add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/drivers/tty/n_gsm.c
..
..
@@ -50,6 +50,7 @@
50
50
 #include <linux/netdevice.h>
51
51
 #include <linux/etherdevice.h>
52
52
 #include <linux/gsmmux.h>
53
+#include "tty.h"
53
54
 
54
55
 static int debug;
55
56
 module_param(debug, int, 0600);
..
..
@@ -72,14 +73,15 @@
72
73
  */
73
74
 #define MAX_MRU 1500
74
75
 #define MAX_MTU 1500
76
+/* SOF, ADDR, CTRL, LEN1, LEN2, ..., FCS, EOF */
77
+#define PROT_OVERHEAD 7
75
78
 #define	GSM_NET_TX_TIMEOUT (HZ*10)
76
79
 
77
80
 /**
78
81
  *	struct gsm_mux_net	-	network interface
79
- *	@struct gsm_dlci* dlci
80
82
  *
81
83
  *	Created when net interface is initialized.
82
- **/
84
+ */
83
85
 struct gsm_mux_net {
84
86
 	struct kref ref;
85
87
 	struct gsm_dlci *dlci;
..
..
@@ -97,7 +99,19 @@
97
99
 	u8 ctrl;		/* Control byte + flags */
98
100
 	unsigned int len;	/* Length of data block (can be zero) */
99
101
 	unsigned char *data;	/* Points into buffer but not at the start */
100
-	unsigned char buffer[0];
102
+	unsigned char buffer[];
103
+};
104
+
105
+enum gsm_dlci_state {
106
+	DLCI_CLOSED,
107
+	DLCI_OPENING,		/* Sending SABM not seen UA */
108
+	DLCI_OPEN,		/* SABM/UA complete */
109
+	DLCI_CLOSING,		/* Sending DISC not seen UA/DM */
110
+};
111
+
112
+enum gsm_dlci_mode {
113
+	DLCI_MODE_ABM,		/* Normal Asynchronous Balanced Mode */
114
+	DLCI_MODE_ADM,		/* Asynchronous Disconnected Mode */
101
115
 };
102
116
 
103
117
 /*
..
..
@@ -113,38 +127,31 @@
113
127
 struct gsm_dlci {
114
128
 	struct gsm_mux *gsm;
115
129
 	int addr;
116
-	int state;
117
-#define DLCI_CLOSED		0
118
-#define DLCI_OPENING		1	/* Sending SABM not seen UA */
119
-#define DLCI_OPEN		2	/* SABM/UA complete */
120
-#define DLCI_CLOSING		3	/* Sending DISC not seen UA/DM */
130
+	enum gsm_dlci_state state;
121
131
 	struct mutex mutex;
122
132
 
123
133
 	/* Link layer */
124
-	int mode;
125
-#define DLCI_MODE_ABM		0	/* Normal Asynchronous Balanced Mode */
126
-#define DLCI_MODE_ADM		1	/* Asynchronous Disconnected Mode */
134
+	enum gsm_dlci_mode mode;
127
135
 	spinlock_t lock;	/* Protects the internal state */
128
136
 	struct timer_list t1;	/* Retransmit timer for SABM and UA */
129
137
 	int retries;
130
138
 	/* Uplink tty if active */
131
139
 	struct tty_port port;	/* The tty bound to this DLCI if there is one */
132
-	struct kfifo *fifo;	/* Queue fifo for the DLCI */
133
-	struct kfifo _fifo;	/* For new fifo API porting only */
140
+	struct kfifo fifo;	/* Queue fifo for the DLCI */
134
141
 	int adaption;		/* Adaption layer in use */
135
142
 	int prev_adaption;
136
143
 	u32 modem_rx;		/* Our incoming virtual modem lines */
137
144
 	u32 modem_tx;		/* Our outgoing modem lines */
138
-	int dead;		/* Refuse re-open */
145
+	bool dead;		/* Refuse re-open */
139
146
 	/* Flow control */
140
-	int throttled;		/* Private copy of throttle state */
141
-	int constipated;	/* Throttle status for outgoing */
147
+	bool throttled;		/* Private copy of throttle state */
148
+	bool constipated;	/* Throttle status for outgoing */
142
149
 	/* Packetised I/O */
143
150
 	struct sk_buff *skb;	/* Frame being sent */
144
151
 	struct sk_buff_head skb_list;	/* Queued frames */
145
152
 	/* Data handling callback */
146
-	void (*data)(struct gsm_dlci *dlci, u8 *data, int len);
147
-	void (*prev_data)(struct gsm_dlci *dlci, u8 *data, int len);
153
+	void (*data)(struct gsm_dlci *dlci, const u8 *data, int len);
154
+	void (*prev_data)(struct gsm_dlci *dlci, const u8 *data, int len);
148
155
 	struct net_device *net; /* network interface, if created */
149
156
 };
150
157
 
..
..
@@ -166,6 +173,20 @@
166
173
 	int len;	/* Length of block for retransmission */
167
174
 	int done;	/* Done flag */
168
175
 	int error;	/* Error if any */
176
+};
177
+
178
+enum gsm_mux_state {
179
+	GSM_SEARCH,
180
+	GSM_START,
181
+	GSM_ADDRESS,
182
+	GSM_CONTROL,
183
+	GSM_LEN,
184
+	GSM_DATA,
185
+	GSM_FCS,
186
+	GSM_OVERRUN,
187
+	GSM_LEN0,
188
+	GSM_LEN1,
189
+	GSM_SSOF,
169
190
 };
170
191
 
171
192
 /*
..
..
@@ -192,41 +213,28 @@
192
213
 
193
214
 	/* Framing Layer */
194
215
 	unsigned char *buf;
195
-	int state;
196
-#define GSM_SEARCH		0
197
-#define GSM_START		1
198
-#define GSM_ADDRESS		2
199
-#define GSM_CONTROL		3
200
-#define GSM_LEN			4
201
-#define GSM_DATA		5
202
-#define GSM_FCS			6
203
-#define GSM_OVERRUN		7
204
-#define GSM_LEN0		8
205
-#define GSM_LEN1		9
206
-#define GSM_SSOF		10
216
+	enum gsm_mux_state state;
207
217
 	unsigned int len;
208
218
 	unsigned int address;
209
219
 	unsigned int count;
210
-	int escape;
220
+	bool escape;
211
221
 	int encoding;
212
222
 	u8 control;
213
223
 	u8 fcs;
214
224
 	u8 received_fcs;
215
225
 	u8 *txframe;			/* TX framing buffer */
216
226
 
217
-	/* Methods for the receiver side */
227
+	/* Method for the receiver side */
218
228
 	void (*receive)(struct gsm_mux *gsm, u8 ch);
219
-	void (*error)(struct gsm_mux *gsm, u8 ch, u8 flag);
220
-	/* And transmit side */
221
-	int (*output)(struct gsm_mux *mux, u8 *data, int len);
222
229
 
223
230
 	/* Link Layer */
224
231
 	unsigned int mru;
225
232
 	unsigned int mtu;
226
233
 	int initiator;			/* Did we initiate connection */
227
-	int dead;			/* Has the mux been shut down */
234
+	bool dead;			/* Has the mux been shut down */
228
235
 	struct gsm_dlci *dlci[NUM_DLCI];
229
-	int constipated;		/* Asked by remote to shut up */
236
+	int old_c_iflag;		/* termios c_iflag value before attach */
237
+	bool constipated;		/* Asked by remote to shut up */
230
238
 
231
239
 	spinlock_t tx_lock;
232
240
 	unsigned int tx_bytes;		/* TX data outstanding */
..
..
@@ -359,6 +367,8 @@
359
367
 #define INIT_FCS	0xFF
360
368
 #define GOOD_FCS	0xCF
361
369
 
370
+static int gsmld_output(struct gsm_mux *gsm, u8 *data, int len);
371
+
362
372
 /**
363
373
  *	gsm_fcs_add	-	update FCS
364
374
  *	@fcs: Current FCS
..
..
@@ -393,7 +403,7 @@
393
403
 /**
394
404
  *	gsm_read_ea		-	read a byte into an EA
395
405
  *	@val: variable holding value
396
- *	c: byte going into the EA
406
+ *	@c: byte going into the EA
397
407
  *
398
408
  *	Processes one byte of an EA. Updates the passed variable
399
409
  *	and returns 1 if the EA is now completely read
..
..
@@ -406,6 +416,27 @@
406
416
 	*val |= c >> 1;
407
417
 	/* Was this the last byte of the EA 1 = yes*/
408
418
 	return c & EA;
419
+}
420
+
421
+/**
422
+ *	gsm_read_ea_val	-	read a value until EA
423
+ *	@val: variable holding value
424
+ *	@data: buffer of data
425
+ *	@dlen: length of data
426
+ *
427
+ *	Processes an EA value. Updates the passed variable and
428
+ *	returns the processed data length.
429
+ */
430
+static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
431
+{
432
+	unsigned int len = 0;
433
+
434
+	for (; dlen > 0; dlen--) {
435
+		len++;
436
+		if (gsm_read_ea(val, *data++))
437
+			break;
438
+	}
439
+	return len;
409
440
 }
410
441
 
411
442
 /**
..
..
@@ -497,18 +528,7 @@
497
528
 	else
498
529
 		pr_cont("(F)");
499
530
 
