projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
n_gsm: switch throttled to bool
[linux-2.6-block.git] / drivers / tty / n_gsm.c
CommitLineData
e3b3d0f5 1// SPDX-License-Identifier: GPL-2.0
e1eaea46
AC		 2/*
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
5 *
e1eaea46
AC		 6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
7 *
8 * TO DO:
9 * Mostly done: ioctls for setting modes/timing
5f9a31d6 10 * Partly done: hooks so you can pull off frames to non tty devs
e1eaea46 11 * Restart DLCI 0 when it closes ?
e1eaea46
AC		 12 * Improve the tx engine
13 * Resolve tx side locking by adding a queue_head and routing
14 * all control traffic via it
15 * General tidy/document
16 * Review the locking/move to refcounts more (mux now moved to an
17 * alloc/free model ready)
18 * Use newest tty open/close port helpers and install hooks
19 * What to do about power functions ?
20 * Termios setting and negotiation
21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
22 *
23 */
24
25#include <linux/types.h>
26#include <linux/major.h>
27#include <linux/errno.h>
28#include <linux/signal.h>
29#include <linux/fcntl.h>
174cd4b1 30#include <linux/sched/signal.h>
e1eaea46
AC		 31#include <linux/interrupt.h>
32#include <linux/tty.h>
e1eaea46
AC		 33#include <linux/ctype.h>
34#include <linux/mm.h>
35#include <linux/string.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/bitops.h>
39#include <linux/file.h>
40#include <linux/uaccess.h>
41#include <linux/module.h>
42#include <linux/timer.h>
43#include <linux/tty_flip.h>
44#include <linux/tty_driver.h>
45#include <linux/serial.h>
46#include <linux/kfifo.h>
47#include <linux/skbuff.h>
bcd5abe2
RG		 48#include <net/arp.h>
49#include <linux/ip.h>
50#include <linux/netdevice.h>
51#include <linux/etherdevice.h>
e1eaea46
AC		 52#include <linux/gsmmux.h>
53
54static int debug;
55module_param(debug, int, 0600);
56
a8d12007
AC		 57/* Defaults: these are from the specification */
58
59#define T1 10 /* 100mS */
60#define T2 34 /* 333mS */
61#define N2 3 /* Retry 3 times */
e1eaea46
AC		 62
63/* Use long timers for testing at low speed with debug on */
64#ifdef DEBUG_TIMING
a8d12007
AC		 65#define T1 100
66#define T2 200
e1eaea46
AC		 67#endif
68
5f9a31d6 69/*
25985edc 70 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
5f9a31d6
AC		 71 * limits so this is plenty
72 */
bcd5abe2
RG		 73#define MAX_MRU 1500
74#define MAX_MTU 1500
75#define GSM_NET_TX_TIMEOUT (HZ*10)
76
77/**
78 * struct gsm_mux_net - network interface
79 * @struct gsm_dlci* dlci
bcd5abe2
RG		 80 *
81 * Created when net interface is initialized.
82 **/
83struct gsm_mux_net {
84 struct kref ref;
85 struct gsm_dlci *dlci;
bcd5abe2
RG		 86};
87
e1eaea46
AC		 88/*
89 * Each block of data we have queued to go out is in the form of
25985edc 90 * a gsm_msg which holds everything we need in a link layer independent
e1eaea46
AC		 91 * format
92 */
93
94struct gsm_msg {
b4338e1e 95 struct list_head list;
e1eaea46
AC		 96 u8 addr; /* DLCI address + flags */
97 u8 ctrl; /* Control byte + flags */
98 unsigned int len; /* Length of data block (can be zero) */
99 unsigned char *data; /* Points into buffer but not at the start */
2f202d03 100 unsigned char buffer[];
e1eaea46
AC		 101};
102
72ae8cc1
JS		 103enum gsm_dlci_state {
104 DLCI_CLOSED,
105 DLCI_OPENING, /* Sending SABM not seen UA */
106 DLCI_OPEN, /* SABM/UA complete */
107 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
108};
109
e1785996
JS		 110enum gsm_dlci_mode {
111 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
112 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
113};
114
e1eaea46
AC		 115/*
116 * Each active data link has a gsm_dlci structure associated which ties
117 * the link layer to an optional tty (if the tty side is open). To avoid
118 * complexity right now these are only ever freed up when the mux is
119 * shut down.
120 *
121 * At the moment we don't free DLCI objects until the mux is torn down
122 * this avoid object life time issues but might be worth review later.
123 */
124
125struct gsm_dlci {
126 struct gsm_mux *gsm;
127 int addr;
72ae8cc1 128 enum gsm_dlci_state state;
bcd5abe2 129 struct mutex mutex;
e1eaea46
AC		 130
131 /* Link layer */
e1785996 132 enum gsm_dlci_mode mode;
e1eaea46
AC		 133 spinlock_t lock; /* Protects the internal state */
134 struct timer_list t1; /* Retransmit timer for SABM and UA */
135 int retries;
136 /* Uplink tty if active */
137 struct tty_port port; /* The tty bound to this DLCI if there is one */
036bca1f 138 struct kfifo fifo; /* Queue fifo for the DLCI */
e1eaea46 139 int adaption; /* Adaption layer in use */
bcd5abe2 140 int prev_adaption;
e1eaea46
AC		 141 u32 modem_rx; /* Our incoming virtual modem lines */
142 u32 modem_tx; /* Our outgoing modem lines */
5677fcf3 143 bool dead; /* Refuse re-open */
e1eaea46 144 /* Flow control */
e9360b9a 145 bool throttled; /* Private copy of throttle state */
e1eaea46
AC		 146 int constipated; /* Throttle status for outgoing */
147 /* Packetised I/O */
148 struct sk_buff *skb; /* Frame being sent */
149 struct sk_buff_head skb_list; /* Queued frames */
150 /* Data handling callback */
4feb7a4a
TL		 151 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
152 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
bcd5abe2 153 struct net_device *net; /* network interface, if created */
e1eaea46
AC		 154};
155
c33eecc7 156/* DLCI 0, 62/63 are special or reserved see gsmtty_open */
e1eaea46
AC		 157
158#define NUM_DLCI 64
159
160/*
161 * DLCI 0 is used to pass control blocks out of band of the data
162 * flow (and with a higher link priority). One command can be outstanding
163 * at a time and we use this structure to manage them. They are created
164 * and destroyed by the user context, and updated by the receive paths
165 * and timers
166 */
167
168struct gsm_control {
169 u8 cmd; /* Command we are issuing */
170 u8 *data; /* Data for the command in case we retransmit */
171 int len; /* Length of block for retransmission */
172 int done; /* Done flag */
173 int error; /* Error if any */
174};
175
329aa6e6
JS		 176enum gsm_mux_state {
177 GSM_SEARCH,
178 GSM_START,
179 GSM_ADDRESS,
180 GSM_CONTROL,
181 GSM_LEN,
182 GSM_DATA,
183 GSM_FCS,
184 GSM_OVERRUN,
185 GSM_LEN0,
186 GSM_LEN1,
187 GSM_SSOF,
188};
189
e1eaea46
AC		 190/*
191 * Each GSM mux we have is represented by this structure. If we are
192 * operating as an ldisc then we use this structure as our ldisc
193 * state. We need to sort out lifetimes and locking with respect
194 * to the gsm mux array. For now we don't free DLCI objects that
195 * have been instantiated until the mux itself is terminated.
196 *
197 * To consider further: tty open versus mux shutdown.
198 */
199
200struct gsm_mux {
201 struct tty_struct *tty; /* The tty our ldisc is bound to */
202 spinlock_t lock;
dfabf7ff 203 struct mutex mutex;
d50f6dca 204 unsigned int num;
6ab8fba7 205 struct kref ref;
e1eaea46
AC		 206
207 /* Events on the GSM channel */
208 wait_queue_head_t event;
209
210 /* Bits for GSM mode decoding */
211
212 /* Framing Layer */
213 unsigned char *buf;
329aa6e6 214 enum gsm_mux_state state;
e1eaea46
AC		 215 unsigned int len;
216 unsigned int address;
217 unsigned int count;
218 int escape;
219 int encoding;
220 u8 control;
221 u8 fcs;
c2f2f000 222 u8 received_fcs;
e1eaea46
AC		 223 u8 *txframe; /* TX framing buffer */
224
225 /* Methods for the receiver side */
226 void (*receive)(struct gsm_mux *gsm, u8 ch);
227 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
228 /* And transmit side */
229 int (*output)(struct gsm_mux *mux, u8 *data, int len);
230
231 /* Link Layer */
232 unsigned int mru;
233 unsigned int mtu;
234 int initiator; /* Did we initiate connection */
5677fcf3 235 bool dead; /* Has the mux been shut down */
e1eaea46
AC		 236 struct gsm_dlci *dlci[NUM_DLCI];
237 int constipated; /* Asked by remote to shut up */
238
239 spinlock_t tx_lock;
240 unsigned int tx_bytes; /* TX data outstanding */
241#define TX_THRESH_HI 8192
242#define TX_THRESH_LO 2048
b4338e1e 243 struct list_head tx_list; /* Pending data packets */
e1eaea46
AC		 244
245 /* Control messages */
246 struct timer_list t2_timer; /* Retransmit timer for commands */
247 int cretries; /* Command retry counter */
248 struct gsm_control *pending_cmd;/* Our current pending command */
249 spinlock_t control_lock; /* Protects the pending command */
250
251 /* Configuration */
252 int adaption; /* 1 or 2 supported */
253 u8 ftype; /* UI or UIH */
254 int t1, t2; /* Timers in 1/100th of a sec */
255 int n2; /* Retry count */
256
257 /* Statistics (not currently exposed) */
258 unsigned long bad_fcs;
259 unsigned long malformed;
260 unsigned long io_error;
261 unsigned long bad_size;
262 unsigned long unsupported;
263};
264
265
266/*
267 * Mux objects - needed so that we can translate a tty index into the
268 * relevant mux and DLCI.
269 */
270
271#define MAX_MUX 4 /* 256 minors */
272static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
273static spinlock_t gsm_mux_lock;
274
d50f6dca
RG		 275static struct tty_driver *gsm_tty_driver;
276
e1eaea46
AC		 277/*
278 * This section of the driver logic implements the GSM encodings
279 * both the basic and the 'advanced'. Reliable transport is not
280 * supported.
281 */
282
283#define CR 0x02
284#define EA 0x01
285#define PF 0x10
286
287/* I is special: the rest are ..*/
288#define RR 0x01
289#define UI 0x03
290#define RNR 0x05
291#define REJ 0x09
292#define DM 0x0F
293#define SABM 0x2F
294#define DISC 0x43
295#define UA 0x63
296#define UIH 0xEF
297
298/* Channel commands */
299#define CMD_NSC 0x09
300#define CMD_TEST 0x11
301#define CMD_PSC 0x21
302#define CMD_RLS 0x29
303#define CMD_FCOFF 0x31
304#define CMD_PN 0x41
305#define CMD_RPN 0x49
306#define CMD_FCON 0x51
307#define CMD_CLD 0x61
308#define CMD_SNC 0x69
309#define CMD_MSC 0x71
310
311/* Virtual modem bits */
312#define MDM_FC 0x01
313#define MDM_RTC 0x02
314#define MDM_RTR 0x04
315#define MDM_IC 0x20
316#define MDM_DV 0x40
317
318#define GSM0_SOF 0xF9
5f9a31d6 319#define GSM1_SOF 0x7E
e1eaea46
AC		 320#define GSM1_ESCAPE 0x7D
321#define GSM1_ESCAPE_BITS 0x20
322#define XON 0x11
323#define XOFF 0x13
324
325static const struct tty_port_operations gsm_port_ops;
326
327/*
328 * CRC table for GSM 0710
329 */
330
331static const u8 gsm_fcs8[256] = {
332 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
333 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
334 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
335 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
336 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
337 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
338 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
339 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
340 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
341 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
342 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
343 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
344 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
345 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
346 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
347 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
348 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
349 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
350 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
351 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
352 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
353 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
354 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
355 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
356 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
357 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
358 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
359 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
360 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
361 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
362 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
363 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
364};
365
366#define INIT_FCS 0xFF
367#define GOOD_FCS 0xCF
368
369/**
370 * gsm_fcs_add - update FCS
371 * @fcs: Current FCS
372 * @c: Next data
373 *
374 * Update the FCS to include c. Uses the algorithm in the specification
375 * notes.
376 */
377
378static inline u8 gsm_fcs_add(u8 fcs, u8 c)
379{
380 return gsm_fcs8[fcs ^ c];
381}
382
383/**
384 * gsm_fcs_add_block - update FCS for a block
385 * @fcs: Current FCS
386 * @c: buffer of data
387 * @len: length of buffer
388 *
389 * Update the FCS to include c. Uses the algorithm in the specification
390 * notes.
391 */
392
393static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
394{
395 while (len--)
396 fcs = gsm_fcs8[fcs ^ *c++];
397 return fcs;
398}
399
400/**
401 * gsm_read_ea - read a byte into an EA
402 * @val: variable holding value
403 * c: byte going into the EA
404 *
405 * Processes one byte of an EA. Updates the passed variable
406 * and returns 1 if the EA is now completely read
407 */
408
409static int gsm_read_ea(unsigned int *val, u8 c)
410{
411 /* Add the next 7 bits into the value */
412 *val <<= 7;
413 *val |= c >> 1;
414 /* Was this the last byte of the EA 1 = yes*/
415 return c & EA;
416}
417
418/**
419 * gsm_encode_modem - encode modem data bits
420 * @dlci: DLCI to encode from
421 *
422 * Returns the correct GSM encoded modem status bits (6 bit field) for
423 * the current status of the DLCI and attached tty object
424 */
425
426static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
427{
428 u8 modembits = 0;
429 /* FC is true flow control not modem bits */
430 if (dlci->throttled)
431 modembits |= MDM_FC;
432 if (dlci->modem_tx & TIOCM_DTR)
433 modembits |= MDM_RTC;
434 if (dlci->modem_tx & TIOCM_RTS)
435 modembits |= MDM_RTR;
436 if (dlci->modem_tx & TIOCM_RI)
437 modembits |= MDM_IC;
438 if (dlci->modem_tx & TIOCM_CD)
439 modembits |= MDM_DV;
440 return modembits;
441}
442
443/**
444 * gsm_print_packet - display a frame for debug
445 * @hdr: header to print before decode
446 * @addr: address EA from the frame
447 * @cr: C/R bit from the frame
448 * @control: control including PF bit
449 * @data: following data bytes
450 * @dlen: length of data
451 *
452 * Displays a packet in human readable format for debugging purposes. The
453 * style is based on amateur radio LAP-B dump display.
454 */
455
456static void gsm_print_packet(const char *hdr, int addr, int cr,
457 u8 control, const u8 *data, int dlen)
458{
459 if (!(debug & 1))
460 return;
461
5f9a31d6 462 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
e1eaea46
AC		 463
464 switch (control & ~PF) {
465 case SABM:
5f9a31d6 466 pr_cont("SABM");
e1eaea46
AC		 467 break;
468 case UA:
5f9a31d6 469 pr_cont("UA");
e1eaea46
AC		 470 break;
471 case DISC:
5f9a31d6 472 pr_cont("DISC");
e1eaea46
AC		 473 break;
474 case DM:
5f9a31d6 475 pr_cont("DM");
e1eaea46
AC		 476 break;
477 case UI:
5f9a31d6 478 pr_cont("UI");
e1eaea46
AC		 479 break;
480 case UIH:
5f9a31d6 481 pr_cont("UIH");
e1eaea46
AC		 482 break;
483 default:
484 if (!(control & 0x01)) {
5f9a31d6 485 pr_cont("I N(S)%d N(R)%d",
47fdd641 486 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
e1eaea46 487 } else switch (control & 0x0F) {
5f9a31d6
AC		 488 case RR:
489 pr_cont("RR(%d)", (control & 0xE0) >> 5);
490 break;
491 case RNR:
492 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
493 break;
494 case REJ:
495 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
496 break;
497 default:
498 pr_cont("[%02X]", control);
e1eaea46
AC		 499 }
500 }
501
502 if (control & PF)
5f9a31d6 503 pr_cont("(P)");
e1eaea46 504 else
5f9a31d6 505 pr_cont("(F)");
e1eaea46
AC		 506
507 if (dlen) {
508 int ct = 0;
509 while (dlen--) {
5f9a31d6
AC		 510 if (ct % 8 == 0) {
511 pr_cont("\n");
512 pr_debug(" ");
513 }
514 pr_cont("%02X ", *data++);
e1eaea46
AC		 515 ct++;
516 }
517 }
5f9a31d6 518 pr_cont("\n");
e1eaea46
AC		 519}
520
521
522/*
523 * Link level transmission side
524 */
525
526/**
527 * gsm_stuff_packet - bytestuff a packet
528 * @ibuf: input
529 * @obuf: output
530 * @len: length of input
531 *
532 * Expand a buffer by bytestuffing it. The worst case size change
533 * is doubling and the caller is responsible for handing out
534 * suitable sized buffers.
535 */
536
537static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
538{
539 int olen = 0;
540 while (len--) {
541 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
542 || *input == XON || *input == XOFF) {
543 *output++ = GSM1_ESCAPE;
544 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
545 olen++;
546 } else
547 *output++ = *input++;
548 olen++;
549 }
550 return olen;
551}
552
e1eaea46
AC		 553/**
554 * gsm_send - send a control frame
555 * @gsm: our GSM mux
556 * @addr: address for control frame
557 * @cr: command/response bit
558 * @control: control byte including PF bit
559 *
560 * Format up and transmit a control frame. These do not go via the
561 * queueing logic as they should be transmitted ahead of data when
562 * they are needed.
563 *
564 * FIXME: Lock versus data TX path
565 */
566
567static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
568{
569 int len;
570 u8 cbuf[10];
571 u8 ibuf[3];
572
573 switch (gsm->encoding) {
574 case 0:
575 cbuf[0] = GSM0_SOF;
576 cbuf[1] = (addr << 2) | (cr << 1) | EA;
577 cbuf[2] = control;
578 cbuf[3] = EA; /* Length of data = 0 */
579 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
580 cbuf[5] = GSM0_SOF;
581 len = 6;
582 break;
583 case 1:
584 case 2:
585 /* Control frame + packing (but not frame stuffing) in mode 1 */
586 ibuf[0] = (addr << 2) | (cr << 1) | EA;
587 ibuf[1] = control;
588 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
589 /* Stuffing may double the size worst case */
590 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
591 /* Now add the SOF markers */
592 cbuf[0] = GSM1_SOF;
593 cbuf[len + 1] = GSM1_SOF;
594 /* FIXME: we can omit the lead one in many cases */
595 len += 2;
596 break;
597 default:
598 WARN_ON(1);
599 return;
600 }
601 gsm->output(gsm, cbuf, len);
602 gsm_print_packet("-->", addr, cr, control, NULL, 0);
603}
604
605/**
606 * gsm_response - send a control response
607 * @gsm: our GSM mux
608 * @addr: address for control frame
609 * @control: control byte including PF bit
610 *
611 * Format up and transmit a link level response frame.
612 */
613
614static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
615{
616 gsm_send(gsm, addr, 0, control);
617}
618
619/**
620 * gsm_command - send a control command
621 * @gsm: our GSM mux
622 * @addr: address for control frame
623 * @control: control byte including PF bit
624 *
625 * Format up and transmit a link level command frame.
626 */
627
628static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
629{
630 gsm_send(gsm, addr, 1, control);
631}
632
633/* Data transmission */
634
635#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
636
637/**
638 * gsm_data_alloc - allocate data frame
639 * @gsm: GSM mux
640 * @addr: DLCI address
641 * @len: length excluding header and FCS
642 * @ctrl: control byte
643 *
644 * Allocate a new data buffer for sending frames with data. Space is left
645 * at the front for header bytes but that is treated as an implementation
646 * detail and not for the high level code to use
647 */
648
649static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
650 u8 ctrl)
651{
652 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
653 GFP_ATOMIC);
654 if (m == NULL)
655 return NULL;
656 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
657 m->len = len;
658 m->addr = addr;
659 m->ctrl = ctrl;
b4338e1e 660 INIT_LIST_HEAD(&m->list);
e1eaea46
AC		 661 return m;
662}
663
664/**
665 * gsm_data_kick - poke the queue
666 * @gsm: GSM Mux
667 *
668 * The tty device has called us to indicate that room has appeared in
669 * the transmit queue. Ram more data into the pipe if we have any
c01af4fe
FB		 670 * If we have been flow-stopped by a CMD_FCOFF, then we can only
671 * send messages on DLCI0 until CMD_FCON
e1eaea46
AC		 672 *
673 * FIXME: lock against link layer control transmissions
674 */
675
676static void gsm_data_kick(struct gsm_mux *gsm)
677{
b4338e1e 678 struct gsm_msg *msg, *nmsg;
e1eaea46
AC		 679 int len;
680 int skip_sof = 0;
681
b4338e1e
RG		 682 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
683 if (gsm->constipated && msg->addr)
c01af4fe 684 continue;
e1eaea46
AC		 685 if (gsm->encoding != 0) {
686 gsm->txframe[0] = GSM1_SOF;
687 len = gsm_stuff_frame(msg->data,
688 gsm->txframe + 1, msg->len);
689 gsm->txframe[len + 1] = GSM1_SOF;
690 len += 2;
691 } else {
692 gsm->txframe[0] = GSM0_SOF;
693 memcpy(gsm->txframe + 1 , msg->data, msg->len);
694 gsm->txframe[msg->len + 1] = GSM0_SOF;
695 len = msg->len + 2;
696 }
697
0a77c4f9
JP		 698 if (debug & 4)
699 print_hex_dump_bytes("gsm_data_kick: ",
700 DUMP_PREFIX_OFFSET,
701 gsm->txframe, len);
e1eaea46
AC		 702
703 if (gsm->output(gsm, gsm->txframe + skip_sof,
704 len - skip_sof) < 0)
705 break;
706 /* FIXME: Can eliminate one SOF in many more cases */
e1eaea46 707 gsm->tx_bytes -= msg->len;
e1eaea46
AC		 708 /* For a burst of frames skip the extra SOF within the
709 burst */
710 skip_sof = 1;
c01af4fe 711
b4338e1e
RG		 712 list_del(&msg->list);
713 kfree(msg);
e1eaea46
AC		 714 }
715}
716
717/**
718 * __gsm_data_queue - queue a UI or UIH frame
719 * @dlci: DLCI sending the data
720 * @msg: message queued
721 *
722 * Add data to the transmit queue and try and get stuff moving
723 * out of the mux tty if not already doing so. The Caller must hold
724 * the gsm tx lock.
725 */
726
727static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
728{
729 struct gsm_mux *gsm = dlci->gsm;
730 u8 *dp = msg->data;
731 u8 *fcs = dp + msg->len;
732
733 /* Fill in the header */
734 if (gsm->encoding == 0) {
735 if (msg->len < 128)
736 *--dp = (msg->len << 1) | EA;
737 else {
be7a7411
KM		 738 *--dp = (msg->len >> 7); /* bits 7 - 15 */
739 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
e1eaea46
AC		 740 }
741 }
742
743 *--dp = msg->ctrl;
744 if (gsm->initiator)
745 *--dp = (msg->addr << 2) | 2 | EA;
746 else
747 *--dp = (msg->addr << 2) | EA;
748 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
749 /* Ugly protocol layering violation */
750 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
751 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
752 *fcs = 0xFF - *fcs;
753
754 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
755 msg->data, msg->len);
756
757 /* Move the header back and adjust the length, also allow for the FCS
758 now tacked on the end */
759 msg->len += (msg->data - dp) + 1;
760 msg->data = dp;
761
762 /* Add to the actual output queue */
b4338e1e 763 list_add_tail(&msg->list, &gsm->tx_list);
e1eaea46
AC		 764 gsm->tx_bytes += msg->len;
765 gsm_data_kick(gsm);
766}
767
768/**
769 * gsm_data_queue - queue a UI or UIH frame
770 * @dlci: DLCI sending the data
771 * @msg: message queued
772 *
773 * Add data to the transmit queue and try and get stuff moving
774 * out of the mux tty if not already doing so. Take the
775 * the gsm tx lock and dlci lock.
776 */
777
778static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
779{
780 unsigned long flags;
781 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
782 __gsm_data_queue(dlci, msg);
783 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
784}
785
786/**
787 * gsm_dlci_data_output - try and push data out of a DLCI
788 * @gsm: mux
789 * @dlci: the DLCI to pull data from
790 *
791 * Pull data from a DLCI and send it into the transmit queue if there
792 * is data. Keep to the MRU of the mux. This path handles the usual tty
793 * interface which is a byte stream with optional modem data.
794 *
795 * Caller must hold the tx_lock of the mux.
796 */
797
798static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
799{
800 struct gsm_msg *msg;
801 u8 *dp;
268e526b 802 int len, total_size, size;
e1eaea46
AC		 803 int h = dlci->adaption - 1;
804
268e526b 805 total_size = 0;
f3c909b4 806 while (1) {
036bca1f 807 len = kfifo_len(&dlci->fifo);
268e526b
MK		 808 if (len == 0)
809 return total_size;
810
811 /* MTU/MRU count only the data bits */
812 if (len > gsm->mtu)
813 len = gsm->mtu;
814
815 size = len + h;
816
817 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
818 /* FIXME: need a timer or something to kick this so it can't
819 get stuck with no work outstanding and no buffer free */
820 if (msg == NULL)
821 return -ENOMEM;
822 dp = msg->data;
823 switch (dlci->adaption) {
824 case 1: /* Unstructured */
825 break;
f3c909b4
AI		 826 case 2: /* Unstructed with modem bits.
827 Always one byte as we never send inline break data */
268e526b
MK		 828 *dp++ = gsm_encode_modem(dlci);
829 break;
830 }
036bca1f 831 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len);
268e526b
MK		 832 __gsm_data_queue(dlci, msg);
833 total_size += size;
e1eaea46 834 }
e1eaea46 835 /* Bytes of data we used up */
268e526b 836 return total_size;
e1eaea46
AC		 837}
838
839/**
840 * gsm_dlci_data_output_framed - try and push data out of a DLCI
841 * @gsm: mux
842 * @dlci: the DLCI to pull data from
843 *
844 * Pull data from a DLCI and send it into the transmit queue if there
845 * is data. Keep to the MRU of the mux. This path handles framed data
846 * queued as skbuffs to the DLCI.
847 *
848 * Caller must hold the tx_lock of the mux.
849 */
850
851static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
852 struct gsm_dlci *dlci)
853{
854 struct gsm_msg *msg;
855 u8 *dp;
856 int len, size;
857 int last = 0, first = 0;
858 int overhead = 0;
859
860 /* One byte per frame is used for B/F flags */
861 if (dlci->adaption == 4)
862 overhead = 1;
863
864 /* dlci->skb is locked by tx_lock */
865 if (dlci->skb == NULL) {
88ed2a60 866 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
e1eaea46
AC		 867 if (dlci->skb == NULL)
868 return 0;
869 first = 1;
870 }
871 len = dlci->skb->len + overhead;
872
873 /* MTU/MRU count only the data bits */
874 if (len > gsm->mtu) {
875 if (dlci->adaption == 3) {
876 /* Over long frame, bin it */
329e5678 877 dev_kfree_skb_any(dlci->skb);
e1eaea46
AC		 878 dlci->skb = NULL;
879 return 0;
880 }
881 len = gsm->mtu;
882 } else
883 last = 1;
884
885 size = len + overhead;
886 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
887
888 /* FIXME: need a timer or something to kick this so it can't
889 get stuck with no work outstanding and no buffer free */
88ed2a60
RG		 890 if (msg == NULL) {
891 skb_queue_tail(&dlci->skb_list, dlci->skb);
892 dlci->skb = NULL;
e1eaea46 893 return -ENOMEM;
88ed2a60 894 }
e1eaea46
AC		 895 dp = msg->data;
896
897 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
898 /* Flag byte to carry the start/end info */
899 *dp++ = last << 7 | first << 6 | 1; /* EA */
900 len--;
901 }
57f2104f
RG		 902 memcpy(dp, dlci->skb->data, len);
903 skb_pull(dlci->skb, len);
e1eaea46 904 __gsm_data_queue(dlci, msg);
bcd5abe2 905 if (last) {
329e5678 906 dev_kfree_skb_any(dlci->skb);
e1eaea46 907 dlci->skb = NULL;
bcd5abe2 908 }
e1eaea46
AC		 909 return size;
910}
911
912/**
913 * gsm_dlci_data_sweep - look for data to send
914 * @gsm: the GSM mux
915 *
916 * Sweep the GSM mux channels in priority order looking for ones with
917 * data to send. We could do with optimising this scan a bit. We aim
918 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
919 * TX_THRESH_LO we get called again
920 *
921 * FIXME: We should round robin between groups and in theory you can
922 * renegotiate DLCI priorities with optional stuff. Needs optimising.
