1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 7 * 8 * TO DO: 9 * Mostly done: ioctls for setting modes/timing 10 * Partly done: hooks so you can pull off frames to non tty devs 11 * Restart DLCI 0 when it closes ? 12 * Improve the tx engine 13 * Resolve tx side locking by adding a queue_head and routing 14 * all control traffic via it 15 * General tidy/document 16 * Review the locking/move to refcounts more (mux now moved to an 17 * alloc/free model ready) 18 * Use newest tty open/close port helpers and install hooks 19 * What to do about power functions ? 20 * Termios setting and negotiation 21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 22 * 23 */ 24 25 #include <linux/types.h> 26 #include <linux/major.h> 27 #include <linux/errno.h> 28 #include <linux/signal.h> 29 #include <linux/fcntl.h> 30 #include <linux/sched/signal.h> 31 #include <linux/interrupt.h> 32 #include <linux/tty.h> 33 #include <linux/ctype.h> 34 #include <linux/mm.h> 35 #include <linux/string.h> 36 #include <linux/slab.h> 37 #include <linux/poll.h> 38 #include <linux/bitops.h> 39 #include <linux/file.h> 40 #include <linux/uaccess.h> 41 #include <linux/module.h> 42 #include <linux/timer.h> 43 #include <linux/tty_flip.h> 44 #include <linux/tty_driver.h> 45 #include <linux/serial.h> 46 #include <linux/kfifo.h> 47 #include <linux/skbuff.h> 48 #include <net/arp.h> 49 #include <linux/ip.h> 50 #include <linux/netdevice.h> 51 #include <linux/etherdevice.h> 52 #include <linux/gsmmux.h> 53 54 static int debug; 55 module_param(debug, int, 0600); 56 57 /* Defaults: these are from the specification */ 58 59 #define T1 10 /* 100mS */ 60 #define T2 34 /* 333mS */ 61 #define N2 3 /* Retry 3 times */ 62 63 /* Use long timers for testing at low speed with debug on */ 64 #ifdef DEBUG_TIMING 65 #define T1 100 66 #define T2 200 67 #endif 68 69 /* 70 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 71 * limits so this is plenty 72 */ 73 #define MAX_MRU 1500 74 #define MAX_MTU 1500 75 #define GSM_NET_TX_TIMEOUT (HZ*10) 76 77 /** 78 * struct gsm_mux_net - network interface 79 * 80 * Created when net interface is initialized. 81 */ 82 struct gsm_mux_net { 83 struct kref ref; 84 struct gsm_dlci *dlci; 85 }; 86 87 /* 88 * Each block of data we have queued to go out is in the form of 89 * a gsm_msg which holds everything we need in a link layer independent 90 * format 91 */ 92 93 struct gsm_msg { 94 struct list_head list; 95 u8 addr; /* DLCI address + flags */ 96 u8 ctrl; /* Control byte + flags */ 97 unsigned int len; /* Length of data block (can be zero) */ 98 unsigned char *data; /* Points into buffer but not at the start */ 99 unsigned char buffer[]; 100 }; 101 102 enum gsm_dlci_state { 103 DLCI_CLOSED, 104 DLCI_OPENING, /* Sending SABM not seen UA */ 105 DLCI_OPEN, /* SABM/UA complete */ 106 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 107 }; 108 109 enum gsm_dlci_mode { 110 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 111 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 112 }; 113 114 /* 115 * Each active data link has a gsm_dlci structure associated which ties 116 * the link layer to an optional tty (if the tty side is open). To avoid 117 * complexity right now these are only ever freed up when the mux is 118 * shut down. 119 * 120 * At the moment we don't free DLCI objects until the mux is torn down 121 * this avoid object life time issues but might be worth review later. 122 */ 123 124 struct gsm_dlci { 125 struct gsm_mux *gsm; 126 int addr; 127 enum gsm_dlci_state state; 128 struct mutex mutex; 129 130 /* Link layer */ 131 enum gsm_dlci_mode mode; 132 spinlock_t lock; /* Protects the internal state */ 133 struct timer_list t1; /* Retransmit timer for SABM and UA */ 134 int retries; 135 /* Uplink tty if active */ 136 struct tty_port port; /* The tty bound to this DLCI if there is one */ 137 struct kfifo fifo; /* Queue fifo for the DLCI */ 138 int adaption; /* Adaption layer in use */ 139 int prev_adaption; 140 u32 modem_rx; /* Our incoming virtual modem lines */ 141 u32 modem_tx; /* Our outgoing modem lines */ 142 bool dead; /* Refuse re-open */ 143 /* Flow control */ 144 bool throttled; /* Private copy of throttle state */ 145 bool constipated; /* Throttle status for outgoing */ 146 /* Packetised I/O */ 147 struct sk_buff *skb; /* Frame being sent */ 148 struct sk_buff_head skb_list; /* Queued frames */ 149 /* Data handling callback */ 150 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 151 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 152 struct net_device *net; /* network interface, if created */ 153 }; 154 155 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 156 157 #define NUM_DLCI 64 158 159 /* 160 * DLCI 0 is used to pass control blocks out of band of the data 161 * flow (and with a higher link priority). One command can be outstanding 162 * at a time and we use this structure to manage them. They are created 163 * and destroyed by the user context, and updated by the receive paths 164 * and timers 165 */ 166 167 struct gsm_control { 168 u8 cmd; /* Command we are issuing */ 169 u8 *data; /* Data for the command in case we retransmit */ 170 int len; /* Length of block for retransmission */ 171 int done; /* Done flag */ 172 int error; /* Error if any */ 173 }; 174 175 enum gsm_mux_state { 176 GSM_SEARCH, 177 GSM_START, 178 GSM_ADDRESS, 179 GSM_CONTROL, 180 GSM_LEN, 181 GSM_DATA, 182 GSM_FCS, 183 GSM_OVERRUN, 184 GSM_LEN0, 185 GSM_LEN1, 186 GSM_SSOF, 187 }; 188 189 /* 190 * Each GSM mux we have is represented by this structure. If we are 191 * operating as an ldisc then we use this structure as our ldisc 192 * state. We need to sort out lifetimes and locking with respect 193 * to the gsm mux array. For now we don't free DLCI objects that 194 * have been instantiated until the mux itself is terminated. 195 * 196 * To consider further: tty open versus mux shutdown. 197 */ 198 199 struct gsm_mux { 200 struct tty_struct *tty; /* The tty our ldisc is bound to */ 201 spinlock_t lock; 202 struct mutex mutex; 203 unsigned int num; 204 struct kref ref; 205 206 /* Events on the GSM channel */ 207 wait_queue_head_t event; 208 209 /* Bits for GSM mode decoding */ 210 211 /* Framing Layer */ 212 unsigned char *buf; 213 enum gsm_mux_state state; 214 unsigned int len; 215 unsigned int address; 216 unsigned int count; 217 bool escape; 218 int encoding; 219 u8 control; 220 u8 fcs; 221 u8 received_fcs; 222 u8 *txframe; /* TX framing buffer */ 223 224 /* Method for the receiver side */ 225 void (*receive)(struct gsm_mux *gsm, u8 ch); 226 227 /* Link Layer */ 228 unsigned int mru; 229 unsigned int mtu; 230 int initiator; /* Did we initiate connection */ 231 bool dead; /* Has the mux been shut down */ 232 struct gsm_dlci *dlci[NUM_DLCI]; 233 bool constipated; /* Asked by remote to shut up */ 234 235 spinlock_t tx_lock; 236 unsigned int tx_bytes; /* TX data outstanding */ 237 #define TX_THRESH_HI 8192 238 #define TX_THRESH_LO 2048 239 struct list_head tx_list; /* Pending data packets */ 240 241 /* Control messages */ 242 struct timer_list t2_timer; /* Retransmit timer for commands */ 243 int cretries; /* Command retry counter */ 244 struct gsm_control *pending_cmd;/* Our current pending command */ 245 spinlock_t control_lock; /* Protects the pending command */ 246 247 /* Configuration */ 248 int adaption; /* 1 or 2 supported */ 249 u8 ftype; /* UI or UIH */ 250 int t1, t2; /* Timers in 1/100th of a sec */ 251 int n2; /* Retry count */ 252 253 /* Statistics (not currently exposed) */ 254 unsigned long bad_fcs; 255 unsigned long malformed; 256 unsigned long io_error; 257 unsigned long bad_size; 258 unsigned long unsupported; 259 }; 260 261 262 /* 263 * Mux objects - needed so that we can translate a tty index into the 264 * relevant mux and DLCI. 265 */ 266 267 #define MAX_MUX 4 /* 256 minors */ 268 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 269 static spinlock_t gsm_mux_lock; 270 271 static struct tty_driver *gsm_tty_driver; 272 273 /* 274 * This section of the driver logic implements the GSM encodings 275 * both the basic and the 'advanced'. Reliable transport is not 276 * supported. 277 */ 278 279 #define CR 0x02 280 #define EA 0x01 281 #define PF 0x10 282 283 /* I is special: the rest are ..*/ 284 #define RR 0x01 285 #define UI 0x03 286 #define RNR 0x05 287 #define REJ 0x09 288 #define DM 0x0F 289 #define SABM 0x2F 290 #define DISC 0x43 291 #define UA 0x63 292 #define UIH 0xEF 293 294 /* Channel commands */ 295 #define CMD_NSC 0x09 296 #define CMD_TEST 0x11 297 #define CMD_PSC 0x21 298 #define CMD_RLS 0x29 299 #define CMD_FCOFF 0x31 300 #define CMD_PN 0x41 301 #define CMD_RPN 0x49 302 #define CMD_FCON 0x51 303 #define CMD_CLD 0x61 304 #define CMD_SNC 0x69 305 #define CMD_MSC 0x71 306 307 /* Virtual modem bits */ 308 #define MDM_FC 0x01 309 #define MDM_RTC 0x02 310 #define MDM_RTR 0x04 311 #define MDM_IC 0x20 312 #define MDM_DV 0x40 313 314 #define GSM0_SOF 0xF9 315 #define GSM1_SOF 0x7E 316 #define GSM1_ESCAPE 0x7D 317 #define GSM1_ESCAPE_BITS 0x20 318 #define XON 0x11 319 #define XOFF 0x13 320 321 static const struct tty_port_operations gsm_port_ops; 322 323 /* 324 * CRC table for GSM 0710 325 */ 326 327 static const u8 gsm_fcs8[256] = { 328 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 329 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 330 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 331 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 332 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 333 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 334 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 335 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 336 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 337 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 338 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 339 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 340 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 341 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 342 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 343 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 344 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 345 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 346 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 347 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 348 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 349 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 350 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 351 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 352 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 353 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 354 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 355 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 356 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 357 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 358 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 359 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 360 }; 361 362 #define INIT_FCS 0xFF 363 #define GOOD_FCS 0xCF 364 365 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len); 366 367 /** 368 * gsm_fcs_add - update FCS 369 * @fcs: Current FCS 370 * @c: Next data 371 * 372 * Update the FCS to include c. Uses the algorithm in the specification 373 * notes. 