search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / econet / af_econet.c
blobe366f1bef91f905a46e136bd08bf9414c74bd4fe
1 /*
2 * An implementation of the Acorn Econet and AUN protocols.
3 * Philip Blundell <philb@gnu.org>
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
9 *
10 */
11
12 #include <linux/module.h>
13
14 #include <linux/types.h>
15 #include <linux/kernel.h>
16 #include <linux/string.h>
17 #include <linux/mm.h>
18 #include <linux/socket.h>
19 #include <linux/sockios.h>
20 #include <linux/in.h>
21 #include <linux/errno.h>
22 #include <linux/interrupt.h>
23 #include <linux/if_ether.h>
24 #include <linux/netdevice.h>
25 #include <linux/inetdevice.h>
26 #include <linux/route.h>
27 #include <linux/inet.h>
28 #include <linux/etherdevice.h>
29 #include <linux/if_arp.h>
30 #include <linux/wireless.h>
31 #include <linux/skbuff.h>
32 #include <linux/udp.h>
33 #include <linux/slab.h>
34 #include <net/sock.h>
35 #include <net/inet_common.h>
36 #include <linux/stat.h>
37 #include <linux/init.h>
38 #include <linux/if_ec.h>
39 #include <net/udp.h>
40 #include <net/ip.h>
41 #include <linux/spinlock.h>
42 #include <linux/rcupdate.h>
43 #include <linux/bitops.h>
44 #include <linux/mutex.h>
45
46 #include <asm/uaccess.h>
47 #include <asm/system.h>
48
49 static const struct proto_ops econet_ops;
50 static struct hlist_head econet_sklist;
51 static DEFINE_SPINLOCK(econet_lock);
52 static DEFINE_MUTEX(econet_mutex);
53
54 /* Since there are only 256 possible network numbers (or fewer, depends
55 how you count) it makes sense to use a simple lookup table. */
56 static struct net_device *net2dev_map[256];
57
58 #define EC_PORT_IP 0xd2
59
60 #ifdef CONFIG_ECONET_AUNUDP
61 static DEFINE_SPINLOCK(aun_queue_lock);
62 static struct socket *udpsock;
63 #define AUN_PORT 0x8000
64
65
66 struct aunhdr
67 {
68 unsigned char code; /* AUN magic protocol byte */
69 unsigned char port;
70 unsigned char cb;
71 unsigned char pad;
72 unsigned long handle;
73 };
74
75 static unsigned long aun_seq;
76
77 /* Queue of packets waiting to be transmitted. */
78 static struct sk_buff_head aun_queue;
79 static struct timer_list ab_cleanup_timer;
80
81 #endif /* CONFIG_ECONET_AUNUDP */
82
83 /* Per-packet information */
84 struct ec_cb
85 {
86 struct sockaddr_ec sec;
87 unsigned long cookie; /* Supplied by user. */
88 #ifdef CONFIG_ECONET_AUNUDP
89 int done;
90 unsigned long seq; /* Sequencing */
91 unsigned long timeout; /* Timeout */
92 unsigned long start; /* jiffies */
93 #endif
94 #ifdef CONFIG_ECONET_NATIVE
95 void (*sent)(struct sk_buff *, int result);
96 #endif
97 };
98
99 static void econet_remove_socket(struct hlist_head *list, struct sock *sk)
100 {
101 spin_lock_bh(&econet_lock);
102 sk_del_node_init(sk);
103 spin_unlock_bh(&econet_lock);
104 }
105
106 static void econet_insert_socket(struct hlist_head *list, struct sock *sk)
107 {
108 spin_lock_bh(&econet_lock);
109 sk_add_node(sk, list);
110 spin_unlock_bh(&econet_lock);
111 }
112
113 /*
114 * Pull a packet from our receive queue and hand it to the user.
115 * If necessary we block.
116 */
117
118 static int econet_recvmsg(struct kiocb *iocb, struct socket *sock,
119 struct msghdr *msg, size_t len, int flags)
120 {
121 struct sock *sk = sock->sk;
122 struct sk_buff *skb;
123 size_t copied;
124 int err;
125
126 msg->msg_namelen = sizeof(struct sockaddr_ec);
127
128 mutex_lock(&econet_mutex);
129
130 /*
131 * Call the generic datagram receiver. This handles all sorts
132 * of horrible races and re-entrancy so we can forget about it
133 * in the protocol layers.
134 *
135 * Now it will return ENETDOWN, if device have just gone down,
136 * but then it will block.
137 */
138
139 skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err);
140
141 /*
142 * An error occurred so return it. Because skb_recv_datagram()
143 * handles the blocking we don't see and worry about blocking
144 * retries.
