drivers/net/ppp_async.c at v2.6.15-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / net / ppp_async.c
at v2.6.15-rc2 1044 lines 24 kB view raw
   1/*
   2 * PPP async serial channel driver for Linux.
   3 *
   4 * Copyright 1999 Paul Mackerras.
   5 *
   6 *  This program is free software; you can redistribute it and/or
   7 *  modify it under the terms of the GNU General Public License
   8 *  as published by the Free Software Foundation; either version
   9 *  2 of the License, or (at your option) any later version.
  10 *
  11 * This driver provides the encapsulation and framing for sending
  12 * and receiving PPP frames over async serial lines.  It relies on
  13 * the generic PPP layer to give it frames to send and to process
  14 * received frames.  It implements the PPP line discipline.
  15 *
  16 * Part of the code in this driver was inspired by the old async-only
  17 * PPP driver, written by Michael Callahan and Al Longyear, and
  18 * subsequently hacked by Paul Mackerras.
  19 */
  20
  21#include <linux/module.h>
  22#include <linux/kernel.h>
  23#include <linux/skbuff.h>
  24#include <linux/tty.h>
  25#include <linux/netdevice.h>
  26#include <linux/poll.h>
  27#include <linux/crc-ccitt.h>
  28#include <linux/ppp_defs.h>
  29#include <linux/if_ppp.h>
  30#include <linux/ppp_channel.h>
  31#include <linux/spinlock.h>
  32#include <linux/init.h>
  33#include <asm/uaccess.h>
  34#include <asm/string.h>
  35
  36#define PPP_VERSION	"2.4.2"
  37
  38#define OBUFSIZE	256
  39
  40/* Structure for storing local state. */
  41struct asyncppp {
  42	struct tty_struct *tty;
  43	unsigned int	flags;
  44	unsigned int	state;
  45	unsigned int	rbits;
  46	int		mru;
  47	spinlock_t	xmit_lock;
  48	spinlock_t	recv_lock;
  49	unsigned long	xmit_flags;
  50	u32		xaccm[8];
  51	u32		raccm;
  52	unsigned int	bytes_sent;
  53	unsigned int	bytes_rcvd;
  54
  55	struct sk_buff	*tpkt;
  56	int		tpkt_pos;
  57	u16		tfcs;
  58	unsigned char	*optr;
  59	unsigned char	*olim;
  60	unsigned long	last_xmit;
  61
  62	struct sk_buff	*rpkt;
  63	int		lcp_fcs;
  64	struct sk_buff_head rqueue;
  65
  66	struct tasklet_struct tsk;
  67
  68	atomic_t	refcnt;
  69	struct semaphore dead_sem;
  70	struct ppp_channel chan;	/* interface to generic ppp layer */
  71	unsigned char	obuf[OBUFSIZE];
  72};
  73
  74/* Bit numbers in xmit_flags */
  75#define XMIT_WAKEUP	0
  76#define XMIT_FULL	1
  77#define XMIT_BUSY	2
  78
  79/* State bits */
  80#define SC_TOSS		1
  81#define SC_ESCAPE	2
  82#define SC_PREV_ERROR	4
  83
  84/* Bits in rbits */
  85#define SC_RCV_BITS	(SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
  86
  87static int flag_time = HZ;
  88module_param(flag_time, int, 0);
  89MODULE_PARM_DESC(flag_time, "ppp_async: interval between flagged packets (in clock ticks)");
  90MODULE_LICENSE("GPL");
  91MODULE_ALIAS_LDISC(N_PPP);
  92
  93/*
  94 * Prototypes.
  95 */
  96static int ppp_async_encode(struct asyncppp *ap);
  97static int ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb);
  98static int ppp_async_push(struct asyncppp *ap);
  99static void ppp_async_flush_output(struct asyncppp *ap);
 100static void ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
 101			    char *flags, int count);
 102static int ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd,
 103			   unsigned long arg);
 104static void ppp_async_process(unsigned long arg);
 105
 106static void async_lcp_peek(struct asyncppp *ap, unsigned char *data,
 107			   int len, int inbound);
 108
 109static struct ppp_channel_ops async_ops = {
 110	ppp_async_send,
 111	ppp_async_ioctl
 112};
 113
 114/*
 115 * Routines implementing the PPP line discipline.
 116 */
 117
 118/*
 119 * We have a potential race on dereferencing tty->disc_data,
 120 * because the tty layer provides no locking at all - thus one
 121 * cpu could be running ppp_asynctty_receive while another
 122 * calls ppp_asynctty_close, which zeroes tty->disc_data and
 123 * frees the memory that ppp_asynctty_receive is using.  The best
 124 * way to fix this is to use a rwlock in the tty struct, but for now
 125 * we use a single global rwlock for all ttys in ppp line discipline.
 126 *
 127 * FIXME: this is no longer true. The _close path for the ldisc is 
 128 * now guaranteed to be sane. 
 129 */
 130static DEFINE_RWLOCK(disc_data_lock);
 131
 132static struct asyncppp *ap_get(struct tty_struct *tty)
 133{
 134	struct asyncppp *ap;
 135
 136	read_lock(&disc_data_lock);
 137	ap = tty->disc_data;
 138	if (ap != NULL)
 139		atomic_inc(&ap->refcnt);
 140	read_unlock(&disc_data_lock);
 141	return ap;
 142}
 143
 144static void ap_put(struct asyncppp *ap)
 145{
 146	if (atomic_dec_and_test(&ap->refcnt))
 147		up(&ap->dead_sem);
 148}
 149
 150/*
 151 * Called when a tty is put into PPP line discipline. Called in process
 152 * context.
 153 */
 154static int
 155ppp_asynctty_open(struct tty_struct *tty)
 156{
 157	struct asyncppp *ap;
 158	int err;
 159
 160	err = -ENOMEM;
 161	ap = kmalloc(sizeof(*ap), GFP_KERNEL);
 162	if (ap == 0)
 163		goto out;
 164
 165	/* initialize the asyncppp structure */
 166	memset(ap, 0, sizeof(*ap));
 167	ap->tty = tty;
 168	ap->mru = PPP_MRU;
 169	spin_lock_init(&ap->xmit_lock);
 170	spin_lock_init(&ap->recv_lock);
 171	ap->xaccm[0] = ~0U;
 172	ap->xaccm[3] = 0x60000000U;
 173	ap->raccm = ~0U;
 174	ap->optr = ap->obuf;
 175	ap->olim = ap->obuf;
 176	ap->lcp_fcs = -1;
 177
 178	skb_queue_head_init(&ap->rqueue);
 179	tasklet_init(&ap->tsk, ppp_async_process, (unsigned long) ap);
 180
 181	atomic_set(&ap->refcnt, 1);
 182	init_MUTEX_LOCKED(&ap->dead_sem);
 183
 184	ap->chan.private = ap;
 185	ap->chan.ops = &async_ops;
 186	ap->chan.mtu = PPP_MRU;
 187	err = ppp_register_channel(&ap->chan);
 188	if (err)
 189		goto out_free;
 190
 191	tty->disc_data = ap;
 192
 193	return 0;
 194
 195 out_free:
 196	kfree(ap);
 197 out:
 198	return err;
 199}
 200
 201/*
 202 * Called when the tty is put into another line discipline
 203 * or it hangs up.  We have to wait for any cpu currently
 204 * executing in any of the other ppp_asynctty_* routines to
 205 * finish before we can call ppp_unregister_channel and free
 206 * the asyncppp struct.  This routine must be called from
 207 * process context, not interrupt or softirq context.
 208 */
 209static void
 210ppp_asynctty_close(struct tty_struct *tty)
 211{
 212	struct asyncppp *ap;
 213
 214	write_lock_irq(&disc_data_lock);
 215	ap = tty->disc_data;
 216	tty->disc_data = NULL;
 217	write_unlock_irq(&disc_data_lock);
 218	if (ap == 0)
 219		return;
 220
 221	/*
 222	 * We have now ensured that nobody can start using ap from now
 223	 * on, but we have to wait for all existing users to finish.
 224	 * Note that ppp_unregister_channel ensures that no calls to
 225	 * our channel ops (i.e. ppp_async_send/ioctl) are in progress
 226	 * by the time it returns.
 227	 */
 228	if (!atomic_dec_and_test(&ap->refcnt))
 229		down(&ap->dead_sem);
 230	tasklet_kill(&ap->tsk);
 231
 232	ppp_unregister_channel(&ap->chan);
 233	if (ap->rpkt != 0)
 234		kfree_skb(ap->rpkt);
 235	skb_queue_purge(&ap->rqueue);
 236	if (ap->tpkt != 0)
 237		kfree_skb(ap->tpkt);
 238	kfree(ap);
 239}
 240
 241/*
 242 * Called on tty hangup in process context.
 243 *
 244 * Wait for I/O to driver to complete and unregister PPP channel.
 245 * This is already done by the close routine, so just call that.
 246 */
 247static int ppp_asynctty_hangup(struct tty_struct *tty)
 248{
 249	ppp_asynctty_close(tty);
 250	return 0;
 251}
 252
 253/*
 254 * Read does nothing - no data is ever available this way.
 255 * Pppd reads and writes packets via /dev/ppp instead.
 256 */
 257static ssize_t
 258ppp_asynctty_read(struct tty_struct *tty, struct file *file,
 259		  unsigned char __user *buf, size_t count)
 260{
 261	return -EAGAIN;
 262}
 263
 264/*
 265 * Write on the tty does nothing, the packets all come in
 266 * from the ppp generic stuff.
 267 */
 268static ssize_t
 269ppp_asynctty_write(struct tty_struct *tty, struct file *file,
 270		   const unsigned char *buf, size_t count)
 271{
 272	return -EAGAIN;
 273}
 274
 275/*
 276 * Called in process context only. May be re-entered by multiple
 277 * ioctl calling threads.
 278 */
 279 
 280static int
 281ppp_asynctty_ioctl(struct tty_struct *tty, struct file *file,
 282		   unsigned int cmd, unsigned long arg)
 283{
 284	struct asyncppp *ap = ap_get(tty);
 285	int err, val;
 286	int __user *p = (int __user *)arg;
 287
 288	if (ap == 0)
 289		return -ENXIO;
 290	err = -EFAULT;
 291	switch (cmd) {
 292	case PPPIOCGCHAN:
 293		err = -ENXIO;
 294		if (ap == 0)
 295			break;
 296		err = -EFAULT;
 297		if (put_user(ppp_channel_index(&ap->chan), p))
 298			break;
 299		err = 0;
 300		break;
 301
 302	case PPPIOCGUNIT:
 303		err = -ENXIO;
 304		if (ap == 0)
 305			break;
 306		err = -EFAULT;
 307		if (put_user(ppp_unit_number(&ap->chan), p))
 308			break;
 309		err = 0;
 310		break;
 311
 312	case TCGETS:
 313	case TCGETA:
 314		err = n_tty_ioctl(tty, file, cmd, arg);
 315		break;
 316
 317	case TCFLSH:
 318		/* flush our buffers and the serial port's buffer */
 319		if (arg == TCIOFLUSH || arg == TCOFLUSH)
 320			ppp_async_flush_output(ap);
 321		err = n_tty_ioctl(tty, file, cmd, arg);
 322		break;
 323
 324	case FIONREAD:
 325		val = 0;
 326		if (put_user(val, p))
 327			break;
 328		err = 0;
 329		break;
 330
 331	default:
 332		err = -ENOIOCTLCMD;
 333	}
 334
 335	ap_put(ap);
 336	return err;
 337}
 338
 339/* No kernel lock - fine */
 340static unsigned int
 341ppp_asynctty_poll(struct tty_struct *tty, struct file *file, poll_table *wait)
 342{
 343	return 0;
 344}
 345
 346static int
 347ppp_asynctty_room(struct tty_struct *tty)
 348{
 349	return 65535;
 350}
 351
 352/*
 353 * This can now be called from hard interrupt level as well
 354 * as soft interrupt level or mainline.
 355 */
 356static void
 357ppp_asynctty_receive(struct tty_struct *tty, const unsigned char *buf,
 358		  char *cflags, int count)
 359{
 360	struct asyncppp *ap = ap_get(tty);
 361	unsigned long flags;
 362
 363	if (ap == 0)
 364		return;
 365	spin_lock_irqsave(&ap->recv_lock, flags);
 366	ppp_async_input(ap, buf, cflags, count);
 367	spin_unlock_irqrestore(&ap->recv_lock, flags);
 368	if (!skb_queue_empty(&ap->rqueue))
 369		tasklet_schedule(&ap->tsk);
 370	ap_put(ap);
 371	if (test_and_clear_bit(TTY_THROTTLED, &tty->flags)
 372	    && tty->driver->unthrottle)
 373		tty->driver->unthrottle(tty);
 374}
 375
 376static void
 377ppp_asynctty_wakeup(struct tty_struct *tty)
 378{
 379	struct asyncppp *ap = ap_get(tty);
 380
 381	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 382	if (ap == 0)
 383		return;
 384	set_bit(XMIT_WAKEUP, &ap->xmit_flags);
 385	tasklet_schedule(&ap->tsk);
 386	ap_put(ap);
 387}
 388
 389
 390static struct tty_ldisc ppp_ldisc = {
 391	.owner  = THIS_MODULE,
 392	.magic	= TTY_LDISC_MAGIC,
 393	.name	= "ppp",
 394	.open	= ppp_asynctty_open,
 395	.close	= ppp_asynctty_close,
 396	.hangup	= ppp_asynctty_hangup,
 397	.read	= ppp_asynctty_read,
 398	.write	= ppp_asynctty_write,
 399	.ioctl	= ppp_asynctty_ioctl,
 400	.poll	= ppp_asynctty_poll,
 401	.receive_room = ppp_asynctty_room,
 402	.receive_buf = ppp_asynctty_receive,
 403	.write_wakeup = ppp_asynctty_wakeup,
 404};
 405
 406static int __init
 407ppp_async_init(void)
 408{
 409	int err;
 410
 411	err = tty_register_ldisc(N_PPP, &ppp_ldisc);
 412	if (err != 0)
 413		printk(KERN_ERR "PPP_async: error %d registering line disc.\n",
 414		       err);
 415	return err;
 416}
 417
 418/*
 419 * The following routines provide the PPP channel interface.
