1 // SPDX-License-Identifier: GPL-2.0
3 * n_gsm.c GSM 0710 tty multiplexor
4 * Copyright (c) 2009/10 Intel Corporation
6 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
9 * Mostly done: ioctls for setting modes/timing
10 * Partly done: hooks so you can pull off frames to non tty devs
11 * Restart DLCI 0 when it closes ?
12 * Improve the tx engine
13 * Resolve tx side locking by adding a queue_head and routing
14 * all control traffic via it
15 * General tidy/document
16 * Review the locking/move to refcounts more (mux now moved to an
17 * alloc/free model ready)
18 * Use newest tty open/close port helpers and install hooks
19 * What to do about power functions ?
20 * Termios setting and negotiation
21 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
25 #include <linux/types.h>
26 #include <linux/major.h>
27 #include <linux/errno.h>
28 #include <linux/signal.h>
29 #include <linux/fcntl.h>
30 #include <linux/sched/signal.h>
31 #include <linux/interrupt.h>
32 #include <linux/tty.h>
33 #include <linux/ctype.h>
35 #include <linux/string.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/bitops.h>
39 #include <linux/file.h>
40 #include <linux/uaccess.h>
41 #include <linux/module.h>
42 #include <linux/timer.h>
43 #include <linux/tty_flip.h>
44 #include <linux/tty_driver.h>
45 #include <linux/serial.h>
46 #include <linux/kfifo.h>
47 #include <linux/skbuff.h>
50 #include <linux/netdevice.h>
51 #include <linux/etherdevice.h>
52 #include <linux/gsmmux.h>
56 module_param(debug, int, 0600);
58 /* Defaults: these are from the specification */
60 #define T1 10 /* 100mS */
61 #define T2 34 /* 333mS */
62 #define N2 3 /* Retry 3 times */
64 /* Use long timers for testing at low speed with debug on */
71 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
72 * limits so this is plenty
76 /* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
77 #define PROT_OVERHEAD 7
78 #define GSM_NET_TX_TIMEOUT (HZ*10)
81 * struct gsm_mux_net - network interface
83 * Created when net interface is initialized.
87 struct gsm_dlci *dlci;
91 * Each block of data we have queued to go out is in the form of
92 * a gsm_msg which holds everything we need in a link layer independent
97 struct list_head list;
98 u8 addr; /* DLCI address + flags */
99 u8 ctrl; /* Control byte + flags */
100 unsigned int len; /* Length of data block (can be zero) */
101 unsigned char *data; /* Points into buffer but not at the start */
102 unsigned char buffer[];
105 enum gsm_dlci_state {
107 DLCI_OPENING, /* Sending SABM not seen UA */
108 DLCI_OPEN, /* SABM/UA complete */
109 DLCI_CLOSING, /* Sending DISC not seen UA/DM */
113 DLCI_MODE_ABM, /* Normal Asynchronous Balanced Mode */
114 DLCI_MODE_ADM, /* Asynchronous Disconnected Mode */
118 * Each active data link has a gsm_dlci structure associated which ties
119 * the link layer to an optional tty (if the tty side is open). To avoid
120 * complexity right now these are only ever freed up when the mux is
123 * At the moment we don't free DLCI objects until the mux is torn down
124 * this avoid object life time issues but might be worth review later.
130 enum gsm_dlci_state state;
134 enum gsm_dlci_mode mode;
135 spinlock_t lock; /* Protects the internal state */
136 struct timer_list t1; /* Retransmit timer for SABM and UA */
138 /* Uplink tty if active */
139 struct tty_port port; /* The tty bound to this DLCI if there is one */
140 #define TX_SIZE 4096 /* Must be power of 2. */
141 struct kfifo fifo; /* Queue fifo for the DLCI */
142 int adaption; /* Adaption layer in use */
144 u32 modem_rx; /* Our incoming virtual modem lines */
145 u32 modem_tx; /* Our outgoing modem lines */
146 bool dead; /* Refuse re-open */
148 bool throttled; /* Private copy of throttle state */
149 bool constipated; /* Throttle status for outgoing */
151 struct sk_buff *skb; /* Frame being sent */
152 struct sk_buff_head skb_list; /* Queued frames */
153 /* Data handling callback */
154 void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
155 void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
156 struct net_device *net; /* network interface, if created */
159 /* DLCI 0, 62/63 are special or reserved see gsmtty_open */
164 * DLCI 0 is used to pass control blocks out of band of the data
165 * flow (and with a higher link priority). One command can be outstanding
166 * at a time and we use this structure to manage them. They are created
167 * and destroyed by the user context, and updated by the receive paths
172 u8 cmd; /* Command we are issuing */
173 u8 *data; /* Data for the command in case we retransmit */
174 int len; /* Length of block for retransmission */
175 int done; /* Done flag */
176 int error; /* Error if any */
194 * Each GSM mux we have is represented by this structure. If we are
195 * operating as an ldisc then we use this structure as our ldisc
196 * state. We need to sort out lifetimes and locking with respect
197 * to the gsm mux array. For now we don't free DLCI objects that
198 * have been instantiated until the mux itself is terminated.
200 * To consider further: tty open versus mux shutdown.
204 struct tty_struct *tty; /* The tty our ldisc is bound to */
210 /* Events on the GSM channel */
211 wait_queue_head_t event;
213 /* Bits for GSM mode decoding */
217 enum gsm_mux_state state;
219 unsigned int address;
225 u8 *txframe; /* TX framing buffer */
227 /* Method for the receiver side */
228 void (*receive)(struct gsm_mux *gsm, u8 ch);
233 int initiator; /* Did we initiate connection */
234 bool dead; /* Has the mux been shut down */
235 struct gsm_dlci *dlci[NUM_DLCI];
236 int old_c_iflag; /* termios c_iflag value before attach */
237 bool constipated; /* Asked by remote to shut up */
240 unsigned int tx_bytes; /* TX data outstanding */
241 #define TX_THRESH_HI 8192
242 #define TX_THRESH_LO 2048
243 struct list_head tx_list; /* Pending data packets */
245 /* Control messages */
246 struct timer_list t2_timer; /* Retransmit timer for commands */
247 int cretries; /* Command retry counter */
248 struct gsm_control *pending_cmd;/* Our current pending command */
249 spinlock_t control_lock; /* Protects the pending command */
252 int adaption; /* 1 or 2 supported */
253 u8 ftype; /* UI or UIH */
254 int t1, t2; /* Timers in 1/100th of a sec */
255 int n2; /* Retry count */
257 /* Statistics (not currently exposed) */
258 unsigned long bad_fcs;
259 unsigned long malformed;
260 unsigned long io_error;
261 unsigned long bad_size;
262 unsigned long unsupported;
267 * Mux objects - needed so that we can translate a tty index into the
268 * relevant mux and DLCI.
271 #define MAX_MUX 4 /* 256 minors */
272 static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
273 static DEFINE_SPINLOCK(gsm_mux_lock);
275 static struct tty_driver *gsm_tty_driver;
278 * This section of the driver logic implements the GSM encodings
279 * both the basic and the 'advanced'. Reliable transport is not
287 /* I is special: the rest are ..*/
298 /* Channel commands */
300 #define CMD_TEST 0x11
303 #define CMD_FCOFF 0x31
306 #define CMD_FCON 0x51
311 /* Virtual modem bits */
318 #define GSM0_SOF 0xF9
319 #define GSM1_SOF 0x7E
320 #define GSM1_ESCAPE 0x7D
321 #define GSM1_ESCAPE_BITS 0x20
324 #define ISO_IEC_646_MASK 0x7F
326 static const struct tty_port_operations gsm_port_ops;
329 * CRC table for GSM 0710
332 static const u8 gsm_fcs8[256] = {
333 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
334 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
335 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
336 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
337 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
338 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
339 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
340 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
341 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
342 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
343 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
344 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
345 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
346 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
347 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
348 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
349 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
350 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
351 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
352 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
353 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
354 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
355 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
356 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
357 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
358 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
359 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
360 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
361 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
362 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
363 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
364 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
367 #define INIT_FCS 0xFF
368 #define GOOD_FCS 0xCF
370 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
371 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
374 * gsm_fcs_add - update FCS
378 * Update the FCS to include c. Uses the algorithm in the specification
382 static inline u8 gsm_fcs_add(u8 fcs, u8 c)
384 return gsm_fcs8[fcs ^ c];
388 * gsm_fcs_add_block - update FCS for a block
391 * @len: length of buffer
393 * Update the FCS to include c. Uses the algorithm in the specification
397 static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
400 fcs = gsm_fcs8[fcs ^ *c++];
405 * gsm_read_ea - read a byte into an EA
406 * @val: variable holding value
407 * @c: byte going into the EA
409 * Processes one byte of an EA. Updates the passed variable
410 * and returns 1 if the EA is now completely read
413 static int gsm_read_ea(unsigned int *val, u8 c)
415 /* Add the next 7 bits into the value */
418 /* Was this the last byte of the EA 1 = yes*/
423 * gsm_encode_modem - encode modem data bits
424 * @dlci: DLCI to encode from
426 * Returns the correct GSM encoded modem status bits (6 bit field) for
427 * the current status of the DLCI and attached tty object
430 static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
433 /* FC is true flow control not modem bits */
436 if (dlci->modem_tx & TIOCM_DTR)
437 modembits |= MDM_RTC;
438 if (dlci->modem_tx & TIOCM_RTS)
439 modembits |= MDM_RTR;
440 if (dlci->modem_tx & TIOCM_RI)
442 if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
447 static void gsm_hex_dump_bytes(const char *fname, const u8 *data,
453 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, data, len,
458 prefix = kasprintf(GFP_ATOMIC, "%s: ", fname);
461 print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len,
467 * gsm_print_packet - display a frame for debug
468 * @hdr: header to print before decode
469 * @addr: address EA from the frame
470 * @cr: C/R bit seen as initiator
471 * @control: control including PF bit
472 * @data: following data bytes
473 * @dlen: length of data
475 * Displays a packet in human readable format for debugging purposes. The
476 * style is based on amateur radio LAP-B dump display.
479 static void gsm_print_packet(const char *hdr, int addr, int cr,
480 u8 control, const u8 *data, int dlen)
485 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
487 switch (control & ~PF) {
507 if (!(control & 0x01)) {
508 pr_cont("I N(S)%d N(R)%d",
509 (control & 0x0E) >> 1, (control & 0xE0) >> 5);
510 } else switch (control & 0x0F) {
512 pr_cont("RR(%d)", (control & 0xE0) >> 5);
515 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
518 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
521 pr_cont("[%02X]", control);
530 gsm_hex_dump_bytes(NULL, data, dlen);
535 * Link level transmission side
539 * gsm_stuff_frame - bytestuff a packet
540 * @input: input buffer
541 * @output: output buffer
542 * @len: length of input
544 * Expand a buffer by bytestuffing it. The worst case size change
545 * is doubling and the caller is responsible for handing out
546 * suitable sized buffers.
549 static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
553 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
554 || (*input & ISO_IEC_646_MASK) == XON
555 || (*input & ISO_IEC_646_MASK) == XOFF) {
556 *output++ = GSM1_ESCAPE;
557 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
560 *output++ = *input++;
567 * gsm_send - send a control frame
569 * @addr: address for control frame
570 * @cr: command/response bit seen as initiator
571 * @control: control byte including PF bit
573 * Format up and transmit a control frame. These do not go via the
574 * queueing logic as they should be transmitted ahead of data when
577 * FIXME: Lock versus data TX path
580 static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
587 /* toggle C/R coding if not initiator */
588 ocr = cr ^ (gsm->initiator ? 0 : 1);
590 switch (gsm->encoding) {
593 cbuf[1] = (addr << 2) | (ocr << 1) | EA;
595 cbuf[3] = EA; /* Length of data = 0 */
596 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
602 /* Control frame + packing (but not frame stuffing) in mode 1 */
603 ibuf[0] = (addr << 2) | (ocr << 1) | EA;
605 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
606 /* Stuffing may double the size worst case */
607 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
608 /* Now add the SOF markers */
610 cbuf[len + 1] = GSM1_SOF;
611 /* FIXME: we can omit the lead one in many cases */
618 gsmld_output(gsm, cbuf, len);
619 if (!gsm->initiator) {
620 cr = cr & gsm->initiator;
621 control = control & ~PF;
623 gsm_print_packet("-->", addr, cr, control, NULL, 0);
627 * gsm_response - send a control response
629 * @addr: address for control frame
630 * @control: control byte including PF bit
632 * Format up and transmit a link level response frame.
635 static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
637 gsm_send(gsm, addr, 0, control);
641 * gsm_command - send a control command
643 * @addr: address for control frame
644 * @control: control byte including PF bit
646 * Format up and transmit a link level command frame.
649 static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
651 gsm_send(gsm, addr, 1, control);
654 /* Data transmission */
656 #define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
659 * gsm_data_alloc - allocate data frame
661 * @addr: DLCI address
662 * @len: length excluding header and FCS
663 * @ctrl: control byte
665 * Allocate a new data buffer for sending frames with data. Space is left
666 * at the front for header bytes but that is treated as an implementation
667 * detail and not for the high level code to use
670 static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
673 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
677 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
681 INIT_LIST_HEAD(&m->list);
686 * gsm_data_kick - poke the queue
688 * @dlci: DLCI sending the data
690 * The tty device has called us to indicate that room has appeared in
691 * the transmit queue. Ram more data into the pipe if we have any
692 * If we have been flow-stopped by a CMD_FCOFF, then we can only
693 * send messages on DLCI0 until CMD_FCON
695 * FIXME: lock against link layer control transmissions
698 static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
700 struct gsm_msg *msg, *nmsg;
703 list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
704 if (gsm->constipated && msg->addr)
706 if (gsm->encoding != 0) {
707 gsm->txframe[0] = GSM1_SOF;
708 len = gsm_stuff_frame(msg->data,
709 gsm->txframe + 1, msg->len);
710 gsm->txframe[len + 1] = GSM1_SOF;
713 gsm->txframe[0] = GSM0_SOF;
714 memcpy(gsm->txframe + 1 , msg->data, msg->len);
715 gsm->txframe[msg->len + 1] = GSM0_SOF;
720 gsm_hex_dump_bytes(__func__, gsm->txframe, len);
721 if (gsmld_output(gsm, gsm->txframe, len) <= 0)
723 /* FIXME: Can eliminate one SOF in many more cases */
724 gsm->tx_bytes -= msg->len;
726 list_del(&msg->list);
730 tty_port_tty_wakeup(&dlci->port);
734 for (i = 0; i < NUM_DLCI; i++)
736 tty_port_tty_wakeup(&gsm->dlci[i]->port);
742 * __gsm_data_queue - queue a UI or UIH frame
743 * @dlci: DLCI sending the data
744 * @msg: message queued
746 * Add data to the transmit queue and try and get stuff moving
747 * out of the mux tty if not already doing so. The Caller must hold
751 static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
753 struct gsm_mux *gsm = dlci->gsm;
755 u8 *fcs = dp + msg->len;
757 /* Fill in the header */
758 if (gsm->encoding == 0) {
760 *--dp = (msg->len << 1) | EA;
762 *--dp = (msg->len >> 7); /* bits 7 - 15 */
763 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
769 *--dp = (msg->addr << 2) | CR | EA;
771 *--dp = (msg->addr << 2) | EA;
772 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
773 /* Ugly protocol layering violation */
774 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
775 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
778 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
779 msg->data, msg->len);
781 /* Move the header back and adjust the length, also allow for the FCS
782 now tacked on the end */
783 msg->len += (msg->data - dp) + 1;
786 /* Add to the actual output queue */
787 list_add_tail(&msg->list, &gsm->tx_list);
788 gsm->tx_bytes += msg->len;
789 gsm_data_kick(gsm, dlci);
793 * gsm_data_queue - queue a UI or UIH frame
794 * @dlci: DLCI sending the data
795 * @msg: message queued
797 * Add data to the transmit queue and try and get stuff moving
798 * out of the mux tty if not already doing so. Take the
799 * the gsm tx lock and dlci lock.
802 static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
805 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
806 __gsm_data_queue(dlci, msg);
807 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
811 * gsm_dlci_data_output - try and push data out of a DLCI
813 * @dlci: the DLCI to pull data from
815 * Pull data from a DLCI and send it into the transmit queue if there
816 * is data. Keep to the MRU of the mux. This path handles the usual tty
817 * interface which is a byte stream with optional modem data.
819 * Caller must hold the tx_lock of the mux.
822 static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
826 int len, total_size, size;
827 int h = dlci->adaption - 1;
831 len = kfifo_len(&dlci->fifo);
835 /* MTU/MRU count only the data bits */
841 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
842 /* FIXME: need a timer or something to kick this so it can't
843 get stuck with no work outstanding and no buffer free */
847 switch (dlci->adaption) {
848 case 1: /* Unstructured */
850 case 2: /* Unstructed with modem bits.
851 Always one byte as we never send inline break data */
852 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
855 WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len);
856 __gsm_data_queue(dlci, msg);
859 /* Bytes of data we used up */
864 * gsm_dlci_data_output_framed - try and push data out of a DLCI
866 * @dlci: the DLCI to pull data from
868 * Pull data from a DLCI and send it into the transmit queue if there
869 * is data. Keep to the MRU of the mux. This path handles framed data
870 * queued as skbuffs to the DLCI.
872 * Caller must hold the tx_lock of the mux.
875 static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
876 struct gsm_dlci *dlci)
881 int last = 0, first = 0;
884 /* One byte per frame is used for B/F flags */
885 if (dlci->adaption == 4)
888 /* dlci->skb is locked by tx_lock */
889 if (dlci->skb == NULL) {
890 dlci->skb = skb_dequeue_tail(&dlci->skb_list);
891 if (dlci->skb == NULL)
895 len = dlci->skb->len + overhead;
897 /* MTU/MRU count only the data bits */
898 if (len > gsm->mtu) {
899 if (dlci->adaption == 3) {
900 /* Over long frame, bin it */
901 dev_kfree_skb_any(dlci->skb);
909 size = len + overhead;
910 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
912 /* FIXME: need a timer or something to kick this so it can't
913 get stuck with no work outstanding and no buffer free */
915 skb_queue_tail(&dlci->skb_list, dlci->skb);
921 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
922 /* Flag byte to carry the start/end info */
923 *dp++ = last << 7 | first << 6 | 1; /* EA */
926 memcpy(dp, dlci->skb->data, len);
927 skb_pull(dlci->skb, len);
928 __gsm_data_queue(dlci, msg);
930 dev_kfree_skb_any(dlci->skb);
937 * gsm_dlci_modem_output - try and push modem status out of a DLCI
939 * @dlci: the DLCI to pull modem status from
942 * Push an empty frame in to the transmit queue to update the modem status
943 * bits and to transmit an optional break.
945 * Caller must hold the tx_lock of the mux.
948 static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
955 /* for modem bits without break data */
956 switch (dlci->adaption) {
957 case 1: /* Unstructured */
959 case 2: /* Unstructured with modem bits. */
965 pr_err("%s: unsupported adaption %d\n", __func__,
970 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
972 pr_err("%s: gsm_data_alloc error", __func__);
976 switch (dlci->adaption) {
977 case 1: /* Unstructured */
979 case 2: /* Unstructured with modem bits. */
981 *dp++ = (gsm_encode_modem(dlci) << 1) | EA;
983 *dp++ = gsm_encode_modem(dlci) << 1;
984 *dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
992 __gsm_data_queue(dlci, msg);
997 * gsm_dlci_data_sweep - look for data to send
1000 * Sweep the GSM mux channels in priority order looking for ones with
1001 * data to send. We could do with optimising this scan a bit. We aim
1002 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
1003 * TX_THRESH_LO we get called again
1005 * FIXME: We should round robin between groups and in theory you can
1006 * renegotiate DLCI priorities with optional stuff. Needs optimising.
1009 static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
1012 /* Priority ordering: We should do priority with RR of the groups */
1015 while (i < NUM_DLCI) {
1016 struct gsm_dlci *dlci;
1018 if (gsm->tx_bytes > TX_THRESH_HI)
1020 dlci = gsm->dlci[i];
1021 if (dlci == NULL || dlci->constipated) {
1025 if (dlci->adaption < 3 && !dlci->net)
1026 len = gsm_dlci_data_output(gsm, dlci);
1028 len = gsm_dlci_data_output_framed(gsm, dlci);
1031 /* DLCI empty - try the next */
1038 * gsm_dlci_data_kick - transmit if possible
1039 * @dlci: DLCI to kick
1041 * Transmit data from this DLCI if the queue is empty. We can't rely on
1042 * a tty wakeup except when we filled the pipe so we need to fire off
1043 * new data ourselves in other cases.
1046 static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1048 unsigned long flags;
1051 if (dlci->constipated)
1054 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1055 /* If we have nothing running then we need to fire up */
1056 sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1057 if (dlci->gsm->tx_bytes == 0) {
1059 gsm_dlci_data_output_framed(dlci->gsm, dlci);
1061 gsm_dlci_data_output(dlci->gsm, dlci);
1064 gsm_dlci_data_sweep(dlci->gsm);
1065 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1069 * Control message processing
1074 * gsm_control_reply - send a response frame to a control
1076 * @cmd: the command to use
1077 * @data: data to follow encoded info
1078 * @dlen: length of data
1080 * Encode up and queue a UI/UIH frame containing our response.
1083 static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1086 struct gsm_msg *msg;
1087 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1090 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
1091 msg->data[1] = (dlen << 1) | EA;
1092 memcpy(msg->data + 2, data, dlen);
1093 gsm_data_queue(gsm->dlci[0], msg);
1097 * gsm_process_modem - process received modem status
1098 * @tty: virtual tty bound to the DLCI
1099 * @dlci: DLCI to affect
1100 * @modem: modem bits (full EA)
1101 * @slen: number of signal octets
1103 * Used when a modem control message or line state inline in adaption
1104 * layer 2 is processed. Sort out the local modem state and throttles
1107 static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1108 u32 modem, int slen)
1114 /* The modem status command can either contain one octet (V.24 signals)
1115 * or two octets (V.24 signals + break signals). This is specified in
1116 * section 5.4.6.3.7 of the 07.10 mux spec.
1120 modem = modem & 0x7f;
1123 modem = (modem >> 7) & 0x7f;
1126 /* Flow control/ready to communicate */
1127 fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1128 if (fc && !dlci->constipated) {
1129 /* Need to throttle our output on this device */
1130 dlci->constipated = true;
1131 } else if (!fc && dlci->constipated) {
1132 dlci->constipated = false;
1133 gsm_dlci_data_kick(dlci);
1136 /* Map modem bits */
1137 if (modem & MDM_RTC)
1138 mlines |= TIOCM_DSR | TIOCM_DTR;
1139 if (modem & MDM_RTR)
1140 mlines |= TIOCM_RTS | TIOCM_CTS;
1146 /* Carrier drop -> hangup */
1148 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1153 tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1154 dlci->modem_rx = mlines;
1158 * gsm_control_modem - modem status received
1160 * @data: data following command
1161 * @clen: command length
1163 * We have received a modem status control message. This is used by
1164 * the GSM mux protocol to pass virtual modem line status and optionally
1165 * to indicate break signals. Unpack it, convert to Linux representation
1166 * and if need be stuff a break message down the tty.
1169 static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1171 unsigned int addr = 0;
1172 unsigned int modem = 0;
1173 struct gsm_dlci *dlci;
1176 const u8 *dp = data;
1177 struct tty_struct *tty;
1179 while (gsm_read_ea(&addr, *dp++) == 0) {
1184 /* Must be at least one byte following the EA */
1190 /* Closed port, or invalid ? */
1191 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1193 dlci = gsm->dlci[addr];
1196 while (gsm_read_ea(&modem, *dp++) == 0) {
1202 tty = tty_port_tty_get(&dlci->port);
1203 gsm_process_modem(tty, dlci, modem, slen - len);
1208 gsm_control_reply(gsm, CMD_MSC, data, clen);
1212 * gsm_control_rls - remote line status
1215 * @clen: data length
1217 * The modem sends us a two byte message on the control channel whenever
1218 * it wishes to send us an error state from the virtual link. Stuff
1219 * this into the uplink tty if present
1222 static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1224 struct tty_port *port;
1225 unsigned int addr = 0;
1228 const u8 *dp = data;
1230 while (gsm_read_ea(&addr, *dp++) == 0) {
1235 /* Must be at least one byte following ea */
1240 /* Closed port, or invalid ? */
1241 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1245 if ((bits & 1) == 0)
1248 port = &gsm->dlci[addr]->port;
1251 tty_insert_flip_char(port, 0, TTY_OVERRUN);
1253 tty_insert_flip_char(port, 0, TTY_PARITY);
1255 tty_insert_flip_char(port, 0, TTY_FRAME);
1257 tty_flip_buffer_push(port);
1259 gsm_control_reply(gsm, CMD_RLS, data, clen);
1262 static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1265 * gsm_control_message - DLCI 0 control processing
1267 * @command: the command EA
1268 * @data: data beyond the command/length EAs
1271 * Input processor for control messages from the other end of the link.
1272 * Processes the incoming request and queues a response frame or an
1273 * NSC response if not supported
1276 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1277 const u8 *data, int clen)
1280 unsigned long flags;
1284 struct gsm_dlci *dlci = gsm->dlci[0];
1285 /* Modem wishes to close down */
1289 gsm_dlci_begin_close(dlci);
1294 /* Modem wishes to test, reply with the data */
1295 gsm_control_reply(gsm, CMD_TEST, data, clen);
1298 /* Modem can accept data again */
1299 gsm->constipated = false;
1300 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1301 /* Kick the link in case it is idling */
1302 spin_lock_irqsave(&gsm->tx_lock, flags);
1303 gsm_data_kick(gsm, NULL);
1304 spin_unlock_irqrestore(&gsm->tx_lock, flags);
1307 /* Modem wants us to STFU */
1308 gsm->constipated = true;
1309 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1312 /* Out of band modem line change indicator for a DLCI */
1313 gsm_control_modem(gsm, data, clen);
1316 /* Out of band error reception for a DLCI */
1317 gsm_control_rls(gsm, data, clen);
1320 /* Modem wishes to enter power saving state */
1321 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1323 /* Optional unsupported commands */
1324 case CMD_PN: /* Parameter negotiation */
1325 case CMD_RPN: /* Remote port negotiation */
1326 case CMD_SNC: /* Service negotiation command */
1328 /* Reply to bad commands with an NSC */
1330 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1336 * gsm_control_response - process a response to our control
1338 * @command: the command (response) EA
1339 * @data: data beyond the command/length EA
1342 * Process a response to an outstanding command. We only allow a single
1343 * control message in flight so this is fairly easy. All the clean up
1344 * is done by the caller, we just update the fields, flag it as done
1348 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1349 const u8 *data, int clen)
1351 struct gsm_control *ctrl;
1352 unsigned long flags;
1354 spin_lock_irqsave(&gsm->control_lock, flags);
1356 ctrl = gsm->pending_cmd;
1357 /* Does the reply match our command */
1359 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1360 /* Our command was replied to, kill the retry timer */
1361 del_timer(&gsm->t2_timer);
1362 gsm->pending_cmd = NULL;
1363 /* Rejected by the other end */
1364 if (command == CMD_NSC)
1365 ctrl->error = -EOPNOTSUPP;
1367 wake_up(&gsm->event);
1369 spin_unlock_irqrestore(&gsm->control_lock, flags);
1373 * gsm_control_transmit - send control packet
1375 * @ctrl: frame to send
1377 * Send out a pending control command (called under control lock)
1380 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1382 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1385 msg->data[0] = (ctrl->cmd << 1) | CR | EA; /* command */
1386 msg->data[1] = (ctrl->len << 1) | EA;
1387 memcpy(msg->data + 2, ctrl->data, ctrl->len);
1388 gsm_data_queue(gsm->dlci[0], msg);
1392 * gsm_control_retransmit - retransmit a control frame
1393 * @t: timer contained in our gsm object
1395 * Called off the T2 timer expiry in order to retransmit control frames
1396 * that have been lost in the system somewhere. The control_lock protects
1397 * us from colliding with another sender or a receive completion event.
1398 * In that situation the timer may still occur in a small window but
1399 * gsm->pending_cmd will be NULL and we just let the timer expire.
1402 static void gsm_control_retransmit(struct timer_list *t)
1404 struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1405 struct gsm_control *ctrl;
1406 unsigned long flags;
1407 spin_lock_irqsave(&gsm->control_lock, flags);
1408 ctrl = gsm->pending_cmd;
1410 if (gsm->cretries == 0) {
1411 gsm->pending_cmd = NULL;
1412 ctrl->error = -ETIMEDOUT;
1414 spin_unlock_irqrestore(&gsm->control_lock, flags);
1415 wake_up(&gsm->event);
1419 gsm_control_transmit(gsm, ctrl);
1420 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1422 spin_unlock_irqrestore(&gsm->control_lock, flags);
1426 * gsm_control_send - send a control frame on DLCI 0
1427 * @gsm: the GSM channel
1428 * @command: command to send including CR bit
1429 * @data: bytes of data (must be kmalloced)
1430 * @clen: length of the block to send
1432 * Queue and dispatch a control command. Only one command can be
1433 * active at a time. In theory more can be outstanding but the matching
1434 * gets really complicated so for now stick to one outstanding.
1437 static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1438 unsigned int command, u8 *data, int clen)
1440 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1442 unsigned long flags;
1446 wait_event(gsm->event, gsm->pending_cmd == NULL);
1447 spin_lock_irqsave(&gsm->control_lock, flags);
1448 if (gsm->pending_cmd != NULL) {
1449 spin_unlock_irqrestore(&gsm->control_lock, flags);
1452 ctrl->cmd = command;
1455 gsm->pending_cmd = ctrl;
1457 /* If DLCI0 is in ADM mode skip retries, it won't respond */
1458 if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1461 gsm->cretries = gsm->n2;
1463 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1464 gsm_control_transmit(gsm, ctrl);
1465 spin_unlock_irqrestore(&gsm->control_lock, flags);
1470 * gsm_control_wait - wait for a control to finish
1472 * @control: control we are waiting on
1474 * Waits for the control to complete or time out. Frees any used
1475 * resources and returns 0 for success, or an error if the remote
1476 * rejected or ignored the request.
1479 static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1482 wait_event(gsm->event, control->done == 1);
1483 err = control->error;
1490 * DLCI level handling: Needs krefs
1494 * State transitions and timers
1498 * gsm_dlci_close - a DLCI has closed
1499 * @dlci: DLCI that closed
1501 * Perform processing when moving a DLCI into closed state. If there
1502 * is an attached tty this is hung up
1505 static void gsm_dlci_close(struct gsm_dlci *dlci)
1507 unsigned long flags;
1509 del_timer(&dlci->t1);
1511 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1512 dlci->state = DLCI_CLOSED;
1513 if (dlci->addr != 0) {
1514 tty_port_tty_hangup(&dlci->port, false);
1515 spin_lock_irqsave(&dlci->lock, flags);
1516 kfifo_reset(&dlci->fifo);
1517 spin_unlock_irqrestore(&dlci->lock, flags);
1518 /* Ensure that gsmtty_open() can return. */
1519 tty_port_set_initialized(&dlci->port, 0);
1520 wake_up_interruptible(&dlci->port.open_wait);
1522 dlci->gsm->dead = true;
1523 wake_up(&dlci->gsm->event);
1524 /* A DLCI 0 close is a MUX termination so we need to kick that
1525 back to userspace somehow */
1529 * gsm_dlci_open - a DLCI has opened
1530 * @dlci: DLCI that opened
1532 * Perform processing when moving a DLCI into open state.
1535 static void gsm_dlci_open(struct gsm_dlci *dlci)
1537 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1539 del_timer(&dlci->t1);
1540 /* This will let a tty open continue */
1541 dlci->state = DLCI_OPEN;
1543 pr_debug("DLCI %d goes open.\n", dlci->addr);
1544 /* Send current modem state */
1546 gsm_modem_update(dlci, 0);
1547 wake_up(&dlci->gsm->event);
1551 * gsm_dlci_t1 - T1 timer expiry
1552 * @t: timer contained in the DLCI that opened
1554 * The T1 timer handles retransmits of control frames (essentially of
1555 * SABM and DISC). We resend the command until the retry count runs out
1556 * in which case an opening port goes back to closed and a closing port
1557 * is simply put into closed state (any further frames from the other
1558 * end will get a DM response)
1560 * Some control dlci can stay in ADM mode with other dlci working just
1561 * fine. In that case we can just keep the control dlci open after the
1562 * DLCI_OPENING retries time out.
1565 static void gsm_dlci_t1(struct timer_list *t)
1567 struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1568 struct gsm_mux *gsm = dlci->gsm;
1570 switch (dlci->state) {
1573 if (dlci->retries) {
1574 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1575 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1576 } else if (!dlci->addr && gsm->control == (DM | PF)) {
1578 pr_info("DLCI %d opening in ADM mode.\n",
1580 dlci->mode = DLCI_MODE_ADM;
1581 gsm_dlci_open(dlci);
1583 gsm_dlci_begin_close(dlci); /* prevent half open link */
1589 if (dlci->retries) {
1590 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1591 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1593 gsm_dlci_close(dlci);
1596 pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1602 * gsm_dlci_begin_open - start channel open procedure
1603 * @dlci: DLCI to open
1605 * Commence opening a DLCI from the Linux side. We issue SABM messages
1606 * to the modem which should then reply with a UA or ADM, at which point
1607 * we will move into open state. Opening is done asynchronously with retry
1608 * running off timers and the responses.
1611 static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1613 struct gsm_mux *gsm = dlci->gsm;
1614 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1616 dlci->retries = gsm->n2;
1617 dlci->state = DLCI_OPENING;
1618 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1619 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1623 * gsm_dlci_begin_close - start channel open procedure
1624 * @dlci: DLCI to open
1626 * Commence closing a DLCI from the Linux side. We issue DISC messages
1627 * to the modem which should then reply with a UA, at which point we
1628 * will move into closed state. Closing is done asynchronously with retry
1629 * off timers. We may also receive a DM reply from the other end which
1630 * indicates the channel was already closed.
1633 static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1635 struct gsm_mux *gsm = dlci->gsm;
1636 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1638 dlci->retries = gsm->n2;
1639 dlci->state = DLCI_CLOSING;
1640 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1641 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1645 * gsm_dlci_data - data arrived
1647 * @data: block of bytes received
1648 * @clen: length of received block
1650 * A UI or UIH frame has arrived which contains data for a channel
1651 * other than the control channel. If the relevant virtual tty is
1652 * open we shovel the bits down it, if not we drop them.
1655 static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1658 struct tty_port *port = &dlci->port;
1659 struct tty_struct *tty;
1660 unsigned int modem = 0;
1665 pr_debug("%d bytes for tty\n", len);
1666 switch (dlci->adaption) {
1667 /* Unsupported types */
1668 case 4: /* Packetised interruptible data */
1670 case 3: /* Packetised uininterruptible voice/data */
1672 case 2: /* Asynchronous serial with line state in each frame */
1673 while (gsm_read_ea(&modem, *data++) == 0) {
1681 tty = tty_port_tty_get(port);
1683 gsm_process_modem(tty, dlci, modem, slen);
1688 case 1: /* Line state will go via DLCI 0 controls only */
1690 tty_insert_flip_string(port, data, len);
1691 tty_flip_buffer_push(port);
1696 * gsm_dlci_command - data arrived on control channel
1698 * @data: block of bytes received
1699 * @len: length of received block
1701 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1702 * control channel. This should contain a command EA followed by
1703 * control data bytes. The command EA contains a command/response bit
1704 * and we divide up the work accordingly.
1707 static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1709 /* See what command is involved */
1710 unsigned int command = 0;
1712 if (gsm_read_ea(&command, *data++) == 1) {
1715 /* FIXME: this is properly an EA */
1717 /* Malformed command ? */
1721 gsm_control_message(dlci->gsm, command,
1724 gsm_control_response(dlci->gsm, command,
1732 * Allocate/Free DLCI channels
1736 * gsm_dlci_alloc - allocate a DLCI
1738 * @addr: address of the DLCI
1740 * Allocate and install a new DLCI object into the GSM mux.
1742 * FIXME: review locking races
1745 static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1747 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1750 spin_lock_init(&dlci->lock);
1751 mutex_init(&dlci->mutex);
1752 if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
1757 skb_queue_head_init(&dlci->skb_list);
1758 timer_setup(&dlci->t1, gsm_dlci_t1, 0);
1759 tty_port_init(&dlci->port);
1760 dlci->port.ops = &gsm_port_ops;
1763 dlci->adaption = gsm->adaption;
1764 dlci->state = DLCI_CLOSED;
1766 dlci->data = gsm_dlci_data;
1768 dlci->data = gsm_dlci_command;
1769 gsm->dlci[addr] = dlci;
1774 * gsm_dlci_free - free DLCI
1775 * @port: tty port for DLCI to free
1781 static void gsm_dlci_free(struct tty_port *port)
1783 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1785 del_timer_sync(&dlci->t1);
1786 dlci->gsm->dlci[dlci->addr] = NULL;
1787 kfifo_free(&dlci->fifo);
1788 while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1789 dev_kfree_skb(dlci->skb);
1793 static inline void dlci_get(struct gsm_dlci *dlci)
1795 tty_port_get(&dlci->port);
1798 static inline void dlci_put(struct gsm_dlci *dlci)
1800 tty_port_put(&dlci->port);
1803 static void gsm_destroy_network(struct gsm_dlci *dlci);
1806 * gsm_dlci_release - release DLCI
1807 * @dlci: DLCI to destroy
1809 * Release a DLCI. Actual free is deferred until either
1810 * mux is closed or tty is closed - whichever is last.
1814 static void gsm_dlci_release(struct gsm_dlci *dlci)
1816 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1818 mutex_lock(&dlci->mutex);
1819 gsm_destroy_network(dlci);
1820 mutex_unlock(&dlci->mutex);
1822 /* We cannot use tty_hangup() because in tty_kref_put() the tty
1823 * driver assumes that the hangup queue is free and reuses it to
1824 * queue release_one_tty() -> NULL pointer panic in
1825 * process_one_work().
1829 tty_port_tty_set(&dlci->port, NULL);
1832 dlci->state = DLCI_CLOSED;
1837 * LAPBish link layer logic
1841 * gsm_queue - a GSM frame is ready to process
1842 * @gsm: pointer to our gsm mux
1844 * At this point in time a frame has arrived and been demangled from
1845 * the line encoding. All the differences between the encodings have
1846 * been handled below us and the frame is unpacked into the structures.
1847 * The fcs holds the header FCS but any data FCS must be added here.
1850 static void gsm_queue(struct gsm_mux *gsm)
1852 struct gsm_dlci *dlci;
1856 if (gsm->fcs != GOOD_FCS) {
1859 pr_debug("BAD FCS %02x\n", gsm->fcs);
1862 address = gsm->address >> 1;
1863 if (address >= NUM_DLCI)
1866 cr = gsm->address & 1; /* C/R bit */
1867 cr ^= gsm->initiator ? 0 : 1; /* Flip so 1 always means command */
1869 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1871 dlci = gsm->dlci[address];
1873 switch (gsm->control) {
1878 dlci = gsm_dlci_alloc(gsm, address);
1882 gsm_response(gsm, address, DM|PF);
1884 gsm_response(gsm, address, UA|PF);
1885 gsm_dlci_open(dlci);
1891 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1892 gsm_response(gsm, address, DM|PF);
1895 /* Real close complete */
1896 gsm_response(gsm, address, UA|PF);
1897 gsm_dlci_close(dlci);
1900 if (cr == 0 || dlci == NULL)
1902 switch (dlci->state) {
1904 gsm_dlci_close(dlci);
1907 gsm_dlci_open(dlci);
1910 pr_debug("%s: unhandled state: %d\n", __func__,
1915 case DM: /* DM can be valid unsolicited */
1921 gsm_dlci_close(dlci);
1927 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1928 gsm_command(gsm, address, DM|PF);
1931 dlci->data(dlci, gsm->buf, gsm->len);
1944 * gsm0_receive - perform processing for non-transparency
1945 * @gsm: gsm data for this ldisc instance
1948 * Receive bytes in gsm mode 0
1951 static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1955 switch (gsm->state) {
1956 case GSM_SEARCH: /* SOF marker */
1957 if (c == GSM0_SOF) {
1958 gsm->state = GSM_ADDRESS;
1961 gsm->fcs = INIT_FCS;
1964 case GSM_ADDRESS: /* Address EA */
1965 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1966 if (gsm_read_ea(&gsm->address, c))
1967 gsm->state = GSM_CONTROL;
1969 case GSM_CONTROL: /* Control Byte */
1970 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1972 gsm->state = GSM_LEN0;
1974 case GSM_LEN0: /* Length EA */
1975 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1976 if (gsm_read_ea(&gsm->len, c)) {
1977 if (gsm->len > gsm->mru) {
1979 gsm->state = GSM_SEARCH;
1984 gsm->state = GSM_FCS;
1986 gsm->state = GSM_DATA;
1989 gsm->state = GSM_LEN1;
1992 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1994 gsm->len |= len << 7;
1995 if (gsm->len > gsm->mru) {
1997 gsm->state = GSM_SEARCH;
2002 gsm->state = GSM_FCS;
2004 gsm->state = GSM_DATA;
2006 case GSM_DATA: /* Data */
2007 gsm->buf[gsm->count++] = c;
2008 if (gsm->count == gsm->len) {
2009 /* Calculate final FCS for UI frames over all data */
2010 if ((gsm->control & ~PF) != UIH) {
2011 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2014 gsm->state = GSM_FCS;
2017 case GSM_FCS: /* FCS follows the packet */
2018 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2019 gsm->state = GSM_SSOF;
2022 gsm->state = GSM_SEARCH;
2029 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2035 * gsm1_receive - perform processing for non-transparency
2036 * @gsm: gsm data for this ldisc instance
2039 * Receive bytes in mode 1 (Advanced option)
2042 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2044 /* handle XON/XOFF */
2045 if ((c & ISO_IEC_646_MASK) == XON) {
2046 gsm->constipated = true;
2048 } else if ((c & ISO_IEC_646_MASK) == XOFF) {
2049 gsm->constipated = false;
2050 /* Kick the link in case it is idling */
2051 gsm_data_kick(gsm, NULL);
2054 if (c == GSM1_SOF) {
2055 /* EOF is only valid in frame if we have got to the data state */
2056 if (gsm->state == GSM_DATA) {
2057 if (gsm->count < 1) {
2060 gsm->state = GSM_START;
2063 /* Remove the FCS from data */
2065 if ((gsm->control & ~PF) != UIH) {
2066 /* Calculate final FCS for UI frames over all
2069 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2072 /* Add the FCS itself to test against GOOD_FCS */
2073 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2074 gsm->len = gsm->count;
2076 gsm->state = GSM_START;
2079 /* Any partial frame was a runt so go back to start */
2080 if (gsm->state != GSM_START) {
2081 if (gsm->state != GSM_SEARCH)
2083 gsm->state = GSM_START;
2085 /* A SOF in GSM_START means we are still reading idling or
2090 if (c == GSM1_ESCAPE) {
2095 /* Only an unescaped SOF gets us out of GSM search */
2096 if (gsm->state == GSM_SEARCH)
2100 c ^= GSM1_ESCAPE_BITS;
2101 gsm->escape = false;
2103 switch (gsm->state) {
2104 case GSM_START: /* First byte after SOF */
2106 gsm->state = GSM_ADDRESS;
2107 gsm->fcs = INIT_FCS;
2109 case GSM_ADDRESS: /* Address continuation */
2110 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2111 if (gsm_read_ea(&gsm->address, c))
2112 gsm->state = GSM_CONTROL;
2114 case GSM_CONTROL: /* Control Byte */
2115 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2118 gsm->state = GSM_DATA;
2120 case GSM_DATA: /* Data */
2121 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
2122 gsm->state = GSM_OVERRUN;
2125 gsm->buf[gsm->count++] = c;
2127 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
2130 pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2136 * gsm_error - handle tty error
2139 * Handle an error in the receipt of data for a frame. Currently we just
2140 * go back to hunting for a SOF.
2142 * FIXME: better diagnostics ?
2145 static void gsm_error(struct gsm_mux *gsm)
2147 gsm->state = GSM_SEARCH;
2152 * gsm_cleanup_mux - generic GSM protocol cleanup
2154 * @disc: disconnect link?
2156 * Clean up the bits of the mux which are the same for all framing
2157 * protocols. Remove the mux from the mux table, stop all the timers
2158 * and then shut down each device hanging up the channels as we go.
2161 static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2164 struct gsm_dlci *dlci = gsm->dlci[0];
2165 struct gsm_msg *txq, *ntxq;
2168 mutex_lock(&gsm->mutex);
2171 if (disc && dlci->state != DLCI_CLOSED) {
2172 gsm_dlci_begin_close(dlci);
2173 wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2178 /* Finish outstanding timers, making sure they are done */
2179 del_timer_sync(&gsm->t2_timer);
2181 /* Free up any link layer users and finally the control channel */
2182 for (i = NUM_DLCI - 1; i >= 0; i--)
2184 gsm_dlci_release(gsm->dlci[i]);
2185 mutex_unlock(&gsm->mutex);
2186 /* Now wipe the queues */
2187 tty_ldisc_flush(gsm->tty);
2188 list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2190 INIT_LIST_HEAD(&gsm->tx_list);
2194 * gsm_activate_mux - generic GSM setup
2197 * Set up the bits of the mux which are the same for all framing
2198 * protocols. Add the mux to the mux table so it can be opened and
2199 * finally kick off connecting to DLCI 0 on the modem.
2202 static int gsm_activate_mux(struct gsm_mux *gsm)
2204 struct gsm_dlci *dlci;
2206 timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2207 init_waitqueue_head(&gsm->event);
2208 spin_lock_init(&gsm->control_lock);
2209 spin_lock_init(&gsm->tx_lock);
2211 if (gsm->encoding == 0)
2212 gsm->receive = gsm0_receive;
2214 gsm->receive = gsm1_receive;
2216 dlci = gsm_dlci_alloc(gsm, 0);
2219 gsm->dead = false; /* Tty opens are now permissible */
2224 * gsm_free_mux - free up a mux
2227 * Dispose of allocated resources for a dead mux
2229 static void gsm_free_mux(struct gsm_mux *gsm)
2233 for (i = 0; i < MAX_MUX; i++) {
2234 if (gsm == gsm_mux[i]) {
2239 mutex_destroy(&gsm->mutex);
2240 kfree(gsm->txframe);
2246 * gsm_free_muxr - free up a mux
2247 * @ref: kreference to the mux to free
2249 * Dispose of allocated resources for a dead mux
2251 static void gsm_free_muxr(struct kref *ref)
2253 struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2257 static inline void mux_get(struct gsm_mux *gsm)
2259 unsigned long flags;
2261 spin_lock_irqsave(&gsm_mux_lock, flags);
2262 kref_get(&gsm->ref);
2263 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2266 static inline void mux_put(struct gsm_mux *gsm)
2268 unsigned long flags;
2270 spin_lock_irqsave(&gsm_mux_lock, flags);
2271 kref_put(&gsm->ref, gsm_free_muxr);
2272 spin_unlock_irqrestore(&gsm_mux_lock, flags);
2275 static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2277 return gsm->num * NUM_DLCI;
2280 static inline unsigned int mux_line_to_num(unsigned int line)
2282 return line / NUM_DLCI;
2286 * gsm_alloc_mux - allocate a mux
2288 * Creates a new mux ready for activation.
2291 static struct gsm_mux *gsm_alloc_mux(void)
2294 struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2297 gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2298 if (gsm->buf == NULL) {
2302 gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2303 if (gsm->txframe == NULL) {
2308 spin_lock_init(&gsm->lock);
2309 mutex_init(&gsm->mutex);
2310 kref_init(&gsm->ref);
2311 INIT_LIST_HEAD(&gsm->tx_list);
2319 gsm->mru = 64; /* Default to encoding 1 so these should be 64 */
2321 gsm->dead = true; /* Avoid early tty opens */
2323 /* Store the instance to the mux array or abort if no space is
2326 spin_lock(&gsm_mux_lock);
2327 for (i = 0; i < MAX_MUX; i++) {
2334 spin_unlock(&gsm_mux_lock);
2336 mutex_destroy(&gsm->mutex);
2337 kfree(gsm->txframe);
2346 static void gsm_copy_config_values(struct gsm_mux *gsm,
2347 struct gsm_config *c)
2349 memset(c, 0, sizeof(*c));
2350 c->adaption = gsm->adaption;
2351 c->encapsulation = gsm->encoding;
2352 c->initiator = gsm->initiator;
2355 c->t3 = 0; /* Not supported */
2357 if (gsm->ftype == UIH)
2361 pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2367 static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2371 int need_restart = 0;
2373 /* Stuff we don't support yet - UI or I frame transport, windowing */
2374 if ((c->adaption != 1 && c->adaption != 2) || c->k)
2376 /* Check the MRU/MTU range looks sane */
2377 if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2381 if (c->encapsulation > 1) /* Basic, advanced, no I */
2383 if (c->initiator > 1)
2385 if (c->i == 0 || c->i > 2) /* UIH and UI only */
2388 * See what is needed for reconfiguration
2392 if (c->t1 != 0 && c->t1 != gsm->t1)
2394 if (c->t2 != 0 && c->t2 != gsm->t2)
2396 if (c->encapsulation != gsm->encoding)
2398 if (c->adaption != gsm->adaption)
2401 if (c->initiator != gsm->initiator)
2403 if (c->mru != gsm->mru)
2405 if (c->mtu != gsm->mtu)
2409 * Close down what is needed, restart and initiate the new
2410 * configuration. On the first time there is no DLCI[0]
2411 * and closing or cleaning up is not necessary.
2413 if (need_close || need_restart)
2414 gsm_cleanup_mux(gsm, true);
2416 gsm->initiator = c->initiator;
2419 gsm->encoding = c->encapsulation;
2420 gsm->adaption = c->adaption;
2434 * FIXME: We need to separate activation/deactivation from adding
2435 * and removing from the mux array
2438 ret = gsm_activate_mux(gsm);
2442 gsm_dlci_begin_open(gsm->dlci[0]);
2448 * gsmld_output - write to link
2450 * @data: bytes to output
2453 * Write a block of data from the GSM mux to the data channel. This
2454 * will eventually be serialized from above but at the moment isn't.
2457 static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2459 if (tty_write_room(gsm->tty) < len) {
2460 set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2464 gsm_hex_dump_bytes(__func__, data, len);
2465 return gsm->tty->ops->write(gsm->tty, data, len);
2469 * gsmld_attach_gsm - mode set up
2470 * @tty: our tty structure
2473 * Set up the MUX for basic mode and commence connecting to the
2474 * modem. Currently called from the line discipline set up but
2475 * will need moving to an ioctl path.
2478 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2483 gsm->tty = tty_kref_get(tty);
2484 /* Turn off tty XON/XOFF handling to handle it explicitly. */
2485 gsm->old_c_iflag = tty->termios.c_iflag;
2486 tty->termios.c_iflag &= (IXON | IXOFF);
2487 ret = gsm_activate_mux(gsm);
2489 tty_kref_put(gsm->tty);
2491 /* Don't register device 0 - this is the control channel and not
2492 a usable tty interface */
2493 base = mux_num_to_base(gsm); /* Base for this MUX */
2494 for (i = 1; i < NUM_DLCI; i++) {
2497 dev = tty_register_device(gsm_tty_driver,
2500 for (i--; i >= 1; i--)
2501 tty_unregister_device(gsm_tty_driver,
2503 return PTR_ERR(dev);
2512 * gsmld_detach_gsm - stop doing 0710 mux
2513 * @tty: tty attached to the mux
2516 * Shutdown and then clean up the resources used by the line discipline
2519 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2521 unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
2524 WARN_ON(tty != gsm->tty);
2525 for (i = 1; i < NUM_DLCI; i++)
2526 tty_unregister_device(gsm_tty_driver, base + i);
2527 /* Restore tty XON/XOFF handling. */
2528 gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2529 tty_kref_put(gsm->tty);
2533 static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2534 const char *fp, int count)
2536 struct gsm_mux *gsm = tty->disc_data;
2537 char flags = TTY_NORMAL;
2540 gsm_hex_dump_bytes(__func__, cp, count);
2542 for (; count; count--, cp++) {
2547 gsm->receive(gsm, *cp);
2556 WARN_ONCE(1, "%s: unknown flag %d\n",
2557 tty_name(tty), flags);
2561 /* FASYNC if needed ? */
2562 /* If clogged call tty_throttle(tty); */
2566 * gsmld_flush_buffer - clean input queue
2567 * @tty: terminal device
2569 * Flush the input buffer. Called when the line discipline is
2570 * being closed, when the tty layer wants the buffer flushed (eg
2574 static void gsmld_flush_buffer(struct tty_struct *tty)
2579 * gsmld_close - close the ldisc for this tty
2582 * Called from the terminal layer when this line discipline is
2583 * being shut down, either because of a close or becsuse of a
2584 * discipline change. The function will not be called while other
2585 * ldisc methods are in progress.
2588 static void gsmld_close(struct tty_struct *tty)
2590 struct gsm_mux *gsm = tty->disc_data;
2592 /* The ldisc locks and closes the port before calling our close. This
2593 * means we have no way to do a proper disconnect. We will not bother
2596 gsm_cleanup_mux(gsm, false);
2598 gsmld_detach_gsm(tty, gsm);
2600 gsmld_flush_buffer(tty);
2601 /* Do other clean up here */
2606 * gsmld_open - open an ldisc
2607 * @tty: terminal to open
2609 * Called when this line discipline is being attached to the
2610 * terminal device. Can sleep. Called serialized so that no
2611 * other events will occur in parallel. No further open will occur
2615 static int gsmld_open(struct tty_struct *tty)
2617 struct gsm_mux *gsm;
2620 if (tty->ops->write == NULL)
2623 /* Attach our ldisc data */
2624 gsm = gsm_alloc_mux();
2628 tty->disc_data = gsm;
2629 tty->receive_room = 65536;
2631 /* Attach the initial passive connection */
2634 ret = gsmld_attach_gsm(tty, gsm);
2636 gsm_cleanup_mux(gsm, false);
2643 * gsmld_write_wakeup - asynchronous I/O notifier
2646 * Required for the ptys, serial driver etc. since processes
2647 * that attach themselves to the master and rely on ASYNC
2648 * IO must be woken up
2651 static void gsmld_write_wakeup(struct tty_struct *tty)
2653 struct gsm_mux *gsm = tty->disc_data;
2654 unsigned long flags;
2657 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2658 spin_lock_irqsave(&gsm->tx_lock, flags);
2659 gsm_data_kick(gsm, NULL);
2660 if (gsm->tx_bytes < TX_THRESH_LO) {
2661 gsm_dlci_data_sweep(gsm);
2663 spin_unlock_irqrestore(&gsm->tx_lock, flags);
2667 * gsmld_read - read function for tty
2669 * @file: file object
2670 * @buf: userspace buffer pointer
2675 * Perform reads for the line discipline. We are guaranteed that the
2676 * line discipline will not be closed under us but we may get multiple
2677 * parallel readers and must handle this ourselves. We may also get
2678 * a hangup. Always called in user context, may sleep.
2680 * This code must be sure never to sleep through a hangup.
2683 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2684 unsigned char *buf, size_t nr,
2685 void **cookie, unsigned long offset)
2691 * gsmld_write - write function for tty
2693 * @file: file object
2694 * @buf: userspace buffer pointer
2697 * Called when the owner of the device wants to send a frame
2698 * itself (or some other control data). The data is transferred
2699 * as-is and must be properly framed and checksummed as appropriate
2700 * by userspace. Frames are either sent whole or not at all as this
2701 * avoids pain user side.
2704 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2705 const unsigned char *buf, size_t nr)
2707 int space = tty_write_room(tty);
2709 return tty->ops->write(tty, buf, nr);
2710 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2715 * gsmld_poll - poll method for N_GSM0710
2716 * @tty: terminal device
2717 * @file: file accessing it
2720 * Called when the line discipline is asked to poll() for data or
2721 * for special events. This code is not serialized with respect to
2722 * other events save open/close.
2724 * This code must be sure never to sleep through a hangup.
2725 * Called without the kernel lock held - fine
2728 static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
2732 struct gsm_mux *gsm = tty->disc_data;
2734 poll_wait(file, &tty->read_wait, wait);
2735 poll_wait(file, &tty->write_wait, wait);
2736 if (tty_hung_up_p(file))
2738 if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2739 mask |= EPOLLOUT | EPOLLWRNORM;
2745 static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
2748 struct gsm_config c;
2749 struct gsm_mux *gsm = tty->disc_data;
2753 case GSMIOC_GETCONF:
2754 gsm_copy_config_values(gsm, &c);
2755 if (copy_to_user((void __user *)arg, &c, sizeof(c)))
2758 case GSMIOC_SETCONF:
2759 if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
2761 return gsm_config(gsm, &c);
2762 case GSMIOC_GETFIRST:
2763 base = mux_num_to_base(gsm);
2764 return put_user(base + 1, (__u32 __user *)arg);
2766 return n_tty_ioctl_helper(tty, cmd, arg);
2775 static int gsm_mux_net_open(struct net_device *net)
2777 pr_debug("%s called\n", __func__);
2778 netif_start_queue(net);
2782 static int gsm_mux_net_close(struct net_device *net)
2784 netif_stop_queue(net);
2788 static void dlci_net_free(struct gsm_dlci *dlci)
2794 dlci->adaption = dlci->prev_adaption;
2795 dlci->data = dlci->prev_data;
2796 free_netdev(dlci->net);
2799 static void net_free(struct kref *ref)
2801 struct gsm_mux_net *mux_net;
2802 struct gsm_dlci *dlci;
2804 mux_net = container_of(ref, struct gsm_mux_net, ref);
2805 dlci = mux_net->dlci;
2808 unregister_netdev(dlci->net);
2809 dlci_net_free(dlci);
2813 static inline void muxnet_get(struct gsm_mux_net *mux_net)
2815 kref_get(&mux_net->ref);
2818 static inline void muxnet_put(struct gsm_mux_net *mux_net)
2820 kref_put(&mux_net->ref, net_free);
2823 static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
2824 struct net_device *net)
2826 struct gsm_mux_net *mux_net = netdev_priv(net);
2827 struct gsm_dlci *dlci = mux_net->dlci;
2828 muxnet_get(mux_net);
2830 skb_queue_head(&dlci->skb_list, skb);
2831 net->stats.tx_packets++;
2832 net->stats.tx_bytes += skb->len;
2833 gsm_dlci_data_kick(dlci);
2834 /* And tell the kernel when the last transmit started. */
2835 netif_trans_update(net);
2836 muxnet_put(mux_net);
2837 return NETDEV_TX_OK;
2840 /* called when a packet did not ack after watchdogtimeout */
2841 static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
2843 /* Tell syslog we are hosed. */
2844 dev_dbg(&net->dev, "Tx timed out.\n");
2846 /* Update statistics */
2847 net->stats.tx_errors++;
2850 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2851 const unsigned char *in_buf, int size)
2853 struct net_device *net = dlci->net;
2854 struct sk_buff *skb;
2855 struct gsm_mux_net *mux_net = netdev_priv(net);
2856 muxnet_get(mux_net);
2858 /* Allocate an sk_buff */
2859 skb = dev_alloc_skb(size + NET_IP_ALIGN);
2861 /* We got no receive buffer. */
2862 net->stats.rx_dropped++;
2863 muxnet_put(mux_net);
2866 skb_reserve(skb, NET_IP_ALIGN);
2867 skb_put_data(skb, in_buf, size);
2870 skb->protocol = htons(ETH_P_IP);
2872 /* Ship it off to the kernel */
2875 /* update out statistics */
2876 net->stats.rx_packets++;
2877 net->stats.rx_bytes += size;
2878 muxnet_put(mux_net);
2882 static void gsm_mux_net_init(struct net_device *net)
2884 static const struct net_device_ops gsm_netdev_ops = {
2885 .ndo_open = gsm_mux_net_open,
2886 .ndo_stop = gsm_mux_net_close,
2887 .ndo_start_xmit = gsm_mux_net_start_xmit,
2888 .ndo_tx_timeout = gsm_mux_net_tx_timeout,
2891 net->netdev_ops = &gsm_netdev_ops;
2893 /* fill in the other fields */
2894 net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2895 net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2896 net->type = ARPHRD_NONE;
2897 net->tx_queue_len = 10;
2901 /* caller holds the dlci mutex */
2902 static void gsm_destroy_network(struct gsm_dlci *dlci)
2904 struct gsm_mux_net *mux_net;
2906 pr_debug("destroy network interface\n");
2909 mux_net = netdev_priv(dlci->net);
2910 muxnet_put(mux_net);
2914 /* caller holds the dlci mutex */
2915 static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2919 struct net_device *net;
2920 struct gsm_mux_net *mux_net;
2922 if (!capable(CAP_NET_ADMIN))
2925 /* Already in a non tty mode */
2926 if (dlci->adaption > 2)
2929 if (nc->protocol != htons(ETH_P_IP))
2930 return -EPROTONOSUPPORT;
2932 if (nc->adaption != 3 && nc->adaption != 4)
2933 return -EPROTONOSUPPORT;
2935 pr_debug("create network interface\n");
2938 if (nc->if_name[0] != '\0')
2939 netname = nc->if_name;
2940 net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2941 NET_NAME_UNKNOWN, gsm_mux_net_init);
2943 pr_err("alloc_netdev failed\n");
2946 net->mtu = dlci->gsm->mtu;
2948 net->max_mtu = dlci->gsm->mtu;
2949 mux_net = netdev_priv(net);
2950 mux_net->dlci = dlci;
2951 kref_init(&mux_net->ref);
2952 strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2954 /* reconfigure dlci for network */
2955 dlci->prev_adaption = dlci->adaption;
2956 dlci->prev_data = dlci->data;
2957 dlci->adaption = nc->adaption;
2958 dlci->data = gsm_mux_rx_netchar;
2961 pr_debug("register netdev\n");
2962 retval = register_netdev(net);
2964 pr_err("network register fail %d\n", retval);
2965 dlci_net_free(dlci);
2968 return net->ifindex; /* return network index */
2971 /* Line discipline for real tty */
2972 static struct tty_ldisc_ops tty_ldisc_packet = {
2973 .owner = THIS_MODULE,
2977 .close = gsmld_close,
2978 .flush_buffer = gsmld_flush_buffer,
2980 .write = gsmld_write,
2981 .ioctl = gsmld_ioctl,
2983 .receive_buf = gsmld_receive_buf,
2984 .write_wakeup = gsmld_write_wakeup
2992 * gsm_modem_upd_via_data - send modem bits via convergence layer
2994 * @brk: break signal
2996 * Send an empty frame to signal mobile state changes and to transmit the
2997 * break signal for adaption 2.
3000 static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
3002 struct gsm_mux *gsm = dlci->gsm;
3003 unsigned long flags;
3005 if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
3008 spin_lock_irqsave(&gsm->tx_lock, flags);
3009 gsm_dlci_modem_output(gsm, dlci, brk);
3010 spin_unlock_irqrestore(&gsm->tx_lock, flags);
3014 * gsm_modem_upd_via_msc - send modem bits via control frame
3016 * @brk: break signal
3019 static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
3022 struct gsm_control *ctrl;
3025 if (dlci->gsm->encoding != 0)
3028 modembits[0] = (dlci->addr << 2) | 2 | EA; /* DLCI, Valid, EA */
3030 modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3032 modembits[1] = gsm_encode_modem(dlci) << 1;
3033 modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3036 ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3039 return gsm_control_wait(dlci->gsm, ctrl);
3043 * gsm_modem_update - send modem status line state
3045 * @brk: break signal
3048 static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
3050 if (dlci->adaption == 2) {
3051 /* Send convergence layer type 2 empty data frame. */
3052 gsm_modem_upd_via_data(dlci, brk);
3054 } else if (dlci->gsm->encoding == 0) {
3055 /* Send as MSC control message. */
3056 return gsm_modem_upd_via_msc(dlci, brk);
3059 /* Modem status lines are not supported. */
3060 return -EPROTONOSUPPORT;
3063 static int gsm_carrier_raised(struct tty_port *port)
3065 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3066 struct gsm_mux *gsm = dlci->gsm;
3068 /* Not yet open so no carrier info */
3069 if (dlci->state != DLCI_OPEN)
3075 * Basic mode with control channel in ADM mode may not respond
3076 * to CMD_MSC at all and modem_rx is empty.
3078 if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3082 return dlci->modem_rx & TIOCM_CD;
3085 static void gsm_dtr_rts(struct tty_port *port, int onoff)
3087 struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3088 unsigned int modem_tx = dlci->modem_tx;
3090 modem_tx |= TIOCM_DTR | TIOCM_RTS;
3092 modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3093 if (modem_tx != dlci->modem_tx) {
3094 dlci->modem_tx = modem_tx;
3095 gsm_modem_update(dlci, 0);
3099 static const struct tty_port_operations gsm_port_ops = {
3100 .carrier_raised = gsm_carrier_raised,
3101 .dtr_rts = gsm_dtr_rts,
3102 .destruct = gsm_dlci_free,
3105 static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3107 struct gsm_mux *gsm;
3108 struct gsm_dlci *dlci;
3109 unsigned int line = tty->index;
3110 unsigned int mux = mux_line_to_num(line);
3118 /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3119 if (gsm_mux[mux] == NULL)
3121 if (line == 0 || line > 61) /* 62/63 reserved */
3126 /* If DLCI 0 is not yet fully open return an error.
3127 This is ok from a locking
3128 perspective as we don't have to worry about this
3130 mutex_lock(&gsm->mutex);
3131 if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3132 mutex_unlock(&gsm->mutex);
3135 dlci = gsm->dlci[line];
3138 dlci = gsm_dlci_alloc(gsm, line);
3141 mutex_unlock(&gsm->mutex);
3144 ret = tty_port_install(&dlci->port, driver, tty);
3148 mutex_unlock(&gsm->mutex);
3153 dlci_get(gsm->dlci[0]);
3155 tty->driver_data = dlci;
3156 mutex_unlock(&gsm->mutex);
3161 static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3163 struct gsm_dlci *dlci = tty->driver_data;
3164 struct tty_port *port = &dlci->port;
3165 struct gsm_mux *gsm = dlci->gsm;
3168 tty_port_tty_set(port, tty);
3171 /* We could in theory open and close before we wait - eg if we get
3172 a DM straight back. This is ok as that will have caused a hangup */
3173 tty_port_set_initialized(port, 1);
3174 /* Start sending off SABM messages */
3176 gsm_dlci_begin_open(dlci);
3177 /* And wait for virtual carrier */
3178 return tty_port_block_til_ready(port, tty, filp);
3181 static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3183 struct gsm_dlci *dlci = tty->driver_data;
3187 if (dlci->state == DLCI_CLOSED)
3189 mutex_lock(&dlci->mutex);
3190 gsm_destroy_network(dlci);
3191 mutex_unlock(&dlci->mutex);
3192 if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3194 gsm_dlci_begin_close(dlci);
3195 if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3196 tty_port_lower_dtr_rts(&dlci->port);
3197 tty_port_close_end(&dlci->port, tty);
3198 tty_port_tty_set(&dlci->port, NULL);
3202 static void gsmtty_hangup(struct tty_struct *tty)
3204 struct gsm_dlci *dlci = tty->driver_data;
3205 if (dlci->state == DLCI_CLOSED)
3207 tty_port_hangup(&dlci->port);
3208 gsm_dlci_begin_close(dlci);
3211 static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3215 struct gsm_dlci *dlci = tty->driver_data;
3216 if (dlci->state == DLCI_CLOSED)
3218 /* Stuff the bytes into the fifo queue */
3219 sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3220 /* Need to kick the channel */
3221 gsm_dlci_data_kick(dlci);
3225 static unsigned int gsmtty_write_room(struct tty_struct *tty)
3227 struct gsm_dlci *dlci = tty->driver_data;
3228 if (dlci->state == DLCI_CLOSED)
3230 return kfifo_avail(&dlci->fifo);
3233 static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
3235 struct gsm_dlci *dlci = tty->driver_data;
3236 if (dlci->state == DLCI_CLOSED)
3238 return kfifo_len(&dlci->fifo);
3241 static void gsmtty_flush_buffer(struct tty_struct *tty)
3243 struct gsm_dlci *dlci = tty->driver_data;
3244 unsigned long flags;
3246 if (dlci->state == DLCI_CLOSED)
3248 /* Caution needed: If we implement reliable transport classes
3249 then the data being transmitted can't simply be junked once
3250 it has first hit the stack. Until then we can just blow it
3252 spin_lock_irqsave(&dlci->lock, flags);
3253 kfifo_reset(&dlci->fifo);
3254 spin_unlock_irqrestore(&dlci->lock, flags);
3255 /* Need to unhook this DLCI from the transmit queue logic */
3258 static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3260 /* The FIFO handles the queue so the kernel will do the right
3261 thing waiting on chars_in_buffer before calling us. No work
3265 static int gsmtty_tiocmget(struct tty_struct *tty)
3267 struct gsm_dlci *dlci = tty->driver_data;
3268 if (dlci->state == DLCI_CLOSED)
3270 return dlci->modem_rx;
3273 static int gsmtty_tiocmset(struct tty_struct *tty,
3274 unsigned int set, unsigned int clear)
3276 struct gsm_dlci *dlci = tty->driver_data;
3277 unsigned int modem_tx = dlci->modem_tx;
3279 if (dlci->state == DLCI_CLOSED)
3284 if (modem_tx != dlci->modem_tx) {
3285 dlci->modem_tx = modem_tx;
3286 return gsm_modem_update(dlci, 0);
3292 static int gsmtty_ioctl(struct tty_struct *tty,
3293 unsigned int cmd, unsigned long arg)
3295 struct gsm_dlci *dlci = tty->driver_data;
3296 struct gsm_netconfig nc;
3299 if (dlci->state == DLCI_CLOSED)
3302 case GSMIOC_ENABLE_NET:
3303 if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3305 nc.if_name[IFNAMSIZ-1] = '\0';
3306 /* return net interface index or error code */
3307 mutex_lock(&dlci->mutex);
3308 index = gsm_create_network(dlci, &nc);
3309 mutex_unlock(&dlci->mutex);
3310 if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3313 case GSMIOC_DISABLE_NET:
3314 if (!capable(CAP_NET_ADMIN))
3316 mutex_lock(&dlci->mutex);
3317 gsm_destroy_network(dlci);
3318 mutex_unlock(&dlci->mutex);
3321 return -ENOIOCTLCMD;
3325 static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3327 struct gsm_dlci *dlci = tty->driver_data;
3328 if (dlci->state == DLCI_CLOSED)
3330 /* For the moment its fixed. In actual fact the speed information
3331 for the virtual channel can be propogated in both directions by
3332 the RPN control message. This however rapidly gets nasty as we
3333 then have to remap modem signals each way according to whether
3334 our virtual cable is null modem etc .. */
3335 tty_termios_copy_hw(&tty->termios, old);
3338 static void gsmtty_throttle(struct tty_struct *tty)
3340 struct gsm_dlci *dlci = tty->driver_data;
3341 if (dlci->state == DLCI_CLOSED)
3344 dlci->modem_tx &= ~TIOCM_RTS;
3345 dlci->throttled = true;
3346 /* Send an MSC with RTS cleared */
3347 gsm_modem_update(dlci, 0);
3350 static void gsmtty_unthrottle(struct tty_struct *tty)
3352 struct gsm_dlci *dlci = tty->driver_data;
3353 if (dlci->state == DLCI_CLOSED)
3356 dlci->modem_tx |= TIOCM_RTS;
3357 dlci->throttled = false;
3358 /* Send an MSC with RTS set */
3359 gsm_modem_update(dlci, 0);
3362 static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3364 struct gsm_dlci *dlci = tty->driver_data;
3365 int encode = 0; /* Off */
3366 if (dlci->state == DLCI_CLOSED)
3369 if (state == -1) /* "On indefinitely" - we can't encode this
3372 else if (state > 0) {
3373 encode = state / 200; /* mS to encoding */
3375 encode = 0x0F; /* Best effort */
3377 return gsm_modem_update(dlci, encode);
3380 static void gsmtty_cleanup(struct tty_struct *tty)
3382 struct gsm_dlci *dlci = tty->driver_data;
3383 struct gsm_mux *gsm = dlci->gsm;
3386 dlci_put(gsm->dlci[0]);
3390 /* Virtual ttys for the demux */
3391 static const struct tty_operations gsmtty_ops = {
3392 .install = gsmtty_install,
3393 .open = gsmtty_open,
3394 .close = gsmtty_close,
3395 .write = gsmtty_write,
3396 .write_room = gsmtty_write_room,
3397 .chars_in_buffer = gsmtty_chars_in_buffer,
3398 .flush_buffer = gsmtty_flush_buffer,
3399 .ioctl = gsmtty_ioctl,
3400 .throttle = gsmtty_throttle,
3401 .unthrottle = gsmtty_unthrottle,
3402 .set_termios = gsmtty_set_termios,
3403 .hangup = gsmtty_hangup,
3404 .wait_until_sent = gsmtty_wait_until_sent,
3405 .tiocmget = gsmtty_tiocmget,
3406 .tiocmset = gsmtty_tiocmset,
3407 .break_ctl = gsmtty_break_ctl,
3408 .cleanup = gsmtty_cleanup,
3413 static int __init gsm_init(void)
3415 /* Fill in our line protocol discipline, and register it */
3416 int status = tty_register_ldisc(&tty_ldisc_packet);
3418 pr_err("n_gsm: can't register line discipline (err = %d)\n",
3423 gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW |
3424 TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
3425 if (IS_ERR(gsm_tty_driver)) {
3426 pr_err("gsm_init: tty allocation failed.\n");
3427 status = PTR_ERR(gsm_tty_driver);
3428 goto err_unreg_ldisc;
3430 gsm_tty_driver->driver_name = "gsmtty";
3431 gsm_tty_driver->name = "gsmtty";
3432 gsm_tty_driver->major = 0; /* Dynamic */
3433 gsm_tty_driver->minor_start = 0;
3434 gsm_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
3435 gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3436 gsm_tty_driver->init_termios = tty_std_termios;
3438 gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3439 tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3441 if (tty_register_driver(gsm_tty_driver)) {
3442 pr_err("gsm_init: tty registration failed.\n");
3444 goto err_put_driver;
3446 pr_debug("gsm_init: loaded as %d,%d.\n",
3447 gsm_tty_driver->major, gsm_tty_driver->minor_start);
3450 tty_driver_kref_put(gsm_tty_driver);
3452 tty_unregister_ldisc(&tty_ldisc_packet);
3456 static void __exit gsm_exit(void)
3458 tty_unregister_ldisc(&tty_ldisc_packet);
3459 tty_unregister_driver(gsm_tty_driver);
3460 tty_driver_kref_put(gsm_tty_driver);
3463 module_init(gsm_init);
3464 module_exit(gsm_exit);
3467 MODULE_LICENSE("GPL");
3468 MODULE_ALIAS_LDISC(N_GSM0710);
projects / releases.git / blob