2 * PCBIT-D interface with isdn4linux
4 * Copyright (C) 1996 Universidade de Lisboa
6 * Written by Pedro Roque Marques (roque@di.fc.ul.pt)
8 * This software may be used and distributed according to the terms of
9 * the GNU General Public License, incorporated herein by reference.
15 * Nuno Grilo <l38486@alfa.ist.utl.pt>
16 * fixed msn_list NULL pointer dereference.
20 #include <linux/module.h>
22 #include <linux/sched.h>
24 #include <linux/kernel.h>
26 #include <linux/types.h>
27 #include <linux/slab.h>
29 #include <linux/interrupt.h>
30 #include <linux/string.h>
31 #include <linux/skbuff.h>
33 #include <linux/isdnif.h>
34 #include <asm/string.h>
36 #include <linux/ioport.h>
44 extern ushort last_ref_num;
46 static int pcbit_ioctl(isdn_ctrl* ctl);
48 static char* pcbit_devname[MAX_PCBIT_CARDS] = {
59 static int pcbit_command(isdn_ctrl* ctl);
60 static int pcbit_stat(u_char __user * buf, int len, int, int);
61 static int pcbit_xmit(int driver, int chan, int ack, struct sk_buff *skb);
62 static int pcbit_writecmd(const u_char __user *, int, int, int);
64 static int set_protocol_running(struct pcbit_dev * dev);
66 static void pcbit_clear_msn(struct pcbit_dev *dev);
67 static void pcbit_set_msn(struct pcbit_dev *dev, char *list);
68 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn);
71 extern void pcbit_deliver(void * data);
73 int pcbit_init_dev(int board, int mem_base, int irq)
75 struct pcbit_dev *dev;
78 if ((dev=kmalloc(sizeof(struct pcbit_dev), GFP_KERNEL)) == NULL)
80 printk("pcbit_init: couldn't malloc pcbit_dev struct\n");
84 dev_pcbit[board] = dev;
85 memset(dev, 0, sizeof(struct pcbit_dev));
86 init_waitqueue_head(&dev->set_running_wq);
87 spin_lock_init(&dev->lock);
89 if (mem_base >= 0xA0000 && mem_base <= 0xFFFFF ) {
90 dev->ph_mem = mem_base;
91 if (!request_mem_region(dev->ph_mem, 4096, "PCBIT mem")) {
93 "PCBIT: memory region %lx-%lx already in use\n",
94 dev->ph_mem, dev->ph_mem + 4096);
96 dev_pcbit[board] = NULL;
99 dev->sh_mem = ioremap(dev->ph_mem, 4096);
103 printk("memory address invalid");
105 dev_pcbit[board] = NULL;
109 dev->b1 = kmalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
111 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
112 iounmap(dev->sh_mem);
113 release_mem_region(dev->ph_mem, 4096);
118 dev->b2 = kmalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
120 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
122 iounmap(dev->sh_mem);
123 release_mem_region(dev->ph_mem, 4096);
128 memset(dev->b1, 0, sizeof(struct pcbit_chan));
129 memset(dev->b2, 0, sizeof(struct pcbit_chan));
132 INIT_WORK(&dev->qdelivery, pcbit_deliver, dev);
138 if (request_irq(irq, &pcbit_irq_handler, 0, pcbit_devname[board], dev) != 0)
142 iounmap(dev->sh_mem);
143 release_mem_region(dev->ph_mem, 4096);
145 dev_pcbit[board] = NULL;
151 /* next frame to be received */
158 dev_if = kmalloc(sizeof(isdn_if), GFP_KERNEL);
164 iounmap(dev->sh_mem);
165 release_mem_region(dev->ph_mem, 4096);
167 dev_pcbit[board] = NULL;
171 dev->dev_if = dev_if;
173 dev_if->owner = THIS_MODULE;
175 dev_if->channels = 2;
177 dev_if->features = (ISDN_FEATURE_P_EURO | ISDN_FEATURE_L3_TRANS |
178 ISDN_FEATURE_L2_HDLC | ISDN_FEATURE_L2_TRANS );
180 dev_if->writebuf_skb = pcbit_xmit;
181 dev_if->hl_hdrlen = 16;
183 dev_if->maxbufsize = MAXBUFSIZE;
184 dev_if->command = pcbit_command;
186 dev_if->writecmd = pcbit_writecmd;
187 dev_if->readstat = pcbit_stat;
190 strcpy(dev_if->id, pcbit_devname[board]);
192 if (!register_isdn(dev_if)) {
196 iounmap(dev->sh_mem);
197 release_mem_region(dev->ph_mem, 4096);
199 dev_pcbit[board] = NULL;
203 dev->id = dev_if->channels;
206 dev->l2_state = L2_DOWN;
210 * set_protocol_running(dev);
217 void pcbit_terminate(int board)
219 struct pcbit_dev * dev;
221 dev = dev_pcbit[board];
224 /* unregister_isdn(dev->dev_if); */
225 free_irq(dev->irq, dev);
226 pcbit_clear_msn(dev);
228 if (dev->b1->fsm_timer.function)
229 del_timer(&dev->b1->fsm_timer);
230 if (dev->b2->fsm_timer.function)
231 del_timer(&dev->b2->fsm_timer);
234 iounmap(dev->sh_mem);
235 release_mem_region(dev->ph_mem, 4096);
241 static int pcbit_command(isdn_ctrl* ctl)
243 struct pcbit_dev *dev;
244 struct pcbit_chan *chan;
245 struct callb_data info;
247 dev = finddev(ctl->driver);
251 printk("pcbit_command: unknown device\n");
255 chan = (ctl->arg & 0x0F) ? dev->b2 : dev->b1;
258 switch(ctl->command) {
260 return pcbit_ioctl(ctl);
263 info.type = EV_USR_SETUP_REQ;
264 info.data.setup.CalledPN = (char *) &ctl->parm.setup.phone;
265 pcbit_fsm_event(dev, chan, EV_USR_SETUP_REQ, &info);
267 case ISDN_CMD_ACCEPTD:
268 pcbit_fsm_event(dev, chan, EV_USR_SETUP_RESP, NULL);
270 case ISDN_CMD_ACCEPTB:
271 printk("ISDN_CMD_ACCEPTB - not really needed\n");
273 case ISDN_CMD_HANGUP:
274 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
277 chan->proto = (ctl->arg >> 8);
279 case ISDN_CMD_CLREAZ:
280 pcbit_clear_msn(dev);
282 case ISDN_CMD_SETEAZ:
283 pcbit_set_msn(dev, ctl->parm.num);
286 if ((ctl->arg >> 8) != ISDN_PROTO_L3_TRANS)
287 printk(KERN_DEBUG "L3 protocol unknown\n");
290 printk(KERN_DEBUG "pcbit_command: unknown command\n");
299 * on some conditions the board stops sending TDATA_CONFs
300 * let's see if we can turn around the problem
304 static void pcbit_block_timer(unsigned long data)
306 struct pcbit_chan *chan;
307 struct pcbit_dev * dev;
310 chan = (struct pcbit_chan *) data;
312 dev = chan2dev(chan);
315 printk(KERN_DEBUG "pcbit: chan2dev failed\n");
319 del_timer(&chan->block_timer);
320 chan->block_timer.function = NULL;
323 printk(KERN_DEBUG "pcbit_block_timer\n");
326 ictl.driver = dev->id;
327 ictl.command = ISDN_STAT_BSENT;
329 dev->dev_if->statcallb(&ictl);
333 static int pcbit_xmit(int driver, int chnum, int ack, struct sk_buff *skb)
337 struct pcbit_chan * chan;
338 struct pcbit_dev *dev;
340 dev = finddev(driver);
343 printk("finddev returned NULL");
347 chan = chnum ? dev->b2 : dev->b1;
350 if (chan->fsm_state != ST_ACTIVE)
353 if (chan->queued >= MAX_QUEUED )
357 "pcbit: %d packets already in queue - write fails\n",
361 * packet stays on the head of the device queue
362 * since dev_start_xmit will fail
366 if (chan->block_timer.function == NULL) {
367 init_timer(&chan->block_timer);
368 chan->block_timer.function = &pcbit_block_timer;
369 chan->block_timer.data = (long) chan;
370 chan->block_timer.expires = jiffies + 1 * HZ;
371 add_timer(&chan->block_timer);
382 hdrlen = capi_tdata_req(chan, skb);
384 refnum = last_ref_num++ & 0x7fffU;
385 chan->s_refnum = refnum;
387 pcbit_l2_write(dev, MSG_TDATA_REQ, refnum, skb, hdrlen);
392 static int pcbit_writecmd(const u_char __user *buf, int len, int driver, int channel)
394 struct pcbit_dev * dev;
396 const u_char * loadbuf;
402 dev = finddev(driver);
406 printk("pcbit_writecmd: couldn't find device");
410 switch(dev->l2_state) {
412 /* check (size <= rdp_size); write buf into board */
413 if (len < 0 || len > BANK4 + 1 || len > 1024)
415 printk("pcbit_writecmd: invalid length %d\n", len);
419 cbuf = kmalloc(len, GFP_KERNEL);
423 if (copy_from_user(cbuf, buf, len)) {
427 memcpy_toio(dev->sh_mem, cbuf, len);
431 /* this is the hard part */
433 /* get it into kernel space */
434 if ((ptr = kmalloc(len, GFP_KERNEL))==NULL)
436 if (copy_from_user(ptr, buf, len)) {
444 for (i=0; i < len; i++)
446 for(j=0; j < LOAD_RETRY; j++)
447 if (!(readb(dev->sh_mem + dev->loadptr)))
453 printk("TIMEOUT i=%d\n", i);
456 writeb(loadbuf[i], dev->sh_mem + dev->loadptr + 1);
457 writeb(0x01, dev->sh_mem + dev->loadptr);
460 if (dev->loadptr > LOAD_ZONE_END)
461 dev->loadptr = LOAD_ZONE_START;
465 return errstat ? errstat : len;
472 * demultiplexing of messages
476 void pcbit_l3_receive(struct pcbit_dev * dev, ulong msg,
477 struct sk_buff * skb,
478 ushort hdr_len, ushort refnum)
480 struct pcbit_chan *chan;
481 struct sk_buff *skb2;
483 struct callb_data cbdata;
490 if (!(chan = capi_channel(dev, skb))) {
492 "CAPI header: unknown channel id\n");
495 chan->r_refnum = skb->data[7];
498 dev->dev_if->rcvcallb_skb(dev->id, chan->id, skb);
500 if (capi_tdata_resp(chan, &skb2) > 0)
501 pcbit_l2_write(dev, MSG_TDATA_RESP, refnum,
506 if (!(chan = capi_channel(dev, skb))) {
508 "CAPI header: unknown channel id\n");
513 if ( (*((ushort *) (skb->data + 2) )) != 0) {
514 printk(KERN_DEBUG "TDATA_CONF error\n");
518 if (chan->queued == MAX_QUEUED) {
519 del_timer(&chan->block_timer);
520 chan->block_timer.function = NULL;
526 ictl.driver = dev->id;
527 ictl.command = ISDN_STAT_BSENT;
529 dev->dev_if->statcallb(&ictl);
534 * channel: 1st not used will do
535 * if both are used we're in trouble
538 if (!dev->b1->fsm_state)
540 else if (!dev->b2->fsm_state)
544 "Incoming connection: no channels available");
546 if ((len = capi_disc_req(*(ushort*)(skb->data), &skb2, CAUSE_NOCHAN)) > 0)
547 pcbit_l2_write(dev, MSG_DISC_REQ, refnum, skb2, len);
551 cbdata.data.setup.CalledPN = NULL;
552 cbdata.data.setup.CallingPN = NULL;
554 capi_decode_conn_ind(chan, skb, &cbdata);
555 cbdata.type = EV_NET_SETUP;
557 pcbit_fsm_event(dev, chan, EV_NET_SETUP, NULL);
559 if (pcbit_check_msn(dev, cbdata.data.setup.CallingPN))
560 pcbit_fsm_event(dev, chan, EV_USR_PROCED_REQ, &cbdata);
562 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
564 kfree(cbdata.data.setup.CalledPN);
565 kfree(cbdata.data.setup.CallingPN);
570 * We should be able to find the channel by the message
571 * reference number. The current version of the firmware
572 * doesn't sent the ref number correctly.
575 printk(KERN_DEBUG "refnum=%04x b1=%04x b2=%04x\n", refnum,
579 /* We just try to find a channel in the right state */
581 if (dev->b1->fsm_state == ST_CALL_INIT)
584 if (dev->b2->s_refnum == ST_CALL_INIT)
588 printk(KERN_WARNING "Connection Confirm - no channel in Call Init state\n");
592 if (capi_decode_conn_conf(chan, skb, &complete)) {
593 printk(KERN_DEBUG "conn_conf indicates error\n");
594 pcbit_fsm_event(dev, chan, EV_ERROR, NULL);
598 pcbit_fsm_event(dev, chan, EV_NET_CALL_PROC, NULL);
600 pcbit_fsm_event(dev, chan, EV_NET_SETUP_ACK, NULL);
602 case MSG_CONN_ACTV_IND:
604 if (!(chan = capi_channel(dev, skb))) {
606 "CAPI header: unknown channel id\n");
610 if (capi_decode_conn_actv_ind(chan, skb)) {
611 printk("error in capi_decode_conn_actv_ind\n");
612 /* pcbit_fsm_event(dev, chan, EV_ERROR, NULL); */
615 chan->r_refnum = refnum;
616 pcbit_fsm_event(dev, chan, EV_NET_CONN, NULL);
618 case MSG_CONN_ACTV_CONF:
620 if (!(chan = capi_channel(dev, skb))) {
622 "CAPI header: unknown channel id\n");
626 if (capi_decode_conn_actv_conf(chan, skb) == 0)
627 pcbit_fsm_event(dev, chan, EV_NET_CONN_ACK, NULL);
630 printk(KERN_DEBUG "decode_conn_actv_conf failed\n");
635 if (!(chan = capi_channel(dev, skb))) {
637 "CAPI header: unknown channel id\n");
641 if (!(err = capi_decode_sel_proto_conf(chan, skb)))
642 pcbit_fsm_event(dev, chan, EV_NET_SELP_RESP, NULL);
645 printk("error %d - capi_decode_sel_proto_conf\n", err);
648 case MSG_ACT_TRANSP_CONF:
649 if (!(chan = capi_channel(dev, skb))) {
651 "CAPI header: unknown channel id\n");
655 if (!capi_decode_actv_trans_conf(chan, skb))
656 pcbit_fsm_event(dev, chan, EV_NET_ACTV_RESP, NULL);
661 if (!(chan = capi_channel(dev, skb))) {
663 "CAPI header: unknown channel id\n");
667 if (!capi_decode_disc_ind(chan, skb))
668 pcbit_fsm_event(dev, chan, EV_NET_DISC, NULL);
670 printk(KERN_WARNING "capi_decode_disc_ind - error\n");
673 if (!(chan = capi_channel(dev, skb))) {
675 "CAPI header: unknown channel id\n");
679 if (!capi_decode_disc_ind(chan, skb))
680 pcbit_fsm_event(dev, chan, EV_NET_RELEASE, NULL);
682 printk(KERN_WARNING "capi_decode_disc_conf - error\n");
686 printk(KERN_DEBUG "received Info Indication - discarded\n");
691 capi_decode_debug_188(skb->data, skb->len);
695 printk(KERN_DEBUG "pcbit_l3_receive: unknown message %08lx\n",
707 * should be a statbuf per device
710 static char statbuf[STATBUF_LEN];
711 static int stat_st = 0;
712 static int stat_end = 0;
714 static int pcbit_stat(u_char __user *buf, int len, int driver, int channel)
717 stat_count = stat_end - stat_st;
720 stat_count = STATBUF_LEN - stat_st + stat_end;
722 /* FIXME: should we sleep and wait for more cookies ? */
723 if (len > stat_count)
726 if (stat_st < stat_end)
728 copy_to_user(buf, statbuf + stat_st, len);
733 if (len > STATBUF_LEN - stat_st)
735 copy_to_user(buf, statbuf + stat_st,
736 STATBUF_LEN - stat_st);
737 copy_to_user(buf, statbuf,
738 len - (STATBUF_LEN - stat_st));
740 stat_st = len - (STATBUF_LEN - stat_st);
744 copy_to_user(buf, statbuf + stat_st, len);
748 if (stat_st == STATBUF_LEN)
753 if (stat_st == stat_end)
754 stat_st = stat_end = 0;
759 static void pcbit_logstat(struct pcbit_dev *dev, char *str)
764 for (i=stat_end; i<strlen(str); i++)
767 stat_end = (stat_end + 1) % STATBUF_LEN;
768 if (stat_end == stat_st)
769 stat_st = (stat_st + 1) % STATBUF_LEN;
772 ictl.command=ISDN_STAT_STAVAIL;
774 ictl.arg=strlen(str);
775 dev->dev_if->statcallb(&ictl);
778 extern char * isdn_state_table[];
779 extern char * strisdnevent(unsigned short);
782 void pcbit_state_change(struct pcbit_dev * dev, struct pcbit_chan * chan,
783 unsigned short i, unsigned short ev, unsigned short f)
787 sprintf(buf, "change on device: %d channel:%d\n%s -> %s -> %s\n",
789 isdn_state_table[i], strisdnevent(ev), isdn_state_table[f]
796 pcbit_logstat(dev, buf);
799 static void set_running_timeout(unsigned long ptr)
801 struct pcbit_dev * dev;
804 printk(KERN_DEBUG "set_running_timeout\n");
806 dev = (struct pcbit_dev *) ptr;
808 wake_up_interruptible(&dev->set_running_wq);
811 static int set_protocol_running(struct pcbit_dev * dev)
815 init_timer(&dev->set_running_timer);
817 dev->set_running_timer.function = &set_running_timeout;
818 dev->set_running_timer.data = (ulong) dev;
819 dev->set_running_timer.expires = jiffies + SET_RUN_TIMEOUT;
823 dev->l2_state = L2_STARTING;
825 writeb((0x80U | ((dev->rcv_seq & 0x07) << 3) | (dev->send_seq & 0x07)),
826 dev->sh_mem + BANK4);
828 add_timer(&dev->set_running_timer);
830 interruptible_sleep_on(&dev->set_running_wq);
832 del_timer(&dev->set_running_timer);
834 if (dev->l2_state == L2_RUNNING)
836 printk(KERN_DEBUG "pcbit: running\n");
838 dev->unack_seq = dev->send_seq;
840 dev->writeptr = dev->sh_mem;
841 dev->readptr = dev->sh_mem + BANK2;
843 /* tell the good news to the upper layer */
844 ctl.driver = dev->id;
845 ctl.command = ISDN_STAT_RUN;
847 dev->dev_if->statcallb(&ctl);
851 printk(KERN_DEBUG "pcbit: initialization failed\n");
852 printk(KERN_DEBUG "pcbit: firmware not loaded\n");
854 dev->l2_state = L2_DOWN;
857 printk(KERN_DEBUG "Bank3 = %02x\n",
858 readb(dev->sh_mem + BANK3));
860 writeb(0x40, dev->sh_mem + BANK4);
862 /* warn the upper layer */
863 ctl.driver = dev->id;
864 ctl.command = ISDN_STAT_STOP;
866 dev->dev_if->statcallb(&ctl);
868 return -EL2HLT; /* Level 2 halted */
874 static int pcbit_ioctl(isdn_ctrl* ctl)
876 struct pcbit_dev * dev;
877 struct pcbit_ioctl *cmd;
879 dev = finddev(ctl->driver);
883 printk(KERN_DEBUG "pcbit_ioctl: unknown device\n");
887 cmd = (struct pcbit_ioctl *) ctl->parm.num;
890 case PCBIT_IOCTL_GETSTAT:
891 cmd->info.l2_status = dev->l2_state;
894 case PCBIT_IOCTL_STRLOAD:
895 if (dev->l2_state == L2_RUNNING)
898 dev->unack_seq = dev->send_seq = dev->rcv_seq = 0;
900 dev->writeptr = dev->sh_mem;
901 dev->readptr = dev->sh_mem + BANK2;
903 dev->l2_state = L2_LOADING;
906 case PCBIT_IOCTL_LWMODE:
907 if (dev->l2_state != L2_LOADING)
910 dev->l2_state = L2_LWMODE;
913 case PCBIT_IOCTL_FWMODE:
914 if (dev->l2_state == L2_RUNNING)
916 dev->loadptr = LOAD_ZONE_START;
917 dev->l2_state = L2_FWMODE;
920 case PCBIT_IOCTL_ENDLOAD:
921 if (dev->l2_state == L2_RUNNING)
923 dev->l2_state = L2_DOWN;
926 case PCBIT_IOCTL_SETBYTE:
927 if (dev->l2_state == L2_RUNNING)
931 if (cmd->info.rdp_byte.addr > BANK4)
934 writeb(cmd->info.rdp_byte.value, dev->sh_mem + cmd->info.rdp_byte.addr);
936 case PCBIT_IOCTL_GETBYTE:
937 if (dev->l2_state == L2_RUNNING)
942 if (cmd->info.rdp_byte.addr > BANK4)
944 printk("getbyte: invalid addr %04x\n", cmd->info.rdp_byte.addr);
948 cmd->info.rdp_byte.value = readb(dev->sh_mem + cmd->info.rdp_byte.addr);
950 case PCBIT_IOCTL_RUNNING:
951 if (dev->l2_state == L2_RUNNING)
953 return set_protocol_running(dev);
955 case PCBIT_IOCTL_WATCH188:
956 if (dev->l2_state != L2_LOADING)
958 pcbit_l2_write(dev, MSG_WATCH188, 0x0001, NULL, 0);
960 case PCBIT_IOCTL_PING188:
961 if (dev->l2_state != L2_LOADING)
963 pcbit_l2_write(dev, MSG_PING188_REQ, 0x0001, NULL, 0);
965 case PCBIT_IOCTL_APION:
966 if (dev->l2_state != L2_LOADING)
968 pcbit_l2_write(dev, MSG_API_ON, 0x0001, NULL, 0);
970 case PCBIT_IOCTL_STOP:
971 dev->l2_state = L2_DOWN;
972 writeb(0x40, dev->sh_mem + BANK4);
978 printk("error: unknown ioctl\n");
987 * if null reject all calls
988 * if first entry has null MSN accept all calls
991 static void pcbit_clear_msn(struct pcbit_dev *dev)
993 struct msn_entry *ptr, *back;
995 for (ptr=dev->msn_list; ptr; )
1002 dev->msn_list = NULL;
1005 static void pcbit_set_msn(struct pcbit_dev *dev, char *list)
1007 struct msn_entry *ptr;
1008 struct msn_entry *back = NULL;
1012 if (strlen(list) == 0) {
1013 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1015 printk(KERN_WARNING "kmalloc failed\n");
1021 ptr->next = dev->msn_list;
1022 dev->msn_list = ptr;
1028 for (back=dev->msn_list; back->next; back=back->next);
1039 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1042 printk(KERN_WARNING "kmalloc failed\n");
1047 ptr->msn = kmalloc(len, GFP_ATOMIC);
1049 printk(KERN_WARNING "kmalloc failed\n");
1054 memcpy(ptr->msn, sp, len - 1);
1058 printk(KERN_DEBUG "msn: %s\n", ptr->msn);
1060 if (dev->msn_list == NULL)
1061 dev->msn_list = ptr;
1070 * check if we do signal or reject an incoming call
1072 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn)
1074 struct msn_entry *ptr;
1076 for (ptr=dev->msn_list; ptr; ptr=ptr->next) {
1078 if (ptr->msn == NULL)
1081 if (strcmp(ptr->msn, msn) == 0)
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob