1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * TO DO:
9 * Mostly done: ioctls for setting modes/timing
10 * Partly done: hooks so you can pull off frames to non tty devs
11 * Restart DLCI 0 when it closes ?
12 * Improve the tx engine
13 * Resolve tx side locking by adding a queue_head and routing
14 * all control traffic via it
15 * General tidy/document
16 * Review the locking/move to refcounts more (mux now moved to an
17 * alloc/free model ready)
18 * Use newest tty open/close port helpers and install hooks
19 * What to do about power functions ?
20 * Termios setting and negotiation
21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
22 *
23 */
24
25 #include <linux/types.h>
26 #include <linux/major.h>
27 #include <linux/errno.h>
28 #include <linux/signal.h>
29 #include <linux/fcntl.h>
30 #include <linux/sched/signal.h>
31 #include <linux/interrupt.h>
32 #include <linux/tty.h>
33 #include <linux/ctype.h>
34 #include <linux/mm.h>
35 #include <linux/string.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/bitops.h>
39 #include <linux/file.h>
40 #include <linux/uaccess.h>
41 #include <linux/module.h>
42 #include <linux/timer.h>
43 #include <linux/tty_flip.h>
44 #include <linux/tty_driver.h>
45 #include <linux/serial.h>
46 #include <linux/kfifo.h>
47 #include <linux/skbuff.h>
48 #include <net/arp.h>
49 #include <linux/ip.h>
50 #include <linux/netdevice.h>
51 #include <linux/etherdevice.h>
52 #include <linux/gsmmux.h>
53 #include "tty.h"
54
55 static int debug;
56 module_param(debug, int, 0600);
57
58 /* Defaults: these are from the specification */
59
60 #define T1 10 /* 100mS */
61 #define T2 34 /* 333mS */
62 #define N2 3 /* Retry 3 times */
63
64 /* Use long timers for testing at low speed with debug on */
65 #ifdef DEBUG_TIMING
66 #define T1 100
67 #define T2 200
68 #endif
69
70 /*
71 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
72 * limits so this is plenty
73 */
74 #define MAX_MRU 1500
75 #define MAX_MTU 1500
76 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
77 #define PROT_OVERHEAD 7
78 #define GSM_NET_TX_TIMEOUT (HZ*10)
79
80 /**
81 * struct gsm_mux_net - network interface
82 *
83 * Created when net interface is initialized.
84 */
85 struct gsm_mux_net {
86 struct kref ref;
87 struct gsm_dlci *dlci;
88 };
89
90 /*
91 * Each block of data we have queued to go out is in the form of
92 * a gsm_msg which holds everything we need in a link layer independent
93 * format
94 */
95
96 struct gsm_msg {
97 struct list_head list;
98 u8 addr; /* DLCI address + flags */
99 u8 ctrl; /* Control byte + flags */
100 unsigned int len; /* Length of data block (can be zero) */
101 unsigned char *data; /* Points into buffer but not at the start */
102 unsigned char buffer[];
103 };
104
105 enum gsm_dlci_state {
106 DLCI_CLOSED,
107 DLCI_OPENING, /* Sending SABM not seen UA */
108 DLCI_OPEN, /* SABM/UA complete */
109 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
110 };
111
112 enum gsm_dlci_mode {
113 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
114 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
115 };
116
117 /*
118 * Each active data link has a gsm_dlci structure associated which ties
119 * the link layer to an optional tty (if the tty side is open). To avoid
120 * complexity right now these are only ever freed up when the mux is
121 * shut down.
122 *
123 * At the moment we don't free DLCI objects until the mux is torn down
124 * this avoid object life time issues but might be worth review later.
125 */
126
127 struct gsm_dlci {
128 struct gsm_mux *gsm;
129 int addr;
130 enum gsm_dlci_state state;
131 struct mutex mutex;
132
133 /* Link layer */
134 enum gsm_dlci_mode mode;
135 spinlock_t lock; /* Protects the internal state */
136 struct timer_list t1; /* Retransmit timer for SABM and UA */
137 int retries;
138 /* Uplink tty if active */
139 struct tty_port port; /* The tty bound to this DLCI if there is one */
140 struct kfifo fifo; /* Queue fifo for the DLCI */
141 int adaption; /* Adaption layer in use */
142 int prev_adaption;
143 u32 modem_rx; /* Our incoming virtual modem lines */
144 u32 modem_tx; /* Our outgoing modem lines */
145 bool dead; /* Refuse re-open */
146 /* Flow control */
147 bool throttled; /* Private copy of throttle state */
148 bool constipated; /* Throttle status for outgoing */
149 /* Packetised I/O */
150 struct sk_buff *skb; /* Frame being sent */
151 struct sk_buff_head skb_list; /* Queued frames */
152 /* Data handling callback */
153 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
154 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
155 struct net_device *net; /* network interface, if created */
156 };
157
158 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
159
160 #define NUM_DLCI 64
161
162 /*
163 * DLCI 0 is used to pass control blocks out of band of the data
164 * flow (and with a higher link priority). One command can be outstanding
165 * at a time and we use this structure to manage them. They are created
166 * and destroyed by the user context, and updated by the receive paths
167 * and timers
168 */
169
170 struct gsm_control {
171 u8 cmd; /* Command we are issuing */
172 u8 *data; /* Data for the command in case we retransmit */
173 int len; /* Length of block for retransmission */
174 int done; /* Done flag */
175 int error; /* Error if any */
176 };
177
178 enum gsm_mux_state {
179 GSM_SEARCH,
180 GSM_START,
181 GSM_ADDRESS,
182 GSM_CONTROL,
183 GSM_LEN,
184 GSM_DATA,
185 GSM_FCS,
186 GSM_OVERRUN,
187 GSM_LEN0,
188 GSM_LEN1,
189 GSM_SSOF,
190 };
191
192 /*
193 * Each GSM mux we have is represented by this structure. If we are
194 * operating as an ldisc then we use this structure as our ldisc
195 * state. We need to sort out lifetimes and locking with respect
196 * to the gsm mux array. For now we don't free DLCI objects that
197 * have been instantiated until the mux itself is terminated.
198 *
199 * To consider further: tty open versus mux shutdown.
200 */
201
202 struct gsm_mux {
203 struct tty_struct *tty; /* The tty our ldisc is bound to */
204 spinlock_t lock;
205 struct mutex mutex;
206 unsigned int num;
207 struct kref ref;
208
209 /* Events on the GSM channel */
210 wait_queue_head_t event;
211
212 /* Bits for GSM mode decoding */
213
214 /* Framing Layer */
215 unsigned char *buf;
216 enum gsm_mux_state state;
217 unsigned int len;
218 unsigned int address;
219 unsigned int count;
220 bool escape;
221 int encoding;
222 u8 control;
223 u8 fcs;
224 u8 received_fcs;
225 u8 *txframe; /* TX framing buffer */
226
227 /* Method for the receiver side */
228 void (*receive)(struct gsm_mux *gsm, u8 ch);
229
230 /* Link Layer */
231 unsigned int mru;
232 unsigned int mtu;
233 int initiator; /* Did we initiate connection */
234 bool dead; /* Has the mux been shut down */
235 struct gsm_dlci *dlci[NUM_DLCI];
236 int old_c_iflag; /* termios c_iflag value before attach */
237 bool constipated; /* Asked by remote to shut up */
238 bool has_devices; /* Devices were registered */
239
240 spinlock_t tx_lock;
241 unsigned int tx_bytes; /* TX data outstanding */
242 #define TX_THRESH_HI 8192
243 #define TX_THRESH_LO 2048
244 struct list_head tx_list; /* Pending data packets */
245
246 /* Control messages */
247 struct timer_list t2_timer; /* Retransmit timer for commands */
248 int cretries; /* Command retry counter */
249 struct gsm_control *pending_cmd;/* Our current pending command */
250 spinlock_t control_lock; /* Protects the pending command */
251
252 /* Configuration */
253 int adaption; /* 1 or 2 supported */
254 u8 ftype; /* UI or UIH */
255 int t1, t2; /* Timers in 1/100th of a sec */
256 int n2; /* Retry count */
257
258 /* Statistics (not currently exposed) */
259 unsigned long bad_fcs;
260 unsigned long malformed;
261 unsigned long io_error;
262 unsigned long bad_size;
263 unsigned long unsupported;
264 };
265
266
267 /*
268 * Mux objects - needed so that we can translate a tty index into the
269 * relevant mux and DLCI.
270 */
271
272 #define MAX_MUX 4 /* 256 minors */
273 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
274 static spinlock_t gsm_mux_lock;
275
276 static struct tty_driver *gsm_tty_driver;
277
278 /*
279 * This section of the driver logic implements the GSM encodings
280 * both the basic and the 'advanced'. Reliable transport is not
281 * supported.
282 */
283
284 #define CR 0x02
285 #define EA 0x01
286 #define PF 0x10
287
288 /* I is special: the rest are ..*/
289 #define RR 0x01
290 #define UI 0x03
291 #define RNR 0x05
292 #define REJ 0x09
293 #define DM 0x0F
294 #define SABM 0x2F
295 #define DISC 0x43
296 #define UA 0x63
297 #define UIH 0xEF
298
299 /* Channel commands */
300 #define CMD_NSC 0x09
301 #define CMD_TEST 0x11
302 #define CMD_PSC 0x21
303 #define CMD_RLS 0x29
304 #define CMD_FCOFF 0x31
305 #define CMD_PN 0x41
306 #define CMD_RPN 0x49
307 #define CMD_FCON 0x51
308 #define CMD_CLD 0x61
309 #define CMD_SNC 0x69
310 #define CMD_MSC 0x71
311
312 /* Virtual modem bits */
313 #define MDM_FC 0x01
314 #define MDM_RTC 0x02
315 #define MDM_RTR 0x04
316 #define MDM_IC 0x20
317 #define MDM_DV 0x40
318
319 #define GSM0_SOF 0xF9
320 #define GSM1_SOF 0x7E
321 #define GSM1_ESCAPE 0x7D
322 #define GSM1_ESCAPE_BITS 0x20
323 #define XON 0x11
324 #define XOFF 0x13
325 #define ISO_IEC_646_MASK 0x7F
326
327 static const struct tty_port_operations gsm_port_ops;
328
329 /*
330 * CRC table for GSM 0710
331 */
332
333 static const u8 gsm_fcs8[256] = {
334 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
335 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
336 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
337 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
338 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
339 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
340 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
341 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
342 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
343 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
344 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
345 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
346 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
347 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
348 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
349 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
350 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
351 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
352 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
353 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
354 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
355 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
356 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
357 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
358 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
359 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
360 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
361 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
362 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
363 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
364 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
365 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
366 };
367
368 #define INIT_FCS 0xFF
369 #define GOOD_FCS 0xCF
370
371 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
372
373 /**
374 * gsm_fcs_add - update FCS
375 * @fcs: Current FCS
376 * @c: Next data
377 *
378 * Update the FCS to include c. Uses the algorithm in the specification
379 * notes.
380 */
381
gsm_fcs_add(u8 fcs,u8 c)382 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
383 {
384 return gsm_fcs8[fcs ^ c];
385 }
386
387 /**
388 * gsm_fcs_add_block - update FCS for a block
389 * @fcs: Current FCS
390 * @c: buffer of data
391 * @len: length of buffer
392 *
393 * Update the FCS to include c. Uses the algorithm in the specification
394 * notes.
395 */
396
gsm_fcs_add_block(u8 fcs,u8 * c,int len)397 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
398 {
399 while (len--)
400 fcs = gsm_fcs8[fcs ^ *c++];
401 return fcs;
402 }
403
404 /**
405 * gsm_read_ea - read a byte into an EA
406 * @val: variable holding value
407 * @c: byte going into the EA
408 *
409 * Processes one byte of an EA. Updates the passed variable
410 * and returns 1 if the EA is now completely read
411 */
412
gsm_read_ea(unsigned int * val,u8 c)413 static int gsm_read_ea(unsigned int *val, u8 c)
414 {
415 /* Add the next 7 bits into the value */
416 *val <<= 7;
417 *val |= c >> 1;
418 /* Was this the last byte of the EA 1 = yes*/
419 return c & EA;
420 }
421
422 /**
423 * gsm_read_ea_val - read a value until EA
424 * @val: variable holding value
425 * @data: buffer of data
426 * @dlen: length of data
427 *
428 * Processes an EA value. Updates the passed variable and
429 * returns the processed data length.
430 */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)431 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
432 {
433 unsigned int len = 0;
434
435 for (; dlen > 0; dlen--) {
436 len++;
437 if (gsm_read_ea(val, *data++))
438 break;
439 }
440 return len;
441 }
442
443 /**
444 * gsm_encode_modem - encode modem data bits
445 * @dlci: DLCI to encode from
446 *
447 * Returns the correct GSM encoded modem status bits (6 bit field) for
448 * the current status of the DLCI and attached tty object
449 */
450
gsm_encode_modem(const struct gsm_dlci * dlci)451 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
452 {
453 u8 modembits = 0;
454 /* FC is true flow control not modem bits */
455 if (dlci->throttled)
456 modembits |= MDM_FC;
457 if (dlci->modem_tx & TIOCM_DTR)
458 modembits |= MDM_RTC;
459 if (dlci->modem_tx & TIOCM_RTS)
460 modembits |= MDM_RTR;
461 if (dlci->modem_tx & TIOCM_RI)
462 modembits |= MDM_IC;
463 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
464 modembits |= MDM_DV;
465 return modembits;
466 }
467
468 /**
469 * gsm_register_devices - register all tty devices for a given mux index
470 *
471 * @driver: the tty driver that describes the tty devices
472 * @index: the mux number is used to calculate the minor numbers of the
473 * ttys for this mux and may differ from the position in the
474 * mux array.
