search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
phonet: some signedness bugs
[linux-2.6.git] / net / phonet / af_phonet.c
blob1072b2c19d31d1ac87b4a546c6333fc35c756891
1 /*
2 * File: af_phonet.c
3 *
4 * Phonet protocols family
5 *
6 * Copyright (C) 2008 Nokia Corporation.
7 *
8 * Contact: Remi Denis-Courmont <remi.denis-courmont@nokia.com>
9 * Original author: Sakari Ailus <sakari.ailus@nokia.com>
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * version 2 as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
23 * 02110-1301 USA
24 */
25
26 #include <linux/kernel.h>
27 #include <linux/module.h>
28 #include <linux/slab.h>
29 #include <asm/unaligned.h>
30 #include <net/sock.h>
31
32 #include <linux/if_phonet.h>
33 #include <linux/phonet.h>
34 #include <net/phonet/phonet.h>
35 #include <net/phonet/pn_dev.h>
36
37 /* Transport protocol registration */
38 static struct phonet_protocol *proto_tab[PHONET_NPROTO] __read_mostly;
39
40 static struct phonet_protocol *phonet_proto_get(unsigned int protocol)
41 {
42 struct phonet_protocol *pp;
43
44 if (protocol >= PHONET_NPROTO)
45 return NULL;
46
47 rcu_read_lock();
48 pp = rcu_dereference(proto_tab[protocol]);
49 if (pp && !try_module_get(pp->prot->owner))
50 pp = NULL;
51 rcu_read_unlock();
52
53 return pp;
54 }
55
56 static inline void phonet_proto_put(struct phonet_protocol *pp)
57 {
58 module_put(pp->prot->owner);
59 }
60
61 /* protocol family functions */
62
63 static int pn_socket_create(struct net *net, struct socket *sock, int protocol,
64 int kern)
65 {
66 struct sock *sk;
67 struct pn_sock *pn;
68 struct phonet_protocol *pnp;
69 int err;
70
71 if (!capable(CAP_SYS_ADMIN))
72 return -EPERM;
73
74 if (protocol == 0) {
75 /* Default protocol selection */
76 switch (sock->type) {
77 case SOCK_DGRAM:
78 protocol = PN_PROTO_PHONET;
79 break;
80 case SOCK_SEQPACKET:
81 protocol = PN_PROTO_PIPE;
82 break;
83 default:
84 return -EPROTONOSUPPORT;
85 }
86 }
87
88 pnp = phonet_proto_get(protocol);
89 if (pnp == NULL &&
90 request_module("net-pf-%d-proto-%d", PF_PHONET, protocol) == 0)
91 pnp = phonet_proto_get(protocol);
92
93 if (pnp == NULL)
94 return -EPROTONOSUPPORT;
95 if (sock->type != pnp->sock_type) {
96 err = -EPROTONOSUPPORT;
97 goto out;
98 }
99
100 sk = sk_alloc(net, PF_PHONET, GFP_KERNEL, pnp->prot);
101 if (sk == NULL) {
102 err = -ENOMEM;
103 goto out;
104 }
105
106 sock_init_data(sock, sk);
107 sock->state = SS_UNCONNECTED;
108 sock->ops = pnp->ops;
109 sk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
110 sk->sk_protocol = protocol;
111 pn = pn_sk(sk);
112 pn->sobject = 0;
113 pn->resource = 0;
114 sk->sk_prot->init(sk);
115 err = 0;
116
117 out:
118 phonet_proto_put(pnp);
119 return err;
120 }
121
122 static const struct net_proto_family phonet_proto_family = {
123 .family = PF_PHONET,
124 .create = pn_socket_create,
125 .owner = THIS_MODULE,
126 };
127
128 /* Phonet device header operations */
129 static int pn_header_create(struct sk_buff *skb, struct net_device *dev,
130 unsigned short type, const void *daddr,
131 const void *saddr, unsigned len)
132 {
133 u8 *media = skb_push(skb, 1);
134
135 if (type != ETH_P_PHONET)
136 return -1;
137
138 if (!saddr)
139 saddr = dev->dev_addr;
140 *media = *(const u8 *)saddr;
141 return 1;
142 }
143
144 static int pn_header_parse(const struct sk_buff *skb, unsigned char *haddr)
145 {
146 const u8 *media = skb_mac_header(skb);
147 *haddr = *media;
148 return 1;
149 }
150
151 struct header_ops phonet_header_ops = {
152 .create = pn_header_create,
153 .parse = pn_header_parse,
154 };
155 EXPORT_SYMBOL(phonet_header_ops);
156
157 /*
158 * Prepends an ISI header and sends a datagram.