145 */
146
147 if(skb==NULL)
148 goto out;
149
150 /*
151 * You lose any data beyond the buffer you gave. If it worries a
152 * user program they can ask the device for its MTU anyway.
153 */
154
155 copied = skb->len;
156 if (copied > len)
157 {
158 copied=len;
159 msg->msg_flags|=MSG_TRUNC;
160 }
161
162 /* We can't use skb_copy_datagram here */
163 err = memcpy_toiovec(msg->msg_iov, skb->data, copied);
164 if (err)
165 goto out_free;
166 sk->sk_stamp = skb->tstamp;
167
168 if (msg->msg_name)
169 memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
170
171 /*
172 * Free or return the buffer as appropriate. Again this
173 * hides all the races and re-entrancy issues from us.
174 */
175 err = copied;
176
177 out_free:
178 skb_free_datagram(sk, skb);
179 out:
180 mutex_unlock(&econet_mutex);
181 return err;
182 }
183
184 /*
185 * Bind an Econet socket.
186 */
187
188 static int econet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
189 {
190 struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr;
191 struct sock *sk;
192 struct econet_sock *eo;
193
194 /*
195 * Check legality
196 */
197
198 if (addr_len < sizeof(struct sockaddr_ec) ||
199 sec->sec_family != AF_ECONET)
200 return -EINVAL;
201
202 mutex_lock(&econet_mutex);
203
204 sk = sock->sk;
205 eo = ec_sk(sk);
206
207 eo->cb = sec->cb;
208 eo->port = sec->port;
209 eo->station = sec->addr.station;
210 eo->net = sec->addr.net;
211
212 mutex_unlock(&econet_mutex);
213
214 return 0;
215 }
216
217 #if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
218 /*
219 * Queue a transmit result for the user to be told about.
220 */
221
222 static void tx_result(struct sock *sk, unsigned long cookie, int result)
223 {
224 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC);
225 struct ec_cb *eb;
226 struct sockaddr_ec *sec;
227
228 if (skb == NULL)
229 {
230 printk(KERN_DEBUG "ec: memory squeeze, transmit result dropped.\n");
231 return;
232 }
233
234 eb = (struct ec_cb *)&skb->cb;
235 sec = (struct sockaddr_ec *)&eb->sec;
236 memset(sec, 0, sizeof(struct sockaddr_ec));
237 sec->cookie = cookie;
238 sec->type = ECTYPE_TRANSMIT_STATUS | result;
239 sec->sec_family = AF_ECONET;
240
241 if (sock_queue_rcv_skb(sk, skb) < 0)
242 kfree_skb(skb);
243 }
244 #endif
245
246 #ifdef CONFIG_ECONET_NATIVE
247 /*
248 * Called by the Econet hardware driver when a packet transmit
249 * has completed. Tell the user.
250 */
251
252 static void ec_tx_done(struct sk_buff *skb, int result)
253 {
254 struct ec_cb *eb = (struct ec_cb *)&skb->cb;
255 tx_result(skb->sk, eb->cookie, result);
256 }
257 #endif
258
259 /*
260 * Send a packet. We have to work out which device it's going out on
261 * and hence whether to use real Econet or the UDP emulation.
262 */
263
264 static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
265 struct msghdr *msg, size_t len)
266 {
267 struct sock *sk = sock->sk;
268 struct sockaddr_ec *saddr=(struct sockaddr_ec *)msg->msg_name;
269 struct net_device *dev;
270 struct ec_addr addr;
271 int err;
272 unsigned char port, cb;
273 #if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
274 struct sk_buff *skb;
275 struct ec_cb *eb;
276 #endif
277 #ifdef CONFIG_ECONET_AUNUDP
278 struct msghdr udpmsg;
279 struct iovec iov[msg->msg_iovlen+1];
280 struct aunhdr ah;
281 struct sockaddr_in udpdest;
282 __kernel_size_t size;
283 int i;
284 mm_segment_t oldfs;
285 #endif
286
287 /*
288 * Check the flags.
289 */
290
291 if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
292 return -EINVAL;
293
294 /*
295 * Get and verify the address.
