ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1512

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	net/irda/irttp.c
Line in file:	1819
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-05-21 20:30:05 UTC
Source:

   1/*********************************************************************
   2 *
   3 * Filename:      irttp.c
   4 * Version:       1.2
   5 * Description:   Tiny Transport Protocol (TTP) implementation
   6 * Status:        Stable
   7 * Author:        Dag Brattli <dagb@cs.uit.no>
   8 * Created at:    Sun Aug 31 20:14:31 1997
   9 * Modified at:   Wed Jan  5 11:31:27 2000
  10 * Modified by:   Dag Brattli <dagb@cs.uit.no>
  11 *
  12 *     Copyright (c) 1998-2000 Dag Brattli <dagb@cs.uit.no>,
  13 *     All Rights Reserved.
  14 *     Copyright (c) 2000-2003 Jean Tourrilhes <jt@hpl.hp.com>
  15 *
  16 *     This program is free software; you can redistribute it and/or
  17 *     modify it under the terms of the GNU General Public License as
  18 *     published by the Free Software Foundation; either version 2 of
  19 *     the License, or (at your option) any later version.
  20 *
  21 *     Neither Dag Brattli nor University of Troms�� admit liability nor
  22 *     provide warranty for any of this software. This material is
  23 *     provided "AS-IS" and at no charge.
  24 *
  25 ********************************************************************/
  26
  27#include <linux/skbuff.h>
  28#include <linux/init.h>
  29#include <linux/fs.h>
  30#include <linux/seq_file.h>
  31
  32#include <asm/byteorder.h>
  33#include <asm/unaligned.h>
  34
  35#include <net/irda/irda.h>
  36#include <net/irda/irlap.h>
  37#include <net/irda/irlmp.h>
  38#include <net/irda/parameters.h>
  39#include <net/irda/irttp.h>
  40
  41static struct irttp_cb *irttp;
  42
  43static void __irttp_close_tsap(struct tsap_cb *self);
  44
  45static int irttp_data_indication(void *instance, void *sap,
  46                                 struct sk_buff *skb);
  47static int irttp_udata_indication(void *instance, void *sap,
  48                                  struct sk_buff *skb);
  49static void irttp_disconnect_indication(void *instance, void *sap,
  50                                        LM_REASON reason, struct sk_buff *);
  51static void irttp_connect_indication(void *instance, void *sap,
  52                                     struct qos_info *qos, __u32 max_sdu_size,
  53                                     __u8 header_size, struct sk_buff *skb);
  54static void irttp_connect_confirm(void *instance, void *sap,
  55                                  struct qos_info *qos, __u32 max_sdu_size,
  56                                  __u8 header_size, struct sk_buff *skb);
  57static void irttp_run_tx_queue(struct tsap_cb *self);
  58static void irttp_run_rx_queue(struct tsap_cb *self);
  59
  60static void irttp_flush_queues(struct tsap_cb *self);
  61static void irttp_fragment_skb(struct tsap_cb *self, struct sk_buff *skb);
  62static struct sk_buff *irttp_reassemble_skb(struct tsap_cb *self);
  63static void irttp_todo_expired(unsigned long data);
  64static int irttp_param_max_sdu_size(void *instance, irda_param_t *param,
  65                                    int get);
  66
  67static void irttp_flow_indication(void *instance, void *sap, LOCAL_FLOW flow);
  68static void irttp_status_indication(void *instance,
  69                                    LINK_STATUS link, LOCK_STATUS lock);
  70
  71/* Information for parsing parameters in IrTTP */
  72static pi_minor_info_t pi_minor_call_table[] = {
  73        { NULL, 0 },                                             /* 0x00 */
  74        { irttp_param_max_sdu_size, PV_INTEGER | PV_BIG_ENDIAN } /* 0x01 */
  75};
  76static pi_major_info_t pi_major_call_table[] = {{ pi_minor_call_table, 2 }};
  77static pi_param_info_t param_info = { pi_major_call_table, 1, 0x0f, 4 };
  78
  79/************************ GLOBAL PROCEDURES ************************/
  80
  81/*
  82 * Function irttp_init (void)
  83 *
  84 *    Initialize the IrTTP layer. Called by module initialization code
  85 *
  86 */
  87int __init irttp_init(void)
  88{
  89        irttp = kzalloc(sizeof(struct irttp_cb), GFP_KERNEL);
  90        if (irttp == NULL)
  91                return -ENOMEM;
  92
  93        irttp->magic = TTP_MAGIC;
  94
  95        irttp->tsaps = hashbin_new(HB_LOCK);
  96        if (!irttp->tsaps) {
  97                IRDA_ERROR("%s: can't allocate IrTTP hashbin!\n",
  98                           __func__);
  99                kfree(irttp);
 100                return -ENOMEM;
 101        }
 102
 103        return 0;
 104}
 105
 106/*
 107 * Function irttp_cleanup (void)
 108 *
 109 *    Called by module destruction/cleanup code
 110 *
 111 */
 112void irttp_cleanup(void)
 113{
 114        /* Check for main structure */
 115        IRDA_ASSERT(irttp->magic == TTP_MAGIC, return;);
 116
 117        /*
 118         *  Delete hashbin and close all TSAP instances in it
 119         */
 120        hashbin_delete(irttp->tsaps, (FREE_FUNC) __irttp_close_tsap);
 121
 122        irttp->magic = 0;
 123
 124        /* De-allocate main structure */
 125        kfree(irttp);
 126
 127        irttp = NULL;
 128}
 129
 130/*************************** SUBROUTINES ***************************/
 131
 132/*
 133 * Function irttp_start_todo_timer (self, timeout)
 134 *
 135 *    Start todo timer.
 136 *
 137 * Made it more effient and unsensitive to race conditions - Jean II
 138 */
 139static inline void irttp_start_todo_timer(struct tsap_cb *self, int timeout)
 140{
 141        /* Set new value for timer */
 142        mod_timer(&self->todo_timer, jiffies + timeout);
 143}
 144
 145/*
 146 * Function irttp_todo_expired (data)
 147 *
 148 *    Todo timer has expired!
 149 *
 150 * One of the restriction of the timer is that it is run only on the timer
 151 * interrupt which run every 10ms. This mean that even if you set the timer
 152 * with a delay of 0, it may take up to 10ms before it's run.
 153 * So, to minimise latency and keep cache fresh, we try to avoid using
 154 * it as much as possible.
 155 * Note : we can't use tasklets, because they can't be asynchronously
 156 * killed (need user context), and we can't guarantee that here...
 157 * Jean II
 158 */
 159static void irttp_todo_expired(unsigned long data)
 160{
 161        struct tsap_cb *self = (struct tsap_cb *) data;
 162
 163        /* Check that we still exist */
 164        if (!self || self->magic != TTP_TSAP_MAGIC)
 165                return;
 166
 167        IRDA_DEBUG(4, "%s(instance=%p)\n", __func__, self);
 168
 169        /* Try to make some progress, especially on Tx side - Jean II */
 170        irttp_run_rx_queue(self);
 171        irttp_run_tx_queue(self);
 172
 173        /* Check if time for disconnect */
 174        if (test_bit(0, &self->disconnect_pend)) {
 175                /* Check if it's possible to disconnect yet */
 176                if (skb_queue_empty(&self->tx_queue)) {
 177                        /* Make sure disconnect is not pending anymore */
 178                        clear_bit(0, &self->disconnect_pend);        /* FALSE */
 179
 180                        /* Note : self->disconnect_skb may be NULL */
 181                        irttp_disconnect_request(self, self->disconnect_skb,
 182                                                 P_NORMAL);
 183                        self->disconnect_skb = NULL;
 184                } else {
 185                        /* Try again later */
 186                        irttp_start_todo_timer(self, HZ/10);
 187
 188                        /* No reason to try and close now */
 189                        return;
 190                }
 191        }
 192
 193        /* Check if it's closing time */
 194        if (self->close_pend)
 195                /* Finish cleanup */
 196                irttp_close_tsap(self);
 197}
 198
 199/*
 200 * Function irttp_flush_queues (self)
 201 *
 202 *     Flushes (removes all frames) in transitt-buffer (tx_list)
 203 */
 204void irttp_flush_queues(struct tsap_cb *self)
 205{
 206        struct sk_buff* skb;
 207
 208        IRDA_DEBUG(4, "%s()\n", __func__);
 209
 210        IRDA_ASSERT(self != NULL, return;);
 211        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
 212
 213        /* Deallocate frames waiting to be sent */
 214        while ((skb = skb_dequeue(&self->tx_queue)) != NULL)
 215                dev_kfree_skb(skb);
 216
 217        /* Deallocate received frames */
 218        while ((skb = skb_dequeue(&self->rx_queue)) != NULL)
 219                dev_kfree_skb(skb);
 220
 221        /* Deallocate received fragments */
 222        while ((skb = skb_dequeue(&self->rx_fragments)) != NULL)
 223                dev_kfree_skb(skb);
 224}
 225
 226/*
 227 * Function irttp_reassemble (self)
 228 *
 229 *    Makes a new (continuous) skb of all the fragments in the fragment
 230 *    queue
 231 *
 232 */
 233static struct sk_buff *irttp_reassemble_skb(struct tsap_cb *self)
 234{
 235        struct sk_buff *skb, *frag;
 236        int n = 0;  /* Fragment index */
 237
 238        IRDA_ASSERT(self != NULL, return NULL;);
 239        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return NULL;);
 240
 241        IRDA_DEBUG(2, "%s(), self->rx_sdu_size=%d\n", __func__,
 242                   self->rx_sdu_size);
 243
 244        skb = dev_alloc_skb(TTP_HEADER + self->rx_sdu_size);
 245        if (!skb)
 246                return NULL;
 247
 248        /*
 249         * Need to reserve space for TTP header in case this skb needs to
 250         * be requeued in case delivery failes
 251         */
 252        skb_reserve(skb, TTP_HEADER);
 253        skb_put(skb, self->rx_sdu_size);
 254
 255        /*
 256         *  Copy all fragments to a new buffer
 257         */
 258        while ((frag = skb_dequeue(&self->rx_fragments)) != NULL) {
 259                skb_copy_to_linear_data_offset(skb, n, frag->data, frag->len);
 260                n += frag->len;
 261
 262                dev_kfree_skb(frag);
 263        }
 264
 265        IRDA_DEBUG(2,
 266                   "%s(), frame len=%d, rx_sdu_size=%d, rx_max_sdu_size=%d\n",
 267                   __func__, n, self->rx_sdu_size, self->rx_max_sdu_size);
 268        /* Note : irttp_run_rx_queue() calculate self->rx_sdu_size
 269         * by summing the size of all fragments, so we should always
 270         * have n == self->rx_sdu_size, except in cases where we
 271         * droped the last fragment (when self->rx_sdu_size exceed
 272         * self->rx_max_sdu_size), where n < self->rx_sdu_size.
 273         * Jean II */
 274        IRDA_ASSERT(n <= self->rx_sdu_size, n = self->rx_sdu_size;);
 275
 276        /* Set the new length */
 277        skb_trim(skb, n);
 278
 279        self->rx_sdu_size = 0;
 280
 281        return skb;
 282}
 283
 284/*
 285 * Function irttp_fragment_skb (skb)
 286 *
 287 *    Fragments a frame and queues all the fragments for transmission
 288 *
 289 */
 290static inline void irttp_fragment_skb(struct tsap_cb *self,
 291                                      struct sk_buff *skb)
 292{
 293        struct sk_buff *frag;
 294        __u8 *frame;
 295
 296        IRDA_DEBUG(2, "%s()\n", __func__);
 297
 298        IRDA_ASSERT(self != NULL, return;);
 299        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
 300        IRDA_ASSERT(skb != NULL, return;);
 301
 302        /*
 303         *  Split frame into a number of segments
 304         */
 305        while (skb->len > self->max_seg_size) {
 306                IRDA_DEBUG(2, "%s(), fragmenting ...\n", __func__);
 307
 308                /* Make new segment */
 309                frag = alloc_skb(self->max_seg_size+self->max_header_size,
 310                                 GFP_ATOMIC);
 311                if (!frag)
 312                        return;
 313
 314                skb_reserve(frag, self->max_header_size);
 315
 316                /* Copy data from the original skb into this fragment. */
 317                skb_copy_from_linear_data(skb, skb_put(frag, self->max_seg_size),
 318                              self->max_seg_size);
 319
 320                /* Insert TTP header, with the more bit set */
 321                frame = skb_push(frag, TTP_HEADER);
 322                frame[0] = TTP_MORE;
 323
 324                /* Hide the copied data from the original skb */
 325                skb_pull(skb, self->max_seg_size);
 326
 327                /* Queue fragment */
 328                skb_queue_tail(&self->tx_queue, frag);
 329        }
 330        /* Queue what is left of the original skb */
 331        IRDA_DEBUG(2, "%s(), queuing last segment\n", __func__);
 332
 333        frame = skb_push(skb, TTP_HEADER);
 334        frame[0] = 0x00; /* Clear more bit */
 335
 336        /* Queue fragment */
 337        skb_queue_tail(&self->tx_queue, skb);
 338}
 339
 340/*
 341 * Function irttp_param_max_sdu_size (self, param)
 342 *
 343 *    Handle the MaxSduSize parameter in the connect frames, this function
 344 *    will be called both when this parameter needs to be inserted into, and
 345 *    extracted from the connect frames
 346 */
 347static int irttp_param_max_sdu_size(void *instance, irda_param_t *param,
 348                                    int get)
 349{
 350        struct tsap_cb *self;
 351
 352        self = (struct tsap_cb *) instance;
 353
 354        IRDA_ASSERT(self != NULL, return -1;);
 355        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
 356
 357        if (get)
 358                param->pv.i = self->tx_max_sdu_size;
 359        else
 360                self->tx_max_sdu_size = param->pv.i;
 361
 362        IRDA_DEBUG(1, "%s(), MaxSduSize=%d\n", __func__, param->pv.i);
 363
 364        return 0;
 365}
 366
 367/*************************** CLIENT CALLS ***************************/
 368/************************** LMP CALLBACKS **************************/
 369/* Everything is happily mixed up. Waiting for next clean up - Jean II */
 370
 371/*
 372 * Initialization, that has to be done on new tsap
 373 * instance allocation and on duplication
 374 */
 375static void irttp_init_tsap(struct tsap_cb *tsap)
 376{
 377        spin_lock_init(&tsap->lock);
 378        init_timer(&tsap->todo_timer);
 379
 380        skb_queue_head_init(&tsap->rx_queue);
 381        skb_queue_head_init(&tsap->tx_queue);
 382        skb_queue_head_init(&tsap->rx_fragments);
 383}
 384
 385/*
 386 * Function irttp_open_tsap (stsap, notify)
 387 *
 388 *    Create TSAP connection endpoint,
 389 */
 390struct tsap_cb *irttp_open_tsap(__u8 stsap_sel, int credit, notify_t *notify)
 391{
 392        struct tsap_cb *self;
 393        struct lsap_cb *lsap;
 394        notify_t ttp_notify;
 395
 396        IRDA_ASSERT(irttp->magic == TTP_MAGIC, return NULL;);
 397
 398        /* The IrLMP spec (IrLMP 1.1 p10) says that we have the right to
 399         * use only 0x01-0x6F. Of course, we can use LSAP_ANY as well.
