1 // SPDX-License-Identifier: GPL-2.0
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
9 * Mostly done: ioctls for setting modes/timing
10 * Partly done: hooks so you can pull off frames to non tty devs
11 * Restart DLCI 0 when it closes ?
12 * Improve the tx engine
13 * Resolve tx side locking by adding a queue_head and routing
14 * all control traffic via it
15 * General tidy/document
16 * Review the locking/move to refcounts more (mux now moved to an
17 * alloc/free model ready)
18 * Use newest tty open/close port helpers and install hooks
19 * What to do about power functions ?
20 * Termios setting and negotiation
21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
25 #include <linux/types.h>
26 #include <linux/major.h>
27 #include <linux/errno.h>
28 #include <linux/signal.h>
29 #include <linux/fcntl.h>
30 #include <linux/sched/signal.h>
31 #include <linux/interrupt.h>
32 #include <linux/tty.h>
33 #include <linux/ctype.h>
35 #include <linux/string.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/bitops.h>
39 #include <linux/file.h>
40 #include <linux/uaccess.h>
41 #include <linux/module.h>
42 #include <linux/timer.h>
43 #include <linux/tty_flip.h>
44 #include <linux/tty_driver.h>
45 #include <linux/serial.h>
46 #include <linux/kfifo.h>
47 #include <linux/skbuff.h>
50 #include <linux/netdevice.h>
51 #include <linux/etherdevice.h>
52 #include <linux/gsmmux.h>
55 module_param(debug, int, 0600);
57 /* Defaults: these are from the specification */
59 #define T1 10 /* 100mS */
60 #define T2 34 /* 333mS */
61 #define N2 3 /* Retry 3 times */
63 /* Use long timers for testing at low speed with debug on */
70 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
71 * limits so this is plenty
75 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
76 #define PROT_OVERHEAD 7
77 #define GSM_NET_TX_TIMEOUT (HZ*10)
80 * struct gsm_mux_net - network interface
82 * Created when net interface is initialized.
86 struct gsm_dlci *dlci;
90 * Each block of data we have queued to go out is in the form of
91 * a gsm_msg which holds everything we need in a link layer independent
96 struct list_head list;
97 u8 addr; /* DLCI address + flags */
98 u8 ctrl; /* Control byte + flags */
99 unsigned int len; /* Length of data block (can be zero) */
100 unsigned char *data; /* Points into buffer but not at the start */
101 unsigned char buffer[];
104 enum gsm_dlci_state {
106 DLCI_OPENING, /* Sending SABM not seen UA */
107 DLCI_OPEN, /* SABM/UA complete */
108 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
112 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
113 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
117 * Each active data link has a gsm_dlci structure associated which ties
118 * the link layer to an optional tty (if the tty side is open). To avoid
119 * complexity right now these are only ever freed up when the mux is
122 * At the moment we don't free DLCI objects until the mux is torn down
123 * this avoid object life time issues but might be worth review later.
129 enum gsm_dlci_state state;
133 enum gsm_dlci_mode mode;
134 spinlock_t lock; /* Protects the internal state */
135 struct timer_list t1; /* Retransmit timer for SABM and UA */
137 /* Uplink tty if active */
138 struct tty_port port; /* The tty bound to this DLCI if there is one */
139 struct kfifo fifo; /* Queue fifo for the DLCI */
140 int adaption; /* Adaption layer in use */
142 u32 modem_rx; /* Our incoming virtual modem lines */
143 u32 modem_tx; /* Our outgoing modem lines */
144 bool dead; /* Refuse re-open */
146 bool throttled; /* Private copy of throttle state */
147 bool constipated; /* Throttle status for outgoing */
149 struct sk_buff *skb; /* Frame being sent */
150 struct sk_buff_head skb_list; /* Queued frames */
151 /* Data handling callback */
152 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
153 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
154 struct net_device *net; /* network interface, if created */
157 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
162 * DLCI 0 is used to pass control blocks out of band of the data
163 * flow (and with a higher link priority). One command can be outstanding
164 * at a time and we use this structure to manage them. They are created
165 * and destroyed by the user context, and updated by the receive paths
170 u8 cmd; /* Command we are issuing */
171 u8 *data; /* Data for the command in case we retransmit */
172 int len; /* Length of block for retransmission */
173 int done; /* Done flag */
174 int error; /* Error if any */
192 * Each GSM mux we have is represented by this structure. If we are
193 * operating as an ldisc then we use this structure as our ldisc
194 * state. We need to sort out lifetimes and locking with respect
195 * to the gsm mux array. For now we don't free DLCI objects that
196 * have been instantiated until the mux itself is terminated.
198 * To consider further: tty open versus mux shutdown.
202 struct tty_struct *tty; /* The tty our ldisc is bound to */
208 /* Events on the GSM channel */
209 wait_queue_head_t event;
211 /* Bits for GSM mode decoding */
215 enum gsm_mux_state state;
217 unsigned int address;
224 u8 *txframe; /* TX framing buffer */
226 /* Method for the receiver side */
227 void (*receive)(struct gsm_mux *gsm, u8 ch);
232 int initiator; /* Did we initiate connection */
233 bool dead; /* Has the mux been shut down */
234 struct gsm_dlci *dlci[NUM_DLCI];
235 int old_c_iflag; /* termios c_iflag value before attach */
236 bool constipated; /* Asked by remote to shut up */
238 struct mutex tx_mutex;
239 unsigned int tx_bytes; /* TX data outstanding */
240 #define TX_THRESH_HI 8192
241 #define TX_THRESH_LO 2048
242 struct list_head tx_list; /* Pending data packets */
244 /* Control messages */
245 struct timer_list t2_timer; /* Retransmit timer for commands */
246 int cretries; /* Command retry counter */
247 struct gsm_control *pending_cmd;/* Our current pending command */
248 spinlock_t control_lock; /* Protects the pending command */
251 int adaption; /* 1 or 2 supported */
252 u8 ftype; /* UI or UIH */
253 int t1, t2; /* Timers in 1/100th of a sec */
254 int n2; /* Retry count */
256 /* Statistics (not currently exposed) */
257 unsigned long bad_fcs;
258 unsigned long malformed;
259 unsigned long io_error;
260 unsigned long bad_size;
261 unsigned long unsupported;
266 * Mux objects - needed so that we can translate a tty index into the
267 * relevant mux and DLCI.
270 #define MAX_MUX 4 /* 256 minors */
271 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
272 static spinlock_t gsm_mux_lock;
274 static struct tty_driver *gsm_tty_driver;
277 * This section of the driver logic implements the GSM encodings
278 * both the basic and the 'advanced'. Reliable transport is not
286 /* I is special: the rest are ..*/
297 /* Channel commands */
299 #define CMD_TEST 0x11
302 #define CMD_FCOFF 0x31
305 #define CMD_FCON 0x51
310 /* Virtual modem bits */
317 #define GSM0_SOF 0xF9
318 #define GSM1_SOF 0x7E
319 #define GSM1_ESCAPE 0x7D
320 #define GSM1_ESCAPE_BITS 0x20
323 #define ISO_IEC_646_MASK 0x7F
325 static const struct tty_port_operations gsm_port_ops;
328 * CRC table for GSM 0710
331 static const u8 gsm_fcs8[256] = {
332 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
333 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
334 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
335 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
336 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
337 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
338 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
339 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
340 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
341 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
342 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
343 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
344 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
345 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
346 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
347 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
348 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
349 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
350 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
351 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
352 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
353 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
354 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
355 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
356 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
357 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
358 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
359 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
360 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
361 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
362 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
363 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
366 #define INIT_FCS 0xFF
367 #define GOOD_FCS 0xCF
369 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
372 * gsm_fcs_add - update FCS
376 * Update the FCS to include c. Uses the algorithm in the specification
380 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
382 return gsm_fcs8[fcs ^ c];
386 * gsm_fcs_add_block - update FCS for a block
389 * @len: length of buffer
391 * Update the FCS to include c. Uses the algorithm in the specification
395 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
398 fcs = gsm_fcs8[fcs ^ *c++];
403 * gsm_read_ea - read a byte into an EA
404 * @val: variable holding value
405 * @c: byte going into the EA
407 * Processes one byte of an EA. Updates the passed variable
408 * and returns 1 if the EA is now completely read
411 static int gsm_read_ea(unsigned int *val, u8 c)
413 /* Add the next 7 bits into the value */
416 /* Was this the last byte of the EA 1 = yes*/
421 * gsm_read_ea_val - read a value until EA
422 * @val: variable holding value
423 * @data: buffer of data
424 * @dlen: length of data
426 * Processes an EA value. Updates the passed variable and
427 * returns the processed data length.
429 static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
431 unsigned int len = 0;
433 for (; dlen > 0; dlen--) {
435 if (gsm_read_ea(val, *data++))
442 * gsm_encode_modem - encode modem data bits
443 * @dlci: DLCI to encode from
445 * Returns the correct GSM encoded modem status bits (6 bit field) for
446 * the current status of the DLCI and attached tty object
449 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
452 /* FC is true flow control not modem bits */
455 if (dlci->modem_tx & TIOCM_DTR)
456 modembits |= MDM_RTC;
457 if (dlci->modem_tx & TIOCM_RTS)
458 modembits |= MDM_RTR;
459 if (dlci->modem_tx & TIOCM_RI)
461 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
467 * gsm_print_packet - display a frame for debug
468 * @hdr: header to print before decode
469 * @addr: address EA from the frame
470 * @cr: C/R bit from the frame
471 * @control: control including PF bit
472 * @data: following data bytes
473 * @dlen: length of data
475 * Displays a packet in human readable format for debugging purposes. The
476 * style is based on amateur radio LAP-B dump display.
479 static void gsm_print_packet(const char *hdr, int addr, int cr,
480 u8 control, const u8 *data, int dlen)
485 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
487 switch (control & ~PF) {
507 if (!(control & 0x01)) {
508 pr_cont("I N(S)%d N(R)%d",
509 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
510 } else switch (control & 0x0F) {
512 pr_cont("RR(%d)", (control & 0xE0) >> 5);
515 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
518 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
521 pr_cont("[%02X]", control);
530 print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen);
535 * Link level transmission side
539 * gsm_stuff_packet - bytestuff a packet
540 * @input: input buffer
541 * @output: output buffer
542 * @len: length of input
544 * Expand a buffer by bytestuffing it. The worst case size change
545 * is doubling and the caller is responsible for handing out
546 * suitable sized buffers.
549 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
553 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
554 || (*input & ISO_IEC_646_MASK) == XON
555 || (*input & ISO_IEC_646_MASK) == XOFF) {
556 *output++ = GSM1_ESCAPE;
557 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
560 *output++ = *input++;
567 * gsm_send - send a control frame
569 * @addr: address for control frame
570 * @cr: command/response bit
571 * @control: control byte including PF bit
573 * Format up and transmit a control frame. These do not go via the
574 * queueing logic as they should be transmitted ahead of data when
577 * FIXME: Lock versus data TX path
580 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
586 switch (gsm->encoding) {
589 cbuf[1] = (addr << 2) | (cr << 1) | EA;
591 cbuf[3] = EA; /* Length of data = 0 */
592 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
598 /* Control frame + packing (but not frame stuffing) in mode 1 */
599 ibuf[0] = (addr << 2) | (cr << 1) | EA;
601 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
602 /* Stuffing may double the size worst case */
603 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
604 /* Now add the SOF markers */
606 cbuf[len + 1] = GSM1_SOF;
607 /* FIXME: we can omit the lead one in many cases */
614 gsmld_output(gsm, cbuf, len);
615 gsm_print_packet("-->", addr, cr, control, NULL, 0);
619 * gsm_response - send a control response
621 * @addr: address for control frame
622 * @control: control byte including PF bit
624 * Format up and transmit a link level response frame.
627 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
629 gsm_send(gsm, addr, 0, control);
633 * gsm_command - send a control command
635 * @addr: address for control frame
636 * @control: control byte including PF bit
638 * Format up and transmit a link level command frame.
641 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
643 gsm_send(gsm, addr, 1, control);
646 /* Data transmission */
648 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
651 * gsm_data_alloc - allocate data frame
653 * @addr: DLCI address
654 * @len: length excluding header and FCS
655 * @ctrl: control byte
657 * Allocate a new data buffer for sending frames with data. Space is left
658 * at the front for header bytes but that is treated as an implementation
659 * detail and not for the high level code to use
662 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
665 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
669 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
673 INIT_LIST_HEAD(&m->list);
678 * gsm_is_flow_ctrl_msg - checks if flow control message
679 * @msg: message to check
681 * Returns true if the given message is a flow control command of the
682 * control channel. False is returned in any other case.
684 static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
691 switch (msg->ctrl & ~PF) {
695 if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
709 * gsm_data_kick - poke the queue
712 * The tty device has called us to indicate that room has appeared in
713 * the transmit queue. Ram more data into the pipe if we have any
714 * If we have been flow-stopped by a CMD_FCOFF, then we can only
715 * send messages on DLCI0 until CMD_FCON
717 * FIXME: lock against link layer control transmissions
720 static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
722 struct gsm_msg *msg, *nmsg;
725 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
726 if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
728 if (gsm->encoding != 0) {
729 gsm->txframe[0] = GSM1_SOF;
730 len = gsm_stuff_frame(msg->data,
731 gsm->txframe + 1, msg->len);
732 gsm->txframe[len + 1] = GSM1_SOF;
735 gsm->txframe[0] = GSM0_SOF;
736 memcpy(gsm->txframe + 1 , msg->data, msg->len);
737 gsm->txframe[msg->len + 1] = GSM0_SOF;
742 print_hex_dump_bytes("gsm_data_kick: ",
745 if (gsmld_output(gsm, gsm->txframe, len) < 0)
747 /* FIXME: Can eliminate one SOF in many more cases */
748 gsm->tx_bytes -= msg->len;
750 list_del(&msg->list);
754 tty_port_tty_wakeup(&dlci->port);
758 for (i = 0; i < NUM_DLCI; i++)
760 tty_port_tty_wakeup(&gsm->dlci[i]->port);
766 * __gsm_data_queue - queue a UI or UIH frame
767 * @dlci: DLCI sending the data
768 * @msg: message queued
770 * Add data to the transmit queue and try and get stuff moving
771 * out of the mux tty if not already doing so. The Caller must hold
775 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
777 struct gsm_mux *gsm = dlci->gsm;
779 u8 *fcs = dp + msg->len;
781 /* Fill in the header */
782 if (gsm->encoding == 0) {
784 *--dp = (msg->len << 1) | EA;
786 *--dp = (msg->len >> 7); /* bits 7 - 15 */
787 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
793 *--dp = (msg->addr << 2) | 2 | EA;
795 *--dp = (msg->addr << 2) | EA;
796 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
797 /* Ugly protocol layering violation */
798 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
799 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
802 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
803 msg->data, msg->len);
805 /* Move the header back and adjust the length, also allow for the FCS
806 now tacked on the end */
807 msg->len += (msg->data - dp) + 1;
810 /* Add to the actual output queue */
811 list_add_tail(&msg->list, &gsm->tx_list);
812 gsm->tx_bytes += msg->len;
813 gsm_data_kick(gsm, dlci);
817 * gsm_data_queue - queue a UI or UIH frame
818 * @dlci: DLCI sending the data
819 * @msg: message queued
821 * Add data to the transmit queue and try and get stuff moving
822 * out of the mux tty if not already doing so. Take the
823 * the gsm tx mutex and dlci lock.
826 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
828 mutex_lock(&dlci->gsm->tx_mutex);
829 __gsm_data_queue(dlci, msg);
830 mutex_unlock(&dlci->gsm->tx_mutex);
834 * gsm_dlci_data_output - try and push data out of a DLCI
836 * @dlci: the DLCI to pull data from
838 * Pull data from a DLCI and send it into the transmit queue if there
839 * is data. Keep to the MRU of the mux. This path handles the usual tty
840 * interface which is a byte stream with optional modem data.
842 * Caller must hold the tx_mutex of the mux.
845 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
851 /* for modem bits without break data */
852 h = ((dlci->adaption == 1) ? 0 : 1);
854 len = kfifo_len(&dlci->fifo);
858 /* MTU/MRU count only the data bits but watch adaption mode */
859 if ((len + h) > gsm->mtu)
864 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
865 /* FIXME: need a timer or something to kick this so it can't
866 * get stuck with no work outstanding and no buffer free
871 switch (dlci->adaption) {
872 case 1: /* Unstructured */
874 case 2: /* Unstructured with modem bits.
875 * Always one byte as we never send inline break data
877 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
880 pr_err("%s: unsupported adaption %d\n", __func__,
885 WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
888 /* Notify upper layer about available send space. */
889 tty_port_tty_wakeup(&dlci->port);
891 __gsm_data_queue(dlci, msg);
892 /* Bytes of data we used up */
897 * gsm_dlci_data_output_framed - try and push data out of a DLCI
899 * @dlci: the DLCI to pull data from
901 * Pull data from a DLCI and send it into the transmit queue if there
902 * is data. Keep to the MRU of the mux. This path handles framed data
903 * queued as skbuffs to the DLCI.
905 * Caller must hold the tx_mutex of the mux.
908 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
909 struct gsm_dlci *dlci)
914 int last = 0, first = 0;
917 /* One byte per frame is used for B/F flags */
918 if (dlci->adaption == 4)
921 /* dlci->skb is locked by tx_mutex */
922 if (dlci->skb == NULL) {
923 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
924 if (dlci->skb == NULL)
928 len = dlci->skb->len + overhead;
930 /* MTU/MRU count only the data bits */
931 if (len > gsm->mtu) {
932 if (dlci->adaption == 3) {
933 /* Over long frame, bin it */
934 dev_kfree_skb_any(dlci->skb);
942 size = len + overhead;
943 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
945 /* FIXME: need a timer or something to kick this so it can't
946 get stuck with no work outstanding and no buffer free */
948 skb_queue_tail(&dlci->skb_list, dlci->skb);
954 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
955 /* Flag byte to carry the start/end info */
956 *dp++ = last << 7 | first << 6 | 1; /* EA */
959 memcpy(dp, dlci->skb->data, len);
960 skb_pull(dlci->skb, len);
961 __gsm_data_queue(dlci, msg);
963 dev_kfree_skb_any(dlci->skb);
970 * gsm_dlci_data_sweep - look for data to send
973 * Sweep the GSM mux channels in priority order looking for ones with
974 * data to send. We could do with optimising this scan a bit. We aim
975 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
976 * TX_THRESH_LO we get called again
978 * FIXME: We should round robin between groups and in theory you can
979 * renegotiate DLCI priorities with optional stuff. Needs optimising.
982 static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
985 /* Priority ordering: We should do priority with RR of the groups */
988 while (i < NUM_DLCI) {
989 struct gsm_dlci *dlci;
991 if (gsm->tx_bytes > TX_THRESH_HI)
994 if (dlci == NULL || dlci->constipated) {
998 if (dlci->adaption < 3 && !dlci->net)
999 len = gsm_dlci_data_output(gsm, dlci);
1001 len = gsm_dlci_data_output_framed(gsm, dlci);
1004 /* DLCI empty - try the next */
1011 * gsm_dlci_data_kick - transmit if possible
1012 * @dlci: DLCI to kick
1014 * Transmit data from this DLCI if the queue is empty. We can't rely on
1015 * a tty wakeup except when we filled the pipe so we need to fire off
1016 * new data ourselves in other cases.
1019 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1023 if (dlci->constipated)
1026 mutex_lock(&dlci->gsm->tx_mutex);
1027 /* If we have nothing running then we need to fire up */
1028 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1029 if (dlci->gsm->tx_bytes == 0) {
1031 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1033 gsm_dlci_data_output(dlci->gsm, dlci);
1036 gsm_dlci_data_sweep(dlci->gsm);
1037 mutex_unlock(&dlci->gsm->tx_mutex);
1041 * Control message processing
1046 * gsm_control_reply - send a response frame to a control
1048 * @cmd: the command to use
1049 * @data: data to follow encoded info
1050 * @dlen: length of data
1052 * Encode up and queue a UI/UIH frame containing our response.
1055 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1058 struct gsm_msg *msg;
1059 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1062 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1063 msg->data[1] = (dlen << 1) | EA;
1064 memcpy(msg->data + 2, data, dlen);
1065 gsm_data_queue(gsm->dlci[0], msg);
1069 * gsm_process_modem - process received modem status
1070 * @tty: virtual tty bound to the DLCI
1071 * @dlci: DLCI to affect
1072 * @modem: modem bits (full EA)
1074 * Used when a modem control message or line state inline in adaption
1075 * layer 2 is processed. Sort out the local modem state and throttles
1078 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1079 u32 modem, int clen)
1085 /* The modem status command can either contain one octet (v.24 signals)
1086 or two octets (v.24 signals + break signals). The length field will
1087 either be 2 or 3 respectively. This is specified in section
1088 5.4.6.3.7 of the 27.010 mux spec. */
1091 modem = modem & 0x7f;
1094 modem = (modem >> 7) & 0x7f;
1097 /* Flow control/ready to communicate */
1098 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1099 if (fc && !dlci->constipated) {
1100 /* Need to throttle our output on this device */
1101 dlci->constipated = true;
1102 } else if (!fc && dlci->constipated) {
1103 dlci->constipated = false;
1104 gsm_dlci_data_kick(dlci);
1107 /* Map modem bits */
1108 if (modem & MDM_RTC)
1109 mlines |= TIOCM_DSR | TIOCM_DTR;
1110 if (modem & MDM_RTR)
1111 mlines |= TIOCM_RTS | TIOCM_CTS;
1117 /* Carrier drop -> hangup */
1119 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1124 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1125 dlci->modem_rx = mlines;
1129 * gsm_control_modem - modem status received
1131 * @data: data following command
1132 * @clen: command length
1134 * We have received a modem status control message. This is used by
1135 * the GSM mux protocol to pass virtual modem line status and optionally
1136 * to indicate break signals. Unpack it, convert to Linux representation
1137 * and if need be stuff a break message down the tty.
1140 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1142 unsigned int addr = 0;
1143 unsigned int modem = 0;
1144 unsigned int brk = 0;
1145 struct gsm_dlci *dlci;
1147 const u8 *dp = data;
1148 struct tty_struct *tty;
1150 while (gsm_read_ea(&addr, *dp++) == 0) {
1155 /* Must be at least one byte following the EA */
1161 /* Closed port, or invalid ? */
1162 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1164 dlci = gsm->dlci[addr];
1166 while (gsm_read_ea(&modem, *dp++) == 0) {
1173 while (gsm_read_ea(&brk, *dp++) == 0) {
1179 modem |= (brk & 0x7f);
1181 tty = tty_port_tty_get(&dlci->port);
1182 gsm_process_modem(tty, dlci, modem, clen);
1187 gsm_control_reply(gsm, CMD_MSC, data, clen);
1191 * gsm_control_rls - remote line status
1194 * @clen: data length
1196 * The modem sends us a two byte message on the control channel whenever
1197 * it wishes to send us an error state from the virtual link. Stuff
1198 * this into the uplink tty if present
1201 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1203 struct tty_port *port;
1204 unsigned int addr = 0;
1207 const u8 *dp = data;
1209 while (gsm_read_ea(&addr, *dp++) == 0) {
1214 /* Must be at least one byte following ea */
1219 /* Closed port, or invalid ? */
1220 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1224 if ((bits & 1) == 0)
1227 port = &gsm->dlci[addr]->port;
1230 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1232 tty_insert_flip_char(port, 0, TTY_PARITY);
1234 tty_insert_flip_char(port, 0, TTY_FRAME);
1236 tty_flip_buffer_push(port);
1238 gsm_control_reply(gsm, CMD_RLS, data, clen);
1241 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1244 * gsm_control_message - DLCI 0 control processing
1246 * @command: the command EA
1247 * @data: data beyond the command/length EAs
1250 * Input processor for control messages from the other end of the link.
1251 * Processes the incoming request and queues a response frame or an
1252 * NSC response if not supported
1255 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1256 const u8 *data, int clen)
1262 struct gsm_dlci *dlci = gsm->dlci[0];
1263 /* Modem wishes to close down */
1267 gsm_dlci_begin_close(dlci);
1272 /* Modem wishes to test, reply with the data */
1273 gsm_control_reply(gsm, CMD_TEST, data, clen);
1276 /* Modem can accept data again */
1277 gsm->constipated = false;
1278 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1279 /* Kick the link in case it is idling */
1280 mutex_lock(&gsm->tx_mutex);
1281 gsm_data_kick(gsm, NULL);
1282 mutex_unlock(&gsm->tx_mutex);
1285 /* Modem wants us to STFU */
1286 gsm->constipated = true;
1287 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1290 /* Out of band modem line change indicator for a DLCI */
1291 gsm_control_modem(gsm, data, clen);
1294 /* Out of band error reception for a DLCI */
1295 gsm_control_rls(gsm, data, clen);
1298 /* Modem wishes to enter power saving state */
1299 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1301 /* Optional unsupported commands */
1302 case CMD_PN: /* Parameter negotiation */
1303 case CMD_RPN: /* Remote port negotiation */
1304 case CMD_SNC: /* Service negotiation command */
1306 /* Reply to bad commands with an NSC */
1308 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1314 * gsm_control_response - process a response to our control
1316 * @command: the command (response) EA
1317 * @data: data beyond the command/length EA
1320 * Process a response to an outstanding command. We only allow a single
1321 * control message in flight so this is fairly easy. All the clean up
1322 * is done by the caller, we just update the fields, flag it as done
1326 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1327 const u8 *data, int clen)
1329 struct gsm_control *ctrl;
1330 unsigned long flags;
1332 spin_lock_irqsave(&gsm->control_lock, flags);
1334 ctrl = gsm->pending_cmd;
1335 /* Does the reply match our command */
1337 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1338 /* Our command was replied to, kill the retry timer */
1339 del_timer(&gsm->t2_timer);
1340 gsm->pending_cmd = NULL;
1341 /* Rejected by the other end */
1342 if (command == CMD_NSC)
1343 ctrl->error = -EOPNOTSUPP;
1345 wake_up(&gsm->event);
1347 spin_unlock_irqrestore(&gsm->control_lock, flags);
1351 * gsm_control_transmit - send control packet
1353 * @ctrl: frame to send
1355 * Send out a pending control command (called under control lock)
1358 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1360 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1363 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */
1364 msg->data[1] = (ctrl->len << 1) | EA;
1365 memcpy(msg->data + 2, ctrl->data, ctrl->len);
1366 gsm_data_queue(gsm->dlci[0], msg);
1370 * gsm_control_retransmit - retransmit a control frame
1371 * @t: timer contained in our gsm object
1373 * Called off the T2 timer expiry in order to retransmit control frames
1374 * that have been lost in the system somewhere. The control_lock protects
1375 * us from colliding with another sender or a receive completion event.
1376 * In that situation the timer may still occur in a small window but
1377 * gsm->pending_cmd will be NULL and we just let the timer expire.
1380 static void gsm_control_retransmit(struct timer_list *t)
1382 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1383 struct gsm_control *ctrl;
1384 unsigned long flags;
1385 spin_lock_irqsave(&gsm->control_lock, flags);
1386 ctrl = gsm->pending_cmd;
1388 if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
1389 gsm->pending_cmd = NULL;
1390 ctrl->error = -ETIMEDOUT;
1392 spin_unlock_irqrestore(&gsm->control_lock, flags);
1393 wake_up(&gsm->event);
1397 gsm_control_transmit(gsm, ctrl);
1398 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1400 spin_unlock_irqrestore(&gsm->control_lock, flags);
1404 * gsm_control_send - send a control frame on DLCI 0
1405 * @gsm: the GSM channel
1406 * @command: command to send including CR bit
1407 * @data: bytes of data (must be kmalloced)
1408 * @clen: length of the block to send
1410 * Queue and dispatch a control command. Only one command can be
1411 * active at a time. In theory more can be outstanding but the matching
1412 * gets really complicated so for now stick to one outstanding.
1415 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1416 unsigned int command, u8 *data, int clen)
1418 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1420 unsigned long flags;
1424 wait_event(gsm->event, gsm->pending_cmd == NULL);
1425 spin_lock_irqsave(&gsm->control_lock, flags);
1426 if (gsm->pending_cmd != NULL) {
1427 spin_unlock_irqrestore(&gsm->control_lock, flags);
1430 ctrl->cmd = command;
1433 gsm->pending_cmd = ctrl;
1435 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1436 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1439 gsm->cretries = gsm->n2;
1441 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1442 gsm_control_transmit(gsm, ctrl);
1443 spin_unlock_irqrestore(&gsm->control_lock, flags);
1448 * gsm_control_wait - wait for a control to finish
1450 * @control: control we are waiting on
1452 * Waits for the control to complete or time out. Frees any used
1453 * resources and returns 0 for success, or an error if the remote
1454 * rejected or ignored the request.
1457 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1460 wait_event(gsm->event, control->done == 1);
1461 err = control->error;
1468 * DLCI level handling: Needs krefs
1472 * State transitions and timers
1476 * gsm_dlci_close - a DLCI has closed
1477 * @dlci: DLCI that closed
1479 * Perform processing when moving a DLCI into closed state. If there
1480 * is an attached tty this is hung up
1483 static void gsm_dlci_close(struct gsm_dlci *dlci)
1485 unsigned long flags;
1487 del_timer(&dlci->t1);
1489 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1490 dlci->state = DLCI_CLOSED;
1491 /* Prevent us from sending data before the link is up again */
1492 dlci->constipated = true;
1493 if (dlci->addr != 0) {
1494 tty_port_tty_hangup(&dlci->port, false);
1495 spin_lock_irqsave(&dlci->lock, flags);
1496 kfifo_reset(&dlci->fifo);
1497 spin_unlock_irqrestore(&dlci->lock, flags);
1498 /* Ensure that gsmtty_open() can return. */
1499 tty_port_set_initialized(&dlci->port, 0);
1500 wake_up_interruptible(&dlci->port.open_wait);
1502 dlci->gsm->dead = true;
1503 wake_up(&dlci->gsm->event);
1504 /* A DLCI 0 close is a MUX termination so we need to kick that
1505 back to userspace somehow */
1509 * gsm_dlci_open - a DLCI has opened
1510 * @dlci: DLCI that opened
1512 * Perform processing when moving a DLCI into open state.
1515 static void gsm_dlci_open(struct gsm_dlci *dlci)
1517 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1519 del_timer(&dlci->t1);
1520 /* This will let a tty open continue */
1521 dlci->state = DLCI_OPEN;
1522 dlci->constipated = false;
1524 pr_debug("DLCI %d goes open.\n", dlci->addr);
1525 wake_up(&dlci->gsm->event);
1529 * gsm_dlci_t1 - T1 timer expiry
1530 * @t: timer contained in the DLCI that opened
1532 * The T1 timer handles retransmits of control frames (essentially of
1533 * SABM and DISC). We resend the command until the retry count runs out
1534 * in which case an opening port goes back to closed and a closing port
1535 * is simply put into closed state (any further frames from the other
1536 * end will get a DM response)
1538 * Some control dlci can stay in ADM mode with other dlci working just
1539 * fine. In that case we can just keep the control dlci open after the
1540 * DLCI_OPENING retries time out.
1543 static void gsm_dlci_t1(struct timer_list *t)
1545 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1546 struct gsm_mux *gsm = dlci->gsm;
1548 switch (dlci->state) {
1550 if (dlci->retries) {
1552 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1553 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1554 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1556 pr_info("DLCI %d opening in ADM mode.\n",
1558 dlci->mode = DLCI_MODE_ADM;
1559 gsm_dlci_open(dlci);
1561 gsm_dlci_begin_close(dlci); /* prevent half open link */
1566 if (dlci->retries) {
1568 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1569 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1571 gsm_dlci_close(dlci);
1574 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1580 * gsm_dlci_begin_open - start channel open procedure
1581 * @dlci: DLCI to open
1583 * Commence opening a DLCI from the Linux side. We issue SABM messages
1584 * to the modem which should then reply with a UA or ADM, at which point
1585 * we will move into open state. Opening is done asynchronously with retry
1586 * running off timers and the responses.
1589 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1591 struct gsm_mux *gsm = dlci->gsm;
1592 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1594 dlci->retries = gsm->n2;
1595 dlci->state = DLCI_OPENING;
1596 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1597 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1601 * gsm_dlci_set_opening - change state to opening
1602 * @dlci: DLCI to open
1604 * Change internal state to wait for DLCI open from initiator side.
1605 * We set off timers and responses upon reception of an SABM.
1607 static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1609 switch (dlci->state) {
1612 dlci->state = DLCI_OPENING;
1620 * gsm_dlci_begin_close - start channel open procedure
1621 * @dlci: DLCI to open
1623 * Commence closing a DLCI from the Linux side. We issue DISC messages
1624 * to the modem which should then reply with a UA, at which point we
1625 * will move into closed state. Closing is done asynchronously with retry
1626 * off timers. We may also receive a DM reply from the other end which
1627 * indicates the channel was already closed.
1630 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1632 struct gsm_mux *gsm = dlci->gsm;
1633 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1635 dlci->retries = gsm->n2;
1636 dlci->state = DLCI_CLOSING;
1637 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1638 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1642 * gsm_dlci_data - data arrived
1644 * @data: block of bytes received
1645 * @clen: length of received block
1647 * A UI or UIH frame has arrived which contains data for a channel
1648 * other than the control channel. If the relevant virtual tty is
1649 * open we shovel the bits down it, if not we drop them.
1652 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1655 struct tty_port *port = &dlci->port;
1656 struct tty_struct *tty;
1657 unsigned int modem = 0;
1661 pr_debug("%d bytes for tty\n", len);
1662 switch (dlci->adaption) {
1663 /* Unsupported types */
1664 case 4: /* Packetised interruptible data */
1666 case 3: /* Packetised uininterruptible voice/data */
1668 case 2: /* Asynchronous serial with line state in each frame */
1669 while (gsm_read_ea(&modem, *data++) == 0) {
1674 tty = tty_port_tty_get(port);
1676 gsm_process_modem(tty, dlci, modem, clen);
1680 case 1: /* Line state will go via DLCI 0 controls only */
1682 tty_insert_flip_string(port, data, len);
1683 tty_flip_buffer_push(port);
1688 * gsm_dlci_control - data arrived on control channel
1690 * @data: block of bytes received
1691 * @len: length of received block
1693 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1694 * control channel. This should contain a command EA followed by
1695 * control data bytes. The command EA contains a command/response bit
1696 * and we divide up the work accordingly.
1699 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1701 /* See what command is involved */
1702 unsigned int command = 0;
1704 if (gsm_read_ea(&command, *data++) == 1) {
1707 /* FIXME: this is properly an EA */
1709 /* Malformed command ? */
1713 gsm_control_message(dlci->gsm, command,
1716 gsm_control_response(dlci->gsm, command,
1724 * Allocate/Free DLCI channels
1728 * gsm_dlci_alloc - allocate a DLCI
1730 * @addr: address of the DLCI
1732 * Allocate and install a new DLCI object into the GSM mux.
1734 * FIXME: review locking races
1737 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1739 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1742 spin_lock_init(&dlci->lock);
1743 mutex_init(&dlci->mutex);
1744 if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
1749 skb_queue_head_init(&dlci->skb_list);
1750 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
1751 tty_port_init(&dlci->port);
1752 dlci->port.ops = &gsm_port_ops;
1755 dlci->adaption = gsm->adaption;
1756 dlci->state = DLCI_CLOSED;
1758 dlci->data = gsm_dlci_data;
1759 /* Prevent us from sending data before the link is up */
1760 dlci->constipated = true;
1762 dlci->data = gsm_dlci_command;
1764 gsm->dlci[addr] = dlci;
1769 * gsm_dlci_free - free DLCI
1770 * @port: tty port for DLCI to free
1776 static void gsm_dlci_free(struct tty_port *port)
1778 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1780 del_timer_sync(&dlci->t1);
1781 dlci->gsm->dlci[dlci->addr] = NULL;
1782 kfifo_free(&dlci->fifo);
1783 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1784 dev_kfree_skb(dlci->skb);
1788 static inline void dlci_get(struct gsm_dlci *dlci)
1790 tty_port_get(&dlci->port);
1793 static inline void dlci_put(struct gsm_dlci *dlci)
1795 tty_port_put(&dlci->port);
1798 static void gsm_destroy_network(struct gsm_dlci *dlci);
1801 * gsm_dlci_release - release DLCI
1802 * @dlci: DLCI to destroy
1804 * Release a DLCI. Actual free is deferred until either
1805 * mux is closed or tty is closed - whichever is last.
1809 static void gsm_dlci_release(struct gsm_dlci *dlci)
1811 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1813 mutex_lock(&dlci->mutex);
1814 gsm_destroy_network(dlci);
1815 mutex_unlock(&dlci->mutex);
1817 /* We cannot use tty_hangup() because in tty_kref_put() the tty
1818 * driver assumes that the hangup queue is free and reuses it to
1819 * queue release_one_tty() -> NULL pointer panic in
1820 * process_one_work().
1824 tty_port_tty_set(&dlci->port, NULL);
1827 dlci->state = DLCI_CLOSED;
1832 * LAPBish link layer logic
1836 * gsm_queue - a GSM frame is ready to process
1837 * @gsm: pointer to our gsm mux
1839 * At this point in time a frame has arrived and been demangled from
1840 * the line encoding. All the differences between the encodings have
1841 * been handled below us and the frame is unpacked into the structures.
1842 * The fcs holds the header FCS but any data FCS must be added here.
1845 static void gsm_queue(struct gsm_mux *gsm)
1847 struct gsm_dlci *dlci;
1850 /* We have to sneak a look at the packet body to do the FCS.
1851 A somewhat layering violation in the spec */
1853 if ((gsm->control & ~PF) == UI)
1854 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
1855 if (gsm->encoding == 0) {
1856 /* WARNING: gsm->received_fcs is used for
1857 gsm->encoding = 0 only.
1858 In this case it contain the last piece of data
1859 required to generate final CRC */
1860 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1862 if (gsm->fcs != GOOD_FCS) {
1865 pr_debug("BAD FCS %02x\n", gsm->fcs);
1868 address = gsm->address >> 1;
1869 if (address >= NUM_DLCI)
1872 cr = gsm->address & 1; /* C/R bit */
1874 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1876 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1877 dlci = gsm->dlci[address];
1879 switch (gsm->control) {
1884 dlci = gsm_dlci_alloc(gsm, address);
1888 gsm_response(gsm, address, DM);
1890 gsm_response(gsm, address, UA);
1891 gsm_dlci_open(dlci);
1897 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1898 gsm_response(gsm, address, DM);
1901 /* Real close complete */
1902 gsm_response(gsm, address, UA);
1903 gsm_dlci_close(dlci);
1906 if (cr == 0 || dlci == NULL)
1908 switch (dlci->state) {
1910 gsm_dlci_close(dlci);
1913 gsm_dlci_open(dlci);
1916 pr_debug("%s: unhandled state: %d\n", __func__,
1921 case DM: /* DM can be valid unsolicited */
1927 gsm_dlci_close(dlci);
1937 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1938 gsm_response(gsm, address, DM|PF);
1941 dlci->data(dlci, gsm->buf, gsm->len);
1954 * gsm0_receive - perform processing for non-transparency
1955 * @gsm: gsm data for this ldisc instance
1958 * Receive bytes in gsm mode 0
1961 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1965 switch (gsm->state) {
1966 case GSM_SEARCH: /* SOF marker */
1967 if (c == GSM0_SOF) {
1968 gsm->state = GSM_ADDRESS;
1971 gsm->fcs = INIT_FCS;
1974 case GSM_ADDRESS: /* Address EA */
1975 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1976 if (gsm_read_ea(&gsm->address, c))
1977 gsm->state = GSM_CONTROL;
1979 case GSM_CONTROL: /* Control Byte */
1980 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1982 gsm->state = GSM_LEN0;
1984 case GSM_LEN0: /* Length EA */
1985 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1986 if (gsm_read_ea(&gsm->len, c)) {
1987 if (gsm->len > gsm->mru) {
1989 gsm->state = GSM_SEARCH;
1994 gsm->state = GSM_FCS;
1996 gsm->state = GSM_DATA;
1999 gsm->state = GSM_LEN1;
2002 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2004 gsm->len |= len << 7;
2005 if (gsm->len > gsm->mru) {
2007 gsm->state = GSM_SEARCH;
2012 gsm->state = GSM_FCS;
2014 gsm->state = GSM_DATA;
2016 case GSM_DATA: /* Data */
2017 gsm->buf[gsm->count++] = c;
2018 if (gsm->count == gsm->len)
2019 gsm->state = GSM_FCS;
2021 case GSM_FCS: /* FCS follows the packet */
2022 gsm->received_fcs = c;
2024 gsm->state = GSM_SSOF;
2027 if (c == GSM0_SOF) {
2028 gsm->state = GSM_SEARCH;
2033 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2039 * gsm1_receive - perform processing for non-transparency
2040 * @gsm: gsm data for this ldisc instance
2043 * Receive bytes in mode 1 (Advanced option)
2046 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2048 /* handle XON/XOFF */
2049 if ((c & ISO_IEC_646_MASK) == XON) {
2050 gsm->constipated = true;
2052 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2053 gsm->constipated = false;
2054 /* Kick the link in case it is idling */
2055 gsm_data_kick(gsm, NULL);
2058 if (c == GSM1_SOF) {
2059 /* EOF is only valid in frame if we have got to the data state
2060 and received at least one byte (the FCS) */
2061 if (gsm->state == GSM_DATA && gsm->count) {
2062 /* Extract the FCS */
2064 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2065 gsm->len = gsm->count;
2067 gsm->state = GSM_START;
2070 /* Any partial frame was a runt so go back to start */
2071 if (gsm->state != GSM_START) {
2072 if (gsm->state != GSM_SEARCH)
2074 gsm->state = GSM_START;
2076 /* A SOF in GSM_START means we are still reading idling or
2081 if (c == GSM1_ESCAPE) {
2086 /* Only an unescaped SOF gets us out of GSM search */
2087 if (gsm->state == GSM_SEARCH)
2091 c ^= GSM1_ESCAPE_BITS;
2092 gsm->escape = false;
2094 switch (gsm->state) {
2095 case GSM_START: /* First byte after SOF */
2097 gsm->state = GSM_ADDRESS;
2098 gsm->fcs = INIT_FCS;
2100 case GSM_ADDRESS: /* Address continuation */
2101 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2102 if (gsm_read_ea(&gsm->address, c))
2103 gsm->state = GSM_CONTROL;
2105 case GSM_CONTROL: /* Control Byte */
2106 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2109 gsm->state = GSM_DATA;
2111 case GSM_DATA: /* Data */
2112 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2113 gsm->state = GSM_OVERRUN;
2116 gsm->buf[gsm->count++] = c;
2118 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2121 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2127 * gsm_error - handle tty error
2129 * @data: byte received (may be invalid)
2130 * @flag: error received
2132 * Handle an error in the receipt of data for a frame. Currently we just
2133 * go back to hunting for a SOF.
2135 * FIXME: better diagnostics ?
2138 static void gsm_error(struct gsm_mux *gsm,
2139 unsigned char data, unsigned char flag)
2141 gsm->state = GSM_SEARCH;
2146 * gsm_cleanup_mux - generic GSM protocol cleanup
2148 * @disc: disconnect link?
2150 * Clean up the bits of the mux which are the same for all framing
2151 * protocols. Remove the mux from the mux table, stop all the timers
2152 * and then shut down each device hanging up the channels as we go.
2155 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2158 struct gsm_dlci *dlci = gsm->dlci[0];
2159 struct gsm_msg *txq, *ntxq;
2162 mutex_lock(&gsm->mutex);
2165 if (disc && dlci->state != DLCI_CLOSED) {
2166 gsm_dlci_begin_close(dlci);
2167 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2172 /* Finish outstanding timers, making sure they are done */
2173 del_timer_sync(&gsm->t2_timer);
2175 /* Free up any link layer users and finally the control channel */
2176 for (i = NUM_DLCI - 1; i >= 0; i--)
2178 gsm_dlci_release(gsm->dlci[i]);
2179 mutex_unlock(&gsm->mutex);
2180 /* Now wipe the queues */
2181 tty_ldisc_flush(gsm->tty);
2182 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2184 INIT_LIST_HEAD(&gsm->tx_list);
2188 * gsm_activate_mux - generic GSM setup
2191 * Set up the bits of the mux which are the same for all framing
2192 * protocols. Add the mux to the mux table so it can be opened and
2193 * finally kick off connecting to DLCI 0 on the modem.
2196 static int gsm_activate_mux(struct gsm_mux *gsm)
2198 struct gsm_dlci *dlci;
2200 if (gsm->encoding == 0)
2201 gsm->receive = gsm0_receive;
2203 gsm->receive = gsm1_receive;
2205 dlci = gsm_dlci_alloc(gsm, 0);
2208 gsm->dead = false; /* Tty opens are now permissible */
2213 * gsm_free_mux - free up a mux
2216 * Dispose of allocated resources for a dead mux
2218 static void gsm_free_mux(struct gsm_mux *gsm)
2222 for (i = 0; i < MAX_MUX; i++) {
2223 if (gsm == gsm_mux[i]) {
2228 mutex_destroy(&gsm->tx_mutex);
2229 mutex_destroy(&gsm->mutex);
2230 kfree(gsm->txframe);
2236 * gsm_free_muxr - free up a mux
2237 * @ref: kreference to the mux to free
2239 * Dispose of allocated resources for a dead mux
2241 static void gsm_free_muxr(struct kref *ref)
2243 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2247 static inline void mux_get(struct gsm_mux *gsm)
2249 unsigned long flags;
2251 spin_lock_irqsave(&gsm_mux_lock, flags);
2252 kref_get(&gsm->ref);
2253 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2256 static inline void mux_put(struct gsm_mux *gsm)
2258 unsigned long flags;
2260 spin_lock_irqsave(&gsm_mux_lock, flags);
2261 kref_put(&gsm->ref, gsm_free_muxr);
2262 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2265 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2267 return gsm->num * NUM_DLCI;
2270 static inline unsigned int mux_line_to_num(unsigned int line)
2272 return line / NUM_DLCI;
2276 * gsm_alloc_mux - allocate a mux
2278 * Creates a new mux ready for activation.
2281 static struct gsm_mux *gsm_alloc_mux(void)
2284 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2287 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2288 if (gsm->buf == NULL) {
2292 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2293 if (gsm->txframe == NULL) {
2298 spin_lock_init(&gsm->lock);
2299 mutex_init(&gsm->mutex);
2300 mutex_init(&gsm->tx_mutex);
2301 kref_init(&gsm->ref);
2302 INIT_LIST_HEAD(&gsm->tx_list);
2303 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2304 init_waitqueue_head(&gsm->event);
2305 spin_lock_init(&gsm->control_lock);
2313 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2315 gsm->dead = true; /* Avoid early tty opens */
2317 /* Store the instance to the mux array or abort if no space is
2320 spin_lock(&gsm_mux_lock);
2321 for (i = 0; i < MAX_MUX; i++) {
2328 spin_unlock(&gsm_mux_lock);
2330 mutex_destroy(&gsm->tx_mutex);
2331 mutex_destroy(&gsm->mutex);
2332 kfree(gsm->txframe);
2341 static void gsm_copy_config_values(struct gsm_mux *gsm,
2342 struct gsm_config *c)
2344 memset(c, 0, sizeof(*c));
2345 c->adaption = gsm->adaption;
2346 c->encapsulation = gsm->encoding;
2347 c->initiator = gsm->initiator;
2350 c->t3 = 0; /* Not supported */
2352 if (gsm->ftype == UIH)
2356 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2362 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2366 int need_restart = 0;
2368 /* Stuff we don't support yet - UI or I frame transport, windowing */
2369 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2371 /* Check the MRU/MTU range looks sane */
2372 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2376 if (c->encapsulation > 1) /* Basic, advanced, no I */
2378 if (c->initiator > 1)
2380 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2383 * See what is needed for reconfiguration
2387 if (c->t1 != 0 && c->t1 != gsm->t1)
2389 if (c->t2 != 0 && c->t2 != gsm->t2)
2391 if (c->encapsulation != gsm->encoding)
2393 if (c->adaption != gsm->adaption)
2396 if (c->initiator != gsm->initiator)
2398 if (c->mru != gsm->mru)
2400 if (c->mtu != gsm->mtu)
2404 * Close down what is needed, restart and initiate the new
2405 * configuration. On the first time there is no DLCI[0]
2406 * and closing or cleaning up is not necessary.
2408 if (need_close || need_restart)
2409 gsm_cleanup_mux(gsm, true);
2411 gsm->initiator = c->initiator;
2414 gsm->encoding = c->encapsulation;
2415 gsm->adaption = c->adaption;
2429 * FIXME: We need to separate activation/deactivation from adding
2430 * and removing from the mux array
2433 ret = gsm_activate_mux(gsm);
2437 gsm_dlci_begin_open(gsm->dlci[0]);
2443 * gsmld_output - write to link
2445 * @data: bytes to output
2448 * Write a block of data from the GSM mux to the data channel. This
2449 * will eventually be serialized from above but at the moment isn't.
2452 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2454 if (tty_write_room(gsm->tty) < len) {
2455 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2459 print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2461 gsm->tty->ops->write(gsm->tty, data, len);
2466 * gsmld_attach_gsm - mode set up
2467 * @tty: our tty structure
2470 * Set up the MUX for basic mode and commence connecting to the
2471 * modem. Currently called from the line discipline set up but
2472 * will need moving to an ioctl path.
2475 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2480 gsm->tty = tty_kref_get(tty);
2481 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2482 gsm->old_c_iflag = tty->termios.c_iflag;
2483 tty->termios.c_iflag &= (IXON | IXOFF);
2484 ret = gsm_activate_mux(gsm);
2486 tty_kref_put(gsm->tty);
2488 /* Don't register device 0 - this is the control channel and not
2489 a usable tty interface */
2490 base = mux_num_to_base(gsm); /* Base for this MUX */
2491 for (i = 1; i < NUM_DLCI; i++) {
2494 dev = tty_register_device(gsm_tty_driver,
2497 for (i--; i >= 1; i--)
2498 tty_unregister_device(gsm_tty_driver,
2500 return PTR_ERR(dev);
2509 * gsmld_detach_gsm - stop doing 0710 mux
2510 * @tty: tty attached to the mux
2513 * Shutdown and then clean up the resources used by the line discipline
2516 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2518 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
2521 WARN_ON(tty != gsm->tty);
2522 for (i = 1; i < NUM_DLCI; i++)
2523 tty_unregister_device(gsm_tty_driver, base + i);
2524 /* Restore tty XON/XOFF handling. */
2525 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2526 tty_kref_put(gsm->tty);
2530 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2531 char *fp, int count)
2533 struct gsm_mux *gsm = tty->disc_data;
2534 const unsigned char *dp;
2537 char flags = TTY_NORMAL;
2540 print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2543 for (i = count, dp = cp, f = fp; i; i--, dp++) {
2548 gsm->receive(gsm, *dp);
2554 gsm_error(gsm, *dp, flags);
2557 WARN_ONCE(1, "%s: unknown flag %d\n",
2558 tty_name(tty), flags);
2562 /* FASYNC if needed ? */
2563 /* If clogged call tty_throttle(tty); */
2567 * gsmld_flush_buffer - clean input queue
2568 * @tty: terminal device
2570 * Flush the input buffer. Called when the line discipline is
2571 * being closed, when the tty layer wants the buffer flushed (eg
2575 static void gsmld_flush_buffer(struct tty_struct *tty)
2580 * gsmld_close - close the ldisc for this tty
2583 * Called from the terminal layer when this line discipline is
2584 * being shut down, either because of a close or becsuse of a
2585 * discipline change. The function will not be called while other
2586 * ldisc methods are in progress.
2589 static void gsmld_close(struct tty_struct *tty)
2591 struct gsm_mux *gsm = tty->disc_data;
2593 /* The ldisc locks and closes the port before calling our close. This
2594 * means we have no way to do a proper disconnect. We will not bother
2597 gsm_cleanup_mux(gsm, false);
2599 gsmld_detach_gsm(tty, gsm);
2601 gsmld_flush_buffer(tty);
2602 /* Do other clean up here */
2607 * gsmld_open - open an ldisc
2608 * @tty: terminal to open
2610 * Called when this line discipline is being attached to the
2611 * terminal device. Can sleep. Called serialized so that no
2612 * other events will occur in parallel. No further open will occur
2616 static int gsmld_open(struct tty_struct *tty)
2618 struct gsm_mux *gsm;
2621 if (tty->ops->write == NULL)
2624 /* Attach our ldisc data */
2625 gsm = gsm_alloc_mux();
2629 tty->disc_data = gsm;
2630 tty->receive_room = 65536;
2632 /* Attach the initial passive connection */
2635 ret = gsmld_attach_gsm(tty, gsm);
2637 gsm_cleanup_mux(gsm, false);
2644 * gsmld_write_wakeup - asynchronous I/O notifier
2647 * Required for the ptys, serial driver etc. since processes
2648 * that attach themselves to the master and rely on ASYNC
2649 * IO must be woken up
2652 static void gsmld_write_wakeup(struct tty_struct *tty)
2654 struct gsm_mux *gsm = tty->disc_data;
2657 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2658 mutex_lock(&gsm->tx_mutex);
2659 gsm_data_kick(gsm, NULL);
2660 if (gsm->tx_bytes < TX_THRESH_LO) {
2661 gsm_dlci_data_sweep(gsm);
2663 mutex_unlock(&gsm->tx_mutex);
2667 * gsmld_read - read function for tty
2669 * @file: file object
2670 * @buf: userspace buffer pointer
2673 * Perform reads for the line discipline. We are guaranteed that the
2674 * line discipline will not be closed under us but we may get multiple
2675 * parallel readers and must handle this ourselves. We may also get
2676 * a hangup. Always called in user context, may sleep.
2678 * This code must be sure never to sleep through a hangup.
2681 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2682 unsigned char *buf, size_t nr,
2683 void **cookie, unsigned long offset)
2689 * gsmld_write - write function for tty
2691 * @file: file object
2692 * @buf: userspace buffer pointer
2695 * Called when the owner of the device wants to send a frame
2696 * itself (or some other control data). The data is transferred
2697 * as-is and must be properly framed and checksummed as appropriate
2698 * by userspace. Frames are either sent whole or not at all as this
2699 * avoids pain user side.
2702 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2703 const unsigned char *buf, size_t nr)
2705 struct gsm_mux *gsm = tty->disc_data;
2713 mutex_lock(&gsm->tx_mutex);
2714 space = tty_write_room(tty);
2716 ret = tty->ops->write(tty, buf, nr);
2718 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2719 mutex_unlock(&gsm->tx_mutex);
2725 * gsmld_poll - poll method for N_GSM0710
2726 * @tty: terminal device
2727 * @file: file accessing it
2730 * Called when the line discipline is asked to poll() for data or
2731 * for special events. This code is not serialized with respect to
2732 * other events save open/close.
2734 * This code must be sure never to sleep through a hangup.
2735 * Called without the kernel lock held - fine
2738 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
2742 struct gsm_mux *gsm = tty->disc_data;
2744 poll_wait(file, &tty->read_wait, wait);
2745 poll_wait(file, &tty->write_wait, wait);
2749 if (tty_hung_up_p(file))
2751 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2753 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2754 mask |= EPOLLOUT | EPOLLWRNORM;
2758 static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2759 unsigned int cmd, unsigned long arg)
2761 struct gsm_config c;
2762 struct gsm_mux *gsm = tty->disc_data;
2766 case GSMIOC_GETCONF:
2767 gsm_copy_config_values(gsm, &c);
2768 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
2771 case GSMIOC_SETCONF:
2772 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
2774 return gsm_config(gsm, &c);
2775 case GSMIOC_GETFIRST:
2776 base = mux_num_to_base(gsm);
2777 return put_user(base + 1, (__u32 __user *)arg);
2779 return n_tty_ioctl_helper(tty, file, cmd, arg);
2788 static int gsm_mux_net_open(struct net_device *net)
2790 pr_debug("%s called\n", __func__);
2791 netif_start_queue(net);
2795 static int gsm_mux_net_close(struct net_device *net)
2797 netif_stop_queue(net);
2801 static void dlci_net_free(struct gsm_dlci *dlci)
2807 dlci->adaption = dlci->prev_adaption;
2808 dlci->data = dlci->prev_data;
2809 free_netdev(dlci->net);
2812 static void net_free(struct kref *ref)
2814 struct gsm_mux_net *mux_net;
2815 struct gsm_dlci *dlci;
2817 mux_net = container_of(ref, struct gsm_mux_net, ref);
2818 dlci = mux_net->dlci;
2821 unregister_netdev(dlci->net);
2822 dlci_net_free(dlci);
2826 static inline void muxnet_get(struct gsm_mux_net *mux_net)
2828 kref_get(&mux_net->ref);
2831 static inline void muxnet_put(struct gsm_mux_net *mux_net)
2833 kref_put(&mux_net->ref, net_free);
2836 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
2837 struct net_device *net)
2839 struct gsm_mux_net *mux_net = netdev_priv(net);
2840 struct gsm_dlci *dlci = mux_net->dlci;
2841 muxnet_get(mux_net);
2843 skb_queue_head(&dlci->skb_list, skb);
2844 net->stats.tx_packets++;
2845 net->stats.tx_bytes += skb->len;
2846 gsm_dlci_data_kick(dlci);
2847 /* And tell the kernel when the last transmit started. */
2848 netif_trans_update(net);
2849 muxnet_put(mux_net);
2850 return NETDEV_TX_OK;
2853 /* called when a packet did not ack after watchdogtimeout */
2854 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
2856 /* Tell syslog we are hosed. */
2857 dev_dbg(&net->dev, "Tx timed out.\n");
2859 /* Update statistics */
2860 net->stats.tx_errors++;
2863 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2864 const unsigned char *in_buf, int size)
2866 struct net_device *net = dlci->net;
2867 struct sk_buff *skb;
2868 struct gsm_mux_net *mux_net = netdev_priv(net);
2869 muxnet_get(mux_net);
2871 /* Allocate an sk_buff */
2872 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2874 /* We got no receive buffer. */
2875 net->stats.rx_dropped++;
2876 muxnet_put(mux_net);
2879 skb_reserve(skb, NET_IP_ALIGN);
2880 skb_put_data(skb, in_buf, size);
2883 skb->protocol = htons(ETH_P_IP);
2885 /* Ship it off to the kernel */
2888 /* update out statistics */
2889 net->stats.rx_packets++;
2890 net->stats.rx_bytes += size;
2891 muxnet_put(mux_net);
2895 static void gsm_mux_net_init(struct net_device *net)
2897 static const struct net_device_ops gsm_netdev_ops = {
2898 .ndo_open = gsm_mux_net_open,
2899 .ndo_stop = gsm_mux_net_close,
2900 .ndo_start_xmit = gsm_mux_net_start_xmit,
2901 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2904 net->netdev_ops = &gsm_netdev_ops;
2906 /* fill in the other fields */
2907 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2908 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2909 net->type = ARPHRD_NONE;
2910 net->tx_queue_len = 10;
2914 /* caller holds the dlci mutex */
2915 static void gsm_destroy_network(struct gsm_dlci *dlci)
2917 struct gsm_mux_net *mux_net;
2919 pr_debug("destroy network interface\n");
2922 mux_net = netdev_priv(dlci->net);
2923 muxnet_put(mux_net);
2927 /* caller holds the dlci mutex */
2928 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2932 struct net_device *net;
2933 struct gsm_mux_net *mux_net;
2935 if (!capable(CAP_NET_ADMIN))
2938 /* Already in a non tty mode */
2939 if (dlci->adaption > 2)
2942 if (nc->protocol != htons(ETH_P_IP))
2943 return -EPROTONOSUPPORT;
2945 if (nc->adaption != 3 && nc->adaption != 4)
2946 return -EPROTONOSUPPORT;
2948 pr_debug("create network interface\n");
2951 if (nc->if_name[0] != '\0')
2952 netname = nc->if_name;
2953 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2954 NET_NAME_UNKNOWN, gsm_mux_net_init);
2956 pr_err("alloc_netdev failed\n");
2959 net->mtu = dlci->gsm->mtu;
2961 net->max_mtu = dlci->gsm->mtu;
2962 mux_net = netdev_priv(net);
2963 mux_net->dlci = dlci;
2964 kref_init(&mux_net->ref);
2965 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2967 /* reconfigure dlci for network */
2968 dlci->prev_adaption = dlci->adaption;
2969 dlci->prev_data = dlci->data;
2970 dlci->adaption = nc->adaption;
2971 dlci->data = gsm_mux_rx_netchar;
2974 pr_debug("register netdev\n");
2975 retval = register_netdev(net);
2977 pr_err("network register fail %d\n", retval);
2978 dlci_net_free(dlci);
2981 return net->ifindex; /* return network index */
2984 /* Line discipline for real tty */
2985 static struct tty_ldisc_ops tty_ldisc_packet = {
2986 .owner = THIS_MODULE,
2987 .magic = TTY_LDISC_MAGIC,
2990 .close = gsmld_close,
2991 .flush_buffer = gsmld_flush_buffer,
2993 .write = gsmld_write,
2994 .ioctl = gsmld_ioctl,
2996 .receive_buf = gsmld_receive_buf,
2997 .write_wakeup = gsmld_write_wakeup
3006 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
3009 struct gsm_control *ctrl;
3012 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
3013 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3015 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3018 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3021 return gsm_control_wait(dlci->gsm, ctrl);
3024 static int gsm_carrier_raised(struct tty_port *port)
3026 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3027 struct gsm_mux *gsm = dlci->gsm;
3029 /* Not yet open so no carrier info */
3030 if (dlci->state != DLCI_OPEN)
3036 * Basic mode with control channel in ADM mode may not respond
3037 * to CMD_MSC at all and modem_rx is empty.
3039 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3043 return dlci->modem_rx & TIOCM_CD;
3046 static void gsm_dtr_rts(struct tty_port *port, int onoff)
3048 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3049 unsigned int modem_tx = dlci->modem_tx;
3051 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3053 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3054 if (modem_tx != dlci->modem_tx) {
3055 dlci->modem_tx = modem_tx;
3056 gsmtty_modem_update(dlci, 0);
3060 static const struct tty_port_operations gsm_port_ops = {
3061 .carrier_raised = gsm_carrier_raised,
3062 .dtr_rts = gsm_dtr_rts,
3063 .destruct = gsm_dlci_free,
3066 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3068 struct gsm_mux *gsm;
3069 struct gsm_dlci *dlci;
3070 unsigned int line = tty->index;
3071 unsigned int mux = mux_line_to_num(line);
3079 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3080 if (gsm_mux[mux] == NULL)
3082 if (line == 0 || line > 61) /* 62/63 reserved */
3087 /* If DLCI 0 is not yet fully open return an error.
3088 This is ok from a locking
3089 perspective as we don't have to worry about this
3091 mutex_lock(&gsm->mutex);
3092 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3093 mutex_unlock(&gsm->mutex);
3096 dlci = gsm->dlci[line];
3099 dlci = gsm_dlci_alloc(gsm, line);
3102 mutex_unlock(&gsm->mutex);
3105 ret = tty_port_install(&dlci->port, driver, tty);
3109 mutex_unlock(&gsm->mutex);
3114 dlci_get(gsm->dlci[0]);
3116 tty->driver_data = dlci;
3117 mutex_unlock(&gsm->mutex);
3122 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3124 struct gsm_dlci *dlci = tty->driver_data;
3125 struct tty_port *port = &dlci->port;
3126 struct gsm_mux *gsm = dlci->gsm;
3129 tty_port_tty_set(port, tty);
3132 /* We could in theory open and close before we wait - eg if we get
3133 a DM straight back. This is ok as that will have caused a hangup */
3134 tty_port_set_initialized(port, 1);
3135 /* Start sending off SABM messages */
3137 gsm_dlci_begin_open(dlci);
3139 gsm_dlci_set_opening(dlci);
3140 /* And wait for virtual carrier */
3141 return tty_port_block_til_ready(port, tty, filp);
3144 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3146 struct gsm_dlci *dlci = tty->driver_data;
3150 if (dlci->state == DLCI_CLOSED)
3152 mutex_lock(&dlci->mutex);
3153 gsm_destroy_network(dlci);
3154 mutex_unlock(&dlci->mutex);
3155 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3157 gsm_dlci_begin_close(dlci);
3158 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3159 tty_port_lower_dtr_rts(&dlci->port);
3160 tty_port_close_end(&dlci->port, tty);
3161 tty_port_tty_set(&dlci->port, NULL);
3165 static void gsmtty_hangup(struct tty_struct *tty)
3167 struct gsm_dlci *dlci = tty->driver_data;
3168 if (dlci->state == DLCI_CLOSED)
3170 tty_port_hangup(&dlci->port);
3171 gsm_dlci_begin_close(dlci);
3174 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3178 struct gsm_dlci *dlci = tty->driver_data;
3179 if (dlci->state == DLCI_CLOSED)
3181 /* Stuff the bytes into the fifo queue */
3182 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3183 /* Need to kick the channel */
3184 gsm_dlci_data_kick(dlci);
3188 static int gsmtty_write_room(struct tty_struct *tty)
3190 struct gsm_dlci *dlci = tty->driver_data;
3191 if (dlci->state == DLCI_CLOSED)
3193 return TX_SIZE - kfifo_len(&dlci->fifo);
3196 static int gsmtty_chars_in_buffer(struct tty_struct *tty)
3198 struct gsm_dlci *dlci = tty->driver_data;
3199 if (dlci->state == DLCI_CLOSED)
3201 return kfifo_len(&dlci->fifo);
3204 static void gsmtty_flush_buffer(struct tty_struct *tty)
3206 struct gsm_dlci *dlci = tty->driver_data;
3207 unsigned long flags;
3209 if (dlci->state == DLCI_CLOSED)
3211 /* Caution needed: If we implement reliable transport classes
3212 then the data being transmitted can't simply be junked once
3213 it has first hit the stack. Until then we can just blow it
3215 spin_lock_irqsave(&dlci->lock, flags);
3216 kfifo_reset(&dlci->fifo);
3217 spin_unlock_irqrestore(&dlci->lock, flags);
3218 /* Need to unhook this DLCI from the transmit queue logic */
3221 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3223 /* The FIFO handles the queue so the kernel will do the right
3224 thing waiting on chars_in_buffer before calling us. No work
3228 static int gsmtty_tiocmget(struct tty_struct *tty)
3230 struct gsm_dlci *dlci = tty->driver_data;
3231 if (dlci->state == DLCI_CLOSED)
3233 return dlci->modem_rx;
3236 static int gsmtty_tiocmset(struct tty_struct *tty,
3237 unsigned int set, unsigned int clear)
3239 struct gsm_dlci *dlci = tty->driver_data;
3240 unsigned int modem_tx = dlci->modem_tx;
3242 if (dlci->state == DLCI_CLOSED)
3247 if (modem_tx != dlci->modem_tx) {
3248 dlci->modem_tx = modem_tx;
3249 return gsmtty_modem_update(dlci, 0);
3255 static int gsmtty_ioctl(struct tty_struct *tty,
3256 unsigned int cmd, unsigned long arg)
3258 struct gsm_dlci *dlci = tty->driver_data;
3259 struct gsm_netconfig nc;
3262 if (dlci->state == DLCI_CLOSED)
3265 case GSMIOC_ENABLE_NET:
3266 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3268 nc.if_name[IFNAMSIZ-1] = '\0';
3269 /* return net interface index or error code */
3270 mutex_lock(&dlci->mutex);
3271 index = gsm_create_network(dlci, &nc);
3272 mutex_unlock(&dlci->mutex);
3273 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3276 case GSMIOC_DISABLE_NET:
3277 if (!capable(CAP_NET_ADMIN))
3279 mutex_lock(&dlci->mutex);
3280 gsm_destroy_network(dlci);
3281 mutex_unlock(&dlci->mutex);
3284 return -ENOIOCTLCMD;
3288 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3290 struct gsm_dlci *dlci = tty->driver_data;
3291 if (dlci->state == DLCI_CLOSED)
3293 /* For the moment its fixed. In actual fact the speed information
3294 for the virtual channel can be propogated in both directions by
3295 the RPN control message. This however rapidly gets nasty as we
3296 then have to remap modem signals each way according to whether
3297 our virtual cable is null modem etc .. */
3298 tty_termios_copy_hw(&tty->termios, old);
3301 static void gsmtty_throttle(struct tty_struct *tty)
3303 struct gsm_dlci *dlci = tty->driver_data;
3304 if (dlci->state == DLCI_CLOSED)
3307 dlci->modem_tx &= ~TIOCM_RTS;
3308 dlci->throttled = true;
3309 /* Send an MSC with RTS cleared */
3310 gsmtty_modem_update(dlci, 0);
3313 static void gsmtty_unthrottle(struct tty_struct *tty)
3315 struct gsm_dlci *dlci = tty->driver_data;
3316 if (dlci->state == DLCI_CLOSED)
3319 dlci->modem_tx |= TIOCM_RTS;
3320 dlci->throttled = false;
3321 /* Send an MSC with RTS set */
3322 gsmtty_modem_update(dlci, 0);
3325 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3327 struct gsm_dlci *dlci = tty->driver_data;
3328 int encode = 0; /* Off */
3329 if (dlci->state == DLCI_CLOSED)
3332 if (state == -1) /* "On indefinitely" - we can't encode this
3335 else if (state > 0) {
3336 encode = state / 200; /* mS to encoding */
3338 encode = 0x0F; /* Best effort */
3340 return gsmtty_modem_update(dlci, encode);
3343 static void gsmtty_cleanup(struct tty_struct *tty)
3345 struct gsm_dlci *dlci = tty->driver_data;
3346 struct gsm_mux *gsm = dlci->gsm;
3349 dlci_put(gsm->dlci[0]);
3353 /* Virtual ttys for the demux */
3354 static const struct tty_operations gsmtty_ops = {
3355 .install = gsmtty_install,
3356 .open = gsmtty_open,
3357 .close = gsmtty_close,
3358 .write = gsmtty_write,
3359 .write_room = gsmtty_write_room,
3360 .chars_in_buffer = gsmtty_chars_in_buffer,
3361 .flush_buffer = gsmtty_flush_buffer,
3362 .ioctl = gsmtty_ioctl,
3363 .throttle = gsmtty_throttle,
3364 .unthrottle = gsmtty_unthrottle,
3365 .set_termios = gsmtty_set_termios,
3366 .hangup = gsmtty_hangup,
3367 .wait_until_sent = gsmtty_wait_until_sent,
3368 .tiocmget = gsmtty_tiocmget,
3369 .tiocmset = gsmtty_tiocmset,
3370 .break_ctl = gsmtty_break_ctl,
3371 .cleanup = gsmtty_cleanup,
3376 static int __init gsm_init(void)
3378 /* Fill in our line protocol discipline, and register it */
3379 int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3381 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3386 gsm_tty_driver = alloc_tty_driver(256);
3387 if (!gsm_tty_driver) {
3388 tty_unregister_ldisc(N_GSM0710);
3389 pr_err("gsm_init: tty allocation failed.\n");
3392 gsm_tty_driver->driver_name = "gsmtty";
3393 gsm_tty_driver->name = "gsmtty";
3394 gsm_tty_driver->major = 0; /* Dynamic */
3395 gsm_tty_driver->minor_start = 0;
3396 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3397 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3398 gsm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
3399 | TTY_DRIVER_HARDWARE_BREAK;
3400 gsm_tty_driver->init_termios = tty_std_termios;
3402 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3403 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3405 spin_lock_init(&gsm_mux_lock);
3407 if (tty_register_driver(gsm_tty_driver)) {
3408 put_tty_driver(gsm_tty_driver);
3409 tty_unregister_ldisc(N_GSM0710);
3410 pr_err("gsm_init: tty registration failed.\n");
3413 pr_debug("gsm_init: loaded as %d,%d.\n",
3414 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3418 static void __exit gsm_exit(void)
3420 int status = tty_unregister_ldisc(N_GSM0710);
3422 pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3424 tty_unregister_driver(gsm_tty_driver);
3425 put_tty_driver(gsm_tty_driver);
3428 module_init(gsm_init);
3429 module_exit(gsm_exit);
3432 MODULE_LICENSE("GPL");
3433 MODULE_ALIAS_LDISC(N_GSM0710);
projects / releases.git / blob