search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] pSeries hvsi char driver null pointer deref
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / dccp / options.c
blobdaf72bb671f0c57b56661e4a3053c63edd1d0939
1 /*
2 * net/dccp/options.c
3 *
4 * An implementation of the DCCP protocol
5 * Copyright (c) 2005 Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org>
6 * Copyright (c) 2005 Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
7 * Copyright (c) 2005 Ian McDonald <iam4@cs.waikato.ac.nz>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14 #include <linux/dccp.h>
15 #include <linux/module.h>
16 #include <linux/types.h>
17 #include <linux/kernel.h>
18 #include <linux/skbuff.h>
19
20 #include "ackvec.h"
21 #include "ccid.h"
22 #include "dccp.h"
23 #include "feat.h"
24
25 int dccp_feat_default_sequence_window = DCCPF_INITIAL_SEQUENCE_WINDOW;
26 int dccp_feat_default_rx_ccid = DCCPF_INITIAL_CCID;
27 int dccp_feat_default_tx_ccid = DCCPF_INITIAL_CCID;
28 int dccp_feat_default_ack_ratio = DCCPF_INITIAL_ACK_RATIO;
29 int dccp_feat_default_send_ack_vector = DCCPF_INITIAL_SEND_ACK_VECTOR;
30 int dccp_feat_default_send_ndp_count = DCCPF_INITIAL_SEND_NDP_COUNT;
31
32 EXPORT_SYMBOL_GPL(dccp_feat_default_sequence_window);
33
34 void dccp_minisock_init(struct dccp_minisock *dmsk)
35 {
36 dmsk->dccpms_sequence_window = dccp_feat_default_sequence_window;
37 dmsk->dccpms_rx_ccid = dccp_feat_default_rx_ccid;
38 dmsk->dccpms_tx_ccid = dccp_feat_default_tx_ccid;
39 dmsk->dccpms_ack_ratio = dccp_feat_default_ack_ratio;
40 dmsk->dccpms_send_ack_vector = dccp_feat_default_send_ack_vector;
41 dmsk->dccpms_send_ndp_count = dccp_feat_default_send_ndp_count;
42 }
43
44 static u32 dccp_decode_value_var(const unsigned char *bf, const u8 len)
45 {
46 u32 value = 0;
47
48 if (len > 3)
49 value += *bf++ << 24;
50 if (len > 2)
51 value += *bf++ << 16;
52 if (len > 1)
53 value += *bf++ << 8;
54 if (len > 0)
55 value += *bf;
56
57 return value;
58 }
59
60 int dccp_parse_options(struct sock *sk, struct sk_buff *skb)
61 {
62 struct dccp_sock *dp = dccp_sk(sk);
63 #ifdef CONFIG_IP_DCCP_DEBUG
64 const char *debug_prefix = dp->dccps_role == DCCP_ROLE_CLIENT ?
65 "CLIENT rx opt: " : "server rx opt: ";
66 #endif
67 const struct dccp_hdr *dh = dccp_hdr(skb);
68 const u8 pkt_type = DCCP_SKB_CB(skb)->dccpd_type;
69 unsigned char *options = (unsigned char *)dh + dccp_hdr_len(skb);
70 unsigned char *opt_ptr = options;
71 const unsigned char *opt_end = (unsigned char *)dh +
72 (dh->dccph_doff * 4);
73 struct dccp_options_received *opt_recv = &dp->dccps_options_received;
74 unsigned char opt, len;
75 unsigned char *value;
76 u32 elapsed_time;
77 int rc;
78 int mandatory = 0;
79
80 memset(opt_recv, 0, sizeof(*opt_recv));
81
82 opt = len = 0;
83 while (opt_ptr != opt_end) {
84 opt = *opt_ptr++;
85 len = 0;
86 value = NULL;
87
88 /* Check if this isn't a single byte option */
89 if (opt > DCCPO_MAX_RESERVED) {
90 if (opt_ptr == opt_end)
91 goto out_invalid_option;
92
93 len = *opt_ptr++;
94 if (len < 3)
95 goto out_invalid_option;
96 /*
97 * Remove the type and len fields, leaving
98 * just the value size
99 */
100 len -= 2;
101 value = opt_ptr;
102 opt_ptr += len;
103
104 if (opt_ptr > opt_end)
105 goto out_invalid_option;
106 }
107
108 switch (opt) {
109 case DCCPO_PADDING:
110 break;
111 case DCCPO_MANDATORY:
112 if (mandatory)
113 goto out_invalid_option;
114 if (pkt_type != DCCP_PKT_DATA)
115 mandatory = 1;
116 break;
117 case DCCPO_NDP_COUNT:
118 if (len > 3)
119 goto out_invalid_option;
120
121 opt_recv->dccpor_ndp = dccp_decode_value_var(value, len);
122 dccp_pr_debug("%sNDP count=%d\n", debug_prefix,
123 opt_recv->dccpor_ndp);
124 break;
125 case DCCPO_CHANGE_L:
126 /* fall through */
127 case DCCPO_CHANGE_R:
128 if (len < 2)
129 goto out_invalid_option;
130 rc = dccp_feat_change_recv(sk, opt, *value, value + 1,
131 len - 1);
132 /*
133 * When there is a change error, change_recv is
134 * responsible for dealing with it. i.e. reply with an
135 * empty confirm.
