search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hamradio: add missing sanity check to tty operation
[linux-2.6/mini2440.git] / drivers / net / hamradio / mkiss.c
blobb8e25c4624d2c2db3d6e84bb90e7b7cd55261a6e
1 /*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, write to the Free Software Foundation, Inc.,
13 * 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14 *
15 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18 */
19 #include <linux/module.h>
20 #include <asm/system.h>
21 #include <linux/bitops.h>
22 #include <asm/uaccess.h>
23 #include <linux/crc16.h>
24 #include <linux/string.h>
25 #include <linux/mm.h>
26 #include <linux/interrupt.h>
27 #include <linux/in.h>
28 #include <linux/inet.h>
29 #include <linux/tty.h>
30 #include <linux/errno.h>
31 #include <linux/netdevice.h>
32 #include <linux/major.h>
33 #include <linux/init.h>
34 #include <linux/rtnetlink.h>
35 #include <linux/etherdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/if_arp.h>
38 #include <linux/jiffies.h>
39
40 #include <net/ax25.h>
41
42 #define AX_MTU 236
43
44 /* SLIP/KISS protocol characters. */
45 #define END 0300 /* indicates end of frame */
46 #define ESC 0333 /* indicates byte stuffing */
47 #define ESC_END 0334 /* ESC ESC_END means END 'data' */
48 #define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
49
50 struct mkiss {
51 struct tty_struct *tty; /* ptr to TTY structure */
52 struct net_device *dev; /* easy for intr handling */
53
54 /* These are pointers to the malloc()ed frame buffers. */
55 spinlock_t buflock;/* lock for rbuf and xbuf */
56 unsigned char *rbuff; /* receiver buffer */
57 int rcount; /* received chars counter */
58 unsigned char *xbuff; /* transmitter buffer */
59 unsigned char *xhead; /* pointer to next byte to XMIT */
60 int xleft; /* bytes left in XMIT queue */
61
62 struct net_device_stats stats;
63
64 /* Detailed SLIP statistics. */
65 int mtu; /* Our mtu (to spot changes!) */
66 int buffsize; /* Max buffers sizes */
67
68 unsigned long flags; /* Flag values/ mode etc */
69 /* long req'd: used by set_bit --RR */
70 #define AXF_INUSE 0 /* Channel in use */
71 #define AXF_ESCAPE 1 /* ESC received */
72 #define AXF_ERROR 2 /* Parity, etc. error */
73 #define AXF_KEEPTEST 3 /* Keepalive test flag */
74 #define AXF_OUTWAIT 4 /* is outpacket was flag */
75
76 int mode;
77 int crcmode; /* MW: for FlexNet, SMACK etc. */
78 int crcauto; /* CRC auto mode */
79
80 #define CRC_MODE_NONE 0
81 #define CRC_MODE_FLEX 1
82 #define CRC_MODE_SMACK 2
83 #define CRC_MODE_FLEX_TEST 3
84 #define CRC_MODE_SMACK_TEST 4
85
86 atomic_t refcnt;
87 struct semaphore dead_sem;
88 };
89
90 /*---------------------------------------------------------------------------*/
91
92 static const unsigned short crc_flex_table[] = {
93 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
94 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
95 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
96 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
97 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
98 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
99 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
100 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
101 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
102 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
103 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
104 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
105 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
106 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
107 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
108 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
109 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
110 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
111 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
112 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
113 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
114 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
115 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
116 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
117 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
118 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
119 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
120 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
121 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
122 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
123 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
124 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
125 };
126
127 static unsigned short calc_crc_flex(unsigned char *cp, int size)
128 {
129 unsigned short crc = 0xffff;
130
131 while (size--)
132 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
133
134 return crc;
135 }
136
137 static int check_crc_flex(unsigned char *cp, int size)
138 {
139 unsigned short crc = 0xffff;
140
141 if (size < 3)
142 return -1;
143
144 while (size--)
145 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
146
147 if ((crc & 0xffff) != 0x7070)
148 return -1;
149
150 return 0;
151 }
152
153 static int check_crc_16(unsigned char *cp, int size)
154 {
155 unsigned short crc = 0x0000;
156
157 if (size < 3)
158 return -1;
159
160 crc = crc16(0, cp, size);
161
162 if (crc != 0x0000)
163 return -1;
164
165 return 0;
166 }
167
168 /*
169 * Standard encapsulation
170 */
171
172 static int kiss_esc(unsigned char *s, unsigned char *d, int len)
173 {
174 unsigned char *ptr = d;
175 unsigned char c;
176
177 /*
178 * Send an initial END character to flush out any data that may have
179 * accumulated in the receiver due to line noise.
