0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012 #include <linux/kernel.h>
0013 #include <linux/sched/signal.h>
0014 #include <linux/slab.h>
0015 #include <linux/socket.h>
0016 #include <net/sock.h>
0017 #include <net/tcp_states.h>
0018 #include <asm/ioctls.h>
0019
0020 #include <linux/phonet.h>
0021 #include <linux/module.h>
0022 #include <net/phonet/phonet.h>
0023 #include <net/phonet/pep.h>
0024 #include <net/phonet/gprs.h>
0025
0026
0027
0028
0029
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039 #define CREDITS_MAX 10
0040 #define CREDITS_THR 7
0041
0042 #define pep_sb_size(s) (((s) + 5) & ~3)
0043
0044
0045 static unsigned char *pep_get_sb(struct sk_buff *skb, u8 *ptype, u8 *plen,
0046 void *buf)
0047 {
0048 void *data = NULL;
0049 struct {
0050 u8 sb_type;
0051 u8 sb_len;
0052 } *ph, h;
0053 int buflen = *plen;
0054
0055 ph = skb_header_pointer(skb, 0, 2, &h);
0056 if (ph == NULL || ph->sb_len < 2 || !pskb_may_pull(skb, ph->sb_len))
0057 return NULL;
0058 ph->sb_len -= 2;
0059 *ptype = ph->sb_type;
0060 *plen = ph->sb_len;
0061
0062 if (buflen > ph->sb_len)
0063 buflen = ph->sb_len;
0064 data = skb_header_pointer(skb, 2, buflen, buf);
0065 __skb_pull(skb, 2 + ph->sb_len);
0066 return data;
0067 }
0068
0069 static struct sk_buff *pep_alloc_skb(struct sock *sk, const void *payload,
0070 int len, gfp_t priority)
0071 {
0072 struct sk_buff *skb = alloc_skb(MAX_PNPIPE_HEADER + len, priority);
0073 if (!skb)
0074 return NULL;
0075 skb_set_owner_w(skb, sk);
0076
0077 skb_reserve(skb, MAX_PNPIPE_HEADER);
0078 __skb_put(skb, len);
0079 skb_copy_to_linear_data(skb, payload, len);
0080 __skb_push(skb, sizeof(struct pnpipehdr));
0081 skb_reset_transport_header(skb);
0082 return skb;
0083 }
0084
0085 static int pep_reply(struct sock *sk, struct sk_buff *oskb, u8 code,
0086 const void *data, int len, gfp_t priority)
0087 {
0088 const struct pnpipehdr *oph = pnp_hdr(oskb);
0089 struct pnpipehdr *ph;
0090 struct sk_buff *skb;
0091 struct sockaddr_pn peer;
0092
0093 skb = pep_alloc_skb(sk, data, len, priority);
0094 if (!skb)
0095 return -ENOMEM;
0096
0097 ph = pnp_hdr(skb);
0098 ph->utid = oph->utid;
0099 ph->message_id = oph->message_id + 1;
0100 ph->pipe_handle = oph->pipe_handle;
0101 ph->error_code = code;
0102
0103 pn_skb_get_src_sockaddr(oskb, &peer);
0104 return pn_skb_send(sk, skb, &peer);
0105 }
0106
0107 static int pep_indicate(struct sock *sk, u8 id, u8 code,
0108 const void *data, int len, gfp_t priority)
0109 {
0110 struct pep_sock *pn = pep_sk(sk);
0111 struct pnpipehdr *ph;
0112 struct sk_buff *skb;
0113
0114 skb = pep_alloc_skb(sk, data, len, priority);
0115 if (!skb)
0116 return -ENOMEM;
0117
0118 ph = pnp_hdr(skb);
0119 ph->utid = 0;
0120 ph->message_id = id;
0121 ph->pipe_handle = pn->pipe_handle;
0122 ph->error_code = code;
0123 return pn_skb_send(sk, skb, NULL);
0124 }
0125
0126 #define PAD 0x00
0127
0128 static int pipe_handler_request(struct sock *sk, u8 id, u8 code,
0129 const void *data, int len)
0130 {
0131 struct pep_sock *pn = pep_sk(sk);
0132 struct pnpipehdr *ph;
0133 struct sk_buff *skb;
0134
0135 skb = pep_alloc_skb(sk, data, len, GFP_KERNEL);
0136 if (!skb)
0137 return -ENOMEM;
0138
0139 ph = pnp_hdr(skb);
0140 ph->utid = id;
0141 ph->message_id = id;
0142 ph->pipe_handle = pn->pipe_handle;
0143 ph->error_code = code;
0144 return pn_skb_send(sk, skb, NULL);
0145 }
0146
0147 static int pipe_handler_send_created_ind(struct sock *sk)
0148 {
0149 struct pep_sock *pn = pep_sk(sk);
0150 u8 data[4] = {
0151 PN_PIPE_SB_NEGOTIATED_FC, pep_sb_size(2),
0152 pn->tx_fc, pn->rx_fc,
0153 };
0154
0155 return pep_indicate(sk, PNS_PIPE_CREATED_IND, 1 ,
0156 data, 4, GFP_ATOMIC);
0157 }
0158
0159 static int pep_accept_conn(struct sock *sk, struct sk_buff *skb)
0160 {
0161 static const u8 data[20] = {
0162 PAD, PAD, PAD, 2 ,
0163 PN_PIPE_SB_REQUIRED_FC_TX, pep_sb_size(5), 3, PAD,
0164 PN_MULTI_CREDIT_FLOW_CONTROL,
0165 PN_ONE_CREDIT_FLOW_CONTROL,
0166 PN_LEGACY_FLOW_CONTROL,
0167 PAD,
0168 PN_PIPE_SB_PREFERRED_FC_RX, pep_sb_size(5), 3, PAD,
0169 PN_MULTI_CREDIT_FLOW_CONTROL,
0170 PN_ONE_CREDIT_FLOW_CONTROL,
0171 PN_LEGACY_FLOW_CONTROL,
0172 PAD,
0173 };
0174
0175 might_sleep();
0176 return pep_reply(sk, skb, PN_PIPE_NO_ERROR, data, sizeof(data),
0177 GFP_KERNEL);
0178 }
0179
0180 static int pep_reject_conn(struct sock *sk, struct sk_buff *skb, u8 code,
0181 gfp_t priority)
0182 {
0183 static const u8 data[4] = { PAD, PAD, PAD, 0 };
0184 WARN_ON(code == PN_PIPE_NO_ERROR);
0185 return pep_reply(sk, skb, code, data, sizeof(data), priority);
0186 }
0187
0188
0189
0190 static int pep_ctrlreq_error(struct sock *sk, struct sk_buff *oskb, u8 code,
0191 gfp_t priority)
0192 {
0193 const struct pnpipehdr *oph = pnp_hdr(oskb);
0194 struct sk_buff *skb;
0195 struct pnpipehdr *ph;
0196 struct sockaddr_pn dst;
0197 u8 data[4] = {
0198 oph->pep_type,
0199 code,
0200 PAD, PAD,
0201 };
0202
0203 skb = pep_alloc_skb(sk, data, 4, priority);
0204 if (!skb)
0205 return -ENOMEM;
0206
0207 ph = pnp_hdr(skb);
0208 ph->utid = oph->utid;
0209 ph->message_id = PNS_PEP_CTRL_RESP;
0210 ph->pipe_handle = oph->pipe_handle;
0211 ph->data0 = oph->data[0];
0212
0213 pn_skb_get_src_sockaddr(oskb, &dst);
0214 return pn_skb_send(sk, skb, &dst);
0215 }
0216
0217 static int pipe_snd_status(struct sock *sk, u8 type, u8 status, gfp_t priority)
0218 {
0219 u8 data[4] = { type, PAD, PAD, status };
0220
0221 return pep_indicate(sk, PNS_PEP_STATUS_IND, PN_PEP_TYPE_COMMON,
0222 data, 4, priority);
0223 }
0224
0225
0226
0227 static void pipe_grant_credits(struct sock *sk, gfp_t priority)
0228 {
0229 struct pep_sock *pn = pep_sk(sk);
0230
0231 BUG_ON(sk->sk_state != TCP_ESTABLISHED);
0232
0233 switch (pn->rx_fc) {
0234 case PN_LEGACY_FLOW_CONTROL:
0235 break;
0236 case PN_ONE_CREDIT_FLOW_CONTROL:
0237 if (pipe_snd_status(sk, PN_PEP_IND_FLOW_CONTROL,
0238 PEP_IND_READY, priority) == 0)
0239 pn->rx_credits = 1;
0240 break;
0241 case PN_MULTI_CREDIT_FLOW_CONTROL:
0242 if ((pn->rx_credits + CREDITS_THR) > CREDITS_MAX)
0243 break;
0244 if (pipe_snd_status(sk, PN_PEP_IND_ID_MCFC_GRANT_CREDITS,
0245 CREDITS_MAX - pn->rx_credits,
0246 priority) == 0)
0247 pn->rx_credits = CREDITS_MAX;
0248 break;
0249 }
0250 }
0251
0252 static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb)
0253 {
0254 struct pep_sock *pn = pep_sk(sk);
0255 struct pnpipehdr *hdr;
0256 int wake = 0;
0257
0258 if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
0259 return -EINVAL;
0260
0261 hdr = pnp_hdr(skb);
0262 if (hdr->pep_type != PN_PEP_TYPE_COMMON) {
0263 net_dbg_ratelimited("Phonet unknown PEP type: %u\n",
0264 (unsigned int)hdr->pep_type);
0265 return -EOPNOTSUPP;
0266 }
0267
0268 switch (hdr->data[0]) {
0269 case PN_PEP_IND_FLOW_CONTROL:
0270 switch (pn->tx_fc) {
0271 case PN_LEGACY_FLOW_CONTROL:
0272 switch (hdr->data[3]) {
0273 case PEP_IND_BUSY:
0274 atomic_set(&pn->tx_credits, 0);
0275 break;
0276 case PEP_IND_READY:
0277 atomic_set(&pn->tx_credits, wake = 1);
0278 break;
0279 }
0280 break;
0281 case PN_ONE_CREDIT_FLOW_CONTROL:
0282 if (hdr->data[3] == PEP_IND_READY)
0283 atomic_set(&pn->tx_credits, wake = 1);
0284 break;
0285 }
0286 break;
0287
0288 case PN_PEP_IND_ID_MCFC_GRANT_CREDITS:
0289 if (pn->tx_fc != PN_MULTI_CREDIT_FLOW_CONTROL)
0290 break;
0291 atomic_add(wake = hdr->data[3], &pn->tx_credits);
0292 break;
0293
0294 default:
0295 net_dbg_ratelimited("Phonet unknown PEP indication: %u\n",
0296 (unsigned int)hdr->data[0]);
0297 return -EOPNOTSUPP;
0298 }
0299 if (wake)
0300 sk->sk_write_space(sk);
0301 return 0;
0302 }
0303
0304 static int pipe_rcv_created(struct sock *sk, struct sk_buff *skb)
0305 {
0306 struct pep_sock *pn = pep_sk(sk);
0307 struct pnpipehdr *hdr = pnp_hdr(skb);
0308 u8 n_sb = hdr->data0;
0309
0310 pn->rx_fc = pn->tx_fc = PN_LEGACY_FLOW_CONTROL;
0311 __skb_pull(skb, sizeof(*hdr));
0312 while (n_sb > 0) {
0313 u8 type, buf[2], len = sizeof(buf);
0314 u8 *data = pep_get_sb(skb, &type, &len, buf);
0315
0316 if (data == NULL)
0317 return -EINVAL;
0318 switch (type) {
0319 case PN_PIPE_SB_NEGOTIATED_FC:
0320 if (len < 2 || (data[0] | data[1]) > 3)
0321 break;
0322 pn->tx_fc = data[0] & 3;
0323 pn->rx_fc = data[1] & 3;
0324 break;
0325 }
0326 n_sb--;
0327 }
0328 return 0;
0329 }
0330
0331
0332
0333 static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