136 * If the change was mandatory, then we need to die.
137 */
138 if (rc && mandatory)
139 goto out_invalid_option;
140 break;
141 case DCCPO_CONFIRM_L:
142 /* fall through */
143 case DCCPO_CONFIRM_R:
144 if (len < 2)
145 goto out_invalid_option;
146 if (dccp_feat_confirm_recv(sk, opt, *value,
147 value + 1, len - 1))
148 goto out_invalid_option;
149 break;
150 case DCCPO_ACK_VECTOR_0:
151 case DCCPO_ACK_VECTOR_1:
152 if (pkt_type == DCCP_PKT_DATA)
153 break;
154
155 if (dccp_msk(sk)->dccpms_send_ack_vector &&
156 dccp_ackvec_parse(sk, skb, opt, value, len))
157 goto out_invalid_option;
158 break;
159 case DCCPO_TIMESTAMP:
160 if (len != 4)
161 goto out_invalid_option;
162
163 opt_recv->dccpor_timestamp = ntohl(*(__be32 *)value);
164
165 dp->dccps_timestamp_echo = opt_recv->dccpor_timestamp;
166 dccp_timestamp(sk, &dp->dccps_timestamp_time);
167
168 dccp_pr_debug("%sTIMESTAMP=%u, ackno=%llu\n",
169 debug_prefix, opt_recv->dccpor_timestamp,
170 (unsigned long long)
171 DCCP_SKB_CB(skb)->dccpd_ack_seq);
172 break;
173 case DCCPO_TIMESTAMP_ECHO:
174 if (len != 4 && len != 6 && len != 8)
175 goto out_invalid_option;
176
177 opt_recv->dccpor_timestamp_echo = ntohl(*(__be32 *)value);
178
179 dccp_pr_debug("%sTIMESTAMP_ECHO=%u, len=%d, ackno=%llu, ",
180 debug_prefix,
181 opt_recv->dccpor_timestamp_echo,
182 len + 2,
183 (unsigned long long)
184 DCCP_SKB_CB(skb)->dccpd_ack_seq);
185
186
187 if (len == 4)
188 break;
189
190 if (len == 6)
191 elapsed_time = ntohs(*(__be16 *)(value + 4));
192 else
193 elapsed_time = ntohl(*(__be32 *)(value + 4));
194
195 /* Give precedence to the biggest ELAPSED_TIME */
196 if (elapsed_time > opt_recv->dccpor_elapsed_time)
197 opt_recv->dccpor_elapsed_time = elapsed_time;
198 break;
199 case DCCPO_ELAPSED_TIME:
200 if (len != 2 && len != 4)
201 goto out_invalid_option;
202
203 if (pkt_type == DCCP_PKT_DATA)
204 continue;
205
206 if (len == 2)
207 elapsed_time = ntohs(*(__be16 *)value);
208 else
209 elapsed_time = ntohl(*(__be32 *)value);
210
211 if (elapsed_time > opt_recv->dccpor_elapsed_time)
212 opt_recv->dccpor_elapsed_time = elapsed_time;
213
214 dccp_pr_debug("%sELAPSED_TIME=%d\n", debug_prefix,
215 elapsed_time);
216 break;
217 /*
218 * From draft-ietf-dccp-spec-11.txt:
219 *
220 * Option numbers 128 through 191 are for
221 * options sent from the HC-Sender to the
222 * HC-Receiver; option numbers 192 through 255
223 * are for options sent from the HC-Receiver to
224 * the HC-Sender.
225 */
226 case 128 ... 191: {
227 const u16 idx = value - options;
228
229 if (ccid_hc_rx_parse_options(dp->dccps_hc_rx_ccid, sk,
230 opt, len, idx,
231 value) != 0)
232 goto out_invalid_option;
233 }
234 break;
235 case 192 ... 255: {
236 const u16 idx = value - options;
237
238 if (ccid_hc_tx_parse_options(dp->dccps_hc_tx_ccid, sk,
239 opt, len, idx,
240 value) != 0)
241 goto out_invalid_option;
242 }
243 break;
244 default:
245 pr_info("DCCP(%p): option %d(len=%d) not "
246 "implemented, ignoring\n",
247 sk, opt, len);
248 break;
249 }
250
251 if (opt != DCCPO_MANDATORY)
252 mandatory = 0;
253 }
254
255 /* mandatory was the last byte in option list -> reset connection */
256 if (mandatory)
257 goto out_invalid_option;
258
259 return 0;
260
261 out_invalid_option:
262 DCCP_INC_STATS_BH(DCCP_MIB_INVALIDOPT);
263 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_OPTION_ERROR;
264 pr_info("DCCP(%p): invalid option %d, len=%d\n", sk, opt, len);
265 return -1;
266 }
267
268 EXPORT_SYMBOL_GPL(dccp_parse_options);
269
270 static void dccp_encode_value_var(const u32 value, unsigned char *to,
271 const unsigned int len)
272 {
273 if (len > 3)
274 *to++ = (value & 0xFF000000) >> 24;
275 if (len > 2)
276 *to++ = (value & 0xFF0000) >> 16;
277 if (len > 1)
278 *to++ = (value & 0xFF00) >> 8;
279 if (len > 0)
280 *to++ = (value & 0xFF);
281 }
282
283 static inline int dccp_ndp_len(const int ndp)
284 {
285 return likely(ndp <= 0xFF) ? 1 : ndp <= 0xFFFF ? 2 : 3;
286 }
287
288 int dccp_insert_option(struct sock *sk, struct sk_buff *skb,
289 const unsigned char option,
290 const void *value, const unsigned char len)
291 {
292 unsigned char *to;
293
294 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len + 2 > DCCP_MAX_OPT_LEN)
295 return -1;
296
297 DCCP_SKB_CB(skb)->dccpd_opt_len += len + 2;
298
299 to = skb_push(skb, len + 2);
300 *to++ = option;
301 *to++ = len + 2;
302
303 memcpy(to, value, len);
304 return 0;
305 }
306
307 EXPORT_SYMBOL_GPL(dccp_insert_option);
308
309 static int dccp_insert_option_ndp(struct sock *sk, struct sk_buff *skb)
310 {
311 struct dccp_sock *dp = dccp_sk(sk);
312 int ndp = dp->dccps_ndp_count;
313
314 if (dccp_non_data_packet(skb))
315 ++dp->dccps_ndp_count;
316 else
317 dp->dccps_ndp_count = 0;
318
319 if (ndp > 0) {
320 unsigned char *ptr;
321 const int ndp_len = dccp_ndp_len(ndp);
322 const int len = ndp_len + 2;
323
324 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
325 return -1;
326
327 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
328
329 ptr = skb_push(skb, len);
330 *ptr++ = DCCPO_NDP_COUNT;
331 *ptr++ = len;
332 dccp_encode_value_var(ndp, ptr, ndp_len);
333 }
334
335 return 0;
336 }
337
338 static inline int dccp_elapsed_time_len(const u32 elapsed_time)
339 {
340 return elapsed_time == 0 ? 0 : elapsed_time <= 0xFFFF ? 2 : 4;
341 }
342
343 int dccp_insert_option_elapsed_time(struct sock *sk, struct sk_buff *skb,
344 u32 elapsed_time)
345 {
346 const int elapsed_time_len = dccp_elapsed_time_len(elapsed_time);
347 const int len = 2 + elapsed_time_len;
348 unsigned char *to;
349
350 if (elapsed_time_len == 0)
351 return 0;
352
353 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
354 return -1;
355
356 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
357
358 to = skb_push(skb, len);
359 *to++ = DCCPO_ELAPSED_TIME;
360 *to++ = len;
361
362 if (elapsed_time_len == 2) {
363 const __be16 var16 = htons((u16)elapsed_time);
364 memcpy(to, &var16, 2);
365 } else {
366 const __be32 var32 = htonl(elapsed_time);
367 memcpy(to, &var32, 4);
368 }
369
370 return 0;
371 }
372
373 EXPORT_SYMBOL_GPL(dccp_insert_option_elapsed_time);
374
375 void dccp_timestamp(const struct sock *sk, struct timeval *tv)
376 {
377 const struct dccp_sock *dp = dccp_sk(sk);
378
379 do_gettimeofday(tv);
380 tv->tv_sec -= dp->dccps_epoch.tv_sec;
381 tv->tv_usec -= dp->dccps_epoch.tv_usec;
382
383 while (tv->tv_usec < 0) {
384 tv->tv_sec--;
385 tv->tv_usec += USEC_PER_SEC;
386 }
387 }
388
389 EXPORT_SYMBOL_GPL(dccp_timestamp);
390
391 int dccp_insert_option_timestamp(struct sock *sk, struct sk_buff *skb)
392 {
393 struct timeval tv;
394 __be32 now;
395
396 dccp_timestamp(sk, &tv);
397 now = htonl(timeval_usecs(&tv) / 10);
398 /* yes this will overflow but that is the point as we want a
399 * 10 usec 32 bit timer which mean it wraps every 11.9 hours */
400
401 return dccp_insert_option(sk, skb, DCCPO_TIMESTAMP, &now, sizeof(now));
402 }
403
404 EXPORT_SYMBOL_GPL(dccp_insert_option_timestamp);
405
406 static int dccp_insert_option_timestamp_echo(struct sock *sk,
407 struct sk_buff *skb)
408 {
409 struct dccp_sock *dp = dccp_sk(sk);
410 struct timeval now;
411 __be32 tstamp_echo;
412 u32 elapsed_time;
413 int len, elapsed_time_len;
414 unsigned char *to;
415
416 dccp_timestamp(sk, &now);
417 elapsed_time = timeval_delta(&now, &dp->dccps_timestamp_time) / 10;
418 elapsed_time_len = dccp_elapsed_time_len(elapsed_time);
419 len = 6 + elapsed_time_len;
420
421 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
422 return -1;
423
424 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
425
426 to = skb_push(skb, len);
427 *to++ = DCCPO_TIMESTAMP_ECHO;
428 *to++ = len;
429
430 tstamp_echo = htonl(dp->dccps_timestamp_echo);
431 memcpy(to, &tstamp_echo, 4);
432 to += 4;
433
434 if (elapsed_time_len == 2) {
435 const __be16 var16 = htons((u16)elapsed_time);
436 memcpy(to, &var16, 2);
437 } else if (elapsed_time_len == 4) {
438 const __be32 var32 = htonl(elapsed_time);
439 memcpy(to, &var32, 4);
440 }
441
442 dp->dccps_timestamp_echo = 0;
443 dp->dccps_timestamp_time.tv_sec = 0;
444 dp->dccps_timestamp_time.tv_usec = 0;
445 return 0;
446 }
447
448 static int dccp_insert_feat_opt(struct sk_buff *skb, u8 type, u8 feat,
449 u8 *val, u8 len)
450 {
451 u8 *to;
452
453 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len + 3 > DCCP_MAX_OPT_LEN) {
454 LIMIT_NETDEBUG(KERN_INFO "DCCP: packet too small"
455 " to insert feature %d option!\n", feat);
456 return -1;
457 }
458
459 DCCP_SKB_CB(skb)->dccpd_opt_len += len + 3;
460
461 to = skb_push(skb, len + 3);
462 *to++ = type;
463 *to++ = len + 3;
464 *to++ = feat;
465
466 if (len)
467 memcpy(to, val, len);
468 dccp_pr_debug("option %d feat %d len %d\n", type, feat, len);
469
470 return 0;
471 }
472
473 static int dccp_insert_options_feat(struct sock *sk, struct sk_buff *skb)
474 {
475 struct dccp_sock *dp = dccp_sk(sk);
476 struct dccp_minisock *dmsk = dccp_msk(sk);
477 struct dccp_opt_pend *opt, *next;
478 int change = 0;
479
480 /* confirm any options [NN opts] */
481 list_for_each_entry_safe(opt, next, &dmsk->dccpms_conf, dccpop_node) {
482 dccp_insert_feat_opt(skb, opt->dccpop_type,
