2017-11-06 17:11:51 +00:00
|
|
|
// SPDX-License-Identifier: GPL-1.0+
|
2005-04-16 22:20:36 +00:00
|
|
|
/* generic HDLC line discipline for Linux
|
|
|
|
*
|
|
|
|
* Written by Paul Fulghum paulkf@microgate.com
|
|
|
|
* for Microgate Corporation
|
|
|
|
*
|
|
|
|
* Microgate and SyncLink are registered trademarks of Microgate Corporation
|
|
|
|
*
|
|
|
|
* Adapted from ppp.c, written by Michael Callahan <callahan@maths.ox.ac.uk>,
|
|
|
|
* Al Longyear <longyear@netcom.com>,
|
|
|
|
* Paul Mackerras <Paul.Mackerras@cs.anu.edu.au>
|
|
|
|
*
|
|
|
|
* Original release 01/11/99
|
|
|
|
*
|
|
|
|
* This module implements the tty line discipline N_HDLC for use with
|
|
|
|
* tty device drivers that support bit-synchronous HDLC communications.
|
|
|
|
*
|
|
|
|
* All HDLC data is frame oriented which means:
|
|
|
|
*
|
|
|
|
* 1. tty write calls represent one complete transmit frame of data
|
2020-02-19 08:41:14 +00:00
|
|
|
* The device driver should accept the complete frame or none of
|
2005-04-16 22:20:36 +00:00
|
|
|
* the frame (busy) in the write method. Each write call should have
|
|
|
|
* a byte count in the range of 2-65535 bytes (2 is min HDLC frame
|
|
|
|
* with 1 addr byte and 1 ctrl byte). The max byte count of 65535
|
|
|
|
* should include any crc bytes required. For example, when using
|
|
|
|
* CCITT CRC32, 4 crc bytes are required, so the maximum size frame
|
|
|
|
* the application may transmit is limited to 65531 bytes. For CCITT
|
|
|
|
* CRC16, the maximum application frame size would be 65533.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* 2. receive callbacks from the device driver represents
|
|
|
|
* one received frame. The device driver should bypass
|
|
|
|
* the tty flip buffer and call the line discipline receive
|
|
|
|
* callback directly to avoid fragmenting or concatenating
|
|
|
|
* multiple frames into a single receive callback.
|
|
|
|
*
|
|
|
|
* The HDLC line discipline queues the receive frames in separate
|
|
|
|
* buffers so complete receive frames can be returned by the
|
|
|
|
* tty read calls.
|
|
|
|
*
|
|
|
|
* 3. tty read calls returns an entire frame of data or nothing.
|
2020-02-19 08:41:14 +00:00
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* 4. all send and receive data is considered raw. No processing
|
|
|
|
* or translation is performed by the line discipline, regardless
|
|
|
|
* of the tty flags
|
|
|
|
*
|
|
|
|
* 5. When line discipline is queried for the amount of receive
|
|
|
|
* data available (FIOC), 0 is returned if no data available,
|
|
|
|
* otherwise the count of the next available frame is returned.
|
|
|
|
* (instead of the sum of all received frame counts).
|
|
|
|
*
|
|
|
|
* These conventions allow the standard tty programming interface
|
|
|
|
* to be used for synchronous HDLC applications when used with
|
|
|
|
* this line discipline (or another line discipline that is frame
|
|
|
|
* oriented such as N_PPP).
|
|
|
|
*
|
|
|
|
* The SyncLink driver (synclink.c) implements both asynchronous
|
|
|
|
* (using standard line discipline N_TTY) and synchronous HDLC
|
|
|
|
* (using N_HDLC) communications, with the latter using the above
|
|
|
|
* conventions.
|
|
|
|
*
|
|
|
|
* This implementation is very basic and does not maintain
|
|
|
|
* any statistics. The main point is to enforce the raw data
|
|
|
|
* and frame orientation of HDLC communications.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
|
|
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
|
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define HDLC_MAGIC 0x239e
|
|
|
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/fcntl.h>
|
|
|
|
#include <linux/interrupt.h>
|
|
|
|
#include <linux/ptrace.h>
|
|
|
|
|
|
|
|
#include <linux/poll.h>
|
|
|
|
#include <linux/in.h>
|
|
|
|
#include <linux/ioctl.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/tty.h>
|
|
|
|
#include <linux/errno.h>
|
|
|
|
#include <linux/string.h> /* used in new tty drivers */
|
|
|
|
#include <linux/signal.h> /* used in new tty drivers */
|
|
|
|
#include <linux/if.h>
|
|
|
|
#include <linux/bitops.h>
|
|
|
|
|
|
|
|
#include <asm/termios.h>
|
2016-12-24 19:46:01 +00:00
|
|
|
#include <linux/uaccess.h>
|
2021-04-08 12:51:34 +00:00
|
|
|
#include "tty.h"
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Buffers for individual HDLC frames
|
|
|
|
*/
|
2020-02-19 08:41:14 +00:00
|
|
|
#define MAX_HDLC_FRAME_SIZE 65535
|
2005-04-16 22:20:36 +00:00
|
|
|
#define DEFAULT_RX_BUF_COUNT 10
|
|
|
|
#define MAX_RX_BUF_COUNT 60
|
2009-06-22 17:42:56 +00:00
|
|
|
#define DEFAULT_TX_BUF_COUNT 3
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
struct n_hdlc_buf {
|
2017-02-28 16:54:40 +00:00
|
|
|
struct list_head list_item;
|
2005-04-16 22:20:36 +00:00
|
|
|
int count;
|
tty: n_hdlc: Use flexible-array member and struct_size() helper
Old code in the kernel uses 1-byte and 0-byte arrays to indicate the
presence of a "variable length array":
struct something {
int length;
u8 data[1];
};
struct something *instance;
instance = kmalloc(sizeof(*instance) + size, GFP_KERNEL);
instance->length = size;
memcpy(instance->data, source, size);
There is also 0-byte arrays. Both cases pose confusion for things like
sizeof(), CONFIG_FORTIFY_SOURCE, etc.[1] Instead, the preferred mechanism
to declare variable-length types such as the one above is a flexible array
member[2] which need to be the last member of a structure and empty-sized:
struct something {
int stuff;
u8 data[];
};
Also, by making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertenly introduced[3] to the codebase from now on.
