projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty: n_gsm: Fix SOF skipping
[linux-2.6-block.git] / drivers / tty / n_gsm.c
CommitLineData
e3b3d0f5 1// SPDX-License-Identifier: GPL-2.0
e1eaea46
AC		 2/*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
e1eaea46
AC		 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * TO DO:
9 * Mostly done: ioctls for setting modes/timing
5f9a31d6 10 * Partly done: hooks so you can pull off frames to non tty devs
e1eaea46 11 * Restart DLCI 0 when it closes ?
e1eaea46
AC		 12 * Improve the tx engine
13 * Resolve tx side locking by adding a queue_head and routing
14 * all control traffic via it
15 * General tidy/document
16 * Review the locking/move to refcounts more (mux now moved to an
17 * alloc/free model ready)
18 * Use newest tty open/close port helpers and install hooks
19 * What to do about power functions ?
20 * Termios setting and negotiation
21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
22 *
23 */
24
25#include <linux/types.h>
26#include <linux/major.h>
27#include <linux/errno.h>
28#include <linux/signal.h>
29#include <linux/fcntl.h>
174cd4b1 30#include <linux/sched/signal.h>
e1eaea46
AC		 31#include <linux/interrupt.h>
32#include <linux/tty.h>
e1eaea46
AC		 33#include <linux/ctype.h>
34#include <linux/mm.h>
35#include <linux/string.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/bitops.h>
39#include <linux/file.h>
40#include <linux/uaccess.h>
41#include <linux/module.h>
42#include <linux/timer.h>
43#include <linux/tty_flip.h>
44#include <linux/tty_driver.h>
45#include <linux/serial.h>
46#include <linux/kfifo.h>
47#include <linux/skbuff.h>
bcd5abe2
RG		 48#include <net/arp.h>
49#include <linux/ip.h>
50#include <linux/netdevice.h>
51#include <linux/etherdevice.h>
e1eaea46
AC		 52#include <linux/gsmmux.h>
53
54static int debug;
55module_param(debug, int, 0600);
56
a8d12007
AC		 57/* Defaults: these are from the specification */
58
59#define T1 10 /* 100mS */
60#define T2 34 /* 333mS */
61#define N2 3 /* Retry 3 times */
e1eaea46
AC		 62
63/* Use long timers for testing at low speed with debug on */
64#ifdef DEBUG_TIMING
a8d12007
AC		 65#define T1 100
66#define T2 200
e1eaea46
AC		 67#endif
68
5f9a31d6 69/*
25985edc 70 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
5f9a31d6
AC		 71 * limits so this is plenty
72 */
bcd5abe2
RG		 73#define MAX_MRU 1500
74#define MAX_MTU 1500
75#define GSM_NET_TX_TIMEOUT (HZ*10)
76
77/**
78 * struct gsm_mux_net - network interface
79 * @struct gsm_dlci* dlci
bcd5abe2
RG		 80 *
81 * Created when net interface is initialized.
82 **/
83struct gsm_mux_net {
84 struct kref ref;
85 struct gsm_dlci *dlci;
bcd5abe2
RG		 86};
87
e1eaea46
AC		 88/*
89 * Each block of data we have queued to go out is in the form of
25985edc 90 * a gsm_msg which holds everything we need in a link layer independent
e1eaea46
AC		 91 * format
92 */
93
94struct gsm_msg {
b4338e1e 95 struct list_head list;
e1eaea46
AC		 96 u8 addr; /* DLCI address + flags */
97 u8 ctrl; /* Control byte + flags */
98 unsigned int len; /* Length of data block (can be zero) */
99 unsigned char *data; /* Points into buffer but not at the start */
2f202d03 100 unsigned char buffer[];
e1eaea46
AC		 101};
102
72ae8cc1
JS		 103enum gsm_dlci_state {
104 DLCI_CLOSED,
105 DLCI_OPENING, /* Sending SABM not seen UA */
106 DLCI_OPEN, /* SABM/UA complete */
107 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
108};
109
e1785996
JS		 110enum gsm_dlci_mode {
111 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
112 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
113};
114
e1eaea46
AC		 115/*
116 * Each active data link has a gsm_dlci structure associated which ties
117 * the link layer to an optional tty (if the tty side is open). To avoid
118 * complexity right now these are only ever freed up when the mux is
119 * shut down.
120 *
121 * At the moment we don't free DLCI objects until the mux is torn down
122 * this avoid object life time issues but might be worth review later.
123 */
124
125struct gsm_dlci {
126 struct gsm_mux *gsm;
127 int addr;
72ae8cc1 128 enum gsm_dlci_state state;
bcd5abe2 129 struct mutex mutex;
e1eaea46
AC		 130
131 /* Link layer */
e1785996 132 enum gsm_dlci_mode mode;
e1eaea46
AC		 133 spinlock_t lock; /* Protects the internal state */
134 struct timer_list t1; /* Retransmit timer for SABM and UA */
135 int retries;
136 /* Uplink tty if active */
137 struct tty_port port; /* The tty bound to this DLCI if there is one */
036bca1f 138 struct kfifo fifo; /* Queue fifo for the DLCI */
e1eaea46 139 int adaption; /* Adaption layer in use */
bcd5abe2 140 int prev_adaption;
e1eaea46
AC		 141 u32 modem_rx; /* Our incoming virtual modem lines */
142 u32 modem_tx; /* Our outgoing modem lines */
5677fcf3 143 bool dead; /* Refuse re-open */
e1eaea46 144 /* Flow control */
e9360b9a 145 bool throttled; /* Private copy of throttle state */
7a9ed9c0 146 bool constipated; /* Throttle status for outgoing */
e1eaea46
AC		 147 /* Packetised I/O */
148 struct sk_buff *skb; /* Frame being sent */
149 struct sk_buff_head skb_list; /* Queued frames */
150 /* Data handling callback */
4feb7a4a
TL		 151 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
152 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
bcd5abe2 153 struct net_device *net; /* network interface, if created */
e1eaea46
AC		 154};
155
c33eecc7 156/* DLCI 0, 62/63 are special or reserved see gsmtty_open */
e1eaea46
AC		 157
158#define NUM_DLCI 64
159
160/*
161 * DLCI 0 is used to pass control blocks out of band of the data
162 * flow (and with a higher link priority). One command can be outstanding
163 * at a time and we use this structure to manage them. They are created
164 * and destroyed by the user context, and updated by the receive paths
165 * and timers
166 */
167
168struct gsm_control {
169 u8 cmd; /* Command we are issuing */
170 u8 *data; /* Data for the command in case we retransmit */
171 int len; /* Length of block for retransmission */
172 int done; /* Done flag */
173 int error; /* Error if any */
174};
175
329aa6e6
JS		 176enum gsm_mux_state {
177 GSM_SEARCH,
178 GSM_START,
179 GSM_ADDRESS,
180 GSM_CONTROL,
181 GSM_LEN,
182 GSM_DATA,
183 GSM_FCS,
184 GSM_OVERRUN,
185 GSM_LEN0,
186 GSM_LEN1,
187 GSM_SSOF,
188};
189
e1eaea46
AC		 190/*
191 * Each GSM mux we have is represented by this structure. If we are
192 * operating as an ldisc then we use this structure as our ldisc
193 * state. We need to sort out lifetimes and locking with respect
194 * to the gsm mux array. For now we don't free DLCI objects that
195 * have been instantiated until the mux itself is terminated.
196 *
197 * To consider further: tty open versus mux shutdown.
198 */
199
200struct gsm_mux {
201 struct tty_struct *tty; /* The tty our ldisc is bound to */
202 spinlock_t lock;
dfabf7ff 203 struct mutex mutex;
d50f6dca 204 unsigned int num;
6ab8fba7 205 struct kref ref;
e1eaea46
AC		 206
207 /* Events on the GSM channel */
208 wait_queue_head_t event;
209
210 /* Bits for GSM mode decoding */
211
212 /* Framing Layer */
213 unsigned char *buf;
329aa6e6 214 enum gsm_mux_state state;
e1eaea46
AC		 215 unsigned int len;
216 unsigned int address;
217 unsigned int count;
c50704bd 218 bool escape;
e1eaea46
AC		 219 int encoding;
220 u8 control;
221 u8 fcs;
c2f2f000 222 u8 received_fcs;
e1eaea46
AC		 223 u8 *txframe; /* TX framing buffer */
224
225 /* Methods for the receiver side */
226 void (*receive)(struct gsm_mux *gsm, u8 ch);
227 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
228 /* And transmit side */
229 int (*output)(struct gsm_mux *mux, u8 *data, int len);
230
231 /* Link Layer */
232 unsigned int mru;
233 unsigned int mtu;
234 int initiator; /* Did we initiate connection */
5677fcf3 235 bool dead; /* Has the mux been shut down */
e1eaea46 236 struct gsm_dlci *dlci[NUM_DLCI];
7a9ed9c0 237 bool constipated; /* Asked by remote to shut up */
e1eaea46
AC		 238
239 spinlock_t tx_lock;
240 unsigned int tx_bytes; /* TX data outstanding */
241#define TX_THRESH_HI 8192
242#define TX_THRESH_LO 2048
b4338e1e 243 struct list_head tx_list; /* Pending data packets */
e1eaea46
AC		 244
245 /* Control messages */
246 struct timer_list t2_timer; /* Retransmit timer for commands */
247 int cretries; /* Command retry counter */
248 struct gsm_control *pending_cmd;/* Our current pending command */
249 spinlock_t control_lock; /* Protects the pending command */
250
251 /* Configuration */
252 int adaption; /* 1 or 2 supported */
253 u8 ftype; /* UI or UIH */
254 int t1, t2; /* Timers in 1/100th of a sec */
255 int n2; /* Retry count */
256
257 /* Statistics (not currently exposed) */
258 unsigned long bad_fcs;
259 unsigned long malformed;
260 unsigned long io_error;
261 unsigned long bad_size;
262 unsigned long unsupported;
263};
264
265
266/*
267 * Mux objects - needed so that we can translate a tty index into the
268 * relevant mux and DLCI.
269 */
270
271#define MAX_MUX 4 /* 256 minors */
272static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
273static spinlock_t gsm_mux_lock;
274
d50f6dca
RG		 275static struct tty_driver *gsm_tty_driver;
276
e1eaea46
AC		 277/*
278 * This section of the driver logic implements the GSM encodings
279 * both the basic and the 'advanced'. Reliable transport is not
280 * supported.
281 */
282
283#define CR 0x02
284#define EA 0x01
285#define PF 0x10
286
287/* I is special: the rest are ..*/
288#define RR 0x01
289#define UI 0x03
290#define RNR 0x05
291#define REJ 0x09
292#define DM 0x0F
293#define SABM 0x2F
294#define DISC 0x43
295#define UA 0x63
296#define UIH 0xEF
297
298/* Channel commands */
299#define CMD_NSC 0x09
300#define CMD_TEST 0x11
301#define CMD_PSC 0x21
302#define CMD_RLS 0x29
303#define CMD_FCOFF 0x31
304#define CMD_PN 0x41
305#define CMD_RPN 0x49
306#define CMD_FCON 0x51
307#define CMD_CLD 0x61
308#define CMD_SNC 0x69
309#define CMD_MSC 0x71
310
311/* Virtual modem bits */
312#define MDM_FC 0x01
313#define MDM_RTC 0x02
314#define MDM_RTR 0x04
315#define MDM_IC 0x20
316#define MDM_DV 0x40
317
318#define GSM0_SOF 0xF9
5f9a31d6 319#define GSM1_SOF 0x7E
e1eaea46
AC		 320#define GSM1_ESCAPE 0x7D
321#define GSM1_ESCAPE_BITS 0x20
322#define XON 0x11
323#define XOFF 0x13
324
325static const struct tty_port_operations gsm_port_ops;
326
327/*
328 * CRC table for GSM 0710
329 */
330
331static const u8 gsm_fcs8[256] = {
332 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
333 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
334 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
335 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
336 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
337 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
338 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
339 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
340 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
341 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
342 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
343 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
344 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
345 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
346 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
347 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
348 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
349 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
350 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
351 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
352 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
353 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
354 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
355 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
356 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
357 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
358 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
359 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
360 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
361 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
362 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
363 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
364};
365
366#define INIT_FCS 0xFF
367#define GOOD_FCS 0xCF
368
369/**
370 * gsm_fcs_add - update FCS
371 * @fcs: Current FCS
372 * @c: Next data
373 *
374 * Update the FCS to include c. Uses the algorithm in the specification
375 * notes.
376 */
377
378static inline u8 gsm_fcs_add(u8 fcs, u8 c)
379{
380 return gsm_fcs8[fcs ^ c];
381}
382
383/**
384 * gsm_fcs_add_block - update FCS for a block
385 * @fcs: Current FCS
386 * @c: buffer of data
387 * @len: length of buffer
388 *
389 * Update the FCS to include c. Uses the algorithm in the specification
390 * notes.
391 */
392
393static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
394{
395 while (len--)
396 fcs = gsm_fcs8[fcs ^ *c++];
397 return fcs;
398}
399
400/**
401 * gsm_read_ea - read a byte into an EA
402 * @val: variable holding value
403 * c: byte going into the EA
404 *
405 * Processes one byte of an EA. Updates the passed variable
406 * and returns 1 if the EA is now completely read
407 */
408
409static int gsm_read_ea(unsigned int *val, u8 c)
410{
411 /* Add the next 7 bits into the value */
412 *val <<= 7;
413 *val |= c >> 1;
414 /* Was this the last byte of the EA 1 = yes*/
415 return c & EA;
416}
417
418/**
419 * gsm_encode_modem - encode modem data bits
420 * @dlci: DLCI to encode from
421 *
422 * Returns the correct GSM encoded modem status bits (6 bit field) for
423 * the current status of the DLCI and attached tty object
424 */
425
426static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
427{
428 u8 modembits = 0;
429 /* FC is true flow control not modem bits */
430 if (dlci->throttled)
431 modembits |= MDM_FC;
432 if (dlci->modem_tx & TIOCM_DTR)
433 modembits |= MDM_RTC;
434 if (dlci->modem_tx & TIOCM_RTS)
435 modembits |= MDM_RTR;
436 if (dlci->modem_tx & TIOCM_RI)
437 modembits |= MDM_IC;
438 if (dlci->modem_tx & TIOCM_CD)
439 modembits |= MDM_DV;
440 return modembits;
441}
442
443/**
444 * gsm_print_packet - display a frame for debug
445 * @hdr: header to print before decode
446 * @addr: address EA from the frame
447 * @cr: C/R bit from the frame
448 * @control: control including PF bit
449 * @data: following data bytes
450 * @dlen: length of data
451 *
452 * Displays a packet in human readable format for debugging purposes. The
453 * style is based on amateur radio LAP-B dump display.
