]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - drivers/tty/n_gsm.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty/n_gsm: fix a bug in gsm_dlci_data_output (adaption = 2 case)
[mirror_ubuntu-artful-kernel.git] / drivers / tty / n_gsm.c
CommitLineData
e1eaea46
AC		 1/*
2 * n_gsm.c GSM 0710 tty multiplexor
3 * Copyright (c) 2009/10 Intel Corporation
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
19 *
20 * TO DO:
21 * Mostly done: ioctls for setting modes/timing
5f9a31d6 22 * Partly done: hooks so you can pull off frames to non tty devs
e1eaea46 23 * Restart DLCI 0 when it closes ?
e1eaea46
AC		 24 * Improve the tx engine
25 * Resolve tx side locking by adding a queue_head and routing
26 * all control traffic via it
27 * General tidy/document
28 * Review the locking/move to refcounts more (mux now moved to an
29 * alloc/free model ready)
30 * Use newest tty open/close port helpers and install hooks
31 * What to do about power functions ?
32 * Termios setting and negotiation
33 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
34 *
35 */
36
37#include <linux/types.h>
38#include <linux/major.h>
39#include <linux/errno.h>
40#include <linux/signal.h>
41#include <linux/fcntl.h>
42#include <linux/sched.h>
43#include <linux/interrupt.h>
44#include <linux/tty.h>
e1eaea46
AC		 45#include <linux/ctype.h>
46#include <linux/mm.h>
47#include <linux/string.h>
48#include <linux/slab.h>
49#include <linux/poll.h>
50#include <linux/bitops.h>
51#include <linux/file.h>
52#include <linux/uaccess.h>
53#include <linux/module.h>
54#include <linux/timer.h>
55#include <linux/tty_flip.h>
56#include <linux/tty_driver.h>
57#include <linux/serial.h>
58#include <linux/kfifo.h>
59#include <linux/skbuff.h>
bcd5abe2
RG		 60#include <net/arp.h>
61#include <linux/ip.h>
62#include <linux/netdevice.h>
63#include <linux/etherdevice.h>
e1eaea46
AC		 64#include <linux/gsmmux.h>
65
66static int debug;
67module_param(debug, int, 0600);
68
69#define T1 (HZ/10)
70#define T2 (HZ/3)
71#define N2 3
72
73/* Use long timers for testing at low speed with debug on */
74#ifdef DEBUG_TIMING
75#define T1 HZ
76#define T2 (2 * HZ)
77#endif
78
5f9a31d6 79/*
25985edc 80 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
5f9a31d6
AC		 81 * limits so this is plenty
82 */
bcd5abe2
RG		 83#define MAX_MRU 1500
84#define MAX_MTU 1500
85#define GSM_NET_TX_TIMEOUT (HZ*10)
86
87/**
88 * struct gsm_mux_net - network interface
89 * @struct gsm_dlci* dlci
90 * @struct net_device_stats stats;
91 *
92 * Created when net interface is initialized.
93 **/
94struct gsm_mux_net {
95 struct kref ref;
96 struct gsm_dlci *dlci;
97 struct net_device_stats stats;
98};
99
100#define STATS(net) (((struct gsm_mux_net *)netdev_priv(net))->stats)
e1eaea46
AC		 101
102/*
103 * Each block of data we have queued to go out is in the form of
25985edc 104 * a gsm_msg which holds everything we need in a link layer independent
e1eaea46
AC		 105 * format
106 */
107
108struct gsm_msg {
109 struct gsm_msg *next;
110 u8 addr; /* DLCI address + flags */
111 u8 ctrl; /* Control byte + flags */
112 unsigned int len; /* Length of data block (can be zero) */
113 unsigned char *data; /* Points into buffer but not at the start */
114 unsigned char buffer[0];
115};
116
117/*
118 * Each active data link has a gsm_dlci structure associated which ties
119 * the link layer to an optional tty (if the tty side is open). To avoid
120 * complexity right now these are only ever freed up when the mux is
121 * shut down.
122 *
123 * At the moment we don't free DLCI objects until the mux is torn down
124 * this avoid object life time issues but might be worth review later.
125 */
126
127struct gsm_dlci {
128 struct gsm_mux *gsm;
129 int addr;
130 int state;
131#define DLCI_CLOSED 0
132#define DLCI_OPENING 1 /* Sending SABM not seen UA */
133#define DLCI_OPEN 2 /* SABM/UA complete */
134#define DLCI_CLOSING 3 /* Sending DISC not seen UA/DM */
6ab8fba7 135 struct kref ref; /* freed from port or mux close */
bcd5abe2 136 struct mutex mutex;
e1eaea46
AC		 137
138 /* Link layer */
139 spinlock_t lock; /* Protects the internal state */
140 struct timer_list t1; /* Retransmit timer for SABM and UA */
141 int retries;
142 /* Uplink tty if active */
143 struct tty_port port; /* The tty bound to this DLCI if there is one */
144 struct kfifo *fifo; /* Queue fifo for the DLCI */
145 struct kfifo _fifo; /* For new fifo API porting only */
146 int adaption; /* Adaption layer in use */
bcd5abe2 147 int prev_adaption;
e1eaea46
AC		 148 u32 modem_rx; /* Our incoming virtual modem lines */
149 u32 modem_tx; /* Our outgoing modem lines */
150 int dead; /* Refuse re-open */
151 /* Flow control */
152 int throttled; /* Private copy of throttle state */
153 int constipated; /* Throttle status for outgoing */
154 /* Packetised I/O */
155 struct sk_buff *skb; /* Frame being sent */
156 struct sk_buff_head skb_list; /* Queued frames */
157 /* Data handling callback */
158 void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
bcd5abe2
RG		 159 void (*prev_data)(struct gsm_dlci *dlci, u8 *data, int len);
160 struct net_device *net; /* network interface, if created */
e1eaea46
AC		 161};
162
163/* DLCI 0, 62/63 are special or reseved see gsmtty_open */
164
165#define NUM_DLCI 64
166
167/*
168 * DLCI 0 is used to pass control blocks out of band of the data
169 * flow (and with a higher link priority). One command can be outstanding
170 * at a time and we use this structure to manage them. They are created
171 * and destroyed by the user context, and updated by the receive paths
172 * and timers
173 */
174
175struct gsm_control {
176 u8 cmd; /* Command we are issuing */
177 u8 *data; /* Data for the command in case we retransmit */
178 int len; /* Length of block for retransmission */
179 int done; /* Done flag */
180 int error; /* Error if any */
181};
182
183/*
184 * Each GSM mux we have is represented by this structure. If we are
185 * operating as an ldisc then we use this structure as our ldisc
186 * state. We need to sort out lifetimes and locking with respect
187 * to the gsm mux array. For now we don't free DLCI objects that
188 * have been instantiated until the mux itself is terminated.
189 *
190 * To consider further: tty open versus mux shutdown.
191 */
192
193struct gsm_mux {
194 struct tty_struct *tty; /* The tty our ldisc is bound to */
195 spinlock_t lock;
d50f6dca 196 unsigned int num;
6ab8fba7 197 struct kref ref;
e1eaea46
AC		 198
199 /* Events on the GSM channel */
200 wait_queue_head_t event;
201
202 /* Bits for GSM mode decoding */
203
204 /* Framing Layer */
205 unsigned char *buf;
206 int state;
207#define GSM_SEARCH 0
208#define GSM_START 1
209#define GSM_ADDRESS 2
210#define GSM_CONTROL 3
211#define GSM_LEN 4
212#define GSM_DATA 5
213#define GSM_FCS 6
214#define GSM_OVERRUN 7
c2f2f000
AC		 215#define GSM_LEN0 8
216#define GSM_LEN1 9
217#define GSM_SSOF 10
e1eaea46
AC		 218 unsigned int len;
219 unsigned int address;
220 unsigned int count;
221 int escape;
222 int encoding;
223 u8 control;
224 u8 fcs;
c2f2f000 225 u8 received_fcs;
e1eaea46
AC		 226 u8 *txframe; /* TX framing buffer */
227
228 /* Methods for the receiver side */
229 void (*receive)(struct gsm_mux *gsm, u8 ch);
230 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
231 /* And transmit side */
232 int (*output)(struct gsm_mux *mux, u8 *data, int len);
233
234 /* Link Layer */
235 unsigned int mru;
236 unsigned int mtu;
237 int initiator; /* Did we initiate connection */
238 int dead; /* Has the mux been shut down */
239 struct gsm_dlci *dlci[NUM_DLCI];
240 int constipated; /* Asked by remote to shut up */
241
242 spinlock_t tx_lock;
243 unsigned int tx_bytes; /* TX data outstanding */
244#define TX_THRESH_HI 8192
245#define TX_THRESH_LO 2048
246 struct gsm_msg *tx_head; /* Pending data packets */
247 struct gsm_msg *tx_tail;
248
249 /* Control messages */
250 struct timer_list t2_timer; /* Retransmit timer for commands */
251 int cretries; /* Command retry counter */
252 struct gsm_control *pending_cmd;/* Our current pending command */
253 spinlock_t control_lock; /* Protects the pending command */
254
255 /* Configuration */
256 int adaption; /* 1 or 2 supported */
257 u8 ftype; /* UI or UIH */
258 int t1, t2; /* Timers in 1/100th of a sec */
259 int n2; /* Retry count */
260
261 /* Statistics (not currently exposed) */
262 unsigned long bad_fcs;
263 unsigned long malformed;
264 unsigned long io_error;
265 unsigned long bad_size;
266 unsigned long unsupported;
267};
268
269
270/*
271 * Mux objects - needed so that we can translate a tty index into the
272 * relevant mux and DLCI.
273 */
274
275#define MAX_MUX 4 /* 256 minors */
276static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
277static spinlock_t gsm_mux_lock;
278
d50f6dca
RG		 279static struct tty_driver *gsm_tty_driver;
280
e1eaea46
AC		 281/*
282 * This section of the driver logic implements the GSM encodings
283 * both the basic and the 'advanced'. Reliable transport is not
284 * supported.
285 */
286
287#define CR 0x02
288#define EA 0x01
289#define PF 0x10
290
291/* I is special: the rest are ..*/
292#define RR 0x01
293#define UI 0x03
294#define RNR 0x05
295#define REJ 0x09
296#define DM 0x0F
297#define SABM 0x2F
298#define DISC 0x43
299#define UA 0x63
300#define UIH 0xEF
301
302/* Channel commands */
303#define CMD_NSC 0x09
304#define CMD_TEST 0x11
305#define CMD_PSC 0x21
306#define CMD_RLS 0x29
307#define CMD_FCOFF 0x31
308#define CMD_PN 0x41
309#define CMD_RPN 0x49
310#define CMD_FCON 0x51
311#define CMD_CLD 0x61
312#define CMD_SNC 0x69
313#define CMD_MSC 0x71
314
315/* Virtual modem bits */
316#define MDM_FC 0x01
317#define MDM_RTC 0x02
318#define MDM_RTR 0x04
319#define MDM_IC 0x20
320#define MDM_DV 0x40
321
322#define GSM0_SOF 0xF9
5f9a31d6 323#define GSM1_SOF 0x7E
e1eaea46
AC		 324#define GSM1_ESCAPE 0x7D
325#define GSM1_ESCAPE_BITS 0x20
326#define XON 0x11
327#define XOFF 0x13
328
329static const struct tty_port_operations gsm_port_ops;
330
331/*
332 * CRC table for GSM 0710
333 */
334
335static const u8 gsm_fcs8[256] = {
336 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
337 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
338 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
339 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
340 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
341 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
342 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
343 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
344 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
345 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
346 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
347 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
348 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
349 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
350 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
351 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
352 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
353 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
354 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
355 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
356 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
357 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
358 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
359 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
360 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
361 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
362 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
363 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
364 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
365 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
366 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
367 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
368};
369
370#define INIT_FCS 0xFF
371#define GOOD_FCS 0xCF
372
373/**
374 * gsm_fcs_add - update FCS
375 * @fcs: Current FCS
376 * @c: Next data
377 *
378 * Update the FCS to include c. Uses the algorithm in the specification
379 * notes.
380 */
381
382static inline u8 gsm_fcs_add(u8 fcs, u8 c)
383{
384 return gsm_fcs8[fcs ^ c];
385}
386
387/**
388 * gsm_fcs_add_block - update FCS for a block
389 * @fcs: Current FCS
390 * @c: buffer of data
391 * @len: length of buffer
392 *
393 * Update the FCS to include c. Uses the algorithm in the specification
394 * notes.
395 */
396
397static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
398{
399 while (len--)
400 fcs = gsm_fcs8[fcs ^ *c++];
401 return fcs;
402}
403
404/**
405 * gsm_read_ea - read a byte into an EA
406 * @val: variable holding value
407 * c: byte going into the EA
408 *
409 * Processes one byte of an EA. Updates the passed variable
410 * and returns 1 if the EA is now completely read
411 */
412
413static int gsm_read_ea(unsigned int *val, u8 c)
414{
415 /* Add the next 7 bits into the value */
416 *val <<= 7;
417 *val |= c >> 1;
418 /* Was this the last byte of the EA 1 = yes*/
419 return c & EA;
420}
421
422/**
423 * gsm_encode_modem - encode modem data bits
424 * @dlci: DLCI to encode from
425 *
426 * Returns the correct GSM encoded modem status bits (6 bit field) for
427 * the current status of the DLCI and attached tty object
428 */
429
430static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
431{
432 u8 modembits = 0;
433 /* FC is true flow control not modem bits */
434 if (dlci->throttled)
435 modembits |= MDM_FC;
436 if (dlci->modem_tx & TIOCM_DTR)
437 modembits |= MDM_RTC;
438 if (dlci->modem_tx & TIOCM_RTS)
439 modembits |= MDM_RTR;
440 if (dlci->modem_tx & TIOCM_RI)
441 modembits |= MDM_IC;
442 if (dlci->modem_tx & TIOCM_CD)
443 modembits |= MDM_DV;
444 return modembits;
445}
446
447/**
448 * gsm_print_packet - display a frame for debug
449 * @hdr: header to print before decode
450 * @addr: address EA from the frame
451 * @cr: C/R bit from the frame
452 * @control: control including PF bit
453 * @data: following data bytes
454 * @dlen: length of data
455 *
456 * Displays a packet in human readable format for debugging purposes. The
457 * style is based on amateur radio LAP-B dump display.
458 */
459
460static void gsm_print_packet(const char *hdr, int addr, int cr,
461 u8 control, const u8 *data, int dlen)
462{
463 if (!(debug & 1))
464 return;
465
5f9a31d6 466 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
e1eaea46
AC		 467
468 switch (control & ~PF) {
469 case SABM:
5f9a31d6 470 pr_cont("SABM");
e1eaea46
AC		 471 break;
472 case UA:
5f9a31d6 473 pr_cont("UA");
e1eaea46
AC		 474 break;
475 case DISC:
5f9a31d6 476 pr_cont("DISC");
e1eaea46
AC		 477 break;
478 case DM:
5f9a31d6 479 pr_cont("DM");
e1eaea46
AC		 480 break;
481 case UI:
5f9a31d6 482 pr_cont("UI");
e1eaea46
AC		 483 break;
484 case UIH:
5f9a31d6 485 pr_cont("UIH");
e1eaea46
AC		 486 break;
487 default:
488 if (!(control & 0x01)) {
5f9a31d6
AC		 489 pr_cont("I N(S)%d N(R)%d",
490 (control & 0x0E) >> 1, (control & 0xE) >> 5);
e1eaea46 491 } else switch (control & 0x0F) {
5f9a31d6
AC		 492 case RR:
493 pr_cont("RR(%d)", (control & 0xE0) >> 5);
494 break;
495 case RNR:
496 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
497 break;
498 case REJ:
499 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
500 break;
501 default:
502 pr_cont("[%02X]", control);
e1eaea46
AC		 503 }
504 }
505
506 if (control & PF)
5f9a31d6 507 pr_cont("(P)");
e1eaea46 508 else
5f9a31d6 509 pr_cont("(F)");
e1eaea46
AC		 510
511 if (dlen) {
512 int ct = 0;
513 while (dlen--) {
5f9a31d6
AC		 514 if (ct % 8 == 0) {
515 pr_cont("\n");
516 pr_debug(" ");
517 }
518 pr_cont("%02X ", *data++);
e1eaea46
AC		 519 ct++;
520 }
521 }
5f9a31d6 522 pr_cont("\n");
e1eaea46
AC		 523}
524
525
526/*
527 * Link level transmission side
528 */
529
530/**
531 * gsm_stuff_packet - bytestuff a packet
532 * @ibuf: input
533 * @obuf: output
534 * @len: length of input
535 *
536 * Expand a buffer by bytestuffing it. The worst case size change
537 * is doubling and the caller is responsible for handing out
538 * suitable sized buffers.
539 */
540
541static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
542{
543 int olen = 0;
544 while (len--) {
545 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
546 || *input == XON || *input == XOFF) {
547 *output++ = GSM1_ESCAPE;
548 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
549 olen++;
550 } else
551 *output++ = *input++;
552 olen++;
553 }
554 return olen;
555}
556
e1eaea46
AC		 557/**
558 * gsm_send - send a control frame
559 * @gsm: our GSM mux
560 * @addr: address for control frame
561 * @cr: command/response bit
562 * @control: control byte including PF bit
563 *
564 * Format up and transmit a control frame. These do not go via the
565 * queueing logic as they should be transmitted ahead of data when
566 * they are needed.
567 *
568 * FIXME: Lock versus data TX path
569 */
570
571static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
572{
573 int len;
574 u8 cbuf[10];
575 u8 ibuf[3];
576
577 switch (gsm->encoding) {
578 case 0:
579 cbuf[0] = GSM0_SOF;
580 cbuf[1] = (addr << 2) | (cr << 1) | EA;
581 cbuf[2] = control;
582 cbuf[3] = EA; /* Length of data = 0 */
583 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
584 cbuf[5] = GSM0_SOF;
585 len = 6;
586 break;
587 case 1:
588 case 2:
589 /* Control frame + packing (but not frame stuffing) in mode 1 */
590 ibuf[0] = (addr << 2) | (cr << 1) | EA;
591 ibuf[1] = control;
592 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
593 /* Stuffing may double the size worst case */
594 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
595 /* Now add the SOF markers */
596 cbuf[0] = GSM1_SOF;
597 cbuf[len + 1] = GSM1_SOF;
598 /* FIXME: we can omit the lead one in many cases */
599 len += 2;
600 break;
601 default:
602 WARN_ON(1);
603 return;
604 }
605 gsm->output(gsm, cbuf, len);
606 gsm_print_packet("-->", addr, cr, control, NULL, 0);
607}
608
609/**
610 * gsm_response - send a control response
611 * @gsm: our GSM mux
612 * @addr: address for control frame
613 * @control: control byte including PF bit
614 *
615 * Format up and transmit a link level response frame.
616 */
617
618static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
619{
620 gsm_send(gsm, addr, 0, control);
621}
622
623/**
624 * gsm_command - send a control command
625 * @gsm: our GSM mux
626 * @addr: address for control frame
627 * @control: control byte including PF bit
628 *
629 * Format up and transmit a link level command frame.
630 */
631
632static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
633{
634 gsm_send(gsm, addr, 1, control);
635}
636
637/* Data transmission */
638
639#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
640
641/**
642 * gsm_data_alloc - allocate data frame
643 * @gsm: GSM mux
644 * @addr: DLCI address
645 * @len: length excluding header and FCS
646 * @ctrl: control byte
647 *
648 * Allocate a new data buffer for sending frames with data. Space is left
649 * at the front for header bytes but that is treated as an implementation
650 * detail and not for the high level code to use
651 */
652
653static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
654 u8 ctrl)
655{
656 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
657 GFP_ATOMIC);
658 if (m == NULL)
659 return NULL;
660 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
661 m->len = len;
662 m->addr = addr;
663 m->ctrl = ctrl;
664 m->next = NULL;
665 return m;
666}
667
668/**
669 * gsm_data_kick - poke the queue
670 * @gsm: GSM Mux
671 *
672 * The tty device has called us to indicate that room has appeared in
673 * the transmit queue. Ram more data into the pipe if we have any
674 *
675 * FIXME: lock against link layer control transmissions
676 */
677
678static void gsm_data_kick(struct gsm_mux *gsm)
679{
680 struct gsm_msg *msg = gsm->tx_head;
681 int len;
682 int skip_sof = 0;
683
684 /* FIXME: We need to apply this solely to data messages */
685 if (gsm->constipated)
686 return;
687
688 while (gsm->tx_head != NULL) {
689 msg = gsm->tx_head;
690 if (gsm->encoding != 0) {
691 gsm->txframe[0] = GSM1_SOF;
692 len = gsm_stuff_frame(msg->data,
693 gsm->txframe + 1, msg->len);
694 gsm->txframe[len + 1] = GSM1_SOF;
695 len += 2;
696 } else {
697 gsm->txframe[0] = GSM0_SOF;
698 memcpy(gsm->txframe + 1 , msg->data, msg->len);
699 gsm->txframe[msg->len + 1] = GSM0_SOF;
700 len = msg->len + 2;
701 }
702
0a77c4f9
JP		 703 if (debug & 4)
704 print_hex_dump_bytes("gsm_data_kick: ",
705 DUMP_PREFIX_OFFSET,
706 gsm->txframe, len);
e1eaea46
AC		 707
708 if (gsm->output(gsm, gsm->txframe + skip_sof,
709 len - skip_sof) < 0)
710 break;
711 /* FIXME: Can eliminate one SOF in many more cases */
712 gsm->tx_head = msg->next;
713 if (gsm->tx_head == NULL)
714 gsm->tx_tail = NULL;
715 gsm->tx_bytes -= msg->len;
716 kfree(msg);
717 /* For a burst of frames skip the extra SOF within the
718 burst */
719 skip_sof = 1;
720 }
721}
722
723/**
724 * __gsm_data_queue - queue a UI or UIH frame
725 * @dlci: DLCI sending the data
726 * @msg: message queued
727 *
728 * Add data to the transmit queue and try and get stuff moving
729 * out of the mux tty if not already doing so. The Caller must hold
730 * the gsm tx lock.
731 */
732
733static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
734{
735 struct gsm_mux *gsm = dlci->gsm;
736 u8 *dp = msg->data;
737 u8 *fcs = dp + msg->len;
738
739 /* Fill in the header */
740 if (gsm->encoding == 0) {
741 if (msg->len < 128)
742 *--dp = (msg->len << 1) | EA;
743 else {
be7a7411
KM		 744 *--dp = (msg->len >> 7); /* bits 7 - 15 */
745 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
e1eaea46
AC		 746 }
747 }
748
749 *--dp = msg->ctrl;
750 if (gsm->initiator)
751 *--dp = (msg->addr << 2) | 2 | EA;
752 else
753 *--dp = (msg->addr << 2) | EA;
754 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
755 /* Ugly protocol layering violation */
756 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
757 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
758 *fcs = 0xFF - *fcs;
759
760 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
761 msg->data, msg->len);
762
763 /* Move the header back and adjust the length, also allow for the FCS
764 now tacked on the end */
765 msg->len += (msg->data - dp) + 1;
766 msg->data = dp;
767
768 /* Add to the actual output queue */
769 if (gsm->tx_tail)
770 gsm->tx_tail->next = msg;
771 else
772 gsm->tx_head = msg;
773 gsm->tx_tail = msg;
774 gsm->tx_bytes += msg->len;
775 gsm_data_kick(gsm);
776}
777
778/**
779 * gsm_data_queue - queue a UI or UIH frame
780 * @dlci: DLCI sending the data
781 * @msg: message queued
782 *
783 * Add data to the transmit queue and try and get stuff moving
784 * out of the mux tty if not already doing so. Take the
785 * the gsm tx lock and dlci lock.
786 */
787
788static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
789{
790 unsigned long flags;
791 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
792 __gsm_data_queue(dlci, msg);
793 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
794}
795
796/**
797 * gsm_dlci_data_output - try and push data out of a DLCI
798 * @gsm: mux
799 * @dlci: the DLCI to pull data from
800 *
801 * Pull data from a DLCI and send it into the transmit queue if there
802 * is data. Keep to the MRU of the mux. This path handles the usual tty
803 * interface which is a byte stream with optional modem data.
804 *
805 * Caller must hold the tx_lock of the mux.
806 */
807
808static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
809{
810 struct gsm_msg *msg;
811 u8 *dp;
812 int len, size;
813 int h = dlci->adaption - 1;
814
815 len = kfifo_len(dlci->fifo);
816 if (len == 0)
817 return 0;
818
819 /* MTU/MRU count only the data bits */
820 if (len > gsm->mtu)
821 len = gsm->mtu;
822
823 size = len + h;
824
825 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
826 /* FIXME: need a timer or something to kick this so it can't
827 get stuck with no work outstanding and no buffer free */
828 if (msg == NULL)
829 return -ENOMEM;
830 dp = msg->data;
831 switch (dlci->adaption) {
832 case 1: /* Unstructured */
833 break;
834 case 2: /* Unstructed with modem bits. Always one byte as we never
835 send inline break data */
f37ac5a1 836 *dp++ = gsm_encode_modem(dlci);
e1eaea46
AC		 837 break;
838 }
839 WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
840 __gsm_data_queue(dlci, msg);
841 /* Bytes of data we used up */
842 return size;
843}
844
845/**
846 * gsm_dlci_data_output_framed - try and push data out of a DLCI
847 * @gsm: mux
848 * @dlci: the DLCI to pull data from
849 *
850 * Pull data from a DLCI and send it into the transmit queue if there
851 * is data. Keep to the MRU of the mux. This path handles framed data
852 * queued as skbuffs to the DLCI.
853 *
854 * Caller must hold the tx_lock of the mux.
855 */
856
857static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
858 struct gsm_dlci *dlci)
859{
860 struct gsm_msg *msg;
861 u8 *dp;
862 int len, size;
863 int last = 0, first = 0;
864 int overhead = 0;
865
866 /* One byte per frame is used for B/F flags */
867 if (dlci->adaption == 4)
868 overhead = 1;
869
870 /* dlci->skb is locked by tx_lock */
871 if (dlci->skb == NULL) {
872 dlci->skb = skb_dequeue(&dlci->skb_list);
873 if (dlci->skb == NULL)
874 return 0;
875 first = 1;
876 }
877 len = dlci->skb->len + overhead;
878
879 /* MTU/MRU count only the data bits */
880 if (len > gsm->mtu) {
881 if (dlci->adaption == 3) {
882 /* Over long frame, bin it */
883 kfree_skb(dlci->skb);
884 dlci->skb = NULL;
885 return 0;
886 }
887 len = gsm->mtu;
888 } else
889 last = 1;
890
891 size = len + overhead;
892 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
893
894 /* FIXME: need a timer or something to kick this so it can't
895 get stuck with no work outstanding and no buffer free */
896 if (msg == NULL)
897 return -ENOMEM;
898 dp = msg->data;
899
900 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
901 /* Flag byte to carry the start/end info */
902 *dp++ = last << 7 | first << 6 | 1; /* EA */
903 len--;
904 }
57f2104f
RG		 905 memcpy(dp, dlci->skb->data, len);
906 skb_pull(dlci->skb, len);
e1eaea46 907 __gsm_data_queue(dlci, msg);
bcd5abe2
RG		 908 if (last) {
909 kfree_skb(dlci->skb);
e1eaea46 910 dlci->skb = NULL;
bcd5abe2 911 }
e1eaea46
AC		 912 return size;
913}
914
915/**
916 * gsm_dlci_data_sweep - look for data to send
917 * @gsm: the GSM mux
918 *
919 * Sweep the GSM mux channels in priority order looking for ones with
920 * data to send. We could do with optimising this scan a bit. We aim
921 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
922 * TX_THRESH_LO we get called again
923 *
924 * FIXME: We should round robin between groups and in theory you can
925 * renegotiate DLCI priorities with optional stuff. Needs optimising.
926 */
927
928static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
929{
930 int len;
931 /* Priority ordering: We should do priority with RR of the groups */
932 int i = 1;
e1eaea46 933
e1eaea46
AC		 934 while (i < NUM_DLCI) {
935 struct gsm_dlci *dlci;
936
937 if (gsm->tx_bytes > TX_THRESH_HI)
938 break;
939 dlci = gsm->dlci[i];
940 if (dlci == NULL || dlci->constipated) {
941 i++;
942 continue;
943 }
bcd5abe2 944 if (dlci->adaption < 3 && !dlci->net)
e1eaea46
AC		 945 len = gsm_dlci_data_output(gsm, dlci);
946 else
947 len = gsm_dlci_data_output_framed(gsm, dlci);
948 if (len < 0)
e73790a5 949 break;
e1eaea46
AC		 950 /* DLCI empty - try the next */
951 if (len == 0)
952 i++;
953 }
e1eaea46
AC		 954}
955
956/**
957 * gsm_dlci_data_kick - transmit if possible
958 * @dlci: DLCI to kick
959 *
960 * Transmit data from this DLCI if the queue is empty. We can't rely on
961 * a tty wakeup except when we filled the pipe so we need to fire off
962 * new data ourselves in other cases.
963 */
964
965static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
966{
967 unsigned long flags;
968
969 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
970 /* If we have nothing running then we need to fire up */
bcd5abe2
RG		 971 if (dlci->gsm->tx_bytes == 0) {
972 if (dlci->net)
973 gsm_dlci_data_output_framed(dlci->gsm, dlci);
974 else
975 gsm_dlci_data_output(dlci->gsm, dlci);
976 } else if (dlci->gsm->tx_bytes < TX_THRESH_LO)
e1eaea46
AC		 977 gsm_dlci_data_sweep(dlci->gsm);
978 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
979}
980
981/*
982 * Control message processing
983 */
984
985
986/**
987 * gsm_control_reply - send a response frame to a control
988 * @gsm: gsm channel
989 * @cmd: the command to use
990 * @data: data to follow encoded info
991 * @dlen: length of data
992 *
993 * Encode up and queue a UI/UIH frame containing our response.
994 */
995
996static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
997 int dlen)
998{
999 struct gsm_msg *msg;
1000 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
093d8046
KM		 1001 if (msg == NULL)
1002 return;
e1eaea46
AC		 1003 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1004 msg->data[1] = (dlen << 1) | EA;
1005 memcpy(msg->data + 2, data, dlen);
1006 gsm_data_queue(gsm->dlci[0], msg);
1007}
1008
1009/**
1010 * gsm_process_modem - process received modem status
1011 * @tty: virtual tty bound to the DLCI
1012 * @dlci: DLCI to affect
1013 * @modem: modem bits (full EA)
1014 *
1015 * Used when a modem control message or line state inline in adaption
1016 * layer 2 is processed. Sort out the local modem state and throttles
1017 */
1018
1019static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
7263287a 1020 u32 modem, int clen)
e1eaea46
AC		 1021{
1022 int mlines = 0;
7263287a
RG		 1023 u8 brk = 0;
1024
1025 /* The modem status command can either contain one octet (v.24 signals)
1026 or two octets (v.24 signals + break signals). The length field will
1027 either be 2 or 3 respectively. This is specified in section
1028 5.4.6.3.7 of the 27.010 mux spec. */
1029
1030 if (clen == 2)
1031 modem = modem & 0x7f;
1032 else {
1033 brk = modem & 0x7f;
1034 modem = (modem >> 7) & 0x7f;
1035 };
e1eaea46
AC		 1036
1037 /* Flow control/ready to communicate */
1038 if (modem & MDM_FC) {
1039 /* Need to throttle our output on this device */
1040 dlci->constipated = 1;
1041 }
1042 if (modem & MDM_RTC) {
1043 mlines |= TIOCM_DSR | TIOCM_DTR;
1044 dlci->constipated = 0;
1045 gsm_dlci_data_kick(dlci);
1046 }
1047 /* Map modem bits */
1048 if (modem & MDM_RTR)
1049 mlines |= TIOCM_RTS | TIOCM_CTS;
1050 if (modem & MDM_IC)
1051 mlines |= TIOCM_RI;
1052 if (modem & MDM_DV)
1053 mlines |= TIOCM_CD;
1054
1055 /* Carrier drop -> hangup */
1056 if (tty) {
1057 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1058 if (!(tty->termios->c_cflag & CLOCAL))
1059 tty_hangup(tty);
1060 if (brk & 0x01)
1061 tty_insert_flip_char(tty, 0, TTY_BREAK);
1062 }
1063 dlci->modem_rx = mlines;
1064}
1065
1066/**
1067 * gsm_control_modem - modem status received
1068 * @gsm: GSM channel
1069 * @data: data following command
1070 * @clen: command length
1071 *
1072 * We have received a modem status control message. This is used by
1073 * the GSM mux protocol to pass virtual modem line status and optionally
1074 * to indicate break signals. Unpack it, convert to Linux representation
1075 * and if need be stuff a break message down the tty.
1076 */
1077
1078static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1079{
1080 unsigned int addr = 0;
1081 unsigned int modem = 0;
1082 struct gsm_dlci *dlci;
1083 int len = clen;
1084 u8 *dp = data;
1085 struct tty_struct *tty;
1086
1087 while (gsm_read_ea(&addr, *dp++) == 0) {
1088 len--;
1089 if (len == 0)
1090 return;
1091 }
1092 /* Must be at least one byte following the EA */
1093 len--;
1094 if (len <= 0)
1095 return;
1096
1097 addr >>= 1;
1098 /* Closed port, or invalid ? */
1099 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1100 return;
1101 dlci = gsm->dlci[addr];
1102
1103 while (gsm_read_ea(&modem, *dp++) == 0) {
1104 len--;
1105 if (len == 0)
1106 return;
1107 }
1108 tty = tty_port_tty_get(&dlci->port);
7263287a 1109 gsm_process_modem(tty, dlci, modem, clen);
e1eaea46
AC		 1110 if (tty) {
1111 tty_wakeup(tty);
1112 tty_kref_put(tty);
1113 }
1114 gsm_control_reply(gsm, CMD_MSC, data, clen);
1115}
1116
1117/**
1118 * gsm_control_rls - remote line status
1119 * @gsm: GSM channel
1120 * @data: data bytes
1121 * @clen: data length
1122 *
1123 * The modem sends us a two byte message on the control channel whenever
1124 * it wishes to send us an error state from the virtual link. Stuff
1125 * this into the uplink tty if present
1126 */
1127
1128static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1129{
1130 struct tty_struct *tty;
1131 unsigned int addr = 0 ;
1132 u8 bits;
1133 int len = clen;
1134 u8 *dp = data;
1135
1136 while (gsm_read_ea(&addr, *dp++) == 0) {
1137 len--;
1138 if (len == 0)
1139 return;
1140 }
1141 /* Must be at least one byte following ea */
1142 len--;
1143 if (len <= 0)
1144 return;
1145 addr >>= 1;
1146 /* Closed port, or invalid ? */
1147 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1148 return;
1149 /* No error ? */
1150 bits = *dp;
1151 if ((bits & 1) == 0)
1152 return;
1153 /* See if we have an uplink tty */
1154 tty = tty_port_tty_get(&gsm->dlci[addr]->port);
1155
1156 if (tty) {
1157 if (bits & 2)
1158 tty_insert_flip_char(tty, 0, TTY_OVERRUN);
1159 if (bits & 4)
1160 tty_insert_flip_char(tty, 0, TTY_PARITY);
1161 if (bits & 8)
1162 tty_insert_flip_char(tty, 0, TTY_FRAME);
1163 tty_flip_buffer_push(tty);
1164 tty_kref_put(tty);
1165 }
1166 gsm_control_reply(gsm, CMD_RLS, data, clen);
1167}
1168
1169static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1170
1171/**
1172 * gsm_control_message - DLCI 0 control processing
1173 * @gsm: our GSM mux
1174 * @command: the command EA
1175 * @data: data beyond the command/length EAs
1176 * @clen: length
1177 *
1178 * Input processor for control messages from the other end of the link.
1179 * Processes the incoming request and queues a response frame or an
1180 * NSC response if not supported
1181 */
1182
1183static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1184 u8 *data, int clen)
1185{
1186 u8 buf[1];
1187 switch (command) {
1188 case CMD_CLD: {
1189 struct gsm_dlci *dlci = gsm->dlci[0];
1190 /* Modem wishes to close down */
1191 if (dlci) {
1192 dlci->dead = 1;
1193 gsm->dead = 1;
1194 gsm_dlci_begin_close(dlci);
1195 }
1196 }
1197 break;
1198 case CMD_TEST:
1199 /* Modem wishes to test, reply with the data */
1200 gsm_control_reply(gsm, CMD_TEST, data, clen);
1201 break;
1202 case CMD_FCON:
1203 /* Modem wants us to STFU */
1204 gsm->constipated = 1;
1205 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1206 break;
1207 case CMD_FCOFF:
1208 /* Modem can accept data again */
1209 gsm->constipated = 0;
1210 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1211 /* Kick the link in case it is idling */
1212 gsm_data_kick(gsm);
1213 break;
1214 case CMD_MSC:
1215 /* Out of band modem line change indicator for a DLCI */
1216 gsm_control_modem(gsm, data, clen);
1217 break;
1218 case CMD_RLS:
1219 /* Out of band error reception for a DLCI */
1220 gsm_control_rls(gsm, data, clen);
1221 break;
1222 case CMD_PSC:
1223 /* Modem wishes to enter power saving state */
1224 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1225 break;
1226 /* Optional unsupported commands */
1227 case CMD_PN: /* Parameter negotiation */
25985edc
LDM		 1228 case CMD_RPN: /* Remote port negotiation */
1229 case CMD_SNC: /* Service negotiation command */
e1eaea46
AC		 1230 default:
1231 /* Reply to bad commands with an NSC */
1232 buf[0] = command;
1233 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1234 break;
1235 }
1236}
1237
1238/**
1239 * gsm_control_response - process a response to our control
1240 * @gsm: our GSM mux
1241 * @command: the command (response) EA
1242 * @data: data beyond the command/length EA
1243 * @clen: length
1244 *
1245 * Process a response to an outstanding command. We only allow a single
1246 * control message in flight so this is fairly easy. All the clean up
1247 * is done by the caller, we just update the fields, flag it as done
1248 * and return
1249 */
1250
1251static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1252 u8 *data, int clen)
1253{
1254 struct gsm_control *ctrl;
1255 unsigned long flags;
1256
1257 spin_lock_irqsave(&gsm->control_lock, flags);
1258
1259 ctrl = gsm->pending_cmd;
1260 /* Does the reply match our command */
1261 command |= 1;
1262 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1263 /* Our command was replied to, kill the retry timer */
1264 del_timer(&gsm->t2_timer);
1265 gsm->pending_cmd = NULL;
1266 /* Rejected by the other end */
1267 if (command == CMD_NSC)
1268 ctrl->error = -EOPNOTSUPP;
1269 ctrl->done = 1;
1270 wake_up(&gsm->event);
1271 }
1272 spin_unlock_irqrestore(&gsm->control_lock, flags);
1273}
1274
1275/**
5f9a31d6 1276 * gsm_control_transmit - send control packet
e1eaea46
AC		 1277 * @gsm: gsm mux
1278 * @ctrl: frame to send
1279 *
1280 * Send out a pending control command (called under control lock)
1281 */
1282
1283static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1284{
ed43b47b 1285 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
e1eaea46
AC		 1286 if (msg == NULL)
1287 return;
1288 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1289 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1290 gsm_data_queue(gsm->dlci[0], msg);
1291}
1292
1293/**
1294 * gsm_control_retransmit - retransmit a control frame
1295 * @data: pointer to our gsm object
1296 *
1297 * Called off the T2 timer expiry in order to retransmit control frames
1298 * that have been lost in the system somewhere. The control_lock protects
1299 * us from colliding with another sender or a receive completion event.
1300 * In that situation the timer may still occur in a small window but
1301 * gsm->pending_cmd will be NULL and we just let the timer expire.
1302 */
1303
1304static void gsm_control_retransmit(unsigned long data)
1305{
1306 struct gsm_mux *gsm = (struct gsm_mux *)data;
1307 struct gsm_control *ctrl;
1308 unsigned long flags;
1309 spin_lock_irqsave(&gsm->control_lock, flags);
1310 ctrl = gsm->pending_cmd;
1311 if (ctrl) {
1312 gsm->cretries--;
1313 if (gsm->cretries == 0) {
1314 gsm->pending_cmd = NULL;
1315 ctrl->error = -ETIMEDOUT;
1316 ctrl->done = 1;
1317 spin_unlock_irqrestore(&gsm->control_lock, flags);
1318 wake_up(&gsm->event);
1319 return;
1320 }
1321 gsm_control_transmit(gsm, ctrl);
1322 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1323 }
1324 spin_unlock_irqrestore(&gsm->control_lock, flags);
1325}
1326
1327/**
1328 * gsm_control_send - send a control frame on DLCI 0
1329 * @gsm: the GSM channel
1330 * @command: command to send including CR bit
1331 * @data: bytes of data (must be kmalloced)
1332 * @len: length of the block to send
1333 *
1334 * Queue and dispatch a control command. Only one command can be
1335 * active at a time. In theory more can be outstanding but the matching
1336 * gets really complicated so for now stick to one outstanding.
1337 */
1338
1339static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1340 unsigned int command, u8 *data, int clen)
1341{
1342 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1343 GFP_KERNEL);
1344 unsigned long flags;
1345 if (ctrl == NULL)
1346 return NULL;
1347retry:
1348 wait_event(gsm->event, gsm->pending_cmd == NULL);
1349 spin_lock_irqsave(&gsm->control_lock, flags);
1350 if (gsm->pending_cmd != NULL) {
1351 spin_unlock_irqrestore(&gsm->control_lock, flags);
1352 goto retry;
1353 }
1354 ctrl->cmd = command;
1355 ctrl->data = data;
1356 ctrl->len = clen;
1357 gsm->pending_cmd = ctrl;
1358 gsm->cretries = gsm->n2;
1359 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1360 gsm_control_transmit(gsm, ctrl);
1361 spin_unlock_irqrestore(&gsm->control_lock, flags);
1362 return ctrl;
1363}
1364
1365/**
1366 * gsm_control_wait - wait for a control to finish
1367 * @gsm: GSM mux
1368 * @control: control we are waiting on
1369 *
1370 * Waits for the control to complete or time out. Frees any used
1371 * resources and returns 0 for success, or an error if the remote
1372 * rejected or ignored the request.
1373 */
1374
1375static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1376{
1377 int err;
1378 wait_event(gsm->event, control->done == 1);
1379 err = control->error;
1380 kfree(control);
1381 return err;
1382}
1383
1384
1385/*
1386 * DLCI level handling: Needs krefs
1387 */
1388
1389/*
1390 * State transitions and timers
1391 */
1392
1393/**
1394 * gsm_dlci_close - a DLCI has closed
1395 * @dlci: DLCI that closed
1396 *
1397 * Perform processing when moving a DLCI into closed state. If there
1398 * is an attached tty this is hung up
1399 */
1400
1401static void gsm_dlci_close(struct gsm_dlci *dlci)
1402{
1403 del_timer(&dlci->t1);
1404 if (debug & 8)
5f9a31d6 1405 pr_debug("DLCI %d goes closed.\n", dlci->addr);
e1eaea46
AC		 1406 dlci->state = DLCI_CLOSED;
1407 if (dlci->addr != 0) {
1408 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1409 if (tty) {
1410 tty_hangup(tty);
1411 tty_kref_put(tty);
1412 }
1413 kfifo_reset(dlci->fifo);
1414 } else
1415 dlci->gsm->dead = 1;
1416 wake_up(&dlci->gsm->event);
1417 /* A DLCI 0 close is a MUX termination so we need to kick that
1418 back to userspace somehow */
1419}
1420
1421/**
1422 * gsm_dlci_open - a DLCI has opened
1423 * @dlci: DLCI that opened
1424 *
1425 * Perform processing when moving a DLCI into open state.
1426 */
1427
1428static void gsm_dlci_open(struct gsm_dlci *dlci)
1429{
1430 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1431 open -> open */
1432 del_timer(&dlci->t1);
1433 /* This will let a tty open continue */
1434 dlci->state = DLCI_OPEN;
1435 if (debug & 8)
5f9a31d6 1436 pr_debug("DLCI %d goes open.\n", dlci->addr);
e1eaea46
AC		 1437 wake_up(&dlci->gsm->event);
1438}
1439
1440/**
1441 * gsm_dlci_t1 - T1 timer expiry
1442 * @dlci: DLCI that opened
1443 *
1444 * The T1 timer handles retransmits of control frames (essentially of
1445 * SABM and DISC). We resend the command until the retry count runs out
1446 * in which case an opening port goes back to closed and a closing port
1447 * is simply put into closed state (any further frames from the other
1448 * end will get a DM response)
1449 */
1450
1451static void gsm_dlci_t1(unsigned long data)
1452{
1453 struct gsm_dlci *dlci = (struct gsm_dlci *)data;
1454 struct gsm_mux *gsm = dlci->gsm;
1455
1456 switch (dlci->state) {
1457 case DLCI_OPENING:
1458 dlci->retries--;
1459 if (dlci->retries) {
1460 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1461 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1462 } else
1463 gsm_dlci_close(dlci);
1464 break;
1465 case DLCI_CLOSING:
1466 dlci->retries--;
1467 if (dlci->retries) {
1468 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1469 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1470 } else
1471 gsm_dlci_close(dlci);
1472 break;
1473 }
1474}
1475
1476/**
1477 * gsm_dlci_begin_open - start channel open procedure
1478 * @dlci: DLCI to open
1479 *
1480 * Commence opening a DLCI from the Linux side. We issue SABM messages
1481 * to the modem which should then reply with a UA, at which point we
1482 * will move into open state. Opening is done asynchronously with retry
1483 * running off timers and the responses.
1484 */
1485
1486static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1487{
1488 struct gsm_mux *gsm = dlci->gsm;
1489 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1490 return;
1491 dlci->retries = gsm->n2;
1492 dlci->state = DLCI_OPENING;
1493 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1494 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1495}
1496
1497/**
1498 * gsm_dlci_begin_close - start channel open procedure
1499 * @dlci: DLCI to open
1500 *
1501 * Commence closing a DLCI from the Linux side. We issue DISC messages
1502 * to the modem which should then reply with a UA, at which point we
1503 * will move into closed state. Closing is done asynchronously with retry
1504 * off timers. We may also receive a DM reply from the other end which
1505 * indicates the channel was already closed.
1506 */
1507
1508static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1509{
1510 struct gsm_mux *gsm = dlci->gsm;
1511 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1512 return;
1513 dlci->retries = gsm->n2;
1514 dlci->state = DLCI_CLOSING;
1515 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1516 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1517}
1518
1519/**
1520 * gsm_dlci_data - data arrived
1521 * @dlci: channel
1522 * @data: block of bytes received
1523 * @len: length of received block
1524 *
1525 * A UI or UIH frame has arrived which contains data for a channel
1526 * other than the control channel. If the relevant virtual tty is
1527 * open we shovel the bits down it, if not we drop them.
1528 */
1529
7263287a 1530static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
e1eaea46
AC		 1531{
1532 /* krefs .. */
1533 struct tty_port *port = &dlci->port;
1534 struct tty_struct *tty = tty_port_tty_get(port);
1535 unsigned int modem = 0;
7263287a 1536 int len = clen;
e1eaea46
AC		 1537
1538 if (debug & 16)
5f9a31d6 1539 pr_debug("%d bytes for tty %p\n", len, tty);
e1eaea46
AC		 1540 if (tty) {
1541 switch (dlci->adaption) {
5f9a31d6
AC		 1542 /* Unsupported types */
1543 /* Packetised interruptible data */
1544 case 4:
1545 break;
1546 /* Packetised uininterruptible voice/data */
1547 case 3:
1548 break;
1549 /* Asynchronous serial with line state in each frame */
1550 case 2:
1551 while (gsm_read_ea(&modem, *data++) == 0) {
1552 len--;
1553 if (len == 0)
1554 return;
1555 }
7263287a 1556 gsm_process_modem(tty, dlci, modem, clen);
5f9a31d6
AC		 1557 /* Line state will go via DLCI 0 controls only */
1558 case 1:
1559 default:
1560 tty_insert_flip_string(tty, data, len);
1561 tty_flip_buffer_push(tty);
e1eaea46
AC		 1562 }
1563 tty_kref_put(tty);
1564 }
1565}
1566
1567/**
1568 * gsm_dlci_control - data arrived on control channel
1569 * @dlci: channel
1570 * @data: block of bytes received
1571 * @len: length of received block
1572 *
1573 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1574 * control channel. This should contain a command EA followed by
1575 * control data bytes. The command EA contains a command/response bit
1576 * and we divide up the work accordingly.
1577 */
1578
1579static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1580{
1581 /* See what command is involved */
1582 unsigned int command = 0;
1583 while (len-- > 0) {
1584 if (gsm_read_ea(&command, *data++) == 1) {
1585 int clen = *data++;
1586 len--;
1587 /* FIXME: this is properly an EA */
1588 clen >>= 1;
1589 /* Malformed command ? */
1590 if (clen > len)
1591 return;
1592 if (command & 1)
1593 gsm_control_message(dlci->gsm, command,
1594 data, clen);
1595 else
1596 gsm_control_response(dlci->gsm, command,
1597 data, clen);
1598 return;
1599 }
1600 }
1601}
1602
1603/*
1604 * Allocate/Free DLCI channels
1605 */
1606
1607/**
1608 * gsm_dlci_alloc - allocate a DLCI
1609 * @gsm: GSM mux
1610 * @addr: address of the DLCI
1611 *
1612 * Allocate and install a new DLCI object into the GSM mux.
1613 *
1614 * FIXME: review locking races
1615 */
1616
1617static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1618{
1619 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1620 if (dlci == NULL)
1621 return NULL;
1622 spin_lock_init(&dlci->lock);
6ab8fba7 1623 kref_init(&dlci->ref);
bcd5abe2 1624 mutex_init(&dlci->mutex);
e1eaea46
AC		 1625 dlci->fifo = &dlci->_fifo;
1626 if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1627 kfree(dlci);
1628 return NULL;
1629 }
1630
1631 skb_queue_head_init(&dlci->skb_list);
1632 init_timer(&dlci->t1);
1633 dlci->t1.function = gsm_dlci_t1;
1634 dlci->t1.data = (unsigned long)dlci;
1635 tty_port_init(&dlci->port);
1636 dlci->port.ops = &gsm_port_ops;
1637 dlci->gsm = gsm;
1638 dlci->addr = addr;
1639 dlci->adaption = gsm->adaption;
1640 dlci->state = DLCI_CLOSED;
1641 if (addr)
1642 dlci->data = gsm_dlci_data;
1643 else
1644 dlci->data = gsm_dlci_command;
1645 gsm->dlci[addr] = dlci;
1646 return dlci;
1647}
1648
1649/**
6ab8fba7
RG		 1650 * gsm_dlci_free - free DLCI
1651 * @dlci: DLCI to free
1652 *
1653 * Free up a DLCI.
1654 *
1655 * Can sleep.
1656 */
1657static void gsm_dlci_free(struct kref *ref)
1658{
1659 struct gsm_dlci *dlci = container_of(ref, struct gsm_dlci, ref);
1660
1661 del_timer_sync(&dlci->t1);
1662 dlci->gsm->dlci[dlci->addr] = NULL;
1663 kfifo_free(dlci->fifo);
1664 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1665 kfree_skb(dlci->skb);
1666 kfree(dlci);
1667}
1668
1669static inline void dlci_get(struct gsm_dlci *dlci)
1670{
1671 kref_get(&dlci->ref);
1672}
1673
1674static inline void dlci_put(struct gsm_dlci *dlci)
1675{
1676 kref_put(&dlci->ref, gsm_dlci_free);
1677}
1678
1679/**
1680 * gsm_dlci_release - release DLCI
e1eaea46
AC		 1681 * @dlci: DLCI to destroy
1682 *
6ab8fba7
RG		 1683 * Release a DLCI. Actual free is deferred until either
1684 * mux is closed or tty is closed - whichever is last.
e1eaea46
AC		 1685 *
1686 * Can sleep.
1687 */
6ab8fba7 1688static void gsm_dlci_release(struct gsm_dlci *dlci)
e1eaea46
AC		 1689{
1690 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1691 if (tty) {
1692 tty_vhangup(tty);
1693 tty_kref_put(tty);
1694 }
6ab8fba7 1695 dlci_put(dlci);
e1eaea46
AC		 1696}
1697
e1eaea46
AC		 1698/*
1699 * LAPBish link layer logic
1700 */
1701
1702/**
1703 * gsm_queue - a GSM frame is ready to process
1704 * @gsm: pointer to our gsm mux
1705 *
1706 * At this point in time a frame has arrived and been demangled from
1707 * the line encoding. All the differences between the encodings have
1708 * been handled below us and the frame is unpacked into the structures.
1709 * The fcs holds the header FCS but any data FCS must be added here.
1710 */
1711
1712static void gsm_queue(struct gsm_mux *gsm)
1713{
1714 struct gsm_dlci *dlci;
1715 u8 cr;
1716 int address;
1717 /* We have to sneak a look at the packet body to do the FCS.
1718 A somewhat layering violation in the spec */
1719
1720 if ((gsm->control & ~PF) == UI)
1721 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
9db4e438
MK		 1722 if (gsm->encoding == 0){
1723 /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
1724 In this case it contain the last piece of data
1725 required to generate final CRC */
1726 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1727 }
e1eaea46
AC		 1728 if (gsm->fcs != GOOD_FCS) {
1729 gsm->bad_fcs++;
1730 if (debug & 4)
5f9a31d6 1731 pr_debug("BAD FCS %02x\n", gsm->fcs);
e1eaea46
AC		 1732 return;
1733 }
1734 address = gsm->address >> 1;
1735 if (address >= NUM_DLCI)
1736 goto invalid;
1737
1738 cr = gsm->address & 1; /* C/R bit */
1739
1740 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1741
1742 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1743 dlci = gsm->dlci[address];
1744
1745 switch (gsm->control) {
1746 case SABM|PF:
1747 if (cr == 0)
1748 goto invalid;
1749 if (dlci == NULL)
1750 dlci = gsm_dlci_alloc(gsm, address);
1751 if (dlci == NULL)
1752 return;
1753 if (dlci->dead)
1754 gsm_response(gsm, address, DM);
1755 else {
1756 gsm_response(gsm, address, UA);
1757 gsm_dlci_open(dlci);
1758 }
1759 break;
1760 case DISC|PF:
1761 if (cr == 0)
1762 goto invalid;
1763 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1764 gsm_response(gsm, address, DM);
1765 return;
1766 }
1767 /* Real close complete */
1768 gsm_response(gsm, address, UA);
1769 gsm_dlci_close(dlci);
1770 break;
1771 case UA:
1772 case UA|PF:
1773 if (cr == 0 || dlci == NULL)
1774 break;
1775 switch (dlci->state) {
1776 case DLCI_CLOSING:
1777 gsm_dlci_close(dlci);
1778 break;
1779 case DLCI_OPENING:
1780 gsm_dlci_open(dlci);
1781 break;
1782 }
1783 break;
1784 case DM: /* DM can be valid unsolicited */
1785 case DM|PF:
1786 if (cr)
1787 goto invalid;
1788 if (dlci == NULL)
1789 return;
1790 gsm_dlci_close(dlci);
1791 break;
1792 case UI:
1793 case UI|PF:
1794 case UIH:
1795 case UIH|PF:
1796#if 0
1797 if (cr)
1798 goto invalid;
1799#endif
1800 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1801 gsm_command(gsm, address, DM|PF);
1802 return;
1803 }
1804 dlci->data(dlci, gsm->buf, gsm->len);
1805 break;
1806 default:
1807 goto invalid;
1808 }
1809 return;
1810invalid:
1811 gsm->malformed++;
1812 return;
1813}
1814
1815
1816/**
1817 * gsm0_receive - perform processing for non-transparency
1818 * @gsm: gsm data for this ldisc instance
1819 * @c: character
1820 *
1821 * Receive bytes in gsm mode 0
1822 */
1823
1824static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1825{
c2f2f000
AC		 1826 unsigned int len;
1827
e1eaea46
AC		 1828 switch (gsm->state) {
1829 case GSM_SEARCH: /* SOF marker */
1830 if (c == GSM0_SOF) {
1831 gsm->state = GSM_ADDRESS;
1832 gsm->address = 0;
1833 gsm->len = 0;
1834 gsm->fcs = INIT_FCS;
1835 }
c2f2f000
AC		 1836 break;
1837 case GSM_ADDRESS: /* Address EA */
e1eaea46
AC		 1838 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1839 if (gsm_read_ea(&gsm->address, c))
1840 gsm->state = GSM_CONTROL;
1841 break;
1842 case GSM_CONTROL: /* Control Byte */
1843 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1844 gsm->control = c;
c2f2f000 1845 gsm->state = GSM_LEN0;
e1eaea46 1846 break;
c2f2f000 1847 case GSM_LEN0: /* Length EA */
e1eaea46
AC		 1848 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1849 if (gsm_read_ea(&gsm->len, c)) {
1850 if (gsm->len > gsm->mru) {
1851 gsm->bad_size++;
1852 gsm->state = GSM_SEARCH;
1853 break;
1854 }
1855 gsm->count = 0;
c2f2f000
AC		 1856 if (!gsm->len)
1857 gsm->state = GSM_FCS;
1858 else
1859 gsm->state = GSM_DATA;
1860 break;
e1eaea46 1861 }
c2f2f000
AC		 1862 gsm->state = GSM_LEN1;
1863 break;
1864 case GSM_LEN1:
1865 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1866 len = c;
1867 gsm->len |= len << 7;
1868 if (gsm->len > gsm->mru) {
1869 gsm->bad_size++;
1870 gsm->state = GSM_SEARCH;
1871 break;
e1eaea46 1872 }
c2f2f000
AC		 1873 gsm->count = 0;
1874 if (!gsm->len)
1875 gsm->state = GSM_FCS;
1876 else
1877 gsm->state = GSM_DATA;
e1eaea46
AC		 1878 break;
1879 case GSM_DATA: /* Data */
1880 gsm->buf[gsm->count++] = c;
1881 if (gsm->count == gsm->len)
1882 gsm->state = GSM_FCS;
1883 break;
1884 case GSM_FCS: /* FCS follows the packet */
c2f2f000 1885 gsm->received_fcs = c;
e1eaea46 1886 gsm_queue(gsm);
c2f2f000
AC		 1887 gsm->state = GSM_SSOF;
1888 break;
1889 case GSM_SSOF:
1890 if (c == GSM0_SOF) {
1891 gsm->state = GSM_SEARCH;
1892 break;
1893 }
e1eaea46
AC		 1894 break;
1895 }
1896}
1897
1898/**
c2f2f000 1899 * gsm1_receive - perform processing for non-transparency
e1eaea46
AC		 1900 * @gsm: gsm data for this ldisc instance
1901 * @c: character
1902 *
1903 * Receive bytes in mode 1 (Advanced option)
1904 */
1905
1906static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1907{
1908 if (c == GSM1_SOF) {
1909 /* EOF is only valid in frame if we have got to the data state
1910 and received at least one byte (the FCS) */
1911 if (gsm->state == GSM_DATA && gsm->count) {
1912 /* Extract the FCS */
1913 gsm->count--;
1914 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1915 gsm->len = gsm->count;
1916 gsm_queue(gsm);
1917 gsm->state = GSM_START;
1918 return;
1919 }
1920 /* Any partial frame was a runt so go back to start */
1921 if (gsm->state != GSM_START) {
1922 gsm->malformed++;
1923 gsm->state = GSM_START;
1924 }
1925 /* A SOF in GSM_START means we are still reading idling or
1926 framing bytes */
1927 return;
1928 }
1929
1930 if (c == GSM1_ESCAPE) {
1931 gsm->escape = 1;
1932 return;
1933 }
1934
1935 /* Only an unescaped SOF gets us out of GSM search */
1936 if (gsm->state == GSM_SEARCH)
1937 return;
1938
1939 if (gsm->escape) {
1940 c ^= GSM1_ESCAPE_BITS;
1941 gsm->escape = 0;
1942 }
1943 switch (gsm->state) {
1944 case GSM_START: /* First byte after SOF */
1945 gsm->address = 0;
1946 gsm->state = GSM_ADDRESS;
1947 gsm->fcs = INIT_FCS;
1948 /* Drop through */
1949 case GSM_ADDRESS: /* Address continuation */
1950 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1951 if (gsm_read_ea(&gsm->address, c))
1952 gsm->state = GSM_CONTROL;
1953 break;
1954 case GSM_CONTROL: /* Control Byte */
1955 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1956 gsm->control = c;
1957 gsm->count = 0;
1958 gsm->state = GSM_DATA;
1959 break;
1960 case GSM_DATA: /* Data */
5f9a31d6 1961 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
e1eaea46
AC		 1962 gsm->state = GSM_OVERRUN;
1963 gsm->bad_size++;
1964 } else
1965 gsm->buf[gsm->count++] = c;
1966 break;
1967 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
1968 break;
1969 }
1970}
1971
1972/**
1973 * gsm_error - handle tty error
1974 * @gsm: ldisc data
1975 * @data: byte received (may be invalid)
1976 * @flag: error received
1977 *
1978 * Handle an error in the receipt of data for a frame. Currently we just
1979 * go back to hunting for a SOF.
1980 *
1981 * FIXME: better diagnostics ?
1982 */
1983
1984static void gsm_error(struct gsm_mux *gsm,
1985 unsigned char data, unsigned char flag)
1986{
1987 gsm->state = GSM_SEARCH;
1988 gsm->io_error++;
1989}
1990
1991/**
1992 * gsm_cleanup_mux - generic GSM protocol cleanup
1993 * @gsm: our mux
1994 *
1995 * Clean up the bits of the mux which are the same for all framing
1996 * protocols. Remove the mux from the mux table, stop all the timers
1997 * and then shut down each device hanging up the channels as we go.
1998 */
1999
2000void gsm_cleanup_mux(struct gsm_mux *gsm)
2001{
2002 int i;
2003 struct gsm_dlci *dlci = gsm->dlci[0];
2004 struct gsm_msg *txq;
f17141fd 2005 struct gsm_control *gc;
e1eaea46
AC		 2006
2007 gsm->dead = 1;
2008
2009 spin_lock(&gsm_mux_lock);
2010 for (i = 0; i < MAX_MUX; i++) {
2011 if (gsm_mux[i] == gsm) {
2012 gsm_mux[i] = NULL;
2013 break;
2014 }
2015 }
2016 spin_unlock(&gsm_mux_lock);
2017 WARN_ON(i == MAX_MUX);
2018
f17141fd
AC		 2019 /* In theory disconnecting DLCI 0 is sufficient but for some
2020 modems this is apparently not the case. */
2021 if (dlci) {
2022 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2023 if (gc)
2024 gsm_control_wait(gsm, gc);
2025 }
e1eaea46
AC		 2026 del_timer_sync(&gsm->t2_timer);
2027 /* Now we are sure T2 has stopped */
2028 if (dlci) {
2029 dlci->dead = 1;
2030 gsm_dlci_begin_close(dlci);
2031 wait_event_interruptible(gsm->event,
2032 dlci->state == DLCI_CLOSED);
2033 }
2034 /* Free up any link layer users */
2035 for (i = 0; i < NUM_DLCI; i++)
2036 if (gsm->dlci[i])
6ab8fba7 2037 gsm_dlci_release(gsm->dlci[i]);
e1eaea46
AC		 2038 /* Now wipe the queues */
2039 for (txq = gsm->tx_head; txq != NULL; txq = gsm->tx_head) {
2040 gsm->tx_head = txq->next;
2041 kfree(txq);
2042 }
2043 gsm->tx_tail = NULL;
2044}
2045EXPORT_SYMBOL_GPL(gsm_cleanup_mux);
2046
2047/**
2048 * gsm_activate_mux - generic GSM setup
2049 * @gsm: our mux
2050 *
2051 * Set up the bits of the mux which are the same for all framing
2052 * protocols. Add the mux to the mux table so it can be opened and
2053 * finally kick off connecting to DLCI 0 on the modem.