Lastly, make use of the struct_size() helper to safely calculate the
allocation size for instances of struct n_hdlc_buf and avoid any potential
type mistakes[4][5].
[1] https://github.com/KSPP/linux/issues/21
[2] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
[4] https://lore.kernel.org/lkml/60e14fb7-8596-e21c-f4be-546ce39e7bdb@embeddedor.com/
[5] commit 553d66cb1e86 ("iommu/vt-d: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20200121172138.GA3162@embeddedor
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-21 17:21:38 +00:00
|
|
|
char buf[];
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct n_hdlc_buf_list {
|
2017-02-28 16:54:40 +00:00
|
|
|
struct list_head list;
|
2005-04-16 22:20:36 +00:00
|
|
|
int count;
|
|
|
|
spinlock_t spinlock;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* struct n_hdlc - per device instance data structure
|
2020-08-18 08:56:52 +00:00
|
|
|
* @magic: magic value for structure
|
|
|
|
* @tbusy: reentrancy flag for tx wakeup code
|
|
|
|
* @woke_up: tx wakeup needs to be run again as it was called while @tbusy
|
|
|
|
* @tx_buf_list: list of pending transmit frame buffers
|
|
|
|
* @rx_buf_list: list of received frame buffers
|
|
|
|
* @tx_free_buf_list: list unused transmit frame buffers
|
|
|
|
* @rx_free_buf_list: list unused received frame buffers
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
struct n_hdlc {
|
|
|
|
int magic;
|
2020-02-19 08:41:11 +00:00
|
|
|
bool tbusy;
|
|
|
|
bool woke_up;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct n_hdlc_buf_list tx_buf_list;
|
|
|
|
struct n_hdlc_buf_list rx_buf_list;
|
|
|
|
struct n_hdlc_buf_list tx_free_buf_list;
|
|
|
|
struct n_hdlc_buf_list rx_free_buf_list;
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
struct work_struct write_work;
|
|
|
|
struct tty_struct *tty_for_write_work;
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* HDLC buffer list manipulation functions
|
|
|
|
*/
|
2017-02-28 16:54:40 +00:00
|
|
|
static void n_hdlc_buf_return(struct n_hdlc_buf_list *buf_list,
|
|
|
|
struct n_hdlc_buf *buf);
|
2005-04-16 22:20:36 +00:00
|
|
|
static void n_hdlc_buf_put(struct n_hdlc_buf_list *list,
|
|
|
|
struct n_hdlc_buf *buf);
|
|
|
|
static struct n_hdlc_buf *n_hdlc_buf_get(struct n_hdlc_buf_list *list);
|
|
|
|
|
|
|
|
/* Local functions */
|
|
|
|
|
2020-02-19 08:41:15 +00:00
|
|
|
static struct n_hdlc *n_hdlc_alloc(void);
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
static void n_hdlc_tty_write_work(struct work_struct *work);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
/* max frame size for memory allocations */
|
|
|
|
static int maxframe = 4096;
|
|
|
|
|
2009-06-22 17:42:56 +00:00
|
|
|
static void flush_rx_queue(struct tty_struct *tty)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2009-06-22 17:42:56 +00:00
|
|
|
struct n_hdlc_buf *buf;
|
|
|
|
|
|
|
|
while ((buf = n_hdlc_buf_get(&n_hdlc->rx_buf_list)))
|
|
|
|
n_hdlc_buf_put(&n_hdlc->rx_free_buf_list, buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void flush_tx_queue(struct tty_struct *tty)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2009-06-22 17:42:56 +00:00
|
|
|
struct n_hdlc_buf *buf;
|
|
|
|
|
|
|
|
while ((buf = n_hdlc_buf_get(&n_hdlc->tx_buf_list)))
|
|
|
|
n_hdlc_buf_put(&n_hdlc->tx_free_buf_list, buf);
|
|
|
|
}
|
|
|
|
|
2020-02-19 08:41:01 +00:00
|
|
|
static void n_hdlc_free_buf_list(struct n_hdlc_buf_list *list)
|
|
|
|
{
|
|
|
|
struct n_hdlc_buf *buf;
|
|
|
|
|
|
|
|
do {
|
|
|
|
buf = n_hdlc_buf_get(list);
|
|
|
|
kfree(buf);
|
|
|
|
} while (buf);
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_tty_close - line discipline close
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty info structure
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Called when the line discipline is changed to something
|
|
|
|
* else, the tty is closed, or the tty detects a hangup.
|
|
|
|
*/
|
|
|
|
static void n_hdlc_tty_close(struct tty_struct *tty)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2020-02-19 08:41:02 +00:00
|
|
|
if (n_hdlc->magic != HDLC_MAGIC) {
|
2020-02-19 08:41:13 +00:00
|
|
|
pr_warn("n_hdlc: trying to close unopened tty!\n");
|
2020-02-19 08:41:02 +00:00
|
|
|
return;
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
#if defined(TTY_NO_WRITE_SPLIT)
|
2020-02-19 08:41:16 +00:00
|
|
|
clear_bit(TTY_NO_WRITE_SPLIT, &tty->flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
#endif
|
2020-02-19 08:41:02 +00:00
|
|
|
tty->disc_data = NULL;
|
2020-02-19 08:41:06 +00:00
|
|
|
|
|
|
|
/* Ensure that the n_hdlcd process is not hanging on select()/poll() */
|
|
|
|
wake_up_interruptible(&tty->read_wait);
|
|
|
|
wake_up_interruptible(&tty->write_wait);
|
|
|
|
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
cancel_work_sync(&n_hdlc->write_work);
|
|
|
|
|
2020-02-19 08:41:06 +00:00
|
|
|
n_hdlc_free_buf_list(&n_hdlc->rx_free_buf_list);
|
|
|
|
n_hdlc_free_buf_list(&n_hdlc->tx_free_buf_list);
|
|
|
|
n_hdlc_free_buf_list(&n_hdlc->rx_buf_list);
|
|
|
|
n_hdlc_free_buf_list(&n_hdlc->tx_buf_list);
|
|
|
|
kfree(n_hdlc);
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_tty_close() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_tty_open - called when line discipline changed to n_hdlc
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty info structure
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Returns 0 if success, otherwise error code
|
|
|
|
*/
|
2020-02-19 08:41:15 +00:00
|
|
|
static int n_hdlc_tty_open(struct tty_struct *tty)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("%s() called (device=%s)\n", __func__, tty->name);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* There should not be an existing table for this slot. */
|
|
|
|
if (n_hdlc) {
|
2020-02-19 08:41:13 +00:00
|
|
|
pr_err("%s: tty already associated!\n", __func__);
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EEXIST;
|
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
n_hdlc = n_hdlc_alloc();
|
|
|
|
if (!n_hdlc) {
|
2020-02-19 08:41:13 +00:00
|
|
|
pr_err("%s: n_hdlc_alloc failed\n", __func__);
|
2005-04-16 22:20:36 +00:00
|
|
|
return -ENFILE;
|
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
INIT_WORK(&n_hdlc->write_work, n_hdlc_tty_write_work);
|
|
|
|
n_hdlc->tty_for_write_work = tty;
|
2005-04-16 22:20:36 +00:00
|
|
|
tty->disc_data = n_hdlc;
|
[PATCH] TTY layer buffering revamp
The API and code have been through various bits of initial review by
serial driver people but they definitely need to live somewhere for a
while so the unconverted drivers can get knocked into shape, existing
drivers that have been updated can be better tuned and bugs whacked out.
This replaces the tty flip buffers with kmalloc objects in rings. In the
normal situation for an IRQ driven serial port at typical speeds the
behaviour is pretty much the same, two buffers end up allocated and the
kernel cycles between them as before.
When there are delays or at high speed we now behave far better as the
buffer pool can grow a bit rather than lose characters. This also means
that we can operate at higher speeds reliably.
For drivers that receive characters in blocks (DMA based, USB and
especially virtualisation) the layer allows a lot of driver specific
code that works around the tty layer with private secondary queues to be
removed. The IBM folks need this sort of layer, the smart serial port
people do, the virtualisers do (because a virtualised tty typically
operates at infinite speed rather than emulating 9600 baud).
Finally many drivers had invalid and unsafe attempts to avoid buffer
overflows by directly invoking tty methods extracted out of the innards
of work queue structs. These are no longer needed and all go away. That
fixes various random hangs with serial ports on overflow.
The other change in here is to optimise the receive_room path that is
used by some callers. It turns out that only one ldisc uses receive room
except asa constant and it updates it far far less than the value is
read. We thus make it a variable not a function call.
I expect the code to contain bugs due to the size alone but I'll be
watching and squashing them and feeding out new patches as it goes.
Because the buffers now dynamically expand you should only run out of
buffering when the kernel runs out of memory for real. That means a lot of
the horrible hacks high performance drivers used to do just aren't needed any
more.
Description:
tty_insert_flip_char is an old API and continues to work as before, as does
tty_flip_buffer_push() [this is why many drivers dont need modification]. It
does now also return the number of chars inserted
There are also
tty_buffer_request_room(tty, len)
which asks for a buffer block of the length requested and returns the space
found. This improves efficiency with hardware that knows how much to
transfer.
and tty_insert_flip_string_flags(tty, str, flags, len)
to insert a string of characters and flags
For a smart interface the usual code is
len = tty_request_buffer_room(tty, amount_hardware_says);
tty_insert_flip_string(tty, buffer_from_card, len);
More description!
At the moment tty buffers are attached directly to the tty. This is causing a
lot of the problems related to tty layer locking, also problems at high speed
and also with bursty data (such as occurs in virtualised environments)
I'm working on ripping out the flip buffers and replacing them with a pool of
dynamically allocated buffers. This allows both for old style "byte I/O"
devices and also helps virtualisation and smart devices where large blocks of
data suddenely materialise and need storing.
So far so good. Lots of drivers reference tty->flip.*. Several of them also
call directly and unsafely into function pointers it provides. This will all
break. Most drivers can use tty_insert_flip_char which can be kept as an API
but others need more.
At the moment I've added the following interfaces, if people think more will
be needed now is a good time to say
int tty_buffer_request_room(tty, size)
Try and ensure at least size bytes are available, returns actual room (may be
zero). At the moment it just uses the flipbuf space but that will change.
Repeated calls without characters being added are not cumulative. (ie if you
call it with 1, 1, 1, and then 4 you'll have four characters of space. The
other functions will also try and grow buffers in future but this will be a
more efficient way when you know block sizes.
int tty_insert_flip_char(tty, ch, flag)
As before insert a character if there is room. Now returns 1 for success, 0
for failure.
int tty_insert_flip_string(tty, str, len)
Insert a block of non error characters. Returns the number inserted.
int tty_prepare_flip_string(tty, strptr, len)
Adjust the buffer to allow len characters to be added. Returns a buffer
pointer in strptr and the length available. This allows for hardware that
needs to use functions like insl or mencpy_fromio.
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Hirokazu Takata <takata@linux-m32r.org>
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: John Hawkes <hawkes@sgi.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-10 04:54:13 +00:00
|
|
|
tty->receive_room = 65536;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* change tty_io write() to not split large writes into 8K chunks */
|
2020-02-19 08:41:16 +00:00
|
|
|
set_bit(TTY_NO_WRITE_SPLIT, &tty->flags);
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2009-06-22 17:42:56 +00:00
|
|
|
/* flush receive data from driver */
|
2008-04-30 07:54:13 +00:00
|
|
|
tty_driver_flush_buffer(tty);
|
2020-02-19 08:40:55 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_tty_hdlc_open() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_send_frames - send frames on pending send buffer list
|
2020-08-18 08:56:52 +00:00
|
|
|
* @n_hdlc: pointer to ldisc instance data
|
|
|
|
* @tty: pointer to tty instance data
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Send frames on pending send buffer list until the driver does not accept a
|
|
|
|
* frame (busy) this function is called after adding a frame to the send buffer
|
|
|
|
* list and by the tty wakeup callback.
|
|
|
|
*/
|
|
|
|
static void n_hdlc_send_frames(struct n_hdlc *n_hdlc, struct tty_struct *tty)
|
|
|
|
{
|
|
|
|
register int actual;
|
|
|
|
unsigned long flags;
|
|
|
|
struct n_hdlc_buf *tbuf;
|
|
|
|
|
2020-02-19 08:41:14 +00:00
|
|
|
check_again:
|
|
|
|
|
|
|
|
spin_lock_irqsave(&n_hdlc->tx_buf_list.spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (n_hdlc->tbusy) {
|
2020-02-19 08:41:11 +00:00
|
|
|
n_hdlc->woke_up = true;
|
|
|
|
spin_unlock_irqrestore(&n_hdlc->tx_buf_list.spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
return;
|
|
|
|
}
|
2020-02-19 08:41:11 +00:00
|
|
|
n_hdlc->tbusy = true;
|
|
|
|
n_hdlc->woke_up = false;
|
2005-04-16 22:20:36 +00:00
|
|
|
spin_unlock_irqrestore(&n_hdlc->tx_buf_list.spinlock, flags);
|
|
|
|
|
2017-02-28 16:54:40 +00:00
|
|
|
tbuf = n_hdlc_buf_get(&n_hdlc->tx_buf_list);
|
2005-04-16 22:20:36 +00:00
|
|
|
while (tbuf) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("sending frame %p, count=%d\n", tbuf, tbuf->count);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Send the next block of data to device */
|
2011-11-07 07:32:46 +00:00
|
|
|
set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
|
2008-04-30 07:54:13 +00:00
|
|
|
actual = tty->ops->write(tty, tbuf->buf, tbuf->count);
|
2007-07-16 06:40:12 +00:00
|
|
|
|
|
|
|
/* rollback was possible and has been done */
|
|
|
|
if (actual == -ERESTARTSYS) {
|
2017-02-28 16:54:40 +00:00
|
|
|
n_hdlc_buf_return(&n_hdlc->tx_buf_list, tbuf);
|
2007-07-16 06:40:12 +00:00
|
|
|
break;
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
/* if transmit error, throw frame away by */
|
|
|
|
/* pretending it was accepted by driver */
|
|
|
|
if (actual < 0)
|
|
|
|
actual = tbuf->count;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (actual == tbuf->count) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("frame %p completed\n", tbuf);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* free current transmit buffer */
|
|
|
|
n_hdlc_buf_put(&n_hdlc->tx_free_buf_list, tbuf);
|
2017-02-28 16:54:40 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* wait up sleeping writers */
|
|
|
|
wake_up_interruptible(&tty->write_wait);
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* get next pending transmit buffer */
|
|
|
|
tbuf = n_hdlc_buf_get(&n_hdlc->tx_buf_list);
|
|
|
|
} else {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("frame %p pending\n", tbuf);
|
2017-02-28 16:54:40 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* the buffer was not accepted by driver,
|
|
|
|
* return it back into tx queue
|
|
|
|
*/
|
|
|
|
n_hdlc_buf_return(&n_hdlc->tx_buf_list, tbuf);
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!tbuf)
|
2011-11-07 07:32:46 +00:00
|
|
|
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Clear the re-entry flag */
|
|
|
|
spin_lock_irqsave(&n_hdlc->tx_buf_list.spinlock, flags);
|
2020-02-19 08:41:11 +00:00
|
|
|
n_hdlc->tbusy = false;
|
2020-02-19 08:41:14 +00:00
|
|
|
spin_unlock_irqrestore(&n_hdlc->tx_buf_list.spinlock, flags);
|
|
|
|
|
|
|
|
if (n_hdlc->woke_up)
|
|
|
|
goto check_again;
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_send_frames() */
|
|
|
|
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_tty_write_work - Asynchronous callback for transmit wakeup
|
|
|
|
* @work: pointer to work_struct
|
|
|
|
*
|
|
|
|
* Called when low level device driver can accept more send data.
|
|
|
|
*/
|
|
|
|
static void n_hdlc_tty_write_work(struct work_struct *work)
|
|
|
|
{
|
|
|
|
struct n_hdlc *n_hdlc = container_of(work, struct n_hdlc, write_work);
|
|
|
|
struct tty_struct *tty = n_hdlc->tty_for_write_work;
|
|
|
|
|
|
|
|
n_hdlc_send_frames(n_hdlc, tty);
|
|
|
|
} /* end of n_hdlc_tty_write_work() */
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_tty_wakeup - Callback for transmit wakeup
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to associated tty instance data
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Called when low level device driver can accept more send data.
|
|
|
|
*/
|
|
|
|
static void n_hdlc_tty_wakeup(struct tty_struct *tty)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
syzbot is reporting that an unprivileged user who logged in from tty
console can crash the system using a reproducer shown below [1], for
n_hdlc_tty_wakeup() is synchronously calling n_hdlc_send_frames().
----------
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int disc = 0xd;
ioctl(1, TIOCSETD, &disc);
while (1) {
ioctl(1, TCXONC, 0);
write(1, "", 1);
ioctl(1, TCXONC, 1); /* Kernel panic - not syncing: scheduling while atomic */
}
}
----------
Linus suspected that "struct tty_ldisc"->ops->write_wakeup() must not
sleep, and Jiri confirmed it from include/linux/tty_ldisc.h. Thus, defer
n_hdlc_send_frames() from n_hdlc_tty_wakeup() to a WQ context like
net/nfc/nci/uart.c does.
Link: https://syzkaller.appspot.com/bug?extid=5f47a8cea6a12b77a876 [1]
Reported-by: syzbot <syzbot+5f47a8cea6a12b77a876@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Analyzed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Confirmed-by: Jiri Slaby <jirislaby@kernel.org>
Reviewed-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/40de8b7e-a3be-4486-4e33-1b1d1da452f8@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-15 11:52:40 +00:00
|
|
|
schedule_work(&n_hdlc->write_work);
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_tty_wakeup() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_tty_receive - Called by tty driver when receive data is available
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty instance data
|
|
|
|
* @data: pointer to received data
|
|
|
|
* @flags: pointer to flags for data
|
|
|
|
* @count: count of received data in bytes
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Called by tty low level driver when receive data is available. Data is
|
|
|
|
* interpreted as one HDLC frame.
|
|
|
|
*/
|
2011-06-03 21:33:24 +00:00
|
|
|
static void n_hdlc_tty_receive(struct tty_struct *tty, const __u8 *data,
|
2021-05-05 09:19:04 +00:00
|
|
|
const char *flags, int count)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
register struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
register struct n_hdlc_buf *buf;
|
|
|
|
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("%s() called count=%d\n", __func__, count);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* verify line is using HDLC discipline */
|
|
|
|
if (n_hdlc->magic != HDLC_MAGIC) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_err("line not using HDLC discipline\n");
|
2011-06-03 21:33:24 +00:00
|
|
|
return;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2020-02-19 08:41:17 +00:00
|
|
|
if (count > maxframe) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("rx count>maxframesize, data discarded\n");
|
2011-06-03 21:33:24 +00:00
|
|
|
return;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2020-02-19 08:41:14 +00:00
|
|
|
/* get a free HDLC buffer */
|
2005-04-16 22:20:36 +00:00
|
|
|
buf = n_hdlc_buf_get(&n_hdlc->rx_free_buf_list);
|
|
|
|
if (!buf) {
|
2020-02-19 08:41:18 +00:00
|
|
|
/*
|
|
|
|
* no buffers in free list, attempt to allocate another rx
|
|
|
|
* buffer unless the maximum count has been reached
|
|
|
|
*/
|
2005-04-16 22:20:36 +00:00
|
|
|
if (n_hdlc->rx_buf_list.count < MAX_RX_BUF_COUNT)
|
tty: n_hdlc: Use flexible-array member and struct_size() helper
Old code in the kernel uses 1-byte and 0-byte arrays to indicate the
presence of a "variable length array":
struct something {
int length;
u8 data[1];
};
struct something *instance;
instance = kmalloc(sizeof(*instance) + size, GFP_KERNEL);
instance->length = size;
memcpy(instance->data, source, size);
There is also 0-byte arrays. Both cases pose confusion for things like
sizeof(), CONFIG_FORTIFY_SOURCE, etc.[1] Instead, the preferred mechanism
to declare variable-length types such as the one above is a flexible array
member[2] which need to be the last member of a structure and empty-sized:
struct something {
int stuff;
u8 data[];
};
Also, by making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertenly introduced[3] to the codebase from now on.
Lastly, make use of the struct_size() helper to safely calculate the
allocation size for instances of struct n_hdlc_buf and avoid any potential
type mistakes[4][5].
[1] https://github.com/KSPP/linux/issues/21
[2] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
[4] https://lore.kernel.org/lkml/60e14fb7-8596-e21c-f4be-546ce39e7bdb@embeddedor.com/
[5] commit 553d66cb1e86 ("iommu/vt-d: Use struct_size() helper")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20200121172138.GA3162@embeddedor
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-21 17:21:38 +00:00
|
|
|
buf = kmalloc(struct_size(buf, buf, maxframe),
|
|
|
|
GFP_ATOMIC);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!buf) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("no more rx buffers, data discarded\n");
|
2011-06-03 21:33:24 +00:00
|
|
|
return;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* copy received data to HDLC buffer */
|
2020-02-19 08:41:16 +00:00
|
|
|
memcpy(buf->buf, data, count);
|
2020-02-19 08:41:17 +00:00
|
|
|
buf->count = count;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
/* add HDLC buffer to list of received frames */
|
|
|
|
n_hdlc_buf_put(&n_hdlc->rx_buf_list, buf);
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* wake up any blocked reads and perform async signalling */
|
2020-02-19 08:41:15 +00:00
|
|
|
wake_up_interruptible(&tty->read_wait);
|
2020-02-19 08:41:07 +00:00
|
|
|
if (tty->fasync != NULL)
|
|
|
|
kill_fasync(&tty->fasync, SIGIO, POLL_IN);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
} /* end of n_hdlc_tty_receive() */
|
|
|
|
|
|
|
|
/**
|
2006-01-03 12:27:11 +00:00
|
|
|
* n_hdlc_tty_read - Called to retrieve one frame of data (if available)
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty instance data
|
|
|
|
* @file: pointer to open file object
|
2021-05-20 12:19:03 +00:00
|
|
|
* @kbuf: pointer to returned data buffer
|
2020-08-18 08:56:52 +00:00
|
|
|
* @nr: size of returned data buffer
|
2021-05-20 12:19:03 +00:00
|
|
|
* @cookie: stored rbuf from previous run
|
|
|
|
* @offset: offset into the data buffer
|
2020-02-19 08:41:14 +00:00
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Returns the number of bytes returned or error code.
|
|
|
|
*/
|
|
|
|
static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file,
|
2021-01-18 21:31:30 +00:00
|
|
|
__u8 *kbuf, size_t nr,
|
|
|
|
void **cookie, unsigned long offset)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2011-01-18 22:03:25 +00:00
|
|
|
int ret = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct n_hdlc_buf *rbuf;
|
2011-01-18 22:03:25 +00:00
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-01-18 21:31:30 +00:00
|
|
|
/* Is this a repeated call for an rbuf we already found earlier? */
|
|
|
|
rbuf = *cookie;
|
|
|
|
if (rbuf)
|
|
|
|
goto have_rbuf;
|
|
|
|
|
2011-01-18 22:03:25 +00:00
|
|
|
add_wait_queue(&tty->read_wait, &wait);
|
2008-04-30 07:53:29 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
for (;;) {
|
2016-03-06 21:16:30 +00:00
|
|
|
if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
|
2011-01-18 22:03:25 +00:00
|
|
|
ret = -EIO;
|
|
|
|
break;
|
2008-04-30 07:53:29 +00:00
|
|
|
}
|
2011-01-18 22:03:25 +00:00
|
|
|
if (tty_hung_up_p(file))
|
|
|
|
break;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2011-01-18 22:03:25 +00:00
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
rbuf = n_hdlc_buf_get(&n_hdlc->rx_buf_list);
|
2021-01-18 21:31:30 +00:00
|
|
|
if (rbuf)
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* no data */
|
2018-11-01 00:24:48 +00:00
|
|
|
if (tty_io_nonblock(tty, file)) {
|
2011-01-18 22:03:25 +00:00
|
|
|
ret = -EAGAIN;
|
|
|
|
break;
|
2008-04-30 07:53:29 +00:00
|
|
|
}
|
2011-01-18 22:03:25 +00:00
|
|
|
|
|
|
|
schedule();
|
|
|
|
|
2008-04-30 07:53:29 +00:00
|
|
|
if (signal_pending(current)) {
|
2011-01-18 22:03:25 +00:00
|
|
|
ret = -EINTR;
|
|
|
|
break;
|
2008-04-30 07:53:29 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2011-01-18 22:03:25 +00:00
|
|
|
|
|
|
|
remove_wait_queue(&tty->read_wait, &wait);
|
|
|
|
__set_current_state(TASK_RUNNING);
|
|
|
|
|
2021-01-18 21:31:30 +00:00
|
|
|
if (!rbuf)
|
|
|
|
return ret;
|
|
|
|
*cookie = rbuf;
|
|
|
|
|
|
|
|
have_rbuf:
|
|
|
|
/* Have we used it up entirely? */
|
|
|
|
if (offset >= rbuf->count)
|
|
|
|
goto done_with_rbuf;
|
|
|
|
|
|
|
|
/* More data to go, but can't copy any more? EOVERFLOW */
|
|
|
|
ret = -EOVERFLOW;
|
|
|
|
if (!nr)
|
|
|
|
goto done_with_rbuf;
|
|
|
|
|
|
|
|
/* Copy as much data as possible */
|
|
|
|
ret = rbuf->count - offset;
|
|
|
|
if (ret > nr)
|
|
|
|
ret = nr;
|
|
|
|
memcpy(kbuf, rbuf->buf+offset, ret);
|
|
|
|
offset += ret;
|
|
|
|
|
|
|
|
/* If we still have data left, we leave the rbuf in the cookie */
|
|
|
|
if (offset < rbuf->count)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
done_with_rbuf:
|
|
|
|
*cookie = NULL;
|
|
|
|
|
|
|
|
if (n_hdlc->rx_free_buf_list.count > DEFAULT_RX_BUF_COUNT)
|
|
|
|
kfree(rbuf);
|
|
|
|
else
|
|
|
|
n_hdlc_buf_put(&n_hdlc->rx_free_buf_list, rbuf);
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return ret;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_tty_read() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_tty_write - write a single frame of data to device
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to associated tty device instance data
|
|
|
|
* @file: pointer to file object data
|
|
|
|
* @data: pointer to transmit data (one frame)
|
|
|
|
* @count: size of transmit frame in bytes
|
2020-02-19 08:41:14 +00:00
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Returns the number of bytes written (or error code).
|
|
|
|
*/
|
|
|
|
static ssize_t n_hdlc_tty_write(struct tty_struct *tty, struct file *file,
|
|
|
|
const unsigned char *data, size_t count)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
int error = 0;
|
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
|
|
|
struct n_hdlc_buf *tbuf;
|
|
|
|
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("%s() called count=%zd\n", __func__, count);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (n_hdlc->magic != HDLC_MAGIC)
|
|
|
|
return -EIO;
|
|
|
|
|
|
|
|
/* verify frame size */
|
2020-02-19 08:41:17 +00:00
|
|
|
if (count > maxframe) {
|
2020-02-19 08:40:57 +00:00
|
|
|
pr_debug("%s: truncating user packet from %zu to %d\n",
|
|
|
|
__func__, count, maxframe);
|
2005-04-16 22:20:36 +00:00
|
|
|
count = maxframe;
|
|
|
|
}
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
add_wait_queue(&tty->write_wait, &wait);
|
2011-01-18 22:03:25 +00:00
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2011-01-18 22:03:25 +00:00
|
|
|
tbuf = n_hdlc_buf_get(&n_hdlc->tx_free_buf_list);
|
|
|
|
if (tbuf)
|
|
|
|
break;
|
|
|
|
|
2018-11-01 00:24:48 +00:00
|
|
|
if (tty_io_nonblock(tty, file)) {
|
2008-07-22 10:21:19 +00:00
|
|
|
error = -EAGAIN;
|
|
|
|
break;
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
schedule();
|
2020-02-19 08:41:08 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (signal_pending(current)) {
|
|
|
|
error = -EINTR;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-01-18 22:03:25 +00:00
|
|
|
__set_current_state(TASK_RUNNING);
|
2005-04-16 22:20:36 +00:00
|
|
|
remove_wait_queue(&tty->write_wait, &wait);
|
|
|
|
|
2020-02-19 08:41:14 +00:00
|
|
|
if (!error) {
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Retrieve the user's buffer */
|
|
|
|
memcpy(tbuf->buf, data, count);
|
|
|
|
|
|
|
|
/* Send the data */
|
|
|
|
tbuf->count = error = count;
|
2020-02-19 08:41:16 +00:00
|
|
|
n_hdlc_buf_put(&n_hdlc->tx_buf_list, tbuf);
|
|
|
|
n_hdlc_send_frames(n_hdlc, tty);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2011-01-18 22:03:25 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return error;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_tty_write() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_tty_ioctl - process IOCTL system call for the tty device.
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty instance data
|
|
|
|
* @cmd: IOCTL command code
|
|
|
|
* @arg: argument for IOCTL call (cmd dependent)
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Returns command dependent result.
|
|
|
|
*/
|
2021-11-22 09:45:29 +00:00
|
|
|
static int n_hdlc_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2005-04-16 22:20:36 +00:00
|
|
|
int error = 0;
|
|
|
|
int count;
|
|
|
|
unsigned long flags;
|
2017-02-28 16:54:40 +00:00
|
|
|
struct n_hdlc_buf *buf = NULL;
|
|
|
|
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("%s() called %d\n", __func__, cmd);
|
2020-02-19 08:40:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Verify the status of the device */
|
2020-02-19 08:41:08 +00:00
|
|
|
if (n_hdlc->magic != HDLC_MAGIC)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EBADF;
|
|
|
|
|
|
|
|
switch (cmd) {
|
|
|
|
case FIONREAD:
|
|
|
|
/* report count of read data available */
|
|
|
|
/* in next available frame (if any) */
|
2020-02-19 08:41:16 +00:00
|
|
|
spin_lock_irqsave(&n_hdlc->rx_buf_list.spinlock, flags);
|
2017-02-28 16:54:40 +00:00
|
|
|
buf = list_first_entry_or_null(&n_hdlc->rx_buf_list.list,
|
|
|
|
struct n_hdlc_buf, list_item);
|
|
|
|
if (buf)
|
|
|
|
count = buf->count;
|
2005-04-16 22:20:36 +00:00
|
|
|
else
|
|
|
|
count = 0;
|
2020-02-19 08:41:16 +00:00
|
|
|
spin_unlock_irqrestore(&n_hdlc->rx_buf_list.spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
error = put_user(count, (int __user *)arg);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TIOCOUTQ:
|
|
|
|
/* get the pending tx byte count in the driver */
|
2008-04-30 07:54:13 +00:00
|
|
|
count = tty_chars_in_buffer(tty);
|
2005-04-16 22:20:36 +00:00
|
|
|
/* add size of next output frame in queue */
|
2020-02-19 08:41:16 +00:00
|
|
|
spin_lock_irqsave(&n_hdlc->tx_buf_list.spinlock, flags);
|
2017-02-28 16:54:40 +00:00
|
|
|
buf = list_first_entry_or_null(&n_hdlc->tx_buf_list.list,
|
|
|
|
struct n_hdlc_buf, list_item);
|
|
|
|
if (buf)
|
|
|
|
count += buf->count;
|
2020-02-19 08:41:16 +00:00
|
|
|
spin_unlock_irqrestore(&n_hdlc->tx_buf_list.spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
error = put_user(count, (int __user *)arg);
|
|
|
|
break;
|
|
|
|
|
2009-06-22 17:42:56 +00:00
|
|
|
case TCFLSH:
|
|
|
|
switch (arg) {
|
|
|
|
case TCIOFLUSH:
|
|
|
|
case TCOFLUSH:
|
|
|
|
flush_tx_queue(tty);
|
|
|
|
}
|
2020-08-23 22:36:59 +00:00
|
|
|
fallthrough; /* to default */
|
2009-06-22 17:42:56 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
default:
|
2021-09-14 09:11:24 +00:00
|
|
|
error = n_tty_ioctl_helper(tty, cmd, arg);
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return error;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_tty_ioctl() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_tty_poll - TTY callback for poll system call
|
2020-08-18 08:56:52 +00:00
|
|
|
* @tty: pointer to tty instance data
|
|
|
|
* @filp: pointer to open file object for device
|
|
|
|
* @wait: wait queue for operations
|
2020-02-19 08:41:14 +00:00
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Determine which operations (read/write) will not block and return info
|
|
|
|
* to caller.
|
|
|
|
* Returns a bit mask containing info on which ops will not block.
|
|
|
|
*/
|
2017-07-03 10:39:46 +00:00
|
|
|
static __poll_t n_hdlc_tty_poll(struct tty_struct *tty, struct file *filp,
|
2005-04-16 22:20:36 +00:00
|
|
|
poll_table *wait)
|
|
|
|
{
|
2020-02-19 08:41:05 +00:00
|
|
|
struct n_hdlc *n_hdlc = tty->disc_data;
|
2017-07-03 10:39:46 +00:00
|
|
|
__poll_t mask = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2020-02-19 08:41:08 +00:00
|
|
|
if (n_hdlc->magic != HDLC_MAGIC)
|
2020-02-19 08:41:02 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* queue the current process into any wait queue that may awaken in the
|
|
|
|
* future (read and write)
|
|
|
|
*/
|
|
|
|
poll_wait(filp, &tty->read_wait, wait);
|
|
|
|
poll_wait(filp, &tty->write_wait, wait);
|
|
|
|
|
|
|
|
/* set bits for operations that won't block */
|
|
|
|
if (!list_empty(&n_hdlc->rx_buf_list.list))
|
|
|
|
mask |= EPOLLIN | EPOLLRDNORM; /* readable */
|
|
|
|
if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
|
|
|
|
mask |= EPOLLHUP;
|
|
|
|
if (tty_hung_up_p(filp))
|
|
|
|
mask |= EPOLLHUP;
|
|
|
|
if (!tty_is_writelocked(tty) &&
|
|
|
|
!list_empty(&n_hdlc->tx_free_buf_list.list))
|
|
|
|
mask |= EPOLLOUT | EPOLLWRNORM; /* writable */
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return mask;
|
|
|
|
} /* end of n_hdlc_tty_poll() */
|
|
|
|
|
2020-02-19 08:41:09 +00:00
|
|
|
static void n_hdlc_alloc_buf(struct n_hdlc_buf_list *list, unsigned int count,
|
|
|
|
const char *name)
|
|
|
|
{
|
|
|
|
struct n_hdlc_buf *buf;
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
buf = kmalloc(struct_size(buf, buf, maxframe), GFP_KERNEL);
|
|
|
|
if (!buf) {
|
2020-03-16 06:49:10 +00:00
|
|
|
pr_debug("%s(), kmalloc() failed for %s buffer %u\n",
|
|
|
|
__func__, name, i);
|
2020-02-19 08:41:09 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
n_hdlc_buf_put(list, buf);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_alloc - allocate an n_hdlc instance data structure
|
|
|
|
*
|
|
|
|
* Returns a pointer to newly created structure if success, otherwise %NULL
|
|
|
|
*/
|
|
|
|
static struct n_hdlc *n_hdlc_alloc(void)
|
|
|
|
{
|
2014-05-26 19:32:42 +00:00
|
|
|
struct n_hdlc *n_hdlc = kzalloc(sizeof(*n_hdlc), GFP_KERNEL);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
if (!n_hdlc)
|
|
|
|
return NULL;
|
|
|
|
|
2015-11-26 18:28:26 +00:00
|
|
|
spin_lock_init(&n_hdlc->rx_free_buf_list.spinlock);
|
|
|
|
spin_lock_init(&n_hdlc->tx_free_buf_list.spinlock);
|
|
|
|
spin_lock_init(&n_hdlc->rx_buf_list.spinlock);
|
|
|
|
spin_lock_init(&n_hdlc->tx_buf_list.spinlock);
|
2017-02-28 16:54:40 +00:00
|
|
|
|
|
|
|
INIT_LIST_HEAD(&n_hdlc->rx_free_buf_list.list);
|
|
|
|
INIT_LIST_HEAD(&n_hdlc->tx_free_buf_list.list);
|
|
|
|
INIT_LIST_HEAD(&n_hdlc->rx_buf_list.list);
|
|
|
|
INIT_LIST_HEAD(&n_hdlc->tx_buf_list.list);
|
|
|
|
|
2020-02-19 08:41:09 +00:00
|
|
|
n_hdlc_alloc_buf(&n_hdlc->rx_free_buf_list, DEFAULT_RX_BUF_COUNT, "rx");
|
|
|
|
n_hdlc_alloc_buf(&n_hdlc->tx_free_buf_list, DEFAULT_TX_BUF_COUNT, "tx");
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Initialize the control block */
|
|
|
|
n_hdlc->magic = HDLC_MAGIC;
|
2020-02-19 08:41:03 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return n_hdlc;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_alloc() */
|
|
|
|
|
2017-02-28 16:54:40 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_buf_return - put the HDLC buffer after the head of the specified list
|
2020-08-18 08:56:52 +00:00
|
|
|
* @buf_list: pointer to the buffer list
|
|
|
|
* @buf: pointer to the buffer
|
2017-02-28 16:54:40 +00:00
|
|
|
*/
|
|
|
|
static void n_hdlc_buf_return(struct n_hdlc_buf_list *buf_list,
|
|
|
|
struct n_hdlc_buf *buf)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
spin_lock_irqsave(&buf_list->spinlock, flags);
|
|
|
|
|
|
|
|
list_add(&buf->list_item, &buf_list->list);
|
|
|
|
buf_list->count++;
|
|
|
|
|
|
|
|
spin_unlock_irqrestore(&buf_list->spinlock, flags);
|
|
|
|
}
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/**
|
|
|
|
* n_hdlc_buf_put - add specified HDLC buffer to tail of specified list
|
2020-08-18 08:56:52 +00:00
|
|
|
* @buf_list: pointer to buffer list
|
|
|
|
* @buf: pointer to buffer
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
2017-02-28 16:54:40 +00:00
|
|
|
static void n_hdlc_buf_put(struct n_hdlc_buf_list *buf_list,
|
2005-04-16 22:20:36 +00:00
|
|
|
struct n_hdlc_buf *buf)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
2017-02-28 16:54:40 +00:00
|
|
|
|
|
|
|
spin_lock_irqsave(&buf_list->spinlock, flags);
|
|
|
|
|
|
|
|
list_add_tail(&buf->list_item, &buf_list->list);
|
|
|
|
buf_list->count++;
|
|
|
|
|
|
|
|
spin_unlock_irqrestore(&buf_list->spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of n_hdlc_buf_put() */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* n_hdlc_buf_get - remove and return an HDLC buffer from list
|
2020-08-18 08:56:52 +00:00
|
|
|
* @buf_list: pointer to HDLC buffer list
|
2020-02-19 08:41:14 +00:00
|
|
|
*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Remove and return an HDLC buffer from the head of the specified HDLC buffer
|
|
|
|
* list.
|
|
|
|
* Returns a pointer to HDLC buffer if available, otherwise %NULL.
|
|
|
|
*/
|
2017-02-28 16:54:40 +00:00
|
|
|
static struct n_hdlc_buf *n_hdlc_buf_get(struct n_hdlc_buf_list *buf_list)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
struct n_hdlc_buf *buf;
|
2017-02-28 16:54:40 +00:00
|
|
|
|
|
|
|
spin_lock_irqsave(&buf_list->spinlock, flags);
|
|
|
|
|
|
|
|
buf = list_first_entry_or_null(&buf_list->list,
|
|
|
|
struct n_hdlc_buf, list_item);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (buf) {
|
2017-02-28 16:54:40 +00:00
|
|
|
list_del(&buf->list_item);
|
|
|
|
buf_list->count--;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2017-02-28 16:54:40 +00:00
|
|
|
|
|
|
|
spin_unlock_irqrestore(&buf_list->spinlock, flags);
|
2005-04-16 22:20:36 +00:00
|
|
|
return buf;
|
|
|
|
} /* end of n_hdlc_buf_get() */
|
|
|
|
|
2020-02-19 08:41:10 +00:00
|
|
|
static struct tty_ldisc_ops n_hdlc_ldisc = {
|
|
|
|
.owner = THIS_MODULE,
|
2021-05-05 09:19:07 +00:00
|
|
|
.num = N_HDLC,
|
2020-02-19 08:41:10 +00:00
|
|
|
.name = "hdlc",
|
|
|
|
.open = n_hdlc_tty_open,
|
|
|
|
.close = n_hdlc_tty_close,
|
|
|
|
.read = n_hdlc_tty_read,
|
|
|
|
.write = n_hdlc_tty_write,
|
|
|
|
.ioctl = n_hdlc_tty_ioctl,
|
|
|
|
.poll = n_hdlc_tty_poll,
|
|
|
|
.receive_buf = n_hdlc_tty_receive,
|
|
|
|
.write_wakeup = n_hdlc_tty_wakeup,
|
|
|
|
.flush_buffer = flush_rx_queue,
|
|
|
|
};
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
static int __init n_hdlc_init(void)
|
|
|
|
{
|
|
|
|
int status;
|
|
|
|
|
|
|
|
/* range check maxframe arg */
|
2020-02-19 08:41:00 +00:00
|
|
|
maxframe = clamp(maxframe, 4096, MAX_HDLC_FRAME_SIZE);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-05-05 09:19:07 +00:00
|
|
|
status = tty_register_ldisc(&n_hdlc_ldisc);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!status)
|
2020-02-19 08:40:59 +00:00
|
|
|
pr_info("N_HDLC line discipline registered with maxframe=%d\n",
|
|
|
|
maxframe);
|
2005-04-16 22:20:36 +00:00
|
|
|
else
|
2020-02-19 08:40:59 +00:00
|
|
|
pr_err("N_HDLC: error registering line discipline: %d\n",
|
|
|
|
status);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
return status;
|
2020-02-19 08:41:14 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} /* end of init_module() */
|
|
|
|
|
|
|
|
static void __exit n_hdlc_exit(void)
|
|
|
|
{
|
2021-05-05 09:19:11 +00:00
|
|
|
tty_unregister_ldisc(&n_hdlc_ldisc);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
module_init(n_hdlc_init);
|
|
|
|
module_exit(n_hdlc_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Paul Fulghum paulkf@microgate.com");
|
|
|
|
module_param(maxframe, int, 0);
|
|
|
|
MODULE_ALIAS_LDISC(N_HDLC);
|