drivers/tty/n_gsm.c at v5.18

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / tty / n_gsm.c
at v5.18 3457 lines 86 kB view raw
wrap content
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * n_gsm.c GSM 0710 tty multiplexor
   4 * Copyright (c) 2009/10 Intel Corporation
   5 *
   6 *	* THIS IS A DEVELOPMENT SNAPSHOT IT IS NOT A FINAL RELEASE *
   7 *
   8 * TO DO:
   9 *	Mostly done:	ioctls for setting modes/timing
  10 *	Partly done:	hooks so you can pull off frames to non tty devs
  11 *	Restart DLCI 0 when it closes ?
  12 *	Improve the tx engine
  13 *	Resolve tx side locking by adding a queue_head and routing
  14 *		all control traffic via it
  15 *	General tidy/document
  16 *	Review the locking/move to refcounts more (mux now moved to an
  17 *		alloc/free model ready)
  18 *	Use newest tty open/close port helpers and install hooks
  19 *	What to do about power functions ?
  20 *	Termios setting and negotiation
  21 *	Do we need a 'which mux are you' ioctl to correlate mux and tty sets
  22 *
  23 */
  24
  25#include <linux/types.h>
  26#include <linux/major.h>
  27#include <linux/errno.h>
  28#include <linux/signal.h>
  29#include <linux/fcntl.h>
  30#include <linux/sched/signal.h>
  31#include <linux/interrupt.h>
  32#include <linux/tty.h>
  33#include <linux/ctype.h>
  34#include <linux/mm.h>
  35#include <linux/string.h>
  36#include <linux/slab.h>
  37#include <linux/poll.h>
  38#include <linux/bitops.h>
  39#include <linux/file.h>
  40#include <linux/uaccess.h>
  41#include <linux/module.h>
  42#include <linux/timer.h>
  43#include <linux/tty_flip.h>
  44#include <linux/tty_driver.h>
  45#include <linux/serial.h>
  46#include <linux/kfifo.h>
  47#include <linux/skbuff.h>
  48#include <net/arp.h>
  49#include <linux/ip.h>
  50#include <linux/netdevice.h>
  51#include <linux/etherdevice.h>
  52#include <linux/gsmmux.h>
  53#include "tty.h"
  54
  55static int debug;
  56module_param(debug, int, 0600);
  57
  58/* Defaults: these are from the specification */
  59
  60#define T1	10		/* 100mS */
  61#define T2	34		/* 333mS */
  62#define N2	3		/* Retry 3 times */
  63
  64/* Use long timers for testing at low speed with debug on */
  65#ifdef DEBUG_TIMING
  66#define T1	100
  67#define T2	200
  68#endif
  69
  70/*
  71 * Semi-arbitrary buffer size limits. 0710 is normally run with 32-64 byte
  72 * limits so this is plenty
  73 */
  74#define MAX_MRU 1500
  75#define MAX_MTU 1500
  76/* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
  77#define PROT_OVERHEAD 7
  78#define	GSM_NET_TX_TIMEOUT (HZ*10)
  79
  80/*
  81 *	struct gsm_mux_net	-	network interface
  82 *
  83 *	Created when net interface is initialized.
  84 */
  85struct gsm_mux_net {
  86	struct kref ref;
  87	struct gsm_dlci *dlci;
  88};
  89
  90/*
  91 *	Each block of data we have queued to go out is in the form of
  92 *	a gsm_msg which holds everything we need in a link layer independent
  93 *	format
  94 */
  95
  96struct gsm_msg {
  97	struct list_head list;
  98	u8 addr;		/* DLCI address + flags */
  99	u8 ctrl;		/* Control byte + flags */
 100	unsigned int len;	/* Length of data block (can be zero) */
 101	unsigned char *data;	/* Points into buffer but not at the start */
 102	unsigned char buffer[];
 103};
 104
 105enum gsm_dlci_state {
 106	DLCI_CLOSED,
 107	DLCI_OPENING,		/* Sending SABM not seen UA */
 108	DLCI_OPEN,		/* SABM/UA complete */
 109	DLCI_CLOSING,		/* Sending DISC not seen UA/DM */
 110};
 111
 112enum gsm_dlci_mode {
 113	DLCI_MODE_ABM,		/* Normal Asynchronous Balanced Mode */
 114	DLCI_MODE_ADM,		/* Asynchronous Disconnected Mode */
 115};
 116
 117/*
 118 *	Each active data link has a gsm_dlci structure associated which ties
 119 *	the link layer to an optional tty (if the tty side is open). To avoid
 120 *	complexity right now these are only ever freed up when the mux is
 121 *	shut down.
 122 *
 123 *	At the moment we don't free DLCI objects until the mux is torn down
 124 *	this avoid object life time issues but might be worth review later.
 125 */
 126
 127struct gsm_dlci {
 128	struct gsm_mux *gsm;
 129	int addr;
 130	enum gsm_dlci_state state;
 131	struct mutex mutex;
 132
 133	/* Link layer */
 134	enum gsm_dlci_mode mode;
 135	spinlock_t lock;	/* Protects the internal state */
 136	struct timer_list t1;	/* Retransmit timer for SABM and UA */
 137	int retries;
 138	/* Uplink tty if active */
 139	struct tty_port port;	/* The tty bound to this DLCI if there is one */
 140#define TX_SIZE		4096    /* Must be power of 2. */
 141	struct kfifo fifo;	/* Queue fifo for the DLCI */
 142	int adaption;		/* Adaption layer in use */
 143	int prev_adaption;
 144	u32 modem_rx;		/* Our incoming virtual modem lines */
 145	u32 modem_tx;		/* Our outgoing modem lines */
 146	bool dead;		/* Refuse re-open */
 147	/* Flow control */
 148	bool throttled;		/* Private copy of throttle state */
 149	bool constipated;	/* Throttle status for outgoing */
 150	/* Packetised I/O */
 151	struct sk_buff *skb;	/* Frame being sent */
 152	struct sk_buff_head skb_list;	/* Queued frames */
 153	/* Data handling callback */
 154	void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
 155	void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
 156	struct net_device *net; /* network interface, if created */
 157};
 158
 159/* DLCI 0, 62/63 are special or reserved see gsmtty_open */
 160
 161#define NUM_DLCI		64
 162
 163/*
 164 *	DLCI 0 is used to pass control blocks out of band of the data
 165 *	flow (and with a higher link priority). One command can be outstanding
 166 *	at a time and we use this structure to manage them. They are created
 167 *	and destroyed by the user context, and updated by the receive paths
 168 *	and timers
 169 */
 170
 171struct gsm_control {
 172	u8 cmd;		/* Command we are issuing */
 173	u8 *data;	/* Data for the command in case we retransmit */
 174	int len;	/* Length of block for retransmission */
 175	int done;	/* Done flag */
 176	int error;	/* Error if any */
 177};
 178
 179enum gsm_mux_state {
 180	GSM_SEARCH,
 181	GSM_START,
 182	GSM_ADDRESS,
 183	GSM_CONTROL,
 184	GSM_LEN,
 185	GSM_DATA,
 186	GSM_FCS,
 187	GSM_OVERRUN,
 188	GSM_LEN0,
 189	GSM_LEN1,
 190	GSM_SSOF,
 191};
 192
 193/*
 194 *	Each GSM mux we have is represented by this structure. If we are
 195 *	operating as an ldisc then we use this structure as our ldisc
 196 *	state. We need to sort out lifetimes and locking with respect
 197 *	to the gsm mux array. For now we don't free DLCI objects that
 198 *	have been instantiated until the mux itself is terminated.
 199 *
 200 *	To consider further: tty open versus mux shutdown.
 201 */
 202
 203struct gsm_mux {
 204	struct tty_struct *tty;		/* The tty our ldisc is bound to */
 205	spinlock_t lock;
 206	struct mutex mutex;
 207	unsigned int num;
 208	struct kref ref;
 209
 210	/* Events on the GSM channel */
 211	wait_queue_head_t event;
 212
 213	/* Bits for GSM mode decoding */
 214
 215	/* Framing Layer */
 216	unsigned char *buf;
 217	enum gsm_mux_state state;
 218	unsigned int len;
 219	unsigned int address;
 220	unsigned int count;
 221	bool escape;
 222	int encoding;
 223	u8 control;
 224	u8 fcs;
 225	u8 *txframe;			/* TX framing buffer */
 226
 227	/* Method for the receiver side */
 228	void (*receive)(struct gsm_mux *gsm, u8 ch);
 229
 230	/* Link Layer */
 231	unsigned int mru;
 232	unsigned int mtu;
 233	int initiator;			/* Did we initiate connection */
 234	bool dead;			/* Has the mux been shut down */
 235	struct gsm_dlci *dlci[NUM_DLCI];
 236	int old_c_iflag;		/* termios c_iflag value before attach */
 237	bool constipated;		/* Asked by remote to shut up */
 238
 239	spinlock_t tx_lock;
 240	unsigned int tx_bytes;		/* TX data outstanding */
 241#define TX_THRESH_HI		8192
 242#define TX_THRESH_LO		2048
 243	struct list_head tx_list;	/* Pending data packets */
 244
 245	/* Control messages */
 246	struct timer_list t2_timer;	/* Retransmit timer for commands */
 247	int cretries;			/* Command retry counter */
 248	struct gsm_control *pending_cmd;/* Our current pending command */
 249	spinlock_t control_lock;	/* Protects the pending command */
 250
 251	/* Configuration */
 252	int adaption;		/* 1 or 2 supported */
 253	u8 ftype;		/* UI or UIH */
 254	int t1, t2;		/* Timers in 1/100th of a sec */
 255	int n2;			/* Retry count */
 256
 257	/* Statistics (not currently exposed) */
 258	unsigned long bad_fcs;
 259	unsigned long malformed;
 260	unsigned long io_error;
 261	unsigned long bad_size;
 262	unsigned long unsupported;
 263};
 264
 265
 266/*
 267 *	Mux objects - needed so that we can translate a tty index into the
 268 *	relevant mux and DLCI.
 269 */
 270
 271#define MAX_MUX		4			/* 256 minors */
 272static struct gsm_mux *gsm_mux[MAX_MUX];	/* GSM muxes */
 273static DEFINE_SPINLOCK(gsm_mux_lock);
 274
 275static struct tty_driver *gsm_tty_driver;
 276
 277/*
 278 *	This section of the driver logic implements the GSM encodings
 279 *	both the basic and the 'advanced'. Reliable transport is not
 280 *	supported.
 281 */
 282
 283#define CR			0x02
 284#define EA			0x01
 285#define	PF			0x10
 286
 287/* I is special: the rest are ..*/
 288#define RR			0x01
 289#define UI			0x03
 290#define RNR			0x05
 291#define REJ			0x09
 292#define DM			0x0F
 293#define SABM			0x2F
 294#define DISC			0x43
 295#define UA			0x63
 296#define	UIH			0xEF
 297
 298/* Channel commands */
 299#define CMD_NSC			0x09
 300#define CMD_TEST		0x11
 301#define CMD_PSC			0x21
 302#define CMD_RLS			0x29
 303#define CMD_FCOFF		0x31
 304#define CMD_PN			0x41
 305#define CMD_RPN			0x49
 306#define CMD_FCON		0x51
 307#define CMD_CLD			0x61
 308#define CMD_SNC			0x69
 309#define CMD_MSC			0x71
 310
 311/* Virtual modem bits */
 312#define MDM_FC			0x01
 313#define MDM_RTC			0x02
 314#define MDM_RTR			0x04
 315#define MDM_IC			0x20
 316#define MDM_DV			0x40
 317
 318#define GSM0_SOF		0xF9
 319#define GSM1_SOF		0x7E
 320#define GSM1_ESCAPE		0x7D
 321#define GSM1_ESCAPE_BITS	0x20
 322#define XON			0x11
 323#define XOFF			0x13
 324#define ISO_IEC_646_MASK	0x7F
 325
 326static const struct tty_port_operations gsm_port_ops;
 327
 328/*
 329 *	CRC table for GSM 0710
 330 */
 331
 332static const u8 gsm_fcs8[256] = {
 333	0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75,
 334	0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B,
 335	0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69,
 336	0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67,
 337	0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D,
 338	0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43,
 339	0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51,
 340	0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F,
 341	0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05,
 342	0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B,
 343	0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19,
 344	0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17,
 345	0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D,
 346	0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33,
 347	0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21,
 348	0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F,
 349	0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95,
 350	0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B,
 351	0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89,
 352	0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87,
 353	0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD,
 354	0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3,
 355	0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1,
 356	0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF,
 357	0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5,
 358	0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB,
 359	0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9,
 360	0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7,
 361	0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD,
 362	0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3,
 363	0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1,
 364	0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF
 365};
 366
 367#define INIT_FCS	0xFF
 368#define GOOD_FCS	0xCF
 369
 370static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
 371static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk);
 372
 373/**
 374 *	gsm_fcs_add	-	update FCS
 375 *	@fcs: Current FCS
 376 *	@c: Next data
 377 *
 378 *	Update the FCS to include c. Uses the algorithm in the specification
 379 *	notes.
 380 */
 381
 382static inline u8 gsm_fcs_add(u8 fcs, u8 c)
 383{
 384	return gsm_fcs8[fcs ^ c];
 385}
 386
 387/**
 388 *	gsm_fcs_add_block	-	update FCS for a block
 389 *	@fcs: Current FCS
 390 *	@c: buffer of data
 391 *	@len: length of buffer
 392 *
 393 *	Update the FCS to include c. Uses the algorithm in the specification
 394 *	notes.
 395 */
 396
 397static inline u8 gsm_fcs_add_block(u8 fcs, u8 *c, int len)
 398{
 399	while (len--)
 400		fcs = gsm_fcs8[fcs ^ *c++];
 401	return fcs;
 402}
 403
 404/**
 405 *	gsm_read_ea		-	read a byte into an EA
 406 *	@val: variable holding value
 407 *	@c: byte going into the EA
 408 *
 409 *	Processes one byte of an EA. Updates the passed variable
 410 *	and returns 1 if the EA is now completely read
 411 */
 412
 413static int gsm_read_ea(unsigned int *val, u8 c)
 414{
 415	/* Add the next 7 bits into the value */
 416	*val <<= 7;
 417	*val |= c >> 1;
 418	/* Was this the last byte of the EA 1 = yes*/
 419	return c & EA;
 420}
 421
 422/**
 423 *	gsm_encode_modem	-	encode modem data bits
 424 *	@dlci: DLCI to encode from
 425 *
 426 *	Returns the correct GSM encoded modem status bits (6 bit field) for
 427 *	the current status of the DLCI and attached tty object
 428 */
 429
 430static u8 gsm_encode_modem(const struct gsm_dlci *dlci)
 431{
 432	u8 modembits = 0;
 433	/* FC is true flow control not modem bits */
 434	if (dlci->throttled)
 435		modembits |= MDM_FC;
 436	if (dlci->modem_tx & TIOCM_DTR)
 437		modembits |= MDM_RTC;
 438	if (dlci->modem_tx & TIOCM_RTS)
 439		modembits |= MDM_RTR;
 440	if (dlci->modem_tx & TIOCM_RI)
 441		modembits |= MDM_IC;
 442	if (dlci->modem_tx & TIOCM_CD || dlci->gsm->initiator)
 443		modembits |= MDM_DV;
 444	return modembits;
 445}
 446
 447/**
 448 *	gsm_print_packet	-	display a frame for debug
 449 *	@hdr: header to print before decode
 450 *	@addr: address EA from the frame
 451 *	@cr: C/R bit seen as initiator
 452 *	@control: control including PF bit
 453 *	@data: following data bytes
 454 *	@dlen: length of data
 455 *
 456 *	Displays a packet in human readable format for debugging purposes. The
 457 *	style is based on amateur radio LAP-B dump display.
