1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * Outgoing path:
9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc
10 * control message -> GSM MUX control queue --´
11 *
12 * Incoming path:
13 * ldisc -> gsm_queue() -o--> tty
14 * `-> gsm_control_response()
15 *
16 * TO DO:
17 * Mostly done: ioctls for setting modes/timing
18 * Partly done: hooks so you can pull off frames to non tty devs
19 * Restart DLCI 0 when it closes ?
20 * Improve the tx engine
21 * Resolve tx side locking by adding a queue_head and routing
22 * all control traffic via it
23 * General tidy/document
24 * Review the locking/move to refcounts more (mux now moved to an
25 * alloc/free model ready)
26 * Use newest tty open/close port helpers and install hooks
27 * What to do about power functions ?
28 * Termios setting and negotiation
29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
30 *
31 */
32
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched/signal.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/ctype.h>
42 #include <linux/mm.h>
43 #include <linux/string.h>
44 #include <linux/slab.h>
45 #include <linux/poll.h>
46 #include <linux/bitops.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/timer.h>
51 #include <linux/tty_flip.h>
52 #include <linux/tty_driver.h>
53 #include <linux/serial.h>
54 #include <linux/kfifo.h>
55 #include <linux/skbuff.h>
56 #include <net/arp.h>
57 #include <linux/ip.h>
58 #include <linux/netdevice.h>
59 #include <linux/etherdevice.h>
60 #include <linux/gsmmux.h>
61 #include "tty.h"
62
63 static int debug;
64 module_param(debug, int, 0600);
65
66 /* Module debug bits */
67 #define DBG_DUMP BIT(0) /* Data transmission dump. */
68 #define DBG_CD_ON BIT(1) /* Always assume CD line on. */
69 #define DBG_DATA BIT(2) /* Data transmission details. */
70 #define DBG_ERRORS BIT(3) /* Details for fail conditions. */
71 #define DBG_TTY BIT(4) /* Transmission statistics for DLCI TTYs. */
72 #define DBG_PAYLOAD BIT(5) /* Limits DBG_DUMP to payload frames. */
73
74 /* Defaults: these are from the specification */
75
76 #define T1 10 /* 100mS */
77 #define T2 34 /* 333mS */
78 #define N2 3 /* Retry 3 times */
79
80 /* Use long timers for testing at low speed with debug on */
81 #ifdef DEBUG_TIMING
82 #define T1 100
83 #define T2 200
84 #endif
85
86 /*
87 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
88 * limits so this is plenty
89 */
90 #define MAX_MRU 1500
91 #define MAX_MTU 1500
92 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
93 #define PROT_OVERHEAD 7
94 #define GSM_NET_TX_TIMEOUT (HZ*10)
95
96 /*
97 * struct gsm_mux_net - network interface
98 *
99 * Created when net interface is initialized.
100 */
101 struct gsm_mux_net {
102 struct kref ref;
103 struct gsm_dlci *dlci;
104 };
105
106 /*
107 * Each block of data we have queued to go out is in the form of
108 * a gsm_msg which holds everything we need in a link layer independent
109 * format
110 */
111
112 struct gsm_msg {
113 struct list_head list;
114 u8 addr; /* DLCI address + flags */
115 u8 ctrl; /* Control byte + flags */
116 unsigned int len; /* Length of data block (can be zero) */
117 unsigned char *data; /* Points into buffer but not at the start */
118 unsigned char buffer[];
119 };
120
121 enum gsm_dlci_state {
122 DLCI_CLOSED,
123 DLCI_OPENING, /* Sending SABM not seen UA */
124 DLCI_OPEN, /* SABM/UA complete */
125 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
126 };
127
128 enum gsm_dlci_mode {
129 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
130 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
131 };
132
133 /*
134 * Each active data link has a gsm_dlci structure associated which ties
135 * the link layer to an optional tty (if the tty side is open). To avoid
136 * complexity right now these are only ever freed up when the mux is
137 * shut down.
138 *
139 * At the moment we don't free DLCI objects until the mux is torn down
140 * this avoid object life time issues but might be worth review later.
141 */
142
143 struct gsm_dlci {
144 struct gsm_mux *gsm;
145 int addr;
146 enum gsm_dlci_state state;
147 struct mutex mutex;
148
149 /* Link layer */
150 enum gsm_dlci_mode mode;
151 spinlock_t lock; /* Protects the internal state */
152 struct timer_list t1; /* Retransmit timer for SABM and UA */
153 int retries;
154 /* Uplink tty if active */
155 struct tty_port port; /* The tty bound to this DLCI if there is one */
156 #define TX_SIZE 4096 /* Must be power of 2. */
157 struct kfifo fifo; /* Queue fifo for the DLCI */
158 int adaption; /* Adaption layer in use */
159 int prev_adaption;
160 u32 modem_rx; /* Our incoming virtual modem lines */
161 u32 modem_tx; /* Our outgoing modem lines */
162 bool dead; /* Refuse re-open */
163 /* Flow control */
164 bool throttled; /* Private copy of throttle state */
165 bool constipated; /* Throttle status for outgoing */
166 /* Packetised I/O */
167 struct sk_buff *skb; /* Frame being sent */
168 struct sk_buff_head skb_list; /* Queued frames */
169 /* Data handling callback */
170 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
171 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
172 struct net_device *net; /* network interface, if created */
173 };
174
175 /* Total number of supported devices */
176 #define GSM_TTY_MINORS 256
177
178 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
179
180 #define NUM_DLCI 64
181
182 /*
183 * DLCI 0 is used to pass control blocks out of band of the data
184 * flow (and with a higher link priority). One command can be outstanding
185 * at a time and we use this structure to manage them. They are created
186 * and destroyed by the user context, and updated by the receive paths
187 * and timers
188 */
189
190 struct gsm_control {
191 u8 cmd; /* Command we are issuing */
192 u8 *data; /* Data for the command in case we retransmit */
193 int len; /* Length of block for retransmission */
194 int done; /* Done flag */
195 int error; /* Error if any */
196 };
197
198 enum gsm_encoding {
199 GSM_BASIC_OPT,
200 GSM_ADV_OPT,
201 };
202
203 enum gsm_mux_state {
204 GSM_SEARCH,
205 GSM_START,
206 GSM_ADDRESS,
207 GSM_CONTROL,
208 GSM_LEN,
209 GSM_DATA,
210 GSM_FCS,
211 GSM_OVERRUN,
212 GSM_LEN0,
213 GSM_LEN1,
214 GSM_SSOF,
215 };
216
217 /*
218 * Each GSM mux we have is represented by this structure. If we are
219 * operating as an ldisc then we use this structure as our ldisc
220 * state. We need to sort out lifetimes and locking with respect
221 * to the gsm mux array. For now we don't free DLCI objects that
222 * have been instantiated until the mux itself is terminated.
223 *
224 * To consider further: tty open versus mux shutdown.
225 */
226
227 struct gsm_mux {
228 struct tty_struct *tty; /* The tty our ldisc is bound to */
229 spinlock_t lock;
230 struct mutex mutex;
231 unsigned int num;
232 struct kref ref;
233
234 /* Events on the GSM channel */
235 wait_queue_head_t event;
236
237 /* ldisc send work */
238 struct work_struct tx_work;
239
240 /* Bits for GSM mode decoding */
241
242 /* Framing Layer */
243 unsigned char *buf;
244 enum gsm_mux_state state;
245 unsigned int len;
246 unsigned int address;
247 unsigned int count;
248 bool escape;
249 enum gsm_encoding encoding;
250 u8 control;
251 u8 fcs;
252 u8 *txframe; /* TX framing buffer */
253
254 /* Method for the receiver side */
255 void (*receive)(struct gsm_mux *gsm, u8 ch);
256
257 /* Link Layer */
258 unsigned int mru;
259 unsigned int mtu;
260 int initiator; /* Did we initiate connection */
261 bool dead; /* Has the mux been shut down */
262 struct gsm_dlci *dlci[NUM_DLCI];
263 int old_c_iflag; /* termios c_iflag value before attach */
264 bool constipated; /* Asked by remote to shut up */
265 bool has_devices; /* Devices were registered */
266
267 spinlock_t tx_lock;
268 unsigned int tx_bytes; /* TX data outstanding */
269 #define TX_THRESH_HI 8192
270 #define TX_THRESH_LO 2048
271 struct list_head tx_ctrl_list; /* Pending control packets */
272 struct list_head tx_data_list; /* Pending data packets */
273
274 /* Control messages */
275 struct timer_list kick_timer; /* Kick TX queuing on timeout */
276 struct timer_list t2_timer; /* Retransmit timer for commands */
277 int cretries; /* Command retry counter */
278 struct gsm_control *pending_cmd;/* Our current pending command */
279 spinlock_t control_lock; /* Protects the pending command */
280
281 /* Configuration */
282 int adaption; /* 1 or 2 supported */
283 u8 ftype; /* UI or UIH */
284 int t1, t2; /* Timers in 1/100th of a sec */
285 int n2; /* Retry count */
286
287 /* Statistics (not currently exposed) */
288 unsigned long bad_fcs;
289 unsigned long malformed;
290 unsigned long io_error;
291 unsigned long bad_size;
292 unsigned long unsupported;
293 };
294
295
296 /*
297 * Mux objects - needed so that we can translate a tty index into the
298 * relevant mux and DLCI.
299 */
300
301 #define MAX_MUX 4 /* 256 minors */
302 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
303 static DEFINE_SPINLOCK(gsm_mux_lock);
304
305 static struct tty_driver *gsm_tty_driver;
306
307 /*
308 * This section of the driver logic implements the GSM encodings
309 * both the basic and the 'advanced'. Reliable transport is not
310 * supported.
311 */
312
313 #define CR 0x02
314 #define EA 0x01
315 #define PF 0x10
316
317 /* I is special: the rest are ..*/
318 #define RR 0x01
319 #define UI 0x03
320 #define RNR 0x05
321 #define REJ 0x09
322 #define DM 0x0F
323 #define SABM 0x2F
324 #define DISC 0x43
325 #define UA 0x63
326 #define UIH 0xEF
327
328 /* Channel commands */
329 #define CMD_NSC 0x09
330 #define CMD_TEST 0x11
331 #define CMD_PSC 0x21
332 #define CMD_RLS 0x29
333 #define CMD_FCOFF 0x31
334 #define CMD_PN 0x41
335 #define CMD_RPN 0x49
336 #define CMD_FCON 0x51
337 #define CMD_CLD 0x61
338 #define CMD_SNC 0x69
339 #define CMD_MSC 0x71
340
341 /* Virtual modem bits */
342 #define MDM_FC 0x01
343 #define MDM_RTC 0x02
344 #define MDM_RTR 0x04
345 #define MDM_IC 0x20
346 #define MDM_DV 0x40
347
348 #define GSM0_SOF 0xF9
349 #define GSM1_SOF 0x7E
350 #define GSM1_ESCAPE 0x7D
351 #define GSM1_ESCAPE_BITS 0x20
352 #define XON 0x11
353 #define XOFF 0x13
354 #define ISO_IEC_646_MASK 0x7F
355
356 static const struct tty_port_operations gsm_port_ops;
357
358 /*
359 * CRC table for GSM 0710
360 */
361
362 static const u8 gsm_fcs8[256] = {
363 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
364 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
365 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
366 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
367 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
368 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
369 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
370 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
371 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
372 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
373 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
374 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
375 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
376 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
377 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
378 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
379 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
380 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
381 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
382 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
383 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
384 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
385 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
386 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
387 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
388 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
389 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
390 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
391 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
392 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
393 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
394 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
395 };
396
397 #define INIT_FCS 0xFF
398 #define GOOD_FCS 0xCF
399
400 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
401 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
402 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
403 u8 ctrl);
404 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
405 static void gsmld_write_trigger(struct gsm_mux *gsm);
406 static void gsmld_write_task(struct work_struct *work);
407
408 /**
409 * gsm_fcs_add - update FCS
410 * @fcs: Current FCS
411 * @c: Next data
412 *
413 * Update the FCS to include c. Uses the algorithm in the specification
414 * notes.
415 */
416
gsm_fcs_add(u8 fcs,u8 c)417 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
418 {
419 return gsm_fcs8[fcs ^ c];
420 }
421
422 /**
423 * gsm_fcs_add_block - update FCS for a block
424 * @fcs: Current FCS
425 * @c: buffer of data
426 * @len: length of buffer
427 *
428 * Update the FCS to include c. Uses the algorithm in the specification
429 * notes.
430 */
431
gsm_fcs_add_block(u8 fcs,u8 * c,int len)432 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
433 {
434 while (len--)
435 fcs = gsm_fcs8[fcs ^ *c++];
436 return fcs;
437 }
438
439 /**
440 * gsm_read_ea - read a byte into an EA
441 * @val: variable holding value
442 * @c: byte going into the EA
443 *
444 * Processes one byte of an EA. Updates the passed variable
445 * and returns 1 if the EA is now completely read
446 */
447
gsm_read_ea(unsigned int * val,u8 c)448 static int gsm_read_ea(unsigned int *val, u8 c)
449 {
450 /* Add the next 7 bits into the value */
451 *val <<= 7;
452 *val |= c >> 1;
453 /* Was this the last byte of the EA 1 = yes*/
454 return c & EA;
455 }
456
457 /**
458 * gsm_read_ea_val - read a value until EA
459 * @val: variable holding value
460 * @data: buffer of data
461 * @dlen: length of data
462 *
463 * Processes an EA value. Updates the passed variable and
464 * returns the processed data length.
465 */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)466 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
467 {
468 unsigned int len = 0;
469
470 for (; dlen > 0; dlen--) {
471 len++;
472 if (gsm_read_ea(val, *data++))
473 break;
474 }
475 return len;
476 }
477
478 /**
479 * gsm_encode_modem - encode modem data bits
480 * @dlci: DLCI to encode from
481 *
482 * Returns the correct GSM encoded modem status bits (6 bit field) for
483 * the current status of the DLCI and attached tty object
484 */
485
gsm_encode_modem(const struct gsm_dlci * dlci)486 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
487 {
488 u8 modembits = 0;
489 /* FC is true flow control not modem bits */
490 if (dlci->throttled)
491 modembits |= MDM_FC;
492 if (dlci->modem_tx & TIOCM_DTR)
493 modembits |= MDM_RTC;
494 if (dlci->modem_tx & TIOCM_RTS)
495 modembits |= MDM_RTR;
496 if (dlci->modem_tx & TIOCM_RI)
497 modembits |= MDM_IC;
498 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
499 modembits |= MDM_DV;
500 return modembits;
501 }
502
gsm_hex_dump_bytes(const char * fname,const u8 * data,unsigned long len)503 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
504 unsigned long len)
505 {
506 char *prefix;
507
508 if (!fname) {
509 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
510 true);
511 return;
512 }
513
514 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
515 if (!prefix)
516 return;
517 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
518 true);
519 kfree(prefix);
520 }
521
522 /**
523 * gsm_register_devices - register all tty devices for a given mux index
524 *
525 * @driver: the tty driver that describes the tty devices
526 * @index: the mux number is used to calculate the minor numbers of the
527 * ttys for this mux and may differ from the position in the
528 * mux array.
529 */
gsm_register_devices(struct tty_driver * driver,unsigned int index)530 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
531 {
532 struct device *dev;
533 int i;
534 unsigned int base;
535
536 if (!driver || index >= MAX_MUX)
537 return -EINVAL;
538
539 base = index * NUM_DLCI; /* first minor for this index */
540 for (i = 1; i < NUM_DLCI; i++) {
541 /* Don't register device 0 - this is the control channel
542 * and not a usable tty interface
543 */
544 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
545 if (IS_ERR(dev)) {
546 if (debug & DBG_ERRORS)
547 pr_info("%s failed to register device minor %u",
548 __func__, base + i);
549 for (i--; i >= 1; i--)
550 tty_unregister_device(gsm_tty_driver, base + i);
551 return PTR_ERR(dev);
552 }
553 }
554
555 return 0;
556 }
557
558 /**
559 * gsm_unregister_devices - unregister all tty devices for a given mux index
560 *
561 * @driver: the tty driver that describes the tty devices
562 * @index: the mux number is used to calculate the minor numbers of the
563 * ttys for this mux and may differ from the position in the
564 * mux array.
565 */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)566 static void gsm_unregister_devices(struct tty_driver *driver,
567 unsigned int index)
568 {
569 int i;
570 unsigned int base;
571
572 if (!driver || index >= MAX_MUX)
573 return;
574
575 base = index * NUM_DLCI; /* first minor for this index */
576 for (i = 1; i < NUM_DLCI; i++) {
577 /* Don't unregister device 0 - this is the control
578 * channel and not a usable tty interface
579 */
580 tty_unregister_device(gsm_tty_driver, base + i);
581 }
582 }
583
584 /**
585 * gsm_print_packet - display a frame for debug
586 * @hdr: header to print before decode
587 * @addr: address EA from the frame
588 * @cr: C/R bit seen as initiator
589 * @control: control including PF bit
590 * @data: following data bytes
591 * @dlen: length of data
592 *
593 * Displays a packet in human readable format for debugging purposes. The
594 * style is based on amateur radio LAP-B dump display.
595 */
596
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)597 static void gsm_print_packet(const char *hdr, int addr, int cr,
598 u8 control, const u8 *data, int dlen)
599 {
600 if (!(debug & DBG_DUMP))
601 return;
602 /* Only show user payload frames if debug & DBG_PAYLOAD */
603 if (!(debug & DBG_PAYLOAD) && addr != 0)
604 if ((control & ~PF) == UI || (control & ~PF) == UIH)
605 return;
606
607 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
608
609 switch (control & ~PF) {
610 case SABM:
611 pr_cont("SABM");
612 break;
613 case UA:
614 pr_cont("UA");
615 break;
616 case DISC:
617 pr_cont("DISC");
618 break;
619 case DM:
620 pr_cont("DM");
621 break;
622 case UI:
623 pr_cont("UI");
624 break;
625 case UIH:
626 pr_cont("UIH");
627 break;
628 default:
629 if (!(control & 0x01)) {
630 pr_cont("I N(S)%d N(R)%d",
631 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
632 } else switch (control & 0x0F) {
633 case RR:
634 pr_cont("RR(%d)", (control & 0xE0) >> 5);
635 break;
636 case RNR:
637 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
638 break;
639 case REJ:
640 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
641 break;
642 default:
643 pr_cont("[%02X]", control);
644 }
645 }
646
647 if (control & PF)
648 pr_cont("(P)");
649 else
650 pr_cont("(F)");
651
652 gsm_hex_dump_bytes(NULL, data, dlen);
653 }
654
655
656 /*
657 * Link level transmission side
658 */
659
660 /**
661 * gsm_stuff_frame - bytestuff a packet
662 * @input: input buffer
663 * @output: output buffer
664 * @len: length of input
665 *
666 * Expand a buffer by bytestuffing it. The worst case size change
667 * is doubling and the caller is responsible for handing out
668 * suitable sized buffers.
669 */
670
gsm_stuff_frame(const u8 * input,u8 * output,int len)671 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
672 {
673 int olen = 0;
674 while (len--) {
675 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
676 || (*input & ISO_IEC_646_MASK) == XON
677 || (*input & ISO_IEC_646_MASK) == XOFF) {
678 *output++ = GSM1_ESCAPE;
679 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
680 olen++;
681 } else
682 *output++ = *input++;
683 olen++;
684 }
685 return olen;
686 }
687
688 /**
689 * gsm_send - send a control frame
690 * @gsm: our GSM mux
691 * @addr: address for control frame
692 * @cr: command/response bit seen as initiator
693 * @control: control byte including PF bit
694 *
695 * Format up and transmit a control frame. These should be transmitted
696 * ahead of data when they are needed.
697 */
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)698 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
699 {
700 struct gsm_msg *msg;
701 u8 *dp;
702 int ocr;
703 unsigned long flags;
704
705 msg = gsm_data_alloc(gsm, addr, 0, control);
706 if (!msg)
707 return -ENOMEM;
708
709 /* toggle C/R coding if not initiator */
710 ocr = cr ^ (gsm->initiator ? 0 : 1);
711
712 msg->data -= 3;
713 dp = msg->data;
714 *dp++ = (addr << 2) | (ocr << 1) | EA;
715 *dp++ = control;
716
717 if (gsm->encoding == GSM_BASIC_OPT)
718 *dp++ = EA; /* Length of data = 0 */
719
720 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
721 msg->len = (dp - msg->data) + 1;
722
723 gsm_print_packet("Q->", addr, cr, control, NULL, 0);
724
725 spin_lock_irqsave(&gsm->tx_lock, flags);
726 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
727 gsm->tx_bytes += msg->len;
728 spin_unlock_irqrestore(&gsm->tx_lock, flags);
729 gsmld_write_trigger(gsm);
730
731 return 0;
732 }
733
734 /**
735 * gsm_dlci_clear_queues - remove outstanding data for a DLCI
736 * @gsm: mux
737 * @dlci: clear for this DLCI
738 *
739 * Clears the data queues for a given DLCI.
740 */
gsm_dlci_clear_queues(struct gsm_mux * gsm,struct gsm_dlci * dlci)741 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
742 {
743 struct gsm_msg *msg, *nmsg;
744 int addr = dlci->addr;
745 unsigned long flags;
746
747 /* Clear DLCI write fifo first */
748 spin_lock_irqsave(&dlci->lock, flags);
749 kfifo_reset(&dlci->fifo);
750 spin_unlock_irqrestore(&dlci->lock, flags);
751
752 /* Clear data packets in MUX write queue */
753 spin_lock_irqsave(&gsm->tx_lock, flags);
754 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
755 if (msg->addr != addr)
756 continue;
757 gsm->tx_bytes -= msg->len;
758 list_del(&msg->list);
759 kfree(msg);
760 }
761 spin_unlock_irqrestore(&gsm->tx_lock, flags);
762 }
763
764 /**
765 * gsm_response - send a control response
766 * @gsm: our GSM mux
767 * @addr: address for control frame
768 * @control: control byte including PF bit
769 *
770 * Format up and transmit a link level response frame.
771 */
772
gsm_response(struct gsm_mux * gsm,int addr,int control)773 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
774 {
775 gsm_send(gsm, addr, 0, control);
776 }
777
778 /**
779 * gsm_command - send a control command
780 * @gsm: our GSM mux
781 * @addr: address for control frame
782 * @control: control byte including PF bit
783 *
784 * Format up and transmit a link level command frame.
785 */
786
gsm_command(struct gsm_mux * gsm,int addr,int control)787 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
788 {
789 gsm_send(gsm, addr, 1, control);
790 }
791
792 /* Data transmission */
793
794 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
795
796 /**
797 * gsm_data_alloc - allocate data frame
798 * @gsm: GSM mux
799 * @addr: DLCI address
800 * @len: length excluding header and FCS
801 * @ctrl: control byte
802 *
803 * Allocate a new data buffer for sending frames with data. Space is left
804 * at the front for header bytes but that is treated as an implementation
805 * detail and not for the high level code to use
806 */
807
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)808 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
809 u8 ctrl)
810 {
811 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
812 GFP_ATOMIC);
813 if (m == NULL)
814 return NULL;
815 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
816 m->len = len;
817 m->addr = addr;
818 m->ctrl = ctrl;
819 INIT_LIST_HEAD(&m->list);
820 return m;
821 }
822
823 /**
824 * gsm_send_packet - sends a single packet
825 * @gsm: GSM Mux
826 * @msg: packet to send
827 *
828 * The given packet is encoded and sent out. No memory is freed.
829 * The caller must hold the gsm tx lock.
830 */
gsm_send_packet(struct gsm_mux * gsm,struct gsm_msg * msg)831 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
832 {
833 int len, ret;
834
835
836 if (gsm->encoding == GSM_BASIC_OPT) {
837 gsm->txframe[0] = GSM0_SOF;
838 memcpy(gsm->txframe + 1, msg->data, msg->len);
839 gsm->txframe[msg->len + 1] = GSM0_SOF;
840 len = msg->len + 2;
841 } else {
842 gsm->txframe[0] = GSM1_SOF;
843 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
844 gsm->txframe[len + 1] = GSM1_SOF;
845 len += 2;
846 }
847
848 if (debug & DBG_DATA)
849 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
850 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
851 msg->len);
852
853 ret = gsmld_output(gsm, gsm->txframe, len);
854 if (ret <= 0)
855 return ret;
856 /* FIXME: Can eliminate one SOF in many more cases */
857 gsm->tx_bytes -= msg->len;
858
859 return 0;
860 }
861
862 /**
863 * gsm_is_flow_ctrl_msg - checks if flow control message
864 * @msg: message to check
865 *
866 * Returns true if the given message is a flow control command of the
867 * control channel. False is returned in any other case.
868 */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)869 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
870 {
871 unsigned int cmd;
872
873 if (msg->addr > 0)
874 return false;
875
876 switch (msg->ctrl & ~PF) {
877 case UI:
878 case UIH:
879 cmd = 0;
880 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
881 break;
882 switch (cmd & ~PF) {
883 case CMD_FCOFF:
884 case CMD_FCON:
885 return true;
886 }
887 break;
888 }
889
890 return false;
891 }
892
893 /**
894 * gsm_data_kick - poke the queue
895 * @gsm: GSM Mux
896 *
897 * The tty device has called us to indicate that room has appeared in
898 * the transmit queue. Ram more data into the pipe if we have any.
899 * If we have been flow-stopped by a CMD_FCOFF, then we can only
900 * send messages on DLCI0 until CMD_FCON. The caller must hold
901 * the gsm tx lock.
902 */
gsm_data_kick(struct gsm_mux * gsm)903 static int gsm_data_kick(struct gsm_mux *gsm)
904 {
905 struct gsm_msg *msg, *nmsg;
906 struct gsm_dlci *dlci;
907 int ret;
908
909 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
910
911 /* Serialize control messages and control channel messages first */
912 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
913 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
914 continue;
915 ret = gsm_send_packet(gsm, msg);
916 switch (ret) {
917 case -ENOSPC:
918 return -ENOSPC;
919 case -ENODEV:
920 /* ldisc not open */
921 gsm->tx_bytes -= msg->len;
922 list_del(&msg->list);
923 kfree(msg);
924 continue;
925 default:
926 if (ret >= 0) {
927 list_del(&msg->list);
928 kfree(msg);
929 }
930 break;
931 }
932 }
933
934 if (gsm->constipated)
935 return -EAGAIN;
936
937 /* Serialize other channels */
938 if (list_empty(&gsm->tx_data_list))
939 return 0;
940 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
941 dlci = gsm->dlci[msg->addr];
942 /* Send only messages for DLCIs with valid state */
943 if (dlci->state != DLCI_OPEN) {
944 gsm->tx_bytes -= msg->len;
945 list_del(&msg->list);
946 kfree(msg);
947 continue;
948 }
949 ret = gsm_send_packet(gsm, msg);
950 switch (ret) {
951 case -ENOSPC:
952 return -ENOSPC;
953 case -ENODEV:
954 /* ldisc not open */
955 gsm->tx_bytes -= msg->len;
956 list_del(&msg->list);
957 kfree(msg);
958 continue;
959 default:
960 if (ret >= 0) {
961 list_del(&msg->list);
962 kfree(msg);
963 }
964 break;
965 }
966 }
967
968 return 1;
969 }
970
971 /**
972 * __gsm_data_queue - queue a UI or UIH frame
973 * @dlci: DLCI sending the data
974 * @msg: message queued
975 *
976 * Add data to the transmit queue and try and get stuff moving
977 * out of the mux tty if not already doing so. The Caller must hold
978 * the gsm tx lock.
979 */
980
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)981 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
982 {
983 struct gsm_mux *gsm = dlci->gsm;
984 u8 *dp = msg->data;
985 u8 *fcs = dp + msg->len;
986
987 /* Fill in the header */
988 if (gsm->encoding == GSM_BASIC_OPT) {
989 if (msg->len < 128)
990 *--dp = (msg->len << 1) | EA;
991 else {
992 *--dp = (msg->len >> 7); /* bits 7 - 15 */
993 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
994 }
995 }
996
997 *--dp = msg->ctrl;
998 if (gsm->initiator)
999 *--dp = (msg->addr << 2) | CR | EA;
1000 else
1001 *--dp = (msg->addr << 2) | EA;
1002 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
1003 /* Ugly protocol layering violation */
1004 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
1005 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
1006 *fcs = 0xFF - *fcs;
1007
1008 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
1009 msg->data, msg->len);
1010
1011 /* Move the header back and adjust the length, also allow for the FCS
1012 now tacked on the end */
1013 msg->len += (msg->data - dp) + 1;
1014 msg->data = dp;
1015
1016 /* Add to the actual output queue */
1017 switch (msg->ctrl & ~PF) {
1018 case UI:
1019 case UIH:
1020 if (msg->addr > 0) {
1021 list_add_tail(&msg->list, &gsm->tx_data_list);
1022 break;
1023 }
1024 fallthrough;
1025 default:
1026 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1027 break;
1028 }
1029 gsm->tx_bytes += msg->len;
1030
1031 gsmld_write_trigger(gsm);
1032 mod_timer(&gsm->kick_timer, jiffies + 10 * gsm->t1 * HZ / 100);
1033 }
1034
1035 /**
1036 * gsm_data_queue - queue a UI or UIH frame
1037 * @dlci: DLCI sending the data
1038 * @msg: message queued
1039 *
1040 * Add data to the transmit queue and try and get stuff moving
1041 * out of the mux tty if not already doing so. Take the
1042 * the gsm tx lock and dlci lock.
1043 */
1044
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1045 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1046 {
1047 unsigned long flags;
1048 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1049 __gsm_data_queue(dlci, msg);
1050 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1051 }
1052
1053 /**
1054 * gsm_dlci_data_output - try and push data out of a DLCI
1055 * @gsm: mux
1056 * @dlci: the DLCI to pull data from
1057 *
1058 * Pull data from a DLCI and send it into the transmit queue if there
1059 * is data. Keep to the MRU of the mux. This path handles the usual tty
1060 * interface which is a byte stream with optional modem data.
1061 *
1062 * Caller must hold the tx_lock of the mux.
1063 */
1064
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)1065 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1066 {
1067 struct gsm_msg *msg;
1068 u8 *dp;
1069 int h, len, size;
1070
1071 /* for modem bits without break data */
1072 h = ((dlci->adaption == 1) ? 0 : 1);
1073
1074 len = kfifo_len(&dlci->fifo);
1075 if (len == 0)
1076 return 0;
1077
1078 /* MTU/MRU count only the data bits but watch adaption mode */
1079 if ((len + h) > gsm->mtu)
1080 len = gsm->mtu - h;
1081
1082 size = len + h;
1083
1084 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1085 if (!msg)
1086 return -ENOMEM;
1087 dp = msg->data;
1088 switch (dlci->adaption) {
1089 case 1: /* Unstructured */
1090 break;
1091 case 2: /* Unstructured with modem bits.
1092 * Always one byte as we never send inline break data
1093 */
1094 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1095 break;
1096 default:
1097 pr_err("%s: unsupported adaption %d\n", __func__,
1098 dlci->adaption);
1099 break;
1100 }
1101
1102 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1103 &dlci->lock));
1104
1105 /* Notify upper layer about available send space. */
1106 tty_port_tty_wakeup(&dlci->port);
1107
1108 __gsm_data_queue(dlci, msg);
1109 /* Bytes of data we used up */
1110 return size;
1111 }
1112
1113 /**
1114 * gsm_dlci_data_output_framed - try and push data out of a DLCI
1115 * @gsm: mux
1116 * @dlci: the DLCI to pull data from
1117 *
1118 * Pull data from a DLCI and send it into the transmit queue if there
1119 * is data. Keep to the MRU of the mux. This path handles framed data
1120 * queued as skbuffs to the DLCI.
1121 *
1122 * Caller must hold the tx_lock of the mux.
1123 */
1124
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)1125 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1126 struct gsm_dlci *dlci)
1127 {
1128 struct gsm_msg *msg;
1129 u8 *dp;
1130 int len, size;
1131 int last = 0, first = 0;
1132 int overhead = 0;
1133
1134 /* One byte per frame is used for B/F flags */
1135 if (dlci->adaption == 4)
1136 overhead = 1;
1137
1138 /* dlci->skb is locked by tx_lock */
1139 if (dlci->skb == NULL) {
1140 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
1141 if (dlci->skb == NULL)
1142 return 0;
1143 first = 1;
1144 }
1145 len = dlci->skb->len + overhead;
1146
1147 /* MTU/MRU count only the data bits */
1148 if (len > gsm->mtu) {
1149 if (dlci->adaption == 3) {
1150 /* Over long frame, bin it */
1151 dev_kfree_skb_any(dlci->skb);
1152 dlci->skb = NULL;
1153 return 0;
1154 }
1155 len = gsm->mtu;
1156 } else
1157 last = 1;
1158
1159 size = len + overhead;
1160 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1161 if (msg == NULL) {
1162 skb_queue_tail(&dlci->skb_list, dlci->skb);
1163 dlci->skb = NULL;
1164 return -ENOMEM;
1165 }
1166 dp = msg->data;
1167
1168 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1169 /* Flag byte to carry the start/end info */
1170 *dp++ = last << 7 | first << 6 | 1; /* EA */
1171 len--;
1172 }
1173 memcpy(dp, dlci->skb->data, len);
1174 skb_pull(dlci->skb, len);
1175 __gsm_data_queue(dlci, msg);
1176 if (last) {
1177 dev_kfree_skb_any(dlci->skb);
1178 dlci->skb = NULL;
1179 }
1180 return size;
1181 }
1182
1183 /**
1184 * gsm_dlci_modem_output - try and push modem status out of a DLCI
1185 * @gsm: mux
1186 * @dlci: the DLCI to pull modem status from
1187 * @brk: break signal
1188 *
1189 * Push an empty frame in to the transmit queue to update the modem status
1190 * bits and to transmit an optional break.
1191 *
1192 * Caller must hold the tx_lock of the mux.
1193 */
1194
gsm_dlci_modem_output(struct gsm_mux * gsm,struct gsm_dlci * dlci,u8 brk)1195 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1196 u8 brk)
1197 {
1198 u8 *dp = NULL;
1199 struct gsm_msg *msg;
1200 int size = 0;
1201
1202 /* for modem bits without break data */
1203 switch (dlci->adaption) {
1204 case 1: /* Unstructured */
1205 break;
1206 case 2: /* Unstructured with modem bits. */
1207 size++;
1208 if (brk > 0)
1209 size++;
1210 break;
1211 default:
1212 pr_err("%s: unsupported adaption %d\n", __func__,
1213 dlci->adaption);
1214 return -EINVAL;
1215 }
1216
1217 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1218 if (!msg) {
1219 pr_err("%s: gsm_data_alloc error", __func__);
1220 return -ENOMEM;
1221 }
1222 dp = msg->data;
1223 switch (dlci->adaption) {
1224 case 1: /* Unstructured */
1225 break;
1226 case 2: /* Unstructured with modem bits. */
1227 if (brk == 0) {
1228 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1229 } else {
1230 *dp++ = gsm_encode_modem(dlci) << 1;
1231 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1232 }
1233 break;
1234 default:
1235 /* Handled above */
1236 break;
1237 }
1238
1239 __gsm_data_queue(dlci, msg);
1240 return size;
1241 }
1242
1243 /**
1244 * gsm_dlci_data_sweep - look for data to send
1245 * @gsm: the GSM mux
1246 *
1247 * Sweep the GSM mux channels in priority order looking for ones with
1248 * data to send. We could do with optimising this scan a bit. We aim
1249 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1250 * TX_THRESH_LO we get called again
1251 *
1252 * FIXME: We should round robin between groups and in theory you can
1253 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1254 */
1255
gsm_dlci_data_sweep(struct gsm_mux * gsm)1256 static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
1257 {
1258 /* Priority ordering: We should do priority with RR of the groups */
1259 int i, len, ret = 0;
1260 bool sent;
1261 struct gsm_dlci *dlci;
1262
1263 while (gsm->tx_bytes < TX_THRESH_HI) {
1264 for (sent = false, i = 1; i < NUM_DLCI; i++) {
1265 dlci = gsm->dlci[i];
1266 /* skip unused or blocked channel */
1267 if (!dlci || dlci->constipated)
1268 continue;
1269 /* skip channels with invalid state */
1270 if (dlci->state != DLCI_OPEN)
1271 continue;
1272 /* count the sent data per adaption */
1273 if (dlci->adaption < 3 && !dlci->net)
1274 len = gsm_dlci_data_output(gsm, dlci);
1275 else
1276 len = gsm_dlci_data_output_framed(gsm, dlci);
1277 /* on error exit */
1278 if (len < 0)
1279 return ret;
1280 if (len > 0) {
1281 ret++;
1282 sent = true;
1283 /* The lower DLCs can starve the higher DLCs! */
1284 break;
1285 }
1286 /* try next */
1287 }
1288 if (!sent)
1289 break;
1290 };
1291
1292 return ret;
1293 }
1294
1295 /**
1296 * gsm_dlci_data_kick - transmit if possible
1297 * @dlci: DLCI to kick
1298 *
1299 * Transmit data from this DLCI if the queue is empty. We can't rely on
1300 * a tty wakeup except when we filled the pipe so we need to fire off
1301 * new data ourselves in other cases.
1302 */
1303
gsm_dlci_data_kick(struct gsm_dlci * dlci)1304 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1305 {
1306 unsigned long flags;
1307 int sweep;
1308
1309 if (dlci->constipated)
1310 return;
1311
1312 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1313 /* If we have nothing running then we need to fire up */
1314 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1315 if (dlci->gsm->tx_bytes == 0) {
1316 if (dlci->net)
1317 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1318 else
1319 gsm_dlci_data_output(dlci->gsm, dlci);
1320 }
1321 if (sweep)
1322 gsm_dlci_data_sweep(dlci->gsm);
1323 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1324 }
1325
1326 /*
1327 * Control message processing
1328 */
1329
1330
1331 /**
1332 * gsm_control_command - send a command frame to a control
1333 * @gsm: gsm channel
1334 * @cmd: the command to use
1335 * @data: data to follow encoded info
1336 * @dlen: length of data
1337 *
1338 * Encode up and queue a UI/UIH frame containing our command.
1339 */
gsm_control_command(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1340 static int gsm_control_command(struct gsm_mux *gsm, int cmd, const u8 *data,
1341 int dlen)
1342 {
1343 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1344
1345 if (msg == NULL)
1346 return -ENOMEM;
1347
1348 msg->data[0] = (cmd << 1) | CR | EA; /* Set C/R */
1349 msg->data[1] = (dlen << 1) | EA;
1350 memcpy(msg->data + 2, data, dlen);
1351 gsm_data_queue(gsm->dlci[0], msg);
1352
1353 return 0;
1354 }
1355
1356 /**
1357 * gsm_control_reply - send a response frame to a control
1358 * @gsm: gsm channel
1359 * @cmd: the command to use
1360 * @data: data to follow encoded info
1361 * @dlen: length of data
1362 *
1363 * Encode up and queue a UI/UIH frame containing our response.
1364 */
1365
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1366 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1367 int dlen)
1368 {
1369 struct gsm_msg *msg;
1370 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1371 if (msg == NULL)
1372 return;
1373 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1374 msg->data[1] = (dlen << 1) | EA;
1375 memcpy(msg->data + 2, data, dlen);
1376 gsm_data_queue(gsm->dlci[0], msg);
1377 }
1378
1379 /**
1380 * gsm_process_modem - process received modem status
1381 * @tty: virtual tty bound to the DLCI
1382 * @dlci: DLCI to affect
1383 * @modem: modem bits (full EA)
1384 * @slen: number of signal octets
1385 *
1386 * Used when a modem control message or line state inline in adaption
1387 * layer 2 is processed. Sort out the local modem state and throttles
1388 */
1389
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int slen)1390 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1391 u32 modem, int slen)
1392 {
1393 int mlines = 0;
1394 u8 brk = 0;
1395 int fc;
1396
1397 /* The modem status command can either contain one octet (V.24 signals)
1398 * or two octets (V.24 signals + break signals). This is specified in
1399 * section 5.4.6.3.7 of the 07.10 mux spec.
1400 */
1401
1402 if (slen == 1)
1403 modem = modem & 0x7f;
1404 else {
1405 brk = modem & 0x7f;
1406 modem = (modem >> 7) & 0x7f;
1407 }
1408
1409 /* Flow control/ready to communicate */
1410 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1411 if (fc && !dlci->constipated) {
1412 /* Need to throttle our output on this device */
1413 dlci->constipated = true;
1414 } else if (!fc && dlci->constipated) {
1415 dlci->constipated = false;
1416 gsm_dlci_data_kick(dlci);
1417 }
1418
1419 /* Map modem bits */
1420 if (modem & MDM_RTC)
1421 mlines |= TIOCM_DSR | TIOCM_DTR;
1422 if (modem & MDM_RTR)
1423 mlines |= TIOCM_RTS | TIOCM_CTS;
1424 if (modem & MDM_IC)
1425 mlines |= TIOCM_RI;
1426 if (modem & MDM_DV)
1427 mlines |= TIOCM_CD;
1428
1429 /* Carrier drop -> hangup */
1430 if (tty) {
1431 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1432 if (!C_CLOCAL(tty))
1433 tty_hangup(tty);
1434 }
1435 if (brk & 0x01)
1436 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1437 dlci->modem_rx = mlines;
1438 }
1439
1440 /**
1441 * gsm_control_modem - modem status received
1442 * @gsm: GSM channel
1443 * @data: data following command
1444 * @clen: command length
1445 *
1446 * We have received a modem status control message. This is used by
1447 * the GSM mux protocol to pass virtual modem line status and optionally
1448 * to indicate break signals. Unpack it, convert to Linux representation
1449 * and if need be stuff a break message down the tty.
1450 */
1451
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1452 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1453 {
1454 unsigned int addr = 0;
1455 unsigned int modem = 0;
1456 struct gsm_dlci *dlci;
1457 int len = clen;
1458 int cl = clen;
1459 const u8 *dp = data;
1460 struct tty_struct *tty;
1461
1462 len = gsm_read_ea_val(&addr, data, cl);
1463 if (len < 1)
1464 return;
1465
1466 addr >>= 1;
1467 /* Closed port, or invalid ? */
1468 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1469 return;
1470 dlci = gsm->dlci[addr];
1471
1472 /* Must be at least one byte following the EA */
1473 if ((cl - len) < 1)
1474 return;
1475
1476 dp += len;
1477 cl -= len;
1478
1479 /* get the modem status */
1480 len = gsm_read_ea_val(&modem, dp, cl);
1481 if (len < 1)
1482 return;
1483
1484 tty = tty_port_tty_get(&dlci->port);
1485 gsm_process_modem(tty, dlci, modem, cl);
1486 if (tty) {
1487 tty_wakeup(tty);
1488 tty_kref_put(tty);
1489 }
1490 gsm_control_reply(gsm, CMD_MSC, data, clen);
1491 }
1492
1493 /**
1494 * gsm_control_rls - remote line status
1495 * @gsm: GSM channel
1496 * @data: data bytes
1497 * @clen: data length
1498 *
1499 * The modem sends us a two byte message on the control channel whenever
1500 * it wishes to send us an error state from the virtual link. Stuff
1501 * this into the uplink tty if present
1502 */
1503
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1504 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1505 {
1506 struct tty_port *port;
1507 unsigned int addr = 0;
1508 u8 bits;
1509 int len = clen;
1510 const u8 *dp = data;
1511
1512 while (gsm_read_ea(&addr, *dp++) == 0) {
1513 len--;
1514 if (len == 0)
1515 return;
1516 }
1517 /* Must be at least one byte following ea */
1518 len--;
1519 if (len <= 0)
1520 return;
1521 addr >>= 1;
1522 /* Closed port, or invalid ? */
1523 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1524 return;
1525 /* No error ? */
1526 bits = *dp;
1527 if ((bits & 1) == 0)
1528 return;
1529
1530 port = &gsm->dlci[addr]->port;
1531
1532 if (bits & 2)
1533 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1534 if (bits & 4)
1535 tty_insert_flip_char(port, 0, TTY_PARITY);
1536 if (bits & 8)
1537 tty_insert_flip_char(port, 0, TTY_FRAME);
1538
1539 tty_flip_buffer_push(port);
1540
1541 gsm_control_reply(gsm, CMD_RLS, data, clen);
1542 }
1543
1544 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1545
1546 /**
1547 * gsm_control_message - DLCI 0 control processing
1548 * @gsm: our GSM mux
1549 * @command: the command EA
1550 * @data: data beyond the command/length EAs
1551 * @clen: length
1552 *
1553 * Input processor for control messages from the other end of the link.
1554 * Processes the incoming request and queues a response frame or an
1555 * NSC response if not supported
1556 */
1557
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1558 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1559 const u8 *data, int clen)
1560 {
1561 u8 buf[1];
1562
1563 switch (command) {
1564 case CMD_CLD: {
1565 struct gsm_dlci *dlci = gsm->dlci[0];
1566 /* Modem wishes to close down */
1567 if (dlci) {
1568 dlci->dead = true;
1569 gsm->dead = true;
1570 gsm_dlci_begin_close(dlci);
1571 }
1572 }
1573 break;
1574 case CMD_TEST:
1575 /* Modem wishes to test, reply with the data */
1576 gsm_control_reply(gsm, CMD_TEST, data, clen);
1577 break;
1578 case CMD_FCON:
1579 /* Modem can accept data again */
1580 gsm->constipated = false;
1581 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1582 /* Kick the link in case it is idling */
1583 gsmld_write_trigger(gsm);
1584 break;
1585 case CMD_FCOFF:
1586 /* Modem wants us to STFU */
1587 gsm->constipated = true;
1588 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1589 break;
1590 case CMD_MSC:
1591 /* Out of band modem line change indicator for a DLCI */
1592 gsm_control_modem(gsm, data, clen);
1593 break;
1594 case CMD_RLS:
1595 /* Out of band error reception for a DLCI */
1596 gsm_control_rls(gsm, data, clen);
1597 break;
1598 case CMD_PSC:
1599 /* Modem wishes to enter power saving state */
1600 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1601 break;
1602 /* Optional unsupported commands */
1603 case CMD_PN: /* Parameter negotiation */
1604 case CMD_RPN: /* Remote port negotiation */
1605 case CMD_SNC: /* Service negotiation command */
1606 default:
1607 /* Reply to bad commands with an NSC */
1608 buf[0] = command;
1609 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1610 break;
1611 }
1612 }
1613
1614 /**
1615 * gsm_control_response - process a response to our control
1616 * @gsm: our GSM mux
1617 * @command: the command (response) EA
1618 * @data: data beyond the command/length EA
1619 * @clen: length
1620 *
1621 * Process a response to an outstanding command. We only allow a single
1622 * control message in flight so this is fairly easy. All the clean up
1623 * is done by the caller, we just update the fields, flag it as done
1624 * and return
1625 */
1626
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1627 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1628 const u8 *data, int clen)
1629 {
1630 struct gsm_control *ctrl;
1631 unsigned long flags;
1632
1633 spin_lock_irqsave(&gsm->control_lock, flags);
1634
1635 ctrl = gsm->pending_cmd;
1636 /* Does the reply match our command */
1637 command |= 1;
1638 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1639 /* Our command was replied to, kill the retry timer */
1640 del_timer(&gsm->t2_timer);
1641 gsm->pending_cmd = NULL;
1642 /* Rejected by the other end */
1643 if (command == CMD_NSC)
1644 ctrl->error = -EOPNOTSUPP;
1645 ctrl->done = 1;
1646 wake_up(&gsm->event);
1647 }
1648 spin_unlock_irqrestore(&gsm->control_lock, flags);
1649 }
1650
1651 /**
1652 * gsm_control_transmit - send control packet
1653 * @gsm: gsm mux
1654 * @ctrl: frame to send
1655 *
1656 * Send out a pending control command (called under control lock)
1657 */
1658
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)1659 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1660 {
1661 gsm_control_command(gsm, ctrl->cmd, ctrl->data, ctrl->len);
1662 }
1663
1664 /**
1665 * gsm_control_retransmit - retransmit a control frame
1666 * @t: timer contained in our gsm object
1667 *
1668 * Called off the T2 timer expiry in order to retransmit control frames
1669 * that have been lost in the system somewhere. The control_lock protects
1670 * us from colliding with another sender or a receive completion event.
1671 * In that situation the timer may still occur in a small window but
1672 * gsm->pending_cmd will be NULL and we just let the timer expire.
1673 */
1674
gsm_control_retransmit(struct timer_list * t)1675 static void gsm_control_retransmit(struct timer_list *t)
1676 {
1677 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1678 struct gsm_control *ctrl;
1679 unsigned long flags;
1680 spin_lock_irqsave(&gsm->control_lock, flags);
1681 ctrl = gsm->pending_cmd;
1682 if (ctrl) {
1683 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
1684 gsm->pending_cmd = NULL;
1685 ctrl->error = -ETIMEDOUT;
1686 ctrl->done = 1;
1687 spin_unlock_irqrestore(&gsm->control_lock, flags);
1688 wake_up(&gsm->event);
1689 return;
1690 }
1691 gsm->cretries--;
1692 gsm_control_transmit(gsm, ctrl);
1693 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1694 }
1695 spin_unlock_irqrestore(&gsm->control_lock, flags);
1696 }
1697
1698 /**
1699 * gsm_control_send - send a control frame on DLCI 0
1700 * @gsm: the GSM channel
1701 * @command: command to send including CR bit
1702 * @data: bytes of data (must be kmalloced)
1703 * @clen: length of the block to send
1704 *
1705 * Queue and dispatch a control command. Only one command can be
1706 * active at a time. In theory more can be outstanding but the matching
1707 * gets really complicated so for now stick to one outstanding.
1708 */
1709
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)1710 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1711 unsigned int command, u8 *data, int clen)
1712 {
1713 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1714 GFP_ATOMIC);
1715 unsigned long flags;
1716 if (ctrl == NULL)
1717 return NULL;
1718 retry:
1719 wait_event(gsm->event, gsm->pending_cmd == NULL);
1720 spin_lock_irqsave(&gsm->control_lock, flags);
1721 if (gsm->pending_cmd != NULL) {
1722 spin_unlock_irqrestore(&gsm->control_lock, flags);
1723 goto retry;
1724 }
1725 ctrl->cmd = command;
1726 ctrl->data = data;
1727 ctrl->len = clen;
1728 gsm->pending_cmd = ctrl;
1729
1730 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1731 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1732 gsm->cretries = 0;
1733 else
1734 gsm->cretries = gsm->n2;
1735
1736 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1737 gsm_control_transmit(gsm, ctrl);
1738 spin_unlock_irqrestore(&gsm->control_lock, flags);
1739 return ctrl;
1740 }
1741
1742 /**
1743 * gsm_control_wait - wait for a control to finish
1744 * @gsm: GSM mux
1745 * @control: control we are waiting on
1746 *
1747 * Waits for the control to complete or time out. Frees any used
1748 * resources and returns 0 for success, or an error if the remote
1749 * rejected or ignored the request.
1750 */
1751
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)1752 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1753 {
1754 int err;
1755 wait_event(gsm->event, control->done == 1);
1756 err = control->error;
1757 kfree(control);
1758 return err;
1759 }
1760
1761
1762 /*
1763 * DLCI level handling: Needs krefs
1764 */
1765
1766 /*
1767 * State transitions and timers
1768 */
1769
1770 /**
1771 * gsm_dlci_close - a DLCI has closed
1772 * @dlci: DLCI that closed
1773 *
1774 * Perform processing when moving a DLCI into closed state. If there
1775 * is an attached tty this is hung up
1776 */
1777
gsm_dlci_close(struct gsm_dlci * dlci)1778 static void gsm_dlci_close(struct gsm_dlci *dlci)
1779 {
1780 del_timer(&dlci->t1);
1781 if (debug & DBG_ERRORS)
1782 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1783 dlci->state = DLCI_CLOSED;
1784 /* Prevent us from sending data before the link is up again */
1785 dlci->constipated = true;
1786 if (dlci->addr != 0) {
1787 tty_port_tty_hangup(&dlci->port, false);
1788 gsm_dlci_clear_queues(dlci->gsm, dlci);
1789 /* Ensure that gsmtty_open() can return. */
1790 tty_port_set_initialized(&dlci->port, 0);
1791 wake_up_interruptible(&dlci->port.open_wait);
1792 } else
1793 dlci->gsm->dead = true;
1794 /* A DLCI 0 close is a MUX termination so we need to kick that
1795 back to userspace somehow */
1796 gsm_dlci_data_kick(dlci);
1797 wake_up(&dlci->gsm->event);
1798 }
1799
1800 /**
1801 * gsm_dlci_open - a DLCI has opened
1802 * @dlci: DLCI that opened
1803 *
1804 * Perform processing when moving a DLCI into open state.
1805 */
1806
gsm_dlci_open(struct gsm_dlci * dlci)1807 static void gsm_dlci_open(struct gsm_dlci *dlci)
1808 {
1809 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1810 open -> open */
1811 del_timer(&dlci->t1);
1812 /* This will let a tty open continue */
1813 dlci->state = DLCI_OPEN;
1814 dlci->constipated = false;
1815 if (debug & DBG_ERRORS)
1816 pr_debug("DLCI %d goes open.\n", dlci->addr);
1817 /* Send current modem state */
1818 if (dlci->addr)
1819 gsm_modem_update(dlci, 0);
1820 gsm_dlci_data_kick(dlci);
1821 wake_up(&dlci->gsm->event);
1822 }
1823
1824 /**
1825 * gsm_dlci_t1 - T1 timer expiry
1826 * @t: timer contained in the DLCI that opened
1827 *
1828 * The T1 timer handles retransmits of control frames (essentially of
1829 * SABM and DISC). We resend the command until the retry count runs out
1830 * in which case an opening port goes back to closed and a closing port
1831 * is simply put into closed state (any further frames from the other
1832 * end will get a DM response)
1833 *
1834 * Some control dlci can stay in ADM mode with other dlci working just
1835 * fine. In that case we can just keep the control dlci open after the
1836 * DLCI_OPENING retries time out.
1837 */
1838
gsm_dlci_t1(struct timer_list * t)1839 static void gsm_dlci_t1(struct timer_list *t)
1840 {
1841 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1842 struct gsm_mux *gsm = dlci->gsm;
1843
1844 switch (dlci->state) {
1845 case DLCI_OPENING:
1846 if (dlci->retries) {
1847 dlci->retries--;
1848 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1849 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1850 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1851 if (debug & DBG_ERRORS)
1852 pr_info("DLCI %d opening in ADM mode.\n",
1853 dlci->addr);
1854 dlci->mode = DLCI_MODE_ADM;
1855 gsm_dlci_open(dlci);
1856 } else {
1857 gsm_dlci_begin_close(dlci); /* prevent half open link */
1858 }
1859
1860 break;
1861 case DLCI_CLOSING:
1862 if (dlci->retries) {
1863 dlci->retries--;
1864 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1865 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1866 } else
1867 gsm_dlci_close(dlci);
1868 break;
1869 default:
1870 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1871 break;
1872 }
1873 }
1874
1875 /**
1876 * gsm_dlci_begin_open - start channel open procedure
1877 * @dlci: DLCI to open
1878 *
1879 * Commence opening a DLCI from the Linux side. We issue SABM messages
1880 * to the modem which should then reply with a UA or ADM, at which point
1881 * we will move into open state. Opening is done asynchronously with retry
1882 * running off timers and the responses.
1883 */
1884
gsm_dlci_begin_open(struct gsm_dlci * dlci)1885 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1886 {
1887 struct gsm_mux *gsm = dlci->gsm;
1888 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1889 return;
1890 dlci->retries = gsm->n2;
1891 dlci->state = DLCI_OPENING;
1892 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1893 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1894 }
1895
1896 /**
1897 * gsm_dlci_set_opening - change state to opening
1898 * @dlci: DLCI to open
1899 *
1900 * Change internal state to wait for DLCI open from initiator side.
1901 * We set off timers and responses upon reception of an SABM.
1902 */
gsm_dlci_set_opening(struct gsm_dlci * dlci)1903 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1904 {
1905 switch (dlci->state) {
1906 case DLCI_CLOSED:
1907 case DLCI_CLOSING:
1908 dlci->state = DLCI_OPENING;
1909 break;
1910 default:
1911 break;
1912 }
1913 }
1914
1915 /**
1916 * gsm_dlci_begin_close - start channel open procedure
1917 * @dlci: DLCI to open
1918 *
1919 * Commence closing a DLCI from the Linux side. We issue DISC messages
1920 * to the modem which should then reply with a UA, at which point we
1921 * will move into closed state. Closing is done asynchronously with retry
1922 * off timers. We may also receive a DM reply from the other end which
1923 * indicates the channel was already closed.
1924 */
1925
gsm_dlci_begin_close(struct gsm_dlci * dlci)1926 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1927 {
1928 struct gsm_mux *gsm = dlci->gsm;
1929 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1930 return;
1931 dlci->retries = gsm->n2;
1932 dlci->state = DLCI_CLOSING;
1933 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1934 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1935 }
1936
1937 /**
1938 * gsm_dlci_data - data arrived
1939 * @dlci: channel
1940 * @data: block of bytes received
1941 * @clen: length of received block
1942 *
1943 * A UI or UIH frame has arrived which contains data for a channel
1944 * other than the control channel. If the relevant virtual tty is
1945 * open we shovel the bits down it, if not we drop them.
1946 */
1947
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)1948 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1949 {
1950 /* krefs .. */
1951 struct tty_port *port = &dlci->port;
1952 struct tty_struct *tty;
1953 unsigned int modem = 0;
1954 int len;
1955
1956 if (debug & DBG_TTY)
1957 pr_debug("%d bytes for tty\n", clen);
1958 switch (dlci->adaption) {
1959 /* Unsupported types */
1960 case 4: /* Packetised interruptible data */
1961 break;
1962 case 3: /* Packetised uininterruptible voice/data */
1963 break;
1964 case 2: /* Asynchronous serial with line state in each frame */
1965 len = gsm_read_ea_val(&modem, data, clen);
1966 if (len < 1)
1967 return;
1968 tty = tty_port_tty_get(port);
1969 if (tty) {
1970 gsm_process_modem(tty, dlci, modem, len);
1971 tty_wakeup(tty);
1972 tty_kref_put(tty);
1973 }
1974 /* Skip processed modem data */
1975 data += len;
1976 clen -= len;
1977 fallthrough;
1978 case 1: /* Line state will go via DLCI 0 controls only */
1979 default:
1980 tty_insert_flip_string(port, data, clen);
1981 tty_flip_buffer_push(port);
1982 }
1983 }
1984
1985 /**
1986 * gsm_dlci_command - data arrived on control channel
1987 * @dlci: channel
1988 * @data: block of bytes received
1989 * @len: length of received block
1990 *
1991 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1992 * control channel. This should contain a command EA followed by
1993 * control data bytes. The command EA contains a command/response bit
1994 * and we divide up the work accordingly.
1995 */
1996
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)1997 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1998 {
1999 /* See what command is involved */
2000 unsigned int command = 0;
2001 unsigned int clen = 0;
2002 unsigned int dlen;
2003
2004 /* read the command */
2005 dlen = gsm_read_ea_val(&command, data, len);
2006 len -= dlen;
2007 data += dlen;
2008
2009 /* read any control data */
2010 dlen = gsm_read_ea_val(&clen, data, len);
2011 len -= dlen;
2012 data += dlen;
2013
2014 /* Malformed command? */
2015 if (clen > len)
2016 return;
2017
2018 if (command & 1)
2019 gsm_control_message(dlci->gsm, command, data, clen);
2020 else
2021 gsm_control_response(dlci->gsm, command, data, clen);
2022 }
2023
2024 /**
2025 * gsm_kick_timer - transmit if possible
2026 * @t: timer contained in our gsm object
2027 *
2028 * Transmit data from DLCIs if the queue is empty. We can't rely on
2029 * a tty wakeup except when we filled the pipe so we need to fire off
2030 * new data ourselves in other cases.
2031 */
gsm_kick_timer(struct timer_list * t)2032 static void gsm_kick_timer(struct timer_list *t)
2033 {
2034 struct gsm_mux *gsm = from_timer(gsm, t, kick_timer);
2035 unsigned long flags;
2036 int sent = 0;
2037
2038 spin_lock_irqsave(&gsm->tx_lock, flags);
2039 /* If we have nothing running then we need to fire up */
2040 if (gsm->tx_bytes < TX_THRESH_LO)
2041 sent = gsm_dlci_data_sweep(gsm);
2042 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2043
2044 if (sent && debug & DBG_DATA)
2045 pr_info("%s TX queue stalled\n", __func__);
2046 }
2047
2048 /*
2049 * Allocate/Free DLCI channels
2050 */
2051
2052 /**
2053 * gsm_dlci_alloc - allocate a DLCI
2054 * @gsm: GSM mux
2055 * @addr: address of the DLCI
2056 *
2057 * Allocate and install a new DLCI object into the GSM mux.
2058 *
2059 * FIXME: review locking races
2060 */
2061
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)2062 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2063 {
2064 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2065 if (dlci == NULL)
2066 return NULL;
2067 spin_lock_init(&dlci->lock);
2068 mutex_init(&dlci->mutex);
2069 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
2070 kfree(dlci);
2071 return NULL;
2072 }
2073
2074 skb_queue_head_init(&dlci->skb_list);
2075 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
2076 tty_port_init(&dlci->port);
2077 dlci->port.ops = &gsm_port_ops;
2078 dlci->gsm = gsm;
2079 dlci->addr = addr;
2080 dlci->adaption = gsm->adaption;
2081 dlci->state = DLCI_CLOSED;
2082 if (addr) {
2083 dlci->data = gsm_dlci_data;
2084 /* Prevent us from sending data before the link is up */
2085 dlci->constipated = true;
2086 } else {
2087 dlci->data = gsm_dlci_command;
2088 }
2089 gsm->dlci[addr] = dlci;
2090 return dlci;
2091 }
2092
2093 /**
2094 * gsm_dlci_free - free DLCI
2095 * @port: tty port for DLCI to free
2096 *
2097 * Free up a DLCI.
2098 *
2099 * Can sleep.
2100 */
gsm_dlci_free(struct tty_port * port)2101 static void gsm_dlci_free(struct tty_port *port)
2102 {
2103 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2104
2105 del_timer_sync(&dlci->t1);
2106 dlci->gsm->dlci[dlci->addr] = NULL;
2107 kfifo_free(&dlci->fifo);
2108 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
2109 dev_kfree_skb(dlci->skb);
2110 kfree(dlci);
2111 }
2112
dlci_get(struct gsm_dlci * dlci)2113 static inline void dlci_get(struct gsm_dlci *dlci)
2114 {
2115 tty_port_get(&dlci->port);
2116 }
2117
dlci_put(struct gsm_dlci * dlci)2118 static inline void dlci_put(struct gsm_dlci *dlci)
2119 {
2120 tty_port_put(&dlci->port);
2121 }
2122
2123 static void gsm_destroy_network(struct gsm_dlci *dlci);
2124
2125 /**
2126 * gsm_dlci_release - release DLCI
2127 * @dlci: DLCI to destroy
2128 *
2129 * Release a DLCI. Actual free is deferred until either
2130 * mux is closed or tty is closed - whichever is last.
2131 *
2132 * Can sleep.
2133 */
gsm_dlci_release(struct gsm_dlci * dlci)2134 static void gsm_dlci_release(struct gsm_dlci *dlci)
2135 {
2136 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2137 if (tty) {
2138 mutex_lock(&dlci->mutex);
2139 gsm_destroy_network(dlci);
2140 mutex_unlock(&dlci->mutex);
2141
2142 /* We cannot use tty_hangup() because in tty_kref_put() the tty
2143 * driver assumes that the hangup queue is free and reuses it to
2144 * queue release_one_tty() -> NULL pointer panic in
2145 * process_one_work().
2146 */
2147 tty_vhangup(tty);
2148
2149 tty_port_tty_set(&dlci->port, NULL);
2150 tty_kref_put(tty);
2151 }
2152 dlci->state = DLCI_CLOSED;
2153 dlci_put(dlci);
2154 }
2155
2156 /*
2157 * LAPBish link layer logic
2158 */
2159
2160 /**
2161 * gsm_queue - a GSM frame is ready to process
2162 * @gsm: pointer to our gsm mux
2163 *
2164 * At this point in time a frame has arrived and been demangled from
2165 * the line encoding. All the differences between the encodings have
2166 * been handled below us and the frame is unpacked into the structures.
2167 * The fcs holds the header FCS but any data FCS must be added here.
2168 */
2169
gsm_queue(struct gsm_mux * gsm)2170 static void gsm_queue(struct gsm_mux *gsm)
2171 {
2172 struct gsm_dlci *dlci;
2173 u8 cr;
2174 int address;
2175
2176 if (gsm->fcs != GOOD_FCS) {
2177 gsm->bad_fcs++;
2178 if (debug & DBG_DATA)
2179 pr_debug("BAD FCS %02x\n", gsm->fcs);
2180 return;
2181 }
2182 address = gsm->address >> 1;
2183 if (address >= NUM_DLCI)
2184 goto invalid;
2185
2186 cr = gsm->address & 1; /* C/R bit */
2187 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
2188
2189 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2190
2191 dlci = gsm->dlci[address];
2192
2193 switch (gsm->control) {
2194 case SABM|PF:
2195 if (cr == 1)
2196 goto invalid;
2197 if (dlci == NULL)
2198 dlci = gsm_dlci_alloc(gsm, address);
2199 if (dlci == NULL)
2200 return;
2201 if (dlci->dead)
2202 gsm_response(gsm, address, DM|PF);
2203 else {
2204 gsm_response(gsm, address, UA|PF);
2205 gsm_dlci_open(dlci);
2206 }
2207 break;
2208 case DISC|PF:
2209 if (cr == 1)
2210 goto invalid;
2211 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
2212 gsm_response(gsm, address, DM|PF);
2213 return;
2214 }
2215 /* Real close complete */
2216 gsm_response(gsm, address, UA|PF);
2217 gsm_dlci_close(dlci);
2218 break;
2219 case UA|PF:
2220 if (cr == 0 || dlci == NULL)
2221 break;
2222 switch (dlci->state) {
2223 case DLCI_CLOSING:
2224 gsm_dlci_close(dlci);
2225 break;
2226 case DLCI_OPENING:
2227 gsm_dlci_open(dlci);
2228 break;
2229 default:
2230 pr_debug("%s: unhandled state: %d\n", __func__,
2231 dlci->state);
2232 break;
2233 }
2234 break;
2235 case DM: /* DM can be valid unsolicited */
2236 case DM|PF:
2237 if (cr)
2238 goto invalid;
2239 if (dlci == NULL)
2240 return;
2241 gsm_dlci_close(dlci);
2242 break;
2243 case UI:
2244 case UI|PF:
2245 case UIH:
2246 case UIH|PF:
2247 if (dlci == NULL || dlci->state != DLCI_OPEN) {
2248 gsm_response(gsm, address, DM|PF);
2249 return;
2250 }
2251 dlci->data(dlci, gsm->buf, gsm->len);
2252 break;
2253 default:
2254 goto invalid;
2255 }
2256 return;
2257 invalid:
2258 gsm->malformed++;
2259 return;
2260 }
2261
2262
2263 /**
2264 * gsm0_receive - perform processing for non-transparency
2265 * @gsm: gsm data for this ldisc instance
2266 * @c: character
2267 *
2268 * Receive bytes in gsm mode 0
2269 */
2270
gsm0_receive(struct gsm_mux * gsm,unsigned char c)2271 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2272 {
2273 unsigned int len;
2274
2275 switch (gsm->state) {
2276 case GSM_SEARCH: /* SOF marker */
2277 if (c == GSM0_SOF) {
2278 gsm->state = GSM_ADDRESS;
2279 gsm->address = 0;
2280 gsm->len = 0;
2281 gsm->fcs = INIT_FCS;
2282 }
2283 break;
2284 case GSM_ADDRESS: /* Address EA */
2285 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2286 if (gsm_read_ea(&gsm->address, c))
2287 gsm->state = GSM_CONTROL;
2288 break;
2289 case GSM_CONTROL: /* Control Byte */
2290 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2291 gsm->control = c;
2292 gsm->state = GSM_LEN0;
2293 break;
2294 case GSM_LEN0: /* Length EA */
2295 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2296 if (gsm_read_ea(&gsm->len, c)) {
2297 if (gsm->len > gsm->mru) {
2298 gsm->bad_size++;
2299 gsm->state = GSM_SEARCH;
2300 break;
2301 }
2302 gsm->count = 0;
2303 if (!gsm->len)
2304 gsm->state = GSM_FCS;
2305 else
2306 gsm->state = GSM_DATA;
2307 break;
2308 }
2309 gsm->state = GSM_LEN1;
2310 break;
2311 case GSM_LEN1:
2312 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2313 len = c;
2314 gsm->len |= len << 7;
2315 if (gsm->len > gsm->mru) {
2316 gsm->bad_size++;
2317 gsm->state = GSM_SEARCH;
2318 break;
2319 }
2320 gsm->count = 0;
2321 if (!gsm->len)
2322 gsm->state = GSM_FCS;
2323 else
2324 gsm->state = GSM_DATA;
2325 break;
2326 case GSM_DATA: /* Data */
2327 gsm->buf[gsm->count++] = c;
2328 if (gsm->count == gsm->len) {
2329 /* Calculate final FCS for UI frames over all data */
2330 if ((gsm->control & ~PF) != UIH) {
2331 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2332 gsm->count);
2333 }
2334 gsm->state = GSM_FCS;
2335 }
2336 break;
2337 case GSM_FCS: /* FCS follows the packet */
2338 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2339 gsm->state = GSM_SSOF;
2340 break;
2341 case GSM_SSOF:
2342 gsm->state = GSM_SEARCH;
2343 if (c == GSM0_SOF)
2344 gsm_queue(gsm);
2345 else
2346 gsm->bad_size++;
2347 break;
2348 default:
2349 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2350 break;
2351 }
2352 }
2353
2354 /**
2355 * gsm1_receive - perform processing for non-transparency
2356 * @gsm: gsm data for this ldisc instance
2357 * @c: character
2358 *
2359 * Receive bytes in mode 1 (Advanced option)
2360 */
2361
gsm1_receive(struct gsm_mux * gsm,unsigned char c)2362 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2363 {
2364 /* handle XON/XOFF */
2365 if ((c & ISO_IEC_646_MASK) == XON) {
2366 gsm->constipated = true;
2367 return;
2368 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2369 gsm->constipated = false;
2370 /* Kick the link in case it is idling */
2371 gsmld_write_trigger(gsm);
2372 return;
2373 }
2374 if (c == GSM1_SOF) {
2375 /* EOF is only valid in frame if we have got to the data state */
2376 if (gsm->state == GSM_DATA) {
2377 if (gsm->count < 1) {
2378 /* Missing FSC */
2379 gsm->malformed++;
2380 gsm->state = GSM_START;
2381 return;
2382 }
2383 /* Remove the FCS from data */
2384 gsm->count--;
2385 if ((gsm->control & ~PF) != UIH) {
2386 /* Calculate final FCS for UI frames over all
2387 * data but FCS
2388 */
2389 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2390 gsm->count);
2391 }
2392 /* Add the FCS itself to test against GOOD_FCS */
2393 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2394 gsm->len = gsm->count;
2395 gsm_queue(gsm);
2396 gsm->state = GSM_START;
2397 return;
2398 }
2399 /* Any partial frame was a runt so go back to start */
2400 if (gsm->state != GSM_START) {
2401 if (gsm->state != GSM_SEARCH)
2402 gsm->malformed++;
2403 gsm->state = GSM_START;
2404 }
2405 /* A SOF in GSM_START means we are still reading idling or
2406 framing bytes */
2407 return;
2408 }
2409
2410 if (c == GSM1_ESCAPE) {
2411 gsm->escape = true;
2412 return;
2413 }
2414
2415 /* Only an unescaped SOF gets us out of GSM search */
2416 if (gsm->state == GSM_SEARCH)
2417 return;
2418
2419 if (gsm->escape) {
2420 c ^= GSM1_ESCAPE_BITS;
2421 gsm->escape = false;
2422 }
2423 switch (gsm->state) {
2424 case GSM_START: /* First byte after SOF */
2425 gsm->address = 0;
2426 gsm->state = GSM_ADDRESS;
2427 gsm->fcs = INIT_FCS;
2428 fallthrough;
2429 case GSM_ADDRESS: /* Address continuation */
2430 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2431 if (gsm_read_ea(&gsm->address, c))
2432 gsm->state = GSM_CONTROL;
2433 break;
2434 case GSM_CONTROL: /* Control Byte */
2435 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2436 gsm->control = c;
2437 gsm->count = 0;
2438 gsm->state = GSM_DATA;
2439 break;
2440 case GSM_DATA: /* Data */
2441 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2442 gsm->state = GSM_OVERRUN;
2443 gsm->bad_size++;
2444 } else
2445 gsm->buf[gsm->count++] = c;
2446 break;
2447 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2448 break;
2449 default:
2450 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2451 break;
2452 }
2453 }
2454
2455 /**
2456 * gsm_error - handle tty error
2457 * @gsm: ldisc data
2458 *
2459 * Handle an error in the receipt of data for a frame. Currently we just
2460 * go back to hunting for a SOF.
2461 *
2462 * FIXME: better diagnostics ?
2463 */
2464
gsm_error(struct gsm_mux * gsm)2465 static void gsm_error(struct gsm_mux *gsm)
2466 {
2467 gsm->state = GSM_SEARCH;
2468 gsm->io_error++;
2469 }
2470
2471 /**
2472 * gsm_cleanup_mux - generic GSM protocol cleanup
2473 * @gsm: our mux
2474 * @disc: disconnect link?
2475 *
2476 * Clean up the bits of the mux which are the same for all framing
2477 * protocols. Remove the mux from the mux table, stop all the timers
2478 * and then shut down each device hanging up the channels as we go.
2479 */
2480
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)2481 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2482 {
2483 int i;
2484 struct gsm_dlci *dlci = gsm->dlci[0];
2485 struct gsm_msg *txq, *ntxq;
2486
2487 gsm->dead = true;
2488 mutex_lock(&gsm->mutex);
2489
2490 if (dlci) {
2491 if (disc && dlci->state != DLCI_CLOSED) {
2492 gsm_dlci_begin_close(dlci);
2493 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2494 }
2495 dlci->dead = true;
2496 }
2497
2498 /* Finish outstanding timers, making sure they are done */
2499 del_timer_sync(&gsm->kick_timer);
2500 del_timer_sync(&gsm->t2_timer);
2501
2502 /* Finish writing to ldisc */
2503 flush_work(&gsm->tx_work);
2504
2505 /* Free up any link layer users and finally the control channel */
2506 if (gsm->has_devices) {
2507 gsm_unregister_devices(gsm_tty_driver, gsm->num);
2508 gsm->has_devices = false;
2509 }
2510 for (i = NUM_DLCI - 1; i >= 0; i--)
2511 if (gsm->dlci[i])
2512 gsm_dlci_release(gsm->dlci[i]);
2513 mutex_unlock(&gsm->mutex);
2514 /* Now wipe the queues */
2515 tty_ldisc_flush(gsm->tty);
2516 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
2517 kfree(txq);
2518 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2519 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
2520 kfree(txq);
2521 INIT_LIST_HEAD(&gsm->tx_data_list);
2522 }
2523
2524 /**
2525 * gsm_activate_mux - generic GSM setup
2526 * @gsm: our mux
2527 *
2528 * Set up the bits of the mux which are the same for all framing
2529 * protocols. Add the mux to the mux table so it can be opened and
2530 * finally kick off connecting to DLCI 0 on the modem.
2531 */
2532
gsm_activate_mux(struct gsm_mux * gsm)2533 static int gsm_activate_mux(struct gsm_mux *gsm)
2534 {
2535 struct gsm_dlci *dlci;
2536 int ret;
2537
2538 dlci = gsm_dlci_alloc(gsm, 0);
2539 if (dlci == NULL)
2540 return -ENOMEM;
2541
2542 if (gsm->encoding == GSM_BASIC_OPT)
2543 gsm->receive = gsm0_receive;
2544 else
2545 gsm->receive = gsm1_receive;
2546
2547 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
2548 if (ret)
2549 return ret;
2550
2551 gsm->has_devices = true;
2552 gsm->dead = false; /* Tty opens are now permissible */
2553 return 0;
2554 }
2555
2556 /**
2557 * gsm_free_mux - free up a mux
2558 * @gsm: mux to free
2559 *
2560 * Dispose of allocated resources for a dead mux
2561 */
gsm_free_mux(struct gsm_mux * gsm)2562 static void gsm_free_mux(struct gsm_mux *gsm)
2563 {
2564 int i;
2565
2566 for (i = 0; i < MAX_MUX; i++) {
2567 if (gsm == gsm_mux[i]) {
2568 gsm_mux[i] = NULL;
2569 break;
2570 }
2571 }
2572 mutex_destroy(&gsm->mutex);
2573 kfree(gsm->txframe);
2574 kfree(gsm->buf);
2575 kfree(gsm);
2576 }
2577
2578 /**
2579 * gsm_free_muxr - free up a mux
2580 * @ref: kreference to the mux to free
2581 *
2582 * Dispose of allocated resources for a dead mux
2583 */
gsm_free_muxr(struct kref * ref)2584 static void gsm_free_muxr(struct kref *ref)
2585 {
2586 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2587 gsm_free_mux(gsm);
2588 }
2589
mux_get(struct gsm_mux * gsm)2590 static inline void mux_get(struct gsm_mux *gsm)
2591 {
2592 unsigned long flags;
2593
2594 spin_lock_irqsave(&gsm_mux_lock, flags);
2595 kref_get(&gsm->ref);
2596 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2597 }
2598
mux_put(struct gsm_mux * gsm)2599 static inline void mux_put(struct gsm_mux *gsm)
2600 {
2601 unsigned long flags;
2602
2603 spin_lock_irqsave(&gsm_mux_lock, flags);
2604 kref_put(&gsm->ref, gsm_free_muxr);
2605 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2606 }
2607
mux_num_to_base(struct gsm_mux * gsm)2608 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2609 {
2610 return gsm->num * NUM_DLCI;
2611 }
2612
mux_line_to_num(unsigned int line)2613 static inline unsigned int mux_line_to_num(unsigned int line)
2614 {
2615 return line / NUM_DLCI;
2616 }
2617
2618 /**
2619 * gsm_alloc_mux - allocate a mux
2620 *
2621 * Creates a new mux ready for activation.
2622 */
2623
gsm_alloc_mux(void)2624 static struct gsm_mux *gsm_alloc_mux(void)
2625 {
2626 int i;
2627 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2628 if (gsm == NULL)
2629 return NULL;
2630 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2631 if (gsm->buf == NULL) {
2632 kfree(gsm);
2633 return NULL;
2634 }
2635 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2636 if (gsm->txframe == NULL) {
2637 kfree(gsm->buf);
2638 kfree(gsm);
2639 return NULL;
2640 }
2641 spin_lock_init(&gsm->lock);
2642 mutex_init(&gsm->mutex);
2643 kref_init(&gsm->ref);
2644 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2645 INIT_LIST_HEAD(&gsm->tx_data_list);
2646 timer_setup(&gsm->kick_timer, gsm_kick_timer, 0);
2647 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2648 INIT_WORK(&gsm->tx_work, gsmld_write_task);
2649 init_waitqueue_head(&gsm->event);
2650 spin_lock_init(&gsm->control_lock);
2651 spin_lock_init(&gsm->tx_lock);
2652
2653 gsm->t1 = T1;
2654 gsm->t2 = T2;
2655 gsm->n2 = N2;
2656 gsm->ftype = UIH;
2657 gsm->adaption = 1;
2658 gsm->encoding = GSM_ADV_OPT;
2659 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2660 gsm->mtu = 64;
2661 gsm->dead = true; /* Avoid early tty opens */
2662
2663 /* Store the instance to the mux array or abort if no space is
2664 * available.
2665 */
2666 spin_lock(&gsm_mux_lock);
2667 for (i = 0; i < MAX_MUX; i++) {
2668 if (!gsm_mux[i]) {
2669 gsm_mux[i] = gsm;
2670 gsm->num = i;
2671 break;
2672 }
2673 }
2674 spin_unlock(&gsm_mux_lock);
2675 if (i == MAX_MUX) {
2676 mutex_destroy(&gsm->mutex);
2677 kfree(gsm->txframe);
2678 kfree(gsm->buf);
2679 kfree(gsm);
2680 return NULL;
2681 }
2682
2683 return gsm;
2684 }
2685
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)2686 static void gsm_copy_config_values(struct gsm_mux *gsm,
2687 struct gsm_config *c)
2688 {
2689 memset(c, 0, sizeof(*c));
2690 c->adaption = gsm->adaption;
2691 c->encapsulation = gsm->encoding;
2692 c->initiator = gsm->initiator;
2693 c->t1 = gsm->t1;
2694 c->t2 = gsm->t2;
2695 c->t3 = 0; /* Not supported */
2696 c->n2 = gsm->n2;
2697 if (gsm->ftype == UIH)
2698 c->i = 1;
2699 else
2700 c->i = 2;
2701 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2702 c->mru = gsm->mru;
2703 c->mtu = gsm->mtu;
2704 c->k = 0;
2705 }
2706
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)2707 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2708 {
2709 int ret = 0;
2710 int need_close = 0;
2711 int need_restart = 0;
2712
2713 /* Stuff we don't support yet - UI or I frame transport, windowing */
2714 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2715 return -EOPNOTSUPP;
2716 /* Check the MRU/MTU range looks sane */
2717 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2718 return -EINVAL;
2719 if (c->n2 > 255)
2720 return -EINVAL;
2721 if (c->encapsulation > 1) /* Basic, advanced, no I */
2722 return -EINVAL;
2723 if (c->initiator > 1)
2724 return -EINVAL;
2725 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2726 return -EINVAL;
2727 /*
2728 * See what is needed for reconfiguration
2729 */
2730
2731 /* Timing fields */
2732 if (c->t1 != 0 && c->t1 != gsm->t1)
2733 need_restart = 1;
2734 if (c->t2 != 0 && c->t2 != gsm->t2)
2735 need_restart = 1;
2736 if (c->encapsulation != gsm->encoding)
2737 need_restart = 1;
2738 if (c->adaption != gsm->adaption)
2739 need_restart = 1;
2740 /* Requires care */
2741 if (c->initiator != gsm->initiator)
2742 need_close = 1;
2743 if (c->mru != gsm->mru)
2744 need_restart = 1;
2745 if (c->mtu != gsm->mtu)
2746 need_restart = 1;
2747
2748 /*
2749 * Close down what is needed, restart and initiate the new
2750 * configuration. On the first time there is no DLCI[0]
2751 * and closing or cleaning up is not necessary.
2752 */
2753 if (need_close || need_restart)
2754 gsm_cleanup_mux(gsm, true);
2755
2756 gsm->initiator = c->initiator;
2757 gsm->mru = c->mru;
2758 gsm->mtu = c->mtu;
2759 gsm->encoding = c->encapsulation ? GSM_ADV_OPT : GSM_BASIC_OPT;
2760 gsm->adaption = c->adaption;
2761 gsm->n2 = c->n2;
2762
2763 if (c->i == 1)
2764 gsm->ftype = UIH;
2765 else if (c->i == 2)
2766 gsm->ftype = UI;
2767
2768 if (c->t1)
2769 gsm->t1 = c->t1;
2770 if (c->t2)
2771 gsm->t2 = c->t2;
2772
2773 /*
2774 * FIXME: We need to separate activation/deactivation from adding
2775 * and removing from the mux array
2776 */
2777 if (gsm->dead) {
2778 ret = gsm_activate_mux(gsm);
2779 if (ret)
2780 return ret;
2781 if (gsm->initiator)
2782 gsm_dlci_begin_open(gsm->dlci[0]);
2783 }
2784 return 0;
2785 }
2786
2787 /**
2788 * gsmld_output - write to link
2789 * @gsm: our mux
2790 * @data: bytes to output
2791 * @len: size
2792 *
2793 * Write a block of data from the GSM mux to the data channel. This
2794 * will eventually be serialized from above but at the moment isn't.
2795 */
2796
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)2797 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2798 {
2799 if (tty_write_room(gsm->tty) < len) {
2800 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2801 return -ENOSPC;
2802 }
2803 if (debug & DBG_DATA)
2804 gsm_hex_dump_bytes(__func__, data, len);
2805 return gsm->tty->ops->write(gsm->tty, data, len);
2806 }
2807
2808
2809 /**
2810 * gsmld_write_trigger - schedule ldisc write task
2811 * @gsm: our mux
2812 */
gsmld_write_trigger(struct gsm_mux * gsm)2813 static void gsmld_write_trigger(struct gsm_mux *gsm)
2814 {
2815 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
2816 return;
2817 schedule_work(&gsm->tx_work);
2818 }
2819
2820
2821 /**
2822 * gsmld_write_task - ldisc write task
2823 * @work: our tx write work
2824 *
2825 * Writes out data to the ldisc if possible. We are doing this here to
2826 * avoid dead-locking. This returns if no space or data is left for output.
2827 */
gsmld_write_task(struct work_struct * work)2828 static void gsmld_write_task(struct work_struct *work)
2829 {
2830 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
2831 unsigned long flags;
2832 int i, ret;
2833
2834 /* All outstanding control channel and control messages and one data
2835 * frame is sent.
2836 */
2837 ret = -ENODEV;
2838 spin_lock_irqsave(&gsm->tx_lock, flags);
2839 if (gsm->tty)
2840 ret = gsm_data_kick(gsm);
2841 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2842
2843 if (ret >= 0)
2844 for (i = 0; i < NUM_DLCI; i++)
2845 if (gsm->dlci[i])
2846 tty_port_tty_wakeup(&gsm->dlci[i]->port);
2847 }
2848
2849 /**
2850 * gsmld_attach_gsm - mode set up
2851 * @tty: our tty structure
2852 * @gsm: our mux
2853 *
2854 * Set up the MUX for basic mode and commence connecting to the
2855 * modem. Currently called from the line discipline set up but
2856 * will need moving to an ioctl path.
2857 */
2858
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2859 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2860 {
2861 gsm->tty = tty_kref_get(tty);
2862 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2863 gsm->old_c_iflag = tty->termios.c_iflag;
2864 tty->termios.c_iflag &= (IXON | IXOFF);
2865 }
2866
2867 /**
2868 * gsmld_detach_gsm - stop doing 0710 mux
2869 * @tty: tty attached to the mux
2870 * @gsm: mux
2871 *
2872 * Shutdown and then clean up the resources used by the line discipline
2873 */
2874
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2875 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2876 {
2877 WARN_ON(tty != gsm->tty);
2878 /* Restore tty XON/XOFF handling. */
2879 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2880 tty_kref_put(gsm->tty);
2881 gsm->tty = NULL;
2882 }
2883
gsmld_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)2884 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2885 const char *fp, int count)
2886 {
2887 struct gsm_mux *gsm = tty->disc_data;
2888 char flags = TTY_NORMAL;
2889
2890 if (debug & DBG_DATA)
2891 gsm_hex_dump_bytes(__func__, cp, count);
2892
2893 for (; count; count--, cp++) {
2894 if (fp)
2895 flags = *fp++;
2896 switch (flags) {
2897 case TTY_NORMAL:
2898 if (gsm->receive)
2899 gsm->receive(gsm, *cp);
2900 break;
2901 case TTY_OVERRUN:
2902 case TTY_BREAK:
2903 case TTY_PARITY:
2904 case TTY_FRAME:
2905 gsm_error(gsm);
2906 break;
2907 default:
2908 WARN_ONCE(1, "%s: unknown flag %d\n",
2909 tty_name(tty), flags);
2910 break;
2911 }
2912 }
2913 /* FASYNC if needed ? */
2914 /* If clogged call tty_throttle(tty); */
2915 }
2916
2917 /**
2918 * gsmld_flush_buffer - clean input queue
2919 * @tty: terminal device
2920 *
2921 * Flush the input buffer. Called when the line discipline is
2922 * being closed, when the tty layer wants the buffer flushed (eg
2923 * at hangup).
2924 */
2925
gsmld_flush_buffer(struct tty_struct * tty)2926 static void gsmld_flush_buffer(struct tty_struct *tty)
2927 {
2928 }
2929
2930 /**
2931 * gsmld_close - close the ldisc for this tty
2932 * @tty: device
2933 *
2934 * Called from the terminal layer when this line discipline is
2935 * being shut down, either because of a close or becsuse of a
2936 * discipline change. The function will not be called while other
2937 * ldisc methods are in progress.
2938 */
2939
gsmld_close(struct tty_struct * tty)2940 static void gsmld_close(struct tty_struct *tty)
2941 {
2942 struct gsm_mux *gsm = tty->disc_data;
2943
2944 /* The ldisc locks and closes the port before calling our close. This
2945 * means we have no way to do a proper disconnect. We will not bother
2946 * to do one.
2947 */
2948 gsm_cleanup_mux(gsm, false);
2949
2950 gsmld_detach_gsm(tty, gsm);
2951
2952 gsmld_flush_buffer(tty);
2953 /* Do other clean up here */
2954 mux_put(gsm);
2955 }
2956
2957 /**
2958 * gsmld_open - open an ldisc
2959 * @tty: terminal to open
2960 *
2961 * Called when this line discipline is being attached to the
2962 * terminal device. Can sleep. Called serialized so that no
2963 * other events will occur in parallel. No further open will occur
2964 * until a close.
2965 */
2966
gsmld_open(struct tty_struct * tty)2967 static int gsmld_open(struct tty_struct *tty)
2968 {
2969 struct gsm_mux *gsm;
2970
2971 if (tty->ops->write == NULL)
2972 return -EINVAL;
2973
2974 /* Attach our ldisc data */
2975 gsm = gsm_alloc_mux();
2976 if (gsm == NULL)
2977 return -ENOMEM;
2978
2979 tty->disc_data = gsm;
2980 tty->receive_room = 65536;
2981
2982 /* Attach the initial passive connection */
2983 gsm->encoding = GSM_ADV_OPT;
2984 gsmld_attach_gsm(tty, gsm);
2985
2986 return 0;
2987 }
2988
2989 /**
2990 * gsmld_write_wakeup - asynchronous I/O notifier
2991 * @tty: tty device
2992 *
2993 * Required for the ptys, serial driver etc. since processes
2994 * that attach themselves to the master and rely on ASYNC
2995 * IO must be woken up
2996 */
2997
gsmld_write_wakeup(struct tty_struct * tty)2998 static void gsmld_write_wakeup(struct tty_struct *tty)
2999 {
3000 struct gsm_mux *gsm = tty->disc_data;
3001
3002 /* Queue poll */
3003 gsmld_write_trigger(gsm);
3004 }
3005
3006 /**
3007 * gsmld_read - read function for tty
3008 * @tty: tty device
3009 * @file: file object
3010 * @buf: userspace buffer pointer
3011 * @nr: size of I/O
3012 * @cookie: unused
3013 * @offset: unused
3014 *
3015 * Perform reads for the line discipline. We are guaranteed that the
3016 * line discipline will not be closed under us but we may get multiple
3017 * parallel readers and must handle this ourselves. We may also get
3018 * a hangup. Always called in user context, may sleep.
3019 *
3020 * This code must be sure never to sleep through a hangup.
3021 */
3022
gsmld_read(struct tty_struct * tty,struct file * file,unsigned char * buf,size_t nr,void ** cookie,unsigned long offset)3023 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
3024 unsigned char *buf, size_t nr,
3025 void **cookie, unsigned long offset)
3026 {
3027 return -EOPNOTSUPP;
3028 }
3029
3030 /**
3031 * gsmld_write - write function for tty
3032 * @tty: tty device
3033 * @file: file object
3034 * @buf: userspace buffer pointer
3035 * @nr: size of I/O
3036 *
3037 * Called when the owner of the device wants to send a frame
3038 * itself (or some other control data). The data is transferred
3039 * as-is and must be properly framed and checksummed as appropriate
3040 * by userspace. Frames are either sent whole or not at all as this
3041 * avoids pain user side.
3042 */
3043
gsmld_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)3044 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3045 const unsigned char *buf, size_t nr)
3046 {
3047 struct gsm_mux *gsm = tty->disc_data;
3048 unsigned long flags;
3049 int space;
3050 int ret;
3051
3052 if (!gsm)
3053 return -ENODEV;
3054
3055 ret = -ENOBUFS;
3056 spin_lock_irqsave(&gsm->tx_lock, flags);
3057 space = tty_write_room(tty);
3058 if (space >= nr)
3059 ret = tty->ops->write(tty, buf, nr);
3060 else
3061 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
3062 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3063
3064 return ret;
3065 }
3066
3067 /**
3068 * gsmld_poll - poll method for N_GSM0710
3069 * @tty: terminal device
3070 * @file: file accessing it
3071 * @wait: poll table
3072 *
3073 * Called when the line discipline is asked to poll() for data or
3074 * for special events. This code is not serialized with respect to
3075 * other events save open/close.
3076 *
3077 * This code must be sure never to sleep through a hangup.
3078 * Called without the kernel lock held - fine
3079 */
3080
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)3081 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
3082 poll_table *wait)
3083 {
3084 __poll_t mask = 0;
3085 struct gsm_mux *gsm = tty->disc_data;
3086
3087 poll_wait(file, &tty->read_wait, wait);
3088 poll_wait(file, &tty->write_wait, wait);
3089
3090 if (gsm->dead)
3091 mask |= EPOLLHUP;
3092 if (tty_hung_up_p(file))
3093 mask |= EPOLLHUP;
3094 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3095 mask |= EPOLLHUP;
3096 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
3097 mask |= EPOLLOUT | EPOLLWRNORM;
3098 return mask;
3099 }
3100
gsmld_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3101 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3102 unsigned long arg)
3103 {
3104 struct gsm_config c;
3105 struct gsm_mux *gsm = tty->disc_data;
3106 unsigned int base;
3107
3108 switch (cmd) {
3109 case GSMIOC_GETCONF:
3110 gsm_copy_config_values(gsm, &c);
3111 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
3112 return -EFAULT;
3113 return 0;
3114 case GSMIOC_SETCONF:
3115 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
3116 return -EFAULT;
3117 return gsm_config(gsm, &c);
3118 case GSMIOC_GETFIRST:
3119 base = mux_num_to_base(gsm);
3120 return put_user(base + 1, (__u32 __user *)arg);
3121 default:
3122 return n_tty_ioctl_helper(tty, cmd, arg);
3123 }
3124 }
3125
3126 /*
3127 * Network interface
3128 *
3129 */
3130
gsm_mux_net_open(struct net_device * net)3131 static int gsm_mux_net_open(struct net_device *net)
3132 {
3133 pr_debug("%s called\n", __func__);
3134 netif_start_queue(net);
3135 return 0;
3136 }
3137
gsm_mux_net_close(struct net_device * net)3138 static int gsm_mux_net_close(struct net_device *net)
3139 {
3140 netif_stop_queue(net);
3141 return 0;
3142 }
3143
dlci_net_free(struct gsm_dlci * dlci)3144 static void dlci_net_free(struct gsm_dlci *dlci)
3145 {
3146 if (!dlci->net) {
3147 WARN_ON(1);
3148 return;
3149 }
3150 dlci->adaption = dlci->prev_adaption;
3151 dlci->data = dlci->prev_data;
3152 free_netdev(dlci->net);
3153 dlci->net = NULL;
3154 }
net_free(struct kref * ref)3155 static void net_free(struct kref *ref)
3156 {
3157 struct gsm_mux_net *mux_net;
3158 struct gsm_dlci *dlci;
3159
3160 mux_net = container_of(ref, struct gsm_mux_net, ref);
3161 dlci = mux_net->dlci;
3162
3163 if (dlci->net) {
3164 unregister_netdev(dlci->net);
3165 dlci_net_free(dlci);
3166 }
3167 }
3168
muxnet_get(struct gsm_mux_net * mux_net)3169 static inline void muxnet_get(struct gsm_mux_net *mux_net)
3170 {
3171 kref_get(&mux_net->ref);
3172 }
3173
muxnet_put(struct gsm_mux_net * mux_net)3174 static inline void muxnet_put(struct gsm_mux_net *mux_net)
3175 {
3176 kref_put(&mux_net->ref, net_free);
3177 }
3178
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)3179 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
3180 struct net_device *net)
3181 {
3182 struct gsm_mux_net *mux_net = netdev_priv(net);
3183 struct gsm_dlci *dlci = mux_net->dlci;
3184 muxnet_get(mux_net);
3185
3186 skb_queue_head(&dlci->skb_list, skb);
3187 net->stats.tx_packets++;
3188 net->stats.tx_bytes += skb->len;
3189 gsm_dlci_data_kick(dlci);
3190 /* And tell the kernel when the last transmit started. */
3191 netif_trans_update(net);
3192 muxnet_put(mux_net);
3193 return NETDEV_TX_OK;
3194 }
3195
3196 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)3197 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
3198 {
3199 /* Tell syslog we are hosed. */
3200 dev_dbg(&net->dev, "Tx timed out.\n");
3201
3202 /* Update statistics */
3203 net->stats.tx_errors++;
3204 }
3205
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const unsigned char * in_buf,int size)3206 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
3207 const unsigned char *in_buf, int size)
3208 {
3209 struct net_device *net = dlci->net;
3210 struct sk_buff *skb;
3211 struct gsm_mux_net *mux_net = netdev_priv(net);
3212 muxnet_get(mux_net);
3213
3214 /* Allocate an sk_buff */
3215 skb = dev_alloc_skb(size + NET_IP_ALIGN);
3216 if (!skb) {
3217 /* We got no receive buffer. */
3218 net->stats.rx_dropped++;
3219 muxnet_put(mux_net);
3220 return;
3221 }
3222 skb_reserve(skb, NET_IP_ALIGN);
3223 skb_put_data(skb, in_buf, size);
3224
3225 skb->dev = net;
3226 skb->protocol = htons(ETH_P_IP);
3227
3228 /* Ship it off to the kernel */
3229 netif_rx(skb);
3230
3231 /* update out statistics */
3232 net->stats.rx_packets++;
3233 net->stats.rx_bytes += size;
3234 muxnet_put(mux_net);
3235 return;
3236 }
3237
gsm_mux_net_init(struct net_device * net)3238 static void gsm_mux_net_init(struct net_device *net)
3239 {
3240 static const struct net_device_ops gsm_netdev_ops = {
3241 .ndo_open = gsm_mux_net_open,
3242 .ndo_stop = gsm_mux_net_close,
3243 .ndo_start_xmit = gsm_mux_net_start_xmit,
3244 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
3245 };
3246
3247 net->netdev_ops = &gsm_netdev_ops;
3248
3249 /* fill in the other fields */
3250 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
3251 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
3252 net->type = ARPHRD_NONE;
3253 net->tx_queue_len = 10;
3254 }
3255
3256
3257 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)3258 static void gsm_destroy_network(struct gsm_dlci *dlci)
3259 {
3260 struct gsm_mux_net *mux_net;
3261
3262 pr_debug("destroy network interface\n");
3263 if (!dlci->net)
3264 return;
3265 mux_net = netdev_priv(dlci->net);
3266 muxnet_put(mux_net);
3267 }
3268
3269
3270 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)3271 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
3272 {
3273 char *netname;
3274 int retval = 0;
3275 struct net_device *net;
3276 struct gsm_mux_net *mux_net;
3277
3278 if (!capable(CAP_NET_ADMIN))
3279 return -EPERM;
3280
3281 /* Already in a non tty mode */
3282 if (dlci->adaption > 2)
3283 return -EBUSY;
3284
3285 if (nc->protocol != htons(ETH_P_IP))
3286 return -EPROTONOSUPPORT;
3287
3288 if (nc->adaption != 3 && nc->adaption != 4)
3289 return -EPROTONOSUPPORT;
3290
3291 pr_debug("create network interface\n");
3292
3293 netname = "gsm%d";
3294 if (nc->if_name[0] != '\0')
3295 netname = nc->if_name;
3296 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
3297 NET_NAME_UNKNOWN, gsm_mux_net_init);
3298 if (!net) {
3299 pr_err("alloc_netdev failed\n");
3300 return -ENOMEM;
3301 }
3302 net->mtu = dlci->gsm->mtu;
3303 net->min_mtu = 8;
3304 net->max_mtu = dlci->gsm->mtu;
3305 mux_net = netdev_priv(net);
3306 mux_net->dlci = dlci;
3307 kref_init(&mux_net->ref);
3308 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
3309
3310 /* reconfigure dlci for network */
3311 dlci->prev_adaption = dlci->adaption;
3312 dlci->prev_data = dlci->data;
3313 dlci->adaption = nc->adaption;
3314 dlci->data = gsm_mux_rx_netchar;
3315 dlci->net = net;
3316
3317 pr_debug("register netdev\n");
3318 retval = register_netdev(net);
3319 if (retval) {
3320 pr_err("network register fail %d\n", retval);
3321 dlci_net_free(dlci);
3322 return retval;
3323 }
3324 return net->ifindex; /* return network index */
3325 }
3326
3327 /* Line discipline for real tty */
3328 static struct tty_ldisc_ops tty_ldisc_packet = {
3329 .owner = THIS_MODULE,
3330 .num = N_GSM0710,
3331 .name = "n_gsm",
3332 .open = gsmld_open,
3333 .close = gsmld_close,
3334 .flush_buffer = gsmld_flush_buffer,
3335 .read = gsmld_read,
3336 .write = gsmld_write,
3337 .ioctl = gsmld_ioctl,
3338 .poll = gsmld_poll,
3339 .receive_buf = gsmld_receive_buf,
3340 .write_wakeup = gsmld_write_wakeup
3341 };
3342
3343 /*
3344 * Virtual tty side
3345 */
3346
3347 /**
3348 * gsm_modem_upd_via_data - send modem bits via convergence layer
3349 * @dlci: channel
3350 * @brk: break signal
3351 *
3352 * Send an empty frame to signal mobile state changes and to transmit the
3353 * break signal for adaption 2.
3354 */
3355
gsm_modem_upd_via_data(struct gsm_dlci * dlci,u8 brk)3356 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
3357 {
3358 struct gsm_mux *gsm = dlci->gsm;
3359 unsigned long flags;
3360
3361 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
3362 return;
3363
3364 spin_lock_irqsave(&gsm->tx_lock, flags);
3365 gsm_dlci_modem_output(gsm, dlci, brk);
3366 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3367 }
3368
3369 /**
3370 * gsm_modem_upd_via_msc - send modem bits via control frame
3371 * @dlci: channel
3372 * @brk: break signal
3373 */
3374
gsm_modem_upd_via_msc(struct gsm_dlci * dlci,u8 brk)3375 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
3376 {
3377 u8 modembits[3];
3378 struct gsm_control *ctrl;
3379 int len = 2;
3380
3381 if (dlci->gsm->encoding != GSM_BASIC_OPT)
3382 return 0;
3383
3384 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
3385 if (!brk) {
3386 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3387 } else {
3388 modembits[1] = gsm_encode_modem(dlci) << 1;
3389 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3390 len++;
3391 }
3392 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3393 if (ctrl == NULL)
3394 return -ENOMEM;
3395 return gsm_control_wait(dlci->gsm, ctrl);
3396 }
3397
3398 /**
3399 * gsm_modem_update - send modem status line state
3400 * @dlci: channel
3401 * @brk: break signal
3402 */
3403
gsm_modem_update(struct gsm_dlci * dlci,u8 brk)3404 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
3405 {
3406 if (dlci->adaption == 2) {
3407 /* Send convergence layer type 2 empty data frame. */
3408 gsm_modem_upd_via_data(dlci, brk);
3409 return 0;
3410 } else if (dlci->gsm->encoding == GSM_BASIC_OPT) {
3411 /* Send as MSC control message. */
3412 return gsm_modem_upd_via_msc(dlci, brk);
3413 }
3414
3415 /* Modem status lines are not supported. */
3416 return -EPROTONOSUPPORT;
3417 }
3418
gsm_carrier_raised(struct tty_port * port)3419 static int gsm_carrier_raised(struct tty_port *port)
3420 {
3421 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3422 struct gsm_mux *gsm = dlci->gsm;
3423
3424 /* Not yet open so no carrier info */
3425 if (dlci->state != DLCI_OPEN)
3426 return 0;
3427 if (debug & DBG_CD_ON)
3428 return 1;
3429
3430 /*
3431 * Basic mode with control channel in ADM mode may not respond
3432 * to CMD_MSC at all and modem_rx is empty.
3433 */
3434 if (gsm->encoding == GSM_BASIC_OPT &&
3435 gsm->dlci[0]->mode == DLCI_MODE_ADM && !dlci->modem_rx)
3436 return 1;
3437
3438 return dlci->modem_rx & TIOCM_CD;
3439 }
3440
gsm_dtr_rts(struct tty_port * port,int onoff)3441 static void gsm_dtr_rts(struct tty_port *port, int onoff)
3442 {
3443 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3444 unsigned int modem_tx = dlci->modem_tx;
3445 if (onoff)
3446 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3447 else
3448 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3449 if (modem_tx != dlci->modem_tx) {
3450 dlci->modem_tx = modem_tx;
3451 gsm_modem_update(dlci, 0);
3452 }
3453 }
3454
3455 static const struct tty_port_operations gsm_port_ops = {
3456 .carrier_raised = gsm_carrier_raised,
3457 .dtr_rts = gsm_dtr_rts,
3458 .destruct = gsm_dlci_free,
3459 };
3460
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)3461 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3462 {
3463 struct gsm_mux *gsm;
3464 struct gsm_dlci *dlci;
3465 unsigned int line = tty->index;
3466 unsigned int mux = mux_line_to_num(line);
3467 bool alloc = false;
3468 int ret;
3469
3470 line = line & 0x3F;
3471
3472 if (mux >= MAX_MUX)
3473 return -ENXIO;
3474 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3475 if (gsm_mux[mux] == NULL)
3476 return -EUNATCH;
3477 if (line == 0 || line > 61) /* 62/63 reserved */
3478 return -ECHRNG;
3479 gsm = gsm_mux[mux];
3480 if (gsm->dead)
3481 return -EL2HLT;
3482 /* If DLCI 0 is not yet fully open return an error.
3483 This is ok from a locking
3484 perspective as we don't have to worry about this
3485 if DLCI0 is lost */
3486 mutex_lock(&gsm->mutex);
3487 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3488 mutex_unlock(&gsm->mutex);
3489 return -EL2NSYNC;
3490 }
3491 dlci = gsm->dlci[line];
3492 if (dlci == NULL) {
3493 alloc = true;
3494 dlci = gsm_dlci_alloc(gsm, line);
3495 }
3496 if (dlci == NULL) {
3497 mutex_unlock(&gsm->mutex);
3498 return -ENOMEM;
3499 }
3500 ret = tty_port_install(&dlci->port, driver, tty);
3501 if (ret) {
3502 if (alloc)
3503 dlci_put(dlci);
3504 mutex_unlock(&gsm->mutex);
3505 return ret;
3506 }
3507
3508 dlci_get(dlci);
3509 dlci_get(gsm->dlci[0]);
3510 mux_get(gsm);
3511 tty->driver_data = dlci;
3512 mutex_unlock(&gsm->mutex);
3513
3514 return 0;
3515 }
3516
gsmtty_open(struct tty_struct * tty,struct file * filp)3517 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3518 {
3519 struct gsm_dlci *dlci = tty->driver_data;
3520 struct tty_port *port = &dlci->port;
3521 struct gsm_mux *gsm = dlci->gsm;
3522
3523 port->count++;
3524 tty_port_tty_set(port, tty);
3525
3526 dlci->modem_rx = 0;
3527 /* We could in theory open and close before we wait - eg if we get
3528 a DM straight back. This is ok as that will have caused a hangup */
3529 tty_port_set_initialized(port, 1);
3530 /* Start sending off SABM messages */
3531 if (gsm->initiator)
3532 gsm_dlci_begin_open(dlci);
3533 else
3534 gsm_dlci_set_opening(dlci);
3535 /* And wait for virtual carrier */
3536 return tty_port_block_til_ready(port, tty, filp);
3537 }
3538
gsmtty_close(struct tty_struct * tty,struct file * filp)3539 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3540 {
3541 struct gsm_dlci *dlci = tty->driver_data;
3542
3543 if (dlci == NULL)
3544 return;
3545 if (dlci->state == DLCI_CLOSED)
3546 return;
3547 mutex_lock(&dlci->mutex);
3548 gsm_destroy_network(dlci);
3549 mutex_unlock(&dlci->mutex);
3550 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3551 return;
3552 gsm_dlci_begin_close(dlci);
3553 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3554 tty_port_lower_dtr_rts(&dlci->port);
3555 tty_port_close_end(&dlci->port, tty);
3556 tty_port_tty_set(&dlci->port, NULL);
3557 return;
3558 }
3559
gsmtty_hangup(struct tty_struct * tty)3560 static void gsmtty_hangup(struct tty_struct *tty)
3561 {
3562 struct gsm_dlci *dlci = tty->driver_data;
3563 if (dlci->state == DLCI_CLOSED)
3564 return;
3565 tty_port_hangup(&dlci->port);
3566 gsm_dlci_begin_close(dlci);
3567 }
3568
gsmtty_write(struct tty_struct * tty,const unsigned char * buf,int len)3569 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3570 int len)
3571 {
3572 int sent;
3573 struct gsm_dlci *dlci = tty->driver_data;
3574 if (dlci->state == DLCI_CLOSED)
3575 return -EINVAL;
3576 /* Stuff the bytes into the fifo queue */
3577 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3578 /* Need to kick the channel */
3579 gsm_dlci_data_kick(dlci);
3580 return sent;
3581 }
3582
gsmtty_write_room(struct tty_struct * tty)3583 static unsigned int gsmtty_write_room(struct tty_struct *tty)
3584 {
3585 struct gsm_dlci *dlci = tty->driver_data;
3586 if (dlci->state == DLCI_CLOSED)
3587 return 0;
3588 return kfifo_avail(&dlci->fifo);
3589 }
3590
gsmtty_chars_in_buffer(struct tty_struct * tty)3591 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
3592 {
3593 struct gsm_dlci *dlci = tty->driver_data;
3594 if (dlci->state == DLCI_CLOSED)
3595 return 0;
3596 return kfifo_len(&dlci->fifo);
3597 }
3598
gsmtty_flush_buffer(struct tty_struct * tty)3599 static void gsmtty_flush_buffer(struct tty_struct *tty)
3600 {
3601 struct gsm_dlci *dlci = tty->driver_data;
3602 unsigned long flags;
3603
3604 if (dlci->state == DLCI_CLOSED)
3605 return;
3606 /* Caution needed: If we implement reliable transport classes
3607 then the data being transmitted can't simply be junked once
3608 it has first hit the stack. Until then we can just blow it
3609 away */
3610 spin_lock_irqsave(&dlci->lock, flags);
3611 kfifo_reset(&dlci->fifo);
3612 spin_unlock_irqrestore(&dlci->lock, flags);
3613 /* Need to unhook this DLCI from the transmit queue logic */
3614 }
3615
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)3616 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3617 {
3618 /* The FIFO handles the queue so the kernel will do the right
3619 thing waiting on chars_in_buffer before calling us. No work
3620 to do here */
3621 }
3622
gsmtty_tiocmget(struct tty_struct * tty)3623 static int gsmtty_tiocmget(struct tty_struct *tty)
3624 {
3625 struct gsm_dlci *dlci = tty->driver_data;
3626 if (dlci->state == DLCI_CLOSED)
3627 return -EINVAL;
3628 return dlci->modem_rx;
3629 }
3630
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)3631 static int gsmtty_tiocmset(struct tty_struct *tty,
3632 unsigned int set, unsigned int clear)
3633 {
3634 struct gsm_dlci *dlci = tty->driver_data;
3635 unsigned int modem_tx = dlci->modem_tx;
3636
3637 if (dlci->state == DLCI_CLOSED)
3638 return -EINVAL;
3639 modem_tx &= ~clear;
3640 modem_tx |= set;
3641
3642 if (modem_tx != dlci->modem_tx) {
3643 dlci->modem_tx = modem_tx;
3644 return gsm_modem_update(dlci, 0);
3645 }
3646 return 0;
3647 }
3648
3649
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3650 static int gsmtty_ioctl(struct tty_struct *tty,
3651 unsigned int cmd, unsigned long arg)
3652 {
3653 struct gsm_dlci *dlci = tty->driver_data;
3654 struct gsm_netconfig nc;
3655 int index;
3656
3657 if (dlci->state == DLCI_CLOSED)
3658 return -EINVAL;
3659 switch (cmd) {
3660 case GSMIOC_ENABLE_NET:
3661 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3662 return -EFAULT;
3663 nc.if_name[IFNAMSIZ-1] = '\0';
3664 /* return net interface index or error code */
3665 mutex_lock(&dlci->mutex);
3666 index = gsm_create_network(dlci, &nc);
3667 mutex_unlock(&dlci->mutex);
3668 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3669 return -EFAULT;
3670 return index;
3671 case GSMIOC_DISABLE_NET:
3672 if (!capable(CAP_NET_ADMIN))
3673 return -EPERM;
3674 mutex_lock(&dlci->mutex);
3675 gsm_destroy_network(dlci);
3676 mutex_unlock(&dlci->mutex);
3677 return 0;
3678 default:
3679 return -ENOIOCTLCMD;
3680 }
3681 }
3682
gsmtty_set_termios(struct tty_struct * tty,const struct ktermios * old)3683 static void gsmtty_set_termios(struct tty_struct *tty,
3684 const struct ktermios *old)
3685 {
3686 struct gsm_dlci *dlci = tty->driver_data;
3687 if (dlci->state == DLCI_CLOSED)
3688 return;
3689 /* For the moment its fixed. In actual fact the speed information
3690 for the virtual channel can be propogated in both directions by
3691 the RPN control message. This however rapidly gets nasty as we
3692 then have to remap modem signals each way according to whether
3693 our virtual cable is null modem etc .. */
3694 tty_termios_copy_hw(&tty->termios, old);
3695 }
3696
gsmtty_throttle(struct tty_struct * tty)3697 static void gsmtty_throttle(struct tty_struct *tty)
3698 {
3699 struct gsm_dlci *dlci = tty->driver_data;
3700 if (dlci->state == DLCI_CLOSED)
3701 return;
3702 if (C_CRTSCTS(tty))
3703 dlci->modem_tx &= ~TIOCM_RTS;
3704 dlci->throttled = true;
3705 /* Send an MSC with RTS cleared */
3706 gsm_modem_update(dlci, 0);
3707 }
3708
gsmtty_unthrottle(struct tty_struct * tty)3709 static void gsmtty_unthrottle(struct tty_struct *tty)
3710 {
3711 struct gsm_dlci *dlci = tty->driver_data;
3712 if (dlci->state == DLCI_CLOSED)
3713 return;
3714 if (C_CRTSCTS(tty))
3715 dlci->modem_tx |= TIOCM_RTS;
3716 dlci->throttled = false;
3717 /* Send an MSC with RTS set */
3718 gsm_modem_update(dlci, 0);
3719 }
3720
gsmtty_break_ctl(struct tty_struct * tty,int state)3721 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3722 {
3723 struct gsm_dlci *dlci = tty->driver_data;
3724 int encode = 0; /* Off */
3725 if (dlci->state == DLCI_CLOSED)
3726 return -EINVAL;
3727
3728 if (state == -1) /* "On indefinitely" - we can't encode this
3729 properly */
3730 encode = 0x0F;
3731 else if (state > 0) {
3732 encode = state / 200; /* mS to encoding */
3733 if (encode > 0x0F)
3734 encode = 0x0F; /* Best effort */
3735 }
3736 return gsm_modem_update(dlci, encode);
3737 }
3738
gsmtty_cleanup(struct tty_struct * tty)3739 static void gsmtty_cleanup(struct tty_struct *tty)
3740 {
3741 struct gsm_dlci *dlci = tty->driver_data;
3742 struct gsm_mux *gsm = dlci->gsm;
3743
3744 dlci_put(dlci);
3745 dlci_put(gsm->dlci[0]);
3746 mux_put(gsm);
3747 }
3748
3749 /* Virtual ttys for the demux */
3750 static const struct tty_operations gsmtty_ops = {
3751 .install = gsmtty_install,
3752 .open = gsmtty_open,
3753 .close = gsmtty_close,
3754 .write = gsmtty_write,
3755 .write_room = gsmtty_write_room,
3756 .chars_in_buffer = gsmtty_chars_in_buffer,
3757 .flush_buffer = gsmtty_flush_buffer,
3758 .ioctl = gsmtty_ioctl,
3759 .throttle = gsmtty_throttle,
3760 .unthrottle = gsmtty_unthrottle,
3761 .set_termios = gsmtty_set_termios,
3762 .hangup = gsmtty_hangup,
3763 .wait_until_sent = gsmtty_wait_until_sent,
3764 .tiocmget = gsmtty_tiocmget,
3765 .tiocmset = gsmtty_tiocmset,
3766 .break_ctl = gsmtty_break_ctl,
3767 .cleanup = gsmtty_cleanup,
3768 };
3769
3770
3771
gsm_init(void)3772 static int __init gsm_init(void)
3773 {
3774 /* Fill in our line protocol discipline, and register it */
3775 int status = tty_register_ldisc(&tty_ldisc_packet);
3776 if (status != 0) {
3777 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3778 status);
3779 return status;
3780 }
3781
3782 gsm_tty_driver = tty_alloc_driver(GSM_TTY_MINORS, TTY_DRIVER_REAL_RAW |
3783 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
3784 if (IS_ERR(gsm_tty_driver)) {
3785 pr_err("gsm_init: tty allocation failed.\n");
3786 status = PTR_ERR(gsm_tty_driver);
3787 goto err_unreg_ldisc;
3788 }
3789 gsm_tty_driver->driver_name = "gsmtty";
3790 gsm_tty_driver->name = "gsmtty";
3791 gsm_tty_driver->major = 0; /* Dynamic */
3792 gsm_tty_driver->minor_start = 0;
3793 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3794 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3795 gsm_tty_driver->init_termios = tty_std_termios;
3796 /* Fixme */
3797 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3798 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3799
3800 if (tty_register_driver(gsm_tty_driver)) {
3801 pr_err("gsm_init: tty registration failed.\n");
3802 status = -EBUSY;
3803 goto err_put_driver;
3804 }
3805 pr_debug("gsm_init: loaded as %d,%d.\n",
3806 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3807 return 0;
3808 err_put_driver:
3809 tty_driver_kref_put(gsm_tty_driver);
3810 err_unreg_ldisc:
3811 tty_unregister_ldisc(&tty_ldisc_packet);
3812 return status;
3813 }
3814
gsm_exit(void)3815 static void __exit gsm_exit(void)
3816 {
3817 tty_unregister_ldisc(&tty_ldisc_packet);
3818 tty_unregister_driver(gsm_tty_driver);
3819 tty_driver_kref_put(gsm_tty_driver);
3820 }
3821
3822 module_init(gsm_init);
3823 module_exit(gsm_exit);
3824
3825
3826 MODULE_LICENSE("GPL");
3827 MODULE_ALIAS_LDISC(N_GSM0710);
3828
