsm->cretries = gsm->n2; 1402 1403 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1404 gsm_control_transmit(gsm, ctrl); 1405 spin_unlock_irqrestore(&gsm->control_lock, flags); 1406 return ctrl; 1407 } 1408 1409 /** 1410 * gsm_control_wait - wait for a control to finish 1411 * @gsm: GSM mux 1412 * @control: control we are waiting on 1413 * 1414 * Waits for the control to complete or time out. Frees any used 1415 * resources and returns 0 for success, or an error if the remote 1416 * rejected or ignored the request. 1417 */ 1418 1419 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 1420 { 1421 int err; 1422 wait_event(gsm->event, control->done == 1); 1423 err = control->error; 1424 kfree(control); 1425 return err; 1426 } 1427 1428 1429 /* 1430 * DLCI level handling: Needs krefs 1431 */ 1432 1433 /* 1434 * State transitions and timers 1435 */ 1436 1437 /** 1438 * gsm_dlci_close - a DLCI has closed 1439 * @dlci: DLCI that closed 1440 * 1441 * Perform processing when moving a DLCI into closed state. If there 1442 * is an attached tty this is hung up 1443 */ 1444 1445 static void gsm_dlci_close(struct gsm_dlci *dlci) 1446 { 1447 del_timer(&dlci->t1); 1448 if (debug & 8) 1449 pr_debug("DLCI %d goes closed.\n", dlci->addr); 1450 dlci->state = DLCI_CLOSED; 1451 if (dlci->addr != 0) { 1452 tty_port_tty_hangup(&dlci->port, false); 1453 kfifo_reset(&dlci->fifo); 1454 } else 1455 dlci->gsm->dead = true; 1456 /* Unregister gsmtty driver,report gsmtty dev remove uevent for user */ 1457 tty_unregister_device(gsm_tty_driver, dlci->addr); 1458 wake_up(&dlci->gsm->event); 1459 /* A DLCI 0 close is a MUX termination so we need to kick that 1460 back to userspace somehow */ 1461 } 1462 1463 /** 1464 * gsm_dlci_open - a DLCI has opened 1465 * @dlci: DLCI that opened 1466 * 1467 * Perform processing when moving a DLCI into open state. 1468 */ 1469 1470 static void gsm_dlci_open(struct gsm_dlci *dlci) 1471 { 1472 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 1473 open -> open */ 1474 del_timer(&dlci->t1); 1475 /* This will let a tty open continue */ 1476 dlci->state = DLCI_OPEN; 1477 if (debug & 8) 1478 pr_debug("DLCI %d goes open.\n", dlci->addr); 1479 /* Register gsmtty driver,report gsmtty dev add uevent for user */ 1480 tty_register_device(gsm_tty_driver, dlci->addr, NULL); 1481 wake_up(&dlci->gsm->event); 1482 } 1483 1484 /** 1485 * gsm_dlci_t1 - T1 timer expiry 1486 * @t: timer contained in the DLCI that opened 1487 * 1488 * The T1 timer handles retransmits of control frames (essentially of 1489 * SABM and DISC). We resend the command until the retry count runs out 1490 * in which case an opening port goes back to closed and a closing port 1491 * is simply put into closed state (any further frames from the other 1492 * end will get a DM response) 1493 * 1494 * Some control dlci can stay in ADM mode with other dlci working just 1495 * fine. In that case we can just keep the control dlci open after the 1496 * DLCI_OPENING retries time out. 1497 */ 1498 1499 static void gsm_dlci_t1(struct timer_list *t) 1500 { 1501 struct gsm_dlci *dlci = from_timer(dlci, t, t1); 1502 struct gsm_mux *gsm = dlci->gsm; 1503 1504 switch (dlci->state) { 1505 case DLCI_OPENING: 1506 dlci->retries--; 1507 if (dlci->retries) { 1508 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1509 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1510 } else if (!dlci->addr && gsm->control == (DM | PF)) { 1511 if (debug & 8) 1512 pr_info("DLCI %d opening in ADM mode.\n", 1513 dlci->addr); 1514 dlci->mode = DLCI_MODE_ADM; 1515 gsm_dlci_open(dlci); 1516 } else { 1517 gsm_dlci_close(dlci); 1518 } 1519 1520 break; 1521 case DLCI_CLOSING: 1522 dlci->retries--; 1523 if (dlci->retries) { 1524 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1525 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1526 } else 1527 gsm_dlci_close(dlci); 1528 break; 1529 default: 1530 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 1531 break; 1532 } 1533 } 1534 1535 /** 1536 * gsm_dlci_begin_open - start channel open procedure 1537 * @dlci: DLCI to open 1538 * 1539 * Commence opening a DLCI from the Linux side. We issue SABM messages 1540 * to the modem which should then reply with a UA or ADM, at which point 1541 * we will move into open state. Opening is done asynchronously with retry 1542 * running off timers and the responses. 1543 */ 1544 1545 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 1546 { 1547 struct gsm_mux *gsm = dlci->gsm; 1548 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING) 1549 return; 1550 dlci->retries = gsm->n2; 1551 dlci->state = DLCI_OPENING; 1552 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1553 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1554 } 1555 1556 /** 1557 * gsm_dlci_begin_close - start channel open procedure 1558 * @dlci: DLCI to open 1559 * 1560 * Commence closing a DLCI from the Linux side. We issue DISC messages 1561 * to the modem which should then reply with a UA, at which point we 1562 * will move into closed state. Closing is done asynchronously with retry 1563 * off timers. We may also receive a DM reply from the other end which 1564 * indicates the channel was already closed. 1565 */ 1566 1567 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 1568 { 1569 struct gsm_mux *gsm = dlci->gsm; 1570 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 1571 return; 1572 dlci->retries = gsm->n2; 1573 dlci->state = DLCI_CLOSING; 1574 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1575 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1576 } 1577 1578 /** 1579 * gsm_dlci_data - data arrived 1580 * @dlci: channel 1581 * @data: block of bytes received 1582 * @clen: length of received block 1583 * 1584 * A UI or UIH frame has arrived which contains data for a channel 1585 * other than the control channel. If the relevant virtual tty is 1586 * open we shovel the bits down it, if not we drop them. 1587 */ 1588 1589 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 1590 { 1591 /* krefs .. */ 1592 struct tty_port *port = &dlci->port; 1593 struct tty_struct *tty; 1594 unsigned int modem = 0; 1595 int len = clen; 1596 1597 if (debug & 16) 1598 pr_debug("%d bytes for tty\n", len); 1599 switch (dlci->adaption) { 1600 /* Unsupported types */ 1601 case 4: /* Packetised interruptible data */ 1602 break; 1603 case 3: /* Packetised uininterruptible voice/data */ 1604 break; 1605 case 2: /* Asynchronous serial with line state in each frame */ 1606 while (gsm_read_ea(&modem, *data++) == 0) { 1607 len--; 1608 if (len == 0) 1609 return; 1610 } 1611 tty = tty_port_tty_get(port); 1612 if (tty) { 1613 gsm_process_modem(tty, dlci, modem, clen); 1614 tty_kref_put(tty); 1615 } 1616 fallthrough; 1617 case 1: /* Line state will go via DLCI 0 controls only */ 1618 default: 1619 tty_insert_flip_string(port, data, len); 1620 tty_flip_buffer_push(port); 1621 } 1622 } 1623 1624 /** 1625 * gsm_dlci_command - data arrived on control channel 1626 * @dlci: channel 1627 * @data: block of bytes received 1628 * @len: length of received block 1629 * 1630 * A UI or UIH frame has arrived which contains data for DLCI 0 the 1631 * control channel. This should contain a command EA followed by 1632 * control data bytes. The command EA contains a command/response bit 1633 * and we divide up the work accordingly. 