linux/drivers/tty/n_gsm.c
<<
>>
Prefs
   1/*
   2 * n_gsm.c GSM 0710 tty multiplexor
   3 * Copyright (c) 2009/10 Intel Corporation
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License version 2 as
   7 * published by the Free Software Foundation.
   8 *
   9 * This program is distributed in the hope that it will be useful,
  10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 * GNU General Public License for more details.
  13 *
  14 * You should have received a copy of the GNU General Public License
  15 * along with this program; if not, write to the Free Software
  16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  17 *
  18 *      * THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
  19 *
  20 * TO DO:
  21 *      Mostly done:    ioctls for setting modes/timing
  22 *      Partly done:    hooks so you can pull off frames to non tty devs
  23 *      Restart DLCI 0 when it closes ?
  24 *      Improve the tx engine
  25 *      Resolve tx side locking by adding a queue_head and routing
  26 *              all control traffic via it
  27 *      General tidy/document
  28 *      Review the locking/move to refcounts more (mux now moved to an
  29 *              alloc/free model ready)
  30 *      Use newest tty open/close port helpers and install hooks
  31 *      What to do about power functions ?
  32 *      Termios setting and negotiation
  33 *      Do we need a 'which mux are you' ioctl to correlate mux and tty sets
  34 *
  35 */
  36
  37#include <linux/types.h>
  38#include <linux/major.h>
  39#include <linux/errno.h>
  40#include <linux/signal.h>
  41#include <linux/fcntl.h>
  42#include <linux/sched.h>
  43#include <linux/interrupt.h>
  44#include <linux/tty.h>
  45#include <linux/ctype.h>
  46#include <linux/mm.h>
  47#include <linux/string.h>
  48#include <linux/slab.h>
  49#include <linux/poll.h>
  50#include <linux/bitops.h>
  51#include <linux/file.h>
  52#include <linux/uaccess.h>
  53#include <linux/module.h>
  54#include <linux/timer.h>
  55#include <linux/tty_flip.h>
  56#include <linux/tty_driver.h>
  57#include <linux/serial.h>
  58#include <linux/kfifo.h>
  59#include <linux/skbuff.h>
  60#include <net/arp.h>
  61#include <linux/ip.h>
  62#include <linux/netdevice.h>
  63#include <linux/etherdevice.h>
  64#include <linux/gsmmux.h>
  65
  66static int debug;
  67module_param(debug, int, 0600);
  68
  69/* Defaults: these are from the specification */
  70
  71#define T1      10              /* 100mS */
  72#define T2      34              /* 333mS */
  73#define N2      3               /* Retry 3 times */
  74
  75/* Use long timers for testing at low speed with debug on */
  76#ifdef DEBUG_TIMING
  77#define T1      100
  78#define T2      200
  79#endif
  80
  81/*
  82 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
  83 * limits so this is plenty
  84 */
  85#define MAX_MRU 1500
  86#define MAX_MTU 1500
  87#define GSM_NET_TX_TIMEOUT (HZ*10)
  88
  89/**
  90 *      struct gsm_mux_net      -       network interface
  91 *      @struct gsm_dlci* dlci
  92 *      @struct net_device_stats stats;
  93 *
  94 *      Created when net interface is initialized.
  95 **/
  96struct gsm_mux_net {
  97        struct kref ref;
  98        struct gsm_dlci *dlci;
  99        struct net_device_stats stats;
 100};
 101
 102#define STATS(net) (((struct gsm_mux_net *)netdev_priv(net))->stats)
 103
 104/*
 105 *      Each block of data we have queued to go out is in the form of
 106 *      a gsm_msg which holds everything we need in a link layer independent
 107 *      format
 108 */
 109
 110struct gsm_msg {
 111        struct gsm_msg *next;
 112        u8 addr;                /* DLCI address + flags */
 113        u8 ctrl;                /* Control byte + flags */
 114        unsigned int len;       /* Length of data block (can be zero) */
 115        unsigned char *data;    /* Points into buffer but not at the start */
 116        unsigned char buffer[0];
 117};
 118
 119/*
 120 *      Each active data link has a gsm_dlci structure associated which ties
 121 *      the link layer to an optional tty (if the tty side is open). To avoid
 122 *      complexity right now these are only ever freed up when the mux is
 123 *      shut down.
 124 *
 125 *      At the moment we don't free DLCI objects until the mux is torn down
 126 *      this avoid object life time issues but might be worth review later.
 127 */
 128
 129struct gsm_dlci {
 130        struct gsm_mux *gsm;
 131        int addr;
 132        int state;
 133#define DLCI_CLOSED             0
 134#define DLCI_OPENING            1       /* Sending SABM not seen UA */
 135#define DLCI_OPEN               2       /* SABM/UA complete */
 136#define DLCI_CLOSING            3       /* Sending DISC not seen UA/DM */
 137        struct kref ref;                /* freed from port or mux close */
 138        struct mutex mutex;
 139
 140        /* Link layer */
 141        spinlock_t lock;        /* Protects the internal state */
 142        struct timer_list t1;   /* Retransmit timer for SABM and UA */
 143        int retries;
 144        /* Uplink tty if active */
 145        struct tty_port port;   /* The tty bound to this DLCI if there is one */
 146        struct kfifo *fifo;     /* Queue fifo for the DLCI */
 147        struct kfifo _fifo;     /* For new fifo API porting only */
 148        int adaption;           /* Adaption layer in use */
 149        int prev_adaption;
 150        u32 modem_rx;           /* Our incoming virtual modem lines */
 151        u32 modem_tx;           /* Our outgoing modem lines */
 152        int dead;               /* Refuse re-open */
 153        /* Flow control */
 154        int throttled;          /* Private copy of throttle state */
 155        int constipated;        /* Throttle status for outgoing */
 156        /* Packetised I/O */
 157        struct sk_buff *skb;    /* Frame being sent */
 158        struct sk_buff_head skb_list;   /* Queued frames */
 159        /* Data handling callback */
 160        void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
 161        void (*prev_data)(struct gsm_dlci *dlci, u8 *data, int len);
 162        struct net_device *net; /* network interface, if created */
 163};
 164
 165/* DLCI 0, 62/63 are special or reseved see gsmtty_open */
 166
 167#define NUM_DLCI                64
 168
 169/*
 170 *      DLCI 0 is used to pass control blocks out of band of the data
 171 *      flow (and with a higher link priority). One command can be outstanding
 172 *      at a time and we use this structure to manage them. They are created
 173 *      and destroyed by the user context, and updated by the receive paths
 174 *      and timers
 175 */
 176
 177struct gsm_control {
 178        u8 cmd;         /* Command we are issuing */
 179        u8 *data;       /* Data for the command in case we retransmit */
 180        int len;        /* Length of block for retransmission */
 181        int done;       /* Done flag */
 182        int error;      /* Error if any */
 183};
 184
 185/*
 186 *      Each GSM mux we have is represented by this structure. If we are
 187 *      operating as an ldisc then we use this structure as our ldisc
 188 *      state. We need to sort out lifetimes and locking with respect
 189 *      to the gsm mux array. For now we don't free DLCI objects that
 190 *      have been instantiated until the mux itself is terminated.
 191 *
 192 *      To consider further: tty open versus mux shutdown.
 193 */
 194
 195struct gsm_mux {
 196        struct tty_struct *tty;         /* The tty our ldisc is bound to */
 197        spinlock_t lock;
 198        unsigned int num;
 199        struct kref ref;
 200
 201        /* Events on the GSM channel */
 202        wait_queue_head_t event;
 203
 204        /* Bits for GSM mode decoding */
 205
 206        /* Framing Layer */
 207        unsigned char *buf;
 208        int state;
 209#define GSM_SEARCH              0
 210#define GSM_START               1
 211#define GSM_ADDRESS             2
 212#define GSM_CONTROL             3
 213#define GSM_LEN                 4
 214#define GSM_DATA                5
 215#define GSM_FCS                 6
 216#define GSM_OVERRUN             7
 217#define GSM_LEN0                8
 218#define GSM_LEN1                9
 219#define GSM_SSOF                10
 220        unsigned int len;
 221        unsigned int address;
 222        unsigned int count;
 223        int escape;
 224        int encoding;
 225        u8 control;
 226        u8 fcs;
 227        u8 received_fcs;
 228        u8 *txframe;                    /* TX framing buffer */
 229
 230        /* Methods for the receiver side */
 231        void (*receive)(struct gsm_mux *gsm, u8 ch);
 232        void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
 233        /* And transmit side */
 234        int (*output)(struct gsm_mux *mux, u8 *data, int len);
 235
 236        /* Link Layer */
 237        unsigned int mru;
 238        unsigned int mtu;
 239        int initiator;                  /* Did we initiate connection */
 240        int dead;                       /* Has the mux been shut down */
 241        struct gsm_dlci *dlci[NUM_DLCI];
 242        int constipated;                /* Asked by remote to shut up */
 243
 244        spinlock_t tx_lock;
 245        unsigned int tx_bytes;          /* TX data outstanding */
 246#define TX_THRESH_HI            8192
 247#define TX_THRESH_LO            2048
 248        struct gsm_msg *tx_head;        /* Pending data packets */
 249        struct gsm_msg *tx_tail;
 250
 251        /* Control messages */
 252        struct timer_list t2_timer;     /* Retransmit timer for commands */
 253        int cretries;                   /* Command retry counter */
 254        struct gsm_control *pending_cmd;/* Our current pending command */
 255        spinlock_t control_lock;        /* Protects the pending command */
 256
 257        /* Configuration */
 258        int adaption;           /* 1 or 2 supported */
 259        u8 ftype;               /* UI or UIH */
 260        int t1, t2;             /* Timers in 1/100th of a sec */
 261        int n2;                 /* Retry count */
 262
 263        /* Statistics (not currently exposed) */
 264        unsigned long bad_fcs;
 265        unsigned long malformed;
 266        unsigned long io_error;
 267        unsigned long bad_size;
 268        unsigned long unsupported;
 269};
 270
 271
 272/*
 273 *      Mux objects - needed so that we can translate a tty index into the
 274 *      relevant mux and DLCI.
 275 */
 276
 277#define MAX_MUX         4                       /* 256 minors */
 278static struct gsm_mux *gsm_mux[MAX_MUX];        /* GSM muxes */
 279static spinlock_t gsm_mux_lock;
 280
 281static struct tty_driver *gsm_tty_driver;
 282
 283/*
 284 *      This section of the driver logic implements the GSM encodings
 285 *      both the basic and the 'advanced'. Reliable transport is not
 286 *      supported.
 287 */
 288
 289#define CR                      0x02
 290#define EA                      0x01
 291#define PF                      0x10
 292
 293/* I is special: the rest are ..*/
 294#define RR                      0x01
 295#define UI                      0x03
 296#define RNR                     0x05
 297#define REJ                     0x09
 298#define DM                      0x0F
 299#define SABM                    0x2F
 300#define DISC                    0x43
 301#define UA                      0x63
 302#define UIH                     0xEF
 303
 304/* Channel commands */
 305#define CMD_NSC                 0x09
 306#define CMD_TEST                0x11
 307#define CMD_PSC                 0x21
 308#define CMD_RLS                 0x29
 309#define CMD_FCOFF               0x31
 310#define CMD_PN                  0x41
 311#define CMD_RPN                 0x49
 312#define CMD_FCON                0x51
 313#define CMD_CLD                 0x61
 314#define CMD_SNC                 0x69
 315#define CMD_MSC                 0x71
 316
 317/* Virtual modem bits */
 318#define MDM_FC                  0x01
 319#define MDM_RTC                 0x02
 320#define MDM_RTR                 0x04
 321#define MDM_IC                  0x20
 322#define MDM_DV                  0x40
 323
 324#define GSM0_SOF                0xF9
 325#define GSM1_SOF                0x7E
 326#define GSM1_ESCAPE             0x7D
 327#define GSM1_ESCAPE_BITS        0x20
 328#define XON                     0x11
 329#define XOFF                    0x13
 330
 331static const struct tty_port_operations gsm_port_ops;
 332
 333/*
 334 *      CRC table for GSM 0710
 335 */
 336
 337static const u8 gsm_fcs8[256] = {
 338        0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
 339        0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
 340        0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
 341        0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
 342        0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
 343        0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
 344        0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
 345        0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
 346        0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
 347        0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
 348        0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
 349        0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
 350        0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
 351        0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
 352        0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
 353        0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
 354        0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
 355        0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
 356        0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
 357        0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
 358        0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
 359        0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
 360        0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
 361        0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
 362        0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
 363        0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
 364        0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
 365        0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
 366        0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
 367        0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
 368        0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
 369        0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
 370};
 371
 372#define INIT_FCS        0xFF
 373#define GOOD_FCS        0xCF
 374
 375/**
 376 *      gsm_fcs_add     -       update FCS
 377 *      @fcs: Current FCS
 378 *      @c: Next data
 379 *
 380 *      Update the FCS to include c. Uses the algorithm in the specification
 381 *      notes.
 382 */
 383
 384static inline u8 gsm_fcs_add(u8 fcs, u8 c)
 385{
 386        return gsm_fcs8[fcs ^ c];
 387}
 388
 389/**
 390 *      gsm_fcs_add_block       -       update FCS for a block
 391 *      @fcs: Current FCS
 392 *      @c: buffer of data
 393 *      @len: length of buffer
 394 *
 395 *      Update the FCS to include c. Uses the algorithm in the specification
 396 *      notes.
