1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * Outgoing path:
9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc
10 * control message -> GSM MUX control queue --´
11 *
12 * Incoming path:
13 * ldisc -> gsm_queue() -o--> tty
14 * `-> gsm_control_response()
15 *
16 * TO DO:
17 * Mostly done: ioctls for setting modes/timing
18 * Partly done: hooks so you can pull off frames to non tty devs
19 * Restart DLCI 0 when it closes ?
20 * Improve the tx engine
21 * Resolve tx side locking by adding a queue_head and routing
22 * all control traffic via it
23 * General tidy/document
24 * Review the locking/move to refcounts more (mux now moved to an
25 * alloc/free model ready)
26 * Use newest tty open/close port helpers and install hooks
27 * What to do about power functions ?
28 * Termios setting and negotiation
29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
30 *
31 */
32
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched/signal.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/ctype.h>
42 #include <linux/mm.h>
43 #include <linux/string.h>
44 #include <linux/slab.h>
45 #include <linux/poll.h>
46 #include <linux/bitops.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/timer.h>
51 #include <linux/tty_flip.h>
52 #include <linux/tty_driver.h>
53 #include <linux/serial.h>
54 #include <linux/kfifo.h>
55 #include <linux/skbuff.h>
56 #include <net/arp.h>
57 #include <linux/ip.h>
58 #include <linux/netdevice.h>
59 #include <linux/etherdevice.h>
60 #include <linux/gsmmux.h>
61 #include "tty.h"
62
63 static int debug;
64 module_param(debug, int, 0600);
65
66 /* Defaults: these are from the specification */
67
68 #define T1 10 /* 100mS */
69 #define T2 34 /* 333mS */
70 #define N2 3 /* Retry 3 times */
71
72 /* Use long timers for testing at low speed with debug on */
73 #ifdef DEBUG_TIMING
74 #define T1 100
75 #define T2 200
76 #endif
77
78 /*
79 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
80 * limits so this is plenty
81 */
82 #define MAX_MRU 1500
83 #define MAX_MTU 1500
84 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
85 #define PROT_OVERHEAD 7
86 #define GSM_NET_TX_TIMEOUT (HZ*10)
87
88 /*
89 * struct gsm_mux_net - network interface
90 *
91 * Created when net interface is initialized.
92 */
93 struct gsm_mux_net {
94 struct kref ref;
95 struct gsm_dlci *dlci;
96 };
97
98 /*
99 * Each block of data we have queued to go out is in the form of
100 * a gsm_msg which holds everything we need in a link layer independent
101 * format
102 */
103
104 struct gsm_msg {
105 struct list_head list;
106 u8 addr; /* DLCI address + flags */
107 u8 ctrl; /* Control byte + flags */
108 unsigned int len; /* Length of data block (can be zero) */
109 unsigned char *data; /* Points into buffer but not at the start */
110 unsigned char buffer[];
111 };
112
113 enum gsm_dlci_state {
114 DLCI_CLOSED,
115 DLCI_OPENING, /* Sending SABM not seen UA */
116 DLCI_OPEN, /* SABM/UA complete */
117 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
118 };
119
120 enum gsm_dlci_mode {
121 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
122 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
123 };
124
125 /*
126 * Each active data link has a gsm_dlci structure associated which ties
127 * the link layer to an optional tty (if the tty side is open). To avoid
128 * complexity right now these are only ever freed up when the mux is
129 * shut down.
130 *
131 * At the moment we don't free DLCI objects until the mux is torn down
132 * this avoid object life time issues but might be worth review later.
133 */
134
135 struct gsm_dlci {
136 struct gsm_mux *gsm;
137 int addr;
138 enum gsm_dlci_state state;
139 struct mutex mutex;
140
141 /* Link layer */
142 enum gsm_dlci_mode mode;
143 spinlock_t lock; /* Protects the internal state */
144 struct timer_list t1; /* Retransmit timer for SABM and UA */
145 int retries;
146 /* Uplink tty if active */
147 struct tty_port port; /* The tty bound to this DLCI if there is one */
148 #define TX_SIZE 4096 /* Must be power of 2. */
149 struct kfifo fifo; /* Queue fifo for the DLCI */
150 int adaption; /* Adaption layer in use */
151 int prev_adaption;
152 u32 modem_rx; /* Our incoming virtual modem lines */
153 u32 modem_tx; /* Our outgoing modem lines */
154 bool dead; /* Refuse re-open */
155 /* Flow control */
156 bool throttled; /* Private copy of throttle state */
157 bool constipated; /* Throttle status for outgoing */
158 /* Packetised I/O */
159 struct sk_buff *skb; /* Frame being sent */
160 struct sk_buff_head skb_list; /* Queued frames */
161 /* Data handling callback */
162 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
163 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
164 struct net_device *net; /* network interface, if created */
165 };
166
167 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
168
169 #define NUM_DLCI 64
170
171 /*
172 * DLCI 0 is used to pass control blocks out of band of the data
173 * flow (and with a higher link priority). One command can be outstanding
174 * at a time and we use this structure to manage them. They are created
175 * and destroyed by the user context, and updated by the receive paths
176 * and timers
177 */
178
179 struct gsm_control {
180 u8 cmd; /* Command we are issuing */
181 u8 *data; /* Data for the command in case we retransmit */
182 int len; /* Length of block for retransmission */
183 int done; /* Done flag */
184 int error; /* Error if any */
185 };
186
187 enum gsm_mux_state {
188 GSM_SEARCH,
189 GSM_START,
190 GSM_ADDRESS,
191 GSM_CONTROL,
192 GSM_LEN,
193 GSM_DATA,
194 GSM_FCS,
195 GSM_OVERRUN,
196 GSM_LEN0,
197 GSM_LEN1,
198 GSM_SSOF,
199 };
200
201 /*
202 * Each GSM mux we have is represented by this structure. If we are
203 * operating as an ldisc then we use this structure as our ldisc
204 * state. We need to sort out lifetimes and locking with respect
205 * to the gsm mux array. For now we don't free DLCI objects that
206 * have been instantiated until the mux itself is terminated.
207 *
208 * To consider further: tty open versus mux shutdown.
209 */
210
211 struct gsm_mux {
212 struct tty_struct *tty; /* The tty our ldisc is bound to */
213 spinlock_t lock;
214 struct mutex mutex;
215 unsigned int num;
216 struct kref ref;
217
218 /* Events on the GSM channel */
219 wait_queue_head_t event;
220
221 /* ldisc send work */
222 struct work_struct tx_work;
223
224 /* Bits for GSM mode decoding */
225
226 /* Framing Layer */
227 unsigned char *buf;
228 enum gsm_mux_state state;
229 unsigned int len;
230 unsigned int address;
231 unsigned int count;
232 bool escape;
233 int encoding;
234 u8 control;
235 u8 fcs;
236 u8 *txframe; /* TX framing buffer */
237
238 /* Method for the receiver side */
239 void (*receive)(struct gsm_mux *gsm, u8 ch);
240
241 /* Link Layer */
242 unsigned int mru;
243 unsigned int mtu;
244 int initiator; /* Did we initiate connection */
245 bool dead; /* Has the mux been shut down */
246 struct gsm_dlci *dlci[NUM_DLCI];
247 int old_c_iflag; /* termios c_iflag value before attach */
248 bool constipated; /* Asked by remote to shut up */
249 bool has_devices; /* Devices were registered */
250
251 struct mutex tx_mutex;
252 unsigned int tx_bytes; /* TX data outstanding */
253 #define TX_THRESH_HI 8192
254 #define TX_THRESH_LO 2048
255 struct list_head tx_ctrl_list; /* Pending control packets */
256 struct list_head tx_data_list; /* Pending data packets */
257
258 /* Control messages */
259 struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
260 struct timer_list t2_timer; /* Retransmit timer for commands */
261 int cretries; /* Command retry counter */
262 struct gsm_control *pending_cmd;/* Our current pending command */
263 spinlock_t control_lock; /* Protects the pending command */
264
265 /* Configuration */
266 int adaption; /* 1 or 2 supported */
267 u8 ftype; /* UI or UIH */
268 int t1, t2; /* Timers in 1/100th of a sec */
269 int n2; /* Retry count */
270
271 /* Statistics (not currently exposed) */
272 unsigned long bad_fcs;
273 unsigned long malformed;
274 unsigned long io_error;
275 unsigned long bad_size;
276 unsigned long unsupported;
277 };
278
279
280 /*
281 * Mux objects - needed so that we can translate a tty index into the
282 * relevant mux and DLCI.
283 */
284
285 #define MAX_MUX 4 /* 256 minors */
286 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
287 static DEFINE_SPINLOCK(gsm_mux_lock);
288
289 static struct tty_driver *gsm_tty_driver;
290
291 /*
292 * This section of the driver logic implements the GSM encodings
293 * both the basic and the 'advanced'. Reliable transport is not
294 * supported.
295 */
296
297 #define CR 0x02
298 #define EA 0x01
299 #define PF 0x10
300
301 /* I is special: the rest are ..*/
302 #define RR 0x01
303 #define UI 0x03
304 #define RNR 0x05
305 #define REJ 0x09
306 #define DM 0x0F
307 #define SABM 0x2F
308 #define DISC 0x43
309 #define UA 0x63
310 #define UIH 0xEF
311
312 /* Channel commands */
313 #define CMD_NSC 0x09
314 #define CMD_TEST 0x11
315 #define CMD_PSC 0x21
316 #define CMD_RLS 0x29
317 #define CMD_FCOFF 0x31
318 #define CMD_PN 0x41
319 #define CMD_RPN 0x49
320 #define CMD_FCON 0x51
321 #define CMD_CLD 0x61
322 #define CMD_SNC 0x69
323 #define CMD_MSC 0x71
324
325 /* Virtual modem bits */
326 #define MDM_FC 0x01
327 #define MDM_RTC 0x02
328 #define MDM_RTR 0x04
329 #define MDM_IC 0x20
330 #define MDM_DV 0x40
331
332 #define GSM0_SOF 0xF9
333 #define GSM1_SOF 0x7E
334 #define GSM1_ESCAPE 0x7D
335 #define GSM1_ESCAPE_BITS 0x20
336 #define XON 0x11
337 #define XOFF 0x13
338 #define ISO_IEC_646_MASK 0x7F
339
340 static const struct tty_port_operations gsm_port_ops;
341
342 /*
343 * CRC table for GSM 0710
344 */
345
346 static const u8 gsm_fcs8[256] = {
347 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
348 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
349 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
350 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
351 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
352 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
353 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
354 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
355 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
356 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
357 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
358 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
359 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
360 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
361 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
362 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
363 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
364 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
365 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
366 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
367 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
368 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
369 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
370 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
371 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
372 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
373 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
374 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
375 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
376 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
377 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
378 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
379 };
380
381 #define INIT_FCS 0xFF
382 #define GOOD_FCS 0xCF
383
384 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
385 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
386 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
387 u8 ctrl);
388 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
389 static void gsmld_write_trigger(struct gsm_mux *gsm);
390 static void gsmld_write_task(struct work_struct *work);
391
392 /**
393 * gsm_fcs_add - update FCS
394 * @fcs: Current FCS
395 * @c: Next data
396 *
397 * Update the FCS to include c. Uses the algorithm in the specification
398 * notes.
399 */
400
gsm_fcs_add(u8 fcs,u8 c)401 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
402 {
403 return gsm_fcs8[fcs ^ c];
404 }
405
406 /**
407 * gsm_fcs_add_block - update FCS for a block
408 * @fcs: Current FCS
409 * @c: buffer of data
410 * @len: length of buffer
411 *
412 * Update the FCS to include c. Uses the algorithm in the specification
413 * notes.
414 */
415
gsm_fcs_add_block(u8 fcs,u8 * c,int len)416 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
417 {
418 while (len--)
419 fcs = gsm_fcs8[fcs ^ *c++];
420 return fcs;
421 }
422
423 /**
424 * gsm_read_ea - read a byte into an EA
425 * @val: variable holding value
426 * @c: byte going into the EA
427 *
428 * Processes one byte of an EA. Updates the passed variable
429 * and returns 1 if the EA is now completely read
430 */
431
gsm_read_ea(unsigned int * val,u8 c)432 static int gsm_read_ea(unsigned int *val, u8 c)
433 {
434 /* Add the next 7 bits into the value */
435 *val <<= 7;
436 *val |= c >> 1;
437 /* Was this the last byte of the EA 1 = yes*/
438 return c & EA;
439 }
440
441 /**
442 * gsm_read_ea_val - read a value until EA
443 * @val: variable holding value
444 * @data: buffer of data
445 * @dlen: length of data
446 *
447 * Processes an EA value. Updates the passed variable and
448 * returns the processed data length.
449 */
gsm_read_ea_val(unsigned int * val,const u8 * data,int dlen)450 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
451 {
452 unsigned int len = 0;
453
454 for (; dlen > 0; dlen--) {
455 len++;
456 if (gsm_read_ea(val, *data++))
457 break;
458 }
459 return len;
460 }
461
462 /**
463 * gsm_encode_modem - encode modem data bits
464 * @dlci: DLCI to encode from
465 *
466 * Returns the correct GSM encoded modem status bits (6 bit field) for
467 * the current status of the DLCI and attached tty object
468 */
469
gsm_encode_modem(const struct gsm_dlci * dlci)470 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
471 {
472 u8 modembits = 0;
473 /* FC is true flow control not modem bits */
474 if (dlci->throttled)
475 modembits |= MDM_FC;
476 if (dlci->modem_tx & TIOCM_DTR)
477 modembits |= MDM_RTC;
478 if (dlci->modem_tx & TIOCM_RTS)
479 modembits |= MDM_RTR;
480 if (dlci->modem_tx & TIOCM_RI)
481 modembits |= MDM_IC;
482 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
483 modembits |= MDM_DV;
484 return modembits;
485 }
486
gsm_hex_dump_bytes(const char * fname,const u8 * data,unsigned long len)487 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
488 unsigned long len)
489 {
490 char *prefix;
491
492 if (!fname) {
493 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
494 true);
495 return;
496 }
497
498 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
499 if (!prefix)
500 return;
501 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
502 true);
503 kfree(prefix);
504 }
505
506 /**
507 * gsm_register_devices - register all tty devices for a given mux index
508 *
509 * @driver: the tty driver that describes the tty devices
510 * @index: the mux number is used to calculate the minor numbers of the
511 * ttys for this mux and may differ from the position in the
512 * mux array.
513 */
gsm_register_devices(struct tty_driver * driver,unsigned int index)514 static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
515 {
516 struct device *dev;
517 int i;
518 unsigned int base;
519
520 if (!driver || index >= MAX_MUX)
521 return -EINVAL;
522
523 base = index * NUM_DLCI; /* first minor for this index */
524 for (i = 1; i < NUM_DLCI; i++) {
525 /* Don't register device 0 - this is the control channel
526 * and not a usable tty interface
527 */
528 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
529 if (IS_ERR(dev)) {
530 if (debug & 8)
531 pr_info("%s failed to register device minor %u",
532 __func__, base + i);
533 for (i--; i >= 1; i--)
534 tty_unregister_device(gsm_tty_driver, base + i);
535 return PTR_ERR(dev);
536 }
537 }
538
539 return 0;
540 }
541
542 /**
543 * gsm_unregister_devices - unregister all tty devices for a given mux index
544 *
545 * @driver: the tty driver that describes the tty devices
546 * @index: the mux number is used to calculate the minor numbers of the
547 * ttys for this mux and may differ from the position in the
548 * mux array.