500
-	if (dlen) {
501
-		int ct = 0;
502
-		while (dlen--) {
503
-			if (ct % 8 == 0) {
504
-				pr_cont("\n");
505
-				pr_debug("    ");
506
-			}
507
-			pr_cont("%02X ", *data++);
508
-			ct++;
509
-		}
510
-	}
511
-	pr_cont("\n");
531
+	print_hex_dump_bytes("", DUMP_PREFIX_NONE, data, dlen);
512
532
 }
513
533
 
514
534
 
..
..
@@ -518,8 +538,8 @@
518
538
 
519
539
 /**
520
540
  *	gsm_stuff_packet	-	bytestuff a packet
521
- *	@ibuf: input
522
- *	@obuf: output
541
+ *	@input: input buffer
542
+ *	@output: output buffer
523
543
  *	@len: length of input
524
544
  *
525
545
  *	Expand a buffer by bytestuffing it. The worst case size change
..
..
@@ -592,7 +612,7 @@
592
612
 		WARN_ON(1);
593
613
 		return;
594
614
 	}
595
-	gsm->output(gsm, cbuf, len);
615
+	gsmld_output(gsm, cbuf, len);
596
616
 	gsm_print_packet("-->", addr, cr, control, NULL, 0);
597
617
 }
598
618
 
..
..
@@ -656,6 +676,37 @@
656
676
 }
657
677
 
658
678
 /**
679
+ *	gsm_is_flow_ctrl_msg	-	checks if flow control message
680
+ *	@msg: message to check
681
+ *
682
+ *	Returns true if the given message is a flow control command of the
683
+ *	control channel. False is returned in any other case.
684
+ */
685
+static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
686
+{
687
+	unsigned int cmd;
688
+
689
+	if (msg->addr > 0)
690
+		return false;
691
+
692
+	switch (msg->ctrl & ~PF) {
693
+	case UI:
694
+	case UIH:
695
+		cmd = 0;
696
+		if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
697
+			break;
698
+		switch (cmd & ~PF) {
699
+		case CMD_FCOFF:
700
+		case CMD_FCON:
701
+			return true;
702
+		}
703
+		break;
704
+	}
705
+
706
+	return false;
707
+}
708
+
709
+/**
659
710
  *	gsm_data_kick		-	poke the queue
660
711
  *	@gsm: GSM Mux
661
712
  *
..
..
@@ -673,7 +724,7 @@
673
724
 	int len;
674
725
 
675
726
 	list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
676
-		if (gsm->constipated && msg->addr)
727
+		if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
677
728
 			continue;
678
729
 		if (gsm->encoding != 0) {
679
730
 			gsm->txframe[0] = GSM1_SOF;
..
..
@@ -692,7 +743,7 @@
692
743
 			print_hex_dump_bytes("gsm_data_kick: ",
693
744
 					     DUMP_PREFIX_OFFSET,
694
745
 					     gsm->txframe, len);
695
-		if (gsm->output(gsm, gsm->txframe, len) < 0)
746
+		if (gsmld_output(gsm, gsm->txframe, len) < 0)
696
747
 			break;
697
748
 		/* FIXME: Can eliminate one SOF in many more cases */
698
749
 		gsm->tx_bytes -= msg->len;
..
..
@@ -797,41 +848,51 @@
797
848
 {
798
849
 	struct gsm_msg *msg;
799
850
 	u8 *dp;
800
-	int len, total_size, size;
801
-	int h = dlci->adaption - 1;
851
+	int h, len, size;
802
852
 
803
-	total_size = 0;
804
-	while (1) {
805
-		len = kfifo_len(dlci->fifo);
806
-		if (len == 0)
807
-			return total_size;
853
+	/* for modem bits without break data */
854
+	h = ((dlci->adaption == 1) ? 0 : 1);
808
855
 
809
-		/* MTU/MRU count only the data bits */
810
-		if (len > gsm->mtu)
811
-			len = gsm->mtu;
856
+	len = kfifo_len(&dlci->fifo);
857
+	if (len == 0)
858
+		return 0;
812
859
 
813
-		size = len + h;
860
+	/* MTU/MRU count only the data bits but watch adaption mode */
861
+	if ((len + h) > gsm->mtu)
862
+		len = gsm->mtu - h;
814
863
 
815
-		msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
816
-		/* FIXME: need a timer or something to kick this so it can't
817
-		   get stuck with no work outstanding and no buffer free */
818
-		if (msg == NULL)
819
-			return -ENOMEM;
820
-		dp = msg->data;
821
-		switch (dlci->adaption) {
822
-		case 1:	/* Unstructured */
823
-			break;
824
-		case 2:	/* Unstructed with modem bits.
825
-		Always one byte as we never send inline break data */
826
-			*dp++ = gsm_encode_modem(dlci);
827
-			break;
828
-		}
829
-		WARN_ON(kfifo_out_locked(dlci->fifo, dp , len, &dlci->lock) != len);
830
-		__gsm_data_queue(dlci, msg);
831
-		total_size += size;
864
+	size = len + h;
865
+
866
+	msg = gsm_data_alloc(gsm, dlci->addr, size, gsm->ftype);
867
+	/* FIXME: need a timer or something to kick this so it can't
868
+	 * get stuck with no work outstanding and no buffer free
869
+	 */
870
+	if (!msg)
871
+		return -ENOMEM;
872
+	dp = msg->data;
873
+	switch (dlci->adaption) {
874
+	case 1: /* Unstructured */
875
+		break;
876
+	case 2: /* Unstructured with modem bits.
877
+		 * Always one byte as we never send inline break data
878
+		 */
879
+		*dp++ = (gsm_encode_modem(dlci) << 1) | EA;
880
+		break;
881
+	default:
882
+		pr_err("%s: unsupported adaption %d\n", __func__,
883
+		       dlci->adaption);
884
+		break;
832
885
 	}
886
+
887
+	WARN_ON(len != kfifo_out_locked(&dlci->fifo, dp, len,
888
+		&dlci->lock));
889
+
890
+	/* Notify upper layer about available send space. */
891
+	tty_port_tty_wakeup(&dlci->port);
892
+
893
+	__gsm_data_queue(dlci, msg);
833
894
 	/* Bytes of data we used up */
834
-	return total_size;
895
+	return size;
835
896
 }
836
897
 
837
898
 /**
..
..
@@ -994,7 +1055,7 @@
994
1055
  *	Encode up and queue a UI/UIH frame containing our response.
995
1056
  */
996
1057
 
997
-static void gsm_control_reply(struct gsm_mux *gsm, int cmd, u8 *data,
1058
+static void gsm_control_reply(struct gsm_mux *gsm, int cmd, const u8 *data,
998
1059
 					int dlen)
999
1060
 {
1000
1061
 	struct gsm_msg *msg;
..
..
@@ -1040,9 +1101,9 @@
1040
1101
 	fc = (modem & MDM_FC) || !(modem & MDM_RTR);
1041
1102
 	if (fc && !dlci->constipated) {
1042
1103
 		/* Need to throttle our output on this device */
1043
-		dlci->constipated = 1;
1104
+		dlci->constipated = true;
1044
1105
 	} else if (!fc && dlci->constipated) {
1045
-		dlci->constipated = 0;
1106
+		dlci->constipated = false;
1046
1107
 		gsm_dlci_data_kick(dlci);
1047
1108
 	}
1048
1109
 
..
..
@@ -1079,14 +1140,14 @@
1079
1140
  *	and if need be stuff a break message down the tty.
1080
1141
  */
1081
1142
 
1082
-static void gsm_control_modem(struct gsm_mux *gsm, u8 *data, int clen)
1143
+static void gsm_control_modem(struct gsm_mux *gsm, const u8 *data, int clen)
1083
1144
 {
1084
1145
 	unsigned int addr = 0;
1085
1146
 	unsigned int modem = 0;
1086
1147
 	unsigned int brk = 0;
1087
1148
 	struct gsm_dlci *dlci;
1088
1149
 	int len = clen;
1089
-	u8 *dp = data;
1150
+	const u8 *dp = data;
1090
1151
 	struct tty_struct *tty;
1091
1152
 
1092
1153
 	while (gsm_read_ea(&addr, *dp++) == 0) {
..
..
@@ -1140,13 +1201,13 @@
1140
1201
  *	this into the uplink tty if present
1141
1202
  */
1142
1203
 
1143
-static void gsm_control_rls(struct gsm_mux *gsm, u8 *data, int clen)
1204
+static void gsm_control_rls(struct gsm_mux *gsm, const u8 *data, int clen)
1144
1205
 {
1145
1206
 	struct tty_port *port;
1146
1207
 	unsigned int addr = 0;
1147
1208
 	u8 bits;
1148
1209
 	int len = clen;
1149
-	u8 *dp = data;
1210
+	const u8 *dp = data;
1150
1211
 
1151
1212
 	while (gsm_read_ea(&addr, *dp++) == 0) {
1152
1213
 		len--;
..
..
@@ -1195,7 +1256,7 @@
1195
1256
  */
1196
1257
 
