806fb883ea
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmXYSHgACgkQONu9yGCS
aT74ag/6AqWJBzK/2xvUCYjfBU5+4ApFWQt47Ly9MKFhFX7YBjQGXS6av1YFA9Kw
i01R9SCpIv2eaDrM7/J0wvXGybemfvQ8VyNngG30QC/0jTc4ZAj0PEbtyHpUaz4F
HWOFfAlHAYcLQWhmjhXitoGUfeyhchWnQZpn45mkT0i3DSAEFc5gsiMlO+jaM8No
hOaAHEpGsd7zlH32NYpWrFI0i54HSCwlaHlQFJ7U+rbWyG935RdLjMAX+488R8oc
KccOj+xb4zQyASdC7qdgPz02U7Tm3UB5s0lLrviDiBrYVxSe77vw2TBEeejF+7ZE
oYqjsygRYmRbKuI55rxyxph7cT93ZctL48DZJ4fT4zVIT9kak3S/NtFs0Hyr3TkY
N6ZlDnd10cj8QsnXXtTd9QgT7Ind+3KySv7sr4a/gLO/N39EYpztrMCc/lKfG/Bu
MPDMXBrEtKkjMelcnISwac9QcOb/MAJaepCWtYgcXbEcaBP+/Or8OM0yZPOEk7SA
3CamE+ou0Ds/c6gnsBw6WDMTJd+sX6sw6+4cMEaWzaWiE12Ryc0gscCDJXjEAYzc
+47PiPijNJ+iPjsos8ZaNnTQHALemgJ4cjolHivsEvAYU1s5cyKjVEgMB1MJN8ib
y19D9L8T9BtG2ukWBxtIXMIt51VZ7B8fXodcYXbyqtV25JZj/k8=
=cJfu
-----END PGP SIGNATURE-----
Merge 5.4.269 into android11-5.4-lts
Changes in 5.4.269
PCI: mediatek: Clear interrupt status before dispatching handler
include/linux/units.h: add helpers for kelvin to/from Celsius conversion
units: Add Watt units
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
rpmsg: virtio: Free driver_override when rpmsg_remove()
parisc/firmware: Fix F-extend for PDC addresses
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
mmc: core: Use mrq.sbc in close-ended ffu
nouveau/vmm: don't set addr on the fail path to avoid warning
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
rename(): fix the locking of subdirectories
block: Remove special-casing of compound pages
mtd: spinand: macronix: Fix MX35LFxGE4AD page size
fs: add mode_strip_sgid() helper
fs: move S_ISGID stripping into the vfs_*() helpers
powerpc: Use always instead of always-y in for crtsavres.o
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
net/smc: fix illegal rmb_desc access in SMC-D connection dump
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
afs: Hide silly-rename files from userspace
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
net/mlx5: DR, Use the right GVMI number for drop action
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
netfilter: nf_tables: validate NFPROTO_* family
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: ref-verify: free ref cache before clearing mount opt
btrfs: tree-checker: fix inline ref size in error messages
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
rbd: don't move requests to the running list on errors
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/bridge: nxp-ptn3460: simplify some error checking
drm/exynos: fix accidental on-stack copy of exynos_drm_plane
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
f2fs: fix to check return value of f2fs_reserve_new_block()
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
i3c: master: cdns: Update maximum prescaler value for i2c clock
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
usb: hub: Replace hardcoded quirk value with BIT() macro
fs/kernfs/dir: obey S_ISGID
PCI/AER: Decode Requester ID when no error info found
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
scsi: isci: Fix an error code problem in isci_io_request_build()
net: remove unneeded break
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
selftests: net: avoid just another constant wait
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_ct: reject direction for ct id
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
hrtimer: Report offline hrtimer enqueue
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
net: stmmac: xgmac: use #define for string constants
net: stmmac: xgmac: fix a typo of register name in DPP safety handling
netfilter: nft_set_rbtree: skip end interval element from gc
btrfs: forbid creating subvol qgroups
btrfs: forbid deleting live subvol qgroup
btrfs: send: return EOPNOTSUPP on unknown flags
of: unittest: add overlay gpio test to catch gpio hog problem
of: unittest: Fix compile in the non-dynamic case
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
i2c: i801: Remove i801_set_block_buffer_mode
i2c: i801: Fix block process call transactions
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
firewire: core: correct documentation of fw_csr_string() kernel API
kbuild: Fix changing ELF file type for output of gen_btf for big endian
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
xen-netback: properly sync TX responses
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
binder: signal epoll threads of self-work
misc: fastrpc: Mark all sessions as invalid in cb_remove
ext4: fix double-free of blocks due to wrong extents moved_len
tracing: Fix wasted memory in saved_cmdlines logic
staging: iio: ad5933: fix type mismatch regression
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
mmc: slot-gpio: Allow non-sleeping GPIO ro
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nfp: use correct macro for LengthSelect in BAR config
nfp: flower: prevent re-adding mac index for bonded port
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
pmdomain: core: Move the unused cleanup to a _sync initcall
tracing: Inform kmemleak of saved_cmdlines allocation
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
bus: moxtet: Add spi device table
arch, mm: remove stale mentions of DISCONIGMEM
mips: Fix max_mapnr being uninitialized on early stages
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
netfilter: ipset: fix performance regression in swap operation
