1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * n_gsm.c GSM 0710 tty multiplexor 4 * Copyright (c) 2009/10 Intel Corporation 5 * Copyright (c) 2022/23 Siemens Mobility GmbH 6 * 7 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE * 8 * 9 * Outgoing path: 10 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc 11 * control message -> GSM MUX control queue --´ 12 * 13 * Incoming path: 14 * ldisc -> gsm_queue() -o--> tty 15 * `-> gsm_control_response() 16 * 17 * TO DO: 18 * Mostly done: ioctls for setting modes/timing 19 * Partly done: hooks so you can pull off frames to non tty devs 20 * Restart DLCI 0 when it closes ? 21 * Improve the tx engine 22 * Resolve tx side locking by adding a queue_head and routing 23 * all control traffic via it 24 * General tidy/document 25 * Review the locking/move to refcounts more (mux now moved to an 26 * alloc/free model ready) 27 * Use newest tty open/close port helpers and install hooks 28 * What to do about power functions ? 29 * Termios setting and negotiation 30 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets 31 * 32 */ 33 34 #include <linux/types.h> 35 #include <linux/major.h> 36 #include <linux/errno.h> 37 #include <linux/signal.h> 38 #include <linux/fcntl.h> 39 #include <linux/sched/signal.h> 40 #include <linux/interrupt.h> 41 #include <linux/tty.h> 42 #include <linux/bitfield.h> 43 #include <linux/ctype.h> 44 #include <linux/mm.h> 45 #include <linux/math.h> 46 #include <linux/nospec.h> 47 #include <linux/string.h> 48 #include <linux/slab.h> 49 #include <linux/poll.h> 50 #include <linux/bitops.h> 51 #include <linux/file.h> 52 #include <linux/uaccess.h> 53 #include <linux/module.h> 54 #include <linux/timer.h> 55 #include <linux/tty_flip.h> 56 #include <linux/tty_driver.h> 57 #include <linux/serial.h> 58 #include <linux/kfifo.h> 59 #include <linux/skbuff.h> 60 #include <net/arp.h> 61 #include <linux/ip.h> 62 #include <linux/netdevice.h> 63 #include <linux/etherdevice.h> 64 #include <linux/gsmmux.h> 65 #include "tty.h" 66 67 static int debug; 68 module_param(debug, int, 0600); 69 70 /* Module debug bits */ 71 #define DBG_DUMP BIT(0) /* Data transmission dump. */ 72 #define DBG_CD_ON BIT(1) /* Always assume CD line on. */ 73 #define DBG_DATA BIT(2) /* Data transmission details. */ 74 #define DBG_ERRORS BIT(3) /* Details for fail conditions. */ 75 #define DBG_TTY BIT(4) /* Transmission statistics for DLCI TTYs. */ 76 #define DBG_PAYLOAD BIT(5) /* Limits DBG_DUMP to payload frames. */ 77 78 /* Defaults: these are from the specification */ 79 80 #define T1 10 /* 100mS */ 81 #define T2 34 /* 333mS */ 82 #define T3 10 /* 10s */ 83 #define N2 3 /* Retry 3 times */ 84 #define K 2 /* outstanding I frames */ 85 86 #define MAX_T3 255 /* In seconds. */ 87 #define MAX_WINDOW_SIZE 7 /* Limit of K in error recovery mode. */ 88 89 /* Use long timers for testing at low speed with debug on */ 90 #ifdef DEBUG_TIMING 91 #define T1 100 92 #define T2 200 93 #endif 94 95 /* 96 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte 97 * limits so this is plenty 98 */ 99 #define MAX_MRU 1500 100 #define MAX_MTU 1500 101 #define MIN_MTU (PROT_OVERHEAD + 1) 102 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */ 103 #define PROT_OVERHEAD 7 104 #define GSM_NET_TX_TIMEOUT (HZ*10) 105 106 /* 107 * struct gsm_mux_net - network interface 108 * 109 * Created when net interface is initialized. 110 */ 111 struct gsm_mux_net { 112 struct kref ref; 113 struct gsm_dlci *dlci; 114 }; 115 116 /* 117 * Each block of data we have queued to go out is in the form of 118 * a gsm_msg which holds everything we need in a link layer independent 119 * format 120 */ 121 122 struct gsm_msg { 123 struct list_head list; 124 u8 addr; /* DLCI address + flags */ 125 u8 ctrl; /* Control byte + flags */ 126 unsigned int len; /* Length of data block (can be zero) */ 127 u8 *data; /* Points into buffer but not at the start */ 128 u8 buffer[]; 129 }; 130 131 enum gsm_dlci_state { 132 DLCI_CLOSED, 133 DLCI_WAITING_CONFIG, /* Waiting for DLCI configuration from user */ 134 DLCI_CONFIGURE, /* Sending PN (for adaption > 1) */ 135 DLCI_OPENING, /* Sending SABM not seen UA */ 136 DLCI_OPEN, /* SABM/UA complete */ 137 DLCI_CLOSING, /* Sending DISC not seen UA/DM */ 138 }; 139 140 enum gsm_dlci_mode { 141 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */ 142 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */ 143 }; 144 145 /* 146 * Each active data link has a gsm_dlci structure associated which ties 147 * the link layer to an optional tty (if the tty side is open). To avoid 148 * complexity right now these are only ever freed up when the mux is 149 * shut down. 150 * 151 * At the moment we don't free DLCI objects until the mux is torn down 152 * this avoid object life time issues but might be worth review later. 153 */ 154 155 struct gsm_dlci { 156 struct gsm_mux *gsm; 157 int addr; 158 enum gsm_dlci_state state; 159 struct mutex mutex; 160 161 /* Link layer */ 162 enum gsm_dlci_mode mode; 163 spinlock_t lock; /* Protects the internal state */ 164 struct timer_list t1; /* Retransmit timer for SABM and UA */ 165 int retries; 166 /* Uplink tty if active */ 167 struct tty_port port; /* The tty bound to this DLCI if there is one */ 168 #define TX_SIZE 4096 /* Must be power of 2. */ 169 struct kfifo fifo; /* Queue fifo for the DLCI */ 170 int adaption; /* Adaption layer in use */ 171 int prev_adaption; 172 u32 modem_rx; /* Our incoming virtual modem lines */ 173 u32 modem_tx; /* Our outgoing modem lines */ 174 unsigned int mtu; 175 bool dead; /* Refuse re-open */ 176 /* Configuration */ 177 u8 prio; /* Priority */ 178 u8 ftype; /* Frame type */ 179 u8 k; /* Window size */ 180 /* Flow control */ 181 bool throttled; /* Private copy of throttle state */ 182 bool constipated; /* Throttle status for outgoing */ 183 /* Packetised I/O */ 184 struct sk_buff *skb; /* Frame being sent */ 185 struct sk_buff_head skb_list; /* Queued frames */ 186 /* Data handling callback */ 187 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len); 188 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len); 189 struct net_device *net; /* network interface, if created */ 190 }; 191 192 /* 193 * Parameter bits used for parameter negotiation according to 3GPP 27.010 194 * chapter 5.4.6.3.1. 195 */ 196 197 struct gsm_dlci_param_bits { 198 u8 d_bits; 199 u8 i_cl_bits; 200 u8 p_bits; 201 u8 t_bits; 202 __le16 n_bits; 203 u8 na_bits; 204 u8 k_bits; 205 }; 206 207 static_assert(sizeof(struct gsm_dlci_param_bits) == 8); 208 209 #define PN_D_FIELD_DLCI GENMASK(5, 0) 210 #define PN_I_CL_FIELD_FTYPE GENMASK(3, 0) 211 #define PN_I_CL_FIELD_ADAPTION GENMASK(7, 4) 212 #define PN_P_FIELD_PRIO GENMASK(5, 0) 213 #define PN_T_FIELD_T1 GENMASK(7, 0) 214 #define PN_N_FIELD_N1 GENMASK(15, 0) 215 #define PN_NA_FIELD_N2 GENMASK(7, 0) 216 #define PN_K_FIELD_K GENMASK(2, 0) 217 218 /* Total number of supported devices */ 219 #define GSM_TTY_MINORS 256 220 221 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */ 222 223 #define NUM_DLCI 64 224 225 /* 226 * DLCI 0 is used to pass control blocks out of band of the data 227 * flow (and with a higher link priority). One command can be outstanding 228 * at a time and we use this structure to manage them. They are created 229 * and destroyed by the user context, and updated by the receive paths 230 * and timers 231 */ 232 233 struct gsm_control { 234 u8 cmd; /* Command we are issuing */ 235 u8 *data; /* Data for the command in case we retransmit */ 236 int len; /* Length of block for retransmission */ 237 int done; /* Done flag */ 238 int error; /* Error if any */ 239 }; 240 241 enum gsm_encoding { 242 GSM_BASIC_OPT, 243 GSM_ADV_OPT, 244 }; 245 246 enum gsm_mux_state { 247 GSM_SEARCH, 248 GSM0_ADDRESS, 249 GSM0_CONTROL, 250 GSM0_LEN0, 251 GSM0_LEN1, 252 GSM0_DATA, 253 GSM0_FCS, 254 GSM0_SSOF, 255 GSM1_START, 256 GSM1_ADDRESS, 257 GSM1_CONTROL, 258 GSM1_DATA, 259 GSM1_OVERRUN, 260 }; 261 262 /* 263 * Each GSM mux we have is represented by this structure. If we are 264 * operating as an ldisc then we use this structure as our ldisc 265 * state. We need to sort out lifetimes and locking with respect 266 * to the gsm mux array. For now we don't free DLCI objects that 267 * have been instantiated until the mux itself is terminated. 268 * 269 * To consider further: tty open versus mux shutdown. 270 */ 271 272 struct gsm_mux { 273 struct tty_struct *tty; /* The tty our ldisc is bound to */ 274 spinlock_t lock; 275 struct mutex mutex; 276 unsigned int num; 277 struct kref ref; 278 279 /* Events on the GSM channel */ 280 wait_queue_head_t event; 281 282 /* ldisc send work */ 283 struct work_struct tx_work; 284 285 /* Bits for GSM mode decoding */ 286 287 /* Framing Layer */ 288 u8 *buf; 289 enum gsm_mux_state state; 290 unsigned int len; 291 unsigned int address; 292 unsigned int count; 293 bool escape; 294 enum gsm_encoding encoding; 295 u8 control; 296 u8 fcs; 297 u8 *txframe; /* TX framing buffer */ 298 299 /* Method for the receiver side */ 300 void (*receive)(struct gsm_mux *gsm, u8 ch); 301 302 /* Link Layer */ 303 unsigned int mru; 304 unsigned int mtu; 305 int initiator; /* Did we initiate connection */ 306 bool dead; /* Has the mux been shut down */ 307 struct gsm_dlci *dlci[NUM_DLCI]; 308 int old_c_iflag; /* termios c_iflag value before attach */ 309 bool constipated; /* Asked by remote to shut up */ 310 bool has_devices; /* Devices were registered */ 311 312 spinlock_t tx_lock; 313 unsigned int tx_bytes; /* TX data outstanding */ 314 #define TX_THRESH_HI 8192 315 #define TX_THRESH_LO 2048 316 struct list_head tx_ctrl_list; /* Pending control packets */ 317 struct list_head tx_data_list; /* Pending data packets */ 318 319 /* Control messages */ 320 struct timer_list kick_timer; /* Kick TX queuing on timeout */ 321 struct timer_list t2_timer; /* Retransmit timer for commands */ 322 int cretries; /* Command retry counter */ 323 struct gsm_control *pending_cmd;/* Our current pending command */ 324 spinlock_t control_lock; /* Protects the pending command */ 325 326 /* Keep-alive */ 327 struct timer_list ka_timer; /* Keep-alive response timer */ 328 u8 ka_num; /* Keep-alive match pattern */ 329 signed int ka_retries; /* Keep-alive retry counter, -1 if not yet initialized */ 330 331 /* Configuration */ 332 int adaption; /* 1 or 2 supported */ 333 u8 ftype; /* UI or UIH */ 334 int t1, t2; /* Timers in 1/100th of a sec */ 335 unsigned int t3; /* Power wake-up timer in seconds. */ 336 int n2; /* Retry count */ 337 u8 k; /* Window size */ 338 bool wait_config; /* Wait for configuration by ioctl before DLCI open */ 339 u32 keep_alive; /* Control channel keep-alive in 10ms */ 340 341 /* Statistics (not currently exposed) */ 342 unsigned long bad_fcs; 343 unsigned long malformed; 344 unsigned long io_error; 345 unsigned long open_error; 346 unsigned long bad_size; 347 unsigned long unsupported; 348 }; 349 350 351 /* 352 * Mux objects - needed so that we can translate a tty index into the 353 * relevant mux and DLCI. 354 */ 355 356 #define MAX_MUX 4 /* 256 minors */ 357 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */ 358 static DEFINE_SPINLOCK(gsm_mux_lock); 359 360 static struct tty_driver *gsm_tty_driver; 361 362 /* 363 * This section of the driver logic implements the GSM encodings 364 * both the basic and the 'advanced'. Reliable transport is not 365 * supported. 366 */ 367 368 #define CR 0x02 369 #define EA 0x01 370 #define PF 0x10 371 372 /* I is special: the rest are ..*/ 373 #define RR 0x01 374 #define UI 0x03 375 #define RNR 0x05 376 #define REJ 0x09 377 #define DM 0x0F 378 #define SABM 0x2F 379 #define DISC 0x43 380 #define UA 0x63 381 #define UIH 0xEF 382 383 /* Channel commands */ 384 #define CMD_NSC 0x09 385 #define CMD_TEST 0x11 386 #define CMD_PSC 0x21 387 #define CMD_RLS 0x29 388 #define CMD_FCOFF 0x31 389 #define CMD_PN 0x41 390 #define CMD_RPN 0x49 391 #define CMD_FCON 0x51 392 #define CMD_CLD 0x61 393 #define CMD_SNC 0x69 394 #define CMD_MSC 0x71 395 396 /* Virtual modem bits */ 397 #define MDM_FC 0x01 398 #define MDM_RTC 0x02 399 #define MDM_RTR 0x04 400 #define MDM_IC 0x20 401 #define MDM_DV 0x40 402 403 #define GSM0_SOF 0xF9 404 #define GSM1_SOF 0x7E 405 #define GSM1_ESCAPE 0x7D 406 #define GSM1_ESCAPE_BITS 0x20 407 #define XON 0x11 408 #define XOFF 0x13 409 #define ISO_IEC_646_MASK 0x7F 410 411 static const struct tty_port_operations gsm_port_ops; 412 413 /* 414 * CRC table for GSM 0710 415 */ 416 417 static const u8 gsm_fcs8[256] = { 418 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 419 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 420 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 421 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 422 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 423 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 424 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 425 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 426 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 427 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 428 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 429 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 430 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 431 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 432 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 433 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 434 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 435 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 436 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 437 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 438 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 439 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 440 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 441 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 442 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 443 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 444 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 445 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 446 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 447 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 448 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 449 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 450 }; 451 452 #define INIT_FCS 0xFF 453 #define GOOD_FCS 0xCF 454 455 static void gsm_dlci_close(struct gsm_dlci *dlci); 456 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len); 457 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk); 458 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 459 u8 ctrl); 460 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg); 461 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr); 462 static void gsmld_write_trigger(struct gsm_mux *gsm); 463 static void gsmld_write_task(struct work_struct *work); 464 static int gsm_modem_send_initial_msc(struct gsm_dlci *dlci); 465 466 /** 467 * gsm_fcs_add - update FCS 468 * @fcs: Current FCS 469 * @c: Next data 470 * 471 * Update the FCS to include c. Uses the algorithm in the specification 472 * notes. 473 */ 474 475 static inline u8 gsm_fcs_add(u8 fcs, u8 c) 476 { 477 return gsm_fcs8[fcs ^ c]; 478 } 479 480 /** 481 * gsm_fcs_add_block - update FCS for a block 482 * @fcs: Current FCS 483 * @c: buffer of data 484 * @len: length of buffer 485 * 486 * Update the FCS to include c. Uses the algorithm in the specification 487 * notes. 488 */ 489 490 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len) 491 { 492 while (len--) 493 fcs = gsm_fcs8[fcs ^ *c++]; 494 return fcs; 495 } 496 497 /** 498 * gsm_read_ea - read a byte into an EA 499 * @val: variable holding value 500 * @c: byte going into the EA 501 * 502 * Processes one byte of an EA. Updates the passed variable 503 * and returns 1 if the EA is now completely read 504 */ 505 506 static int gsm_read_ea(unsigned int *val, u8 c) 507 { 508 /* Add the next 7 bits into the value */ 509 *val <<= 7; 510 *val |= c >> 1; 511 /* Was this the last byte of the EA 1 = yes*/ 512 return c & EA; 513 } 514 515 /** 516 * gsm_read_ea_val - read a value until EA 517 * @val: variable holding value 518 * @data: buffer of data 519 * @dlen: length of data 520 * 521 * Processes an EA value. Updates the passed variable and 522 * returns the processed data length. 