1 // SPDX-License-Identifier: GPL-2.0
2 /* ELM327 based CAN interface driver (tty line discipline)
3  *
4  * This driver started as a derivative of linux/drivers/net/can/slcan.c
5  * and my thanks go to the original authors for their inspiration.
6  *
7  * can327.c Author : Max Staudt <max-linux@enpas.org>
8  * slcan.c Author  : Oliver Hartkopp <socketcan@hartkopp.net>
9  * slip.c Authors  : Laurence Culhane <loz@holmes.demon.co.uk>
10  *                   Fred N. van Kempen <waltje@uwalt.nl.mugnet.org>
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <linux/init.h>
16 #include <linux/module.h>
17 
18 #include <linux/bitops.h>
19 #include <linux/ctype.h>
20 #include <linux/errno.h>
21 #include <linux/kernel.h>
22 #include <linux/list.h>
23 #include <linux/lockdep.h>
24 #include <linux/netdevice.h>
25 #include <linux/skbuff.h>
26 #include <linux/spinlock.h>
27 #include <linux/string.h>
28 #include <linux/tty.h>
29 #include <linux/tty_ldisc.h>
30 #include <linux/workqueue.h>
31 
32 #include <uapi/linux/tty.h>
33 
34 #include <linux/can.h>
35 #include <linux/can/dev.h>
36 #include <linux/can/error.h>
37 #include <linux/can/rx-offload.h>
38 
39 #define CAN327_NAPI_WEIGHT 4
40 
41 #define CAN327_SIZE_TXBUF 32
42 #define CAN327_SIZE_RXBUF 1024
43 
44 #define CAN327_CAN_CONFIG_SEND_SFF 0x8000
45 #define CAN327_CAN_CONFIG_VARIABLE_DLC 0x4000
46 #define CAN327_CAN_CONFIG_RECV_BOTH_SFF_EFF 0x2000
47 #define CAN327_CAN_CONFIG_BAUDRATE_MULT_8_7 0x1000
48 
49 #define CAN327_DUMMY_CHAR 'y'
50 #define CAN327_DUMMY_STRING "y"
51 #define CAN327_READY_CHAR '>'
52 
53 /* Bits in elm->cmds_todo */
54 enum can327_tx_do {
55 	CAN327_TX_DO_CAN_DATA = 0,
56 	CAN327_TX_DO_CANID_11BIT,
57 	CAN327_TX_DO_CANID_29BIT_LOW,
58 	CAN327_TX_DO_CANID_29BIT_HIGH,
59 	CAN327_TX_DO_CAN_CONFIG_PART2,
60 	CAN327_TX_DO_CAN_CONFIG,
61 	CAN327_TX_DO_RESPONSES,
62 	CAN327_TX_DO_SILENT_MONITOR,
63 	CAN327_TX_DO_INIT,
64 };
65 
66 struct can327 {
67 	/* This must be the first member when using alloc_candev() */
68 	struct can_priv can;
69 
70 	struct can_rx_offload offload;
71 
72 	/* TTY buffers */
73 	u8 txbuf[CAN327_SIZE_TXBUF];
74 	u8 rxbuf[CAN327_SIZE_RXBUF];
75 
76 	/* Per-channel lock */
77 	spinlock_t lock;
78 
79 	/* TTY and netdev devices that we're bridging */
80 	struct tty_struct *tty;
81 	struct net_device *dev;
82 
83 	/* TTY buffer accounting */
84 	struct work_struct tx_work;	/* Flushes TTY TX buffer */
85 	u8 *txhead;			/* Next TX byte */
86 	size_t txleft;			/* Bytes left to TX */
87 	int rxfill;			/* Bytes already RX'd in buffer */
88 
89 	/* State machine */
90 	enum {
91 		CAN327_STATE_NOTINIT = 0,
92 		CAN327_STATE_GETDUMMYCHAR,
93 		CAN327_STATE_GETPROMPT,
94 		CAN327_STATE_RECEIVING,
95 	} state;
96 
97 	/* Things we have yet to send */
98 	char **next_init_cmd;
99 	unsigned long cmds_todo;
100 
101 	/* The CAN frame and config the ELM327 is sending/using,
102 	 * or will send/use after finishing all cmds_todo
103 	 */
104 	struct can_frame can_frame_to_send;
105 	u16 can_config;
106 	u8 can_bitrate_divisor;
107 
108 	/* Parser state */
109 	bool drop_next_line;
110 
111 	/* Stop the channel on UART side hardware failure, e.g. stray
112 	 * characters or neverending lines. This may be caused by bad
113 	 * UART wiring, a bad ELM327, a bad UART bridge...
114 	 * Once this is true, nothing will be sent to the TTY.
115 	 */
116 	bool uart_side_failure;
117 };
118 
119 static inline void can327_uart_side_failure(struct can327 *elm);
120 
can327_send(struct can327 * elm,const void * buf,size_t len)121 static void can327_send(struct can327 *elm, const void *buf, size_t len)
122 {
123 	int written;
124 
125 	lockdep_assert_held(&elm->lock);
126 
127 	if (elm->uart_side_failure)
128 		return;
129 
130 	memcpy(elm->txbuf, buf, len);
131 
132 	/* Order of next two lines is *very* important.
133 	 * When we are sending a little amount of data,
134 	 * the transfer may be completed inside the ops->write()
135 	 * routine, because it's running with interrupts enabled.
136 	 * In this case we *never* got WRITE_WAKEUP event,
137 	 * if we did not request it before write operation.
138 	 *       14 Oct 1994  Dmitry Gorodchanin.
139 	 */
140 	set_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
141 	written = elm->tty->ops->write(elm->tty, elm->txbuf, len);
142 	if (written < 0) {
143 		netdev_err(elm->dev, "Failed to write to tty %s.\n",
144 			   elm->tty->name);
145 		can327_uart_side_failure(elm);
146 		return;
147 	}
148 
149 	elm->txleft = len - written;
150 	elm->txhead = elm->txbuf + written;
151 }
152 
153 /* Take the ELM327 out of almost any state and back into command mode.
154  * We send CAN327_DUMMY_CHAR which will either abort any running
155  * operation, or be echoed back to us in case we're already in command
156  * mode.
157  */
can327_kick_into_cmd_mode(struct can327 * elm)158 static void can327_kick_into_cmd_mode(struct can327 *elm)
159 {
160 	lockdep_assert_held(&elm->lock);
161 
162 	if (elm->state != CAN327_STATE_GETDUMMYCHAR &&
163 	    elm->state != CAN327_STATE_GETPROMPT) {
164 		can327_send(elm, CAN327_DUMMY_STRING, 1);
165 
166 		elm->state = CAN327_STATE_GETDUMMYCHAR;
167 	}
168 }
169 
170 /* Schedule a CAN frame and necessary config changes to be sent to the TTY. */
can327_send_frame(struct can327 * elm,struct can_frame * frame)171 static void can327_send_frame(struct can327 *elm, struct can_frame *frame)
172 {
173 	lockdep_assert_held(&elm->lock);
174 
175 	/* Schedule any necessary changes in ELM327's CAN configuration */
176 	if (elm->can_frame_to_send.can_id != frame->can_id) {
177 		/* Set the new CAN ID for transmission. */
178 		if ((frame->can_id ^ elm->can_frame_to_send.can_id)
179 		    & CAN_EFF_FLAG) {
180 			elm->can_config =
181 				(frame->can_id & CAN_EFF_FLAG ? 0 : CAN327_CAN_CONFIG_SEND_SFF) |
182 				CAN327_CAN_CONFIG_VARIABLE_DLC |
183 				CAN327_CAN_CONFIG_RECV_BOTH_SFF_EFF |
184 				elm->can_bitrate_divisor;
185 
186 			set_bit(CAN327_TX_DO_CAN_CONFIG, &elm->cmds_todo);
187 		}
188 
189 		if (frame->can_id & CAN_EFF_FLAG) {
190 			clear_bit(CAN327_TX_DO_CANID_11BIT, &elm->cmds_todo);
191 			set_bit(CAN327_TX_DO_CANID_29BIT_LOW, &elm->cmds_todo);
192 			set_bit(CAN327_TX_DO_CANID_29BIT_HIGH, &elm->cmds_todo);
193 		} else {
194 			set_bit(CAN327_TX_DO_CANID_11BIT, &elm->cmds_todo);
195 			clear_bit(CAN327_TX_DO_CANID_29BIT_LOW,
196 				  &elm->cmds_todo);
197 			clear_bit(CAN327_TX_DO_CANID_29BIT_HIGH,
198 				  &elm->cmds_todo);
199 		}
200 	}
201 
202 	/* Schedule the CAN frame itself. */
203 	elm->can_frame_to_send = *frame;
204 	set_bit(CAN327_TX_DO_CAN_DATA, &elm->cmds_todo);
205 
206 	can327_kick_into_cmd_mode(elm);
207 }
208 
209 /* ELM327 initialisation sequence.
210  * The line length is limited by the buffer in can327_handle_prompt().
211  */
212 static char *can327_init_script[] = {
213 	"AT WS\r",        /* v1.0: Warm Start */
214 	"AT PP FF OFF\r", /* v1.0: All Programmable Parameters Off */
215 	"AT M0\r",        /* v1.0: Memory Off */
216 	"AT AL\r",        /* v1.0: Allow Long messages */
217 	"AT BI\r",        /* v1.0: Bypass Initialisation */
218 	"AT CAF0\r",      /* v1.0: CAN Auto Formatting Off */
219 	"AT CFC0\r",      /* v1.0: CAN Flow Control Off */
220 	"AT CF 000\r",    /* v1.0: Reset CAN ID Filter */
221 	"AT CM 000\r",    /* v1.0: Reset CAN ID Mask */
222 	"AT E1\r",        /* v1.0: Echo On */
223 	"AT H1\r",        /* v1.0: Headers On */
224 	"AT L0\r",        /* v1.0: Linefeeds Off */
225 	"AT SH 7DF\r",    /* v1.0: Set CAN sending ID to 0x7df */
226 	"AT ST FF\r",     /* v1.0: Set maximum Timeout for response after TX */
227 	"AT AT0\r",       /* v1.2: Adaptive Timing Off */
228 	"AT D1\r",        /* v1.3: Print DLC On */
229 	"AT S1\r",        /* v1.3: Spaces On */
230 	"AT TP B\r",      /* v1.0: Try Protocol B */
231 	NULL
232 };
233 
can327_init_device(struct can327 * elm)234 static void can327_init_device(struct can327 *elm)
235 {
236 	lockdep_assert_held(&elm->lock);
237 
238 	elm->state = CAN327_STATE_NOTINIT;
239 	elm->can_frame_to_send.can_id = 0x7df; /* ELM327 HW default */
240 	elm->rxfill = 0;
241 	elm->drop_next_line = 0;
242 
243 	/* We can only set the bitrate as a fraction of 500000.
244 	 * The bitrates listed in can327_bitrate_const will
245 	 * limit the user to the right values.
246 	 */
247 	elm->can_bitrate_divisor = 500000 / elm->can.bittiming.bitrate;
248 	elm->can_config =
249 		CAN327_CAN_CONFIG_SEND_SFF | CAN327_CAN_CONFIG_VARIABLE_DLC |
250 		CAN327_CAN_CONFIG_RECV_BOTH_SFF_EFF | elm->can_bitrate_divisor;
251 
252 	/* Configure ELM327 and then start monitoring */
253 	elm->next_init_cmd = &can327_init_script[0];
254 	set_bit(CAN327_TX_DO_INIT, &elm->cmds_todo);
255 	set_bit(CAN327_TX_DO_SILENT_MONITOR, &elm->cmds_todo);
256 	set_bit(CAN327_TX_DO_RESPONSES, &elm->cmds_todo);
257 	set_bit(CAN327_TX_DO_CAN_CONFIG, &elm->cmds_todo);
258 
259 	can327_kick_into_cmd_mode(elm);
260 }
261 
can327_feed_frame_to_netdev(struct can327 * elm,struct sk_buff * skb)262 static void can327_feed_frame_to_netdev(struct can327 *elm, struct sk_buff *skb)
263 {
264 	lockdep_assert_held(&elm->lock);
265 
266 	if (!netif_running(elm->dev)) {
267 		kfree_skb(skb);
268 		return;
269 	}
270 
271 	/* Queue for NAPI pickup.
