1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 7 * 8 * Outgoing path: 9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc 10 * control message -> GSM MUX control queue --´ 11 * 12 * Incoming path: 13 * ldisc -> gsm_queue() -o--> tty 14 * `-> gsm_control_response() 15 * 16 * TO DO: 17 * Mostly done: ioctls for setting modes/timing 18 * Partly done: hooks so you can pull off frames to non tty devs 19 * Restart DLCI 0 when it closes ? 20 * Improve the tx engine 21 * Resolve tx side locking by adding a queue_head and routing 22 * all control traffic via it 23 * General tidy/document 24 * Review the locking/move to refcounts more (mux now moved to an 25 * alloc/free model ready) 26 * Use newest tty open/close port helpers and install hooks 27 * What to do about power functions ? 28 * Termios setting and negotiation 29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 30 * 31 */ 32 33 #include <linux/types.h> 34 #include <linux/major.h> 35 #include <linux/errno.h> 36 #include <linux/signal.h> 37 #include <linux/fcntl.h> 38 #include <linux/sched/signal.h> 39 #include <linux/interrupt.h> 40 #include <linux/tty.h> 41 #include <linux/ctype.h> 42 #include <linux/mm.h> 43 #include <linux/string.h> 44 #include <linux/slab.h> 45 #include <linux/poll.h> 46 #include <linux/bitops.h> 47 #include <linux/file.h> 48 #include <linux/uaccess.h> 49 #include <linux/module.h> 50 #include <linux/timer.h> 51 #include <linux/tty_flip.h> 52 #include <linux/tty_driver.h> 53 #include <linux/serial.h> 54 #include <linux/kfifo.h> 55 #include <linux/skbuff.h> 56 #include <net/arp.h> 57 #include <linux/ip.h> 58 #include <linux/netdevice.h> 59 #include <linux/etherdevice.h> 60 #include <linux/gsmmux.h> 61 #include "tty.h" 62 63 static int debug; 64 module_param(debug, int, 0600); 65 66 /* Defaults: these are from the specification */ 67 68 #define T1 10 /* 100mS */ 69 #define T2 34 /* 333mS */ 70 #define N2 3 /* Retry 3 times */ 71 72 /* Use long timers for testing at low speed with debug on */ 73 #ifdef DEBUG_TIMING 74 #define T1 100 75 #define T2 200 76 #endif 77 78 /* 79 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 80 * limits so this is plenty 81 */ 82 #define MAX_MRU 1500 83 #define MAX_MTU 1500 84 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */ 85 #define PROT_OVERHEAD 7 86 #define GSM_NET_TX_TIMEOUT (HZ*10) 87 88 /* 89 * struct gsm_mux_net - network interface 90 * 91 * Created when net interface is initialized. 92 */ 93 struct gsm_mux_net { 94 struct kref ref; 95 struct gsm_dlci *dlci; 96 }; 97 98 /* 99 * Each block of data we have queued to go out is in the form of 100 * a gsm_msg which holds everything we need in a link layer independent 101 * format 102 */ 103 104 struct gsm_msg { 105 struct list_head list; 106 u8 addr; /* DLCI address + flags */ 107 u8 ctrl; /* Control byte + flags */ 108 unsigned int len; /* Length of data block (can be zero) */ 109 unsigned char *data; /* Points into buffer but not at the start */ 110 unsigned char buffer[]; 111 }; 112 113 enum gsm_dlci_state { 114 DLCI_CLOSED, 115 DLCI_OPENING, /* Sending SABM not seen UA */ 116 DLCI_OPEN, /* SABM/UA complete */ 117 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 118 }; 119 120 enum gsm_dlci_mode { 121 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 122 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 123 }; 124 125 /* 126 * Each active data link has a gsm_dlci structure associated which ties 127 * the link layer to an optional tty (if the tty side is open). To avoid 128 * complexity right now these are only ever freed up when the mux is 129 * shut down. 130 * 131 * At the moment we don't free DLCI objects until the mux is torn down 132 * this avoid object life time issues but might be worth review later. 133 */ 134 135 struct gsm_dlci { 136 struct gsm_mux *gsm; 137 int addr; 138 enum gsm_dlci_state state; 139 struct mutex mutex; 140 141 /* Link layer */ 142 enum gsm_dlci_mode mode; 143 spinlock_t lock; /* Protects the internal state */ 144 struct timer_list t1; /* Retransmit timer for SABM and UA */ 145 int retries; 146 /* Uplink tty if active */ 147 struct tty_port port; /* The tty bound to this DLCI if there is one */ 148 #define TX_SIZE 4096 /* Must be power of 2. */ 149 struct kfifo fifo; /* Queue fifo for the DLCI */ 150 int adaption; /* Adaption layer in use */ 151 int prev_adaption; 152 u32 modem_rx; /* Our incoming virtual modem lines */ 153 u32 modem_tx; /* Our outgoing modem lines */ 154 bool dead; /* Refuse re-open */ 155 /* Flow control */ 156 bool throttled; /* Private copy of throttle state */ 157 bool constipated; /* Throttle status for outgoing */ 158 /* Packetised I/O */ 159 struct sk_buff *skb; /* Frame being sent */ 160 struct sk_buff_head skb_list; /* Queued frames */ 161 /* Data handling callback */ 162 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 163 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 164 struct net_device *net; /* network interface, if created */ 165 }; 166 167 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 168 169 #define NUM_DLCI 64 170 171 /* 172 * DLCI 0 is used to pass control blocks out of band of the data 173 * flow (and with a higher link priority). One command can be outstanding 174 * at a time and we use this structure to manage them. They are created 175 * and destroyed by the user context, and updated by the receive paths 176 * and timers 177 */ 178 179 struct gsm_control { 180 u8 cmd; /* Command we are issuing */ 181 u8 *data; /* Data for the command in case we retransmit */ 182 int len; /* Length of block for retransmission */ 183 int done; /* Done flag */ 184 int error; /* Error if any */ 185 }; 186 187 enum gsm_mux_state { 188 GSM_SEARCH, 189 GSM_START, 190 GSM_ADDRESS, 191 GSM_CONTROL, 192 GSM_LEN, 193 GSM_DATA, 194 GSM_FCS, 195 GSM_OVERRUN, 196 GSM_LEN0, 197 GSM_LEN1, 198 GSM_SSOF, 199 }; 200 201 /* 202 * Each GSM mux we have is represented by this structure. If we are 203 * operating as an ldisc then we use this structure as our ldisc 204 * state. We need to sort out lifetimes and locking with respect 205 * to the gsm mux array. For now we don't free DLCI objects that 206 * have been instantiated until the mux itself is terminated. 207 * 208 * To consider further: tty open versus mux shutdown. 209 */ 210 211 struct gsm_mux { 212 struct tty_struct *tty; /* The tty our ldisc is bound to */ 213 spinlock_t lock; 214 struct mutex mutex; 215 unsigned int num; 216 struct kref ref; 217 218 /* Events on the GSM channel */ 219 wait_queue_head_t event; 220 221 /* ldisc send work */ 222 struct work_struct tx_work; 223 224 /* Bits for GSM mode decoding */ 225 226 /* Framing Layer */ 227 unsigned char *buf; 228 enum gsm_mux_state state; 229 unsigned int len; 230 unsigned int address; 231 unsigned int count; 232 bool escape; 233 int encoding; 234 u8 control; 235 u8 fcs; 236 u8 *txframe; /* TX framing buffer */ 237 238 /* Method for the receiver side */ 239 void (*receive)(struct gsm_mux *gsm, u8 ch); 240 241 /* Link Layer */ 242 unsigned int mru; 243 unsigned int mtu; 244 int initiator; /* Did we initiate connection */ 245 bool dead; /* Has the mux been shut down */ 246 struct gsm_dlci *dlci[NUM_DLCI]; 247 int old_c_iflag; /* termios c_iflag value before attach */ 248 bool constipated; /* Asked by remote to shut up */ 249 bool has_devices; /* Devices were registered */ 250 251 struct mutex tx_mutex; 252 unsigned int tx_bytes; /* TX data outstanding */ 253 #define TX_THRESH_HI 8192 254 #define TX_THRESH_LO 2048 255 struct list_head tx_ctrl_list; /* Pending control packets */ 256 struct list_head tx_data_list; /* Pending data packets */ 257 258 /* Control messages */ 259 struct delayed_work kick_timeout; /* Kick TX queuing on timeout */ 260 struct timer_list t2_timer; /* Retransmit timer for commands */ 261 int cretries; /* Command retry counter */ 262 struct gsm_control *pending_cmd;/* Our current pending command */ 263 spinlock_t control_lock; /* Protects the pending command */ 264 265 /* Configuration */ 266 int adaption; /* 1 or 2 supported */ 267 u8 ftype; /* UI or UIH */ 268 int t1, t2; /* Timers in 1/100th of a sec */ 269 int n2; /* Retry count */ 270 271 /* Statistics (not currently exposed) */ 272 unsigned long bad_fcs; 273 unsigned long malformed; 274 unsigned long io_error; 275 unsigned long bad_size; 276 unsigned long unsupported; 277 }; 278 279 280 /* 281 * Mux objects - needed so that we can translate a tty index into the 282 * relevant mux and DLCI. 283 */ 284 285 #define MAX_MUX 4 /* 256 minors */ 286 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 287 static DEFINE_SPINLOCK(gsm_mux_lock); 288 289 static struct tty_driver *gsm_tty_driver; 290 291 /* 292 * This section of the driver logic implements the GSM encodings 293 * both the basic and the 'advanced'. Reliable transport is not 294 * supported. 295 */ 296 297 #define CR 0x02 298 #define EA 0x01 299 #define PF 0x10 300 301 /* I is special: the rest are ..*/ 302 #define RR 0x01 303 #define UI 0x03 304 #define RNR 0x05 305 #define REJ 0x09 306 #define DM 0x0F 307 #define SABM 0x2F 308 #define DISC 0x43 309 #define UA 0x63 310 #define UIH 0xEF 311 312 /* Channel commands */ 313 #define CMD_NSC 0x09 314 #define CMD_TEST 0x11 315 #define CMD_PSC 0x21 316 #define CMD_RLS 0x29 317 #define CMD_FCOFF 0x31 318 #define CMD_PN 0x41 319 #define CMD_RPN 0x49 320 #define CMD_FCON 0x51 321 #define CMD_CLD 0x61 322 #define CMD_SNC 0x69 323 #define CMD_MSC 0x71 324 325 /* Virtual modem bits */ 326 #define MDM_FC 0x01 327 #define MDM_RTC 0x02 328 #define MDM_RTR 0x04 329 #define MDM_IC 0x20 330 #define MDM_DV 0x40 331 332 #define GSM0_SOF 0xF9 333 #define GSM1_SOF 0x7E 334 #define GSM1_ESCAPE 0x7D 335 #define GSM1_ESCAPE_BITS 0x20 336 #define XON 0x11 337 #define XOFF 0x13 338 #define ISO_IEC_646_MASK 0x7F 339 340 static const struct tty_port_operations gsm_port_ops; 341 342 /* 343 * CRC table for GSM 0710 344 */ 345 346 static const u8 gsm_fcs8[256] = { 347 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 348 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 349 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 350 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 351 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 352 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 353 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 354 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 355 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 356 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 357 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 358 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 359 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 360 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 361 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 362 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 363 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 364 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 365 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 366 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 367 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 368 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 369 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 370 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 371 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 372 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 373 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 374 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 375 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 376 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 377 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 378 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 379 }; 380 381 #define INIT_FCS 0xFF 382 #define GOOD_FCS 0xCF 383 384 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len); 385 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk); 386 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 387 u8 ctrl); 388 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg); 389 static void gsmld_write_trigger(struct gsm_mux *gsm); 390 static void gsmld_write_task(struct work_struct *work); 391 392 /** 393 * gsm_fcs_add - update FCS 394 * @fcs: Current FCS 395 * @c: Next data 396 * 397 * Update the FCS to include c. Uses the algorithm in the specification 398 * notes. 399 */ 400 401 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 402 { 403 return gsm_fcs8[fcs ^ c]; 404 } 405 406 /** 407 * gsm_fcs_add_block - update FCS for a block 408 * @fcs: Current FCS 409 * @c: buffer of data 410 * @len: length of buffer 411 * 412 * Update the FCS to include c. Uses the algorithm in the specification 413 * notes. 414 */ 415 416 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 417 { 418 while (len--) 419 fcs = gsm_fcs8[fcs ^ *c++]; 420 return fcs; 421 } 422 423 /** 424 * gsm_read_ea - read a byte into an EA 425 * @val: variable holding value 426 * @c: byte going into the EA 427 * 428 * Processes one byte of an EA. Updates the passed variable 429 * and returns 1 if the EA is now completely read 430 */ 431 432 static int gsm_read_ea(unsigned int *val, u8 c) 433 { 434 /* Add the next 7 bits into the value */ 435 *val <<= 7; 436 *val |= c >> 1; 437 /* Was this the last byte of the EA 1 = yes*/ 438 return c & EA; 439 } 440 441 /** 442 * gsm_read_ea_val - read a value until EA 443 * @val: variable holding value 444 * @data: buffer of data 445 * @dlen: length of data 446 * 447 * Processes an EA value. Updates the passed variable and 448 * returns the processed data length. 449 */ 450 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen) 451 { 452 unsigned int len = 0; 453 454 for (; dlen > 0; dlen--) { 455 len++; 456 if (gsm_read_ea(val, *data++)) 457 break; 458 } 459 return len; 460 } 461 462 /** 463 * gsm_encode_modem - encode modem data bits 464 * @dlci: DLCI to encode from 465 * 466 * Returns the correct GSM encoded modem status bits (6 bit field) for 467 * the current status of the DLCI and attached tty object 468 */ 469 470 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 471 { 472 u8 modembits = 0; 473 /* FC is true flow control not modem bits */ 474 if (dlci->throttled) 475 modembits |= MDM_FC; 476 if (dlci->modem_tx & TIOCM_DTR) 477 modembits |= MDM_RTC; 478 if (dlci->modem_tx & TIOCM_RTS) 479 modembits |= MDM_RTR; 480 if (dlci->modem_tx & TIOCM_RI) 481 modembits |= MDM_IC; 482 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator) 483 modembits |= MDM_DV; 484 return modembits; 485 } 486 487 static void gsm_hex_dump_bytes(const char *fname, const u8 *data, 488 unsigned long len) 489 { 490 char *prefix; 491 492 if (!fname) { 493 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len, 494 true); 495 return; 496 } 497 498 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname); 499 if (!prefix) 500 return; 501 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len, 502 true); 503 kfree(prefix); 504 } 505 506 /** 507 * gsm_register_devices - register all tty devices for a given mux index 508 * 509 * @driver: the tty driver that describes the tty devices 510 * @index: the mux number is used to calculate the minor numbers of the 511 * ttys for this mux and may differ from the position in the 512 * mux array. 513 */ 514 static int gsm_register_devices(struct tty_driver *driver, unsigned int index) 515 { 516 struct device *dev; 517 int i; 518 unsigned int base; 519 520 if (!driver || index >= MAX_MUX) 521 return -EINVAL; 522 523 base = index * NUM_DLCI; /* first minor for this index */ 524 for (i = 1; i < NUM_DLCI; i++) { 525 /* Don't register device 0 - this is the control channel 526 * and not a usable tty interface 527 */ 528 dev = tty_register_device(gsm_tty_driver, base + i, NULL); 529 if (IS_ERR(dev)) { 530 if (debug & 8) 531 pr_info("%s failed to register device minor %u", 532 __func__, base + i); 533 for (i--; i >= 1; i--) 534 tty_unregister_device(gsm_tty_driver, base + i); 535 return PTR_ERR(dev); 536 } 537 } 538 539 return 0; 540 } 541 542 /** 543 * gsm_unregister_devices - unregister all tty devices for a given mux index 544 * 545 * @driver: the tty driver that describes the tty devices 546 * @index: the mux number is used to calculate the minor numbers of the 547 * ttys for this mux and may differ from the position in the 548 * mux array. 549 */ 550 static void gsm_unregister_devices(struct tty_driver *driver, 551 unsigned int index) 552 { 553 int i; 554 unsigned int base; 555 556 if (!driver || index >= MAX_MUX) 557 return; 558 559 base = index * NUM_DLCI; /* first minor for this index */ 560 for (i = 1; i < NUM_DLCI; i++) { 561 /* Don't unregister device 0 - this is the control 562 * channel and not a usable tty interface 563 */ 564 tty_unregister_device(gsm_tty_driver, base + i); 565 } 566 } 567 568 /** 569 * gsm_print_packet - display a frame for debug 570 * @hdr: header to print before decode 571 * @addr: address EA from the frame 572 * @cr: C/R bit seen as initiator 573 * @control: control including PF bit 574 * @data: following data bytes 575 * @dlen: length of data 576 * 577 * Displays a packet in human readable format for debugging purposes. The 578 * style is based on amateur radio LAP-B dump display. 579 */ 580 581 static void gsm_print_packet(const char *hdr, int addr, int cr, 582 u8 control, const u8 *data, int dlen) 583 { 584 if (!(debug & 1)) 585 return; 586 587 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 588 589 switch (control & ~PF) { 590 case SABM: 591 pr_cont("SABM"); 592 break; 593 case UA: 594 pr_cont("UA"); 595 break; 596 case DISC: 597 pr_cont("DISC"); 598 break; 599 case DM: 600 pr_cont("DM"); 601 break; 602 case UI: 603 pr_cont("UI"); 604 break; 605 case UIH: 606 pr_cont("UIH"); 607 break; 608 default: 609 if (!(control & 0x01)) { 610 pr_cont("I N(S)%d N(R)%d", 611 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 612 } else switch (control & 0x0F) { 613 case RR: 614 pr_cont("RR(%d)", (control & 0xE0) >> 5); 615 break; 616 case RNR: 617 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 618 break; 619 case REJ: 620 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 621 break; 622 default: 623 pr_cont("[%02X]", control); 624 } 625 } 626 627 if (control & PF) 628 pr_cont("(P)"); 629 else 630 pr_cont("(F)"); 631 632 gsm_hex_dump_bytes(NULL, data, dlen); 633 } 634 635 636 /* 637 * Link level transmission side 638 */ 639 640 /** 641 * gsm_stuff_frame - bytestuff a packet 642 * @input: input buffer 643 * @output: output buffer 644 * @len: length of input 645 * 646 * Expand a buffer by bytestuffing it. The worst case size change 647 * is doubling and the caller is responsible for handing out 648 * suitable sized buffers. 649 */ 650 651 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 652 { 653 int olen = 0; 654 while (len--) { 655 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 656 || (*input & ISO_IEC_646_MASK) == XON 657 || (*input & ISO_IEC_646_MASK) == XOFF) { 658 *output++ = GSM1_ESCAPE; 659 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 660 olen++; 661 } else 662 *output++ = *input++; 663 olen++; 664 } 665 return olen; 666 } 667 668 /** 669 * gsm_send - send a control frame 670 * @gsm: our GSM mux 671 * @addr: address for control frame 672 * @cr: command/response bit seen as initiator 673 * @control: control byte including PF bit 674 * 675 * Format up and transmit a control frame. These should be transmitted 676 * ahead of data when they are needed. 677 */ 678 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 679 { 680 struct gsm_msg *msg; 681 u8 *dp; 682 int ocr; 683 684 msg = gsm_data_alloc(gsm, addr, 0, control); 685 if (!msg) 686 return -ENOMEM; 687 688 /* toggle C/R coding if not initiator */ 689 ocr = cr ^ (gsm->initiator ? 0 : 1); 690 691 msg->data -= 3; 692 dp = msg->data; 693 *dp++ = (addr << 2) | (ocr << 1) | EA; 694 *dp++ = control; 695 696 if (gsm->encoding == 0) 697 *dp++ = EA; /* Length of data = 0 */ 698 699 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data); 700 msg->len = (dp - msg->data) + 1; 701 702 gsm_print_packet("Q->", addr, cr, control, NULL, 0); 703 704 mutex_lock(&gsm->tx_mutex); 705 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 706 gsm->tx_bytes += msg->len; 707 mutex_unlock(&gsm->tx_mutex); 708 gsmld_write_trigger(gsm); 709 710 return 0; 711 } 712 713 /** 714 * gsm_dlci_clear_queues - remove outstanding data for a DLCI 715 * @gsm: mux 716 * @dlci: clear for this DLCI 717 * 718 * Clears the data queues for a given DLCI. 719 */ 720 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci) 721 { 722 struct gsm_msg *msg, *nmsg; 723 int addr = dlci->addr; 724 unsigned long flags; 725 726 /* Clear DLCI write fifo first */ 727 spin_lock_irqsave(&dlci->lock, flags); 728 kfifo_reset(&dlci->fifo); 729 spin_unlock_irqrestore(&dlci->lock, flags); 730 731 /* Clear data packets in MUX write queue */ 732 mutex_lock(&gsm->tx_mutex); 733 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 734 if (msg->addr != addr) 735 continue; 736 gsm->tx_bytes -= msg->len; 737 list_del(&msg->list); 738 kfree(msg); 739 } 740 mutex_unlock(&gsm->tx_mutex); 741 } 742 743 /** 744 * gsm_response - send a control response 745 * @gsm: our GSM mux 746 * @addr: address for control frame 747 * @control: control byte including PF bit 748 * 749 * Format up and transmit a link level response frame. 750 */ 751 752 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 753 { 754 gsm_send(gsm, addr, 0, control); 755 } 756 757 /** 758 * gsm_command - send a control command 759 * @gsm: our GSM mux 760 * @addr: address for control frame 761 * @control: control byte including PF bit 762 * 763 * Format up and transmit a link level command frame. 764 */ 765 766 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 767 { 768 gsm_send(gsm, addr, 1, control); 769 } 770 771 /* Data transmission */ 772 773 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 774 775 /** 776 * gsm_data_alloc - allocate data frame 777 * @gsm: GSM mux 778 * @addr: DLCI address 779 * @len: length excluding header and FCS 780 * @ctrl: control byte 781 * 782 * Allocate a new data buffer for sending frames with data. Space is left 783 * at the front for header bytes but that is treated as an implementation 784 * detail and not for the high level code to use 785 */ 786 787 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 788 u8 ctrl) 789 { 790 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 791 GFP_ATOMIC); 792 if (m == NULL) 793 return NULL; 794 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 795 m->len = len; 796 m->addr = addr; 797 m->ctrl = ctrl; 798 INIT_LIST_HEAD(&m->list); 799 return m; 800 } 801 802 /** 803 * gsm_send_packet - sends a single packet 804 * @gsm: GSM Mux 805 * @msg: packet to send 806 * 807 * The given packet is encoded and sent out. No memory is freed. 808 * The caller must hold the gsm tx lock. 809 */ 810 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg) 811 { 812 int len, ret; 813 814 815 if (gsm->encoding == 0) { 816 gsm->txframe[0] = GSM0_SOF; 817 memcpy(gsm->txframe + 1, msg->data, msg->len); 818 gsm->txframe[msg->len + 1] = GSM0_SOF; 819 len = msg->len + 2; 820 } else { 821 gsm->txframe[0] = GSM1_SOF; 822 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len); 823 gsm->txframe[len + 1] = GSM1_SOF; 824 len += 2; 825 } 826 827 if (debug & 4) 828 gsm_hex_dump_bytes(__func__, gsm->txframe, len); 829 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data, 830 msg->len); 831 832 ret = gsmld_output(gsm, gsm->txframe, len); 833 if (ret <= 0) 834 return ret; 835 /* FIXME: Can eliminate one SOF in many more cases */ 836 gsm->tx_bytes -= msg->len; 837 838 return 0; 839 } 840 841 /** 842 * gsm_is_flow_ctrl_msg - checks if flow control message 843 * @msg: message to check 844 * 845 * Returns true if the given message is a flow control command of the 846 * control channel. False is returned in any other case. 847 */ 848 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg) 849 { 850 unsigned int cmd; 851 852 if (msg->addr > 0) 853 return false; 854 855 switch (msg->ctrl & ~PF) { 856 case UI: 857 case UIH: 858 cmd = 0; 859 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1) 860 break; 861 switch (cmd & ~PF) { 862 case CMD_FCOFF: 863 case CMD_FCON: 864 return true; 865 } 866 break; 867 } 868 869 return false; 870 } 871 872 /** 873 * gsm_data_kick - poke the queue 874 * @gsm: GSM Mux 875 * 876 * The tty device has called us to indicate that room has appeared in 877 * the transmit queue. Ram more data into the pipe if we have any. 878 * If we have been flow-stopped by a CMD_FCOFF, then we can only 879 * send messages on DLCI0 until CMD_FCON. The caller must hold 880 * the gsm tx lock. 881 */ 882 static int gsm_data_kick(struct gsm_mux *gsm) 883 { 884 struct gsm_msg *msg, *nmsg; 885 struct gsm_dlci *dlci; 886 int ret; 887 888 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 889 890 /* Serialize control messages and control channel messages first */ 891 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) { 892 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg)) 893 continue; 894 ret = gsm_send_packet(gsm, msg); 895 switch (ret) { 896 case -ENOSPC: 897 return -ENOSPC; 898 case -ENODEV: 899 /* ldisc not open */ 900 gsm->tx_bytes -= msg->len; 901 list_del(&msg->list); 902 kfree(msg); 903 continue; 904 default: 905 if (ret >= 0) { 906 list_del(&msg->list); 907 kfree(msg); 908 } 909 break; 910 } 911 } 912 913 if (gsm->constipated) 914 return -EAGAIN; 915 916 /* Serialize other channels */ 917 if (list_empty(&gsm->tx_data_list)) 918 return 0; 919 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 920 dlci = gsm->dlci[msg->addr]; 921 /* Send only messages for DLCIs with valid state */ 922 if (dlci->state != DLCI_OPEN) { 923 gsm->tx_bytes -= msg->len; 924 list_del(&msg->list); 925 kfree(msg); 926 continue; 927 } 928 ret = gsm_send_packet(gsm, msg); 929 switch (ret) { 930 case -ENOSPC: 931 return -ENOSPC; 932 case -ENODEV: 933 /* ldisc not open */ 934 gsm->tx_bytes -= msg->len; 935 list_del(&msg->list); 936 kfree(msg); 937 continue; 938 default: 939 if (ret >= 0) { 940 list_del(&msg->list); 941 kfree(msg); 942 } 943 break; 944 } 945 } 946 947 return 1; 948 } 949 950 /** 951 * __gsm_data_queue - queue a UI or UIH frame 952 * @dlci: DLCI sending the data 953 * @msg: message queued 954 * 955 * Add data to the transmit queue and try and get stuff moving 956 * out of the mux tty if not already doing so. The Caller must hold 957 * the gsm tx lock. 958 */ 959 960 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 961 { 962 struct gsm_mux *gsm = dlci->gsm; 963 u8 *dp = msg->data; 964 u8 *fcs = dp + msg->len; 965 966 /* Fill in the header */ 967 if (gsm->encoding == 0) { 968 if (msg->len < 128) 969 *--dp = (msg->len << 1) | EA; 970 else { 971 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 972 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 973 } 974 } 975 976 *--dp = msg->ctrl; 977 if (gsm->initiator) 978 *--dp = (msg->addr << 2) | CR | EA; 979 else 980 *--dp = (msg->addr << 2) | EA; 981 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 982 /* Ugly protocol layering violation */ 983 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 984 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 985 *fcs = 0xFF - *fcs; 986 987 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 988 msg->data, msg->len); 989 990 /* Move the header back and adjust the length, also allow for the FCS 991 now tacked on the end */ 992 msg->len += (msg->data - dp) + 1; 993 msg->data = dp; 994 995 /* Add to the actual output queue */ 996 switch (msg->ctrl & ~PF) { 997 case UI: 998 case UIH: 999 if (msg->addr > 0) { 1000 list_add_tail(&msg->list, &gsm->tx_data_list); 1001 break; 1002 } 1003 fallthrough; 1004 default: 1005 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 1006 break; 1007 } 1008 gsm->tx_bytes += msg->len; 1009 1010 gsmld_write_trigger(gsm); 1011 schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100); 1012 } 1013 1014 /** 1015 * gsm_data_queue - queue a UI or UIH frame 1016 * @dlci: DLCI sending the data 1017 * @msg: message queued 1018 * 1019 * Add data to the transmit queue and try and get stuff moving 1020 * out of the mux tty if not already doing so. Take the 1021 * the gsm tx lock and dlci lock. 1022 */ 1023 1024 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 1025 { 1026 mutex_lock(&dlci->gsm->tx_mutex); 1027 __gsm_data_queue(dlci, msg); 1028 mutex_unlock(&dlci->gsm->tx_mutex); 1029 } 1030 1031 /** 1032 * gsm_dlci_data_output - try and push data out of a DLCI 1033 * @gsm: mux 1034 * @dlci: the DLCI to pull data from 1035 * 1036 * Pull data from a DLCI and send it into the transmit queue if there 1037 * is data. Keep to the MRU of the mux. This path handles the usual tty 1038 * interface which is a byte stream with optional modem data. 1039 * 1040 * Caller must hold the tx_mutex of the mux. 1041 */ 1042 1043 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 1044 { 1045 struct gsm_msg *msg; 1046 u8 *dp; 1047 int h, len, size; 1048 1049 /* for modem bits without break data */ 1050 h = ((dlci->adaption == 1) ? 0 : 1); 1051 1052 len = kfifo_len(&dlci->fifo); 1053 if (len == 0) 1054 return 0; 1055 1056 /* MTU/MRU count only the data bits but watch adaption mode */ 1057 if ((len + h) > gsm->mtu) 1058 len = gsm->mtu - h; 1059 1060 size = len + h; 1061 1062 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 1063 if (!msg) 1064 return -ENOMEM; 1065 dp = msg->data; 1066 switch (dlci->adaption) { 1067 case 1: /* Unstructured */ 1068 break; 1069 case 2: /* Unstructured with modem bits. 1070 * Always one byte as we never send inline break data 1071 */ 1072 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1073 break; 1074 default: 1075 pr_err("%s: unsupported adaption %d\n", __func__, 1076 dlci->adaption); 1077 break; 1078 } 1079 1080 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len, 1081 &dlci->lock)); 1082 1083 /* Notify upper layer about available send space. */ 1084 tty_port_tty_wakeup(&dlci->port); 1085 1086 __gsm_data_queue(dlci, msg); 1087 /* Bytes of data we used up */ 1088 return size; 1089 } 1090 1091 /** 1092 * gsm_dlci_data_output_framed - try and push data out of a DLCI 1093 * @gsm: mux 1094 * @dlci: the DLCI to pull data from 1095 * 1096 * Pull data from a DLCI and send it into the transmit queue if there 1097 * is data. Keep to the MRU of the mux. This path handles framed data 1098 * queued as skbuffs to the DLCI. 1099 * 1100 * Caller must hold the tx_mutex of the mux. 1101 */ 1102 1103 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 1104 struct gsm_dlci *dlci) 1105 { 1106 struct gsm_msg *msg; 1107 u8 *dp; 1108 int len, size; 1109 int last = 0, first = 0; 1110 int overhead = 0; 1111 1112 /* One byte per frame is used for B/F flags */ 1113 if (dlci->adaption == 4) 1114 overhead = 1; 1115 1116 /* dlci->skb is locked by tx_mutex */ 1117 if (dlci->skb == NULL) { 1118 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 1119 if (dlci->skb == NULL) 1120 return 0; 1121 first = 1; 1122 } 1123 len = dlci->skb->len + overhead; 1124 1125 /* MTU/MRU count only the data bits */ 1126 if (len > gsm->mtu) { 1127 if (dlci->adaption == 3) { 1128 /* Over long frame, bin it */ 1129 dev_kfree_skb_any(dlci->skb); 1130 dlci->skb = NULL; 1131 return 0; 1132 } 1133 len = gsm->mtu; 1134 } else 1135 last = 1; 1136 1137 size = len + overhead; 1138 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 1139 if (msg == NULL) { 1140 skb_queue_tail(&dlci->skb_list, dlci->skb); 1141 dlci->skb = NULL; 1142 return -ENOMEM; 1143 } 1144 dp = msg->data; 1145 1146 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 1147 /* Flag byte to carry the start/end info */ 1148 *dp++ = last << 7 | first << 6 | 1; /* EA */ 1149 len--; 1150 } 1151 memcpy(dp, dlci->skb->data, len); 1152 skb_pull(dlci->skb, len); 1153 __gsm_data_queue(dlci, msg); 1154 if (last) { 1155 dev_kfree_skb_any(dlci->skb); 1156 dlci->skb = NULL; 1157 } 1158 return size; 1159 } 1160 1161 /** 1162 * gsm_dlci_modem_output - try and push modem status out of a DLCI 1163 * @gsm: mux 1164 * @dlci: the DLCI to pull modem status from 1165 * @brk: break signal 1166 * 1167 * Push an empty frame in to the transmit queue to update the modem status 1168 * bits and to transmit an optional break. 1169 * 1170 * Caller must hold the tx_mutex of the mux. 1171 */ 1172 1173 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci, 1174 u8 brk) 1175 { 1176 u8 *dp = NULL; 1177 struct gsm_msg *msg; 1178 int size = 0; 1179 1180 /* for modem bits without break data */ 1181 switch (dlci->adaption) { 1182 case 1: /* Unstructured */ 1183 break; 1184 case 2: /* Unstructured with modem bits. */ 1185 size++; 1186 if (brk > 0) 1187 size++; 1188 break; 1189 default: 1190 pr_err("%s: unsupported adaption %d\n", __func__, 1191 dlci->adaption); 1192 return -EINVAL; 1193 } 1194 1195 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype); 1196 if (!msg) { 1197 pr_err("%s: gsm_data_alloc error", __func__); 1198 return -ENOMEM; 1199 } 1200 dp = msg->data; 1201 switch (dlci->adaption) { 1202 case 1: /* Unstructured */ 1203 break; 1204 case 2: /* Unstructured with modem bits. */ 1205 if (brk == 0) { 1206 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1207 } else { 1208 *dp++ = gsm_encode_modem(dlci) << 1; 1209 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */ 1210 } 1211 break; 1212 default: 1213 /* Handled above */ 1214 break; 1215 } 1216 1217 __gsm_data_queue(dlci, msg); 1218 return size; 1219 } 1220 1221 /** 1222 * gsm_dlci_data_sweep - look for data to send 1223 * @gsm: the GSM mux 1224 * 1225 * Sweep the GSM mux channels in priority order looking for ones with 1226 * data to send. We could do with optimising this scan a bit. We aim 1227 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 1228 * TX_THRESH_LO we get called again 1229 * 1230 * FIXME: We should round robin between groups and in theory you can 1231 * renegotiate DLCI priorities with optional stuff. Needs optimising. 1232 */ 1233 1234 static int gsm_dlci_data_sweep(struct gsm_mux *gsm) 1235 { 1236 /* Priority ordering: We should do priority with RR of the groups */ 1237 int i, len, ret = 0; 1238 bool sent; 1239 struct gsm_dlci *dlci; 1240 1241 while (gsm->tx_bytes < TX_THRESH_HI) { 1242 for (sent = false, i = 1; i < NUM_DLCI; i++) { 1243 dlci = gsm->dlci[i]; 1244 /* skip unused or blocked channel */ 1245 if (!dlci || dlci->constipated) 1246 continue; 1247 /* skip channels with invalid state */ 1248 if (dlci->state != DLCI_OPEN) 1249 continue; 1250 /* count the sent data per adaption */ 1251 if (dlci->adaption < 3 && !dlci->net) 1252 len = gsm_dlci_data_output(gsm, dlci); 1253 else 1254 len = gsm_dlci_data_output_framed(gsm, dlci); 1255 /* on error exit */ 1256 if (len < 0) 1257 return ret; 1258 if (len > 0) { 1259 ret++; 1260 sent = true; 1261 /* The lower DLCs can starve the higher DLCs! */ 1262 break; 1263 } 1264 /* try next */ 1265 } 1266 if (!sent) 1267 break; 1268 }; 1269 1270 return ret; 1271 } 1272 1273 /** 1274 * gsm_dlci_data_kick - transmit if possible 1275 * @dlci: DLCI to kick 1276 * 1277 * Transmit data from this DLCI if the queue is empty. We can't rely on 1278 * a tty wakeup except when we filled the pipe so we need to fire off 1279 * new data ourselves in other cases. 1280 */ 1281 1282 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 1283 { 1284 int sweep; 1285 1286 if (dlci->constipated) 1287 return; 1288 1289 mutex_lock(&dlci->gsm->tx_mutex); 1290 /* If we have nothing running then we need to fire up */ 1291 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 1292 if (dlci->gsm->tx_bytes == 0) { 1293 if (dlci->net) 1294 gsm_dlci_data_output_framed(dlci->gsm, dlci); 1295 else 1296 gsm_dlci_data_output(dlci->gsm, dlci); 1297 } 1298 if (sweep) 1299 gsm_dlci_data_sweep(dlci->gsm); 1300 mutex_unlock(&dlci->gsm->tx_mutex); 1301 } 1302 1303 /* 1304 * Control message processing 1305 */ 1306 1307 1308 /** 1309 * gsm_control_reply - send a response frame to a control 1310 * @gsm: gsm channel 1311 * @cmd: the command to use 1312 * @data: data to follow encoded info 1313 * @dlen: length of data 1314 * 1315 * Encode up and queue a UI/UIH frame containing our response. 1316 */ 1317 1318 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 1319 int dlen) 1320 { 1321 struct gsm_msg *msg; 1322 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype); 1323 if (msg == NULL) 1324 return; 1325 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 1326 msg->data[1] = (dlen << 1) | EA; 1327 memcpy(msg->data + 2, data, dlen); 1328 gsm_data_queue(gsm->dlci[0], msg); 1329 } 1330 1331 /** 1332 * gsm_process_modem - process received modem status 1333 * @tty: virtual tty bound to the DLCI 1334 * @dlci: DLCI to affect 1335 * @modem: modem bits (full EA) 1336 * @slen: number of signal octets 1337 * 1338 * Used when a modem control message or line state inline in adaption 1339 * layer 2 is processed. Sort out the local modem state and throttles 1340 */ 1341 1342 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1343 u32 modem, int slen) 1344 { 1345 int mlines = 0; 1346 u8 brk = 0; 1347 int fc; 1348 1349 /* The modem status command can either contain one octet (V.24 signals) 1350 * or two octets (V.24 signals + break signals). This is specified in 1351 * section 5.4.6.3.7 of the 07.10 mux spec. 1352 */ 1353 1354 if (slen == 1) 1355 modem = modem & 0x7f; 1356 else { 1357 brk = modem & 0x7f; 1358 modem = (modem >> 7) & 0x7f; 1359 } 1360 1361 /* Flow control/ready to communicate */ 1362 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1363 if (fc && !dlci->constipated) { 1364 /* Need to throttle our output on this device */ 1365 dlci->constipated = true; 1366 } else if (!fc && dlci->constipated) { 1367 dlci->constipated = false; 1368 gsm_dlci_data_kick(dlci); 1369 } 1370 1371 /* Map modem bits */ 1372 if (modem & MDM_RTC) 1373 mlines |= TIOCM_DSR | TIOCM_DTR; 1374 if (modem & MDM_RTR) 1375 mlines |= TIOCM_RTS | TIOCM_CTS; 1376 if (modem & MDM_IC) 1377 mlines |= TIOCM_RI; 1378 if (modem & MDM_DV) 1379 mlines |= TIOCM_CD; 1380 1381 /* Carrier drop -> hangup */ 1382 if (tty) { 1383 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1384 if (!C_CLOCAL(tty)) 1385 tty_hangup(tty); 1386 } 1387 if (brk & 0x01) 1388 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1389 dlci->modem_rx = mlines; 1390 } 1391 1392 /** 1393 * gsm_control_modem - modem status received 1394 * @gsm: GSM channel 1395 * @data: data following command 1396 * @clen: command length 1397 * 1398 * We have received a modem status control message. This is used by 1399 * the GSM mux protocol to pass virtual modem line status and optionally 1400 * to indicate break signals. Unpack it, convert to Linux representation 1401 * and if need be stuff a break message down the tty. 1402 */ 1403 1404 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1405 { 1406 unsigned int addr = 0; 1407 unsigned int modem = 0; 1408 struct gsm_dlci *dlci; 1409 int len = clen; 1410 int slen; 1411 const u8 *dp = data; 1412 struct tty_struct *tty; 1413 1414 while (gsm_read_ea(&addr, *dp++) == 0) { 1415 len--; 1416 if (len == 0) 1417 return; 1418 } 1419 /* Must be at least one byte following the EA */ 1420 len--; 1421 if (len <= 0) 1422 return; 1423 1424 addr >>= 1; 1425 /* Closed port, or invalid ? */ 1426 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1427 return; 1428 dlci = gsm->dlci[addr]; 1429 1430 slen = len; 1431 while (gsm_read_ea(&modem, *dp++) == 0) { 1432 len--; 1433 if (len == 0) 1434 return; 1435 } 1436 len--; 1437 tty = tty_port_tty_get(&dlci->port); 1438 gsm_process_modem(tty, dlci, modem, slen - len); 1439 if (tty) { 1440 tty_wakeup(tty); 1441 tty_kref_put(tty); 1442 } 1443 gsm_control_reply(gsm, CMD_MSC, data, clen); 1444 } 1445 1446 /** 1447 * gsm_control_rls - remote line status 1448 * @gsm: GSM channel 1449 * @data: data bytes 1450 * @clen: data length 1451 * 1452 * The modem sends us a two byte message on the control channel whenever 1453 * it wishes to send us an error state from the virtual link. Stuff 1454 * this into the uplink tty if present 1455 */ 1456 1457 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1458 { 1459 struct tty_port *port; 1460 unsigned int addr = 0; 1461 u8 bits; 1462 int len = clen; 1463 const u8 *dp = data; 1464 1465 while (gsm_read_ea(&addr, *dp++) == 0) { 1466 len--; 1467 if (len == 0) 1468 return; 1469 } 1470 /* Must be at least one byte following ea */ 1471 len--; 1472 if (len <= 0) 1473 return; 1474 addr >>= 1; 1475 /* Closed port, or invalid ? */ 1476 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1477 return; 1478 /* No error ? */ 1479 bits = *dp; 1480 if ((bits & 1) == 0) 1481 return; 1482 1483 port = &gsm->dlci[addr]->port; 1484 1485 if (bits & 2) 1486 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1487 if (bits & 4) 1488 tty_insert_flip_char(port, 0, TTY_PARITY); 1489 if (bits & 8) 1490 tty_insert_flip_char(port, 0, TTY_FRAME); 1491 1492 tty_flip_buffer_push(port); 1493 1494 gsm_control_reply(gsm, CMD_RLS, data, clen); 1495 } 1496 1497 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1498 1499 /** 1500 * gsm_control_message - DLCI 0 control processing 1501 * @gsm: our GSM mux 1502 * @command: the command EA 1503 * @data: data beyond the command/length EAs 1504 * @clen: length 1505 * 1506 * Input processor for control messages from the other end of the link. 1507 * Processes the incoming request and queues a response frame or an 1508 * NSC response if not supported 1509 */ 1510 1511 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1512 const u8 *data, int clen) 1513 { 1514 u8 buf[1]; 1515 1516 switch (command) { 1517 case CMD_CLD: { 1518 struct gsm_dlci *dlci = gsm->dlci[0]; 1519 /* Modem wishes to close down */ 1520 if (dlci) { 1521 dlci->dead = true; 1522 gsm->dead = true; 1523 gsm_dlci_begin_close(dlci); 1524 } 1525 } 1526 break; 1527 case CMD_TEST: 1528 /* Modem wishes to test, reply with the data */ 1529 gsm_control_reply(gsm, CMD_TEST, data, clen); 1530 break; 1531 case CMD_FCON: 1532 /* Modem can accept data again */ 1533 gsm->constipated = false; 1534 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1535 /* Kick the link in case it is idling */ 1536 gsmld_write_trigger(gsm); 1537 break; 1538 case CMD_FCOFF: 1539 /* Modem wants us to STFU */ 1540 gsm->constipated = true; 1541 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1542 break; 1543 case CMD_MSC: 1544 /* Out of band modem line change indicator for a DLCI */ 1545 gsm_control_modem(gsm, data, clen); 1546 break; 1547 case CMD_RLS: 1548 /* Out of band error reception for a DLCI */ 1549 gsm_control_rls(gsm, data, clen); 1550 break; 1551 case CMD_PSC: 1552 /* Modem wishes to enter power saving state */ 1553 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1554 break; 1555 /* Optional unsupported commands */ 1556 case CMD_PN: /* Parameter negotiation */ 1557 case CMD_RPN: /* Remote port negotiation */ 1558 case CMD_SNC: /* Service negotiation command */ 1559 default: 1560 /* Reply to bad commands with an NSC */ 1561 buf[0] = command; 1562 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1563 break; 1564 } 1565 } 1566 1567 /** 1568 * gsm_control_response - process a response to our control 1569 * @gsm: our GSM mux 1570 * @command: the command (response) EA 1571 * @data: data beyond the command/length EA 1572 * @clen: length 1573 * 1574 * Process a response to an outstanding command. We only allow a single 1575 * control message in flight so this is fairly easy. All the clean up 1576 * is done by the caller, we just update the fields, flag it as done 1577 * and return 1578 */ 1579 1580 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1581 const u8 *data, int clen) 1582 { 1583 struct gsm_control *ctrl; 1584 unsigned long flags; 1585 1586 spin_lock_irqsave(&gsm->control_lock, flags); 1587 1588 ctrl = gsm->pending_cmd; 1589 /* Does the reply match our command */ 1590 command |= 1; 1591 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1592 /* Our command was replied to, kill the retry timer */ 1593 del_timer(&gsm->t2_timer); 1594 gsm->pending_cmd = NULL; 1595 /* Rejected by the other end */ 1596 if (command == CMD_NSC) 1597 ctrl->error = -EOPNOTSUPP; 1598 ctrl->done = 1; 1599 wake_up(&gsm->event); 1600 } 1601 spin_unlock_irqrestore(&gsm->control_lock, flags); 1602 } 1603 1604 /** 1605 * gsm_control_transmit - send control packet 1606 * @gsm: gsm mux 1607 * @ctrl: frame to send 1608 * 1609 * Send out a pending control command (called under control lock) 1610 */ 1611 1612 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 1613 { 1614 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype); 1615 if (msg == NULL) 1616 return; 1617 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */ 1618 msg->data[1] = (ctrl->len << 1) | EA; 1619 memcpy(msg->data + 2, ctrl->data, ctrl->len); 1620 gsm_data_queue(gsm->dlci[0], msg); 1621 } 1622 1623 /** 1624 * gsm_control_retransmit - retransmit a control frame 1625 * @t: timer contained in our gsm object 1626 * 1627 * Called off the T2 timer expiry in order to retransmit control frames 1628 * that have been lost in the system somewhere. The control_lock protects 1629 * us from colliding with another sender or a receive completion event. 1630 * In that situation the timer may still occur in a small window but 1631 * gsm->pending_cmd will be NULL and we just let the timer expire. 1632 */ 1633 1634 static void gsm_control_retransmit(struct timer_list *t) 1635 { 1636 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer); 1637 struct gsm_control *ctrl; 1638 unsigned long flags; 1639 spin_lock_irqsave(&gsm->control_lock, flags); 1640 ctrl = gsm->pending_cmd; 1641 if (ctrl) { 1642 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) { 1643 gsm->pending_cmd = NULL; 1644 ctrl->error = -ETIMEDOUT; 1645 ctrl->done = 1; 1646 spin_unlock_irqrestore(&gsm->control_lock, flags); 1647 wake_up(&gsm->event); 1648 return; 1649 } 1650 gsm->cretries--; 1651 gsm_control_transmit(gsm, ctrl); 1652 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1653 } 1654 spin_unlock_irqrestore(&gsm->control_lock, flags); 1655 } 1656 1657 /** 1658 * gsm_control_send - send a control frame on DLCI 0 1659 * @gsm: the GSM channel 1660 * @command: command to send including CR bit 1661 * @data: bytes of data (must be kmalloced) 1662 * @clen: length of the block to send 1663 * 1664 * Queue and dispatch a control command. Only one command can be 1665 * active at a time. In theory more can be outstanding but the matching 1666 * gets really complicated so for now stick to one outstanding. 1667 */ 1668 1669 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 1670 unsigned int command, u8 *data, int clen) 1671 { 1672 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control), 1673 GFP_KERNEL); 1674 unsigned long flags; 1675 if (ctrl == NULL) 1676 return NULL; 1677 retry: 1678 wait_event(gsm->event, gsm->pending_cmd == NULL); 1679 spin_lock_irqsave(&gsm->control_lock, flags); 1680 if (gsm->pending_cmd != NULL) { 1681 spin_unlock_irqrestore(&gsm->control_lock, flags); 1682 goto retry; 1683 } 1684 ctrl->cmd = command; 1685 ctrl->data = data; 1686 ctrl->len = clen; 1687 gsm->pending_cmd = ctrl; 1688 1689 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 1690 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 1691 gsm->cretries = 0; 1692 else 1693 gsm->cretries = gsm->n2; 1694 1695 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 1696 gsm_control_transmit(gsm, ctrl); 1697 spin_unlock_irqrestore(&gsm->control_lock, flags); 1698 return ctrl; 1699 } 1700 1701 /** 1702 * gsm_control_wait - wait for a control to finish 1703 * @gsm: GSM mux 1704 * @control: control we are waiting on 1705 * 1706 * Waits for the control to complete or time out. Frees any used 1707 * resources and returns 0 for success, or an error if the remote 1708 * rejected or ignored the request. 1709 */ 1710 1711 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 1712 { 1713 int err; 1714 wait_event(gsm->event, control->done == 1); 1715 err = control->error; 1716 kfree(control); 1717 return err; 1718 } 1719 1720 1721 /* 1722 * DLCI level handling: Needs krefs 1723 */ 1724 1725 /* 1726 * State transitions and timers 1727 */ 1728 1729 /** 1730 * gsm_dlci_close - a DLCI has closed 1731 * @dlci: DLCI that closed 1732 * 1733 * Perform processing when moving a DLCI into closed state. If there 1734 * is an attached tty this is hung up 1735 */ 1736 1737 static void gsm_dlci_close(struct gsm_dlci *dlci) 1738 { 1739 del_timer(&dlci->t1); 1740 if (debug & 8) 1741 pr_debug("DLCI %d goes closed.\n", dlci->addr); 1742 dlci->state = DLCI_CLOSED; 1743 /* Prevent us from sending data before the link is up again */ 1744 dlci->constipated = true; 1745 if (dlci->addr != 0) { 1746 tty_port_tty_hangup(&dlci->port, false); 1747 gsm_dlci_clear_queues(dlci->gsm, dlci); 1748 /* Ensure that gsmtty_open() can return. */ 1749 tty_port_set_initialized(&dlci->port, 0); 1750 wake_up_interruptible(&dlci->port.open_wait); 1751 } else 1752 dlci->gsm->dead = true; 1753 /* A DLCI 0 close is a MUX termination so we need to kick that 1754 back to userspace somehow */ 1755 gsm_dlci_data_kick(dlci); 1756 wake_up(&dlci->gsm->event); 1757 } 1758 1759 /** 1760 * gsm_dlci_open - a DLCI has opened 1761 * @dlci: DLCI that opened 1762 * 1763 * Perform processing when moving a DLCI into open state. 1764 */ 1765 1766 static void gsm_dlci_open(struct gsm_dlci *dlci) 1767 { 1768 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 1769 open -> open */ 1770 del_timer(&dlci->t1); 1771 /* This will let a tty open continue */ 1772 dlci->state = DLCI_OPEN; 1773 dlci->constipated = false; 1774 if (debug & 8) 1775 pr_debug("DLCI %d goes open.\n", dlci->addr); 1776 /* Send current modem state */ 1777 if (dlci->addr) 1778 gsm_modem_update(dlci, 0); 1779 gsm_dlci_data_kick(dlci); 1780 wake_up(&dlci->gsm->event); 1781 } 1782 1783 /** 1784 * gsm_dlci_t1 - T1 timer expiry 1785 * @t: timer contained in the DLCI that opened 1786 * 1787 * The T1 timer handles retransmits of control frames (essentially of 1788 * SABM and DISC). We resend the command until the retry count runs out 1789 * in which case an opening port goes back to closed and a closing port 1790 * is simply put into closed state (any further frames from the other 1791 * end will get a DM response) 1792 * 1793 * Some control dlci can stay in ADM mode with other dlci working just 1794 * fine. In that case we can just keep the control dlci open after the 1795 * DLCI_OPENING retries time out. 1796 */ 1797 1798 static void gsm_dlci_t1(struct timer_list *t) 1799 { 1800 struct gsm_dlci *dlci = from_timer(dlci, t, t1); 1801 struct gsm_mux *gsm = dlci->gsm; 1802 1803 switch (dlci->state) { 1804 case DLCI_OPENING: 1805 if (dlci->retries) { 1806 dlci->retries--; 1807 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1808 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1809 } else if (!dlci->addr && gsm->control == (DM | PF)) { 1810 if (debug & 8) 1811 pr_info("DLCI %d opening in ADM mode.\n", 1812 dlci->addr); 1813 dlci->mode = DLCI_MODE_ADM; 1814 gsm_dlci_open(dlci); 1815 } else { 1816 gsm_dlci_begin_close(dlci); /* prevent half open link */ 1817 } 1818 1819 break; 1820 case DLCI_CLOSING: 1821 if (dlci->retries) { 1822 dlci->retries--; 1823 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1824 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1825 } else 1826 gsm_dlci_close(dlci); 1827 break; 1828 default: 1829 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 1830 break; 1831 } 1832 } 1833 1834 /** 1835 * gsm_dlci_begin_open - start channel open procedure 1836 * @dlci: DLCI to open 1837 * 1838 * Commence opening a DLCI from the Linux side. We issue SABM messages 1839 * to the modem which should then reply with a UA or ADM, at which point 1840 * we will move into open state. Opening is done asynchronously with retry 1841 * running off timers and the responses. 1842 */ 1843 1844 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 1845 { 1846 struct gsm_mux *gsm = dlci->gsm; 1847 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING) 1848 return; 1849 dlci->retries = gsm->n2; 1850 dlci->state = DLCI_OPENING; 1851 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 1852 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1853 } 1854 1855 /** 1856 * gsm_dlci_set_opening - change state to opening 1857 * @dlci: DLCI to open 1858 * 1859 * Change internal state to wait for DLCI open from initiator side. 1860 * We set off timers and responses upon reception of an SABM. 1861 */ 1862 static void gsm_dlci_set_opening(struct gsm_dlci *dlci) 1863 { 1864 switch (dlci->state) { 1865 case DLCI_CLOSED: 1866 case DLCI_CLOSING: 1867 dlci->state = DLCI_OPENING; 1868 break; 1869 default: 1870 break; 1871 } 1872 } 1873 1874 /** 1875 * gsm_dlci_begin_close - start channel open procedure 1876 * @dlci: DLCI to open 1877 * 1878 * Commence closing a DLCI from the Linux side. We issue DISC messages 1879 * to the modem which should then reply with a UA, at which point we 1880 * will move into closed state. Closing is done asynchronously with retry 1881 * off timers. We may also receive a DM reply from the other end which 1882 * indicates the channel was already closed. 1883 */ 1884 1885 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 1886 { 1887 struct gsm_mux *gsm = dlci->gsm; 1888 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 1889 return; 1890 dlci->retries = gsm->n2; 1891 dlci->state = DLCI_CLOSING; 1892 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 1893 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1894 } 1895 1896 /** 1897 * gsm_dlci_data - data arrived 1898 * @dlci: channel 1899 * @data: block of bytes received 1900 * @clen: length of received block 1901 * 1902 * A UI or UIH frame has arrived which contains data for a channel 1903 * other than the control channel. If the relevant virtual tty is 1904 * open we shovel the bits down it, if not we drop them. 1905 */ 1906 1907 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 1908 { 1909 /* krefs .. */ 1910 struct tty_port *port = &dlci->port; 1911 struct tty_struct *tty; 1912 unsigned int modem = 0; 1913 int len = clen; 1914 int slen = 0; 1915 1916 if (debug & 16) 1917 pr_debug("%d bytes for tty\n", len); 1918 switch (dlci->adaption) { 1919 /* Unsupported types */ 1920 case 4: /* Packetised interruptible data */ 1921 break; 1922 case 3: /* Packetised uininterruptible voice/data */ 1923 break; 1924 case 2: /* Asynchronous serial with line state in each frame */ 1925 while (gsm_read_ea(&modem, *data++) == 0) { 1926 len--; 1927 slen++; 1928 if (len == 0) 1929 return; 1930 } 1931 len--; 1932 slen++; 1933 tty = tty_port_tty_get(port); 1934 if (tty) { 1935 gsm_process_modem(tty, dlci, modem, slen); 1936 tty_wakeup(tty); 1937 tty_kref_put(tty); 1938 } 1939 fallthrough; 1940 case 1: /* Line state will go via DLCI 0 controls only */ 1941 default: 1942 tty_insert_flip_string(port, data, len); 1943 tty_flip_buffer_push(port); 1944 } 1945 } 1946 1947 /** 1948 * gsm_dlci_command - data arrived on control channel 1949 * @dlci: channel 1950 * @data: block of bytes received 1951 * @len: length of received block 1952 * 1953 * A UI or UIH frame has arrived which contains data for DLCI 0 the 1954 * control channel. This should contain a command EA followed by 1955 * control data bytes. The command EA contains a command/response bit 1956 * and we divide up the work accordingly. 1957 */ 1958 1959 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 1960 { 1961 /* See what command is involved */ 1962 unsigned int command = 0; 1963 while (len-- > 0) { 1964 if (gsm_read_ea(&command, *data++) == 1) { 1965 int clen = *data++; 1966 len--; 1967 /* FIXME: this is properly an EA */ 1968 clen >>= 1; 1969 /* Malformed command ? */ 1970 if (clen > len) 1971 return; 1972 if (command & 1) 1973 gsm_control_message(dlci->gsm, command, 1974 data, clen); 1975 else 1976 gsm_control_response(dlci->gsm, command, 1977 data, clen); 1978 return; 1979 } 1980 } 1981 } 1982 1983 /** 1984 * gsm_kick_timeout - transmit if possible 1985 * @work: work contained in our gsm object 1986 * 1987 * Transmit data from DLCIs if the queue is empty. We can't rely on 1988 * a tty wakeup except when we filled the pipe so we need to fire off 1989 * new data ourselves in other cases. 1990 */ 1991 static void gsm_kick_timeout(struct work_struct *work) 1992 { 1993 struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work); 1994 int sent = 0; 1995 1996 mutex_lock(&gsm->tx_mutex); 1997 /* If we have nothing running then we need to fire up */ 1998 if (gsm->tx_bytes < TX_THRESH_LO) 1999 sent = gsm_dlci_data_sweep(gsm); 2000 mutex_unlock(&gsm->tx_mutex); 2001 2002 if (sent && debug & 4) 2003 pr_info("%s TX queue stalled\n", __func__); 2004 } 2005 2006 /* 2007 * Allocate/Free DLCI channels 2008 */ 2009 2010 /** 2011 * gsm_dlci_alloc - allocate a DLCI 2012 * @gsm: GSM mux 2013 * @addr: address of the DLCI 2014 * 2015 * Allocate and install a new DLCI object into the GSM mux. 2016 * 2017 * FIXME: review locking races 2018 */ 2019 2020 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 2021 { 2022 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC); 2023 if (dlci == NULL) 2024 return NULL; 2025 spin_lock_init(&dlci->lock); 2026 mutex_init(&dlci->mutex); 2027 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) { 2028 kfree(dlci); 2029 return NULL; 2030 } 2031 2032 skb_queue_head_init(&dlci->skb_list); 2033 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 2034 tty_port_init(&dlci->port); 2035 dlci->port.ops = &gsm_port_ops; 2036 dlci->gsm = gsm; 2037 dlci->addr = addr; 2038 dlci->adaption = gsm->adaption; 2039 dlci->state = DLCI_CLOSED; 2040 if (addr) { 2041 dlci->data = gsm_dlci_data; 2042 /* Prevent us from sending data before the link is up */ 2043 dlci->constipated = true; 2044 } else { 2045 dlci->data = gsm_dlci_command; 2046 } 2047 gsm->dlci[addr] = dlci; 2048 return dlci; 2049 } 2050 2051 /** 2052 * gsm_dlci_free - free DLCI 2053 * @port: tty port for DLCI to free 2054 * 2055 * Free up a DLCI. 2056 * 2057 * Can sleep. 2058 */ 2059 static void gsm_dlci_free(struct tty_port *port) 2060 { 2061 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2062 2063 del_timer_sync(&dlci->t1); 2064 dlci->gsm->dlci[dlci->addr] = NULL; 2065 kfifo_free(&dlci->fifo); 2066 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 2067 dev_kfree_skb(dlci->skb); 2068 kfree(dlci); 2069 } 2070 2071 static inline void dlci_get(struct gsm_dlci *dlci) 2072 { 2073 tty_port_get(&dlci->port); 2074 } 2075 2076 static inline void dlci_put(struct gsm_dlci *dlci) 2077 { 2078 tty_port_put(&dlci->port); 2079 } 2080 2081 static void gsm_destroy_network(struct gsm_dlci *dlci); 2082 2083 /** 2084 * gsm_dlci_release - release DLCI 2085 * @dlci: DLCI to destroy 2086 * 2087 * Release a DLCI. Actual free is deferred until either 2088 * mux is closed or tty is closed - whichever is last. 2089 * 2090 * Can sleep. 2091 */ 2092 static void gsm_dlci_release(struct gsm_dlci *dlci) 2093 { 2094 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 2095 if (tty) { 2096 mutex_lock(&dlci->mutex); 2097 gsm_destroy_network(dlci); 2098 mutex_unlock(&dlci->mutex); 2099 2100 /* We cannot use tty_hangup() because in tty_kref_put() the tty 2101 * driver assumes that the hangup queue is free and reuses it to 2102 * queue release_one_tty() -> NULL pointer panic in 2103 * process_one_work(). 2104 */ 2105 tty_vhangup(tty); 2106 2107 tty_port_tty_set(&dlci->port, NULL); 2108 tty_kref_put(tty); 2109 } 2110 dlci->state = DLCI_CLOSED; 2111 dlci_put(dlci); 2112 } 2113 2114 /* 2115 * LAPBish link layer logic 2116 */ 2117 2118 /** 2119 * gsm_queue - a GSM frame is ready to process 2120 * @gsm: pointer to our gsm mux 2121 * 2122 * At this point in time a frame has arrived and been demangled from 2123 * the line encoding. All the differences between the encodings have 2124 * been handled below us and the frame is unpacked into the structures. 2125 * The fcs holds the header FCS but any data FCS must be added here. 2126 */ 2127 2128 static void gsm_queue(struct gsm_mux *gsm) 2129 { 2130 struct gsm_dlci *dlci; 2131 u8 cr; 2132 int address; 2133 2134 if (gsm->fcs != GOOD_FCS) { 2135 gsm->bad_fcs++; 2136 if (debug & 4) 2137 pr_debug("BAD FCS %02x\n", gsm->fcs); 2138 return; 2139 } 2140 address = gsm->address >> 1; 2141 if (address >= NUM_DLCI) 2142 goto invalid; 2143 2144 cr = gsm->address & 1; /* C/R bit */ 2145 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */ 2146 2147 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 2148 2149 dlci = gsm->dlci[address]; 2150 2151 switch (gsm->control) { 2152 case SABM|PF: 2153 if (cr == 1) 2154 goto invalid; 2155 if (dlci == NULL) 2156 dlci = gsm_dlci_alloc(gsm, address); 2157 if (dlci == NULL) 2158 return; 2159 if (dlci->dead) 2160 gsm_response(gsm, address, DM|PF); 2161 else { 2162 gsm_response(gsm, address, UA|PF); 2163 gsm_dlci_open(dlci); 2164 } 2165 break; 2166 case DISC|PF: 2167 if (cr == 1) 2168 goto invalid; 2169 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 2170 gsm_response(gsm, address, DM|PF); 2171 return; 2172 } 2173 /* Real close complete */ 2174 gsm_response(gsm, address, UA|PF); 2175 gsm_dlci_close(dlci); 2176 break; 2177 case UA|PF: 2178 if (cr == 0 || dlci == NULL) 2179 break; 2180 switch (dlci->state) { 2181 case DLCI_CLOSING: 2182 gsm_dlci_close(dlci); 2183 break; 2184 case DLCI_OPENING: 2185 gsm_dlci_open(dlci); 2186 break; 2187 default: 2188 pr_debug("%s: unhandled state: %d\n", __func__, 2189 dlci->state); 2190 break; 2191 } 2192 break; 2193 case DM: /* DM can be valid unsolicited */ 2194 case DM|PF: 2195 if (cr) 2196 goto invalid; 2197 if (dlci == NULL) 2198 return; 2199 gsm_dlci_close(dlci); 2200 break; 2201 case UI: 2202 case UI|PF: 2203 case UIH: 2204 case UIH|PF: 2205 if (dlci == NULL || dlci->state != DLCI_OPEN) { 2206 gsm_response(gsm, address, DM|PF); 2207 return; 2208 } 2209 dlci->data(dlci, gsm->buf, gsm->len); 2210 break; 2211 default: 2212 goto invalid; 2213 } 2214 return; 2215 invalid: 2216 gsm->malformed++; 2217 return; 2218 } 2219 2220 2221 /** 2222 * gsm0_receive - perform processing for non-transparency 2223 * @gsm: gsm data for this ldisc instance 2224 * @c: character 2225 * 2226 * Receive bytes in gsm mode 0 2227 */ 2228 2229 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c) 2230 { 2231 unsigned int len; 2232 2233 switch (gsm->state) { 2234 case GSM_SEARCH: /* SOF marker */ 2235 if (c == GSM0_SOF) { 2236 gsm->state = GSM_ADDRESS; 2237 gsm->address = 0; 2238 gsm->len = 0; 2239 gsm->fcs = INIT_FCS; 2240 } 2241 break; 2242 case GSM_ADDRESS: /* Address EA */ 2243 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2244 if (gsm_read_ea(&gsm->address, c)) 2245 gsm->state = GSM_CONTROL; 2246 break; 2247 case GSM_CONTROL: /* Control Byte */ 2248 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2249 gsm->control = c; 2250 gsm->state = GSM_LEN0; 2251 break; 2252 case GSM_LEN0: /* Length EA */ 2253 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2254 if (gsm_read_ea(&gsm->len, c)) { 2255 if (gsm->len > gsm->mru) { 2256 gsm->bad_size++; 2257 gsm->state = GSM_SEARCH; 2258 break; 2259 } 2260 gsm->count = 0; 2261 if (!gsm->len) 2262 gsm->state = GSM_FCS; 2263 else 2264 gsm->state = GSM_DATA; 2265 break; 2266 } 2267 gsm->state = GSM_LEN1; 2268 break; 2269 case GSM_LEN1: 2270 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2271 len = c; 2272 gsm->len |= len << 7; 2273 if (gsm->len > gsm->mru) { 2274 gsm->bad_size++; 2275 gsm->state = GSM_SEARCH; 2276 break; 2277 } 2278 gsm->count = 0; 2279 if (!gsm->len) 2280 gsm->state = GSM_FCS; 2281 else 2282 gsm->state = GSM_DATA; 2283 break; 2284 case GSM_DATA: /* Data */ 2285 gsm->buf[gsm->count++] = c; 2286 if (gsm->count == gsm->len) { 2287 /* Calculate final FCS for UI frames over all data */ 2288 if ((gsm->control & ~PF) != UIH) { 2289 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 2290 gsm->count); 2291 } 2292 gsm->state = GSM_FCS; 2293 } 2294 break; 2295 case GSM_FCS: /* FCS follows the packet */ 2296 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2297 gsm->state = GSM_SSOF; 2298 break; 2299 case GSM_SSOF: 2300 gsm->state = GSM_SEARCH; 2301 if (c == GSM0_SOF) 2302 gsm_queue(gsm); 2303 else 2304 gsm->bad_size++; 2305 break; 2306 default: 2307 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2308 break; 2309 } 2310 } 2311 2312 /** 2313 * gsm1_receive - perform processing for non-transparency 2314 * @gsm: gsm data for this ldisc instance 2315 * @c: character 2316 * 2317 * Receive bytes in mode 1 (Advanced option) 2318 */ 2319 2320 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c) 2321 { 2322 /* handle XON/XOFF */ 2323 if ((c & ISO_IEC_646_MASK) == XON) { 2324 gsm->constipated = true; 2325 return; 2326 } else if ((c & ISO_IEC_646_MASK) == XOFF) { 2327 gsm->constipated = false; 2328 /* Kick the link in case it is idling */ 2329 gsmld_write_trigger(gsm); 2330 return; 2331 } 2332 if (c == GSM1_SOF) { 2333 /* EOF is only valid in frame if we have got to the data state */ 2334 if (gsm->state == GSM_DATA) { 2335 if (gsm->count < 1) { 2336 /* Missing FSC */ 2337 gsm->malformed++; 2338 gsm->state = GSM_START; 2339 return; 2340 } 2341 /* Remove the FCS from data */ 2342 gsm->count--; 2343 if ((gsm->control & ~PF) != UIH) { 2344 /* Calculate final FCS for UI frames over all 2345 * data but FCS 2346 */ 2347 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 2348 gsm->count); 2349 } 2350 /* Add the FCS itself to test against GOOD_FCS */ 2351 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 2352 gsm->len = gsm->count; 2353 gsm_queue(gsm); 2354 gsm->state = GSM_START; 2355 return; 2356 } 2357 /* Any partial frame was a runt so go back to start */ 2358 if (gsm->state != GSM_START) { 2359 if (gsm->state != GSM_SEARCH) 2360 gsm->malformed++; 2361 gsm->state = GSM_START; 2362 } 2363 /* A SOF in GSM_START means we are still reading idling or 2364 framing bytes */ 2365 return; 2366 } 2367 2368 if (c == GSM1_ESCAPE) { 2369 gsm->escape = true; 2370 return; 2371 } 2372 2373 /* Only an unescaped SOF gets us out of GSM search */ 2374 if (gsm->state == GSM_SEARCH) 2375 return; 2376 2377 if (gsm->escape) { 2378 c ^= GSM1_ESCAPE_BITS; 2379 gsm->escape = false; 2380 } 2381 switch (gsm->state) { 2382 case GSM_START: /* First byte after SOF */ 2383 gsm->address = 0; 2384 gsm->state = GSM_ADDRESS; 2385 gsm->fcs = INIT_FCS; 2386 fallthrough; 2387 case GSM_ADDRESS: /* Address continuation */ 2388 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2389 if (gsm_read_ea(&gsm->address, c)) 2390 gsm->state = GSM_CONTROL; 2391 break; 2392 case GSM_CONTROL: /* Control Byte */ 2393 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2394 gsm->control = c; 2395 gsm->count = 0; 2396 gsm->state = GSM_DATA; 2397 break; 2398 case GSM_DATA: /* Data */ 2399 if (gsm->count > gsm->mru) { /* Allow one for the FCS */ 2400 gsm->state = GSM_OVERRUN; 2401 gsm->bad_size++; 2402 } else 2403 gsm->buf[gsm->count++] = c; 2404 break; 2405 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */ 2406 break; 2407 default: 2408 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2409 break; 2410 } 2411 } 2412 2413 /** 2414 * gsm_error - handle tty error 2415 * @gsm: ldisc data 2416 * 2417 * Handle an error in the receipt of data for a frame. Currently we just 2418 * go back to hunting for a SOF. 2419 * 2420 * FIXME: better diagnostics ? 2421 */ 2422 2423 static void gsm_error(struct gsm_mux *gsm) 2424 { 2425 gsm->state = GSM_SEARCH; 2426 gsm->io_error++; 2427 } 2428 2429 /** 2430 * gsm_cleanup_mux - generic GSM protocol cleanup 2431 * @gsm: our mux 2432 * @disc: disconnect link? 2433 * 2434 * Clean up the bits of the mux which are the same for all framing 2435 * protocols. Remove the mux from the mux table, stop all the timers 2436 * and then shut down each device hanging up the channels as we go. 2437 */ 2438 2439 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) 2440 { 2441 int i; 2442 struct gsm_dlci *dlci = gsm->dlci[0]; 2443 struct gsm_msg *txq, *ntxq; 2444 2445 gsm->dead = true; 2446 mutex_lock(&gsm->mutex); 2447 2448 if (dlci) { 2449 if (disc && dlci->state != DLCI_CLOSED) { 2450 gsm_dlci_begin_close(dlci); 2451 wait_event(gsm->event, dlci->state == DLCI_CLOSED); 2452 } 2453 dlci->dead = true; 2454 } 2455 2456 /* Finish outstanding timers, making sure they are done */ 2457 cancel_delayed_work_sync(&gsm->kick_timeout); 2458 del_timer_sync(&gsm->t2_timer); 2459 2460 /* Finish writing to ldisc */ 2461 flush_work(&gsm->tx_work); 2462 2463 /* Free up any link layer users and finally the control channel */ 2464 if (gsm->has_devices) { 2465 gsm_unregister_devices(gsm_tty_driver, gsm->num); 2466 gsm->has_devices = false; 2467 } 2468 for (i = NUM_DLCI - 1; i >= 0; i--) 2469 if (gsm->dlci[i]) 2470 gsm_dlci_release(gsm->dlci[i]); 2471 mutex_unlock(&gsm->mutex); 2472 /* Now wipe the queues */ 2473 tty_ldisc_flush(gsm->tty); 2474 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list) 2475 kfree(txq); 2476 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 2477 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list) 2478 kfree(txq); 2479 INIT_LIST_HEAD(&gsm->tx_data_list); 2480 } 2481 2482 /** 2483 * gsm_activate_mux - generic GSM setup 2484 * @gsm: our mux 2485 * 2486 * Set up the bits of the mux which are the same for all framing 2487 * protocols. Add the mux to the mux table so it can be opened and 2488 * finally kick off connecting to DLCI 0 on the modem. 2489 */ 2490 2491 static int gsm_activate_mux(struct gsm_mux *gsm) 2492 { 2493 struct gsm_dlci *dlci; 2494 int ret; 2495 2496 dlci = gsm_dlci_alloc(gsm, 0); 2497 if (dlci == NULL) 2498 return -ENOMEM; 2499 2500 if (gsm->encoding == 0) 2501 gsm->receive = gsm0_receive; 2502 else 2503 gsm->receive = gsm1_receive; 2504 2505 ret = gsm_register_devices(gsm_tty_driver, gsm->num); 2506 if (ret) 2507 return ret; 2508 2509 gsm->has_devices = true; 2510 gsm->dead = false; /* Tty opens are now permissible */ 2511 return 0; 2512 } 2513 2514 /** 2515 * gsm_free_mux - free up a mux 2516 * @gsm: mux to free 2517 * 2518 * Dispose of allocated resources for a dead mux 2519 */ 2520 static void gsm_free_mux(struct gsm_mux *gsm) 2521 { 2522 int i; 2523 2524 for (i = 0; i < MAX_MUX; i++) { 2525 if (gsm == gsm_mux[i]) { 2526 gsm_mux[i] = NULL; 2527 break; 2528 } 2529 } 2530 mutex_destroy(&gsm->tx_mutex); 2531 mutex_destroy(&gsm->mutex); 2532 kfree(gsm->txframe); 2533 kfree(gsm->buf); 2534 kfree(gsm); 2535 } 2536 2537 /** 2538 * gsm_free_muxr - free up a mux 2539 * @ref: kreference to the mux to free 2540 * 2541 * Dispose of allocated resources for a dead mux 2542 */ 2543 static void gsm_free_muxr(struct kref *ref) 2544 { 2545 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 2546 gsm_free_mux(gsm); 2547 } 2548 2549 static inline void mux_get(struct gsm_mux *gsm) 2550 { 2551 unsigned long flags; 2552 2553 spin_lock_irqsave(&gsm_mux_lock, flags); 2554 kref_get(&gsm->ref); 2555 spin_unlock_irqrestore(&gsm_mux_lock, flags); 2556 } 2557 2558 static inline void mux_put(struct gsm_mux *gsm) 2559 { 2560 unsigned long flags; 2561 2562 spin_lock_irqsave(&gsm_mux_lock, flags); 2563 kref_put(&gsm->ref, gsm_free_muxr); 2564 spin_unlock_irqrestore(&gsm_mux_lock, flags); 2565 } 2566 2567 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 2568 { 2569 return gsm->num * NUM_DLCI; 2570 } 2571 2572 static inline unsigned int mux_line_to_num(unsigned int line) 2573 { 2574 return line / NUM_DLCI; 2575 } 2576 2577 /** 2578 * gsm_alloc_mux - allocate a mux 2579 * 2580 * Creates a new mux ready for activation. 2581 */ 2582 2583 static struct gsm_mux *gsm_alloc_mux(void) 2584 { 2585 int i; 2586 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL); 2587 if (gsm == NULL) 2588 return NULL; 2589 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 2590 if (gsm->buf == NULL) { 2591 kfree(gsm); 2592 return NULL; 2593 } 2594 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL); 2595 if (gsm->txframe == NULL) { 2596 kfree(gsm->buf); 2597 kfree(gsm); 2598 return NULL; 2599 } 2600 spin_lock_init(&gsm->lock); 2601 mutex_init(&gsm->mutex); 2602 mutex_init(&gsm->tx_mutex); 2603 kref_init(&gsm->ref); 2604 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 2605 INIT_LIST_HEAD(&gsm->tx_data_list); 2606 INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout); 2607 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 2608 INIT_WORK(&gsm->tx_work, gsmld_write_task); 2609 init_waitqueue_head(&gsm->event); 2610 spin_lock_init(&gsm->control_lock); 2611 2612 gsm->t1 = T1; 2613 gsm->t2 = T2; 2614 gsm->n2 = N2; 2615 gsm->ftype = UIH; 2616 gsm->adaption = 1; 2617 gsm->encoding = 1; 2618 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 2619 gsm->mtu = 64; 2620 gsm->dead = true; /* Avoid early tty opens */ 2621 2622 /* Store the instance to the mux array or abort if no space is 2623 * available. 2624 */ 2625 spin_lock(&gsm_mux_lock); 2626 for (i = 0; i < MAX_MUX; i++) { 2627 if (!gsm_mux[i]) { 2628 gsm_mux[i] = gsm; 2629 gsm->num = i; 2630 break; 2631 } 2632 } 2633 spin_unlock(&gsm_mux_lock); 2634 if (i == MAX_MUX) { 2635 mutex_destroy(&gsm->tx_mutex); 2636 mutex_destroy(&gsm->mutex); 2637 kfree(gsm->txframe); 2638 kfree(gsm->buf); 2639 kfree(gsm); 2640 return NULL; 2641 } 2642 2643 return gsm; 2644 } 2645 2646 static void gsm_copy_config_values(struct gsm_mux *gsm, 2647 struct gsm_config *c) 2648 { 2649 memset(c, 0, sizeof(*c)); 2650 c->adaption = gsm->adaption; 2651 c->encapsulation = gsm->encoding; 2652 c->initiator = gsm->initiator; 2653 c->t1 = gsm->t1; 2654 c->t2 = gsm->t2; 2655 c->t3 = 0; /* Not supported */ 2656 c->n2 = gsm->n2; 2657 if (gsm->ftype == UIH) 2658 c->i = 1; 2659 else 2660 c->i = 2; 2661 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 2662 c->mru = gsm->mru; 2663 c->mtu = gsm->mtu; 2664 c->k = 0; 2665 } 2666 2667 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 2668 { 2669 int ret = 0; 2670 int need_close = 0; 2671 int need_restart = 0; 2672 2673 /* Stuff we don't support yet - UI or I frame transport, windowing */ 2674 if ((c->adaption != 1 && c->adaption != 2) || c->k) 2675 return -EOPNOTSUPP; 2676 /* Check the MRU/MTU range looks sane */ 2677 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8) 2678 return -EINVAL; 2679 if (c->n2 > 255) 2680 return -EINVAL; 2681 if (c->encapsulation > 1) /* Basic, advanced, no I */ 2682 return -EINVAL; 2683 if (c->initiator > 1) 2684 return -EINVAL; 2685 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 2686 return -EINVAL; 2687 /* 2688 * See what is needed for reconfiguration 2689 */ 2690 2691 /* Timing fields */ 2692 if (c->t1 != 0 && c->t1 != gsm->t1) 2693 need_restart = 1; 2694 if (c->t2 != 0 && c->t2 != gsm->t2) 2695 need_restart = 1; 2696 if (c->encapsulation != gsm->encoding) 2697 need_restart = 1; 2698 if (c->adaption != gsm->adaption) 2699 need_restart = 1; 2700 /* Requires care */ 2701 if (c->initiator != gsm->initiator) 2702 need_close = 1; 2703 if (c->mru != gsm->mru) 2704 need_restart = 1; 2705 if (c->mtu != gsm->mtu) 2706 need_restart = 1; 2707 2708 /* 2709 * Close down what is needed, restart and initiate the new 2710 * configuration. On the first time there is no DLCI[0] 2711 * and closing or cleaning up is not necessary. 2712 */ 2713 if (need_close || need_restart) 2714 gsm_cleanup_mux(gsm, true); 2715 2716 gsm->initiator = c->initiator; 2717 gsm->mru = c->mru; 2718 gsm->mtu = c->mtu; 2719 gsm->encoding = c->encapsulation; 2720 gsm->adaption = c->adaption; 2721 gsm->n2 = c->n2; 2722 2723 if (c->i == 1) 2724 gsm->ftype = UIH; 2725 else if (c->i == 2) 2726 gsm->ftype = UI; 2727 2728 if (c->t1) 2729 gsm->t1 = c->t1; 2730 if (c->t2) 2731 gsm->t2 = c->t2; 2732 2733 /* 2734 * FIXME: We need to separate activation/deactivation from adding 2735 * and removing from the mux array 2736 */ 2737 if (gsm->dead) { 2738 ret = gsm_activate_mux(gsm); 2739 if (ret) 2740 return ret; 2741 if (gsm->initiator) 2742 gsm_dlci_begin_open(gsm->dlci[0]); 2743 } 2744 return 0; 2745 } 2746 2747 /** 2748 * gsmld_output - write to link 2749 * @gsm: our mux 2750 * @data: bytes to output 2751 * @len: size 2752 * 2753 * Write a block of data from the GSM mux to the data channel. This 2754 * will eventually be serialized from above but at the moment isn't. 2755 */ 2756 2757 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 2758 { 2759 if (tty_write_room(gsm->tty) < len) { 2760 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 2761 return -ENOSPC; 2762 } 2763 if (debug & 4) 2764 gsm_hex_dump_bytes(__func__, data, len); 2765 return gsm->tty->ops->write(gsm->tty, data, len); 2766 } 2767 2768 2769 /** 2770 * gsmld_write_trigger - schedule ldisc write task 2771 * @gsm: our mux 2772 */ 2773 static void gsmld_write_trigger(struct gsm_mux *gsm) 2774 { 2775 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead) 2776 return; 2777 schedule_work(&gsm->tx_work); 2778 } 2779 2780 2781 /** 2782 * gsmld_write_task - ldisc write task 2783 * @work: our tx write work 2784 * 2785 * Writes out data to the ldisc if possible. We are doing this here to 2786 * avoid dead-locking. This returns if no space or data is left for output. 2787 */ 2788 static void gsmld_write_task(struct work_struct *work) 2789 { 2790 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work); 2791 int i, ret; 2792 2793 /* All outstanding control channel and control messages and one data 2794 * frame is sent. 2795 */ 2796 ret = -ENODEV; 2797 mutex_lock(&gsm->tx_mutex); 2798 if (gsm->tty) 2799 ret = gsm_data_kick(gsm); 2800 mutex_unlock(&gsm->tx_mutex); 2801 2802 if (ret >= 0) 2803 for (i = 0; i < NUM_DLCI; i++) 2804 if (gsm->dlci[i]) 2805 tty_port_tty_wakeup(&gsm->dlci[i]->port); 2806 } 2807 2808 /** 2809 * gsmld_attach_gsm - mode set up 2810 * @tty: our tty structure 2811 * @gsm: our mux 2812 * 2813 * Set up the MUX for basic mode and commence connecting to the 2814 * modem. Currently called from the line discipline set up but 2815 * will need moving to an ioctl path. 2816 */ 2817 2818 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2819 { 2820 gsm->tty = tty_kref_get(tty); 2821 /* Turn off tty XON/XOFF handling to handle it explicitly. */ 2822 gsm->old_c_iflag = tty->termios.c_iflag; 2823 tty->termios.c_iflag &= (IXON | IXOFF); 2824 } 2825 2826 /** 2827 * gsmld_detach_gsm - stop doing 0710 mux 2828 * @tty: tty attached to the mux 2829 * @gsm: mux 2830 * 2831 * Shutdown and then clean up the resources used by the line discipline 2832 */ 2833 2834 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 2835 { 2836 WARN_ON(tty != gsm->tty); 2837 /* Restore tty XON/XOFF handling. */ 2838 gsm->tty->termios.c_iflag = gsm->old_c_iflag; 2839 tty_kref_put(gsm->tty); 2840 gsm->tty = NULL; 2841 } 2842 2843 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp, 2844 const char *fp, int count) 2845 { 2846 struct gsm_mux *gsm = tty->disc_data; 2847 char flags = TTY_NORMAL; 2848 2849 if (debug & 4) 2850 gsm_hex_dump_bytes(__func__, cp, count); 2851 2852 for (; count; count--, cp++) { 2853 if (fp) 2854 flags = *fp++; 2855 switch (flags) { 2856 case TTY_NORMAL: 2857 if (gsm->receive) 2858 gsm->receive(gsm, *cp); 2859 break; 2860 case TTY_OVERRUN: 2861 case TTY_BREAK: 2862 case TTY_PARITY: 2863 case TTY_FRAME: 2864 gsm_error(gsm); 2865 break; 2866 default: 2867 WARN_ONCE(1, "%s: unknown flag %d\n", 2868 tty_name(tty), flags); 2869 break; 2870 } 2871 } 2872 /* FASYNC if needed ? */ 2873 /* If clogged call tty_throttle(tty); */ 2874 } 2875 2876 /** 2877 * gsmld_flush_buffer - clean input queue 2878 * @tty: terminal device 2879 * 2880 * Flush the input buffer. Called when the line discipline is 2881 * being closed, when the tty layer wants the buffer flushed (eg 2882 * at hangup). 2883 */ 2884 2885 static void gsmld_flush_buffer(struct tty_struct *tty) 2886 { 2887 } 2888 2889 /** 2890 * gsmld_close - close the ldisc for this tty 2891 * @tty: device 2892 * 2893 * Called from the terminal layer when this line discipline is 2894 * being shut down, either because of a close or becsuse of a 2895 * discipline change. The function will not be called while other 2896 * ldisc methods are in progress. 2897 */ 2898 2899 static void gsmld_close(struct tty_struct *tty) 2900 { 2901 struct gsm_mux *gsm = tty->disc_data; 2902 2903 /* The ldisc locks and closes the port before calling our close. This 2904 * means we have no way to do a proper disconnect. We will not bother 2905 * to do one. 2906 */ 2907 gsm_cleanup_mux(gsm, false); 2908 2909 gsmld_detach_gsm(tty, gsm); 2910 2911 gsmld_flush_buffer(tty); 2912 /* Do other clean up here */ 2913 mux_put(gsm); 2914 } 2915 2916 /** 2917 * gsmld_open - open an ldisc 2918 * @tty: terminal to open 2919 * 2920 * Called when this line discipline is being attached to the 2921 * terminal device. Can sleep. Called serialized so that no 2922 * other events will occur in parallel. No further open will occur 2923 * until a close. 2924 */ 2925 2926 static int gsmld_open(struct tty_struct *tty) 2927 { 2928 struct gsm_mux *gsm; 2929 2930 if (tty->ops->write == NULL) 2931 return -EINVAL; 2932 2933 /* Attach our ldisc data */ 2934 gsm = gsm_alloc_mux(); 2935 if (gsm == NULL) 2936 return -ENOMEM; 2937 2938 tty->disc_data = gsm; 2939 tty->receive_room = 65536; 2940 2941 /* Attach the initial passive connection */ 2942 gsm->encoding = 1; 2943 2944 gsmld_attach_gsm(tty, gsm); 2945 2946 return 0; 2947 } 2948 2949 /** 2950 * gsmld_write_wakeup - asynchronous I/O notifier 2951 * @tty: tty device 2952 * 2953 * Required for the ptys, serial driver etc. since processes 2954 * that attach themselves to the master and rely on ASYNC 2955 * IO must be woken up 2956 */ 2957 2958 static void gsmld_write_wakeup(struct tty_struct *tty) 2959 { 2960 struct gsm_mux *gsm = tty->disc_data; 2961 2962 /* Queue poll */ 2963 gsmld_write_trigger(gsm); 2964 } 2965 2966 /** 2967 * gsmld_read - read function for tty 2968 * @tty: tty device 2969 * @file: file object 2970 * @buf: userspace buffer pointer 2971 * @nr: size of I/O 2972 * @cookie: unused 2973 * @offset: unused 2974 * 2975 * Perform reads for the line discipline. We are guaranteed that the 2976 * line discipline will not be closed under us but we may get multiple 2977 * parallel readers and must handle this ourselves. We may also get 2978 * a hangup. Always called in user context, may sleep. 2979 * 2980 * This code must be sure never to sleep through a hangup. 2981 */ 2982 2983 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, 2984 unsigned char *buf, size_t nr, 2985 void **cookie, unsigned long offset) 2986 { 2987 return -EOPNOTSUPP; 2988 } 2989 2990 /** 2991 * gsmld_write - write function for tty 2992 * @tty: tty device 2993 * @file: file object 2994 * @buf: userspace buffer pointer 2995 * @nr: size of I/O 2996 * 2997 * Called when the owner of the device wants to send a frame 2998 * itself (or some other control data). The data is transferred 2999 * as-is and must be properly framed and checksummed as appropriate 3000 * by userspace. Frames are either sent whole or not at all as this 3001 * avoids pain user side. 3002 */ 3003 3004 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 3005 const unsigned char *buf, size_t nr) 3006 { 3007 struct gsm_mux *gsm = tty->disc_data; 3008 int space; 3009 int ret; 3010 3011 if (!gsm) 3012 return -ENODEV; 3013 3014 ret = -ENOBUFS; 3015 mutex_lock(&gsm->tx_mutex); 3016 space = tty_write_room(tty); 3017 if (space >= nr) 3018 ret = tty->ops->write(tty, buf, nr); 3019 else 3020 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 3021 mutex_unlock(&gsm->tx_mutex); 3022 3023 return ret; 3024 } 3025 3026 /** 3027 * gsmld_poll - poll method for N_GSM0710 3028 * @tty: terminal device 3029 * @file: file accessing it 3030 * @wait: poll table 3031 * 3032 * Called when the line discipline is asked to poll() for data or 3033 * for special events. This code is not serialized with respect to 3034 * other events save open/close. 3035 * 3036 * This code must be sure never to sleep through a hangup. 3037 * Called without the kernel lock held - fine 3038 */ 3039 3040 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 3041 poll_table *wait) 3042 { 3043 __poll_t mask = 0; 3044 struct gsm_mux *gsm = tty->disc_data; 3045 3046 poll_wait(file, &tty->read_wait, wait); 3047 poll_wait(file, &tty->write_wait, wait); 3048 3049 if (gsm->dead) 3050 mask |= EPOLLHUP; 3051 if (tty_hung_up_p(file)) 3052 mask |= EPOLLHUP; 3053 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) 3054 mask |= EPOLLHUP; 3055 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 3056 mask |= EPOLLOUT | EPOLLWRNORM; 3057 return mask; 3058 } 3059 3060 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd, 3061 unsigned long arg) 3062 { 3063 struct gsm_config c; 3064 struct gsm_mux *gsm = tty->disc_data; 3065 unsigned int base; 3066 3067 switch (cmd) { 3068 case GSMIOC_GETCONF: 3069 gsm_copy_config_values(gsm, &c); 3070 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 3071 return -EFAULT; 3072 return 0; 3073 case GSMIOC_SETCONF: 3074 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 3075 return -EFAULT; 3076 return gsm_config(gsm, &c); 3077 case GSMIOC_GETFIRST: 3078 base = mux_num_to_base(gsm); 3079 return put_user(base + 1, (__u32 __user *)arg); 3080 default: 3081 return n_tty_ioctl_helper(tty, cmd, arg); 3082 } 3083 } 3084 3085 /* 3086 * Network interface 3087 * 3088 */ 3089 3090 static int gsm_mux_net_open(struct net_device *net) 3091 { 3092 pr_debug("%s called\n", __func__); 3093 netif_start_queue(net); 3094 return 0; 3095 } 3096 3097 static int gsm_mux_net_close(struct net_device *net) 3098 { 3099 netif_stop_queue(net); 3100 return 0; 3101 } 3102 3103 static void dlci_net_free(struct gsm_dlci *dlci) 3104 { 3105 if (!dlci->net) { 3106 WARN_ON(1); 3107 return; 3108 } 3109 dlci->adaption = dlci->prev_adaption; 3110 dlci->data = dlci->prev_data; 3111 free_netdev(dlci->net); 3112 dlci->net = NULL; 3113 } 3114 static void net_free(struct kref *ref) 3115 { 3116 struct gsm_mux_net *mux_net; 3117 struct gsm_dlci *dlci; 3118 3119 mux_net = container_of(ref, struct gsm_mux_net, ref); 3120 dlci = mux_net->dlci; 3121 3122 if (dlci->net) { 3123 unregister_netdev(dlci->net); 3124 dlci_net_free(dlci); 3125 } 3126 } 3127 3128 static inline void muxnet_get(struct gsm_mux_net *mux_net) 3129 { 3130 kref_get(&mux_net->ref); 3131 } 3132 3133 static inline void muxnet_put(struct gsm_mux_net *mux_net) 3134 { 3135 kref_put(&mux_net->ref, net_free); 3136 } 3137 3138 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 3139 struct net_device *net) 3140 { 3141 struct gsm_mux_net *mux_net = netdev_priv(net); 3142 struct gsm_dlci *dlci = mux_net->dlci; 3143 muxnet_get(mux_net); 3144 3145 skb_queue_head(&dlci->skb_list, skb); 3146 net->stats.tx_packets++; 3147 net->stats.tx_bytes += skb->len; 3148 gsm_dlci_data_kick(dlci); 3149 /* And tell the kernel when the last transmit started. */ 3150 netif_trans_update(net); 3151 muxnet_put(mux_net); 3152 return NETDEV_TX_OK; 3153 } 3154 3155 /* called when a packet did not ack after watchdogtimeout */ 3156 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 3157 { 3158 /* Tell syslog we are hosed. */ 3159 dev_dbg(&net->dev, "Tx timed out.\n"); 3160 3161 /* Update statistics */ 3162 net->stats.tx_errors++; 3163 } 3164 3165 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, 3166 const unsigned char *in_buf, int size) 3167 { 3168 struct net_device *net = dlci->net; 3169 struct sk_buff *skb; 3170 struct gsm_mux_net *mux_net = netdev_priv(net); 3171 muxnet_get(mux_net); 3172 3173 /* Allocate an sk_buff */ 3174 skb = dev_alloc_skb(size + NET_IP_ALIGN); 3175 if (!skb) { 3176 /* We got no receive buffer. */ 3177 net->stats.rx_dropped++; 3178 muxnet_put(mux_net); 3179 return; 3180 } 3181 skb_reserve(skb, NET_IP_ALIGN); 3182 skb_put_data(skb, in_buf, size); 3183 3184 skb->dev = net; 3185 skb->protocol = htons(ETH_P_IP); 3186 3187 /* Ship it off to the kernel */ 3188 netif_rx(skb); 3189 3190 /* update out statistics */ 3191 net->stats.rx_packets++; 3192 net->stats.rx_bytes += size; 3193 muxnet_put(mux_net); 3194 return; 3195 } 3196 3197 static void gsm_mux_net_init(struct net_device *net) 3198 { 3199 static const struct net_device_ops gsm_netdev_ops = { 3200 .ndo_open = gsm_mux_net_open, 3201 .ndo_stop = gsm_mux_net_close, 3202 .ndo_start_xmit = gsm_mux_net_start_xmit, 3203 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 3204 }; 3205 3206 net->netdev_ops = &gsm_netdev_ops; 3207 3208 /* fill in the other fields */ 3209 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 3210 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 3211 net->type = ARPHRD_NONE; 3212 net->tx_queue_len = 10; 3213 } 3214 3215 3216 /* caller holds the dlci mutex */ 3217 static void gsm_destroy_network(struct gsm_dlci *dlci) 3218 { 3219 struct gsm_mux_net *mux_net; 3220 3221 pr_debug("destroy network interface\n"); 3222 if (!dlci->net) 3223 return; 3224 mux_net = netdev_priv(dlci->net); 3225 muxnet_put(mux_net); 3226 } 3227 3228 3229 /* caller holds the dlci mutex */ 3230 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 3231 { 3232 char *netname; 3233 int retval = 0; 3234 struct net_device *net; 3235 struct gsm_mux_net *mux_net; 3236 3237 if (!capable(CAP_NET_ADMIN)) 3238 return -EPERM; 3239 3240 /* Already in a non tty mode */ 3241 if (dlci->adaption > 2) 3242 return -EBUSY; 3243 3244 if (nc->protocol != htons(ETH_P_IP)) 3245 return -EPROTONOSUPPORT; 3246 3247 if (nc->adaption != 3 && nc->adaption != 4) 3248 return -EPROTONOSUPPORT; 3249 3250 pr_debug("create network interface\n"); 3251 3252 netname = "gsm%d"; 3253 if (nc->if_name[0] != '\0') 3254 netname = nc->if_name; 3255 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 3256 NET_NAME_UNKNOWN, gsm_mux_net_init); 3257 if (!net) { 3258 pr_err("alloc_netdev failed\n"); 3259 return -ENOMEM; 3260 } 3261 net->mtu = dlci->gsm->mtu; 3262 net->min_mtu = 8; 3263 net->max_mtu = dlci->gsm->mtu; 3264 mux_net = netdev_priv(net); 3265 mux_net->dlci = dlci; 3266 kref_init(&mux_net->ref); 3267 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */ 3268 3269 /* reconfigure dlci for network */ 3270 dlci->prev_adaption = dlci->adaption; 3271 dlci->prev_data = dlci->data; 3272 dlci->adaption = nc->adaption; 3273 dlci->data = gsm_mux_rx_netchar; 3274 dlci->net = net; 3275 3276 pr_debug("register netdev\n"); 3277 retval = register_netdev(net); 3278 if (retval) { 3279 pr_err("network register fail %d\n", retval); 3280 dlci_net_free(dlci); 3281 return retval; 3282 } 3283 return net->ifindex; /* return network index */ 3284 } 3285 3286 /* Line discipline for real tty */ 3287 static struct tty_ldisc_ops tty_ldisc_packet = { 3288 .owner = THIS_MODULE, 3289 .num = N_GSM0710, 3290 .name = "n_gsm", 3291 .open = gsmld_open, 3292 .close = gsmld_close, 3293 .flush_buffer = gsmld_flush_buffer, 3294 .read = gsmld_read, 3295 .write = gsmld_write, 3296 .ioctl = gsmld_ioctl, 3297 .poll = gsmld_poll, 3298 .receive_buf = gsmld_receive_buf, 3299 .write_wakeup = gsmld_write_wakeup 3300 }; 3301 3302 /* 3303 * Virtual tty side 3304 */ 3305 3306 /** 3307 * gsm_modem_upd_via_data - send modem bits via convergence layer 3308 * @dlci: channel 3309 * @brk: break signal 3310 * 3311 * Send an empty frame to signal mobile state changes and to transmit the 3312 * break signal for adaption 2. 3313 */ 3314 3315 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk) 3316 { 3317 struct gsm_mux *gsm = dlci->gsm; 3318 3319 if (dlci->state != DLCI_OPEN || dlci->adaption != 2) 3320 return; 3321 3322 mutex_lock(&gsm->tx_mutex); 3323 gsm_dlci_modem_output(gsm, dlci, brk); 3324 mutex_unlock(&gsm->tx_mutex); 3325 } 3326 3327 /** 3328 * gsm_modem_upd_via_msc - send modem bits via control frame 3329 * @dlci: channel 3330 * @brk: break signal 3331 */ 3332 3333 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk) 3334 { 3335 u8 modembits[3]; 3336 struct gsm_control *ctrl; 3337 int len = 2; 3338 3339 if (dlci->gsm->encoding != 0) 3340 return 0; 3341 3342 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ 3343 if (!brk) { 3344 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; 3345 } else { 3346 modembits[1] = gsm_encode_modem(dlci) << 1; 3347 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */ 3348 len++; 3349 } 3350 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len); 3351 if (ctrl == NULL) 3352 return -ENOMEM; 3353 return gsm_control_wait(dlci->gsm, ctrl); 3354 } 3355 3356 /** 3357 * gsm_modem_update - send modem status line state 3358 * @dlci: channel 3359 * @brk: break signal 3360 */ 3361 3362 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk) 3363 { 3364 if (dlci->adaption == 2) { 3365 /* Send convergence layer type 2 empty data frame. */ 3366 gsm_modem_upd_via_data(dlci, brk); 3367 return 0; 3368 } else if (dlci->gsm->encoding == 0) { 3369 /* Send as MSC control message. */ 3370 return gsm_modem_upd_via_msc(dlci, brk); 3371 } 3372 3373 /* Modem status lines are not supported. */ 3374 return -EPROTONOSUPPORT; 3375 } 3376 3377 static int gsm_carrier_raised(struct tty_port *port) 3378 { 3379 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 3380 struct gsm_mux *gsm = dlci->gsm; 3381 3382 /* Not yet open so no carrier info */ 3383 if (dlci->state != DLCI_OPEN) 3384 return 0; 3385 if (debug & 2) 3386 return 1; 3387 3388 /* 3389 * Basic mode with control channel in ADM mode may not respond 3390 * to CMD_MSC at all and modem_rx is empty. 3391 */ 3392 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM && 3393 !dlci->modem_rx) 3394 return 1; 3395 3396 return dlci->modem_rx & TIOCM_CD; 3397 } 3398 3399 static void gsm_dtr_rts(struct tty_port *port, int onoff) 3400 { 3401 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 3402 unsigned int modem_tx = dlci->modem_tx; 3403 if (onoff) 3404 modem_tx |= TIOCM_DTR | TIOCM_RTS; 3405 else 3406 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 3407 if (modem_tx != dlci->modem_tx) { 3408 dlci->modem_tx = modem_tx; 3409 gsm_modem_update(dlci, 0); 3410 } 3411 } 3412 3413 static const struct tty_port_operations gsm_port_ops = { 3414 .carrier_raised = gsm_carrier_raised, 3415 .dtr_rts = gsm_dtr_rts, 3416 .destruct = gsm_dlci_free, 3417 }; 3418 3419 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 3420 { 3421 struct gsm_mux *gsm; 3422 struct gsm_dlci *dlci; 3423 unsigned int line = tty->index; 3424 unsigned int mux = mux_line_to_num(line); 3425 bool alloc = false; 3426 int ret; 3427 3428 line = line & 0x3F; 3429 3430 if (mux >= MAX_MUX) 3431 return -ENXIO; 3432 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 3433 if (gsm_mux[mux] == NULL) 3434 return -EUNATCH; 3435 if (line == 0 || line > 61) /* 62/63 reserved */ 3436 return -ECHRNG; 3437 gsm = gsm_mux[mux]; 3438 if (gsm->dead) 3439 return -EL2HLT; 3440 /* If DLCI 0 is not yet fully open return an error. 3441 This is ok from a locking 3442 perspective as we don't have to worry about this 3443 if DLCI0 is lost */ 3444 mutex_lock(&gsm->mutex); 3445 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) { 3446 mutex_unlock(&gsm->mutex); 3447 return -EL2NSYNC; 3448 } 3449 dlci = gsm->dlci[line]; 3450 if (dlci == NULL) { 3451 alloc = true; 3452 dlci = gsm_dlci_alloc(gsm, line); 3453 } 3454 if (dlci == NULL) { 3455 mutex_unlock(&gsm->mutex); 3456 return -ENOMEM; 3457 } 3458 ret = tty_port_install(&dlci->port, driver, tty); 3459 if (ret) { 3460 if (alloc) 3461 dlci_put(dlci); 3462 mutex_unlock(&gsm->mutex); 3463 return ret; 3464 } 3465 3466 dlci_get(dlci); 3467 dlci_get(gsm->dlci[0]); 3468 mux_get(gsm); 3469 tty->driver_data = dlci; 3470 mutex_unlock(&gsm->mutex); 3471 3472 return 0; 3473 } 3474 3475 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 3476 { 3477 struct gsm_dlci *dlci = tty->driver_data; 3478 struct tty_port *port = &dlci->port; 3479 struct gsm_mux *gsm = dlci->gsm; 3480 3481 port->count++; 3482 tty_port_tty_set(port, tty); 3483 3484 dlci->modem_rx = 0; 3485 /* We could in theory open and close before we wait - eg if we get 3486 a DM straight back. This is ok as that will have caused a hangup */ 3487 tty_port_set_initialized(port, 1); 3488 /* Start sending off SABM messages */ 3489 if (gsm->initiator) 3490 gsm_dlci_begin_open(dlci); 3491 else 3492 gsm_dlci_set_opening(dlci); 3493 /* And wait for virtual carrier */ 3494 return tty_port_block_til_ready(port, tty, filp); 3495 } 3496 3497 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 3498 { 3499 struct gsm_dlci *dlci = tty->driver_data; 3500 3501 if (dlci == NULL) 3502 return; 3503 if (dlci->state == DLCI_CLOSED) 3504 return; 3505 mutex_lock(&dlci->mutex); 3506 gsm_destroy_network(dlci); 3507 mutex_unlock(&dlci->mutex); 3508 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 3509 return; 3510 gsm_dlci_begin_close(dlci); 3511 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 3512 tty_port_lower_dtr_rts(&dlci->port); 3513 tty_port_close_end(&dlci->port, tty); 3514 tty_port_tty_set(&dlci->port, NULL); 3515 return; 3516 } 3517 3518 static void gsmtty_hangup(struct tty_struct *tty) 3519 { 3520 struct gsm_dlci *dlci = tty->driver_data; 3521 if (dlci->state == DLCI_CLOSED) 3522 return; 3523 tty_port_hangup(&dlci->port); 3524 gsm_dlci_begin_close(dlci); 3525 } 3526 3527 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, 3528 int len) 3529 { 3530 int sent; 3531 struct gsm_dlci *dlci = tty->driver_data; 3532 if (dlci->state == DLCI_CLOSED) 3533 return -EINVAL; 3534 /* Stuff the bytes into the fifo queue */ 3535 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 3536 /* Need to kick the channel */ 3537 gsm_dlci_data_kick(dlci); 3538 return sent; 3539 } 3540 3541 static unsigned int gsmtty_write_room(struct tty_struct *tty) 3542 { 3543 struct gsm_dlci *dlci = tty->driver_data; 3544 if (dlci->state == DLCI_CLOSED) 3545 return 0; 3546 return kfifo_avail(&dlci->fifo); 3547 } 3548 3549 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty) 3550 { 3551 struct gsm_dlci *dlci = tty->driver_data; 3552 if (dlci->state == DLCI_CLOSED) 3553 return 0; 3554 return kfifo_len(&dlci->fifo); 3555 } 3556 3557 static void gsmtty_flush_buffer(struct tty_struct *tty) 3558 { 3559 struct gsm_dlci *dlci = tty->driver_data; 3560 unsigned long flags; 3561 3562 if (dlci->state == DLCI_CLOSED) 3563 return; 3564 /* Caution needed: If we implement reliable transport classes 3565 then the data being transmitted can't simply be junked once 3566 it has first hit the stack. Until then we can just blow it 3567 away */ 3568 spin_lock_irqsave(&dlci->lock, flags); 3569 kfifo_reset(&dlci->fifo); 3570 spin_unlock_irqrestore(&dlci->lock, flags); 3571 /* Need to unhook this DLCI from the transmit queue logic */ 3572 } 3573 3574 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 3575 { 3576 /* The FIFO handles the queue so the kernel will do the right 3577 thing waiting on chars_in_buffer before calling us. No work 3578 to do here */ 3579 } 3580 3581 static int gsmtty_tiocmget(struct tty_struct *tty) 3582 { 3583 struct gsm_dlci *dlci = tty->driver_data; 3584 if (dlci->state == DLCI_CLOSED) 3585 return -EINVAL; 3586 return dlci->modem_rx; 3587 } 3588 3589 static int gsmtty_tiocmset(struct tty_struct *tty, 3590 unsigned int set, unsigned int clear) 3591 { 3592 struct gsm_dlci *dlci = tty->driver_data; 3593 unsigned int modem_tx = dlci->modem_tx; 3594 3595 if (dlci->state == DLCI_CLOSED) 3596 return -EINVAL; 3597 modem_tx &= ~clear; 3598 modem_tx |= set; 3599 3600 if (modem_tx != dlci->modem_tx) { 3601 dlci->modem_tx = modem_tx; 3602 return gsm_modem_update(dlci, 0); 3603 } 3604 return 0; 3605 } 3606 3607 3608 static int gsmtty_ioctl(struct tty_struct *tty, 3609 unsigned int cmd, unsigned long arg) 3610 { 3611 struct gsm_dlci *dlci = tty->driver_data; 3612 struct gsm_netconfig nc; 3613 int index; 3614 3615 if (dlci->state == DLCI_CLOSED) 3616 return -EINVAL; 3617 switch (cmd) { 3618 case GSMIOC_ENABLE_NET: 3619 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 3620 return -EFAULT; 3621 nc.if_name[IFNAMSIZ-1] = '\0'; 3622 /* return net interface index or error code */ 3623 mutex_lock(&dlci->mutex); 3624 index = gsm_create_network(dlci, &nc); 3625 mutex_unlock(&dlci->mutex); 3626 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 3627 return -EFAULT; 3628 return index; 3629 case GSMIOC_DISABLE_NET: 3630 if (!capable(CAP_NET_ADMIN)) 3631 return -EPERM; 3632 mutex_lock(&dlci->mutex); 3633 gsm_destroy_network(dlci); 3634 mutex_unlock(&dlci->mutex); 3635 return 0; 3636 default: 3637 return -ENOIOCTLCMD; 3638 } 3639 } 3640 3641 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) 3642 { 3643 struct gsm_dlci *dlci = tty->driver_data; 3644 if (dlci->state == DLCI_CLOSED) 3645 return; 3646 /* For the moment its fixed. In actual fact the speed information 3647 for the virtual channel can be propogated in both directions by 3648 the RPN control message. This however rapidly gets nasty as we 3649 then have to remap modem signals each way according to whether 3650 our virtual cable is null modem etc .. */ 3651 tty_termios_copy_hw(&tty->termios, old); 3652 } 3653 3654 static void gsmtty_throttle(struct tty_struct *tty) 3655 { 3656 struct gsm_dlci *dlci = tty->driver_data; 3657 if (dlci->state == DLCI_CLOSED) 3658 return; 3659 if (C_CRTSCTS(tty)) 3660 dlci->modem_tx &= ~TIOCM_RTS; 3661 dlci->throttled = true; 3662 /* Send an MSC with RTS cleared */ 3663 gsm_modem_update(dlci, 0); 3664 } 3665 3666 static void gsmtty_unthrottle(struct tty_struct *tty) 3667 { 3668 struct gsm_dlci *dlci = tty->driver_data; 3669 if (dlci->state == DLCI_CLOSED) 3670 return; 3671 if (C_CRTSCTS(tty)) 3672 dlci->modem_tx |= TIOCM_RTS; 3673 dlci->throttled = false; 3674 /* Send an MSC with RTS set */ 3675 gsm_modem_update(dlci, 0); 3676 } 3677 3678 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 3679 { 3680 struct gsm_dlci *dlci = tty->driver_data; 3681 int encode = 0; /* Off */ 3682 if (dlci->state == DLCI_CLOSED) 3683 return -EINVAL; 3684 3685 if (state == -1) /* "On indefinitely" - we can't encode this 3686 properly */ 3687 encode = 0x0F; 3688 else if (state > 0) { 3689 encode = state / 200; /* mS to encoding */ 3690 if (encode > 0x0F) 3691 encode = 0x0F; /* Best effort */ 3692 } 3693 return gsm_modem_update(dlci, encode); 3694 } 3695 3696 static void gsmtty_cleanup(struct tty_struct *tty) 3697 { 3698 struct gsm_dlci *dlci = tty->driver_data; 3699 struct gsm_mux *gsm = dlci->gsm; 3700 3701 dlci_put(dlci); 3702 dlci_put(gsm->dlci[0]); 3703 mux_put(gsm); 3704 } 3705 3706 /* Virtual ttys for the demux */ 3707 static const struct tty_operations gsmtty_ops = { 3708 .install = gsmtty_install, 3709 .open = gsmtty_open, 3710 .close = gsmtty_close, 3711 .write = gsmtty_write, 3712 .write_room = gsmtty_write_room, 3713 .chars_in_buffer = gsmtty_chars_in_buffer, 3714 .flush_buffer = gsmtty_flush_buffer, 3715 .ioctl = gsmtty_ioctl, 3716 .throttle = gsmtty_throttle, 3717 .unthrottle = gsmtty_unthrottle, 3718 .set_termios = gsmtty_set_termios, 3719 .hangup = gsmtty_hangup, 3720 .wait_until_sent = gsmtty_wait_until_sent, 3721 .tiocmget = gsmtty_tiocmget, 3722 .tiocmset = gsmtty_tiocmset, 3723 .break_ctl = gsmtty_break_ctl, 3724 .cleanup = gsmtty_cleanup, 3725 }; 3726 3727 3728 3729 static int __init gsm_init(void) 3730 { 3731 /* Fill in our line protocol discipline, and register it */ 3732 int status = tty_register_ldisc(&tty_ldisc_packet); 3733 if (status != 0) { 3734 pr_err("n_gsm: can't register line discipline (err = %d)\n", 3735 status); 3736 return status; 3737 } 3738 3739 gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW | 3740 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK); 3741 if (IS_ERR(gsm_tty_driver)) { 3742 pr_err("gsm_init: tty allocation failed.\n"); 3743 status = PTR_ERR(gsm_tty_driver); 3744 goto err_unreg_ldisc; 3745 } 3746 gsm_tty_driver->driver_name = "gsmtty"; 3747 gsm_tty_driver->name = "gsmtty"; 3748 gsm_tty_driver->major = 0; /* Dynamic */ 3749 gsm_tty_driver->minor_start = 0; 3750 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 3751 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 3752 gsm_tty_driver->init_termios = tty_std_termios; 3753 /* Fixme */ 3754 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 3755 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 3756 3757 if (tty_register_driver(gsm_tty_driver)) { 3758 pr_err("gsm_init: tty registration failed.\n"); 3759 status = -EBUSY; 3760 goto err_put_driver; 3761 } 3762 pr_debug("gsm_init: loaded as %d,%d.\n", 3763 gsm_tty_driver->major, gsm_tty_driver->minor_start); 3764 return 0; 3765 err_put_driver: 3766 tty_driver_kref_put(gsm_tty_driver); 3767 err_unreg_ldisc: 3768 tty_unregister_ldisc(&tty_ldisc_packet); 3769 return status; 3770 } 3771 3772 static void __exit gsm_exit(void) 3773 { 3774 tty_unregister_ldisc(&tty_ldisc_packet); 3775 tty_unregister_driver(gsm_tty_driver); 3776 tty_driver_kref_put(gsm_tty_driver); 3777 } 3778 3779 module_init(gsm_init); 3780 module_exit(gsm_exit); 3781 3782 3783 MODULE_LICENSE("GPL"); 3784 MODULE_ALIAS_LDISC(N_GSM0710); 3785