netfilter: ipset: Missing gc cancellations fixed
net: prevent mss overflow in skb_segment()
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
PM: runtime: add devm_pm_runtime_enable helper
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend()
drm/msm/dsi: Enable runtime PM
lsm: new security_file_ioctl_compat() hook
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
Revert "Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting""
net: bcmgenet: Fix EEE implementation
of: unittest: fix EXPECT text for gpio hog errors
of: gpio unittest kfree() wrong object
Linux 5.4.269
Change-Id: Iedabcdbe95a83593f102e237f2a80d2fc7206669
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
1269 lines
29 KiB
C
1269 lines
29 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
// Copyright (c) 2010-2011 EIA Electronics,
|
|
// Pieter Beyens <pieter.beyens@eia.be>
|
|
// Copyright (c) 2010-2011 EIA Electronics,
|
|
// Kurt Van Dijck <kurt.van.dijck@eia.be>
|
|
// Copyright (c) 2018 Protonic,
|
|
// Robin van der Gracht <robin@protonic.nl>
|
|
// Copyright (c) 2017-2019 Pengutronix,
|
|
// Marc Kleine-Budde <kernel@pengutronix.de>
|
|
// Copyright (c) 2017-2019 Pengutronix,
|
|
// Oleksij Rempel <kernel@pengutronix.de>
|
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
#include <linux/can/core.h>
|
|
#include <linux/can/skb.h>
|
|
#include <linux/errqueue.h>
|
|
#include <linux/if_arp.h>
|
|
|
|
#include "j1939-priv.h"
|
|
|
|
#define J1939_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_addr.j1939)
|
|
|
|
/* conversion function between struct sock::sk_priority from linux and
|
|
* j1939 priority field
|
|
*/
|
|
static inline priority_t j1939_prio(u32 sk_priority)
|
|
{
|
|
sk_priority = min(sk_priority, 7U);
|
|
|
|
return 7 - sk_priority;
|
|
}
|
|
|
|
static inline u32 j1939_to_sk_priority(priority_t prio)
|
|
{
|
|
return 7 - prio;
|
|
}
|
|
|
|
/* function to see if pgn is to be evaluated */
|
|
static inline bool j1939_pgn_is_valid(pgn_t pgn)
|
|
{
|
|
return pgn <= J1939_PGN_MAX;
|
|
}
|
|
|
|
/* test function to avoid non-zero DA placeholder for pdu1 pgn's */
|
|
static inline bool j1939_pgn_is_clean_pdu(pgn_t pgn)
|
|
{
|
|
if (j1939_pgn_is_pdu1(pgn))
|
|
return !(pgn & 0xff);
|
|
else
|
|
return true;
|
|
}
|
|
|
|
static inline void j1939_sock_pending_add(struct sock *sk)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
atomic_inc(&jsk->skb_pending);
|
|
}
|
|
|
|
static int j1939_sock_pending_get(struct sock *sk)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
return atomic_read(&jsk->skb_pending);
|
|
}
|
|
|
|
void j1939_sock_pending_del(struct sock *sk)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
/* atomic_dec_return returns the new value */
|
|
if (!atomic_dec_return(&jsk->skb_pending))
|
|
wake_up(&jsk->waitq); /* no pending SKB's */
|
|
}
|
|
|
|
static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk)
|
|
{
|
|
jsk->state |= J1939_SOCK_BOUND;
|
|
j1939_priv_get(priv);
|
|
|
|
spin_lock_bh(&priv->j1939_socks_lock);
|
|
list_add_tail(&jsk->list, &priv->j1939_socks);
|
|
spin_unlock_bh(&priv->j1939_socks_lock);
|
|
}
|
|
|
|
static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk)
|
|
{
|
|
spin_lock_bh(&priv->j1939_socks_lock);
|
|
list_del_init(&jsk->list);
|
|
spin_unlock_bh(&priv->j1939_socks_lock);
|
|
|
|
j1939_priv_put(priv);
|
|
jsk->state &= ~J1939_SOCK_BOUND;
|
|
}
|
|
|
|
static bool j1939_sk_queue_session(struct j1939_session *session)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(session->sk);
|
|
bool empty;
|
|
|
|
spin_lock_bh(&jsk->sk_session_queue_lock);
|
|
empty = list_empty(&jsk->sk_session_queue);
|
|
j1939_session_get(session);
|
|
list_add_tail(&session->sk_session_queue_entry, &jsk->sk_session_queue);
|
|
spin_unlock_bh(&jsk->sk_session_queue_lock);
|
|
j1939_sock_pending_add(&jsk->sk);
|
|
|
|
return empty;
|
|
}
|
|
|
|
static struct
|
|
j1939_session *j1939_sk_get_incomplete_session(struct j1939_sock *jsk)
|
|
{
|
|
struct j1939_session *session = NULL;
|
|
|
|
spin_lock_bh(&jsk->sk_session_queue_lock);
|
|
if (!list_empty(&jsk->sk_session_queue)) {
|
|
session = list_last_entry(&jsk->sk_session_queue,
|
|
struct j1939_session,
|
|
sk_session_queue_entry);
|
|
if (session->total_queued_size == session->total_message_size)
|
|
session = NULL;
|
|
else
|
|
j1939_session_get(session);
|
|
}
|
|
spin_unlock_bh(&jsk->sk_session_queue_lock);
|
|
|
|
return session;
|
|
}
|
|
|
|
static void j1939_sk_queue_drop_all(struct j1939_priv *priv,
|
|
struct j1939_sock *jsk, int err)
|
|
{
|
|
struct j1939_session *session, *tmp;
|
|
|
|
netdev_dbg(priv->ndev, "%s: err: %i\n", __func__, err);
|
|
spin_lock_bh(&jsk->sk_session_queue_lock);
|
|
list_for_each_entry_safe(session, tmp, &jsk->sk_session_queue,
|
|
sk_session_queue_entry) {
|
|
list_del_init(&session->sk_session_queue_entry);
|
|
session->err = err;
|
|
j1939_session_put(session);
|
|
}
|
|
spin_unlock_bh(&jsk->sk_session_queue_lock);
|
|
}
|
|
|
|
static void j1939_sk_queue_activate_next_locked(struct j1939_session *session)
|
|
{
|
|
struct j1939_sock *jsk;
|
|
struct j1939_session *first;
|
|
int err;
|
|
|
|
/* RX-Session don't have a socket (yet) */
|
|
if (!session->sk)
|
|
return;
|
|
|
|
jsk = j1939_sk(session->sk);
|
|
lockdep_assert_held(&jsk->sk_session_queue_lock);
|
|
|
|
err = session->err;
|
|
|
|
first = list_first_entry_or_null(&jsk->sk_session_queue,
|
|
struct j1939_session,
|
|
sk_session_queue_entry);
|
|
|
|
/* Some else has already activated the next session */
|
|
if (first != session)
|
|
return;
|
|
|
|
activate_next:
|
|
list_del_init(&first->sk_session_queue_entry);
|
|
j1939_session_put(first);
|
|
first = list_first_entry_or_null(&jsk->sk_session_queue,
|
|
struct j1939_session,
|
|
sk_session_queue_entry);
|
|
if (!first)
|
|
return;
|
|
|
|
if (j1939_session_activate(first)) {
|
|
netdev_warn_once(first->priv->ndev,
|
|
"%s: 0x%p: Identical session is already activated.\n",
|
|
__func__, first);
|
|
first->err = -EBUSY;
|
|
goto activate_next;
|
|
} else {
|
|
/* Give receiver some time (arbitrary chosen) to recover */
|
|
int time_ms = 0;
|
|
|
|
if (err)
|
|
time_ms = 10 + prandom_u32_max(16);
|
|
|
|
j1939_tp_schedule_txtimer(first, time_ms);
|
|
}
|
|
}
|
|
|
|
void j1939_sk_queue_activate_next(struct j1939_session *session)
|
|
{
|
|
struct j1939_sock *jsk;
|
|
|
|
if (!session->sk)
|
|
return;
|
|
|
|
jsk = j1939_sk(session->sk);
|
|
|
|
spin_lock_bh(&jsk->sk_session_queue_lock);
|
|
j1939_sk_queue_activate_next_locked(session);
|
|
spin_unlock_bh(&jsk->sk_session_queue_lock);
|
|
}
|
|
|
|
static bool j1939_sk_match_dst(struct j1939_sock *jsk,
|
|
const struct j1939_sk_buff_cb *skcb)
|
|
{
|
|
if ((jsk->state & J1939_SOCK_PROMISC))
|
|
return true;
|
|
|
|
/* Destination address filter */
|
|
if (jsk->addr.src_name && skcb->addr.dst_name) {
|
|
if (jsk->addr.src_name != skcb->addr.dst_name)
|
|
return false;
|
|
} else {
|
|
/* receive (all sockets) if
|
|
* - all packages that match our bind() address
|
|
* - all broadcast on a socket if SO_BROADCAST
|
|
* is set
|
|
*/
|
|
if (j1939_address_is_unicast(skcb->addr.da)) {
|
|
if (jsk->addr.sa != skcb->addr.da)
|
|
return false;
|
|
} else if (!sock_flag(&jsk->sk, SOCK_BROADCAST)) {
|
|
/* receiving broadcast without SO_BROADCAST
|
|
* flag is not allowed
|
|
*/
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/* Source address filter */
|
|
if (jsk->state & J1939_SOCK_CONNECTED) {
|
|
/* receive (all sockets) if
|
|
* - all packages that match our connect() name or address
|
|
*/
|
|
if (jsk->addr.dst_name && skcb->addr.src_name) {
|
|
if (jsk->addr.dst_name != skcb->addr.src_name)
|
|
return false;
|
|
} else {
|
|
if (jsk->addr.da != skcb->addr.sa)
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/* PGN filter */
|
|
if (j1939_pgn_is_valid(jsk->pgn_rx_filter) &&
|
|
jsk->pgn_rx_filter != skcb->addr.pgn)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
/* matches skb control buffer (addr) with a j1939 filter */
|
|
static bool j1939_sk_match_filter(struct j1939_sock *jsk,
|
|
const struct j1939_sk_buff_cb *skcb)
|
|
{
|
|
const struct j1939_filter *f;
|
|
int nfilter;
|
|
|
|
spin_lock_bh(&jsk->filters_lock);
|
|
|
|
f = jsk->filters;
|
|
nfilter = jsk->nfilters;
|
|
|
|
if (!nfilter)
|
|
/* receive all when no filters are assigned */
|
|
goto filter_match_found;
|
|
|
|
for (; nfilter; ++f, --nfilter) {
|
|
if ((skcb->addr.pgn & f->pgn_mask) != f->pgn)
|
|
continue;
|
|
if ((skcb->addr.sa & f->addr_mask) != f->addr)
|
|
continue;
|
|
if ((skcb->addr.src_name & f->name_mask) != f->name)
|
|
continue;
|
|
goto filter_match_found;
|
|
}
|
|
|
|
spin_unlock_bh(&jsk->filters_lock);
|
|
return false;
|
|
|
|
filter_match_found:
|
|
spin_unlock_bh(&jsk->filters_lock);
|
|
return true;
|
|
}
|
|
|
|
static bool j1939_sk_recv_match_one(struct j1939_sock *jsk,
|
|
const struct j1939_sk_buff_cb *skcb)
|
|
{
|
|
if (!(jsk->state & J1939_SOCK_BOUND))
|
|
return false;
|
|
|
|
if (!j1939_sk_match_dst(jsk, skcb))
|
|
return false;
|
|
|
|
if (!j1939_sk_match_filter(jsk, skcb))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static void j1939_sk_recv_one(struct j1939_sock *jsk, struct sk_buff *oskb)
|
|
{
|
|
const struct j1939_sk_buff_cb *oskcb = j1939_skb_to_cb(oskb);
|
|
struct j1939_sk_buff_cb *skcb;
|
|
struct sk_buff *skb;
|
|
|
|
if (oskb->sk == &jsk->sk)
|
|
return;
|
|
|
|
if (!j1939_sk_recv_match_one(jsk, oskcb))
|
|
return;
|
|
|
|
skb = skb_clone(oskb, GFP_ATOMIC);
|
|
if (!skb) {
|
|
pr_warn("skb clone failed\n");
|
|
return;
|
|
}
|
|
can_skb_set_owner(skb, oskb->sk);
|
|
|
|
skcb = j1939_skb_to_cb(skb);
|
|
skcb->msg_flags &= ~(MSG_DONTROUTE);
|
|
if (skb->sk)
|
|
skcb->msg_flags |= MSG_DONTROUTE;
|
|
|
|
if (sock_queue_rcv_skb(&jsk->sk, skb) < 0)
|
|
kfree_skb(skb);
|
|
}
|
|
|
|
bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb)
|
|
{
|
|
struct j1939_sock *jsk;
|
|
bool match = false;
|
|
|
|
spin_lock_bh(&priv->j1939_socks_lock);
|
|
list_for_each_entry(jsk, &priv->j1939_socks, list) {
|
|
match = j1939_sk_recv_match_one(jsk, skcb);
|
|
if (match)
|
|
break;
|
|
}
|
|
spin_unlock_bh(&priv->j1939_socks_lock);
|
|
|
|
return match;
|
|
}
|
|
|
|
void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb)
|
|
{
|
|
struct j1939_sock *jsk;
|
|
|
|
spin_lock_bh(&priv->j1939_socks_lock);
|
|
list_for_each_entry(jsk, &priv->j1939_socks, list) {
|
|
j1939_sk_recv_one(jsk, skb);
|
|
}
|
|
spin_unlock_bh(&priv->j1939_socks_lock);
|
|
}
|
|
|
|
static void j1939_sk_sock_destruct(struct sock *sk)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
/* This function will be call by the generic networking code, when then
|
|
* the socket is ultimately closed (sk->sk_destruct).
