Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * PPP synchronous tty channel driver for Linux.
4 *
5 * This is a ppp channel driver that can be used with tty device drivers
6 * that are frame oriented, such as synchronous HDLC devices.
7 *
8 * Complete PPP frames without encoding/decoding are exchanged between
9 * the channel driver and the device driver.
10 *
11 * The async map IOCTL codes are implemented to keep the user mode
12 * applications happy if they call them. Synchronous PPP does not use
13 * the async maps.
14 *
15 * Copyright 1999 Paul Mackerras.
16 *
17 * Also touched by the grubby hands of Paul Fulghum paulkf@microgate.com
18 *
19 * This driver provides the encapsulation and framing for sending
20 * and receiving PPP frames over sync serial lines. It relies on
21 * the generic PPP layer to give it frames to send and to process
22 * received frames. It implements the PPP line discipline.
23 *
24 * Part of the code in this driver was inspired by the old async-only
25 * PPP driver, written by Michael Callahan and Al Longyear, and
26 * subsequently hacked by Paul Mackerras.
27 *
28 * ==FILEVERSION 20040616==
29 */
30
31#include <linux/module.h>
32#include <linux/kernel.h>
33#include <linux/skbuff.h>
34#include <linux/tty.h>
35#include <linux/netdevice.h>
36#include <linux/poll.h>
37#include <linux/ppp_defs.h>
38#include <linux/ppp-ioctl.h>
39#include <linux/ppp_channel.h>
40#include <linux/spinlock.h>
41#include <linux/completion.h>
42#include <linux/init.h>
43#include <linux/interrupt.h>
44#include <linux/slab.h>
45#include <linux/refcount.h>
46#include <asm/unaligned.h>
47#include <linux/uaccess.h>
48
49#define PPP_VERSION "2.4.2"
50
51/* Structure for storing local state. */
52struct syncppp {
53 struct tty_struct *tty;
54 unsigned int flags;
55 unsigned int rbits;
56 int mru;
57 spinlock_t xmit_lock;
58 spinlock_t recv_lock;
59 unsigned long xmit_flags;
60 u32 xaccm[8];
61 u32 raccm;
62 unsigned int bytes_sent;
63 unsigned int bytes_rcvd;
64
65 struct sk_buff *tpkt;
66 unsigned long last_xmit;
67
68 struct sk_buff_head rqueue;
69
70 struct tasklet_struct tsk;
71
72 refcount_t refcnt;
73 struct completion dead_cmp;
74 struct ppp_channel chan; /* interface to generic ppp layer */
75};
76
77/* Bit numbers in xmit_flags */
78#define XMIT_WAKEUP 0
79#define XMIT_FULL 1
80
81/* Bits in rbits */
82#define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
83
84#define PPPSYNC_MAX_RQLEN 32 /* arbitrary */
85
86/*
87 * Prototypes.
88 */
89static struct sk_buff* ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *);
90static int ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb);
91static int ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd,
92 unsigned long arg);
93static void ppp_sync_process(struct tasklet_struct *t);
94static int ppp_sync_push(struct syncppp *ap);
95static void ppp_sync_flush_output(struct syncppp *ap);
96static void ppp_sync_input(struct syncppp *ap, const u8 *buf, const u8 *flags,
97 int count);
98
99static const struct ppp_channel_ops sync_ops = {
100 .start_xmit = ppp_sync_send,
101 .ioctl = ppp_sync_ioctl,
102};
103
104/*
105 * Utility procedure to print a buffer in hex/ascii
106 */
107static void
108ppp_print_buffer (const char *name, const __u8 *buf, int count)
109{
110 if (name != NULL)
111 printk(KERN_DEBUG "ppp_synctty: %s, count = %d\n", name, count);
112
113 print_hex_dump_bytes("", DUMP_PREFIX_NONE, buf, count);
114}
115
116
117/*
118 * Routines implementing the synchronous PPP line discipline.
119 */
120
121/*
122 * We have a potential race on dereferencing tty->disc_data,
123 * because the tty layer provides no locking at all - thus one
124 * cpu could be running ppp_synctty_receive while another
125 * calls ppp_synctty_close, which zeroes tty->disc_data and
126 * frees the memory that ppp_synctty_receive is using. The best
127 * way to fix this is to use a rwlock in the tty struct, but for now
128 * we use a single global rwlock for all ttys in ppp line discipline.
129 *
130 * FIXME: Fixed in tty_io nowadays.
131 */
132static DEFINE_RWLOCK(disc_data_lock);
133
134static struct syncppp *sp_get(struct tty_struct *tty)
135{
136 struct syncppp *ap;
137
138 read_lock(&disc_data_lock);
139 ap = tty->disc_data;
140 if (ap != NULL)
141 refcount_inc(&ap->refcnt);
142 read_unlock(&disc_data_lock);
143 return ap;
144}
145
146static void sp_put(struct syncppp *ap)
147{
148 if (refcount_dec_and_test(&ap->refcnt))
149 complete(&ap->dead_cmp);
150}
151
152/*
153 * Called when a tty is put into sync-PPP line discipline.
154 */
155static int
156ppp_sync_open(struct tty_struct *tty)
157{
158 struct syncppp *ap;
159 int err;
160 int speed;
161
162 if (tty->ops->write == NULL)
163 return -EOPNOTSUPP;
164
165 ap = kzalloc(sizeof(*ap), GFP_KERNEL);
166 err = -ENOMEM;
167 if (!ap)
168 goto out;
169
170 /* initialize the syncppp structure */
171 ap->tty = tty;
172 ap->mru = PPP_MRU;
173 spin_lock_init(&ap->xmit_lock);
174 spin_lock_init(&ap->recv_lock);
175 ap->xaccm[0] = ~0U;
176 ap->xaccm[3] = 0x60000000U;
177 ap->raccm = ~0U;
178
179 skb_queue_head_init(&ap->rqueue);
180 tasklet_setup(&ap->tsk, ppp_sync_process);
181
182 refcount_set(&ap->refcnt, 1);
183 init_completion(&ap->dead_cmp);
184
185 ap->chan.private = ap;
186 ap->chan.ops = &sync_ops;
187 ap->chan.mtu = PPP_MRU;
188 ap->chan.hdrlen = 2; /* for A/C bytes */
189 speed = tty_get_baud_rate(tty);
190 ap->chan.speed = speed;
191 err = ppp_register_channel(&ap->chan);
192 if (err)
193 goto out_free;
194
195 tty->disc_data = ap;
196 tty->receive_room = 65536;
197 return 0;
198
199 out_free:
200 kfree(ap);
201 out:
202 return err;
203}
204
205/*
206 * Called when the tty is put into another line discipline
207 * or it hangs up. We have to wait for any cpu currently
208 * executing in any of the other ppp_synctty_* routines to
209 * finish before we can call ppp_unregister_channel and free
210 * the syncppp struct. This routine must be called from
211 * process context, not interrupt or softirq context.
212 */
213static void
214ppp_sync_close(struct tty_struct *tty)
215{
216 struct syncppp *ap;
217
218 write_lock_irq(&disc_data_lock);
219 ap = tty->disc_data;
220 tty->disc_data = NULL;
221 write_unlock_irq(&disc_data_lock);
222 if (!ap)
223 return;
224
225 /*
226 * We have now ensured that nobody can start using ap from now
227 * on, but we have to wait for all existing users to finish.
228 * Note that ppp_unregister_channel ensures that no calls to
229 * our channel ops (i.e. ppp_sync_send/ioctl) are in progress
230 * by the time it returns.
231 */
232 if (!refcount_dec_and_test(&ap->refcnt))
233 wait_for_completion(&ap->dead_cmp);
234 tasklet_kill(&ap->tsk);
235
236 ppp_unregister_channel(&ap->chan);
237 skb_queue_purge(&ap->rqueue);
238 kfree_skb(ap->tpkt);
239 kfree(ap);
240}
241
242/*
243 * Called on tty hangup in process context.
244 *
245 * Wait for I/O to driver to complete and unregister PPP channel.
246 * This is already done by the close routine, so just call that.
247 */
248static void ppp_sync_hangup(struct tty_struct *tty)
249{
250 ppp_sync_close(tty);
251}
252
253/*
254 * Read does nothing - no data is ever available this way.
255 * Pppd reads and writes packets via /dev/ppp instead.
256 */
257static ssize_t
258ppp_sync_read(struct tty_struct *tty, struct file *file, u8 *buf, size_t count,
259 void **cookie, unsigned long offset)
260{
261 return -EAGAIN;
262}
263
264/*
265 * Write on the tty does nothing, the packets all come in
266 * from the ppp generic stuff.
267 */
268static ssize_t
269ppp_sync_write(struct tty_struct *tty, struct file *file, const u8 *buf,
270 size_t count)
271{
272 return -EAGAIN;
273}
274
275static int
276ppp_synctty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
277{
278 struct syncppp *ap = sp_get(tty);
279 int __user *p = (int __user *)arg;
280 int err, val;
281
282 if (!ap)
283 return -ENXIO;
284 err = -EFAULT;
285 switch (cmd) {
286 case PPPIOCGCHAN:
287 err = -EFAULT;
288 if (put_user(ppp_channel_index(&ap->chan), p))
289 break;
290 err = 0;
291 break;
292
293 case PPPIOCGUNIT:
294 err = -EFAULT;
295 if (put_user(ppp_unit_number(&ap->chan), p))
296 break;
297 err = 0;
298 break;
299
300 case TCFLSH:
301 /* flush our buffers and the serial port's buffer */
302 if (arg == TCIOFLUSH || arg == TCOFLUSH)
303 ppp_sync_flush_output(ap);
304 err = n_tty_ioctl_helper(tty, cmd, arg);
305 break;
306
307 case FIONREAD:
308 val = 0;
309 if (put_user(val, p))
310 break;
311 err = 0;
312 break;
313
314 default:
315 err = tty_mode_ioctl(tty, cmd, arg);
316 break;
317 }
318
319 sp_put(ap);
320 return err;
321}
322
323/* May sleep, don't call from interrupt level or with interrupts disabled */
324static void
325ppp_sync_receive(struct tty_struct *tty, const u8 *buf, const u8 *cflags,
326 size_t count)
327{
328 struct syncppp *ap = sp_get(tty);
329 unsigned long flags;
330
331 if (!ap)
332 return;
333 spin_lock_irqsave(&ap->recv_lock, flags);
334 ppp_sync_input(ap, buf, cflags, count);
335 spin_unlock_irqrestore(&ap->recv_lock, flags);
336 if (!skb_queue_empty(&ap->rqueue))
337 tasklet_schedule(&ap->tsk);
338 sp_put(ap);
339 tty_unthrottle(tty);
340}
341
342static void
343ppp_sync_wakeup(struct tty_struct *tty)
344{
345 struct syncppp *ap = sp_get(tty);
346
347 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
348 if (!ap)
349 return;
350 set_bit(XMIT_WAKEUP, &ap->xmit_flags);
351 tasklet_schedule(&ap->tsk);
352 sp_put(ap);
353}
354
355
356static struct tty_ldisc_ops ppp_sync_ldisc = {
357 .owner = THIS_MODULE,
358 .num = N_SYNC_PPP,
359 .name = "pppsync",
360 .open = ppp_sync_open,
361 .close = ppp_sync_close,
362 .hangup = ppp_sync_hangup,
363 .read = ppp_sync_read,
364 .write = ppp_sync_write,
365 .ioctl = ppp_synctty_ioctl,
366 .receive_buf = ppp_sync_receive,
367 .write_wakeup = ppp_sync_wakeup,
368};
369
370static int __init
371ppp_sync_init(void)
372{
373 int err;
374
375 err = tty_register_ldisc(&ppp_sync_ldisc);
376 if (err != 0)
377 printk(KERN_ERR "PPP_sync: error %d registering line disc.\n",
378 err);
379 return err;
380}
381
382/*
383 * The following routines provide the PPP channel interface.
384 */
385static int
386ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
387{
388 struct syncppp *ap = chan->private;
389 int err, val;
390 u32 accm[8];
391 void __user *argp = (void __user *)arg;
392 u32 __user *p = argp;
393
394 err = -EFAULT;
395 switch (cmd) {
396 case PPPIOCGFLAGS:
397 val = ap->flags | ap->rbits;
398 if (put_user(val, (int __user *) argp))
399 break;
400 err = 0;
401 break;
402 case PPPIOCSFLAGS:
403 if (get_user(val, (int __user *) argp))
404 break;
405 ap->flags = val & ~SC_RCV_BITS;
406 spin_lock_irq(&ap->recv_lock);
407 ap->rbits = val & SC_RCV_BITS;
408 spin_unlock_irq(&ap->recv_lock);
409 err = 0;
410 break;
411
412 case PPPIOCGASYNCMAP:
413 if (put_user(ap->xaccm[0], p))
414 break;
415 err = 0;
416 break;
417 case PPPIOCSASYNCMAP:
418 if (get_user(ap->xaccm[0], p))
419 break;
420 err = 0;
421 break;
422
423 case PPPIOCGRASYNCMAP:
424 if (put_user(ap->raccm, p))
425 break;
426 err = 0;
427 break;
428 case PPPIOCSRASYNCMAP:
429 if (get_user(ap->raccm, p))
430 break;
431 err = 0;
432 break;
433
434 case PPPIOCGXASYNCMAP:
435 if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
436 break;
437 err = 0;
438 break;
439 case PPPIOCSXASYNCMAP:
440 if (copy_from_user(accm, argp, sizeof(accm)))
441 break;
442 accm[2] &= ~0x40000000U; /* can't escape 0x5e */
443 accm[3] |= 0x60000000U; /* must escape 0x7d, 0x7e */
444 memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
445 err = 0;
446 break;
447
448 case PPPIOCGMRU:
449 if (put_user(ap->mru, (int __user *) argp))
450 break;
451 err = 0;
452 break;
453 case PPPIOCSMRU:
454 if (get_user(val, (int __user *) argp))
455 break;
456 if (val > U16_MAX) {
457 err = -EINVAL;
458 break;
459 }
460 if (val < PPP_MRU)
461 val = PPP_MRU;
462 ap->mru = val;
463 err = 0;
464 break;
465
466 default:
467 err = -ENOTTY;
468 }
469 return err;
470}
471
472/*
473 * This is called at softirq level to deliver received packets
474 * to the ppp_generic code, and to tell the ppp_generic code
475 * if we can accept more output now.
476 */
477static void ppp_sync_process(struct tasklet_struct *t)
478{
479 struct syncppp *ap = from_tasklet(ap, t, tsk);
480 struct sk_buff *skb;
481
482 /* process received packets */
483 while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
484 if (skb->len == 0) {
485 /* zero length buffers indicate error */
486 ppp_input_error(&ap->chan, 0);
487 kfree_skb(skb);
488 }
489 else
490 ppp_input(&ap->chan, skb);
491 }
492
493 /* try to push more stuff out */
494 if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_sync_push(ap))
495 ppp_output_wakeup(&ap->chan);
496}
497
498/*
499 * Procedures for encapsulation and framing.
500 */
501
502static struct sk_buff*
503ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *skb)
504{
505 int proto;
506 unsigned char *data;
507 int islcp;
508
509 data = skb->data;
510 proto = get_unaligned_be16(data);
511
512 /* LCP packets with codes between 1 (configure-request)
513 * and 7 (code-reject) must be sent as though no options
514 * have been negotiated.
515 */
516 islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
517
518 /* compress protocol field if option enabled */
519 if (data[0] == 0 && (ap->flags & SC_COMP_PROT) && !islcp)
520 skb_pull(skb,1);
521
522 /* prepend address/control fields if necessary */
523 if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
524 if (skb_headroom(skb) < 2) {
525 struct sk_buff *npkt = dev_alloc_skb(skb->len + 2);
526 if (npkt == NULL) {
527 kfree_skb(skb);
528 return NULL;
529 }
530 skb_reserve(npkt,2);
531 skb_copy_from_linear_data(skb,
532 skb_put(npkt, skb->len), skb->len);
533 consume_skb(skb);
534 skb = npkt;
535 }
536 skb_push(skb,2);
537 skb->data[0] = PPP_ALLSTATIONS;
538 skb->data[1] = PPP_UI;
539 }
540
541 ap->last_xmit = jiffies;
542
543 if (skb && ap->flags & SC_LOG_OUTPKT)
544 ppp_print_buffer ("send buffer", skb->data, skb->len);
545
546 return skb;
547}
548
549/*
550 * Transmit-side routines.
551 */
552
553/*
554 * Send a packet to the peer over an sync tty line.
555 * Returns 1 iff the packet was accepted.
556 * If the packet was not accepted, we will call ppp_output_wakeup
557 * at some later time.
558 */
559static int
560ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb)
561{
562 struct syncppp *ap = chan->private;
563
564 ppp_sync_push(ap);
565
566 if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
567 return 0; /* already full */
568 skb = ppp_sync_txmunge(ap, skb);
569 if (skb != NULL)
570 ap->tpkt = skb;
571 else
572 clear_bit(XMIT_FULL, &ap->xmit_flags);
573
574 ppp_sync_push(ap);
575 return 1;
576}
577
578/*
579 * Push as much data as possible out to the tty.
580 */
581static int
582ppp_sync_push(struct syncppp *ap)
583{
584 int sent, done = 0;
585 struct tty_struct *tty = ap->tty;
586 int tty_stuffed = 0;
587
588 if (!spin_trylock_bh(&ap->xmit_lock))
589 return 0;
590 for (;;) {
591 if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
592 tty_stuffed = 0;
593 if (!tty_stuffed && ap->tpkt) {
594 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
595 sent = tty->ops->write(tty, ap->tpkt->data, ap->tpkt->len);
596 if (sent < 0)
597 goto flush; /* error, e.g. loss of CD */
598 if (sent < ap->tpkt->len) {
599 tty_stuffed = 1;
600 } else {
601 consume_skb(ap->tpkt);
602 ap->tpkt = NULL;
603 clear_bit(XMIT_FULL, &ap->xmit_flags);
604 done = 1;
605 }
606 continue;
607 }
608 /* haven't made any progress */
609 spin_unlock_bh(&ap->xmit_lock);
610 if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) ||
611 (!tty_stuffed && ap->tpkt)))
612 break;
613 if (!spin_trylock_bh(&ap->xmit_lock))
614 break;
615 }
616 return done;
617
618flush:
619 if (ap->tpkt) {
620 kfree_skb(ap->tpkt);
621 ap->tpkt = NULL;
622 clear_bit(XMIT_FULL, &ap->xmit_flags);
623 done = 1;
624 }
625 spin_unlock_bh(&ap->xmit_lock);
626 return done;
627}
628
629/*
630 * Flush output from our internal buffers.
631 * Called for the TCFLSH ioctl.
632 */
633static void
634ppp_sync_flush_output(struct syncppp *ap)
635{
636 int done = 0;
637
638 spin_lock_bh(&ap->xmit_lock);
639 if (ap->tpkt != NULL) {
640 kfree_skb(ap->tpkt);
641 ap->tpkt = NULL;
642 clear_bit(XMIT_FULL, &ap->xmit_flags);
643 done = 1;
644 }
645 spin_unlock_bh(&ap->xmit_lock);
646 if (done)
647 ppp_output_wakeup(&ap->chan);
648}
649
650/*
651 * Receive-side routines.
652 */
653
654/* called when the tty driver has data for us.
655 *
656 * Data is frame oriented: each call to ppp_sync_input is considered
657 * a whole frame. If the 1st flag byte is non-zero then the whole
658 * frame is considered to be in error and is tossed.
659 */
660static void
661ppp_sync_input(struct syncppp *ap, const u8 *buf, const u8 *flags, int count)
662{
663 struct sk_buff *skb;
664 unsigned char *p;
665
666 if (count == 0)
667 return;
668
669 if (ap->flags & SC_LOG_INPKT)
670 ppp_print_buffer ("receive buffer", buf, count);
671
672 /* stuff the chars in the skb */
673 skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
674 if (!skb) {
675 printk(KERN_ERR "PPPsync: no memory (input pkt)\n");
676 goto err;
677 }
678 /* Try to get the payload 4-byte aligned */
679 if (buf[0] != PPP_ALLSTATIONS)
680 skb_reserve(skb, 2 + (buf[0] & 1));
681
682 if (flags && *flags) {
683 /* error flag set, ignore frame */
684 goto err;
685 } else if (count > skb_tailroom(skb)) {
686 /* packet overflowed MRU */
687 goto err;
688 }
689
690 skb_put_data(skb, buf, count);
691
692 /* strip address/control field if present */
693 p = skb->data;
694 if (skb->len >= 2 && p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
695 /* chop off address/control */
696 if (skb->len < 3)
697 goto err;
698 p = skb_pull(skb, 2);
699 }
700
701 /* PPP packet length should be >= 2 bytes when protocol field is not
702 * compressed.
703 */
704 if (!(p[0] & 0x01) && skb->len < 2)
705 goto err;
706
707 /* queue the frame to be processed */
708 skb_queue_tail(&ap->rqueue, skb);
709 return;
710
711err:
712 /* queue zero length packet as error indication */
713 if (skb || (skb = dev_alloc_skb(0))) {
714 skb_trim(skb, 0);
715 skb_queue_tail(&ap->rqueue, skb);
716 }
717}
718
719static void __exit
720ppp_sync_cleanup(void)
721{
722 tty_unregister_ldisc(&ppp_sync_ldisc);
723}
724
725module_init(ppp_sync_init);
726module_exit(ppp_sync_cleanup);
727MODULE_DESCRIPTION("PPP synchronous TTY channel module");
728MODULE_LICENSE("GPL");
729MODULE_ALIAS_LDISC(N_SYNC_PPP);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * PPP synchronous tty channel driver for Linux.
4 *
5 * This is a ppp channel driver that can be used with tty device drivers
6 * that are frame oriented, such as synchronous HDLC devices.
7 *
8 * Complete PPP frames without encoding/decoding are exchanged between
9 * the channel driver and the device driver.
10 *
11 * The async map IOCTL codes are implemented to keep the user mode
12 * applications happy if they call them. Synchronous PPP does not use
13 * the async maps.
14 *
15 * Copyright 1999 Paul Mackerras.
16 *
17 * Also touched by the grubby hands of Paul Fulghum paulkf@microgate.com
18 *
19 * This driver provides the encapsulation and framing for sending
20 * and receiving PPP frames over sync serial lines. It relies on
21 * the generic PPP layer to give it frames to send and to process
22 * received frames. It implements the PPP line discipline.
23 *
24 * Part of the code in this driver was inspired by the old async-only
25 * PPP driver, written by Michael Callahan and Al Longyear, and
26 * subsequently hacked by Paul Mackerras.
27 *
28 * ==FILEVERSION 20040616==
29 */
30
31#include <linux/module.h>
32#include <linux/kernel.h>
33#include <linux/skbuff.h>
34#include <linux/tty.h>
35#include <linux/netdevice.h>
36#include <linux/poll.h>
37#include <linux/ppp_defs.h>
38#include <linux/ppp-ioctl.h>
39#include <linux/ppp_channel.h>
40#include <linux/spinlock.h>
41#include <linux/completion.h>
42#include <linux/init.h>
43#include <linux/interrupt.h>
44#include <linux/slab.h>
45#include <linux/refcount.h>
46#include <asm/unaligned.h>
47#include <linux/uaccess.h>
48
49#define PPP_VERSION "2.4.2"
50
51/* Structure for storing local state. */
52struct syncppp {
53 struct tty_struct *tty;
54 unsigned int flags;
55 unsigned int rbits;
56 int mru;
57 spinlock_t xmit_lock;
58 spinlock_t recv_lock;
59 unsigned long xmit_flags;
60 u32 xaccm[8];
61 u32 raccm;
62 unsigned int bytes_sent;
63 unsigned int bytes_rcvd;
64
65 struct sk_buff *tpkt;
66 unsigned long last_xmit;
67
68 struct sk_buff_head rqueue;
69
70 struct tasklet_struct tsk;
71
72 refcount_t refcnt;
73 struct completion dead_cmp;
74 struct ppp_channel chan; /* interface to generic ppp layer */
75};
76
77/* Bit numbers in xmit_flags */
78#define XMIT_WAKEUP 0
79#define XMIT_FULL 1
80
81/* Bits in rbits */
82#define SC_RCV_BITS (SC_RCV_B7_1|SC_RCV_B7_0|SC_RCV_ODDP|SC_RCV_EVNP)
83
84#define PPPSYNC_MAX_RQLEN 32 /* arbitrary */
85
86/*
87 * Prototypes.
88 */
89static struct sk_buff* ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *);
90static int ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb);
91static int ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd,
92 unsigned long arg);
93static void ppp_sync_process(struct tasklet_struct *t);
94static int ppp_sync_push(struct syncppp *ap);
95static void ppp_sync_flush_output(struct syncppp *ap);
96static void ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
97 const char *flags, int count);
98
99static const struct ppp_channel_ops sync_ops = {
100 .start_xmit = ppp_sync_send,
101 .ioctl = ppp_sync_ioctl,
102};
103
104/*
105 * Utility procedure to print a buffer in hex/ascii
106 */
107static void
108ppp_print_buffer (const char *name, const __u8 *buf, int count)
109{
110 if (name != NULL)
111 printk(KERN_DEBUG "ppp_synctty: %s, count = %d\n", name, count);
112
113 print_hex_dump_bytes("", DUMP_PREFIX_NONE, buf, count);
114}
115
116
117/*
118 * Routines implementing the synchronous PPP line discipline.
119 */
120
121/*
122 * We have a potential race on dereferencing tty->disc_data,
123 * because the tty layer provides no locking at all - thus one
124 * cpu could be running ppp_synctty_receive while another
125 * calls ppp_synctty_close, which zeroes tty->disc_data and
126 * frees the memory that ppp_synctty_receive is using. The best
127 * way to fix this is to use a rwlock in the tty struct, but for now
128 * we use a single global rwlock for all ttys in ppp line discipline.
129 *
130 * FIXME: Fixed in tty_io nowadays.
131 */
132static DEFINE_RWLOCK(disc_data_lock);
133
134static struct syncppp *sp_get(struct tty_struct *tty)
135{
136 struct syncppp *ap;
137
138 read_lock(&disc_data_lock);
139 ap = tty->disc_data;
140 if (ap != NULL)
141 refcount_inc(&ap->refcnt);
142 read_unlock(&disc_data_lock);
143 return ap;
144}
145
146static void sp_put(struct syncppp *ap)
147{
148 if (refcount_dec_and_test(&ap->refcnt))
149 complete(&ap->dead_cmp);
150}
151
152/*
153 * Called when a tty is put into sync-PPP line discipline.
154 */
155static int
156ppp_sync_open(struct tty_struct *tty)
157{
158 struct syncppp *ap;
159 int err;
160 int speed;
161
162 if (tty->ops->write == NULL)
163 return -EOPNOTSUPP;
164
165 ap = kzalloc(sizeof(*ap), GFP_KERNEL);
166 err = -ENOMEM;
167 if (!ap)
168 goto out;
169
170 /* initialize the syncppp structure */
171 ap->tty = tty;
172 ap->mru = PPP_MRU;
173 spin_lock_init(&ap->xmit_lock);
174 spin_lock_init(&ap->recv_lock);
175 ap->xaccm[0] = ~0U;
176 ap->xaccm[3] = 0x60000000U;
177 ap->raccm = ~0U;
178
179 skb_queue_head_init(&ap->rqueue);
180 tasklet_setup(&ap->tsk, ppp_sync_process);
181
182 refcount_set(&ap->refcnt, 1);
183 init_completion(&ap->dead_cmp);
184
185 ap->chan.private = ap;
186 ap->chan.ops = &sync_ops;
187 ap->chan.mtu = PPP_MRU;
188 ap->chan.hdrlen = 2; /* for A/C bytes */
189 speed = tty_get_baud_rate(tty);
190 ap->chan.speed = speed;
191 err = ppp_register_channel(&ap->chan);
192 if (err)
193 goto out_free;
194
195 tty->disc_data = ap;
196 tty->receive_room = 65536;
197 return 0;
198
199 out_free:
200 kfree(ap);
201 out:
202 return err;
203}
204
205/*
206 * Called when the tty is put into another line discipline
207 * or it hangs up. We have to wait for any cpu currently
208 * executing in any of the other ppp_synctty_* routines to
209 * finish before we can call ppp_unregister_channel and free
210 * the syncppp struct. This routine must be called from
211 * process context, not interrupt or softirq context.
212 */
213static void
214ppp_sync_close(struct tty_struct *tty)
215{
216 struct syncppp *ap;
217
218 write_lock_irq(&disc_data_lock);
219 ap = tty->disc_data;
220 tty->disc_data = NULL;
221 write_unlock_irq(&disc_data_lock);
222 if (!ap)
223 return;
224
225 /*
226 * We have now ensured that nobody can start using ap from now
227 * on, but we have to wait for all existing users to finish.
228 * Note that ppp_unregister_channel ensures that no calls to
229 * our channel ops (i.e. ppp_sync_send/ioctl) are in progress
230 * by the time it returns.
231 */
232 if (!refcount_dec_and_test(&ap->refcnt))
233 wait_for_completion(&ap->dead_cmp);
234 tasklet_kill(&ap->tsk);
235
236 ppp_unregister_channel(&ap->chan);
237 skb_queue_purge(&ap->rqueue);
238 kfree_skb(ap->tpkt);
239 kfree(ap);
240}
241
242/*
243 * Called on tty hangup in process context.
244 *
245 * Wait for I/O to driver to complete and unregister PPP channel.
246 * This is already done by the close routine, so just call that.
247 */
248static void ppp_sync_hangup(struct tty_struct *tty)
249{
250 ppp_sync_close(tty);
251}
252
253/*
254 * Read does nothing - no data is ever available this way.
255 * Pppd reads and writes packets via /dev/ppp instead.
256 */
257static ssize_t
258ppp_sync_read(struct tty_struct *tty, struct file *file,
259 unsigned char *buf, size_t count,
260 void **cookie, unsigned long offset)
261{
262 return -EAGAIN;
263}
264
265/*
266 * Write on the tty does nothing, the packets all come in
267 * from the ppp generic stuff.
268 */
269static ssize_t
270ppp_sync_write(struct tty_struct *tty, struct file *file,
271 const unsigned char *buf, size_t count)
272{
273 return -EAGAIN;
274}
275
276static int
277ppp_synctty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg)
278{
279 struct syncppp *ap = sp_get(tty);
280 int __user *p = (int __user *)arg;
281 int err, val;
282
283 if (!ap)
284 return -ENXIO;
285 err = -EFAULT;
286 switch (cmd) {
287 case PPPIOCGCHAN:
288 err = -EFAULT;
289 if (put_user(ppp_channel_index(&ap->chan), p))
290 break;
291 err = 0;
292 break;
293
294 case PPPIOCGUNIT:
295 err = -EFAULT;
296 if (put_user(ppp_unit_number(&ap->chan), p))
297 break;
298 err = 0;
299 break;
300
301 case TCFLSH:
302 /* flush our buffers and the serial port's buffer */
303 if (arg == TCIOFLUSH || arg == TCOFLUSH)
304 ppp_sync_flush_output(ap);
305 err = n_tty_ioctl_helper(tty, cmd, arg);
306 break;
307
308 case FIONREAD:
309 val = 0;
310 if (put_user(val, p))
311 break;
312 err = 0;
313 break;
314
315 default:
316 err = tty_mode_ioctl(tty, cmd, arg);
317 break;
318 }
319
320 sp_put(ap);
321 return err;
322}
323
324/* No kernel lock - fine */
325static __poll_t
326ppp_sync_poll(struct tty_struct *tty, struct file *file, poll_table *wait)
327{
328 return 0;
329}
330
331/* May sleep, don't call from interrupt level or with interrupts disabled */
332static void
333ppp_sync_receive(struct tty_struct *tty, const unsigned char *buf,
334 const char *cflags, int count)
335{
336 struct syncppp *ap = sp_get(tty);
337 unsigned long flags;
338
339 if (!ap)
340 return;
341 spin_lock_irqsave(&ap->recv_lock, flags);
342 ppp_sync_input(ap, buf, cflags, count);
343 spin_unlock_irqrestore(&ap->recv_lock, flags);
344 if (!skb_queue_empty(&ap->rqueue))
345 tasklet_schedule(&ap->tsk);
346 sp_put(ap);
347 tty_unthrottle(tty);
348}
349
350static void
351ppp_sync_wakeup(struct tty_struct *tty)
352{
353 struct syncppp *ap = sp_get(tty);
354
355 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
356 if (!ap)
357 return;
358 set_bit(XMIT_WAKEUP, &ap->xmit_flags);
359 tasklet_schedule(&ap->tsk);
360 sp_put(ap);
361}
362
363
364static struct tty_ldisc_ops ppp_sync_ldisc = {
365 .owner = THIS_MODULE,
366 .num = N_SYNC_PPP,
367 .name = "pppsync",
368 .open = ppp_sync_open,
369 .close = ppp_sync_close,
370 .hangup = ppp_sync_hangup,
371 .read = ppp_sync_read,
372 .write = ppp_sync_write,
373 .ioctl = ppp_synctty_ioctl,
374 .poll = ppp_sync_poll,
375 .receive_buf = ppp_sync_receive,
376 .write_wakeup = ppp_sync_wakeup,
377};
378
379static int __init
380ppp_sync_init(void)
381{
382 int err;
383
384 err = tty_register_ldisc(&ppp_sync_ldisc);
385 if (err != 0)
386 printk(KERN_ERR "PPP_sync: error %d registering line disc.\n",
387 err);
388 return err;
389}
390
391/*
392 * The following routines provide the PPP channel interface.
393 */
394static int
395ppp_sync_ioctl(struct ppp_channel *chan, unsigned int cmd, unsigned long arg)
396{
397 struct syncppp *ap = chan->private;
398 int err, val;
399 u32 accm[8];
400 void __user *argp = (void __user *)arg;
401 u32 __user *p = argp;
402
403 err = -EFAULT;
404 switch (cmd) {
405 case PPPIOCGFLAGS:
406 val = ap->flags | ap->rbits;
407 if (put_user(val, (int __user *) argp))
408 break;
409 err = 0;
410 break;
411 case PPPIOCSFLAGS:
412 if (get_user(val, (int __user *) argp))
413 break;
414 ap->flags = val & ~SC_RCV_BITS;
415 spin_lock_irq(&ap->recv_lock);
416 ap->rbits = val & SC_RCV_BITS;
417 spin_unlock_irq(&ap->recv_lock);
418 err = 0;
419 break;
420
421 case PPPIOCGASYNCMAP:
422 if (put_user(ap->xaccm[0], p))
423 break;
424 err = 0;
425 break;
426 case PPPIOCSASYNCMAP:
427 if (get_user(ap->xaccm[0], p))
428 break;
429 err = 0;
430 break;
431
432 case PPPIOCGRASYNCMAP:
433 if (put_user(ap->raccm, p))
434 break;
435 err = 0;
436 break;
437 case PPPIOCSRASYNCMAP:
438 if (get_user(ap->raccm, p))
439 break;
440 err = 0;
441 break;
442
443 case PPPIOCGXASYNCMAP:
444 if (copy_to_user(argp, ap->xaccm, sizeof(ap->xaccm)))
445 break;
446 err = 0;
447 break;
448 case PPPIOCSXASYNCMAP:
449 if (copy_from_user(accm, argp, sizeof(accm)))
450 break;
451 accm[2] &= ~0x40000000U; /* can't escape 0x5e */
452 accm[3] |= 0x60000000U; /* must escape 0x7d, 0x7e */
453 memcpy(ap->xaccm, accm, sizeof(ap->xaccm));
454 err = 0;
455 break;
456
457 case PPPIOCGMRU:
458 if (put_user(ap->mru, (int __user *) argp))
459 break;
460 err = 0;
461 break;
462 case PPPIOCSMRU:
463 if (get_user(val, (int __user *) argp))
464 break;
465 if (val < PPP_MRU)
466 val = PPP_MRU;
467 ap->mru = val;
468 err = 0;
469 break;
470
471 default:
472 err = -ENOTTY;
473 }
474 return err;
475}
476
477/*
478 * This is called at softirq level to deliver received packets
479 * to the ppp_generic code, and to tell the ppp_generic code
480 * if we can accept more output now.
481 */
482static void ppp_sync_process(struct tasklet_struct *t)
483{
484 struct syncppp *ap = from_tasklet(ap, t, tsk);
485 struct sk_buff *skb;
486
487 /* process received packets */
488 while ((skb = skb_dequeue(&ap->rqueue)) != NULL) {
489 if (skb->len == 0) {
490 /* zero length buffers indicate error */
491 ppp_input_error(&ap->chan, 0);
492 kfree_skb(skb);
493 }
494 else
495 ppp_input(&ap->chan, skb);
496 }
497
498 /* try to push more stuff out */
499 if (test_bit(XMIT_WAKEUP, &ap->xmit_flags) && ppp_sync_push(ap))
500 ppp_output_wakeup(&ap->chan);
501}
502
503/*
504 * Procedures for encapsulation and framing.
505 */
506
507static struct sk_buff*
508ppp_sync_txmunge(struct syncppp *ap, struct sk_buff *skb)
509{
510 int proto;
511 unsigned char *data;
512 int islcp;
513
514 data = skb->data;
515 proto = get_unaligned_be16(data);
516
517 /* LCP packets with codes between 1 (configure-request)
518 * and 7 (code-reject) must be sent as though no options
519 * have been negotiated.
520 */
521 islcp = proto == PPP_LCP && 1 <= data[2] && data[2] <= 7;
522
523 /* compress protocol field if option enabled */
524 if (data[0] == 0 && (ap->flags & SC_COMP_PROT) && !islcp)
525 skb_pull(skb,1);
526
527 /* prepend address/control fields if necessary */
528 if ((ap->flags & SC_COMP_AC) == 0 || islcp) {
529 if (skb_headroom(skb) < 2) {
530 struct sk_buff *npkt = dev_alloc_skb(skb->len + 2);
531 if (npkt == NULL) {
532 kfree_skb(skb);
533 return NULL;
534 }
535 skb_reserve(npkt,2);
536 skb_copy_from_linear_data(skb,
537 skb_put(npkt, skb->len), skb->len);
538 consume_skb(skb);
539 skb = npkt;
540 }
541 skb_push(skb,2);
542 skb->data[0] = PPP_ALLSTATIONS;
543 skb->data[1] = PPP_UI;
544 }
545
546 ap->last_xmit = jiffies;
547
548 if (skb && ap->flags & SC_LOG_OUTPKT)
549 ppp_print_buffer ("send buffer", skb->data, skb->len);
550
551 return skb;
552}
553
554/*
555 * Transmit-side routines.
556 */
557
558/*
559 * Send a packet to the peer over an sync tty line.
560 * Returns 1 iff the packet was accepted.
561 * If the packet was not accepted, we will call ppp_output_wakeup
562 * at some later time.
563 */
564static int
565ppp_sync_send(struct ppp_channel *chan, struct sk_buff *skb)
566{
567 struct syncppp *ap = chan->private;
568
569 ppp_sync_push(ap);
570
571 if (test_and_set_bit(XMIT_FULL, &ap->xmit_flags))
572 return 0; /* already full */
573 skb = ppp_sync_txmunge(ap, skb);
574 if (skb != NULL)
575 ap->tpkt = skb;
576 else
577 clear_bit(XMIT_FULL, &ap->xmit_flags);
578
579 ppp_sync_push(ap);
580 return 1;
581}
582
583/*
584 * Push as much data as possible out to the tty.
585 */
586static int
587ppp_sync_push(struct syncppp *ap)
588{
589 int sent, done = 0;
590 struct tty_struct *tty = ap->tty;
591 int tty_stuffed = 0;
592
593 if (!spin_trylock_bh(&ap->xmit_lock))
594 return 0;
595 for (;;) {
596 if (test_and_clear_bit(XMIT_WAKEUP, &ap->xmit_flags))
597 tty_stuffed = 0;
598 if (!tty_stuffed && ap->tpkt) {
599 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
600 sent = tty->ops->write(tty, ap->tpkt->data, ap->tpkt->len);
601 if (sent < 0)
602 goto flush; /* error, e.g. loss of CD */
603 if (sent < ap->tpkt->len) {
604 tty_stuffed = 1;
605 } else {
606 consume_skb(ap->tpkt);
607 ap->tpkt = NULL;
608 clear_bit(XMIT_FULL, &ap->xmit_flags);
609 done = 1;
610 }
611 continue;
612 }
613 /* haven't made any progress */
614 spin_unlock_bh(&ap->xmit_lock);
615 if (!(test_bit(XMIT_WAKEUP, &ap->xmit_flags) ||
616 (!tty_stuffed && ap->tpkt)))
617 break;
618 if (!spin_trylock_bh(&ap->xmit_lock))
619 break;
620 }
621 return done;
622
623flush:
624 if (ap->tpkt) {
625 kfree_skb(ap->tpkt);
626 ap->tpkt = NULL;
627 clear_bit(XMIT_FULL, &ap->xmit_flags);
628 done = 1;
629 }
630 spin_unlock_bh(&ap->xmit_lock);
631 return done;
632}
633
634/*
635 * Flush output from our internal buffers.
636 * Called for the TCFLSH ioctl.
637 */
638static void
639ppp_sync_flush_output(struct syncppp *ap)
640{
641 int done = 0;
642
643 spin_lock_bh(&ap->xmit_lock);
644 if (ap->tpkt != NULL) {
645 kfree_skb(ap->tpkt);
646 ap->tpkt = NULL;
647 clear_bit(XMIT_FULL, &ap->xmit_flags);
648 done = 1;
649 }
650 spin_unlock_bh(&ap->xmit_lock);
651 if (done)
652 ppp_output_wakeup(&ap->chan);
653}
654
655/*
656 * Receive-side routines.
657 */
658
659/* called when the tty driver has data for us.
660 *
661 * Data is frame oriented: each call to ppp_sync_input is considered
662 * a whole frame. If the 1st flag byte is non-zero then the whole
663 * frame is considered to be in error and is tossed.
664 */
665static void
666ppp_sync_input(struct syncppp *ap, const unsigned char *buf,
667 const char *flags, int count)
668{
669 struct sk_buff *skb;
670 unsigned char *p;
671
672 if (count == 0)
673 return;
674
675 if (ap->flags & SC_LOG_INPKT)
676 ppp_print_buffer ("receive buffer", buf, count);
677
678 /* stuff the chars in the skb */
679 skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
680 if (!skb) {
681 printk(KERN_ERR "PPPsync: no memory (input pkt)\n");
682 goto err;
683 }
684 /* Try to get the payload 4-byte aligned */
685 if (buf[0] != PPP_ALLSTATIONS)
686 skb_reserve(skb, 2 + (buf[0] & 1));
687
688 if (flags && *flags) {
689 /* error flag set, ignore frame */
690 goto err;
691 } else if (count > skb_tailroom(skb)) {
692 /* packet overflowed MRU */
693 goto err;
694 }
695
696 skb_put_data(skb, buf, count);
697
698 /* strip address/control field if present */
699 p = skb->data;
700 if (p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
701 /* chop off address/control */
702 if (skb->len < 3)
703 goto err;
704 p = skb_pull(skb, 2);
705 }
706
707 /* PPP packet length should be >= 2 bytes when protocol field is not
708 * compressed.
709 */
710 if (!(p[0] & 0x01) && skb->len < 2)
711 goto err;
712
713 /* queue the frame to be processed */
714 skb_queue_tail(&ap->rqueue, skb);
715 return;
716
717err:
718 /* queue zero length packet as error indication */
719 if (skb || (skb = dev_alloc_skb(0))) {
720 skb_trim(skb, 0);
721 skb_queue_tail(&ap->rqueue, skb);
722 }
723}
724
725static void __exit
726ppp_sync_cleanup(void)
727{
728 tty_unregister_ldisc(&ppp_sync_ldisc);
729}
730
731module_init(ppp_sync_init);
732module_exit(ppp_sync_cleanup);
733MODULE_LICENSE("GPL");
734MODULE_ALIAS_LDISC(N_SYNC_PPP);