drivers/net/ppp_async.c at v2.6.33-rc2

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / net / ppp_async.c
at v2.6.33-rc2 1026 lines 24 kB view raw
wrap content
   1/*
   2 * PPP async serial channel driver for Linux.
   3 *
   4 * Copyright 1999 Paul Mackerras.
   5 *
   6 *  This program is free software; you can redistribute it and/or
   7 *  modify it under the terms of the GNU General Public License
   8 *  as published by the Free Software Foundation; either version
   9 *  2 of the License, or (at your option) any later version.
  10 *
  11 * This driver provides the encapsulation and framing for sending
  12 * and receiving PPP frames over async serial lines.  It relies on
  13 * the generic PPP layer to give it frames to send and to process
  14 * received frames.  It implements the PPP line discipline.
  15 *
  16 * Part of the code in this driver was inspired by the old async-only
  17 * PPP driver, written by Michael Callahan and Al Longyear, and
  18 * subsequently hacked by Paul Mackerras.
  19 */
  20
  21#include <linux/module.h>
  22#include <linux/kernel.h>
  23#include <linux/skbuff.h>
  24#include <linux/tty.h>
  25#include <linux/netdevice.h>
  26#include <linux/poll.h>
  27#include <linux/crc-ccitt.h>
  28#include <linux/ppp_defs.h>
  29#include <linux/if_ppp.h>
  30#include <linux/ppp_channel.h>
  31#include <linux/spinlock.h>
  32#include <linux/init.h>
  33#include <linux/jiffies.h>
  34#include <asm/uaccess.h>
  35#include <asm/string.h>
  36
  37#define PPP_VERSION	"2.4.2"
  38
  39#define OBUFSIZE	4096
  40
  41/* Structure for storing local state. */
  42struct asyncppp {
  43	struct tty_struct *tty;
  44	unsigned int	flags;
  45	unsigned int	state;
  46	unsigned int	rbits;
  47	int		mru;
  48	spinlock_t	xmit_lock;
  49	spinlock_t	recv_lock;
  50	unsigned long	xmit_flags;
  51	u32		xaccm[8];
  52	u32		raccm;
  53	unsigned int	bytes_sent;
  54	unsigned int	bytes_rcvd;
  55
  56	struct sk_buff	*tpkt;
  57	int		tpkt_pos;
  58	u16		tfcs;
  59	unsigned char	*optr;
  60	unsigned char	*olim;
  61	unsigned long	last_xmit;
  62
  63	struct sk_buff	*rpkt;
  64	int		lcp_fcs;
  65	struct sk_buff_head rqueue;
  66
  67	struct tasklet_struct tsk;
  68
  69	atomic_t	refcnt;
  70	struct semaphore dead_sem;
  71	struct ppp_channel chan;	/* interface to generic ppp layer */
  72	unsigned char	obuf[OBUFSIZE];
  73};
  74
  75/* Bit numbers in xmit_flags */
  76#define XMIT_WAKEUP	0
  77#define XMIT_FULL	1
  78#define XMIT_BUSY	2
  79
  80/* State bits */
  81#define SC_TOSS		1
  82#define SC_ESCAPE	2
  83#define SC_PREV_ERROR	4
  84
  85/* Bits in rbits */
  86#define SC_RCV_BITS	(SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
  87
  88static int flag_time = HZ;
  89module_param(flag_time, int, 0);
  90MODULE_PARM_DESC(flag_time, "ppp_async: interval between flagged packets (in clock ticks)");
  91MODULE_LICENSE("GPL");
  92MODULE_ALIAS_LDISC(N_PPP);
  93
  94/*
  95 * Prototypes.
  96 */
  97static int ppp_async_encode(struct asyncppp *ap);
  98static int ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb);
  99static int ppp_async_push(struct asyncppp *ap);
 100static void ppp_async_flush_output(struct asyncppp *ap);
 101static void ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
 102			    char *flags, int count);
 103static int ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd,
 104			   unsigned long arg);
 105static void ppp_async_process(unsigned long arg);
 106
 107static void async_lcp_peek(struct asyncppp *ap, unsigned char *data,
 108			   int len, int inbound);
 109
 110static struct ppp_channel_ops async_ops = {
 111	ppp_async_send,
 112	ppp_async_ioctl
 113};
 114
 115/*
 116 * Routines implementing the PPP line discipline.