0334 {
0335 struct pep_sock *pn = pep_sk(sk);
0336 struct pnpipehdr *hdr = pnp_hdr(skb);
0337 struct sk_buff_head *queue;
0338 int err = 0;
0339
0340 BUG_ON(sk->sk_state == TCP_CLOSE_WAIT);
0341
0342 switch (hdr->message_id) {
0343 case PNS_PEP_CONNECT_REQ:
0344 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE, GFP_ATOMIC);
0345 break;
0346
0347 case PNS_PEP_DISCONNECT_REQ:
0348 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
0349 sk->sk_state = TCP_CLOSE_WAIT;
0350 if (!sock_flag(sk, SOCK_DEAD))
0351 sk->sk_state_change(sk);
0352 break;
0353
0354 case PNS_PEP_ENABLE_REQ:
0355
0356 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
0357 break;
0358
0359 case PNS_PEP_RESET_REQ:
0360 switch (hdr->state_after_reset) {
0361 case PN_PIPE_DISABLE:
0362 pn->init_enable = 0;
0363 break;
0364 case PN_PIPE_ENABLE:
0365 pn->init_enable = 1;
0366 break;
0367 default:
0368 err = -EINVAL;
0369 goto out;
0370 }
0371 fallthrough;
0372 case PNS_PEP_DISABLE_REQ:
0373 atomic_set(&pn->tx_credits, 0);
0374 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
0375 break;
0376
0377 case PNS_PEP_CTRL_REQ:
0378 if (skb_queue_len(&pn->ctrlreq_queue) >= PNPIPE_CTRLREQ_MAX) {
0379 atomic_inc(&sk->sk_drops);
0380 break;
0381 }
0382 __skb_pull(skb, 4);
0383 queue = &pn->ctrlreq_queue;
0384 goto queue;
0385
0386 case PNS_PIPE_ALIGNED_DATA:
0387 __skb_pull(skb, 1);
0388 fallthrough;
0389 case PNS_PIPE_DATA:
0390 __skb_pull(skb, 3);
0391 if (!pn_flow_safe(pn->rx_fc)) {
0392 err = sock_queue_rcv_skb(sk, skb);
0393 if (!err)
0394 return NET_RX_SUCCESS;
0395 err = -ENOBUFS;
0396 break;
0397 }
0398
0399 if (pn->rx_credits == 0) {
0400 atomic_inc(&sk->sk_drops);
0401 err = -ENOBUFS;
0402 break;
0403 }
0404 pn->rx_credits--;
0405 queue = &sk->sk_receive_queue;
0406 goto queue;
0407
0408 case PNS_PEP_STATUS_IND:
0409 pipe_rcv_status(sk, skb);
0410 break;
0411
0412 case PNS_PIPE_REDIRECTED_IND:
0413 err = pipe_rcv_created(sk, skb);
0414 break;
0415
0416 case PNS_PIPE_CREATED_IND:
0417 err = pipe_rcv_created(sk, skb);
0418 if (err)
0419 break;
0420 fallthrough;
0421 case PNS_PIPE_RESET_IND:
0422 if (!pn->init_enable)
0423 break;
0424 fallthrough;
0425 case PNS_PIPE_ENABLED_IND:
0426 if (!pn_flow_safe(pn->tx_fc)) {
0427 atomic_set(&pn->tx_credits, 1);
0428 sk->sk_write_space(sk);
0429 }
0430 if (sk->sk_state == TCP_ESTABLISHED)
0431 break;
0432 sk->sk_state = TCP_ESTABLISHED;
0433 pipe_grant_credits(sk, GFP_ATOMIC);
0434 break;
0435
0436 case PNS_PIPE_DISABLED_IND:
0437 sk->sk_state = TCP_SYN_RECV;
0438 pn->rx_credits = 0;
0439 break;
0440
0441 default:
0442 net_dbg_ratelimited("Phonet unknown PEP message: %u\n",
0443 hdr->message_id);
0444 err = -EINVAL;
0445 }
0446 out:
0447 kfree_skb(skb);
0448 return (err == -ENOBUFS) ? NET_RX_DROP : NET_RX_SUCCESS;
0449
0450 queue:
0451 skb->dev = NULL;
0452 skb_set_owner_r(skb, sk);
0453 skb_queue_tail(queue, skb);
0454 if (!sock_flag(sk, SOCK_DEAD))
0455 sk->sk_data_ready(sk);
0456 return NET_RX_SUCCESS;
0457 }
0458
0459
0460 static void pipe_destruct(struct sock *sk)
0461 {
0462 struct pep_sock *pn = pep_sk(sk);
0463
0464 skb_queue_purge(&sk->sk_receive_queue);
0465 skb_queue_purge(&pn->ctrlreq_queue);
0466 }
0467
0468 static u8 pipe_negotiate_fc(const u8 *fcs, unsigned int n)
0469 {
0470 unsigned int i;
0471 u8 final_fc = PN_NO_FLOW_CONTROL;
0472
0473 for (i = 0; i < n; i++) {
0474 u8 fc = fcs[i];
0475
0476 if (fc > final_fc && fc < PN_MAX_FLOW_CONTROL)
0477 final_fc = fc;
0478 }
0479 return final_fc;
0480 }
0481
0482 static int pep_connresp_rcv(struct sock *sk, struct sk_buff *skb)
0483 {
0484 struct pep_sock *pn = pep_sk(sk);
0485 struct pnpipehdr *hdr;
0486 u8 n_sb;
0487
0488 if (!pskb_pull(skb, sizeof(*hdr) + 4))
0489 return -EINVAL;
0490
0491 hdr = pnp_hdr(skb);
0492 if (hdr->error_code != PN_PIPE_NO_ERROR)
0493 return -ECONNREFUSED;
0494
0495
0496 n_sb = hdr->data[3];
0497 while (n_sb > 0) {
0498 u8 type, buf[6], len = sizeof(buf);
0499 const u8 *data = pep_get_sb(skb, &type, &len, buf);
0500
0501 if (data == NULL)
0502 return -EINVAL;
0503
0504 switch (type) {
0505 case PN_PIPE_SB_REQUIRED_FC_TX:
0506 if (len < 2 || len < data[0])
