projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'io_uring-6.0-2022-09-23' of git://git.kernel.dk/linux
[linux-2.6-block.git] / drivers / tty / n_gsm.c
CommitLineData
e3b3d0f5 1// SPDX-License-Identifier: GPL-2.0
e1eaea46
AC		 2/*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
e1eaea46
AC		 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
0af02167
DS		 8 * Outgoing path:
9 * tty -> DLCI fifo -> scheduler -> GSM MUX data queue ---o-> ldisc
10 * control message -> GSM MUX control queue --ยด
11 *
12 * Incoming path:
13 * ldisc -> gsm_queue() -o--> tty
14 * `-> gsm_control_response()
15 *
e1eaea46
AC		 16 * TO DO:
17 * Mostly done: ioctls for setting modes/timing
5f9a31d6 18 * Partly done: hooks so you can pull off frames to non tty devs
e1eaea46 19 * Restart DLCI 0 when it closes ?
e1eaea46
AC		 20 * Improve the tx engine
21 * Resolve tx side locking by adding a queue_head and routing
22 * all control traffic via it
23 * General tidy/document
24 * Review the locking/move to refcounts more (mux now moved to an
25 * alloc/free model ready)
26 * Use newest tty open/close port helpers and install hooks
27 * What to do about power functions ?
28 * Termios setting and negotiation
29 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
30 *
31 */
32
33#include <linux/types.h>
34#include <linux/major.h>
35#include <linux/errno.h>
36#include <linux/signal.h>
37#include <linux/fcntl.h>
174cd4b1 38#include <linux/sched/signal.h>
e1eaea46
AC		 39#include <linux/interrupt.h>
40#include <linux/tty.h>
e1eaea46
AC		 41#include <linux/ctype.h>
42#include <linux/mm.h>
43#include <linux/string.h>
44#include <linux/slab.h>
45#include <linux/poll.h>
46#include <linux/bitops.h>
47#include <linux/file.h>
48#include <linux/uaccess.h>
49#include <linux/module.h>
50#include <linux/timer.h>
51#include <linux/tty_flip.h>
52#include <linux/tty_driver.h>
53#include <linux/serial.h>
54#include <linux/kfifo.h>
55#include <linux/skbuff.h>
bcd5abe2
RG		 56#include <net/arp.h>
57#include <linux/ip.h>
58#include <linux/netdevice.h>
59#include <linux/etherdevice.h>
e1eaea46 60#include <linux/gsmmux.h>
5ffa6e34 61#include "tty.h"
e1eaea46
AC		 62
63static int debug;
64module_param(debug, int, 0600);
65
a8d12007
AC		 66/* Defaults: these are from the specification */
67
68#define T1 10 /* 100mS */
69#define T2 34 /* 333mS */
70#define N2 3 /* Retry 3 times */
e1eaea46
AC		 71
72/* Use long timers for testing at low speed with debug on */
73#ifdef DEBUG_TIMING
a8d12007
AC		 74#define T1 100
75#define T2 200
e1eaea46
AC		 76#endif
77
5f9a31d6 78/*
25985edc 79 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
5f9a31d6
AC		 80 * limits so this is plenty
81 */
bcd5abe2
RG		 82#define MAX_MRU 1500
83#define MAX_MTU 1500
535bf600
DS		 84/* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
85#define PROT_OVERHEAD 7
bcd5abe2
RG		 86#define GSM_NET_TX_TIMEOUT (HZ*10)
87
b410e35d 88/*
bcd5abe2 89 * struct gsm_mux_net - network interface
bcd5abe2
RG		 90 *
91 * Created when net interface is initialized.
724ac070 92 */
bcd5abe2
RG		 93struct gsm_mux_net {
94 struct kref ref;
95 struct gsm_dlci *dlci;
bcd5abe2
RG		 96};
97
e1eaea46
AC		 98/*
99 * Each block of data we have queued to go out is in the form of
25985edc 100 * a gsm_msg which holds everything we need in a link layer independent
e1eaea46
AC		 101 * format
102 */
103
104struct gsm_msg {
b4338e1e 105 struct list_head list;
e1eaea46
AC		 106 u8 addr; /* DLCI address + flags */
107 u8 ctrl; /* Control byte + flags */
108 unsigned int len; /* Length of data block (can be zero) */
109 unsigned char *data; /* Points into buffer but not at the start */
2f202d03 110 unsigned char buffer[];
e1eaea46
AC		 111};
112
72ae8cc1
JS		 113enum gsm_dlci_state {
114 DLCI_CLOSED,
115 DLCI_OPENING, /* Sending SABM not seen UA */
116 DLCI_OPEN, /* SABM/UA complete */
117 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
118};
119
e1785996
JS		 120enum gsm_dlci_mode {
121 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
122 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
123};
124
e1eaea46
AC		 125/*
126 * Each active data link has a gsm_dlci structure associated which ties
127 * the link layer to an optional tty (if the tty side is open). To avoid
128 * complexity right now these are only ever freed up when the mux is
129 * shut down.
130 *
131 * At the moment we don't free DLCI objects until the mux is torn down
132 * this avoid object life time issues but might be worth review later.
133 */
134
135struct gsm_dlci {
136 struct gsm_mux *gsm;
137 int addr;
72ae8cc1 138 enum gsm_dlci_state state;
bcd5abe2 139 struct mutex mutex;
e1eaea46
AC		 140
141 /* Link layer */
e1785996 142 enum gsm_dlci_mode mode;
e1eaea46
AC		 143 spinlock_t lock; /* Protects the internal state */
144 struct timer_list t1; /* Retransmit timer for SABM and UA */
145 int retries;
146 /* Uplink tty if active */
147 struct tty_port port; /* The tty bound to this DLCI if there is one */
9361ebfb 148#define TX_SIZE 4096 /* Must be power of 2. */
036bca1f 149 struct kfifo fifo; /* Queue fifo for the DLCI */
e1eaea46 150 int adaption; /* Adaption layer in use */
bcd5abe2 151 int prev_adaption;
e1eaea46
AC		 152 u32 modem_rx; /* Our incoming virtual modem lines */
153 u32 modem_tx; /* Our outgoing modem lines */
5677fcf3 154 bool dead; /* Refuse re-open */
e1eaea46 155 /* Flow control */
e9360b9a 156 bool throttled; /* Private copy of throttle state */
7a9ed9c0 157 bool constipated; /* Throttle status for outgoing */
e1eaea46
AC		 158 /* Packetised I/O */
159 struct sk_buff *skb; /* Frame being sent */
160 struct sk_buff_head skb_list; /* Queued frames */
161 /* Data handling callback */
4feb7a4a
TL		 162 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
163 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
bcd5abe2 164 struct net_device *net; /* network interface, if created */
e1eaea46
AC		 165};
166
c33eecc7 167/* DLCI 0, 62/63 are special or reserved see gsmtty_open */
e1eaea46
AC		 168
169#define NUM_DLCI 64
170
171/*
172 * DLCI 0 is used to pass control blocks out of band of the data
173 * flow (and with a higher link priority). One command can be outstanding
174 * at a time and we use this structure to manage them. They are created
175 * and destroyed by the user context, and updated by the receive paths
176 * and timers
177 */
178
179struct gsm_control {
180 u8 cmd; /* Command we are issuing */
181 u8 *data; /* Data for the command in case we retransmit */
182 int len; /* Length of block for retransmission */
183 int done; /* Done flag */
184 int error; /* Error if any */
185};
186
329aa6e6
JS		 187enum gsm_mux_state {
188 GSM_SEARCH,
189 GSM_START,
190 GSM_ADDRESS,
191 GSM_CONTROL,
192 GSM_LEN,
193 GSM_DATA,
194 GSM_FCS,
195 GSM_OVERRUN,
196 GSM_LEN0,
197 GSM_LEN1,
198 GSM_SSOF,
199};
200
e1eaea46
AC		 201/*
202 * Each GSM mux we have is represented by this structure. If we are
203 * operating as an ldisc then we use this structure as our ldisc
204 * state. We need to sort out lifetimes and locking with respect
205 * to the gsm mux array. For now we don't free DLCI objects that
206 * have been instantiated until the mux itself is terminated.
207 *
208 * To consider further: tty open versus mux shutdown.
209 */
210
211struct gsm_mux {
212 struct tty_struct *tty; /* The tty our ldisc is bound to */
213 spinlock_t lock;
dfabf7ff 214 struct mutex mutex;
d50f6dca 215 unsigned int num;
6ab8fba7 216 struct kref ref;
e1eaea46
AC		 217
218 /* Events on the GSM channel */
219 wait_queue_head_t event;
220
0af02167
DS		 221 /* ldisc send work */
222 struct work_struct tx_work;
223
e1eaea46
AC		 224 /* Bits for GSM mode decoding */
225
226 /* Framing Layer */
227 unsigned char *buf;
329aa6e6 228 enum gsm_mux_state state;
e1eaea46
AC		 229 unsigned int len;
230 unsigned int address;
231 unsigned int count;
c50704bd 232 bool escape;
e1eaea46
AC		 233 int encoding;
234 u8 control;
235 u8 fcs;
236 u8 *txframe; /* TX framing buffer */
237
a579767c 238 /* Method for the receiver side */
e1eaea46 239 void (*receive)(struct gsm_mux *gsm, u8 ch);
e1eaea46
AC		 240
241 /* Link Layer */
242 unsigned int mru;
243 unsigned int mtu;
244 int initiator; /* Did we initiate connection */
5677fcf3 245 bool dead; /* Has the mux been shut down */
e1eaea46 246 struct gsm_dlci *dlci[NUM_DLCI];
f4f7d632 247 int old_c_iflag; /* termios c_iflag value before attach */
7a9ed9c0 248 bool constipated; /* Asked by remote to shut up */
01aecd91 249 bool has_devices; /* Devices were registered */
e1eaea46 250
902e02ea 251 struct mutex tx_mutex;
e1eaea46
AC		 252 unsigned int tx_bytes; /* TX data outstanding */
253#define TX_THRESH_HI 8192
254#define TX_THRESH_LO 2048
0af02167
DS		 255 struct list_head tx_ctrl_list; /* Pending control packets */
256 struct list_head tx_data_list; /* Pending data packets */
e1eaea46
AC		 257
258 /* Control messages */
c9ab053e 259 struct delayed_work kick_timeout; /* Kick TX queuing on timeout */
e1eaea46
AC		 260 struct timer_list t2_timer; /* Retransmit timer for commands */
261 int cretries; /* Command retry counter */
262 struct gsm_control *pending_cmd;/* Our current pending command */
263 spinlock_t control_lock; /* Protects the pending command */
264
265 /* Configuration */
266 int adaption; /* 1 or 2 supported */
267 u8 ftype; /* UI or UIH */
268 int t1, t2; /* Timers in 1/100th of a sec */
269 int n2; /* Retry count */
270
271 /* Statistics (not currently exposed) */
272 unsigned long bad_fcs;
273 unsigned long malformed;
274 unsigned long io_error;
275 unsigned long bad_size;
276 unsigned long unsupported;
277};
278
279
280/*
281 * Mux objects - needed so that we can translate a tty index into the
282 * relevant mux and DLCI.
283 */
284
285#define MAX_MUX 4 /* 256 minors */
286static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
399d44a1 287static DEFINE_SPINLOCK(gsm_mux_lock);
e1eaea46 288
d50f6dca
RG		 289static struct tty_driver *gsm_tty_driver;
290
e1eaea46
AC		 291/*
292 * This section of the driver logic implements the GSM encodings
293 * both the basic and the 'advanced'. Reliable transport is not
294 * supported.
295 */
296
297#define CR 0x02
298#define EA 0x01
299#define PF 0x10
300
301/* I is special: the rest are ..*/
302#define RR 0x01
303#define UI 0x03
304#define RNR 0x05
305#define REJ 0x09
306#define DM 0x0F
307#define SABM 0x2F
308#define DISC 0x43
309#define UA 0x63
310#define UIH 0xEF
311
312/* Channel commands */
313#define CMD_NSC 0x09
314#define CMD_TEST 0x11
315#define CMD_PSC 0x21
316#define CMD_RLS 0x29
317#define CMD_FCOFF 0x31
318#define CMD_PN 0x41
319#define CMD_RPN 0x49
320#define CMD_FCON 0x51
321#define CMD_CLD 0x61
322#define CMD_SNC 0x69
323#define CMD_MSC 0x71
324
325/* Virtual modem bits */
326#define MDM_FC 0x01
327#define MDM_RTC 0x02
328#define MDM_RTR 0x04
329#define MDM_IC 0x20
330#define MDM_DV 0x40
331
332#define GSM0_SOF 0xF9
5f9a31d6 333#define GSM1_SOF 0x7E
e1eaea46
AC		 334#define GSM1_ESCAPE 0x7D
335#define GSM1_ESCAPE_BITS 0x20
336#define XON 0x11
337#define XOFF 0x13
8838b2af 338#define ISO_IEC_646_MASK 0x7F
e1eaea46
AC		 339
340static const struct tty_port_operations gsm_port_ops;
341
342/*
343 * CRC table for GSM 0710
344 */
345
346static const u8 gsm_fcs8[256] = {
347 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
348 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
349 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
350 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
351 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
352 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
353 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
354 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
355 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
356 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
357 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
358 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
359 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
360 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
361 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
362 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
363 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
364 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
365 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
366 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
367 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
368 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
369 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
370 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
371 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
372 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
373 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
374 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
375 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
376 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
377 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
378 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
379};
380
381#define INIT_FCS 0xFF
382#define GOOD_FCS 0xCF
383
a579767c 384static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
c19ffe00 385static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
0af02167
DS		 386static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
387 u8 ctrl);
388static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg);
389static void gsmld_write_trigger(struct gsm_mux *gsm);
390static void gsmld_write_task(struct work_struct *work);
a579767c 391
e1eaea46
AC		 392/**
393 * gsm_fcs_add - update FCS
394 * @fcs: Current FCS
395 * @c: Next data
396 *
397 * Update the FCS to include c. Uses the algorithm in the specification
398 * notes.
399 */
400
401static inline u8 gsm_fcs_add(u8 fcs, u8 c)
402{
403 return gsm_fcs8[fcs ^ c];
404}
405
406/**
407 * gsm_fcs_add_block - update FCS for a block
408 * @fcs: Current FCS
409 * @c: buffer of data
410 * @len: length of buffer
411 *
412 * Update the FCS to include c. Uses the algorithm in the specification
413 * notes.
414 */
415
416static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
417{
418 while (len--)
419 fcs = gsm_fcs8[fcs ^ *c++];
420 return fcs;
421}
422
423/**
424 * gsm_read_ea - read a byte into an EA
425 * @val: variable holding value
724ac070 426 * @c: byte going into the EA
e1eaea46
AC		 427 *
428 * Processes one byte of an EA. Updates the passed variable
429 * and returns 1 if the EA is now completely read
430 */
431
432static int gsm_read_ea(unsigned int *val, u8 c)
433{
434 /* Add the next 7 bits into the value */
435 *val <<= 7;
436 *val |= c >> 1;
437 /* Was this the last byte of the EA 1 = yes*/
438 return c & EA;
439}
440
bec02248
DS		 441/**
442 * gsm_read_ea_val - read a value until EA
443 * @val: variable holding value
444 * @data: buffer of data
445 * @dlen: length of data
446 *
447 * Processes an EA value. Updates the passed variable and
448 * returns the processed data length.
449 */
450static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
451{
452 unsigned int len = 0;
453
454 for (; dlen > 0; dlen--) {
455 len++;
456 if (gsm_read_ea(val, *data++))
457 break;
458 }
459 return len;
460}
461
e1eaea46
AC		 462/**
463 * gsm_encode_modem - encode modem data bits
464 * @dlci: DLCI to encode from
465 *
466 * Returns the correct GSM encoded modem status bits (6 bit field) for
467 * the current status of the DLCI and attached tty object
468 */
469
470static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
471{
472 u8 modembits = 0;
473 /* FC is true flow control not modem bits */
474 if (dlci->throttled)
475 modembits |= MDM_FC;
476 if (dlci->modem_tx & TIOCM_DTR)
477 modembits |= MDM_RTC;
478 if (dlci->modem_tx & TIOCM_RTS)
479 modembits |= MDM_RTR;
480 if (dlci->modem_tx & TIOCM_RI)
481 modembits |= MDM_IC;
737b0ef3 482 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
e1eaea46
AC		 483 modembits |= MDM_DV;
484 return modembits;
485}
486
925ea0fa
TL		 487static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
488 unsigned long len)
489{
490 char *prefix;
491
492 if (!fname) {
493 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
494 true);
495 return;
496 }
497
e74024b2 498 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
925ea0fa
TL		 499 if (!prefix)
500 return;
501 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
502 true);
503 kfree(prefix);
504}
505
01aecd91
DS		 506/**
507 * gsm_register_devices - register all tty devices for a given mux index
508 *
509 * @driver: the tty driver that describes the tty devices
510 * @index: the mux number is used to calculate the minor numbers of the
511 * ttys for this mux and may differ from the position in the
512 * mux array.
513 */
514static int gsm_register_devices(struct tty_driver *driver, unsigned int index)
515{
516 struct device *dev;
517 int i;
518 unsigned int base;
519
520 if (!driver || index >= MAX_MUX)
521 return -EINVAL;
522
523 base = index * NUM_DLCI; /* first minor for this index */
524 for (i = 1; i < NUM_DLCI; i++) {
525 /* Don't register device 0 - this is the control channel
526 * and not a usable tty interface
527 */
528 dev = tty_register_device(gsm_tty_driver, base + i, NULL);
529 if (IS_ERR(dev)) {
530 if (debug & 8)
531 pr_info("%s failed to register device minor %u",
532 __func__, base + i);
533 for (i--; i >= 1; i--)
534 tty_unregister_device(gsm_tty_driver, base + i);
535 return PTR_ERR(dev);
536 }
537 }
538
539 return 0;
540}
541
542/**
543 * gsm_unregister_devices - unregister all tty devices for a given mux index
544 *
545 * @driver: the tty driver that describes the tty devices
546 * @index: the mux number is used to calculate the minor numbers of the
547 * ttys for this mux and may differ from the position in the
548 * mux array.
549 */
550static void gsm_unregister_devices(struct tty_driver *driver,
551 unsigned int index)
552{
553 int i;
554 unsigned int base;
555
556 if (!driver || index >= MAX_MUX)
557 return;
558
559 base = index * NUM_DLCI; /* first minor for this index */
560 for (i = 1; i < NUM_DLCI; i++) {
561 /* Don't unregister device 0 - this is the control
562 * channel and not a usable tty interface
563 */
564 tty_unregister_device(gsm_tty_driver, base + i);
565 }
566}
567
e1eaea46
AC		 568/**
569 * gsm_print_packet - display a frame for debug
570 * @hdr: header to print before decode
571 * @addr: address EA from the frame
57435c42 572 * @cr: C/R bit seen as initiator
e1eaea46
AC		 573 * @control: control including PF bit
574 * @data: following data bytes
575 * @dlen: length of data
576 *
577 * Displays a packet in human readable format for debugging purposes. The
578 * style is based on amateur radio LAP-B dump display.
579 */
580
581static void gsm_print_packet(const char *hdr, int addr, int cr,
582 u8 control, const u8 *data, int dlen)
583{
584 if (!(debug & 1))
585 return;
586
5f9a31d6 587 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
e1eaea46
AC		 588
589 switch (control & ~PF) {
590 case SABM:
5f9a31d6 591 pr_cont("SABM");
e1eaea46
AC		 592 break;
593 case UA:
5f9a31d6 594 pr_cont("UA");
e1eaea46
AC		 595 break;
596 case DISC:
5f9a31d6 597 pr_cont("DISC");
e1eaea46
AC		 598 break;
599 case DM:
5f9a31d6 600 pr_cont("DM");
e1eaea46
AC		 601 break;
602 case UI:
5f9a31d6 603 pr_cont("UI");
e1eaea46
AC		 604 break;
605 case UIH:
5f9a31d6 606 pr_cont("UIH");
e1eaea46
AC		 607 break;
608 default:
609 if (!(control & 0x01)) {
5f9a31d6 610 pr_cont("I N(S)%d N(R)%d",
47fdd641 611 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
e1eaea46 612 } else switch (control & 0x0F) {
5f9a31d6
AC		 613 case RR:
614 pr_cont("RR(%d)", (control & 0xE0) >> 5);
615 break;
616 case RNR:
617 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
618 break;
619 case REJ:
620 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
621 break;
622 default:
623 pr_cont("[%02X]", control);
e1eaea46
AC		 624 }
625 }
626
627 if (control & PF)
5f9a31d6 628 pr_cont("(P)");
e1eaea46 629 else
5f9a31d6 630 pr_cont("(F)");
e1eaea46 631
925ea0fa 632 gsm_hex_dump_bytes(NULL, data, dlen);
e1eaea46
AC		 633}
634
635
636/*
637 * Link level transmission side
638 */
639
640/**
542a121a 641 * gsm_stuff_frame - bytestuff a packet
724ac070
JS		 642 * @input: input buffer
643 * @output: output buffer
e1eaea46
AC		 644 * @len: length of input
645 *
646 * Expand a buffer by bytestuffing it. The worst case size change
647 * is doubling and the caller is responsible for handing out
648 * suitable sized buffers.
649 */
650
651static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
652{
653 int olen = 0;
654 while (len--) {
655 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
8838b2af 656 || (*input & ISO_IEC_646_MASK) == XON
657 || (*input & ISO_IEC_646_MASK) == XOFF) {
e1eaea46
AC		 658 *output++ = GSM1_ESCAPE;
659 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
660 olen++;
661 } else
662 *output++ = *input++;
663 olen++;
664 }
665 return olen;
666}
667
e1eaea46
AC		 668/**
669 * gsm_send - send a control frame
670 * @gsm: our GSM mux
671 * @addr: address for control frame
57435c42 672 * @cr: command/response bit seen as initiator
e1eaea46
AC		 673 * @control: control byte including PF bit
674 *
0af02167
DS		 675 * Format up and transmit a control frame. These should be transmitted
676 * ahead of data when they are needed.
e1eaea46 677 */
0af02167 678static int gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
e1eaea46 679{
0af02167
DS		 680 struct gsm_msg *msg;
681 u8 *dp;
57435c42 682 int ocr;
0af02167
DS		 683
684 msg = gsm_data_alloc(gsm, addr, 0, control);
685 if (!msg)
686 return -ENOMEM;
57435c42 687
688 /* toggle C/R coding if not initiator */
689 ocr = cr ^ (gsm->initiator ? 0 : 1);
e1eaea46 690
0af02167
DS		 691 msg->data -= 3;
692 dp = msg->data;
693 *dp++ = (addr << 2) | (ocr << 1) | EA;
694 *dp++ = control;
695
696 if (gsm->encoding == 0)
697 *dp++ = EA; /* Length of data = 0 */
698
699 *dp = 0xFF - gsm_fcs_add_block(INIT_FCS, msg->data, dp - msg->data);
700 msg->len = (dp - msg->data) + 1;
701
702 gsm_print_packet("Q->", addr, cr, control, NULL, 0);
703
902e02ea 704 mutex_lock(&gsm->tx_mutex);
0af02167
DS		 705 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
706 gsm->tx_bytes += msg->len;
902e02ea 707 mutex_unlock(&gsm->tx_mutex);
0af02167
DS		 708 gsmld_write_trigger(gsm);
709
710 return 0;
711}
712
713/**
714 * gsm_dlci_clear_queues - remove outstanding data for a DLCI
715 * @gsm: mux
716 * @dlci: clear for this DLCI
717 *
718 * Clears the data queues for a given DLCI.
719 */
720static void gsm_dlci_clear_queues(struct gsm_mux *gsm, struct gsm_dlci *dlci)
721{
722 struct gsm_msg *msg, *nmsg;
723 int addr = dlci->addr;
724 unsigned long flags;
725
726 /* Clear DLCI write fifo first */
727 spin_lock_irqsave(&dlci->lock, flags);
728 kfifo_reset(&dlci->fifo);
729 spin_unlock_irqrestore(&dlci->lock, flags);
730
731 /* Clear data packets in MUX write queue */
902e02ea 732 mutex_lock(&gsm->tx_mutex);
0af02167
DS		 733 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
734 if (msg->addr != addr)
735 continue;
736 gsm->tx_bytes -= msg->len;
737 list_del(&msg->list);
738 kfree(msg);
f999c3b3 739 }
902e02ea 740 mutex_unlock(&gsm->tx_mutex);
e1eaea46
AC		 741}
742
743/**
744 * gsm_response - send a control response
745 * @gsm: our GSM mux
746 * @addr: address for control frame
747 * @control: control byte including PF bit
748 *
749 * Format up and transmit a link level response frame.
750 */
751
752static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
753{
57435c42 754 gsm_send(gsm, addr, 0, control);
e1eaea46
AC		 755}
756
757/**
758 * gsm_command - send a control command
759 * @gsm: our GSM mux
760 * @addr: address for control frame
761 * @control: control byte including PF bit
762 *
763 * Format up and transmit a link level command frame.
764 */
765
766static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
767{
768 gsm_send(gsm, addr, 1, control);
769}
770
771/* Data transmission */
772
773#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
774
775/**
776 * gsm_data_alloc - allocate data frame
777 * @gsm: GSM mux
778 * @addr: DLCI address
779 * @len: length excluding header and FCS
780 * @ctrl: control byte
781 *
782 * Allocate a new data buffer for sending frames with data. Space is left
783 * at the front for header bytes but that is treated as an implementation
784 * detail and not for the high level code to use
785 */
786
787static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
788 u8 ctrl)
789{
790 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
791 GFP_ATOMIC);
792 if (m == NULL)
793 return NULL;
794 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
795 m->len = len;
796 m->addr = addr;
797 m->ctrl = ctrl;
b4338e1e 798 INIT_LIST_HEAD(&m->list);
e1eaea46
AC		 799 return m;
800}
801
0af02167
DS		 802/**
803 * gsm_send_packet - sends a single packet
804 * @gsm: GSM Mux
805 * @msg: packet to send
806 *
807 * The given packet is encoded and sent out. No memory is freed.
808 * The caller must hold the gsm tx lock.
809 */
810static int gsm_send_packet(struct gsm_mux *gsm, struct gsm_msg *msg)
811{
812 int len, ret;
813
814
815 if (gsm->encoding == 0) {
816 gsm->txframe[0] = GSM0_SOF;
817 memcpy(gsm->txframe + 1, msg->data, msg->len);
818 gsm->txframe[msg->len + 1] = GSM0_SOF;
819 len = msg->len + 2;
820 } else {
821 gsm->txframe[0] = GSM1_SOF;
822 len = gsm_stuff_frame(msg->data, gsm->txframe + 1, msg->len);
823 gsm->txframe[len + 1] = GSM1_SOF;
824 len += 2;
825 }
826
827 if (debug & 4)
828 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
829 gsm_print_packet("-->", msg->addr, gsm->initiator, msg->ctrl, msg->data,
830 msg->len);
831
832 ret = gsmld_output(gsm, gsm->txframe, len);
833 if (ret <= 0)
834 return ret;
835 /* FIXME: Can eliminate one SOF in many more cases */
836 gsm->tx_bytes -= msg->len;
837
838 return 0;
839}
840
bec02248
DS		 841/**
842 * gsm_is_flow_ctrl_msg - checks if flow control message
843 * @msg: message to check
844 *
845 * Returns true if the given message is a flow control command of the
846 * control channel. False is returned in any other case.
847 */
848static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
849{
850 unsigned int cmd;
851
852 if (msg->addr > 0)
853 return false;
854
855 switch (msg->ctrl & ~PF) {
856 case UI:
857 case UIH:
858 cmd = 0;
859 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
860 break;
861 switch (cmd & ~PF) {
862 case CMD_FCOFF:
863 case CMD_FCON:
864 return true;
865 }
866 break;
867 }
868
869 return false;
870}
871
e1eaea46 872/**
0af02167 873 * gsm_data_kick - poke the queue
e1eaea46
AC		 874 * @gsm: GSM Mux
875 *
876 * The tty device has called us to indicate that room has appeared in
0af02167 877 * the transmit queue. Ram more data into the pipe if we have any.
c01af4fe 878 * If we have been flow-stopped by a CMD_FCOFF, then we can only
0af02167
DS		 879 * send messages on DLCI0 until CMD_FCON. The caller must hold
880 * the gsm tx lock.
e1eaea46 881 */
0af02167 882static int gsm_data_kick(struct gsm_mux *gsm)
e1eaea46 883{
b4338e1e 884 struct gsm_msg *msg, *nmsg;
0af02167
DS		 885 struct gsm_dlci *dlci;
886 int ret;
887
888 clear_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
e1eaea46 889
0af02167
DS		 890 /* Serialize control messages and control channel messages first */
891 list_for_each_entry_safe(msg, nmsg, &gsm->tx_ctrl_list, list) {
bec02248 892 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
59ff0680 893 continue;
0af02167
DS		 894 ret = gsm_send_packet(gsm, msg);
895 switch (ret) {
896 case -ENOSPC:
897 return -ENOSPC;
898 case -ENODEV:
899 /* ldisc not open */
900 gsm->tx_bytes -= msg->len;
901 list_del(&msg->list);
902 kfree(msg);
c01af4fe 903 continue;
0af02167
DS		 904 default:
905 if (ret >= 0) {
906 list_del(&msg->list);
907 kfree(msg);
908 }
e1eaea46 909 break;
0af02167
DS		 910 }
911 }
c01af4fe 912
0af02167
DS		 913 if (gsm->constipated)
914 return -EAGAIN;
01dbb362 915
0af02167
DS		 916 /* Serialize other channels */
917 if (list_empty(&gsm->tx_data_list))
918 return 0;
919 list_for_each_entry_safe(msg, nmsg, &gsm->tx_data_list, list) {
920 dlci = gsm->dlci[msg->addr];
921 /* Send only messages for DLCIs with valid state */
922 if (dlci->state != DLCI_OPEN) {
923 gsm->tx_bytes -= msg->len;
924 list_del(&msg->list);
925 kfree(msg);
926 continue;
927 }
928 ret = gsm_send_packet(gsm, msg);
929 switch (ret) {
930 case -ENOSPC:
931 return -ENOSPC;
932 case -ENODEV:
933 /* ldisc not open */
934 gsm->tx_bytes -= msg->len;
935 list_del(&msg->list);
936 kfree(msg);
937 continue;
938 default:
939 if (ret >= 0) {
940 list_del(&msg->list);
941 kfree(msg);
942 }
943 break;
01dbb362 944 }
e1eaea46 945 }
0af02167
DS		 946
947 return 1;
e1eaea46
AC		 948}
949
950/**
951 * __gsm_data_queue - queue a UI or UIH frame
952 * @dlci: DLCI sending the data
953 * @msg: message queued
954 *
955 * Add data to the transmit queue and try and get stuff moving
956 * out of the mux tty if not already doing so. The Caller must hold
957 * the gsm tx lock.
958 */
959
960static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
961{
962 struct gsm_mux *gsm = dlci->gsm;
963 u8 *dp = msg->data;
964 u8 *fcs = dp + msg->len;
965
966 /* Fill in the header */
967 if (gsm->encoding == 0) {
968 if (msg->len < 128)
969 *--dp = (msg->len << 1) | EA;
970 else {
be7a7411
KM		 971 *--dp = (msg->len >> 7); /* bits 7 - 15 */
972 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
e1eaea46
AC		 973 }
974 }
975
976 *--dp = msg->ctrl;
977 if (gsm->initiator)
87127773 978 *--dp = (msg->addr << 2) | CR | EA;
e1eaea46
AC		 979 else
980 *--dp = (msg->addr << 2) | EA;
981 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
982 /* Ugly protocol layering violation */
983 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
984 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
985 *fcs = 0xFF - *fcs;
986
987 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
988 msg->data, msg->len);
989
990 /* Move the header back and adjust the length, also allow for the FCS
991 now tacked on the end */
992 msg->len += (msg->data - dp) + 1;
993 msg->data = dp;
994
995 /* Add to the actual output queue */
0af02167
DS		 996 switch (msg->ctrl & ~PF) {
997 case UI:
998 case UIH:
999 if (msg->addr > 0) {
1000 list_add_tail(&msg->list, &gsm->tx_data_list);
1001 break;
1002 }
1003 fallthrough;
1004 default:
1005 list_add_tail(&msg->list, &gsm->tx_ctrl_list);
1006 break;
1007 }
e1eaea46 1008 gsm->tx_bytes += msg->len;
0af02167
DS		 1009
1010 gsmld_write_trigger(gsm);
c9ab053e 1011 schedule_delayed_work(&gsm->kick_timeout, 10 * gsm->t1 * HZ / 100);
e1eaea46
AC		 1012}
1013
1014/**
1015 * gsm_data_queue - queue a UI or UIH frame
1016 * @dlci: DLCI sending the data
1017 * @msg: message queued
1018 *
1019 * Add data to the transmit queue and try and get stuff moving
1020 * out of the mux tty if not already doing so. Take the
1021 * the gsm tx lock and dlci lock.
1022 */
1023
1024static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
1025{
902e02ea 1026 mutex_lock(&dlci->gsm->tx_mutex);
e1eaea46 1027 __gsm_data_queue(dlci, msg);
902e02ea 1028 mutex_unlock(&dlci->gsm->tx_mutex);
e1eaea46
AC		 1029}
1030
1031/**
1032 * gsm_dlci_data_output - try and push data out of a DLCI
1033 * @gsm: mux
1034 * @dlci: the DLCI to pull data from
1035 *
1036 * Pull data from a DLCI and send it into the transmit queue if there
1037 * is data. Keep to the MRU of the mux. This path handles the usual tty
1038 * interface which is a byte stream with optional modem data.
