search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] binfmt_elf: fix checks for bad address
[linux-2.6/linux-2.6-openrd.git] / net / dccp / feat.c
bloba1b0682ee77c7f9af2b72dae2afb38f4decd9f97
1 /*
2 * net/dccp/feat.c
3 *
4 * An implementation of the DCCP protocol
5 * Andrea Bittau <a.bittau@cs.ucl.ac.uk>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 */
12
13 #include <linux/module.h>
14
15 #include "dccp.h"
16 #include "ccid.h"
17 #include "feat.h"
18
19 #define DCCP_FEAT_SP_NOAGREE (-123)
20
21 int dccp_feat_change(struct dccp_minisock *dmsk, u8 type, u8 feature,
22 u8 *val, u8 len, gfp_t gfp)
23 {
24 struct dccp_opt_pend *opt;
25
26 dccp_pr_debug("feat change type=%d feat=%d\n", type, feature);
27
28 /* XXX sanity check feat change request */
29
30 /* check if that feature is already being negotiated */
31 list_for_each_entry(opt, &dmsk->dccpms_pending, dccpop_node) {
32 /* ok we found a negotiation for this option already */
33 if (opt->dccpop_feat == feature && opt->dccpop_type == type) {
34 dccp_pr_debug("Replacing old\n");
35 /* replace */
36 BUG_ON(opt->dccpop_val == NULL);
37 kfree(opt->dccpop_val);
38 opt->dccpop_val = val;
39 opt->dccpop_len = len;
40 opt->dccpop_conf = 0;
41 return 0;
42 }
43 }
44
45 /* negotiation for a new feature */
46 opt = kmalloc(sizeof(*opt), gfp);
47 if (opt == NULL)
48 return -ENOMEM;
49
50 opt->dccpop_type = type;
51 opt->dccpop_feat = feature;
52 opt->dccpop_len = len;
53 opt->dccpop_val = val;
54 opt->dccpop_conf = 0;
55 opt->dccpop_sc = NULL;
56
57 BUG_ON(opt->dccpop_val == NULL);
58
59 list_add_tail(&opt->dccpop_node, &dmsk->dccpms_pending);
60 return 0;
61 }
62
63 EXPORT_SYMBOL_GPL(dccp_feat_change);
64
65 static int dccp_feat_update_ccid(struct sock *sk, u8 type, u8 new_ccid_nr)
66 {
67 struct dccp_sock *dp = dccp_sk(sk);
68 struct dccp_minisock *dmsk = dccp_msk(sk);
69 /* figure out if we are changing our CCID or the peer's */
70 const int rx = type == DCCPO_CHANGE_R;
71 const u8 ccid_nr = rx ? dmsk->dccpms_rx_ccid : dmsk->dccpms_tx_ccid;
72 struct ccid *new_ccid;
73
74 /* Check if nothing is being changed. */
75 if (ccid_nr == new_ccid_nr)
76 return 0;
77
78 new_ccid = ccid_new(new_ccid_nr, sk, rx, GFP_ATOMIC);
79 if (new_ccid == NULL)
80 return -ENOMEM;
81
82 if (rx) {
83 ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
84 dp->dccps_hc_rx_ccid = new_ccid;
85 dmsk->dccpms_rx_ccid = new_ccid_nr;
86 } else {
87 ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
88 dp->dccps_hc_tx_ccid = new_ccid;
89 dmsk->dccpms_tx_ccid = new_ccid_nr;
90 }
91
92 return 0;
93 }
94
95 /* XXX taking only u8 vals */
96 static int dccp_feat_update(struct sock *sk, u8 type, u8 feat, u8 val)
97 {
98 dccp_pr_debug("changing [%d] feat %d to %d\n", type, feat, val);
99
100 switch (feat) {
101 case DCCPF_CCID:
102 return dccp_feat_update_ccid(sk, type, val);
103 default:
104 dccp_pr_debug("IMPLEMENT changing [%d] feat %d to %d\n",
105 type, feat, val);
106 break;
107 }
108 return 0;
109 }
110
111 static int dccp_feat_reconcile(struct sock *sk, struct dccp_opt_pend *opt,
112 u8 *rpref, u8 rlen)
113 {
114 struct dccp_sock *dp = dccp_sk(sk);
115 u8 *spref, slen, *res = NULL;
116 int i, j, rc, agree = 1;
117
