]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - drivers/tty/n_gsm.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
TTY: convert more flipping functions
[mirror_ubuntu-artful-kernel.git] / drivers / tty / n_gsm.c
CommitLineData
e1eaea46
AC		 1/*
2 * n_gsm.c GSM 0710 tty multiplexor
3 * Copyright (c) 2009/10 Intel Corporation
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
19 *
20 * TO DO:
21 * Mostly done: ioctls for setting modes/timing
5f9a31d6 22 * Partly done: hooks so you can pull off frames to non tty devs
e1eaea46 23 * Restart DLCI 0 when it closes ?
e1eaea46
AC		 24 * Improve the tx engine
25 * Resolve tx side locking by adding a queue_head and routing
26 * all control traffic via it
27 * General tidy/document
28 * Review the locking/move to refcounts more (mux now moved to an
29 * alloc/free model ready)
30 * Use newest tty open/close port helpers and install hooks
31 * What to do about power functions ?
32 * Termios setting and negotiation
33 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
34 *
35 */
36
37#include <linux/types.h>
38#include <linux/major.h>
39#include <linux/errno.h>
40#include <linux/signal.h>
41#include <linux/fcntl.h>
42#include <linux/sched.h>
43#include <linux/interrupt.h>
44#include <linux/tty.h>
e1eaea46
AC		 45#include <linux/ctype.h>
46#include <linux/mm.h>
47#include <linux/string.h>
48#include <linux/slab.h>
49#include <linux/poll.h>
50#include <linux/bitops.h>
51#include <linux/file.h>
52#include <linux/uaccess.h>
53#include <linux/module.h>
54#include <linux/timer.h>
55#include <linux/tty_flip.h>
56#include <linux/tty_driver.h>
57#include <linux/serial.h>
58#include <linux/kfifo.h>
59#include <linux/skbuff.h>
bcd5abe2
RG		 60#include <net/arp.h>
61#include <linux/ip.h>
62#include <linux/netdevice.h>
63#include <linux/etherdevice.h>
e1eaea46
AC		 64#include <linux/gsmmux.h>
65
66static int debug;
67module_param(debug, int, 0600);
68
a8d12007
AC		 69/* Defaults: these are from the specification */
70
71#define T1 10 /* 100mS */
72#define T2 34 /* 333mS */
73#define N2 3 /* Retry 3 times */
e1eaea46
AC		 74
75/* Use long timers for testing at low speed with debug on */
76#ifdef DEBUG_TIMING
a8d12007
AC		 77#define T1 100
78#define T2 200
e1eaea46
AC		 79#endif
80
5f9a31d6 81/*
25985edc 82 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
5f9a31d6
AC		 83 * limits so this is plenty
84 */
bcd5abe2
RG		 85#define MAX_MRU 1500
86#define MAX_MTU 1500
87#define GSM_NET_TX_TIMEOUT (HZ*10)
88
89/**
90 * struct gsm_mux_net - network interface
91 * @struct gsm_dlci* dlci
92 * @struct net_device_stats stats;
93 *
94 * Created when net interface is initialized.
95 **/
96struct gsm_mux_net {
97 struct kref ref;
98 struct gsm_dlci *dlci;
99 struct net_device_stats stats;
100};
101
102#define STATS(net) (((struct gsm_mux_net *)netdev_priv(net))->stats)
e1eaea46
AC		 103
104/*
105 * Each block of data we have queued to go out is in the form of
25985edc 106 * a gsm_msg which holds everything we need in a link layer independent
e1eaea46
AC		 107 * format
108 */
109
110struct gsm_msg {
b4338e1e 111 struct list_head list;
e1eaea46
AC		 112 u8 addr; /* DLCI address + flags */
113 u8 ctrl; /* Control byte + flags */
114 unsigned int len; /* Length of data block (can be zero) */
115 unsigned char *data; /* Points into buffer but not at the start */
116 unsigned char buffer[0];
117};
118
119/*
120 * Each active data link has a gsm_dlci structure associated which ties
121 * the link layer to an optional tty (if the tty side is open). To avoid
122 * complexity right now these are only ever freed up when the mux is
123 * shut down.
124 *
125 * At the moment we don't free DLCI objects until the mux is torn down
126 * this avoid object life time issues but might be worth review later.
127 */
128
129struct gsm_dlci {
130 struct gsm_mux *gsm;
131 int addr;
132 int state;
133#define DLCI_CLOSED 0
134#define DLCI_OPENING 1 /* Sending SABM not seen UA */
135#define DLCI_OPEN 2 /* SABM/UA complete */
136#define DLCI_CLOSING 3 /* Sending DISC not seen UA/DM */
bcd5abe2 137 struct mutex mutex;
e1eaea46
AC		 138
139 /* Link layer */
140 spinlock_t lock; /* Protects the internal state */
141 struct timer_list t1; /* Retransmit timer for SABM and UA */
142 int retries;
143 /* Uplink tty if active */
144 struct tty_port port; /* The tty bound to this DLCI if there is one */
145 struct kfifo *fifo; /* Queue fifo for the DLCI */
146 struct kfifo _fifo; /* For new fifo API porting only */
147 int adaption; /* Adaption layer in use */
bcd5abe2 148 int prev_adaption;
e1eaea46
AC		 149 u32 modem_rx; /* Our incoming virtual modem lines */
150 u32 modem_tx; /* Our outgoing modem lines */
151 int dead; /* Refuse re-open */
152 /* Flow control */
153 int throttled; /* Private copy of throttle state */
154 int constipated; /* Throttle status for outgoing */
155 /* Packetised I/O */
156 struct sk_buff *skb; /* Frame being sent */
157 struct sk_buff_head skb_list; /* Queued frames */
158 /* Data handling callback */
159 void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
bcd5abe2
RG		 160 void (*prev_data)(struct gsm_dlci *dlci, u8 *data, int len);
161 struct net_device *net; /* network interface, if created */
e1eaea46
AC		 162};
163
164/* DLCI 0, 62/63 are special or reseved see gsmtty_open */
165
166#define NUM_DLCI 64
167
168/*
169 * DLCI 0 is used to pass control blocks out of band of the data
170 * flow (and with a higher link priority). One command can be outstanding
171 * at a time and we use this structure to manage them. They are created
172 * and destroyed by the user context, and updated by the receive paths
173 * and timers
174 */
175
176struct gsm_control {
177 u8 cmd; /* Command we are issuing */
178 u8 *data; /* Data for the command in case we retransmit */
179 int len; /* Length of block for retransmission */
180 int done; /* Done flag */
181 int error; /* Error if any */
182};
183
184/*
185 * Each GSM mux we have is represented by this structure. If we are
186 * operating as an ldisc then we use this structure as our ldisc
187 * state. We need to sort out lifetimes and locking with respect
188 * to the gsm mux array. For now we don't free DLCI objects that
189 * have been instantiated until the mux itself is terminated.
190 *
191 * To consider further: tty open versus mux shutdown.
192 */
193
194struct gsm_mux {
195 struct tty_struct *tty; /* The tty our ldisc is bound to */
196 spinlock_t lock;
d50f6dca 197 unsigned int num;
6ab8fba7 198 struct kref ref;
e1eaea46
AC		 199
200 /* Events on the GSM channel */
201 wait_queue_head_t event;
202
203 /* Bits for GSM mode decoding */
204
205 /* Framing Layer */
206 unsigned char *buf;
207 int state;
208#define GSM_SEARCH 0
209#define GSM_START 1
210#define GSM_ADDRESS 2
211#define GSM_CONTROL 3
212#define GSM_LEN 4
213#define GSM_DATA 5
214#define GSM_FCS 6
215#define GSM_OVERRUN 7
c2f2f000
AC		 216#define GSM_LEN0 8
217#define GSM_LEN1 9
218#define GSM_SSOF 10
e1eaea46
AC		 219 unsigned int len;
220 unsigned int address;
221 unsigned int count;
222 int escape;
223 int encoding;
224 u8 control;
225 u8 fcs;
c2f2f000 226 u8 received_fcs;
e1eaea46
AC		 227 u8 *txframe; /* TX framing buffer */
228
229 /* Methods for the receiver side */
230 void (*receive)(struct gsm_mux *gsm, u8 ch);
231 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
232 /* And transmit side */
233 int (*output)(struct gsm_mux *mux, u8 *data, int len);
234
235 /* Link Layer */
236 unsigned int mru;
237 unsigned int mtu;
238 int initiator; /* Did we initiate connection */
239 int dead; /* Has the mux been shut down */
240 struct gsm_dlci *dlci[NUM_DLCI];
241 int constipated; /* Asked by remote to shut up */
242
243 spinlock_t tx_lock;
244 unsigned int tx_bytes; /* TX data outstanding */
245#define TX_THRESH_HI 8192
246#define TX_THRESH_LO 2048
b4338e1e 247 struct list_head tx_list; /* Pending data packets */
e1eaea46
AC		 248
249 /* Control messages */
250 struct timer_list t2_timer; /* Retransmit timer for commands */
251 int cretries; /* Command retry counter */
252 struct gsm_control *pending_cmd;/* Our current pending command */
253 spinlock_t control_lock; /* Protects the pending command */
254
255 /* Configuration */
256 int adaption; /* 1 or 2 supported */
257 u8 ftype; /* UI or UIH */
258 int t1, t2; /* Timers in 1/100th of a sec */
259 int n2; /* Retry count */
260
261 /* Statistics (not currently exposed) */
262 unsigned long bad_fcs;
263 unsigned long malformed;
264 unsigned long io_error;
265 unsigned long bad_size;
266 unsigned long unsupported;
267};
268
269
270/*
271 * Mux objects - needed so that we can translate a tty index into the
272 * relevant mux and DLCI.
273 */
274
275#define MAX_MUX 4 /* 256 minors */
276static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
277static spinlock_t gsm_mux_lock;
278
d50f6dca
RG		 279static struct tty_driver *gsm_tty_driver;
280
e1eaea46
AC		 281/*
282 * This section of the driver logic implements the GSM encodings
283 * both the basic and the 'advanced'. Reliable transport is not
284 * supported.
285 */
286
287#define CR 0x02
288#define EA 0x01
289#define PF 0x10
290
291/* I is special: the rest are ..*/
292#define RR 0x01
293#define UI 0x03
294#define RNR 0x05
295#define REJ 0x09
296#define DM 0x0F
297#define SABM 0x2F
298#define DISC 0x43
299#define UA 0x63
300#define UIH 0xEF
301
302/* Channel commands */
303#define CMD_NSC 0x09
304#define CMD_TEST 0x11
305#define CMD_PSC 0x21
306#define CMD_RLS 0x29
307#define CMD_FCOFF 0x31
308#define CMD_PN 0x41
309#define CMD_RPN 0x49
310#define CMD_FCON 0x51
311#define CMD_CLD 0x61
312#define CMD_SNC 0x69
313#define CMD_MSC 0x71
314
315/* Virtual modem bits */
316#define MDM_FC 0x01
317#define MDM_RTC 0x02
318#define MDM_RTR 0x04
319#define MDM_IC 0x20
320#define MDM_DV 0x40
321
322#define GSM0_SOF 0xF9
5f9a31d6 323#define GSM1_SOF 0x7E
e1eaea46
AC		 324#define GSM1_ESCAPE 0x7D
325#define GSM1_ESCAPE_BITS 0x20
326#define XON 0x11
327#define XOFF 0x13
328
329static const struct tty_port_operations gsm_port_ops;
330
331/*
332 * CRC table for GSM 0710
333 */
334
335static const u8 gsm_fcs8[256] = {
336 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
337 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
338 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
339 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
340 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
341 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
342 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
343 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
344 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
345 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
346 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
347 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
348 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
349 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
350 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
351 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
352 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
353 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
354 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
355 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
356 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
357 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
358 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
359 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
360 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
361 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
362 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
363 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
364 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
365 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
366 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
367 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
368};
369
370#define INIT_FCS 0xFF
371#define GOOD_FCS 0xCF
372
373/**
374 * gsm_fcs_add - update FCS
375 * @fcs: Current FCS
376 * @c: Next data
377 *
378 * Update the FCS to include c. Uses the algorithm in the specification
379 * notes.
380 */
381
382static inline u8 gsm_fcs_add(u8 fcs, u8 c)
383{
384 return gsm_fcs8[fcs ^ c];
385}
386
387/**
388 * gsm_fcs_add_block - update FCS for a block
389 * @fcs: Current FCS
390 * @c: buffer of data
391 * @len: length of buffer
392 *
393 * Update the FCS to include c. Uses the algorithm in the specification
394 * notes.
395 */
396
397static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
398{
399 while (len--)
400 fcs = gsm_fcs8[fcs ^ *c++];
401 return fcs;
402}
403
404/**
405 * gsm_read_ea - read a byte into an EA
406 * @val: variable holding value
407 * c: byte going into the EA
408 *
409 * Processes one byte of an EA. Updates the passed variable
410 * and returns 1 if the EA is now completely read
411 */
412
413static int gsm_read_ea(unsigned int *val, u8 c)
414{
415 /* Add the next 7 bits into the value */
416 *val <<= 7;
417 *val |= c >> 1;
418 /* Was this the last byte of the EA 1 = yes*/
419 return c & EA;
420}
421
422/**
423 * gsm_encode_modem - encode modem data bits
424 * @dlci: DLCI to encode from
425 *
426 * Returns the correct GSM encoded modem status bits (6 bit field) for
427 * the current status of the DLCI and attached tty object
428 */
429
430static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
431{
432 u8 modembits = 0;
433 /* FC is true flow control not modem bits */
434 if (dlci->throttled)
435 modembits |= MDM_FC;
436 if (dlci->modem_tx & TIOCM_DTR)
437 modembits |= MDM_RTC;
438 if (dlci->modem_tx & TIOCM_RTS)
439 modembits |= MDM_RTR;
440 if (dlci->modem_tx & TIOCM_RI)
441 modembits |= MDM_IC;
442 if (dlci->modem_tx & TIOCM_CD)
443 modembits |= MDM_DV;
444 return modembits;
445}
446
447/**
448 * gsm_print_packet - display a frame for debug
449 * @hdr: header to print before decode
450 * @addr: address EA from the frame
451 * @cr: C/R bit from the frame
452 * @control: control including PF bit
453 * @data: following data bytes
454 * @dlen: length of data
455 *
456 * Displays a packet in human readable format for debugging purposes. The
457 * style is based on amateur radio LAP-B dump display.
458 */
459
460static void gsm_print_packet(const char *hdr, int addr, int cr,
461 u8 control, const u8 *data, int dlen)
462{
463 if (!(debug & 1))
464 return;
465
5f9a31d6 466 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
e1eaea46
AC		 467
468 switch (control & ~PF) {
469 case SABM:
5f9a31d6 470 pr_cont("SABM");
e1eaea46
AC		 471 break;
472 case UA:
5f9a31d6 473 pr_cont("UA");
e1eaea46
AC		 474 break;
475 case DISC:
5f9a31d6 476 pr_cont("DISC");
e1eaea46
AC		 477 break;
478 case DM:
5f9a31d6 479 pr_cont("DM");
e1eaea46
AC		 480 break;
481 case UI:
5f9a31d6 482 pr_cont("UI");
e1eaea46
AC		 483 break;
484 case UIH:
5f9a31d6 485 pr_cont("UIH");
e1eaea46
AC		 486 break;
487 default:
488 if (!(control & 0x01)) {
5f9a31d6 489 pr_cont("I N(S)%d N(R)%d",
47fdd641 490 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
e1eaea46 491 } else switch (control & 0x0F) {
5f9a31d6
AC		 492 case RR:
493 pr_cont("RR(%d)", (control & 0xE0) >> 5);
494 break;
495 case RNR:
496 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
497 break;
498 case REJ:
499 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
500 break;
501 default:
502 pr_cont("[%02X]", control);
e1eaea46
AC		 503 }
504 }
505
506 if (control & PF)
5f9a31d6 507 pr_cont("(P)");
e1eaea46 508 else
5f9a31d6 509 pr_cont("(F)");
e1eaea46
AC		 510
511 if (dlen) {
512 int ct = 0;
513 while (dlen--) {
5f9a31d6
AC		 514 if (ct % 8 == 0) {
515 pr_cont("\n");
516 pr_debug(" ");
517 }
518 pr_cont("%02X ", *data++);
e1eaea46
AC		 519 ct++;
520 }
521 }
5f9a31d6 522 pr_cont("\n");
e1eaea46
AC		 523}
524
525
526/*
527 * Link level transmission side
528 */
529
530/**
531 * gsm_stuff_packet - bytestuff a packet
532 * @ibuf: input
533 * @obuf: output
534 * @len: length of input
535 *
536 * Expand a buffer by bytestuffing it. The worst case size change
537 * is doubling and the caller is responsible for handing out
538 * suitable sized buffers.
539 */
540
541static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
542{
543 int olen = 0;
544 while (len--) {
545 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
546 || *input == XON || *input == XOFF) {
547 *output++ = GSM1_ESCAPE;
548 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
549 olen++;
550 } else
551 *output++ = *input++;
552 olen++;
553 }
554 return olen;
555}
556
e1eaea46
AC		 557/**
558 * gsm_send - send a control frame
559 * @gsm: our GSM mux
560 * @addr: address for control frame
561 * @cr: command/response bit
562 * @control: control byte including PF bit
563 *
564 * Format up and transmit a control frame. These do not go via the
565 * queueing logic as they should be transmitted ahead of data when
566 * they are needed.
567 *
568 * FIXME: Lock versus data TX path
569 */
570
571static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
572{
573 int len;
574 u8 cbuf[10];
575 u8 ibuf[3];
f96f7f7f 576 unsigned long flags;
e1eaea46
AC		 577
578 switch (gsm->encoding) {
579 case 0:
580 cbuf[0] = GSM0_SOF;
581 cbuf[1] = (addr << 2) | (cr << 1) | EA;
582 cbuf[2] = control;
583 cbuf[3] = EA; /* Length of data = 0 */
584 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
585 cbuf[5] = GSM0_SOF;
586 len = 6;
587 break;
588 case 1:
589 case 2:
590 /* Control frame + packing (but not frame stuffing) in mode 1 */
591 ibuf[0] = (addr << 2) | (cr << 1) | EA;
592 ibuf[1] = control;
593 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
594 /* Stuffing may double the size worst case */
595 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
596 /* Now add the SOF markers */
597 cbuf[0] = GSM1_SOF;
598 cbuf[len + 1] = GSM1_SOF;
599 /* FIXME: we can omit the lead one in many cases */
600 len += 2;
601 break;
602 default:
603 WARN_ON(1);
604 return;
605 }
f96f7f7f 606 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 607 gsm->output(gsm, cbuf, len);
f96f7f7f 608 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46
AC		 609 gsm_print_packet("-->", addr, cr, control, NULL, 0);
610}
611
612/**
613 * gsm_response - send a control response
614 * @gsm: our GSM mux
615 * @addr: address for control frame
616 * @control: control byte including PF bit
617 *
618 * Format up and transmit a link level response frame.
619 */
620
621static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
622{
623 gsm_send(gsm, addr, 0, control);
624}
625
626/**
627 * gsm_command - send a control command
628 * @gsm: our GSM mux
629 * @addr: address for control frame
630 * @control: control byte including PF bit
631 *
632 * Format up and transmit a link level command frame.
633 */
634
635static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
636{
637 gsm_send(gsm, addr, 1, control);
638}
639
640/* Data transmission */
641
642#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
643
644/**
645 * gsm_data_alloc - allocate data frame
646 * @gsm: GSM mux
647 * @addr: DLCI address
648 * @len: length excluding header and FCS
649 * @ctrl: control byte
650 *
651 * Allocate a new data buffer for sending frames with data. Space is left
652 * at the front for header bytes but that is treated as an implementation
653 * detail and not for the high level code to use
654 */
655
656static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
657 u8 ctrl)
658{
659 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
660 GFP_ATOMIC);
661 if (m == NULL)
662 return NULL;
663 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
664 m->len = len;
665 m->addr = addr;
666 m->ctrl = ctrl;
b4338e1e 667 INIT_LIST_HEAD(&m->list);
e1eaea46
AC		 668 return m;
669}
670
671/**
672 * gsm_data_kick - poke the queue
673 * @gsm: GSM Mux
674 *
675 * The tty device has called us to indicate that room has appeared in
676 * the transmit queue. Ram more data into the pipe if we have any
c01af4fe
FB		 677 * If we have been flow-stopped by a CMD_FCOFF, then we can only
678 * send messages on DLCI0 until CMD_FCON
e1eaea46
AC		 679 *
680 * FIXME: lock against link layer control transmissions
681 */
682
683static void gsm_data_kick(struct gsm_mux *gsm)
684{
b4338e1e 685 struct gsm_msg *msg, *nmsg;
e1eaea46
AC		 686 int len;
687 int skip_sof = 0;
688
b4338e1e
RG		 689 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
690 if (gsm->constipated && msg->addr)
c01af4fe 691 continue;
e1eaea46
AC		 692 if (gsm->encoding != 0) {
693 gsm->txframe[0] = GSM1_SOF;
694 len = gsm_stuff_frame(msg->data,
695 gsm->txframe + 1, msg->len);
696 gsm->txframe[len + 1] = GSM1_SOF;
697 len += 2;
698 } else {
699 gsm->txframe[0] = GSM0_SOF;
700 memcpy(gsm->txframe + 1 , msg->data, msg->len);
701 gsm->txframe[msg->len + 1] = GSM0_SOF;
702 len = msg->len + 2;
703 }
704
0a77c4f9
JP		 705 if (debug & 4)
706 print_hex_dump_bytes("gsm_data_kick: ",
707 DUMP_PREFIX_OFFSET,
708 gsm->txframe, len);
e1eaea46
AC		 709
710 if (gsm->output(gsm, gsm->txframe + skip_sof,
711 len - skip_sof) < 0)
712 break;
713 /* FIXME: Can eliminate one SOF in many more cases */
e1eaea46 714 gsm->tx_bytes -= msg->len;
e1eaea46
AC		 715 /* For a burst of frames skip the extra SOF within the
716 burst */
717 skip_sof = 1;
c01af4fe 718
b4338e1e
RG		 719 list_del(&msg->list);
720 kfree(msg);
e1eaea46
AC		 721 }
722}
723
724/**
725 * __gsm_data_queue - queue a UI or UIH frame
726 * @dlci: DLCI sending the data
727 * @msg: message queued
728 *
729 * Add data to the transmit queue and try and get stuff moving
730 * out of the mux tty if not already doing so. The Caller must hold
731 * the gsm tx lock.
732 */
733
734static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
735{
736 struct gsm_mux *gsm = dlci->gsm;
737 u8 *dp = msg->data;
738 u8 *fcs = dp + msg->len;
739
740 /* Fill in the header */
741 if (gsm->encoding == 0) {
742 if (msg->len < 128)
743 *--dp = (msg->len << 1) | EA;
744 else {
be7a7411
KM		 745 *--dp = (msg->len >> 7); /* bits 7 - 15 */
746 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
e1eaea46
AC		 747 }
748 }
749
750 *--dp = msg->ctrl;
751 if (gsm->initiator)
752 *--dp = (msg->addr << 2) | 2 | EA;
753 else
754 *--dp = (msg->addr << 2) | EA;
755 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
756 /* Ugly protocol layering violation */
757 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
758 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
759 *fcs = 0xFF - *fcs;
760
761 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
762 msg->data, msg->len);
763
764 /* Move the header back and adjust the length, also allow for the FCS
765 now tacked on the end */
766 msg->len += (msg->data - dp) + 1;
767 msg->data = dp;
768
769 /* Add to the actual output queue */
b4338e1e 770 list_add_tail(&msg->list, &gsm->tx_list);
e1eaea46
AC		 771 gsm->tx_bytes += msg->len;
772 gsm_data_kick(gsm);
773}
774
775/**
776 * gsm_data_queue - queue a UI or UIH frame
777 * @dlci: DLCI sending the data
778 * @msg: message queued
779 *
780 * Add data to the transmit queue and try and get stuff moving
781 * out of the mux tty if not already doing so. Take the
782 * the gsm tx lock and dlci lock.
783 */
784
785static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
786{
787 unsigned long flags;
788 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
789 __gsm_data_queue(dlci, msg);
790 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
791}
792
793/**
794 * gsm_dlci_data_output - try and push data out of a DLCI
795 * @gsm: mux
796 * @dlci: the DLCI to pull data from
797 *
798 * Pull data from a DLCI and send it into the transmit queue if there
799 * is data. Keep to the MRU of the mux. This path handles the usual tty
800 * interface which is a byte stream with optional modem data.
801 *
802 * Caller must hold the tx_lock of the mux.
803 */
804
805static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
806{
807 struct gsm_msg *msg;
808 u8 *dp;
268e526b 809 int len, total_size, size;
e1eaea46
AC		 810 int h = dlci->adaption - 1;
811
268e526b
MK		 812 total_size = 0;
813 while(1) {
814 len = kfifo_len(dlci->fifo);
815 if (len == 0)
816 return total_size;
817
818 /* MTU/MRU count only the data bits */
819 if (len > gsm->mtu)
820 len = gsm->mtu;
821
822 size = len + h;
823
824 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
825 /* FIXME: need a timer or something to kick this so it can't
826 get stuck with no work outstanding and no buffer free */
827 if (msg == NULL)
828 return -ENOMEM;
829 dp = msg->data;
830 switch (dlci->adaption) {
831 case 1: /* Unstructured */
832 break;
833 case 2: /* Unstructed with modem bits. Always one byte as we never
834 send inline break data */
835 *dp++ = gsm_encode_modem(dlci);
836 break;
837 }
838 WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
839 __gsm_data_queue(dlci, msg);
840 total_size += size;
e1eaea46 841 }
e1eaea46 842 /* Bytes of data we used up */
268e526b 843 return total_size;
e1eaea46
AC		 844}
845
846/**
847 * gsm_dlci_data_output_framed - try and push data out of a DLCI
848 * @gsm: mux
849 * @dlci: the DLCI to pull data from
850 *
851 * Pull data from a DLCI and send it into the transmit queue if there
852 * is data. Keep to the MRU of the mux. This path handles framed data
853 * queued as skbuffs to the DLCI.
854 *
855 * Caller must hold the tx_lock of the mux.