 400         * JeanII */
 401        if((stsap_sel != LSAP_ANY) &&
 402           ((stsap_sel < 0x01) || (stsap_sel >= 0x70))) {
 403                IRDA_DEBUG(0, "%s(), invalid tsap!\n", __func__);
 404                return NULL;
 405        }
 406
 407        self = kzalloc(sizeof(struct tsap_cb), GFP_ATOMIC);
 408        if (self == NULL) {
 409                IRDA_DEBUG(0, "%s(), unable to kmalloc!\n", __func__);
 410                return NULL;
 411        }
 412
 413        /* Initialize internal objects */
 414        irttp_init_tsap(self);
 415
 416        /* Initialise todo timer */
 417        self->todo_timer.data     = (unsigned long) self;
 418        self->todo_timer.function = &irttp_todo_expired;
 419
 420        /* Initialize callbacks for IrLMP to use */
 421        irda_notify_init(&ttp_notify);
 422        ttp_notify.connect_confirm = irttp_connect_confirm;
 423        ttp_notify.connect_indication = irttp_connect_indication;
 424        ttp_notify.disconnect_indication = irttp_disconnect_indication;
 425        ttp_notify.data_indication = irttp_data_indication;
 426        ttp_notify.udata_indication = irttp_udata_indication;
 427        ttp_notify.flow_indication = irttp_flow_indication;
 428        if(notify->status_indication != NULL)
 429                ttp_notify.status_indication = irttp_status_indication;
 430        ttp_notify.instance = self;
 431        strncpy(ttp_notify.name, notify->name, NOTIFY_MAX_NAME);
 432
 433        self->magic = TTP_TSAP_MAGIC;
 434        self->connected = FALSE;
 435
 436        /*
 437         *  Create LSAP at IrLMP layer
 438         */
 439        lsap = irlmp_open_lsap(stsap_sel, &ttp_notify, 0);
 440        if (lsap == NULL) {
 441                IRDA_WARNING("%s: unable to allocate LSAP!!\n", __func__);
 442                return NULL;
 443        }
 444
 445        /*
 446         *  If user specified LSAP_ANY as source TSAP selector, then IrLMP
 447         *  will replace it with whatever source selector which is free, so
 448         *  the stsap_sel we have might not be valid anymore
 449         */
 450        self->stsap_sel = lsap->slsap_sel;
 451        IRDA_DEBUG(4, "%s(), stsap_sel=%02x\n", __func__, self->stsap_sel);
 452
 453        self->notify = *notify;
 454        self->lsap = lsap;
 455
 456        hashbin_insert(irttp->tsaps, (irda_queue_t *) self, (long) self, NULL);
 457
 458        if (credit > TTP_RX_MAX_CREDIT)
 459                self->initial_credit = TTP_RX_MAX_CREDIT;
 460        else
 461                self->initial_credit = credit;
 462
 463        return self;
 464}
 465EXPORT_SYMBOL(irttp_open_tsap);
 466
 467/*
 468 * Function irttp_close (handle)
 469 *
 470 *    Remove an instance of a TSAP. This function should only deal with the
 471 *    deallocation of the TSAP, and resetting of the TSAPs values;
 472 *
 473 */
 474static void __irttp_close_tsap(struct tsap_cb *self)
 475{
 476        /* First make sure we're connected. */
 477        IRDA_ASSERT(self != NULL, return;);
 478        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
 479
 480        irttp_flush_queues(self);
 481
 482        del_timer(&self->todo_timer);
 483
 484        /* This one won't be cleaned up if we are disconnect_pend + close_pend
 485         * and we receive a disconnect_indication */
 486        if (self->disconnect_skb)
 487                dev_kfree_skb(self->disconnect_skb);
 488
 489        self->connected = FALSE;
 490        self->magic = ~TTP_TSAP_MAGIC;
 491
 492        kfree(self);
 493}
 494
 495/*
 496 * Function irttp_close (self)
 497 *
 498 *    Remove TSAP from list of all TSAPs and then deallocate all resources
 499 *    associated with this TSAP
 500 *
 501 * Note : because we *free* the tsap structure, it is the responsibility
 502 * of the caller to make sure we are called only once and to deal with
 503 * possible race conditions. - Jean II
 504 */
 505int irttp_close_tsap(struct tsap_cb *self)
 506{
 507        struct tsap_cb *tsap;
 508
 509        IRDA_DEBUG(4, "%s()\n", __func__);
 510
 511        IRDA_ASSERT(self != NULL, return -1;);
 512        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
 513
 514        /* Make sure tsap has been disconnected */
 515        if (self->connected) {
 516                /* Check if disconnect is not pending */
 517                if (!test_bit(0, &self->disconnect_pend)) {
 518                        IRDA_WARNING("%s: TSAP still connected!\n",
 519                                     __func__);
 520                        irttp_disconnect_request(self, NULL, P_NORMAL);
 521                }
 522                self->close_pend = TRUE;
 523                irttp_start_todo_timer(self, HZ/10);
 524
 525                return 0; /* Will be back! */
 526        }
 527
 528        tsap = hashbin_remove(irttp->tsaps, (long) self, NULL);
 529
 530        IRDA_ASSERT(tsap == self, return -1;);
 531
 532        /* Close corresponding LSAP */
 533        if (self->lsap) {
 534                irlmp_close_lsap(self->lsap);
 535                self->lsap = NULL;
 536        }
 537
 538        __irttp_close_tsap(self);
 539
 540        return 0;
 541}
 542EXPORT_SYMBOL(irttp_close_tsap);
 543
 544/*
 545 * Function irttp_udata_request (self, skb)
 546 *
 547 *    Send unreliable data on this TSAP
 548 *
 549 */
 550int irttp_udata_request(struct tsap_cb *self, struct sk_buff *skb)
 551{
 552        IRDA_ASSERT(self != NULL, return -1;);
 553        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
 554        IRDA_ASSERT(skb != NULL, return -1;);
 555
 556        IRDA_DEBUG(4, "%s()\n", __func__);
 557
 558        /* Check that nothing bad happens */
 559        if ((skb->len == 0) || (!self->connected)) {
 560                IRDA_DEBUG(1, "%s(), No data, or not connected\n",
 561                           __func__);
 562                goto err;
 563        }
 564
 565        if (skb->len > self->max_seg_size) {
 566                IRDA_DEBUG(1, "%s(), UData is too large for IrLAP!\n",
 567                           __func__);
 568                goto err;
 569        }
 570
 571        irlmp_udata_request(self->lsap, skb);
 572        self->stats.tx_packets++;
 573
 574        return 0;
 575
 576err:
 577        dev_kfree_skb(skb);
 578        return -1;
 579}
 580EXPORT_SYMBOL(irttp_udata_request);
 581
 582
 583/*
 584 * Function irttp_data_request (handle, skb)
 585 *
 586 *    Queue frame for transmission. If SAR is enabled, fragement the frame
 587 *    and queue the fragments for transmission
 588 */
 589int irttp_data_request(struct tsap_cb *self, struct sk_buff *skb)
 590{
 591        __u8 *frame;
 592        int ret;
 593
 594        IRDA_ASSERT(self != NULL, return -1;);
 595        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
 596        IRDA_ASSERT(skb != NULL, return -1;);
 597
 598        IRDA_DEBUG(2, "%s() : queue len = %d\n", __func__,
 599                   skb_queue_len(&self->tx_queue));
 600
 601        /* Check that nothing bad happens */
 602        if ((skb->len == 0) || (!self->connected)) {
 603                IRDA_WARNING("%s: No data, or not connected\n", __func__);
 604                ret = -ENOTCONN;
 605                goto err;
 606        }
 607
 608        /*
 609         *  Check if SAR is disabled, and the frame is larger than what fits
 610         *  inside an IrLAP frame
 611         */
 612        if ((self->tx_max_sdu_size == 0) && (skb->len > self->max_seg_size)) {
 613                IRDA_ERROR("%s: SAR disabled, and data is too large for IrLAP!\n",
 614                           __func__);
 615                ret = -EMSGSIZE;
 616                goto err;
 617        }
 618
 619        /*
 620         *  Check if SAR is enabled, and the frame is larger than the
 621         *  TxMaxSduSize
 622         */
 623        if ((self->tx_max_sdu_size != 0) &&
 624            (self->tx_max_sdu_size != TTP_SAR_UNBOUND) &&
 625            (skb->len > self->tx_max_sdu_size))
 626        {
 627                IRDA_ERROR("%s: SAR enabled, but data is larger than TxMaxSduSize!\n",
 628                           __func__);
 629                ret = -EMSGSIZE;
 630                goto err;
 631        }
 632        /*
 633         *  Check if transmit queue is full
 634         */
 635        if (skb_queue_len(&self->tx_queue) >= TTP_TX_MAX_QUEUE) {
 636                /*
 637                 *  Give it a chance to empty itself
 638                 */
 639                irttp_run_tx_queue(self);
 640
 641                /* Drop packet. This error code should trigger the caller
 642                 * to resend the data in the client code - Jean II */
 643                ret = -ENOBUFS;
 644                goto err;
 645        }
 646
 647        /* Queue frame, or queue frame segments */
 648        if ((self->tx_max_sdu_size == 0) || (skb->len < self->max_seg_size)) {
 649                /* Queue frame */
 650                IRDA_ASSERT(skb_headroom(skb) >= TTP_HEADER, return -1;);
 651                frame = skb_push(skb, TTP_HEADER);
 652                frame[0] = 0x00; /* Clear more bit */
 653
 654                skb_queue_tail(&self->tx_queue, skb);
 655        } else {
 656                /*
 657                 *  Fragment the frame, this function will also queue the
 658                 *  fragments, we don't care about the fact the transmit
 659                 *  queue may be overfilled by all the segments for a little
 660                 *  while
 661                 */
 662                irttp_fragment_skb(self, skb);
 663        }
 664
 665        /* Check if we can accept more data from client */
 666        if ((!self->tx_sdu_busy) &&
 667            (skb_queue_len(&self->tx_queue) > TTP_TX_HIGH_THRESHOLD)) {
 668                /* Tx queue filling up, so stop client. */
 669                if (self->notify.flow_indication) {
 670                        self->notify.flow_indication(self->notify.instance,
 671                                                     self, FLOW_STOP);
 672                }
 673                /* self->tx_sdu_busy is the state of the client.
 674                 * Update state after notifying client to avoid
 675                 * race condition with irttp_flow_indication().
 676                 * If the queue empty itself after our test but before
 677                 * we set the flag, we will fix ourselves below in
 678                 * irttp_run_tx_queue().
 679                 * Jean II */
 680                self->tx_sdu_busy = TRUE;
 681        }
 682
 683        /* Try to make some progress */
 684        irttp_run_tx_queue(self);
 685
 686        return 0;
 687
 688err:
 689        dev_kfree_skb(skb);
 690        return ret;
 691}
 692EXPORT_SYMBOL(irttp_data_request);
 693
 694/*
 695 * Function irttp_run_tx_queue (self)
 696 *
 697 *    Transmit packets queued for transmission (if possible)
 698 *
 699 */
 700static void irttp_run_tx_queue(struct tsap_cb *self)
 701{
 702        struct sk_buff *skb;
 703        unsigned long flags;
 704        int n;
 705
 706        IRDA_DEBUG(2, "%s() : send_credit = %d, queue_len = %d\n",
 707                   __func__,
 708                   self->send_credit, skb_queue_len(&self->tx_queue));
 709
 710        /* Get exclusive access to the tx queue, otherwise don't touch it */
 711        if (irda_lock(&self->tx_queue_lock) == FALSE)
 712                return;
 713
 714        /* Try to send out frames as long as we have credits
 715         * and as long as LAP is not full. If LAP is full, it will
 716         * poll us through irttp_flow_indication() - Jean II */
 717        while ((self->send_credit > 0) &&
 718               (!irlmp_lap_tx_queue_full(self->lsap)) &&
 719               (skb = skb_dequeue(&self->tx_queue)))
 720        {
 721                /*
 722                 *  Since we can transmit and receive frames concurrently,
 723                 *  the code below is a critical region and we must assure that
 724                 *  nobody messes with the credits while we update them.
 725                 */
 726                spin_lock_irqsave(&self->lock, flags);
 727
 728                n = self->avail_credit;
 729                self->avail_credit = 0;
 730
 731                /* Only room for 127 credits in frame */
 732                if (n > 127) {
 733                        self->avail_credit = n-127;
 734                        n = 127;
 735                }
 736                self->remote_credit += n;
 737                self->send_credit--;
 738
 739                spin_unlock_irqrestore(&self->lock, flags);
 740
 741                /*
 742                 *  More bit must be set by the data_request() or fragment()
 743                 *  functions
 744                 */
 745                skb->data[0] |= (n & 0x7f);
 746
 747                /* Detach from socket.
 748                 * The current skb has a reference to the socket that sent
 749                 * it (skb->sk). When we pass it to IrLMP, the skb will be
 750                 * stored in in IrLAP (self->wx_list). When we are within
 751                 * IrLAP, we lose the notion of socket, so we should not
 752                 * have a reference to a socket. So, we drop it here.
 753                 *
 754                 * Why does it matter ?
 755                 * When the skb is freed (kfree_skb), if it is associated
 756                 * with a socket, it release buffer space on the socket
 757                 * (through sock_wfree() and sock_def_write_space()).
 758                 * If the socket no longer exist, we may crash. Hard.
 759                 * When we close a socket, we make sure that associated packets
 760                 * in IrTTP are freed. However, we have no way to cancel
 761                 * the packet that we have passed to IrLAP. So, if a packet
 762                 * remains in IrLAP (retry on the link or else) after we
 763                 * close the socket, we are dead !
 764                 * Jean II */
 765                if (skb->sk != NULL) {
 766                        /* IrSOCK application, IrOBEX, ... */
 767                        skb_orphan(skb);
 768                }
 769                        /* IrCOMM over IrTTP, IrLAN, ... */
 770
 771                /* Pass the skb to IrLMP - done */
 772                irlmp_data_request(self->lsap, skb);
 773                self->stats.tx_packets++;
 774        }
 775
 776        /* Check if we can accept more frames from client.
 777         * We don't want to wait until the todo timer to do that, and we
 778         * can't use tasklets (grr...), so we are obliged to give control
 779         * to client. That's ok, this test will be true not too often
 780         * (max once per LAP window) and we are called from places
 781         * where we can spend a bit of time doing stuff. - Jean II */
 782        if ((self->tx_sdu_busy) &&
 783            (skb_queue_len(&self->tx_queue) < TTP_TX_LOW_THRESHOLD) &&
 784            (!self->close_pend))
 785        {
 786                if (self->notify.flow_indication)
 787                        self->notify.flow_indication(self->notify.instance,
 788                                                     self, FLOW_START);
 789
 790                /* self->tx_sdu_busy is the state of the client.
 791                 * We don't really have a race here, but it's always safer
 792                 * to update our state after the client - Jean II */
 793                self->tx_sdu_busy = FALSE;
 794        }
 795
 796        /* Reset lock */
 797        self->tx_queue_lock = 0;
 798}
 799
 800/*
 801 * Function irttp_give_credit (self)
 802 *
 803 *    Send a dataless flowdata TTP-PDU and give available credit to peer
 804 *    TSAP
 805 */
 806static inline void irttp_give_credit(struct tsap_cb *self)
 807{
 808        struct sk_buff *tx_skb = NULL;
 809        unsigned long flags;
 810        int n;
 811
 812        IRDA_ASSERT(self != NULL, return;);
 813        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
 814
 815        IRDA_DEBUG(4, "%s() send=%d,avail=%d,remote=%d\n",
 816                   __func__,
 817                   self->send_credit, self->avail_credit, self->remote_credit);
 818
 819        /* Give credit to peer */
 820        tx_skb = alloc_skb(TTP_MAX_HEADER, GFP_ATOMIC);
 821        if (!tx_skb)
 822                return;
 823
 824        /* Reserve space for LMP, and LAP header */
 825        skb_reserve(tx_skb, LMP_MAX_HEADER);
 826
 827        /*
 828         *  Since we can transmit and receive frames concurrently,
 829         *  the code below is a critical region and we must assure that
 830         *  nobody messes with the credits while we update them.
 831         */
 832        spin_lock_irqsave(&self->lock, flags);
 833
 834        n = self->avail_credit;
 835        self->avail_credit = 0;
 836
 837        /* Only space for 127 credits in frame */
 838        if (n > 127) {
 839                self->avail_credit = n - 127;
 840                n = 127;
 841        }
 842        self->remote_credit += n;
 843
 844        spin_unlock_irqrestore(&self->lock, flags);
 845
 846        skb_put(tx_skb, 1);
 847        tx_skb->data[0] = (__u8) (n & 0x7f);
 848
 849        irlmp_data_request(self->lsap, tx_skb);
 850        self->stats.tx_packets++;
 851}
 852
 853/*
 854 * Function irttp_udata_indication (instance, sap, skb)
 855 *
 856 *    Received some unit-data (unreliable)
 857 *
 858 */
 859static int irttp_udata_indication(void *instance, void *sap,
 860                                  struct sk_buff *skb)
 861{
 862        struct tsap_cb *self;
 863        int err;
 864
 865        IRDA_DEBUG(4, "%s()\n", __func__);
 866
 867        self = (struct tsap_cb *) instance;
 868
 869        IRDA_ASSERT(self != NULL, return -1;);
 870        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
 871        IRDA_ASSERT(skb != NULL, return -1;);
 872
 873        self->stats.rx_packets++;
 874
 875        /* Just pass data to layer above */
 876        if (self->notify.udata_indication) {
 877                err = self->notify.udata_indication(self->notify.instance,
 878                                                    self,skb);
 879                /* Same comment as in irttp_do_data_indication() */
 880                if (!err)
 881                        return 0;
 882        }
 883        /* Either no handler, or handler returns an error */
 884        dev_kfree_skb(skb);
 885
 886        return 0;
 887}
 888
 889/*
 890 * Function irttp_data_indication (instance, sap, skb)
 891 *
 892 *    Receive segment from IrLMP.
 893 *
 894 */
 895static int irttp_data_indication(void *instance, void *sap,
 896                                 struct sk_buff *skb)
 897{
 898        struct tsap_cb *self;
 899        unsigned long flags;
 900        int n;
 901
 902        self = (struct tsap_cb *) instance;
 903
 904        n = skb->data[0] & 0x7f;     /* Extract the credits */
 905
 906        self->stats.rx_packets++;
 907
 908        /*  Deal with inbound credit
 909         *  Since we can transmit and receive frames concurrently,
 910         *  the code below is a critical region and we must assure that
 911         *  nobody messes with the credits while we update them.
 912         */
 913        spin_lock_irqsave(&self->lock, flags);
 914        self->send_credit += n;
 915        if (skb->len > 1)
 916                self->remote_credit--;
 917        spin_unlock_irqrestore(&self->lock, flags);
 918
 919        /*
 920         *  Data or dataless packet? Dataless frames contains only the
 921         *  TTP_HEADER.
 922         */
 923        if (skb->len > 1) {
 924                /*
 925                 *  We don't remove the TTP header, since we must preserve the
 926                 *  more bit, so the defragment routing knows what to do
 927                 */
 928                skb_queue_tail(&self->rx_queue, skb);
 929        } else {
 930                /* Dataless flowdata TTP-PDU */
 931                dev_kfree_skb(skb);
 932        }
 933
 934
 935        /* Push data to the higher layer.
 936         * We do it synchronously because running the todo timer for each
 937         * receive packet would be too much overhead and latency.
 938         * By passing control to the higher layer, we run the risk that
 939         * it may take time or grab a lock. Most often, the higher layer
 940         * will only put packet in a queue.
 941         * Anyway, packets are only dripping through the IrDA, so we can
 942         * have time before the next packet.
 943         * Further, we are run from NET_BH, so the worse that can happen is
 944         * us missing the optimal time to send back the PF bit in LAP.
 945         * Jean II */
 946        irttp_run_rx_queue(self);
 947
 948        /* We now give credits to peer in irttp_run_rx_queue().
 949         * We need to send credit *NOW*, otherwise we are going
 950         * to miss the next Tx window. The todo timer may take
 951         * a while before it's run... - Jean II */
 952
 953        /*
 954         * If the peer device has given us some credits and we didn't have
 955         * anyone from before, then we need to shedule the tx queue.
 956         * We need to do that because our Tx have stopped (so we may not
 957         * get any LAP flow indication) and the user may be stopped as
 958         * well. - Jean II
 959         */
 960        if (self->send_credit == n) {
 961                /* Restart pushing stuff to LAP */
 962                irttp_run_tx_queue(self);
 963                /* Note : we don't want to schedule the todo timer
 964                 * because it has horrible latency. No tasklets
 965                 * because the tasklet API is broken. - Jean II */
 966        }
 967
 968        return 0;
 969}
 970
 971/*
 972 * Function irttp_status_indication (self, reason)
 973 *
 974 *    Status_indication, just pass to the higher layer...
 975 *
 976 */
 977static void irttp_status_indication(void *instance,
 978                                    LINK_STATUS link, LOCK_STATUS lock)
 979{
 980        struct tsap_cb *self;
 981
 982        IRDA_DEBUG(4, "%s()\n", __func__);
 983
 984        self = (struct tsap_cb *) instance;
 985
 986        IRDA_ASSERT(self != NULL, return;);
 987        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
 988
 989        /* Check if client has already closed the TSAP and gone away */
 990        if (self->close_pend)
 991                return;
 992
 993        /*
 994         *  Inform service user if he has requested it
 995         */
 996        if (self->notify.status_indication != NULL)
 997                self->notify.status_indication(self->notify.instance,
 998                                               link, lock);
 999        else
1000                IRDA_DEBUG(2, "%s(), no handler\n", __func__);
1001}
1002
1003/*
1004 * Function irttp_flow_indication (self, reason)
1005 *
1006 *    Flow_indication : IrLAP tells us to send more data.
1007 *
1008 */
1009static void irttp_flow_indication(void *instance, void *sap, LOCAL_FLOW flow)
1010{
1011        struct tsap_cb *self;
1012
1013        self = (struct tsap_cb *) instance;
1014
1015        IRDA_ASSERT(self != NULL, return;);
1016        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
1017
1018        IRDA_DEBUG(4, "%s(instance=%p)\n", __func__, self);
1019
1020        /* We are "polled" directly from LAP, and the LAP want to fill
1021         * its Tx window. We want to do our best to send it data, so that
1022         * we maximise the window. On the other hand, we want to limit the
1023         * amount of work here so that LAP doesn't hang forever waiting
1024         * for packets. - Jean II */
1025
1026        /* Try to send some packets. Currently, LAP calls us every time
1027         * there is one free slot, so we will send only one packet.
1028         * This allow the scheduler to do its round robin - Jean II */
1029        irttp_run_tx_queue(self);
1030
1031        /* Note regarding the interraction with higher layer.
1032         * irttp_run_tx_queue() may call the client when its queue
1033         * start to empty, via notify.flow_indication(). Initially.
1034         * I wanted this to happen in a tasklet, to avoid client
1035         * grabbing the CPU, but we can't use tasklets safely. And timer
1036         * is definitely too slow.
1037         * This will happen only once per LAP window, and usually at
1038         * the third packet (unless window is smaller). LAP is still
1039         * doing mtt and sending first packet so it's sort of OK
1040         * to do that. Jean II */
1041
1042        /* If we need to send disconnect. try to do it now */
1043        if(self->disconnect_pend)
1044                irttp_start_todo_timer(self, 0);
1045}
1046
1047/*
1048 * Function irttp_flow_request (self, command)
1049 *
1050 *    This function could be used by the upper layers to tell IrTTP to stop
1051 *    delivering frames if the receive queues are starting to get full, or
1052 *    to tell IrTTP to start delivering frames again.
1053 */
1054void irttp_flow_request(struct tsap_cb *self, LOCAL_FLOW flow)
1055{
1056        IRDA_DEBUG(1, "%s()\n", __func__);
1057
1058        IRDA_ASSERT(self != NULL, return;);
1059        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
1060
1061        switch (flow) {
1062        case FLOW_STOP:
1063                IRDA_DEBUG(1, "%s(), flow stop\n", __func__);
1064                self->rx_sdu_busy = TRUE;
1065                break;
1066        case FLOW_START:
1067                IRDA_DEBUG(1, "%s(), flow start\n", __func__);
1068                self->rx_sdu_busy = FALSE;
1069
1070                /* Client say he can accept more data, try to free our
1071                 * queues ASAP - Jean II */
1072                irttp_run_rx_queue(self);
1073
1074                break;
1075        default:
1076                IRDA_DEBUG(1, "%s(), Unknown flow command!\n", __func__);
1077        }
1078}
1079EXPORT_SYMBOL(irttp_flow_request);
1080
1081/*
1082 * Function irttp_connect_request (self, dtsap_sel, daddr, qos)
1083 *
1084 *    Try to connect to remote destination TSAP selector
1085 *
1086 */
1087int irttp_connect_request(struct tsap_cb *self, __u8 dtsap_sel,
1088                          __u32 saddr, __u32 daddr,
1089                          struct qos_info *qos, __u32 max_sdu_size,
1090                          struct sk_buff *userdata)
1091{
1092        struct sk_buff *tx_skb;
1093        __u8 *frame;
1094        __u8 n;
1095
1096        IRDA_DEBUG(4, "%s(), max_sdu_size=%d\n", __func__, max_sdu_size);
1097
1098        IRDA_ASSERT(self != NULL, return -EBADR;);
1099        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -EBADR;);
1100
1101        if (self->connected) {
1102                if(userdata)
1103                        dev_kfree_skb(userdata);
1104                return -EISCONN;
1105        }
1106
1107        /* Any userdata supplied? */
1108        if (userdata == NULL) {
1109                tx_skb = alloc_skb(TTP_MAX_HEADER + TTP_SAR_HEADER,
1110                                   GFP_ATOMIC);
1111                if (!tx_skb)
1112                        return -ENOMEM;
1113
1114                /* Reserve space for MUX_CONTROL and LAP header */
1115                skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1116        } else {
1117                tx_skb = userdata;
1118                /*
1119                 *  Check that the client has reserved enough space for
1120                 *  headers
1121                 */
1122                IRDA_ASSERT(skb_headroom(userdata) >= TTP_MAX_HEADER,
1123                        { dev_kfree_skb(userdata); return -1; } );
1124        }
1125
1126        /* Initialize connection parameters */
1127        self->connected = FALSE;
1128        self->avail_credit = 0;
1129        self->rx_max_sdu_size = max_sdu_size;
1130        self->rx_sdu_size = 0;
1131        self->rx_sdu_busy = FALSE;
1132        self->dtsap_sel = dtsap_sel;
1133
1134        n = self->initial_credit;
1135
1136        self->remote_credit = 0;
1137        self->send_credit = 0;
1138
1139        /*
1140         *  Give away max 127 credits for now
1141         */
1142        if (n > 127) {
1143                self->avail_credit=n-127;
1144                n = 127;
1145        }
1146
1147        self->remote_credit = n;
1148
1149        /* SAR enabled? */
1150        if (max_sdu_size > 0) {
1151                IRDA_ASSERT(skb_headroom(tx_skb) >= (TTP_MAX_HEADER + TTP_SAR_HEADER),
1152                        { dev_kfree_skb(tx_skb); return -1; } );
1153
1154                /* Insert SAR parameters */
1155                frame = skb_push(tx_skb, TTP_HEADER+TTP_SAR_HEADER);
1156
1157                frame[0] = TTP_PARAMETERS | n;
1158                frame[1] = 0x04; /* Length */
1159                frame[2] = 0x01; /* MaxSduSize */
1160                frame[3] = 0x02; /* Value length */
1161
1162                put_unaligned(cpu_to_be16((__u16) max_sdu_size),
1163                              (__be16 *)(frame+4));
1164        } else {
1165                /* Insert plain TTP header */
1166                frame = skb_push(tx_skb, TTP_HEADER);
1167
1168                /* Insert initial credit in frame */
1169                frame[0] = n & 0x7f;
1170        }
1171
1172        /* Connect with IrLMP. No QoS parameters for now */
1173        return irlmp_connect_request(self->lsap, dtsap_sel, saddr, daddr, qos,
1174                                     tx_skb);
1175}
1176EXPORT_SYMBOL(irttp_connect_request);
1177
1178/*
1179 * Function irttp_connect_confirm (handle, qos, skb)
1180 *
1181 *    Sevice user confirms TSAP connection with peer.