475 */
gsm_register_devices(struct tty_driver * driver,unsigned int index)476 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
477 {
478 struct device *dev;
479 int i;
480 unsigned int base;
481
482 if (!driver || index >= MAX_MUX)
483 return -EINVAL;
484
485 base = index * NUM_DLCI; /* first minor for this index */
486 for (i = 1; i < NUM_DLCI; i++) {
487 /* Don't register device 0 - this is the control channel
488 * and not a usable tty interface
489 */
490 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
491 if (IS_ERR(dev)) {
492 if (debug & 8)
493 pr_info("%s failed to register device minor %u",
494 __func__, base + i);
495 for (i--; i >= 1; i--)
496 tty_unregister_device(gsm_tty_driver, base + i);
497 return PTR_ERR(dev);
498 }
499 }
500
501 return 0;
502 }
503
504 /**
505 * gsm_unregister_devices - unregister all tty devices for a given mux index
506 *
507 * @driver: the tty driver that describes the tty devices
508 * @index: the mux number is used to calculate the minor numbers of the
509 * ttys for this mux and may differ from the position in the
510 * mux array.
511 */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)512 static void gsm_unregister_devices(struct tty_driver *driver,
513 unsigned int index)
514 {
515 int i;
516 unsigned int base;
517
518 if (!driver || index >= MAX_MUX)
519 return;
520
521 base = index * NUM_DLCI; /* first minor for this index */
522 for (i = 1; i < NUM_DLCI; i++) {
523 /* Don't unregister device 0 - this is the control
524 * channel and not a usable tty interface
525 */
526 tty_unregister_device(gsm_tty_driver, base + i);
527 }
528 }
529
530 /**
531 * gsm_print_packet - display a frame for debug
532 * @hdr: header to print before decode
533 * @addr: address EA from the frame
534 * @cr: C/R bit from the frame
535 * @control: control including PF bit
536 * @data: following data bytes
537 * @dlen: length of data
538 *
539 * Displays a packet in human readable format for debugging purposes. The
540 * style is based on amateur radio LAP-B dump display.
541 */
542
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)543 static void gsm_print_packet(const char *hdr, int addr, int cr,
544 u8 control, const u8 *data, int dlen)
545 {
546 if (!(debug & 1))
547 return;
548
549 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
550
551 switch (control & ~PF) {
552 case SABM:
553 pr_cont("SABM");
554 break;
555 case UA:
556 pr_cont("UA");
557 break;
558 case DISC:
559 pr_cont("DISC");
560 break;
561 case DM:
562 pr_cont("DM");
563 break;
564 case UI:
565 pr_cont("UI");
566 break;
567 case UIH:
568 pr_cont("UIH");
569 break;
570 default:
571 if (!(control & 0x01)) {
572 pr_cont("I N(S)%d N(R)%d",
573 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
574 } else switch (control & 0x0F) {
575 case RR:
576 pr_cont("RR(%d)", (control & 0xE0) >> 5);
577 break;
578 case RNR:
579 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
580 break;
581 case REJ:
582 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
583 break;
584 default:
585 pr_cont("[%02X]", control);
586 }
587 }
588
589 if (control & PF)
590 pr_cont("(P)");
591 else
592 pr_cont("(F)");
593
594 print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen);
595 }
596
597
598 /*
599 * Link level transmission side
600 */
601
602 /**
603 * gsm_stuff_packet - bytestuff a packet
604 * @input: input buffer
605 * @output: output buffer
606 * @len: length of input
607 *
608 * Expand a buffer by bytestuffing it. The worst case size change
609 * is doubling and the caller is responsible for handing out
610 * suitable sized buffers.
611 */
612
gsm_stuff_frame(const u8 * input,u8 * output,int len)613 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
614 {
615 int olen = 0;
616 while (len--) {
617 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
618 || (*input & ISO_IEC_646_MASK) == XON
619 || (*input & ISO_IEC_646_MASK) == XOFF) {
620 *output++ = GSM1_ESCAPE;
621 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
622 olen++;
623 } else
624 *output++ = *input++;
625 olen++;
626 }
627 return olen;
628 }
629
630 /**
631 * gsm_send - send a control frame
632 * @gsm: our GSM mux
633 * @addr: address for control frame
634 * @cr: command/response bit
635 * @control: control byte including PF bit
636 *
637 * Format up and transmit a control frame. These do not go via the
638 * queueing logic as they should be transmitted ahead of data when
639 * they are needed.
640 *
641 * FIXME: Lock versus data TX path
642 */
643
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)644 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
645 {
646 int len;
647 u8 cbuf[10];
648 u8 ibuf[3];
649
650 switch (gsm->encoding) {
651 case 0:
652 cbuf[0] = GSM0_SOF;
653 cbuf[1] = (addr << 2) | (cr << 1) | EA;
654 cbuf[2] = control;
655 cbuf[3] = EA; /* Length of data = 0 */
656 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
657 cbuf[5] = GSM0_SOF;
658 len = 6;
659 break;
660 case 1:
661 case 2:
662 /* Control frame + packing (but not frame stuffing) in mode 1 */
663 ibuf[0] = (addr << 2) | (cr << 1) | EA;
664 ibuf[1] = control;
665 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
666 /* Stuffing may double the size worst case */
667 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
668 /* Now add the SOF markers */
669 cbuf[0] = GSM1_SOF;
670 cbuf[len + 1] = GSM1_SOF;
671 /* FIXME: we can omit the lead one in many cases */
672 len += 2;
673 break;
674 default:
675 WARN_ON(1);
676 return;
677 }
678 gsmld_output(gsm, cbuf, len);
679 gsm_print_packet("-->", addr, cr, control, NULL, 0);
680 }
681
682 /**
683 * gsm_response - send a control response
684 * @gsm: our GSM mux
685 * @addr: address for control frame
686 * @control: control byte including PF bit
687 *
688 * Format up and transmit a link level response frame.
689 */
690
gsm_response(struct gsm_mux * gsm,int addr,int control)691 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
692 {
693 gsm_send(gsm, addr, 0, control);
694 }
695
696 /**
697 * gsm_command - send a control command
698 * @gsm: our GSM mux
699 * @addr: address for control frame
700 * @control: control byte including PF bit
701 *
702 * Format up and transmit a link level command frame.
703 */
704
gsm_command(struct gsm_mux * gsm,int addr,int control)705 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
706 {
707 gsm_send(gsm, addr, 1, control);
708 }
709
710 /* Data transmission */
711
712 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
713
714 /**
715 * gsm_data_alloc - allocate data frame
716 * @gsm: GSM mux
717 * @addr: DLCI address
718 * @len: length excluding header and FCS
719 * @ctrl: control byte
720 *
721 * Allocate a new data buffer for sending frames with data. Space is left
722 * at the front for header bytes but that is treated as an implementation
723 * detail and not for the high level code to use
724 */
725
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)726 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
727 u8 ctrl)
728 {
729 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
730 GFP_ATOMIC);
731 if (m == NULL)
732 return NULL;
733 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
734 m->len = len;
735 m->addr = addr;
736 m->ctrl = ctrl;
737 INIT_LIST_HEAD(&m->list);
738 return m;
739 }
740
741 /**
742 * gsm_is_flow_ctrl_msg - checks if flow control message
743 * @msg: message to check
744 *
745 * Returns true if the given message is a flow control command of the
746 * control channel. False is returned in any other case.
747 */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)748 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
749 {
750 unsigned int cmd;
751
752 if (msg->addr > 0)
753 return false;
754
755 switch (msg->ctrl & ~PF) {
756 case UI:
757 case UIH:
758 cmd = 0;
759 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
760 break;
761 switch (cmd & ~PF) {
762 case CMD_FCOFF:
763 case CMD_FCON:
764 return true;
765 }
766 break;
767 }
768
769 return false;
770 }
771
772 /**
773 * gsm_data_kick - poke the queue
774 * @gsm: GSM Mux
775 *
776 * The tty device has called us to indicate that room has appeared in
777 * the transmit queue. Ram more data into the pipe if we have any
778 * If we have been flow-stopped by a CMD_FCOFF, then we can only
779 * send messages on DLCI0 until CMD_FCON
780 *
781 * FIXME: lock against link layer control transmissions
782 */
783
gsm_data_kick(struct gsm_mux * gsm,struct gsm_dlci * dlci)784 static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
785 {
786 struct gsm_msg *msg, *nmsg;
787 int len;
788
789 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
790 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
791 continue;
792 if (gsm->encoding != 0) {
793 gsm->txframe[0] = GSM1_SOF;
794 len = gsm_stuff_frame(msg->data,
795 gsm->txframe + 1, msg->len);
796 gsm->txframe[len + 1] = GSM1_SOF;
797 len += 2;
798 } else {
799 gsm->txframe[0] = GSM0_SOF;
800 memcpy(gsm->txframe + 1 , msg->data, msg->len);
801 gsm->txframe[msg->len + 1] = GSM0_SOF;
802 len = msg->len + 2;
803 }
804
805 if (debug & 4)
806 print_hex_dump_bytes("gsm_data_kick: ",
807 DUMP_PREFIX_OFFSET,
808 gsm->txframe, len);
809 if (gsmld_output(gsm, gsm->txframe, len) < 0)
810 break;
811 /* FIXME: Can eliminate one SOF in many more cases */
812 gsm->tx_bytes -= msg->len;
813
814 list_del(&msg->list);
815 kfree(msg);
816
817 if (dlci) {
818 tty_port_tty_wakeup(&dlci->port);
819 } else {
820 int i = 0;
821
822 for (i = 0; i < NUM_DLCI; i++)
823 if (gsm->dlci[i])
824 tty_port_tty_wakeup(&gsm->dlci[i]->port);
825 }
826 }
827 }
828
829 /**
830 * __gsm_data_queue - queue a UI or UIH frame
831 * @dlci: DLCI sending the data
832 * @msg: message queued
833 *
834 * Add data to the transmit queue and try and get stuff moving
835 * out of the mux tty if not already doing so. The Caller must hold
836 * the gsm tx lock.
837 */
838
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)839 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
840 {
841 struct gsm_mux *gsm = dlci->gsm;
842 u8 *dp = msg->data;
843 u8 *fcs = dp + msg->len;
844
845 /* Fill in the header */
846 if (gsm->encoding == 0) {
847 if (msg->len < 128)
848 *--dp = (msg->len << 1) | EA;
849 else {
850 *--dp = (msg->len >> 7); /* bits 7 - 15 */
851 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
852 }
853 }
854
855 *--dp = msg->ctrl;
856 if (gsm->initiator)
857 *--dp = (msg->addr << 2) | 2 | EA;
858 else
859 *--dp = (msg->addr << 2) | EA;
860 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
861 /* Ugly protocol layering violation */
862 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
863 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
864 *fcs = 0xFF - *fcs;
865
866 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
867 msg->data, msg->len);
868
869 /* Move the header back and adjust the length, also allow for the FCS
870 now tacked on the end */
871 msg->len += (msg->data - dp) + 1;
872 msg->data = dp;
873
874 /* Add to the actual output queue */
875 list_add_tail(&msg->list, &gsm->tx_list);
876 gsm->tx_bytes += msg->len;
877 gsm_data_kick(gsm, dlci);
878 }
879
880 /**
881 * gsm_data_queue - queue a UI or UIH frame
882 * @dlci: DLCI sending the data
883 * @msg: message queued
884 *
885 * Add data to the transmit queue and try and get stuff moving
886 * out of the mux tty if not already doing so. Take the
887 * the gsm tx lock and dlci lock.
888 */
889
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)890 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
891 {
892 unsigned long flags;
893 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
894 __gsm_data_queue(dlci, msg);
895 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
896 }
897
898 /**
899 * gsm_dlci_data_output - try and push data out of a DLCI
900 * @gsm: mux
901 * @dlci: the DLCI to pull data from
902 *
903 * Pull data from a DLCI and send it into the transmit queue if there
904 * is data. Keep to the MRU of the mux. This path handles the usual tty
905 * interface which is a byte stream with optional modem data.
906 *
907 * Caller must hold the tx_lock of the mux.
908 */
909
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)910 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
911 {
912 struct gsm_msg *msg;
913 u8 *dp;
914 int h, len, size;
915
916 /* for modem bits without break data */
917 h = ((dlci->adaption == 1) ? 0 : 1);
918
919 len = kfifo_len(&dlci->fifo);
920 if (len == 0)
921 return 0;
922
923 /* MTU/MRU count only the data bits but watch adaption mode */
924 if ((len + h) > gsm->mtu)
925 len = gsm->mtu - h;
926
927 size = len + h;
928
929 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
930 /* FIXME: need a timer or something to kick this so it can't
931 * get stuck with no work outstanding and no buffer free
932 */
933 if (!msg)
934 return -ENOMEM;
935 dp = msg->data;
936 switch (dlci->adaption) {
937 case 1: /* Unstructured */
938 break;
939 case 2: /* Unstructured with modem bits.
940 * Always one byte as we never send inline break data
941 */
942 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
943 break;
944 default:
945 pr_err("%s: unsupported adaption %d\n", __func__,
946 dlci->adaption);
947 break;
948 }
949
950 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
951 &dlci->lock));
952
953 /* Notify upper layer about available send space. */
954 tty_port_tty_wakeup(&dlci->port);
955
956 __gsm_data_queue(dlci, msg);
957 /* Bytes of data we used up */
958 return size;
959 }
960
961 /**
962 * gsm_dlci_data_output_framed - try and push data out of a DLCI
963 * @gsm: mux
964 * @dlci: the DLCI to pull data from
965 *
966 * Pull data from a DLCI and send it into the transmit queue if there
967 * is data. Keep to the MRU of the mux. This path handles framed data
968 * queued as skbuffs to the DLCI.
969 *
970 * Caller must hold the tx_lock of the mux.
971 */
972
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)973 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
974 struct gsm_dlci *dlci)
975 {
976 struct gsm_msg *msg;
977 u8 *dp;
978 int len, size;
979 int last = 0, first = 0;
980 int overhead = 0;
981
982 /* One byte per frame is used for B/F flags */
983 if (dlci->adaption == 4)
984 overhead = 1;
985
986 /* dlci->skb is locked by tx_lock */
987 if (dlci->skb == NULL) {
988 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
989 if (dlci->skb == NULL)
990 return 0;
991 first = 1;
992 }
993 len = dlci->skb->len + overhead;
994
995 /* MTU/MRU count only the data bits */
996 if (len > gsm->mtu) {
997 if (dlci->adaption == 3) {
998 /* Over long frame, bin it */
999 dev_kfree_skb_any(dlci->skb);
1000 dlci->skb = NULL;
1001 return 0;
1002 }
1003 len = gsm->mtu;
1004 } else
1005 last = 1;
1006
1007 size = len + overhead;
1008 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1009
1010 /* FIXME: need a timer or something to kick this so it can't
1011 get stuck with no work outstanding and no buffer free */
1012 if (msg == NULL) {
1013 skb_queue_tail(&dlci->skb_list, dlci->skb);
1014 dlci->skb = NULL;
1015 return -ENOMEM;
1016 }
1017 dp = msg->data;
1018
1019 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1020 /* Flag byte to carry the start/end info */
1021 *dp++ = last << 7 | first << 6 | 1; /* EA */
1022 len--;
1023 }
1024 memcpy(dp, dlci->skb->data, len);
1025 skb_pull(dlci->skb, len);
1026 __gsm_data_queue(dlci, msg);
1027 if (last) {
1028 dev_kfree_skb_any(dlci->skb);
1029 dlci->skb = NULL;
1030 }
1031 return size;
1032 }
1033
1034 /**
1035 * gsm_dlci_data_sweep - look for data to send
1036 * @gsm: the GSM mux
1037 *
1038 * Sweep the GSM mux channels in priority order looking for ones with
1039 * data to send. We could do with optimising this scan a bit. We aim
1040 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1041 * TX_THRESH_LO we get called again
1042 *
1043 * FIXME: We should round robin between groups and in theory you can
1044 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1045 */
1046
gsm_dlci_data_sweep(struct gsm_mux * gsm)1047 static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
1048 {
1049 int len;
1050 /* Priority ordering: We should do priority with RR of the groups */
1051 int i = 1;
1052
1053 while (i < NUM_DLCI) {
1054 struct gsm_dlci *dlci;
1055
1056 if (gsm->tx_bytes > TX_THRESH_HI)
1057 break;
1058 dlci = gsm->dlci[i];
1059 if (dlci == NULL || dlci->constipated) {
1060 i++;
1061 continue;
1062 }
1063 if (dlci->adaption < 3 && !dlci->net)
1064 len = gsm_dlci_data_output(gsm, dlci);
1065 else
1066 len = gsm_dlci_data_output_framed(gsm, dlci);
1067 if (len < 0)
1068 break;
1069 /* DLCI empty - try the next */
1070 if (len == 0)
1071 i++;
1072 }
1073 }
1074
1075 /**
1076 * gsm_dlci_data_kick - transmit if possible
1077 * @dlci: DLCI to kick
1078 *
1079 * Transmit data from this DLCI if the queue is empty. We can't rely on
1080 * a tty wakeup except when we filled the pipe so we need to fire off
1081 * new data ourselves in other cases.
1082 */
1083
gsm_dlci_data_kick(struct gsm_dlci * dlci)1084 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1085 {
1086 unsigned long flags;
1087 int sweep;
1088
1089 if (dlci->constipated)
1090 return;
1091
1092 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1093 /* If we have nothing running then we need to fire up */
1094 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1095 if (dlci->gsm->tx_bytes == 0) {
1096 if (dlci->net)
1097 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1098 else
1099 gsm_dlci_data_output(dlci->gsm, dlci);
1100 }
1101 if (sweep)
1102 gsm_dlci_data_sweep(dlci->gsm);
1103 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1104 }
1105
1106 /*
1107 * Control message processing
1108 */
1109
1110
1111 /**
1112 * gsm_control_reply - send a response frame to a control
1113 * @gsm: gsm channel
1114 * @cmd: the command to use
1115 * @data: data to follow encoded info
1116 * @dlen: length of data
1117 *
1118 * Encode up and queue a UI/UIH frame containing our response.
1119 */
1120
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1121 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1122 int dlen)
1123 {
1124 struct gsm_msg *msg;
1125 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1126 if (msg == NULL)
1127 return;
1128 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1129 msg->data[1] = (dlen << 1) | EA;
1130 memcpy(msg->data + 2, data, dlen);
1131 gsm_data_queue(gsm->dlci[0], msg);
1132 }
1133
1134 /**
1135 * gsm_process_modem - process received modem status
1136 * @tty: virtual tty bound to the DLCI
1137 * @dlci: DLCI to affect
1138 * @modem: modem bits (full EA)
1139 *
1140 * Used when a modem control message or line state inline in adaption
1141 * layer 2 is processed. Sort out the local modem state and throttles
1142 */
1143
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int clen)1144 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1145 u32 modem, int clen)
1146 {
1147 int mlines = 0;
1148 u8 brk = 0;
1149 int fc;
1150
1151 /* The modem status command can either contain one octet (v.24 signals)
1152 or two octets (v.24 signals + break signals). The length field will
1153 either be 2 or 3 respectively. This is specified in section
1154 5.4.6.3.7 of the 27.010 mux spec. */
1155
1156 if (clen == 2)
1157 modem = modem & 0x7f;
1158 else {
1159 brk = modem & 0x7f;
1160 modem = (modem >> 7) & 0x7f;
1161 }
1162
1163 /* Flow control/ready to communicate */
1164 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1165 if (fc && !dlci->constipated) {
1166 /* Need to throttle our output on this device */
1167 dlci->constipated = true;
1168 } else if (!fc && dlci->constipated) {
1169 dlci->constipated = false;
1170 gsm_dlci_data_kick(dlci);
1171 }
1172
1173 /* Map modem bits */
1174 if (modem & MDM_RTC)
1175 mlines |= TIOCM_DSR | TIOCM_DTR;
1176 if (modem & MDM_RTR)
1177 mlines |= TIOCM_RTS | TIOCM_CTS;
1178 if (modem & MDM_IC)
1179 mlines |= TIOCM_RI;
1180 if (modem & MDM_DV)
1181 mlines |= TIOCM_CD;
1182
1183 /* Carrier drop -> hangup */
1184 if (tty) {
1185 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1186 if (!C_CLOCAL(tty))
1187 tty_hangup(tty);
1188 }
1189 if (brk & 0x01)
1190 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1191 dlci->modem_rx = mlines;
1192 }
1193
1194 /**
1195 * gsm_control_modem - modem status received
1196 * @gsm: GSM channel
1197 * @data: data following command
1198 * @clen: command length
1199 *
1200 * We have received a modem status control message. This is used by
1201 * the GSM mux protocol to pass virtual modem line status and optionally
1202 * to indicate break signals. Unpack it, convert to Linux representation
1203 * and if need be stuff a break message down the tty.
1204 */
1205
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1206 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1207 {
1208 unsigned int addr = 0;
1209 unsigned int modem = 0;
1210 unsigned int brk = 0;
1211 struct gsm_dlci *dlci;
1212 int len = clen;
1213 const u8 *dp = data;
1214 struct tty_struct *tty;
1215
1216 while (gsm_read_ea(&addr, *dp++) == 0) {
1217 len--;
1218 if (len == 0)
1219 return;
1220 }
1221 /* Must be at least one byte following the EA */
1222 len--;
1223 if (len <= 0)
1224 return;
1225
1226 addr >>= 1;
1227 /* Closed port, or invalid ? */
1228 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1229 return;
1230 dlci = gsm->dlci[addr];
1231
1232 while (gsm_read_ea(&modem, *dp++) == 0) {
1233 len--;
1234 if (len == 0)
1235 return;
1236 }
1237 len--;
1238 if (len > 0) {
1239 while (gsm_read_ea(&brk, *dp++) == 0) {
1240 len--;
1241 if (len == 0)
1242 return;
1243 }
1244 modem <<= 7;
1245 modem |= (brk & 0x7f);
1246 }
1247 tty = tty_port_tty_get(&dlci->port);
1248 gsm_process_modem(tty, dlci, modem, clen);
1249 if (tty) {
1250 tty_wakeup(tty);
1251 tty_kref_put(tty);
1252 }
1253 gsm_control_reply(gsm, CMD_MSC, data, clen);
1254 }
1255
1256 /**
1257 * gsm_control_rls - remote line status
1258 * @gsm: GSM channel
1259 * @data: data bytes
1260 * @clen: data length
1261 *
1262 * The modem sends us a two byte message on the control channel whenever
1263 * it wishes to send us an error state from the virtual link. Stuff
1264 * this into the uplink tty if present
1265 */
1266
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1267 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1268 {
1269 struct tty_port *port;
1270 unsigned int addr = 0;
1271 u8 bits;
1272 int len = clen;
1273 const u8 *dp = data;
1274
1275 while (gsm_read_ea(&addr, *dp++) == 0) {
1276 len--;
1277 if (len == 0)
1278 return;
1279 }
1280 /* Must be at least one byte following ea */
1281 len--;
1282 if (len <= 0)
1283 return;
1284 addr >>= 1;
1285 /* Closed port, or invalid ? */
1286 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1287 return;
1288 /* No error ? */
1289 bits = *dp;
1290 if ((bits & 1) == 0)
1291 return;
1292
1293 port = &gsm->dlci[addr]->port;
1294
1295 if (bits & 2)
1296 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1297 if (bits & 4)
1298 tty_insert_flip_char(port, 0, TTY_PARITY);
1299 if (bits & 8)
1300 tty_insert_flip_char(port, 0, TTY_FRAME);
1301
1302 tty_flip_buffer_push(port);
1303
1304 gsm_control_reply(gsm, CMD_RLS, data, clen);
1305 }
1306
1307 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1308
1309 /**
1310 * gsm_control_message - DLCI 0 control processing
1311 * @gsm: our GSM mux
1312 * @command: the command EA
1313 * @data: data beyond the command/length EAs
1314 * @clen: length
1315 *
1316 * Input processor for control messages from the other end of the link.
1317 * Processes the incoming request and queues a response frame or an
1318 * NSC response if not supported
1319 */
1320
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1321 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1322 const u8 *data, int clen)
1323 {
1324 u8 buf[1];
1325 unsigned long flags;
1326
1327 switch (command) {
1328 case CMD_CLD: {
1329 struct gsm_dlci *dlci = gsm->dlci[0];
1330 /* Modem wishes to close down */
1331 if (dlci) {
1332 dlci->dead = true;
1333 gsm->dead = true;
1334 gsm_dlci_begin_close(dlci);
1335 }
1336 }
1337 break;
1338 case CMD_TEST:
1339 /* Modem wishes to test, reply with the data */
1340 gsm_control_reply(gsm, CMD_TEST, data, clen);
1341 break;
1342 case CMD_FCON:
1343 /* Modem can accept data again */
1344 gsm->constipated = false;
1345 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1346 /* Kick the link in case it is idling */
1347 spin_lock_irqsave(&gsm->tx_lock, flags);
1348 gsm_data_kick(gsm, NULL);
1349 spin_unlock_irqrestore(&gsm->tx_lock, flags);
1350 break;
1351 case CMD_FCOFF:
1352 /* Modem wants us to STFU */
1353 gsm->constipated = true;
1354 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1355 break;
1356 case CMD_MSC:
1357 /* Out of band modem line change indicator for a DLCI */
1358 gsm_control_modem(gsm, data, clen);
1359 break;
1360 case CMD_RLS:
1361 /* Out of band error reception for a DLCI */
1362 gsm_control_rls(gsm, data, clen);
1363 break;
1364 case CMD_PSC:
1365 /* Modem wishes to enter power saving state */
1366 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1367 break;
1368 /* Optional unsupported commands */
1369 case CMD_PN: /* Parameter negotiation */
1370 case CMD_RPN: /* Remote port negotiation */
1371 case CMD_SNC: /* Service negotiation command */
1372 default:
1373 /* Reply to bad commands with an NSC */
1374 buf[0] = command;
1375 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1376 break;
1377 }
1378 }
1379
1380 /**
1381 * gsm_control_response - process a response to our control
1382 * @gsm: our GSM mux
1383 * @command: the command (response) EA
1384 * @data: data beyond the command/length EA
1385 * @clen: length
1386 *
1387 * Process a response to an outstanding command. We only allow a single
1388 * control message in flight so this is fairly easy. All the clean up
1389 * is done by the caller, we just update the fields, flag it as done
1390 * and return
1391 */
1392
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1393 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1394 const u8 *data, int clen)
1395 {
1396 struct gsm_control *ctrl;
1397 unsigned long flags;
1398
1399 spin_lock_irqsave(&gsm->control_lock, flags);
1400
1401 ctrl = gsm->pending_cmd;
1402 /* Does the reply match our command */
1403 command |= 1;
1404 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1405 /* Our command was replied to, kill the retry timer */
1406 del_timer(&gsm->t2_timer);
1407 gsm->pending_cmd = NULL;
1408 /* Rejected by the other end */
1409 if (command == CMD_NSC)
1410 ctrl->error = -EOPNOTSUPP;
1411 ctrl->done = 1;
1412 wake_up(&gsm->event);
1413 }
1414 spin_unlock_irqrestore(&gsm->control_lock, flags);
1415 }
1416
1417 /**
1418 * gsm_control_transmit - send control packet
1419 * @gsm: gsm mux
1420 * @ctrl: frame to send
1421 *
1422 * Send out a pending control command (called under control lock)
1423 */
1424
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)1425 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1426 {
1427 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1428 if (msg == NULL)
1429 return;
1430 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */
1431 msg->data[1] = (ctrl->len << 1) | EA;
1432 memcpy(msg->data + 2, ctrl->data, ctrl->len);
1433 gsm_data_queue(gsm->dlci[0], msg);
1434 }
1435
1436 /**
1437 * gsm_control_retransmit - retransmit a control frame
1438 * @t: timer contained in our gsm object
1439 *
1440 * Called off the T2 timer expiry in order to retransmit control frames
1441 * that have been lost in the system somewhere. The control_lock protects
1442 * us from colliding with another sender or a receive completion event.
