blob: c70e79a0e9f28abca88141e15a4ace54cdbb57f7 [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +08001/*
2 * n_gsm.c GSM 0710 tty multiplexor
3 * Copyright (c) 2009/10 Intel Corporation
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
19 *
20 * TO DO:
21 * Mostly done: ioctls for setting modes/timing
22 * Partly done: hooks so you can pull off frames to non tty devs
23 * Restart DLCI 0 when it closes ?
24 * Improve the tx engine
25 * Resolve tx side locking by adding a queue_head and routing
26 * all control traffic via it
27 * General tidy/document
28 * Review the locking/move to refcounts more (mux now moved to an
29 * alloc/free model ready)
30 * Use newest tty open/close port helpers and install hooks
31 * What to do about power functions ?
32 * Termios setting and negotiation
33 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
34 *
35 */
36
37#include <linux/types.h>
38#include <linux/major.h>
39#include <linux/errno.h>
40#include <linux/signal.h>
41#include <linux/fcntl.h>
42#include <linux/sched/signal.h>
43#include <linux/interrupt.h>
44#include <linux/tty.h>
45#include <linux/ctype.h>
46#include <linux/mm.h>
47#include <linux/string.h>
48#include <linux/slab.h>
49#include <linux/poll.h>
50#include <linux/bitops.h>
51#include <linux/file.h>
52#include <linux/uaccess.h>
53#include <linux/module.h>
54#include <linux/timer.h>
55#include <linux/tty_flip.h>
56#include <linux/tty_driver.h>
57#include <linux/serial.h>
58#include <linux/kfifo.h>
59#include <linux/skbuff.h>
60#include <net/arp.h>
61#include <linux/ip.h>
62#include <linux/netdevice.h>
63#include <linux/etherdevice.h>
64#include <linux/gsmmux.h>
65
66static int debug;
67module_param(debug, int, 0600);
68
69/* Defaults: these are from the specification */
70
71#define T1 10 /* 100mS */
72#define T2 34 /* 333mS */
73#define N2 3 /* Retry 3 times */
74
75/* Use long timers for testing at low speed with debug on */
76#ifdef DEBUG_TIMING
77#define T1 100
78#define T2 200
79#endif
80
81/*
82 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
83 * limits so this is plenty
84 */
85#define MAX_MRU 1500
86#define MAX_MTU 1500
87#define GSM_NET_TX_TIMEOUT (HZ*10)
88
89/**
90 * struct gsm_mux_net - network interface
91 * @struct gsm_dlci* dlci
92 *
93 * Created when net interface is initialized.
94 **/
95struct gsm_mux_net {
96 struct kref ref;
97 struct gsm_dlci *dlci;
98};
99
100/*
101 * Each block of data we have queued to go out is in the form of
102 * a gsm_msg which holds everything we need in a link layer independent
103 * format
104 */
105
106struct gsm_msg {
107 struct list_head list;
108 u8 addr; /* DLCI address + flags */
109 u8 ctrl; /* Control byte + flags */
110 unsigned int len; /* Length of data block (can be zero) */
111 unsigned char *data; /* Points into buffer but not at the start */
112 unsigned char buffer[0];
113};
114
115/*
116 * Each active data link has a gsm_dlci structure associated which ties
117 * the link layer to an optional tty (if the tty side is open). To avoid
118 * complexity right now these are only ever freed up when the mux is
119 * shut down.
120 *
121 * At the moment we don't free DLCI objects until the mux is torn down
122 * this avoid object life time issues but might be worth review later.
123 */
124
125struct gsm_dlci {
126 struct gsm_mux *gsm;
127 int addr;
128 int state;
129#define DLCI_CLOSED 0
130#define DLCI_OPENING 1 /* Sending SABM not seen UA */
131#define DLCI_OPEN 2 /* SABM/UA complete */
132#define DLCI_CLOSING 3 /* Sending DISC not seen UA/DM */
133 struct mutex mutex;
134
135 /* Link layer */
136 int mode;
137#define DLCI_MODE_ABM 0 /* Normal Asynchronous Balanced Mode */
138#define DLCI_MODE_ADM 1 /* Asynchronous Disconnected Mode */
139 spinlock_t lock; /* Protects the internal state */
140 struct timer_list t1; /* Retransmit timer for SABM and UA */
141 int retries;
142 /* Uplink tty if active */
143 struct tty_port port; /* The tty bound to this DLCI if there is one */
144 struct kfifo *fifo; /* Queue fifo for the DLCI */
145 struct kfifo _fifo; /* For new fifo API porting only */
146 int adaption; /* Adaption layer in use */
147 int prev_adaption;
148 u32 modem_rx; /* Our incoming virtual modem lines */
149 u32 modem_tx; /* Our outgoing modem lines */
150 int dead; /* Refuse re-open */
151 /* Flow control */
152 int throttled; /* Private copy of throttle state */
153 int constipated; /* Throttle status for outgoing */
154 /* Packetised I/O */
155 struct sk_buff *skb; /* Frame being sent */
156 struct sk_buff_head skb_list; /* Queued frames */
157 /* Data handling callback */
158 void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
159 void (*prev_data)(struct gsm_dlci *dlci, u8 *data, int len);
160 struct net_device *net; /* network interface, if created */
161};
162
163/* DLCI 0, 62/63 are special or reserved see gsmtty_open */
164
165#define NUM_DLCI 64
166
167/*
168 * DLCI 0 is used to pass control blocks out of band of the data
169 * flow (and with a higher link priority). One command can be outstanding
170 * at a time and we use this structure to manage them. They are created
171 * and destroyed by the user context, and updated by the receive paths
172 * and timers
173 */
174
175struct gsm_control {
176 u8 cmd; /* Command we are issuing */
177 u8 *data; /* Data for the command in case we retransmit */
178 int len; /* Length of block for retransmission */
179 int done; /* Done flag */
180 int error; /* Error if any */
181};
182
183/*
184 * Each GSM mux we have is represented by this structure. If we are
185 * operating as an ldisc then we use this structure as our ldisc
186 * state. We need to sort out lifetimes and locking with respect
187 * to the gsm mux array. For now we don't free DLCI objects that
188 * have been instantiated until the mux itself is terminated.
189 *
190 * To consider further: tty open versus mux shutdown.
191 */
192
193struct gsm_mux {
194 struct tty_struct *tty; /* The tty our ldisc is bound to */
195 spinlock_t lock;
196 struct mutex mutex;
197 unsigned int num;
198 struct kref ref;
199
200 /* Events on the GSM channel */
201 wait_queue_head_t event;
202
203 /* Bits for GSM mode decoding */
204
205 /* Framing Layer */
206 unsigned char *buf;
207 int state;
208#define GSM_SEARCH 0
209#define GSM_START 1
210#define GSM_ADDRESS 2
211#define GSM_CONTROL 3
212#define GSM_LEN 4
213#define GSM_DATA 5
214#define GSM_FCS 6
215#define GSM_OVERRUN 7
216#define GSM_LEN0 8
217#define GSM_LEN1 9
218#define GSM_SSOF 10
219 unsigned int len;
220 unsigned int address;
221 unsigned int count;
222 int escape;
223 int encoding;
224 u8 control;
225 u8 fcs;
226 u8 received_fcs;
227 u8 *txframe; /* TX framing buffer */
228
229 /* Methods for the receiver side */
230 void (*receive)(struct gsm_mux *gsm, u8 ch);
231 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
232 /* And transmit side */
233 int (*output)(struct gsm_mux *mux, u8 *data, int len);
234
235 /* Link Layer */
236 unsigned int mru;
237 unsigned int mtu;
238 int initiator; /* Did we initiate connection */
239 int dead; /* Has the mux been shut down */
240 struct gsm_dlci *dlci[NUM_DLCI];
241 int constipated; /* Asked by remote to shut up */
242
243 spinlock_t tx_lock;
244 unsigned int tx_bytes; /* TX data outstanding */
245#define TX_THRESH_HI 8192
246#define TX_THRESH_LO 2048
247 struct list_head tx_list; /* Pending data packets */
248
249 /* Control messages */
250 struct timer_list t2_timer; /* Retransmit timer for commands */
251 int cretries; /* Command retry counter */
252 struct gsm_control *pending_cmd;/* Our current pending command */
253 spinlock_t control_lock; /* Protects the pending command */
254
255 /* Configuration */
256 int adaption; /* 1 or 2 supported */
257 u8 ftype; /* UI or UIH */
258 int t1, t2; /* Timers in 1/100th of a sec */
259 int n2; /* Retry count */
260
261 /* Statistics (not currently exposed) */
262 unsigned long bad_fcs;
263 unsigned long malformed;
264 unsigned long io_error;
265 unsigned long bad_size;
266 unsigned long unsupported;
267};
268
269
270/*
271 * Mux objects - needed so that we can translate a tty index into the
272 * relevant mux and DLCI.
273 */
274
275#define MAX_MUX 4 /* 256 minors */
276static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
277static spinlock_t gsm_mux_lock;
278
279static struct tty_driver *gsm_tty_driver;
280
281/*
282 * This section of the driver logic implements the GSM encodings
283 * both the basic and the 'advanced'. Reliable transport is not
284 * supported.
285 */
286
287#define CR 0x02
288#define EA 0x01
289#define PF 0x10
290
291/* I is special: the rest are ..*/
292#define RR 0x01
293#define UI 0x03
294#define RNR 0x05
295#define REJ 0x09
296#define DM 0x0F
297#define SABM 0x2F
298#define DISC 0x43
299#define UA 0x63
300#define UIH 0xEF
301
302/* Channel commands */
303#define CMD_NSC 0x09
304#define CMD_TEST 0x11
305#define CMD_PSC 0x21
306#define CMD_RLS 0x29
307#define CMD_FCOFF 0x31
308#define CMD_PN 0x41
309#define CMD_RPN 0x49
310#define CMD_FCON 0x51
311#define CMD_CLD 0x61
312#define CMD_SNC 0x69
313#define CMD_MSC 0x71
314
315/* Virtual modem bits */
316#define MDM_FC 0x01
317#define MDM_RTC 0x02
318#define MDM_RTR 0x04
319#define MDM_IC 0x20
320#define MDM_DV 0x40
321
322#define GSM0_SOF 0xF9
323#define GSM1_SOF 0x7E
324#define GSM1_ESCAPE 0x7D
325#define GSM1_ESCAPE_BITS 0x20
326#define XON 0x11
327#define XOFF 0x13
328
329static const struct tty_port_operations gsm_port_ops;
330
331/*
332 * CRC table for GSM 0710
333 */
334
335static const u8 gsm_fcs8[256] = {
336 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
337 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
338 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
339 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
340 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
341 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
342 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
343 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
344 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
345 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
346 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
347 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
348 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
349 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
350 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
351 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
352 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
353 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
354 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
355 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
356 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
357 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
358 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
359 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
360 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
361 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
362 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
363 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
364 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
365 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
366 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
367 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
368};
369
370#define INIT_FCS 0xFF
371#define GOOD_FCS 0xCF
372
373/**
374 * gsm_fcs_add - update FCS
375 * @fcs: Current FCS
376 * @c: Next data
377 *
378 * Update the FCS to include c. Uses the algorithm in the specification
379 * notes.
380 */
381
382static inline u8 gsm_fcs_add(u8 fcs, u8 c)
383{
384 return gsm_fcs8[fcs ^ c];
385}
386
387/**
388 * gsm_fcs_add_block - update FCS for a block
389 * @fcs: Current FCS
390 * @c: buffer of data
391 * @len: length of buffer
392 *
393 * Update the FCS to include c. Uses the algorithm in the specification
394 * notes.
395 */
396
397static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
398{
399 while (len--)
400 fcs = gsm_fcs8[fcs ^ *c++];
401 return fcs;
402}
403
404/**
405 * gsm_read_ea - read a byte into an EA
406 * @val: variable holding value
407 * c: byte going into the EA
408 *
409 * Processes one byte of an EA. Updates the passed variable
410 * and returns 1 if the EA is now completely read
411 */
412
413static int gsm_read_ea(unsigned int *val, u8 c)
414{
415 /* Add the next 7 bits into the value */
416 *val <<= 7;
417 *val |= c >> 1;
418 /* Was this the last byte of the EA 1 = yes*/
419 return c & EA;
420}
421
422/**
423 * gsm_encode_modem - encode modem data bits
424 * @dlci: DLCI to encode from
425 *
426 * Returns the correct GSM encoded modem status bits (6 bit field) for
427 * the current status of the DLCI and attached tty object
428 */
429
430static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
431{
432 u8 modembits = 0;
433 /* FC is true flow control not modem bits */
434 if (dlci->throttled)
435 modembits |= MDM_FC;
436 if (dlci->modem_tx & TIOCM_DTR)
437 modembits |= MDM_RTC;
438 if (dlci->modem_tx & TIOCM_RTS)
439 modembits |= MDM_RTR;
440 if (dlci->modem_tx & TIOCM_RI)
441 modembits |= MDM_IC;
442 if (dlci->modem_tx & TIOCM_CD)
443 modembits |= MDM_DV;
444 return modembits;
445}
446
447/**
448 * gsm_print_packet - display a frame for debug
449 * @hdr: header to print before decode
450 * @addr: address EA from the frame
451 * @cr: C/R bit from the frame
452 * @control: control including PF bit
453 * @data: following data bytes
454 * @dlen: length of data
455 *
456 * Displays a packet in human readable format for debugging purposes. The
457 * style is based on amateur radio LAP-B dump display.
458 */
459
460static void gsm_print_packet(const char *hdr, int addr, int cr,
461 u8 control, const u8 *data, int dlen)
462{
463 if (!(debug & 1))
464 return;
465
466 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
467
468 switch (control & ~PF) {
469 case SABM:
470 pr_cont("SABM");
471 break;
472 case UA:
473 pr_cont("UA");
474 break;
475 case DISC:
476 pr_cont("DISC");
477 break;
478 case DM:
479 pr_cont("DM");
480 break;
481 case UI:
482 pr_cont("UI");
483 break;
484 case UIH:
485 pr_cont("UIH");
486 break;
487 default:
488 if (!(control & 0x01)) {
489 pr_cont("I N(S)%d N(R)%d",
490 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
491 } else switch (control & 0x0F) {
492 case RR:
493 pr_cont("RR(%d)", (control & 0xE0) >> 5);
494 break;
495 case RNR:
496 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
497 break;
498 case REJ:
499 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
500 break;
501 default:
502 pr_cont("[%02X]", control);
503 }
504 }
505
506 if (control & PF)
507 pr_cont("(P)");
508 else
509 pr_cont("(F)");
510
511 if (dlen) {
512 int ct = 0;
513 while (dlen--) {
514 if (ct % 8 == 0) {
515 pr_cont("\n");
516 pr_debug(" ");
517 }
518 pr_cont("%02X ", *data++);
519 ct++;
520 }
521 }
522 pr_cont("\n");
523}
524
525
526/*
527 * Link level transmission side
528 */
529
530/**
531 * gsm_stuff_packet - bytestuff a packet
532 * @ibuf: input
533 * @obuf: output
534 * @len: length of input
535 *
536 * Expand a buffer by bytestuffing it. The worst case size change
537 * is doubling and the caller is responsible for handing out
538 * suitable sized buffers.
539 */
540
541static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
542{
543 int olen = 0;
544 while (len--) {
545 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
546 || *input == XON || *input == XOFF) {
547 *output++ = GSM1_ESCAPE;
548 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
549 olen++;
550 } else
551 *output++ = *input++;
552 olen++;
553 }
554 return olen;
555}
556
557/**
558 * gsm_send - send a control frame
559 * @gsm: our GSM mux
560 * @addr: address for control frame
561 * @cr: command/response bit
562 * @control: control byte including PF bit
563 *
564 * Format up and transmit a control frame. These do not go via the
565 * queueing logic as they should be transmitted ahead of data when
566 * they are needed.
567 *
568 * FIXME: Lock versus data TX path
569 */
570
571static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
572{
573 int len;
574 u8 cbuf[10];
575 u8 ibuf[3];
576
577 switch (gsm->encoding) {
578 case 0:
579 cbuf[0] = GSM0_SOF;
580 cbuf[1] = (addr << 2) | (cr << 1) | EA;
581 cbuf[2] = control;
582 cbuf[3] = EA; /* Length of data = 0 */
583 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
584 cbuf[5] = GSM0_SOF;
585 len = 6;
586 break;
587 case 1:
588 case 2:
589 /* Control frame + packing (but not frame stuffing) in mode 1 */
590 ibuf[0] = (addr << 2) | (cr << 1) | EA;
591 ibuf[1] = control;
592 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
593 /* Stuffing may double the size worst case */
594 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
595 /* Now add the SOF markers */
596 cbuf[0] = GSM1_SOF;
597 cbuf[len + 1] = GSM1_SOF;
598 /* FIXME: we can omit the lead one in many cases */
599 len += 2;
600 break;
601 default:
602 WARN_ON(1);
603 return;
604 }
605 gsm->output(gsm, cbuf, len);
606 gsm_print_packet("-->", addr, cr, control, NULL, 0);
607}
608
609/**
610 * gsm_response - send a control response
611 * @gsm: our GSM mux
612 * @addr: address for control frame
613 * @control: control byte including PF bit
614 *
615 * Format up and transmit a link level response frame.
616 */
617
618static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
619{
620 gsm_send(gsm, addr, 0, control);
621}
622
623/**
624 * gsm_command - send a control command
625 * @gsm: our GSM mux
626 * @addr: address for control frame
627 * @control: control byte including PF bit
628 *
629 * Format up and transmit a link level command frame.
630 */
631
632static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
633{
634 gsm_send(gsm, addr, 1, control);
635}
636
637/* Data transmission */
638
639#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
640
641/**
642 * gsm_data_alloc - allocate data frame
643 * @gsm: GSM mux
644 * @addr: DLCI address
645 * @len: length excluding header and FCS
646 * @ctrl: control byte
647 *
648 * Allocate a new data buffer for sending frames with data. Space is left
649 * at the front for header bytes but that is treated as an implementation
650 * detail and not for the high level code to use
651 */
652
653static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
654 u8 ctrl)
655{
656 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
657 GFP_ATOMIC);
658 if (m == NULL)
659 return NULL;
660 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
661 m->len = len;
662 m->addr = addr;
663 m->ctrl = ctrl;
664 INIT_LIST_HEAD(&m->list);
665 return m;
666}
667
668/**
669 * gsm_data_kick - poke the queue
670 * @gsm: GSM Mux
671 *
672 * The tty device has called us to indicate that room has appeared in
673 * the transmit queue. Ram more data into the pipe if we have any
674 * If we have been flow-stopped by a CMD_FCOFF, then we can only
675 * send messages on DLCI0 until CMD_FCON
676 *
677 * FIXME: lock against link layer control transmissions
678 */
679
680static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
681{
682 struct gsm_msg *msg, *nmsg;
683 int len;
684
685 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
686 if (gsm->constipated && msg->addr)
687 continue;
688 if (gsm->encoding != 0) {
689 gsm->txframe[0] = GSM1_SOF;
690 len = gsm_stuff_frame(msg->data,
691 gsm->txframe + 1, msg->len);
692 gsm->txframe[len + 1] = GSM1_SOF;
693 len += 2;
694 } else {
695 gsm->txframe[0] = GSM0_SOF;
696 memcpy(gsm->txframe + 1 , msg->data, msg->len);
697 gsm->txframe[msg->len + 1] = GSM0_SOF;
698 len = msg->len + 2;
699 }
700
701 if (debug & 4)
702 print_hex_dump_bytes("gsm_data_kick: ",
703 DUMP_PREFIX_OFFSET,
704 gsm->txframe, len);
705 if (gsm->output(gsm, gsm->txframe, len) < 0)
706 break;
707 /* FIXME: Can eliminate one SOF in many more cases */
708 gsm->tx_bytes -= msg->len;
709
710 list_del(&msg->list);
711 kfree(msg);
712
713 if (dlci) {
714 tty_port_tty_wakeup(&dlci->port);
715 } else {
716 int i = 0;
717
718 for (i = 0; i < NUM_DLCI; i++)
719 if (gsm->dlci[i])
720 tty_port_tty_wakeup(&gsm->dlci[i]->port);
721 }
722 }
723}
724
725/**
726 * __gsm_data_queue - queue a UI or UIH frame
727 * @dlci: DLCI sending the data
728 * @msg: message queued
729 *
730 * Add data to the transmit queue and try and get stuff moving
731 * out of the mux tty if not already doing so. The Caller must hold
732 * the gsm tx lock.
733 */
734
735static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
736{
737 struct gsm_mux *gsm = dlci->gsm;
738 u8 *dp = msg->data;
739 u8 *fcs = dp + msg->len;
740
741 /* Fill in the header */
742 if (gsm->encoding == 0) {
743 if (msg->len < 128)
744 *--dp = (msg->len << 1) | EA;
745 else {
746 *--dp = (msg->len >> 7); /* bits 7 - 15 */
747 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
748 }
749 }
750
751 *--dp = msg->ctrl;
752 if (gsm->initiator)
753 *--dp = (msg->addr << 2) | 2 | EA;
754 else
755 *--dp = (msg->addr << 2) | EA;
756 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
757 /* Ugly protocol layering violation */
758 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
759 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
760 *fcs = 0xFF - *fcs;
761
762 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
763 msg->data, msg->len);
764
765 /* Move the header back and adjust the length, also allow for the FCS
766 now tacked on the end */
767 msg->len += (msg->data - dp) + 1;
768 msg->data = dp;
769
770 /* Add to the actual output queue */
771 list_add_tail(&msg->list, &gsm->tx_list);
772 gsm->tx_bytes += msg->len;
773 gsm_data_kick(gsm, dlci);
774}
775
776/**
777 * gsm_data_queue - queue a UI or UIH frame
778 * @dlci: DLCI sending the data
779 * @msg: message queued
780 *
781 * Add data to the transmit queue and try and get stuff moving
782 * out of the mux tty if not already doing so. Take the
783 * the gsm tx lock and dlci lock.
784 */
785
786static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
787{
788 unsigned long flags;
789 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
790 __gsm_data_queue(dlci, msg);
791 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
792}
793
794/**
795 * gsm_dlci_data_output - try and push data out of a DLCI
796 * @gsm: mux
797 * @dlci: the DLCI to pull data from
798 *
799 * Pull data from a DLCI and send it into the transmit queue if there
800 * is data. Keep to the MRU of the mux. This path handles the usual tty
801 * interface which is a byte stream with optional modem data.
802 *
803 * Caller must hold the tx_lock of the mux.
804 */
805
806static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
807{
808 struct gsm_msg *msg;
809 u8 *dp;
810 int len, total_size, size;
811 int h = dlci->adaption - 1;
812
813 total_size = 0;
814 while (1) {
815 len = kfifo_len(dlci->fifo);
816 if (len == 0)
817 return total_size;
818
819 /* MTU/MRU count only the data bits */
820 if (len > gsm->mtu)
821 len = gsm->mtu;
822
823 size = len + h;
824
825 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
826 /* FIXME: need a timer or something to kick this so it can't
827 get stuck with no work outstanding and no buffer free */
828 if (msg == NULL)
829 return -ENOMEM;
830 dp = msg->data;
831 switch (dlci->adaption) {
832 case 1: /* Unstructured */
833 break;
834 case 2: /* Unstructed with modem bits.
835 Always one byte as we never send inline break data */
836 *dp++ = gsm_encode_modem(dlci);
837 break;
838 }
839 WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
840 __gsm_data_queue(dlci, msg);
841 total_size += size;
842 }
843 /* Bytes of data we used up */
844 return total_size;
845}
846
847/**
848 * gsm_dlci_data_output_framed - try and push data out of a DLCI
849 * @gsm: mux
850 * @dlci: the DLCI to pull data from
851 *
852 * Pull data from a DLCI and send it into the transmit queue if there
853 * is data. Keep to the MRU of the mux. This path handles framed data
854 * queued as skbuffs to the DLCI.
855 *
856 * Caller must hold the tx_lock of the mux.
857 */
858
859static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
860 struct gsm_dlci *dlci)
861{
862 struct gsm_msg *msg;
863 u8 *dp;
864 int len, size;
865 int last = 0, first = 0;
866 int overhead = 0;
867
868 /* One byte per frame is used for B/F flags */
869 if (dlci->adaption == 4)
870 overhead = 1;
871
872 /* dlci->skb is locked by tx_lock */
873 if (dlci->skb == NULL) {
874 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
875 if (dlci->skb == NULL)
876 return 0;
877 first = 1;
878 }
879 len = dlci->skb->len + overhead;
880
881 /* MTU/MRU count only the data bits */
882 if (len > gsm->mtu) {
883 if (dlci->adaption == 3) {
884 /* Over long frame, bin it */
885 dev_kfree_skb_any(dlci->skb);
886 dlci->skb = NULL;
887 return 0;
888 }
889 len = gsm->mtu;
890 } else
891 last = 1;
892
893 size = len + overhead;
894 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
895
896 /* FIXME: need a timer or something to kick this so it can't
897 get stuck with no work outstanding and no buffer free */
898 if (msg == NULL) {
899 skb_queue_tail(&dlci->skb_list, dlci->skb);
900 dlci->skb = NULL;
901 return -ENOMEM;
902 }
903 dp = msg->data;
904
905 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
906 /* Flag byte to carry the start/end info */
907 *dp++ = last << 7 | first << 6 | 1; /* EA */
908 len--;
909 }
910 memcpy(dp, dlci->skb->data, len);
911 skb_pull(dlci->skb, len);
912 __gsm_data_queue(dlci, msg);
913 if (last) {
914 dev_kfree_skb_any(dlci->skb);
915 dlci->skb = NULL;
916 }
917 return size;
918}
919
920/**
921 * gsm_dlci_data_sweep - look for data to send
922 * @gsm: the GSM mux
923 *
924 * Sweep the GSM mux channels in priority order looking for ones with
925 * data to send. We could do with optimising this scan a bit. We aim
926 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
927 * TX_THRESH_LO we get called again
928 *
929 * FIXME: We should round robin between groups and in theory you can
930 * renegotiate DLCI priorities with optional stuff. Needs optimising.
931 */
932
933static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
934{
935 int len;
936 /* Priority ordering: We should do priority with RR of the groups */
937 int i = 1;
938
939 while (i < NUM_DLCI) {
940 struct gsm_dlci *dlci;
941
942 if (gsm->tx_bytes > TX_THRESH_HI)
943 break;
944 dlci = gsm->dlci[i];
945 if (dlci == NULL || dlci->constipated) {
946 i++;
947 continue;
948 }
949 if (dlci->adaption < 3 && !dlci->net)
950 len = gsm_dlci_data_output(gsm, dlci);
951 else
952 len = gsm_dlci_data_output_framed(gsm, dlci);
953 if (len < 0)
954 break;
955 /* DLCI empty - try the next */
956 if (len == 0)
957 i++;
958 }
959}
960
961/**
962 * gsm_dlci_data_kick - transmit if possible
963 * @dlci: DLCI to kick
964 *
965 * Transmit data from this DLCI if the queue is empty. We can't rely on
966 * a tty wakeup except when we filled the pipe so we need to fire off
967 * new data ourselves in other cases.
968 */
969
970static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
971{
972 unsigned long flags;
973 int sweep;
974
975 if (dlci->constipated)
976 return;
977
978 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
979 /* If we have nothing running then we need to fire up */
980 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
981 if (dlci->gsm->tx_bytes == 0) {
982 if (dlci->net)
983 gsm_dlci_data_output_framed(dlci->gsm, dlci);
984 else
985 gsm_dlci_data_output(dlci->gsm, dlci);
986 }
987 if (sweep)
988 gsm_dlci_data_sweep(dlci->gsm);
989 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
990}
991
992/*
993 * Control message processing
994 */
995
996
997/**
998 * gsm_control_reply - send a response frame to a control
999 * @gsm: gsm channel
1000 * @cmd: the command to use
1001 * @data: data to follow encoded info
1002 * @dlen: length of data
1003 *
1004 * Encode up and queue a UI/UIH frame containing our response.
1005 */
1006
1007static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
1008 int dlen)
1009{
1010 struct gsm_msg *msg;
1011 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1012 if (msg == NULL)
1013 return;
1014 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1015 msg->data[1] = (dlen << 1) | EA;
1016 memcpy(msg->data + 2, data, dlen);
1017 gsm_data_queue(gsm->dlci[0], msg);
1018}
1019
1020/**
1021 * gsm_process_modem - process received modem status
1022 * @tty: virtual tty bound to the DLCI
1023 * @dlci: DLCI to affect
1024 * @modem: modem bits (full EA)
1025 *
1026 * Used when a modem control message or line state inline in adaption
1027 * layer 2 is processed. Sort out the local modem state and throttles
1028 */
1029
1030static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1031 u32 modem, int clen)
1032{
1033 int mlines = 0;
1034 u8 brk = 0;
1035 int fc;
1036
1037 /* The modem status command can either contain one octet (v.24 signals)
1038 or two octets (v.24 signals + break signals). The length field will
1039 either be 2 or 3 respectively. This is specified in section
1040 5.4.6.3.7 of the 27.010 mux spec. */
1041
1042 if (clen == 2)
1043 modem = modem & 0x7f;
1044 else {
1045 brk = modem & 0x7f;
1046 modem = (modem >> 7) & 0x7f;
1047 }
1048
1049 /* Flow control/ready to communicate */
1050 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1051 if (fc && !dlci->constipated) {
1052 /* Need to throttle our output on this device */
1053 dlci->constipated = 1;
1054 } else if (!fc && dlci->constipated) {
1055 dlci->constipated = 0;
1056 gsm_dlci_data_kick(dlci);
1057 }
1058
1059 /* Map modem bits */
1060 if (modem & MDM_RTC)
1061 mlines |= TIOCM_DSR | TIOCM_DTR;
1062 if (modem & MDM_RTR)
1063 mlines |= TIOCM_RTS | TIOCM_CTS;
1064 if (modem & MDM_IC)
1065 mlines |= TIOCM_RI;
1066 if (modem & MDM_DV)
1067 mlines |= TIOCM_CD;
1068
1069 /* Carrier drop -> hangup */
1070 if (tty) {
1071 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1072 if (!C_CLOCAL(tty))
1073 tty_hangup(tty);
1074 }
1075 if (brk & 0x01)
1076 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1077 dlci->modem_rx = mlines;
1078}
1079
1080/**
1081 * gsm_control_modem - modem status received
1082 * @gsm: GSM channel
1083 * @data: data following command
1084 * @clen: command length
1085 *
1086 * We have received a modem status control message. This is used by
1087 * the GSM mux protocol to pass virtual modem line status and optionally
1088 * to indicate break signals. Unpack it, convert to Linux representation
1089 * and if need be stuff a break message down the tty.
1090 */
1091
1092static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1093{
1094 unsigned int addr = 0;
1095 unsigned int modem = 0;
1096 unsigned int brk = 0;
1097 struct gsm_dlci *dlci;
1098 int len = clen;
1099 u8 *dp = data;
1100 struct tty_struct *tty;
1101
1102 while (gsm_read_ea(&addr, *dp++) == 0) {
1103 len--;
1104 if (len == 0)
1105 return;
1106 }
1107 /* Must be at least one byte following the EA */
1108 len--;
1109 if (len <= 0)
1110 return;
1111
1112 addr >>= 1;
1113 /* Closed port, or invalid ? */
1114 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1115 return;
1116 dlci = gsm->dlci[addr];
1117
1118 while (gsm_read_ea(&modem, *dp++) == 0) {
1119 len--;
1120 if (len == 0)
1121 return;
1122 }
1123 len--;
1124 if (len > 0) {
1125 while (gsm_read_ea(&brk, *dp++) == 0) {
1126 len--;
1127 if (len == 0)
1128 return;
1129 }
1130 modem <<= 7;
1131 modem |= (brk & 0x7f);
1132 }
1133 tty = tty_port_tty_get(&dlci->port);
1134 gsm_process_modem(tty, dlci, modem, clen);
1135 if (tty) {
1136 tty_wakeup(tty);
1137 tty_kref_put(tty);
1138 }
1139 gsm_control_reply(gsm, CMD_MSC, data, clen);
1140}
1141
1142/**
1143 * gsm_control_rls - remote line status
1144 * @gsm: GSM channel
1145 * @data: data bytes
1146 * @clen: data length
1147 *
1148 * The modem sends us a two byte message on the control channel whenever
1149 * it wishes to send us an error state from the virtual link. Stuff
1150 * this into the uplink tty if present
1151 */
1152
1153static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1154{
1155 struct tty_port *port;
1156 unsigned int addr = 0;
1157 u8 bits;
1158 int len = clen;
1159 u8 *dp = data;
1160
1161 while (gsm_read_ea(&addr, *dp++) == 0) {
1162 len--;
1163 if (len == 0)
1164 return;
1165 }
1166 /* Must be at least one byte following ea */
1167 len--;
1168 if (len <= 0)
1169 return;
1170 addr >>= 1;
1171 /* Closed port, or invalid ? */
1172 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1173 return;
1174 /* No error ? */
1175 bits = *dp;
1176 if ((bits & 1) == 0)
1177 return;
1178
1179 port = &gsm->dlci[addr]->port;
1180
1181 if (bits & 2)
1182 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1183 if (bits & 4)
1184 tty_insert_flip_char(port, 0, TTY_PARITY);
1185 if (bits & 8)
1186 tty_insert_flip_char(port, 0, TTY_FRAME);
1187
1188 tty_flip_buffer_push(port);
1189
1190 gsm_control_reply(gsm, CMD_RLS, data, clen);
1191}
1192
1193static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1194
1195/**
1196 * gsm_control_message - DLCI 0 control processing
1197 * @gsm: our GSM mux
1198 * @command: the command EA
1199 * @data: data beyond the command/length EAs
1200 * @clen: length
1201 *
1202 * Input processor for control messages from the other end of the link.
1203 * Processes the incoming request and queues a response frame or an
1204 * NSC response if not supported
1205 */
1206
1207static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1208 u8 *data, int clen)
1209{
1210 u8 buf[1];
1211 unsigned long flags;
1212
1213 switch (command) {
1214 case CMD_CLD: {
1215 struct gsm_dlci *dlci = gsm->dlci[0];
1216 /* Modem wishes to close down */
1217 if (dlci) {
1218 dlci->dead = 1;
1219 gsm->dead = 1;
1220 gsm_dlci_begin_close(dlci);
1221 }
1222 }
1223 break;
1224 case CMD_TEST:
1225 /* Modem wishes to test, reply with the data */
1226 gsm_control_reply(gsm, CMD_TEST, data, clen);
1227 break;
1228 case CMD_FCON:
1229 /* Modem can accept data again */
1230 gsm->constipated = 0;
1231 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1232 /* Kick the link in case it is idling */
1233 spin_lock_irqsave(&gsm->tx_lock, flags);
1234 gsm_data_kick(gsm, NULL);
1235 spin_unlock_irqrestore(&gsm->tx_lock, flags);
1236 break;
1237 case CMD_FCOFF:
1238 /* Modem wants us to STFU */
1239 gsm->constipated = 1;
1240 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1241 break;
1242 case CMD_MSC:
1243 /* Out of band modem line change indicator for a DLCI */
1244 gsm_control_modem(gsm, data, clen);
1245 break;
1246 case CMD_RLS:
1247 /* Out of band error reception for a DLCI */
1248 gsm_control_rls(gsm, data, clen);
1249 break;
1250 case CMD_PSC:
1251 /* Modem wishes to enter power saving state */
1252 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1253 break;
1254 /* Optional unsupported commands */
1255 case CMD_PN: /* Parameter negotiation */
1256 case CMD_RPN: /* Remote port negotiation */
1257 case CMD_SNC: /* Service negotiation command */
1258 default:
1259 /* Reply to bad commands with an NSC */
1260 buf[0] = command;
1261 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1262 break;
1263 }
1264}
1265
1266/**
1267 * gsm_control_response - process a response to our control
1268 * @gsm: our GSM mux
1269 * @command: the command (response) EA
1270 * @data: data beyond the command/length EA
1271 * @clen: length
1272 *
1273 * Process a response to an outstanding command. We only allow a single
1274 * control message in flight so this is fairly easy. All the clean up
1275 * is done by the caller, we just update the fields, flag it as done
1276 * and return
1277 */
1278
1279static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1280 u8 *data, int clen)
1281{
1282 struct gsm_control *ctrl;
1283 unsigned long flags;
1284
1285 spin_lock_irqsave(&gsm->control_lock, flags);
1286
1287 ctrl = gsm->pending_cmd;
1288 /* Does the reply match our command */
1289 command |= 1;
1290 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1291 /* Our command was replied to, kill the retry timer */
1292 del_timer(&gsm->t2_timer);
1293 gsm->pending_cmd = NULL;
1294 /* Rejected by the other end */
1295 if (command == CMD_NSC)
1296 ctrl->error = -EOPNOTSUPP;
1297 ctrl->done = 1;
1298 wake_up(&gsm->event);
1299 }
1300 spin_unlock_irqrestore(&gsm->control_lock, flags);
1301}
1302
1303/**
1304 * gsm_control_transmit - send control packet
1305 * @gsm: gsm mux
1306 * @ctrl: frame to send
1307 *
1308 * Send out a pending control command (called under control lock)
1309 */
1310
1311static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1312{
1313 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
1314 if (msg == NULL)
1315 return;
1316 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1317 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1318 gsm_data_queue(gsm->dlci[0], msg);
1319}
1320
1321/**
1322 * gsm_control_retransmit - retransmit a control frame
1323 * @data: pointer to our gsm object
1324 *
1325 * Called off the T2 timer expiry in order to retransmit control frames
1326 * that have been lost in the system somewhere. The control_lock protects
1327 * us from colliding with another sender or a receive completion event.
1328 * In that situation the timer may still occur in a small window but
1329 * gsm->pending_cmd will be NULL and we just let the timer expire.
1330 */
1331
1332static void gsm_control_retransmit(unsigned long data)
1333{
1334 struct gsm_mux *gsm = (struct gsm_mux *)data;
1335 struct gsm_control *ctrl;
1336 unsigned long flags;
1337 spin_lock_irqsave(&gsm->control_lock, flags);
1338 ctrl = gsm->pending_cmd;
1339 if (ctrl) {
1340 gsm->cretries--;
1341 if (gsm->cretries == 0) {
1342 gsm->pending_cmd = NULL;
1343 ctrl->error = -ETIMEDOUT;
1344 ctrl->done = 1;
1345 spin_unlock_irqrestore(&gsm->control_lock, flags);
1346 wake_up(&gsm->event);
1347 return;
1348 }
1349 gsm_control_transmit(gsm, ctrl);
1350 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1351 }
1352 spin_unlock_irqrestore(&gsm->control_lock, flags);
1353}
1354
1355/**
1356 * gsm_control_send - send a control frame on DLCI 0
1357 * @gsm: the GSM channel
1358 * @command: command to send including CR bit
1359 * @data: bytes of data (must be kmalloced)
1360 * @len: length of the block to send
1361 *
1362 * Queue and dispatch a control command. Only one command can be
1363 * active at a time. In theory more can be outstanding but the matching
1364 * gets really complicated so for now stick to one outstanding.
1365 */
1366
1367static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1368 unsigned int command, u8 *data, int clen)
1369{
1370 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1371 GFP_KERNEL);
1372 unsigned long flags;
1373 if (ctrl == NULL)
1374 return NULL;
1375retry:
1376 wait_event(gsm->event, gsm->pending_cmd == NULL);
1377 spin_lock_irqsave(&gsm->control_lock, flags);
1378 if (gsm->pending_cmd != NULL) {
1379 spin_unlock_irqrestore(&gsm->control_lock, flags);
1380 goto retry;
1381 }
1382 ctrl->cmd = command;
1383 ctrl->data = data;
1384 ctrl->len = clen;
1385 gsm->pending_cmd = ctrl;
1386
1387 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1388 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1389 gsm->cretries = 1;
1390 else
1391 gsm->cretries = gsm->n2;
1392
1393 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1394 gsm_control_transmit(gsm, ctrl);
1395 spin_unlock_irqrestore(&gsm->control_lock, flags);
1396 return ctrl;
1397}
1398
1399/**
1400 * gsm_control_wait - wait for a control to finish
1401 * @gsm: GSM mux
1402 * @control: control we are waiting on
1403 *
1404 * Waits for the control to complete or time out. Frees any used
1405 * resources and returns 0 for success, or an error if the remote
1406 * rejected or ignored the request.
1407 */
1408
1409static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1410{
1411 int err;
1412 wait_event(gsm->event, control->done == 1);
1413 err = control->error;
1414 kfree(control);
1415 return err;
1416}
1417
1418
1419/*
1420 * DLCI level handling: Needs krefs
1421 */
1422
1423/*
1424 * State transitions and timers
1425 */
1426
1427/**
1428 * gsm_dlci_close - a DLCI has closed
1429 * @dlci: DLCI that closed
1430 *
1431 * Perform processing when moving a DLCI into closed state. If there
1432 * is an attached tty this is hung up
1433 */
1434
1435static void gsm_dlci_close(struct gsm_dlci *dlci)
1436{
1437 del_timer(&dlci->t1);
1438 if (debug & 8)
1439 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1440 dlci->state = DLCI_CLOSED;
1441 if (dlci->addr != 0) {
1442 tty_port_tty_hangup(&dlci->port, false);
1443 kfifo_reset(dlci->fifo);
1444 } else
1445 dlci->gsm->dead = 1;
1446 wake_up(&dlci->gsm->event);
1447 /* A DLCI 0 close is a MUX termination so we need to kick that
1448 back to userspace somehow */
1449}
1450
1451/**
1452 * gsm_dlci_open - a DLCI has opened
1453 * @dlci: DLCI that opened
1454 *
1455 * Perform processing when moving a DLCI into open state.
1456 */
1457
1458static void gsm_dlci_open(struct gsm_dlci *dlci)
1459{
1460 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1461 open -> open */
1462 del_timer(&dlci->t1);
1463 /* This will let a tty open continue */
1464 dlci->state = DLCI_OPEN;
1465 if (debug & 8)
1466 pr_debug("DLCI %d goes open.\n", dlci->addr);
1467 wake_up(&dlci->gsm->event);
1468}
1469
1470/**
1471 * gsm_dlci_t1 - T1 timer expiry
1472 * @dlci: DLCI that opened
1473 *
1474 * The T1 timer handles retransmits of control frames (essentially of
1475 * SABM and DISC). We resend the command until the retry count runs out
1476 * in which case an opening port goes back to closed and a closing port
1477 * is simply put into closed state (any further frames from the other
1478 * end will get a DM response)
1479 *
1480 * Some control dlci can stay in ADM mode with other dlci working just
1481 * fine. In that case we can just keep the control dlci open after the
1482 * DLCI_OPENING retries time out.
1483 */
1484
1485static void gsm_dlci_t1(unsigned long data)
1486{
1487 struct gsm_dlci *dlci = (struct gsm_dlci *)data;
1488 struct gsm_mux *gsm = dlci->gsm;
1489
1490 switch (dlci->state) {
1491 case DLCI_OPENING:
1492 dlci->retries--;
1493 if (dlci->retries) {
1494 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1495 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1496 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1497 if (debug & 8)
1498 pr_info("DLCI %d opening in ADM mode.\n",
1499 dlci->addr);
1500 dlci->mode = DLCI_MODE_ADM;
1501 gsm_dlci_open(dlci);
1502 } else {
1503 gsm_dlci_close(dlci);
1504 }
1505
1506 break;
1507 case DLCI_CLOSING:
1508 dlci->retries--;
1509 if (dlci->retries) {
1510 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1511 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1512 } else
1513 gsm_dlci_close(dlci);
1514 break;
1515 }
1516}
1517
1518/**
1519 * gsm_dlci_begin_open - start channel open procedure
1520 * @dlci: DLCI to open
1521 *
1522 * Commence opening a DLCI from the Linux side. We issue SABM messages
1523 * to the modem which should then reply with a UA or ADM, at which point
1524 * we will move into open state. Opening is done asynchronously with retry
1525 * running off timers and the responses.
1526 */
1527
1528static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1529{
1530 struct gsm_mux *gsm = dlci->gsm;
1531 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1532 return;
1533 dlci->retries = gsm->n2;
1534 dlci->state = DLCI_OPENING;
1535 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1536 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1537}
1538
1539/**
1540 * gsm_dlci_begin_close - start channel open procedure
1541 * @dlci: DLCI to open
1542 *
1543 * Commence closing a DLCI from the Linux side. We issue DISC messages
1544 * to the modem which should then reply with a UA, at which point we
1545 * will move into closed state. Closing is done asynchronously with retry
1546 * off timers. We may also receive a DM reply from the other end which
1547 * indicates the channel was already closed.
1548 */
1549
1550static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1551{
1552 struct gsm_mux *gsm = dlci->gsm;
1553 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1554 return;
1555 dlci->retries = gsm->n2;
1556 dlci->state = DLCI_CLOSING;
1557 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1558 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1559}
1560
1561/**
1562 * gsm_dlci_data - data arrived
1563 * @dlci: channel
1564 * @data: block of bytes received
1565 * @len: length of received block
1566 *
1567 * A UI or UIH frame has arrived which contains data for a channel
1568 * other than the control channel. If the relevant virtual tty is
1569 * open we shovel the bits down it, if not we drop them.
1570 */
1571
1572static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
1573{
1574 /* krefs .. */
1575 struct tty_port *port = &dlci->port;
1576 struct tty_struct *tty;
1577 unsigned int modem = 0;
1578 int len = clen;
1579
1580 if (debug & 16)
1581 pr_debug("%d bytes for tty\n", len);
1582 switch (dlci->adaption) {
1583 /* Unsupported types */
1584 /* Packetised interruptible data */
1585 case 4:
1586 break;
1587 /* Packetised uininterruptible voice/data */
1588 case 3:
1589 break;
1590 /* Asynchronous serial with line state in each frame */
1591 case 2:
1592 while (gsm_read_ea(&modem, *data++) == 0) {
1593 len--;
1594 if (len == 0)
1595 return;
1596 }
1597 tty = tty_port_tty_get(port);
1598 if (tty) {
1599 gsm_process_modem(tty, dlci, modem, clen);
1600 tty_kref_put(tty);
1601 }
1602 /* Line state will go via DLCI 0 controls only */
1603 case 1:
1604 default:
1605 tty_insert_flip_string(port, data, len);
1606 tty_flip_buffer_push(port);
1607 }
1608}
1609
1610/**
1611 * gsm_dlci_control - data arrived on control channel
1612 * @dlci: channel
1613 * @data: block of bytes received
1614 * @len: length of received block
1615 *
1616 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1617 * control channel. This should contain a command EA followed by
1618 * control data bytes. The command EA contains a command/response bit
1619 * and we divide up the work accordingly.
1620 */
1621
1622static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1623{
1624 /* See what command is involved */
1625 unsigned int command = 0;
1626 while (len-- > 0) {
1627 if (gsm_read_ea(&command, *data++) == 1) {
1628 int clen = *data++;
1629 len--;
1630 /* FIXME: this is properly an EA */
1631 clen >>= 1;
1632 /* Malformed command ? */
1633 if (clen > len)
1634 return;
1635 if (command & 1)
1636 gsm_control_message(dlci->gsm, command,
1637 data, clen);
1638 else
1639 gsm_control_response(dlci->gsm, command,
1640 data, clen);
1641 return;
1642 }
1643 }
1644}
1645
1646/*
1647 * Allocate/Free DLCI channels
1648 */
1649
1650/**
1651 * gsm_dlci_alloc - allocate a DLCI
1652 * @gsm: GSM mux
1653 * @addr: address of the DLCI
1654 *
1655 * Allocate and install a new DLCI object into the GSM mux.
1656 *
1657 * FIXME: review locking races
1658 */
1659
1660static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1661{
1662 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1663 if (dlci == NULL)
1664 return NULL;
1665 spin_lock_init(&dlci->lock);
1666 mutex_init(&dlci->mutex);
1667 dlci->fifo = &dlci->_fifo;
1668 if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1669 kfree(dlci);
1670 return NULL;
1671 }
1672
1673 skb_queue_head_init(&dlci->skb_list);
1674 init_timer(&dlci->t1);
1675 dlci->t1.function = gsm_dlci_t1;
1676 dlci->t1.data = (unsigned long)dlci;
1677 tty_port_init(&dlci->port);
1678 dlci->port.ops = &gsm_port_ops;
1679 dlci->gsm = gsm;
1680 dlci->addr = addr;
1681 dlci->adaption = gsm->adaption;
1682 dlci->state = DLCI_CLOSED;
1683 if (addr)
1684 dlci->data = gsm_dlci_data;
1685 else
1686 dlci->data = gsm_dlci_command;
1687 gsm->dlci[addr] = dlci;
1688 return dlci;
1689}
1690
1691/**
1692 * gsm_dlci_free - free DLCI
1693 * @dlci: DLCI to free
1694 *
1695 * Free up a DLCI.
1696 *
1697 * Can sleep.
1698 */
1699static void gsm_dlci_free(struct tty_port *port)
1700{
1701 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1702
1703 del_timer_sync(&dlci->t1);
1704 dlci->gsm->dlci[dlci->addr] = NULL;
1705 kfifo_free(dlci->fifo);
1706 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1707 dev_kfree_skb(dlci->skb);
1708 kfree(dlci);
1709}
1710
1711static inline void dlci_get(struct gsm_dlci *dlci)
1712{
1713 tty_port_get(&dlci->port);
1714}
1715
1716static inline void dlci_put(struct gsm_dlci *dlci)
1717{
1718 tty_port_put(&dlci->port);
1719}
1720
1721static void gsm_destroy_network(struct gsm_dlci *dlci);
1722
1723/**
1724 * gsm_dlci_release - release DLCI
1725 * @dlci: DLCI to destroy
1726 *
1727 * Release a DLCI. Actual free is deferred until either
1728 * mux is closed or tty is closed - whichever is last.
