2
* PCBIT-D interface with isdn4linux
4
* Copyright (C) 1996 Universidade de Lisboa
6
* Written by Pedro Roque Marques (roque@di.fc.ul.pt)
8
* This software may be used and distributed according to the terms of
9
* the GNU General Public License, incorporated herein by reference.
15
* Nuno Grilo <l38486@alfa.ist.utl.pt>
16
* fixed msn_list NULL pointer dereference.
20
#include <linux/module.h>
23
#include <linux/kernel.h>
25
#include <linux/types.h>
26
#include <linux/sched.h>
27
#include <linux/slab.h>
29
#include <linux/interrupt.h>
30
#include <linux/string.h>
31
#include <linux/skbuff.h>
33
#include <linux/isdnif.h>
34
#include <asm/string.h>
36
#include <linux/ioport.h>
44
extern ushort last_ref_num;
46
static int pcbit_ioctl(isdn_ctrl* ctl);
48
static char* pcbit_devname[MAX_PCBIT_CARDS] = {
59
static int pcbit_command(isdn_ctrl* ctl);
60
static int pcbit_stat(u_char __user * buf, int len, int, int);
61
static int pcbit_xmit(int driver, int chan, int ack, struct sk_buff *skb);
62
static int pcbit_writecmd(const u_char __user *, int, int, int);
64
static int set_protocol_running(struct pcbit_dev * dev);
66
static void pcbit_clear_msn(struct pcbit_dev *dev);
67
static void pcbit_set_msn(struct pcbit_dev *dev, char *list);
68
static int pcbit_check_msn(struct pcbit_dev *dev, char *msn);
71
int pcbit_init_dev(int board, int mem_base, int irq)
73
struct pcbit_dev *dev;
76
if ((dev=kzalloc(sizeof(struct pcbit_dev), GFP_KERNEL)) == NULL)
78
printk("pcbit_init: couldn't malloc pcbit_dev struct\n");
82
dev_pcbit[board] = dev;
83
init_waitqueue_head(&dev->set_running_wq);
84
spin_lock_init(&dev->lock);
86
if (mem_base >= 0xA0000 && mem_base <= 0xFFFFF ) {
87
dev->ph_mem = mem_base;
88
if (!request_mem_region(dev->ph_mem, 4096, "PCBIT mem")) {
90
"PCBIT: memory region %lx-%lx already in use\n",
91
dev->ph_mem, dev->ph_mem + 4096);
93
dev_pcbit[board] = NULL;
96
dev->sh_mem = ioremap(dev->ph_mem, 4096);
100
printk("memory address invalid");
102
dev_pcbit[board] = NULL;
106
dev->b1 = kzalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
108
printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
109
iounmap(dev->sh_mem);
110
release_mem_region(dev->ph_mem, 4096);
115
dev->b2 = kzalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
117
printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
119
iounmap(dev->sh_mem);
120
release_mem_region(dev->ph_mem, 4096);
127
INIT_WORK(&dev->qdelivery, pcbit_deliver);
133
if (request_irq(irq, &pcbit_irq_handler, 0, pcbit_devname[board], dev) != 0)
137
iounmap(dev->sh_mem);
138
release_mem_region(dev->ph_mem, 4096);
140
dev_pcbit[board] = NULL;
146
/* next frame to be received */
153
dev_if = kmalloc(sizeof(isdn_if), GFP_KERNEL);
159
iounmap(dev->sh_mem);
160
release_mem_region(dev->ph_mem, 4096);
162
dev_pcbit[board] = NULL;
166
dev->dev_if = dev_if;
168
dev_if->owner = THIS_MODULE;
170
dev_if->channels = 2;
172
dev_if->features = (ISDN_FEATURE_P_EURO | ISDN_FEATURE_L3_TRANS |
173
ISDN_FEATURE_L2_HDLC | ISDN_FEATURE_L2_TRANS );
175
dev_if->writebuf_skb = pcbit_xmit;
176
dev_if->hl_hdrlen = 16;
178
dev_if->maxbufsize = MAXBUFSIZE;
179
dev_if->command = pcbit_command;
181
dev_if->writecmd = pcbit_writecmd;
182
dev_if->readstat = pcbit_stat;
185
strcpy(dev_if->id, pcbit_devname[board]);
187
if (!register_isdn(dev_if)) {
191
iounmap(dev->sh_mem);
192
release_mem_region(dev->ph_mem, 4096);
194
dev_pcbit[board] = NULL;
198
dev->id = dev_if->channels;
201
dev->l2_state = L2_DOWN;
205
* set_protocol_running(dev);
212
void pcbit_terminate(int board)
214
struct pcbit_dev * dev;
216
dev = dev_pcbit[board];
219
/* unregister_isdn(dev->dev_if); */
220
free_irq(dev->irq, dev);
221
pcbit_clear_msn(dev);
223
if (dev->b1->fsm_timer.function)
224
del_timer(&dev->b1->fsm_timer);
225
if (dev->b2->fsm_timer.function)
226
del_timer(&dev->b2->fsm_timer);
229
iounmap(dev->sh_mem);
230
release_mem_region(dev->ph_mem, 4096);
236
static int pcbit_command(isdn_ctrl* ctl)
238
struct pcbit_dev *dev;
239
struct pcbit_chan *chan;
240
struct callb_data info;
242
dev = finddev(ctl->driver);
246
printk("pcbit_command: unknown device\n");
250
chan = (ctl->arg & 0x0F) ? dev->b2 : dev->b1;
253
switch(ctl->command) {
255
return pcbit_ioctl(ctl);
258
info.type = EV_USR_SETUP_REQ;
259
info.data.setup.CalledPN = (char *) &ctl->parm.setup.phone;
260
pcbit_fsm_event(dev, chan, EV_USR_SETUP_REQ, &info);
262
case ISDN_CMD_ACCEPTD:
263
pcbit_fsm_event(dev, chan, EV_USR_SETUP_RESP, NULL);
265
case ISDN_CMD_ACCEPTB:
266
printk("ISDN_CMD_ACCEPTB - not really needed\n");
268
case ISDN_CMD_HANGUP:
269
pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
272
chan->proto = (ctl->arg >> 8);
274
case ISDN_CMD_CLREAZ:
275
pcbit_clear_msn(dev);
277
case ISDN_CMD_SETEAZ:
278
pcbit_set_msn(dev, ctl->parm.num);
281
if ((ctl->arg >> 8) != ISDN_PROTO_L3_TRANS)
282
printk(KERN_DEBUG "L3 protocol unknown\n");
285
printk(KERN_DEBUG "pcbit_command: unknown command\n");
294
* on some conditions the board stops sending TDATA_CONFs
295
* let's see if we can turn around the problem
299
static void pcbit_block_timer(unsigned long data)
301
struct pcbit_chan *chan;
302
struct pcbit_dev * dev;
305
chan = (struct pcbit_chan *) data;
307
dev = chan2dev(chan);
310
printk(KERN_DEBUG "pcbit: chan2dev failed\n");
314
del_timer(&chan->block_timer);
315
chan->block_timer.function = NULL;
318
printk(KERN_DEBUG "pcbit_block_timer\n");
321
ictl.driver = dev->id;
322
ictl.command = ISDN_STAT_BSENT;
324
dev->dev_if->statcallb(&ictl);
328
static int pcbit_xmit(int driver, int chnum, int ack, struct sk_buff *skb)
332
struct pcbit_chan * chan;
333
struct pcbit_dev *dev;
335
dev = finddev(driver);
338
printk("finddev returned NULL");
342
chan = chnum ? dev->b2 : dev->b1;
345
if (chan->fsm_state != ST_ACTIVE)
348
if (chan->queued >= MAX_QUEUED )
352
"pcbit: %d packets already in queue - write fails\n",
356
* packet stays on the head of the device queue
357
* since dev_start_xmit will fail
361
if (chan->block_timer.function == NULL) {
362
init_timer(&chan->block_timer);
363
chan->block_timer.function = &pcbit_block_timer;
364
chan->block_timer.data = (long) chan;
365
chan->block_timer.expires = jiffies + 1 * HZ;
366
add_timer(&chan->block_timer);
377
hdrlen = capi_tdata_req(chan, skb);
379
refnum = last_ref_num++ & 0x7fffU;
380
chan->s_refnum = refnum;
382
pcbit_l2_write(dev, MSG_TDATA_REQ, refnum, skb, hdrlen);
387
static int pcbit_writecmd(const u_char __user *buf, int len, int driver, int channel)
389
struct pcbit_dev * dev;
391
const u_char * loadbuf;
397
dev = finddev(driver);
401
printk("pcbit_writecmd: couldn't find device");
405
switch(dev->l2_state) {
407
/* check (size <= rdp_size); write buf into board */
408
if (len < 0 || len > BANK4 + 1 || len > 1024)
410
printk("pcbit_writecmd: invalid length %d\n", len);
414
cbuf = kmalloc(len, GFP_KERNEL);
418
if (copy_from_user(cbuf, buf, len)) {
422
memcpy_toio(dev->sh_mem, cbuf, len);
426
/* this is the hard part */
428
/* get it into kernel space */
429
if ((ptr = kmalloc(len, GFP_KERNEL))==NULL)
431
if (copy_from_user(ptr, buf, len)) {
439
for (i=0; i < len; i++)
441
for(j=0; j < LOAD_RETRY; j++)
442
if (!(readb(dev->sh_mem + dev->loadptr)))
448
printk("TIMEOUT i=%d\n", i);
451
writeb(loadbuf[i], dev->sh_mem + dev->loadptr + 1);
452
writeb(0x01, dev->sh_mem + dev->loadptr);
455
if (dev->loadptr > LOAD_ZONE_END)
456
dev->loadptr = LOAD_ZONE_START;
460
return errstat ? errstat : len;
467
* demultiplexing of messages
471
void pcbit_l3_receive(struct pcbit_dev * dev, ulong msg,
472
struct sk_buff * skb,
473
ushort hdr_len, ushort refnum)
475
struct pcbit_chan *chan;
476
struct sk_buff *skb2;
478
struct callb_data cbdata;
485
if (!(chan = capi_channel(dev, skb))) {
487
"CAPI header: unknown channel id\n");
490
chan->r_refnum = skb->data[7];
493
dev->dev_if->rcvcallb_skb(dev->id, chan->id, skb);
495
if (capi_tdata_resp(chan, &skb2) > 0)
496
pcbit_l2_write(dev, MSG_TDATA_RESP, refnum,
501
if (!(chan = capi_channel(dev, skb))) {
503
"CAPI header: unknown channel id\n");
508
if ( (*((ushort *) (skb->data + 2) )) != 0) {
509
printk(KERN_DEBUG "TDATA_CONF error\n");
513
if (chan->queued == MAX_QUEUED) {
514
del_timer(&chan->block_timer);
515
chan->block_timer.function = NULL;
521
ictl.driver = dev->id;
522
ictl.command = ISDN_STAT_BSENT;
524
dev->dev_if->statcallb(&ictl);
529
* channel: 1st not used will do
530
* if both are used we're in trouble
533
if (!dev->b1->fsm_state)
535
else if (!dev->b2->fsm_state)
539
"Incoming connection: no channels available");
541
if ((len = capi_disc_req(*(ushort*)(skb->data), &skb2, CAUSE_NOCHAN)) > 0)
542
pcbit_l2_write(dev, MSG_DISC_REQ, refnum, skb2, len);
546
cbdata.data.setup.CalledPN = NULL;
547
cbdata.data.setup.CallingPN = NULL;
549
capi_decode_conn_ind(chan, skb, &cbdata);
550
cbdata.type = EV_NET_SETUP;
552
pcbit_fsm_event(dev, chan, EV_NET_SETUP, NULL);
554
if (pcbit_check_msn(dev, cbdata.data.setup.CallingPN))
555
pcbit_fsm_event(dev, chan, EV_USR_PROCED_REQ, &cbdata);
557
pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
559
kfree(cbdata.data.setup.CalledPN);
560
kfree(cbdata.data.setup.CallingPN);
565
* We should be able to find the channel by the message
566
* reference number. The current version of the firmware
567
* doesn't sent the ref number correctly.
570
printk(KERN_DEBUG "refnum=%04x b1=%04x b2=%04x\n", refnum,
574
/* We just try to find a channel in the right state */
576
if (dev->b1->fsm_state == ST_CALL_INIT)
579
if (dev->b2->s_refnum == ST_CALL_INIT)
583
printk(KERN_WARNING "Connection Confirm - no channel in Call Init state\n");
587
if (capi_decode_conn_conf(chan, skb, &complete)) {
588
printk(KERN_DEBUG "conn_conf indicates error\n");
589
pcbit_fsm_event(dev, chan, EV_ERROR, NULL);
593
pcbit_fsm_event(dev, chan, EV_NET_CALL_PROC, NULL);
595
pcbit_fsm_event(dev, chan, EV_NET_SETUP_ACK, NULL);
597
case MSG_CONN_ACTV_IND:
599
if (!(chan = capi_channel(dev, skb))) {
601
"CAPI header: unknown channel id\n");
605
if (capi_decode_conn_actv_ind(chan, skb)) {
606
printk("error in capi_decode_conn_actv_ind\n");
607
/* pcbit_fsm_event(dev, chan, EV_ERROR, NULL); */
610
chan->r_refnum = refnum;
611
pcbit_fsm_event(dev, chan, EV_NET_CONN, NULL);
613
case MSG_CONN_ACTV_CONF:
615
if (!(chan = capi_channel(dev, skb))) {
617
"CAPI header: unknown channel id\n");
621
if (capi_decode_conn_actv_conf(chan, skb) == 0)
622
pcbit_fsm_event(dev, chan, EV_NET_CONN_ACK, NULL);
625
printk(KERN_DEBUG "decode_conn_actv_conf failed\n");
630
if (!(chan = capi_channel(dev, skb))) {
632
"CAPI header: unknown channel id\n");
636
if (!(err = capi_decode_sel_proto_conf(chan, skb)))
637
pcbit_fsm_event(dev, chan, EV_NET_SELP_RESP, NULL);
640
printk("error %d - capi_decode_sel_proto_conf\n", err);
643
case MSG_ACT_TRANSP_CONF:
644
if (!(chan = capi_channel(dev, skb))) {
646
"CAPI header: unknown channel id\n");
650
if (!capi_decode_actv_trans_conf(chan, skb))
651
pcbit_fsm_event(dev, chan, EV_NET_ACTV_RESP, NULL);
656
if (!(chan = capi_channel(dev, skb))) {
658
"CAPI header: unknown channel id\n");
662
if (!capi_decode_disc_ind(chan, skb))
663
pcbit_fsm_event(dev, chan, EV_NET_DISC, NULL);
665
printk(KERN_WARNING "capi_decode_disc_ind - error\n");
668
if (!(chan = capi_channel(dev, skb))) {
670
"CAPI header: unknown channel id\n");
674
if (!capi_decode_disc_ind(chan, skb))
675
pcbit_fsm_event(dev, chan, EV_NET_RELEASE, NULL);
677
printk(KERN_WARNING "capi_decode_disc_conf - error\n");
681
printk(KERN_DEBUG "received Info Indication - discarded\n");
686
capi_decode_debug_188(skb->data, skb->len);
690
printk(KERN_DEBUG "pcbit_l3_receive: unknown message %08lx\n",
702
* should be a statbuf per device
705
static char statbuf[STATBUF_LEN];
706
static int stat_st = 0;
707
static int stat_end = 0;
709
static int pcbit_stat(u_char __user *buf, int len, int driver, int channel)
712
stat_count = stat_end - stat_st;
715
stat_count = STATBUF_LEN - stat_st + stat_end;
717
/* FIXME: should we sleep and wait for more cookies ? */
718
if (len > stat_count)
721
if (stat_st < stat_end)
723
if (copy_to_user(buf, statbuf + stat_st, len))
729
if (len > STATBUF_LEN - stat_st)
731
if (copy_to_user(buf, statbuf + stat_st,
732
STATBUF_LEN - stat_st))
734
if (copy_to_user(buf, statbuf,
735
len - (STATBUF_LEN - stat_st)))
738
stat_st = len - (STATBUF_LEN - stat_st);
742
if (copy_to_user(buf, statbuf + stat_st, len))
747
if (stat_st == STATBUF_LEN)
752
if (stat_st == stat_end)
753
stat_st = stat_end = 0;
758
static void pcbit_logstat(struct pcbit_dev *dev, char *str)
763
for (i=stat_end; i<strlen(str); i++)
766
stat_end = (stat_end + 1) % STATBUF_LEN;
767
if (stat_end == stat_st)
768
stat_st = (stat_st + 1) % STATBUF_LEN;
771
ictl.command=ISDN_STAT_STAVAIL;
773
ictl.arg=strlen(str);
774
dev->dev_if->statcallb(&ictl);
777
void pcbit_state_change(struct pcbit_dev * dev, struct pcbit_chan * chan,
778
unsigned short i, unsigned short ev, unsigned short f)
782
sprintf(buf, "change on device: %d channel:%d\n%s -> %s -> %s\n",
784
isdn_state_table[i], strisdnevent(ev), isdn_state_table[f]
791
pcbit_logstat(dev, buf);
794
static void set_running_timeout(unsigned long ptr)
796
struct pcbit_dev * dev;
799
printk(KERN_DEBUG "set_running_timeout\n");
801
dev = (struct pcbit_dev *) ptr;
803
wake_up_interruptible(&dev->set_running_wq);
806
static int set_protocol_running(struct pcbit_dev * dev)
810
init_timer(&dev->set_running_timer);
812
dev->set_running_timer.function = &set_running_timeout;
813
dev->set_running_timer.data = (ulong) dev;
814
dev->set_running_timer.expires = jiffies + SET_RUN_TIMEOUT;
818
dev->l2_state = L2_STARTING;
820
writeb((0x80U | ((dev->rcv_seq & 0x07) << 3) | (dev->send_seq & 0x07)),
821
dev->sh_mem + BANK4);
823
add_timer(&dev->set_running_timer);
825
interruptible_sleep_on(&dev->set_running_wq);
827
del_timer(&dev->set_running_timer);
829
if (dev->l2_state == L2_RUNNING)
831
printk(KERN_DEBUG "pcbit: running\n");
833
dev->unack_seq = dev->send_seq;
835
dev->writeptr = dev->sh_mem;
836
dev->readptr = dev->sh_mem + BANK2;
838
/* tell the good news to the upper layer */
839
ctl.driver = dev->id;
840
ctl.command = ISDN_STAT_RUN;
842
dev->dev_if->statcallb(&ctl);
846
printk(KERN_DEBUG "pcbit: initialization failed\n");
847
printk(KERN_DEBUG "pcbit: firmware not loaded\n");
849
dev->l2_state = L2_DOWN;
852
printk(KERN_DEBUG "Bank3 = %02x\n",
853
readb(dev->sh_mem + BANK3));
855
writeb(0x40, dev->sh_mem + BANK4);
857
/* warn the upper layer */
858
ctl.driver = dev->id;
859
ctl.command = ISDN_STAT_STOP;
861
dev->dev_if->statcallb(&ctl);
863
return -EL2HLT; /* Level 2 halted */
869
static int pcbit_ioctl(isdn_ctrl* ctl)
871
struct pcbit_dev * dev;
872
struct pcbit_ioctl *cmd;
874
dev = finddev(ctl->driver);
878
printk(KERN_DEBUG "pcbit_ioctl: unknown device\n");
882
cmd = (struct pcbit_ioctl *) ctl->parm.num;
885
case PCBIT_IOCTL_GETSTAT:
886
cmd->info.l2_status = dev->l2_state;
889
case PCBIT_IOCTL_STRLOAD:
890
if (dev->l2_state == L2_RUNNING)
893
dev->unack_seq = dev->send_seq = dev->rcv_seq = 0;
895
dev->writeptr = dev->sh_mem;
896
dev->readptr = dev->sh_mem + BANK2;
898
dev->l2_state = L2_LOADING;
901
case PCBIT_IOCTL_LWMODE:
902
if (dev->l2_state != L2_LOADING)
905
dev->l2_state = L2_LWMODE;
908
case PCBIT_IOCTL_FWMODE:
909
if (dev->l2_state == L2_RUNNING)
911
dev->loadptr = LOAD_ZONE_START;
912
dev->l2_state = L2_FWMODE;
915
case PCBIT_IOCTL_ENDLOAD:
916
if (dev->l2_state == L2_RUNNING)
918
dev->l2_state = L2_DOWN;
921
case PCBIT_IOCTL_SETBYTE:
922
if (dev->l2_state == L2_RUNNING)
926
if (cmd->info.rdp_byte.addr > BANK4)
929
writeb(cmd->info.rdp_byte.value, dev->sh_mem + cmd->info.rdp_byte.addr);
931
case PCBIT_IOCTL_GETBYTE:
932
if (dev->l2_state == L2_RUNNING)
937
if (cmd->info.rdp_byte.addr > BANK4)
939
printk("getbyte: invalid addr %04x\n", cmd->info.rdp_byte.addr);
943
cmd->info.rdp_byte.value = readb(dev->sh_mem + cmd->info.rdp_byte.addr);
945
case PCBIT_IOCTL_RUNNING:
946
if (dev->l2_state == L2_RUNNING)
948
return set_protocol_running(dev);
950
case PCBIT_IOCTL_WATCH188:
951
if (dev->l2_state != L2_LOADING)
953
pcbit_l2_write(dev, MSG_WATCH188, 0x0001, NULL, 0);
955
case PCBIT_IOCTL_PING188:
956
if (dev->l2_state != L2_LOADING)
958
pcbit_l2_write(dev, MSG_PING188_REQ, 0x0001, NULL, 0);
960
case PCBIT_IOCTL_APION:
961
if (dev->l2_state != L2_LOADING)
963
pcbit_l2_write(dev, MSG_API_ON, 0x0001, NULL, 0);
965
case PCBIT_IOCTL_STOP:
966
dev->l2_state = L2_DOWN;
967
writeb(0x40, dev->sh_mem + BANK4);
973
printk("error: unknown ioctl\n");
982
* if null reject all calls
983
* if first entry has null MSN accept all calls
986
static void pcbit_clear_msn(struct pcbit_dev *dev)
988
struct msn_entry *ptr, *back;
990
for (ptr=dev->msn_list; ptr; )
997
dev->msn_list = NULL;
1000
static void pcbit_set_msn(struct pcbit_dev *dev, char *list)
1002
struct msn_entry *ptr;
1003
struct msn_entry *back = NULL;
1007
if (strlen(list) == 0) {
1008
ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1010
printk(KERN_WARNING "kmalloc failed\n");
1016
ptr->next = dev->msn_list;
1017
dev->msn_list = ptr;
1023
for (back=dev->msn_list; back->next; back=back->next);
1034
ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1037
printk(KERN_WARNING "kmalloc failed\n");
1042
ptr->msn = kmalloc(len, GFP_ATOMIC);
1044
printk(KERN_WARNING "kmalloc failed\n");
1049
memcpy(ptr->msn, sp, len - 1);
1053
printk(KERN_DEBUG "msn: %s\n", ptr->msn);
1055
if (dev->msn_list == NULL)
1056
dev->msn_list = ptr;
1065
* check if we do signal or reject an incoming call
1067
static int pcbit_check_msn(struct pcbit_dev *dev, char *msn)
1069
struct msn_entry *ptr;
1071
for (ptr=dev->msn_list; ptr; ptr=ptr->next) {
1073
if (ptr->msn == NULL)
1076
if (strcmp(ptr->msn, msn) == 0)