2 * PCBIT-D interface with isdn4linux
4 * Copyright (C) 1996 Universidade de Lisboa
6 * Written by Pedro Roque Marques (roque@di.fc.ul.pt)
8 * This software may be used and distributed according to the terms of
9 * the GNU General Public License, incorporated herein by reference.
15 * Nuno Grilo <l38486@alfa.ist.utl.pt>
16 * fixed msn_list NULL pointer dereference.
20 #include <linux/module.h>
22 #include <linux/sched.h>
24 #include <linux/kernel.h>
26 #include <linux/types.h>
27 #include <linux/slab.h>
29 #include <linux/interrupt.h>
30 #include <linux/string.h>
31 #include <linux/skbuff.h>
33 #include <linux/isdnif.h>
34 #include <asm/string.h>
36 #include <linux/ioport.h>
44 extern ushort last_ref_num;
46 static int pcbit_ioctl(isdn_ctrl* ctl);
48 static char* pcbit_devname[MAX_PCBIT_CARDS] = {
59 int pcbit_command(isdn_ctrl* ctl);
60 int pcbit_stat(u_char* buf, int len, int user, int, int);
61 int pcbit_xmit(int driver, int chan, int ack, struct sk_buff *skb);
62 int pcbit_writecmd(const u_char*, int, int, int, int);
64 static int set_protocol_running(struct pcbit_dev * dev);
66 static void pcbit_clear_msn(struct pcbit_dev *dev);
67 static void pcbit_set_msn(struct pcbit_dev *dev, char *list);
68 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn);
71 extern void pcbit_deliver(void * data);
73 int pcbit_init_dev(int board, int mem_base, int irq)
75 struct pcbit_dev *dev;
78 if ((dev=kmalloc(sizeof(struct pcbit_dev), GFP_KERNEL)) == NULL)
80 printk("pcbit_init: couldn't malloc pcbit_dev struct\n");
84 dev_pcbit[board] = dev;
85 memset(dev, 0, sizeof(struct pcbit_dev));
86 init_waitqueue_head(&dev->set_running_wq);
87 spin_lock_init(&dev->lock);
89 if (mem_base >= 0xA0000 && mem_base <= 0xFFFFF ) {
90 dev->ph_mem = mem_base;
91 if (!request_mem_region(dev->ph_mem, 4096, "PCBIT mem")) {
93 "PCBIT: memory region %lx-%lx already in use\n",
94 dev->ph_mem, dev->ph_mem + 4096);
96 dev_pcbit[board] = NULL;
99 dev->sh_mem = (unsigned char*)ioremap(dev->ph_mem, 4096);
103 printk("memory address invalid");
105 dev_pcbit[board] = NULL;
109 dev->b1 = kmalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
111 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
112 iounmap((unsigned char*)dev->sh_mem);
113 release_mem_region(dev->ph_mem, 4096);
118 dev->b2 = kmalloc(sizeof(struct pcbit_chan), GFP_KERNEL);
120 printk("pcbit_init: couldn't malloc pcbit_chan struct\n");
122 iounmap((unsigned char*)dev->sh_mem);
123 release_mem_region(dev->ph_mem, 4096);
128 memset(dev->b1, 0, sizeof(struct pcbit_chan));
129 memset(dev->b2, 0, sizeof(struct pcbit_chan));
132 INIT_WORK(&dev->qdelivery, pcbit_deliver, dev);
138 if (request_irq(irq, &pcbit_irq_handler, 0, pcbit_devname[board], dev) != 0)
142 iounmap((unsigned char*)dev->sh_mem);
143 release_mem_region(dev->ph_mem, 4096);
145 dev_pcbit[board] = NULL;
151 /* next frame to be received */
158 dev_if = kmalloc(sizeof(isdn_if), GFP_KERNEL);
164 iounmap((unsigned char*)dev->sh_mem);
165 release_mem_region(dev->ph_mem, 4096);
167 dev_pcbit[board] = NULL;
171 dev->dev_if = dev_if;
173 dev_if->owner = THIS_MODULE;
175 dev_if->channels = 2;
177 dev_if->features = (ISDN_FEATURE_P_EURO | ISDN_FEATURE_L3_TRANS |
178 ISDN_FEATURE_L2_HDLC | ISDN_FEATURE_L2_TRANS );
180 dev_if->writebuf_skb = pcbit_xmit;
181 dev_if->hl_hdrlen = 16;
183 dev_if->maxbufsize = MAXBUFSIZE;
184 dev_if->command = pcbit_command;
186 dev_if->writecmd = pcbit_writecmd;
187 dev_if->readstat = pcbit_stat;
190 strcpy(dev_if->id, pcbit_devname[board]);
192 if (!register_isdn(dev_if)) {
196 iounmap((unsigned char*)dev->sh_mem);
197 release_mem_region(dev->ph_mem, 4096);
199 dev_pcbit[board] = NULL;
203 dev->id = dev_if->channels;
206 dev->l2_state = L2_DOWN;
210 * set_protocol_running(dev);
217 void pcbit_terminate(int board)
219 struct pcbit_dev * dev;
221 dev = dev_pcbit[board];
224 /* unregister_isdn(dev->dev_if); */
225 free_irq(dev->irq, dev);
226 pcbit_clear_msn(dev);
228 if (dev->b1->fsm_timer.function)
229 del_timer(&dev->b1->fsm_timer);
230 if (dev->b2->fsm_timer.function)
231 del_timer(&dev->b2->fsm_timer);
234 iounmap((unsigned char*)dev->sh_mem);
235 release_mem_region(dev->ph_mem, 4096);
241 int pcbit_command(isdn_ctrl* ctl)
243 struct pcbit_dev *dev;
244 struct pcbit_chan *chan;
245 struct callb_data info;
247 dev = finddev(ctl->driver);
251 printk("pcbit_command: unknown device\n");
255 chan = (ctl->arg & 0x0F) ? dev->b2 : dev->b1;
258 switch(ctl->command) {
260 return pcbit_ioctl(ctl);
263 info.type = EV_USR_SETUP_REQ;
264 info.data.setup.CalledPN = (char *) &ctl->parm.setup.phone;
265 pcbit_fsm_event(dev, chan, EV_USR_SETUP_REQ, &info);
267 case ISDN_CMD_ACCEPTD:
268 pcbit_fsm_event(dev, chan, EV_USR_SETUP_RESP, NULL);
270 case ISDN_CMD_ACCEPTB:
271 printk("ISDN_CMD_ACCEPTB - not really needed\n");
273 case ISDN_CMD_HANGUP:
274 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
277 chan->proto = (ctl->arg >> 8);
279 case ISDN_CMD_CLREAZ:
280 pcbit_clear_msn(dev);
282 case ISDN_CMD_SETEAZ:
283 pcbit_set_msn(dev, ctl->parm.num);
286 if ((ctl->arg >> 8) != ISDN_PROTO_L3_TRANS)
287 printk(KERN_DEBUG "L3 protocol unknown\n");
290 printk(KERN_DEBUG "pcbit_command: unknown command\n");
299 * on some conditions the board stops sending TDATA_CONFs
300 * let's see if we can turn around the problem
304 static void pcbit_block_timer(unsigned long data)
306 struct pcbit_chan *chan;
307 struct pcbit_dev * dev;
310 chan = (struct pcbit_chan *) data;
312 dev = chan2dev(chan);
315 printk(KERN_DEBUG "pcbit: chan2dev failed\n");
319 del_timer(&chan->block_timer);
320 chan->block_timer.function = NULL;
323 printk(KERN_DEBUG "pcbit_block_timer\n");
326 ictl.driver = dev->id;
327 ictl.command = ISDN_STAT_BSENT;
329 dev->dev_if->statcallb(&ictl);
333 int pcbit_xmit(int driver, int chnum, int ack, struct sk_buff *skb)
337 struct pcbit_chan * chan;
338 struct pcbit_dev *dev;
340 dev = finddev(driver);
343 printk("finddev returned NULL");
347 chan = chnum ? dev->b2 : dev->b1;
350 if (chan->fsm_state != ST_ACTIVE)
353 if (chan->queued >= MAX_QUEUED )
357 "pcbit: %d packets already in queue - write fails\n",
361 * packet stays on the head of the device queue
362 * since dev_start_xmit will fail
366 if (chan->block_timer.function == NULL) {
367 init_timer(&chan->block_timer);
368 chan->block_timer.function = &pcbit_block_timer;
369 chan->block_timer.data = (long) chan;
370 chan->block_timer.expires = jiffies + 1 * HZ;
371 add_timer(&chan->block_timer);
382 hdrlen = capi_tdata_req(chan, skb);
384 refnum = last_ref_num++ & 0x7fffU;
385 chan->s_refnum = refnum;
387 pcbit_l2_write(dev, MSG_TDATA_REQ, refnum, skb, hdrlen);
392 int pcbit_writecmd(const u_char* buf, int len, int user, int driver, int channel)
394 struct pcbit_dev * dev;
396 const u_char * loadbuf;
401 dev = finddev(driver);
405 printk("pcbit_writecmd: couldn't find device");
409 switch(dev->l2_state) {
411 /* check (size <= rdp_size); write buf into board */
412 if (len < 0 || len > BANK4 + 1 || len > 1024)
414 printk("pcbit_writecmd: invalid length %d\n", len);
420 u_char *cbuf = kmalloc(len, GFP_KERNEL);
424 if (copy_from_user(cbuf, buf, len)) {
428 memcpy_toio(dev->sh_mem, cbuf, len);
432 memcpy_toio(dev->sh_mem, buf, len);
435 /* this is the hard part */
438 /* get it into kernel space */
439 if ((ptr = kmalloc(len, GFP_KERNEL))==NULL)
441 if (copy_from_user(ptr, buf, len)) {
452 for (i=0; i < len; i++)
454 for(j=0; j < LOAD_RETRY; j++)
455 if (!(readb(dev->sh_mem + dev->loadptr)))
461 printk("TIMEOUT i=%d\n", i);
464 writeb(loadbuf[i], dev->sh_mem + dev->loadptr + 1);
465 writeb(0x01, dev->sh_mem + dev->loadptr);
468 if (dev->loadptr > LOAD_ZONE_END)
469 dev->loadptr = LOAD_ZONE_START;
475 return errstat ? errstat : len;
482 * demultiplexing of messages
486 void pcbit_l3_receive(struct pcbit_dev * dev, ulong msg,
487 struct sk_buff * skb,
488 ushort hdr_len, ushort refnum)
490 struct pcbit_chan *chan;
491 struct sk_buff *skb2;
493 struct callb_data cbdata;
500 if (!(chan = capi_channel(dev, skb))) {
502 "CAPI header: unknown channel id\n");
505 chan->r_refnum = skb->data[7];
508 dev->dev_if->rcvcallb_skb(dev->id, chan->id, skb);
510 if (capi_tdata_resp(chan, &skb2) > 0)
511 pcbit_l2_write(dev, MSG_TDATA_RESP, refnum,
516 if (!(chan = capi_channel(dev, skb))) {
518 "CAPI header: unknown channel id\n");
523 if ( (*((ushort *) (skb->data + 2) )) != 0) {
524 printk(KERN_DEBUG "TDATA_CONF error\n");
528 if (chan->queued == MAX_QUEUED) {
529 del_timer(&chan->block_timer);
530 chan->block_timer.function = NULL;
536 ictl.driver = dev->id;
537 ictl.command = ISDN_STAT_BSENT;
539 dev->dev_if->statcallb(&ictl);
544 * channel: 1st not used will do
545 * if both are used we're in trouble
548 if (!dev->b1->fsm_state)
550 else if (!dev->b2->fsm_state)
554 "Incoming connection: no channels available");
556 if ((len = capi_disc_req(*(ushort*)(skb->data), &skb2, CAUSE_NOCHAN)) > 0)
557 pcbit_l2_write(dev, MSG_DISC_REQ, refnum, skb2, len);
561 cbdata.data.setup.CalledPN = NULL;
562 cbdata.data.setup.CallingPN = NULL;
564 capi_decode_conn_ind(chan, skb, &cbdata);
565 cbdata.type = EV_NET_SETUP;
567 pcbit_fsm_event(dev, chan, EV_NET_SETUP, NULL);
569 if (pcbit_check_msn(dev, cbdata.data.setup.CallingPN))
570 pcbit_fsm_event(dev, chan, EV_USR_PROCED_REQ, &cbdata);
572 pcbit_fsm_event(dev, chan, EV_USR_RELEASE_REQ, NULL);
574 if (cbdata.data.setup.CalledPN)
575 kfree(cbdata.data.setup.CalledPN);
576 if (cbdata.data.setup.CallingPN)
577 kfree(cbdata.data.setup.CallingPN);
582 * We should be able to find the channel by the message
583 * reference number. The current version of the firmware
584 * doesn't sent the ref number correctly.
587 printk(KERN_DEBUG "refnum=%04x b1=%04x b2=%04x\n", refnum,
591 /* We just try to find a channel in the right state */
593 if (dev->b1->fsm_state == ST_CALL_INIT)
596 if (dev->b2->s_refnum == ST_CALL_INIT)
600 printk(KERN_WARNING "Connection Confirm - no channel in Call Init state\n");
604 if (capi_decode_conn_conf(chan, skb, &complete)) {
605 printk(KERN_DEBUG "conn_conf indicates error\n");
606 pcbit_fsm_event(dev, chan, EV_ERROR, NULL);
610 pcbit_fsm_event(dev, chan, EV_NET_CALL_PROC, NULL);
612 pcbit_fsm_event(dev, chan, EV_NET_SETUP_ACK, NULL);
614 case MSG_CONN_ACTV_IND:
616 if (!(chan = capi_channel(dev, skb))) {
618 "CAPI header: unknown channel id\n");
622 if (capi_decode_conn_actv_ind(chan, skb)) {
623 printk("error in capi_decode_conn_actv_ind\n");
624 /* pcbit_fsm_event(dev, chan, EV_ERROR, NULL); */
627 chan->r_refnum = refnum;
628 pcbit_fsm_event(dev, chan, EV_NET_CONN, NULL);
630 case MSG_CONN_ACTV_CONF:
632 if (!(chan = capi_channel(dev, skb))) {
634 "CAPI header: unknown channel id\n");
638 if (capi_decode_conn_actv_conf(chan, skb) == 0)
639 pcbit_fsm_event(dev, chan, EV_NET_CONN_ACK, NULL);
642 printk(KERN_DEBUG "decode_conn_actv_conf failed\n");
647 if (!(chan = capi_channel(dev, skb))) {
649 "CAPI header: unknown channel id\n");
653 if (!(err = capi_decode_sel_proto_conf(chan, skb)))
654 pcbit_fsm_event(dev, chan, EV_NET_SELP_RESP, NULL);
657 printk("error %d - capi_decode_sel_proto_conf\n", err);
660 case MSG_ACT_TRANSP_CONF:
661 if (!(chan = capi_channel(dev, skb))) {
663 "CAPI header: unknown channel id\n");
667 if (!capi_decode_actv_trans_conf(chan, skb))
668 pcbit_fsm_event(dev, chan, EV_NET_ACTV_RESP, NULL);
673 if (!(chan = capi_channel(dev, skb))) {
675 "CAPI header: unknown channel id\n");
679 if (!capi_decode_disc_ind(chan, skb))
680 pcbit_fsm_event(dev, chan, EV_NET_DISC, NULL);
682 printk(KERN_WARNING "capi_decode_disc_ind - error\n");
685 if (!(chan = capi_channel(dev, skb))) {
687 "CAPI header: unknown channel id\n");
691 if (!capi_decode_disc_ind(chan, skb))
692 pcbit_fsm_event(dev, chan, EV_NET_RELEASE, NULL);
694 printk(KERN_WARNING "capi_decode_disc_conf - error\n");
698 printk(KERN_DEBUG "received Info Indication - discarded\n");
703 capi_decode_debug_188(skb->data, skb->len);
707 printk(KERN_DEBUG "pcbit_l3_receive: unknown message %08lx\n",
719 * should be a statbuf per device
722 static char statbuf[STATBUF_LEN];
723 static int stat_st = 0;
724 static int stat_end = 0;
728 memcpy_to_COND(int flag, char *d, const char *s, int len) {
730 copy_to_user(d, s, len);
736 int pcbit_stat(u_char* buf, int len, int user, int driver, int channel)
739 stat_count = stat_end - stat_st;
742 stat_count = STATBUF_LEN - stat_st + stat_end;
744 /* FIXME: should we sleep and wait for more cookies ? */
745 if (len > stat_count)
748 if (stat_st < stat_end)
750 memcpy_to_COND(user, buf, statbuf + stat_st, len);
755 if (len > STATBUF_LEN - stat_st)
757 memcpy_to_COND(user, buf, statbuf + stat_st,
758 STATBUF_LEN - stat_st);
759 memcpy_to_COND(user, buf, statbuf,
760 len - (STATBUF_LEN - stat_st));
762 stat_st = len - (STATBUF_LEN - stat_st);
766 memcpy_to_COND(user, buf, statbuf + stat_st,
771 if (stat_st == STATBUF_LEN)
776 if (stat_st == stat_end)
777 stat_st = stat_end = 0;
782 static void pcbit_logstat(struct pcbit_dev *dev, char *str)
787 for (i=stat_end; i<strlen(str); i++)
790 stat_end = (stat_end + 1) % STATBUF_LEN;
791 if (stat_end == stat_st)
792 stat_st = (stat_st + 1) % STATBUF_LEN;
795 ictl.command=ISDN_STAT_STAVAIL;
797 ictl.arg=strlen(str);
798 dev->dev_if->statcallb(&ictl);
801 extern char * isdn_state_table[];
802 extern char * strisdnevent(unsigned short);
805 void pcbit_state_change(struct pcbit_dev * dev, struct pcbit_chan * chan,
806 unsigned short i, unsigned short ev, unsigned short f)
810 sprintf(buf, "change on device: %d channel:%d\n%s -> %s -> %s\n",
812 isdn_state_table[i], strisdnevent(ev), isdn_state_table[f]
819 pcbit_logstat(dev, buf);
822 static void set_running_timeout(unsigned long ptr)
824 struct pcbit_dev * dev;
827 printk(KERN_DEBUG "set_running_timeout\n");
829 dev = (struct pcbit_dev *) ptr;
831 wake_up_interruptible(&dev->set_running_wq);
834 static int set_protocol_running(struct pcbit_dev * dev)
838 init_timer(&dev->set_running_timer);
840 dev->set_running_timer.function = &set_running_timeout;
841 dev->set_running_timer.data = (ulong) dev;
842 dev->set_running_timer.expires = jiffies + SET_RUN_TIMEOUT;
846 dev->l2_state = L2_STARTING;
848 writeb((0x80U | ((dev->rcv_seq & 0x07) << 3) | (dev->send_seq & 0x07)),
849 dev->sh_mem + BANK4);
851 add_timer(&dev->set_running_timer);
853 interruptible_sleep_on(&dev->set_running_wq);
855 del_timer(&dev->set_running_timer);
857 if (dev->l2_state == L2_RUNNING)
859 printk(KERN_DEBUG "pcbit: running\n");
861 dev->unack_seq = dev->send_seq;
863 dev->writeptr = dev->sh_mem;
864 dev->readptr = dev->sh_mem + BANK2;
866 /* tell the good news to the upper layer */
867 ctl.driver = dev->id;
868 ctl.command = ISDN_STAT_RUN;
870 dev->dev_if->statcallb(&ctl);
874 printk(KERN_DEBUG "pcbit: initialization failed\n");
875 printk(KERN_DEBUG "pcbit: firmware not loaded\n");
877 dev->l2_state = L2_DOWN;
880 printk(KERN_DEBUG "Bank3 = %02x\n",
881 readb(dev->sh_mem + BANK3));
883 *(dev->sh_mem + BANK4) = 0x40U;
885 /* warn the upper layer */
886 ctl.driver = dev->id;
887 ctl.command = ISDN_STAT_STOP;
889 dev->dev_if->statcallb(&ctl);
891 return -EL2HLT; /* Level 2 halted */
897 static int pcbit_ioctl(isdn_ctrl* ctl)
899 struct pcbit_dev * dev;
900 struct pcbit_ioctl *cmd;
902 dev = finddev(ctl->driver);
906 printk(KERN_DEBUG "pcbit_ioctl: unknown device\n");
910 cmd = (struct pcbit_ioctl *) ctl->parm.num;
913 case PCBIT_IOCTL_GETSTAT:
914 cmd->info.l2_status = dev->l2_state;
917 case PCBIT_IOCTL_STRLOAD:
918 if (dev->l2_state == L2_RUNNING)
921 dev->unack_seq = dev->send_seq = dev->rcv_seq = 0;
923 dev->writeptr = dev->sh_mem;
924 dev->readptr = dev->sh_mem + BANK2;
926 dev->l2_state = L2_LOADING;
929 case PCBIT_IOCTL_LWMODE:
930 if (dev->l2_state != L2_LOADING)
933 dev->l2_state = L2_LWMODE;
936 case PCBIT_IOCTL_FWMODE:
937 if (dev->l2_state == L2_RUNNING)
939 dev->loadptr = LOAD_ZONE_START;
940 dev->l2_state = L2_FWMODE;
943 case PCBIT_IOCTL_ENDLOAD:
944 if (dev->l2_state == L2_RUNNING)
946 dev->l2_state = L2_DOWN;
949 case PCBIT_IOCTL_SETBYTE:
950 if (dev->l2_state == L2_RUNNING)
954 if (cmd->info.rdp_byte.addr > BANK4)
957 writeb(cmd->info.rdp_byte.value, dev->sh_mem + cmd->info.rdp_byte.addr);
959 case PCBIT_IOCTL_GETBYTE:
960 if (dev->l2_state == L2_RUNNING)
965 if (cmd->info.rdp_byte.addr > BANK4)
967 printk("getbyte: invalid addr %04x\n", cmd->info.rdp_byte.addr);
971 cmd->info.rdp_byte.value = readb(dev->sh_mem + cmd->info.rdp_byte.addr);
973 case PCBIT_IOCTL_RUNNING:
974 if (dev->l2_state == L2_RUNNING)
976 return set_protocol_running(dev);
978 case PCBIT_IOCTL_WATCH188:
979 if (dev->l2_state != L2_LOADING)
981 pcbit_l2_write(dev, MSG_WATCH188, 0x0001, NULL, 0);
983 case PCBIT_IOCTL_PING188:
984 if (dev->l2_state != L2_LOADING)
986 pcbit_l2_write(dev, MSG_PING188_REQ, 0x0001, NULL, 0);
988 case PCBIT_IOCTL_APION:
989 if (dev->l2_state != L2_LOADING)
991 pcbit_l2_write(dev, MSG_API_ON, 0x0001, NULL, 0);
993 case PCBIT_IOCTL_STOP:
994 dev->l2_state = L2_DOWN;
995 writeb(0x40, dev->sh_mem + BANK4);
1001 printk("error: unknown ioctl\n");
1010 * if null reject all calls
1011 * if first entry has null MSN accept all calls
1014 static void pcbit_clear_msn(struct pcbit_dev *dev)
1016 struct msn_entry *ptr, *back;
1018 for (ptr=dev->msn_list; ptr; )
1025 dev->msn_list = NULL;
1028 static void pcbit_set_msn(struct pcbit_dev *dev, char *list)
1030 struct msn_entry *ptr;
1031 struct msn_entry *back = NULL;
1035 if (strlen(list) == 0) {
1036 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1038 printk(KERN_WARNING "kmalloc failed\n");
1044 ptr->next = dev->msn_list;
1045 dev->msn_list = ptr;
1051 for (back=dev->msn_list; back->next; back=back->next);
1062 ptr = kmalloc(sizeof(struct msn_entry), GFP_ATOMIC);
1065 printk(KERN_WARNING "kmalloc failed\n");
1070 ptr->msn = kmalloc(len, GFP_ATOMIC);
1072 printk(KERN_WARNING "kmalloc failed\n");
1077 memcpy(ptr->msn, sp, len - 1);
1081 printk(KERN_DEBUG "msn: %s\n", ptr->msn);
1083 if (dev->msn_list == NULL)
1084 dev->msn_list = ptr;
1093 * check if we do signal or reject an incoming call
1095 static int pcbit_check_msn(struct pcbit_dev *dev, char *msn)
1097 struct msn_entry *ptr;
1099 for (ptr=dev->msn_list; ptr; ptr=ptr->next) {
1101 if (ptr->msn == NULL)
1104 if (strcmp(ptr->msn, msn) == 0)