|
|
*
|
|
* The race between
|
|
* - processing a received CAN frame
|
|
* (can_receive -> j1939_can_recv)
|
|
* and accessing j1939_priv
|
|
* ... and ...
|
|
* - closing a socket
|
|
* (j1939_can_rx_unregister -> can_rx_unregister)
|
|
* and calling the final j1939_priv_put()
|
|
*
|
|
* is avoided by calling the final j1939_priv_put() from this
|
|
* RCU deferred cleanup call.
|
|
*/
|
|
if (jsk->priv) {
|
|
j1939_priv_put(jsk->priv);
|
|
jsk->priv = NULL;
|
|
}
|
|
|
|
/* call generic CAN sock destruct */
|
|
can_sock_destruct(sk);
|
|
}
|
|
|
|
static int j1939_sk_init(struct sock *sk)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
/* Ensure that "sk" is first member in "struct j1939_sock", so that we
|
|
* can skip it during memset().
|
|
*/
|
|
BUILD_BUG_ON(offsetof(struct j1939_sock, sk) != 0);
|
|
memset((void *)jsk + sizeof(jsk->sk), 0x0,
|
|
sizeof(*jsk) - sizeof(jsk->sk));
|
|
|
|
INIT_LIST_HEAD(&jsk->list);
|
|
init_waitqueue_head(&jsk->waitq);
|
|
jsk->sk.sk_priority = j1939_to_sk_priority(6);
|
|
jsk->sk.sk_reuse = 1; /* per default */
|
|
jsk->addr.sa = J1939_NO_ADDR;
|
|
jsk->addr.da = J1939_NO_ADDR;
|
|
jsk->addr.pgn = J1939_NO_PGN;
|
|
jsk->pgn_rx_filter = J1939_NO_PGN;
|
|
atomic_set(&jsk->skb_pending, 0);
|
|
spin_lock_init(&jsk->sk_session_queue_lock);
|
|
INIT_LIST_HEAD(&jsk->sk_session_queue);
|
|
spin_lock_init(&jsk->filters_lock);
|
|
|
|
/* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */
|
|
sock_set_flag(sk, SOCK_RCU_FREE);
|
|
sk->sk_destruct = j1939_sk_sock_destruct;
|
|
sk->sk_protocol = CAN_J1939;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int j1939_sk_sanity_check(struct sockaddr_can *addr, int len)
|
|
{
|
|
if (!addr)
|
|
return -EDESTADDRREQ;
|
|
if (len < J1939_MIN_NAMELEN)
|
|
return -EINVAL;
|
|
if (addr->can_family != AF_CAN)
|
|
return -EINVAL;
|
|
if (!addr->can_ifindex)
|
|
return -ENODEV;
|
|
if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
|
|
!j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn))
|
|
return -EINVAL;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
|
|
{
|
|
struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
|
|
struct j1939_sock *jsk = j1939_sk(sock->sk);
|
|
struct j1939_priv *priv;
|
|
struct sock *sk;
|
|
struct net *net;
|
|
int ret = 0;
|
|
|
|
ret = j1939_sk_sanity_check(addr, len);
|
|
if (ret)
|
|
return ret;
|
|
|
|
lock_sock(sock->sk);
|
|
|
|
priv = jsk->priv;
|
|
sk = sock->sk;
|
|
net = sock_net(sk);
|
|
|
|
/* Already bound to an interface? */
|
|
if (jsk->state & J1939_SOCK_BOUND) {
|
|
/* A re-bind() to a different interface is not
|
|
* supported.
|
|
*/
|
|
if (jsk->ifindex != addr->can_ifindex) {
|
|
ret = -EINVAL;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
/* drop old references */
|
|
j1939_jsk_del(priv, jsk);
|
|
j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
|
|
} else {
|
|
struct net_device *ndev;
|
|
|
|
ndev = dev_get_by_index(net, addr->can_ifindex);
|
|
if (!ndev) {
|
|
ret = -ENODEV;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
if (ndev->type != ARPHRD_CAN) {
|
|
dev_put(ndev);
|
|
ret = -ENODEV;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
if (!ndev->ml_priv) {
|
|
netdev_warn_once(ndev,
|
|
"No CAN mid layer private allocated, please fix your driver and use alloc_candev()!\n");
|
|
dev_put(ndev);
|
|
ret = -ENODEV;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
if (!(ndev->flags & IFF_UP)) {
|
|
dev_put(ndev);
|
|
ret = -ENETDOWN;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
priv = j1939_netdev_start(ndev);
|
|
dev_put(ndev);
|
|
if (IS_ERR(priv)) {
|
|
ret = PTR_ERR(priv);
|
|
goto out_release_sock;
|
|
}
|
|
|
|
jsk->ifindex = addr->can_ifindex;
|
|
|
|
/* the corresponding j1939_priv_put() is called via
|
|
* sk->sk_destruct, which points to j1939_sk_sock_destruct()
|
|
*/
|
|
j1939_priv_get(priv);
|
|
jsk->priv = priv;
|
|
}
|
|
|
|
/* set default transmit pgn */
|
|
if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
|
|
jsk->pgn_rx_filter = addr->can_addr.j1939.pgn;
|
|
jsk->addr.src_name = addr->can_addr.j1939.name;
|
|
jsk->addr.sa = addr->can_addr.j1939.addr;
|
|
|
|
/* get new references */
|
|
ret = j1939_local_ecu_get(priv, jsk->addr.src_name, jsk->addr.sa);
|
|
if (ret) {
|
|
j1939_netdev_stop(priv);
|
|
goto out_release_sock;
|
|
}
|
|
|
|
j1939_jsk_add(priv, jsk);
|
|
|
|
out_release_sock: /* fall through */
|
|
release_sock(sock->sk);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr,
|
|
int len, int flags)
|
|
{
|
|
struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
|
|
struct j1939_sock *jsk = j1939_sk(sock->sk);
|
|
int ret = 0;
|
|
|
|
ret = j1939_sk_sanity_check(addr, len);
|
|
if (ret)
|
|
return ret;
|
|
|
|
lock_sock(sock->sk);
|
|
|
|
/* bind() before connect() is mandatory */
|
|
if (!(jsk->state & J1939_SOCK_BOUND)) {
|
|
ret = -EINVAL;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
/* A connect() to a different interface is not supported. */
|
|
if (jsk->ifindex != addr->can_ifindex) {
|
|
ret = -EINVAL;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
if (!addr->can_addr.j1939.name &&
|
|
addr->can_addr.j1939.addr == J1939_NO_ADDR &&
|
|
!sock_flag(&jsk->sk, SOCK_BROADCAST)) {
|
|
/* broadcast, but SO_BROADCAST not set */
|
|
ret = -EACCES;
|
|
goto out_release_sock;
|
|
}
|
|
|
|
jsk->addr.dst_name = addr->can_addr.j1939.name;
|
|
jsk->addr.da = addr->can_addr.j1939.addr;
|
|
|
|
if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
|
|
jsk->addr.pgn = addr->can_addr.j1939.pgn;
|
|
|
|
jsk->state |= J1939_SOCK_CONNECTED;
|
|
|
|
out_release_sock: /* fall through */
|
|
release_sock(sock->sk);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr,
|
|
const struct j1939_sock *jsk, int peer)
|
|
{
|
|
/* There are two holes (2 bytes and 3 bytes) to clear to avoid
|
|
* leaking kernel information to user space.
|
|
*/
|
|
memset(addr, 0, J1939_MIN_NAMELEN);
|
|
|
|
addr->can_family = AF_CAN;
|
|
addr->can_ifindex = jsk->ifindex;
|
|
addr->can_addr.j1939.pgn = jsk->addr.pgn;
|
|
if (peer) {
|
|
addr->can_addr.j1939.name = jsk->addr.dst_name;
|
|
addr->can_addr.j1939.addr = jsk->addr.da;
|
|
} else {
|
|
addr->can_addr.j1939.name = jsk->addr.src_name;
|
|
addr->can_addr.j1939.addr = jsk->addr.sa;
|
|
}
|
|
}
|
|
|
|
static int j1939_sk_getname(struct socket *sock, struct sockaddr *uaddr,
|
|
int peer)
|
|
{
|
|
struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
|
|
struct sock *sk = sock->sk;
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
int ret = 0;
|
|
|
|
lock_sock(sk);
|
|
|
|
if (peer && !(jsk->state & J1939_SOCK_CONNECTED)) {
|
|
ret = -EADDRNOTAVAIL;
|
|
goto failure;
|
|
}
|
|
|
|
j1939_sk_sock2sockaddr_can(addr, jsk, peer);
|
|
ret = J1939_MIN_NAMELEN;
|
|
|
|
failure:
|
|
release_sock(sk);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int j1939_sk_release(struct socket *sock)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct j1939_sock *jsk;
|
|
|
|
if (!sk)
|
|
return 0;
|
|
|
|
lock_sock(sk);
|
|
jsk = j1939_sk(sk);
|
|
|
|
if (jsk->state & J1939_SOCK_BOUND) {
|
|
struct j1939_priv *priv = jsk->priv;
|
|
|
|
if (wait_event_interruptible(jsk->waitq,
|
|
!j1939_sock_pending_get(&jsk->sk))) {
|
|
j1939_cancel_active_session(priv, sk);
|
|
j1939_sk_queue_drop_all(priv, jsk, ESHUTDOWN);
|
|
}
|
|
|
|
j1939_jsk_del(priv, jsk);
|
|
|
|
j1939_local_ecu_put(priv, jsk->addr.src_name,
|
|
jsk->addr.sa);
|
|
|
|
j1939_netdev_stop(priv);
|
|
}
|
|
|
|
kfree(jsk->filters);
|
|
sock_orphan(sk);
|
|
sock->sk = NULL;
|
|
|
|
release_sock(sk);
|
|
sock_put(sk);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int j1939_sk_setsockopt_flag(struct j1939_sock *jsk, char __user *optval,
|
|
unsigned int optlen, int flag)
|
|
{
|
|
int tmp;
|
|
|
|
if (optlen != sizeof(tmp))
|
|
return -EINVAL;
|
|
if (copy_from_user(&tmp, optval, optlen))
|
|
return -EFAULT;
|
|
lock_sock(&jsk->sk);
|
|
if (tmp)
|
|
jsk->state |= flag;
|
|
else
|
|
jsk->state &= ~flag;
|
|
release_sock(&jsk->sk);
|
|
return tmp;
|
|
}
|
|
|
|
static int j1939_sk_setsockopt(struct socket *sock, int level, int optname,
|
|
char __user *optval, unsigned int optlen)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
int tmp, count = 0, ret = 0;
|
|
struct j1939_filter *filters = NULL, *ofilters;
|
|
|
|
if (level != SOL_CAN_J1939)
|
|
return -EINVAL;
|
|
|
|
switch (optname) {
|
|
case SO_J1939_FILTER:
|
|
if (optval) {
|
|
struct j1939_filter *f;
|
|
int c;
|
|
|
|
if (optlen % sizeof(*filters) != 0)
|
|
return -EINVAL;
|
|
|
|
if (optlen > J1939_FILTER_MAX *
|
|
sizeof(struct j1939_filter))
|
|
return -EINVAL;
|
|
|
|
count = optlen / sizeof(*filters);
|
|
filters = memdup_user(optval, optlen);
|
|
if (IS_ERR(filters))
|
|
return PTR_ERR(filters);
|
|
|
|
for (f = filters, c = count; c; f++, c--) {
|
|
f->name &= f->name_mask;
|
|
f->pgn &= f->pgn_mask;
|
|
f->addr &= f->addr_mask;
|
|
}
|
|
}
|
|
|
|
lock_sock(&jsk->sk);
|
|
spin_lock_bh(&jsk->filters_lock);
|
|
ofilters = jsk->filters;
|
|
jsk->filters = filters;
|
|
jsk->nfilters = count;
|
|
spin_unlock_bh(&jsk->filters_lock);
|
|
release_sock(&jsk->sk);
|
|
kfree(ofilters);
|
|
return 0;
|
|
case SO_J1939_PROMISC:
|
|
return j1939_sk_setsockopt_flag(jsk, optval, optlen,
|
|
J1939_SOCK_PROMISC);
|
|
case SO_J1939_ERRQUEUE:
|
|
ret = j1939_sk_setsockopt_flag(jsk, optval, optlen,
|
|
J1939_SOCK_ERRQUEUE);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
if (!(jsk->state & J1939_SOCK_ERRQUEUE))
|
|
skb_queue_purge(&sk->sk_error_queue);
|
|
return ret;
|
|
case SO_J1939_SEND_PRIO:
|
|
if (optlen != sizeof(tmp))
|
|
return -EINVAL;
|
|
if (copy_from_user(&tmp, optval, optlen))
|
|
return -EFAULT;
|
|
if (tmp < 0 || tmp > 7)
|
|
return -EDOM;
|
|
if (tmp < 2 && !capable(CAP_NET_ADMIN))
|
|
return -EPERM;
|
|
lock_sock(&jsk->sk);
|
|
jsk->sk.sk_priority = j1939_to_sk_priority(tmp);
|
|
release_sock(&jsk->sk);
|
|
return 0;
|
|
default:
|
|
return -ENOPROTOOPT;
|
|
}
|
|
}
|
|
|
|
static int j1939_sk_getsockopt(struct socket *sock, int level, int optname,
|
|
char __user *optval, int __user *optlen)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