549 */
gsm_unregister_devices(struct tty_driver * driver,unsigned int index)550 static void gsm_unregister_devices(struct tty_driver *driver,
551 unsigned int index)
552 {
553 int i;
554 unsigned int base;
555
556 if (!driver || index >= MAX_MUX)
557 return;
558
559 base = index * NUM_DLCI; /* first minor for this index */
560 for (i = 1; i < NUM_DLCI; i++) {
561 /* Don't unregister device 0 - this is the control
562 * channel and not a usable tty interface
563 */
564 tty_unregister_device(gsm_tty_driver, base + i);
565 }
566 }
567
568 /**
569 * gsm_print_packet - display a frame for debug
570 * @hdr: header to print before decode
571 * @addr: address EA from the frame
572 * @cr: C/R bit seen as initiator
573 * @control: control including PF bit
574 * @data: following data bytes
575 * @dlen: length of data
576 *
577 * Displays a packet in human readable format for debugging purposes. The
578 * style is based on amateur radio LAP-B dump display.
579 */
580
gsm_print_packet(const char * hdr,int addr,int cr,u8 control,const u8 * data,int dlen)581 static void gsm_print_packet(const char *hdr, int addr, int cr,
582 u8 control, const u8 *data, int dlen)
583 {
584 if (!(debug & 1))
585 return;
586
587 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
588
589 switch (control & ~PF) {
590 case SABM:
591 pr_cont("SABM");
592 break;
593 case UA:
594 pr_cont("UA");
595 break;
596 case DISC:
597 pr_cont("DISC");
598 break;
599 case DM:
600 pr_cont("DM");
601 break;
602 case UI:
603 pr_cont("UI");
604 break;
605 case UIH:
606 pr_cont("UIH");
607 break;
608 default:
609 if (!(control & 0x01)) {
610 pr_cont("I N(S)%d N(R)%d",
611 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
612 } else switch (control & 0x0F) {
613 case RR:
614 pr_cont("RR(%d)", (control & 0xE0) >> 5);
615 break;
616 case RNR:
617 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
618 break;
619 case REJ:
620 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
621 break;
622 default:
623 pr_cont("[%02X]", control);
624 }
625 }
626
627 if (control & PF)
628 pr_cont("(P)");
629 else
630 pr_cont("(F)");
631
632 gsm_hex_dump_bytes(NULL, data, dlen);
633 }
634
635
636 /*
637 * Link level transmission side
638 */
639
640 /**
641 * gsm_stuff_frame - bytestuff a packet
642 * @input: input buffer
643 * @output: output buffer
644 * @len: length of input
645 *
646 * Expand a buffer by bytestuffing it. The worst case size change
647 * is doubling and the caller is responsible for handing out
648 * suitable sized buffers.
649 */
650
gsm_stuff_frame(const u8 * input,u8 * output,int len)651 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
652 {
653 int olen = 0;
654 while (len--) {
655 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
656 || (*input & ISO_IEC_646_MASK) == XON
657 || (*input & ISO_IEC_646_MASK) == XOFF) {
658 *output++ = GSM1_ESCAPE;
659 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
660 olen++;
661 } else
662 *output++ = *input++;
663 olen++;
664 }
665 return olen;
666 }
667
668 /**
669 * gsm_send - send a control frame
670 * @gsm: our GSM mux
671 * @addr: address for control frame
672 * @cr: command/response bit seen as initiator
673 * @control: control byte including PF bit
674 *
675 * Format up and transmit a control frame. These should be transmitted
676 * ahead of data when they are needed.
677 */
gsm_send(struct gsm_mux * gsm,int addr,int cr,int control)678 static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
679 {
680 struct gsm_msg *msg;
681 u8 *dp;
682 int ocr;
683
684 msg = gsm_data_alloc(gsm, addr, 0, control);
685 if (!msg)
686 return -ENOMEM;
687
688 /* toggle C/R coding if not initiator */
689 ocr = cr ^ (gsm->initiator ? 0 : 1);
690
691 msg->data -= 3;
692 dp = msg->data;
693 *dp++ = (addr << 2) | (ocr << 1) | EA;
694 *dp++ = control;
695
696 if (gsm->encoding == 0)
697 *dp++ = EA; /* Length of data = 0 */
698
699 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
700 msg->len = (dp - msg->data) + 1;
701
702 gsm_print_packet("Q->", addr, cr, control, NULL, 0);
703
704 mutex_lock(&gsm->tx_mutex);
705 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
706 gsm->tx_bytes += msg->len;
707 mutex_unlock(&gsm->tx_mutex);
708 gsmld_write_trigger(gsm);
709
710 return 0;
711 }
712
713 /**
714 * gsm_dlci_clear_queues - remove outstanding data for a DLCI
715 * @gsm: mux
716 * @dlci: clear for this DLCI
717 *
718 * Clears the data queues for a given DLCI.
719 */
gsm_dlci_clear_queues(struct gsm_mux * gsm,struct gsm_dlci * dlci)720 static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
721 {
722 struct gsm_msg *msg, *nmsg;
723 int addr = dlci->addr;
724 unsigned long flags;
725
726 /* Clear DLCI write fifo first */
727 spin_lock_irqsave(&dlci->lock, flags);
728 kfifo_reset(&dlci->fifo);
729 spin_unlock_irqrestore(&dlci->lock, flags);
730
731 /* Clear data packets in MUX write queue */
732 mutex_lock(&gsm->tx_mutex);
733 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
734 if (msg->addr != addr)
735 continue;
736 gsm->tx_bytes -= msg->len;
737 list_del(&msg->list);
738 kfree(msg);
739 }
740 mutex_unlock(&gsm->tx_mutex);
741 }
742
743 /**
744 * gsm_response - send a control response
745 * @gsm: our GSM mux
746 * @addr: address for control frame
747 * @control: control byte including PF bit
748 *
749 * Format up and transmit a link level response frame.
750 */
751
gsm_response(struct gsm_mux * gsm,int addr,int control)752 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
753 {
754 gsm_send(gsm, addr, 0, control);
755 }
756
757 /**
758 * gsm_command - send a control command
759 * @gsm: our GSM mux
760 * @addr: address for control frame
761 * @control: control byte including PF bit
762 *
763 * Format up and transmit a link level command frame.
764 */
765
gsm_command(struct gsm_mux * gsm,int addr,int control)766 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
767 {
768 gsm_send(gsm, addr, 1, control);
769 }
770
771 /* Data transmission */
772
773 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
774
775 /**
776 * gsm_data_alloc - allocate data frame
777 * @gsm: GSM mux
778 * @addr: DLCI address
779 * @len: length excluding header and FCS
780 * @ctrl: control byte
781 *
782 * Allocate a new data buffer for sending frames with data. Space is left
783 * at the front for header bytes but that is treated as an implementation
784 * detail and not for the high level code to use
785 */
786
gsm_data_alloc(struct gsm_mux * gsm,u8 addr,int len,u8 ctrl)787 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
788 u8 ctrl)
789 {
790 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
791 GFP_ATOMIC);
792 if (m == NULL)
793 return NULL;
794 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
795 m->len = len;
796 m->addr = addr;
797 m->ctrl = ctrl;
798 INIT_LIST_HEAD(&m->list);
799 return m;
800 }
801
802 /**
803 * gsm_send_packet - sends a single packet
804 * @gsm: GSM Mux
805 * @msg: packet to send
806 *
807 * The given packet is encoded and sent out. No memory is freed.
808 * The caller must hold the gsm tx lock.
809 */
gsm_send_packet(struct gsm_mux * gsm,struct gsm_msg * msg)810 static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
811 {
812 int len, ret;
813
814
815 if (gsm->encoding == 0) {
816 gsm->txframe[0] = GSM0_SOF;
817 memcpy(gsm->txframe + 1, msg->data, msg->len);
818 gsm->txframe[msg->len + 1] = GSM0_SOF;
819 len = msg->len + 2;
820 } else {
821 gsm->txframe[0] = GSM1_SOF;
822 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
823 gsm->txframe[len + 1] = GSM1_SOF;
824 len += 2;
825 }
826
827 if (debug & 4)
828 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
829 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
830 msg->len);
831
832 ret = gsmld_output(gsm, gsm->txframe, len);
833 if (ret <= 0)
834 return ret;
835 /* FIXME: Can eliminate one SOF in many more cases */
836 gsm->tx_bytes -= msg->len;
837
838 return 0;
839 }
840
841 /**
842 * gsm_is_flow_ctrl_msg - checks if flow control message
843 * @msg: message to check
844 *
845 * Returns true if the given message is a flow control command of the
846 * control channel. False is returned in any other case.
847 */
gsm_is_flow_ctrl_msg(struct gsm_msg * msg)848 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
849 {
850 unsigned int cmd;
851
852 if (msg->addr > 0)
853 return false;
854
855 switch (msg->ctrl & ~PF) {
856 case UI:
857 case UIH:
858 cmd = 0;
859 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
860 break;
861 switch (cmd & ~PF) {
862 case CMD_FCOFF:
863 case CMD_FCON:
864 return true;
865 }
866 break;
867 }
868
869 return false;
870 }
871
872 /**
873 * gsm_data_kick - poke the queue
874 * @gsm: GSM Mux
875 *
876 * The tty device has called us to indicate that room has appeared in
877 * the transmit queue. Ram more data into the pipe if we have any.
878 * If we have been flow-stopped by a CMD_FCOFF, then we can only
879 * send messages on DLCI0 until CMD_FCON. The caller must hold
880 * the gsm tx lock.
881 */
gsm_data_kick(struct gsm_mux * gsm)882 static int gsm_data_kick(struct gsm_mux *gsm)
883 {
884 struct gsm_msg *msg, *nmsg;
885 struct gsm_dlci *dlci;
886 int ret;
887
888 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
889
890 /* Serialize control messages and control channel messages first */
891 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
892 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
893 continue;
894 ret = gsm_send_packet(gsm, msg);
895 switch (ret) {
896 case -ENOSPC:
897 return -ENOSPC;
898 case -ENODEV:
899 /* ldisc not open */
900 gsm->tx_bytes -= msg->len;
901 list_del(&msg->list);
902 kfree(msg);
903 continue;
904 default:
905 if (ret >= 0) {
906 list_del(&msg->list);
907 kfree(msg);
908 }
909 break;
910 }
911 }
912
913 if (gsm->constipated)
914 return -EAGAIN;
915
916 /* Serialize other channels */
917 if (list_empty(&gsm->tx_data_list))
918 return 0;
919 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
920 dlci = gsm->dlci[msg->addr];
921 /* Send only messages for DLCIs with valid state */
922 if (dlci->state != DLCI_OPEN) {
923 gsm->tx_bytes -= msg->len;
924 list_del(&msg->list);
925 kfree(msg);
926 continue;
927 }
928 ret = gsm_send_packet(gsm, msg);
929 switch (ret) {
930 case -ENOSPC:
931 return -ENOSPC;
932 case -ENODEV:
933 /* ldisc not open */
934 gsm->tx_bytes -= msg->len;
935 list_del(&msg->list);
936 kfree(msg);
937 continue;
938 default:
939 if (ret >= 0) {
940 list_del(&msg->list);
941 kfree(msg);
942 }
943 break;
944 }
945 }
946
947 return 1;
948 }
949
950 /**
951 * __gsm_data_queue - queue a UI or UIH frame
952 * @dlci: DLCI sending the data
953 * @msg: message queued
954 *
955 * Add data to the transmit queue and try and get stuff moving
956 * out of the mux tty if not already doing so. The Caller must hold
957 * the gsm tx lock.
958 */
959
__gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)960 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
961 {
962 struct gsm_mux *gsm = dlci->gsm;
963 u8 *dp = msg->data;
964 u8 *fcs = dp + msg->len;
965
966 /* Fill in the header */
967 if (gsm->encoding == 0) {
968 if (msg->len < 128)
969 *--dp = (msg->len << 1) | EA;
970 else {
971 *--dp = (msg->len >> 7); /* bits 7 - 15 */
972 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
973 }
974 }
975
976 *--dp = msg->ctrl;
977 if (gsm->initiator)
978 *--dp = (msg->addr << 2) | CR | EA;
979 else
980 *--dp = (msg->addr << 2) | EA;
981 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
982 /* Ugly protocol layering violation */
983 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
984 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
985 *fcs = 0xFF - *fcs;
986
987 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
988 msg->data, msg->len);
989
990 /* Move the header back and adjust the length, also allow for the FCS
991 now tacked on the end */
992 msg->len += (msg->data - dp) + 1;
993 msg->data = dp;
994
995 /* Add to the actual output queue */
996 switch (msg->ctrl & ~PF) {
997 case UI:
998 case UIH:
999 if (msg->addr > 0) {
1000 list_add_tail(&msg->list, &gsm->tx_data_list);
1001 break;
1002 }
1003 fallthrough;
1004 default:
1005 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1006 break;
1007 }
1008 gsm->tx_bytes += msg->len;
1009
1010 gsmld_write_trigger(gsm);
1011 schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
1012 }
1013
1014 /**
1015 * gsm_data_queue - queue a UI or UIH frame
1016 * @dlci: DLCI sending the data
1017 * @msg: message queued
1018 *
1019 * Add data to the transmit queue and try and get stuff moving
1020 * out of the mux tty if not already doing so. Take the
1021 * the gsm tx lock and dlci lock.
1022 */
1023
gsm_data_queue(struct gsm_dlci * dlci,struct gsm_msg * msg)1024 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1025 {
1026 mutex_lock(&dlci->gsm->tx_mutex);
1027 __gsm_data_queue(dlci, msg);
1028 mutex_unlock(&dlci->gsm->tx_mutex);
1029 }
1030
1031 /**
1032 * gsm_dlci_data_output - try and push data out of a DLCI
1033 * @gsm: mux
1034 * @dlci: the DLCI to pull data from
1035 *
1036 * Pull data from a DLCI and send it into the transmit queue if there
1037 * is data. Keep to the MRU of the mux. This path handles the usual tty
1038 * interface which is a byte stream with optional modem data.
1039 *
1040 * Caller must hold the tx_mutex of the mux.
1041 */
1042
gsm_dlci_data_output(struct gsm_mux * gsm,struct gsm_dlci * dlci)1043 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1044 {
1045 struct gsm_msg *msg;
1046 u8 *dp;
1047 int h, len, size;
1048
1049 /* for modem bits without break data */
1050 h = ((dlci->adaption == 1) ? 0 : 1);
1051
1052 len = kfifo_len(&dlci->fifo);
1053 if (len == 0)
1054 return 0;
1055
1056 /* MTU/MRU count only the data bits but watch adaption mode */
1057 if ((len + h) > gsm->mtu)
1058 len = gsm->mtu - h;
1059
1060 size = len + h;
1061
1062 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1063 if (!msg)
1064 return -ENOMEM;
1065 dp = msg->data;
1066 switch (dlci->adaption) {
1067 case 1: /* Unstructured */
1068 break;
1069 case 2: /* Unstructured with modem bits.
1070 * Always one byte as we never send inline break data
1071 */
1072 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1073 break;
1074 default:
1075 pr_err("%s: unsupported adaption %d\n", __func__,
1076 dlci->adaption);
1077 break;
1078 }
1079
1080 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1081 &dlci->lock));
1082
1083 /* Notify upper layer about available send space. */
1084 tty_port_tty_wakeup(&dlci->port);
1085
1086 __gsm_data_queue(dlci, msg);
1087 /* Bytes of data we used up */
1088 return size;
1089 }
1090
1091 /**
1092 * gsm_dlci_data_output_framed - try and push data out of a DLCI
1093 * @gsm: mux
1094 * @dlci: the DLCI to pull data from
1095 *
1096 * Pull data from a DLCI and send it into the transmit queue if there
1097 * is data. Keep to the MRU of the mux. This path handles framed data
1098 * queued as skbuffs to the DLCI.
1099 *
1100 * Caller must hold the tx_mutex of the mux.
1101 */
1102
gsm_dlci_data_output_framed(struct gsm_mux * gsm,struct gsm_dlci * dlci)1103 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1104 struct gsm_dlci *dlci)
1105 {
1106 struct gsm_msg *msg;
1107 u8 *dp;
1108 int len, size;
1109 int last = 0, first = 0;
1110 int overhead = 0;
1111
1112 /* One byte per frame is used for B/F flags */
1113 if (dlci->adaption == 4)
1114 overhead = 1;
1115
1116 /* dlci->skb is locked by tx_mutex */
1117 if (dlci->skb == NULL) {
1118 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
1119 if (dlci->skb == NULL)
1120 return 0;
1121 first = 1;
1122 }
1123 len = dlci->skb->len + overhead;
1124
1125 /* MTU/MRU count only the data bits */
1126 if (len > gsm->mtu) {
1127 if (dlci->adaption == 3) {
1128 /* Over long frame, bin it */
1129 dev_kfree_skb_any(dlci->skb);
1130 dlci->skb = NULL;
1131 return 0;
1132 }
1133 len = gsm->mtu;
1134 } else
1135 last = 1;
1136
1137 size = len + overhead;
1138 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1139 if (msg == NULL) {
1140 skb_queue_tail(&dlci->skb_list, dlci->skb);
1141 dlci->skb = NULL;
1142 return -ENOMEM;
1143 }
1144 dp = msg->data;
1145
1146 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1147 /* Flag byte to carry the start/end info */
1148 *dp++ = last << 7 | first << 6 | 1; /* EA */
1149 len--;
1150 }
1151 memcpy(dp, dlci->skb->data, len);
1152 skb_pull(dlci->skb, len);
1153 __gsm_data_queue(dlci, msg);
1154 if (last) {
1155 dev_kfree_skb_any(dlci->skb);
1156 dlci->skb = NULL;
1157 }
1158 return size;
1159 }
1160
1161 /**
1162 * gsm_dlci_modem_output - try and push modem status out of a DLCI
1163 * @gsm: mux
1164 * @dlci: the DLCI to pull modem status from
1165 * @brk: break signal
1166 *
1167 * Push an empty frame in to the transmit queue to update the modem status
1168 * bits and to transmit an optional break.
1169 *
1170 * Caller must hold the tx_mutex of the mux.
1171 */
1172
gsm_dlci_modem_output(struct gsm_mux * gsm,struct gsm_dlci * dlci,u8 brk)1173 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1174 u8 brk)
1175 {
1176 u8 *dp = NULL;
1177 struct gsm_msg *msg;
1178 int size = 0;
1179
1180 /* for modem bits without break data */
1181 switch (dlci->adaption) {
1182 case 1: /* Unstructured */
1183 break;
1184 case 2: /* Unstructured with modem bits. */
1185 size++;
1186 if (brk > 0)
1187 size++;
1188 break;
1189 default:
1190 pr_err("%s: unsupported adaption %d\n", __func__,
1191 dlci->adaption);
1192 return -EINVAL;
1193 }
1194
1195 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1196 if (!msg) {
1197 pr_err("%s: gsm_data_alloc error", __func__);
1198 return -ENOMEM;
1199 }
1200 dp = msg->data;
1201 switch (dlci->adaption) {
1202 case 1: /* Unstructured */
1203 break;
1204 case 2: /* Unstructured with modem bits. */
1205 if (brk == 0) {
1206 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1207 } else {
1208 *dp++ = gsm_encode_modem(dlci) << 1;
1209 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1210 }
1211 break;
1212 default:
1213 /* Handled above */
1214 break;
1215 }
1216
1217 __gsm_data_queue(dlci, msg);
1218 return size;
1219 }
1220
1221 /**
1222 * gsm_dlci_data_sweep - look for data to send
1223 * @gsm: the GSM mux
1224 *
1225 * Sweep the GSM mux channels in priority order looking for ones with
1226 * data to send. We could do with optimising this scan a bit. We aim
1227 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1228 * TX_THRESH_LO we get called again
1229 *
1230 * FIXME: We should round robin between groups and in theory you can
1231 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1232 */
1233
gsm_dlci_data_sweep(struct gsm_mux * gsm)1234 static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
1235 {
1236 /* Priority ordering: We should do priority with RR of the groups */
1237 int i, len, ret = 0;
1238 bool sent;
1239 struct gsm_dlci *dlci;
1240
1241 while (gsm->tx_bytes < TX_THRESH_HI) {
1242 for (sent = false, i = 1; i < NUM_DLCI; i++) {
1243 dlci = gsm->dlci[i];
1244 /* skip unused or blocked channel */
1245 if (!dlci || dlci->constipated)
1246 continue;
1247 /* skip channels with invalid state */
1248 if (dlci->state != DLCI_OPEN)
1249 continue;
1250 /* count the sent data per adaption */
1251 if (dlci->adaption < 3 && !dlci->net)
1252 len = gsm_dlci_data_output(gsm, dlci);
1253 else
1254 len = gsm_dlci_data_output_framed(gsm, dlci);
1255 /* on error exit */
1256 if (len < 0)
1257 return ret;
1258 if (len > 0) {
1259 ret++;
1260 sent = true;
1261 /* The lower DLCs can starve the higher DLCs! */
1262 break;
1263 }
1264 /* try next */
1265 }
1266 if (!sent)
1267 break;
1268 };
1269
1270 return ret;
1271 }
1272
1273 /**
1274 * gsm_dlci_data_kick - transmit if possible
1275 * @dlci: DLCI to kick
1276 *
1277 * Transmit data from this DLCI if the queue is empty. We can't rely on
1278 * a tty wakeup except when we filled the pipe so we need to fire off
1279 * new data ourselves in other cases.
1280 */
1281
gsm_dlci_data_kick(struct gsm_dlci * dlci)1282 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1283 {
1284 int sweep;
1285
1286 if (dlci->constipated)
1287 return;
1288
1289 mutex_lock(&dlci->gsm->tx_mutex);
1290 /* If we have nothing running then we need to fire up */
1291 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1292 if (dlci->gsm->tx_bytes == 0) {
1293 if (dlci->net)
1294 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1295 else
1296 gsm_dlci_data_output(dlci->gsm, dlci);
1297 }
1298 if (sweep)
1299 gsm_dlci_data_sweep(dlci->gsm);
1300 mutex_unlock(&dlci->gsm->tx_mutex);
1301 }
1302
1303 /*
1304 * Control message processing
1305 */
1306
1307
1308 /**
1309 * gsm_control_reply - send a response frame to a control
1310 * @gsm: gsm channel
1311 * @cmd: the command to use
1312 * @data: data to follow encoded info
1313 * @dlen: length of data
1314 *
1315 * Encode up and queue a UI/UIH frame containing our response.
1316 */
1317
gsm_control_reply(struct gsm_mux * gsm,int cmd,const u8 * data,int dlen)1318 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1319 int dlen)
1320 {
1321 struct gsm_msg *msg;
1322 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1323 if (msg == NULL)
1324 return;
1325 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1326 msg->data[1] = (dlen << 1) | EA;
1327 memcpy(msg->data + 2, data, dlen);
1328 gsm_data_queue(gsm->dlci[0], msg);
1329 }
1330
1331 /**
1332 * gsm_process_modem - process received modem status
1333 * @tty: virtual tty bound to the DLCI
1334 * @dlci: DLCI to affect
1335 * @modem: modem bits (full EA)
1336 * @slen: number of signal octets
1337 *
1338 * Used when a modem control message or line state inline in adaption
1339 * layer 2 is processed. Sort out the local modem state and throttles
1340 */
1341
gsm_process_modem(struct tty_struct * tty,struct gsm_dlci * dlci,u32 modem,int slen)1342 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1343 u32 modem, int slen)
1344 {
1345 int mlines = 0;
1346 u8 brk = 0;
1347 int fc;
1348
1349 /* The modem status command can either contain one octet (V.24 signals)
1350 * or two octets (V.24 signals + break signals). This is specified in
1351 * section 5.4.6.3.7 of the 07.10 mux spec.
1352 */
1353
1354 if (slen == 1)
1355 modem = modem & 0x7f;
1356 else {
1357 brk = modem & 0x7f;
1358 modem = (modem >> 7) & 0x7f;
1359 }
1360
1361 /* Flow control/ready to communicate */
1362 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1363 if (fc && !dlci->constipated) {
1364 /* Need to throttle our output on this device */
1365 dlci->constipated = true;
1366 } else if (!fc && dlci->constipated) {
1367 dlci->constipated = false;
1368 gsm_dlci_data_kick(dlci);
1369 }
1370
1371 /* Map modem bits */
1372 if (modem & MDM_RTC)
1373 mlines |= TIOCM_DSR | TIOCM_DTR;
1374 if (modem & MDM_RTR)
1375 mlines |= TIOCM_RTS | TIOCM_CTS;
1376 if (modem & MDM_IC)
1377 mlines |= TIOCM_RI;
1378 if (modem & MDM_DV)
1379 mlines |= TIOCM_CD;
1380
1381 /* Carrier drop -> hangup */
1382 if (tty) {
1383 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1384 if (!C_CLOCAL(tty))
1385 tty_hangup(tty);
1386 }
1387 if (brk & 0x01)
1388 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1389 dlci->modem_rx = mlines;
1390 }
1391
1392 /**
1393 * gsm_control_modem - modem status received
1394 * @gsm: GSM channel
1395 * @data: data following command
1396 * @clen: command length
1397 *
1398 * We have received a modem status control message. This is used by
1399 * the GSM mux protocol to pass virtual modem line status and optionally
1400 * to indicate break signals. Unpack it, convert to Linux representation
1401 * and if need be stuff a break message down the tty.
1402 */
1403
gsm_control_modem(struct gsm_mux * gsm,const u8 * data,int clen)1404 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1405 {
1406 unsigned int addr = 0;
1407 unsigned int modem = 0;
1408 struct gsm_dlci *dlci;
1409 int len = clen;
1410 int slen;
1411 const u8 *dp = data;
1412 struct tty_struct *tty;
1413
1414 while (gsm_read_ea(&addr, *dp++) == 0) {
1415 len--;
1416 if (len == 0)
1417 return;
1418 }
1419 /* Must be at least one byte following the EA */
1420 len--;
1421 if (len <= 0)
1422 return;
1423
1424 addr >>= 1;
1425 /* Closed port, or invalid ? */
1426 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1427 return;
1428 dlci = gsm->dlci[addr];
1429
1430 slen = len;
1431 while (gsm_read_ea(&modem, *dp++) == 0) {
1432 len--;
1433 if (len == 0)
1434 return;
1435 }
1436 len--;
1437 tty = tty_port_tty_get(&dlci->port);
1438 gsm_process_modem(tty, dlci, modem, slen - len);
1439 if (tty) {
1440 tty_wakeup(tty);
1441 tty_kref_put(tty);
1442 }
1443 gsm_control_reply(gsm, CMD_MSC, data, clen);
1444 }
1445
1446 /**
1447 * gsm_control_rls - remote line status
1448 * @gsm: GSM channel
1449 * @data: data bytes
1450 * @clen: data length
1451 *
1452 * The modem sends us a two byte message on the control channel whenever
1453 * it wishes to send us an error state from the virtual link. Stuff
1454 * this into the uplink tty if present
1455 */
1456
gsm_control_rls(struct gsm_mux * gsm,const u8 * data,int clen)1457 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1458 {
1459 struct tty_port *port;
1460 unsigned int addr = 0;
1461 u8 bits;
1462 int len = clen;
1463 const u8 *dp = data;
1464
1465 while (gsm_read_ea(&addr, *dp++) == 0) {
1466 len--;
1467 if (len == 0)
1468 return;
1469 }
1470 /* Must be at least one byte following ea */
1471 len--;
1472 if (len <= 0)
1473 return;
1474 addr >>= 1;
1475 /* Closed port, or invalid ? */
1476 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1477 return;
1478 /* No error ? */
1479 bits = *dp;
1480 if ((bits & 1) == 0)
1481 return;
1482
1483 port = &gsm->dlci[addr]->port;
1484
1485 if (bits & 2)
1486 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1487 if (bits & 4)
1488 tty_insert_flip_char(port, 0, TTY_PARITY);
1489 if (bits & 8)
1490 tty_insert_flip_char(port, 0, TTY_FRAME);
1491
1492 tty_flip_buffer_push(port);
1493
1494 gsm_control_reply(gsm, CMD_RLS, data, clen);
1495 }
1496
1497 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1498
1499 /**
1500 * gsm_control_message - DLCI 0 control processing
1501 * @gsm: our GSM mux
1502 * @command: the command EA
1503 * @data: data beyond the command/length EAs
1504 * @clen: length
1505 *
1506 * Input processor for control messages from the other end of the link.
1507 * Processes the incoming request and queues a response frame or an
1508 * NSC response if not supported
1509 */
1510
gsm_control_message(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1511 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1512 const u8 *data, int clen)
1513 {
1514 u8 buf[1];
1515
1516 switch (command) {
1517 case CMD_CLD: {
1518 struct gsm_dlci *dlci = gsm->dlci[0];
1519 /* Modem wishes to close down */
1520 if (dlci) {
1521 dlci->dead = true;
1522 gsm->dead = true;
1523 gsm_dlci_begin_close(dlci);
1524 }
1525 }
1526 break;
1527 case CMD_TEST:
1528 /* Modem wishes to test, reply with the data */
1529 gsm_control_reply(gsm, CMD_TEST, data, clen);
1530 break;
1531 case CMD_FCON:
1532 /* Modem can accept data again */
1533 gsm->constipated = false;
1534 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1535 /* Kick the link in case it is idling */
1536 gsmld_write_trigger(gsm);
1537 break;
1538 case CMD_FCOFF:
1539 /* Modem wants us to STFU */
1540 gsm->constipated = true;
1541 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1542 break;
1543 case CMD_MSC:
1544 /* Out of band modem line change indicator for a DLCI */
1545 gsm_control_modem(gsm, data, clen);
1546 break;
1547 case CMD_RLS:
1548 /* Out of band error reception for a DLCI */
1549 gsm_control_rls(gsm, data, clen);
1550 break;
1551 case CMD_PSC:
1552 /* Modem wishes to enter power saving state */
1553 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1554 break;
1555 /* Optional unsupported commands */
1556 case CMD_PN: /* Parameter negotiation */
1557 case CMD_RPN: /* Remote port negotiation */
1558 case CMD_SNC: /* Service negotiation command */
1559 default:
1560 /* Reply to bad commands with an NSC */
1561 buf[0] = command;
1562 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1563 break;
1564 }
1565 }
1566
1567 /**
1568 * gsm_control_response - process a response to our control
1569 * @gsm: our GSM mux
1570 * @command: the command (response) EA
1571 * @data: data beyond the command/length EA
1572 * @clen: length
1573 *
1574 * Process a response to an outstanding command. We only allow a single
1575 * control message in flight so this is fairly easy. All the clean up
1576 * is done by the caller, we just update the fields, flag it as done
1577 * and return
1578 */
1579
gsm_control_response(struct gsm_mux * gsm,unsigned int command,const u8 * data,int clen)1580 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1581 const u8 *data, int clen)
1582 {
1583 struct gsm_control *ctrl;
1584 unsigned long flags;
1585
1586 spin_lock_irqsave(&gsm->control_lock, flags);
1587
1588 ctrl = gsm->pending_cmd;
1589 /* Does the reply match our command */
1590 command |= 1;
1591 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1592 /* Our command was replied to, kill the retry timer */
1593 del_timer(&gsm->t2_timer);
1594 gsm->pending_cmd = NULL;
1595 /* Rejected by the other end */
1596 if (command == CMD_NSC)
1597 ctrl->error = -EOPNOTSUPP;
1598 ctrl->done = 1;
1599 wake_up(&gsm->event);
1600 }
1601 spin_unlock_irqrestore(&gsm->control_lock, flags);
1602 }
1603
1604 /**
1605 * gsm_control_transmit - send control packet
1606 * @gsm: gsm mux
1607 * @ctrl: frame to send
1608 *
1609 * Send out a pending control command (called under control lock)
1610 */
1611
gsm_control_transmit(struct gsm_mux * gsm,struct gsm_control * ctrl)1612 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1613 {
1614 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1615 if (msg == NULL)
1616 return;
1617 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */
1618 msg->data[1] = (ctrl->len << 1) | EA;
1619 memcpy(msg->data + 2, ctrl->data, ctrl->len);
1620 gsm_data_queue(gsm->dlci[0], msg);
1621 }
1622
1623 /**
1624 * gsm_control_retransmit - retransmit a control frame
1625 * @t: timer contained in our gsm object
1626 *
1627 * Called off the T2 timer expiry in order to retransmit control frames
1628 * that have been lost in the system somewhere. The control_lock protects
1629 * us from colliding with another sender or a receive completion event.
1630 * In that situation the timer may still occur in a small window but
1631 * gsm->pending_cmd will be NULL and we just let the timer expire.
1632 */
1633
gsm_control_retransmit(struct timer_list * t)1634 static void gsm_control_retransmit(struct timer_list *t)
1635 {
1636 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1637 struct gsm_control *ctrl;
1638 unsigned long flags;
1639 spin_lock_irqsave(&gsm->control_lock, flags);
1640 ctrl = gsm->pending_cmd;
1641 if (ctrl) {
1642 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
1643 gsm->pending_cmd = NULL;
1644 ctrl->error = -ETIMEDOUT;
1645 ctrl->done = 1;
1646 spin_unlock_irqrestore(&gsm->control_lock, flags);
1647 wake_up(&gsm->event);
1648 return;
1649 }
1650 gsm->cretries--;
1651 gsm_control_transmit(gsm, ctrl);
1652 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1653 }
1654 spin_unlock_irqrestore(&gsm->control_lock, flags);
1655 }
1656
1657 /**
1658 * gsm_control_send - send a control frame on DLCI 0
1659 * @gsm: the GSM channel
1660 * @command: command to send including CR bit
1661 * @data: bytes of data (must be kmalloced)
1662 * @clen: length of the block to send
1663 *
1664 * Queue and dispatch a control command. Only one command can be
1665 * active at a time. In theory more can be outstanding but the matching
1666 * gets really complicated so for now stick to one outstanding.
1667 */
1668
gsm_control_send(struct gsm_mux * gsm,unsigned int command,u8 * data,int clen)1669 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1670 unsigned int command, u8 *data, int clen)
1671 {
1672 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1673 GFP_KERNEL);
1674 unsigned long flags;
1675 if (ctrl == NULL)
1676 return NULL;
1677 retry:
1678 wait_event(gsm->event, gsm->pending_cmd == NULL);
1679 spin_lock_irqsave(&gsm->control_lock, flags);
1680 if (gsm->pending_cmd != NULL) {
1681 spin_unlock_irqrestore(&gsm->control_lock, flags);
1682 goto retry;
1683 }
1684 ctrl->cmd = command;
1685 ctrl->data = data;
1686 ctrl->len = clen;
1687 gsm->pending_cmd = ctrl;
1688
1689 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1690 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1691 gsm->cretries = 0;
1692 else
1693 gsm->cretries = gsm->n2;
1694
1695 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1696 gsm_control_transmit(gsm, ctrl);
1697 spin_unlock_irqrestore(&gsm->control_lock, flags);
1698 return ctrl;
1699 }
1700
1701 /**
1702 * gsm_control_wait - wait for a control to finish
1703 * @gsm: GSM mux
1704 * @control: control we are waiting on
1705 *
1706 * Waits for the control to complete or time out. Frees any used
1707 * resources and returns 0 for success, or an error if the remote
1708 * rejected or ignored the request.
1709 */
1710
gsm_control_wait(struct gsm_mux * gsm,struct gsm_control * control)1711 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1712 {
1713 int err;
1714 wait_event(gsm->event, control->done == 1);
1715 err = control->error;
1716 kfree(control);
1717 return err;
1718 }
1719
1720
1721 /*
1722 * DLCI level handling: Needs krefs
1723 */
1724
1725 /*
1726 * State transitions and timers
1727 */
1728
1729 /**
1730 * gsm_dlci_close - a DLCI has closed
1731 * @dlci: DLCI that closed
1732 *
1733 * Perform processing when moving a DLCI into closed state. If there
1734 * is an attached tty this is hung up
1735 */
1736
gsm_dlci_close(struct gsm_dlci * dlci)1737 static void gsm_dlci_close(struct gsm_dlci *dlci)
1738 {
1739 del_timer(&dlci->t1);
1740 if (debug & 8)
1741 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1742 dlci->state = DLCI_CLOSED;
1743 /* Prevent us from sending data before the link is up again */
1744 dlci->constipated = true;
1745 if (dlci->addr != 0) {
1746 tty_port_tty_hangup(&dlci->port, false);
1747 gsm_dlci_clear_queues(dlci->gsm, dlci);
1748 /* Ensure that gsmtty_open() can return. */
1749 tty_port_set_initialized(&dlci->port, 0);
1750 wake_up_interruptible(&dlci->port.open_wait);
1751 } else
1752 dlci->gsm->dead = true;
1753 /* A DLCI 0 close is a MUX termination so we need to kick that
1754 back to userspace somehow */
1755 gsm_dlci_data_kick(dlci);
1756 wake_up(&dlci->gsm->event);
1757 }
1758
1759 /**
1760 * gsm_dlci_open - a DLCI has opened
1761 * @dlci: DLCI that opened
1762 *
1763 * Perform processing when moving a DLCI into open state.
1764 */
1765
gsm_dlci_open(struct gsm_dlci * dlci)1766 static void gsm_dlci_open(struct gsm_dlci *dlci)
1767 {
1768 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1769 open -> open */
1770 del_timer(&dlci->t1);
1771 /* This will let a tty open continue */
1772 dlci->state = DLCI_OPEN;
1773 dlci->constipated = false;
1774 if (debug & 8)
1775 pr_debug("DLCI %d goes open.\n", dlci->addr);
1776 /* Send current modem state */
1777 if (dlci->addr)
1778 gsm_modem_update(dlci, 0);
1779 gsm_dlci_data_kick(dlci);
1780 wake_up(&dlci->gsm->event);
1781 }
1782
1783 /**
1784 * gsm_dlci_t1 - T1 timer expiry
1785 * @t: timer contained in the DLCI that opened
1786 *
1787 * The T1 timer handles retransmits of control frames (essentially of
1788 * SABM and DISC). We resend the command until the retry count runs out
1789 * in which case an opening port goes back to closed and a closing port
1790 * is simply put into closed state (any further frames from the other
1791 * end will get a DM response)
1792 *
1793 * Some control dlci can stay in ADM mode with other dlci working just
1794 * fine. In that case we can just keep the control dlci open after the
1795 * DLCI_OPENING retries time out.
1796 */
1797
gsm_dlci_t1(struct timer_list * t)1798 static void gsm_dlci_t1(struct timer_list *t)
1799 {
1800 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1801 struct gsm_mux *gsm = dlci->gsm;
1802
1803 switch (dlci->state) {
1804 case DLCI_OPENING:
1805 if (dlci->retries) {
1806 dlci->retries--;
1807 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1808 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1809 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1810 if (debug & 8)
1811 pr_info("DLCI %d opening in ADM mode.\n",
1812 dlci->addr);
1813 dlci->mode = DLCI_MODE_ADM;
1814 gsm_dlci_open(dlci);
1815 } else {
1816 gsm_dlci_begin_close(dlci); /* prevent half open link */
1817 }
1818
1819 break;
1820 case DLCI_CLOSING:
1821 if (dlci->retries) {
1822 dlci->retries--;
1823 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1824 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1825 } else
1826 gsm_dlci_close(dlci);
1827 break;
1828 default:
1829 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1830 break;
1831 }
1832 }
1833
1834 /**
1835 * gsm_dlci_begin_open - start channel open procedure
1836 * @dlci: DLCI to open
1837 *
1838 * Commence opening a DLCI from the Linux side. We issue SABM messages
1839 * to the modem which should then reply with a UA or ADM, at which point
1840 * we will move into open state. Opening is done asynchronously with retry
1841 * running off timers and the responses.
1842 */
1843
gsm_dlci_begin_open(struct gsm_dlci * dlci)1844 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1845 {
1846 struct gsm_mux *gsm = dlci->gsm;
1847 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1848 return;
1849 dlci->retries = gsm->n2;
1850 dlci->state = DLCI_OPENING;
1851 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1852 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1853 }
1854
1855 /**
1856 * gsm_dlci_set_opening - change state to opening
1857 * @dlci: DLCI to open
1858 *
1859 * Change internal state to wait for DLCI open from initiator side.
1860 * We set off timers and responses upon reception of an SABM.
1861 */
gsm_dlci_set_opening(struct gsm_dlci * dlci)1862 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1863 {
1864 switch (dlci->state) {
1865 case DLCI_CLOSED:
1866 case DLCI_CLOSING:
1867 dlci->state = DLCI_OPENING;
1868 break;
1869 default:
1870 break;
1871 }
1872 }
1873
1874 /**
1875 * gsm_dlci_begin_close - start channel open procedure
1876 * @dlci: DLCI to open
1877 *
1878 * Commence closing a DLCI from the Linux side. We issue DISC messages
1879 * to the modem which should then reply with a UA, at which point we
1880 * will move into closed state. Closing is done asynchronously with retry
1881 * off timers. We may also receive a DM reply from the other end which
1882 * indicates the channel was already closed.
1883 */
1884
gsm_dlci_begin_close(struct gsm_dlci * dlci)1885 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1886 {
1887 struct gsm_mux *gsm = dlci->gsm;
1888 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1889 return;
1890 dlci->retries = gsm->n2;
1891 dlci->state = DLCI_CLOSING;
1892 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1893 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1894 }
1895
1896 /**
1897 * gsm_dlci_data - data arrived
1898 * @dlci: channel
1899 * @data: block of bytes received
1900 * @clen: length of received block
1901 *
1902 * A UI or UIH frame has arrived which contains data for a channel
1903 * other than the control channel. If the relevant virtual tty is
1904 * open we shovel the bits down it, if not we drop them.
1905 */
1906
gsm_dlci_data(struct gsm_dlci * dlci,const u8 * data,int clen)1907 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1908 {
1909 /* krefs .. */
1910 struct tty_port *port = &dlci->port;
1911 struct tty_struct *tty;
1912 unsigned int modem = 0;
1913 int len = clen;
1914 int slen = 0;
1915
1916 if (debug & 16)
1917 pr_debug("%d bytes for tty\n", len);
1918 switch (dlci->adaption) {
1919 /* Unsupported types */
1920 case 4: /* Packetised interruptible data */
1921 break;
1922 case 3: /* Packetised uininterruptible voice/data */
1923 break;
1924 case 2: /* Asynchronous serial with line state in each frame */
1925 while (gsm_read_ea(&modem, *data++) == 0) {
1926 len--;
1927 slen++;
1928 if (len == 0)
1929 return;
1930 }
1931 len--;
1932 slen++;
1933 tty = tty_port_tty_get(port);
1934 if (tty) {
1935 gsm_process_modem(tty, dlci, modem, slen);
1936 tty_wakeup(tty);
1937 tty_kref_put(tty);
1938 }
1939 fallthrough;
1940 case 1: /* Line state will go via DLCI 0 controls only */
1941 default:
1942 tty_insert_flip_string(port, data, len);
1943 tty_flip_buffer_push(port);
1944 }
1945 }
1946
1947 /**
1948 * gsm_dlci_command - data arrived on control channel
1949 * @dlci: channel
1950 * @data: block of bytes received
1951 * @len: length of received block
1952 *
1953 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1954 * control channel. This should contain a command EA followed by
1955 * control data bytes. The command EA contains a command/response bit
1956 * and we divide up the work accordingly.
1957 */
1958
gsm_dlci_command(struct gsm_dlci * dlci,const u8 * data,int len)1959 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1960 {
1961 /* See what command is involved */
1962 unsigned int command = 0;
1963 while (len-- > 0) {
1964 if (gsm_read_ea(&command, *data++) == 1) {
1965 int clen = *data++;
1966 len--;
1967 /* FIXME: this is properly an EA */
1968 clen >>= 1;
1969 /* Malformed command ? */
1970 if (clen > len)
1971 return;
1972 if (command & 1)
1973 gsm_control_message(dlci->gsm, command,
1974 data, clen);
1975 else
1976 gsm_control_response(dlci->gsm, command,
1977 data, clen);
1978 return;
1979 }
1980 }
1981 }
1982
1983 /**
1984 * gsm_kick_timeout - transmit if possible
1985 * @work: work contained in our gsm object
1986 *
1987 * Transmit data from DLCIs if the queue is empty. We can't rely on
1988 * a tty wakeup except when we filled the pipe so we need to fire off
1989 * new data ourselves in other cases.
1990 */
gsm_kick_timeout(struct work_struct * work)1991 static void gsm_kick_timeout(struct work_struct *work)
1992 {
1993 struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
1994 int sent = 0;
1995
1996 mutex_lock(&gsm->tx_mutex);
1997 /* If we have nothing running then we need to fire up */
1998 if (gsm->tx_bytes < TX_THRESH_LO)
1999 sent = gsm_dlci_data_sweep(gsm);
2000 mutex_unlock(&gsm->tx_mutex);
2001
2002 if (sent && debug & 4)
2003 pr_info("%s TX queue stalled\n", __func__);
2004 }
2005
2006 /*
2007 * Allocate/Free DLCI channels
2008 */
2009
2010 /**
2011 * gsm_dlci_alloc - allocate a DLCI
2012 * @gsm: GSM mux
2013 * @addr: address of the DLCI
2014 *
2015 * Allocate and install a new DLCI object into the GSM mux.
2016 *
2017 * FIXME: review locking races
2018 */
2019
gsm_dlci_alloc(struct gsm_mux * gsm,int addr)2020 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2021 {
2022 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2023 if (dlci == NULL)
2024 return NULL;
2025 spin_lock_init(&dlci->lock);
2026 mutex_init(&dlci->mutex);
2027 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
2028 kfree(dlci);
2029 return NULL;
2030 }
2031
2032 skb_queue_head_init(&dlci->skb_list);
2033 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
2034 tty_port_init(&dlci->port);
2035 dlci->port.ops = &gsm_port_ops;
2036 dlci->gsm = gsm;
2037 dlci->addr = addr;
2038 dlci->adaption = gsm->adaption;
2039 dlci->state = DLCI_CLOSED;
2040 if (addr) {
2041 dlci->data = gsm_dlci_data;
2042 /* Prevent us from sending data before the link is up */
2043 dlci->constipated = true;
2044 } else {
2045 dlci->data = gsm_dlci_command;
2046 }
2047 gsm->dlci[addr] = dlci;
2048 return dlci;
2049 }
2050
2051 /**
2052 * gsm_dlci_free - free DLCI
2053 * @port: tty port for DLCI to free
2054 *
2055 * Free up a DLCI.
2056 *
2057 * Can sleep.
2058 */
gsm_dlci_free(struct tty_port * port)2059 static void gsm_dlci_free(struct tty_port *port)
2060 {
2061 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2062
2063 del_timer_sync(&dlci->t1);
2064 dlci->gsm->dlci[dlci->addr] = NULL;
2065 kfifo_free(&dlci->fifo);
2066 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
2067 dev_kfree_skb(dlci->skb);
2068 kfree(dlci);
2069 }
2070
dlci_get(struct gsm_dlci * dlci)2071 static inline void dlci_get(struct gsm_dlci *dlci)
2072 {
2073 tty_port_get(&dlci->port);
2074 }
2075
dlci_put(struct gsm_dlci * dlci)2076 static inline void dlci_put(struct gsm_dlci *dlci)
2077 {
2078 tty_port_put(&dlci->port);
2079 }
2080
2081 static void gsm_destroy_network(struct gsm_dlci *dlci);
2082
2083 /**
2084 * gsm_dlci_release - release DLCI
2085 * @dlci: DLCI to destroy
2086 *
2087 * Release a DLCI. Actual free is deferred until either
2088 * mux is closed or tty is closed - whichever is last.
2089 *
2090 * Can sleep.
2091 */
gsm_dlci_release(struct gsm_dlci * dlci)2092 static void gsm_dlci_release(struct gsm_dlci *dlci)
2093 {
2094 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2095 if (tty) {
2096 mutex_lock(&dlci->mutex);
2097 gsm_destroy_network(dlci);
2098 mutex_unlock(&dlci->mutex);
2099
2100 /* We cannot use tty_hangup() because in tty_kref_put() the tty
2101 * driver assumes that the hangup queue is free and reuses it to
2102 * queue release_one_tty() -> NULL pointer panic in
2103 * process_one_work().
2104 */
2105 tty_vhangup(tty);
2106
2107 tty_port_tty_set(&dlci->port, NULL);
2108 tty_kref_put(tty);
2109 }
2110 dlci->state = DLCI_CLOSED;
2111 dlci_put(dlci);
2112 }
2113
2114 /*
2115 * LAPBish link layer logic
2116 */
2117
2118 /**
2119 * gsm_queue - a GSM frame is ready to process
2120 * @gsm: pointer to our gsm mux
2121 *
2122 * At this point in time a frame has arrived and been demangled from
2123 * the line encoding. All the differences between the encodings have
2124 * been handled below us and the frame is unpacked into the structures.
2125 * The fcs holds the header FCS but any data FCS must be added here.
2126 */
2127
gsm_queue(struct gsm_mux * gsm)2128 static void gsm_queue(struct gsm_mux *gsm)
2129 {
2130 struct gsm_dlci *dlci;
2131 u8 cr;
2132 int address;
2133
2134 if (gsm->fcs != GOOD_FCS) {
2135 gsm->bad_fcs++;
2136 if (debug & 4)
2137 pr_debug("BAD FCS %02x\n", gsm->fcs);
2138 return;
2139 }
2140 address = gsm->address >> 1;
2141 if (address >= NUM_DLCI)
2142 goto invalid;
2143
2144 cr = gsm->address & 1; /* C/R bit */
2145 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
2146
2147 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2148
2149 dlci = gsm->dlci[address];
2150
2151 switch (gsm->control) {
2152 case SABM|PF:
2153 if (cr == 1)
2154 goto invalid;
2155 if (dlci == NULL)
2156 dlci = gsm_dlci_alloc(gsm, address);
2157 if (dlci == NULL)
2158 return;
2159 if (dlci->dead)
2160 gsm_response(gsm, address, DM|PF);
2161 else {
2162 gsm_response(gsm, address, UA|PF);
2163 gsm_dlci_open(dlci);
2164 }
2165 break;
2166 case DISC|PF:
2167 if (cr == 1)
2168 goto invalid;
2169 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
2170 gsm_response(gsm, address, DM|PF);
2171 return;
2172 }
2173 /* Real close complete */
2174 gsm_response(gsm, address, UA|PF);
2175 gsm_dlci_close(dlci);
2176 break;
2177 case UA|PF:
2178 if (cr == 0 || dlci == NULL)
2179 break;
2180 switch (dlci->state) {
2181 case DLCI_CLOSING:
2182 gsm_dlci_close(dlci);
2183 break;
2184 case DLCI_OPENING:
2185 gsm_dlci_open(dlci);
2186 break;
2187 default:
2188 pr_debug("%s: unhandled state: %d\n", __func__,
2189 dlci->state);
2190 break;
2191 }
2192 break;
2193 case DM: /* DM can be valid unsolicited */
2194 case DM|PF:
2195 if (cr)
2196 goto invalid;
2197 if (dlci == NULL)
2198 return;
2199 gsm_dlci_close(dlci);
2200 break;
2201 case UI:
2202 case UI|PF:
2203 case UIH:
2204 case UIH|PF:
2205 if (dlci == NULL || dlci->state != DLCI_OPEN) {
2206 gsm_response(gsm, address, DM|PF);
2207 return;
2208 }
2209 dlci->data(dlci, gsm->buf, gsm->len);
2210 break;
2211 default:
2212 goto invalid;
2213 }
2214 return;
2215 invalid:
2216 gsm->malformed++;
2217 return;
2218 }
2219
2220
2221 /**
2222 * gsm0_receive - perform processing for non-transparency
2223 * @gsm: gsm data for this ldisc instance
2224 * @c: character
2225 *
2226 * Receive bytes in gsm mode 0
2227 */
2228
gsm0_receive(struct gsm_mux * gsm,unsigned char c)2229 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2230 {
2231 unsigned int len;
2232
2233 switch (gsm->state) {
2234 case GSM_SEARCH: /* SOF marker */
2235 if (c == GSM0_SOF) {
2236 gsm->state = GSM_ADDRESS;
2237 gsm->address = 0;
2238 gsm->len = 0;
2239 gsm->fcs = INIT_FCS;
2240 }
2241 break;
2242 case GSM_ADDRESS: /* Address EA */
2243 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2244 if (gsm_read_ea(&gsm->address, c))
2245 gsm->state = GSM_CONTROL;
2246 break;
2247 case GSM_CONTROL: /* Control Byte */
2248 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2249 gsm->control = c;
2250 gsm->state = GSM_LEN0;
2251 break;
2252 case GSM_LEN0: /* Length EA */
2253 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2254 if (gsm_read_ea(&gsm->len, c)) {
2255 if (gsm->len > gsm->mru) {
2256 gsm->bad_size++;
2257 gsm->state = GSM_SEARCH;
2258 break;
2259 }
2260 gsm->count = 0;
2261 if (!gsm->len)
2262 gsm->state = GSM_FCS;
2263 else
2264 gsm->state = GSM_DATA;
2265 break;
2266 }
2267 gsm->state = GSM_LEN1;
2268 break;
2269 case GSM_LEN1:
2270 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2271 len = c;
2272 gsm->len |= len << 7;
2273 if (gsm->len > gsm->mru) {
2274 gsm->bad_size++;
2275 gsm->state = GSM_SEARCH;
2276 break;
2277 }
2278 gsm->count = 0;
2279 if (!gsm->len)
2280 gsm->state = GSM_FCS;
2281 else
2282 gsm->state = GSM_DATA;
2283 break;
2284 case GSM_DATA: /* Data */
2285 gsm->buf[gsm->count++] = c;
2286 if (gsm->count == gsm->len) {
2287 /* Calculate final FCS for UI frames over all data */
2288 if ((gsm->control & ~PF) != UIH) {
2289 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2290 gsm->count);
2291 }
2292 gsm->state = GSM_FCS;
2293 }
2294 break;
2295 case GSM_FCS: /* FCS follows the packet */
2296 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2297 gsm->state = GSM_SSOF;
2298 break;
2299 case GSM_SSOF:
2300 gsm->state = GSM_SEARCH;
2301 if (c == GSM0_SOF)
2302 gsm_queue(gsm);
2303 else
2304 gsm->bad_size++;
2305 break;
2306 default:
2307 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2308 break;
2309 }
2310 }
2311
2312 /**
2313 * gsm1_receive - perform processing for non-transparency
2314 * @gsm: gsm data for this ldisc instance
2315 * @c: character
2316 *
2317 * Receive bytes in mode 1 (Advanced option)
2318 */
2319
gsm1_receive(struct gsm_mux * gsm,unsigned char c)2320 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2321 {
2322 /* handle XON/XOFF */
2323 if ((c & ISO_IEC_646_MASK) == XON) {
2324 gsm->constipated = true;
2325 return;
2326 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2327 gsm->constipated = false;
2328 /* Kick the link in case it is idling */
2329 gsmld_write_trigger(gsm);
2330 return;
2331 }
2332 if (c == GSM1_SOF) {
2333 /* EOF is only valid in frame if we have got to the data state */
2334 if (gsm->state == GSM_DATA) {
2335 if (gsm->count < 1) {
2336 /* Missing FSC */
2337 gsm->malformed++;
2338 gsm->state = GSM_START;
2339 return;
2340 }
2341 /* Remove the FCS from data */
2342 gsm->count--;
2343 if ((gsm->control & ~PF) != UIH) {
2344 /* Calculate final FCS for UI frames over all
2345 * data but FCS
2346 */
2347 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2348 gsm->count);
2349 }
2350 /* Add the FCS itself to test against GOOD_FCS */
2351 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2352 gsm->len = gsm->count;
2353 gsm_queue(gsm);
2354 gsm->state = GSM_START;
2355 return;
2356 }
2357 /* Any partial frame was a runt so go back to start */
2358 if (gsm->state != GSM_START) {
2359 if (gsm->state != GSM_SEARCH)
2360 gsm->malformed++;
2361 gsm->state = GSM_START;
2362 }
2363 /* A SOF in GSM_START means we are still reading idling or
2364 framing bytes */
2365 return;
2366 }
2367
2368 if (c == GSM1_ESCAPE) {
2369 gsm->escape = true;
2370 return;
2371 }
2372
2373 /* Only an unescaped SOF gets us out of GSM search */
2374 if (gsm->state == GSM_SEARCH)
2375 return;
2376
2377 if (gsm->escape) {
2378 c ^= GSM1_ESCAPE_BITS;
2379 gsm->escape = false;
2380 }
2381 switch (gsm->state) {
2382 case GSM_START: /* First byte after SOF */
2383 gsm->address = 0;
2384 gsm->state = GSM_ADDRESS;
2385 gsm->fcs = INIT_FCS;
2386 fallthrough;
2387 case GSM_ADDRESS: /* Address continuation */
2388 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2389 if (gsm_read_ea(&gsm->address, c))
2390 gsm->state = GSM_CONTROL;
2391 break;
2392 case GSM_CONTROL: /* Control Byte */
2393 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2394 gsm->control = c;
2395 gsm->count = 0;
2396 gsm->state = GSM_DATA;
2397 break;
2398 case GSM_DATA: /* Data */
2399 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2400 gsm->state = GSM_OVERRUN;
2401 gsm->bad_size++;
2402 } else
2403 gsm->buf[gsm->count++] = c;
2404 break;
2405 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2406 break;
2407 default:
2408 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2409 break;
2410 }
2411 }
2412
2413 /**
2414 * gsm_error - handle tty error
2415 * @gsm: ldisc data
2416 *
2417 * Handle an error in the receipt of data for a frame. Currently we just
2418 * go back to hunting for a SOF.
2419 *
2420 * FIXME: better diagnostics ?
2421 */
2422
gsm_error(struct gsm_mux * gsm)2423 static void gsm_error(struct gsm_mux *gsm)
2424 {
2425 gsm->state = GSM_SEARCH;
2426 gsm->io_error++;
2427 }
2428
2429 /**
2430 * gsm_cleanup_mux - generic GSM protocol cleanup
2431 * @gsm: our mux
2432 * @disc: disconnect link?
2433 *
2434 * Clean up the bits of the mux which are the same for all framing
2435 * protocols. Remove the mux from the mux table, stop all the timers
2436 * and then shut down each device hanging up the channels as we go.
2437 */
2438
gsm_cleanup_mux(struct gsm_mux * gsm,bool disc)2439 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2440 {
2441 int i;
2442 struct gsm_dlci *dlci = gsm->dlci[0];
2443 struct gsm_msg *txq, *ntxq;
2444
2445 gsm->dead = true;
2446 mutex_lock(&gsm->mutex);
2447
2448 if (dlci) {
2449 if (disc && dlci->state != DLCI_CLOSED) {
2450 gsm_dlci_begin_close(dlci);
2451 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2452 }
2453 dlci->dead = true;
2454 }
2455
2456 /* Finish outstanding timers, making sure they are done */
2457 cancel_delayed_work_sync(&gsm->kick_timeout);
2458 del_timer_sync(&gsm->t2_timer);
2459
2460 /* Finish writing to ldisc */
2461 flush_work(&gsm->tx_work);
2462
2463 /* Free up any link layer users and finally the control channel */
2464 if (gsm->has_devices) {
2465 gsm_unregister_devices(gsm_tty_driver, gsm->num);
2466 gsm->has_devices = false;
2467 }
2468 for (i = NUM_DLCI - 1; i >= 0; i--)
2469 if (gsm->dlci[i])
2470 gsm_dlci_release(gsm->dlci[i]);
2471 mutex_unlock(&gsm->mutex);
2472 /* Now wipe the queues */
2473 tty_ldisc_flush(gsm->tty);
2474 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
2475 kfree(txq);
2476 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2477 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
2478 kfree(txq);
2479 INIT_LIST_HEAD(&gsm->tx_data_list);
2480 }
2481
2482 /**
2483 * gsm_activate_mux - generic GSM setup
2484 * @gsm: our mux
2485 *
2486 * Set up the bits of the mux which are the same for all framing
2487 * protocols. Add the mux to the mux table so it can be opened and
2488 * finally kick off connecting to DLCI 0 on the modem.
2489 */
2490
gsm_activate_mux(struct gsm_mux * gsm)2491 static int gsm_activate_mux(struct gsm_mux *gsm)
2492 {
2493 struct gsm_dlci *dlci;
2494 int ret;
2495
2496 dlci = gsm_dlci_alloc(gsm, 0);
2497 if (dlci == NULL)
2498 return -ENOMEM;
2499
2500 if (gsm->encoding == 0)
2501 gsm->receive = gsm0_receive;
2502 else
2503 gsm->receive = gsm1_receive;
2504
2505 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
2506 if (ret)
2507 return ret;
2508
2509 gsm->has_devices = true;
2510 gsm->dead = false; /* Tty opens are now permissible */
2511 return 0;
2512 }
2513
2514 /**
2515 * gsm_free_mux - free up a mux
2516 * @gsm: mux to free
2517 *
2518 * Dispose of allocated resources for a dead mux
2519 */
gsm_free_mux(struct gsm_mux * gsm)2520 static void gsm_free_mux(struct gsm_mux *gsm)
2521 {
2522 int i;
2523
2524 for (i = 0; i < MAX_MUX; i++) {
2525 if (gsm == gsm_mux[i]) {
2526 gsm_mux[i] = NULL;
2527 break;
2528 }
2529 }
2530 mutex_destroy(&gsm->tx_mutex);
2531 mutex_destroy(&gsm->mutex);
2532 kfree(gsm->txframe);
2533 kfree(gsm->buf);
2534 kfree(gsm);
2535 }
2536
2537 /**
2538 * gsm_free_muxr - free up a mux
2539 * @ref: kreference to the mux to free
2540 *
2541 * Dispose of allocated resources for a dead mux
2542 */
gsm_free_muxr(struct kref * ref)2543 static void gsm_free_muxr(struct kref *ref)
2544 {
2545 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2546 gsm_free_mux(gsm);
2547 }
2548
mux_get(struct gsm_mux * gsm)2549 static inline void mux_get(struct gsm_mux *gsm)
2550 {
2551 unsigned long flags;
2552
2553 spin_lock_irqsave(&gsm_mux_lock, flags);
2554 kref_get(&gsm->ref);
2555 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2556 }
2557
mux_put(struct gsm_mux * gsm)2558 static inline void mux_put(struct gsm_mux *gsm)
2559 {
2560 unsigned long flags;
2561
2562 spin_lock_irqsave(&gsm_mux_lock, flags);
2563 kref_put(&gsm->ref, gsm_free_muxr);
2564 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2565 }
2566
mux_num_to_base(struct gsm_mux * gsm)2567 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2568 {
2569 return gsm->num * NUM_DLCI;
2570 }
2571
mux_line_to_num(unsigned int line)2572 static inline unsigned int mux_line_to_num(unsigned int line)
2573 {
2574 return line / NUM_DLCI;
2575 }
2576
2577 /**
2578 * gsm_alloc_mux - allocate a mux
2579 *
2580 * Creates a new mux ready for activation.
2581 */
2582
gsm_alloc_mux(void)2583 static struct gsm_mux *gsm_alloc_mux(void)
2584 {
2585 int i;
2586 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2587 if (gsm == NULL)
2588 return NULL;
2589 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2590 if (gsm->buf == NULL) {
2591 kfree(gsm);
2592 return NULL;
2593 }
2594 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2595 if (gsm->txframe == NULL) {
2596 kfree(gsm->buf);
2597 kfree(gsm);
2598 return NULL;
2599 }
2600 spin_lock_init(&gsm->lock);
2601 mutex_init(&gsm->mutex);
2602 mutex_init(&gsm->tx_mutex);
2603 kref_init(&gsm->ref);
2604 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2605 INIT_LIST_HEAD(&gsm->tx_data_list);
2606 INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
2607 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2608 INIT_WORK(&gsm->tx_work, gsmld_write_task);
2609 init_waitqueue_head(&gsm->event);
2610 spin_lock_init(&gsm->control_lock);
2611
2612 gsm->t1 = T1;
2613 gsm->t2 = T2;
2614 gsm->n2 = N2;
2615 gsm->ftype = UIH;
2616 gsm->adaption = 1;
2617 gsm->encoding = 1;
2618 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2619 gsm->mtu = 64;
2620 gsm->dead = true; /* Avoid early tty opens */
2621
2622 /* Store the instance to the mux array or abort if no space is
2623 * available.
2624 */
2625 spin_lock(&gsm_mux_lock);
2626 for (i = 0; i < MAX_MUX; i++) {
2627 if (!gsm_mux[i]) {
2628 gsm_mux[i] = gsm;
2629 gsm->num = i;
2630 break;
2631 }
2632 }
2633 spin_unlock(&gsm_mux_lock);
2634 if (i == MAX_MUX) {
2635 mutex_destroy(&gsm->tx_mutex);
2636 mutex_destroy(&gsm->mutex);
2637 kfree(gsm->txframe);
2638 kfree(gsm->buf);
2639 kfree(gsm);
2640 return NULL;
2641 }
2642
2643 return gsm;
2644 }
2645
gsm_copy_config_values(struct gsm_mux * gsm,struct gsm_config * c)2646 static void gsm_copy_config_values(struct gsm_mux *gsm,
2647 struct gsm_config *c)
2648 {
2649 memset(c, 0, sizeof(*c));
2650 c->adaption = gsm->adaption;
2651 c->encapsulation = gsm->encoding;
2652 c->initiator = gsm->initiator;
2653 c->t1 = gsm->t1;
2654 c->t2 = gsm->t2;
2655 c->t3 = 0; /* Not supported */
2656 c->n2 = gsm->n2;
2657 if (gsm->ftype == UIH)
2658 c->i = 1;
2659 else
2660 c->i = 2;
2661 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2662 c->mru = gsm->mru;
2663 c->mtu = gsm->mtu;
2664 c->k = 0;
2665 }
2666
gsm_config(struct gsm_mux * gsm,struct gsm_config * c)2667 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2668 {
2669 int ret = 0;
2670 int need_close = 0;
2671 int need_restart = 0;
2672
2673 /* Stuff we don't support yet - UI or I frame transport, windowing */
2674 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2675 return -EOPNOTSUPP;
2676 /* Check the MRU/MTU range looks sane */
2677 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2678 return -EINVAL;
2679 if (c->n2 > 255)
2680 return -EINVAL;
2681 if (c->encapsulation > 1) /* Basic, advanced, no I */
2682 return -EINVAL;
2683 if (c->initiator > 1)
2684 return -EINVAL;
2685 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2686 return -EINVAL;
2687 /*
2688 * See what is needed for reconfiguration
2689 */
2690
2691 /* Timing fields */
2692 if (c->t1 != 0 && c->t1 != gsm->t1)
2693 need_restart = 1;
2694 if (c->t2 != 0 && c->t2 != gsm->t2)
2695 need_restart = 1;
2696 if (c->encapsulation != gsm->encoding)
2697 need_restart = 1;
2698 if (c->adaption != gsm->adaption)
2699 need_restart = 1;
2700 /* Requires care */
2701 if (c->initiator != gsm->initiator)
2702 need_close = 1;
2703 if (c->mru != gsm->mru)
2704 need_restart = 1;
2705 if (c->mtu != gsm->mtu)
2706 need_restart = 1;
2707
2708 /*
2709 * Close down what is needed, restart and initiate the new
2710 * configuration. On the first time there is no DLCI[0]
2711 * and closing or cleaning up is not necessary.
2712 */
2713 if (need_close || need_restart)
2714 gsm_cleanup_mux(gsm, true);
2715
2716 gsm->initiator = c->initiator;
2717 gsm->mru = c->mru;
2718 gsm->mtu = c->mtu;
2719 gsm->encoding = c->encapsulation;
2720 gsm->adaption = c->adaption;
2721 gsm->n2 = c->n2;
2722
2723 if (c->i == 1)
2724 gsm->ftype = UIH;
2725 else if (c->i == 2)
2726 gsm->ftype = UI;
2727
2728 if (c->t1)
2729 gsm->t1 = c->t1;
2730 if (c->t2)
2731 gsm->t2 = c->t2;
2732
2733 /*
2734 * FIXME: We need to separate activation/deactivation from adding
2735 * and removing from the mux array
2736 */
2737 if (gsm->dead) {
2738 ret = gsm_activate_mux(gsm);
2739 if (ret)
2740 return ret;
2741 if (gsm->initiator)
2742 gsm_dlci_begin_open(gsm->dlci[0]);
2743 }
2744 return 0;
2745 }
2746
2747 /**
2748 * gsmld_output - write to link
2749 * @gsm: our mux
2750 * @data: bytes to output
2751 * @len: size
2752 *
2753 * Write a block of data from the GSM mux to the data channel. This
2754 * will eventually be serialized from above but at the moment isn't.
2755 */
2756
gsmld_output(struct gsm_mux * gsm,u8 * data,int len)2757 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2758 {
2759 if (tty_write_room(gsm->tty) < len) {
2760 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2761 return -ENOSPC;
2762 }
2763 if (debug & 4)
2764 gsm_hex_dump_bytes(__func__, data, len);
2765 return gsm->tty->ops->write(gsm->tty, data, len);
2766 }
2767
2768
2769 /**
2770 * gsmld_write_trigger - schedule ldisc write task
2771 * @gsm: our mux
2772 */
gsmld_write_trigger(struct gsm_mux * gsm)2773 static void gsmld_write_trigger(struct gsm_mux *gsm)
2774 {
2775 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
2776 return;
2777 schedule_work(&gsm->tx_work);
2778 }
2779
2780
2781 /**
2782 * gsmld_write_task - ldisc write task
2783 * @work: our tx write work
2784 *
2785 * Writes out data to the ldisc if possible. We are doing this here to
2786 * avoid dead-locking. This returns if no space or data is left for output.
2787 */
gsmld_write_task(struct work_struct * work)2788 static void gsmld_write_task(struct work_struct *work)
2789 {
2790 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
2791 int i, ret;
2792
2793 /* All outstanding control channel and control messages and one data
2794 * frame is sent.
2795 */
2796 ret = -ENODEV;
2797 mutex_lock(&gsm->tx_mutex);
2798 if (gsm->tty)
2799 ret = gsm_data_kick(gsm);
2800 mutex_unlock(&gsm->tx_mutex);
2801
2802 if (ret >= 0)
2803 for (i = 0; i < NUM_DLCI; i++)
2804 if (gsm->dlci[i])
2805 tty_port_tty_wakeup(&gsm->dlci[i]->port);
2806 }
2807
2808 /**
2809 * gsmld_attach_gsm - mode set up
2810 * @tty: our tty structure
2811 * @gsm: our mux
2812 *
2813 * Set up the MUX for basic mode and commence connecting to the
2814 * modem. Currently called from the line discipline set up but
2815 * will need moving to an ioctl path.
2816 */
2817
gsmld_attach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2818 static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2819 {
2820 gsm->tty = tty_kref_get(tty);
2821 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2822 gsm->old_c_iflag = tty->termios.c_iflag;
2823 tty->termios.c_iflag &= (IXON | IXOFF);
2824 }
2825
2826 /**
2827 * gsmld_detach_gsm - stop doing 0710 mux
2828 * @tty: tty attached to the mux
2829 * @gsm: mux
2830 *
2831 * Shutdown and then clean up the resources used by the line discipline
2832 */
2833
gsmld_detach_gsm(struct tty_struct * tty,struct gsm_mux * gsm)2834 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2835 {
2836 WARN_ON(tty != gsm->tty);
2837 /* Restore tty XON/XOFF handling. */
2838 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2839 tty_kref_put(gsm->tty);
2840 gsm->tty = NULL;
2841 }
2842
gsmld_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)2843 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2844 const char *fp, int count)
2845 {
2846 struct gsm_mux *gsm = tty->disc_data;
2847 char flags = TTY_NORMAL;
2848
2849 if (debug & 4)
2850 gsm_hex_dump_bytes(__func__, cp, count);
2851
2852 for (; count; count--, cp++) {
2853 if (fp)
2854 flags = *fp++;
2855 switch (flags) {
2856 case TTY_NORMAL:
2857 if (gsm->receive)
2858 gsm->receive(gsm, *cp);
2859 break;
2860 case TTY_OVERRUN:
2861 case TTY_BREAK:
2862 case TTY_PARITY:
2863 case TTY_FRAME:
2864 gsm_error(gsm);
2865 break;
2866 default:
2867 WARN_ONCE(1, "%s: unknown flag %d\n",
2868 tty_name(tty), flags);
2869 break;
2870 }
2871 }
2872 /* FASYNC if needed ? */
2873 /* If clogged call tty_throttle(tty); */
2874 }
2875
2876 /**
2877 * gsmld_flush_buffer - clean input queue
2878 * @tty: terminal device
2879 *
2880 * Flush the input buffer. Called when the line discipline is
2881 * being closed, when the tty layer wants the buffer flushed (eg
2882 * at hangup).
2883 */
2884
gsmld_flush_buffer(struct tty_struct * tty)2885 static void gsmld_flush_buffer(struct tty_struct *tty)
2886 {
2887 }
2888
2889 /**
2890 * gsmld_close - close the ldisc for this tty
2891 * @tty: device
2892 *
2893 * Called from the terminal layer when this line discipline is
2894 * being shut down, either because of a close or becsuse of a
2895 * discipline change. The function will not be called while other
2896 * ldisc methods are in progress.
2897 */
2898
gsmld_close(struct tty_struct * tty)2899 static void gsmld_close(struct tty_struct *tty)
2900 {
2901 struct gsm_mux *gsm = tty->disc_data;
2902
2903 /* The ldisc locks and closes the port before calling our close. This
2904 * means we have no way to do a proper disconnect. We will not bother
2905 * to do one.
2906 */
2907 gsm_cleanup_mux(gsm, false);
2908
2909 gsmld_detach_gsm(tty, gsm);
2910
2911 gsmld_flush_buffer(tty);
2912 /* Do other clean up here */
2913 mux_put(gsm);
2914 }
2915
2916 /**
2917 * gsmld_open - open an ldisc
2918 * @tty: terminal to open
2919 *
2920 * Called when this line discipline is being attached to the
2921 * terminal device. Can sleep. Called serialized so that no
2922 * other events will occur in parallel. No further open will occur
2923 * until a close.
2924 */
2925
gsmld_open(struct tty_struct * tty)2926 static int gsmld_open(struct tty_struct *tty)
2927 {
2928 struct gsm_mux *gsm;
2929
2930 if (tty->ops->write == NULL)
2931 return -EINVAL;
2932
2933 /* Attach our ldisc data */
2934 gsm = gsm_alloc_mux();
2935 if (gsm == NULL)
2936 return -ENOMEM;
2937
2938 tty->disc_data = gsm;
2939 tty->receive_room = 65536;
2940
2941 /* Attach the initial passive connection */
2942 gsm->encoding = 1;
2943
2944 gsmld_attach_gsm(tty, gsm);
2945
2946 return 0;
2947 }
2948
2949 /**
2950 * gsmld_write_wakeup - asynchronous I/O notifier
2951 * @tty: tty device
2952 *
2953 * Required for the ptys, serial driver etc. since processes
2954 * that attach themselves to the master and rely on ASYNC
2955 * IO must be woken up
2956 */
2957
gsmld_write_wakeup(struct tty_struct * tty)2958 static void gsmld_write_wakeup(struct tty_struct *tty)
2959 {
2960 struct gsm_mux *gsm = tty->disc_data;
2961
2962 /* Queue poll */
2963 gsmld_write_trigger(gsm);
2964 }
2965
2966 /**
2967 * gsmld_read - read function for tty
2968 * @tty: tty device
2969 * @file: file object
2970 * @buf: userspace buffer pointer
2971 * @nr: size of I/O
2972 * @cookie: unused
2973 * @offset: unused
2974 *
2975 * Perform reads for the line discipline. We are guaranteed that the
2976 * line discipline will not be closed under us but we may get multiple
2977 * parallel readers and must handle this ourselves. We may also get
2978 * a hangup. Always called in user context, may sleep.
2979 *
2980 * This code must be sure never to sleep through a hangup.
2981 */
2982
gsmld_read(struct tty_struct * tty,struct file * file,unsigned char * buf,size_t nr,void ** cookie,unsigned long offset)2983 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2984 unsigned char *buf, size_t nr,
2985 void **cookie, unsigned long offset)
2986 {
2987 return -EOPNOTSUPP;
2988 }
2989
2990 /**
2991 * gsmld_write - write function for tty
2992 * @tty: tty device
2993 * @file: file object
2994 * @buf: userspace buffer pointer
2995 * @nr: size of I/O
2996 *
2997 * Called when the owner of the device wants to send a frame
2998 * itself (or some other control data). The data is transferred
2999 * as-is and must be properly framed and checksummed as appropriate
3000 * by userspace. Frames are either sent whole or not at all as this
3001 * avoids pain user side.
3002 */
3003
gsmld_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)3004 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3005 const unsigned char *buf, size_t nr)
3006 {
3007 struct gsm_mux *gsm = tty->disc_data;
3008 int space;
3009 int ret;
3010
3011 if (!gsm)
3012 return -ENODEV;
3013
3014 ret = -ENOBUFS;
3015 mutex_lock(&gsm->tx_mutex);
3016 space = tty_write_room(tty);
3017 if (space >= nr)
3018 ret = tty->ops->write(tty, buf, nr);
3019 else
3020 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
3021 mutex_unlock(&gsm->tx_mutex);
3022
3023 return ret;
3024 }
3025
3026 /**
3027 * gsmld_poll - poll method for N_GSM0710
3028 * @tty: terminal device
3029 * @file: file accessing it
3030 * @wait: poll table
3031 *
3032 * Called when the line discipline is asked to poll() for data or
3033 * for special events. This code is not serialized with respect to
3034 * other events save open/close.
3035 *
3036 * This code must be sure never to sleep through a hangup.
3037 * Called without the kernel lock held - fine
3038 */
3039
gsmld_poll(struct tty_struct * tty,struct file * file,poll_table * wait)3040 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
3041 poll_table *wait)
3042 {
3043 __poll_t mask = 0;
3044 struct gsm_mux *gsm = tty->disc_data;
3045
3046 poll_wait(file, &tty->read_wait, wait);
3047 poll_wait(file, &tty->write_wait, wait);
3048
3049 if (gsm->dead)
3050 mask |= EPOLLHUP;
3051 if (tty_hung_up_p(file))
3052 mask |= EPOLLHUP;
3053 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3054 mask |= EPOLLHUP;
3055 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
3056 mask |= EPOLLOUT | EPOLLWRNORM;
3057 return mask;
3058 }
3059
gsmld_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3060 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3061 unsigned long arg)
3062 {
3063 struct gsm_config c;
3064 struct gsm_mux *gsm = tty->disc_data;
3065 unsigned int base;
3066
3067 switch (cmd) {
3068 case GSMIOC_GETCONF:
3069 gsm_copy_config_values(gsm, &c);
3070 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
3071 return -EFAULT;
3072 return 0;
3073 case GSMIOC_SETCONF:
3074 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
3075 return -EFAULT;
3076 return gsm_config(gsm, &c);
3077 case GSMIOC_GETFIRST:
3078 base = mux_num_to_base(gsm);
3079 return put_user(base + 1, (__u32 __user *)arg);
3080 default:
3081 return n_tty_ioctl_helper(tty, cmd, arg);
3082 }
3083 }
3084
3085 /*
3086 * Network interface
3087 *
3088 */
3089
gsm_mux_net_open(struct net_device * net)3090 static int gsm_mux_net_open(struct net_device *net)
3091 {
3092 pr_debug("%s called\n", __func__);
3093 netif_start_queue(net);
3094 return 0;
3095 }
3096
gsm_mux_net_close(struct net_device * net)3097 static int gsm_mux_net_close(struct net_device *net)
3098 {
3099 netif_stop_queue(net);
3100 return 0;
3101 }
3102
dlci_net_free(struct gsm_dlci * dlci)3103 static void dlci_net_free(struct gsm_dlci *dlci)
3104 {
3105 if (!dlci->net) {
3106 WARN_ON(1);
3107 return;
3108 }
3109 dlci->adaption = dlci->prev_adaption;
3110 dlci->data = dlci->prev_data;
3111 free_netdev(dlci->net);
3112 dlci->net = NULL;
3113 }
net_free(struct kref * ref)3114 static void net_free(struct kref *ref)
3115 {
3116 struct gsm_mux_net *mux_net;
3117 struct gsm_dlci *dlci;
3118
3119 mux_net = container_of(ref, struct gsm_mux_net, ref);
3120 dlci = mux_net->dlci;
3121
3122 if (dlci->net) {
3123 unregister_netdev(dlci->net);
3124 dlci_net_free(dlci);
3125 }
3126 }
3127
muxnet_get(struct gsm_mux_net * mux_net)3128 static inline void muxnet_get(struct gsm_mux_net *mux_net)
3129 {
3130 kref_get(&mux_net->ref);
3131 }
3132
muxnet_put(struct gsm_mux_net * mux_net)3133 static inline void muxnet_put(struct gsm_mux_net *mux_net)
3134 {
3135 kref_put(&mux_net->ref, net_free);
3136 }
3137
gsm_mux_net_start_xmit(struct sk_buff * skb,struct net_device * net)3138 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
3139 struct net_device *net)
3140 {
3141 struct gsm_mux_net *mux_net = netdev_priv(net);
3142 struct gsm_dlci *dlci = mux_net->dlci;
3143 muxnet_get(mux_net);
3144
3145 skb_queue_head(&dlci->skb_list, skb);
3146 net->stats.tx_packets++;
3147 net->stats.tx_bytes += skb->len;
3148 gsm_dlci_data_kick(dlci);
3149 /* And tell the kernel when the last transmit started. */
3150 netif_trans_update(net);
3151 muxnet_put(mux_net);
3152 return NETDEV_TX_OK;
3153 }
3154
3155 /* called when a packet did not ack after watchdogtimeout */
gsm_mux_net_tx_timeout(struct net_device * net,unsigned int txqueue)3156 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
3157 {
3158 /* Tell syslog we are hosed. */
3159 dev_dbg(&net->dev, "Tx timed out.\n");
3160
3161 /* Update statistics */
3162 net->stats.tx_errors++;
3163 }
3164
gsm_mux_rx_netchar(struct gsm_dlci * dlci,const unsigned char * in_buf,int size)3165 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
3166 const unsigned char *in_buf, int size)
3167 {
3168 struct net_device *net = dlci->net;
3169 struct sk_buff *skb;
3170 struct gsm_mux_net *mux_net = netdev_priv(net);
3171 muxnet_get(mux_net);
3172
3173 /* Allocate an sk_buff */
3174 skb = dev_alloc_skb(size + NET_IP_ALIGN);
3175 if (!skb) {
3176 /* We got no receive buffer. */
3177 net->stats.rx_dropped++;
3178 muxnet_put(mux_net);
3179 return;
3180 }
3181 skb_reserve(skb, NET_IP_ALIGN);
3182 skb_put_data(skb, in_buf, size);
3183
3184 skb->dev = net;
3185 skb->protocol = htons(ETH_P_IP);
3186
3187 /* Ship it off to the kernel */
3188 netif_rx(skb);
3189
3190 /* update out statistics */
3191 net->stats.rx_packets++;
3192 net->stats.rx_bytes += size;
3193 muxnet_put(mux_net);
3194 return;
3195 }
3196
gsm_mux_net_init(struct net_device * net)3197 static void gsm_mux_net_init(struct net_device *net)
3198 {
3199 static const struct net_device_ops gsm_netdev_ops = {
3200 .ndo_open = gsm_mux_net_open,
3201 .ndo_stop = gsm_mux_net_close,
3202 .ndo_start_xmit = gsm_mux_net_start_xmit,
3203 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
3204 };
3205
3206 net->netdev_ops = &gsm_netdev_ops;
3207
3208 /* fill in the other fields */
3209 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
3210 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
3211 net->type = ARPHRD_NONE;
3212 net->tx_queue_len = 10;
3213 }
3214
3215
3216 /* caller holds the dlci mutex */
gsm_destroy_network(struct gsm_dlci * dlci)3217 static void gsm_destroy_network(struct gsm_dlci *dlci)
3218 {
3219 struct gsm_mux_net *mux_net;
3220
3221 pr_debug("destroy network interface\n");
3222 if (!dlci->net)
3223 return;
3224 mux_net = netdev_priv(dlci->net);
3225 muxnet_put(mux_net);
3226 }
3227
3228
3229 /* caller holds the dlci mutex */
gsm_create_network(struct gsm_dlci * dlci,struct gsm_netconfig * nc)3230 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
3231 {
3232 char *netname;
3233 int retval = 0;
3234 struct net_device *net;
3235 struct gsm_mux_net *mux_net;
3236
3237 if (!capable(CAP_NET_ADMIN))
3238 return -EPERM;
3239
3240 /* Already in a non tty mode */
3241 if (dlci->adaption > 2)
3242 return -EBUSY;
3243
3244 if (nc->protocol != htons(ETH_P_IP))
3245 return -EPROTONOSUPPORT;
3246
3247 if (nc->adaption != 3 && nc->adaption != 4)
3248 return -EPROTONOSUPPORT;
3249
3250 pr_debug("create network interface\n");
3251
3252 netname = "gsm%d";
3253 if (nc->if_name[0] != '\0')
3254 netname = nc->if_name;
3255 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
3256 NET_NAME_UNKNOWN, gsm_mux_net_init);
3257 if (!net) {
3258 pr_err("alloc_netdev failed\n");
3259 return -ENOMEM;
3260 }
3261 net->mtu = dlci->gsm->mtu;
3262 net->min_mtu = 8;
3263 net->max_mtu = dlci->gsm->mtu;
3264 mux_net = netdev_priv(net);
3265 mux_net->dlci = dlci;
3266 kref_init(&mux_net->ref);
3267 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
3268
3269 /* reconfigure dlci for network */
3270 dlci->prev_adaption = dlci->adaption;
3271 dlci->prev_data = dlci->data;
3272 dlci->adaption = nc->adaption;
3273 dlci->data = gsm_mux_rx_netchar;
3274 dlci->net = net;
3275
3276 pr_debug("register netdev\n");
3277 retval = register_netdev(net);
3278 if (retval) {
3279 pr_err("network register fail %d\n", retval);
3280 dlci_net_free(dlci);
3281 return retval;
3282 }
3283 return net->ifindex; /* return network index */
3284 }
3285
3286 /* Line discipline for real tty */
3287 static struct tty_ldisc_ops tty_ldisc_packet = {
3288 .owner = THIS_MODULE,
3289 .num = N_GSM0710,
3290 .name = "n_gsm",
3291 .open = gsmld_open,
3292 .close = gsmld_close,
3293 .flush_buffer = gsmld_flush_buffer,
3294 .read = gsmld_read,
3295 .write = gsmld_write,
3296 .ioctl = gsmld_ioctl,
3297 .poll = gsmld_poll,
3298 .receive_buf = gsmld_receive_buf,
3299 .write_wakeup = gsmld_write_wakeup
3300 };
3301
3302 /*
3303 * Virtual tty side
3304 */
3305
3306 /**
3307 * gsm_modem_upd_via_data - send modem bits via convergence layer
3308 * @dlci: channel
3309 * @brk: break signal
3310 *
3311 * Send an empty frame to signal mobile state changes and to transmit the
3312 * break signal for adaption 2.
3313 */
3314
gsm_modem_upd_via_data(struct gsm_dlci * dlci,u8 brk)3315 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
3316 {
3317 struct gsm_mux *gsm = dlci->gsm;
3318
3319 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
3320 return;
3321
3322 mutex_lock(&gsm->tx_mutex);
3323 gsm_dlci_modem_output(gsm, dlci, brk);
3324 mutex_unlock(&gsm->tx_mutex);
3325 }
3326
3327 /**
3328 * gsm_modem_upd_via_msc - send modem bits via control frame
3329 * @dlci: channel
3330 * @brk: break signal
3331 */
3332
gsm_modem_upd_via_msc(struct gsm_dlci * dlci,u8 brk)3333 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
3334 {
3335 u8 modembits[3];
3336 struct gsm_control *ctrl;
3337 int len = 2;
3338
3339 if (dlci->gsm->encoding != 0)
3340 return 0;
3341
3342 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
3343 if (!brk) {
3344 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3345 } else {
3346 modembits[1] = gsm_encode_modem(dlci) << 1;
3347 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3348 len++;
3349 }
3350 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3351 if (ctrl == NULL)
3352 return -ENOMEM;
3353 return gsm_control_wait(dlci->gsm, ctrl);
3354 }
3355
3356 /**
3357 * gsm_modem_update - send modem status line state
3358 * @dlci: channel
3359 * @brk: break signal
3360 */
3361
gsm_modem_update(struct gsm_dlci * dlci,u8 brk)3362 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
3363 {
3364 if (dlci->adaption == 2) {
3365 /* Send convergence layer type 2 empty data frame. */
3366 gsm_modem_upd_via_data(dlci, brk);
3367 return 0;
3368 } else if (dlci->gsm->encoding == 0) {
3369 /* Send as MSC control message. */
3370 return gsm_modem_upd_via_msc(dlci, brk);
3371 }
3372
3373 /* Modem status lines are not supported. */
3374 return -EPROTONOSUPPORT;
3375 }
3376
gsm_carrier_raised(struct tty_port * port)3377 static int gsm_carrier_raised(struct tty_port *port)
3378 {
3379 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3380 struct gsm_mux *gsm = dlci->gsm;
3381
3382 /* Not yet open so no carrier info */
3383 if (dlci->state != DLCI_OPEN)
3384 return 0;
3385 if (debug & 2)
3386 return 1;
3387
3388 /*
3389 * Basic mode with control channel in ADM mode may not respond
3390 * to CMD_MSC at all and modem_rx is empty.
3391 */
3392 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3393 !dlci->modem_rx)
3394 return 1;
3395
3396 return dlci->modem_rx & TIOCM_CD;
3397 }
3398
gsm_dtr_rts(struct tty_port * port,int onoff)3399 static void gsm_dtr_rts(struct tty_port *port, int onoff)
3400 {
3401 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3402 unsigned int modem_tx = dlci->modem_tx;
3403 if (onoff)
3404 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3405 else
3406 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3407 if (modem_tx != dlci->modem_tx) {
3408 dlci->modem_tx = modem_tx;
3409 gsm_modem_update(dlci, 0);
3410 }
3411 }
3412
3413 static const struct tty_port_operations gsm_port_ops = {
3414 .carrier_raised = gsm_carrier_raised,
3415 .dtr_rts = gsm_dtr_rts,
3416 .destruct = gsm_dlci_free,
3417 };
3418
gsmtty_install(struct tty_driver * driver,struct tty_struct * tty)3419 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3420 {
3421 struct gsm_mux *gsm;
3422 struct gsm_dlci *dlci;
3423 unsigned int line = tty->index;
3424 unsigned int mux = mux_line_to_num(line);
3425 bool alloc = false;
3426 int ret;
3427
3428 line = line & 0x3F;
3429
3430 if (mux >= MAX_MUX)
3431 return -ENXIO;
3432 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3433 if (gsm_mux[mux] == NULL)
3434 return -EUNATCH;
3435 if (line == 0 || line > 61) /* 62/63 reserved */
3436 return -ECHRNG;
3437 gsm = gsm_mux[mux];
3438 if (gsm->dead)
3439 return -EL2HLT;
3440 /* If DLCI 0 is not yet fully open return an error.
3441 This is ok from a locking
3442 perspective as we don't have to worry about this
3443 if DLCI0 is lost */
3444 mutex_lock(&gsm->mutex);
3445 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3446 mutex_unlock(&gsm->mutex);
3447 return -EL2NSYNC;
3448 }
3449 dlci = gsm->dlci[line];
3450 if (dlci == NULL) {
3451 alloc = true;
3452 dlci = gsm_dlci_alloc(gsm, line);
3453 }
3454 if (dlci == NULL) {
3455 mutex_unlock(&gsm->mutex);
3456 return -ENOMEM;
3457 }
3458 ret = tty_port_install(&dlci->port, driver, tty);
3459 if (ret) {
3460 if (alloc)
3461 dlci_put(dlci);
3462 mutex_unlock(&gsm->mutex);
3463 return ret;
3464 }
3465
3466 dlci_get(dlci);
3467 dlci_get(gsm->dlci[0]);
3468 mux_get(gsm);
3469 tty->driver_data = dlci;
3470 mutex_unlock(&gsm->mutex);
3471
3472 return 0;
3473 }
3474
gsmtty_open(struct tty_struct * tty,struct file * filp)3475 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3476 {
3477 struct gsm_dlci *dlci = tty->driver_data;
3478 struct tty_port *port = &dlci->port;
3479 struct gsm_mux *gsm = dlci->gsm;
3480
3481 port->count++;
3482 tty_port_tty_set(port, tty);
3483
3484 dlci->modem_rx = 0;
3485 /* We could in theory open and close before we wait - eg if we get
3486 a DM straight back. This is ok as that will have caused a hangup */
3487 tty_port_set_initialized(port, 1);
3488 /* Start sending off SABM messages */
3489 if (gsm->initiator)
3490 gsm_dlci_begin_open(dlci);
3491 else
3492 gsm_dlci_set_opening(dlci);
3493 /* And wait for virtual carrier */
3494 return tty_port_block_til_ready(port, tty, filp);
3495 }
3496
gsmtty_close(struct tty_struct * tty,struct file * filp)3497 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3498 {
3499 struct gsm_dlci *dlci = tty->driver_data;
3500
3501 if (dlci == NULL)
3502 return;
3503 if (dlci->state == DLCI_CLOSED)
3504 return;
3505 mutex_lock(&dlci->mutex);
3506 gsm_destroy_network(dlci);
3507 mutex_unlock(&dlci->mutex);
3508 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3509 return;
3510 gsm_dlci_begin_close(dlci);
3511 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3512 tty_port_lower_dtr_rts(&dlci->port);
3513 tty_port_close_end(&dlci->port, tty);
3514 tty_port_tty_set(&dlci->port, NULL);
3515 return;
3516 }
3517
gsmtty_hangup(struct tty_struct * tty)3518 static void gsmtty_hangup(struct tty_struct *tty)
3519 {
3520 struct gsm_dlci *dlci = tty->driver_data;
3521 if (dlci->state == DLCI_CLOSED)
3522 return;
3523 tty_port_hangup(&dlci->port);
3524 gsm_dlci_begin_close(dlci);
3525 }
3526
gsmtty_write(struct tty_struct * tty,const unsigned char * buf,int len)3527 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3528 int len)
3529 {
3530 int sent;
3531 struct gsm_dlci *dlci = tty->driver_data;
3532 if (dlci->state == DLCI_CLOSED)
3533 return -EINVAL;
3534 /* Stuff the bytes into the fifo queue */
3535 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3536 /* Need to kick the channel */
3537 gsm_dlci_data_kick(dlci);
3538 return sent;
3539 }
3540
gsmtty_write_room(struct tty_struct * tty)3541 static unsigned int gsmtty_write_room(struct tty_struct *tty)
3542 {
3543 struct gsm_dlci *dlci = tty->driver_data;
3544 if (dlci->state == DLCI_CLOSED)
3545 return 0;
3546 return kfifo_avail(&dlci->fifo);
3547 }
3548
gsmtty_chars_in_buffer(struct tty_struct * tty)3549 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
3550 {
3551 struct gsm_dlci *dlci = tty->driver_data;
3552 if (dlci->state == DLCI_CLOSED)
3553 return 0;
3554 return kfifo_len(&dlci->fifo);
3555 }
3556
gsmtty_flush_buffer(struct tty_struct * tty)3557 static void gsmtty_flush_buffer(struct tty_struct *tty)
3558 {
3559 struct gsm_dlci *dlci = tty->driver_data;
3560 unsigned long flags;
3561
3562 if (dlci->state == DLCI_CLOSED)
3563 return;
3564 /* Caution needed: If we implement reliable transport classes
3565 then the data being transmitted can't simply be junked once
3566 it has first hit the stack. Until then we can just blow it
3567 away */
3568 spin_lock_irqsave(&dlci->lock, flags);
3569 kfifo_reset(&dlci->fifo);
3570 spin_unlock_irqrestore(&dlci->lock, flags);
3571 /* Need to unhook this DLCI from the transmit queue logic */
3572 }
3573
gsmtty_wait_until_sent(struct tty_struct * tty,int timeout)3574 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3575 {
3576 /* The FIFO handles the queue so the kernel will do the right
3577 thing waiting on chars_in_buffer before calling us. No work
3578 to do here */
3579 }
3580
gsmtty_tiocmget(struct tty_struct * tty)3581 static int gsmtty_tiocmget(struct tty_struct *tty)
3582 {
3583 struct gsm_dlci *dlci = tty->driver_data;
3584 if (dlci->state == DLCI_CLOSED)
3585 return -EINVAL;
3586 return dlci->modem_rx;
3587 }
3588
gsmtty_tiocmset(struct tty_struct * tty,unsigned int set,unsigned int clear)3589 static int gsmtty_tiocmset(struct tty_struct *tty,
3590 unsigned int set, unsigned int clear)
3591 {
3592 struct gsm_dlci *dlci = tty->driver_data;
3593 unsigned int modem_tx = dlci->modem_tx;
3594
3595 if (dlci->state == DLCI_CLOSED)
3596 return -EINVAL;
3597 modem_tx &= ~clear;
3598 modem_tx |= set;
3599
3600 if (modem_tx != dlci->modem_tx) {
3601 dlci->modem_tx = modem_tx;
3602 return gsm_modem_update(dlci, 0);
3603 }
3604 return 0;
3605 }
3606
3607
gsmtty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)3608 static int gsmtty_ioctl(struct tty_struct *tty,
3609 unsigned int cmd, unsigned long arg)
3610 {
3611 struct gsm_dlci *dlci = tty->driver_data;
3612 struct gsm_netconfig nc;
3613 int index;
3614
3615 if (dlci->state == DLCI_CLOSED)
3616 return -EINVAL;
3617 switch (cmd) {
3618 case GSMIOC_ENABLE_NET:
3619 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3620 return -EFAULT;
3621 nc.if_name[IFNAMSIZ-1] = '\0';
3622 /* return net interface index or error code */
3623 mutex_lock(&dlci->mutex);
3624 index = gsm_create_network(dlci, &nc);
3625 mutex_unlock(&dlci->mutex);
3626 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3627 return -EFAULT;
3628 return index;
3629 case GSMIOC_DISABLE_NET:
3630 if (!capable(CAP_NET_ADMIN))
3631 return -EPERM;
3632 mutex_lock(&dlci->mutex);
3633 gsm_destroy_network(dlci);
3634 mutex_unlock(&dlci->mutex);
3635 return 0;
3636 default:
3637 return -ENOIOCTLCMD;
3638 }
3639 }
3640
gsmtty_set_termios(struct tty_struct * tty,struct ktermios * old)3641 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3642 {
3643 struct gsm_dlci *dlci = tty->driver_data;
3644 if (dlci->state == DLCI_CLOSED)
3645 return;
3646 /* For the moment its fixed. In actual fact the speed information
3647 for the virtual channel can be propogated in both directions by
3648 the RPN control message. This however rapidly gets nasty as we
3649 then have to remap modem signals each way according to whether
3650 our virtual cable is null modem etc .. */
3651 tty_termios_copy_hw(&tty->termios, old);
3652 }
3653
gsmtty_throttle(struct tty_struct * tty)3654 static void gsmtty_throttle(struct tty_struct *tty)
3655 {
3656 struct gsm_dlci *dlci = tty->driver_data;
3657 if (dlci->state == DLCI_CLOSED)
3658 return;
3659 if (C_CRTSCTS(tty))
3660 dlci->modem_tx &= ~TIOCM_RTS;
3661 dlci->throttled = true;
3662 /* Send an MSC with RTS cleared */
3663 gsm_modem_update(dlci, 0);
3664 }
3665
gsmtty_unthrottle(struct tty_struct * tty)3666 static void gsmtty_unthrottle(struct tty_struct *tty)
3667 {
3668 struct gsm_dlci *dlci = tty->driver_data;
3669 if (dlci->state == DLCI_CLOSED)
3670 return;
3671 if (C_CRTSCTS(tty))
3672 dlci->modem_tx |= TIOCM_RTS;
3673 dlci->throttled = false;
3674 /* Send an MSC with RTS set */
3675 gsm_modem_update(dlci, 0);
3676 }
3677
gsmtty_break_ctl(struct tty_struct * tty,int state)3678 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3679 {
3680 struct gsm_dlci *dlci = tty->driver_data;
3681 int encode = 0; /* Off */
3682 if (dlci->state == DLCI_CLOSED)
3683 return -EINVAL;
3684
3685 if (state == -1) /* "On indefinitely" - we can't encode this
3686 properly */
3687 encode = 0x0F;
3688 else if (state > 0) {
3689 encode = state / 200; /* mS to encoding */
3690 if (encode > 0x0F)
3691 encode = 0x0F; /* Best effort */
3692 }
3693 return gsm_modem_update(dlci, encode);
3694 }
3695
gsmtty_cleanup(struct tty_struct * tty)3696 static void gsmtty_cleanup(struct tty_struct *tty)
3697 {
3698 struct gsm_dlci *dlci = tty->driver_data;
3699 struct gsm_mux *gsm = dlci->gsm;
3700
3701 dlci_put(dlci);
3702 dlci_put(gsm->dlci[0]);
3703 mux_put(gsm);
3704 }
3705
3706 /* Virtual ttys for the demux */
3707 static const struct tty_operations gsmtty_ops = {
3708 .install = gsmtty_install,
3709 .open = gsmtty_open,
3710 .close = gsmtty_close,
3711 .write = gsmtty_write,
3712 .write_room = gsmtty_write_room,
3713 .chars_in_buffer = gsmtty_chars_in_buffer,
3714 .flush_buffer = gsmtty_flush_buffer,
3715 .ioctl = gsmtty_ioctl,
3716 .throttle = gsmtty_throttle,
3717 .unthrottle = gsmtty_unthrottle,
3718 .set_termios = gsmtty_set_termios,
3719 .hangup = gsmtty_hangup,
3720 .wait_until_sent = gsmtty_wait_until_sent,
3721 .tiocmget = gsmtty_tiocmget,
3722 .tiocmset = gsmtty_tiocmset,
3723 .break_ctl = gsmtty_break_ctl,
3724 .cleanup = gsmtty_cleanup,
3725 };
3726
3727
3728
gsm_init(void)3729 static int __init gsm_init(void)
3730 {
3731 /* Fill in our line protocol discipline, and register it */
3732 int status = tty_register_ldisc(&tty_ldisc_packet);
3733 if (status != 0) {
3734 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3735 status);
3736 return status;
3737 }
3738
3739 gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW |
3740 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
3741 if (IS_ERR(gsm_tty_driver)) {
3742 pr_err("gsm_init: tty allocation failed.\n");
3743 status = PTR_ERR(gsm_tty_driver);
3744 goto err_unreg_ldisc;
3745 }
3746 gsm_tty_driver->driver_name = "gsmtty";
3747 gsm_tty_driver->name = "gsmtty";
3748 gsm_tty_driver->major = 0; /* Dynamic */
3749 gsm_tty_driver->minor_start = 0;
3750 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3751 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3752 gsm_tty_driver->init_termios = tty_std_termios;
3753 /* Fixme */
3754 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3755 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3756
3757 if (tty_register_driver(gsm_tty_driver)) {
3758 pr_err("gsm_init: tty registration failed.\n");
3759 status = -EBUSY;
3760 goto err_put_driver;
3761 }
3762 pr_debug("gsm_init: loaded as %d,%d.\n",
3763 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3764 return 0;
3765 err_put_driver:
3766 tty_driver_kref_put(gsm_tty_driver);
3767 err_unreg_ldisc:
3768 tty_unregister_ldisc(&tty_ldisc_packet);
3769 return status;
3770 }
3771
gsm_exit(void)3772 static void __exit gsm_exit(void)
3773 {
3774 tty_unregister_ldisc(&tty_ldisc_packet);
3775 tty_unregister_driver(gsm_tty_driver);
3776 tty_driver_kref_put(gsm_tty_driver);
3777 }
3778
3779 module_init(gsm_init);
3780 module_exit(gsm_exit);
3781
3782
3783 MODULE_LICENSE("GPL");
3784 MODULE_ALIAS_LDISC(N_GSM0710);
3785