2054 */
2055
2056int gsm_activate_mux(struct gsm_mux *gsm)
2057{
2058 struct gsm_dlci *dlci;
2059 int i = 0;
2060
2061 init_timer(&gsm->t2_timer);
2062 gsm->t2_timer.function = gsm_control_retransmit;
2063 gsm->t2_timer.data = (unsigned long)gsm;
2064 init_waitqueue_head(&gsm->event);
2065 spin_lock_init(&gsm->control_lock);
2066 spin_lock_init(&gsm->tx_lock);
2067
2068 if (gsm->encoding == 0)
2069 gsm->receive = gsm0_receive;
2070 else
2071 gsm->receive = gsm1_receive;
2072 gsm->error = gsm_error;
2073
2074 spin_lock(&gsm_mux_lock);
2075 for (i = 0; i < MAX_MUX; i++) {
2076 if (gsm_mux[i] == NULL) {
d50f6dca 2077 gsm->num = i;
e1eaea46
AC		 2078 gsm_mux[i] = gsm;
2079 break;
2080 }
2081 }
2082 spin_unlock(&gsm_mux_lock);
2083 if (i == MAX_MUX)
2084 return -EBUSY;
2085
2086 dlci = gsm_dlci_alloc(gsm, 0);
2087 if (dlci == NULL)
2088 return -ENOMEM;
2089 gsm->dead = 0; /* Tty opens are now permissible */
2090 return 0;
2091}
2092EXPORT_SYMBOL_GPL(gsm_activate_mux);
2093
2094/**
2095 * gsm_free_mux - free up a mux
2096 * @mux: mux to free
2097 *
6ab8fba7 2098 * Dispose of allocated resources for a dead mux
e1eaea46
AC		 2099 */
2100void gsm_free_mux(struct gsm_mux *gsm)
2101{
2102 kfree(gsm->txframe);
2103 kfree(gsm->buf);
2104 kfree(gsm);
2105}
2106EXPORT_SYMBOL_GPL(gsm_free_mux);
2107
6ab8fba7
RG		 2108/**
2109 * gsm_free_muxr - free up a mux
2110 * @mux: mux to free
2111 *
2112 * Dispose of allocated resources for a dead mux
2113 */
2114static void gsm_free_muxr(struct kref *ref)
2115{
2116 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2117 gsm_free_mux(gsm);
2118}
2119
2120static inline void mux_get(struct gsm_mux *gsm)
2121{
2122 kref_get(&gsm->ref);
2123}
2124
2125static inline void mux_put(struct gsm_mux *gsm)
2126{
2127 kref_put(&gsm->ref, gsm_free_muxr);
2128}
2129
e1eaea46
AC		 2130/**
2131 * gsm_alloc_mux - allocate a mux
2132 *
2133 * Creates a new mux ready for activation.
2134 */
2135
2136struct gsm_mux *gsm_alloc_mux(void)
2137{
2138 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2139 if (gsm == NULL)
2140 return NULL;
2141 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2142 if (gsm->buf == NULL) {
2143 kfree(gsm);
2144 return NULL;
2145 }
2146 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2147 if (gsm->txframe == NULL) {
2148 kfree(gsm->buf);
2149 kfree(gsm);
2150 return NULL;
2151 }
2152 spin_lock_init(&gsm->lock);
6ab8fba7 2153 kref_init(&gsm->ref);
e1eaea46
AC		 2154
2155 gsm->t1 = T1;
2156 gsm->t2 = T2;
2157 gsm->n2 = N2;
2158 gsm->ftype = UIH;
e1eaea46
AC		 2159 gsm->adaption = 1;
2160 gsm->encoding = 1;
2161 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2162 gsm->mtu = 64;
2163 gsm->dead = 1; /* Avoid early tty opens */
2164
2165 return gsm;
2166}
2167EXPORT_SYMBOL_GPL(gsm_alloc_mux);
2168
e1eaea46
AC		 2169/**
2170 * gsmld_output - write to link
2171 * @gsm: our mux
2172 * @data: bytes to output
2173 * @len: size
2174 *
2175 * Write a block of data from the GSM mux to the data channel. This
2176 * will eventually be serialized from above but at the moment isn't.
2177 */
2178
2179static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2180{
2181 if (tty_write_room(gsm->tty) < len) {
2182 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2183 return -ENOSPC;
2184 }
0a77c4f9
JP		 2185 if (debug & 4)
2186 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2187 data, len);
e1eaea46
AC		 2188 gsm->tty->ops->write(gsm->tty, data, len);
2189 return len;
2190}
2191
2192/**
2193 * gsmld_attach_gsm - mode set up
2194 * @tty: our tty structure
2195 * @gsm: our mux
2196 *
2197 * Set up the MUX for basic mode and commence connecting to the
2198 * modem. Currently called from the line discipline set up but
2199 * will need moving to an ioctl path.
2200 */
2201
2202static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2203{
d50f6dca
RG		 2204 int ret, i;
2205 int base = gsm->num << 6; /* Base for this MUX */
e1eaea46
AC		 2206
2207 gsm->tty = tty_kref_get(tty);
2208 gsm->output = gsmld_output;
2209 ret = gsm_activate_mux(gsm);
2210 if (ret != 0)
2211 tty_kref_put(gsm->tty);
d50f6dca
RG		 2212 else {
2213 /* Don't register device 0 - this is the control channel and not
2214 a usable tty interface */
2215 for (i = 1; i < NUM_DLCI; i++)
2216 tty_register_device(gsm_tty_driver, base + i, NULL);
2217 }
e1eaea46
AC		 2218 return ret;
2219}
2220
2221
2222/**
2223 * gsmld_detach_gsm - stop doing 0710 mux
70f23fd6 2224 * @tty: tty attached to the mux
e1eaea46
AC		 2225 * @gsm: mux
2226 *
2227 * Shutdown and then clean up the resources used by the line discipline
2228 */
2229
2230static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2231{
d50f6dca
RG		 2232 int i;
2233 int base = gsm->num << 6; /* Base for this MUX */
2234
e1eaea46 2235 WARN_ON(tty != gsm->tty);
d50f6dca
RG		 2236 for (i = 1; i < NUM_DLCI; i++)
2237 tty_unregister_device(gsm_tty_driver, base + i);
e1eaea46
AC		 2238 gsm_cleanup_mux(gsm);
2239 tty_kref_put(gsm->tty);
2240 gsm->tty = NULL;
2241}
2242
55db4c64
LT		 2243static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2244 char *fp, int count)
e1eaea46
AC		 2245{
2246 struct gsm_mux *gsm = tty->disc_data;
2247 const unsigned char *dp;
2248 char *f;
2249 int i;
2250 char buf[64];
2251 char flags;
2252
0a77c4f9
JP		 2253 if (debug & 4)
2254 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2255 cp, count);
e1eaea46
AC		 2256
2257 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2258 flags = *f++;
2259 switch (flags) {
2260 case TTY_NORMAL:
2261 gsm->receive(gsm, *dp);
2262 break;
2263 case TTY_OVERRUN:
2264 case TTY_BREAK:
2265 case TTY_PARITY:
2266 case TTY_FRAME:
2267 gsm->error(gsm, *dp, flags);
2268 break;
2269 default:
5f9a31d6 2270 WARN_ONCE("%s: unknown flag %d\n",
e1eaea46
AC		 2271 tty_name(tty, buf), flags);
2272 break;
2273 }
2274 }
2275 /* FASYNC if needed ? */
2276 /* If clogged call tty_throttle(tty); */
2277}
2278
2279/**
2280 * gsmld_chars_in_buffer - report available bytes
2281 * @tty: tty device
2282 *
2283 * Report the number of characters buffered to be delivered to user
2284 * at this instant in time.
2285 *
2286 * Locking: gsm lock
2287 */
2288
2289static ssize_t gsmld_chars_in_buffer(struct tty_struct *tty)
2290{
2291 return 0;
2292}
2293
2294/**
2295 * gsmld_flush_buffer - clean input queue
2296 * @tty: terminal device
2297 *
2298 * Flush the input buffer. Called when the line discipline is
2299 * being closed, when the tty layer wants the buffer flushed (eg
2300 * at hangup).
2301 */
2302
2303static void gsmld_flush_buffer(struct tty_struct *tty)
2304{
2305}
2306
2307/**
2308 * gsmld_close - close the ldisc for this tty
2309 * @tty: device
2310 *
2311 * Called from the terminal layer when this line discipline is
2312 * being shut down, either because of a close or becsuse of a
2313 * discipline change. The function will not be called while other
2314 * ldisc methods are in progress.
2315 */
2316
2317static void gsmld_close(struct tty_struct *tty)
2318{
2319 struct gsm_mux *gsm = tty->disc_data;
2320
2321 gsmld_detach_gsm(tty, gsm);
2322
2323 gsmld_flush_buffer(tty);
2324 /* Do other clean up here */
6ab8fba7 2325 mux_put(gsm);
e1eaea46
AC		 2326}
2327
2328/**
2329 * gsmld_open - open an ldisc
2330 * @tty: terminal to open
2331 *
2332 * Called when this line discipline is being attached to the
2333 * terminal device. Can sleep. Called serialized so that no
2334 * other events will occur in parallel. No further open will occur
2335 * until a close.
2336 */
2337
2338static int gsmld_open(struct tty_struct *tty)
2339{
2340 struct gsm_mux *gsm;
2341
2342 if (tty->ops->write == NULL)
2343 return -EINVAL;
2344
2345 /* Attach our ldisc data */
2346 gsm = gsm_alloc_mux();
2347 if (gsm == NULL)
2348 return -ENOMEM;
2349
2350 tty->disc_data = gsm;
2351 tty->receive_room = 65536;
2352
2353 /* Attach the initial passive connection */
2354 gsm->encoding = 1;
2355 return gsmld_attach_gsm(tty, gsm);
2356}
2357
2358/**
2359 * gsmld_write_wakeup - asynchronous I/O notifier
2360 * @tty: tty device
2361 *
2362 * Required for the ptys, serial driver etc. since processes
2363 * that attach themselves to the master and rely on ASYNC
2364 * IO must be woken up
2365 */
2366
2367static void gsmld_write_wakeup(struct tty_struct *tty)
2368{
2369 struct gsm_mux *gsm = tty->disc_data;
328be395 2370 unsigned long flags;
e1eaea46
AC		 2371
2372 /* Queue poll */
2373 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2374 gsm_data_kick(gsm);
328be395
DC		 2375 if (gsm->tx_bytes < TX_THRESH_LO) {
2376 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 2377 gsm_dlci_data_sweep(gsm);
328be395
DC		 2378 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2379 }
e1eaea46
AC		 2380}
2381
2382/**
2383 * gsmld_read - read function for tty
2384 * @tty: tty device
2385 * @file: file object
2386 * @buf: userspace buffer pointer
2387 * @nr: size of I/O
2388 *
2389 * Perform reads for the line discipline. We are guaranteed that the
2390 * line discipline will not be closed under us but we may get multiple
2391 * parallel readers and must handle this ourselves. We may also get
2392 * a hangup. Always called in user context, may sleep.
2393 *
2394 * This code must be sure never to sleep through a hangup.
2395 */
2396
2397static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2398 unsigned char __user *buf, size_t nr)
2399{
2400 return -EOPNOTSUPP;
2401}
2402
2403/**
2404 * gsmld_write - write function for tty
2405 * @tty: tty device
2406 * @file: file object
2407 * @buf: userspace buffer pointer
2408 * @nr: size of I/O
2409 *
2410 * Called when the owner of the device wants to send a frame
2411 * itself (or some other control data). The data is transferred
2412 * as-is and must be properly framed and checksummed as appropriate
2413 * by userspace. Frames are either sent whole or not at all as this
2414 * avoids pain user side.
2415 */
2416
2417static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2418 const unsigned char *buf, size_t nr)
2419{
2420 int space = tty_write_room(tty);
2421 if (space >= nr)
2422 return tty->ops->write(tty, buf, nr);
2423 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2424 return -ENOBUFS;
2425}
2426
2427/**
2428 * gsmld_poll - poll method for N_GSM0710
2429 * @tty: terminal device
2430 * @file: file accessing it
2431 * @wait: poll table
2432 *
2433 * Called when the line discipline is asked to poll() for data or
2434 * for special events. This code is not serialized with respect to
2435 * other events save open/close.
2436 *
2437 * This code must be sure never to sleep through a hangup.
2438 * Called without the kernel lock held - fine
2439 */
2440
2441static unsigned int gsmld_poll(struct tty_struct *tty, struct file *file,
2442 poll_table *wait)
2443{
2444 unsigned int mask = 0;
2445 struct gsm_mux *gsm = tty->disc_data;
2446
2447 poll_wait(file, &tty->read_wait, wait);
2448 poll_wait(file, &tty->write_wait, wait);
2449 if (tty_hung_up_p(file))
2450 mask |= POLLHUP;
2451 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2452 mask |= POLLOUT | POLLWRNORM;
2453 if (gsm->dead)
2454 mask |= POLLHUP;
2455 return mask;
2456}
2457
2458static int gsmld_config(struct tty_struct *tty, struct gsm_mux *gsm,
2459 struct gsm_config *c)
2460{
2461 int need_close = 0;
2462 int need_restart = 0;
2463
2464 /* Stuff we don't support yet - UI or I frame transport, windowing */
5f9a31d6 2465 if ((c->adaption != 1 && c->adaption != 2) || c->k)
e1eaea46
AC		 2466 return -EOPNOTSUPP;
2467 /* Check the MRU/MTU range looks sane */
2468 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2469 return -EINVAL;
2470 if (c->n2 < 3)
2471 return -EINVAL;
2472 if (c->encapsulation > 1) /* Basic, advanced, no I */
2473 return -EINVAL;
2474 if (c->initiator > 1)
2475 return -EINVAL;
2476 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2477 return -EINVAL;
2478 /*
2479 * See what is needed for reconfiguration
2480 */
2481
2482 /* Timing fields */
2483 if (c->t1 != 0 && c->t1 != gsm->t1)
2484 need_restart = 1;
2485 if (c->t2 != 0 && c->t2 != gsm->t2)
2486 need_restart = 1;
2487 if (c->encapsulation != gsm->encoding)
2488 need_restart = 1;
2489 if (c->adaption != gsm->adaption)
2490 need_restart = 1;
2491 /* Requires care */
2492 if (c->initiator != gsm->initiator)
2493 need_close = 1;
2494 if (c->mru != gsm->mru)
2495 need_restart = 1;
2496 if (c->mtu != gsm->mtu)
2497 need_restart = 1;
2498
2499 /*
2500 * Close down what is needed, restart and initiate the new
2501 * configuration
2502 */
2503
2504 if (need_close || need_restart) {
2505 gsm_dlci_begin_close(gsm->dlci[0]);
2506 /* This will timeout if the link is down due to N2 expiring */
2507 wait_event_interruptible(gsm->event,
2508 gsm->dlci[0]->state == DLCI_CLOSED);
2509 if (signal_pending(current))
2510 return -EINTR;
2511 }
2512 if (need_restart)
2513 gsm_cleanup_mux(gsm);
2514
2515 gsm->initiator = c->initiator;
2516 gsm->mru = c->mru;
91f78f36 2517 gsm->mtu = c->mtu;
e1eaea46
AC		 2518 gsm->encoding = c->encapsulation;
2519 gsm->adaption = c->adaption;
820e62ef 2520 gsm->n2 = c->n2;
e1eaea46
AC		 2521
2522 if (c->i == 1)
2523 gsm->ftype = UIH;
2524 else if (c->i == 2)
2525 gsm->ftype = UI;
2526
2527 if (c->t1)
2528 gsm->t1 = c->t1;
2529 if (c->t2)
2530 gsm->t2 = c->t2;
2531
2532 /* FIXME: We need to separate activation/deactivation from adding
2533 and removing from the mux array */
2534 if (need_restart)
2535 gsm_activate_mux(gsm);
2536 if (gsm->initiator && need_close)
2537 gsm_dlci_begin_open(gsm->dlci[0]);
2538 return 0;
2539}
2540
2541static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2542 unsigned int cmd, unsigned long arg)
2543{
2544 struct gsm_config c;
2545 struct gsm_mux *gsm = tty->disc_data;
2546
2547 switch (cmd) {
2548 case GSMIOC_GETCONF:
2549 memset(&c, 0, sizeof(c));
2550 c.adaption = gsm->adaption;
2551 c.encapsulation = gsm->encoding;
2552 c.initiator = gsm->initiator;
2553 c.t1 = gsm->t1;
2554 c.t2 = gsm->t2;
2555 c.t3 = 0; /* Not supported */
2556 c.n2 = gsm->n2;
2557 if (gsm->ftype == UIH)
2558 c.i = 1;
2559 else
2560 c.i = 2;
5f9a31d6 2561 pr_debug("Ftype %d i %d\n", gsm->ftype, c.i);
e1eaea46
AC		 2562 c.mru = gsm->mru;
2563 c.mtu = gsm->mtu;
2564 c.k = 0;
2565 if (copy_to_user((void *)arg, &c, sizeof(c)))
2566 return -EFAULT;
2567 return 0;
2568 case GSMIOC_SETCONF:
2569 if (copy_from_user(&c, (void *)arg, sizeof(c)))
2570 return -EFAULT;
2571 return gsmld_config(tty, gsm, &c);
2572 default:
2573 return n_tty_ioctl_helper(tty, file, cmd, arg);
2574 }
2575}
2576
bcd5abe2
RG		 2577/*
2578 * Network interface
2579 *
2580 */
2581
2582static int gsm_mux_net_open(struct net_device *net)
2583{
2584 pr_debug("%s called\n", __func__);
2585 netif_start_queue(net);
2586 return 0;
2587}
2588
2589static int gsm_mux_net_close(struct net_device *net)
2590{
2591 netif_stop_queue(net);
2592 return 0;
2593}
2594
2595static struct net_device_stats *gsm_mux_net_get_stats(struct net_device *net)
2596{
2597 return &((struct gsm_mux_net *)netdev_priv(net))->stats;
2598}
2599static void dlci_net_free(struct gsm_dlci *dlci)
2600{
2601 if (!dlci->net) {
2602 WARN_ON(1);
2603 return;
2604 }
2605 dlci->adaption = dlci->prev_adaption;
2606 dlci->data = dlci->prev_data;
2607 free_netdev(dlci->net);
2608 dlci->net = NULL;
2609}
2610static void net_free(struct kref *ref)
2611{
2612 struct gsm_mux_net *mux_net;
2613 struct gsm_dlci *dlci;
2614
2615 mux_net = container_of(ref, struct gsm_mux_net, ref);
2616 dlci = mux_net->dlci;
2617
2618 if (dlci->net) {
2619 unregister_netdev(dlci->net);
2620 dlci_net_free(dlci);
2621 }
2622}
2623
6ab8fba7
RG		 2624static inline void muxnet_get(struct gsm_mux_net *mux_net)
2625{
2626 kref_get(&mux_net->ref);
2627}
2628
2629static inline void muxnet_put(struct gsm_mux_net *mux_net)
2630{
2631 kref_put(&mux_net->ref, net_free);
2632}
2633
bcd5abe2
RG		 2634static int gsm_mux_net_start_xmit(struct sk_buff *skb,
2635 struct net_device *net)
2636{
2637 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2638 struct gsm_dlci *dlci = mux_net->dlci;
6ab8fba7 2639 muxnet_get(mux_net);
bcd5abe2
RG		 2640
2641 skb_queue_head(&dlci->skb_list, skb);
2642 STATS(net).tx_packets++;
2643 STATS(net).tx_bytes += skb->len;
2644 gsm_dlci_data_kick(dlci);
2645 /* And tell the kernel when the last transmit started. */
2646 net->trans_start = jiffies;
6ab8fba7 2647 muxnet_put(mux_net);
bcd5abe2
RG		 2648 return NETDEV_TX_OK;
2649}
2650
2651/* called when a packet did not ack after watchdogtimeout */
2652static void gsm_mux_net_tx_timeout(struct net_device *net)
2653{
2654 /* Tell syslog we are hosed. */
2655 dev_dbg(&net->dev, "Tx timed out.\n");
2656
2657 /* Update statistics */
2658 STATS(net).tx_errors++;
2659}
2660
2661static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2662 unsigned char *in_buf, int size)
2663{
2664 struct net_device *net = dlci->net;
2665 struct sk_buff *skb;
2666 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
6ab8fba7 2667 muxnet_get(mux_net);
bcd5abe2
RG		 2668
2669 /* Allocate an sk_buff */
2670 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2671 if (!skb) {
2672 /* We got no receive buffer. */
2673 STATS(net).rx_dropped++;
6ab8fba7 2674 muxnet_put(mux_net);
bcd5abe2
RG		 2675 return;
2676 }
2677 skb_reserve(skb, NET_IP_ALIGN);
2678 memcpy(skb_put(skb, size), in_buf, size);
2679
2680 skb->dev = net;
2681 skb->protocol = __constant_htons(ETH_P_IP);
2682
2683 /* Ship it off to the kernel */
2684 netif_rx(skb);
2685
2686 /* update out statistics */
2687 STATS(net).rx_packets++;
2688 STATS(net).rx_bytes += size;
6ab8fba7 2689 muxnet_put(mux_net);
bcd5abe2
RG		 2690 return;
2691}
2692
2693int gsm_change_mtu(struct net_device *net, int new_mtu)
2694{
2695 struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2696 if ((new_mtu < 8) || (new_mtu > mux_net->dlci->gsm->mtu))
2697 return -EINVAL;
2698 net->mtu = new_mtu;
2699 return 0;
2700}
2701
2702static void gsm_mux_net_init(struct net_device *net)
2703{
2704 static const struct net_device_ops gsm_netdev_ops = {
2705 .ndo_open = gsm_mux_net_open,
2706 .ndo_stop = gsm_mux_net_close,
2707 .ndo_start_xmit = gsm_mux_net_start_xmit,
2708 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2709 .ndo_get_stats = gsm_mux_net_get_stats,
2710 .ndo_change_mtu = gsm_change_mtu,
2711 };
2712
2713 net->netdev_ops = &gsm_netdev_ops;
2714
2715 /* fill in the other fields */
2716 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2717 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2718 net->type = ARPHRD_NONE;
2719 net->tx_queue_len = 10;
2720}
2721
2722
2723/* caller holds the dlci mutex */
2724static void gsm_destroy_network(struct gsm_dlci *dlci)
2725{
2726 struct gsm_mux_net *mux_net;
2727
2728 pr_debug("destroy network interface");
2729 if (!dlci->net)
2730 return;
2731 mux_net = (struct gsm_mux_net *)netdev_priv(dlci->net);
6ab8fba7 2732 muxnet_put(mux_net);
bcd5abe2
RG		 2733}
2734
2735
2736/* caller holds the dlci mutex */
2737static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2738{
2739 char *netname;
2740 int retval = 0;
2741 struct net_device *net;
2742 struct gsm_mux_net *mux_net;
2743
2744 if (!capable(CAP_NET_ADMIN))
2745 return -EPERM;
2746
2747 /* Already in a non tty mode */
2748 if (dlci->adaption > 2)
2749 return -EBUSY;
2750
2751 if (nc->protocol != htons(ETH_P_IP))
2752 return -EPROTONOSUPPORT;
2753
2754 if (nc->adaption != 3 && nc->adaption != 4)
2755 return -EPROTONOSUPPORT;
2756
2757 pr_debug("create network interface");
2758
2759 netname = "gsm%d";
2760 if (nc->if_name[0] != '\0')
2761 netname = nc->if_name;
2762 net = alloc_netdev(sizeof(struct gsm_mux_net),
2763 netname,
2764 gsm_mux_net_init);
2765 if (!net) {
2766 pr_err("alloc_netdev failed");
2767 return -ENOMEM;
2768 }
2769 net->mtu = dlci->gsm->mtu;
2770 mux_net = (struct gsm_mux_net *)netdev_priv(net);
2771 mux_net->dlci = dlci;
2772 kref_init(&mux_net->ref);
2773 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2774
2775 /* reconfigure dlci for network */
2776 dlci->prev_adaption = dlci->adaption;
2777 dlci->prev_data = dlci->data;
2778 dlci->adaption = nc->adaption;
2779 dlci->data = gsm_mux_rx_netchar;
2780 dlci->net = net;
2781
2782 pr_debug("register netdev");
2783 retval = register_netdev(net);
2784 if (retval) {
2785 pr_err("network register fail %d\n", retval);
2786 dlci_net_free(dlci);
2787 return retval;
2788 }
2789 return net->ifindex; /* return network index */
2790}
e1eaea46
AC		 2791
2792/* Line discipline for real tty */
2793struct tty_ldisc_ops tty_ldisc_packet = {
2794 .owner = THIS_MODULE,
2795 .magic = TTY_LDISC_MAGIC,
2796 .name = "n_gsm",
2797 .open = gsmld_open,
2798 .close = gsmld_close,
2799 .flush_buffer = gsmld_flush_buffer,
2800 .chars_in_buffer = gsmld_chars_in_buffer,
2801 .read = gsmld_read,
2802 .write = gsmld_write,
2803 .ioctl = gsmld_ioctl,
2804 .poll = gsmld_poll,
2805 .receive_buf = gsmld_receive_buf,
2806 .write_wakeup = gsmld_write_wakeup
2807};
2808
2809/*
2810 * Virtual tty side
2811 */
2812
2813#define TX_SIZE 512
2814
2815static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2816{
2817 u8 modembits[5];
2818 struct gsm_control *ctrl;
2819 int len = 2;
2820
2821 if (brk)
2822 len++;
2823
