1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * PPP async serial channel driver for Linux. |
4 | * |
5 | * Copyright 1999 Paul Mackerras. |
6 | * |
7 | * This driver provides the encapsulation and framing for sending |
8 | * and receiving PPP frames over async serial lines. It relies on |
9 | * the generic PPP layer to give it frames to send and to process |
10 | * received frames. It implements the PPP line discipline. |
11 | * |
12 | * Part of the code in this driver was inspired by the old async-only |
13 | * PPP driver, written by Michael Callahan and Al Longyear, and |
14 | * subsequently hacked by Paul Mackerras. |
15 | */ |
16 | |
17 | #include <linux/module.h> |
18 | #include <linux/kernel.h> |
19 | #include <linux/skbuff.h> |
20 | #include <linux/tty.h> |
21 | #include <linux/netdevice.h> |
22 | #include <linux/poll.h> |
23 | #include <linux/crc-ccitt.h> |
24 | #include <linux/ppp_defs.h> |
25 | #include <linux/ppp-ioctl.h> |
26 | #include <linux/ppp_channel.h> |
27 | #include <linux/spinlock.h> |
28 | #include <linux/init.h> |
29 | #include <linux/interrupt.h> |
30 | #include <linux/jiffies.h> |
31 | #include <linux/slab.h> |
32 | #include <asm/unaligned.h> |
33 | #include <linux/uaccess.h> |
34 | #include <asm/string.h> |
35 | |
36 | #define PPP_VERSION "2.4.2" |
37 | |
38 | #define OBUFSIZE 4096 |
39 | |
40 | /* Structure for storing local state. */ |
41 | struct asyncppp { |
42 | struct tty_struct *tty; |
43 | unsigned int flags; |
44 | unsigned int state; |
45 | unsigned int rbits; |
46 | int mru; |
47 | spinlock_t xmit_lock; |
48 | spinlock_t recv_lock; |
49 | unsigned long xmit_flags; |
50 | u32 xaccm[8]; |
51 | u32 raccm; |
52 | unsigned int bytes_sent; |
53 | unsigned int bytes_rcvd; |
54 | |
55 | struct sk_buff *tpkt; |
56 | int tpkt_pos; |
57 | u16 tfcs; |
58 | unsigned char *optr; |
59 | unsigned char *olim; |
60 | unsigned long last_xmit; |
61 | |
62 | struct sk_buff *rpkt; |
63 | int lcp_fcs; |
64 | struct sk_buff_head rqueue; |
65 | |
66 | struct tasklet_struct tsk; |
67 | |
68 | refcount_t refcnt; |
69 | struct completion dead; |
70 | struct ppp_channel chan; /* interface to generic ppp layer */ |
71 | unsigned char obuf[OBUFSIZE]; |
72 | }; |
73 | |
74 | /* Bit numbers in xmit_flags */ |
75 | #define XMIT_WAKEUP 0 |
76 | #define XMIT_FULL 1 |
77 | #define XMIT_BUSY 2 |
78 | |
79 | /* State bits */ |
80 | #define SC_TOSS 1 |
81 | #define SC_ESCAPE 2 |
82 | #define SC_PREV_ERROR 4 |
83 | |
84 | /* Bits in rbits */ |
85 | #define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP) |
86 | |
87 | static int flag_time = HZ; |
88 | module_param(flag_time, int, 0); |
89 | MODULE_PARM_DESC(flag_time, "ppp_async: interval between flagged packets (in clock ticks)" ); |
90 | MODULE_DESCRIPTION("PPP async serial channel module" ); |
91 | MODULE_LICENSE("GPL" ); |
92 | MODULE_ALIAS_LDISC(N_PPP); |
93 | |
94 | /* |
95 | * Prototypes. |
96 | */ |
97 | static int ppp_async_encode(struct asyncppp *ap); |
98 | static int ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb); |
99 | static int ppp_async_push(struct asyncppp *ap); |
100 | static void ppp_async_flush_output(struct asyncppp *ap); |
101 | static void ppp_async_input(struct asyncppp *ap, const unsigned char *buf, |
102 | const u8 *flags, int count); |
103 | static int ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd, |
104 | unsigned long arg); |
105 | static void ppp_async_process(struct tasklet_struct *t); |
106 | |
107 | static void async_lcp_peek(struct asyncppp *ap, unsigned char *data, |
108 | int len, int inbound); |
109 | |
110 | static const struct ppp_channel_ops async_ops = { |
111 | .start_xmit = ppp_async_send, |
112 | .ioctl = ppp_async_ioctl, |
113 | }; |
114 | |
115 | /* |
116 | * Routines implementing the PPP line discipline. |
117 | */ |
118 | |
119 | /* |