483 opt->dccpop_feat, opt->dccpop_val,
484 opt->dccpop_len);
485 /* fear empty confirms */
486 if (opt->dccpop_val)
487 kfree(opt->dccpop_val);
488 kfree(opt);
489 }
490 INIT_LIST_HEAD(&dmsk->dccpms_conf);
491
492 /* see which features we need to send */
493 list_for_each_entry(opt, &dmsk->dccpms_pending, dccpop_node) {
494 /* see if we need to send any confirm */
495 if (opt->dccpop_sc) {
496 dccp_insert_feat_opt(skb, opt->dccpop_type + 1,
497 opt->dccpop_feat,
498 opt->dccpop_sc->dccpoc_val,
499 opt->dccpop_sc->dccpoc_len);
500
501 BUG_ON(!opt->dccpop_sc->dccpoc_val);
502 kfree(opt->dccpop_sc->dccpoc_val);
503 kfree(opt->dccpop_sc);
504 opt->dccpop_sc = NULL;
505 }
506
507 /* any option not confirmed, re-send it */
508 if (!opt->dccpop_conf) {
509 dccp_insert_feat_opt(skb, opt->dccpop_type,
510 opt->dccpop_feat, opt->dccpop_val,
511 opt->dccpop_len);
512 change++;
513 }
514 }
515
516 /* Retransmit timer.
517 * If this is the master listening sock, we don't set a timer on it. It
518 * should be fine because if the dude doesn't receive our RESPONSE
519 * [which will contain the CHANGE] he will send another REQUEST which
520 * will "retrnasmit" the change.
521 */
522 if (change && dp->dccps_role != DCCP_ROLE_LISTEN) {
523 dccp_pr_debug("reset feat negotiation timer %p\n", sk);
524
525 /* XXX don't reset the timer on re-transmissions. I.e. reset it
526 * only when sending new stuff i guess. Currently the timer
527 * never backs off because on re-transmission it just resets it!
528 */
529 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
530 inet_csk(sk)->icsk_rto, DCCP_RTO_MAX);
531 }
532
533 return 0;
534 }
535
536 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
537 {
538 struct dccp_sock *dp = dccp_sk(sk);
539 struct dccp_minisock *dmsk = dccp_msk(sk);
540
541 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
542
543 if (dmsk->dccpms_send_ndp_count &&
544 dccp_insert_option_ndp(sk, skb))
545 return -1;
546
547 if (!dccp_packet_without_ack(skb)) {
548 if (dmsk->dccpms_send_ack_vector &&
549 dccp_ackvec_pending(dp->dccps_hc_rx_ackvec) &&
550 dccp_insert_option_ackvec(sk, skb))
551 return -1;
552
553 if (dp->dccps_timestamp_echo != 0 &&
554 dccp_insert_option_timestamp_echo(sk, skb))
555 return -1;
556 }
557
558 if (dp->dccps_hc_rx_insert_options) {
559 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
560 return -1;
561 dp->dccps_hc_rx_insert_options = 0;
562 }
563 if (dp->dccps_hc_tx_insert_options) {
564 if (ccid_hc_tx_insert_options(dp->dccps_hc_tx_ccid, sk, skb))
565 return -1;
566 dp->dccps_hc_tx_insert_options = 0;
567 }
568
569 /* Feature negotiation */
570 /* Data packets can't do feat negotiation */
571 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA &&
572 DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATAACK &&
573 dccp_insert_options_feat(sk, skb))
574 return -1;
575
576 /* XXX: insert other options when appropriate */
577
578 if (DCCP_SKB_CB(skb)->dccpd_opt_len != 0) {
579 /* The length of all options has to be a multiple of 4 */
580 int padding = DCCP_SKB_CB(skb)->dccpd_opt_len % 4;
581
582 if (padding != 0) {
583 padding = 4 - padding;
584 memset(skb_push(skb, padding), 0, padding);
585 DCCP_SKB_CB(skb)->dccpd_opt_len += padding;
586 }
587 }
588
589 return 0;
590 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree