1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 7 * 8 * TO DO: 9 * Mostly done: ioctls for setting modes/timing 10 * Partly done: hooks so you can pull off frames to non tty devs 11 * Restart DLCI 0 when it closes ? 12 * Improve the tx engine 13 * Resolve tx side locking by adding a queue_head and routing 14 * all control traffic via it 15 * General tidy/document 16 * Review the locking/move to refcounts more (mux now moved to an 17 * alloc/free model ready) 18 * Use newest tty open/close port helpers and install hooks 19 * What to do about power functions ? 20 * Termios setting and negotiation 21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 22 * 23 */ 24 25 #include <linux/types.h> 26 #include <linux/major.h> 27 #include <linux/errno.h> 28 #include <linux/signal.h> 29 #include <linux/fcntl.h> 30 #include <linux/sched/signal.h> 31 #include <linux/interrupt.h> 32 #include <linux/tty.h> 33 #include <linux/ctype.h> 34 #include <linux/mm.h> 35 #include <linux/string.h> 36 #include <linux/slab.h> 37 #include <linux/poll.h> 38 #include <linux/bitops.h> 39 #include <linux/file.h> 40 #include <linux/uaccess.h> 41 #include <linux/module.h> 42 #include <linux/timer.h> 43 #include <linux/tty_flip.h> 44 #include <linux/tty_driver.h> 45 #include <linux/serial.h> 46 #include <linux/kfifo.h> 47 #include <linux/skbuff.h> 48 #include <net/arp.h> 49 #include <linux/ip.h> 50 #include <linux/netdevice.h> 51 #include <linux/etherdevice.h> 52 #include <linux/gsmmux.h> 53 54 static int debug; 55 module_param(debug, int, 0600); 56 57 /* Defaults: these are from the specification */ 58 59 #define T1 10 /* 100mS */ 60 #define T2 34 /* 333mS */ 61 #define N2 3 /* Retry 3 times */ 62 63 /* Use long timers for testing at low speed with debug on */ 64 #ifdef DEBUG_TIMING 65 #define T1 100 66 #define T2 200 67 #endif 68 69 /* 70 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 71 * limits so this is plenty 72 */ 73 #define MAX_MRU 1500 74 #define MAX_MTU 1500 75 #define GSM_NET_TX_TIMEOUT (HZ*10) 76 77 /** 78 * struct gsm_mux_net - network interface 79 * @struct gsm_dlci* dlci 80 * 81 * Created when net interface is initialized. 82 **/ 83 struct gsm_mux_net { 84 struct kref ref; 85 struct gsm_dlci *dlci; 86 }; 87 88 /* 89 * Each block of data we have queued to go out is in the form of 90 * a gsm_msg which holds everything we need in a link layer independent 91 * format 92 */ 93 94 struct gsm_msg { 95 struct list_head list; 96 u8 addr; /* DLCI address + flags */ 97 u8 ctrl; /* Control byte + flags */ 98 unsigned int len; /* Length of data block (can be zero) */ 99 unsigned char *data; /* Points into buffer but not at the start */ 100 unsigned char buffer[]; 101 }; 102 103 enum gsm_dlci_state { 104 DLCI_CLOSED, 105 DLCI_OPENING, /* Sending SABM not seen UA */ 106 DLCI_OPEN, /* SABM/UA complete */ 107 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 108 }; 109 110 enum gsm_dlci_mode { 111 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 112 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 113 }; 114 115 /* 116 * Each active data link has a gsm_dlci structure associated which ties 117 * the link layer to an optional tty (if the tty side is open). To avoid 118 * complexity right now these are only ever freed up when the mux is 119 * shut down. 120 * 121 * At the moment we don't free DLCI objects until the mux is torn down 122 * this avoid object life time issues but might be worth review later. 123 */ 124 125 struct gsm_dlci { 126 struct gsm_mux *gsm; 127 int addr; 128 enum gsm_dlci_state state; 129 struct mutex mutex; 130 131 /* Link layer */ 132 enum gsm_dlci_mode mode; 133 spinlock_t lock; /* Protects the internal state */ 134 struct timer_list t1; /* Retransmit timer for SABM and UA */ 135 int retries; 136 /* Uplink tty if active */ 137 struct tty_port port; /* The tty bound to this DLCI if there is one */ 138 struct kfifo fifo; /* Queue fifo for the DLCI */ 139 int adaption; /* Adaption layer in use */ 140 int prev_adaption; 141 u32 modem_rx; /* Our incoming virtual modem lines */ 142 u32 modem_tx; /* Our outgoing modem lines */ 143 bool dead; /* Refuse re-open */ 144 /* Flow control */ 145 bool throttled; /* Private copy of throttle state */ 146 bool constipated; /* Throttle status for outgoing */ 147 /* Packetised I/O */ 148 struct sk_buff *skb; /* Frame being sent */ 149 struct sk_buff_head skb_list; /* Queued frames */ 150 /* Data handling callback */ 151 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 152 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 153 struct net_device *net; /* network interface, if created */ 154 }; 155 156 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 157 158 #define NUM_DLCI 64 159 160 /* 161 * DLCI 0 is used to pass control blocks out of band of the data 162 * flow (and with a higher link priority). One command can be outstanding 163 * at a time and we use this structure to manage them. They are created 164 * and destroyed by the user context, and updated by the receive paths 165 * and timers 166 */ 167 168 struct gsm_control { 169 u8 cmd; /* Command we are issuing */ 170 u8 *data; /* Data for the command in case we retransmit */ 171 int len; /* Length of block for retransmission */ 172 int done; /* Done flag */ 173 int error; /* Error if any */ 174 }; 175 176 enum gsm_mux_state { 177 GSM_SEARCH, 178 GSM_START, 179 GSM_ADDRESS, 180 GSM_CONTROL, 181 GSM_LEN, 182 GSM_DATA, 183 GSM_FCS, 184 GSM_OVERRUN, 185 GSM_LEN0, 186 GSM_LEN1, 187 GSM_SSOF, 188 }; 189 190 /* 191 * Each GSM mux we have is represented by this structure. If we are 192 * operating as an ldisc then we use this structure as our ldisc 193 * state. We need to sort out lifetimes and locking with respect 194 * to the gsm mux array. For now we don't free DLCI objects that 195 * have been instantiated until the mux itself is terminated. 196 * 197 * To consider further: tty open versus mux shutdown. 198 */ 199 200 struct gsm_mux { 201 struct tty_struct *tty; /* The tty our ldisc is bound to */ 202 spinlock_t lock; 203 struct mutex mutex; 204 unsigned int num; 205 struct kref ref; 206 207 /* Events on the GSM channel */ 208 wait_queue_head_t event; 209 210 /* Bits for GSM mode decoding */ 211 212 /* Framing Layer */ 213 unsigned char *buf; 214 enum gsm_mux_state state; 215 unsigned int len; 216 unsigned int address; 217 unsigned int count; 218 bool escape; 219 int encoding; 220 u8 control; 221 u8 fcs; 222 u8 received_fcs; 223 u8 *txframe; /* TX framing buffer */ 224 225 /* Methods for the receiver side */ 226 void (*receive)(struct gsm_mux *gsm, u8 ch); 227 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag); 228 /* And transmit side */ 229 int (*output)(struct gsm_mux *mux, u8 *data, int len); 230 231 /* Link Layer */ 232 unsigned int mru; 233 unsigned int mtu; 234 int initiator; /* Did we initiate connection */ 235 bool dead; /* Has the mux been shut down */ 236 struct gsm_dlci *dlci[NUM_DLCI]; 237 bool constipated; /* Asked by remote to shut up */ 238 239 spinlock_t tx_lock; 240 unsigned int tx_bytes; /* TX data outstanding */ 241 #define TX_THRESH_HI 8192 242 #define TX_THRESH_LO 2048 243 struct list_head tx_list; /* Pending data packets */ 244 245 /* Control messages */ 246 struct timer_list t2_timer; /* Retransmit timer for commands */ 247 int cretries; /* Command retry counter */ 248 struct gsm_control *pending_cmd;/* Our current pending command */ 249 spinlock_t control_lock; /* Protects the pending command */ 250 251 /* Configuration */ 252 int adaption; /* 1 or 2 supported */ 253 u8 ftype; /* UI or UIH */ 254 int t1, t2; /* Timers in 1/100th of a sec */ 255 int n2; /* Retry count */ 256 257 /* Statistics (not currently exposed) */ 258 unsigned long bad_fcs; 259 unsigned long malformed; 260 unsigned long io_error; 261 unsigned long bad_size; 262 unsigned long unsupported; 263 }; 264 265 266 /* 267 * Mux objects - needed so that we can translate a tty index into the 268 * relevant mux and DLCI. 269 */ 270 271 #define MAX_MUX 4 /* 256 minors */ 272 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 273 static spinlock_t gsm_mux_lock; 274 275 static struct tty_driver *gsm_tty_driver; 276 277 /* 278 * This section of the driver logic implements the GSM encodings 279 * both the basic and the 'advanced'. Reliable transport is not 280 * supported. 281 */ 282 283 #define CR 0x02 284 #define EA 0x01 285 #define PF 0x10 286 287 /* I is special: the rest are ..*/ 288 #define RR 0x01 289 #define UI 0x03 290 #define RNR 0x05 291 #define REJ 0x09 292 #define DM 0x0F 293 #define SABM 0x2F 294 #define DISC 0x43 295 #define UA 0x63 296 #define UIH 0xEF 297 298 /* Channel commands */ 299 #define CMD_NSC 0x09 300 #define CMD_TEST 0x11 301 #define CMD_PSC 0x21 302 #define CMD_RLS 0x29 303 #define CMD_FCOFF 0x31 304 #define CMD_PN 0x41 305 #define CMD_RPN 0x49 306 #define CMD_FCON 0x51 307 #define CMD_CLD 0x61 308 #define CMD_SNC 0x69 309 #define CMD_MSC 0x71 310 311 /* Virtual modem bits */ 312 #define MDM_FC 0x01 313 #define MDM_RTC 0x02 314 #define MDM_RTR 0x04 315 #define MDM_IC 0x20 316 #define MDM_DV 0x40 317 318 #define GSM0_SOF 0xF9 319 #define GSM1_SOF 0x7E 320 #define GSM1_ESCAPE 0x7D 321 #define GSM1_ESCAPE_BITS 0x20 322 #define XON 0x11 323 #define XOFF 0x13 324 325 static const struct tty_port_operations gsm_port_ops; 326 327 /* 328 * CRC table for GSM 0710 329 */ 330 331 static const u8 gsm_fcs8[256] = { 332 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 333 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 334 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 335 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 336 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 337 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 338 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 339 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 340 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 341 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 342 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 343 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 344 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 345 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 346 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 347 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 348 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 349 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 350 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 351 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 352 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 353 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 354 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 355 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 356 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 357 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 358 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 359 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 360 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 361 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 362 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 363 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 364 }; 365 366 #define INIT_FCS 0xFF 367 #define GOOD_FCS 0xCF 368 369 /** 370 * gsm_fcs_add - update FCS 371 * @fcs: Current FCS 372 * @c: Next data 373 * 374 * Update the FCS to include c. Uses the algorithm in the specification 375 * notes. 376 */ 377 378 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 379 { 380 return gsm_fcs8[fcs ^ c]; 381 } 382 383 /** 384 * gsm_fcs_add_block - update FCS for a block 385 * @fcs: Current FCS 386 * @c: buffer of data 387 * @len: length of buffer 388 * 389 * Update the FCS to include c. Uses the algorithm in the specification 390 * notes. 391 */ 392 393 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 394 { 395 while (len--) 396 fcs = gsm_fcs8[fcs ^ *c++]; 397 return fcs; 398 } 399 400 /** 401 * gsm_read_ea - read a byte into an EA 402 * @val: variable holding value 403 * c: byte going into the EA 404 * 405 * Processes one byte of an EA. Updates the passed variable 406 * and returns 1 if the EA is now completely read 407 */ 408 409 static int gsm_read_ea(unsigned int *val, u8 c) 410 { 411 /* Add the next 7 bits into the value */ 412 *val <<= 7; 413 *val |= c >> 1; 414 /* Was this the last byte of the EA 1 = yes*/ 415 return c & EA; 416 } 417 418 /** 419 * gsm_encode_modem - encode modem data bits 420 * @dlci: DLCI to encode from 421 * 422 * Returns the correct GSM encoded modem status bits (6 bit field) for 423 * the current status of the DLCI and attached tty object 424 */ 425 426 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 427 { 428 u8 modembits = 0; 429 /* FC is true flow control not modem bits */ 430 if (dlci->throttled) 431 modembits |= MDM_FC; 432 if (dlci->modem_tx & TIOCM_DTR) 433 modembits |= MDM_RTC; 434 if (dlci->modem_tx & TIOCM_RTS) 435 modembits |= MDM_RTR; 436 if (dlci->modem_tx & TIOCM_RI) 437 modembits |= MDM_IC; 438 if (dlci->modem_tx & TIOCM_CD) 439 modembits |= MDM_DV; 440 return modembits; 441 } 442 443 /** 444 * gsm_print_packet - display a frame for debug 445 * @hdr: header to print before decode 446 * @addr: address EA from the frame 447 * @cr: C/R bit from the frame 448 * @control: control including PF bit 449 * @data: following data bytes 450 * @dlen: length of data 451 * 452 * Displays a packet in human readable format for debugging purposes. The 453 * style is based on amateur radio LAP-B dump display. 454 */ 455 456 static void gsm_print_packet(const char *hdr, int addr, int cr, 457 u8 control, const u8 *data, int dlen) 458 { 459 if (!(debug & 1)) 460 return; 461 462 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 463 464 switch (control & ~PF) { 465 case SABM: 466 pr_cont("SABM"); 467 break; 468 case UA: 469 pr_cont("UA"); 470 break; 471 case DISC: 472 pr_cont("DISC"); 473 break; 474 case DM: 475 pr_cont("DM"); 476 break; 477 case UI: 478 pr_cont("UI"); 479 break; 480 case UIH: 481 pr_cont("UIH"); 482 break; 483 default: 484 if (!(control & 0x01)) { 485 pr_cont("I N(S)%d N(R)%d", 486 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 487 } else switch (control & 0x0F) { 488 case RR: 489 pr_cont("RR(%d)", (control & 0xE0) >> 5); 490 break; 491 case RNR: 492 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 493 break; 494 case REJ: 495 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 496 break; 497 default: 498 pr_cont("[%02X]", control); 499 } 500 } 501 502 if (control & PF) 503 pr_cont("(P)"); 504 else 505 pr_cont("(F)"); 506 507 if (dlen) { 508 int ct = 0; 509 while (dlen--) { 510 if (ct % 8 == 0) { 511 pr_cont("\n"); 512 pr_debug(" "); 513 } 514 pr_cont("%02X ", *data++); 515 ct++; 516 } 517 } 518 pr_cont("\n"); 519 } 520 521 522 /* 523 * Link level transmission side 524 */ 525 526 /** 527 * gsm_stuff_packet - bytestuff a packet 528 * @ibuf: input 529 * @obuf: output 530 * @len: length of input 531 * 532 * Expand a buffer by bytestuffing it. The worst case size change 533 * is doubling and the caller is responsible for handing out 534 * suitable sized buffers. 535 */ 536 537 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 538 { 539 int olen = 0; 540 while (len--) { 541 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 542 || *input == XON || *input == XOFF) { 543 *output++ = GSM1_ESCAPE; 544 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 545 olen++; 546 } else 547 *output++ = *input++; 548 olen++; 549 } 550 return olen; 551 } 552 553 /** 554 * gsm_send - send a control frame 555 * @gsm: our GSM mux 556 * @addr: address for control frame 557 * @cr: command/response bit 558 * @control: control byte including PF bit 559 * 560 * Format up and transmit a control frame. These do not go via the 561 * queueing logic as they should be transmitted ahead of data when 562 * they are needed. 563 * 564 * FIXME: Lock versus data TX path 565 */ 566 567 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 568 { 569 int len; 570 u8 cbuf[10]; 571 u8 ibuf[3]; 572 573 switch (gsm->encoding) { 574 case 0: 575 cbuf[0] = GSM0_SOF; 576 cbuf[1] = (addr << 2) | (cr << 1) | EA; 577 cbuf[2] = control; 578 cbuf[3] = EA; /* Length of data = 0 */ 579 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3); 580 cbuf[5] = GSM0_SOF; 581 len = 6; 582 break; 583 case 1: 584 case 2: 585 /* Control frame + packing (but not frame stuffing) in mode 1 */ 586 ibuf[0] = (addr << 2) | (cr << 1) | EA; 587 ibuf[1] = control; 588 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2); 589 /* Stuffing may double the size worst case */ 590 len = gsm_stuff_frame(ibuf, cbuf + 1, 3); 591 /* Now add the SOF markers */ 592 cbuf[0] = GSM1_SOF; 593 cbuf[len + 1] = GSM1_SOF; 594 /* FIXME: we can omit the lead one in many cases */ 595 len += 2; 596 break; 597 default: 598 WARN_ON(1); 599 return; 600 } 601 gsm->output(gsm, cbuf, len); 602 gsm_print_packet("-->", addr, cr, control, NULL, 0); 603 } 604 605 /** 606 * gsm_response - send a control response 607 * @gsm: our GSM mux 608 * @addr: address for control frame 609 * @control: control byte including PF bit 610 * 611 * Format up and transmit a link level response frame. 612 */ 613 614 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 615 { 616 gsm_send(gsm, addr, 0, control); 617 } 618 619 /** 620 * gsm_command - send a control command 621 * @gsm: our GSM mux 622 * @addr: address for control frame 623 * @control: control byte including PF bit 624 * 625 * Format up and transmit a link level command frame. 626 */ 627 628 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 629 { 630 gsm_send(gsm, addr, 1, control); 631 } 632 633 /* Data transmission */ 634 635 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 636 637 /** 638 * gsm_data_alloc - allocate data frame 639 * @gsm: GSM mux 640 * @addr: DLCI address 641 * @len: length excluding header and FCS 642 * @ctrl: control byte 643 * 644 * Allocate a new data buffer for sending frames with data. Space is left 645 * at the front for header bytes but that is treated as an implementation 646 * detail and not for the high level code to use 647 */ 648 649 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 650 u8 ctrl) 651 { 652 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 653 GFP_ATOMIC); 654 if (m == NULL) 655 return NULL; 656 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 657 m->len = len; 658 m->addr = addr; 659 m->ctrl = ctrl; 660 INIT_LIST_HEAD(&m->list); 661 return m; 662 } 663 664 /** 665 * gsm_data_kick - poke the queue 666 * @gsm: GSM Mux 667 * 668 * The tty device has called us to indicate that room has appeared in 669 * the transmit queue. Ram more data into the pipe if we have any 670 * If we have been flow-stopped by a CMD_FCOFF, then we can only 671 * send messages on DLCI0 until CMD_FCON 672 * 673 * FIXME: lock against link layer control transmissions 674 */ 675 676 static void gsm_data_kick(struct gsm_mux *gsm) 677 { 678 struct gsm_msg *msg, *nmsg; 679 int len; 680 int skip_sof = 0; 681 682 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) { 683 if (gsm->constipated && msg->addr) 684 continue; 685 if (gsm->encoding != 0) { 686 gsm->txframe[0] = GSM1_SOF; 687 len = gsm_stuff_frame(msg->data, 688 gsm->txframe + 1, msg->len); 689 gsm->txframe[len + 1] = GSM1_SOF; 690 len += 2; 691 } else { 692 gsm->txframe[0] = GSM0_SOF; 693 memcpy(gsm->txframe + 1 , msg->data, msg->len); 694 gsm->txframe[msg->len + 1] = GSM0_SOF; 695 len = msg->len + 2; 696 } 697 698 if (debug & 4) 699 print_hex_dump_bytes("gsm_data_kick: ", 700 DUMP_PREFIX_OFFSET, 701 gsm->txframe, len); 702 703 if (gsm->output(gsm, gsm->txframe + skip_sof, 704 len - skip_sof) < 0) 705 break; 706 /* FIXME: Can eliminate one SOF in many more cases */ 707 gsm->tx_bytes -= msg->len; 708 /* For a burst of frames skip the extra SOF within the 709 burst */ 710 skip_sof = 1; 711 712 list_del(&msg->list); 713 kfree(msg); 714 } 715 } 716 717 /** 718 * __gsm_data_queue - queue a UI or UIH frame 719 * @dlci: DLCI sending the data 720 * @msg: message queued 721 * 722 * Add data to the transmit queue and try and get stuff moving 723 * out of the mux tty if not already doing so. The Caller must hold 724 * the gsm tx lock. 725 */ 726 727 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 728 { 729 struct gsm_mux *gsm = dlci->gsm; 730 u8 *dp = msg->data; 731 u8 *fcs = dp + msg->len; 732 733 /* Fill in the header */ 734 if (gsm->encoding == 0) { 735 if (msg->len < 128) 736 *--dp = (msg->len << 1) | EA; 737 else { 738 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 739 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 740 } 741 } 742 743 *--dp = msg->ctrl; 744 if (gsm->initiator) 745 *--dp = (msg->addr << 2) | 2 | EA; 746 else 747 *--dp = (msg->addr << 2) | EA; 748 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 749 /* Ugly protocol layering violation */ 750 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 751 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 752 *fcs = 0xFF - *fcs; 753 754 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 755 msg->data, msg->len); 756 757 /* Move the header back and adjust the length, also allow for the FCS 758 now tacked on the end */ 759 msg->len += (msg->data - dp) + 1; 760 msg->data = dp; 761 762 /* Add to the actual output queue */ 763 list_add_tail(&msg->list, &gsm->tx_list); 764 gsm->tx_bytes += msg->len; 765 gsm_data_kick(gsm); 766 } 767 768 /** 769 * gsm_data_queue - queue a UI or UIH frame 770 * @dlci: DLCI sending the data 771 * @msg: message queued 772 * 773 * Add data to the transmit queue and try and get stuff moving 774 * out of the mux tty if not already doing so. Take the 775 * the gsm tx lock and dlci lock. 776 */ 777 778 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 779 { 780 unsigned long flags; 781 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 782 __gsm_data_queue(dlci, msg); 783 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 784 } 785 786 /** 787 * gsm_dlci_data_output - try and push data out of a DLCI 788 * @gsm: mux 789 * @dlci: the DLCI to pull data from 790 * 791 * Pull data from a DLCI and send it into the transmit queue if there 792 * is data. Keep to the MRU of the mux. This path handles the usual tty 793 * interface which is a byte stream with optional modem data. 794 * 795 * Caller must hold the tx_lock of the mux. 796 */ 797 798 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 799 { 800 struct gsm_msg *msg; 801 u8 *dp; 802 int len, total_size, size; 803 int h = dlci->adaption - 1; 804 805 total_size = 0; 806 while (1) { 807 len = kfifo_len(&dlci->fifo); 808 if (len == 0) 809 return total_size; 810 811 /* MTU/MRU count only the data bits */ 812 if (len > gsm->mtu) 813 len = gsm->mtu; 814 815 size = len + h; 816 817 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 818 /* FIXME: need a timer or something to kick this so it can't 819 get stuck with no work outstanding and no buffer free */ 820 if (msg == NULL) 821 return -ENOMEM; 822 dp = msg->data; 823 switch (dlci->adaption) { 824 case 1: /* Unstructured */ 825 break; 826 case 2: /* Unstructed with modem bits. 827 Always one byte as we never send inline break data */ 828 *dp++ = gsm_encode_modem(dlci); 829 break; 830 } 831 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len); 832 __gsm_data_queue(dlci, msg); 833 total_size += size; 834 } 835 /* Bytes of data we used up */ 836 return total_size; 837 } 838 839 /** 840 * gsm_dlci_data_output_framed - try and push data out of a DLCI 841 * @gsm: mux 842 * @dlci: the DLCI to pull data from 843 * 844 * Pull data from a DLCI and send it into the transmit queue if there 845 * is data. Keep to the MRU of the mux. This path handles framed data 846 * queued as skbuffs to the DLCI. 847 * 848 * Caller must hold the tx_lock of the mux. 849 */ 850 851 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 852 struct gsm_dlci *dlci) 853 { 854 struct gsm_msg *msg; 855 u8 *dp; 856 int len, size; 857 int last = 0, first = 0; 858 int overhead = 0; 859 860 /* One byte per frame is used for B/F flags */ 861 if (dlci->adaption == 4) 862 overhead = 1; 863 864 /* dlci->skb is locked by tx_lock */ 865 if (dlci->skb == NULL) { 866 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 867 if (dlci->skb == NULL) 868 return 0; 869 first = 1; 870 } 871 len = dlci->skb->len + overhead; 872 873 /* MTU/MRU count only the data bits */ 874 if (len > gsm->mtu) { 875 if (dlci->adaption == 3) { 876 /* Over long frame, bin it */ 877 dev_kfree_skb_any(dlci->skb); 878 dlci->skb = NULL; 879 return 0; 880 } 881 len = gsm->mtu; 882 } else 883 last = 1; 884 885 size = len + overhead; 886 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 887 888 /* FIXME: need a timer or something to kick this so it can't 889 get stuck with no work outstanding and no buffer free */ 890 if (msg == NULL) { 891 skb_queue_tail(&dlci->skb_list, dlci->skb); 892 dlci->skb = NULL; 893 return -ENOMEM; 894 } 895 dp = msg->data; 896 897 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 898 /* Flag byte to carry the start/end info */ 899 *dp++ = last << 7 | first << 6 | 1; /* EA */ 900 len--; 901 } 902 memcpy(dp, dlci->skb->data, len); 903 skb_pull(dlci->skb, len); 904 __gsm_data_queue(dlci, msg); 905 if (last) { 906 dev_kfree_skb_any(dlci->skb); 907 dlci->skb = NULL; 908 } 909 return size; 910 } 911 912 /** 913 * gsm_dlci_data_sweep - look for data to send 914 * @gsm: the GSM mux 915 * 916 * Sweep the GSM mux channels in priority order looking for ones with 917 * data to send. We could do with optimising this scan a bit. We aim 918 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 919 * TX_THRESH_LO we get called again 920 * 921 * FIXME: We should round robin between groups and in theory you can 922 * renegotiate DLCI priorities with optional stuff. Needs optimising. 923 */ 924 925 static void gsm_dlci_data_sweep(struct gsm_mux *gsm) 926 { 927 int len; 928 /* Priority ordering: We should do priority with RR of the groups */ 929 int i = 1; 930 931 while (i < NUM_DLCI) { 932 struct gsm_dlci *dlci; 933 934 if (gsm->tx_bytes > TX_THRESH_HI) 935 break; 936 dlci = gsm->dlci[i]; 937 if (dlci == NULL || dlci->constipated) { 938 i++; 939 continue; 940 } 941 if (dlci->adaption < 3 && !dlci->net) 942 len = gsm_dlci_data_output(gsm, dlci); 943 else 944 len = gsm_dlci_data_output_framed(gsm, dlci); 945 if (len < 0) 946 break; 947 /* DLCI empty - try the next */ 948 if (len == 0) 949 i++; 950 } 951 } 952 953 /** 954 * gsm_dlci_data_kick - transmit if possible 955 * @dlci: DLCI to kick 956 * 957 * Transmit data from this DLCI if the queue is empty. We can't rely on 958 * a tty wakeup except when we filled the pipe so we need to fire off 959 * new data ourselves in other cases. 960 */ 961 962 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 963 { 964 unsigned long flags; 965 int sweep; 966 967 if (dlci->constipated) 968 return; 969 970 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 971 /* If we have nothing running then we need to fire up */ 972 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 973 if (dlci->gsm->tx_bytes == 0) { 974 if (dlci->net) 975 gsm_dlci_data_output_framed(dlci->gsm, dlci); 976 else 977 gsm_dlci_data_output(dlci->gsm, dlci); 978 } 979 if (sweep) 980 gsm_dlci_data_sweep(dlci->gsm); 981 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 982 } 983 984 /* 985 * Control message processing 986 */ 987 988 989 /** 990 * gsm_control_reply - send a response frame to a control 991 * @gsm: gsm channel 992 * @cmd: the command to use 993 * @data: data to follow encoded info 994 * @dlen: length of data 995 * 996 * Encode up and queue a UI/UIH frame containing our response. 997 */ 998 999 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 1000 int dlen) 1001 { 1002 struct gsm_msg *msg; 1003 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype); 1004 if (msg == NULL) 1005 return; 1006 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 1007 msg->data[1] = (dlen << 1) | EA; 1008 memcpy(msg->data + 2, data, dlen); 1009 gsm_data_queue(gsm->dlci[0], msg); 1010 } 1011 1012 /** 1013 * gsm_process_modem - process received modem status 1014 * @tty: virtual tty bound to the DLCI 1015 * @dlci: DLCI to affect 1016 * @modem: modem bits (full EA) 1017 * 1018 * Used when a modem control message or line state inline in adaption 1019 * layer 2 is processed. Sort out the local modem state and throttles 1020 */ 1021 1022 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1023 u32 modem, int clen) 1024 { 1025 int mlines = 0; 1026 u8 brk = 0; 1027 int fc; 1028 1029 /* The modem status command can either contain one octet (v.24 signals) 1030 or two octets (v.24 signals + break signals). The length field will 1031 either be 2 or 3 respectively. This is specified in section 1032 5.4.6.3.7 of the 27.010 mux spec. */ 1033 1034 if (clen == 2) 1035 modem = modem & 0x7f; 1036 else { 1037 brk = modem & 0x7f; 1038 modem = (modem >> 7) & 0x7f; 1039 } 1040 1041 /* Flow control/ready to communicate */ 1042 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1043 if (fc && !dlci->constipated) { 1044 /* Need to throttle our output on this device */ 1045 dlci->constipated = true; 1046 } else if (!fc && dlci->constipated) { 1047 dlci->constipated = false; 1048 gsm_dlci_data_kick(dlci); 1049 } 1050 1051 /* Map modem bits */ 1052 if (modem & MDM_RTC) 1053 mlines |= TIOCM_DSR | TIOCM_DTR; 1054 if (modem & MDM_RTR) 1055 mlines |= TIOCM_RTS | TIOCM_CTS; 1056 if (modem & MDM_IC) 1057 mlines |= TIOCM_RI; 1058 if (modem & MDM_DV) 1059 mlines |= TIOCM_CD; 1060 1061 /* Carrier drop -> hangup */ 1062 if (tty) { 1063 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1064 if (!C_CLOCAL(tty)) 1065 tty_hangup(tty); 1066 } 1067 if (brk & 0x01) 1068 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1069 dlci->modem_rx = mlines; 1070 } 1071 1072 /** 1073 * gsm_control_modem - modem status received 1074 * @gsm: GSM channel 1075 * @data: data following command 1076 * @clen: command length 1077 * 1078 * We have received a modem status control message. This is used by 1079 * the GSM mux protocol to pass virtual modem line status and optionally 1080 * to indicate break signals. Unpack it, convert to Linux representation 1081 * and if need be stuff a break message down the tty. 1082 */ 1083 1084 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1085 { 1086 unsigned int addr = 0; 1087 unsigned int modem = 0; 1088 unsigned int brk = 0; 1089 struct gsm_dlci *dlci; 1090 int len = clen; 1091 const u8 *dp = data; 1092 struct tty_struct *tty; 1093 1094 while (gsm_read_ea(&addr, *dp++) == 0) { 1095 len--; 1096 if (len == 0) 1097 return; 1098 } 1099 /* Must be at least one byte following the EA */ 1100 len--; 1101 if (len <= 0) 1102 return; 1103 1104 addr >>= 1; 1105 /* Closed port, or invalid ? */ 1106 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1107 return; 1108 dlci = gsm->dlci[addr]; 1109 1110 while (gsm_read_ea(&modem, *dp++) == 0) { 1111 len--; 1112 if (len == 0) 1113 return; 1114 } 1115 len--; 1116 if (len > 0) { 1117 while (gsm_read_ea(&brk, *dp++) == 0) { 1118 len--; 1119 if (len == 0) 1120 return; 1121 } 1122 modem <<= 7; 1123 modem |= (brk & 0x7f); 1124 } 1125 tty = tty_port_tty_get(&dlci->port); 1126 gsm_process_modem(tty, dlci, modem, clen); 1127 if (tty) { 1128 tty_wakeup(tty); 1129 tty_kref_put(tty); 1130 } 1131 gsm_control_reply(gsm, CMD_MSC, data, clen); 1132 } 1133 1134 /** 1135 * gsm_control_rls - remote line status 1136 * @gsm: GSM channel 1137 * @data: data bytes 1138 * @clen: data length 1139 * 1140 * The modem sends us a two byte message on the control channel whenever 1141 * it wishes to send us an error state from the virtual link. Stuff 1142 * this into the uplink tty if present 1143 */ 1144 1145 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1146 { 1147 struct tty_port *port; 1148 unsigned int addr = 0; 1149 u8 bits; 1150 int len = clen; 1151 const u8 *dp = data; 1152 1153 while (gsm_read_ea(&addr, *dp++) == 0) { 1154 len--; 1155 if (len == 0) 1156 return; 1157 } 1158 /* Must be at least one byte following ea */ 1159 len--; 1160 if (len <= 0) 1161 return; 1162 addr >>= 1; 1163 /* Closed port, or invalid ? */ 1164 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1165 return; 1166 /* No error ? */ 1167 bits = *dp; 1168 if ((bits & 1) == 0) 1169 return; 1170 1171 port = &gsm->dlci[addr]->port; 1172 1173 if (bits & 2) 1174 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1175 if (bits & 4) 1176 tty_insert_flip_char(port, 0, TTY_PARITY); 1177 if (bits & 8) 1178 tty_insert_flip_char(port, 0, TTY_FRAME); 1179 1180 tty_flip_buffer_push(port); 1181 1182 gsm_control_reply(gsm, CMD_RLS, data, clen); 1183 } 1184 1185 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1186 1187 /** 1188 * gsm_control_message - DLCI 0 control processing 1189 * @gsm: our GSM mux 1190 * @command: the command EA 1191 * @data: data beyond the command/length EAs 1192 * @clen: length 1193 * 1194 * Input processor for control messages from the other end of the link. 1195 * Processes the incoming request and queues a response frame or an 1196 * NSC response if not supported 1197 */ 1198 1199 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1200 const u8 *data, int clen) 1201 { 1202 u8 buf[1]; 1203 unsigned long flags; 1204 1205 switch (command) { 1206 case CMD_CLD: { 1207 struct gsm_dlci *dlci = gsm->dlci[0]; 1208 /* Modem wishes to close down */ 1209 if (dlci) { 1210 dlci->dead = true; 1211 gsm->dead = true; 1212 gsm_dlci_begin_close(dlci); 1213 } 1214 } 1215 break; 1216 case CMD_TEST: 1217 /* Modem wishes to test, reply with the data */ 1218 gsm_control_reply(gsm, CMD_TEST, data, clen); 1219 break; 1220 case CMD_FCON: 1221 /* Modem can accept data again */ 1222 gsm->constipated = false; 1223 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1224 /* Kick the link in case it is idling */ 1225 spin_lock_irqsave(&gsm->tx_lock, flags); 1226 gsm_data_kick(gsm); 1227 spin_unlock_irqrestore(&gsm->tx_lock, flags); 1228 break; 1229 case CMD_FCOFF: 1230 /* Modem wants us to STFU */ 1231 gsm->constipated = true; 1232 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1233 break; 1234 case CMD_MSC: 1235 /* Out of band modem line change indicator for a DLCI */ 1236 gsm_control_modem(gsm, data, clen); 1237 break; 1238 case CMD_RLS: 1239 /* Out of band error reception for a DLCI */ 1240 gsm_control_rls(gsm, data, clen); 1241 break; 1242 case CMD_PSC: 1243 /* Modem wishes to enter power saving state */ 1244 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1245 break; 1246 /* Optional unsupported commands */ 1247 case CMD_PN: /* Parameter negotiation */ 1248 case CMD_RPN: /* Remote port negotiation */ 1249 case CMD_SNC: /* Service negotiation command */ 1250 default: 1251 /* Reply to bad commands with an NSC */ 1252 buf[0] = command; 1253 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1254 break; 1255 } 1256 } 1257 1258 /** 1259 * gsm_control_response - process a response to our control 1260 * @gsm: our GSM mux 1261 * @command: the command (response) EA 1262 * @data: data beyond the command/length EA 1263 * @clen: length 1264 * 1265 * Process a response to an outstanding command. We only allow a single 1266 * control message in flight so this is fairly easy. All the clean up 1267 * is done by the caller, we just update the fields, flag it as done 1268 * and return 1269 */ 1270 1271 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1272 const u8 *data, int clen) 1273 { 1274 struct gsm_control *ctrl; 1275 unsigned long flags; 1276 1277 spin_lock_irqsave(&gsm->control_lock, flags); 1278 1279 ctrl = gsm->pending_cmd; 1280 /* Does the reply match our command */ 1281 command |= 1; 1282 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1283 /* Our command was replied to, kill the retry timer */ 1284 del_timer(&gsm->t2_timer); 1285 gsm->pending_cmd = NULL; 1286 /* Rejected by the other end */ 1287 if (command == CMD_NSC) 1288 ctrl->error = -EOPNOTSUPP; 1289 ctrl->done = 1; 1290 wake_up(&gsm->event); 1291 } 1292 spin_unlock_irqrestore(&gsm->control_lock, flags); 1293 } 1294 1295 /** 1296 * gsm_control_transmit - send control packet 1297 * @gsm: gsm mux 1298 * @ctrl: frame to send 1299 * 1300 * Send out a pending control command (called under control lock) 1301 */ 1302 1303 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 1304 { 1305 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype); 1306 if (msg == NULL) 1307 return; 1308 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */ 1309 memcpy(msg->data + 1, ctrl->data, ctrl->len); 1310 gsm_data_queue(gsm->dlci[0], msg); 1311 } 1312 1313 /** 1314 * gsm_control_retransmit - retransmit a control frame 1315 * @data: pointer to our gsm object 1316 * 1317 * Called off the T2 timer expiry in order to retransmit control frames 1318 * that have been lost in the system somewhere. The control_lock protects 1319 * us from colliding with another sender or a receive completion event. 1320 * In that situation the timer may still occur in a small window but 1321 * gsm->pending_cmd will be NULL and we just let the timer expire. 1322 */ 1323 1324 static void gsm_control_retransmit(struct timer_list *t) 1325 { 1326 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer); 1327 struct gsm_control *ctrl; 1328 unsigned long flags; 1329 spin_lock_irqsave(&gsm->control_lock, flags); 1330 ctrl = gsm->pending_cmd; 1331 if (ctrl) { 1332 gsm->cretries--; 1333 if (gsm->cretries == 0) { 1334 gsm->pending_cmd = NULL; 1335 ctrl->error = -ETIMEDOUT; 1336 ctrl->done = 1; 1337 spin_unlock_irqrestore(&gsm->control_lock, flags); 1338 wake_up(&gsm->event); 1339 return; 1340 } 1341 gsm_control_transmit(gsm, ctrl); 1342 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1343 } 1344 spin_unlock_irqrestore(&gsm->control_lock, flags); 1345 } 1346 1347 /** 1348 * gsm_control_send - send a control frame on DLCI 0 1349 * @gsm: the GSM channel 1350 * @command: command to send including CR bit 1351 * @data: bytes of data (must be kmalloced) 1352 * @len: length of the block to send 1353 * 1354 * Queue and dispatch a control command. Only one command can be 1355 * active at a time. In theory more can be outstanding but the matching 1356 * gets really complicated so for now stick to one outstanding. 1357 */ 1358 1359 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 1360 unsigned int command, u8 *data, int clen) 1361 { 1362 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), 1363 GFP_KERNEL); 1364 unsigned long flags; 1365 if (ctrl == NULL) 1366 return NULL; 1367 retry: 1368 wait_event(gsm->event, gsm->pending_cmd == NULL); 1369 spin_lock_irqsave(&gsm->control_lock, flags); 1370 if (gsm->pending_cmd != NULL) { 1371 spin_unlock_irqrestore(&gsm->control_lock, flags); 1372 goto retry; 1373 } 1374 ctrl->cmd = command; 1375 ctrl->data = data; 1376 ctrl->len = clen; 1377 gsm->pending_cmd = ctrl; 1378 1379 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 1380 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 1381 gsm->cretries = 1; 1382 else 1383 gsm->cretries = gsm->n2; 1384 1385 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1386 gsm_control_transmit(gsm, ctrl); 1387 spin_unlock_irqrestore(&gsm->control_lock, flags); 1388 return ctrl; 1389 } 1390 1391 /** 1392 * gsm_control_wait - wait for a control to finish 1393 * @gsm: GSM mux 1394 * @control: control we are waiting on 1395 * 1396 * Waits for the control to complete or time out. Frees any used 1397 * resources and returns 0 for success, or an error if the remote 1398 * rejected or ignored the request. 1399 */ 1400 1401 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 1402 { 1403 int err; 1404 wait_event(gsm->event, control->done == 1); 1405 err = control->error; 1406 kfree(control); 1407 return err; 1408 } 1409 1410 1411 /* 1412 * DLCI level handling: Needs krefs 1413 */ 1414 1415 /* 1416 * State transitions and timers 1417 */ 1418 1419 /** 1420 * gsm_dlci_close - a DLCI has closed 1421 * @dlci: DLCI that closed 1422 * 1423 * Perform processing when moving a DLCI into closed state. If there 1424 * is an attached tty this is hung up 1425 */ 1426 1427 static void gsm_dlci_close(struct gsm_dlci *dlci) 1428 { 1429 del_timer(&dlci->t1); 1430 if (debug & 8) 1431 pr_debug("DLCI %d goes closed.\n", dlci->addr); 1432 dlci->state = DLCI_CLOSED; 1433 if (dlci->addr != 0) { 1434 tty_port_tty_hangup(&dlci->port, false); 1435 kfifo_reset(&dlci->fifo); 1436 } else 1437 dlci->gsm->dead = true; 1438 wake_up(&dlci->gsm->event); 1439 /* A DLCI 0 close is a MUX termination so we need to kick that 1440 back to userspace somehow */ 1441 } 1442 1443 /** 1444 * gsm_dlci_open - a DLCI has opened 1445 * @dlci: DLCI that opened 1446 * 1447 * Perform processing when moving a DLCI into open state. 1448 */ 1449 1450 static void gsm_dlci_open(struct gsm_dlci *dlci) 1451 { 1452 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 1453 open -> open */ 1454 del_timer(&dlci->t1); 1455 /* This will let a tty open continue */ 1456 dlci->state = DLCI_OPEN; 1457 if (debug & 8) 1458 pr_debug("DLCI %d goes open.\n", dlci->addr); 1459 wake_up(&dlci->gsm->event); 1460 } 1461 1462 /** 1463 * gsm_dlci_t1 - T1 timer expiry 1464 * @dlci: DLCI that opened 1465 * 1466 * The T1 timer handles retransmits of control frames (essentially of 1467 * SABM and DISC). We resend the command until the retry count runs out 1468 * in which case an opening port goes back to closed and a closing port 1469 * is simply put into closed state (any further frames from the other 1470 * end will get a DM response) 1471 * 1472 * Some control dlci can stay in ADM mode with other dlci working just 1473 * fine. In that case we can just keep the control dlci open after the 1474 * DLCI_OPENING retries time out. 1475 */ 1476 1477 static void gsm_dlci_t1(struct timer_list *t) 1478 { 1479 struct gsm_dlci *dlci = from_timer(dlci, t, t1); 1480 struct gsm_mux *gsm = dlci->gsm; 1481 1482 switch (dlci->state) { 1483 case DLCI_OPENING: 1484 dlci->retries--; 1485 if (dlci->retries) { 1486 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1487 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1488 } else if (!dlci->addr && gsm->control == (DM | PF)) { 1489 if (debug & 8) 1490 pr_info("DLCI %d opening in ADM mode.\n", 1491 dlci->addr); 1492 dlci->mode = DLCI_MODE_ADM; 1493 gsm_dlci_open(dlci); 1494 } else { 1495 gsm_dlci_close(dlci); 1496 } 1497 1498 break; 1499 case DLCI_CLOSING: 1500 dlci->retries--; 1501 if (dlci->retries) { 1502 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1503 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1504 } else 1505 gsm_dlci_close(dlci); 1506 break; 1507 default: 1508 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 1509 break; 1510 } 1511 } 1512 1513 /** 1514 * gsm_dlci_begin_open - start channel open procedure 1515 * @dlci: DLCI to open 1516 * 1517 * Commence opening a DLCI from the Linux side. We issue SABM messages 1518 * to the modem which should then reply with a UA or ADM, at which point 1519 * we will move into open state. Opening is done asynchronously with retry 1520 * running off timers and the responses. 1521 */ 1522 1523 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 1524 { 1525 struct gsm_mux *gsm = dlci->gsm; 1526 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING) 1527 return; 1528 dlci->retries = gsm->n2; 1529 dlci->state = DLCI_OPENING; 1530 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1531 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1532 } 1533 1534 /** 1535 * gsm_dlci_begin_close - start channel open procedure 1536 * @dlci: DLCI to open 1537 * 1538 * Commence closing a DLCI from the Linux side. We issue DISC messages 1539 * to the modem which should then reply with a UA, at which point we 1540 * will move into closed state. Closing is done asynchronously with retry 1541 * off timers. We may also receive a DM reply from the other end which 1542 * indicates the channel was already closed. 1543 */ 1544 1545 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 1546 { 1547 struct gsm_mux *gsm = dlci->gsm; 1548 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 1549 return; 1550 dlci->retries = gsm->n2; 1551 dlci->state = DLCI_CLOSING; 1552 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1553 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1554 } 1555 1556 /** 1557 * gsm_dlci_data - data arrived 1558 * @dlci: channel 1559 * @data: block of bytes received 1560 * @len: length of received block 1561 * 1562 * A UI or UIH frame has arrived which contains data for a channel 1563 * other than the control channel. If the relevant virtual tty is 1564 * open we shovel the bits down it, if not we drop them. 1565 */ 1566 1567 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 1568 { 1569 /* krefs .. */ 1570 struct tty_port *port = &dlci->port; 1571 struct tty_struct *tty; 1572 unsigned int modem = 0; 1573 int len = clen; 1574 1575 if (debug & 16) 1576 pr_debug("%d bytes for tty\n", len); 1577 switch (dlci->adaption) { 1578 /* Unsupported types */ 1579 case 4: /* Packetised interruptible data */ 1580 break; 1581 case 3: /* Packetised uininterruptible voice/data */ 1582 break; 1583 case 2: /* Asynchronous serial with line state in each frame */ 1584 while (gsm_read_ea(&modem, *data++) == 0) { 1585 len--; 1586 if (len == 0) 1587 return; 1588 } 1589 tty = tty_port_tty_get(port); 1590 if (tty) { 1591 gsm_process_modem(tty, dlci, modem, clen); 1592 tty_kref_put(tty); 1593 } 1594 /* Fall through */ 1595 case 1: /* Line state will go via DLCI 0 controls only */ 1596 default: 1597 tty_insert_flip_string(port, data, len); 1598 tty_flip_buffer_push(port); 1599 } 1600 } 1601 1602 /** 1603 * gsm_dlci_control - data arrived on control channel 1604 * @dlci: channel 1605 * @data: block of bytes received 1606 * @len: length of received block 1607 * 1608 * A UI or UIH frame has arrived which contains data for DLCI 0 the 1609 * control channel. This should contain a command EA followed by 1610 * control data bytes. The command EA contains a command/response bit 1611 * and we divide up the work accordingly. 1612 */ 1613 1614 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 1615 { 1616 /* See what command is involved */ 1617 unsigned int command = 0; 1618 while (len-- > 0) { 1619 if (gsm_read_ea(&command, *data++) == 1) { 1620 int clen = *data++; 1621 len--; 1622 /* FIXME: this is properly an EA */ 1623 clen >>= 1; 1624 /* Malformed command ? */ 1625 if (clen > len) 1626 return; 1627 if (command & 1) 1628 gsm_control_message(dlci->gsm, command, 1629 data, clen); 1630 else 1631 gsm_control_response(dlci->gsm, command, 1632 data, clen); 1633 return; 1634 } 1635 } 1636 } 1637 1638 /* 1639 * Allocate/Free DLCI channels 1640 */ 1641 1642 /** 1643 * gsm_dlci_alloc - allocate a DLCI 1644 * @gsm: GSM mux 1645 * @addr: address of the DLCI 1646 * 1647 * Allocate and install a new DLCI object into the GSM mux. 1648 * 1649 * FIXME: review locking races 1650 */ 1651 1652 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 1653 { 1654 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC); 1655 if (dlci == NULL) 1656 return NULL; 1657 spin_lock_init(&dlci->lock); 1658 mutex_init(&dlci->mutex); 1659 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) { 1660 kfree(dlci); 1661 return NULL; 1662 } 1663 1664 skb_queue_head_init(&dlci->skb_list); 1665 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 1666 tty_port_init(&dlci->port); 1667 dlci->port.ops = &gsm_port_ops; 1668 dlci->gsm = gsm; 1669 dlci->addr = addr; 1670 dlci->adaption = gsm->adaption; 1671 dlci->state = DLCI_CLOSED; 1672 if (addr) 1673 dlci->data = gsm_dlci_data; 1674 else 1675 dlci->data = gsm_dlci_command; 1676 gsm->dlci[addr] = dlci; 1677 return dlci; 1678 } 1679 1680 /** 1681 * gsm_dlci_free - free DLCI 1682 * @dlci: DLCI to free 1683 * 1684 * Free up a DLCI. 1685 * 1686 * Can sleep. 1687 */ 1688 static void gsm_dlci_free(struct tty_port *port) 1689 { 1690 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 1691 1692 del_timer_sync(&dlci->t1); 1693 dlci->gsm->dlci[dlci->addr] = NULL; 1694 kfifo_free(&dlci->fifo); 1695 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 1696 dev_kfree_skb(dlci->skb); 1697 kfree(dlci); 1698 } 1699 1700 static inline void dlci_get(struct gsm_dlci *dlci) 1701 { 1702 tty_port_get(&dlci->port); 1703 } 1704 1705 static inline void dlci_put(struct gsm_dlci *dlci) 1706 { 1707 tty_port_put(&dlci->port); 1708 } 1709 1710 static void gsm_destroy_network(struct gsm_dlci *dlci); 1711 1712 /** 1713 * gsm_dlci_release - release DLCI 1714 * @dlci: DLCI to destroy 1715 * 1716 * Release a DLCI. Actual free is deferred until either 1717 * mux is closed or tty is closed - whichever is last. 1718 * 1719 * Can sleep. 1720 */ 1721 static void gsm_dlci_release(struct gsm_dlci *dlci) 1722 { 1723 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 1724 if (tty) { 1725 mutex_lock(&dlci->mutex); 1726 gsm_destroy_network(dlci); 1727 mutex_unlock(&dlci->mutex); 1728 1729 tty_hangup(tty); 1730 1731 tty_port_tty_set(&dlci->port, NULL); 1732 tty_kref_put(tty); 1733 } 1734 dlci->state = DLCI_CLOSED; 1735 dlci_put(dlci); 1736 } 1737 1738 /* 1739 * LAPBish link layer logic 1740 */ 1741 1742 /** 1743 * gsm_queue - a GSM frame is ready to process 1744 * @gsm: pointer to our gsm mux 1745 * 1746 * At this point in time a frame has arrived and been demangled from 1747 * the line encoding. All the differences between the encodings have 1748 * been handled below us and the frame is unpacked into the structures. 1749 * The fcs holds the header FCS but any data FCS must be added here. 1750 */ 1751 1752 static void gsm_queue(struct gsm_mux *gsm) 1753 { 1754 struct gsm_dlci *dlci; 1755 u8 cr; 1756 int address; 1757 /* We have to sneak a look at the packet body to do the FCS. 1758 A somewhat layering violation in the spec */ 1759 1760 if ((gsm->control & ~PF) == UI) 1761 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len); 1762 if (gsm->encoding == 0) { 1763 /* WARNING: gsm->received_fcs is used for 1764 gsm->encoding = 0 only. 1765 In this case it contain the last piece of data 1766 required to generate final CRC */ 1767 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs); 1768 } 1769 if (gsm->fcs != GOOD_FCS) { 1770 gsm->bad_fcs++; 1771 if (debug & 4) 1772 pr_debug("BAD FCS %02x\n", gsm->fcs); 1773 return; 1774 } 1775 address = gsm->address >> 1; 1776 if (address >= NUM_DLCI) 1777 goto invalid; 1778 1779 cr = gsm->address & 1; /* C/R bit */ 1780 1781 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 1782 1783 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */ 1784 dlci = gsm->dlci[address]; 1785 1786 switch (gsm->control) { 1787 case SABM|PF: 1788 if (cr == 0) 1789 goto invalid; 1790 if (dlci == NULL) 1791 dlci = gsm_dlci_alloc(gsm, address); 1792 if (dlci == NULL) 1793 return; 1794 if (dlci->dead) 1795 gsm_response(gsm, address, DM); 1796 else { 1797 gsm_response(gsm, address, UA); 1798 gsm_dlci_open(dlci); 1799 } 1800 break; 1801 case DISC|PF: 1802 if (cr == 0) 1803 goto invalid; 1804 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 1805 gsm_response(gsm, address, DM); 1806 return; 1807 } 1808 /* Real close complete */ 1809 gsm_response(gsm, address, UA); 1810 gsm_dlci_close(dlci); 1811 break; 1812 case UA: 1813 case UA|PF: 1814 if (cr == 0 || dlci == NULL) 1815 break; 1816 switch (dlci->state) { 1817 case DLCI_CLOSING: 1818 gsm_dlci_close(dlci); 1819 break; 1820 case DLCI_OPENING: 1821 gsm_dlci_open(dlci); 1822 break; 1823 default: 1824 pr_debug("%s: unhandled state: %d\n", __func__, 1825 dlci->state); 1826 break; 1827 } 1828 break; 1829 case DM: /* DM can be valid unsolicited */ 1830 case DM|PF: 1831 if (cr) 1832 goto invalid; 1833 if (dlci == NULL) 1834 return; 1835 gsm_dlci_close(dlci); 1836 break; 1837 case UI: 1838 case UI|PF: 1839 case UIH: 1840 case UIH|PF: 1841 #if 0 1842 if (cr) 1843 goto invalid; 1844 #endif 1845 if (dlci == NULL || dlci->state != DLCI_OPEN) { 1846 gsm_command(gsm, address, DM|PF); 1847 return; 1848 } 1849 dlci->data(dlci, gsm->buf, gsm->len); 1850 break; 1851 default: 1852 goto invalid; 1853 } 1854 return; 1855 invalid: 1856 gsm->malformed++; 1857 return; 1858 } 1859 1860 1861 /** 1862 * gsm0_receive - perform processing for non-transparency 1863 * @gsm: gsm data for this ldisc instance 1864 * @c: character 1865 * 1866 * Receive bytes in gsm mode 0 1867 */ 1868 1869 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c) 1870 { 1871 unsigned int len; 1872 1873 switch (gsm->state) { 1874 case GSM_SEARCH: /* SOF marker */ 1875 if (c == GSM0_SOF) { 1876 gsm->state = GSM_ADDRESS; 1877 gsm->address = 0; 1878 gsm->len = 0; 1879 gsm->fcs = INIT_FCS; 1880 } 1881 break; 1882 case GSM_ADDRESS: /* Address EA */ 1883 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1884 if (gsm_read_ea(&gsm->address, c)) 1885 gsm->state = GSM_CONTROL; 1886 break; 1887 case GSM_CONTROL: /* Control Byte */ 1888 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1889 gsm->control = c; 1890 gsm->state = GSM_LEN0; 1891 break; 1892 case GSM_LEN0: /* Length EA */ 1893 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1894 if (gsm_read_ea(&gsm->len, c)) { 1895 if (gsm->len > gsm->mru) { 1896 gsm->bad_size++; 1897 gsm->state = GSM_SEARCH; 1898 break; 1899 } 1900 gsm->count = 0; 1901 if (!gsm->len) 1902 gsm->state = GSM_FCS; 1903 else 1904 gsm->state = GSM_DATA; 1905 break; 1906 } 1907 gsm->state = GSM_LEN1; 1908 break; 1909 case GSM_LEN1: 1910 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1911 len = c; 1912 gsm->len |= len << 7; 1913 if (gsm->len > gsm->mru) { 1914 gsm->bad_size++; 1915 gsm->state = GSM_SEARCH; 1916 break; 1917 } 1918 gsm->count = 0; 1919 if (!gsm->len) 1920 gsm->state = GSM_FCS; 1921 else 1922 gsm->state = GSM_DATA; 1923 break; 1924 case GSM_DATA: /* Data */ 1925 gsm->buf[gsm->count++] = c; 1926 if (gsm->count == gsm->len) 1927 gsm->state = GSM_FCS; 1928 break; 1929 case GSM_FCS: /* FCS follows the packet */ 1930 gsm->received_fcs = c; 1931 gsm_queue(gsm); 1932 gsm->state = GSM_SSOF; 1933 break; 1934 case GSM_SSOF: 1935 if (c == GSM0_SOF) { 1936 gsm->state = GSM_SEARCH; 1937 break; 1938 } 1939 break; 1940 default: 1941 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 1942 break; 1943 } 1944 } 1945 1946 /** 1947 * gsm1_receive - perform processing for non-transparency 1948 * @gsm: gsm data for this ldisc instance 1949 * @c: character 1950 * 1951 * Receive bytes in mode 1 (Advanced option) 1952 */ 1953 1954 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c) 1955 { 1956 if (c == GSM1_SOF) { 1957 /* EOF is only valid in frame if we have got to the data state 1958 and received at least one byte (the FCS) */ 1959 if (gsm->state == GSM_DATA && gsm->count) { 1960 /* Extract the FCS */ 1961 gsm->count--; 1962 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 1963 gsm->len = gsm->count; 1964 gsm_queue(gsm); 1965 gsm->state = GSM_START; 1966 return; 1967 } 1968 /* Any partial frame was a runt so go back to start */ 1969 if (gsm->state != GSM_START) { 1970 gsm->malformed++; 1971 gsm->state = GSM_START; 1972 } 1973 /* A SOF in GSM_START means we are still reading idling or 1974 framing bytes */ 1975 return; 1976 } 1977 1978 if (c == GSM1_ESCAPE) { 1979 gsm->escape = true; 1980 return; 1981 } 1982 1983 /* Only an unescaped SOF gets us out of GSM search */ 1984 if (gsm->state == GSM_SEARCH) 1985 return; 1986 1987 if (gsm->escape) { 1988 c ^= GSM1_ESCAPE_BITS; 1989 gsm->escape = false; 1990 } 1991 switch (gsm->state) { 1992 case GSM_START: /* First byte after SOF */ 1993 gsm->address = 0; 1994 gsm->state = GSM_ADDRESS; 1995 gsm->fcs = INIT_FCS; 1996 /* Fall through */ 1997 case GSM_ADDRESS: /* Address continuation */ 1998 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 1999 if (gsm_read_ea(&gsm->address, c)) 2000 gsm->state = GSM_CONTROL; 2001 break; 2002 case GSM_CONTROL: /* Control Byte */ 2003 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2004 gsm->control = c; 2005 gsm->count = 0; 2006 gsm->state = GSM_DATA; 2007 break; 2008 case GSM_DATA: /* Data */ 2009 if (gsm->count > gsm->mru) { /* Allow one for the FCS */ 2010 gsm->state = GSM_OVERRUN; 2011 gsm->bad_size++; 2012 } else 2013 gsm->buf[gsm->count++] = c; 2014 break; 2015 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */ 2016 break; 2017 default: 2018 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2019 break; 2020 } 2021 } 2022 2023 /** 2024 * gsm_error - handle tty error 2025 * @gsm: ldisc data 2026 * @data: byte received (may be invalid) 2027 * @flag: error received 2028 * 2029 * Handle an error in the receipt of data for a frame. Currently we just 2030 * go back to hunting for a SOF. 2031 * 2032 * FIXME: better diagnostics ? 2033 */ 2034 2035 static void gsm_error(struct gsm_mux *gsm, 2036 unsigned char data, unsigned char flag) 2037 { 2038 gsm->state = GSM_SEARCH; 2039 gsm->io_error++; 2040 } 2041 2042 static int gsm_disconnect(struct gsm_mux *gsm) 2043 { 2044 struct gsm_dlci *dlci = gsm->dlci[0]; 2045 struct gsm_control *gc; 2046 2047 if (!dlci) 2048 return 0; 2049 2050 /* In theory disconnecting DLCI 0 is sufficient but for some 2051 modems this is apparently not the case. */ 2052 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0); 2053 if (gc) 2054 gsm_control_wait(gsm, gc); 2055 2056 del_timer_sync(&gsm->t2_timer); 2057 /* Now we are sure T2 has stopped */ 2058 2059 gsm_dlci_begin_close(dlci); 2060 wait_event_interruptible(gsm->event, 2061 dlci->state == DLCI_CLOSED); 2062 2063 if (signal_pending(current)) 2064 return -EINTR; 2065 2066 return 0; 2067 } 2068 2069 /** 2070 * gsm_cleanup_mux - generic GSM protocol cleanup 2071 * @gsm: our mux 2072 * 2073 * Clean up the bits of the mux which are the same for all framing 2074 * protocols. Remove the mux from the mux table, stop all the timers 2075 * and then shut down each device hanging up the channels as we go. 2076 */ 2077 2078 static void gsm_cleanup_mux(struct gsm_mux *gsm) 2079 { 2080 int i; 2081 struct gsm_dlci *dlci = gsm->dlci[0]; 2082 struct gsm_msg *txq, *ntxq; 2083 2084 gsm->dead = true; 2085 2086 spin_lock(&gsm_mux_lock); 2087 for (i = 0; i < MAX_MUX; i++) { 2088 if (gsm_mux[i] == gsm) { 2089 gsm_mux[i] = NULL; 2090 break; 2091 } 2092 } 2093 spin_unlock(&gsm_mux_lock); 2094 /* open failed before registering => nothing to do */ 2095 if (i == MAX_MUX) 2096 return; 2097 2098 del_timer_sync(&gsm->t2_timer); 2099 /* Now we are sure T2 has stopped */ 2100 if (dlci) 2101 dlci->dead = true; 2102 2103 /* Free up any link layer users */ 2104 mutex_lock(&gsm->mutex); 2105 for (i = 0; i < NUM_DLCI; i++) 2106 if (gsm->dlci[i]) 2107 gsm_dlci_release(gsm->dlci[i]); 2108 mutex_unlock(&gsm->mutex); 2109 /* Now wipe the queues */ 2110 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list) 2111 kfree(txq); 2112 INIT_LIST_HEAD(&gsm->tx_list); 2113 } 2114 2115 /** 2116 * gsm_activate_mux - generic GSM setup 2117 * @gsm: our mux 2118 * 2119 * Set up the bits of the mux which are the same for all framing 2120 * protocols. Add the mux to the mux table so it can be opened and 2121 * finally kick off connecting to DLCI 0 on the modem. 2122 */ 2123 2124 static int gsm_activate_mux(struct gsm_mux *gsm) 2125 { 2126 struct gsm_dlci *dlci; 2127 int i = 0; 2128 2129 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 2130 init_waitqueue_head(&gsm->event); 2131 spin_lock_init(&gsm->control_lock); 2132 spin_lock_init(&gsm->tx_lock); 2133 2134 if (gsm->encoding == 0) 2135 gsm->receive = gsm0_receive; 2136 else 2137 gsm->receive = gsm1_receive; 2138 gsm->error = gsm_error; 2139 2140 spin_lock(&gsm_mux_lock); 2141 for (i = 0; i < MAX_MUX; i++) { 2142 if (gsm_mux[i] == NULL) { 2143 gsm->num = i; 2144 gsm_mux[i] = gsm; 2145 break; 2146 } 2147 } 2148 spin_unlock(&gsm_mux_lock); 2149 if (i == MAX_MUX) 2150 return -EBUSY; 2151 2152 dlci = gsm_dlci_alloc(gsm, 0); 2153 if (dlci == NULL) 2154 return -ENOMEM; 2155 gsm->dead = false; /* Tty opens are now permissible */ 2156 return 0; 2157 } 2158 2159 /** 2160 * gsm_free_mux - free up a mux 2161 * @mux: mux to free 2162 * 2163 * Dispose of allocated resources for a dead mux 2164 */ 2165 static void gsm_free_mux(struct gsm_mux *gsm) 2166 { 2167 kfree(gsm->txframe); 2168 kfree(gsm->buf); 2169 kfree(gsm); 2170 } 2171 2172 /** 2173 * gsm_free_muxr - free up a mux 2174 * @mux: mux to free 2175 * 2176 * Dispose of allocated resources for a dead mux 2177 */ 2178 static void gsm_free_muxr(struct kref *ref) 2179 { 2180 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 2181 gsm_free_mux(gsm); 2182 } 2183 2184 static inline void mux_get(struct gsm_mux *gsm) 2185 { 2186 kref_get(&gsm->ref); 2187 } 2188 2189 static inline void mux_put(struct gsm_mux *gsm) 2190 { 2191 kref_put(&gsm->ref, gsm_free_muxr); 2192 } 2193 2194 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 2195 { 2196 return gsm->num * NUM_DLCI; 2197 } 2198 2199 static inline unsigned int mux_line_to_num(unsigned int line) 2200 { 2201 return line / NUM_DLCI; 2202 } 2203 2204 /** 2205 * gsm_alloc_mux - allocate a mux 2206 * 2207 * Creates a new mux ready for activation. 2208 */ 2209 2210 static struct gsm_mux *gsm_alloc_mux(void) 2211 { 2212 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL); 2213 if (gsm == NULL) 2214 return NULL; 2215 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 2216 if (gsm->buf == NULL) { 2217 kfree(gsm); 2218 return NULL; 2219 } 2220 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL); 2221 if (gsm->txframe == NULL) { 2222 kfree(gsm->buf); 2223 kfree(gsm); 2224 return NULL; 2225 } 2226 spin_lock_init(&gsm->lock); 2227 mutex_init(&gsm->mutex); 2228 kref_init(&gsm->ref); 2229 INIT_LIST_HEAD(&gsm->tx_list); 2230 2231 gsm->t1 = T1; 2232 gsm->t2 = T2; 2233 gsm->n2 = N2; 2234 gsm->ftype = UIH; 2235 gsm->adaption = 1; 2236 gsm->encoding = 1; 2237 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 2238 gsm->mtu = 64; 2239 gsm->dead = true; /* Avoid early tty opens */ 2240 2241 return gsm; 2242 } 2243 2244 static void gsm_copy_config_values(struct gsm_mux *gsm, 2245 struct gsm_config *c) 2246 { 2247 memset(c, 0, sizeof(*c)); 2248 c->adaption = gsm->adaption; 2249 c->encapsulation = gsm->encoding; 2250 c->initiator = gsm->initiator; 2251 c->t1 = gsm->t1; 2252 c->t2 = gsm->t2; 2253 c->t3 = 0; /* Not supported */ 2254 c->n2 = gsm->n2; 2255 if (gsm->ftype == UIH) 2256 c->i = 1; 2257 else 2258 c->i = 2; 2259 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 2260 c->mru = gsm->mru; 2261 c->mtu = gsm->mtu; 2262 c->k = 0; 2263 } 2264 2265 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 2266 { 2267 int need_close = 0; 2268 int need_restart = 0; 2269 2270 /* Stuff we don't support yet - UI or I frame transport, windowing */ 2271 if ((c->adaption != 1 && c->adaption != 2) || c->k) 2272 return -EOPNOTSUPP; 2273 /* Check the MRU/MTU range looks sane */ 2274 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8) 2275 return -EINVAL; 2276 if (c->n2 < 3) 2277 return -EINVAL; 2278 if (c->encapsulation > 1) /* Basic, advanced, no I */ 2279 return -EINVAL; 2280 if (c->initiator > 1) 2281 return -EINVAL; 2282 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 2283 return -EINVAL; 2284 /* 2285 * See what is needed for reconfiguration 2286 */ 2287 2288 /* Timing fields */ 2289 if (c->t1 != 0 && c->t1 != gsm->t1) 2290 need_restart = 1; 2291 if (c->t2 != 0 && c->t2 != gsm->t2) 2292 need_restart = 1; 2293 if (c->encapsulation != gsm->encoding) 2294 need_restart = 1; 2295 if (c->adaption != gsm->adaption) 2296 need_restart = 1; 2297 /* Requires care */ 2298 if (c->initiator != gsm->initiator) 2299 need_close = 1; 2300 if (c->mru != gsm->mru) 2301 need_restart = 1; 2302 if (c->mtu != gsm->mtu) 2303 need_restart = 1; 2304 2305 /* 2306 * Close down what is needed, restart and initiate the new 2307 * configuration 2308 */ 2309 2310 if (need_close || need_restart) { 2311 int ret; 2312 2313 ret = gsm_disconnect(gsm); 2314 2315 if (ret) 2316 return ret; 2317 } 2318 if (need_restart) 2319 gsm_cleanup_mux(gsm); 2320 2321 gsm->initiator = c->initiator; 2322 gsm->mru = c->mru; 2323 gsm->mtu = c->mtu; 2324 gsm->encoding = c->encapsulation; 2325 gsm->adaption = c->adaption; 2326 gsm->n2 = c->n2; 2327 2328 if (c->i == 1) 2329 gsm->ftype = UIH; 2330 else if (c->i == 2) 2331 gsm->ftype = UI; 2332 2333 if (c->t1) 2334 gsm->t1 = c->t1; 2335 if (c->t2) 2336 gsm->t2 = c->t2; 2337 2338 /* 2339 * FIXME: We need to separate activation/deactivation from adding 2340 * and removing from the mux array 2341 */ 2342 if (need_restart) 2343 gsm_activate_mux(gsm); 2344 if (gsm->initiator && need_close) 2345 gsm_dlci_begin_open(gsm->dlci[0]); 2346 return 0; 2347 } 2348 2349 /** 2350 * gsmld_output - write to link 2351 * @gsm: our mux 2352 * @data: bytes to output 2353 * @len: size 2354 * 2355 * Write a block of data from the GSM mux to the data channel. This 2356 * will eventually be serialized from above but at the moment isn't. 2357 */ 2358 2359 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 2360 { 2361 if (tty_write_room(gsm->tty) < len) { 2362 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 2363 return -ENOSPC; 2364 } 2365 if (debug & 4) 2366 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET, 2367 data, len); 2368 gsm->tty->ops->write(gsm->tty, data, len); 2369 return len; 2370 } 2371 2372 /** 2373 * gsmld_attach_gsm - mode set up 2374 * @tty: our tty structure 2375 * @gsm: our mux 2376 * 2377 * Set up the MUX for basic mode and commence connecting to the 2378 * modem. Currently called from the line discipline set up but 2379 * will need moving to an ioctl path. 2380 */ 2381 2382 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2383 { 2384 unsigned int base; 2385 int ret, i; 2386 2387 gsm->tty = tty_kref_get(tty); 2388 gsm->output = gsmld_output; 2389 ret = gsm_activate_mux(gsm); 2390 if (ret != 0) 2391 tty_kref_put(gsm->tty); 2392 else { 2393 /* Don't register device 0 - this is the control channel and not 2394 a usable tty interface */ 2395 base = mux_num_to_base(gsm); /* Base for this MUX */ 2396 for (i = 1; i < NUM_DLCI; i++) 2397 tty_register_device(gsm_tty_driver, base + i, NULL); 2398 } 2399 return ret; 2400 } 2401 2402 2403 /** 2404 * gsmld_detach_gsm - stop doing 0710 mux 2405 * @tty: tty attached to the mux 2406 * @gsm: mux 2407 * 2408 * Shutdown and then clean up the resources used by the line discipline 2409 */ 2410 2411 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2412 { 2413 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */ 2414 int i; 2415 2416 WARN_ON(tty != gsm->tty); 2417 for (i = 1; i < NUM_DLCI; i++) 2418 tty_unregister_device(gsm_tty_driver, base + i); 2419 gsm_cleanup_mux(gsm); 2420 tty_kref_put(gsm->tty); 2421 gsm->tty = NULL; 2422 } 2423 2424 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp, 2425 char *fp, int count) 2426 { 2427 struct gsm_mux *gsm = tty->disc_data; 2428 const unsigned char *dp; 2429 char *f; 2430 int i; 2431 char flags = TTY_NORMAL; 2432 2433 if (debug & 4) 2434 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET, 2435 cp, count); 2436 2437 for (i = count, dp = cp, f = fp; i; i--, dp++) { 2438 if (f) 2439 flags = *f++; 2440 switch (flags) { 2441 case TTY_NORMAL: 2442 gsm->receive(gsm, *dp); 2443 break; 2444 case TTY_OVERRUN: 2445 case TTY_BREAK: 2446 case TTY_PARITY: 2447 case TTY_FRAME: 2448 gsm->error(gsm, *dp, flags); 2449 break; 2450 default: 2451 WARN_ONCE(1, "%s: unknown flag %d\n", 2452 tty_name(tty), flags); 2453 break; 2454 } 2455 } 2456 /* FASYNC if needed ? */ 2457 /* If clogged call tty_throttle(tty); */ 2458 } 2459 2460 /** 2461 * gsmld_flush_buffer - clean input queue 2462 * @tty: terminal device 2463 * 2464 * Flush the input buffer. Called when the line discipline is 2465 * being closed, when the tty layer wants the buffer flushed (eg 2466 * at hangup). 2467 */ 2468 2469 static void gsmld_flush_buffer(struct tty_struct *tty) 2470 { 2471 } 2472 2473 /** 2474 * gsmld_close - close the ldisc for this tty 2475 * @tty: device 2476 * 2477 * Called from the terminal layer when this line discipline is 2478 * being shut down, either because of a close or becsuse of a 2479 * discipline change. The function will not be called while other 2480 * ldisc methods are in progress. 2481 */ 2482 2483 static void gsmld_close(struct tty_struct *tty) 2484 { 2485 struct gsm_mux *gsm = tty->disc_data; 2486 2487 gsmld_detach_gsm(tty, gsm); 2488 2489 gsmld_flush_buffer(tty); 2490 /* Do other clean up here */ 2491 mux_put(gsm); 2492 } 2493 2494 /** 2495 * gsmld_open - open an ldisc 2496 * @tty: terminal to open 2497 * 2498 * Called when this line discipline is being attached to the 2499 * terminal device. Can sleep. Called serialized so that no 2500 * other events will occur in parallel. No further open will occur 2501 * until a close. 2502 */ 2503 2504 static int gsmld_open(struct tty_struct *tty) 2505 { 2506 struct gsm_mux *gsm; 2507 int ret; 2508 2509 if (tty->ops->write == NULL) 2510 return -EINVAL; 2511 2512 /* Attach our ldisc data */ 2513 gsm = gsm_alloc_mux(); 2514 if (gsm == NULL) 2515 return -ENOMEM; 2516 2517 tty->disc_data = gsm; 2518 tty->receive_room = 65536; 2519 2520 /* Attach the initial passive connection */ 2521 gsm->encoding = 1; 2522 2523 ret = gsmld_attach_gsm(tty, gsm); 2524 if (ret != 0) { 2525 gsm_cleanup_mux(gsm); 2526 mux_put(gsm); 2527 } 2528 return ret; 2529 } 2530 2531 /** 2532 * gsmld_write_wakeup - asynchronous I/O notifier 2533 * @tty: tty device 2534 * 2535 * Required for the ptys, serial driver etc. since processes 2536 * that attach themselves to the master and rely on ASYNC 2537 * IO must be woken up 2538 */ 2539 2540 static void gsmld_write_wakeup(struct tty_struct *tty) 2541 { 2542 struct gsm_mux *gsm = tty->disc_data; 2543 unsigned long flags; 2544 2545 /* Queue poll */ 2546 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2547 spin_lock_irqsave(&gsm->tx_lock, flags); 2548 gsm_data_kick(gsm); 2549 if (gsm->tx_bytes < TX_THRESH_LO) { 2550 gsm_dlci_data_sweep(gsm); 2551 } 2552 spin_unlock_irqrestore(&gsm->tx_lock, flags); 2553 } 2554 2555 /** 2556 * gsmld_read - read function for tty 2557 * @tty: tty device 2558 * @file: file object 2559 * @buf: userspace buffer pointer 2560 * @nr: size of I/O 2561 * 2562 * Perform reads for the line discipline. We are guaranteed that the 2563 * line discipline will not be closed under us but we may get multiple 2564 * parallel readers and must handle this ourselves. We may also get 2565 * a hangup. Always called in user context, may sleep. 2566 * 2567 * This code must be sure never to sleep through a hangup. 2568 */ 2569 2570 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, 2571 unsigned char __user *buf, size_t nr) 2572 { 2573 return -EOPNOTSUPP; 2574 } 2575 2576 /** 2577 * gsmld_write - write function for tty 2578 * @tty: tty device 2579 * @file: file object 2580 * @buf: userspace buffer pointer 2581 * @nr: size of I/O 2582 * 2583 * Called when the owner of the device wants to send a frame 2584 * itself (or some other control data). The data is transferred 2585 * as-is and must be properly framed and checksummed as appropriate 2586 * by userspace. Frames are either sent whole or not at all as this 2587 * avoids pain user side. 2588 */ 2589 2590 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 2591 const unsigned char *buf, size_t nr) 2592 { 2593 int space = tty_write_room(tty); 2594 if (space >= nr) 2595 return tty->ops->write(tty, buf, nr); 2596 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 2597 return -ENOBUFS; 2598 } 2599 2600 /** 2601 * gsmld_poll - poll method for N_GSM0710 2602 * @tty: terminal device 2603 * @file: file accessing it 2604 * @wait: poll table 2605 * 2606 * Called when the line discipline is asked to poll() for data or 2607 * for special events. This code is not serialized with respect to 2608 * other events save open/close. 2609 * 2610 * This code must be sure never to sleep through a hangup. 2611 * Called without the kernel lock held - fine 2612 */ 2613 2614 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 2615 poll_table *wait) 2616 { 2617 __poll_t mask = 0; 2618 struct gsm_mux *gsm = tty->disc_data; 2619 2620 poll_wait(file, &tty->read_wait, wait); 2621 poll_wait(file, &tty->write_wait, wait); 2622 if (tty_hung_up_p(file)) 2623 mask |= EPOLLHUP; 2624 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 2625 mask |= EPOLLOUT | EPOLLWRNORM; 2626 if (gsm->dead) 2627 mask |= EPOLLHUP; 2628 return mask; 2629 } 2630 2631 static int gsmld_ioctl(struct tty_struct *tty, struct file *file, 2632 unsigned int cmd, unsigned long arg) 2633 { 2634 struct gsm_config c; 2635 struct gsm_mux *gsm = tty->disc_data; 2636 unsigned int base; 2637 2638 switch (cmd) { 2639 case GSMIOC_GETCONF: 2640 gsm_copy_config_values(gsm, &c); 2641 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 2642 return -EFAULT; 2643 return 0; 2644 case GSMIOC_SETCONF: 2645 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 2646 return -EFAULT; 2647 return gsm_config(gsm, &c); 2648 case GSMIOC_GETFIRST: 2649 base = mux_num_to_base(gsm); 2650 return put_user(base + 1, (__u32 __user *)arg); 2651 default: 2652 return n_tty_ioctl_helper(tty, file, cmd, arg); 2653 } 2654 } 2655 2656 /* 2657 * Network interface 2658 * 2659 */ 2660 2661 static int gsm_mux_net_open(struct net_device *net) 2662 { 2663 pr_debug("%s called\n", __func__); 2664 netif_start_queue(net); 2665 return 0; 2666 } 2667 2668 static int gsm_mux_net_close(struct net_device *net) 2669 { 2670 netif_stop_queue(net); 2671 return 0; 2672 } 2673 2674 static void dlci_net_free(struct gsm_dlci *dlci) 2675 { 2676 if (!dlci->net) { 2677 WARN_ON(1); 2678 return; 2679 } 2680 dlci->adaption = dlci->prev_adaption; 2681 dlci->data = dlci->prev_data; 2682 free_netdev(dlci->net); 2683 dlci->net = NULL; 2684 } 2685 static void net_free(struct kref *ref) 2686 { 2687 struct gsm_mux_net *mux_net; 2688 struct gsm_dlci *dlci; 2689 2690 mux_net = container_of(ref, struct gsm_mux_net, ref); 2691 dlci = mux_net->dlci; 2692 2693 if (dlci->net) { 2694 unregister_netdev(dlci->net); 2695 dlci_net_free(dlci); 2696 } 2697 } 2698 2699 static inline void muxnet_get(struct gsm_mux_net *mux_net) 2700 { 2701 kref_get(&mux_net->ref); 2702 } 2703 2704 static inline void muxnet_put(struct gsm_mux_net *mux_net) 2705 { 2706 kref_put(&mux_net->ref, net_free); 2707 } 2708 2709 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 2710 struct net_device *net) 2711 { 2712 struct gsm_mux_net *mux_net = netdev_priv(net); 2713 struct gsm_dlci *dlci = mux_net->dlci; 2714 muxnet_get(mux_net); 2715 2716 skb_queue_head(&dlci->skb_list, skb); 2717 net->stats.tx_packets++; 2718 net->stats.tx_bytes += skb->len; 2719 gsm_dlci_data_kick(dlci); 2720 /* And tell the kernel when the last transmit started. */ 2721 netif_trans_update(net); 2722 muxnet_put(mux_net); 2723 return NETDEV_TX_OK; 2724 } 2725 2726 /* called when a packet did not ack after watchdogtimeout */ 2727 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 2728 { 2729 /* Tell syslog we are hosed. */ 2730 dev_dbg(&net->dev, "Tx timed out.\n"); 2731 2732 /* Update statistics */ 2733 net->stats.tx_errors++; 2734 } 2735 2736 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, 2737 const unsigned char *in_buf, int size) 2738 { 2739 struct net_device *net = dlci->net; 2740 struct sk_buff *skb; 2741 struct gsm_mux_net *mux_net = netdev_priv(net); 2742 muxnet_get(mux_net); 2743 2744 /* Allocate an sk_buff */ 2745 skb = dev_alloc_skb(size + NET_IP_ALIGN); 2746 if (!skb) { 2747 /* We got no receive buffer. */ 2748 net->stats.rx_dropped++; 2749 muxnet_put(mux_net); 2750 return; 2751 } 2752 skb_reserve(skb, NET_IP_ALIGN); 2753 skb_put_data(skb, in_buf, size); 2754 2755 skb->dev = net; 2756 skb->protocol = htons(ETH_P_IP); 2757 2758 /* Ship it off to the kernel */ 2759 netif_rx(skb); 2760 2761 /* update out statistics */ 2762 net->stats.rx_packets++; 2763 net->stats.rx_bytes += size; 2764 muxnet_put(mux_net); 2765 return; 2766 } 2767 2768 static void gsm_mux_net_init(struct net_device *net) 2769 { 2770 static const struct net_device_ops gsm_netdev_ops = { 2771 .ndo_open = gsm_mux_net_open, 2772 .ndo_stop = gsm_mux_net_close, 2773 .ndo_start_xmit = gsm_mux_net_start_xmit, 2774 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 2775 }; 2776 2777 net->netdev_ops = &gsm_netdev_ops; 2778 2779 /* fill in the other fields */ 2780 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 2781 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 2782 net->type = ARPHRD_NONE; 2783 net->tx_queue_len = 10; 2784 } 2785 2786 2787 /* caller holds the dlci mutex */ 2788 static void gsm_destroy_network(struct gsm_dlci *dlci) 2789 { 2790 struct gsm_mux_net *mux_net; 2791 2792 pr_debug("destroy network interface\n"); 2793 if (!dlci->net) 2794 return; 2795 mux_net = netdev_priv(dlci->net); 2796 muxnet_put(mux_net); 2797 } 2798 2799 2800 /* caller holds the dlci mutex */ 2801 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 2802 { 2803 char *netname; 2804 int retval = 0; 2805 struct net_device *net; 2806 struct gsm_mux_net *mux_net; 2807 2808 if (!capable(CAP_NET_ADMIN)) 2809 return -EPERM; 2810 2811 /* Already in a non tty mode */ 2812 if (dlci->adaption > 2) 2813 return -EBUSY; 2814 2815 if (nc->protocol != htons(ETH_P_IP)) 2816 return -EPROTONOSUPPORT; 2817 2818 if (nc->adaption != 3 && nc->adaption != 4) 2819 return -EPROTONOSUPPORT; 2820 2821 pr_debug("create network interface\n"); 2822 2823 netname = "gsm%d"; 2824 if (nc->if_name[0] != '\0') 2825 netname = nc->if_name; 2826 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 2827 NET_NAME_UNKNOWN, gsm_mux_net_init); 2828 if (!net) { 2829 pr_err("alloc_netdev failed\n"); 2830 return -ENOMEM; 2831 } 2832 net->mtu = dlci->gsm->mtu; 2833 net->min_mtu = 8; 2834 net->max_mtu = dlci->gsm->mtu; 2835 mux_net = netdev_priv(net); 2836 mux_net->dlci = dlci; 2837 kref_init(&mux_net->ref); 2838 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */ 2839 2840 /* reconfigure dlci for network */ 2841 dlci->prev_adaption = dlci->adaption; 2842 dlci->prev_data = dlci->data; 2843 dlci->adaption = nc->adaption; 2844 dlci->data = gsm_mux_rx_netchar; 2845 dlci->net = net; 2846 2847 pr_debug("register netdev\n"); 2848 retval = register_netdev(net); 2849 if (retval) { 2850 pr_err("network register fail %d\n", retval); 2851 dlci_net_free(dlci); 2852 return retval; 2853 } 2854 return net->ifindex; /* return network index */ 2855 } 2856 2857 /* Line discipline for real tty */ 2858 static struct tty_ldisc_ops tty_ldisc_packet = { 2859 .owner = THIS_MODULE, 2860 .magic = TTY_LDISC_MAGIC, 2861 .name = "n_gsm", 2862 .open = gsmld_open, 2863 .close = gsmld_close, 2864 .flush_buffer = gsmld_flush_buffer, 2865 .read = gsmld_read, 2866 .write = gsmld_write, 2867 .ioctl = gsmld_ioctl, 2868 .poll = gsmld_poll, 2869 .receive_buf = gsmld_receive_buf, 2870 .write_wakeup = gsmld_write_wakeup 2871 }; 2872 2873 /* 2874 * Virtual tty side 2875 */ 2876 2877 #define TX_SIZE 512 2878 2879 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk) 2880 { 2881 u8 modembits[5]; 2882 struct gsm_control *ctrl; 2883 int len = 2; 2884 2885 if (brk) 2886 len++; 2887 2888 modembits[0] = len << 1 | EA; /* Data bytes */ 2889 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */ 2890 modembits[2] = gsm_encode_modem(dlci) << 1 | EA; 2891 if (brk) 2892 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */ 2893 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1); 2894 if (ctrl == NULL) 2895 return -ENOMEM; 2896 return gsm_control_wait(dlci->gsm, ctrl); 2897 } 2898 2899 static int gsm_carrier_raised(struct tty_port *port) 2900 { 2901 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2902 struct gsm_mux *gsm = dlci->gsm; 2903 2904 /* Not yet open so no carrier info */ 2905 if (dlci->state != DLCI_OPEN) 2906 return 0; 2907 if (debug & 2) 2908 return 1; 2909 2910 /* 2911 * Basic mode with control channel in ADM mode may not respond 2912 * to CMD_MSC at all and modem_rx is empty. 2913 */ 2914 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM && 2915 !dlci->modem_rx) 2916 return 1; 2917 2918 return dlci->modem_rx & TIOCM_CD; 2919 } 2920 2921 static void gsm_dtr_rts(struct tty_port *port, int onoff) 2922 { 2923 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2924 unsigned int modem_tx = dlci->modem_tx; 2925 if (onoff) 2926 modem_tx |= TIOCM_DTR | TIOCM_RTS; 2927 else 2928 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 2929 if (modem_tx != dlci->modem_tx) { 2930 dlci->modem_tx = modem_tx; 2931 gsmtty_modem_update(dlci, 0); 2932 } 2933 } 2934 2935 static const struct tty_port_operations gsm_port_ops = { 2936 .carrier_raised = gsm_carrier_raised, 2937 .dtr_rts = gsm_dtr_rts, 2938 .destruct = gsm_dlci_free, 2939 }; 2940 2941 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 2942 { 2943 struct gsm_mux *gsm; 2944 struct gsm_dlci *dlci; 2945 unsigned int line = tty->index; 2946 unsigned int mux = mux_line_to_num(line); 2947 bool alloc = false; 2948 int ret; 2949 2950 line = line & 0x3F; 2951 2952 if (mux >= MAX_MUX) 2953 return -ENXIO; 2954 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 2955 if (gsm_mux[mux] == NULL) 2956 return -EUNATCH; 2957 if (line == 0 || line > 61) /* 62/63 reserved */ 2958 return -ECHRNG; 2959 gsm = gsm_mux[mux]; 2960 if (gsm->dead) 2961 return -EL2HLT; 2962 /* If DLCI 0 is not yet fully open return an error. 2963 This is ok from a locking 2964 perspective as we don't have to worry about this 2965 if DLCI0 is lost */ 2966 mutex_lock(&gsm->mutex); 2967 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) { 2968 mutex_unlock(&gsm->mutex); 2969 return -EL2NSYNC; 2970 } 2971 dlci = gsm->dlci[line]; 2972 if (dlci == NULL) { 2973 alloc = true; 2974 dlci = gsm_dlci_alloc(gsm, line); 2975 } 2976 if (dlci == NULL) { 2977 mutex_unlock(&gsm->mutex); 2978 return -ENOMEM; 2979 } 2980 ret = tty_port_install(&dlci->port, driver, tty); 2981 if (ret) { 2982 if (alloc) 2983 dlci_put(dlci); 2984 mutex_unlock(&gsm->mutex); 2985 return ret; 2986 } 2987 2988 dlci_get(dlci); 2989 dlci_get(gsm->dlci[0]); 2990 mux_get(gsm); 2991 tty->driver_data = dlci; 2992 mutex_unlock(&gsm->mutex); 2993 2994 return 0; 2995 } 2996 2997 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 2998 { 2999 struct gsm_dlci *dlci = tty->driver_data; 3000 struct tty_port *port = &dlci->port; 3001 3002 port->count++; 3003 tty_port_tty_set(port, tty); 3004 3005 dlci->modem_rx = 0; 3006 /* We could in theory open and close before we wait - eg if we get 3007 a DM straight back. This is ok as that will have caused a hangup */ 3008 tty_port_set_initialized(port, 1); 3009 /* Start sending off SABM messages */ 3010 gsm_dlci_begin_open(dlci); 3011 /* And wait for virtual carrier */ 3012 return tty_port_block_til_ready(port, tty, filp); 3013 } 3014 3015 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 3016 { 3017 struct gsm_dlci *dlci = tty->driver_data; 3018 3019 if (dlci == NULL) 3020 return; 3021 if (dlci->state == DLCI_CLOSED) 3022 return; 3023 mutex_lock(&dlci->mutex); 3024 gsm_destroy_network(dlci); 3025 mutex_unlock(&dlci->mutex); 3026 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 3027 return; 3028 gsm_dlci_begin_close(dlci); 3029 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 3030 tty_port_lower_dtr_rts(&dlci->port); 3031 tty_port_close_end(&dlci->port, tty); 3032 tty_port_tty_set(&dlci->port, NULL); 3033 return; 3034 } 3035 3036 static void gsmtty_hangup(struct tty_struct *tty) 3037 { 3038 struct gsm_dlci *dlci = tty->driver_data; 3039 if (dlci->state == DLCI_CLOSED) 3040 return; 3041 tty_port_hangup(&dlci->port); 3042 gsm_dlci_begin_close(dlci); 3043 } 3044 3045 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, 3046 int len) 3047 { 3048 int sent; 3049 struct gsm_dlci *dlci = tty->driver_data; 3050 if (dlci->state == DLCI_CLOSED) 3051 return -EINVAL; 3052 /* Stuff the bytes into the fifo queue */ 3053 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 3054 /* Need to kick the channel */ 3055 gsm_dlci_data_kick(dlci); 3056 return sent; 3057 } 3058 3059 static int gsmtty_write_room(struct tty_struct *tty) 3060 { 3061 struct gsm_dlci *dlci = tty->driver_data; 3062 if (dlci->state == DLCI_CLOSED) 3063 return -EINVAL; 3064 return TX_SIZE - kfifo_len(&dlci->fifo); 3065 } 3066 3067 static int gsmtty_chars_in_buffer(struct tty_struct *tty) 3068 { 3069 struct gsm_dlci *dlci = tty->driver_data; 3070 if (dlci->state == DLCI_CLOSED) 3071 return -EINVAL; 3072 return kfifo_len(&dlci->fifo); 3073 } 3074 3075 static void gsmtty_flush_buffer(struct tty_struct *tty) 3076 { 3077 struct gsm_dlci *dlci = tty->driver_data; 3078 if (dlci->state == DLCI_CLOSED) 3079 return; 3080 /* Caution needed: If we implement reliable transport classes 3081 then the data being transmitted can't simply be junked once 3082 it has first hit the stack. Until then we can just blow it 3083 away */ 3084 kfifo_reset(&dlci->fifo); 3085 /* Need to unhook this DLCI from the transmit queue logic */ 3086 } 3087 3088 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 3089 { 3090 /* The FIFO handles the queue so the kernel will do the right 3091 thing waiting on chars_in_buffer before calling us. No work 3092 to do here */ 3093 } 3094 3095 static int gsmtty_tiocmget(struct tty_struct *tty) 3096 { 3097 struct gsm_dlci *dlci = tty->driver_data; 3098 if (dlci->state == DLCI_CLOSED) 3099 return -EINVAL; 3100 return dlci->modem_rx; 3101 } 3102 3103 static int gsmtty_tiocmset(struct tty_struct *tty, 3104 unsigned int set, unsigned int clear) 3105 { 3106 struct gsm_dlci *dlci = tty->driver_data; 3107 unsigned int modem_tx = dlci->modem_tx; 3108 3109 if (dlci->state == DLCI_CLOSED) 3110 return -EINVAL; 3111 modem_tx &= ~clear; 3112 modem_tx |= set; 3113 3114 if (modem_tx != dlci->modem_tx) { 3115 dlci->modem_tx = modem_tx; 3116 return gsmtty_modem_update(dlci, 0); 3117 } 3118 return 0; 3119 } 3120 3121 3122 static int gsmtty_ioctl(struct tty_struct *tty, 3123 unsigned int cmd, unsigned long arg) 3124 { 3125 struct gsm_dlci *dlci = tty->driver_data; 3126 struct gsm_netconfig nc; 3127 int index; 3128 3129 if (dlci->state == DLCI_CLOSED) 3130 return -EINVAL; 3131 switch (cmd) { 3132 case GSMIOC_ENABLE_NET: 3133 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 3134 return -EFAULT; 3135 nc.if_name[IFNAMSIZ-1] = '\0'; 3136 /* return net interface index or error code */ 3137 mutex_lock(&dlci->mutex); 3138 index = gsm_create_network(dlci, &nc); 3139 mutex_unlock(&dlci->mutex); 3140 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 3141 return -EFAULT; 3142 return index; 3143 case GSMIOC_DISABLE_NET: 3144 if (!capable(CAP_NET_ADMIN)) 3145 return -EPERM; 3146 mutex_lock(&dlci->mutex); 3147 gsm_destroy_network(dlci); 3148 mutex_unlock(&dlci->mutex); 3149 return 0; 3150 default: 3151 return -ENOIOCTLCMD; 3152 } 3153 } 3154 3155 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) 3156 { 3157 struct gsm_dlci *dlci = tty->driver_data; 3158 if (dlci->state == DLCI_CLOSED) 3159 return; 3160 /* For the moment its fixed. In actual fact the speed information 3161 for the virtual channel can be propogated in both directions by 3162 the RPN control message. This however rapidly gets nasty as we 3163 then have to remap modem signals each way according to whether 3164 our virtual cable is null modem etc .. */ 3165 tty_termios_copy_hw(&tty->termios, old); 3166 } 3167 3168 static void gsmtty_throttle(struct tty_struct *tty) 3169 { 3170 struct gsm_dlci *dlci = tty->driver_data; 3171 if (dlci->state == DLCI_CLOSED) 3172 return; 3173 if (C_CRTSCTS(tty)) 3174 dlci->modem_tx &= ~TIOCM_DTR; 3175 dlci->throttled = true; 3176 /* Send an MSC with DTR cleared */ 3177 gsmtty_modem_update(dlci, 0); 3178 } 3179 3180 static void gsmtty_unthrottle(struct tty_struct *tty) 3181 { 3182 struct gsm_dlci *dlci = tty->driver_data; 3183 if (dlci->state == DLCI_CLOSED) 3184 return; 3185 if (C_CRTSCTS(tty)) 3186 dlci->modem_tx |= TIOCM_DTR; 3187 dlci->throttled = false; 3188 /* Send an MSC with DTR set */ 3189 gsmtty_modem_update(dlci, 0); 3190 } 3191 3192 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 3193 { 3194 struct gsm_dlci *dlci = tty->driver_data; 3195 int encode = 0; /* Off */ 3196 if (dlci->state == DLCI_CLOSED) 3197 return -EINVAL; 3198 3199 if (state == -1) /* "On indefinitely" - we can't encode this 3200 properly */ 3201 encode = 0x0F; 3202 else if (state > 0) { 3203 encode = state / 200; /* mS to encoding */ 3204 if (encode > 0x0F) 3205 encode = 0x0F; /* Best effort */ 3206 } 3207 return gsmtty_modem_update(dlci, encode); 3208 } 3209 3210 static void gsmtty_cleanup(struct tty_struct *tty) 3211 { 3212 struct gsm_dlci *dlci = tty->driver_data; 3213 struct gsm_mux *gsm = dlci->gsm; 3214 3215 dlci_put(dlci); 3216 dlci_put(gsm->dlci[0]); 3217 mux_put(gsm); 3218 } 3219 3220 /* Virtual ttys for the demux */ 3221 static const struct tty_operations gsmtty_ops = { 3222 .install = gsmtty_install, 3223 .open = gsmtty_open, 3224 .close = gsmtty_close, 3225 .write = gsmtty_write, 3226 .write_room = gsmtty_write_room, 3227 .chars_in_buffer = gsmtty_chars_in_buffer, 3228 .flush_buffer = gsmtty_flush_buffer, 3229 .ioctl = gsmtty_ioctl, 3230 .throttle = gsmtty_throttle, 3231 .unthrottle = gsmtty_unthrottle, 3232 .set_termios = gsmtty_set_termios, 3233 .hangup = gsmtty_hangup, 3234 .wait_until_sent = gsmtty_wait_until_sent, 3235 .tiocmget = gsmtty_tiocmget, 3236 .tiocmset = gsmtty_tiocmset, 3237 .break_ctl = gsmtty_break_ctl, 3238 .cleanup = gsmtty_cleanup, 3239 }; 3240 3241 3242 3243 static int __init gsm_init(void) 3244 { 3245 /* Fill in our line protocol discipline, and register it */ 3246 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet); 3247 if (status != 0) { 3248 pr_err("n_gsm: can't register line discipline (err = %d)\n", 3249 status); 3250 return status; 3251 } 3252 3253 gsm_tty_driver = alloc_tty_driver(256); 3254 if (!gsm_tty_driver) { 3255 tty_unregister_ldisc(N_GSM0710); 3256 pr_err("gsm_init: tty allocation failed.\n"); 3257 return -EINVAL; 3258 } 3259 gsm_tty_driver->driver_name = "gsmtty"; 3260 gsm_tty_driver->name = "gsmtty"; 3261 gsm_tty_driver->major = 0; /* Dynamic */ 3262 gsm_tty_driver->minor_start = 0; 3263 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 3264 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 3265 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV 3266 | TTY_DRIVER_HARDWARE_BREAK; 3267 gsm_tty_driver->init_termios = tty_std_termios; 3268 /* Fixme */ 3269 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 3270 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 3271 3272 spin_lock_init(&gsm_mux_lock); 3273 3274 if (tty_register_driver(gsm_tty_driver)) { 3275 put_tty_driver(gsm_tty_driver); 3276 tty_unregister_ldisc(N_GSM0710); 3277 pr_err("gsm_init: tty registration failed.\n"); 3278 return -EBUSY; 3279 } 3280 pr_debug("gsm_init: loaded as %d,%d.\n", 3281 gsm_tty_driver->major, gsm_tty_driver->minor_start); 3282 return 0; 3283 } 3284 3285 static void __exit gsm_exit(void) 3286 { 3287 int status = tty_unregister_ldisc(N_GSM0710); 3288 if (status != 0) 3289 pr_err("n_gsm: can't unregister line discipline (err = %d)\n", 3290 status); 3291 tty_unregister_driver(gsm_tty_driver); 3292 put_tty_driver(gsm_tty_driver); 3293 } 3294 3295 module_init(gsm_init); 3296 module_exit(gsm_exit); 3297 3298 3299 MODULE_LICENSE("GPL"); 3300 MODULE_ALIAS_LDISC(N_GSM0710); 3301