374 */ 375 376 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 377 { 378 return gsm_fcs8[fcs ^ c]; 379 } 380 381 /** 382 * gsm_fcs_add_block - update FCS for a block 383 * @fcs: Current FCS 384 * @c: buffer of data 385 * @len: length of buffer 386 * 387 * Update the FCS to include c. Uses the algorithm in the specification 388 * notes. 389 */ 390 391 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 392 { 393 while (len--) 394 fcs = gsm_fcs8[fcs ^ *c++]; 395 return fcs; 396 } 397 398 /** 399 * gsm_read_ea - read a byte into an EA 400 * @val: variable holding value 401 * @c: byte going into the EA 402 * 403 * Processes one byte of an EA. Updates the passed variable 404 * and returns 1 if the EA is now completely read 405 */ 406 407 static int gsm_read_ea(unsigned int *val, u8 c) 408 { 409 /* Add the next 7 bits into the value */ 410 *val <<= 7; 411 *val |= c >> 1; 412 /* Was this the last byte of the EA 1 = yes*/ 413 return c & EA; 414 } 415 416 /** 417 * gsm_encode_modem - encode modem data bits 418 * @dlci: DLCI to encode from 419 * 420 * Returns the correct GSM encoded modem status bits (6 bit field) for 421 * the current status of the DLCI and attached tty object 422 */ 423 424 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 425 { 426 u8 modembits = 0; 427 /* FC is true flow control not modem bits */ 428 if (dlci->throttled) 429 modembits |= MDM_FC; 430 if (dlci->modem_tx & TIOCM_DTR) 431 modembits |= MDM_RTC; 432 if (dlci->modem_tx & TIOCM_RTS) 433 modembits |= MDM_RTR; 434 if (dlci->modem_tx & TIOCM_RI) 435 modembits |= MDM_IC; 436 if (dlci->modem_tx & TIOCM_CD) 437 modembits |= MDM_DV; 438 return modembits; 439 } 440 441 /** 442 * gsm_print_packet - display a frame for debug 443 * @hdr: header to print before decode 444 * @addr: address EA from the frame 445 * @cr: C/R bit from the frame 446 * @control: control including PF bit 447 * @data: following data bytes 448 * @dlen: length of data 449 * 450 * Displays a packet in human readable format for debugging purposes. The 451 * style is based on amateur radio LAP-B dump display. 452 */ 453 454 static void gsm_print_packet(const char *hdr, int addr, int cr, 455 u8 control, const u8 *data, int dlen) 456 { 457 if (!(debug & 1)) 458 return; 459 460 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 461 462 switch (control & ~PF) { 463 case SABM: 464 pr_cont("SABM"); 465 break; 466 case UA: 467 pr_cont("UA"); 468 break; 469 case DISC: 470 pr_cont("DISC"); 471 break; 472 case DM: 473 pr_cont("DM"); 474 break; 475 case UI: 476 pr_cont("UI"); 477 break; 478 case UIH: 479 pr_cont("UIH"); 480 break; 481 default: 482 if (!(control & 0x01)) { 483 pr_cont("I N(S)%d N(R)%d", 484 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 485 } else switch (control & 0x0F) { 486 case RR: 487 pr_cont("RR(%d)", (control & 0xE0) >> 5); 488 break; 489 case RNR: 490 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 491 break; 492 case REJ: 493 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 494 break; 495 default: 496 pr_cont("[%02X]", control); 497 } 498 } 499 500 if (control & PF) 501 pr_cont("(P)"); 502 else 503 pr_cont("(F)"); 504 505 print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen); 506 } 507 508 509 /* 510 * Link level transmission side 511 */ 512 513 /** 514 * gsm_stuff_packet - bytestuff a packet 515 * @input: input buffer 516 * @output: output buffer 517 * @len: length of input 518 * 519 * Expand a buffer by bytestuffing it. The worst case size change 520 * is doubling and the caller is responsible for handing out 521 * suitable sized buffers. 522 */ 523 524 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 525 { 526 int olen = 0; 527 while (len--) { 528 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 529 || *input == XON || *input == XOFF) { 530 *output++ = GSM1_ESCAPE; 531 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 532 olen++; 533 } else 534 *output++ = *input++; 535 olen++; 536 } 537 return olen; 538 } 539 540 /** 541 * gsm_send - send a control frame 542 * @gsm: our GSM mux 543 * @addr: address for control frame 544 * @cr: command/response bit 545 * @control: control byte including PF bit 546 * 547 * Format up and transmit a control frame. These do not go via the 548 * queueing logic as they should be transmitted ahead of data when 549 * they are needed. 550 * 551 * FIXME: Lock versus data TX path 552 */ 553 554 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 555 { 556 int len; 557 u8 cbuf[10]; 558 u8 ibuf[3]; 559 560 switch (gsm->encoding) { 561 case 0: 562 cbuf[0] = GSM0_SOF; 563 cbuf[1] = (addr << 2) | (cr << 1) | EA; 564 cbuf[2] = control; 565 cbuf[3] = EA; /* Length of data = 0 */ 566 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3); 567 cbuf[5] = GSM0_SOF; 568 len = 6; 569 break; 570 case 1: 571 case 2: 572 /* Control frame + packing (but not frame stuffing) in mode 1 */ 573 ibuf[0] = (addr << 2) | (cr << 1) | EA; 574 ibuf[1] = control; 575 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2); 576 /* Stuffing may double the size worst case */ 577 len = gsm_stuff_frame(ibuf, cbuf + 1, 3); 578 /* Now add the SOF markers */ 579 cbuf[0] = GSM1_SOF; 580 cbuf[len + 1] = GSM1_SOF; 581 /* FIXME: we can omit the lead one in many cases */ 582 len += 2; 583 break; 584 default: 585 WARN_ON(1); 586 return; 587 } 588 gsmld_output(gsm, cbuf, len); 589 gsm_print_packet("-->", addr, cr, control, NULL, 0); 590 } 591 592 /** 593 * gsm_response - send a control response 594 * @gsm: our GSM mux 595 * @addr: address for control frame 596 * @control: control byte including PF bit 597 * 598 * Format up and transmit a link level response frame. 599 */ 600 601 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 602 { 603 gsm_send(gsm, addr, 0, control); 604 } 605 606 /** 607 * gsm_command - send a control command 608 * @gsm: our GSM mux 609 * @addr: address for control frame 610 * @control: control byte including PF bit 611 * 612 * Format up and transmit a link level command frame. 613 */ 614 615 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 616 { 617 gsm_send(gsm, addr, 1, control); 618 } 619 620 /* Data transmission */ 621 622 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 623 624 /** 625 * gsm_data_alloc - allocate data frame 626 * @gsm: GSM mux 627 * @addr: DLCI address 628 * @len: length excluding header and FCS 629 * @ctrl: control byte 630 * 631 * Allocate a new data buffer for sending frames with data. Space is left 632 * at the front for header bytes but that is treated as an implementation 633 * detail and not for the high level code to use 634 */ 635 636 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 637 u8 ctrl) 638 { 639 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 640 GFP_ATOMIC); 641 if (m == NULL) 642 return NULL; 643 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 644 m->len = len; 645 m->addr = addr; 646 m->ctrl = ctrl; 647 INIT_LIST_HEAD(&m->list); 648 return m; 649 } 650 651 /** 652 * gsm_data_kick - poke the queue 653 * @gsm: GSM Mux 654 * 655 * The tty device has called us to indicate that room has appeared in 656 * the transmit queue. Ram more data into the pipe if we have any 657 * If we have been flow-stopped by a CMD_FCOFF, then we can only 658 * send messages on DLCI0 until CMD_FCON 659 * 660 * FIXME: lock against link layer control transmissions 661 */ 662 663 static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci) 664 { 665 struct gsm_msg *msg, *nmsg; 666 int len; 667 668 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) { 669 if (gsm->constipated && msg->addr) 670 continue; 671 if (gsm->encoding != 0) { 672 gsm->txframe[0] = GSM1_SOF; 673 len = gsm_stuff_frame(msg->data, 674 gsm->txframe + 1, msg->len); 675 gsm->txframe[len + 1] = GSM1_SOF; 676 len += 2; 677 } else { 678 gsm->txframe[0] = GSM0_SOF; 679 memcpy(gsm->txframe + 1 , msg->data, msg->len); 680 gsm->txframe[msg->len + 1] = GSM0_SOF; 681 len = msg->len + 2; 682 } 683 684 if (debug & 4) 685 print_hex_dump_bytes("gsm_data_kick: ", 686 DUMP_PREFIX_OFFSET, 687 gsm->txframe, len); 688 if (gsmld_output(gsm, gsm->txframe, len) < 0) 689 break; 690 /* FIXME: Can eliminate one SOF in many more cases */ 691 gsm->tx_bytes -= msg->len; 692 693 list_del(&msg->list); 694 kfree(msg); 695 696 if (dlci) { 697 tty_port_tty_wakeup(&dlci->port); 698 } else { 699 int i = 0; 700 701 for (i = 0; i < NUM_DLCI; i++) 702 if (gsm->dlci[i]) 703 tty_port_tty_wakeup(&gsm->dlci[i]->port); 704 } 705 } 706 } 707 708 /** 709 * __gsm_data_queue - queue a UI or UIH frame 710 * @dlci: DLCI sending the data 711 * @msg: message queued 712 * 713 * Add data to the transmit queue and try and get stuff moving 714 * out of the mux tty if not already doing so. The Caller must hold 715 * the gsm tx lock. 716 */ 717 718 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 719 { 720 struct gsm_mux *gsm = dlci->gsm; 721 u8 *dp = msg->data; 722 u8 *fcs = dp + msg->len; 723 724 /* Fill in the header */ 725 if (gsm->encoding == 0) { 726 if (msg->len < 128) 727 *--dp = (msg->len << 1) | EA; 728 else { 729 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 730 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 731 } 732 } 733 734 *--dp = msg->ctrl; 735 if (gsm->initiator) 736 *--dp = (msg->addr << 2) | 2 | EA; 737 else 738 *--dp = (msg->addr << 2) | EA; 739 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 740 /* Ugly protocol layering violation */ 741 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 742 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 743 *fcs = 0xFF - *fcs; 744 745 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 746 msg->data, msg->len); 747 748 /* Move the header back and adjust the length, also allow for the FCS 749 now tacked on the end */ 750 msg->len += (msg->data - dp) + 1; 751 msg->data = dp; 752 753 /* Add to the actual output queue */ 754 list_add_tail(&msg->list, &gsm->tx_list); 755 gsm->tx_bytes += msg->len; 756 gsm_data_kick(gsm, dlci); 757 } 758 759 /** 760 * gsm_data_queue - queue a UI or UIH frame 761 * @dlci: DLCI sending the data 762 * @msg: message queued 763 * 764 * Add data to the transmit queue and try and get stuff moving 765 * out of the mux tty if not already doing so. Take the 766 * the gsm tx lock and dlci lock. 767 */ 768 769 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 770 { 771 unsigned long flags; 772 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 773 __gsm_data_queue(dlci, msg); 774 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 775 } 776 777 /** 778 * gsm_dlci_data_output - try and push data out of a DLCI 779 * @gsm: mux 780 * @dlci: the DLCI to pull data from 781 * 782 * Pull data from a DLCI and send it into the transmit queue if there 783 * is data. Keep to the MRU of the mux. This path handles the usual tty 784 * interface which is a byte stream with optional modem data. 785 * 786 * Caller must hold the tx_lock of the mux. 787 */ 788 789 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 790 { 791 struct gsm_msg *msg; 792 u8 *dp; 793 int len, total_size, size; 794 int h = dlci->adaption - 1; 795 796 total_size = 0; 797 while (1) { 798 len = kfifo_len(&dlci->fifo); 799 if (len == 0) 800 return total_size; 801 802 /* MTU/MRU count only the data bits */ 803 if (len > gsm->mtu) 804 len = gsm->mtu; 805 806 size = len + h; 807 808 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 809 /* FIXME: need a timer or something to kick this so it can't 810 get stuck with no work outstanding and no buffer free */ 811 if (msg == NULL) 812 return -ENOMEM; 813 dp = msg->data; 814 switch (dlci->adaption) { 815 case 1: /* Unstructured */ 816 break; 817 case 2: /* Unstructed with modem bits. 818 Always one byte as we never send inline break data */ 819 *dp++ = gsm_encode_modem(dlci); 820 break; 821 } 822 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len); 823 __gsm_data_queue(dlci, msg); 824 total_size += size; 825 } 826 /* Bytes of data we used up */ 827 return total_size; 828 } 829 830 /** 831 * gsm_dlci_data_output_framed - try and push data out of a DLCI 832 * @gsm: mux 833 * @dlci: the DLCI to pull data from 834 * 835 * Pull data from a DLCI and send it into the transmit queue if there 836 * is data. Keep to the MRU of the mux. This path handles framed data 837 * queued as skbuffs to the DLCI. 838 * 839 * Caller must hold the tx_lock of the mux. 840 */ 841 842 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 843 struct gsm_dlci *dlci) 844 { 845 struct gsm_msg *msg; 846 u8 *dp; 847 int len, size; 848 int last = 0, first = 0; 849 int overhead = 0; 850 851 /* One byte per frame is used for B/F flags */ 852 if (dlci->adaption == 4) 853 overhead = 1; 854 855 /* dlci->skb is locked by tx_lock */ 856 if (dlci->skb == NULL) { 857 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 858 if (dlci->skb == NULL) 859 return 0; 860 first = 1; 861 } 862 len = dlci->skb->len + overhead; 863 864 /* MTU/MRU count only the data bits */ 865 if (len > gsm->mtu) { 866 if (dlci->adaption == 3) { 867 /* Over long frame, bin it */ 868 dev_kfree_skb_any(dlci->skb); 869 dlci->skb = NULL; 870 return 0; 871 } 872 len = gsm->mtu; 873 } else 874 last = 1; 875 876 size = len + overhead; 877 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 878 879 /* FIXME: need a timer or something to kick this so it can't 880 get stuck with no work outstanding and no buffer free */ 881 if (msg == NULL) { 882 skb_queue_tail(&dlci->skb_list, dlci->skb); 883 dlci->skb = NULL; 884 return -ENOMEM; 885 } 886 dp = msg->data; 887 888 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 889 /* Flag byte to carry the start/end info */ 890 *dp++ = last << 7 | first << 6 | 1; /* EA */ 891 len--; 892 } 893 memcpy(dp, dlci->skb->data, len); 894 skb_pull(dlci->skb, len); 895 __gsm_data_queue(dlci, msg); 896 if (last) { 897 dev_kfree_skb_any(dlci->skb); 898 dlci->skb = NULL; 899 } 900 return size; 901 } 902 903 /** 904 * gsm_dlci_data_sweep - look for data to send 905 * @gsm: the GSM mux 906 * 907 * Sweep the GSM mux channels in priority order looking for ones with 908 * data to send. We could do with optimising this scan a bit. We aim 909 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 910 * TX_THRESH_LO we get called again 911 * 912 * FIXME: We should round robin between groups and in theory you can 913 * renegotiate DLCI priorities with optional stuff. Needs optimising. 914 */ 915 916 static void gsm_dlci_data_sweep(struct gsm_mux *gsm) 917 { 918 int len; 919 /* Priority ordering: We should do priority with RR of the groups */ 920 int i = 1; 921 922 while (i < NUM_DLCI) { 923 struct gsm_dlci *dlci; 924 925 if (gsm->tx_bytes > TX_THRESH_HI) 926 break; 927 dlci = gsm->dlci[i]; 928 if (dlci == NULL || dlci->constipated) { 929 i++; 930 continue; 931 } 932 if (dlci->adaption < 3 && !dlci->net) 933 len = gsm_dlci_data_output(gsm, dlci); 934 else 935 len = gsm_dlci_data_output_framed(gsm, dlci); 936 if (len < 0) 937 break; 938 /* DLCI empty - try the next */ 939 if (len == 0) 940 i++; 941 } 942 } 943 944 /** 945 * gsm_dlci_data_kick - transmit if possible 946 * @dlci: DLCI to kick 947 * 948 * Transmit data from this DLCI if the queue is empty. We can't rely on 949 * a tty wakeup except when we filled the pipe so we need to fire off 950 * new data ourselves in other cases. 951 */ 952 953 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 954 { 955 unsigned long flags; 956 int sweep; 957 958 if (dlci->constipated) 959 return; 960 961 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 962 /* If we have nothing running then we need to fire up */ 963 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 964 if (dlci->gsm->tx_bytes == 0) { 965 if (dlci->net) 966 gsm_dlci_data_output_framed(dlci->gsm, dlci); 967 else 968 gsm_dlci_data_output(dlci->gsm, dlci); 969 } 970 if (sweep) 971 gsm_dlci_data_sweep(dlci->gsm); 972 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 973 } 974 975 /* 976 * Control message processing 977 */ 978 979 980 /** 981 * gsm_control_reply - send a response frame to a control 982 * @gsm: gsm channel 983 * @cmd: the command to use 984 * @data: data to follow encoded info 985 * @dlen: length of data 986 * 987 * Encode up and queue a UI/UIH frame containing our response. 988 */ 989 990 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 991 int dlen) 992 { 993 struct gsm_msg *msg; 994 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype); 995 if (msg == NULL) 996 return; 997 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 998 msg->data[1] = (dlen << 1) | EA; 999 memcpy(msg->data + 2, data, dlen); 1000 gsm_data_queue(gsm->dlci[0], msg); 1001 } 1002 1003 /** 1004 * gsm_process_modem - process received modem status 1005 * @tty: virtual tty bound to the DLCI 1006 * @dlci: DLCI to affect 1007 * @modem: modem bits (full EA) 1008 * 1009 * Used when a modem control message or line state inline in adaption 1010 * layer 2 is processed. Sort out the local modem state and throttles 1011 */ 1012 1013 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1014 u32 modem, int clen) 1015 { 1016 int mlines = 0; 1017 u8 brk = 0; 1018 int fc; 1019 1020 /* The modem status command can either contain one octet (v.24 signals) 1021 or two octets (v.24 signals + break signals). The length field will 1022 either be 2 or 3 respectively. This is specified in section 1023 5.4.6.3.7 of the 27.010 mux spec. */ 1024 1025 if (clen == 2) 1026 modem = modem & 0x7f; 1027 else { 1028 brk = modem & 0x7f; 1029 modem = (modem >> 7) & 0x7f; 1030 } 1031 1032 /* Flow control/ready to communicate */ 1033 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1034 if (fc && !dlci->constipated) { 1035 /* Need to throttle our output on this device */ 1036 dlci->constipated = true; 1037 } else if (!fc && dlci->constipated) { 1038 dlci->constipated = false; 1039 gsm_dlci_data_kick(dlci); 1040 } 1041 1042 /* Map modem bits */ 1043 if (modem & MDM_RTC) 1044 mlines |= TIOCM_DSR | TIOCM_DTR; 1045 if (modem & MDM_RTR) 1046 mlines |= TIOCM_RTS | TIOCM_CTS; 1047 if (modem & MDM_IC) 1048 mlines |= TIOCM_RI; 1049 if (modem & MDM_DV) 1050 mlines |= TIOCM_CD; 1051 1052 /* Carrier drop -> hangup */ 1053 if (tty) { 1054 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1055 if (!C_CLOCAL(tty)) 1056 tty_hangup(tty); 1057 } 1058 if (brk & 0x01) 1059 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1060 dlci->modem_rx = mlines; 1061 } 1062 1063 /** 1064 * gsm_control_modem - modem status received 1065 * @gsm: GSM channel 1066 * @data: data following command 1067 * @clen: command length 1068 * 1069 * We have received a modem status control message. This is used by 1070 * the GSM mux protocol to pass virtual modem line status and optionally 1071 * to indicate break signals. Unpack it, convert to Linux representation 1072 * and if need be stuff a break message down the tty. 1073 */ 1074 1075 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1076 { 1077 unsigned int addr = 0; 1078 unsigned int modem = 0; 1079 unsigned int brk = 0; 1080 struct gsm_dlci *dlci; 1081 int len = clen; 1082 const u8 *dp = data; 1083 struct tty_struct *tty; 1084 1085 while (gsm_read_ea(&addr, *dp++) == 0) { 1086 len--; 1087 if (len == 0) 1088 return; 1089 } 1090 /* Must be at least one byte following the EA */ 1091 len--; 1092 if (len <= 0) 1093 return; 1094 1095 addr >>= 1; 1096 /* Closed port, or invalid ? */ 1097 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1098 return; 1099 dlci = gsm->dlci[addr]; 1100 1101 while (gsm_read_ea(&modem, *dp++) == 0) { 1102 len--; 1103 if (len == 0) 1104 return; 1105 } 1106 len--; 1107 if (len > 0) { 1108 while (gsm_read_ea(&brk, *dp++) == 0) { 1109 len--; 1110 if (len == 0) 1111 return; 1112 } 1113 modem <<= 7; 1114 modem |= (brk & 0x7f); 1115 } 1116 tty = tty_port_tty_get(&dlci->port); 1117 gsm_process_modem(tty, dlci, modem, clen); 1118 if (tty) { 1119 tty_wakeup(tty); 1120 tty_kref_put(tty); 1121 } 1122 gsm_control_reply(gsm, CMD_MSC, data, clen); 1123 } 1124 1125 /** 1126 * gsm_control_rls - remote line status 1127 * @gsm: GSM channel 1128 * @data: data bytes 1129 * @clen: data length 1130 * 1131 * The modem sends us a two byte message on the control channel whenever 1132 * it wishes to send us an error state from the virtual link. Stuff 1133 * this into the uplink tty if present 1134 */ 1135 1136 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1137 { 1138 struct tty_port *port; 1139 unsigned int addr = 0; 1140 u8 bits; 1141 int len = clen; 1142 const u8 *dp = data; 1143 1144 while (gsm_read_ea(&addr, *dp++) == 0) { 1145 len--; 1146 if (len == 0) 1147 return; 1148 } 1149 /* Must be at least one byte following ea */ 1150 len--; 1151 if (len <= 0) 1152 return; 1153 addr >>= 1; 1154 /* Closed port, or invalid ? */ 1155 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1156 return; 1157 /* No error ? */ 1158 bits = *dp; 1159 if ((bits & 1) == 0) 1160 return; 1161 1162 port = &gsm->dlci[addr]->port; 1163 1164 if (bits & 2) 1165 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1166 if (bits & 4) 1167 tty_insert_flip_char(port, 0, TTY_PARITY); 1168 if (bits & 8) 1169 tty_insert_flip_char(port, 0, TTY_FRAME); 1170 1171 tty_flip_buffer_push(port); 1172 1173 gsm_control_reply(gsm, CMD_RLS, data, clen); 1174 } 1175 1176 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1177 1178 /** 1179 * gsm_control_message - DLCI 0 control processing 1180 * @gsm: our GSM mux 1181 * @command: the command EA 1182 * @data: data beyond the command/length EAs 1183 * @clen: length 1184 * 1185 * Input processor for control messages from the other end of the link. 1186 * Processes the incoming request and queues a response frame or an 1187 * NSC response if not supported 1188 */ 1189 1190 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1191 const u8 *data, int clen) 1192 { 1193 u8 buf[1]; 1194 unsigned long flags; 1195 1196 switch (command) { 1197 case CMD_CLD: { 1198 struct gsm_dlci *dlci = gsm->dlci[0]; 1199 /* Modem wishes to close down */ 1200 if (dlci) { 1201 dlci->dead = true; 1202 gsm->dead = true; 1203 gsm_dlci_begin_close(dlci); 1204 } 1205 } 1206 break; 1207 case CMD_TEST: 1208 /* Modem wishes to test, reply with the data */ 1209 gsm_control_reply(gsm, CMD_TEST, data, clen); 1210 break; 1211 case CMD_FCON: 1212 /* Modem can accept data again */ 1213 gsm->constipated = false; 1214 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1215 /* Kick the link in case it is idling */ 1216 spin_lock_irqsave(&gsm->tx_lock, flags); 1217 gsm_data_kick(gsm, NULL); 1218 spin_unlock_irqrestore(&gsm->tx_lock, flags); 1219 break; 1220 case CMD_FCOFF: 1221 /* Modem wants us to STFU */ 1222 gsm->constipated = true; 1223 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1224 break; 1225 case CMD_MSC: 1226 /* Out of band modem line change indicator for a DLCI */ 1227 gsm_control_modem(gsm, data, clen); 1228 break; 1229 case CMD_RLS: 1230 /* Out of band error reception for a DLCI */ 1231 gsm_control_rls(gsm, data, clen); 1232 break; 1233 case CMD_PSC: 1234 /* Modem wishes to enter power saving state */ 1235 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1236 break; 1237 /* Optional unsupported commands */ 1238 case CMD_PN: /* Parameter negotiation */ 1239 case CMD_RPN: /* Remote port negotiation */ 1240 case CMD_SNC: /* Service negotiation command */ 1241 default: 1242 /* Reply to bad commands with an NSC */ 1243 buf[0] = command; 1244 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1245 break; 1246 } 1247 } 1248 1249 /** 1250 * gsm_control_response - process a response to our control 1251 * @gsm: our GSM mux 1252 * @command: the command (response) EA 1253 * @data: data beyond the command/length EA 1254 * @clen: length 1255 * 1256 * Process a response to an outstanding command. We only allow a single 1257 * control message in flight so this is fairly easy. All the clean up 1258 * is done by the caller, we just update the fields, flag it as done 1259 * and return 1260 */ 1261 1262 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1263 const u8 *data, int clen) 1264 { 1265 struct gsm_control *ctrl; 1266 unsigned long flags; 1267 1268 spin_lock_irqsave(&gsm->control_lock, flags); 1269 1270 ctrl = gsm->pending_cmd; 1271 /* Does the reply match our command */ 1272 command |= 1; 1273 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1274 /* Our command was replied to, kill the retry timer */ 1275 del_timer(&gsm->t2_timer); 1276 gsm->pending_cmd = NULL; 1277 /* Rejected by the other end */ 1278 if (command == CMD_NSC) 1279 ctrl->error = -EOPNOTSUPP; 1280 ctrl->done = 1; 1281 wake_up(&gsm->event); 1282 } 1283 spin_unlock_irqrestore(&gsm->control_lock, flags); 1284 } 1285 1286 /** 1287 * gsm_control_transmit - send control packet 1288 * @gsm: gsm mux 1289 * @ctrl: frame to send 1290 * 1291 * Send out a pending control command (called under control lock) 1292 */ 1293 1294 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 1295 { 1296 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype); 1297 if (msg == NULL) 1298 return; 1299 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */ 1300 memcpy(msg->data + 1, ctrl->data, ctrl->len); 1301 gsm_data_queue(gsm->dlci[0], msg); 1302 } 1303 1304 /** 1305 * gsm_control_retransmit - retransmit a control frame 1306 * @t: timer contained in our gsm object 1307 * 1308 * Called off the T2 timer expiry in order to retransmit control frames 1309 * that have been lost in the system somewhere. The control_lock protects 1310 * us from colliding with another sender or a receive completion event. 1311 * In that situation the timer may still occur in a small window but 1312 * gsm->pending_cmd will be NULL and we just let the timer expire. 1313 */ 1314 1315 static void gsm_control_retransmit(struct timer_list *t) 1316 { 1317 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer); 1318 struct gsm_control *ctrl; 1319 unsigned long flags; 1320 spin_lock_irqsave(&gsm->control_lock, flags); 1321 ctrl = gsm->pending_cmd; 1322 if (ctrl) { 1323 gsm->cretries--; 1324 if (gsm->cretries == 0) { 1325 gsm->pending_cmd = NULL; 1326 ctrl->error = -ETIMEDOUT; 1327 ctrl->done = 1; 1328 spin_unlock_irqrestore(&gsm->control_lock, flags); 1329 wake_up(&gsm->event); 1330 return; 1331 } 1332 gsm_control_transmit(gsm, ctrl); 1333 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1334 } 1335 spin_unlock_irqrestore(&gsm->control_lock, flags); 1336 } 1337 1338 /** 1339 * gsm_control_send - send a control frame on DLCI 0 1340 * @gsm: the GSM channel 1341 * @command: command to send including CR bit 1342 * @data: bytes of data (must be kmalloced) 1343 * @clen: length of the block to send 1344 * 1345 * Queue and dispatch a control command. Only one command can be 1346 * active at a time. In theory more can be outstanding but the matching 1347 * gets really complicated so for now stick to one outstanding. 1348 */ 1349 1350 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 1351 unsigned int command, u8 *data, int clen) 1352 { 1353 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), 1354 GFP_KERNEL); 1355 unsigned long flags; 1356 if (ctrl == NULL) 1357 return NULL; 1358 retry: 1359 wait_event(gsm->event, gsm->pending_cmd == NULL); 1360 spin_lock_irqsave(&gsm->control_lock, flags); 1361 if (gsm->pending_cmd != NULL) { 1362 spin_unlock_irqrestore(&gsm->control_lock, flags); 1363 goto retry; 1364 } 1365 ctrl->cmd = command; 1366 ctrl->data = data; 1367 ctrl->len = clen; 1368 gsm->pending_cmd = ctrl; 1369 1370 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 1371 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 1372 gsm->cretries = 1; 1373 else 1374 gsm->cretries = gsm->n2; 1375 1376 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1377 gsm_control_transmit(gsm, ctrl); 1378 spin_unlock_irqrestore(&gsm->control_lock, flags); 1379 return ctrl; 1380 } 1381 1382 /** 1383 * gsm_control_wait - wait for a control to finish 1384 * @gsm: GSM mux 1385 * @control: control we are waiting on 1386 * 1387 * Waits for the control to complete or time out. Frees any used 1388 * resources and returns 0 for success, or an error if the remote 1389 * rejected or ignored the request. 1390 */ 1391 1392 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 1393 { 1394 int err; 1395 wait_event(gsm->event, control->done == 1); 1396 err = control->error; 1397 kfree(control); 1398 return err; 1399 } 1400 1401 1402 /* 1403 * DLCI level handling: Needs krefs 1404 */ 1405 1406 /* 1407 * State transitions and timers 1408 */ 1409 1410 /** 1411 * gsm_dlci_close - a DLCI has closed 1412 * @dlci: DLCI that closed 1413 * 1414 * Perform processing when moving a DLCI into closed state. If there 1415 * is an attached tty this is hung up 1416 */ 1417 1418 static void gsm_dlci_close(struct gsm_dlci *dlci) 1419 { 1420 del_timer(&dlci->t1); 1421 if (debug & 8) 1422 pr_debug("DLCI %d goes closed.\n", dlci->addr); 1423 dlci->state = DLCI_CLOSED; 1424 if (dlci->addr != 0) { 1425 tty_port_tty_hangup(&dlci->port, false); 1426 kfifo_reset(&dlci->fifo); 1427 } else 1428 dlci->gsm->dead = true; 1429 wake_up(&dlci->gsm->event); 1430 /* A DLCI 0 close is a MUX termination so we need to kick that 1431 back to userspace somehow */ 1432 } 1433 1434 /** 1435 * gsm_dlci_open - a DLCI has opened 1436 * @dlci: DLCI that opened 1437 * 1438 * Perform processing when moving a DLCI into open state. 1439 */ 1440 1441 static void gsm_dlci_open(struct gsm_dlci *dlci) 1442 { 1443 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 1444 open -> open */ 1445 del_timer(&dlci->t1); 1446 /* This will let a tty open continue */ 1447 dlci->state = DLCI_OPEN; 1448 if (debug & 8) 1449 pr_debug("DLCI %d goes open.\n", dlci->addr); 1450 wake_up(&dlci->gsm->event); 1451 } 1452 1453 /** 1454 * gsm_dlci_t1 - T1 timer expiry 1455 * @t: timer contained in the DLCI that opened 1456 * 1457 * The T1 timer handles retransmits of control frames (essentially of 1458 * SABM and DISC). We resend the command until the retry count runs out 1459 * in which case an opening port goes back to closed and a closing port 1460 * is simply put into closed state (any further frames from the other 1461 * end will get a DM response) 1462 * 1463 * Some control dlci can stay in ADM mode with other dlci working just 1464 * fine. In that case we can just keep the control dlci open after the 1465 * DLCI_OPENING retries time out. 1466 */ 1467 1468 static void gsm_dlci_t1(struct timer_list *t) 1469 { 1470 struct gsm_dlci *dlci = from_timer(dlci, t, t1); 1471 struct gsm_mux *gsm = dlci->gsm; 1472 1473 switch (dlci->state) { 1474 case DLCI_OPENING: 1475 dlci->retries--; 1476 if (dlci->retries) { 1477 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1478 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1479 } else if (!dlci->addr && gsm->control == (DM | PF)) { 1480 if (debug & 8) 1481 pr_info("DLCI %d opening in ADM mode.\n", 1482 dlci->addr); 1483 dlci->mode = DLCI_MODE_ADM; 1484 gsm_dlci_open(dlci); 1485 } else { 1486 gsm_dlci_close(dlci); 1487 } 1488 1489 break; 1490 case DLCI_CLOSING: 1491 dlci->retries--; 1492 if (dlci->retries) { 1493 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1494 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1495 } else 1496 gsm_dlci_close(dlci); 1497 break; 1498 default: 1499 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 1500 break; 1501 } 1502 } 1503 1504 /** 1505 * gsm_dlci_begin_open - start channel open procedure 1506 * @dlci: DLCI to open 1507 * 1508 * Commence opening a DLCI from the Linux side. We issue SABM messages 1509 * to the modem which should then reply with a UA or ADM, at which point 1510 * we will move into open state. Opening is done asynchronously with retry 1511 * running off timers and the responses. 1512 */ 1513 1514 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 1515 { 1516 struct gsm_mux *gsm = dlci->gsm; 1517 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING) 1518 return; 1519 dlci->retries = gsm->n2; 1520 dlci->state = DLCI_OPENING; 1521 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1522 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1523 } 1524 1525 /** 1526 * gsm_dlci_begin_close - start channel open procedure 1527 * @dlci: DLCI to open 1528 * 1529 * Commence closing a DLCI from the Linux side. We issue DISC messages 1530 * to the modem which should then reply with a UA, at which point we 1531 * will move into closed state. Closing is done asynchronously with retry 1532 * off timers. We may also receive a DM reply from the other end which 1533 * indicates the channel was already closed. 1534 */ 1535 1536 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 1537 { 1538 struct gsm_mux *gsm = dlci->gsm; 1539 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 1540 return; 1541 dlci->retries = gsm->n2; 1542 dlci->state = DLCI_CLOSING; 1543 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1544 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1545 } 1546 1547 /** 1548 * gsm_dlci_data - data arrived 1549 * @dlci: channel 1550 * @data: block of bytes received 1551 * @clen: length of received block 1552 * 1553 * A UI or UIH frame has arrived which contains data for a channel 1554 * other than the control channel. If the relevant virtual tty is 1555 * open we shovel the bits down it, if not we drop them. 1556 */ 1557 1558 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 1559 { 1560 /* krefs .. */ 1561 struct tty_port *port = &dlci->port; 1562 struct tty_struct *tty; 1563 unsigned int modem = 0; 1564 int len = clen; 1565 1566 if (debug & 16) 1567 pr_debug("%d bytes for tty\n", len); 1568 switch (dlci->adaption) { 1569 /* Unsupported types */ 1570 case 4: /* Packetised interruptible data */ 1571 break; 1572 case 3: /* Packetised uininterruptible voice/data */ 1573 break; 1574 case 2: /* Asynchronous serial with line state in each frame */ 1575 while (gsm_read_ea(&modem, *data++) == 0) { 1576 len--; 1577 if (len == 0) 1578 return; 1579 } 1580 tty = tty_port_tty_get(port); 1581 if (tty) { 1582 gsm_process_modem(tty, dlci, modem, clen); 1583 tty_kref_put(tty); 1584 } 1585 fallthrough; 1586 case 1: /* Line state will go via DLCI 0 controls only */ 1587 default: 1588 tty_insert_flip_string(port, data, len); 1589 tty_flip_buffer_push(port); 1590 } 1591 } 1592 1593 /** 1594 * gsm_dlci_control - data arrived on control channel 1595 * @dlci: channel 1596 * @data: block of bytes received 1597 * @len: length of received block 1598 * 1599 * A UI or UIH frame has arrived which contains data for DLCI 0 the 1600 * control channel. This should contain a command EA followed by 1601 * control data bytes. The command EA contains a command/response bit 1602 * and we divide up the work accordingly. 1603 */ 1604 1605 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 1606 { 1607 /* See what command is involved */ 1608 unsigned int command = 0; 1609 while (len-- > 0) { 1610 if (gsm_read_ea(&command, *data++) == 1) { 1611 int clen = *data++; 1612 len--; 1613 /* FIXME: this is properly an EA */ 1614 clen >>= 1; 1615 /* Malformed command ? */ 1616 if (clen > len) 1617 return; 1618 if (command & 1) 1619 gsm_control_message(dlci->gsm, command, 1620 data, clen); 1621 else 1622 gsm_control_response(dlci->gsm, command, 1623 data, clen); 1624 return; 1625 } 1626 } 1627 } 1628 1629 /* 1630 * Allocate/Free DLCI channels 1631 */ 1632 1633 /** 1634 * gsm_dlci_alloc - allocate a DLCI 1635 * @gsm: GSM mux 1636 * @addr: address of the DLCI 1637 * 1638 * Allocate and install a new DLCI object into the GSM mux. 1639 * 1640 * FIXME: review locking races 1641 */ 1642 1643 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 1644 { 1645 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC); 1646 if (dlci == NULL) 1647 return NULL; 1648 spin_lock_init(&dlci->lock); 1649 mutex_init(&dlci->mutex); 1650 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) { 1651 kfree(dlci); 1652 return NULL; 1653 } 1654 1655 skb_queue_head_init(&dlci->skb_list); 1656 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 1657 tty_port_init(&dlci->port); 1658 dlci->port.ops = &gsm_port_ops; 1659 dlci->gsm = gsm; 1660 dlci->addr = addr; 1661 dlci->adaption = gsm->adaption; 1662 dlci->state = DLCI_CLOSED; 1663 if (addr) 1664 dlci->data = gsm_dlci_data; 1665 else 1666 dlci->data = gsm_dlci_command; 1667 gsm->dlci[addr] = dlci; 1668 return dlci; 1669 } 1670 1671 /** 1672 * gsm_dlci_free - free DLCI 1673 * @port: tty port for DLCI to free 1674 * 1675 * Free up a DLCI. 1676 * 1677 * Can sleep. 1678 */ 1679 static void gsm_dlci_free(struct tty_port *port) 1680 { 1681 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 1682 1683 del_timer_sync(&dlci->t1); 1684 dlci->gsm->dlci[dlci->addr] = NULL; 1685 kfifo_free(&dlci->fifo); 1686 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 1687 dev_kfree_skb(dlci->skb); 1688 kfree(dlci); 1689 } 1690 1691 static inline void dlci_get(struct gsm_dlci *dlci) 1692 { 1693 tty_port_get(&dlci->port); 1694 } 1695 1696 static inline void dlci_put(struct gsm_dlci *dlci) 1697 { 1698 tty_port_put(&dlci->port); 1699 } 1700 1701 static void gsm_destroy_network(struct gsm_dlci *dlci); 1702 1703 /** 1704 * gsm_dlci_release - release DLCI 1705 * @dlci: DLCI to destroy 1706 * 1707 * Release a DLCI. Actual free is deferred until either 1708 * mux is closed or tty is closed - whichever is last. 1709 * 1710 * Can sleep. 1711 */ 1712 static void gsm_dlci_release(struct gsm_dlci *dlci) 1713 { 1714 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 1715 if (tty) { 1716 mutex_lock(&dlci->mutex); 1717 gsm_destroy_network(dlci); 1718 mutex_unlock(&dlci->mutex); 1719 1720 tty_hangup(tty); 1721 1722 tty_port_tty_set(&dlci->port, NULL); 1723 tty_kref_put(tty); 1724 } 1725 dlci->state = DLCI_CLOSED; 1726 dlci_put(dlci); 1727 } 1728 1729 /* 1730 * LAPBish link layer logic 1731 */ 1732 1733 /** 1734 * gsm_queue - a GSM frame is ready to process 1735 * @gsm: pointer to our gsm mux 1736 * 1737 * At this point in time a frame has arrived and been demangled from 1738 * the line encoding. All the differences between the encodings have 1739 * been handled below us and the frame is unpacked into the structures. 1740 * The fcs holds the header FCS but any data FCS must be added here. 1741 */ 1742 1743 static void gsm_queue(struct gsm_mux *gsm) 1744 { 1745 struct gsm_dlci *dlci; 1746 u8 cr; 1747 int address; 1748 /* We have to sneak a look at the packet body to do the FCS. 1749 A somewhat layering violation in the spec */ 1750 1751 if ((gsm->control & ~PF) == UI) 1752 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len); 1753 if (gsm->encoding == 0) { 1754 /* WARNING: gsm->received_fcs is used for 1755 gsm->encoding = 0 only. 1756 In this case it contain the last piece of data 1757 required to generate final CRC */ 1758 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); 1759 } 1760 if (gsm->fcs != GOOD_FCS) { 1761 gsm->bad_fcs++; 1762 if (debug & 4) 1763 pr_debug("BAD FCS %02x\n", gsm->fcs); 1764 return; 1765 } 1766 address = gsm->address >> 1; 1767 if (address >= NUM_DLCI) 1768 goto invalid; 1769 1770 cr = gsm->address & 1; /* C/R bit */ 1771 1772 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 1773 1774 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */ 1775 dlci = gsm->dlci[address]; 1776 1777 switch (gsm->control) { 1778 case SABM|PF: 1779 if (cr == 0) 1780 goto invalid; 1781 if (dlci == NULL) 1782 dlci = gsm_dlci_alloc(gsm, address); 1783 if (dlci == NULL) 1784 return; 1785 if (dlci->dead) 1786 gsm_response(gsm, address, DM); 1787 else { 1788 gsm_response(gsm, address, UA); 1789 gsm_dlci_open(dlci); 1790 } 1791 break; 1792 case DISC|PF: 1793 if (cr == 0) 1794 goto invalid; 1795 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 1796 gsm_response(gsm, address, DM); 1797 return; 1798 } 1799 /* Real close complete */ 1800 gsm_response(gsm, address, UA); 1801 gsm_dlci_close(dlci); 1802 break; 1803 case UA: 1804 case UA|PF: 1805 if (cr == 0 || dlci == NULL) 1806 break; 1807 switch (dlci->state) { 1808 case DLCI_CLOSING: 1809 gsm_dlci_close(dlci); 1810 break; 1811 case DLCI_OPENING: 1812 gsm_dlci_open(dlci); 1813 break; 1814 default: 1815 pr_debug("%s: unhandled state: %d\n", __func__, 1816 dlci->state); 1817 break; 1818 } 1819 break; 1820 case DM: /* DM can be valid unsolicited */ 1821 case DM|PF: 1822 if (cr) 1823 goto invalid; 1824 if (dlci == NULL) 1825 return; 1826 gsm_dlci_close(dlci); 1827 break; 1828 case UI: 1829 case UI|PF: 1830 case UIH: 1831 case UIH|PF: 1832 #if 0 1833 if (cr) 1834 goto invalid; 1835 #endif 1836 if (dlci == NULL || dlci->state != DLCI_OPEN) { 1837 gsm_command(gsm, address, DM|PF); 1838 return; 1839 } 1840 dlci->data(dlci, gsm->buf, gsm->len); 1841 break; 1842 default: 1843 goto invalid; 1844 } 1845 return; 1846 invalid: 1847 gsm->malformed++; 1848 return; 1849 } 1850 1851 1852 /** 1853 * gsm0_receive - perform processing for non-transparency 1854 * @gsm: gsm data for this ldisc instance 1855 * @c: character 1856 * 1857 * Receive bytes in gsm mode 0 1858 */ 1859 1860 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c) 1861 { 1862 unsigned int len; 1863 1864 switch (gsm->state) { 1865 case GSM_SEARCH: /* SOF marker */ 1866 if (c == GSM0_SOF) { 1867 gsm->state = GSM_ADDRESS; 1868 gsm->address = 0; 1869 gsm->len = 0; 1870 gsm->fcs = INIT_FCS; 1871 } 1872 break; 1873 case GSM_ADDRESS: /* Address EA */ 1874 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1875 if (gsm_read_ea(&gsm->address, c)) 1876 gsm->state = GSM_CONTROL; 1877 break; 1878 case GSM_CONTROL: /* Control Byte */ 1879 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1880 gsm->control = c; 1881 gsm->state = GSM_LEN0; 1882 break; 1883 case GSM_LEN0: /* Length EA */ 1884 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1885 if (gsm_read_ea(&gsm->len, c)) { 1886 if (gsm->len > gsm->mru) { 1887 gsm->bad_size++; 1888 gsm->state = GSM_SEARCH; 1889 break; 1890 } 1891 gsm->count = 0; 1892 if (!gsm->len) 1893 gsm->state = GSM_FCS; 1894 else 1895 gsm->state = GSM_DATA; 1896 break; 1897 } 1898 gsm->state = GSM_LEN1; 1899 break; 1900 case GSM_LEN1: 1901 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1902 len = c; 1903 gsm->len |= len << 7; 1904 if (gsm->len > gsm->mru) { 1905 gsm->bad_size++; 1906 gsm->state = GSM_SEARCH; 1907 break; 1908 } 1909 gsm->count = 0; 1910 if (!gsm->len) 1911 gsm->state = GSM_FCS; 1912 else 1913 gsm->state = GSM_DATA; 1914 break; 1915 case GSM_DATA: /* Data */ 1916 gsm->buf[gsm->count++] = c; 1917 if (gsm->count == gsm->len) 1918 gsm->state = GSM_FCS; 1919 break; 1920 case GSM_FCS: /* FCS follows the packet */ 1921 gsm->received_fcs = c; 1922 gsm_queue(gsm); 1923 gsm->state = GSM_SSOF; 1924 break; 1925 case GSM_SSOF: 1926 if (c == GSM0_SOF) { 1927 gsm->state = GSM_SEARCH; 1928 break; 1929 } 1930 break; 1931 default: 1932 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 1933 break; 1934 } 1935 } 1936 1937 /** 1938 * gsm1_receive - perform processing for non-transparency 1939 * @gsm: gsm data for this ldisc instance 1940 * @c: character 1941 * 1942 * Receive bytes in mode 1 (Advanced option) 1943 */ 1944 1945 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c) 1946 { 1947 if (c == GSM1_SOF) { 1948 /* EOF is only valid in frame if we have got to the data state 1949 and received at least one byte (the FCS) */ 1950 if (gsm->state == GSM_DATA && gsm->count) { 1951 /* Extract the FCS */ 1952 gsm->count--; 1953 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 1954 gsm->len = gsm->count; 1955 gsm_queue(gsm); 1956 gsm->state = GSM_START; 1957 return; 1958 } 1959 /* Any partial frame was a runt so go back to start */ 1960 if (gsm->state != GSM_START) { 1961 gsm->malformed++; 1962 gsm->state = GSM_START; 1963 } 1964 /* A SOF in GSM_START means we are still reading idling or 1965 framing bytes */ 1966 return; 1967 } 1968 1969 if (c == GSM1_ESCAPE) { 1970 gsm->escape = true; 1971 return; 1972 } 1973 1974 /* Only an unescaped SOF gets us out of GSM search */ 1975 if (gsm->state == GSM_SEARCH) 1976 return; 1977 1978 if (gsm->escape) { 1979 c ^= GSM1_ESCAPE_BITS; 1980 gsm->escape = false; 1981 } 1982 switch (gsm->state) { 1983 case GSM_START: /* First byte after SOF */ 1984 gsm->address = 0; 1985 gsm->state = GSM_ADDRESS; 1986 gsm->fcs = INIT_FCS; 1987 fallthrough; 1988 case GSM_ADDRESS: /* Address continuation */ 1989 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1990 if (gsm_read_ea(&gsm->address, c)) 1991 gsm->state = GSM_CONTROL; 1992 break; 1993 case GSM_CONTROL: /* Control Byte */ 1994 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1995 gsm->control = c; 1996 gsm->count = 0; 1997 gsm->state = GSM_DATA; 1998 break; 1999 case GSM_DATA: /* Data */ 2000 if (gsm->count > gsm->mru) { /* Allow one for the FCS */ 2001 gsm->state = GSM_OVERRUN; 2002 gsm->bad_size++; 2003 } else 2004 gsm->buf[gsm->count++] = c; 2005 break; 2006 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */ 2007 break; 2008 default: 2009 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2010 break; 2011 } 2012 } 2013 2014 /** 2015 * gsm_error - handle tty error 2016 * @gsm: ldisc data 2017 * @data: byte received (may be invalid) 2018 * @flag: error received 2019 * 2020 * Handle an error in the receipt of data for a frame. Currently we just 2021 * go back to hunting for a SOF. 2022 * 2023 * FIXME: better diagnostics ? 2024 */ 2025 2026 static void gsm_error(struct gsm_mux *gsm, 2027 unsigned char data, unsigned char flag) 2028 { 2029 gsm->state = GSM_SEARCH; 2030 gsm->io_error++; 2031 } 2032 2033 static int gsm_disconnect(struct gsm_mux *gsm) 2034 { 2035 struct gsm_dlci *dlci = gsm->dlci[0]; 2036 struct gsm_control *gc; 2037 2038 if (!dlci) 2039 return 0; 2040 2041 /* In theory disconnecting DLCI 0 is sufficient but for some 2042 modems this is apparently not the case. */ 2043 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0); 2044 if (gc) 2045 gsm_control_wait(gsm, gc); 2046 2047 del_timer_sync(&gsm->t2_timer); 2048 /* Now we are sure T2 has stopped */ 2049 2050 gsm_dlci_begin_close(dlci); 2051 wait_event_interruptible(gsm->event, 2052 dlci->state == DLCI_CLOSED); 2053 2054 if (signal_pending(current)) 2055 return -EINTR; 2056 2057 return 0; 2058 } 2059 2060 /** 2061 * gsm_cleanup_mux - generic GSM protocol cleanup 2062 * @gsm: our mux 2063 * 2064 * Clean up the bits of the mux which are the same for all framing 2065 * protocols. Remove the mux from the mux table, stop all the timers 2066 * and then shut down each device hanging up the channels as we go. 2067 */ 2068 2069 static void gsm_cleanup_mux(struct gsm_mux *gsm) 2070 { 2071 int i; 2072 struct gsm_dlci *dlci = gsm->dlci[0]; 2073 struct gsm_msg *txq, *ntxq; 2074 2075 gsm->dead = true; 2076 2077 spin_lock(&gsm_mux_lock); 2078 for (i = 0; i < MAX_MUX; i++) { 2079 if (gsm_mux[i] == gsm) { 2080 gsm_mux[i] = NULL; 2081 break; 2082 } 2083 } 2084 spin_unlock(&gsm_mux_lock); 2085 /* open failed before registering => nothing to do */ 2086 if (i == MAX_MUX) 2087 return; 2088 2089 del_timer_sync(&gsm->t2_timer); 2090 /* Now we are sure T2 has stopped */ 2091 if (dlci) 2092 dlci->dead = true; 2093 2094 /* Free up any link layer users */ 2095 mutex_lock(&gsm->mutex); 2096 for (i = 0; i < NUM_DLCI; i++) 2097 if (gsm->dlci[i]) 2098 gsm_dlci_release(gsm->dlci[i]); 2099 mutex_unlock(&gsm->mutex); 2100 /* Now wipe the queues */ 2101 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list) 2102 kfree(txq); 2103 INIT_LIST_HEAD(&gsm->tx_list); 2104 } 2105 2106 /** 2107 * gsm_activate_mux - generic GSM setup 2108 * @gsm: our mux 2109 * 2110 * Set up the bits of the mux which are the same for all framing 2111 * protocols. Add the mux to the mux table so it can be opened and 2112 * finally kick off connecting to DLCI 0 on the modem. 2113 */ 2114 2115 static int gsm_activate_mux(struct gsm_mux *gsm) 2116 { 2117 struct gsm_dlci *dlci; 2118 int i = 0; 2119 2120 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 2121 init_waitqueue_head(&gsm->event); 2122 spin_lock_init(&gsm->control_lock); 2123 spin_lock_init(&gsm->tx_lock); 2124 2125 if (gsm->encoding == 0) 2126 gsm->receive = gsm0_receive; 2127 else 2128 gsm->receive = gsm1_receive; 2129 2130 spin_lock(&gsm_mux_lock); 2131 for (i = 0; i < MAX_MUX; i++) { 2132 if (gsm_mux[i] == NULL) { 2133 gsm->num = i; 2134 gsm_mux[i] = gsm; 2135 break; 2136 } 2137 } 2138 spin_unlock(&gsm_mux_lock); 2139 if (i == MAX_MUX) 2140 return -EBUSY; 2141 2142 dlci = gsm_dlci_alloc(gsm, 0); 2143 if (dlci == NULL) 2144 return -ENOMEM; 2145 gsm->dead = false; /* Tty opens are now permissible */ 2146 return 0; 2147 } 2148 2149 /** 2150 * gsm_free_mux - free up a mux 2151 * @gsm: mux to free 2152 * 2153 * Dispose of allocated resources for a dead mux 2154 */ 2155 static void gsm_free_mux(struct gsm_mux *gsm) 2156 { 2157 kfree(gsm->txframe); 2158 kfree(gsm->buf); 2159 kfree(gsm); 2160 } 2161 2162 /** 2163 * gsm_free_muxr - free up a mux 2164 * @ref: kreference to the mux to free 2165 * 2166 * Dispose of allocated resources for a dead mux 2167 */ 2168 static void gsm_free_muxr(struct kref *ref) 2169 { 2170 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 2171 gsm_free_mux(gsm); 2172 } 2173 2174 static inline void mux_get(struct gsm_mux *gsm) 2175 { 2176 kref_get(&gsm->ref); 2177 } 2178 2179 static inline void mux_put(struct gsm_mux *gsm) 2180 { 2181 kref_put(&gsm->ref, gsm_free_muxr); 2182 } 2183 2184 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 2185 { 2186 return gsm->num * NUM_DLCI; 2187 } 2188 2189 static inline unsigned int mux_line_to_num(unsigned int line) 2190 { 2191 return line / NUM_DLCI; 2192 } 2193 2194 /** 2195 * gsm_alloc_mux - allocate a mux 2196 * 2197 * Creates a new mux ready for activation. 2198 */ 2199 2200 static struct gsm_mux *gsm_alloc_mux(void) 2201 { 2202 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL); 2203 if (gsm == NULL) 2204 return NULL; 2205 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 2206 if (gsm->buf == NULL) { 2207 kfree(gsm); 2208 return NULL; 2209 } 2210 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL); 2211 if (gsm->txframe == NULL) { 2212 kfree(gsm->buf); 2213 kfree(gsm); 2214 return NULL; 2215 } 2216 spin_lock_init(&gsm->lock); 2217 mutex_init(&gsm->mutex); 2218 kref_init(&gsm->ref); 2219 INIT_LIST_HEAD(&gsm->tx_list); 2220 2221 gsm->t1 = T1; 2222 gsm->t2 = T2; 2223 gsm->n2 = N2; 2224 gsm->ftype = UIH; 2225 gsm->adaption = 1; 2226 gsm->encoding = 1; 2227 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 2228 gsm->mtu = 64; 2229 gsm->dead = true; /* Avoid early tty opens */ 2230 2231 return gsm; 2232 } 2233 2234 static void gsm_copy_config_values(struct gsm_mux *gsm, 2235 struct gsm_config *c) 2236 { 2237 memset(c, 0, sizeof(*c)); 2238 c->adaption = gsm->adaption; 2239 c->encapsulation = gsm->encoding; 2240 c->initiator = gsm->initiator; 2241 c->t1 = gsm->t1; 2242 c->t2 = gsm->t2; 2243 c->t3 = 0; /* Not supported */ 2244 c->n2 = gsm->n2; 2245 if (gsm->ftype == UIH) 2246 c->i = 1; 2247 else 2248 c->i = 2; 2249 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 2250 c->mru = gsm->mru; 2251 c->mtu = gsm->mtu; 2252 c->k = 0; 2253 } 2254 2255 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 2256 { 2257 int need_close = 0; 2258 int need_restart = 0; 2259 2260 /* Stuff we don't support yet - UI or I frame transport, windowing */ 2261 if ((c->adaption != 1 && c->adaption != 2) || c->k) 2262 return -EOPNOTSUPP; 2263 /* Check the MRU/MTU range looks sane */ 2264 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8) 2265 return -EINVAL; 2266 if (c->n2 < 3) 2267 return -EINVAL; 2268 if (c->encapsulation > 1) /* Basic, advanced, no I */ 2269 return -EINVAL; 2270 if (c->initiator > 1) 2271 return -EINVAL; 2272 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 2273 return -EINVAL; 2274 /* 2275 * See what is needed for reconfiguration 2276 */ 2277 2278 /* Timing fields */ 2279 if (c->t1 != 0 && c->t1 != gsm->t1) 2280 need_restart = 1; 2281 if (c->t2 != 0 && c->t2 != gsm->t2) 2282 need_restart = 1; 2283 if (c->encapsulation != gsm->encoding) 2284 need_restart = 1; 2285 if (c->adaption != gsm->adaption) 2286 need_restart = 1; 2287 /* Requires care */ 2288 if (c->initiator != gsm->initiator) 2289 need_close = 1; 2290 if (c->mru != gsm->mru) 2291 need_restart = 1; 2292 if (c->mtu != gsm->mtu) 2293 need_restart = 1; 2294 2295 /* 2296 * Close down what is needed, restart and initiate the new 2297 * configuration 2298 */ 2299 2300 if (need_close || need_restart) { 2301 int ret; 2302 2303 ret = gsm_disconnect(gsm); 2304 2305 if (ret) 2306 return ret; 2307 } 2308 if (need_restart) 2309 gsm_cleanup_mux(gsm); 2310 2311 gsm->initiator = c->initiator; 2312 gsm->mru = c->mru; 2313 gsm->mtu = c->mtu; 2314 gsm->encoding = c->encapsulation; 2315 gsm->adaption = c->adaption; 2316 gsm->n2 = c->n2; 2317 2318 if (c->i == 1) 2319 gsm->ftype = UIH; 2320 else if (c->i == 2) 2321 gsm->ftype = UI; 2322 2323 if (c->t1) 2324 gsm->t1 = c->t1; 2325 if (c->t2) 2326 gsm->t2 = c->t2; 2327 2328 /* 2329 * FIXME: We need to separate activation/deactivation from adding 2330 * and removing from the mux array 2331 */ 2332 if (need_restart) 2333 gsm_activate_mux(gsm); 2334 if (gsm->initiator && need_close) 2335 gsm_dlci_begin_open(gsm->dlci[0]); 2336 return 0; 2337 } 2338 2339 /** 2340 * gsmld_output - write to link 2341 * @gsm: our mux 2342 * @data: bytes to output 2343 * @len: size 2344 * 2345 * Write a block of data from the GSM mux to the data channel. This 2346 * will eventually be serialized from above but at the moment isn't. 2347 */ 2348 2349 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 2350 { 2351 if (tty_write_room(gsm->tty) < len) { 2352 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 2353 return -ENOSPC; 2354 } 2355 if (debug & 4) 2356 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET, 2357 data, len); 2358 gsm->tty->ops->write(gsm->tty, data, len); 2359 return len; 2360 } 2361 2362 /** 2363 * gsmld_attach_gsm - mode set up 2364 * @tty: our tty structure 2365 * @gsm: our mux 2366 * 2367 * Set up the MUX for basic mode and commence connecting to the 2368 * modem. Currently called from the line discipline set up but 2369 * will need moving to an ioctl path. 2370 */ 2371 2372 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2373 { 2374 unsigned int base; 2375 int ret, i; 2376 2377 gsm->tty = tty_kref_get(tty); 2378 ret = gsm_activate_mux(gsm); 2379 if (ret != 0) 2380 tty_kref_put(gsm->tty); 2381 else { 2382 /* Don't register device 0 - this is the control channel and not 2383 a usable tty interface */ 2384 base = mux_num_to_base(gsm); /* Base for this MUX */ 2385 for (i = 1; i < NUM_DLCI; i++) 2386 tty_register_device(gsm_tty_driver, base + i, NULL); 2387 } 2388 return ret; 2389 } 2390 2391 2392 /** 2393 * gsmld_detach_gsm - stop doing 0710 mux 2394 * @tty: tty attached to the mux 2395 * @gsm: mux 2396 * 2397 * Shutdown and then clean up the resources used by the line discipline 2398 */ 2399 2400 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2401 { 2402 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */ 2403 int i; 2404 2405 WARN_ON(tty != gsm->tty); 2406 for (i = 1; i < NUM_DLCI; i++) 2407 tty_unregister_device(gsm_tty_driver, base + i); 2408 gsm_cleanup_mux(gsm); 2409 tty_kref_put(gsm->tty); 2410 gsm->tty = NULL; 2411 } 2412 2413 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp, 2414 char *fp, int count) 2415 { 2416 struct gsm_mux *gsm = tty->disc_data; 2417 const unsigned char *dp; 2418 char *f; 2419 int i; 2420 char flags = TTY_NORMAL; 2421 2422 if (debug & 4) 2423 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET, 2424 cp, count); 2425 2426 for (i = count, dp = cp, f = fp; i; i--, dp++) { 2427 if (f) 2428 flags = *f++; 2429 switch (flags) { 2430 case TTY_NORMAL: 2431 gsm->receive(gsm, *dp); 2432 break; 2433 case TTY_OVERRUN: 2434 case TTY_BREAK: 2435 case TTY_PARITY: 2436 case TTY_FRAME: 2437 gsm_error(gsm, *dp, flags); 2438 break; 2439 default: 2440 WARN_ONCE(1, "%s: unknown flag %d\n", 2441 tty_name(tty), flags); 2442 break; 2443 } 2444 } 2445 /* FASYNC if needed ? */ 2446 /* If clogged call tty_throttle(tty); */ 2447 } 2448 2449 /** 2450 * gsmld_flush_buffer - clean input queue 2451 * @tty: terminal device 2452 * 2453 * Flush the input buffer. Called when the line discipline is 2454 * being closed, when the tty layer wants the buffer flushed (eg 2455 * at hangup). 2456 */ 2457 2458 static void gsmld_flush_buffer(struct tty_struct *tty) 2459 { 2460 } 2461 2462 /** 2463 * gsmld_close - close the ldisc for this tty 2464 * @tty: device 2465 * 2466 * Called from the terminal layer when this line discipline is 2467 * being shut down, either because of a close or becsuse of a 2468 * discipline change. The function will not be called while other 2469 * ldisc methods are in progress. 2470 */ 2471 2472 static void gsmld_close(struct tty_struct *tty) 2473 { 2474 struct gsm_mux *gsm = tty->disc_data; 2475 2476 gsmld_detach_gsm(tty, gsm); 2477 2478 gsmld_flush_buffer(tty); 2479 /* Do other clean up here */ 2480 mux_put(gsm); 2481 } 2482 2483 /** 2484 * gsmld_open - open an ldisc 2485 * @tty: terminal to open 2486 * 2487 * Called when this line discipline is being attached to the 2488 * terminal device. Can sleep. Called serialized so that no 2489 * other events will occur in parallel. No further open will occur 2490 * until a close. 2491 */ 2492 2493 static int gsmld_open(struct tty_struct *tty) 2494 { 2495 struct gsm_mux *gsm; 2496 int ret; 2497 2498 if (tty->ops->write == NULL) 2499 return -EINVAL; 2500 2501 /* Attach our ldisc data */ 2502 gsm = gsm_alloc_mux(); 2503 if (gsm == NULL) 2504 return -ENOMEM; 2505 2506 tty->disc_data = gsm; 2507 tty->receive_room = 65536; 2508 2509 /* Attach the initial passive connection */ 2510 gsm->encoding = 1; 2511 2512 ret = gsmld_attach_gsm(tty, gsm); 2513 if (ret != 0) { 2514 gsm_cleanup_mux(gsm); 2515 mux_put(gsm); 2516 } 2517 return ret; 2518 } 2519 2520 /** 2521 * gsmld_write_wakeup - asynchronous I/O notifier 2522 * @tty: tty device 2523 * 2524 * Required for the ptys, serial driver etc. since processes 2525 * that attach themselves to the master and rely on ASYNC 2526 * IO must be woken up 2527 */ 2528 2529 static void gsmld_write_wakeup(struct tty_struct *tty) 2530 { 2531 struct gsm_mux *gsm = tty->disc_data; 2532 unsigned long flags; 2533 2534 /* Queue poll */ 2535 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2536 spin_lock_irqsave(&gsm->tx_lock, flags); 2537 gsm_data_kick(gsm, NULL); 2538 if (gsm->tx_bytes < TX_THRESH_LO) { 2539 gsm_dlci_data_sweep(gsm); 2540 } 2541 spin_unlock_irqrestore(&gsm->tx_lock, flags); 2542 } 2543 2544 /** 2545 * gsmld_read - read function for tty 2546 * @tty: tty device 2547 * @file: file object 2548 * @buf: userspace buffer pointer 2549 * @nr: size of I/O 2550 * 2551 * Perform reads for the line discipline. We are guaranteed that the 2552 * line discipline will not be closed under us but we may get multiple 2553 * parallel readers and must handle this ourselves. We may also get 2554 * a hangup. Always called in user context, may sleep. 2555 * 2556 * This code must be sure never to sleep through a hangup. 2557 */ 2558 2559 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, 2560 unsigned char __user *buf, size_t nr) 2561 { 2562 return -EOPNOTSUPP; 2563 } 2564 2565 /** 2566 * gsmld_write - write function for tty 2567 * @tty: tty device 2568 * @file: file object 2569 * @buf: userspace buffer pointer 2570 * @nr: size of I/O 2571 * 2572 * Called when the owner of the device wants to send a frame 2573 * itself (or some other control data). The data is transferred 2574 * as-is and must be properly framed and checksummed as appropriate 2575 * by userspace. Frames are either sent whole or not at all as this 2576 * avoids pain user side. 2577 */ 2578 2579 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 2580 const unsigned char *buf, size_t nr) 2581 { 2582 int space = tty_write_room(tty); 2583 if (space >= nr) 2584 return tty->ops->write(tty, buf, nr); 2585 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2586 return -ENOBUFS; 2587 } 2588 2589 /** 2590 * gsmld_poll - poll method for N_GSM0710 2591 * @tty: terminal device 2592 * @file: file accessing it 2593 * @wait: poll table 2594 * 2595 * Called when the line discipline is asked to poll() for data or 2596 * for special events. This code is not serialized with respect to 2597 * other events save open/close. 2598 * 2599 * This code must be sure never to sleep through a hangup. 2600 * Called without the kernel lock held - fine 2601 */ 2602 2603 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 2604 poll_table *wait) 2605 { 2606 __poll_t mask = 0; 2607 struct gsm_mux *gsm = tty->disc_data; 2608 2609 poll_wait(file, &tty->read_wait, wait); 2610 poll_wait(file, &tty->write_wait, wait); 2611 if (tty_hung_up_p(file)) 2612 mask |= EPOLLHUP; 2613 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 2614 mask |= EPOLLOUT | EPOLLWRNORM; 2615 if (gsm->dead) 2616 mask |= EPOLLHUP; 2617 return mask; 2618 } 2619 2620 static int gsmld_ioctl(struct tty_struct *tty, struct file *file, 2621 unsigned int cmd, unsigned long arg) 2622 { 2623 struct gsm_config c; 2624 struct gsm_mux *gsm = tty->disc_data; 2625 unsigned int base; 2626 2627 switch (cmd) { 2628 case GSMIOC_GETCONF: 2629 gsm_copy_config_values(gsm, &c); 2630 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 2631 return -EFAULT; 2632 return 0; 2633 case GSMIOC_SETCONF: 2634 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 2635 return -EFAULT; 2636 return gsm_config(gsm, &c); 2637 case GSMIOC_GETFIRST: 2638 base = mux_num_to_base(gsm); 2639 return put_user(base + 1, (__u32 __user *)arg); 2640 default: 2641 return n_tty_ioctl_helper(tty, file, cmd, arg); 2642 } 2643 } 2644 2645 /* 2646 * Network interface 2647 * 2648 */ 2649 2650 static int gsm_mux_net_open(struct net_device *net) 2651 { 2652 pr_debug("%s called\n", __func__); 2653 netif_start_queue(net); 2654 return 0; 2655 } 2656 2657 static int gsm_mux_net_close(struct net_device *net) 2658 { 2659 netif_stop_queue(net); 2660 return 0; 2661 } 2662 2663 static void dlci_net_free(struct gsm_dlci *dlci) 2664 { 2665 if (!dlci->net) { 2666 WARN_ON(1); 2667 return; 2668 } 2669 dlci->adaption = dlci->prev_adaption; 2670 dlci->data = dlci->prev_data; 2671 free_netdev(dlci->net); 2672 dlci->net = NULL; 2673 } 2674 static void net_free(struct kref *ref) 2675 { 2676 struct gsm_mux_net *mux_net; 2677 struct gsm_dlci *dlci; 2678 2679 mux_net = container_of(ref, struct gsm_mux_net, ref); 2680 dlci = mux_net->dlci; 2681 2682 if (dlci->net) { 2683 unregister_netdev(dlci->net); 2684 dlci_net_free(dlci); 2685 } 2686 } 2687 2688 static inline void muxnet_get(struct gsm_mux_net *mux_net) 2689 { 2690 kref_get(&mux_net->ref); 2691 } 2692 2693 static inline void muxnet_put(struct gsm_mux_net *mux_net) 2694 { 2695 kref_put(&mux_net->ref, net_free); 2696 } 2697 2698 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 2699 struct net_device *net) 2700 { 2701 struct gsm_mux_net *mux_net = netdev_priv(net); 2702 struct gsm_dlci *dlci = mux_net->dlci; 2703 muxnet_get(mux_net); 2704 2705 skb_queue_head(&dlci->skb_list, skb); 2706 net->stats.tx_packets++; 2707 net->stats.tx_bytes += skb->len; 2708 gsm_dlci_data_kick(dlci); 2709 /* And tell the kernel when the last transmit started. */ 2710 netif_trans_update(net); 2711 muxnet_put(mux_net); 2712 return NETDEV_TX_OK; 2713 } 2714 2715 /* called when a packet did not ack after watchdogtimeout */ 2716 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 2717 { 2718 /* Tell syslog we are hosed. */ 2719 dev_dbg(&net->dev, "Tx timed out.\n"); 2720 2721 /* Update statistics */ 2722 net->stats.tx_errors++; 2723 } 2724 2725 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, 2726 const unsigned char *in_buf, int size) 2727 { 2728 struct net_device *net = dlci->net; 2729 struct sk_buff *skb; 2730 struct gsm_mux_net *mux_net = netdev_priv(net); 2731 muxnet_get(mux_net); 2732 2733 /* Allocate an sk_buff */ 2734 skb = dev_alloc_skb(size + NET_IP_ALIGN); 2735 if (!skb) { 2736 /* We got no receive buffer. */ 2737 net->stats.rx_dropped++; 2738 muxnet_put(mux_net); 2739 return; 2740 } 2741 skb_reserve(skb, NET_IP_ALIGN); 2742 skb_put_data(skb, in_buf, size); 2743 2744 skb->dev = net; 2745 skb->protocol = htons(ETH_P_IP); 2746 2747 /* Ship it off to the kernel */ 2748 netif_rx(skb); 2749 2750 /* update out statistics */ 2751 net->stats.rx_packets++; 2752 net->stats.rx_bytes += size; 2753 muxnet_put(mux_net); 2754 return; 2755 } 2756 2757 static void gsm_mux_net_init(struct net_device *net) 2758 { 2759 static const struct net_device_ops gsm_netdev_ops = { 2760 .ndo_open = gsm_mux_net_open, 2761 .ndo_stop = gsm_mux_net_close, 2762 .ndo_start_xmit = gsm_mux_net_start_xmit, 2763 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 2764 }; 2765 2766 net->netdev_ops = &gsm_netdev_ops; 2767 2768 /* fill in the other fields */ 2769 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 2770 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 2771 net->type = ARPHRD_NONE; 2772 net->tx_queue_len = 10; 2773 } 2774 2775 2776 /* caller holds the dlci mutex */ 2777 static void gsm_destroy_network(struct gsm_dlci *dlci) 2778 { 2779 struct gsm_mux_net *mux_net; 2780 2781 pr_debug("destroy network interface\n"); 2782 if (!dlci->net) 2783 return; 2784 mux_net = netdev_priv(dlci->net); 2785 muxnet_put(mux_net); 2786 } 2787 2788 2789 /* caller holds the dlci mutex */ 2790 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 2791 { 2792 char *netname; 2793 int retval = 0; 2794 struct net_device *net; 2795 struct gsm_mux_net *mux_net; 2796 2797 if (!capable(CAP_NET_ADMIN)) 2798 return -EPERM; 2799 2800 /* Already in a non tty mode */ 2801 if (dlci->adaption > 2) 2802 return -EBUSY; 2803 2804 if (nc->protocol != htons(ETH_P_IP)) 2805 return -EPROTONOSUPPORT; 2806 2807 if (nc->adaption != 3 && nc->adaption != 4) 2808 return -EPROTONOSUPPORT; 2809 2810 pr_debug("create network interface\n"); 2811 2812 netname = "gsm%d"; 2813 if (nc->if_name[0] != '\0') 2814 netname = nc->if_name; 2815 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 2816 NET_NAME_UNKNOWN, gsm_mux_net_init); 2817 if (!net) { 2818 pr_err("alloc_netdev failed\n"); 2819 return -ENOMEM; 2820 } 2821 net->mtu = dlci->gsm->mtu; 2822 net->min_mtu = 8; 2823 net->max_mtu = dlci->gsm->mtu; 2824 mux_net = netdev_priv(net); 2825 mux_net->dlci = dlci; 2826 kref_init(&mux_net->ref); 2827 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */ 2828 2829 /* reconfigure dlci for network */ 2830 dlci->prev_adaption = dlci->adaption; 2831 dlci->prev_data = dlci->data; 2832 dlci->adaption = nc->adaption; 2833 dlci->data = gsm_mux_rx_netchar; 2834 dlci->net = net; 2835 2836 pr_debug("register netdev\n"); 2837 retval = register_netdev(net); 2838 if (retval) { 2839 pr_err("network register fail %d\n", retval); 2840 dlci_net_free(dlci); 2841 return retval; 2842 } 2843 return net->ifindex; /* return network index */ 2844 } 2845 2846 /* Line discipline for real tty */ 2847 static struct tty_ldisc_ops tty_ldisc_packet = { 2848 .owner = THIS_MODULE, 2849 .magic = TTY_LDISC_MAGIC, 2850 .name = "n_gsm", 2851 .open = gsmld_open, 2852 .close = gsmld_close, 2853 .flush_buffer = gsmld_flush_buffer, 2854 .read = gsmld_read, 2855 .write = gsmld_write, 2856 .ioctl = gsmld_ioctl, 2857 .poll = gsmld_poll, 2858 .receive_buf = gsmld_receive_buf, 2859 .write_wakeup = gsmld_write_wakeup 2860 }; 2861 2862 /* 2863 * Virtual tty side 2864 */ 2865 2866 #define TX_SIZE 512 2867 2868 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) 2869 { 2870 u8 modembits[5]; 2871 struct gsm_control *ctrl; 2872 int len = 2; 2873 2874 if (brk) 2875 len++; 2876 2877 modembits[0] = len << 1 | EA; /* Data bytes */ 2878 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */ 2879 modembits[2] = gsm_encode_modem(dlci) << 1 | EA; 2880 if (brk) 2881 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */ 2882 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1); 2883 if (ctrl == NULL) 2884 return -ENOMEM; 2885 return gsm_control_wait(dlci->gsm, ctrl); 2886 } 2887 2888 static int gsm_carrier_raised(struct tty_port *port) 2889 { 2890 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2891 struct gsm_mux *gsm = dlci->gsm; 2892 2893 /* Not yet open so no carrier info */ 2894 if (dlci->state != DLCI_OPEN) 2895 return 0; 2896 if (debug & 2) 2897 return 1; 2898 2899 /* 2900 * Basic mode with control channel in ADM mode may not respond 2901 * to CMD_MSC at all and modem_rx is empty. 2902 */ 2903 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM && 2904 !dlci->modem_rx) 2905 return 1; 2906 2907 return dlci->modem_rx & TIOCM_CD; 2908 } 2909 2910 static void gsm_dtr_rts(struct tty_port *port, int onoff) 2911 { 2912 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2913 unsigned int modem_tx = dlci->modem_tx; 2914 if (onoff) 2915 modem_tx |= TIOCM_DTR | TIOCM_RTS; 2916 else 2917 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 2918 if (modem_tx != dlci->modem_tx) { 2919 dlci->modem_tx = modem_tx; 2920 gsmtty_modem_update(dlci, 0); 2921 } 2922 } 2923 2924 static const struct tty_port_operations gsm_port_ops = { 2925 .carrier_raised = gsm_carrier_raised, 2926 .dtr_rts = gsm_dtr_rts, 2927 .destruct = gsm_dlci_free, 2928 }; 2929 2930 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 2931 { 2932 struct gsm_mux *gsm; 2933 struct gsm_dlci *dlci; 2934 unsigned int line = tty->index; 2935 unsigned int mux = mux_line_to_num(line); 2936 bool alloc = false; 2937 int ret; 2938 2939 line = line & 0x3F; 2940 2941 if (mux >= MAX_MUX) 2942 return -ENXIO; 2943 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 2944 if (gsm_mux[mux] == NULL) 2945 return -EUNATCH; 2946 if (line == 0 || line > 61) /* 62/63 reserved */ 2947 return -ECHRNG; 2948 gsm = gsm_mux[mux]; 2949 if (gsm->dead) 2950 return -EL2HLT; 2951 /* If DLCI 0 is not yet fully open return an error. 2952 This is ok from a locking 2953 perspective as we don't have to worry about this 2954 if DLCI0 is lost */ 2955 mutex_lock(&gsm->mutex); 2956 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) { 2957 mutex_unlock(&gsm->mutex); 2958 return -EL2NSYNC; 2959 } 2960 dlci = gsm->dlci[line]; 2961 if (dlci == NULL) { 2962 alloc = true; 2963 dlci = gsm_dlci_alloc(gsm, line); 2964 } 2965 if (dlci == NULL) { 2966 mutex_unlock(&gsm->mutex); 2967 return -ENOMEM; 2968 } 2969 ret = tty_port_install(&dlci->port, driver, tty); 2970 if (ret) { 2971 if (alloc) 2972 dlci_put(dlci); 2973 mutex_unlock(&gsm->mutex); 2974 return ret; 2975 } 2976 2977 dlci_get(dlci); 2978 dlci_get(gsm->dlci[0]); 2979 mux_get(gsm); 2980 tty->driver_data = dlci; 2981 mutex_unlock(&gsm->mutex); 2982 2983 return 0; 2984 } 2985 2986 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 2987 { 2988 struct gsm_dlci *dlci = tty->driver_data; 2989 struct tty_port *port = &dlci->port; 2990 2991 port->count++; 2992 tty_port_tty_set(port, tty); 2993 2994 dlci->modem_rx = 0; 2995 /* We could in theory open and close before we wait - eg if we get 2996 a DM straight back. This is ok as that will have caused a hangup */ 2997 tty_port_set_initialized(port, 1); 2998 /* Start sending off SABM messages */ 2999 gsm_dlci_begin_open(dlci); 3000 /* And wait for virtual carrier */ 3001 return tty_port_block_til_ready(port, tty, filp); 3002 } 3003 3004 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 3005 { 3006 struct gsm_dlci *dlci = tty->driver_data; 3007 3008 if (dlci == NULL) 3009 return; 3010 if (dlci->state == DLCI_CLOSED) 3011 return; 3012 mutex_lock(&dlci->mutex); 3013 gsm_destroy_network(dlci); 3014 mutex_unlock(&dlci->mutex); 3015 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 3016 return; 3017 gsm_dlci_begin_close(dlci); 3018 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 3019 tty_port_lower_dtr_rts(&dlci->port); 3020 tty_port_close_end(&dlci->port, tty); 3021 tty_port_tty_set(&dlci->port, NULL); 3022 return; 3023 } 3024 3025 static void gsmtty_hangup(struct tty_struct *tty) 3026 { 3027 struct gsm_dlci *dlci = tty->driver_data; 3028 if (dlci->state == DLCI_CLOSED) 3029 return; 3030 tty_port_hangup(&dlci->port); 3031 gsm_dlci_begin_close(dlci); 3032 } 3033 3034 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, 3035 int len) 3036 { 3037 int sent; 3038 struct gsm_dlci *dlci = tty->driver_data; 3039 if (dlci->state == DLCI_CLOSED) 3040 return -EINVAL; 3041 /* Stuff the bytes into the fifo queue */ 3042 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 3043 /* Need to kick the channel */ 3044 gsm_dlci_data_kick(dlci); 3045 return sent; 3046 } 3047 3048 static int gsmtty_write_room(struct tty_struct *tty) 3049 { 3050 struct gsm_dlci *dlci = tty->driver_data; 3051 if (dlci->state == DLCI_CLOSED) 3052 return -EINVAL; 3053 return TX_SIZE - kfifo_len(&dlci->fifo); 3054 } 3055 3056 static int gsmtty_chars_in_buffer(struct tty_struct *tty) 3057 { 3058 struct gsm_dlci *dlci = tty->driver_data; 3059 if (dlci->state == DLCI_CLOSED) 3060 return -EINVAL; 3061 return kfifo_len(&dlci->fifo); 3062 } 3063 3064 static void gsmtty_flush_buffer(struct tty_struct *tty) 3065 { 3066 struct gsm_dlci *dlci = tty->driver_data; 3067 if (dlci->state == DLCI_CLOSED) 3068 return; 3069 /* Caution needed: If we implement reliable transport classes 3070 then the data being transmitted can't simply be junked once 3071 it has first hit the stack. Until then we can just blow it 3072 away */ 3073 kfifo_reset(&dlci->fifo); 3074 /* Need to unhook this DLCI from the transmit queue logic */ 3075 } 3076 3077 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 3078 { 3079 /* The FIFO handles the queue so the kernel will do the right 3080 thing waiting on chars_in_buffer before calling us. No work 3081 to do here */ 3082 } 3083 3084 static int gsmtty_tiocmget(struct tty_struct *tty) 3085 { 3086 struct gsm_dlci *dlci = tty->driver_data; 3087 if (dlci->state == DLCI_CLOSED) 3088 return -EINVAL; 3089 return dlci->modem_rx; 3090 } 3091 3092 static int gsmtty_tiocmset(struct tty_struct *tty, 3093 unsigned int set, unsigned int clear) 3094 { 3095 struct gsm_dlci *dlci = tty->driver_data; 3096 unsigned int modem_tx = dlci->modem_tx; 3097 3098 if (dlci->state == DLCI_CLOSED) 3099 return -EINVAL; 3100 modem_tx &= ~clear; 3101 modem_tx |= set; 3102 3103 if (modem_tx != dlci->modem_tx) { 3104 dlci->modem_tx = modem_tx; 3105 return gsmtty_modem_update(dlci, 0); 3106 } 3107 return 0; 3108 } 3109 3110 3111 static int gsmtty_ioctl(struct tty_struct *tty, 3112 unsigned int cmd, unsigned long arg) 3113 { 3114 struct gsm_dlci *dlci = tty->driver_data; 3115 struct gsm_netconfig nc; 3116 int index; 3117 3118 if (dlci->state == DLCI_CLOSED) 3119 return -EINVAL; 3120 switch (cmd) { 3121 case GSMIOC_ENABLE_NET: 3122 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 3123 return -EFAULT; 3124 nc.if_name[IFNAMSIZ-1] = '\0'; 3125 /* return net interface index or error code */ 3126 mutex_lock(&dlci->mutex); 3127 index = gsm_create_network(dlci, &nc); 3128 mutex_unlock(&dlci->mutex); 3129 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 3130 return -EFAULT; 3131 return index; 3132 case GSMIOC_DISABLE_NET: 3133 if (!capable(CAP_NET_ADMIN)) 3134 return -EPERM; 3135 mutex_lock(&dlci->mutex); 3136 gsm_destroy_network(dlci); 3137 mutex_unlock(&dlci->mutex); 3138 return 0; 3139 default: 3140 return -ENOIOCTLCMD; 3141 } 3142 } 3143 3144 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) 3145 { 3146 struct gsm_dlci *dlci = tty->driver_data; 3147 if (dlci->state == DLCI_CLOSED) 3148 return; 3149 /* For the moment its fixed. In actual fact the speed information 3150 for the virtual channel can be propogated in both directions by 3151 the RPN control message. This however rapidly gets nasty as we 3152 then have to remap modem signals each way according to whether 3153 our virtual cable is null modem etc .. */ 3154 tty_termios_copy_hw(&tty->termios, old); 3155 } 3156 3157 static void gsmtty_throttle(struct tty_struct *tty) 3158 { 3159 struct gsm_dlci *dlci = tty->driver_data; 3160 if (dlci->state == DLCI_CLOSED) 3161 return; 3162 if (C_CRTSCTS(tty)) 3163 dlci->modem_tx &= ~TIOCM_DTR; 3164 dlci->throttled = true; 3165 /* Send an MSC with DTR cleared */ 3166 gsmtty_modem_update(dlci, 0); 3167 } 3168 3169 static void gsmtty_unthrottle(struct tty_struct *tty) 3170 { 3171 struct gsm_dlci *dlci = tty->driver_data; 3172 if (dlci->state == DLCI_CLOSED) 3173 return; 3174 if (C_CRTSCTS(tty)) 3175 dlci->modem_tx |= TIOCM_DTR; 3176 dlci->throttled = false; 3177 /* Send an MSC with DTR set */ 3178 gsmtty_modem_update(dlci, 0); 3179 } 3180 3181 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 3182 { 3183 struct gsm_dlci *dlci = tty->driver_data; 3184 int encode = 0; /* Off */ 3185 if (dlci->state == DLCI_CLOSED) 3186 return -EINVAL; 3187 3188 if (state == -1) /* "On indefinitely" - we can't encode this 3189 properly */ 3190 encode = 0x0F; 3191 else if (state > 0) { 3192 encode = state / 200; /* mS to encoding */ 3193 if (encode > 0x0F) 3194 encode = 0x0F; /* Best effort */ 3195 } 3196 return gsmtty_modem_update(dlci, encode); 3197 } 3198 3199 static void gsmtty_cleanup(struct tty_struct *tty) 3200 { 3201 struct gsm_dlci *dlci = tty->driver_data; 3202 struct gsm_mux *gsm = dlci->gsm; 3203 3204 dlci_put(dlci); 3205 dlci_put(gsm->dlci[0]); 3206 mux_put(gsm); 3207 } 3208 3209 /* Virtual ttys for the demux */ 3210 static const struct tty_operations gsmtty_ops = { 3211 .install = gsmtty_install, 3212 .open = gsmtty_open, 3213 .close = gsmtty_close, 3214 .write = gsmtty_write, 3215 .write_room = gsmtty_write_room, 3216 .chars_in_buffer = gsmtty_chars_in_buffer, 3217 .flush_buffer = gsmtty_flush_buffer, 3218 .ioctl = gsmtty_ioctl, 3219 .throttle = gsmtty_throttle, 3220 .unthrottle = gsmtty_unthrottle, 3221 .set_termios = gsmtty_set_termios, 3222 .hangup = gsmtty_hangup, 3223 .wait_until_sent = gsmtty_wait_until_sent, 3224 .tiocmget = gsmtty_tiocmget, 3225 .tiocmset = gsmtty_tiocmset, 3226 .break_ctl = gsmtty_break_ctl, 3227 .cleanup = gsmtty_cleanup, 3228 }; 3229 3230 3231 3232 static int __init gsm_init(void) 3233 { 3234 /* Fill in our line protocol discipline, and register it */ 3235 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet); 3236 if (status != 0) { 3237 pr_err("n_gsm: can't register line discipline (err = %d)\n", 3238 status); 3239 return status; 3240 } 3241 3242 gsm_tty_driver = alloc_tty_driver(256); 3243 if (!gsm_tty_driver) { 3244 tty_unregister_ldisc(N_GSM0710); 3245 pr_err("gsm_init: tty allocation failed.\n"); 3246 return -EINVAL; 3247 } 3248 gsm_tty_driver->driver_name = "gsmtty"; 3249 gsm_tty_driver->name = "gsmtty"; 3250 gsm_tty_driver->major = 0; /* Dynamic */ 3251 gsm_tty_driver->minor_start = 0; 3252 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 3253 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 3254 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV 3255 | TTY_DRIVER_HARDWARE_BREAK; 3256 gsm_tty_driver->init_termios = tty_std_termios; 3257 /* Fixme */ 3258 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 3259 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 3260 3261 spin_lock_init(&gsm_mux_lock); 3262 3263 if (tty_register_driver(gsm_tty_driver)) { 3264 put_tty_driver(gsm_tty_driver); 3265 tty_unregister_ldisc(N_GSM0710); 3266 pr_err("gsm_init: tty registration failed.\n"); 3267 return -EBUSY; 3268 } 3269 pr_debug("gsm_init: loaded as %d,%d.\n", 3270 gsm_tty_driver->major, gsm_tty_driver->minor_start); 3271 return 0; 3272 } 3273 3274 static void __exit gsm_exit(void) 3275 { 3276 int status = tty_unregister_ldisc(N_GSM0710); 3277 if (status != 0) 3278 pr_err("n_gsm: can't unregister line discipline (err = %d)\n", 3279 status); 3280 tty_unregister_driver(gsm_tty_driver); 3281 put_tty_driver(gsm_tty_driver); 3282 } 3283 3284 module_init(gsm_init); 3285 module_exit(gsm_exit); 3286 3287 3288 MODULE_LICENSE("GPL"); 3289 MODULE_ALIAS_LDISC(N_GSM0710); 3290