/drivers/tty/n_gsm.c
C | 2806 lines | 1745 code | 287 blank | 774 comment | 383 complexity | 9ad1cacc539b2242df4e09c61f8a0c53 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0
Large files files are truncated, but you can click here to view the full file
1/*
2 * n_gsm.c GSM 0710 tty multiplexor
3 * Copyright (c) 2009/10 Intel Corporation
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
19 *
20 * TO DO:
21 * Mostly done: ioctls for setting modes/timing
22 * Partly done: hooks so you can pull off frames to non tty devs
23 * Restart DLCI 0 when it closes ?
24 * Test basic encoding
25 * Improve the tx engine
26 * Resolve tx side locking by adding a queue_head and routing
27 * all control traffic via it
28 * General tidy/document
29 * Review the locking/move to refcounts more (mux now moved to an
30 * alloc/free model ready)
31 * Use newest tty open/close port helpers and install hooks
32 * What to do about power functions ?
33 * Termios setting and negotiation
34 * Do we need a 'which mux are you' ioctl to correlate mux and tty sets
35 *
36 */
37
38#include <linux/types.h>
39#include <linux/major.h>
40#include <linux/errno.h>
41#include <linux/signal.h>
42#include <linux/fcntl.h>
43#include <linux/sched.h>
44#include <linux/interrupt.h>
45#include <linux/tty.h>
46#include <linux/ctype.h>
47#include <linux/mm.h>
48#include <linux/string.h>
49#include <linux/slab.h>
50#include <linux/poll.h>
51#include <linux/bitops.h>
52#include <linux/file.h>
53#include <linux/uaccess.h>
54#include <linux/module.h>
55#include <linux/timer.h>
56#include <linux/tty_flip.h>
57#include <linux/tty_driver.h>
58#include <linux/serial.h>
59#include <linux/kfifo.h>
60#include <linux/skbuff.h>
61#include <linux/gsmmux.h>
62
63static int debug;
64module_param(debug, int, 0600);
65
66#define T1 (HZ/10)
67#define T2 (HZ/3)
68#define N2 3
69
70/* Use long timers for testing at low speed with debug on */
71#ifdef DEBUG_TIMING
72#define T1 HZ
73#define T2 (2 * HZ)
74#endif
75
76/*
77 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
78 * limits so this is plenty
79 */
80#define MAX_MRU 512
81#define MAX_MTU 512
82
83/*
84 * Each block of data we have queued to go out is in the form of
85 * a gsm_msg which holds everything we need in a link layer independent
86 * format
87 */
88
89struct gsm_msg {
90 struct gsm_msg *next;
91 u8 addr; /* DLCI address + flags */
92 u8 ctrl; /* Control byte + flags */
93 unsigned int len; /* Length of data block (can be zero) */
94 unsigned char *data; /* Points into buffer but not at the start */
95 unsigned char buffer[0];
96};
97
98/*
99 * Each active data link has a gsm_dlci structure associated which ties
100 * the link layer to an optional tty (if the tty side is open). To avoid
101 * complexity right now these are only ever freed up when the mux is
102 * shut down.
103 *
104 * At the moment we don't free DLCI objects until the mux is torn down
105 * this avoid object life time issues but might be worth review later.
106 */
107
108struct gsm_dlci {
109 struct gsm_mux *gsm;
110 int addr;
111 int state;
112#define DLCI_CLOSED 0
113#define DLCI_OPENING 1 /* Sending SABM not seen UA */
114#define DLCI_OPEN 2 /* SABM/UA complete */
115#define DLCI_CLOSING 3 /* Sending DISC not seen UA/DM */
116
117 /* Link layer */
118 spinlock_t lock; /* Protects the internal state */
119 struct timer_list t1; /* Retransmit timer for SABM and UA */
120 int retries;
121 /* Uplink tty if active */
122 struct tty_port port; /* The tty bound to this DLCI if there is one */
123 struct kfifo *fifo; /* Queue fifo for the DLCI */
124 struct kfifo _fifo; /* For new fifo API porting only */
125 int adaption; /* Adaption layer in use */
126 u32 modem_rx; /* Our incoming virtual modem lines */
127 u32 modem_tx; /* Our outgoing modem lines */
128 int dead; /* Refuse re-open */
129 /* Flow control */
130 int throttled; /* Private copy of throttle state */
131 int constipated; /* Throttle status for outgoing */
132 /* Packetised I/O */
133 struct sk_buff *skb; /* Frame being sent */
134 struct sk_buff_head skb_list; /* Queued frames */
135 /* Data handling callback */
136 void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
137};
138
139/* DLCI 0, 62/63 are special or reseved see gsmtty_open */
140
141#define NUM_DLCI 64
142
143/*
144 * DLCI 0 is used to pass control blocks out of band of the data
145 * flow (and with a higher link priority). One command can be outstanding
146 * at a time and we use this structure to manage them. They are created
147 * and destroyed by the user context, and updated by the receive paths
148 * and timers
149 */
150
151struct gsm_control {
152 u8 cmd; /* Command we are issuing */
153 u8 *data; /* Data for the command in case we retransmit */
154 int len; /* Length of block for retransmission */
155 int done; /* Done flag */
156 int error; /* Error if any */
157};
158
159/*
160 * Each GSM mux we have is represented by this structure. If we are
161 * operating as an ldisc then we use this structure as our ldisc
162 * state. We need to sort out lifetimes and locking with respect
163 * to the gsm mux array. For now we don't free DLCI objects that
164 * have been instantiated until the mux itself is terminated.
165 *
166 * To consider further: tty open versus mux shutdown.
167 */
168
169struct gsm_mux {
170 struct tty_struct *tty; /* The tty our ldisc is bound to */
171 spinlock_t lock;
172
173 /* Events on the GSM channel */
174 wait_queue_head_t event;
175
176 /* Bits for GSM mode decoding */
177
178 /* Framing Layer */
179 unsigned char *buf;
180 int state;
181#define GSM_SEARCH 0
182#define GSM_START 1
183#define GSM_ADDRESS 2
184#define GSM_CONTROL 3
185#define GSM_LEN 4
186#define GSM_DATA 5
187#define GSM_FCS 6
188#define GSM_OVERRUN 7
189#define GSM_LEN0 8
190#define GSM_LEN1 9
191#define GSM_SSOF 10
192 unsigned int len;
193 unsigned int address;
194 unsigned int count;
195 int escape;
196 int encoding;
197 u8 control;
198 u8 fcs;
199 u8 received_fcs;
200 u8 *txframe; /* TX framing buffer */
201
202 /* Methods for the receiver side */
203 void (*receive)(struct gsm_mux *gsm, u8 ch);
204 void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
205 /* And transmit side */
206 int (*output)(struct gsm_mux *mux, u8 *data, int len);
207
208 /* Link Layer */
209 unsigned int mru;
210 unsigned int mtu;
211 int initiator; /* Did we initiate connection */
212 int dead; /* Has the mux been shut down */
213 struct gsm_dlci *dlci[NUM_DLCI];
214 int constipated; /* Asked by remote to shut up */
215
216 spinlock_t tx_lock;
217 unsigned int tx_bytes; /* TX data outstanding */
218#define TX_THRESH_HI 8192
219#define TX_THRESH_LO 2048
220 struct gsm_msg *tx_head; /* Pending data packets */
221 struct gsm_msg *tx_tail;
222
223 /* Control messages */
224 struct timer_list t2_timer; /* Retransmit timer for commands */
225 int cretries; /* Command retry counter */
226 struct gsm_control *pending_cmd;/* Our current pending command */
227 spinlock_t control_lock; /* Protects the pending command */
228
229 /* Configuration */
230 int adaption; /* 1 or 2 supported */
231 u8 ftype; /* UI or UIH */
232 int t1, t2; /* Timers in 1/100th of a sec */
233 int n2; /* Retry count */
234
235 /* Statistics (not currently exposed) */
236 unsigned long bad_fcs;
237 unsigned long malformed;
238 unsigned long io_error;
239 unsigned long bad_size;
240 unsigned long unsupported;
241};
242
243
244/*
245 * Mux objects - needed so that we can translate a tty index into the
246 * relevant mux and DLCI.