1182 *
1183 */
1184static void irttp_connect_confirm(void *instance, void *sap,
1185                                  struct qos_info *qos, __u32 max_seg_size,
1186                                  __u8 max_header_size, struct sk_buff *skb)
1187{
1188        struct tsap_cb *self;
1189        int parameters;
1190        int ret;
1191        __u8 plen;
1192        __u8 n;
1193
1194        IRDA_DEBUG(4, "%s()\n", __func__);
1195
1196        self = (struct tsap_cb *) instance;
1197
1198        IRDA_ASSERT(self != NULL, return;);
1199        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
1200        IRDA_ASSERT(skb != NULL, return;);
1201
1202        self->max_seg_size = max_seg_size - TTP_HEADER;
1203        self->max_header_size = max_header_size + TTP_HEADER;
1204
1205        /*
1206         *  Check if we have got some QoS parameters back! This should be the
1207         *  negotiated QoS for the link.
1208         */
1209        if (qos) {
1210                IRDA_DEBUG(4, "IrTTP, Negotiated BAUD_RATE: %02x\n",
1211                       qos->baud_rate.bits);
1212                IRDA_DEBUG(4, "IrTTP, Negotiated BAUD_RATE: %d bps.\n",
1213                       qos->baud_rate.value);
1214        }
1215
1216        n = skb->data[0] & 0x7f;
1217
1218        IRDA_DEBUG(4, "%s(), Initial send_credit=%d\n", __func__, n);
1219
1220        self->send_credit = n;
1221        self->tx_max_sdu_size = 0;
1222        self->connected = TRUE;
1223
1224        parameters = skb->data[0] & 0x80;
1225
1226        IRDA_ASSERT(skb->len >= TTP_HEADER, return;);
1227        skb_pull(skb, TTP_HEADER);
1228
1229        if (parameters) {
1230                plen = skb->data[0];
1231
1232                ret = irda_param_extract_all(self, skb->data+1,
1233                                             IRDA_MIN(skb->len-1, plen),
1234                                             &param_info);
1235
1236                /* Any errors in the parameter list? */
1237                if (ret < 0) {
1238                        IRDA_WARNING("%s: error extracting parameters\n",
1239                                     __func__);
1240                        dev_kfree_skb(skb);
1241
1242                        /* Do not accept this connection attempt */
1243                        return;
1244                }
1245                /* Remove parameters */
1246                skb_pull(skb, IRDA_MIN(skb->len, plen+1));
1247        }
1248
1249        IRDA_DEBUG(4, "%s() send=%d,avail=%d,remote=%d\n", __func__,
1250              self->send_credit, self->avail_credit, self->remote_credit);
1251
1252        IRDA_DEBUG(2, "%s(), MaxSduSize=%d\n", __func__,
1253                   self->tx_max_sdu_size);
1254
1255        if (self->notify.connect_confirm) {
1256                self->notify.connect_confirm(self->notify.instance, self, qos,
1257                                             self->tx_max_sdu_size,
1258                                             self->max_header_size, skb);
1259        } else
1260                dev_kfree_skb(skb);
1261}
1262
1263/*
1264 * Function irttp_connect_indication (handle, skb)
1265 *
1266 *    Some other device is connecting to this TSAP
1267 *
1268 */
1269void irttp_connect_indication(void *instance, void *sap, struct qos_info *qos,
1270                              __u32 max_seg_size, __u8 max_header_size,
1271                              struct sk_buff *skb)
1272{
1273        struct tsap_cb *self;
1274        struct lsap_cb *lsap;
1275        int parameters;
1276        int ret;
1277        __u8 plen;
1278        __u8 n;
1279
1280        self = (struct tsap_cb *) instance;
1281
1282        IRDA_ASSERT(self != NULL, return;);
1283        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
1284        IRDA_ASSERT(skb != NULL, return;);
1285
1286        lsap = (struct lsap_cb *) sap;
1287
1288        self->max_seg_size = max_seg_size - TTP_HEADER;
1289        self->max_header_size = max_header_size+TTP_HEADER;
1290
1291        IRDA_DEBUG(4, "%s(), TSAP sel=%02x\n", __func__, self->stsap_sel);
1292
1293        /* Need to update dtsap_sel if its equal to LSAP_ANY */
1294        self->dtsap_sel = lsap->dlsap_sel;
1295
1296        n = skb->data[0] & 0x7f;
1297
1298        self->send_credit = n;
1299        self->tx_max_sdu_size = 0;
1300
1301        parameters = skb->data[0] & 0x80;
1302
1303        IRDA_ASSERT(skb->len >= TTP_HEADER, return;);
1304        skb_pull(skb, TTP_HEADER);
1305
1306        if (parameters) {
1307                plen = skb->data[0];
1308
1309                ret = irda_param_extract_all(self, skb->data+1,
1310                                             IRDA_MIN(skb->len-1, plen),
1311                                             &param_info);
1312
1313                /* Any errors in the parameter list? */
1314                if (ret < 0) {
1315                        IRDA_WARNING("%s: error extracting parameters\n",
1316                                     __func__);
1317                        dev_kfree_skb(skb);
1318
1319                        /* Do not accept this connection attempt */
1320                        return;
1321                }
1322
1323                /* Remove parameters */
1324                skb_pull(skb, IRDA_MIN(skb->len, plen+1));
1325        }
1326
1327        if (self->notify.connect_indication) {
1328                self->notify.connect_indication(self->notify.instance, self,
1329                                                qos, self->tx_max_sdu_size,
1330                                                self->max_header_size, skb);
1331        } else
1332                dev_kfree_skb(skb);
1333}
1334
1335/*
1336 * Function irttp_connect_response (handle, userdata)
1337 *
1338 *    Service user is accepting the connection, just pass it down to
1339 *    IrLMP!
1340 *
1341 */
1342int irttp_connect_response(struct tsap_cb *self, __u32 max_sdu_size,
1343                           struct sk_buff *userdata)
1344{
1345        struct sk_buff *tx_skb;
1346        __u8 *frame;
1347        int ret;
1348        __u8 n;
1349
1350        IRDA_ASSERT(self != NULL, return -1;);
1351        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
1352
1353        IRDA_DEBUG(4, "%s(), Source TSAP selector=%02x\n", __func__,
1354                   self->stsap_sel);
1355
1356        /* Any userdata supplied? */
1357        if (userdata == NULL) {
1358                tx_skb = alloc_skb(TTP_MAX_HEADER + TTP_SAR_HEADER,
1359                                   GFP_ATOMIC);
1360                if (!tx_skb)
1361                        return -ENOMEM;
1362
1363                /* Reserve space for MUX_CONTROL and LAP header */
1364                skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1365        } else {
1366                tx_skb = userdata;
1367                /*
1368                 *  Check that the client has reserved enough space for
1369                 *  headers
1370                 */
1371                IRDA_ASSERT(skb_headroom(userdata) >= TTP_MAX_HEADER,
1372                        { dev_kfree_skb(userdata); return -1; } );
1373        }
1374
1375        self->avail_credit = 0;
1376        self->remote_credit = 0;
1377        self->rx_max_sdu_size = max_sdu_size;
1378        self->rx_sdu_size = 0;
1379        self->rx_sdu_busy = FALSE;
1380
1381        n = self->initial_credit;
1382
1383        /* Frame has only space for max 127 credits (7 bits) */
1384        if (n > 127) {
1385                self->avail_credit = n - 127;
1386                n = 127;
1387        }
1388
1389        self->remote_credit = n;
1390        self->connected = TRUE;
1391
1392        /* SAR enabled? */
1393        if (max_sdu_size > 0) {
1394                IRDA_ASSERT(skb_headroom(tx_skb) >= (TTP_MAX_HEADER + TTP_SAR_HEADER),
1395                        { dev_kfree_skb(tx_skb); return -1; } );
1396
1397                /* Insert TTP header with SAR parameters */
1398                frame = skb_push(tx_skb, TTP_HEADER+TTP_SAR_HEADER);
1399
1400                frame[0] = TTP_PARAMETERS | n;
1401                frame[1] = 0x04; /* Length */
1402
1403                /* irda_param_insert(self, IRTTP_MAX_SDU_SIZE, frame+1,  */
1404/*                                  TTP_SAR_HEADER, &param_info) */
1405
1406                frame[2] = 0x01; /* MaxSduSize */
1407                frame[3] = 0x02; /* Value length */
1408
1409                put_unaligned(cpu_to_be16((__u16) max_sdu_size),
1410                              (__be16 *)(frame+4));
1411        } else {
1412                /* Insert TTP header */
1413                frame = skb_push(tx_skb, TTP_HEADER);
1414
1415                frame[0] = n & 0x7f;
1416        }
1417
1418        ret = irlmp_connect_response(self->lsap, tx_skb);
1419
1420        return ret;
1421}
1422EXPORT_SYMBOL(irttp_connect_response);
1423
1424/*
1425 * Function irttp_dup (self, instance)
1426 *
1427 *    Duplicate TSAP, can be used by servers to confirm a connection on a
1428 *    new TSAP so it can keep listening on the old one.
1429 */
1430struct tsap_cb *irttp_dup(struct tsap_cb *orig, void *instance)
1431{
1432        struct tsap_cb *new;
1433        unsigned long flags;
1434
1435        IRDA_DEBUG(1, "%s()\n", __func__);
1436
1437        /* Protect our access to the old tsap instance */
1438        spin_lock_irqsave(&irttp->tsaps->hb_spinlock, flags);
1439
1440        /* Find the old instance */
1441        if (!hashbin_find(irttp->tsaps, (long) orig, NULL)) {
1442                IRDA_DEBUG(0, "%s(), unable to find TSAP\n", __func__);
1443                spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags);
1444                return NULL;
1445        }
1446
1447        /* Allocate a new instance */
1448        new = kmalloc(sizeof(struct tsap_cb), GFP_ATOMIC);
1449        if (!new) {
1450                IRDA_DEBUG(0, "%s(), unable to kmalloc\n", __func__);
1451                spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags);
1452                return NULL;
1453        }
1454        /* Dup */
1455        memcpy(new, orig, sizeof(struct tsap_cb));
1456
1457        /* We don't need the old instance any more */
1458        spin_unlock_irqrestore(&irttp->tsaps->hb_spinlock, flags);
1459
1460        /* Try to dup the LSAP (may fail if we were too slow) */
1461        new->lsap = irlmp_dup(orig->lsap, new);
1462        if (!new->lsap) {
1463                IRDA_DEBUG(0, "%s(), dup failed!\n", __func__);
1464                kfree(new);
1465                return NULL;
1466        }
1467
1468        /* Not everything should be copied */
1469        new->notify.instance = instance;
1470
1471        /* Initialize internal objects */
1472        irttp_init_tsap(new);
1473
1474        /* This is locked */
1475        hashbin_insert(irttp->tsaps, (irda_queue_t *) new, (long) new, NULL);
1476
1477        return new;
1478}
1479EXPORT_SYMBOL(irttp_dup);
1480
1481/*
1482 * Function irttp_disconnect_request (self)
1483 *
1484 *    Close this connection please! If priority is high, the queued data
1485 *    segments, if any, will be deallocated first
1486 *
1487 */
1488int irttp_disconnect_request(struct tsap_cb *self, struct sk_buff *userdata,
1489                             int priority)
1490{
1491        int ret;
1492
1493        IRDA_ASSERT(self != NULL, return -1;);
1494        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return -1;);
1495
1496        /* Already disconnected? */
1497        if (!self->connected) {
1498                IRDA_DEBUG(4, "%s(), already disconnected!\n", __func__);
1499                if (userdata)
1500                        dev_kfree_skb(userdata);
1501                return -1;
1502        }
1503
1504        /* Disconnect already pending ?
1505         * We need to use an atomic operation to prevent reentry. This
1506         * function may be called from various context, like user, timer
1507         * for following a disconnect_indication() (i.e. net_bh).
1508         * Jean II */
1509        if(test_and_set_bit(0, &self->disconnect_pend)) {
1510                IRDA_DEBUG(0, "%s(), disconnect already pending\n",
1511                           __func__);
1512                if (userdata)
1513                        dev_kfree_skb(userdata);
1514
1515                /* Try to make some progress */
1516                irttp_run_tx_queue(self);
1517                return -1;
1518        }
1519
1520        /*
1521         *  Check if there is still data segments in the transmit queue
1522         */
1523        if (!skb_queue_empty(&self->tx_queue)) {
1524                if (priority == P_HIGH) {
1525                        /*
1526                         *  No need to send the queued data, if we are
1527                         *  disconnecting right now since the data will
1528                         *  not have any usable connection to be sent on
1529                         */
1530                        IRDA_DEBUG(1, "%s(): High priority!!()\n", __func__);
1531                        irttp_flush_queues(self);
1532                } else if (priority == P_NORMAL) {
1533                        /*
1534                         *  Must delay disconnect until after all data segments
1535                         *  have been sent and the tx_queue is empty
1536                         */
1537                        /* We'll reuse this one later for the disconnect */
1538                        self->disconnect_skb = userdata;  /* May be NULL */
1539
1540                        irttp_run_tx_queue(self);
1541
1542                        irttp_start_todo_timer(self, HZ/10);
1543                        return -1;
1544                }
1545        }
1546        /* Note : we don't need to check if self->rx_queue is full and the
1547         * state of self->rx_sdu_busy because the disconnect response will
1548         * be sent at the LMP level (so even if the peer has its Tx queue
1549         * full of data). - Jean II */
1550
1551        IRDA_DEBUG(1, "%s(), Disconnecting ...\n", __func__);
1552        self->connected = FALSE;
1553
1554        if (!userdata) {
1555                struct sk_buff *tx_skb;
1556                tx_skb = alloc_skb(LMP_MAX_HEADER, GFP_ATOMIC);
1557                if (!tx_skb)
1558                        return -ENOMEM;
1559
1560                /*
1561                 *  Reserve space for MUX and LAP header
1562                 */
1563                skb_reserve(tx_skb, LMP_MAX_HEADER);
1564
1565                userdata = tx_skb;
1566        }
1567        ret = irlmp_disconnect_request(self->lsap, userdata);
1568
1569        /* The disconnect is no longer pending */
1570        clear_bit(0, &self->disconnect_pend);        /* FALSE */
1571
1572        return ret;
1573}
1574EXPORT_SYMBOL(irttp_disconnect_request);
1575
1576/*
1577 * Function irttp_disconnect_indication (self, reason)
1578 *
1579 *    Disconnect indication, TSAP disconnected by peer?
1580 *
1581 */
1582void irttp_disconnect_indication(void *instance, void *sap, LM_REASON reason,
1583                                 struct sk_buff *skb)
1584{
1585        struct tsap_cb *self;
1586
1587        IRDA_DEBUG(4, "%s()\n", __func__);
1588
1589        self = (struct tsap_cb *) instance;
1590
1591        IRDA_ASSERT(self != NULL, return;);
1592        IRDA_ASSERT(self->magic == TTP_TSAP_MAGIC, return;);
1593
1594        /* Prevent higher layer to send more data */
1595        self->connected = FALSE;
1596
1597        /* Check if client has already tried to close the TSAP */
1598        if (self->close_pend) {
1599                /* In this case, the higher layer is probably gone. Don't
1600                 * bother it and clean up the remains - Jean II */
1601                if (skb)
1602                        dev_kfree_skb(skb);
1603                irttp_close_tsap(self);
1604                return;
1605        }
1606
1607        /* If we are here, we assume that is the higher layer is still
1608         * waiting for the disconnect notification and able to process it,
1609         * even if he tried to disconnect. Otherwise, it would have already
1610         * attempted to close the tsap and self->close_pend would be TRUE.
1611         * Jean II */
1612
1613        /* No need to notify the client if has already tried to disconnect */
1614        if(self->notify.disconnect_indication)
1615                self->notify.disconnect_indication(self->notify.instance, self,
1616                                                   reason, skb);
1617        else
1618                if (skb)
1619                        dev_kfree_skb(skb);
1620}
1621
1622/*
1623 * Function irttp_do_data_indication (self, skb)
1624 *
1625 *    Try to deliver reassembled skb to layer above, and requeue it if that
1626 *    for some reason should fail. We mark rx sdu as busy to apply back
1627 *    pressure is necessary.
1628 */
1629static void irttp_do_data_indication(struct tsap_cb *self, struct sk_buff *skb)
1630{
1631        int err;
1632
1633        /* Check if client has already closed the TSAP and gone away */
1634        if (self->close_pend) {
1635                dev_kfree_skb(skb);
1636                return;
1637        }
1638
1639        err = self->notify.data_indication(self->notify.instance, self, skb);
1640
1641        /* Usually the layer above will notify that it's input queue is
1642         * starting to get filled by using the flow request, but this may
1643         * be difficult, so it can instead just refuse to eat it and just
1644         * give an error back
1645         */
1646        if (err) {
1647                IRDA_DEBUG(0, "%s() requeueing skb!\n", __func__);
1648
1649                /* Make sure we take a break */
1650                self->rx_sdu_busy = TRUE;
1651
1652                /* Need to push the header in again */
1653                skb_push(skb, TTP_HEADER);
1654                skb->data[0] = 0x00; /* Make sure MORE bit is cleared */
1655
1656                /* Put skb back on queue */
1657                skb_queue_head(&self->rx_queue, skb);
1658        }
1659}
1660
1661/*
1662 * Function irttp_run_rx_queue (self)
1663 *
1664 *     Check if we have any frames to be transmitted, or if we have any
1665 *     available credit to give away.