1729 *
1730 * Can sleep.
1731 */
1732static void gsm_dlci_release(struct gsm_dlci *dlci)
1733{
1734 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1735 if (tty) {
1736 mutex_lock(&dlci->mutex);
1737 gsm_destroy_network(dlci);
1738 mutex_unlock(&dlci->mutex);
1739
1740 tty_vhangup(tty);
1741
1742 tty_port_tty_set(&dlci->port, NULL);
1743 tty_kref_put(tty);
1744 }
1745 dlci->state = DLCI_CLOSED;
1746 dlci_put(dlci);
1747}
1748
1749/*
1750 * LAPBish link layer logic
1751 */
1752
1753/**
1754 * gsm_queue - a GSM frame is ready to process
1755 * @gsm: pointer to our gsm mux
1756 *
1757 * At this point in time a frame has arrived and been demangled from
1758 * the line encoding. All the differences between the encodings have
1759 * been handled below us and the frame is unpacked into the structures.
1760 * The fcs holds the header FCS but any data FCS must be added here.
1761 */
1762
1763static void gsm_queue(struct gsm_mux *gsm)
1764{
1765 struct gsm_dlci *dlci;
1766 u8 cr;
1767 int address;
1768 /* We have to sneak a look at the packet body to do the FCS.
1769 A somewhat layering violation in the spec */
1770
1771 if ((gsm->control & ~PF) == UI)
1772 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
1773 if (gsm->encoding == 0) {
1774 /* WARNING: gsm->received_fcs is used for
1775 gsm->encoding = 0 only.
1776 In this case it contain the last piece of data
1777 required to generate final CRC */
1778 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1779 }
1780 if (gsm->fcs != GOOD_FCS) {
1781 gsm->bad_fcs++;
1782 if (debug & 4)
1783 pr_debug("BAD FCS %02x\n", gsm->fcs);
1784 return;
1785 }
1786 address = gsm->address >> 1;
1787 if (address >= NUM_DLCI)
1788 goto invalid;
1789
1790 cr = gsm->address & 1; /* C/R bit */
1791
1792 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1793
1794 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1795 dlci = gsm->dlci[address];
1796
1797 switch (gsm->control) {
1798 case SABM|PF:
1799 if (cr == 0)
1800 goto invalid;
1801 if (dlci == NULL)
1802 dlci = gsm_dlci_alloc(gsm, address);
1803 if (dlci == NULL)
1804 return;
1805 if (dlci->dead)
1806 gsm_response(gsm, address, DM);
1807 else {
1808 gsm_response(gsm, address, UA);
1809 gsm_dlci_open(dlci);
1810 }
1811 break;
1812 case DISC|PF:
1813 if (cr == 0)
1814 goto invalid;
1815 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1816 gsm_response(gsm, address, DM);
1817 return;
1818 }
1819 /* Real close complete */
1820 gsm_response(gsm, address, UA);
1821 gsm_dlci_close(dlci);
1822 break;
1823 case UA:
1824 case UA|PF:
1825 if (cr == 0 || dlci == NULL)
1826 break;
1827 switch (dlci->state) {
1828 case DLCI_CLOSING:
1829 gsm_dlci_close(dlci);
1830 break;
1831 case DLCI_OPENING:
1832 gsm_dlci_open(dlci);
1833 break;
1834 }
1835 break;
1836 case DM: /* DM can be valid unsolicited */
1837 case DM|PF:
1838 if (cr)
1839 goto invalid;
1840 if (dlci == NULL)
1841 return;
1842 gsm_dlci_close(dlci);
1843 break;
1844 case UI:
1845 case UI|PF:
1846 case UIH:
1847 case UIH|PF:
1848#if 0
1849 if (cr)
1850 goto invalid;
1851#endif
1852 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1853 gsm_command(gsm, address, DM|PF);
1854 return;
1855 }
1856 dlci->data(dlci, gsm->buf, gsm->len);
1857 break;
1858 default:
1859 goto invalid;
1860 }
1861 return;
1862invalid:
1863 gsm->malformed++;
1864 return;
1865}
1866
1867
1868/**
1869 * gsm0_receive - perform processing for non-transparency
1870 * @gsm: gsm data for this ldisc instance
1871 * @c: character
1872 *
1873 * Receive bytes in gsm mode 0
1874 */
1875
1876static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1877{
1878 unsigned int len;
1879
1880 switch (gsm->state) {
1881 case GSM_SEARCH: /* SOF marker */
1882 if (c == GSM0_SOF) {
1883 gsm->state = GSM_ADDRESS;
1884 gsm->address = 0;
1885 gsm->len = 0;
1886 gsm->fcs = INIT_FCS;
1887 }
1888 break;
1889 case GSM_ADDRESS: /* Address EA */
1890 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1891 if (gsm_read_ea(&gsm->address, c))
1892 gsm->state = GSM_CONTROL;
1893 break;
1894 case GSM_CONTROL: /* Control Byte */
1895 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1896 gsm->control = c;
1897 gsm->state = GSM_LEN0;
1898 break;
1899 case GSM_LEN0: /* Length EA */
1900 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1901 if (gsm_read_ea(&gsm->len, c)) {
1902 if (gsm->len > gsm->mru) {
1903 gsm->bad_size++;
1904 gsm->state = GSM_SEARCH;
1905 break;
1906 }
1907 gsm->count = 0;
1908 if (!gsm->len)
1909 gsm->state = GSM_FCS;
1910 else
1911 gsm->state = GSM_DATA;
1912 break;
1913 }
1914 gsm->state = GSM_LEN1;
1915 break;
1916 case GSM_LEN1:
1917 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1918 len = c;
1919 gsm->len |= len << 7;
1920 if (gsm->len > gsm->mru) {
1921 gsm->bad_size++;
1922 gsm->state = GSM_SEARCH;
1923 break;
1924 }
1925 gsm->count = 0;
1926 if (!gsm->len)
1927 gsm->state = GSM_FCS;
1928 else
1929 gsm->state = GSM_DATA;
1930 break;
1931 case GSM_DATA: /* Data */
1932 gsm->buf[gsm->count++] = c;
1933 if (gsm->count == gsm->len)
1934 gsm->state = GSM_FCS;
1935 break;
1936 case GSM_FCS: /* FCS follows the packet */
1937 gsm->received_fcs = c;
1938 gsm_queue(gsm);
1939 gsm->state = GSM_SSOF;
1940 break;
1941 case GSM_SSOF:
1942 if (c == GSM0_SOF) {
1943 gsm->state = GSM_SEARCH;
1944 break;
1945 }
1946 break;
1947 }
1948}
1949
1950/**
1951 * gsm1_receive - perform processing for non-transparency
1952 * @gsm: gsm data for this ldisc instance
1953 * @c: character
1954 *
1955 * Receive bytes in mode 1 (Advanced option)
1956 */
1957
1958static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1959{
1960 if (c == GSM1_SOF) {
1961 /* EOF is only valid in frame if we have got to the data state
1962 and received at least one byte (the FCS) */
1963 if (gsm->state == GSM_DATA && gsm->count) {
1964 /* Extract the FCS */
1965 gsm->count--;
1966 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1967 gsm->len = gsm->count;
1968 gsm_queue(gsm);
1969 gsm->state = GSM_START;
1970 return;
1971 }
1972 /* Any partial frame was a runt so go back to start */
1973 if (gsm->state != GSM_START) {
1974 gsm->malformed++;
1975 gsm->state = GSM_START;
1976 }
1977 /* A SOF in GSM_START means we are still reading idling or
1978 framing bytes */
1979 return;
1980 }
1981
1982 if (c == GSM1_ESCAPE) {
1983 gsm->escape = 1;
1984 return;
1985 }
1986
1987 /* Only an unescaped SOF gets us out of GSM search */
1988 if (gsm->state == GSM_SEARCH)
1989 return;
1990
1991 if (gsm->escape) {
1992 c ^= GSM1_ESCAPE_BITS;
1993 gsm->escape = 0;
1994 }
1995 switch (gsm->state) {
1996 case GSM_START: /* First byte after SOF */
1997 gsm->address = 0;
1998 gsm->state = GSM_ADDRESS;
1999 gsm->fcs = INIT_FCS;
2000 /* Drop through */
2001 case GSM_ADDRESS: /* Address continuation */
2002 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2003 if (gsm_read_ea(&gsm->address, c))
2004 gsm->state = GSM_CONTROL;
2005 break;
2006 case GSM_CONTROL: /* Control Byte */
2007 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2008 gsm->control = c;
2009 gsm->count = 0;
2010 gsm->state = GSM_DATA;
2011 break;
2012 case GSM_DATA: /* Data */
2013 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2014 gsm->state = GSM_OVERRUN;
2015 gsm->bad_size++;
2016 } else
2017 gsm->buf[gsm->count++] = c;
2018 break;
2019 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2020 break;
2021 }
2022}
2023
2024/**
2025 * gsm_error - handle tty error
2026 * @gsm: ldisc data
2027 * @data: byte received (may be invalid)
2028 * @flag: error received
2029 *
2030 * Handle an error in the receipt of data for a frame. Currently we just
2031 * go back to hunting for a SOF.
2032 *
2033 * FIXME: better diagnostics ?
2034 */
2035
2036static void gsm_error(struct gsm_mux *gsm,
2037 unsigned char data, unsigned char flag)
2038{
2039 gsm->state = GSM_SEARCH;
2040 gsm->io_error++;
2041}
2042
2043static int gsm_disconnect(struct gsm_mux *gsm)
2044{
2045 struct gsm_dlci *dlci = gsm->dlci[0];
2046 struct gsm_control *gc;
2047
2048 if (!dlci)
2049 return 0;
2050
2051 /* In theory disconnecting DLCI 0 is sufficient but for some
2052 modems this is apparently not the case. */
2053 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2054 if (gc)
2055 gsm_control_wait(gsm, gc);
2056
2057 del_timer_sync(&gsm->t2_timer);
2058 /* Now we are sure T2 has stopped */
2059
2060 gsm_dlci_begin_close(dlci);
2061 wait_event_interruptible(gsm->event,
2062 dlci->state == DLCI_CLOSED);
2063
2064 if (signal_pending(current))
2065 return -EINTR;
2066
2067 return 0;
2068}
2069
2070/**
2071 * gsm_cleanup_mux - generic GSM protocol cleanup
2072 * @gsm: our mux
2073 *
2074 * Clean up the bits of the mux which are the same for all framing
2075 * protocols. Remove the mux from the mux table, stop all the timers
2076 * and then shut down each device hanging up the channels as we go.
2077 */
2078
2079static void gsm_cleanup_mux(struct gsm_mux *gsm)
2080{
2081 int i;
2082 struct gsm_dlci *dlci = gsm->dlci[0];
2083 struct gsm_msg *txq, *ntxq;
2084
2085 gsm->dead = 1;
2086
2087 spin_lock(&gsm_mux_lock);
2088 for (i = 0; i < MAX_MUX; i++) {
2089 if (gsm_mux[i] == gsm) {
2090 gsm_mux[i] = NULL;
2091 break;
2092 }
2093 }
2094 spin_unlock(&gsm_mux_lock);
2095 /* open failed before registering => nothing to do */
2096 if (i == MAX_MUX)
2097 return;
2098
2099 del_timer_sync(&gsm->t2_timer);
2100 /* Now we are sure T2 has stopped */
2101 if (dlci)
2102 dlci->dead = 1;
2103
2104 /* Free up any link layer users */
2105 mutex_lock(&gsm->mutex);
2106 for (i = 0; i < NUM_DLCI; i++)
2107 if (gsm->dlci[i])
2108 gsm_dlci_release(gsm->dlci[i]);
2109 mutex_unlock(&gsm->mutex);
2110 /* Now wipe the queues */
2111 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2112 kfree(txq);
2113 INIT_LIST_HEAD(&gsm->tx_list);
2114}
2115
2116/**
2117 * gsm_activate_mux - generic GSM setup
2118 * @gsm: our mux
2119 *
2120 * Set up the bits of the mux which are the same for all framing
2121 * protocols. Add the mux to the mux table so it can be opened and
2122 * finally kick off connecting to DLCI 0 on the modem.
2123 */
2124
2125static int gsm_activate_mux(struct gsm_mux *gsm)
2126{
2127 struct gsm_dlci *dlci;
2128 int i = 0;
2129
2130 setup_timer(&gsm->t2_timer, gsm_control_retransmit, (unsigned long)gsm);
2131 init_waitqueue_head(&gsm->event);
2132 spin_lock_init(&gsm->control_lock);
2133 spin_lock_init(&gsm->tx_lock);
2134
2135 if (gsm->encoding == 0)
2136 gsm->receive = gsm0_receive;
2137 else
2138 gsm->receive = gsm1_receive;
2139 gsm->error = gsm_error;
2140
2141 spin_lock(&gsm_mux_lock);
2142 for (i = 0; i < MAX_MUX; i++) {
2143 if (gsm_mux[i] == NULL) {
2144 gsm->num = i;
2145 gsm_mux[i] = gsm;
2146 break;
2147 }
2148 }
2149 spin_unlock(&gsm_mux_lock);
2150 if (i == MAX_MUX)
2151 return -EBUSY;
2152
2153 dlci = gsm_dlci_alloc(gsm, 0);
2154 if (dlci == NULL)
2155 return -ENOMEM;
2156 gsm->dead = 0; /* Tty opens are now permissible */
2157 return 0;
2158}
2159
2160/**
2161 * gsm_free_mux - free up a mux
2162 * @mux: mux to free
2163 *
2164 * Dispose of allocated resources for a dead mux
2165 */
2166static void gsm_free_mux(struct gsm_mux *gsm)
2167{
2168 kfree(gsm->txframe);
2169 kfree(gsm->buf);
2170 kfree(gsm);
2171}
2172
2173/**
2174 * gsm_free_muxr - free up a mux
2175 * @mux: mux to free
2176 *
2177 * Dispose of allocated resources for a dead mux
2178 */
2179static void gsm_free_muxr(struct kref *ref)
2180{
2181 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2182 gsm_free_mux(gsm);
2183}
2184
2185static inline void mux_get(struct gsm_mux *gsm)
2186{
2187 kref_get(&gsm->ref);
2188}
2189
2190static inline void mux_put(struct gsm_mux *gsm)
2191{
2192 kref_put(&gsm->ref, gsm_free_muxr);
2193}
2194
2195/**
2196 * gsm_alloc_mux - allocate a mux
2197 *
2198 * Creates a new mux ready for activation.
2199 */
2200
2201static struct gsm_mux *gsm_alloc_mux(void)
2202{
2203 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2204 if (gsm == NULL)
2205 return NULL;
2206 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2207 if (gsm->buf == NULL) {
2208 kfree(gsm);
2209 return NULL;
2210 }
2211 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2212 if (gsm->txframe == NULL) {
2213 kfree(gsm->buf);
2214 kfree(gsm);
2215 return NULL;
2216 }
2217 spin_lock_init(&gsm->lock);
2218 mutex_init(&gsm->mutex);
2219 kref_init(&gsm->ref);
2220 INIT_LIST_HEAD(&gsm->tx_list);
2221
2222 gsm->t1 = T1;
2223 gsm->t2 = T2;
2224 gsm->n2 = N2;
2225 gsm->ftype = UIH;
2226 gsm->adaption = 1;
2227 gsm->encoding = 1;
2228 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2229 gsm->mtu = 64;
2230 gsm->dead = 1; /* Avoid early tty opens */
2231
2232 return gsm;
2233}
2234
2235/**
2236 * gsmld_output - write to link
2237 * @gsm: our mux
2238 * @data: bytes to output
2239 * @len: size
2240 *
2241 * Write a block of data from the GSM mux to the data channel. This
2242 * will eventually be serialized from above but at the moment isn't.
2243 */
2244
2245static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2246{
2247 if (tty_write_room(gsm->tty) < len) {
2248 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2249 return -ENOSPC;
2250 }
2251 if (debug & 4)
2252 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2253 data, len);
2254 gsm->tty->ops->write(gsm->tty, data, len);
2255 return len;
2256}
2257
2258/**
2259 * gsmld_attach_gsm - mode set up
2260 * @tty: our tty structure
2261 * @gsm: our mux
2262 *
2263 * Set up the MUX for basic mode and commence connecting to the
2264 * modem. Currently called from the line discipline set up but
2265 * will need moving to an ioctl path.
2266 */
2267
2268static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2269{
2270 int ret, i, base;
2271
2272 gsm->tty = tty_kref_get(tty);
2273 gsm->output = gsmld_output;
2274 ret = gsm_activate_mux(gsm);
2275 if (ret != 0)
2276 tty_kref_put(gsm->tty);
2277 else {
2278 /* Don't register device 0 - this is the control channel and not
2279 a usable tty interface */
2280 base = gsm->num << 6; /* Base for this MUX */
2281 for (i = 1; i < NUM_DLCI; i++)
2282 tty_register_device(gsm_tty_driver, base + i, NULL);
2283 }
2284 return ret;
2285}
2286
2287
2288/**
2289 * gsmld_detach_gsm - stop doing 0710 mux
2290 * @tty: tty attached to the mux
2291 * @gsm: mux
2292 *
2293 * Shutdown and then clean up the resources used by the line discipline
2294 */
2295
2296static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2297{
2298 int i;
2299 int base = gsm->num << 6; /* Base for this MUX */
2300
2301 WARN_ON(tty != gsm->tty);
2302 for (i = 1; i < NUM_DLCI; i++)
2303 tty_unregister_device(gsm_tty_driver, base + i);
2304 gsm_cleanup_mux(gsm);
2305 tty_kref_put(gsm->tty);
2306 gsm->tty = NULL;
2307}
2308
2309static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2310 char *fp, int count)
2311{
2312 struct gsm_mux *gsm = tty->disc_data;
2313 const unsigned char *dp;
2314 char *f;
2315 int i;
2316 char flags = TTY_NORMAL;
2317
2318 if (debug & 4)
2319 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2320 cp, count);
2321
2322 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2323 if (f)
2324 flags = *f++;
2325 switch (flags) {
2326 case TTY_NORMAL:
2327 gsm->receive(gsm, *dp);
2328 break;
2329 case TTY_OVERRUN:
2330 case TTY_BREAK:
2331 case TTY_PARITY:
2332 case TTY_FRAME:
2333 gsm->error(gsm, *dp, flags);
2334 break;
2335 default:
2336 WARN_ONCE(1, "%s: unknown flag %d\n",
2337 tty_name(tty), flags);
2338 break;
2339 }
2340 }
2341 /* FASYNC if needed ? */
2342 /* If clogged call tty_throttle(tty); */
2343}
2344
2345/**
2346 * gsmld_flush_buffer - clean input queue
2347 * @tty: terminal device
2348 *
2349 * Flush the input buffer. Called when the line discipline is
2350 * being closed, when the tty layer wants the buffer flushed (eg
2351 * at hangup).
2352 */
2353
2354static void gsmld_flush_buffer(struct tty_struct *tty)
2355{
2356}
2357
2358/**
2359 * gsmld_close - close the ldisc for this tty
2360 * @tty: device
2361 *
2362 * Called from the terminal layer when this line discipline is
2363 * being shut down, either because of a close or becsuse of a
2364 * discipline change. The function will not be called while other
2365 * ldisc methods are in progress.
2366 */
2367
2368static void gsmld_close(struct tty_struct *tty)
2369{
2370 struct gsm_mux *gsm = tty->disc_data;
2371
2372 gsmld_detach_gsm(tty, gsm);
2373
2374 gsmld_flush_buffer(tty);
2375 /* Do other clean up here */
2376 mux_put(gsm);
2377}
2378
2379/**
2380 * gsmld_open - open an ldisc
2381 * @tty: terminal to open
2382 *
2383 * Called when this line discipline is being attached to the
2384 * terminal device. Can sleep. Called serialized so that no
2385 * other events will occur in parallel. No further open will occur
2386 * until a close.
2387 */
2388
2389static int gsmld_open(struct tty_struct *tty)
2390{
2391 struct gsm_mux *gsm;
2392 int ret;
2393
2394 if (tty->ops->write == NULL)
2395 return -EINVAL;
2396
2397 /* Attach our ldisc data */
2398 gsm = gsm_alloc_mux();
2399 if (gsm == NULL)
2400 return -ENOMEM;
2401
2402 tty->disc_data = gsm;
2403 tty->receive_room = 65536;
2404
2405 /* Attach the initial passive connection */
2406 gsm->encoding = 1;
2407
2408 ret = gsmld_attach_gsm(tty, gsm);
2409 if (ret != 0) {
2410 gsm_cleanup_mux(gsm);
2411 mux_put(gsm);
2412 }
2413 return ret;
2414}
2415
2416/**
2417 * gsmld_write_wakeup - asynchronous I/O notifier
2418 * @tty: tty device
2419 *
2420 * Required for the ptys, serial driver etc. since processes
2421 * that attach themselves to the master and rely on ASYNC
2422 * IO must be woken up
2423 */
2424
2425static void gsmld_write_wakeup(struct tty_struct *tty)
2426{
2427 struct gsm_mux *gsm = tty->disc_data;
2428 unsigned long flags;
2429
2430 /* Queue poll */
2431 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2432 spin_lock_irqsave(&gsm->tx_lock, flags);
2433 gsm_data_kick(gsm, NULL);
2434 if (gsm->tx_bytes < TX_THRESH_LO) {
2435 gsm_dlci_data_sweep(gsm);
2436 }
2437 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2438}
2439
2440/**
2441 * gsmld_read - read function for tty
2442 * @tty: tty device
2443 * @file: file object
2444 * @buf: userspace buffer pointer
2445 * @nr: size of I/O
2446 *
2447 * Perform reads for the line discipline. We are guaranteed that the
2448 * line discipline will not be closed under us but we may get multiple
2449 * parallel readers and must handle this ourselves. We may also get
2450 * a hangup. Always called in user context, may sleep.
2451 *
2452 * This code must be sure never to sleep through a hangup.
2453 */
2454
2455static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2456 unsigned char __user *buf, size_t nr)
2457{
2458 return -EOPNOTSUPP;
2459}
2460
2461/**
2462 * gsmld_write - write function for tty
2463 * @tty: tty device
2464 * @file: file object
2465 * @buf: userspace buffer pointer
2466 * @nr: size of I/O
2467 *
2468 * Called when the owner of the device wants to send a frame
2469 * itself (or some other control data). The data is transferred
2470 * as-is and must be properly framed and checksummed as appropriate
2471 * by userspace. Frames are either sent whole or not at all as this
2472 * avoids pain user side.
2473 */
2474
2475static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2476 const unsigned char *buf, size_t nr)
2477{
2478 int space = tty_write_room(tty);
2479 if (space >= nr)
2480 return tty->ops->write(tty, buf, nr);
2481 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2482 return -ENOBUFS;
2483}
2484
2485/**
2486 * gsmld_poll - poll method for N_GSM0710
2487 * @tty: terminal device
2488 * @file: file accessing it
2489 * @wait: poll table
2490 *
2491 * Called when the line discipline is asked to poll() for data or
2492 * for special events. This code is not serialized with respect to
2493 * other events save open/close.
2494 *
2495 * This code must be sure never to sleep through a hangup.
2496 * Called without the kernel lock held - fine
2497 */
2498
2499static unsigned int gsmld_poll(struct tty_struct *tty, struct file *file,
2500 poll_table *wait)
2501{
2502 unsigned int mask = 0;
2503 struct gsm_mux *gsm = tty->disc_data;
2504
2505 poll_wait(file, &tty->read_wait, wait);
2506 poll_wait(file, &tty->write_wait, wait);
2507 if (tty_hung_up_p(file))
2508 mask |= POLLHUP;
2509 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2510 mask |= POLLOUT | POLLWRNORM;
2511 if (gsm->dead)
2512 mask |= POLLHUP;
2513 return mask;
2514}
2515
2516static int gsmld_config(struct tty_struct *tty, struct gsm_mux *gsm,
2517 struct gsm_config *c)
2518{
2519 int need_close = 0;
2520 int need_restart = 0;
2521
2522 /* Stuff we don't support yet - UI or I frame transport, windowing */
2523 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2524 return -EOPNOTSUPP;
2525 /* Check the MRU/MTU range looks sane */
2526 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2527 return -EINVAL;
2528 if (c->n2 < 3)
2529 return -EINVAL;
2530 if (c->encapsulation > 1) /* Basic, advanced, no I */
2531 return -EINVAL;
2532 if (c->initiator > 1)
2533 return -EINVAL;
2534 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2535 return -EINVAL;
2536 /*
2537 * See what is needed for reconfiguration
2538 */
2539
2540 /* Timing fields */
2541 if (c->t1 != 0 && c->t1 != gsm->t1)
2542 need_restart = 1;
2543 if (c->t2 != 0 && c->t2 != gsm->t2)
2544 need_restart = 1;
2545 if (c->encapsulation != gsm->encoding)
2546 need_restart = 1;
2547 if (c->adaption != gsm->adaption)
2548 need_restart = 1;
2549 /* Requires care */
2550 if (c->initiator != gsm->initiator)
2551 need_close = 1;
2552 if (c->mru != gsm->mru)
2553 need_restart = 1;
2554 if (c->mtu != gsm->mtu)
2555 need_restart = 1;
2556
2557 /*
2558 * Close down what is needed, restart and initiate the new
2559 * configuration
2560 */
2561
2562 if (need_close || need_restart) {
2563 int ret;
2564
2565 ret = gsm_disconnect(gsm);
2566
2567 if (ret)
2568 return ret;
2569 }
2570 if (need_restart)
2571 gsm_cleanup_mux(gsm);
2572
2573 gsm->initiator = c->initiator;
2574 gsm->mru = c->mru;
2575 gsm->mtu = c->mtu;
2576 gsm->encoding = c->encapsulation;
2577 gsm->adaption = c->adaption;
2578 gsm->n2 = c->n2;
2579
2580 if (c->i == 1)
2581 gsm->ftype = UIH;
2582 else if (c->i == 2)
2583 gsm->ftype = UI;
2584
2585 if (c->t1)
2586 gsm->t1 = c->t1;
2587 if (c->t2)
2588 gsm->t2 = c->t2;
2589
2590 /* FIXME: We need to separate activation/deactivation from adding
2591 and removing from the mux array */
2592 if (need_restart)
2593 gsm_activate_mux(gsm);
2594 if (gsm->initiator && need_close)
2595 gsm_dlci_begin_open(gsm->dlci[0]);
2596 return 0;
2597}
2598
2599static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2600 unsigned int cmd, unsigned long arg)
2601{
2602 struct gsm_config c;
2603 struct gsm_mux *gsm = tty->disc_data;
2604
2605 switch (cmd) {
2606 case GSMIOC_GETCONF:
2607 memset(&c, 0, sizeof(c));
2608 c.adaption = gsm->adaption;
2609 c.encapsulation = gsm->encoding;
2610 c.initiator = gsm->initiator;
2611 c.t1 = gsm->t1;
2612 c.t2 = gsm->t2;
2613 c.t3 = 0; /* Not supported */
2614 c.n2 = gsm->n2;
2615 if (gsm->ftype == UIH)
2616 c.i = 1;
2617 else
2618 c.i = 2;
2619 pr_debug("Ftype %d i %d\n", gsm->ftype, c.i);
2620 c.mru = gsm->mru;
2621 c.mtu = gsm->mtu;
2622 c.k = 0;
2623 if (copy_to_user((void *)arg, &c, sizeof(c)))
2624 return -EFAULT;
2625 return 0;
2626 case GSMIOC_SETCONF:
2627 if (copy_from_user(&c, (void *)arg, sizeof(c)))
2628 return -EFAULT;
2629 return gsmld_config(tty, gsm, &c);
2630 default:
2631 return n_tty_ioctl_helper(tty, file, cmd, arg);
2632 }
2633}
2634
2635#ifdef CONFIG_COMPAT
2636static long gsmld_compat_ioctl(struct tty_struct *tty, struct file *file,
2637 unsigned int cmd, unsigned long arg)
2638{
2639 return gsmld_ioctl(tty, file, cmd, arg);
2640}
2641#endif
2642
2643/*
2644 * Network interface
2645 *
2646 */
2647
2648static int gsm_mux_net_open(struct net_device *net)
2649{
2650 pr_debug("%s called\n", __func__);
2651 netif_start_queue(net);
2652 return 0;
2653}
2654
2655static int gsm_mux_net_close(struct net_device *net)
2656{
2657 netif_stop_queue(net);
2658 return 0;
2659}
2660
2661static void dlci_net_free(struct gsm_dlci *dlci)
2662{
2663 if (!dlci->net) {
2664 WARN_ON(1);
2665 return;
2666 }
2667 dlci->adaption = dlci->prev_adaption;
2668 dlci->data = dlci->prev_data;
2669 free_netdev(dlci->net);
2670 dlci->net = NULL;
2671}
2672static void net_free(struct kref *ref)
2673{
2674 struct gsm_mux_net *mux_net;
2675 struct gsm_dlci *dlci;
2676
2677 mux_net = container_of(ref, struct gsm_mux_net, ref);
2678 dlci = mux_net->dlci;
2679
2680 if (dlci->net) {
2681 unregister_netdev(dlci->net);
2682 dlci_net_free(dlci);
2683 }
2684}
2685
2686static inline void muxnet_get(struct gsm_mux_net *mux_net)
2687{
2688 kref_get(&mux_net->ref);
2689}
2690
2691static inline void muxnet_put(struct gsm_mux_net *mux_net)
2692{
2693 kref_put(&mux_net->ref, net_free);
2694}
2695
2696static int gsm_mux_net_start_xmit(struct sk_buff *skb,
2697 struct net_device *net)
2698{
2699 struct gsm_mux_net *mux_net = netdev_priv(net);
2700 struct gsm_dlci *dlci = mux_net->dlci;
2701 muxnet_get(mux_net);
2702
2703 skb_queue_head(&dlci->skb_list, skb);
2704 net->stats.tx_packets++;
2705 net->stats.tx_bytes += skb->len;
2706 gsm_dlci_data_kick(dlci);
2707 /* And tell the kernel when the last transmit started. */
2708 netif_trans_update(net);
2709 muxnet_put(mux_net);
2710 return NETDEV_TX_OK;
2711}
2712
2713/* called when a packet did not ack after watchdogtimeout */
2714static void gsm_mux_net_tx_timeout(struct net_device *net)
2715{
2716 /* Tell syslog we are hosed. */
2717 dev_dbg(&net->dev, "Tx timed out.\n");
2718
2719 /* Update statistics */
2720 net->stats.tx_errors++;
2721}
2722
2723static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2724 unsigned char *in_buf, int size)
2725{
2726 struct net_device *net = dlci->net;
2727 struct sk_buff *skb;
2728 struct gsm_mux_net *mux_net = netdev_priv(net);
2729 muxnet_get(mux_net);
2730
2731 /* Allocate an sk_buff */
2732 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2733 if (!skb) {
2734 /* We got no receive buffer. */
2735 net->stats.rx_dropped++;
2736 muxnet_put(mux_net);
2737 return;
2738 }
2739 skb_reserve(skb, NET_IP_ALIGN);
2740 skb_put_data(skb, in_buf, size);
2741
2742 skb->dev = net;
2743 skb->protocol = htons(ETH_P_IP);
2744
2745 /* Ship it off to the kernel */
2746 netif_rx(skb);
2747
2748 /* update out statistics */
2749 net->stats.rx_packets++;
2750 net->stats.rx_bytes += size;
2751 muxnet_put(mux_net);
2752 return;
2753}
2754
2755static void gsm_mux_net_init(struct net_device *net)
2756{
2757 static const struct net_device_ops gsm_netdev_ops = {
2758 .ndo_open = gsm_mux_net_open,
2759 .ndo_stop = gsm_mux_net_close,
2760 .ndo_start_xmit = gsm_mux_net_start_xmit,
2761 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2762 };
2763
2764 net->netdev_ops = &gsm_netdev_ops;
2765
2766 /* fill in the other fields */
2767 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2768 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2769 net->type = ARPHRD_NONE;
2770 net->tx_queue_len = 10;
2771}
2772
2773
2774/* caller holds the dlci mutex */
2775static void gsm_destroy_network(struct gsm_dlci *dlci)
2776{
2777 struct gsm_mux_net *mux_net;
2778
2779 pr_debug("destroy network interface");
2780 if (!dlci->net)
2781 return;
2782 mux_net = netdev_priv(dlci->net);
2783 muxnet_put(mux_net);
2784}
2785
2786
2787/* caller holds the dlci mutex */
2788static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2789{
2790 char *netname;
2791 int retval = 0;
2792 struct net_device *net;
2793 struct gsm_mux_net *mux_net;
2794
2795 if (!capable(CAP_NET_ADMIN))
2796 return -EPERM;
2797
2798 /* Already in a non tty mode */
2799 if (dlci->adaption > 2)
2800 return -EBUSY;
2801
2802 if (nc->protocol != htons(ETH_P_IP))
2803 return -EPROTONOSUPPORT;
2804
2805 if (nc->adaption != 3 && nc->adaption != 4)
2806 return -EPROTONOSUPPORT;
2807
2808 pr_debug("create network interface");
2809
2810 netname = "gsm%d";
2811 if (nc->if_name[0] != '\0')
2812 netname = nc->if_name;
2813 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2814 NET_NAME_UNKNOWN, gsm_mux_net_init);
2815 if (!net) {
2816 pr_err("alloc_netdev failed");
2817 return -ENOMEM;
2818 }
2819 net->mtu = dlci->gsm->mtu;
2820 net->min_mtu = 8;
2821 net->max_mtu = dlci->gsm->mtu;
2822 mux_net = netdev_priv(net);
2823 mux_net->dlci = dlci;
2824 kref_init(&mux_net->ref);
2825 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2826
2827 /* reconfigure dlci for network */
2828 dlci->prev_adaption = dlci->adaption;
2829 dlci->prev_data = dlci->data;
2830 dlci->adaption = nc->adaption;
2831 dlci->data = gsm_mux_rx_netchar;
2832 dlci->net = net;
2833
2834 pr_debug("register netdev");
2835 retval = register_netdev(net);
2836 if (retval) {
2837 pr_err("network register fail %d\n", retval);
2838 dlci_net_free(dlci);
2839 return retval;
2840 }
2841 return net->ifindex; /* return network index */
2842}
2843
2844/* Line discipline for real tty */
2845static struct tty_ldisc_ops tty_ldisc_packet = {
2846 .owner = THIS_MODULE,
2847 .magic = TTY_LDISC_MAGIC,
2848 .name = "n_gsm",
2849 .open = gsmld_open,
2850 .close = gsmld_close,
2851 .flush_buffer = gsmld_flush_buffer,
2852 .read = gsmld_read,
2853 .write = gsmld_write,
2854#ifdef CONFIG_COMPAT
2855 .compat_ioctl = gsmld_compat_ioctl,
2856#endif
2857 .ioctl = gsmld_ioctl,
2858 .poll = gsmld_poll,
2859 .receive_buf = gsmld_receive_buf,
2860 .write_wakeup = gsmld_write_wakeup
2861};
2862
2863/*
2864 * Virtual tty side
2865 */
2866
2867#define TX_SIZE 512
2868
2869static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2870{
2871 u8 modembits[5];
2872 struct gsm_control *ctrl;
2873 int len = 2;
2874
2875 if (brk)
2876 len++;
2877
2878 modembits[0] = len << 1 | EA; /* Data bytes */
2879 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */
2880 modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2881 if (brk)
2882 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */
2883 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2884 if (ctrl == NULL)
2885 return -ENOMEM;
2886 return gsm_control_wait(dlci->gsm, ctrl);
2887}
2888
2889static int gsm_carrier_raised(struct tty_port *port)
2890{
2891 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2892 struct gsm_mux *gsm = dlci->gsm;
2893
2894 /* Not yet open so no carrier info */
2895 if (dlci->state != DLCI_OPEN)
2896 return 0;
2897 if (debug & 2)
2898 return 1;
2899
2900 /*
2901 * Basic mode with control channel in ADM mode may not respond
2902 * to CMD_MSC at all and modem_rx is empty.
2903 */
2904 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
2905 !dlci->modem_rx)
2906 return 1;
2907
2908 return dlci->modem_rx & TIOCM_CD;
2909}
2910
2911static void gsm_dtr_rts(struct tty_port *port, int onoff)
2912{
2913 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2914 unsigned int modem_tx = dlci->modem_tx;
2915 if (onoff)
2916 modem_tx |= TIOCM_DTR | TIOCM_RTS;
2917 else
2918 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2919 if (modem_tx != dlci->modem_tx) {
2920 dlci->modem_tx = modem_tx;
2921 gsmtty_modem_update(dlci, 0);
2922 }
2923}
2924
2925static const struct tty_port_operations gsm_port_ops = {
2926 .carrier_raised = gsm_carrier_raised,
2927 .dtr_rts = gsm_dtr_rts,
2928 .destruct = gsm_dlci_free,
2929};
2930
2931static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
2932{
2933 struct gsm_mux *gsm;
2934 struct gsm_dlci *dlci;
2935 unsigned int line = tty->index;
2936 unsigned int mux = line >> 6;
2937 bool alloc = false;
2938 int ret;
2939
2940 line = line & 0x3F;
2941
2942 if (mux >= MAX_MUX)
2943 return -ENXIO;
2944 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2945 if (gsm_mux[mux] == NULL)
2946 return -EUNATCH;
2947 if (line == 0 || line > 61) /* 62/63 reserved */
2948 return -ECHRNG;
2949 gsm = gsm_mux[mux];
2950 if (gsm->dead)
2951 return -EL2HLT;
2952 /* If DLCI 0 is not yet fully open return an error.
2953 This is ok from a locking
2954 perspective as we don't have to worry about this
2955 if DLCI0 is lost */
2956 mutex_lock(&gsm->mutex);
2957 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
2958 mutex_unlock(&gsm->mutex);
2959 return -EL2NSYNC;
2960 }
2961 dlci = gsm->dlci[line];
2962 if (dlci == NULL) {
2963 alloc = true;
2964 dlci = gsm_dlci_alloc(gsm, line);
2965 }
2966 if (dlci == NULL) {
2967 mutex_unlock(&gsm->mutex);
2968 return -ENOMEM;
2969 }
2970 ret = tty_port_install(&dlci->port, driver, tty);
2971 if (ret) {
2972 if (alloc)
2973 dlci_put(dlci);
2974 mutex_unlock(&gsm->mutex);
2975 return ret;
2976 }
2977
2978 dlci_get(dlci);
2979 dlci_get(gsm->dlci[0]);
2980 mux_get(gsm);
2981 tty->driver_data = dlci;
2982 mutex_unlock(&gsm->mutex);
2983
2984 return 0;
2985}
2986
2987static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2988{
2989 struct gsm_dlci *dlci = tty->driver_data;
2990 struct tty_port *port = &dlci->port;
2991
2992 port->count++;
2993 tty_port_tty_set(port, tty);
2994
2995 dlci->modem_rx = 0;
2996 /* We could in theory open and close before we wait - eg if we get
2997 a DM straight back. This is ok as that will have caused a hangup */
2998 tty_port_set_initialized(port, 1);
2999 /* Start sending off SABM messages */
3000 gsm_dlci_begin_open(dlci);
3001 /* And wait for virtual carrier */
3002 return tty_port_block_til_ready(port, tty, filp);
3003}
3004
3005static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3006{
3007 struct gsm_dlci *dlci = tty->driver_data;
3008 struct gsm_mux *gsm;
3009
3010 if (dlci == NULL)
3011 return;
3012 if (dlci->state == DLCI_CLOSED)
3013 return;
3014 mutex_lock(&dlci->mutex);
3015 gsm_destroy_network(dlci);
3016 mutex_unlock(&dlci->mutex);
3017 gsm = dlci->gsm;
3018 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3019 return;
3020 gsm_dlci_begin_close(dlci);
3021 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3022 tty_port_lower_dtr_rts(&dlci->port);
3023 tty_port_close_end(&dlci->port, tty);
3024 tty_port_tty_set(&dlci->port, NULL);
3025 return;
3026}
3027
3028static void gsmtty_hangup(struct tty_struct *tty)
3029{
3030 struct gsm_dlci *dlci = tty->driver_data;
3031 if (dlci->state == DLCI_CLOSED)
3032 return;
3033 tty_port_hangup(&dlci->port);
3034 gsm_dlci_begin_close(dlci);
3035}
3036
3037static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3038 int len)
3039{
3040 int sent;
3041 struct gsm_dlci *dlci = tty->driver_data;
3042 if (dlci->state == DLCI_CLOSED)
3043 return -EINVAL;
3044 /* Stuff the bytes into the fifo queue */
3045 sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock);
3046 /* Need to kick the channel */
3047 gsm_dlci_data_kick(dlci);
3048 return sent;
3049}
3050
3051static int gsmtty_write_room(struct tty_struct *tty)
3052{
3053 struct gsm_dlci *dlci = tty->driver_data;
3054 if (dlci->state == DLCI_CLOSED)
3055 return -EINVAL;
3056 return TX_SIZE - kfifo_len(dlci->fifo);
3057}
3058
3059static int gsmtty_chars_in_buffer(struct tty_struct *tty)
3060{
3061 struct gsm_dlci *dlci = tty->driver_data;
3062 if (dlci->state == DLCI_CLOSED)
3063 return -EINVAL;
3064 return kfifo_len(dlci->fifo);
3065}
3066
3067static void gsmtty_flush_buffer(struct tty_struct *tty)
3068{
3069 struct gsm_dlci *dlci = tty->driver_data;
3070 if (dlci->state == DLCI_CLOSED)
3071 return;
3072 /* Caution needed: If we implement reliable transport classes
3073 then the data being transmitted can't simply be junked once
3074 it has first hit the stack. Until then we can just blow it
3075 away */
3076 kfifo_reset(dlci->fifo);
3077 /* Need to unhook this DLCI from the transmit queue logic */
3078}
3079
3080static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3081{
3082 /* The FIFO handles the queue so the kernel will do the right
3083 thing waiting on chars_in_buffer before calling us. No work
3084 to do here */
3085}
3086
3087static int gsmtty_tiocmget(struct tty_struct *tty)
3088{
3089 struct gsm_dlci *dlci = tty->driver_data;
3090 if (dlci->state == DLCI_CLOSED)
3091 return -EINVAL;
3092 return dlci->modem_rx;
3093}
3094
3095static int gsmtty_tiocmset(struct tty_struct *tty,
3096 unsigned int set, unsigned int clear)
3097{
3098 struct gsm_dlci *dlci = tty->driver_data;
3099 unsigned int modem_tx = dlci->modem_tx;
3100
3101 if (dlci->state == DLCI_CLOSED)
3102 return -EINVAL;
3103 modem_tx &= ~clear;
3104 modem_tx |= set;
3105
3106 if (modem_tx != dlci->modem_tx) {
3107 dlci->modem_tx = modem_tx;
3108 return gsmtty_modem_update(dlci, 0);
3109 }
3110 return 0;
3111}
3112
3113
3114static int gsmtty_ioctl(struct tty_struct *tty,
3115 unsigned int cmd, unsigned long arg)
3116{
3117 struct gsm_dlci *dlci = tty->driver_data;
3118 struct gsm_netconfig nc;
3119 int index;
3120
3121 if (dlci->state == DLCI_CLOSED)
3122 return -EINVAL;
3123 switch (cmd) {
3124 case GSMIOC_ENABLE_NET:
3125 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3126 return -EFAULT;
3127 nc.if_name[IFNAMSIZ-1] = '\0';
3128 /* return net interface index or error code */
3129 mutex_lock(&dlci->mutex);
3130 index = gsm_create_network(dlci, &nc);
3131 mutex_unlock(&dlci->mutex);
3132 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3133 return -EFAULT;
3134 return index;
3135 case GSMIOC_DISABLE_NET:
3136 if (!capable(CAP_NET_ADMIN))
3137 return -EPERM;
3138 mutex_lock(&dlci->mutex);
3139 gsm_destroy_network(dlci);
3140 mutex_unlock(&dlci->mutex);
3141 return 0;
3142 default:
3143 return -ENOIOCTLCMD;
3144 }
3145}
3146
3147static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3148{
3149 struct gsm_dlci *dlci = tty->driver_data;
3150 if (dlci->state == DLCI_CLOSED)
3151 return;
3152 /* For the moment its fixed. In actual fact the speed information
3153 for the virtual channel can be propogated in both directions by
3154 the RPN control message. This however rapidly gets nasty as we
3155 then have to remap modem signals each way according to whether
3156 our virtual cable is null modem etc .. */
3157 tty_termios_copy_hw(&tty->termios, old);
3158}
3159
3160static void gsmtty_throttle(struct tty_struct *tty)
3161{
3162 struct gsm_dlci *dlci = tty->driver_data;
3163 if (dlci->state == DLCI_CLOSED)
3164 return;
3165 if (C_CRTSCTS(tty))
3166 dlci->modem_tx &= ~TIOCM_DTR;
3167 dlci->throttled = 1;
3168 /* Send an MSC with DTR cleared */
3169 gsmtty_modem_update(dlci, 0);
3170}
3171
3172static void gsmtty_unthrottle(struct tty_struct *tty)
3173{
3174 struct gsm_dlci *dlci = tty->driver_data;
3175 if (dlci->state == DLCI_CLOSED)
3176 return;
3177 if (C_CRTSCTS(tty))
3178 dlci->modem_tx |= TIOCM_DTR;
3179 dlci->throttled = 0;
3180 /* Send an MSC with DTR set */
3181 gsmtty_modem_update(dlci, 0);
3182}
3183
3184static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3185{
3186 struct gsm_dlci *dlci = tty->driver_data;
3187 int encode = 0; /* Off */
3188 if (dlci->state == DLCI_CLOSED)
3189 return -EINVAL;
3190
3191 if (state == -1) /* "On indefinitely" - we can't encode this
3192 properly */
3193 encode = 0x0F;
3194 else if (state > 0) {
3195 encode = state / 200; /* mS to encoding */
3196 if (encode > 0x0F)
3197 encode = 0x0F; /* Best effort */
3198 }
3199 return gsmtty_modem_update(dlci, encode);
3200}
3201
3202static void gsmtty_cleanup(struct tty_struct *tty)
3203{
3204 struct gsm_dlci *dlci = tty->driver_data;
3205 struct gsm_mux *gsm = dlci->gsm;
3206
3207 dlci_put(dlci);
3208 dlci_put(gsm->dlci[0]);
3209 mux_put(gsm);
3210}
3211
3212/* Virtual ttys for the demux */
3213static const struct tty_operations gsmtty_ops = {
3214 .install = gsmtty_install,
3215 .open = gsmtty_open,
3216 .close = gsmtty_close,
3217 .write = gsmtty_write,
3218 .write_room = gsmtty_write_room,
3219 .chars_in_buffer = gsmtty_chars_in_buffer,
3220 .flush_buffer = gsmtty_flush_buffer,
3221 .ioctl = gsmtty_ioctl,
3222 .throttle = gsmtty_throttle,
3223 .unthrottle = gsmtty_unthrottle,
3224 .set_termios = gsmtty_set_termios,
3225 .hangup = gsmtty_hangup,
3226 .wait_until_sent = gsmtty_wait_until_sent,
3227 .tiocmget = gsmtty_tiocmget,
3228 .tiocmset = gsmtty_tiocmset,
3229 .break_ctl = gsmtty_break_ctl,
3230 .cleanup = gsmtty_cleanup,
3231};
3232
3233
3234
3235static int __init gsm_init(void)
3236{
3237 /* Fill in our line protocol discipline, and register it */
3238 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3239 if (status != 0) {
3240 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3241 status);
3242 return status;
3243 }
3244
3245 gsm_tty_driver = alloc_tty_driver(256);
3246 if (!gsm_tty_driver) {
3247 tty_unregister_ldisc(N_GSM0710);
3248 pr_err("gsm_init: tty allocation failed.\n");
3249 return -EINVAL;
3250 }
3251 gsm_tty_driver->driver_name = "gsmtty";
3252 gsm_tty_driver->name = "gsmtty";
3253 gsm_tty_driver->major = 0; /* Dynamic */
3254 gsm_tty_driver->minor_start = 0;
3255 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3256 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3257 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
3258 | TTY_DRIVER_HARDWARE_BREAK;
3259 gsm_tty_driver->init_termios = tty_std_termios;
3260 /* Fixme */
3261 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3262 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3263
3264 spin_lock_init(&gsm_mux_lock);
3265
3266 if (tty_register_driver(gsm_tty_driver)) {
3267 put_tty_driver(gsm_tty_driver);
3268 tty_unregister_ldisc(N_GSM0710);
3269 pr_err("gsm_init: tty registration failed.\n");
3270 return -EBUSY;
3271 }
3272 pr_debug("gsm_init: loaded as %d,%d.\n",
3273 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3274 return 0;
3275}
3276
3277static void __exit gsm_exit(void)
3278{
3279 int status = tty_unregister_ldisc(N_GSM0710);
3280 if (status != 0)
3281 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3282 status);
3283 tty_unregister_driver(gsm_tty_driver);
3284 put_tty_driver(gsm_tty_driver);
3285}
3286
3287module_init(gsm_init);
3288module_exit(gsm_exit);
3289
3290
3291MODULE_LICENSE("GPL");
3292MODULE_ALIAS_LDISC(N_GSM0710);