2 * PCBIT-D interface with isdn4linux
4 * Copyright (C) 1996 Universidade de Lisboa
6 * Written by Pedro Roque Marques (roque@di.fc.ul.pt)
8 * This software may be used and distributed according to the terms of
9 * the GNU General Public License, incorporated herein by reference.
15 * Nuno Grilo <l38486@alfa.ist.utl.pt>
16 * fixed msn_list NULL pointer dereference.
20 #include <linux/module.h>
23 #include <linux/kernel.h>
25 #include <linux/types.h>
26 #include <linux/slab.h>
28 #include <linux/interrupt.h>
29 #include <linux/string.h>
30 #include <linux/skbuff.h>
32 #include <linux/isdnif.h>
33 #include <asm/string.h>
35 #include <linux/ioport.h>
43 extern ushort last_ref_num;
45 static int pcbit_ioctl(isdn_ctrl* ctl);
47 static char* pcbit_devname[MAX_PCBIT_CARDS] = {
58 static int pcbit_command(isdn_ctrl* ctl);
59 static int pcbit_stat(u_char __user * buf, int len, int, int);
60 static int pcbit_xmit(int driver, int chan, int ack, struct sk_buff *skb);
61 static int pcbit_writecmd(const u_char __user *, int, int, int);
63 static int set_protocol_running(struct pcbit_dev * dev);
65 static void pcbit_clear_msn(struct pcbit_dev *dev);
66 static void pcbit_set_msn(struct pcbit_dev *dev, char *list);
67 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn);
70 int pcbit_init_dev(int board, int mem_base, int irq)
72 struct pcbit_dev *dev;
75 if ((dev=kzalloc(sizeof(struct pcbit_dev), GFP_KERNEL)) == NULL)
77 printk("pcbit_init: couldn't malloc pcbit_dev struct\n");
81 dev_pcbit[board] = dev;
82 init_waitqueue_head(&dev->set_running_wq);
83 spin_lock_init(&dev->lock);
85 if (mem_base >= 0xA0000 && mem_base <= 0xFFFFF ) {
86 dev->ph_mem = mem_base;
87 if (!request_mem_region(dev->ph_mem, 4096, "PCBIT mem")) {
89 "PCBIT: memory region %lx-%lx already in use\n",
90 dev->ph_mem, dev->ph_mem + 4096);
92 dev_pcbit[board] = NULL;
95 dev->sh_mem = ioremap(dev->ph_mem, 4096);
99 printk("memory address invalid");
101 dev_pcbit[board] = NULL;
105 dev->b1 = kzalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
107 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
108 iounmap(dev->sh_mem);
109 release_mem_region(dev->ph_mem, 4096);
114 dev->b2 = kzalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
116 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
118 iounmap(dev->sh_mem);
119 release_mem_region(dev->ph_mem, 4096);
126 INIT_WORK(&dev->qdelivery, pcbit_deliver);
132 if (request_irq(irq, &pcbit_irq_handler, 0, pcbit_devname[board], dev) != 0)
136 iounmap(dev->sh_mem);
137 release_mem_region(dev->ph_mem, 4096);
139 dev_pcbit[board] = NULL;
145 /* next frame to be received */
152 dev_if = kmalloc(sizeof(isdn_if), GFP_KERNEL);
158 iounmap(dev->sh_mem);
159 release_mem_region(dev->ph_mem, 4096);
161 dev_pcbit[board] = NULL;
165 dev->dev_if = dev_if;
167 dev_if->owner = THIS_MODULE;
169 dev_if->channels = 2;
171 dev_if->features = (ISDN_FEATURE_P_EURO | ISDN_FEATURE_L3_TRANS |
172 ISDN_FEATURE_L2_HDLC | ISDN_FEATURE_L2_TRANS );
174 dev_if->writebuf_skb = pcbit_xmit;
175 dev_if->hl_hdrlen = 16;
177 dev_if->maxbufsize = MAXBUFSIZE;
178 dev_if->command = pcbit_command;
180 dev_if->writecmd = pcbit_writecmd;
181 dev_if->readstat = pcbit_stat;
184 strcpy(dev_if->id, pcbit_devname[board]);
186 if (!register_isdn(dev_if)) {
190 iounmap(dev->sh_mem);
191 release_mem_region(dev->ph_mem, 4096);
193 dev_pcbit[board] = NULL;
197 dev->id = dev_if->channels;
200 dev->l2_state = L2_DOWN;
204 * set_protocol_running(dev);
211 void pcbit_terminate(int board)
213 struct pcbit_dev * dev;
215 dev = dev_pcbit[board];
218 /* unregister_isdn(dev->dev_if); */
219 free_irq(dev->irq, dev);
220 pcbit_clear_msn(dev);
222 if (dev->b1->fsm_timer.function)
223 del_timer(&dev->b1->fsm_timer);
224 if (dev->b2->fsm_timer.function)
225 del_timer(&dev->b2->fsm_timer);
228 iounmap(dev->sh_mem);
229 release_mem_region(dev->ph_mem, 4096);
235 static int pcbit_command(isdn_ctrl* ctl)
237 struct pcbit_dev *dev;
238 struct pcbit_chan *chan;
239 struct callb_data info;
241 dev = finddev(ctl->driver);
245 printk("pcbit_command: unknown device\n");
249 chan = (ctl->arg & 0x0F) ? dev->b2 : dev->b1;
252 switch(ctl->command) {
254 return pcbit_ioctl(ctl);
257 info.type = EV_USR_SETUP_REQ;
258 info.data.setup.CalledPN = (char *) &ctl->parm.setup.phone;
259 pcbit_fsm_event(dev, chan, EV_USR_SETUP_REQ, &info);
261 case ISDN_CMD_ACCEPTD:
262 pcbit_fsm_event(dev, chan, EV_USR_SETUP_RESP, NULL);
264 case ISDN_CMD_ACCEPTB:
265 printk("ISDN_CMD_ACCEPTB - not really needed\n");
267 case ISDN_CMD_HANGUP:
268 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
271 chan->proto = (ctl->arg >> 8);
273 case ISDN_CMD_CLREAZ:
274 pcbit_clear_msn(dev);
276 case ISDN_CMD_SETEAZ:
277 pcbit_set_msn(dev, ctl->parm.num);
280 if ((ctl->arg >> 8) != ISDN_PROTO_L3_TRANS)
281 printk(KERN_DEBUG "L3 protocol unknown\n");
284 printk(KERN_DEBUG "pcbit_command: unknown command\n");
293 * on some conditions the board stops sending TDATA_CONFs
294 * let's see if we can turn around the problem
298 static void pcbit_block_timer(unsigned long data)
300 struct pcbit_chan *chan;
301 struct pcbit_dev * dev;
304 chan = (struct pcbit_chan *) data;
306 dev = chan2dev(chan);
309 printk(KERN_DEBUG "pcbit: chan2dev failed\n");
313 del_timer(&chan->block_timer);
314 chan->block_timer.function = NULL;
317 printk(KERN_DEBUG "pcbit_block_timer\n");
320 ictl.driver = dev->id;
321 ictl.command = ISDN_STAT_BSENT;
323 dev->dev_if->statcallb(&ictl);
327 static int pcbit_xmit(int driver, int chnum, int ack, struct sk_buff *skb)
331 struct pcbit_chan * chan;
332 struct pcbit_dev *dev;
334 dev = finddev(driver);
337 printk("finddev returned NULL");
341 chan = chnum ? dev->b2 : dev->b1;
344 if (chan->fsm_state != ST_ACTIVE)
347 if (chan->queued >= MAX_QUEUED )
351 "pcbit: %d packets already in queue - write fails\n",
355 * packet stays on the head of the device queue
356 * since dev_start_xmit will fail
360 if (chan->block_timer.function == NULL) {
361 init_timer(&chan->block_timer);
362 chan->block_timer.function = &pcbit_block_timer;
363 chan->block_timer.data = (long) chan;
364 chan->block_timer.expires = jiffies + 1 * HZ;
365 add_timer(&chan->block_timer);
376 hdrlen = capi_tdata_req(chan, skb);
378 refnum = last_ref_num++ & 0x7fffU;
379 chan->s_refnum = refnum;
381 pcbit_l2_write(dev, MSG_TDATA_REQ, refnum, skb, hdrlen);
386 static int pcbit_writecmd(const u_char __user *buf, int len, int driver, int channel)
388 struct pcbit_dev * dev;
390 const u_char * loadbuf;
396 dev = finddev(driver);
400 printk("pcbit_writecmd: couldn't find device");
404 switch(dev->l2_state) {
406 /* check (size <= rdp_size); write buf into board */
407 if (len < 0 || len > BANK4 + 1 || len > 1024)
409 printk("pcbit_writecmd: invalid length %d\n", len);
413 cbuf = kmalloc(len, GFP_KERNEL);
417 if (copy_from_user(cbuf, buf, len)) {
421 memcpy_toio(dev->sh_mem, cbuf, len);
425 /* this is the hard part */
427 /* get it into kernel space */
428 if ((ptr = kmalloc(len, GFP_KERNEL))==NULL)
430 if (copy_from_user(ptr, buf, len)) {
438 for (i=0; i < len; i++)
440 for(j=0; j < LOAD_RETRY; j++)
441 if (!(readb(dev->sh_mem + dev->loadptr)))
447 printk("TIMEOUT i=%d\n", i);
450 writeb(loadbuf[i], dev->sh_mem + dev->loadptr + 1);
451 writeb(0x01, dev->sh_mem + dev->loadptr);
454 if (dev->loadptr > LOAD_ZONE_END)
455 dev->loadptr = LOAD_ZONE_START;
459 return errstat ? errstat : len;
466 * demultiplexing of messages
470 void pcbit_l3_receive(struct pcbit_dev * dev, ulong msg,
471 struct sk_buff * skb,
472 ushort hdr_len, ushort refnum)
474 struct pcbit_chan *chan;
475 struct sk_buff *skb2;
477 struct callb_data cbdata;
484 if (!(chan = capi_channel(dev, skb))) {
486 "CAPI header: unknown channel id\n");
489 chan->r_refnum = skb->data[7];
492 dev->dev_if->rcvcallb_skb(dev->id, chan->id, skb);
494 if (capi_tdata_resp(chan, &skb2) > 0)
495 pcbit_l2_write(dev, MSG_TDATA_RESP, refnum,
500 if (!(chan = capi_channel(dev, skb))) {
502 "CAPI header: unknown channel id\n");
507 if ( (*((ushort *) (skb->data + 2) )) != 0) {
508 printk(KERN_DEBUG "TDATA_CONF error\n");
512 if (chan->queued == MAX_QUEUED) {
513 del_timer(&chan->block_timer);
514 chan->block_timer.function = NULL;
520 ictl.driver = dev->id;
521 ictl.command = ISDN_STAT_BSENT;
523 dev->dev_if->statcallb(&ictl);
528 * channel: 1st not used will do
529 * if both are used we're in trouble
532 if (!dev->b1->fsm_state)
534 else if (!dev->b2->fsm_state)
538 "Incoming connection: no channels available");
540 if ((len = capi_disc_req(*(ushort*)(skb->data), &skb2, CAUSE_NOCHAN)) > 0)
541 pcbit_l2_write(dev, MSG_DISC_REQ, refnum, skb2, len);
545 cbdata.data.setup.CalledPN = NULL;
546 cbdata.data.setup.CallingPN = NULL;
548 capi_decode_conn_ind(chan, skb, &cbdata);
549 cbdata.type = EV_NET_SETUP;
551 pcbit_fsm_event(dev, chan, EV_NET_SETUP, NULL);
553 if (pcbit_check_msn(dev, cbdata.data.setup.CallingPN))
554 pcbit_fsm_event(dev, chan, EV_USR_PROCED_REQ, &cbdata);
556 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
558 kfree(cbdata.data.setup.CalledPN);
559 kfree(cbdata.data.setup.CallingPN);
564 * We should be able to find the channel by the message
565 * reference number. The current version of the firmware
566 * doesn't sent the ref number correctly.
569 printk(KERN_DEBUG "refnum=%04x b1=%04x b2=%04x\n", refnum,
573 /* We just try to find a channel in the right state */
575 if (dev->b1->fsm_state == ST_CALL_INIT)
578 if (dev->b2->s_refnum == ST_CALL_INIT)
582 printk(KERN_WARNING "Connection Confirm - no channel in Call Init state\n");
586 if (capi_decode_conn_conf(chan, skb, &complete)) {
587 printk(KERN_DEBUG "conn_conf indicates error\n");
588 pcbit_fsm_event(dev, chan, EV_ERROR, NULL);
592 pcbit_fsm_event(dev, chan, EV_NET_CALL_PROC, NULL);
594 pcbit_fsm_event(dev, chan, EV_NET_SETUP_ACK, NULL);
596 case MSG_CONN_ACTV_IND:
598 if (!(chan = capi_channel(dev, skb))) {
600 "CAPI header: unknown channel id\n");
604 if (capi_decode_conn_actv_ind(chan, skb)) {
605 printk("error in capi_decode_conn_actv_ind\n");
606 /* pcbit_fsm_event(dev, chan, EV_ERROR, NULL); */
609 chan->r_refnum = refnum;
610 pcbit_fsm_event(dev, chan, EV_NET_CONN, NULL);
612 case MSG_CONN_ACTV_CONF:
614 if (!(chan = capi_channel(dev, skb))) {
616 "CAPI header: unknown channel id\n");
620 if (capi_decode_conn_actv_conf(chan, skb) == 0)
621 pcbit_fsm_event(dev, chan, EV_NET_CONN_ACK, NULL);
624 printk(KERN_DEBUG "decode_conn_actv_conf failed\n");
629 if (!(chan = capi_channel(dev, skb))) {
631 "CAPI header: unknown channel id\n");
635 if (!(err = capi_decode_sel_proto_conf(chan, skb)))
636 pcbit_fsm_event(dev, chan, EV_NET_SELP_RESP, NULL);
639 printk("error %d - capi_decode_sel_proto_conf\n", err);
642 case MSG_ACT_TRANSP_CONF:
643 if (!(chan = capi_channel(dev, skb))) {
645 "CAPI header: unknown channel id\n");
649 if (!capi_decode_actv_trans_conf(chan, skb))
650 pcbit_fsm_event(dev, chan, EV_NET_ACTV_RESP, NULL);
655 if (!(chan = capi_channel(dev, skb))) {
657 "CAPI header: unknown channel id\n");
661 if (!capi_decode_disc_ind(chan, skb))
662 pcbit_fsm_event(dev, chan, EV_NET_DISC, NULL);
664 printk(KERN_WARNING "capi_decode_disc_ind - error\n");
667 if (!(chan = capi_channel(dev, skb))) {
669 "CAPI header: unknown channel id\n");
673 if (!capi_decode_disc_ind(chan, skb))
674 pcbit_fsm_event(dev, chan, EV_NET_RELEASE, NULL);
676 printk(KERN_WARNING "capi_decode_disc_conf - error\n");
680 printk(KERN_DEBUG "received Info Indication - discarded\n");
685 capi_decode_debug_188(skb->data, skb->len);
689 printk(KERN_DEBUG "pcbit_l3_receive: unknown message %08lx\n",
701 * should be a statbuf per device
704 static char statbuf[STATBUF_LEN];
705 static int stat_st = 0;
706 static int stat_end = 0;
708 static int pcbit_stat(u_char __user *buf, int len, int driver, int channel)
711 stat_count = stat_end - stat_st;
714 stat_count = STATBUF_LEN - stat_st + stat_end;
716 /* FIXME: should we sleep and wait for more cookies ? */
717 if (len > stat_count)
720 if (stat_st < stat_end)
722 if (copy_to_user(buf, statbuf + stat_st, len))
728 if (len > STATBUF_LEN - stat_st)
730 if (copy_to_user(buf, statbuf + stat_st,
731 STATBUF_LEN - stat_st))
733 if (copy_to_user(buf, statbuf,
734 len - (STATBUF_LEN - stat_st)))
737 stat_st = len - (STATBUF_LEN - stat_st);
741 if (copy_to_user(buf, statbuf + stat_st, len))
746 if (stat_st == STATBUF_LEN)
751 if (stat_st == stat_end)
752 stat_st = stat_end = 0;
757 static void pcbit_logstat(struct pcbit_dev *dev, char *str)
762 for (i=stat_end; i<strlen(str); i++)
765 stat_end = (stat_end + 1) % STATBUF_LEN;
766 if (stat_end == stat_st)
767 stat_st = (stat_st + 1) % STATBUF_LEN;
770 ictl.command=ISDN_STAT_STAVAIL;
772 ictl.arg=strlen(str);
773 dev->dev_if->statcallb(&ictl);
776 void pcbit_state_change(struct pcbit_dev * dev, struct pcbit_chan * chan,
777 unsigned short i, unsigned short ev, unsigned short f)
781 sprintf(buf, "change on device: %d channel:%d\n%s -> %s -> %s\n",
783 isdn_state_table[i], strisdnevent(ev), isdn_state_table[f]
790 pcbit_logstat(dev, buf);
793 static void set_running_timeout(unsigned long ptr)
795 struct pcbit_dev * dev;
798 printk(KERN_DEBUG "set_running_timeout\n");
800 dev = (struct pcbit_dev *) ptr;
802 wake_up_interruptible(&dev->set_running_wq);
805 static int set_protocol_running(struct pcbit_dev * dev)
809 init_timer(&dev->set_running_timer);
811 dev->set_running_timer.function = &set_running_timeout;
812 dev->set_running_timer.data = (ulong) dev;
813 dev->set_running_timer.expires = jiffies + SET_RUN_TIMEOUT;
817 dev->l2_state = L2_STARTING;
819 writeb((0x80U | ((dev->rcv_seq & 0x07) << 3) | (dev->send_seq & 0x07)),
820 dev->sh_mem + BANK4);
822 add_timer(&dev->set_running_timer);
824 interruptible_sleep_on(&dev->set_running_wq);
826 del_timer(&dev->set_running_timer);
828 if (dev->l2_state == L2_RUNNING)
830 printk(KERN_DEBUG "pcbit: running\n");
832 dev->unack_seq = dev->send_seq;
834 dev->writeptr = dev->sh_mem;
835 dev->readptr = dev->sh_mem + BANK2;
837 /* tell the good news to the upper layer */
838 ctl.driver = dev->id;
839 ctl.command = ISDN_STAT_RUN;
841 dev->dev_if->statcallb(&ctl);
845 printk(KERN_DEBUG "pcbit: initialization failed\n");
846 printk(KERN_DEBUG "pcbit: firmware not loaded\n");
848 dev->l2_state = L2_DOWN;
851 printk(KERN_DEBUG "Bank3 = %02x\n",
852 readb(dev->sh_mem + BANK3));
854 writeb(0x40, dev->sh_mem + BANK4);
856 /* warn the upper layer */
857 ctl.driver = dev->id;
858 ctl.command = ISDN_STAT_STOP;
860 dev->dev_if->statcallb(&ctl);
862 return -EL2HLT; /* Level 2 halted */
868 static int pcbit_ioctl(isdn_ctrl* ctl)
870 struct pcbit_dev * dev;
871 struct pcbit_ioctl *cmd;
873 dev = finddev(ctl->driver);
877 printk(KERN_DEBUG "pcbit_ioctl: unknown device\n");
881 cmd = (struct pcbit_ioctl *) ctl->parm.num;
884 case PCBIT_IOCTL_GETSTAT:
885 cmd->info.l2_status = dev->l2_state;
888 case PCBIT_IOCTL_STRLOAD:
889 if (dev->l2_state == L2_RUNNING)
892 dev->unack_seq = dev->send_seq = dev->rcv_seq = 0;
894 dev->writeptr = dev->sh_mem;
895 dev->readptr = dev->sh_mem + BANK2;
897 dev->l2_state = L2_LOADING;
900 case PCBIT_IOCTL_LWMODE:
901 if (dev->l2_state != L2_LOADING)
904 dev->l2_state = L2_LWMODE;
907 case PCBIT_IOCTL_FWMODE:
908 if (dev->l2_state == L2_RUNNING)
910 dev->loadptr = LOAD_ZONE_START;
911 dev->l2_state = L2_FWMODE;
914 case PCBIT_IOCTL_ENDLOAD:
915 if (dev->l2_state == L2_RUNNING)
917 dev->l2_state = L2_DOWN;
920 case PCBIT_IOCTL_SETBYTE:
921 if (dev->l2_state == L2_RUNNING)
925 if (cmd->info.rdp_byte.addr > BANK4)
928 writeb(cmd->info.rdp_byte.value, dev->sh_mem + cmd->info.rdp_byte.addr);
930 case PCBIT_IOCTL_GETBYTE:
931 if (dev->l2_state == L2_RUNNING)
936 if (cmd->info.rdp_byte.addr > BANK4)
938 printk("getbyte: invalid addr %04x\n", cmd->info.rdp_byte.addr);
942 cmd->info.rdp_byte.value = readb(dev->sh_mem + cmd->info.rdp_byte.addr);
944 case PCBIT_IOCTL_RUNNING:
945 if (dev->l2_state == L2_RUNNING)
947 return set_protocol_running(dev);
949 case PCBIT_IOCTL_WATCH188:
950 if (dev->l2_state != L2_LOADING)
952 pcbit_l2_write(dev, MSG_WATCH188, 0x0001, NULL, 0);
954 case PCBIT_IOCTL_PING188:
955 if (dev->l2_state != L2_LOADING)
957 pcbit_l2_write(dev, MSG_PING188_REQ, 0x0001, NULL, 0);
959 case PCBIT_IOCTL_APION:
960 if (dev->l2_state != L2_LOADING)
962 pcbit_l2_write(dev, MSG_API_ON, 0x0001, NULL, 0);
964 case PCBIT_IOCTL_STOP:
965 dev->l2_state = L2_DOWN;
966 writeb(0x40, dev->sh_mem + BANK4);
972 printk("error: unknown ioctl\n");
981 * if null reject all calls
982 * if first entry has null MSN accept all calls
985 static void pcbit_clear_msn(struct pcbit_dev *dev)
987 struct msn_entry *ptr, *back;
989 for (ptr=dev->msn_list; ptr; )
996 dev->msn_list = NULL;
999 static void pcbit_set_msn(struct pcbit_dev *dev, char *list)
1001 struct msn_entry *ptr;
1002 struct msn_entry *back = NULL;
1006 if (strlen(list) == 0) {
1007 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1009 printk(KERN_WARNING "kmalloc failed\n");
1015 ptr->next = dev->msn_list;
1016 dev->msn_list = ptr;
1022 for (back=dev->msn_list; back->next; back=back->next);
1033 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1036 printk(KERN_WARNING "kmalloc failed\n");
1041 ptr->msn = kmalloc(len, GFP_ATOMIC);
1043 printk(KERN_WARNING "kmalloc failed\n");
1048 memcpy(ptr->msn, sp, len - 1);
1052 printk(KERN_DEBUG "msn: %s\n", ptr->msn);
1054 if (dev->msn_list == NULL)
1055 dev->msn_list = ptr;
1064 * check if we do signal or reject an incoming call
1066 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn)
1068 struct msn_entry *ptr;
1070 for (ptr=dev->msn_list; ptr; ptr=ptr->next) {
1072 if (ptr->msn == NULL)
1075 if (strcmp(ptr->msn, msn) == 0)
projects / linux-2.6 / blob