1666 */
1667void irttp_run_rx_queue(struct tsap_cb *self)
1668{
1669        struct sk_buff *skb;
1670        int more = 0;
1671
1672        IRDA_DEBUG(2, "%s() send=%d,avail=%d,remote=%d\n", __func__,
1673                   self->send_credit, self->avail_credit, self->remote_credit);
1674
1675        /* Get exclusive access to the rx queue, otherwise don't touch it */
1676        if (irda_lock(&self->rx_queue_lock) == FALSE)
1677                return;
1678
1679        /*
1680         *  Reassemble all frames in receive queue and deliver them
1681         */
1682        while (!self->rx_sdu_busy && (skb = skb_dequeue(&self->rx_queue))) {
1683                /* This bit will tell us if it's the last fragment or not */
1684                more = skb->data[0] & 0x80;
1685
1686                /* Remove TTP header */
1687                skb_pull(skb, TTP_HEADER);
1688
1689                /* Add the length of the remaining data */
1690                self->rx_sdu_size += skb->len;
1691
1692                /*
1693                 * If SAR is disabled, or user has requested no reassembly
1694                 * of received fragments then we just deliver them
1695                 * immediately. This can be requested by clients that
1696                 * implements byte streams without any message boundaries
1697                 */
1698                if (self->rx_max_sdu_size == TTP_SAR_DISABLE) {
1699                        irttp_do_data_indication(self, skb);
1700                        self->rx_sdu_size = 0;
1701
1702                        continue;
1703                }
1704
1705                /* Check if this is a fragment, and not the last fragment */
1706                if (more) {
1707                        /*
1708                         *  Queue the fragment if we still are within the
1709                         *  limits of the maximum size of the rx_sdu
1710                         */
1711                        if (self->rx_sdu_size <= self->rx_max_sdu_size) {
1712                                IRDA_DEBUG(4, "%s(), queueing frag\n",
1713                                           __func__);
1714                                skb_queue_tail(&self->rx_fragments, skb);
1715                        } else {
1716                                /* Free the part of the SDU that is too big */
1717                                dev_kfree_skb(skb);
1718                        }
1719                        continue;
1720                }
1721                /*
1722                 *  This is the last fragment, so time to reassemble!
1723                 */
1724                if ((self->rx_sdu_size <= self->rx_max_sdu_size) ||
1725                    (self->rx_max_sdu_size == TTP_SAR_UNBOUND))
1726                {
1727                        /*
1728                         * A little optimizing. Only queue the fragment if
1729                         * there are other fragments. Since if this is the
1730                         * last and only fragment, there is no need to
1731                         * reassemble :-)
1732                         */
1733                        if (!skb_queue_empty(&self->rx_fragments)) {
1734                                skb_queue_tail(&self->rx_fragments,
1735                                               skb);
1736
1737                                skb = irttp_reassemble_skb(self);
1738                        }
1739
1740                        /* Now we can deliver the reassembled skb */
1741                        irttp_do_data_indication(self, skb);
1742                } else {
1743                        IRDA_DEBUG(1, "%s(), Truncated frame\n", __func__);
1744
1745                        /* Free the part of the SDU that is too big */
1746                        dev_kfree_skb(skb);
1747
1748                        /* Deliver only the valid but truncated part of SDU */
1749                        skb = irttp_reassemble_skb(self);
1750
1751                        irttp_do_data_indication(self, skb);
1752                }
1753                self->rx_sdu_size = 0;
1754        }
1755
1756        /*
1757         * It's not trivial to keep track of how many credits are available
1758         * by incrementing at each packet, because delivery may fail
1759         * (irttp_do_data_indication() may requeue the frame) and because
1760         * we need to take care of fragmentation.
1761         * We want the other side to send up to initial_credit packets.
1762         * We have some frames in our queues, and we have already allowed it
1763         * to send remote_credit.
1764         * No need to spinlock, write is atomic and self correcting...
1765         * Jean II
1766         */
1767        self->avail_credit = (self->initial_credit -
1768                              (self->remote_credit +
1769                               skb_queue_len(&self->rx_queue) +
1770                               skb_queue_len(&self->rx_fragments)));
1771
1772        /* Do we have too much credits to send to peer ? */
1773        if ((self->remote_credit <= TTP_RX_MIN_CREDIT) &&
1774            (self->avail_credit > 0)) {
1775                /* Send explicit credit frame */
1776                irttp_give_credit(self);
1777                /* Note : do *NOT* check if tx_queue is non-empty, that
1778                 * will produce deadlocks. I repeat : send a credit frame
1779                 * even if we have something to send in our Tx queue.
1780                 * If we have credits, it means that our Tx queue is blocked.
1781                 *
1782                 * Let's suppose the peer can't keep up with our Tx. He will
1783                 * flow control us by not sending us any credits, and we
1784                 * will stop Tx and start accumulating credits here.
1785                 * Up to the point where the peer will stop its Tx queue,
1786                 * for lack of credits.
1787                 * Let's assume the peer application is single threaded.
1788                 * It will block on Tx and never consume any Rx buffer.
1789                 * Deadlock. Guaranteed. - Jean II
1790                 */
1791        }
1792
1793        /* Reset lock */
1794        self->rx_queue_lock = 0;
1795}
1796
1797#ifdef CONFIG_PROC_FS
1798struct irttp_iter_state {
1799        int id;
1800};
1801
1802static void *irttp_seq_start(struct seq_file *seq, loff_t *pos)
1803{
1804        struct irttp_iter_state *iter = seq->private;
1805        struct tsap_cb *self;
1806
1807        /* Protect our access to the tsap list */
1808        spin_lock_irq(&irttp->tsaps->hb_spinlock);
1809        iter->id = 0;
1810
1811        for (self = (struct tsap_cb *) hashbin_get_first(irttp->tsaps);
1812             self != NULL;
1813             self = (struct tsap_cb *) hashbin_get_next(irttp->tsaps)) {
1814                if (iter->id == *pos)
1815                        break;
1816                ++iter->id;
1817        }
1818
1819        return self;
1820}
1821
1822static void *irttp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1823{
1824        struct irttp_iter_state *iter = seq->private;
1825
1826        ++*pos;
1827        ++iter->id;
1828        return (void *) hashbin_get_next(irttp->tsaps);
1829}
1830
1831static void irttp_seq_stop(struct seq_file *seq, void *v)
1832{
1833        spin_unlock_irq(&irttp->tsaps->hb_spinlock);
1834}
1835
1836static int irttp_seq_show(struct seq_file *seq, void *v)
1837{
1838        const struct irttp_iter_state *iter = seq->private;
1839        const struct tsap_cb *self = v;
1840
1841        seq_printf(seq, "TSAP %d, ", iter->id);
1842        seq_printf(seq, "stsap_sel: %02x, ",
1843                   self->stsap_sel);
1844        seq_printf(seq, "dtsap_sel: %02x\n",
1845                   self->dtsap_sel);
1846        seq_printf(seq, "  connected: %s, ",
1847                   self->connected? "TRUE":"FALSE");
1848        seq_printf(seq, "avail credit: %d, ",
1849                   self->avail_credit);
1850        seq_printf(seq, "remote credit: %d, ",
1851                   self->remote_credit);
1852        seq_printf(seq, "send credit: %d\n",
1853                   self->send_credit);
1854        seq_printf(seq, "  tx packets: %ld, ",
1855                   self->stats.tx_packets);
1856        seq_printf(seq, "rx packets: %ld, ",
1857                   self->stats.rx_packets);
1858        seq_printf(seq, "tx_queue len: %d ",
1859                   skb_queue_len(&self->tx_queue));
1860        seq_printf(seq, "rx_queue len: %d\n",
1861                   skb_queue_len(&self->rx_queue));
1862        seq_printf(seq, "  tx_sdu_busy: %s, ",
1863                   self->tx_sdu_busy? "TRUE":"FALSE");
1864        seq_printf(seq, "rx_sdu_busy: %s\n",
1865                   self->rx_sdu_busy? "TRUE":"FALSE");
1866        seq_printf(seq, "  max_seg_size: %d, ",
1867                   self->max_seg_size);
1868        seq_printf(seq, "tx_max_sdu_size: %d, ",
1869                   self->tx_max_sdu_size);
1870        seq_printf(seq, "rx_max_sdu_size: %d\n",
1871                   self->rx_max_sdu_size);
1872
1873        seq_printf(seq, "  Used by (%s)\n\n",
1874                   self->notify.name);
1875        return 0;
1876}
1877
1878static const struct seq_operations irttp_seq_ops = {
1879        .start  = irttp_seq_start,
1880        .next   = irttp_seq_next,
1881        .stop   = irttp_seq_stop,
1882        .show   = irttp_seq_show,
1883};
1884
1885static int irttp_seq_open(struct inode *inode, struct file *file)
1886{
1887        return seq_open_private(file, &irttp_seq_ops,
1888                        sizeof(struct irttp_iter_state));
1889}
1890
1891const struct file_operations irttp_seq_fops = {
1892        .owner                = THIS_MODULE,
1893        .open           = irttp_seq_open,
1894        .read           = seq_read,
1895        .llseek         = seq_lseek,
1896        .release        = seq_release_private,
1897};
1898
1899#endif /* PROC_FS */