0507 break;
0508 pn->tx_fc = pipe_negotiate_fc(data + 2, len - 2);
0509 break;
0510
0511 case PN_PIPE_SB_PREFERRED_FC_RX:
0512 if (len < 2 || len < data[0])
0513 break;
0514 pn->rx_fc = pipe_negotiate_fc(data + 2, len - 2);
0515 break;
0516
0517 }
0518 n_sb--;
0519 }
0520
0521 return pipe_handler_send_created_ind(sk);
0522 }
0523
0524 static int pep_enableresp_rcv(struct sock *sk, struct sk_buff *skb)
0525 {
0526 struct pnpipehdr *hdr = pnp_hdr(skb);
0527
0528 if (hdr->error_code != PN_PIPE_NO_ERROR)
0529 return -ECONNREFUSED;
0530
0531 return pep_indicate(sk, PNS_PIPE_ENABLED_IND, 0 ,
0532 NULL, 0, GFP_ATOMIC);
0533
0534 }
0535
0536 static void pipe_start_flow_control(struct sock *sk)
0537 {
0538 struct pep_sock *pn = pep_sk(sk);
0539
0540 if (!pn_flow_safe(pn->tx_fc)) {
0541 atomic_set(&pn->tx_credits, 1);
0542 sk->sk_write_space(sk);
0543 }
0544 pipe_grant_credits(sk, GFP_ATOMIC);
0545 }
0546
0547
0548
0549 static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
0550 {
0551 struct pep_sock *pn = pep_sk(sk);
0552 struct pnpipehdr *hdr = pnp_hdr(skb);
0553 int err = NET_RX_SUCCESS;
0554
0555 switch (hdr->message_id) {
0556 case PNS_PIPE_ALIGNED_DATA:
0557 __skb_pull(skb, 1);
0558 fallthrough;
0559 case PNS_PIPE_DATA:
0560 __skb_pull(skb, 3);
0561 if (!pn_flow_safe(pn->rx_fc)) {
0562 err = sock_queue_rcv_skb(sk, skb);
0563 if (!err)
0564 return NET_RX_SUCCESS;
0565 err = NET_RX_DROP;
0566 break;
0567 }
0568
0569 if (pn->rx_credits == 0) {
0570 atomic_inc(&sk->sk_drops);
0571 err = NET_RX_DROP;
0572 break;
0573 }
0574 pn->rx_credits--;
0575 skb->dev = NULL;
0576 skb_set_owner_r(skb, sk);
0577 skb_queue_tail(&sk->sk_receive_queue, skb);
0578 if (!sock_flag(sk, SOCK_DEAD))
0579 sk->sk_data_ready(sk);
0580 return NET_RX_SUCCESS;
0581
0582 case PNS_PEP_CONNECT_RESP:
0583 if (sk->sk_state != TCP_SYN_SENT)
0584 break;
0585 if (!sock_flag(sk, SOCK_DEAD))
0586 sk->sk_state_change(sk);
0587 if (pep_connresp_rcv(sk, skb)) {
0588 sk->sk_state = TCP_CLOSE_WAIT;
0589 break;
0590 }
0591 if (pn->init_enable == PN_PIPE_DISABLE)
0592 sk->sk_state = TCP_SYN_RECV;
0593 else {
0594 sk->sk_state = TCP_ESTABLISHED;
0595 pipe_start_flow_control(sk);
0596 }
0597 break;
0598
0599 case PNS_PEP_ENABLE_RESP:
0600 if (sk->sk_state != TCP_SYN_SENT)
0601 break;
0602
0603 if (pep_enableresp_rcv(sk, skb)) {
0604 sk->sk_state = TCP_CLOSE_WAIT;
0605 break;
0606 }
0607
0608 sk->sk_state = TCP_ESTABLISHED;
0609 pipe_start_flow_control(sk);
0610 break;
0611
0612 case PNS_PEP_DISCONNECT_RESP:
0613
0614 break;
0615
0616 case PNS_PEP_STATUS_IND:
0617 pipe_rcv_status(sk, skb);
0618 break;
0619 }
0620 kfree_skb(skb);
0621 return err;
0622 }
0623
0624
0625 static struct sock *pep_find_pipe(const struct hlist_head *hlist,
0626 const struct sockaddr_pn *dst,
0627 u8 pipe_handle)
0628 {
0629 struct sock *sknode;
0630 u16 dobj = pn_sockaddr_get_object(dst);
0631
0632 sk_for_each(sknode, hlist) {
0633 struct pep_sock *pnnode = pep_sk(sknode);
0634
0635
0636 if (pnnode->pn_sk.sobject != dobj)
0637 continue;
0638 if (pnnode->pipe_handle != pipe_handle)
0639 continue;
0640 if (sknode->sk_state == TCP_CLOSE_WAIT)
0641 continue;
0642
0643 sock_hold(sknode);
0644 return sknode;
0645 }
0646 return NULL;
0647 }
0648
0649
0650
0651
0652
0653
0654 static int pep_do_rcv(struct sock *sk, struct sk_buff *skb)
0655 {
0656 struct pep_sock *pn = pep_sk(sk);
0657 struct sock *sknode;
0658 struct pnpipehdr *hdr;
0659 struct sockaddr_pn dst;
0660 u8 pipe_handle;
0661
0662 if (!pskb_may_pull(skb, sizeof(*hdr)))
0663 goto drop;
0664
0665 hdr = pnp_hdr(skb);
0666 pipe_handle = hdr->pipe_handle;
0667 if (pipe_handle == PN_PIPE_INVALID_HANDLE)
0668 goto drop;
0669
0670 pn_skb_get_dst_sockaddr(skb, &dst);
0671
0672
0673 sknode = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
0674 if (sknode)
0675 return sk_receive_skb(sknode, skb, 1);
0676
0677 switch (hdr->message_id) {
0678 case PNS_PEP_CONNECT_REQ:
0679 if (sk->sk_state != TCP_LISTEN || sk_acceptq_is_full(sk)) {
0680 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE,
0681 GFP_ATOMIC);
0682 break;
0683 }
0684 skb_queue_head(&sk->sk_receive_queue, skb);
0685 sk_acceptq_added(sk);
0686 if (!sock_flag(sk, SOCK_DEAD))
0687 sk->sk_data_ready(sk);
0688 return NET_RX_SUCCESS;
0689
0690 case PNS_PEP_DISCONNECT_REQ:
0691 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
0692 break;
0693
0694 case PNS_PEP_CTRL_REQ:
0695 pep_ctrlreq_error(sk, skb, PN_PIPE_INVALID_HANDLE, GFP_ATOMIC);
0696 break;
0697
0698 case PNS_PEP_RESET_REQ:
0699 case PNS_PEP_ENABLE_REQ:
0700 case PNS_PEP_DISABLE_REQ:
0701
0702 break;
0703
0704 default:
0705 if ((1 << sk->sk_state)
0706 & ~(TCPF_CLOSE|TCPF_LISTEN|TCPF_CLOSE_WAIT))
0707
0708 return pipe_handler_do_rcv(sk, skb);
0709 }
0710 drop:
0711 kfree_skb(skb);
0712 return NET_RX_SUCCESS;
0713 }
0714
0715 static int pipe_do_remove(struct sock *sk)
0716 {
0717 struct pep_sock *pn = pep_sk(sk);
0718 struct pnpipehdr *ph;
0719 struct sk_buff *skb;
0720
0721 skb = pep_alloc_skb(sk, NULL, 0, GFP_KERNEL);
0722 if (!skb)
0723 return -ENOMEM;
0724
0725 ph = pnp_hdr(skb);
0726 ph->utid = 0;
0727 ph->message_id = PNS_PIPE_REMOVE_REQ;
0728 ph->pipe_handle = pn->pipe_handle;
0729 ph->data0 = PAD;
0730 return pn_skb_send(sk, skb, NULL);
0731 }
0732
0733
0734 static void pep_sock_close(struct sock *sk, long timeout)
0735 {
0736 struct pep_sock *pn = pep_sk(sk);
0737 int ifindex = 0;
0738
0739 sock_hold(sk);
0740 sk_common_release(sk);
0741
0742 lock_sock(sk);
0743 if ((1 << sk->sk_state) & (TCPF_SYN_RECV|TCPF_ESTABLISHED)) {
0744 if (sk->sk_backlog_rcv == pipe_do_rcv)
0745
0746 pipe_do_remove(sk);
0747 else
0748 pipe_handler_request(sk, PNS_PEP_DISCONNECT_REQ, PAD,
0749 NULL, 0);
0750 }
0751 sk->sk_state = TCP_CLOSE;
0752
0753 ifindex = pn->ifindex;
0754 pn->ifindex = 0;
0755 release_sock(sk);
0756
0757 if (ifindex)
0758 gprs_detach(sk);
0759 sock_put(sk);
0760 }
0761
0762 static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp,
0763 bool kern)
0764 {
0765 struct pep_sock *pn = pep_sk(sk), *newpn;
0766 struct sock *newsk = NULL;
0767 struct sk_buff *skb;
0768 struct pnpipehdr *hdr;
0769 struct sockaddr_pn dst, src;
0770 int err;
0771 u16 peer_type;
0772 u8 pipe_handle, enabled, n_sb;
0773 u8 aligned = 0;
0774
0775 skb = skb_recv_datagram(sk, (flags & O_NONBLOCK) ? MSG_DONTWAIT : 0,
0776 errp);
0777 if (!skb)
0778 return NULL;
0779
0780 lock_sock(sk);
0781 if (sk->sk_state != TCP_LISTEN) {
0782 err = -EINVAL;
0783 goto drop;
0784 }
0785 sk_acceptq_removed(sk);
0786
0787 err = -EPROTO;
0788 if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
0789 goto drop;
0790
0791 hdr = pnp_hdr(skb);
0792 pipe_handle = hdr->pipe_handle;
0793 switch (hdr->state_after_connect) {
0794 case PN_PIPE_DISABLE:
0795 enabled = 0;
0796 break;
0797 case PN_PIPE_ENABLE:
0798 enabled = 1;
0799 break;
0800 default:
0801 pep_reject_conn(sk, skb, PN_PIPE_ERR_INVALID_PARAM,
0802 GFP_KERNEL);
0803 goto drop;
0804 }
0805 peer_type = hdr->other_pep_type << 8;
0806
0807
0808 n_sb = hdr->data[3];
0809 while (n_sb > 0) {
0810 u8 type, buf[1], len = sizeof(buf);
0811 const u8 *data = pep_get_sb(skb, &type, &len, buf);
0812
0813 if (data == NULL)
0814 goto drop;
0815 switch (type) {
0816 case PN_PIPE_SB_CONNECT_REQ_PEP_SUB_TYPE:
0817 if (len < 1)
0818 goto drop;
0819 peer_type = (peer_type & 0xff00) | data[0];
0820 break;
0821 case PN_PIPE_SB_ALIGNED_DATA:
0822 aligned = data[0] != 0;
0823 break;
0824 }
0825 n_sb--;
0826 }
0827
0828
0829 newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
0830 if (unlikely(newsk)) {
0831 __sock_put(newsk);
0832 newsk = NULL;
0833 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE, GFP_KERNEL);
0834 goto drop;
0835 }
0836
0837
0838 newsk = sk_alloc(sock_net(sk), PF_PHONET, GFP_KERNEL, sk->sk_prot,
0839 kern);
0840 if (!newsk) {
0841 pep_reject_conn(sk, skb, PN_PIPE_ERR_OVERLOAD, GFP_KERNEL);
0842 err = -ENOBUFS;
0843 goto drop;
0844 }
0845
0846 sock_init_data(NULL, newsk);
0847 newsk->sk_state = TCP_SYN_RECV;
0848 newsk->sk_backlog_rcv = pipe_do_rcv;
0849 newsk->sk_protocol = sk->sk_protocol;
0850 newsk->sk_destruct = pipe_destruct;
0851
0852 newpn = pep_sk(newsk);
0853 pn_skb_get_dst_sockaddr(skb, &dst);
0854 pn_skb_get_src_sockaddr(skb, &src);
0855 newpn->pn_sk.sobject = pn_sockaddr_get_object(&dst);