118 BUG_ON(rpref == NULL);
119
120 /* check if we are the black sheep */
121 if (dp->dccps_role == DCCP_ROLE_CLIENT) {
122 spref = rpref;
123 slen = rlen;
124 rpref = opt->dccpop_val;
125 rlen = opt->dccpop_len;
126 } else {
127 spref = opt->dccpop_val;
128 slen = opt->dccpop_len;
129 }
130 /*
131 * Now we have server preference list in spref and client preference in
132 * rpref
133 */
134 BUG_ON(spref == NULL);
135 BUG_ON(rpref == NULL);
136
137 /* FIXME sanity check vals */
138
139 /* Are values in any order? XXX Lame "algorithm" here */
140 /* XXX assume values are 1 byte */
141 for (i = 0; i < slen; i++) {
142 for (j = 0; j < rlen; j++) {
143 if (spref[i] == rpref[j]) {
144 res = &spref[i];
145 break;
146 }
147 }
148 if (res)
149 break;
150 }
151
152 /* we didn't agree on anything */
153 if (res == NULL) {
154 /* confirm previous value */
155 switch (opt->dccpop_feat) {
156 case DCCPF_CCID:
157 /* XXX did i get this right? =P */
158 if (opt->dccpop_type == DCCPO_CHANGE_L)
159 res = &dccp_msk(sk)->dccpms_tx_ccid;
160 else
161 res = &dccp_msk(sk)->dccpms_rx_ccid;
162 break;
163
164 default:
165 WARN_ON(1); /* XXX implement res */
166 return -EFAULT;
167 }
168
169 dccp_pr_debug("Don't agree... reconfirming %d\n", *res);
170 agree = 0; /* this is used for mandatory options... */
171 }
172
173 /* need to put result and our preference list */
174 /* XXX assume 1 byte vals */
175 rlen = 1 + opt->dccpop_len;
176 rpref = kmalloc(rlen, GFP_ATOMIC);
177 if (rpref == NULL)
178 return -ENOMEM;
179
180 *rpref = *res;
181 memcpy(&rpref[1], opt->dccpop_val, opt->dccpop_len);
182
183 /* put it in the "confirm queue" */
184 if (opt->dccpop_sc == NULL) {
185 opt->dccpop_sc = kmalloc(sizeof(*opt->dccpop_sc), GFP_ATOMIC);
186 if (opt->dccpop_sc == NULL) {
187 kfree(rpref);
188 return -ENOMEM;
189 }
190 } else {
191 /* recycle the confirm slot */
192 BUG_ON(opt->dccpop_sc->dccpoc_val == NULL);
193 kfree(opt->dccpop_sc->dccpoc_val);
194 dccp_pr_debug("recycling confirm slot\n");
195 }
196 memset(opt->dccpop_sc, 0, sizeof(*opt->dccpop_sc));
197
198 opt->dccpop_sc->dccpoc_val = rpref;
199 opt->dccpop_sc->dccpoc_len = rlen;
200
201 /* update the option on our side [we are about to send the confirm] */
202 rc = dccp_feat_update(sk, opt->dccpop_type, opt->dccpop_feat, *res);
203 if (rc) {
204 kfree(opt->dccpop_sc->dccpoc_val);
205 kfree(opt->dccpop_sc);
206 opt->dccpop_sc = NULL;
207 return rc;
208 }
209
210 dccp_pr_debug("Will confirm %d\n", *rpref);
211
212 /* say we want to change to X but we just got a confirm X, suppress our
213 * change
214 */
215 if (!opt->dccpop_conf) {
216 if (*opt->dccpop_val == *res)
217 opt->dccpop_conf = 1;
218 dccp_pr_debug("won't ask for change of same feature\n");
219 }
220
221 return agree ? 0 : DCCP_FEAT_SP_NOAGREE; /* used for mandatory opts */
222 }
223
224 static int dccp_feat_sp(struct sock *sk, u8 type, u8 feature, u8 *val, u8 len)
225 {
226 struct dccp_minisock *dmsk = dccp_msk(sk);
227 struct dccp_opt_pend *opt;
228 int rc = 1;
229 u8 t;
230
231 /*
232 * We received a CHANGE. We gotta match it against our own preference
233 * list. If we got a CHANGE_R it means it's a change for us, so we need
234 * to compare our CHANGE_L list.
