1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * PPP synchronous tty channel driver for Linux.
5 * This is a ppp channel driver that can be used with tty device drivers
6 * that are frame oriented, such as synchronous HDLC devices.
8 * Complete PPP frames without encoding/decoding are exchanged between
9 * the channel driver and the device driver.
11 * The async map IOCTL codes are implemented to keep the user mode
12 * applications happy if they call them. Synchronous PPP does not use
15 * Copyright 1999 Paul Mackerras.
17 * Also touched by the grubby hands of Paul Fulghum paulkf@microgate.com
19 * This driver provides the encapsulation and framing for sending
20 * and receiving PPP frames over sync serial lines. It relies on
21 * the generic PPP layer to give it frames to send and to process
22 * received frames. It implements the PPP line discipline.
24 * Part of the code in this driver was inspired by the old async-only
25 * PPP driver, written by Michael Callahan and Al Longyear, and
26 * subsequently hacked by Paul Mackerras.
28 * ==FILEVERSION 20040616==
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/skbuff.h>
34 #include <linux/tty.h>
35 #include <linux/netdevice.h>
36 #include <linux/poll.h>
37 #include <linux/ppp_defs.h>
38 #include <linux/ppp-ioctl.h>
39 #include <linux/ppp_channel.h>
40 #include <linux/spinlock.h>
41 #include <linux/completion.h>
42 #include <linux/init.h>
43 #include <linux/interrupt.h>
44 #include <linux/slab.h>
45 #include <linux/refcount.h>
46 #include <asm/unaligned.h>
47 #include <linux/uaccess.h>
49 #define PPP_VERSION "2.4.2"
51 /* Structure for storing local state. */
53 struct tty_struct *tty;
59 unsigned long xmit_flags;
62 unsigned int bytes_sent;
63 unsigned int bytes_rcvd;
66 unsigned long last_xmit;
68 struct sk_buff_head rqueue;
70 struct tasklet_struct tsk;
73 struct completion dead_cmp;
74 struct ppp_channel chan; /* interface to generic ppp layer */
77 /* Bit numbers in xmit_flags */
82 #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
84 #define PPPSYNC_MAX_RQLEN 32 /* arbitrary */
89 static struct sk_buff* ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *);
90 static int ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb);
91 static int ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd,
93 static void ppp_sync_process(struct tasklet_struct *t);
94 static int ppp_sync_push(struct syncppp *ap);
95 static void ppp_sync_flush_output(struct syncppp *ap);
96 static void ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
97 const char *flags, int count);
99 static const struct ppp_channel_ops sync_ops = {
100 .start_xmit = ppp_sync_send,
101 .ioctl = ppp_sync_ioctl,
105 * Utility procedure to print a buffer in hex/ascii
108 ppp_print_buffer (const char *name, const __u8 *buf, int count)
111 printk(KERN_DEBUG "ppp_synctty: %s, count = %d\n", name, count);
113 print_hex_dump_bytes("", DUMP_PREFIX_NONE, buf, count);
118 * Routines implementing the synchronous PPP line discipline.
122 * We have a potential race on dereferencing tty->disc_data,
123 * because the tty layer provides no locking at all - thus one
124 * cpu could be running ppp_synctty_receive while another
125 * calls ppp_synctty_close, which zeroes tty->disc_data and
126 * frees the memory that ppp_synctty_receive is using. The best
127 * way to fix this is to use a rwlock in the tty struct, but for now
128 * we use a single global rwlock for all ttys in ppp line discipline.
130 * FIXME: Fixed in tty_io nowadays.
132 static DEFINE_RWLOCK(disc_data_lock);
134 static struct syncppp *sp_get(struct tty_struct *tty)
138 read_lock(&disc_data_lock);
141 refcount_inc(&ap->refcnt);
142 read_unlock(&disc_data_lock);
146 static void sp_put(struct syncppp *ap)
148 if (refcount_dec_and_test(&ap->refcnt))
149 complete(&ap->dead_cmp);
153 * Called when a tty is put into sync-PPP line discipline.
156 ppp_sync_open(struct tty_struct *tty)
162 if (tty->ops->write == NULL)
165 ap = kzalloc(sizeof(*ap), GFP_KERNEL);
170 /* initialize the syncppp structure */
173 spin_lock_init(&ap->xmit_lock);
174 spin_lock_init(&ap->recv_lock);
176 ap->xaccm[3] = 0x60000000U;
179 skb_queue_head_init(&ap->rqueue);
180 tasklet_setup(&ap->tsk, ppp_sync_process);
182 refcount_set(&ap->refcnt, 1);
183 init_completion(&ap->dead_cmp);
185 ap->chan.private = ap;
186 ap->chan.ops = &sync_ops;
187 ap->chan.mtu = PPP_MRU;
188 ap->chan.hdrlen = 2; /* for A/C bytes */
189 speed = tty_get_baud_rate(tty);
190 ap->chan.speed = speed;
191 err = ppp_register_channel(&ap->chan);
196 tty->receive_room = 65536;
206 * Called when the tty is put into another line discipline
207 * or it hangs up. We have to wait for any cpu currently
208 * executing in any of the other ppp_synctty_* routines to
209 * finish before we can call ppp_unregister_channel and free
210 * the syncppp struct. This routine must be called from
211 * process context, not interrupt or softirq context.
214 ppp_sync_close(struct tty_struct *tty)
218 write_lock_irq(&disc_data_lock);
220 tty->disc_data = NULL;
221 write_unlock_irq(&disc_data_lock);
226 * We have now ensured that nobody can start using ap from now
227 * on, but we have to wait for all existing users to finish.
228 * Note that ppp_unregister_channel ensures that no calls to
229 * our channel ops (i.e. ppp_sync_send/ioctl) are in progress
230 * by the time it returns.
232 if (!refcount_dec_and_test(&ap->refcnt))
233 wait_for_completion(&ap->dead_cmp);
234 tasklet_kill(&ap->tsk);
236 ppp_unregister_channel(&ap->chan);
237 skb_queue_purge(&ap->rqueue);
243 * Called on tty hangup in process context.
245 * Wait for I/O to driver to complete and unregister PPP channel.
246 * This is already done by the close routine, so just call that.
248 static int ppp_sync_hangup(struct tty_struct *tty)
255 * Read does nothing - no data is ever available this way.
256 * Pppd reads and writes packets via /dev/ppp instead.
259 ppp_sync_read(struct tty_struct *tty, struct file *file,
260 unsigned char *buf, size_t count,
261 void **cookie, unsigned long offset)
267 * Write on the tty does nothing, the packets all come in
268 * from the ppp generic stuff.
271 ppp_sync_write(struct tty_struct *tty, struct file *file,
272 const unsigned char *buf, size_t count)
278 ppp_synctty_ioctl(struct tty_struct *tty, struct file *file,
279 unsigned int cmd, unsigned long arg)
281 struct syncppp *ap = sp_get(tty);
282 int __user *p = (int __user *)arg;
291 if (put_user(ppp_channel_index(&ap->chan), p))
298 if (put_user(ppp_unit_number(&ap->chan), p))
304 /* flush our buffers and the serial port's buffer */
305 if (arg == TCIOFLUSH || arg == TCOFLUSH)
306 ppp_sync_flush_output(ap);
307 err = n_tty_ioctl_helper(tty, file, cmd, arg);
312 if (put_user(val, p))
318 err = tty_mode_ioctl(tty, file, cmd, arg);
326 /* No kernel lock - fine */
328 ppp_sync_poll(struct tty_struct *tty, struct file *file, poll_table *wait)
333 /* May sleep, don't call from interrupt level or with interrupts disabled */
335 ppp_sync_receive(struct tty_struct *tty, const unsigned char *buf,
336 const char *cflags, int count)
338 struct syncppp *ap = sp_get(tty);
343 spin_lock_irqsave(&ap->recv_lock, flags);
344 ppp_sync_input(ap, buf, cflags, count);
345 spin_unlock_irqrestore(&ap->recv_lock, flags);
346 if (!skb_queue_empty(&ap->rqueue))
347 tasklet_schedule(&ap->tsk);
353 ppp_sync_wakeup(struct tty_struct *tty)
355 struct syncppp *ap = sp_get(tty);
357 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
360 set_bit(XMIT_WAKEUP, &ap->xmit_flags);
361 tasklet_schedule(&ap->tsk);
366 static struct tty_ldisc_ops ppp_sync_ldisc = {
367 .owner = THIS_MODULE,
370 .open = ppp_sync_open,
371 .close = ppp_sync_close,
372 .hangup = ppp_sync_hangup,
373 .read = ppp_sync_read,
374 .write = ppp_sync_write,
375 .ioctl = ppp_synctty_ioctl,
376 .poll = ppp_sync_poll,
377 .receive_buf = ppp_sync_receive,
378 .write_wakeup = ppp_sync_wakeup,
386 err = tty_register_ldisc(&ppp_sync_ldisc);
388 printk(KERN_ERR "PPP_sync: error %d registering line disc.\n",
394 * The following routines provide the PPP channel interface.
397 ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
399 struct syncppp *ap = chan->private;
402 void __user *argp = (void __user *)arg;
403 u32 __user *p = argp;
408 val = ap->flags | ap->rbits;
409 if (put_user(val, (int __user *) argp))
414 if (get_user(val, (int __user *) argp))
416 ap->flags = val & ~SC_RCV_BITS;
417 spin_lock_irq(&ap->recv_lock);
418 ap->rbits = val & SC_RCV_BITS;
419 spin_unlock_irq(&ap->recv_lock);
423 case PPPIOCGASYNCMAP:
424 if (put_user(ap->xaccm[0], p))
428 case PPPIOCSASYNCMAP:
429 if (get_user(ap->xaccm[0], p))
434 case PPPIOCGRASYNCMAP:
435 if (put_user(ap->raccm, p))
439 case PPPIOCSRASYNCMAP:
440 if (get_user(ap->raccm, p))
445 case PPPIOCGXASYNCMAP:
446 if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
450 case PPPIOCSXASYNCMAP:
451 if (copy_from_user(accm, argp, sizeof(accm)))
453 accm[2] &= ~0x40000000U; /* can't escape 0x5e */
454 accm[3] |= 0x60000000U; /* must escape 0x7d, 0x7e */
455 memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
460 if (put_user(ap->mru, (int __user *) argp))
465 if (get_user(val, (int __user *) argp))
480 * This is called at softirq level to deliver received packets
481 * to the ppp_generic code, and to tell the ppp_generic code
482 * if we can accept more output now.
484 static void ppp_sync_process(struct tasklet_struct *t)
486 struct syncppp *ap = from_tasklet(ap, t, tsk);
489 /* process received packets */
490 while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
492 /* zero length buffers indicate error */
493 ppp_input_error(&ap->chan, 0);
497 ppp_input(&ap->chan, skb);
500 /* try to push more stuff out */
501 if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_sync_push(ap))
502 ppp_output_wakeup(&ap->chan);
506 * Procedures for encapsulation and framing.
509 static struct sk_buff*
510 ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *skb)
517 proto = get_unaligned_be16(data);
519 /* LCP packets with codes between 1 (configure-request)
520 * and 7 (code-reject) must be sent as though no options
521 * have been negotiated.
523 islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
525 /* compress protocol field if option enabled */
526 if (data[0] == 0 && (ap->flags & SC_COMP_PROT) && !islcp)
529 /* prepend address/control fields if necessary */
530 if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
531 if (skb_headroom(skb) < 2) {
532 struct sk_buff *npkt = dev_alloc_skb(skb->len + 2);
538 skb_copy_from_linear_data(skb,
539 skb_put(npkt, skb->len), skb->len);
544 skb->data[0] = PPP_ALLSTATIONS;
545 skb->data[1] = PPP_UI;
548 ap->last_xmit = jiffies;
550 if (skb && ap->flags & SC_LOG_OUTPKT)
551 ppp_print_buffer ("send buffer", skb->data, skb->len);
557 * Transmit-side routines.
561 * Send a packet to the peer over an sync tty line.
562 * Returns 1 iff the packet was accepted.
563 * If the packet was not accepted, we will call ppp_output_wakeup
564 * at some later time.
567 ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb)
569 struct syncppp *ap = chan->private;
573 if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
574 return 0; /* already full */
575 skb = ppp_sync_txmunge(ap, skb);
579 clear_bit(XMIT_FULL, &ap->xmit_flags);
586 * Push as much data as possible out to the tty.
589 ppp_sync_push(struct syncppp *ap)
592 struct tty_struct *tty = ap->tty;
595 if (!spin_trylock_bh(&ap->xmit_lock))
598 if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
600 if (!tty_stuffed && ap->tpkt) {
601 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
602 sent = tty->ops->write(tty, ap->tpkt->data, ap->tpkt->len);
604 goto flush; /* error, e.g. loss of CD */
605 if (sent < ap->tpkt->len) {
608 consume_skb(ap->tpkt);
610 clear_bit(XMIT_FULL, &ap->xmit_flags);
615 /* haven't made any progress */
616 spin_unlock_bh(&ap->xmit_lock);
617 if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) ||
618 (!tty_stuffed && ap->tpkt)))
620 if (!spin_trylock_bh(&ap->xmit_lock))
629 clear_bit(XMIT_FULL, &ap->xmit_flags);
632 spin_unlock_bh(&ap->xmit_lock);
637 * Flush output from our internal buffers.
638 * Called for the TCFLSH ioctl.
641 ppp_sync_flush_output(struct syncppp *ap)
645 spin_lock_bh(&ap->xmit_lock);
646 if (ap->tpkt != NULL) {
649 clear_bit(XMIT_FULL, &ap->xmit_flags);
652 spin_unlock_bh(&ap->xmit_lock);
654 ppp_output_wakeup(&ap->chan);
658 * Receive-side routines.
661 /* called when the tty driver has data for us.
663 * Data is frame oriented: each call to ppp_sync_input is considered
664 * a whole frame. If the 1st flag byte is non-zero then the whole
665 * frame is considered to be in error and is tossed.
668 ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
669 const char *flags, int count)
677 if (ap->flags & SC_LOG_INPKT)
678 ppp_print_buffer ("receive buffer", buf, count);
680 /* stuff the chars in the skb */
681 skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
683 printk(KERN_ERR "PPPsync: no memory (input pkt)\n");
686 /* Try to get the payload 4-byte aligned */
687 if (buf[0] != PPP_ALLSTATIONS)
688 skb_reserve(skb, 2 + (buf[0] & 1));
690 if (flags && *flags) {
691 /* error flag set, ignore frame */
693 } else if (count > skb_tailroom(skb)) {
694 /* packet overflowed MRU */
698 skb_put_data(skb, buf, count);
700 /* strip address/control field if present */
702 if (p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
703 /* chop off address/control */
706 p = skb_pull(skb, 2);
709 /* PPP packet length should be >= 2 bytes when protocol field is not
712 if (!(p[0] & 0x01) && skb->len < 2)
715 /* queue the frame to be processed */
716 skb_queue_tail(&ap->rqueue, skb);
720 /* queue zero length packet as error indication */
721 if (skb || (skb = dev_alloc_skb(0))) {
723 skb_queue_tail(&ap->rqueue, skb);
728 ppp_sync_cleanup(void)
730 tty_unregister_ldisc(&ppp_sync_ldisc);
733 module_init(ppp_sync_init);
734 module_exit(ppp_sync_cleanup);
735 MODULE_LICENSE("GPL");
736 MODULE_ALIAS_LDISC(N_SYNC_PPP);