1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * PPP synchronous tty channel driver for Linux.
5 * This is a ppp channel driver that can be used with tty device drivers
6 * that are frame oriented, such as synchronous HDLC devices.
8 * Complete PPP frames without encoding/decoding are exchanged between
9 * the channel driver and the device driver.
11 * The async map IOCTL codes are implemented to keep the user mode
12 * applications happy if they call them. Synchronous PPP does not use
15 * Copyright 1999 Paul Mackerras.
17 * Also touched by the grubby hands of Paul Fulghum paulkf@microgate.com
19 * This driver provides the encapsulation and framing for sending
20 * and receiving PPP frames over sync serial lines. It relies on
21 * the generic PPP layer to give it frames to send and to process
22 * received frames. It implements the PPP line discipline.
24 * Part of the code in this driver was inspired by the old async-only
25 * PPP driver, written by Michael Callahan and Al Longyear, and
26 * subsequently hacked by Paul Mackerras.
28 * ==FILEVERSION 20040616==
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/skbuff.h>
34 #include <linux/tty.h>
35 #include <linux/netdevice.h>
36 #include <linux/poll.h>
37 #include <linux/ppp_defs.h>
38 #include <linux/ppp-ioctl.h>
39 #include <linux/ppp_channel.h>
40 #include <linux/spinlock.h>
41 #include <linux/completion.h>
42 #include <linux/init.h>
43 #include <linux/interrupt.h>
44 #include <linux/slab.h>
45 #include <linux/refcount.h>
46 #include <asm/unaligned.h>
47 #include <linux/uaccess.h>
49 #define PPP_VERSION "2.4.2"
51 /* Structure for storing local state. */
53 struct tty_struct *tty;
59 unsigned long xmit_flags;
62 unsigned int bytes_sent;
63 unsigned int bytes_rcvd;
66 unsigned long last_xmit;
68 struct sk_buff_head rqueue;
70 struct tasklet_struct tsk;
73 struct completion dead_cmp;
74 struct ppp_channel chan; /* interface to generic ppp layer */
77 /* Bit numbers in xmit_flags */
82 #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
84 #define PPPSYNC_MAX_RQLEN 32 /* arbitrary */
89 static struct sk_buff* ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *);
90 static int ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb);
91 static int ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd,
93 static void ppp_sync_process(unsigned long arg);
94 static int ppp_sync_push(struct syncppp *ap);
95 static void ppp_sync_flush_output(struct syncppp *ap);
96 static void ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
97 char *flags, int count);
99 static const struct ppp_channel_ops sync_ops = {
100 .start_xmit = ppp_sync_send,
101 .ioctl = ppp_sync_ioctl,
105 * Utility procedure to print a buffer in hex/ascii
108 ppp_print_buffer (const char *name, const __u8 *buf, int count)
111 printk(KERN_DEBUG "ppp_synctty: %s, count = %d\n", name, count);
113 print_hex_dump_bytes("", DUMP_PREFIX_NONE, buf, count);
118 * Routines implementing the synchronous PPP line discipline.
122 * We have a potential race on dereferencing tty->disc_data,
123 * because the tty layer provides no locking at all - thus one
124 * cpu could be running ppp_synctty_receive while another
125 * calls ppp_synctty_close, which zeroes tty->disc_data and
126 * frees the memory that ppp_synctty_receive is using. The best
127 * way to fix this is to use a rwlock in the tty struct, but for now
128 * we use a single global rwlock for all ttys in ppp line discipline.
130 * FIXME: Fixed in tty_io nowadays.
132 static DEFINE_RWLOCK(disc_data_lock);
134 static struct syncppp *sp_get(struct tty_struct *tty)
138 read_lock(&disc_data_lock);
141 refcount_inc(&ap->refcnt);
142 read_unlock(&disc_data_lock);
146 static void sp_put(struct syncppp *ap)
148 if (refcount_dec_and_test(&ap->refcnt))
149 complete(&ap->dead_cmp);
153 * Called when a tty is put into sync-PPP line discipline.
156 ppp_sync_open(struct tty_struct *tty)
162 if (tty->ops->write == NULL)
165 ap = kzalloc(sizeof(*ap), GFP_KERNEL);
170 /* initialize the syncppp structure */
173 spin_lock_init(&ap->xmit_lock);
174 spin_lock_init(&ap->recv_lock);
176 ap->xaccm[3] = 0x60000000U;
179 skb_queue_head_init(&ap->rqueue);
180 tasklet_init(&ap->tsk, ppp_sync_process, (unsigned long) ap);
182 refcount_set(&ap->refcnt, 1);
183 init_completion(&ap->dead_cmp);
185 ap->chan.private = ap;
186 ap->chan.ops = &sync_ops;
187 ap->chan.mtu = PPP_MRU;
188 ap->chan.hdrlen = 2; /* for A/C bytes */
189 speed = tty_get_baud_rate(tty);
190 ap->chan.speed = speed;
191 err = ppp_register_channel(&ap->chan);
196 tty->receive_room = 65536;
206 * Called when the tty is put into another line discipline
207 * or it hangs up. We have to wait for any cpu currently
208 * executing in any of the other ppp_synctty_* routines to
209 * finish before we can call ppp_unregister_channel and free
210 * the syncppp struct. This routine must be called from
211 * process context, not interrupt or softirq context.
214 ppp_sync_close(struct tty_struct *tty)
218 write_lock_irq(&disc_data_lock);
220 tty->disc_data = NULL;
221 write_unlock_irq(&disc_data_lock);
226 * We have now ensured that nobody can start using ap from now
227 * on, but we have to wait for all existing users to finish.
228 * Note that ppp_unregister_channel ensures that no calls to
229 * our channel ops (i.e. ppp_sync_send/ioctl) are in progress
230 * by the time it returns.
232 if (!refcount_dec_and_test(&ap->refcnt))
233 wait_for_completion(&ap->dead_cmp);
234 tasklet_kill(&ap->tsk);
236 ppp_unregister_channel(&ap->chan);
237 skb_queue_purge(&ap->rqueue);
243 * Called on tty hangup in process context.
245 * Wait for I/O to driver to complete and unregister PPP channel.
246 * This is already done by the close routine, so just call that.
248 static int ppp_sync_hangup(struct tty_struct *tty)
255 * Read does nothing - no data is ever available this way.
256 * Pppd reads and writes packets via /dev/ppp instead.
259 ppp_sync_read(struct tty_struct *tty, struct file *file,
260 unsigned char *buf, size_t count,
261 void **cookie, unsigned long offset)
267 * Write on the tty does nothing, the packets all come in
268 * from the ppp generic stuff.
271 ppp_sync_write(struct tty_struct *tty, struct file *file,
272 const unsigned char *buf, size_t count)
278 ppp_synctty_ioctl(struct tty_struct *tty, struct file *file,
279 unsigned int cmd, unsigned long arg)
281 struct syncppp *ap = sp_get(tty);
282 int __user *p = (int __user *)arg;
291 if (put_user(ppp_channel_index(&ap->chan), p))
298 if (put_user(ppp_unit_number(&ap->chan), p))
304 /* flush our buffers and the serial port's buffer */
305 if (arg == TCIOFLUSH || arg == TCOFLUSH)
306 ppp_sync_flush_output(ap);
307 err = n_tty_ioctl_helper(tty, file, cmd, arg);
312 if (put_user(val, p))
318 err = tty_mode_ioctl(tty, file, cmd, arg);
326 /* No kernel lock - fine */
328 ppp_sync_poll(struct tty_struct *tty, struct file *file, poll_table *wait)
333 /* May sleep, don't call from interrupt level or with interrupts disabled */
335 ppp_sync_receive(struct tty_struct *tty, const unsigned char *buf,
336 char *cflags, int count)
338 struct syncppp *ap = sp_get(tty);
343 spin_lock_irqsave(&ap->recv_lock, flags);
344 ppp_sync_input(ap, buf, cflags, count);
345 spin_unlock_irqrestore(&ap->recv_lock, flags);
346 if (!skb_queue_empty(&ap->rqueue))
347 tasklet_schedule(&ap->tsk);
353 ppp_sync_wakeup(struct tty_struct *tty)
355 struct syncppp *ap = sp_get(tty);
357 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
360 set_bit(XMIT_WAKEUP, &ap->xmit_flags);
361 tasklet_schedule(&ap->tsk);
366 static struct tty_ldisc_ops ppp_sync_ldisc = {
367 .owner = THIS_MODULE,
368 .magic = TTY_LDISC_MAGIC,
370 .open = ppp_sync_open,
371 .close = ppp_sync_close,
372 .hangup = ppp_sync_hangup,
373 .read = ppp_sync_read,
374 .write = ppp_sync_write,
375 .ioctl = ppp_synctty_ioctl,
376 .poll = ppp_sync_poll,
377 .receive_buf = ppp_sync_receive,
378 .write_wakeup = ppp_sync_wakeup,
386 err = tty_register_ldisc(N_SYNC_PPP, &ppp_sync_ldisc);
388 printk(KERN_ERR "PPP_sync: error %d registering line disc.\n",
394 * The following routines provide the PPP channel interface.
397 ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
399 struct syncppp *ap = chan->private;
402 void __user *argp = (void __user *)arg;
403 u32 __user *p = argp;
408 val = ap->flags | ap->rbits;
409 if (put_user(val, (int __user *) argp))
414 if (get_user(val, (int __user *) argp))
416 ap->flags = val & ~SC_RCV_BITS;
417 spin_lock_irq(&ap->recv_lock);
418 ap->rbits = val & SC_RCV_BITS;
419 spin_unlock_irq(&ap->recv_lock);
423 case PPPIOCGASYNCMAP:
424 if (put_user(ap->xaccm[0], p))
428 case PPPIOCSASYNCMAP:
429 if (get_user(ap->xaccm[0], p))
434 case PPPIOCGRASYNCMAP:
435 if (put_user(ap->raccm, p))
439 case PPPIOCSRASYNCMAP:
440 if (get_user(ap->raccm, p))
445 case PPPIOCGXASYNCMAP:
446 if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
450 case PPPIOCSXASYNCMAP:
451 if (copy_from_user(accm, argp, sizeof(accm)))
453 accm[2] &= ~0x40000000U; /* can't escape 0x5e */
454 accm[3] |= 0x60000000U; /* must escape 0x7d, 0x7e */
455 memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
460 if (put_user(ap->mru, (int __user *) argp))
465 if (get_user(val, (int __user *) argp))
484 * This is called at softirq level to deliver received packets
485 * to the ppp_generic code, and to tell the ppp_generic code
486 * if we can accept more output now.
488 static void ppp_sync_process(unsigned long arg)
490 struct syncppp *ap = (struct syncppp *) arg;
493 /* process received packets */
494 while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
496 /* zero length buffers indicate error */
497 ppp_input_error(&ap->chan, 0);
501 ppp_input(&ap->chan, skb);
504 /* try to push more stuff out */
505 if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_sync_push(ap))
506 ppp_output_wakeup(&ap->chan);
510 * Procedures for encapsulation and framing.
513 static struct sk_buff*
514 ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *skb)
521 proto = get_unaligned_be16(data);
523 /* LCP packets with codes between 1 (configure-request)
524 * and 7 (code-reject) must be sent as though no options
525 * have been negotiated.
527 islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
529 /* compress protocol field if option enabled */
530 if (data[0] == 0 && (ap->flags & SC_COMP_PROT) && !islcp)
533 /* prepend address/control fields if necessary */
534 if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
535 if (skb_headroom(skb) < 2) {
536 struct sk_buff *npkt = dev_alloc_skb(skb->len + 2);
542 skb_copy_from_linear_data(skb,
543 skb_put(npkt, skb->len), skb->len);
548 skb->data[0] = PPP_ALLSTATIONS;
549 skb->data[1] = PPP_UI;
552 ap->last_xmit = jiffies;
554 if (skb && ap->flags & SC_LOG_OUTPKT)
555 ppp_print_buffer ("send buffer", skb->data, skb->len);
561 * Transmit-side routines.
565 * Send a packet to the peer over an sync tty line.
566 * Returns 1 iff the packet was accepted.
567 * If the packet was not accepted, we will call ppp_output_wakeup
568 * at some later time.
571 ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb)
573 struct syncppp *ap = chan->private;
577 if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
578 return 0; /* already full */
579 skb = ppp_sync_txmunge(ap, skb);
583 clear_bit(XMIT_FULL, &ap->xmit_flags);
590 * Push as much data as possible out to the tty.
593 ppp_sync_push(struct syncppp *ap)
596 struct tty_struct *tty = ap->tty;
599 if (!spin_trylock_bh(&ap->xmit_lock))
602 if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
604 if (!tty_stuffed && ap->tpkt) {
605 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
606 sent = tty->ops->write(tty, ap->tpkt->data, ap->tpkt->len);
608 goto flush; /* error, e.g. loss of CD */
609 if (sent < ap->tpkt->len) {
612 consume_skb(ap->tpkt);
614 clear_bit(XMIT_FULL, &ap->xmit_flags);
619 /* haven't made any progress */
620 spin_unlock_bh(&ap->xmit_lock);
621 if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) ||
622 (!tty_stuffed && ap->tpkt)))
624 if (!spin_trylock_bh(&ap->xmit_lock))
633 clear_bit(XMIT_FULL, &ap->xmit_flags);
636 spin_unlock_bh(&ap->xmit_lock);
641 * Flush output from our internal buffers.
642 * Called for the TCFLSH ioctl.
645 ppp_sync_flush_output(struct syncppp *ap)
649 spin_lock_bh(&ap->xmit_lock);
650 if (ap->tpkt != NULL) {
653 clear_bit(XMIT_FULL, &ap->xmit_flags);
656 spin_unlock_bh(&ap->xmit_lock);
658 ppp_output_wakeup(&ap->chan);
662 * Receive-side routines.
665 /* called when the tty driver has data for us.
667 * Data is frame oriented: each call to ppp_sync_input is considered
668 * a whole frame. If the 1st flag byte is non-zero then the whole
669 * frame is considered to be in error and is tossed.
672 ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
673 char *flags, int count)
681 if (ap->flags & SC_LOG_INPKT)
682 ppp_print_buffer ("receive buffer", buf, count);
684 /* stuff the chars in the skb */
685 skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
687 printk(KERN_ERR "PPPsync: no memory (input pkt)\n");
690 /* Try to get the payload 4-byte aligned */
691 if (buf[0] != PPP_ALLSTATIONS)
692 skb_reserve(skb, 2 + (buf[0] & 1));
694 if (flags && *flags) {
695 /* error flag set, ignore frame */
697 } else if (count > skb_tailroom(skb)) {
698 /* packet overflowed MRU */
702 skb_put_data(skb, buf, count);
704 /* strip address/control field if present */
706 if (skb->len >= 2 && p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
707 /* chop off address/control */
710 p = skb_pull(skb, 2);
713 /* PPP packet length should be >= 2 bytes when protocol field is not
716 if (!(p[0] & 0x01) && skb->len < 2)
719 /* queue the frame to be processed */
720 skb_queue_tail(&ap->rqueue, skb);
724 /* queue zero length packet as error indication */
725 if (skb || (skb = dev_alloc_skb(0))) {
727 skb_queue_tail(&ap->rqueue, skb);
732 ppp_sync_cleanup(void)
734 if (tty_unregister_ldisc(N_SYNC_PPP) != 0)
735 printk(KERN_ERR "failed to unregister Sync PPP line discipline\n");
738 module_init(ppp_sync_init);
739 module_exit(ppp_sync_cleanup);
740 MODULE_LICENSE("GPL");
741 MODULE_ALIAS_LDISC(N_SYNC_PPP);