1 // SPDX-License-Identifier: GPL-2.0
2 /* ELM327 based CAN interface driver (tty line discipline)
4 * This driver started as a derivative of linux/drivers/net/can/slcan.c
5 * and my thanks go to the original authors for their inspiration, even
6 * after almost none of their code is left.
9 #define pr_fmt(fmt) "[elmcan] " fmt
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/moduleparam.h>
15 #include <linux/atomic.h>
16 #include <linux/bitops.h>
17 #include <linux/ctype.h>
18 #include <linux/delay.h>
19 #include <linux/errno.h>
20 #include <linux/if_ether.h>
21 #include <linux/kernel.h>
22 #include <linux/list.h>
23 #include <linux/netdevice.h>
24 #include <linux/skbuff.h>
25 #include <linux/spinlock.h>
26 #include <linux/string.h>
27 #include <linux/tty.h>
28 #include <linux/tty_ldisc.h>
29 #include <linux/version.h>
30 #include <linux/workqueue.h>
32 #include <uapi/linux/tty.h>
34 #include <linux/can.h>
35 #include <linux/can/dev.h>
36 #include <linux/can/error.h>
37 #include <linux/can/led.h>
38 #include <linux/can/rx-offload.h>
40 MODULE_ALIAS_LDISC(N_DEVELOPMENT);
41 MODULE_DESCRIPTION("ELM327 based CAN interface");
42 MODULE_LICENSE("GPL");
43 MODULE_AUTHOR("Max Staudt <max-linux@enpas.org>");
45 /* Line discipline ID number.
46 * N_DEVELOPMENT will likely be defined from Linux 5.18 onwards:
47 * https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-next&id=c2faf737abfb10f88f2d2612d573e9edc3c42c37
50 #define N_DEVELOPMENT 29
53 #define ELM327_NAPI_WEIGHT 4
55 #define ELM327_SIZE_RXBUF 256
56 #define ELM327_SIZE_TXBUF 32
58 #define ELM327_CAN_CONFIG_SEND_SFF 0x8000
59 #define ELM327_CAN_CONFIG_VARIABLE_DLC 0x4000
60 #define ELM327_CAN_CONFIG_RECV_BOTH_SFF_EFF 0x2000
61 #define ELM327_CAN_CONFIG_BAUDRATE_MULT_8_7 0x1000
63 #define ELM327_DUMMY_CHAR 'y'
64 #define ELM327_DUMMY_STRING "y"
65 #define ELM327_READY_CHAR '>'
67 /* Bits in elm->cmds_todo */
68 enum ELM327_TX_DO_BITS {
69 ELM327_TX_DO_CAN_DATA = 0,
70 ELM327_TX_DO_CANID_11BIT,
71 ELM327_TX_DO_CANID_29BIT_LOW,
72 ELM327_TX_DO_CANID_29BIT_HIGH,
73 ELM327_TX_DO_CAN_CONFIG_PART2,
74 ELM327_TX_DO_CAN_CONFIG,
75 ELM327_TX_DO_RESPONSES,
76 ELM327_TX_DO_SILENT_MONITOR,
81 /* This must be the first member when using alloc_candev() */
84 struct can_rx_offload offload;
86 /* TTY and netdev devices that we're bridging */
87 struct tty_struct *tty;
88 struct net_device *dev;
90 /* Per-channel lock */
93 /* Keep track of how many things are using this struct.
94 * Once it reaches 0, we are in the process of cleaning up,
95 * and new operations will be cancelled immediately.
96 * Use atomic_t rather than refcount_t because we deliberately
97 * decrement to 0, and refcount_dec() spills a WARN_ONCE in
102 /* Stop the channel on hardware failure.
103 * Once this is true, nothing will be sent to the TTY.
108 struct work_struct tx_work; /* Flushes TTY TX buffer */
109 unsigned char *txbuf;
110 unsigned char *txhead; /* Pointer to next TX byte */
111 int txleft; /* Bytes left to TX */
114 unsigned char rxbuf[ELM327_SIZE_RXBUF];
127 /* The CAN frame and config the ELM327 is sending/using,
128 * or will send/use after finishing all cmds_todo
130 struct can_frame can_frame_to_send;
131 unsigned short can_config;
132 unsigned long can_bitrate;
133 unsigned char can_bitrate_divisor;
134 int silent_monitoring;
136 /* Things we have yet to send */
137 char **next_init_cmd;
138 unsigned long cmds_todo;
141 /* A lock for all tty->disc_data handled by this ldisc.
142 * This is to prevent a case where tty->disc_data is set to NULL,
143 * yet someone is still trying to dereference it.
144 * Without this, we cannot do a clean shutdown.
146 static DEFINE_SPINLOCK(elmcan_discdata_lock);
148 static inline void elm327_hw_failure(struct elmcan *elm);
150 /* Assumes elm->lock taken. */
151 static void elm327_send(struct elmcan *elm, const void *buf, size_t len)
158 memcpy(elm->txbuf, buf, len);
160 /* Order of next two lines is *very* important.
161 * When we are sending a little amount of data,
162 * the transfer may be completed inside the ops->write()
163 * routine, because it's running with interrupts enabled.
164 * In this case we *never* got WRITE_WAKEUP event,
165 * if we did not request it before write operation.
166 * 14 Oct 1994 Dmitry Gorodchanin.
168 set_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
169 actual = elm->tty->ops->write(elm->tty, elm->txbuf, len);
172 "Failed to write to tty %s.\n",
174 elm327_hw_failure(elm);
178 elm->txleft = len - actual;
179 elm->txhead = elm->txbuf + actual;
182 /* Take the ELM327 out of almost any state and back into command mode.
183 * We send ELM327_DUMMY_CHAR which will either abort any running
184 * operation, or be echoed back to us in case we're already in command
187 * Assumes elm->lock taken.
189 static void elm327_kick_into_cmd_mode(struct elmcan *elm)
191 if (elm->state != ELM_GETDUMMYCHAR && elm->state != ELM_GETPROMPT) {
192 elm327_send(elm, ELM327_DUMMY_STRING, 1);
194 elm->state = ELM_GETDUMMYCHAR;
198 /* Schedule a CAN frame and necessary config changes to be sent to the TTY.
200 * Assumes elm->lock taken.
202 static void elm327_send_frame(struct elmcan *elm, struct can_frame *frame)
204 /* Schedule any necessary changes in ELM327's CAN configuration */
205 if (elm->can_frame_to_send.can_id != frame->can_id) {
206 /* Set the new CAN ID for transmission. */
207 if ((frame->can_id & CAN_EFF_FLAG)
208 ^ (elm->can_frame_to_send.can_id & CAN_EFF_FLAG)) {
209 elm->can_config = (frame->can_id & CAN_EFF_FLAG
211 : ELM327_CAN_CONFIG_SEND_SFF)
212 | ELM327_CAN_CONFIG_VARIABLE_DLC
213 | ELM327_CAN_CONFIG_RECV_BOTH_SFF_EFF
214 | elm->can_bitrate_divisor;
216 set_bit(ELM327_TX_DO_CAN_CONFIG, &elm->cmds_todo);
219 if (frame->can_id & CAN_EFF_FLAG) {
220 clear_bit(ELM327_TX_DO_CANID_11BIT, &elm->cmds_todo);
221 set_bit(ELM327_TX_DO_CANID_29BIT_LOW, &elm->cmds_todo);
222 set_bit(ELM327_TX_DO_CANID_29BIT_HIGH, &elm->cmds_todo);
224 set_bit(ELM327_TX_DO_CANID_11BIT, &elm->cmds_todo);
225 clear_bit(ELM327_TX_DO_CANID_29BIT_LOW, &elm->cmds_todo);
226 clear_bit(ELM327_TX_DO_CANID_29BIT_HIGH, &elm->cmds_todo);
230 /* Schedule the CAN frame itself. */
231 elm->can_frame_to_send = *frame;
232 set_bit(ELM327_TX_DO_CAN_DATA, &elm->cmds_todo);
234 elm327_kick_into_cmd_mode(elm);
237 /* ELM327 initialization sequence.
239 * Assumes elm->lock taken.
241 static char *elm327_init_script[] = {
242 "AT WS\r", /* v1.0: Warm Start */
243 "AT PP FF OFF\r", /* v1.0: All Programmable Parameters Off */
244 "AT M0\r", /* v1.0: Memory Off */
245 "AT AL\r", /* v1.0: Allow Long messages */
246 "AT BI\r", /* v1.0: Bypass Initialization */
247 "AT CAF0\r", /* v1.0: CAN Auto Formatting Off */
248 "AT CFC0\r", /* v1.0: CAN Flow Control Off */
249 "AT CF 000\r", /* v1.0: Reset CAN ID Filter */
250 "AT CM 000\r", /* v1.0: Reset CAN ID Mask */
251 "AT E1\r", /* v1.0: Echo On */
252 "AT H1\r", /* v1.0: Headers On */
253 "AT L0\r", /* v1.0: Linefeeds Off */
254 "AT SH 7DF\r", /* v1.0: Set CAN sending ID to 0x7df */
255 "AT ST FF\r", /* v1.0: Set maximum Timeout for response after TX */
256 "AT AT0\r", /* v1.2: Adaptive Timing Off */
257 "AT D1\r", /* v1.3: Print DLC On */
258 "AT S1\r", /* v1.3: Spaces On */
259 "AT TP B\r", /* v1.0: Try Protocol B */
263 static void elm327_init(struct elmcan *elm)
265 elm->state = ELM_NOTINIT;
266 elm->can_frame_to_send.can_id = 0x7df; /* ELM327 HW default */
268 elm->drop_next_line = 0;
270 /* We can only set the bitrate as a fraction of 500000.
271 * The bit timing constants in elmcan_bittiming_const will
272 * limit the user to the right values.
274 elm->can_bitrate_divisor = 500000 / elm->can.bittiming.bitrate;
275 elm->can_config = ELM327_CAN_CONFIG_SEND_SFF
276 | ELM327_CAN_CONFIG_VARIABLE_DLC
277 | ELM327_CAN_CONFIG_RECV_BOTH_SFF_EFF
278 | elm->can_bitrate_divisor;
280 /* Configure ELM327 and then start monitoring */
281 elm->next_init_cmd = &elm327_init_script[0];
282 set_bit(ELM327_TX_DO_INIT, &elm->cmds_todo);
283 set_bit(ELM327_TX_DO_SILENT_MONITOR, &elm->cmds_todo);
284 set_bit(ELM327_TX_DO_RESPONSES, &elm->cmds_todo);
285 set_bit(ELM327_TX_DO_CAN_CONFIG, &elm->cmds_todo);
287 elm327_kick_into_cmd_mode(elm);
290 /* Assumes elm->lock taken. */
291 static void elm327_feed_frame_to_netdev(struct elmcan *elm,
294 if (!netif_running(elm->dev))
297 /* Queue for NAPI pickup.
298 * rx-offload will update stats and LEDs for us.
300 if (can_rx_offload_queue_tail(&elm->offload, skb))
301 elm->dev->stats.rx_fifo_errors++;
303 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,0)
305 can_rx_offload_irq_finish(&elm->offload);
309 /* Called when we're out of ideas and just want it all to end.
310 * Assumes elm->lock taken.
312 static inline void elm327_hw_failure(struct elmcan *elm)
314 struct can_frame *frame;
317 skb = alloc_can_err_skb(elm->dev, &frame);
321 frame->data[5] = 'R';
322 frame->data[6] = 'I';
323 frame->data[7] = 'P';
325 elm327_feed_frame_to_netdev(elm, skb);
327 netdev_err(elm->dev, "ELM327 misbehaved. Blocking further communication.\n");
329 elm->hw_failure = true;
330 can_bus_off(elm->dev);
333 /* Compare a buffer to a fixed string */
334 static inline int _memstrcmp(const u8 *mem, const char *str)
336 return memcmp(mem, str, strlen(str));
339 /* Compare buffer to string length, then compare buffer to fixed string.
340 * This ensures two things:
341 * - It flags cases where the fixed string is only the start of the
342 * buffer, rather than exactly all of it.
343 * - It avoids byte comparisons in case the length doesn't match.
345 static inline int _len_memstrcmp(const u8 *mem, size_t mem_len, const char *str)
347 size_t str_len = strlen(str);
349 return (mem_len != str_len) || memcmp(mem, str, str_len);
352 /* Assumes elm->lock taken. */
353 static void elm327_parse_error(struct elmcan *elm, size_t len)
355 struct can_frame *frame;
358 skb = alloc_can_err_skb(elm->dev, &frame);
360 /* It's okay to return here:
361 * The outer parsing loop will drop this UART buffer.
365 /* Filter possible error messages based on length of RX'd line */
366 if (!_len_memstrcmp(elm->rxbuf, len, "UNABLE TO CONNECT")) {
368 "ELM327 reported UNABLE TO CONNECT. Please check your setup.\n");
369 } else if (!_len_memstrcmp(elm->rxbuf, len, "BUFFER FULL")) {
370 /* This will only happen if the last data line was complete.
371 * Otherwise, elm327_parse_frame() will heuristically
372 * emit this kind of error frame instead.
374 frame->can_id |= CAN_ERR_CRTL;
375 frame->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
376 } else if (!_len_memstrcmp(elm->rxbuf, len, "BUS ERROR")) {
377 frame->can_id |= CAN_ERR_BUSERROR;
378 } else if (!_len_memstrcmp(elm->rxbuf, len, "CAN ERROR")) {
379 frame->can_id |= CAN_ERR_PROT;
380 } else if (!_len_memstrcmp(elm->rxbuf, len, "<RX ERROR")) {
381 frame->can_id |= CAN_ERR_PROT;
382 } else if (!_len_memstrcmp(elm->rxbuf, len, "BUS BUSY")) {
383 frame->can_id |= CAN_ERR_PROT;
384 frame->data[2] = CAN_ERR_PROT_OVERLOAD;
385 } else if (!_len_memstrcmp(elm->rxbuf, len, "FB ERROR")) {
386 frame->can_id |= CAN_ERR_PROT;
387 frame->data[2] = CAN_ERR_PROT_TX;
388 } else if (len == 5 && !_memstrcmp(elm->rxbuf, "ERR")) {
389 /* ERR is followed by two digits, hence line length 5 */
390 netdev_err(elm->dev, "ELM327 reported an ERR%c%c. Please power it off and on again.\n",
391 elm->rxbuf[3], elm->rxbuf[4]);
392 frame->can_id |= CAN_ERR_CRTL;
394 /* Something else has happened.
395 * Maybe garbage on the UART line.
396 * Emit a generic error frame.
400 elm327_feed_frame_to_netdev(elm, skb);
403 /* Parse CAN frames coming as ASCII from ELM327.
404 * They can be of various formats:
406 * 29-bit ID (EFF): 12 34 56 78 D PL PL PL PL PL PL PL PL
407 * 11-bit ID (!EFF): 123 D PL PL PL PL PL PL PL PL
409 * where D = DLC, PL = payload byte
411 * Instead of a payload, RTR indicates a remote request.
413 * We will use the spaces and line length to guess the format.
415 * Assumes elm->lock taken.
417 static int elm327_parse_frame(struct elmcan *elm, size_t len)
419 struct can_frame *frame;
425 skb = alloc_can_skb(elm->dev, &frame);
429 /* Find first non-hex and non-space character:
430 * - In the simplest case, there is none.
431 * - For RTR frames, 'R' is the first non-hex character.
432 * - An error message may replace the end of the data line.
434 for (hexlen = 0; hexlen <= len; hexlen++) {
435 if (hex_to_bin(elm->rxbuf[hexlen]) < 0 &&
436 elm->rxbuf[hexlen] != ' ') {
441 /* Sanity check whether the line is really a clean hexdump,
442 * or terminated by an error message, or contains garbage.
445 !isdigit(elm->rxbuf[hexlen]) &&
446 !isupper(elm->rxbuf[hexlen]) &&
447 '<' != elm->rxbuf[hexlen] &&
448 ' ' != elm->rxbuf[hexlen]) {
449 /* The line is likely garbled anyway, so bail.
450 * The main code will restart listening.
455 /* Use spaces in CAN ID to distinguish 29 or 11 bit address length.
456 * No out-of-bounds access:
457 * We use the fact that we can always read from elm->rxbuf.
459 if (elm->rxbuf[2] == ' ' && elm->rxbuf[5] == ' ' &&
460 elm->rxbuf[8] == ' ' && elm->rxbuf[11] == ' ' &&
461 elm->rxbuf[13] == ' ') {
462 frame->can_id = CAN_EFF_FLAG;
464 } else if (elm->rxbuf[3] == ' ' && elm->rxbuf[5] == ' ') {
468 /* This is not a well-formatted data line.
469 * Assume it's an error message.
474 if (hexlen < datastart) {
475 /* The line is too short to be a valid frame hex dump.
476 * Something interrupted the hex dump or it is invalid.
481 /* From here on all chars up to buf[hexlen] are hex or spaces,
482 * at well-defined offsets.
485 /* Read CAN data length */
486 frame->can_dlc = (hex_to_bin(elm->rxbuf[datastart - 2]) << 0);
489 if (frame->can_id & CAN_EFF_FLAG) {
490 frame->can_id |= (hex_to_bin(elm->rxbuf[0]) << 28)
491 | (hex_to_bin(elm->rxbuf[1]) << 24)
492 | (hex_to_bin(elm->rxbuf[3]) << 20)
493 | (hex_to_bin(elm->rxbuf[4]) << 16)
494 | (hex_to_bin(elm->rxbuf[6]) << 12)
495 | (hex_to_bin(elm->rxbuf[7]) << 8)
496 | (hex_to_bin(elm->rxbuf[9]) << 4)
497 | (hex_to_bin(elm->rxbuf[10]) << 0);
499 frame->can_id |= (hex_to_bin(elm->rxbuf[0]) << 8)
500 | (hex_to_bin(elm->rxbuf[1]) << 4)
501 | (hex_to_bin(elm->rxbuf[2]) << 0);
504 /* Check for RTR frame */
505 if (elm->rxfill >= hexlen + 3 &&
506 !_memstrcmp(&elm->rxbuf[hexlen], "RTR")) {
507 frame->can_id |= CAN_RTR_FLAG;
510 /* Is the line long enough to hold the advertised payload?
511 * Note: RTR frames have a DLC, but no actual payload.
513 if (!(frame->can_id & CAN_RTR_FLAG) &&
514 (hexlen < frame->can_dlc * 3 + datastart)) {
516 * Probably the ELM327's RS232 TX buffer was full.
517 * Emit an error frame and exit.
519 frame->can_id = CAN_ERR_FLAG | CAN_ERR_CRTL;
520 frame->can_dlc = CAN_ERR_DLC;
521 frame->data[1] = CAN_ERR_CRTL_RX_OVERFLOW;
522 elm327_feed_frame_to_netdev(elm, skb);
524 /* Signal failure to parse.
525 * The line will be re-parsed as an error line, which will fail.
526 * However, this will correctly drop the state machine back into
532 /* Parse the data nibbles. */
533 for (i = 0; i < frame->can_dlc; i++) {
534 frame->data[i] = (hex_to_bin(elm->rxbuf[datastart + 3*i]) << 4)
535 | (hex_to_bin(elm->rxbuf[datastart + 3*i + 1]));
538 /* Feed the frame to the network layer. */
539 elm327_feed_frame_to_netdev(elm, skb);
544 /* Assumes elm->lock taken. */
545 static void elm327_parse_line(struct elmcan *elm, size_t len)
547 /* Skip empty lines */
551 /* Skip echo lines */
552 if (elm->drop_next_line) {
553 elm->drop_next_line = 0;
555 } else if (!_memstrcmp(elm->rxbuf, "AT")) {
559 /* Regular parsing */
560 switch (elm->state) {
562 if (elm327_parse_frame(elm, len)) {
563 /* Parse an error line. */
564 elm327_parse_error(elm, len);
567 elm327_kick_into_cmd_mode(elm);
575 /* Assumes elm->lock taken. */
576 static void elm327_handle_prompt(struct elmcan *elm)
578 struct can_frame *frame = &elm->can_frame_to_send;
579 char local_txbuf[20];
581 if (!elm->cmds_todo) {
582 /* Enter CAN monitor mode */
583 elm327_send(elm, "ATMA\r", 5);
584 elm->state = ELM_RECEIVING;
589 /* Reconfigure ELM327 step by step as indicated by elm->cmds_todo */
590 if (test_bit(ELM327_TX_DO_INIT, &elm->cmds_todo)) {
591 strcpy(local_txbuf, *elm->next_init_cmd);
593 elm->next_init_cmd++;
594 if (!(*elm->next_init_cmd)) {
595 clear_bit(ELM327_TX_DO_INIT, &elm->cmds_todo);
599 } else if (test_and_clear_bit(ELM327_TX_DO_SILENT_MONITOR, &elm->cmds_todo)) {
600 sprintf(local_txbuf, "ATCSM%i\r",
601 !(!(elm->can.ctrlmode & CAN_CTRLMODE_LISTENONLY)));
603 } else if (test_and_clear_bit(ELM327_TX_DO_RESPONSES, &elm->cmds_todo)) {
604 sprintf(local_txbuf, "ATR%i\r",
605 !(elm->can.ctrlmode & CAN_CTRLMODE_LISTENONLY));
607 } else if (test_and_clear_bit(ELM327_TX_DO_CAN_CONFIG, &elm->cmds_todo)) {
608 sprintf(local_txbuf, "ATPC\r");
609 set_bit(ELM327_TX_DO_CAN_CONFIG_PART2, &elm->cmds_todo);
611 } else if (test_and_clear_bit(ELM327_TX_DO_CAN_CONFIG_PART2, &elm->cmds_todo)) {
612 sprintf(local_txbuf, "ATPB%04X\r",
615 } else if (test_and_clear_bit(ELM327_TX_DO_CANID_29BIT_HIGH, &elm->cmds_todo)) {
616 sprintf(local_txbuf, "ATCP%02X\r",
617 (frame->can_id & CAN_EFF_MASK) >> 24);
619 } else if (test_and_clear_bit(ELM327_TX_DO_CANID_29BIT_LOW, &elm->cmds_todo)) {
620 sprintf(local_txbuf, "ATSH%06X\r",
621 frame->can_id & CAN_EFF_MASK & ((1 << 24) - 1));
623 } else if (test_and_clear_bit(ELM327_TX_DO_CANID_11BIT, &elm->cmds_todo)) {
624 sprintf(local_txbuf, "ATSH%03X\r",
625 frame->can_id & CAN_SFF_MASK);
627 } else if (test_and_clear_bit(ELM327_TX_DO_CAN_DATA, &elm->cmds_todo)) {
628 if (frame->can_id & CAN_RTR_FLAG) {
629 /* Send an RTR frame. Their DLC is fixed.
630 * Some chips don't send them at all.
632 sprintf(local_txbuf, "ATRTR\r");
634 /* Send a regular CAN data frame */
637 for (i = 0; i < frame->can_dlc; i++) {
638 sprintf(&local_txbuf[2 * i], "%02X",
642 sprintf(&local_txbuf[2 * i], "\r");
645 elm->drop_next_line = 1;
646 elm->state = ELM_RECEIVING;
649 elm327_send(elm, local_txbuf, strlen(local_txbuf));
652 static bool elm327_is_ready_char(char c)
654 /* Bits 0xc0 are sometimes set (randomly), hence the mask.
655 * Probably bad hardware.
657 return (c & 0x3f) == ELM327_READY_CHAR;
660 /* Assumes elm->lock taken. */
661 static void elm327_drop_bytes(struct elmcan *elm, size_t i)
663 memmove(&elm->rxbuf[0], &elm->rxbuf[i], ELM327_SIZE_RXBUF - i);
667 /* Assumes elm->lock taken. */
668 static void elm327_parse_rxbuf(struct elmcan *elm)
672 switch (elm->state) {
677 case ELM_GETDUMMYCHAR:
679 /* Wait for 'y' or '>' */
682 for (i = 0; i < elm->rxfill; i++) {
683 if (elm->rxbuf[i] == ELM327_DUMMY_CHAR) {
684 elm327_send(elm, "\r", 1);
685 elm->state = ELM_GETPROMPT;
688 } else if (elm327_is_ready_char(elm->rxbuf[i])) {
689 elm327_send(elm, ELM327_DUMMY_STRING, 1);
695 elm327_drop_bytes(elm, i);
702 if (elm327_is_ready_char(elm->rxbuf[elm->rxfill - 1]))
703 elm327_handle_prompt(elm);
709 /* Find <CR> delimiting feedback lines. */
711 (len < elm->rxfill) && (elm->rxbuf[len] != '\r');
716 if (len == ELM327_SIZE_RXBUF) {
717 /* Line exceeds buffer. It's probably all garbage.
718 * Did we even connect at the right baud rate?
721 "RX buffer overflow. Faulty ELM327 or UART?\n");
722 elm327_hw_failure(elm);
724 } else if (len == elm->rxfill) {
725 if (elm327_is_ready_char(elm->rxbuf[elm->rxfill - 1])) {
726 /* The ELM327's AT ST response timeout ran out,
727 * so we got a prompt.
728 * Clear RX buffer and restart listening.
732 elm327_handle_prompt(elm);
736 /* No <CR> found - we haven't received a full line yet.
737 * Wait for more data.
742 /* We have a full line to parse. */
743 elm327_parse_line(elm, len);
745 /* Remove parsed data from RX buffer. */
746 elm327_drop_bytes(elm, len + 1);
748 /* More data to parse? */
750 elm327_parse_rxbuf(elm);
754 /* Dummy needed to use can_rx_offload */
755 static struct sk_buff *elmcan_mailbox_read(struct can_rx_offload *offload,
756 unsigned int n, u32 *timestamp,
759 WARN_ON_ONCE(1); /* This function is a dummy, so don't call it! */
761 return ERR_PTR(-ENOBUFS);
764 static int elmcan_netdev_open(struct net_device *dev)
766 struct elmcan *elm = netdev_priv(dev);
769 spin_lock_bh(&elm->lock);
770 if (elm->hw_failure) {
771 netdev_err(elm->dev, "Refusing to open interface after a hardware fault has been detected.\n");
772 spin_unlock_bh(&elm->lock);
777 spin_unlock_bh(&elm->lock);
781 /* open_candev() checks for elm->can.bittiming.bitrate != 0 */
782 err = open_candev(dev);
784 spin_unlock_bh(&elm->lock);
789 spin_unlock_bh(&elm->lock);
791 elm->offload.mailbox_read = elmcan_mailbox_read;
792 err = can_rx_offload_add_fifo(dev, &elm->offload, ELM327_NAPI_WEIGHT);
798 can_rx_offload_enable(&elm->offload);
800 can_led_event(dev, CAN_LED_EVENT_OPEN);
801 elm->can.state = CAN_STATE_ERROR_ACTIVE;
802 netif_start_queue(dev);
807 static int elmcan_netdev_close(struct net_device *dev)
809 struct elmcan *elm = netdev_priv(dev);
811 netif_stop_queue(dev);
813 spin_lock_bh(&elm->lock);
815 /* Interrupt whatever we're doing right now */
816 elm327_send(elm, ELM327_DUMMY_STRING, 1);
818 /* Clear the wakeup bit, as the netdev will be down and thus
819 * the wakeup handler won't clear it
821 clear_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
823 spin_unlock_bh(&elm->lock);
825 flush_work(&elm->tx_work);
827 spin_unlock_bh(&elm->lock);
830 can_rx_offload_disable(&elm->offload);
831 elm->can.state = CAN_STATE_STOPPED;
832 can_rx_offload_del(&elm->offload);
834 can_led_event(dev, CAN_LED_EVENT_STOP);
839 /* Send a can_frame to a TTY. */
840 static netdev_tx_t elmcan_netdev_start_xmit(struct sk_buff *skb,
841 struct net_device *dev)
843 struct elmcan *elm = netdev_priv(dev);
844 struct can_frame *frame = (struct can_frame *)skb->data;
846 if (!netif_running(dev)) {
847 netdev_warn(elm->dev, "xmit: iface is down.\n");
851 /* BHs are already disabled, so no spin_lock_bh().
852 * See Documentation/networking/netdevices.txt
854 spin_lock(&elm->lock);
856 /* We shouldn't get here after a hardware fault:
857 * can_bus_off() calls netif_carrier_off()
859 WARN_ON_ONCE(elm->hw_failure);
863 elm->can.ctrlmode & CAN_CTRLMODE_LISTENONLY) {
864 spin_unlock(&elm->lock);
868 netif_stop_queue(dev);
870 elm327_send_frame(elm, frame);
871 spin_unlock(&elm->lock);
873 dev->stats.tx_packets++;
874 dev->stats.tx_bytes += frame->can_dlc;
876 can_led_event(dev, CAN_LED_EVENT_TX);
883 static const struct net_device_ops elmcan_netdev_ops = {
884 .ndo_open = elmcan_netdev_open,
885 .ndo_stop = elmcan_netdev_close,
886 .ndo_start_xmit = elmcan_netdev_start_xmit,
887 .ndo_change_mtu = can_change_mtu,
890 /* Get a reference to our struct, taking into account locks/refcounts.
891 * This is to ensure ordering in case we are shutting down, and to ensure
892 * there is a refcount at all (otherwise tty->disc_data may be freed and
893 * before we increment the refcount).
894 * Use this for anything that can race against elmcan_ldisc_close().
896 static struct elmcan *get_elm(struct tty_struct *tty)
901 spin_lock_bh(&elmcan_discdata_lock);
902 elm = (struct elmcan *)tty->disc_data;
905 spin_unlock_bh(&elmcan_discdata_lock);
909 got_ref = atomic_inc_not_zero(&elm->refcount);
910 spin_unlock_bh(&elmcan_discdata_lock);
918 static void put_elm(struct elmcan *elm)
920 atomic_dec(&elm->refcount);
923 static bool elmcan_is_valid_rx_char(char c)
925 return (isdigit(c) ||
927 c == ELM327_DUMMY_CHAR ||
928 c == ELM327_READY_CHAR ||
939 /* Handle incoming ELM327 ASCII data.
940 * This will not be re-entered while running, but other ldisc
941 * functions may be called in parallel.
943 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,14,0)
944 static void elmcan_ldisc_rx(struct tty_struct *tty,
945 const unsigned char *cp, char *fp, int count)
947 static void elmcan_ldisc_rx(struct tty_struct *tty,
948 const unsigned char *cp, const char *fp, int count)
951 struct elmcan *elm = get_elm(tty);
956 spin_lock_bh(&elm->lock);
961 while (count-- && elm->rxfill < ELM327_SIZE_RXBUF) {
963 netdev_err(elm->dev, "Error in received character stream. Check your wiring.");
965 elm327_hw_failure(elm);
970 /* Ignore NUL characters, which the PIC microcontroller may
971 * inadvertently insert due to a known hardware bug.
972 * See ELM327 documentation, which refers to a Microchip PIC
976 /* Check for stray characters on the UART line.
977 * Likely caused by bad hardware.
979 if (!elmcan_is_valid_rx_char(*cp)) {
981 "Received illegal character %02x.\n",
983 elm327_hw_failure(elm);
988 elm->rxbuf[elm->rxfill++] = *cp;
995 netdev_err(elm->dev, "Receive buffer overflowed. Bad chip or wiring?");
997 elm327_hw_failure(elm);
1002 elm327_parse_rxbuf(elm);
1005 spin_unlock_bh(&elm->lock);
1009 /* Write out remaining transmit buffer.
1010 * Scheduled when TTY is writable.
1012 static void elmcan_ldisc_tx_worker(struct work_struct *work)
1014 /* No need to use get_elm() here, as we'll always flush workers
1015 * before destroying the elmcan object.
1017 struct elmcan *elm = container_of(work, struct elmcan, tx_work);
1020 spin_lock_bh(&elm->lock);
1021 if (elm->hw_failure) {
1022 spin_unlock_bh(&elm->lock);
1026 if (!elm->tty || !netif_running(elm->dev)) {
1027 spin_unlock_bh(&elm->lock);
1031 if (elm->txleft <= 0) {
1032 /* Our TTY write buffer is empty:
1033 * Allow netdev to hand us another packet
1035 clear_bit(TTY_DO_WRITE_WAKEUP, &elm->tty->flags);
1036 spin_unlock_bh(&elm->lock);
1037 netif_wake_queue(elm->dev);
1041 actual = elm->tty->ops->write(elm->tty, elm->txhead, elm->txleft);
1043 netdev_err(elm->dev,
1044 "Failed to write to tty %s.\n",
1046 elm327_hw_failure(elm);
1047 spin_unlock_bh(&elm->lock);
1051 elm->txleft -= actual;
1052 elm->txhead += actual;
1053 spin_unlock_bh(&elm->lock);
1056 /* Called by the driver when there's room for more data. */
1057 static void elmcan_ldisc_tx_wakeup(struct tty_struct *tty)
1059 struct elmcan *elm = get_elm(tty);
1064 schedule_work(&elm->tx_work);
1069 /* ELM327 can only handle bitrates that are integer divisors of 500 kHz,
1070 * or 7/8 of that. Divisors are 1 to 64.
1071 * Currently we don't implement support for 7/8 rates.
1073 static const u32 elmcan_bitrate_const[64] = {
1074 7812, 7936, 8064, 8196, 8333, 8474, 8620, 8771,
1075 8928, 9090, 9259, 9433, 9615, 9803, 10000, 10204,
1076 10416, 10638, 10869, 11111, 11363, 11627, 11904, 12195,
1077 12500, 12820, 13157, 13513, 13888, 14285, 14705, 15151,
1078 15625, 16129, 16666, 17241, 17857, 18518, 19230, 20000,
1079 20833, 21739, 22727, 23809, 25000, 26315, 27777, 29411,
1080 31250, 33333, 35714, 38461, 41666, 45454, 50000, 55555,
1081 62500, 71428, 83333, 100000, 125000, 166666, 250000, 500000
1084 /* Dummy needed to use bitrate_const */
1085 static int elmcan_do_set_bittiming(struct net_device *netdev)
1090 static int elmcan_ldisc_open(struct tty_struct *tty)
1092 struct net_device *dev;
1096 if (!capable(CAP_NET_ADMIN))
1099 if (!tty->ops->write)
1102 dev = alloc_candev(sizeof(struct elmcan), 0);
1105 elm = netdev_priv(dev);
1107 elm->txbuf = kmalloc(ELM327_SIZE_TXBUF, GFP_KERNEL);
1113 /* Configure TTY interface */
1114 tty->receive_room = 65536; /* We don't flow control */
1115 elm->txleft = 0; /* Clear TTY TX buffer */
1116 spin_lock_init(&elm->lock);
1117 atomic_set(&elm->refcount, 1);
1118 INIT_WORK(&elm->tx_work, elmcan_ldisc_tx_worker);
1120 /* Configure CAN metadata */
1121 elm->can.state = CAN_STATE_STOPPED;
1122 elm->can.bitrate_const = elmcan_bitrate_const;
1123 elm->can.bitrate_const_cnt = ARRAY_SIZE(elmcan_bitrate_const);
1124 elm->can.do_set_bittiming = elmcan_do_set_bittiming;
1125 elm->can.ctrlmode_supported = CAN_CTRLMODE_LISTENONLY;
1127 /* Configure netdev interface */
1129 dev->netdev_ops = &elmcan_netdev_ops;
1131 /* Mark ldisc channel as alive */
1133 tty->disc_data = elm;
1135 devm_can_led_init(elm->dev);
1138 err = register_candev(elm->dev);
1142 netdev_info(elm->dev, "elmcan on %s.\n", tty->name);
1148 free_candev(elm->dev);
1152 /* Close down an elmcan channel.
1153 * This means flushing out any pending queues, and then returning.
1154 * This call is serialized against other ldisc functions:
1155 * Once this is called, no other ldisc function of ours is entered.
1157 * We also use this function for a hangup event.
1159 static void elmcan_ldisc_close(struct tty_struct *tty)
1161 struct elmcan *elm = get_elm(tty);
1166 /* unregister_netdev() calls .ndo_stop() so we don't have to. */
1167 unregister_candev(elm->dev);
1169 /* Decrease the refcount twice, once for our own get_elm(),
1170 * and once to remove the count of 1 that we set in _open().
1171 * Once it reaches 0, we can safely destroy it.
1176 while (atomic_read(&elm->refcount) > 0)
1177 msleep_interruptible(10);
1179 /* At this point, all ldisc calls to us have become no-ops. */
1181 flush_work(&elm->tx_work);
1183 /* Mark channel as dead */
1184 spin_lock_bh(&elm->lock);
1185 tty->disc_data = NULL;
1187 spin_unlock_bh(&elm->lock);
1189 netdev_info(elm->dev, "elmcan off %s.\n", tty->name);
1192 free_candev(elm->dev);
1195 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,16,0)
1196 static int elmcan_ldisc_hangup(struct tty_struct *tty)
1198 static void elmcan_ldisc_hangup(struct tty_struct *tty)
1201 elmcan_ldisc_close(tty);
1202 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,16,0)
1207 static int elmcan_ldisc_ioctl(struct tty_struct *tty,
1208 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,17,0)
1211 unsigned int cmd, unsigned long arg)
1213 struct elmcan *elm = get_elm(tty);
1221 tmp = strnlen(elm->dev->name, IFNAMSIZ - 1) + 1;
1222 if (copy_to_user((void __user *)arg, elm->dev->name, tmp)) {
1236 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,16,0)
1237 return tty_mode_ioctl(tty, file, cmd, arg);
1239 return tty_mode_ioctl(tty, cmd, arg);
1244 static struct tty_ldisc_ops elmcan_ldisc = {
1245 .owner = THIS_MODULE,
1247 .num = N_DEVELOPMENT,
1248 .receive_buf = elmcan_ldisc_rx,
1249 .write_wakeup = elmcan_ldisc_tx_wakeup,
1250 .open = elmcan_ldisc_open,
1251 .close = elmcan_ldisc_close,
1252 .hangup = elmcan_ldisc_hangup,
1253 .ioctl = elmcan_ldisc_ioctl,
1256 static int __init elmcan_init(void)
1260 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,14,0)
1261 status = tty_register_ldisc(N_DEVELOPMENT, &elmcan_ldisc);
1263 status = tty_register_ldisc(&elmcan_ldisc);
1266 pr_err("Can't register line discipline\n");
1271 static void __exit elmcan_exit(void)
1273 /* This will only be called when all channels have been closed by
1274 * userspace - tty_ldisc.c takes care of the module's refcount.
1276 #if LINUX_VERSION_CODE < KERNEL_VERSION(5,14,0)
1279 status = tty_unregister_ldisc(N_DEVELOPMENT);
1281 pr_err("Can't unregister line discipline (error: %d)\n",
1284 tty_unregister_ldisc(&elmcan_ldisc);
1288 module_init(elmcan_init);
1289 module_exit(elmcan_exit);
projects / elmcan.git / blob