296 */
297
298 mutex_lock(&econet_mutex);
299
300 if (saddr == NULL || msg->msg_namelen < sizeof(struct sockaddr_ec)) {
301 mutex_unlock(&econet_mutex);
302 return -EINVAL;
303 }
304 addr.station = saddr->addr.station;
305 addr.net = saddr->addr.net;
306 port = saddr->port;
307 cb = saddr->cb;
308
309 /* Look for a device with the right network number. */
310 dev = net2dev_map[addr.net];
311
312 /* If not directly reachable, use some default */
313 if (dev == NULL) {
314 dev = net2dev_map[0];
315 /* No interfaces at all? */
316 if (dev == NULL) {
317 mutex_unlock(&econet_mutex);
318 return -ENETDOWN;
319 }
320 }
321
322 if (len + 15 > dev->mtu) {
323 mutex_unlock(&econet_mutex);
324 return -EMSGSIZE;
325 }
326
327 if (dev->type == ARPHRD_ECONET) {
328 /* Real hardware Econet. We're not worthy etc. */
329 #ifdef CONFIG_ECONET_NATIVE
330 unsigned short proto = 0;
331 int res;
332
333 dev_hold(dev);
334
335 skb = sock_alloc_send_skb(sk, len+LL_ALLOCATED_SPACE(dev),
336 msg->msg_flags & MSG_DONTWAIT, &err);
337 if (skb==NULL)
338 goto out_unlock;
339
340 skb_reserve(skb, LL_RESERVED_SPACE(dev));
341 skb_reset_network_header(skb);
342
343 eb = (struct ec_cb *)&skb->cb;
344
345 eb->cookie = saddr->cookie;
346 eb->sec = *saddr;
347 eb->sent = ec_tx_done;
348
349 err = -EINVAL;
350 res = dev_hard_header(skb, dev, ntohs(proto), &addr, NULL, len);
351 if (res < 0)
352 goto out_free;
353 if (res > 0) {
354 struct ec_framehdr *fh;
355 /* Poke in our control byte and
356 port number. Hack, hack. */
357 fh = (struct ec_framehdr *)(skb->data);
358 fh->cb = cb;
359 fh->port = port;
360 if (sock->type != SOCK_DGRAM) {
361 skb_reset_tail_pointer(skb);
362 skb->len = 0;
363 }
364 }
365
366 /* Copy the data. Returns -EFAULT on error */
367 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
368 skb->protocol = proto;
369 skb->dev = dev;
370 skb->priority = sk->sk_priority;
371 if (err)
372 goto out_free;
373
374 err = -ENETDOWN;
375 if (!(dev->flags & IFF_UP))
376 goto out_free;
377
378 /*
379 * Now send it
380 */
381
382 dev_queue_xmit(skb);
383 dev_put(dev);
384 mutex_unlock(&econet_mutex);
385 return len;
386
387 out_free:
388 kfree_skb(skb);
389 out_unlock:
390 if (dev)
391 dev_put(dev);
392 #else
393 err = -EPROTOTYPE;
394 #endif
395 mutex_unlock(&econet_mutex);
396
397 return err;
398 }
399
400 #ifdef CONFIG_ECONET_AUNUDP
401 /* AUN virtual Econet. */
402
403 if (udpsock == NULL) {
404 mutex_unlock(&econet_mutex);
405 return -ENETDOWN; /* No socket - can't send */
406 }
407
408 /* Make up a UDP datagram and hand it off to some higher intellect. */
409
410 memset(&udpdest, 0, sizeof(udpdest));
411 udpdest.sin_family = AF_INET;
412 udpdest.sin_port = htons(AUN_PORT);
413
414 /* At the moment we use the stupid Acorn scheme of Econet address
415 y.x maps to IP a.b.c.x. This should be replaced with something
416 more flexible and more aware of subnet masks. */
417 {
418 struct in_device *idev;
419 unsigned long network = 0;
420
421 rcu_read_lock();
422 idev = __in_dev_get_rcu(dev);
423 if (idev) {
424 if (idev->ifa_list)
425 network = ntohl(idev->ifa_list->ifa_address) &
426 0xffffff00; /* !!! */
427 }
428 rcu_read_unlock();
429 udpdest.sin_addr.s_addr = htonl(network | addr.station);
430 }
431
432 ah.port = port;
433 ah.cb = cb & 0x7f;
434 ah.code = 2; /* magic */
435 ah.pad = 0;
436
437 /* tack our header on the front of the iovec */
438 size = sizeof(struct aunhdr);
439 /*
440 * XXX: that is b0rken. We can't mix userland and kernel pointers
441 * in iovec, since on a lot of platforms copy_from_user() will
442 * *not* work with the kernel and userland ones at the same time,
443 * regardless of what we do with set_fs(). And we are talking about
444 * econet-over-ethernet here, so "it's only ARM anyway" doesn't
445 * apply. Any suggestions on fixing that code? -- AV
446 */
447 iov[0].iov_base = (void *)&ah;
448 iov[0].iov_len = size;
449 for (i = 0; i < msg->msg_iovlen; i++) {
450 void __user *base = msg->msg_iov[i].iov_base;
451 size_t iov_len = msg->msg_iov[i].iov_len;
452 /* Check it now since we switch to KERNEL_DS later. */
453 if (!access_ok(VERIFY_READ, base, iov_len)) {
454 mutex_unlock(&econet_mutex);
455 return -EFAULT;
456 }
457 iov[i+1].iov_base = base;
458 iov[i+1].iov_len = iov_len;
459 size += iov_len;
460 }
461
462 /* Get a skbuff (no data, just holds our cb information) */
463 if ((skb = sock_alloc_send_skb(sk, 0,
464 msg->msg_flags & MSG_DONTWAIT,
465 &err)) == NULL) {
466 mutex_unlock(&econet_mutex);
467 return err;
468 }
469
470 eb = (struct ec_cb *)&skb->cb;
471
472 eb->cookie = saddr->cookie;
473 eb->timeout = (5*HZ);
474 eb->start = jiffies;
475 ah.handle = aun_seq;
476 eb->seq = (aun_seq++);
477 eb->sec = *saddr;
478
479 skb_queue_tail(&aun_queue, skb);
480
481 udpmsg.msg_name = (void *)&udpdest;
482 udpmsg.msg_namelen = sizeof(udpdest);
483 udpmsg.msg_iov = &iov[0];
484 udpmsg.msg_iovlen = msg->msg_iovlen + 1;
485 udpmsg.msg_control = NULL;
486 udpmsg.msg_controllen = 0;
487 udpmsg.msg_flags=0;
488
489 oldfs = get_fs(); set_fs(KERNEL_DS); /* More privs :-) */
490 err = sock_sendmsg(udpsock, &udpmsg, size);
491 set_fs(oldfs);
492 #else
493 err = -EPROTOTYPE;
494 #endif
495 mutex_unlock(&econet_mutex);
496
497 return err;
498 }
499
500 /*
501 * Look up the address of a socket.
502 */
503
504 static int econet_getname(struct socket *sock, struct sockaddr *uaddr,
505 int *uaddr_len, int peer)
506 {
507 struct sock *sk;
508 struct econet_sock *eo;
509 struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr;
510
511 if (peer)
512 return -EOPNOTSUPP;
513
514 memset(sec, 0, sizeof(*sec));
515 mutex_lock(&econet_mutex);
516
517 sk = sock->sk;
518 eo = ec_sk(sk);
519
520 sec->sec_family = AF_ECONET;
521 sec->port = eo->port;
522 sec->addr.station = eo->station;
523 sec->addr.net = eo->net;
524
525 mutex_unlock(&econet_mutex);
526
527 *uaddr_len = sizeof(*sec);
528 return 0;
529 }
530
531 static void econet_destroy_timer(unsigned long data)
532 {
533 struct sock *sk=(struct sock *)data;
534
535 if (!sk_has_allocations(sk)) {
536 sk_free(sk);
537 return;
538 }
539
540 sk->sk_timer.expires = jiffies + 10 * HZ;
541 add_timer(&sk->sk_timer);
542 printk(KERN_DEBUG "econet socket destroy delayed\n");
543 }
544
545 /*
546 * Close an econet socket.
547 */
548
549 static int econet_release(struct socket *sock)
550 {
551 struct sock *sk;
552
553 mutex_lock(&econet_mutex);
554
555 sk = sock->sk;
556 if (!sk)
557 goto out_unlock;
558
559 econet_remove_socket(&econet_sklist, sk);
560
561 /*
562 * Now the socket is dead. No more input will appear.
563 */
564
565 sk->sk_state_change(sk); /* It is useless. Just for sanity. */
566
567 sock_orphan(sk);
568
569 /* Purge queues */
570
571 skb_queue_purge(&sk->sk_receive_queue);
572
573 if (sk_has_allocations(sk)) {
574 sk->sk_timer.data = (unsigned long)sk;
575 sk->sk_timer.expires = jiffies + HZ;
576 sk->sk_timer.function = econet_destroy_timer;
577 add_timer(&sk->sk_timer);
578
579 goto out_unlock;
580 }
581
582 sk_free(sk);
583
584 out_unlock:
585 mutex_unlock(&econet_mutex);
586 return 0;
587 }
588
589 static struct proto econet_proto = {
590 .name = "ECONET",
591 .owner = THIS_MODULE,
592 .obj_size = sizeof(struct econet_sock),
593 };
594
595 /*
596 * Create an Econet socket
597 */
598
599 static int econet_create(struct net *net, struct socket *sock, int protocol,
600 int kern)
601 {
602 struct sock *sk;
603 struct econet_sock *eo;
604 int err;
605
606 if (!net_eq(net, &init_net))
607 return -EAFNOSUPPORT;
608
609 /* Econet only provides datagram services. */
610 if (sock->type != SOCK_DGRAM)
611 return -ESOCKTNOSUPPORT;
612
613 sock->state = SS_UNCONNECTED;
614
615 err = -ENOBUFS;
616 sk = sk_alloc(net, PF_ECONET, GFP_KERNEL, &econet_proto);
617 if (sk == NULL)
618 goto out;
619
620 sk->sk_reuse = 1;
621 sock->ops = &econet_ops;
622 sock_init_data(sock, sk);
623
624 eo = ec_sk(sk);
625 sock_reset_flag(sk, SOCK_ZAPPED);
626 sk->sk_family = PF_ECONET;
627 eo->num = protocol;
628
629 econet_insert_socket(&econet_sklist, sk);
630 return 0;
631 out:
632 return err;
633 }
634
635 /*
636 * Handle Econet specific ioctls
637 */
638
639 static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void __user *arg)
640 {
641 struct ifreq ifr;
642 struct ec_device *edev;
643 struct net_device *dev;
644 struct sockaddr_ec *sec;
645 int err;
646
647 /*
648 * Fetch the caller's info block into kernel space
649 */
650
651 if (copy_from_user(&ifr, arg, sizeof(struct ifreq)))
652 return -EFAULT;
653
654 if ((dev = dev_get_by_name(&init_net, ifr.ifr_name)) == NULL)
655 return -ENODEV;
656
657 sec = (struct sockaddr_ec *)&ifr.ifr_addr;
658
659 mutex_lock(&econet_mutex);
660
661 err = 0;
662 switch (cmd) {
663 case SIOCSIFADDR:
664 edev = dev->ec_ptr;
665 if (edev == NULL) {
666 /* Magic up a new one. */
667 edev = kzalloc(sizeof(struct ec_device), GFP_KERNEL);
668 if (edev == NULL) {
669 err = -ENOMEM;
670 break;
671 }
672 dev->ec_ptr = edev;
673 } else
674 net2dev_map[edev->net] = NULL;
675 edev->station = sec->addr.station;
676 edev->net = sec->addr.net;
677 net2dev_map[sec->addr.net] = dev;
678 if (!net2dev_map[0])
679 net2dev_map[0] = dev;
680 break;
681
682 case SIOCGIFADDR:
683 edev = dev->ec_ptr;
684 if (edev == NULL) {
685 err = -ENODEV;
686 break;
687 }
688 memset(sec, 0, sizeof(struct sockaddr_ec));
689 sec->addr.station = edev->station;
690 sec->addr.net = edev->net;
691 sec->sec_family = AF_ECONET;
692 dev_put(dev);
693 if (copy_to_user(arg, &ifr, sizeof(struct ifreq)))
694 err = -EFAULT;
695 break;
696
697 default:
698 err = -EINVAL;
699 break;
700 }
701
702 mutex_unlock(&econet_mutex);
703
704 dev_put(dev);
705
706 return err;
707 }
708
709 /*
710 * Handle generic ioctls
711 */
712
713 static int econet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
714 {
715 struct sock *sk = sock->sk;
716 void __user *argp = (void __user *)arg;
717
718 switch(cmd) {
719 case SIOCGSTAMP:
720 return sock_get_timestamp(sk, argp);
721
722 case SIOCGSTAMPNS:
723 return sock_get_timestampns(sk, argp);
724
725 case SIOCSIFADDR:
726 case SIOCGIFADDR:
727 return ec_dev_ioctl(sock, cmd, argp);
728 break;
729
730 default:
731 return -ENOIOCTLCMD;
732 }
733 /*NOTREACHED*/
734 return 0;
735 }
736
737 static const struct net_proto_family econet_family_ops = {
738 .family = PF_ECONET,
739 .create = econet_create,
740 .owner = THIS_MODULE,
741 };
742
743 static const struct proto_ops econet_ops = {
744 .family = PF_ECONET,
745 .owner = THIS_MODULE,
746 .release = econet_release,
747 .bind = econet_bind,
748 .connect = sock_no_connect,
749 .socketpair = sock_no_socketpair,
750 .accept = sock_no_accept,
751 .getname = econet_getname,
752 .poll = datagram_poll,
753 .ioctl = econet_ioctl,
754 .listen = sock_no_listen,
755 .shutdown = sock_no_shutdown,
756 .setsockopt = sock_no_setsockopt,
757 .getsockopt = sock_no_getsockopt,
758 .sendmsg = econet_sendmsg,
759 .recvmsg = econet_recvmsg,
760 .mmap = sock_no_mmap,
761 .sendpage = sock_no_sendpage,
762 };
763
764 #if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
765 /*
766 * Find the listening socket, if any, for the given data.
767 */
768
769 static struct sock *ec_listening_socket(unsigned char port, unsigned char
770 station, unsigned char net)
771 {
772 struct sock *sk;
773 struct hlist_node *node;
774
775 spin_lock(&econet_lock);
776 sk_for_each(sk, node, &econet_sklist) {
777 struct econet_sock *opt = ec_sk(sk);
778 if ((opt->port == port || opt->port == 0) &&
779 (opt->station == station || opt->station == 0) &&
780 (opt->net == net || opt->net == 0)) {
781 sock_hold(sk);
782 goto found;
783 }
784 }
785 sk = NULL;
786 found:
787 spin_unlock(&econet_lock);
788 return sk;
789 }
790
791 /*
792 * Queue a received packet for a socket.
793 */
794
795 static int ec_queue_packet(struct sock *sk, struct sk_buff *skb,
796 unsigned char stn, unsigned char net,
797 unsigned char cb, unsigned char port)
798 {
799 struct ec_cb *eb = (struct ec_cb *)&skb->cb;
800 struct sockaddr_ec *sec = (struct sockaddr_ec *)&eb->sec;
801
802 memset(sec, 0, sizeof(struct sockaddr_ec));
803 sec->sec_family = AF_ECONET;
804 sec->type = ECTYPE_PACKET_RECEIVED;
805 sec->port = port;
806 sec->cb = cb;
807 sec->addr.net = net;
808 sec->addr.station = stn;
809
810 return sock_queue_rcv_skb(sk, skb);
811 }
812 #endif
813
814 #ifdef CONFIG_ECONET_AUNUDP
815 /*
816 * Send an AUN protocol response.
817 */
818
819 static void aun_send_response(__u32 addr, unsigned long seq, int code, int cb)
820 {
821 struct sockaddr_in sin = {
822 .sin_family = AF_INET,
823 .sin_port = htons(AUN_PORT),
824 .sin_addr = {.s_addr = addr}
825 };
826 struct aunhdr ah = {.code = code, .cb = cb, .handle = seq};
827 struct kvec iov = {.iov_base = (void *)&ah, .iov_len = sizeof(ah)};
828 struct msghdr udpmsg;
829
830 udpmsg.msg_name = (void *)&sin;
831 udpmsg.msg_namelen = sizeof(sin);
832 udpmsg.msg_control = NULL;
833 udpmsg.msg_controllen = 0;
834 udpmsg.msg_flags=0;
835
836 kernel_sendmsg(udpsock, &udpmsg, &iov, 1, sizeof(ah));
837 }
838
839
840 /*
841 * Handle incoming AUN packets. Work out if anybody wants them,
842 * and send positive or negative acknowledgements as appropriate.
843 */
844
845 static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len)
846 {
847 struct iphdr *ip = ip_hdr(skb);
848 unsigned char stn = ntohl(ip->saddr) & 0xff;
849 struct sock *sk = NULL;
850 struct sk_buff *newskb;
851 struct ec_device *edev = skb->dev->ec_ptr;
852
853 if (! edev)
854 goto bad;
855
856 if ((sk = ec_listening_socket(ah->port, stn, edev->net)) == NULL)
857 goto bad; /* Nobody wants it */
858
859 newskb = alloc_skb((len - sizeof(struct aunhdr) + 15) & ~15,
860 GFP_ATOMIC);
861 if (newskb == NULL)
862 {
863 printk(KERN_DEBUG "AUN: memory squeeze, dropping packet.\n");
864 /* Send nack and hope sender tries again */
865 goto bad;
866 }
867
868 memcpy(skb_put(newskb, len - sizeof(struct aunhdr)), (void *)(ah+1),
869 len - sizeof(struct aunhdr));
870
871 if (ec_queue_packet(sk, newskb, stn, edev->net, ah->cb, ah->port))
872 {
873 /* Socket is bankrupt. */
874 kfree_skb(newskb);
875 goto bad;
876 }
877
878 aun_send_response(ip->saddr, ah->handle, 3, 0);
879 sock_put(sk);
880 return;
881
882 bad:
883 aun_send_response(ip->saddr, ah->handle, 4, 0);
884 if (sk)
885 sock_put(sk);
886 }
887
888 /*
889 * Handle incoming AUN transmit acknowledgements. If the sequence
890 * number matches something in our backlog then kill it and tell
891 * the user. If the remote took too long to reply then we may have
892 * dropped the packet already.
893 */
894
895 static void aun_tx_ack(unsigned long seq, int result)
896 {
897 struct sk_buff *skb;
898 unsigned long flags;
899 struct ec_cb *eb;
900
901 spin_lock_irqsave(&aun_queue_lock, flags);
902 skb_queue_walk(&aun_queue, skb) {
903 eb = (struct ec_cb *)&skb->cb;
904 if (eb->seq == seq)
905 goto foundit;
906 }
907 spin_unlock_irqrestore(&aun_queue_lock, flags);
908 printk(KERN_DEBUG "AUN: unknown sequence %ld\n", seq);
909 return;
910
911 foundit:
912 tx_result(skb->sk, eb->cookie, result);
913 skb_unlink(skb, &aun_queue);
914 spin_unlock_irqrestore(&aun_queue_lock, flags);
915 kfree_skb(skb);
916 }
917
918 /*
919 * Deal with received AUN frames - sort out what type of thing it is
920 * and hand it to the right function.
921 */
922
923 static void aun_data_available(struct sock *sk, int slen)
924 {
925 int err;
926 struct sk_buff *skb;
927 unsigned char *data;
928 struct aunhdr *ah;
929 struct iphdr *ip;
930 size_t len;
931
932 while ((skb = skb_recv_datagram(sk, 0, 1, &err)) == NULL) {
933 if (err == -EAGAIN) {
934 printk(KERN_ERR "AUN: no data available?!");
935 return;
936 }
937 printk(KERN_DEBUG "AUN: recvfrom() error %d\n", -err);
938 }
939
940 data = skb_transport_header(skb) + sizeof(struct udphdr);
941 ah = (struct aunhdr *)data;
942 len = skb->len - sizeof(struct udphdr);
943 ip = ip_hdr(skb);
944
945 switch (ah->code)
946 {
947 case 2:
948 aun_incoming(skb, ah, len);
949 break;
950 case 3:
951 aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_OK);
952 break;
953 case 4:
954 aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_NOT_LISTENING);
955 break;
956 #if 0
957 /* This isn't quite right yet. */
958 case 5:
959 aun_send_response(ip->saddr, ah->handle, 6, ah->cb);
960 break;
961 #endif
962 default:
963 printk(KERN_DEBUG "unknown AUN packet (type %d)\n", data[0]);
964 }
965
966 skb_free_datagram(sk, skb);
967 }
968
969 /*
970 * Called by the timer to manage the AUN transmit queue. If a packet
971 * was sent to a dead or nonexistent host then we will never get an
972 * acknowledgement back. After a few seconds we need to spot this and
973 * drop the packet.
974 */
975
976 static void ab_cleanup(unsigned long h)
977 {
978 struct sk_buff *skb, *n;
979 unsigned long flags;
980
981 spin_lock_irqsave(&aun_queue_lock, flags);
982 skb_queue_walk_safe(&aun_queue, skb, n) {
983 struct ec_cb *eb = (struct ec_cb *)&skb->cb;
984 if ((jiffies - eb->start) > eb->timeout) {
985 tx_result(skb->sk, eb->cookie,
986 ECTYPE_TRANSMIT_NOT_PRESENT);
987 skb_unlink(skb, &aun_queue);
988 kfree_skb(skb);
989 }
990 }
991 spin_unlock_irqrestore(&aun_queue_lock, flags);
992
993 mod_timer(&ab_cleanup_timer, jiffies + (HZ*2));
994 }
995
996 static int __init aun_udp_initialise(void)
997 {
998 int error;
999 struct sockaddr_in sin;
1000
1001 skb_queue_head_init(&aun_queue);
1002 setup_timer(&ab_cleanup_timer, ab_cleanup, 0);
1003 ab_cleanup_timer.expires = jiffies + (HZ*2);
1004 add_timer(&ab_cleanup_timer);
1005
1006 memset(&sin, 0, sizeof(sin));
1007 sin.sin_port = htons(AUN_PORT);
1008
1009 /* We can count ourselves lucky Acorn machines are too dim to
1010 speak IPv6. :-) */
1011 if ((error = sock_create_kern(PF_INET, SOCK_DGRAM, 0, &udpsock)) < 0)
1012 {
1013 printk("AUN: socket error %d\n", -error);
1014 return error;
1015 }
1016
1017 udpsock->sk->sk_reuse = 1;
1018 udpsock->sk->sk_allocation = GFP_ATOMIC; /* we're going to call it
1019 from interrupts */
1020
1021 error = udpsock->ops->bind(udpsock, (struct sockaddr *)&sin,
1022 sizeof(sin));
1023 if (error < 0)
1024 {
1025 printk("AUN: bind error %d\n", -error);
1026 goto release;
1027 }
1028
1029 udpsock->sk->sk_data_ready = aun_data_available;
1030
1031 return 0;
1032
1033 release:
1034 sock_release(udpsock);
1035 udpsock = NULL;
1036 return error;
1037 }
1038 #endif
1039
1040 #ifdef CONFIG_ECONET_NATIVE
1041
1042 /*
1043 * Receive an Econet frame from a device.