 117 */
 118
 119/*
 120 * We have a potential race on dereferencing tty->disc_data,
 121 * because the tty layer provides no locking at all - thus one
 122 * cpu could be running ppp_asynctty_receive while another
 123 * calls ppp_asynctty_close, which zeroes tty->disc_data and
 124 * frees the memory that ppp_asynctty_receive is using.  The best
 125 * way to fix this is to use a rwlock in the tty struct, but for now
 126 * we use a single global rwlock for all ttys in ppp line discipline.
 127 *
 128 * FIXME: this is no longer true. The _close path for the ldisc is
 129 * now guaranteed to be sane.
 130 */
 131static DEFINE_RWLOCK(disc_data_lock);
 132
 133static struct asyncppp *ap_get(struct tty_struct *tty)
 134{
 135	struct asyncppp *ap;
 136
 137	read_lock(&disc_data_lock);
 138	ap = tty->disc_data;
 139	if (ap != NULL)
 140		atomic_inc(&ap->refcnt);
 141	read_unlock(&disc_data_lock);
 142	return ap;
 143}
 144
 145static void ap_put(struct asyncppp *ap)
 146{
 147	if (atomic_dec_and_test(&ap->refcnt))
 148		up(&ap->dead_sem);
 149}
 150
 151/*
 152 * Called when a tty is put into PPP line discipline. Called in process
 153 * context.
 154 */
 155static int
 156ppp_asynctty_open(struct tty_struct *tty)
 157{
 158	struct asyncppp *ap;
 159	int err;
 160	int speed;
 161
 162	if (tty->ops->write == NULL)
 163		return -EOPNOTSUPP;
 164
 165	err = -ENOMEM;
 166	ap = kzalloc(sizeof(*ap), GFP_KERNEL);
 167	if (!ap)
 168		goto out;
 169
 170	/* initialize the asyncppp structure */
 171	ap->tty = tty;
 172	ap->mru = PPP_MRU;
 173	spin_lock_init(&ap->xmit_lock);
 174	spin_lock_init(&ap->recv_lock);
 175	ap->xaccm[0] = ~0U;
 176	ap->xaccm[3] = 0x60000000U;
 177	ap->raccm = ~0U;
 178	ap->optr = ap->obuf;
 179	ap->olim = ap->obuf;
 180	ap->lcp_fcs = -1;
 181
 182	skb_queue_head_init(&ap->rqueue);
 183	tasklet_init(&ap->tsk, ppp_async_process, (unsigned long) ap);
 184
 185	atomic_set(&ap->refcnt, 1);
 186	init_MUTEX_LOCKED(&ap->dead_sem);
 187
 188	ap->chan.private = ap;
 189	ap->chan.ops = &async_ops;
 190	ap->chan.mtu = PPP_MRU;
 191	speed = tty_get_baud_rate(tty);
 192	ap->chan.speed = speed;
 193	err = ppp_register_channel(&ap->chan);
 194	if (err)
 195		goto out_free;
 196
 197	tty->disc_data = ap;
 198	tty->receive_room = 65536;
 199	return 0;
 200
 201 out_free:
 202	kfree(ap);
 203 out:
 204	return err;
 205}
 206
 207/*
 208 * Called when the tty is put into another line discipline
 209 * or it hangs up.  We have to wait for any cpu currently
 210 * executing in any of the other ppp_asynctty_* routines to
 211 * finish before we can call ppp_unregister_channel and free
 212 * the asyncppp struct.  This routine must be called from
 213 * process context, not interrupt or softirq context.
 214 */
 215static void
 216ppp_asynctty_close(struct tty_struct *tty)
 217{
 218	struct asyncppp *ap;
 219
 220	write_lock_irq(&disc_data_lock);
 221	ap = tty->disc_data;
 222	tty->disc_data = NULL;
 223	write_unlock_irq(&disc_data_lock);
 224	if (!ap)
 225		return;
 226
 227	/*
 228	 * We have now ensured that nobody can start using ap from now
 229	 * on, but we have to wait for all existing users to finish.
 230	 * Note that ppp_unregister_channel ensures that no calls to
 231	 * our channel ops (i.e. ppp_async_send/ioctl) are in progress
 232	 * by the time it returns.
 233	 */
 234	if (!atomic_dec_and_test(&ap->refcnt))
 235		down(&ap->dead_sem);
 236	tasklet_kill(&ap->tsk);
 237
 238	ppp_unregister_channel(&ap->chan);
 239	kfree_skb(ap->rpkt);
 240	skb_queue_purge(&ap->rqueue);
 241	kfree_skb(ap->tpkt);
 242	kfree(ap);
 243}
 244
 245/*
 246 * Called on tty hangup in process context.
 247 *
 248 * Wait for I/O to driver to complete and unregister PPP channel.
 249 * This is already done by the close routine, so just call that.
 250 */
 251static int ppp_asynctty_hangup(struct tty_struct *tty)
 252{
 253	ppp_asynctty_close(tty);
 254	return 0;
 255}
 256
 257/*
 258 * Read does nothing - no data is ever available this way.
 259 * Pppd reads and writes packets via /dev/ppp instead.
 260 */
 261static ssize_t
 262ppp_asynctty_read(struct tty_struct *tty, struct file *file,
 263		  unsigned char __user *buf, size_t count)
 264{
 265	return -EAGAIN;
 266}
 267
 268/*
 269 * Write on the tty does nothing, the packets all come in
 270 * from the ppp generic stuff.
 271 */
 272static ssize_t
 273ppp_asynctty_write(struct tty_struct *tty, struct file *file,
 274		   const unsigned char *buf, size_t count)
 275{
 276	return -EAGAIN;
 277}
 278
 279/*
 280 * Called in process context only. May be re-entered by multiple
 281 * ioctl calling threads.
 282 */
 283
 284static int
 285ppp_asynctty_ioctl(struct tty_struct *tty, struct file *file,
 286		   unsigned int cmd, unsigned long arg)
 287{
 288	struct asyncppp *ap = ap_get(tty);
 289	int err, val;
 290	int __user *p = (int __user *)arg;
 291
 292	if (!ap)
 293		return -ENXIO;
 294	err = -EFAULT;
 295	switch (cmd) {
 296	case PPPIOCGCHAN:
 297		err = -EFAULT;
 298		if (put_user(ppp_channel_index(&ap->chan), p))
 299			break;
 300		err = 0;
 301		break;
 302
 303	case PPPIOCGUNIT:
 304		err = -EFAULT;
 305		if (put_user(ppp_unit_number(&ap->chan), p))
 306			break;
 307		err = 0;
 308		break;
 309
 310	case TCFLSH:
 311		/* flush our buffers and the serial port's buffer */
 312		if (arg == TCIOFLUSH || arg == TCOFLUSH)
 313			ppp_async_flush_output(ap);
 314		err = tty_perform_flush(tty, arg);
 315		break;
 316
 317	case FIONREAD:
 318		val = 0;
 319		if (put_user(val, p))
 320			break;
 321		err = 0;
 322		break;
 323
 324	default:
 325		/* Try the various mode ioctls */
 326		err = tty_mode_ioctl(tty, file, cmd, arg);
 327	}
 328
 329	ap_put(ap);
 330	return err;
 331}
 332
 333/* No kernel lock - fine */
 334static unsigned int
 335ppp_asynctty_poll(struct tty_struct *tty, struct file *file, poll_table *wait)
 336{
 337	return 0;
 338}
 339
 340/* May sleep, don't call from interrupt level or with interrupts disabled */
 341static void
 342ppp_asynctty_receive(struct tty_struct *tty, const unsigned char *buf,
 343		  char *cflags, int count)
 344{
 345	struct asyncppp *ap = ap_get(tty);
 346	unsigned long flags;
 347
 348	if (!ap)
 349		return;
 350	spin_lock_irqsave(&ap->recv_lock, flags);
 351	ppp_async_input(ap, buf, cflags, count);
 352	spin_unlock_irqrestore(&ap->recv_lock, flags);
 353	if (!skb_queue_empty(&ap->rqueue))
 354		tasklet_schedule(&ap->tsk);
 355	ap_put(ap);
 356	tty_unthrottle(tty);
 357}
 358
 359static void
 360ppp_asynctty_wakeup(struct tty_struct *tty)
 361{
 362	struct asyncppp *ap = ap_get(tty);
 363
 364	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 365	if (!ap)
 366		return;
 367	set_bit(XMIT_WAKEUP, &ap->xmit_flags);
 368	tasklet_schedule(&ap->tsk);
 369	ap_put(ap);
 370}
 371
 372
 373static struct tty_ldisc_ops ppp_ldisc = {
 374	.owner  = THIS_MODULE,
 375	.magic	= TTY_LDISC_MAGIC,
 376	.name	= "ppp",
 377	.open	= ppp_asynctty_open,
 378	.close	= ppp_asynctty_close,
 379	.hangup	= ppp_asynctty_hangup,
 380	.read	= ppp_asynctty_read,
 381	.write	= ppp_asynctty_write,
 382	.ioctl	= ppp_asynctty_ioctl,
 383	.poll	= ppp_asynctty_poll,
 384	.receive_buf = ppp_asynctty_receive,
 385	.write_wakeup = ppp_asynctty_wakeup,
 386};
 387
 388static int __init
 389ppp_async_init(void)
 390{
 391	int err;
 392
 393	err = tty_register_ldisc(N_PPP, &ppp_ldisc);
 394	if (err != 0)
 395		printk(KERN_ERR "PPP_async: error %d registering line disc.\n",
 396		       err);
 397	return err;
 398}
 399
 400/*
 401 * The following routines provide the PPP channel interface.