0856 newpn->pn_sk.dobject = pn_sockaddr_get_object(&src);
0857 newpn->pn_sk.resource = pn_sockaddr_get_resource(&dst);
0858 sock_hold(sk);
0859 newpn->listener = sk;
0860 skb_queue_head_init(&newpn->ctrlreq_queue);
0861 newpn->pipe_handle = pipe_handle;
0862 atomic_set(&newpn->tx_credits, 0);
0863 newpn->ifindex = 0;
0864 newpn->peer_type = peer_type;
0865 newpn->rx_credits = 0;
0866 newpn->rx_fc = newpn->tx_fc = PN_LEGACY_FLOW_CONTROL;
0867 newpn->init_enable = enabled;
0868 newpn->aligned = aligned;
0869
0870 err = pep_accept_conn(newsk, skb);
0871 if (err) {
0872 __sock_put(sk);
0873 sock_put(newsk);
0874 newsk = NULL;
0875 goto drop;
0876 }
0877 sk_add_node(newsk, &pn->hlist);
0878 drop:
0879 release_sock(sk);
0880 kfree_skb(skb);
0881 *errp = err;
0882 return newsk;
0883 }
0884
0885 static int pep_sock_connect(struct sock *sk, struct sockaddr *addr, int len)
0886 {
0887 struct pep_sock *pn = pep_sk(sk);
0888 int err;
0889 u8 data[4] = { 0 , PAD, PAD, PAD };
0890
0891 if (pn->pipe_handle == PN_PIPE_INVALID_HANDLE)
0892 pn->pipe_handle = 1;
0893
0894 err = pipe_handler_request(sk, PNS_PEP_CONNECT_REQ,
0895 pn->init_enable, data, 4);
0896 if (err) {
0897 pn->pipe_handle = PN_PIPE_INVALID_HANDLE;
0898 return err;
0899 }
0900
0901 sk->sk_state = TCP_SYN_SENT;
0902
0903 return 0;
0904 }
0905
0906 static int pep_sock_enable(struct sock *sk, struct sockaddr *addr, int len)
0907 {
0908 int err;
0909
0910 err = pipe_handler_request(sk, PNS_PEP_ENABLE_REQ, PAD,
0911 NULL, 0);
0912 if (err)
0913 return err;
0914
0915 sk->sk_state = TCP_SYN_SENT;
0916
0917 return 0;
0918 }
0919
0920 static int pep_ioctl(struct sock *sk, int cmd, unsigned long arg)
0921 {
0922 struct pep_sock *pn = pep_sk(sk);
0923 int answ;
0924 int ret = -ENOIOCTLCMD;
0925
0926 switch (cmd) {
0927 case SIOCINQ:
0928 if (sk->sk_state == TCP_LISTEN) {
0929 ret = -EINVAL;
0930 break;
0931 }
0932
0933 lock_sock(sk);
0934 if (sock_flag(sk, SOCK_URGINLINE) &&
0935 !skb_queue_empty(&pn->ctrlreq_queue))
0936 answ = skb_peek(&pn->ctrlreq_queue)->len;
0937 else if (!skb_queue_empty(&sk->sk_receive_queue))
0938 answ = skb_peek(&sk->sk_receive_queue)->len;
0939 else
0940 answ = 0;
0941 release_sock(sk);
0942 ret = put_user(answ, (int __user *)arg);
0943 break;
0944
0945 case SIOCPNENABLEPIPE:
0946 lock_sock(sk);
0947 if (sk->sk_state == TCP_SYN_SENT)
0948 ret = -EBUSY;
0949 else if (sk->sk_state == TCP_ESTABLISHED)
0950 ret = -EISCONN;
0951 else if (!pn->pn_sk.sobject)
0952 ret = -EADDRNOTAVAIL;
0953 else
0954 ret = pep_sock_enable(sk, NULL, 0);
0955 release_sock(sk);
0956 break;
0957 }
0958
0959 return ret;
0960 }
0961
0962 static int pep_init(struct sock *sk)
0963 {
0964 struct pep_sock *pn = pep_sk(sk);
0965
0966 sk->sk_destruct = pipe_destruct;
0967 INIT_HLIST_HEAD(&pn->hlist);
0968 pn->listener = NULL;
0969 skb_queue_head_init(&pn->ctrlreq_queue);
0970 atomic_set(&pn->tx_credits, 0);
0971 pn->ifindex = 0;
0972 pn->peer_type = 0;
0973 pn->pipe_handle = PN_PIPE_INVALID_HANDLE;
0974 pn->rx_credits = 0;
0975 pn->rx_fc = pn->tx_fc = PN_LEGACY_FLOW_CONTROL;
0976 pn->init_enable = 1;
0977 pn->aligned = 0;
0978 return 0;
0979 }
0980
0981 static int pep_setsockopt(struct sock *sk, int level, int optname,
0982 sockptr_t optval, unsigned int optlen)
0983 {
0984 struct pep_sock *pn = pep_sk(sk);
0985 int val = 0, err = 0;
0986
0987 if (level != SOL_PNPIPE)
0988 return -ENOPROTOOPT;
0989 if (optlen >= sizeof(int)) {
0990 if (copy_from_sockptr(&val, optval, sizeof(int)))
0991 return -EFAULT;
0992 }
0993
0994 lock_sock(sk);
0995 switch (optname) {
0996 case PNPIPE_ENCAP:
0997 if (val && val != PNPIPE_ENCAP_IP) {
0998 err = -EINVAL;
0999 break;
1000 }
1001 if (!pn->ifindex == !val)
1002 break;
1003 if (!capable(CAP_NET_ADMIN)) {
1004 err = -EPERM;
1005 break;
1006 }
1007 if (val) {
1008 release_sock(sk);
1009 err = gprs_attach(sk);
1010 if (err > 0) {
1011 pn->ifindex = err;
1012 err = 0;
1013 }
1014 } else {
1015 pn->ifindex = 0;
1016 release_sock(sk);
1017 gprs_detach(sk);
1018 err = 0;
1019 }
1020 goto out_norel;
1021
1022 case PNPIPE_HANDLE:
1023 if ((sk->sk_state == TCP_CLOSE) &&
1024 (val >= 0) && (val < PN_PIPE_INVALID_HANDLE))