1443 * In that situation the timer may still occur in a small window but
1444 * gsm->pending_cmd will be NULL and we just let the timer expire.
1445 */
1446
gsm_control_retransmit(struct timer_list * t)1447 static void gsm_control_retransmit(struct timer_list *t)
1448 {
1449 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1450 struct gsm_control *ctrl;
1451 unsigned long flags;
1452 spin_lock_irqsave(&gsm->control_lock, flags);
1453 ctrl = gsm->pending_cmd;
1454 if (ctrl) {
1455 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
1456 gsm->pending_cmd = NULL;
1457 ctrl->error = -ETIMEDOUT;
1458 ctrl->done = 1;
1459 spin_unlock_irqrestore(&gsm->control_lock, flags);
1460 wake_up(&gsm->event);
1461 return;
1462 }
1463 gsm->cretries--;
1464 gsm_control_transmit(gsm, ctrl);
1465 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1466 }
1467 spin_unlock_irqrestore(&gsm->control_lock, flags);
1468 }
1469
1470 /**
1471 * gsm_control_send - send a control frame on DLCI 0
1472 * @gsm: the GSM channel
1473 * @command: command to send including CR bit
1474 * @data: bytes of data (must be kmalloced)
1475 * @clen: length of the block to send
1476 *
1477 * Queue and dispatch a control command. Only one command can be
1478 * active at a time. In theory more can be outstanding but the matching
1479 * gets really complicated so for now stick to one outstanding.
1480 */
1481
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)1482 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1483 unsigned int command, u8 *data, int clen)
1484 {
1485 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1486 GFP_ATOMIC);
1487 unsigned long flags;
1488 if (ctrl == NULL)
1489 return NULL;
1490 retry:
1491 wait_event(gsm->event, gsm->pending_cmd == NULL);
1492 spin_lock_irqsave(&gsm->control_lock, flags);
1493 if (gsm->pending_cmd != NULL) {
1494 spin_unlock_irqrestore(&gsm->control_lock, flags);
1495 goto retry;
1496 }
1497 ctrl->cmd = command;
1498 ctrl->data = data;
1499 ctrl->len = clen;
1500 gsm->pending_cmd = ctrl;
1501
1502 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1503 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1504 gsm->cretries = 0;
1505 else
1506 gsm->cretries = gsm->n2;
1507
1508 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1509 gsm_control_transmit(gsm, ctrl);
1510 spin_unlock_irqrestore(&gsm->control_lock, flags);
1511 return ctrl;
1512 }
1513
1514 /**
1515 * gsm_control_wait - wait for a control to finish
1516 * @gsm: GSM mux
1517 * @control: control we are waiting on
1518 *
1519 * Waits for the control to complete or time out. Frees any used
1520 * resources and returns 0 for success, or an error if the remote
1521 * rejected or ignored the request.
1522 */
1523
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)1524 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1525 {
1526 int err;
1527 wait_event(gsm->event, control->done == 1);
1528 err = control->error;
1529 kfree(control);
1530 return err;
1531 }
1532
1533
1534 /*
1535 * DLCI level handling: Needs krefs
1536 */
1537
1538 /*
1539 * State transitions and timers
1540 */
1541
1542 /**
1543 * gsm_dlci_close - a DLCI has closed
1544 * @dlci: DLCI that closed
1545 *
1546 * Perform processing when moving a DLCI into closed state. If there
1547 * is an attached tty this is hung up
1548 */
1549
gsm_dlci_close(struct gsm_dlci * dlci)1550 static void gsm_dlci_close(struct gsm_dlci *dlci)
1551 {
1552 unsigned long flags;
1553
1554 del_timer(&dlci->t1);
1555 if (debug & 8)
1556 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1557 dlci->state = DLCI_CLOSED;
1558 /* Prevent us from sending data before the link is up again */
1559 dlci->constipated = true;
1560 if (dlci->addr != 0) {
1561 tty_port_tty_hangup(&dlci->port, false);
1562 spin_lock_irqsave(&dlci->lock, flags);
1563 kfifo_reset(&dlci->fifo);
1564 spin_unlock_irqrestore(&dlci->lock, flags);
1565 /* Ensure that gsmtty_open() can return. */
1566 tty_port_set_initialized(&dlci->port, 0);
1567 wake_up_interruptible(&dlci->port.open_wait);
1568 } else
1569 dlci->gsm->dead = true;
1570 wake_up(&dlci->gsm->event);
1571 /* A DLCI 0 close is a MUX termination so we need to kick that
1572 back to userspace somehow */
1573 }
1574
1575 /**
1576 * gsm_dlci_open - a DLCI has opened
1577 * @dlci: DLCI that opened
1578 *
1579 * Perform processing when moving a DLCI into open state.
1580 */
1581
gsm_dlci_open(struct gsm_dlci * dlci)1582 static void gsm_dlci_open(struct gsm_dlci *dlci)
1583 {
1584 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1585 open -> open */
1586 del_timer(&dlci->t1);
1587 /* This will let a tty open continue */
1588 dlci->state = DLCI_OPEN;
1589 dlci->constipated = false;
1590 if (debug & 8)
1591 pr_debug("DLCI %d goes open.\n", dlci->addr);
1592 wake_up(&dlci->gsm->event);
1593 }
1594
1595 /**
1596 * gsm_dlci_t1 - T1 timer expiry
1597 * @t: timer contained in the DLCI that opened
1598 *
1599 * The T1 timer handles retransmits of control frames (essentially of
1600 * SABM and DISC). We resend the command until the retry count runs out
1601 * in which case an opening port goes back to closed and a closing port
1602 * is simply put into closed state (any further frames from the other
1603 * end will get a DM response)
1604 *
1605 * Some control dlci can stay in ADM mode with other dlci working just
1606 * fine. In that case we can just keep the control dlci open after the
1607 * DLCI_OPENING retries time out.
1608 */
1609
gsm_dlci_t1(struct timer_list * t)1610 static void gsm_dlci_t1(struct timer_list *t)
1611 {
1612 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1613 struct gsm_mux *gsm = dlci->gsm;
1614
1615 switch (dlci->state) {
1616 case DLCI_OPENING:
1617 if (dlci->retries) {
1618 dlci->retries--;
1619 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1620 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1621 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1622 if (debug & 8)
1623 pr_info("DLCI %d opening in ADM mode.\n",
1624 dlci->addr);
1625 dlci->mode = DLCI_MODE_ADM;
1626 gsm_dlci_open(dlci);
1627 } else {
1628 gsm_dlci_begin_close(dlci); /* prevent half open link */
1629 }
1630
1631 break;
1632 case DLCI_CLOSING:
1633 if (dlci->retries) {
1634 dlci->retries--;
1635 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1636 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1637 } else
1638 gsm_dlci_close(dlci);
1639 break;
1640 default:
1641 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1642 break;
1643 }
1644 }
1645
1646 /**
1647 * gsm_dlci_begin_open - start channel open procedure
1648 * @dlci: DLCI to open
1649 *
1650 * Commence opening a DLCI from the Linux side. We issue SABM messages
1651 * to the modem which should then reply with a UA or ADM, at which point
1652 * we will move into open state. Opening is done asynchronously with retry
1653 * running off timers and the responses.
1654 */
1655
gsm_dlci_begin_open(struct gsm_dlci * dlci)1656 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1657 {
1658 struct gsm_mux *gsm = dlci->gsm;
1659 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1660 return;
1661 dlci->retries = gsm->n2;
1662 dlci->state = DLCI_OPENING;
1663 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1664 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1665 }
1666
1667 /**
1668 * gsm_dlci_set_opening - change state to opening
1669 * @dlci: DLCI to open
1670 *
1671 * Change internal state to wait for DLCI open from initiator side.
1672 * We set off timers and responses upon reception of an SABM.
1673 */
gsm_dlci_set_opening(struct gsm_dlci * dlci)1674 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1675 {
1676 switch (dlci->state) {
1677 case DLCI_CLOSED:
1678 case DLCI_CLOSING:
1679 dlci->state = DLCI_OPENING;
1680 break;
1681 default:
1682 break;
1683 }
1684 }
1685
1686 /**
1687 * gsm_dlci_begin_close - start channel open procedure
1688 * @dlci: DLCI to open
1689 *
1690 * Commence closing a DLCI from the Linux side. We issue DISC messages
1691 * to the modem which should then reply with a UA, at which point we
1692 * will move into closed state. Closing is done asynchronously with retry
1693 * off timers. We may also receive a DM reply from the other end which
1694 * indicates the channel was already closed.
1695 */
1696
gsm_dlci_begin_close(struct gsm_dlci * dlci)1697 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1698 {
1699 struct gsm_mux *gsm = dlci->gsm;
1700 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1701 return;
1702 dlci->retries = gsm->n2;
1703 dlci->state = DLCI_CLOSING;
1704 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1705 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1706 }
1707
1708 /**
1709 * gsm_dlci_data - data arrived
1710 * @dlci: channel
1711 * @data: block of bytes received
1712 * @clen: length of received block
1713 *
1714 * A UI or UIH frame has arrived which contains data for a channel
1715 * other than the control channel. If the relevant virtual tty is
1716 * open we shovel the bits down it, if not we drop them.
1717 */
1718
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)1719 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1720 {
1721 /* krefs .. */
1722 struct tty_port *port = &dlci->port;
1723 struct tty_struct *tty;
1724 unsigned int modem = 0;
1725 int len = clen;
1726
1727 if (debug & 16)
1728 pr_debug("%d bytes for tty\n", len);
1729 switch (dlci->adaption) {
1730 /* Unsupported types */
1731 case 4: /* Packetised interruptible data */
1732 break;
1733 case 3: /* Packetised uininterruptible voice/data */
1734 break;
1735 case 2: /* Asynchronous serial with line state in each frame */
1736 while (gsm_read_ea(&modem, *data++) == 0) {
1737 len--;
1738 if (len == 0)
1739 return;
1740 }
1741 tty = tty_port_tty_get(port);
1742 if (tty) {
1743 gsm_process_modem(tty, dlci, modem, clen);
1744 tty_kref_put(tty);
1745 }
1746 fallthrough;
1747 case 1: /* Line state will go via DLCI 0 controls only */
1748 default:
1749 tty_insert_flip_string(port, data, len);
1750 tty_flip_buffer_push(port);
1751 }
1752 }
1753
1754 /**
1755 * gsm_dlci_control - data arrived on control channel
1756 * @dlci: channel
1757 * @data: block of bytes received
1758 * @len: length of received block
1759 *
1760 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1761 * control channel. This should contain a command EA followed by
1762 * control data bytes. The command EA contains a command/response bit
1763 * and we divide up the work accordingly.
1764 */
1765
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)1766 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1767 {
1768 /* See what command is involved */
1769 unsigned int command = 0;
1770 while (len-- > 0) {
1771 if (gsm_read_ea(&command, *data++) == 1) {
1772 int clen = *data++;
1773 len--;
1774 /* FIXME: this is properly an EA */
1775 clen >>= 1;
1776 /* Malformed command ? */
1777 if (clen > len)
1778 return;
1779 if (command & 1)
1780 gsm_control_message(dlci->gsm, command,
1781 data, clen);
1782 else
1783 gsm_control_response(dlci->gsm, command,
1784 data, clen);
1785 return;
1786 }
1787 }
1788 }
1789
1790 /*
1791 * Allocate/Free DLCI channels
1792 */
1793
1794 /**
1795 * gsm_dlci_alloc - allocate a DLCI
1796 * @gsm: GSM mux
1797 * @addr: address of the DLCI
1798 *
1799 * Allocate and install a new DLCI object into the GSM mux.
1800 *
1801 * FIXME: review locking races
1802 */
1803
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)1804 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1805 {
1806 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1807 if (dlci == NULL)
1808 return NULL;
1809 spin_lock_init(&dlci->lock);
1810 mutex_init(&dlci->mutex);
1811 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
1812 kfree(dlci);
1813 return NULL;
1814 }
1815
1816 skb_queue_head_init(&dlci->skb_list);
1817 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
1818 tty_port_init(&dlci->port);
1819 dlci->port.ops = &gsm_port_ops;
1820 dlci->gsm = gsm;
1821 dlci->addr = addr;
1822 dlci->adaption = gsm->adaption;
1823 dlci->state = DLCI_CLOSED;
1824 if (addr) {
1825 dlci->data = gsm_dlci_data;
1826 /* Prevent us from sending data before the link is up */
1827 dlci->constipated = true;
1828 } else {
1829 dlci->data = gsm_dlci_command;
1830 }
1831 gsm->dlci[addr] = dlci;
1832 return dlci;
1833 }
1834
1835 /**
1836 * gsm_dlci_free - free DLCI
1837 * @port: tty port for DLCI to free
1838 *
1839 * Free up a DLCI.
1840 *
1841 * Can sleep.
1842 */
gsm_dlci_free(struct tty_port * port)1843 static void gsm_dlci_free(struct tty_port *port)
1844 {
1845 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1846
1847 del_timer_sync(&dlci->t1);
1848 dlci->gsm->dlci[dlci->addr] = NULL;
1849 kfifo_free(&dlci->fifo);
1850 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1851 dev_kfree_skb(dlci->skb);
1852 kfree(dlci);
1853 }
1854
dlci_get(struct gsm_dlci * dlci)1855 static inline void dlci_get(struct gsm_dlci *dlci)
1856 {
1857 tty_port_get(&dlci->port);
1858 }
1859
dlci_put(struct gsm_dlci * dlci)1860 static inline void dlci_put(struct gsm_dlci *dlci)
1861 {
1862 tty_port_put(&dlci->port);
1863 }
1864
1865 static void gsm_destroy_network(struct gsm_dlci *dlci);
1866
1867 /**
1868 * gsm_dlci_release - release DLCI
1869 * @dlci: DLCI to destroy
1870 *
1871 * Release a DLCI. Actual free is deferred until either
1872 * mux is closed or tty is closed - whichever is last.
1873 *
1874 * Can sleep.
1875 */
gsm_dlci_release(struct gsm_dlci * dlci)1876 static void gsm_dlci_release(struct gsm_dlci *dlci)
1877 {
1878 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1879 if (tty) {
1880 mutex_lock(&dlci->mutex);
1881 gsm_destroy_network(dlci);
1882 mutex_unlock(&dlci->mutex);
1883
1884 /* We cannot use tty_hangup() because in tty_kref_put() the tty
1885 * driver assumes that the hangup queue is free and reuses it to
1886 * queue release_one_tty() -> NULL pointer panic in
1887 * process_one_work().
1888 */
1889 tty_vhangup(tty);
1890
1891 tty_port_tty_set(&dlci->port, NULL);
1892 tty_kref_put(tty);
1893 }
1894 dlci->state = DLCI_CLOSED;
1895 dlci_put(dlci);
1896 }
1897
1898 /*
1899 * LAPBish link layer logic
1900 */
1901
1902 /**
1903 * gsm_queue - a GSM frame is ready to process
1904 * @gsm: pointer to our gsm mux
1905 *
1906 * At this point in time a frame has arrived and been demangled from
1907 * the line encoding. All the differences between the encodings have
1908 * been handled below us and the frame is unpacked into the structures.
1909 * The fcs holds the header FCS but any data FCS must be added here.
1910 */
1911
gsm_queue(struct gsm_mux * gsm)1912 static void gsm_queue(struct gsm_mux *gsm)
1913 {
1914 struct gsm_dlci *dlci;
1915 u8 cr;
1916 int address;
1917 /* We have to sneak a look at the packet body to do the FCS.
1918 A somewhat layering violation in the spec */
1919
1920 if ((gsm->control & ~PF) == UI)
1921 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
1922 if (gsm->encoding == 0) {
1923 /* WARNING: gsm->received_fcs is used for
1924 gsm->encoding = 0 only.
1925 In this case it contain the last piece of data
1926 required to generate final CRC */
1927 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1928 }
1929 if (gsm->fcs != GOOD_FCS) {
1930 gsm->bad_fcs++;
1931 if (debug & 4)
1932 pr_debug("BAD FCS %02x\n", gsm->fcs);
1933 return;
1934 }
1935 address = gsm->address >> 1;
1936 if (address >= NUM_DLCI)
1937 goto invalid;
1938
1939 cr = gsm->address & 1; /* C/R bit */
1940
1941 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1942
1943 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1944 dlci = gsm->dlci[address];
1945
1946 switch (gsm->control) {
1947 case SABM|PF:
1948 if (cr == 0)
1949 goto invalid;
1950 if (dlci == NULL)
1951 dlci = gsm_dlci_alloc(gsm, address);
1952 if (dlci == NULL)
1953 return;
1954 if (dlci->dead)
1955 gsm_response(gsm, address, DM);
1956 else {
1957 gsm_response(gsm, address, UA);
1958 gsm_dlci_open(dlci);
1959 }
1960 break;
1961 case DISC|PF:
1962 if (cr == 0)
1963 goto invalid;
1964 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1965 gsm_response(gsm, address, DM);
1966 return;
1967 }
1968 /* Real close complete */
1969 gsm_response(gsm, address, UA);
1970 gsm_dlci_close(dlci);
1971 break;
1972 case UA|PF:
1973 if (cr == 0 || dlci == NULL)
1974 break;
1975 switch (dlci->state) {
1976 case DLCI_CLOSING:
1977 gsm_dlci_close(dlci);
1978 break;
1979 case DLCI_OPENING:
1980 gsm_dlci_open(dlci);
1981 break;
1982 default:
1983 pr_debug("%s: unhandled state: %d\n", __func__,
1984 dlci->state);
1985 break;
1986 }
1987 break;
1988 case DM: /* DM can be valid unsolicited */
1989 case DM|PF:
1990 if (cr)
1991 goto invalid;
1992 if (dlci == NULL)
1993 return;
1994 gsm_dlci_close(dlci);
1995 break;
1996 case UI:
1997 case UI|PF:
1998 case UIH:
1999 case UIH|PF:
2000 #if 0
2001 if (cr)
2002 goto invalid;
2003 #endif
2004 if (dlci == NULL || dlci->state != DLCI_OPEN) {
2005 gsm_response(gsm, address, DM|PF);
2006 return;
2007 }
2008 dlci->data(dlci, gsm->buf, gsm->len);
2009 break;
2010 default:
2011 goto invalid;
2012 }
2013 return;
2014 invalid:
2015 gsm->malformed++;
2016 return;
2017 }
2018
2019
2020 /**
2021 * gsm0_receive - perform processing for non-transparency
2022 * @gsm: gsm data for this ldisc instance
2023 * @c: character
2024 *
2025 * Receive bytes in gsm mode 0
2026 */
2027
gsm0_receive(struct gsm_mux * gsm,unsigned char c)2028 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2029 {
2030 unsigned int len;
2031
2032 switch (gsm->state) {
2033 case GSM_SEARCH: /* SOF marker */
2034 if (c == GSM0_SOF) {
2035 gsm->state = GSM_ADDRESS;
2036 gsm->address = 0;
2037 gsm->len = 0;
2038 gsm->fcs = INIT_FCS;
2039 }
2040 break;
2041 case GSM_ADDRESS: /* Address EA */
2042 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2043 if (gsm_read_ea(&gsm->address, c))
2044 gsm->state = GSM_CONTROL;
2045 break;
2046 case GSM_CONTROL: /* Control Byte */
2047 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2048 gsm->control = c;
2049 gsm->state = GSM_LEN0;
2050 break;
2051 case GSM_LEN0: /* Length EA */
2052 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2053 if (gsm_read_ea(&gsm->len, c)) {
2054 if (gsm->len > gsm->mru) {
2055 gsm->bad_size++;
2056 gsm->state = GSM_SEARCH;
2057 break;
2058 }
2059 gsm->count = 0;
2060 if (!gsm->len)
2061 gsm->state = GSM_FCS;
2062 else
2063 gsm->state = GSM_DATA;
2064 break;
2065 }
2066 gsm->state = GSM_LEN1;
2067 break;
2068 case GSM_LEN1:
2069 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2070 len = c;
2071 gsm->len |= len << 7;
2072 if (gsm->len > gsm->mru) {
2073 gsm->bad_size++;
2074 gsm->state = GSM_SEARCH;
2075 break;
2076 }
2077 gsm->count = 0;
2078 if (!gsm->len)
2079 gsm->state = GSM_FCS;
2080 else
2081 gsm->state = GSM_DATA;
2082 break;
2083 case GSM_DATA: /* Data */
2084 gsm->buf[gsm->count++] = c;
2085 if (gsm->count == gsm->len)
2086 gsm->state = GSM_FCS;
2087 break;
2088 case GSM_FCS: /* FCS follows the packet */
2089 gsm->received_fcs = c;
2090 gsm_queue(gsm);
2091 gsm->state = GSM_SSOF;
2092 break;
2093 case GSM_SSOF:
2094 if (c == GSM0_SOF) {
2095 gsm->state = GSM_SEARCH;
2096 break;
2097 }
2098 break;
2099 default:
2100 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2101 break;
2102 }
2103 }
2104
2105 /**
2106 * gsm1_receive - perform processing for non-transparency
2107 * @gsm: gsm data for this ldisc instance
2108 * @c: character
2109 *
2110 * Receive bytes in mode 1 (Advanced option)
2111 */
2112
gsm1_receive(struct gsm_mux * gsm,unsigned char c)2113 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2114 {
2115 /* handle XON/XOFF */
2116 if ((c & ISO_IEC_646_MASK) == XON) {
2117 gsm->constipated = true;
2118 return;
2119 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2120 gsm->constipated = false;
2121 /* Kick the link in case it is idling */
2122 gsm_data_kick(gsm, NULL);
2123 return;
2124 }
2125 if (c == GSM1_SOF) {
2126 /* EOF is only valid in frame if we have got to the data state
2127 and received at least one byte (the FCS) */
2128 if (gsm->state == GSM_DATA && gsm->count) {
2129 /* Extract the FCS */
2130 gsm->count--;
2131 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2132 gsm->len = gsm->count;
2133 gsm_queue(gsm);
2134 gsm->state = GSM_START;
2135 return;
2136 }
2137 /* Any partial frame was a runt so go back to start */
2138 if (gsm->state != GSM_START) {
2139 if (gsm->state != GSM_SEARCH)
2140 gsm->malformed++;
2141 gsm->state = GSM_START;
2142 }
2143 /* A SOF in GSM_START means we are still reading idling or
2144 framing bytes */
2145 return;
2146 }
2147
2148 if (c == GSM1_ESCAPE) {
2149 gsm->escape = true;
2150 return;
2151 }
2152
2153 /* Only an unescaped SOF gets us out of GSM search */
2154 if (gsm->state == GSM_SEARCH)
2155 return;
2156
2157 if (gsm->escape) {
2158 c ^= GSM1_ESCAPE_BITS;
2159 gsm->escape = false;
2160 }
2161 switch (gsm->state) {
2162 case GSM_START: /* First byte after SOF */
2163 gsm->address = 0;
2164 gsm->state = GSM_ADDRESS;
2165 gsm->fcs = INIT_FCS;
2166 fallthrough;
2167 case GSM_ADDRESS: /* Address continuation */
2168 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2169 if (gsm_read_ea(&gsm->address, c))
2170 gsm->state = GSM_CONTROL;
2171 break;
2172 case GSM_CONTROL: /* Control Byte */
2173 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2174 gsm->control = c;
2175 gsm->count = 0;
2176 gsm->state = GSM_DATA;
2177 break;
2178 case GSM_DATA: /* Data */
2179 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2180 gsm->state = GSM_OVERRUN;
2181 gsm->bad_size++;
2182 } else
2183 gsm->buf[gsm->count++] = c;
2184 break;
2185 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2186 break;
2187 default:
2188 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2189 break;
2190 }
2191 }
2192
2193 /**
2194 * gsm_error - handle tty error
2195 * @gsm: ldisc data
2196 * @data: byte received (may be invalid)
2197 * @flag: error received
2198 *
2199 * Handle an error in the receipt of data for a frame. Currently we just
2200 * go back to hunting for a SOF.
2201 *
2202 * FIXME: better diagnostics ?
2203 */
2204
gsm_error(struct gsm_mux * gsm,unsigned char data,unsigned char flag)2205 static void gsm_error(struct gsm_mux *gsm,
2206 unsigned char data, unsigned char flag)
2207 {
2208 gsm->state = GSM_SEARCH;
2209 gsm->io_error++;
2210 }
2211
2212 /**
2213 * gsm_cleanup_mux - generic GSM protocol cleanup
2214 * @gsm: our mux
2215 * @disc: disconnect link?
2216 *
2217 * Clean up the bits of the mux which are the same for all framing
2218 * protocols. Remove the mux from the mux table, stop all the timers
2219 * and then shut down each device hanging up the channels as we go.
2220 */
2221
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)2222 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2223 {
2224 int i;
2225 struct gsm_dlci *dlci;
2226 struct gsm_msg *txq, *ntxq;
2227
2228 gsm->dead = true;
2229 mutex_lock(&gsm->mutex);
2230
2231 dlci = gsm->dlci[0];
2232 if (dlci) {
2233 if (disc && dlci->state != DLCI_CLOSED) {
2234 gsm_dlci_begin_close(dlci);
2235 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2236 }
2237 dlci->dead = true;
2238 }
2239
2240 /* Finish outstanding timers, making sure they are done */
2241 del_timer_sync(&gsm->t2_timer);
2242
2243 /* Free up any link layer users and finally the control channel */
2244 if (gsm->has_devices) {
2245 gsm_unregister_devices(gsm_tty_driver, gsm->num);
2246 gsm->has_devices = false;
2247 }
2248 for (i = NUM_DLCI - 1; i >= 0; i--)
2249 if (gsm->dlci[i])
2250 gsm_dlci_release(gsm->dlci[i]);
2251 mutex_unlock(&gsm->mutex);
2252 /* Now wipe the queues */
2253 tty_ldisc_flush(gsm->tty);
2254 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2255 kfree(txq);
2256 INIT_LIST_HEAD(&gsm->tx_list);
2257 }
2258
2259 /**
2260 * gsm_activate_mux - generic GSM setup
2261 * @gsm: our mux
2262 *
2263 * Set up the bits of the mux which are the same for all framing
2264 * protocols. Add the mux to the mux table so it can be opened and
2265 * finally kick off connecting to DLCI 0 on the modem.
2266 */
2267
gsm_activate_mux(struct gsm_mux * gsm)2268 static int gsm_activate_mux(struct gsm_mux *gsm)
2269 {
2270 struct gsm_dlci *dlci;
2271 int ret;
2272
2273 if (gsm->encoding == 0)
2274 gsm->receive = gsm0_receive;
2275 else
2276 gsm->receive = gsm1_receive;
2277
2278 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
2279 if (ret)
2280 return ret;
2281
2282 dlci = gsm_dlci_alloc(gsm, 0);
2283 if (dlci == NULL)
2284 return -ENOMEM;
2285 gsm->has_devices = true;
2286 gsm->dead = false; /* Tty opens are now permissible */
2287 return 0;
2288 }
2289
2290 /**
2291 * gsm_free_mux - free up a mux
2292 * @gsm: mux to free
2293 *
2294 * Dispose of allocated resources for a dead mux
2295 */
gsm_free_mux(struct gsm_mux * gsm)2296 static void gsm_free_mux(struct gsm_mux *gsm)
2297 {
2298 int i;
2299
2300 for (i = 0; i < MAX_MUX; i++) {
2301 if (gsm == gsm_mux[i]) {
2302 gsm_mux[i] = NULL;
2303 break;
2304 }
2305 }
2306 mutex_destroy(&gsm->mutex);
2307 kfree(gsm->txframe);
2308 kfree(gsm->buf);
2309 kfree(gsm);
2310 }
2311
2312 /**
2313 * gsm_free_muxr - free up a mux
2314 * @ref: kreference to the mux to free
2315 *
2316 * Dispose of allocated resources for a dead mux
2317 */
gsm_free_muxr(struct kref * ref)2318 static void gsm_free_muxr(struct kref *ref)
2319 {
2320 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2321 gsm_free_mux(gsm);
2322 }
2323
mux_get(struct gsm_mux * gsm)2324 static inline void mux_get(struct gsm_mux *gsm)
2325 {
2326 unsigned long flags;
2327
2328 spin_lock_irqsave(&gsm_mux_lock, flags);
2329 kref_get(&gsm->ref);
2330 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2331 }
2332
mux_put(struct gsm_mux * gsm)2333 static inline void mux_put(struct gsm_mux *gsm)
2334 {
2335 unsigned long flags;
2336
2337 spin_lock_irqsave(&gsm_mux_lock, flags);
2338 kref_put(&gsm->ref, gsm_free_muxr);
2339 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2340 }
2341
mux_num_to_base(struct gsm_mux * gsm)2342 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2343 {
2344 return gsm->num * NUM_DLCI;
2345 }
2346
mux_line_to_num(unsigned int line)2347 static inline unsigned int mux_line_to_num(unsigned int line)
2348 {
2349 return line / NUM_DLCI;
2350 }
2351
2352 /**
2353 * gsm_alloc_mux - allocate a mux
2354 *
2355 * Creates a new mux ready for activation.
2356 */
2357
gsm_alloc_mux(void)2358 static struct gsm_mux *gsm_alloc_mux(void)
2359 {
2360 int i;
2361 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2362 if (gsm == NULL)
2363 return NULL;
2364 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2365 if (gsm->buf == NULL) {
2366 kfree(gsm);
2367 return NULL;
2368 }
2369 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2370 if (gsm->txframe == NULL) {
2371 kfree(gsm->buf);
2372 kfree(gsm);
2373 return NULL;
2374 }
2375 spin_lock_init(&gsm->lock);
2376 mutex_init(&gsm->mutex);
2377 kref_init(&gsm->ref);
2378 INIT_LIST_HEAD(&gsm->tx_list);
2379 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2380 init_waitqueue_head(&gsm->event);
2381 spin_lock_init(&gsm->control_lock);
2382 spin_lock_init(&gsm->tx_lock);
2383
2384 gsm->t1 = T1;
2385 gsm->t2 = T2;
2386 gsm->n2 = N2;
2387 gsm->ftype = UIH;
2388 gsm->adaption = 1;
2389 gsm->encoding = 1;
2390 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2391 gsm->mtu = 64;
2392 gsm->dead = true; /* Avoid early tty opens */
2393
2394 /* Store the instance to the mux array or abort if no space is
2395 * available.
2396 */
2397 spin_lock(&gsm_mux_lock);
2398 for (i = 0; i < MAX_MUX; i++) {
2399 if (!gsm_mux[i]) {
2400 gsm_mux[i] = gsm;
2401 gsm->num = i;
2402 break;
2403 }
2404 }
2405 spin_unlock(&gsm_mux_lock);
2406 if (i == MAX_MUX) {
2407 mutex_destroy(&gsm->mutex);
2408 kfree(gsm->txframe);
2409 kfree(gsm->buf);
2410 kfree(gsm);
2411 return NULL;
2412 }
2413
2414 return gsm;
2415 }
2416
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)2417 static void gsm_copy_config_values(struct gsm_mux *gsm,
2418 struct gsm_config *c)
2419 {
2420 memset(c, 0, sizeof(*c));
2421 c->adaption = gsm->adaption;
2422 c->encapsulation = gsm->encoding;
2423 c->initiator = gsm->initiator;
2424 c->t1 = gsm->t1;
2425 c->t2 = gsm->t2;
2426 c->t3 = 0; /* Not supported */
2427 c->n2 = gsm->n2;
2428 if (gsm->ftype == UIH)
2429 c->i = 1;
2430 else
2431 c->i = 2;
2432 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2433 c->mru = gsm->mru;
2434 c->mtu = gsm->mtu;
2435 c->k = 0;
2436 }
2437
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)2438 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2439 {
2440 int ret = 0;
2441 int need_close = 0;
2442 int need_restart = 0;
2443
2444 /* Stuff we don't support yet - UI or I frame transport, windowing */
2445 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2446 return -EOPNOTSUPP;
2447 /* Check the MRU/MTU range looks sane */
2448 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2449 return -EINVAL;
2450 if (c->n2 > 255)
2451 return -EINVAL;
2452 if (c->encapsulation > 1) /* Basic, advanced, no I */
2453 return -EINVAL;
2454 if (c->initiator > 1)
2455 return -EINVAL;
2456 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2457 return -EINVAL;
2458 /*
2459 * See what is needed for reconfiguration
2460 */
2461
2462 /* Timing fields */
2463 if (c->t1 != 0 && c->t1 != gsm->t1)
2464 need_restart = 1;
2465 if (c->t2 != 0 && c->t2 != gsm->t2)
2466 need_restart = 1;
2467 if (c->encapsulation != gsm->encoding)
2468 need_restart = 1;
2469 if (c->adaption != gsm->adaption)
2470 need_restart = 1;
2471 /* Requires care */
2472 if (c->initiator != gsm->initiator)
2473 need_close = 1;
2474 if (c->mru != gsm->mru)
2475 need_restart = 1;
2476 if (c->mtu != gsm->mtu)
2477 need_restart = 1;
2478
2479 /*
2480 * Close down what is needed, restart and initiate the new
2481 * configuration. On the first time there is no DLCI[0]
2482 * and closing or cleaning up is not necessary.
2483 */
2484 if (need_close || need_restart)
2485 gsm_cleanup_mux(gsm, true);
2486
2487 gsm->initiator = c->initiator;
2488 gsm->mru = c->mru;
2489 gsm->mtu = c->mtu;
2490 gsm->encoding = c->encapsulation;
2491 gsm->adaption = c->adaption;
2492 gsm->n2 = c->n2;
2493
2494 if (c->i == 1)
2495 gsm->ftype = UIH;
2496 else if (c->i == 2)
2497 gsm->ftype = UI;
2498
2499 if (c->t1)
2500 gsm->t1 = c->t1;
2501 if (c->t2)
2502 gsm->t2 = c->t2;
2503
2504 /*
2505 * FIXME: We need to separate activation/deactivation from adding
2506 * and removing from the mux array
2507 */
2508 if (gsm->dead) {
2509 ret = gsm_activate_mux(gsm);
2510 if (ret)
2511 return ret;
2512 if (gsm->initiator)
2513 gsm_dlci_begin_open(gsm->dlci[0]);
2514 }
2515 return 0;
2516 }
2517
2518 /**
2519 * gsmld_output - write to link
2520 * @gsm: our mux
2521 * @data: bytes to output
2522 * @len: size
2523 *
2524 * Write a block of data from the GSM mux to the data channel. This
2525 * will eventually be serialized from above but at the moment isn't.
2526 */
2527
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)2528 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2529 {
2530 if (tty_write_room(gsm->tty) < len) {
2531 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2532 return -ENOSPC;
2533 }
2534 if (debug & 4)
2535 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2536 data, len);
2537 gsm->tty->ops->write(gsm->tty, data, len);
2538 return len;
2539 }
2540
2541 /**
2542 * gsmld_attach_gsm - mode set up
2543 * @tty: our tty structure
2544 * @gsm: our mux
2545 *
2546 * Set up the MUX for basic mode and commence connecting to the
2547 * modem. Currently called from the line discipline set up but
2548 * will need moving to an ioctl path.
2549 */
2550
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2551 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2552 {
2553 gsm->tty = tty_kref_get(tty);
2554 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2555 gsm->old_c_iflag = tty->termios.c_iflag;
2556 tty->termios.c_iflag &= (IXON | IXOFF);
2557 }
2558
2559 /**
2560 * gsmld_detach_gsm - stop doing 0710 mux
2561 * @tty: tty attached to the mux
2562 * @gsm: mux
2563 *
2564 * Shutdown and then clean up the resources used by the line discipline
2565 */
2566
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2567 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2568 {
2569 WARN_ON(tty != gsm->tty);
2570 /* Restore tty XON/XOFF handling. */
2571 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2572 tty_kref_put(gsm->tty);
2573 gsm->tty = NULL;
2574 }
2575
gsmld_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)2576 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2577 char *fp, int count)
2578 {
2579 struct gsm_mux *gsm = tty->disc_data;
2580 char flags = TTY_NORMAL;
2581
2582 if (debug & 4)
2583 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2584 cp, count);
2585
2586 for (; count; count--, cp++) {
2587 if (fp)
2588 flags = *fp++;
2589 switch (flags) {
2590 case TTY_NORMAL:
2591 if (gsm->receive)
2592 gsm->receive(gsm, *cp);
2593 break;
2594 case TTY_OVERRUN:
2595 case TTY_BREAK:
2596 case TTY_PARITY:
2597 case TTY_FRAME:
2598 gsm_error(gsm, *cp, flags);
2599 break;
2600 default:
2601 WARN_ONCE(1, "%s: unknown flag %d\n",
2602 tty_name(tty), flags);
2603 break;
2604 }
2605 }
2606 /* FASYNC if needed ? */
2607 /* If clogged call tty_throttle(tty); */
2608 }
2609
2610 /**
2611 * gsmld_flush_buffer - clean input queue
2612 * @tty: terminal device
2613 *
2614 * Flush the input buffer. Called when the line discipline is
2615 * being closed, when the tty layer wants the buffer flushed (eg
2616 * at hangup).
2617 */
2618
gsmld_flush_buffer(struct tty_struct * tty)2619 static void gsmld_flush_buffer(struct tty_struct *tty)
2620 {
2621 }
2622
2623 /**
2624 * gsmld_close - close the ldisc for this tty
2625 * @tty: device
2626 *
2627 * Called from the terminal layer when this line discipline is
2628 * being shut down, either because of a close or becsuse of a
2629 * discipline change. The function will not be called while other
2630 * ldisc methods are in progress.
2631 */
2632
gsmld_close(struct tty_struct * tty)2633 static void gsmld_close(struct tty_struct *tty)
2634 {
2635 struct gsm_mux *gsm = tty->disc_data;
2636
2637 /* The ldisc locks and closes the port before calling our close. This
2638 * means we have no way to do a proper disconnect. We will not bother
2639 * to do one.
2640 */
2641 gsm_cleanup_mux(gsm, false);
2642
2643 gsmld_detach_gsm(tty, gsm);
2644
2645 gsmld_flush_buffer(tty);
2646 /* Do other clean up here */
2647 mux_put(gsm);
2648 }
2649
2650 /**
2651 * gsmld_open - open an ldisc
2652 * @tty: terminal to open
2653 *
2654 * Called when this line discipline is being attached to the
2655 * terminal device. Can sleep. Called serialized so that no
2656 * other events will occur in parallel. No further open will occur
2657 * until a close.
2658 */
2659
gsmld_open(struct tty_struct * tty)2660 static int gsmld_open(struct tty_struct *tty)
2661 {
2662 struct gsm_mux *gsm;
2663
2664 if (!capable(CAP_NET_ADMIN))
2665 return -EPERM;
2666
2667 if (tty->ops->write == NULL)
2668 return -EINVAL;
2669
2670 /* Attach our ldisc data */
2671 gsm = gsm_alloc_mux();
2672 if (gsm == NULL)
2673 return -ENOMEM;
2674
2675 tty->disc_data = gsm;
2676 tty->receive_room = 65536;
2677
2678 /* Attach the initial passive connection */
2679 gsm->encoding = 1;
2680
2681 gsmld_attach_gsm(tty, gsm);
2682
2683 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2684
2685 return 0;
2686 }
2687
2688 /**
2689 * gsmld_write_wakeup - asynchronous I/O notifier
2690 * @tty: tty device
2691 *
2692 * Required for the ptys, serial driver etc. since processes
2693 * that attach themselves to the master and rely on ASYNC
2694 * IO must be woken up
2695 */
2696
gsmld_write_wakeup(struct tty_struct * tty)2697 static void gsmld_write_wakeup(struct tty_struct *tty)
2698 {
2699 struct gsm_mux *gsm = tty->disc_data;
2700 unsigned long flags;
2701
2702 /* Queue poll */
2703 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2704 spin_lock_irqsave(&gsm->tx_lock, flags);
2705 gsm_data_kick(gsm, NULL);
2706 if (gsm->tx_bytes < TX_THRESH_LO) {
2707 gsm_dlci_data_sweep(gsm);
2708 }
2709 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2710 }
2711
2712 /**
2713 * gsmld_read - read function for tty
2714 * @tty: tty device
2715 * @file: file object
2716 * @buf: userspace buffer pointer
2717 * @nr: size of I/O
2718 *
2719 * Perform reads for the line discipline. We are guaranteed that the
2720 * line discipline will not be closed under us but we may get multiple
2721 * parallel readers and must handle this ourselves. We may also get
2722 * a hangup. Always called in user context, may sleep.
2723 *
2724 * This code must be sure never to sleep through a hangup.
2725 */
2726
gsmld_read(struct tty_struct * tty,struct file * file,unsigned char * buf,size_t nr,void ** cookie,unsigned long offset)2727 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2728 unsigned char *buf, size_t nr,
2729 void **cookie, unsigned long offset)
2730 {
2731 return -EOPNOTSUPP;
2732 }
2733
2734 /**
2735 * gsmld_write - write function for tty
2736 * @tty: tty device
2737 * @file: file object
2738 * @buf: userspace buffer pointer
2739 * @nr: size of I/O
2740 *
2741 * Called when the owner of the device wants to send a frame
2742 * itself (or some other control data). The data is transferred
2743 * as-is and must be properly framed and checksummed as appropriate
2744 * by userspace. Frames are either sent whole or not at all as this
2745 * avoids pain user side.
2746 */
2747
gsmld_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2748 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2749 const unsigned char *buf, size_t nr)
2750 {
2751 struct gsm_mux *gsm = tty->disc_data;
2752 unsigned long flags;
2753 int space;
2754 int ret;
2755
2756 if (!gsm)
2757 return -ENODEV;
2758
2759 ret = -ENOBUFS;
2760 spin_lock_irqsave(&gsm->tx_lock, flags);
2761 space = tty_write_room(tty);
2762 if (space >= nr)
2763 ret = tty->ops->write(tty, buf, nr);
2764 else
2765 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2766 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2767
2768 return ret;
2769 }
2770
2771 /**
2772 * gsmld_poll - poll method for N_GSM0710
2773 * @tty: terminal device
2774 * @file: file accessing it
2775 * @wait: poll table
2776 *
2777 * Called when the line discipline is asked to poll() for data or
2778 * for special events. This code is not serialized with respect to
2779 * other events save open/close.
2780 *
2781 * This code must be sure never to sleep through a hangup.
2782 * Called without the kernel lock held - fine
2783 */
2784
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2785 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
2786 poll_table *wait)
2787 {
2788 __poll_t mask = 0;
2789 struct gsm_mux *gsm = tty->disc_data;
2790
2791 poll_wait(file, &tty->read_wait, wait);
2792 poll_wait(file, &tty->write_wait, wait);
2793
2794 if (gsm->dead)
2795 mask |= EPOLLHUP;
2796 if (tty_hung_up_p(file))
2797 mask |= EPOLLHUP;
2798 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2799 mask |= EPOLLHUP;
2800 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2801 mask |= EPOLLOUT | EPOLLWRNORM;
2802 return mask;
2803 }
2804
gsmld_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2805 static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2806 unsigned int cmd, unsigned long arg)
2807 {
2808 struct gsm_config c;
2809 struct gsm_mux *gsm = tty->disc_data;
2810 unsigned int base;
2811
2812 switch (cmd) {
2813 case GSMIOC_GETCONF:
2814 gsm_copy_config_values(gsm, &c);
2815 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
2816 return -EFAULT;
2817 return 0;
2818 case GSMIOC_SETCONF:
2819 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
2820 return -EFAULT;
2821 return gsm_config(gsm, &c);
2822 case GSMIOC_GETFIRST:
2823 base = mux_num_to_base(gsm);
2824 return put_user(base + 1, (__u32 __user *)arg);
2825 default:
2826 return n_tty_ioctl_helper(tty, file, cmd, arg);
2827 }
2828 }
2829
2830 /*
2831 * Network interface
2832 *
2833 */
2834
gsm_mux_net_open(struct net_device * net)2835 static int gsm_mux_net_open(struct net_device *net)
2836 {
2837 pr_debug("%s called\n", __func__);
2838 netif_start_queue(net);
2839 return 0;
2840 }
2841
gsm_mux_net_close(struct net_device * net)2842 static int gsm_mux_net_close(struct net_device *net)
2843 {
2844 netif_stop_queue(net);
2845 return 0;
2846 }
2847
dlci_net_free(struct gsm_dlci * dlci)2848 static void dlci_net_free(struct gsm_dlci *dlci)
2849 {
2850 if (!dlci->net) {
2851 WARN_ON(1);
2852 return;
2853 }
2854 dlci->adaption = dlci->prev_adaption;
2855 dlci->data = dlci->prev_data;
2856 free_netdev(dlci->net);
2857 dlci->net = NULL;
2858 }
net_free(struct kref * ref)2859 static void net_free(struct kref *ref)
2860 {
2861 struct gsm_mux_net *mux_net;
2862 struct gsm_dlci *dlci;
2863
2864 mux_net = container_of(ref, struct gsm_mux_net, ref);
2865 dlci = mux_net->dlci;
2866
2867 if (dlci->net) {
2868 unregister_netdev(dlci->net);
2869 dlci_net_free(dlci);
2870 }
2871 }
2872
muxnet_get(struct gsm_mux_net * mux_net)2873 static inline void muxnet_get(struct gsm_mux_net *mux_net)
2874 {
2875 kref_get(&mux_net->ref);
2876 }
2877
muxnet_put(struct gsm_mux_net * mux_net)2878 static inline void muxnet_put(struct gsm_mux_net *mux_net)
2879 {
2880 kref_put(&mux_net->ref, net_free);
2881 }
2882
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)2883 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
2884 struct net_device *net)
2885 {
2886 struct gsm_mux_net *mux_net = netdev_priv(net);
2887 struct gsm_dlci *dlci = mux_net->dlci;
2888 muxnet_get(mux_net);
2889
2890 skb_queue_head(&dlci->skb_list, skb);
2891 net->stats.tx_packets++;
2892 net->stats.tx_bytes += skb->len;
2893 gsm_dlci_data_kick(dlci);
2894 /* And tell the kernel when the last transmit started. */
2895 netif_trans_update(net);
2896 muxnet_put(mux_net);
2897 return NETDEV_TX_OK;
2898 }
2899
2900 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)2901 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
2902 {
2903 /* Tell syslog we are hosed. */
2904 dev_dbg(&net->dev, "Tx timed out.\n");
2905
2906 /* Update statistics */
2907 net->stats.tx_errors++;
2908 }
2909
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const unsigned char * in_buf,int size)2910 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2911 const unsigned char *in_buf, int size)
2912 {
2913 struct net_device *net = dlci->net;
2914 struct sk_buff *skb;
2915 struct gsm_mux_net *mux_net = netdev_priv(net);
2916 muxnet_get(mux_net);
2917
2918 /* Allocate an sk_buff */
2919 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2920 if (!skb) {
2921 /* We got no receive buffer. */
2922 net->stats.rx_dropped++;
2923 muxnet_put(mux_net);
2924 return;
2925 }
2926 skb_reserve(skb, NET_IP_ALIGN);
2927 skb_put_data(skb, in_buf, size);
2928
2929 skb->dev = net;
2930 skb->protocol = htons(ETH_P_IP);
2931
2932 /* Ship it off to the kernel */
2933 netif_rx(skb);
2934
2935 /* update out statistics */
2936 net->stats.rx_packets++;
2937 net->stats.rx_bytes += size;
2938 muxnet_put(mux_net);
2939 return;
2940 }
2941
gsm_mux_net_init(struct net_device * net)2942 static void gsm_mux_net_init(struct net_device *net)
2943 {
2944 static const struct net_device_ops gsm_netdev_ops = {
2945 .ndo_open = gsm_mux_net_open,
2946 .ndo_stop = gsm_mux_net_close,
2947 .ndo_start_xmit = gsm_mux_net_start_xmit,
2948 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2949 };
2950
2951 net->netdev_ops = &gsm_netdev_ops;
2952
2953 /* fill in the other fields */
2954 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2955 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2956 net->type = ARPHRD_NONE;
2957 net->tx_queue_len = 10;
2958 }
2959
2960
2961 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)2962 static void gsm_destroy_network(struct gsm_dlci *dlci)
2963 {
2964 struct gsm_mux_net *mux_net;
2965
2966 pr_debug("destroy network interface\n");
2967 if (!dlci->net)
2968 return;
2969 mux_net = netdev_priv(dlci->net);
2970 muxnet_put(mux_net);
2971 }
2972
2973
2974 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)2975 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2976 {
2977 char *netname;
2978 int retval = 0;
2979 struct net_device *net;
2980 struct gsm_mux_net *mux_net;
2981
2982 if (!capable(CAP_NET_ADMIN))
2983 return -EPERM;
2984
2985 /* Already in a non tty mode */
2986 if (dlci->adaption > 2)
2987 return -EBUSY;
2988
2989 if (nc->protocol != htons(ETH_P_IP))
2990 return -EPROTONOSUPPORT;
2991
2992 if (nc->adaption != 3 && nc->adaption != 4)
2993 return -EPROTONOSUPPORT;
2994
2995 pr_debug("create network interface\n");
2996
2997 netname = "gsm%d";
2998 if (nc->if_name[0] != '\0')
2999 netname = nc->if_name;
3000 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
3001 NET_NAME_UNKNOWN, gsm_mux_net_init);
3002 if (!net) {
3003 pr_err("alloc_netdev failed\n");
3004 return -ENOMEM;
3005 }
3006 net->mtu = dlci->gsm->mtu;
3007 net->min_mtu = 8;
3008 net->max_mtu = dlci->gsm->mtu;
3009 mux_net = netdev_priv(net);
3010 mux_net->dlci = dlci;
3011 kref_init(&mux_net->ref);
3012 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
3013
3014 /* reconfigure dlci for network */
3015 dlci->prev_adaption = dlci->adaption;
3016 dlci->prev_data = dlci->data;
3017 dlci->adaption = nc->adaption;
3018 dlci->data = gsm_mux_rx_netchar;
3019 dlci->net = net;
3020
3021 pr_debug("register netdev\n");
3022 retval = register_netdev(net);
3023 if (retval) {
3024 pr_err("network register fail %d\n", retval);
3025 dlci_net_free(dlci);
3026 return retval;
3027 }
3028 return net->ifindex; /* return network index */
3029 }
3030
3031 /* Line discipline for real tty */
3032 static struct tty_ldisc_ops tty_ldisc_packet = {
3033 .owner = THIS_MODULE,
3034 .magic = TTY_LDISC_MAGIC,
3035 .name = "n_gsm",
3036 .open = gsmld_open,
3037 .close = gsmld_close,
3038 .flush_buffer = gsmld_flush_buffer,
3039 .read = gsmld_read,
3040 .write = gsmld_write,
3041 .ioctl = gsmld_ioctl,
3042 .poll = gsmld_poll,
3043 .receive_buf = gsmld_receive_buf,
3044 .write_wakeup = gsmld_write_wakeup
3045 };
3046
3047 /*
3048 * Virtual tty side
3049 */
3050
3051 #define TX_SIZE 512
3052
gsmtty_modem_update(struct gsm_dlci * dlci,u8 brk)3053 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
3054 {
3055 u8 modembits[3];
3056 struct gsm_control *ctrl;
3057 int len = 2;
3058
3059 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
3060 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3061 if (brk) {
3062 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3063 len++;
3064 }
3065 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3066 if (ctrl == NULL)
3067 return -ENOMEM;
3068 return gsm_control_wait(dlci->gsm, ctrl);
3069 }
3070
gsm_carrier_raised(struct tty_port * port)3071 static int gsm_carrier_raised(struct tty_port *port)
3072 {
3073 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3074 struct gsm_mux *gsm = dlci->gsm;
3075
3076 /* Not yet open so no carrier info */
3077 if (dlci->state != DLCI_OPEN)
3078 return 0;
3079 if (debug & 2)
3080 return 1;
3081
3082 /*
3083 * Basic mode with control channel in ADM mode may not respond
3084 * to CMD_MSC at all and modem_rx is empty.
3085 */
3086 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3087 !dlci->modem_rx)
3088 return 1;
3089
3090 return dlci->modem_rx & TIOCM_CD;
3091 }
3092
gsm_dtr_rts(struct tty_port * port,int onoff)3093 static void gsm_dtr_rts(struct tty_port *port, int onoff)
3094 {
3095 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3096 unsigned int modem_tx = dlci->modem_tx;
3097 if (onoff)
3098 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3099 else
3100 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3101 if (modem_tx != dlci->modem_tx) {
3102 dlci->modem_tx = modem_tx;
3103 gsmtty_modem_update(dlci, 0);
3104 }
3105 }
3106
3107 static const struct tty_port_operations gsm_port_ops = {
3108 .carrier_raised = gsm_carrier_raised,
3109 .dtr_rts = gsm_dtr_rts,
3110 .destruct = gsm_dlci_free,
3111 };
3112
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)3113 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3114 {
3115 struct gsm_mux *gsm;
3116 struct gsm_dlci *dlci;
3117 unsigned int line = tty->index;
3118 unsigned int mux = mux_line_to_num(line);
3119 bool alloc = false;
3120 int ret;
3121
3122 line = line & 0x3F;
3123
3124 if (mux >= MAX_MUX)
3125 return -ENXIO;
3126 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3127 if (gsm_mux[mux] == NULL)
3128 return -EUNATCH;
3129 if (line == 0 || line > 61) /* 62/63 reserved */
3130 return -ECHRNG;
3131 gsm = gsm_mux[mux];
3132 if (gsm->dead)
3133 return -EL2HLT;
3134 /* If DLCI 0 is not yet fully open return an error.
3135 This is ok from a locking
3136 perspective as we don't have to worry about this
3137 if DLCI0 is lost */
3138 mutex_lock(&gsm->mutex);
3139 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3140 mutex_unlock(&gsm->mutex);
3141 return -EL2NSYNC;
3142 }
3143 dlci = gsm->dlci[line];
3144 if (dlci == NULL) {
3145 alloc = true;
3146 dlci = gsm_dlci_alloc(gsm, line);
3147 }
3148 if (dlci == NULL) {
3149 mutex_unlock(&gsm->mutex);
3150 return -ENOMEM;
3151 }
3152 ret = tty_port_install(&dlci->port, driver, tty);
3153 if (ret) {
3154 if (alloc)
3155 dlci_put(dlci);
3156 mutex_unlock(&gsm->mutex);
3157 return ret;
3158 }
3159
3160 dlci_get(dlci);
3161 dlci_get(gsm->dlci[0]);
3162 mux_get(gsm);
3163 tty->driver_data = dlci;
3164 mutex_unlock(&gsm->mutex);
3165
3166 return 0;
3167 }
3168
gsmtty_open(struct tty_struct * tty,struct file * filp)3169 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3170 {
3171 struct gsm_dlci *dlci = tty->driver_data;
3172 struct tty_port *port = &dlci->port;
3173 struct gsm_mux *gsm = dlci->gsm;
3174
3175 port->count++;
3176 tty_port_tty_set(port, tty);
3177
3178 dlci->modem_rx = 0;
3179 /* We could in theory open and close before we wait - eg if we get
3180 a DM straight back. This is ok as that will have caused a hangup */
3181 tty_port_set_initialized(port, 1);
3182 /* Start sending off SABM messages */
3183 if (gsm->initiator)
3184 gsm_dlci_begin_open(dlci);
3185 else
3186 gsm_dlci_set_opening(dlci);
3187 /* And wait for virtual carrier */
3188 return tty_port_block_til_ready(port, tty, filp);
3189 }
3190
gsmtty_close(struct tty_struct * tty,struct file * filp)3191 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3192 {
3193 struct gsm_dlci *dlci = tty->driver_data;
3194
3195 if (dlci == NULL)
3196 return;
3197 if (dlci->state == DLCI_CLOSED)
3198 return;
3199 mutex_lock(&dlci->mutex);
3200 gsm_destroy_network(dlci);
3201 mutex_unlock(&dlci->mutex);
3202 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3203 return;
3204 gsm_dlci_begin_close(dlci);
3205 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3206 tty_port_lower_dtr_rts(&dlci->port);
3207 tty_port_close_end(&dlci->port, tty);
3208 tty_port_tty_set(&dlci->port, NULL);
3209 return;
3210 }
3211
gsmtty_hangup(struct tty_struct * tty)3212 static void gsmtty_hangup(struct tty_struct *tty)
3213 {
3214 struct gsm_dlci *dlci = tty->driver_data;
3215 if (dlci->state == DLCI_CLOSED)
3216 return;
3217 tty_port_hangup(&dlci->port);
3218 gsm_dlci_begin_close(dlci);
3219 }
3220
gsmtty_write(struct tty_struct * tty,const unsigned char * buf,int len)3221 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3222 int len)
3223 {
3224 int sent;
3225 struct gsm_dlci *dlci = tty->driver_data;
3226 if (dlci->state == DLCI_CLOSED)
3227 return -EINVAL;
3228 /* Stuff the bytes into the fifo queue */
3229 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3230 /* Need to kick the channel */
3231 gsm_dlci_data_kick(dlci);
3232 return sent;
3233 }
3234
gsmtty_write_room(struct tty_struct * tty)3235 static int gsmtty_write_room(struct tty_struct *tty)
3236 {
3237 struct gsm_dlci *dlci = tty->driver_data;
3238 if (dlci->state == DLCI_CLOSED)
3239 return -EINVAL;
3240 return TX_SIZE - kfifo_len(&dlci->fifo);
3241 }
3242
gsmtty_chars_in_buffer(struct tty_struct * tty)3243 static int gsmtty_chars_in_buffer(struct tty_struct *tty)
3244 {
3245 struct gsm_dlci *dlci = tty->driver_data;
3246 if (dlci->state == DLCI_CLOSED)
3247 return -EINVAL;
3248 return kfifo_len(&dlci->fifo);
3249 }
3250
gsmtty_flush_buffer(struct tty_struct * tty)3251 static void gsmtty_flush_buffer(struct tty_struct *tty)
3252 {
3253 struct gsm_dlci *dlci = tty->driver_data;
3254 unsigned long flags;
3255
3256 if (dlci->state == DLCI_CLOSED)
3257 return;
3258 /* Caution needed: If we implement reliable transport classes
3259 then the data being transmitted can't simply be junked once
3260 it has first hit the stack. Until then we can just blow it
3261 away */
3262 spin_lock_irqsave(&dlci->lock, flags);
3263 kfifo_reset(&dlci->fifo);
3264 spin_unlock_irqrestore(&dlci->lock, flags);
3265 /* Need to unhook this DLCI from the transmit queue logic */
3266 }
3267
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)3268 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3269 {
3270 /* The FIFO handles the queue so the kernel will do the right
3271 thing waiting on chars_in_buffer before calling us. No work
3272 to do here */
3273 }
3274
gsmtty_tiocmget(struct tty_struct * tty)3275 static int gsmtty_tiocmget(struct tty_struct *tty)
3276 {
3277 struct gsm_dlci *dlci = tty->driver_data;
3278 if (dlci->state == DLCI_CLOSED)
3279 return -EINVAL;
3280 return dlci->modem_rx;
3281 }
3282
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)3283 static int gsmtty_tiocmset(struct tty_struct *tty,
3284 unsigned int set, unsigned int clear)
3285 {
3286 struct gsm_dlci *dlci = tty->driver_data;
3287 unsigned int modem_tx = dlci->modem_tx;
3288
3289 if (dlci->state == DLCI_CLOSED)
3290 return -EINVAL;
3291 modem_tx &= ~clear;
3292 modem_tx |= set;
3293
3294 if (modem_tx != dlci->modem_tx) {
3295 dlci->modem_tx = modem_tx;
3296 return gsmtty_modem_update(dlci, 0);
3297 }
3298 return 0;
3299 }
3300
3301
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3302 static int gsmtty_ioctl(struct tty_struct *tty,
3303 unsigned int cmd, unsigned long arg)
3304 {
3305 struct gsm_dlci *dlci = tty->driver_data;
3306 struct gsm_netconfig nc;
3307 int index;
3308
3309 if (dlci->state == DLCI_CLOSED)
3310 return -EINVAL;
3311 switch (cmd) {
3312 case GSMIOC_ENABLE_NET:
3313 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3314 return -EFAULT;
3315 nc.if_name[IFNAMSIZ-1] = '\0';
3316 /* return net interface index or error code */
3317 mutex_lock(&dlci->mutex);
3318 index = gsm_create_network(dlci, &nc);
3319 mutex_unlock(&dlci->mutex);
3320 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3321 return -EFAULT;
3322 return index;
3323 case GSMIOC_DISABLE_NET:
3324 if (!capable(CAP_NET_ADMIN))
3325 return -EPERM;
3326 mutex_lock(&dlci->mutex);
3327 gsm_destroy_network(dlci);
3328 mutex_unlock(&dlci->mutex);
3329 return 0;
3330 default:
3331 return -ENOIOCTLCMD;
3332 }
3333 }
3334
gsmtty_set_termios(struct tty_struct * tty,struct ktermios * old)3335 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3336 {
3337 struct gsm_dlci *dlci = tty->driver_data;
3338 if (dlci->state == DLCI_CLOSED)
3339 return;
3340 /* For the moment its fixed. In actual fact the speed information
3341 for the virtual channel can be propogated in both directions by
3342 the RPN control message. This however rapidly gets nasty as we
3343 then have to remap modem signals each way according to whether
3344 our virtual cable is null modem etc .. */
3345 tty_termios_copy_hw(&tty->termios, old);
3346 }
3347
gsmtty_throttle(struct tty_struct * tty)3348 static void gsmtty_throttle(struct tty_struct *tty)
3349 {
3350 struct gsm_dlci *dlci = tty->driver_data;
3351 if (dlci->state == DLCI_CLOSED)
3352 return;
3353 if (C_CRTSCTS(tty))
3354 dlci->modem_tx &= ~TIOCM_RTS;
3355 dlci->throttled = true;
3356 /* Send an MSC with RTS cleared */
3357 gsmtty_modem_update(dlci, 0);
3358 }
3359
gsmtty_unthrottle(struct tty_struct * tty)3360 static void gsmtty_unthrottle(struct tty_struct *tty)
3361 {
3362 struct gsm_dlci *dlci = tty->driver_data;
3363 if (dlci->state == DLCI_CLOSED)
3364 return;
3365 if (C_CRTSCTS(tty))
3366 dlci->modem_tx |= TIOCM_RTS;
3367 dlci->throttled = false;
3368 /* Send an MSC with RTS set */
3369 gsmtty_modem_update(dlci, 0);
3370 }
3371
gsmtty_break_ctl(struct tty_struct * tty,int state)3372 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3373 {
3374 struct gsm_dlci *dlci = tty->driver_data;
3375 int encode = 0; /* Off */
3376 if (dlci->state == DLCI_CLOSED)
3377 return -EINVAL;
3378
3379 if (state == -1) /* "On indefinitely" - we can't encode this
3380 properly */
3381 encode = 0x0F;
3382 else if (state > 0) {
3383 encode = state / 200; /* mS to encoding */
3384 if (encode > 0x0F)
3385 encode = 0x0F; /* Best effort */
3386 }
3387 return gsmtty_modem_update(dlci, encode);
3388 }
3389
gsmtty_cleanup(struct tty_struct * tty)3390 static void gsmtty_cleanup(struct tty_struct *tty)
3391 {
3392 struct gsm_dlci *dlci = tty->driver_data;
3393 struct gsm_mux *gsm = dlci->gsm;
3394
3395 dlci_put(dlci);
3396 dlci_put(gsm->dlci[0]);
3397 mux_put(gsm);
3398 }
3399
3400 /* Virtual ttys for the demux */
3401 static const struct tty_operations gsmtty_ops = {
3402 .install = gsmtty_install,
3403 .open = gsmtty_open,
3404 .close = gsmtty_close,
3405 .write = gsmtty_write,
3406 .write_room = gsmtty_write_room,
3407 .chars_in_buffer = gsmtty_chars_in_buffer,
3408 .flush_buffer = gsmtty_flush_buffer,
3409 .ioctl = gsmtty_ioctl,
3410 .throttle = gsmtty_throttle,
3411 .unthrottle = gsmtty_unthrottle,
3412 .set_termios = gsmtty_set_termios,
3413 .hangup = gsmtty_hangup,
3414 .wait_until_sent = gsmtty_wait_until_sent,
3415 .tiocmget = gsmtty_tiocmget,
3416 .tiocmset = gsmtty_tiocmset,
3417 .break_ctl = gsmtty_break_ctl,
3418 .cleanup = gsmtty_cleanup,
3419 };
3420
3421
3422
gsm_init(void)3423 static int __init gsm_init(void)
3424 {
3425 /* Fill in our line protocol discipline, and register it */
3426 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3427 if (status != 0) {
3428 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3429 status);
3430 return status;
3431 }
3432
3433 gsm_tty_driver = alloc_tty_driver(256);
3434 if (!gsm_tty_driver) {
3435 tty_unregister_ldisc(N_GSM0710);
3436 pr_err("gsm_init: tty allocation failed.\n");
3437 return -EINVAL;
3438 }
3439 gsm_tty_driver->driver_name = "gsmtty";
3440 gsm_tty_driver->name = "gsmtty";
3441 gsm_tty_driver->major = 0; /* Dynamic */
3442 gsm_tty_driver->minor_start = 0;
3443 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3444 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3445 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
3446 | TTY_DRIVER_HARDWARE_BREAK;
3447 gsm_tty_driver->init_termios = tty_std_termios;
3448 /* Fixme */
3449 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3450 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3451
3452 spin_lock_init(&gsm_mux_lock);
3453
3454 if (tty_register_driver(gsm_tty_driver)) {
3455 put_tty_driver(gsm_tty_driver);
3456 tty_unregister_ldisc(N_GSM0710);
3457 pr_err("gsm_init: tty registration failed.\n");
3458 return -EBUSY;
3459 }
3460 pr_debug("gsm_init: loaded as %d,%d.\n",
3461 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3462 return 0;
3463 }
3464
gsm_exit(void)3465 static void __exit gsm_exit(void)
3466 {
3467 int status = tty_unregister_ldisc(N_GSM0710);
3468 if (status != 0)
3469 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3470 status);
3471 tty_unregister_driver(gsm_tty_driver);
3472 put_tty_driver(gsm_tty_driver);
3473 }
3474
3475 module_init(gsm_init);
3476 module_exit(gsm_exit);
3477
3478
3479 MODULE_LICENSE("GPL");
3480 MODULE_ALIAS_LDISC(N_GSM0710);
3481