 420 */
 421static int
 422ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
 423{
 424	struct asyncppp *ap = chan->private;
 425	void __user *argp = (void __user *)arg;
 426	int __user *p = argp;
 427	int err, val;
 428	u32 accm[8];
 429
 430	err = -EFAULT;
 431	switch (cmd) {
 432	case PPPIOCGFLAGS:
 433		val = ap->flags | ap->rbits;
 434		if (put_user(val, p))
 435			break;
 436		err = 0;
 437		break;
 438	case PPPIOCSFLAGS:
 439		if (get_user(val, p))
 440			break;
 441		ap->flags = val & ~SC_RCV_BITS;
 442		spin_lock_irq(&ap->recv_lock);
 443		ap->rbits = val & SC_RCV_BITS;
 444		spin_unlock_irq(&ap->recv_lock);
 445		err = 0;
 446		break;
 447
 448	case PPPIOCGASYNCMAP:
 449		if (put_user(ap->xaccm[0], (u32 __user *)argp))
 450			break;
 451		err = 0;
 452		break;
 453	case PPPIOCSASYNCMAP:
 454		if (get_user(ap->xaccm[0], (u32 __user *)argp))
 455			break;
 456		err = 0;
 457		break;
 458
 459	case PPPIOCGRASYNCMAP:
 460		if (put_user(ap->raccm, (u32 __user *)argp))
 461			break;
 462		err = 0;
 463		break;
 464	case PPPIOCSRASYNCMAP:
 465		if (get_user(ap->raccm, (u32 __user *)argp))
 466			break;
 467		err = 0;
 468		break;
 469
 470	case PPPIOCGXASYNCMAP:
 471		if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
 472			break;
 473		err = 0;
 474		break;
 475	case PPPIOCSXASYNCMAP:
 476		if (copy_from_user(accm, argp, sizeof(accm)))
 477			break;
 478		accm[2] &= ~0x40000000U;	/* can't escape 0x5e */
 479		accm[3] |= 0x60000000U;		/* must escape 0x7d, 0x7e */
 480		memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
 481		err = 0;
 482		break;
 483
 484	case PPPIOCGMRU:
 485		if (put_user(ap->mru, p))
 486			break;
 487		err = 0;
 488		break;
 489	case PPPIOCSMRU:
 490		if (get_user(val, p))
 491			break;
 492		if (val < PPP_MRU)
 493			val = PPP_MRU;
 494		ap->mru = val;
 495		err = 0;
 496		break;
 497
 498	default:
 499		err = -ENOTTY;
 500	}
 501
 502	return err;
 503}
 504
 505/*
 506 * This is called at softirq level to deliver received packets
 507 * to the ppp_generic code, and to tell the ppp_generic code
 508 * if we can accept more output now.
 509 */
 510static void ppp_async_process(unsigned long arg)
 511{
 512	struct asyncppp *ap = (struct asyncppp *) arg;
 513	struct sk_buff *skb;
 514
 515	/* process received packets */
 516	while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
 517		if (skb->cb[0])
 518			ppp_input_error(&ap->chan, 0);
 519		ppp_input(&ap->chan, skb);
 520	}
 521
 522	/* try to push more stuff out */
 523	if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_async_push(ap))
 524		ppp_output_wakeup(&ap->chan);
 525}
 526
 527/*
 528 * Procedures for encapsulation and framing.
 529 */
 530
 531/*
 532 * Procedure to encode the data for async serial transmission.
 533 * Does octet stuffing (escaping), puts the address/control bytes
 534 * on if A/C compression is disabled, and does protocol compression.