int ret, ulen;
|
|
/* set defaults for using 'int' properties */
|
|
int tmp = 0;
|
|
int len = sizeof(tmp);
|
|
void *val = &tmp;
|
|
|
|
if (level != SOL_CAN_J1939)
|
|
return -EINVAL;
|
|
if (get_user(ulen, optlen))
|
|
return -EFAULT;
|
|
if (ulen < 0)
|
|
return -EINVAL;
|
|
|
|
lock_sock(&jsk->sk);
|
|
switch (optname) {
|
|
case SO_J1939_PROMISC:
|
|
tmp = (jsk->state & J1939_SOCK_PROMISC) ? 1 : 0;
|
|
break;
|
|
case SO_J1939_ERRQUEUE:
|
|
tmp = (jsk->state & J1939_SOCK_ERRQUEUE) ? 1 : 0;
|
|
break;
|
|
case SO_J1939_SEND_PRIO:
|
|
tmp = j1939_prio(jsk->sk.sk_priority);
|
|
break;
|
|
default:
|
|
ret = -ENOPROTOOPT;
|
|
goto no_copy;
|
|
}
|
|
|
|
/* copy to user, based on 'len' & 'val'
|
|
* but most sockopt's are 'int' properties, and have 'len' & 'val'
|
|
* left unchanged, but instead modified 'tmp'
|
|
*/
|
|
if (len > ulen)
|
|
ret = -EFAULT;
|
|
else if (put_user(len, optlen))
|
|
ret = -EFAULT;
|
|
else if (copy_to_user(optval, val, len))
|
|
ret = -EFAULT;
|
|
else
|
|
ret = 0;
|
|
no_copy:
|
|
release_sock(&jsk->sk);
|
|
return ret;
|
|
}
|
|
|
|
static int j1939_sk_recvmsg(struct socket *sock, struct msghdr *msg,
|
|
size_t size, int flags)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct sk_buff *skb;
|
|
struct j1939_sk_buff_cb *skcb;
|
|
int ret = 0;
|
|
|
|
if (flags & ~(MSG_DONTWAIT | MSG_ERRQUEUE | MSG_CMSG_COMPAT))
|
|
return -EINVAL;
|
|
|
|
if (flags & MSG_ERRQUEUE)
|
|
return sock_recv_errqueue(sock->sk, msg, size, SOL_CAN_J1939,
|
|
SCM_J1939_ERRQUEUE);
|
|
|
|
skb = skb_recv_datagram(sk, flags, 0, &ret);
|
|
if (!skb)
|
|
return ret;
|
|
|
|
if (size < skb->len)
|
|
msg->msg_flags |= MSG_TRUNC;
|
|
else
|
|
size = skb->len;
|
|
|
|
ret = memcpy_to_msg(msg, skb->data, size);
|
|
if (ret < 0) {
|
|
skb_free_datagram(sk, skb);
|
|
return ret;
|
|
}
|
|
|
|
skcb = j1939_skb_to_cb(skb);
|
|
if (j1939_address_is_valid(skcb->addr.da))
|
|
put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_ADDR,
|
|
sizeof(skcb->addr.da), &skcb->addr.da);
|
|
|
|
if (skcb->addr.dst_name)
|
|
put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_NAME,
|
|
sizeof(skcb->addr.dst_name), &skcb->addr.dst_name);
|
|
|
|
put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_PRIO,
|
|
sizeof(skcb->priority), &skcb->priority);
|
|
|
|
if (msg->msg_name) {
|
|
struct sockaddr_can *paddr = msg->msg_name;
|
|
|
|
msg->msg_namelen = J1939_MIN_NAMELEN;
|
|
memset(msg->msg_name, 0, msg->msg_namelen);
|
|
paddr->can_family = AF_CAN;
|
|
paddr->can_ifindex = skb->skb_iif;
|
|
paddr->can_addr.j1939.name = skcb->addr.src_name;
|
|
paddr->can_addr.j1939.addr = skcb->addr.sa;
|
|
paddr->can_addr.j1939.pgn = skcb->addr.pgn;
|
|
}
|
|
|
|
sock_recv_ts_and_drops(msg, sk, skb);
|
|
msg->msg_flags |= skcb->msg_flags;
|
|
skb_free_datagram(sk, skb);
|
|
|
|
return size;
|
|
}
|
|
|
|
static struct sk_buff *j1939_sk_alloc_skb(struct net_device *ndev,
|
|
struct sock *sk,
|
|
struct msghdr *msg, size_t size,
|
|
int *errcode)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
struct j1939_sk_buff_cb *skcb;
|
|
struct sk_buff *skb;
|
|
int ret;
|
|
|
|
skb = sock_alloc_send_skb(sk,
|
|
size +
|
|
sizeof(struct can_frame) -
|
|
sizeof(((struct can_frame *)NULL)->data) +
|
|
sizeof(struct can_skb_priv),
|
|
msg->msg_flags & MSG_DONTWAIT, &ret);
|
|
if (!skb)
|
|
goto failure;
|
|
|
|
can_skb_reserve(skb);
|
|
can_skb_prv(skb)->ifindex = ndev->ifindex;
|
|
can_skb_prv(skb)->skbcnt = 0;
|
|
skb_reserve(skb, offsetof(struct can_frame, data));
|
|
|
|
ret = memcpy_from_msg(skb_put(skb, size), msg, size);
|
|
if (ret < 0)
|
|
goto free_skb;
|
|
|
|
skb->dev = ndev;
|
|
|
|
skcb = j1939_skb_to_cb(skb);
|
|
memset(skcb, 0, sizeof(*skcb));
|
|
skcb->addr = jsk->addr;
|
|
skcb->priority = j1939_prio(sk->sk_priority);
|
|
|
|
if (msg->msg_name) {
|
|
struct sockaddr_can *addr = msg->msg_name;
|
|
|
|
if (addr->can_addr.j1939.name ||
|
|
addr->can_addr.j1939.addr != J1939_NO_ADDR) {
|
|
skcb->addr.dst_name = addr->can_addr.j1939.name;
|
|
skcb->addr.da = addr->can_addr.j1939.addr;
|
|
}
|
|
if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
|
|
skcb->addr.pgn = addr->can_addr.j1939.pgn;
|
|
}
|
|
|
|
*errcode = ret;
|
|
return skb;
|
|
|
|
free_skb:
|
|
kfree_skb(skb);
|
|
failure:
|
|
*errcode = ret;
|
|
return NULL;
|
|
}
|
|
|
|
static size_t j1939_sk_opt_stats_get_size(void)
|
|
{
|
|
return
|
|
nla_total_size(sizeof(u32)) + /* J1939_NLA_BYTES_ACKED */
|
|
0;
|
|
}
|
|
|
|
static struct sk_buff *
|
|
j1939_sk_get_timestamping_opt_stats(struct j1939_session *session)
|
|
{
|
|
struct sk_buff *stats;
|
|
u32 size;
|
|
|
|
stats = alloc_skb(j1939_sk_opt_stats_get_size(), GFP_ATOMIC);
|
|
if (!stats)
|
|
return NULL;
|
|
|
|
if (session->skcb.addr.type == J1939_SIMPLE)
|
|
size = session->total_message_size;
|
|
else
|
|
size = min(session->pkt.tx_acked * 7,
|
|
session->total_message_size);
|
|
|
|
nla_put_u32(stats, J1939_NLA_BYTES_ACKED, size);
|
|
|
|
return stats;
|
|
}
|
|
|
|
void j1939_sk_errqueue(struct j1939_session *session,
|
|
enum j1939_sk_errqueue_type type)
|
|
{
|
|
struct j1939_priv *priv = session->priv;
|
|
struct sock *sk = session->sk;
|
|
struct j1939_sock *jsk;
|
|
struct sock_exterr_skb *serr;
|
|
struct sk_buff *skb;
|
|
char *state = "UNK";
|
|
int err;
|
|
|
|
/* currently we have no sk for the RX session */
|
|
if (!sk)
|
|
return;
|
|
|
|
jsk = j1939_sk(sk);
|
|
|
|
if (!(jsk->state & J1939_SOCK_ERRQUEUE))
|
|
return;
|
|
|
|
skb = j1939_sk_get_timestamping_opt_stats(session);
|
|
if (!skb)
|
|
return;
|
|
|
|
skb->tstamp = ktime_get_real();
|
|
|
|
BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb));
|
|
|
|
serr = SKB_EXT_ERR(skb);
|
|
memset(serr, 0, sizeof(*serr));
|
|
switch (type) {
|
|
case J1939_ERRQUEUE_ACK:
|
|
if (!(sk->sk_tsflags & SOF_TIMESTAMPING_TX_ACK)) {
|
|
kfree_skb(skb);
|
|
return;
|
|
}
|
|
|
|
serr->ee.ee_errno = ENOMSG;
|
|
serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
|
|
serr->ee.ee_info = SCM_TSTAMP_ACK;
|
|
state = "ACK";
|
|
break;
|
|
case J1939_ERRQUEUE_SCHED:
|
|
if (!(sk->sk_tsflags & SOF_TIMESTAMPING_TX_SCHED)) {
|
|
kfree_skb(skb);
|
|
return;
|
|
}
|
|
|
|
serr->ee.ee_errno = ENOMSG;
|
|
serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
|
|
serr->ee.ee_info = SCM_TSTAMP_SCHED;
|
|
state = "SCH";
|
|
break;
|
|
case J1939_ERRQUEUE_ABORT:
|
|
serr->ee.ee_errno = session->err;
|
|
serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
|
|
serr->ee.ee_info = J1939_EE_INFO_TX_ABORT;
|
|
state = "ABT";
|
|
break;
|
|
default:
|
|
netdev_err(priv->ndev, "Unknown errqueue type %i\n", type);
|
|
}
|
|
|
|
serr->opt_stats = true;
|
|
if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
|
|
serr->ee.ee_data = session->tskey;
|
|
|
|
netdev_dbg(session->priv->ndev, "%s: 0x%p tskey: %i, state: %s\n",
|
|
__func__, session, session->tskey, state);
|
|
err = sock_queue_err_skb(sk, skb);
|
|
|
|
if (err)
|
|
kfree_skb(skb);
|
|
};
|
|
|
|
void j1939_sk_send_loop_abort(struct sock *sk, int err)
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
|
|
if (jsk->state & J1939_SOCK_ERRQUEUE)
|
|
return;
|
|
|
|
sk->sk_err = err;
|
|
|
|
sk->sk_error_report(sk);
|
|
}
|
|
|
|
static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
|
|
struct msghdr *msg, size_t size)
|
|
|
|
{
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
struct j1939_session *session = j1939_sk_get_incomplete_session(jsk);
|
|
struct sk_buff *skb;
|
|
size_t segment_size, todo_size;
|
|
int ret = 0;
|
|
|
|
if (session &&
|
|
session->total_message_size != session->total_queued_size + size) {
|
|
j1939_session_put(session);
|
|
return -EIO;
|
|
}
|
|
|
|
todo_size = size;
|
|
|
|
while (todo_size) {
|
|
struct j1939_sk_buff_cb *skcb;
|
|
|
|
segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
|
|
todo_size);
|
|
|
|
/* Allocate skb for one segment */
|
|
skb = j1939_sk_alloc_skb(priv->ndev, sk, msg, segment_size,
|
|
&ret);
|
|
if (ret)
|
|
break;
|
|
|
|
skcb = j1939_skb_to_cb(skb);
|
|
|
|
if (!session) {
|
|
/* at this point the size should be full size
|
|
* of the session
|
|
*/
|
|
skcb->offset = 0;
|
|
session = j1939_tp_send(priv, skb, size);
|
|
if (IS_ERR(session)) {
|
|
ret = PTR_ERR(session);
|
|
goto kfree_skb;
|
|
}
|
|
if (j1939_sk_queue_session(session)) {
|
|
/* try to activate session if we a
|
|
* fist in the queue
|
|
*/
|
|
if (!j1939_session_activate(session)) {
|
|
j1939_tp_schedule_txtimer(session, 0);
|
|
} else {
|
|
ret = -EBUSY;