1634 */ 1635 1636 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 1637 { 1638 /* See what command is involved */ 1639 unsigned int command = 0; 1640 while (len-- > 0) { 1641 if (gsm_read_ea(&command, *data++) == 1) { 1642 int clen = *data++; 1643 len--; 1644 /* FIXME: this is properly an EA */ 1645 clen >>= 1; 1646 /* Malformed command ? */ 1647 if (clen > len) 1648 return; 1649 if (command & 1) 1650 gsm_control_message(dlci->gsm, command, 1651 data, clen); 1652 else 1653 gsm_control_response(dlci->gsm, command, 1654 data, clen); 1655 return; 1656 } 1657 } 1658 } 1659 1660 /* 1661 * Allocate/Free DLCI channels 1662 */ 1663 1664 /** 1665 * gsm_dlci_alloc - allocate a DLCI 1666 * @gsm: GSM mux 1667 * @addr: address of the DLCI 1668 * 1669 * Allocate and install a new DLCI object into the GSM mux. 1670 * 1671 * FIXME: review locking races 1672 */ 1673 1674 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 1675 { 1676 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC); 1677 if (dlci == NULL) 1678 return NULL; 1679 spin_lock_init(&dlci->lock); 1680 mutex_init(&dlci->mutex); 1681 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) { 1682 kfree(dlci); 1683 return NULL; 1684 } 1685 1686 skb_queue_head_init(&dlci->skb_list); 1687 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 1688 tty_port_init(&dlci->port); 1689 dlci->port.ops = &gsm_port_ops; 1690 dlci->gsm = gsm; 1691 dlci->addr = addr; 1692 dlci->adaption = gsm->adaption; 1693 dlci->state = DLCI_CLOSED; 1694 if (addr) 1695 dlci->data = gsm_dlci_data; 1696 else 1697 dlci->data = gsm_dlci_command; 1698 gsm->dlci[addr] = dlci; 1699 return dlci; 1700 } 1701 1702 /** 1703 * gsm_dlci_free - free DLCI 1704 * @port: tty port for DLCI to free 1705 * 1706 * Free up a DLCI. 1707 * 1708 * Can sleep. 1709 */ 1710 static void gsm_dlci_free(struct tty_port *port) 1711 { 1712 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 1713 1714 del_timer_sync(&dlci->t1); 1715 dlci->gsm->dlci[dlci->addr] = NULL; 1716 kfifo_free(&dlci->fifo); 1717 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 1718 dev_kfree_skb(dlci->skb); 1719 kfree(dlci); 1720 } 1721 1722 static inline void dlci_get(struct gsm_dlci *dlci) 1723 { 1724 tty_port_get(&dlci->port); 1725 } 1726 1727 static inline void dlci_put(struct gsm_dlci *dlci) 1728 { 1729 tty_port_put(&dlci->port); 1730 } 1731 1732 static void gsm_destroy_network(struct gsm_dlci *dlci); 1733 1734 /** 1735 * gsm_dlci_release - release DLCI 1736 * @dlci: DLCI to destroy 1737 * 1738 * Release a DLCI. Actual free is deferred until either 1739 * mux is closed or tty is closed - whichever is last. 1740 * 1741 * Can sleep. 1742 */ 1743 static void gsm_dlci_release(struct gsm_dlci *dlci) 1744 { 1745 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 1746 if (tty) { 1747 mutex_lock(&dlci->mutex); 1748 gsm_destroy_network(dlci); 1749 mutex_unlock(&dlci->mutex); 1750 1751 tty_hangup(tty); 1752 1753 tty_port_tty_set(&dlci->port, NULL); 1754 tty_kref_put(tty); 1755 } 1756 dlci->state = DLCI_CLOSED; 1757 dlci_put(dlci); 1758 } 1759 1760 /* 1761 * LAPBish link layer logic 1762 */ 1763 1764 /** 1765 * gsm_queue - a GSM frame is ready to process 1766 * @gsm: pointer to our gsm mux 1767 * 1768 * At this point in time a frame has arrived and been demangled from 1769 * the line encoding. All the differences between the encodings have 1770 * been handled below us and the frame is unpacked into the structures. 1771 * The fcs holds the header FCS but any data FCS must be added here. 1772 */ 1773 1774 static void gsm_queue(struct gsm_mux *gsm) 1775 { 1776 struct gsm_dlci *dlci; 1777 u8 cr; 1778 int address; 1779 int i, j, k, address_tmp; 1780 /* We have to sneak a look at the packet body to do the FCS. 1781 A somewhat layering violation in the spec */ 1782 1783 if ((gsm->control & ~PF) == UI) 1784 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len); 1785 if (gsm->encoding == 0) { 1786 /* WARNING: gsm->received_fcs is used for 1787 gsm->encoding = 0 only. 1788 In this case it contain the last piece of data 1789 required to generate final CRC */ 1790 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); 1791 } 1792 if (gsm->fcs != GOOD_FCS) { 1793 gsm->bad_fcs++; 1794 if (debug & 4) 1795 pr_debug("BAD FCS %02x\n", gsm->fcs); 1796 return; 1797 } 1798 address = gsm->address >> 1; 1799 if (address >= NUM_DLCI) 1800 goto invalid; 1801 1802 cr = gsm->address & 1; /* C/R bit */ 1803 1804 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 1805 1806 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */ 1807 dlci = gsm->dlci[address]; 1808 1809 switch (gsm->control) { 1810 case SABM|PF: 1811 if (cr == 1) 1812 goto invalid; 1813 if (dlci == NULL) 1814 dlci = gsm_dlci_alloc(gsm, address); 1815 if (dlci == NULL) 1816 return; 1817 if (dlci->dead) 1818 gsm_response(gsm, address, DM|PF); 1819 else { 1820 gsm_response(gsm, address, UA|PF); 1821 gsm_dlci_open(dlci); 1822 /* Save dlci open address */ 1823 if (address) { 1824 addr_open[addr_cnt] = address; 1825 addr_cnt++; 1826 } 1827 } 1828 break; 1829 case DISC|PF: 1830 if (cr == 1) 1831 goto invalid; 1832 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 1833 gsm_response(gsm, address, DM|PF); 1834 return; 1835 } 1836 /* Real close complete */ 1837 if (!address) { 1838 if (addr_cnt > 0) { 1839 for (i = 0; i < addr_cnt; i++) { 1840 address = addr_open[i]; 1841 dlci = gsm->dlci[address]; 1842 gsm_dlci_close(dlci); 1843 addr_open[i] = 0; 1844 } 1845 } 1846 dlci = gsm->dlci[0]; 1847 gsm_dlci_close(dlci); 1848 addr_cnt = 0; 1849 gsm_response(gsm, 0, UA|PF); 1850 } else { 1851 gsm_response(gsm, address, UA|PF); 1852 gsm_dlci_close(dlci); 1853 /* clear dlci address */ 1854 for (j = 0; j < addr_cnt; j++) { 1855 address_tmp = addr_open[j]; 1856 if (address_tmp == address) { 1857 for (k = j; k < addr_cnt; k++) 1858 addr_open[k] = addr_open[k+1]; 1859 addr_cnt--; 1860 break; 1861 } 1862 } 1863 } 1864 break; 1865 case UA: 1866 case UA|PF: 1867 if (cr == 0 || dlci == NULL) 1868 break; 1869 switch (dlci->state) { 1870 case DLCI_CLOSING: 1871 gsm_dlci_close(dlci); 1872 break; 1873 case DLCI_OPENING: 1874 gsm_dlci_open(dlci); 1875 break; 1876 default: 1877 pr_debug("%s: unhandled state: %d\n", __func__, 1878 dlci->state); 1879 break; 1880 } 1881 break; 1882 case DM: /* DM can be valid unsolicited */ 1883 case DM|PF: 1884 if (cr) 1885 goto invalid; 1886 if (dlci == NULL) 1887 return; 1888 gsm_dlci_close(dlci); 1889 break; 1890 case UI: 1891 case UI|PF: 1892 case UIH: 1893 case UIH|PF: 1894 #if 0 1895 if (cr) 1896 goto invalid; 1897 #endif 1898 if (dlci == NULL || dlci->state != DLCI_OPEN) { 1899 gsm_command(gsm, address, DM|PF); 1900 return; 1901 } 1902 dlci->data(dlci, gsm->buf, gsm->len); 1903 break; 1904 default: 1905 goto invalid; 1906 } 1907 return; 1908 invalid: 1909 gsm->malformed++; 1910 return; 1911 } 1912 1913 1914 /** 1915 * gsm0_receive - perform processing for non-transparency 1916 * @gsm: gsm data for this ldisc instance 1917 * @c: character 1918 * 1919 * Receive bytes in gsm mode 0 1920 */ 1921 1922 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c) 1923 { 1924 unsigned int len; 1925 1926 switch (gsm->state) { 1927 case GSM_SEARCH: /* SOF marker */ 1928 if (c == GSM0_SOF) { 1929 gsm->state = GSM_ADDRESS; 1930 gsm->address = 0; 1931 gsm->len = 0; 1932 gsm->fcs = INIT_FCS; 1933 } 1934 break; 1935 case GSM_ADDRESS: /* Address EA */ 1936 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1937 if (gsm_read_ea(&gsm->address, c)) 1938 gsm->state = GSM_CONTROL; 1939 break; 1940 case GSM_CONTROL: /* Control Byte */ 1941 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1942 gsm->control = c; 1943 gsm->state = GSM_LEN0; 1944 break; 1945 case GSM_LEN0: /* Length EA */ 1946 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1947 if (gsm_read_ea(&gsm->len, c)) { 1948 if (gsm->len > gsm->mru) { 1949 gsm->bad_size++; 1950 gsm->state = GSM_SEARCH; 1951 break; 1952 } 1953 gsm->count = 0; 1954 if (!gsm->len) 1955 gsm->state = GSM_FCS; 1956 else 1957 gsm->state = GSM_DATA; 1958 break; 1959 } 1960 gsm->state = GSM_LEN1; 1961 break; 1962 case GSM_LEN1: 1963 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1964 len = c; 1965 gsm->len |= len << 7; 1966 if (gsm->len > gsm->mru) { 1967 gsm->bad_size++; 1968 gsm->state = GSM_SEARCH; 1969 break; 1970 } 1971 gsm->count = 0; 1972 if (!gsm->len) 1973 gsm->state = GSM_FCS; 1974 else 1975 gsm->state = GSM_DATA; 1976 break; 1977 case GSM_DATA: /* Data */ 1978 gsm->buf[gsm->count++] = c; 1979 if (gsm->count == gsm->len) 1980 gsm->state = GSM_FCS; 1981 break; 1982 case GSM_FCS: /* FCS follows the packet */ 1983 gsm->received_fcs = c; 1984 gsm_queue(gsm); 1985 gsm->state = GSM_SSOF; 1986 break; 1987 case GSM_SSOF: 1988 if (c == GSM0_SOF) { 1989 gsm->state = GSM_SEARCH; 1990 break; 1991 } 1992 break; 1993 default: 1994 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 1995 break; 1996 } 1997 } 1998 1999 /** 2000 * gsm1_receive - perform processing for non-transparency 2001 * @gsm: gsm data for this ldisc instance 2002 * @c: character 2003 * 2004 * Receive bytes in mode 1 (Advanced option) 2005 */ 2006 2007 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c) 2008 { 2009 if (c == GSM1_SOF) { 2010 /* EOF is only valid in frame if we have got to the data state 2011 and received at least one byte (the FCS) */ 2012 if (gsm->state == GSM_DATA && gsm->count) { 2013 /* Extract the FCS */ 2014 gsm->count--; 2015 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 2016 gsm->len = gsm->count; 2017 gsm_queue(gsm); 2018 gsm->state = GSM_START; 2019 return; 2020 } 2021 /* Any partial frame was a runt so go back to start */ 2022 if (gsm->state != GSM_START) { 2023 gsm->malformed++; 2024 gsm->state = GSM_START; 2025 } 2026 /* A SOF in GSM_START means we are still reading idling or 2027 framing bytes */ 2028 return; 2029 } 2030 2031 if (c == GSM1_ESCAPE) { 2032 gsm->escape = true; 2033 return; 2034 } 2035 2036 /* Only an unescaped SOF gets us out of GSM search */ 2037 if (gsm->state == GSM_SEARCH) 2038 return; 2039 2040 if (gsm->escape) { 2041 c ^= GSM1_ESCAPE_BITS; 2042 gsm->escape = false; 2043 } 2044 switch (gsm->state) { 2045 case GSM_START: /* First byte after SOF */ 2046 gsm->address = 0; 2047 gsm->state = GSM_ADDRESS; 2048 gsm->fcs = INIT_FCS; 2049 fallthrough; 2050 case GSM_ADDRESS: /* Address continuation */ 2051 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2052 if (gsm_read_ea(&gsm->address, c)) 2053 gsm->state = GSM_CONTROL; 2054 break; 2055 case GSM_CONTROL: /* Control Byte */ 2056 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2057 gsm->control = c; 2058 gsm->count = 0; 2059 gsm->state = GSM_DATA; 2060 break; 2061 case GSM_DATA: /* Data */ 2062 if (gsm->count > gsm->mru) { /* Allow one for the FCS */ 2063 gsm->state = GSM_OVERRUN; 2064 gsm->bad_size++; 2065 } else 2066 gsm->buf[gsm->count++] = c; 2067 break; 2068 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */ 2069 break; 2070 default: 2071 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2072 break; 2073 } 2074 } 2075 2076 /** 2077 * gsm_error - handle tty error 2078 * @gsm: ldisc data 2079 * 2080 * Handle an error in the receipt of data for a frame. Currently we just 2081 * go back to hunting for a SOF. 2082 * 2083 * FIXME: better diagnostics ? 2084 */ 2085 2086 static void gsm_error(struct gsm_mux *gsm) 2087 { 2088 gsm->state = GSM_SEARCH; 2089 gsm->io_error++; 2090 } 2091 2092 static int gsm_disconnect(struct gsm_mux *gsm) 2093 { 2094 struct gsm_dlci *dlci = gsm->dlci[0]; 2095 struct gsm_control *gc; 2096 2097 if (!dlci) 2098 return 0; 2099 2100 /* In theory disconnecting DLCI 0 is sufficient but for some 2101 modems this is apparently not the case. */ 2102 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0); 2103 if (gc) 2104 gsm_control_wait(gsm, gc); 2105 2106 del_timer_sync(&gsm->t2_timer); 2107 /* Now we are sure T2 has stopped */ 2108 2109 gsm_dlci_begin_close(dlci); 2110 wait_event_interruptible(gsm->event, 2111 dlci->state == DLCI_CLOSED); 2112 2113 if (signal_pending(current)) 2114 return -EINTR; 2115 2116 return 0; 2117 } 2118 2119 /** 2120 * gsm_cleanup_mux - generic GSM protocol cleanup 2121 * @gsm: our mux 2122 * 2123 * Clean up the bits of the mux which are the same for all framing 2124 * protocols. Remove the mux from the mux table, stop all the timers 2125 * and then shut down each device hanging up the channels as we go. 2126 */ 2127 2128 static void gsm_cleanup_mux(struct gsm_mux *gsm) 2129 { 2130 int i; 2131 struct gsm_dlci *dlci = gsm->dlci[0]; 2132 struct gsm_msg *txq, *ntxq; 2133 2134 gsm->dead = true; 2135 2136 spin_lock(&gsm_mux_lock); 2137 for (i = 0; i < MAX_MUX; i++) { 2138 if (gsm_mux[i] == gsm) { 2139 gsm_mux[i] = NULL; 2140 break; 2141 } 2142 } 2143 spin_unlock(&gsm_mux_lock); 2144 /* open failed before registering => nothing to do */ 2145 if (i == MAX_MUX) 2146 return; 2147 2148 del_timer_sync(&gsm->t2_timer); 2149 /* Now we are sure T2 has stopped */ 2150 if (dlci) 2151 dlci->dead = true; 2152 2153 /* Free up any link layer users */ 2154 mutex_lock(&gsm->mutex); 2155 for (i = 0; i < NUM_DLCI; i++) 2156 if (gsm->dlci[i]) 2157 gsm_dlci_release(gsm->dlci[i]); 2158 mutex_unlock(&gsm->mutex); 2159 /* Now wipe the queues */ 2160 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list) 2161 kfree(txq); 2162 INIT_LIST_HEAD(&gsm->tx_list); 2163 } 2164 2165 /** 2166 * gsm_activate_mux - generic GSM setup 2167 * @gsm: our mux 2168 * 2169 * Set up the bits of the mux which are the same for all framing 2170 * protocols. Add the mux to the mux table so it can be opened and 2171 * finally kick off connecting to DLCI 0 on the modem. 