1025 pn->pipe_handle = val;
1026 else
1027 err = -EINVAL;
1028 break;
1029
1030 case PNPIPE_INITSTATE:
1031 pn->init_enable = !!val;
1032 break;
1033
1034 default:
1035 err = -ENOPROTOOPT;
1036 }
1037 release_sock(sk);
1038
1039 out_norel:
1040 return err;
1041 }
1042
1043 static int pep_getsockopt(struct sock *sk, int level, int optname,
1044 char __user *optval, int __user *optlen)
1045 {
1046 struct pep_sock *pn = pep_sk(sk);
1047 int len, val;
1048
1049 if (level != SOL_PNPIPE)
1050 return -ENOPROTOOPT;
1051 if (get_user(len, optlen))
1052 return -EFAULT;
1053
1054 switch (optname) {
1055 case PNPIPE_ENCAP:
1056 val = pn->ifindex ? PNPIPE_ENCAP_IP : PNPIPE_ENCAP_NONE;
1057 break;
1058
1059 case PNPIPE_IFINDEX:
1060 val = pn->ifindex;
1061 break;
1062
1063 case PNPIPE_HANDLE:
1064 val = pn->pipe_handle;
1065 if (val == PN_PIPE_INVALID_HANDLE)
1066 return -EINVAL;
1067 break;
1068
1069 case PNPIPE_INITSTATE:
1070 val = pn->init_enable;
1071 break;
1072
1073 default:
1074 return -ENOPROTOOPT;
1075 }
1076
1077 len = min_t(unsigned int, sizeof(int), len);
1078 if (put_user(len, optlen))
1079 return -EFAULT;
1080 if (put_user(val, (int __user *) optval))
1081 return -EFAULT;
1082 return 0;
1083 }
1084
1085 static int pipe_skb_send(struct sock *sk, struct sk_buff *skb)
1086 {
1087 struct pep_sock *pn = pep_sk(sk);
1088 struct pnpipehdr *ph;
1089 int err;
1090
1091 if (pn_flow_safe(pn->tx_fc) &&
1092 !atomic_add_unless(&pn->tx_credits, -1, 0)) {
1093 kfree_skb(skb);
1094 return -ENOBUFS;
1095 }
1096
1097 skb_push(skb, 3 + pn->aligned);
1098 skb_reset_transport_header(skb);
1099 ph = pnp_hdr(skb);
1100 ph->utid = 0;
1101 if (pn->aligned) {
1102 ph->message_id = PNS_PIPE_ALIGNED_DATA;
1103 ph->data0 = 0;
1104 } else
1105 ph->message_id = PNS_PIPE_DATA;
1106 ph->pipe_handle = pn->pipe_handle;
1107 err = pn_skb_send(sk, skb, NULL);
1108
1109 if (err && pn_flow_safe(pn->tx_fc))
1110 atomic_inc(&pn->tx_credits);
1111 return err;
1112
1113 }
1114
1115 static int pep_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1116 {
1117 struct pep_sock *pn = pep_sk(sk);
1118 struct sk_buff *skb;
1119 long timeo;
1120 int flags = msg->msg_flags;
1121 int err, done;
1122
1123 if (len > USHRT_MAX)
1124 return -EMSGSIZE;
1125
1126 if ((msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|
1127 MSG_CMSG_COMPAT)) ||
1128 !(msg->msg_flags & MSG_EOR))
1129 return -EOPNOTSUPP;
1130
1131 skb = sock_alloc_send_skb(sk, MAX_PNPIPE_HEADER + len,
1132 flags & MSG_DONTWAIT, &err);
1133 if (!skb)
1134 return err;
1135
1136 skb_reserve(skb, MAX_PHONET_HEADER + 3 + pn->aligned);
1137 err = memcpy_from_msg(skb_put(skb, len), msg, len);
1138 if (err < 0)
1139 goto outfree;
1140
1141 lock_sock(sk);
1142 timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1143 if ((1 << sk->sk_state) & (TCPF_LISTEN|TCPF_CLOSE)) {
1144 err = -ENOTCONN;
1145 goto out;
1146 }
1147 if (sk->sk_state != TCP_ESTABLISHED) {
1148
1149 disabled:
1150 err = sk_stream_wait_connect(sk, &timeo);
1151 if (err)
1152 goto out;
1153
1154 if (sk->sk_state == TCP_CLOSE_WAIT) {
1155 err = -ECONNRESET;
1156 goto out;
1157 }
1158 }
1159 BUG_ON(sk->sk_state != TCP_ESTABLISHED);
1160
1161
1162 done = atomic_read(&pn->tx_credits);
1163 while (!done) {
1164 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1165
1166 if (!timeo) {
1167 err = -EAGAIN;
1168 goto out;
1169 }
1170 if (signal_pending(current)) {
1171 err = sock_intr_errno(timeo);
1172 goto out;
1173 }
1174
1175 add_wait_queue(sk_sleep(sk), &wait);
1176 done = sk_wait_event(sk, &timeo, atomic_read(&pn->tx_credits), &wait);
1177 remove_wait_queue(sk_sleep(sk), &wait);
1178
1179 if (sk->sk_state != TCP_ESTABLISHED)
1180 goto disabled;
1181 }
1182
1183 err = pipe_skb_send(sk, skb);
1184 if (err >= 0)
1185 err = len;
1186 skb = NULL;
1187 out:
1188 release_sock(sk);
1189 outfree:
1190 kfree_skb(skb);
1191 return err;
1192 }
1193
1194 int pep_writeable(struct sock *sk)
1195 {
1196 struct pep_sock *pn = pep_sk(sk);
1197
1198 return atomic_read(&pn->tx_credits);
1199 }
1200
1201 int pep_write(struct sock *sk, struct sk_buff *skb)
1202 {
1203 struct sk_buff *rskb, *fs;