454 */
455
456static void gsm_print_packet(const char *hdr, int addr, int cr,
457 u8 control, const u8 *data, int dlen)
458{
459 if (!(debug & 1))
460 return;
461
5f9a31d6 462 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
e1eaea46
AC		 463
464 switch (control & ~PF) {
465 case SABM:
5f9a31d6 466 pr_cont("SABM");
e1eaea46
AC		 467 break;
468 case UA:
5f9a31d6 469 pr_cont("UA");
e1eaea46
AC		 470 break;
471 case DISC:
5f9a31d6 472 pr_cont("DISC");
e1eaea46
AC		 473 break;
474 case DM:
5f9a31d6 475 pr_cont("DM");
e1eaea46
AC		 476 break;
477 case UI:
5f9a31d6 478 pr_cont("UI");
e1eaea46
AC		 479 break;
480 case UIH:
5f9a31d6 481 pr_cont("UIH");
e1eaea46
AC		 482 break;
483 default:
484 if (!(control & 0x01)) {
5f9a31d6 485 pr_cont("I N(S)%d N(R)%d",
47fdd641 486 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
e1eaea46 487 } else switch (control & 0x0F) {
5f9a31d6
AC		 488 case RR:
489 pr_cont("RR(%d)", (control & 0xE0) >> 5);
490 break;
491 case RNR:
492 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
493 break;
494 case REJ:
495 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
496 break;
497 default:
498 pr_cont("[%02X]", control);
e1eaea46
AC		 499 }
500 }
501
502 if (control & PF)
5f9a31d6 503 pr_cont("(P)");
e1eaea46 504 else
5f9a31d6 505 pr_cont("(F)");
e1eaea46 506
fe92c2a8
GC		 507 if (dlen)
508 print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen);
e1eaea46
AC		 509}
510
511
512/*
513 * Link level transmission side
514 */
515
516/**
517 * gsm_stuff_packet - bytestuff a packet
518 * @ibuf: input
519 * @obuf: output
520 * @len: length of input
521 *
522 * Expand a buffer by bytestuffing it. The worst case size change
523 * is doubling and the caller is responsible for handing out
524 * suitable sized buffers.
525 */
526
527static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
528{
529 int olen = 0;
530 while (len--) {
531 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
532 || *input == XON || *input == XOFF) {
533 *output++ = GSM1_ESCAPE;
534 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
535 olen++;
536 } else
537 *output++ = *input++;
538 olen++;
539 }
540 return olen;
541}
542
e1eaea46
AC		 543/**
544 * gsm_send - send a control frame
545 * @gsm: our GSM mux
546 * @addr: address for control frame
547 * @cr: command/response bit
548 * @control: control byte including PF bit
549 *
550 * Format up and transmit a control frame. These do not go via the
551 * queueing logic as they should be transmitted ahead of data when
552 * they are needed.
553 *
554 * FIXME: Lock versus data TX path
555 */
556
557static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
558{
559 int len;
560 u8 cbuf[10];
561 u8 ibuf[3];
562
563 switch (gsm->encoding) {
564 case 0:
565 cbuf[0] = GSM0_SOF;
566 cbuf[1] = (addr << 2) | (cr << 1) | EA;
567 cbuf[2] = control;
568 cbuf[3] = EA; /* Length of data = 0 */
569 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
570 cbuf[5] = GSM0_SOF;
571 len = 6;
572 break;
573 case 1:
574 case 2:
575 /* Control frame + packing (but not frame stuffing) in mode 1 */
576 ibuf[0] = (addr << 2) | (cr << 1) | EA;
577 ibuf[1] = control;
578 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
579 /* Stuffing may double the size worst case */
580 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
581 /* Now add the SOF markers */
582 cbuf[0] = GSM1_SOF;
583 cbuf[len + 1] = GSM1_SOF;
584 /* FIXME: we can omit the lead one in many cases */
585 len += 2;
586 break;
587 default:
588 WARN_ON(1);
589 return;
590 }
591 gsm->output(gsm, cbuf, len);
592 gsm_print_packet("-->", addr, cr, control, NULL, 0);
593}
594
595/**
596 * gsm_response - send a control response
597 * @gsm: our GSM mux
598 * @addr: address for control frame
599 * @control: control byte including PF bit
600 *
601 * Format up and transmit a link level response frame.
602 */
603
604static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
605{
606 gsm_send(gsm, addr, 0, control);
607}
608
609/**
610 * gsm_command - send a control command
611 * @gsm: our GSM mux
612 * @addr: address for control frame
613 * @control: control byte including PF bit
614 *
615 * Format up and transmit a link level command frame.
616 */
617
618static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
619{
620 gsm_send(gsm, addr, 1, control);
621}
622
623/* Data transmission */
624
625#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
626
627/**
628 * gsm_data_alloc - allocate data frame
629 * @gsm: GSM mux
630 * @addr: DLCI address
631 * @len: length excluding header and FCS
632 * @ctrl: control byte
633 *
634 * Allocate a new data buffer for sending frames with data. Space is left
635 * at the front for header bytes but that is treated as an implementation
636 * detail and not for the high level code to use
637 */
638
639static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
640 u8 ctrl)
641{
642 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
643 GFP_ATOMIC);
644 if (m == NULL)
645 return NULL;
646 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
647 m->len = len;
648 m->addr = addr;
649 m->ctrl = ctrl;
b4338e1e 650 INIT_LIST_HEAD(&m->list);
e1eaea46
AC		 651 return m;
652}
653
654/**
655 * gsm_data_kick - poke the queue
656 * @gsm: GSM Mux
657 *
658 * The tty device has called us to indicate that room has appeared in
659 * the transmit queue. Ram more data into the pipe if we have any
c01af4fe
FB		 660 * If we have been flow-stopped by a CMD_FCOFF, then we can only
661 * send messages on DLCI0 until CMD_FCON
e1eaea46
AC		 662 *
663 * FIXME: lock against link layer control transmissions
664 */
665
666static void gsm_data_kick(struct gsm_mux *gsm)
667{
b4338e1e 668 struct gsm_msg *msg, *nmsg;
e1eaea46 669 int len;
e1eaea46 670
b4338e1e
RG		 671 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
672 if (gsm->constipated && msg->addr)
c01af4fe 673 continue;
e1eaea46
AC		 674 if (gsm->encoding != 0) {
675 gsm->txframe[0] = GSM1_SOF;
676 len = gsm_stuff_frame(msg->data,
677 gsm->txframe + 1, msg->len);
678 gsm->txframe[len + 1] = GSM1_SOF;
679 len += 2;
680 } else {
681 gsm->txframe[0] = GSM0_SOF;
682 memcpy(gsm->txframe + 1 , msg->data, msg->len);
683 gsm->txframe[msg->len + 1] = GSM0_SOF;
684 len = msg->len + 2;
685 }
686
0a77c4f9
JP		 687 if (debug & 4)
688 print_hex_dump_bytes("gsm_data_kick: ",
689 DUMP_PREFIX_OFFSET,
690 gsm->txframe, len);
84d6f81c 691 if (gsm->output(gsm, gsm->txframe, len) < 0)
e1eaea46
AC		 692 break;
693 /* FIXME: Can eliminate one SOF in many more cases */
e1eaea46 694 gsm->tx_bytes -= msg->len;
c01af4fe 695
b4338e1e
RG		 696 list_del(&msg->list);
697 kfree(msg);
e1eaea46
AC		 698 }
699}
700
701/**
702 * __gsm_data_queue - queue a UI or UIH frame
703 * @dlci: DLCI sending the data
704 * @msg: message queued
705 *
706 * Add data to the transmit queue and try and get stuff moving
707 * out of the mux tty if not already doing so. The Caller must hold
708 * the gsm tx lock.
709 */
710
711static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
712{
713 struct gsm_mux *gsm = dlci->gsm;
714 u8 *dp = msg->data;
715 u8 *fcs = dp + msg->len;
716
717 /* Fill in the header */
718 if (gsm->encoding == 0) {
719 if (msg->len < 128)
720 *--dp = (msg->len << 1) | EA;
721 else {
be7a7411
KM		 722 *--dp = (msg->len >> 7); /* bits 7 - 15 */
723 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
e1eaea46
AC		 724 }
725 }
726
727 *--dp = msg->ctrl;
728 if (gsm->initiator)
729 *--dp = (msg->addr << 2) | 2 | EA;
730 else
731 *--dp = (msg->addr << 2) | EA;
732 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
733 /* Ugly protocol layering violation */
734 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
735 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
736 *fcs = 0xFF - *fcs;
737
738 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
739 msg->data, msg->len);
740
741 /* Move the header back and adjust the length, also allow for the FCS
742 now tacked on the end */
743 msg->len += (msg->data - dp) + 1;
744 msg->data = dp;
745
746 /* Add to the actual output queue */
b4338e1e 747 list_add_tail(&msg->list, &gsm->tx_list);
e1eaea46
AC		 748 gsm->tx_bytes += msg->len;
749 gsm_data_kick(gsm);
750}
751
752/**
753 * gsm_data_queue - queue a UI or UIH frame
754 * @dlci: DLCI sending the data
755 * @msg: message queued
756 *
757 * Add data to the transmit queue and try and get stuff moving
758 * out of the mux tty if not already doing so. Take the
759 * the gsm tx lock and dlci lock.
760 */
761
762static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
763{
764 unsigned long flags;
765 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
766 __gsm_data_queue(dlci, msg);
767 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
768}
769
770/**
771 * gsm_dlci_data_output - try and push data out of a DLCI
772 * @gsm: mux
773 * @dlci: the DLCI to pull data from
774 *
775 * Pull data from a DLCI and send it into the transmit queue if there
776 * is data. Keep to the MRU of the mux. This path handles the usual tty
777 * interface which is a byte stream with optional modem data.
778 *
779 * Caller must hold the tx_lock of the mux.
780 */
781
782static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
783{
784 struct gsm_msg *msg;
785 u8 *dp;
268e526b 786 int len, total_size, size;
e1eaea46
AC		 787 int h = dlci->adaption - 1;
788
268e526b 789 total_size = 0;
f3c909b4 790 while (1) {
036bca1f 791 len = kfifo_len(&dlci->fifo);
268e526b
MK		 792 if (len == 0)
793 return total_size;
794
795 /* MTU/MRU count only the data bits */
796 if (len > gsm->mtu)
797 len = gsm->mtu;
798
799 size = len + h;
800
801 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
802 /* FIXME: need a timer or something to kick this so it can't
803 get stuck with no work outstanding and no buffer free */
804 if (msg == NULL)
805 return -ENOMEM;
806 dp = msg->data;
807 switch (dlci->adaption) {
808 case 1: /* Unstructured */
809 break;
f3c909b4
AI		 810 case 2: /* Unstructed with modem bits.
811 Always one byte as we never send inline break data */
268e526b
MK		 812 *dp++ = gsm_encode_modem(dlci);
813 break;
814 }
036bca1f 815 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len);
268e526b
MK		 816 __gsm_data_queue(dlci, msg);
817 total_size += size;
e1eaea46 818 }
e1eaea46 819 /* Bytes of data we used up */
268e526b 820 return total_size;
e1eaea46
AC		 821}
822
823/**
824 * gsm_dlci_data_output_framed - try and push data out of a DLCI
825 * @gsm: mux
826 * @dlci: the DLCI to pull data from
827 *
828 * Pull data from a DLCI and send it into the transmit queue if there
829 * is data. Keep to the MRU of the mux. This path handles framed data
830 * queued as skbuffs to the DLCI.
831 *
832 * Caller must hold the tx_lock of the mux.
833 */
834
835static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
836 struct gsm_dlci *dlci)
837{
838 struct gsm_msg *msg;
839 u8 *dp;
840 int len, size;
841 int last = 0, first = 0;
842 int overhead = 0;
843
844 /* One byte per frame is used for B/F flags */
845 if (dlci->adaption == 4)
846 overhead = 1;
847
848 /* dlci->skb is locked by tx_lock */
849 if (dlci->skb == NULL) {
88ed2a60 850 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
e1eaea46
AC		 851 if (dlci->skb == NULL)
852 return 0;
853 first = 1;
854 }
855 len = dlci->skb->len + overhead;
856
857 /* MTU/MRU count only the data bits */
858 if (len > gsm->mtu) {
859 if (dlci->adaption == 3) {
860 /* Over long frame, bin it */
329e5678 861 dev_kfree_skb_any(dlci->skb);
e1eaea46
AC		 862 dlci->skb = NULL;
863 return 0;
864 }
865 len = gsm->mtu;
866 } else
867 last = 1;
868
869 size = len + overhead;
870 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
871
872 /* FIXME: need a timer or something to kick this so it can't
873 get stuck with no work outstanding and no buffer free */
88ed2a60
RG		 874 if (msg == NULL) {
875 skb_queue_tail(&dlci->skb_list, dlci->skb);
876 dlci->skb = NULL;
e1eaea46 877 return -ENOMEM;
88ed2a60 878 }
e1eaea46
AC		 879 dp = msg->data;
880
881 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
882 /* Flag byte to carry the start/end info */
883 *dp++ = last << 7 | first << 6 | 1; /* EA */
884 len--;
885 }
57f2104f
RG		 886 memcpy(dp, dlci->skb->data, len);
887 skb_pull(dlci->skb, len);
e1eaea46 888 __gsm_data_queue(dlci, msg);
bcd5abe2 889 if (last) {
329e5678 890 dev_kfree_skb_any(dlci->skb);
e1eaea46 891 dlci->skb = NULL;
bcd5abe2 892 }
e1eaea46
AC		 893 return size;
894}
895
896/**
897 * gsm_dlci_data_sweep - look for data to send
898 * @gsm: the GSM mux
899 *
900 * Sweep the GSM mux channels in priority order looking for ones with
901 * data to send. We could do with optimising this scan a bit. We aim
902 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
903 * TX_THRESH_LO we get called again
904 *
905 * FIXME: We should round robin between groups and in theory you can
906 * renegotiate DLCI priorities with optional stuff. Needs optimising.
907 */
908
909static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
910{
911 int len;
912 /* Priority ordering: We should do priority with RR of the groups */
913 int i = 1;
e1eaea46 914
e1eaea46
AC		 915 while (i < NUM_DLCI) {
916 struct gsm_dlci *dlci;
917
918 if (gsm->tx_bytes > TX_THRESH_HI)
919 break;
920 dlci = gsm->dlci[i];
921 if (dlci == NULL || dlci->constipated) {
922 i++;
923 continue;
924 }
bcd5abe2 925 if (dlci->adaption < 3 && !dlci->net)
e1eaea46
AC		 926 len = gsm_dlci_data_output(gsm, dlci);
927 else
928 len = gsm_dlci_data_output_framed(gsm, dlci);
929 if (len < 0)
e73790a5 930 break;
e1eaea46
AC		 931 /* DLCI empty - try the next */
932 if (len == 0)
933 i++;
934 }
e1eaea46
AC		 935}
936
937/**
938 * gsm_dlci_data_kick - transmit if possible
939 * @dlci: DLCI to kick
940 *
941 * Transmit data from this DLCI if the queue is empty. We can't rely on
942 * a tty wakeup except when we filled the pipe so we need to fire off
943 * new data ourselves in other cases.
944 */
945
946static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
947{
948 unsigned long flags;
192b6041 949 int sweep;
e1eaea46 950
f3c909b4 951 if (dlci->constipated)
c01af4fe 952 return;
c01af4fe 953
e1eaea46
AC		 954 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
955 /* If we have nothing running then we need to fire up */
192b6041 956 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
bcd5abe2
RG		 957 if (dlci->gsm->tx_bytes == 0) {
958 if (dlci->net)
959 gsm_dlci_data_output_framed(dlci->gsm, dlci);
960 else
961 gsm_dlci_data_output(dlci->gsm, dlci);
192b6041
RG		 962 }
963 if (sweep)
f3c909b4 964 gsm_dlci_data_sweep(dlci->gsm);
e1eaea46
AC		 965 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
966}
967
968/*
969 * Control message processing
970 */
971
972
973/**
974 * gsm_control_reply - send a response frame to a control
975 * @gsm: gsm channel
976 * @cmd: the command to use
977 * @data: data to follow encoded info
978 * @dlen: length of data
979 *
980 * Encode up and queue a UI/UIH frame containing our response.
981 */
982
4feb7a4a 983static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
e1eaea46
AC		 984 int dlen)
985{
986 struct gsm_msg *msg;
987 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
093d8046
KM		 988 if (msg == NULL)
989 return;
e1eaea46
AC		 990 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
991 msg->data[1] = (dlen << 1) | EA;
992 memcpy(msg->data + 2, data, dlen);
993 gsm_data_queue(gsm->dlci[0], msg);
994}
995
996/**
997 * gsm_process_modem - process received modem status
998 * @tty: virtual tty bound to the DLCI
999 * @dlci: DLCI to affect
1000 * @modem: modem bits (full EA)
1001 *
1002 * Used when a modem control message or line state inline in adaption
1003 * layer 2 is processed. Sort out the local modem state and throttles
1004 */
1005
1006static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
7263287a 1007 u32 modem, int clen)
e1eaea46
AC		 1008{
1009 int mlines = 0;
7263287a 1010 u8 brk = 0;
c01af4fe 1011 int fc;
7263287a
RG		 1012
1013 /* The modem status command can either contain one octet (v.24 signals)
1014 or two octets (v.24 signals + break signals). The length field will
1015 either be 2 or 3 respectively. This is specified in section
1016 5.4.6.3.7 of the 27.010 mux spec. */
1017
1018 if (clen == 2)
1019 modem = modem & 0x7f;
1020 else {
1021 brk = modem & 0x7f;
1022 modem = (modem >> 7) & 0x7f;
c01af4fe 1023 }
e1eaea46
AC		 1024
1025 /* Flow control/ready to communicate */
c01af4fe
FB		 1026 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1027 if (fc && !dlci->constipated) {
e1eaea46 1028 /* Need to throttle our output on this device */
7a9ed9c0 1029 dlci->constipated = true;
c01af4fe 1030 } else if (!fc && dlci->constipated) {
7a9ed9c0 1031 dlci->constipated = false;
e1eaea46
AC		 1032 gsm_dlci_data_kick(dlci);
1033 }
c01af4fe 1034
e1eaea46 1035 /* Map modem bits */
c01af4fe
FB		 1036 if (modem & MDM_RTC)
1037 mlines |= TIOCM_DSR | TIOCM_DTR;
e1eaea46
AC		 1038 if (modem & MDM_RTR)
1039 mlines |= TIOCM_RTS | TIOCM_CTS;
1040 if (modem & MDM_IC)
1041 mlines |= TIOCM_RI;
1042 if (modem & MDM_DV)
1043 mlines |= TIOCM_CD;
1044
1045 /* Carrier drop -> hangup */
1046 if (tty) {
1047 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
9db276f8 1048 if (!C_CLOCAL(tty))
e1eaea46 1049 tty_hangup(tty);
e1eaea46 1050 }
92a19f9c
JS		 1051 if (brk & 0x01)
1052 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
e1eaea46
AC		 1053 dlci->modem_rx = mlines;
1054}
1055
1056/**
1057 * gsm_control_modem - modem status received
1058 * @gsm: GSM channel
1059 * @data: data following command
1060 * @clen: command length
1061 *
1062 * We have received a modem status control message. This is used by
1063 * the GSM mux protocol to pass virtual modem line status and optionally
1064 * to indicate break signals. Unpack it, convert to Linux representation
1065 * and if need be stuff a break message down the tty.
1066 */
1067
4feb7a4a 1068static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46
AC		 1069{
1070 unsigned int addr = 0;
1071 unsigned int modem = 0;
3ac06b90 1072 unsigned int brk = 0;
e1eaea46
AC		 1073 struct gsm_dlci *dlci;
1074 int len = clen;
4feb7a4a 1075 const u8 *dp = data;
e1eaea46
AC		 1076 struct tty_struct *tty;
1077
1078 while (gsm_read_ea(&addr, *dp++) == 0) {
1079 len--;
1080 if (len == 0)
1081 return;
1082 }
1083 /* Must be at least one byte following the EA */
1084 len--;
1085 if (len <= 0)
1086 return;
1087
1088 addr >>= 1;
1089 /* Closed port, or invalid ? */
1090 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1091 return;
1092 dlci = gsm->dlci[addr];
1093
1094 while (gsm_read_ea(&modem, *dp++) == 0) {
1095 len--;
1096 if (len == 0)
1097 return;
1098 }
3ac06b90
LP		 1099 len--;
1100 if (len > 0) {
1101 while (gsm_read_ea(&brk, *dp++) == 0) {
1102 len--;
1103 if (len == 0)
1104 return;
1105 }
1106 modem <<= 7;
1107 modem |= (brk & 0x7f);
1108 }
e1eaea46 1109 tty = tty_port_tty_get(&dlci->port);
7263287a 1110 gsm_process_modem(tty, dlci, modem, clen);
e1eaea46
AC		 1111 if (tty) {
1112 tty_wakeup(tty);
1113 tty_kref_put(tty);
1114 }
1115 gsm_control_reply(gsm, CMD_MSC, data, clen);
1116}
1117
1118/**
1119 * gsm_control_rls - remote line status
1120 * @gsm: GSM channel
1121 * @data: data bytes
1122 * @clen: data length
1123 *
1124 * The modem sends us a two byte message on the control channel whenever
1125 * it wishes to send us an error state from the virtual link. Stuff
1126 * this into the uplink tty if present
1127 */
1128
4feb7a4a 1129static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46 1130{
92a19f9c 1131 struct tty_port *port;
f3c909b4 1132 unsigned int addr = 0;
e1eaea46
AC		 1133 u8 bits;
1134 int len = clen;
4feb7a4a 1135 const u8 *dp = data;
e1eaea46
AC		 1136
1137 while (gsm_read_ea(&addr, *dp++) == 0) {
1138 len--;
1139 if (len == 0)
1140 return;
1141 }
1142 /* Must be at least one byte following ea */
1143 len--;
1144 if (len <= 0)
1145 return;
1146 addr >>= 1;
1147 /* Closed port, or invalid ? */
1148 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1149 return;
1150 /* No error ? */
1151 bits = *dp;
1152 if ((bits & 1) == 0)
1153 return;
e1eaea46 1154
92a19f9c
JS		 1155 port = &gsm->dlci[addr]->port;
1156
1157 if (bits & 2)
1158 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1159 if (bits & 4)
1160 tty_insert_flip_char(port, 0, TTY_PARITY);
1161 if (bits & 8)
1162 tty_insert_flip_char(port, 0, TTY_FRAME);
1163
2e124b4a
JS		 1164 tty_flip_buffer_push(port);
1165
e1eaea46
AC		 1166 gsm_control_reply(gsm, CMD_RLS, data, clen);
1167}
1168
1169static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1170
1171/**
1172 * gsm_control_message - DLCI 0 control processing
1173 * @gsm: our GSM mux
1174 * @command: the command EA
1175 * @data: data beyond the command/length EAs
1176 * @clen: length
1177 *
1178 * Input processor for control messages from the other end of the link.
1179 * Processes the incoming request and queues a response frame or an
1180 * NSC response if not supported
1181 */
1182
1183static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1184 const u8 *data, int clen)
e1eaea46
AC		 1185{
1186 u8 buf[1];
5e44708f
RG		 1187 unsigned long flags;
1188
e1eaea46
AC		 1189 switch (command) {
1190 case CMD_CLD: {
1191 struct gsm_dlci *dlci = gsm->dlci[0];
1192 /* Modem wishes to close down */
1193 if (dlci) {
5677fcf3
JS		 1194 dlci->dead = true;
1195 gsm->dead = true;
e1eaea46
AC		 1196 gsm_dlci_begin_close(dlci);
1197 }
1198 }
1199 break;
1200 case CMD_TEST:
1201 /* Modem wishes to test, reply with the data */
1202 gsm_control_reply(gsm, CMD_TEST, data, clen);
1203 break;
1204 case CMD_FCON:
e1eaea46 1205 /* Modem can accept data again */
7a9ed9c0 1206 gsm->constipated = false;
c01af4fe 1207 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
e1eaea46 1208 /* Kick the link in case it is idling */
5e44708f 1209 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 1210 gsm_data_kick(gsm);
5e44708f 1211 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46 1212 break;
c01af4fe
FB		 1213 case CMD_FCOFF:
1214 /* Modem wants us to STFU */
7a9ed9c0 1215 gsm->constipated = true;
c01af4fe
FB		 1216 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1217 break;
e1eaea46
AC		 1218 case CMD_MSC:
1219 /* Out of band modem line change indicator for a DLCI */
1220 gsm_control_modem(gsm, data, clen);
1221 break;
1222 case CMD_RLS:
1223 /* Out of band error reception for a DLCI */
1224 gsm_control_rls(gsm, data, clen);
1225 break;
1226 case CMD_PSC:
1227 /* Modem wishes to enter power saving state */
1228 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1229 break;
1230 /* Optional unsupported commands */
1231 case CMD_PN: /* Parameter negotiation */
25985edc
LDM		 1232 case CMD_RPN: /* Remote port negotiation */
1233 case CMD_SNC: /* Service negotiation command */
e1eaea46
AC		 1234 default:
1235 /* Reply to bad commands with an NSC */
1236 buf[0] = command;
1237 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1238 break;
1239 }
1240}
1241
1242/**
1243 * gsm_control_response - process a response to our control
1244 * @gsm: our GSM mux
1245 * @command: the command (response) EA
1246 * @data: data beyond the command/length EA
1247 * @clen: length
1248 *
1249 * Process a response to an outstanding command. We only allow a single
1250 * control message in flight so this is fairly easy. All the clean up
1251 * is done by the caller, we just update the fields, flag it as done
1252 * and return
1253 */
1254
1255static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1256 const u8 *data, int clen)
e1eaea46
AC		 1257{
1258 struct gsm_control *ctrl;
1259 unsigned long flags;
1260
1261 spin_lock_irqsave(&gsm->control_lock, flags);
1262
1263 ctrl = gsm->pending_cmd;
1264 /* Does the reply match our command */
1265 command |= 1;
1266 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1267 /* Our command was replied to, kill the retry timer */
1268 del_timer(&gsm->t2_timer);
1269 gsm->pending_cmd = NULL;
1270 /* Rejected by the other end */
1271 if (command == CMD_NSC)
1272 ctrl->error = -EOPNOTSUPP;
1273 ctrl->done = 1;
1274 wake_up(&gsm->event);
1275 }
1276 spin_unlock_irqrestore(&gsm->control_lock, flags);
1277}
1278
1279/**
5f9a31d6 1280 * gsm_control_transmit - send control packet
e1eaea46
AC		 1281 * @gsm: gsm mux
1282 * @ctrl: frame to send
1283 *
1284 * Send out a pending control command (called under control lock)
1285 */
1286
1287static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1288{
ed43b47b 1289 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
e1eaea46
AC		 1290 if (msg == NULL)
1291 return;
1292 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1293 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1294 gsm_data_queue(gsm->dlci[0], msg);
1295}
1296
1297/**
1298 * gsm_control_retransmit - retransmit a control frame
1299 * @data: pointer to our gsm object
1300 *
1301 * Called off the T2 timer expiry in order to retransmit control frames
1302 * that have been lost in the system somewhere. The control_lock protects
1303 * us from colliding with another sender or a receive completion event.