856 */
857
858static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
859 struct gsm_dlci *dlci)
860{
861 struct gsm_msg *msg;
862 u8 *dp;
863 int len, size;
864 int last = 0, first = 0;
865 int overhead = 0;
866
867 /* One byte per frame is used for B/F flags */
868 if (dlci->adaption == 4)
869 overhead = 1;
870
871 /* dlci->skb is locked by tx_lock */
872 if (dlci->skb == NULL) {
88ed2a60 873 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
e1eaea46
AC		 874 if (dlci->skb == NULL)
875 return 0;
876 first = 1;
877 }
878 len = dlci->skb->len + overhead;
879
880 /* MTU/MRU count only the data bits */
881 if (len > gsm->mtu) {
882 if (dlci->adaption == 3) {
883 /* Over long frame, bin it */
329e5678 884 dev_kfree_skb_any(dlci->skb);
e1eaea46
AC		 885 dlci->skb = NULL;
886 return 0;
887 }
888 len = gsm->mtu;
889 } else
890 last = 1;
891
892 size = len + overhead;
893 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
894
895 /* FIXME: need a timer or something to kick this so it can't
896 get stuck with no work outstanding and no buffer free */
88ed2a60
RG		 897 if (msg == NULL) {
898 skb_queue_tail(&dlci->skb_list, dlci->skb);
899 dlci->skb = NULL;
e1eaea46 900 return -ENOMEM;
88ed2a60 901 }
e1eaea46
AC		 902 dp = msg->data;
903
904 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
905 /* Flag byte to carry the start/end info */
906 *dp++ = last << 7 | first << 6 | 1; /* EA */
907 len--;
908 }
57f2104f
RG		 909 memcpy(dp, dlci->skb->data, len);
910 skb_pull(dlci->skb, len);
e1eaea46 911 __gsm_data_queue(dlci, msg);
bcd5abe2 912 if (last) {
329e5678 913 dev_kfree_skb_any(dlci->skb);
e1eaea46 914 dlci->skb = NULL;
bcd5abe2 915 }
e1eaea46
AC		 916 return size;
917}
918
919/**
920 * gsm_dlci_data_sweep - look for data to send
921 * @gsm: the GSM mux
922 *
923 * Sweep the GSM mux channels in priority order looking for ones with
924 * data to send. We could do with optimising this scan a bit. We aim
925 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
926 * TX_THRESH_LO we get called again
927 *
928 * FIXME: We should round robin between groups and in theory you can
929 * renegotiate DLCI priorities with optional stuff. Needs optimising.
930 */
931
932static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
933{
934 int len;
935 /* Priority ordering: We should do priority with RR of the groups */
936 int i = 1;
e1eaea46 937
e1eaea46
AC		 938 while (i < NUM_DLCI) {
939 struct gsm_dlci *dlci;
940
941 if (gsm->tx_bytes > TX_THRESH_HI)
942 break;
943 dlci = gsm->dlci[i];
944 if (dlci == NULL || dlci->constipated) {
945 i++;
946 continue;
947 }
bcd5abe2 948 if (dlci->adaption < 3 && !dlci->net)
e1eaea46
AC		 949 len = gsm_dlci_data_output(gsm, dlci);
950 else
951 len = gsm_dlci_data_output_framed(gsm, dlci);
952 if (len < 0)
e73790a5 953 break;
e1eaea46
AC		 954 /* DLCI empty - try the next */
955 if (len == 0)
956 i++;
957 }
e1eaea46
AC		 958}
959
960/**
961 * gsm_dlci_data_kick - transmit if possible
962 * @dlci: DLCI to kick
963 *
964 * Transmit data from this DLCI if the queue is empty. We can't rely on
965 * a tty wakeup except when we filled the pipe so we need to fire off
966 * new data ourselves in other cases.
967 */
968
969static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
970{
971 unsigned long flags;
192b6041 972 int sweep;
e1eaea46 973
10c6c383 974 if (dlci->constipated)
c01af4fe 975 return;
c01af4fe 976
e1eaea46
AC		 977 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
978 /* If we have nothing running then we need to fire up */
192b6041 979 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
bcd5abe2
RG		 980 if (dlci->gsm->tx_bytes == 0) {
981 if (dlci->net)
982 gsm_dlci_data_output_framed(dlci->gsm, dlci);
983 else
984 gsm_dlci_data_output(dlci->gsm, dlci);
192b6041
RG		 985 }
986 if (sweep)
987 gsm_dlci_data_sweep(dlci->gsm);
e1eaea46
AC		 988 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
989}
990
991/*
992 * Control message processing
993 */
994
995
996/**
997 * gsm_control_reply - send a response frame to a control
998 * @gsm: gsm channel
999 * @cmd: the command to use
1000 * @data: data to follow encoded info
1001 * @dlen: length of data
1002 *
1003 * Encode up and queue a UI/UIH frame containing our response.
1004 */
1005
1006static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
1007 int dlen)
1008{
1009 struct gsm_msg *msg;
1010 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
093d8046
KM		 1011 if (msg == NULL)
1012 return;
e1eaea46
AC		 1013 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1014 msg->data[1] = (dlen << 1) | EA;
1015 memcpy(msg->data + 2, data, dlen);
1016 gsm_data_queue(gsm->dlci[0], msg);
1017}
1018
1019/**
1020 * gsm_process_modem - process received modem status
1021 * @tty: virtual tty bound to the DLCI
1022 * @dlci: DLCI to affect
1023 * @modem: modem bits (full EA)
1024 *
1025 * Used when a modem control message or line state inline in adaption
1026 * layer 2 is processed. Sort out the local modem state and throttles
1027 */
1028
1029static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
7263287a 1030 u32 modem, int clen)
e1eaea46
AC		 1031{
1032 int mlines = 0;
7263287a 1033 u8 brk = 0;
c01af4fe 1034 int fc;
7263287a
RG		 1035
1036 /* The modem status command can either contain one octet (v.24 signals)
1037 or two octets (v.24 signals + break signals). The length field will
1038 either be 2 or 3 respectively. This is specified in section
1039 5.4.6.3.7 of the 27.010 mux spec. */
1040
1041 if (clen == 2)
1042 modem = modem & 0x7f;
1043 else {
1044 brk = modem & 0x7f;
1045 modem = (modem >> 7) & 0x7f;
c01af4fe 1046 }
e1eaea46
AC		 1047
1048 /* Flow control/ready to communicate */
c01af4fe
FB		 1049 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1050 if (fc && !dlci->constipated) {
e1eaea46
AC		 1051 /* Need to throttle our output on this device */
1052 dlci->constipated = 1;
c01af4fe 1053 } else if (!fc && dlci->constipated) {
e1eaea46
AC		 1054 dlci->constipated = 0;
1055 gsm_dlci_data_kick(dlci);
1056 }
c01af4fe 1057
e1eaea46 1058 /* Map modem bits */
c01af4fe
FB		 1059 if (modem & MDM_RTC)
1060 mlines |= TIOCM_DSR | TIOCM_DTR;
e1eaea46
AC		 1061 if (modem & MDM_RTR)
1062 mlines |= TIOCM_RTS | TIOCM_CTS;
1063 if (modem & MDM_IC)
1064 mlines |= TIOCM_RI;
1065 if (modem & MDM_DV)
1066 mlines |= TIOCM_CD;
1067
1068 /* Carrier drop -> hangup */
1069 if (tty) {
1070 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
adc8d746 1071 if (!(tty->termios.c_cflag & CLOCAL))
e1eaea46
AC		 1072 tty_hangup(tty);
1073 if (brk & 0x01)
1074 tty_insert_flip_char(tty, 0, TTY_BREAK);
1075 }
1076 dlci->modem_rx = mlines;
1077}
1078
1079/**
1080 * gsm_control_modem - modem status received
1081 * @gsm: GSM channel
1082 * @data: data following command
1083 * @clen: command length
1084 *
1085 * We have received a modem status control message. This is used by
1086 * the GSM mux protocol to pass virtual modem line status and optionally
1087 * to indicate break signals. Unpack it, convert to Linux representation
1088 * and if need be stuff a break message down the tty.
1089 */
1090
1091static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1092{
1093 unsigned int addr = 0;
1094 unsigned int modem = 0;
1095 struct gsm_dlci *dlci;
1096 int len = clen;
1097 u8 *dp = data;
1098 struct tty_struct *tty;
1099
1100 while (gsm_read_ea(&addr, *dp++) == 0) {
1101 len--;
1102 if (len == 0)
1103 return;
1104 }
1105 /* Must be at least one byte following the EA */
1106 len--;
1107 if (len <= 0)
1108 return;
1109
1110 addr >>= 1;
1111 /* Closed port, or invalid ? */
1112 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1113 return;
1114 dlci = gsm->dlci[addr];
1115
1116 while (gsm_read_ea(&modem, *dp++) == 0) {
1117 len--;
1118 if (len == 0)
1119 return;
1120 }
1121 tty = tty_port_tty_get(&dlci->port);
7263287a 1122 gsm_process_modem(tty, dlci, modem, clen);
e1eaea46
AC		 1123 if (tty) {
1124 tty_wakeup(tty);
1125 tty_kref_put(tty);
1126 }
1127 gsm_control_reply(gsm, CMD_MSC, data, clen);
1128}
1129
1130/**
1131 * gsm_control_rls - remote line status
1132 * @gsm: GSM channel
1133 * @data: data bytes
1134 * @clen: data length
1135 *
1136 * The modem sends us a two byte message on the control channel whenever
1137 * it wishes to send us an error state from the virtual link. Stuff
1138 * this into the uplink tty if present
1139 */
1140
1141static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1142{
1143 struct tty_struct *tty;
1144 unsigned int addr = 0 ;
1145 u8 bits;
1146 int len = clen;
1147 u8 *dp = data;
1148
1149 while (gsm_read_ea(&addr, *dp++) == 0) {
1150 len--;
1151 if (len == 0)
1152 return;
1153 }
1154 /* Must be at least one byte following ea */
1155 len--;
1156 if (len <= 0)
1157 return;
1158 addr >>= 1;
1159 /* Closed port, or invalid ? */
1160 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1161 return;
1162 /* No error ? */
1163 bits = *dp;
1164 if ((bits & 1) == 0)
1165 return;
1166 /* See if we have an uplink tty */
1167 tty = tty_port_tty_get(&gsm->dlci[addr]->port);
1168
1169 if (tty) {
1170 if (bits & 2)
1171 tty_insert_flip_char(tty, 0, TTY_OVERRUN);
1172 if (bits & 4)
1173 tty_insert_flip_char(tty, 0, TTY_PARITY);
1174 if (bits & 8)
1175 tty_insert_flip_char(tty, 0, TTY_FRAME);
1176 tty_flip_buffer_push(tty);
1177 tty_kref_put(tty);
1178 }
1179 gsm_control_reply(gsm, CMD_RLS, data, clen);
1180}
1181
1182static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1183
1184/**
1185 * gsm_control_message - DLCI 0 control processing
1186 * @gsm: our GSM mux
1187 * @command: the command EA
1188 * @data: data beyond the command/length EAs
1189 * @clen: length
1190 *
1191 * Input processor for control messages from the other end of the link.
1192 * Processes the incoming request and queues a response frame or an
1193 * NSC response if not supported
1194 */
1195
1196static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1197 u8 *data, int clen)
1198{
1199 u8 buf[1];
5e44708f
RG		 1200 unsigned long flags;
1201
e1eaea46
AC		 1202 switch (command) {
1203 case CMD_CLD: {
1204 struct gsm_dlci *dlci = gsm->dlci[0];
1205 /* Modem wishes to close down */
1206 if (dlci) {
1207 dlci->dead = 1;
1208 gsm->dead = 1;
1209 gsm_dlci_begin_close(dlci);
1210 }
1211 }
1212 break;
1213 case CMD_TEST:
1214 /* Modem wishes to test, reply with the data */
1215 gsm_control_reply(gsm, CMD_TEST, data, clen);
1216 break;
1217 case CMD_FCON:
e1eaea46
AC		 1218 /* Modem can accept data again */
1219 gsm->constipated = 0;
c01af4fe 1220 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
e1eaea46 1221 /* Kick the link in case it is idling */
5e44708f 1222 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 1223 gsm_data_kick(gsm);
5e44708f 1224 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46 1225 break;
c01af4fe
FB		 1226 case CMD_FCOFF:
1227 /* Modem wants us to STFU */
c01af4fe
FB		 1228 gsm->constipated = 1;
1229 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1230 break;
e1eaea46
AC		 1231 case CMD_MSC:
1232 /* Out of band modem line change indicator for a DLCI */
1233 gsm_control_modem(gsm, data, clen);
1234 break;
1235 case CMD_RLS:
1236 /* Out of band error reception for a DLCI */
1237 gsm_control_rls(gsm, data, clen);
1238 break;
1239 case CMD_PSC:
1240 /* Modem wishes to enter power saving state */
1241 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1242 break;
1243 /* Optional unsupported commands */
1244 case CMD_PN: /* Parameter negotiation */
25985edc
LDM		 1245 case CMD_RPN: /* Remote port negotiation */
1246 case CMD_SNC: /* Service negotiation command */
e1eaea46
AC		 1247 default:
1248 /* Reply to bad commands with an NSC */
1249 buf[0] = command;
1250 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1251 break;
1252 }
1253}
1254
1255/**
1256 * gsm_control_response - process a response to our control
1257 * @gsm: our GSM mux
1258 * @command: the command (response) EA
1259 * @data: data beyond the command/length EA
1260 * @clen: length
1261 *
1262 * Process a response to an outstanding command. We only allow a single
1263 * control message in flight so this is fairly easy. All the clean up
1264 * is done by the caller, we just update the fields, flag it as done
1265 * and return
1266 */
1267
1268static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1269 u8 *data, int clen)
1270{
1271 struct gsm_control *ctrl;
1272 unsigned long flags;
1273
1274 spin_lock_irqsave(&gsm->control_lock, flags);
1275
1276 ctrl = gsm->pending_cmd;
1277 /* Does the reply match our command */
1278 command |= 1;
1279 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1280 /* Our command was replied to, kill the retry timer */
1281 del_timer(&gsm->t2_timer);
1282 gsm->pending_cmd = NULL;
1283 /* Rejected by the other end */
1284 if (command == CMD_NSC)
1285 ctrl->error = -EOPNOTSUPP;
1286 ctrl->done = 1;
1287 wake_up(&gsm->event);
1288 }
1289 spin_unlock_irqrestore(&gsm->control_lock, flags);
1290}
1291
1292/**
5f9a31d6 1293 * gsm_control_transmit - send control packet
e1eaea46
AC		 1294 * @gsm: gsm mux
1295 * @ctrl: frame to send
1296 *
1297 * Send out a pending control command (called under control lock)
1298 */
1299
1300static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1301{
ed43b47b 1302 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
e1eaea46
AC		 1303 if (msg == NULL)
1304 return;
1305 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1306 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1307 gsm_data_queue(gsm->dlci[0], msg);
1308}
1309
1310/**
1311 * gsm_control_retransmit - retransmit a control frame
1312 * @data: pointer to our gsm object
1313 *
1314 * Called off the T2 timer expiry in order to retransmit control frames
1315 * that have been lost in the system somewhere. The control_lock protects
1316 * us from colliding with another sender or a receive completion event.
1317 * In that situation the timer may still occur in a small window but
1318 * gsm->pending_cmd will be NULL and we just let the timer expire.
1319 */
1320
1321static void gsm_control_retransmit(unsigned long data)
1322{
1323 struct gsm_mux *gsm = (struct gsm_mux *)data;
1324 struct gsm_control *ctrl;
1325 unsigned long flags;
1326 spin_lock_irqsave(&gsm->control_lock, flags);
1327 ctrl = gsm->pending_cmd;
1328 if (ctrl) {
1329 gsm->cretries--;
1330 if (gsm->cretries == 0) {
1331 gsm->pending_cmd = NULL;
1332 ctrl->error = -ETIMEDOUT;
1333 ctrl->done = 1;
1334 spin_unlock_irqrestore(&gsm->control_lock, flags);
1335 wake_up(&gsm->event);
1336 return;
1337 }
1338 gsm_control_transmit(gsm, ctrl);
1339 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1340 }
1341 spin_unlock_irqrestore(&gsm->control_lock, flags);
1342}
1343
1344/**
1345 * gsm_control_send - send a control frame on DLCI 0
1346 * @gsm: the GSM channel
1347 * @command: command to send including CR bit
1348 * @data: bytes of data (must be kmalloced)
1349 * @len: length of the block to send
1350 *
1351 * Queue and dispatch a control command. Only one command can be
1352 * active at a time. In theory more can be outstanding but the matching
1353 * gets really complicated so for now stick to one outstanding.
1354 */
1355
1356static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1357 unsigned int command, u8 *data, int clen)
1358{
1359 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1360 GFP_KERNEL);
1361 unsigned long flags;
1362 if (ctrl == NULL)
1363 return NULL;
1364retry:
1365 wait_event(gsm->event, gsm->pending_cmd == NULL);
1366 spin_lock_irqsave(&gsm->control_lock, flags);
1367 if (gsm->pending_cmd != NULL) {
1368 spin_unlock_irqrestore(&gsm->control_lock, flags);
1369 goto retry;
1370 }
1371 ctrl->cmd = command;
1372 ctrl->data = data;
1373 ctrl->len = clen;
1374 gsm->pending_cmd = ctrl;
1375 gsm->cretries = gsm->n2;
1376 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1377 gsm_control_transmit(gsm, ctrl);
1378 spin_unlock_irqrestore(&gsm->control_lock, flags);
1379 return ctrl;
1380}
1381
1382/**
1383 * gsm_control_wait - wait for a control to finish
1384 * @gsm: GSM mux
1385 * @control: control we are waiting on
1386 *
1387 * Waits for the control to complete or time out. Frees any used
1388 * resources and returns 0 for success, or an error if the remote
1389 * rejected or ignored the request.
1390 */
1391
1392static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1393{
1394 int err;
1395 wait_event(gsm->event, control->done == 1);
1396 err = control->error;
1397 kfree(control);
1398 return err;
1399}
1400
1401
1402/*
1403 * DLCI level handling: Needs krefs
1404 */
1405
1406/*
1407 * State transitions and timers
1408 */
1409
1410/**
1411 * gsm_dlci_close - a DLCI has closed
1412 * @dlci: DLCI that closed
1413 *
1414 * Perform processing when moving a DLCI into closed state. If there
1415 * is an attached tty this is hung up
1416 */
1417
1418static void gsm_dlci_close(struct gsm_dlci *dlci)
1419{
1420 del_timer(&dlci->t1);
1421 if (debug & 8)
5f9a31d6 1422 pr_debug("DLCI %d goes closed.\n", dlci->addr);
e1eaea46
AC		 1423 dlci->state = DLCI_CLOSED;
1424 if (dlci->addr != 0) {
1425 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1426 if (tty) {
1427 tty_hangup(tty);
1428 tty_kref_put(tty);
1429 }
1430 kfifo_reset(dlci->fifo);
1431 } else
1432 dlci->gsm->dead = 1;
1433 wake_up(&dlci->gsm->event);
1434 /* A DLCI 0 close is a MUX termination so we need to kick that
1435 back to userspace somehow */
1436}
1437
1438/**
1439 * gsm_dlci_open - a DLCI has opened
1440 * @dlci: DLCI that opened
1441 *
1442 * Perform processing when moving a DLCI into open state.
1443 */
1444
1445static void gsm_dlci_open(struct gsm_dlci *dlci)
1446{
1447 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1448 open -> open */
1449 del_timer(&dlci->t1);
1450 /* This will let a tty open continue */
1451 dlci->state = DLCI_OPEN;
1452 if (debug & 8)
5f9a31d6 1453 pr_debug("DLCI %d goes open.\n", dlci->addr);
e1eaea46
AC		 1454 wake_up(&dlci->gsm->event);
1455}
1456
1457/**
1458 * gsm_dlci_t1 - T1 timer expiry
1459 * @dlci: DLCI that opened
1460 *
1461 * The T1 timer handles retransmits of control frames (essentially of
1462 * SABM and DISC). We resend the command until the retry count runs out
1463 * in which case an opening port goes back to closed and a closing port
1464 * is simply put into closed state (any further frames from the other
1465 * end will get a DM response)
1466 */
1467
1468static void gsm_dlci_t1(unsigned long data)
1469{
1470 struct gsm_dlci *dlci = (struct gsm_dlci *)data;
1471 struct gsm_mux *gsm = dlci->gsm;
1472
1473 switch (dlci->state) {
1474 case DLCI_OPENING:
1475 dlci->retries--;
1476 if (dlci->retries) {
1477 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1478 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1479 } else
1480 gsm_dlci_close(dlci);
1481 break;
1482 case DLCI_CLOSING:
1483 dlci->retries--;
1484 if (dlci->retries) {
1485 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1486 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1487 } else
1488 gsm_dlci_close(dlci);
1489 break;
1490 }
1491}
1492
1493/**
1494 * gsm_dlci_begin_open - start channel open procedure
1495 * @dlci: DLCI to open
1496 *
1497 * Commence opening a DLCI from the Linux side. We issue SABM messages
1498 * to the modem which should then reply with a UA, at which point we
1499 * will move into open state. Opening is done asynchronously with retry
1500 * running off timers and the responses.
1501 */
1502
1503static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1504{
1505 struct gsm_mux *gsm = dlci->gsm;
1506 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1507 return;
1508 dlci->retries = gsm->n2;
1509 dlci->state = DLCI_OPENING;
1510 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1511 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1512}
1513
1514/**
1515 * gsm_dlci_begin_close - start channel open procedure
1516 * @dlci: DLCI to open
1517 *
1518 * Commence closing a DLCI from the Linux side. We issue DISC messages
1519 * to the modem which should then reply with a UA, at which point we
1520 * will move into closed state. Closing is done asynchronously with retry
1521 * off timers. We may also receive a DM reply from the other end which
1522 * indicates the channel was already closed.
1523 */
1524
1525static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1526{
1527 struct gsm_mux *gsm = dlci->gsm;
1528 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1529 return;
1530 dlci->retries = gsm->n2;
1531 dlci->state = DLCI_CLOSING;
1532 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1533 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1534}
1535
1536/**
1537 * gsm_dlci_data - data arrived
1538 * @dlci: channel
1539 * @data: block of bytes received
1540 * @len: length of received block
1541 *
1542 * A UI or UIH frame has arrived which contains data for a channel
1543 * other than the control channel. If the relevant virtual tty is
1544 * open we shovel the bits down it, if not we drop them.
1545 */
1546
7263287a 1547static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
e1eaea46
AC		 1548{
1549 /* krefs .. */
1550 struct tty_port *port = &dlci->port;
1551 struct tty_struct *tty = tty_port_tty_get(port);
1552 unsigned int modem = 0;
7263287a 1553 int len = clen;
e1eaea46
AC		 1554
1555 if (debug & 16)
5f9a31d6 1556 pr_debug("%d bytes for tty %p\n", len, tty);
e1eaea46
AC		 1557 if (tty) {
1558 switch (dlci->adaption) {
5f9a31d6
AC		 1559 /* Unsupported types */
1560 /* Packetised interruptible data */
1561 case 4:
1562 break;
1563 /* Packetised uininterruptible voice/data */
1564 case 3:
1565 break;
1566 /* Asynchronous serial with line state in each frame */
1567 case 2:
1568 while (gsm_read_ea(&modem, *data++) == 0) {
1569 len--;
1570 if (len == 0)
1571 return;
1572 }
7263287a 1573 gsm_process_modem(tty, dlci, modem, clen);
5f9a31d6
AC		 1574 /* Line state will go via DLCI 0 controls only */
1575 case 1:
1576 default:
1577 tty_insert_flip_string(tty, data, len);
1578 tty_flip_buffer_push(tty);
e1eaea46
AC		 1579 }
1580 tty_kref_put(tty);
1581 }
1582}
1583
1584/**
1585 * gsm_dlci_control - data arrived on control channel
1586 * @dlci: channel
1587 * @data: block of bytes received
1588 * @len: length of received block
1589 *
1590 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1591 * control channel. This should contain a command EA followed by
1592 * control data bytes. The command EA contains a command/response bit
1593 * and we divide up the work accordingly.
1594 */
1595
1596static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1597{
1598 /* See what command is involved */
1599 unsigned int command = 0;
1600 while (len-- > 0) {
1601 if (gsm_read_ea(&command, *data++) == 1) {
1602 int clen = *data++;
1603 len--;
1604 /* FIXME: this is properly an EA */
1605 clen >>= 1;
1606 /* Malformed command ? */
1607 if (clen > len)
1608 return;
1609 if (command & 1)
1610 gsm_control_message(dlci->gsm, command,
1611 data, clen);
1612 else
1613 gsm_control_response(dlci->gsm, command,
1614 data, clen);
1615 return;
1616 }
1617 }
1618}
1619
1620/*
1621 * Allocate/Free DLCI channels
1622 */
1623
1624/**
1625 * gsm_dlci_alloc - allocate a DLCI
1626 * @gsm: GSM mux
1627 * @addr: address of the DLCI
1628 *
1629 * Allocate and install a new DLCI object into the GSM mux.
1630 *
1631 * FIXME: review locking races
1632 */
1633
1634static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1635{
1636 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1637 if (dlci == NULL)
1638 return NULL;
1639 spin_lock_init(&dlci->lock);
bcd5abe2 1640 mutex_init(&dlci->mutex);
e1eaea46
AC		 1641 dlci->fifo = &dlci->_fifo;
1642 if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1643 kfree(dlci);
1644 return NULL;
1645 }
1646
1647 skb_queue_head_init(&dlci->skb_list);
1648 init_timer(&dlci->t1);
1649 dlci->t1.function = gsm_dlci_t1;
1650 dlci->t1.data = (unsigned long)dlci;
1651 tty_port_init(&dlci->port);
1652 dlci->port.ops = &gsm_port_ops;
1653 dlci->gsm = gsm;
1654 dlci->addr = addr;
1655 dlci->adaption = gsm->adaption;
1656 dlci->state = DLCI_CLOSED;
1657 if (addr)
1658 dlci->data = gsm_dlci_data;
1659 else
1660 dlci->data = gsm_dlci_command;
1661 gsm->dlci[addr] = dlci;
1662 return dlci;
1663}
1664
1665/**
6ab8fba7
RG		 1666 * gsm_dlci_free - free DLCI
1667 * @dlci: DLCI to free
1668 *
1669 * Free up a DLCI.
1670 *
1671 * Can sleep.
1672 */
9a8e62bc 1673static void gsm_dlci_free(struct tty_port *port)
6ab8fba7 1674{
9a8e62bc 1675 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
6ab8fba7
RG		 1676
1677 del_timer_sync(&dlci->t1);
1678 dlci->gsm->dlci[dlci->addr] = NULL;
1679 kfifo_free(dlci->fifo);
1680 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
329e5678 1681 dev_kfree_skb(dlci->skb);
6ab8fba7
RG		 1682 kfree(dlci);
1683}
1684
1685static inline void dlci_get(struct gsm_dlci *dlci)
1686{
9a8e62bc 1687 tty_port_get(&dlci->port);
6ab8fba7
RG		 1688}
1689
1690static inline void dlci_put(struct gsm_dlci *dlci)
1691{
9a8e62bc 1692 tty_port_put(&dlci->port);
6ab8fba7
RG		 1693}
1694
1695/**
1696 * gsm_dlci_release - release DLCI
e1eaea46
AC		 1697 * @dlci: DLCI to destroy
1698 *
6ab8fba7
RG		 1699 * Release a DLCI. Actual free is deferred until either
1700 * mux is closed or tty is closed - whichever is last.
e1eaea46
AC		 1701 *
1702 * Can sleep.
1703 */
6ab8fba7 1704static void gsm_dlci_release(struct gsm_dlci *dlci)
e1eaea46
AC		 1705{
1706 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1707 if (tty) {
1708 tty_vhangup(tty);
1709 tty_kref_put(tty);
1710 }
6ab8fba7 1711 dlci_put(dlci);
e1eaea46
AC		 1712}
1713
e1eaea46
AC		 1714/*
1715 * LAPBish link layer logic
1716 */
1717
1718/**
1719 * gsm_queue - a GSM frame is ready to process
1720 * @gsm: pointer to our gsm mux
1721 *
1722 * At this point in time a frame has arrived and been demangled from
1723 * the line encoding. All the differences between the encodings have
1724 * been handled below us and the frame is unpacked into the structures.
1725 * The fcs holds the header FCS but any data FCS must be added here.
1726 */
1727
1728static void gsm_queue(struct gsm_mux *gsm)
1729{
1730 struct gsm_dlci *dlci;
1731 u8 cr;
1732 int address;
1733 /* We have to sneak a look at the packet body to do the FCS.
1734 A somewhat layering violation in the spec */
1735
1736 if ((gsm->control & ~PF) == UI)
1737 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
9db4e438
MK		 1738 if (gsm->encoding == 0){
1739 /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
1740 In this case it contain the last piece of data
1741 required to generate final CRC */
1742 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1743 }
e1eaea46
AC		 1744 if (gsm->fcs != GOOD_FCS) {
1745 gsm->bad_fcs++;
1746 if (debug & 4)
5f9a31d6 1747 pr_debug("BAD FCS %02x\n", gsm->fcs);
e1eaea46
AC		 1748 return;
1749 }
1750 address = gsm->address >> 1;
1751 if (address >= NUM_DLCI)
1752 goto invalid;
1753
1754 cr = gsm->address & 1; /* C/R bit */
1755
1756 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1757
1758 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1759 dlci = gsm->dlci[address];
1760
1761 switch (gsm->control) {
1762 case SABM|PF:
1763 if (cr == 0)
1764 goto invalid;
1765 if (dlci == NULL)
1766 dlci = gsm_dlci_alloc(gsm, address);
1767 if (dlci == NULL)
1768 return;
1769 if (dlci->dead)
1770 gsm_response(gsm, address, DM);
1771 else {
1772 gsm_response(gsm, address, UA);
1773 gsm_dlci_open(dlci);
1774 }
1775 break;
1776 case DISC|PF:
1777 if (cr == 0)
1778 goto invalid;
1779 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1780 gsm_response(gsm, address, DM);
1781 return;
1782 }
1783 /* Real close complete */
1784 gsm_response(gsm, address, UA);
1785 gsm_dlci_close(dlci);
1786 break;
1787 case UA:
1788 case UA|PF:
1789 if (cr == 0 || dlci == NULL)
1790 break;
1791 switch (dlci->state) {
1792 case DLCI_CLOSING:
1793 gsm_dlci_close(dlci);
1794 break;
1795 case DLCI_OPENING:
1796 gsm_dlci_open(dlci);
1797 break;
1798 }
1799 break;
1800 case DM: /* DM can be valid unsolicited */
1801 case DM|PF:
1802 if (cr)
1803 goto invalid;
1804 if (dlci == NULL)
1805 return;
1806 gsm_dlci_close(dlci);
1807 break;
1808 case UI:
1809 case UI|PF:
1810 case UIH:
1811 case UIH|PF:
1812#if 0
1813 if (cr)
1814 goto invalid;
1815#endif
1816 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1817 gsm_command(gsm, address, DM|PF);
1818 return;
1819 }
1820 dlci->data(dlci, gsm->buf, gsm->len);
1821 break;
1822 default:
1823 goto invalid;
1824 }
1825 return;
1826invalid:
1827 gsm->malformed++;
1828 return;
1829}
1830
1831
1832/**
1833 * gsm0_receive - perform processing for non-transparency
1834 * @gsm: gsm data for this ldisc instance
1835 * @c: character
1836 *
1837 * Receive bytes in gsm mode 0
1838 */
1839
1840static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1841{
c2f2f000
AC		 1842 unsigned int len;
1843
e1eaea46
AC		 1844 switch (gsm->state) {
1845 case GSM_SEARCH: /* SOF marker */
1846 if (c == GSM0_SOF) {
1847 gsm->state = GSM_ADDRESS;
1848 gsm->address = 0;
1849 gsm->len = 0;
1850 gsm->fcs = INIT_FCS;
1851 }
c2f2f000
AC		 1852 break;
1853 case GSM_ADDRESS: /* Address EA */
e1eaea46
AC		 1854 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1855 if (gsm_read_ea(&gsm->address, c))
1856 gsm->state = GSM_CONTROL;
1857 break;
1858 case GSM_CONTROL: /* Control Byte */
1859 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1860 gsm->control = c;
c2f2f000 1861 gsm->state = GSM_LEN0;
e1eaea46 1862 break;
c2f2f000 1863 case GSM_LEN0: /* Length EA */
e1eaea46
AC		 1864 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1865 if (gsm_read_ea(&gsm->len, c)) {
1866 if (gsm->len > gsm->mru) {
1867 gsm->bad_size++;
1868 gsm->state = GSM_SEARCH;
1869 break;
1870 }
1871 gsm->count = 0;
c2f2f000
AC		 1872 if (!gsm->len)
1873 gsm->state = GSM_FCS;
1874 else
1875 gsm->state = GSM_DATA;
1876 break;
e1eaea46 1877 }
c2f2f000
AC		 1878 gsm->state = GSM_LEN1;
1879 break;
1880 case GSM_LEN1:
1881 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1882 len = c;
1883 gsm->len |= len << 7;
1884 if (gsm->len > gsm->mru) {
1885 gsm->bad_size++;
1886 gsm->state = GSM_SEARCH;
1887 break;
e1eaea46 1888 }
c2f2f000
AC		 1889 gsm->count = 0;
1890 if (!gsm->len)
1891 gsm->state = GSM_FCS;
1892 else
1893 gsm->state = GSM_DATA;
e1eaea46
AC		 1894 break;
1895 case GSM_DATA: /* Data */
1896 gsm->buf[gsm->count++] = c;
1897 if (gsm->count == gsm->len)
1898 gsm->state = GSM_FCS;
1899 break;
1900 case GSM_FCS: /* FCS follows the packet */
c2f2f000 1901 gsm->received_fcs = c;
e1eaea46 1902 gsm_queue(gsm);
c2f2f000
AC		 1903 gsm->state = GSM_SSOF;
1904 break;
1905 case GSM_SSOF:
1906 if (c == GSM0_SOF) {
1907 gsm->state = GSM_SEARCH;
1908 break;
1909 }
e1eaea46
AC		 1910 break;
1911 }
1912}
1913
1914/**
c2f2f000 1915 * gsm1_receive - perform processing for non-transparency
e1eaea46
AC		 1916 * @gsm: gsm data for this ldisc instance
1917 * @c: character
1918 *
1919 * Receive bytes in mode 1 (Advanced option)
1920 */
1921
1922static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1923{
1924 if (c == GSM1_SOF) {
1925 /* EOF is only valid in frame if we have got to the data state
1926 and received at least one byte (the FCS) */
1927 if (gsm->state == GSM_DATA && gsm->count) {
1928 /* Extract the FCS */
1929 gsm->count--;
1930 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1931 gsm->len = gsm->count;
1932 gsm_queue(gsm);
1933 gsm->state = GSM_START;
1934 return;
1935 }
1936 /* Any partial frame was a runt so go back to start */
1937 if (gsm->state != GSM_START) {
1938 gsm->malformed++;
1939 gsm->state = GSM_START;
1940 }
1941 /* A SOF in GSM_START means we are still reading idling or
1942 framing bytes */
1943 return;
1944 }
1945
1946 if (c == GSM1_ESCAPE) {
1947 gsm->escape = 1;
1948 return;
1949 }
1950
1951 /* Only an unescaped SOF gets us out of GSM search */
1952 if (gsm->state == GSM_SEARCH)
1953 return;
1954
1955 if (gsm->escape) {
1956 c ^= GSM1_ESCAPE_BITS;
1957 gsm->escape = 0;
1958 }
1959 switch (gsm->state) {
1960 case GSM_START: /* First byte after SOF */
1961 gsm->address = 0;
1962 gsm->state = GSM_ADDRESS;
1963 gsm->fcs = INIT_FCS;
1964 /* Drop through */
1965 case GSM_ADDRESS: /* Address continuation */
1966 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1967 if (gsm_read_ea(&gsm->address, c))
1968 gsm->state = GSM_CONTROL;
1969 break;
1970 case GSM_CONTROL: /* Control Byte */
1971 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1972 gsm->control = c;
1973 gsm->count = 0;
1974 gsm->state = GSM_DATA;
1975 break;
1976 case GSM_DATA: /* Data */
5f9a31d6 1977 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
e1eaea46
AC		 1978 gsm->state = GSM_OVERRUN;
1979 gsm->bad_size++;
1980 } else
1981 gsm->buf[gsm->count++] = c;
1982 break;
1983 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
1984 break;
1985 }
1986}
1987
1988/**
1989 * gsm_error - handle tty error
1990 * @gsm: ldisc data
1991 * @data: byte received (may be invalid)
1992 * @flag: error received
1993 *
1994 * Handle an error in the receipt of data for a frame. Currently we just
1995 * go back to hunting for a SOF.
1996 *
1997 * FIXME: better diagnostics ?
1998 */
1999
2000static void gsm_error(struct gsm_mux *gsm,
2001 unsigned char data, unsigned char flag)
2002{
2003 gsm->state = GSM_SEARCH;
2004 gsm->io_error++;
2005}
2006
2007/**
2008 * gsm_cleanup_mux - generic GSM protocol cleanup
2009 * @gsm: our mux
2010 *
2011 * Clean up the bits of the mux which are the same for all framing
2012 * protocols. Remove the mux from the mux table, stop all the timers
2013 * and then shut down each device hanging up the channels as we go.
2014 */
2015
2016void gsm_cleanup_mux(struct gsm_mux *gsm)
2017{
2018 int i;
2019 struct gsm_dlci *dlci = gsm->dlci[0];
329e5678 2020 struct gsm_msg *txq, *ntxq;
f17141fd 2021 struct gsm_control *gc;
e1eaea46
AC		 2022
2023 gsm->dead = 1;
2024
2025 spin_lock(&gsm_mux_lock);
2026 for (i = 0; i < MAX_MUX; i++) {
2027 if (gsm_mux[i] == gsm) {
2028 gsm_mux[i] = NULL;
2029 break;
2030 }
2031 }
2032 spin_unlock(&gsm_mux_lock);
2033 WARN_ON(i == MAX_MUX);
2034
f17141fd
AC		 2035 /* In theory disconnecting DLCI 0 is sufficient but for some
2036 modems this is apparently not the case. */
2037 if (dlci) {
2038 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2039 if (gc)
2040 gsm_control_wait(gsm, gc);
2041 }
e1eaea46
AC		 2042 del_timer_sync(&gsm->t2_timer);
2043 /* Now we are sure T2 has stopped */
2044 if (dlci) {
2045 dlci->dead = 1;
2046 gsm_dlci_begin_close(dlci);
2047 wait_event_interruptible(gsm->event,
2048 dlci->state == DLCI_CLOSED);
2049 }
2050 /* Free up any link layer users */
2051 for (i = 0; i < NUM_DLCI; i++)
2052 if (gsm->dlci[i])
6ab8fba7 2053 gsm_dlci_release(gsm->dlci[i]);
e1eaea46 2054 /* Now wipe the queues */
b4338e1e 2055 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
e1eaea46 2056 kfree(txq);
b4338e1e 2057 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46
AC		 2058}
2059EXPORT_SYMBOL_GPL(gsm_cleanup_mux);
2060
2061/**
2062 * gsm_activate_mux - generic GSM setup
2063 * @gsm: our mux
2064 *
2065 * Set up the bits of the mux which are the same for all framing
2066 * protocols. Add the mux to the mux table so it can be opened and
2067 * finally kick off connecting to DLCI 0 on the modem.
2068 */
2069
2070int gsm_activate_mux(struct gsm_mux *gsm)
2071{
2072 struct gsm_dlci *dlci;
2073 int i = 0;
2074
2075 init_timer(&gsm->t2_timer);
2076 gsm->t2_timer.function = gsm_control_retransmit;
2077 gsm->t2_timer.data = (unsigned long)gsm;
2078 init_waitqueue_head(&gsm->event);
2079 spin_lock_init(&gsm->control_lock);
2080 spin_lock_init(&gsm->tx_lock);
2081
2082 if (gsm->encoding == 0)
2083 gsm->receive = gsm0_receive;
2084 else
2085 gsm->receive = gsm1_receive;
2086 gsm->error = gsm_error;
2087
2088 spin_lock(&gsm_mux_lock);
2089 for (i = 0; i < MAX_MUX; i++) {
2090 if (gsm_mux[i] == NULL) {
d50f6dca 2091 gsm->num = i;
e1eaea46
AC		 2092 gsm_mux[i] = gsm;
2093 break;
2094 }
2095 }
2096 spin_unlock(&gsm_mux_lock);
2097 if (i == MAX_MUX)
2098 return -EBUSY;
2099
2100 dlci = gsm_dlci_alloc(gsm, 0);
2101 if (dlci == NULL)
2102 return -ENOMEM;
2103 gsm->dead = 0; /* Tty opens are now permissible */
2104 return 0;
2105}
2106EXPORT_SYMBOL_GPL(gsm_activate_mux);
2107
2108/**
2109 * gsm_free_mux - free up a mux
2110 * @mux: mux to free
2111 *
6ab8fba7 2112 * Dispose of allocated resources for a dead mux
e1eaea46
AC		 2113 */
2114void gsm_free_mux(struct gsm_mux *gsm)
2115{
2116 kfree(gsm->txframe);
2117 kfree(gsm->buf);
2118 kfree(gsm);
2119}
2120EXPORT_SYMBOL_GPL(gsm_free_mux);
2121
6ab8fba7
RG		 2122/**
2123 * gsm_free_muxr - free up a mux
2124 * @mux: mux to free
2125 *
2126 * Dispose of allocated resources for a dead mux
2127 */
2128static void gsm_free_muxr(struct kref *ref)
2129{
2130 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2131 gsm_free_mux(gsm);
2132}
2133
2134static inline void mux_get(struct gsm_mux *gsm)
2135{
2136 kref_get(&gsm->ref);
2137}
2138
2139static inline void mux_put(struct gsm_mux *gsm)
2140{
2141 kref_put(&gsm->ref, gsm_free_muxr);
2142}
2143
e1eaea46
AC		 2144/**
2145 * gsm_alloc_mux - allocate a mux
2146 *
2147 * Creates a new mux ready for activation.
2148 */
2149
2150struct gsm_mux *gsm_alloc_mux(void)
2151{
2152 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2153 if (gsm == NULL)
2154 return NULL;
2155 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2156 if (gsm->buf == NULL) {
2157 kfree(gsm);
2158 return NULL;
2159 }
2160 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2161 if (gsm->txframe == NULL) {
2162 kfree(gsm->buf);
2163 kfree(gsm);
2164 return NULL;
2165 }
2166 spin_lock_init(&gsm->lock);
6ab8fba7 2167 kref_init(&gsm->ref);
b4338e1e 2168 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46
AC		 2169
2170 gsm->t1 = T1;
2171 gsm->t2 = T2;
2172 gsm->n2 = N2;
2173 gsm->ftype = UIH;
e1eaea46
AC		 2174 gsm->adaption = 1;
2175 gsm->encoding = 1;
2176 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2177 gsm->mtu = 64;
2178 gsm->dead = 1; /* Avoid early tty opens */
2179
2180 return gsm;
2181}
2182EXPORT_SYMBOL_GPL(gsm_alloc_mux);
2183
e1eaea46
AC		 2184/**
2185 * gsmld_output - write to link
2186 * @gsm: our mux
2187 * @data: bytes to output
2188 * @len: size
2189 *
2190 * Write a block of data from the GSM mux to the data channel. This
2191 * will eventually be serialized from above but at the moment isn't.
2192 */
2193
2194static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2195{
2196 if (tty_write_room(gsm->tty) < len) {
2197 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2198 return -ENOSPC;
2199 }
0a77c4f9
JP		 2200 if (debug & 4)
2201 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2202 data, len);
e1eaea46
AC		 2203 gsm->tty->ops->write(gsm->tty, data, len);
2204 return len;
2205}
2206
2207/**
2208 * gsmld_attach_gsm - mode set up
2209 * @tty: our tty structure
2210 * @gsm: our mux
2211 *
2212 * Set up the MUX for basic mode and commence connecting to the
2213 * modem. Currently called from the line discipline set up but
2214 * will need moving to an ioctl path.
2215 */
2216
2217static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2218{
d50f6dca
RG		 2219 int ret, i;
2220 int base = gsm->num << 6; /* Base for this MUX */
e1eaea46
AC		 2221
2222 gsm->tty = tty_kref_get(tty);
2223 gsm->output = gsmld_output;
2224 ret = gsm_activate_mux(gsm);
2225 if (ret != 0)
2226 tty_kref_put(gsm->tty);
d50f6dca
RG		 2227 else {
2228 /* Don't register device 0 - this is the control channel and not
2229 a usable tty interface */
2230 for (i = 1; i < NUM_DLCI; i++)
2231 tty_register_device(gsm_tty_driver, base + i, NULL);
2232 }
e1eaea46
AC		 2233 return ret;
2234}
2235
2236
2237/**
2238 * gsmld_detach_gsm - stop doing 0710 mux
70f23fd6 2239 * @tty: tty attached to the mux
e1eaea46
AC		 2240 * @gsm: mux
2241 *
2242 * Shutdown and then clean up the resources used by the line discipline
2243 */
2244
2245static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2246{
d50f6dca
RG		 2247 int i;
2248 int base = gsm->num << 6; /* Base for this MUX */
2249
e1eaea46 2250 WARN_ON(tty != gsm->tty);
d50f6dca
RG		 2251 for (i = 1; i < NUM_DLCI; i++)
2252 tty_unregister_device(gsm_tty_driver, base + i);
e1eaea46
AC		 2253 gsm_cleanup_mux(gsm);
2254 tty_kref_put(gsm->tty);
2255 gsm->tty = NULL;
2256}
2257
55db4c64
LT		 2258static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2259 char *fp, int count)
e1eaea46
AC		 2260{
2261 struct gsm_mux *gsm = tty->disc_data;
2262 const unsigned char *dp;
2263 char *f;
2264 int i;
2265 char buf[64];
2266 char flags;
2267
0a77c4f9
JP		 2268 if (debug & 4)
2269 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2270 cp, count);
e1eaea46
AC		 2271
2272 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2273 flags = *f++;
2274 switch (flags) {
2275 case TTY_NORMAL:
2276 gsm->receive(gsm, *dp);
2277 break;
2278 case TTY_OVERRUN:
2279 case TTY_BREAK:
2280 case TTY_PARITY:
2281 case TTY_FRAME:
2282 gsm->error(gsm, *dp, flags);
2283 break;
2284 default:
c01af4fe 2285 WARN_ONCE(1, "%s: unknown flag %d\n",
e1eaea46
AC		 2286 tty_name(tty, buf), flags);
2287 break;
2288 }
2289 }
2290 /* FASYNC if needed ? */
2291 /* If clogged call tty_throttle(tty); */
2292}
2293
2294/**
2295 * gsmld_chars_in_buffer - report available bytes
2296 * @tty: tty device
2297 *
2298 * Report the number of characters buffered to be delivered to user
2299 * at this instant in time.
2300 *
2301 * Locking: gsm lock
2302 */
2303
2304static ssize_t gsmld_chars_in_buffer(struct tty_struct *tty)
2305{
2306 return 0;
2307}
2308
2309/**
2310 * gsmld_flush_buffer - clean input queue
2311 * @tty: terminal device
2312 *
2313 * Flush the input buffer. Called when the line discipline is
2314 * being closed, when the tty layer wants the buffer flushed (eg
2315 * at hangup).
2316 */
2317
2318static void gsmld_flush_buffer(struct tty_struct *tty)
2319{
2320}
2321
2322/**
2323 * gsmld_close - close the ldisc for this tty
2324 * @tty: device
2325 *
2326 * Called from the terminal layer when this line discipline is
2327 * being shut down, either because of a close or becsuse of a
2328 * discipline change. The function will not be called while other
2329 * ldisc methods are in progress.
2330 */
2331
2332static void gsmld_close(struct tty_struct *tty)
2333{
2334 struct gsm_mux *gsm = tty->disc_data;
2335
2336 gsmld_detach_gsm(tty, gsm);
2337
2338 gsmld_flush_buffer(tty);
2339 /* Do other clean up here */
6ab8fba7 2340 mux_put(gsm);
e1eaea46
AC		 2341}
2342
2343/**
2344 * gsmld_open - open an ldisc
2345 * @tty: terminal to open
2346 *
2347 * Called when this line discipline is being attached to the
2348 * terminal device. Can sleep. Called serialized so that no
2349 * other events will occur in parallel. No further open will occur
2350 * until a close.
2351 */
2352
2353static int gsmld_open(struct tty_struct *tty)
2354{
2355 struct gsm_mux *gsm;
2356
2357 if (tty->ops->write == NULL)
2358 return -EINVAL;
2359
2360 /* Attach our ldisc data */
2361 gsm = gsm_alloc_mux();
2362 if (gsm == NULL)
2363 return -ENOMEM;
2364
2365 tty->disc_data = gsm;
2366 tty->receive_room = 65536;
2367
2368 /* Attach the initial passive connection */
2369 gsm->encoding = 1;
2370 return gsmld_attach_gsm(tty, gsm);
2371}
2372
2373/**
2374 * gsmld_write_wakeup - asynchronous I/O notifier
2375 * @tty: tty device
2376 *
2377 * Required for the ptys, serial driver etc. since processes
2378 * that attach themselves to the master and rely on ASYNC
2379 * IO must be woken up
2380 */
2381
2382static void gsmld_write_wakeup(struct tty_struct *tty)
2383{
2384 struct gsm_mux *gsm = tty->disc_data;
328be395 2385 unsigned long flags;
e1eaea46
AC		 2386
2387 /* Queue poll */
2388 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
5e44708f 2389 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 2390 gsm_data_kick(gsm);
328be395 2391 if (gsm->tx_bytes < TX_THRESH_LO) {
e1eaea46 2392 gsm_dlci_data_sweep(gsm);
328be395 2393 }
5e44708f 2394 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46
AC		 2395}
2396
2397/**
2398 * gsmld_read - read function for tty
2399 * @tty: tty device
2400 * @file: file object
2401 * @buf: userspace buffer pointer
2402 * @nr: size of I/O
2403 *
2404 * Perform reads for the line discipline. We are guaranteed that the
2405 * line discipline will not be closed under us but we may get multiple
2406 * parallel readers and must handle this ourselves. We may also get
2407 * a hangup. Always called in user context, may sleep.
2408 *
2409 * This code must be sure never to sleep through a hangup.
2410 */
2411
2412static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2413 unsigned char __user *buf, size_t nr)
2414{
2415 return -EOPNOTSUPP;
2416}
2417
2418/**
2419 * gsmld_write - write function for tty
2420 * @tty: tty device
2421 * @file: file object
2422 * @buf: userspace buffer pointer
2423 * @nr: size of I/O
2424 *
2425 * Called when the owner of the device wants to send a frame
2426 * itself (or some other control data). The data is transferred
2427 * as-is and must be properly framed and checksummed as appropriate
2428 * by userspace. Frames are either sent whole or not at all as this
2429 * avoids pain user side.
2430 */
2431
2432static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2433 const unsigned char *buf, size_t nr)
2434{
2435 int space = tty_write_room(tty);
2436 if (space >= nr)
2437 return tty->ops->write(tty, buf, nr);
2438 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2439 return -ENOBUFS;
2440}
2441
2442/**
2443 * gsmld_poll - poll method for N_GSM0710
2444 * @tty: terminal device
2445 * @file: file accessing it
2446 * @wait: poll table
2447 *
2448 * Called when the line discipline is asked to poll() for data or
2449 * for special events. This code is not serialized with respect to
2450 * other events save open/close.
2451 *
2452 * This code must be sure never to sleep through a hangup.
2453 * Called without the kernel lock held - fine
2454 */
2455
2456static unsigned int gsmld_poll(struct tty_struct *tty, struct file *file,
2457 poll_table *wait)
2458{
2459 unsigned int mask = 0;
2460 struct gsm_mux *gsm = tty->disc_data;
2461
2462 poll_wait(file, &tty->read_wait, wait);
2463 poll_wait(file, &tty->write_wait, wait);
2464 if (tty_hung_up_p(file))
2465 mask |= POLLHUP;
2466 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2467 mask |= POLLOUT | POLLWRNORM;
2468 if (gsm->dead)
2469 mask |= POLLHUP;
2470 return mask;
2471}
2472
2473static int gsmld_config(struct tty_struct *tty, struct gsm_mux *gsm,
2474 struct gsm_config *c)
2475{
2476 int need_close = 0;
2477 int need_restart = 0;
2478
2479 /* Stuff we don't support yet - UI or I frame transport, windowing */
5f9a31d6 2480 if ((c->adaption != 1 && c->adaption != 2) || c->k)
e1eaea46
AC		 2481 return -EOPNOTSUPP;
2482 /* Check the MRU/MTU range looks sane */
2483 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2484 return -EINVAL;
2485 if (c->n2 < 3)
2486 return -EINVAL;
2487 if (c->encapsulation > 1) /* Basic, advanced, no I */
2488 return -EINVAL;
2489 if (c->initiator > 1)
2490 return -EINVAL;
2491 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2492 return -EINVAL;
2493 /*
2494 * See what is needed for reconfiguration
2495 */
2496
2497 /* Timing fields */
2498 if (c->t1 != 0 && c->t1 != gsm->t1)
2499 need_restart = 1;
2500 if (c->t2 != 0 && c->t2 != gsm->t2)
2501 need_restart = 1;
2502 if (c->encapsulation != gsm->encoding)
2503 need_restart = 1;
2504 if (c->adaption != gsm->adaption)
2505 need_restart = 1;
2506 /* Requires care */
2507 if (c->initiator != gsm->initiator)
2508 need_close = 1;
2509 if (c->mru != gsm->mru)
2510 need_restart = 1;
2511 if (c->mtu != gsm->mtu)
2512 need_restart = 1;
2513
2514 /*
2515 * Close down what is needed, restart and initiate the new
2516 * configuration
2517 */
2518
2519 if (need_close || need_restart) {
2520 gsm_dlci_begin_close(gsm->dlci[0]);
2521 /* This will timeout if the link is down due to N2 expiring */
2522 wait_event_interruptible(gsm->event,
2523 gsm->dlci[0]->state == DLCI_CLOSED);
2524 if (signal_pending(current))
2525 return -EINTR;
2526 }
2527 if (need_restart)
2528 gsm_cleanup_mux(gsm);
2529
2530 gsm->initiator = c->initiator;
2531 gsm->mru = c->mru;
91f78f36 2532 gsm->mtu = c->mtu;
e1eaea46
AC		 2533 gsm->encoding = c->encapsulation;
2534 gsm->adaption = c->adaption;
820e62ef 2535 gsm->n2 = c->n2;
e1eaea46
AC		 2536
2537 if (c->i == 1)
2538 gsm->ftype = UIH;
2539 else if (c->i == 2)
2540 gsm->ftype = UI;
2541
2542 if (c->t1)
2543 gsm->t1 = c->t1;
2544 if (c->t2)
2545 gsm->t2 = c->t2;
2546
2547 /* FIXME: We need to separate activation/deactivation from adding
2548 and removing from the mux array */
2549 if (need_restart)
2550 gsm_activate_mux(gsm);
2551 if (gsm->initiator && need_close)
2552 gsm_dlci_begin_open(gsm->dlci[0]);
2553 return 0;
2554}
2555
2556static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2557 unsigned int cmd, unsigned long arg)
2558{
2559 struct gsm_config c;
2560 struct gsm_mux *gsm = tty->disc_data;
2561
2562 switch (cmd) {
2563 case GSMIOC_GETCONF:
2564 memset(&c, 0, sizeof(c));
2565 c.adaption = gsm->adaption;
2566 c.encapsulation = gsm->encoding;
2567 c.initiator = gsm->initiator;
2568 c.t1 = gsm->t1;
2569 c.t2 = gsm->t2;
2570 c.t3 = 0; /* Not supported */
2571 c.n2 = gsm->n2;
2572 if (gsm->ftype == UIH)
2573 c.i = 1;
2574 else
2575 c.i = 2;
5f9a31d6 2576 pr_debug("Ftype %d i %d\n", gsm->ftype, c.i);
e1eaea46
AC		 2577 c.mru = gsm->mru;
2578 c.mtu = gsm->mtu;
2579 c.k = 0;
2580 if (copy_to_user((void *)arg, &c, sizeof(c)))
2581 return -EFAULT;
2582 return 0;
2583 case GSMIOC_SETCONF:
2584 if (copy_from_user(&c, (void *)arg, sizeof(c)))
2585 return -EFAULT;
2586 return gsmld_config(tty, gsm, &c);
2587 default:
2588 return n_tty_ioctl_helper(tty, file, cmd, arg);
2589 }
2590}
2591
bcd5abe2
RG		 2592/*
2593 * Network interface
2594 *
2595 */
2596
2597static int gsm_mux_net_open(struct net_device *net)
2598{
2599 pr_debug("%s called\n", __func__);
2600 netif_start_queue(net);
2601 return 0;
2602}
2603
2604static int gsm_mux_net_close(struct net_device *net)
2605{
2606 netif_stop_queue(net);
2607 return 0;
2608}
2609
2610static struct net_device_stats *gsm_mux_net_get_stats(struct net_device *net)
2611{
2612 return &((struct gsm_mux_net *)netdev_priv(net))->stats;
2613}
2614static void dlci_net_free(struct gsm_dlci *dlci)
2615{
2616 if (!dlci->net) {
2617 WARN_ON(1);
2618 return;
2619 }
2620 dlci->adaption = dlci->prev_adaption;
2621 dlci->data = dlci->prev_data;
2622 free_netdev(dlci->net);
2623 dlci->net = NULL;
2624}
2625static void net_free(struct kref *ref)
2626{
2627 struct gsm_mux_net *mux_net;
2628 struct gsm_dlci *dlci;
2629
2630 mux_net = container_of(ref, struct gsm_mux_net, ref);
2631 dlci = mux_net->dlci;
2632
2633 if (dlci->net) {
2634 unregister_netdev(dlci->net);
2635 dlci_net_free(dlci);
2636 }
2637}
2638
6ab8fba7
RG		 2639static inline void muxnet_get(struct gsm_mux_net *mux_net)
2640{
2641 kref_get(&mux_net->ref);
2642}
2643
2644static inline void muxnet_put(struct gsm_mux_net *mux_net)
2645{
2646 kref_put(&mux_net->ref, net_free);
2647}
2648
bcd5abe2
RG		 2649static int gsm_mux_net_start_xmit(struct sk_buff *skb,
2650 struct net_device *net)
2651{
2652 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2653 struct gsm_dlci *dlci = mux_net->dlci;
6ab8fba7 2654 muxnet_get(mux_net);
bcd5abe2
RG		 2655
2656 skb_queue_head(&dlci->skb_list, skb);
2657 STATS(net).tx_packets++;
2658 STATS(net).tx_bytes += skb->len;
2659 gsm_dlci_data_kick(dlci);
2660 /* And tell the kernel when the last transmit started. */
2661 net->trans_start = jiffies;
6ab8fba7 2662 muxnet_put(mux_net);
bcd5abe2
RG		 2663 return NETDEV_TX_OK;
2664}
2665
2666/* called when a packet did not ack after watchdogtimeout */
2667static void gsm_mux_net_tx_timeout(struct net_device *net)
2668{
2669 /* Tell syslog we are hosed. */
2670 dev_dbg(&net->dev, "Tx timed out.\n");
2671
2672 /* Update statistics */
2673 STATS(net).tx_errors++;
2674}
2675
2676static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2677 unsigned char *in_buf, int size)
2678{
2679 struct net_device *net = dlci->net;
2680 struct sk_buff *skb;
2681 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
6ab8fba7 2682 muxnet_get(mux_net);
bcd5abe2
RG		 2683
2684 /* Allocate an sk_buff */
2685 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2686 if (!skb) {
2687 /* We got no receive buffer. */
2688 STATS(net).rx_dropped++;
6ab8fba7 2689 muxnet_put(mux_net);
bcd5abe2
RG		 2690 return;
2691 }
2692 skb_reserve(skb, NET_IP_ALIGN);
2693 memcpy(skb_put(skb, size), in_buf, size);
2694
2695 skb->dev = net;
2696 skb->protocol = __constant_htons(ETH_P_IP);
2697
2698 /* Ship it off to the kernel */
2699 netif_rx(skb);
2700
2701 /* update out statistics */
2702 STATS(net).rx_packets++;
2703 STATS(net).rx_bytes += size;
6ab8fba7 2704 muxnet_put(mux_net);
bcd5abe2
RG		 2705 return;
2706}
2707
2708int gsm_change_mtu(struct net_device *net, int new_mtu)
2709{
2710 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2711 if ((new_mtu < 8) || (new_mtu > mux_net->dlci->gsm->mtu))
2712 return -EINVAL;
2713 net->mtu = new_mtu;
2714 return 0;
2715}
2716
2717static void gsm_mux_net_init(struct net_device *net)
2718{
2719 static const struct net_device_ops gsm_netdev_ops = {
2720 .ndo_open = gsm_mux_net_open,
2721 .ndo_stop = gsm_mux_net_close,
2722 .ndo_start_xmit = gsm_mux_net_start_xmit,
2723 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2724 .ndo_get_stats = gsm_mux_net_get_stats,
2725 .ndo_change_mtu = gsm_change_mtu,
2726 };
2727
2728 net->netdev_ops = &gsm_netdev_ops;
2729
2730 /* fill in the other fields */
2731 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2732 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2733 net->type = ARPHRD_NONE;
2734 net->tx_queue_len = 10;
2735}
2736
2737
2738/* caller holds the dlci mutex */
2739static void gsm_destroy_network(struct gsm_dlci *dlci)
2740{
2741 struct gsm_mux_net *mux_net;
2742
2743 pr_debug("destroy network interface");
2744 if (!dlci->net)
2745 return;
2746 mux_net = (struct gsm_mux_net *)netdev_priv(dlci->net);
6ab8fba7 2747 muxnet_put(mux_net);
bcd5abe2
RG		 2748}
2749
2750
2751/* caller holds the dlci mutex */
2752static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2753{
2754 char *netname;
2755 int retval = 0;
2756 struct net_device *net;
2757 struct gsm_mux_net *mux_net;
2758
2759 if (!capable(CAP_NET_ADMIN))
2760 return -EPERM;
2761
2762 /* Already in a non tty mode */
2763 if (dlci->adaption > 2)
2764 return -EBUSY;
2765
2766 if (nc->protocol != htons(ETH_P_IP))
2767 return -EPROTONOSUPPORT;
2768
2769 if (nc->adaption != 3 && nc->adaption != 4)
2770 return -EPROTONOSUPPORT;
2771
2772 pr_debug("create network interface");
2773
2774 netname = "gsm%d";
2775 if (nc->if_name[0] != '\0')
2776 netname = nc->if_name;
2777 net = alloc_netdev(sizeof(struct gsm_mux_net),
2778 netname,
2779 gsm_mux_net_init);
2780 if (!net) {
2781 pr_err("alloc_netdev failed");
2782 return -ENOMEM;
2783 }
2784 net->mtu = dlci->gsm->mtu;
2785 mux_net = (struct gsm_mux_net *)netdev_priv(net);
2786 mux_net->dlci = dlci;
2787 kref_init(&mux_net->ref);
2788 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2789
2790 /* reconfigure dlci for network */
2791 dlci->prev_adaption = dlci->adaption;
2792 dlci->prev_data = dlci->data;
2793 dlci->adaption = nc->adaption;
2794 dlci->data = gsm_mux_rx_netchar;
2795 dlci->net = net;
2796
2797 pr_debug("register netdev");
2798 retval = register_netdev(net);
2799 if (retval) {
2800 pr_err("network register fail %d\n", retval);
2801 dlci_net_free(dlci);
2802 return retval;
2803 }
2804 return net->ifindex; /* return network index */
2805}
e1eaea46
AC		 2806
2807/* Line discipline for real tty */
2808struct tty_ldisc_ops tty_ldisc_packet = {
2809 .owner = THIS_MODULE,
2810 .magic = TTY_LDISC_MAGIC,
2811 .name = "n_gsm",
2812 .open = gsmld_open,
2813 .close = gsmld_close,
2814 .flush_buffer = gsmld_flush_buffer,
2815 .chars_in_buffer = gsmld_chars_in_buffer,
2816 .read = gsmld_read,
2817 .write = gsmld_write,
2818 .ioctl = gsmld_ioctl,
2819 .poll = gsmld_poll,
2820 .receive_buf = gsmld_receive_buf,
2821 .write_wakeup = gsmld_write_wakeup
2822};
2823
2824/*
2825 * Virtual tty side
2826 */
2827
2828#define TX_SIZE 512
2829
2830static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2831{
2832 u8 modembits[5];
2833 struct gsm_control *ctrl;
2834 int len = 2;
2835
2836 if (brk)
2837 len++;
2838
2839 modembits[0] = len << 1 | EA; /* Data bytes */
2840 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */
2841 modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2842 if (brk)
2843 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */
2844 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2845 if (ctrl == NULL)
2846 return -ENOMEM;
2847 return gsm_control_wait(dlci->gsm, ctrl);
2848}
2849
2850static int gsm_carrier_raised(struct tty_port *port)
2851{
2852 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2853 /* Not yet open so no carrier info */
2854 if (dlci->state != DLCI_OPEN)
2855 return 0;
2856 if (debug & 2)
2857 return 1;
2858 return dlci->modem_rx & TIOCM_CD;
2859}
2860
2861static void gsm_dtr_rts(struct tty_port *port, int onoff)
2862{
2863 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2864 unsigned int modem_tx = dlci->modem_tx;
2865 if (onoff)
2866 modem_tx |= TIOCM_DTR | TIOCM_RTS;
2867 else
2868 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2869 if (modem_tx != dlci->modem_tx) {
2870 dlci->modem_tx = modem_tx;
2871 gsmtty_modem_update(dlci, 0);
2872 }
2873}
2874
2875static const struct tty_port_operations gsm_port_ops = {
2876 .carrier_raised = gsm_carrier_raised,
2877 .dtr_rts = gsm_dtr_rts,
9a8e62bc 2878 .destruct = gsm_dlci_free,
e1eaea46
AC		 2879};
2880
86176ed9 2881static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
e1eaea46
AC		 2882{
2883 struct gsm_mux *gsm;
2884 struct gsm_dlci *dlci;
e1eaea46
AC		 2885 unsigned int line = tty->index;
2886 unsigned int mux = line >> 6;
86176ed9
JS		 2887 bool alloc = false;
2888 int ret;
e1eaea46
AC		 2889
2890 line = line & 0x3F;
2891
2892 if (mux >= MAX_MUX)
2893 return -ENXIO;
2894 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2895 if (gsm_mux[mux] == NULL)
2896 return -EUNATCH;
2897 if (line == 0 || line > 61) /* 62/63 reserved */
2898 return -ECHRNG;
2899 gsm = gsm_mux[mux];
2900 if (gsm->dead)
2901 return -EL2HLT;
7e8ac7b2 2902 /* If DLCI 0 is not yet fully open return an error. This is ok from a locking
2903 perspective as we don't have to worry about this if DLCI0 is lost */
2904 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN)
2905 return -EL2NSYNC;
e1eaea46 2906 dlci = gsm->dlci[line];
86176ed9
JS		 2907 if (dlci == NULL) {
2908 alloc = true;
e1eaea46 2909 dlci = gsm_dlci_alloc(gsm, line);
86176ed9 2910 }
e1eaea46
AC		 2911 if (dlci == NULL)
2912 return -ENOMEM;
86176ed9
JS		 2913 ret = tty_port_install(&dlci->port, driver, tty);
2914 if (ret) {
2915 if (alloc)
2916 dlci_put(dlci);
2917 return ret;
2918 }
2919
e1eaea46 2920 tty->driver_data = dlci;
86176ed9
JS		 2921
2922 return 0;
2923}
2924
2925static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2926{
2927 struct gsm_dlci *dlci = tty->driver_data;
2928 struct tty_port *port = &dlci->port;
2929
2930 port->count++;
6ab8fba7
RG		 2931 dlci_get(dlci);
2932 dlci_get(dlci->gsm->dlci[0]);
2933 mux_get(dlci->gsm);
e1eaea46
AC		 2934 tty_port_tty_set(port, tty);
2935
2936 dlci->modem_rx = 0;
2937 /* We could in theory open and close before we wait - eg if we get
2938 a DM straight back. This is ok as that will have caused a hangup */
2939 set_bit(ASYNCB_INITIALIZED, &port->flags);
2940 /* Start sending off SABM messages */
2941 gsm_dlci_begin_open(dlci);
2942 /* And wait for virtual carrier */
2943 return tty_port_block_til_ready(port, tty, filp);
2944}
2945
2946static void gsmtty_close(struct tty_struct *tty, struct file *filp)
2947{
2948 struct gsm_dlci *dlci = tty->driver_data;
6ab8fba7
RG		 2949 struct gsm_mux *gsm;
2950
e1eaea46
AC		 2951 if (dlci == NULL)
2952 return;
bcd5abe2
RG		 2953 mutex_lock(&dlci->mutex);
2954 gsm_destroy_network(dlci);
2955 mutex_unlock(&dlci->mutex);
6ab8fba7 2956 gsm = dlci->gsm;
e1eaea46 2957 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
6ab8fba7 2958 goto out;
e1eaea46
AC		 2959 gsm_dlci_begin_close(dlci);
2960 tty_port_close_end(&dlci->port, tty);
2961 tty_port_tty_set(&dlci->port, NULL);
6ab8fba7
RG		 2962out:
2963 dlci_put(dlci);
2964 dlci_put(gsm->dlci[0]);
2965 mux_put(gsm);
e1eaea46
AC		 2966}
2967
2968static void gsmtty_hangup(struct tty_struct *tty)
2969{
2970 struct gsm_dlci *dlci = tty->driver_data;
2971 tty_port_hangup(&dlci->port);
2972 gsm_dlci_begin_close(dlci);
2973}
2974
2975static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
2976 int len)
2977{
2978 struct gsm_dlci *dlci = tty->driver_data;
2979 /* Stuff the bytes into the fifo queue */
2980 int sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock);
2981 /* Need to kick the channel */
2982 gsm_dlci_data_kick(dlci);
2983 return sent;
2984}
2985
2986static int gsmtty_write_room(struct tty_struct *tty)
2987{
2988 struct gsm_dlci *dlci = tty->driver_data;
2989 return TX_SIZE - kfifo_len(dlci->fifo);
2990}
2991
2992static int gsmtty_chars_in_buffer(struct tty_struct *tty)
2993{
2994 struct gsm_dlci *dlci = tty->driver_data;
2995 return kfifo_len(dlci->fifo);
2996}
2997
2998static void gsmtty_flush_buffer(struct tty_struct *tty)
2999{
3000 struct gsm_dlci *dlci = tty->driver_data;
3001 /* Caution needed: If we implement reliable transport classes
3002 then the data being transmitted can't simply be junked once
3003 it has first hit the stack. Until then we can just blow it
3004 away */
3005 kfifo_reset(dlci->fifo);
3006 /* Need to unhook this DLCI from the transmit queue logic */
3007}
3008
3009static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3010{
3011 /* The FIFO handles the queue so the kernel will do the right
3012 thing waiting on chars_in_buffer before calling us. No work
3013 to do here */
3014}
3015
60b33c13 3016static int gsmtty_tiocmget(struct tty_struct *tty)
e1eaea46
AC		 3017{
3018 struct gsm_dlci *dlci = tty->driver_data;
3019 return dlci->modem_rx;
3020}
3021
20b9d177 3022static int gsmtty_tiocmset(struct tty_struct *tty,
e1eaea46
AC		 3023 unsigned int set, unsigned int clear)
3024{
3025 struct gsm_dlci *dlci = tty->driver_data;
3026 unsigned int modem_tx = dlci->modem_tx;
3027
cf16807b 3028 modem_tx &= ~clear;
e1eaea46
AC		 3029 modem_tx |= set;
3030
3031 if (modem_tx != dlci->modem_tx) {
3032 dlci->modem_tx = modem_tx;
3033 return gsmtty_modem_update(dlci, 0);
3034 }
3035 return 0;
3036}
3037
3038
6caa76b7 3039static int gsmtty_ioctl(struct tty_struct *tty,
e1eaea46
AC		 3040 unsigned int cmd, unsigned long arg)
3041{
bcd5abe2
RG		 3042 struct gsm_dlci *dlci = tty->driver_data;
3043 struct gsm_netconfig nc;
3044 int index;
3045
3046 switch (cmd) {
3047 case GSMIOC_ENABLE_NET:
3048 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3049 return -EFAULT;
3050 nc.if_name[IFNAMSIZ-1] = '\0';
3051 /* return net interface index or error code */
3052 mutex_lock(&dlci->mutex);
3053 index = gsm_create_network(dlci, &nc);
3054 mutex_unlock(&dlci->mutex);
3055 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3056 return -EFAULT;
3057 return index;
3058 case GSMIOC_DISABLE_NET:
3059 if (!capable(CAP_NET_ADMIN))
3060 return -EPERM;
3061 mutex_lock(&dlci->mutex);
3062 gsm_destroy_network(dlci);
3063 mutex_unlock(&dlci->mutex);
3064 return 0;
3065 default:
3066 return -ENOIOCTLCMD;
3067 }
e1eaea46
AC		 3068}
3069
3070static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3071{
3072 /* For the moment its fixed. In actual fact the speed information
3073 for the virtual channel can be propogated in both directions by
3074 the RPN control message. This however rapidly gets nasty as we
3075 then have to remap modem signals each way according to whether
3076 our virtual cable is null modem etc .. */
adc8d746 3077 tty_termios_copy_hw(&tty->termios, old);
e1eaea46
AC		 3078}
3079
3080static void gsmtty_throttle(struct tty_struct *tty)
3081{
3082 struct gsm_dlci *dlci = tty->driver_data;
adc8d746 3083 if (tty->termios.c_cflag & CRTSCTS)
e1eaea46
AC		 3084 dlci->modem_tx &= ~TIOCM_DTR;
3085 dlci->throttled = 1;
3086 /* Send an MSC with DTR cleared */
3087 gsmtty_modem_update(dlci, 0);
3088}
3089
3090static void gsmtty_unthrottle(struct tty_struct *tty)
3091{
3092 struct gsm_dlci *dlci = tty->driver_data;
adc8d746 3093 if (tty->termios.c_cflag & CRTSCTS)
e1eaea46
AC		 3094 dlci->modem_tx |= TIOCM_DTR;
3095 dlci->throttled = 0;
3096 /* Send an MSC with DTR set */
3097 gsmtty_modem_update(dlci, 0);
3098}
3099
3100static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3101{
3102 struct gsm_dlci *dlci = tty->driver_data;
3103 int encode = 0; /* Off */
3104
3105 if (state == -1) /* "On indefinitely" - we can't encode this
3106 properly */
3107 encode = 0x0F;
3108 else if (state > 0) {
3109 encode = state / 200; /* mS to encoding */
3110 if (encode > 0x0F)
3111 encode = 0x0F; /* Best effort */
3112 }
3113 return gsmtty_modem_update(dlci, encode);
3114}
3115
e1eaea46
AC		 3116
3117/* Virtual ttys for the demux */
3118static const struct tty_operations gsmtty_ops = {
86176ed9 3119 .install = gsmtty_install,
e1eaea46
AC		 3120 .open = gsmtty_open,
3121 .close = gsmtty_close,
3122 .write = gsmtty_write,
3123 .write_room = gsmtty_write_room,
3124 .chars_in_buffer = gsmtty_chars_in_buffer,
3125 .flush_buffer = gsmtty_flush_buffer,
3126 .ioctl = gsmtty_ioctl,
3127 .throttle = gsmtty_throttle,
3128 .unthrottle = gsmtty_unthrottle,
3129 .set_termios = gsmtty_set_termios,
3130 .hangup = gsmtty_hangup,
3131 .wait_until_sent = gsmtty_wait_until_sent,
3132 .tiocmget = gsmtty_tiocmget,
3133 .tiocmset = gsmtty_tiocmset,
3134 .break_ctl = gsmtty_break_ctl,
3135};
3136
3137
3138
3139static int __init gsm_init(void)
3140{
3141 /* Fill in our line protocol discipline, and register it */
3142 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3143 if (status != 0) {
5f9a31d6
AC		 3144 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3145 status);
e1eaea46
AC		 3146 return status;
3147 }
3148
3149 gsm_tty_driver = alloc_tty_driver(256);
3150 if (!gsm_tty_driver) {
3151 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3152 pr_err("gsm_init: tty allocation failed.\n");
e1eaea46
AC		 3153 return -EINVAL;
3154 }
e1eaea46
AC		 3155 gsm_tty_driver->driver_name = "gsmtty";
3156 gsm_tty_driver->name = "gsmtty";
3157 gsm_tty_driver->major = 0; /* Dynamic */
3158 gsm_tty_driver->minor_start = 0;
3159 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3160 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3161 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
5f9a31d6 3162 | TTY_DRIVER_HARDWARE_BREAK;
e1eaea46
AC		 3163 gsm_tty_driver->init_termios = tty_std_termios;
3164 /* Fixme */
3165 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3166 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3167
3168 spin_lock_init(&gsm_mux_lock);
3169
3170 if (tty_register_driver(gsm_tty_driver)) {
3171 put_tty_driver(gsm_tty_driver);
3172 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3173 pr_err("gsm_init: tty registration failed.\n");
e1eaea46
AC		 3174 return -EBUSY;
3175 }
5f9a31d6
AC		 3176 pr_debug("gsm_init: loaded as %d,%d.\n",
3177 gsm_tty_driver->major, gsm_tty_driver->minor_start);
e1eaea46
AC		 3178 return 0;
3179}
3180
3181static void __exit gsm_exit(void)
3182{
3183 int status = tty_unregister_ldisc(N_GSM0710);
3184 if (status != 0)
5f9a31d6
AC		 3185 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3186 status);
e1eaea46
AC		 3187 tty_unregister_driver(gsm_tty_driver);
3188 put_tty_driver(gsm_tty_driver);
e1eaea46
AC		 3189}
3190
3191module_init(gsm_init);
3192module_exit(gsm_exit);
3193
3194
3195MODULE_LICENSE("GPL");
3196MODULE_ALIAS_LDISC(N_GSM0710);
Ubuntu Artful kernel mirror