 535 * Assumes ap->tpkt != 0 on entry.
 536 * Returns 1 if we finished the current frame, 0 otherwise.
 537 */
 538
 539#define PUT_BYTE(ap, buf, c, islcp)	do {		\
 540	if ((islcp && c < 0x20) || (ap->xaccm[c >> 5] & (1 << (c & 0x1f)))) {\
 541		*buf++ = PPP_ESCAPE;			\
 542		*buf++ = c ^ 0x20;			\
 543	} else						\
 544		*buf++ = c;				\
 545} while (0)
 546
 547static int
 548ppp_async_encode(struct asyncppp *ap)
 549{
 550	int fcs, i, count, c, proto;
 551	unsigned char *buf, *buflim;
 552	unsigned char *data;
 553	int islcp;
 554
 555	buf = ap->obuf;
 556	ap->olim = buf;
 557	ap->optr = buf;
 558	i = ap->tpkt_pos;
 559	data = ap->tpkt->data;
 560	count = ap->tpkt->len;
 561	fcs = ap->tfcs;
 562	proto = (data[0] << 8) + data[1];
 563
 564	/*
 565	 * LCP packets with code values between 1 (configure-reqest)
 566	 * and 7 (code-reject) must be sent as though no options
 567	 * had been negotiated.
 568	 */
 569	islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
 570
 571	if (i == 0) {
 572		if (islcp)
 573			async_lcp_peek(ap, data, count, 0);
 574
 575		/*
 576		 * Start of a new packet - insert the leading FLAG
 577		 * character if necessary.
 578		 */
 579		if (islcp || flag_time == 0
 580		    || jiffies - ap->last_xmit >= flag_time)
 581			*buf++ = PPP_FLAG;
 582		ap->last_xmit = jiffies;
 583		fcs = PPP_INITFCS;
 584
 585		/*
 586		 * Put in the address/control bytes if necessary
 587		 */
 588		if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
 589			PUT_BYTE(ap, buf, 0xff, islcp);
 590			fcs = PPP_FCS(fcs, 0xff);
 591			PUT_BYTE(ap, buf, 0x03, islcp);
 592			fcs = PPP_FCS(fcs, 0x03);
 593		}
 594	}
 595
 596	/*
 597	 * Once we put in the last byte, we need to put in the FCS
 598	 * and closing flag, so make sure there is at least 7 bytes
 599	 * of free space in the output buffer.
 600	 */
 601	buflim = ap->obuf + OBUFSIZE - 6;
 602	while (i < count && buf < buflim) {
 603		c = data[i++];
 604		if (i == 1 && c == 0 && (ap->flags & SC_COMP_PROT))
 605			continue;	/* compress protocol field */
 606		fcs = PPP_FCS(fcs, c);
 607		PUT_BYTE(ap, buf, c, islcp);
 608	}
 609
 610	if (i < count) {
 611		/*
 612		 * Remember where we are up to in this packet.
 613		 */
 614		ap->olim = buf;
 615		ap->tpkt_pos = i;
 616		ap->tfcs = fcs;
 617		return 0;
 618	}
 619
 620	/*
 621	 * We have finished the packet.  Add the FCS and flag.
 622	 */
 623	fcs = ~fcs;
 624	c = fcs & 0xff;
 625	PUT_BYTE(ap, buf, c, islcp);
 626	c = (fcs >> 8) & 0xff;
 627	PUT_BYTE(ap, buf, c, islcp);
 628	*buf++ = PPP_FLAG;
 629	ap->olim = buf;
 630
 631	kfree_skb(ap->tpkt);
 632	ap->tpkt = NULL;
 633	return 1;
 634}
 635
 636/*
 637 * Transmit-side routines.
 638 */
 639
 640/*
 641 * Send a packet to the peer over an async tty line.
 642 * Returns 1 iff the packet was accepted.
 643 * If the packet was not accepted, we will call ppp_output_wakeup
 644 * at some later time.
 645 */
 646static int
 647ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb)
 648{
 649	struct asyncppp *ap = chan->private;
 650
 651	ppp_async_push(ap);
 652
 653	if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
 654		return 0;	/* already full */
 655	ap->tpkt = skb;
 656	ap->tpkt_pos = 0;
 657
 658	ppp_async_push(ap);
 659	return 1;
 660}
 661
 662/*
 663 * Push as much data as possible out to the tty.
 664 */
 665static int
 666ppp_async_push(struct asyncppp *ap)
 667{
 668	int avail, sent, done = 0;
 669	struct tty_struct *tty = ap->tty;
 670	int tty_stuffed = 0;
 671
 672	/*
 673	 * We can get called recursively here if the tty write
 674	 * function calls our wakeup function.  This can happen
 675	 * for example on a pty with both the master and slave
 676	 * set to PPP line discipline.
 677	 * We use the XMIT_BUSY bit to detect this and get out,
 678	 * leaving the XMIT_WAKEUP bit set to tell the other
 679	 * instance that it may now be able to write more now.
 680	 */
 681	if (test_and_set_bit(XMIT_BUSY, &ap->xmit_flags))
 682		return 0;
 683	spin_lock_bh(&ap->xmit_lock);
 684	for (;;) {
 685		if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
 686			tty_stuffed = 0;
 687		if (!tty_stuffed && ap->optr < ap->olim) {
 688			avail = ap->olim - ap->optr;
 689			set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 690			sent = tty->driver->write(tty, ap->optr, avail);
 691			if (sent < 0)
 692				goto flush;	/* error, e.g. loss of CD */
 693			ap->optr += sent;
 694			if (sent < avail)
 695				tty_stuffed = 1;
 696			continue;
 697		}
 698		if (ap->optr >= ap->olim && ap->tpkt != 0) {
 699			if (ppp_async_encode(ap)) {
 700				/* finished processing ap->tpkt */
 701				clear_bit(XMIT_FULL, &ap->xmit_flags);
 702				done = 1;
 703			}
 704			continue;
 705		}
 706		/*
 707		 * We haven't made any progress this time around.
 708		 * Clear XMIT_BUSY to let other callers in, but
 709		 * after doing so we have to check if anyone set
 710		 * XMIT_WAKEUP since we last checked it.  If they
 711		 * did, we should try again to set XMIT_BUSY and go
 712		 * around again in case XMIT_BUSY was still set when
 713		 * the other caller tried.
 714		 */
 715		clear_bit(XMIT_BUSY, &ap->xmit_flags);
 716		/* any more work to do? if not, exit the loop */
 717		if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags)
 718		      || (!tty_stuffed && ap->tpkt != 0)))
 719			break;
 720		/* more work to do, see if we can do it now */
 721		if (test_and_set_bit(XMIT_BUSY, &ap->xmit_flags))
 722			break;
 723	}
 724	spin_unlock_bh(&ap->xmit_lock);
 725	return done;
 726
 727flush:
 728	clear_bit(XMIT_BUSY, &ap->xmit_flags);
 729	if (ap->tpkt != 0) {
 730		kfree_skb(ap->tpkt);
 731		ap->tpkt = NULL;
 732		clear_bit(XMIT_FULL, &ap->xmit_flags);
 733		done = 1;
 734	}
 735	ap->optr = ap->olim;
 736	spin_unlock_bh(&ap->xmit_lock);
 737	return done;
 738}
 739
 740/*
 741 * Flush output from our internal buffers.
 742 * Called for the TCFLSH ioctl. Can be entered in parallel
 743 * but this is covered by the xmit_lock.
 744 */
 745static void
 746ppp_async_flush_output(struct asyncppp *ap)
 747{
 748	int done = 0;
 749
 750	spin_lock_bh(&ap->xmit_lock);
 751	ap->optr = ap->olim;
 752	if (ap->tpkt != NULL) {
 753		kfree_skb(ap->tpkt);
 754		ap->tpkt = NULL;
 755		clear_bit(XMIT_FULL, &ap->xmit_flags);
 756		done = 1;
 757	}
 758	spin_unlock_bh(&ap->xmit_lock);
 759	if (done)
 760		ppp_output_wakeup(&ap->chan);
 761}
 762
 763/*
 764 * Receive-side routines.
 765 */
 766
 767/* see how many ordinary chars there are at the start of buf */
 768static inline int
 769scan_ordinary(struct asyncppp *ap, const unsigned char *buf, int count)
 770{
 771	int i, c;
 772
 773	for (i = 0; i < count; ++i) {
 774		c = buf[i];
 775		if (c == PPP_ESCAPE || c == PPP_FLAG
 776		    || (c < 0x20 && (ap->raccm & (1 << c)) != 0))
 777			break;
 778	}
 779	return i;
 780}
 781
 782/* called when a flag is seen - do end-of-packet processing */
 783static void
 784process_input_packet(struct asyncppp *ap)
 785{
 786	struct sk_buff *skb;
 787	unsigned char *p;
 788	unsigned int len, fcs, proto;
 789
 790	skb = ap->rpkt;
 791	if (ap->state & (SC_TOSS | SC_ESCAPE))
 792		goto err;
 793
 794	if (skb == NULL)
 795		return;		/* 0-length packet */
 796
 797	/* check the FCS */
 798	p = skb->data;
 799	len = skb->len;
 800	if (len < 3)
 801		goto err;	/* too short */
 802	fcs = PPP_INITFCS;
 803	for (; len > 0; --len)
 804		fcs = PPP_FCS(fcs, *p++);
 805	if (fcs != PPP_GOODFCS)
 806		goto err;	/* bad FCS */
 807	skb_trim(skb, skb->len - 2);
 808
 809	/* check for address/control and protocol compression */
 810	p = skb->data;
 811	if (p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
 812		/* chop off address/control */
 813		if (skb->len < 3)
 814			goto err;
 815		p = skb_pull(skb, 2);
 816	}
 817	proto = p[0];
 818	if (proto & 1) {
 819		/* protocol is compressed */
 820		skb_push(skb, 1)[0] = 0;
 821	} else {
 822		if (skb->len < 2)
 823			goto err;
 824		proto = (proto << 8) + p[1];
 825		if (proto == PPP_LCP)
 826			async_lcp_peek(ap, p, skb->len, 1);
 827	}
 828
 829	/* queue the frame to be processed */
 830	skb->cb[0] = ap->state;
 831	skb_queue_tail(&ap->rqueue, skb);
 832	ap->rpkt = NULL;
 833	ap->state = 0;
 834	return;
 835
 836 err:
 837	/* frame had an error, remember that, reset SC_TOSS & SC_ESCAPE */
 838	ap->state = SC_PREV_ERROR;
 839	if (skb) {
 840		/* make skb appear as freshly allocated */
 841		skb_trim(skb, 0);
 842		skb_reserve(skb, - skb_headroom(skb));
 843	}
 844}
 845
 846/* Called when the tty driver has data for us. Runs parallel with the
 847   other ldisc functions but will not be re-entered */
 848
 849static void
 850ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
 851		char *flags, int count)
 852{
 853	struct sk_buff *skb;
 854	int c, i, j, n, s, f;
 855	unsigned char *sp;
 856
 857	/* update bits used for 8-bit cleanness detection */
 858	if (~ap->rbits & SC_RCV_BITS) {
 859		s = 0;
 860		for (i = 0; i < count; ++i) {
 861			c = buf[i];
 862			if (flags != 0 && flags[i] != 0)
 863				continue;
 864			s |= (c & 0x80)? SC_RCV_B7_1: SC_RCV_B7_0;
 865			c = ((c >> 4) ^ c) & 0xf;
 866			s |= (0x6996 & (1 << c))? SC_RCV_ODDP: SC_RCV_EVNP;
 867		}
 868		ap->rbits |= s;
 869	}
 870
 871	while (count > 0) {
 872		/* scan through and see how many chars we can do in bulk */
 873		if ((ap->state & SC_ESCAPE) && buf[0] == PPP_ESCAPE)
 874			n = 1;
 875		else
 876			n = scan_ordinary(ap, buf, count);
 877
 878		f = 0;
 879		if (flags != 0 && (ap->state & SC_TOSS) == 0) {
 880			/* check the flags to see if any char had an error */
 881			for (j = 0; j < n; ++j)
 882				if ((f = flags[j]) != 0)
 883					break;
 884		}
 885		if (f != 0) {
 886			/* start tossing */
 887			ap->state |= SC_TOSS;
 888
 889		} else if (n > 0 && (ap->state & SC_TOSS) == 0) {
 890			/* stuff the chars in the skb */
 891			skb = ap->rpkt;
 892			if (skb == 0) {
 893				skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
 894				if (skb == 0)
 895					goto nomem;
 896 				ap->rpkt = skb;
 897 			}
 898 			if (skb->len == 0) {
 899 				/* Try to get the payload 4-byte aligned.
 900 				 * This should match the
 901 				 * PPP_ALLSTATIONS/PPP_UI/compressed tests in
 902 				 * process_input_packet, but we do not have
 903 				 * enough chars here to test buf[1] and buf[2].
 904 				 */
 905				if (buf[0] != PPP_ALLSTATIONS)
 906					skb_reserve(skb, 2 + (buf[0] & 1));
 907			}
 908			if (n > skb_tailroom(skb)) {
 909				/* packet overflowed MRU */
 910				ap->state |= SC_TOSS;
 911			} else {
 912				sp = skb_put(skb, n);
 913				memcpy(sp, buf, n);
 914				if (ap->state & SC_ESCAPE) {
 915					sp[0] ^= 0x20;
 916					ap->state &= ~SC_ESCAPE;
 917				}
 918			}
 919		}
 920
 921		if (n >= count)
 922			break;
 923
 924		c = buf[n];
 925		if (flags != NULL && flags[n] != 0) {
 926			ap->state |= SC_TOSS;
 927		} else if (c == PPP_FLAG) {
 928			process_input_packet(ap);
 929		} else if (c == PPP_ESCAPE) {
 930			ap->state |= SC_ESCAPE;
 931		} else if (I_IXON(ap->tty)) {
 932			if (c == START_CHAR(ap->tty))
 933				start_tty(ap->tty);
 934			else if (c == STOP_CHAR(ap->tty))
 935				stop_tty(ap->tty);
 936		}
 937		/* otherwise it's a char in the recv ACCM */
 938		++n;
 939
 940		buf += n;
 941		if (flags != 0)
 942			flags += n;
 943		count -= n;
 944	}
 945	return;
 946
 947 nomem:
 948	printk(KERN_ERR "PPPasync: no memory (input pkt)\n");
 949	ap->state |= SC_TOSS;
 950}
 951
 952/*
 953 * We look at LCP frames going past so that we can notice
 954 * and react to the LCP configure-ack from the peer.
 955 * In the situation where the peer has been sent a configure-ack
 956 * already, LCP is up once it has sent its configure-ack
 957 * so the immediately following packet can be sent with the
 958 * configured LCP options.  This allows us to process the following
 959 * packet correctly without pppd needing to respond quickly.
 960 *
 961 * We only respond to the received configure-ack if we have just
 962 * sent a configure-request, and the configure-ack contains the
 963 * same data (this is checked using a 16-bit crc of the data).
 964 */
 965#define CONFREQ		1	/* LCP code field values */
 966#define CONFACK		2
 967#define LCP_MRU		1	/* LCP option numbers */
 968#define LCP_ASYNCMAP	2
 969
 970static void async_lcp_peek(struct asyncppp *ap, unsigned char *data,
 971			   int len, int inbound)
 972{
 973	int dlen, fcs, i, code;
 974	u32 val;
 975
 976	data += 2;		/* skip protocol bytes */
 977	len -= 2;
 978	if (len < 4)		/* 4 = code, ID, length */
 979		return;
 980	code = data[0];
 981	if (code != CONFACK && code != CONFREQ)
 982		return;
 983	dlen = (data[2] << 8) + data[3];
 984	if (len < dlen)
 985		return;		/* packet got truncated or length is bogus */
 986
 987	if (code == (inbound? CONFACK: CONFREQ)) {
 988		/*
 989		 * sent confreq or received confack:
 990		 * calculate the crc of the data from the ID field on.
 991		 */
 992		fcs = PPP_INITFCS;
 993		for (i = 1; i < dlen; ++i)
 994			fcs = PPP_FCS(fcs, data[i]);
 995
 996		if (!inbound) {
 997			/* outbound confreq - remember the crc for later */
 998			ap->lcp_fcs = fcs;
 999			return;
1000		}
1001
1002		/* received confack, check the crc */
1003		fcs ^= ap->lcp_fcs;
1004		ap->lcp_fcs = -1;
1005		if (fcs != 0)
1006			return;
1007	} else if (inbound)
1008		return;	/* not interested in received confreq */
1009
1010	/* process the options in the confack */
1011	data += 4;
1012	dlen -= 4;
1013	/* data[0] is code, data[1] is length */
1014	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
1015		switch (data[0]) {
1016		case LCP_MRU:
1017			val = (data[2] << 8) + data[3];
1018			if (inbound)
1019				ap->mru = val;
1020			else
1021				ap->chan.mtu = val;
1022			break;
1023		case LCP_ASYNCMAP:
1024			val = (data[2] << 24) + (data[3] << 16)
1025				+ (data[4] << 8) + data[5];
1026			if (inbound)
1027				ap->raccm = val;
1028			else
1029				ap->xaccm[0] = val;
1030			break;
1031		}
1032		dlen -= data[1];
1033		data += data[1];
1034	}
1035}
1036
1037static void __exit ppp_async_cleanup(void)
1038{
1039	if (tty_unregister_ldisc(N_PPP) != 0)
1040		printk(KERN_ERR "failed to unregister PPP line discipline\n");
1041}
1042
1043module_init(ppp_async_init);
1044module_exit(ppp_async_cleanup);