 397 */
 398
 399static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
 400{
 401        while (len--)
 402                fcs = gsm_fcs8[fcs ^ *c++];
 403        return fcs;
 404}
 405
 406/**
 407 *      gsm_read_ea             -       read a byte into an EA
 408 *      @val: variable holding value
 409 *      c: byte going into the EA
 410 *
 411 *      Processes one byte of an EA. Updates the passed variable
 412 *      and returns 1 if the EA is now completely read
 413 */
 414
 415static int gsm_read_ea(unsigned int *val, u8 c)
 416{
 417        /* Add the next 7 bits into the value */
 418        *val <<= 7;
 419        *val |= c >> 1;
 420        /* Was this the last byte of the EA 1 = yes*/
 421        return c & EA;
 422}
 423
 424/**
 425 *      gsm_encode_modem        -       encode modem data bits
 426 *      @dlci: DLCI to encode from
 427 *
 428 *      Returns the correct GSM encoded modem status bits (6 bit field) for
 429 *      the current status of the DLCI and attached tty object
 430 */
 431
 432static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
 433{
 434        u8 modembits = 0;
 435        /* FC is true flow control not modem bits */
 436        if (dlci->throttled)
 437                modembits |= MDM_FC;
 438        if (dlci->modem_tx & TIOCM_DTR)
 439                modembits |= MDM_RTC;
 440        if (dlci->modem_tx & TIOCM_RTS)
 441                modembits |= MDM_RTR;
 442        if (dlci->modem_tx & TIOCM_RI)
 443                modembits |= MDM_IC;
 444        if (dlci->modem_tx & TIOCM_CD)
 445                modembits |= MDM_DV;
 446        return modembits;
 447}
 448
 449/**
 450 *      gsm_print_packet        -       display a frame for debug
 451 *      @hdr: header to print before decode
 452 *      @addr: address EA from the frame
 453 *      @cr: C/R bit from the frame
 454 *      @control: control including PF bit
 455 *      @data: following data bytes
 456 *      @dlen: length of data
 457 *
 458 *      Displays a packet in human readable format for debugging purposes. The
 459 *      style is based on amateur radio LAP-B dump display.
 460 */
 461
 462static void gsm_print_packet(const char *hdr, int addr, int cr,
 463                                        u8 control, const u8 *data, int dlen)
 464{
 465        if (!(debug & 1))
 466                return;
 467
 468        pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
 469
 470        switch (control & ~PF) {
 471        case SABM:
 472                pr_cont("SABM");
 473                break;
 474        case UA:
 475                pr_cont("UA");
 476                break;
 477        case DISC:
 478                pr_cont("DISC");
 479                break;
 480        case DM:
 481                pr_cont("DM");
 482                break;
 483        case UI:
 484                pr_cont("UI");
 485                break;
 486        case UIH:
 487                pr_cont("UIH");
 488                break;
 489        default:
 490                if (!(control & 0x01)) {
 491                        pr_cont("I N(S)%d N(R)%d",
 492                                (control & 0x0E) >> 1, (control & 0xE) >> 5);
 493                } else switch (control & 0x0F) {
 494                        case RR:
 495                                pr_cont("RR(%d)", (control & 0xE0) >> 5);
 496                                break;
 497                        case RNR:
 498                                pr_cont("RNR(%d)", (control & 0xE0) >> 5);
 499                                break;
 500                        case REJ:
 501                                pr_cont("REJ(%d)", (control & 0xE0) >> 5);
 502                                break;
 503                        default:
 504                                pr_cont("[%02X]", control);
 505                }
 506        }
 507
 508        if (control & PF)
 509                pr_cont("(P)");
 510        else
 511                pr_cont("(F)");
 512
 513        if (dlen) {
 514                int ct = 0;
 515                while (dlen--) {
 516                        if (ct % 8 == 0) {
 517                                pr_cont("\n");
 518                                pr_debug("    ");
 519                        }
 520                        pr_cont("%02X ", *data++);
 521                        ct++;
 522                }
 523        }
 524        pr_cont("\n");
 525}
 526
 527
 528/*
 529 *      Link level transmission side
 530 */
 531
 532/**
 533 *      gsm_stuff_packet        -       bytestuff a packet
 534 *      @ibuf: input
 535 *      @obuf: output
 536 *      @len: length of input
 537 *
 538 *      Expand a buffer by bytestuffing it. The worst case size change
 539 *      is doubling and the caller is responsible for handing out
 540 *      suitable sized buffers.
 541 */
 542
 543static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
 544{
 545        int olen = 0;
 546        while (len--) {
 547                if (*input == GSM1_SOF || *input == GSM1_ESCAPE
 548                    || *input == XON || *input == XOFF) {
 549                        *output++ = GSM1_ESCAPE;
 550                        *output++ = *input++ ^ GSM1_ESCAPE_BITS;
 551                        olen++;
 552                } else
 553                        *output++ = *input++;
 554                olen++;
 555        }
 556        return olen;
 557}
 558
 559/**
 560 *      gsm_send        -       send a control frame
 561 *      @gsm: our GSM mux
 562 *      @addr: address for control frame
 563 *      @cr: command/response bit
 564 *      @control:  control byte including PF bit
 565 *
 566 *      Format up and transmit a control frame. These do not go via the
 567 *      queueing logic as they should be transmitted ahead of data when
 568 *      they are needed.
 569 *
 570 *      FIXME: Lock versus data TX path
 571 */
 572
 573static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
 574{
 575        int len;
 576        u8 cbuf[10];
 577        u8 ibuf[3];
 578
 579        switch (gsm->encoding) {
 580        case 0:
 581                cbuf[0] = GSM0_SOF;
 582                cbuf[1] = (addr << 2) | (cr << 1) | EA;
 583                cbuf[2] = control;
 584                cbuf[3] = EA;   /* Length of data = 0 */
 585                cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
 586                cbuf[5] = GSM0_SOF;
 587                len = 6;
 588                break;
 589        case 1:
 590        case 2:
 591                /* Control frame + packing (but not frame stuffing) in mode 1 */
 592                ibuf[0] = (addr << 2) | (cr << 1) | EA;
 593                ibuf[1] = control;
 594                ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
 595                /* Stuffing may double the size worst case */
 596                len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
 597                /* Now add the SOF markers */
 598                cbuf[0] = GSM1_SOF;
 599                cbuf[len + 1] = GSM1_SOF;
 600                /* FIXME: we can omit the lead one in many cases */
 601                len += 2;
 602                break;
 603        default:
 604                WARN_ON(1);
 605                return;
 606        }
 607        gsm->output(gsm, cbuf, len);
 608        gsm_print_packet("-->", addr, cr, control, NULL, 0);
 609}
 610
 611/**
 612 *      gsm_response    -       send a control response
 613 *      @gsm: our GSM mux
 614 *      @addr: address for control frame
 615 *      @control:  control byte including PF bit
 616 *
 617 *      Format up and transmit a link level response frame.
 618 */
 619
 620static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
 621{
 622        gsm_send(gsm, addr, 0, control);
 623}
 624
 625/**
 626 *      gsm_command     -       send a control command
 627 *      @gsm: our GSM mux
 628 *      @addr: address for control frame
 629 *      @control:  control byte including PF bit
 630 *
 631 *      Format up and transmit a link level command frame.
 632 */
 633
 634static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
 635{
 636        gsm_send(gsm, addr, 1, control);
 637}
 638
 639/* Data transmission */
 640
 641#define HDR_LEN         6       /* ADDR CTRL [LEN.2] DATA FCS */
 642
 643/**
 644 *      gsm_data_alloc          -       allocate data frame
 645 *      @gsm: GSM mux
 646 *      @addr: DLCI address
 647 *      @len: length excluding header and FCS
 648 *      @ctrl: control byte
 649 *
 650 *      Allocate a new data buffer for sending frames with data. Space is left
 651 *      at the front for header bytes but that is treated as an implementation
 652 *      detail and not for the high level code to use
 653 */
 654
 655static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
 656                                                                u8 ctrl)
 657{
 658        struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
 659                                                                GFP_ATOMIC);
 660        if (m == NULL)
 661                return NULL;
 662        m->data = m->buffer + HDR_LEN - 1;      /* Allow for FCS */
 663        m->len = len;
 664        m->addr = addr;
 665        m->ctrl = ctrl;
 666        m->next = NULL;
 667        return m;
 668}
 669
 670/**
 671 *      gsm_data_kick           -       poke the queue
 672 *      @gsm: GSM Mux
 673 *
 674 *      The tty device has called us to indicate that room has appeared in
 675 *      the transmit queue. Ram more data into the pipe if we have any
 676 *
 677 *      FIXME: lock against link layer control transmissions
 678 */
 679
 680static void gsm_data_kick(struct gsm_mux *gsm)
 681{
 682        struct gsm_msg *msg = gsm->tx_head;
 683        int len;
 684        int skip_sof = 0;
 685
 686        /* FIXME: We need to apply this solely to data messages */
 687        if (gsm->constipated)
 688                return;
 689
 690        while (gsm->tx_head != NULL) {
 691                msg = gsm->tx_head;
 692                if (gsm->encoding != 0) {
 693                        gsm->txframe[0] = GSM1_SOF;
 694                        len = gsm_stuff_frame(msg->data,
 695                                                gsm->txframe + 1, msg->len);
 696                        gsm->txframe[len + 1] = GSM1_SOF;
 697                        len += 2;
 698                } else {
 699                        gsm->txframe[0] = GSM0_SOF;
 700                        memcpy(gsm->txframe + 1 , msg->data, msg->len);
 701                        gsm->txframe[msg->len + 1] = GSM0_SOF;
 702                        len = msg->len + 2;
 703                }
 704
 705                if (debug & 4)
 706                        print_hex_dump_bytes("gsm_data_kick: ",
 707                                             DUMP_PREFIX_OFFSET,
 708                                             gsm->txframe, len);
 709
 710                if (gsm->output(gsm, gsm->txframe + skip_sof,
 711                                                len - skip_sof) < 0)
 712                        break;
 713                /* FIXME: Can eliminate one SOF in many more cases */
 714                gsm->tx_head = msg->next;
 715                if (gsm->tx_head == NULL)
 716                        gsm->tx_tail = NULL;
 717                gsm->tx_bytes -= msg->len;
 718                kfree(msg);
 719                /* For a burst of frames skip the extra SOF within the
 720                   burst */
 721                skip_sof = 1;
 722        }
 723}
 724
 725/**
 726 *      __gsm_data_queue                -       queue a UI or UIH frame
 727 *      @dlci: DLCI sending the data
 728 *      @msg: message queued
 729 *
 730 *      Add data to the transmit queue and try and get stuff moving
 731 *      out of the mux tty if not already doing so. The Caller must hold
 732 *      the gsm tx lock.
 733 */
 734
 735static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
 736{
 737        struct gsm_mux *gsm = dlci->gsm;
 738        u8 *dp = msg->data;
 739        u8 *fcs = dp + msg->len;
 740
 741        /* Fill in the header */
 742        if (gsm->encoding == 0) {
 743                if (msg->len < 128)
 744                        *--dp = (msg->len << 1) | EA;
 745                else {
 746                        *--dp = (msg->len >> 7);        /* bits 7 - 15 */
 747                        *--dp = (msg->len & 127) << 1;  /* bits 0 - 6 */
 748                }
 749        }
 750
 751        *--dp = msg->ctrl;
 752        if (gsm->initiator)
 753                *--dp = (msg->addr << 2) | 2 | EA;
 754        else
 755                *--dp = (msg->addr << 2) | EA;
 756        *fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
 757        /* Ugly protocol layering violation */
 758        if (msg->ctrl == UI || msg->ctrl == (UI|PF))
 759                *fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
 760        *fcs = 0xFF - *fcs;
 761
 762        gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
 763                                                        msg->data, msg->len);
 764
 765        /* Move the header back and adjust the length, also allow for the FCS
 766           now tacked on the end */
 767        msg->len += (msg->data - dp) + 1;
 768        msg->data = dp;
 769
 770        /* Add to the actual output queue */
 771        if (gsm->tx_tail)
 772                gsm->tx_tail->next = msg;
 773        else
 774                gsm->tx_head = msg;
 775        gsm->tx_tail = msg;
 776        gsm->tx_bytes += msg->len;
 777        gsm_data_kick(gsm);
 778}
 779
 780/**
 781 *      gsm_data_queue          -       queue a UI or UIH frame
 782 *      @dlci: DLCI sending the data
 783 *      @msg: message queued
 784 *
 785 *      Add data to the transmit queue and try and get stuff moving
 786 *      out of the mux tty if not already doing so. Take the
 787 *      the gsm tx lock and dlci lock.
 788 */
 789
 790static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
 791{
 792        unsigned long flags;
 793        spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
 794        __gsm_data_queue(dlci, msg);
 795        spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
 796}
 797
 798/**
 799 *      gsm_dlci_data_output    -       try and push data out of a DLCI
 800 *      @gsm: mux
 801 *      @dlci: the DLCI to pull data from
 802 *
 803 *      Pull data from a DLCI and send it into the transmit queue if there
 804 *      is data. Keep to the MRU of the mux. This path handles the usual tty
 805 *      interface which is a byte stream with optional modem data.