1304 * In that situation the timer may still occur in a small window but
1305 * gsm->pending_cmd will be NULL and we just let the timer expire.
1306 */
1307
e99e88a9 1308static void gsm_control_retransmit(struct timer_list *t)
e1eaea46 1309{
e99e88a9 1310 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
e1eaea46
AC		 1311 struct gsm_control *ctrl;
1312 unsigned long flags;
1313 spin_lock_irqsave(&gsm->control_lock, flags);
1314 ctrl = gsm->pending_cmd;
1315 if (ctrl) {
1316 gsm->cretries--;
1317 if (gsm->cretries == 0) {
1318 gsm->pending_cmd = NULL;
1319 ctrl->error = -ETIMEDOUT;
1320 ctrl->done = 1;
1321 spin_unlock_irqrestore(&gsm->control_lock, flags);
1322 wake_up(&gsm->event);
1323 return;
1324 }
1325 gsm_control_transmit(gsm, ctrl);
1326 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1327 }
1328 spin_unlock_irqrestore(&gsm->control_lock, flags);
1329}
1330
1331/**
1332 * gsm_control_send - send a control frame on DLCI 0
1333 * @gsm: the GSM channel
1334 * @command: command to send including CR bit
1335 * @data: bytes of data (must be kmalloced)
1336 * @len: length of the block to send
1337 *
1338 * Queue and dispatch a control command. Only one command can be
1339 * active at a time. In theory more can be outstanding but the matching
1340 * gets really complicated so for now stick to one outstanding.
1341 */
1342
1343static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1344 unsigned int command, u8 *data, int clen)
1345{
1346 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1347 GFP_KERNEL);
1348 unsigned long flags;
1349 if (ctrl == NULL)
1350 return NULL;
1351retry:
1352 wait_event(gsm->event, gsm->pending_cmd == NULL);
1353 spin_lock_irqsave(&gsm->control_lock, flags);
1354 if (gsm->pending_cmd != NULL) {
1355 spin_unlock_irqrestore(&gsm->control_lock, flags);
1356 goto retry;
1357 }
1358 ctrl->cmd = command;
1359 ctrl->data = data;
1360 ctrl->len = clen;
1361 gsm->pending_cmd = ctrl;
e9ec2254
TL		 1362
1363 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1364 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1365 gsm->cretries = 1;
1366 else
1367 gsm->cretries = gsm->n2;
1368
e1eaea46
AC		 1369 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1370 gsm_control_transmit(gsm, ctrl);
1371 spin_unlock_irqrestore(&gsm->control_lock, flags);
1372 return ctrl;
1373}
1374
1375/**
1376 * gsm_control_wait - wait for a control to finish
1377 * @gsm: GSM mux
1378 * @control: control we are waiting on
1379 *
1380 * Waits for the control to complete or time out. Frees any used
1381 * resources and returns 0 for success, or an error if the remote
1382 * rejected or ignored the request.
1383 */
1384
1385static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1386{
1387 int err;
1388 wait_event(gsm->event, control->done == 1);
1389 err = control->error;
1390 kfree(control);
1391 return err;
1392}
1393
1394
1395/*
1396 * DLCI level handling: Needs krefs
1397 */
1398
1399/*
1400 * State transitions and timers
1401 */
1402
1403/**
1404 * gsm_dlci_close - a DLCI has closed
1405 * @dlci: DLCI that closed
1406 *
1407 * Perform processing when moving a DLCI into closed state. If there
1408 * is an attached tty this is hung up
1409 */
1410
1411static void gsm_dlci_close(struct gsm_dlci *dlci)
1412{
1413 del_timer(&dlci->t1);
1414 if (debug & 8)
5f9a31d6 1415 pr_debug("DLCI %d goes closed.\n", dlci->addr);
e1eaea46
AC		 1416 dlci->state = DLCI_CLOSED;
1417 if (dlci->addr != 0) {
aa27a094 1418 tty_port_tty_hangup(&dlci->port, false);
036bca1f 1419 kfifo_reset(&dlci->fifo);
e1eaea46 1420 } else
5677fcf3 1421 dlci->gsm->dead = true;
e1eaea46
AC		 1422 wake_up(&dlci->gsm->event);
1423 /* A DLCI 0 close is a MUX termination so we need to kick that
1424 back to userspace somehow */
1425}
1426
1427/**
1428 * gsm_dlci_open - a DLCI has opened
1429 * @dlci: DLCI that opened
1430 *
1431 * Perform processing when moving a DLCI into open state.
1432 */
1433
1434static void gsm_dlci_open(struct gsm_dlci *dlci)
1435{
1436 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1437 open -> open */
1438 del_timer(&dlci->t1);
1439 /* This will let a tty open continue */
1440 dlci->state = DLCI_OPEN;
1441 if (debug & 8)
5f9a31d6 1442 pr_debug("DLCI %d goes open.\n", dlci->addr);
e1eaea46
AC		 1443 wake_up(&dlci->gsm->event);
1444}
1445
1446/**
1447 * gsm_dlci_t1 - T1 timer expiry
1448 * @dlci: DLCI that opened
1449 *
1450 * The T1 timer handles retransmits of control frames (essentially of
1451 * SABM and DISC). We resend the command until the retry count runs out
1452 * in which case an opening port goes back to closed and a closing port
1453 * is simply put into closed state (any further frames from the other
1454 * end will get a DM response)
ea3d8465
TL		 1455 *
1456 * Some control dlci can stay in ADM mode with other dlci working just
1457 * fine. In that case we can just keep the control dlci open after the
1458 * DLCI_OPENING retries time out.
e1eaea46
AC		 1459 */
1460
e99e88a9 1461static void gsm_dlci_t1(struct timer_list *t)
e1eaea46 1462{
e99e88a9 1463 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
e1eaea46
AC		 1464 struct gsm_mux *gsm = dlci->gsm;
1465
1466 switch (dlci->state) {
1467 case DLCI_OPENING:
1468 dlci->retries--;
1469 if (dlci->retries) {
1470 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1471 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
ea3d8465
TL		 1472 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1473 if (debug & 8)
1474 pr_info("DLCI %d opening in ADM mode.\n",
1475 dlci->addr);
e9ec2254 1476 dlci->mode = DLCI_MODE_ADM;
ea3d8465
TL		 1477 gsm_dlci_open(dlci);
1478 } else {
e1eaea46 1479 gsm_dlci_close(dlci);
ea3d8465
TL		 1480 }
1481
e1eaea46
AC		 1482 break;
1483 case DLCI_CLOSING:
1484 dlci->retries--;
1485 if (dlci->retries) {
1486 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1487 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1488 } else
1489 gsm_dlci_close(dlci);
1490 break;
72ae8cc1
JS		 1491 default:
1492 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1493 break;
e1eaea46
AC		 1494 }
1495}
1496
1497/**
1498 * gsm_dlci_begin_open - start channel open procedure
1499 * @dlci: DLCI to open
1500 *
1501 * Commence opening a DLCI from the Linux side. We issue SABM messages
ea3d8465
TL		 1502 * to the modem which should then reply with a UA or ADM, at which point
1503 * we will move into open state. Opening is done asynchronously with retry
e1eaea46
AC		 1504 * running off timers and the responses.
1505 */
1506
1507static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1508{
1509 struct gsm_mux *gsm = dlci->gsm;
1510 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1511 return;
1512 dlci->retries = gsm->n2;
1513 dlci->state = DLCI_OPENING;
1514 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1515 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1516}
1517
1518/**
1519 * gsm_dlci_begin_close - start channel open procedure
1520 * @dlci: DLCI to open
1521 *
1522 * Commence closing a DLCI from the Linux side. We issue DISC messages
1523 * to the modem which should then reply with a UA, at which point we
1524 * will move into closed state. Closing is done asynchronously with retry
1525 * off timers. We may also receive a DM reply from the other end which
1526 * indicates the channel was already closed.
1527 */
1528
1529static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1530{
1531 struct gsm_mux *gsm = dlci->gsm;
1532 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1533 return;
1534 dlci->retries = gsm->n2;
1535 dlci->state = DLCI_CLOSING;
1536 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1537 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1538}
1539
1540/**
1541 * gsm_dlci_data - data arrived
1542 * @dlci: channel
1543 * @data: block of bytes received
1544 * @len: length of received block
1545 *
1546 * A UI or UIH frame has arrived which contains data for a channel
1547 * other than the control channel. If the relevant virtual tty is
1548 * open we shovel the bits down it, if not we drop them.
1549 */
1550
4feb7a4a 1551static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
e1eaea46
AC		 1552{
1553 /* krefs .. */
1554 struct tty_port *port = &dlci->port;
2e124b4a 1555 struct tty_struct *tty;
e1eaea46 1556 unsigned int modem = 0;
7263287a 1557 int len = clen;
e1eaea46
AC		 1558
1559 if (debug & 16)
2e124b4a
JS		 1560 pr_debug("%d bytes for tty\n", len);
1561 switch (dlci->adaption) {
1562 /* Unsupported types */
3e913eeb 1563 case 4: /* Packetised interruptible data */
2e124b4a 1564 break;
3e913eeb 1565 case 3: /* Packetised uininterruptible voice/data */
2e124b4a 1566 break;
3e913eeb 1567 case 2: /* Asynchronous serial with line state in each frame */
2e124b4a
JS		 1568 while (gsm_read_ea(&modem, *data++) == 0) {
1569 len--;
1570 if (len == 0)
1571 return;
1572 }
1573 tty = tty_port_tty_get(port);
1574 if (tty) {
7263287a 1575 gsm_process_modem(tty, dlci, modem, clen);
2e124b4a 1576 tty_kref_put(tty);
e1eaea46 1577 }
3e913eeb
GS		 1578 /* Fall through */
1579 case 1: /* Line state will go via DLCI 0 controls only */
2e124b4a
JS		 1580 default:
1581 tty_insert_flip_string(port, data, len);
1582 tty_flip_buffer_push(port);
e1eaea46
AC		 1583 }
1584}
1585
1586/**
1587 * gsm_dlci_control - data arrived on control channel
1588 * @dlci: channel
1589 * @data: block of bytes received
1590 * @len: length of received block
1591 *
1592 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1593 * control channel. This should contain a command EA followed by
1594 * control data bytes. The command EA contains a command/response bit
1595 * and we divide up the work accordingly.
1596 */
1597
4feb7a4a 1598static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
e1eaea46
AC		 1599{
1600 /* See what command is involved */
1601 unsigned int command = 0;
1602 while (len-- > 0) {
1603 if (gsm_read_ea(&command, *data++) == 1) {
1604 int clen = *data++;
1605 len--;
1606 /* FIXME: this is properly an EA */
1607 clen >>= 1;
1608 /* Malformed command ? */
1609 if (clen > len)
1610 return;
1611 if (command & 1)
1612 gsm_control_message(dlci->gsm, command,
1613 data, clen);
1614 else
1615 gsm_control_response(dlci->gsm, command,
1616 data, clen);
1617 return;
1618 }
1619 }
1620}
1621
1622/*
1623 * Allocate/Free DLCI channels
1624 */
1625
1626/**
1627 * gsm_dlci_alloc - allocate a DLCI
1628 * @gsm: GSM mux
1629 * @addr: address of the DLCI
1630 *
1631 * Allocate and install a new DLCI object into the GSM mux.
1632 *
1633 * FIXME: review locking races
1634 */
1635
1636static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1637{
1638 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1639 if (dlci == NULL)
1640 return NULL;
1641 spin_lock_init(&dlci->lock);
bcd5abe2 1642 mutex_init(&dlci->mutex);
036bca1f 1643 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
e1eaea46
AC		 1644 kfree(dlci);
1645 return NULL;
1646 }
1647
1648 skb_queue_head_init(&dlci->skb_list);
e99e88a9 1649 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
e1eaea46
AC		 1650 tty_port_init(&dlci->port);
1651 dlci->port.ops = &gsm_port_ops;
1652 dlci->gsm = gsm;
1653 dlci->addr = addr;
1654 dlci->adaption = gsm->adaption;
1655 dlci->state = DLCI_CLOSED;
1656 if (addr)
1657 dlci->data = gsm_dlci_data;
1658 else
1659 dlci->data = gsm_dlci_command;
1660 gsm->dlci[addr] = dlci;
1661 return dlci;
1662}
1663
1664/**
6ab8fba7
RG		 1665 * gsm_dlci_free - free DLCI
1666 * @dlci: DLCI to free
1667 *
1668 * Free up a DLCI.
1669 *
1670 * Can sleep.
1671 */
9a8e62bc 1672static void gsm_dlci_free(struct tty_port *port)
6ab8fba7 1673{
9a8e62bc 1674 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
6ab8fba7
RG		 1675
1676 del_timer_sync(&dlci->t1);
1677 dlci->gsm->dlci[dlci->addr] = NULL;
036bca1f 1678 kfifo_free(&dlci->fifo);
6ab8fba7 1679 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
329e5678 1680 dev_kfree_skb(dlci->skb);
6ab8fba7
RG		 1681 kfree(dlci);
1682}
1683
1684static inline void dlci_get(struct gsm_dlci *dlci)
1685{
9a8e62bc 1686 tty_port_get(&dlci->port);
6ab8fba7
RG		 1687}
1688
1689static inline void dlci_put(struct gsm_dlci *dlci)
1690{
9a8e62bc 1691 tty_port_put(&dlci->port);
6ab8fba7
RG		 1692}
1693
4d9b1090
DB		 1694static void gsm_destroy_network(struct gsm_dlci *dlci);
1695
6ab8fba7
RG		 1696/**
1697 * gsm_dlci_release - release DLCI
e1eaea46
AC		 1698 * @dlci: DLCI to destroy
1699 *
6ab8fba7
RG		 1700 * Release a DLCI. Actual free is deferred until either
1701 * mux is closed or tty is closed - whichever is last.
e1eaea46
AC		 1702 *
1703 * Can sleep.