 402 */
 403static int
 404ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
 405{
 406	struct asyncppp *ap = chan->private;
 407	void __user *argp = (void __user *)arg;
 408	int __user *p = argp;
 409	int err, val;
 410	u32 accm[8];
 411
 412	err = -EFAULT;
 413	switch (cmd) {
 414	case PPPIOCGFLAGS:
 415		val = ap->flags | ap->rbits;
 416		if (put_user(val, p))
 417			break;
 418		err = 0;
 419		break;
 420	case PPPIOCSFLAGS:
 421		if (get_user(val, p))
 422			break;
 423		ap->flags = val & ~SC_RCV_BITS;
 424		spin_lock_irq(&ap->recv_lock);
 425		ap->rbits = val & SC_RCV_BITS;
 426		spin_unlock_irq(&ap->recv_lock);
 427		err = 0;
 428		break;
 429
 430	case PPPIOCGASYNCMAP:
 431		if (put_user(ap->xaccm[0], (u32 __user *)argp))
 432			break;
 433		err = 0;
 434		break;
 435	case PPPIOCSASYNCMAP:
 436		if (get_user(ap->xaccm[0], (u32 __user *)argp))
 437			break;
 438		err = 0;
 439		break;
 440
 441	case PPPIOCGRASYNCMAP:
 442		if (put_user(ap->raccm, (u32 __user *)argp))
 443			break;
 444		err = 0;
 445		break;
 446	case PPPIOCSRASYNCMAP:
 447		if (get_user(ap->raccm, (u32 __user *)argp))
 448			break;
 449		err = 0;
 450		break;
 451
 452	case PPPIOCGXASYNCMAP:
 453		if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
 454			break;
 455		err = 0;
 456		break;
 457	case PPPIOCSXASYNCMAP:
 458		if (copy_from_user(accm, argp, sizeof(accm)))
 459			break;
 460		accm[2] &= ~0x40000000U;	/* can't escape 0x5e */
 461		accm[3] |= 0x60000000U;		/* must escape 0x7d, 0x7e */
 462		memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
 463		err = 0;
 464		break;
 465
 466	case PPPIOCGMRU:
 467		if (put_user(ap->mru, p))
 468			break;
 469		err = 0;
 470		break;
 471	case PPPIOCSMRU:
 472		if (get_user(val, p))
 473			break;
 474		if (val < PPP_MRU)
 475			val = PPP_MRU;
 476		ap->mru = val;
 477		err = 0;
 478		break;
 479
 480	default:
 481		err = -ENOTTY;
 482	}
 483
 484	return err;
 485}
 486
 487/*
 488 * This is called at softirq level to deliver received packets
 489 * to the ppp_generic code, and to tell the ppp_generic code
 490 * if we can accept more output now.
 491 */
 492static void ppp_async_process(unsigned long arg)
 493{
 494	struct asyncppp *ap = (struct asyncppp *) arg;
 495	struct sk_buff *skb;
 496
 497	/* process received packets */
 498	while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
 499		if (skb->cb[0])
 500			ppp_input_error(&ap->chan, 0);
 501		ppp_input(&ap->chan, skb);
 502	}
 503
 504	/* try to push more stuff out */
 505	if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_async_push(ap))
 506		ppp_output_wakeup(&ap->chan);
 507}
 508
 509/*
 510 * Procedures for encapsulation and framing.
 511 */
 512
 513/*
 514 * Procedure to encode the data for async serial transmission.
 515 * Does octet stuffing (escaping), puts the address/control bytes
 516 * on if A/C compression is disabled, and does protocol compression.
 517 * Assumes ap->tpkt != 0 on entry.
 518 * Returns 1 if we finished the current frame, 0 otherwise.
 519 */
 520
 521#define PUT_BYTE(ap, buf, c, islcp)	do {		\
 522	if ((islcp && c < 0x20) || (ap->xaccm[c >> 5] & (1 << (c & 0x1f)))) {\
 523		*buf++ = PPP_ESCAPE;			\
 524		*buf++ = c ^ 0x20;			\
 525	} else						\
 526		*buf++ = c;				\
 527} while (0)
 528
 529static int
 530ppp_async_encode(struct asyncppp *ap)
 531{
 532	int fcs, i, count, c, proto;
 533	unsigned char *buf, *buflim;
 534	unsigned char *data;
 535	int islcp;
 536
 537	buf = ap->obuf;
 538	ap->olim = buf;
 539	ap->optr = buf;
 540	i = ap->tpkt_pos;
 541	data = ap->tpkt->data;
 542	count = ap->tpkt->len;
 543	fcs = ap->tfcs;
 544	proto = (data[0] << 8) + data[1];
 545
 546	/*
 547	 * LCP packets with code values between 1 (configure-reqest)
 548	 * and 7 (code-reject) must be sent as though no options
 549	 * had been negotiated.
 550	 */
 551	islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
 552
 553	if (i == 0) {
 554		if (islcp)
 555			async_lcp_peek(ap, data, count, 0);
 556
 557		/*
 558		 * Start of a new packet - insert the leading FLAG
 559		 * character if necessary.
 560		 */
 561		if (islcp || flag_time == 0 ||
 562		    time_after_eq(jiffies, ap->last_xmit + flag_time))
 563			*buf++ = PPP_FLAG;
 564		ap->last_xmit = jiffies;
 565		fcs = PPP_INITFCS;
 566
 567		/*
 568		 * Put in the address/control bytes if necessary
 569		 */
 570		if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
 571			PUT_BYTE(ap, buf, 0xff, islcp);
 572			fcs = PPP_FCS(fcs, 0xff);
 573			PUT_BYTE(ap, buf, 0x03, islcp);
 574			fcs = PPP_FCS(fcs, 0x03);
 575		}
 576	}
 577
 578	/*
 579	 * Once we put in the last byte, we need to put in the FCS
 580	 * and closing flag, so make sure there is at least 7 bytes
 581	 * of free space in the output buffer.
 582	 */
 583	buflim = ap->obuf + OBUFSIZE - 6;
 584	while (i < count && buf < buflim) {
 585		c = data[i++];
 586		if (i == 1 && c == 0 && (ap->flags & SC_COMP_PROT))
 587			continue;	/* compress protocol field */
 588		fcs = PPP_FCS(fcs, c);
 589		PUT_BYTE(ap, buf, c, islcp);
 590	}
 591
 592	if (i < count) {
 593		/*
 594		 * Remember where we are up to in this packet.
 595		 */
 596		ap->olim = buf;
 597		ap->tpkt_pos = i;
 598		ap->tfcs = fcs;
 599		return 0;
 600	}
 601
 602	/*
 603	 * We have finished the packet.  Add the FCS and flag.
 604	 */
 605	fcs = ~fcs;
 606	c = fcs & 0xff;
 607	PUT_BYTE(ap, buf, c, islcp);
 608	c = (fcs >> 8) & 0xff;
 609	PUT_BYTE(ap, buf, c, islcp);
 610	*buf++ = PPP_FLAG;
 611	ap->olim = buf;
 612
 613	kfree_skb(ap->tpkt);
 614	ap->tpkt = NULL;
 615	return 1;
 616}
 617
 618/*
 619 * Transmit-side routines.
 620 */
 621
 622/*
 623 * Send a packet to the peer over an async tty line.
 624 * Returns 1 iff the packet was accepted.
 625 * If the packet was not accepted, we will call ppp_output_wakeup
 626 * at some later time.
 627 */
 628static int
 629ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb)
 630{
 631	struct asyncppp *ap = chan->private;
 632
 633	ppp_async_push(ap);
 634
 635	if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
 636		return 0;	/* already full */
 637	ap->tpkt = skb;
 638	ap->tpkt_pos = 0;
 639
 640	ppp_async_push(ap);
 641	return 1;
 642}
 643
 644/*
 645 * Push as much data as possible out to the tty.
 646 */
 647static int
 648ppp_async_push(struct asyncppp *ap)
 649{
 650	int avail, sent, done = 0;
 651	struct tty_struct *tty = ap->tty;
 652	int tty_stuffed = 0;
 653
 654	/*
 655	 * We can get called recursively here if the tty write
 656	 * function calls our wakeup function.  This can happen
 657	 * for example on a pty with both the master and slave
 658	 * set to PPP line discipline.
 659	 * We use the XMIT_BUSY bit to detect this and get out,
 660	 * leaving the XMIT_WAKEUP bit set to tell the other
 661	 * instance that it may now be able to write more now.
 662	 */
 663	if (test_and_set_bit(XMIT_BUSY, &ap->xmit_flags))
 664		return 0;
 665	spin_lock_bh(&ap->xmit_lock);
 666	for (;;) {
 667		if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
 668			tty_stuffed = 0;
 669		if (!tty_stuffed && ap->optr < ap->olim) {
 670			avail = ap->olim - ap->optr;
 671			set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 672			sent = tty->ops->write(tty, ap->optr, avail);
 673			if (sent < 0)
 674				goto flush;	/* error, e.g. loss of CD */
 675			ap->optr += sent;
 676			if (sent < avail)
 677				tty_stuffed = 1;
 678			continue;
 679		}
 680		if (ap->optr >= ap->olim && ap->tpkt) {
 681			if (ppp_async_encode(ap)) {
 682				/* finished processing ap->tpkt */
 683				clear_bit(XMIT_FULL, &ap->xmit_flags);
 684				done = 1;
 685			}
 686			continue;
 687		}
 688		/*
 689		 * We haven't made any progress this time around.
 690		 * Clear XMIT_BUSY to let other callers in, but
 691		 * after doing so we have to check if anyone set
 692		 * XMIT_WAKEUP since we last checked it.  If they
 693		 * did, we should try again to set XMIT_BUSY and go
 694		 * around again in case XMIT_BUSY was still set when
 695		 * the other caller tried.
 696		 */
 697		clear_bit(XMIT_BUSY, &ap->xmit_flags);
 698		/* any more work to do? if not, exit the loop */
 699		if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) ||
 700		      (!tty_stuffed && ap->tpkt)))
 701			break;
 702		/* more work to do, see if we can do it now */
 703		if (test_and_set_bit(XMIT_BUSY, &ap->xmit_flags))
 704			break;
 705	}
 706	spin_unlock_bh(&ap->xmit_lock);
 707	return done;
 708
 709flush:
 710	clear_bit(XMIT_BUSY, &ap->xmit_flags);
 711	if (ap->tpkt) {
 712		kfree_skb(ap->tpkt);
 713		ap->tpkt = NULL;
 714		clear_bit(XMIT_FULL, &ap->xmit_flags);
 715		done = 1;
 716	}
 717	ap->optr = ap->olim;
 718	spin_unlock_bh(&ap->xmit_lock);
 719	return done;
 720}
 721
 722/*
 723 * Flush output from our internal buffers.
 724 * Called for the TCFLSH ioctl. Can be entered in parallel
 725 * but this is covered by the xmit_lock.
 726 */
 727static void
 728ppp_async_flush_output(struct asyncppp *ap)
 729{
 730	int done = 0;
 731
 732	spin_lock_bh(&ap->xmit_lock);
 733	ap->optr = ap->olim;
 734	if (ap->tpkt != NULL) {
 735		kfree_skb(ap->tpkt);
 736		ap->tpkt = NULL;
 737		clear_bit(XMIT_FULL, &ap->xmit_flags);
 738		done = 1;
 739	}
 740	spin_unlock_bh(&ap->xmit_lock);
 741	if (done)
 742		ppp_output_wakeup(&ap->chan);
 743}
 744
 745/*
 746 * Receive-side routines.
 747 */
 748
 749/* see how many ordinary chars there are at the start of buf */
 750static inline int
 751scan_ordinary(struct asyncppp *ap, const unsigned char *buf, int count)
 752{
 753	int i, c;
 754
 755	for (i = 0; i < count; ++i) {
 756		c = buf[i];
 757		if (c == PPP_ESCAPE || c == PPP_FLAG ||
 758		    (c < 0x20 && (ap->raccm & (1 << c)) != 0))
 759			break;
 760	}
 761	return i;
 762}
 763
 764/* called when a flag is seen - do end-of-packet processing */
 765static void
 766process_input_packet(struct asyncppp *ap)
 767{
 768	struct sk_buff *skb;
 769	unsigned char *p;
 770	unsigned int len, fcs, proto;
 771
 772	skb = ap->rpkt;
 773	if (ap->state & (SC_TOSS | SC_ESCAPE))
 774		goto err;
 775
 776	if (skb == NULL)
 777		return;		/* 0-length packet */
 778
 779	/* check the FCS */
 780	p = skb->data;
 781	len = skb->len;
 782	if (len < 3)
 783		goto err;	/* too short */
 784	fcs = PPP_INITFCS;
 785	for (; len > 0; --len)
 786		fcs = PPP_FCS(fcs, *p++);
 787	if (fcs != PPP_GOODFCS)
 788		goto err;	/* bad FCS */
 789	skb_trim(skb, skb->len - 2);
 790
 791	/* check for address/control and protocol compression */
 792	p = skb->data;
 793	if (p[0] == PPP_ALLSTATIONS) {
 794		/* chop off address/control */
 795		if (p[1] != PPP_UI || skb->len < 3)
 796			goto err;
 797		p = skb_pull(skb, 2);
 798	}
 799	proto = p[0];
 800	if (proto & 1) {
 801		/* protocol is compressed */
 802		skb_push(skb, 1)[0] = 0;
 803	} else {
 804		if (skb->len < 2)
 805			goto err;
 806		proto = (proto << 8) + p[1];
 807		if (proto == PPP_LCP)
 808			async_lcp_peek(ap, p, skb->len, 1);
 809	}
 810
 811	/* queue the frame to be processed */
 812	skb->cb[0] = ap->state;
 813	skb_queue_tail(&ap->rqueue, skb);
 814	ap->rpkt = NULL;
 815	ap->state = 0;
 816	return;
 817
 818 err:
 819	/* frame had an error, remember that, reset SC_TOSS & SC_ESCAPE */
 820	ap->state = SC_PREV_ERROR;
 821	if (skb) {
 822		/* make skb appear as freshly allocated */
 823		skb_trim(skb, 0);
 824		skb_reserve(skb, - skb_headroom(skb));
 825	}
 826}
 827
 828/* Called when the tty driver has data for us. Runs parallel with the
 829   other ldisc functions but will not be re-entered */
 830
 831static void
 832ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
 833		char *flags, int count)
 834{
 835	struct sk_buff *skb;
 836	int c, i, j, n, s, f;
 837	unsigned char *sp;
 838
 839	/* update bits used for 8-bit cleanness detection */
 840	if (~ap->rbits & SC_RCV_BITS) {
 841		s = 0;
 842		for (i = 0; i < count; ++i) {
 843			c = buf[i];
 844			if (flags && flags[i] != 0)
 845				continue;
 846			s |= (c & 0x80)? SC_RCV_B7_1: SC_RCV_B7_0;
 847			c = ((c >> 4) ^ c) & 0xf;
 848			s |= (0x6996 & (1 << c))? SC_RCV_ODDP: SC_RCV_EVNP;
 849		}
 850		ap->rbits |= s;
 851	}
 852
 853	while (count > 0) {
 854		/* scan through and see how many chars we can do in bulk */
 855		if ((ap->state & SC_ESCAPE) && buf[0] == PPP_ESCAPE)
 856			n = 1;
 857		else
 858			n = scan_ordinary(ap, buf, count);
 859
 860		f = 0;
 861		if (flags && (ap->state & SC_TOSS) == 0) {
 862			/* check the flags to see if any char had an error */
 863			for (j = 0; j < n; ++j)
 864				if ((f = flags[j]) != 0)
 865					break;
 866		}
 867		if (f != 0) {
 868			/* start tossing */
 869			ap->state |= SC_TOSS;
 870
 871		} else if (n > 0 && (ap->state & SC_TOSS) == 0) {
 872			/* stuff the chars in the skb */
 873			skb = ap->rpkt;
 874			if (!skb) {
 875				skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
 876				if (!skb)
 877					goto nomem;
 878 				ap->rpkt = skb;
 879 			}
 880 			if (skb->len == 0) {
 881 				/* Try to get the payload 4-byte aligned.
 882 				 * This should match the
 883 				 * PPP_ALLSTATIONS/PPP_UI/compressed tests in
 884 				 * process_input_packet, but we do not have
 885 				 * enough chars here to test buf[1] and buf[2].
 886 				 */
 887				if (buf[0] != PPP_ALLSTATIONS)
 888					skb_reserve(skb, 2 + (buf[0] & 1));
 889			}
 890			if (n > skb_tailroom(skb)) {
 891				/* packet overflowed MRU */
 892				ap->state |= SC_TOSS;
 893			} else {
 894				sp = skb_put(skb, n);
 895				memcpy(sp, buf, n);
 896				if (ap->state & SC_ESCAPE) {
 897					sp[0] ^= 0x20;
 898					ap->state &= ~SC_ESCAPE;
 899				}
 900			}
 901		}
 902
 903		if (n >= count)
 904			break;
 905
 906		c = buf[n];
 907		if (flags != NULL && flags[n] != 0) {
 908			ap->state |= SC_TOSS;
 909		} else if (c == PPP_FLAG) {
 910			process_input_packet(ap);
 911		} else if (c == PPP_ESCAPE) {
 912			ap->state |= SC_ESCAPE;
 913		} else if (I_IXON(ap->tty)) {
 914			if (c == START_CHAR(ap->tty))
 915				start_tty(ap->tty);
 916			else if (c == STOP_CHAR(ap->tty))
 917				stop_tty(ap->tty);
 918		}
 919		/* otherwise it's a char in the recv ACCM */
 920		++n;
 921
 922		buf += n;
 923		if (flags)
 924			flags += n;
 925		count -= n;
 926	}
 927	return;
 928
 929 nomem:
 930	printk(KERN_ERR "PPPasync: no memory (input pkt)\n");
 931	ap->state |= SC_TOSS;
 932}
 933
 934/*
 935 * We look at LCP frames going past so that we can notice
 936 * and react to the LCP configure-ack from the peer.
 937 * In the situation where the peer has been sent a configure-ack
 938 * already, LCP is up once it has sent its configure-ack
 939 * so the immediately following packet can be sent with the
 940 * configured LCP options.  This allows us to process the following
 941 * packet correctly without pppd needing to respond quickly.
 942 *
 943 * We only respond to the received configure-ack if we have just
 944 * sent a configure-request, and the configure-ack contains the
 945 * same data (this is checked using a 16-bit crc of the data).
 946 */
 947#define CONFREQ		1	/* LCP code field values */
 948#define CONFACK		2
 949#define LCP_MRU		1	/* LCP option numbers */
 950#define LCP_ASYNCMAP	2
 951
 952static void async_lcp_peek(struct asyncppp *ap, unsigned char *data,
 953			   int len, int inbound)
 954{
 955	int dlen, fcs, i, code;
 956	u32 val;
 957
 958	data += 2;		/* skip protocol bytes */
 959	len -= 2;
 960	if (len < 4)		/* 4 = code, ID, length */
 961		return;
 962	code = data[0];
 963	if (code != CONFACK && code != CONFREQ)
 964		return;
 965	dlen = (data[2] << 8) + data[3];
 966	if (len < dlen)
 967		return;		/* packet got truncated or length is bogus */
 968
 969	if (code == (inbound? CONFACK: CONFREQ)) {
 970		/*
 971		 * sent confreq or received confack:
 972		 * calculate the crc of the data from the ID field on.
 973		 */
 974		fcs = PPP_INITFCS;
 975		for (i = 1; i < dlen; ++i)
 976			fcs = PPP_FCS(fcs, data[i]);
 977
 978		if (!inbound) {
 979			/* outbound confreq - remember the crc for later */
 980			ap->lcp_fcs = fcs;
 981			return;
 982		}
 983
 984		/* received confack, check the crc */
 985		fcs ^= ap->lcp_fcs;
 986		ap->lcp_fcs = -1;
 987		if (fcs != 0)
 988			return;
 989	} else if (inbound)
 990		return;	/* not interested in received confreq */
 991
 992	/* process the options in the confack */
 993	data += 4;
 994	dlen -= 4;
 995	/* data[0] is code, data[1] is length */
 996	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
 997		switch (data[0]) {
 998		case LCP_MRU:
 999			val = (data[2] << 8) + data[3];
1000			if (inbound)
1001				ap->mru = val;
1002			else
1003				ap->chan.mtu = val;
1004			break;
1005		case LCP_ASYNCMAP:
1006			val = (data[2] << 24) + (data[3] << 16)
1007				+ (data[4] << 8) + data[5];
1008			if (inbound)
1009				ap->raccm = val;
1010			else
1011				ap->xaccm[0] = val;
1012			break;
1013		}
1014		dlen -= data[1];
1015		data += data[1];
1016	}
1017}
1018
1019static void __exit ppp_async_cleanup(void)
1020{
1021	if (tty_unregister_ldisc(N_PPP) != 0)
1022		printk(KERN_ERR "failed to unregister PPP line discipline\n");
1023}
1024
1025module_init(ppp_async_init);
1026module_exit(ppp_async_cleanup);