247 */
248
249#define MAX_MUX 4 /* 256 minors */
250static struct gsm_mux *gsm_mux[MAX_MUX]; /* GSM muxes */
251static spinlock_t gsm_mux_lock;
252
253/*
254 * This section of the driver logic implements the GSM encodings
255 * both the basic and the 'advanced'. Reliable transport is not
256 * supported.
257 */
258
259#define CR 0x02
260#define EA 0x01
261#define PF 0x10
262
263/* I is special: the rest are ..*/
264#define RR 0x01
265#define UI 0x03
266#define RNR 0x05
267#define REJ 0x09
268#define DM 0x0F
269#define SABM 0x2F
270#define DISC 0x43
271#define UA 0x63
272#define UIH 0xEF
273
274/* Channel commands */
275#define CMD_NSC 0x09
276#define CMD_TEST 0x11
277#define CMD_PSC 0x21
278#define CMD_RLS 0x29
279#define CMD_FCOFF 0x31
280#define CMD_PN 0x41
281#define CMD_RPN 0x49
282#define CMD_FCON 0x51
283#define CMD_CLD 0x61
284#define CMD_SNC 0x69
285#define CMD_MSC 0x71
286
287/* Virtual modem bits */
288#define MDM_FC 0x01
289#define MDM_RTC 0x02
290#define MDM_RTR 0x04
291#define MDM_IC 0x20
292#define MDM_DV 0x40
293
294#define GSM0_SOF 0xF9
295#define GSM1_SOF 0x7E
296#define GSM1_ESCAPE 0x7D
297#define GSM1_ESCAPE_BITS 0x20
298#define XON 0x11
299#define XOFF 0x13
300
301static const struct tty_port_operations gsm_port_ops;
302
303/*
304 * CRC table for GSM 0710
305 */
306
307static const u8 gsm_fcs8[256] = {
308 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
309 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
310 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
311 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
312 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
313 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
314 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
315 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
316 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
317 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
318 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
319 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
320 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
321 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
322 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
323 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
324 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
325 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
326 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
327 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
328 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
329 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
330 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
331 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
332 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
333 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
334 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
335 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
336 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
337 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
338 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
339 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
340};
341
342#define INIT_FCS 0xFF
343#define GOOD_FCS 0xCF
344
345/**
346 * gsm_fcs_add - update FCS
347 * @fcs: Current FCS
348 * @c: Next data
349 *
350 * Update the FCS to include c. Uses the algorithm in the specification
351 * notes.
352 */
353
354static inline u8 gsm_fcs_add(u8 fcs, u8 c)
355{
356 return gsm_fcs8[fcs ^ c];
357}
358
359/**
360 * gsm_fcs_add_block - update FCS for a block
361 * @fcs: Current FCS
362 * @c: buffer of data
363 * @len: length of buffer
364 *
365 * Update the FCS to include c. Uses the algorithm in the specification
366 * notes.
367 */
368
369static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
370{
371 while (len--)
372 fcs = gsm_fcs8[fcs ^ *c++];
373 return fcs;
374}
375
376/**
377 * gsm_read_ea - read a byte into an EA
378 * @val: variable holding value
379 * c: byte going into the EA
380 *
381 * Processes one byte of an EA. Updates the passed variable
382 * and returns 1 if the EA is now completely read
383 */
384
385static int gsm_read_ea(unsigned int *val, u8 c)
386{
387 /* Add the next 7 bits into the value */
388 *val <<= 7;
389 *val |= c >> 1;
390 /* Was this the last byte of the EA 1 = yes*/
391 return c & EA;
392}
393
394/**
395 * gsm_encode_modem - encode modem data bits
396 * @dlci: DLCI to encode from
397 *
398 * Returns the correct GSM encoded modem status bits (6 bit field) for
399 * the current status of the DLCI and attached tty object
400 */
401
402static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
403{
404 u8 modembits = 0;
405 /* FC is true flow control not modem bits */
406 if (dlci->throttled)
407 modembits |= MDM_FC;
408 if (dlci->modem_tx & TIOCM_DTR)
409 modembits |= MDM_RTC;
410 if (dlci->modem_tx & TIOCM_RTS)
411 modembits |= MDM_RTR;
412 if (dlci->modem_tx & TIOCM_RI)
413 modembits |= MDM_IC;
414 if (dlci->modem_tx & TIOCM_CD)
415 modembits |= MDM_DV;
416 return modembits;
417}
418
419/**
420 * gsm_print_packet - display a frame for debug
421 * @hdr: header to print before decode
422 * @addr: address EA from the frame
423 * @cr: C/R bit from the frame
424 * @control: control including PF bit
425 * @data: following data bytes
426 * @dlen: length of data
427 *
428 * Displays a packet in human readable format for debugging purposes. The
429 * style is based on amateur radio LAP-B dump display.
430 */
431
432static void gsm_print_packet(const char *hdr, int addr, int cr,
433 u8 control, const u8 *data, int dlen)
434{
435 if (!(debug & 1))
436 return;
437
438 pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
439
440 switch (control & ~PF) {
441 case SABM:
442 pr_cont("SABM");
443 break;
444 case UA:
445 pr_cont("UA");
446 break;
447 case DISC:
448 pr_cont("DISC");
449 break;
450 case DM:
451 pr_cont("DM");
452 break;
453 case UI:
454 pr_cont("UI");
455 break;
456 case UIH:
457 pr_cont("UIH");
458 break;
459 default:
460 if (!(control & 0x01)) {
461 pr_cont("I N(S)%d N(R)%d",
462 (control & 0x0E) >> 1, (control & 0xE) >> 5);
463 } else switch (control & 0x0F) {
464 case RR:
465 pr_cont("RR(%d)", (control & 0xE0) >> 5);
466 break;
467 case RNR:
468 pr_cont("RNR(%d)", (control & 0xE0) >> 5);
469 break;
470 case REJ:
471 pr_cont("REJ(%d)", (control & 0xE0) >> 5);
472 break;
473 default:
474 pr_cont("[%02X]", control);
475 }
476 }
477
478 if (control & PF)
479 pr_cont("(P)");
480 else
481 pr_cont("(F)");
482
483 if (dlen) {
484 int ct = 0;
485 while (dlen--) {
486 if (ct % 8 == 0) {
487 pr_cont("\n");
488 pr_debug(" ");
489 }
490 pr_cont("%02X ", *data++);
491 ct++;
492 }
493 }
494 pr_cont("\n");
495}
496
497
498/*
499 * Link level transmission side
500 */
501
502/**
503 * gsm_stuff_packet - bytestuff a packet
504 * @ibuf: input
505 * @obuf: output
506 * @len: length of input
507 *
508 * Expand a buffer by bytestuffing it. The worst case size change
509 * is doubling and the caller is responsible for handing out
510 * suitable sized buffers.
