MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check
[linux-2.6/linux-mips.git] / drivers / isdn / pcbit / layer2.c
blob30f0f45e3139293a68007236f1c12bb80156f56e
1 /*
2 * PCBIT-D low-layer interface
4 * Copyright (C) 1996 Universidade de Lisboa
6 * Written by Pedro Roque Marques (roque@di.fc.ul.pt)
8 * This software may be used and distributed according to the terms of
9 * the GNU General Public License, incorporated herein by reference.
13 * 19991203 - Fernando Carvalho - takion@superbofh.org
14 * Hacked to compile with egcs and run with current version of isdn modules
18 * Based on documentation provided by Inesc:
19 * - "Interface com bus do PC para o PCBIT e PCBIT-D", Inesc, Jan 93
23 * TODO: better handling of errors
24 * re-write/remove debug printks
27 #include <linux/string.h>
28 #include <linux/kernel.h>
29 #include <linux/types.h>
30 #include <linux/sched.h>
31 #include <linux/slab.h>
32 #include <linux/interrupt.h>
33 #include <linux/workqueue.h>
34 #include <linux/mm.h>
35 #include <linux/skbuff.h>
37 #include <linux/isdnif.h>
39 #include <asm/system.h>
40 #include <asm/io.h>
43 #include "pcbit.h"
44 #include "layer2.h"
45 #include "edss1.h"
47 #undef DEBUG_FRAG
51 * Prototypes
54 static void pcbit_transmit(struct pcbit_dev *dev);
56 static void pcbit_recv_ack(struct pcbit_dev *dev, unsigned char ack);
58 static void pcbit_l2_error(struct pcbit_dev *dev);
59 static void pcbit_l2_active_conf(struct pcbit_dev *dev, u_char info);
60 static void pcbit_l2_err_recover(unsigned long data);
62 static void pcbit_firmware_bug(struct pcbit_dev *dev);
64 static __inline__ void
65 pcbit_sched_delivery(struct pcbit_dev *dev)
67 schedule_work(&dev->qdelivery);
72 * Called from layer3
75 int
76 pcbit_l2_write(struct pcbit_dev *dev, ulong msg, ushort refnum,
77 struct sk_buff *skb, unsigned short hdr_len)
79 struct frame_buf *frame,
80 *ptr;
81 unsigned long flags;
83 if (dev->l2_state != L2_RUNNING && dev->l2_state != L2_LOADING) {
84 dev_kfree_skb(skb);
85 return -1;
87 if ((frame = kmalloc(sizeof(struct frame_buf),
88 GFP_ATOMIC)) == NULL) {
89 printk(KERN_WARNING "pcbit_2_write: kmalloc failed\n");
90 dev_kfree_skb(skb);
91 return -1;
93 frame->msg = msg;
94 frame->refnum = refnum;
95 frame->copied = 0;
96 frame->hdr_len = hdr_len;
98 if (skb)
99 frame->dt_len = skb->len - hdr_len;
100 else
101 frame->dt_len = 0;
103 frame->skb = skb;
105 frame->next = NULL;
107 spin_lock_irqsave(&dev->lock, flags);
109 if (dev->write_queue == NULL) {
110 dev->write_queue = frame;
111 spin_unlock_irqrestore(&dev->lock, flags);
112 pcbit_transmit(dev);
113 } else {
114 for (ptr = dev->write_queue; ptr->next; ptr = ptr->next);
115 ptr->next = frame;
117 spin_unlock_irqrestore(&dev->lock, flags);
119 return 0;
122 static __inline__ void
123 pcbit_tx_update(struct pcbit_dev *dev, ushort len)
125 u_char info;
127 dev->send_seq = (dev->send_seq + 1) % 8;
129 dev->fsize[dev->send_seq] = len;
130 info = 0;
131 info |= dev->rcv_seq << 3;
132 info |= dev->send_seq;
134 writeb(info, dev->sh_mem + BANK4);
139 * called by interrupt service routine or by write_2
142 static void
143 pcbit_transmit(struct pcbit_dev *dev)
145 struct frame_buf *frame = NULL;
146 unsigned char unacked;
147 int flen; /* fragment frame length including all headers */
148 int free;
149 int count,
150 cp_len;
151 unsigned long flags;
152 unsigned short tt;
154 if (dev->l2_state != L2_RUNNING && dev->l2_state != L2_LOADING)
155 return;
157 unacked = (dev->send_seq + (8 - dev->unack_seq)) & 0x07;
159 spin_lock_irqsave(&dev->lock, flags);
161 if (dev->free > 16 && dev->write_queue && unacked < 7) {
163 if (!dev->w_busy)
164 dev->w_busy = 1;
165 else {
166 spin_unlock_irqrestore(&dev->lock, flags);
167 return;
171 frame = dev->write_queue;
172 free = dev->free;
174 spin_unlock_irqrestore(&dev->lock, flags);
176 if (frame->copied == 0) {
178 /* Type 0 frame */
180 ulong msg;
182 if (frame->skb)
183 flen = FRAME_HDR_LEN + PREHDR_LEN + frame->skb->len;
184 else
185 flen = FRAME_HDR_LEN + PREHDR_LEN;
187 if (flen > free)
188 flen = free;
190 msg = frame->msg;
193 * Board level 2 header
196 pcbit_writew(dev, flen - FRAME_HDR_LEN);
198 pcbit_writeb(dev, GET_MSG_CPU(msg));
200 pcbit_writeb(dev, GET_MSG_PROC(msg));
202 /* TH */
203 pcbit_writew(dev, frame->hdr_len + PREHDR_LEN);
205 /* TD */
206 pcbit_writew(dev, frame->dt_len);
210 * Board level 3 fixed-header
213 /* LEN = TH */
214 pcbit_writew(dev, frame->hdr_len + PREHDR_LEN);
216 /* XX */
217 pcbit_writew(dev, 0);
219 /* C + S */
220 pcbit_writeb(dev, GET_MSG_CMD(msg));
221 pcbit_writeb(dev, GET_MSG_SCMD(msg));
223 /* NUM */
224 pcbit_writew(dev, frame->refnum);
226 count = FRAME_HDR_LEN + PREHDR_LEN;
227 } else {
228 /* Type 1 frame */
230 flen = 2 + (frame->skb->len - frame->copied);
232 if (flen > free)
233 flen = free;
235 /* TT */
236 tt = ((ushort) (flen - 2)) | 0x8000U; /* Type 1 */
237 pcbit_writew(dev, tt);
239 count = 2;
242 if (frame->skb) {
243 cp_len = frame->skb->len - frame->copied;
244 if (cp_len > flen - count)
245 cp_len = flen - count;
247 memcpy_topcbit(dev, frame->skb->data + frame->copied,
248 cp_len);
249 frame->copied += cp_len;
251 /* bookkeeping */
252 dev->free -= flen;
253 pcbit_tx_update(dev, flen);
255 spin_lock_irqsave(&dev->lock, flags);
257 if (frame->skb == NULL || frame->copied == frame->skb->len) {
259 dev->write_queue = frame->next;
261 if (frame->skb != NULL) {
262 /* free frame */
263 dev_kfree_skb(frame->skb);
265 kfree(frame);
267 dev->w_busy = 0;
268 spin_unlock_irqrestore(&dev->lock, flags);
269 } else {
270 spin_unlock_irqrestore(&dev->lock, flags);
271 #ifdef DEBUG
272 printk(KERN_DEBUG "unacked %d free %d write_queue %s\n",
273 unacked, dev->free, dev->write_queue ? "not empty" :
274 "empty");
275 #endif
281 * deliver a queued frame to the upper layer
284 void
285 pcbit_deliver(struct work_struct *work)
287 struct frame_buf *frame;
288 unsigned long flags, msg;
289 struct pcbit_dev *dev =
290 container_of(work, struct pcbit_dev, qdelivery);
292 spin_lock_irqsave(&dev->lock, flags);
294 while ((frame = dev->read_queue)) {
295 dev->read_queue = frame->next;
296 spin_unlock_irqrestore(&dev->lock, flags);
298 msg = 0;
299 SET_MSG_CPU(msg, 0);
300 SET_MSG_PROC(msg, 0);
301 SET_MSG_CMD(msg, frame->skb->data[2]);
302 SET_MSG_SCMD(msg, frame->skb->data[3]);
304 frame->refnum = *((ushort *) frame->skb->data + 4);
305 frame->msg = *((ulong *) & msg);
307 skb_pull(frame->skb, 6);
309 pcbit_l3_receive(dev, frame->msg, frame->skb, frame->hdr_len,
310 frame->refnum);
312 kfree(frame);
314 spin_lock_irqsave(&dev->lock, flags);
317 spin_unlock_irqrestore(&dev->lock, flags);
321 * Reads BANK 2 & Reassembles
324 static void
325 pcbit_receive(struct pcbit_dev *dev)
327 unsigned short tt;
328 u_char cpu,
329 proc;
330 struct frame_buf *frame = NULL;
331 unsigned long flags;
332 u_char type1;
334 if (dev->l2_state != L2_RUNNING && dev->l2_state != L2_LOADING)
335 return;
337 tt = pcbit_readw(dev);
339 if ((tt & 0x7fffU) > 511) {
340 printk(KERN_INFO "pcbit: invalid frame length -> TT=%04x\n",
341 tt);
342 pcbit_l2_error(dev);
343 return;
345 if (!(tt & 0x8000U)) { /* Type 0 */
346 type1 = 0;
348 if (dev->read_frame) {
349 printk(KERN_DEBUG "pcbit_receive: Type 0 frame and read_frame != NULL\n");
350 /* discard previous queued frame */
351 kfree_skb(dev->read_frame->skb);
352 kfree(dev->read_frame);
353 dev->read_frame = NULL;
355 frame = kzalloc(sizeof(struct frame_buf), GFP_ATOMIC);
357 if (frame == NULL) {
358 printk(KERN_WARNING "kmalloc failed\n");
359 return;
362 cpu = pcbit_readb(dev);
363 proc = pcbit_readb(dev);
366 if (cpu != 0x06 && cpu != 0x02) {
367 printk(KERN_DEBUG "pcbit: invalid cpu value\n");
368 kfree(frame);
369 pcbit_l2_error(dev);
370 return;
373 * we discard cpu & proc on receiving
374 * but we read it to update the pointer
377 frame->hdr_len = pcbit_readw(dev);
378 frame->dt_len = pcbit_readw(dev);
381 * 0 sized packet
382 * I don't know if they are an error or not...
383 * But they are very frequent
384 * Not documented
387 if (frame->hdr_len == 0) {
388 kfree(frame);
389 #ifdef DEBUG
390 printk(KERN_DEBUG "0 sized frame\n");
391 #endif
392 pcbit_firmware_bug(dev);
393 return;
395 /* sanity check the length values */
396 if (frame->hdr_len > 1024 || frame->dt_len > 2048) {
397 #ifdef DEBUG
398 printk(KERN_DEBUG "length problem: ");
399 printk(KERN_DEBUG "TH=%04x TD=%04x\n",
400 frame->hdr_len,
401 frame->dt_len);
402 #endif
403 pcbit_l2_error(dev);
404 kfree(frame);
405 return;
407 /* minimum frame read */
409 frame->skb = dev_alloc_skb(frame->hdr_len + frame->dt_len +
410 ((frame->hdr_len + 15) & ~15));
412 if (!frame->skb) {
413 printk(KERN_DEBUG "pcbit_receive: out of memory\n");
414 kfree(frame);
415 return;
417 /* 16 byte alignment for IP */
418 if (frame->dt_len)
419 skb_reserve(frame->skb, (frame->hdr_len + 15) & ~15);
421 } else {
422 /* Type 1 */
423 type1 = 1;
424 tt &= 0x7fffU;
426 if (!(frame = dev->read_frame)) {
427 printk("Type 1 frame and no frame queued\n");
428 /* usually after an error: toss frame */
429 dev->readptr += tt;
430 if (dev->readptr > dev->sh_mem + BANK2 + BANKLEN)
431 dev->readptr -= BANKLEN;
432 return;
437 memcpy_frompcbit(dev, skb_put(frame->skb, tt), tt);
439 frame->copied += tt;
440 spin_lock_irqsave(&dev->lock, flags);
441 if (frame->copied == frame->hdr_len + frame->dt_len) {
443 if (type1) {
444 dev->read_frame = NULL;
446 if (dev->read_queue) {
447 struct frame_buf *ptr;
448 for (ptr = dev->read_queue; ptr->next; ptr = ptr->next);
449 ptr->next = frame;
450 } else
451 dev->read_queue = frame;
453 } else {
454 dev->read_frame = frame;
456 spin_unlock_irqrestore(&dev->lock, flags);
460 * The board sends 0 sized frames
461 * They are TDATA_CONFs that get messed up somehow
462 * gotta send a fake acknowledgment to the upper layer somehow
465 static __inline__ void
466 pcbit_fake_conf(struct pcbit_dev *dev, struct pcbit_chan *chan)
468 isdn_ctrl ictl;
470 if (chan->queued) {
471 chan->queued--;
473 ictl.driver = dev->id;
474 ictl.command = ISDN_STAT_BSENT;
475 ictl.arg = chan->id;
476 dev->dev_if->statcallb(&ictl);
480 static void
481 pcbit_firmware_bug(struct pcbit_dev *dev)
483 struct pcbit_chan *chan;
485 chan = dev->b1;
487 if (chan->fsm_state == ST_ACTIVE) {
488 pcbit_fake_conf(dev, chan);
490 chan = dev->b2;
492 if (chan->fsm_state == ST_ACTIVE) {
493 pcbit_fake_conf(dev, chan);
497 irqreturn_t
498 pcbit_irq_handler(int interrupt, void *devptr)
500 struct pcbit_dev *dev;
501 u_char info,
502 ack_seq,
503 read_seq;
505 dev = (struct pcbit_dev *) devptr;
507 if (!dev) {
508 printk(KERN_WARNING "pcbit_irq_handler: wrong device\n");
509 return IRQ_NONE;
511 if (dev->interrupt) {
512 printk(KERN_DEBUG "pcbit: reentering interrupt hander\n");
513 return IRQ_HANDLED;
515 dev->interrupt = 1;
517 info = readb(dev->sh_mem + BANK3);
519 if (dev->l2_state == L2_STARTING || dev->l2_state == L2_ERROR) {
520 pcbit_l2_active_conf(dev, info);
521 dev->interrupt = 0;
522 return IRQ_HANDLED;
524 if (info & 0x40U) { /* E bit set */
525 #ifdef DEBUG
526 printk(KERN_DEBUG "pcbit_irq_handler: E bit on\n");
527 #endif
528 pcbit_l2_error(dev);
529 dev->interrupt = 0;
530 return IRQ_HANDLED;
532 if (dev->l2_state != L2_RUNNING && dev->l2_state != L2_LOADING) {
533 dev->interrupt = 0;
534 return IRQ_HANDLED;
536 ack_seq = (info >> 3) & 0x07U;
537 read_seq = (info & 0x07U);
539 dev->interrupt = 0;
541 if (read_seq != dev->rcv_seq) {
542 while (read_seq != dev->rcv_seq) {
543 pcbit_receive(dev);
544 dev->rcv_seq = (dev->rcv_seq + 1) % 8;
546 pcbit_sched_delivery(dev);
548 if (ack_seq != dev->unack_seq) {
549 pcbit_recv_ack(dev, ack_seq);
551 info = dev->rcv_seq << 3;
552 info |= dev->send_seq;
554 writeb(info, dev->sh_mem + BANK4);
555 return IRQ_HANDLED;
559 static void
560 pcbit_l2_active_conf(struct pcbit_dev *dev, u_char info)
562 u_char state;
564 state = dev->l2_state;
566 #ifdef DEBUG
567 printk(KERN_DEBUG "layer2_active_confirm\n");
568 #endif
571 if (info & 0x80U) {
572 dev->rcv_seq = info & 0x07U;
573 dev->l2_state = L2_RUNNING;
574 } else
575 dev->l2_state = L2_DOWN;
577 if (state == L2_STARTING)
578 wake_up_interruptible(&dev->set_running_wq);
580 if (state == L2_ERROR && dev->l2_state == L2_RUNNING) {
581 pcbit_transmit(dev);
585 static void
586 pcbit_l2_err_recover(unsigned long data)
589 struct pcbit_dev *dev;
590 struct frame_buf *frame;
592 dev = (struct pcbit_dev *) data;
594 del_timer(&dev->error_recover_timer);
595 if (dev->w_busy || dev->r_busy) {
596 init_timer(&dev->error_recover_timer);
597 dev->error_recover_timer.expires = jiffies + ERRTIME;
598 add_timer(&dev->error_recover_timer);
599 return;
601 dev->w_busy = dev->r_busy = 1;
603 if (dev->read_frame) {
604 kfree_skb(dev->read_frame->skb);
605 kfree(dev->read_frame);
606 dev->read_frame = NULL;
608 if (dev->write_queue) {
609 frame = dev->write_queue;
610 #ifdef FREE_ON_ERROR
611 dev->write_queue = dev->write_queue->next;
613 if (frame->skb) {
614 dev_kfree_skb(frame->skb);
616 kfree(frame);
617 #else
618 frame->copied = 0;
619 #endif
621 dev->rcv_seq = dev->send_seq = dev->unack_seq = 0;
622 dev->free = 511;
623 dev->l2_state = L2_ERROR;
625 /* this is an hack... */
626 pcbit_firmware_bug(dev);
628 dev->writeptr = dev->sh_mem;
629 dev->readptr = dev->sh_mem + BANK2;
631 writeb((0x80U | ((dev->rcv_seq & 0x07) << 3) | (dev->send_seq & 0x07)),
632 dev->sh_mem + BANK4);
633 dev->w_busy = dev->r_busy = 0;
637 static void
638 pcbit_l2_error(struct pcbit_dev *dev)
640 if (dev->l2_state == L2_RUNNING) {
642 printk(KERN_INFO "pcbit: layer 2 error\n");
644 #ifdef DEBUG
645 log_state(dev);
646 #endif
648 dev->l2_state = L2_DOWN;
650 init_timer(&dev->error_recover_timer);
651 dev->error_recover_timer.function = &pcbit_l2_err_recover;
652 dev->error_recover_timer.data = (ulong) dev;
653 dev->error_recover_timer.expires = jiffies + ERRTIME;
654 add_timer(&dev->error_recover_timer);
659 * Description:
660 * if board acks frames
661 * update dev->free
662 * call pcbit_transmit to write possible queued frames
665 static void
666 pcbit_recv_ack(struct pcbit_dev *dev, unsigned char ack)
668 int i,
669 count;
670 int unacked;
672 unacked = (dev->send_seq + (8 - dev->unack_seq)) & 0x07;
674 /* dev->unack_seq < ack <= dev->send_seq; */
676 if (unacked) {
678 if (dev->send_seq > dev->unack_seq) {
679 if (ack <= dev->unack_seq || ack > dev->send_seq) {
680 printk(KERN_DEBUG
681 "layer 2 ack unacceptable - dev %d",
682 dev->id);
684 pcbit_l2_error(dev);
685 } else if (ack > dev->send_seq && ack <= dev->unack_seq) {
686 printk(KERN_DEBUG
687 "layer 2 ack unacceptable - dev %d",
688 dev->id);
689 pcbit_l2_error(dev);
692 /* ack is acceptable */
695 i = dev->unack_seq;
697 do {
698 dev->unack_seq = i = (i + 1) % 8;
699 dev->free += dev->fsize[i];
700 } while (i != ack);
702 count = 0;
703 while (count < 7 && dev->write_queue) {
704 u8 lsend_seq = dev->send_seq;
706 pcbit_transmit(dev);
708 if (dev->send_seq == lsend_seq)
709 break;
710 count++;
712 } else
713 printk(KERN_DEBUG "recv_ack: unacked = 0\n");