272 	 * rx-offload will update stats and LEDs for us.
273 	 */
274 	if (can_rx_offload_queue_tail(&elm->offload, skb))
275 		elm->dev->stats.rx_fifo_errors++;
276 
277 	/* Wake NAPI */
278 	can_rx_offload_irq_finish(&elm->offload);
279 }
280 
281 /* Called when we're out of ideas and just want it all to end. */
can327_uart_side_failure(struct can327 * elm)282 static inline void can327_uart_side_failure(struct can327 *elm)
283 {
284 	struct can_frame *frame;
285 	struct sk_buff *skb;
286 
287 	lockdep_assert_held(&elm->lock);
288 
289 	elm->uart_side_failure = true;
290 
291 	clear_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
292 
293 	elm->can.can_stats.bus_off++;
294 	netif_stop_queue(elm->dev);
295 	elm->can.state = CAN_STATE_BUS_OFF;
296 	can_bus_off(elm->dev);
297 
298 	netdev_err(elm->dev,
299 		   "ELM327 misbehaved. Blocking further communication.\n");
300 
301 	skb = alloc_can_err_skb(elm->dev, &frame);
302 	if (!skb)
303 		return;
304 
305 	frame->can_id |= CAN_ERR_BUSOFF;
306 	can327_feed_frame_to_netdev(elm, skb);
307 }
308 
309 /* Compares a byte buffer (non-NUL terminated) to the payload part of
310  * a string, and returns true iff the buffer (content *and* length) is
311  * exactly that string, without the terminating NUL byte.
312  *
313  * Example: If reference is "BUS ERROR", then this returns true iff nbytes == 9
314  *          and !memcmp(buf, "BUS ERROR", 9).
315  *
316  * The reason to use strings is so we can easily include them in the C
317  * code, and to avoid hardcoding lengths.
318  */
can327_rxbuf_cmp(const u8 * buf,size_t nbytes,const char * reference)319 static inline bool can327_rxbuf_cmp(const u8 *buf, size_t nbytes,
320 				    const char *reference)
321 {
322 	size_t ref_len = strlen(reference);
323 
324 	return (nbytes == ref_len) && !memcmp(buf, reference, ref_len);
325 }
326 
can327_parse_error(struct can327 * elm,size_t len)327 static void can327_parse_error(struct can327 *elm, size_t len)
328 {
329 	struct can_frame *frame;
330 	struct sk_buff *skb;
331 
332 	lockdep_assert_held(&elm->lock);
333 
334 	skb = alloc_can_err_skb(elm->dev, &frame);
335 	if (!skb)
336 		/* It's okay to return here:
337 		 * The outer parsing loop will drop this UART buffer.
338 		 */
339 		return;
340 
341 	/* Filter possible error messages based on length of RX'd line */
342 	if (can327_rxbuf_cmp(elm->rxbuf, len, "UNABLE TO CONNECT")) {
343 		netdev_err(elm->dev,
344 			   "ELM327 reported UNABLE TO CONNECT. Please check your setup.\n");
345 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "BUFFER FULL")) {
346 		/* This will only happen if the last data line was complete.
347 		 * Otherwise, can327_parse_frame() will heuristically
348 		 * emit this kind of error frame instead.
349 		 */
350 		frame->can_id |= CAN_ERR_CRTL;
351 		frame->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
352 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "BUS ERROR")) {
353 		frame->can_id |= CAN_ERR_BUSERROR;
354 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "CAN ERROR")) {
355 		frame->can_id |= CAN_ERR_PROT;
356 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "<RX ERROR")) {
357 		frame->can_id |= CAN_ERR_PROT;
358 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "BUS BUSY")) {
359 		frame->can_id |= CAN_ERR_PROT;
360 		frame->data[2] = CAN_ERR_PROT_OVERLOAD;
361 	} else if (can327_rxbuf_cmp(elm->rxbuf, len, "FB ERROR")) {
362 		frame->can_id |= CAN_ERR_PROT;
363 		frame->data[2] = CAN_ERR_PROT_TX;
364 	} else if (len == 5 && !memcmp(elm->rxbuf, "ERR", 3)) {
365 		/* ERR is followed by two digits, hence line length 5 */
366 		netdev_err(elm->dev, "ELM327 reported an ERR%c%c. Please power it off and on again.\n",
367 			   elm->rxbuf[3], elm->rxbuf[4]);
368 		frame->can_id |= CAN_ERR_CRTL;
369 	} else {
370 		/* Something else has happened.
371 		 * Maybe garbage on the UART line.
372 		 * Emit a generic error frame.
373 		 */
374 	}
375 
376 	can327_feed_frame_to_netdev(elm, skb);
377 }
378 
379 /* Parse CAN frames coming as ASCII from ELM327.
380  * They can be of various formats:
381  *
382  * 29-bit ID (EFF):  12 34 56 78 D PL PL PL PL PL PL PL PL
383  * 11-bit ID (!EFF): 123 D PL PL PL PL PL PL PL PL
384  *
385  * where D = DLC, PL = payload byte
386  *
387  * Instead of a payload, RTR indicates a remote request.
388  *
389  * We will use the spaces and line length to guess the format.
390  */
can327_parse_frame(struct can327 * elm,size_t len)391 static int can327_parse_frame(struct can327 *elm, size_t len)
392 {
393 	struct can_frame *frame;
394 	struct sk_buff *skb;
395 	int hexlen;
396 	int datastart;
397 	int i;
398 
399 	lockdep_assert_held(&elm->lock);
400 
401 	skb = alloc_can_skb(elm->dev, &frame);
402 	if (!skb)
403 		return -ENOMEM;
404 
405 	/* Find first non-hex and non-space character:
406 	 *  - In the simplest case, there is none.