 458 */
 459
 460static void gsm_print_packet(const char *hdr, int addr, int cr,
 461					u8 control, const u8 *data, int dlen)
 462{
 463	if (!(debug & 1))
 464		return;
 465
 466	pr_info("%s %d) %c: ", hdr, addr, "RC"[cr]);
 467
 468	switch (control & ~PF) {
 469	case SABM:
 470		pr_cont("SABM");
 471		break;
 472	case UA:
 473		pr_cont("UA");
 474		break;
 475	case DISC:
 476		pr_cont("DISC");
 477		break;
 478	case DM:
 479		pr_cont("DM");
 480		break;
 481	case UI:
 482		pr_cont("UI");
 483		break;
 484	case UIH:
 485		pr_cont("UIH");
 486		break;
 487	default:
 488		if (!(control & 0x01)) {
 489			pr_cont("I N(S)%d N(R)%d",
 490				(control & 0x0E) >> 1, (control & 0xE0) >> 5);
 491		} else switch (control & 0x0F) {
 492			case RR:
 493				pr_cont("RR(%d)", (control & 0xE0) >> 5);
 494				break;
 495			case RNR:
 496				pr_cont("RNR(%d)", (control & 0xE0) >> 5);
 497				break;
 498			case REJ:
 499				pr_cont("REJ(%d)", (control & 0xE0) >> 5);
 500				break;
 501			default:
 502				pr_cont("[%02X]", control);
 503		}
 504	}
 505
 506	if (control & PF)
 507		pr_cont("(P)");
 508	else
 509		pr_cont("(F)");
 510
 511	print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen);
 512}
 513
 514
 515/*
 516 *	Link level transmission side
 517 */
 518
 519/**
 520 *	gsm_stuff_frame	-	bytestuff a packet
 521 *	@input: input buffer
 522 *	@output: output buffer
 523 *	@len: length of input
 524 *
 525 *	Expand a buffer by bytestuffing it. The worst case size change
 526 *	is doubling and the caller is responsible for handing out
 527 *	suitable sized buffers.
 528 */
 529
 530static int gsm_stuff_frame(const u8 *input, u8 *output, int len)
 531{
 532	int olen = 0;
 533	while (len--) {
 534		if (*input == GSM1_SOF || *input == GSM1_ESCAPE
 535		    || (*input & ISO_IEC_646_MASK) == XON
 536		    || (*input & ISO_IEC_646_MASK) == XOFF) {
 537			*output++ = GSM1_ESCAPE;
 538			*output++ = *input++ ^ GSM1_ESCAPE_BITS;
 539			olen++;
 540		} else
 541			*output++ = *input++;
 542		olen++;
 543	}
 544	return olen;
 545}
 546
 547/**
 548 *	gsm_send	-	send a control frame
 549 *	@gsm: our GSM mux
 550 *	@addr: address for control frame
 551 *	@cr: command/response bit seen as initiator
 552 *	@control:  control byte including PF bit
 553 *
 554 *	Format up and transmit a control frame. These do not go via the
 555 *	queueing logic as they should be transmitted ahead of data when
 556 *	they are needed.
 557 *
 558 *	FIXME: Lock versus data TX path
 559 */
 560
 561static void gsm_send(struct gsm_mux *gsm, int addr, int cr, int control)
 562{
 563	int len;
 564	u8 cbuf[10];
 565	u8 ibuf[3];
 566	int ocr;
 567
 568	/* toggle C/R coding if not initiator */
 569	ocr = cr ^ (gsm->initiator ? 0 : 1);
 570
 571	switch (gsm->encoding) {
 572	case 0:
 573		cbuf[0] = GSM0_SOF;
 574		cbuf[1] = (addr << 2) | (ocr << 1) | EA;
 575		cbuf[2] = control;
 576		cbuf[3] = EA;	/* Length of data = 0 */
 577		cbuf[4] = 0xFF - gsm_fcs_add_block(INIT_FCS, cbuf + 1, 3);
 578		cbuf[5] = GSM0_SOF;
 579		len = 6;
 580		break;
 581	case 1:
 582	case 2:
 583		/* Control frame + packing (but not frame stuffing) in mode 1 */
 584		ibuf[0] = (addr << 2) | (ocr << 1) | EA;
 585		ibuf[1] = control;
 586		ibuf[2] = 0xFF - gsm_fcs_add_block(INIT_FCS, ibuf, 2);
 587		/* Stuffing may double the size worst case */
 588		len = gsm_stuff_frame(ibuf, cbuf + 1, 3);
 589		/* Now add the SOF markers */
 590		cbuf[0] = GSM1_SOF;
 591		cbuf[len + 1] = GSM1_SOF;
 592		/* FIXME: we can omit the lead one in many cases */
 593		len += 2;
 594		break;
 595	default:
 596		WARN_ON(1);
 597		return;
 598	}
 599	gsmld_output(gsm, cbuf, len);
 600	if (!gsm->initiator) {
 601		cr = cr & gsm->initiator;
 602		control = control & ~PF;
 603	}
 604	gsm_print_packet("-->", addr, cr, control, NULL, 0);
 605}
 606
 607/**
 608 *	gsm_response	-	send a control response
 609 *	@gsm: our GSM mux
 610 *	@addr: address for control frame
 611 *	@control:  control byte including PF bit
 612 *
 613 *	Format up and transmit a link level response frame.
 614 */
 615
 616static inline void gsm_response(struct gsm_mux *gsm, int addr, int control)
 617{
 618	gsm_send(gsm, addr, 0, control);
 619}
 620
 621/**
 622 *	gsm_command	-	send a control command
 623 *	@gsm: our GSM mux
 624 *	@addr: address for control frame
 625 *	@control:  control byte including PF bit
 626 *
 627 *	Format up and transmit a link level command frame.
 628 */
 629
 630static inline void gsm_command(struct gsm_mux *gsm, int addr, int control)
 631{
 632	gsm_send(gsm, addr, 1, control);
 633}
 634
 635/* Data transmission */
 636
 637#define HDR_LEN		6	/* ADDR CTRL [LEN.2] DATA FCS */
 638
 639/**
 640 *	gsm_data_alloc		-	allocate data frame
 641 *	@gsm: GSM mux
 642 *	@addr: DLCI address
 643 *	@len: length excluding header and FCS
 644 *	@ctrl: control byte
 645 *
 646 *	Allocate a new data buffer for sending frames with data. Space is left
 647 *	at the front for header bytes but that is treated as an implementation
 648 *	detail and not for the high level code to use
 649 */
 650
 651static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
 652								u8 ctrl)
 653{
 654	struct gsm_msg *m = kmalloc(sizeof(struct gsm_msg) + len + HDR_LEN,
 655								GFP_ATOMIC);
 656	if (m == NULL)
 657		return NULL;
 658	m->data = m->buffer + HDR_LEN - 1;	/* Allow for FCS */
 659	m->len = len;
 660	m->addr = addr;
 661	m->ctrl = ctrl;
 662	INIT_LIST_HEAD(&m->list);
 663	return m;
 664}
 665
 666/**
 667 *	gsm_data_kick		-	poke the queue
 668 *	@gsm: GSM Mux
 669 *	@dlci: DLCI sending the data
 670 *
 671 *	The tty device has called us to indicate that room has appeared in
 672 *	the transmit queue. Ram more data into the pipe if we have any
 673 *	If we have been flow-stopped by a CMD_FCOFF, then we can only
 674 *	send messages on DLCI0 until CMD_FCON
 675 *
 676 *	FIXME: lock against link layer control transmissions
 677 */
 678
 679static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
 680{
 681	struct gsm_msg *msg, *nmsg;
 682	int len;
 683
 684	list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
 685		if (gsm->constipated && msg->addr)
 686			continue;
 687		if (gsm->encoding != 0) {
 688			gsm->txframe[0] = GSM1_SOF;
 689			len = gsm_stuff_frame(msg->data,
 690						gsm->txframe + 1, msg->len);
 691			gsm->txframe[len + 1] = GSM1_SOF;
 692			len += 2;
 693		} else {
 694			gsm->txframe[0] = GSM0_SOF;
 695			memcpy(gsm->txframe + 1 , msg->data, msg->len);
 696			gsm->txframe[msg->len + 1] = GSM0_SOF;
 697			len = msg->len + 2;
 698		}
 699
 700		if (debug & 4)
 701			print_hex_dump_bytes("gsm_data_kick: ",
 702					     DUMP_PREFIX_OFFSET,
 703					     gsm->txframe, len);
 704		if (gsmld_output(gsm, gsm->txframe, len) <= 0)
 705			break;
 706		/* FIXME: Can eliminate one SOF in many more cases */
 707		gsm->tx_bytes -= msg->len;
 708
 709		list_del(&msg->list);
 710		kfree(msg);
 711
 712		if (dlci) {
 713			tty_port_tty_wakeup(&dlci->port);
 714		} else {
 715			int i = 0;
 716
 717			for (i = 0; i < NUM_DLCI; i++)
 718				if (gsm->dlci[i])
 719					tty_port_tty_wakeup(&gsm->dlci[i]->port);
 720		}
 721	}
 722}
 723
 724/**
 725 *	__gsm_data_queue		-	queue a UI or UIH frame
 726 *	@dlci: DLCI sending the data
 727 *	@msg: message queued
 728 *
 729 *	Add data to the transmit queue and try and get stuff moving
 730 *	out of the mux tty if not already doing so. The Caller must hold
 731 *	the gsm tx lock.
 732 */
 733
 734static void __gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
 735{
 736	struct gsm_mux *gsm = dlci->gsm;
 737	u8 *dp = msg->data;
 738	u8 *fcs = dp + msg->len;
 739
 740	/* Fill in the header */
 741	if (gsm->encoding == 0) {
 742		if (msg->len < 128)
 743			*--dp = (msg->len << 1) | EA;
 744		else {
 745			*--dp = (msg->len >> 7);	/* bits 7 - 15 */
 746			*--dp = (msg->len & 127) << 1;	/* bits 0 - 6 */
 747		}
 748	}
 749
 750	*--dp = msg->ctrl;
 751	if (gsm->initiator)
 752		*--dp = (msg->addr << 2) | 2 | EA;
 753	else
 754		*--dp = (msg->addr << 2) | EA;
 755	*fcs = gsm_fcs_add_block(INIT_FCS, dp , msg->data - dp);
 756	/* Ugly protocol layering violation */
 757	if (msg->ctrl == UI || msg->ctrl == (UI|PF))
 758		*fcs = gsm_fcs_add_block(*fcs, msg->data, msg->len);
 759	*fcs = 0xFF - *fcs;
 760
 761	gsm_print_packet("Q> ", msg->addr, gsm->initiator, msg->ctrl,
 762							msg->data, msg->len);
 763
 764	/* Move the header back and adjust the length, also allow for the FCS
 765	   now tacked on the end */
 766	msg->len += (msg->data - dp) + 1;
 767	msg->data = dp;
 768
 769	/* Add to the actual output queue */
 770	list_add_tail(&msg->list, &gsm->tx_list);
 771	gsm->tx_bytes += msg->len;
 772	gsm_data_kick(gsm, dlci);
 773}
 774
 775/**
 776 *	gsm_data_queue		-	queue a UI or UIH frame
 777 *	@dlci: DLCI sending the data
 778 *	@msg: message queued
 779 *
 780 *	Add data to the transmit queue and try and get stuff moving
 781 *	out of the mux tty if not already doing so. Take the
 782 *	the gsm tx lock and dlci lock.
 783 */
 784
 785static void gsm_data_queue(struct gsm_dlci *dlci, struct gsm_msg *msg)
 786{
 787	unsigned long flags;
 788	spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
 789	__gsm_data_queue(dlci, msg);
 790	spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
 791}
 792
 793/**
 794 *	gsm_dlci_data_output	-	try and push data out of a DLCI
 795 *	@gsm: mux
 796 *	@dlci: the DLCI to pull data from
 797 *
 798 *	Pull data from a DLCI and send it into the transmit queue if there
 799 *	is data. Keep to the MRU of the mux. This path handles the usual tty
 800 *	interface which is a byte stream with optional modem data.
 801 *
 802 *	Caller must hold the tx_lock of the mux.
 803 */
 804
 805static int gsm_dlci_data_output(struct gsm_mux *gsm, struct gsm_dlci *dlci)
 806{
 807	struct gsm_msg *msg;
 808	u8 *dp;
 809	int len, total_size, size;
 810	int h = dlci->adaption - 1;
 811
 812	total_size = 0;
 813	while (1) {
 814		len = kfifo_len(&dlci->fifo);
 815		if (len == 0)
 816			return total_size;
 817
 818		/* MTU/MRU count only the data bits */
 819		if (len > gsm->mtu)
 820			len = gsm->mtu;
 821
 822		size = len + h;
 823
 824		msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
 825		/* FIXME: need a timer or something to kick this so it can't
 826		   get stuck with no work outstanding and no buffer free */
 827		if (msg == NULL)
 828			return -ENOMEM;
 829		dp = msg->data;
 830		switch (dlci->adaption) {
 831		case 1:	/* Unstructured */
 832			break;
 833		case 2:	/* Unstructed with modem bits.
 834		Always one byte as we never send inline break data */
 835			*dp++ = (gsm_encode_modem(dlci) << 1) | EA;
 836			break;
 837		}
 838		WARN_ON(kfifo_out_locked(&dlci->fifo, dp , len, &dlci->lock) != len);
 839		__gsm_data_queue(dlci, msg);
 840		total_size += size;
 841	}
 842	/* Bytes of data we used up */
 843	return total_size;
 844}
 845
 846/**
 847 *	gsm_dlci_data_output_framed  -	try and push data out of a DLCI
 848 *	@gsm: mux
 849 *	@dlci: the DLCI to pull data from
 850 *
 851 *	Pull data from a DLCI and send it into the transmit queue if there
 852 *	is data. Keep to the MRU of the mux. This path handles framed data
 853 *	queued as skbuffs to the DLCI.
 854 *
 855 *	Caller must hold the tx_lock of the mux.
 856 */
 857
 858static int gsm_dlci_data_output_framed(struct gsm_mux *gsm,
 859						struct gsm_dlci *dlci)
 860{
 861	struct gsm_msg *msg;
 862	u8 *dp;
 863	int len, size;
 864	int last = 0, first = 0;
 865	int overhead = 0;
 866
 867	/* One byte per frame is used for B/F flags */
 868	if (dlci->adaption == 4)
 869		overhead = 1;
 870
 871	/* dlci->skb is locked by tx_lock */
 872	if (dlci->skb == NULL) {
 873		dlci->skb = skb_dequeue_tail(&dlci->skb_list);
 874		if (dlci->skb == NULL)
 875			return 0;
 876		first = 1;
 877	}
 878	len = dlci->skb->len + overhead;
 879
 880	/* MTU/MRU count only the data bits */
 881	if (len > gsm->mtu) {
 882		if (dlci->adaption == 3) {
 883			/* Over long frame, bin it */
 884			dev_kfree_skb_any(dlci->skb);
 885			dlci->skb = NULL;
 886			return 0;
 887		}
 888		len = gsm->mtu;
 889	} else
 890		last = 1;
 891
 892	size = len + overhead;
 893	msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
 894
 895	/* FIXME: need a timer or something to kick this so it can't
 896	   get stuck with no work outstanding and no buffer free */
 897	if (msg == NULL) {
 898		skb_queue_tail(&dlci->skb_list, dlci->skb);
 899		dlci->skb = NULL;
 900		return -ENOMEM;
 901	}
 902	dp = msg->data;
 903
 904	if (dlci->adaption == 4) { /* Interruptible framed (Packetised Data) */
 905		/* Flag byte to carry the start/end info */
 906		*dp++ = last << 7 | first << 6 | 1;	/* EA */
 907		len--;
 908	}
 909	memcpy(dp, dlci->skb->data, len);
 910	skb_pull(dlci->skb, len);
 911	__gsm_data_queue(dlci, msg);
 912	if (last) {
 913		dev_kfree_skb_any(dlci->skb);
 914		dlci->skb = NULL;
 915	}
 916	return size;
 917}
 918
 919/**
 920 *	gsm_dlci_modem_output	-	try and push modem status out of a DLCI
 921 *	@gsm: mux
 922 *	@dlci: the DLCI to pull modem status from
 923 *	@brk: break signal
 924 *
 925 *	Push an empty frame in to the transmit queue to update the modem status
 926 *	bits and to transmit an optional break.
 927 *
 928 *	Caller must hold the tx_lock of the mux.
 929 */
 930
 931static int gsm_dlci_modem_output(struct gsm_mux *gsm, struct gsm_dlci *dlci,
 932				 u8 brk)
 933{
 934	u8 *dp = NULL;
 935	struct gsm_msg *msg;
 936	int size = 0;
 937
 938	/* for modem bits without break data */
 939	switch (dlci->adaption) {
 940	case 1: /* Unstructured */
 941		break;
 942	case 2: /* Unstructured with modem bits. */
 943		size++;
 944		if (brk > 0)
 945			size++;
 946		break;
 947	default:
 948		pr_err("%s: unsupported adaption %d\n", __func__,
 949		       dlci->adaption);
 950		return -EINVAL;
 951	}
 952
 953	msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
 954	if (!msg) {
 955		pr_err("%s: gsm_data_alloc error", __func__);
 956		return -ENOMEM;
 957	}
 958	dp = msg->data;
 959	switch (dlci->adaption) {
 960	case 1: /* Unstructured */
 961		break;
 962	case 2: /* Unstructured with modem bits. */
 963		if (brk == 0) {
 964			*dp++ = (gsm_encode_modem(dlci) << 1) | EA;
 965		} else {
 966			*dp++ = gsm_encode_modem(dlci) << 1;
 967			*dp++ = (brk << 4) | 2 | EA; /* Length, Break, EA */
 968		}
 969		break;
 970	default:
 971		/* Handled above */
 972		break;
 973	}
 974
 975	__gsm_data_queue(dlci, msg);
 976	return size;
 977}
 978
 979/**
 980 *	gsm_dlci_data_sweep		-	look for data to send
 981 *	@gsm: the GSM mux
 982 *
 983 *	Sweep the GSM mux channels in priority order looking for ones with
 984 *	data to send. We could do with optimising this scan a bit. We aim
 985 *	to fill the queue totally or up to TX_THRESH_HI bytes. Once we hit
 986 *	TX_THRESH_LO we get called again
 987 *
 988 *	FIXME: We should round robin between groups and in theory you can
 989 *	renegotiate DLCI priorities with optional stuff. Needs optimising.
 990 */
 991
 992static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
 993{
 994	int len;
 995	/* Priority ordering: We should do priority with RR of the groups */
 996	int i = 1;
 997
 998	while (i < NUM_DLCI) {
 999		struct gsm_dlci *dlci;
1000
1001		if (gsm->tx_bytes > TX_THRESH_HI)
1002			break;
1003		dlci = gsm->dlci[i];
1004		if (dlci == NULL || dlci->constipated) {
1005			i++;
1006			continue;
1007		}
1008		if (dlci->adaption < 3 && !dlci->net)
1009			len = gsm_dlci_data_output(gsm, dlci);
1010		else
1011			len = gsm_dlci_data_output_framed(gsm, dlci);
1012		if (len < 0)
1013			break;
1014		/* DLCI empty - try the next */
1015		if (len == 0)
1016			i++;
1017	}
1018}
1019
1020/**
1021 *	gsm_dlci_data_kick	-	transmit if possible
1022 *	@dlci: DLCI to kick
1023 *
1024 *	Transmit data from this DLCI if the queue is empty. We can't rely on
1025 *	a tty wakeup except when we filled the pipe so we need to fire off
1026 *	new data ourselves in other cases.
1027 */
1028
1029static void gsm_dlci_data_kick(struct gsm_dlci *dlci)
1030{
1031	unsigned long flags;
1032	int sweep;
1033
1034	if (dlci->constipated)
1035		return;
1036
1037	spin_lock_irqsave(&dlci->gsm->tx_lock, flags);
1038	/* If we have nothing running then we need to fire up */
1039	sweep = (dlci->gsm->tx_bytes < TX_THRESH_LO);
1040	if (dlci->gsm->tx_bytes == 0) {
1041		if (dlci->net)
1042			gsm_dlci_data_output_framed(dlci->gsm, dlci);
1043		else
1044			gsm_dlci_data_output(dlci->gsm, dlci);
1045	}
1046	if (sweep)
1047		gsm_dlci_data_sweep(dlci->gsm);
1048	spin_unlock_irqrestore(&dlci->gsm->tx_lock, flags);
1049}
1050
1051/*
1052 *	Control message processing
1053 */
1054
1055
1056/**
1057 *	gsm_control_reply	-	send a response frame to a control
1058 *	@gsm: gsm channel
1059 *	@cmd: the command to use
1060 *	@data: data to follow encoded info
1061 *	@dlen: length of data
1062 *
1063 *	Encode up and queue a UI/UIH frame containing our response.
1064 */
1065
1066static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
1067					int dlen)
1068{
1069	struct gsm_msg *msg;
1070	msg = gsm_data_alloc(gsm, 0, dlen + 2, gsm->ftype);
1071	if (msg == NULL)
1072		return;
1073	msg->data[0] = (cmd & 0xFE) << 1 | EA;	/* Clear C/R */
1074	msg->data[1] = (dlen << 1) | EA;
1075	memcpy(msg->data + 2, data, dlen);
1076	gsm_data_queue(gsm->dlci[0], msg);
1077}
1078
1079/**
1080 *	gsm_process_modem	-	process received modem status
1081 *	@tty: virtual tty bound to the DLCI
1082 *	@dlci: DLCI to affect
1083 *	@modem: modem bits (full EA)
1084 *	@slen: number of signal octets
1085 *
1086 *	Used when a modem control message or line state inline in adaption
1087 *	layer 2 is processed. Sort out the local modem state and throttles
1088 */
1089
1090static void gsm_process_modem(struct tty_struct *tty, struct gsm_dlci *dlci,
1091							u32 modem, int slen)
1092{
1093	int  mlines = 0;
1094	u8 brk = 0;
1095	int fc;
1096
1097	/* The modem status command can either contain one octet (V.24 signals)
1098	 * or two octets (V.24 signals + break signals). This is specified in
1099	 * section 5.4.6.3.7 of the 07.10 mux spec.
1100	 */
1101
1102	if (slen == 1)
1103		modem = modem & 0x7f;
1104	else {
1105		brk = modem & 0x7f;
1106		modem = (modem >> 7) & 0x7f;
1107	}
1108
1109	/* Flow control/ready to communicate */
1110	fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1111	if (fc && !dlci->constipated) {
1112		/* Need to throttle our output on this device */
1113		dlci->constipated = true;
1114	} else if (!fc && dlci->constipated) {
1115		dlci->constipated = false;
1116		gsm_dlci_data_kick(dlci);
1117	}
1118
1119	/* Map modem bits */
1120	if (modem & MDM_RTC)
1121		mlines |= TIOCM_DSR | TIOCM_DTR;
1122	if (modem & MDM_RTR)
1123		mlines |= TIOCM_RTS | TIOCM_CTS;
1124	if (modem & MDM_IC)
1125		mlines |= TIOCM_RI;
1126	if (modem & MDM_DV)
1127		mlines |= TIOCM_CD;
1128
1129	/* Carrier drop -> hangup */
1130	if (tty) {
1131		if ((mlines & TIOCM_CD) == 0 && (dlci->modem_rx & TIOCM_CD))
1132			if (!C_CLOCAL(tty))
1133				tty_hangup(tty);
1134	}
1135	if (brk & 0x01)
1136		tty_insert_flip_char(&dlci->port, 0, TTY_BREAK);
1137	dlci->modem_rx = mlines;
1138}
1139
1140/**
1141 *	gsm_control_modem	-	modem status received
1142 *	@gsm: GSM channel
1143 *	@data: data following command
1144 *	@clen: command length
1145 *
1146 *	We have received a modem status control message. This is used by
1147 *	the GSM mux protocol to pass virtual modem line status and optionally
1148 *	to indicate break signals. Unpack it, convert to Linux representation
1149 *	and if need be stuff a break message down the tty.
1150 */
1151
1152static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1153{
1154	unsigned int addr = 0;
1155	unsigned int modem = 0;
1156	struct gsm_dlci *dlci;
1157	int len = clen;
1158	int slen;
1159	const u8 *dp = data;
1160	struct tty_struct *tty;
1161
1162	while (gsm_read_ea(&addr, *dp++) == 0) {
1163		len--;
1164		if (len == 0)
1165			return;
1166	}
1167	/* Must be at least one byte following the EA */
1168	len--;
1169	if (len <= 0)
1170		return;
1171
1172	addr >>= 1;
1173	/* Closed port, or invalid ? */
1174	if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1175		return;
1176	dlci = gsm->dlci[addr];
1177
1178	slen = len;
1179	while (gsm_read_ea(&modem, *dp++) == 0) {
1180		len--;
1181		if (len == 0)
1182			return;
1183	}
1184	len--;
1185	tty = tty_port_tty_get(&dlci->port);
1186	gsm_process_modem(tty, dlci, modem, slen - len);
1187	if (tty) {
1188		tty_wakeup(tty);
1189		tty_kref_put(tty);
1190	}
1191	gsm_control_reply(gsm, CMD_MSC, data, clen);
1192}
1193
1194/**
1195 *	gsm_control_rls		-	remote line status
1196 *	@gsm: GSM channel
1197 *	@data: data bytes
1198 *	@clen: data length
1199 *
1200 *	The modem sends us a two byte message on the control channel whenever
1201 *	it wishes to send us an error state from the virtual link. Stuff
1202 *	this into the uplink tty if present
1203 */
1204
1205static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1206{
1207	struct tty_port *port;
1208	unsigned int addr = 0;
1209	u8 bits;
1210	int len = clen;
1211	const u8 *dp = data;
1212
1213	while (gsm_read_ea(&addr, *dp++) == 0) {
1214		len--;
1215		if (len == 0)
1216			return;
1217	}
1218	/* Must be at least one byte following ea */
1219	len--;
1220	if (len <= 0)
1221		return;
1222	addr >>= 1;
1223	/* Closed port, or invalid ? */
1224	if (addr == 0 || addr >= NUM_DLCI || gsm->dlci[addr] == NULL)
1225		return;
1226	/* No error ? */
1227	bits = *dp;
1228	if ((bits & 1) == 0)
1229		return;
1230
1231	port = &gsm->dlci[addr]->port;
1232
1233	if (bits & 2)
1234		tty_insert_flip_char(port, 0, TTY_OVERRUN);
1235	if (bits & 4)
1236		tty_insert_flip_char(port, 0, TTY_PARITY);
1237	if (bits & 8)
1238		tty_insert_flip_char(port, 0, TTY_FRAME);
1239
1240	tty_flip_buffer_push(port);
1241
1242	gsm_control_reply(gsm, CMD_RLS, data, clen);
1243}
1244
1245static void gsm_dlci_begin_close(struct gsm_dlci *dlci);
1246
1247/**
1248 *	gsm_control_message	-	DLCI 0 control processing
1249 *	@gsm: our GSM mux
1250 *	@command:  the command EA
1251 *	@data: data beyond the command/length EAs
1252 *	@clen: length
1253 *
1254 *	Input processor for control messages from the other end of the link.