523 */ 524 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen) 525 { 526 unsigned int len = 0; 527 528 for (; dlen > 0; dlen--) { 529 len++; 530 if (gsm_read_ea(val, *data++)) 531 break; 532 } 533 return len; 534 } 535 536 /** 537 * gsm_encode_modem - encode modem data bits 538 * @dlci: DLCI to encode from 539 * 540 * Returns the correct GSM encoded modem status bits (6 bit field) for 541 * the current status of the DLCI and attached tty object 542 */ 543 544 static u8 gsm_encode_modem(const struct gsm_dlci *dlci) 545 { 546 u8 modembits = 0; 547 /* FC is true flow control not modem bits */ 548 if (dlci->throttled) 549 modembits |= MDM_FC; 550 if (dlci->modem_tx & TIOCM_DTR) 551 modembits |= MDM_RTC; 552 if (dlci->modem_tx & TIOCM_RTS) 553 modembits |= MDM_RTR; 554 if (dlci->modem_tx & TIOCM_RI) 555 modembits |= MDM_IC; 556 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator) 557 modembits |= MDM_DV; 558 /* special mappings for passive side to operate as UE */ 559 if (dlci->modem_tx & TIOCM_OUT1) 560 modembits |= MDM_IC; 561 if (dlci->modem_tx & TIOCM_OUT2) 562 modembits |= MDM_DV; 563 return modembits; 564 } 565 566 static void gsm_hex_dump_bytes(const char *fname, const u8 *data, 567 unsigned long len) 568 { 569 char *prefix; 570 571 if (!fname) { 572 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len, 573 true); 574 return; 575 } 576 577 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname); 578 if (!prefix) 579 return; 580 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len, 581 true); 582 kfree(prefix); 583 } 584 585 /** 586 * gsm_encode_params - encode DLCI parameters 587 * @dlci: DLCI to encode from 588 * @params: buffer to fill with the encoded parameters 589 * 590 * Encodes the parameters according to GSM 07.10 section 5.4.6.3.1 591 * table 3. 592 */ 593 static int gsm_encode_params(const struct gsm_dlci *dlci, 594 struct gsm_dlci_param_bits *params) 595 { 596 const struct gsm_mux *gsm = dlci->gsm; 597 unsigned int i, cl; 598 599 switch (dlci->ftype) { 600 case UIH: 601 i = 0; /* UIH */ 602 break; 603 case UI: 604 i = 1; /* UI */ 605 break; 606 default: 607 pr_debug("unsupported frame type %d\n", dlci->ftype); 608 return -EINVAL; 609 } 610 611 switch (dlci->adaption) { 612 case 1: /* Unstructured */ 613 cl = 0; /* convergence layer type 1 */ 614 break; 615 case 2: /* Unstructured with modem bits. */ 616 cl = 1; /* convergence layer type 2 */ 617 break; 618 default: 619 pr_debug("unsupported adaption %d\n", dlci->adaption); 620 return -EINVAL; 621 } 622 623 params->d_bits = FIELD_PREP(PN_D_FIELD_DLCI, dlci->addr); 624 /* UIH, convergence layer type 1 */ 625 params->i_cl_bits = FIELD_PREP(PN_I_CL_FIELD_FTYPE, i) | 626 FIELD_PREP(PN_I_CL_FIELD_ADAPTION, cl); 627 params->p_bits = FIELD_PREP(PN_P_FIELD_PRIO, dlci->prio); 628 params->t_bits = FIELD_PREP(PN_T_FIELD_T1, gsm->t1); 629 params->n_bits = cpu_to_le16(FIELD_PREP(PN_N_FIELD_N1, dlci->mtu)); 630 params->na_bits = FIELD_PREP(PN_NA_FIELD_N2, gsm->n2); 631 params->k_bits = FIELD_PREP(PN_K_FIELD_K, dlci->k); 632 633 return 0; 634 } 635 636 /** 637 * gsm_register_devices - register all tty devices for a given mux index 638 * 639 * @driver: the tty driver that describes the tty devices 640 * @index: the mux number is used to calculate the minor numbers of the 641 * ttys for this mux and may differ from the position in the 642 * mux array. 643 */ 644 static int gsm_register_devices(struct tty_driver *driver, unsigned int index) 645 { 646 struct device *dev; 647 int i; 648 unsigned int base; 649 650 if (!driver || index >= MAX_MUX) 651 return -EINVAL; 652 653 base = index * NUM_DLCI; /* first minor for this index */ 654 for (i = 1; i < NUM_DLCI; i++) { 655 /* Don't register device 0 - this is the control channel 656 * and not a usable tty interface 657 */ 658 dev = tty_register_device(gsm_tty_driver, base + i, NULL); 659 if (IS_ERR(dev)) { 660 if (debug & DBG_ERRORS) 661 pr_info("%s failed to register device minor %u", 662 __func__, base + i); 663 for (i--; i >= 1; i--) 664 tty_unregister_device(gsm_tty_driver, base + i); 665 return PTR_ERR(dev); 666 } 667 } 668 669 return 0; 670 } 671 672 /** 673 * gsm_unregister_devices - unregister all tty devices for a given mux index 674 * 675 * @driver: the tty driver that describes the tty devices 676 * @index: the mux number is used to calculate the minor numbers of the 677 * ttys for this mux and may differ from the position in the 678 * mux array. 679 */ 680 static void gsm_unregister_devices(struct tty_driver *driver, 681 unsigned int index) 682 { 683 int i; 684 unsigned int base; 685 686 if (!driver || index >= MAX_MUX) 687 return; 688 689 base = index * NUM_DLCI; /* first minor for this index */ 690 for (i = 1; i < NUM_DLCI; i++) { 691 /* Don't unregister device 0 - this is the control 692 * channel and not a usable tty interface 693 */ 694 tty_unregister_device(gsm_tty_driver, base + i); 695 } 696 } 697 698 /** 699 * gsm_print_packet - display a frame for debug 700 * @hdr: header to print before decode 701 * @addr: address EA from the frame 702 * @cr: C/R bit seen as initiator 703 * @control: control including PF bit 704 * @data: following data bytes 705 * @dlen: length of data 706 * 707 * Displays a packet in human readable format for debugging purposes. The 708 * style is based on amateur radio LAP-B dump display. 709 */ 710 711 static void gsm_print_packet(const char *hdr, int addr, int cr, 712 u8 control, const u8 *data, int dlen) 713 { 714 if (!(debug & DBG_DUMP)) 715 return; 716 /* Only show user payload frames if debug & DBG_PAYLOAD */ 717 if (!(debug & DBG_PAYLOAD) && addr != 0) 718 if ((control & ~PF) == UI || (control & ~PF) == UIH) 719 return; 720 721 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]); 722 723 switch (control & ~PF) { 724 case SABM: 725 pr_cont("SABM"); 726 break; 727 case UA: 728 pr_cont("UA"); 729 break; 730 case DISC: 731 pr_cont("DISC"); 732 break; 733 case DM: 734 pr_cont("DM"); 735 break; 736 case UI: 737 pr_cont("UI"); 738 break; 739 case UIH: 740 pr_cont("UIH"); 741 break; 742 default: 743 if (!(control & 0x01)) { 744 pr_cont("I N(S)%d N(R)%d", 745 (control & 0x0E) >> 1, (control & 0xE0) >> 5); 746 } else switch (control & 0x0F) { 747 case RR: 748 pr_cont("RR(%d)", (control & 0xE0) >> 5); 749 break; 750 case RNR: 751 pr_cont("RNR(%d)", (control & 0xE0) >> 5); 752 break; 753 case REJ: 754 pr_cont("REJ(%d)", (control & 0xE0) >> 5); 755 break; 756 default: 757 pr_cont("[%02X]", control); 758 } 759 } 760 761 if (control & PF) 762 pr_cont("(P)"); 763 else 764 pr_cont("(F)"); 765 766 gsm_hex_dump_bytes(NULL, data, dlen); 767 } 768 769 770 /* 771 * Link level transmission side 772 */ 773 774 /** 775 * gsm_stuff_frame - bytestuff a packet 776 * @input: input buffer 777 * @output: output buffer 778 * @len: length of input 779 * 780 * Expand a buffer by bytestuffing it. The worst case size change 781 * is doubling and the caller is responsible for handing out 782 * suitable sized buffers. 783 */ 784 785 static int gsm_stuff_frame(const u8 *input, u8 *output, int len) 786 { 787 int olen = 0; 788 while (len--) { 789 if (*input == GSM1_SOF || *input == GSM1_ESCAPE 790 || (*input & ISO_IEC_646_MASK) == XON 791 || (*input & ISO_IEC_646_MASK) == XOFF) { 792 *output++ = GSM1_ESCAPE; 793 *output++ = *input++ ^ GSM1_ESCAPE_BITS; 794 olen++; 795 } else 796 *output++ = *input++; 797 olen++; 798 } 799 return olen; 800 } 801 802 /** 803 * gsm_send - send a control frame 804 * @gsm: our GSM mux 805 * @addr: address for control frame 806 * @cr: command/response bit seen as initiator 807 * @control: control byte including PF bit 808 * 809 * Format up and transmit a control frame. These should be transmitted 810 * ahead of data when they are needed. 811 */ 812 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control) 813 { 814 struct gsm_msg *msg; 815 u8 *dp; 816 int ocr; 817 unsigned long flags; 818 819 msg = gsm_data_alloc(gsm, addr, 0, control); 820 if (!msg) 821 return -ENOMEM; 822 823 /* toggle C/R coding if not initiator */ 824 ocr = cr ^ (gsm->initiator ? 0 : 1); 825 826 msg->data -= 3; 827 dp = msg->data; 828 *dp++ = (addr << 2) | (ocr << 1) | EA; 829 *dp++ = control; 830 831 if (gsm->encoding == GSM_BASIC_OPT) 832 *dp++ = EA; /* Length of data = 0 */ 833 834 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data); 835 msg->len = (dp - msg->data) + 1; 836 837 gsm_print_packet("Q->", addr, cr, control, NULL, 0); 838 839 spin_lock_irqsave(&gsm->tx_lock, flags); 840 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 841 gsm->tx_bytes += msg->len; 842 spin_unlock_irqrestore(&gsm->tx_lock, flags); 843 gsmld_write_trigger(gsm); 844 845 return 0; 846 } 847 848 /** 849 * gsm_dlci_clear_queues - remove outstanding data for a DLCI 850 * @gsm: mux 851 * @dlci: clear for this DLCI 852 * 853 * Clears the data queues for a given DLCI. 854 */ 855 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci) 856 { 857 struct gsm_msg *msg, *nmsg; 858 int addr = dlci->addr; 859 unsigned long flags; 860 861 /* Clear DLCI write fifo first */ 862 spin_lock_irqsave(&dlci->lock, flags); 863 kfifo_reset(&dlci->fifo); 864 spin_unlock_irqrestore(&dlci->lock, flags); 865 866 /* Clear data packets in MUX write queue */ 867 spin_lock_irqsave(&gsm->tx_lock, flags); 868 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 869 if (msg->addr != addr) 870 continue; 871 gsm->tx_bytes -= msg->len; 872 list_del(&msg->list); 873 kfree(msg); 874 } 875 spin_unlock_irqrestore(&gsm->tx_lock, flags); 876 } 877 878 /** 879 * gsm_response - send a control response 880 * @gsm: our GSM mux 881 * @addr: address for control frame 882 * @control: control byte including PF bit 883 * 884 * Format up and transmit a link level response frame. 885 */ 886 887 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control) 888 { 889 gsm_send(gsm, addr, 0, control); 890 } 891 892 /** 893 * gsm_command - send a control command 894 * @gsm: our GSM mux 895 * @addr: address for control frame 896 * @control: control byte including PF bit 897 * 898 * Format up and transmit a link level command frame. 899 */ 900 901 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control) 902 { 903 gsm_send(gsm, addr, 1, control); 904 } 905 906 /* Data transmission */ 907 908 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */ 909 910 /** 911 * gsm_data_alloc - allocate data frame 912 * @gsm: GSM mux 913 * @addr: DLCI address 914 * @len: length excluding header and FCS 915 * @ctrl: control byte 916 * 917 * Allocate a new data buffer for sending frames with data. Space is left 918 * at the front for header bytes but that is treated as an implementation 919 * detail and not for the high level code to use 920 */ 921 922 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len, 923 u8 ctrl) 924 { 925 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN, 926 GFP_ATOMIC); 927 if (m == NULL) 928 return NULL; 929 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */ 930 m->len = len; 931 m->addr = addr; 932 m->ctrl = ctrl; 933 INIT_LIST_HEAD(&m->list); 934 return m; 935 } 936 937 /** 938 * gsm_send_packet - sends a single packet 939 * @gsm: GSM Mux 940 * @msg: packet to send 941 * 942 * The given packet is encoded and sent out. No memory is freed. 943 * The caller must hold the gsm tx lock. 944 */ 945 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg) 946 { 947 int len, ret; 948 949 950 if (gsm->encoding == GSM_BASIC_OPT) { 951 gsm->txframe[0] = GSM0_SOF; 952 memcpy(gsm->txframe + 1, msg->data, msg->len); 953 gsm->txframe[msg->len + 1] = GSM0_SOF; 954 len = msg->len + 2; 955 } else { 956 gsm->txframe[0] = GSM1_SOF; 957 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len); 958 gsm->txframe[len + 1] = GSM1_SOF; 959 len += 2; 960 } 961 962 if (debug & DBG_DATA) 963 gsm_hex_dump_bytes(__func__, gsm->txframe, len); 964 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data, 965 msg->len); 966 967 ret = gsmld_output(gsm, gsm->txframe, len); 968 if (ret <= 0) 969 return ret; 970 /* FIXME: Can eliminate one SOF in many more cases */ 971 gsm->tx_bytes -= msg->len; 972 973 return 0; 974 } 975 976 /** 977 * gsm_is_flow_ctrl_msg - checks if flow control message 978 * @msg: message to check 979 * 980 * Returns true if the given message is a flow control command of the 981 * control channel. False is returned in any other case. 982 */ 983 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg) 984 { 985 unsigned int cmd; 986 987 if (msg->addr > 0) 988 return false; 989 990 switch (msg->ctrl & ~PF) { 991 case UI: 992 case UIH: 993 cmd = 0; 994 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1) 995 break; 996 switch (cmd & ~PF) { 997 case CMD_FCOFF: 998 case CMD_FCON: 999 return true; 1000 } 1001 break; 1002 } 1003 1004 return false; 1005 } 1006 1007 /** 1008 * gsm_data_kick - poke the queue 1009 * @gsm: GSM Mux 1010 * 1011 * The tty device has called us to indicate that room has appeared in 1012 * the transmit queue. Ram more data into the pipe if we have any. 1013 * If we have been flow-stopped by a CMD_FCOFF, then we can only 1014 * send messages on DLCI0 until CMD_FCON. The caller must hold 1015 * the gsm tx lock. 1016 */ 1017 static int gsm_data_kick(struct gsm_mux *gsm) 1018 { 1019 struct gsm_msg *msg, *nmsg; 1020 struct gsm_dlci *dlci; 1021 int ret; 1022 1023 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 1024 1025 /* Serialize control messages and control channel messages first */ 1026 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) { 1027 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg)) 1028 continue; 1029 ret = gsm_send_packet(gsm, msg); 1030 switch (ret) { 1031 case -ENOSPC: 1032 return -ENOSPC; 1033 case -ENODEV: 1034 /* ldisc not open */ 1035 gsm->tx_bytes -= msg->len; 1036 list_del(&msg->list); 1037 kfree(msg); 1038 continue; 1039 default: 1040 if (ret >= 0) { 1041 list_del(&msg->list); 1042 kfree(msg); 1043 } 1044 break; 1045 } 1046 } 1047 1048 if (gsm->constipated) 1049 return -EAGAIN; 1050 1051 /* Serialize other channels */ 1052 if (list_empty(&gsm->tx_data_list)) 1053 return 0; 1054 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) { 1055 dlci = gsm->dlci[msg->addr]; 1056 /* Send only messages for DLCIs with valid state */ 1057 if (dlci->state != DLCI_OPEN) { 1058 gsm->tx_bytes -= msg->len; 1059 list_del(&msg->list); 1060 kfree(msg); 1061 continue; 1062 } 1063 ret = gsm_send_packet(gsm, msg); 1064 switch (ret) { 1065 case -ENOSPC: 1066 return -ENOSPC; 1067 case -ENODEV: 1068 /* ldisc not open */ 1069 gsm->tx_bytes -= msg->len; 1070 list_del(&msg->list); 1071 kfree(msg); 1072 continue; 1073 default: 1074 if (ret >= 0) { 1075 list_del(&msg->list); 1076 kfree(msg); 1077 } 1078 break; 1079 } 1080 } 1081 1082 return 1; 1083 } 1084 1085 /** 1086 * __gsm_data_queue - queue a UI or UIH frame 1087 * @dlci: DLCI sending the data 1088 * @msg: message queued 1089 * 1090 * Add data to the transmit queue and try and get stuff moving 1091 * out of the mux tty if not already doing so. The Caller must hold 1092 * the gsm tx lock. 1093 */ 1094 1095 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 1096 { 1097 struct gsm_mux *gsm = dlci->gsm; 1098 u8 *dp = msg->data; 1099 u8 *fcs = dp + msg->len; 1100 1101 /* Fill in the header */ 1102 if (gsm->encoding == GSM_BASIC_OPT) { 1103 if (msg->len < 128) 1104 *--dp = (msg->len << 1) | EA; 1105 else { 1106 *--dp = (msg->len >> 7); /* bits 7 - 15 */ 1107 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */ 1108 } 1109 } 1110 1111 *--dp = msg->ctrl; 1112 if (gsm->initiator) 1113 *--dp = (msg->addr << 2) | CR | EA; 1114 else 1115 *--dp = (msg->addr << 2) | EA; 1116 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp); 1117 /* Ugly protocol layering violation */ 1118 if (msg->ctrl == UI || msg->ctrl == (UI|PF)) 1119 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len); 1120 *fcs = 0xFF - *fcs; 1121 1122 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl, 1123 msg->data, msg->len); 1124 1125 /* Move the header back and adjust the length, also allow for the FCS 1126 now tacked on the end */ 1127 msg->len += (msg->data - dp) + 1; 1128 msg->data = dp; 1129 1130 /* Add to the actual output queue */ 1131 switch (msg->ctrl & ~PF) { 1132 case UI: 1133 case UIH: 1134 if (msg->addr > 0) { 1135 list_add_tail(&msg->list, &gsm->tx_data_list); 1136 break; 1137 } 1138 fallthrough; 1139 default: 1140 list_add_tail(&msg->list, &gsm->tx_ctrl_list); 1141 break; 1142 } 1143 gsm->tx_bytes += msg->len; 1144 1145 gsmld_write_trigger(gsm); 1146 mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100); 1147 } 1148 1149 /** 1150 * gsm_data_queue - queue a UI or UIH frame 1151 * @dlci: DLCI sending the data 1152 * @msg: message queued 1153 * 1154 * Add data to the transmit queue and try and get stuff moving 1155 * out of the mux tty if not already doing so. Take the 1156 * the gsm tx lock and dlci lock. 1157 */ 1158 1159 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg) 1160 { 1161 unsigned long flags; 1162 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 1163 __gsm_data_queue(dlci, msg); 1164 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 1165 } 1166 1167 /** 1168 * gsm_dlci_data_output - try and push data out of a DLCI 1169 * @gsm: mux 1170 * @dlci: the DLCI to pull data from 1171 * 1172 * Pull data from a DLCI and send it into the transmit queue if there 1173 * is data. Keep to the MRU of the mux. This path handles the usual tty 1174 * interface which is a byte stream with optional modem data. 1175 * 1176 * Caller must hold the tx_lock of the mux. 1177 */ 1178 1179 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci) 1180 { 1181 struct gsm_msg *msg; 1182 u8 *dp; 1183 int h, len, size; 1184 1185 /* for modem bits without break data */ 1186 h = ((dlci->adaption == 1) ? 0 : 1); 1187 1188 len = kfifo_len(&dlci->fifo); 1189 if (len == 0) 1190 return 0; 1191 1192 /* MTU/MRU count only the data bits but watch adaption mode */ 1193 if ((len + h) > dlci->mtu) 1194 len = dlci->mtu - h; 1195 1196 size = len + h; 1197 1198 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1199 if (!msg) 1200 return -ENOMEM; 1201 dp = msg->data; 1202 switch (dlci->adaption) { 1203 case 1: /* Unstructured */ 1204 break; 1205 case 2: /* Unstructured with modem bits. 1206 * Always one byte as we never send inline break data 1207 */ 1208 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1209 break; 1210 default: 1211 pr_err("%s: unsupported adaption %d\n", __func__, 1212 dlci->adaption); 1213 break; 1214 } 1215 1216 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len, 1217 &dlci->lock)); 1218 1219 /* Notify upper layer about available send space. */ 1220 tty_port_tty_wakeup(&dlci->port); 1221 1222 __gsm_data_queue(dlci, msg); 1223 /* Bytes of data we used up */ 1224 return size; 1225 } 1226 1227 /** 1228 * gsm_dlci_data_output_framed - try and push data out of a DLCI 1229 * @gsm: mux 1230 * @dlci: the DLCI to pull data from 1231 * 1232 * Pull data from a DLCI and send it into the transmit queue if there 1233 * is data. Keep to the MRU of the mux. This path handles framed data 1234 * queued as skbuffs to the DLCI. 1235 * 1236 * Caller must hold the tx_lock of the mux. 1237 */ 1238 1239 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm, 1240 struct gsm_dlci *dlci) 1241 { 1242 struct gsm_msg *msg; 1243 u8 *dp; 1244 int len, size; 1245 int last = 0, first = 0; 1246 int overhead = 0; 1247 1248 /* One byte per frame is used for B/F flags */ 1249 if (dlci->adaption == 4) 1250 overhead = 1; 1251 1252 /* dlci->skb is locked by tx_lock */ 1253 if (dlci->skb == NULL) { 1254 dlci->skb = skb_dequeue_tail(&dlci->skb_list); 1255 if (dlci->skb == NULL) 1256 return 0; 1257 first = 1; 1258 } 1259 len = dlci->skb->len + overhead; 1260 1261 /* MTU/MRU count only the data bits */ 1262 if (len > dlci->mtu) { 1263 if (dlci->adaption == 3) { 1264 /* Over long frame, bin it */ 1265 dev_kfree_skb_any(dlci->skb); 1266 dlci->skb = NULL; 1267 return 0; 1268 } 1269 len = dlci->mtu; 1270 } else 1271 last = 1; 1272 1273 size = len + overhead; 1274 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1275 if (msg == NULL) { 1276 skb_queue_tail(&dlci->skb_list, dlci->skb); 1277 dlci->skb = NULL; 1278 return -ENOMEM; 1279 } 1280 dp = msg->data; 1281 1282 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */ 1283 /* Flag byte to carry the start/end info */ 1284 *dp++ = last << 7 | first << 6 | 1; /* EA */ 1285 len--; 1286 } 1287 memcpy(dp, dlci->skb->data, len); 1288 skb_pull(dlci->skb, len); 1289 __gsm_data_queue(dlci, msg); 1290 if (last) { 1291 dev_kfree_skb_any(dlci->skb); 1292 dlci->skb = NULL; 1293 } 1294 return size; 1295 } 1296 1297 /** 1298 * gsm_dlci_modem_output - try and push modem status out of a DLCI 1299 * @gsm: mux 1300 * @dlci: the DLCI to pull modem status from 1301 * @brk: break signal 1302 * 1303 * Push an empty frame in to the transmit queue to update the modem status 1304 * bits and to transmit an optional break. 1305 * 1306 * Caller must hold the tx_lock of the mux. 1307 */ 1308 1309 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci, 1310 u8 brk) 1311 { 1312 u8 *dp = NULL; 1313 struct gsm_msg *msg; 1314 int size = 0; 1315 1316 /* for modem bits without break data */ 1317 switch (dlci->adaption) { 1318 case 1: /* Unstructured */ 1319 break; 1320 case 2: /* Unstructured with modem bits. */ 1321 size++; 1322 if (brk > 0) 1323 size++; 1324 break; 1325 default: 1326 pr_err("%s: unsupported adaption %d\n", __func__, 1327 dlci->adaption); 1328 return -EINVAL; 1329 } 1330 1331 msg = gsm_data_alloc(gsm, dlci->addr, size, dlci->ftype); 1332 if (!msg) { 1333 pr_err("%s: gsm_data_alloc error", __func__); 1334 return -ENOMEM; 1335 } 1336 dp = msg->data; 1337 switch (dlci->adaption) { 1338 case 1: /* Unstructured */ 1339 break; 1340 case 2: /* Unstructured with modem bits. */ 1341 if (brk == 0) { 1342 *dp++ = (gsm_encode_modem(dlci) << 1) | EA; 1343 } else { 1344 *dp++ = gsm_encode_modem(dlci) << 1; 1345 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */ 1346 } 1347 break; 1348 default: 1349 /* Handled above */ 1350 break; 1351 } 1352 1353 __gsm_data_queue(dlci, msg); 1354 return size; 1355 } 1356 1357 /** 1358 * gsm_dlci_data_sweep - look for data to send 1359 * @gsm: the GSM mux 1360 * 1361 * Sweep the GSM mux channels in priority order looking for ones with 1362 * data to send. We could do with optimising this scan a bit. We aim 1363 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit 1364 * TX_THRESH_LO we get called again 1365 * 1366 * FIXME: We should round robin between groups and in theory you can 1367 * renegotiate DLCI priorities with optional stuff. Needs optimising. 1368 */ 1369 1370 static int gsm_dlci_data_sweep(struct gsm_mux *gsm) 1371 { 1372 /* Priority ordering: We should do priority with RR of the groups */ 1373 int i, len, ret = 0; 1374 bool sent; 1375 struct gsm_dlci *dlci; 1376 1377 while (gsm->tx_bytes < TX_THRESH_HI) { 1378 for (sent = false, i = 1; i < NUM_DLCI; i++) { 1379 dlci = gsm->dlci[i]; 1380 /* skip unused or blocked channel */ 1381 if (!dlci || dlci->constipated) 1382 continue; 1383 /* skip channels with invalid state */ 1384 if (dlci->state != DLCI_OPEN) 1385 continue; 1386 /* count the sent data per adaption */ 1387 if (dlci->adaption < 3 && !dlci->net) 1388 len = gsm_dlci_data_output(gsm, dlci); 1389 else 1390 len = gsm_dlci_data_output_framed(gsm, dlci); 1391 /* on error exit */ 1392 if (len < 0) 1393 return ret; 1394 if (len > 0) { 1395 ret++; 1396 sent = true; 1397 /* The lower DLCs can starve the higher DLCs! */ 1398 break; 1399 } 1400 /* try next */ 1401 } 1402 if (!sent) 1403 break; 1404 } 1405 1406 return ret; 1407 } 1408 1409 /** 1410 * gsm_dlci_data_kick - transmit if possible 1411 * @dlci: DLCI to kick 1412 * 1413 * Transmit data from this DLCI if the queue is empty. We can't rely on 1414 * a tty wakeup except when we filled the pipe so we need to fire off 1415 * new data ourselves in other cases. 1416 */ 1417 1418 static void gsm_dlci_data_kick(struct gsm_dlci *dlci) 1419 { 1420 unsigned long flags; 1421 int sweep; 1422 1423 if (dlci->constipated) 1424 return; 1425 1426 spin_lock_irqsave(&dlci->gsm->tx_lock, flags); 1427 /* If we have nothing running then we need to fire up */ 1428 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO); 1429 if (dlci->gsm->tx_bytes == 0) { 1430 if (dlci->net) 1431 gsm_dlci_data_output_framed(dlci->gsm, dlci); 1432 else 1433 gsm_dlci_data_output(dlci->gsm, dlci); 1434 } 1435 if (sweep) 1436 gsm_dlci_data_sweep(dlci->gsm); 1437 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags); 1438 } 1439 1440 /* 1441 * Control message processing 1442 */ 1443 1444 1445 /** 1446 * gsm_control_command - send a command frame to a control 1447 * @gsm: gsm channel 1448 * @cmd: the command to use 1449 * @data: data to follow encoded info 1450 * @dlen: length of data 1451 * 1452 * Encode up and queue a UI/UIH frame containing our command. 1453 */ 1454 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data, 1455 int dlen) 1456 { 1457 struct gsm_msg *msg; 1458 struct gsm_dlci *dlci = gsm->dlci[0]; 1459 1460 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype); 1461 if (msg == NULL) 1462 return -ENOMEM; 1463 1464 msg->data[0] = (cmd << 1) | CR | EA; /* Set C/R */ 1465 msg->data[1] = (dlen << 1) | EA; 1466 memcpy(msg->data + 2, data, dlen); 1467 gsm_data_queue(dlci, msg); 1468 1469 return 0; 1470 } 1471 1472 /** 1473 * gsm_control_reply - send a response frame to a control 1474 * @gsm: gsm channel 1475 * @cmd: the command to use 1476 * @data: data to follow encoded info 1477 * @dlen: length of data 1478 * 1479 * Encode up and queue a UI/UIH frame containing our response. 1480 */ 1481 1482 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data, 1483 int dlen) 1484 { 1485 struct gsm_msg *msg; 1486 struct gsm_dlci *dlci = gsm->dlci[0]; 1487 1488 msg = gsm_data_alloc(gsm, 0, dlen + 2, dlci->ftype); 1489 if (msg == NULL) 1490 return; 1491 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */ 1492 msg->data[1] = (dlen << 1) | EA; 1493 memcpy(msg->data + 2, data, dlen); 1494 gsm_data_queue(dlci, msg); 1495 } 1496 1497 /** 1498 * gsm_process_modem - process received modem status 1499 * @tty: virtual tty bound to the DLCI 1500 * @dlci: DLCI to affect 1501 * @modem: modem bits (full EA) 1502 * @slen: number of signal octets 1503 * 1504 * Used when a modem control message or line state inline in adaption 1505 * layer 2 is processed. Sort out the local modem state and throttles 1506 */ 1507 1508 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci, 1509 u32 modem, int slen) 1510 { 1511 int mlines = 0; 1512 u8 brk = 0; 1513 int fc; 1514 1515 /* The modem status command can either contain one octet (V.24 signals) 1516 * or two octets (V.24 signals + break signals). This is specified in 1517 * section 5.4.6.3.7 of the 07.10 mux spec. 1518 */ 1519 1520 if (slen == 1) 1521 modem = modem & 0x7f; 1522 else { 1523 brk = modem & 0x7f; 1524 modem = (modem >> 7) & 0x7f; 1525 } 1526 1527 /* Flow control/ready to communicate */ 1528 fc = (modem & MDM_FC) || !(modem & MDM_RTR); 1529 if (fc && !dlci->constipated) { 1530 /* Need to throttle our output on this device */ 1531 dlci->constipated = true; 1532 } else if (!fc && dlci->constipated) { 1533 dlci->constipated = false; 1534 gsm_dlci_data_kick(dlci); 1535 } 1536 1537 /* Map modem bits */ 1538 if (modem & MDM_RTC) 1539 mlines |= TIOCM_DSR | TIOCM_DTR; 1540 if (modem & MDM_RTR) 1541 mlines |= TIOCM_RTS | TIOCM_CTS; 1542 if (modem & MDM_IC) 1543 mlines |= TIOCM_RI; 1544 if (modem & MDM_DV) 1545 mlines |= TIOCM_CD; 1546 1547 /* Carrier drop -> hangup */ 1548 if (tty) { 1549 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD)) 1550 if (!C_CLOCAL(tty)) 1551 tty_hangup(tty); 1552 } 1553 if (brk & 0x01) 1554 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK); 1555 dlci->modem_rx = mlines; 1556 wake_up_interruptible(&dlci->gsm->event); 1557 } 1558 1559 /** 1560 * gsm_process_negotiation - process received parameters 1561 * @gsm: GSM channel 1562 * @addr: DLCI address 1563 * @cr: command/response 1564 * @params: encoded parameters from the parameter negotiation message 1565 * 1566 * Used when the response for our parameter negotiation command was 1567 * received. 1568 */ 1569 static int gsm_process_negotiation(struct gsm_mux *gsm, unsigned int addr, 1570 unsigned int cr, 1571 const struct gsm_dlci_param_bits *params) 1572 { 1573 struct gsm_dlci *dlci = gsm->dlci[addr]; 1574 unsigned int ftype, i, adaption, prio, n1, k; 1575 1576 i = FIELD_GET(PN_I_CL_FIELD_FTYPE, params->i_cl_bits); 1577 adaption = FIELD_GET(PN_I_CL_FIELD_ADAPTION, params->i_cl_bits) + 1; 1578 prio = FIELD_GET(PN_P_FIELD_PRIO, params->p_bits); 1579 n1 = FIELD_GET(PN_N_FIELD_N1, get_unaligned_le16(¶ms->n_bits)); 1580 k = FIELD_GET(PN_K_FIELD_K, params->k_bits); 1581 1582 if (n1 < MIN_MTU) { 1583 if (debug & DBG_ERRORS) 1584 pr_info("%s N1 out of range in PN\n", __func__); 1585 return -EINVAL; 1586 } 1587 1588 switch (i) { 1589 case 0x00: 1590 ftype = UIH; 1591 break; 1592 case 0x01: 1593 ftype = UI; 1594 break; 1595 case 0x02: /* I frames are not supported */ 1596 if (debug & DBG_ERRORS) 1597 pr_info("%s unsupported I frame request in PN\n", 1598 __func__); 1599 gsm->unsupported++; 1600 return -EINVAL; 1601 default: 1602 if (debug & DBG_ERRORS) 1603 pr_info("%s i out of range in PN\n", __func__); 1604 return -EINVAL; 1605 } 1606 1607 if (!cr && gsm->initiator) { 1608 if (adaption != dlci->adaption) { 1609 if (debug & DBG_ERRORS) 1610 pr_info("%s invalid adaption %d in PN\n", 1611 __func__, adaption); 1612 return -EINVAL; 1613 } 1614 if (prio != dlci->prio) { 1615 if (debug & DBG_ERRORS) 1616 pr_info("%s invalid priority %d in PN", 1617 __func__, prio); 1618 return -EINVAL; 1619 } 1620 if (n1 > gsm->mru || n1 > dlci->mtu) { 1621 /* We requested a frame size but the other party wants 1622 * to send larger frames. The standard allows only a 1623 * smaller response value than requested (5.4.6.3.1). 1624 */ 1625 if (debug & DBG_ERRORS) 1626 pr_info("%s invalid N1 %d in PN\n", __func__, 1627 n1); 1628 return -EINVAL; 1629 } 1630 dlci->mtu = n1; 1631 if (ftype != dlci->ftype) { 1632 if (debug & DBG_ERRORS) 1633 pr_info("%s invalid i %d in PN\n", __func__, i); 1634 return -EINVAL; 1635 } 1636 if (ftype != UI && ftype != UIH && k > dlci->k) { 1637 if (debug & DBG_ERRORS) 1638 pr_info("%s invalid k %d in PN\n", __func__, k); 1639 return -EINVAL; 1640 } 1641 dlci->k = k; 1642 } else if (cr && !gsm->initiator) { 1643 /* Only convergence layer type 1 and 2 are supported. */ 1644 if (adaption != 1 && adaption != 2) { 1645 if (debug & DBG_ERRORS) 1646 pr_info("%s invalid adaption %d in PN\n", 1647 __func__, adaption); 1648 return -EINVAL; 1649 } 1650 dlci->adaption = adaption; 1651 if (n1 > gsm->mru) { 1652 /* Propose a smaller value */ 1653 dlci->mtu = gsm->mru; 1654 } else if (n1 > MAX_MTU) { 1655 /* Propose a smaller value */ 1656 dlci->mtu = MAX_MTU; 1657 } else { 1658 dlci->mtu = n1; 1659 } 1660 dlci->prio = prio; 1661 dlci->ftype = ftype; 1662 dlci->k = k; 1663 } else { 1664 return -EINVAL; 1665 } 1666 1667 return 0; 1668 } 1669 1670 /** 1671 * gsm_control_modem - modem status received 1672 * @gsm: GSM channel 1673 * @data: data following command 1674 * @clen: command length 1675 * 1676 * We have received a modem status control message. This is used by 1677 * the GSM mux protocol to pass virtual modem line status and optionally 1678 * to indicate break signals. Unpack it, convert to Linux representation 1679 * and if need be stuff a break message down the tty. 1680 */ 1681 1682 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen) 1683 { 1684 unsigned int addr = 0; 1685 unsigned int modem = 0; 1686 struct gsm_dlci *dlci; 1687 int len = clen; 1688 int cl = clen; 1689 const u8 *dp = data; 1690 struct tty_struct *tty; 1691 1692 len = gsm_read_ea_val(&addr, data, cl); 1693 if (len < 1) 1694 return; 1695 1696 addr >>= 1; 1697 /* Closed port, or invalid ? */ 1698 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1699 return; 1700 dlci = gsm->dlci[addr]; 1701 1702 /* Must be at least one byte following the EA */ 1703 if ((cl - len) < 1) 1704 return; 1705 1706 dp += len; 1707 cl -= len; 1708 1709 /* get the modem status */ 1710 len = gsm_read_ea_val(&modem, dp, cl); 1711 if (len < 1) 1712 return; 1713 1714 tty = tty_port_tty_get(&dlci->port); 1715 gsm_process_modem(tty, dlci, modem, cl); 1716 if (tty) { 1717 tty_wakeup(tty); 1718 tty_kref_put(tty); 1719 } 1720 gsm_control_reply(gsm, CMD_MSC, data, clen); 1721 } 1722 1723 /** 1724 * gsm_control_negotiation - parameter negotiation received 1725 * @gsm: GSM channel 1726 * @cr: command/response flag 1727 * @data: data following command 1728 * @dlen: data length 1729 * 1730 * We have received a parameter negotiation message. This is used by 1731 * the GSM mux protocol to configure protocol parameters for a new DLCI. 1732 */ 1733 static void gsm_control_negotiation(struct gsm_mux *gsm, unsigned int cr, 1734 const u8 *data, unsigned int dlen) 1735 { 1736 unsigned int addr; 1737 struct gsm_dlci_param_bits pn_reply; 1738 struct gsm_dlci *dlci; 1739 struct gsm_dlci_param_bits *params; 1740 1741 if (dlen < sizeof(struct gsm_dlci_param_bits)) { 1742 gsm->open_error++; 1743 return; 1744 } 1745 1746 /* Invalid DLCI? */ 1747 params = (struct gsm_dlci_param_bits *)data; 1748 addr = FIELD_GET(PN_D_FIELD_DLCI, params->d_bits); 1749 if (addr == 0 || addr >= NUM_DLCI || !gsm->dlci[addr]) { 1750 gsm->open_error++; 1751 return; 1752 } 1753 dlci = gsm->dlci[addr]; 1754 1755 /* Too late for parameter negotiation? */ 1756 if ((!cr && dlci->state == DLCI_OPENING) || dlci->state == DLCI_OPEN) { 1757 gsm->open_error++; 1758 return; 1759 } 1760 1761 /* Process the received parameters */ 1762 if (gsm_process_negotiation(gsm, addr, cr, params) != 0) { 1763 /* Negotiation failed. Close the link. */ 1764 if (debug & DBG_ERRORS) 1765 pr_info("%s PN failed\n", __func__); 1766 gsm->open_error++; 1767 gsm_dlci_close(dlci); 1768 return; 1769 } 1770 1771 if (cr) { 1772 /* Reply command with accepted parameters. */ 1773 if (gsm_encode_params(dlci, &pn_reply) == 0) 1774 gsm_control_reply(gsm, CMD_PN, (const u8 *)&pn_reply, 1775 sizeof(pn_reply)); 1776 else if (debug & DBG_ERRORS) 1777 pr_info("%s PN invalid\n", __func__); 1778 } else if (dlci->state == DLCI_CONFIGURE) { 1779 /* Proceed with link setup by sending SABM before UA */ 1780 dlci->state = DLCI_OPENING; 1781 gsm_command(gsm, dlci->addr, SABM|PF); 1782 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 1783 } else { 1784 if (debug & DBG_ERRORS) 1785 pr_info("%s PN in invalid state\n", __func__); 1786 gsm->open_error++; 1787 } 1788 } 1789 1790 /** 1791 * gsm_control_rls - remote line status 1792 * @gsm: GSM channel 1793 * @data: data bytes 1794 * @clen: data length 1795 * 1796 * The modem sends us a two byte message on the control channel whenever 1797 * it wishes to send us an error state from the virtual link. Stuff 1798 * this into the uplink tty if present 1799 */ 1800 1801 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen) 1802 { 1803 struct tty_port *port; 1804 unsigned int addr = 0; 1805 u8 bits; 1806 int len = clen; 1807 const u8 *dp = data; 1808 1809 while (gsm_read_ea(&addr, *dp++) == 0) { 1810 len--; 1811 if (len == 0) 1812 return; 1813 } 1814 /* Must be at least one byte following ea */ 1815 len--; 1816 if (len <= 0) 1817 return; 1818 addr >>= 1; 1819 /* Closed port, or invalid ? */ 1820 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL) 1821 return; 1822 /* No error ? */ 1823 bits = *dp; 1824 if ((bits & 1) == 0) 1825 return; 1826 1827 port = &gsm->dlci[addr]->port; 1828 1829 if (bits & 2) 1830 tty_insert_flip_char(port, 0, TTY_OVERRUN); 1831 if (bits & 4) 1832 tty_insert_flip_char(port, 0, TTY_PARITY); 1833 if (bits & 8) 1834 tty_insert_flip_char(port, 0, TTY_FRAME); 1835 1836 tty_flip_buffer_push(port); 1837 1838 gsm_control_reply(gsm, CMD_RLS, data, clen); 1839 } 1840 1841 static void gsm_dlci_begin_close(struct gsm_dlci *dlci); 1842 1843 /** 1844 * gsm_control_message - DLCI 0 control processing 1845 * @gsm: our GSM mux 1846 * @command: the command EA 1847 * @data: data beyond the command/length EAs 1848 * @clen: length 1849 * 1850 * Input processor for control messages from the other end of the link. 1851 * Processes the incoming request and queues a response frame or an 1852 * NSC response if not supported 1853 */ 1854 1855 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command, 1856 const u8 *data, int clen) 1857 { 1858 u8 buf[1]; 1859 1860 switch (command) { 1861 case CMD_CLD: { 1862 struct gsm_dlci *dlci = gsm->dlci[0]; 1863 /* Modem wishes to close down */ 1864 if (dlci) { 1865 dlci->dead = true; 1866 gsm->dead = true; 1867 gsm_dlci_begin_close(dlci); 1868 } 1869 } 1870 break; 1871 case CMD_TEST: 1872 /* Modem wishes to test, reply with the data */ 1873 gsm_control_reply(gsm, CMD_TEST, data, clen); 1874 break; 1875 case CMD_FCON: 1876 /* Modem can accept data again */ 1877 gsm->constipated = false; 1878 gsm_control_reply(gsm, CMD_FCON, NULL, 0); 1879 /* Kick the link in case it is idling */ 1880 gsmld_write_trigger(gsm); 1881 break; 1882 case CMD_FCOFF: 1883 /* Modem wants us to STFU */ 1884 gsm->constipated = true; 1885 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0); 1886 break; 1887 case CMD_MSC: 1888 /* Out of band modem line change indicator for a DLCI */ 1889 gsm_control_modem(gsm, data, clen); 1890 break; 1891 case CMD_RLS: 1892 /* Out of band error reception for a DLCI */ 1893 gsm_control_rls(gsm, data, clen); 1894 break; 1895 case CMD_PSC: 1896 /* Modem wishes to enter power saving state */ 1897 gsm_control_reply(gsm, CMD_PSC, NULL, 0); 1898 break; 1899 /* Optional commands */ 1900 case CMD_PN: 1901 /* Modem sends a parameter negotiation command */ 1902 gsm_control_negotiation(gsm, 1, data, clen); 1903 break; 1904 /* Optional unsupported commands */ 1905 case CMD_RPN: /* Remote port negotiation */ 1906 case CMD_SNC: /* Service negotiation command */ 1907 gsm->unsupported++; 1908 fallthrough; 1909 default: 1910 /* Reply to bad commands with an NSC */ 1911 buf[0] = command; 1912 gsm_control_reply(gsm, CMD_NSC, buf, 1); 1913 break; 1914 } 1915 } 1916 1917 /** 1918 * gsm_control_response - process a response to our control 1919 * @gsm: our GSM mux 1920 * @command: the command (response) EA 1921 * @data: data beyond the command/length EA 1922 * @clen: length 1923 * 1924 * Process a response to an outstanding command. We only allow a single 1925 * control message in flight so this is fairly easy. All the clean up 1926 * is done by the caller, we just update the fields, flag it as done 1927 * and return 1928 */ 1929 1930 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command, 1931 const u8 *data, int clen) 1932 { 1933 struct gsm_control *ctrl; 1934 struct gsm_dlci *dlci; 1935 unsigned long flags; 1936 1937 spin_lock_irqsave(&gsm->control_lock, flags); 1938 1939 ctrl = gsm->pending_cmd; 1940 dlci = gsm->dlci[0]; 1941 command |= 1; 1942 /* Does the reply match our command */ 1943 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) { 1944 /* Our command was replied to, kill the retry timer */ 1945 timer_delete(&gsm->t2_timer); 1946 gsm->pending_cmd = NULL; 1947 /* Rejected by the other end */ 1948 if (command == CMD_NSC) 1949 ctrl->error = -EOPNOTSUPP; 1950 ctrl->done = 1; 1951 wake_up(&gsm->event); 1952 /* Or did we receive the PN response to our PN command */ 1953 } else if (command == CMD_PN) { 1954 gsm_control_negotiation(gsm, 0, data, clen); 1955 /* Or did we receive the TEST response to our TEST command */ 1956 } else if (command == CMD_TEST && clen == 1 && *data == gsm->ka_num) { 1957 gsm->ka_retries = -1; /* trigger new keep-alive message */ 1958 if (dlci && !dlci->dead) 1959 mod_timer(&gsm->ka_timer, jiffies + gsm->keep_alive * HZ / 100); 1960 } 1961 spin_unlock_irqrestore(&gsm->control_lock, flags); 1962 } 1963 1964 /** 1965 * gsm_control_keep_alive - check timeout or start keep-alive 1966 * @t: timer contained in our gsm object 1967 * 1968 * Called off the keep-alive timer expiry signaling that our link 1969 * partner is not responding anymore. Link will be closed. 1970 * This is also called to startup our timer. 1971 */ 1972 1973 static void gsm_control_keep_alive(struct timer_list *t) 1974 { 1975 struct gsm_mux *gsm = timer_container_of(gsm, t, ka_timer); 1976 unsigned long flags; 1977 1978 spin_lock_irqsave(&gsm->control_lock, flags); 1979 if (gsm->ka_num && gsm->ka_retries == 0) { 1980 /* Keep-alive expired -> close the link */ 1981 if (debug & DBG_ERRORS) 1982 pr_debug("%s keep-alive timed out\n", __func__); 1983 spin_unlock_irqrestore(&gsm->control_lock, flags); 1984 if (gsm->dlci[0]) 1985 gsm_dlci_begin_close(gsm->dlci[0]); 1986 return; 1987 } else if (gsm->keep_alive && gsm->dlci[0] && !gsm->dlci[0]->dead) { 1988 if (gsm->ka_retries > 0) { 1989 /* T2 expired for keep-alive -> resend */ 1990 gsm->ka_retries--; 1991 } else { 1992 /* Start keep-alive timer */ 1993 gsm->ka_num++; 1994 if (!gsm->ka_num) 1995 gsm->ka_num++; 1996 gsm->ka_retries = (signed int)gsm->n2; 1997 } 1998 gsm_control_command(gsm, CMD_TEST, &gsm->ka_num, 1999 sizeof(gsm->ka_num)); 2000 mod_timer(&gsm->ka_timer, 2001 jiffies + gsm->t2 * HZ / 100); 2002 } 2003 spin_unlock_irqrestore(&gsm->control_lock, flags); 2004 } 2005 2006 /** 2007 * gsm_control_transmit - send control packet 2008 * @gsm: gsm mux 2009 * @ctrl: frame to send 2010 * 2011 * Send out a pending control command (called under control lock) 2012 */ 2013 2014 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl) 2015 { 2016 gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len); 2017 } 2018 2019 /** 2020 * gsm_control_retransmit - retransmit a control frame 2021 * @t: timer contained in our gsm object 2022 * 2023 * Called off the T2 timer expiry in order to retransmit control frames 2024 * that have been lost in the system somewhere. The control_lock protects 2025 * us from colliding with another sender or a receive completion event. 2026 * In that situation the timer may still occur in a small window but 2027 * gsm->pending_cmd will be NULL and we just let the timer expire. 2028 */ 2029 2030 static void gsm_control_retransmit(struct timer_list *t) 2031 { 2032 struct gsm_mux *gsm = timer_container_of(gsm, t, t2_timer); 2033 struct gsm_control *ctrl; 2034 unsigned long flags; 2035 spin_lock_irqsave(&gsm->control_lock, flags); 2036 ctrl = gsm->pending_cmd; 2037 if (ctrl) { 2038 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) { 2039 gsm->pending_cmd = NULL; 2040 ctrl->error = -ETIMEDOUT; 2041 ctrl->done = 1; 2042 spin_unlock_irqrestore(&gsm->control_lock, flags); 2043 wake_up(&gsm->event); 2044 return; 2045 } 2046 gsm->cretries--; 2047 gsm_control_transmit(gsm, ctrl); 2048 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 2049 } 2050 spin_unlock_irqrestore(&gsm->control_lock, flags); 2051 } 2052 2053 /** 2054 * gsm_control_send - send a control frame on DLCI 0 2055 * @gsm: the GSM channel 2056 * @command: command to send including CR bit 2057 * @data: bytes of data (must be kmalloced) 2058 * @clen: length of the block to send 2059 * 2060 * Queue and dispatch a control command. Only one command can be 2061 * active at a time. In theory more can be outstanding but the matching 2062 * gets really complicated so for now stick to one outstanding. 2063 */ 2064 2065 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm, 2066 unsigned int command, u8 *data, int clen) 2067 { 2068 struct gsm_control *ctrl = kzalloc_obj(struct gsm_control, GFP_ATOMIC); 2069 unsigned long flags; 2070 if (ctrl == NULL) 2071 return NULL; 2072 retry: 2073 wait_event(gsm->event, gsm->pending_cmd == NULL); 2074 spin_lock_irqsave(&gsm->control_lock, flags); 2075 if (gsm->pending_cmd != NULL) { 2076 spin_unlock_irqrestore(&gsm->control_lock, flags); 2077 goto retry; 2078 } 2079 ctrl->cmd = command; 2080 ctrl->data = data; 2081 ctrl->len = clen; 2082 gsm->pending_cmd = ctrl; 2083 2084 /* If DLCI0 is in ADM mode skip retries, it won't respond */ 2085 if (gsm->dlci[0]->mode == DLCI_MODE_ADM) 2086 gsm->cretries = 0; 2087 else 2088 gsm->cretries = gsm->n2; 2089 2090 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100); 2091 gsm_control_transmit(gsm, ctrl); 2092 spin_unlock_irqrestore(&gsm->control_lock, flags); 2093 return ctrl; 2094 } 2095 2096 /** 2097 * gsm_control_wait - wait for a control to finish 2098 * @gsm: GSM mux 2099 * @control: control we are waiting on 2100 * 2101 * Waits for the control to complete or time out. Frees any used 2102 * resources and returns 0 for success, or an error if the remote 2103 * rejected or ignored the request. 2104 */ 2105 2106 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control) 2107 { 2108 int err; 2109 wait_event(gsm->event, control->done == 1); 2110 err = control->error; 2111 kfree(control); 2112 return err; 2113 } 2114 2115 2116 /* 2117 * DLCI level handling: Needs krefs 2118 */ 2119 2120 /* 2121 * State transitions and timers 2122 */ 2123 2124 /** 2125 * gsm_dlci_close - a DLCI has closed 2126 * @dlci: DLCI that closed 2127 * 2128 * Perform processing when moving a DLCI into closed state. If there 2129 * is an attached tty this is hung up 2130 */ 2131 2132 static void gsm_dlci_close(struct gsm_dlci *dlci) 2133 { 2134 timer_delete(&dlci->t1); 2135 if (debug & DBG_ERRORS) 2136 pr_debug("DLCI %d goes closed.\n", dlci->addr); 2137 dlci->state = DLCI_CLOSED; 2138 /* Prevent us from sending data before the link is up again */ 2139 dlci->constipated = true; 2140 if (dlci->addr != 0) { 2141 tty_port_tty_hangup(&dlci->port, false); 2142 gsm_dlci_clear_queues(dlci->gsm, dlci); 2143 /* Ensure that gsmtty_open() can return. */ 2144 tty_port_set_initialized(&dlci->port, false); 2145 wake_up_interruptible(&dlci->port.open_wait); 2146 } else { 2147 timer_delete(&dlci->gsm->ka_timer); 2148 dlci->gsm->dead = true; 2149 } 2150 /* A DLCI 0 close is a MUX termination so we need to kick that 2151 back to userspace somehow */ 2152 gsm_dlci_data_kick(dlci); 2153 wake_up_all(&dlci->gsm->event); 2154 } 2155 2156 /** 2157 * gsm_dlci_open - a DLCI has opened 2158 * @dlci: DLCI that opened 2159 * 2160 * Perform processing when moving a DLCI into open state. 2161 */ 2162 2163 static void gsm_dlci_open(struct gsm_dlci *dlci) 2164 { 2165 struct gsm_mux *gsm = dlci->gsm; 2166 2167 /* Note that SABM UA .. SABM UA first UA lost can mean that we go 2168 open -> open */ 2169 timer_delete(&dlci->t1); 2170 /* This will let a tty open continue */ 2171 dlci->state = DLCI_OPEN; 2172 dlci->constipated = false; 2173 if (debug & DBG_ERRORS) 2174 pr_debug("DLCI %d goes open.\n", dlci->addr); 2175 /* Send current modem state */ 2176 if (dlci->addr) { 2177 gsm_modem_send_initial_msc(dlci); 2178 } else { 2179 /* Start keep-alive control */ 2180 gsm->ka_num = 0; 2181 gsm->ka_retries = -1; 2182 mod_timer(&gsm->ka_timer, 2183 jiffies + gsm->keep_alive * HZ / 100); 2184 } 2185 gsm_dlci_data_kick(dlci); 2186 wake_up(&dlci->gsm->event); 2187 } 2188 2189 /** 2190 * gsm_dlci_negotiate - start parameter negotiation 2191 * @dlci: DLCI to open 2192 * 2193 * Starts the parameter negotiation for the new DLCI. This needs to be done 2194 * before the DLCI initialized the channel via SABM. 2195 */ 2196 static int gsm_dlci_negotiate(struct gsm_dlci *dlci) 2197 { 2198 struct gsm_mux *gsm = dlci->gsm; 2199 struct gsm_dlci_param_bits params; 2200 int ret; 2201 2202 ret = gsm_encode_params(dlci, ¶ms); 2203 if (ret != 0) 2204 return ret; 2205 2206 /* We cannot asynchronous wait for the command response with 2207 * gsm_command() and gsm_control_wait() at this point. 2208 */ 2209 ret = gsm_control_command(gsm, CMD_PN, (const u8 *)¶ms, 2210 sizeof(params)); 2211 2212 return ret; 2213 } 2214 2215 /** 2216 * gsm_dlci_t1 - T1 timer expiry 2217 * @t: timer contained in the DLCI that opened 2218 * 2219 * The T1 timer handles retransmits of control frames (essentially of 2220 * SABM and DISC). We resend the command until the retry count runs out 2221 * in which case an opening port goes back to closed and a closing port 2222 * is simply put into closed state (any further frames from the other 2223 * end will get a DM response) 2224 * 2225 * Some control dlci can stay in ADM mode with other dlci working just 2226 * fine. In that case we can just keep the control dlci open after the 2227 * DLCI_OPENING receives DM. 2228 */ 2229 2230 static void gsm_dlci_t1(struct timer_list *t) 2231 { 2232 struct gsm_dlci *dlci = timer_container_of(dlci, t, t1); 2233 struct gsm_mux *gsm = dlci->gsm; 2234 2235 switch (dlci->state) { 2236 case DLCI_CONFIGURE: 2237 if (dlci->retries && gsm_dlci_negotiate(dlci) == 0) { 2238 dlci->retries--; 2239 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2240 } else { 2241 gsm->open_error++; 2242 gsm_dlci_begin_close(dlci); /* prevent half open link */ 2243 } 2244 break; 2245 case DLCI_OPENING: 2246 if (!dlci->addr && gsm->control == (DM | PF)) { 2247 if (debug & DBG_ERRORS) 2248 pr_info("DLCI 0 opening in ADM mode.\n"); 2249 dlci->mode = DLCI_MODE_ADM; 2250 gsm_dlci_open(dlci); 2251 } else if (dlci->retries) { 2252 if (!dlci->addr || !gsm->dlci[0] || 2253 gsm->dlci[0]->state != DLCI_OPENING) { 2254 dlci->retries--; 2255 gsm_command(dlci->gsm, dlci->addr, SABM|PF); 2256 } 2257 2258 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2259 } else { 2260 gsm->open_error++; 2261 gsm_dlci_begin_close(dlci); /* prevent half open link */ 2262 } 2263 2264 break; 2265 case DLCI_CLOSING: 2266 if (dlci->retries) { 2267 dlci->retries--; 2268 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 2269 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2270 } else 2271 gsm_dlci_close(dlci); 2272 break; 2273 default: 2274 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state); 2275 break; 2276 } 2277 } 2278 2279 /** 2280 * gsm_dlci_begin_open - start channel open procedure 2281 * @dlci: DLCI to open 2282 * 2283 * Commence opening a DLCI from the Linux side. We issue SABM messages 2284 * to the modem which should then reply with a UA or ADM, at which point 2285 * we will move into open state. Opening is done asynchronously with retry 2286 * running off timers and the responses. 2287 * Parameter negotiation is performed before SABM if required. 2288 */ 2289 2290 static void gsm_dlci_begin_open(struct gsm_dlci *dlci) 2291 { 2292 struct gsm_mux *gsm = dlci ? dlci->gsm : NULL; 2293 bool need_pn = false; 2294 2295 if (!gsm) 2296 return; 2297 2298 if (dlci->addr != 0) { 2299 if (gsm->adaption != 1 || gsm->adaption != dlci->adaption) 2300 need_pn = true; 2301 if (dlci->prio != (roundup(dlci->addr + 1, 8) - 1)) 2302 need_pn = true; 2303 if (gsm->ftype != dlci->ftype) 2304 need_pn = true; 2305 } 2306 2307 switch (dlci->state) { 2308 case DLCI_CLOSED: 2309 case DLCI_WAITING_CONFIG: 2310 case DLCI_CLOSING: 2311 dlci->retries = gsm->n2; 2312 if (!need_pn) { 2313 dlci->state = DLCI_OPENING; 2314 if (!dlci->addr || !gsm->dlci[0] || 2315 gsm->dlci[0]->state != DLCI_OPENING) 2316 gsm_command(gsm, dlci->addr, SABM|PF); 2317 } else { 2318 /* Configure DLCI before setup */ 2319 dlci->state = DLCI_CONFIGURE; 2320 if (gsm_dlci_negotiate(dlci) != 0) { 2321 gsm_dlci_close(dlci); 2322 return; 2323 } 2324 } 2325 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2326 break; 2327 default: 2328 break; 2329 } 2330 } 2331 2332 /** 2333 * gsm_dlci_set_opening - change state to opening 2334 * @dlci: DLCI to open 2335 * 2336 * Change internal state to wait for DLCI open from initiator side. 2337 * We set off timers and responses upon reception of an SABM. 2338 */ 2339 static void gsm_dlci_set_opening(struct gsm_dlci *dlci) 2340 { 2341 switch (dlci->state) { 2342 case DLCI_CLOSED: 2343 case DLCI_WAITING_CONFIG: 2344 case DLCI_CLOSING: 2345 dlci->state = DLCI_OPENING; 2346 break; 2347 default: 2348 break; 2349 } 2350 } 2351 2352 /** 2353 * gsm_dlci_set_wait_config - wait for channel configuration 2354 * @dlci: DLCI to configure 2355 * 2356 * Wait for a DLCI configuration from the application. 2357 */ 2358 static void gsm_dlci_set_wait_config(struct gsm_dlci *dlci) 2359 { 2360 switch (dlci->state) { 2361 case DLCI_CLOSED: 2362 case DLCI_CLOSING: 2363 dlci->state = DLCI_WAITING_CONFIG; 2364 break; 2365 default: 2366 break; 2367 } 2368 } 2369 2370 /** 2371 * gsm_dlci_begin_close - start channel open procedure 2372 * @dlci: DLCI to open 2373 * 2374 * Commence closing a DLCI from the Linux side. We issue DISC messages 2375 * to the modem which should then reply with a UA, at which point we 2376 * will move into closed state. Closing is done asynchronously with retry 2377 * off timers. We may also receive a DM reply from the other end which 2378 * indicates the channel was already closed. 2379 */ 2380 2381 static void gsm_dlci_begin_close(struct gsm_dlci *dlci) 2382 { 2383 struct gsm_mux *gsm = dlci->gsm; 2384 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING) 2385 return; 2386 dlci->retries = gsm->n2; 2387 dlci->state = DLCI_CLOSING; 2388 gsm_command(dlci->gsm, dlci->addr, DISC|PF); 2389 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100); 2390 wake_up_interruptible(&gsm->event); 2391 } 2392 2393 /** 2394 * gsm_dlci_data - data arrived 2395 * @dlci: channel 2396 * @data: block of bytes received 2397 * @clen: length of received block 2398 * 2399 * A UI or UIH frame has arrived which contains data for a channel 2400 * other than the control channel. If the relevant virtual tty is 2401 * open we shovel the bits down it, if not we drop them. 2402 */ 2403 2404 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen) 2405 { 2406 /* krefs .. */ 2407 struct tty_port *port = &dlci->port; 2408 struct tty_struct *tty; 2409 unsigned int modem = 0; 2410 int len; 2411 2412 if (debug & DBG_TTY) 2413 pr_debug("%d bytes for tty\n", clen); 2414 switch (dlci->adaption) { 2415 /* Unsupported types */ 2416 case 4: /* Packetised interruptible data */ 2417 break; 2418 case 3: /* Packetised uininterruptible voice/data */ 2419 break; 2420 case 2: /* Asynchronous serial with line state in each frame */ 2421 len = gsm_read_ea_val(&modem, data, clen); 2422 if (len < 1) 2423 return; 2424 tty = tty_port_tty_get(port); 2425 if (tty) { 2426 gsm_process_modem(tty, dlci, modem, len); 2427 tty_wakeup(tty); 2428 tty_kref_put(tty); 2429 } 2430 /* Skip processed modem data */ 2431 data += len; 2432 clen -= len; 2433 fallthrough; 2434 case 1: /* Line state will go via DLCI 0 controls only */ 2435 default: 2436 tty_insert_flip_string(port, data, clen); 2437 tty_flip_buffer_push(port); 2438 } 2439 } 2440 2441 /** 2442 * gsm_dlci_command - data arrived on control channel 2443 * @dlci: channel 2444 * @data: block of bytes received 2445 * @len: length of received block 2446 * 2447 * A UI or UIH frame has arrived which contains data for DLCI 0 the 2448 * control channel. This should contain a command EA followed by 2449 * control data bytes. The command EA contains a command/response bit 2450 * and we divide up the work accordingly. 2451 */ 2452 2453 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len) 2454 { 2455 /* See what command is involved */ 2456 unsigned int command = 0; 2457 unsigned int clen = 0; 2458 unsigned int dlen; 2459 2460 /* read the command */ 2461 dlen = gsm_read_ea_val(&command, data, len); 2462 len -= dlen; 2463 data += dlen; 2464 2465 /* read any control data */ 2466 dlen = gsm_read_ea_val(&clen, data, len); 2467 len -= dlen; 2468 data += dlen; 2469 2470 /* Malformed command? */ 2471 if (clen > len) { 2472 dlci->gsm->malformed++; 2473 return; 2474 } 2475 2476 if (command & 1) 2477 gsm_control_message(dlci->gsm, command, data, clen); 2478 else 2479 gsm_control_response(dlci->gsm, command, data, clen); 2480 } 2481 2482 /** 2483 * gsm_kick_timer - transmit if possible 2484 * @t: timer contained in our gsm object 2485 * 2486 * Transmit data from DLCIs if the queue is empty. We can't rely on 2487 * a tty wakeup except when we filled the pipe so we need to fire off 2488 * new data ourselves in other cases. 2489 */ 2490 static void gsm_kick_timer(struct timer_list *t) 2491 { 2492 struct gsm_mux *gsm = timer_container_of(gsm, t, kick_timer); 2493 unsigned long flags; 2494 int sent = 0; 2495 2496 spin_lock_irqsave(&gsm->tx_lock, flags); 2497 /* If we have nothing running then we need to fire up */ 2498 if (gsm->tx_bytes < TX_THRESH_LO) 2499 sent = gsm_dlci_data_sweep(gsm); 2500 spin_unlock_irqrestore(&gsm->tx_lock, flags); 2501 2502 if (sent && debug & DBG_DATA) 2503 pr_info("%s TX queue stalled\n", __func__); 2504 } 2505 2506 /** 2507 * gsm_dlci_copy_config_values - copy DLCI configuration 2508 * @dlci: source DLCI 2509 * @dc: configuration structure to fill 2510 */ 2511 static void gsm_dlci_copy_config_values(struct gsm_dlci *dlci, struct gsm_dlci_config *dc) 2512 { 2513 memset(dc, 0, sizeof(*dc)); 2514 dc->channel = (u32)dlci->addr; 2515 dc->adaption = (u32)dlci->adaption; 2516 dc->mtu = (u32)dlci->mtu; 2517 dc->priority = (u32)dlci->prio; 2518 if (dlci->ftype == UIH) 2519 dc->i = 1; 2520 else 2521 dc->i = 2; 2522 dc->k = (u32)dlci->k; 2523 } 2524 2525 /** 2526 * gsm_dlci_config - configure DLCI from configuration 2527 * @dlci: DLCI to configure 2528 * @dc: DLCI configuration 2529 * @open: open DLCI after configuration? 2530 */ 2531 static int gsm_dlci_config(struct gsm_dlci *dlci, struct gsm_dlci_config *dc, int open) 2532 { 2533 struct gsm_mux *gsm; 2534 bool need_restart = false; 2535 bool need_open = false; 2536 unsigned int i; 2537 2538 /* 2539 * Check that userspace doesn't put stuff in here to prevent breakages 2540 * in the future. 2541 */ 2542 for (i = 0; i < ARRAY_SIZE(dc->reserved); i++) 2543 if (dc->reserved[i]) 2544 return -EINVAL; 2545 2546 if (!dlci) 2547 return -EINVAL; 2548 gsm = dlci->gsm; 2549 2550 /* Stuff we don't support yet - I frame transport */ 2551 if (dc->adaption != 1 && dc->adaption != 2) 2552 return -EOPNOTSUPP; 2553 if (dc->mtu > MAX_MTU || dc->mtu < MIN_MTU || dc->mtu > gsm->mru) 2554 return -EINVAL; 2555 if (dc->priority >= 64) 2556 return -EINVAL; 2557 if (dc->i == 0 || dc->i > 2) /* UIH and UI only */ 2558 return -EINVAL; 2559 if (dc->k > 7) 2560 return -EINVAL; 2561 if (dc->flags & ~GSM_FL_RESTART) /* allow future extensions */ 2562 return -EINVAL; 2563 2564 /* 2565 * See what is needed for reconfiguration 2566 */ 2567 /* Framing fields */ 2568 if (dc->adaption != dlci->adaption) 2569 need_restart = true; 2570 if (dc->mtu != dlci->mtu) 2571 need_restart = true; 2572 if (dc->i != dlci->ftype) 2573 need_restart = true; 2574 /* Requires care */ 2575 if (dc->priority != dlci->prio) 2576 need_restart = true; 2577 if (dc->flags & GSM_FL_RESTART) 2578 need_restart = true; 2579 2580 if ((open && gsm->wait_config) || need_restart) 2581 need_open = true; 2582 if (dlci->state == DLCI_WAITING_CONFIG) { 2583 need_restart = false; 2584 need_open = true; 2585 } 2586 2587 /* 2588 * Close down what is needed, restart and initiate the new 2589 * configuration. 2590 */ 2591 if (need_restart) { 2592 gsm_dlci_begin_close(dlci); 2593 wait_event_interruptible(gsm->event, dlci->state == DLCI_CLOSED); 2594 if (signal_pending(current)) 2595 return -EINTR; 2596 } 2597 /* 2598 * Setup the new configuration values 2599 */ 2600 dlci->adaption = (int)dc->adaption; 2601 2602 if (dc->mtu) 2603 dlci->mtu = (unsigned int)dc->mtu; 2604 else 2605 dlci->mtu = gsm->mtu; 2606 2607 if (dc->priority) 2608 dlci->prio = (u8)dc->priority; 2609 else 2610 dlci->prio = roundup(dlci->addr + 1, 8) - 1; 2611 2612 if (dc->i == 1) 2613 dlci->ftype = UIH; 2614 else if (dc->i == 2) 2615 dlci->ftype = UI; 2616 2617 if (dc->k) 2618 dlci->k = (u8)dc->k; 2619 else 2620 dlci->k = gsm->k; 2621 2622 if (need_open) { 2623 if (gsm->initiator) 2624 gsm_dlci_begin_open(dlci); 2625 else 2626 gsm_dlci_set_opening(dlci); 2627 } 2628 2629 return 0; 2630 } 2631 2632 /* 2633 * Allocate/Free DLCI channels 2634 */ 2635 2636 /** 2637 * gsm_dlci_alloc - allocate a DLCI 2638 * @gsm: GSM mux 2639 * @addr: address of the DLCI 2640 * 2641 * Allocate and install a new DLCI object into the GSM mux. 2642 * 2643 * FIXME: review locking races 2644 */ 2645 2646 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) 2647 { 2648 struct gsm_dlci *dlci = kzalloc_obj(struct gsm_dlci, GFP_ATOMIC); 2649 if (dlci == NULL) 2650 return NULL; 2651 spin_lock_init(&dlci->lock); 2652 mutex_init(&dlci->mutex); 2653 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) { 2654 kfree(dlci); 2655 return NULL; 2656 } 2657 2658 skb_queue_head_init(&dlci->skb_list); 2659 timer_setup(&dlci->t1, gsm_dlci_t1, 0); 2660 tty_port_init(&dlci->port); 2661 dlci->port.ops = &gsm_port_ops; 2662 dlci->gsm = gsm; 2663 dlci->addr = addr; 2664 dlci->adaption = gsm->adaption; 2665 dlci->mtu = gsm->mtu; 2666 if (addr == 0) 2667 dlci->prio = 0; 2668 else 2669 dlci->prio = roundup(addr + 1, 8) - 1; 2670 dlci->ftype = gsm->ftype; 2671 dlci->k = gsm->k; 2672 dlci->state = DLCI_CLOSED; 2673 if (addr) { 2674 dlci->data = gsm_dlci_data; 2675 /* Prevent us from sending data before the link is up */ 2676 dlci->constipated = true; 2677 } else { 2678 dlci->data = gsm_dlci_command; 2679 } 2680 gsm->dlci[addr] = dlci; 2681 return dlci; 2682 } 2683 2684 /** 2685 * gsm_dlci_free - free DLCI 2686 * @port: tty port for DLCI to free 2687 * 2688 * Free up a DLCI. 2689 * 2690 * Can sleep. 2691 */ 2692 static void gsm_dlci_free(struct tty_port *port) 2693 { 2694 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 2695 2696 timer_shutdown_sync(&dlci->t1); 2697 dlci->gsm->dlci[dlci->addr] = NULL; 2698 kfifo_free(&dlci->fifo); 2699 while ((dlci->skb = skb_dequeue(&dlci->skb_list))) 2700 dev_kfree_skb(dlci->skb); 2701 kfree(dlci); 2702 } 2703 2704 static inline void dlci_get(struct gsm_dlci *dlci) 2705 { 2706 tty_port_get(&dlci->port); 2707 } 2708 2709 static inline void dlci_put(struct gsm_dlci *dlci) 2710 { 2711 tty_port_put(&dlci->port); 2712 } 2713 2714 static void gsm_destroy_network(struct gsm_dlci *dlci); 2715 2716 /** 2717 * gsm_dlci_release - release DLCI 2718 * @dlci: DLCI to destroy 2719 * 2720 * Release a DLCI. Actual free is deferred until either 2721 * mux is closed or tty is closed - whichever is last. 2722 * 2723 * Can sleep. 2724 */ 2725 static void gsm_dlci_release(struct gsm_dlci *dlci) 2726 { 2727 struct tty_struct *tty = tty_port_tty_get(&dlci->port); 2728 if (tty) { 2729 mutex_lock(&dlci->mutex); 2730 gsm_destroy_network(dlci); 2731 mutex_unlock(&dlci->mutex); 2732 2733 /* We cannot use tty_hangup() because in tty_kref_put() the tty 2734 * driver assumes that the hangup queue is free and reuses it to 2735 * queue release_one_tty() -> NULL pointer panic in 2736 * process_one_work(). 2737 */ 2738 tty_vhangup(tty); 2739 2740 tty_port_tty_set(&dlci->port, NULL); 2741 tty_kref_put(tty); 2742 } 2743 dlci->state = DLCI_CLOSED; 2744 dlci_put(dlci); 2745 } 2746 2747 /* 2748 * LAPBish link layer logic 2749 */ 2750 2751 /** 2752 * gsm_queue - a GSM frame is ready to process 2753 * @gsm: pointer to our gsm mux 2754 * 2755 * At this point in time a frame has arrived and been demangled from 2756 * the line encoding. All the differences between the encodings have 2757 * been handled below us and the frame is unpacked into the structures. 2758 * The fcs holds the header FCS but any data FCS must be added here. 2759 */ 2760 2761 static void gsm_queue(struct gsm_mux *gsm) 2762 { 2763 struct gsm_dlci *dlci; 2764 u8 cr; 2765 int address; 2766 2767 if (gsm->fcs != GOOD_FCS) { 2768 gsm->bad_fcs++; 2769 if (debug & DBG_DATA) 2770 pr_debug("BAD FCS %02x\n", gsm->fcs); 2771 return; 2772 } 2773 address = gsm->address >> 1; 2774 if (address >= NUM_DLCI) 2775 goto invalid; 2776 2777 cr = gsm->address & 1; /* C/R bit */ 2778 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */ 2779 2780 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len); 2781 2782 dlci = gsm->dlci[address]; 2783 2784 switch (gsm->control) { 2785 case SABM|PF: 2786 if (cr == 1) { 2787 gsm->open_error++; 2788 goto invalid; 2789 } 2790 if (dlci == NULL) 2791 dlci = gsm_dlci_alloc(gsm, address); 2792 if (dlci == NULL) { 2793 gsm->open_error++; 2794 return; 2795 } 2796 if (dlci->dead) 2797 gsm_response(gsm, address, DM|PF); 2798 else { 2799 gsm_response(gsm, address, UA|PF); 2800 gsm_dlci_open(dlci); 2801 } 2802 break; 2803 case DISC|PF: 2804 if (cr == 1) 2805 goto invalid; 2806 if (dlci == NULL || dlci->state == DLCI_CLOSED) { 2807 gsm_response(gsm, address, DM|PF); 2808 return; 2809 } 2810 /* Real close complete */ 2811 gsm_response(gsm, address, UA|PF); 2812 gsm_dlci_close(dlci); 2813 break; 2814 case UA|PF: 2815 if (cr == 0 || dlci == NULL) 2816 break; 2817 switch (dlci->state) { 2818 case DLCI_CLOSING: 2819 gsm_dlci_close(dlci); 2820 break; 2821 case DLCI_OPENING: 2822 gsm_dlci_open(dlci); 2823 break; 2824 default: 2825 pr_debug("%s: unhandled state: %d\n", __func__, 2826 dlci->state); 2827 break; 2828 } 2829 break; 2830 case DM: /* DM can be valid unsolicited */ 2831 case DM|PF: 2832 if (cr) 2833 goto invalid; 2834 if (dlci == NULL) 2835 return; 2836 gsm_dlci_close(dlci); 2837 break; 2838 case UI: 2839 case UI|PF: 2840 case UIH: 2841 case UIH|PF: 2842 if (dlci == NULL || dlci->state != DLCI_OPEN) { 2843 gsm_response(gsm, address, DM|PF); 2844 return; 2845 } 2846 dlci->data(dlci, gsm->buf, gsm->len); 2847 break; 2848 default: 2849 goto invalid; 2850 } 2851 return; 2852 invalid: 2853 gsm->malformed++; 2854 return; 2855 } 2856 2857 /** 2858 * gsm0_receive_state_check_and_fix - check and correct receive state 2859 * @gsm: gsm data for this ldisc instance 2860 * 2861 * Ensures that the current receive state is valid for basic option mode. 2862 */ 2863 2864 static void gsm0_receive_state_check_and_fix(struct gsm_mux *gsm) 2865 { 2866 switch (gsm->state) { 2867 case GSM_SEARCH: 2868 case GSM0_ADDRESS: 2869 case GSM0_CONTROL: 2870 case GSM0_LEN0: 2871 case GSM0_LEN1: 2872 case GSM0_DATA: 2873 case GSM0_FCS: 2874 case GSM0_SSOF: 2875 break; 2876 default: 2877 gsm->state = GSM_SEARCH; 2878 break; 2879 } 2880 } 2881 2882 /** 2883 * gsm0_receive - perform processing for non-transparency 2884 * @gsm: gsm data for this ldisc instance 2885 * @c: character 2886 * 2887 * Receive bytes in gsm mode 0 2888 */ 2889 2890 static void gsm0_receive(struct gsm_mux *gsm, u8 c) 2891 { 2892 unsigned int len; 2893 2894 gsm0_receive_state_check_and_fix(gsm); 2895 switch (gsm->state) { 2896 case GSM_SEARCH: /* SOF marker */ 2897 if (c == GSM0_SOF) { 2898 gsm->state = GSM0_ADDRESS; 2899 gsm->address = 0; 2900 gsm->len = 0; 2901 gsm->fcs = INIT_FCS; 2902 } 2903 break; 2904 case GSM0_ADDRESS: /* Address EA */ 2905 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2906 if (gsm_read_ea(&gsm->address, c)) 2907 gsm->state = GSM0_CONTROL; 2908 break; 2909 case GSM0_CONTROL: /* Control Byte */ 2910 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2911 gsm->control = c; 2912 gsm->state = GSM0_LEN0; 2913 break; 2914 case GSM0_LEN0: /* Length EA */ 2915 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2916 if (gsm_read_ea(&gsm->len, c)) { 2917 if (gsm->len > gsm->mru) { 2918 gsm->bad_size++; 2919 gsm->state = GSM_SEARCH; 2920 break; 2921 } 2922 gsm->count = 0; 2923 if (!gsm->len) 2924 gsm->state = GSM0_FCS; 2925 else 2926 gsm->state = GSM0_DATA; 2927 break; 2928 } 2929 gsm->state = GSM0_LEN1; 2930 break; 2931 case GSM0_LEN1: 2932 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2933 len = c; 2934 gsm->len |= len << 7; 2935 if (gsm->len > gsm->mru) { 2936 gsm->bad_size++; 2937 gsm->state = GSM_SEARCH; 2938 break; 2939 } 2940 gsm->count = 0; 2941 if (!gsm->len) 2942 gsm->state = GSM0_FCS; 2943 else 2944 gsm->state = GSM0_DATA; 2945 break; 2946 case GSM0_DATA: /* Data */ 2947 gsm->buf[gsm->count++] = c; 2948 if (gsm->count >= MAX_MRU) { 2949 gsm->bad_size++; 2950 gsm->state = GSM_SEARCH; 2951 } else if (gsm->count >= gsm->len) { 2952 /* Calculate final FCS for UI frames over all data */ 2953 if ((gsm->control & ~PF) != UIH) { 2954 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 2955 gsm->count); 2956 } 2957 gsm->state = GSM0_FCS; 2958 } 2959 break; 2960 case GSM0_FCS: /* FCS follows the packet */ 2961 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 2962 gsm->state = GSM0_SSOF; 2963 break; 2964 case GSM0_SSOF: 2965 gsm->state = GSM_SEARCH; 2966 if (c == GSM0_SOF) 2967 gsm_queue(gsm); 2968 else 2969 gsm->bad_size++; 2970 break; 2971 default: 2972 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 2973 break; 2974 } 2975 } 2976 2977 /** 2978 * gsm1_receive_state_check_and_fix - check and correct receive state 2979 * @gsm: gsm data for this ldisc instance 2980 * 2981 * Ensures that the current receive state is valid for advanced option mode. 2982 */ 2983 2984 static void gsm1_receive_state_check_and_fix(struct gsm_mux *gsm) 2985 { 2986 switch (gsm->state) { 2987 case GSM_SEARCH: 2988 case GSM1_START: 2989 case GSM1_ADDRESS: 2990 case GSM1_CONTROL: 2991 case GSM1_DATA: 2992 case GSM1_OVERRUN: 2993 break; 2994 default: 2995 gsm->state = GSM_SEARCH; 2996 break; 2997 } 2998 } 2999 3000 /** 3001 * gsm1_receive - perform processing for non-transparency 3002 * @gsm: gsm data for this ldisc instance 3003 * @c: character 3004 * 3005 * Receive bytes in mode 1 (Advanced option) 3006 */ 3007 3008 static void gsm1_receive(struct gsm_mux *gsm, u8 c) 3009 { 3010 gsm1_receive_state_check_and_fix(gsm); 3011 /* handle XON/XOFF */ 3012 if ((c & ISO_IEC_646_MASK) == XON) { 3013 gsm->constipated = true; 3014 return; 3015 } else if ((c & ISO_IEC_646_MASK) == XOFF) { 3016 gsm->constipated = false; 3017 /* Kick the link in case it is idling */ 3018 gsmld_write_trigger(gsm); 3019 return; 3020 } 3021 if (c == GSM1_SOF) { 3022 /* EOF is only valid in frame if we have got to the data state */ 3023 if (gsm->state == GSM1_DATA) { 3024 if (gsm->count < 1) { 3025 /* Missing FSC */ 3026 gsm->malformed++; 3027 gsm->state = GSM1_START; 3028 return; 3029 } 3030 /* Remove the FCS from data */ 3031 gsm->count--; 3032 if ((gsm->control & ~PF) != UIH) { 3033 /* Calculate final FCS for UI frames over all 3034 * data but FCS 3035 */ 3036 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, 3037 gsm->count); 3038 } 3039 /* Add the FCS itself to test against GOOD_FCS */ 3040 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]); 3041 gsm->len = gsm->count; 3042 gsm_queue(gsm); 3043 gsm->state = GSM1_START; 3044 return; 3045 } 3046 /* Any partial frame was a runt so go back to start */ 3047 if (gsm->state != GSM1_START) { 3048 if (gsm->state != GSM_SEARCH) 3049 gsm->malformed++; 3050 gsm->state = GSM1_START; 3051 } 3052 /* A SOF in GSM_START means we are still reading idling or 3053 framing bytes */ 3054 return; 3055 } 3056 3057 if (c == GSM1_ESCAPE) { 3058 gsm->escape = true; 3059 return; 3060 } 3061 3062 /* Only an unescaped SOF gets us out of GSM search */ 3063 if (gsm->state == GSM_SEARCH) 3064 return; 3065 3066 if (gsm->escape) { 3067 c ^= GSM1_ESCAPE_BITS; 3068 gsm->escape = false; 3069 } 3070 switch (gsm->state) { 3071 case GSM1_START: /* First byte after SOF */ 3072 gsm->address = 0; 3073 gsm->state = GSM1_ADDRESS; 3074 gsm->fcs = INIT_FCS; 3075 fallthrough; 3076 case GSM1_ADDRESS: /* Address continuation */ 3077 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 3078 if (gsm_read_ea(&gsm->address, c)) 3079 gsm->state = GSM1_CONTROL; 3080 break; 3081 case GSM1_CONTROL: /* Control Byte */ 3082 gsm->fcs = gsm_fcs_add(gsm->fcs, c); 3083 gsm->control = c; 3084 gsm->count = 0; 3085 gsm->state = GSM1_DATA; 3086 break; 3087 case GSM1_DATA: /* Data */ 3088 if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ 3089 gsm->state = GSM1_OVERRUN; 3090 gsm->bad_size++; 3091 } else 3092 gsm->buf[gsm->count++] = c; 3093 break; 3094 case GSM1_OVERRUN: /* Over-long - eg a dropped SOF */ 3095 break; 3096 default: 3097 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state); 3098 break; 3099 } 3100 } 3101 3102 /** 3103 * gsm_error - handle tty error 3104 * @gsm: ldisc data 3105 * 3106 * Handle an error in the receipt of data for a frame. Currently we just 3107 * go back to hunting for a SOF. 3108 * 3109 * FIXME: better diagnostics ? 3110 */ 3111 3112 static void gsm_error(struct gsm_mux *gsm) 3113 { 3114 gsm->state = GSM_SEARCH; 3115 gsm->io_error++; 3116 } 3117 3118 /** 3119 * gsm_cleanup_mux - generic GSM protocol cleanup 3120 * @gsm: our mux 3121 * @disc: disconnect link? 3122 * 3123 * Clean up the bits of the mux which are the same for all framing 3124 * protocols. Remove the mux from the mux table, stop all the timers 3125 * and then shut down each device hanging up the channels as we go. 3126 */ 3127 3128 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc) 3129 { 3130 int i; 3131 struct gsm_dlci *dlci; 3132 struct gsm_msg *txq, *ntxq; 3133 3134 gsm->dead = true; 3135 mutex_lock(&gsm->mutex); 3136 3137 dlci = gsm->dlci[0]; 3138 if (dlci) { 3139 if (disc && dlci->state != DLCI_CLOSED) { 3140 gsm_dlci_begin_close(dlci); 3141 wait_event(gsm->event, dlci->state == DLCI_CLOSED); 3142 } 3143 dlci->dead = true; 3144 } 3145 3146 /* Finish outstanding timers, making sure they are done */ 3147 timer_delete_sync(&gsm->kick_timer); 3148 timer_delete_sync(&gsm->t2_timer); 3149 timer_delete_sync(&gsm->ka_timer); 3150 3151 /* Finish writing to ldisc */ 3152 flush_work(&gsm->tx_work); 3153 3154 /* Free up any link layer users and finally the control channel */ 3155 if (gsm->has_devices) { 3156 gsm_unregister_devices(gsm_tty_driver, gsm->num); 3157 gsm->has_devices = false; 3158 } 3159 for (i = NUM_DLCI - 1; i >= 0; i--) 3160 if (gsm->dlci[i]) 3161 gsm_dlci_release(gsm->dlci[i]); 3162 mutex_unlock(&gsm->mutex); 3163 /* Now wipe the queues */ 3164 tty_ldisc_flush(gsm->tty); 3165 3166 guard(spinlock_irqsave)(&gsm->tx_lock); 3167 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list) 3168 kfree(txq); 3169 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 3170 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list) 3171 kfree(txq); 3172 INIT_LIST_HEAD(&gsm->tx_data_list); 3173 } 3174 3175 /** 3176 * gsm_activate_mux - generic GSM setup 3177 * @gsm: our mux 3178 * 3179 * Set up the bits of the mux which are the same for all framing 3180 * protocols. Add the mux to the mux table so it can be opened and 3181 * finally kick off connecting to DLCI 0 on the modem. 3182 */ 3183 3184 static int gsm_activate_mux(struct gsm_mux *gsm) 3185 { 3186 struct gsm_dlci *dlci; 3187 int ret; 3188 3189 dlci = gsm_dlci_alloc(gsm, 0); 3190 if (dlci == NULL) 3191 return -ENOMEM; 3192 3193 if (gsm->encoding == GSM_BASIC_OPT) 3194 gsm->receive = gsm0_receive; 3195 else 3196 gsm->receive = gsm1_receive; 3197 3198 ret = gsm_register_devices(gsm_tty_driver, gsm->num); 3199 if (ret) 3200 return ret; 3201 3202 gsm->has_devices = true; 3203 gsm->dead = false; /* Tty opens are now permissible */ 3204 return 0; 3205 } 3206 3207 /** 3208 * gsm_free_mux - free up a mux 3209 * @gsm: mux to free 3210 * 3211 * Dispose of allocated resources for a dead mux 3212 */ 3213 static void gsm_free_mux(struct gsm_mux *gsm) 3214 { 3215 int i; 3216 3217 for (i = 0; i < MAX_MUX; i++) { 3218 if (gsm == gsm_mux[i]) { 3219 gsm_mux[i] = NULL; 3220 break; 3221 } 3222 } 3223 mutex_destroy(&gsm->mutex); 3224 kfree(gsm->txframe); 3225 kfree(gsm->buf); 3226 kfree(gsm); 3227 } 3228 3229 /** 3230 * gsm_free_muxr - free up a mux 3231 * @ref: kreference to the mux to free 3232 * 3233 * Dispose of allocated resources for a dead mux 3234 */ 3235 static void gsm_free_muxr(struct kref *ref) 3236 { 3237 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref); 3238 gsm_free_mux(gsm); 3239 } 3240 3241 static inline void mux_get(struct gsm_mux *gsm) 3242 { 3243 unsigned long flags; 3244 3245 spin_lock_irqsave(&gsm_mux_lock, flags); 3246 kref_get(&gsm->ref); 3247 spin_unlock_irqrestore(&gsm_mux_lock, flags); 3248 } 3249 3250 static inline void mux_put(struct gsm_mux *gsm) 3251 { 3252 unsigned long flags; 3253 3254 spin_lock_irqsave(&gsm_mux_lock, flags); 3255 kref_put(&gsm->ref, gsm_free_muxr); 3256 spin_unlock_irqrestore(&gsm_mux_lock, flags); 3257 } 3258 3259 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm) 3260 { 3261 return gsm->num * NUM_DLCI; 3262 } 3263 3264 static inline unsigned int mux_line_to_num(unsigned int line) 3265 { 3266 return line / NUM_DLCI; 3267 } 3268 3269 /** 3270 * gsm_alloc_mux - allocate a mux 3271 * 3272 * Creates a new mux ready for activation. 3273 */ 3274 3275 static struct gsm_mux *gsm_alloc_mux(void) 3276 { 3277 int i; 3278 struct gsm_mux *gsm = kzalloc_obj(struct gsm_mux); 3279 if (gsm == NULL) 3280 return NULL; 3281 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL); 3282 if (gsm->buf == NULL) { 3283 kfree(gsm); 3284 return NULL; 3285 } 3286 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL); 3287 if (gsm->txframe == NULL) { 3288 kfree(gsm->buf); 3289 kfree(gsm); 3290 return NULL; 3291 } 3292 spin_lock_init(&gsm->lock); 3293 mutex_init(&gsm->mutex); 3294 kref_init(&gsm->ref); 3295 INIT_LIST_HEAD(&gsm->tx_ctrl_list); 3296 INIT_LIST_HEAD(&gsm->tx_data_list); 3297 timer_setup(&gsm->kick_timer, gsm_kick_timer, 0); 3298 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0); 3299 timer_setup(&gsm->ka_timer, gsm_control_keep_alive, 0); 3300 INIT_WORK(&gsm->tx_work, gsmld_write_task); 3301 init_waitqueue_head(&gsm->event); 3302 spin_lock_init(&gsm->control_lock); 3303 spin_lock_init(&gsm->tx_lock); 3304 3305 gsm->t1 = T1; 3306 gsm->t2 = T2; 3307 gsm->t3 = T3; 3308 gsm->n2 = N2; 3309 gsm->k = K; 3310 gsm->ftype = UIH; 3311 gsm->adaption = 1; 3312 gsm->encoding = GSM_ADV_OPT; 3313 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */ 3314 gsm->mtu = 64; 3315 gsm->dead = true; /* Avoid early tty opens */ 3316 gsm->wait_config = false; /* Disabled */ 3317 gsm->keep_alive = 0; /* Disabled */ 3318 3319 /* Store the instance to the mux array or abort if no space is 3320 * available. 3321 */ 3322 spin_lock(&gsm_mux_lock); 3323 for (i = 0; i < MAX_MUX; i++) { 3324 if (!gsm_mux[i]) { 3325 gsm_mux[i] = gsm; 3326 gsm->num = i; 3327 break; 3328 } 3329 } 3330 spin_unlock(&gsm_mux_lock); 3331 if (i == MAX_MUX) { 3332 mutex_destroy(&gsm->mutex); 3333 kfree(gsm->txframe); 3334 kfree(gsm->buf); 3335 kfree(gsm); 3336 return NULL; 3337 } 3338 3339 return gsm; 3340 } 3341 3342 static void gsm_copy_config_values(struct gsm_mux *gsm, 3343 struct gsm_config *c) 3344 { 3345 memset(c, 0, sizeof(*c)); 3346 c->adaption = gsm->adaption; 3347 c->encapsulation = gsm->encoding; 3348 c->initiator = gsm->initiator; 3349 c->t1 = gsm->t1; 3350 c->t2 = gsm->t2; 3351 c->t3 = gsm->t3; 3352 c->n2 = gsm->n2; 3353 if (gsm->ftype == UIH) 3354 c->i = 1; 3355 else 3356 c->i = 2; 3357 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i); 3358 c->mru = gsm->mru; 3359 c->mtu = gsm->mtu; 3360 c->k = gsm->k; 3361 } 3362 3363 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c) 3364 { 3365 int need_close = 0; 3366 int need_restart = 0; 3367 3368 /* Stuff we don't support yet - UI or I frame transport */ 3369 if (c->adaption != 1 && c->adaption != 2) 3370 return -EOPNOTSUPP; 3371 /* Check the MRU/MTU range looks sane */ 3372 if (c->mru < MIN_MTU || c->mtu < MIN_MTU) 3373 return -EINVAL; 3374 if (c->mru > MAX_MRU || c->mtu > MAX_MTU) 3375 return -EINVAL; 3376 if (c->t3 > MAX_T3) 3377 return -EINVAL; 3378 if (c->n2 > 255) 3379 return -EINVAL; 3380 if (c->encapsulation > 1) /* Basic, advanced, no I */ 3381 return -EINVAL; 3382 if (c->initiator > 1) 3383 return -EINVAL; 3384 if (c->k > MAX_WINDOW_SIZE) 3385 return -EINVAL; 3386 if (c->i == 0 || c->i > 2) /* UIH and UI only */ 3387 return -EINVAL; 3388 /* 3389 * See what is needed for reconfiguration 3390 */ 3391 3392 /* Timing fields */ 3393 if (c->t1 != 0 && c->t1 != gsm->t1) 3394 need_restart = 1; 3395 if (c->t2 != 0 && c->t2 != gsm->t2) 3396 need_restart = 1; 3397 if (c->encapsulation != gsm->encoding) 3398 need_restart = 1; 3399 if (c->adaption != gsm->adaption) 3400 need_restart = 1; 3401 /* Requires care */ 3402 if (c->initiator != gsm->initiator) 3403 need_close = 1; 3404 if (c->mru != gsm->mru) 3405 need_restart = 1; 3406 if (c->mtu != gsm->mtu) 3407 need_restart = 1; 3408 3409 /* 3410 * Close down what is needed, restart and initiate the new 3411 * configuration. On the first time there is no DLCI[0] 3412 * and closing or cleaning up is not necessary. 3413 */ 3414 if (need_close || need_restart) 3415 gsm_cleanup_mux(gsm, true); 3416 3417 gsm->initiator = c->initiator; 3418 gsm->mru = c->mru; 3419 gsm->mtu = c->mtu; 3420 gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT; 3421 gsm->adaption = c->adaption; 3422 gsm->n2 = c->n2; 3423 3424 if (c->i == 1) 3425 gsm->ftype = UIH; 3426 else if (c->i == 2) 3427 gsm->ftype = UI; 3428 3429 if (c->t1) 3430 gsm->t1 = c->t1; 3431 if (c->t2) 3432 gsm->t2 = c->t2; 3433 if (c->t3) 3434 gsm->t3 = c->t3; 3435 if (c->k) 3436 gsm->k = c->k; 3437 3438 /* 3439 * FIXME: We need to separate activation/deactivation from adding 3440 * and removing from the mux array 3441 */ 3442 if (gsm->dead) { 3443 int ret = gsm_activate_mux(gsm); 3444 if (ret) 3445 return ret; 3446 if (gsm->initiator) 3447 gsm_dlci_begin_open(gsm->dlci[0]); 3448 } 3449 return 0; 3450 } 3451 3452 static void gsm_copy_config_ext_values(struct gsm_mux *gsm, 3453 struct gsm_config_ext *ce) 3454 { 3455 memset(ce, 0, sizeof(*ce)); 3456 ce->wait_config = gsm->wait_config ? 1 : 0; 3457 ce->keep_alive = gsm->keep_alive; 3458 } 3459 3460 static int gsm_config_ext(struct gsm_mux *gsm, struct gsm_config_ext *ce) 3461 { 3462 bool need_restart = false; 3463 unsigned int i; 3464 3465 /* 3466 * Check that userspace doesn't put stuff in here to prevent breakages 3467 * in the future. 3468 */ 3469 for (i = 0; i < ARRAY_SIZE(ce->reserved); i++) 3470 if (ce->reserved[i]) 3471 return -EINVAL; 3472 if (ce->flags & ~GSM_FL_RESTART) 3473 return -EINVAL; 3474 3475 /* Requires care */ 3476 if (ce->flags & GSM_FL_RESTART) 3477 need_restart = true; 3478 3479 /* 3480 * Close down what is needed, restart and initiate the new 3481 * configuration. On the first time there is no DLCI[0] 3482 * and closing or cleaning up is not necessary. 3483 */ 3484 if (need_restart) 3485 gsm_cleanup_mux(gsm, true); 3486 3487 /* 3488 * Setup the new configuration values 3489 */ 3490 gsm->wait_config = ce->wait_config ? true : false; 3491 gsm->keep_alive = ce->keep_alive; 3492 3493 if (gsm->dead) { 3494 int ret = gsm_activate_mux(gsm); 3495 if (ret) 3496 return ret; 3497 if (gsm->initiator) 3498 gsm_dlci_begin_open(gsm->dlci[0]); 3499 } 3500 3501 return 0; 3502 } 3503 3504 /** 3505 * gsmld_output - write to link 3506 * @gsm: our mux 3507 * @data: bytes to output 3508 * @len: size 3509 * 3510 * Write a block of data from the GSM mux to the data channel. This 3511 * will eventually be serialized from above but at the moment isn't. 3512 */ 3513 3514 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len) 3515 { 3516 if (tty_write_room(gsm->tty) < len) { 3517 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags); 3518 return -ENOSPC; 3519 } 3520 if (debug & DBG_DATA) 3521 gsm_hex_dump_bytes(__func__, data, len); 3522 return gsm->tty->ops->write(gsm->tty, data, len); 3523 } 3524 3525 3526 /** 3527 * gsmld_write_trigger - schedule ldisc write task 3528 * @gsm: our mux 3529 */ 3530 static void gsmld_write_trigger(struct gsm_mux *gsm) 3531 { 3532 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead) 3533 return; 3534 schedule_work(&gsm->tx_work); 3535 } 3536 3537 3538 /** 3539 * gsmld_write_task - ldisc write task 3540 * @work: our tx write work 3541 * 3542 * Writes out data to the ldisc if possible. We are doing this here to 3543 * avoid dead-locking. This returns if no space or data is left for output. 3544 */ 3545 static void gsmld_write_task(struct work_struct *work) 3546 { 3547 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work); 3548 unsigned long flags; 3549 int i, ret; 3550 3551 /* All outstanding control channel and control messages and one data 3552 * frame is sent. 3553 */ 3554 ret = -ENODEV; 3555 spin_lock_irqsave(&gsm->tx_lock, flags); 3556 if (gsm->tty) 3557 ret = gsm_data_kick(gsm); 3558 spin_unlock_irqrestore(&gsm->tx_lock, flags); 3559 3560 if (ret >= 0) 3561 for (i = 0; i < NUM_DLCI; i++) 3562 if (gsm->dlci[i]) 3563 tty_port_tty_wakeup(&gsm->dlci[i]->port); 3564 } 3565 3566 /** 3567 * gsmld_attach_gsm - mode set up 3568 * @tty: our tty structure 3569 * @gsm: our mux 3570 * 3571 * Set up the MUX for basic mode and commence connecting to the 3572 * modem. Currently called from the line discipline set up but 3573 * will need moving to an ioctl path. 3574 */ 3575 3576 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 3577 { 3578 gsm->tty = tty_kref_get(tty); 3579 /* Turn off tty XON/XOFF handling to handle it explicitly. */ 3580 gsm->old_c_iflag = tty->termios.c_iflag; 3581 tty->termios.c_iflag &= (IXON | IXOFF); 3582 } 3583 3584 /** 3585 * gsmld_detach_gsm - stop doing 0710 mux 3586 * @tty: tty attached to the mux 3587 * @gsm: mux 3588 * 3589 * Shutdown and then clean up the resources used by the line discipline 3590 */ 3591 3592 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm) 3593 { 3594 WARN_ON(tty != gsm->tty); 3595 /* Restore tty XON/XOFF handling. */ 3596 gsm->tty->termios.c_iflag = gsm->old_c_iflag; 3597 tty_kref_put(gsm->tty); 3598 gsm->tty = NULL; 3599 } 3600 3601 static void gsmld_receive_buf(struct tty_struct *tty, const u8 *cp, 3602 const u8 *fp, size_t count) 3603 { 3604 struct gsm_mux *gsm = tty->disc_data; 3605 u8 flags = TTY_NORMAL; 3606 3607 if (debug & DBG_DATA) 3608 gsm_hex_dump_bytes(__func__, cp, count); 3609 3610 for (; count; count--, cp++) { 3611 if (fp) 3612 flags = *fp++; 3613 switch (flags) { 3614 case TTY_NORMAL: 3615 if (gsm->receive) 3616 gsm->receive(gsm, *cp); 3617 break; 3618 case TTY_OVERRUN: 3619 case TTY_BREAK: 3620 case TTY_PARITY: 3621 case TTY_FRAME: 3622 gsm_error(gsm); 3623 break; 3624 default: 3625 WARN_ONCE(1, "%s: unknown flag %d\n", 3626 tty_name(tty), flags); 3627 break; 3628 } 3629 } 3630 /* FASYNC if needed ? */ 3631 /* If clogged call tty_throttle(tty); */ 3632 } 3633 3634 /** 3635 * gsmld_flush_buffer - clean input queue 3636 * @tty: terminal device 3637 * 3638 * Flush the input buffer. Called when the line discipline is 3639 * being closed, when the tty layer wants the buffer flushed (eg 3640 * at hangup). 3641 */ 3642 3643 static void gsmld_flush_buffer(struct tty_struct *tty) 3644 { 3645 } 3646 3647 /** 3648 * gsmld_close - close the ldisc for this tty 3649 * @tty: device 3650 * 3651 * Called from the terminal layer when this line discipline is 3652 * being shut down, either because of a close or becsuse of a 3653 * discipline change. The function will not be called while other 3654 * ldisc methods are in progress. 3655 */ 3656 3657 static void gsmld_close(struct tty_struct *tty) 3658 { 3659 struct gsm_mux *gsm = tty->disc_data; 3660 3661 /* The ldisc locks and closes the port before calling our close. This 3662 * means we have no way to do a proper disconnect. We will not bother 3663 * to do one. 3664 */ 3665 gsm_cleanup_mux(gsm, false); 3666 3667 gsmld_detach_gsm(tty, gsm); 3668 3669 gsmld_flush_buffer(tty); 3670 /* Do other clean up here */ 3671 mux_put(gsm); 3672 } 3673 3674 /** 3675 * gsmld_open - open an ldisc 3676 * @tty: terminal to open 3677 * 3678 * Called when this line discipline is being attached to the 3679 * terminal device. Can sleep. Called serialized so that no 3680 * other events will occur in parallel. No further open will occur 3681 * until a close. 3682 */ 3683 3684 static int gsmld_open(struct tty_struct *tty) 3685 { 3686 struct gsm_mux *gsm; 3687 3688 if (!capable(CAP_NET_ADMIN)) 3689 return -EPERM; 3690 3691 if (tty->ops->write == NULL) 3692 return -EINVAL; 3693 3694 /* Attach our ldisc data */ 3695 gsm = gsm_alloc_mux(); 3696 if (gsm == NULL) 3697 return -ENOMEM; 3698 3699 tty->disc_data = gsm; 3700 tty->receive_room = 65536; 3701 3702 /* Attach the initial passive connection */ 3703 gsmld_attach_gsm(tty, gsm); 3704 3705 /* The mux will not be activated yet, we wait for correct 3706 * configuration first. 3707 */ 3708 if (gsm->encoding == GSM_BASIC_OPT) 3709 gsm->receive = gsm0_receive; 3710 else 3711 gsm->receive = gsm1_receive; 3712 3713 return 0; 3714 } 3715 3716 /** 3717 * gsmld_write_wakeup - asynchronous I/O notifier 3718 * @tty: tty device 3719 * 3720 * Required for the ptys, serial driver etc. since processes 3721 * that attach themselves to the master and rely on ASYNC 3722 * IO must be woken up 3723 */ 3724 3725 static void gsmld_write_wakeup(struct tty_struct *tty) 3726 { 3727 struct gsm_mux *gsm = tty->disc_data; 3728 3729 /* Queue poll */ 3730 gsmld_write_trigger(gsm); 3731 } 3732 3733 /** 3734 * gsmld_read - read function for tty 3735 * @tty: tty device 3736 * @file: file object 3737 * @buf: userspace buffer pointer 3738 * @nr: size of I/O 3739 * @cookie: unused 3740 * @offset: unused 3741 * 3742 * Perform reads for the line discipline. We are guaranteed that the 3743 * line discipline will not be closed under us but we may get multiple 3744 * parallel readers and must handle this ourselves. We may also get 3745 * a hangup. Always called in user context, may sleep. 3746 * 3747 * This code must be sure never to sleep through a hangup. 3748 */ 3749 3750 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file, u8 *buf, 3751 size_t nr, void **cookie, unsigned long offset) 3752 { 3753 return -EOPNOTSUPP; 3754 } 3755 3756 /** 3757 * gsmld_write - write function for tty 3758 * @tty: tty device 3759 * @file: file object 3760 * @buf: userspace buffer pointer 3761 * @nr: size of I/O 3762 * 3763 * Called when the owner of the device wants to send a frame 3764 * itself (or some other control data). The data is transferred 3765 * as-is and must be properly framed and checksummed as appropriate 3766 * by userspace. Frames are either sent whole or not at all as this 3767 * avoids pain user side. 3768 */ 3769 3770 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file, 3771 const u8 *buf, size_t nr) 3772 { 3773 struct gsm_mux *gsm = tty->disc_data; 3774 unsigned long flags; 3775 size_t space; 3776 int ret; 3777 3778 if (!gsm) 3779 return -ENODEV; 3780 3781 ret = -ENOBUFS; 3782 spin_lock_irqsave(&gsm->tx_lock, flags); 3783 space = tty_write_room(tty); 3784 if (space >= nr) 3785 ret = tty->ops->write(tty, buf, nr); 3786 else 3787 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 3788 spin_unlock_irqrestore(&gsm->tx_lock, flags); 3789 3790 return ret; 3791 } 3792 3793 /** 3794 * gsmld_poll - poll method for N_GSM0710 3795 * @tty: terminal device 3796 * @file: file accessing it 3797 * @wait: poll table 3798 * 3799 * Called when the line discipline is asked to poll() for data or 3800 * for special events. This code is not serialized with respect to 3801 * other events save open/close. 3802 * 3803 * This code must be sure never to sleep through a hangup. 3804 * Called without the kernel lock held - fine 3805 */ 3806 3807 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file, 3808 poll_table *wait) 3809 { 3810 __poll_t mask = 0; 3811 struct gsm_mux *gsm = tty->disc_data; 3812 3813 poll_wait(file, &tty->read_wait, wait); 3814 poll_wait(file, &tty->write_wait, wait); 3815 3816 if (gsm->dead) 3817 mask |= EPOLLHUP; 3818 if (tty_hung_up_p(file)) 3819 mask |= EPOLLHUP; 3820 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) 3821 mask |= EPOLLHUP; 3822 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0) 3823 mask |= EPOLLOUT | EPOLLWRNORM; 3824 return mask; 3825 } 3826 3827 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd, 3828 unsigned long arg) 3829 { 3830 struct gsm_config c; 3831 struct gsm_config_ext ce; 3832 struct gsm_dlci_config dc; 3833 struct gsm_mux *gsm = tty->disc_data; 3834 unsigned int base, addr; 3835 struct gsm_dlci *dlci; 3836 3837 switch (cmd) { 3838 case GSMIOC_GETCONF: 3839 gsm_copy_config_values(gsm, &c); 3840 if (copy_to_user((void __user *)arg, &c, sizeof(c))) 3841 return -EFAULT; 3842 return 0; 3843 case GSMIOC_SETCONF: 3844 if (copy_from_user(&c, (void __user *)arg, sizeof(c))) 3845 return -EFAULT; 3846 return gsm_config(gsm, &c); 3847 case GSMIOC_GETFIRST: 3848 base = mux_num_to_base(gsm); 3849 return put_user(base + 1, (__u32 __user *)arg); 3850 case GSMIOC_GETCONF_EXT: 3851 gsm_copy_config_ext_values(gsm, &ce); 3852 if (copy_to_user((void __user *)arg, &ce, sizeof(ce))) 3853 return -EFAULT; 3854 return 0; 3855 case GSMIOC_SETCONF_EXT: 3856 if (copy_from_user(&ce, (void __user *)arg, sizeof(ce))) 3857 return -EFAULT; 3858 return gsm_config_ext(gsm, &ce); 3859 case GSMIOC_GETCONF_DLCI: 3860 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 3861 return -EFAULT; 3862 if (dc.channel == 0 || dc.channel >= NUM_DLCI) 3863 return -EINVAL; 3864 addr = array_index_nospec(dc.channel, NUM_DLCI); 3865 dlci = gsm->dlci[addr]; 3866 if (!dlci) { 3867 dlci = gsm_dlci_alloc(gsm, addr); 3868 if (!dlci) 3869 return -ENOMEM; 3870 } 3871 gsm_dlci_copy_config_values(dlci, &dc); 3872 if (copy_to_user((void __user *)arg, &dc, sizeof(dc))) 3873 return -EFAULT; 3874 return 0; 3875 case GSMIOC_SETCONF_DLCI: 3876 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 3877 return -EFAULT; 3878 if (dc.channel == 0 || dc.channel >= NUM_DLCI) 3879 return -EINVAL; 3880 addr = array_index_nospec(dc.channel, NUM_DLCI); 3881 dlci = gsm->dlci[addr]; 3882 if (!dlci) { 3883 dlci = gsm_dlci_alloc(gsm, addr); 3884 if (!dlci) 3885 return -ENOMEM; 3886 } 3887 return gsm_dlci_config(dlci, &dc, 0); 3888 default: 3889 return n_tty_ioctl_helper(tty, cmd, arg); 3890 } 3891 } 3892 3893 /* 3894 * Network interface 3895 * 3896 */ 3897 3898 static int gsm_mux_net_open(struct net_device *net) 3899 { 3900 pr_debug("%s called\n", __func__); 3901 netif_start_queue(net); 3902 return 0; 3903 } 3904 3905 static int gsm_mux_net_close(struct net_device *net) 3906 { 3907 netif_stop_queue(net); 3908 return 0; 3909 } 3910 3911 static void dlci_net_free(struct gsm_dlci *dlci) 3912 { 3913 if (!dlci->net) { 3914 WARN_ON(1); 3915 return; 3916 } 3917 dlci->adaption = dlci->prev_adaption; 3918 dlci->data = dlci->prev_data; 3919 free_netdev(dlci->net); 3920 dlci->net = NULL; 3921 } 3922 static void net_free(struct kref *ref) 3923 { 3924 struct gsm_mux_net *mux_net; 3925 struct gsm_dlci *dlci; 3926 3927 mux_net = container_of(ref, struct gsm_mux_net, ref); 3928 dlci = mux_net->dlci; 3929 3930 if (dlci->net) { 3931 unregister_netdev(dlci->net); 3932 dlci_net_free(dlci); 3933 } 3934 } 3935 3936 static inline void muxnet_get(struct gsm_mux_net *mux_net) 3937 { 3938 kref_get(&mux_net->ref); 3939 } 3940 3941 static inline void muxnet_put(struct gsm_mux_net *mux_net) 3942 { 3943 kref_put(&mux_net->ref, net_free); 3944 } 3945 3946 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb, 3947 struct net_device *net) 3948 { 3949 struct gsm_mux_net *mux_net = netdev_priv(net); 3950 struct gsm_dlci *dlci = mux_net->dlci; 3951 muxnet_get(mux_net); 3952 3953 skb_queue_head(&dlci->skb_list, skb); 3954 net->stats.tx_packets++; 3955 net->stats.tx_bytes += skb->len; 3956 gsm_dlci_data_kick(dlci); 3957 /* And tell the kernel when the last transmit started. */ 3958 netif_trans_update(net); 3959 muxnet_put(mux_net); 3960 return NETDEV_TX_OK; 3961 } 3962 3963 /* called when a packet did not ack after watchdogtimeout */ 3964 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue) 3965 { 3966 /* Tell syslog we are hosed. */ 3967 dev_dbg(&net->dev, "Tx timed out.\n"); 3968 3969 /* Update statistics */ 3970 net->stats.tx_errors++; 3971 } 3972 3973 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci, const u8 *in_buf, int size) 3974 { 3975 struct net_device *net = dlci->net; 3976 struct sk_buff *skb; 3977 struct gsm_mux_net *mux_net = netdev_priv(net); 3978 muxnet_get(mux_net); 3979 3980 /* Allocate an sk_buff */ 3981 skb = dev_alloc_skb(size + NET_IP_ALIGN); 3982 if (!skb) { 3983 /* We got no receive buffer. */ 3984 net->stats.rx_dropped++; 3985 muxnet_put(mux_net); 3986 return; 3987 } 3988 skb_reserve(skb, NET_IP_ALIGN); 3989 skb_put_data(skb, in_buf, size); 3990 3991 skb->dev = net; 3992 skb->protocol = htons(ETH_P_IP); 3993 3994 /* Ship it off to the kernel */ 3995 netif_rx(skb); 3996 3997 /* update out statistics */ 3998 net->stats.rx_packets++; 3999 net->stats.rx_bytes += size; 4000 muxnet_put(mux_net); 4001 return; 4002 } 4003 4004 static void gsm_mux_net_init(struct net_device *net) 4005 { 4006 static const struct net_device_ops gsm_netdev_ops = { 4007 .ndo_open = gsm_mux_net_open, 4008 .ndo_stop = gsm_mux_net_close, 4009 .ndo_start_xmit = gsm_mux_net_start_xmit, 4010 .ndo_tx_timeout = gsm_mux_net_tx_timeout, 4011 }; 4012 4013 net->netdev_ops = &gsm_netdev_ops; 4014 4015 /* fill in the other fields */ 4016 net->watchdog_timeo = GSM_NET_TX_TIMEOUT; 4017 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; 4018 net->type = ARPHRD_NONE; 4019 net->tx_queue_len = 10; 4020 } 4021 4022 4023 /* caller holds the dlci mutex */ 4024 static void gsm_destroy_network(struct gsm_dlci *dlci) 4025 { 4026 struct gsm_mux_net *mux_net; 4027 4028 pr_debug("destroy network interface\n"); 4029 if (!dlci->net) 4030 return; 4031 mux_net = netdev_priv(dlci->net); 4032 muxnet_put(mux_net); 4033 } 4034 4035 4036 /* caller holds the dlci mutex */ 4037 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc) 4038 { 4039 char *netname; 4040 int retval = 0; 4041 struct net_device *net; 4042 struct gsm_mux_net *mux_net; 4043 4044 if (!capable(CAP_NET_ADMIN)) 4045 return -EPERM; 4046 4047 /* Already in a non tty mode */ 4048 if (dlci->adaption > 2) 4049 return -EBUSY; 4050 4051 if (nc->protocol != htons(ETH_P_IP)) 4052 return -EPROTONOSUPPORT; 4053 4054 if (nc->adaption != 3 && nc->adaption != 4) 4055 return -EPROTONOSUPPORT; 4056 4057 pr_debug("create network interface\n"); 4058 4059 netname = "gsm%d"; 4060 if (nc->if_name[0] != '\0') 4061 netname = nc->if_name; 4062 net = alloc_netdev(sizeof(struct gsm_mux_net), netname, 4063 NET_NAME_UNKNOWN, gsm_mux_net_init); 4064 if (!net) { 4065 pr_err("alloc_netdev failed\n"); 4066 return -ENOMEM; 4067 } 4068 net->mtu = dlci->mtu; 4069 net->min_mtu = MIN_MTU; 4070 net->max_mtu = dlci->mtu; 4071 mux_net = netdev_priv(net); 4072 mux_net->dlci = dlci; 4073 kref_init(&mux_net->ref); 4074 strscpy(nc->if_name, net->name); /* return net name */ 4075 4076 /* reconfigure dlci for network */ 4077 dlci->prev_adaption = dlci->adaption; 4078 dlci->prev_data = dlci->data; 4079 dlci->adaption = nc->adaption; 4080 dlci->data = gsm_mux_rx_netchar; 4081 dlci->net = net; 4082 4083 pr_debug("register netdev\n"); 4084 retval = register_netdev(net); 4085 if (retval) { 4086 pr_err("network register fail %d\n", retval); 4087 dlci_net_free(dlci); 4088 return retval; 4089 } 4090 return net->ifindex; /* return network index */ 4091 } 4092 4093 /* Line discipline for real tty */ 4094 static struct tty_ldisc_ops tty_ldisc_packet = { 4095 .owner = THIS_MODULE, 4096 .num = N_GSM0710, 4097 .name = "n_gsm", 4098 .open = gsmld_open, 4099 .close = gsmld_close, 4100 .flush_buffer = gsmld_flush_buffer, 4101 .read = gsmld_read, 4102 .write = gsmld_write, 4103 .ioctl = gsmld_ioctl, 4104 .poll = gsmld_poll, 4105 .receive_buf = gsmld_receive_buf, 4106 .write_wakeup = gsmld_write_wakeup 4107 }; 4108 4109 /* 4110 * Virtual tty side 4111 */ 4112 4113 /** 4114 * gsm_modem_upd_via_data - send modem bits via convergence layer 4115 * @dlci: channel 4116 * @brk: break signal 4117 * 4118 * Send an empty frame to signal mobile state changes and to transmit the 4119 * break signal for adaption 2. 4120 */ 4121 4122 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk) 4123 { 4124 struct gsm_mux *gsm = dlci->gsm; 4125 unsigned long flags; 4126 4127 if (dlci->state != DLCI_OPEN || dlci->adaption != 2) 4128 return; 4129 4130 spin_lock_irqsave(&gsm->tx_lock, flags); 4131 gsm_dlci_modem_output(gsm, dlci, brk); 4132 spin_unlock_irqrestore(&gsm->tx_lock, flags); 4133 } 4134 4135 /** 4136 * gsm_modem_upd_via_msc - send modem bits via control frame 4137 * @dlci: channel 4138 * @brk: break signal 4139 */ 4140 4141 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk) 4142 { 4143 u8 modembits[3]; 4144 struct gsm_control *ctrl; 4145 int len = 2; 4146 4147 if (dlci->gsm->encoding != GSM_BASIC_OPT) 4148 return 0; 4149 4150 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ 4151 if (!brk) { 4152 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; 4153 } else { 4154 modembits[1] = gsm_encode_modem(dlci) << 1; 4155 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */ 4156 len++; 4157 } 4158 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len); 4159 if (ctrl == NULL) 4160 return -ENOMEM; 4161 return gsm_control_wait(dlci->gsm, ctrl); 4162 } 4163 4164 /** 4165 * gsm_modem_send_initial_msc - Send initial modem status message 4166 * 4167 * @dlci: channel 4168 * 4169 * Send an initial MSC message after DLCI open to set the initial 4170 * modem status lines. This is only done for basic mode. 4171 * Does not wait for a response as we cannot block the input queue 4172 * processing. 4173 */ 4174 static int gsm_modem_send_initial_msc(struct gsm_dlci *dlci) 4175 { 4176 u8 modembits[2]; 4177 4178 if (dlci->adaption != 1 || dlci->gsm->encoding != GSM_BASIC_OPT) 4179 return 0; 4180 4181 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */ 4182 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA; 4183 return gsm_control_command(dlci->gsm, CMD_MSC, (const u8 *)&modembits, 2); 4184 } 4185 4186 /** 4187 * gsm_modem_update - send modem status line state 4188 * @dlci: channel 4189 * @brk: break signal 4190 */ 4191 4192 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk) 4193 { 4194 if (dlci->gsm->dead) 4195 return -EL2HLT; 4196 if (dlci->adaption == 2) { 4197 /* Send convergence layer type 2 empty data frame. */ 4198 gsm_modem_upd_via_data(dlci, brk); 4199 return 0; 4200 } else if (dlci->gsm->encoding == GSM_BASIC_OPT) { 4201 /* Send as MSC control message. */ 4202 return gsm_modem_upd_via_msc(dlci, brk); 4203 } 4204 4205 /* Modem status lines are not supported. */ 4206 return -EPROTONOSUPPORT; 4207 } 4208 4209 /** 4210 * gsm_wait_modem_change - wait for modem status line change 4211 * @dlci: channel 4212 * @mask: modem status line bits 4213 * 4214 * The function returns if: 4215 * - any given modem status line bit changed 4216 * - the wait event function got interrupted (e.g. by a signal) 4217 * - the underlying DLCI was closed 4218 * - the underlying ldisc device was removed 4219 */ 4220 static int gsm_wait_modem_change(struct gsm_dlci *dlci, u32 mask) 4221 { 4222 struct gsm_mux *gsm = dlci->gsm; 4223 u32 old = dlci->modem_rx; 4224 int ret; 4225 4226 ret = wait_event_interruptible(gsm->event, gsm->dead || 4227 dlci->state != DLCI_OPEN || 4228 (old ^ dlci->modem_rx) & mask); 4229 if (gsm->dead) 4230 return -ENODEV; 4231 if (dlci->state != DLCI_OPEN) 4232 return -EL2NSYNC; 4233 return ret; 4234 } 4235 4236 static bool gsm_carrier_raised(struct tty_port *port) 4237 { 4238 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 4239 struct gsm_mux *gsm = dlci->gsm; 4240 4241 /* Not yet open so no carrier info */ 4242 if (dlci->state != DLCI_OPEN) 4243 return false; 4244 if (debug & DBG_CD_ON) 4245 return true; 4246 4247 /* 4248 * Basic mode with control channel in ADM mode may not respond 4249 * to CMD_MSC at all and modem_rx is empty. 4250 */ 4251 if (gsm->encoding == GSM_BASIC_OPT && 4252 gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx) 4253 return true; 4254 4255 return dlci->modem_rx & TIOCM_CD; 4256 } 4257 4258 static void gsm_dtr_rts(struct tty_port *port, bool active) 4259 { 4260 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port); 4261 unsigned int modem_tx = dlci->modem_tx; 4262 if (active) 4263 modem_tx |= TIOCM_DTR | TIOCM_RTS; 4264 else 4265 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS); 4266 if (modem_tx != dlci->modem_tx) { 4267 dlci->modem_tx = modem_tx; 4268 gsm_modem_update(dlci, 0); 4269 } 4270 } 4271 4272 static const struct tty_port_operations gsm_port_ops = { 4273 .carrier_raised = gsm_carrier_raised, 4274 .dtr_rts = gsm_dtr_rts, 4275 .destruct = gsm_dlci_free, 4276 }; 4277 4278 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty) 4279 { 4280 struct gsm_mux *gsm; 4281 struct gsm_dlci *dlci, *dlci0; 4282 unsigned int line = tty->index; 4283 unsigned int mux = mux_line_to_num(line); 4284 bool alloc = false; 4285 int ret; 4286 4287 line = line & 0x3F; 4288 4289 if (mux >= MAX_MUX) 4290 return -ENXIO; 4291 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */ 4292 if (gsm_mux[mux] == NULL) 4293 return -EUNATCH; 4294 if (line == 0 || line > 61) /* 62/63 reserved */ 4295 return -ECHRNG; 4296 gsm = gsm_mux[mux]; 4297 if (gsm->dead) 4298 return -EL2HLT; 4299 /* If DLCI 0 is not yet fully open return an error. 4300 This is ok from a locking 4301 perspective as we don't have to worry about this 4302 if DLCI0 is lost */ 4303 mutex_lock(&gsm->mutex); 4304 4305 dlci0 = gsm->dlci[0]; 4306 if (dlci0 && dlci0->state != DLCI_OPEN) { 4307 mutex_unlock(&gsm->mutex); 4308 4309 if (dlci0->state == DLCI_OPENING) 4310 wait_event(gsm->event, dlci0->state != DLCI_OPENING); 4311 4312 if (dlci0->state != DLCI_OPEN) 4313 return -EL2NSYNC; 4314 4315 mutex_lock(&gsm->mutex); 4316 } 4317 4318 dlci = gsm->dlci[line]; 4319 if (dlci == NULL) { 4320 alloc = true; 4321 dlci = gsm_dlci_alloc(gsm, line); 4322 } 4323 if (dlci == NULL) { 4324 mutex_unlock(&gsm->mutex); 4325 return -ENOMEM; 4326 } 4327 ret = tty_port_install(&dlci->port, driver, tty); 4328 if (ret) { 4329 if (alloc) 4330 dlci_put(dlci); 4331 mutex_unlock(&gsm->mutex); 4332 return ret; 4333 } 4334 4335 dlci_get(dlci); 4336 dlci_get(gsm->dlci[0]); 4337 mux_get(gsm); 4338 tty->driver_data = dlci; 4339 mutex_unlock(&gsm->mutex); 4340 4341 return 0; 4342 } 4343 4344 static int gsmtty_open(struct tty_struct *tty, struct file *filp) 4345 { 4346 struct gsm_dlci *dlci = tty->driver_data; 4347 struct tty_port *port = &dlci->port; 4348 4349 port->count++; 4350 tty_port_tty_set(port, tty); 4351 4352 dlci->modem_rx = 0; 4353 /* We could in theory open and close before we wait - eg if we get 4354 a DM straight back. This is ok as that will have caused a hangup */ 4355 tty_port_set_initialized(port, true); 4356 /* Start sending off SABM messages */ 4357 if (!dlci->gsm->wait_config) { 4358 /* Start sending off SABM messages */ 4359 if (dlci->gsm->initiator) 4360 gsm_dlci_begin_open(dlci); 4361 else 4362 gsm_dlci_set_opening(dlci); 4363 } else { 4364 gsm_dlci_set_wait_config(dlci); 4365 } 4366 /* And wait for virtual carrier */ 4367 return tty_port_block_til_ready(port, tty, filp); 4368 } 4369 4370 static void gsmtty_close(struct tty_struct *tty, struct file *filp) 4371 { 4372 struct gsm_dlci *dlci = tty->driver_data; 4373 4374 if (dlci == NULL) 4375 return; 4376 if (dlci->state == DLCI_CLOSED) 4377 return; 4378 mutex_lock(&dlci->mutex); 4379 gsm_destroy_network(dlci); 4380 mutex_unlock(&dlci->mutex); 4381 if (tty_port_close_start(&dlci->port, tty, filp) == 0) 4382 return; 4383 gsm_dlci_begin_close(dlci); 4384 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty)) 4385 tty_port_lower_dtr_rts(&dlci->port); 4386 tty_port_close_end(&dlci->port, tty); 4387 tty_port_tty_set(&dlci->port, NULL); 4388 return; 4389 } 4390 4391 static void gsmtty_hangup(struct tty_struct *tty) 4392 { 4393 struct gsm_dlci *dlci = tty->driver_data; 4394 if (dlci->state == DLCI_CLOSED) 4395 return; 4396 tty_port_hangup(&dlci->port); 4397 gsm_dlci_begin_close(dlci); 4398 } 4399 4400 static ssize_t gsmtty_write(struct tty_struct *tty, const u8 *buf, size_t len) 4401 { 4402 int sent; 4403 struct gsm_dlci *dlci = tty->driver_data; 4404 if (dlci->state == DLCI_CLOSED) 4405 return -EINVAL; 4406 /* Stuff the bytes into the fifo queue */ 4407 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock); 4408 /* Need to kick the channel */ 4409 gsm_dlci_data_kick(dlci); 4410 return sent; 4411 } 4412 4413 static unsigned int gsmtty_write_room(struct tty_struct *tty) 4414 { 4415 struct gsm_dlci *dlci = tty->driver_data; 4416 if (dlci->state == DLCI_CLOSED) 4417 return 0; 4418 return kfifo_avail(&dlci->fifo); 4419 } 4420 4421 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty) 4422 { 4423 struct gsm_dlci *dlci = tty->driver_data; 4424 if (dlci->state == DLCI_CLOSED) 4425 return 0; 4426 return kfifo_len(&dlci->fifo); 4427 } 4428 4429 static void gsmtty_flush_buffer(struct tty_struct *tty) 4430 { 4431 struct gsm_dlci *dlci = tty->driver_data; 4432 unsigned long flags; 4433 4434 if (dlci->state == DLCI_CLOSED) 4435 return; 4436 /* Caution needed: If we implement reliable transport classes 4437 then the data being transmitted can't simply be junked once 4438 it has first hit the stack. Until then we can just blow it 4439 away */ 4440 spin_lock_irqsave(&dlci->lock, flags); 4441 kfifo_reset(&dlci->fifo); 4442 spin_unlock_irqrestore(&dlci->lock, flags); 4443 /* Need to unhook this DLCI from the transmit queue logic */ 4444 } 4445 4446 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) 4447 { 4448 /* The FIFO handles the queue so the kernel will do the right 4449 thing waiting on chars_in_buffer before calling us. No work 4450 to do here */ 4451 } 4452 4453 static int gsmtty_tiocmget(struct tty_struct *tty) 4454 { 4455 struct gsm_dlci *dlci = tty->driver_data; 4456 if (dlci->state == DLCI_CLOSED) 4457 return -EINVAL; 4458 return dlci->modem_rx; 4459 } 4460 4461 static int gsmtty_tiocmset(struct tty_struct *tty, 4462 unsigned int set, unsigned int clear) 4463 { 4464 struct gsm_dlci *dlci = tty->driver_data; 4465 unsigned int modem_tx = dlci->modem_tx; 4466 4467 if (dlci->state == DLCI_CLOSED) 4468 return -EINVAL; 4469 modem_tx &= ~clear; 4470 modem_tx |= set; 4471 4472 if (modem_tx != dlci->modem_tx) { 4473 dlci->modem_tx = modem_tx; 4474 return gsm_modem_update(dlci, 0); 4475 } 4476 return 0; 4477 } 4478 4479 4480 static int gsmtty_ioctl(struct tty_struct *tty, 4481 unsigned int cmd, unsigned long arg) 4482 { 4483 struct gsm_dlci *dlci = tty->driver_data; 4484 struct gsm_netconfig nc; 4485 struct gsm_dlci_config dc; 4486 int index; 4487 4488 if (dlci->state == DLCI_CLOSED) 4489 return -EINVAL; 4490 switch (cmd) { 4491 case GSMIOC_ENABLE_NET: 4492 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) 4493 return -EFAULT; 4494 nc.if_name[IFNAMSIZ-1] = '\0'; 4495 /* return net interface index or error code */ 4496 mutex_lock(&dlci->mutex); 4497 index = gsm_create_network(dlci, &nc); 4498 mutex_unlock(&dlci->mutex); 4499 if (copy_to_user((void __user *)arg, &nc, sizeof(nc))) 4500 return -EFAULT; 4501 return index; 4502 case GSMIOC_DISABLE_NET: 4503 if (!capable(CAP_NET_ADMIN)) 4504 return -EPERM; 4505 mutex_lock(&dlci->mutex); 4506 gsm_destroy_network(dlci); 4507 mutex_unlock(&dlci->mutex); 4508 return 0; 4509 case GSMIOC_GETCONF_DLCI: 4510 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 4511 return -EFAULT; 4512 if (dc.channel != dlci->addr) 4513 return -EPERM; 4514 gsm_dlci_copy_config_values(dlci, &dc); 4515 if (copy_to_user((void __user *)arg, &dc, sizeof(dc))) 4516 return -EFAULT; 4517 return 0; 4518 case GSMIOC_SETCONF_DLCI: 4519 if (copy_from_user(&dc, (void __user *)arg, sizeof(dc))) 4520 return -EFAULT; 4521 if (dc.channel >= NUM_DLCI) 4522 return -EINVAL; 4523 if (dc.channel != 0 && dc.channel != dlci->addr) 4524 return -EPERM; 4525 return gsm_dlci_config(dlci, &dc, 1); 4526 case TIOCMIWAIT: 4527 return gsm_wait_modem_change(dlci, (u32)arg); 4528 default: 4529 return -ENOIOCTLCMD; 4530 } 4531 } 4532 4533 static void gsmtty_set_termios(struct tty_struct *tty, 4534 const struct ktermios *old) 4535 { 4536 struct gsm_dlci *dlci = tty->driver_data; 4537 if (dlci->state == DLCI_CLOSED) 4538 return; 4539 /* For the moment its fixed. In actual fact the speed information 4540 for the virtual channel can be propogated in both directions by 4541 the RPN control message. This however rapidly gets nasty as we 4542 then have to remap modem signals each way according to whether 4543 our virtual cable is null modem etc .. */ 4544 tty_termios_copy_hw(&tty->termios, old); 4545 } 4546 4547 static void gsmtty_throttle(struct tty_struct *tty) 4548 { 4549 struct gsm_dlci *dlci = tty->driver_data; 4550 if (dlci->state == DLCI_CLOSED) 4551 return; 4552 if (C_CRTSCTS(tty)) 4553 dlci->modem_tx &= ~TIOCM_RTS; 4554 dlci->throttled = true; 4555 /* Send an MSC with RTS cleared */ 4556 gsm_modem_update(dlci, 0); 4557 } 4558 4559 static void gsmtty_unthrottle(struct tty_struct *tty) 4560 { 4561 struct gsm_dlci *dlci = tty->driver_data; 4562 if (dlci->state == DLCI_CLOSED) 4563 return; 4564 if (C_CRTSCTS(tty)) 4565 dlci->modem_tx |= TIOCM_RTS; 4566 dlci->throttled = false; 4567 /* Send an MSC with RTS set */ 4568 gsm_modem_update(dlci, 0); 4569 } 4570 4571 static int gsmtty_break_ctl(struct tty_struct *tty, int state) 4572 { 4573 struct gsm_dlci *dlci = tty->driver_data; 4574 int encode = 0; /* Off */ 4575 if (dlci->state == DLCI_CLOSED) 4576 return -EINVAL; 4577 4578 if (state == -1) /* "On indefinitely" - we can't encode this 4579 properly */ 4580 encode = 0x0F; 4581 else if (state > 0) { 4582 encode = state / 200; /* mS to encoding */ 4583 if (encode > 0x0F) 4584 encode = 0x0F; /* Best effort */ 4585 } 4586 return gsm_modem_update(dlci, encode); 4587 } 4588 4589 static void gsmtty_cleanup(struct tty_struct *tty) 4590 { 4591 struct gsm_dlci *dlci = tty->driver_data; 4592 struct gsm_mux *gsm = dlci->gsm; 4593 4594 dlci_put(dlci); 4595 dlci_put(gsm->dlci[0]); 4596 mux_put(gsm); 4597 } 4598 4599 /* Virtual ttys for the demux */ 4600 static const struct tty_operations gsmtty_ops = { 4601 .install = gsmtty_install, 4602 .open = gsmtty_open, 4603 .close = gsmtty_close, 4604 .write = gsmtty_write, 4605 .write_room = gsmtty_write_room, 4606 .chars_in_buffer = gsmtty_chars_in_buffer, 4607 .flush_buffer = gsmtty_flush_buffer, 4608 .ioctl = gsmtty_ioctl, 4609 .throttle = gsmtty_throttle, 4610 .unthrottle = gsmtty_unthrottle, 4611 .set_termios = gsmtty_set_termios, 4612 .hangup = gsmtty_hangup, 4613 .wait_until_sent = gsmtty_wait_until_sent, 4614 .tiocmget = gsmtty_tiocmget, 4615 .tiocmset = gsmtty_tiocmset, 4616 .break_ctl = gsmtty_break_ctl, 4617 .cleanup = gsmtty_cleanup, 4618 }; 4619 4620 4621 4622 static int __init gsm_init(void) 4623 { 4624 /* Fill in our line protocol discipline, and register it */ 4625 int status = tty_register_ldisc(&tty_ldisc_packet); 4626 if (status != 0) { 4627 pr_err("n_gsm: can't register line discipline (err = %d)\n", 4628 status); 4629 return status; 4630 } 4631 4632 gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW | 4633 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK); 4634 if (IS_ERR(gsm_tty_driver)) { 4635 pr_err("gsm_init: tty allocation failed.\n"); 4636 status = PTR_ERR(gsm_tty_driver); 4637 goto err_unreg_ldisc; 4638 } 4639 gsm_tty_driver->driver_name = "gsmtty"; 4640 gsm_tty_driver->name = "gsmtty"; 4641 gsm_tty_driver->major = 0; /* Dynamic */ 4642 gsm_tty_driver->minor_start = 0; 4643 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL; 4644 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 4645 gsm_tty_driver->init_termios = tty_std_termios; 4646 /* Fixme */ 4647 gsm_tty_driver->init_termios.c_lflag &= ~ECHO; 4648 tty_set_operations(gsm_tty_driver, &gsmtty_ops); 4649 4650 if (tty_register_driver(gsm_tty_driver)) { 4651 pr_err("gsm_init: tty registration failed.\n"); 4652 status = -EBUSY; 4653 goto err_put_driver; 4654 } 4655 pr_debug("gsm_init: loaded as %d,%d.\n", 4656 gsm_tty_driver->major, gsm_tty_driver->minor_start); 4657 return 0; 4658 err_put_driver: 4659 tty_driver_kref_put(gsm_tty_driver); 4660 err_unreg_ldisc: 4661 tty_unregister_ldisc(&tty_ldisc_packet); 4662 return status; 4663 } 4664 4665 static void __exit gsm_exit(void) 4666 { 4667 tty_unregister_ldisc(&tty_ldisc_packet); 4668 tty_unregister_driver(gsm_tty_driver); 4669 tty_driver_kref_put(gsm_tty_driver); 4670 } 4671 4672 module_init(gsm_init); 4673 module_exit(gsm_exit); 4674 4675 4676 MODULE_DESCRIPTION("GSM 0710 tty multiplexor"); 4677 MODULE_LICENSE("GPL"); 4678 MODULE_ALIAS_LDISC(N_GSM0710); 4679