 806 *
 807 *      Caller must hold the tx_lock of the mux.
 808 */
 809
 810static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
 811{
 812        struct gsm_msg *msg;
 813        u8 *dp;
 814        int len, total_size, size;
 815        int h = dlci->adaption - 1;
 816
 817        total_size = 0;
 818        while(1) {
 819                len = kfifo_len(dlci->fifo);
 820                if (len == 0)
 821                        return total_size;
 822
 823                /* MTU/MRU count only the data bits */
 824                if (len > gsm->mtu)
 825                        len = gsm->mtu;
 826
 827                size = len + h;
 828
 829                msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
 830                /* FIXME: need a timer or something to kick this so it can't
 831                   get stuck with no work outstanding and no buffer free */
 832                if (msg == NULL)
 833                        return -ENOMEM;
 834                dp = msg->data;
 835                switch (dlci->adaption) {
 836                case 1: /* Unstructured */
 837                        break;
 838                case 2: /* Unstructed with modem bits. Always one byte as we never
 839                           send inline break data */
 840                        *dp++ = gsm_encode_modem(dlci);
 841                        break;
 842                }
 843                WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
 844                __gsm_data_queue(dlci, msg);
 845                total_size += size;
 846        }
 847        /* Bytes of data we used up */
 848        return total_size;
 849}
 850
 851/**
 852 *      gsm_dlci_data_output_framed  -  try and push data out of a DLCI
 853 *      @gsm: mux
 854 *      @dlci: the DLCI to pull data from
 855 *
 856 *      Pull data from a DLCI and send it into the transmit queue if there
 857 *      is data. Keep to the MRU of the mux. This path handles framed data
 858 *      queued as skbuffs to the DLCI.
 859 *
 860 *      Caller must hold the tx_lock of the mux.
 861 */
 862
 863static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
 864                                                struct gsm_dlci *dlci)
 865{
 866        struct gsm_msg *msg;
 867        u8 *dp;
 868        int len, size;
 869        int last = 0, first = 0;
 870        int overhead = 0;
 871
 872        /* One byte per frame is used for B/F flags */
 873        if (dlci->adaption == 4)
 874                overhead = 1;
 875
 876        /* dlci->skb is locked by tx_lock */
 877        if (dlci->skb == NULL) {
 878                dlci->skb = skb_dequeue_tail(&dlci->skb_list);
 879                if (dlci->skb == NULL)
 880                        return 0;
 881                first = 1;
 882        }
 883        len = dlci->skb->len + overhead;
 884
 885        /* MTU/MRU count only the data bits */
 886        if (len > gsm->mtu) {
 887                if (dlci->adaption == 3) {
 888                        /* Over long frame, bin it */
 889                        kfree_skb(dlci->skb);
 890                        dlci->skb = NULL;
 891                        return 0;
 892                }
 893                len = gsm->mtu;
 894        } else
 895                last = 1;
 896
 897        size = len + overhead;
 898        msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
 899
 900        /* FIXME: need a timer or something to kick this so it can't
 901           get stuck with no work outstanding and no buffer free */
 902        if (msg == NULL) {
 903                skb_queue_tail(&dlci->skb_list, dlci->skb);
 904                dlci->skb = NULL;
 905                return -ENOMEM;
 906        }
 907        dp = msg->data;
 908
 909        if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
 910                /* Flag byte to carry the start/end info */
 911                *dp++ = last << 7 | first << 6 | 1;     /* EA */
 912                len--;
 913        }
 914        memcpy(dp, dlci->skb->data, len);
 915        skb_pull(dlci->skb, len);
 916        __gsm_data_queue(dlci, msg);
 917        if (last) {
 918                kfree_skb(dlci->skb);
 919                dlci->skb = NULL;
 920        }
 921        return size;
 922}
 923
 924/**
 925 *      gsm_dlci_data_sweep             -       look for data to send
 926 *      @gsm: the GSM mux
 927 *
 928 *      Sweep the GSM mux channels in priority order looking for ones with
 929 *      data to send. We could do with optimising this scan a bit. We aim
 930 *      to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
 931 *      TX_THRESH_LO we get called again
 932 *
 933 *      FIXME: We should round robin between groups and in theory you can
 934 *      renegotiate DLCI priorities with optional stuff. Needs optimising.
 935 */
 936
 937static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
 938{
 939        int len;
 940        /* Priority ordering: We should do priority with RR of the groups */
 941        int i = 1;
 942
 943        while (i < NUM_DLCI) {
 944                struct gsm_dlci *dlci;
 945
 946                if (gsm->tx_bytes > TX_THRESH_HI)
 947                        break;
 948                dlci = gsm->dlci[i];
 949                if (dlci == NULL || dlci->constipated) {
 950                        i++;
 951                        continue;
 952                }
 953                if (dlci->adaption < 3 && !dlci->net)
 954                        len = gsm_dlci_data_output(gsm, dlci);
 955                else
 956                        len = gsm_dlci_data_output_framed(gsm, dlci);
 957                if (len < 0)
 958                        break;
 959                /* DLCI empty - try the next */
 960                if (len == 0)
 961                        i++;
 962        }
 963}
 964
 965/**
 966 *      gsm_dlci_data_kick      -       transmit if possible
 967 *      @dlci: DLCI to kick
 968 *
 969 *      Transmit data from this DLCI if the queue is empty. We can't rely on
 970 *      a tty wakeup except when we filled the pipe so we need to fire off
 971 *      new data ourselves in other cases.
 972 */
 973
 974static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
 975{
 976        unsigned long flags;
 977        int sweep;
 978
 979        spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
 980        /* If we have nothing running then we need to fire up */
 981        sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
 982        if (dlci->gsm->tx_bytes == 0) {
 983                if (dlci->net)
 984                        gsm_dlci_data_output_framed(dlci->gsm, dlci);
 985                else
 986                        gsm_dlci_data_output(dlci->gsm, dlci);
 987        }
 988        if (sweep)
 989                gsm_dlci_data_sweep(dlci->gsm);
 990        spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
 991}
 992
 993/*
 994 *      Control message processing
 995 */
 996
 997
 998/**
 999 *      gsm_control_reply       -       send a response frame to a control
1000 *      @gsm: gsm channel
1001 *      @cmd: the command to use
1002 *      @data: data to follow encoded info
1003 *      @dlen: length of data
1004 *
1005 *      Encode up and queue a UI/UIH frame containing our response.
1006 */
1007
1008static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
1009                                        int dlen)
1010{
1011        struct gsm_msg *msg;
1012        msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1013        if (msg == NULL)
1014                return;
1015        msg->data[0] = (cmd & 0xFE) << 1 | EA;  /* Clear C/R */
1016        msg->data[1] = (dlen << 1) | EA;
1017        memcpy(msg->data + 2, data, dlen);
1018        gsm_data_queue(gsm->dlci[0], msg);
1019}
1020
1021/**
1022 *      gsm_process_modem       -       process received modem status
1023 *      @tty: virtual tty bound to the DLCI
1024 *      @dlci: DLCI to affect
1025 *      @modem: modem bits (full EA)
1026 *
1027 *      Used when a modem control message or line state inline in adaption
1028 *      layer 2 is processed. Sort out the local modem state and throttles
1029 */
1030
1031static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1032                                                        u32 modem, int clen)
1033{
1034        int  mlines = 0;
1035        u8 brk = 0;
1036
1037        /* The modem status command can either contain one octet (v.24 signals)
1038           or two octets (v.24 signals + break signals). The length field will
1039           either be 2 or 3 respectively. This is specified in section
1040           5.4.6.3.7 of the  27.010 mux spec. */
1041
1042        if (clen == 2)
1043                modem = modem & 0x7f;
1044        else {
1045                brk = modem & 0x7f;
1046                modem = (modem >> 7) & 0x7f;
1047        };
1048
1049        /* Flow control/ready to communicate */
1050        if (modem & MDM_FC) {
1051                /* Need to throttle our output on this device */
1052                dlci->constipated = 1;
1053        }
1054        if (modem & MDM_RTC) {
1055                mlines |= TIOCM_DSR | TIOCM_DTR;
1056                dlci->constipated = 0;
1057                gsm_dlci_data_kick(dlci);
1058        }
1059        /* Map modem bits */
1060        if (modem & MDM_RTR)
1061                mlines |= TIOCM_RTS | TIOCM_CTS;
1062        if (modem & MDM_IC)
1063                mlines |= TIOCM_RI;
1064        if (modem & MDM_DV)
1065                mlines |= TIOCM_CD;
1066
1067        /* Carrier drop -> hangup */
1068        if (tty) {
1069                if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1070                        if (!(tty->termios->c_cflag & CLOCAL))
1071                                tty_hangup(tty);
1072                if (brk & 0x01)
1073                        tty_insert_flip_char(tty, 0, TTY_BREAK);
1074        }
1075        dlci->modem_rx = mlines;
1076}
1077
1078/**
1079 *      gsm_control_modem       -       modem status received
1080 *      @gsm: GSM channel
1081 *      @data: data following command
1082 *      @clen: command length
1083 *
1084 *      We have received a modem status control message. This is used by
1085 *      the GSM mux protocol to pass virtual modem line status and optionally
1086 *      to indicate break signals. Unpack it, convert to Linux representation
1087 *      and if need be stuff a break message down the tty.
1088 */
1089
1090static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1091{
1092        unsigned int addr = 0;
1093        unsigned int modem = 0;
1094        struct gsm_dlci *dlci;
1095        int len = clen;
1096        u8 *dp = data;
1097        struct tty_struct *tty;
1098
1099        while (gsm_read_ea(&addr, *dp++) == 0) {
1100                len--;
1101                if (len == 0)
1102                        return;
1103        }
1104        /* Must be at least one byte following the EA */
1105        len--;
1106        if (len <= 0)
1107                return;
1108
1109        addr >>= 1;
1110        /* Closed port, or invalid ? */
1111        if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1112                return;
1113        dlci = gsm->dlci[addr];
1114
1115        while (gsm_read_ea(&modem, *dp++) == 0) {
1116                len--;
1117                if (len == 0)
1118                        return;
1119        }
1120        tty = tty_port_tty_get(&dlci->port);
1121        gsm_process_modem(tty, dlci, modem, clen);
1122        if (tty) {
1123                tty_wakeup(tty);
1124                tty_kref_put(tty);
1125        }
1126        gsm_control_reply(gsm, CMD_MSC, data, clen);
1127}
1128
1129/**
1130 *      gsm_control_rls         -       remote line status
1131 *      @gsm: GSM channel
1132 *      @data: data bytes
1133 *      @clen: data length
1134 *
1135 *      The modem sends us a two byte message on the control channel whenever
1136 *      it wishes to send us an error state from the virtual link. Stuff
1137 *      this into the uplink tty if present
1138 */
1139
1140static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1141{
1142        struct tty_struct *tty;
1143        unsigned int addr = 0 ;
1144        u8 bits;
1145        int len = clen;
1146        u8 *dp = data;
1147
1148        while (gsm_read_ea(&addr, *dp++) == 0) {
1149                len--;
1150                if (len == 0)
1151                        return;
1152        }
1153        /* Must be at least one byte following ea */
1154        len--;
1155        if (len <= 0)
1156                return;
1157        addr >>= 1;
1158        /* Closed port, or invalid ? */
1159        if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1160                return;
1161        /* No error ? */
1162        bits = *dp;
1163        if ((bits & 1) == 0)
1164                return;
1165        /* See if we have an uplink tty */
1166        tty = tty_port_tty_get(&gsm->dlci[addr]->port);
1167
1168        if (tty) {
1169                if (bits & 2)
1170                        tty_insert_flip_char(tty, 0, TTY_OVERRUN);
1171                if (bits & 4)
1172                        tty_insert_flip_char(tty, 0, TTY_PARITY);
1173                if (bits & 8)
1174                        tty_insert_flip_char(tty, 0, TTY_FRAME);
1175                tty_flip_buffer_push(tty);
1176                tty_kref_put(tty);
1177        }
1178        gsm_control_reply(gsm, CMD_RLS, data, clen);
1179}
1180
1181static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1182
1183/**
1184 *      gsm_control_message     -       DLCI 0 control processing
1185 *      @gsm: our GSM mux
1186 *      @command:  the command EA
1187 *      @data: data beyond the command/length EAs
1188 *      @clen: length
1189 *
1190 *      Input processor for control messages from the other end of the link.