180 */
181
182 *ptr++ = END;
183
184 while (len-- > 0) {
185 switch (c = *s++) {
186 case END:
187 *ptr++ = ESC;
188 *ptr++ = ESC_END;
189 break;
190 case ESC:
191 *ptr++ = ESC;
192 *ptr++ = ESC_ESC;
193 break;
194 default:
195 *ptr++ = c;
196 break;
197 }
198 }
199
200 *ptr++ = END;
201
202 return ptr - d;
203 }
204
205 /*
206 * MW:
207 * OK its ugly, but tell me a better solution without copying the
208 * packet to a temporary buffer :-)
209 */
210 static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
211 int len)
212 {
213 unsigned char *ptr = d;
214 unsigned char c=0;
215
216 *ptr++ = END;
217 while (len > 0) {
218 if (len > 2)
219 c = *s++;
220 else if (len > 1)
221 c = crc >> 8;
222 else if (len > 0)
223 c = crc & 0xff;
224
225 len--;
226
227 switch (c) {
228 case END:
229 *ptr++ = ESC;
230 *ptr++ = ESC_END;
231 break;
232 case ESC:
233 *ptr++ = ESC;
234 *ptr++ = ESC_ESC;
235 break;
236 default:
237 *ptr++ = c;
238 break;
239 }
240 }
241 *ptr++ = END;
242
243 return ptr - d;
244 }
245
246 /* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
247 static void ax_bump(struct mkiss *ax)
248 {
249 struct sk_buff *skb;
250 int count;
251
252 spin_lock_bh(&ax->buflock);
253 if (ax->rbuff[0] > 0x0f) {
254 if (ax->rbuff[0] & 0x80) {
255 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
256 ax->stats.rx_errors++;
257 spin_unlock_bh(&ax->buflock);
258
259 return;
260 }
261 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
262 printk(KERN_INFO
263 "mkiss: %s: Switchting to crc-smack\n",
264 ax->dev->name);
265 ax->crcmode = CRC_MODE_SMACK;
266 }
267 ax->rcount -= 2;
268 *ax->rbuff &= ~0x80;
269 } else if (ax->rbuff[0] & 0x20) {
270 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
271 ax->stats.rx_errors++;
272 spin_unlock_bh(&ax->buflock);
273 return;
274 }
275 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
276 printk(KERN_INFO
277 "mkiss: %s: Switchting to crc-flexnet\n",
278 ax->dev->name);
279 ax->crcmode = CRC_MODE_FLEX;
280 }
281 ax->rcount -= 2;
282
283 /*
284 * dl9sau bugfix: the trailling two bytes flexnet crc
285 * will not be passed to the kernel. thus we have to
286 * correct the kissparm signature, because it indicates
287 * a crc but there's none
288 */
289 *ax->rbuff &= ~0x20;
290 }
291 }
292
293 count = ax->rcount;
294
295 if ((skb = dev_alloc_skb(count)) == NULL) {
296 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
297 ax->dev->name);
298 ax->stats.rx_dropped++;
299 spin_unlock_bh(&ax->buflock);
300 return;
301 }
302
303 memcpy(skb_put(skb,count), ax->rbuff, count);
304 skb->protocol = ax25_type_trans(skb, ax->dev);
305 netif_rx(skb);
306 ax->dev->last_rx = jiffies;
307 ax->stats.rx_packets++;
308 ax->stats.rx_bytes += count;
309 spin_unlock_bh(&ax->buflock);
310 }
311
312 static void kiss_unesc(struct mkiss *ax, unsigned char s)
313 {
314 switch (s) {
315 case END:
316 /* drop keeptest bit = VSV */
317 if (test_bit(AXF_KEEPTEST, &ax->flags))
318 clear_bit(AXF_KEEPTEST, &ax->flags);
319
320 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
321 ax_bump(ax);
322
323 clear_bit(AXF_ESCAPE, &ax->flags);