235 */
236 if (type == DCCPO_CHANGE_L)
237 t = DCCPO_CHANGE_R;
238 else
239 t = DCCPO_CHANGE_L;
240
241 /* find our preference list for this feature */
242 list_for_each_entry(opt, &dmsk->dccpms_pending, dccpop_node) {
243 if (opt->dccpop_type != t || opt->dccpop_feat != feature)
244 continue;
245
246 /* find the winner from the two preference lists */
247 rc = dccp_feat_reconcile(sk, opt, val, len);
248 break;
249 }
250
251 /* We didn't deal with the change. This can happen if we have no
252 * preference list for the feature. In fact, it just shouldn't
253 * happen---if we understand a feature, we should have a preference list
254 * with at least the default value.
255 */
256 BUG_ON(rc == 1);
257
258 return rc;
259 }
260
261 static int dccp_feat_nn(struct sock *sk, u8 type, u8 feature, u8 *val, u8 len)
262 {
263 struct dccp_opt_pend *opt;
264 struct dccp_minisock *dmsk = dccp_msk(sk);
265 u8 *copy;
266 int rc;
267
268 /* NN features must be change L */
269 if (type == DCCPO_CHANGE_R) {
270 dccp_pr_debug("received CHANGE_R %d for NN feat %d\n",
271 type, feature);
272 return -EFAULT;
273 }
274
275 /* XXX sanity check opt val */
276
277 /* copy option so we can confirm it */
278 opt = kzalloc(sizeof(*opt), GFP_ATOMIC);
279 if (opt == NULL)
280 return -ENOMEM;
281
282 copy = kmalloc(len, GFP_ATOMIC);
283 if (copy == NULL) {
284 kfree(opt);
285 return -ENOMEM;
286 }
287 memcpy(copy, val, len);
288
289 opt->dccpop_type = DCCPO_CONFIRM_R; /* NN can only confirm R */
290 opt->dccpop_feat = feature;
291 opt->dccpop_val = copy;
292 opt->dccpop_len = len;
293
294 /* change feature */
295 rc = dccp_feat_update(sk, type, feature, *val);
296 if (rc) {
297 kfree(opt->dccpop_val);
298 kfree(opt);
299 return rc;
300 }
301
302 dccp_pr_debug("Confirming NN feature %d (val=%d)\n", feature, *copy);
303 list_add_tail(&opt->dccpop_node, &dmsk->dccpms_conf);
304
305 return 0;
306 }
307
308 static void dccp_feat_empty_confirm(struct dccp_minisock *dmsk,
309 u8 type, u8 feature)
310 {
311 /* XXX check if other confirms for that are queued and recycle slot */
312 struct dccp_opt_pend *opt = kzalloc(sizeof(*opt), GFP_ATOMIC);
313
314 if (opt == NULL) {
315 /* XXX what do we do? Ignoring should be fine. It's a change
316 * after all =P
317 */
318 return;
319 }
320
321 opt->dccpop_type = type == DCCPO_CHANGE_L ? DCCPO_CONFIRM_R :
322 DCCPO_CONFIRM_L;
323 opt->dccpop_feat = feature;
324 opt->dccpop_val = NULL;
325 opt->dccpop_len = 0;
326
327 /* change feature */
328 dccp_pr_debug("Empty confirm feature %d type %d\n", feature, type);
329 list_add_tail(&opt->dccpop_node, &dmsk->dccpms_conf);
330 }
331
332 static void dccp_feat_flush_confirm(struct sock *sk)
333 {
334 struct dccp_minisock *dmsk = dccp_msk(sk);
335 /* Check if there is anything to confirm in the first place */
336 int yes = !list_empty(&dmsk->dccpms_conf);
337
338 if (!yes) {
339 struct dccp_opt_pend *opt;
340
341 list_for_each_entry(opt, &dmsk->dccpms_pending, dccpop_node) {
342 if (opt->dccpop_conf) {
343 yes = 1;
344 break;
345 }
346 }
347 }
348
349 if (!yes)
350 return;
351
352 /* OK there is something to confirm... */
353 /* XXX check if packet is in flight? Send delayed ack?? */
354 if (sk->sk_state == DCCP_OPEN)
355 dccp_send_ack(sk);
356 }
357
358 int dccp_feat_change_recv(struct sock *sk, u8 type, u8 feature, u8 *val, u8 len)
359 {
360 int rc;
361
362 dccp_pr_debug("got feat change type=%d feat=%d\n", type, feature);
363
364 /* figure out if it's SP or NN feature */
365 switch (feature) {
366 /* deal with SP features */
367 case DCCPF_CCID:
368 rc = dccp_feat_sp(sk, type, feature, val, len);
369 break;
370
371 /* deal with NN features */
372 case DCCPF_ACK_RATIO:
373 rc = dccp_feat_nn(sk, type, feature, val, len);
374 break;
375
376 /* XXX implement other features */
377 default:
378 rc = -EFAULT;
379 break;
380 }
381
382 /* check if there were problems changing features */
383 if (rc) {
384 /* If we don't agree on SP, we sent a confirm for old value.
385 * However we propagate rc to caller in case option was
386 * mandatory
387 */
388 if (rc != DCCP_FEAT_SP_NOAGREE)
389 dccp_feat_empty_confirm(dccp_msk(sk), type, feature);
390 }
391
392 /* generate the confirm [if required] */
393 dccp_feat_flush_confirm(sk);
394
395 return rc;
396 }
397
398 EXPORT_SYMBOL_GPL(dccp_feat_change_recv);
399
400 int dccp_feat_confirm_recv(struct sock *sk, u8 type, u8 feature,
401 u8 *val, u8 len)
402 {
403 u8 t;
404 struct dccp_opt_pend *opt;
405 struct dccp_minisock *dmsk = dccp_msk(sk);
406 int rc = 1;
407 int all_confirmed = 1;
408
409 dccp_pr_debug("got feat confirm type=%d feat=%d\n", type, feature);
410
411 /* XXX sanity check type & feat */
412
413 /* locate our change request */
414 t = type == DCCPO_CONFIRM_L ? DCCPO_CHANGE_R : DCCPO_CHANGE_L;
415
416 list_for_each_entry(opt, &dmsk->dccpms_pending, dccpop_node) {
417 if (!opt->dccpop_conf && opt->dccpop_type == t &&
418 opt->dccpop_feat == feature) {
419 /* we found it */
420 /* XXX do sanity check */
421
422 opt->dccpop_conf = 1;
423
424 /* We got a confirmation---change the option */
425 dccp_feat_update(sk, opt->dccpop_type,
426 opt->dccpop_feat, *val);
427
428 dccp_pr_debug("feat %d type %d confirmed %d\n",
429 feature, type, *val);
430 rc = 0;
431 break;
432 }
433
434 if (!opt->dccpop_conf)
435 all_confirmed = 0;
436 }
437
438 /* fix re-transmit timer */
439 /* XXX gotta make sure that no option negotiation occurs during
440 * connection shutdown. Consider that the CLOSEREQ is sent and timer is
441 * on. if all options are confirmed it might kill timer which should
442 * remain alive until close is received.
443 */
444 if (all_confirmed) {
445 dccp_pr_debug("clear feat negotiation timer %p\n", sk);
446 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
447 }
448
449 if (rc)
450 dccp_pr_debug("feat %d type %d never requested\n",
451 feature, type);
452 return 0;
453 }
454
455 EXPORT_SYMBOL_GPL(dccp_feat_confirm_recv);
456
457 void dccp_feat_clean(struct dccp_minisock *dmsk)
458 {
459 struct dccp_opt_pend *opt, *next;
460
461 list_for_each_entry_safe(opt, next, &dmsk->dccpms_pending,
462 dccpop_node) {
463 BUG_ON(opt->dccpop_val == NULL);
464 kfree(opt->dccpop_val);
465
466 if (opt->dccpop_sc != NULL) {
467 BUG_ON(opt->dccpop_sc->dccpoc_val == NULL);
468 kfree(opt->dccpop_sc->dccpoc_val);
469 kfree(opt->dccpop_sc);
470 }
471
472 kfree(opt);
473 }
474 INIT_LIST_HEAD(&dmsk->dccpms_pending);
475
476 list_for_each_entry_safe(opt, next, &dmsk->dccpms_conf, dccpop_node) {
477 BUG_ON(opt == NULL);
478 if (opt->dccpop_val != NULL)
479 kfree(opt->dccpop_val);
480 kfree(opt);
481 }
482 INIT_LIST_HEAD(&dmsk->dccpms_conf);
483 }
484
485 EXPORT_SYMBOL_GPL(dccp_feat_clean);
486
487 /* this is to be called only when a listening sock creates its child. It is
488 * assumed by the function---the confirm is not duplicated, but rather it is
489 * "passed on".