923 */
924
925static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
926{
927 int len;
928 /* Priority ordering: We should do priority with RR of the groups */
929 int i = 1;
e1eaea46 930
e1eaea46
AC		 931 while (i < NUM_DLCI) {
932 struct gsm_dlci *dlci;
933
934 if (gsm->tx_bytes > TX_THRESH_HI)
935 break;
936 dlci = gsm->dlci[i];
937 if (dlci == NULL || dlci->constipated) {
938 i++;
939 continue;
940 }
bcd5abe2 941 if (dlci->adaption < 3 && !dlci->net)
e1eaea46
AC		 942 len = gsm_dlci_data_output(gsm, dlci);
943 else
944 len = gsm_dlci_data_output_framed(gsm, dlci);
945 if (len < 0)
e73790a5 946 break;
e1eaea46
AC		 947 /* DLCI empty - try the next */
948 if (len == 0)
949 i++;
950 }
e1eaea46
AC		 951}
952
953/**
954 * gsm_dlci_data_kick - transmit if possible
955 * @dlci: DLCI to kick
956 *
957 * Transmit data from this DLCI if the queue is empty. We can't rely on
958 * a tty wakeup except when we filled the pipe so we need to fire off
959 * new data ourselves in other cases.
960 */
961
962static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
963{
964 unsigned long flags;
192b6041 965 int sweep;
e1eaea46 966
f3c909b4 967 if (dlci->constipated)
c01af4fe 968 return;
c01af4fe 969
e1eaea46
AC		 970 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
971 /* If we have nothing running then we need to fire up */
192b6041 972 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
bcd5abe2
RG		 973 if (dlci->gsm->tx_bytes == 0) {
974 if (dlci->net)
975 gsm_dlci_data_output_framed(dlci->gsm, dlci);
976 else
977 gsm_dlci_data_output(dlci->gsm, dlci);
192b6041
RG		 978 }
979 if (sweep)
f3c909b4 980 gsm_dlci_data_sweep(dlci->gsm);
e1eaea46
AC		 981 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
982}
983
984/*
985 * Control message processing
986 */
987
988
989/**
990 * gsm_control_reply - send a response frame to a control
991 * @gsm: gsm channel
992 * @cmd: the command to use
993 * @data: data to follow encoded info
994 * @dlen: length of data
995 *
996 * Encode up and queue a UI/UIH frame containing our response.
997 */
998
4feb7a4a 999static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
e1eaea46
AC		 1000 int dlen)
1001{
1002 struct gsm_msg *msg;
1003 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
093d8046
KM		 1004 if (msg == NULL)
1005 return;
e1eaea46
AC		 1006 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1007 msg->data[1] = (dlen << 1) | EA;
1008 memcpy(msg->data + 2, data, dlen);
1009 gsm_data_queue(gsm->dlci[0], msg);
1010}
1011
1012/**
1013 * gsm_process_modem - process received modem status
1014 * @tty: virtual tty bound to the DLCI
1015 * @dlci: DLCI to affect
1016 * @modem: modem bits (full EA)
1017 *
1018 * Used when a modem control message or line state inline in adaption
1019 * layer 2 is processed. Sort out the local modem state and throttles
1020 */
1021
1022static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
7263287a 1023 u32 modem, int clen)
e1eaea46
AC		 1024{
1025 int mlines = 0;
7263287a 1026 u8 brk = 0;
c01af4fe 1027 int fc;
7263287a
RG		 1028
1029 /* The modem status command can either contain one octet (v.24 signals)
1030 or two octets (v.24 signals + break signals). The length field will
1031 either be 2 or 3 respectively. This is specified in section
1032 5.4.6.3.7 of the 27.010 mux spec. */
1033
1034 if (clen == 2)
1035 modem = modem & 0x7f;
1036 else {
1037 brk = modem & 0x7f;
1038 modem = (modem >> 7) & 0x7f;
c01af4fe 1039 }
e1eaea46
AC		 1040
1041 /* Flow control/ready to communicate */
c01af4fe
FB		 1042 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1043 if (fc && !dlci->constipated) {
e1eaea46
AC		 1044 /* Need to throttle our output on this device */
1045 dlci->constipated = 1;
c01af4fe 1046 } else if (!fc && dlci->constipated) {
e1eaea46
AC		 1047 dlci->constipated = 0;
1048 gsm_dlci_data_kick(dlci);
1049 }
c01af4fe 1050
e1eaea46 1051 /* Map modem bits */
c01af4fe
FB		 1052 if (modem & MDM_RTC)
1053 mlines |= TIOCM_DSR | TIOCM_DTR;
e1eaea46
AC		 1054 if (modem & MDM_RTR)
1055 mlines |= TIOCM_RTS | TIOCM_CTS;
1056 if (modem & MDM_IC)
1057 mlines |= TIOCM_RI;
1058 if (modem & MDM_DV)
1059 mlines |= TIOCM_CD;
1060
1061 /* Carrier drop -> hangup */
1062 if (tty) {
1063 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
9db276f8 1064 if (!C_CLOCAL(tty))
e1eaea46 1065 tty_hangup(tty);
e1eaea46 1066 }
92a19f9c
JS		 1067 if (brk & 0x01)
1068 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
e1eaea46
AC		 1069 dlci->modem_rx = mlines;
1070}
1071
1072/**
1073 * gsm_control_modem - modem status received
1074 * @gsm: GSM channel
1075 * @data: data following command
1076 * @clen: command length
1077 *
1078 * We have received a modem status control message. This is used by
1079 * the GSM mux protocol to pass virtual modem line status and optionally
1080 * to indicate break signals. Unpack it, convert to Linux representation
1081 * and if need be stuff a break message down the tty.
1082 */
1083
4feb7a4a 1084static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46
AC		 1085{
1086 unsigned int addr = 0;
1087 unsigned int modem = 0;
3ac06b90 1088 unsigned int brk = 0;
e1eaea46
AC		 1089 struct gsm_dlci *dlci;
1090 int len = clen;
4feb7a4a 1091 const u8 *dp = data;
e1eaea46
AC		 1092 struct tty_struct *tty;
1093
1094 while (gsm_read_ea(&addr, *dp++) == 0) {
1095 len--;
1096 if (len == 0)
1097 return;
1098 }
1099 /* Must be at least one byte following the EA */
1100 len--;
1101 if (len <= 0)
1102 return;
1103
1104 addr >>= 1;
1105 /* Closed port, or invalid ? */
1106 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1107 return;
1108 dlci = gsm->dlci[addr];
1109
1110 while (gsm_read_ea(&modem, *dp++) == 0) {
1111 len--;
1112 if (len == 0)
1113 return;
1114 }
3ac06b90
LP		 1115 len--;
1116 if (len > 0) {
1117 while (gsm_read_ea(&brk, *dp++) == 0) {
1118 len--;
1119 if (len == 0)
1120 return;
1121 }
1122 modem <<= 7;
1123 modem |= (brk & 0x7f);
1124 }
e1eaea46 1125 tty = tty_port_tty_get(&dlci->port);
7263287a 1126 gsm_process_modem(tty, dlci, modem, clen);
e1eaea46
AC		 1127 if (tty) {
1128 tty_wakeup(tty);
1129 tty_kref_put(tty);
1130 }
1131 gsm_control_reply(gsm, CMD_MSC, data, clen);
1132}
1133
1134/**
1135 * gsm_control_rls - remote line status
1136 * @gsm: GSM channel
1137 * @data: data bytes
1138 * @clen: data length
1139 *
1140 * The modem sends us a two byte message on the control channel whenever
1141 * it wishes to send us an error state from the virtual link. Stuff
1142 * this into the uplink tty if present
1143 */
1144
4feb7a4a 1145static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
e1eaea46 1146{
92a19f9c 1147 struct tty_port *port;
f3c909b4 1148 unsigned int addr = 0;
e1eaea46
AC		 1149 u8 bits;
1150 int len = clen;
4feb7a4a 1151 const u8 *dp = data;
e1eaea46
AC		 1152
1153 while (gsm_read_ea(&addr, *dp++) == 0) {
1154 len--;
1155 if (len == 0)
1156 return;
1157 }
1158 /* Must be at least one byte following ea */
1159 len--;
1160 if (len <= 0)
1161 return;
1162 addr >>= 1;
1163 /* Closed port, or invalid ? */
1164 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1165 return;
1166 /* No error ? */
1167 bits = *dp;
1168 if ((bits & 1) == 0)
1169 return;
e1eaea46 1170
92a19f9c
JS		 1171 port = &gsm->dlci[addr]->port;
1172
1173 if (bits & 2)
1174 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1175 if (bits & 4)
1176 tty_insert_flip_char(port, 0, TTY_PARITY);
1177 if (bits & 8)
1178 tty_insert_flip_char(port, 0, TTY_FRAME);
1179
2e124b4a
JS		 1180 tty_flip_buffer_push(port);
1181
e1eaea46
AC		 1182 gsm_control_reply(gsm, CMD_RLS, data, clen);
1183}
1184
1185static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1186
1187/**
1188 * gsm_control_message - DLCI 0 control processing
1189 * @gsm: our GSM mux
1190 * @command: the command EA
1191 * @data: data beyond the command/length EAs
1192 * @clen: length
1193 *
1194 * Input processor for control messages from the other end of the link.
1195 * Processes the incoming request and queues a response frame or an
1196 * NSC response if not supported
1197 */
1198
1199static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1200 const u8 *data, int clen)
e1eaea46
AC		 1201{
1202 u8 buf[1];
5e44708f
RG		 1203 unsigned long flags;
1204
e1eaea46
AC		 1205 switch (command) {
1206 case CMD_CLD: {
1207 struct gsm_dlci *dlci = gsm->dlci[0];
1208 /* Modem wishes to close down */
1209 if (dlci) {
5677fcf3
JS		 1210 dlci->dead = true;
1211 gsm->dead = true;
e1eaea46
AC		 1212 gsm_dlci_begin_close(dlci);
1213 }
1214 }
1215 break;
1216 case CMD_TEST:
1217 /* Modem wishes to test, reply with the data */
1218 gsm_control_reply(gsm, CMD_TEST, data, clen);
1219 break;
1220 case CMD_FCON:
e1eaea46
AC		 1221 /* Modem can accept data again */
1222 gsm->constipated = 0;
c01af4fe 1223 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
e1eaea46 1224 /* Kick the link in case it is idling */
5e44708f 1225 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 1226 gsm_data_kick(gsm);
5e44708f 1227 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46 1228 break;
c01af4fe
FB		 1229 case CMD_FCOFF:
1230 /* Modem wants us to STFU */
c01af4fe
FB		 1231 gsm->constipated = 1;
1232 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1233 break;
e1eaea46
AC		 1234 case CMD_MSC:
1235 /* Out of band modem line change indicator for a DLCI */
1236 gsm_control_modem(gsm, data, clen);
1237 break;
1238 case CMD_RLS:
1239 /* Out of band error reception for a DLCI */
1240 gsm_control_rls(gsm, data, clen);
1241 break;
1242 case CMD_PSC:
1243 /* Modem wishes to enter power saving state */
1244 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1245 break;
1246 /* Optional unsupported commands */
1247 case CMD_PN: /* Parameter negotiation */
25985edc
LDM		 1248 case CMD_RPN: /* Remote port negotiation */
1249 case CMD_SNC: /* Service negotiation command */
e1eaea46
AC		 1250 default:
1251 /* Reply to bad commands with an NSC */
1252 buf[0] = command;
1253 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1254 break;
1255 }
1256}
1257
1258/**
1259 * gsm_control_response - process a response to our control
1260 * @gsm: our GSM mux
1261 * @command: the command (response) EA
1262 * @data: data beyond the command/length EA
1263 * @clen: length
1264 *
1265 * Process a response to an outstanding command. We only allow a single
1266 * control message in flight so this is fairly easy. All the clean up
1267 * is done by the caller, we just update the fields, flag it as done
1268 * and return
1269 */
1270
1271static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
4feb7a4a 1272 const u8 *data, int clen)
e1eaea46
AC		 1273{
1274 struct gsm_control *ctrl;
1275 unsigned long flags;
1276
1277 spin_lock_irqsave(&gsm->control_lock, flags);
1278
1279 ctrl = gsm->pending_cmd;
1280 /* Does the reply match our command */
1281 command |= 1;
1282 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1283 /* Our command was replied to, kill the retry timer */
1284 del_timer(&gsm->t2_timer);
1285 gsm->pending_cmd = NULL;
1286 /* Rejected by the other end */
1287 if (command == CMD_NSC)
1288 ctrl->error = -EOPNOTSUPP;
1289 ctrl->done = 1;
1290 wake_up(&gsm->event);
1291 }
1292 spin_unlock_irqrestore(&gsm->control_lock, flags);
1293}
1294
1295/**
5f9a31d6 1296 * gsm_control_transmit - send control packet
e1eaea46
AC		 1297 * @gsm: gsm mux
1298 * @ctrl: frame to send
1299 *
1300 * Send out a pending control command (called under control lock)
1301 */
1302
1303static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1304{
ed43b47b 1305 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
e1eaea46
AC		 1306 if (msg == NULL)
1307 return;
1308 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1309 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1310 gsm_data_queue(gsm->dlci[0], msg);
1311}
1312
1313/**
1314 * gsm_control_retransmit - retransmit a control frame
1315 * @data: pointer to our gsm object
1316 *
1317 * Called off the T2 timer expiry in order to retransmit control frames
1318 * that have been lost in the system somewhere. The control_lock protects
1319 * us from colliding with another sender or a receive completion event.
1320 * In that situation the timer may still occur in a small window but
1321 * gsm->pending_cmd will be NULL and we just let the timer expire.
1322 */
1323
e99e88a9 1324static void gsm_control_retransmit(struct timer_list *t)
e1eaea46 1325{
e99e88a9 1326 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
e1eaea46
AC		 1327 struct gsm_control *ctrl;
1328 unsigned long flags;
1329 spin_lock_irqsave(&gsm->control_lock, flags);
1330 ctrl = gsm->pending_cmd;
1331 if (ctrl) {
1332 gsm->cretries--;
1333 if (gsm->cretries == 0) {
1334 gsm->pending_cmd = NULL;
1335 ctrl->error = -ETIMEDOUT;
1336 ctrl->done = 1;
1337 spin_unlock_irqrestore(&gsm->control_lock, flags);
1338 wake_up(&gsm->event);
1339 return;
1340 }
1341 gsm_control_transmit(gsm, ctrl);
1342 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1343 }
1344 spin_unlock_irqrestore(&gsm->control_lock, flags);
1345}
1346
1347/**
1348 * gsm_control_send - send a control frame on DLCI 0
1349 * @gsm: the GSM channel
1350 * @command: command to send including CR bit
1351 * @data: bytes of data (must be kmalloced)
1352 * @len: length of the block to send
1353 *
1354 * Queue and dispatch a control command. Only one command can be
1355 * active at a time. In theory more can be outstanding but the matching
1356 * gets really complicated so for now stick to one outstanding.
1357 */
1358
1359static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1360 unsigned int command, u8 *data, int clen)
1361{
1362 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1363 GFP_KERNEL);
1364 unsigned long flags;
1365 if (ctrl == NULL)
1366 return NULL;
1367retry:
1368 wait_event(gsm->event, gsm->pending_cmd == NULL);
1369 spin_lock_irqsave(&gsm->control_lock, flags);
1370 if (gsm->pending_cmd != NULL) {
1371 spin_unlock_irqrestore(&gsm->control_lock, flags);
1372 goto retry;
1373 }
1374 ctrl->cmd = command;
1375 ctrl->data = data;
1376 ctrl->len = clen;
1377 gsm->pending_cmd = ctrl;
e9ec2254
TL		 1378
1379 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1380 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1381 gsm->cretries = 1;
1382 else
1383 gsm->cretries = gsm->n2;
1384
e1eaea46
AC		 1385 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1386 gsm_control_transmit(gsm, ctrl);
1387 spin_unlock_irqrestore(&gsm->control_lock, flags);
1388 return ctrl;
1389}
1390
1391/**
1392 * gsm_control_wait - wait for a control to finish
1393 * @gsm: GSM mux
1394 * @control: control we are waiting on
1395 *
1396 * Waits for the control to complete or time out. Frees any used
1397 * resources and returns 0 for success, or an error if the remote
1398 * rejected or ignored the request.
1399 */
1400
1401static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1402{
1403 int err;
1404 wait_event(gsm->event, control->done == 1);
1405 err = control->error;
1406 kfree(control);
1407 return err;
1408}
1409
1410
1411/*
1412 * DLCI level handling: Needs krefs
1413 */
1414
1415/*
1416 * State transitions and timers
1417 */
1418
1419/**
1420 * gsm_dlci_close - a DLCI has closed
1421 * @dlci: DLCI that closed
1422 *
1423 * Perform processing when moving a DLCI into closed state. If there
1424 * is an attached tty this is hung up
1425 */
1426
1427static void gsm_dlci_close(struct gsm_dlci *dlci)
1428{
1429 del_timer(&dlci->t1);
1430 if (debug & 8)
5f9a31d6 1431 pr_debug("DLCI %d goes closed.\n", dlci->addr);
e1eaea46
AC		 1432 dlci->state = DLCI_CLOSED;
1433 if (dlci->addr != 0) {
aa27a094 1434 tty_port_tty_hangup(&dlci->port, false);
036bca1f 1435 kfifo_reset(&dlci->fifo);
e1eaea46 1436 } else
5677fcf3 1437 dlci->gsm->dead = true;
e1eaea46
AC		 1438 wake_up(&dlci->gsm->event);
1439 /* A DLCI 0 close is a MUX termination so we need to kick that
1440 back to userspace somehow */
1441}
1442
1443/**
1444 * gsm_dlci_open - a DLCI has opened
1445 * @dlci: DLCI that opened
1446 *
1447 * Perform processing when moving a DLCI into open state.
1448 */
1449
1450static void gsm_dlci_open(struct gsm_dlci *dlci)
1451{
1452 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1453 open -> open */
1454 del_timer(&dlci->t1);
1455 /* This will let a tty open continue */
1456 dlci->state = DLCI_OPEN;
1457 if (debug & 8)
5f9a31d6 1458 pr_debug("DLCI %d goes open.\n", dlci->addr);
e1eaea46
AC		 1459 wake_up(&dlci->gsm->event);
1460}
1461
1462/**
1463 * gsm_dlci_t1 - T1 timer expiry
1464 * @dlci: DLCI that opened
1465 *
1466 * The T1 timer handles retransmits of control frames (essentially of
1467 * SABM and DISC). We resend the command until the retry count runs out
1468 * in which case an opening port goes back to closed and a closing port
1469 * is simply put into closed state (any further frames from the other
1470 * end will get a DM response)
ea3d8465
TL		 1471 *
1472 * Some control dlci can stay in ADM mode with other dlci working just
1473 * fine. In that case we can just keep the control dlci open after the
1474 * DLCI_OPENING retries time out.
e1eaea46
AC		 1475 */
1476
e99e88a9 1477static void gsm_dlci_t1(struct timer_list *t)
e1eaea46 1478{
e99e88a9 1479 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
e1eaea46
AC		 1480 struct gsm_mux *gsm = dlci->gsm;
1481
1482 switch (dlci->state) {
1483 case DLCI_OPENING:
1484 dlci->retries--;
1485 if (dlci->retries) {
1486 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1487 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
ea3d8465
TL		 1488 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1489 if (debug & 8)
1490 pr_info("DLCI %d opening in ADM mode.\n",
1491 dlci->addr);
e9ec2254 1492 dlci->mode = DLCI_MODE_ADM;
ea3d8465
TL		 1493 gsm_dlci_open(dlci);
1494 } else {
e1eaea46 1495 gsm_dlci_close(dlci);
ea3d8465
TL		 1496 }
1497
e1eaea46
AC		 1498 break;
1499 case DLCI_CLOSING:
1500 dlci->retries--;
1501 if (dlci->retries) {
1502 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1503 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1504 } else
1505 gsm_dlci_close(dlci);
1506 break;
72ae8cc1
JS		 1507 default:
1508 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1509 break;
e1eaea46
AC		 1510 }
1511}
1512
1513/**
1514 * gsm_dlci_begin_open - start channel open procedure
1515 * @dlci: DLCI to open
1516 *
1517 * Commence opening a DLCI from the Linux side. We issue SABM messages
ea3d8465
TL		 1518 * to the modem which should then reply with a UA or ADM, at which point
1519 * we will move into open state. Opening is done asynchronously with retry
e1eaea46
AC		 1520 * running off timers and the responses.
1521 */
1522
1523static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1524{
1525 struct gsm_mux *gsm = dlci->gsm;
1526 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1527 return;
1528 dlci->retries = gsm->n2;
1529 dlci->state = DLCI_OPENING;
1530 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1531 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1532}
1533
1534/**
1535 * gsm_dlci_begin_close - start channel open procedure
1536 * @dlci: DLCI to open
1537 *
1538 * Commence closing a DLCI from the Linux side. We issue DISC messages
1539 * to the modem which should then reply with a UA, at which point we
1540 * will move into closed state. Closing is done asynchronously with retry
1541 * off timers. We may also receive a DM reply from the other end which
1542 * indicates the channel was already closed.
1543 */
1544
1545static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1546{
1547 struct gsm_mux *gsm = dlci->gsm;
1548 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1549 return;
1550 dlci->retries = gsm->n2;
1551 dlci->state = DLCI_CLOSING;
1552 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1553 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1554}
1555
1556/**
1557 * gsm_dlci_data - data arrived
1558 * @dlci: channel
1559 * @data: block of bytes received
1560 * @len: length of received block
1561 *
1562 * A UI or UIH frame has arrived which contains data for a channel
1563 * other than the control channel. If the relevant virtual tty is
1564 * open we shovel the bits down it, if not we drop them.
1565 */
1566
4feb7a4a 1567static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
e1eaea46
AC		 1568{
1569 /* krefs .. */
1570 struct tty_port *port = &dlci->port;
2e124b4a 1571 struct tty_struct *tty;
e1eaea46 1572 unsigned int modem = 0;
7263287a 1573 int len = clen;
e1eaea46
AC		 1574
1575 if (debug & 16)
2e124b4a
JS		 1576 pr_debug("%d bytes for tty\n", len);
1577 switch (dlci->adaption) {
1578 /* Unsupported types */
3e913eeb 1579 case 4: /* Packetised interruptible data */
2e124b4a 1580 break;
3e913eeb 1581 case 3: /* Packetised uininterruptible voice/data */
2e124b4a 1582 break;
3e913eeb 1583 case 2: /* Asynchronous serial with line state in each frame */
2e124b4a
JS		 1584 while (gsm_read_ea(&modem, *data++) == 0) {
1585 len--;
1586 if (len == 0)
1587 return;
1588 }
1589 tty = tty_port_tty_get(port);
1590 if (tty) {
7263287a 1591 gsm_process_modem(tty, dlci, modem, clen);
2e124b4a 1592 tty_kref_put(tty);
e1eaea46 1593 }
3e913eeb
GS		 1594 /* Fall through */
1595 case 1: /* Line state will go via DLCI 0 controls only */
2e124b4a
JS		 1596 default:
1597 tty_insert_flip_string(port, data, len);
1598 tty_flip_buffer_push(port);
e1eaea46
AC		 1599 }
1600}
1601
1602/**
1603 * gsm_dlci_control - data arrived on control channel
1604 * @dlci: channel
1605 * @data: block of bytes received
1606 * @len: length of received block
1607 *
1608 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1609 * control channel. This should contain a command EA followed by
1610 * control data bytes. The command EA contains a command/response bit
1611 * and we divide up the work accordingly.
1612 */
1613
4feb7a4a 1614static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
e1eaea46
AC		 1615{
1616 /* See what command is involved */
1617 unsigned int command = 0;
1618 while (len-- > 0) {
1619 if (gsm_read_ea(&command, *data++) == 1) {
1620 int clen = *data++;
1621 len--;
1622 /* FIXME: this is properly an EA */
1623 clen >>= 1;
1624 /* Malformed command ? */
1625 if (clen > len)
1626 return;
1627 if (command & 1)
1628 gsm_control_message(dlci->gsm, command,
1629 data, clen);
1630 else
1631 gsm_control_response(dlci->gsm, command,
1632 data, clen);
1633 return;
1634 }
1635 }
1636}
1637
1638/*
1639 * Allocate/Free DLCI channels
1640 */
1641
1642/**
1643 * gsm_dlci_alloc - allocate a DLCI
1644 * @gsm: GSM mux
1645 * @addr: address of the DLCI
1646 *
1647 * Allocate and install a new DLCI object into the GSM mux.
1648 *
1649 * FIXME: review locking races
1650 */
1651
1652static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1653{
1654 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1655 if (dlci == NULL)
1656 return NULL;
1657 spin_lock_init(&dlci->lock);
bcd5abe2 1658 mutex_init(&dlci->mutex);
036bca1f 1659 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
e1eaea46
AC		 1660 kfree(dlci);
1661 return NULL;
1662 }
1663
1664 skb_queue_head_init(&dlci->skb_list);
e99e88a9 1665 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
e1eaea46
AC		 1666 tty_port_init(&dlci->port);
1667 dlci->port.ops = &gsm_port_ops;
1668 dlci->gsm = gsm;
1669 dlci->addr = addr;
1670 dlci->adaption = gsm->adaption;
1671 dlci->state = DLCI_CLOSED;
1672 if (addr)
1673 dlci->data = gsm_dlci_data;
1674 else
1675 dlci->data = gsm_dlci_command;
1676 gsm->dlci[addr] = dlci;
1677 return dlci;
1678}
1679
1680/**
6ab8fba7
RG		 1681 * gsm_dlci_free - free DLCI
1682 * @dlci: DLCI to free
1683 *
1684 * Free up a DLCI.
1685 *
1686 * Can sleep.
1687 */
9a8e62bc 1688static void gsm_dlci_free(struct tty_port *port)
6ab8fba7 1689{
9a8e62bc 1690 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
6ab8fba7
RG		 1691
1692 del_timer_sync(&dlci->t1);
1693 dlci->gsm->dlci[dlci->addr] = NULL;
036bca1f 1694 kfifo_free(&dlci->fifo);
6ab8fba7 1695 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
329e5678 1696 dev_kfree_skb(dlci->skb);
6ab8fba7
RG		 1697 kfree(dlci);
1698}
1699
1700static inline void dlci_get(struct gsm_dlci *dlci)
1701{
9a8e62bc 1702 tty_port_get(&dlci->port);
6ab8fba7
RG		 1703}
1704
1705static inline void dlci_put(struct gsm_dlci *dlci)
1706{
9a8e62bc 1707 tty_port_put(&dlci->port);
6ab8fba7
RG		 1708}
1709
4d9b1090
DB		 1710static void gsm_destroy_network(struct gsm_dlci *dlci);
1711
6ab8fba7
RG		 1712/**
1713 * gsm_dlci_release - release DLCI
e1eaea46
AC		 1714 * @dlci: DLCI to destroy
1715 *
6ab8fba7
RG		 1716 * Release a DLCI. Actual free is deferred until either
1717 * mux is closed or tty is closed - whichever is last.
e1eaea46
AC		 1718 *
1719 * Can sleep.
1720 */
6ab8fba7 1721static void gsm_dlci_release(struct gsm_dlci *dlci)
e1eaea46
AC		 1722{
1723 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1724 if (tty) {
4d9b1090
DB		 1725 mutex_lock(&dlci->mutex);
1726 gsm_destroy_network(dlci);
1727 mutex_unlock(&dlci->mutex);
1728
7030082a 1729 tty_hangup(tty);
be706572 1730
4d9b1090 1731 tty_port_tty_set(&dlci->port, NULL);
e1eaea46
AC		 1732 tty_kref_put(tty);
1733 }
4d9b1090 1734 dlci->state = DLCI_CLOSED;
6ab8fba7 1735 dlci_put(dlci);
e1eaea46
AC		 1736}
1737
e1eaea46
AC		 1738/*
1739 * LAPBish link layer logic
1740 */
1741
1742/**
1743 * gsm_queue - a GSM frame is ready to process
1744 * @gsm: pointer to our gsm mux
1745 *
1746 * At this point in time a frame has arrived and been demangled from
1747 * the line encoding. All the differences between the encodings have
1748 * been handled below us and the frame is unpacked into the structures.
1749 * The fcs holds the header FCS but any data FCS must be added here.
1750 */
1751
1752static void gsm_queue(struct gsm_mux *gsm)
1753{
1754 struct gsm_dlci *dlci;
1755 u8 cr;
1756 int address;
1757 /* We have to sneak a look at the packet body to do the FCS.
1758 A somewhat layering violation in the spec */
1759
1760 if ((gsm->control & ~PF) == UI)
1761 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
f3c909b4
AI		 1762 if (gsm->encoding == 0) {
1763 /* WARNING: gsm->received_fcs is used for
1764 gsm->encoding = 0 only.
1765 In this case it contain the last piece of data
1766 required to generate final CRC */
9db4e438
MK		 1767 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1768 }
e1eaea46
AC		 1769 if (gsm->fcs != GOOD_FCS) {
1770 gsm->bad_fcs++;
1771 if (debug & 4)
5f9a31d6 1772 pr_debug("BAD FCS %02x\n", gsm->fcs);
e1eaea46
AC		 1773 return;
1774 }
1775 address = gsm->address >> 1;
1776 if (address >= NUM_DLCI)
1777 goto invalid;
1778
1779 cr = gsm->address & 1; /* C/R bit */
1780
1781 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1782
1783 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1784 dlci = gsm->dlci[address];
1785
1786 switch (gsm->control) {
1787 case SABM|PF:
1788 if (cr == 0)
1789 goto invalid;
1790 if (dlci == NULL)
1791 dlci = gsm_dlci_alloc(gsm, address);
1792 if (dlci == NULL)
1793 return;
1794 if (dlci->dead)
1795 gsm_response(gsm, address, DM);
1796 else {
1797 gsm_response(gsm, address, UA);
1798 gsm_dlci_open(dlci);
1799 }
1800 break;
1801 case DISC|PF:
1802 if (cr == 0)
1803 goto invalid;
1804 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1805 gsm_response(gsm, address, DM);
1806 return;
1807 }
1808 /* Real close complete */
1809 gsm_response(gsm, address, UA);
1810 gsm_dlci_close(dlci);
1811 break;
1812 case UA:
1813 case UA|PF:
1814 if (cr == 0 || dlci == NULL)
1815 break;
1816 switch (dlci->state) {
1817 case DLCI_CLOSING:
1818 gsm_dlci_close(dlci);
1819 break;
1820 case DLCI_OPENING:
1821 gsm_dlci_open(dlci);
1822 break;
72ae8cc1
JS		 1823 default:
1824 pr_debug("%s: unhandled state: %d\n", __func__,
1825 dlci->state);
1826 break;
e1eaea46
AC		 1827 }
1828 break;
1829 case DM: /* DM can be valid unsolicited */
1830 case DM|PF:
1831 if (cr)
1832 goto invalid;
1833 if (dlci == NULL)
1834 return;
1835 gsm_dlci_close(dlci);
1836 break;
1837 case UI:
1838 case UI|PF:
1839 case UIH:
1840 case UIH|PF:
1841#if 0
1842 if (cr)
1843 goto invalid;
1844#endif
1845 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1846 gsm_command(gsm, address, DM|PF);
1847 return;
1848 }
1849 dlci->data(dlci, gsm->buf, gsm->len);
1850 break;
1851 default:
1852 goto invalid;
1853 }
1854 return;
1855invalid:
1856 gsm->malformed++;
1857 return;
1858}
1859
1860
1861/**
1862 * gsm0_receive - perform processing for non-transparency
1863 * @gsm: gsm data for this ldisc instance
1864 * @c: character
1865 *
1866 * Receive bytes in gsm mode 0
1867 */
1868
1869static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1870{
c2f2f000
AC		 1871 unsigned int len;
1872
e1eaea46
AC		 1873 switch (gsm->state) {
1874 case GSM_SEARCH: /* SOF marker */
1875 if (c == GSM0_SOF) {
1876 gsm->state = GSM_ADDRESS;
1877 gsm->address = 0;
1878 gsm->len = 0;
1879 gsm->fcs = INIT_FCS;
1880 }
c2f2f000
AC		 1881 break;
1882 case GSM_ADDRESS: /* Address EA */
e1eaea46
AC		 1883 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1884 if (gsm_read_ea(&gsm->address, c))
1885 gsm->state = GSM_CONTROL;
1886 break;
1887 case GSM_CONTROL: /* Control Byte */
1888 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1889 gsm->control = c;
c2f2f000 1890 gsm->state = GSM_LEN0;
e1eaea46 1891 break;
c2f2f000 1892 case GSM_LEN0: /* Length EA */
e1eaea46
AC		 1893 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1894 if (gsm_read_ea(&gsm->len, c)) {
1895 if (gsm->len > gsm->mru) {
1896 gsm->bad_size++;
1897 gsm->state = GSM_SEARCH;
1898 break;
1899 }
1900 gsm->count = 0;
c2f2f000
AC		 1901 if (!gsm->len)
1902 gsm->state = GSM_FCS;
1903 else
1904 gsm->state = GSM_DATA;
1905 break;
e1eaea46 1906 }
c2f2f000
AC		 1907 gsm->state = GSM_LEN1;
1908 break;
1909 case GSM_LEN1:
1910 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1911 len = c;
1912 gsm->len |= len << 7;
1913 if (gsm->len > gsm->mru) {
1914 gsm->bad_size++;
1915 gsm->state = GSM_SEARCH;
1916 break;
e1eaea46 1917 }
c2f2f000
AC		 1918 gsm->count = 0;
1919 if (!gsm->len)
1920 gsm->state = GSM_FCS;
1921 else
1922 gsm->state = GSM_DATA;
e1eaea46
AC		 1923 break;
1924 case GSM_DATA: /* Data */
1925 gsm->buf[gsm->count++] = c;
1926 if (gsm->count == gsm->len)
1927 gsm->state = GSM_FCS;
1928 break;
1929 case GSM_FCS: /* FCS follows the packet */
c2f2f000 1930 gsm->received_fcs = c;
e1eaea46 1931 gsm_queue(gsm);
c2f2f000
AC		 1932 gsm->state = GSM_SSOF;
1933 break;
1934 case GSM_SSOF:
1935 if (c == GSM0_SOF) {
1936 gsm->state = GSM_SEARCH;
1937 break;
1938 }
e1eaea46 1939 break;
329aa6e6
JS		 1940 default:
1941 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
1942 break;
e1eaea46
AC		 1943 }
1944}
1945
1946/**
c2f2f000 1947 * gsm1_receive - perform processing for non-transparency
e1eaea46
AC		 1948 * @gsm: gsm data for this ldisc instance
1949 * @c: character
1950 *
1951 * Receive bytes in mode 1 (Advanced option)
1952 */
1953
1954static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1955{
1956 if (c == GSM1_SOF) {
1957 /* EOF is only valid in frame if we have got to the data state
1958 and received at least one byte (the FCS) */
1959 if (gsm->state == GSM_DATA && gsm->count) {
1960 /* Extract the FCS */
1961 gsm->count--;
1962 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1963 gsm->len = gsm->count;
1964 gsm_queue(gsm);
1965 gsm->state = GSM_START;
1966 return;
1967 }
1968 /* Any partial frame was a runt so go back to start */
1969 if (gsm->state != GSM_START) {
1970 gsm->malformed++;
1971 gsm->state = GSM_START;
1972 }
1973 /* A SOF in GSM_START means we are still reading idling or
1974 framing bytes */
1975 return;
1976 }
1977
1978 if (c == GSM1_ESCAPE) {
1979 gsm->escape = 1;
1980 return;
1981 }
1982
1983 /* Only an unescaped SOF gets us out of GSM search */
1984 if (gsm->state == GSM_SEARCH)
1985 return;
1986
1987 if (gsm->escape) {
1988 c ^= GSM1_ESCAPE_BITS;
1989 gsm->escape = 0;
1990 }
1991 switch (gsm->state) {
1992 case GSM_START: /* First byte after SOF */
1993 gsm->address = 0;
1994 gsm->state = GSM_ADDRESS;
1995 gsm->fcs = INIT_FCS;
3e913eeb 1996 /* Fall through */
e1eaea46
AC		 1997 case GSM_ADDRESS: /* Address continuation */
1998 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1999 if (gsm_read_ea(&gsm->address, c))
2000 gsm->state = GSM_CONTROL;
2001 break;
2002 case GSM_CONTROL: /* Control Byte */
2003 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2004 gsm->control = c;
2005 gsm->count = 0;
2006 gsm->state = GSM_DATA;
2007 break;
2008 case GSM_DATA: /* Data */
5f9a31d6 2009 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
e1eaea46
AC		 2010 gsm->state = GSM_OVERRUN;
2011 gsm->bad_size++;
2012 } else
2013 gsm->buf[gsm->count++] = c;
2014 break;
2015 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2016 break;
329aa6e6
JS		 2017 default:
2018 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2019 break;
e1eaea46
AC		 2020 }
2021}
2022
2023/**
2024 * gsm_error - handle tty error
2025 * @gsm: ldisc data
2026 * @data: byte received (may be invalid)
2027 * @flag: error received
2028 *
2029 * Handle an error in the receipt of data for a frame. Currently we just
2030 * go back to hunting for a SOF.
2031 *
2032 * FIXME: better diagnostics ?
2033 */
2034
2035static void gsm_error(struct gsm_mux *gsm,
2036 unsigned char data, unsigned char flag)
2037{
2038 gsm->state = GSM_SEARCH;
2039 gsm->io_error++;
2040}
2041
71e07791
SH		 2042static int gsm_disconnect(struct gsm_mux *gsm)
2043{
2044 struct gsm_dlci *dlci = gsm->dlci[0];
2045 struct gsm_control *gc;
2046
2047 if (!dlci)
2048 return 0;
2049
2050 /* In theory disconnecting DLCI 0 is sufficient but for some
2051 modems this is apparently not the case. */
2052 gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2053 if (gc)
2054 gsm_control_wait(gsm, gc);
2055
2056 del_timer_sync(&gsm->t2_timer);
2057 /* Now we are sure T2 has stopped */
2058
2059 gsm_dlci_begin_close(dlci);
2060 wait_event_interruptible(gsm->event,
2061 dlci->state == DLCI_CLOSED);
2062
2063 if (signal_pending(current))
2064 return -EINTR;
2065
2066 return 0;
2067}
2068
e1eaea46
AC		 2069/**
2070 * gsm_cleanup_mux - generic GSM protocol cleanup
2071 * @gsm: our mux
2072 *
2073 * Clean up the bits of the mux which are the same for all framing
2074 * protocols. Remove the mux from the mux table, stop all the timers
2075 * and then shut down each device hanging up the channels as we go.
2076 */
2077
54af5836 2078static void gsm_cleanup_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2079{
2080 int i;
2081 struct gsm_dlci *dlci = gsm->dlci[0];
329e5678 2082 struct gsm_msg *txq, *ntxq;
e1eaea46 2083
5677fcf3 2084 gsm->dead = true;
e1eaea46
AC		 2085
2086 spin_lock(&gsm_mux_lock);
2087 for (i = 0; i < MAX_MUX; i++) {
2088 if (gsm_mux[i] == gsm) {
2089 gsm_mux[i] = NULL;
2090 break;
2091 }
2092 }
2093 spin_unlock(&gsm_mux_lock);
d175feca
JS		 2094 /* open failed before registering => nothing to do */
2095 if (i == MAX_MUX)
2096 return;
e1eaea46
AC		 2097
2098 del_timer_sync(&gsm->t2_timer);
2099 /* Now we are sure T2 has stopped */
71e07791 2100 if (dlci)
5677fcf3 2101 dlci->dead = true;
71e07791 2102
e1eaea46 2103 /* Free up any link layer users */
dfabf7ff 2104 mutex_lock(&gsm->mutex);
e1eaea46
AC		 2105 for (i = 0; i < NUM_DLCI; i++)
2106 if (gsm->dlci[i])
6ab8fba7 2107 gsm_dlci_release(gsm->dlci[i]);
dfabf7ff 2108 mutex_unlock(&gsm->mutex);
e1eaea46 2109 /* Now wipe the queues */
b4338e1e 2110 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
e1eaea46 2111 kfree(txq);
b4338e1e 2112 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46 2113}
e1eaea46
AC		 2114
2115/**
2116 * gsm_activate_mux - generic GSM setup
2117 * @gsm: our mux
2118 *
2119 * Set up the bits of the mux which are the same for all framing
2120 * protocols. Add the mux to the mux table so it can be opened and
2121 * finally kick off connecting to DLCI 0 on the modem.
2122 */
2123
54af5836 2124static int gsm_activate_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2125{
2126 struct gsm_dlci *dlci;
2127 int i = 0;
2128
e99e88a9 2129 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
e1eaea46
AC		 2130 init_waitqueue_head(&gsm->event);
2131 spin_lock_init(&gsm->control_lock);
2132 spin_lock_init(&gsm->tx_lock);
2133
2134 if (gsm->encoding == 0)
2135 gsm->receive = gsm0_receive;
2136 else
2137 gsm->receive = gsm1_receive;
2138 gsm->error = gsm_error;
2139
2140 spin_lock(&gsm_mux_lock);
2141 for (i = 0; i < MAX_MUX; i++) {
2142 if (gsm_mux[i] == NULL) {
d50f6dca 2143 gsm->num = i;
e1eaea46
AC		 2144 gsm_mux[i] = gsm;
2145 break;
2146 }
2147 }
2148 spin_unlock(&gsm_mux_lock);
2149 if (i == MAX_MUX)
2150 return -EBUSY;
2151
2152 dlci = gsm_dlci_alloc(gsm, 0);
2153 if (dlci == NULL)
2154 return -ENOMEM;
5677fcf3 2155 gsm->dead = false; /* Tty opens are now permissible */
e1eaea46
AC		 2156 return 0;
2157}
e1eaea46
AC		 2158
2159/**
2160 * gsm_free_mux - free up a mux
2161 * @mux: mux to free
2162 *
6ab8fba7 2163 * Dispose of allocated resources for a dead mux
e1eaea46 2164 */
54af5836 2165static void gsm_free_mux(struct gsm_mux *gsm)
e1eaea46
AC		 2166{
2167 kfree(gsm->txframe);
2168 kfree(gsm->buf);
2169 kfree(gsm);
2170}
e1eaea46 2171
6ab8fba7
RG		 2172/**
2173 * gsm_free_muxr - free up a mux
2174 * @mux: mux to free
2175 *
2176 * Dispose of allocated resources for a dead mux
2177 */
2178static void gsm_free_muxr(struct kref *ref)
2179{
2180 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2181 gsm_free_mux(gsm);
2182}
2183
2184static inline void mux_get(struct gsm_mux *gsm)
2185{
2186 kref_get(&gsm->ref);
2187}
2188
2189static inline void mux_put(struct gsm_mux *gsm)
2190{
2191 kref_put(&gsm->ref, gsm_free_muxr);
2192}
2193
43a9e710
MH		 2194static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2195{
2196 return gsm->num * NUM_DLCI;
2197}
2198
2199static inline unsigned int mux_line_to_num(unsigned int line)
2200{
2201 return line / NUM_DLCI;
2202}
2203
e1eaea46
AC		 2204/**
2205 * gsm_alloc_mux - allocate a mux
2206 *
2207 * Creates a new mux ready for activation.
2208 */
2209
54af5836 2210static struct gsm_mux *gsm_alloc_mux(void)
e1eaea46
AC		 2211{
2212 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2213 if (gsm == NULL)
2214 return NULL;
2215 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2216 if (gsm->buf == NULL) {
2217 kfree(gsm);
2218 return NULL;
2219 }
2220 gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2221 if (gsm->txframe == NULL) {
2222 kfree(gsm->buf);
2223 kfree(gsm);
2224 return NULL;
2225 }
2226 spin_lock_init(&gsm->lock);
dfabf7ff 2227 mutex_init(&gsm->mutex);
6ab8fba7 2228 kref_init(&gsm->ref);
b4338e1e 2229 INIT_LIST_HEAD(&gsm->tx_list);
e1eaea46
AC		 2230
2231 gsm->t1 = T1;
2232 gsm->t2 = T2;
2233 gsm->n2 = N2;
2234 gsm->ftype = UIH;
e1eaea46
AC		 2235 gsm->adaption = 1;
2236 gsm->encoding = 1;
2237 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2238 gsm->mtu = 64;
5677fcf3 2239 gsm->dead = true; /* Avoid early tty opens */
e1eaea46
AC		 2240
2241 return gsm;
2242}
e1eaea46 2243
33841040
TL		 2244static void gsm_copy_config_values(struct gsm_mux *gsm,
2245 struct gsm_config *c)
2246{
2247 memset(c, 0, sizeof(*c));
2248 c->adaption = gsm->adaption;
2249 c->encapsulation = gsm->encoding;
2250 c->initiator = gsm->initiator;
2251 c->t1 = gsm->t1;
2252 c->t2 = gsm->t2;
2253 c->t3 = 0; /* Not supported */
2254 c->n2 = gsm->n2;
2255 if (gsm->ftype == UIH)
2256 c->i = 1;
2257 else
2258 c->i = 2;
2259 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2260 c->mru = gsm->mru;
2261 c->mtu = gsm->mtu;
2262 c->k = 0;
2263}
2264
2265static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2266{
2267 int need_close = 0;
2268 int need_restart = 0;
2269
2270 /* Stuff we don't support yet - UI or I frame transport, windowing */
2271 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2272 return -EOPNOTSUPP;
2273 /* Check the MRU/MTU range looks sane */
2274 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2275 return -EINVAL;
2276 if (c->n2 < 3)
2277 return -EINVAL;
2278 if (c->encapsulation > 1) /* Basic, advanced, no I */
2279 return -EINVAL;
2280 if (c->initiator > 1)
2281 return -EINVAL;
2282 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2283 return -EINVAL;
2284 /*
2285 * See what is needed for reconfiguration
2286 */
2287
2288 /* Timing fields */
2289 if (c->t1 != 0 && c->t1 != gsm->t1)
2290 need_restart = 1;
2291 if (c->t2 != 0 && c->t2 != gsm->t2)
2292 need_restart = 1;
2293 if (c->encapsulation != gsm->encoding)
2294 need_restart = 1;
2295 if (c->adaption != gsm->adaption)
2296 need_restart = 1;
2297 /* Requires care */
2298 if (c->initiator != gsm->initiator)
2299 need_close = 1;
2300 if (c->mru != gsm->mru)
2301 need_restart = 1;
2302 if (c->mtu != gsm->mtu)
2303 need_restart = 1;
2304
2305 /*
2306 * Close down what is needed, restart and initiate the new
2307 * configuration
2308 */
2309
2310 if (need_close || need_restart) {
2311 int ret;
2312
2313 ret = gsm_disconnect(gsm);
2314
2315 if (ret)
2316 return ret;
2317 }
2318 if (need_restart)
2319 gsm_cleanup_mux(gsm);
2320
2321 gsm->initiator = c->initiator;
2322 gsm->mru = c->mru;
2323 gsm->mtu = c->mtu;
2324 gsm->encoding = c->encapsulation;
2325 gsm->adaption = c->adaption;
2326 gsm->n2 = c->n2;
2327
2328 if (c->i == 1)
2329 gsm->ftype = UIH;
2330 else if (c->i == 2)
2331 gsm->ftype = UI;
2332
2333 if (c->t1)
2334 gsm->t1 = c->t1;
2335 if (c->t2)
2336 gsm->t2 = c->t2;
2337
2338 /*
2339 * FIXME: We need to separate activation/deactivation from adding
2340 * and removing from the mux array
2341 */
2342 if (need_restart)
2343 gsm_activate_mux(gsm);
2344 if (gsm->initiator && need_close)
2345 gsm_dlci_begin_open(gsm->dlci[0]);
2346 return 0;
2347}
2348
e1eaea46
AC		 2349/**
2350 * gsmld_output - write to link
2351 * @gsm: our mux
2352 * @data: bytes to output
2353 * @len: size
2354 *
2355 * Write a block of data from the GSM mux to the data channel. This
2356 * will eventually be serialized from above but at the moment isn't.
2357 */
2358
2359static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2360{
2361 if (tty_write_room(gsm->tty) < len) {
2362 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2363 return -ENOSPC;
2364 }
0a77c4f9
JP		 2365 if (debug & 4)
2366 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2367 data, len);
e1eaea46
AC		 2368 gsm->tty->ops->write(gsm->tty, data, len);
2369 return len;
2370}
2371
2372/**
2373 * gsmld_attach_gsm - mode set up
2374 * @tty: our tty structure
2375 * @gsm: our mux
2376 *
2377 * Set up the MUX for basic mode and commence connecting to the
2378 * modem. Currently called from the line discipline set up but
2379 * will need moving to an ioctl path.
2380 */
2381
2382static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2383{
43a9e710
MH		 2384 unsigned int base;
2385 int ret, i;
e1eaea46
AC		 2386
2387 gsm->tty = tty_kref_get(tty);
2388 gsm->output = gsmld_output;
2389 ret = gsm_activate_mux(gsm);
2390 if (ret != 0)
2391 tty_kref_put(gsm->tty);
d50f6dca
RG		 2392 else {
2393 /* Don't register device 0 - this is the control channel and not
2394 a usable tty interface */
43a9e710 2395 base = mux_num_to_base(gsm); /* Base for this MUX */
d50f6dca
RG		 2396 for (i = 1; i < NUM_DLCI; i++)
2397 tty_register_device(gsm_tty_driver, base + i, NULL);
2398 }
e1eaea46
AC		 2399 return ret;
2400}
2401
2402
2403/**
2404 * gsmld_detach_gsm - stop doing 0710 mux
70f23fd6 2405 * @tty: tty attached to the mux
e1eaea46
AC		 2406 * @gsm: mux
2407 *
2408 * Shutdown and then clean up the resources used by the line discipline
2409 */
2410
2411static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2412{
43a9e710 2413 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
d50f6dca 2414 int i;
d50f6dca 2415
e1eaea46 2416 WARN_ON(tty != gsm->tty);
d50f6dca
RG		 2417 for (i = 1; i < NUM_DLCI; i++)
2418 tty_unregister_device(gsm_tty_driver, base + i);
e1eaea46
AC		 2419 gsm_cleanup_mux(gsm);
2420 tty_kref_put(gsm->tty);
2421 gsm->tty = NULL;
2422}
2423
55db4c64
LT		 2424static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2425 char *fp, int count)
e1eaea46
AC		 2426{
2427 struct gsm_mux *gsm = tty->disc_data;
2428 const unsigned char *dp;
2429 char *f;
2430 int i;
82f91fe0 2431 char flags = TTY_NORMAL;
e1eaea46 2432
0a77c4f9
JP		 2433 if (debug & 4)
2434 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2435 cp, count);
e1eaea46
AC		 2436
2437 for (i = count, dp = cp, f = fp; i; i--, dp++) {
82f91fe0
PH		 2438 if (f)
2439 flags = *f++;
e1eaea46
AC		 2440 switch (flags) {
2441 case TTY_NORMAL:
2442 gsm->receive(gsm, *dp);
2443 break;
2444 case TTY_OVERRUN:
2445 case TTY_BREAK:
2446 case TTY_PARITY:
2447 case TTY_FRAME:
2448 gsm->error(gsm, *dp, flags);
2449 break;
2450 default:
c01af4fe 2451 WARN_ONCE(1, "%s: unknown flag %d\n",
429b4749 2452 tty_name(tty), flags);
e1eaea46
AC		 2453 break;
2454 }
2455 }
2456 /* FASYNC if needed ? */
2457 /* If clogged call tty_throttle(tty); */
2458}
2459
e1eaea46
AC		 2460/**
2461 * gsmld_flush_buffer - clean input queue
2462 * @tty: terminal device
2463 *
2464 * Flush the input buffer. Called when the line discipline is
2465 * being closed, when the tty layer wants the buffer flushed (eg
2466 * at hangup).
2467 */
2468
2469static void gsmld_flush_buffer(struct tty_struct *tty)
2470{
2471}
2472
2473/**
2474 * gsmld_close - close the ldisc for this tty
2475 * @tty: device
2476 *
2477 * Called from the terminal layer when this line discipline is
2478 * being shut down, either because of a close or becsuse of a
2479 * discipline change. The function will not be called while other
2480 * ldisc methods are in progress.
2481 */
2482
2483static void gsmld_close(struct tty_struct *tty)
2484{
2485 struct gsm_mux *gsm = tty->disc_data;
2486
2487 gsmld_detach_gsm(tty, gsm);
2488
2489 gsmld_flush_buffer(tty);
2490 /* Do other clean up here */
6ab8fba7 2491 mux_put(gsm);
e1eaea46
AC		 2492}
2493
2494/**
2495 * gsmld_open - open an ldisc
2496 * @tty: terminal to open
2497 *
2498 * Called when this line discipline is being attached to the
2499 * terminal device. Can sleep. Called serialized so that no
2500 * other events will occur in parallel. No further open will occur
2501 * until a close.
2502 */
2503
2504static int gsmld_open(struct tty_struct *tty)
2505{
2506 struct gsm_mux *gsm;
5a640967 2507 int ret;
e1eaea46
AC		 2508
2509 if (tty->ops->write == NULL)
2510 return -EINVAL;
2511
2512 /* Attach our ldisc data */
2513 gsm = gsm_alloc_mux();
2514 if (gsm == NULL)
2515 return -ENOMEM;
2516
2517 tty->disc_data = gsm;
2518 tty->receive_room = 65536;
2519
2520 /* Attach the initial passive connection */
2521 gsm->encoding = 1;
5a640967 2522
2523 ret = gsmld_attach_gsm(tty, gsm);
2524 if (ret != 0) {
2525 gsm_cleanup_mux(gsm);
2526 mux_put(gsm);
2527 }
2528 return ret;
e1eaea46
AC		 2529}
2530
2531/**
2532 * gsmld_write_wakeup - asynchronous I/O notifier
2533 * @tty: tty device
2534 *
2535 * Required for the ptys, serial driver etc. since processes
2536 * that attach themselves to the master and rely on ASYNC
2537 * IO must be woken up
2538 */
2539
2540static void gsmld_write_wakeup(struct tty_struct *tty)
2541{
2542 struct gsm_mux *gsm = tty->disc_data;
328be395 2543 unsigned long flags;
e1eaea46
AC		 2544
2545 /* Queue poll */
2546 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
5e44708f 2547 spin_lock_irqsave(&gsm->tx_lock, flags);
e1eaea46 2548 gsm_data_kick(gsm);
328be395 2549 if (gsm->tx_bytes < TX_THRESH_LO) {
e1eaea46 2550 gsm_dlci_data_sweep(gsm);
328be395 2551 }
5e44708f 2552 spin_unlock_irqrestore(&gsm->tx_lock, flags);
e1eaea46
AC		 2553}
2554
2555/**
2556 * gsmld_read - read function for tty
2557 * @tty: tty device
2558 * @file: file object
2559 * @buf: userspace buffer pointer
2560 * @nr: size of I/O
2561 *
2562 * Perform reads for the line discipline. We are guaranteed that the
2563 * line discipline will not be closed under us but we may get multiple
2564 * parallel readers and must handle this ourselves. We may also get
2565 * a hangup. Always called in user context, may sleep.
2566 *
2567 * This code must be sure never to sleep through a hangup.
2568 */
2569
2570static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2571 unsigned char __user *buf, size_t nr)
2572{
2573 return -EOPNOTSUPP;
2574}
2575
2576/**
2577 * gsmld_write - write function for tty
2578 * @tty: tty device
2579 * @file: file object
2580 * @buf: userspace buffer pointer
2581 * @nr: size of I/O
2582 *
2583 * Called when the owner of the device wants to send a frame
2584 * itself (or some other control data). The data is transferred
2585 * as-is and must be properly framed and checksummed as appropriate
2586 * by userspace. Frames are either sent whole or not at all as this
2587 * avoids pain user side.
2588 */
2589
2590static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2591 const unsigned char *buf, size_t nr)
2592{
2593 int space = tty_write_room(tty);
2594 if (space >= nr)
2595 return tty->ops->write(tty, buf, nr);
2596 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2597 return -ENOBUFS;
2598}
2599
2600/**
2601 * gsmld_poll - poll method for N_GSM0710
2602 * @tty: terminal device
2603 * @file: file accessing it
2604 * @wait: poll table
2605 *
2606 * Called when the line discipline is asked to poll() for data or
2607 * for special events. This code is not serialized with respect to
2608 * other events save open/close.
2609 *
2610 * This code must be sure never to sleep through a hangup.
2611 * Called without the kernel lock held - fine
2612 */
2613
afc9a42b 2614static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
e1eaea46
AC		 2615 poll_table *wait)
2616{
afc9a42b 2617 __poll_t mask = 0;
e1eaea46
AC		 2618 struct gsm_mux *gsm = tty->disc_data;
2619
2620 poll_wait(file, &tty->read_wait, wait);
2621 poll_wait(file, &tty->write_wait, wait);
2622 if (tty_hung_up_p(file))
a9a08845 2623 mask |= EPOLLHUP;
e1eaea46 2624 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
a9a08845 2625 mask |= EPOLLOUT | EPOLLWRNORM;
e1eaea46 2626 if (gsm->dead)
a9a08845 2627 mask |= EPOLLHUP;
e1eaea46
AC		 2628 return mask;
2629}
2630
e1eaea46
AC		 2631static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2632 unsigned int cmd, unsigned long arg)
2633{
2634 struct gsm_config c;
2635 struct gsm_mux *gsm = tty->disc_data;
a7b121b4 2636 unsigned int base;
e1eaea46
AC		 2637
2638 switch (cmd) {
2639 case GSMIOC_GETCONF:
33841040 2640 gsm_copy_config_values(gsm, &c);
edd05a73 2641 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
e1eaea46
AC		 2642 return -EFAULT;
2643 return 0;
2644 case GSMIOC_SETCONF:
edd05a73 2645 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
e1eaea46 2646 return -EFAULT;
33841040 2647 return gsm_config(gsm, &c);
a7b121b4
MH		 2648 case GSMIOC_GETFIRST:
2649 base = mux_num_to_base(gsm);
2650 return put_user(base + 1, (__u32 __user *)arg);
e1eaea46
AC		 2651 default:
2652 return n_tty_ioctl_helper(tty, file, cmd, arg);
2653 }
2654}
2655
bcd5abe2
RG		 2656/*
2657 * Network interface
2658 *
2659 */
2660
2661static int gsm_mux_net_open(struct net_device *net)
2662{
2663 pr_debug("%s called\n", __func__);
2664 netif_start_queue(net);
2665 return 0;
2666}
2667
2668static int gsm_mux_net_close(struct net_device *net)
2669{
2670 netif_stop_queue(net);
2671 return 0;
2672}
2673
bcd5abe2
RG		 2674static void dlci_net_free(struct gsm_dlci *dlci)
2675{
2676 if (!dlci->net) {
2677 WARN_ON(1);
2678 return;
2679 }
2680 dlci->adaption = dlci->prev_adaption;
2681 dlci->data = dlci->prev_data;
2682 free_netdev(dlci->net);
2683 dlci->net = NULL;
2684}
2685static void net_free(struct kref *ref)
2686{
2687 struct gsm_mux_net *mux_net;
2688 struct gsm_dlci *dlci;
2689
2690 mux_net = container_of(ref, struct gsm_mux_net, ref);
2691 dlci = mux_net->dlci;
2692
2693 if (dlci->net) {
2694 unregister_netdev(dlci->net);
2695 dlci_net_free(dlci);
2696 }
2697}
2698
6ab8fba7
RG		 2699static inline void muxnet_get(struct gsm_mux_net *mux_net)
2700{
2701 kref_get(&mux_net->ref);
2702}
2703
2704static inline void muxnet_put(struct gsm_mux_net *mux_net)
2705{
2706 kref_put(&mux_net->ref, net_free);
2707}
2708
2468b3e4 2709static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
bcd5abe2
RG		 2710 struct net_device *net)
2711{
5dbc32a8 2712 struct gsm_mux_net *mux_net = netdev_priv(net);
bcd5abe2 2713 struct gsm_dlci *dlci = mux_net->dlci;
6ab8fba7 2714 muxnet_get(mux_net);
bcd5abe2
RG		 2715
2716 skb_queue_head(&dlci->skb_list, skb);
47baf1ad
TK		 2717 net->stats.tx_packets++;
2718 net->stats.tx_bytes += skb->len;
bcd5abe2
RG		 2719 gsm_dlci_data_kick(dlci);
2720 /* And tell the kernel when the last transmit started. */
860e9538 2721 netif_trans_update(net);
6ab8fba7 2722 muxnet_put(mux_net);
bcd5abe2
RG		 2723 return NETDEV_TX_OK;
2724}
2725
2726/* called when a packet did not ack after watchdogtimeout */
0290bd29 2727static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
bcd5abe2
RG		 2728{
2729 /* Tell syslog we are hosed. */
2730 dev_dbg(&net->dev, "Tx timed out.\n");
2731
2732 /* Update statistics */
47baf1ad 2733 net->stats.tx_errors++;
bcd5abe2
RG		 2734}
2735
2736static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
4feb7a4a 2737 const unsigned char *in_buf, int size)
bcd5abe2
RG		 2738{
2739 struct net_device *net = dlci->net;
2740 struct sk_buff *skb;
5dbc32a8 2741 struct gsm_mux_net *mux_net = netdev_priv(net);
6ab8fba7 2742 muxnet_get(mux_net);
bcd5abe2
RG		 2743
2744 /* Allocate an sk_buff */
2745 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2746 if (!skb) {
2747 /* We got no receive buffer. */
47baf1ad 2748 net->stats.rx_dropped++;
6ab8fba7 2749 muxnet_put(mux_net);
bcd5abe2
RG		 2750 return;
2751 }
2752 skb_reserve(skb, NET_IP_ALIGN);
59ae1d12 2753 skb_put_data(skb, in_buf, size);
bcd5abe2
RG		 2754
2755 skb->dev = net;
75406b3b 2756 skb->protocol = htons(ETH_P_IP);
bcd5abe2
RG		 2757
2758 /* Ship it off to the kernel */
2759 netif_rx(skb);
2760
2761 /* update out statistics */
47baf1ad
TK		 2762 net->stats.rx_packets++;
2763 net->stats.rx_bytes += size;
6ab8fba7 2764 muxnet_put(mux_net);
bcd5abe2
RG		 2765 return;
2766}
2767
bcd5abe2
RG		 2768static void gsm_mux_net_init(struct net_device *net)
2769{
2770 static const struct net_device_ops gsm_netdev_ops = {
2771 .ndo_open = gsm_mux_net_open,
2772 .ndo_stop = gsm_mux_net_close,
2773 .ndo_start_xmit = gsm_mux_net_start_xmit,
2774 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
bcd5abe2
RG		 2775 };
2776
2777 net->netdev_ops = &gsm_netdev_ops;
2778
2779 /* fill in the other fields */
2780 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2781 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2782 net->type = ARPHRD_NONE;
2783 net->tx_queue_len = 10;
2784}
2785
2786
2787/* caller holds the dlci mutex */
2788static void gsm_destroy_network(struct gsm_dlci *dlci)
2789{
2790 struct gsm_mux_net *mux_net;
2791
d8ca4ecf 2792 pr_debug("destroy network interface\n");
bcd5abe2
RG		 2793 if (!dlci->net)
2794 return;
5dbc32a8 2795 mux_net = netdev_priv(dlci->net);
6ab8fba7 2796 muxnet_put(mux_net);
bcd5abe2
RG		 2797}
2798
2799
2800/* caller holds the dlci mutex */
2801static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2802{
2803 char *netname;
2804 int retval = 0;
2805 struct net_device *net;
2806 struct gsm_mux_net *mux_net;
2807
2808 if (!capable(CAP_NET_ADMIN))
2809 return -EPERM;
2810
2811 /* Already in a non tty mode */
2812 if (dlci->adaption > 2)
2813 return -EBUSY;
2814
2815 if (nc->protocol != htons(ETH_P_IP))
2816 return -EPROTONOSUPPORT;
2817
2818 if (nc->adaption != 3 && nc->adaption != 4)
2819 return -EPROTONOSUPPORT;
2820
d8ca4ecf 2821 pr_debug("create network interface\n");
bcd5abe2
RG		 2822
2823 netname = "gsm%d";
2824 if (nc->if_name[0] != '\0')
2825 netname = nc->if_name;
c835a677
TG		 2826 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2827 NET_NAME_UNKNOWN, gsm_mux_net_init);
bcd5abe2 2828 if (!net) {
d8ca4ecf 2829 pr_err("alloc_netdev failed\n");
bcd5abe2
RG		 2830 return -ENOMEM;
2831 }
2832 net->mtu = dlci->gsm->mtu;
9c22b4a3
JW		 2833 net->min_mtu = 8;
2834 net->max_mtu = dlci->gsm->mtu;
5dbc32a8 2835 mux_net = netdev_priv(net);
bcd5abe2
RG		 2836 mux_net->dlci = dlci;
2837 kref_init(&mux_net->ref);
2838 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2839
2840 /* reconfigure dlci for network */
2841 dlci->prev_adaption = dlci->adaption;
2842 dlci->prev_data = dlci->data;
2843 dlci->adaption = nc->adaption;
2844 dlci->data = gsm_mux_rx_netchar;
2845 dlci->net = net;
2846
d8ca4ecf 2847 pr_debug("register netdev\n");
bcd5abe2
RG		 2848 retval = register_netdev(net);
2849 if (retval) {
2850 pr_err("network register fail %d\n", retval);
2851 dlci_net_free(dlci);
2852 return retval;
2853 }
2854 return net->ifindex; /* return network index */
2855}
e1eaea46
AC		 2856
2857/* Line discipline for real tty */
d3157b2c 2858static struct tty_ldisc_ops tty_ldisc_packet = {
e1eaea46
AC		 2859 .owner = THIS_MODULE,
2860 .magic = TTY_LDISC_MAGIC,
2861 .name = "n_gsm",
2862 .open = gsmld_open,
2863 .close = gsmld_close,
2864 .flush_buffer = gsmld_flush_buffer,
e1eaea46
AC		 2865 .read = gsmld_read,
2866 .write = gsmld_write,
2867 .ioctl = gsmld_ioctl,
2868 .poll = gsmld_poll,
2869 .receive_buf = gsmld_receive_buf,
2870 .write_wakeup = gsmld_write_wakeup
2871};
2872
2873/*
2874 * Virtual tty side
2875 */
2876
2877#define TX_SIZE 512
2878
2879static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2880{
2881 u8 modembits[5];
2882 struct gsm_control *ctrl;
2883 int len = 2;
2884
2885 if (brk)
2886 len++;
2887
2888 modembits[0] = len << 1 | EA; /* Data bytes */
2889 modembits[1] = dlci->addr << 2 | 3; /* DLCI, EA, 1 */
2890 modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2891 if (brk)
2892 modembits[3] = brk << 4 | 2 | EA; /* Valid, EA */
2893 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2894 if (ctrl == NULL)
2895 return -ENOMEM;
2896 return gsm_control_wait(dlci->gsm, ctrl);
2897}
2898
2899static int gsm_carrier_raised(struct tty_port *port)
2900{
2901 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
b2d89ad9
TL		 2902 struct gsm_mux *gsm = dlci->gsm;
2903
e1eaea46
AC		 2904 /* Not yet open so no carrier info */
2905 if (dlci->state != DLCI_OPEN)
2906 return 0;
2907 if (debug & 2)
2908 return 1;
b2d89ad9
TL		 2909
2910 /*
2911 * Basic mode with control channel in ADM mode may not respond
2912 * to CMD_MSC at all and modem_rx is empty.
2913 */
2914 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
2915 !dlci->modem_rx)
2916 return 1;
2917
e1eaea46
AC		 2918 return dlci->modem_rx & TIOCM_CD;
2919}
2920
2921static void gsm_dtr_rts(struct tty_port *port, int onoff)
2922{
2923 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2924 unsigned int modem_tx = dlci->modem_tx;
2925 if (onoff)
2926 modem_tx |= TIOCM_DTR | TIOCM_RTS;
2927 else
2928 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2929 if (modem_tx != dlci->modem_tx) {
2930 dlci->modem_tx = modem_tx;
2931 gsmtty_modem_update(dlci, 0);
2932 }
2933}
2934
2935static const struct tty_port_operations gsm_port_ops = {
2936 .carrier_raised = gsm_carrier_raised,
2937 .dtr_rts = gsm_dtr_rts,
9a8e62bc 2938 .destruct = gsm_dlci_free,
e1eaea46
AC		 2939};
2940
86176ed9 2941static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
e1eaea46
AC		 2942{
2943 struct gsm_mux *gsm;
2944 struct gsm_dlci *dlci;
e1eaea46 2945 unsigned int line = tty->index;
43a9e710 2946 unsigned int mux = mux_line_to_num(line);
86176ed9
JS		 2947 bool alloc = false;
2948 int ret;
e1eaea46
AC		 2949
2950 line = line & 0x3F;
2951
2952 if (mux >= MAX_MUX)
2953 return -ENXIO;
2954 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2955 if (gsm_mux[mux] == NULL)
2956 return -EUNATCH;
2957 if (line == 0 || line > 61) /* 62/63 reserved */
2958 return -ECHRNG;
2959 gsm = gsm_mux[mux];
2960 if (gsm->dead)
2961 return -EL2HLT;
f3c909b4
AI		 2962 /* If DLCI 0 is not yet fully open return an error.
2963 This is ok from a locking
2964 perspective as we don't have to worry about this
2965 if DLCI0 is lost */
dfabf7ff
CB		 2966 mutex_lock(&gsm->mutex);
2967 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
2968 mutex_unlock(&gsm->mutex);
7e8ac7b2 2969 return -EL2NSYNC;
dfabf7ff 2970 }
e1eaea46 2971 dlci = gsm->dlci[line];
86176ed9
JS		 2972 if (dlci == NULL) {
2973 alloc = true;
e1eaea46 2974 dlci = gsm_dlci_alloc(gsm, line);
86176ed9 2975 }
dfabf7ff
CB		 2976 if (dlci == NULL) {
2977 mutex_unlock(&gsm->mutex);
e1eaea46 2978 return -ENOMEM;
dfabf7ff 2979 }
86176ed9
JS		 2980 ret = tty_port_install(&dlci->port, driver, tty);
2981 if (ret) {
2982 if (alloc)
2983 dlci_put(dlci);
dfabf7ff 2984 mutex_unlock(&gsm->mutex);
86176ed9
JS		 2985 return ret;
2986 }
2987
dfabf7ff
CB		 2988 dlci_get(dlci);
2989 dlci_get(gsm->dlci[0]);
2990 mux_get(gsm);
e1eaea46 2991 tty->driver_data = dlci;
dfabf7ff 2992 mutex_unlock(&gsm->mutex);
86176ed9
JS		 2993
2994 return 0;
2995}
2996
2997static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2998{
2999 struct gsm_dlci *dlci = tty->driver_data;
3000 struct tty_port *port = &dlci->port;
3001
3002 port->count++;
e1eaea46
AC		 3003 tty_port_tty_set(port, tty);
3004
3005 dlci->modem_rx = 0;
3006 /* We could in theory open and close before we wait - eg if we get
3007 a DM straight back. This is ok as that will have caused a hangup */
d41861ca 3008 tty_port_set_initialized(port, 1);
e1eaea46
AC		 3009 /* Start sending off SABM messages */
3010 gsm_dlci_begin_open(dlci);
3011 /* And wait for virtual carrier */
3012 return tty_port_block_til_ready(port, tty, filp);
3013}
3014
3015static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3016{
3017 struct gsm_dlci *dlci = tty->driver_data;
6ab8fba7 3018
e1eaea46
AC		 3019 if (dlci == NULL)
3020 return;
4d9b1090
DB		 3021 if (dlci->state == DLCI_CLOSED)
3022 return;
bcd5abe2
RG		 3023 mutex_lock(&dlci->mutex);
3024 gsm_destroy_network(dlci);
3025 mutex_unlock(&dlci->mutex);
e1eaea46 3026 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
dfabf7ff 3027 return;
e1eaea46 3028 gsm_dlci_begin_close(dlci);
d41861ca
PH		 3029 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3030 tty_port_lower_dtr_rts(&dlci->port);
e1eaea46
AC		 3031 tty_port_close_end(&dlci->port, tty);
3032 tty_port_tty_set(&dlci->port, NULL);
dfabf7ff 3033 return;
e1eaea46
AC		 3034}
3035
3036static void gsmtty_hangup(struct tty_struct *tty)
3037{
3038 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3039 if (dlci->state == DLCI_CLOSED)
3040 return;
e1eaea46
AC		 3041 tty_port_hangup(&dlci->port);
3042 gsm_dlci_begin_close(dlci);
3043}
3044
3045static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3046 int len)
3047{
4d9b1090 3048 int sent;
e1eaea46 3049 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3050 if (dlci->state == DLCI_CLOSED)
3051 return -EINVAL;
e1eaea46 3052 /* Stuff the bytes into the fifo queue */
036bca1f 3053 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
e1eaea46
AC		 3054 /* Need to kick the channel */
3055 gsm_dlci_data_kick(dlci);
3056 return sent;
3057}
3058
3059static int gsmtty_write_room(struct tty_struct *tty)
3060{
3061 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3062 if (dlci->state == DLCI_CLOSED)
3063 return -EINVAL;
036bca1f 3064 return TX_SIZE - kfifo_len(&dlci->fifo);
e1eaea46
AC		 3065}
3066
3067static int gsmtty_chars_in_buffer(struct tty_struct *tty)
3068{
3069 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3070 if (dlci->state == DLCI_CLOSED)
3071 return -EINVAL;
036bca1f 3072 return kfifo_len(&dlci->fifo);
e1eaea46
AC		 3073}
3074
3075static void gsmtty_flush_buffer(struct tty_struct *tty)
3076{
3077 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3078 if (dlci->state == DLCI_CLOSED)
3079 return;
e1eaea46
AC		 3080 /* Caution needed: If we implement reliable transport classes
3081 then the data being transmitted can't simply be junked once
3082 it has first hit the stack. Until then we can just blow it
3083 away */
036bca1f 3084 kfifo_reset(&dlci->fifo);
e1eaea46
AC		 3085 /* Need to unhook this DLCI from the transmit queue logic */
3086}
3087
3088static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3089{
3090 /* The FIFO handles the queue so the kernel will do the right
3091 thing waiting on chars_in_buffer before calling us. No work
3092 to do here */
3093}
3094
60b33c13 3095static int gsmtty_tiocmget(struct tty_struct *tty)
e1eaea46
AC		 3096{
3097 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3098 if (dlci->state == DLCI_CLOSED)
3099 return -EINVAL;
e1eaea46
AC		 3100 return dlci->modem_rx;
3101}
3102
20b9d177 3103static int gsmtty_tiocmset(struct tty_struct *tty,
e1eaea46
AC		 3104 unsigned int set, unsigned int clear)
3105{
3106 struct gsm_dlci *dlci = tty->driver_data;
3107 unsigned int modem_tx = dlci->modem_tx;
3108
4d9b1090
DB		 3109 if (dlci->state == DLCI_CLOSED)
3110 return -EINVAL;
cf16807b 3111 modem_tx &= ~clear;
e1eaea46
AC		 3112 modem_tx |= set;
3113
3114 if (modem_tx != dlci->modem_tx) {
3115 dlci->modem_tx = modem_tx;
3116 return gsmtty_modem_update(dlci, 0);
3117 }
3118 return 0;
3119}
3120
3121
6caa76b7 3122static int gsmtty_ioctl(struct tty_struct *tty,
e1eaea46
AC		 3123 unsigned int cmd, unsigned long arg)
3124{
bcd5abe2
RG		 3125 struct gsm_dlci *dlci = tty->driver_data;
3126 struct gsm_netconfig nc;
3127 int index;
3128
4d9b1090
DB		 3129 if (dlci->state == DLCI_CLOSED)
3130 return -EINVAL;
bcd5abe2
RG		 3131 switch (cmd) {
3132 case GSMIOC_ENABLE_NET:
3133 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3134 return -EFAULT;
3135 nc.if_name[IFNAMSIZ-1] = '\0';
3136 /* return net interface index or error code */
3137 mutex_lock(&dlci->mutex);
3138 index = gsm_create_network(dlci, &nc);
3139 mutex_unlock(&dlci->mutex);
3140 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3141 return -EFAULT;
3142 return index;
3143 case GSMIOC_DISABLE_NET:
3144 if (!capable(CAP_NET_ADMIN))
3145 return -EPERM;
3146 mutex_lock(&dlci->mutex);
3147 gsm_destroy_network(dlci);
3148 mutex_unlock(&dlci->mutex);
3149 return 0;
3150 default:
3151 return -ENOIOCTLCMD;
3152 }
e1eaea46
AC		 3153}
3154
3155static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3156{
4d9b1090
DB		 3157 struct gsm_dlci *dlci = tty->driver_data;
3158 if (dlci->state == DLCI_CLOSED)
3159 return;
e1eaea46
AC		 3160 /* For the moment its fixed. In actual fact the speed information
3161 for the virtual channel can be propogated in both directions by
3162 the RPN control message. This however rapidly gets nasty as we
3163 then have to remap modem signals each way according to whether
3164 our virtual cable is null modem etc .. */
adc8d746 3165 tty_termios_copy_hw(&tty->termios, old);
e1eaea46
AC		 3166}
3167
3168static void gsmtty_throttle(struct tty_struct *tty)
3169{
3170 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3171 if (dlci->state == DLCI_CLOSED)
3172 return;
9db276f8 3173 if (C_CRTSCTS(tty))
e1eaea46 3174 dlci->modem_tx &= ~TIOCM_DTR;
e9360b9a 3175 dlci->throttled = true;
e1eaea46
AC		 3176 /* Send an MSC with DTR cleared */
3177 gsmtty_modem_update(dlci, 0);
3178}
3179
3180static void gsmtty_unthrottle(struct tty_struct *tty)
3181{
3182 struct gsm_dlci *dlci = tty->driver_data;
4d9b1090
DB		 3183 if (dlci->state == DLCI_CLOSED)
3184 return;
9db276f8 3185 if (C_CRTSCTS(tty))
e1eaea46 3186 dlci->modem_tx |= TIOCM_DTR;
e9360b9a 3187 dlci->throttled = false;
e1eaea46
AC		 3188 /* Send an MSC with DTR set */
3189 gsmtty_modem_update(dlci, 0);
3190}
3191
3192static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3193{
3194 struct gsm_dlci *dlci = tty->driver_data;
3195 int encode = 0; /* Off */
4d9b1090
DB		 3196 if (dlci->state == DLCI_CLOSED)
3197 return -EINVAL;
e1eaea46
AC		 3198
3199 if (state == -1) /* "On indefinitely" - we can't encode this
3200 properly */
3201 encode = 0x0F;
3202 else if (state > 0) {
3203 encode = state / 200; /* mS to encoding */
3204 if (encode > 0x0F)
3205 encode = 0x0F; /* Best effort */
3206 }
3207 return gsmtty_modem_update(dlci, encode);
3208}
3209
8f9cfeed 3210static void gsmtty_cleanup(struct tty_struct *tty)
dfabf7ff
CB		 3211{
3212 struct gsm_dlci *dlci = tty->driver_data;
3213 struct gsm_mux *gsm = dlci->gsm;
3214
3215 dlci_put(dlci);
3216 dlci_put(gsm->dlci[0]);
3217 mux_put(gsm);
dfabf7ff 3218}
e1eaea46
AC		 3219
3220/* Virtual ttys for the demux */
3221static const struct tty_operations gsmtty_ops = {
86176ed9 3222 .install = gsmtty_install,
e1eaea46
AC		 3223 .open = gsmtty_open,
3224 .close = gsmtty_close,
3225 .write = gsmtty_write,
3226 .write_room = gsmtty_write_room,
3227 .chars_in_buffer = gsmtty_chars_in_buffer,
3228 .flush_buffer = gsmtty_flush_buffer,
3229 .ioctl = gsmtty_ioctl,
3230 .throttle = gsmtty_throttle,
3231 .unthrottle = gsmtty_unthrottle,
3232 .set_termios = gsmtty_set_termios,
3233 .hangup = gsmtty_hangup,
3234 .wait_until_sent = gsmtty_wait_until_sent,
3235 .tiocmget = gsmtty_tiocmget,
3236 .tiocmset = gsmtty_tiocmset,
3237 .break_ctl = gsmtty_break_ctl,
8f9cfeed 3238 .cleanup = gsmtty_cleanup,
e1eaea46
AC		 3239};
3240
3241
3242
3243static int __init gsm_init(void)
3244{
3245 /* Fill in our line protocol discipline, and register it */
3246 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3247 if (status != 0) {
5f9a31d6
AC		 3248 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3249 status);
e1eaea46
AC		 3250 return status;
3251 }
3252
3253 gsm_tty_driver = alloc_tty_driver(256);
3254 if (!gsm_tty_driver) {
3255 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3256 pr_err("gsm_init: tty allocation failed.\n");
e1eaea46
AC		 3257 return -EINVAL;
3258 }
e1eaea46
AC		 3259 gsm_tty_driver->driver_name = "gsmtty";
3260 gsm_tty_driver->name = "gsmtty";
3261 gsm_tty_driver->major = 0; /* Dynamic */
3262 gsm_tty_driver->minor_start = 0;
3263 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3264 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3265 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
5f9a31d6 3266 | TTY_DRIVER_HARDWARE_BREAK;
e1eaea46
AC		 3267 gsm_tty_driver->init_termios = tty_std_termios;
3268 /* Fixme */
3269 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3270 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3271
3272 spin_lock_init(&gsm_mux_lock);
3273
3274 if (tty_register_driver(gsm_tty_driver)) {
3275 put_tty_driver(gsm_tty_driver);
3276 tty_unregister_ldisc(N_GSM0710);
5f9a31d6 3277 pr_err("gsm_init: tty registration failed.\n");
e1eaea46
AC		 3278 return -EBUSY;
3279 }
5f9a31d6
AC		 3280 pr_debug("gsm_init: loaded as %d,%d.\n",
3281 gsm_tty_driver->major, gsm_tty_driver->minor_start);
e1eaea46
AC		 3282 return 0;
3283}
3284
3285static void __exit gsm_exit(void)
3286{
3287 int status = tty_unregister_ldisc(N_GSM0710);
3288 if (status != 0)
5f9a31d6
AC		 3289 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3290 status);
e1eaea46
AC		 3291 tty_unregister_driver(gsm_tty_driver);
3292 put_tty_driver(gsm_tty_driver);
e1eaea46
AC		 3293}
3294
3295module_init(gsm_init);
3296module_exit(gsm_exit);
3297
3298
3299MODULE_LICENSE("GPL");
3300MODULE_ALIAS_LDISC(N_GSM0710);
Linux 6.x block layer and io_uring tree(s)