324 ax->rcount = 0;
325 return;
326
327 case ESC:
328 set_bit(AXF_ESCAPE, &ax->flags);
329 return;
330 case ESC_ESC:
331 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
332 s = ESC;
333 break;
334 case ESC_END:
335 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
336 s = END;
337 break;
338 }
339
340 spin_lock_bh(&ax->buflock);
341 if (!test_bit(AXF_ERROR, &ax->flags)) {
342 if (ax->rcount < ax->buffsize) {
343 ax->rbuff[ax->rcount++] = s;
344 spin_unlock_bh(&ax->buflock);
345 return;
346 }
347
348 ax->stats.rx_over_errors++;
349 set_bit(AXF_ERROR, &ax->flags);
350 }
351 spin_unlock_bh(&ax->buflock);
352 }
353
354 static int ax_set_mac_address(struct net_device *dev, void *addr)
355 {
356 struct sockaddr_ax25 *sa = addr;
357
358 netif_tx_lock_bh(dev);
359 netif_addr_lock(dev);
360 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
361 netif_addr_unlock(dev);
362 netif_tx_unlock_bh(dev);
363
364 return 0;
365 }
366
367 /*---------------------------------------------------------------------------*/
368
369 static void ax_changedmtu(struct mkiss *ax)
370 {
371 struct net_device *dev = ax->dev;
372 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
373 int len;
374
375 len = dev->mtu * 2;
376
377 /*
378 * allow for arrival of larger UDP packets, even if we say not to
379 * also fixes a bug in which SunOS sends 512-byte packets even with
380 * an MSS of 128
381 */
382 if (len < 576 * 2)
383 len = 576 * 2;
384
385 xbuff = kmalloc(len + 4, GFP_ATOMIC);
386 rbuff = kmalloc(len + 4, GFP_ATOMIC);
387
388 if (xbuff == NULL || rbuff == NULL) {
389 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
390 "MTU change cancelled.\n",
391 ax->dev->name);
392 dev->mtu = ax->mtu;
393 kfree(xbuff);
394 kfree(rbuff);
395 return;
396 }
397
398 spin_lock_bh(&ax->buflock);
399
400 oxbuff = ax->xbuff;
401 ax->xbuff = xbuff;
402 orbuff = ax->rbuff;
403 ax->rbuff = rbuff;
404
405 if (ax->xleft) {
406 if (ax->xleft <= len) {
407 memcpy(ax->xbuff, ax->xhead, ax->xleft);
408 } else {
409 ax->xleft = 0;
410 ax->stats.tx_dropped++;
411 }
412 }
413
414 ax->xhead = ax->xbuff;
415
416 if (ax->rcount) {
417 if (ax->rcount <= len) {
418 memcpy(ax->rbuff, orbuff, ax->rcount);
419 } else {
420 ax->rcount = 0;
421 ax->stats.rx_over_errors++;
422 set_bit(AXF_ERROR, &ax->flags);
423 }
424 }
425
426 ax->mtu = dev->mtu + 73;
427 ax->buffsize = len;
428
429 spin_unlock_bh(&ax->buflock);
430
431 kfree(oxbuff);
432 kfree(orbuff);
433 }
434
435 /* Encapsulate one AX.25 packet and stuff into a TTY queue. */
436 static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
437 {
438 struct mkiss *ax = netdev_priv(dev);
439 unsigned char *p;
440 int actual, count;
441
442 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
443 ax_changedmtu(ax);
444
445 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
446 len = ax->mtu;
447 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
448 ax->stats.tx_dropped++;
449 netif_start_queue(dev);
450 return;
451 }
452
453 p = icp;
454
455 spin_lock_bh(&ax->buflock);
456 if ((*p & 0x0f) != 0) {
457 /* Configuration Command (kissparms(1).
458 * Protocol spec says: never append CRC.
459 * This fixes a very old bug in the linux
460 * kiss driver. -- dl9sau */
461 switch (*p & 0xff) {
462 case 0x85:
463 /* command from userspace especially for us,
464 * not for delivery to the tnc */
465 if (len > 1) {
466 int cmd = (p[1] & 0xff);
467 switch(cmd) {
468 case 3:
469 ax->crcmode = CRC_MODE_SMACK;
470 break;
471 case 2:
472 ax->crcmode = CRC_MODE_FLEX;
473 break;
474 case 1:
475 ax->crcmode = CRC_MODE_NONE;
476 break;
477 case 0:
478 default:
479 ax->crcmode = CRC_MODE_SMACK_TEST;
480 cmd = 0;
481 }
482 ax->crcauto = (cmd ? 0 : 1);
483 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
484 }
485 spin_unlock_bh(&ax->buflock);
486 netif_start_queue(dev);
487
488 return;
489 default:
490 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
491 }
492 } else {
493 unsigned short crc;
494 switch (ax->crcmode) {
495 case CRC_MODE_SMACK_TEST:
496 ax->crcmode = CRC_MODE_FLEX_TEST;
497 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
498 // fall through
499 case CRC_MODE_SMACK:
500 *p |= 0x80;
501 crc = swab16(crc16(0, p, len));
502 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
503 break;
504 case CRC_MODE_FLEX_TEST:
505 ax->crcmode = CRC_MODE_NONE;
506 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
507 // fall through
508 case CRC_MODE_FLEX:
509 *p |= 0x20;
510 crc = calc_crc_flex(p, len);
511 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
512 break;
513
514 default:
515 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
516 }
517 }
518 spin_unlock_bh(&ax->buflock);
519
520 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
521 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
522 ax->stats.tx_packets++;
523 ax->stats.tx_bytes += actual;
524
525 ax->dev->trans_start = jiffies;
526 ax->xleft = count - actual;
527 ax->xhead = ax->xbuff + actual;
528 }
529
530 /* Encapsulate an AX.25 packet and kick it into a TTY queue. */
531 static int ax_xmit(struct sk_buff *skb, struct net_device *dev)
532 {
533 struct mkiss *ax = netdev_priv(dev);
534
535 if (!netif_running(dev)) {
536 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
537 return 1;
538 }
539
540 if (netif_queue_stopped(dev)) {
541 /*
542 * May be we must check transmitter timeout here ?
543 * 14 Oct 1994 Dmitry Gorodchanin.
544 */
545 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
546 /* 20 sec timeout not reached */
547 return 1;
548 }
549
550 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
551 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
552 "bad line quality" : "driver error");
553
554 ax->xleft = 0;
555 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
556 netif_start_queue(dev);
557 }
558
559 /* We were not busy, so we are now... :-) */
560 if (skb != NULL) {
561 netif_stop_queue(dev);
562 ax_encaps(dev, skb->data, skb->len);
563 kfree_skb(skb);
564 }
565
566 return 0;
567 }
568
569 static int ax_open_dev(struct net_device *dev)
570 {
571 struct mkiss *ax = netdev_priv(dev);
572
573 if (ax->tty == NULL)
574 return -ENODEV;
575
576 return 0;
577 }
578
579 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
580
581 /* Return the frame type ID */
582 static int ax_header(struct sk_buff *skb, struct net_device *dev,
583 unsigned short type, const void *daddr,
584 const void *saddr, unsigned len)
585 {
586 #ifdef CONFIG_INET
587 if (type != ETH_P_AX25)
588 return ax25_hard_header(skb, dev, type, daddr, saddr, len);
589 #endif
590 return 0;
591 }
592
593
594 static int ax_rebuild_header(struct sk_buff *skb)
595 {
596 #ifdef CONFIG_INET
597 return ax25_rebuild_header(skb);
598 #else
599 return 0;
600 #endif
601 }
602
603 #endif /* CONFIG_{AX25,AX25_MODULE} */
604
605 /* Open the low-level part of the AX25 channel. Easy! */
606 static int ax_open(struct net_device *dev)
607 {
608 struct mkiss *ax = netdev_priv(dev);
609 unsigned long len;
610
611 if (ax->tty == NULL)
612 return -ENODEV;
613
614 /*
615 * Allocate the frame buffers:
616 *
617 * rbuff Receive buffer.
618 * xbuff Transmit buffer.
619 */
620 len = dev->mtu * 2;
621
622 /*
623 * allow for arrival of larger UDP packets, even if we say not to
624 * also fixes a bug in which SunOS sends 512-byte packets even with
625 * an MSS of 128
626 */
627 if (len < 576 * 2)
628 len = 576 * 2;
629
630 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
631 goto norbuff;
632
633 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
634 goto noxbuff;
635
636 ax->mtu = dev->mtu + 73;
637 ax->buffsize = len;
638 ax->rcount = 0;
639 ax->xleft = 0;
640
641 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
642
643 spin_lock_init(&ax->buflock);
644
645 return 0;
646
647 noxbuff:
648 kfree(ax->rbuff);
649
650 norbuff:
651 return -ENOMEM;
652 }
653
654
655 /* Close the low-level part of the AX25 channel. Easy! */
656 static int ax_close(struct net_device *dev)
657 {
658 struct mkiss *ax = netdev_priv(dev);
659
660 if (ax->tty)
661 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
662
663 netif_stop_queue(dev);
664
665 return 0;
666 }
667
668 static struct net_device_stats *ax_get_stats(struct net_device *dev)
669 {
670 struct mkiss *ax = netdev_priv(dev);
671
672 return &ax->stats;
673 }
674
675 static const struct header_ops ax_header_ops = {
676 .create = ax_header,
677 .rebuild = ax_rebuild_header,
678 };
679
680 static void ax_setup(struct net_device *dev)
681 {
682 /* Finish setting up the DEVICE info. */
683 dev->mtu = AX_MTU;
684 dev->hard_start_xmit = ax_xmit;
685 dev->open = ax_open_dev;
686 dev->stop = ax_close;
687 dev->get_stats = ax_get_stats;
688 dev->set_mac_address = ax_set_mac_address;
689 dev->hard_header_len = 0;
690 dev->addr_len = 0;
691 dev->type = ARPHRD_AX25;
692 dev->tx_queue_len = 10;
693 dev->header_ops = &ax_header_ops;
694
695
696 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
697 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
698
699 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
700 }
701
702 /*
703 * We have a potential race on dereferencing tty->disc_data, because the tty
704 * layer provides no locking at all - thus one cpu could be running
705 * sixpack_receive_buf while another calls sixpack_close, which zeroes
706 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
707 * best way to fix this is to use a rwlock in the tty struct, but for now we
708 * use a single global rwlock for all ttys in ppp line discipline.
709 */
710 static DEFINE_RWLOCK(disc_data_lock);
711
712 static struct mkiss *mkiss_get(struct tty_struct *tty)
713 {
714 struct mkiss *ax;
715
716 read_lock(&disc_data_lock);
717 ax = tty->disc_data;
718 if (ax)
719 atomic_inc(&ax->refcnt);
720 read_unlock(&disc_data_lock);
721
722 return ax;
723 }
724
725 static void mkiss_put(struct mkiss *ax)
726 {
727 if (atomic_dec_and_test(&ax->refcnt))
728 up(&ax->dead_sem);
729 }
730
731 static int crc_force = 0; /* Can be overridden with insmod */
732
733 static int mkiss_open(struct tty_struct *tty)
734 {
735 struct net_device *dev;
736 struct mkiss *ax;
737 int err;
738
739 if (!capable(CAP_NET_ADMIN))
740 return -EPERM;
741 if (tty->ops->write == NULL)
742 return -EOPNOTSUPP;
743
744 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
745 if (!dev) {
746 err = -ENOMEM;
747 goto out;
748 }
749
750 ax = netdev_priv(dev);
751 ax->dev = dev;
752
753 spin_lock_init(&ax->buflock);
754 atomic_set(&ax->refcnt, 1);
755 init_MUTEX_LOCKED(&ax->dead_sem);
756
757 ax->tty = tty;
758 tty->disc_data = ax;
759 tty->receive_room = 65535;
760
761 tty_driver_flush_buffer(tty);
762
763 /* Restore default settings */
764 dev->type = ARPHRD_AX25;
765
766 /* Perform the low-level AX25 initialization. */
767 if ((err = ax_open(ax->dev))) {
768 goto out_free_netdev;
769 }
770
771 if (register_netdev(dev))
772 goto out_free_buffers;
773
774 /* after register_netdev() - because else printk smashes the kernel */
775 switch (crc_force) {
776 case 3:
777 ax->crcmode = CRC_MODE_SMACK;
778 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
779 ax->dev->name);
780 break;
781 case 2:
782 ax->crcmode = CRC_MODE_FLEX;
783 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
784 ax->dev->name);
785 break;
786 case 1:
787 ax->crcmode = CRC_MODE_NONE;
788 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
789 ax->dev->name);
790 break;
791 case 0:
792 /* fall through */
793 default:
794 crc_force = 0;
795 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
796 ax->dev->name);
797 ax->crcmode = CRC_MODE_SMACK_TEST;
798 }
799 ax->crcauto = (crc_force ? 0 : 1);
800
801 netif_start_queue(dev);
802
803 /* Done. We have linked the TTY line to a channel. */
804 return 0;
805
806 out_free_buffers:
807 kfree(ax->rbuff);
808 kfree(ax->xbuff);
809
810 out_free_netdev:
811 free_netdev(dev);
812
813 out:
814 return err;
815 }
816
817 static void mkiss_close(struct tty_struct *tty)
818 {
819 struct mkiss *ax;
820
821 write_lock(&disc_data_lock);
822 ax = tty->disc_data;
823 tty->disc_data = NULL;
824 write_unlock(&disc_data_lock);
825
826 if (!ax)
827 return;
828
829 /*
830 * We have now ensured that nobody can start using ap from now on, but
831 * we have to wait for all existing users to finish.
832 */
833 if (!atomic_dec_and_test(&ax->refcnt))
834 down(&ax->dead_sem);
835
836 unregister_netdev(ax->dev);
837
838 /* Free all AX25 frame buffers. */
839 kfree(ax->rbuff);
840 kfree(ax->xbuff);
841
842 ax->tty = NULL;
843 }
844
845 /* Perform I/O control on an active ax25 channel. */
846 static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
847 unsigned int cmd, unsigned long arg)
848 {
849 struct mkiss *ax = mkiss_get(tty);
850 struct net_device *dev = ax->dev;
851 unsigned int tmp, err;
852
853 /* First make sure we're connected. */
854 if (ax == NULL)
855 return -ENXIO;
856
857 switch (cmd) {
858 case SIOCGIFNAME:
859 err = copy_to_user((void __user *) arg, ax->dev->name,
860 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
861 break;
862
863 case SIOCGIFENCAP:
864 err = put_user(4, (int __user *) arg);
865 break;
866
867 case SIOCSIFENCAP:
868 if (get_user(tmp, (int __user *) arg)) {
869 err = -EFAULT;
870 break;
871 }
872
873 ax->mode = tmp;
874 dev->addr_len = AX25_ADDR_LEN;
875 dev->hard_header_len = AX25_KISS_HEADER_LEN +
876 AX25_MAX_HEADER_LEN + 3;
877 dev->type = ARPHRD_AX25;
878
879 err = 0;
880 break;
881
882 case SIOCSIFHWADDR: {
883 char addr[AX25_ADDR_LEN];
884
885 if (copy_from_user(&addr,
886 (void __user *) arg, AX25_ADDR_LEN)) {
887 err = -EFAULT;
888 break;
889 }
890
891 netif_tx_lock_bh(dev);
892 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
893 netif_tx_unlock_bh(dev);
894
895 err = 0;
896 break;
897 }
898 default:
899 err = -ENOIOCTLCMD;
900 }
901
902 mkiss_put(ax);
903
904 return err;
905 }
906
907 /*
908 * Handle the 'receiver data ready' interrupt.
909 * This function is called by the 'tty_io' module in the kernel when
910 * a block of data has been received, which can now be decapsulated
911 * and sent on to the AX.25 layer for further processing.
912 */
913 static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
914 char *fp, int count)
915 {
916 struct mkiss *ax = mkiss_get(tty);
917
918 if (!ax)
919 return;
920
921 /*
922 * Argh! mtu change time! - costs us the packet part received
923 * at the change
924 */
925 if (ax->mtu != ax->dev->mtu + 73)
926 ax_changedmtu(ax);
927
928 /* Read the characters out of the buffer */
929 while (count--) {
930 if (fp != NULL && *fp++) {
931 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
932 ax->stats.rx_errors++;
933 cp++;
934 continue;
935 }
936
937 kiss_unesc(ax, *cp++);
938 }
939
940 mkiss_put(ax);
941 tty_unthrottle(tty);
942 }
943
944 /*
945 * Called by the driver when there's room for more data. If we have
946 * more packets to send, we send them here.
947 */
948 static void mkiss_write_wakeup(struct tty_struct *tty)
949 {
950 struct mkiss *ax = mkiss_get(tty);
951 int actual;
952
953 if (!ax)
954 return;
955
956 if (ax->xleft <= 0) {
957 /* Now serial buffer is almost free & we can start
958 * transmission of another packet
959 */
960 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
961
962 netif_wake_queue(ax->dev);
963 goto out;
964 }
965
966 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
967 ax->xleft -= actual;
968 ax->xhead += actual;
969
970 out:
971 mkiss_put(ax);
972 }
973
974 static struct tty_ldisc_ops ax_ldisc = {
975 .owner = THIS_MODULE,
976 .magic = TTY_LDISC_MAGIC,
977 .name = "mkiss",
978 .open = mkiss_open,
979 .close = mkiss_close,
980 .ioctl = mkiss_ioctl,
981 .receive_buf = mkiss_receive_buf,
982 .write_wakeup = mkiss_write_wakeup
983 };
984
985 static char banner[] __initdata = KERN_INFO \
986 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
987 static char msg_regfail[] __initdata = KERN_ERR \
988 "mkiss: can't register line discipline (err = %d)\n";
989
990 static int __init mkiss_init_driver(void)
991 {
992 int status;
993
994 printk(banner);
995
996 if ((status = tty_register_ldisc(N_AX25, &ax_ldisc)) != 0)
997 printk(msg_regfail);
998
999 return status;
1000 }
1001
1002 static const char msg_unregfail[] __exitdata = KERN_ERR \
1003 "mkiss: can't unregister line discipline (err = %d)\n";
1004
1005 static void __exit mkiss_exit_driver(void)
1006 {
1007 int ret;
1008
1009 if ((ret = tty_unregister_ldisc(N_AX25)))
1010 printk(msg_unregfail, ret);
1011 }
1012
1013 MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1014 MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1015 module_param(crc_force, int, 0);
1016 MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1017 MODULE_LICENSE("GPL");
1018 MODULE_ALIAS_LDISC(N_AX25);
1019
1020 module_init(mkiss_init_driver);
1021 module_exit(mkiss_exit_driver);
Support for the Chinese Samsung S3C2440 based development boards