511 */
512
513static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
514{
515 int olen = 0;
516 while (len--) {
517 if (*input == GSM1_SOF || *input == GSM1_ESCAPE
518 || *input == XON || *input == XOFF) {
519 *output++ = GSM1_ESCAPE;
520 *output++ = *input++ ^ GSM1_ESCAPE_BITS;
521 olen++;
522 } else
523 *output++ = *input++;
524 olen++;
525 }
526 return olen;
527}
528
529/**
530 * gsm_send - send a control frame
531 * @gsm: our GSM mux
532 * @addr: address for control frame
533 * @cr: command/response bit
534 * @control: control byte including PF bit
535 *
536 * Format up and transmit a control frame. These do not go via the
537 * queueing logic as they should be transmitted ahead of data when
538 * they are needed.
539 *
540 * FIXME: Lock versus data TX path
541 */
542
543static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
544{
545 int len;
546 u8 cbuf[10];
547 u8 ibuf[3];
548
549 switch (gsm->encoding) {
550 case 0:
551 cbuf[0] = GSM0_SOF;
552 cbuf[1] = (addr << 2) | (cr << 1) | EA;
553 cbuf[2] = control;
554 cbuf[3] = EA; /* Length of data = 0 */
555 cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
556 cbuf[5] = GSM0_SOF;
557 len = 6;
558 break;
559 case 1:
560 case 2:
561 /* Control frame + packing (but not frame stuffing) in mode 1 */
562 ibuf[0] = (addr << 2) | (cr << 1) | EA;
563 ibuf[1] = control;
564 ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
565 /* Stuffing may double the size worst case */
566 len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
567 /* Now add the SOF markers */
568 cbuf[0] = GSM1_SOF;
569 cbuf[len + 1] = GSM1_SOF;
570 /* FIXME: we can omit the lead one in many cases */
571 len += 2;
572 break;
573 default:
574 WARN_ON(1);
575 return;
576 }
577 gsm->output(gsm, cbuf, len);
578 gsm_print_packet("-->", addr, cr, control, NULL, 0);
579}
580
581/**
582 * gsm_response - send a control response
583 * @gsm: our GSM mux
584 * @addr: address for control frame
585 * @control: control byte including PF bit
586 *
587 * Format up and transmit a link level response frame.
588 */
589
590static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
591{
592 gsm_send(gsm, addr, 0, control);
593}
594
595/**
596 * gsm_command - send a control command
597 * @gsm: our GSM mux
598 * @addr: address for control frame
599 * @control: control byte including PF bit
600 *
601 * Format up and transmit a link level command frame.
602 */
603
604static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
605{
606 gsm_send(gsm, addr, 1, control);
607}
608
609/* Data transmission */
610
611#define HDR_LEN 6 /* ADDR CTRL [LEN.2] DATA FCS */
612
613/**
614 * gsm_data_alloc - allocate data frame
615 * @gsm: GSM mux
616 * @addr: DLCI address
617 * @len: length excluding header and FCS
618 * @ctrl: control byte
619 *
620 * Allocate a new data buffer for sending frames with data. Space is left
621 * at the front for header bytes but that is treated as an implementation
622 * detail and not for the high level code to use
623 */
624
625static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
626 u8 ctrl)
627{
628 struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
629 GFP_ATOMIC);
630 if (m == NULL)
631 return NULL;
632 m->data = m->buffer + HDR_LEN - 1; /* Allow for FCS */
633 m->len = len;
634 m->addr = addr;
635 m->ctrl = ctrl;
636 m->next = NULL;
637 return m;
638}
639
640/**
641 * gsm_data_kick - poke the queue
642 * @gsm: GSM Mux
643 *
644 * The tty device has called us to indicate that room has appeared in
645 * the transmit queue. Ram more data into the pipe if we have any
646 *
647 * FIXME: lock against link layer control transmissions
648 */
649
650static void gsm_data_kick(struct gsm_mux *gsm)
651{
652 struct gsm_msg *msg = gsm->tx_head;
653 int len;
654 int skip_sof = 0;
655
656 /* FIXME: We need to apply this solely to data messages */
657 if (gsm->constipated)
658 return;
659
660 while (gsm->tx_head != NULL) {
661 msg = gsm->tx_head;
662 if (gsm->encoding != 0) {
663 gsm->txframe[0] = GSM1_SOF;
664 len = gsm_stuff_frame(msg->data,
665 gsm->txframe + 1, msg->len);
666 gsm->txframe[len + 1] = GSM1_SOF;
667 len += 2;
668 } else {
669 gsm->txframe[0] = GSM0_SOF;
670 memcpy(gsm->txframe + 1 , msg->data, msg->len);
671 gsm->txframe[msg->len + 1] = GSM0_SOF;
672 len = msg->len + 2;
673 }
674
675 if (debug & 4)
676 print_hex_dump_bytes("gsm_data_kick: ",
677 DUMP_PREFIX_OFFSET,
678 gsm->txframe, len);
679
680 if (gsm->output(gsm, gsm->txframe + skip_sof,
681 len - skip_sof) < 0)
682 break;
683 /* FIXME: Can eliminate one SOF in many more cases */
684 gsm->tx_head = msg->next;
685 if (gsm->tx_head == NULL)
686 gsm->tx_tail = NULL;
687 gsm->tx_bytes -= msg->len;
688 kfree(msg);
689 /* For a burst of frames skip the extra SOF within the
690 burst */
691 skip_sof = 1;
692 }
693}
694
695/**
696 * __gsm_data_queue - queue a UI or UIH frame
697 * @dlci: DLCI sending the data
698 * @msg: message queued
699 *
700 * Add data to the transmit queue and try and get stuff moving
701 * out of the mux tty if not already doing so. The Caller must hold
702 * the gsm tx lock.
703 */
704
705static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
706{
707 struct gsm_mux *gsm = dlci->gsm;
708 u8 *dp = msg->data;
709 u8 *fcs = dp + msg->len;
710
711 /* Fill in the header */
712 if (gsm->encoding == 0) {
713 if (msg->len < 128)
714 *--dp = (msg->len << 1) | EA;
715 else {
716 *--dp = (msg->len >> 7); /* bits 7 - 15 */
717 *--dp = (msg->len & 127) << 1; /* bits 0 - 6 */
718 }
719 }
720
721 *--dp = msg->ctrl;
722 if (gsm->initiator)
723 *--dp = (msg->addr << 2) | 2 | EA;
724 else
725 *--dp = (msg->addr << 2) | EA;
726 *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
727 /* Ugly protocol layering violation */
728 if (msg->ctrl == UI || msg->ctrl == (UI|PF))
729 *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
730 *fcs = 0xFF - *fcs;
731
732 gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
733 msg->data, msg->len);
734
735 /* Move the header back and adjust the length, also allow for the FCS
736 now tacked on the end */
737 msg->len += (msg->data - dp) + 1;
738 msg->data = dp;
739
740 /* Add to the actual output queue */
741 if (gsm->tx_tail)
742 gsm->tx_tail->next = msg;
743 else
744 gsm->tx_head = msg;
745 gsm->tx_tail = msg;
746 gsm->tx_bytes += msg->len;
747 gsm_data_kick(gsm);
748}
749
750/**
751 * gsm_data_queue - queue a UI or UIH frame
752 * @dlci: DLCI sending the data
753 * @msg: message queued
754 *
755 * Add data to the transmit queue and try and get stuff moving
756 * out of the mux tty if not already doing so. Take the
757 * the gsm tx lock and dlci lock.
758 */
759
760static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
761{
762 unsigned long flags;
763 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
764 __gsm_data_queue(dlci, msg);
765 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
766}
767
768/**
769 * gsm_dlci_data_output - try and push data out of a DLCI
770 * @gsm: mux
771 * @dlci: the DLCI to pull data from
772 *
773 * Pull data from a DLCI and send it into the transmit queue if there
774 * is data. Keep to the MRU of the mux. This path handles the usual tty
775 * interface which is a byte stream with optional modem data.