120 | * We have a potential race on dereferencing tty->disc_data, |
121 | * because the tty layer provides no locking at all - thus one |
122 | * cpu could be running ppp_asynctty_receive while another |
123 | * calls ppp_asynctty_close, which zeroes tty->disc_data and |
124 | * frees the memory that ppp_asynctty_receive is using. The best |
125 | * way to fix this is to use a rwlock in the tty struct, but for now |
126 | * we use a single global rwlock for all ttys in ppp line discipline. |
127 | * |
128 | * FIXME: this is no longer true. The _close path for the ldisc is |
129 | * now guaranteed to be sane. |
130 | */ |
131 | static DEFINE_RWLOCK(disc_data_lock); |
132 | |
133 | static struct asyncppp *ap_get(struct tty_struct *tty) |
134 | { |
135 | struct asyncppp *ap; |
136 | |
137 | read_lock(&disc_data_lock); |
138 | ap = tty->disc_data; |
139 | if (ap != NULL) |
140 | refcount_inc(r: &ap->refcnt); |
141 | read_unlock(&disc_data_lock); |
142 | return ap; |
143 | } |
144 | |
145 | static void ap_put(struct asyncppp *ap) |
146 | { |
147 | if (refcount_dec_and_test(r: &ap->refcnt)) |
148 | complete(&ap->dead); |
149 | } |
150 | |
151 | /* |
152 | * Called when a tty is put into PPP line discipline. Called in process |
153 | * context. |
154 | */ |
155 | static int |
156 | ppp_asynctty_open(struct tty_struct *tty) |
157 | { |
158 | struct asyncppp *ap; |
159 | int err; |
160 | int speed; |
161 | |
162 | if (tty->ops->write == NULL) |
163 | return -EOPNOTSUPP; |
164 | |
165 | err = -ENOMEM; |
166 | ap = kzalloc(size: sizeof(*ap), GFP_KERNEL); |
167 | if (!ap) |
168 | goto out; |
169 | |
170 | /* initialize the asyncppp structure */ |
171 | ap->tty = tty; |
172 | ap->mru = PPP_MRU; |
173 | spin_lock_init(&ap->xmit_lock); |
174 | spin_lock_init(&ap->recv_lock); |
175 | ap->xaccm[0] = ~0U; |
176 | ap->xaccm[3] = 0x60000000U; |
177 | ap->raccm = ~0U; |
178 | ap->optr = ap->obuf; |
179 | ap->olim = ap->obuf; |
180 | ap->lcp_fcs = -1; |
181 | |
182 | skb_queue_head_init(list: &ap->rqueue); |
183 | tasklet_setup(t: &ap->tsk, callback: ppp_async_process); |
184 | |
185 | refcount_set(r: &ap->refcnt, n: 1); |
186 | init_completion(x: &ap->dead); |
187 | |
188 | ap->chan.private = ap; |
189 | ap->chan.ops = &async_ops; |
190 | ap->chan.mtu = PPP_MRU; |
191 | speed = tty_get_baud_rate(tty); |
192 | ap->chan.speed = speed; |
193 | err = ppp_register_channel(&ap->chan); |
194 | if (err) |
195 | goto out_free; |
196 | |
197 | tty->disc_data = ap; |
198 | tty->receive_room = 65536; |
199 | return 0; |
200 | |
201 | out_free: |
202 | kfree(objp: ap); |
203 | out: |
204 | return err; |
205 | } |
206 | |
207 | /* |
208 | * Called when the tty is put into another line discipline |
209 | * or it hangs up. We have to wait for any cpu currently |
210 | * executing in any of the other ppp_asynctty_* routines to |
211 | * finish before we can call ppp_unregister_channel and free |
212 | * the asyncppp struct. This routine must be called from |
213 | * process context, not interrupt or softirq context. |
214 | */ |
215 | static void |
216 | ppp_asynctty_close(struct tty_struct *tty) |
217 | { |
218 | struct asyncppp *ap; |
219 | |
220 | write_lock_irq(&disc_data_lock); |
221 | ap = tty->disc_data; |
222 | tty->disc_data = NULL; |
223 | write_unlock_irq(&disc_data_lock); |
224 | if (!ap) |
225 | return; |
226 | |
227 | /* |
228 | * We have now ensured that nobody can start using ap from now |
229 | * on, but we have to wait for all existing users to finish. |
230 | * Note that ppp_unregister_channel ensures that no calls to |
231 | * our channel ops (i.e. ppp_async_send/ioctl) are in progress |
232 | * by the time it returns. |
233 | */ |
234 | if (!refcount_dec_and_test(r: &ap->refcnt)) |
235 | wait_for_completion(&ap->dead); |
236 | tasklet_kill(t: &ap->tsk); |
237 | |
238 | ppp_unregister_channel(&ap->chan); |
239 | kfree_skb(skb: ap->rpkt); |
240 | skb_queue_purge(list: &ap->rqueue); |
241 | kfree_skb(skb: ap->tpkt); |
242 | kfree(objp: ap); |
243 | } |
244 | |
245 | /* |
246 | * Called on tty hangup in process context. |
247 | * |
248 | * Wait for I/O to driver to complete and unregister PPP channel. |
249 | * This is already done by the close routine, so just call that. |
250 | */ |
251 | static void ppp_asynctty_hangup(struct tty_struct *tty) |
252 | { |
253 | ppp_asynctty_close(tty); |
254 | } |
255 | |
256 | /* |
257 | * Read does nothing - no data is ever available this way. |
258 | * Pppd reads and writes packets via /dev/ppp instead. |
259 | */ |
260 | static ssize_t |
261 | ppp_asynctty_read(struct tty_struct *tty, struct file *file, u8 *buf, |
262 | size_t count, void **cookie, unsigned long offset) |
263 | { |
264 | return -EAGAIN; |
265 | } |
266 | |
267 | /* |
268 | * Write on the tty does nothing, the packets all come in |
269 | * from the ppp generic stuff. |
270 | */ |
271 | static ssize_t |
272 | ppp_asynctty_write(struct tty_struct *tty, struct file *file, const u8 *buf, |
273 | size_t count) |
274 | { |
275 | return -EAGAIN; |
276 | } |
277 | |
278 | /* |
279 | * Called in process context only. May be re-entered by multiple |
280 | * ioctl calling threads. |
281 | */ |
282 | |
283 | static int |
284 | ppp_asynctty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) |
285 | { |
286 | struct asyncppp *ap = ap_get(tty); |
287 | int err, val; |
288 | int __user *p = (int __user *)arg; |
289 | |
290 | if (!ap) |
291 | return -ENXIO; |
292 | err = -EFAULT; |
293 | switch (cmd) { |
294 | case PPPIOCGCHAN: |
295 | err = -EFAULT; |
296 | if (put_user(ppp_channel_index(&ap->chan), p)) |
297 | break; |
298 | err = 0; |
299 | break; |
300 | |
301 | case PPPIOCGUNIT: |
302 | err = -EFAULT; |
303 | if (put_user(ppp_unit_number(&ap->chan), p)) |
304 | break; |
305 | err = 0; |
306 | break; |
307 | |
308 | case TCFLSH: |
309 | /* flush our buffers and the serial port's buffer */ |
310 | if (arg == TCIOFLUSH || arg == TCOFLUSH) |
311 | ppp_async_flush_output(ap); |
312 | err = n_tty_ioctl_helper(tty, cmd, arg); |
313 | break; |
314 | |
315 | case FIONREAD: |
316 | val = 0; |
317 | if (put_user(val, p)) |
318 | break; |
319 | err = 0; |
320 | break; |
321 | |
322 | default: |
323 | /* Try the various mode ioctls */ |
324 | err = tty_mode_ioctl(tty, cmd, arg); |
325 | } |
326 | |
327 | ap_put(ap); |
328 | return err; |
329 | } |
330 | |
331 | /* May sleep, don't call from interrupt level or with interrupts disabled */ |
332 | static void |
333 | ppp_asynctty_receive(struct tty_struct *tty, const u8 *buf, const u8 *cflags, |
334 | size_t count) |
335 | { |
336 | struct asyncppp *ap = ap_get(tty); |
337 | unsigned long flags; |
338 | |
339 | if (!ap) |
340 | return; |
341 | spin_lock_irqsave(&ap->recv_lock, flags); |
342 | ppp_async_input(ap, buf, flags: cflags, count); |
343 | spin_unlock_irqrestore(lock: &ap->recv_lock, flags); |
344 | if (!skb_queue_empty(list: &ap->rqueue)) |
345 | tasklet_schedule(t: &ap->tsk); |
346 | ap_put(ap); |
347 | tty_unthrottle(tty); |
348 | } |
349 | |
350 | static void |
351 | ppp_asynctty_wakeup(struct tty_struct *tty) |
352 | { |
353 | struct asyncppp *ap = ap_get(tty); |
354 | |
355 | clear_bit(TTY_DO_WRITE_WAKEUP, addr: &tty->flags); |
356 | if (!ap) |
357 | return; |
358 | set_bit(XMIT_WAKEUP, addr: &ap->xmit_flags); |
359 | tasklet_schedule(t: &ap->tsk); |
360 | ap_put(ap); |
361 | } |
362 | |
363 | |
364 | static struct tty_ldisc_ops ppp_ldisc = { |
365 | .owner = THIS_MODULE, |
366 | .num = N_PPP, |
367 | .name = "ppp" , |
368 | .open = ppp_asynctty_open, |
369 | .close = ppp_asynctty_close, |
370 | .hangup = ppp_asynctty_hangup, |
371 | .read = ppp_asynctty_read, |
372 | .write = ppp_asynctty_write, |
373 | .ioctl = ppp_asynctty_ioctl, |
374 | .receive_buf = ppp_asynctty_receive, |
375 | .write_wakeup = ppp_asynctty_wakeup, |
376 | }; |
377 | |
378 | static int __init |
379 | ppp_async_init(void) |
380 | { |
381 | int err; |
382 | |
383 | err = tty_register_ldisc(new_ldisc: &ppp_ldisc); |
384 | if (err != 0) |
385 | printk(KERN_ERR "PPP_async: error %d registering line disc.\n" , |
386 | err); |
387 | return err; |
388 | } |
389 | |
390 | /* |
391 | * The following routines provide the PPP channel interface. |
392 | */ |
393 | static int |
394 | ppp_async_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg) |
395 | { |
396 | struct asyncppp *ap = chan->private; |
397 | void __user *argp = (void __user *)arg; |
398 | int __user *p = argp; |
399 | int err, val; |
400 | u32 accm[8]; |
401 | |
402 | err = -EFAULT; |
403 | switch (cmd) { |
404 | case PPPIOCGFLAGS: |
405 | val = ap->flags | ap->rbits; |
406 | if (put_user(val, p)) |
407 | break; |
408 | err = 0; |
409 | break; |
410 | case PPPIOCSFLAGS: |
411 | if (get_user(val, p)) |
412 | break; |
413 | ap->flags = val & ~SC_RCV_BITS; |
414 | spin_lock_irq(lock: &ap->recv_lock); |
415 | ap->rbits = val & SC_RCV_BITS; |
416 | spin_unlock_irq(lock: &ap->recv_lock); |
417 | err = 0; |
418 | break; |
419 | |
420 | case PPPIOCGASYNCMAP: |
421 | if (put_user(ap->xaccm[0], (u32 __user *)argp)) |
422 | break; |
423 | err = 0; |
424 | break; |
425 | case PPPIOCSASYNCMAP: |
426 | if (get_user(ap->xaccm[0], (u32 __user *)argp)) |
427 | break; |
428 | err = 0; |
429 | break; |
430 | |
431 | case PPPIOCGRASYNCMAP: |
432 | if (put_user(ap->raccm, (u32 __user *)argp)) |
433 | break; |
434 | err = 0; |
435 | break; |
436 | case PPPIOCSRASYNCMAP: |
437 | if (get_user(ap->raccm, (u32 __user *)argp)) |
438 | break; |
439 | err = 0; |
440 | break; |
441 | |
442 | case PPPIOCGXASYNCMAP: |
443 | if (copy_to_user(to: argp, from: ap->xaccm, n: sizeof(ap->xaccm))) |
444 | break; |
445 | err = 0; |
446 | break; |
447 | case PPPIOCSXASYNCMAP: |
448 | if (copy_from_user(to: accm, from: argp, n: sizeof(accm))) |
449 | break; |
450 | accm[2] &= ~0x40000000U; /* can't escape 0x5e */ |
451 | accm[3] |= 0x60000000U; /* must escape 0x7d, 0x7e */ |
452 | memcpy(ap->xaccm, accm, sizeof(ap->xaccm)); |
453 | err = 0; |
454 | break; |
455 | |
456 | case PPPIOCGMRU: |
457 | if (put_user(ap->mru, p)) |
458 | break; |
459 | err = 0; |
460 | break; |
461 | case PPPIOCSMRU: |
462 | if (get_user(val, p)) |
463 | break; |
464 | if (val > U16_MAX) { |
465 | err = -EINVAL; |
466 | break; |
467 | } |
468 | if (val < PPP_MRU) |
469 | val = PPP_MRU; |
470 | ap->mru = val; |
471 | err = 0; |
472 | break; |
473 | |
474 | default: |
475 | err = -ENOTTY; |
476 | } |
477 | |
478 | return err; |
479 | } |
480 | |
481 | /* |
482 | * This is called at softirq level to deliver received packets |
483 | * to the ppp_generic code, and to tell the ppp_generic code |
484 | * if we can accept more output now. |
485 | */ |
486 | static void ppp_async_process(struct tasklet_struct *t) |
487 | { |
488 | struct asyncppp *ap = from_tasklet(ap, t, tsk); |
489 | struct sk_buff *skb; |
490 | |
491 | /* process received packets */ |
492 | while ((skb = skb_dequeue(list: &ap->rqueue)) != NULL) { |
493 | if (skb->cb[0]) |
494 | ppp_input_error(&ap->chan, code: 0); |
495 | ppp_input(&ap->chan, skb); |
496 | } |
497 | |
498 | /* try to push more stuff out */ |
499 | if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_async_push(ap)) |
500 | ppp_output_wakeup(&ap->chan); |
501 | } |
502 | |
503 | /* |
504 | * Procedures for encapsulation and framing. |
505 | */ |
506 | |
507 | /* |
508 | * Procedure to encode the data for async serial transmission. |
509 | * Does octet stuffing (escaping), puts the address/control bytes |
510 | * on if A/C compression is disabled, and does protocol compression. |
511 | * Assumes ap->tpkt != 0 on entry. |
512 | * Returns 1 if we finished the current frame, 0 otherwise. |
513 | */ |
514 | |
515 | #define PUT_BYTE(ap, buf, c, islcp) do { \ |
516 | if ((islcp && c < 0x20) || (ap->xaccm[c >> 5] & (1 << (c & 0x1f)))) {\ |
517 | *buf++ = PPP_ESCAPE; \ |
518 | *buf++ = c ^ PPP_TRANS; \ |
519 | } else \ |
520 | *buf++ = c; \ |
521 | } while (0) |
522 | |
523 | static int |
524 | ppp_async_encode(struct asyncppp *ap) |
525 | { |
526 | int fcs, i, count, c, proto; |
527 | unsigned char *buf, *buflim; |
528 | unsigned char *data; |
529 | int islcp; |
530 | |
531 | buf = ap->obuf; |
532 | ap->olim = buf; |
533 | ap->optr = buf; |
534 | i = ap->tpkt_pos; |
535 | data = ap->tpkt->data; |
536 | count = ap->tpkt->len; |
537 | fcs = ap->tfcs; |
538 | proto = get_unaligned_be16(p: data); |
539 | |
540 | /* |
541 | * LCP packets with code values between 1 (configure-request) |
542 | * and 7 (code-reject) must be sent as though no options |
543 | * had been negotiated. |
544 | */ |
545 | islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7; |
546 | |
547 | if (i == 0) { |
548 | if (islcp) |
549 | async_lcp_peek(ap, data, len: count, inbound: 0); |
550 | |
551 | /* |
552 | * Start of a new packet - insert the leading FLAG |
553 | * character if necessary. |
554 | */ |
555 | if (islcp || flag_time == 0 || |
556 | time_after_eq(jiffies, ap->last_xmit + flag_time)) |
557 | *buf++ = PPP_FLAG; |
558 | ap->last_xmit = jiffies; |
559 | fcs = PPP_INITFCS; |
560 | |
561 | /* |
562 | * Put in the address/control bytes if necessary |
563 | */ |
564 | if ((ap->flags & SC_COMP_AC) == 0 || islcp) { |
565 | PUT_BYTE(ap, buf, 0xff, islcp); |
566 | fcs = PPP_FCS(fcs, 0xff); |
567 | PUT_BYTE(ap, buf, 0x03, islcp); |
568 | fcs = PPP_FCS(fcs, 0x03); |
569 | } |
570 | } |
571 | |
572 | /* |
573 | * Once we put in the last byte, we need to put in the FCS |
574 | * and closing flag, so make sure there is at least 7 bytes |
575 | * of free space in the output buffer. |
576 | */ |
577 | buflim = ap->obuf + OBUFSIZE - 6; |
578 | while (i < count && buf < buflim) { |
579 | c = data[i++]; |
580 | if (i == 1 && c == 0 && (ap->flags & SC_COMP_PROT)) |
581 | continue; /* compress protocol field */ |
582 | fcs = PPP_FCS(fcs, c); |
583 | PUT_BYTE(ap, buf, c, islcp); |
584 | } |
585 | |
586 | if (i < count) { |
587 | /* |
588 | * Remember where we are up to in this packet. |
589 | */ |
590 | ap->olim = buf; |
591 | ap->tpkt_pos = i; |
592 | ap->tfcs = fcs; |
593 | return 0; |
594 | } |
595 | |
596 | /* |
597 | * We have finished the packet. Add the FCS and flag. |
598 | */ |
599 | fcs = ~fcs; |
600 | c = fcs & 0xff; |
601 | PUT_BYTE(ap, buf, c, islcp); |
602 | c = (fcs >> 8) & 0xff; |
603 | PUT_BYTE(ap, buf, c, islcp); |
604 | *buf++ = PPP_FLAG; |
605 | ap->olim = buf; |
606 | |
607 | consume_skb(skb: ap->tpkt); |
608 | ap->tpkt = NULL; |
609 | return 1; |
610 | } |
611 | |
612 | /* |
613 | * Transmit-side routines. |
614 | */ |
615 | |
616 | /* |
617 | * Send a packet to the peer over an async tty line. |
618 | * Returns 1 iff the packet was accepted. |
619 | * If the packet was not accepted, we will call ppp_output_wakeup |
620 | * at some later time. |
621 | */ |
622 | static int |
623 | ppp_async_send(struct ppp_channel *chan, struct sk_buff *skb) |
624 | { |
625 | struct asyncppp *ap = chan->private; |
626 | |
627 | ppp_async_push(ap); |
628 | |
629 | if (test_and_set_bit(XMIT_FULL, addr: &ap->xmit_flags)) |
630 | return 0; /* already full */ |
631 | ap->tpkt = skb; |
632 | ap->tpkt_pos = 0; |
633 | |
634 | ppp_async_push(ap); |
635 | return 1; |
636 | } |
637 | |
638 | /* |
639 | * Push as much data as possible out to the tty. |
640 | */ |
641 | static int |
642 | ppp_async_push(struct asyncppp *ap) |
643 | { |
644 | int avail, sent, done = 0; |
645 | struct tty_struct *tty = ap->tty; |
646 | int tty_stuffed = 0; |
647 | |
648 | /* |
649 | * We can get called recursively here if the tty write |
650 | * function calls our wakeup function. This can happen |
651 | * for example on a pty with both the master and slave |
652 | * set to PPP line discipline. |
653 | * We use the XMIT_BUSY bit to detect this and get out, |
654 | * leaving the XMIT_WAKEUP bit set to tell the other |
655 | * instance that it may now be able to write more now. |
656 | */ |
657 | if (test_and_set_bit(XMIT_BUSY, addr: &ap->xmit_flags)) |
658 | return 0; |
659 | spin_lock_bh(lock: &ap->xmit_lock); |
660 | for (;;) { |
661 | if (test_and_clear_bit(XMIT_WAKEUP, addr: &ap->xmit_flags)) |
662 | tty_stuffed = 0; |
663 | if (!tty_stuffed && ap->optr < ap->olim) { |
664 | avail = ap->olim - ap->optr; |
665 | set_bit(TTY_DO_WRITE_WAKEUP, addr: &tty->flags); |
666 | sent = tty->ops->write(tty, ap->optr, avail); |
667 | if (sent < 0) |
668 | goto flush; /* error, e.g. loss of CD */ |
669 | ap->optr += sent; |
670 | if (sent < avail) |
671 | tty_stuffed = 1; |
672 | continue; |
673 | } |
674 | if (ap->optr >= ap->olim && ap->tpkt) { |
675 | if (ppp_async_encode(ap)) { |
676 | /* finished processing ap->tpkt */ |
677 | clear_bit(XMIT_FULL, addr: &ap->xmit_flags); |
678 | done = 1; |
679 | } |
680 | continue; |
681 | } |
682 | /* |
683 | * We haven't made any progress this time around. |
684 | * Clear XMIT_BUSY to let other callers in, but |
685 | * after doing so we have to check if anyone set |
686 | * XMIT_WAKEUP since we last checked it. If they |
687 | * did, we should try again to set XMIT_BUSY and go |
688 | * around again in case XMIT_BUSY was still set when |
689 | * the other caller tried. |
690 | */ |
691 | clear_bit(XMIT_BUSY, addr: &ap->xmit_flags); |
692 | /* any more work to do? if not, exit the loop */ |
693 | if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) || |
694 | (!tty_stuffed && ap->tpkt))) |
695 | break; |
696 | /* more work to do, see if we can do it now */ |
697 | if (test_and_set_bit(XMIT_BUSY, addr: &ap->xmit_flags)) |
698 | break; |
699 | } |
700 | spin_unlock_bh(lock: &ap->xmit_lock); |
701 | return done; |
702 | |
703 | flush: |
704 | clear_bit(XMIT_BUSY, addr: &ap->xmit_flags); |
705 | if (ap->tpkt) { |
706 | kfree_skb(skb: ap->tpkt); |
707 | ap->tpkt = NULL; |
708 | clear_bit(XMIT_FULL, addr: &ap->xmit_flags); |
709 | done = 1; |
710 | } |
711 | ap->optr = ap->olim; |
712 | spin_unlock_bh(lock: &ap->xmit_lock); |
713 | return done; |
714 | } |
715 | |
716 | /* |
717 | * Flush output from our internal buffers. |
718 | * Called for the TCFLSH ioctl. Can be entered in parallel |
719 | * but this is covered by the xmit_lock. |
720 | */ |
721 | static void |
722 | ppp_async_flush_output(struct asyncppp *ap) |
723 | { |
724 | int done = 0; |
725 | |
726 | spin_lock_bh(lock: &ap->xmit_lock); |
727 | ap->optr = ap->olim; |
728 | if (ap->tpkt != NULL) { |
729 | kfree_skb(skb: ap->tpkt); |
730 | ap->tpkt = NULL; |
731 | clear_bit(XMIT_FULL, addr: &ap->xmit_flags); |
732 | done = 1; |
733 | } |
734 | spin_unlock_bh(lock: &ap->xmit_lock); |
735 | if (done) |
736 | ppp_output_wakeup(&ap->chan); |
737 | } |
738 | |
739 | /* |
740 | * Receive-side routines. |
741 | */ |
742 | |
743 | /* see how many ordinary chars there are at the start of buf */ |
744 | static inline int |
745 | scan_ordinary(struct asyncppp *ap, const unsigned char *buf, int count) |
746 | { |
747 | int i, c; |
748 | |
749 | for (i = 0; i < count; ++i) { |
750 | c = buf[i]; |
751 | if (c == PPP_ESCAPE || c == PPP_FLAG || |
752 | (c < 0x20 && (ap->raccm & (1 << c)) != 0)) |
753 | break; |
754 | } |
755 | return i; |
756 | } |
757 | |
758 | /* called when a flag is seen - do end-of-packet processing */ |
759 | static void |
760 | process_input_packet(struct asyncppp *ap) |
761 | { |
762 | struct sk_buff *skb; |
763 | unsigned char *p; |
764 | unsigned int len, fcs; |
765 | |
766 | skb = ap->rpkt; |
767 | if (ap->state & (SC_TOSS | SC_ESCAPE)) |
768 | goto err; |
769 | |
770 | if (skb == NULL) |
771 | return; /* 0-length packet */ |
772 | |
773 | /* check the FCS */ |
774 | p = skb->data; |
775 | len = skb->len; |
776 | if (len < 3) |
777 | goto err; /* too short */ |
778 | fcs = PPP_INITFCS; |
779 | for (; len > 0; --len) |
780 | fcs = PPP_FCS(fcs, *p++); |
781 | if (fcs != PPP_GOODFCS) |
782 | goto err; /* bad FCS */ |
783 | skb_trim(skb, len: skb->len - 2); |
784 | |
785 | /* check for address/control and protocol compression */ |
786 | p = skb->data; |
787 | if (p[0] == PPP_ALLSTATIONS) { |
788 | /* chop off address/control */ |
789 | if (p[1] != PPP_UI || skb->len < 3) |
790 | goto err; |
791 | p = skb_pull(skb, len: 2); |
792 | } |
793 | |
794 | /* If protocol field is not compressed, it can be LCP packet */ |
795 | if (!(p[0] & 0x01)) { |
796 | unsigned int proto; |
797 | |
798 | if (skb->len < 2) |
799 | goto err; |
800 | proto = (p[0] << 8) + p[1]; |
801 | if (proto == PPP_LCP) |
802 | async_lcp_peek(ap, data: p, len: skb->len, inbound: 1); |
803 | } |
804 | |
805 | /* queue the frame to be processed */ |
806 | skb->cb[0] = ap->state; |
807 | skb_queue_tail(list: &ap->rqueue, newsk: skb); |
808 | ap->rpkt = NULL; |
809 | ap->state = 0; |
810 | return; |
811 | |
812 | err: |
813 | /* frame had an error, remember that, reset SC_TOSS & SC_ESCAPE */ |
814 | ap->state = SC_PREV_ERROR; |
815 | if (skb) { |
816 | /* make skb appear as freshly allocated */ |
817 | skb_trim(skb, len: 0); |
818 | skb_reserve(skb, len: - skb_headroom(skb)); |
819 | } |
820 | } |
821 | |
822 | /* Called when the tty driver has data for us. Runs parallel with the |
823 | other ldisc functions but will not be re-entered */ |
824 | |
825 | static void |
826 | ppp_async_input(struct asyncppp *ap, const u8 *buf, const u8 *flags, int count) |
827 | { |
828 | struct sk_buff *skb; |
829 | int c, i, j, n, s, f; |
830 | unsigned char *sp; |
831 | |
832 | /* update bits used for 8-bit cleanness detection */ |
833 | if (~ap->rbits & SC_RCV_BITS) { |
834 | s = 0; |
835 | for (i = 0; i < count; ++i) { |
836 | c = buf[i]; |
837 | if (flags && flags[i] != 0) |
838 | continue; |
839 | s |= (c & 0x80)? SC_RCV_B7_1: SC_RCV_B7_0; |
840 | c = ((c >> 4) ^ c) & 0xf; |
841 | s |= (0x6996 & (1 << c))? SC_RCV_ODDP: SC_RCV_EVNP; |
842 | } |
843 | ap->rbits |= s; |
844 | } |
845 | |
846 | while (count > 0) { |
847 | /* scan through and see how many chars we can do in bulk */ |
848 | if ((ap->state & SC_ESCAPE) && buf[0] == PPP_ESCAPE) |
849 | n = 1; |
850 | else |
851 | n = scan_ordinary(ap, buf, count); |
852 | |
853 | f = 0; |
854 | if (flags && (ap->state & SC_TOSS) == 0) { |
855 | /* check the flags to see if any char had an error */ |
856 | for (j = 0; j < n; ++j) |
857 | if ((f = flags[j]) != 0) |
858 | break; |
859 | } |
860 | if (f != 0) { |
861 | /* start tossing */ |
862 | ap->state |= SC_TOSS; |
863 | |
864 | } else if (n > 0 && (ap->state & SC_TOSS) == 0) { |
865 | /* stuff the chars in the skb */ |
866 | skb = ap->rpkt; |
867 | if (!skb) { |
868 | skb = dev_alloc_skb(length: ap->mru + PPP_HDRLEN + 2); |
869 | if (!skb) |
870 | goto nomem; |
871 | ap->rpkt = skb; |
872 | } |
873 | if (skb->len == 0) { |
874 | /* Try to get the payload 4-byte aligned. |
875 | * This should match the |
876 | * PPP_ALLSTATIONS/PPP_UI/compressed tests in |
877 | * process_input_packet, but we do not have |
878 | * enough chars here to test buf[1] and buf[2]. |
879 | */ |
880 | if (buf[0] != PPP_ALLSTATIONS) |
881 | skb_reserve(skb, len: 2 + (buf[0] & 1)); |
882 | } |
883 | if (n > skb_tailroom(skb)) { |
884 | /* packet overflowed MRU */ |
885 | ap->state |= SC_TOSS; |
886 | } else { |
887 | sp = skb_put_data(skb, data: buf, len: n); |
888 | if (ap->state & SC_ESCAPE) { |
889 | sp[0] ^= PPP_TRANS; |
890 | ap->state &= ~SC_ESCAPE; |
891 | } |
892 | } |
893 | } |
894 | |
895 | if (n >= count) |
896 | break; |
897 | |
898 | c = buf[n]; |
899 | if (flags != NULL && flags[n] != 0) { |
900 | ap->state |= SC_TOSS; |
901 | } else if (c == PPP_FLAG) { |
902 | process_input_packet(ap); |
903 | } else if (c == PPP_ESCAPE) { |
904 | ap->state |= SC_ESCAPE; |
905 | } else if (I_IXON(ap->tty)) { |
906 | if (c == START_CHAR(ap->tty)) |
907 | start_tty(tty: ap->tty); |
908 | else if (c == STOP_CHAR(ap->tty)) |
909 | stop_tty(tty: ap->tty); |
910 | } |
911 | /* otherwise it's a char in the recv ACCM */ |
912 | ++n; |
913 | |
914 | buf += n; |
915 | if (flags) |
916 | flags += n; |
917 | count -= n; |
918 | } |
919 | return; |
920 | |
921 | nomem: |
922 | printk(KERN_ERR "PPPasync: no memory (input pkt)\n" ); |
923 | ap->state |= SC_TOSS; |
924 | } |
925 | |
926 | /* |
927 | * We look at LCP frames going past so that we can notice |
928 | * and react to the LCP configure-ack from the peer. |
929 | * In the situation where the peer has been sent a configure-ack |
930 | * already, LCP is up once it has sent its configure-ack |
931 | * so the immediately following packet can be sent with the |
932 | * configured LCP options. This allows us to process the following |
933 | * packet correctly without pppd needing to respond quickly. |
934 | * |
935 | * We only respond to the received configure-ack if we have just |
936 | * sent a configure-request, and the configure-ack contains the |
937 | * same data (this is checked using a 16-bit crc of the data). |
938 | */ |
939 | #define CONFREQ 1 /* LCP code field values */ |
940 | #define CONFACK 2 |
941 | #define LCP_MRU 1 /* LCP option numbers */ |
942 | #define LCP_ASYNCMAP 2 |
943 | |
944 | static void async_lcp_peek(struct asyncppp *ap, unsigned char *data, |
945 | int len, int inbound) |
946 | { |
947 | int dlen, fcs, i, code; |
948 | u32 val; |
949 | |
950 | data += 2; /* skip protocol bytes */ |
951 | len -= 2; |
952 | if (len < 4) /* 4 = code, ID, length */ |
953 | return; |
954 | code = data[0]; |
955 | if (code != CONFACK && code != CONFREQ) |
956 | return; |
957 | dlen = get_unaligned_be16(p: data + 2); |
958 | if (len < dlen) |
959 | return; /* packet got truncated or length is bogus */ |
960 | |
961 | if (code == (inbound? CONFACK: CONFREQ)) { |
962 | /* |
963 | * sent confreq or received confack: |
964 | * calculate the crc of the data from the ID field on. |
965 | */ |
966 | fcs = PPP_INITFCS; |
967 | for (i = 1; i < dlen; ++i) |
968 | fcs = PPP_FCS(fcs, data[i]); |
969 | |
970 | if (!inbound) { |
971 | /* outbound confreq - remember the crc for later */ |
972 | ap->lcp_fcs = fcs; |
973 | return; |
974 | } |
975 | |
976 | /* received confack, check the crc */ |
977 | fcs ^= ap->lcp_fcs; |
978 | ap->lcp_fcs = -1; |
979 | if (fcs != 0) |
980 | return; |
981 | } else if (inbound) |
982 | return; /* not interested in received confreq */ |
983 | |
984 | /* process the options in the confack */ |
985 | data += 4; |
986 | dlen -= 4; |
987 | /* data[0] is code, data[1] is length */ |
988 | while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) { |
989 | switch (data[0]) { |
990 | case LCP_MRU: |
991 | val = get_unaligned_be16(p: data + 2); |
992 | if (inbound) |
993 | ap->mru = val; |
994 | else |
995 | ap->chan.mtu = val; |
996 | break; |
997 | case LCP_ASYNCMAP: |
998 | val = get_unaligned_be32(p: data + 2); |
999 | if (inbound) |
1000 | ap->raccm = val; |
1001 | else |
1002 | ap->xaccm[0] = val; |
1003 | break; |
1004 | } |
1005 | dlen -= data[1]; |
1006 | data += data[1]; |
1007 | } |
1008 | } |
1009 | |
1010 | static void __exit ppp_async_cleanup(void) |
1011 | { |
1012 | tty_unregister_ldisc(ldisc: &ppp_ldisc); |
1013 | } |
1014 | |
1015 | module_init(ppp_async_init); |
1016 | module_exit(ppp_async_cleanup); |
1017 | |