1039 *
902e02ea 1040 * Caller must hold the tx_mutex of the mux.
e1eaea46
AC		 1041 */
1042
1043static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
1044{
1045 struct gsm_msg *msg;
1046 u8 *dp;
556fc8ac
DS		 1047 int h, len, size;
1048
1049 /* for modem bits without break data */
1050 h = ((dlci->adaption == 1) ? 0 : 1);
1051
1052 len = kfifo_len(&dlci->fifo);
1053 if (len == 0)
1054 return 0;
1055
1056 /* MTU/MRU count only the data bits but watch adaption mode */
1057 if ((len + h) > gsm->mtu)
1058 len = gsm->mtu - h;
1059
1060 size = len + h;
1061
1062 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
556fc8ac
DS		 1063 if (!msg)
1064 return -ENOMEM;
1065 dp = msg->data;
1066 switch (dlci->adaption) {
1067 case 1: /* Unstructured */
1068 break;
1069 case 2: /* Unstructured with modem bits.
1070 * Always one byte as we never send inline break data
1071 */
1072 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1073 break;
1074 default:
1075 pr_err("%s: unsupported adaption %d\n", __func__,
1076 dlci->adaption);
1077 break;
e1eaea46 1078 }
556fc8ac
DS		 1079
1080 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
1081 &dlci->lock));
1082
1083 /* Notify upper layer about available send space. */
1084 tty_port_tty_wakeup(&dlci->port);
1085
1086 __gsm_data_queue(dlci, msg);
e1eaea46 1087 /* Bytes of data we used up */
556fc8ac 1088 return size;
e1eaea46
AC		 1089}
1090
1091/**
1092 * gsm_dlci_data_output_framed - try and push data out of a DLCI
1093 * @gsm: mux
1094 * @dlci: the DLCI to pull data from
1095 *
1096 * Pull data from a DLCI and send it into the transmit queue if there
1097 * is data. Keep to the MRU of the mux. This path handles framed data
1098 * queued as skbuffs to the DLCI.
1099 *
902e02ea 1100 * Caller must hold the tx_mutex of the mux.
e1eaea46
AC		 1101 */
1102
1103static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
1104 struct gsm_dlci *dlci)
1105{
1106 struct gsm_msg *msg;
1107 u8 *dp;
1108 int len, size;
1109 int last = 0, first = 0;
1110 int overhead = 0;
1111
1112 /* One byte per frame is used for B/F flags */
1113 if (dlci->adaption == 4)
1114 overhead = 1;
1115
902e02ea 1116 /* dlci->skb is locked by tx_mutex */
e1eaea46 1117 if (dlci->skb == NULL) {
88ed2a60 1118 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
e1eaea46
AC		 1119 if (dlci->skb == NULL)
1120 return 0;
1121 first = 1;
1122 }
1123 len = dlci->skb->len + overhead;
1124
1125 /* MTU/MRU count only the data bits */
1126 if (len > gsm->mtu) {
1127 if (dlci->adaption == 3) {
1128 /* Over long frame, bin it */
329e5678 1129 dev_kfree_skb_any(dlci->skb);
e1eaea46
AC		 1130 dlci->skb = NULL;
1131 return 0;
1132 }
1133 len = gsm->mtu;
1134 } else
1135 last = 1;
1136
1137 size = len + overhead;
1138 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
88ed2a60
RG		 1139 if (msg == NULL) {
1140 skb_queue_tail(&dlci->skb_list, dlci->skb);
1141 dlci->skb = NULL;
e1eaea46 1142 return -ENOMEM;
88ed2a60 1143 }
e1eaea46
AC		 1144 dp = msg->data;
1145
1146 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
1147 /* Flag byte to carry the start/end info */
1148 *dp++ = last << 7 | first << 6 | 1; /* EA */
1149 len--;
1150 }
57f2104f
RG		 1151 memcpy(dp, dlci->skb->data, len);
1152 skb_pull(dlci->skb, len);
e1eaea46 1153 __gsm_data_queue(dlci, msg);
bcd5abe2 1154 if (last) {
329e5678 1155 dev_kfree_skb_any(dlci->skb);
e1eaea46 1156 dlci->skb = NULL;
bcd5abe2 1157 }
e1eaea46
AC		 1158 return size;
1159}
1160
c19ffe00
DS		 1161/**
1162 * gsm_dlci_modem_output - try and push modem status out of a DLCI
1163 * @gsm: mux
1164 * @dlci: the DLCI to pull modem status from
1165 * @brk: break signal
1166 *
1167 * Push an empty frame in to the transmit queue to update the modem status
1168 * bits and to transmit an optional break.
1169 *
902e02ea 1170 * Caller must hold the tx_mutex of the mux.
c19ffe00
DS		 1171 */
1172
1173static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
1174 u8 brk)
1175{
1176 u8 *dp = NULL;
1177 struct gsm_msg *msg;
19317433 1178 int size = 0;
c19ffe00
DS		 1179
1180 /* for modem bits without break data */
19317433
DS		 1181 switch (dlci->adaption) {
1182 case 1: /* Unstructured */
1183 break;
1184 case 2: /* Unstructured with modem bits. */
1185 size++;
c19ffe00
DS		 1186 if (brk > 0)
1187 size++;
19317433
DS		 1188 break;
1189 default:
c19ffe00
DS		 1190 pr_err("%s: unsupported adaption %d\n", __func__,
1191 dlci->adaption);
19317433 1192 return -EINVAL;
c19ffe00
DS		 1193 }
1194
1195 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
1196 if (!msg) {
1197 pr_err("%s: gsm_data_alloc error", __func__);
1198 return -ENOMEM;
1199 }
1200 dp = msg->data;
1201 switch (dlci->adaption) {
1202 case 1: /* Unstructured */
1203 break;
1204 case 2: /* Unstructured with modem bits. */
1205 if (brk == 0) {
1206 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
1207 } else {
1208 *dp++ = gsm_encode_modem(dlci) << 1;
1209 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
1210 }
1211 break;
1212 default:
1213 /* Handled above */
1214 break;
1215 }
1216
1217 __gsm_data_queue(dlci, msg);
1218 return size;
1219}
1220
e1eaea46
AC		 1221/**
1222 * gsm_dlci_data_sweep - look for data to send
1223 * @gsm: the GSM mux
1224 *
1225 * Sweep the GSM mux channels in priority order looking for ones with
1226 * data to send. We could do with optimising this scan a bit. We aim
1227 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1228 * TX_THRESH_LO we get called again
1229 *
1230 * FIXME: We should round robin between groups and in theory you can
1231 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1232 */
1233
c568f708 1234static int gsm_dlci_data_sweep(struct gsm_mux *gsm)
e1eaea46 1235{
e1eaea46 1236 /* Priority ordering: We should do priority with RR of the groups */
0af02167
DS		 1237 int i, len, ret = 0;
1238 bool sent;
1239 struct gsm_dlci *dlci;
e1eaea46 1240
0af02167
DS		 1241 while (gsm->tx_bytes < TX_THRESH_HI) {
1242 for (sent = false, i = 1; i < NUM_DLCI; i++) {
1243 dlci = gsm->dlci[i];
1244 /* skip unused or blocked channel */
1245 if (!dlci || dlci->constipated)
1246 continue;
1247 /* skip channels with invalid state */
1248 if (dlci->state != DLCI_OPEN)
1249 continue;
1250 /* count the sent data per adaption */
1251 if (dlci->adaption < 3 && !dlci->net)
1252 len = gsm_dlci_data_output(gsm, dlci);
1253 else
1254 len = gsm_dlci_data_output_framed(gsm, dlci);
1255 /* on error exit */
1256 if (len < 0)
1257 return ret;
1258 if (len > 0) {
1259 ret++;
1260 sent = true;
1261 /* The lower DLCs can starve the higher DLCs! */
1262 break;
1263 }
1264 /* try next */
e1eaea46 1265 }
0af02167 1266 if (!sent)
e73790a5 1267 break;
0af02167 1268 };
c568f708
DS		 1269
1270 return ret;
e1eaea46
AC		 1271}
1272
1273/**
1274 * gsm_dlci_data_kick - transmit if possible
1275 * @dlci: DLCI to kick
1276 *
1277 * Transmit data from this DLCI if the queue is empty. We can't rely on
1278 * a tty wakeup except when we filled the pipe so we need to fire off
1279 * new data ourselves in other cases.
1280 */
1281
1282static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1283{
192b6041 1284 int sweep;
e1eaea46 1285
f3c909b4 1286 if (dlci->constipated)
c01af4fe 1287 return;
c01af4fe 1288
902e02ea 1289 mutex_lock(&dlci->gsm->tx_mutex);
e1eaea46 1290 /* If we have nothing running then we need to fire up */
192b6041 1291 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
bcd5abe2
RG		 1292 if (dlci->gsm->tx_bytes == 0) {
1293 if (dlci->net)
1294 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1295 else
1296 gsm_dlci_data_output(dlci->gsm, dlci);
192b6041
RG		 1297 }
1298 if (sweep)
f3c909b4 1299 gsm_dlci_data_sweep(dlci->gsm);
902e02ea 1300 mutex_unlock(&dlci->gsm->tx_mutex);
e1eaea46
AC		 1301}
1302
1303/*
1304 * Control message processing
1305 */
1306
1307
1308/**
1309 * gsm_control_reply - send a response frame to a control
1310 * @gsm: gsm channel
1311 * @cmd: the command to use
1312 * @data: data to follow encoded info
1313 * @dlen: length of data
1314 *
1315 * Encode up and queue a UI/UIH frame containing our response.
1316 */
1317
4feb7a4a 1318static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
e1eaea46
AC		 1319 int dlen)
1320{
1321 struct gsm_msg *msg;
1322 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
093d8046
KM		 1323 if (msg == NULL)
1324 return;
e1eaea46
AC		 1325 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1326 msg->data[1] = (dlen << 1) | EA;
1327 memcpy(msg->data + 2, data, dlen);
1328 gsm_data_queue(gsm->dlci[0], msg);
1329}
1330
1331/**
1332 * gsm_process_modem - process received modem status
1333 * @tty: virtual tty bound to the DLCI
1334 * @dlci: DLCI to affect
1335 * @modem: modem bits (full EA)
687f9ad4 1336 * @slen: number of signal octets
e1eaea46
AC		 1337 *
1338 * Used when a modem control message or line state inline in adaption
1339 * layer 2 is processed. Sort out the local modem state and throttles
1340 */
1341
1342static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
687f9ad4 1343 u32 modem, int slen)
e1eaea46
AC		 1344{
1345 int mlines = 0;
7263287a 1346 u8 brk = 0;
c01af4fe 1347 int fc;
7263287a 1348
687f9ad4 1349 /* The modem status command can either contain one octet (V.24 signals)
1350 * or two octets (V.24 signals + break signals). This is specified in
1351 * section 5.4.6.3.7 of the 07.10 mux spec.
1352 */
7263287a 1353
687f9ad4 1354 if (slen == 1)
7263287a
RG		 1355 modem = modem & 0x7f;
1356 else {
1357 brk = modem & 0x7f;
1358 modem = (modem >> 7) & 0x7f;
c01af4fe 1359 }
e1eaea46
AC		 1360
1361 /* Flow control/ready to communicate */
c01af4fe
FB		 1362 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1363 if (fc && !dlci->constipated) {
e1eaea46 1364 /* Need to throttle our output on this device */
7a9ed9c0 1365 dlci->constipated = true;
c01af4fe 1366 } else if (!fc && dlci->constipated) {
7a9ed9c0 1367 dlci->constipated = false;
e1eaea46
AC		 1368 gsm_dlci_data_kick(dlci);
1369 }
c01af4fe 1370
e1eaea46 1371 /* Map modem bits */
c01af4fe
FB		 1372 if (modem & MDM_RTC)
1373 mlines |= TIOCM_DSR | TIOCM_DTR;
e1eaea46
AC		 1374 if (modem & MDM_RTR)
1375 mlines |= TIOCM_RTS | TIOCM_CTS;
1376 if (modem & MDM_IC)
1377 mlines |= TIOCM_RI;
1378 if (modem & MDM_DV)
1379 mlines |= TIOCM_CD;
1380
1381 /* Carrier drop -> hangup */
1382 if (tty) {
1383 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
9db276f8 1384 if (!C_CLOCAL(tty))
e1eaea46 1385 tty_hangup(tty);
e1eaea46 1386 }
92a19f9c
JS		 1387 if (brk & 0x01)
1388 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
e1eaea46
AC		 1389 dlci->modem_rx = mlines;
1390}
1391
1392/**
1393 * gsm_control_modem - modem status received
1394 * @gsm: GSM channel
1395 * @data: data following command
1396 * @clen: command length
1397 *
1398 * We have received a modem status control message. This is used by
1399 * the GSM mux protocol to pass virtual modem line status and optionally
1400 * to indicate break signals. Unpack it, convert to Linux representation
1401 * and if need be stuff a break message down the tty.
1402 */
1403
4feb7a4a 1404static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46
AC		 1405{
1406 unsigned int addr = 0;
1407 unsigned int modem = 0;
1408 struct gsm_dlci *dlci;
1409 int len = clen;
687f9ad4 1410 int slen;
4feb7a4a 1411 const u8 *dp = data;
e1eaea46
AC		 1412 struct tty_struct *tty;
1413
1414 while (gsm_read_ea(&addr, *dp++) == 0) {
1415 len--;
1416 if (len == 0)
1417 return;
1418 }
1419 /* Must be at least one byte following the EA */
1420 len--;
1421 if (len <= 0)
1422 return;
1423
1424 addr >>= 1;
1425 /* Closed port, or invalid ? */
1426 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1427 return;
1428 dlci = gsm->dlci[addr];
1429
687f9ad4 1430 slen = len;
e1eaea46
AC		 1431 while (gsm_read_ea(&modem, *dp++) == 0) {
1432 len--;
1433 if (len == 0)
1434 return;
1435 }
3ac06b90 1436 len--;
e1eaea46 1437 tty = tty_port_tty_get(&dlci->port);
317f86af 1438 gsm_process_modem(tty, dlci, modem, slen - len);
e1eaea46
AC		 1439 if (tty) {
1440 tty_wakeup(tty);
1441 tty_kref_put(tty);
1442 }
1443 gsm_control_reply(gsm, CMD_MSC, data, clen);
1444}
1445
1446/**
1447 * gsm_control_rls - remote line status
1448 * @gsm: GSM channel
1449 * @data: data bytes
1450 * @clen: data length
1451 *
1452 * The modem sends us a two byte message on the control channel whenever
1453 * it wishes to send us an error state from the virtual link. Stuff
1454 * this into the uplink tty if present
1455 */
1456
4feb7a4a 1457static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46 1458{
92a19f9c 1459 struct tty_port *port;
f3c909b4 1460 unsigned int addr = 0;
e1eaea46
AC		 1461 u8 bits;
1462 int len = clen;
4feb7a4a 1463 const u8 *dp = data;
e1eaea46
AC		 1464
1465 while (gsm_read_ea(&addr, *dp++) == 0) {
1466 len--;
1467 if (len == 0)
1468 return;
1469 }
1470 /* Must be at least one byte following ea */
1471 len--;
1472 if (len <= 0)
1473 return;
1474 addr >>= 1;
1475 /* Closed port, or invalid ? */
1476 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1477 return;
1478 /* No error ? */
1479 bits = *dp;
1480 if ((bits & 1) == 0)
1481 return;
e1eaea46 1482
92a19f9c
JS		 1483 port = &gsm->dlci[addr]->port;
1484
1485 if (bits & 2)
1486 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1487 if (bits & 4)
1488 tty_insert_flip_char(port, 0, TTY_PARITY);
1489 if (bits & 8)
1490 tty_insert_flip_char(port, 0, TTY_FRAME);
1491
2e124b4a
JS		 1492 tty_flip_buffer_push(port);
1493
e1eaea46
AC		 1494 gsm_control_reply(gsm, CMD_RLS, data, clen);
1495}
1496
1497static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1498
1499/**
1500 * gsm_control_message - DLCI 0 control processing
1501 * @gsm: our GSM mux
1502 * @command: the command EA
1503 * @data: data beyond the command/length EAs
1504 * @clen: length
1505 *
1506 * Input processor for control messages from the other end of the link.
1507 * Processes the incoming request and queues a response frame or an
1508 * NSC response if not supported
1509 */
1510
1511static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1512 const u8 *data, int clen)
e1eaea46
AC		 1513{
1514 u8 buf[1];
5e44708f 1515
e1eaea46
AC		 1516 switch (command) {
1517 case CMD_CLD: {
a8c5b825 1518 struct gsm_dlci *dlci = gsm->dlci[0];
e1eaea46
AC		 1519 /* Modem wishes to close down */
1520 if (dlci) {
5677fcf3
JS		 1521 dlci->dead = true;
1522 gsm->dead = true;
a8c5b825 1523 gsm_dlci_begin_close(dlci);
e1eaea46
AC		 1524 }
1525 }
1526 break;
1527 case CMD_TEST:
1528 /* Modem wishes to test, reply with the data */
1529 gsm_control_reply(gsm, CMD_TEST, data, clen);
1530 break;
1531 case CMD_FCON:
e1eaea46 1532 /* Modem can accept data again */
7a9ed9c0 1533 gsm->constipated = false;
c01af4fe 1534 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
e1eaea46 1535 /* Kick the link in case it is idling */
0af02167 1536 gsmld_write_trigger(gsm);
e1eaea46 1537 break;
c01af4fe
FB		 1538 case CMD_FCOFF:
1539 /* Modem wants us to STFU */
7a9ed9c0 1540 gsm->constipated = true;
c01af4fe
FB		 1541 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1542 break;
e1eaea46
AC		 1543 case CMD_MSC:
1544 /* Out of band modem line change indicator for a DLCI */
1545 gsm_control_modem(gsm, data, clen);
1546 break;
1547 case CMD_RLS:
1548 /* Out of band error reception for a DLCI */
1549 gsm_control_rls(gsm, data, clen);
1550 break;
1551 case CMD_PSC:
1552 /* Modem wishes to enter power saving state */
1553 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1554 break;
1555 /* Optional unsupported commands */
1556 case CMD_PN: /* Parameter negotiation */
25985edc
LDM		 1557 case CMD_RPN: /* Remote port negotiation */
1558 case CMD_SNC: /* Service negotiation command */
e1eaea46
AC		 1559 default:
1560 /* Reply to bad commands with an NSC */
1561 buf[0] = command;
1562 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1563 break;
1564 }
1565}
1566
1567/**
1568 * gsm_control_response - process a response to our control
1569 * @gsm: our GSM mux
1570 * @command: the command (response) EA
1571 * @data: data beyond the command/length EA
1572 * @clen: length
1573 *
1574 * Process a response to an outstanding command. We only allow a single
1575 * control message in flight so this is fairly easy. All the clean up
1576 * is done by the caller, we just update the fields, flag it as done
1577 * and return
1578 */
1579
1580static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1581 const u8 *data, int clen)
e1eaea46
AC		 1582{
1583 struct gsm_control *ctrl;
1584 unsigned long flags;
1585
1586 spin_lock_irqsave(&gsm->control_lock, flags);
1587
1588 ctrl = gsm->pending_cmd;
1589 /* Does the reply match our command */
1590 command |= 1;
1591 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1592 /* Our command was replied to, kill the retry timer */
1593 del_timer(&gsm->t2_timer);
1594 gsm->pending_cmd = NULL;
1595 /* Rejected by the other end */
1596 if (command == CMD_NSC)
1597 ctrl->error = -EOPNOTSUPP;
1598 ctrl->done = 1;
1599 wake_up(&gsm->event);
1600 }
1601 spin_unlock_irqrestore(&gsm->control_lock, flags);
1602}
1603
1604/**
5f9a31d6 1605 * gsm_control_transmit - send control packet
e1eaea46
AC		 1606 * @gsm: gsm mux
1607 * @ctrl: frame to send
1608 *
1609 * Send out a pending control command (called under control lock)
1610 */
1611
1612static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1613{
398867f5 1614 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
e1eaea46
AC		 1615 if (msg == NULL)
1616 return;
398867f5
DS		 1617 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */
1618 msg->data[1] = (ctrl->len << 1) | EA;
1619 memcpy(msg->data + 2, ctrl->data, ctrl->len);
e1eaea46
AC		 1620 gsm_data_queue(gsm->dlci[0], msg);
1621}
1622
1623/**
1624 * gsm_control_retransmit - retransmit a control frame
724ac070 1625 * @t: timer contained in our gsm object
e1eaea46
AC		 1626 *
1627 * Called off the T2 timer expiry in order to retransmit control frames
1628 * that have been lost in the system somewhere. The control_lock protects
1629 * us from colliding with another sender or a receive completion event.
1630 * In that situation the timer may still occur in a small window but
1631 * gsm->pending_cmd will be NULL and we just let the timer expire.
1632 */
1633
e99e88a9 1634static void gsm_control_retransmit(struct timer_list *t)
e1eaea46 1635{
e99e88a9 1636 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
e1eaea46
AC		 1637 struct gsm_control *ctrl;
1638 unsigned long flags;
1639 spin_lock_irqsave(&gsm->control_lock, flags);
1640 ctrl = gsm->pending_cmd;
1641 if (ctrl) {
4fae831b 1642 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
e1eaea46
AC		 1643 gsm->pending_cmd = NULL;
1644 ctrl->error = -ETIMEDOUT;
1645 ctrl->done = 1;
1646 spin_unlock_irqrestore(&gsm->control_lock, flags);
1647 wake_up(&gsm->event);
1648 return;
1649 }
d0bcdffc 1650 gsm->cretries--;
e1eaea46
AC		 1651 gsm_control_transmit(gsm, ctrl);
1652 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1653 }
1654 spin_unlock_irqrestore(&gsm->control_lock, flags);
1655}
1656
1657/**
1658 * gsm_control_send - send a control frame on DLCI 0
1659 * @gsm: the GSM channel
1660 * @command: command to send including CR bit
1661 * @data: bytes of data (must be kmalloced)
724ac070 1662 * @clen: length of the block to send
e1eaea46
AC		 1663 *
1664 * Queue and dispatch a control command. Only one command can be
1665 * active at a time. In theory more can be outstanding but the matching
1666 * gets really complicated so for now stick to one outstanding.
1667 */
1668
1669static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1670 unsigned int command, u8 *data, int clen)
1671{
1672 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1673 GFP_KERNEL);
1674 unsigned long flags;
1675 if (ctrl == NULL)
1676 return NULL;
1677retry:
1678 wait_event(gsm->event, gsm->pending_cmd == NULL);
1679 spin_lock_irqsave(&gsm->control_lock, flags);
1680 if (gsm->pending_cmd != NULL) {
1681 spin_unlock_irqrestore(&gsm->control_lock, flags);
1682 goto retry;
1683 }
1684 ctrl->cmd = command;
1685 ctrl->data = data;
1686 ctrl->len = clen;
1687 gsm->pending_cmd = ctrl;
e9ec2254
TL		 1688
1689 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1690 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
d0bcdffc 1691 gsm->cretries = 0;
e9ec2254
TL		 1692 else
1693 gsm->cretries = gsm->n2;
1694
e1eaea46
AC		 1695 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1696 gsm_control_transmit(gsm, ctrl);
1697 spin_unlock_irqrestore(&gsm->control_lock, flags);
1698 return ctrl;
1699}
1700
1701/**
1702 * gsm_control_wait - wait for a control to finish
1703 * @gsm: GSM mux
1704 * @control: control we are waiting on
1705 *
1706 * Waits for the control to complete or time out. Frees any used
1707 * resources and returns 0 for success, or an error if the remote
1708 * rejected or ignored the request.
1709 */
1710
1711static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1712{
1713 int err;
1714 wait_event(gsm->event, control->done == 1);
1715 err = control->error;
1716 kfree(control);
1717 return err;
1718}
1719
1720
1721/*
1722 * DLCI level handling: Needs krefs
1723 */
1724
1725/*
1726 * State transitions and timers
1727 */
1728
1729/**
1730 * gsm_dlci_close - a DLCI has closed
1731 * @dlci: DLCI that closed
1732 *
1733 * Perform processing when moving a DLCI into closed state. If there
1734 * is an attached tty this is hung up
1735 */
1736
1737static void gsm_dlci_close(struct gsm_dlci *dlci)
1738{
1739 del_timer(&dlci->t1);
1740 if (debug & 8)
5f9a31d6 1741 pr_debug("DLCI %d goes closed.\n", dlci->addr);
e1eaea46 1742 dlci->state = DLCI_CLOSED;
ac77f007
DS		 1743 /* Prevent us from sending data before the link is up again */
1744 dlci->constipated = true;
e1eaea46 1745 if (dlci->addr != 0) {
aa27a094 1746 tty_port_tty_hangup(&dlci->port, false);
0af02167 1747 gsm_dlci_clear_queues(dlci->gsm, dlci);
a2ab75b8 1748 /* Ensure that gsmtty_open() can return. */
1749 tty_port_set_initialized(&dlci->port, 0);
1750 wake_up_interruptible(&dlci->port.open_wait);
e1eaea46 1751 } else
5677fcf3 1752 dlci->gsm->dead = true;
e1eaea46
AC		 1753 /* A DLCI 0 close is a MUX termination so we need to kick that
1754 back to userspace somehow */
0af02167
DS		 1755 gsm_dlci_data_kick(dlci);
1756 wake_up(&dlci->gsm->event);
e1eaea46
AC		 1757}
1758
1759/**
1760 * gsm_dlci_open - a DLCI has opened
1761 * @dlci: DLCI that opened
1762 *
1763 * Perform processing when moving a DLCI into open state.
1764 */
1765
1766static void gsm_dlci_open(struct gsm_dlci *dlci)
1767{
1768 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1769 open -> open */
1770 del_timer(&dlci->t1);
1771 /* This will let a tty open continue */
1772 dlci->state = DLCI_OPEN;
ac77f007 1773 dlci->constipated = false;
e1eaea46 1774 if (debug & 8)
5f9a31d6 1775 pr_debug("DLCI %d goes open.\n", dlci->addr);
48473802
DS		 1776 /* Send current modem state */
1777 if (dlci->addr)
c19ffe00 1778 gsm_modem_update(dlci, 0);
0af02167 1779 gsm_dlci_data_kick(dlci);
e1eaea46
AC		 1780 wake_up(&dlci->gsm->event);
1781}
1782
1783/**
1784 * gsm_dlci_t1 - T1 timer expiry
724ac070 1785 * @t: timer contained in the DLCI that opened
e1eaea46
AC		 1786 *
1787 * The T1 timer handles retransmits of control frames (essentially of
1788 * SABM and DISC). We resend the command until the retry count runs out
1789 * in which case an opening port goes back to closed and a closing port
1790 * is simply put into closed state (any further frames from the other
1791 * end will get a DM response)
ea3d8465
TL		 1792 *
1793 * Some control dlci can stay in ADM mode with other dlci working just
1794 * fine. In that case we can just keep the control dlci open after the
1795 * DLCI_OPENING retries time out.
e1eaea46
AC		 1796 */
1797
e99e88a9 1798static void gsm_dlci_t1(struct timer_list *t)
e1eaea46 1799{
e99e88a9 1800 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
e1eaea46
AC		 1801 struct gsm_mux *gsm = dlci->gsm;
1802
1803 switch (dlci->state) {
1804 case DLCI_OPENING:
e1eaea46 1805 if (dlci->retries) {
f30e10ca 1806 dlci->retries--;
e1eaea46
AC		 1807 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1808 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
ea3d8465
TL		 1809 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1810 if (debug & 8)
1811 pr_info("DLCI %d opening in ADM mode.\n",
1812 dlci->addr);
e9ec2254 1813 dlci->mode = DLCI_MODE_ADM;
ea3d8465
TL		 1814 gsm_dlci_open(dlci);
1815 } else {
e3b7468f 1816 gsm_dlci_begin_close(dlci); /* prevent half open link */
ea3d8465
TL		 1817 }
1818
e1eaea46
AC		 1819 break;
1820 case DLCI_CLOSING:
e1eaea46 1821 if (dlci->retries) {
f30e10ca 1822 dlci->retries--;
e1eaea46
AC		 1823 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1824 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1825 } else
1826 gsm_dlci_close(dlci);
1827 break;
72ae8cc1
JS		 1828 default:
1829 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1830 break;
e1eaea46
AC		 1831 }
1832}
1833
1834/**
1835 * gsm_dlci_begin_open - start channel open procedure
1836 * @dlci: DLCI to open
1837 *
1838 * Commence opening a DLCI from the Linux side. We issue SABM messages
ea3d8465
TL		 1839 * to the modem which should then reply with a UA or ADM, at which point
1840 * we will move into open state. Opening is done asynchronously with retry
e1eaea46
AC		 1841 * running off timers and the responses.
1842 */
1843
1844static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1845{
1846 struct gsm_mux *gsm = dlci->gsm;
1847 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1848 return;
1849 dlci->retries = gsm->n2;
1850 dlci->state = DLCI_OPENING;
1851 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1852 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1853}
1854
ac77f007
DS		 1855/**
1856 * gsm_dlci_set_opening - change state to opening
1857 * @dlci: DLCI to open
1858 *
1859 * Change internal state to wait for DLCI open from initiator side.
1860 * We set off timers and responses upon reception of an SABM.
1861 */
1862static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1863{
1864 switch (dlci->state) {
1865 case DLCI_CLOSED:
1866 case DLCI_CLOSING:
1867 dlci->state = DLCI_OPENING;
1868 break;
1869 default:
1870 break;
1871 }
1872}
1873
e1eaea46
AC		 1874/**
1875 * gsm_dlci_begin_close - start channel open procedure
1876 * @dlci: DLCI to open
1877 *
1878 * Commence closing a DLCI from the Linux side. We issue DISC messages
1879 * to the modem which should then reply with a UA, at which point we
1880 * will move into closed state. Closing is done asynchronously with retry
1881 * off timers. We may also receive a DM reply from the other end which
1882 * indicates the channel was already closed.
1883 */
1884
1885static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1886{
1887 struct gsm_mux *gsm = dlci->gsm;
1888 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1889 return;
1890 dlci->retries = gsm->n2;
1891 dlci->state = DLCI_CLOSING;
1892 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1893 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1894}
1895
1896/**
1897 * gsm_dlci_data - data arrived
1898 * @dlci: channel
1899 * @data: block of bytes received
724ac070 1900 * @clen: length of received block
e1eaea46
AC		 1901 *
1902 * A UI or UIH frame has arrived which contains data for a channel
1903 * other than the control channel. If the relevant virtual tty is
1904 * open we shovel the bits down it, if not we drop them.
1905 */
1906
4feb7a4a 1907static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
e1eaea46
AC		 1908{
1909 /* krefs .. */
1910 struct tty_port *port = &dlci->port;
2e124b4a 1911 struct tty_struct *tty;
e1eaea46 1912 unsigned int modem = 0;
7263287a 1913 int len = clen;
687f9ad4 1914 int slen = 0;
e1eaea46
AC		 1915
1916 if (debug & 16)
2e124b4a
JS		 1917 pr_debug("%d bytes for tty\n", len);
1918 switch (dlci->adaption) {
1919 /* Unsupported types */
3e913eeb 1920 case 4: /* Packetised interruptible data */
2e124b4a 1921 break;
3e913eeb 1922 case 3: /* Packetised uininterruptible voice/data */
2e124b4a 1923 break;
3e913eeb 1924 case 2: /* Asynchronous serial with line state in each frame */
2e124b4a
JS		 1925 while (gsm_read_ea(&modem, *data++) == 0) {
1926 len--;
687f9ad4 1927 slen++;
2e124b4a
JS		 1928 if (len == 0)
1929 return;
1930 }
fd442e5b 1931 len--;
687f9ad4 1932 slen++;
2e124b4a
JS		 1933 tty = tty_port_tty_get(port);
1934 if (tty) {
687f9ad4 1935 gsm_process_modem(tty, dlci, modem, slen);
1adf6fee 1936 tty_wakeup(tty);
2e124b4a 1937 tty_kref_put(tty);
e1eaea46 1938 }
df561f66 1939 fallthrough;
3e913eeb 1940 case 1: /* Line state will go via DLCI 0 controls only */
2e124b4a
JS		 1941 default:
1942 tty_insert_flip_string(port, data, len);
1943 tty_flip_buffer_push(port);
e1eaea46
AC		 1944 }
1945}
1946
1947/**
542a121a 1948 * gsm_dlci_command - data arrived on control channel
e1eaea46
AC		 1949 * @dlci: channel
1950 * @data: block of bytes received
1951 * @len: length of received block
1952 *
1953 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1954 * control channel. This should contain a command EA followed by
1955 * control data bytes. The command EA contains a command/response bit
1956 * and we divide up the work accordingly.
1957 */
1958
4feb7a4a 1959static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
e1eaea46
AC		 1960{
1961 /* See what command is involved */
1962 unsigned int command = 0;
1963 while (len-- > 0) {
1964 if (gsm_read_ea(&command, *data++) == 1) {
1965 int clen = *data++;
1966 len--;
1967 /* FIXME: this is properly an EA */
1968 clen >>= 1;
1969 /* Malformed command ? */
1970 if (clen > len)
1971 return;
1972 if (command & 1)
1973 gsm_control_message(dlci->gsm, command,
1974 data, clen);
1975 else
1976 gsm_control_response(dlci->gsm, command,
1977 data, clen);
1978 return;
1979 }
1980 }
1981}
1982
c568f708 1983/**
c9ab053e
FP		 1984 * gsm_kick_timeout - transmit if possible
1985 * @work: work contained in our gsm object
c568f708
DS		 1986 *
1987 * Transmit data from DLCIs if the queue is empty. We can't rely on
1988 * a tty wakeup except when we filled the pipe so we need to fire off
1989 * new data ourselves in other cases.
1990 */
c9ab053e 1991static void gsm_kick_timeout(struct work_struct *work)
c568f708 1992{
c9ab053e 1993 struct gsm_mux *gsm = container_of(work, struct gsm_mux, kick_timeout.work);
c568f708
DS		 1994 int sent = 0;
1995
902e02ea 1996 mutex_lock(&gsm->tx_mutex);
c568f708
DS		 1997 /* If we have nothing running then we need to fire up */
1998 if (gsm->tx_bytes < TX_THRESH_LO)
1999 sent = gsm_dlci_data_sweep(gsm);
902e02ea 2000 mutex_unlock(&gsm->tx_mutex);
c568f708
DS		 2001
2002 if (sent && debug & 4)
2003 pr_info("%s TX queue stalled\n", __func__);
2004}
2005
e1eaea46
AC		 2006/*
2007 * Allocate/Free DLCI channels
2008 */
2009
2010/**
2011 * gsm_dlci_alloc - allocate a DLCI
2012 * @gsm: GSM mux
2013 * @addr: address of the DLCI
2014 *
2015 * Allocate and install a new DLCI object into the GSM mux.
2016 *
2017 * FIXME: review locking races
2018 */
2019
2020static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
2021{
2022 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
2023 if (dlci == NULL)
2024 return NULL;
2025 spin_lock_init(&dlci->lock);
bcd5abe2 2026 mutex_init(&dlci->mutex);
9361ebfb 2027 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
e1eaea46
AC		 2028 kfree(dlci);
2029 return NULL;
2030 }
2031
2032 skb_queue_head_init(&dlci->skb_list);
e99e88a9 2033 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
e1eaea46
AC		 2034 tty_port_init(&dlci->port);
2035 dlci->port.ops = &gsm_port_ops;
2036 dlci->gsm = gsm;
2037 dlci->addr = addr;
2038 dlci->adaption = gsm->adaption;
2039 dlci->state = DLCI_CLOSED;
ac77f007 2040 if (addr) {
e1eaea46 2041 dlci->data = gsm_dlci_data;
ac77f007
DS		 2042 /* Prevent us from sending data before the link is up */
2043 dlci->constipated = true;
2044 } else {
e1eaea46 2045 dlci->data = gsm_dlci_command;
ac77f007 2046 }
e1eaea46
AC		 2047 gsm->dlci[addr] = dlci;
2048 return dlci;
2049}
2050
2051/**
6ab8fba7 2052 * gsm_dlci_free - free DLCI
724ac070 2053 * @port: tty port for DLCI to free
6ab8fba7
RG		 2054 *
2055 * Free up a DLCI.
2056 *
2057 * Can sleep.
2058 */
9a8e62bc 2059static void gsm_dlci_free(struct tty_port *port)
6ab8fba7 2060{
9a8e62bc 2061 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
6ab8fba7
RG		 2062
2063 del_timer_sync(&dlci->t1);
2064 dlci->gsm->dlci[dlci->addr] = NULL;
036bca1f 2065 kfifo_free(&dlci->fifo);
6ab8fba7 2066 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
329e5678 2067 dev_kfree_skb(dlci->skb);
6ab8fba7
RG		 2068 kfree(dlci);
2069}
2070
2071static inline void dlci_get(struct gsm_dlci *dlci)
2072{
9a8e62bc 2073 tty_port_get(&dlci->port);
6ab8fba7
RG		 2074}
2075
2076static inline void dlci_put(struct gsm_dlci *dlci)
2077{
9a8e62bc 2078 tty_port_put(&dlci->port);
6ab8fba7
RG		 2079}
2080
4d9b1090
DB		 2081static void gsm_destroy_network(struct gsm_dlci *dlci);
2082
6ab8fba7
RG		 2083/**
2084 * gsm_dlci_release - release DLCI
e1eaea46
AC		 2085 * @dlci: DLCI to destroy
2086 *
6ab8fba7
RG		 2087 * Release a DLCI. Actual free is deferred until either
2088 * mux is closed or tty is closed - whichever is last.
e1eaea46
AC		 2089 *
2090 * Can sleep.
2091 */
6ab8fba7 2092static void gsm_dlci_release(struct gsm_dlci *dlci)
e1eaea46
AC		 2093{
2094 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
2095 if (tty) {
4d9b1090
DB		 2096 mutex_lock(&dlci->mutex);
2097 gsm_destroy_network(dlci);
2098 mutex_unlock(&dlci->mutex);
2099
96b169f0 2100 /* We cannot use tty_hangup() because in tty_kref_put() the tty
2101 * driver assumes that the hangup queue is free and reuses it to
2102 * queue release_one_tty() -> NULL pointer panic in
2103 * process_one_work().
2104 */
2105 tty_vhangup(tty);
be706572 2106
4d9b1090 2107 tty_port_tty_set(&dlci->port, NULL);
e1eaea46
AC		 2108 tty_kref_put(tty);
2109 }
4d9b1090 2110 dlci->state = DLCI_CLOSED;
6ab8fba7 2111 dlci_put(dlci);
e1eaea46
AC		 2112}
2113
e1eaea46
AC		 2114/*
2115 * LAPBish link layer logic
2116 */
2117
2118/**
2119 * gsm_queue - a GSM frame is ready to process
2120 * @gsm: pointer to our gsm mux
2121 *
2122 * At this point in time a frame has arrived and been demangled from
2123 * the line encoding. All the differences between the encodings have
2124 * been handled below us and the frame is unpacked into the structures.
2125 * The fcs holds the header FCS but any data FCS must be added here.
2126 */
2127
2128static void gsm_queue(struct gsm_mux *gsm)
2129{
2130 struct gsm_dlci *dlci;
2131 u8 cr;
2132 int address;
e1eaea46 2133
e1eaea46
AC		 2134 if (gsm->fcs != GOOD_FCS) {
2135 gsm->bad_fcs++;
2136 if (debug & 4)
5f9a31d6 2137 pr_debug("BAD FCS %02x\n", gsm->fcs);
e1eaea46
AC		 2138 return;
2139 }
2140 address = gsm->address >> 1;
2141 if (address >= NUM_DLCI)
2142 goto invalid;
2143
2144 cr = gsm->address & 1; /* C/R bit */
57435c42 2145 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
e1eaea46
AC		 2146
2147 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
2148
e1eaea46
AC		 2149 dlci = gsm->dlci[address];
2150
2151 switch (gsm->control) {
2152 case SABM|PF:
cd936621 2153 if (cr == 1)
e1eaea46
AC		 2154 goto invalid;
2155 if (dlci == NULL)
2156 dlci = gsm_dlci_alloc(gsm, address);
2157 if (dlci == NULL)
2158 return;
2159 if (dlci->dead)
cc0f4212 2160 gsm_response(gsm, address, DM|PF);
e1eaea46 2161 else {
cc0f4212 2162 gsm_response(gsm, address, UA|PF);
e1eaea46
AC		 2163 gsm_dlci_open(dlci);
2164 }
2165 break;
2166 case DISC|PF:
cd936621 2167 if (cr == 1)
e1eaea46
AC		 2168 goto invalid;
2169 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
cc0f4212 2170 gsm_response(gsm, address, DM|PF);
e1eaea46
AC		 2171 return;
2172 }
2173 /* Real close complete */
a8c5b825
DS		 2174 gsm_response(gsm, address, UA|PF);
2175 gsm_dlci_close(dlci);
e1eaea46 2176 break;
e1eaea46
AC		 2177 case UA|PF:
2178 if (cr == 0 || dlci == NULL)
2179 break;
2180 switch (dlci->state) {
2181 case DLCI_CLOSING:
2182 gsm_dlci_close(dlci);
2183 break;
2184 case DLCI_OPENING:
2185 gsm_dlci_open(dlci);
2186 break;
72ae8cc1
JS		 2187 default:
2188 pr_debug("%s: unhandled state: %d\n", __func__,
2189 dlci->state);
2190 break;
e1eaea46
AC		 2191 }
2192 break;
2193 case DM: /* DM can be valid unsolicited */
2194 case DM|PF:
2195 if (cr)
2196 goto invalid;
2197 if (dlci == NULL)
2198 return;
2199 gsm_dlci_close(dlci);
2200 break;
2201 case UI:
2202 case UI|PF:
2203 case UIH:
2204 case UIH|PF:
e1eaea46 2205 if (dlci == NULL || dlci->state != DLCI_OPEN) {
18a948c7 2206 gsm_response(gsm, address, DM|PF);
e1eaea46
AC		 2207 return;
2208 }
2209 dlci->data(dlci, gsm->buf, gsm->len);
2210 break;
2211 default:
2212 goto invalid;
2213 }
2214 return;
2215invalid:
2216 gsm->malformed++;
2217 return;
2218}
2219
2220
2221/**
2222 * gsm0_receive - perform processing for non-transparency
2223 * @gsm: gsm data for this ldisc instance
2224 * @c: character
2225 *
2226 * Receive bytes in gsm mode 0
2227 */
2228
2229static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
2230{
c2f2f000
AC		 2231 unsigned int len;
2232
e1eaea46
AC		 2233 switch (gsm->state) {
2234 case GSM_SEARCH: /* SOF marker */
2235 if (c == GSM0_SOF) {
2236 gsm->state = GSM_ADDRESS;
2237 gsm->address = 0;
2238 gsm->len = 0;
2239 gsm->fcs = INIT_FCS;
2240 }
c2f2f000
AC		 2241 break;
2242 case GSM_ADDRESS: /* Address EA */
e1eaea46
AC		 2243 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2244 if (gsm_read_ea(&gsm->address, c))
2245 gsm->state = GSM_CONTROL;
2246 break;
2247 case GSM_CONTROL: /* Control Byte */
2248 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2249 gsm->control = c;
c2f2f000 2250 gsm->state = GSM_LEN0;
e1eaea46 2251 break;
c2f2f000 2252 case GSM_LEN0: /* Length EA */
e1eaea46
AC		 2253 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2254 if (gsm_read_ea(&gsm->len, c)) {
2255 if (gsm->len > gsm->mru) {
2256 gsm->bad_size++;
2257 gsm->state = GSM_SEARCH;
2258 break;
2259 }
2260 gsm->count = 0;
c2f2f000
AC		 2261 if (!gsm->len)
2262 gsm->state = GSM_FCS;
2263 else
2264 gsm->state = GSM_DATA;
2265 break;
e1eaea46 2266 }
c2f2f000
AC		 2267 gsm->state = GSM_LEN1;
2268 break;
2269 case GSM_LEN1:
2270 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2271 len = c;
2272 gsm->len |= len << 7;
2273 if (gsm->len > gsm->mru) {
2274 gsm->bad_size++;
2275 gsm->state = GSM_SEARCH;
2276 break;
e1eaea46 2277 }
c2f2f000
AC		 2278 gsm->count = 0;
2279 if (!gsm->len)
2280 gsm->state = GSM_FCS;
2281 else
2282 gsm->state = GSM_DATA;
e1eaea46
AC		 2283 break;
2284 case GSM_DATA: /* Data */
2285 gsm->buf[gsm->count++] = c;
7a0e4b17
DS		 2286 if (gsm->count == gsm->len) {
2287 /* Calculate final FCS for UI frames over all data */
2288 if ((gsm->control & ~PF) != UIH) {
2289 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2290 gsm->count);
2291 }
e1eaea46 2292 gsm->state = GSM_FCS;
7a0e4b17 2293 }
e1eaea46
AC		 2294 break;
2295 case GSM_FCS: /* FCS follows the packet */
7a0e4b17 2296 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
c2f2f000
AC		 2297 gsm->state = GSM_SSOF;
2298 break;
2299 case GSM_SSOF:
7a0e4b17
DS		 2300 gsm->state = GSM_SEARCH;
2301 if (c == GSM0_SOF)
2302 gsm_queue(gsm);
2303 else
2304 gsm->bad_size++;
e1eaea46 2305 break;
329aa6e6
JS		 2306 default:
2307 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2308 break;
e1eaea46
AC		 2309 }
2310}
2311
2312/**
c2f2f000 2313 * gsm1_receive - perform processing for non-transparency
e1eaea46
AC		 2314 * @gsm: gsm data for this ldisc instance
2315 * @c: character
2316 *
2317 * Receive bytes in mode 1 (Advanced option)
2318 */
2319
2320static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2321{
f4f7d632
DS		 2322 /* handle XON/XOFF */
2323 if ((c & ISO_IEC_646_MASK) == XON) {
2324 gsm->constipated = true;
2325 return;
2326 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2327 gsm->constipated = false;
2328 /* Kick the link in case it is idling */
0af02167 2329 gsmld_write_trigger(gsm);
f4f7d632
DS		 2330 return;
2331 }
e1eaea46 2332 if (c == GSM1_SOF) {
7a0e4b17
DS		 2333 /* EOF is only valid in frame if we have got to the data state */
2334 if (gsm->state == GSM_DATA) {
2335 if (gsm->count < 1) {
2336 /* Missing FSC */
2337 gsm->malformed++;
2338 gsm->state = GSM_START;
2339 return;
2340 }
2341 /* Remove the FCS from data */
e1eaea46 2342 gsm->count--;
7a0e4b17
DS		 2343 if ((gsm->control & ~PF) != UIH) {
2344 /* Calculate final FCS for UI frames over all
2345 * data but FCS
2346 */
2347 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2348 gsm->count);
2349 }
2350 /* Add the FCS itself to test against GOOD_FCS */
e1eaea46
AC		 2351 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2352 gsm->len = gsm->count;
2353 gsm_queue(gsm);
2354 gsm->state = GSM_START;
2355 return;
2356 }
2357 /* Any partial frame was a runt so go back to start */
2358 if (gsm->state != GSM_START) {
a24b4b2f
DS		 2359 if (gsm->state != GSM_SEARCH)
2360 gsm->malformed++;
e1eaea46
AC		 2361 gsm->state = GSM_START;
2362 }
2363 /* A SOF in GSM_START means we are still reading idling or
2364 framing bytes */
2365 return;
2366 }
2367
2368 if (c == GSM1_ESCAPE) {
c50704bd 2369 gsm->escape = true;
e1eaea46
AC		 2370 return;
2371 }
2372
2373 /* Only an unescaped SOF gets us out of GSM search */
2374 if (gsm->state == GSM_SEARCH)
2375 return;
2376
2377 if (gsm->escape) {
2378 c ^= GSM1_ESCAPE_BITS;
c50704bd 2379 gsm->escape = false;
e1eaea46
AC		 2380 }
2381 switch (gsm->state) {
2382 case GSM_START: /* First byte after SOF */
2383 gsm->address = 0;
2384 gsm->state = GSM_ADDRESS;
2385 gsm->fcs = INIT_FCS;
df561f66 2386 fallthrough;
e1eaea46
AC		 2387 case GSM_ADDRESS: /* Address continuation */
2388 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2389 if (gsm_read_ea(&gsm->address, c))
2390 gsm->state = GSM_CONTROL;
2391 break;
2392 case GSM_CONTROL: /* Control Byte */
2393 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2394 gsm->control = c;
2395 gsm->count = 0;
2396 gsm->state = GSM_DATA;
2397 break;
2398 case GSM_DATA: /* Data */
5f9a31d6 2399 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
e1eaea46
AC		 2400 gsm->state = GSM_OVERRUN;
2401 gsm->bad_size++;
2402 } else
2403 gsm->buf[gsm->count++] = c;
2404 break;
2405 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2406 break;
329aa6e6
JS		 2407 default:
2408 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2409 break;
e1eaea46
AC		 2410 }
2411}
2412
2413/**
2414 * gsm_error - handle tty error
2415 * @gsm: ldisc data
e1eaea46
AC		 2416 *
2417 * Handle an error in the receipt of data for a frame. Currently we just
2418 * go back to hunting for a SOF.
2419 *
2420 * FIXME: better diagnostics ?
2421 */
2422
ea502201 2423static void gsm_error(struct gsm_mux *gsm)
e1eaea46
AC		 2424{
2425 gsm->state = GSM_SEARCH;
2426 gsm->io_error++;
2427}
2428
2429/**
2430 * gsm_cleanup_mux - generic GSM protocol cleanup
2431 * @gsm: our mux
aa371e96 2432 * @disc: disconnect link?
e1eaea46
AC		 2433 *
2434 * Clean up the bits of the mux which are the same for all framing
2435 * protocols. Remove the mux from the mux table, stop all the timers
2436 * and then shut down each device hanging up the channels as we go.
2437 */
2438
aa371e96 2439static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
e1eaea46
AC		 2440{
2441 int i;
2442 struct gsm_dlci *dlci = gsm->dlci[0];
329e5678 2443 struct gsm_msg *txq, *ntxq;
e1eaea46 2444
5677fcf3 2445 gsm->dead = true;
aa371e96 2446 mutex_lock(&gsm->mutex);
e1eaea46 2447
aa371e96
DS		 2448 if (dlci) {
2449 if (disc && dlci->state != DLCI_CLOSED) {
2450 gsm_dlci_begin_close(dlci);
2451 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
e1eaea46 2452 }
aa371e96 2453 dlci->dead = true;
e1eaea46 2454 }
e1eaea46 2455
aa371e96 2456 /* Finish outstanding timers, making sure they are done */
c9ab053e 2457 cancel_delayed_work_sync(&gsm->kick_timeout);
e1eaea46 2458 del_timer_sync(&gsm->t2_timer);
71e07791 2459
0af02167
DS		 2460 /* Finish writing to ldisc */
2461 flush_work(&gsm->tx_work);
2462
deefc58b 2463 /* Free up any link layer users and finally the control channel */
01aecd91
DS		 2464 if (gsm->has_devices) {
2465 gsm_unregister_devices(gsm_tty_driver, gsm->num);
2466 gsm->has_devices = false;
2467 }
deefc58b 2468 for (i = NUM_DLCI - 1; i >= 0; i--)
e1eaea46 2469 if (gsm->dlci[i])
6ab8fba7 2470 gsm_dlci_release(gsm->dlci[i]);
dfabf7ff 2471 mutex_unlock(&gsm->mutex);
e1eaea46 2472 /* Now wipe the queues */
17eac652 2473 tty_ldisc_flush(gsm->tty);
0af02167
DS		 2474 list_for_each_entry_safe(txq, ntxq, &gsm->tx_ctrl_list, list)
2475 kfree(txq);
2476 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2477 list_for_each_entry_safe(txq, ntxq, &gsm->tx_data_list, list)
e1eaea46 2478 kfree(txq);
0af02167 2479 INIT_LIST_HEAD(&gsm->tx_data_list);
e1eaea46 2480}
e1eaea46
AC		 2481
2482/**
2483 * gsm_activate_mux - generic GSM setup
2484 * @gsm: our mux
2485 *
2486 * Set up the bits of the mux which are the same for all framing
2487 * protocols. Add the mux to the mux table so it can be opened and
2488 * finally kick off connecting to DLCI 0 on the modem.
2489 */
2490
54af5836 2491static int gsm_activate_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2492{
2493 struct gsm_dlci *dlci;
01aecd91 2494 int ret;
e1eaea46 2495
73496604
DS		 2496 dlci = gsm_dlci_alloc(gsm, 0);
2497 if (dlci == NULL)
2498 return -ENOMEM;
2499
e1eaea46
AC		 2500 if (gsm->encoding == 0)
2501 gsm->receive = gsm0_receive;
2502 else
2503 gsm->receive = gsm1_receive;
e1eaea46 2504
01aecd91
DS		 2505 ret = gsm_register_devices(gsm_tty_driver, gsm->num);
2506 if (ret)
2507 return ret;
2508
01aecd91 2509 gsm->has_devices = true;
5677fcf3 2510 gsm->dead = false; /* Tty opens are now permissible */
e1eaea46
AC		 2511 return 0;
2512}
e1eaea46
AC		 2513
2514/**
2515 * gsm_free_mux - free up a mux
724ac070 2516 * @gsm: mux to free
e1eaea46 2517 *
6ab8fba7 2518 * Dispose of allocated resources for a dead mux
e1eaea46 2519 */
54af5836 2520static void gsm_free_mux(struct gsm_mux *gsm)
e1eaea46 2521{
1ec92e97
DS		 2522 int i;
2523
2524 for (i = 0; i < MAX_MUX; i++) {
2525 if (gsm == gsm_mux[i]) {
2526 gsm_mux[i] = NULL;
2527 break;
2528 }
2529 }
902e02ea 2530 mutex_destroy(&gsm->tx_mutex);
1ec92e97 2531 mutex_destroy(&gsm->mutex);
e1eaea46
AC		 2532 kfree(gsm->txframe);
2533 kfree(gsm->buf);
2534 kfree(gsm);
2535}
e1eaea46 2536
6ab8fba7
RG		 2537/**
2538 * gsm_free_muxr - free up a mux
724ac070 2539 * @ref: kreference to the mux to free
6ab8fba7
RG		 2540 *
2541 * Dispose of allocated resources for a dead mux
2542 */
2543static void gsm_free_muxr(struct kref *ref)
2544{
2545 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2546 gsm_free_mux(gsm);
2547}
2548
2549static inline void mux_get(struct gsm_mux *gsm)
2550{
1ec92e97
DS		 2551 unsigned long flags;
2552
2553 spin_lock_irqsave(&gsm_mux_lock, flags);
6ab8fba7 2554 kref_get(&gsm->ref);
1ec92e97 2555 spin_unlock_irqrestore(&gsm_mux_lock, flags);
6ab8fba7
RG		 2556}
2557
2558static inline void mux_put(struct gsm_mux *gsm)
2559{
1ec92e97
DS		 2560 unsigned long flags;
2561
2562 spin_lock_irqsave(&gsm_mux_lock, flags);
6ab8fba7 2563 kref_put(&gsm->ref, gsm_free_muxr);
1ec92e97 2564 spin_unlock_irqrestore(&gsm_mux_lock, flags);
6ab8fba7
RG		 2565}
2566
43a9e710
MH		 2567static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2568{
2569 return gsm->num * NUM_DLCI;
2570}
2571
2572static inline unsigned int mux_line_to_num(unsigned int line)
2573{
2574 return line / NUM_DLCI;
2575}
2576
e1eaea46
AC		 2577/**
2578 * gsm_alloc_mux - allocate a mux
2579 *
2580 * Creates a new mux ready for activation.
2581 */
2582
54af5836 2583static struct gsm_mux *gsm_alloc_mux(void)
e1eaea46 2584{
1ec92e97 2585 int i;
e1eaea46
AC		 2586 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2587 if (gsm == NULL)
2588 return NULL;
2589 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2590 if (gsm->buf == NULL) {
2591 kfree(gsm);
2592 return NULL;
2593 }
535bf600 2594 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
e1eaea46
AC		 2595 if (gsm->txframe == NULL) {
2596 kfree(gsm->buf);
2597 kfree(gsm);
2598 return NULL;
2599 }
2600 spin_lock_init(&gsm->lock);
dfabf7ff 2601 mutex_init(&gsm->mutex);
902e02ea 2602 mutex_init(&gsm->tx_mutex);
6ab8fba7 2603 kref_init(&gsm->ref);
0af02167
DS		 2604 INIT_LIST_HEAD(&gsm->tx_ctrl_list);
2605 INIT_LIST_HEAD(&gsm->tx_data_list);
c9ab053e 2606 INIT_DELAYED_WORK(&gsm->kick_timeout, gsm_kick_timeout);
4bb1a53b
TH		 2607 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2608 INIT_WORK(&gsm->tx_work, gsmld_write_task);
2609 init_waitqueue_head(&gsm->event);
2610 spin_lock_init(&gsm->control_lock);
e1eaea46
AC		 2611
2612 gsm->t1 = T1;
2613 gsm->t2 = T2;
2614 gsm->n2 = N2;
2615 gsm->ftype = UIH;
e1eaea46
AC		 2616 gsm->adaption = 1;
2617 gsm->encoding = 1;
2618 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2619 gsm->mtu = 64;
5677fcf3 2620 gsm->dead = true; /* Avoid early tty opens */
e1eaea46 2621
1ec92e97
DS		 2622 /* Store the instance to the mux array or abort if no space is
2623 * available.
2624 */
2625 spin_lock(&gsm_mux_lock);
2626 for (i = 0; i < MAX_MUX; i++) {
2627 if (!gsm_mux[i]) {
2628 gsm_mux[i] = gsm;
2629 gsm->num = i;
2630 break;
2631 }
2632 }
2633 spin_unlock(&gsm_mux_lock);
2634 if (i == MAX_MUX) {
902e02ea 2635 mutex_destroy(&gsm->tx_mutex);
1ec92e97
DS		 2636 mutex_destroy(&gsm->mutex);
2637 kfree(gsm->txframe);
2638 kfree(gsm->buf);
2639 kfree(gsm);
2640 return NULL;
2641 }
2642
e1eaea46
AC		 2643 return gsm;
2644}
e1eaea46 2645
33841040
TL		 2646static void gsm_copy_config_values(struct gsm_mux *gsm,
2647 struct gsm_config *c)
2648{
2649 memset(c, 0, sizeof(*c));
2650 c->adaption = gsm->adaption;
2651 c->encapsulation = gsm->encoding;
2652 c->initiator = gsm->initiator;
2653 c->t1 = gsm->t1;
2654 c->t2 = gsm->t2;
2655 c->t3 = 0; /* Not supported */
2656 c->n2 = gsm->n2;
2657 if (gsm->ftype == UIH)
2658 c->i = 1;
2659 else
2660 c->i = 2;
2661 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2662 c->mru = gsm->mru;
2663 c->mtu = gsm->mtu;
2664 c->k = 0;
2665}
2666
2667static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2668{
edd5f60c 2669 int ret = 0;
33841040
TL		 2670 int need_close = 0;
2671 int need_restart = 0;
2672
2673 /* Stuff we don't support yet - UI or I frame transport, windowing */
2674 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2675 return -EOPNOTSUPP;
2676 /* Check the MRU/MTU range looks sane */
2677 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2678 return -EINVAL;
d0bcdffc 2679 if (c->n2 > 255)
33841040
TL		 2680 return -EINVAL;
2681 if (c->encapsulation > 1) /* Basic, advanced, no I */
2682 return -EINVAL;
2683 if (c->initiator > 1)
2684 return -EINVAL;
2685 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2686 return -EINVAL;
2687 /*
2688 * See what is needed for reconfiguration
2689 */
2690
2691 /* Timing fields */
2692 if (c->t1 != 0 && c->t1 != gsm->t1)
2693 need_restart = 1;
2694 if (c->t2 != 0 && c->t2 != gsm->t2)
2695 need_restart = 1;
2696 if (c->encapsulation != gsm->encoding)
2697 need_restart = 1;
2698 if (c->adaption != gsm->adaption)
2699 need_restart = 1;
2700 /* Requires care */
2701 if (c->initiator != gsm->initiator)
2702 need_close = 1;
2703 if (c->mru != gsm->mru)
2704 need_restart = 1;
2705 if (c->mtu != gsm->mtu)
2706 need_restart = 1;
2707
2708 /*
2709 * Close down what is needed, restart and initiate the new
aa371e96
DS		 2710 * configuration. On the first time there is no DLCI[0]
2711 * and closing or cleaning up is not necessary.
33841040 2712 */
aa371e96
DS		 2713 if (need_close || need_restart)
2714 gsm_cleanup_mux(gsm, true);
33841040
TL		 2715
2716 gsm->initiator = c->initiator;
2717 gsm->mru = c->mru;
2718 gsm->mtu = c->mtu;
2719 gsm->encoding = c->encapsulation;
2720 gsm->adaption = c->adaption;
2721 gsm->n2 = c->n2;
2722
2723 if (c->i == 1)
2724 gsm->ftype = UIH;
2725 else if (c->i == 2)
2726 gsm->ftype = UI;
2727
2728 if (c->t1)
2729 gsm->t1 = c->t1;
2730 if (c->t2)
2731 gsm->t2 = c->t2;
2732
2733 /*
2734 * FIXME: We need to separate activation/deactivation from adding
2735 * and removing from the mux array
2736 */
edd5f60c
DS		 2737 if (gsm->dead) {
2738 ret = gsm_activate_mux(gsm);
2739 if (ret)
2740 return ret;
2741 if (gsm->initiator)
2742 gsm_dlci_begin_open(gsm->dlci[0]);
2743 }
33841040
TL		 2744 return 0;
2745}
2746
e1eaea46
AC		 2747/**
2748 * gsmld_output - write to link
2749 * @gsm: our mux
2750 * @data: bytes to output
2751 * @len: size
2752 *
2753 * Write a block of data from the GSM mux to the data channel. This
2754 * will eventually be serialized from above but at the moment isn't.
2755 */
2756
2757static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2758{
2759 if (tty_write_room(gsm->tty) < len) {
2760 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2761 return -ENOSPC;
2762 }
0a77c4f9 2763 if (debug & 4)
925ea0fa 2764 gsm_hex_dump_bytes(__func__, data, len);
9136c683 2765 return gsm->tty->ops->write(gsm->tty, data, len);
e1eaea46
AC		 2766}
2767
0af02167
DS		 2768
2769/**
2770 * gsmld_write_trigger - schedule ldisc write task
2771 * @gsm: our mux
2772 */
2773static void gsmld_write_trigger(struct gsm_mux *gsm)
2774{
2775 if (!gsm || !gsm->dlci[0] || gsm->dlci[0]->dead)
2776 return;
2777 schedule_work(&gsm->tx_work);
2778}
2779
2780
2781/**
2782 * gsmld_write_task - ldisc write task
2783 * @work: our tx write work
2784 *
2785 * Writes out data to the ldisc if possible. We are doing this here to
2786 * avoid dead-locking. This returns if no space or data is left for output.
2787 */
2788static void gsmld_write_task(struct work_struct *work)
2789{
2790 struct gsm_mux *gsm = container_of(work, struct gsm_mux, tx_work);
0af02167
DS		 2791 int i, ret;
2792
2793 /* All outstanding control channel and control messages and one data
2794 * frame is sent.
2795 */
2796 ret = -ENODEV;
902e02ea 2797 mutex_lock(&gsm->tx_mutex);
0af02167
DS		 2798 if (gsm->tty)
2799 ret = gsm_data_kick(gsm);
902e02ea 2800 mutex_unlock(&gsm->tx_mutex);
0af02167
DS		 2801
2802 if (ret >= 0)
2803 for (i = 0; i < NUM_DLCI; i++)
2804 if (gsm->dlci[i])
2805 tty_port_tty_wakeup(&gsm->dlci[i]->port);
2806}
2807
e1eaea46
AC		 2808/**
2809 * gsmld_attach_gsm - mode set up
2810 * @tty: our tty structure
2811 * @gsm: our mux
2812 *
2813 * Set up the MUX for basic mode and commence connecting to the
2814 * modem. Currently called from the line discipline set up but
2815 * will need moving to an ioctl path.
2816 */
2817
01aecd91 2818static void gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
e1eaea46 2819{
e1eaea46 2820 gsm->tty = tty_kref_get(tty);
f4f7d632
DS		 2821 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2822 gsm->old_c_iflag = tty->termios.c_iflag;
2823 tty->termios.c_iflag &= (IXON | IXOFF);
e1eaea46
AC		 2824}
2825
e1eaea46
AC		 2826/**
2827 * gsmld_detach_gsm - stop doing 0710 mux
70f23fd6 2828 * @tty: tty attached to the mux
e1eaea46
AC		 2829 * @gsm: mux
2830 *
2831 * Shutdown and then clean up the resources used by the line discipline
2832 */
2833
2834static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2835{
2836 WARN_ON(tty != gsm->tty);
f4f7d632
DS		 2837 /* Restore tty XON/XOFF handling. */
2838 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
e1eaea46
AC		 2839 tty_kref_put(gsm->tty);
2840 gsm->tty = NULL;
2841}
2842
55db4c64 2843static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
0f3dcf3b 2844 const char *fp, int count)
e1eaea46
AC		 2845{
2846 struct gsm_mux *gsm = tty->disc_data;
82f91fe0 2847 char flags = TTY_NORMAL;
e1eaea46 2848
0a77c4f9 2849 if (debug & 4)
925ea0fa 2850 gsm_hex_dump_bytes(__func__, cp, count);
e1eaea46 2851
b93db97e
JS		 2852 for (; count; count--, cp++) {
2853 if (fp)
2854 flags = *fp++;
e1eaea46
AC		 2855 switch (flags) {
2856 case TTY_NORMAL:
f16c6d2e
MAH		 2857 if (gsm->receive)
2858 gsm->receive(gsm, *cp);
e1eaea46
AC		 2859 break;
2860 case TTY_OVERRUN:
2861 case TTY_BREAK:
2862 case TTY_PARITY:
2863 case TTY_FRAME:
ea502201 2864 gsm_error(gsm);
e1eaea46
AC		 2865 break;
2866 default:
c01af4fe 2867 WARN_ONCE(1, "%s: unknown flag %d\n",
429b4749 2868 tty_name(tty), flags);
e1eaea46
AC		 2869 break;
2870 }
2871 }
2872 /* FASYNC if needed ? */
2873 /* If clogged call tty_throttle(tty); */
2874}
2875
e1eaea46
AC		 2876/**
2877 * gsmld_flush_buffer - clean input queue
2878 * @tty: terminal device
2879 *
2880 * Flush the input buffer. Called when the line discipline is
2881 * being closed, when the tty layer wants the buffer flushed (eg
2882 * at hangup).
2883 */
2884
2885static void gsmld_flush_buffer(struct tty_struct *tty)
2886{
2887}
2888
2889/**
2890 * gsmld_close - close the ldisc for this tty
2891 * @tty: device
2892 *
2893 * Called from the terminal layer when this line discipline is
2894 * being shut down, either because of a close or becsuse of a
2895 * discipline change. The function will not be called while other
2896 * ldisc methods are in progress.
2897 */
2898
2899static void gsmld_close(struct tty_struct *tty)
2900{
2901 struct gsm_mux *gsm = tty->disc_data;
2902
284260f2
DS		 2903 /* The ldisc locks and closes the port before calling our close. This
2904 * means we have no way to do a proper disconnect. We will not bother
2905 * to do one.
2906 */
2907 gsm_cleanup_mux(gsm, false);
2908
e1eaea46
AC		 2909 gsmld_detach_gsm(tty, gsm);
2910
2911 gsmld_flush_buffer(tty);
2912 /* Do other clean up here */
6ab8fba7 2913 mux_put(gsm);
e1eaea46
AC		 2914}
2915
2916/**
2917 * gsmld_open - open an ldisc
2918 * @tty: terminal to open
2919 *
2920 * Called when this line discipline is being attached to the
2921 * terminal device. Can sleep. Called serialized so that no
2922 * other events will occur in parallel. No further open will occur
2923 * until a close.
2924 */
2925
2926static int gsmld_open(struct tty_struct *tty)
2927{
2928 struct gsm_mux *gsm;
2929
2930 if (tty->ops->write == NULL)
2931 return -EINVAL;
2932
2933 /* Attach our ldisc data */
2934 gsm = gsm_alloc_mux();
2935 if (gsm == NULL)
2936 return -ENOMEM;
2937
2938 tty->disc_data = gsm;
2939 tty->receive_room = 65536;
2940
2941 /* Attach the initial passive connection */
2942 gsm->encoding = 1;
5a640967 2943
01aecd91
DS		 2944 gsmld_attach_gsm(tty, gsm);
2945
01aecd91 2946 return 0;
e1eaea46
AC		 2947}
2948
2949/**
2950 * gsmld_write_wakeup - asynchronous I/O notifier
2951 * @tty: tty device
2952 *
2953 * Required for the ptys, serial driver etc. since processes
2954 * that attach themselves to the master and rely on ASYNC
2955 * IO must be woken up
2956 */
2957
2958static void gsmld_write_wakeup(struct tty_struct *tty)
2959{
2960 struct gsm_mux *gsm = tty->disc_data;
2961
2962 /* Queue poll */
0af02167 2963 gsmld_write_trigger(gsm);
e1eaea46
AC		 2964}
2965
2966/**
2967 * gsmld_read - read function for tty
2968 * @tty: tty device
2969 * @file: file object
2970 * @buf: userspace buffer pointer
2971 * @nr: size of I/O
542a121a
LJ		 2972 * @cookie: unused
2973 * @offset: unused
e1eaea46
AC		 2974 *
2975 * Perform reads for the line discipline. We are guaranteed that the
2976 * line discipline will not be closed under us but we may get multiple
2977 * parallel readers and must handle this ourselves. We may also get
2978 * a hangup. Always called in user context, may sleep.
2979 *
2980 * This code must be sure never to sleep through a hangup.
2981 */
2982
2983static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
3b830a9c
LT		 2984 unsigned char *buf, size_t nr,
2985 void **cookie, unsigned long offset)
e1eaea46
AC		 2986{
2987 return -EOPNOTSUPP;
2988}
2989
2990/**
2991 * gsmld_write - write function for tty
2992 * @tty: tty device
2993 * @file: file object
2994 * @buf: userspace buffer pointer
2995 * @nr: size of I/O
2996 *
2997 * Called when the owner of the device wants to send a frame
2998 * itself (or some other control data). The data is transferred
2999 * as-is and must be properly framed and checksummed as appropriate
3000 * by userspace. Frames are either sent whole or not at all as this
3001 * avoids pain user side.
3002 */
3003
3004static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
3005 const unsigned char *buf, size_t nr)
3006{
32dd59f9 3007 struct gsm_mux *gsm = tty->disc_data;
32dd59f9
DS		 3008 int space;
3009 int ret;
3010
3011 if (!gsm)
3012 return -ENODEV;
3013
3014 ret = -ENOBUFS;
902e02ea 3015 mutex_lock(&gsm->tx_mutex);
32dd59f9 3016 space = tty_write_room(tty);
e1eaea46 3017 if (space >= nr)
32dd59f9
DS		 3018 ret = tty->ops->write(tty, buf, nr);
3019 else
3020 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
902e02ea 3021 mutex_unlock(&gsm->tx_mutex);
32dd59f9
DS		 3022
3023 return ret;
e1eaea46
AC		 3024}
3025
3026/**
3027 * gsmld_poll - poll method for N_GSM0710
3028 * @tty: terminal device
3029 * @file: file accessing it
3030 * @wait: poll table
3031 *
3032 * Called when the line discipline is asked to poll() for data or
3033 * for special events. This code is not serialized with respect to
3034 * other events save open/close.
3035 *
3036 * This code must be sure never to sleep through a hangup.
3037 * Called without the kernel lock held - fine
3038 */
3039
afc9a42b 3040static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
e1eaea46
AC		 3041 poll_table *wait)
3042{
afc9a42b 3043 __poll_t mask = 0;
e1eaea46
AC		 3044 struct gsm_mux *gsm = tty->disc_data;
3045
3046 poll_wait(file, &tty->read_wait, wait);
3047 poll_wait(file, &tty->write_wait, wait);
7e5b4322
DS		 3048
3049 if (gsm->dead)
3050 mask |= EPOLLHUP;
e1eaea46 3051 if (tty_hung_up_p(file))
a9a08845 3052 mask |= EPOLLHUP;
7e5b4322
DS		 3053 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
3054 mask |= EPOLLHUP;
e1eaea46 3055 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
a9a08845 3056 mask |= EPOLLOUT | EPOLLWRNORM;
e1eaea46
AC		 3057 return mask;
3058}
3059
d78328bc
JS		 3060static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
3061 unsigned long arg)
e1eaea46
AC		 3062{
3063 struct gsm_config c;
3064 struct gsm_mux *gsm = tty->disc_data;
a7b121b4 3065 unsigned int base;
e1eaea46
AC		 3066
3067 switch (cmd) {
3068 case GSMIOC_GETCONF:
33841040 3069 gsm_copy_config_values(gsm, &c);
edd05a73 3070 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
e1eaea46
AC		 3071 return -EFAULT;
3072 return 0;
3073 case GSMIOC_SETCONF:
edd05a73 3074 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
e1eaea46 3075 return -EFAULT;
33841040 3076 return gsm_config(gsm, &c);
a7b121b4
MH		 3077 case GSMIOC_GETFIRST:
3078 base = mux_num_to_base(gsm);
3079 return put_user(base + 1, (__u32 __user *)arg);
e1eaea46 3080 default:
7c783601 3081 return n_tty_ioctl_helper(tty, cmd, arg);
e1eaea46
AC		 3082 }
3083}
3084
bcd5abe2
RG		 3085/*
3086 * Network interface
3087 *
3088 */
3089
3090static int gsm_mux_net_open(struct net_device *net)
3091{
3092 pr_debug("%s called\n", __func__);
3093 netif_start_queue(net);
3094 return 0;
3095}
3096
3097static int gsm_mux_net_close(struct net_device *net)
3098{
3099 netif_stop_queue(net);
3100 return 0;
3101}
3102
bcd5abe2
RG		 3103static void dlci_net_free(struct gsm_dlci *dlci)
3104{
3105 if (!dlci->net) {
3106 WARN_ON(1);
3107 return;
3108 }
3109 dlci->adaption = dlci->prev_adaption;
3110 dlci->data = dlci->prev_data;
3111 free_netdev(dlci->net);
3112 dlci->net = NULL;
3113}
3114static void net_free(struct kref *ref)
3115{
3116 struct gsm_mux_net *mux_net;
3117 struct gsm_dlci *dlci;
3118
3119 mux_net = container_of(ref, struct gsm_mux_net, ref);
3120 dlci = mux_net->dlci;
3121
3122 if (dlci->net) {
3123 unregister_netdev(dlci->net);
3124 dlci_net_free(dlci);
3125 }
3126}
3127
6ab8fba7
RG		 3128static inline void muxnet_get(struct gsm_mux_net *mux_net)
3129{
3130 kref_get(&mux_net->ref);
3131}
3132
3133static inline void muxnet_put(struct gsm_mux_net *mux_net)
3134{
3135 kref_put(&mux_net->ref, net_free);
3136}
3137
2468b3e4 3138static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
bcd5abe2
RG		 3139 struct net_device *net)
3140{
5dbc32a8 3141 struct gsm_mux_net *mux_net = netdev_priv(net);
bcd5abe2 3142 struct gsm_dlci *dlci = mux_net->dlci;
6ab8fba7 3143 muxnet_get(mux_net);
bcd5abe2
RG		 3144
3145 skb_queue_head(&dlci->skb_list, skb);
47baf1ad
TK		 3146 net->stats.tx_packets++;
3147 net->stats.tx_bytes += skb->len;
bcd5abe2
RG		 3148 gsm_dlci_data_kick(dlci);
3149 /* And tell the kernel when the last transmit started. */
860e9538 3150 netif_trans_update(net);
6ab8fba7 3151 muxnet_put(mux_net);
bcd5abe2
RG		 3152 return NETDEV_TX_OK;
3153}
3154
3155/* called when a packet did not ack after watchdogtimeout */
0290bd29 3156static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
bcd5abe2
RG		 3157{
3158 /* Tell syslog we are hosed. */
3159 dev_dbg(&net->dev, "Tx timed out.\n");
3160
3161 /* Update statistics */
47baf1ad 3162 net->stats.tx_errors++;
bcd5abe2
RG		 3163}
3164
3165static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
4feb7a4a 3166 const unsigned char *in_buf, int size)
bcd5abe2
RG		 3167{
3168 struct net_device *net = dlci->net;
3169 struct sk_buff *skb;
5dbc32a8 3170 struct gsm_mux_net *mux_net = netdev_priv(net);
6ab8fba7 3171 muxnet_get(mux_net);
bcd5abe2
RG		 3172
3173 /* Allocate an sk_buff */
3174 skb = dev_alloc_skb(size + NET_IP_ALIGN);
3175 if (!skb) {
3176 /* We got no receive buffer. */
47baf1ad 3177 net->stats.rx_dropped++;
6ab8fba7 3178 muxnet_put(mux_net);
bcd5abe2
RG		 3179 return;
3180 }
3181 skb_reserve(skb, NET_IP_ALIGN);
59ae1d12 3182 skb_put_data(skb, in_buf, size);
bcd5abe2
RG		 3183
3184 skb->dev = net;
75406b3b 3185 skb->protocol = htons(ETH_P_IP);
bcd5abe2
RG		 3186
3187 /* Ship it off to the kernel */
3188 netif_rx(skb);
3189
3190 /* update out statistics */
47baf1ad
TK		 3191 net->stats.rx_packets++;
3192 net->stats.rx_bytes += size;
6ab8fba7 3193 muxnet_put(mux_net);
bcd5abe2
RG		 3194 return;
3195}
3196
bcd5abe2
RG		 3197static void gsm_mux_net_init(struct net_device *net)
3198{
3199 static const struct net_device_ops gsm_netdev_ops = {
3200 .ndo_open = gsm_mux_net_open,
3201 .ndo_stop = gsm_mux_net_close,
3202 .ndo_start_xmit = gsm_mux_net_start_xmit,
3203 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
bcd5abe2
RG		 3204 };
3205
3206 net->netdev_ops = &gsm_netdev_ops;
3207
3208 /* fill in the other fields */
3209 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
3210 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
3211 net->type = ARPHRD_NONE;
3212 net->tx_queue_len = 10;
3213}
3214
3215
3216/* caller holds the dlci mutex */
3217static void gsm_destroy_network(struct gsm_dlci *dlci)
3218{
3219 struct gsm_mux_net *mux_net;
3220
d8ca4ecf 3221 pr_debug("destroy network interface\n");
bcd5abe2
RG		 3222 if (!dlci->net)
3223 return;
5dbc32a8 3224 mux_net = netdev_priv(dlci->net);
6ab8fba7 3225 muxnet_put(mux_net);
bcd5abe2
RG		 3226}
3227
3228
3229/* caller holds the dlci mutex */
3230static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
3231{
3232 char *netname;
3233 int retval = 0;
3234 struct net_device *net;
3235 struct gsm_mux_net *mux_net;
3236
3237 if (!capable(CAP_NET_ADMIN))
3238 return -EPERM;
3239
3240 /* Already in a non tty mode */
3241 if (dlci->adaption > 2)
3242 return -EBUSY;
3243
3244 if (nc->protocol != htons(ETH_P_IP))
3245 return -EPROTONOSUPPORT;
3246
3247 if (nc->adaption != 3 && nc->adaption != 4)
3248 return -EPROTONOSUPPORT;
3249
d8ca4ecf 3250 pr_debug("create network interface\n");
bcd5abe2
RG		 3251
3252 netname = "gsm%d";
3253 if (nc->if_name[0] != '\0')
3254 netname = nc->if_name;
c835a677
TG		 3255 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
3256 NET_NAME_UNKNOWN, gsm_mux_net_init);
bcd5abe2 3257 if (!net) {
d8ca4ecf 3258 pr_err("alloc_netdev failed\n");
bcd5abe2
RG		 3259 return -ENOMEM;
3260 }
3261 net->mtu = dlci->gsm->mtu;
9c22b4a3
JW		 3262 net->min_mtu = 8;
3263 net->max_mtu = dlci->gsm->mtu;
5dbc32a8 3264 mux_net = netdev_priv(net);
bcd5abe2
RG		 3265 mux_net->dlci = dlci;
3266 kref_init(&mux_net->ref);
3267 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
3268
3269 /* reconfigure dlci for network */
3270 dlci->prev_adaption = dlci->adaption;
3271 dlci->prev_data = dlci->data;
3272 dlci->adaption = nc->adaption;
3273 dlci->data = gsm_mux_rx_netchar;
3274 dlci->net = net;
3275
d8ca4ecf 3276 pr_debug("register netdev\n");
bcd5abe2
RG		 3277 retval = register_netdev(net);
3278 if (retval) {
3279 pr_err("network register fail %d\n", retval);
3280 dlci_net_free(dlci);
3281 return retval;
3282 }
3283 return net->ifindex; /* return network index */
3284}
e1eaea46
AC		 3285
3286/* Line discipline for real tty */
d3157b2c 3287static struct tty_ldisc_ops tty_ldisc_packet = {
e1eaea46 3288 .owner = THIS_MODULE,
fbadf70a 3289 .num = N_GSM0710,
e1eaea46
AC		 3290 .name = "n_gsm",
3291 .open = gsmld_open,
3292 .close = gsmld_close,
3293 .flush_buffer = gsmld_flush_buffer,
e1eaea46
AC		 3294 .read = gsmld_read,
3295 .write = gsmld_write,
3296 .ioctl = gsmld_ioctl,
3297 .poll = gsmld_poll,
3298 .receive_buf = gsmld_receive_buf,
3299 .write_wakeup = gsmld_write_wakeup
3300};
3301
3302/*
3303 * Virtual tty side
3304 */
3305
c19ffe00
DS		 3306/**
3307 * gsm_modem_upd_via_data - send modem bits via convergence layer
3308 * @dlci: channel
3309 * @brk: break signal
3310 *
3311 * Send an empty frame to signal mobile state changes and to transmit the
3312 * break signal for adaption 2.
3313 */
3314
3315static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
e1eaea46 3316{
c19ffe00 3317 struct gsm_mux *gsm = dlci->gsm;
c19ffe00
DS		 3318
3319 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
3320 return;
3321
902e02ea 3322 mutex_lock(&gsm->tx_mutex);
c19ffe00 3323 gsm_dlci_modem_output(gsm, dlci, brk);
902e02ea 3324 mutex_unlock(&gsm->tx_mutex);
c19ffe00
DS		 3325}
3326
3327/**
3328 * gsm_modem_upd_via_msc - send modem bits via control frame
3329 * @dlci: channel
3330 * @brk: break signal
3331 */
3332
3333static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
e1eaea46 3334{
398867f5 3335 u8 modembits[3];
e1eaea46
AC		 3336 struct gsm_control *ctrl;
3337 int len = 2;
3338
c19ffe00
DS		 3339 if (dlci->gsm->encoding != 0)
3340 return 0;
e1eaea46 3341
398867f5 3342 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
317f86af
DS		 3343 if (!brk) {
3344 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3345 } else {
3346 modembits[1] = gsm_encode_modem(dlci) << 1;
398867f5 3347 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
e1eaea46 3348 len++;
398867f5
DS		 3349 }
3350 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
e1eaea46
AC		 3351 if (ctrl == NULL)
3352 return -ENOMEM;
3353 return gsm_control_wait(dlci->gsm, ctrl);
3354}
3355
c19ffe00
DS		 3356/**
3357 * gsm_modem_update - send modem status line state
3358 * @dlci: channel
3359 * @brk: break signal
3360 */
3361
3362static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
3363{
3364 if (dlci->adaption == 2) {
3365 /* Send convergence layer type 2 empty data frame. */
3366 gsm_modem_upd_via_data(dlci, brk);
3367 return 0;
3368 } else if (dlci->gsm->encoding == 0) {
3369 /* Send as MSC control message. */
3370 return gsm_modem_upd_via_msc(dlci, brk);
3371 }
3372
3373 /* Modem status lines are not supported. */
3374 return -EPROTONOSUPPORT;
3375}
3376
e1eaea46
AC		 3377static int gsm_carrier_raised(struct tty_port *port)
3378{
3379 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
b2d89ad9
TL		 3380 struct gsm_mux *gsm = dlci->gsm;
3381
e1eaea46
AC		 3382 /* Not yet open so no carrier info */
3383 if (dlci->state != DLCI_OPEN)
3384 return 0;
3385 if (debug & 2)
3386 return 1;
b2d89ad9
TL		 3387
3388 /*
3389 * Basic mode with control channel in ADM mode may not respond
3390 * to CMD_MSC at all and modem_rx is empty.
3391 */
3392 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3393 !dlci->modem_rx)
3394 return 1;
3395
e1eaea46
AC		 3396 return dlci->modem_rx & TIOCM_CD;
3397}
3398
3399static void gsm_dtr_rts(struct tty_port *port, int onoff)
3400{
3401 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3402 unsigned int modem_tx = dlci->modem_tx;
3403 if (onoff)
3404 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3405 else
3406 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3407 if (modem_tx != dlci->modem_tx) {
3408 dlci->modem_tx = modem_tx;
c19ffe00 3409 gsm_modem_update(dlci, 0);
e1eaea46
AC		 3410 }
3411}
3412
3413static const struct tty_port_operations gsm_port_ops = {
3414 .carrier_raised = gsm_carrier_raised,
3415 .dtr_rts = gsm_dtr_rts,
9a8e62bc 3416 .destruct = gsm_dlci_free,
e1eaea46
AC		 3417};
3418
86176ed9 3419static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
e1eaea46
AC		 3420{
3421 struct gsm_mux *gsm;
3422 struct gsm_dlci *dlci;
e1eaea46 3423 unsigned int line = tty->index;
43a9e710 3424 unsigned int mux = mux_line_to_num(line);
86176ed9
JS		 3425 bool alloc = false;
3426 int ret;
e1eaea46
AC		 3427
3428 line = line & 0x3F;
3429
3430 if (mux >= MAX_MUX)
3431 return -ENXIO;
3432 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3433 if (gsm_mux[mux] == NULL)
3434 return -EUNATCH;
3435 if (line == 0 || line > 61) /* 62/63 reserved */
3436 return -ECHRNG;
3437 gsm = gsm_mux[mux];
3438 if (gsm->dead)
3439 return -EL2HLT;
f3c909b4
AI		 3440 /* If DLCI 0 is not yet fully open return an error.
3441 This is ok from a locking
3442 perspective as we don't have to worry about this
3443 if DLCI0 is lost */
dfabf7ff
CB		 3444 mutex_lock(&gsm->mutex);
3445 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3446 mutex_unlock(&gsm->mutex);
7e8ac7b2 3447 return -EL2NSYNC;
dfabf7ff 3448 }
e1eaea46 3449 dlci = gsm->dlci[line];
86176ed9
JS		 3450 if (dlci == NULL) {
3451 alloc = true;
e1eaea46 3452 dlci = gsm_dlci_alloc(gsm, line);
86176ed9 3453 }
dfabf7ff
CB		 3454 if (dlci == NULL) {
3455 mutex_unlock(&gsm->mutex);
e1eaea46 3456 return -ENOMEM;
dfabf7ff 3457 }
86176ed9
JS		 3458 ret = tty_port_install(&dlci->port, driver, tty);
3459 if (ret) {
3460 if (alloc)
3461 dlci_put(dlci);
dfabf7ff 3462 mutex_unlock(&gsm->mutex);
86176ed9
JS		 3463 return ret;
3464 }
3465
dfabf7ff
CB		 3466 dlci_get(dlci);
3467 dlci_get(gsm->dlci[0]);
3468 mux_get(gsm);
e1eaea46 3469 tty->driver_data = dlci;
dfabf7ff 3470 mutex_unlock(&gsm->mutex);
86176ed9
JS		 3471
3472 return 0;
3473}
3474
3475static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3476{
3477 struct gsm_dlci *dlci = tty->driver_data;
3478 struct tty_port *port = &dlci->port;
cbff2b32 3479 struct gsm_mux *gsm = dlci->gsm;
86176ed9
JS		 3480
3481 port->count++;
e1eaea46
AC		 3482 tty_port_tty_set(port, tty);
3483
3484 dlci->modem_rx = 0;
3485 /* We could in theory open and close before we wait - eg if we get
3486 a DM straight back. This is ok as that will have caused a hangup */
d41861ca 3487 tty_port_set_initialized(port, 1);
e1eaea46 3488 /* Start sending off SABM messages */
cbff2b32
ZZ		 3489 if (gsm->initiator)
3490 gsm_dlci_begin_open(dlci);
ac77f007
DS		 3491 else
3492 gsm_dlci_set_opening(dlci);
e1eaea46
AC		 3493 /* And wait for virtual carrier */
3494 return tty_port_block_til_ready(port, tty, filp);
3495}
3496
3497static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3498{
3499 struct gsm_dlci *dlci = tty->driver_data;
6ab8fba7 3500
e1eaea46
AC		 3501 if (dlci == NULL)
3502 return;
4d9b1090
DB		 3503 if (dlci->state == DLCI_CLOSED)
3504 return;
bcd5abe2
RG		 3505 mutex_lock(&dlci->mutex);
3506 gsm_destroy_network(dlci);
3507 mutex_unlock(&dlci->mutex);
e1eaea46 3508 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
dfabf7ff 3509 return;
e1eaea46 3510 gsm_dlci_begin_close(dlci);
d41861ca
PH		 3511 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3512 tty_port_lower_dtr_rts(&dlci->port);
e1eaea46
AC		 3513 tty_port_close_end(&dlci->port, tty);
3514 tty_port_tty_set(&dlci->port, NULL);
dfabf7ff 3515 return;
e1eaea46
AC		 3516}
3517
3518static void gsmtty_hangup(struct tty_struct *tty)
3519{
3520 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3521 if (dlci->state == DLCI_CLOSED)
3522 return;
e1eaea46
AC		 3523 tty_port_hangup(&dlci->port);
3524 gsm_dlci_begin_close(dlci);
3525}
3526
3527static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3528 int len)
3529{
4d9b1090 3530 int sent;
e1eaea46 3531 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3532 if (dlci->state == DLCI_CLOSED)
3533 return -EINVAL;
e1eaea46 3534 /* Stuff the bytes into the fifo queue */
036bca1f 3535 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
e1eaea46
AC		 3536 /* Need to kick the channel */
3537 gsm_dlci_data_kick(dlci);
3538 return sent;
3539}
3540
03b3b1a2 3541static unsigned int gsmtty_write_room(struct tty_struct *tty)
e1eaea46
AC		 3542{
3543 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090 3544 if (dlci->state == DLCI_CLOSED)
6bfbfcfc 3545 return 0;
9361ebfb 3546 return kfifo_avail(&dlci->fifo);
e1eaea46
AC		 3547}
3548
fff4ef17 3549static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
e1eaea46
AC		 3550{
3551 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090 3552 if (dlci->state == DLCI_CLOSED)
10eb63e5 3553 return 0;
036bca1f 3554 return kfifo_len(&dlci->fifo);
e1eaea46
AC		 3555}
3556
3557static void gsmtty_flush_buffer(struct tty_struct *tty)
3558{
3559 struct gsm_dlci *dlci = tty->driver_data;
73029a4d
DS		 3560 unsigned long flags;
3561
4d9b1090
DB		 3562 if (dlci->state == DLCI_CLOSED)
3563 return;
e1eaea46
AC		 3564 /* Caution needed: If we implement reliable transport classes
3565 then the data being transmitted can't simply be junked once
3566 it has first hit the stack. Until then we can just blow it
3567 away */
73029a4d 3568 spin_lock_irqsave(&dlci->lock, flags);
036bca1f 3569 kfifo_reset(&dlci->fifo);
73029a4d 3570 spin_unlock_irqrestore(&dlci->lock, flags);
e1eaea46
AC		 3571 /* Need to unhook this DLCI from the transmit queue logic */
3572}
3573
3574static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3575{
3576 /* The FIFO handles the queue so the kernel will do the right
3577 thing waiting on chars_in_buffer before calling us. No work
3578 to do here */
3579}
3580
60b33c13 3581static int gsmtty_tiocmget(struct tty_struct *tty)
e1eaea46
AC		 3582{
3583 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3584 if (dlci->state == DLCI_CLOSED)
3585 return -EINVAL;
e1eaea46
AC		 3586 return dlci->modem_rx;
3587}
3588
20b9d177 3589static int gsmtty_tiocmset(struct tty_struct *tty,
e1eaea46
AC		 3590 unsigned int set, unsigned int clear)
3591{
3592 struct gsm_dlci *dlci = tty->driver_data;
3593 unsigned int modem_tx = dlci->modem_tx;
3594
4d9b1090
DB		 3595 if (dlci->state == DLCI_CLOSED)
3596 return -EINVAL;
cf16807b 3597 modem_tx &= ~clear;
e1eaea46
AC		 3598 modem_tx |= set;
3599
3600 if (modem_tx != dlci->modem_tx) {
3601 dlci->modem_tx = modem_tx;
c19ffe00 3602 return gsm_modem_update(dlci, 0);
e1eaea46
AC		 3603 }
3604 return 0;
3605}
3606
3607
6caa76b7 3608static int gsmtty_ioctl(struct tty_struct *tty,
e1eaea46
AC		 3609 unsigned int cmd, unsigned long arg)
3610{
bcd5abe2
RG		 3611 struct gsm_dlci *dlci = tty->driver_data;
3612 struct gsm_netconfig nc;
3613 int index;
3614
4d9b1090
DB		 3615 if (dlci->state == DLCI_CLOSED)
3616 return -EINVAL;
bcd5abe2
RG		 3617 switch (cmd) {
3618 case GSMIOC_ENABLE_NET:
3619 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3620 return -EFAULT;
3621 nc.if_name[IFNAMSIZ-1] = '\0';
3622 /* return net interface index or error code */
3623 mutex_lock(&dlci->mutex);
3624 index = gsm_create_network(dlci, &nc);
3625 mutex_unlock(&dlci->mutex);
3626 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3627 return -EFAULT;
3628 return index;
3629 case GSMIOC_DISABLE_NET:
3630 if (!capable(CAP_NET_ADMIN))
3631 return -EPERM;
3632 mutex_lock(&dlci->mutex);
3633 gsm_destroy_network(dlci);
3634 mutex_unlock(&dlci->mutex);
3635 return 0;
3636 default:
3637 return -ENOIOCTLCMD;
3638 }
e1eaea46
AC		 3639}
3640
3641static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3642{
4d9b1090
DB		 3643 struct gsm_dlci *dlci = tty->driver_data;
3644 if (dlci->state == DLCI_CLOSED)
3645 return;
e1eaea46
AC		 3646 /* For the moment its fixed. In actual fact the speed information
3647 for the virtual channel can be propogated in both directions by
3648 the RPN control message. This however rapidly gets nasty as we
3649 then have to remap modem signals each way according to whether
3650 our virtual cable is null modem etc .. */
adc8d746 3651 tty_termios_copy_hw(&tty->termios, old);
e1eaea46
AC		 3652}
3653
3654static void gsmtty_throttle(struct tty_struct *tty)
3655{
3656 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3657 if (dlci->state == DLCI_CLOSED)
3658 return;
9db276f8 3659 if (C_CRTSCTS(tty))
c19d9354 3660 dlci->modem_tx &= ~TIOCM_RTS;
e9360b9a 3661 dlci->throttled = true;
c19d9354 3662 /* Send an MSC with RTS cleared */
c19ffe00 3663 gsm_modem_update(dlci, 0);
e1eaea46
AC		 3664}
3665
3666static void gsmtty_unthrottle(struct tty_struct *tty)
3667{
3668 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3669 if (dlci->state == DLCI_CLOSED)
3670 return;
9db276f8 3671 if (C_CRTSCTS(tty))
c19d9354 3672 dlci->modem_tx |= TIOCM_RTS;
e9360b9a 3673 dlci->throttled = false;
c19d9354 3674 /* Send an MSC with RTS set */
c19ffe00 3675 gsm_modem_update(dlci, 0);
e1eaea46
AC		 3676}
3677
3678static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3679{
3680 struct gsm_dlci *dlci = tty->driver_data;
3681 int encode = 0; /* Off */
4d9b1090
DB		 3682 if (dlci->state == DLCI_CLOSED)
3683 return -EINVAL;
e1eaea46
AC		 3684
3685 if (state == -1) /* "On indefinitely" - we can't encode this
3686 properly */
3687 encode = 0x0F;
3688 else if (state > 0) {
3689 encode = state / 200; /* mS to encoding */
3690 if (encode > 0x0F)
3691 encode = 0x0F; /* Best effort */
3692 }
c19ffe00 3693 return gsm_modem_update(dlci, encode);
e1eaea46
AC		 3694}
3695
8f9cfeed 3696static void gsmtty_cleanup(struct tty_struct *tty)
dfabf7ff
CB		 3697{
3698 struct gsm_dlci *dlci = tty->driver_data;
3699 struct gsm_mux *gsm = dlci->gsm;
3700
3701 dlci_put(dlci);
3702 dlci_put(gsm->dlci[0]);
3703 mux_put(gsm);
dfabf7ff 3704}
e1eaea46
AC		 3705
3706/* Virtual ttys for the demux */
3707static const struct tty_operations gsmtty_ops = {
86176ed9 3708 .install = gsmtty_install,
e1eaea46
AC		 3709 .open = gsmtty_open,
3710 .close = gsmtty_close,
3711 .write = gsmtty_write,
3712 .write_room = gsmtty_write_room,
3713 .chars_in_buffer = gsmtty_chars_in_buffer,
3714 .flush_buffer = gsmtty_flush_buffer,
3715 .ioctl = gsmtty_ioctl,
3716 .throttle = gsmtty_throttle,
3717 .unthrottle = gsmtty_unthrottle,
3718 .set_termios = gsmtty_set_termios,
3719 .hangup = gsmtty_hangup,
3720 .wait_until_sent = gsmtty_wait_until_sent,
3721 .tiocmget = gsmtty_tiocmget,
3722 .tiocmset = gsmtty_tiocmset,
3723 .break_ctl = gsmtty_break_ctl,
8f9cfeed 3724 .cleanup = gsmtty_cleanup,
e1eaea46
AC		 3725};
3726
3727
3728
3729static int __init gsm_init(void)
3730{
3731 /* Fill in our line protocol discipline, and register it */
fbadf70a 3732 int status = tty_register_ldisc(&tty_ldisc_packet);
e1eaea46 3733 if (status != 0) {
5f9a31d6
AC		 3734 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3735 status);
e1eaea46
AC		 3736 return status;
3737 }
3738
39b7b42b
JS		 3739 gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW |
3740 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
3741 if (IS_ERR(gsm_tty_driver)) {
5f9a31d6 3742 pr_err("gsm_init: tty allocation failed.\n");
39b7b42b 3743 status = PTR_ERR(gsm_tty_driver);
839e0f22 3744 goto err_unreg_ldisc;
e1eaea46 3745 }
e1eaea46
AC		 3746 gsm_tty_driver->driver_name = "gsmtty";
3747 gsm_tty_driver->name = "gsmtty";
3748 gsm_tty_driver->major = 0; /* Dynamic */
3749 gsm_tty_driver->minor_start = 0;
3750 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3751 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
e1eaea46
AC		 3752 gsm_tty_driver->init_termios = tty_std_termios;
3753 /* Fixme */
3754 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3755 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3756
e1eaea46 3757 if (tty_register_driver(gsm_tty_driver)) {
5f9a31d6 3758 pr_err("gsm_init: tty registration failed.\n");
839e0f22
JS		 3759 status = -EBUSY;
3760 goto err_put_driver;
e1eaea46 3761 }
5f9a31d6
AC		 3762 pr_debug("gsm_init: loaded as %d,%d.\n",
3763 gsm_tty_driver->major, gsm_tty_driver->minor_start);
e1eaea46 3764 return 0;
839e0f22 3765err_put_driver:
9f90a4dd 3766 tty_driver_kref_put(gsm_tty_driver);
839e0f22 3767err_unreg_ldisc:
f81ee8b8 3768 tty_unregister_ldisc(&tty_ldisc_packet);
839e0f22 3769 return status;
e1eaea46
AC		 3770}
3771
3772static void __exit gsm_exit(void)
3773{
357a6a87 3774 tty_unregister_ldisc(&tty_ldisc_packet);
e1eaea46 3775 tty_unregister_driver(gsm_tty_driver);
9f90a4dd 3776 tty_driver_kref_put(gsm_tty_driver);
e1eaea46
AC		 3777}
3778
3779module_init(gsm_init);
3780module_exit(gsm_exit);
3781
3782
3783MODULE_LICENSE("GPL");
3784MODULE_ALIAS_LDISC(N_GSM0710);
Linux 6.x block layer and io_uring tree(s)