1204 int flen = 0;
1205
1206 if (pep_sk(sk)->aligned)
1207 return pipe_skb_send(sk, skb);
1208
1209 rskb = alloc_skb(MAX_PNPIPE_HEADER, GFP_ATOMIC);
1210 if (!rskb) {
1211 kfree_skb(skb);
1212 return -ENOMEM;
1213 }
1214 skb_shinfo(rskb)->frag_list = skb;
1215 rskb->len += skb->len;
1216 rskb->data_len += rskb->len;
1217 rskb->truesize += rskb->len;
1218
1219
1220 skb_walk_frags(skb, fs)
1221 flen += fs->len;
1222 skb->next = skb_shinfo(skb)->frag_list;
1223 skb_frag_list_init(skb);
1224 skb->len -= flen;
1225 skb->data_len -= flen;
1226 skb->truesize -= flen;
1227
1228 skb_reserve(rskb, MAX_PHONET_HEADER + 3);
1229 return pipe_skb_send(sk, rskb);
1230 }
1231
1232 struct sk_buff *pep_read(struct sock *sk)
1233 {
1234 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
1235
1236 if (sk->sk_state == TCP_ESTABLISHED)
1237 pipe_grant_credits(sk, GFP_ATOMIC);
1238 return skb;
1239 }
1240
1241 static int pep_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
1242 int flags, int *addr_len)
1243 {
1244 struct sk_buff *skb;
1245 int err;
1246
1247 if (flags & ~(MSG_OOB|MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_WAITALL|
1248 MSG_NOSIGNAL|MSG_CMSG_COMPAT))
1249 return -EOPNOTSUPP;
1250
1251 if (unlikely(1 << sk->sk_state & (TCPF_LISTEN | TCPF_CLOSE)))
1252 return -ENOTCONN;
1253
1254 if ((flags & MSG_OOB) || sock_flag(sk, SOCK_URGINLINE)) {
1255
1256 struct pep_sock *pn = pep_sk(sk);
1257
1258 if (flags & MSG_PEEK)
1259 return -EOPNOTSUPP;
1260 skb = skb_dequeue(&pn->ctrlreq_queue);
1261 if (skb) {
1262 pep_ctrlreq_error(sk, skb, PN_PIPE_NO_ERROR,
1263 GFP_KERNEL);
1264 msg->msg_flags |= MSG_OOB;
1265 goto copy;
1266 }
1267 if (flags & MSG_OOB)
1268 return -EINVAL;
1269 }
1270
1271 skb = skb_recv_datagram(sk, flags, &err);
1272 lock_sock(sk);
1273 if (skb == NULL) {
1274 if (err == -ENOTCONN && sk->sk_state == TCP_CLOSE_WAIT)
1275 err = -ECONNRESET;
1276 release_sock(sk);
1277 return err;
1278 }
1279
1280 if (sk->sk_state == TCP_ESTABLISHED)
1281 pipe_grant_credits(sk, GFP_KERNEL);
1282 release_sock(sk);
1283 copy:
1284 msg->msg_flags |= MSG_EOR;
1285 if (skb->len > len)
1286 msg->msg_flags |= MSG_TRUNC;
1287 else
1288 len = skb->len;
1289
1290 err = skb_copy_datagram_msg(skb, 0, msg, len);
1291 if (!err)
1292 err = (flags & MSG_TRUNC) ? skb->len : len;
1293
1294 skb_free_datagram(sk, skb);
1295 return err;
1296 }
1297
1298 static void pep_sock_unhash(struct sock *sk)
1299 {
1300 struct pep_sock *pn = pep_sk(sk);
1301 struct sock *skparent = NULL;
1302
1303 lock_sock(sk);
1304
1305 if (pn->listener != NULL) {
1306 skparent = pn->listener;
1307 pn->listener = NULL;
1308 release_sock(sk);
1309
1310 pn = pep_sk(skparent);
1311 lock_sock(skparent);
1312 sk_del_node_init(sk);
1313 sk = skparent;
1314 }
1315
1316
1317
1318 if (hlist_empty(&pn->hlist))
1319 pn_sock_unhash(&pn->pn_sk.sk);
1320 release_sock(sk);
1321
1322 if (skparent)
1323 sock_put(skparent);
1324 }
1325
1326 static struct proto pep_proto = {
1327 .close = pep_sock_close,
1328 .accept = pep_sock_accept,
1329 .connect = pep_sock_connect,
1330 .ioctl = pep_ioctl,
1331 .init = pep_init,
1332 .setsockopt = pep_setsockopt,
1333 .getsockopt = pep_getsockopt,
1334 .sendmsg = pep_sendmsg,
1335 .recvmsg = pep_recvmsg,
1336 .backlog_rcv = pep_do_rcv,
1337 .hash = pn_sock_hash,
1338 .unhash = pep_sock_unhash,
1339 .get_port = pn_sock_get_port,
1340 .obj_size = sizeof(struct pep_sock),
1341 .owner = THIS_MODULE,
1342 .name = "PNPIPE",
1343 };
1344
1345 static const struct phonet_protocol pep_pn_proto = {
1346 .ops = &phonet_stream_ops,
1347 .prot = &pep_proto,
1348 .sock_type = SOCK_SEQPACKET,
1349 };
1350
1351 static int __init pep_register(void)
1352 {
1353 return phonet_proto_register(PN_PROTO_PIPE, &pep_pn_proto);
1354 }
1355
1356 static void __exit pep_unregister(void)
1357 {
1358 phonet_proto_unregister(PN_PROTO_PIPE, &pep_pn_proto);
1359 }
1360
1361 module_init(pep_register);
1362 module_exit(pep_unregister);
1363 MODULE_AUTHOR("Remi Denis-Courmont, Nokia");
1364 MODULE_DESCRIPTION("Phonet pipe protocol");
1365 MODULE_LICENSE("GPL");
1366 MODULE_ALIAS_NET_PF_PROTO(PF_PHONET, PN_PROTO_PIPE);