407 	 *  - For RTR frames, 'R' is the first non-hex character.
408 	 *  - An error message may replace the end of the data line.
409 	 */
410 	for (hexlen = 0; hexlen <= len; hexlen++) {
411 		if (hex_to_bin(elm->rxbuf[hexlen]) < 0 &&
412 		    elm->rxbuf[hexlen] != ' ') {
413 			break;
414 		}
415 	}
416 
417 	/* Sanity check whether the line is really a clean hexdump,
418 	 * or terminated by an error message, or contains garbage.
419 	 */
420 	if (hexlen < len && !isdigit(elm->rxbuf[hexlen]) &&
421 	    !isupper(elm->rxbuf[hexlen]) && '<' != elm->rxbuf[hexlen] &&
422 	    ' ' != elm->rxbuf[hexlen]) {
423 		/* The line is likely garbled anyway, so bail.
424 		 * The main code will restart listening.
425 		 */
426 		kfree_skb(skb);
427 		return -ENODATA;
428 	}
429 
430 	/* Use spaces in CAN ID to distinguish 29 or 11 bit address length.
431 	 * No out-of-bounds access:
432 	 * We use the fact that we can always read from elm->rxbuf.
433 	 */
434 	if (elm->rxbuf[2] == ' ' && elm->rxbuf[5] == ' ' &&
435 	    elm->rxbuf[8] == ' ' && elm->rxbuf[11] == ' ' &&
436 	    elm->rxbuf[13] == ' ') {
437 		frame->can_id = CAN_EFF_FLAG;
438 		datastart = 14;
439 	} else if (elm->rxbuf[3] == ' ' && elm->rxbuf[5] == ' ') {
440 		datastart = 6;
441 	} else {
442 		/* This is not a well-formatted data line.
443 		 * Assume it's an error message.
444 		 */
445 		kfree_skb(skb);
446 		return -ENODATA;
447 	}
448 
449 	if (hexlen < datastart) {
450 		/* The line is too short to be a valid frame hex dump.
451 		 * Something interrupted the hex dump or it is invalid.
452 		 */
453 		kfree_skb(skb);
454 		return -ENODATA;
455 	}
456 
457 	/* From here on all chars up to buf[hexlen] are hex or spaces,
458 	 * at well-defined offsets.
459 	 */
460 
461 	/* Read CAN data length */
462 	frame->len = (hex_to_bin(elm->rxbuf[datastart - 2]) << 0);
463 
464 	/* Read CAN ID */
465 	if (frame->can_id & CAN_EFF_FLAG) {
466 		frame->can_id |= (hex_to_bin(elm->rxbuf[0]) << 28) |
467 				 (hex_to_bin(elm->rxbuf[1]) << 24) |
468 				 (hex_to_bin(elm->rxbuf[3]) << 20) |
469 				 (hex_to_bin(elm->rxbuf[4]) << 16) |
470 				 (hex_to_bin(elm->rxbuf[6]) << 12) |
471 				 (hex_to_bin(elm->rxbuf[7]) << 8) |
472 				 (hex_to_bin(elm->rxbuf[9]) << 4) |
473 				 (hex_to_bin(elm->rxbuf[10]) << 0);
474 	} else {
475 		frame->can_id |= (hex_to_bin(elm->rxbuf[0]) << 8) |
476 				 (hex_to_bin(elm->rxbuf[1]) << 4) |
477 				 (hex_to_bin(elm->rxbuf[2]) << 0);
478 	}
479 
480 	/* Check for RTR frame */
481 	if (elm->rxfill >= hexlen + 3 &&
482 	    !memcmp(&elm->rxbuf[hexlen], "RTR", 3)) {
483 		frame->can_id |= CAN_RTR_FLAG;
484 	}
485 
486 	/* Is the line long enough to hold the advertised payload?
487 	 * Note: RTR frames have a DLC, but no actual payload.
488 	 */
489 	if (!(frame->can_id & CAN_RTR_FLAG) &&
490 	    (hexlen < frame->len * 3 + datastart)) {
491 		/* Incomplete frame.
492 		 * Probably the ELM327's RS232 TX buffer was full.
493 		 * Emit an error frame and exit.
494 		 */
495 		frame->can_id = CAN_ERR_FLAG | CAN_ERR_CRTL;
496 		frame->len = CAN_ERR_DLC;
497 		frame->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
498 		can327_feed_frame_to_netdev(elm, skb);
499 
500 		/* Signal failure to parse.
501 		 * The line will be re-parsed as an error line, which will fail.
502 		 * However, this will correctly drop the state machine back into
503 		 * command mode.
504 		 */
505 		return -ENODATA;
506 	}
507 
508 	/* Parse the data nibbles. */
509 	for (i = 0; i < frame->len; i++) {
510 		frame->data[i] =
511 			(hex_to_bin(elm->rxbuf[datastart + 3 * i]) << 4) |
512 			(hex_to_bin(elm->rxbuf[datastart + 3 * i + 1]));
513 	}
514 
515 	/* Feed the frame to the network layer. */
516 	can327_feed_frame_to_netdev(elm, skb);
517 
518 	return 0;
519 }
520 
can327_parse_line(struct can327 * elm,size_t len)521 static void can327_parse_line(struct can327 *elm, size_t len)
522 {
523 	lockdep_assert_held(&elm->lock);
524 
525 	/* Skip empty lines */
526 	if (!len)
527 		return;
528 
529 	/* Skip echo lines */
530 	if (elm->drop_next_line) {
531 		elm->drop_next_line = 0;
532 		return;
533 	} else if (!memcmp(elm->rxbuf, "AT", 2)) {
534 		return;
535 	}
536 
537 	/* Regular parsing */
538 	if (elm->state == CAN327_STATE_RECEIVING &&
539 	    can327_parse_frame(elm, len)) {
540 		/* Parse an error line. */
541 		can327_parse_error(elm, len);
542 
543 		/* Start afresh. */
544 		can327_kick_into_cmd_mode(elm);
545 	}
546 }
547 
can327_handle_prompt(struct can327 * elm)548 static void can327_handle_prompt(struct can327 *elm)
549 {
550 	struct can_frame *frame = &elm->can_frame_to_send;
551 	/* Size this buffer for the largest ELM327 line we may generate,
552 	 * which is currently an 8 byte CAN frame's payload hexdump.
553 	 * Items in can327_init_script must fit here, too!
554 	 */
555 	char local_txbuf[sizeof("0102030405060708\r")];
556 
557 	lockdep_assert_held(&elm->lock);
558 
559 	if (!elm->cmds_todo) {
560 		/* Enter CAN monitor mode */
561 		can327_send(elm, "ATMA\r", 5);
562 		elm->state = CAN327_STATE_RECEIVING;
563 
564 		/* We will be in the default state once this command is
565 		 * sent, so enable the TX packet queue.
566 		 */
567 		netif_wake_queue(elm->dev);
568 
569 		return;
570 	}
571 
572 	/* Reconfigure ELM327 step by step as indicated by elm->cmds_todo */
573 	if (test_bit(CAN327_TX_DO_INIT, &elm->cmds_todo)) {
574 		snprintf(local_txbuf, sizeof(local_txbuf), "%s",
575 			 *elm->next_init_cmd);
576 
577 		elm->next_init_cmd++;
578 		if (!(*elm->next_init_cmd)) {
579 			clear_bit(CAN327_TX_DO_INIT, &elm->cmds_todo);
580 			/* Init finished. */
581 		}
582 
583 	} else if (test_and_clear_bit(CAN327_TX_DO_SILENT_MONITOR, &elm->cmds_todo)) {
584 		snprintf(local_txbuf, sizeof(local_txbuf),
585 			 "ATCSM%i\r",
586 			 !!(elm->can.ctrlmode & CAN_CTRLMODE_LISTENONLY));
587 
588 	} else if (test_and_clear_bit(CAN327_TX_DO_RESPONSES, &elm->cmds_todo)) {
589 		snprintf(local_txbuf, sizeof(local_txbuf),
590 			 "ATR%i\r",
591 			 !(elm->can.ctrlmode & CAN_CTRLMODE_LISTENONLY));
592 
593 	} else if (test_and_clear_bit(CAN327_TX_DO_CAN_CONFIG, &elm->cmds_todo)) {
594 		snprintf(local_txbuf, sizeof(local_txbuf),
595 			 "ATPC\r");
596 		set_bit(CAN327_TX_DO_CAN_CONFIG_PART2, &elm->cmds_todo);
597 
598 	} else if (test_and_clear_bit(CAN327_TX_DO_CAN_CONFIG_PART2, &elm->cmds_todo)) {
599 		snprintf(local_txbuf, sizeof(local_txbuf),
600 			 "ATPB%04X\r",
601 			 elm->can_config);
602 
603 	} else if (test_and_clear_bit(CAN327_TX_DO_CANID_29BIT_HIGH, &elm->cmds_todo)) {
604 		snprintf(local_txbuf, sizeof(local_txbuf),
605 			 "ATCP%02X\r",
606 			 (frame->can_id & CAN_EFF_MASK) >> 24);
607 
608 	} else if (test_and_clear_bit(CAN327_TX_DO_CANID_29BIT_LOW, &elm->cmds_todo)) {
609 		snprintf(local_txbuf, sizeof(local_txbuf),
610 			 "ATSH%06X\r",
611 			 frame->can_id & CAN_EFF_MASK & ((1 << 24) - 1));
612 
613 	} else if (test_and_clear_bit(CAN327_TX_DO_CANID_11BIT, &elm->cmds_todo)) {
614 		snprintf(local_txbuf, sizeof(local_txbuf),
615 			 "ATSH%03X\r",
616 			 frame->can_id & CAN_SFF_MASK);
617 
618 	} else if (test_and_clear_bit(CAN327_TX_DO_CAN_DATA, &elm->cmds_todo)) {
619 		if (frame->can_id & CAN_RTR_FLAG) {
620 			/* Send an RTR frame. Their DLC is fixed.
621 			 * Some chips don't send them at all.
622 			 */
623 			snprintf(local_txbuf, sizeof(local_txbuf), "ATRTR\r");
624 		} else {
625 			/* Send a regular CAN data frame */
626 			int i;
627 
628 			for (i = 0; i < frame->len; i++) {
629 				snprintf(&local_txbuf[2 * i],
630 					 sizeof(local_txbuf), "%02X",
631 					 frame->data[i]);
632 			}
633 
634 			snprintf(&local_txbuf[2 * i], sizeof(local_txbuf),
635 				 "\r");
636 		}
637 
638 		elm->drop_next_line = 1;
639 		elm->state = CAN327_STATE_RECEIVING;
640 
641 		/* We will be in the default state once this command is
642 		 * sent, so enable the TX packet queue.
643 		 */
644 		netif_wake_queue(elm->dev);
645 	}
646 
647 	can327_send(elm, local_txbuf, strlen(local_txbuf));
648 }
649 
can327_is_ready_char(char c)650 static bool can327_is_ready_char(char c)
651 {
652 	/* Bits 0xc0 are sometimes set (randomly), hence the mask.
653 	 * Probably bad hardware.
654 	 */
655 	return (c & 0x3f) == CAN327_READY_CHAR;
656 }
657 
can327_drop_bytes(struct can327 * elm,size_t i)658 static void can327_drop_bytes(struct can327 *elm, size_t i)
659 {
660 	lockdep_assert_held(&elm->lock);
661 
662 	memmove(&elm->rxbuf[0], &elm->rxbuf[i], CAN327_SIZE_RXBUF - i);
663 	elm->rxfill -= i;
664 }
665 
can327_parse_rxbuf(struct can327 * elm,size_t first_new_char_idx)666 static void can327_parse_rxbuf(struct can327 *elm, size_t first_new_char_idx)
667 {
668 	size_t len, pos;
669 
670 	lockdep_assert_held(&elm->lock);
671 
672 	switch (elm->state) {
673 	case CAN327_STATE_NOTINIT:
674 		elm->rxfill = 0;
675 		break;
676 
677 	case CAN327_STATE_GETDUMMYCHAR:
678 		/* Wait for 'y' or '>' */
679 		for (pos = 0; pos < elm->rxfill; pos++) {
680 			if (elm->rxbuf[pos] == CAN327_DUMMY_CHAR) {
681 				can327_send(elm, "\r", 1);
682 				elm->state = CAN327_STATE_GETPROMPT;
683 				pos++;
684 				break;
685 			} else if (can327_is_ready_char(elm->rxbuf[pos])) {
686 				can327_send(elm, CAN327_DUMMY_STRING, 1);
687 				pos++;
688 				break;
689 			}
690 		}
691 
692 		can327_drop_bytes(elm, pos);
693 		break;
694 
695 	case CAN327_STATE_GETPROMPT:
696 		/* Wait for '>' */
697 		if (can327_is_ready_char(elm->rxbuf[elm->rxfill - 1]))
698 			can327_handle_prompt(elm);
699 
700 		elm->rxfill = 0;
701 		break;
702 
703 	case CAN327_STATE_RECEIVING:
704 		/* Find <CR> delimiting feedback lines. */
705 		len = first_new_char_idx;
706 		while (len < elm->rxfill && elm->rxbuf[len] != '\r')
707 			len++;
708 
709 		if (len == CAN327_SIZE_RXBUF) {
710 			/* Assume the buffer ran full with garbage.
711 			 * Did we even connect at the right baud rate?
712 			 */
713 			netdev_err(elm->dev,
714 				   "RX buffer overflow. Faulty ELM327 or UART?\n");
715 			can327_uart_side_failure(elm);
716 		} else if (len == elm->rxfill) {
717 			if (can327_is_ready_char(elm->rxbuf[elm->rxfill - 1])) {
718 				/* The ELM327's AT ST response timeout ran out,
719 				 * so we got a prompt.
720 				 * Clear RX buffer and restart listening.
721 				 */
722 				elm->rxfill = 0;
723 
724 				can327_handle_prompt(elm);
725 			}
726 
727 			/* No <CR> found - we haven't received a full line yet.
728 			 * Wait for more data.
729 			 */
730 		} else {
731 			/* We have a full line to parse. */
732 			can327_parse_line(elm, len);
733 
734 			/* Remove parsed data from RX buffer. */
735 			can327_drop_bytes(elm, len + 1);
736 
737 			/* More data to parse? */
738 			if (elm->rxfill)
739 				can327_parse_rxbuf(elm, 0);
740 		}
741 	}
742 }
743 
can327_netdev_open(struct net_device * dev)744 static int can327_netdev_open(struct net_device *dev)
745 {
746 	struct can327 *elm = netdev_priv(dev);
747 	int err;
748 
749 	spin_lock_bh(&elm->lock);
750 
751 	if (!elm->tty) {
752 		spin_unlock_bh(&elm->lock);
753 		return -ENODEV;
754 	}
755 
756 	if (elm->uart_side_failure)
757 		netdev_warn(elm->dev,
758 			    "Reopening netdev after a UART side fault has been detected.\n");
759 
760 	/* Clear TTY buffers */
761 	elm->rxfill = 0;
762 	elm->txleft = 0;
763 
764 	/* open_candev() checks for elm->can.bittiming.bitrate != 0 */
765 	err = open_candev(dev);
766 	if (err) {
767 		spin_unlock_bh(&elm->lock);
768 		return err;
769 	}
770 
771 	can327_init_device(elm);
772 	spin_unlock_bh(&elm->lock);
773 
774 	err = can_rx_offload_add_manual(dev, &elm->offload, CAN327_NAPI_WEIGHT);
775 	if (err) {
776 		close_candev(dev);
777 		return err;
778 	}
779 
780 	can_rx_offload_enable(&elm->offload);
781 
782 	elm->can.state = CAN_STATE_ERROR_ACTIVE;
783 	netif_start_queue(dev);
784 
785 	return 0;
786 }
787 
can327_netdev_close(struct net_device * dev)788 static int can327_netdev_close(struct net_device *dev)
789 {
790 	struct can327 *elm = netdev_priv(dev);
791 
792 	/* Interrupt whatever the ELM327 is doing right now */
793 	spin_lock_bh(&elm->lock);
794 	can327_send(elm, CAN327_DUMMY_STRING, 1);
795 	spin_unlock_bh(&elm->lock);
796 
797 	netif_stop_queue(dev);
798 
799 	/* We don't flush the UART TX queue here, as we want final stop
800 	 * commands (like the above dummy char) to be flushed out.
801 	 */
802 
803 	can_rx_offload_disable(&elm->offload);
804 	elm->can.state = CAN_STATE_STOPPED;
805 	can_rx_offload_del(&elm->offload);
806 	close_candev(dev);
807 
808 	return 0;
809 }
810 
811 /* Send a can_frame to a TTY. */
can327_netdev_start_xmit(struct sk_buff * skb,struct net_device * dev)812 static netdev_tx_t can327_netdev_start_xmit(struct sk_buff *skb,
813 					    struct net_device *dev)
814 {
815 	struct can327 *elm = netdev_priv(dev);
816 	struct can_frame *frame = (struct can_frame *)skb->data;
817 
818 	if (can_dev_dropped_skb(dev, skb))
819 		return NETDEV_TX_OK;
820 
821 	/* We shouldn't get here after a hardware fault:
822 	 * can_bus_off() calls netif_carrier_off()
823 	 */
824 	if (elm->uart_side_failure) {
825 		WARN_ON_ONCE(elm->uart_side_failure);
826 		goto out;
827 	}
828 
829 	netif_stop_queue(dev);
830 
831 	/* BHs are already disabled, so no spin_lock_bh().
832 	 * See Documentation/networking/netdevices.rst
833 	 */
834 	spin_lock(&elm->lock);
835 	can327_send_frame(elm, frame);
836 	spin_unlock(&elm->lock);
837 
838 	dev->stats.tx_packets++;
839 	dev->stats.tx_bytes += frame->can_id & CAN_RTR_FLAG ? 0 : frame->len;
840 
841 	skb_tx_timestamp(skb);
842 
843 out:
844 	kfree_skb(skb);
845 	return NETDEV_TX_OK;
846 }
847 
848 static const struct net_device_ops can327_netdev_ops = {
849 	.ndo_open = can327_netdev_open,
850 	.ndo_stop = can327_netdev_close,
851 	.ndo_start_xmit = can327_netdev_start_xmit,
852 	.ndo_change_mtu = can_change_mtu,
853 };
854 
855 static const struct ethtool_ops can327_ethtool_ops = {
856 	.get_ts_info = ethtool_op_get_ts_info,
857 };
858 
can327_is_valid_rx_char(u8 c)859 static bool can327_is_valid_rx_char(u8 c)
860 {
861 	static const bool lut_char_is_valid['z'] = {
862 		['\r'] = true,
863 		[' '] = true,
864 		['.'] = true,
865 		['0'] = true, true, true, true, true,
866 		['5'] = true, true, true, true, true,
867 		['<'] = true,
868 		[CAN327_READY_CHAR] = true,
869 		['?'] = true,
870 		['A'] = true, true, true, true, true, true, true,
871 		['H'] = true, true, true, true, true, true, true,
872 		['O'] = true, true, true, true, true, true, true,
873 		['V'] = true, true, true, true, true,
874 		['a'] = true,
875 		['b'] = true,
876 		['v'] = true,
877 		[CAN327_DUMMY_CHAR] = true,
878 	};
879 	BUILD_BUG_ON(CAN327_DUMMY_CHAR >= 'z');
880 
881 	return (c < ARRAY_SIZE(lut_char_is_valid) && lut_char_is_valid[c]);
882 }
883 
884 /* Handle incoming ELM327 ASCII data.
885  * This will not be re-entered while running, but other ldisc
886  * functions may be called in parallel.
887  */
can327_ldisc_rx(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)888 static void can327_ldisc_rx(struct tty_struct *tty, const u8 *cp,
889 			    const u8 *fp, size_t count)
890 {
891 	struct can327 *elm = tty->disc_data;
892 	size_t first_new_char_idx;
893 
894 	if (elm->uart_side_failure)
895 		return;
896 
897 	spin_lock_bh(&elm->lock);
898 
899 	/* Store old rxfill, so can327_parse_rxbuf() will have
900 	 * the option of skipping already checked characters.
901 	 */
902 	first_new_char_idx = elm->rxfill;
903 
904 	while (count--) {
905 		if (elm->rxfill >= CAN327_SIZE_RXBUF) {
906 			netdev_err(elm->dev,
907 				   "Receive buffer overflowed. Bad chip or wiring? count = %zu",
908 				   count);
909 			goto uart_failure;
910 		}
911 		if (fp && *fp++) {
912 			netdev_err(elm->dev,
913 				   "Error in received character stream. Check your wiring.");
914 			goto uart_failure;
915 		}
916 
917 		/* Ignore NUL characters, which the PIC microcontroller may
918 		 * inadvertently insert due to a known hardware bug.
919 		 * See ELM327 documentation, which refers to a Microchip PIC
920 		 * bug description.
921 		 */
922 		if (*cp) {
923 			/* Check for stray characters on the UART line.
924 			 * Likely caused by bad hardware.
925 			 */
926 			if (!can327_is_valid_rx_char(*cp)) {
927 				netdev_err(elm->dev,
928 					   "Received illegal character %02x.\n",
929 					   *cp);
930 				goto uart_failure;
931 			}
932 
933 			elm->rxbuf[elm->rxfill++] = *cp;
934 		}
935 
936 		cp++;
937 	}
938 
939 	can327_parse_rxbuf(elm, first_new_char_idx);
940 	spin_unlock_bh(&elm->lock);
941 
942 	return;
943 uart_failure:
944 	can327_uart_side_failure(elm);
945 	spin_unlock_bh(&elm->lock);
946 }
947 
948 /* Write out remaining transmit buffer.
949  * Scheduled when TTY is writable.
950  */
can327_ldisc_tx_worker(struct work_struct * work)951 static void can327_ldisc_tx_worker(struct work_struct *work)
952 {
953 	struct can327 *elm = container_of(work, struct can327, tx_work);
954 	ssize_t written;
955 
956 	if (elm->uart_side_failure)
957 		return;
958 
959 	spin_lock_bh(&elm->lock);
960 
961 	if (elm->txleft) {
962 		written = elm->tty->ops->write(elm->tty, elm->txhead,
963 					       elm->txleft);
964 		if (written < 0) {
965 			netdev_err(elm->dev, "Failed to write to tty %s.\n",
966 				   elm->tty->name);
967 			can327_uart_side_failure(elm);
968 
969 			spin_unlock_bh(&elm->lock);
970 			return;
971 		}
972 
973 		elm->txleft -= written;
974 		elm->txhead += written;
975 	}
976 
977 	if (!elm->txleft)
978 		clear_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
979 
980 	spin_unlock_bh(&elm->lock);
981 }
982 
983 /* Called by the driver when there's room for more data. */
can327_ldisc_tx_wakeup(struct tty_struct * tty)984 static void can327_ldisc_tx_wakeup(struct tty_struct *tty)
985 {
986 	struct can327 *elm = tty->disc_data;
987 
988 	schedule_work(&elm->tx_work);
989 }
990 
991 /* ELM327 can only handle bitrates that are integer divisors of 500 kHz,
992  * or 7/8 of that. Divisors are 1 to 64.
993  * Currently we don't implement support for 7/8 rates.
994  */
995 static const u32 can327_bitrate_const[] = {
996 	7812,  7936,  8064,  8196,   8333,   8474,   8620,   8771,
997 	8928,  9090,  9259,  9433,   9615,   9803,   10000,  10204,
998 	10416, 10638, 10869, 11111,  11363,  11627,  11904,  12195,
999 	12500, 12820, 13157, 13513,  13888,  14285,  14705,  15151,
1000 	15625, 16129, 16666, 17241,  17857,  18518,  19230,  20000,
1001 	20833, 21739, 22727, 23809,  25000,  26315,  27777,  29411,
1002 	31250, 33333, 35714, 38461,  41666,  45454,  50000,  55555,
1003 	62500, 71428, 83333, 100000, 125000, 166666, 250000, 500000
1004 };
1005 
can327_ldisc_open(struct tty_struct * tty)1006 static int can327_ldisc_open(struct tty_struct *tty)
1007 {
1008 	struct net_device *dev;
1009 	struct can327 *elm;
1010 	int err;
1011 
1012 	if (!capable(CAP_NET_ADMIN))
1013 		return -EPERM;
1014 
1015 	if (!tty->ops->write)
1016 		return -EOPNOTSUPP;
1017 
1018 	dev = alloc_candev(sizeof(struct can327), 0);
1019 	if (!dev)
1020 		return -ENFILE;
1021 	elm = netdev_priv(dev);
1022 
1023 	/* Configure TTY interface */
1024 	tty->receive_room = 65536; /* We don't flow control */
1025 	spin_lock_init(&elm->lock);
1026 	INIT_WORK(&elm->tx_work, can327_ldisc_tx_worker);
1027 
1028 	/* Configure CAN metadata */
1029 	elm->can.bitrate_const = can327_bitrate_const;
1030 	elm->can.bitrate_const_cnt = ARRAY_SIZE(can327_bitrate_const);
1031 	elm->can.ctrlmode_supported = CAN_CTRLMODE_LISTENONLY;
1032 
1033 	/* Configure netdev interface */
1034 	elm->dev = dev;
1035 	dev->netdev_ops = &can327_netdev_ops;
1036 	dev->ethtool_ops = &can327_ethtool_ops;
1037 
1038 	/* Mark ldisc channel as alive */
1039 	elm->tty = tty;
1040 	tty->disc_data = elm;
1041 
1042 	/* Let 'er rip */
1043 	err = register_candev(elm->dev);
1044 	if (err) {
1045 		free_candev(elm->dev);
1046 		return err;
1047 	}
1048 
1049 	netdev_info(elm->dev, "can327 on %s.\n", tty->name);
1050 
1051 	return 0;
1052 }
1053 
1054 /* Close down a can327 channel.
1055  * This means flushing out any pending queues, and then returning.
1056  * This call is serialized against other ldisc functions:
1057  * Once this is called, no other ldisc function of ours is entered.
1058  *
1059  * We also use this function for a hangup event.
1060  */
can327_ldisc_close(struct tty_struct * tty)1061 static void can327_ldisc_close(struct tty_struct *tty)
1062 {
1063 	struct can327 *elm = tty->disc_data;
1064 
1065 	/* unregister_netdev() calls .ndo_stop() so we don't have to. */
1066 	unregister_candev(elm->dev);
1067 
1068 	/* Give UART one final chance to flush.
1069 	 * No need to clear TTY_DO_WRITE_WAKEUP since .write_wakeup() is
1070 	 * serialised against .close() and will not be called once we return.
1071 	 */
1072 	flush_work(&elm->tx_work);
1073 
1074 	/* Mark channel as dead */
1075 	spin_lock_bh(&elm->lock);
1076 	tty->disc_data = NULL;
1077 	elm->tty = NULL;
1078 	spin_unlock_bh(&elm->lock);
1079 
1080 	netdev_info(elm->dev, "can327 off %s.\n", tty->name);
1081 
1082 	free_candev(elm->dev);
1083 }
1084 
can327_ldisc_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)1085 static int can327_ldisc_ioctl(struct tty_struct *tty, unsigned int cmd,
1086 			      unsigned long arg)
1087 {
1088 	struct can327 *elm = tty->disc_data;
1089 	unsigned int tmp;
1090 
1091 	switch (cmd) {
1092 	case SIOCGIFNAME:
1093 		tmp = strnlen(elm->dev->name, IFNAMSIZ - 1) + 1;
1094 		if (copy_to_user((void __user *)arg, elm->dev->name, tmp))
1095 			return -EFAULT;
1096 		return 0;
1097 
1098 	case SIOCSIFHWADDR:
1099 		return -EINVAL;
1100 
1101 	default:
1102 		return tty_mode_ioctl(tty, cmd, arg);
1103 	}
1104 }
1105 
1106 static struct tty_ldisc_ops can327_ldisc = {
1107 	.owner = THIS_MODULE,
1108 	.name = KBUILD_MODNAME,
1109 	.num = N_CAN327,
1110 	.receive_buf = can327_ldisc_rx,
1111 	.write_wakeup = can327_ldisc_tx_wakeup,
1112 	.open = can327_ldisc_open,
1113 	.close = can327_ldisc_close,
1114 	.ioctl = can327_ldisc_ioctl,
1115 };
1116 
can327_init(void)1117 static int __init can327_init(void)
1118 {
1119 	int status;
1120 
1121 	status = tty_register_ldisc(&can327_ldisc);
1122 	if (status)
1123 		pr_err("Can't register line discipline\n");
1124 
1125 	return status;
1126 }
1127 
can327_exit(void)1128 static void __exit can327_exit(void)
1129 {
1130 	/* This will only be called when all channels have been closed by
1131 	 * userspace - tty_ldisc.c takes care of the module's refcount.
1132 	 */
1133 	tty_unregister_ldisc(&can327_ldisc);
1134 }
1135 
1136 module_init(can327_init);
1137 module_exit(can327_exit);
1138 
1139 MODULE_ALIAS_LDISC(N_CAN327);
1140 MODULE_DESCRIPTION("ELM327 based CAN interface");
1141 MODULE_LICENSE("GPL");
1142 MODULE_AUTHOR("Max Staudt <max@enpas.org>");
1143