159 */
160 static int pn_send(struct sk_buff *skb, struct net_device *dev,
161 u16 dst, u16 src, u8 res, u8 irq)
162 {
163 struct phonethdr *ph;
164 int err;
165
166 if (skb->len + 2 > 0xffff /* Phonet length field limit */ ||
167 skb->len + sizeof(struct phonethdr) > dev->mtu) {
168 err = -EMSGSIZE;
169 goto drop;
170 }
171
172 /* Broadcast sending is not implemented */
173 if (pn_addr(dst) == PNADDR_BROADCAST) {
174 err = -EOPNOTSUPP;
175 goto drop;
176 }
177
178 skb_reset_transport_header(skb);
179 WARN_ON(skb_headroom(skb) & 1); /* HW assumes word alignment */
180 skb_push(skb, sizeof(struct phonethdr));
181 skb_reset_network_header(skb);
182 ph = pn_hdr(skb);
183 ph->pn_rdev = pn_dev(dst);
184 ph->pn_sdev = pn_dev(src);
185 ph->pn_res = res;
186 ph->pn_length = __cpu_to_be16(skb->len + 2 - sizeof(*ph));
187 ph->pn_robj = pn_obj(dst);
188 ph->pn_sobj = pn_obj(src);
189
190 skb->protocol = htons(ETH_P_PHONET);
191 skb->priority = 0;
192 skb->dev = dev;
193
194 if (skb->pkt_type == PACKET_LOOPBACK) {
195 skb_reset_mac_header(skb);
196 skb_orphan(skb);
197 if (irq)
198 netif_rx(skb);
199 else
200 netif_rx_ni(skb);
201 err = 0;
202 } else {
203 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
204 NULL, NULL, skb->len);
205 if (err < 0) {
206 err = -EHOSTUNREACH;
207 goto drop;
208 }
209 err = dev_queue_xmit(skb);
210 }
211
212 return err;
213 drop:
214 kfree_skb(skb);
215 return err;
216 }
217
218 static int pn_raw_send(const void *data, int len, struct net_device *dev,
219 u16 dst, u16 src, u8 res)
220 {
221 struct sk_buff *skb = alloc_skb(MAX_PHONET_HEADER + len, GFP_ATOMIC);
222 if (skb == NULL)
223 return -ENOMEM;
224
225 if (phonet_address_lookup(dev_net(dev), pn_addr(dst)) == 0)
226 skb->pkt_type = PACKET_LOOPBACK;
227
228 skb_reserve(skb, MAX_PHONET_HEADER);
229 __skb_put(skb, len);
230 skb_copy_to_linear_data(skb, data, len);
231 return pn_send(skb, dev, dst, src, res, 1);
232 }
233
234 /*
235 * Create a Phonet header for the skb and send it out. Returns
236 * non-zero error code if failed. The skb is freed then.
237 */
238 int pn_skb_send(struct sock *sk, struct sk_buff *skb,
239 const struct sockaddr_pn *target)
240 {
241 struct net *net = sock_net(sk);
242 struct net_device *dev;
243 struct pn_sock *pn = pn_sk(sk);
244 int err;
245 u16 src;
246 u8 daddr = pn_sockaddr_get_addr(target), saddr = PN_NO_ADDR;
247
248 err = -EHOSTUNREACH;
249 if (sk->sk_bound_dev_if)
250 dev = dev_get_by_index(net, sk->sk_bound_dev_if);
251 else if (phonet_address_lookup(net, daddr) == 0) {
252 dev = phonet_device_get(net);
253 skb->pkt_type = PACKET_LOOPBACK;
254 } else if (pn_sockaddr_get_object(target) == 0) {
255 /* Resource routing (small race until phonet_rcv()) */
256 struct sock *sk = pn_find_sock_by_res(net,
257 target->spn_resource);
258 if (sk) {
259 sock_put(sk);
260 dev = phonet_device_get(net);
261 skb->pkt_type = PACKET_LOOPBACK;
262 } else
263 dev = phonet_route_output(net, daddr);
264 } else
265 dev = phonet_route_output(net, daddr);
266
267 if (!dev || !(dev->flags & IFF_UP))
268 goto drop;
269
270 saddr = phonet_address_get(dev, daddr);
271 if (saddr == PN_NO_ADDR)
272 goto drop;
273
274 src = pn->sobject;
275 if (!pn_addr(src))
276 src = pn_object(saddr, pn_obj(src));
277
278 err = pn_send(skb, dev, pn_sockaddr_get_object(target),
279 src, pn_sockaddr_get_resource(target), 0);
280 dev_put(dev);
281 return err;
282
283 drop:
284 kfree_skb(skb);
285 if (dev)
286 dev_put(dev);
287 return err;
288 }
289 EXPORT_SYMBOL(pn_skb_send);
290
291 /* Do not send an error message in response to an error message */
292 static inline int can_respond(struct sk_buff *skb)
293 {
294 const struct phonethdr *ph;
295 const struct phonetmsg *pm;
296 u8 submsg_id;
297
298 if (!pskb_may_pull(skb, 3))
299 return 0;
300
301 ph = pn_hdr(skb);
302 if (ph->pn_res == PN_PREFIX && !pskb_may_pull(skb, 5))
303 return 0;
304 if (ph->pn_res == PN_COMMGR) /* indications */
305 return 0;
306
307 ph = pn_hdr(skb); /* re-acquires the pointer */
308 pm = pn_msg(skb);
309 if (pm->pn_msg_id != PN_COMMON_MESSAGE)
310 return 1;
311 submsg_id = (ph->pn_res == PN_PREFIX)
312 ? pm->pn_e_submsg_id : pm->pn_submsg_id;
313 if (submsg_id != PN_COMM_ISA_ENTITY_NOT_REACHABLE_RESP &&
314 pm->pn_e_submsg_id != PN_COMM_SERVICE_NOT_IDENTIFIED_RESP)
315 return 1;
316 return 0;
317 }
318
319 static int send_obj_unreachable(struct sk_buff *rskb)
320 {
321 const struct phonethdr *oph = pn_hdr(rskb);
322 const struct phonetmsg *opm = pn_msg(rskb);
323 struct phonetmsg resp;
324
325 memset(&resp, 0, sizeof(resp));
326 resp.pn_trans_id = opm->pn_trans_id;
327 resp.pn_msg_id = PN_COMMON_MESSAGE;
328 if (oph->pn_res == PN_PREFIX) {
329 resp.pn_e_res_id = opm->pn_e_res_id;
330 resp.pn_e_submsg_id = PN_COMM_ISA_ENTITY_NOT_REACHABLE_RESP;
331 resp.pn_e_orig_msg_id = opm->pn_msg_id;
332 resp.pn_e_status = 0;
333 } else {
334 resp.pn_submsg_id = PN_COMM_ISA_ENTITY_NOT_REACHABLE_RESP;
335 resp.pn_orig_msg_id = opm->pn_msg_id;
336 resp.pn_status = 0;
337 }
338 return pn_raw_send(&resp, sizeof(resp), rskb->dev,
339 pn_object(oph->pn_sdev, oph->pn_sobj),
340 pn_object(oph->pn_rdev, oph->pn_robj),
341 oph->pn_res);
342 }
343
344 static int send_reset_indications(struct sk_buff *rskb)
345 {
346 struct phonethdr *oph = pn_hdr(rskb);
347 static const u8 data[4] = {
348 0x00 /* trans ID */, 0x10 /* subscribe msg */,
349 0x00 /* subscription count */, 0x00 /* dummy */
350 };
351
352 return pn_raw_send(data, sizeof(data), rskb->dev,
353 pn_object(oph->pn_sdev, 0x00),
354 pn_object(oph->pn_rdev, oph->pn_robj),
355 PN_COMMGR);
356 }
357
358
359 /* packet type functions */
360
361 /*
362 * Stuff received packets to associated sockets.
363 * On error, returns non-zero and releases the skb.
364 */
365 static int phonet_rcv(struct sk_buff *skb, struct net_device *dev,
366 struct packet_type *pkttype,
367 struct net_device *orig_dev)
368 {
369 struct net *net = dev_net(dev);
370 struct phonethdr *ph;
371 struct sockaddr_pn sa;
372 u16 len;
373
374 /* check we have at least a full Phonet header */
375 if (!pskb_pull(skb, sizeof(struct phonethdr)))
376 goto out;
377
378 /* check that the advertised length is correct */
379 ph = pn_hdr(skb);
380 len = get_unaligned_be16(&ph->pn_length);
381 if (len < 2)
382 goto out;
383 len -= 2;
384 if ((len > skb->len) || pskb_trim(skb, len))
385 goto out;
386 skb_reset_transport_header(skb);
387
388 pn_skb_get_dst_sockaddr(skb, &sa);
389
390 /* check if this is broadcasted */
391 if (pn_sockaddr_get_addr(&sa) == PNADDR_BROADCAST) {
392 pn_deliver_sock_broadcast(net, skb);
393 goto out;
394 }
395
396 /* resource routing */
397 if (pn_sockaddr_get_object(&sa) == 0) {
398 struct sock *sk = pn_find_sock_by_res(net, sa.spn_resource);
399 if (sk)
400 return sk_receive_skb(sk, skb, 0);
401 }
402
403 /* check if we are the destination */
404 if (phonet_address_lookup(net, pn_sockaddr_get_addr(&sa)) == 0) {
405 /* Phonet packet input */
406 struct sock *sk = pn_find_sock_by_sa(net, &sa);
407
408 if (sk)
409 return sk_receive_skb(sk, skb, 0);
410
411 if (can_respond(skb)) {
412 send_obj_unreachable(skb);
413 send_reset_indications(skb);
414 }
415 } else if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
416 goto out; /* Race between address deletion and loopback */
417 else {
418 /* Phonet packet routing */
419 struct net_device *out_dev;
420
421 out_dev = phonet_route_output(net, pn_sockaddr_get_addr(&sa));
422 if (!out_dev) {
423 LIMIT_NETDEBUG(KERN_WARNING"No Phonet route to %02X\n",
424 pn_sockaddr_get_addr(&sa));
425 goto out;
426 }
427
428 __skb_push(skb, sizeof(struct phonethdr));
429 skb->dev = out_dev;
430 if (out_dev == dev) {
431 LIMIT_NETDEBUG(KERN_ERR"Phonet loop to %02X on %s\n",
432 pn_sockaddr_get_addr(&sa), dev->name);
433 goto out_dev;
434 }
435 /* Some drivers (e.g. TUN) do not allocate HW header space */
436 if (skb_cow_head(skb, out_dev->hard_header_len))
437 goto out_dev;
438
439 if (dev_hard_header(skb, out_dev, ETH_P_PHONET, NULL, NULL,
440 skb->len) < 0)
441 goto out_dev;
442 dev_queue_xmit(skb);
443 dev_put(out_dev);
444 return NET_RX_SUCCESS;
445 out_dev:
446 dev_put(out_dev);
447 }
448
449 out:
450 kfree_skb(skb);
451 return NET_RX_DROP;
452 }
453
454 static struct packet_type phonet_packet_type __read_mostly = {
455 .type = cpu_to_be16(ETH_P_PHONET),
456 .func = phonet_rcv,
457 };
458
459 static DEFINE_MUTEX(proto_tab_lock);
460
461 int __init_or_module phonet_proto_register(unsigned int protocol,
462 struct phonet_protocol *pp)
463 {
464 int err = 0;
465
466 if (protocol >= PHONET_NPROTO)
467 return -EINVAL;
468
469 err = proto_register(pp->prot, 1);
470 if (err)
471 return err;
472
473 mutex_lock(&proto_tab_lock);
474 if (proto_tab[protocol])
475 err = -EBUSY;
476 else
477 rcu_assign_pointer(proto_tab[protocol], pp);
478 mutex_unlock(&proto_tab_lock);
479
480 return err;
481 }
482 EXPORT_SYMBOL(phonet_proto_register);
483
484 void phonet_proto_unregister(unsigned int protocol, struct phonet_protocol *pp)
485 {
486 mutex_lock(&proto_tab_lock);
487 BUG_ON(proto_tab[protocol] != pp);
488 rcu_assign_pointer(proto_tab[protocol], NULL);
489 mutex_unlock(&proto_tab_lock);
490 synchronize_rcu();
491 proto_unregister(pp->prot);
492 }
493 EXPORT_SYMBOL(phonet_proto_unregister);
494
495 /* Module registration */
496 static int __init phonet_init(void)
497 {
498 int err;
499
500 err = phonet_device_init();
501 if (err)
502 return err;
503
504 pn_sock_init();
505 err = sock_register(&phonet_proto_family);
506 if (err) {
507 printk(KERN_ALERT
508 "phonet protocol family initialization failed\n");
509 goto err_sock;
510 }
511
512 dev_add_pack(&phonet_packet_type);
513 phonet_sysctl_init();
514
515 err = isi_register();
516 if (err)
517 goto err;
518 return 0;
519
520 err:
521 phonet_sysctl_exit();
522 sock_unregister(PF_PHONET);
523 dev_remove_pack(&phonet_packet_type);
524 err_sock:
525 phonet_device_exit();
526 return err;
527 }
528
529 static void __exit phonet_exit(void)
530 {
531 isi_unregister();
532 phonet_sysctl_exit();
533 sock_unregister(PF_PHONET);
534 dev_remove_pack(&phonet_packet_type);
535 phonet_device_exit();
536 }
537
538 module_init(phonet_init);
539 module_exit(phonet_exit);
540 MODULE_DESCRIPTION("Phonet protocol stack for Linux");
541 MODULE_LICENSE("GPL");
542 MODULE_ALIAS_NETPROTO(PF_PHONET);
Linus' kernel tree