1044 */
1045
1046 static int econet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
1047 {
1048 struct ec_framehdr *hdr;
1049 struct sock *sk = NULL;
1050 struct ec_device *edev = dev->ec_ptr;
1051
1052 if (!net_eq(dev_net(dev), &init_net))
1053 goto drop;
1054
1055 if (skb->pkt_type == PACKET_OTHERHOST)
1056 goto drop;
1057
1058 if (!edev)
1059 goto drop;
1060
1061 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
1062 return NET_RX_DROP;
1063
1064 if (!pskb_may_pull(skb, sizeof(struct ec_framehdr)))
1065 goto drop;
1066
1067 hdr = (struct ec_framehdr *) skb->data;
1068
1069 /* First check for encapsulated IP */
1070 if (hdr->port == EC_PORT_IP) {
1071 skb->protocol = htons(ETH_P_IP);
1072 skb_pull(skb, sizeof(struct ec_framehdr));
1073 netif_rx(skb);
1074 return NET_RX_SUCCESS;
1075 }
1076
1077 sk = ec_listening_socket(hdr->port, hdr->src_stn, hdr->src_net);
1078 if (!sk)
1079 goto drop;
1080
1081 if (ec_queue_packet(sk, skb, edev->net, hdr->src_stn, hdr->cb,
1082 hdr->port))
1083 goto drop;
1084 sock_put(sk);
1085 return NET_RX_SUCCESS;
1086
1087 drop:
1088 if (sk)
1089 sock_put(sk);
1090 kfree_skb(skb);
1091 return NET_RX_DROP;
1092 }
1093
1094 static struct packet_type econet_packet_type __read_mostly = {
1095 .type = cpu_to_be16(ETH_P_ECONET),
1096 .func = econet_rcv,
1097 };
1098
1099 static void econet_hw_initialise(void)
1100 {
1101 dev_add_pack(&econet_packet_type);
1102 }
1103
1104 #endif
1105
1106 static int econet_notifier(struct notifier_block *this, unsigned long msg, void *data)
1107 {
1108 struct net_device *dev = (struct net_device *)data;
1109 struct ec_device *edev;
1110
1111 if (!net_eq(dev_net(dev), &init_net))
1112 return NOTIFY_DONE;
1113
1114 switch (msg) {
1115 case NETDEV_UNREGISTER:
1116 /* A device has gone down - kill any data we hold for it. */
1117 edev = dev->ec_ptr;
1118 if (edev)
1119 {
1120 if (net2dev_map[0] == dev)
1121 net2dev_map[0] = NULL;
1122 net2dev_map[edev->net] = NULL;
1123 kfree(edev);
1124 dev->ec_ptr = NULL;
1125 }
1126 break;
1127 }
1128
1129 return NOTIFY_DONE;
1130 }
1131
1132 static struct notifier_block econet_netdev_notifier = {
1133 .notifier_call =econet_notifier,
1134 };
1135
1136 static void __exit econet_proto_exit(void)
1137 {
1138 #ifdef CONFIG_ECONET_AUNUDP
1139 del_timer(&ab_cleanup_timer);
1140 if (udpsock)
1141 sock_release(udpsock);
1142 #endif
1143 unregister_netdevice_notifier(&econet_netdev_notifier);
1144 #ifdef CONFIG_ECONET_NATIVE
1145 dev_remove_pack(&econet_packet_type);
1146 #endif
1147 sock_unregister(econet_family_ops.family);
1148 proto_unregister(&econet_proto);
1149 }
1150
1151 static int __init econet_proto_init(void)
1152 {
1153 int err = proto_register(&econet_proto, 0);
1154
1155 if (err != 0)
1156 goto out;
1157 sock_register(&econet_family_ops);
1158 #ifdef CONFIG_ECONET_AUNUDP
1159 aun_udp_initialise();
1160 #endif
1161 #ifdef CONFIG_ECONET_NATIVE
1162 econet_hw_initialise();
1163 #endif
1164 register_netdevice_notifier(&econet_netdev_notifier);
1165 out:
1166 return err;
1167 }
1168
1169 module_init(econet_proto_init);
1170 module_exit(econet_proto_exit);
1171
1172 MODULE_LICENSE("GPL");
1173 MODULE_ALIAS_NETPROTO(PF_ECONET);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree