1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 * Copyright (c) 2022/23 Siemens Mobility GmbH
6 *
7 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
8 *
9 * Outgoing path:
10 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc
11 * control message -> GSM MUX control queue --´
12 *
13 * Incoming path:
14 * ldisc -> gsm_queue() -o--> tty
15 * `-> gsm_control_response()
16 *
17 * TO DO:
18 * Mostly done: ioctls for setting modes/timing
19 * Partly done: hooks so you can pull off frames to non tty devs
20 * Restart DLCI 0 when it closes ?
21 * Improve the tx engine
22 * Resolve tx side locking by adding a queue_head and routing
23 * all control traffic via it
24 * General tidy/document
25 * Review the locking/move to refcounts more (mux now moved to an
26 * alloc/free model ready)
27 * Use newest tty open/close port helpers and install hooks
28 * What to do about power functions ?
29 * Termios setting and negotiation
30 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
31 *
32 */
33
34 #include <linux/types.h>
35 #include <linux/major.h>
36 #include <linux/errno.h>
37 #include <linux/signal.h>
38 #include <linux/fcntl.h>
39 #include <linux/sched/signal.h>
40 #include <linux/interrupt.h>
41 #include <linux/tty.h>
42 #include <linux/bitfield.h>
43 #include <linux/ctype.h>
44 #include <linux/mm.h>
45 #include <linux/math.h>
46 #include <linux/nospec.h>
47 #include <linux/string.h>
48 #include <linux/slab.h>
49 #include <linux/poll.h>
50 #include <linux/bitops.h>
51 #include <linux/file.h>
52 #include <linux/uaccess.h>
53 #include <linux/module.h>
54 #include <linux/timer.h>
55 #include <linux/tty_flip.h>
56 #include <linux/tty_driver.h>
57 #include <linux/serial.h>
58 #include <linux/kfifo.h>
59 #include <linux/skbuff.h>
60 #include <net/arp.h>
61 #include <linux/ip.h>
62 #include <linux/netdevice.h>
63 #include <linux/etherdevice.h>
64 #include <linux/gsmmux.h>
65 #include "tty.h"
66
67 static int debug;
68 module_param(debug, int, 0600);
69
70 /* Module debug bits */
71 #define DBG_DUMP BIT(0) /* Data transmission dump. */
72 #define DBG_CD_ON BIT(1) /* Always assume CD line on. */
73 #define DBG_DATA BIT(2) /* Data transmission details. */
74 #define DBG_ERRORS BIT(3) /* Details for fail conditions. */
75 #define DBG_TTY BIT(4) /* Transmission statistics for DLCI TTYs. */
76 #define DBG_PAYLOAD BIT(5) /* Limits DBG_DUMP to payload frames. */
77
78 /* Defaults: these are from the specification */
79
80 #define T1 10 /* 100mS */
81 #define T2 34 /* 333mS */
82 #define T3 10 /* 10s */
83 #define N2 3 /* Retry 3 times */
84 #define K 2 /* outstanding I frames */
85
86 #define MAX_T3 255 /* In seconds. */
87 #define MAX_WINDOW_SIZE 7 /* Limit of K in error recovery mode. */
88
89 /* Use long timers for testing at low speed with debug on */
90 #ifdef DEBUG_TIMING
91 #define T1 100
92 #define T2 200
93 #endif
94
95 /*
96 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
97 * limits so this is plenty
98 */
99 #define MAX_MRU 1500
100 #define MAX_MTU 1500
101 #define MIN_MTU (PROT_OVERHEAD + 1)
102 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
103 #define PROT_OVERHEAD 7
104 #define GSM_NET_TX_TIMEOUT (HZ*10)
105
106 /*
107 * struct gsm_mux_net - network interface
108 *
109 * Created when net interface is initialized.
110 */
111 struct gsm_mux_net {
112 struct kref ref;
113 struct gsm_dlci *dlci;
114 };
115
116 /*
117 * Each block of data we have queued to go out is in the form of
118 * a gsm_msg which holds everything we need in a link layer independent
119 * format
120 */
121
122 struct gsm_msg {
123 struct list_head list;
124 u8 addr; /* DLCI address + flags */
125 u8 ctrl; /* Control byte + flags */
126 unsigned int len; /* Length of data block (can be zero) */
127 u8 *data; /* Points into buffer but not at the start */
128 u8 buffer[];
129 };
130
131 enum gsm_dlci_state {
132 DLCI_CLOSED,
133 DLCI_WAITING_CONFIG, /* Waiting for DLCI configuration from user */
134 DLCI_CONFIGURE, /* Sending PN (for adaption > 1) */
135 DLCI_OPENING, /* Sending SABM not seen UA */
136 DLCI_OPEN, /* SABM/UA complete */
137 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
138 };
139
140 enum gsm_dlci_mode {
141 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
142 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
143 };
144
145 /*
146 * Each active data link has a gsm_dlci structure associated which ties
147 * the link layer to an optional tty (if the tty side is open). To avoid
148 * complexity right now these are only ever freed up when the mux is
149 * shut down.
150 *
151 * At the moment we don't free DLCI objects until the mux is torn down
152 * this avoid object life time issues but might be worth review later.
153 */
154
155 struct gsm_dlci {
156 struct gsm_mux *gsm;
157 int addr;
158 enum gsm_dlci_state state;
159 struct mutex mutex;
160
161 /* Link layer */
162 enum gsm_dlci_mode mode;
163 spinlock_t lock; /* Protects the internal state */
164 struct timer_list t1; /* Retransmit timer for SABM and UA */
165 int retries;
166 /* Uplink tty if active */
167 struct tty_port port; /* The tty bound to this DLCI if there is one */
168 #define TX_SIZE 4096 /* Must be power of 2. */
169 struct kfifo fifo; /* Queue fifo for the DLCI */
170 int adaption; /* Adaption layer in use */
171 int prev_adaption;
172 u32 modem_rx; /* Our incoming virtual modem lines */
173 u32 modem_tx; /* Our outgoing modem lines */
174 unsigned int mtu;
175 bool dead; /* Refuse re-open */
176 /* Configuration */
177 u8 prio; /* Priority */
178 u8 ftype; /* Frame type */
179 u8 k; /* Window size */
180 /* Flow control */
181 bool throttled; /* Private copy of throttle state */
182 bool constipated; /* Throttle status for outgoing */
183 /* Packetised I/O */
184 struct sk_buff *skb; /* Frame being sent */
185 struct sk_buff_head skb_list; /* Queued frames */
186 /* Data handling callback */
187 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
188 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
189 struct net_device *net; /* network interface, if created */
190 };
191
192 /*
193 * Parameter bits used for parameter negotiation according to 3GPP 27.010
194 * chapter 5.4.6.3.1.
195 */
196
197 struct gsm_dlci_param_bits {
198 u8 d_bits;
199 u8 i_cl_bits;
200 u8 p_bits;
201 u8 t_bits;
202 __le16 n_bits;
203 u8 na_bits;
204 u8 k_bits;
205 };
206
207 static_assert(sizeof(struct gsm_dlci_param_bits) == 8);
208
209 #define PN_D_FIELD_DLCI GENMASK(5, 0)
210 #define PN_I_CL_FIELD_FTYPE GENMASK(3, 0)
211 #define PN_I_CL_FIELD_ADAPTION GENMASK(7, 4)
212 #define PN_P_FIELD_PRIO GENMASK(5, 0)
213 #define PN_T_FIELD_T1 GENMASK(7, 0)
214 #define PN_N_FIELD_N1 GENMASK(15, 0)
215 #define PN_NA_FIELD_N2 GENMASK(7, 0)
216 #define PN_K_FIELD_K GENMASK(2, 0)
217
218 /* Total number of supported devices */
219 #define GSM_TTY_MINORS 256
220
221 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
222
223 #define NUM_DLCI 64
224
225 /*
226 * DLCI 0 is used to pass control blocks out of band of the data
227 * flow (and with a higher link priority). One command can be outstanding
228 * at a time and we use this structure to manage them. They are created
229 * and destroyed by the user context, and updated by the receive paths
230 * and timers
231 */
232
233 struct gsm_control {
234 u8 cmd; /* Command we are issuing */
235 u8 *data; /* Data for the command in case we retransmit */
236 int len; /* Length of block for retransmission */
237 int done; /* Done flag */
238 int error; /* Error if any */
239 };
240
241 enum gsm_encoding {
242 GSM_BASIC_OPT,
243 GSM_ADV_OPT,
244 };
245
246 enum gsm_mux_state {
247 GSM_SEARCH,
248 GSM0_ADDRESS,
249 GSM0_CONTROL,
250 GSM0_LEN0,
251 GSM0_LEN1,
252 GSM0_DATA,
253 GSM0_FCS,
254 GSM0_SSOF,
255 GSM1_START,
256 GSM1_ADDRESS,
257 GSM1_CONTROL,
258 GSM1_DATA,
259 GSM1_OVERRUN,
260 };
261
262 /*
263 * Each GSM mux we have is represented by this structure. If we are
264 * operating as an ldisc then we use this structure as our ldisc
265 * state. We need to sort out lifetimes and locking with respect
266 * to the gsm mux array. For now we don't free DLCI objects that
267 * have been instantiated until the mux itself is terminated.
268 *
269 * To consider further: tty open versus mux shutdown.
270 */
271
272 struct gsm_mux {
273 struct tty_struct *tty; /* The tty our ldisc is bound to */
274 spinlock_t lock;
275 struct mutex mutex;
276 unsigned int num;
277 struct kref ref;
278
279 /* Events on the GSM channel */
280 wait_queue_head_t event;
281
282 /* ldisc send work */
283 struct work_struct tx_work;
284
285 /* Bits for GSM mode decoding */
286
287 /* Framing Layer */
288 u8 *buf;
289 enum gsm_mux_state state;
290 unsigned int len;
291 unsigned int address;
292 unsigned int count;
293 bool escape;
294 enum gsm_encoding encoding;
295 u8 control;
296 u8 fcs;
297 u8 *txframe; /* TX framing buffer */
298
299 /* Method for the receiver side */
300 void (*receive)(struct gsm_mux *gsm, u8 ch);
301
302 /* Link Layer */
303 unsigned int mru;
304 unsigned int mtu;
305 int initiator; /* Did we initiate connection */
306 bool dead; /* Has the mux been shut down */
307 struct gsm_dlci *dlci[NUM_DLCI];
308 int old_c_iflag; /* termios c_iflag value before attach */
309 bool constipated; /* Asked by remote to shut up */
310 bool has_devices; /* Devices were registered */
311
312 spinlock_t tx_lock;
313 unsigned int tx_bytes; /* TX data outstanding */
314 #define TX_THRESH_HI 8192
315 #define TX_THRESH_LO 2048
316 struct list_head tx_ctrl_list; /* Pending control packets */
317 struct list_head tx_data_list; /* Pending data packets */
318
319 /* Control messages */
320 struct timer_list kick_timer; /* Kick TX queuing on timeout */
321 struct timer_list t2_timer; /* Retransmit timer for commands */
322 int cretries; /* Command retry counter */
323 struct gsm_control *pending_cmd;/* Our current pending command */
324 spinlock_t control_lock; /* Protects the pending command */
325
326 /* Keep-alive */
327 struct timer_list ka_timer; /* Keep-alive response timer */
328 u8 ka_num; /* Keep-alive match pattern */
329 signed int ka_retries; /* Keep-alive retry counter, -1 if not yet initialized */
330
331 /* Configuration */
332 int adaption; /* 1 or 2 supported */
333 u8 ftype; /* UI or UIH */
334 int t1, t2; /* Timers in 1/100th of a sec */
335 unsigned int t3; /* Power wake-up timer in seconds. */
336 int n2; /* Retry count */
337 u8 k; /* Window size */
338 bool wait_config; /* Wait for configuration by ioctl before DLCI open */
339 u32 keep_alive; /* Control channel keep-alive in 10ms */
340
341 /* Statistics (not currently exposed) */
342 unsigned long bad_fcs;
343 unsigned long malformed;
344 unsigned long io_error;
345 unsigned long open_error;
346 unsigned long bad_size;
347 unsigned long unsupported;
348 };
349
350
351 /*
352 * Mux objects - needed so that we can translate a tty index into the
353 * relevant mux and DLCI.
354 */
355
356 #define MAX_MUX 4 /* 256 minors */
357 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
358 static DEFINE_SPINLOCK(gsm_mux_lock);
359
360 static struct tty_driver *gsm_tty_driver;
361
362 /*
363 * This section of the driver logic implements the GSM encodings
364 * both the basic and the 'advanced'. Reliable transport is not
365 * supported.
366 */
367
368 #define CR 0x02
369 #define EA 0x01
370 #define PF 0x10
371
372 /* I is special: the rest are ..*/
373 #define RR 0x01
374 #define UI 0x03
375 #define RNR 0x05
376 #define REJ 0x09
377 #define DM 0x0F
378 #define SABM 0x2F
379 #define DISC 0x43
380 #define UA 0x63
381 #define UIH 0xEF
382
383 /* Channel commands */
384 #define CMD_NSC 0x09
385 #define CMD_TEST 0x11
386 #define CMD_PSC 0x21
387 #define CMD_RLS 0x29
388 #define CMD_FCOFF 0x31
389 #define CMD_PN 0x41
390 #define CMD_RPN 0x49
391 #define CMD_FCON 0x51
392 #define CMD_CLD 0x61
393 #define CMD_SNC 0x69
394 #define CMD_MSC 0x71
395
396 /* Virtual modem bits */
397 #define MDM_FC 0x01
398 #define MDM_RTC 0x02
399 #define MDM_RTR 0x04
400 #define MDM_IC 0x20
401 #define MDM_DV 0x40
402
403 #define GSM0_SOF 0xF9
404 #define GSM1_SOF 0x7E
405 #define GSM1_ESCAPE 0x7D
406 #define GSM1_ESCAPE_BITS 0x20
407 #define XON 0x11
408 #define XOFF 0x13
409 #define ISO_IEC_646_MASK 0x7F
410
411 static const struct tty_port_operations gsm_port_ops;
412
413 /*
414 * CRC table for GSM 0710
415 */
416
417 static const u8 gsm_fcs8[256] = {
418 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
419 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
420 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
421 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
422 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
423 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
424 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
425 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
426 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
427 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
428 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
429 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
430 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
431 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
432 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
433 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
434 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
435 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
436 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
437 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
438 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
439 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
440 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
441 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
442 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
443 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
444 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
445 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
446 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
447 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
448 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
449 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
450 };
451
452 #define INIT_FCS 0xFF
453 #define GOOD_FCS 0xCF
454
455 static void gsm_dlci_close(struct gsm_dlci *dlci);
456 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
457 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
458 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
459 u8 ctrl);
460 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
461 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr);
462 static void gsmld_write_trigger(struct gsm_mux *gsm);
463 static void gsmld_write_task(struct work_struct *work);
464 static int gsm_modem_send_initial_msc(struct gsm_dlci *dlci);
465
466 /**
467 * gsm_fcs_add - update FCS
468 * @fcs: Current FCS
469 * @c: Next data
470 *
471 * Update the FCS to include c. Uses the algorithm in the specification
472 * notes.
473 */
474
gsm_fcs_add(u8 fcs,u8 c)475 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
476 {
477 return gsm_fcs8[fcs ^ c];
478 }
479
480 /**
481 * gsm_fcs_add_block - update FCS for a block
482 * @fcs: Current FCS
483 * @c: buffer of data
484 * @len: length of buffer
485 *
486 * Update the FCS to include c. Uses the algorithm in the specification
487 * notes.
488 */
489
gsm_fcs_add_block(u8 fcs,u8 * c,int len)490 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
491 {
492 while (len--)
493 fcs = gsm_fcs8[fcs ^ *c++];
494 return fcs;
495 }
496
497 /**
498 * gsm_read_ea - read a byte into an EA
499 * @val: variable holding value
500 * @c: byte going into the EA
501 *
502 * Processes one byte of an EA. Updates the passed variable
503 * and returns 1 if the EA is now completely read
504 */
505
gsm_read_ea(unsigned int * val,u8 c)506 static int gsm_read_ea(unsigned int *val, u8 c)
507 {
508 /* Add the next 7 bits into the value */
509 *val <<= 7;
510 *val |= c >> 1;
511 /* Was this the last byte of the EA 1 = yes*/
512 return c & EA;
513 }
514
515 /**
516 * gsm_read_ea_val - read a value until EA
517 * @val: variable holding value
518 * @data: buffer of data
519 * @dlen: length of data
520 *
521 * Processes an EA value. Updates the passed variable and
522 * returns the processed data length.
523 */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)524 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
525 {
526 unsigned int len = 0;
527
528 for (; dlen > 0; dlen--) {
529 len++;
530 if (gsm_read_ea(val, *data++))
531 break;
532 }
533 return len;
534 }
535
536 /**
537 * gsm_encode_modem - encode modem data bits
538 * @dlci: DLCI to encode from
539 *
540 * Returns the correct GSM encoded modem status bits (6 bit field) for
541 * the current status of the DLCI and attached tty object
542 */
543
gsm_encode_modem(const struct gsm_dlci * dlci)544 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
545 {
546 u8 modembits = 0;
547 /* FC is true flow control not modem bits */
548 if (dlci->throttled)
549 modembits |= MDM_FC;
550 if (dlci->modem_tx & TIOCM_DTR)
551 modembits |= MDM_RTC;
552 if (dlci->modem_tx & TIOCM_RTS)
553 modembits |= MDM_RTR;
554 if (dlci->modem_tx & TIOCM_RI)
555 modembits |= MDM_IC;
556 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
557 modembits |= MDM_DV;
558 /* special mappings for passive side to operate as UE */
559 if (dlci->modem_tx & TIOCM_OUT1)
560 modembits |= MDM_IC;
561 if (dlci->modem_tx & TIOCM_OUT2)
562 modembits |= MDM_DV;
563 return modembits;
564 }
565
gsm_hex_dump_bytes(const char * fname,const u8 * data,unsigned long len)566 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
567 unsigned long len)
568 {
569 char *prefix;
570
571 if (!fname) {
572 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
573 true);
574 return;
575 }
576
577 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
578 if (!prefix)
579 return;
580 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
581 true);
582 kfree(prefix);
583 }
584
585 /**
586 * gsm_encode_params - encode DLCI parameters
587 * @dlci: DLCI to encode from
588 * @params: buffer to fill with the encoded parameters
589 *
590 * Encodes the parameters according to GSM 07.10 section 5.4.6.3.1
591 * table 3.
592 */
gsm_encode_params(const struct gsm_dlci * dlci,struct gsm_dlci_param_bits * params)593 static int gsm_encode_params(const struct gsm_dlci *dlci,
594 struct gsm_dlci_param_bits *params)
595 {
596 const struct gsm_mux *gsm = dlci->gsm;
597 unsigned int i, cl;
598
599 switch (dlci->ftype) {
600 case UIH:
601 i = 0; /* UIH */
602 break;
603 case UI:
604 i = 1; /* UI */
605 break;
606 default:
607 pr_debug("unsupported frame type %d\n", dlci->ftype);
608 return -EINVAL;
609 }
610
611 switch (dlci->adaption) {
612 case 1: /* Unstructured */
613 cl = 0; /* convergence layer type 1 */
614 break;
615 case 2: /* Unstructured with modem bits. */
616 cl = 1; /* convergence layer type 2 */
617 break;
618 default:
619 pr_debug("unsupported adaption %d\n", dlci->adaption);
620 return -EINVAL;
621 }
622
623 params->d_bits = FIELD_PREP(PN_D_FIELD_DLCI, dlci->addr);
624 /* UIH, convergence layer type 1 */
625 params->i_cl_bits = FIELD_PREP(PN_I_CL_FIELD_FTYPE, i) |
626 FIELD_PREP(PN_I_CL_FIELD_ADAPTION, cl);
627 params->p_bits = FIELD_PREP(PN_P_FIELD_PRIO, dlci->prio);
628 params->t_bits = FIELD_PREP(PN_T_FIELD_T1, gsm->t1);
629 params->n_bits = cpu_to_le16(FIELD_PREP(PN_N_FIELD_N1, dlci->mtu));
630 params->na_bits = FIELD_PREP(PN_NA_FIELD_N2, gsm->n2);
631 params->k_bits = FIELD_PREP(PN_K_FIELD_K, dlci->k);
632
633 return 0;
634 }
635
636 /**
637 * gsm_register_devices - register all tty devices for a given mux index
638 *
639 * @driver: the tty driver that describes the tty devices
640 * @index: the mux number is used to calculate the minor numbers of the
641 * ttys for this mux and may differ from the position in the
642 * mux array.
643 */
gsm_register_devices(struct tty_driver * driver,unsigned int index)644 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
645 {
646 struct device *dev;
647 int i;
648 unsigned int base;
649
650 if (!driver || index >= MAX_MUX)
651 return -EINVAL;
652
653 base = index * NUM_DLCI; /* first minor for this index */
654 for (i = 1; i < NUM_DLCI; i++) {
655 /* Don't register device 0 - this is the control channel
656 * and not a usable tty interface
657 */
658 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
659 if (IS_ERR(dev)) {
660 if (debug & DBG_ERRORS)
661 pr_info("%s failed to register device minor %u",
662 __func__, base + i);
663 for (i--; i >= 1; i--)
664 tty_unregister_device(gsm_tty_driver, base + i);
665 return PTR_ERR(dev);
666 }
667 }
668
669 return 0;
670 }
671
672 /**
673 * gsm_unregister_devices - unregister all tty devices for a given mux index
674 *
675 * @driver: the tty driver that describes the tty devices
676 * @index: the mux number is used to calculate the minor numbers of the
677 * ttys for this mux and may differ from the position in the
678 * mux array.
679 */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)680 static void gsm_unregister_devices(struct tty_driver *driver,
681 unsigned int index)
682 {
683 int i;
684 unsigned int base;
685
686 if (!driver || index >= MAX_MUX)
687 return;
688
689 base = index * NUM_DLCI; /* first minor for this index */
690 for (i = 1; i < NUM_DLCI; i++) {
691 /* Don't unregister device 0 - this is the control
692 * channel and not a usable tty interface
693 */
694 tty_unregister_device(gsm_tty_driver, base + i);
695 }
696 }
697
698 /**
699 * gsm_print_packet - display a frame for debug
700 * @hdr: header to print before decode
701 * @addr: address EA from the frame
702 * @cr: C/R bit seen as initiator
703 * @control: control including PF bit
704 * @data: following data bytes
705 * @dlen: length of data
706 *
707 * Displays a packet in human readable format for debugging purposes. The
708 * style is based on amateur radio LAP-B dump display.
709 */
710
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)711 static void gsm_print_packet(const char *hdr, int addr, int cr,
712 u8 control, const u8 *data, int dlen)
713 {
714 if (!(debug & DBG_DUMP))
715 return;
716 /* Only show user payload frames if debug & DBG_PAYLOAD */
717 if (!(debug & DBG_PAYLOAD) && addr != 0)
718 if ((control & ~PF) == UI || (control & ~PF) == UIH)
719 return;
720
721 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
722
723 switch (control & ~PF) {
724 case SABM:
725 pr_cont("SABM");
726 break;
727 case UA:
728 pr_cont("UA");
729 break;
730 case DISC:
731 pr_cont("DISC");
732 break;
733 case DM:
734 pr_cont("DM");
735 break;
736 case UI:
737 pr_cont("UI");
738 break;
739 case UIH:
740 pr_cont("UIH");
741 break;
742 default:
743 if (!(control & 0x01)) {
744 pr_cont("I N(S)%d N(R)%d",
745 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
746 } else switch (control & 0x0F) {
747 case RR:
748 pr_cont("RR(%d)", (control & 0xE0) >> 5);
749 break;
750 case RNR:
751 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
752 break;
753 case REJ:
754 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
755 break;
756 default:
757 pr_cont("[%02X]", control);
758 }
759 }
760
761 if (control & PF)
762 pr_cont("(P)");
763 else
764 pr_cont("(F)");
765
766 gsm_hex_dump_bytes(NULL, data, dlen);
767 }
768
769
770 /*
771 * Link level transmission side
772 */
773
774 /**
775 * gsm_stuff_frame - bytestuff a packet
776 * @input: input buffer
777 * @output: output buffer
778 * @len: length of input
779 *
780 * Expand a buffer by bytestuffing it. The worst case size change
781 * is doubling and the caller is responsible for handing out
782 * suitable sized buffers.
783 */
784
gsm_stuff_frame(const u8 * input,u8 * output,int len)785 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
786 {
787 int olen = 0;
788 while (len--) {
789 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
790 || (*input & ISO_IEC_646_MASK) == XON
791 || (*input & ISO_IEC_646_MASK) == XOFF) {
792 *output++ = GSM1_ESCAPE;
793 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
794 olen++;
795 } else
796 *output++ = *input++;
797 olen++;
798 }
799 return olen;
800 }
801
802 /**
803 * gsm_send - send a control frame
804 * @gsm: our GSM mux
805 * @addr: address for control frame
806 * @cr: command/response bit seen as initiator
807 * @control: control byte including PF bit
808 *
809 * Format up and transmit a control frame. These should be transmitted
810 * ahead of data when they are needed.
811 */
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)812 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
813 {
814 struct gsm_msg *msg;
815 u8 *dp;
816 int ocr;
817 unsigned long flags;
818
819 msg = gsm_data_alloc(gsm, addr, 0, control);
820 if (!msg)
821 return -ENOMEM;
822
823 /* toggle C/R coding if not initiator */
824 ocr = cr ^ (gsm->initiator ? 0 : 1);
825
826 msg->data -= 3;
827 dp = msg->data;
828 *dp++ = (addr << 2) | (ocr << 1) | EA;
829 *dp++ = control;
830
831 if (gsm->encoding == GSM_BASIC_OPT)
832 *dp++ = EA; /* Length of data = 0 */
833
834 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
835 msg->len = (dp - msg->data) + 1;
836
837 gsm_print_packet("Q->", addr, cr, control, NULL, 0);
838
839 spin_lock_irqsave(&gsm->tx_lock, flags);
840 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
841 gsm->tx_bytes += msg->len;
842 spin_unlock_irqrestore(&gsm->tx_lock, flags);
843 gsmld_write_trigger(gsm);
844
845 return 0;
846 }
847
848 /**
849 * gsm_dlci_clear_queues - remove outstanding data for a DLCI
850 * @gsm: mux
851 * @dlci: clear for this DLCI
852 *
853 * Clears the data queues for a given DLCI.
854 */
gsm_dlci_clear_queues(struct gsm_mux * gsm,struct gsm_dlci * dlci)855 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
856 {
857 struct gsm_msg *msg, *nmsg;
858 int addr = dlci->addr;
859 unsigned long flags;
860
861 /* Clear DLCI write fifo first */
862 spin_lock_irqsave(&dlci->lock, flags);
863 kfifo_reset(&dlci->fifo);
864 spin_unlock_irqrestore(&dlci->lock, flags);
865
866 /* Clear data packets in MUX write queue */
867 spin_lock_irqsave(&gsm->tx_lock, flags);
868 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
869 if (msg->addr != addr)
870 continue;
871 gsm->tx_bytes -= msg->len;
872 list_del(&msg->list);
873 kfree(msg);
874 }
875 spin_unlock_irqrestore(&gsm->tx_lock, flags);
876 }
877
878 /**
879 * gsm_response - send a control response
880 * @gsm: our GSM mux
881 * @addr: address for control frame
882 * @control: control byte including PF bit
883 *
884 * Format up and transmit a link level response frame.
885 */
886
gsm_response(struct gsm_mux * gsm,int addr,int control)887 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
888 {
889 gsm_send(gsm, addr, 0, control);
890 }
891
892 /**
893 * gsm_command - send a control command
894 * @gsm: our GSM mux
895 * @addr: address for control frame
896 * @control: control byte including PF bit
897 *
898 * Format up and transmit a link level command frame.
899 */
900
gsm_command(struct gsm_mux * gsm,int addr,int control)901 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
902 {
903 gsm_send(gsm, addr, 1, control);
904 }
905
906 /* Data transmission */
907
908 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
909
910 /**
911 * gsm_data_alloc - allocate data frame
912 * @gsm: GSM mux
913 * @addr: DLCI address
914 * @len: length excluding header and FCS
915 * @ctrl: control byte
916 *
917 * Allocate a new data buffer for sending frames with data. Space is left
918 * at the front for header bytes but that is treated as an implementation
919 * detail and not for the high level code to use
920 */
921
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)922 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
923 u8 ctrl)
924 {
925 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
926 GFP_ATOMIC);
927 if (m == NULL)
928 return NULL;
929 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
930 m->len = len;
931 m->addr = addr;
932 m->ctrl = ctrl;
933 INIT_LIST_HEAD(&m->list);
934 return m;
935 }
936
937 /**
938 * gsm_send_packet - sends a single packet
939 * @gsm: GSM Mux
940 * @msg: packet to send
941 *
942 * The given packet is encoded and sent out. No memory is freed.
943 * The caller must hold the gsm tx lock.
944 */
gsm_send_packet(struct gsm_mux * gsm,struct gsm_msg * msg)945 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
946 {
947 int len, ret;
948
949
950 if (gsm->encoding == GSM_BASIC_OPT) {
951 gsm->txframe[0] = GSM0_SOF;
952 memcpy(gsm->txframe + 1, msg->data, msg->len);
953 gsm->txframe[msg->len + 1] = GSM0_SOF;
954 len = msg->len + 2;
955 } else {
956 gsm->txframe[0] = GSM1_SOF;
957 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
958 gsm->txframe[len + 1] = GSM1_SOF;
959 len += 2;
960 }
961
962 if (debug & DBG_DATA)
963 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
964 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
965 msg->len);
966
967 ret = gsmld_output(gsm, gsm->txframe, len);
968 if (ret <= 0)
969 return ret;
970 /* FIXME: Can eliminate one SOF in many more cases */
971 gsm->tx_bytes -= msg->len;
972
973 return 0;
974 }
975
976 /**
977 * gsm_is_flow_ctrl_msg - checks if flow control message
978 * @msg: message to check
979 *
980 * Returns true if the given message is a flow control command of the
981 * control channel. False is returned in any other case.
982 */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)983 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
984 {
985 unsigned int cmd;
986
987 if (msg->addr > 0)
988 return false;
989
990 switch (msg->ctrl & ~PF) {
991 case UI:
992 case UIH:
993 cmd = 0;
994 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
995 break;
996 switch (cmd & ~PF) {
997 case CMD_FCOFF:
998 case CMD_FCON:
999 return true;
1000 }
1001 break;
1002 }
1003
1004 return false;
1005 }
1006
1007 /**
1008 * gsm_data_kick - poke the queue
1009 * @gsm: GSM Mux
1010 *
1011 * The tty device has called us to indicate that room has appeared in
1012 * the transmit queue. Ram more data into the pipe if we have any.
1013 * If we have been flow-stopped by a CMD_FCOFF, then we can only
1014 * send messages on DLCI0 until CMD_FCON. The caller must hold
1015 * the gsm tx lock.
1016 */
gsm_data_kick(struct gsm_mux * gsm)1017 static int gsm_data_kick(struct gsm_mux *gsm)
1018 {
1019 struct gsm_msg *msg, *nmsg;
1020 struct gsm_dlci *dlci;
1021 int ret;
1022
1023 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
1024
1025 /* Serialize control messages and control channel messages first */
1026 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
1027 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
1028 continue;
1029 ret = gsm_send_packet(gsm, msg);
1030 switch (ret) {
1031 case -ENOSPC:
1032 return -ENOSPC;
1033 case -ENODEV:
1034 /* ldisc not open */
1035 gsm->tx_bytes -= msg->len;
1036 list_del(&msg->list);
1037 kfree(msg);
1038 continue;
1039 default:
1040 if (ret >= 0) {
1041 list_del(&msg->list);
1042 kfree(msg);
1043 }
1044 break;
1045 }
1046 }
1047
1048 if (gsm->constipated)
1049 return -EAGAIN;
1050
1051 /* Serialize other channels */
1052 if (list_empty(&gsm->tx_data_list))
1053 return 0;
1054 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
1055 dlci = gsm->dlci[msg->addr];
1056 /* Send only messages for DLCIs with valid state */
1057 if (dlci->state != DLCI_OPEN) {
1058 gsm->tx_bytes -= msg->len;
1059 list_del(&msg->list);
1060 kfree(msg);
1061 continue;
1062 }
1063 ret = gsm_send_packet(gsm, msg);
1064 switch (ret) {
1065 case -ENOSPC:
1066 return -ENOSPC;
1067 case -ENODEV:
1068 /* ldisc not open */
1069 gsm->tx_bytes -= msg->len;
1070 list_del(&msg->list);
1071 kfree(msg);
1072 continue;
1073 default:
1074 if (ret >= 0) {
1075 list_del(&msg->list);
1076 kfree(msg);
1077 }
1078 break;
1079 }
1080 }
1081
1082 return 1;
1083 }
1084
1085 /**
1086 * __gsm_data_queue - queue a UI or UIH frame
1087 * @dlci: DLCI sending the data
1088 * @msg: message queued
1089 *
1090 * Add data to the transmit queue and try and get stuff moving
1091 * out of the mux tty if not already doing so. The Caller must hold
1092 * the gsm tx lock.
1093 */
1094
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1095 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1096 {
1097 struct gsm_mux *gsm = dlci->gsm;
1098 u8 *dp = msg->data;
1099 u8 *fcs = dp + msg->len;
1100
1101 /* Fill in the header */
1102 if (gsm->encoding == GSM_BASIC_OPT) {
1103 if (msg->len < 128)
1104 *--dp = (msg->len << 1) | EA;
1105 else {
1106 *--dp = (msg->len >> 7); /* bits 7 - 15 */
1107 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
1108 }
1109 }
1110
1111 *--dp = msg->ctrl;
1112 if (gsm->initiator)
1113 *--dp = (msg->addr << 2) | CR | EA;
1114 else
1115 *--dp = (msg->addr << 2) | EA;
1116 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
1117 /* Ugly protocol layering violation */
1118 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
1119 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
1120 *fcs = 0xFF - *fcs;
1121
1122 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
1123 msg->data, msg->len);
1124
1125 /* Move the header back and adjust the length, also allow for the FCS
1126 now tacked on the end */
1127 msg->len += (msg->data - dp) + 1;
1128 msg->data = dp;
1129
1130 /* Add to the actual output queue */
1131 switch (msg->ctrl & ~PF) {
1132 case UI:
1133 case UIH:
1134 if (msg->addr > 0) {
1135 list_add_tail(&msg->list, &gsm->tx_data_list);
1136 break;
1137 }
1138 fallthrough;
1139 default:
1140 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1141 break;
1142 }
1143 gsm->tx_bytes += msg->len;
1144
1145 gsmld_write_trigger(gsm);
1146 mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
1147 }
1148
1149 /**
1150 * gsm_data_queue - queue a UI or UIH frame
1151 * @dlci: DLCI sending the data
1152 * @msg: message queued
1153 *
1154 * Add data to the transmit queue and try and get stuff moving
1155 * out of the mux tty if not already doing so. Take the
1156 * the gsm tx lock and dlci lock.
1157 */
1158
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1159 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1160 {
1161 unsigned long flags;
1162 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1163 __gsm_data_queue(dlci, msg);
1164 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1165 }
1166
1167 /**
1168 * gsm_dlci_data_output - try and push data out of a DLCI
1169 * @gsm: mux
1170 * @dlci: the DLCI to pull data from
1171 *
1172 * Pull data from a DLCI and send it into the transmit queue if there
1173 * is data. Keep to the MRU of the mux. This path handles the usual tty
1174 * interface which is a byte stream with optional modem data.
1175 *
1176 * Caller must hold the tx_lock of the mux.
1177 */
1178
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)1179 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1180 {
1181 struct gsm_msg *msg;
1182 u8 *dp;
1183 int h, len, size;
1184
1185 /* for modem bits without break data */
1186 h = ((dlci->adaption == 1) ? 0 : 1);
1187
1188 len = kfifo_len(&dlci->fifo);
1189 if (len == 0)
1190 return 0;
1191
1192 /* MTU/MRU count only the data bits but watch adaption mode */
1193 if ((len + h) > dlci->mtu)
1194 len = dlci->mtu - h;
1195
1196 size = len + h;
1197
1198 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1199 if (!msg)
1200 return -ENOMEM;
1201 dp = msg->data;
1202 switch (dlci->adaption) {
1203 case 1: /* Unstructured */
1204 break;
1205 case 2: /* Unstructured with modem bits.
1206 * Always one byte as we never send inline break data
1207 */
1208 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1209 break;
1210 default:
1211 pr_err("%s: unsupported adaption %d\n", __func__,
1212 dlci->adaption);
1213 break;
1214 }
1215
1216 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1217 &dlci->lock));
1218
1219 /* Notify upper layer about available send space. */
1220 tty_port_tty_wakeup(&dlci->port);
1221
1222 __gsm_data_queue(dlci, msg);
1223 /* Bytes of data we used up */
1224 return size;
1225 }
1226
1227 /**
1228 * gsm_dlci_data_output_framed - try and push data out of a DLCI
1229 * @gsm: mux
1230 * @dlci: the DLCI to pull data from
1231 *
1232 * Pull data from a DLCI and send it into the transmit queue if there
1233 * is data. Keep to the MRU of the mux. This path handles framed data
1234 * queued as skbuffs to the DLCI.
1235 *
1236 * Caller must hold the tx_lock of the mux.
1237 */
1238
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)1239 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1240 struct gsm_dlci *dlci)
1241 {
1242 struct gsm_msg *msg;
1243 u8 *dp;
1244 int len, size;
1245 int last = 0, first = 0;
1246 int overhead = 0;
1247
1248 /* One byte per frame is used for B/F flags */
1249 if (dlci->adaption == 4)
1250 overhead = 1;
1251
1252 /* dlci->skb is locked by tx_lock */
1253 if (dlci->skb == NULL) {
1254 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
1255 if (dlci->skb == NULL)
1256 return 0;
1257 first = 1;
1258 }
1259 len = dlci->skb->len + overhead;
1260
1261 /* MTU/MRU count only the data bits */
1262 if (len > dlci->mtu) {
1263 if (dlci->adaption == 3) {
1264 /* Over long frame, bin it */
1265 dev_kfree_skb_any(dlci->skb);
1266 dlci->skb = NULL;
1267 return 0;
1268 }
1269 len = dlci->mtu;
1270 } else
1271 last = 1;
1272
1273 size = len + overhead;
1274 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1275 if (msg == NULL) {
1276 skb_queue_tail(&dlci->skb_list, dlci->skb);
1277 dlci->skb = NULL;
1278 return -ENOMEM;
1279 }
1280 dp = msg->data;
1281
1282 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1283 /* Flag byte to carry the start/end info */
1284 *dp++ = last << 7 | first << 6 | 1; /* EA */
1285 len--;
1286 }
1287 memcpy(dp, dlci->skb->data, len);
1288 skb_pull(dlci->skb, len);
1289 __gsm_data_queue(dlci, msg);
1290 if (last) {
1291 dev_kfree_skb_any(dlci->skb);
1292 dlci->skb = NULL;
1293 }
1294 return size;
1295 }
1296
1297 /**
1298 * gsm_dlci_modem_output - try and push modem status out of a DLCI
1299 * @gsm: mux
1300 * @dlci: the DLCI to pull modem status from
1301 * @brk: break signal
1302 *
1303 * Push an empty frame in to the transmit queue to update the modem status
1304 * bits and to transmit an optional break.
1305 *
1306 * Caller must hold the tx_lock of the mux.
1307 */
1308
gsm_dlci_modem_output(struct gsm_mux * gsm,struct gsm_dlci * dlci,u8 brk)1309 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1310 u8 brk)
1311 {
1312 u8 *dp = NULL;
1313 struct gsm_msg *msg;
1314 int size = 0;
1315
1316 /* for modem bits without break data */
1317 switch (dlci->adaption) {
1318 case 1: /* Unstructured */
1319 break;
1320 case 2: /* Unstructured with modem bits. */
1321 size++;
1322 if (brk > 0)
1323 size++;
1324 break;
1325 default:
1326 pr_err("%s: unsupported adaption %d\n", __func__,
1327 dlci->adaption);
1328 return -EINVAL;
1329 }
1330
1331 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype);
1332 if (!msg) {
1333 pr_err("%s: gsm_data_alloc error", __func__);
1334 return -ENOMEM;
1335 }
1336 dp = msg->data;
1337 switch (dlci->adaption) {
1338 case 1: /* Unstructured */
1339 break;
1340 case 2: /* Unstructured with modem bits. */
1341 if (brk == 0) {
1342 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1343 } else {
1344 *dp++ = gsm_encode_modem(dlci) << 1;
1345 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1346 }
1347 break;
1348 default:
1349 /* Handled above */
1350 break;
1351 }
1352
1353 __gsm_data_queue(dlci, msg);
1354 return size;
1355 }
1356
1357 /**
1358 * gsm_dlci_data_sweep - look for data to send
1359 * @gsm: the GSM mux
1360 *
1361 * Sweep the GSM mux channels in priority order looking for ones with
1362 * data to send. We could do with optimising this scan a bit. We aim
1363 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1364 * TX_THRESH_LO we get called again
1365 *
1366 * FIXME: We should round robin between groups and in theory you can
1367 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1368 */
1369
gsm_dlci_data_sweep(struct gsm_mux * gsm)1370 static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
1371 {
1372 /* Priority ordering: We should do priority with RR of the groups */
1373 int i, len, ret = 0;
1374 bool sent;
1375 struct gsm_dlci *dlci;
1376
1377 while (gsm->tx_bytes < TX_THRESH_HI) {
1378 for (sent = false, i = 1; i < NUM_DLCI; i++) {
1379 dlci = gsm->dlci[i];
1380 /* skip unused or blocked channel */
1381 if (!dlci || dlci->constipated)
1382 continue;
1383 /* skip channels with invalid state */
1384 if (dlci->state != DLCI_OPEN)
1385 continue;
1386 /* count the sent data per adaption */
1387 if (dlci->adaption < 3 && !dlci->net)
1388 len = gsm_dlci_data_output(gsm, dlci);
1389 else
1390 len = gsm_dlci_data_output_framed(gsm, dlci);
1391 /* on error exit */
1392 if (len < 0)
1393 return ret;
1394 if (len > 0) {
1395 ret++;
1396 sent = true;
1397 /* The lower DLCs can starve the higher DLCs! */
1398 break;
1399 }
1400 /* try next */
1401 }
1402 if (!sent)
1403 break;
1404 }
1405
1406 return ret;
1407 }
1408
1409 /**
1410 * gsm_dlci_data_kick - transmit if possible
1411 * @dlci: DLCI to kick
1412 *
1413 * Transmit data from this DLCI if the queue is empty. We can't rely on
1414 * a tty wakeup except when we filled the pipe so we need to fire off
1415 * new data ourselves in other cases.
1416 */
1417
gsm_dlci_data_kick(struct gsm_dlci * dlci)1418 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1419 {
1420 unsigned long flags;
1421 int sweep;
1422
1423 if (dlci->constipated)
1424 return;
1425
1426 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1427 /* If we have nothing running then we need to fire up */
1428 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1429 if (dlci->gsm->tx_bytes == 0) {
1430 if (dlci->net)
1431 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1432 else
1433 gsm_dlci_data_output(dlci->gsm, dlci);
1434 }
1435 if (sweep)
1436 gsm_dlci_data_sweep(dlci->gsm);
1437 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1438 }
1439
1440 /*
1441 * Control message processing
1442 */
1443
1444
1445 /**
1446 * gsm_control_command - send a command frame to a control
1447 * @gsm: gsm channel
1448 * @cmd: the command to use
1449 * @data: data to follow encoded info
1450 * @dlen: length of data
1451 *
1452 * Encode up and queue a UI/UIH frame containing our command.
1453 */
gsm_control_command(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1454 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data,
1455 int dlen)
1456 {
1457 struct gsm_msg *msg;
1458 struct gsm_dlci *dlci = gsm->dlci[0];
1459
1460 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1461 if (msg == NULL)
1462 return -ENOMEM;
1463
1464 msg->data[0] = (cmd << 1) | CR | EA; /* Set C/R */
1465 msg->data[1] = (dlen << 1) | EA;
1466 memcpy(msg->data + 2, data, dlen);
1467 gsm_data_queue(dlci, msg);
1468
1469 return 0;
1470 }
1471
1472 /**
1473 * gsm_control_reply - send a response frame to a control
1474 * @gsm: gsm channel
1475 * @cmd: the command to use
1476 * @data: data to follow encoded info
1477 * @dlen: length of data
1478 *
1479 * Encode up and queue a UI/UIH frame containing our response.
1480 */
1481
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1482 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1483 int dlen)
1484 {
1485 struct gsm_msg *msg;
1486 struct gsm_dlci *dlci = gsm->dlci[0];
1487
1488 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype);
1489 if (msg == NULL)
1490 return;
1491 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1492 msg->data[1] = (dlen << 1) | EA;
1493 memcpy(msg->data + 2, data, dlen);
1494 gsm_data_queue(dlci, msg);
1495 }
1496
1497 /**
1498 * gsm_process_modem - process received modem status
1499 * @tty: virtual tty bound to the DLCI
1500 * @dlci: DLCI to affect
1501 * @modem: modem bits (full EA)
1502 * @slen: number of signal octets
1503 *
1504 * Used when a modem control message or line state inline in adaption
1505 * layer 2 is processed. Sort out the local modem state and throttles
1506 */
1507
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int slen)1508 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1509 u32 modem, int slen)
1510 {
1511 int mlines = 0;
1512 u8 brk = 0;
1513 int fc;
1514
1515 /* The modem status command can either contain one octet (V.24 signals)
1516 * or two octets (V.24 signals + break signals). This is specified in
1517 * section 5.4.6.3.7 of the 07.10 mux spec.
1518 */
1519
1520 if (slen == 1)
1521 modem = modem & 0x7f;
1522 else {
1523 brk = modem & 0x7f;
1524 modem = (modem >> 7) & 0x7f;
1525 }
1526
1527 /* Flow control/ready to communicate */
1528 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1529 if (fc && !dlci->constipated) {
1530 /* Need to throttle our output on this device */
1531 dlci->constipated = true;
1532 } else if (!fc && dlci->constipated) {
1533 dlci->constipated = false;
1534 gsm_dlci_data_kick(dlci);
1535 }
1536
1537 /* Map modem bits */
1538 if (modem & MDM_RTC)
1539 mlines |= TIOCM_DSR | TIOCM_DTR;
1540 if (modem & MDM_RTR)
1541 mlines |= TIOCM_RTS | TIOCM_CTS;
1542 if (modem & MDM_IC)
1543 mlines |= TIOCM_RI;
1544 if (modem & MDM_DV)
1545 mlines |= TIOCM_CD;
1546
1547 /* Carrier drop -> hangup */
1548 if (tty) {
1549 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1550 if (!C_CLOCAL(tty))
1551 tty_hangup(tty);
1552 }
1553 if (brk & 0x01)
1554 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1555 dlci->modem_rx = mlines;
1556 wake_up_interruptible(&dlci->gsm->event);
1557 }
1558
1559 /**
1560 * gsm_process_negotiation - process received parameters
1561 * @gsm: GSM channel
1562 * @addr: DLCI address
1563 * @cr: command/response
1564 * @params: encoded parameters from the parameter negotiation message
1565 *
1566 * Used when the response for our parameter negotiation command was
1567 * received.
1568 */
gsm_process_negotiation(struct gsm_mux * gsm,unsigned int addr,unsigned int cr,const struct gsm_dlci_param_bits * params)1569 static int gsm_process_negotiation(struct gsm_mux *gsm, unsigned int addr,
1570 unsigned int cr,
1571 const struct gsm_dlci_param_bits *params)
1572 {
1573 struct gsm_dlci *dlci = gsm->dlci[addr];
1574 unsigned int ftype, i, adaption, prio, n1, k;
1575
1576 i = FIELD_GET(PN_I_CL_FIELD_FTYPE, params->i_cl_bits);
1577 adaption = FIELD_GET(PN_I_CL_FIELD_ADAPTION, params->i_cl_bits) + 1;
1578 prio = FIELD_GET(PN_P_FIELD_PRIO, params->p_bits);
1579 n1 = FIELD_GET(PN_N_FIELD_N1, get_unaligned_le16(¶ms->n_bits));
1580 k = FIELD_GET(PN_K_FIELD_K, params->k_bits);
1581
1582 if (n1 < MIN_MTU) {
1583 if (debug & DBG_ERRORS)
1584 pr_info("%s N1 out of range in PN\n", __func__);
1585 return -EINVAL;
1586 }
1587
1588 switch (i) {
1589 case 0x00:
1590 ftype = UIH;
1591 break;
1592 case 0x01:
1593 ftype = UI;
1594 break;
1595 case 0x02: /* I frames are not supported */
1596 if (debug & DBG_ERRORS)
1597 pr_info("%s unsupported I frame request in PN\n",
1598 __func__);
1599 gsm->unsupported++;
1600 return -EINVAL;
1601 default:
1602 if (debug & DBG_ERRORS)
1603 pr_info("%s i out of range in PN\n", __func__);
1604 return -EINVAL;
1605 }
1606
1607 if (!cr && gsm->initiator) {
1608 if (adaption != dlci->adaption) {
1609 if (debug & DBG_ERRORS)
1610 pr_info("%s invalid adaption %d in PN\n",
1611 __func__, adaption);
1612 return -EINVAL;
1613 }
1614 if (prio != dlci->prio) {
1615 if (debug & DBG_ERRORS)
1616 pr_info("%s invalid priority %d in PN",
1617 __func__, prio);
1618 return -EINVAL;
1619 }
1620 if (n1 > gsm->mru || n1 > dlci->mtu) {
1621 /* We requested a frame size but the other party wants
1622 * to send larger frames. The standard allows only a
1623 * smaller response value than requested (5.4.6.3.1).
1624 */
1625 if (debug & DBG_ERRORS)
1626 pr_info("%s invalid N1 %d in PN\n", __func__,
1627 n1);
1628 return -EINVAL;
1629 }
1630 dlci->mtu = n1;
1631 if (ftype != dlci->ftype) {
1632 if (debug & DBG_ERRORS)
1633 pr_info("%s invalid i %d in PN\n", __func__, i);
1634 return -EINVAL;
1635 }
1636 if (ftype != UI && ftype != UIH && k > dlci->k) {
1637 if (debug & DBG_ERRORS)
1638 pr_info("%s invalid k %d in PN\n", __func__, k);
1639 return -EINVAL;
1640 }
1641 dlci->k = k;
1642 } else if (cr && !gsm->initiator) {
1643 /* Only convergence layer type 1 and 2 are supported. */
1644 if (adaption != 1 && adaption != 2) {
1645 if (debug & DBG_ERRORS)
1646 pr_info("%s invalid adaption %d in PN\n",
1647 __func__, adaption);
1648 return -EINVAL;
1649 }
1650 dlci->adaption = adaption;
1651 if (n1 > gsm->mru) {
1652 /* Propose a smaller value */
1653 dlci->mtu = gsm->mru;
1654 } else if (n1 > MAX_MTU) {
1655 /* Propose a smaller value */
1656 dlci->mtu = MAX_MTU;
1657 } else {
1658 dlci->mtu = n1;
1659 }
1660 dlci->prio = prio;
1661 dlci->ftype = ftype;
1662 dlci->k = k;
1663 } else {
1664 return -EINVAL;
1665 }
1666
1667 return 0;
1668 }
1669
1670 /**
1671 * gsm_control_modem - modem status received
1672 * @gsm: GSM channel
1673 * @data: data following command
1674 * @clen: command length
1675 *
1676 * We have received a modem status control message. This is used by
1677 * the GSM mux protocol to pass virtual modem line status and optionally
1678 * to indicate break signals. Unpack it, convert to Linux representation
1679 * and if need be stuff a break message down the tty.
1680 */
1681
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1682 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1683 {
1684 unsigned int addr = 0;
1685 unsigned int modem = 0;
1686 struct gsm_dlci *dlci;
1687 int len = clen;
1688 int cl = clen;
1689 const u8 *dp = data;
1690 struct tty_struct *tty;
1691
1692 len = gsm_read_ea_val(&addr, data, cl);
1693 if (len < 1)
1694 return;
1695
1696 addr >>= 1;
1697 /* Closed port, or invalid ? */
1698 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1699 return;
1700 dlci = gsm->dlci[addr];
1701
1702 /* Must be at least one byte following the EA */
1703 if ((cl - len) < 1)
1704 return;
1705
1706 dp += len;
1707 cl -= len;
1708
1709 /* get the modem status */
1710 len = gsm_read_ea_val(&modem, dp, cl);
1711 if (len < 1)
1712 return;
1713
1714 tty = tty_port_tty_get(&dlci->port);
1715 gsm_process_modem(tty, dlci, modem, cl);
1716 if (tty) {
1717 tty_wakeup(tty);
1718 tty_kref_put(tty);
1719 }
1720 gsm_control_reply(gsm, CMD_MSC, data, clen);
1721 }
1722
1723 /**
1724 * gsm_control_negotiation - parameter negotiation received
1725 * @gsm: GSM channel
1726 * @cr: command/response flag
1727 * @data: data following command
1728 * @dlen: data length
1729 *
1730 * We have received a parameter negotiation message. This is used by
1731 * the GSM mux protocol to configure protocol parameters for a new DLCI.
1732 */
gsm_control_negotiation(struct gsm_mux * gsm,unsigned int cr,const u8 * data,unsigned int dlen)1733 static void gsm_control_negotiation(struct gsm_mux *gsm, unsigned int cr,
1734 const u8 *data, unsigned int dlen)
1735 {
1736 unsigned int addr;
1737 struct gsm_dlci_param_bits pn_reply;
1738 struct gsm_dlci *dlci;
1739 struct gsm_dlci_param_bits *params;
1740
1741 if (dlen < sizeof(struct gsm_dlci_param_bits)) {
1742 gsm->open_error++;
1743 return;
1744 }
1745
1746 /* Invalid DLCI? */
1747 params = (struct gsm_dlci_param_bits *)data;
1748 addr = FIELD_GET(PN_D_FIELD_DLCI, params->d_bits);
1749 if (addr == 0 || addr >= NUM_DLCI || !gsm->dlci[addr]) {
1750 gsm->open_error++;
1751 return;
1752 }
1753 dlci = gsm->dlci[addr];
1754
1755 /* Too late for parameter negotiation? */
1756 if ((!cr && dlci->state == DLCI_OPENING) || dlci->state == DLCI_OPEN) {
1757 gsm->open_error++;
1758 return;
1759 }
1760
1761 /* Process the received parameters */
1762 if (gsm_process_negotiation(gsm, addr, cr, params) != 0) {
1763 /* Negotiation failed. Close the link. */
1764 if (debug & DBG_ERRORS)
1765 pr_info("%s PN failed\n", __func__);
1766 gsm->open_error++;
1767 gsm_dlci_close(dlci);
1768 return;
1769 }
1770
1771 if (cr) {
1772 /* Reply command with accepted parameters. */
1773 if (gsm_encode_params(dlci, &pn_reply) == 0)
1774 gsm_control_reply(gsm, CMD_PN, (const u8 *)&pn_reply,
1775 sizeof(pn_reply));
1776 else if (debug & DBG_ERRORS)
1777 pr_info("%s PN invalid\n", __func__);
1778 } else if (dlci->state == DLCI_CONFIGURE) {
1779 /* Proceed with link setup by sending SABM before UA */
1780 dlci->state = DLCI_OPENING;
1781 gsm_command(gsm, dlci->addr, SABM|PF);
1782 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1783 } else {
1784 if (debug & DBG_ERRORS)
1785 pr_info("%s PN in invalid state\n", __func__);
1786 gsm->open_error++;
1787 }
1788 }
1789
1790 /**
1791 * gsm_control_rls - remote line status
1792 * @gsm: GSM channel
1793 * @data: data bytes
1794 * @clen: data length
1795 *
1796 * The modem sends us a two byte message on the control channel whenever
1797 * it wishes to send us an error state from the virtual link. Stuff
1798 * this into the uplink tty if present
1799 */
1800
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1801 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1802 {
1803 struct tty_port *port;
1804 unsigned int addr = 0;
1805 u8 bits;
1806 int len = clen;
1807 const u8 *dp = data;
1808
1809 while (gsm_read_ea(&addr, *dp++) == 0) {
1810 len--;
1811 if (len == 0)
1812 return;
1813 }
1814 /* Must be at least one byte following ea */
1815 len--;
1816 if (len <= 0)
1817 return;
1818 addr >>= 1;
1819 /* Closed port, or invalid ? */
1820 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1821 return;
1822 /* No error ? */
1823 bits = *dp;
1824 if ((bits & 1) == 0)
1825 return;
1826
1827 port = &gsm->dlci[addr]->port;
1828
1829 if (bits & 2)
1830 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1831 if (bits & 4)
1832 tty_insert_flip_char(port, 0, TTY_PARITY);
1833 if (bits & 8)
1834 tty_insert_flip_char(port, 0, TTY_FRAME);
1835
1836 tty_flip_buffer_push(port);
1837
1838 gsm_control_reply(gsm, CMD_RLS, data, clen);
1839 }
1840
1841 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1842
1843 /**
1844 * gsm_control_message - DLCI 0 control processing
1845 * @gsm: our GSM mux
1846 * @command: the command EA
1847 * @data: data beyond the command/length EAs
1848 * @clen: length
1849 *
1850 * Input processor for control messages from the other end of the link.
1851 * Processes the incoming request and queues a response frame or an
1852 * NSC response if not supported
1853 */
1854
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1855 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1856 const u8 *data, int clen)
1857 {
1858 u8 buf[1];
1859
1860 switch (command) {
1861 case CMD_CLD: {
1862 struct gsm_dlci *dlci = gsm->dlci[0];
1863 /* Modem wishes to close down */
1864 if (dlci) {
1865 dlci->dead = true;
1866 gsm->dead = true;
1867 gsm_dlci_begin_close(dlci);
1868 }
1869 }
1870 break;
1871 case CMD_TEST:
1872 /* Modem wishes to test, reply with the data */
1873 gsm_control_reply(gsm, CMD_TEST, data, clen);
1874 break;
1875 case CMD_FCON:
1876 /* Modem can accept data again */
1877 gsm->constipated = false;
1878 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1879 /* Kick the link in case it is idling */
1880 gsmld_write_trigger(gsm);
1881 break;
1882 case CMD_FCOFF:
1883 /* Modem wants us to STFU */
1884 gsm->constipated = true;
1885 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1886 break;
1887 case CMD_MSC:
1888 /* Out of band modem line change indicator for a DLCI */
1889 gsm_control_modem(gsm, data, clen);
1890 break;
1891 case CMD_RLS:
1892 /* Out of band error reception for a DLCI */
1893 gsm_control_rls(gsm, data, clen);
1894 break;
1895 case CMD_PSC:
1896 /* Modem wishes to enter power saving state */
1897 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1898 break;
1899 /* Optional commands */
1900 case CMD_PN:
1901 /* Modem sends a parameter negotiation command */
1902 gsm_control_negotiation(gsm, 1, data, clen);
1903 break;
1904 /* Optional unsupported commands */
1905 case CMD_RPN: /* Remote port negotiation */
1906 case CMD_SNC: /* Service negotiation command */
1907 gsm->unsupported++;
1908 fallthrough;
1909 default:
1910 /* Reply to bad commands with an NSC */
1911 buf[0] = command;
1912 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1913 break;
1914 }
1915 }
1916
1917 /**
1918 * gsm_control_response - process a response to our control
1919 * @gsm: our GSM mux
1920 * @command: the command (response) EA
1921 * @data: data beyond the command/length EA
1922 * @clen: length
1923 *
1924 * Process a response to an outstanding command. We only allow a single
1925 * control message in flight so this is fairly easy. All the clean up
1926 * is done by the caller, we just update the fields, flag it as done
1927 * and return
1928 */
1929
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1930 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1931 const u8 *data, int clen)
1932 {
1933 struct gsm_control *ctrl;
1934 struct gsm_dlci *dlci;
1935 unsigned long flags;
1936
1937 spin_lock_irqsave(&gsm->control_lock, flags);
1938
1939 ctrl = gsm->pending_cmd;
1940 dlci = gsm->dlci[0];
1941 command |= 1;
1942 /* Does the reply match our command */
1943 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1944 /* Our command was replied to, kill the retry timer */
1945 timer_delete(&gsm->t2_timer);
1946 gsm->pending_cmd = NULL;
1947 /* Rejected by the other end */
1948 if (command == CMD_NSC)
1949 ctrl->error = -EOPNOTSUPP;
1950 ctrl->done = 1;
1951 wake_up(&gsm->event);
1952 /* Or did we receive the PN response to our PN command */
1953 } else if (command == CMD_PN) {
1954 gsm_control_negotiation(gsm, 0, data, clen);
1955 /* Or did we receive the TEST response to our TEST command */
1956 } else if (command == CMD_TEST && clen == 1 && *data == gsm->ka_num) {
1957 gsm->ka_retries = -1; /* trigger new keep-alive message */
1958 if (dlci && !dlci->dead)
1959 mod_timer(&gsm->ka_timer, jiffies + gsm->keep_alive * HZ / 100);
1960 }
1961 spin_unlock_irqrestore(&gsm->control_lock, flags);
1962 }
1963
1964 /**
1965 * gsm_control_keep_alive - check timeout or start keep-alive
1966 * @t: timer contained in our gsm object
1967 *
1968 * Called off the keep-alive timer expiry signaling that our link
1969 * partner is not responding anymore. Link will be closed.
1970 * This is also called to startup our timer.
1971 */
1972
gsm_control_keep_alive(struct timer_list * t)1973 static void gsm_control_keep_alive(struct timer_list *t)
1974 {
1975 struct gsm_mux *gsm = timer_container_of(gsm, t, ka_timer);
1976 unsigned long flags;
1977
1978 spin_lock_irqsave(&gsm->control_lock, flags);
1979 if (gsm->ka_num && gsm->ka_retries == 0) {
1980 /* Keep-alive expired -> close the link */
1981 if (debug & DBG_ERRORS)
1982 pr_debug("%s keep-alive timed out\n", __func__);
1983 spin_unlock_irqrestore(&gsm->control_lock, flags);
1984 if (gsm->dlci[0])
1985 gsm_dlci_begin_close(gsm->dlci[0]);
1986 return;
1987 } else if (gsm->keep_alive && gsm->dlci[0] && !gsm->dlci[0]->dead) {
1988 if (gsm->ka_retries > 0) {
1989 /* T2 expired for keep-alive -> resend */
1990 gsm->ka_retries--;
1991 } else {
1992 /* Start keep-alive timer */
1993 gsm->ka_num++;
1994 if (!gsm->ka_num)
1995 gsm->ka_num++;
1996 gsm->ka_retries = (signed int)gsm->n2;
1997 }
1998 gsm_control_command(gsm, CMD_TEST, &gsm->ka_num,
1999 sizeof(gsm->ka_num));
2000 mod_timer(&gsm->ka_timer,
2001 jiffies + gsm->t2 * HZ / 100);
2002 }
2003 spin_unlock_irqrestore(&gsm->control_lock, flags);
2004 }
2005
2006 /**
2007 * gsm_control_transmit - send control packet
2008 * @gsm: gsm mux
2009 * @ctrl: frame to send
2010 *
2011 * Send out a pending control command (called under control lock)
2012 */
2013
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)2014 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
2015 {
2016 gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len);
2017 }
2018
2019 /**
2020 * gsm_control_retransmit - retransmit a control frame
2021 * @t: timer contained in our gsm object
2022 *
2023 * Called off the T2 timer expiry in order to retransmit control frames
2024 * that have been lost in the system somewhere. The control_lock protects
2025 * us from colliding with another sender or a receive completion event.
2026 * In that situation the timer may still occur in a small window but
2027 * gsm->pending_cmd will be NULL and we just let the timer expire.
2028 */
2029
gsm_control_retransmit(struct timer_list * t)2030 static void gsm_control_retransmit(struct timer_list *t)
2031 {
2032 struct gsm_mux *gsm = timer_container_of(gsm, t, t2_timer);
2033 struct gsm_control *ctrl;
2034 unsigned long flags;
2035 spin_lock_irqsave(&gsm->control_lock, flags);
2036 ctrl = gsm->pending_cmd;
2037 if (ctrl) {
2038 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
2039 gsm->pending_cmd = NULL;
2040 ctrl->error = -ETIMEDOUT;
2041 ctrl->done = 1;
2042 spin_unlock_irqrestore(&gsm->control_lock, flags);
2043 wake_up(&gsm->event);
2044 return;
2045 }
2046 gsm->cretries--;
2047 gsm_control_transmit(gsm, ctrl);
2048 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2049 }
2050 spin_unlock_irqrestore(&gsm->control_lock, flags);
2051 }
2052
2053 /**
2054 * gsm_control_send - send a control frame on DLCI 0
2055 * @gsm: the GSM channel
2056 * @command: command to send including CR bit
2057 * @data: bytes of data (must be kmalloced)
2058 * @clen: length of the block to send
2059 *
2060 * Queue and dispatch a control command. Only one command can be
2061 * active at a time. In theory more can be outstanding but the matching
2062 * gets really complicated so for now stick to one outstanding.
2063 */
2064
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)2065 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
2066 unsigned int command, u8 *data, int clen)
2067 {
2068 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
2069 GFP_ATOMIC);
2070 unsigned long flags;
2071 if (ctrl == NULL)
2072 return NULL;
2073 retry:
2074 wait_event(gsm->event, gsm->pending_cmd == NULL);
2075 spin_lock_irqsave(&gsm->control_lock, flags);
2076 if (gsm->pending_cmd != NULL) {
2077 spin_unlock_irqrestore(&gsm->control_lock, flags);
2078 goto retry;
2079 }
2080 ctrl->cmd = command;
2081 ctrl->data = data;
2082 ctrl->len = clen;
2083 gsm->pending_cmd = ctrl;
2084
2085 /* If DLCI0 is in ADM mode skip retries, it won't respond */
2086 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
2087 gsm->cretries = 0;
2088 else
2089 gsm->cretries = gsm->n2;
2090
2091 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
2092 gsm_control_transmit(gsm, ctrl);
2093 spin_unlock_irqrestore(&gsm->control_lock, flags);
2094 return ctrl;
2095 }
2096
2097 /**
2098 * gsm_control_wait - wait for a control to finish
2099 * @gsm: GSM mux
2100 * @control: control we are waiting on
2101 *
2102 * Waits for the control to complete or time out. Frees any used
2103 * resources and returns 0 for success, or an error if the remote
2104 * rejected or ignored the request.
2105 */
2106
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)2107 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
2108 {
2109 int err;
2110 wait_event(gsm->event, control->done == 1);
2111 err = control->error;
2112 kfree(control);
2113 return err;
2114 }
2115
2116
2117 /*
2118 * DLCI level handling: Needs krefs
2119 */
2120
2121 /*
2122 * State transitions and timers
2123 */
2124
2125 /**
2126 * gsm_dlci_close - a DLCI has closed
2127 * @dlci: DLCI that closed
2128 *
2129 * Perform processing when moving a DLCI into closed state. If there
2130 * is an attached tty this is hung up
2131 */
2132
gsm_dlci_close(struct gsm_dlci * dlci)2133 static void gsm_dlci_close(struct gsm_dlci *dlci)
2134 {
2135 timer_delete(&dlci->t1);
2136 if (debug & DBG_ERRORS)
2137 pr_debug("DLCI %d goes closed.\n", dlci->addr);
2138 dlci->state = DLCI_CLOSED;
2139 /* Prevent us from sending data before the link is up again */
2140 dlci->constipated = true;
2141 if (dlci->addr != 0) {
2142 tty_port_tty_hangup(&dlci->port, false);
2143 gsm_dlci_clear_queues(dlci->gsm, dlci);
2144 /* Ensure that gsmtty_open() can return. */
2145 tty_port_set_initialized(&dlci->port, false);
2146 wake_up_interruptible(&dlci->port.open_wait);
2147 } else {
2148 timer_delete(&dlci->gsm->ka_timer);
2149 dlci->gsm->dead = true;
2150 }
2151 /* A DLCI 0 close is a MUX termination so we need to kick that
2152 back to userspace somehow */
2153 gsm_dlci_data_kick(dlci);
2154 wake_up_all(&dlci->gsm->event);
2155 }
2156
2157 /**
2158 * gsm_dlci_open - a DLCI has opened
2159 * @dlci: DLCI that opened
2160 *
2161 * Perform processing when moving a DLCI into open state.
2162 */
2163
gsm_dlci_open(struct gsm_dlci * dlci)2164 static void gsm_dlci_open(struct gsm_dlci *dlci)
2165 {
2166 struct gsm_mux *gsm = dlci->gsm;
2167
2168 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
2169 open -> open */
2170 timer_delete(&dlci->t1);
2171 /* This will let a tty open continue */
2172 dlci->state = DLCI_OPEN;
2173 dlci->constipated = false;
2174 if (debug & DBG_ERRORS)
2175 pr_debug("DLCI %d goes open.\n", dlci->addr);
2176 /* Send current modem state */
2177 if (dlci->addr) {
2178 gsm_modem_send_initial_msc(dlci);
2179 } else {
2180 /* Start keep-alive control */
2181 gsm->ka_num = 0;
2182 gsm->ka_retries = -1;
2183 mod_timer(&gsm->ka_timer,
2184 jiffies + gsm->keep_alive * HZ / 100);
2185 }
2186 gsm_dlci_data_kick(dlci);
2187 wake_up(&dlci->gsm->event);
2188 }
2189
2190 /**
2191 * gsm_dlci_negotiate - start parameter negotiation
2192 * @dlci: DLCI to open
2193 *
2194 * Starts the parameter negotiation for the new DLCI. This needs to be done
2195 * before the DLCI initialized the channel via SABM.
2196 */
gsm_dlci_negotiate(struct gsm_dlci * dlci)2197 static int gsm_dlci_negotiate(struct gsm_dlci *dlci)
2198 {
2199 struct gsm_mux *gsm = dlci->gsm;
2200 struct gsm_dlci_param_bits params;
2201 int ret;
2202
2203 ret = gsm_encode_params(dlci, ¶ms);
2204 if (ret != 0)
2205 return ret;
2206
2207 /* We cannot asynchronous wait for the command response with
2208 * gsm_command() and gsm_control_wait() at this point.
2209 */
2210 ret = gsm_control_command(gsm, CMD_PN, (const u8 *)¶ms,
2211 sizeof(params));
2212
2213 return ret;
2214 }
2215
2216 /**
2217 * gsm_dlci_t1 - T1 timer expiry
2218 * @t: timer contained in the DLCI that opened
2219 *
2220 * The T1 timer handles retransmits of control frames (essentially of
2221 * SABM and DISC). We resend the command until the retry count runs out
2222 * in which case an opening port goes back to closed and a closing port
2223 * is simply put into closed state (any further frames from the other
2224 * end will get a DM response)
2225 *
2226 * Some control dlci can stay in ADM mode with other dlci working just
2227 * fine. In that case we can just keep the control dlci open after the
2228 * DLCI_OPENING receives DM.
2229 */
2230
gsm_dlci_t1(struct timer_list * t)2231 static void gsm_dlci_t1(struct timer_list *t)
2232 {
2233 struct gsm_dlci *dlci = timer_container_of(dlci, t, t1);
2234 struct gsm_mux *gsm = dlci->gsm;
2235
2236 switch (dlci->state) {
2237 case DLCI_CONFIGURE:
2238 if (dlci->retries && gsm_dlci_negotiate(dlci) == 0) {
2239 dlci->retries--;
2240 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2241 } else {
2242 gsm->open_error++;
2243 gsm_dlci_begin_close(dlci); /* prevent half open link */
2244 }
2245 break;
2246 case DLCI_OPENING:
2247 if (!dlci->addr && gsm->control == (DM | PF)) {
2248 if (debug & DBG_ERRORS)
2249 pr_info("DLCI 0 opening in ADM mode.\n");
2250 dlci->mode = DLCI_MODE_ADM;
2251 gsm_dlci_open(dlci);
2252 } else if (dlci->retries) {
2253 if (!dlci->addr || !gsm->dlci[0] ||
2254 gsm->dlci[0]->state != DLCI_OPENING) {
2255 dlci->retries--;
2256 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
2257 }
2258
2259 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2260 } else {
2261 gsm->open_error++;
2262 gsm_dlci_begin_close(dlci); /* prevent half open link */
2263 }
2264
2265 break;
2266 case DLCI_CLOSING:
2267 if (dlci->retries) {
2268 dlci->retries--;
2269 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2270 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2271 } else
2272 gsm_dlci_close(dlci);
2273 break;
2274 default:
2275 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
2276 break;
2277 }
2278 }
2279
2280 /**
2281 * gsm_dlci_begin_open - start channel open procedure
2282 * @dlci: DLCI to open
2283 *
2284 * Commence opening a DLCI from the Linux side. We issue SABM messages
2285 * to the modem which should then reply with a UA or ADM, at which point
2286 * we will move into open state. Opening is done asynchronously with retry
2287 * running off timers and the responses.
2288 * Parameter negotiation is performed before SABM if required.
2289 */
2290
gsm_dlci_begin_open(struct gsm_dlci * dlci)2291 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
2292 {
2293 struct gsm_mux *gsm = dlci ? dlci->gsm : NULL;
2294 bool need_pn = false;
2295
2296 if (!gsm)
2297 return;
2298
2299 if (dlci->addr != 0) {
2300 if (gsm->adaption != 1 || gsm->adaption != dlci->adaption)
2301 need_pn = true;
2302 if (dlci->prio != (roundup(dlci->addr + 1, 8) - 1))
2303 need_pn = true;
2304 if (gsm->ftype != dlci->ftype)
2305 need_pn = true;
2306 }
2307
2308 switch (dlci->state) {
2309 case DLCI_CLOSED:
2310 case DLCI_WAITING_CONFIG:
2311 case DLCI_CLOSING:
2312 dlci->retries = gsm->n2;
2313 if (!need_pn) {
2314 dlci->state = DLCI_OPENING;
2315 if (!dlci->addr || !gsm->dlci[0] ||
2316 gsm->dlci[0]->state != DLCI_OPENING)
2317 gsm_command(gsm, dlci->addr, SABM|PF);
2318 } else {
2319 /* Configure DLCI before setup */
2320 dlci->state = DLCI_CONFIGURE;
2321 if (gsm_dlci_negotiate(dlci) != 0) {
2322 gsm_dlci_close(dlci);
2323 return;
2324 }
2325 }
2326 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2327 break;
2328 default:
2329 break;
2330 }
2331 }
2332
2333 /**
2334 * gsm_dlci_set_opening - change state to opening
2335 * @dlci: DLCI to open
2336 *
2337 * Change internal state to wait for DLCI open from initiator side.
2338 * We set off timers and responses upon reception of an SABM.
2339 */
gsm_dlci_set_opening(struct gsm_dlci * dlci)2340 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
2341 {
2342 switch (dlci->state) {
2343 case DLCI_CLOSED:
2344 case DLCI_WAITING_CONFIG:
2345 case DLCI_CLOSING:
2346 dlci->state = DLCI_OPENING;
2347 break;
2348 default:
2349 break;
2350 }
2351 }
2352
2353 /**
2354 * gsm_dlci_set_wait_config - wait for channel configuration
2355 * @dlci: DLCI to configure
2356 *
2357 * Wait for a DLCI configuration from the application.
2358 */
gsm_dlci_set_wait_config(struct gsm_dlci * dlci)2359 static void gsm_dlci_set_wait_config(struct gsm_dlci *dlci)
2360 {
2361 switch (dlci->state) {
2362 case DLCI_CLOSED:
2363 case DLCI_CLOSING:
2364 dlci->state = DLCI_WAITING_CONFIG;
2365 break;
2366 default:
2367 break;
2368 }
2369 }
2370
2371 /**
2372 * gsm_dlci_begin_close - start channel open procedure
2373 * @dlci: DLCI to open
2374 *
2375 * Commence closing a DLCI from the Linux side. We issue DISC messages
2376 * to the modem which should then reply with a UA, at which point we
2377 * will move into closed state. Closing is done asynchronously with retry
2378 * off timers. We may also receive a DM reply from the other end which
2379 * indicates the channel was already closed.
2380 */
2381
gsm_dlci_begin_close(struct gsm_dlci * dlci)2382 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
2383 {
2384 struct gsm_mux *gsm = dlci->gsm;
2385 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
2386 return;
2387 dlci->retries = gsm->n2;
2388 dlci->state = DLCI_CLOSING;
2389 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
2390 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
2391 wake_up_interruptible(&gsm->event);
2392 }
2393
2394 /**
2395 * gsm_dlci_data - data arrived
2396 * @dlci: channel
2397 * @data: block of bytes received
2398 * @clen: length of received block
2399 *
2400 * A UI or UIH frame has arrived which contains data for a channel
2401 * other than the control channel. If the relevant virtual tty is
2402 * open we shovel the bits down it, if not we drop them.
2403 */
2404
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)2405 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
2406 {
2407 /* krefs .. */
2408 struct tty_port *port = &dlci->port;
2409 struct tty_struct *tty;
2410 unsigned int modem = 0;
2411 int len;
2412
2413 if (debug & DBG_TTY)
2414 pr_debug("%d bytes for tty\n", clen);
2415 switch (dlci->adaption) {
2416 /* Unsupported types */
2417 case 4: /* Packetised interruptible data */
2418 break;
2419 case 3: /* Packetised uininterruptible voice/data */
2420 break;
2421 case 2: /* Asynchronous serial with line state in each frame */
2422 len = gsm_read_ea_val(&modem, data, clen);
2423 if (len < 1)
2424 return;
2425 tty = tty_port_tty_get(port);
2426 if (tty) {
2427 gsm_process_modem(tty, dlci, modem, len);
2428 tty_wakeup(tty);
2429 tty_kref_put(tty);
2430 }
2431 /* Skip processed modem data */
2432 data += len;
2433 clen -= len;
2434 fallthrough;
2435 case 1: /* Line state will go via DLCI 0 controls only */
2436 default:
2437 tty_insert_flip_string(port, data, clen);
2438 tty_flip_buffer_push(port);
2439 }
2440 }
2441
2442 /**
2443 * gsm_dlci_command - data arrived on control channel
2444 * @dlci: channel
2445 * @data: block of bytes received
2446 * @len: length of received block
2447 *
2448 * A UI or UIH frame has arrived which contains data for DLCI 0 the
2449 * control channel. This should contain a command EA followed by
2450 * control data bytes. The command EA contains a command/response bit
2451 * and we divide up the work accordingly.
2452 */
2453
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)2454 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
2455 {
2456 /* See what command is involved */
2457 unsigned int command = 0;
2458 unsigned int clen = 0;
2459 unsigned int dlen;
2460
2461 /* read the command */
2462 dlen = gsm_read_ea_val(&command, data, len);
2463 len -= dlen;
2464 data += dlen;
2465
2466 /* read any control data */
2467 dlen = gsm_read_ea_val(&clen, data, len);
2468 len -= dlen;
2469 data += dlen;
2470
2471 /* Malformed command? */
2472 if (clen > len) {
2473 dlci->gsm->malformed++;
2474 return;
2475 }
2476
2477 if (command & 1)
2478 gsm_control_message(dlci->gsm, command, data, clen);
2479 else
2480 gsm_control_response(dlci->gsm, command, data, clen);
2481 }
2482
2483 /**
2484 * gsm_kick_timer - transmit if possible
2485 * @t: timer contained in our gsm object
2486 *
2487 * Transmit data from DLCIs if the queue is empty. We can't rely on
2488 * a tty wakeup except when we filled the pipe so we need to fire off
2489 * new data ourselves in other cases.
2490 */
gsm_kick_timer(struct timer_list * t)2491 static void gsm_kick_timer(struct timer_list *t)
2492 {
2493 struct gsm_mux *gsm = timer_container_of(gsm, t, kick_timer);
2494 unsigned long flags;
2495 int sent = 0;
2496
2497 spin_lock_irqsave(&gsm->tx_lock, flags);
2498 /* If we have nothing running then we need to fire up */
2499 if (gsm->tx_bytes < TX_THRESH_LO)
2500 sent = gsm_dlci_data_sweep(gsm);
2501 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2502
2503 if (sent && debug & DBG_DATA)
2504 pr_info("%s TX queue stalled\n", __func__);
2505 }
2506
2507 /**
2508 * gsm_dlci_copy_config_values - copy DLCI configuration
2509 * @dlci: source DLCI
2510 * @dc: configuration structure to fill
2511 */
gsm_dlci_copy_config_values(struct gsm_dlci * dlci,struct gsm_dlci_config * dc)2512 static void gsm_dlci_copy_config_values(struct gsm_dlci *dlci, struct gsm_dlci_config *dc)
2513 {
2514 memset(dc, 0, sizeof(*dc));
2515 dc->channel = (u32)dlci->addr;
2516 dc->adaption = (u32)dlci->adaption;
2517 dc->mtu = (u32)dlci->mtu;
2518 dc->priority = (u32)dlci->prio;
2519 if (dlci->ftype == UIH)
2520 dc->i = 1;
2521 else
2522 dc->i = 2;
2523 dc->k = (u32)dlci->k;
2524 }
2525
2526 /**
2527 * gsm_dlci_config - configure DLCI from configuration
2528 * @dlci: DLCI to configure
2529 * @dc: DLCI configuration
2530 * @open: open DLCI after configuration?
2531 */
gsm_dlci_config(struct gsm_dlci * dlci,struct gsm_dlci_config * dc,int open)2532 static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, int open)
2533 {
2534 struct gsm_mux *gsm;
2535 bool need_restart = false;
2536 bool need_open = false;
2537 unsigned int i;
2538
2539 /*
2540 * Check that userspace doesn't put stuff in here to prevent breakages
2541 * in the future.
2542 */
2543 for (i = 0; i < ARRAY_SIZE(dc->reserved); i++)
2544 if (dc->reserved[i])
2545 return -EINVAL;
2546
2547 if (!dlci)
2548 return -EINVAL;
2549 gsm = dlci->gsm;
2550
2551 /* Stuff we don't support yet - I frame transport */
2552 if (dc->adaption != 1 && dc->adaption != 2)
2553 return -EOPNOTSUPP;
2554 if (dc->mtu > MAX_MTU || dc->mtu < MIN_MTU || dc->mtu > gsm->mru)
2555 return -EINVAL;
2556 if (dc->priority >= 64)
2557 return -EINVAL;
2558 if (dc->i == 0 || dc->i > 2) /* UIH and UI only */
2559 return -EINVAL;
2560 if (dc->k > 7)
2561 return -EINVAL;
2562 if (dc->flags & ~GSM_FL_RESTART) /* allow future extensions */
2563 return -EINVAL;
2564
2565 /*
2566 * See what is needed for reconfiguration
2567 */
2568 /* Framing fields */
2569 if (dc->adaption != dlci->adaption)
2570 need_restart = true;
2571 if (dc->mtu != dlci->mtu)
2572 need_restart = true;
2573 if (dc->i != dlci->ftype)
2574 need_restart = true;
2575 /* Requires care */
2576 if (dc->priority != dlci->prio)
2577 need_restart = true;
2578 if (dc->flags & GSM_FL_RESTART)
2579 need_restart = true;
2580
2581 if ((open && gsm->wait_config) || need_restart)
2582 need_open = true;
2583 if (dlci->state == DLCI_WAITING_CONFIG) {
2584 need_restart = false;
2585 need_open = true;
2586 }
2587
2588 /*
2589 * Close down what is needed, restart and initiate the new
2590 * configuration.
2591 */
2592 if (need_restart) {
2593 gsm_dlci_begin_close(dlci);
2594 wait_event_interruptible(gsm->event, dlci->state == DLCI_CLOSED);
2595 if (signal_pending(current))
2596 return -EINTR;
2597 }
2598 /*
2599 * Setup the new configuration values
2600 */
2601 dlci->adaption = (int)dc->adaption;
2602
2603 if (dc->mtu)
2604 dlci->mtu = (unsigned int)dc->mtu;
2605 else
2606 dlci->mtu = gsm->mtu;
2607
2608 if (dc->priority)
2609 dlci->prio = (u8)dc->priority;
2610 else
2611 dlci->prio = roundup(dlci->addr + 1, 8) - 1;
2612
2613 if (dc->i == 1)
2614 dlci->ftype = UIH;
2615 else if (dc->i == 2)
2616 dlci->ftype = UI;
2617
2618 if (dc->k)
2619 dlci->k = (u8)dc->k;
2620 else
2621 dlci->k = gsm->k;
2622
2623 if (need_open) {
2624 if (gsm->initiator)
2625 gsm_dlci_begin_open(dlci);
2626 else
2627 gsm_dlci_set_opening(dlci);
2628 }
2629
2630 return 0;
2631 }
2632
2633 /*
2634 * Allocate/Free DLCI channels
2635 */
2636
2637 /**
2638 * gsm_dlci_alloc - allocate a DLCI
2639 * @gsm: GSM mux
2640 * @addr: address of the DLCI
2641 *
2642 * Allocate and install a new DLCI object into the GSM mux.
2643 *
2644 * FIXME: review locking races
2645 */
2646
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)2647 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2648 {
2649 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2650 if (dlci == NULL)
2651 return NULL;
2652 spin_lock_init(&dlci->lock);
2653 mutex_init(&dlci->mutex);
2654 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
2655 kfree(dlci);
2656 return NULL;
2657 }
2658
2659 skb_queue_head_init(&dlci->skb_list);
2660 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
2661 tty_port_init(&dlci->port);
2662 dlci->port.ops = &gsm_port_ops;
2663 dlci->gsm = gsm;
2664 dlci->addr = addr;
2665 dlci->adaption = gsm->adaption;
2666 dlci->mtu = gsm->mtu;
2667 if (addr == 0)
2668 dlci->prio = 0;
2669 else
2670 dlci->prio = roundup(addr + 1, 8) - 1;
2671 dlci->ftype = gsm->ftype;
2672 dlci->k = gsm->k;
2673 dlci->state = DLCI_CLOSED;
2674 if (addr) {
2675 dlci->data = gsm_dlci_data;
2676 /* Prevent us from sending data before the link is up */
2677 dlci->constipated = true;
2678 } else {
2679 dlci->data = gsm_dlci_command;
2680 }
2681 gsm->dlci[addr] = dlci;
2682 return dlci;
2683 }
2684
2685 /**
2686 * gsm_dlci_free - free DLCI
2687 * @port: tty port for DLCI to free
2688 *
2689 * Free up a DLCI.
2690 *
2691 * Can sleep.
2692 */
gsm_dlci_free(struct tty_port * port)2693 static void gsm_dlci_free(struct tty_port *port)
2694 {
2695 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2696
2697 timer_shutdown_sync(&dlci->t1);
2698 dlci->gsm->dlci[dlci->addr] = NULL;
2699 kfifo_free(&dlci->fifo);
2700 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
2701 dev_kfree_skb(dlci->skb);
2702 kfree(dlci);
2703 }
2704
dlci_get(struct gsm_dlci * dlci)2705 static inline void dlci_get(struct gsm_dlci *dlci)
2706 {
2707 tty_port_get(&dlci->port);
2708 }
2709
dlci_put(struct gsm_dlci * dlci)2710 static inline void dlci_put(struct gsm_dlci *dlci)
2711 {
2712 tty_port_put(&dlci->port);
2713 }
2714
2715 static void gsm_destroy_network(struct gsm_dlci *dlci);
2716
2717 /**
2718 * gsm_dlci_release - release DLCI
2719 * @dlci: DLCI to destroy
2720 *
2721 * Release a DLCI. Actual free is deferred until either
2722 * mux is closed or tty is closed - whichever is last.
2723 *
2724 * Can sleep.
2725 */
gsm_dlci_release(struct gsm_dlci * dlci)2726 static void gsm_dlci_release(struct gsm_dlci *dlci)
2727 {
2728 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2729 if (tty) {
2730 mutex_lock(&dlci->mutex);
2731 gsm_destroy_network(dlci);
2732 mutex_unlock(&dlci->mutex);
2733
2734 /* We cannot use tty_hangup() because in tty_kref_put() the tty
2735 * driver assumes that the hangup queue is free and reuses it to
2736 * queue release_one_tty() -> NULL pointer panic in
2737 * process_one_work().
2738 */
2739 tty_vhangup(tty);
2740
2741 tty_port_tty_set(&dlci->port, NULL);
2742 tty_kref_put(tty);
2743 }
2744 dlci->state = DLCI_CLOSED;
2745 dlci_put(dlci);
2746 }
2747
2748 /*
2749 * LAPBish link layer logic
2750 */
2751
2752 /**
2753 * gsm_queue - a GSM frame is ready to process
2754 * @gsm: pointer to our gsm mux
2755 *
2756 * At this point in time a frame has arrived and been demangled from
2757 * the line encoding. All the differences between the encodings have
2758 * been handled below us and the frame is unpacked into the structures.
2759 * The fcs holds the header FCS but any data FCS must be added here.
2760 */
2761
gsm_queue(struct gsm_mux * gsm)2762 static void gsm_queue(struct gsm_mux *gsm)
2763 {
2764 struct gsm_dlci *dlci;
2765 u8 cr;
2766 int address;
2767
2768 if (gsm->fcs != GOOD_FCS) {
2769 gsm->bad_fcs++;
2770 if (debug & DBG_DATA)
2771 pr_debug("BAD FCS %02x\n", gsm->fcs);
2772 return;
2773 }
2774 address = gsm->address >> 1;
2775 if (address >= NUM_DLCI)
2776 goto invalid;
2777
2778 cr = gsm->address & 1; /* C/R bit */
2779 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
2780
2781 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2782
2783 dlci = gsm->dlci[address];
2784
2785 switch (gsm->control) {
2786 case SABM|PF:
2787 if (cr == 1) {
2788 gsm->open_error++;
2789 goto invalid;
2790 }
2791 if (dlci == NULL)
2792 dlci = gsm_dlci_alloc(gsm, address);
2793 if (dlci == NULL) {
2794 gsm->open_error++;
2795 return;
2796 }
2797 if (dlci->dead)
2798 gsm_response(gsm, address, DM|PF);
2799 else {
2800 gsm_response(gsm, address, UA|PF);
2801 gsm_dlci_open(dlci);
2802 }
2803 break;
2804 case DISC|PF:
2805 if (cr == 1)
2806 goto invalid;
2807 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
2808 gsm_response(gsm, address, DM|PF);
2809 return;
2810 }
2811 /* Real close complete */
2812 gsm_response(gsm, address, UA|PF);
2813 gsm_dlci_close(dlci);
2814 break;
2815 case UA|PF:
2816 if (cr == 0 || dlci == NULL)
2817 break;
2818 switch (dlci->state) {
2819 case DLCI_CLOSING:
2820 gsm_dlci_close(dlci);
2821 break;
2822 case DLCI_OPENING:
2823 gsm_dlci_open(dlci);
2824 break;
2825 default:
2826 pr_debug("%s: unhandled state: %d\n", __func__,
2827 dlci->state);
2828 break;
2829 }
2830 break;
2831 case DM: /* DM can be valid unsolicited */
2832 case DM|PF:
2833 if (cr)
2834 goto invalid;
2835 if (dlci == NULL)
2836 return;
2837 gsm_dlci_close(dlci);
2838 break;
2839 case UI:
2840 case UI|PF:
2841 case UIH:
2842 case UIH|PF:
2843 if (dlci == NULL || dlci->state != DLCI_OPEN) {
2844 gsm_response(gsm, address, DM|PF);
2845 return;
2846 }
2847 dlci->data(dlci, gsm->buf, gsm->len);
2848 break;
2849 default:
2850 goto invalid;
2851 }
2852 return;
2853 invalid:
2854 gsm->malformed++;
2855 return;
2856 }
2857
2858 /**
2859 * gsm0_receive_state_check_and_fix - check and correct receive state
2860 * @gsm: gsm data for this ldisc instance
2861 *
2862 * Ensures that the current receive state is valid for basic option mode.
2863 */
2864
gsm0_receive_state_check_and_fix(struct gsm_mux * gsm)2865 static void gsm0_receive_state_check_and_fix(struct gsm_mux *gsm)
2866 {
2867 switch (gsm->state) {
2868 case GSM_SEARCH:
2869 case GSM0_ADDRESS:
2870 case GSM0_CONTROL:
2871 case GSM0_LEN0:
2872 case GSM0_LEN1:
2873 case GSM0_DATA:
2874 case GSM0_FCS:
2875 case GSM0_SSOF:
2876 break;
2877 default:
2878 gsm->state = GSM_SEARCH;
2879 break;
2880 }
2881 }
2882
2883 /**
2884 * gsm0_receive - perform processing for non-transparency
2885 * @gsm: gsm data for this ldisc instance
2886 * @c: character
2887 *
2888 * Receive bytes in gsm mode 0
2889 */
2890
gsm0_receive(struct gsm_mux * gsm,u8 c)2891 static void gsm0_receive(struct gsm_mux *gsm, u8 c)
2892 {
2893 unsigned int len;
2894
2895 gsm0_receive_state_check_and_fix(gsm);
2896 switch (gsm->state) {
2897 case GSM_SEARCH: /* SOF marker */
2898 if (c == GSM0_SOF) {
2899 gsm->state = GSM0_ADDRESS;
2900 gsm->address = 0;
2901 gsm->len = 0;
2902 gsm->fcs = INIT_FCS;
2903 }
2904 break;
2905 case GSM0_ADDRESS: /* Address EA */
2906 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2907 if (gsm_read_ea(&gsm->address, c))
2908 gsm->state = GSM0_CONTROL;
2909 break;
2910 case GSM0_CONTROL: /* Control Byte */
2911 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2912 gsm->control = c;
2913 gsm->state = GSM0_LEN0;
2914 break;
2915 case GSM0_LEN0: /* Length EA */
2916 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2917 if (gsm_read_ea(&gsm->len, c)) {
2918 if (gsm->len > gsm->mru) {
2919 gsm->bad_size++;
2920 gsm->state = GSM_SEARCH;
2921 break;
2922 }
2923 gsm->count = 0;
2924 if (!gsm->len)
2925 gsm->state = GSM0_FCS;
2926 else
2927 gsm->state = GSM0_DATA;
2928 break;
2929 }
2930 gsm->state = GSM0_LEN1;
2931 break;
2932 case GSM0_LEN1:
2933 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2934 len = c;
2935 gsm->len |= len << 7;
2936 if (gsm->len > gsm->mru) {
2937 gsm->bad_size++;
2938 gsm->state = GSM_SEARCH;
2939 break;
2940 }
2941 gsm->count = 0;
2942 if (!gsm->len)
2943 gsm->state = GSM0_FCS;
2944 else
2945 gsm->state = GSM0_DATA;
2946 break;
2947 case GSM0_DATA: /* Data */
2948 gsm->buf[gsm->count++] = c;
2949 if (gsm->count >= MAX_MRU) {
2950 gsm->bad_size++;
2951 gsm->state = GSM_SEARCH;
2952 } else if (gsm->count >= gsm->len) {
2953 /* Calculate final FCS for UI frames over all data */
2954 if ((gsm->control & ~PF) != UIH) {
2955 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2956 gsm->count);
2957 }
2958 gsm->state = GSM0_FCS;
2959 }
2960 break;
2961 case GSM0_FCS: /* FCS follows the packet */
2962 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2963 gsm->state = GSM0_SSOF;
2964 break;
2965 case GSM0_SSOF:
2966 gsm->state = GSM_SEARCH;
2967 if (c == GSM0_SOF)
2968 gsm_queue(gsm);
2969 else
2970 gsm->bad_size++;
2971 break;
2972 default:
2973 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2974 break;
2975 }
2976 }
2977
2978 /**
2979 * gsm1_receive_state_check_and_fix - check and correct receive state
2980 * @gsm: gsm data for this ldisc instance
2981 *
2982 * Ensures that the current receive state is valid for advanced option mode.
2983 */
2984
gsm1_receive_state_check_and_fix(struct gsm_mux * gsm)2985 static void gsm1_receive_state_check_and_fix(struct gsm_mux *gsm)
2986 {
2987 switch (gsm->state) {
2988 case GSM_SEARCH:
2989 case GSM1_START:
2990 case GSM1_ADDRESS:
2991 case GSM1_CONTROL:
2992 case GSM1_DATA:
2993 case GSM1_OVERRUN:
2994 break;
2995 default:
2996 gsm->state = GSM_SEARCH;
2997 break;
2998 }
2999 }
3000
3001 /**
3002 * gsm1_receive - perform processing for non-transparency
3003 * @gsm: gsm data for this ldisc instance
3004 * @c: character
3005 *
3006 * Receive bytes in mode 1 (Advanced option)
3007 */
3008
gsm1_receive(struct gsm_mux * gsm,u8 c)3009 static void gsm1_receive(struct gsm_mux *gsm, u8 c)
3010 {
3011 gsm1_receive_state_check_and_fix(gsm);
3012 /* handle XON/XOFF */
3013 if ((c & ISO_IEC_646_MASK) == XON) {
3014 gsm->constipated = true;
3015 return;
3016 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
3017 gsm->constipated = false;
3018 /* Kick the link in case it is idling */
3019 gsmld_write_trigger(gsm);
3020 return;
3021 }
3022 if (c == GSM1_SOF) {
3023 /* EOF is only valid in frame if we have got to the data state */
3024 if (gsm->state == GSM1_DATA) {
3025 if (gsm->count < 1) {
3026 /* Missing FSC */
3027 gsm->malformed++;
3028 gsm->state = GSM1_START;
3029 return;
3030 }
3031 /* Remove the FCS from data */
3032 gsm->count--;
3033 if ((gsm->control & ~PF) != UIH) {
3034 /* Calculate final FCS for UI frames over all
3035 * data but FCS
3036 */
3037 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
3038 gsm->count);
3039 }
3040 /* Add the FCS itself to test against GOOD_FCS */
3041 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
3042 gsm->len = gsm->count;
3043 gsm_queue(gsm);
3044 gsm->state = GSM1_START;
3045 return;
3046 }
3047 /* Any partial frame was a runt so go back to start */
3048 if (gsm->state != GSM1_START) {
3049 if (gsm->state != GSM_SEARCH)
3050 gsm->malformed++;
3051 gsm->state = GSM1_START;
3052 }
3053 /* A SOF in GSM_START means we are still reading idling or
3054 framing bytes */
3055 return;
3056 }
3057
3058 if (c == GSM1_ESCAPE) {
3059 gsm->escape = true;
3060 return;
3061 }
3062
3063 /* Only an unescaped SOF gets us out of GSM search */
3064 if (gsm->state == GSM_SEARCH)
3065 return;
3066
3067 if (gsm->escape) {
3068 c ^= GSM1_ESCAPE_BITS;
3069 gsm->escape = false;
3070 }
3071 switch (gsm->state) {
3072 case GSM1_START: /* First byte after SOF */
3073 gsm->address = 0;
3074 gsm->state = GSM1_ADDRESS;
3075 gsm->fcs = INIT_FCS;
3076 fallthrough;
3077 case GSM1_ADDRESS: /* Address continuation */
3078 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3079 if (gsm_read_ea(&gsm->address, c))
3080 gsm->state = GSM1_CONTROL;
3081 break;
3082 case GSM1_CONTROL: /* Control Byte */
3083 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
3084 gsm->control = c;
3085 gsm->count = 0;
3086 gsm->state = GSM1_DATA;
3087 break;
3088 case GSM1_DATA: /* Data */
3089 if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */
3090 gsm->state = GSM1_OVERRUN;
3091 gsm->bad_size++;
3092 } else
3093 gsm->buf[gsm->count++] = c;
3094 break;
3095 case GSM1_OVERRUN: /* Over-long - eg a dropped SOF */
3096 break;
3097 default:
3098 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
3099 break;
3100 }
3101 }
3102
3103 /**
3104 * gsm_error - handle tty error
3105 * @gsm: ldisc data
3106 *
3107 * Handle an error in the receipt of data for a frame. Currently we just
3108 * go back to hunting for a SOF.
3109 *
3110 * FIXME: better diagnostics ?
3111 */
3112
gsm_error(struct gsm_mux * gsm)3113 static void gsm_error(struct gsm_mux *gsm)
3114 {
3115 gsm->state = GSM_SEARCH;
3116 gsm->io_error++;
3117 }
3118
3119 /**
3120 * gsm_cleanup_mux - generic GSM protocol cleanup
3121 * @gsm: our mux
3122 * @disc: disconnect link?
3123 *
3124 * Clean up the bits of the mux which are the same for all framing
3125 * protocols. Remove the mux from the mux table, stop all the timers
3126 * and then shut down each device hanging up the channels as we go.
3127 */
3128
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)3129 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
3130 {
3131 int i;
3132 struct gsm_dlci *dlci;
3133 struct gsm_msg *txq, *ntxq;
3134
3135 gsm->dead = true;
3136 mutex_lock(&gsm->mutex);
3137
3138 dlci = gsm->dlci[0];
3139 if (dlci) {
3140 if (disc && dlci->state != DLCI_CLOSED) {
3141 gsm_dlci_begin_close(dlci);
3142 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
3143 }
3144 dlci->dead = true;
3145 }
3146
3147 /* Finish outstanding timers, making sure they are done */
3148 timer_delete_sync(&gsm->kick_timer);
3149 timer_delete_sync(&gsm->t2_timer);
3150 timer_delete_sync(&gsm->ka_timer);
3151
3152 /* Finish writing to ldisc */
3153 flush_work(&gsm->tx_work);
3154
3155 /* Free up any link layer users and finally the control channel */
3156 if (gsm->has_devices) {
3157 gsm_unregister_devices(gsm_tty_driver, gsm->num);
3158 gsm->has_devices = false;
3159 }
3160 for (i = NUM_DLCI - 1; i >= 0; i--)
3161 if (gsm->dlci[i])
3162 gsm_dlci_release(gsm->dlci[i]);
3163 mutex_unlock(&gsm->mutex);
3164 /* Now wipe the queues */
3165 tty_ldisc_flush(gsm->tty);
3166
3167 guard(spinlock_irqsave)(&gsm->tx_lock);
3168 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
3169 kfree(txq);
3170 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3171 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
3172 kfree(txq);
3173 INIT_LIST_HEAD(&gsm->tx_data_list);
3174 }
3175
3176 /**
3177 * gsm_activate_mux - generic GSM setup
3178 * @gsm: our mux
3179 *
3180 * Set up the bits of the mux which are the same for all framing
3181 * protocols. Add the mux to the mux table so it can be opened and
3182 * finally kick off connecting to DLCI 0 on the modem.
3183 */
3184
gsm_activate_mux(struct gsm_mux * gsm)3185 static int gsm_activate_mux(struct gsm_mux *gsm)
3186 {
3187 struct gsm_dlci *dlci;
3188 int ret;
3189
3190 dlci = gsm_dlci_alloc(gsm, 0);
3191 if (dlci == NULL)
3192 return -ENOMEM;
3193
3194 if (gsm->encoding == GSM_BASIC_OPT)
3195 gsm->receive = gsm0_receive;
3196 else
3197 gsm->receive = gsm1_receive;
3198
3199 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
3200 if (ret)
3201 return ret;
3202
3203 gsm->has_devices = true;
3204 gsm->dead = false; /* Tty opens are now permissible */
3205 return 0;
3206 }
3207
3208 /**
3209 * gsm_free_mux - free up a mux
3210 * @gsm: mux to free
3211 *
3212 * Dispose of allocated resources for a dead mux
3213 */
gsm_free_mux(struct gsm_mux * gsm)3214 static void gsm_free_mux(struct gsm_mux *gsm)
3215 {
3216 int i;
3217
3218 for (i = 0; i < MAX_MUX; i++) {
3219 if (gsm == gsm_mux[i]) {
3220 gsm_mux[i] = NULL;
3221 break;
3222 }
3223 }
3224 mutex_destroy(&gsm->mutex);
3225 kfree(gsm->txframe);
3226 kfree(gsm->buf);
3227 kfree(gsm);
3228 }
3229
3230 /**
3231 * gsm_free_muxr - free up a mux
3232 * @ref: kreference to the mux to free
3233 *
3234 * Dispose of allocated resources for a dead mux
3235 */
gsm_free_muxr(struct kref * ref)3236 static void gsm_free_muxr(struct kref *ref)
3237 {
3238 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
3239 gsm_free_mux(gsm);
3240 }
3241
mux_get(struct gsm_mux * gsm)3242 static inline void mux_get(struct gsm_mux *gsm)
3243 {
3244 unsigned long flags;
3245
3246 spin_lock_irqsave(&gsm_mux_lock, flags);
3247 kref_get(&gsm->ref);
3248 spin_unlock_irqrestore(&gsm_mux_lock, flags);
3249 }
3250
mux_put(struct gsm_mux * gsm)3251 static inline void mux_put(struct gsm_mux *gsm)
3252 {
3253 unsigned long flags;
3254
3255 spin_lock_irqsave(&gsm_mux_lock, flags);
3256 kref_put(&gsm->ref, gsm_free_muxr);
3257 spin_unlock_irqrestore(&gsm_mux_lock, flags);
3258 }
3259
mux_num_to_base(struct gsm_mux * gsm)3260 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
3261 {
3262 return gsm->num * NUM_DLCI;
3263 }
3264
mux_line_to_num(unsigned int line)3265 static inline unsigned int mux_line_to_num(unsigned int line)
3266 {
3267 return line / NUM_DLCI;
3268 }
3269
3270 /**
3271 * gsm_alloc_mux - allocate a mux
3272 *
3273 * Creates a new mux ready for activation.
3274 */
3275
gsm_alloc_mux(void)3276 static struct gsm_mux *gsm_alloc_mux(void)
3277 {
3278 int i;
3279 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
3280 if (gsm == NULL)
3281 return NULL;
3282 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
3283 if (gsm->buf == NULL) {
3284 kfree(gsm);
3285 return NULL;
3286 }
3287 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
3288 if (gsm->txframe == NULL) {
3289 kfree(gsm->buf);
3290 kfree(gsm);
3291 return NULL;
3292 }
3293 spin_lock_init(&gsm->lock);
3294 mutex_init(&gsm->mutex);
3295 kref_init(&gsm->ref);
3296 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
3297 INIT_LIST_HEAD(&gsm->tx_data_list);
3298 timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
3299 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
3300 timer_setup(&gsm->ka_timer, gsm_control_keep_alive, 0);
3301 INIT_WORK(&gsm->tx_work, gsmld_write_task);
3302 init_waitqueue_head(&gsm->event);
3303 spin_lock_init(&gsm->control_lock);
3304 spin_lock_init(&gsm->tx_lock);
3305
3306 gsm->t1 = T1;
3307 gsm->t2 = T2;
3308 gsm->t3 = T3;
3309 gsm->n2 = N2;
3310 gsm->k = K;
3311 gsm->ftype = UIH;
3312 gsm->adaption = 1;
3313 gsm->encoding = GSM_ADV_OPT;
3314 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
3315 gsm->mtu = 64;
3316 gsm->dead = true; /* Avoid early tty opens */
3317 gsm->wait_config = false; /* Disabled */
3318 gsm->keep_alive = 0; /* Disabled */
3319
3320 /* Store the instance to the mux array or abort if no space is
3321 * available.
3322 */
3323 spin_lock(&gsm_mux_lock);
3324 for (i = 0; i < MAX_MUX; i++) {
3325 if (!gsm_mux[i]) {
3326 gsm_mux[i] = gsm;
3327 gsm->num = i;
3328 break;
3329 }
3330 }
3331 spin_unlock(&gsm_mux_lock);
3332 if (i == MAX_MUX) {
3333 mutex_destroy(&gsm->mutex);
3334 kfree(gsm->txframe);
3335 kfree(gsm->buf);
3336 kfree(gsm);
3337 return NULL;
3338 }
3339
3340 return gsm;
3341 }
3342
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)3343 static void gsm_copy_config_values(struct gsm_mux *gsm,
3344 struct gsm_config *c)
3345 {
3346 memset(c, 0, sizeof(*c));
3347 c->adaption = gsm->adaption;
3348 c->encapsulation = gsm->encoding;
3349 c->initiator = gsm->initiator;
3350 c->t1 = gsm->t1;
3351 c->t2 = gsm->t2;
3352 c->t3 = gsm->t3;
3353 c->n2 = gsm->n2;
3354 if (gsm->ftype == UIH)
3355 c->i = 1;
3356 else
3357 c->i = 2;
3358 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
3359 c->mru = gsm->mru;
3360 c->mtu = gsm->mtu;
3361 c->k = gsm->k;
3362 }
3363
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)3364 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
3365 {
3366 int need_close = 0;
3367 int need_restart = 0;
3368
3369 /* Stuff we don't support yet - UI or I frame transport */
3370 if (c->adaption != 1 && c->adaption != 2)
3371 return -EOPNOTSUPP;
3372 /* Check the MRU/MTU range looks sane */
3373 if (c->mru < MIN_MTU || c->mtu < MIN_MTU)
3374 return -EINVAL;
3375 if (c->mru > MAX_MRU || c->mtu > MAX_MTU)
3376 return -EINVAL;
3377 if (c->t3 > MAX_T3)
3378 return -EINVAL;
3379 if (c->n2 > 255)
3380 return -EINVAL;
3381 if (c->encapsulation > 1) /* Basic, advanced, no I */
3382 return -EINVAL;
3383 if (c->initiator > 1)
3384 return -EINVAL;
3385 if (c->k > MAX_WINDOW_SIZE)
3386 return -EINVAL;
3387 if (c->i == 0 || c->i > 2) /* UIH and UI only */
3388 return -EINVAL;
3389 /*
3390 * See what is needed for reconfiguration
3391 */
3392
3393 /* Timing fields */
3394 if (c->t1 != 0 && c->t1 != gsm->t1)
3395 need_restart = 1;
3396 if (c->t2 != 0 && c->t2 != gsm->t2)
3397 need_restart = 1;
3398 if (c->encapsulation != gsm->encoding)
3399 need_restart = 1;
3400 if (c->adaption != gsm->adaption)
3401 need_restart = 1;
3402 /* Requires care */
3403 if (c->initiator != gsm->initiator)
3404 need_close = 1;
3405 if (c->mru != gsm->mru)
3406 need_restart = 1;
3407 if (c->mtu != gsm->mtu)
3408 need_restart = 1;
3409
3410 /*
3411 * Close down what is needed, restart and initiate the new
3412 * configuration. On the first time there is no DLCI[0]
3413 * and closing or cleaning up is not necessary.
3414 */
3415 if (need_close || need_restart)
3416 gsm_cleanup_mux(gsm, true);
3417
3418 gsm->initiator = c->initiator;
3419 gsm->mru = c->mru;
3420 gsm->mtu = c->mtu;
3421 gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT;
3422 gsm->adaption = c->adaption;
3423 gsm->n2 = c->n2;
3424
3425 if (c->i == 1)
3426 gsm->ftype = UIH;
3427 else if (c->i == 2)
3428 gsm->ftype = UI;
3429
3430 if (c->t1)
3431 gsm->t1 = c->t1;
3432 if (c->t2)
3433 gsm->t2 = c->t2;
3434 if (c->t3)
3435 gsm->t3 = c->t3;
3436 if (c->k)
3437 gsm->k = c->k;
3438
3439 /*
3440 * FIXME: We need to separate activation/deactivation from adding
3441 * and removing from the mux array
3442 */
3443 if (gsm->dead) {
3444 int ret = gsm_activate_mux(gsm);
3445 if (ret)
3446 return ret;
3447 if (gsm->initiator)
3448 gsm_dlci_begin_open(gsm->dlci[0]);
3449 }
3450 return 0;
3451 }
3452
gsm_copy_config_ext_values(struct gsm_mux * gsm,struct gsm_config_ext * ce)3453 static void gsm_copy_config_ext_values(struct gsm_mux *gsm,
3454 struct gsm_config_ext *ce)
3455 {
3456 memset(ce, 0, sizeof(*ce));
3457 ce->wait_config = gsm->wait_config ? 1 : 0;
3458 ce->keep_alive = gsm->keep_alive;
3459 }
3460
gsm_config_ext(struct gsm_mux * gsm,struct gsm_config_ext * ce)3461 static int gsm_config_ext(struct gsm_mux *gsm, struct gsm_config_ext *ce)
3462 {
3463 bool need_restart = false;
3464 unsigned int i;
3465
3466 /*
3467 * Check that userspace doesn't put stuff in here to prevent breakages
3468 * in the future.
3469 */
3470 for (i = 0; i < ARRAY_SIZE(ce->reserved); i++)
3471 if (ce->reserved[i])
3472 return -EINVAL;
3473 if (ce->flags & ~GSM_FL_RESTART)
3474 return -EINVAL;
3475
3476 /* Requires care */
3477 if (ce->flags & GSM_FL_RESTART)
3478 need_restart = true;
3479
3480 /*
3481 * Close down what is needed, restart and initiate the new
3482 * configuration. On the first time there is no DLCI[0]
3483 * and closing or cleaning up is not necessary.
3484 */
3485 if (need_restart)
3486 gsm_cleanup_mux(gsm, true);
3487
3488 /*
3489 * Setup the new configuration values
3490 */
3491 gsm->wait_config = ce->wait_config ? true : false;
3492 gsm->keep_alive = ce->keep_alive;
3493
3494 if (gsm->dead) {
3495 int ret = gsm_activate_mux(gsm);
3496 if (ret)
3497 return ret;
3498 if (gsm->initiator)
3499 gsm_dlci_begin_open(gsm->dlci[0]);
3500 }
3501
3502 return 0;
3503 }
3504
3505 /**
3506 * gsmld_output - write to link
3507 * @gsm: our mux
3508 * @data: bytes to output
3509 * @len: size
3510 *
3511 * Write a block of data from the GSM mux to the data channel. This
3512 * will eventually be serialized from above but at the moment isn't.
3513 */
3514
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)3515 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
3516 {
3517 if (tty_write_room(gsm->tty) < len) {
3518 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
3519 return -ENOSPC;
3520 }
3521 if (debug & DBG_DATA)
3522 gsm_hex_dump_bytes(__func__, data, len);
3523 return gsm->tty->ops->write(gsm->tty, data, len);
3524 }
3525
3526
3527 /**
3528 * gsmld_write_trigger - schedule ldisc write task
3529 * @gsm: our mux
3530 */
gsmld_write_trigger(struct gsm_mux * gsm)3531 static void gsmld_write_trigger(struct gsm_mux *gsm)
3532 {
3533 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
3534 return;
3535 schedule_work(&gsm->tx_work);
3536 }
3537
3538
3539 /**
3540 * gsmld_write_task - ldisc write task
3541 * @work: our tx write work
3542 *
3543 * Writes out data to the ldisc if possible. We are doing this here to
3544 * avoid dead-locking. This returns if no space or data is left for output.
3545 */
gsmld_write_task(struct work_struct * work)3546 static void gsmld_write_task(struct work_struct *work)
3547 {
3548 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
3549 unsigned long flags;
3550 int i, ret;
3551
3552 /* All outstanding control channel and control messages and one data
3553 * frame is sent.
3554 */
3555 ret = -ENODEV;
3556 spin_lock_irqsave(&gsm->tx_lock, flags);
3557 if (gsm->tty)
3558 ret = gsm_data_kick(gsm);
3559 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3560
3561 if (ret >= 0)
3562 for (i = 0; i < NUM_DLCI; i++)
3563 if (gsm->dlci[i])
3564 tty_port_tty_wakeup(&gsm->dlci[i]->port);
3565 }
3566
3567 /**
3568 * gsmld_attach_gsm - mode set up
3569 * @tty: our tty structure
3570 * @gsm: our mux
3571 *
3572 * Set up the MUX for basic mode and commence connecting to the
3573 * modem. Currently called from the line discipline set up but
3574 * will need moving to an ioctl path.