2172 */ 2173 2174 static int gsm_activate_mux(struct gsm_mux *gsm) 2175 { 2176 struct gsm_dlci *dlci; 2177 int i = 0; 2178 2179 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 2180 init_waitqueue_head(&gsm->event); 2181 spin_lock_init(&gsm->control_lock); 2182 spin_lock_init(&gsm->tx_lock); 2183 2184 if (gsm->encoding == 0) 2185 gsm->receive = gsm0_receive; 2186 else 2187 gsm->receive = gsm1_receive; 2188 2189 spin_lock(&gsm_mux_lock); 2190 for (i = 0; i < MAX_MUX; i++) { 2191 if (gsm_mux[i] == NULL) { 2192 gsm->num = i; 2193 gsm_mux[i] = gsm; 2194 break; 2195 } 2196 } 2197 spin_unlock(&gsm_mux_lock); 2198 if (i == MAX_MUX) 2199 return -EBUSY; 2200 2201 dlci = gsm_dlci_alloc(gsm, 0); 2202 if (dlci == NULL) 2203 return -ENOMEM; 2204 gsm->dead = false; /* Tty opens are now permissible */ 2205 return 0; 2206 } 2207 2208 /** 2209 * gsm_free_mux - free up a mux 2210 * @gsm: mux to free 2211 * 2212 * Dispose of allocated resources for a dead mux 2213 */ 2214 static void gsm_free_mux(struct gsm_mux *gsm) 2215 { 2216 kfree(gsm->txframe); 2217 kfree(gsm->buf); 2218 kfree(gsm); 2219 } 2220 2221 /** 2222 * gsm_free_muxr - free up a mux 2223 * @ref: kreference to the mux to free 2224 * 2225 * Dispose of allocated resources for a dead mux 2226 */ 2227 static void gsm_free_muxr(struct kref *ref) 2228 { 2229 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 2230 gsm_free_mux(gsm); 2231 } 2232 2233 static inline void mux_get(struct gsm_mux *gsm) 2234 { 2235 kref_get(&gsm->ref); 2236 } 2237 2238 static inline void mux_put(struct gsm_mux *gsm) 2239 { 2240 kref_put(&gsm->ref, gsm_free_muxr); 2241 } 2242 2243 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 2244 { 2245 return gsm->num * NUM_DLCI; 2246 } 2247 2248 static inline unsigned int mux_line_to_num(unsigned int line) 2249 { 2250 return line / NUM_DLCI; 2251 } 2252 2253 /** 2254 * gsm_alloc_mux - allocate a mux 2255 * 2256 * Creates a new mux ready for activation. 2257 */ 2258 2259 static struct gsm_mux *gsm_alloc_mux(void) 2260 { 2261 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL); 2262 if (gsm == NULL) 2263 return NULL; 2264 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 2265 if (gsm->buf == NULL) { 2266 kfree(gsm); 2267 return NULL; 2268 } 2269 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL); 2270 if (gsm->txframe == NULL) { 2271 kfree(gsm->buf); 2272 kfree(gsm); 2273 return NULL; 2274 } 2275 spin_lock_init(&gsm->lock); 2276 mutex_init(&gsm->mutex); 2277 kref_init(&gsm->ref); 2278 INIT_LIST_HEAD(&gsm->tx_list); 2279 2280 gsm->t1 = T1; 2281 gsm->t2 = T2; 2282 gsm->n2 = N2; 2283 gsm->ftype = UIH; 2284 gsm->adaption = 1; 2285 gsm->encoding = 1; 2286 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 2287 gsm->mtu = 64; 2288 gsm->dead = true; /* Avoid early tty opens */ 2289 2290 return gsm; 2291 } 2292 2293 static void gsm_copy_config_values(struct gsm_mux *gsm, 2294 struct gsm_config *c) 2295 { 2296 memset(c, 0, sizeof(*c)); 2297 c->adaption = gsm->adaption; 2298 c->encapsulation = gsm->encoding; 2299 c->initiator = gsm->initiator; 2300 c->t1 = gsm->t1; 2301 c->t2 = gsm->t2; 2302 c->t3 = 0; /* Not supported */ 2303 c->n2 = gsm->n2; 2304 if (gsm->ftype == UIH) 2305 c->i = 1; 2306 else 2307 c->i = 2; 2308 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 2309 c->mru = gsm->mru; 2310 c->mtu = gsm->mtu; 2311 c->k = 0; 2312 } 2313 2314 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 2315 { 2316 int need_close = 0; 2317 int need_restart = 0; 2318 2319 /* Stuff we don't support yet - UI or I frame transport, windowing */ 2320 if ((c->adaption != 1 && c->adaption != 2) || c->k) 2321 return -EOPNOTSUPP; 2322 /* Check the MRU/MTU range looks sane */ 2323 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8) 2324 return -EINVAL; 2325 if (c->n2 < 3) 2326 return -EINVAL; 2327 if (c->encapsulation > 1) /* Basic, advanced, no I */ 2328 return -EINVAL; 2329 if (c->initiator > 1) 2330 return -EINVAL; 2331 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 2332 return -EINVAL; 2333 /* 2334 * See what is needed for reconfiguration 2335 */ 2336 2337 /* Timing fields */ 2338 if (c->t1 != 0 && c->t1 != gsm->t1) 2339 need_restart = 1; 2340 if (c->t2 != 0 && c->t2 != gsm->t2) 2341 need_restart = 1; 2342 if (c->encapsulation != gsm->encoding) 2343 need_restart = 1; 2344 if (c->adaption != gsm->adaption) 2345 need_restart = 1; 2346 /* Requires care */ 2347 if (c->initiator != gsm->initiator) 2348 need_close = 1; 2349 if (c->mru != gsm->mru) 2350 need_restart = 1; 2351 if (c->mtu != gsm->mtu) 2352 need_restart = 1; 2353 2354 /* 2355 * Close down what is needed, restart and initiate the new 2356 * configuration 2357 */ 2358 2359 if (gsm->initiator && (need_close || need_restart)) { 2360 int ret; 2361 2362 ret = gsm_disconnect(gsm); 2363 2364 if (ret) 2365 return ret; 2366 } 2367 if (need_restart) 2368 gsm_cleanup_mux(gsm); 2369 2370 gsm->initiator = c->initiator; 2371 gsm->mru = c->mru; 2372 gsm->mtu = c->mtu; 2373 gsm->encoding = c->encapsulation; 2374 gsm->adaption = c->adaption; 2375 gsm->n2 = c->n2; 2376 2377 if (c->i == 1) 2378 gsm->ftype = UIH; 2379 else if (c->i == 2) 2380 gsm->ftype = UI; 2381 2382 if (c->t1) 2383 gsm->t1 = c->t1; 2384 if (c->t2) 2385 gsm->t2 = c->t2; 2386 2387 /* 2388 * FIXME: We need to separate activation/deactivation from adding 2389 * and removing from the mux array 2390 */ 2391 if (need_restart) 2392 gsm_activate_mux(gsm); 2393 if (gsm->initiator && need_close) 2394 gsm_dlci_begin_open(gsm->dlci[0]); 2395 return 0; 2396 } 2397 2398 /** 2399 * gsmld_output - write to link 2400 * @gsm: our mux 2401 * @data: bytes to output 2402 * @len: size 2403 * 2404 * Write a block of data from the GSM mux to the data channel. This 2405 * will eventually be serialized from above but at the moment isn't. 2406 */ 2407 2408 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 2409 { 2410 if (tty_write_room(gsm->tty) < len) { 2411 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 2412 return -ENOSPC; 2413 } 2414 if (debug & 4) 2415 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET, 2416 data, len); 2417 return gsm->tty->ops->write(gsm->tty, data, len); 2418 } 2419 2420 /** 2421 * gsmld_attach_gsm - mode set up 2422 * @tty: our tty structure 2423 * @gsm: our mux 2424 * 2425 * Set up the MUX for basic mode and commence connecting to the 2426 * modem. Currently called from the line discipline set up but 2427 * will need moving to an ioctl path. 2428 */ 2429 2430 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2431 { 2432 unsigned int base; 2433 int ret, i; 2434 2435 gsm->tty = tty_kref_get(tty); 2436 ret = gsm_activate_mux(gsm); 2437 if (ret != 0) 2438 tty_kref_put(gsm->tty); 2439 else { 2440 /* Don't register device 0 - this is the control channel and not 2441 a usable tty interface */ 2442 if (gsm->initiator) { 2443 base = mux_num_to_base(gsm); /* Base for this MUX */ 2444 for (i = 1; i < NUM_DLCI; i++) { 2445 struct device *dev; 2446 2447 dev = tty_register_device(gsm_tty_driver, 2448 base + i, NULL); 2449 if (IS_ERR(dev)) { 2450 for (i--; i >= 1; i--) 2451 tty_unregister_device(gsm_tty_driver, 2452 base + i); 2453 return PTR_ERR(dev); 2454 } 2455 } 2456 } 2457 } 2458 return ret; 2459 } 2460 2461 2462 /** 2463 * gsmld_detach_gsm - stop doing 0710 mux 2464 * @tty: tty attached to the mux 2465 * @gsm: mux 2466 * 2467 * Shutdown and then clean up the resources used by the line discipline 2468 */ 2469 2470 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2471 { 2472 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */ 2473 int i; 2474 2475 WARN_ON(tty != gsm->tty); 2476 if (gsm->initiator) { 2477 for (i = 1; i < NUM_DLCI; i++) 2478 tty_unregister_device(gsm_tty_driver, base + i); 2479 } 2480 gsm_cleanup_mux(gsm); 2481 tty_kref_put(gsm->tty); 2482 gsm->tty = NULL; 2483 } 2484 2485 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp, 2486 const char *fp, int count) 2487 { 2488 struct gsm_mux *gsm = tty->disc_data; 2489 char flags = TTY_NORMAL; 2490 2491 if (debug & 4) 2492 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET, 2493 cp, count); 2494 2495 for (; count; count--, cp++) { 2496 if (fp) 2497 flags = *fp++; 2498 switch (flags) { 2499 case TTY_NORMAL: 2500 gsm->receive(gsm, *cp); 2501 break; 2502 case TTY_OVERRUN: 2503 case TTY_BREAK: 2504 case TTY_PARITY: 2505 case TTY_FRAME: 2506 gsm_error(gsm); 2507 break; 2508 default: 2509 WARN_ONCE(1, "%s: unknown flag %d\n", 2510 tty_name(tty), flags); 2511 break; 2512 } 2513 } 2514 /* FASYNC if needed ? */ 2515 /* If clogged call tty_throttle(tty); */ 2516 } 2517 2518 /** 2519 * gsmld_flush_buffer - clean input queue 2520 * @tty: terminal device 2521 * 2522 * Flush the input buffer. Called when the line discipline is 2523 * being closed, when the tty layer wants the buffer flushed (eg 2524 * at hangup). 2525 */ 2526 2527 static void gsmld_flush_buffer(struct tty_struct *tty) 2528 { 2529 } 2530 2531 /** 2532 * gsmld_close - close the ldisc for this tty 2533 * @tty: device 2534 * 2535 * Called from the terminal layer when this line discipline is 2536 * being shut down, either because of a close or becsuse of a 2537 * discipline change. The function will not be called while other 2538 * ldisc methods are in progress. 2539 */ 2540 2541 static void gsmld_close(struct tty_struct *tty) 2542 { 2543 struct gsm_mux *gsm = tty->disc_data; 2544 2545 gsmld_detach_gsm(tty, gsm); 2546 2547 gsmld_flush_buffer(tty); 2548 /* Do other clean up here */ 2549 mux_put(gsm); 2550 } 2551 2552 /** 2553 * gsmld_open - open an ldisc 2554 * @tty: terminal to open 2555 * 2556 * Called when this line discipline is being attached to the 2557 * terminal device. Can sleep. Called serialized so that no 2558 * other events will occur in parallel. No further open will occur 2559 * until a close. 2560 */ 2561 2562 static int gsmld_open(struct tty_struct *tty) 2563 { 2564 struct gsm_mux *gsm; 2565 int ret; 2566 2567 if (tty->ops->write == NULL) 2568 return -EINVAL; 2569 2570 /* Attach our ldisc data */ 2571 gsm = gsm_alloc_mux(); 2572 if (gsm == NULL) 2573 return -ENOMEM; 2574 2575 tty->disc_data = gsm; 2576 tty->receive_room = 65536; 2577 2578 /* Attach the initial passive connection */ 2579 gsm->encoding = 1; 2580 2581 ret = gsmld_attach_gsm(tty, gsm); 2582 if (ret != 0) { 2583 gsm_cleanup_mux(gsm); 2584 mux_put(gsm); 2585 } 2586 return ret; 2587 } 2588 2589 /** 2590 * gsmld_write_wakeup - asynchronous I/O notifier 2591 * @tty: tty device 2592 * 2593 * Required for the ptys, serial driver etc. since processes 2594 * that attach themselves to the master and rely on ASYNC 2595 * IO must be woken up 2596 */ 2597 2598 static void gsmld_write_wakeup(struct tty_struct *tty) 2599 { 2600 struct gsm_mux *gsm = tty->disc_data; 2601 unsigned long flags; 2602 2603 /* Queue poll */ 2604 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2605 spin_lock_irqsave(&gsm->tx_lock, flags); 2606 gsm_data_kick(gsm, NULL); 2607 if (gsm->tx_bytes < TX_THRESH_LO) { 2608 gsm_dlci_data_sweep(gsm); 2609 } 2610 spin_unlock_irqrestore(&gsm->tx_lock, flags); 2611 } 2612 2613 /** 2614 * gsmld_read - read function for tty 2615 * @tty: tty device 2616 * @file: file object 2617 * @buf: userspace buffer pointer 2618 * @nr: size of I/O 2619 * @cookie: unused 2620 * @offset: unused 2621 * 2622 * Perform reads for the line discipline. We are guaranteed that the 2623 * line discipline will not be closed under us but we may get multiple 2624 * parallel readers and must handle this ourselves. We may also get 2625 * a hangup. Always called in user context, may sleep. 2626 * 2627 * This code must be sure never to sleep through a hangup. 2628 */ 2629 2630 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, 2631 unsigned char *buf, size_t nr, 2632 void **cookie, unsigned long offset) 2633 { 2634 return -EOPNOTSUPP; 2635 } 2636 2637 /** 2638 * gsmld_write - write function for tty 2639 * @tty: tty device 2640 * @file: file object 2641 * @buf: userspace buffer pointer 2642 * @nr: size of I/O 2643 * 2644 * Called when the owner of the device wants to send a frame 2645 * itself (or some other control data). The data is transferred 2646 * as-is and must be properly framed and checksummed as appropriate 2647 * by userspace. Frames are either sent whole or not at all as this 2648 * avoids pain user side. 2649 */ 2650 2651 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 2652 const unsigned char *buf, size_t nr) 2653 { 2654 int space = tty_write_room(tty); 2655 if (space >= nr) 2656 return tty->ops->write(tty, buf, nr); 2657 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2658 return -ENOBUFS; 2659 } 2660 2661 /** 2662 * gsmld_poll - poll method for N_GSM0710 2663 * @tty: terminal device 2664 * @file: file accessing it 2665 * @wait: poll table 2666 * 2667 * Called when the line discipline is asked to poll() for data or 2668 * for special events. This code is not serialized with respect to 2669 * other events save open/close. 2670 * 2671 * This code must be sure never to sleep through a hangup. 2672 * Called without the kernel lock held - fine 2673 */ 2674 2675 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 2676 poll_table *wait) 2677 { 2678 __poll_t mask = 0; 2679 struct gsm_mux *gsm = tty->disc_data; 2680 2681 poll_wait(file, &tty->read_wait, wait); 2682 poll_wait(file, &tty->write_wait, wait); 2683 if (tty_hung_up_p(file)) 2684 mask |= EPOLLHUP; 2685 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 2686 mask |= EPOLLOUT | EPOLLWRNORM; 2687 if (gsm->dead) 2688 mask |= EPOLLHUP; 2689 return mask; 2690 } 2691 2692 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd, 2693 unsigned long arg) 2694 { 2695 struct gsm_config c; 2696 struct gsm_mux *gsm = tty->disc_data; 2697 unsigned int base; 2698 2699 switch (cmd) { 2700 case GSMIOC_GETCONF: 2701 gsm_copy_config_values(gsm, &c); 2702 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 2703 return -EFAULT; 2704 return 0; 2705 case GSMIOC_SETCONF: 2706 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 2707 return -EFAULT; 2708 return gsm_config(gsm, &c); 2709 case GSMIOC_GETFIRST: 2710 base = mux_num_to_base(gsm); 2711 return put_user(base + 1, (__u32 __user *)arg); 2712 default: 2713 return n_tty_ioctl_helper(tty, cmd, arg); 2714 } 2715 } 2716 2717 /* 2718 * Network interface 2719 * 2720 */ 2721 2722 static int gsm_mux_net_open(struct net_device *net) 2723 { 2724 pr_debug("%s called\n", __func__); 2725 netif_start_queue(net); 2726 return 0; 2727 } 2728 2729 static int gsm_mux_net_close(struct net_device *net) 2730 { 2731 netif_stop_queue(net); 2732 return 0; 2733 } 2734 2735 static void dlci_net_free(struct gsm_dlci *dlci) 2736 { 2737 if (!dlci->net) { 2738 WARN_ON(1); 2739 return; 2740 } 2741 dlci->adaption = dlci->prev_adaption; 2742 dlci->data = dlci->prev_data; 2743 free_netdev(dlci->net); 2744 dlci->net = NULL; 2745 } 2746 static void net_free(struct kref *ref) 2747 { 2748 struct gsm_mux_net *mux_net; 2749 struct gsm_dlci *dlci; 2750 2751 mux_net = container_of(ref, struct gsm_mux_net, ref); 2752 dlci = mux_net->dlci; 2753 2754 if (dlci->net) { 2755 unregister_netdev(dlci->net); 2756 dlci_net_free(dlci); 2757 } 2758 } 2759 2760 static inline void muxnet_get(struct gsm_mux_net *mux_net) 2761 { 2762 kref_get(&mux_net->ref); 2763 } 2764 2765 static inline void muxnet_put(struct gsm_mux_net *mux_net) 2766 { 2767 kref_put(&mux_net->ref, net_free); 2768 } 2769 2770 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 2771 struct net_device *net) 2772 { 2773 struct gsm_mux_net *mux_net = netdev_priv(net); 2774 struct gsm_dlci *dlci = mux_net->dlci; 2775 muxnet_get(mux_net); 2776 2777 skb_queue_head(&dlci->skb_list, skb); 2778 net->stats.tx_packets++; 2779 net->stats.tx_bytes += skb->len; 2780 gsm_dlci_data_kick(dlci); 2781 /* And tell the kernel when the last transmit started. */ 2782 netif_trans_update(net); 2783 muxnet_put(mux_net); 2784 return NETDEV_TX_OK; 2785 } 2786 2787 /* called when a packet did not ack after watchdogtimeout */ 2788 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 2789 { 2790 /* Tell syslog we are hosed. */ 2791 dev_dbg(&net->dev, "Tx timed out.\n"); 2792 2793 /* Update statistics */ 2794 net->stats.tx_errors++; 2795 } 2796 2797 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, 2798 const unsigned char *in_buf, int size) 2799 { 2800 struct net_device *net = dlci->net; 2801 struct sk_buff *skb; 2802 struct gsm_mux_net *mux_net = netdev_priv(net); 2803 muxnet_get(mux_net); 2804 2805 /* Allocate an sk_buff */ 2806 skb = dev_alloc_skb(size + NET_IP_ALIGN); 2807 if (!skb) { 2808 /* We got no receive buffer. */ 2809 net->stats.rx_dropped++; 2810 muxnet_put(mux_net); 2811 return; 2812 } 2813 skb_reserve(skb, NET_IP_ALIGN); 2814 skb_put_data(skb, in_buf, size); 2815 2816 skb->dev = net; 2817 skb->protocol = htons(ETH_P_IP); 2818 2819 /* Ship it off to the kernel */ 2820 netif_rx(skb); 2821 2822 /* update out statistics */ 2823 net->stats.rx_packets++; 2824 net->stats.rx_bytes += size; 2825 muxnet_put(mux_net); 2826 return; 2827 } 2828 2829 static void gsm_mux_net_init(struct net_device *net) 2830 { 2831 static const struct net_device_ops gsm_netdev_ops = { 2832 .ndo_open = gsm_mux_net_open, 2833 .ndo_stop = gsm_mux_net_close, 2834 .ndo_start_xmit = gsm_mux_net_start_xmit, 2835 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 2836 }; 2837 2838 net->netdev_ops = &gsm_netdev_ops; 2839 2840 /* fill in the other fields */ 2841 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 2842 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 2843 net->type = ARPHRD_NONE; 2844 net->tx_queue_len = 10; 2845 } 2846 2847 2848 /* caller holds the dlci mutex */ 2849 static void gsm_destroy_network(struct gsm_dlci *dlci) 2850 { 2851 struct gsm_mux_net *mux_net; 2852 2853 pr_debug("destroy network interface\n"); 2854 if (!dlci->net) 2855 return; 2856 mux_net = netdev_priv(dlci->net); 2857 muxnet_put(mux_net); 2858 } 2859 2860 2861 /* caller holds the dlci mutex */ 2862 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 2863 { 2864 char *netname; 2865 int retval = 0; 2866 struct net_device *net; 2867 struct gsm_mux_net *mux_net; 2868 2869 if (!capable(CAP_NET_ADMIN)) 2870 return -EPERM; 2871 2872 /* Already in a non tty mode */ 2873 if (dlci->adaption > 2) 2874 return -EBUSY; 2875 2876 if (nc->protocol != htons(ETH_P_IP)) 2877 return -EPROTONOSUPPORT; 2878 2879 if (nc->adaption != 3 && nc->adaption != 4) 2880 return -EPROTONOSUPPORT; 2881 2882 pr_debug("create network interface\n"); 2883 2884 netname = "gsm%d"; 2885 if (nc->if_name[0] != '\0') 2886 netname = nc->if_name; 2887 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 2888 NET_NAME_UNKNOWN, gsm_mux_net_init); 2889 if (!net) { 2890 pr_err("alloc_netdev failed\n"); 2891 return -ENOMEM; 2892 } 2893 net->mtu = dlci->gsm->mtu; 2894 net->min_mtu = 8; 2895 net->max_mtu = dlci->gsm->mtu; 2896 mux_net = netdev_priv(net); 2897 mux_net->dlci = dlci; 2898 kref_init(&mux_net->ref); 2899 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */ 2900 2901 /* reconfigure dlci for network */ 2902 dlci->prev_adaption = dlci->adaption; 2903 dlci->prev_data = dlci->data; 2904 dlci->adaption = nc->adaption; 2905 dlci->data = gsm_mux_rx_netchar; 2906 dlci->net = net; 2907 2908 pr_debug("register netdev\n"); 2909 retval = register_netdev(net); 2910 if (retval) { 2911 pr_err("network register fail %d\n", retval); 2912 dlci_net_free(dlci); 2913 return retval; 2914 } 2915 return net->ifindex; /* return network index */ 2916 } 2917 2918 /* Line discipline for real tty */ 2919 static struct tty_ldisc_ops tty_ldisc_packet = { 2920 .owner = THIS_MODULE, 2921 .num = N_GSM0710, 2922 .name = "n_gsm", 2923 .open = gsmld_open, 2924 .close = gsmld_close, 2925 .flush_buffer = gsmld_flush_buffer, 2926 .read = gsmld_read, 2927 .write = gsmld_write, 2928 .ioctl = gsmld_ioctl, 2929 .poll = gsmld_poll, 2930 .receive_buf = gsmld_receive_buf, 2931 .write_wakeup = gsmld_write_wakeup 2932 }; 2933 2934 /* 2935 * Virtual tty side 2936 */ 2937 2938 #define TX_SIZE 512 2939 2940 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) 2941 { 2942 u8 modembits[5]; 2943 struct gsm_control *ctrl; 2944 int len = 2; 2945 2946 if (brk) 2947 len++; 2948 2949 modembits[0] = len << 1 | EA; /* Data bytes */ 2950 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */ 2951 modembits[2] = gsm_encode_modem(dlci) << 1 | EA; 2952 if (brk) 2953 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */ 2954 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1); 2955 if (ctrl == NULL) 2956 return -ENOMEM; 2957 return gsm_control_wait(dlci->gsm, ctrl); 2958 } 2959 2960 static int gsm_carrier_raised(struct tty_port *port) 2961 { 2962 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2963 struct gsm_mux *gsm = dlci->gsm; 2964 2965 /* Not yet open so no carrier info */ 2966 if (dlci->state != DLCI_OPEN) 2967 return 0; 2968 if (debug & 2) 2969 return 1; 2970 2971 /* 2972 * Basic mode with control channel in ADM mode may not respond 2973 * to CMD_MSC at all and modem_rx is empty. 2974 */ 2975 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM && 2976 !dlci->modem_rx) 2977 return 1; 2978 2979 return dlci->modem_rx & TIOCM_CD; 2980 } 2981 2982 static void gsm_dtr_rts(struct tty_port *port, int onoff) 2983 { 2984 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2985 unsigned int modem_tx = dlci->modem_tx; 2986 if (onoff) 2987 modem_tx |= TIOCM_DTR | TIOCM_RTS; 2988 else 2989 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 2990 if (modem_tx != dlci->modem_tx) { 2991 dlci->modem_tx = modem_tx; 2992 gsmtty_modem_update(dlci, 0); 2993 } 2994 } 2995 2996 static const struct tty_port_operations gsm_port_ops = { 2997 .carrier_raised = gsm_carrier_raised, 2998 .dtr_rts = gsm_dtr_rts, 2999 .destruct = gsm_dlci_free, 3000 }; 3001 3002 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 3003 { 3004 struct gsm_mux *gsm; 3005 struct gsm_dlci *dlci; 3006 unsigned int line = tty->index; 3007 unsigned int mux = mux_line_to_num(line); 3008 bool alloc = false; 3009 int ret; 3010 3011 line = line & 0x3F; 3012 3013 if (mux >= MAX_MUX) 3014 return -ENXIO; 3015 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 3016 if (gsm_mux[mux] == NULL) 3017 return -EUNATCH; 3018 if (line == 0 || line > 61) /* 62/63 reserved */ 3019 return -ECHRNG; 3020 gsm = gsm_mux[mux]; 3021 if (gsm->dead) 3022 return -EL2HLT; 3023 /* If DLCI 0 is not yet fully open return an error. 3024 This is ok from a locking 3025 perspective as we don't have to worry about this 3026 if DLCI0 is lost */ 3027 mutex_lock(&gsm->mutex); 3028 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) { 3029 mutex_unlock(&gsm->mutex); 3030 return -EL2NSYNC; 3031 } 3032 dlci = gsm->dlci[line]; 3033 if (dlci == NULL) { 3034 alloc = true; 3035 dlci = gsm_dlci_alloc(gsm, line); 3036 } 3037 if (dlci == NULL) { 3038 mutex_unlock(&gsm->mutex); 3039 return -ENOMEM; 3040 } 3041 ret = tty_port_install(&dlci->port, driver, tty); 3042 if (ret) { 3043 if (alloc) 3044 dlci_put(dlci); 3045 mutex_unlock(&gsm->mutex); 3046 return ret; 3047 } 3048 3049 dlci_get(dlci); 3050 dlci_get(gsm->dlci[0]); 3051 mux_get(gsm); 3052 tty->driver_data = dlci; 3053 mutex_unlock(&gsm->mutex); 3054 3055 return 0; 3056 } 3057 3058 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 3059 { 3060 struct gsm_dlci *dlci = tty->driver_data; 3061 struct tty_port *port = &dlci->port; 3062 struct gsm_mux *gsm = dlci->gsm; 3063 3064 port->count++; 3065 tty_port_tty_set(port, tty); 3066 3067 dlci->modem_rx = 0; 3068 /* We could in theory open and close before we wait - eg if we get 3069 a DM straight back. This is ok as that will have caused a hangup */ 3070 tty_port_set_initialized(port, 1); 3071 /* Start sending off SABM messages */ 3072 if (gsm->initiator) 3073 gsm_dlci_begin_open(dlci); 3074 /* And wait for virtual carrier */ 3075 return tty_port_block_til_ready(port, tty, filp); 3076 } 3077 3078 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 3079 { 3080 struct gsm_dlci *dlci = tty->driver_data; 3081 3082 if (dlci == NULL) 3083 return; 3084 if (dlci->state == DLCI_CLOSED) 3085 return; 3086 mutex_lock(&dlci->mutex); 3087 gsm_destroy_network(dlci); 3088 mutex_unlock(&dlci->mutex); 3089 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 3090 return; 3091 gsm_dlci_begin_close(dlci); 3092 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 3093 tty_port_lower_dtr_rts(&dlci->port); 3094 tty_port_close_end(&dlci->port, tty); 3095 tty_port_tty_set(&dlci->port, NULL); 3096 return; 3097 } 3098 3099 static void gsmtty_hangup(struct tty_struct *tty) 3100 { 3101 struct gsm_dlci *dlci = tty->driver_data; 3102 if (dlci->state == DLCI_CLOSED) 3103 return; 3104 tty_port_hangup(&dlci->port); 3105 gsm_dlci_begin_close(dlci); 3106 } 3107 3108 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, 3109 int len) 3110 { 3111 int sent; 3112 struct gsm_dlci *dlci = tty->driver_data; 3113 if (dlci->state == DLCI_CLOSED) 3114 return -EINVAL; 3115 /* Stuff the bytes into the fifo queue */ 3116 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 3117 /* Need to kick the channel */ 3118 gsm_dlci_data_kick(dlci); 3119 return sent; 3120 } 3121 3122 static unsigned int gsmtty_write_room(struct tty_struct *tty) 3123 { 3124 struct gsm_dlci *dlci = tty->driver_data; 3125 if (dlci->state == DLCI_CLOSED) 3126 return 0; 3127 return TX_SIZE - kfifo_len(&dlci->fifo); 3128 } 3129 3130 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty) 3131 { 3132 struct gsm_dlci *dlci = tty->driver_data; 3133 if (dlci->state == DLCI_CLOSED) 3134 return 0; 3135 return kfifo_len(&dlci->fifo); 3136 } 3137 3138 static void gsmtty_flush_buffer(struct tty_struct *tty) 3139 { 3140 struct gsm_dlci *dlci = tty->driver_data; 3141 if (dlci->state == DLCI_CLOSED) 3142 return; 3143 /* Caution needed: If we implement reliable transport classes 3144 then the data being transmitted can't simply be junked once 3145 it has first hit the stack. Until then we can just blow it 3146 away */ 3147 kfifo_reset(&dlci->fifo); 3148 /* Need to unhook this DLCI from the transmit queue logic */ 3149 } 3150 3151 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 3152 { 3153 /* The FIFO handles the queue so the kernel will do the right 3154 thing waiting on chars_in_buffer before calling us. No work 3155 to do here */ 3156 } 3157 3158 static int gsmtty_tiocmget(struct tty_struct *tty) 3159 { 3160 struct gsm_dlci *dlci = tty->driver_data; 3161 if (dlci->state == DLCI_CLOSED) 3162 return -EINVAL; 3163 return dlci->modem_rx; 3164 } 3165 3166 static int gsmtty_tiocmset(struct tty_struct *tty, 3167 unsigned int set, unsigned int clear) 3168 { 3169 struct gsm_dlci *dlci = tty->driver_data; 3170 unsigned int modem_tx = dlci->modem_tx; 3171 3172 if (dlci->state == DLCI_CLOSED) 3173 return -EINVAL; 3174 modem_tx &= ~clear; 3175 modem_tx |= set; 3176 3177 if (modem_tx != dlci->modem_tx) { 3178 dlci->modem_tx = modem_tx; 3179 return gsmtty_modem_update(dlci, 0); 3180 } 3181 return 0; 3182 } 3183 3184 3185 static int gsmtty_ioctl(struct tty_struct *tty, 3186 unsigned int cmd, unsigned long arg) 3187 { 3188 struct gsm_dlci *dlci = tty->driver_data; 3189 struct gsm_netconfig nc; 3190 int index; 3191 3192 if (dlci->state == DLCI_CLOSED) 3193 return -EINVAL; 3194 switch (cmd) { 3195 case GSMIOC_ENABLE_NET: 3196 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 3197 return -EFAULT; 3198 nc.if_name[IFNAMSIZ-1] = '\0'; 3199 /* return net interface index or error code */ 3200 mutex_lock(&dlci->mutex); 3201 index = gsm_create_network(dlci, &nc); 3202 mutex_unlock(&dlci->mutex); 3203 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 3204 return -EFAULT; 3205 return index; 3206 case GSMIOC_DISABLE_NET: 3207 if (!capable(CAP_NET_ADMIN)) 3208 return -EPERM; 3209 mutex_lock(&dlci->mutex); 3210 gsm_destroy_network(dlci); 3211 mutex_unlock(&dlci->mutex); 3212 return 0; 3213 default: 3214 return -ENOIOCTLCMD; 3215 } 3216 } 3217 3218 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) 3219 { 3220 struct gsm_dlci *dlci = tty->driver_data; 3221 if (dlci->state == DLCI_CLOSED) 3222 return; 3223 /* For the moment its fixed. In actual fact the speed information 3224 for the virtual channel can be propogated in both directions by 3225 the RPN control message. This however rapidly gets nasty as we 3226 then have to remap modem signals each way according to whether 3227 our virtual cable is null modem etc .. */ 3228 tty_termios_copy_hw(&tty->termios, old); 3229 } 3230 3231 static void gsmtty_throttle(struct tty_struct *tty) 3232 { 3233 struct gsm_dlci *dlci = tty->driver_data; 3234 if (dlci->state == DLCI_CLOSED) 3235 return; 3236 if (C_CRTSCTS(tty)) 3237 dlci->modem_tx &= ~TIOCM_DTR; 3238 dlci->throttled = true; 3239 /* Send an MSC with DTR cleared */ 3240 gsmtty_modem_update(dlci, 0); 3241 } 3242 3243 static void gsmtty_unthrottle(struct tty_struct *tty) 3244 { 3245 struct gsm_dlci *dlci = tty->driver_data; 3246 if (dlci->state == DLCI_CLOSED) 3247 return; 3248 if (C_CRTSCTS(tty)) 3249 dlci->modem_tx |= TIOCM_DTR; 3250 dlci->throttled = false; 3251 /* Send an MSC with DTR set */ 3252 gsmtty_modem_update(dlci, 0); 3253 } 3254 3255 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 3256 { 3257 struct gsm_dlci *dlci = tty->driver_data; 3258 int encode = 0; /* Off */ 3259 if (dlci->state == DLCI_CLOSED) 3260 return -EINVAL; 3261 3262 if (state == -1) /* "On indefinitely" - we can't encode this 3263 properly */ 3264 encode = 0x0F; 3265 else if (state > 0) { 3266 encode = state / 200; /* mS to encoding */ 3267 if (encode > 0x0F) 3268 encode = 0x0F; /* Best effort */ 3269 } 3270 return gsmtty_modem_update(dlci, encode); 3271 } 3272 3273 static void gsmtty_cleanup(struct tty_struct *tty) 3274 { 3275 struct gsm_dlci *dlci = tty->driver_data; 3276 struct gsm_mux *gsm = dlci->gsm; 3277 3278 dlci_put(dlci); 3279 dlci_put(gsm->dlci[0]); 3280 mux_put(gsm); 3281 } 3282 3283 /* Virtual ttys for the demux */ 3284 static const struct tty_operations gsmtty_ops = { 3285 .install = gsmtty_install, 3286 .open = gsmtty_open, 3287 .close = gsmtty_close, 3288 .write = gsmtty_write, 3289 .write_room = gsmtty_write_room, 3290 .chars_in_buffer = gsmtty_chars_in_buffer, 3291 .flush_buffer = gsmtty_flush_buffer, 3292 .ioctl = gsmtty_ioctl, 3293 .throttle = gsmtty_throttle, 3294 .unthrottle = gsmtty_unthrottle, 3295 .set_termios = gsmtty_set_termios, 3296 .hangup = gsmtty_hangup, 3297 .wait_until_sent = gsmtty_wait_until_sent, 3298 .tiocmget = gsmtty_tiocmget, 3299 .tiocmset = gsmtty_tiocmset, 3300 .break_ctl = gsmtty_break_ctl, 3301 .cleanup = gsmtty_cleanup, 3302 }; 3303 3304 3305 3306 static int __init gsm_init(void) 3307 { 3308 /* Fill in our line protocol discipline, and register it */ 3309 int status = tty_register_ldisc(&tty_ldisc_packet); 3310 if (status != 0) { 3311 pr_err("n_gsm: can't register line discipline (err = %d)\n", 3312 status); 3313 return status; 3314 } 3315 3316 gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW | 3317 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK); 3318 if (IS_ERR(gsm_tty_driver)) { 3319 pr_err("gsm_init: tty allocation failed.\n"); 3320 status = PTR_ERR(gsm_tty_driver); 3321 goto err_unreg_ldisc; 3322 } 3323 gsm_tty_driver->driver_name = "gsmtty"; 3324 gsm_tty_driver->name = "gsmtty"; 3325 gsm_tty_driver->major = 0; /* Dynamic */ 3326 gsm_tty_driver->minor_start = 0; 3327 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 3328 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 3329 gsm_tty_driver->init_termios = tty_std_termios; 3330 /* Fixme */ 3331 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 3332 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 3333 3334 if (tty_register_driver(gsm_tty_driver)) { 3335 pr_err("gsm_init: tty registration failed.\n"); 3336 status = -EBUSY; 3337 goto err_put_driver; 3338 } 3339 pr_debug("gsm_init: loaded as %d,%d.\n", 3340 gsm_tty_driver->major, gsm_tty_driver->minor_start); 3341 return 0; 3342 err_put_driver: 3343 tty_driver_kref_put(gsm_tty_driver); 3344 err_unreg_ldisc: 3345 tty_unregister_ldisc(&tty_ldisc_packet); 3346 return status; 3347 } 3348 3349 static void __exit gsm_exit(void) 3350 { 3351 tty_unregister_ldisc(&tty_ldisc_packet); 3352 tty_unregister_driver(gsm_tty_driver); 3353 tty_driver_kref_put(gsm_tty_driver); 3354 } 3355 3356 module_init(gsm_init); 3357 module_exit(gsm_exit); 3358 3359 3360 MODULE_LICENSE("GPL"); 3361 MODULE_ALIAS_LDISC(N_GSM0710); 3362