1191 *      Processes the incoming request and queues a response frame or an
1192 *      NSC response if not supported
1193 */
1194
1195static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1196                                                        u8 *data, int clen)
1197{
1198        u8 buf[1];
1199        unsigned long flags;
1200
1201        switch (command) {
1202        case CMD_CLD: {
1203                struct gsm_dlci *dlci = gsm->dlci[0];
1204                /* Modem wishes to close down */
1205                if (dlci) {
1206                        dlci->dead = 1;
1207                        gsm->dead = 1;
1208                        gsm_dlci_begin_close(dlci);
1209                }
1210                }
1211                break;
1212        case CMD_TEST:
1213                /* Modem wishes to test, reply with the data */
1214                gsm_control_reply(gsm, CMD_TEST, data, clen);
1215                break;
1216        case CMD_FCON:
1217                /* Modem wants us to STFU */
1218                gsm->constipated = 1;
1219                gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1220                break;
1221        case CMD_FCOFF:
1222                /* Modem can accept data again */
1223                gsm->constipated = 0;
1224                gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1225                /* Kick the link in case it is idling */
1226                spin_lock_irqsave(&gsm->tx_lock, flags);
1227                gsm_data_kick(gsm);
1228                spin_unlock_irqrestore(&gsm->tx_lock, flags);
1229                break;
1230        case CMD_MSC:
1231                /* Out of band modem line change indicator for a DLCI */
1232                gsm_control_modem(gsm, data, clen);
1233                break;
1234        case CMD_RLS:
1235                /* Out of band error reception for a DLCI */
1236                gsm_control_rls(gsm, data, clen);
1237                break;
1238        case CMD_PSC:
1239                /* Modem wishes to enter power saving state */
1240                gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1241                break;
1242                /* Optional unsupported commands */
1243        case CMD_PN:    /* Parameter negotiation */
1244        case CMD_RPN:   /* Remote port negotiation */
1245        case CMD_SNC:   /* Service negotiation command */
1246        default:
1247                /* Reply to bad commands with an NSC */
1248                buf[0] = command;
1249                gsm_control_reply(gsm, CMD_NSC, buf, 1);
1250                break;
1251        }
1252}
1253
1254/**
1255 *      gsm_control_response    -       process a response to our control
1256 *      @gsm: our GSM mux
1257 *      @command: the command (response) EA
1258 *      @data: data beyond the command/length EA
1259 *      @clen: length
1260 *
1261 *      Process a response to an outstanding command. We only allow a single
1262 *      control message in flight so this is fairly easy. All the clean up
1263 *      is done by the caller, we just update the fields, flag it as done
1264 *      and return
1265 */
1266
1267static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1268                                                        u8 *data, int clen)
1269{
1270        struct gsm_control *ctrl;
1271        unsigned long flags;
1272
1273        spin_lock_irqsave(&gsm->control_lock, flags);
1274
1275        ctrl = gsm->pending_cmd;
1276        /* Does the reply match our command */
1277        command |= 1;
1278        if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1279                /* Our command was replied to, kill the retry timer */
1280                del_timer(&gsm->t2_timer);
1281                gsm->pending_cmd = NULL;
1282                /* Rejected by the other end */
1283                if (command == CMD_NSC)
1284                        ctrl->error = -EOPNOTSUPP;
1285                ctrl->done = 1;
1286                wake_up(&gsm->event);
1287        }
1288        spin_unlock_irqrestore(&gsm->control_lock, flags);
1289}
1290
1291/**
1292 *      gsm_control_transmit    -       send control packet
1293 *      @gsm: gsm mux
1294 *      @ctrl: frame to send
1295 *
1296 *      Send out a pending control command (called under control lock)
1297 */
1298
1299static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1300{
1301        struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
1302        if (msg == NULL)
1303                return;
1304        msg->data[0] = (ctrl->cmd << 1) | 2 | EA;       /* command */
1305        memcpy(msg->data + 1, ctrl->data, ctrl->len);
1306        gsm_data_queue(gsm->dlci[0], msg);
1307}
1308
1309/**
1310 *      gsm_control_retransmit  -       retransmit a control frame
1311 *      @data: pointer to our gsm object
1312 *
1313 *      Called off the T2 timer expiry in order to retransmit control frames
1314 *      that have been lost in the system somewhere. The control_lock protects
1315 *      us from colliding with another sender or a receive completion event.
1316 *      In that situation the timer may still occur in a small window but
1317 *      gsm->pending_cmd will be NULL and we just let the timer expire.
1318 */
1319
1320static void gsm_control_retransmit(unsigned long data)
1321{
1322        struct gsm_mux *gsm = (struct gsm_mux *)data;
1323        struct gsm_control *ctrl;
1324        unsigned long flags;
1325        spin_lock_irqsave(&gsm->control_lock, flags);
1326        ctrl = gsm->pending_cmd;
1327        if (ctrl) {
1328                gsm->cretries--;
1329                if (gsm->cretries == 0) {
1330                        gsm->pending_cmd = NULL;
1331                        ctrl->error = -ETIMEDOUT;
1332                        ctrl->done = 1;
1333                        spin_unlock_irqrestore(&gsm->control_lock, flags);
1334                        wake_up(&gsm->event);
1335                        return;
1336                }
1337                gsm_control_transmit(gsm, ctrl);
1338                mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1339        }
1340        spin_unlock_irqrestore(&gsm->control_lock, flags);
1341}
1342
1343/**
1344 *      gsm_control_send        -       send a control frame on DLCI 0
1345 *      @gsm: the GSM channel
1346 *      @command: command  to send including CR bit
1347 *      @data: bytes of data (must be kmalloced)
1348 *      @len: length of the block to send
1349 *
1350 *      Queue and dispatch a control command. Only one command can be
1351 *      active at a time. In theory more can be outstanding but the matching
1352 *      gets really complicated so for now stick to one outstanding.
1353 */
1354
1355static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1356                unsigned int command, u8 *data, int clen)
1357{
1358        struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1359                                                GFP_KERNEL);
1360        unsigned long flags;
1361        if (ctrl == NULL)
1362                return NULL;
1363retry:
1364        wait_event(gsm->event, gsm->pending_cmd == NULL);
1365        spin_lock_irqsave(&gsm->control_lock, flags);
1366        if (gsm->pending_cmd != NULL) {
1367                spin_unlock_irqrestore(&gsm->control_lock, flags);
1368                goto retry;
1369        }
1370        ctrl->cmd = command;
1371        ctrl->data = data;
1372        ctrl->len = clen;
1373        gsm->pending_cmd = ctrl;
1374        gsm->cretries = gsm->n2;
1375        mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1376        gsm_control_transmit(gsm, ctrl);
1377        spin_unlock_irqrestore(&gsm->control_lock, flags);
1378        return ctrl;
1379}
1380
1381/**
1382 *      gsm_control_wait        -       wait for a control to finish
1383 *      @gsm: GSM mux
1384 *      @control: control we are waiting on
1385 *
1386 *      Waits for the control to complete or time out. Frees any used
1387 *      resources and returns 0 for success, or an error if the remote
1388 *      rejected or ignored the request.
1389 */
1390
1391static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1392{
1393        int err;
1394        wait_event(gsm->event, control->done == 1);
1395        err = control->error;
1396        kfree(control);
1397        return err;
1398}
1399
1400
1401/*
1402 *      DLCI level handling: Needs krefs
1403 */
1404
1405/*
1406 *      State transitions and timers
1407 */
1408
1409/**
1410 *      gsm_dlci_close          -       a DLCI has closed
1411 *      @dlci: DLCI that closed
1412 *
1413 *      Perform processing when moving a DLCI into closed state. If there
1414 *      is an attached tty this is hung up
1415 */
1416
1417static void gsm_dlci_close(struct gsm_dlci *dlci)
1418{
1419        del_timer(&dlci->t1);
1420        if (debug & 8)
1421                pr_debug("DLCI %d goes closed.\n", dlci->addr);
1422        dlci->state = DLCI_CLOSED;
1423        if (dlci->addr != 0) {
1424                struct tty_struct  *tty = tty_port_tty_get(&dlci->port);
1425                if (tty) {
1426                        tty_hangup(tty);
1427                        tty_kref_put(tty);
1428                }
1429                kfifo_reset(dlci->fifo);
1430        } else
1431                dlci->gsm->dead = 1;
1432        wake_up(&dlci->gsm->event);
1433        /* A DLCI 0 close is a MUX termination so we need to kick that
1434           back to userspace somehow */
1435}
1436
1437/**
1438 *      gsm_dlci_open           -       a DLCI has opened
1439 *      @dlci: DLCI that opened
1440 *
1441 *      Perform processing when moving a DLCI into open state.
1442 */
1443
1444static void gsm_dlci_open(struct gsm_dlci *dlci)
1445{
1446        /* Note that SABM UA .. SABM UA first UA lost can mean that we go
1447           open -> open */
1448        del_timer(&dlci->t1);
1449        /* This will let a tty open continue */
1450        dlci->state = DLCI_OPEN;
1451        if (debug & 8)
1452                pr_debug("DLCI %d goes open.\n", dlci->addr);
1453        wake_up(&dlci->gsm->event);
1454}
1455
1456/**
1457 *      gsm_dlci_t1             -       T1 timer expiry
1458 *      @dlci: DLCI that opened
1459 *
1460 *      The T1 timer handles retransmits of control frames (essentially of
1461 *      SABM and DISC). We resend the command until the retry count runs out
1462 *      in which case an opening port goes back to closed and a closing port
1463 *      is simply put into closed state (any further frames from the other
1464 *      end will get a DM response)
1465 */
1466
1467static void gsm_dlci_t1(unsigned long data)
1468{
1469        struct gsm_dlci *dlci = (struct gsm_dlci *)data;
1470        struct gsm_mux *gsm = dlci->gsm;
1471
1472        switch (dlci->state) {
1473        case DLCI_OPENING:
1474                dlci->retries--;
1475                if (dlci->retries) {
1476                        gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1477                        mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1478                } else
1479                        gsm_dlci_close(dlci);
1480                break;
1481        case DLCI_CLOSING:
1482                dlci->retries--;
1483                if (dlci->retries) {
1484                        gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1485                        mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1486                } else
1487                        gsm_dlci_close(dlci);
1488                break;
1489        }
1490}
1491
1492/**
1493 *      gsm_dlci_begin_open     -       start channel open procedure
1494 *      @dlci: DLCI to open
1495 *
1496 *      Commence opening a DLCI from the Linux side. We issue SABM messages
1497 *      to the modem which should then reply with a UA, at which point we
1498 *      will move into open state. Opening is done asynchronously with retry
1499 *      running off timers and the responses.
1500 */
1501
1502static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1503{
1504        struct gsm_mux *gsm = dlci->gsm;
1505        if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1506                return;
1507        dlci->retries = gsm->n2;
1508        dlci->state = DLCI_OPENING;
1509        gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1510        mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1511}
1512
1513/**
1514 *      gsm_dlci_begin_close    -       start channel open procedure
1515 *      @dlci: DLCI to open
1516 *
1517 *      Commence closing a DLCI from the Linux side. We issue DISC messages
1518 *      to the modem which should then reply with a UA, at which point we
1519 *      will move into closed state. Closing is done asynchronously with retry
1520 *      off timers. We may also receive a DM reply from the other end which
1521 *      indicates the channel was already closed.
1522 */
1523
1524static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1525{
1526        struct gsm_mux *gsm = dlci->gsm;
1527        if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1528                return;
1529        dlci->retries = gsm->n2;
1530        dlci->state = DLCI_CLOSING;
1531        gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1532        mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1533}
1534
1535/**
1536 *      gsm_dlci_data           -       data arrived
1537 *      @dlci: channel
1538 *      @data: block of bytes received
1539 *      @len: length of received block
1540 *
1541 *      A UI or UIH frame has arrived which contains data for a channel
1542 *      other than the control channel. If the relevant virtual tty is
1543 *      open we shovel the bits down it, if not we drop them.
1544 */
1545
1546static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
1547{
1548        /* krefs .. */
1549        struct tty_port *port = &dlci->port;
1550        struct tty_struct *tty = tty_port_tty_get(port);
1551        unsigned int modem = 0;
1552        int len = clen;
1553
1554        if (debug & 16)
1555                pr_debug("%d bytes for tty %p\n", len, tty);
1556        if (tty) {
1557                switch (dlci->adaption)  {
1558                /* Unsupported types */
1559                /* Packetised interruptible data */
1560                case 4:
1561                        break;
1562                /* Packetised uininterruptible voice/data */
1563                case 3:
1564                        break;
1565                /* Asynchronous serial with line state in each frame */
1566                case 2:
1567                        while (gsm_read_ea(&modem, *data++) == 0) {
1568                                len--;
1569                                if (len == 0)
1570                                        return;
1571                        }
1572                        gsm_process_modem(tty, dlci, modem, clen);
1573                /* Line state will go via DLCI 0 controls only */
1574                case 1:
1575                default:
1576                        tty_insert_flip_string(tty, data, len);
1577                        tty_flip_buffer_push(tty);
1578                }
1579                tty_kref_put(tty);
1580        }
1581}
1582
1583/**
1584 *      gsm_dlci_control        -       data arrived on control channel
1585 *      @dlci: channel
1586 *      @data: block of bytes received
1587 *      @len: length of received block
1588 *
1589 *      A UI or UIH frame has arrived which contains data for DLCI 0 the
1590 *      control channel. This should contain a command EA followed by
1591 *      control data bytes. The command EA contains a command/response bit
1592 *      and we divide up the work accordingly.
1593 */
1594
1595static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1596{
1597        /* See what command is involved */
1598        unsigned int command = 0;
1599        while (len-- > 0) {
1600                if (gsm_read_ea(&command, *data++) == 1) {
1601                        int clen = *data++;
1602                        len--;
1603                        /* FIXME: this is properly an EA */
1604                        clen >>= 1;
1605                        /* Malformed command ? */
1606                        if (clen > len)
1607                                return;
1608                        if (command & 1)
1609                                gsm_control_message(dlci->gsm, command,
1610                                                                data, clen);
1611                        else
1612                                gsm_control_response(dlci->gsm, command,
1613                                                                data, clen);
1614                        return;
1615                }
1616        }
1617}
1618
1619/*
1620 *      Allocate/Free DLCI channels
1621 */
1622
1623/**
1624 *      gsm_dlci_alloc          -       allocate a DLCI
1625 *      @gsm: GSM mux
1626 *      @addr: address of the DLCI
1627 *
1628 *      Allocate and install a new DLCI object into the GSM mux.
1629 *
1630 *      FIXME: review locking races
1631 */
1632
1633static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1634{
1635        struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1636        if (dlci == NULL)
1637                return NULL;
1638        spin_lock_init(&dlci->lock);
1639        kref_init(&dlci->ref);
1640        mutex_init(&dlci->mutex);
1641        dlci->fifo = &dlci->_fifo;
1642        if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1643                kfree(dlci);
1644                return NULL;
1645        }
1646
1647        skb_queue_head_init(&dlci->skb_list);
1648        init_timer(&dlci->t1);
1649        dlci->t1.function = gsm_dlci_t1;
1650        dlci->t1.data = (unsigned long)dlci;
1651        tty_port_init(&dlci->port);
1652        dlci->port.ops = &gsm_port_ops;
1653        dlci->gsm = gsm;
1654        dlci->addr = addr;
1655        dlci->adaption = gsm->adaption;
1656        dlci->state = DLCI_CLOSED;
1657        if (addr)
1658                dlci->data = gsm_dlci_data;
1659        else
1660                dlci->data = gsm_dlci_command;
1661        gsm->dlci[addr] = dlci;
1662        return dlci;
1663}
1664
1665/**
1666 *      gsm_dlci_free           -       free DLCI
1667 *      @dlci: DLCI to free
1668 *
1669 *      Free up a DLCI.
1670 *
1671 *      Can sleep.
1672 */
1673static void gsm_dlci_free(struct kref *ref)
1674{
1675        struct gsm_dlci *dlci = container_of(ref, struct gsm_dlci, ref);
1676
1677        del_timer_sync(&dlci->t1);
1678        dlci->gsm->dlci[dlci->addr] = NULL;
1679        kfifo_free(dlci->fifo);
1680        while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1681                kfree_skb(dlci->skb);
1682        kfree(dlci);
1683}
1684
1685static inline void dlci_get(struct gsm_dlci *dlci)
1686{
1687        kref_get(&dlci->ref);
1688}
1689
1690static inline void dlci_put(struct gsm_dlci *dlci)
1691{
1692        kref_put(&dlci->ref, gsm_dlci_free);
1693}
1694
1695/**
1696 *      gsm_dlci_release                -       release DLCI
1697 *      @dlci: DLCI to destroy
1698 *
1699 *      Release a DLCI. Actual free is deferred until either
1700 *      mux is closed or tty is closed - whichever is last.
1701 *
1702 *      Can sleep.
1703 */
1704static void gsm_dlci_release(struct gsm_dlci *dlci)
1705{
1706        struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1707        if (tty) {
1708                tty_vhangup(tty);
1709                tty_kref_put(tty);
1710        }
1711        dlci_put(dlci);
1712}
1713
1714/*
1715 *      LAPBish link layer logic
1716 */
1717
1718/**
1719 *      gsm_queue               -       a GSM frame is ready to process
1720 *      @gsm: pointer to our gsm mux
1721 *
1722 *      At this point in time a frame has arrived and been demangled from
1723 *      the line encoding. All the differences between the encodings have
1724 *      been handled below us and the frame is unpacked into the structures.
1725 *      The fcs holds the header FCS but any data FCS must be added here.
1726 */
1727
1728static void gsm_queue(struct gsm_mux *gsm)
1729{
1730        struct gsm_dlci *dlci;
1731        u8 cr;
1732        int address;
1733        /* We have to sneak a look at the packet body to do the FCS.
1734           A somewhat layering violation in the spec */
1735
1736        if ((gsm->control & ~PF) == UI)
1737                gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, gsm->len);
1738        if (gsm->encoding == 0){
1739                /* WARNING: gsm->received_fcs is used for gsm->encoding = 0 only.
1740                            In this case it contain the last piece of data
1741                            required to generate final CRC */
1742                gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->received_fcs);
1743        }
1744        if (gsm->fcs != GOOD_FCS) {
1745                gsm->bad_fcs++;
1746                if (debug & 4)
1747                        pr_debug("BAD FCS %02x\n", gsm->fcs);
1748                return;
1749        }
1750        address = gsm->address >> 1;
1751        if (address >= NUM_DLCI)
1752                goto invalid;
1753
1754        cr = gsm->address & 1;          /* C/R bit */
1755
1756        gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1757
1758        cr ^= 1 - gsm->initiator;       /* Flip so 1 always means command */
1759        dlci = gsm->dlci[address];
1760
1761        switch (gsm->control) {
1762        case SABM|PF:
1763                if (cr == 0)
1764                        goto invalid;
1765                if (dlci == NULL)
1766                        dlci = gsm_dlci_alloc(gsm, address);
1767                if (dlci == NULL)
1768                        return;
1769                if (dlci->dead)
1770                        gsm_response(gsm, address, DM);
1771                else {
1772                        gsm_response(gsm, address, UA);
1773                        gsm_dlci_open(dlci);
1774                }
1775                break;
1776        case DISC|PF:
1777                if (cr == 0)
1778                        goto invalid;
1779                if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1780                        gsm_response(gsm, address, DM);
1781                        return;
1782                }
1783                /* Real close complete */
1784                gsm_response(gsm, address, UA);
1785                gsm_dlci_close(dlci);
1786                break;
1787        case UA:
1788        case UA|PF:
1789                if (cr == 0 || dlci == NULL)
1790                        break;
1791                switch (dlci->state) {
1792                case DLCI_CLOSING:
1793                        gsm_dlci_close(dlci);
1794                        break;
1795                case DLCI_OPENING:
1796                        gsm_dlci_open(dlci);
1797                        break;
1798                }
1799                break;
1800        case DM:        /* DM can be valid unsolicited */
1801        case DM|PF:
1802                if (cr)
1803                        goto invalid;
1804                if (dlci == NULL)
1805                        return;
1806                gsm_dlci_close(dlci);
1807                break;
1808        case UI:
1809        case UI|PF:
1810        case UIH:
1811        case UIH|PF:
1812#if 0
1813                if (cr)
1814                        goto invalid;
1815#endif
1816                if (dlci == NULL || dlci->state != DLCI_OPEN) {
1817                        gsm_command(gsm, address, DM|PF);
1818                        return;
1819                }
1820                dlci->data(dlci, gsm->buf, gsm->len);
1821                break;
1822        default:
1823                goto invalid;
1824        }
1825        return;
1826invalid:
1827        gsm->malformed++;
1828        return;
1829}
1830
1831
1832/**
1833 *      gsm0_receive    -       perform processing for non-transparency
1834 *      @gsm: gsm data for this ldisc instance
1835 *      @c: character
1836 *
1837 *      Receive bytes in gsm mode 0
1838 */
1839
1840static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1841{
1842        unsigned int len;
1843
1844        switch (gsm->state) {
1845        case GSM_SEARCH:        /* SOF marker */
1846                if (c == GSM0_SOF) {
1847                        gsm->state = GSM_ADDRESS;
1848                        gsm->address = 0;
1849                        gsm->len = 0;
1850                        gsm->fcs = INIT_FCS;
1851                }
1852                break;
1853        case GSM_ADDRESS:       /* Address EA */
1854                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1855                if (gsm_read_ea(&gsm->address, c))
1856                        gsm->state = GSM_CONTROL;
1857                break;
1858        case GSM_CONTROL:       /* Control Byte */
1859                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1860                gsm->control = c;
1861                gsm->state = GSM_LEN0;
1862                break;
1863        case GSM_LEN0:          /* Length EA */
1864                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1865                if (gsm_read_ea(&gsm->len, c)) {
1866                        if (gsm->len > gsm->mru) {
1867                                gsm->bad_size++;
1868                                gsm->state = GSM_SEARCH;
1869                                break;
1870                        }
1871                        gsm->count = 0;
1872                        if (!gsm->len)
1873                                gsm->state = GSM_FCS;
1874                        else
1875                                gsm->state = GSM_DATA;
1876                        break;
1877                }
1878                gsm->state = GSM_LEN1;
1879                break;
1880        case GSM_LEN1:
1881                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1882                len = c;
1883                gsm->len |= len << 7;
1884                if (gsm->len > gsm->mru) {
1885                        gsm->bad_size++;
1886                        gsm->state = GSM_SEARCH;
1887                        break;
1888                }
1889                gsm->count = 0;
1890                if (!gsm->len)
1891                        gsm->state = GSM_FCS;
1892                else
1893                        gsm->state = GSM_DATA;
1894                break;
1895        case GSM_DATA:          /* Data */
1896                gsm->buf[gsm->count++] = c;
1897                if (gsm->count == gsm->len)
1898                        gsm->state = GSM_FCS;
1899                break;
1900        case GSM_FCS:           /* FCS follows the packet */
1901                gsm->received_fcs = c;
1902                gsm_queue(gsm);
1903                gsm->state = GSM_SSOF;
1904                break;
1905        case GSM_SSOF:
1906                if (c == GSM0_SOF) {
1907                        gsm->state = GSM_SEARCH;
1908                        break;
1909                }
1910                break;
1911        }
1912}
1913
1914/**
1915 *      gsm1_receive    -       perform processing for non-transparency
1916 *      @gsm: gsm data for this ldisc instance
1917 *      @c: character
1918 *
1919 *      Receive bytes in mode 1 (Advanced option)
1920 */
1921
1922static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1923{
1924        if (c == GSM1_SOF) {
1925                /* EOF is only valid in frame if we have got to the data state
1926                   and received at least one byte (the FCS) */
1927                if (gsm->state == GSM_DATA && gsm->count) {
1928                        /* Extract the FCS */
1929                        gsm->count--;
1930                        gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
1931                        gsm->len = gsm->count;
1932                        gsm_queue(gsm);
1933                        gsm->state  = GSM_START;
1934                        return;
1935                }
1936                /* Any partial frame was a runt so go back to start */
1937                if (gsm->state != GSM_START) {
1938                        gsm->malformed++;
1939                        gsm->state = GSM_START;
1940                }
1941                /* A SOF in GSM_START means we are still reading idling or
1942                   framing bytes */
1943                return;
1944        }
1945
1946        if (c == GSM1_ESCAPE) {
1947                gsm->escape = 1;
1948                return;
1949        }
1950
1951        /* Only an unescaped SOF gets us out of GSM search */
1952        if (gsm->state == GSM_SEARCH)
1953                return;
1954
1955        if (gsm->escape) {
1956                c ^= GSM1_ESCAPE_BITS;
1957                gsm->escape = 0;
1958        }
1959        switch (gsm->state) {
1960        case GSM_START:         /* First byte after SOF */
1961                gsm->address = 0;
1962                gsm->state = GSM_ADDRESS;
1963                gsm->fcs = INIT_FCS;
1964                /* Drop through */
1965        case GSM_ADDRESS:       /* Address continuation */
1966                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1967                if (gsm_read_ea(&gsm->address, c))
1968                        gsm->state = GSM_CONTROL;
1969                break;
1970        case GSM_CONTROL:       /* Control Byte */
1971                gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1972                gsm->control = c;
1973                gsm->count = 0;
1974                gsm->state = GSM_DATA;
1975                break;
1976        case GSM_DATA:          /* Data */
1977                if (gsm->count > gsm->mru) {    /* Allow one for the FCS */
1978                        gsm->state = GSM_OVERRUN;
1979                        gsm->bad_size++;
1980                } else
1981                        gsm->buf[gsm->count++] = c;
1982                break;
1983        case GSM_OVERRUN:       /* Over-long - eg a dropped SOF */
1984                break;
1985        }
1986}
1987
1988/**
1989 *      gsm_error               -       handle tty error
1990 *      @gsm: ldisc data
1991 *      @data: byte received (may be invalid)
1992 *      @flag: error received
1993 *
1994 *      Handle an error in the receipt of data for a frame. Currently we just
1995 *      go back to hunting for a SOF.
1996 *
1997 *      FIXME: better diagnostics ?
1998 */
1999
2000static void gsm_error(struct gsm_mux *gsm,
2001                                unsigned char data, unsigned char flag)
2002{
2003        gsm->state = GSM_SEARCH;
2004        gsm->io_error++;
2005}
2006
2007/**
2008 *      gsm_cleanup_mux         -       generic GSM protocol cleanup
2009 *      @gsm: our mux
2010 *
2011 *      Clean up the bits of the mux which are the same for all framing
2012 *      protocols. Remove the mux from the mux table, stop all the timers
2013 *      and then shut down each device hanging up the channels as we go.
2014 */
2015
2016void gsm_cleanup_mux(struct gsm_mux *gsm)
2017{
2018        int i;
2019        struct gsm_dlci *dlci = gsm->dlci[0];
2020        struct gsm_msg *txq;
2021        struct gsm_control *gc;
2022
2023        gsm->dead = 1;
2024
2025        spin_lock(&gsm_mux_lock);
2026        for (i = 0; i < MAX_MUX; i++) {
2027                if (gsm_mux[i] == gsm) {
2028                        gsm_mux[i] = NULL;
2029                        break;
2030                }
2031        }
2032        spin_unlock(&gsm_mux_lock);
2033        WARN_ON(i == MAX_MUX);
2034
2035        /* In theory disconnecting DLCI 0 is sufficient but for some
2036           modems this is apparently not the case. */
2037        if (dlci) {
2038                gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2039                if (gc)
2040                        gsm_control_wait(gsm, gc);
2041        }
2042        del_timer_sync(&gsm->t2_timer);
2043        /* Now we are sure T2 has stopped */
2044        if (dlci) {
2045                dlci->dead = 1;
2046                gsm_dlci_begin_close(dlci);
2047                wait_event_interruptible(gsm->event,
2048                                        dlci->state == DLCI_CLOSED);
2049        }
2050        /* Free up any link layer users */
2051        for (i = 0; i < NUM_DLCI; i++)
2052                if (gsm->dlci[i])
2053                        gsm_dlci_release(gsm->dlci[i]);
2054        /* Now wipe the queues */
2055        for (txq = gsm->tx_head; txq != NULL; txq = gsm->tx_head) {
2056                gsm->tx_head = txq->next;
2057                kfree(txq);
2058        }
2059        gsm->tx_tail = NULL;
2060}
2061EXPORT_SYMBOL_GPL(gsm_cleanup_mux);
2062
2063/**
2064 *      gsm_activate_mux        -       generic GSM setup
2065 *      @gsm: our mux
2066 *
2067 *      Set up the bits of the mux which are the same for all framing
2068 *      protocols. Add the mux to the mux table so it can be opened and
2069 *      finally kick off connecting to DLCI 0 on the modem.
2070 */
2071
2072int gsm_activate_mux(struct gsm_mux *gsm)
2073{
2074        struct gsm_dlci *dlci;
2075        int i = 0;
2076
2077        init_timer(&gsm->t2_timer);
2078        gsm->t2_timer.function = gsm_control_retransmit;
2079        gsm->t2_timer.data = (unsigned long)gsm;
2080        init_waitqueue_head(&gsm->event);
2081        spin_lock_init(&gsm->control_lock);
2082        spin_lock_init(&gsm->tx_lock);
2083
2084        if (gsm->encoding == 0)
2085                gsm->receive = gsm0_receive;
2086        else
2087                gsm->receive = gsm1_receive;
2088        gsm->error = gsm_error;
2089
2090        spin_lock(&gsm_mux_lock);
2091        for (i = 0; i < MAX_MUX; i++) {
2092                if (gsm_mux[i] == NULL) {
2093                        gsm->num = i;
2094                        gsm_mux[i] = gsm;
2095                        break;
2096                }
2097        }
2098        spin_unlock(&gsm_mux_lock);
2099        if (i == MAX_MUX)
2100                return -EBUSY;
2101
2102        dlci = gsm_dlci_alloc(gsm, 0);
2103        if (dlci == NULL)
2104                return -ENOMEM;
2105        gsm->dead = 0;          /* Tty opens are now permissible */
2106        return 0;
2107}
2108EXPORT_SYMBOL_GPL(gsm_activate_mux);
2109
2110/**
2111 *      gsm_free_mux            -       free up a mux
2112 *      @mux: mux to free
2113 *
2114 *      Dispose of allocated resources for a dead mux
2115 */
2116void gsm_free_mux(struct gsm_mux *gsm)
2117{
2118        kfree(gsm->txframe);
2119        kfree(gsm->buf);
2120        kfree(gsm);
2121}
2122EXPORT_SYMBOL_GPL(gsm_free_mux);
2123
2124/**
2125 *      gsm_free_muxr           -       free up a mux
2126 *      @mux: mux to free
2127 *
2128 *      Dispose of allocated resources for a dead mux
2129 */
2130static void gsm_free_muxr(struct kref *ref)
2131{
2132        struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2133        gsm_free_mux(gsm);
2134}
2135
2136static inline void mux_get(struct gsm_mux *gsm)
2137{
2138        kref_get(&gsm->ref);
2139}
2140
2141static inline void mux_put(struct gsm_mux *gsm)
2142{
2143        kref_put(&gsm->ref, gsm_free_muxr);
2144}
2145
2146/**
2147 *      gsm_alloc_mux           -       allocate a mux
2148 *
2149 *      Creates a new mux ready for activation.
2150 */
2151
2152struct gsm_mux *gsm_alloc_mux(void)
2153{
2154        struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2155        if (gsm == NULL)
2156                return NULL;
2157        gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2158        if (gsm->buf == NULL) {
2159                kfree(gsm);
2160                return NULL;
2161        }
2162        gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2163        if (gsm->txframe == NULL) {
2164                kfree(gsm->buf);
2165                kfree(gsm);
2166                return NULL;
2167        }
2168        spin_lock_init(&gsm->lock);
2169        kref_init(&gsm->ref);
2170
2171        gsm->t1 = T1;
2172        gsm->t2 = T2;
2173        gsm->n2 = N2;
2174        gsm->ftype = UIH;
2175        gsm->adaption = 1;
2176        gsm->encoding = 1;
2177        gsm->mru = 64;  /* Default to encoding 1 so these should be 64 */
2178        gsm->mtu = 64;
2179        gsm->dead = 1;  /* Avoid early tty opens */
2180
2181        return gsm;
2182}
2183EXPORT_SYMBOL_GPL(gsm_alloc_mux);
2184
2185/**
2186 *      gsmld_output            -       write to link
2187 *      @gsm: our mux
2188 *      @data: bytes to output
2189 *      @len: size
2190 *
2191 *      Write a block of data from the GSM mux to the data channel. This
2192 *      will eventually be serialized from above but at the moment isn't.
2193 */
2194
2195static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2196{
2197        if (tty_write_room(gsm->tty) < len) {
2198                set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2199                return -ENOSPC;
2200        }
2201        if (debug & 4)
2202                print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2203                                     data, len);
2204        gsm->tty->ops->write(gsm->tty, data, len);
2205        return len;
2206}
2207
2208/**
2209 *      gsmld_attach_gsm        -       mode set up
2210 *      @tty: our tty structure
2211 *      @gsm: our mux
2212 *
2213 *      Set up the MUX for basic mode and commence connecting to the
2214 *      modem. Currently called from the line discipline set up but
2215 *      will need moving to an ioctl path.
2216 */
2217
2218static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2219{
2220        int ret, i;
2221        int base = gsm->num << 6; /* Base for this MUX */
2222
2223        gsm->tty = tty_kref_get(tty);
2224        gsm->output = gsmld_output;
2225        ret =  gsm_activate_mux(gsm);
2226        if (ret != 0)
2227                tty_kref_put(gsm->tty);
2228        else {
2229                /* Don't register device 0 - this is the control channel and not
2230                   a usable tty interface */
2231                for (i = 1; i < NUM_DLCI; i++)
2232                        tty_register_device(gsm_tty_driver, base + i, NULL);
2233        }
2234        return ret;
2235}
2236
2237
2238/**
2239 *      gsmld_detach_gsm        -       stop doing 0710 mux
2240 *      @tty: tty attached to the mux
2241 *      @gsm: mux
2242 *
2243 *      Shutdown and then clean up the resources used by the line discipline
2244 */
2245
2246static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2247{
2248        int i;
2249        int base = gsm->num << 6; /* Base for this MUX */
2250
2251        WARN_ON(tty != gsm->tty);
2252        for (i = 1; i < NUM_DLCI; i++)
2253                tty_unregister_device(gsm_tty_driver, base + i);
2254        gsm_cleanup_mux(gsm);
2255        tty_kref_put(gsm->tty);
2256        gsm->tty = NULL;
2257}
2258
2259static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2260                              char *fp, int count)
2261{
2262        struct gsm_mux *gsm = tty->disc_data;
2263        const unsigned char *dp;
2264        char *f;
2265        int i;
2266        char buf[64];
2267        char flags;
2268
2269        if (debug & 4)
2270                print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2271                                     cp, count);
2272
2273        for (i = count, dp = cp, f = fp; i; i--, dp++) {
2274                flags = *f++;
2275                switch (flags) {
2276                case TTY_NORMAL:
2277                        gsm->receive(gsm, *dp);
2278                        break;
2279                case TTY_OVERRUN:
2280                case TTY_BREAK:
2281                case TTY_PARITY:
2282                case TTY_FRAME:
2283                        gsm->error(gsm, *dp, flags);
2284                        break;
2285                default:
2286                        WARN_ONCE("%s: unknown flag %d\n",
2287                               tty_name(tty, buf), flags);
2288                        break;
2289                }
2290        }
2291        /* FASYNC if needed ? */
2292        /* If clogged call tty_throttle(tty); */
2293}
2294
2295/**
2296 *      gsmld_chars_in_buffer   -       report available bytes
2297 *      @tty: tty device
2298 *
2299 *      Report the number of characters buffered to be delivered to user
2300 *      at this instant in time.
2301 *
2302 *      Locking: gsm lock
2303 */
2304
2305static ssize_t gsmld_chars_in_buffer(struct tty_struct *tty)
2306{
2307        return 0;
2308}
2309
2310/**
2311 *      gsmld_flush_buffer      -       clean input queue
2312 *      @tty:   terminal device
2313 *
2314 *      Flush the input buffer. Called when the line discipline is
2315 *      being closed, when the tty layer wants the buffer flushed (eg
2316 *      at hangup).
2317 */
2318
2319static void gsmld_flush_buffer(struct tty_struct *tty)
2320{
2321}
2322
2323/**
2324 *      gsmld_close             -       close the ldisc for this tty
2325 *      @tty: device
2326 *
2327 *      Called from the terminal layer when this line discipline is
2328 *      being shut down, either because of a close or becsuse of a
2329 *      discipline change. The function will not be called while other
2330 *      ldisc methods are in progress.
2331 */
2332
2333static void gsmld_close(struct tty_struct *tty)
2334{
2335        struct gsm_mux *gsm = tty->disc_data;
2336
2337        gsmld_detach_gsm(tty, gsm);
2338
2339        gsmld_flush_buffer(tty);
2340        /* Do other clean up here */
2341        mux_put(gsm);
2342}
2343
2344/**
2345 *      gsmld_open              -       open an ldisc
2346 *      @tty: terminal to open
2347 *
2348 *      Called when this line discipline is being attached to the
2349 *      terminal device. Can sleep. Called serialized so that no
2350 *      other events will occur in parallel. No further open will occur
2351 *      until a close.
2352 */
2353
2354static int gsmld_open(struct tty_struct *tty)
2355{
2356        struct gsm_mux *gsm;
2357
2358        if (tty->ops->write == NULL)
2359                return -EINVAL;
2360
2361        /* Attach our ldisc data */
2362        gsm = gsm_alloc_mux();
2363        if (gsm == NULL)
2364                return -ENOMEM;
2365
2366        tty->disc_data = gsm;
2367        tty->receive_room = 65536;
2368
2369        /* Attach the initial passive connection */
2370        gsm->encoding = 1;
2371        return gsmld_attach_gsm(tty, gsm);
2372}
2373
2374/**
2375 *      gsmld_write_wakeup      -       asynchronous I/O notifier
2376 *      @tty: tty device
2377 *
2378 *      Required for the ptys, serial driver etc. since processes
2379 *      that attach themselves to the master and rely on ASYNC
2380 *      IO must be woken up
2381 */
2382
2383static void gsmld_write_wakeup(struct tty_struct *tty)
2384{
2385        struct gsm_mux *gsm = tty->disc_data;
2386        unsigned long flags;
2387
2388        /* Queue poll */
2389        clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2390        spin_lock_irqsave(&gsm->tx_lock, flags);
2391        gsm_data_kick(gsm);
2392        if (gsm->tx_bytes < TX_THRESH_LO) {
2393                gsm_dlci_data_sweep(gsm);
2394        }
2395        spin_unlock_irqrestore(&gsm->tx_lock, flags);
2396}
2397
2398/**
2399 *      gsmld_read              -       read function for tty
2400 *      @tty: tty device
2401 *      @file: file object
2402 *      @buf: userspace buffer pointer
2403 *      @nr: size of I/O
2404 *
2405 *      Perform reads for the line discipline. We are guaranteed that the
2406 *      line discipline will not be closed under us but we may get multiple
2407 *      parallel readers and must handle this ourselves. We may also get
2408 *      a hangup. Always called in user context, may sleep.
2409 *
2410 *      This code must be sure never to sleep through a hangup.
2411 */
2412
2413static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2414                         unsigned char __user *buf, size_t nr)
2415{
2416        return -EOPNOTSUPP;
2417}
2418
2419/**
2420 *      gsmld_write             -       write function for tty
2421 *      @tty: tty device
2422 *      @file: file object
2423 *      @buf: userspace buffer pointer
2424 *      @nr: size of I/O
2425 *
2426 *      Called when the owner of the device wants to send a frame
2427 *      itself (or some other control data). The data is transferred
2428 *      as-is and must be properly framed and checksummed as appropriate
2429 *      by userspace. Frames are either sent whole or not at all as this
2430 *      avoids pain user side.
2431 */
2432
2433static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2434                           const unsigned char *buf, size_t nr)
2435{
2436        int space = tty_write_room(tty);
2437        if (space >= nr)
2438                return tty->ops->write(tty, buf, nr);
2439        set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2440        return -ENOBUFS;
2441}
2442
2443/**
2444 *      gsmld_poll              -       poll method for N_GSM0710
2445 *      @tty: terminal device
2446 *      @file: file accessing it
2447 *      @wait: poll table
2448 *
2449 *      Called when the line discipline is asked to poll() for data or
2450 *      for special events. This code is not serialized with respect to
2451 *      other events save open/close.
2452 *
2453 *      This code must be sure never to sleep through a hangup.
2454 *      Called without the kernel lock held - fine
2455 */
2456
2457static unsigned int gsmld_poll(struct tty_struct *tty, struct file *file,
2458                                                        poll_table *wait)
2459{
2460        unsigned int mask = 0;
2461        struct gsm_mux *gsm = tty->disc_data;
2462
2463        poll_wait(file, &tty->read_wait, wait);
2464        poll_wait(file, &tty->write_wait, wait);
2465        if (tty_hung_up_p(file))
2466                mask |= POLLHUP;
2467        if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2468                mask |= POLLOUT | POLLWRNORM;
2469        if (gsm->dead)
2470                mask |= POLLHUP;
2471        return mask;
2472}
2473
2474static int gsmld_config(struct tty_struct *tty, struct gsm_mux *gsm,
2475                                                        struct gsm_config *c)
2476{
2477        int need_close = 0;
2478        int need_restart = 0;
2479
2480        /* Stuff we don't support yet - UI or I frame transport, windowing */
2481        if ((c->adaption != 1 && c->adaption != 2) || c->k)
2482                return -EOPNOTSUPP;
2483        /* Check the MRU/MTU range looks sane */
2484        if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2485                return -EINVAL;
2486        if (c->n2 < 3)
2487                return -EINVAL;
2488        if (c->encapsulation > 1)       /* Basic, advanced, no I */
2489                return -EINVAL;
2490        if (c->initiator > 1)
2491                return -EINVAL;
2492        if (c->i == 0 || c->i > 2)      /* UIH and UI only */
2493                return -EINVAL;
2494        /*
2495         *      See what is needed for reconfiguration
2496         */
2497
2498        /* Timing fields */
2499        if (c->t1 != 0 && c->t1 != gsm->t1)
2500                need_restart = 1;
2501        if (c->t2 != 0 && c->t2 != gsm->t2)
2502                need_restart = 1;
2503        if (c->encapsulation != gsm->encoding)
2504                need_restart = 1;
2505        if (c->adaption != gsm->adaption)
2506                need_restart = 1;
2507        /* Requires care */
2508        if (c->initiator != gsm->initiator)
2509                need_close = 1;
2510        if (c->mru != gsm->mru)
2511                need_restart = 1;
2512        if (c->mtu != gsm->mtu)
2513                need_restart = 1;
2514
2515        /*
2516         *      Close down what is needed, restart and initiate the new
2517         *      configuration
2518         */
2519
2520        if (need_close || need_restart) {
2521                gsm_dlci_begin_close(gsm->dlci[0]);
2522                /* This will timeout if the link is down due to N2 expiring */
2523                wait_event_interruptible(gsm->event,
2524                                gsm->dlci[0]->state == DLCI_CLOSED);
2525                if (signal_pending(current))
2526                        return -EINTR;
2527        }
2528        if (need_restart)
2529                gsm_cleanup_mux(gsm);
2530
2531        gsm->initiator = c->initiator;
2532        gsm->mru = c->mru;
2533        gsm->mtu = c->mtu;
2534        gsm->encoding = c->encapsulation;
2535        gsm->adaption = c->adaption;
2536        gsm->n2 = c->n2;
2537
2538        if (c->i == 1)
2539                gsm->ftype = UIH;
2540        else if (c->i == 2)
2541                gsm->ftype = UI;
2542
2543        if (c->t1)
2544                gsm->t1 = c->t1;
2545        if (c->t2)
2546                gsm->t2 = c->t2;
2547
2548        /* FIXME: We need to separate activation/deactivation from adding
2549           and removing from the mux array */
2550        if (need_restart)
2551                gsm_activate_mux(gsm);
2552        if (gsm->initiator && need_close)
2553                gsm_dlci_begin_open(gsm->dlci[0]);
2554        return 0;
2555}
2556
2557static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
2558                       unsigned int cmd, unsigned long arg)
2559{
2560        struct gsm_config c;
2561        struct gsm_mux *gsm = tty->disc_data;
2562
2563        switch (cmd) {
2564        case GSMIOC_GETCONF:
2565                memset(&c, 0, sizeof(c));
2566                c.adaption = gsm->adaption;
2567                c.encapsulation = gsm->encoding;
2568                c.initiator = gsm->initiator;
2569                c.t1 = gsm->t1;
2570                c.t2 = gsm->t2;
2571                c.t3 = 0;       /* Not supported */
2572                c.n2 = gsm->n2;
2573                if (gsm->ftype == UIH)
2574                        c.i = 1;
2575                else
2576                        c.i = 2;
2577                pr_debug("Ftype %d i %d\n", gsm->ftype, c.i);
2578                c.mru = gsm->mru;
2579                c.mtu = gsm->mtu;
2580                c.k = 0;
2581                if (copy_to_user((void *)arg, &c, sizeof(c)))
2582                        return -EFAULT;
2583                return 0;
2584        case GSMIOC_SETCONF:
2585                if (copy_from_user(&c, (void *)arg, sizeof(c)))
2586                        return -EFAULT;
2587                return gsmld_config(tty, gsm, &c);
2588        default:
2589                return n_tty_ioctl_helper(tty, file, cmd, arg);
2590        }
2591}
2592
2593/*
2594 *      Network interface
2595 *
2596 */
2597
2598static int gsm_mux_net_open(struct net_device *net)
2599{
2600        pr_debug("%s called\n", __func__);
2601        netif_start_queue(net);
2602        return 0;
2603}
2604
2605static int gsm_mux_net_close(struct net_device *net)
2606{
2607        netif_stop_queue(net);
2608        return 0;
2609}
2610
2611static struct net_device_stats *gsm_mux_net_get_stats(struct net_device *net)
2612{
2613        return &((struct gsm_mux_net *)netdev_priv(net))->stats;
2614}
2615static void dlci_net_free(struct gsm_dlci *dlci)
2616{
2617        if (!dlci->net) {
2618                WARN_ON(1);
2619                return;
2620        }
2621        dlci->adaption = dlci->prev_adaption;
2622        dlci->data = dlci->prev_data;
2623        free_netdev(dlci->net);
2624        dlci->net = NULL;
2625}
2626static void net_free(struct kref *ref)
2627{
2628        struct gsm_mux_net *mux_net;
2629        struct gsm_dlci *dlci;
2630
2631        mux_net = container_of(ref, struct gsm_mux_net, ref);
2632        dlci = mux_net->dlci;
2633
2634        if (dlci->net) {
2635                unregister_netdev(dlci->net);
2636                dlci_net_free(dlci);
2637        }
2638}
2639
2640static inline void muxnet_get(struct gsm_mux_net *mux_net)
2641{
2642        kref_get(&mux_net->ref);
2643}
2644
2645static inline void muxnet_put(struct gsm_mux_net *mux_net)
2646{
2647        kref_put(&mux_net->ref, net_free);
2648}
2649
2650static int gsm_mux_net_start_xmit(struct sk_buff *skb,
2651                                      struct net_device *net)
2652{
2653        struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2654        struct gsm_dlci *dlci = mux_net->dlci;
2655        muxnet_get(mux_net);
2656
2657        skb_queue_head(&dlci->skb_list, skb);
2658        STATS(net).tx_packets++;
2659        STATS(net).tx_bytes += skb->len;
2660        gsm_dlci_data_kick(dlci);
2661        /* And tell the kernel when the last transmit started. */
2662        net->trans_start = jiffies;
2663        muxnet_put(mux_net);
2664        return NETDEV_TX_OK;
2665}
2666
2667/* called when a packet did not ack after watchdogtimeout */
2668static void gsm_mux_net_tx_timeout(struct net_device *net)
2669{
2670        /* Tell syslog we are hosed. */
2671        dev_dbg(&net->dev, "Tx timed out.\n");
2672
2673        /* Update statistics */
2674        STATS(net).tx_errors++;
2675}
2676
2677static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2678                                   unsigned char *in_buf, int size)
2679{
2680        struct net_device *net = dlci->net;
2681        struct sk_buff *skb;
2682        struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2683        muxnet_get(mux_net);
2684
2685        /* Allocate an sk_buff */
2686        skb = dev_alloc_skb(size + NET_IP_ALIGN);
2687        if (!skb) {
2688                /* We got no receive buffer. */
2689                STATS(net).rx_dropped++;
2690                muxnet_put(mux_net);
2691                return;
2692        }
2693        skb_reserve(skb, NET_IP_ALIGN);
2694        memcpy(skb_put(skb, size), in_buf, size);
2695
2696        skb->dev = net;
2697        skb->protocol = __constant_htons(ETH_P_IP);
2698
2699        /* Ship it off to the kernel */
2700        netif_rx(skb);
2701
2702        /* update out statistics */
2703        STATS(net).rx_packets++;
2704        STATS(net).rx_bytes += size;
2705        muxnet_put(mux_net);
2706        return;
2707}
2708
2709int gsm_change_mtu(struct net_device *net, int new_mtu)
2710{
2711        struct gsm_mux_net *mux_net = (struct gsm_mux_net *)netdev_priv(net);
2712        if ((new_mtu < 8) || (new_mtu > mux_net->dlci->gsm->mtu))
2713                return -EINVAL;
2714        net->mtu = new_mtu;
2715        return 0;
2716}
2717
2718static void gsm_mux_net_init(struct net_device *net)
2719{
2720        static const struct net_device_ops gsm_netdev_ops = {
2721                .ndo_open               = gsm_mux_net_open,
2722                .ndo_stop               = gsm_mux_net_close,
2723                .ndo_start_xmit         = gsm_mux_net_start_xmit,
2724                .ndo_tx_timeout         = gsm_mux_net_tx_timeout,
2725                .ndo_get_stats          = gsm_mux_net_get_stats,
2726                .ndo_change_mtu         = gsm_change_mtu,
2727        };
2728
2729        net->netdev_ops = &gsm_netdev_ops;
2730
2731        /* fill in the other fields */
2732        net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2733        net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2734        net->type = ARPHRD_NONE;
2735        net->tx_queue_len = 10;
2736}
2737
2738
2739/* caller holds the dlci mutex */
2740static void gsm_destroy_network(struct gsm_dlci *dlci)
2741{
2742        struct gsm_mux_net *mux_net;
2743
2744        pr_debug("destroy network interface");
2745        if (!dlci->net)
2746                return;
2747        mux_net = (struct gsm_mux_net *)netdev_priv(dlci->net);
2748        muxnet_put(mux_net);
2749}
2750
2751
2752/* caller holds the dlci mutex */
2753static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2754{
2755        char *netname;
2756        int retval = 0;
2757        struct net_device *net;
2758        struct gsm_mux_net *mux_net;
2759
2760        if (!capable(CAP_NET_ADMIN))
2761                return -EPERM;
2762
2763        /* Already in a non tty mode */
2764        if (dlci->adaption > 2)
2765                return -EBUSY;
2766
2767        if (nc->protocol != htons(ETH_P_IP))
2768                return -EPROTONOSUPPORT;
2769
2770        if (nc->adaption != 3 && nc->adaption != 4)
2771                return -EPROTONOSUPPORT;
2772
2773        pr_debug("create network interface");
2774
2775        netname = "gsm%d";
2776        if (nc->if_name[0] != '\0')
2777                netname = nc->if_name;
2778        net = alloc_netdev(sizeof(struct gsm_mux_net),
2779                        netname,
2780                        gsm_mux_net_init);
2781        if (!net) {
2782                pr_err("alloc_netdev failed");
2783                return -ENOMEM;
2784        }
2785        net->mtu = dlci->gsm->mtu;
2786        mux_net = (struct gsm_mux_net *)netdev_priv(net);
2787        mux_net->dlci = dlci;
2788        kref_init(&mux_net->ref);
2789        strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2790
2791        /* reconfigure dlci for network */
2792        dlci->prev_adaption = dlci->adaption;
2793        dlci->prev_data = dlci->data;
2794        dlci->adaption = nc->adaption;
2795        dlci->data = gsm_mux_rx_netchar;
2796        dlci->net = net;
2797
2798        pr_debug("register netdev");
2799        retval = register_netdev(net);
2800        if (retval) {
2801                pr_err("network register fail %d\n", retval);
2802                dlci_net_free(dlci);
2803                return retval;
2804        }
2805        return net->ifindex;    /* return network index */
2806}
2807
2808/* Line discipline for real tty */
2809struct tty_ldisc_ops tty_ldisc_packet = {
2810        .owner           = THIS_MODULE,
2811        .magic           = TTY_LDISC_MAGIC,
2812        .name            = "n_gsm",
2813        .open            = gsmld_open,
2814        .close           = gsmld_close,
2815        .flush_buffer    = gsmld_flush_buffer,
2816        .chars_in_buffer = gsmld_chars_in_buffer,
2817        .read            = gsmld_read,
2818        .write           = gsmld_write,
2819        .ioctl           = gsmld_ioctl,
2820        .poll            = gsmld_poll,
2821        .receive_buf     = gsmld_receive_buf,
2822        .write_wakeup    = gsmld_write_wakeup
2823};
2824
2825/*
2826 *      Virtual tty side
2827 */
2828
2829#define TX_SIZE         512
2830
2831static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2832{
2833        u8 modembits[5];
2834        struct gsm_control *ctrl;
2835        int len = 2;
2836
2837        if (brk)
2838                len++;
2839
2840        modembits[0] = len << 1 | EA;           /* Data bytes */
2841        modembits[1] = dlci->addr << 2 | 3;     /* DLCI, EA, 1 */
2842        modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2843        if (brk)
2844                modembits[3] = brk << 4 | 2 | EA;       /* Valid, EA */
2845        ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
2846        if (ctrl == NULL)
2847                return -ENOMEM;
2848        return gsm_control_wait(dlci->gsm, ctrl);
2849}
2850
2851static int gsm_carrier_raised(struct tty_port *port)
2852{
2853        struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2854        /* Not yet open so no carrier info */
2855        if (dlci->state != DLCI_OPEN)
2856                return 0;
2857        if (debug & 2)
2858                return 1;
2859        return dlci->modem_rx & TIOCM_CD;
2860}
2861
2862static void gsm_dtr_rts(struct tty_port *port, int onoff)
2863{
2864        struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
2865        unsigned int modem_tx = dlci->modem_tx;
2866        if (onoff)
2867                modem_tx |= TIOCM_DTR | TIOCM_RTS;
2868        else
2869                modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
2870        if (modem_tx != dlci->modem_tx) {
2871                dlci->modem_tx = modem_tx;
2872                gsmtty_modem_update(dlci, 0);
2873        }
2874}
2875
2876static const struct tty_port_operations gsm_port_ops = {
2877        .carrier_raised = gsm_carrier_raised,
2878        .dtr_rts = gsm_dtr_rts,
2879};
2880
2881
2882static int gsmtty_open(struct tty_struct *tty, struct file *filp)
2883{
2884        struct gsm_mux *gsm;
2885        struct gsm_dlci *dlci;
2886        struct tty_port *port;
2887        unsigned int line = tty->index;
2888        unsigned int mux = line >> 6;
2889
2890        line = line & 0x3F;
2891
2892        if (mux >= MAX_MUX)
2893                return -ENXIO;
2894        /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
2895        if (gsm_mux[mux] == NULL)
2896                return -EUNATCH;
2897        if (line == 0 || line > 61)     /* 62/63 reserved */
2898                return -ECHRNG;
2899        gsm = gsm_mux[mux];
2900        if (gsm->dead)
2901                return -EL2HLT;
2902        /* If DLCI 0 is not yet fully open return an error. This is ok from a locking
2903           perspective as we don't have to worry about this if DLCI0 is lost */
2904        if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN)
2905                return -EL2NSYNC;
2906        dlci = gsm->dlci[line];
2907        if (dlci == NULL)
2908                dlci = gsm_dlci_alloc(gsm, line);
2909        if (dlci == NULL)
2910                return -ENOMEM;
2911        port = &dlci->port;
2912        port->count++;
2913        tty->driver_data = dlci;
2914        dlci_get(dlci);
2915        dlci_get(dlci->gsm->dlci[0]);
2916        mux_get(dlci->gsm);
2917        tty_port_tty_set(port, tty);
2918
2919        dlci->modem_rx = 0;
2920        /* We could in theory open and close before we wait - eg if we get
2921           a DM straight back. This is ok as that will have caused a hangup */
2922        set_bit(ASYNCB_INITIALIZED, &port->flags);
2923        /* Start sending off SABM messages */
2924        gsm_dlci_begin_open(dlci);
2925        /* And wait for virtual carrier */
2926        return tty_port_block_til_ready(port, tty, filp);
2927}
2928
2929static void gsmtty_close(struct tty_struct *tty, struct file *filp)
2930{
2931        struct gsm_dlci *dlci = tty->driver_data;
2932        struct gsm_mux *gsm;
2933
2934        if (dlci == NULL)
2935                return;
2936        mutex_lock(&dlci->mutex);
2937        gsm_destroy_network(dlci);
2938        mutex_unlock(&dlci->mutex);
2939        gsm = dlci->gsm;
2940        if (tty_port_close_start(&dlci->port, tty, filp) == 0)
2941                goto out;
2942        gsm_dlci_begin_close(dlci);
2943        tty_port_close_end(&dlci->port, tty);
2944        tty_port_tty_set(&dlci->port, NULL);
2945out:
2946        dlci_put(dlci);
2947        dlci_put(gsm->dlci[0]);
2948        mux_put(gsm);
2949}
2950
2951static void gsmtty_hangup(struct tty_struct *tty)
2952{
2953        struct gsm_dlci *dlci = tty->driver_data;
2954        tty_port_hangup(&dlci->port);
2955        gsm_dlci_begin_close(dlci);
2956}
2957
2958static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
2959                                                                    int len)
2960{
2961        struct gsm_dlci *dlci = tty->driver_data;
2962        /* Stuff the bytes into the fifo queue */
2963        int sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock);
2964        /* Need to kick the channel */
2965        gsm_dlci_data_kick(dlci);
2966        return sent;
2967}
2968
2969static int gsmtty_write_room(struct tty_struct *tty)
2970{
2971        struct gsm_dlci *dlci = tty->driver_data;
2972        return TX_SIZE - kfifo_len(dlci->fifo);
2973}
2974
2975static int gsmtty_chars_in_buffer(struct tty_struct *tty)
2976{
2977        struct gsm_dlci *dlci = tty->driver_data;
2978        return kfifo_len(dlci->fifo);
2979}
2980
2981static void gsmtty_flush_buffer(struct tty_struct *tty)
2982{
2983        struct gsm_dlci *dlci = tty->driver_data;
2984        /* Caution needed: If we implement reliable transport classes
2985           then the data being transmitted can't simply be junked once
2986           it has first hit the stack. Until then we can just blow it
2987           away */
2988        kfifo_reset(dlci->fifo);
2989        /* Need to unhook this DLCI from the transmit queue logic */
2990}
2991
2992static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
2993{
2994        /* The FIFO handles the queue so the kernel will do the right
2995           thing waiting on chars_in_buffer before calling us. No work
2996           to do here */
2997}
2998
2999static int gsmtty_tiocmget(struct tty_struct *tty)
3000{
3001        struct gsm_dlci *dlci = tty->driver_data;
3002        return dlci->modem_rx;
3003}
3004
3005static int gsmtty_tiocmset(struct tty_struct *tty,
3006        unsigned int set, unsigned int clear)
3007{
3008        struct gsm_dlci *dlci = tty->driver_data;
3009        unsigned int modem_tx = dlci->modem_tx;
3010
3011        modem_tx &= ~clear;
3012        modem_tx |= set;
3013
3014        if (modem_tx != dlci->modem_tx) {
3015                dlci->modem_tx = modem_tx;
3016                return gsmtty_modem_update(dlci, 0);
3017        }
3018        return 0;
3019}
3020
3021
3022static int gsmtty_ioctl(struct tty_struct *tty,
3023                        unsigned int cmd, unsigned long arg)
3024{
3025        struct gsm_dlci *dlci = tty->driver_data;
3026        struct gsm_netconfig nc;
3027        int index;
3028
3029        switch (cmd) {
3030        case GSMIOC_ENABLE_NET:
3031                if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3032                        return -EFAULT;
3033                nc.if_name[IFNAMSIZ-1] = '\0';
3034                /* return net interface index or error code */
3035                mutex_lock(&dlci->mutex);
3036                index = gsm_create_network(dlci, &nc);
3037                mutex_unlock(&dlci->mutex);
3038                if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3039                        return -EFAULT;
3040                return index;
3041        case GSMIOC_DISABLE_NET:
3042                if (!capable(CAP_NET_ADMIN))
3043                        return -EPERM;
3044                mutex_lock(&dlci->mutex);
3045                gsm_destroy_network(dlci);
3046                mutex_unlock(&dlci->mutex);
3047                return 0;
3048        default:
3049                return -ENOIOCTLCMD;
3050        }
3051}
3052
3053static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3054{
3055        /* For the moment its fixed. In actual fact the speed information
3056           for the virtual channel can be propogated in both directions by
3057           the RPN control message. This however rapidly gets nasty as we
3058           then have to remap modem signals each way according to whether
3059           our virtual cable is null modem etc .. */
3060        tty_termios_copy_hw(tty->termios, old);
3061}
3062
3063static void gsmtty_throttle(struct tty_struct *tty)
3064{
3065        struct gsm_dlci *dlci = tty->driver_data;
3066        if (tty->termios->c_cflag & CRTSCTS)
3067                dlci->modem_tx &= ~TIOCM_DTR;
3068        dlci->throttled = 1;
3069        /* Send an MSC with DTR cleared */
3070        gsmtty_modem_update(dlci, 0);
3071}
3072
3073static void gsmtty_unthrottle(struct tty_struct *tty)
3074{
3075        struct gsm_dlci *dlci = tty->driver_data;
3076        if (tty->termios->c_cflag & CRTSCTS)
3077                dlci->modem_tx |= TIOCM_DTR;
3078        dlci->throttled = 0;
3079        /* Send an MSC with DTR set */
3080        gsmtty_modem_update(dlci, 0);
3081}
3082
3083static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3084{
3085        struct gsm_dlci *dlci = tty->driver_data;
3086        int encode = 0; /* Off */
3087
3088        if (state == -1)        /* "On indefinitely" - we can't encode this
3089                                    properly */
3090                encode = 0x0F;
3091        else if (state > 0) {
3092                encode = state / 200;   /* mS to encoding */
3093                if (encode > 0x0F)
3094                        encode = 0x0F;  /* Best effort */
3095        }
3096        return gsmtty_modem_update(dlci, encode);
3097}
3098
3099
3100/* Virtual ttys for the demux */
3101static const struct tty_operations gsmtty_ops = {
3102        .open                   = gsmtty_open,
3103        .close                  = gsmtty_close,
3104        .write                  = gsmtty_write,
3105        .write_room             = gsmtty_write_room,
3106        .chars_in_buffer        = gsmtty_chars_in_buffer,
3107        .flush_buffer           = gsmtty_flush_buffer,
3108        .ioctl                  = gsmtty_ioctl,
3109        .throttle               = gsmtty_throttle,
3110        .unthrottle             = gsmtty_unthrottle,
3111        .set_termios            = gsmtty_set_termios,
3112        .hangup                 = gsmtty_hangup,
3113        .wait_until_sent        = gsmtty_wait_until_sent,
3114        .tiocmget               = gsmtty_tiocmget,
3115        .tiocmset               = gsmtty_tiocmset,
3116        .break_ctl              = gsmtty_break_ctl,
3117};
3118
3119
3120
3121static int __init gsm_init(void)
3122{
3123        /* Fill in our line protocol discipline, and register it */
3124        int status = tty_register_ldisc(N_GSM0710, &tty_ldisc_packet);
3125        if (status != 0) {
3126                pr_err("n_gsm: can't register line discipline (err = %d)\n",
3127                                                                status);
3128                return status;
3129        }
3130
3131        gsm_tty_driver = alloc_tty_driver(256);
3132        if (!gsm_tty_driver) {
3133                tty_unregister_ldisc(N_GSM0710);
3134                pr_err("gsm_init: tty allocation failed.\n");
3135                return -EINVAL;
3136        }
3137        gsm_tty_driver->driver_name     = "gsmtty";
3138        gsm_tty_driver->name            = "gsmtty";
3139        gsm_tty_driver->major           = 0;    /* Dynamic */
3140        gsm_tty_driver->minor_start     = 0;
3141        gsm_tty_driver->type            = TTY_DRIVER_TYPE_SERIAL;
3142        gsm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
3143        gsm_tty_driver->flags   = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV
3144                                                | TTY_DRIVER_HARDWARE_BREAK;
3145        gsm_tty_driver->init_termios    = tty_std_termios;
3146        /* Fixme */
3147        gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3148        tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3149
3150        spin_lock_init(&gsm_mux_lock);
3151
3152        if (tty_register_driver(gsm_tty_driver)) {
3153                put_tty_driver(gsm_tty_driver);
3154                tty_unregister_ldisc(N_GSM0710);
3155                pr_err("gsm_init: tty registration failed.\n");
3156                return -EBUSY;
3157        }
3158        pr_debug("gsm_init: loaded as %d,%d.\n",
3159                        gsm_tty_driver->major, gsm_tty_driver->minor_start);
3160        return 0;
3161}
3162
3163static void __exit gsm_exit(void)
3164{
3165        int status = tty_unregister_ldisc(N_GSM0710);
3166        if (status != 0)
3167                pr_err("n_gsm: can't unregister line discipline (err = %d)\n",
3168                                                                status);
3169        tty_unregister_driver(gsm_tty_driver);
3170        put_tty_driver(gsm_tty_driver);
3171}
3172
3173module_init(gsm_init);
3174module_exit(gsm_exit);
3175
3176
3177MODULE_LICENSE("GPL");
3178MODULE_ALIAS_LDISC(N_GSM0710);
3179
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.