1197
1258
 static void gsm_control_message(struct gsm_mux *gsm, unsigned int command,
1198
-							u8 *data, int clen)
1259
+						const u8 *data, int clen)
1199
1260
 {
1200
1261
 	u8 buf[1];
1201
1262
 	unsigned long flags;
..
..
@@ -1205,8 +1266,8 @@
1205
1266
 		struct gsm_dlci *dlci = gsm->dlci[0];
1206
1267
 		/* Modem wishes to close down */
1207
1268
 		if (dlci) {
1208
-			dlci->dead = 1;
1209
-			gsm->dead = 1;
1269
+			dlci->dead = true;
1270
+			gsm->dead = true;
1210
1271
 			gsm_dlci_begin_close(dlci);
1211
1272
 		}
1212
1273
 		}
..
..
@@ -1217,7 +1278,7 @@
1217
1278
 		break;
1218
1279
 	case CMD_FCON:
1219
1280
 		/* Modem can accept data again */
1220
-		gsm->constipated = 0;
1281
+		gsm->constipated = false;
1221
1282
 		gsm_control_reply(gsm, CMD_FCON, NULL, 0);
1222
1283
 		/* Kick the link in case it is idling */
1223
1284
 		spin_lock_irqsave(&gsm->tx_lock, flags);
..
..
@@ -1226,7 +1287,7 @@
1226
1287
 		break;
1227
1288
 	case CMD_FCOFF:
1228
1289
 		/* Modem wants us to STFU */
1229
-		gsm->constipated = 1;
1290
+		gsm->constipated = true;
1230
1291
 		gsm_control_reply(gsm, CMD_FCOFF, NULL, 0);
1231
1292
 		break;
1232
1293
 	case CMD_MSC:
..
..
@@ -1267,7 +1328,7 @@
1267
1328
  */
1268
1329
 
1269
1330
 static void gsm_control_response(struct gsm_mux *gsm, unsigned int command,
1270
-							u8 *data, int clen)
1331
+						const u8 *data, int clen)
1271
1332
 {
1272
1333
 	struct gsm_control *ctrl;
1273
1334
 	unsigned long flags;
..
..
@@ -1300,17 +1361,18 @@
1300
1361
 
1301
1362
 static void gsm_control_transmit(struct gsm_mux *gsm, struct gsm_control *ctrl)
1302
1363
 {
1303
-	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 1, gsm->ftype);
1364
+	struct gsm_msg *msg = gsm_data_alloc(gsm, 0, ctrl->len + 2, gsm->ftype);
1304
1365
 	if (msg == NULL)
1305
1366
 		return;
1306
-	msg->data[0] = (ctrl->cmd << 1) | 2 | EA;	/* command */
1307
-	memcpy(msg->data + 1, ctrl->data, ctrl->len);
1367
+	msg->data[0] = (ctrl->cmd << 1) | CR | EA;	/* command */
1368
+	msg->data[1] = (ctrl->len << 1) | EA;
1369
+	memcpy(msg->data + 2, ctrl->data, ctrl->len);
1308
1370
 	gsm_data_queue(gsm->dlci[0], msg);
1309
1371
 }
1310
1372
 
1311
1373
 /**
1312
1374
  *	gsm_control_retransmit	-	retransmit a control frame
1313
- *	@data: pointer to our gsm object
1375
+ *	@t: timer contained in our gsm object
1314
1376
  *
1315
1377
  *	Called off the T2 timer expiry in order to retransmit control frames
1316
1378
  *	that have been lost in the system somewhere. The control_lock protects
..
..
@@ -1327,8 +1389,7 @@
1327
1389
 	spin_lock_irqsave(&gsm->control_lock, flags);
1328
1390
 	ctrl = gsm->pending_cmd;
1329
1391
 	if (ctrl) {
1330
-		gsm->cretries--;
1331
-		if (gsm->cretries == 0) {
1392
+		if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
1332
1393
 			gsm->pending_cmd = NULL;
1333
1394
 			ctrl->error = -ETIMEDOUT;
1334
1395
 			ctrl->done = 1;
..
..
@@ -1336,6 +1397,7 @@
1336
1397
 			wake_up(&gsm->event);
1337
1398
 			return;
1338
1399
 		}
1400
+		gsm->cretries--;
1339
1401
 		gsm_control_transmit(gsm, ctrl);
1340
1402
 		mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1341
1403
 	}
..
..
@@ -1347,7 +1409,7 @@
1347
1409
  *	@gsm: the GSM channel
1348
1410
  *	@command: command  to send including CR bit
1349
1411
  *	@data: bytes of data (must be kmalloced)
1350
- *	@len: length of the block to send
1412
+ *	@clen: length of the block to send
1351
1413
  *
1352
1414
  *	Queue and dispatch a control command. Only one command can be
1353
1415
  *	active at a time. In theory more can be outstanding but the matching
..
..
@@ -1358,7 +1420,7 @@
1358
1420
 		unsigned int command, u8 *data, int clen)
1359
1421
 {
1360
1422
 	struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
1361
-						GFP_KERNEL);
1423
+						GFP_ATOMIC);
1362
1424
 	unsigned long flags;
1363
1425
 	if (ctrl == NULL)
1364
1426
 		return NULL;
..
..
@@ -1376,7 +1438,7 @@
1376
1438
 
1377
1439
 	/* If DLCI0 is in ADM mode skip retries, it won't respond */
1378
1440
 	if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1379
-		gsm->cretries = 1;
1441
+		gsm->cretries = 0;
1380
1442
 	else
1381
1443
 		gsm->cretries = gsm->n2;
1382
1444
 
..
..
@@ -1424,15 +1486,24 @@
1424
1486
 
1425
1487
 static void gsm_dlci_close(struct gsm_dlci *dlci)
1426
1488
 {
1489
+	unsigned long flags;
1490
+
1427
1491
 	del_timer(&dlci->t1);
1428
1492
 	if (debug & 8)
1429
1493
 		pr_debug("DLCI %d goes closed.\n", dlci->addr);
1430
1494
 	dlci->state = DLCI_CLOSED;
1495
+	/* Prevent us from sending data before the link is up again */
1496
+	dlci->constipated = true;
1431
1497
 	if (dlci->addr != 0) {
1432
1498
 		tty_port_tty_hangup(&dlci->port, false);
1433
-		kfifo_reset(dlci->fifo);
1499
+		spin_lock_irqsave(&dlci->lock, flags);
1500
+		kfifo_reset(&dlci->fifo);
1501
+		spin_unlock_irqrestore(&dlci->lock, flags);
1502
+		/* Ensure that gsmtty_open() can return. */
1503
+		tty_port_set_initialized(&dlci->port, 0);
1504
+		wake_up_interruptible(&dlci->port.open_wait);
1434
1505
 	} else
1435
-		dlci->gsm->dead = 1;
1506
+		dlci->gsm->dead = true;
1436
1507
 	wake_up(&dlci->gsm->event);
1437
1508
 	/* A DLCI 0 close is a MUX termination so we need to kick that
1438
1509
 	   back to userspace somehow */
..
..
@@ -1452,6 +1523,7 @@
1452
1523
 	del_timer(&dlci->t1);
1453
1524
 	/* This will let a tty open continue */
1454
1525
 	dlci->state = DLCI_OPEN;
1526
+	dlci->constipated = false;
1455
1527
 	if (debug & 8)
1456
1528
 		pr_debug("DLCI %d goes open.\n", dlci->addr);
1457
1529
 	wake_up(&dlci->gsm->event);
..
..
@@ -1459,7 +1531,7 @@
1459
1531
 
1460
1532
 /**
1461
1533
  *	gsm_dlci_t1		-	T1 timer expiry
1462
- *	@dlci: DLCI that opened
1534
+ *	@t: timer contained in the DLCI that opened
1463
1535
  *
1464
1536
  *	The T1 timer handles retransmits of control frames (essentially of
1465
1537
  *	SABM and DISC). We resend the command until the retry count runs out
..
..
@@ -1479,8 +1551,8 @@
1479
1551
 
1480
1552
 	switch (dlci->state) {
1481
1553
 	case DLCI_OPENING:
1482
-		dlci->retries--;
1483
1554
 		if (dlci->retries) {
1555
+			dlci->retries--;
1484
1556
 			gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1485
1557
 			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1486
1558
 		} else if (!dlci->addr && gsm->control == (DM | PF)) {
..
..
@@ -1495,12 +1567,15 @@
1495
1567
 
1496
1568
 		break;
1497
1569
 	case DLCI_CLOSING:
1498
-		dlci->retries--;
1499
1570
 		if (dlci->retries) {
1571
+			dlci->retries--;
1500
1572
 			gsm_command(dlci->gsm, dlci->addr, DISC|PF);
1501
1573
 			mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1502
1574
 		} else
1503
1575
 			gsm_dlci_close(dlci);
1576
+		break;
1577
+	default:
1578
+		pr_debug("%s: unhandled state: %d\n", __func__, dlci->state);
1504
1579
 		break;
1505
1580
 	}
1506
1581
 }
..
..
@@ -1524,6 +1599,25 @@
1524
1599
 	dlci->state = DLCI_OPENING;
1525
1600
 	gsm_command(dlci->gsm, dlci->addr, SABM|PF);
1526
1601
 	mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
1602
+}
1603
+
1604
+/**
1605
+ *	gsm_dlci_set_opening	-	change state to opening
1606
+ *	@dlci: DLCI to open
1607
+ *
1608
+ *	Change internal state to wait for DLCI open from initiator side.
1609
+ *	We set off timers and responses upon reception of an SABM.
1610
+ */
1611
+static void gsm_dlci_set_opening(struct gsm_dlci *dlci)
1612
+{
1613
+	switch (dlci->state) {
1614
+	case DLCI_CLOSED:
1615
+	case DLCI_CLOSING:
1616
+		dlci->state = DLCI_OPENING;
1617
+		break;
1618
+	default:
1619
+		break;
1620
+	}
1527
1621
 }
1528
1622
 
1529
1623
 /**
..
..
@@ -1552,14 +1646,14 @@
1552
1646
  *	gsm_dlci_data		-	data arrived
1553
1647
  *	@dlci: channel
1554
1648
  *	@data: block of bytes received
1555
- *	@len: length of received block
1649
+ *	@clen: length of received block
1556
1650
  *
1557
1651
  *	A UI or UIH frame has arrived which contains data for a channel
1558
1652
  *	other than the control channel. If the relevant virtual tty is
1559
1653
  *	open we shovel the bits down it, if not we drop them.
1560
1654
  */
1561
1655
 
1562
-static void gsm_dlci_data(struct gsm_dlci *dlci, u8 *data, int clen)
1656
+static void gsm_dlci_data(struct gsm_dlci *dlci, const u8 *data, int clen)
1563
1657
 {
1564
1658
 	/* krefs .. */
1565
1659
 	struct tty_port *port = &dlci->port;
..
..
@@ -1571,14 +1665,11 @@
1571
1665
 		pr_debug("%d bytes for tty\n", len);
1572
1666
 	switch (dlci->adaption)  {
1573
1667
 	/* Unsupported types */
1574
-	/* Packetised interruptible data */
1575
-	case 4:
1668
+	case 4:		/* Packetised interruptible data */
1576
1669
 		break;
1577
-	/* Packetised uininterruptible voice/data */
1578
-	case 3:
1670
+	case 3:		/* Packetised uininterruptible voice/data */
1579
1671
 		break;
1580
-	/* Asynchronous serial with line state in each frame */
1581
-	case 2:
1672
+	case 2:		/* Asynchronous serial with line state in each frame */
1582
1673
 		while (gsm_read_ea(&modem, *data++) == 0) {
1583
1674
 			len--;
1584
1675
 			if (len == 0)
..
..
@@ -1589,8 +1680,8 @@
1589
1680
 			gsm_process_modem(tty, dlci, modem, clen);
1590
1681
 			tty_kref_put(tty);
1591
1682
 		}
1592
-	/* Line state will go via DLCI 0 controls only */
1593
-	case 1:
1683
+		fallthrough;
1684
+	case 1:		/* Line state will go via DLCI 0 controls only */
1594
1685
 	default:
1595
1686
 		tty_insert_flip_string(port, data, len);
1596
1687
 		tty_flip_buffer_push(port);
..
..
@@ -1609,7 +1700,7 @@
1609
1700
  *	and we divide up the work accordingly.
1610
1701
  */
1611
1702
 
1612
-static void gsm_dlci_command(struct gsm_dlci *dlci, u8 *data, int len)
1703
+static void gsm_dlci_command(struct gsm_dlci *dlci, const u8 *data, int len)
1613
1704
 {
1614
1705
 	/* See what command is involved */
1615
1706
 	unsigned int command = 0;
..
..
@@ -1654,8 +1745,7 @@
1654
1745
 		return NULL;
1655
1746
 	spin_lock_init(&dlci->lock);
1656
1747
 	mutex_init(&dlci->mutex);
1657
-	dlci->fifo = &dlci->_fifo;
1658
-	if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
1748
+	if (kfifo_alloc(&dlci->fifo, 4096, GFP_KERNEL) < 0) {
1659
1749
 		kfree(dlci);
1660
1750
 		return NULL;
1661
1751
 	}
..
..
@@ -1668,17 +1758,20 @@
1668
1758
 	dlci->addr = addr;
1669
1759
 	dlci->adaption = gsm->adaption;
1670
1760
 	dlci->state = DLCI_CLOSED;
1671
-	if (addr)
1761
+	if (addr) {
1672
1762
 		dlci->data = gsm_dlci_data;
1673
-	else
1763
+		/* Prevent us from sending data before the link is up */
1764
+		dlci->constipated = true;
1765
+	} else {
1674
1766
 		dlci->data = gsm_dlci_command;
1767
+	}
1675
1768
 	gsm->dlci[addr] = dlci;
1676
1769
 	return dlci;
1677
1770
 }
1678
1771
 
1679
1772
 /**
1680
1773
  *	gsm_dlci_free		-	free DLCI
1681
- *	@dlci: DLCI to free
1774
+ *	@port: tty port for DLCI to free
1682
1775
  *
1683
1776
  *	Free up a DLCI.
1684
1777
  *
..
..
@@ -1690,7 +1783,7 @@
1690
1783
 
1691
1784
 	del_timer_sync(&dlci->t1);
1692
1785
 	dlci->gsm->dlci[dlci->addr] = NULL;
1693
-	kfifo_free(dlci->fifo);
1786
+	kfifo_free(&dlci->fifo);
1694
1787
 	while ((dlci->skb = skb_dequeue(&dlci->skb_list)))
1695
1788
 		dev_kfree_skb(dlci->skb);
1696
1789
 	kfree(dlci);
..
..
@@ -1725,6 +1818,11 @@
1725
1818
 		gsm_destroy_network(dlci);
1726
1819
 		mutex_unlock(&dlci->mutex);
1727
1820
 
1821
+		/* We cannot use tty_hangup() because in tty_kref_put() the tty
1822
+		 * driver assumes that the hangup queue is free and reuses it to
1823
+		 * queue release_one_tty() -> NULL pointer panic in
1824
+		 * process_one_work().
1825
+		 */
1728
1826
 		tty_vhangup(tty);
1729
1827
 
1730
1828
 		tty_port_tty_set(&dlci->port, NULL);
..
..
@@ -1808,7 +1906,6 @@
1808
1906
 		gsm_response(gsm, address, UA);
1809
1907
 		gsm_dlci_close(dlci);
1810
1908
 		break;
1811
-	case UA:
1812
1909
 	case UA|PF:
1813
1910
 		if (cr == 0 || dlci == NULL)
1814
1911
 			break;
..
..
@@ -1818,6 +1915,10 @@
1818
1915
 			break;
1819
1916
 		case DLCI_OPENING:
1820
1917
 			gsm_dlci_open(dlci);
1918
+			break;
1919
+		default:
1920
+			pr_debug("%s: unhandled state: %d\n", __func__,
1921
+					dlci->state);
1821
1922
 			break;
1822
1923
 		}
1823
1924
 		break;
..
..
@@ -1838,7 +1939,7 @@
1838
1939
 			goto invalid;
1839
1940
 #endif
1840
1941
 		if (dlci == NULL || dlci->state != DLCI_OPEN) {
1841
-			gsm_command(gsm, address, DM|PF);
1942
+			gsm_response(gsm, address, DM|PF);
1842
1943
 			return;
1843
1944
 		}
1844
1945
 		dlci->data(dlci, gsm->buf, gsm->len);
..
..
@@ -1932,6 +2033,9 @@
1932
2033
 			break;
1933
2034
 		}
1934
2035
 		break;
2036
+	default:
2037
+		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2038
+		break;
1935
2039
 	}
1936
2040
 }
1937
2041
 
..
..
@@ -1945,6 +2049,16 @@
1945
2049
 
1946
2050
 static void gsm1_receive(struct gsm_mux *gsm, unsigned char c)
1947
2051
 {
2052
+	/* handle XON/XOFF */
2053
+	if ((c & ISO_IEC_646_MASK) == XON) {
2054
+		gsm->constipated = true;
2055
+		return;
2056
+	} else if ((c & ISO_IEC_646_MASK) == XOFF) {
2057
+		gsm->constipated = false;
2058
+		/* Kick the link in case it is idling */
2059
+		gsm_data_kick(gsm, NULL);
2060
+		return;
2061
+	}
1948
2062
 	if (c == GSM1_SOF) {
1949
2063
 		/* EOF is only valid in frame if we have got to the data state
1950
2064
 		   and received at least one byte (the FCS) */
..
..
@@ -1959,7 +2073,8 @@
1959
2073
 		}
1960
2074
 		/* Any partial frame was a runt so go back to start */
1961
2075
 		if (gsm->state != GSM_START) {
1962
-			gsm->malformed++;
2076
+			if (gsm->state != GSM_SEARCH)
2077
+				gsm->malformed++;
1963
2078
 			gsm->state = GSM_START;
1964
2079
 		}
1965
2080
 		/* A SOF in GSM_START means we are still reading idling or
..
..
@@ -1968,7 +2083,7 @@
1968
2083
 	}
1969
2084
 
1970
2085
 	if (c == GSM1_ESCAPE) {
1971
-		gsm->escape = 1;
2086
+		gsm->escape = true;
1972
2087
 		return;
1973
2088
 	}
1974
2089
 
..
..
@@ -1978,14 +2093,14 @@
1978
2093
 
1979
2094
 	if (gsm->escape) {
1980
2095
 		c ^= GSM1_ESCAPE_BITS;
1981
-		gsm->escape = 0;
2096
+		gsm->escape = false;
1982
2097
 	}
1983
2098
 	switch (gsm->state) {
1984
2099
 	case GSM_START:		/* First byte after SOF */
1985
2100
 		gsm->address = 0;
1986
2101
 		gsm->state = GSM_ADDRESS;
1987
2102
 		gsm->fcs = INIT_FCS;
1988
-		/* Drop through */
2103
+		fallthrough;
1989
2104
 	case GSM_ADDRESS:	/* Address continuation */
1990
2105
 		gsm->fcs = gsm_fcs_add(gsm->fcs, c);
1991
2106
 		if (gsm_read_ea(&gsm->address, c))
..
..
@@ -2005,6 +2120,9 @@
2005
2120
 			gsm->buf[gsm->count++] = c;
2006
2121
 		break;
2007
2122
 	case GSM_OVERRUN:	/* Over-long - eg a dropped SOF */
2123
+		break;
2124
+	default:
2125
+		pr_debug("%s: unhandled state: %d\n", __func__, gsm->state);
2008
2126
 		break;
2009
2127
 	}
2010
2128
 }
..
..
@@ -2028,74 +2146,46 @@
2028
2146
 	gsm->io_error++;
2029
2147
 }
2030
2148
 
2031
-static int gsm_disconnect(struct gsm_mux *gsm)
2032
-{
2033
-	struct gsm_dlci *dlci = gsm->dlci[0];
2034
-	struct gsm_control *gc;
2035
-
2036
-	if (!dlci)
2037
-		return 0;
2038
-
2039
-	/* In theory disconnecting DLCI 0 is sufficient but for some
2040
-	   modems this is apparently not the case. */
2041
-	gc = gsm_control_send(gsm, CMD_CLD, NULL, 0);
2042
-	if (gc)
2043
-		gsm_control_wait(gsm, gc);
2044
-
2045
-	del_timer_sync(&gsm->t2_timer);
2046
-	/* Now we are sure T2 has stopped */
2047
-
2048
-	gsm_dlci_begin_close(dlci);
2049
-	wait_event_interruptible(gsm->event,
2050
-				dlci->state == DLCI_CLOSED);
2051
-
2052
-	if (signal_pending(current))
2053
-		return -EINTR;
2054
-
2055
-	return 0;
2056
-}
2057
-
2058
2149
 /**
2059
2150
  *	gsm_cleanup_mux		-	generic GSM protocol cleanup
2060
2151
  *	@gsm: our mux
2152
+ *	@disc: disconnect link?
2061
2153
  *
2062
2154
  *	Clean up the bits of the mux which are the same for all framing
2063
2155
  *	protocols. Remove the mux from the mux table, stop all the timers
2064
2156
  *	and then shut down each device hanging up the channels as we go.
2065
2157
  */
2066
2158
 
2067
-static void gsm_cleanup_mux(struct gsm_mux *gsm)
2159
+static void gsm_cleanup_mux(struct gsm_mux *gsm, bool disc)
2068
2160
 {
2069
2161
 	int i;
2070
-	struct gsm_dlci *dlci = gsm->dlci[0];
2162
+	struct gsm_dlci *dlci;
2071
2163
 	struct gsm_msg *txq, *ntxq;
2072
2164
 
2073
-	gsm->dead = 1;
2074
-
2075
-	spin_lock(&gsm_mux_lock);
2076
-	for (i = 0; i < MAX_MUX; i++) {
2077
-		if (gsm_mux[i] == gsm) {
2078
-			gsm_mux[i] = NULL;
2079
-			break;
2080
-		}
2081
-	}
2082
-	spin_unlock(&gsm_mux_lock);
2083
-	/* open failed before registering => nothing to do */
2084
-	if (i == MAX_MUX)
2085
-		return;
2086
-
2087
-	del_timer_sync(&gsm->t2_timer);
2088
-	/* Now we are sure T2 has stopped */
2089
-	if (dlci)
2090
-		dlci->dead = 1;
2091
-
2092
-	/* Free up any link layer users */
2165
+	gsm->dead = true;
2093
2166
 	mutex_lock(&gsm->mutex);
2094
-	for (i = 0; i < NUM_DLCI; i++)
2095
-		if (gsm->dlci[i])
2167
+
2168
+	dlci = gsm->dlci[0];
2169
+	if (dlci) {
2170
+		if (disc && dlci->state != DLCI_CLOSED) {
2171
+			gsm_dlci_begin_close(dlci);
2172
+			wait_event(gsm->event, dlci->state == DLCI_CLOSED);
2173
+		}
2174
+		dlci->dead = true;
2175
+	}
2176
+
2177
+	/* Finish outstanding timers, making sure they are done */
2178
+	del_timer_sync(&gsm->t2_timer);
2179
+
2180
+	/* Free up any link layer users and finally the control channel */
2181
+	for (i = NUM_DLCI - 1; i >= 0; i--)
2182
+		if (gsm->dlci[i]) {
2096
2183
 			gsm_dlci_release(gsm->dlci[i]);
2184
+			gsm->dlci[i] = NULL;
2185
+		}
2097
2186
 	mutex_unlock(&gsm->mutex);
2098
2187
 	/* Now wipe the queues */
2188
+	tty_ldisc_flush(gsm->tty);
2099
2189
 	list_for_each_entry_safe(txq, ntxq, &gsm->tx_list, list)
2100
2190
 		kfree(txq);
2101
2191
 	INIT_LIST_HEAD(&gsm->tx_list);
..
..
@@ -2113,46 +2203,36 @@
2113
2203
 static int gsm_activate_mux(struct gsm_mux *gsm)
2114
2204
 {
2115
2205
 	struct gsm_dlci *dlci;
2116
-	int i = 0;
2117
-
2118
-	timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2119
-	init_waitqueue_head(&gsm->event);
2120
-	spin_lock_init(&gsm->control_lock);
2121
-	spin_lock_init(&gsm->tx_lock);
2122
2206
 
2123
2207
 	if (gsm->encoding == 0)
2124
2208
 		gsm->receive = gsm0_receive;
2125
2209
 	else
2126
2210
 		gsm->receive = gsm1_receive;
2127
-	gsm->error = gsm_error;
2128
-
2129
-	spin_lock(&gsm_mux_lock);
2130
-	for (i = 0; i < MAX_MUX; i++) {
2131
-		if (gsm_mux[i] == NULL) {
2132
-			gsm->num = i;
2133
-			gsm_mux[i] = gsm;
2134
-			break;
2135
-		}
2136
-	}
2137
-	spin_unlock(&gsm_mux_lock);
2138
-	if (i == MAX_MUX)
2139
-		return -EBUSY;
2140
2211
 
2141
2212
 	dlci = gsm_dlci_alloc(gsm, 0);
2142
2213
 	if (dlci == NULL)
2143
2214
 		return -ENOMEM;
2144
-	gsm->dead = 0;		/* Tty opens are now permissible */
2215
+	gsm->dead = false;		/* Tty opens are now permissible */
2145
2216
 	return 0;
2146
2217
 }
2147
2218
 
2148
2219
 /**
2149
2220
  *	gsm_free_mux		-	free up a mux
2150
- *	@mux: mux to free
2221
+ *	@gsm: mux to free
2151
2222
  *
2152
2223
  *	Dispose of allocated resources for a dead mux
2153
2224
  */
2154
2225
 static void gsm_free_mux(struct gsm_mux *gsm)
2155
2226
 {
2227
+	int i;
2228
+
2229
+	for (i = 0; i < MAX_MUX; i++) {
2230
+		if (gsm == gsm_mux[i]) {
2231
+			gsm_mux[i] = NULL;
2232
+			break;
2233
+		}
2234
+	}
2235
+	mutex_destroy(&gsm->mutex);
2156
2236
 	kfree(gsm->txframe);
2157
2237
 	kfree(gsm->buf);
2158
2238
 	kfree(gsm);
..
..
@@ -2160,7 +2240,7 @@
2160
2240
 
2161
2241
 /**
2162
2242
  *	gsm_free_muxr		-	free up a mux
2163
- *	@mux: mux to free
2243
+ *	@ref: kreference to the mux to free
2164
2244
  *
2165
2245
  *	Dispose of allocated resources for a dead mux
2166
2246
  */
..
..
@@ -2172,12 +2252,30 @@
2172
2252
 
2173
2253
 static inline void mux_get(struct gsm_mux *gsm)
2174
2254
 {
2255
+	unsigned long flags;
2256
+
2257
+	spin_lock_irqsave(&gsm_mux_lock, flags);
2175
2258
 	kref_get(&gsm->ref);
2259
+	spin_unlock_irqrestore(&gsm_mux_lock, flags);
2176
2260
 }
2177
2261
 
2178
2262
 static inline void mux_put(struct gsm_mux *gsm)
2179
2263
 {
2264
+	unsigned long flags;
2265
+
2266
+	spin_lock_irqsave(&gsm_mux_lock, flags);
2180
2267
 	kref_put(&gsm->ref, gsm_free_muxr);
2268
+	spin_unlock_irqrestore(&gsm_mux_lock, flags);
2269
+}
2270
+
2271
+static inline unsigned int mux_num_to_base(struct gsm_mux *gsm)
2272
+{
2273
+	return gsm->num * NUM_DLCI;
2274
+}
2275
+
2276
+static inline unsigned int mux_line_to_num(unsigned int line)
2277
+{
2278
+	return line / NUM_DLCI;
2181
2279
 }
2182
2280
 
2183
2281
 /**
..
..
@@ -2188,6 +2286,7 @@
2188
2286
 
2189
2287
 static struct gsm_mux *gsm_alloc_mux(void)
2190
2288
 {
2289
+	int i;
2191
2290
 	struct gsm_mux *gsm = kzalloc(sizeof(struct gsm_mux), GFP_KERNEL);
2192
2291
 	if (gsm == NULL)
2193
2292
 		return NULL;
..
..
@@ -2196,7 +2295,7 @@
2196
2295
 		kfree(gsm);
2197
2296
 		return NULL;
2198
2297
 	}
2199
-	gsm->txframe = kmalloc(2 * MAX_MRU + 2, GFP_KERNEL);
2298
+	gsm->txframe = kmalloc(2 * (MAX_MTU + PROT_OVERHEAD - 1), GFP_KERNEL);
2200
2299
 	if (gsm->txframe == NULL) {
2201
2300
 		kfree(gsm->buf);
2202
2301
 		kfree(gsm);
..
..
@@ -2206,6 +2305,10 @@
2206
2305
 	mutex_init(&gsm->mutex);
2207
2306
 	kref_init(&gsm->ref);
2208
2307
 	INIT_LIST_HEAD(&gsm->tx_list);
2308
+	timer_setup(&gsm->t2_timer, gsm_control_retransmit, 0);
2309
+	init_waitqueue_head(&gsm->event);
2310
+	spin_lock_init(&gsm->control_lock);
2311
+	spin_lock_init(&gsm->tx_lock);
2209
2312
 
2210
2313
 	gsm->t1 = T1;
2211
2314
 	gsm->t2 = T2;
..
..
@@ -2215,9 +2318,130 @@
2215
2318
 	gsm->encoding = 1;
2216
2319
 	gsm->mru = 64;	/* Default to encoding 1 so these should be 64 */
2217
2320
 	gsm->mtu = 64;
2218
-	gsm->dead = 1;	/* Avoid early tty opens */
2321
+	gsm->dead = true;	/* Avoid early tty opens */
2322
+
2323
+	/* Store the instance to the mux array or abort if no space is
2324
+	 * available.
2325
+	 */
2326
+	spin_lock(&gsm_mux_lock);
2327
+	for (i = 0; i < MAX_MUX; i++) {
2328
+		if (!gsm_mux[i]) {
2329
+			gsm_mux[i] = gsm;
2330
+			gsm->num = i;
2331
+			break;
2332
+		}
2333
+	}
2334
+	spin_unlock(&gsm_mux_lock);
2335
+	if (i == MAX_MUX) {
2336
+		mutex_destroy(&gsm->mutex);
2337
+		kfree(gsm->txframe);
2338
+		kfree(gsm->buf);
2339
+		kfree(gsm);
2340
+		return NULL;
2341
+	}
2219
2342
 
2220
2343
 	return gsm;
2344
+}
2345
+
2346
+static void gsm_copy_config_values(struct gsm_mux *gsm,
2347
+				   struct gsm_config *c)
2348
+{
2349
+	memset(c, 0, sizeof(*c));
2350
+	c->adaption = gsm->adaption;
2351
+	c->encapsulation = gsm->encoding;
2352
+	c->initiator = gsm->initiator;
2353
+	c->t1 = gsm->t1;
2354
+	c->t2 = gsm->t2;
2355
+	c->t3 = 0;	/* Not supported */
2356
+	c->n2 = gsm->n2;
2357
+	if (gsm->ftype == UIH)
2358
+		c->i = 1;
2359
+	else
2360
+		c->i = 2;
2361
+	pr_debug("Ftype %d i %d\n", gsm->ftype, c->i);
2362
+	c->mru = gsm->mru;
2363
+	c->mtu = gsm->mtu;
2364
+	c->k = 0;
2365
+}
2366
+
2367
+static int gsm_config(struct gsm_mux *gsm, struct gsm_config *c)
2368
+{
2369
+	int ret = 0;
2370
+	int need_close = 0;
2371
+	int need_restart = 0;
2372
+
2373
+	/* Stuff we don't support yet - UI or I frame transport, windowing */
2374
+	if ((c->adaption != 1 && c->adaption != 2) || c->k)
2375
+		return -EOPNOTSUPP;
2376
+	/* Check the MRU/MTU range looks sane */
2377
+	if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2378
+		return -EINVAL;
2379
+	if (c->n2 > 255)
2380
+		return -EINVAL;
2381
+	if (c->encapsulation > 1)	/* Basic, advanced, no I */
2382
+		return -EINVAL;
2383
+	if (c->initiator > 1)
2384
+		return -EINVAL;
2385
+	if (c->i == 0 || c->i > 2)	/* UIH and UI only */
2386
+		return -EINVAL;
2387
+	/*
2388
+	 * See what is needed for reconfiguration
2389
+	 */
2390
+
2391
+	/* Timing fields */
2392
+	if (c->t1 != 0 && c->t1 != gsm->t1)
2393
+		need_restart = 1;
2394
+	if (c->t2 != 0 && c->t2 != gsm->t2)
2395
+		need_restart = 1;
2396
+	if (c->encapsulation != gsm->encoding)
2397
+		need_restart = 1;
2398
+	if (c->adaption != gsm->adaption)
2399
+		need_restart = 1;
2400
+	/* Requires care */
2401
+	if (c->initiator != gsm->initiator)
2402
+		need_close = 1;
2403
+	if (c->mru != gsm->mru)
2404
+		need_restart = 1;
2405
+	if (c->mtu != gsm->mtu)
2406
+		need_restart = 1;
2407
+
2408
+	/*
2409
+	 * Close down what is needed, restart and initiate the new
2410
+	 * configuration. On the first time there is no DLCI[0]
2411
+	 * and closing or cleaning up is not necessary.
2412
+	 */
2413
+	if (need_close || need_restart)
2414
+		gsm_cleanup_mux(gsm, true);
2415
+
2416
+	gsm->initiator = c->initiator;
2417
+	gsm->mru = c->mru;
2418
+	gsm->mtu = c->mtu;
2419
+	gsm->encoding = c->encapsulation;
2420
+	gsm->adaption = c->adaption;
2421
+	gsm->n2 = c->n2;
2422
+
2423
+	if (c->i == 1)
2424
+		gsm->ftype = UIH;
2425
+	else if (c->i == 2)
2426
+		gsm->ftype = UI;
2427
+
2428
+	if (c->t1)
2429
+		gsm->t1 = c->t1;
2430
+	if (c->t2)
2431
+		gsm->t2 = c->t2;
2432
+
2433
+	/*
2434
+	 * FIXME: We need to separate activation/deactivation from adding
2435
+	 * and removing from the mux array
2436
+	 */
2437
+	if (gsm->dead) {
2438
+		ret = gsm_activate_mux(gsm);
2439
+		if (ret)
2440
+			return ret;
2441
+		if (gsm->initiator)
2442
+			gsm_dlci_begin_open(gsm->dlci[0]);
2443
+	}
2444
+	return 0;
2221
2445
 }
2222
2446
 
2223
2447
 /**
..
..
@@ -2255,19 +2479,32 @@
2255
2479
 
2256
2480
 static int gsmld_attach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2257
2481
 {
2258
-	int ret, i, base;
2482
+	unsigned int base;
2483
+	int ret, i;
2259
2484
 
2260
2485
 	gsm->tty = tty_kref_get(tty);
2261
-	gsm->output = gsmld_output;
2486
+	/* Turn off tty XON/XOFF handling to handle it explicitly. */
2487
+	gsm->old_c_iflag = tty->termios.c_iflag;
2488
+	tty->termios.c_iflag &= (IXON | IXOFF);
2262
2489
 	ret =  gsm_activate_mux(gsm);
2263
2490
 	if (ret != 0)
2264
2491
 		tty_kref_put(gsm->tty);
2265
2492
 	else {
2266
2493
 		/* Don't register device 0 - this is the control channel and not
2267
2494
 		   a usable tty interface */
2268
-		base = gsm->num << 6; /* Base for this MUX */
2269
-		for (i = 1; i < NUM_DLCI; i++)
2270
-			tty_register_device(gsm_tty_driver, base + i, NULL);
2495
+		base = mux_num_to_base(gsm); /* Base for this MUX */
2496
+		for (i = 1; i < NUM_DLCI; i++) {
2497
+			struct device *dev;
2498
+
2499
+			dev = tty_register_device(gsm_tty_driver,
2500
+							base + i, NULL);
2501
+			if (IS_ERR(dev)) {
2502
+				for (i--; i >= 1; i--)
2503
+					tty_unregister_device(gsm_tty_driver,
2504
+								base + i);
2505
+				return PTR_ERR(dev);
2506
+			}
2507
+		}
2271
2508
 	}
2272
2509
 	return ret;
2273
2510
 }
..
..
@@ -2283,13 +2520,14 @@
2283
2520
 
2284
2521
 static void gsmld_detach_gsm(struct tty_struct *tty, struct gsm_mux *gsm)
2285
2522
 {
2523
+	unsigned int base = mux_num_to_base(gsm); /* Base for this MUX */
2286
2524
 	int i;
2287
-	int base = gsm->num << 6; /* Base for this MUX */
2288
2525
 
2289
2526
 	WARN_ON(tty != gsm->tty);
2290
2527
 	for (i = 1; i < NUM_DLCI; i++)
2291
2528
 		tty_unregister_device(gsm_tty_driver, base + i);
2292
-	gsm_cleanup_mux(gsm);
2529
+	/* Restore tty XON/XOFF handling. */
2530
+	gsm->tty->termios.c_iflag = gsm->old_c_iflag;
2293
2531
 	tty_kref_put(gsm->tty);
2294
2532
 	gsm->tty = NULL;
2295
2533
 }
..
..
@@ -2318,7 +2556,7 @@
2318
2556
 		case TTY_BREAK:
2319
2557
 		case TTY_PARITY:
2320
2558
 		case TTY_FRAME:
2321
-			gsm->error(gsm, *dp, flags);
2559
+			gsm_error(gsm, *dp, flags);
2322
2560
 			break;
2323
2561
 		default:
2324
2562
 			WARN_ONCE(1, "%s: unknown flag %d\n",
..
..
@@ -2356,6 +2594,12 @@
2356
2594
 static void gsmld_close(struct tty_struct *tty)
2357
2595
 {
2358
2596
 	struct gsm_mux *gsm = tty->disc_data;
2597
+
2598
+	/* The ldisc locks and closes the port before calling our close. This
2599
+	 * means we have no way to do a proper disconnect. We will not bother
2600
+	 * to do one.
2601
+	 */
2602
+	gsm_cleanup_mux(gsm, false);
2359
2603
 
2360
2604
 	gsmld_detach_gsm(tty, gsm);
2361
2605
 
..
..
@@ -2395,7 +2639,7 @@
2395
2639
 
2396
2640
 	ret = gsmld_attach_gsm(tty, gsm);
2397
2641
 	if (ret != 0) {
2398
-		gsm_cleanup_mux(gsm);
2642
+		gsm_cleanup_mux(gsm, false);
2399
2643
 		mux_put(gsm);
2400
2644
 	}
2401
2645
 	return ret;
..
..
@@ -2441,7 +2685,8 @@
2441
2685
  */
2442
2686
 
2443
2687
 static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
2444
-			 unsigned char __user *buf, size_t nr)
2688
+			  unsigned char *buf, size_t nr,
2689
+			  void **cookie, unsigned long offset)
2445
2690
 {
2446
2691
 	return -EOPNOTSUPP;
2447
2692
 }
..
..
@@ -2463,11 +2708,24 @@
2463
2708
 static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
2464
2709
 			   const unsigned char *buf, size_t nr)
2465
2710
 {
2466
-	int space = tty_write_room(tty);
2711
+	struct gsm_mux *gsm = tty->disc_data;
2712
+	unsigned long flags;
2713
+	int space;
2714
+	int ret;
2715
+
2716
+	if (!gsm)
2717
+		return -ENODEV;
2718
+
2719
+	ret = -ENOBUFS;
2720
+	spin_lock_irqsave(&gsm->tx_lock, flags);
2721
+	space = tty_write_room(tty);
2467
2722
 	if (space >= nr)
2468
-		return tty->ops->write(tty, buf, nr);
2469
-	set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2470
-	return -ENOBUFS;
2723
+		ret = tty->ops->write(tty, buf, nr);
2724
+	else
2725
+		set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2726
+	spin_unlock_irqrestore(&gsm->tx_lock, flags);
2727
+
2728
+	return ret;
2471
2729
 }
2472
2730
 
2473
2731
 /**
..
..
@@ -2492,96 +2750,16 @@
2492
2750
 
2493
2751
 	poll_wait(file, &tty->read_wait, wait);
2494
2752
 	poll_wait(file, &tty->write_wait, wait);
2753
+
2754
+	if (gsm->dead)
2755
+		mask |= EPOLLHUP;
2495
2756
 	if (tty_hung_up_p(file))
2757
+		mask |= EPOLLHUP;
2758
+	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2496
2759
 		mask |= EPOLLHUP;
2497
2760
 	if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
2498
2761
 		mask |= EPOLLOUT | EPOLLWRNORM;
2499
-	if (gsm->dead)
2500
-		mask |= EPOLLHUP;
2501
2762
 	return mask;
2502
-}
2503
-
2504
-static int gsmld_config(struct tty_struct *tty, struct gsm_mux *gsm,
2505
-							struct gsm_config *c)
2506
-{
2507
-	int need_close = 0;
2508
-	int need_restart = 0;
2509
-
2510
-	/* Stuff we don't support yet - UI or I frame transport, windowing */
2511
-	if ((c->adaption != 1 && c->adaption != 2) || c->k)
2512
-		return -EOPNOTSUPP;
2513
-	/* Check the MRU/MTU range looks sane */
2514
-	if (c->mru > MAX_MRU || c->mtu > MAX_MTU || c->mru < 8 || c->mtu < 8)
2515
-		return -EINVAL;
2516
-	if (c->n2 < 3)
2517
-		return -EINVAL;
2518
-	if (c->encapsulation > 1)	/* Basic, advanced, no I */
2519
-		return -EINVAL;
2520
-	if (c->initiator > 1)
2521
-		return -EINVAL;
2522
-	if (c->i == 0 || c->i > 2)	/* UIH and UI only */
2523
-		return -EINVAL;
2524
-	/*
2525
-	 *	See what is needed for reconfiguration
2526
-	 */
2527
-
2528
-	/* Timing fields */
2529
-	if (c->t1 != 0 && c->t1 != gsm->t1)
2530
-		need_restart = 1;
2531
-	if (c->t2 != 0 && c->t2 != gsm->t2)
2532
-		need_restart = 1;
2533
-	if (c->encapsulation != gsm->encoding)
2534
-		need_restart = 1;
2535
-	if (c->adaption != gsm->adaption)
2536
-		need_restart = 1;
2537
-	/* Requires care */
2538
-	if (c->initiator != gsm->initiator)
2539
-		need_close = 1;
2540
-	if (c->mru != gsm->mru)
2541
-		need_restart = 1;
2542
-	if (c->mtu != gsm->mtu)
2543
-		need_restart = 1;
2544
-
2545
-	/*
2546
-	 *	Close down what is needed, restart and initiate the new
2547
-	 *	configuration
2548
-	 */
2549
-
2550
-	if (need_close || need_restart) {
2551
-		int ret;
2552
-
2553
-		ret = gsm_disconnect(gsm);
2554
-
2555
-		if (ret)
2556
-			return ret;
2557
-	}
2558
-	if (need_restart)
2559
-		gsm_cleanup_mux(gsm);
2560
-
2561
-	gsm->initiator = c->initiator;
2562
-	gsm->mru = c->mru;
2563
-	gsm->mtu = c->mtu;
2564
-	gsm->encoding = c->encapsulation;
2565
-	gsm->adaption = c->adaption;
2566
-	gsm->n2 = c->n2;
2567
-
2568
-	if (c->i == 1)
2569
-		gsm->ftype = UIH;
2570
-	else if (c->i == 2)
2571
-		gsm->ftype = UI;
2572
-
2573
-	if (c->t1)
2574
-		gsm->t1 = c->t1;
2575
-	if (c->t2)
2576
-		gsm->t2 = c->t2;
2577
-
2578
-	/* FIXME: We need to separate activation/deactivation from adding
2579
-	   and removing from the mux array */
2580
-	if (need_restart)
2581
-		gsm_activate_mux(gsm);
2582
-	if (gsm->initiator && need_close)
2583
-		gsm_dlci_begin_open(gsm->dlci[0]);
2584
-	return 0;
2585
2763
 }
2586
2764
 
2587
2765
 static int gsmld_ioctl(struct tty_struct *tty, struct file *file,
..
..
@@ -2589,44 +2767,25 @@
2589
2767
 {
2590
2768
 	struct gsm_config c;
2591
2769
 	struct gsm_mux *gsm = tty->disc_data;
2770
+	unsigned int base;
2592
2771
 
2593
2772
 	switch (cmd) {
2594
2773
 	case GSMIOC_GETCONF:
2595
-		memset(&c, 0, sizeof(c));
2596
-		c.adaption = gsm->adaption;
2597
-		c.encapsulation = gsm->encoding;
2598
-		c.initiator = gsm->initiator;
2599
-		c.t1 = gsm->t1;
2600
-		c.t2 = gsm->t2;
2601
-		c.t3 = 0;	/* Not supported */
2602
-		c.n2 = gsm->n2;
2603
-		if (gsm->ftype == UIH)
2604
-			c.i = 1;
2605
-		else
2606
-			c.i = 2;
2607
-		pr_debug("Ftype %d i %d\n", gsm->ftype, c.i);
2608
-		c.mru = gsm->mru;
2609
-		c.mtu = gsm->mtu;
2610
-		c.k = 0;
2611
-		if (copy_to_user((void *)arg, &c, sizeof(c)))
2774
+		gsm_copy_config_values(gsm, &c);
2775
+		if (copy_to_user((void __user *)arg, &c, sizeof(c)))
2612
2776
 			return -EFAULT;
2613
2777
 		return 0;
2614
2778
 	case GSMIOC_SETCONF:
2615
-		if (copy_from_user(&c, (void *)arg, sizeof(c)))
2779
+		if (copy_from_user(&c, (void __user *)arg, sizeof(c)))
2616
2780
 			return -EFAULT;
2617
-		return gsmld_config(tty, gsm, &c);
2781
+		return gsm_config(gsm, &c);
2782
+	case GSMIOC_GETFIRST:
2783
+		base = mux_num_to_base(gsm);
2784
+		return put_user(base + 1, (__u32 __user *)arg);
2618
2785
 	default:
2619
2786
 		return n_tty_ioctl_helper(tty, file, cmd, arg);
2620
2787
 	}
2621
2788
 }
2622
-
2623
-#ifdef CONFIG_COMPAT
2624
-static long gsmld_compat_ioctl(struct tty_struct *tty, struct file *file,
2625
-		       unsigned int cmd, unsigned long arg)
2626
-{
2627
-	return gsmld_ioctl(tty, file, cmd, arg);
2628
-}
2629
-#endif
2630
2789
 
2631
2790
 /*
2632
2791
  *	Network interface
..
..
@@ -2699,7 +2858,7 @@
2699
2858
 }
2700
2859
 
2701
2860
 /* called when a packet did not ack after watchdogtimeout */
2702
-static void gsm_mux_net_tx_timeout(struct net_device *net)
2861
+static void gsm_mux_net_tx_timeout(struct net_device *net, unsigned int txqueue)
2703
2862
 {
2704
2863
 	/* Tell syslog we are hosed. */
2705
2864
 	dev_dbg(&net->dev, "Tx timed out.\n");
..
..
@@ -2709,7 +2868,7 @@
2709
2868
 }
2710
2869
 
2711
2870
 static void gsm_mux_rx_netchar(struct gsm_dlci *dlci,
2712
-				   unsigned char *in_buf, int size)
2871
+				const unsigned char *in_buf, int size)
2713
2872
 {
2714
2873
 	struct net_device *net = dlci->net;
2715
2874
 	struct sk_buff *skb;
..
..
@@ -2764,7 +2923,7 @@
2764
2923
 {
2765
2924
 	struct gsm_mux_net *mux_net;
2766
2925
 
2767
-	pr_debug("destroy network interface");
2926
+	pr_debug("destroy network interface\n");
2768
2927
 	if (!dlci->net)
2769
2928
 		return;
2770
2929
 	mux_net = netdev_priv(dlci->net);
..
..
@@ -2793,7 +2952,7 @@
2793
2952
 	if (nc->adaption != 3 && nc->adaption != 4)
2794
2953
 		return -EPROTONOSUPPORT;
2795
2954
 
2796
-	pr_debug("create network interface");
2955
+	pr_debug("create network interface\n");
2797
2956
 
2798
2957
 	netname = "gsm%d";
2799
2958
 	if (nc->if_name[0] != '\0')
..
..
@@ -2801,7 +2960,7 @@
2801
2960
 	net = alloc_netdev(sizeof(struct gsm_mux_net), netname,
2802
2961
 			   NET_NAME_UNKNOWN, gsm_mux_net_init);
2803
2962
 	if (!net) {
2804
-		pr_err("alloc_netdev failed");
2963
+		pr_err("alloc_netdev failed\n");
2805
2964
 		return -ENOMEM;
2806
2965
 	}
2807
2966
 	net->mtu = dlci->gsm->mtu;
..
..
@@ -2819,7 +2978,7 @@
2819
2978
 	dlci->data = gsm_mux_rx_netchar;
2820
2979
 	dlci->net = net;
2821
2980
 
2822
-	pr_debug("register netdev");
2981
+	pr_debug("register netdev\n");
2823
2982
 	retval = register_netdev(net);
2824
2983
 	if (retval) {
2825
2984
 		pr_err("network register fail %d\n", retval);
..
..
@@ -2839,9 +2998,6 @@
2839
2998
 	.flush_buffer    = gsmld_flush_buffer,
2840
2999
 	.read            = gsmld_read,
2841
3000
 	.write           = gsmld_write,
2842
-#ifdef CONFIG_COMPAT
2843
-	.compat_ioctl    = gsmld_compat_ioctl,
2844
-#endif
2845
3001
 	.ioctl           = gsmld_ioctl,
2846
3002
 	.poll            = gsmld_poll,
2847
3003
 	.receive_buf     = gsmld_receive_buf,
..
..
@@ -2856,19 +3012,17 @@
2856
3012
 
2857
3013
 static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
2858
3014
 {
2859
-	u8 modembits[5];
3015
+	u8 modembits[3];
2860
3016
 	struct gsm_control *ctrl;
2861
3017
 	int len = 2;
2862
3018
 
2863
-	if (brk)
3019
+	modembits[0] = (dlci->addr << 2) | 2 | EA;  /* DLCI, Valid, EA */
3020
+	modembits[1] = (gsm_encode_modem(dlci) << 1) | EA;
3021
+	if (brk) {
3022
+		modembits[2] = (brk << 4) | 2 | EA; /* Length, Break, EA */
2864
3023
 		len++;
2865
-
2866
-	modembits[0] = len << 1 | EA;		/* Data bytes */
2867
-	modembits[1] = dlci->addr << 2 | 3;	/* DLCI, EA, 1 */
2868
-	modembits[2] = gsm_encode_modem(dlci) << 1 | EA;
2869
-	if (brk)
2870
-		modembits[3] = brk << 4 | 2 | EA;	/* Valid, EA */
2871
-	ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len + 1);
3024
+	}
3025
+	ctrl = gsm_control_send(dlci->gsm, CMD_MSC, modembits, len);
2872
3026
 	if (ctrl == NULL)
2873
3027
 		return -ENOMEM;
2874
3028
 	return gsm_control_wait(dlci->gsm, ctrl);
..
..
@@ -2921,7 +3075,7 @@
2921
3075
 	struct gsm_mux *gsm;
2922
3076
 	struct gsm_dlci *dlci;
2923
3077
 	unsigned int line = tty->index;
2924
-	unsigned int mux = line >> 6;
3078
+	unsigned int mux = mux_line_to_num(line);
2925
3079
 	bool alloc = false;
2926
3080
 	int ret;
2927
3081
 
..
..
@@ -2976,6 +3130,7 @@
2976
3130
 {
2977
3131
 	struct gsm_dlci *dlci = tty->driver_data;
2978
3132
 	struct tty_port *port = &dlci->port;
3133
+	struct gsm_mux *gsm = dlci->gsm;
2979
3134
 
2980
3135
 	port->count++;
2981
3136
 	tty_port_tty_set(port, tty);
..
..
@@ -2985,7 +3140,10 @@
2985
3140
 	   a DM straight back. This is ok as that will have caused a hangup */
2986
3141
 	tty_port_set_initialized(port, 1);
2987
3142
 	/* Start sending off SABM messages */
2988
-	gsm_dlci_begin_open(dlci);
3143
+	if (gsm->initiator)
3144
+		gsm_dlci_begin_open(dlci);
3145
+	else
3146
+		gsm_dlci_set_opening(dlci);
2989
3147
 	/* And wait for virtual carrier */
2990
3148
 	return tty_port_block_til_ready(port, tty, filp);
2991
3149
 }
..
..
@@ -3028,7 +3186,7 @@
3028
3186
 	if (dlci->state == DLCI_CLOSED)
3029
3187
 		return -EINVAL;
3030
3188
 	/* Stuff the bytes into the fifo queue */
3031
-	sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock);
3189
+	sent = kfifo_in_locked(&dlci->fifo, buf, len, &dlci->lock);
3032
3190
 	/* Need to kick the channel */
3033
3191
 	gsm_dlci_data_kick(dlci);
3034
3192
 	return sent;
..
..
@@ -3039,7 +3197,7 @@
3039
3197
 	struct gsm_dlci *dlci = tty->driver_data;
3040
3198
 	if (dlci->state == DLCI_CLOSED)
3041
3199
 		return -EINVAL;
3042
-	return TX_SIZE - kfifo_len(dlci->fifo);
3200
+	return TX_SIZE - kfifo_len(&dlci->fifo);
3043
3201
 }
3044
3202
 
3045
3203
 static int gsmtty_chars_in_buffer(struct tty_struct *tty)
..
..
@@ -3047,19 +3205,23 @@
3047
3205
 	struct gsm_dlci *dlci = tty->driver_data;
3048
3206
 	if (dlci->state == DLCI_CLOSED)
3049
3207
 		return -EINVAL;
3050
-	return kfifo_len(dlci->fifo);
3208
+	return kfifo_len(&dlci->fifo);
3051
3209
 }
3052
3210
 
3053
3211
 static void gsmtty_flush_buffer(struct tty_struct *tty)
3054
3212
 {
3055
3213
 	struct gsm_dlci *dlci = tty->driver_data;
3214
+	unsigned long flags;
3215
+
3056
3216
 	if (dlci->state == DLCI_CLOSED)
3057
3217
 		return;
3058
3218
 	/* Caution needed: If we implement reliable transport classes
3059
3219
 	   then the data being transmitted can't simply be junked once
3060
3220
 	   it has first hit the stack. Until then we can just blow it
3061
3221
 	   away */
3062
-	kfifo_reset(dlci->fifo);
3222
+	spin_lock_irqsave(&dlci->lock, flags);
3223
+	kfifo_reset(&dlci->fifo);
3224
+	spin_unlock_irqrestore(&dlci->lock, flags);
3063
3225
 	/* Need to unhook this DLCI from the transmit queue logic */
3064
3226
 }
3065
3227
 
..
..
@@ -3149,9 +3311,9 @@
3149
3311
 	if (dlci->state == DLCI_CLOSED)
3150
3312
 		return;
3151
3313
 	if (C_CRTSCTS(tty))
3152
-		dlci->modem_tx &= ~TIOCM_DTR;
3153
-	dlci->throttled = 1;
3154
-	/* Send an MSC with DTR cleared */
3314
+		dlci->modem_tx &= ~TIOCM_RTS;
3315
+	dlci->throttled = true;
3316
+	/* Send an MSC with RTS cleared */
3155
3317
 	gsmtty_modem_update(dlci, 0);
3156
3318
 }
3157
3319
 
..
..
@@ -3161,9 +3323,9 @@
3161
3323
 	if (dlci->state == DLCI_CLOSED)
3162
3324
 		return;
3163
3325
 	if (C_CRTSCTS(tty))
3164
-		dlci->modem_tx |= TIOCM_DTR;
3165
-	dlci->throttled = 0;
3166
-	/* Send an MSC with DTR set */
3326
+		dlci->modem_tx |= TIOCM_RTS;
3327
+	dlci->throttled = false;
3328
+	/* Send an MSC with RTS set */
3167
3329
 	gsmtty_modem_update(dlci, 0);
3168
3330
 }
3169
3331