1255 *	Processes the incoming request and queues a response frame or an
1256 *	NSC response if not supported
1257 */
1258
1259static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1260						const u8 *data, int clen)
1261{
1262	u8 buf[1];
1263	unsigned long flags;
1264
1265	switch (command) {
1266	case CMD_CLD: {
1267		struct gsm_dlci *dlci = gsm->dlci[0];
1268		/* Modem wishes to close down */
1269		if (dlci) {
1270			dlci->dead = true;
1271			gsm->dead = true;
1272			gsm_dlci_begin_close(dlci);
1273		}
1274		}
1275		break;
1276	case CMD_TEST:
1277		/* Modem wishes to test, reply with the data */
1278		gsm_control_reply(gsm, CMD_TEST, data, clen);
1279		break;
1280	case CMD_FCON:
1281		/* Modem can accept data again */
1282		gsm->constipated = false;
1283		gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1284		/* Kick the link in case it is idling */
1285		spin_lock_irqsave(&gsm->tx_lock, flags);
1286		gsm_data_kick(gsm, NULL);
1287		spin_unlock_irqrestore(&gsm->tx_lock, flags);
1288		break;
1289	case CMD_FCOFF:
1290		/* Modem wants us to STFU */
1291		gsm->constipated = true;
1292		gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1293		break;
1294	case CMD_MSC:
1295		/* Out of band modem line change indicator for a DLCI */
1296		gsm_control_modem(gsm, data, clen);
1297		break;
1298	case CMD_RLS:
1299		/* Out of band error reception for a DLCI */
1300		gsm_control_rls(gsm, data, clen);
1301		break;
1302	case CMD_PSC:
1303		/* Modem wishes to enter power saving state */
1304		gsm_control_reply(gsm, CMD_PSC, NULL, 0);
1305		break;
1306		/* Optional unsupported commands */
1307	case CMD_PN:	/* Parameter negotiation */
1308	case CMD_RPN:	/* Remote port negotiation */
1309	case CMD_SNC:	/* Service negotiation command */
1310	default:
1311		/* Reply to bad commands with an NSC */
1312		buf[0] = command;
1313		gsm_control_reply(gsm, CMD_NSC, buf, 1);
1314		break;
1315	}
1316}
1317
1318/**
1319 *	gsm_control_response	-	process a response to our control
1320 *	@gsm: our GSM mux
1321 *	@command: the command (response) EA
1322 *	@data: data beyond the command/length EA
1323 *	@clen: length
1324 *
1325 *	Process a response to an outstanding command. We only allow a single
1326 *	control message in flight so this is fairly easy. All the clean up
1327 *	is done by the caller, we just update the fields, flag it as done
1328 *	and return
1329 */
1330
1331static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1332						const u8 *data, int clen)
1333{
1334	struct gsm_control *ctrl;
1335	unsigned long flags;
1336
1337	spin_lock_irqsave(&gsm->control_lock, flags);
1338
1339	ctrl = gsm->pending_cmd;
1340	/* Does the reply match our command */
1341	command |= 1;
1342	if (ctrl != NULL && (command == ctrl->cmd || command == CMD_NSC)) {
1343		/* Our command was replied to, kill the retry timer */
1344		del_timer(&gsm->t2_timer);
1345		gsm->pending_cmd = NULL;
1346		/* Rejected by the other end */
1347		if (command == CMD_NSC)
1348			ctrl->error = -EOPNOTSUPP;
1349		ctrl->done = 1;
1350		wake_up(&gsm->event);
1351	}
1352	spin_unlock_irqrestore(&gsm->control_lock, flags);
1353}
1354
1355/**
1356 *	gsm_control_transmit	-	send control packet
1357 *	@gsm: gsm mux
1358 *	@ctrl: frame to send
1359 *
1360 *	Send out a pending control command (called under control lock)
1361 */
1362
1363static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1364{
1365	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1366	if (msg == NULL)
1367		return;
1368	msg->data[0] = (ctrl->cmd << 1) | CR | EA;	/* command */
1369	msg->data[1] = (ctrl->len << 1) | EA;
1370	memcpy(msg->data + 2, ctrl->data, ctrl->len);
1371	gsm_data_queue(gsm->dlci[0], msg);
1372}
1373
1374/**
1375 *	gsm_control_retransmit	-	retransmit a control frame
1376 *	@t: timer contained in our gsm object
1377 *
1378 *	Called off the T2 timer expiry in order to retransmit control frames
1379 *	that have been lost in the system somewhere. The control_lock protects
1380 *	us from colliding with another sender or a receive completion event.
1381 *	In that situation the timer may still occur in a small window but
1382 *	gsm->pending_cmd will be NULL and we just let the timer expire.
1383 */
1384
1385static void gsm_control_retransmit(struct timer_list *t)
1386{
1387	struct gsm_mux *gsm = from_timer(gsm, t, t2_timer);
1388	struct gsm_control *ctrl;
1389	unsigned long flags;
1390	spin_lock_irqsave(&gsm->control_lock, flags);
1391	ctrl = gsm->pending_cmd;
1392	if (ctrl) {
1393		if (gsm->cretries == 0) {
1394			gsm->pending_cmd = NULL;
1395			ctrl->error = -ETIMEDOUT;
1396			ctrl->done = 1;
1397			spin_unlock_irqrestore(&gsm->control_lock, flags);
1398			wake_up(&gsm->event);
1399			return;
1400		}
1401		gsm->cretries--;
1402		gsm_control_transmit(gsm, ctrl);
1403		mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1404	}
1405	spin_unlock_irqrestore(&gsm->control_lock, flags);
1406}
1407
1408/**
1409 *	gsm_control_send	-	send a control frame on DLCI 0
1410 *	@gsm: the GSM channel
1411 *	@command: command  to send including CR bit
1412 *	@data: bytes of data (must be kmalloced)
1413 *	@clen: length of the block to send
1414 *
1415 *	Queue and dispatch a control command. Only one command can be
1416 *	active at a time. In theory more can be outstanding but the matching
1417 *	gets really complicated so for now stick to one outstanding.
1418 */
1419
1420static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1421		unsigned int command, u8 *data, int clen)
1422{
1423	struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1424						GFP_KERNEL);
1425	unsigned long flags;
1426	if (ctrl == NULL)
1427		return NULL;
1428retry:
1429	wait_event(gsm->event, gsm->pending_cmd == NULL);
1430	spin_lock_irqsave(&gsm->control_lock, flags);
1431	if (gsm->pending_cmd != NULL) {
1432		spin_unlock_irqrestore(&gsm->control_lock, flags);
1433		goto retry;
1434	}
1435	ctrl->cmd = command;
1436	ctrl->data = data;
1437	ctrl->len = clen;
1438	gsm->pending_cmd = ctrl;
1439
1440	/* If DLCI0 is in ADM mode skip retries, it won't respond */
1441	if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1442		gsm->cretries = 0;
1443	else
1444		gsm->cretries = gsm->n2;
1445
1446	mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1447	gsm_control_transmit(gsm, ctrl);
1448	spin_unlock_irqrestore(&gsm->control_lock, flags);
1449	return ctrl;
1450}
1451
1452/**
1453 *	gsm_control_wait	-	wait for a control to finish
1454 *	@gsm: GSM mux
1455 *	@control: control we are waiting on
1456 *
1457 *	Waits for the control to complete or time out. Frees any used
1458 *	resources and returns 0 for success, or an error if the remote
1459 *	rejected or ignored the request.
1460 */
1461
1462static int gsm_control_wait(struct gsm_mux *gsm, struct gsm_control *control)
1463{
1464	int err;
1465	wait_event(gsm->event, control->done == 1);
1466	err = control->error;
1467	kfree(control);
1468	return err;
1469}
1470
1471
1472/*
1473 *	DLCI level handling: Needs krefs
1474 */
1475
1476/*
1477 *	State transitions and timers
1478 */
1479
1480/**
1481 *	gsm_dlci_close		-	a DLCI has closed
1482 *	@dlci: DLCI that closed
1483 *
1484 *	Perform processing when moving a DLCI into closed state. If there
1485 *	is an attached tty this is hung up
1486 */
1487
1488static void gsm_dlci_close(struct gsm_dlci *dlci)
1489{
1490	unsigned long flags;
1491
1492	del_timer(&dlci->t1);
1493	if (debug & 8)
1494		pr_debug("DLCI %d goes closed.\n", dlci->addr);
1495	dlci->state = DLCI_CLOSED;
1496	if (dlci->addr != 0) {
1497		tty_port_tty_hangup(&dlci->port, false);
1498		spin_lock_irqsave(&dlci->lock, flags);
1499		kfifo_reset(&dlci->fifo);
1500		spin_unlock_irqrestore(&dlci->lock, flags);
1501		/* Ensure that gsmtty_open() can return. */
1502		tty_port_set_initialized(&dlci->port, 0);
1503		wake_up_interruptible(&dlci->port.open_wait);
1504	} else
1505		dlci->gsm->dead = true;
1506	wake_up(&dlci->gsm->event);
1507	/* A DLCI 0 close is a MUX termination so we need to kick that
1508	   back to userspace somehow */
1509}
1510
1511/**
1512 *	gsm_dlci_open		-	a DLCI has opened
1513 *	@dlci: DLCI that opened
1514 *
1515 *	Perform processing when moving a DLCI into open state.
1516 */
1517
1518static void gsm_dlci_open(struct gsm_dlci *dlci)
1519{
1520	/* Note that SABM UA .. SABM UA first UA lost can mean that we go
1521	   open -> open */
1522	del_timer(&dlci->t1);
1523	/* This will let a tty open continue */
1524	dlci->state = DLCI_OPEN;
1525	if (debug & 8)
1526		pr_debug("DLCI %d goes open.\n", dlci->addr);
1527	/* Send current modem state */
1528	if (dlci->addr)
1529		gsm_modem_update(dlci, 0);
1530	wake_up(&dlci->gsm->event);
1531}
1532
1533/**
1534 *	gsm_dlci_t1		-	T1 timer expiry
1535 *	@t: timer contained in the DLCI that opened
1536 *
1537 *	The T1 timer handles retransmits of control frames (essentially of
1538 *	SABM and DISC). We resend the command until the retry count runs out
1539 *	in which case an opening port goes back to closed and a closing port
1540 *	is simply put into closed state (any further frames from the other
1541 *	end will get a DM response)
1542 *
1543 *	Some control dlci can stay in ADM mode with other dlci working just
1544 *	fine. In that case we can just keep the control dlci open after the
1545 *	DLCI_OPENING retries time out.
1546 */
1547
1548static void gsm_dlci_t1(struct timer_list *t)
1549{
1550	struct gsm_dlci *dlci = from_timer(dlci, t, t1);
1551	struct gsm_mux *gsm = dlci->gsm;
1552
1553	switch (dlci->state) {
1554	case DLCI_OPENING:
1555		dlci->retries--;
1556		if (dlci->retries) {
1557			gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1558			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1559		} else if (!dlci->addr && gsm->control == (DM | PF)) {
1560			if (debug & 8)
1561				pr_info("DLCI %d opening in ADM mode.\n",
1562					dlci->addr);
1563			dlci->mode = DLCI_MODE_ADM;
1564			gsm_dlci_open(dlci);
1565		} else {
1566			gsm_dlci_begin_close(dlci); /* prevent half open link */
1567		}
1568
1569		break;
1570	case DLCI_CLOSING:
1571		dlci->retries--;
1572		if (dlci->retries) {
1573			gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1574			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1575		} else
1576			gsm_dlci_close(dlci);
1577		break;
1578	default:
1579		pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1580		break;
1581	}
1582}
1583
1584/**
1585 *	gsm_dlci_begin_open	-	start channel open procedure
1586 *	@dlci: DLCI to open
1587 *
1588 *	Commence opening a DLCI from the Linux side. We issue SABM messages
1589 *	to the modem which should then reply with a UA or ADM, at which point
1590 *	we will move into open state. Opening is done asynchronously with retry
1591 *	running off timers and the responses.
1592 */
1593
1594static void gsm_dlci_begin_open(struct gsm_dlci *dlci)
1595{
1596	struct gsm_mux *gsm = dlci->gsm;
1597	if (dlci->state == DLCI_OPEN || dlci->state == DLCI_OPENING)
1598		return;
1599	dlci->retries = gsm->n2;
1600	dlci->state = DLCI_OPENING;
1601	gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1602	mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1603}
1604
1605/**
1606 *	gsm_dlci_begin_close	-	start channel open procedure
1607 *	@dlci: DLCI to open
1608 *
1609 *	Commence closing a DLCI from the Linux side. We issue DISC messages
1610 *	to the modem which should then reply with a UA, at which point we
1611 *	will move into closed state. Closing is done asynchronously with retry
1612 *	off timers. We may also receive a DM reply from the other end which
1613 *	indicates the channel was already closed.
1614 */
1615
1616static void gsm_dlci_begin_close(struct gsm_dlci *dlci)
1617{
1618	struct gsm_mux *gsm = dlci->gsm;
1619	if (dlci->state == DLCI_CLOSED || dlci->state == DLCI_CLOSING)
1620		return;
1621	dlci->retries = gsm->n2;
1622	dlci->state = DLCI_CLOSING;
1623	gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1624	mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1625}
1626
1627/**
1628 *	gsm_dlci_data		-	data arrived
1629 *	@dlci: channel
1630 *	@data: block of bytes received
1631 *	@clen: length of received block
1632 *
1633 *	A UI or UIH frame has arrived which contains data for a channel
1634 *	other than the control channel. If the relevant virtual tty is
1635 *	open we shovel the bits down it, if not we drop them.
1636 */
1637
1638static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1639{
1640	/* krefs .. */
1641	struct tty_port *port = &dlci->port;
1642	struct tty_struct *tty;
1643	unsigned int modem = 0;
1644	int len = clen;
1645	int slen = 0;
1646
1647	if (debug & 16)
1648		pr_debug("%d bytes for tty\n", len);
1649	switch (dlci->adaption)  {
1650	/* Unsupported types */
1651	case 4:		/* Packetised interruptible data */
1652		break;
1653	case 3:		/* Packetised uininterruptible voice/data */
1654		break;
1655	case 2:		/* Asynchronous serial with line state in each frame */
1656		while (gsm_read_ea(&modem, *data++) == 0) {
1657			len--;
1658			slen++;
1659			if (len == 0)
1660				return;
1661		}
1662		len--;
1663		slen++;
1664		tty = tty_port_tty_get(port);
1665		if (tty) {
1666			gsm_process_modem(tty, dlci, modem, slen);
1667			tty_wakeup(tty);
1668			tty_kref_put(tty);
1669		}
1670		fallthrough;
1671	case 1:		/* Line state will go via DLCI 0 controls only */
1672	default:
1673		tty_insert_flip_string(port, data, len);
1674		tty_flip_buffer_push(port);
1675	}
1676}
1677
1678/**
1679 *	gsm_dlci_command	-	data arrived on control channel
1680 *	@dlci: channel
1681 *	@data: block of bytes received
1682 *	@len: length of received block
1683 *
1684 *	A UI or UIH frame has arrived which contains data for DLCI 0 the
1685 *	control channel. This should contain a command EA followed by
1686 *	control data bytes. The command EA contains a command/response bit
1687 *	and we divide up the work accordingly.
1688 */
1689
1690static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1691{
1692	/* See what command is involved */
1693	unsigned int command = 0;
1694	while (len-- > 0) {
1695		if (gsm_read_ea(&command, *data++) == 1) {
1696			int clen = *data++;
1697			len--;
1698			/* FIXME: this is properly an EA */
1699			clen >>= 1;
1700			/* Malformed command ? */
1701			if (clen > len)
1702				return;
1703			if (command & 1)
1704				gsm_control_message(dlci->gsm, command,
1705								data, clen);
1706			else
1707				gsm_control_response(dlci->gsm, command,
1708								data, clen);
1709			return;
1710		}
1711	}
1712}
1713
1714/*
1715 *	Allocate/Free DLCI channels
1716 */
1717
1718/**
1719 *	gsm_dlci_alloc		-	allocate a DLCI
1720 *	@gsm: GSM mux
1721 *	@addr: address of the DLCI
1722 *
1723 *	Allocate and install a new DLCI object into the GSM mux.