776 *
777 * Caller must hold the tx_lock of the mux.
778 */
779
780static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
781{
782 struct gsm_msg *msg;
783 u8 *dp;
784 int len, size;
785 int h = dlci->adaption - 1;
786
787 len = kfifo_len(dlci->fifo);
788 if (len == 0)
789 return 0;
790
791 /* MTU/MRU count only the data bits */
792 if (len > gsm->mtu)
793 len = gsm->mtu;
794
795 size = len + h;
796
797 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
798 /* FIXME: need a timer or something to kick this so it can't
799 get stuck with no work outstanding and no buffer free */
800 if (msg == NULL)
801 return -ENOMEM;
802 dp = msg->data;
803 switch (dlci->adaption) {
804 case 1: /* Unstructured */
805 break;
806 case 2: /* Unstructed with modem bits. Always one byte as we never
807 send inline break data */
808 *dp += gsm_encode_modem(dlci);
809 len--;
810 break;
811 }
812 WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
813 __gsm_data_queue(dlci, msg);
814 /* Bytes of data we used up */
815 return size;
816}
817
818/**
819 * gsm_dlci_data_output_framed - try and push data out of a DLCI
820 * @gsm: mux
821 * @dlci: the DLCI to pull data from
822 *
823 * Pull data from a DLCI and send it into the transmit queue if there
824 * is data. Keep to the MRU of the mux. This path handles framed data
825 * queued as skbuffs to the DLCI.
826 *
827 * Caller must hold the tx_lock of the mux.
828 */
829
830static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
831 struct gsm_dlci *dlci)
832{
833 struct gsm_msg *msg;
834 u8 *dp;
835 int len, size;
836 int last = 0, first = 0;
837 int overhead = 0;
838
839 /* One byte per frame is used for B/F flags */
840 if (dlci->adaption == 4)
841 overhead = 1;
842
843 /* dlci->skb is locked by tx_lock */
844 if (dlci->skb == NULL) {
845 dlci->skb = skb_dequeue(&dlci->skb_list);
846 if (dlci->skb == NULL)
847 return 0;
848 first = 1;
849 }
850 len = dlci->skb->len + overhead;
851
852 /* MTU/MRU count only the data bits */
853 if (len > gsm->mtu) {
854 if (dlci->adaption == 3) {
855 /* Over long frame, bin it */
856 kfree_skb(dlci->skb);
857 dlci->skb = NULL;
858 return 0;
859 }
860 len = gsm->mtu;
861 } else
862 last = 1;
863
864 size = len + overhead;
865 msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
866
867 /* FIXME: need a timer or something to kick this so it can't
868 get stuck with no work outstanding and no buffer free */
869 if (msg == NULL)
870 return -ENOMEM;
871 dp = msg->data;
872
873 if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
874 /* Flag byte to carry the start/end info */
875 *dp++ = last << 7 | first << 6 | 1; /* EA */
876 len--;
877 }
878 memcpy(dp, dlci->skb->data, len);
879 skb_pull(dlci->skb, len);
880 __gsm_data_queue(dlci, msg);
881 if (last)
882 dlci->skb = NULL;
883 return size;
884}
885
886/**
887 * gsm_dlci_data_sweep - look for data to send
888 * @gsm: the GSM mux
889 *
890 * Sweep the GSM mux channels in priority order looking for ones with
891 * data to send. We could do with optimising this scan a bit. We aim
892 * to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
893 * TX_THRESH_LO we get called again
894 *
895 * FIXME: We should round robin between groups and in theory you can
896 * renegotiate DLCI priorities with optional stuff. Needs optimising.
897 */
898
899static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
900{
901 int len;
902 /* Priority ordering: We should do priority with RR of the groups */
903 int i = 1;
904
905 while (i < NUM_DLCI) {
906 struct gsm_dlci *dlci;
907
908 if (gsm->tx_bytes > TX_THRESH_HI)
909 break;
910 dlci = gsm->dlci[i];
911 if (dlci == NULL || dlci->constipated) {
912 i++;
913 continue;
914 }
915 if (dlci->adaption < 3)
916 len = gsm_dlci_data_output(gsm, dlci);
917 else
918 len = gsm_dlci_data_output_framed(gsm, dlci);
919 if (len < 0)
920 break;
921 /* DLCI empty - try the next */
922 if (len == 0)
923 i++;
924 }
925}
926
927/**
928 * gsm_dlci_data_kick - transmit if possible
929 * @dlci: DLCI to kick
930 *
931 * Transmit data from this DLCI if the queue is empty. We can't rely on
932 * a tty wakeup except when we filled the pipe so we need to fire off
933 * new data ourselves in other cases.
934 */
935
936static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
937{
938 unsigned long flags;
939
940 spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
941 /* If we have nothing running then we need to fire up */
942 if (dlci->gsm->tx_bytes == 0)
943 gsm_dlci_data_output(dlci->gsm, dlci);
944 else if (dlci->gsm->tx_bytes < TX_THRESH_LO)
945 gsm_dlci_data_sweep(dlci->gsm);
946 spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
947}
948
949/*
950 * Control message processing
951 */
952
953
954/**
955 * gsm_control_reply - send a response frame to a control
956 * @gsm: gsm channel
957 * @cmd: the command to use
958 * @data: data to follow encoded info
959 * @dlen: length of data
960 *
961 * Encode up and queue a UI/UIH frame containing our response.
962 */
963
964static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
965 int dlen)
966{
967 struct gsm_msg *msg;
968 msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
969 if (msg == NULL)
970 return;
971 msg->data[0] = (cmd & 0xFE) << 1 | EA; /* Clear C/R */
972 msg->data[1] = (dlen << 1) | EA;
973 memcpy(msg->data + 2, data, dlen);
974 gsm_data_queue(gsm->dlci[0], msg);
975}
976
977/**
978 * gsm_process_modem - process received modem status
979 * @tty: virtual tty bound to the DLCI
980 * @dlci: DLCI to affect
981 * @modem: modem bits (full EA)
982 *
983 * Used when a modem control message or line state inline in adaption
984 * layer 2 is processed. Sort out the local modem state and throttles
985 */
986
987static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
988 u32 modem, int clen)
989{
990 int mlines = 0;
991 u8 brk = 0;
992
993 /* The modem status command can either contain one octet (v.24 signals)
994 or two octets (v.24 signals + break signals). The length field will
995 either be 2 or 3 respectively. This is specified in section
996 5.4.6.3.7 of the 27.010 mux spec. */
997
998 if (clen == 2)
999 modem = modem & 0x7f;
1000 else {
1001 brk = modem & 0x7f;
1002 modem = (modem >> 7) & 0x7f;
1003 };
1004
1005 /* Flow control/ready to communicate */
1006 if (modem & MDM_FC) {
1007 /* Need to throttle our output on this device */
1008 dlci->constipated = 1;
1009 }
1010 if (modem & MDM_RTC) {
1011 mlines |= TIOCM_DSR | TIOCM_DTR;
1012 dlci->constipated = 0;
1013 gsm_dlci_data_kick(dlci);
1014 }
1015 /* Map modem bits */
1016 if (modem & MDM_RTR)
1017 mlines |= TIOCM_RTS | TIOCM_CTS;
1018 if (modem & MDM_IC)
1019 mlines |= TIOCM_RI;
1020 if (modem & MDM_DV)
1021 mlines |= TIOCM_CD;
1022
1023 /* Carrier drop -> hangup */
1024 if (tty) {
1025 if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1026 if (!(tty->termios->c_cflag & CLOCAL))
1027 tty_hangup(tty);
1028 if (brk & 0x01)
1029 tty_insert_flip_char(tty, 0, TTY_BREAK);
1030 }
1031 dlci->modem_rx = mlines;
1032}
1033
1034/**
1035 * gsm_control_modem - modem status received
1036 * @gsm: GSM channel
1037 * @data: data following command
1038 * @clen: command length
1039 *
1040 * We have received a modem status control message. This is used by
1041 * the GSM mux protocol to pass virtual modem line status and optionally
1042 * to indicate break signals. Unpack it, convert to Linux representation
1043 * and if need be stuff a break message down the tty.
1044 */
1045
1046static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1047{
1048 unsigned int addr = 0;
1049 unsigned int modem = 0;
1050 struct gsm_dlci *dlci;
1051 int len = clen;
1052 u8 *dp = data;
1053 struct tty_struct *tty;
1054
1055 while (gsm_read_ea(&addr, *dp++) == 0) {
1056 len--;
1057 if (len == 0)
1058 return;
1059 }
1060 /* Must be at least one byte following the EA */
1061 len--;
1062 if (len <= 0)
1063 return;
1064
1065 addr >>= 1;
1066 /* Closed port, or invalid ? */
1067 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1068 return;
1069 dlci = gsm->dlci[addr];
1070
1071 while (gsm_read_ea(&modem, *dp++) == 0) {
1072 len--;
1073 if (len == 0)
1074 return;
1075 }
1076 tty = tty_port_tty_get(&dlci->port);
1077 gsm_process_modem(tty, dlci, modem, clen);
1078 if (tty) {
1079 tty_wakeup(tty);
1080 tty_kref_put(tty);
1081 }
1082 gsm_control_reply(gsm, CMD_MSC, data, clen);
1083}
1084
1085/**
1086 * gsm_control_rls - remote line status
1087 * @gsm: GSM channel
1088 * @data: data bytes
1089 * @clen: data length
1090 *
1091 * The modem sends us a two byte message on the control channel whenever
1092 * it wishes to send us an error state from the virtual link. Stuff
1093 * this into the uplink tty if present
1094 */
1095
1096static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1097{
1098 struct tty_struct *tty;
1099 unsigned int addr = 0 ;
1100 u8 bits;
1101 int len = clen;
1102 u8 *dp = data;
1103
1104 while (gsm_read_ea(&addr, *dp++) == 0) {
1105 len--;
1106 if (len == 0)
1107 return;
1108 }
1109 /* Must be at least one byte following ea */
1110 len--;
1111 if (len <= 0)
1112 return;
1113 addr >>= 1;
1114 /* Closed port, or invalid ? */
1115 if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1116 return;
1117 /* No error ? */
1118 bits = *dp;
1119 if ((bits & 1) == 0)
1120 return;
1121 /* See if we have an uplink tty */
1122 tty = tty_port_tty_get(&gsm->dlci[addr]->port);
1123
1124 if (tty) {
1125 if (bits & 2)
1126 tty_insert_flip_char(tty, 0, TTY_OVERRUN);
1127 if (bits & 4)
1128 tty_insert_flip_char(tty, 0, TTY_PARITY);
1129 if (bits & 8)
1130 tty_insert_flip_char(tty, 0, TTY_FRAME);
1131 tty_flip_buffer_push(tty);
1132 tty_kref_put(tty);
1133 }
1134 gsm_control_reply(gsm, CMD_RLS, data, clen);
1135}
1136
1137static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1138
1139/**
1140 * gsm_control_message - DLCI 0 control processing
1141 * @gsm: our GSM mux
1142 * @command: the command EA
1143 * @data: data beyond the command/length EAs
1144 * @clen: length
1145 *
1146 * Input processor for control messages from the other end of the link.
1147 * Processes the incoming request and queues a response frame or an
1148 * NSC response if not supported
1149 */
1150
1151static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1152 u8 *data, int clen)
1153{
1154 u8 buf[1];
1155 switch (command) {
1156 case CMD_CLD: {
1157 struct gsm_dlci *dlci = gsm->dlci[0];
1158 /* Modem wishes to close down */
1159 if (dlci) {
1160 dlci->dead = 1;
1161 gsm->dead = 1;
1162 gsm_dlci_begin_close(dlci);
1163 }
1164 }
1165 break;
1166 case CMD_TEST:
1167 /* Modem wishes to test, reply with the data */
1168 gsm_control_reply(gsm, CMD_TEST, data, clen);
1169 break;
1170 case CMD_FCON:
1171 /* Modem wants us to STFU */
1172 gsm->constipated = 1;
1173 gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1174 break;
1175 case CMD_FCOFF:
1176 /* Modem can accept data again */
1177 gsm->constipated = 0;
1178 gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1179 /* Kick the link in case it is idling */
1180 gsm_data_kick(gsm);
1181 break;
1182 case CMD_MSC:
1183 /* Out of band modem line change indicator for a DLCI */
1184 gsm_control_modem(gsm, data, clen);
1185 break;
1186 case CMD_RLS:
1187 /* Out of band error reception for a DLCI */
1188 gsm_control_rls(gsm, data, clen);
1189 break;
1190 case CMD_PSC:
1191 /* Modem wishes to enter power saving state */
1192 gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1193 break;
1194 /* Optional unsupported commands */
1195 case CMD_PN: /* Parameter negotiation */
1196 case CMD_RPN: /* Remote port negotiation */
1197 case CMD_SNC: /* Service negotiation command */
1198 default:
1199 /* Reply to bad commands with an NSC */
1200 buf[0] = command;
1201 gsm_control_reply(gsm, CMD_NSC, buf, 1);
1202 break;
1203 }
1204}
1205
1206/**
1207 * gsm_control_response - process a response to our control
1208 * @gsm: our GSM mux
1209 * @command: the command (response) EA
1210 * @data: data beyond the command/length EA
1211 * @clen: length
1212 *
1213 * Process a response to an outstanding command. We only allow a single
1214 * control message in flight so this is fairly easy. All the clean up
1215 * is done by the caller, we just update the fields, flag it as done
1216 * and return
1217 */
1218
1219static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1220 u8 *data, int clen)
1221{
1222 struct gsm_control *ctrl;
1223 unsigned long flags;
1224
1225 spin_lock_irqsave(&gsm->control_lock, flags);
1226
1227 ctrl = gsm->pending_cmd;
1228 /* Does the reply match our command */
1229 command |= 1;
1230 if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1231 /* Our command was replied to, kill the retry timer */
1232 del_timer(&gsm->t2_timer);
1233 gsm->pending_cmd = NULL;
1234 /* Rejected by the other end */
1235 if (command == CMD_NSC)
1236 ctrl->error = -EOPNOTSUPP;
1237 ctrl->done = 1;
1238 wake_up(&gsm->event);
1239 }
1240 spin_unlock_irqrestore(&gsm->control_lock, flags);
1241}
1242
1243/**
1244 * gsm_control_transmit - send control packet
1245 * @gsm: gsm mux
1246 * @ctrl: frame to send
1247 *
1248 * Send out a pending control command (called under control lock)
1249 */
1250
1251static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1252{
1253 struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
1254 if (msg == NULL)
1255 return;
1256 msg->data[0] = (ctrl->cmd << 1) | 2 | EA; /* command */
1257 memcpy(msg->data + 1, ctrl->data, ctrl->len);
1258 gsm_data_queue(gsm->dlci[0], msg);
1259}
1260
1261/**
1262 * gsm_control_retransmit - retransmit a control frame
1263 * @data: pointer to our gsm object
1264 *
1265 * Called off the T2 timer expiry in order to retransmit control frames
1266 * that have been lost in the system somewhere. The control_lock protects
1267 * us from colliding with another sender or a receive completion event.
1268 * In that situation the timer may still occur in a small window but
1269 * gsm->pending_cmd will be NULL and we just let the timer expire.
1270 */
1271
1272static void gsm_control_retransmit(unsigned long data)
1273{
1274 struct gsm_mux *gsm = (struct gsm_mux *)data;
1275 struct gsm_control *ctrl;
1276 unsigned long flags;
1277 spin_lock_irqsave(&gsm->control_lock, flags);
1278 ctrl = gsm->pending_cmd;
1279 if (ctrl) {
1280 gsm->cretries--;
1281 if (gsm->cretries == 0) {
1282 gsm->pending_cmd = NULL;
1283 ctrl->error = -ETIMEDOUT;
1284 ctrl->done = 1;
1285 spin_unlock_irqrestore(&gsm->control_lock, flags);
1286 wake_up(&gsm->event);
1287 return;
1288 }
1289 gsm_control_transmit(gsm, ctrl);
1290 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1291 }
1292 spin_unlock_irqrestore(&gsm->control_lock, flags);
1293}
1294
1295/**
1296 * gsm_control_send - send a control frame on DLCI 0
1297 * @gsm: the GSM channel
1298 * @command: command to send including CR bit
1299 * @data: bytes of data (must be kmalloced)
1300 * @len: length of the block to send
1301 *
1302 * Queue and dispatch a control command. Only one command can be
1303 * active at a time. In theory more can be outstanding but the matching
1304 * gets really complicated so for now stick to one outstanding.
1305 */
1306
1307static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1308 unsigned int command, u8 *data, int clen)
1309{
1310 struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1311 GFP_KERNEL);
1312 unsigned long flags;
1313 if (ctrl == NULL)
1314 return NULL;
1315retry:
1316 wait_event(gsm->event, gsm->pending_cmd == NULL);
1317 spin_lock_irqsave(&gsm->control_lock, flags);
1318 if (gsm->pending_cmd != NULL) {
1319 spin_unlock_irqrestore(&gsm->control_lock, flags);
1320 goto retry;
1321 }
1322 ctrl->cmd = command;
1323 ctrl->data = data;
1324 ctrl->len = clen;
1325 gsm->pending_cmd = ctrl;
1326 gsm->cretries = gsm->n2;
1327 mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1328 gsm_control_transmit(gsm, ctrl);
1329 spin_unlock_irqrestore(&gsm->control_lock, flags);
1330 return ctrl;
1331}
1332
1333/**
1334 * gsm_control_wait - wait for a control to finish
1335 * @gsm: GSM mux
1336 * @control: control we are waiting on
1337 *
1338 * Waits for the control to complete or time out. Frees any used
1339 * resources and returns 0 for success, or an error if the remote
1340 * rejected or ignored the request.
1341 */
1342
1343static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1344{
1345 int err;
1346 wait_event(gsm->event, control->done == 1);
1347 err = control->error;
1348 kfree(control);
1349 return err;
1350}
1351
1352
1353/*
1354 * DLCI level handling: Needs krefs
1355 */
1356
1357/*
1358 * State transitions and timers
1359 */
1360
1361/**
1362 * gsm_dlci_close - a DLCI has closed
1363 * @dlci: DLCI that closed
1364 *
1365 * Perform processing when moving a DLCI into closed state. If there
1366 * is an attached tty this is hung up
1367 */
1368
1369static void gsm_dlci_close(struct gsm_dlci *dlci)
1370{
1371 del_timer(&dlci->t1);
1372 if (debug & 8)
1373 pr_debug("DLCI %d goes closed.\n", dlci->addr);
1374 dlci->state = DLCI_CLOSED;
1375 if (dlci->addr != 0) {
1376 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1377 if (tty) {
1378 tty_hangup(tty);
1379 tty_kref_put(tty);
1380 }
1381 kfifo_reset(dlci->fifo);
1382 } else
1383 dlci->gsm->dead = 1;
1384 wake_up(&dlci->gsm->event);
1385 /* A DLCI 0 close is a MUX termination so we need to kick that
1386 back to userspace somehow */
1387}
1388
1389/**
1390 * gsm_dlci_open - a DLCI has opened
1391 * @dlci: DLCI that opened
1392 *
1393 * Perform processing when moving a DLCI into open state.
1394 */
1395
1396static void gsm_dlci_open(struct gsm_dlci *dlci)
1397{
1398 /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1399 open -> open */
1400 del_timer(&dlci->t1);
1401 /* This will let a tty open continue */
1402 dlci->state = DLCI_OPEN;
1403 if (debug & 8)
1404 pr_debug("DLCI %d goes open.\n", dlci->addr);
1405 wake_up(&dlci->gsm->event);
1406}
1407
1408/**
1409 * gsm_dlci_t1 - T1 timer expiry
1410 * @dlci: DLCI that opened
1411 *
1412 * The T1 timer handles retransmits of control frames (essentially of
1413 * SABM and DISC). We resend the command until the retry count runs out
1414 * in which case an opening port goes back to closed and a closing port
1415 * is simply put into closed state (any further frames from the other
1416 * end will get a DM response)
1417 */
1418
1419static void gsm_dlci_t1(unsigned long data)
1420{
1421 struct gsm_dlci *dlci = (struct gsm_dlci *)data;
1422 struct gsm_mux *gsm = dlci->gsm;
1423
1424 switch (dlci->state) {
1425 case DLCI_OPENING:
1426 dlci->retries--;
1427 if (dlci->retries) {
1428 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1429 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1430 } else
1431 gsm_dlci_close(dlci);
1432 break;
1433 case DLCI_CLOSING:
1434 dlci->retries--;
1435 if (dlci->retries) {
1436 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1437 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1438 } else
1439 gsm_dlci_close(dlci);
1440 break;
1441 }
1442}
1443
1444/**
1445 * gsm_dlci_begin_open - start channel open procedure
1446 * @dlci: DLCI to open
1447 *
1448 * Commence opening a DLCI from the Linux side. We issue SABM messages
1449 * to the modem which should then reply with a UA, at which point we
1450 * will move into open state. Opening is done asynchronously with retry
1451 * running off timers and the responses.
1452 */
1453
1454static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1455{
1456 struct gsm_mux *gsm = dlci->gsm;
1457 if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1458 return;
1459 dlci->retries = gsm->n2;
1460 dlci->state = DLCI_OPENING;
1461 gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1462 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1463}
1464
1465/**
1466 * gsm_dlci_begin_close - start channel open procedure
1467 * @dlci: DLCI to open
1468 *
1469 * Commence closing a DLCI from the Linux side. We issue DISC messages
1470 * to the modem which should then reply with a UA, at which point we
1471 * will move into closed state. Closing is done asynchronously with retry
1472 * off timers. We may also receive a DM reply from the other end which
1473 * indicates the channel was already closed.
1474 */
1475
1476static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1477{
1478 struct gsm_mux *gsm = dlci->gsm;
1479 if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1480 return;
1481 dlci->retries = gsm->n2;
1482 dlci->state = DLCI_CLOSING;
1483 gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1484 mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1485}
1486
1487/**
1488 * gsm_dlci_data - data arrived
1489 * @dlci: channel
1490 * @data: block of bytes received
1491 * @len: length of received block
1492 *
1493 * A UI or UIH frame has arrived which contains data for a channel
1494 * other than the control channel. If the relevant virtual tty is
1495 * open we shovel the bits down it, if not we drop them.
1496 */
1497
1498static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
1499{
1500 /* krefs .. */
1501 struct tty_port *port = &dlci->port;
1502 struct tty_struct *tty = tty_port_tty_get(port);
1503 unsigned int modem = 0;
1504 int len = clen;
1505
1506 if (debug & 16)
1507 pr_debug("%d bytes for tty %p\n", len, tty);
1508 if (tty) {
1509 switch (dlci->adaption) {
1510 /* Unsupported types */
1511 /* Packetised interruptible data */
1512 case 4:
1513 break;
1514 /* Packetised uininterruptible voice/data */
1515 case 3:
1516 break;
1517 /* Asynchronous serial with line state in each frame */
1518 case 2:
1519 while (gsm_read_ea(&modem, *data++) == 0) {
1520 len--;
1521 if (len == 0)
1522 return;
1523 }
1524 gsm_process_modem(tty, dlci, modem, clen);
1525 /* Line state will go via DLCI 0 controls only */
1526 case 1:
1527 default:
1528 tty_insert_flip_string(tty, data, len);
1529 tty_flip_buffer_push(tty);
1530 }
1531 tty_kref_put(tty);
1532 }
1533}
1534
1535/**
1536 * gsm_dlci_control - data arrived on control channel
1537 * @dlci: channel
1538 * @data: block of bytes received
1539 * @len: length of received block
1540 *
1541 * A UI or UIH frame has arrived which contains data for DLCI 0 the
1542 * control channel. This should contain a command EA followed by
1543 * control data bytes. The command EA contains a command/response bit
1544 * and we divide up the work accordingly.
1545 */
1546
1547static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1548{
1549 /* See what command is involved */
1550 unsigned int command = 0;
1551 while (len-- > 0) {
1552 if (gsm_read_ea(&command, *data++) == 1) {
1553 int clen = *data++;
1554 len--;
1555 /* FIXME: this is properly an EA */
1556 clen >>= 1;
1557 /* Malformed command ? */
1558 if (clen > len)
1559 return;
1560 if (command & 1)
1561 gsm_control_message(dlci->gsm, command,
1562 data, clen);
1563 else
1564 gsm_control_response(dlci->gsm, command,
1565 data, clen);
1566 return;
1567 }
1568 }
1569}
1570
1571/*
1572 * Allocate/Free DLCI channels
1573 */
1574
1575/**
1576 * gsm_dlci_alloc - allocate a DLCI
1577 * @gsm: GSM mux
1578 * @addr: address of the DLCI
1579 *
1580 * Allocate and install a new DLCI object into the GSM mux.
1581 *
1582 * FIXME: review locking races
1583 */
1584
1585static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1586{
1587 struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1588 if (dlci == NULL)
1589 return NULL;
1590 spin_lock_init(&dlci->lock);
1591 dlci->fifo = &dlci->_fifo;
1592 if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1593 kfree(dlci);
1594 return NULL;
1595 }
1596
1597 skb_queue_head_init(&dlci->skb_list);
1598 init_timer(&dlci->t1);
1599 dlci->t1.function = gsm_dlci_t1;
1600 dlci->t1.data = (unsigned long)dlci;
1601 tty_port_init(&dlci->port);
1602 dlci->port.ops = &gsm_port_ops;
1603 dlci->gsm = gsm;
1604 dlci->addr = addr;
1605 dlci->adaption = gsm->adaption;
1606 dlci->state = DLCI_CLOSED;
1607 if (addr)
1608 dlci->data = gsm_dlci_data;
1609 else
1610 dlci->data = gsm_dlci_command;
1611 gsm->dlci[addr] = dlci;
1612 return dlci;
1613}
1614
1615/**
1616 * gsm_dlci_free - release DLCI
1617 * @dlci: DLCI to destroy
1618 *
1619 * Free up a DLCI. Currently to keep the lifetime rules sane we only
1620 * clean up DLCI objects when the MUX closes rather than as the port
1621 * is closed down on both the tty and mux levels.
1622 *
1623 * Can sleep.
1624 */
1625static void gsm_dlci_free(struct gsm_dlci *dlci)
1626{
1627 struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1628 if (tty) {
1629 tty_vhangup(tty);
1630 tty_kref_put(tty);
1631 }
1632 del_timer_sync(&dlci->t1);
1633 dlci->gsm->dlci[dlci->addr] = NULL;
1634 kfifo_free(dlci->fifo);
1635 kfree(dlci);
1636}
1637
1638/*
1639 * LAPBish link layer logic
1640 */
1641
1642/**
1643 * gsm_queue - a GSM frame is ready to process
1644 * @gsm: pointer to our gsm mux
1645 *
1646 * At this point in time a frame has arrived and been demangled from
1647 * the line encoding. All the differences between the encodings have
1648 * been handled below us and the frame is unpacked into the structures.
1649 * The fcs holds the header FCS but any data FCS must be added here.
1650 */
1651
1652static void gsm_queue(struct gsm_mux *gsm)
1653{
1654 struct gsm_dlci *dlci;
1655 u8 cr;
1656 int address;
1657 /* We have to sneak a look at the packet body to do the FCS.
1658 A somewhat layering violation in the spec */
1659
1660 if ((gsm->control & ~PF) == UI)
1661 gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
1662 if (gsm->encoding == 0){
1663 /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
1664 In this case it contain the last piece of data
1665 required to generate final CRC */
1666 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1667 }
1668 if (gsm->fcs != GOOD_FCS) {
1669 gsm->bad_fcs++;
1670 if (debug & 4)
1671 pr_debug("BAD FCS %02x\n", gsm->fcs);
1672 return;
1673 }
1674 address = gsm->address >> 1;
1675 if (address >= NUM_DLCI)
1676 goto invalid;
1677
1678 cr = gsm->address & 1; /* C/R bit */
1679
1680 gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1681
1682 cr ^= 1 - gsm->initiator; /* Flip so 1 always means command */
1683 dlci = gsm->dlci[address];
1684
1685 switch (gsm->control) {
1686 case SABM|PF:
1687 if (cr == 0)
1688 goto invalid;
1689 if (dlci == NULL)
1690 dlci = gsm_dlci_alloc(gsm, address);
1691 if (dlci == NULL)
1692 return;
1693 if (dlci->dead)
1694 gsm_response(gsm, address, DM);
1695 else {
1696 gsm_response(gsm, address, UA);
1697 gsm_dlci_open(dlci);
1698 }
1699 break;
1700 case DISC|PF:
1701 if (cr == 0)
1702 goto invalid;
1703 if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1704 gsm_response(gsm, address, DM);
1705 return;
1706 }
1707 /* Real close complete */
1708 gsm_response(gsm, address, UA);
1709 gsm_dlci_close(dlci);
1710 break;
1711 case UA:
1712 case UA|PF:
1713 if (cr == 0 || dlci == NULL)
1714 break;
1715 switch (dlci->state) {
1716 case DLCI_CLOSING:
1717 gsm_dlci_close(dlci);
1718 break;
1719 case DLCI_OPENING:
1720 gsm_dlci_open(dlci);
1721 break;
1722 }
1723 break;
1724 case DM: /* DM can be valid unsolicited */
1725 case DM|PF:
1726 if (cr)
1727 goto invalid;
1728 if (dlci == NULL)
1729 return;
1730 gsm_dlci_close(dlci);
1731 break;
1732 case UI:
1733 case UI|PF:
1734 case UIH:
1735 case UIH|PF:
1736#if 0
1737 if (cr)
1738 goto invalid;
1739#endif
1740 if (dlci == NULL || dlci->state != DLCI_OPEN) {
1741 gsm_command(gsm, address, DM|PF);
1742 return;
1743 }
1744 dlci->data(dlci, gsm->buf, gsm->len);
1745 break;
1746 default:
1747 goto invalid;
1748 }
1749 return;
1750invalid:
1751 gsm->malformed++;
1752 return;
1753}
1754
1755
1756/**
1757 * gsm0_receive - perform processing for non-transparency
1758 * @gsm: gsm data for this ldisc instance
1759 * @c: character
1760 *
1761 * Receive bytes in gsm mode 0
1762 */
1763
1764static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1765{
1766 unsigned int len;
1767
1768 switch (gsm->state) {
1769 case GSM_SEARCH: /* SOF marker */
1770 if (c == GSM0_SOF) {
1771 gsm->state = GSM_ADDRESS;
1772 gsm->address = 0;
1773 gsm->len = 0;
1774 gsm->fcs = INIT_FCS;
1775 }
1776 break;
1777 case GSM_ADDRESS: /* Address EA */
1778 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1779 if (gsm_read_ea(&gsm->address, c))
1780 gsm->state = GSM_CONTROL;
1781 break;
1782 case GSM_CONTROL: /* Control Byte */
1783 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1784 gsm->control = c;
1785 gsm->state = GSM_LEN0;
1786 break;
1787 case GSM_LEN0: /* Length EA */
1788 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1789 if (gsm_read_ea(&gsm->len, c)) {
1790 if (gsm->len > gsm->mru) {
1791 gsm->bad_size++;
1792 gsm->state = GSM_SEARCH;
1793 break;
1794 }
1795 gsm->count = 0;
1796 if (!gsm->len)
1797 gsm->state = GSM_FCS;
1798 else
1799 gsm->state = GSM_DATA;
1800 break;
1801 }
1802 gsm->state = GSM_LEN1;
1803 break;
1804 case GSM_LEN1:
1805 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1806 len = c;
1807 gsm->len |= len << 7;
1808 if (gsm->len > gsm->mru) {
1809 gsm->bad_size++;
1810 gsm->state = GSM_SEARCH;
1811 break;
1812 }
1813 gsm->count = 0;
1814 if (!gsm->len)
1815 gsm->state = GSM_FCS;
1816 else
1817 gsm->state = GSM_DATA;
1818 break;
1819 case GSM_DATA: /* Data */
1820 gsm->buf[gsm->count++] = c;
1821 if (gsm->count == gsm->len)
1822 gsm->state = GSM_FCS;
1823 break;
1824 case GSM_FCS: /* FCS follows the packet */
1825 gsm->received_fcs = c;
1826 gsm_queue(gsm);
1827 gsm->state = GSM_SSOF;
1828 break;
1829 case GSM_SSOF:
1830 if (c == GSM0_SOF) {
1831 gsm->state = GSM_SEARCH;
1832 break;
1833 }
1834 break;
1835 }
1836}
1837
1838/**
1839 * gsm1_receive - perform processing for non-transparency
1840 * @gsm: gsm data for this ldisc instance
1841 * @c: character
1842 *
1843 * Receive bytes in mode 1 (Advanced option)
1844 */
1845
1846static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1847{
1848 if (c == GSM1_SOF) {
1849 /* EOF is only valid in frame if we have got to the data state
1850 and received at least one byte (the FCS) */
1851 if (gsm->state == GSM_DATA && gsm->count) {
1852 /* Extract the FCS */
1853 gsm->count--;
1854 gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1855 gsm->len = gsm->count;
1856 gsm_queue(gsm);
1857 gsm->state = GSM_START;
1858 return;
1859 }
1860 /* Any partial frame was a runt so go back to start */
1861 if (gsm->state != GSM_START) {
1862 gsm->malformed++;
1863 gsm->state = GSM_START;
1864 }
1865 /* A SOF in GSM_START means we are still reading idling or
1866 framing bytes */
1867 return;
1868 }
1869
1870 if (c == GSM1_ESCAPE) {
1871 gsm->escape = 1;
1872 return;
1873 }
1874
1875 /* Only an unescaped SOF gets us out of GSM search */
1876 if (gsm->state == GSM_SEARCH)
1877 return;
1878
1879 if (gsm->escape) {
1880 c ^= GSM1_ESCAPE_BITS;
1881 gsm->escape = 0;
1882 }
1883 switch (gsm->state) {
1884 case GSM_START: /* First byte after SOF */
1885 gsm->address = 0;
1886 gsm->state = GSM_ADDRESS;
1887 gsm->fcs = INIT_FCS;
1888 /* Drop through */
1889 case GSM_ADDRESS: /* Address continuation */
1890 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1891 if (gsm_read_ea(&gsm->address, c))
1892 gsm->state = GSM_CONTROL;
1893 break;
1894 case GSM_CONTROL: /* Control Byte */
1895 gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1896 gsm->control = c;
1897 gsm->count = 0;
1898 gsm->state = GSM_DATA;
1899 break;
1900 case GSM_DATA: /* Data */
1901 if (gsm->count > gsm->mru) { /* Allow one for the FCS */
1902 gsm->state = GSM_OVERRUN;
1903 gsm->bad_size++;
1904 } else
1905 gsm->buf[gsm->count++] = c;
1906 break;
1907 case GSM_OVERRUN: /* Over-long - eg a dropped SOF */
1908 break;
1909 }
1910}
1911
1912/**
1913 * gsm_error - handle tty error
1914 * @gsm: ldisc data
1915 * @data: byte received (may be invalid)
1916 * @flag: error received
1917 *
1918 * Handle an error in the receipt of data for a frame. Currently we just
1919 * go back to hunting for a SOF.
1920 *
1921 * FIXME: better diagnostics ?
1922 */
1923
1924static void gsm_error(struct gsm_mux *gsm,
1925 unsigned char data, unsigned char flag)
1926{
1927 gsm->state = GSM_SEARCH;
1928 gsm->io_error++;
1929}
1930
1931/**
1932 * gsm_cleanup_mux - generic GSM protocol cleanup
1933 * @gsm: our mux
1934 *
1935 * Clean up the bits of the mux which are the same for all framing
1936 * protocols. Remove the mux from the mux table, stop all the timers
1937 * and then shut down each device hanging up the channels as we go.
1938 */
1939
1940void gsm_cleanup_mux(struct gsm_mux *gsm)
1941{
1942 int i;
1943 struct gsm_dlci *dlci = gsm->dlci[0];
1944 struct gsm_msg *txq;
1945
1946 gsm->dead = 1;
1947
1948 spin_lock(&gsm_mux_lock);
1949 for (i = 0; i < MAX_MUX; i++) {
1950 if (gsm_mux[i] == gsm) {
1951 gsm_mux[i] = NULL;
1952 break;
1953 }
1954 }
1955 spin_unlock(&gsm_mux_lock);
1956 WARN_ON(i == MAX_MUX);
1957
1958 del_timer_sync(&gsm->t2_timer);
1959 /* Now we are sure T2 has stopped */
1960 if (dlci) {
1961 dlci->dead = 1;
1962 gsm_dlci_begin_close(dlci);
1963 wait_event_interruptible(gsm->event,
1964 dlci->state == DLCI_CLOSED);
1965 }
1966 /* Free up any link layer users */
1967 for (i = 0; i < NUM_DLCI; i++)
1968 if (gsm->dlci[i])
1969 gsm_dlci_free(gsm->dlci[i]);
1970 /* Now wipe the queues */
1971 for (txq = gsm->tx_head; txq != NULL; txq = gsm->tx_head) {
1972 gsm->tx_head = txq->next;
1973 kfree(txq);
1974 }
1975 gsm->tx_tail = NULL;
1976}
1977EXPORT_SYMBOL_GPL(gsm_cleanup_mux);
1978
1979/**
1980 * gsm_activate_mux - generic GSM setup
1981 * @gsm: our mux
1982 *
1983 * Set up the bits of the …
Large files files are truncated, but you can click here to view the full file