3575 */
3576
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3577 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3578 {
3579 gsm->tty = tty_kref_get(tty);
3580 /* Turn off tty XON/XOFF handling to handle it explicitly. */
3581 gsm->old_c_iflag = tty->termios.c_iflag;
3582 tty->termios.c_iflag &= (IXON | IXOFF);
3583 }
3584
3585 /**
3586 * gsmld_detach_gsm - stop doing 0710 mux
3587 * @tty: tty attached to the mux
3588 * @gsm: mux
3589 *
3590 * Shutdown and then clean up the resources used by the line discipline
3591 */
3592
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)3593 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
3594 {
3595 WARN_ON(tty != gsm->tty);
3596 /* Restore tty XON/XOFF handling. */
3597 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
3598 tty_kref_put(gsm->tty);
3599 gsm->tty = NULL;
3600 }
3601
gsmld_receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)3602 static void gsmld_receive_buf(struct tty_struct *tty, const u8 *cp,
3603 const u8 *fp, size_t count)
3604 {
3605 struct gsm_mux *gsm = tty->disc_data;
3606 u8 flags = TTY_NORMAL;
3607
3608 if (debug & DBG_DATA)
3609 gsm_hex_dump_bytes(__func__, cp, count);
3610
3611 for (; count; count--, cp++) {
3612 if (fp)
3613 flags = *fp++;
3614 switch (flags) {
3615 case TTY_NORMAL:
3616 if (gsm->receive)
3617 gsm->receive(gsm, *cp);
3618 break;
3619 case TTY_OVERRUN:
3620 case TTY_BREAK:
3621 case TTY_PARITY:
3622 case TTY_FRAME:
3623 gsm_error(gsm);
3624 break;
3625 default:
3626 WARN_ONCE(1, "%s: unknown flag %d\n",
3627 tty_name(tty), flags);
3628 break;
3629 }
3630 }
3631 /* FASYNC if needed ? */
3632 /* If clogged call tty_throttle(tty); */
3633 }
3634
3635 /**
3636 * gsmld_flush_buffer - clean input queue
3637 * @tty: terminal device
3638 *
3639 * Flush the input buffer. Called when the line discipline is
3640 * being closed, when the tty layer wants the buffer flushed (eg
3641 * at hangup).
3642 */
3643
gsmld_flush_buffer(struct tty_struct * tty)3644 static void gsmld_flush_buffer(struct tty_struct *tty)
3645 {
3646 }
3647
3648 /**
3649 * gsmld_close - close the ldisc for this tty
3650 * @tty: device
3651 *
3652 * Called from the terminal layer when this line discipline is
3653 * being shut down, either because of a close or becsuse of a
3654 * discipline change. The function will not be called while other
3655 * ldisc methods are in progress.
3656 */
3657
gsmld_close(struct tty_struct * tty)3658 static void gsmld_close(struct tty_struct *tty)
3659 {
3660 struct gsm_mux *gsm = tty->disc_data;
3661
3662 /* The ldisc locks and closes the port before calling our close. This
3663 * means we have no way to do a proper disconnect. We will not bother
3664 * to do one.
3665 */
3666 gsm_cleanup_mux(gsm, false);
3667
3668 gsmld_detach_gsm(tty, gsm);
3669
3670 gsmld_flush_buffer(tty);
3671 /* Do other clean up here */
3672 mux_put(gsm);
3673 }
3674
3675 /**
3676 * gsmld_open - open an ldisc
3677 * @tty: terminal to open
3678 *
3679 * Called when this line discipline is being attached to the
3680 * terminal device. Can sleep. Called serialized so that no
3681 * other events will occur in parallel. No further open will occur
3682 * until a close.
3683 */
3684
gsmld_open(struct tty_struct * tty)3685 static int gsmld_open(struct tty_struct *tty)
3686 {
3687 struct gsm_mux *gsm;
3688
3689 if (!capable(CAP_NET_ADMIN))
3690 return -EPERM;
3691
3692 if (tty->ops->write == NULL)
3693 return -EINVAL;
3694
3695 /* Attach our ldisc data */
3696 gsm = gsm_alloc_mux();
3697 if (gsm == NULL)
3698 return -ENOMEM;
3699
3700 tty->disc_data = gsm;
3701 tty->receive_room = 65536;
3702
3703 /* Attach the initial passive connection */
3704 gsmld_attach_gsm(tty, gsm);
3705
3706 /* The mux will not be activated yet, we wait for correct
3707 * configuration first.
3708 */
3709 if (gsm->encoding == GSM_BASIC_OPT)
3710 gsm->receive = gsm0_receive;
3711 else
3712 gsm->receive = gsm1_receive;
3713
3714 return 0;
3715 }
3716
3717 /**
3718 * gsmld_write_wakeup - asynchronous I/O notifier
3719 * @tty: tty device
3720 *
3721 * Required for the ptys, serial driver etc. since processes
3722 * that attach themselves to the master and rely on ASYNC
3723 * IO must be woken up
3724 */
3725
gsmld_write_wakeup(struct tty_struct * tty)3726 static void gsmld_write_wakeup(struct tty_struct *tty)
3727 {
3728 struct gsm_mux *gsm = tty->disc_data;
3729
3730 /* Queue poll */
3731 gsmld_write_trigger(gsm);
3732 }
3733
3734 /**
3735 * gsmld_read - read function for tty
3736 * @tty: tty device
3737 * @file: file object
3738 * @buf: userspace buffer pointer
3739 * @nr: size of I/O
3740 * @cookie: unused
3741 * @offset: unused
3742 *
3743 * Perform reads for the line discipline. We are guaranteed that the
3744 * line discipline will not be closed under us but we may get multiple
3745 * parallel readers and must handle this ourselves. We may also get
3746 * a hangup. Always called in user context, may sleep.
3747 *
3748 * This code must be sure never to sleep through a hangup.
3749 */
3750
gsmld_read(struct tty_struct * tty,struct file * file,u8 * buf,size_t nr,void ** cookie,unsigned long offset)3751 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, u8 *buf,
3752 size_t nr, void **cookie, unsigned long offset)
3753 {
3754 return -EOPNOTSUPP;
3755 }
3756
3757 /**
3758 * gsmld_write - write function for tty
3759 * @tty: tty device
3760 * @file: file object
3761 * @buf: userspace buffer pointer
3762 * @nr: size of I/O
3763 *
3764 * Called when the owner of the device wants to send a frame
3765 * itself (or some other control data). The data is transferred
3766 * as-is and must be properly framed and checksummed as appropriate
3767 * by userspace. Frames are either sent whole or not at all as this
3768 * avoids pain user side.
3769 */
3770
gsmld_write(struct tty_struct * tty,struct file * file,const u8 * buf,size_t nr)3771 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3772 const u8 *buf, size_t nr)
3773 {
3774 struct gsm_mux *gsm = tty->disc_data;
3775 unsigned long flags;
3776 size_t space;
3777 int ret;
3778
3779 if (!gsm)
3780 return -ENODEV;
3781
3782 ret = -ENOBUFS;
3783 spin_lock_irqsave(&gsm->tx_lock, flags);
3784 space = tty_write_room(tty);
3785 if (space >= nr)
3786 ret = tty->ops->write(tty, buf, nr);
3787 else
3788 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
3789 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3790
3791 return ret;
3792 }
3793
3794 /**
3795 * gsmld_poll - poll method for N_GSM0710
3796 * @tty: terminal device
3797 * @file: file accessing it
3798 * @wait: poll table
3799 *
3800 * Called when the line discipline is asked to poll() for data or
3801 * for special events. This code is not serialized with respect to
3802 * other events save open/close.
3803 *
3804 * This code must be sure never to sleep through a hangup.
3805 * Called without the kernel lock held - fine
3806 */
3807
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)3808 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
3809 poll_table *wait)
3810 {
3811 __poll_t mask = 0;
3812 struct gsm_mux *gsm = tty->disc_data;
3813
3814 poll_wait(file, &tty->read_wait, wait);
3815 poll_wait(file, &tty->write_wait, wait);
3816
3817 if (gsm->dead)
3818 mask |= EPOLLHUP;
3819 if (tty_hung_up_p(file))
3820 mask |= EPOLLHUP;
3821 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3822 mask |= EPOLLHUP;
3823 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
3824 mask |= EPOLLOUT | EPOLLWRNORM;
3825 return mask;
3826 }
3827
gsmld_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3828 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3829 unsigned long arg)
3830 {
3831 struct gsm_config c;
3832 struct gsm_config_ext ce;
3833 struct gsm_dlci_config dc;
3834 struct gsm_mux *gsm = tty->disc_data;
3835 unsigned int base, addr;
3836 struct gsm_dlci *dlci;
3837
3838 switch (cmd) {
3839 case GSMIOC_GETCONF:
3840 gsm_copy_config_values(gsm, &c);
3841 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
3842 return -EFAULT;
3843 return 0;
3844 case GSMIOC_SETCONF:
3845 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
3846 return -EFAULT;
3847 return gsm_config(gsm, &c);
3848 case GSMIOC_GETFIRST:
3849 base = mux_num_to_base(gsm);
3850 return put_user(base + 1, (__u32 __user *)arg);
3851 case GSMIOC_GETCONF_EXT:
3852 gsm_copy_config_ext_values(gsm, &ce);
3853 if (copy_to_user((void __user *)arg, &ce, sizeof(ce)))
3854 return -EFAULT;
3855 return 0;
3856 case GSMIOC_SETCONF_EXT:
3857 if (copy_from_user(&ce, (void __user *)arg, sizeof(ce)))
3858 return -EFAULT;
3859 return gsm_config_ext(gsm, &ce);
3860 case GSMIOC_GETCONF_DLCI:
3861 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3862 return -EFAULT;
3863 if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3864 return -EINVAL;
3865 addr = array_index_nospec(dc.channel, NUM_DLCI);
3866 dlci = gsm->dlci[addr];
3867 if (!dlci) {
3868 dlci = gsm_dlci_alloc(gsm, addr);
3869 if (!dlci)
3870 return -ENOMEM;
3871 }
3872 gsm_dlci_copy_config_values(dlci, &dc);
3873 if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
3874 return -EFAULT;
3875 return 0;
3876 case GSMIOC_SETCONF_DLCI:
3877 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
3878 return -EFAULT;
3879 if (dc.channel == 0 || dc.channel >= NUM_DLCI)
3880 return -EINVAL;
3881 addr = array_index_nospec(dc.channel, NUM_DLCI);
3882 dlci = gsm->dlci[addr];
3883 if (!dlci) {
3884 dlci = gsm_dlci_alloc(gsm, addr);
3885 if (!dlci)
3886 return -ENOMEM;
3887 }
3888 return gsm_dlci_config(dlci, &dc, 0);
3889 default:
3890 return n_tty_ioctl_helper(tty, cmd, arg);
3891 }
3892 }
3893
3894 /*
3895 * Network interface
3896 *
3897 */
3898
gsm_mux_net_open(struct net_device * net)3899 static int gsm_mux_net_open(struct net_device *net)
3900 {
3901 pr_debug("%s called\n", __func__);
3902 netif_start_queue(net);
3903 return 0;
3904 }
3905
gsm_mux_net_close(struct net_device * net)3906 static int gsm_mux_net_close(struct net_device *net)
3907 {
3908 netif_stop_queue(net);
3909 return 0;
3910 }
3911
dlci_net_free(struct gsm_dlci * dlci)3912 static void dlci_net_free(struct gsm_dlci *dlci)
3913 {
3914 if (!dlci->net) {
3915 WARN_ON(1);
3916 return;
3917 }
3918 dlci->adaption = dlci->prev_adaption;
3919 dlci->data = dlci->prev_data;
3920 free_netdev(dlci->net);
3921 dlci->net = NULL;
3922 }
net_free(struct kref * ref)3923 static void net_free(struct kref *ref)
3924 {
3925 struct gsm_mux_net *mux_net;
3926 struct gsm_dlci *dlci;
3927
3928 mux_net = container_of(ref, struct gsm_mux_net, ref);
3929 dlci = mux_net->dlci;
3930
3931 if (dlci->net) {
3932 unregister_netdev(dlci->net);
3933 dlci_net_free(dlci);
3934 }
3935 }
3936
muxnet_get(struct gsm_mux_net * mux_net)3937 static inline void muxnet_get(struct gsm_mux_net *mux_net)
3938 {
3939 kref_get(&mux_net->ref);
3940 }
3941
muxnet_put(struct gsm_mux_net * mux_net)3942 static inline void muxnet_put(struct gsm_mux_net *mux_net)
3943 {
3944 kref_put(&mux_net->ref, net_free);
3945 }
3946
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)3947 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
3948 struct net_device *net)
3949 {
3950 struct gsm_mux_net *mux_net = netdev_priv(net);
3951 struct gsm_dlci *dlci = mux_net->dlci;
3952 muxnet_get(mux_net);
3953
3954 skb_queue_head(&dlci->skb_list, skb);
3955 net->stats.tx_packets++;
3956 net->stats.tx_bytes += skb->len;
3957 gsm_dlci_data_kick(dlci);
3958 /* And tell the kernel when the last transmit started. */
3959 netif_trans_update(net);
3960 muxnet_put(mux_net);
3961 return NETDEV_TX_OK;
3962 }
3963
3964 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)3965 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
3966 {
3967 /* Tell syslog we are hosed. */
3968 dev_dbg(&net->dev, "Tx timed out.\n");
3969
3970 /* Update statistics */
3971 net->stats.tx_errors++;
3972 }
3973
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const u8 * in_buf,int size)3974 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, const u8 *in_buf, int size)
3975 {
3976 struct net_device *net = dlci->net;
3977 struct sk_buff *skb;
3978 struct gsm_mux_net *mux_net = netdev_priv(net);
3979 muxnet_get(mux_net);
3980
3981 /* Allocate an sk_buff */
3982 skb = dev_alloc_skb(size + NET_IP_ALIGN);
3983 if (!skb) {
3984 /* We got no receive buffer. */
3985 net->stats.rx_dropped++;
3986 muxnet_put(mux_net);
3987 return;
3988 }
3989 skb_reserve(skb, NET_IP_ALIGN);
3990 skb_put_data(skb, in_buf, size);
3991
3992 skb->dev = net;
3993 skb->protocol = htons(ETH_P_IP);
3994
3995 /* Ship it off to the kernel */
3996 netif_rx(skb);
3997
3998 /* update out statistics */
3999 net->stats.rx_packets++;
4000 net->stats.rx_bytes += size;
4001 muxnet_put(mux_net);
4002 return;
4003 }
4004
gsm_mux_net_init(struct net_device * net)4005 static void gsm_mux_net_init(struct net_device *net)
4006 {
4007 static const struct net_device_ops gsm_netdev_ops = {
4008 .ndo_open = gsm_mux_net_open,
4009 .ndo_stop = gsm_mux_net_close,
4010 .ndo_start_xmit = gsm_mux_net_start_xmit,
4011 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
4012 };
4013
4014 net->netdev_ops = &gsm_netdev_ops;
4015
4016 /* fill in the other fields */
4017 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
4018 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
4019 net->type = ARPHRD_NONE;
4020 net->tx_queue_len = 10;
4021 }
4022
4023
4024 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)4025 static void gsm_destroy_network(struct gsm_dlci *dlci)
4026 {
4027 struct gsm_mux_net *mux_net;
4028
4029 pr_debug("destroy network interface\n");
4030 if (!dlci->net)
4031 return;
4032 mux_net = netdev_priv(dlci->net);
4033 muxnet_put(mux_net);
4034 }
4035
4036
4037 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)4038 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
4039 {
4040 char *netname;
4041 int retval = 0;
4042 struct net_device *net;
4043 struct gsm_mux_net *mux_net;
4044
4045 if (!capable(CAP_NET_ADMIN))
4046 return -EPERM;
4047
4048 /* Already in a non tty mode */
4049 if (dlci->adaption > 2)
4050 return -EBUSY;
4051
4052 if (nc->protocol != htons(ETH_P_IP))
4053 return -EPROTONOSUPPORT;
4054
4055 if (nc->adaption != 3 && nc->adaption != 4)
4056 return -EPROTONOSUPPORT;
4057
4058 pr_debug("create network interface\n");
4059
4060 netname = "gsm%d";
4061 if (nc->if_name[0] != '\0')
4062 netname = nc->if_name;
4063 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
4064 NET_NAME_UNKNOWN, gsm_mux_net_init);
4065 if (!net) {
4066 pr_err("alloc_netdev failed\n");
4067 return -ENOMEM;
4068 }
4069 net->mtu = dlci->mtu;
4070 net->min_mtu = MIN_MTU;
4071 net->max_mtu = dlci->mtu;
4072 mux_net = netdev_priv(net);
4073 mux_net->dlci = dlci;
4074 kref_init(&mux_net->ref);
4075 strscpy(nc->if_name, net->name); /* return net name */
4076
4077 /* reconfigure dlci for network */
4078 dlci->prev_adaption = dlci->adaption;
4079 dlci->prev_data = dlci->data;
4080 dlci->adaption = nc->adaption;
4081 dlci->data = gsm_mux_rx_netchar;
4082 dlci->net = net;
4083
4084 pr_debug("register netdev\n");
4085 retval = register_netdev(net);
4086 if (retval) {
4087 pr_err("network register fail %d\n", retval);
4088 dlci_net_free(dlci);
4089 return retval;
4090 }
4091 return net->ifindex; /* return network index */
4092 }
4093
4094 /* Line discipline for real tty */
4095 static struct tty_ldisc_ops tty_ldisc_packet = {
4096 .owner = THIS_MODULE,
4097 .num = N_GSM0710,
4098 .name = "n_gsm",
4099 .open = gsmld_open,
4100 .close = gsmld_close,
4101 .flush_buffer = gsmld_flush_buffer,
4102 .read = gsmld_read,
4103 .write = gsmld_write,
4104 .ioctl = gsmld_ioctl,
4105 .poll = gsmld_poll,
4106 .receive_buf = gsmld_receive_buf,
4107 .write_wakeup = gsmld_write_wakeup
4108 };
4109
4110 /*
4111 * Virtual tty side
4112 */
4113
4114 /**
4115 * gsm_modem_upd_via_data - send modem bits via convergence layer
4116 * @dlci: channel
4117 * @brk: break signal
4118 *
4119 * Send an empty frame to signal mobile state changes and to transmit the
4120 * break signal for adaption 2.
4121 */
4122
gsm_modem_upd_via_data(struct gsm_dlci * dlci,u8 brk)4123 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
4124 {
4125 struct gsm_mux *gsm = dlci->gsm;
4126 unsigned long flags;
4127
4128 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
4129 return;
4130
4131 spin_lock_irqsave(&gsm->tx_lock, flags);
4132 gsm_dlci_modem_output(gsm, dlci, brk);
4133 spin_unlock_irqrestore(&gsm->tx_lock, flags);
4134 }
4135
4136 /**
4137 * gsm_modem_upd_via_msc - send modem bits via control frame
4138 * @dlci: channel
4139 * @brk: break signal
4140 */
4141
gsm_modem_upd_via_msc(struct gsm_dlci * dlci,u8 brk)4142 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
4143 {
4144 u8 modembits[3];
4145 struct gsm_control *ctrl;
4146 int len = 2;
4147
4148 if (dlci->gsm->encoding != GSM_BASIC_OPT)
4149 return 0;
4150
4151 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
4152 if (!brk) {
4153 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
4154 } else {
4155 modembits[1] = gsm_encode_modem(dlci) << 1;
4156 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
4157 len++;
4158 }
4159 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
4160 if (ctrl == NULL)
4161 return -ENOMEM;
4162 return gsm_control_wait(dlci->gsm, ctrl);
4163 }
4164
4165 /**
4166 * gsm_modem_send_initial_msc - Send initial modem status message
4167 *
4168 * @dlci: channel
4169 *
4170 * Send an initial MSC message after DLCI open to set the initial
4171 * modem status lines. This is only done for basic mode.
4172 * Does not wait for a response as we cannot block the input queue
4173 * processing.
4174 */
gsm_modem_send_initial_msc(struct gsm_dlci * dlci)4175 static int gsm_modem_send_initial_msc(struct gsm_dlci *dlci)
4176 {
4177 u8 modembits[2];
4178
4179 if (dlci->adaption != 1 || dlci->gsm->encoding != GSM_BASIC_OPT)
4180 return 0;
4181
4182 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
4183 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
4184 return gsm_control_command(dlci->gsm, CMD_MSC, (const u8 *)&modembits, 2);
4185 }
4186
4187 /**
4188 * gsm_modem_update - send modem status line state
4189 * @dlci: channel
4190 * @brk: break signal
4191 */
4192
gsm_modem_update(struct gsm_dlci * dlci,u8 brk)4193 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
4194 {
4195 if (dlci->gsm->dead)
4196 return -EL2HLT;
4197 if (dlci->adaption == 2) {
4198 /* Send convergence layer type 2 empty data frame. */
4199 gsm_modem_upd_via_data(dlci, brk);
4200 return 0;
4201 } else if (dlci->gsm->encoding == GSM_BASIC_OPT) {
4202 /* Send as MSC control message. */
4203 return gsm_modem_upd_via_msc(dlci, brk);
4204 }
4205
4206 /* Modem status lines are not supported. */
4207 return -EPROTONOSUPPORT;
4208 }
4209
4210 /**
4211 * gsm_wait_modem_change - wait for modem status line change
4212 * @dlci: channel
4213 * @mask: modem status line bits
4214 *
4215 * The function returns if:
4216 * - any given modem status line bit changed
4217 * - the wait event function got interrupted (e.g. by a signal)
4218 * - the underlying DLCI was closed
4219 * - the underlying ldisc device was removed
4220 */
gsm_wait_modem_change(struct gsm_dlci * dlci,u32 mask)4221 static int gsm_wait_modem_change(struct gsm_dlci *dlci, u32 mask)
4222 {
4223 struct gsm_mux *gsm = dlci->gsm;
4224 u32 old = dlci->modem_rx;
4225 int ret;
4226
4227 ret = wait_event_interruptible(gsm->event, gsm->dead ||
4228 dlci->state != DLCI_OPEN ||
4229 (old ^ dlci->modem_rx) & mask);
4230 if (gsm->dead)
4231 return -ENODEV;
4232 if (dlci->state != DLCI_OPEN)
4233 return -EL2NSYNC;
4234 return ret;
4235 }
4236
gsm_carrier_raised(struct tty_port * port)4237 static bool gsm_carrier_raised(struct tty_port *port)
4238 {
4239 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4240 struct gsm_mux *gsm = dlci->gsm;
4241
4242 /* Not yet open so no carrier info */
4243 if (dlci->state != DLCI_OPEN)
4244 return false;
4245 if (debug & DBG_CD_ON)
4246 return true;
4247
4248 /*
4249 * Basic mode with control channel in ADM mode may not respond
4250 * to CMD_MSC at all and modem_rx is empty.
4251 */
4252 if (gsm->encoding == GSM_BASIC_OPT &&
4253 gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx)
4254 return true;
4255
4256 return dlci->modem_rx & TIOCM_CD;
4257 }
4258
gsm_dtr_rts(struct tty_port * port,bool active)4259 static void gsm_dtr_rts(struct tty_port *port, bool active)
4260 {
4261 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
4262 unsigned int modem_tx = dlci->modem_tx;
4263 if (active)
4264 modem_tx |= TIOCM_DTR | TIOCM_RTS;
4265 else
4266 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
4267 if (modem_tx != dlci->modem_tx) {
4268 dlci->modem_tx = modem_tx;
4269 gsm_modem_update(dlci, 0);
4270 }
4271 }
4272
4273 static const struct tty_port_operations gsm_port_ops = {
4274 .carrier_raised = gsm_carrier_raised,
4275 .dtr_rts = gsm_dtr_rts,
4276 .destruct = gsm_dlci_free,
4277 };
4278
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)4279 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
4280 {
4281 struct gsm_mux *gsm;
4282 struct gsm_dlci *dlci, *dlci0;
4283 unsigned int line = tty->index;
4284 unsigned int mux = mux_line_to_num(line);
4285 bool alloc = false;
4286 int ret;
4287
4288 line = line & 0x3F;
4289
4290 if (mux >= MAX_MUX)
4291 return -ENXIO;
4292 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
4293 if (gsm_mux[mux] == NULL)
4294 return -EUNATCH;
4295 if (line == 0 || line > 61) /* 62/63 reserved */
4296 return -ECHRNG;
4297 gsm = gsm_mux[mux];
4298 if (gsm->dead)
4299 return -EL2HLT;
4300 /* If DLCI 0 is not yet fully open return an error.
4301 This is ok from a locking
4302 perspective as we don't have to worry about this
4303 if DLCI0 is lost */
4304 mutex_lock(&gsm->mutex);
4305
4306 dlci0 = gsm->dlci[0];
4307 if (dlci0 && dlci0->state != DLCI_OPEN) {
4308 mutex_unlock(&gsm->mutex);
4309
4310 if (dlci0->state == DLCI_OPENING)
4311 wait_event(gsm->event, dlci0->state != DLCI_OPENING);
4312
4313 if (dlci0->state != DLCI_OPEN)
4314 return -EL2NSYNC;
4315
4316 mutex_lock(&gsm->mutex);
4317 }
4318
4319 dlci = gsm->dlci[line];
4320 if (dlci == NULL) {
4321 alloc = true;
4322 dlci = gsm_dlci_alloc(gsm, line);
4323 }
4324 if (dlci == NULL) {
4325 mutex_unlock(&gsm->mutex);
4326 return -ENOMEM;
4327 }
4328 ret = tty_port_install(&dlci->port, driver, tty);
4329 if (ret) {
4330 if (alloc)
4331 dlci_put(dlci);
4332 mutex_unlock(&gsm->mutex);
4333 return ret;
4334 }
4335
4336 dlci_get(dlci);
4337 dlci_get(gsm->dlci[0]);
4338 mux_get(gsm);
4339 tty->driver_data = dlci;
4340 mutex_unlock(&gsm->mutex);
4341
4342 return 0;
4343 }
4344
gsmtty_open(struct tty_struct * tty,struct file * filp)4345 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
4346 {
4347 struct gsm_dlci *dlci = tty->driver_data;
4348 struct tty_port *port = &dlci->port;
4349
4350 port->count++;
4351 tty_port_tty_set(port, tty);
4352
4353 dlci->modem_rx = 0;
4354 /* We could in theory open and close before we wait - eg if we get
4355 a DM straight back. This is ok as that will have caused a hangup */
4356 tty_port_set_initialized(port, true);
4357 /* Start sending off SABM messages */
4358 if (!dlci->gsm->wait_config) {
4359 /* Start sending off SABM messages */
4360 if (dlci->gsm->initiator)
4361 gsm_dlci_begin_open(dlci);
4362 else
4363 gsm_dlci_set_opening(dlci);
4364 } else {
4365 gsm_dlci_set_wait_config(dlci);
4366 }
4367 /* And wait for virtual carrier */
4368 return tty_port_block_til_ready(port, tty, filp);
4369 }
4370
gsmtty_close(struct tty_struct * tty,struct file * filp)4371 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
4372 {
4373 struct gsm_dlci *dlci = tty->driver_data;
4374
4375 if (dlci == NULL)
4376 return;
4377 if (dlci->state == DLCI_CLOSED)
4378 return;
4379 mutex_lock(&dlci->mutex);
4380 gsm_destroy_network(dlci);
4381 mutex_unlock(&dlci->mutex);
4382 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
4383 return;
4384 gsm_dlci_begin_close(dlci);
4385 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
4386 tty_port_lower_dtr_rts(&dlci->port);
4387 tty_port_close_end(&dlci->port, tty);
4388 tty_port_tty_set(&dlci->port, NULL);
4389 return;
4390 }
4391
gsmtty_hangup(struct tty_struct * tty)4392 static void gsmtty_hangup(struct tty_struct *tty)
4393 {
4394 struct gsm_dlci *dlci = tty->driver_data;
4395 if (dlci->state == DLCI_CLOSED)
4396 return;
4397 tty_port_hangup(&dlci->port);
4398 gsm_dlci_begin_close(dlci);
4399 }
4400
gsmtty_write(struct tty_struct * tty,const u8 * buf,size_t len)4401 static ssize_t gsmtty_write(struct tty_struct *tty, const u8 *buf, size_t len)
4402 {
4403 int sent;
4404 struct gsm_dlci *dlci = tty->driver_data;
4405 if (dlci->state == DLCI_CLOSED)
4406 return -EINVAL;
4407 /* Stuff the bytes into the fifo queue */
4408 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
4409 /* Need to kick the channel */
4410 gsm_dlci_data_kick(dlci);
4411 return sent;
4412 }
4413
gsmtty_write_room(struct tty_struct * tty)4414 static unsigned int gsmtty_write_room(struct tty_struct *tty)
4415 {
4416 struct gsm_dlci *dlci = tty->driver_data;
4417 if (dlci->state == DLCI_CLOSED)
4418 return 0;
4419 return kfifo_avail(&dlci->fifo);
4420 }
4421
gsmtty_chars_in_buffer(struct tty_struct * tty)4422 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
4423 {
4424 struct gsm_dlci *dlci = tty->driver_data;
4425 if (dlci->state == DLCI_CLOSED)
4426 return 0;
4427 return kfifo_len(&dlci->fifo);
4428 }
4429
gsmtty_flush_buffer(struct tty_struct * tty)4430 static void gsmtty_flush_buffer(struct tty_struct *tty)
4431 {
4432 struct gsm_dlci *dlci = tty->driver_data;
4433 unsigned long flags;
4434
4435 if (dlci->state == DLCI_CLOSED)
4436 return;
4437 /* Caution needed: If we implement reliable transport classes
4438 then the data being transmitted can't simply be junked once
4439 it has first hit the stack. Until then we can just blow it
4440 away */
4441 spin_lock_irqsave(&dlci->lock, flags);
4442 kfifo_reset(&dlci->fifo);
4443 spin_unlock_irqrestore(&dlci->lock, flags);
4444 /* Need to unhook this DLCI from the transmit queue logic */
4445 }
4446
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)4447 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
4448 {
4449 /* The FIFO handles the queue so the kernel will do the right
4450 thing waiting on chars_in_buffer before calling us. No work
4451 to do here */
4452 }
4453
gsmtty_tiocmget(struct tty_struct * tty)4454 static int gsmtty_tiocmget(struct tty_struct *tty)
4455 {
4456 struct gsm_dlci *dlci = tty->driver_data;
4457 if (dlci->state == DLCI_CLOSED)
4458 return -EINVAL;
4459 return dlci->modem_rx;
4460 }
4461
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)4462 static int gsmtty_tiocmset(struct tty_struct *tty,
4463 unsigned int set, unsigned int clear)
4464 {
4465 struct gsm_dlci *dlci = tty->driver_data;
4466 unsigned int modem_tx = dlci->modem_tx;
4467
4468 if (dlci->state == DLCI_CLOSED)
4469 return -EINVAL;
4470 modem_tx &= ~clear;
4471 modem_tx |= set;
4472
4473 if (modem_tx != dlci->modem_tx) {
4474 dlci->modem_tx = modem_tx;
4475 return gsm_modem_update(dlci, 0);
4476 }
4477 return 0;
4478 }
4479
4480
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)4481 static int gsmtty_ioctl(struct tty_struct *tty,
4482 unsigned int cmd, unsigned long arg)
4483 {
4484 struct gsm_dlci *dlci = tty->driver_data;
4485 struct gsm_netconfig nc;
4486 struct gsm_dlci_config dc;
4487 int index;
4488
4489 if (dlci->state == DLCI_CLOSED)
4490 return -EINVAL;
4491 switch (cmd) {
4492 case GSMIOC_ENABLE_NET:
4493 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
4494 return -EFAULT;
4495 nc.if_name[IFNAMSIZ-1] = '\0';
4496 /* return net interface index or error code */
4497 mutex_lock(&dlci->mutex);
4498 index = gsm_create_network(dlci, &nc);
4499 mutex_unlock(&dlci->mutex);
4500 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
4501 return -EFAULT;
4502 return index;
4503 case GSMIOC_DISABLE_NET:
4504 if (!capable(CAP_NET_ADMIN))
4505 return -EPERM;
4506 mutex_lock(&dlci->mutex);
4507 gsm_destroy_network(dlci);
4508 mutex_unlock(&dlci->mutex);
4509 return 0;
4510 case GSMIOC_GETCONF_DLCI:
4511 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4512 return -EFAULT;
4513 if (dc.channel != dlci->addr)
4514 return -EPERM;
4515 gsm_dlci_copy_config_values(dlci, &dc);
4516 if (copy_to_user((void __user *)arg, &dc, sizeof(dc)))
4517 return -EFAULT;
4518 return 0;
4519 case GSMIOC_SETCONF_DLCI:
4520 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc)))
4521 return -EFAULT;
4522 if (dc.channel >= NUM_DLCI)
4523 return -EINVAL;
4524 if (dc.channel != 0 && dc.channel != dlci->addr)
4525 return -EPERM;
4526 return gsm_dlci_config(dlci, &dc, 1);
4527 case TIOCMIWAIT:
4528 return gsm_wait_modem_change(dlci, (u32)arg);
4529 default:
4530 return -ENOIOCTLCMD;
4531 }
4532 }
4533
gsmtty_set_termios(struct tty_struct * tty,const struct ktermios * old)4534 static void gsmtty_set_termios(struct tty_struct *tty,
4535 const struct ktermios *old)
4536 {
4537 struct gsm_dlci *dlci = tty->driver_data;
4538 if (dlci->state == DLCI_CLOSED)
4539 return;
4540 /* For the moment its fixed. In actual fact the speed information
4541 for the virtual channel can be propogated in both directions by
4542 the RPN control message. This however rapidly gets nasty as we
4543 then have to remap modem signals each way according to whether
4544 our virtual cable is null modem etc .. */
4545 tty_termios_copy_hw(&tty->termios, old);
4546 }
4547
gsmtty_throttle(struct tty_struct * tty)4548 static void gsmtty_throttle(struct tty_struct *tty)
4549 {
4550 struct gsm_dlci *dlci = tty->driver_data;
4551 if (dlci->state == DLCI_CLOSED)
4552 return;
4553 if (C_CRTSCTS(tty))
4554 dlci->modem_tx &= ~TIOCM_RTS;
4555 dlci->throttled = true;
4556 /* Send an MSC with RTS cleared */
4557 gsm_modem_update(dlci, 0);
4558 }
4559
gsmtty_unthrottle(struct tty_struct * tty)4560 static void gsmtty_unthrottle(struct tty_struct *tty)
4561 {
4562 struct gsm_dlci *dlci = tty->driver_data;
4563 if (dlci->state == DLCI_CLOSED)
4564 return;
4565 if (C_CRTSCTS(tty))
4566 dlci->modem_tx |= TIOCM_RTS;
4567 dlci->throttled = false;
4568 /* Send an MSC with RTS set */
4569 gsm_modem_update(dlci, 0);
4570 }
4571
gsmtty_break_ctl(struct tty_struct * tty,int state)4572 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
4573 {
4574 struct gsm_dlci *dlci = tty->driver_data;
4575 int encode = 0; /* Off */
4576 if (dlci->state == DLCI_CLOSED)
4577 return -EINVAL;
4578
4579 if (state == -1) /* "On indefinitely" - we can't encode this
4580 properly */
4581 encode = 0x0F;
4582 else if (state > 0) {
4583 encode = state / 200; /* mS to encoding */
4584 if (encode > 0x0F)
4585 encode = 0x0F; /* Best effort */
4586 }
4587 return gsm_modem_update(dlci, encode);
4588 }
4589
gsmtty_cleanup(struct tty_struct * tty)4590 static void gsmtty_cleanup(struct tty_struct *tty)
4591 {
4592 struct gsm_dlci *dlci = tty->driver_data;
4593 struct gsm_mux *gsm = dlci->gsm;
4594
4595 dlci_put(dlci);
4596 dlci_put(gsm->dlci[0]);
4597 mux_put(gsm);
4598 }
4599
4600 /* Virtual ttys for the demux */
4601 static const struct tty_operations gsmtty_ops = {
4602 .install = gsmtty_install,
4603 .open = gsmtty_open,
4604 .close = gsmtty_close,
4605 .write = gsmtty_write,
4606 .write_room = gsmtty_write_room,
4607 .chars_in_buffer = gsmtty_chars_in_buffer,
4608 .flush_buffer = gsmtty_flush_buffer,
4609 .ioctl = gsmtty_ioctl,
4610 .throttle = gsmtty_throttle,
4611 .unthrottle = gsmtty_unthrottle,
4612 .set_termios = gsmtty_set_termios,
4613 .hangup = gsmtty_hangup,
4614 .wait_until_sent = gsmtty_wait_until_sent,
4615 .tiocmget = gsmtty_tiocmget,
4616 .tiocmset = gsmtty_tiocmset,
4617 .break_ctl = gsmtty_break_ctl,
4618 .cleanup = gsmtty_cleanup,
4619 };
4620
4621
4622
gsm_init(void)4623 static int __init gsm_init(void)
4624 {
4625 /* Fill in our line protocol discipline, and register it */
4626 int status = tty_register_ldisc(&tty_ldisc_packet);
4627 if (status != 0) {
4628 pr_err("n_gsm: can't register line discipline (err = %d)\n",
4629 status);
4630 return status;
4631 }
4632
4633 gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW |
4634 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
4635 if (IS_ERR(gsm_tty_driver)) {
4636 pr_err("gsm_init: tty allocation failed.\n");
4637 status = PTR_ERR(gsm_tty_driver);
4638 goto err_unreg_ldisc;
4639 }
4640 gsm_tty_driver->driver_name = "gsmtty";
4641 gsm_tty_driver->name = "gsmtty";
4642 gsm_tty_driver->major = 0; /* Dynamic */
4643 gsm_tty_driver->minor_start = 0;
4644 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
4645 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
4646 gsm_tty_driver->init_termios = tty_std_termios;
4647 /* Fixme */
4648 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
4649 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
4650
4651 if (tty_register_driver(gsm_tty_driver)) {
4652 pr_err("gsm_init: tty registration failed.\n");
4653 status = -EBUSY;
4654 goto err_put_driver;
4655 }
4656 pr_debug("gsm_init: loaded as %d,%d.\n",
4657 gsm_tty_driver->major, gsm_tty_driver->minor_start);
4658 return 0;
4659 err_put_driver:
4660 tty_driver_kref_put(gsm_tty_driver);
4661 err_unreg_ldisc:
4662 tty_unregister_ldisc(&tty_ldisc_packet);
4663 return status;
4664 }
4665
gsm_exit(void)4666 static void __exit gsm_exit(void)
4667 {
4668 tty_unregister_ldisc(&tty_ldisc_packet);
4669 tty_unregister_driver(gsm_tty_driver);
4670 tty_driver_kref_put(gsm_tty_driver);
4671 }
4672
4673 module_init(gsm_init);
4674 module_exit(gsm_exit);
4675
4676
4677 MODULE_DESCRIPTION("GSM 0710 tty multiplexor");
4678 MODULE_LICENSE("GPL");
4679 MODULE_ALIAS_LDISC(N_GSM0710);
4680