1724 *
1725 *	FIXME: review locking races
1726 */
1727
1728static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
1729{
1730	struct gsm_dlci *dlci = kzalloc(sizeof(struct gsm_dlci), GFP_ATOMIC);
1731	if (dlci == NULL)
1732		return NULL;
1733	spin_lock_init(&dlci->lock);
1734	mutex_init(&dlci->mutex);
1735	if (kfifo_alloc(&dlci->fifo, TX_SIZE, GFP_KERNEL) < 0) {
1736		kfree(dlci);
1737		return NULL;
1738	}
1739
1740	skb_queue_head_init(&dlci->skb_list);
1741	timer_setup(&dlci->t1, gsm_dlci_t1, 0);
1742	tty_port_init(&dlci->port);
1743	dlci->port.ops = &gsm_port_ops;
1744	dlci->gsm = gsm;
1745	dlci->addr = addr;
1746	dlci->adaption = gsm->adaption;
1747	dlci->state = DLCI_CLOSED;
1748	if (addr)
1749		dlci->data = gsm_dlci_data;
1750	else
1751		dlci->data = gsm_dlci_command;
1752	gsm->dlci[addr] = dlci;
1753	return dlci;
1754}
1755
1756/**
1757 *	gsm_dlci_free		-	free DLCI
1758 *	@port: tty port for DLCI to free
1759 *
1760 *	Free up a DLCI.
1761 *
1762 *	Can sleep.
1763 */
1764static void gsm_dlci_free(struct tty_port *port)
1765{
1766	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1767
1768	del_timer_sync(&dlci->t1);
1769	dlci->gsm->dlci[dlci->addr] = NULL;
1770	kfifo_free(&dlci->fifo);
1771	while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1772		dev_kfree_skb(dlci->skb);
1773	kfree(dlci);
1774}
1775
1776static inline void dlci_get(struct gsm_dlci *dlci)
1777{
1778	tty_port_get(&dlci->port);
1779}
1780
1781static inline void dlci_put(struct gsm_dlci *dlci)
1782{
1783	tty_port_put(&dlci->port);
1784}
1785
1786static void gsm_destroy_network(struct gsm_dlci *dlci);
1787
1788/**
1789 *	gsm_dlci_release		-	release DLCI
1790 *	@dlci: DLCI to destroy
1791 *
1792 *	Release a DLCI. Actual free is deferred until either
1793 *	mux is closed or tty is closed - whichever is last.
1794 *
1795 *	Can sleep.
1796 */
1797static void gsm_dlci_release(struct gsm_dlci *dlci)
1798{
1799	struct tty_struct *tty = tty_port_tty_get(&dlci->port);
1800	if (tty) {
1801		mutex_lock(&dlci->mutex);
1802		gsm_destroy_network(dlci);
1803		mutex_unlock(&dlci->mutex);
1804
1805		/* We cannot use tty_hangup() because in tty_kref_put() the tty
1806		 * driver assumes that the hangup queue is free and reuses it to
1807		 * queue release_one_tty() -> NULL pointer panic in
1808		 * process_one_work().
1809		 */
1810		tty_vhangup(tty);
1811
1812		tty_port_tty_set(&dlci->port, NULL);
1813		tty_kref_put(tty);
1814	}
1815	dlci->state = DLCI_CLOSED;
1816	dlci_put(dlci);
1817}
1818
1819/*
1820 *	LAPBish link layer logic
1821 */
1822
1823/**
1824 *	gsm_queue		-	a GSM frame is ready to process
1825 *	@gsm: pointer to our gsm mux
1826 *
1827 *	At this point in time a frame has arrived and been demangled from
1828 *	the line encoding. All the differences between the encodings have
1829 *	been handled below us and the frame is unpacked into the structures.
1830 *	The fcs holds the header FCS but any data FCS must be added here.
1831 */
1832
1833static void gsm_queue(struct gsm_mux *gsm)
1834{
1835	struct gsm_dlci *dlci;
1836	u8 cr;
1837	int address;
1838
1839	if (gsm->fcs != GOOD_FCS) {
1840		gsm->bad_fcs++;
1841		if (debug & 4)
1842			pr_debug("BAD FCS %02x\n", gsm->fcs);
1843		return;
1844	}
1845	address = gsm->address >> 1;
1846	if (address >= NUM_DLCI)
1847		goto invalid;
1848
1849	cr = gsm->address & 1;		/* C/R bit */
1850	cr ^= gsm->initiator ? 0 : 1;	/* Flip so 1 always means command */
1851
1852	gsm_print_packet("<--", address, cr, gsm->control, gsm->buf, gsm->len);
1853
1854	dlci = gsm->dlci[address];
1855
1856	switch (gsm->control) {
1857	case SABM|PF:
1858		if (cr == 1)
1859			goto invalid;
1860		if (dlci == NULL)
1861			dlci = gsm_dlci_alloc(gsm, address);
1862		if (dlci == NULL)
1863			return;
1864		if (dlci->dead)
1865			gsm_response(gsm, address, DM|PF);
1866		else {
1867			gsm_response(gsm, address, UA|PF);
1868			gsm_dlci_open(dlci);
1869		}
1870		break;
1871	case DISC|PF:
1872		if (cr == 1)
1873			goto invalid;
1874		if (dlci == NULL || dlci->state == DLCI_CLOSED) {
1875			gsm_response(gsm, address, DM|PF);
1876			return;
1877		}
1878		/* Real close complete */
1879		gsm_response(gsm, address, UA|PF);
1880		gsm_dlci_close(dlci);
1881		break;
1882	case UA|PF:
1883		if (cr == 0 || dlci == NULL)
1884			break;
1885		switch (dlci->state) {
1886		case DLCI_CLOSING:
1887			gsm_dlci_close(dlci);
1888			break;
1889		case DLCI_OPENING:
1890			gsm_dlci_open(dlci);
1891			break;
1892		default:
1893			pr_debug("%s: unhandled state: %d\n", __func__,
1894					dlci->state);
1895			break;
1896		}
1897		break;
1898	case DM:	/* DM can be valid unsolicited */
1899	case DM|PF:
1900		if (cr)
1901			goto invalid;
1902		if (dlci == NULL)
1903			return;
1904		gsm_dlci_close(dlci);
1905		break;
1906	case UI:
1907	case UI|PF:
1908	case UIH:
1909	case UIH|PF:
1910#if 0
1911		if (cr)
1912			goto invalid;
1913#endif
1914		if (dlci == NULL || dlci->state != DLCI_OPEN) {
1915			gsm_command(gsm, address, DM|PF);
1916			return;
1917		}
1918		dlci->data(dlci, gsm->buf, gsm->len);
1919		break;
1920	default:
1921		goto invalid;
1922	}
1923	return;
1924invalid:
1925	gsm->malformed++;
1926	return;
1927}
1928
1929
1930/**
1931 *	gsm0_receive	-	perform processing for non-transparency
1932 *	@gsm: gsm data for this ldisc instance
1933 *	@c: character
1934 *
1935 *	Receive bytes in gsm mode 0
1936 */
1937
1938static void gsm0_receive(struct gsm_mux *gsm, unsigned char c)
1939{
1940	unsigned int len;
1941
1942	switch (gsm->state) {
1943	case GSM_SEARCH:	/* SOF marker */
1944		if (c == GSM0_SOF) {
1945			gsm->state = GSM_ADDRESS;
1946			gsm->address = 0;
1947			gsm->len = 0;
1948			gsm->fcs = INIT_FCS;
1949		}
1950		break;
1951	case GSM_ADDRESS:	/* Address EA */
1952		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1953		if (gsm_read_ea(&gsm->address, c))
1954			gsm->state = GSM_CONTROL;
1955		break;
1956	case GSM_CONTROL:	/* Control Byte */
1957		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1958		gsm->control = c;
1959		gsm->state = GSM_LEN0;
1960		break;
1961	case GSM_LEN0:		/* Length EA */
1962		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1963		if (gsm_read_ea(&gsm->len, c)) {
1964			if (gsm->len > gsm->mru) {
1965				gsm->bad_size++;
1966				gsm->state = GSM_SEARCH;
1967				break;
1968			}
1969			gsm->count = 0;
1970			if (!gsm->len)
1971				gsm->state = GSM_FCS;
1972			else
1973				gsm->state = GSM_DATA;
1974			break;
1975		}
1976		gsm->state = GSM_LEN1;
1977		break;
1978	case GSM_LEN1:
1979		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1980		len = c;
1981		gsm->len |= len << 7;
1982		if (gsm->len > gsm->mru) {
1983			gsm->bad_size++;
1984			gsm->state = GSM_SEARCH;
1985			break;
1986		}
1987		gsm->count = 0;
1988		if (!gsm->len)
1989			gsm->state = GSM_FCS;
1990		else
1991			gsm->state = GSM_DATA;
1992		break;
1993	case GSM_DATA:		/* Data */
1994		gsm->buf[gsm->count++] = c;
1995		if (gsm->count == gsm->len) {
1996			/* Calculate final FCS for UI frames over all data */
1997			if ((gsm->control & ~PF) != UIH) {
1998				gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
1999							     gsm->count);
2000			}
2001			gsm->state = GSM_FCS;
2002		}
2003		break;
2004	case GSM_FCS:		/* FCS follows the packet */
2005		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2006		gsm->state = GSM_SSOF;
2007		break;
2008	case GSM_SSOF:
2009		gsm->state = GSM_SEARCH;
2010		if (c == GSM0_SOF)
2011			gsm_queue(gsm);
2012		else
2013			gsm->bad_size++;
2014		break;
2015	default:
2016		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2017		break;
2018	}
2019}
2020
2021/**
2022 *	gsm1_receive	-	perform processing for non-transparency
2023 *	@gsm: gsm data for this ldisc instance
2024 *	@c: character
2025 *
2026 *	Receive bytes in mode 1 (Advanced option)
2027 */
2028
2029static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
2030{
2031	/* handle XON/XOFF */
2032	if ((c & ISO_IEC_646_MASK) == XON) {
2033		gsm->constipated = true;
2034		return;
2035	} else if ((c & ISO_IEC_646_MASK) == XOFF) {
2036		gsm->constipated = false;
2037		/* Kick the link in case it is idling */
2038		gsm_data_kick(gsm, NULL);
2039		return;
2040	}
2041	if (c == GSM1_SOF) {
2042		/* EOF is only valid in frame if we have got to the data state */
2043		if (gsm->state == GSM_DATA) {
2044			if (gsm->count < 1) {
2045				/* Missing FSC */
2046				gsm->malformed++;
2047				gsm->state = GSM_START;
2048				return;
2049			}
2050			/* Remove the FCS from data */
2051			gsm->count--;
2052			if ((gsm->control & ~PF) != UIH) {
2053				/* Calculate final FCS for UI frames over all
2054				 * data but FCS
2055				 */
2056				gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf,
2057							     gsm->count);
2058			}
2059			/* Add the FCS itself to test against GOOD_FCS */
2060			gsm->fcs = gsm_fcs_add(gsm->fcs, gsm->buf[gsm->count]);
2061			gsm->len = gsm->count;
2062			gsm_queue(gsm);
2063			gsm->state  = GSM_START;
2064			return;
2065		}
2066		/* Any partial frame was a runt so go back to start */
2067		if (gsm->state != GSM_START) {
2068			if (gsm->state != GSM_SEARCH)
2069				gsm->malformed++;
2070			gsm->state = GSM_START;
2071		}
2072		/* A SOF in GSM_START means we are still reading idling or
2073		   framing bytes */
2074		return;
2075	}
2076
2077	if (c == GSM1_ESCAPE) {
2078		gsm->escape = true;
2079		return;
2080	}
2081
2082	/* Only an unescaped SOF gets us out of GSM search */
2083	if (gsm->state == GSM_SEARCH)
2084		return;
2085
2086	if (gsm->escape) {
2087		c ^= GSM1_ESCAPE_BITS;
2088		gsm->escape = false;
2089	}
2090	switch (gsm->state) {
2091	case GSM_START:		/* First byte after SOF */
2092		gsm->address = 0;
2093		gsm->state = GSM_ADDRESS;
2094		gsm->fcs = INIT_FCS;
2095		fallthrough;
2096	case GSM_ADDRESS:	/* Address continuation */
2097		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2098		if (gsm_read_ea(&gsm->address, c))
2099			gsm->state = GSM_CONTROL;
2100		break;
2101	case GSM_CONTROL:	/* Control Byte */
2102		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
2103		gsm->control = c;
2104		gsm->count = 0;
2105		gsm->state = GSM_DATA;
2106		break;
2107	case GSM_DATA:		/* Data */
2108		if (gsm->count > gsm->mru) {	/* Allow one for the FCS */
2109			gsm->state = GSM_OVERRUN;
2110			gsm->bad_size++;
2111		} else
2112			gsm->buf[gsm->count++] = c;
2113		break;
2114	case GSM_OVERRUN:	/* Over-long - eg a dropped SOF */
2115		break;
2116	default:
2117		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2118		break;
2119	}
2120}
2121
2122/**
2123 *	gsm_error		-	handle tty error
2124 *	@gsm: ldisc data
2125 *
2126 *	Handle an error in the receipt of data for a frame. Currently we just
2127 *	go back to hunting for a SOF.
2128 *
2129 *	FIXME: better diagnostics ?
2130 */
2131
2132static void gsm_error(struct gsm_mux *gsm)
2133{
2134	gsm->state = GSM_SEARCH;
2135	gsm->io_error++;
2136}
2137
2138/**
2139 *	gsm_cleanup_mux		-	generic GSM protocol cleanup
2140 *	@gsm: our mux
2141 *	@disc: disconnect link?
2142 *
2143 *	Clean up the bits of the mux which are the same for all framing
2144 *	protocols. Remove the mux from the mux table, stop all the timers
2145 *	and then shut down each device hanging up the channels as we go.
2146 */
2147
2148static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2149{
2150	int i;
2151	struct gsm_dlci *dlci = gsm->dlci[0];
2152	struct gsm_msg *txq, *ntxq;
2153
2154	gsm->dead = true;
2155	mutex_lock(&gsm->mutex);
2156
2157	if (dlci) {
2158		if (disc && dlci->state != DLCI_CLOSED) {
2159			gsm_dlci_begin_close(dlci);
2160			wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2161		}
2162		dlci->dead = true;
2163	}
2164
2165	/* Finish outstanding timers, making sure they are done */
2166	del_timer_sync(&gsm->t2_timer);
2167
2168	/* Free up any link layer users and finally the control channel */
2169	for (i = NUM_DLCI - 1; i >= 0; i--)
2170		if (gsm->dlci[i])
2171			gsm_dlci_release(gsm->dlci[i]);
2172	mutex_unlock(&gsm->mutex);
2173	/* Now wipe the queues */
2174	tty_ldisc_flush(gsm->tty);
2175	list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2176		kfree(txq);
2177	INIT_LIST_HEAD(&gsm->tx_list);
2178}
2179
2180/**
2181 *	gsm_activate_mux	-	generic GSM setup
2182 *	@gsm: our mux
2183 *
2184 *	Set up the bits of the mux which are the same for all framing
2185 *	protocols. Add the mux to the mux table so it can be opened and
2186 *	finally kick off connecting to DLCI 0 on the modem.
2187 */
2188
2189static int gsm_activate_mux(struct gsm_mux *gsm)
2190{
2191	struct gsm_dlci *dlci;
2192
2193	timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2194	init_waitqueue_head(&gsm->event);
2195	spin_lock_init(&gsm->control_lock);
2196	spin_lock_init(&gsm->tx_lock);
2197
2198	if (gsm->encoding == 0)
2199		gsm->receive = gsm0_receive;
2200	else
2201		gsm->receive = gsm1_receive;
2202
2203	dlci = gsm_dlci_alloc(gsm, 0);
2204	if (dlci == NULL)
2205		return -ENOMEM;
2206	gsm->dead = false;		/* Tty opens are now permissible */
2207	return 0;
2208}
2209
2210/**
2211 *	gsm_free_mux		-	free up a mux
2212 *	@gsm: mux to free
2213 *
2214 *	Dispose of allocated resources for a dead mux
2215 */
2216static void gsm_free_mux(struct gsm_mux *gsm)
2217{
2218	int i;
2219
2220	for (i = 0; i < MAX_MUX; i++) {
2221		if (gsm == gsm_mux[i]) {
2222			gsm_mux[i] = NULL;
2223			break;
2224		}
2225	}
2226	mutex_destroy(&gsm->mutex);
2227	kfree(gsm->txframe);
2228	kfree(gsm->buf);
2229	kfree(gsm);
2230}
2231
2232/**
2233 *	gsm_free_muxr		-	free up a mux
2234 *	@ref: kreference to the mux to free
2235 *
2236 *	Dispose of allocated resources for a dead mux
2237 */
2238static void gsm_free_muxr(struct kref *ref)
2239{
2240	struct gsm_mux *gsm = container_of(ref, struct gsm_mux, ref);
2241	gsm_free_mux(gsm);
2242}
2243
2244static inline void mux_get(struct gsm_mux *gsm)
2245{
2246	unsigned long flags;
2247
2248	spin_lock_irqsave(&gsm_mux_lock, flags);
2249	kref_get(&gsm->ref);
2250	spin_unlock_irqrestore(&gsm_mux_lock, flags);
2251}
2252
2253static inline void mux_put(struct gsm_mux *gsm)
2254{
2255	unsigned long flags;
2256
2257	spin_lock_irqsave(&gsm_mux_lock, flags);
2258	kref_put(&gsm->ref, gsm_free_muxr);
2259	spin_unlock_irqrestore(&gsm_mux_lock, flags);
2260}
2261
2262static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2263{
2264	return gsm->num * NUM_DLCI;
2265}
2266
2267static inline unsigned int mux_line_to_num(unsigned int line)
2268{
2269	return line / NUM_DLCI;
2270}
2271
2272/**
2273 *	gsm_alloc_mux		-	allocate a mux
2274 *
2275 *	Creates a new mux ready for activation.
2276 */
2277
2278static struct gsm_mux *gsm_alloc_mux(void)
2279{
2280	int i;
2281	struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2282	if (gsm == NULL)
2283		return NULL;
2284	gsm->buf = kmalloc(MAX_MRU + 1, GFP_KERNEL);
2285	if (gsm->buf == NULL) {
2286		kfree(gsm);
2287		return NULL;
2288	}
2289	gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2290	if (gsm->txframe == NULL) {
2291		kfree(gsm->buf);
2292		kfree(gsm);
2293		return NULL;
2294	}
2295	spin_lock_init(&gsm->lock);
2296	mutex_init(&gsm->mutex);
2297	kref_init(&gsm->ref);
2298	INIT_LIST_HEAD(&gsm->tx_list);
2299
2300	gsm->t1 = T1;
2301	gsm->t2 = T2;
2302	gsm->n2 = N2;
2303	gsm->ftype = UIH;
2304	gsm->adaption = 1;
2305	gsm->encoding = 1;
2306	gsm->mru = 64;	/* Default to encoding 1 so these should be 64 */
2307	gsm->mtu = 64;
2308	gsm->dead = true;	/* Avoid early tty opens */
2309
2310	/* Store the instance to the mux array or abort if no space is
2311	 * available.
2312	 */
2313	spin_lock(&gsm_mux_lock);
2314	for (i = 0; i < MAX_MUX; i++) {
2315		if (!gsm_mux[i]) {
2316			gsm_mux[i] = gsm;
2317			gsm->num = i;
2318			break;
2319		}
2320	}
2321	spin_unlock(&gsm_mux_lock);
2322	if (i == MAX_MUX) {
2323		mutex_destroy(&gsm->mutex);
2324		kfree(gsm->txframe);
2325		kfree(gsm->buf);
2326		kfree(gsm);
2327		return NULL;
2328	}
2329
2330	return gsm;
2331}
2332
2333static void gsm_copy_config_values(struct gsm_mux *gsm,
2334				   struct gsm_config *c)
2335{
2336	memset(c, 0, sizeof(*c));
2337	c->adaption = gsm->adaption;
2338	c->encapsulation = gsm->encoding;
2339	c->initiator = gsm->initiator;
2340	c->t1 = gsm->t1;
2341	c->t2 = gsm->t2;
2342	c->t3 = 0;	/* Not supported */
2343	c->n2 = gsm->n2;
2344	if (gsm->ftype == UIH)
2345		c->i = 1;
2346	else
2347		c->i = 2;
2348	pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2349	c->mru = gsm->mru;
2350	c->mtu = gsm->mtu;
2351	c->k = 0;
2352}
2353
2354static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2355{
2356	int ret = 0;
2357	int need_close = 0;
2358	int need_restart = 0;
2359
2360	/* Stuff we don't support yet - UI or I frame transport, windowing */
2361	if ((c->adaption != 1 && c->adaption != 2) || c->k)
2362		return -EOPNOTSUPP;
2363	/* Check the MRU/MTU range looks sane */
2364	if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2365		return -EINVAL;
2366	if (c->n2 > 255)
2367		return -EINVAL;
2368	if (c->encapsulation > 1)	/* Basic, advanced, no I */
2369		return -EINVAL;
2370	if (c->initiator > 1)
2371		return -EINVAL;
2372	if (c->i == 0 || c->i > 2)	/* UIH and UI only */
2373		return -EINVAL;
2374	/*
2375	 * See what is needed for reconfiguration
2376	 */
2377
2378	/* Timing fields */
2379	if (c->t1 != 0 && c->t1 != gsm->t1)
2380		need_restart = 1;
2381	if (c->t2 != 0 && c->t2 != gsm->t2)
2382		need_restart = 1;
2383	if (c->encapsulation != gsm->encoding)
2384		need_restart = 1;
2385	if (c->adaption != gsm->adaption)
2386		need_restart = 1;
2387	/* Requires care */
2388	if (c->initiator != gsm->initiator)
2389		need_close = 1;
2390	if (c->mru != gsm->mru)
2391		need_restart = 1;
2392	if (c->mtu != gsm->mtu)
2393		need_restart = 1;
2394
2395	/*
2396	 * Close down what is needed, restart and initiate the new
2397	 * configuration. On the first time there is no DLCI[0]
2398	 * and closing or cleaning up is not necessary.
2399	 */
2400	if (need_close || need_restart)
2401		gsm_cleanup_mux(gsm, true);
2402
2403	gsm->initiator = c->initiator;
2404	gsm->mru = c->mru;
2405	gsm->mtu = c->mtu;
2406	gsm->encoding = c->encapsulation;
2407	gsm->adaption = c->adaption;
2408	gsm->n2 = c->n2;
2409
2410	if (c->i == 1)
2411		gsm->ftype = UIH;
2412	else if (c->i == 2)
2413		gsm->ftype = UI;
2414
2415	if (c->t1)
2416		gsm->t1 = c->t1;
2417	if (c->t2)
2418		gsm->t2 = c->t2;
2419
2420	/*
2421	 * FIXME: We need to separate activation/deactivation from adding
2422	 * and removing from the mux array
2423	 */
2424	if (gsm->dead) {
2425		ret = gsm_activate_mux(gsm);
2426		if (ret)
2427			return ret;
2428		if (gsm->initiator)
2429			gsm_dlci_begin_open(gsm->dlci[0]);
2430	}
2431	return 0;
2432}
2433
2434/**
2435 *	gsmld_output		-	write to link
2436 *	@gsm: our mux
2437 *	@data: bytes to output
2438 *	@len: size
2439 *
2440 *	Write a block of data from the GSM mux to the data channel. This
2441 *	will eventually be serialized from above but at the moment isn't.
2442 */
2443
2444static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len)
2445{
2446	if (tty_write_room(gsm->tty) < len) {
2447		set_bit(TTY_DO_WRITE_WAKEUP, &gsm->tty->flags);
2448		return -ENOSPC;
2449	}
2450	if (debug & 4)
2451		print_hex_dump_bytes("gsmld_output: ", DUMP_PREFIX_OFFSET,
2452				     data, len);
2453	return gsm->tty->ops->write(gsm->tty, data, len);
2454}
2455
2456/**
2457 *	gsmld_attach_gsm	-	mode set up
2458 *	@tty: our tty structure
2459 *	@gsm: our mux
2460 *
2461 *	Set up the MUX for basic mode and commence connecting to the
2462 *	modem. Currently called from the line discipline set up but
2463 *	will need moving to an ioctl path.
2464 */
2465
2466static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2467{
2468	unsigned int base;
2469	int ret, i;
2470
2471	gsm->tty = tty_kref_get(tty);
2472	/* Turn off tty XON/XOFF handling to handle it explicitly. */
2473	gsm->old_c_iflag = tty->termios.c_iflag;
2474	tty->termios.c_iflag &= (IXON | IXOFF);
2475	ret =  gsm_activate_mux(gsm);
2476	if (ret != 0)
2477		tty_kref_put(gsm->tty);
2478	else {
2479		/* Don't register device 0 - this is the control channel and not
2480		   a usable tty interface */
2481		base = mux_num_to_base(gsm); /* Base for this MUX */
2482		for (i = 1; i < NUM_DLCI; i++) {
2483			struct device *dev;
2484
2485			dev = tty_register_device(gsm_tty_driver,
2486							base + i, NULL);
2487			if (IS_ERR(dev)) {
2488				for (i--; i >= 1; i--)
2489					tty_unregister_device(gsm_tty_driver,
2490								base + i);
2491				return PTR_ERR(dev);
2492			}
2493		}
2494	}
2495	return ret;
2496}
2497
2498
2499/**
2500 *	gsmld_detach_gsm	-	stop doing 0710 mux
2501 *	@tty: tty attached to the mux
2502 *	@gsm: mux
2503 *
2504 *	Shutdown and then clean up the resources used by the line discipline
2505 */
2506
2507static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2508{
2509	unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
2510	int i;
2511
2512	WARN_ON(tty != gsm->tty);
2513	for (i = 1; i < NUM_DLCI; i++)
2514		tty_unregister_device(gsm_tty_driver, base + i);
2515	/* Restore tty XON/XOFF handling. */
2516	gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2517	tty_kref_put(gsm->tty);
2518	gsm->tty = NULL;
2519}
2520
2521static void gsmld_receive_buf(struct tty_struct *tty, const unsigned char *cp,
2522			      const char *fp, int count)
2523{
2524	struct gsm_mux *gsm = tty->disc_data;
2525	char flags = TTY_NORMAL;
2526
2527	if (debug & 4)
2528		print_hex_dump_bytes("gsmld_receive: ", DUMP_PREFIX_OFFSET,
2529				     cp, count);
2530
2531	for (; count; count--, cp++) {
2532		if (fp)
2533			flags = *fp++;
2534		switch (flags) {
2535		case TTY_NORMAL:
2536			gsm->receive(gsm, *cp);
2537			break;
2538		case TTY_OVERRUN:
2539		case TTY_BREAK:
2540		case TTY_PARITY:
2541		case TTY_FRAME:
2542			gsm_error(gsm);
2543			break;
2544		default:
2545			WARN_ONCE(1, "%s: unknown flag %d\n",
2546			       tty_name(tty), flags);
2547			break;
2548		}
2549	}
2550	/* FASYNC if needed ? */
2551	/* If clogged call tty_throttle(tty); */
2552}
2553
2554/**
2555 *	gsmld_flush_buffer	-	clean input queue
2556 *	@tty:	terminal device
2557 *
2558 *	Flush the input buffer. Called when the line discipline is
2559 *	being closed, when the tty layer wants the buffer flushed (eg
2560 *	at hangup).
2561 */
2562
2563static void gsmld_flush_buffer(struct tty_struct *tty)
2564{
2565}
2566
2567/**
2568 *	gsmld_close		-	close the ldisc for this tty
2569 *	@tty: device
2570 *
2571 *	Called from the terminal layer when this line discipline is
2572 *	being shut down, either because of a close or becsuse of a
2573 *	discipline change. The function will not be called while other
2574 *	ldisc methods are in progress.
2575 */
2576
2577static void gsmld_close(struct tty_struct *tty)
2578{
2579	struct gsm_mux *gsm = tty->disc_data;
2580
2581	/* The ldisc locks and closes the port before calling our close. This
2582	 * means we have no way to do a proper disconnect. We will not bother
2583	 * to do one.
2584	 */
2585	gsm_cleanup_mux(gsm, false);
2586
2587	gsmld_detach_gsm(tty, gsm);
2588
2589	gsmld_flush_buffer(tty);
2590	/* Do other clean up here */
2591	mux_put(gsm);
2592}
2593
2594/**
2595 *	gsmld_open		-	open an ldisc
2596 *	@tty: terminal to open
2597 *
2598 *	Called when this line discipline is being attached to the
2599 *	terminal device. Can sleep. Called serialized so that no
2600 *	other events will occur in parallel. No further open will occur
2601 *	until a close.
2602 */
2603
2604static int gsmld_open(struct tty_struct *tty)
2605{
2606	struct gsm_mux *gsm;
2607	int ret;
2608
2609	if (tty->ops->write == NULL)
2610		return -EINVAL;
2611
2612	/* Attach our ldisc data */
2613	gsm = gsm_alloc_mux();
2614	if (gsm == NULL)
2615		return -ENOMEM;
2616
2617	tty->disc_data = gsm;
2618	tty->receive_room = 65536;
2619
2620	/* Attach the initial passive connection */
2621	gsm->encoding = 1;
2622
2623	ret = gsmld_attach_gsm(tty, gsm);
2624	if (ret != 0) {
2625		gsm_cleanup_mux(gsm, false);
2626		mux_put(gsm);
2627	}
2628	return ret;
2629}
2630
2631/**
2632 *	gsmld_write_wakeup	-	asynchronous I/O notifier
2633 *	@tty: tty device
2634 *
2635 *	Required for the ptys, serial driver etc. since processes
2636 *	that attach themselves to the master and rely on ASYNC
2637 *	IO must be woken up
2638 */
2639
2640static void gsmld_write_wakeup(struct tty_struct *tty)
2641{
2642	struct gsm_mux *gsm = tty->disc_data;
2643	unsigned long flags;
2644
2645	/* Queue poll */
2646	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2647	spin_lock_irqsave(&gsm->tx_lock, flags);
2648	gsm_data_kick(gsm, NULL);
2649	if (gsm->tx_bytes < TX_THRESH_LO) {
2650		gsm_dlci_data_sweep(gsm);
2651	}
2652	spin_unlock_irqrestore(&gsm->tx_lock, flags);
2653}
2654
2655/**
2656 *	gsmld_read		-	read function for tty
2657 *	@tty: tty device
2658 *	@file: file object
2659 *	@buf: userspace buffer pointer
2660 *	@nr: size of I/O
2661 *	@cookie: unused
2662 *	@offset: unused
2663 *
2664 *	Perform reads for the line discipline. We are guaranteed that the
2665 *	line discipline will not be closed under us but we may get multiple
2666 *	parallel readers and must handle this ourselves. We may also get
2667 *	a hangup. Always called in user context, may sleep.
2668 *
2669 *	This code must be sure never to sleep through a hangup.
2670 */
2671
2672static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2673			  unsigned char *buf, size_t nr,
2674			  void **cookie, unsigned long offset)
2675{
2676	return -EOPNOTSUPP;
2677}
2678
2679/**
2680 *	gsmld_write		-	write function for tty
2681 *	@tty: tty device
2682 *	@file: file object
2683 *	@buf: userspace buffer pointer
2684 *	@nr: size of I/O
2685 *
2686 *	Called when the owner of the device wants to send a frame
2687 *	itself (or some other control data). The data is transferred
2688 *	as-is and must be properly framed and checksummed as appropriate
2689 *	by userspace. Frames are either sent whole or not at all as this
2690 *	avoids pain user side.
2691 */
2692
2693static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2694			   const unsigned char *buf, size_t nr)
2695{
2696	int space = tty_write_room(tty);
2697	if (space >= nr)
2698		return tty->ops->write(tty, buf, nr);
2699	set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2700	return -ENOBUFS;
2701}
2702
2703/**
2704 *	gsmld_poll		-	poll method for N_GSM0710
2705 *	@tty: terminal device
2706 *	@file: file accessing it
2707 *	@wait: poll table
2708 *
2709 *	Called when the line discipline is asked to poll() for data or
2710 *	for special events. This code is not serialized with respect to
2711 *	other events save open/close.
2712 *
2713 *	This code must be sure never to sleep through a hangup.
2714 *	Called without the kernel lock held - fine
2715 */
2716
2717static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
2718							poll_table *wait)
2719{
2720	__poll_t mask = 0;
2721	struct gsm_mux *gsm = tty->disc_data;
2722
2723	poll_wait(file, &tty->read_wait, wait);
2724	poll_wait(file, &tty->write_wait, wait);
2725	if (tty_hung_up_p(file))
2726		mask |= EPOLLHUP;
2727	if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2728		mask |= EPOLLOUT | EPOLLWRNORM;
2729	if (gsm->dead)
2730		mask |= EPOLLHUP;
2731	return mask;
2732}
2733
2734static int gsmld_ioctl(struct tty_struct *tty, unsigned int cmd,
2735		       unsigned long arg)
2736{
2737	struct gsm_config c;
2738	struct gsm_mux *gsm = tty->disc_data;
2739	unsigned int base;
2740
2741	switch (cmd) {
2742	case GSMIOC_GETCONF:
2743		gsm_copy_config_values(gsm, &c);
2744		if (copy_to_user((void __user *)arg, &c, sizeof(c)))
2745			return -EFAULT;
2746		return 0;
2747	case GSMIOC_SETCONF:
2748		if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
2749			return -EFAULT;
2750		return gsm_config(gsm, &c);
2751	case GSMIOC_GETFIRST:
2752		base = mux_num_to_base(gsm);
2753		return put_user(base + 1, (__u32 __user *)arg);
2754	default:
2755		return n_tty_ioctl_helper(tty, cmd, arg);
2756	}
2757}
2758
2759/*
2760 *	Network interface
2761 *
2762 */
2763
2764static int gsm_mux_net_open(struct net_device *net)
2765{
2766	pr_debug("%s called\n", __func__);
2767	netif_start_queue(net);
2768	return 0;
2769}
2770
2771static int gsm_mux_net_close(struct net_device *net)
2772{
2773	netif_stop_queue(net);
2774	return 0;
2775}
2776
2777static void dlci_net_free(struct gsm_dlci *dlci)
2778{
2779	if (!dlci->net) {
2780		WARN_ON(1);
2781		return;
2782	}
2783	dlci->adaption = dlci->prev_adaption;
2784	dlci->data = dlci->prev_data;
2785	free_netdev(dlci->net);
2786	dlci->net = NULL;
2787}
2788static void net_free(struct kref *ref)
2789{
2790	struct gsm_mux_net *mux_net;
2791	struct gsm_dlci *dlci;
2792
2793	mux_net = container_of(ref, struct gsm_mux_net, ref);
2794	dlci = mux_net->dlci;
2795
2796	if (dlci->net) {
2797		unregister_netdev(dlci->net);
2798		dlci_net_free(dlci);
2799	}
2800}
2801
2802static inline void muxnet_get(struct gsm_mux_net *mux_net)
2803{
2804	kref_get(&mux_net->ref);
2805}
2806
2807static inline void muxnet_put(struct gsm_mux_net *mux_net)
2808{
2809	kref_put(&mux_net->ref, net_free);
2810}
2811
2812static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
2813				      struct net_device *net)
2814{
2815	struct gsm_mux_net *mux_net = netdev_priv(net);
2816	struct gsm_dlci *dlci = mux_net->dlci;
2817	muxnet_get(mux_net);
2818
2819	skb_queue_head(&dlci->skb_list, skb);
2820	net->stats.tx_packets++;
2821	net->stats.tx_bytes += skb->len;
2822	gsm_dlci_data_kick(dlci);
2823	/* And tell the kernel when the last transmit started. */
2824	netif_trans_update(net);
2825	muxnet_put(mux_net);
2826	return NETDEV_TX_OK;
2827}
2828
2829/* called when a packet did not ack after watchdogtimeout */
2830static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
2831{
2832	/* Tell syslog we are hosed. */
2833	dev_dbg(&net->dev, "Tx timed out.\n");
2834
2835	/* Update statistics */
2836	net->stats.tx_errors++;
2837}
2838
2839static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2840				const unsigned char *in_buf, int size)
2841{
2842	struct net_device *net = dlci->net;
2843	struct sk_buff *skb;
2844	struct gsm_mux_net *mux_net = netdev_priv(net);
2845	muxnet_get(mux_net);
2846
2847	/* Allocate an sk_buff */
2848	skb = dev_alloc_skb(size + NET_IP_ALIGN);
2849	if (!skb) {
2850		/* We got no receive buffer. */
2851		net->stats.rx_dropped++;
2852		muxnet_put(mux_net);
2853		return;
2854	}
2855	skb_reserve(skb, NET_IP_ALIGN);
2856	skb_put_data(skb, in_buf, size);
2857
2858	skb->dev = net;
2859	skb->protocol = htons(ETH_P_IP);
2860
2861	/* Ship it off to the kernel */
2862	netif_rx(skb);
2863
2864	/* update out statistics */
2865	net->stats.rx_packets++;
2866	net->stats.rx_bytes += size;
2867	muxnet_put(mux_net);
2868	return;
2869}
2870
2871static void gsm_mux_net_init(struct net_device *net)
2872{
2873	static const struct net_device_ops gsm_netdev_ops = {
2874		.ndo_open		= gsm_mux_net_open,
2875		.ndo_stop		= gsm_mux_net_close,
2876		.ndo_start_xmit		= gsm_mux_net_start_xmit,
2877		.ndo_tx_timeout		= gsm_mux_net_tx_timeout,
2878	};
2879
2880	net->netdev_ops = &gsm_netdev_ops;
2881
2882	/* fill in the other fields */
2883	net->watchdog_timeo = GSM_NET_TX_TIMEOUT;
2884	net->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
2885	net->type = ARPHRD_NONE;
2886	net->tx_queue_len = 10;
2887}
2888
2889
2890/* caller holds the dlci mutex */
2891static void gsm_destroy_network(struct gsm_dlci *dlci)
2892{
2893	struct gsm_mux_net *mux_net;
2894
2895	pr_debug("destroy network interface\n");
2896	if (!dlci->net)
2897		return;
2898	mux_net = netdev_priv(dlci->net);
2899	muxnet_put(mux_net);
2900}
2901
2902
2903/* caller holds the dlci mutex */
2904static int gsm_create_network(struct gsm_dlci *dlci, struct gsm_netconfig *nc)
2905{
2906	char *netname;
2907	int retval = 0;
2908	struct net_device *net;
2909	struct gsm_mux_net *mux_net;
2910
2911	if (!capable(CAP_NET_ADMIN))
2912		return -EPERM;
2913
2914	/* Already in a non tty mode */
2915	if (dlci->adaption > 2)
2916		return -EBUSY;
2917
2918	if (nc->protocol != htons(ETH_P_IP))
2919		return -EPROTONOSUPPORT;
2920
2921	if (nc->adaption != 3 && nc->adaption != 4)
2922		return -EPROTONOSUPPORT;
2923
2924	pr_debug("create network interface\n");
2925
2926	netname = "gsm%d";
2927	if (nc->if_name[0] != '\0')
2928		netname = nc->if_name;
2929	net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2930			   NET_NAME_UNKNOWN, gsm_mux_net_init);
2931	if (!net) {
2932		pr_err("alloc_netdev failed\n");
2933		return -ENOMEM;
2934	}
2935	net->mtu = dlci->gsm->mtu;
2936	net->min_mtu = 8;
2937	net->max_mtu = dlci->gsm->mtu;
2938	mux_net = netdev_priv(net);
2939	mux_net->dlci = dlci;
2940	kref_init(&mux_net->ref);
2941	strncpy(nc->if_name, net->name, IFNAMSIZ); /* return net name */
2942
2943	/* reconfigure dlci for network */
2944	dlci->prev_adaption = dlci->adaption;
2945	dlci->prev_data = dlci->data;
2946	dlci->adaption = nc->adaption;
2947	dlci->data = gsm_mux_rx_netchar;
2948	dlci->net = net;
2949
2950	pr_debug("register netdev\n");
2951	retval = register_netdev(net);
2952	if (retval) {
2953		pr_err("network register fail %d\n", retval);
2954		dlci_net_free(dlci);
2955		return retval;
2956	}
2957	return net->ifindex;	/* return network index */
2958}
2959
2960/* Line discipline for real tty */
2961static struct tty_ldisc_ops tty_ldisc_packet = {
2962	.owner		 = THIS_MODULE,
2963	.num		 = N_GSM0710,
2964	.name            = "n_gsm",
2965	.open            = gsmld_open,
2966	.close           = gsmld_close,
2967	.flush_buffer    = gsmld_flush_buffer,
2968	.read            = gsmld_read,
2969	.write           = gsmld_write,
2970	.ioctl           = gsmld_ioctl,
2971	.poll            = gsmld_poll,
2972	.receive_buf     = gsmld_receive_buf,
2973	.write_wakeup    = gsmld_write_wakeup
2974};
2975
2976/*
2977 *	Virtual tty side
2978 */
2979
2980/**
2981 *	gsm_modem_upd_via_data	-	send modem bits via convergence layer
2982 *	@dlci: channel
2983 *	@brk: break signal
2984 *
2985 *	Send an empty frame to signal mobile state changes and to transmit the
2986 *	break signal for adaption 2.
2987 */
2988
2989static void gsm_modem_upd_via_data(struct gsm_dlci *dlci, u8 brk)
2990{
2991	struct gsm_mux *gsm = dlci->gsm;
2992	unsigned long flags;
2993
2994	if (dlci->state != DLCI_OPEN || dlci->adaption != 2)
2995		return;
2996
2997	spin_lock_irqsave(&gsm->tx_lock, flags);
2998	gsm_dlci_modem_output(gsm, dlci, brk);
2999	spin_unlock_irqrestore(&gsm->tx_lock, flags);
3000}
3001
3002/**
3003 *	gsm_modem_upd_via_msc	-	send modem bits via control frame
3004 *	@dlci: channel
3005 *	@brk: break signal
3006 */
3007
3008static int gsm_modem_upd_via_msc(struct gsm_dlci *dlci, u8 brk)
3009{
3010	u8 modembits[3];
3011	struct gsm_control *ctrl;
3012	int len = 2;
3013
3014	if (dlci->gsm->encoding != 0)
3015		return 0;
3016
3017	modembits[0] = (dlci->addr << 2) | 2 | EA;  /* DLCI, Valid, EA */
3018	if (!brk) {
3019		modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3020	} else {
3021		modembits[1] = gsm_encode_modem(dlci) << 1;
3022		modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
3023		len++;
3024	}
3025	ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
3026	if (ctrl == NULL)
3027		return -ENOMEM;
3028	return gsm_control_wait(dlci->gsm, ctrl);
3029}
3030
3031/**
3032 *	gsm_modem_update	-	send modem status line state
3033 *	@dlci: channel
3034 *	@brk: break signal
3035 */
3036
3037static int gsm_modem_update(struct gsm_dlci *dlci, u8 brk)
3038{
3039	if (dlci->adaption == 2) {
3040		/* Send convergence layer type 2 empty data frame. */
3041		gsm_modem_upd_via_data(dlci, brk);
3042		return 0;
3043	} else if (dlci->gsm->encoding == 0) {
3044		/* Send as MSC control message. */
3045		return gsm_modem_upd_via_msc(dlci, brk);
3046	}
3047
3048	/* Modem status lines are not supported. */
3049	return -EPROTONOSUPPORT;
3050}
3051
3052static int gsm_carrier_raised(struct tty_port *port)
3053{
3054	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3055	struct gsm_mux *gsm = dlci->gsm;
3056
3057	/* Not yet open so no carrier info */
3058	if (dlci->state != DLCI_OPEN)
3059		return 0;
3060	if (debug & 2)
3061		return 1;
3062
3063	/*
3064	 * Basic mode with control channel in ADM mode may not respond
3065	 * to CMD_MSC at all and modem_rx is empty.
3066	 */
3067	if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
3068	    !dlci->modem_rx)
3069		return 1;
3070
3071	return dlci->modem_rx & TIOCM_CD;
3072}
3073
3074static void gsm_dtr_rts(struct tty_port *port, int onoff)
3075{
3076	struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
3077	unsigned int modem_tx = dlci->modem_tx;
3078	if (onoff)
3079		modem_tx |= TIOCM_DTR | TIOCM_RTS;
3080	else
3081		modem_tx &= ~(TIOCM_DTR | TIOCM_RTS);
3082	if (modem_tx != dlci->modem_tx) {
3083		dlci->modem_tx = modem_tx;
3084		gsm_modem_update(dlci, 0);
3085	}
3086}
3087
3088static const struct tty_port_operations gsm_port_ops = {
3089	.carrier_raised = gsm_carrier_raised,
3090	.dtr_rts = gsm_dtr_rts,
3091	.destruct = gsm_dlci_free,
3092};
3093
3094static int gsmtty_install(struct tty_driver *driver, struct tty_struct *tty)
3095{
3096	struct gsm_mux *gsm;
3097	struct gsm_dlci *dlci;
3098	unsigned int line = tty->index;
3099	unsigned int mux = mux_line_to_num(line);
3100	bool alloc = false;
3101	int ret;
3102
3103	line = line & 0x3F;
3104
3105	if (mux >= MAX_MUX)
3106		return -ENXIO;
3107	/* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
3108	if (gsm_mux[mux] == NULL)
3109		return -EUNATCH;
3110	if (line == 0 || line > 61)	/* 62/63 reserved */
3111		return -ECHRNG;
3112	gsm = gsm_mux[mux];
3113	if (gsm->dead)
3114		return -EL2HLT;
3115	/* If DLCI 0 is not yet fully open return an error.
3116	This is ok from a locking
3117	perspective as we don't have to worry about this
3118	if DLCI0 is lost */
3119	mutex_lock(&gsm->mutex);
3120	if (gsm->dlci[0] && gsm->dlci[0]->state != DLCI_OPEN) {
3121		mutex_unlock(&gsm->mutex);
3122		return -EL2NSYNC;
3123	}
3124	dlci = gsm->dlci[line];
3125	if (dlci == NULL) {
3126		alloc = true;
3127		dlci = gsm_dlci_alloc(gsm, line);
3128	}
3129	if (dlci == NULL) {
3130		mutex_unlock(&gsm->mutex);
3131		return -ENOMEM;
3132	}
3133	ret = tty_port_install(&dlci->port, driver, tty);
3134	if (ret) {
3135		if (alloc)
3136			dlci_put(dlci);
3137		mutex_unlock(&gsm->mutex);
3138		return ret;
3139	}
3140
3141	dlci_get(dlci);
3142	dlci_get(gsm->dlci[0]);
3143	mux_get(gsm);
3144	tty->driver_data = dlci;
3145	mutex_unlock(&gsm->mutex);
3146
3147	return 0;
3148}
3149
3150static int gsmtty_open(struct tty_struct *tty, struct file *filp)
3151{
3152	struct gsm_dlci *dlci = tty->driver_data;
3153	struct tty_port *port = &dlci->port;
3154	struct gsm_mux *gsm = dlci->gsm;
3155
3156	port->count++;
3157	tty_port_tty_set(port, tty);
3158
3159	dlci->modem_rx = 0;
3160	/* We could in theory open and close before we wait - eg if we get
3161	   a DM straight back. This is ok as that will have caused a hangup */
3162	tty_port_set_initialized(port, 1);
3163	/* Start sending off SABM messages */
3164	if (gsm->initiator)
3165		gsm_dlci_begin_open(dlci);
3166	/* And wait for virtual carrier */
3167	return tty_port_block_til_ready(port, tty, filp);
3168}
3169
3170static void gsmtty_close(struct tty_struct *tty, struct file *filp)
3171{
3172	struct gsm_dlci *dlci = tty->driver_data;
3173
3174	if (dlci == NULL)
3175		return;
3176	if (dlci->state == DLCI_CLOSED)
3177		return;
3178	mutex_lock(&dlci->mutex);
3179	gsm_destroy_network(dlci);
3180	mutex_unlock(&dlci->mutex);
3181	if (tty_port_close_start(&dlci->port, tty, filp) == 0)
3182		return;
3183	gsm_dlci_begin_close(dlci);
3184	if (tty_port_initialized(&dlci->port) && C_HUPCL(tty))
3185		tty_port_lower_dtr_rts(&dlci->port);
3186	tty_port_close_end(&dlci->port, tty);
3187	tty_port_tty_set(&dlci->port, NULL);
3188	return;
3189}
3190
3191static void gsmtty_hangup(struct tty_struct *tty)
3192{
3193	struct gsm_dlci *dlci = tty->driver_data;
3194	if (dlci->state == DLCI_CLOSED)
3195		return;
3196	tty_port_hangup(&dlci->port);
3197	gsm_dlci_begin_close(dlci);
3198}
3199
3200static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf,
3201								    int len)
3202{
3203	int sent;
3204	struct gsm_dlci *dlci = tty->driver_data;
3205	if (dlci->state == DLCI_CLOSED)
3206		return -EINVAL;
3207	/* Stuff the bytes into the fifo queue */
3208	sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3209	/* Need to kick the channel */
3210	gsm_dlci_data_kick(dlci);
3211	return sent;
3212}
3213
3214static unsigned int gsmtty_write_room(struct tty_struct *tty)
3215{
3216	struct gsm_dlci *dlci = tty->driver_data;
3217	if (dlci->state == DLCI_CLOSED)
3218		return 0;
3219	return kfifo_avail(&dlci->fifo);
3220}
3221
3222static unsigned int gsmtty_chars_in_buffer(struct tty_struct *tty)
3223{
3224	struct gsm_dlci *dlci = tty->driver_data;
3225	if (dlci->state == DLCI_CLOSED)
3226		return 0;
3227	return kfifo_len(&dlci->fifo);
3228}
3229
3230static void gsmtty_flush_buffer(struct tty_struct *tty)
3231{
3232	struct gsm_dlci *dlci = tty->driver_data;
3233	unsigned long flags;
3234
3235	if (dlci->state == DLCI_CLOSED)
3236		return;
3237	/* Caution needed: If we implement reliable transport classes
3238	   then the data being transmitted can't simply be junked once
3239	   it has first hit the stack. Until then we can just blow it
3240	   away */
3241	spin_lock_irqsave(&dlci->lock, flags);
3242	kfifo_reset(&dlci->fifo);
3243	spin_unlock_irqrestore(&dlci->lock, flags);
3244	/* Need to unhook this DLCI from the transmit queue logic */
3245}
3246
3247static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout)
3248{
3249	/* The FIFO handles the queue so the kernel will do the right
3250	   thing waiting on chars_in_buffer before calling us. No work
3251	   to do here */
3252}
3253
3254static int gsmtty_tiocmget(struct tty_struct *tty)
3255{
3256	struct gsm_dlci *dlci = tty->driver_data;
3257	if (dlci->state == DLCI_CLOSED)
3258		return -EINVAL;
3259	return dlci->modem_rx;
3260}
3261
3262static int gsmtty_tiocmset(struct tty_struct *tty,
3263	unsigned int set, unsigned int clear)
3264{
3265	struct gsm_dlci *dlci = tty->driver_data;
3266	unsigned int modem_tx = dlci->modem_tx;
3267
3268	if (dlci->state == DLCI_CLOSED)
3269		return -EINVAL;
3270	modem_tx &= ~clear;
3271	modem_tx |= set;
3272
3273	if (modem_tx != dlci->modem_tx) {
3274		dlci->modem_tx = modem_tx;
3275		return gsm_modem_update(dlci, 0);
3276	}
3277	return 0;
3278}
3279
3280
3281static int gsmtty_ioctl(struct tty_struct *tty,
3282			unsigned int cmd, unsigned long arg)
3283{
3284	struct gsm_dlci *dlci = tty->driver_data;
3285	struct gsm_netconfig nc;
3286	int index;
3287
3288	if (dlci->state == DLCI_CLOSED)
3289		return -EINVAL;
3290	switch (cmd) {
3291	case GSMIOC_ENABLE_NET:
3292		if (copy_from_user(&nc, (void __user *)arg, sizeof(nc)))
3293			return -EFAULT;
3294		nc.if_name[IFNAMSIZ-1] = '\0';
3295		/* return net interface index or error code */
3296		mutex_lock(&dlci->mutex);
3297		index = gsm_create_network(dlci, &nc);
3298		mutex_unlock(&dlci->mutex);
3299		if (copy_to_user((void __user *)arg, &nc, sizeof(nc)))
3300			return -EFAULT;
3301		return index;
3302	case GSMIOC_DISABLE_NET:
3303		if (!capable(CAP_NET_ADMIN))
3304			return -EPERM;
3305		mutex_lock(&dlci->mutex);
3306		gsm_destroy_network(dlci);
3307		mutex_unlock(&dlci->mutex);
3308		return 0;
3309	default:
3310		return -ENOIOCTLCMD;
3311	}
3312}
3313
3314static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old)
3315{
3316	struct gsm_dlci *dlci = tty->driver_data;
3317	if (dlci->state == DLCI_CLOSED)
3318		return;
3319	/* For the moment its fixed. In actual fact the speed information
3320	   for the virtual channel can be propogated in both directions by
3321	   the RPN control message. This however rapidly gets nasty as we
3322	   then have to remap modem signals each way according to whether
3323	   our virtual cable is null modem etc .. */
3324	tty_termios_copy_hw(&tty->termios, old);
3325}
3326
3327static void gsmtty_throttle(struct tty_struct *tty)
3328{
3329	struct gsm_dlci *dlci = tty->driver_data;
3330	if (dlci->state == DLCI_CLOSED)
3331		return;
3332	if (C_CRTSCTS(tty))
3333		dlci->modem_tx &= ~TIOCM_RTS;
3334	dlci->throttled = true;
3335	/* Send an MSC with RTS cleared */
3336	gsm_modem_update(dlci, 0);
3337}
3338
3339static void gsmtty_unthrottle(struct tty_struct *tty)
3340{
3341	struct gsm_dlci *dlci = tty->driver_data;
3342	if (dlci->state == DLCI_CLOSED)
3343		return;
3344	if (C_CRTSCTS(tty))
3345		dlci->modem_tx |= TIOCM_RTS;
3346	dlci->throttled = false;
3347	/* Send an MSC with RTS set */
3348	gsm_modem_update(dlci, 0);
3349}
3350
3351static int gsmtty_break_ctl(struct tty_struct *tty, int state)
3352{
3353	struct gsm_dlci *dlci = tty->driver_data;
3354	int encode = 0;	/* Off */
3355	if (dlci->state == DLCI_CLOSED)
3356		return -EINVAL;
3357
3358	if (state == -1)	/* "On indefinitely" - we can't encode this
3359				    properly */
3360		encode = 0x0F;
3361	else if (state > 0) {
3362		encode = state / 200;	/* mS to encoding */
3363		if (encode > 0x0F)
3364			encode = 0x0F;	/* Best effort */
3365	}
3366	return gsm_modem_update(dlci, encode);
3367}
3368
3369static void gsmtty_cleanup(struct tty_struct *tty)
3370{
3371	struct gsm_dlci *dlci = tty->driver_data;
3372	struct gsm_mux *gsm = dlci->gsm;
3373
3374	dlci_put(dlci);
3375	dlci_put(gsm->dlci[0]);
3376	mux_put(gsm);
3377}
3378
3379/* Virtual ttys for the demux */
3380static const struct tty_operations gsmtty_ops = {
3381	.install		= gsmtty_install,
3382	.open			= gsmtty_open,
3383	.close			= gsmtty_close,
3384	.write			= gsmtty_write,
3385	.write_room		= gsmtty_write_room,
3386	.chars_in_buffer	= gsmtty_chars_in_buffer,
3387	.flush_buffer		= gsmtty_flush_buffer,
3388	.ioctl			= gsmtty_ioctl,
3389	.throttle		= gsmtty_throttle,
3390	.unthrottle		= gsmtty_unthrottle,
3391	.set_termios		= gsmtty_set_termios,
3392	.hangup			= gsmtty_hangup,
3393	.wait_until_sent	= gsmtty_wait_until_sent,
3394	.tiocmget		= gsmtty_tiocmget,
3395	.tiocmset		= gsmtty_tiocmset,
3396	.break_ctl		= gsmtty_break_ctl,
3397	.cleanup		= gsmtty_cleanup,
3398};
3399
3400
3401
3402static int __init gsm_init(void)
3403{
3404	/* Fill in our line protocol discipline, and register it */
3405	int status = tty_register_ldisc(&tty_ldisc_packet);
3406	if (status != 0) {
3407		pr_err("n_gsm: can't register line discipline (err = %d)\n",
3408								status);
3409		return status;
3410	}
3411
3412	gsm_tty_driver = tty_alloc_driver(256, TTY_DRIVER_REAL_RAW |
3413			TTY_DRIVER_DYNAMIC_DEV | TTY_DRIVER_HARDWARE_BREAK);
3414	if (IS_ERR(gsm_tty_driver)) {
3415		pr_err("gsm_init: tty allocation failed.\n");
3416		status = PTR_ERR(gsm_tty_driver);
3417		goto err_unreg_ldisc;
3418	}
3419	gsm_tty_driver->driver_name	= "gsmtty";
3420	gsm_tty_driver->name		= "gsmtty";
3421	gsm_tty_driver->major		= 0;	/* Dynamic */
3422	gsm_tty_driver->minor_start	= 0;
3423	gsm_tty_driver->type		= TTY_DRIVER_TYPE_SERIAL;
3424	gsm_tty_driver->subtype	= SERIAL_TYPE_NORMAL;
3425	gsm_tty_driver->init_termios	= tty_std_termios;
3426	/* Fixme */
3427	gsm_tty_driver->init_termios.c_lflag &= ~ECHO;
3428	tty_set_operations(gsm_tty_driver, &gsmtty_ops);
3429
3430	if (tty_register_driver(gsm_tty_driver)) {
3431		pr_err("gsm_init: tty registration failed.\n");
3432		status = -EBUSY;
3433		goto err_put_driver;
3434	}
3435	pr_debug("gsm_init: loaded as %d,%d.\n",
3436			gsm_tty_driver->major, gsm_tty_driver->minor_start);
3437	return 0;
3438err_put_driver:
3439	tty_driver_kref_put(gsm_tty_driver);
3440err_unreg_ldisc:
3441	tty_unregister_ldisc(&tty_ldisc_packet);
3442	return status;
3443}
3444
3445static void __exit gsm_exit(void)
3446{
3447	tty_unregister_ldisc(&tty_ldisc_packet);
3448	tty_unregister_driver(gsm_tty_driver);
3449	tty_driver_kref_put(gsm_tty_driver);
3450}
3451
3452module_init(gsm_init);
3453module_exit(gsm_exit);
3454
3455
3456MODULE_LICENSE("GPL");
3457MODULE_ALIAS_LDISC(N_GSM0710);
Configure Feed

Configure Feed