|
|
session->err = ret;
|
|
j1939_sk_queue_drop_all(priv, jsk,
|
|
EBUSY);
|
|
break;
|
|
}
|
|
}
|
|
} else {
|
|
skcb->offset = session->total_queued_size;
|
|
j1939_session_skb_queue(session, skb);
|
|
}
|
|
|
|
todo_size -= segment_size;
|
|
session->total_queued_size += segment_size;
|
|
}
|
|
|
|
switch (ret) {
|
|
case 0: /* OK */
|
|
if (todo_size)
|
|
netdev_warn(priv->ndev,
|
|
"no error found and not completely queued?! %zu\n",
|
|
todo_size);
|
|
ret = size;
|
|
break;
|
|
case -ERESTARTSYS:
|
|
ret = -EINTR;
|
|
/* fall through */
|
|
case -EAGAIN: /* OK */
|
|
if (todo_size != size)
|
|
ret = size - todo_size;
|
|
break;
|
|
default: /* ERROR */
|
|
break;
|
|
}
|
|
|
|
if (session)
|
|
j1939_session_put(session);
|
|
|
|
return ret;
|
|
|
|
kfree_skb:
|
|
kfree_skb(skb);
|
|
return ret;
|
|
}
|
|
|
|
static int j1939_sk_sendmsg(struct socket *sock, struct msghdr *msg,
|
|
size_t size)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct j1939_sock *jsk = j1939_sk(sk);
|
|
struct j1939_priv *priv;
|
|
int ifindex;
|
|
int ret;
|
|
|
|
lock_sock(sock->sk);
|
|
/* various socket state tests */
|
|
if (!(jsk->state & J1939_SOCK_BOUND)) {
|
|
ret = -EBADFD;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
priv = jsk->priv;
|
|
ifindex = jsk->ifindex;
|
|
|
|
if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) {
|
|
/* no source address assigned yet */
|
|
ret = -EBADFD;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
/* deal with provided destination address info */
|
|
if (msg->msg_name) {
|
|
struct sockaddr_can *addr = msg->msg_name;
|
|
|
|
if (msg->msg_namelen < J1939_MIN_NAMELEN) {
|
|
ret = -EINVAL;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
if (addr->can_family != AF_CAN) {
|
|
ret = -EINVAL;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
if (addr->can_ifindex && addr->can_ifindex != ifindex) {
|
|
ret = -EBADFD;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
|
|
!j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) {
|
|
ret = -EINVAL;
|
|
goto sendmsg_done;
|
|
}
|
|
|
|
if (!addr->can_addr.j1939.name &&
|
|
addr->can_addr.j1939.addr == J1939_NO_ADDR &&
|
|
!sock_flag(sk, SOCK_BROADCAST)) {
|
|
/* broadcast, but SO_BROADCAST not set */
|
|
ret = -EACCES;
|
|
goto sendmsg_done;
|
|
}
|
|
} else {
|
|
if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR &&
|
|
!sock_flag(sk, SOCK_BROADCAST)) {
|
|
/* broadcast, but SO_BROADCAST not set */
|
|
ret = -EACCES;
|
|
goto sendmsg_done;
|
|
}
|
|
}
|
|
|
|
ret = j1939_sk_send_loop(priv, sk, msg, size);
|
|
|
|
sendmsg_done:
|
|
release_sock(sock->sk);
|
|
|
|
return ret;
|
|
}
|
|
|
|
void j1939_sk_netdev_event_netdown(struct j1939_priv *priv)
|
|
{
|
|
struct j1939_sock *jsk;
|
|
int error_code = ENETDOWN;
|
|
|
|
spin_lock_bh(&priv->j1939_socks_lock);
|
|
list_for_each_entry(jsk, &priv->j1939_socks, list) {
|
|
jsk->sk.sk_err = error_code;
|
|
if (!sock_flag(&jsk->sk, SOCK_DEAD))
|
|
jsk->sk.sk_error_report(&jsk->sk);
|
|
|
|
j1939_sk_queue_drop_all(priv, jsk, error_code);
|
|
}
|
|
spin_unlock_bh(&priv->j1939_socks_lock);
|
|
}
|
|
|
|
static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd,
|
|
unsigned long arg)
|
|
{
|
|
/* no ioctls for socket layer -> hand it down to NIC layer */
|
|
return -ENOIOCTLCMD;
|
|
}
|
|
|
|
static const struct proto_ops j1939_ops = {
|
|
.family = PF_CAN,
|
|
.release = j1939_sk_release,
|
|
.bind = j1939_sk_bind,
|
|
.connect = j1939_sk_connect,
|
|
.socketpair = sock_no_socketpair,
|
|
.accept = sock_no_accept,
|
|
.getname = j1939_sk_getname,
|
|
.poll = datagram_poll,
|
|
.ioctl = j1939_sk_no_ioctlcmd,
|
|
.listen = sock_no_listen,
|
|
.shutdown = sock_no_shutdown,
|
|
.setsockopt = j1939_sk_setsockopt,
|
|
.getsockopt = j1939_sk_getsockopt,
|
|
.sendmsg = j1939_sk_sendmsg,
|
|
.recvmsg = j1939_sk_recvmsg,
|
|
.mmap = sock_no_mmap,
|
|
.sendpage = sock_no_sendpage,
|
|
};
|
|
|
|
static struct proto j1939_proto __read_mostly = {
|
|
.name = "CAN_J1939",
|
|
.owner = THIS_MODULE,
|
|
.obj_size = sizeof(struct j1939_sock),
|
|
.init = j1939_sk_init,
|
|
};
|
|
|
|
const struct can_proto j1939_can_proto = {
|
|
.type = SOCK_DGRAM,
|
|
.protocol = CAN_J1939,
|
|
.ops = &j1939_ops,
|
|
.prot = &j1939_proto,
|
|
};
|