2824 modembits[0] = len << 1 | EA; /* Data bytes */
2825 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */
2826 modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2827 if (brk)
2828 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */
2829 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2830 if (ctrl == NULL)
2831 return -ENOMEM;
2832 return gsm_control_wait(dlci->gsm, ctrl);
2833}
2834
2835static int gsm_carrier_raised(struct tty_port *port)
2836{
2837 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2838 /* Not yet open so no carrier info */
2839 if (dlci->state != DLCI_OPEN)
2840 return 0;
2841 if (debug & 2)
2842 return 1;
2843 return dlci->modem_rx & TIOCM_CD;
2844}
2845
2846static void gsm_dtr_rts(struct tty_port *port, int onoff)
2847{
2848 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2849 unsigned int modem_tx = dlci->modem_tx;
2850 if (onoff)
2851 modem_tx |= TIOCM_DTR | TIOCM_RTS;
2852 else
2853 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2854 if (modem_tx != dlci->modem_tx) {
2855 dlci->modem_tx = modem_tx;
2856 gsmtty_modem_update(dlci, 0);
2857 }
2858}
2859
2860static const struct tty_port_operations gsm_port_ops = {
2861 .carrier_raised = gsm_carrier_raised,
2862 .dtr_rts = gsm_dtr_rts,
2863};
2864
2865
2866static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2867{
2868 struct gsm_mux *gsm;
2869 struct gsm_dlci *dlci;
2870 struct tty_port *port;
2871 unsigned int line = tty->index;
2872 unsigned int mux = line >> 6;
2873
2874 line = line & 0x3F;
2875
2876 if (mux >= MAX_MUX)
2877 return -ENXIO;
2878 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2879 if (gsm_mux[mux] == NULL)
2880 return -EUNATCH;
2881 if (line == 0 || line > 61) /* 62/63 reserved */
2882 return -ECHRNG;
2883 gsm = gsm_mux[mux];
2884 if (gsm->dead)
2885 return -EL2HLT;
2886 dlci = gsm->dlci[line];
2887 if (dlci == NULL)
2888 dlci = gsm_dlci_alloc(gsm, line);
2889 if (dlci == NULL)
2890 return -ENOMEM;
2891 port = &dlci->port;
2892 port->count++;
2893 tty->driver_data = dlci;
6ab8fba7
RG		 2894 dlci_get(dlci);
2895 dlci_get(dlci->gsm->dlci[0]);
2896 mux_get(dlci->gsm);
e1eaea46
AC		 2897 tty_port_tty_set(port, tty);
2898
2899 dlci->modem_rx = 0;
2900 /* We could in theory open and close before we wait - eg if we get
2901 a DM straight back. This is ok as that will have caused a hangup */
2902 set_bit(ASYNCB_INITIALIZED, &port->flags);
2903 /* Start sending off SABM messages */
2904 gsm_dlci_begin_open(dlci);
2905 /* And wait for virtual carrier */
2906 return tty_port_block_til_ready(port, tty, filp);
2907}
2908
2909static void gsmtty_close(struct tty_struct *tty, struct file *filp)
2910{
2911 struct gsm_dlci *dlci = tty->driver_data;
6ab8fba7
RG		 2912 struct gsm_mux *gsm;
2913
e1eaea46
AC		 2914 if (dlci == NULL)
2915 return;
bcd5abe2
RG		 2916 mutex_lock(&dlci->mutex);
2917 gsm_destroy_network(dlci);
2918 mutex_unlock(&dlci->mutex);
6ab8fba7 2919 gsm = dlci->gsm;
e1eaea46 2920 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
6ab8fba7 2921 goto out;
e1eaea46
AC		 2922 gsm_dlci_begin_close(dlci);
2923 tty_port_close_end(&dlci->port, tty);
2924 tty_port_tty_set(&dlci->port, NULL);
6ab8fba7
RG		 2925out:
2926 dlci_put(dlci);
2927 dlci_put(gsm->dlci[0]);
2928 mux_put(gsm);
e1eaea46
AC		 2929}
2930
2931static void gsmtty_hangup(struct tty_struct *tty)
2932{
2933 struct gsm_dlci *dlci = tty->driver_data;
2934 tty_port_hangup(&dlci->port);
2935 gsm_dlci_begin_close(dlci);
2936}
2937
2938static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
2939 int len)
2940{
2941 struct gsm_dlci *dlci = tty->driver_data;
2942 /* Stuff the bytes into the fifo queue */
2943 int sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock);
2944 /* Need to kick the channel */
2945 gsm_dlci_data_kick(dlci);
2946 return sent;
2947}
2948
2949static int gsmtty_write_room(struct tty_struct *tty)
2950{
2951 struct gsm_dlci *dlci = tty->driver_data;
2952 return TX_SIZE - kfifo_len(dlci->fifo);
2953}
2954
2955static int gsmtty_chars_in_buffer(struct tty_struct *tty)
2956{
2957 struct gsm_dlci *dlci = tty->driver_data;
2958 return kfifo_len(dlci->fifo);
2959}
2960
2961static void gsmtty_flush_buffer(struct tty_struct *tty)
2962{
2963 struct gsm_dlci *dlci = tty->driver_data;
2964 /* Caution needed: If we implement reliable transport classes
2965 then the data being transmitted can't simply be junked once
2966 it has first hit the stack. Until then we can just blow it
2967 away */
2968 kfifo_reset(dlci->fifo);
2969 /* Need to unhook this DLCI from the transmit queue logic */
2970}
2971
2972static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
2973{
2974 /* The FIFO handles the queue so the kernel will do the right
2975 thing waiting on chars_in_buffer before calling us. No work
2976 to do here */
2977}
2978
60b33c13 2979static int gsmtty_tiocmget(struct tty_struct *tty)
e1eaea46
AC		 2980{
2981 struct gsm_dlci *dlci = tty->driver_data;
2982 return dlci->modem_rx;
2983}
2984
20b9d177 2985static int gsmtty_tiocmset(struct tty_struct *tty,
e1eaea46
AC		 2986 unsigned int set, unsigned int clear)
2987{
2988 struct gsm_dlci *dlci = tty->driver_data;
2989 unsigned int modem_tx = dlci->modem_tx;
2990
cf16807b 2991 modem_tx &= ~clear;
e1eaea46
AC		 2992 modem_tx |= set;
2993
2994 if (modem_tx != dlci->modem_tx) {
2995 dlci->modem_tx = modem_tx;
2996 return gsmtty_modem_update(dlci, 0);
2997 }
2998 return 0;
2999}
3000
3001
6caa76b7 3002static int gsmtty_ioctl(struct tty_struct *tty,
e1eaea46
AC		 3003 unsigned int cmd, unsigned long arg)
3004{
bcd5abe2
RG		 3005 struct gsm_dlci *dlci = tty->driver_data;
3006 struct gsm_netconfig nc;
3007 int index;
3008
3009 switch (cmd) {
3010 case GSMIOC_ENABLE_NET:
3011 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3012 return -EFAULT;
3013 nc.if_name[IFNAMSIZ-1] = '\0';
3014 /* return net interface index or error code */
3015 mutex_lock(&dlci->mutex);
3016 index = gsm_create_network(dlci, &nc);
3017 mutex_unlock(&dlci->mutex);
3018 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3019 return -EFAULT;
3020 return index;
3021 case GSMIOC_DISABLE_NET:
3022 if (!capable(CAP_NET_ADMIN))
3023 return -EPERM;
3024 mutex_lock(&dlci->mutex);
3025 gsm_destroy_network(dlci);
3026 mutex_unlock(&dlci->mutex);
3027 return 0;
3028 default:
3029 return -ENOIOCTLCMD;
3030 }
e1eaea46
AC		 3031}
3032
3033static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3034{
3035 /* For the moment its fixed. In actual fact the speed information
3036 for the virtual channel can be propogated in both directions by
3037 the RPN control message. This however rapidly gets nasty as we
3038 then have to remap modem signals each way according to whether
3039 our virtual cable is null modem etc .. */
3040 tty_termios_copy_hw(tty->termios, old);
3041}
3042
3043static void gsmtty_throttle(struct tty_struct *tty)
3044{
3045 struct gsm_dlci *dlci = tty->driver_data;
3046 if (tty->termios->c_cflag & CRTSCTS)
3047 dlci->modem_tx &= ~TIOCM_DTR;
3048 dlci->throttled = 1;
3049 /* Send an MSC with DTR cleared */
3050 gsmtty_modem_update(dlci, 0);
3051}
3052
3053static void gsmtty_unthrottle(struct tty_struct *tty)
3054{
3055 struct gsm_dlci *dlci = tty->driver_data;
3056 if (tty->termios->c_cflag & CRTSCTS)
3057 dlci->modem_tx |= TIOCM_DTR;
3058 dlci->throttled = 0;
3059 /* Send an MSC with DTR set */
3060 gsmtty_modem_update(dlci, 0);
3061}
3062
3063static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3064{
3065 struct gsm_dlci *dlci = tty->driver_data;
3066 int encode = 0; /* Off */
3067
3068 if (state == -1) /* "On indefinitely" - we can't encode this
3069 properly */
3070 encode = 0x0F;
3071 else if (state > 0) {
3072 encode = state / 200; /* mS to encoding */
3073 if (encode > 0x0F)
3074 encode = 0x0F; /* Best effort */
3075 }
3076 return gsmtty_modem_update(dlci, encode);
3077}
3078
e1eaea46
AC		 3079
3080/* Virtual ttys for the demux */
3081static const struct tty_operations gsmtty_ops = {
3082 .open = gsmtty_open,
3083 .close = gsmtty_close,
3084 .write = gsmtty_write,
3085 .write_room = gsmtty_write_room,
3086 .chars_in_buffer = gsmtty_chars_in_buffer,
3087 .flush_buffer = gsmtty_flush_buffer,
3088 .ioctl = gsmtty_ioctl,
3089 .throttle = gsmtty_throttle,
3090 .unthrottle = gsmtty_unthrottle,
3091 .set_termios = gsmtty_set_termios,
3092 .hangup = gsmtty_hangup,
3093 .wait_until_sent = gsmtty_wait_until_sent,
3094 .tiocmget = gsmtty_tiocmget,
3095 .tiocmset = gsmtty_tiocmset,
3096 .break_ctl = gsmtty_break_ctl,
3097};
3098
3099
3100
3101static int __init gsm_init(void)
3102{
3103 /* Fill in our line protocol discipline, and register it */
3104 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3105 if (status != 0) {
5f9a31d6
AC		 3106 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3107 status);
e1eaea46
AC		 3108 return status;
3109 }
3110
3111 gsm_tty_driver = alloc_tty_driver(256);
3112 if (!gsm_tty_driver) {
3113 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3114 pr_err("gsm_init: tty allocation failed.\n");
e1eaea46
AC		 3115 return -EINVAL;
3116 }
3117 gsm_tty_driver->owner = THIS_MODULE;
3118 gsm_tty_driver->driver_name = "gsmtty";
3119 gsm_tty_driver->name = "gsmtty";
3120 gsm_tty_driver->major = 0; /* Dynamic */
3121 gsm_tty_driver->minor_start = 0;
3122 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3123 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3124 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
5f9a31d6 3125 | TTY_DRIVER_HARDWARE_BREAK;
e1eaea46
AC		 3126 gsm_tty_driver->init_termios = tty_std_termios;
3127 /* Fixme */
3128 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3129 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3130
3131 spin_lock_init(&gsm_mux_lock);
3132
3133 if (tty_register_driver(gsm_tty_driver)) {
3134 put_tty_driver(gsm_tty_driver);
3135 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3136 pr_err("gsm_init: tty registration failed.\n");
e1eaea46
AC		 3137 return -EBUSY;
3138 }
5f9a31d6
AC		 3139 pr_debug("gsm_init: loaded as %d,%d.\n",
3140 gsm_tty_driver->major, gsm_tty_driver->minor_start);
e1eaea46
AC		 3141 return 0;
3142}
3143
3144static void __exit gsm_exit(void)
3145{
3146 int status = tty_unregister_ldisc(N_GSM0710);
3147 if (status != 0)
5f9a31d6
AC		 3148 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3149 status);
e1eaea46
AC		 3150 tty_unregister_driver(gsm_tty_driver);
3151 put_tty_driver(gsm_tty_driver);
e1eaea46
AC		 3152}
3153
3154module_init(gsm_init);
3155module_exit(gsm_exit);
3156
3157
3158MODULE_LICENSE("GPL");
3159MODULE_ALIAS_LDISC(N_GSM0710);
Ubuntu Artful kernel mirror