1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * 6pack.c	This module implements the 6pack protocol for kernel-based
4  *		devices like TTY. It interfaces between a raw TTY and the
5  *		kernel's AX.25 protocol layers.
6  *
7  * Authors:	Andreas Könsgen <ajk@comnets.uni-bremen.de>
8  *              Ralf Baechle DL5RB <ralf@linux-mips.org>
9  *
10  * Quite a lot of stuff "stolen" by Joerg Reuter from slip.c, written by
11  *
12  *		Laurence Culhane, <loz@holmes.demon.co.uk>
13  *		Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
14  */
15 
16 #include <linux/module.h>
17 #include <linux/uaccess.h>
18 #include <linux/bitops.h>
19 #include <linux/string.h>
20 #include <linux/mm.h>
21 #include <linux/interrupt.h>
22 #include <linux/in.h>
23 #include <linux/tty.h>
24 #include <linux/errno.h>
25 #include <linux/netdevice.h>
26 #include <linux/timer.h>
27 #include <linux/slab.h>
28 #include <net/ax25.h>
29 #include <linux/etherdevice.h>
30 #include <linux/skbuff.h>
31 #include <linux/rtnetlink.h>
32 #include <linux/spinlock.h>
33 #include <linux/if_arp.h>
34 #include <linux/init.h>
35 #include <linux/ip.h>
36 #include <linux/tcp.h>
37 #include <linux/semaphore.h>
38 #include <linux/refcount.h>
39 
40 #define SIXPACK_VERSION    "Revision: 0.3.0"
41 
42 /* sixpack priority commands */
43 #define SIXP_SEOF		0x40	/* start and end of a 6pack frame */
44 #define SIXP_TX_URUN		0x48	/* transmit overrun */
45 #define SIXP_RX_ORUN		0x50	/* receive overrun */
46 #define SIXP_RX_BUF_OVL		0x58	/* receive buffer overflow */
47 
48 #define SIXP_CHKSUM		0xFF	/* valid checksum of a 6pack frame */
49 
50 /* masks to get certain bits out of the status bytes sent by the TNC */
51 
52 #define SIXP_CMD_MASK		0xC0
53 #define SIXP_CHN_MASK		0x07
54 #define SIXP_PRIO_CMD_MASK	0x80
55 #define SIXP_STD_CMD_MASK	0x40
56 #define SIXP_PRIO_DATA_MASK	0x38
57 #define SIXP_TX_MASK		0x20
58 #define SIXP_RX_MASK		0x10
59 #define SIXP_RX_DCD_MASK	0x18
60 #define SIXP_LEDS_ON		0x78
61 #define SIXP_LEDS_OFF		0x60
62 #define SIXP_CON		0x08
63 #define SIXP_STA		0x10
64 
65 #define SIXP_FOUND_TNC		0xe9
66 #define SIXP_CON_ON		0x68
67 #define SIXP_DCD_MASK		0x08
68 #define SIXP_DAMA_OFF		0
69 
70 /* default level 2 parameters */
71 #define SIXP_TXDELAY			(HZ/4)	/* in 1 s */
72 #define SIXP_PERSIST			50	/* in 256ths */
73 #define SIXP_SLOTTIME			(HZ/10)	/* in 1 s */
74 #define SIXP_INIT_RESYNC_TIMEOUT	(3*HZ/2) /* in 1 s */
75 #define SIXP_RESYNC_TIMEOUT		5*HZ	/* in 1 s */
76 
77 /* 6pack configuration. */
78 #define SIXP_NRUNIT			31      /* MAX number of 6pack channels */
79 #define SIXP_MTU			256	/* Default MTU */
80 
81 enum sixpack_flags {
82 	SIXPF_ERROR,	/* Parity, etc. error	*/
83 };
84 
85 struct sixpack {
86 	/* Various fields. */
87 	struct tty_struct	*tty;		/* ptr to TTY structure	*/
88 	struct net_device	*dev;		/* easy for intr handling  */
89 
90 	/* These are pointers to the malloc()ed frame buffers. */
91 	unsigned char		*rbuff;		/* receiver buffer	*/
92 	int			rcount;         /* received chars counter  */
93 	unsigned char		*xbuff;		/* transmitter buffer	*/
94 	unsigned char		*xhead;         /* next byte to XMIT */
95 	int			xleft;          /* bytes left in XMIT queue  */
96 
97 	unsigned char		raw_buf[4];
98 	unsigned char		cooked_buf[400];
99 
100 	unsigned int		rx_count;
101 	unsigned int		rx_count_cooked;
102 
103 	int			mtu;		/* Our mtu (to spot changes!) */
104 	int			buffsize;       /* Max buffers sizes */
105 
106 	unsigned long		flags;		/* Flag values/ mode etc */
107 	unsigned char		mode;		/* 6pack mode */
108 
109 	/* 6pack stuff */
110 	unsigned char		tx_delay;
111 	unsigned char		persistence;
112 	unsigned char		slottime;
113 	unsigned char		duplex;
114 	unsigned char		led_state;
115 	unsigned char		status;
116 	unsigned char		status1;
117 	unsigned char		status2;
118 	unsigned char		tx_enable;
119 	unsigned char		tnc_state;
120 
121 	struct timer_list	tx_t;
122 	struct timer_list	resync_t;
123 	refcount_t		refcnt;
124 	struct completion	dead;
125 	spinlock_t		lock;
126 };
127 
128 #define AX25_6PACK_HEADER_LEN 0
129 
130 static void sixpack_decode(struct sixpack *, const unsigned char[], int);
131 static int encode_sixpack(unsigned char *, unsigned char *, int, unsigned char);
132 
133 /*
134  * Perform the persistence/slottime algorithm for CSMA access. If the
135  * persistence check was successful, write the data to the serial driver.
136  * Note that in case of DAMA operation, the data is not sent here.
137  */
138 
sp_xmit_on_air(struct timer_list * t)139 static void sp_xmit_on_air(struct timer_list *t)
140 {
141 	struct sixpack *sp = from_timer(sp, t, tx_t);
142 	int actual, when = sp->slottime;
143 	static unsigned char random;
144 
145 	random = random * 17 + 41;
146 
147 	if (((sp->status1 & SIXP_DCD_MASK) == 0) && (random < sp->persistence)) {
148 		sp->led_state = 0x70;
149 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
150 		sp->tx_enable = 1;
151 		actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
152 		sp->xleft -= actual;
153 		sp->xhead += actual;
154 		sp->led_state = 0x60;
155 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
156 		sp->status2 = 0;
157 	} else
158 		mod_timer(&sp->tx_t, jiffies + ((when + 1) * HZ) / 100);
159 }
160 
161 /* ----> 6pack timer interrupt handler and friends. <---- */
162 
163 /* Encapsulate one AX.25 frame and stuff into a TTY queue. */
sp_encaps(struct sixpack * sp,unsigned char * icp,int len)164 static void sp_encaps(struct sixpack *sp, unsigned char *icp, int len)
165 {
166 	unsigned char *msg, *p = icp;
167 	int actual, count;
168 
169 	if (len > sp->mtu) {	/* sp->mtu = AX25_MTU = max. PACLEN = 256 */
170 		msg = "oversized transmit packet!";
171 		goto out_drop;
172 	}
173 
174 	if (len > sp->mtu) {	/* sp->mtu = AX25_MTU = max. PACLEN = 256 */
175 		msg = "oversized transmit packet!";
176 		goto out_drop;
177 	}
178 
179 	if (p[0] > 5) {
180 		msg = "invalid KISS command";
181 		goto out_drop;
182 	}
183 
184 	if ((p[0] != 0) && (len > 2)) {
185 		msg = "KISS control packet too long";
186 		goto out_drop;
187 	}
188 
189 	if ((p[0] == 0) && (len < 15)) {
190 		msg = "bad AX.25 packet to transmit";
191 		goto out_drop;
192 	}
193 
194 	count = encode_sixpack(p, sp->xbuff, len, sp->tx_delay);
195 	set_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
196 
197 	switch (p[0]) {
198 	case 1:	sp->tx_delay = p[1];
199 		return;
200 	case 2:	sp->persistence = p[1];
201 		return;
202 	case 3:	sp->slottime = p[1];
203 		return;
204 	case 4:	/* ignored */
205 		return;
206 	case 5:	sp->duplex = p[1];
207 		return;
208 	}
209 
210 	if (p[0] != 0)
211 		return;
212 
213 	/*
214 	 * In case of fullduplex or DAMA operation, we don't take care about the
215 	 * state of the DCD or of any timers, as the determination of the
216 	 * correct time to send is the job of the AX.25 layer. We send
217 	 * immediately after data has arrived.
218 	 */
219 	if (sp->duplex == 1) {
220 		sp->led_state = 0x70;
221 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
222 		sp->tx_enable = 1;
223 		actual = sp->tty->ops->write(sp->tty, sp->xbuff, count);
224 		sp->xleft = count - actual;
225 		sp->xhead = sp->xbuff + actual;
226 		sp->led_state = 0x60;
227 		sp->tty->ops->write(sp->tty, &sp->led_state, 1);
228 	} else {
229 		sp->xleft = count;
230 		sp->xhead = sp->xbuff;
231 		sp->status2 = count;
232 		sp_xmit_on_air(&sp->tx_t);
233 	}
234 
235 	return;
236 
237 out_drop:
238 	sp->dev->stats.tx_dropped++;
239 	netif_start_queue(sp->dev);
240 	if (net_ratelimit())
241 		printk(KERN_DEBUG "%s: %s - dropped.\n", sp->dev->name, msg);
242 }
243 
244 /* Encapsulate an IP datagram and kick it into a TTY queue. */
245 
sp_xmit(struct sk_buff * skb,struct net_device * dev)246 static netdev_tx_t sp_xmit(struct sk_buff *skb, struct net_device *dev)
247 {
248 	struct sixpack *sp = netdev_priv(dev);
249 
250 	if (skb->protocol == htons(ETH_P_IP))
251 		return ax25_ip_xmit(skb);
252 
253 	spin_lock_bh(&sp->lock);
254 	/* We were not busy, so we are now... :-) */
255 	netif_stop_queue(dev);
256 	dev->stats.tx_bytes += skb->len;
257 	sp_encaps(sp, skb->data, skb->len);
258 	spin_unlock_bh(&sp->lock);
259 
260 	dev_kfree_skb(skb);
261 
262 	return NETDEV_TX_OK;
263 }
264 
sp_open_dev(struct net_device * dev)265 static int sp_open_dev(struct net_device *dev)
266 {
267 	struct sixpack *sp = netdev_priv(dev);
268 
269 	if (sp->tty == NULL)
270 		return -ENODEV;
271 	return 0;
272 }
273 
274 /* Close the low-level part of the 6pack channel. */
sp_close(struct net_device * dev)275 static int sp_close(struct net_device *dev)
276 {
277 	struct sixpack *sp = netdev_priv(dev);
278 
279 	spin_lock_bh(&sp->lock);
280 	if (sp->tty) {
281 		/* TTY discipline is running. */
282 		clear_bit(TTY_DO_WRITE_WAKEUP, &sp->tty->flags);
283 	}
284 	netif_stop_queue(dev);
285 	spin_unlock_bh(&sp->lock);
286 
287 	return 0;
288 }
289 
sp_set_mac_address(struct net_device * dev,void * addr)290 static int sp_set_mac_address(struct net_device *dev, void *addr)
291 {
292 	struct sockaddr_ax25 *sa = addr;
293 
294 	netif_tx_lock_bh(dev);
295 	netif_addr_lock(dev);
296 	memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
297 	netif_addr_unlock(dev);
298 	netif_tx_unlock_bh(dev);
299 
300 	return 0;
301 }
302 
303 static const struct net_device_ops sp_netdev_ops = {
304 	.ndo_open		= sp_open_dev,
305 	.ndo_stop		= sp_close,
306 	.ndo_start_xmit		= sp_xmit,
307 	.ndo_set_mac_address    = sp_set_mac_address,
308 };
309 
sp_setup(struct net_device * dev)310 static void sp_setup(struct net_device *dev)
311 {
312 	/* Finish setting up the DEVICE info. */
313 	dev->netdev_ops		= &sp_netdev_ops;
314 	dev->needs_free_netdev	= true;
315 	dev->mtu		= SIXP_MTU;
316 	dev->hard_header_len	= AX25_MAX_HEADER_LEN;
317 	dev->header_ops 	= &ax25_header_ops;
318 
319 	dev->addr_len		= AX25_ADDR_LEN;
320 	dev->type		= ARPHRD_AX25;
321 	dev->tx_queue_len	= 10;
322 
323 	/* Only activated in AX.25 mode */
324 	memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
325 	memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
326 
327 	dev->flags		= 0;
328 }
329 
330 /* Send one completely decapsulated IP datagram to the IP layer. */
331 
332 /*
333  * This is the routine that sends the received data to the kernel AX.25.
334  * 'cmd' is the KISS command. For AX.25 data, it is zero.
335  */
336 
sp_bump(struct sixpack * sp,char cmd)337 static void sp_bump(struct sixpack *sp, char cmd)
338 {
339 	struct sk_buff *skb;
340 	int count;
341 	unsigned char *ptr;
342 
343 	count = sp->rcount + 1;
344 
345 	sp->dev->stats.rx_bytes += count;
346 
347 	if ((skb = dev_alloc_skb(count + 1)) == NULL)
348 		goto out_mem;
349 
350 	ptr = skb_put(skb, count + 1);
351 	*ptr++ = cmd;	/* KISS command */
352 
353 	memcpy(ptr, sp->cooked_buf + 1, count);
354 	skb->protocol = ax25_type_trans(skb, sp->dev);
355 	netif_rx(skb);
356 	sp->dev->stats.rx_packets++;
357 
358 	return;
359 
360 out_mem:
361 	sp->dev->stats.rx_dropped++;
362 }
363 
364 
365 /* ----------------------------------------------------------------------- */
366 
367 /*
368  * We have a potential race on dereferencing tty->disc_data, because the tty
369  * layer provides no locking at all - thus one cpu could be running
370  * sixpack_receive_buf while another calls sixpack_close, which zeroes
371  * tty->disc_data and frees the memory that sixpack_receive_buf is using.  The
372  * best way to fix this is to use a rwlock in the tty struct, but for now we
373  * use a single global rwlock for all ttys in ppp line discipline.
374  */
375 static DEFINE_RWLOCK(disc_data_lock);
376 
sp_get(struct tty_struct * tty)377 static struct sixpack *sp_get(struct tty_struct *tty)
378 {
379 	struct sixpack *sp;
380 
381 	read_lock(&disc_data_lock);
382 	sp = tty->disc_data;
383 	if (sp)
384 		refcount_inc(&sp->refcnt);
385 	read_unlock(&disc_data_lock);
386 
387 	return sp;
388 }
389 
sp_put(struct sixpack * sp)390 static void sp_put(struct sixpack *sp)
391 {
392 	if (refcount_dec_and_test(&sp->refcnt))
393 		complete(&sp->dead);
394 }
395 
396 /*
397  * Called by the TTY driver when there's room for more data.  If we have
398  * more packets to send, we send them here.
399  */
sixpack_write_wakeup(struct tty_struct * tty)400 static void sixpack_write_wakeup(struct tty_struct *tty)
401 {
402 	struct sixpack *sp = sp_get(tty);
403 	int actual;
404 
405 	if (!sp)
406 		return;
407 	if (sp->xleft <= 0)  {
408 		/* Now serial buffer is almost free & we can start
409 		 * transmission of another packet */
410 		sp->dev->stats.tx_packets++;
411 		clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
412 		sp->tx_enable = 0;
413 		netif_wake_queue(sp->dev);
414 		goto out;
415 	}
416 
417 	if (sp->tx_enable) {
418 		actual = tty->ops->write(tty, sp->xhead, sp->xleft);
419 		sp->xleft -= actual;
420 		sp->xhead += actual;
421 	}
422 
423 out:
424 	sp_put(sp);
425 }
426 
427 /* ----------------------------------------------------------------------- */
428 
429 /*
430  * Handle the 'receiver data ready' interrupt.
431  * This function is called by the tty module in the kernel when
432  * a block of 6pack data has been received, which can now be decapsulated
433  * and sent on to some IP layer for further processing.
434  */
sixpack_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)435 static void sixpack_receive_buf(struct tty_struct *tty,
436 	const unsigned char *cp, char *fp, int count)
437 {
438 	struct sixpack *sp;
439 	int count1;
440 
441 	if (!count)
442 		return;
443 
444 	sp = sp_get(tty);
445 	if (!sp)
446 		return;
447 
448 	/* Read the characters out of the buffer */
449 	count1 = count;
450 	while (count) {
451 		count--;
452 		if (fp && *fp++) {
453 			if (!test_and_set_bit(SIXPF_ERROR, &sp->flags))
454 				sp->dev->stats.rx_errors++;
455 			continue;
456 		}
457 	}
458 	sixpack_decode(sp, cp, count1);
459 
460 	sp_put(sp);
461 	tty_unthrottle(tty);
462 }
463 
464 /*
465  * Try to resync the TNC. Called by the resync timer defined in
466  * decode_prio_command
467  */
468 
469 #define TNC_UNINITIALIZED	0
470 #define TNC_UNSYNC_STARTUP	1
471 #define TNC_UNSYNCED		2
472 #define TNC_IN_SYNC		3
473 
__tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)474 static void __tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
475 {
476 	char *msg;
477 
478 	switch (new_tnc_state) {
479 	default:			/* gcc oh piece-o-crap ... */
480 	case TNC_UNSYNC_STARTUP:
481 		msg = "Synchronizing with TNC";
482 		break;
483 	case TNC_UNSYNCED:
484 		msg = "Lost synchronization with TNC\n";
485 		break;
486 	case TNC_IN_SYNC:
487 		msg = "Found TNC";
488 		break;
489 	}
490 
491 	sp->tnc_state = new_tnc_state;
492 	printk(KERN_INFO "%s: %s\n", sp->dev->name, msg);
493 }
494 
tnc_set_sync_state(struct sixpack * sp,int new_tnc_state)495 static inline void tnc_set_sync_state(struct sixpack *sp, int new_tnc_state)
496 {
497 	int old_tnc_state = sp->tnc_state;
498 
499 	if (old_tnc_state != new_tnc_state)
500 		__tnc_set_sync_state(sp, new_tnc_state);
501 }
502 
resync_tnc(struct timer_list * t)503 static void resync_tnc(struct timer_list *t)
504 {
505 	struct sixpack *sp = from_timer(sp, t, resync_t);
506 	static char resync_cmd = 0xe8;
507 
508 	/* clear any data that might have been received */
509 
510 	sp->rx_count = 0;
511 	sp->rx_count_cooked = 0;
512 
513 	/* reset state machine */
514 
515 	sp->status = 1;
516 	sp->status1 = 1;
517 	sp->status2 = 0;
518 
519 	/* resync the TNC */
520 
521 	sp->led_state = 0x60;
522 	sp->tty->ops->write(sp->tty, &sp->led_state, 1);
523 	sp->tty->ops->write(sp->tty, &resync_cmd, 1);
524 
525 
526 	/* Start resync timer again -- the TNC might be still absent */
527 	mod_timer(&sp->resync_t, jiffies + SIXP_RESYNC_TIMEOUT);
528 }
529 
tnc_init(struct sixpack * sp)530 static inline int tnc_init(struct sixpack *sp)
531 {
532 	unsigned char inbyte = 0xe8;
533 
534 	tnc_set_sync_state(sp, TNC_UNSYNC_STARTUP);
535 
536 	sp->tty->ops->write(sp->tty, &inbyte, 1);
537 
538 	mod_timer(&sp->resync_t, jiffies + SIXP_RESYNC_TIMEOUT);
539 
540 	return 0;
541 }
542 
543 /*
544  * Open the high-level part of the 6pack channel.
545  * This function is called by the TTY module when the
546  * 6pack line discipline is called for.  Because we are
547  * sure the tty line exists, we only have to link it to
548  * a free 6pcack channel...
549  */
sixpack_open(struct tty_struct * tty)550 static int sixpack_open(struct tty_struct *tty)
551 {
552 	char *rbuff = NULL, *xbuff = NULL;
553 	struct net_device *dev;
554 	struct sixpack *sp;
555 	unsigned long len;
556 	int err = 0;
557 
558 	if (!capable(CAP_NET_ADMIN))
559 		return -EPERM;
560 	if (tty->ops->write == NULL)
561 		return -EOPNOTSUPP;
562 
563 	dev = alloc_netdev(sizeof(struct sixpack), "sp%d", NET_NAME_UNKNOWN,
564 			   sp_setup);
565 	if (!dev) {
566 		err = -ENOMEM;
567 		goto out;
568 	}
569 
570 	sp = netdev_priv(dev);
571 	sp->dev = dev;
572 
573 	spin_lock_init(&sp->lock);
574 	refcount_set(&sp->refcnt, 1);
575 	init_completion(&sp->dead);
576 
577 	/* !!! length of the buffers. MTU is IP MTU, not PACLEN!  */
578 
579 	len = dev->mtu * 2;
580 
581 	rbuff = kmalloc(len + 4, GFP_KERNEL);
582 	xbuff = kmalloc(len + 4, GFP_KERNEL);
583 
584 	if (rbuff == NULL || xbuff == NULL) {
585 		err = -ENOBUFS;
586 		goto out_free;
587 	}
588 
589 	spin_lock_bh(&sp->lock);
590 
591 	sp->tty = tty;
592 
593 	sp->rbuff	= rbuff;
594 	sp->xbuff	= xbuff;
595 
596 	sp->mtu		= AX25_MTU + 73;
597 	sp->buffsize	= len;
598 	sp->rcount	= 0;
599 	sp->rx_count	= 0;
600 	sp->rx_count_cooked = 0;
601 	sp->xleft	= 0;
602 
603 	sp->flags	= 0;		/* Clear ESCAPE & ERROR flags */
604 
605 	sp->duplex	= 0;
606 	sp->tx_delay    = SIXP_TXDELAY;
607 	sp->persistence = SIXP_PERSIST;
608 	sp->slottime    = SIXP_SLOTTIME;
609 	sp->led_state   = 0x60;
610 	sp->status      = 1;
611 	sp->status1     = 1;
612 	sp->status2     = 0;
613 	sp->tx_enable   = 0;
614 
615 	netif_start_queue(dev);
616 
617 	timer_setup(&sp->tx_t, sp_xmit_on_air, 0);
618 
619 	timer_setup(&sp->resync_t, resync_tnc, 0);
620 
621 	spin_unlock_bh(&sp->lock);
622 
623 	/* Done.  We have linked the TTY line to a channel. */
624 	tty->disc_data = sp;
625 	tty->receive_room = 65536;
626 
627 	/* Now we're ready to register. */
628 	err = register_netdev(dev);
629 	if (err)
630 		goto out_free;
631 
632 	tnc_init(sp);
633 
634 	return 0;
635 
636 out_free:
637 	kfree(xbuff);
638 	kfree(rbuff);
639 
640 	free_netdev(dev);
641 
642 out:
643 	return err;
644 }
645 
646 
647 /*
648  * Close down a 6pack channel.
649  * This means flushing out any pending queues, and then restoring the
650  * TTY line discipline to what it was before it got hooked to 6pack
651  * (which usually is TTY again).
652  */
sixpack_close(struct tty_struct * tty)653 static void sixpack_close(struct tty_struct *tty)
654 {
655 	struct sixpack *sp;
656 
657 	write_lock_bh(&disc_data_lock);
658 	sp = tty->disc_data;
659 	tty->disc_data = NULL;
660 	write_unlock_bh(&disc_data_lock);
661 	if (!sp)
662 		return;
663 
664 	/*
665 	 * We have now ensured that nobody can start using ap from now on, but
666 	 * we have to wait for all existing users to finish.
667 	 */
668 	if (!refcount_dec_and_test(&sp->refcnt))
669 		wait_for_completion(&sp->dead);
670 
671 	/* We must stop the queue to avoid potentially scribbling
672 	 * on the free buffers. The sp->dead completion is not sufficient
673 	 * to protect us from sp->xbuff access.
674 	 */
675 	netif_stop_queue(sp->dev);
676 
677 	del_timer_sync(&sp->tx_t);
678 	del_timer_sync(&sp->resync_t);
679 
680 	/* Free all 6pack frame buffers. */
681 	kfree(sp->rbuff);
682 	kfree(sp->xbuff);
683 
684 	unregister_netdev(sp->dev);
685 }
686 
687 /* Perform I/O control on an active 6pack channel. */
sixpack_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)688 static int sixpack_ioctl(struct tty_struct *tty, struct file *file,
689 	unsigned int cmd, unsigned long arg)
690 {
691 	struct sixpack *sp = sp_get(tty);
692 	struct net_device *dev;
693 	unsigned int tmp, err;
694 
695 	if (!sp)
696 		return -ENXIO;
697 	dev = sp->dev;
698 
699 	switch(cmd) {
700 	case SIOCGIFNAME:
701 		err = copy_to_user((void __user *) arg, dev->name,
702 		                   strlen(dev->name) + 1) ? -EFAULT : 0;
703 		break;
704 
705 	case SIOCGIFENCAP:
706 		err = put_user(0, (int __user *) arg);
707 		break;
708 
709 	case SIOCSIFENCAP:
710 		if (get_user(tmp, (int __user *) arg)) {
711 			err = -EFAULT;
712 			break;
713 		}
714 
715 		sp->mode = tmp;
716 		dev->addr_len        = AX25_ADDR_LEN;
717 		dev->hard_header_len = AX25_KISS_HEADER_LEN +
718 		                       AX25_MAX_HEADER_LEN + 3;
719 		dev->type            = ARPHRD_AX25;
720 
721 		err = 0;
722 		break;
723 
724 	 case SIOCSIFHWADDR: {
725 		char addr[AX25_ADDR_LEN];
726 
727 		if (copy_from_user(&addr,
728 		                   (void __user *) arg, AX25_ADDR_LEN)) {
729 				err = -EFAULT;
730 				break;
731 			}
732 
733 			netif_tx_lock_bh(dev);
734 			memcpy(dev->dev_addr, &addr, AX25_ADDR_LEN);
735 			netif_tx_unlock_bh(dev);
736 
737 			err = 0;
738 			break;
739 		}
740 
741 	default:
742 		err = tty_mode_ioctl(tty, file, cmd, arg);
743 	}
744 
745 	sp_put(sp);
746 
747 	return err;
748 }
749 
750 static struct tty_ldisc_ops sp_ldisc = {
751 	.owner		= THIS_MODULE,
752 	.magic		= TTY_LDISC_MAGIC,
753 	.name		= "6pack",
754 	.open		= sixpack_open,
755 	.close		= sixpack_close,
756 	.ioctl		= sixpack_ioctl,
757 	.receive_buf	= sixpack_receive_buf,
758 	.write_wakeup	= sixpack_write_wakeup,
759 };
760 
761 /* Initialize 6pack control device -- register 6pack line discipline */
762 
763 static const char msg_banner[]  __initconst = KERN_INFO \
764 	"AX.25: 6pack driver, " SIXPACK_VERSION "\n";
765 static const char msg_regfail[] __initconst = KERN_ERR  \
766 	"6pack: can't register line discipline (err = %d)\n";
767 
sixpack_init_driver(void)768 static int __init sixpack_init_driver(void)
769 {
770 	int status;
771 
772 	printk(msg_banner);
773 
774 	/* Register the provided line protocol discipline */
775 	if ((status = tty_register_ldisc(N_6PACK, &sp_ldisc)) != 0)
776 		printk(msg_regfail, status);
777 
778 	return status;
779 }
780 
781 static const char msg_unregfail[] = KERN_ERR \
782 	"6pack: can't unregister line discipline (err = %d)\n";
783 
sixpack_exit_driver(void)784 static void __exit sixpack_exit_driver(void)
785 {
786 	int ret;
787 
788 	if ((ret = tty_unregister_ldisc(N_6PACK)))
789 		printk(msg_unregfail, ret);
790 }
791 
792 /* encode an AX.25 packet into 6pack */
793 
encode_sixpack(unsigned char * tx_buf,unsigned char * tx_buf_raw,int length,unsigned char tx_delay)794 static int encode_sixpack(unsigned char *tx_buf, unsigned char *tx_buf_raw,
795 	int length, unsigned char tx_delay)
796 {
797 	int count = 0;
798 	unsigned char checksum = 0, buf[400];
799 	int raw_count = 0;
800 
801 	tx_buf_raw[raw_count++] = SIXP_PRIO_CMD_MASK | SIXP_TX_MASK;
802 	tx_buf_raw[raw_count++] = SIXP_SEOF;
803 
804 	buf[0] = tx_delay;
805 	for (count = 1; count < length; count++)
806 		buf[count] = tx_buf[count];
807 
808 	for (count = 0; count < length; count++)
809 		checksum += buf[count];
810 	buf[length] = (unsigned char) 0xff - checksum;
811 
812 	for (count = 0; count <= length; count++) {
813 		if ((count % 3) == 0) {
814 			tx_buf_raw[raw_count++] = (buf[count] & 0x3f);
815 			tx_buf_raw[raw_count] = ((buf[count] >> 2) & 0x30);
816 		} else if ((count % 3) == 1) {
817 			tx_buf_raw[raw_count++] |= (buf[count] & 0x0f);
818 			tx_buf_raw[raw_count] =	((buf[count] >> 2) & 0x3c);
819 		} else {
820 			tx_buf_raw[raw_count++] |= (buf[count] & 0x03);
821 			tx_buf_raw[raw_count++] = (buf[count] >> 2);
822 		}
823 	}
824 	if ((length % 3) != 2)
825 		raw_count++;
826 	tx_buf_raw[raw_count++] = SIXP_SEOF;
827 	return raw_count;
828 }
829 
830 /* decode 4 sixpack-encoded bytes into 3 data bytes */
831 
decode_data(struct sixpack * sp,unsigned char inbyte)832 static void decode_data(struct sixpack *sp, unsigned char inbyte)
833 {
834 	unsigned char *buf;
835 
836 	if (sp->rx_count != 3) {
837 		sp->raw_buf[sp->rx_count++] = inbyte;
838 
839 		return;
840 	}
841 
842 	buf = sp->raw_buf;
843 	sp->cooked_buf[sp->rx_count_cooked++] =
844 		buf[0] | ((buf[1] << 2) & 0xc0);
845 	sp->cooked_buf[sp->rx_count_cooked++] =
846 		(buf[1] & 0x0f) | ((buf[2] << 2) & 0xf0);
847 	sp->cooked_buf[sp->rx_count_cooked++] =
848 		(buf[2] & 0x03) | (inbyte << 2);
849 	sp->rx_count = 0;
850 }
851 
852 /* identify and execute a 6pack priority command byte */
853 
decode_prio_command(struct sixpack * sp,unsigned char cmd)854 static void decode_prio_command(struct sixpack *sp, unsigned char cmd)
855 {
856 	int actual;
857 
858 	if ((cmd & SIXP_PRIO_DATA_MASK) != 0) {     /* idle ? */
859 
860 	/* RX and DCD flags can only be set in the same prio command,
861 	   if the DCD flag has been set without the RX flag in the previous
862 	   prio command. If DCD has not been set before, something in the
863 	   transmission has gone wrong. In this case, RX and DCD are
864 	   cleared in order to prevent the decode_data routine from
865 	   reading further data that might be corrupt. */
866 
867 		if (((sp->status & SIXP_DCD_MASK) == 0) &&
868 			((cmd & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK)) {
869 				if (sp->status != 1)
870 					printk(KERN_DEBUG "6pack: protocol violation\n");
871 				else
872 					sp->status = 0;
873 				cmd &= ~SIXP_RX_DCD_MASK;
874 		}
875 		sp->status = cmd & SIXP_PRIO_DATA_MASK;
876 	} else { /* output watchdog char if idle */
877 		if ((sp->status2 != 0) && (sp->duplex == 1)) {
878 			sp->led_state = 0x70;
879 			sp->tty->ops->write(sp->tty, &sp->led_state, 1);
880 			sp->tx_enable = 1;
881 			actual = sp->tty->ops->write(sp->tty, sp->xbuff, sp->status2);
882 			sp->xleft -= actual;
883 			sp->xhead += actual;
884 			sp->led_state = 0x60;
885 			sp->status2 = 0;
886 
887 		}
888 	}
889 
890 	/* needed to trigger the TNC watchdog */
891 	sp->tty->ops->write(sp->tty, &sp->led_state, 1);
892 
893         /* if the state byte has been received, the TNC is present,
894            so the resync timer can be reset. */
895 
896 	if (sp->tnc_state == TNC_IN_SYNC)
897 		mod_timer(&sp->resync_t, jiffies + SIXP_INIT_RESYNC_TIMEOUT);
898 
899 	sp->status1 = cmd & SIXP_PRIO_DATA_MASK;
900 }
901 
902 /* identify and execute a standard 6pack command byte */
903 
decode_std_command(struct sixpack * sp,unsigned char cmd)904 static void decode_std_command(struct sixpack *sp, unsigned char cmd)
905 {
906 	unsigned char checksum = 0, rest = 0;
907 	short i;
908 
909 	switch (cmd & SIXP_CMD_MASK) {     /* normal command */
910 	case SIXP_SEOF:
911 		if ((sp->rx_count == 0) && (sp->rx_count_cooked == 0)) {
912 			if ((sp->status & SIXP_RX_DCD_MASK) ==
913 				SIXP_RX_DCD_MASK) {
914 				sp->led_state = 0x68;
915 				sp->tty->ops->write(sp->tty, &sp->led_state, 1);
916 			}
917 		} else {
918 			sp->led_state = 0x60;
919 			/* fill trailing bytes with zeroes */
920 			sp->tty->ops->write(sp->tty, &sp->led_state, 1);
921 			rest = sp->rx_count;
922 			if (rest != 0)
923 				 for (i = rest; i <= 3; i++)
924 					decode_data(sp, 0);
925 			if (rest == 2)
926 				sp->rx_count_cooked -= 2;
927 			else if (rest == 3)
928 				sp->rx_count_cooked -= 1;
929 			for (i = 0; i < sp->rx_count_cooked; i++)
930 				checksum += sp->cooked_buf[i];
931 			if (checksum != SIXP_CHKSUM) {
932 				printk(KERN_DEBUG "6pack: bad checksum %2.2x\n", checksum);
933 			} else {
934 				sp->rcount = sp->rx_count_cooked-2;
935 				sp_bump(sp, 0);
936 			}
937 			sp->rx_count_cooked = 0;
938 		}
939 		break;
940 	case SIXP_TX_URUN: printk(KERN_DEBUG "6pack: TX underrun\n");
941 		break;
942 	case SIXP_RX_ORUN: printk(KERN_DEBUG "6pack: RX overrun\n");
943 		break;
944 	case SIXP_RX_BUF_OVL:
945 		printk(KERN_DEBUG "6pack: RX buffer overflow\n");
946 	}
947 }
948 
949 /* decode a 6pack packet */
950 
951 static void
sixpack_decode(struct sixpack * sp,const unsigned char * pre_rbuff,int count)952 sixpack_decode(struct sixpack *sp, const unsigned char *pre_rbuff, int count)
953 {
954 	unsigned char inbyte;
955 	int count1;
956 
957 	for (count1 = 0; count1 < count; count1++) {
958 		inbyte = pre_rbuff[count1];
959 		if (inbyte == SIXP_FOUND_TNC) {
960 			tnc_set_sync_state(sp, TNC_IN_SYNC);
961 			del_timer(&sp->resync_t);
962 		}
963 		if ((inbyte & SIXP_PRIO_CMD_MASK) != 0)
964 			decode_prio_command(sp, inbyte);
965 		else if ((inbyte & SIXP_STD_CMD_MASK) != 0)
966 			decode_std_command(sp, inbyte);
967 		else if ((sp->status & SIXP_RX_DCD_MASK) == SIXP_RX_DCD_MASK)
968 			decode_data(sp, inbyte);
969 	}
970 }
971 
972 MODULE_AUTHOR("Ralf Baechle DO1GRB <ralf@linux-mips.org>");
973 MODULE_DESCRIPTION("6pack driver for AX.25");
974 MODULE_LICENSE("GPL");
975 MODULE_ALIAS_LDISC(N_6PACK);
976 
977 module_init(sixpack_init_driver);
978 module_exit(sixpack_exit_driver);
979