1704 */
6ab8fba7 1705static void gsm_dlci_release(struct gsm_dlci *dlci)
e1eaea46
AC		 1706{
1707 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1708 if (tty) {
4d9b1090
DB		 1709 mutex_lock(&dlci->mutex);
1710 gsm_destroy_network(dlci);
1711 mutex_unlock(&dlci->mutex);
1712
7030082a 1713 tty_hangup(tty);
be706572 1714
4d9b1090 1715 tty_port_tty_set(&dlci->port, NULL);
e1eaea46
AC		 1716 tty_kref_put(tty);
1717 }
4d9b1090 1718 dlci->state = DLCI_CLOSED;
6ab8fba7 1719 dlci_put(dlci);
e1eaea46
AC		 1720}
1721
e1eaea46
AC		 1722/*
1723 * LAPBish link layer logic
1724 */
1725
1726/**
1727 * gsm_queue - a GSM frame is ready to process
1728 * @gsm: pointer to our gsm mux
1729 *
1730 * At this point in time a frame has arrived and been demangled from
1731 * the line encoding. All the differences between the encodings have
1732 * been handled below us and the frame is unpacked into the structures.
1733 * The fcs holds the header FCS but any data FCS must be added here.
1734 */
1735
1736static void gsm_queue(struct gsm_mux *gsm)
1737{
1738 struct gsm_dlci *dlci;
1739 u8 cr;
1740 int address;
1741 /* We have to sneak a look at the packet body to do the FCS.
1742 A somewhat layering violation in the spec */
1743
1744 if ((gsm->control & ~PF) == UI)
1745 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
f3c909b4
AI		 1746 if (gsm->encoding == 0) {
1747 /* WARNING: gsm->received_fcs is used for
1748 gsm->encoding = 0 only.
1749 In this case it contain the last piece of data
1750 required to generate final CRC */
9db4e438
MK		 1751 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1752 }
e1eaea46
AC		 1753 if (gsm->fcs != GOOD_FCS) {
1754 gsm->bad_fcs++;
1755 if (debug & 4)
5f9a31d6 1756 pr_debug("BAD FCS %02x\n", gsm->fcs);
e1eaea46
AC		 1757 return;
1758 }
1759 address = gsm->address >> 1;
1760 if (address >= NUM_DLCI)
1761 goto invalid;
1762
1763 cr = gsm->address & 1; /* C/R bit */
1764
1765 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1766
1767 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1768 dlci = gsm->dlci[address];
1769
1770 switch (gsm->control) {
1771 case SABM|PF:
1772 if (cr == 0)
1773 goto invalid;
1774 if (dlci == NULL)
1775 dlci = gsm_dlci_alloc(gsm, address);
1776 if (dlci == NULL)
1777 return;
1778 if (dlci->dead)
1779 gsm_response(gsm, address, DM);
1780 else {
1781 gsm_response(gsm, address, UA);
1782 gsm_dlci_open(dlci);
1783 }
1784 break;
1785 case DISC|PF:
1786 if (cr == 0)
1787 goto invalid;
1788 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1789 gsm_response(gsm, address, DM);
1790 return;
1791 }
1792 /* Real close complete */
1793 gsm_response(gsm, address, UA);
1794 gsm_dlci_close(dlci);
1795 break;
1796 case UA:
1797 case UA|PF:
1798 if (cr == 0 || dlci == NULL)
1799 break;
1800 switch (dlci->state) {
1801 case DLCI_CLOSING:
1802 gsm_dlci_close(dlci);
1803 break;
1804 case DLCI_OPENING:
1805 gsm_dlci_open(dlci);
1806 break;
72ae8cc1
JS		 1807 default:
1808 pr_debug("%s: unhandled state: %d\n", __func__,
1809 dlci->state);
1810 break;
e1eaea46
AC		 1811 }
1812 break;
1813 case DM: /* DM can be valid unsolicited */
1814 case DM|PF:
1815 if (cr)
1816 goto invalid;
1817 if (dlci == NULL)
1818 return;
1819 gsm_dlci_close(dlci);
1820 break;
1821 case UI:
1822 case UI|PF:
1823 case UIH:
1824 case UIH|PF:
1825#if 0
1826 if (cr)
1827 goto invalid;
1828#endif
1829 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1830 gsm_command(gsm, address, DM|PF);
1831 return;
1832 }
1833 dlci->data(dlci, gsm->buf, gsm->len);
1834 break;
1835 default:
1836 goto invalid;
1837 }
1838 return;
1839invalid:
1840 gsm->malformed++;
1841 return;
1842}
1843
1844
1845/**
1846 * gsm0_receive - perform processing for non-transparency
1847 * @gsm: gsm data for this ldisc instance
1848 * @c: character
1849 *
1850 * Receive bytes in gsm mode 0
1851 */
1852
1853static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1854{
c2f2f000
AC		 1855 unsigned int len;
1856
e1eaea46
AC		 1857 switch (gsm->state) {
1858 case GSM_SEARCH: /* SOF marker */
1859 if (c == GSM0_SOF) {
1860 gsm->state = GSM_ADDRESS;
1861 gsm->address = 0;
1862 gsm->len = 0;
1863 gsm->fcs = INIT_FCS;
1864 }
c2f2f000
AC		 1865 break;
1866 case GSM_ADDRESS: /* Address EA */
e1eaea46
AC		 1867 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1868 if (gsm_read_ea(&gsm->address, c))
1869 gsm->state = GSM_CONTROL;
1870 break;
1871 case GSM_CONTROL: /* Control Byte */
1872 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1873 gsm->control = c;
c2f2f000 1874 gsm->state = GSM_LEN0;
e1eaea46 1875 break;
c2f2f000 1876 case GSM_LEN0: /* Length EA */
e1eaea46
AC		 1877 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1878 if (gsm_read_ea(&gsm->len, c)) {
1879 if (gsm->len > gsm->mru) {
1880 gsm->bad_size++;
1881 gsm->state = GSM_SEARCH;
1882 break;
1883 }
1884 gsm->count = 0;
c2f2f000
AC		 1885 if (!gsm->len)
1886 gsm->state = GSM_FCS;
1887 else
1888 gsm->state = GSM_DATA;
1889 break;
e1eaea46 1890 }
c2f2f000
AC		 1891 gsm->state = GSM_LEN1;
1892 break;
1893 case GSM_LEN1:
1894 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1895 len = c;
1896 gsm->len |= len << 7;
1897 if (gsm->len > gsm->mru) {
1898 gsm->bad_size++;
1899 gsm->state = GSM_SEARCH;
1900 break;
e1eaea46 1901 }
c2f2f000
AC		 1902 gsm->count = 0;
1903 if (!gsm->len)
1904 gsm->state = GSM_FCS;
1905 else
1906 gsm->state = GSM_DATA;
e1eaea46
AC		 1907 break;
1908 case GSM_DATA: /* Data */
1909 gsm->buf[gsm->count++] = c;
1910 if (gsm->count == gsm->len)
1911 gsm->state = GSM_FCS;
1912 break;
1913 case GSM_FCS: /* FCS follows the packet */
c2f2f000 1914 gsm->received_fcs = c;
e1eaea46 1915 gsm_queue(gsm);
c2f2f000
AC		 1916 gsm->state = GSM_SSOF;
1917 break;
1918 case GSM_SSOF:
1919 if (c == GSM0_SOF) {
1920 gsm->state = GSM_SEARCH;
1921 break;
1922 }
e1eaea46 1923 break;
329aa6e6
JS		 1924 default:
1925 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
1926 break;
e1eaea46
AC		 1927 }
1928}
1929
1930/**
c2f2f000 1931 * gsm1_receive - perform processing for non-transparency
e1eaea46
AC		 1932 * @gsm: gsm data for this ldisc instance
1933 * @c: character
1934 *
1935 * Receive bytes in mode 1 (Advanced option)
1936 */
1937
1938static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1939{
1940 if (c == GSM1_SOF) {
1941 /* EOF is only valid in frame if we have got to the data state
1942 and received at least one byte (the FCS) */
1943 if (gsm->state == GSM_DATA && gsm->count) {
1944 /* Extract the FCS */
1945 gsm->count--;
1946 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1947 gsm->len = gsm->count;
1948 gsm_queue(gsm);
1949 gsm->state = GSM_START;
1950 return;
1951 }
1952 /* Any partial frame was a runt so go back to start */
1953 if (gsm->state != GSM_START) {
1954 gsm->malformed++;
1955 gsm->state = GSM_START;
1956 }
1957 /* A SOF in GSM_START means we are still reading idling or
1958 framing bytes */
1959 return;
1960 }
1961
1962 if (c == GSM1_ESCAPE) {
c50704bd 1963 gsm->escape = true;
e1eaea46
AC		 1964 return;
1965 }
1966
1967 /* Only an unescaped SOF gets us out of GSM search */
1968 if (gsm->state == GSM_SEARCH)
1969 return;
1970
1971 if (gsm->escape) {
1972 c ^= GSM1_ESCAPE_BITS;
c50704bd 1973 gsm->escape = false;
e1eaea46
AC		 1974 }
1975 switch (gsm->state) {
1976 case GSM_START: /* First byte after SOF */
1977 gsm->address = 0;
1978 gsm->state = GSM_ADDRESS;
1979 gsm->fcs = INIT_FCS;
3e913eeb 1980 /* Fall through */
e1eaea46
AC		 1981 case GSM_ADDRESS: /* Address continuation */
1982 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1983 if (gsm_read_ea(&gsm->address, c))
1984 gsm->state = GSM_CONTROL;
1985 break;
1986 case GSM_CONTROL: /* Control Byte */
1987 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1988 gsm->control = c;
1989 gsm->count = 0;
1990 gsm->state = GSM_DATA;
1991 break;
1992 case GSM_DATA: /* Data */
5f9a31d6 1993 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
e1eaea46
AC		 1994 gsm->state = GSM_OVERRUN;
1995 gsm->bad_size++;
1996 } else
1997 gsm->buf[gsm->count++] = c;
1998 break;
1999 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2000 break;
329aa6e6
JS		 2001 default:
2002 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2003 break;
e1eaea46
AC		 2004 }
2005}
2006
2007/**
2008 * gsm_error - handle tty error
2009 * @gsm: ldisc data
2010 * @data: byte received (may be invalid)
2011 * @flag: error received
2012 *
2013 * Handle an error in the receipt of data for a frame. Currently we just
2014 * go back to hunting for a SOF.
2015 *
2016 * FIXME: better diagnostics ?
2017 */
2018
2019static void gsm_error(struct gsm_mux *gsm,
2020 unsigned char data, unsigned char flag)
2021{
2022 gsm->state = GSM_SEARCH;
2023 gsm->io_error++;
2024}
2025
71e07791
SH		 2026static int gsm_disconnect(struct gsm_mux *gsm)
2027{
2028 struct gsm_dlci *dlci = gsm->dlci[0];
2029 struct gsm_control *gc;
2030
2031 if (!dlci)
2032 return 0;
2033
2034 /* In theory disconnecting DLCI 0 is sufficient but for some
2035 modems this is apparently not the case. */
2036 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2037 if (gc)
2038 gsm_control_wait(gsm, gc);
2039
2040 del_timer_sync(&gsm->t2_timer);
2041 /* Now we are sure T2 has stopped */
2042
2043 gsm_dlci_begin_close(dlci);
2044 wait_event_interruptible(gsm->event,
2045 dlci->state == DLCI_CLOSED);
2046
2047 if (signal_pending(current))
2048 return -EINTR;
2049
2050 return 0;
2051}
2052
e1eaea46
AC		 2053/**
2054 * gsm_cleanup_mux - generic GSM protocol cleanup
2055 * @gsm: our mux
2056 *
2057 * Clean up the bits of the mux which are the same for all framing
2058 * protocols. Remove the mux from the mux table, stop all the timers
2059 * and then shut down each device hanging up the channels as we go.
2060 */
2061
54af5836 2062static void gsm_cleanup_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2063{
2064 int i;
2065 struct gsm_dlci *dlci = gsm->dlci[0];
329e5678 2066 struct gsm_msg *txq, *ntxq;
e1eaea46 2067
5677fcf3 2068 gsm->dead = true;
e1eaea46
AC		 2069
2070 spin_lock(&gsm_mux_lock);
2071 for (i = 0; i < MAX_MUX; i++) {
2072 if (gsm_mux[i] == gsm) {
2073 gsm_mux[i] = NULL;
2074 break;
2075 }
2076 }
2077 spin_unlock(&gsm_mux_lock);
d175feca
JS		 2078 /* open failed before registering => nothing to do */
2079 if (i == MAX_MUX)
2080 return;
e1eaea46
AC		 2081
2082 del_timer_sync(&gsm->t2_timer);
2083 /* Now we are sure T2 has stopped */
71e07791 2084 if (dlci)
5677fcf3 2085 dlci->dead = true;
71e07791 2086
e1eaea46 2087 /* Free up any link layer users */
dfabf7ff 2088 mutex_lock(&gsm->mutex);
e1eaea46
AC		 2089 for (i = 0; i < NUM_DLCI; i++)
2090 if (gsm->dlci[i])
6ab8fba7 2091 gsm_dlci_release(gsm->dlci[i]);
dfabf7ff 2092 mutex_unlock(&gsm->mutex);
e1eaea46 2093 /* Now wipe the queues */
b4338e1e 2094 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
e1eaea46 2095 kfree(txq);
b4338e1e 2096 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46 2097}
e1eaea46
AC		 2098
2099/**
2100 * gsm_activate_mux - generic GSM setup
2101 * @gsm: our mux
2102 *
2103 * Set up the bits of the mux which are the same for all framing
2104 * protocols. Add the mux to the mux table so it can be opened and
2105 * finally kick off connecting to DLCI 0 on the modem.
2106 */
2107
54af5836 2108static int gsm_activate_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2109{
2110 struct gsm_dlci *dlci;
2111 int i = 0;
2112
e99e88a9 2113 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
e1eaea46
AC		 2114 init_waitqueue_head(&gsm->event);
2115 spin_lock_init(&gsm->control_lock);
2116 spin_lock_init(&gsm->tx_lock);
2117
2118 if (gsm->encoding == 0)
2119 gsm->receive = gsm0_receive;
2120 else
2121 gsm->receive = gsm1_receive;
2122 gsm->error = gsm_error;
2123
2124 spin_lock(&gsm_mux_lock);
2125 for (i = 0; i < MAX_MUX; i++) {
2126 if (gsm_mux[i] == NULL) {
d50f6dca 2127 gsm->num = i;
e1eaea46
AC		 2128 gsm_mux[i] = gsm;
2129 break;
2130 }
2131 }
2132 spin_unlock(&gsm_mux_lock);
2133 if (i == MAX_MUX)
2134 return -EBUSY;
2135
2136 dlci = gsm_dlci_alloc(gsm, 0);
2137 if (dlci == NULL)
2138 return -ENOMEM;
5677fcf3 2139 gsm->dead = false; /* Tty opens are now permissible */
e1eaea46
AC		 2140 return 0;
2141}
e1eaea46
AC		 2142
2143/**
2144 * gsm_free_mux - free up a mux
2145 * @mux: mux to free
2146 *
6ab8fba7 2147 * Dispose of allocated resources for a dead mux
e1eaea46 2148 */
54af5836 2149static void gsm_free_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2150{
2151 kfree(gsm->txframe);
2152 kfree(gsm->buf);
2153 kfree(gsm);
2154}
e1eaea46 2155
6ab8fba7
RG		 2156/**
2157 * gsm_free_muxr - free up a mux
2158 * @mux: mux to free
2159 *
2160 * Dispose of allocated resources for a dead mux
2161 */
2162static void gsm_free_muxr(struct kref *ref)
2163{
2164 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2165 gsm_free_mux(gsm);
2166}
2167
2168static inline void mux_get(struct gsm_mux *gsm)
2169{
2170 kref_get(&gsm->ref);
2171}
2172
2173static inline void mux_put(struct gsm_mux *gsm)
2174{
2175 kref_put(&gsm->ref, gsm_free_muxr);
2176}
2177
43a9e710
MH		 2178static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2179{
2180 return gsm->num * NUM_DLCI;
2181}
2182
2183static inline unsigned int mux_line_to_num(unsigned int line)
2184{
2185 return line / NUM_DLCI;
2186}
2187
e1eaea46
AC		 2188/**
2189 * gsm_alloc_mux - allocate a mux
2190 *
2191 * Creates a new mux ready for activation.
2192 */
2193
54af5836 2194static struct gsm_mux *gsm_alloc_mux(void)
e1eaea46
AC		 2195{
2196 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2197 if (gsm == NULL)
2198 return NULL;
2199 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2200 if (gsm->buf == NULL) {
2201 kfree(gsm);
2202 return NULL;
2203 }
2204 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2205 if (gsm->txframe == NULL) {
2206 kfree(gsm->buf);
2207 kfree(gsm);
2208 return NULL;
2209 }
2210 spin_lock_init(&gsm->lock);
dfabf7ff 2211 mutex_init(&gsm->mutex);
6ab8fba7 2212 kref_init(&gsm->ref);
b4338e1e 2213 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46
AC		 2214
2215 gsm->t1 = T1;
2216 gsm->t2 = T2;
2217 gsm->n2 = N2;
2218 gsm->ftype = UIH;
e1eaea46
AC		 2219 gsm->adaption = 1;
2220 gsm->encoding = 1;
2221 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2222 gsm->mtu = 64;
5677fcf3 2223 gsm->dead = true; /* Avoid early tty opens */
e1eaea46
AC		 2224
2225 return gsm;
2226}
e1eaea46 2227
33841040
TL		 2228static void gsm_copy_config_values(struct gsm_mux *gsm,
2229 struct gsm_config *c)
2230{
2231 memset(c, 0, sizeof(*c));
2232 c->adaption = gsm->adaption;
2233 c->encapsulation = gsm->encoding;
2234 c->initiator = gsm->initiator;
2235 c->t1 = gsm->t1;
2236 c->t2 = gsm->t2;
2237 c->t3 = 0; /* Not supported */
2238 c->n2 = gsm->n2;
2239 if (gsm->ftype == UIH)
2240 c->i = 1;
2241 else
2242 c->i = 2;
2243 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2244 c->mru = gsm->mru;
2245 c->mtu = gsm->mtu;
2246 c->k = 0;
2247}
2248
2249static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2250{
2251 int need_close = 0;
2252 int need_restart = 0;
2253
2254 /* Stuff we don't support yet - UI or I frame transport, windowing */
2255 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2256 return -EOPNOTSUPP;
2257 /* Check the MRU/MTU range looks sane */
2258 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2259 return -EINVAL;
2260 if (c->n2 < 3)
2261 return -EINVAL;
2262 if (c->encapsulation > 1) /* Basic, advanced, no I */
2263 return -EINVAL;
2264 if (c->initiator > 1)
2265 return -EINVAL;
2266 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2267 return -EINVAL;
2268 /*
2269 * See what is needed for reconfiguration
2270 */
2271
2272 /* Timing fields */
2273 if (c->t1 != 0 && c->t1 != gsm->t1)
2274 need_restart = 1;
2275 if (c->t2 != 0 && c->t2 != gsm->t2)
2276 need_restart = 1;
2277 if (c->encapsulation != gsm->encoding)
2278 need_restart = 1;
2279 if (c->adaption != gsm->adaption)
2280 need_restart = 1;
2281 /* Requires care */
2282 if (c->initiator != gsm->initiator)
2283 need_close = 1;
2284 if (c->mru != gsm->mru)
2285 need_restart = 1;
2286 if (c->mtu != gsm->mtu)
2287 need_restart = 1;
2288
2289 /*
2290 * Close down what is needed, restart and initiate the new
2291 * configuration
2292 */
2293
2294 if (need_close || need_restart) {
2295 int ret;
2296
2297 ret = gsm_disconnect(gsm);
2298
2299 if (ret)
2300 return ret;
2301 }
2302 if (need_restart)
2303 gsm_cleanup_mux(gsm);
2304
2305 gsm->initiator = c->initiator;
2306 gsm->mru = c->mru;
2307 gsm->mtu = c->mtu;
2308 gsm->encoding = c->encapsulation;
2309 gsm->adaption = c->adaption;
2310 gsm->n2 = c->n2;
2311
2312 if (c->i == 1)
2313 gsm->ftype = UIH;
2314 else if (c->i == 2)
2315 gsm->ftype = UI;
2316
2317 if (c->t1)
2318 gsm->t1 = c->t1;
2319 if (c->t2)
2320 gsm->t2 = c->t2;
2321
2322 /*
2323 * FIXME: We need to separate activation/deactivation from adding
2324 * and removing from the mux array
2325 */
2326 if (need_restart)
2327 gsm_activate_mux(gsm);
2328 if (gsm->initiator && need_close)
2329 gsm_dlci_begin_open(gsm->dlci[0]);
2330 return 0;
2331}
2332
e1eaea46
AC		 2333/**
2334 * gsmld_output - write to link
2335 * @gsm: our mux
2336 * @data: bytes to output
2337 * @len: size
2338 *
2339 * Write a block of data from the GSM mux to the data channel. This
2340 * will eventually be serialized from above but at the moment isn't.
2341 */
2342
2343static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2344{
2345 if (tty_write_room(gsm->tty) < len) {
2346 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2347 return -ENOSPC;
2348 }
0a77c4f9
JP		 2349 if (debug & 4)
2350 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2351 data, len);
e1eaea46
AC		 2352 gsm->tty->ops->write(gsm->tty, data, len);
2353 return len;
2354}
2355
2356/**
2357 * gsmld_attach_gsm - mode set up
2358 * @tty: our tty structure
2359 * @gsm: our mux
2360 *
2361 * Set up the MUX for basic mode and commence connecting to the
2362 * modem. Currently called from the line discipline set up but
2363 * will need moving to an ioctl path.
2364 */
2365
2366static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2367{
43a9e710
MH		 2368 unsigned int base;
2369 int ret, i;
e1eaea46
AC		 2370
2371 gsm->tty = tty_kref_get(tty);
2372 gsm->output = gsmld_output;
2373 ret = gsm_activate_mux(gsm);
2374 if (ret != 0)
2375 tty_kref_put(gsm->tty);
d50f6dca
RG		 2376 else {
2377 /* Don't register device 0 - this is the control channel and not
2378 a usable tty interface */
43a9e710 2379 base = mux_num_to_base(gsm); /* Base for this MUX */
d50f6dca
RG		 2380 for (i = 1; i < NUM_DLCI; i++)
2381 tty_register_device(gsm_tty_driver, base + i, NULL);
2382 }
e1eaea46
AC		 2383 return ret;
2384}
2385
2386
2387/**
2388 * gsmld_detach_gsm - stop doing 0710 mux
70f23fd6 2389 * @tty: tty attached to the mux
e1eaea46
AC		 2390 * @gsm: mux
2391 *
2392 * Shutdown and then clean up the resources used by the line discipline
2393 */
2394
2395static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2396{
43a9e710 2397 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
d50f6dca 2398 int i;
d50f6dca 2399
e1eaea46 2400 WARN_ON(tty != gsm->tty);
d50f6dca
RG		 2401 for (i = 1; i < NUM_DLCI; i++)
2402 tty_unregister_device(gsm_tty_driver, base + i);
e1eaea46
AC		 2403 gsm_cleanup_mux(gsm);
2404 tty_kref_put(gsm->tty);
2405 gsm->tty = NULL;
2406}
2407
55db4c64
LT		 2408static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2409 char *fp, int count)
e1eaea46
AC		 2410{
2411 struct gsm_mux *gsm = tty->disc_data;
2412 const unsigned char *dp;
2413 char *f;
2414 int i;
82f91fe0 2415 char flags = TTY_NORMAL;
e1eaea46 2416
0a77c4f9
JP		 2417 if (debug & 4)
2418 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2419 cp, count);
e1eaea46
AC		 2420
2421 for (i = count, dp = cp, f = fp; i; i--, dp++) {
82f91fe0
PH		 2422 if (f)
2423 flags = *f++;
e1eaea46
AC		 2424 switch (flags) {
2425 case TTY_NORMAL:
2426 gsm->receive(gsm, *dp);
2427 break;
2428 case TTY_OVERRUN:
2429 case TTY_BREAK:
2430 case TTY_PARITY:
2431 case TTY_FRAME:
2432 gsm->error(gsm, *dp, flags);
2433 break;
2434 default:
c01af4fe 2435 WARN_ONCE(1, "%s: unknown flag %d\n",
429b4749 2436 tty_name(tty), flags);
e1eaea46
AC		 2437 break;
2438 }
2439 }
2440 /* FASYNC if needed ? */
2441 /* If clogged call tty_throttle(tty); */
2442}
2443
e1eaea46
AC		 2444/**
2445 * gsmld_flush_buffer - clean input queue
2446 * @tty: terminal device
2447 *
2448 * Flush the input buffer. Called when the line discipline is
2449 * being closed, when the tty layer wants the buffer flushed (eg
2450 * at hangup).
2451 */
2452
2453static void gsmld_flush_buffer(struct tty_struct *tty)
2454{
2455}
2456
2457/**
2458 * gsmld_close - close the ldisc for this tty
2459 * @tty: device
2460 *
2461 * Called from the terminal layer when this line discipline is
2462 * being shut down, either because of a close or becsuse of a
2463 * discipline change. The function will not be called while other
2464 * ldisc methods are in progress.
2465 */
2466
2467static void gsmld_close(struct tty_struct *tty)
2468{
2469 struct gsm_mux *gsm = tty->disc_data;
2470
2471 gsmld_detach_gsm(tty, gsm);
2472
2473 gsmld_flush_buffer(tty);
2474 /* Do other clean up here */
6ab8fba7 2475 mux_put(gsm);
e1eaea46
AC		 2476}
2477
2478/**
2479 * gsmld_open - open an ldisc
2480 * @tty: terminal to open
2481 *
2482 * Called when this line discipline is being attached to the
2483 * terminal device. Can sleep. Called serialized so that no
2484 * other events will occur in parallel. No further open will occur
2485 * until a close.
2486 */
2487
2488static int gsmld_open(struct tty_struct *tty)
2489{
2490 struct gsm_mux *gsm;
5a640967 2491 int ret;
e1eaea46
AC		 2492
2493 if (tty->ops->write == NULL)
2494 return -EINVAL;
2495
2496 /* Attach our ldisc data */
2497 gsm = gsm_alloc_mux();
2498 if (gsm == NULL)
2499 return -ENOMEM;
2500
2501 tty->disc_data = gsm;
2502 tty->receive_room = 65536;
2503
2504 /* Attach the initial passive connection */
2505 gsm->encoding = 1;
5a640967 2506
2507 ret = gsmld_attach_gsm(tty, gsm);
2508 if (ret != 0) {
2509 gsm_cleanup_mux(gsm);
2510 mux_put(gsm);
2511 }
2512 return ret;
e1eaea46
AC		 2513}
2514
2515/**
2516 * gsmld_write_wakeup - asynchronous I/O notifier
2517 * @tty: tty device
2518 *
2519 * Required for the ptys, serial driver etc. since processes
2520 * that attach themselves to the master and rely on ASYNC
2521 * IO must be woken up
2522 */
2523
2524static void gsmld_write_wakeup(struct tty_struct *tty)
2525{
2526 struct gsm_mux *gsm = tty->disc_data;
328be395 2527 unsigned long flags;
e1eaea46
AC		 2528
2529 /* Queue poll */
2530 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
5e44708f 2531 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 2532 gsm_data_kick(gsm);
328be395 2533 if (gsm->tx_bytes < TX_THRESH_LO) {
e1eaea46 2534 gsm_dlci_data_sweep(gsm);
328be395 2535 }
5e44708f 2536 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46
AC		 2537}
2538
2539/**
2540 * gsmld_read - read function for tty
2541 * @tty: tty device
2542 * @file: file object
2543 * @buf: userspace buffer pointer
2544 * @nr: size of I/O
2545 *
2546 * Perform reads for the line discipline. We are guaranteed that the
2547 * line discipline will not be closed under us but we may get multiple
2548 * parallel readers and must handle this ourselves. We may also get
2549 * a hangup. Always called in user context, may sleep.
2550 *
2551 * This code must be sure never to sleep through a hangup.
2552 */
2553
2554static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2555 unsigned char __user *buf, size_t nr)
2556{
2557 return -EOPNOTSUPP;
2558}
2559
2560/**
2561 * gsmld_write - write function for tty
2562 * @tty: tty device
2563 * @file: file object
2564 * @buf: userspace buffer pointer
2565 * @nr: size of I/O
2566 *
2567 * Called when the owner of the device wants to send a frame
2568 * itself (or some other control data). The data is transferred
2569 * as-is and must be properly framed and checksummed as appropriate
2570 * by userspace. Frames are either sent whole or not at all as this
2571 * avoids pain user side.
2572 */
2573
2574static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2575 const unsigned char *buf, size_t nr)
2576{
2577 int space = tty_write_room(tty);
2578 if (space >= nr)
2579 return tty->ops->write(tty, buf, nr);
2580 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2581 return -ENOBUFS;
2582}
2583
2584/**
2585 * gsmld_poll - poll method for N_GSM0710
2586 * @tty: terminal device
2587 * @file: file accessing it
2588 * @wait: poll table
2589 *
2590 * Called when the line discipline is asked to poll() for data or
2591 * for special events. This code is not serialized with respect to
2592 * other events save open/close.
2593 *
2594 * This code must be sure never to sleep through a hangup.
2595 * Called without the kernel lock held - fine
2596 */
2597
afc9a42b 2598static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
e1eaea46
AC		 2599 poll_table *wait)
2600{
afc9a42b 2601 __poll_t mask = 0;
e1eaea46
AC		 2602 struct gsm_mux *gsm = tty->disc_data;
2603
2604 poll_wait(file, &tty->read_wait, wait);
2605 poll_wait(file, &tty->write_wait, wait);
2606 if (tty_hung_up_p(file))
a9a08845 2607 mask |= EPOLLHUP;
e1eaea46 2608 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
a9a08845 2609 mask |= EPOLLOUT | EPOLLWRNORM;
e1eaea46 2610 if (gsm->dead)
a9a08845 2611 mask |= EPOLLHUP;
e1eaea46
AC		 2612 return mask;
2613}
2614
e1eaea46
AC		 2615static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2616 unsigned int cmd, unsigned long arg)
2617{
2618 struct gsm_config c;
2619 struct gsm_mux *gsm = tty->disc_data;
a7b121b4 2620 unsigned int base;
e1eaea46
AC		 2621
2622 switch (cmd) {
2623 case GSMIOC_GETCONF:
33841040 2624 gsm_copy_config_values(gsm, &c);
edd05a73 2625 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
e1eaea46
AC		 2626 return -EFAULT;
2627 return 0;
2628 case GSMIOC_SETCONF:
edd05a73 2629 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
e1eaea46 2630 return -EFAULT;
33841040 2631 return gsm_config(gsm, &c);
a7b121b4
MH		 2632 case GSMIOC_GETFIRST:
2633 base = mux_num_to_base(gsm);
2634 return put_user(base + 1, (__u32 __user *)arg);
e1eaea46
AC		 2635 default:
2636 return n_tty_ioctl_helper(tty, file, cmd, arg);
2637 }
2638}
2639
bcd5abe2
RG		 2640/*
2641 * Network interface
2642 *
2643 */
2644
2645static int gsm_mux_net_open(struct net_device *net)
2646{
2647 pr_debug("%s called\n", __func__);
2648 netif_start_queue(net);
2649 return 0;
2650}
2651
2652static int gsm_mux_net_close(struct net_device *net)
2653{
2654 netif_stop_queue(net);
2655 return 0;
2656}
2657
bcd5abe2
RG		 2658static void dlci_net_free(struct gsm_dlci *dlci)
2659{
2660 if (!dlci->net) {
2661 WARN_ON(1);
2662 return;
2663 }
2664 dlci->adaption = dlci->prev_adaption;
2665 dlci->data = dlci->prev_data;
2666 free_netdev(dlci->net);
2667 dlci->net = NULL;
2668}
2669static void net_free(struct kref *ref)
2670{
2671 struct gsm_mux_net *mux_net;
2672 struct gsm_dlci *dlci;
2673
2674 mux_net = container_of(ref, struct gsm_mux_net, ref);
2675 dlci = mux_net->dlci;
2676
2677 if (dlci->net) {
2678 unregister_netdev(dlci->net);
2679 dlci_net_free(dlci);
2680 }
2681}
2682
6ab8fba7
RG		 2683static inline void muxnet_get(struct gsm_mux_net *mux_net)
2684{
2685 kref_get(&mux_net->ref);
2686}
2687
2688static inline void muxnet_put(struct gsm_mux_net *mux_net)
2689{
2690 kref_put(&mux_net->ref, net_free);
2691}
2692
2468b3e4 2693static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
bcd5abe2
RG		 2694 struct net_device *net)
2695{
5dbc32a8 2696 struct gsm_mux_net *mux_net = netdev_priv(net);
bcd5abe2 2697 struct gsm_dlci *dlci = mux_net->dlci;
6ab8fba7 2698 muxnet_get(mux_net);
bcd5abe2
RG		 2699
2700 skb_queue_head(&dlci->skb_list, skb);
47baf1ad
TK		 2701 net->stats.tx_packets++;
2702 net->stats.tx_bytes += skb->len;
bcd5abe2
RG		 2703 gsm_dlci_data_kick(dlci);
2704 /* And tell the kernel when the last transmit started. */
860e9538 2705 netif_trans_update(net);
6ab8fba7 2706 muxnet_put(mux_net);
bcd5abe2
RG		 2707 return NETDEV_TX_OK;
2708}
2709
2710/* called when a packet did not ack after watchdogtimeout */
0290bd29 2711static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
bcd5abe2
RG		 2712{
2713 /* Tell syslog we are hosed. */
2714 dev_dbg(&net->dev, "Tx timed out.\n");
2715
2716 /* Update statistics */
47baf1ad 2717 net->stats.tx_errors++;
bcd5abe2
RG		 2718}
2719
2720static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
4feb7a4a 2721 const unsigned char *in_buf, int size)
bcd5abe2
RG		 2722{
2723 struct net_device *net = dlci->net;
2724 struct sk_buff *skb;
5dbc32a8 2725 struct gsm_mux_net *mux_net = netdev_priv(net);
6ab8fba7 2726 muxnet_get(mux_net);
bcd5abe2
RG		 2727
2728 /* Allocate an sk_buff */
2729 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2730 if (!skb) {
2731 /* We got no receive buffer. */
47baf1ad 2732 net->stats.rx_dropped++;
6ab8fba7 2733 muxnet_put(mux_net);
bcd5abe2
RG		 2734 return;
2735 }
2736 skb_reserve(skb, NET_IP_ALIGN);
59ae1d12 2737 skb_put_data(skb, in_buf, size);
bcd5abe2
RG		 2738
2739 skb->dev = net;
75406b3b 2740 skb->protocol = htons(ETH_P_IP);
bcd5abe2
RG		 2741
2742 /* Ship it off to the kernel */
2743 netif_rx(skb);
2744
2745 /* update out statistics */
47baf1ad
TK		 2746 net->stats.rx_packets++;
2747 net->stats.rx_bytes += size;
6ab8fba7 2748 muxnet_put(mux_net);
bcd5abe2
RG		 2749 return;
2750}
2751
bcd5abe2
RG		 2752static void gsm_mux_net_init(struct net_device *net)
2753{
2754 static const struct net_device_ops gsm_netdev_ops = {
2755 .ndo_open = gsm_mux_net_open,
2756 .ndo_stop = gsm_mux_net_close,
2757 .ndo_start_xmit = gsm_mux_net_start_xmit,
2758 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
bcd5abe2
RG		 2759 };
2760
2761 net->netdev_ops = &gsm_netdev_ops;
2762
2763 /* fill in the other fields */
2764 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2765 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2766 net->type = ARPHRD_NONE;
2767 net->tx_queue_len = 10;
2768}
2769
2770
2771/* caller holds the dlci mutex */
2772static void gsm_destroy_network(struct gsm_dlci *dlci)
2773{
2774 struct gsm_mux_net *mux_net;
2775
d8ca4ecf 2776 pr_debug("destroy network interface\n");
bcd5abe2
RG		 2777 if (!dlci->net)
2778 return;
5dbc32a8 2779 mux_net = netdev_priv(dlci->net);
6ab8fba7 2780 muxnet_put(mux_net);
bcd5abe2
RG		 2781}
2782
2783
2784/* caller holds the dlci mutex */
2785static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2786{
2787 char *netname;
2788 int retval = 0;
2789 struct net_device *net;
2790 struct gsm_mux_net *mux_net;
2791
2792 if (!capable(CAP_NET_ADMIN))
2793 return -EPERM;
2794
2795 /* Already in a non tty mode */
2796 if (dlci->adaption > 2)
2797 return -EBUSY;
2798
2799 if (nc->protocol != htons(ETH_P_IP))
2800 return -EPROTONOSUPPORT;
2801
2802 if (nc->adaption != 3 && nc->adaption != 4)
2803 return -EPROTONOSUPPORT;
2804
d8ca4ecf 2805 pr_debug("create network interface\n");
bcd5abe2
RG		 2806
2807 netname = "gsm%d";
2808 if (nc->if_name[0] != '\0')
2809 netname = nc->if_name;
c835a677
TG		 2810 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2811 NET_NAME_UNKNOWN, gsm_mux_net_init);
bcd5abe2 2812 if (!net) {
d8ca4ecf 2813 pr_err("alloc_netdev failed\n");
bcd5abe2
RG		 2814 return -ENOMEM;
2815 }
2816 net->mtu = dlci->gsm->mtu;
9c22b4a3
JW		 2817 net->min_mtu = 8;
2818 net->max_mtu = dlci->gsm->mtu;
5dbc32a8 2819 mux_net = netdev_priv(net);
bcd5abe2
RG		 2820 mux_net->dlci = dlci;
2821 kref_init(&mux_net->ref);
2822 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2823
2824 /* reconfigure dlci for network */
2825 dlci->prev_adaption = dlci->adaption;
2826 dlci->prev_data = dlci->data;
2827 dlci->adaption = nc->adaption;
2828 dlci->data = gsm_mux_rx_netchar;
2829 dlci->net = net;
2830
d8ca4ecf 2831 pr_debug("register netdev\n");
bcd5abe2
RG		 2832 retval = register_netdev(net);
2833 if (retval) {
2834 pr_err("network register fail %d\n", retval);
2835 dlci_net_free(dlci);
2836 return retval;
2837 }
2838 return net->ifindex; /* return network index */
2839}
e1eaea46
AC		 2840
2841/* Line discipline for real tty */
d3157b2c 2842static struct tty_ldisc_ops tty_ldisc_packet = {
e1eaea46
AC		 2843 .owner = THIS_MODULE,
2844 .magic = TTY_LDISC_MAGIC,
2845 .name = "n_gsm",
2846 .open = gsmld_open,
2847 .close = gsmld_close,
2848 .flush_buffer = gsmld_flush_buffer,
e1eaea46
AC		 2849 .read = gsmld_read,
2850 .write = gsmld_write,
2851 .ioctl = gsmld_ioctl,
2852 .poll = gsmld_poll,
2853 .receive_buf = gsmld_receive_buf,
2854 .write_wakeup = gsmld_write_wakeup
2855};
2856
2857/*
2858 * Virtual tty side
2859 */
2860
2861#define TX_SIZE 512
2862
2863static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2864{
2865 u8 modembits[5];
2866 struct gsm_control *ctrl;
2867 int len = 2;
2868
2869 if (brk)
2870 len++;
2871
2872 modembits[0] = len << 1 | EA; /* Data bytes */
2873 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */
2874 modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2875 if (brk)
2876 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */
2877 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2878 if (ctrl == NULL)
2879 return -ENOMEM;
2880 return gsm_control_wait(dlci->gsm, ctrl);
2881}
2882
2883static int gsm_carrier_raised(struct tty_port *port)
2884{
2885 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
b2d89ad9
TL		 2886 struct gsm_mux *gsm = dlci->gsm;
2887
e1eaea46
AC		 2888 /* Not yet open so no carrier info */
2889 if (dlci->state != DLCI_OPEN)
2890 return 0;
2891 if (debug & 2)
2892 return 1;
b2d89ad9
TL		 2893
2894 /*
2895 * Basic mode with control channel in ADM mode may not respond
2896 * to CMD_MSC at all and modem_rx is empty.
2897 */
2898 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
2899 !dlci->modem_rx)
2900 return 1;
2901
e1eaea46
AC		 2902 return dlci->modem_rx & TIOCM_CD;
2903}
2904
2905static void gsm_dtr_rts(struct tty_port *port, int onoff)
2906{
2907 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2908 unsigned int modem_tx = dlci->modem_tx;
2909 if (onoff)
2910 modem_tx |= TIOCM_DTR | TIOCM_RTS;
2911 else
2912 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2913 if (modem_tx != dlci->modem_tx) {
2914 dlci->modem_tx = modem_tx;
2915 gsmtty_modem_update(dlci, 0);
2916 }
2917}
2918
2919static const struct tty_port_operations gsm_port_ops = {
2920 .carrier_raised = gsm_carrier_raised,
2921 .dtr_rts = gsm_dtr_rts,
9a8e62bc 2922 .destruct = gsm_dlci_free,
e1eaea46
AC		 2923};
2924
86176ed9 2925static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
e1eaea46
AC		 2926{
2927 struct gsm_mux *gsm;
2928 struct gsm_dlci *dlci;
e1eaea46 2929 unsigned int line = tty->index;
43a9e710 2930 unsigned int mux = mux_line_to_num(line);
86176ed9
JS		 2931 bool alloc = false;
2932 int ret;
e1eaea46
AC		 2933
2934 line = line & 0x3F;
2935
2936 if (mux >= MAX_MUX)
2937 return -ENXIO;
2938 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2939 if (gsm_mux[mux] == NULL)
2940 return -EUNATCH;
2941 if (line == 0 || line > 61) /* 62/63 reserved */
2942 return -ECHRNG;
2943 gsm = gsm_mux[mux];
2944 if (gsm->dead)
2945 return -EL2HLT;
f3c909b4
AI		 2946 /* If DLCI 0 is not yet fully open return an error.
2947 This is ok from a locking
2948 perspective as we don't have to worry about this
2949 if DLCI0 is lost */
dfabf7ff
CB		 2950 mutex_lock(&gsm->mutex);
2951 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
2952 mutex_unlock(&gsm->mutex);
7e8ac7b2 2953 return -EL2NSYNC;
dfabf7ff 2954 }
e1eaea46 2955 dlci = gsm->dlci[line];
86176ed9
JS		 2956 if (dlci == NULL) {
2957 alloc = true;
e1eaea46 2958 dlci = gsm_dlci_alloc(gsm, line);
86176ed9 2959 }
dfabf7ff
CB		 2960 if (dlci == NULL) {
2961 mutex_unlock(&gsm->mutex);
e1eaea46 2962 return -ENOMEM;
dfabf7ff 2963 }
86176ed9
JS		 2964 ret = tty_port_install(&dlci->port, driver, tty);
2965 if (ret) {
2966 if (alloc)
2967 dlci_put(dlci);
dfabf7ff 2968 mutex_unlock(&gsm->mutex);
86176ed9
JS		 2969 return ret;
2970 }
2971
dfabf7ff
CB		 2972 dlci_get(dlci);
2973 dlci_get(gsm->dlci[0]);
2974 mux_get(gsm);
e1eaea46 2975 tty->driver_data = dlci;
dfabf7ff 2976 mutex_unlock(&gsm->mutex);
86176ed9
JS		 2977
2978 return 0;
2979}
2980
2981static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2982{
2983 struct gsm_dlci *dlci = tty->driver_data;
2984 struct tty_port *port = &dlci->port;
2985
2986 port->count++;
e1eaea46
AC		 2987 tty_port_tty_set(port, tty);
2988
2989 dlci->modem_rx = 0;
2990 /* We could in theory open and close before we wait - eg if we get
2991 a DM straight back. This is ok as that will have caused a hangup */
d41861ca 2992 tty_port_set_initialized(port, 1);
e1eaea46
AC		 2993 /* Start sending off SABM messages */
2994 gsm_dlci_begin_open(dlci);
2995 /* And wait for virtual carrier */
2996 return tty_port_block_til_ready(port, tty, filp);
2997}
2998
2999static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3000{
3001 struct gsm_dlci *dlci = tty->driver_data;
6ab8fba7 3002
e1eaea46
AC		 3003 if (dlci == NULL)
3004 return;
4d9b1090
DB		 3005 if (dlci->state == DLCI_CLOSED)
3006 return;
bcd5abe2
RG		 3007 mutex_lock(&dlci->mutex);
3008 gsm_destroy_network(dlci);
3009 mutex_unlock(&dlci->mutex);
e1eaea46 3010 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
dfabf7ff 3011 return;
e1eaea46 3012 gsm_dlci_begin_close(dlci);
d41861ca
PH		 3013 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3014 tty_port_lower_dtr_rts(&dlci->port);
e1eaea46
AC		 3015 tty_port_close_end(&dlci->port, tty);
3016 tty_port_tty_set(&dlci->port, NULL);
dfabf7ff 3017 return;
e1eaea46
AC		 3018}
3019
3020static void gsmtty_hangup(struct tty_struct *tty)
3021{
3022 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3023 if (dlci->state == DLCI_CLOSED)
3024 return;
e1eaea46
AC		 3025 tty_port_hangup(&dlci->port);
3026 gsm_dlci_begin_close(dlci);
3027}
3028
3029static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3030 int len)
3031{
4d9b1090 3032 int sent;
e1eaea46 3033 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3034 if (dlci->state == DLCI_CLOSED)
3035 return -EINVAL;
e1eaea46 3036 /* Stuff the bytes into the fifo queue */
036bca1f 3037 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
e1eaea46
AC		 3038 /* Need to kick the channel */
3039 gsm_dlci_data_kick(dlci);
3040 return sent;
3041}
3042
3043static int gsmtty_write_room(struct tty_struct *tty)
3044{
3045 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3046 if (dlci->state == DLCI_CLOSED)
3047 return -EINVAL;
036bca1f 3048 return TX_SIZE - kfifo_len(&dlci->fifo);
e1eaea46
AC		 3049}
3050
3051static int gsmtty_chars_in_buffer(struct tty_struct *tty)
3052{
3053 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3054 if (dlci->state == DLCI_CLOSED)
3055 return -EINVAL;
036bca1f 3056 return kfifo_len(&dlci->fifo);
e1eaea46
AC		 3057}
3058
3059static void gsmtty_flush_buffer(struct tty_struct *tty)
3060{
3061 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3062 if (dlci->state == DLCI_CLOSED)
3063 return;
e1eaea46
AC		 3064 /* Caution needed: If we implement reliable transport classes
3065 then the data being transmitted can't simply be junked once
3066 it has first hit the stack. Until then we can just blow it
3067 away */
036bca1f 3068 kfifo_reset(&dlci->fifo);
e1eaea46
AC		 3069 /* Need to unhook this DLCI from the transmit queue logic */
3070}
3071
3072static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3073{
3074 /* The FIFO handles the queue so the kernel will do the right
3075 thing waiting on chars_in_buffer before calling us. No work
3076 to do here */
3077}
3078
60b33c13 3079static int gsmtty_tiocmget(struct tty_struct *tty)
e1eaea46
AC		 3080{
3081 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3082 if (dlci->state == DLCI_CLOSED)
3083 return -EINVAL;
e1eaea46
AC		 3084 return dlci->modem_rx;
3085}
3086
20b9d177 3087static int gsmtty_tiocmset(struct tty_struct *tty,
e1eaea46
AC		 3088 unsigned int set, unsigned int clear)
3089{
3090 struct gsm_dlci *dlci = tty->driver_data;
3091 unsigned int modem_tx = dlci->modem_tx;
3092
4d9b1090
DB		 3093 if (dlci->state == DLCI_CLOSED)
3094 return -EINVAL;
cf16807b 3095 modem_tx &= ~clear;
e1eaea46
AC		 3096 modem_tx |= set;
3097
3098 if (modem_tx != dlci->modem_tx) {
3099 dlci->modem_tx = modem_tx;
3100 return gsmtty_modem_update(dlci, 0);
3101 }
3102 return 0;
3103}
3104
3105
6caa76b7 3106static int gsmtty_ioctl(struct tty_struct *tty,
e1eaea46
AC		 3107 unsigned int cmd, unsigned long arg)
3108{
bcd5abe2
RG		 3109 struct gsm_dlci *dlci = tty->driver_data;
3110 struct gsm_netconfig nc;
3111 int index;
3112
4d9b1090
DB		 3113 if (dlci->state == DLCI_CLOSED)
3114 return -EINVAL;
bcd5abe2
RG		 3115 switch (cmd) {
3116 case GSMIOC_ENABLE_NET:
3117 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3118 return -EFAULT;
3119 nc.if_name[IFNAMSIZ-1] = '\0';
3120 /* return net interface index or error code */
3121 mutex_lock(&dlci->mutex);
3122 index = gsm_create_network(dlci, &nc);
3123 mutex_unlock(&dlci->mutex);
3124 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3125 return -EFAULT;
3126 return index;
3127 case GSMIOC_DISABLE_NET:
3128 if (!capable(CAP_NET_ADMIN))
3129 return -EPERM;
3130 mutex_lock(&dlci->mutex);
3131 gsm_destroy_network(dlci);
3132 mutex_unlock(&dlci->mutex);
3133 return 0;
3134 default:
3135 return -ENOIOCTLCMD;
3136 }
e1eaea46
AC		 3137}
3138
3139static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3140{
4d9b1090
DB		 3141 struct gsm_dlci *dlci = tty->driver_data;
3142 if (dlci->state == DLCI_CLOSED)
3143 return;
e1eaea46
AC		 3144 /* For the moment its fixed. In actual fact the speed information
3145 for the virtual channel can be propogated in both directions by
3146 the RPN control message. This however rapidly gets nasty as we
3147 then have to remap modem signals each way according to whether
3148 our virtual cable is null modem etc .. */
adc8d746 3149 tty_termios_copy_hw(&tty->termios, old);
e1eaea46
AC		 3150}
3151
3152static void gsmtty_throttle(struct tty_struct *tty)
3153{
3154 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3155 if (dlci->state == DLCI_CLOSED)
3156 return;
9db276f8 3157 if (C_CRTSCTS(tty))
e1eaea46 3158 dlci->modem_tx &= ~TIOCM_DTR;
e9360b9a 3159 dlci->throttled = true;
e1eaea46
AC		 3160 /* Send an MSC with DTR cleared */
3161 gsmtty_modem_update(dlci, 0);
3162}
3163
3164static void gsmtty_unthrottle(struct tty_struct *tty)
3165{
3166 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3167 if (dlci->state == DLCI_CLOSED)
3168 return;
9db276f8 3169 if (C_CRTSCTS(tty))
e1eaea46 3170 dlci->modem_tx |= TIOCM_DTR;
e9360b9a 3171 dlci->throttled = false;
e1eaea46
AC		 3172 /* Send an MSC with DTR set */
3173 gsmtty_modem_update(dlci, 0);
3174}
3175
3176static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3177{
3178 struct gsm_dlci *dlci = tty->driver_data;
3179 int encode = 0; /* Off */
4d9b1090
DB		 3180 if (dlci->state == DLCI_CLOSED)
3181 return -EINVAL;
e1eaea46
AC		 3182
3183 if (state == -1) /* "On indefinitely" - we can't encode this
3184 properly */
3185 encode = 0x0F;
3186 else if (state > 0) {
3187 encode = state / 200; /* mS to encoding */
3188 if (encode > 0x0F)
3189 encode = 0x0F; /* Best effort */
3190 }
3191 return gsmtty_modem_update(dlci, encode);
3192}
3193
8f9cfeed 3194static void gsmtty_cleanup(struct tty_struct *tty)
dfabf7ff
CB		 3195{
3196 struct gsm_dlci *dlci = tty->driver_data;
3197 struct gsm_mux *gsm = dlci->gsm;
3198
3199 dlci_put(dlci);
3200 dlci_put(gsm->dlci[0]);
3201 mux_put(gsm);
dfabf7ff 3202}
e1eaea46
AC		 3203
3204/* Virtual ttys for the demux */
3205static const struct tty_operations gsmtty_ops = {
86176ed9 3206 .install = gsmtty_install,
e1eaea46
AC		 3207 .open = gsmtty_open,
3208 .close = gsmtty_close,
3209 .write = gsmtty_write,
3210 .write_room = gsmtty_write_room,
3211 .chars_in_buffer = gsmtty_chars_in_buffer,
3212 .flush_buffer = gsmtty_flush_buffer,
3213 .ioctl = gsmtty_ioctl,
3214 .throttle = gsmtty_throttle,
3215 .unthrottle = gsmtty_unthrottle,
3216 .set_termios = gsmtty_set_termios,
3217 .hangup = gsmtty_hangup,
3218 .wait_until_sent = gsmtty_wait_until_sent,
3219 .tiocmget = gsmtty_tiocmget,
3220 .tiocmset = gsmtty_tiocmset,
3221 .break_ctl = gsmtty_break_ctl,
8f9cfeed 3222 .cleanup = gsmtty_cleanup,
e1eaea46
AC		 3223};
3224
3225
3226
3227static int __init gsm_init(void)
3228{
3229 /* Fill in our line protocol discipline, and register it */
3230 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3231 if (status != 0) {
5f9a31d6
AC		 3232 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3233 status);
e1eaea46
AC		 3234 return status;
3235 }
3236
3237 gsm_tty_driver = alloc_tty_driver(256);
3238 if (!gsm_tty_driver) {
3239 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3240 pr_err("gsm_init: tty allocation failed.\n");
e1eaea46
AC		 3241 return -EINVAL;
3242 }
e1eaea46
AC		 3243 gsm_tty_driver->driver_name = "gsmtty";
3244 gsm_tty_driver->name = "gsmtty";
3245 gsm_tty_driver->major = 0; /* Dynamic */
3246 gsm_tty_driver->minor_start = 0;
3247 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3248 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3249 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
5f9a31d6 3250 | TTY_DRIVER_HARDWARE_BREAK;
e1eaea46
AC		 3251 gsm_tty_driver->init_termios = tty_std_termios;
3252 /* Fixme */
3253 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3254 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3255
3256 spin_lock_init(&gsm_mux_lock);
3257
3258 if (tty_register_driver(gsm_tty_driver)) {
3259 put_tty_driver(gsm_tty_driver);
3260 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3261 pr_err("gsm_init: tty registration failed.\n");
e1eaea46
AC		 3262 return -EBUSY;
3263 }
5f9a31d6
AC		 3264 pr_debug("gsm_init: loaded as %d,%d.\n",
3265 gsm_tty_driver->major, gsm_tty_driver->minor_start);
e1eaea46
AC		 3266 return 0;
3267}
3268
3269static void __exit gsm_exit(void)
3270{
3271 int status = tty_unregister_ldisc(N_GSM0710);
3272 if (status != 0)
5f9a31d6
AC		 3273 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3274 status);
e1eaea46
AC		 3275 tty_unregister_driver(gsm_tty_driver);
3276 put_tty_driver(gsm_tty_driver);
e1eaea46
AC		 3277}
3278
3279module_init(gsm_init);
3280module_exit(gsm_exit);
3281
3282
3283MODULE_LICENSE("GPL");
3284MODULE_ALIAS_LDISC(N_GSM0710);
Linux 6.x block layer and io_uring tree(s)