490 */
491 int dccp_feat_clone(struct sock *oldsk, struct sock *newsk)
492 {
493 struct dccp_minisock *olddmsk = dccp_msk(oldsk);
494 struct dccp_minisock *newdmsk = dccp_msk(newsk);
495 struct dccp_opt_pend *opt;
496 int rc = 0;
497
498 INIT_LIST_HEAD(&newdmsk->dccpms_pending);
499 INIT_LIST_HEAD(&newdmsk->dccpms_conf);
500
501 list_for_each_entry(opt, &olddmsk->dccpms_pending, dccpop_node) {
502 struct dccp_opt_pend *newopt;
503 /* copy the value of the option */
504 u8 *val = kmalloc(opt->dccpop_len, GFP_ATOMIC);
505
506 if (val == NULL)
507 goto out_clean;
508 memcpy(val, opt->dccpop_val, opt->dccpop_len);
509
510 newopt = kmalloc(sizeof(*newopt), GFP_ATOMIC);
511 if (newopt == NULL) {
512 kfree(val);
513 goto out_clean;
514 }
515
516 /* insert the option */
517 memcpy(newopt, opt, sizeof(*newopt));
518 newopt->dccpop_val = val;
519 list_add_tail(&newopt->dccpop_node, &newdmsk->dccpms_pending);
520
521 /* XXX what happens with backlogs and multiple connections at
522 * once...
523 */
524 /* the master socket no longer needs to worry about confirms */
525 opt->dccpop_sc = NULL; /* it's not a memleak---new socket has it */
526
527 /* reset state for a new socket */
528 opt->dccpop_conf = 0;
529 }
530
531 /* XXX not doing anything about the conf queue */
532
533 out:
534 return rc;
535
536 out_clean:
537 dccp_feat_clean(newdmsk);
538 rc = -ENOMEM;
539 goto out;
540 }
541
542 EXPORT_SYMBOL_GPL(dccp_feat_clone);
543
544 static int __dccp_feat_init(struct dccp_minisock *dmsk, u8 type, u8 feat,
545 u8 *val, u8 len)
546 {
547 int rc = -ENOMEM;
548 u8 *copy = kmalloc(len, GFP_KERNEL);
549
550 if (copy != NULL) {
551 memcpy(copy, val, len);
552 rc = dccp_feat_change(dmsk, type, feat, copy, len, GFP_KERNEL);
553 if (rc)
554 kfree(copy);
555 }
556 return rc;
557 }
558
559 int dccp_feat_init(struct dccp_minisock *dmsk)
560 {
561 int rc;
562
563 INIT_LIST_HEAD(&dmsk->dccpms_pending);
564 INIT_LIST_HEAD(&dmsk->dccpms_conf);
565
566 /* CCID L */
567 rc = __dccp_feat_init(dmsk, DCCPO_CHANGE_L, DCCPF_CCID,
568 &dmsk->dccpms_tx_ccid, 1);
569 if (rc)
570 goto out;
571
572 /* CCID R */
573 rc = __dccp_feat_init(dmsk, DCCPO_CHANGE_R, DCCPF_CCID,
574 &dmsk->dccpms_rx_ccid, 1);
575 if (rc)
576 goto out;
577
578 /* Ack ratio */
579 rc = __dccp_feat_init(dmsk, DCCPO_CHANGE_L, DCCPF_ACK_RATIO,
580 &dmsk->dccpms_ack_ratio, 1);
581 out:
582 return rc;
583 }
584
585 EXPORT_SYMBOL_GPL(dccp_feat_init);
linux 2.6 git repository for openrd