2019-05-31 01:09:58 -07:00
// SPDX-License-Identifier: GPL-2.0-only
2005-04-16 15:20:36 -07:00
/*
*
2005-08-24 18:06:36 +01:00
* Copyright ( C ) Hans Alblas PE1AYX < hans @ esrac . ele . tue . nl >
* Copyright ( C ) 2004 , 05 Ralf Baechle DL5RB < ralf @ linux - mips . org >
2005-10-14 14:28:09 +01:00
* Copyright ( C ) 2004 , 05 Thomas Osterried DL9SAU < thomas @ x - berg . in - berlin . de >
2005-04-16 15:20:36 -07:00
*/
# include <linux/module.h>
# include <linux/bitops.h>
2016-12-24 11:46:01 -08:00
# include <linux/uaccess.h>
2005-10-14 14:28:09 +01:00
# include <linux/crc16.h>
2005-04-16 15:20:36 -07:00
# include <linux/string.h>
# include <linux/mm.h>
# include <linux/interrupt.h>
# include <linux/in.h>
# include <linux/inet.h>
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 17:04:11 +09:00
# include <linux/slab.h>
2005-04-16 15:20:36 -07:00
# include <linux/tty.h>
# include <linux/errno.h>
# include <linux/netdevice.h>
# include <linux/major.h>
# include <linux/init.h>
# include <linux/rtnetlink.h>
# include <linux/etherdevice.h>
# include <linux/skbuff.h>
# include <linux/if_arp.h>
2005-07-15 11:16:42 +01:00
# include <linux/jiffies.h>
2019-08-03 00:48:21 +08:00
# include <linux/refcount.h>
2005-04-16 15:20:36 -07:00
# include <net/ax25.h>
2005-08-24 18:06:36 +01:00
# define AX_MTU 236
/* SLIP/KISS protocol characters. */
# define END 0300 /* indicates end of frame */
# define ESC 0333 /* indicates byte stuffing */
# define ESC_END 0334 /* ESC ESC_END means END 'data' */
# define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
struct mkiss {
struct tty_struct * tty ; /* ptr to TTY structure */
struct net_device * dev ; /* easy for intr handling */
/* These are pointers to the malloc()ed frame buffers. */
spinlock_t buflock ; /* lock for rbuf and xbuf */
unsigned char * rbuff ; /* receiver buffer */
int rcount ; /* received chars counter */
unsigned char * xbuff ; /* transmitter buffer */
unsigned char * xhead ; /* pointer to next byte to XMIT */
int xleft ; /* bytes left in XMIT queue */
/* Detailed SLIP statistics. */
int mtu ; /* Our mtu (to spot changes!) */
int buffsize ; /* Max buffers sizes */
unsigned long flags ; /* Flag values/ mode etc */
/* long req'd: used by set_bit --RR */
# define AXF_INUSE 0 /* Channel in use */
# define AXF_ESCAPE 1 /* ESC received */
# define AXF_ERROR 2 /* Parity, etc. error */
# define AXF_KEEPTEST 3 /* Keepalive test flag */
# define AXF_OUTWAIT 4 /* is outpacket was flag */
int mode ;
int crcmode ; /* MW: for FlexNet, SMACK etc. */
2005-10-14 14:28:09 +01:00
int crcauto ; /* CRC auto mode */
# define CRC_MODE_NONE 0
# define CRC_MODE_FLEX 1
# define CRC_MODE_SMACK 2
# define CRC_MODE_FLEX_TEST 3
# define CRC_MODE_SMACK_TEST 4
2005-08-24 18:06:36 +01:00
2019-08-03 00:48:21 +08:00
refcount_t refcnt ;
2018-12-10 22:52:56 +01:00
struct completion dead ;
2005-08-24 18:06:36 +01:00
} ;
2005-04-16 15:20:36 -07:00
/*---------------------------------------------------------------------------*/
2005-08-24 18:06:36 +01:00
static const unsigned short crc_flex_table [ ] = {
0x0f87 , 0x1e0e , 0x2c95 , 0x3d1c , 0x49a3 , 0x582a , 0x6ab1 , 0x7b38 ,
0x83cf , 0x9246 , 0xa0dd , 0xb154 , 0xc5eb , 0xd462 , 0xe6f9 , 0xf770 ,
0x1f06 , 0x0e8f , 0x3c14 , 0x2d9d , 0x5922 , 0x48ab , 0x7a30 , 0x6bb9 ,
0x934e , 0x82c7 , 0xb05c , 0xa1d5 , 0xd56a , 0xc4e3 , 0xf678 , 0xe7f1 ,
0x2e85 , 0x3f0c , 0x0d97 , 0x1c1e , 0x68a1 , 0x7928 , 0x4bb3 , 0x5a3a ,
0xa2cd , 0xb344 , 0x81df , 0x9056 , 0xe4e9 , 0xf560 , 0xc7fb , 0xd672 ,
0x3e04 , 0x2f8d , 0x1d16 , 0x0c9f , 0x7820 , 0x69a9 , 0x5b32 , 0x4abb ,
0xb24c , 0xa3c5 , 0x915e , 0x80d7 , 0xf468 , 0xe5e1 , 0xd77a , 0xc6f3 ,
0x4d83 , 0x5c0a , 0x6e91 , 0x7f18 , 0x0ba7 , 0x1a2e , 0x28b5 , 0x393c ,
0xc1cb , 0xd042 , 0xe2d9 , 0xf350 , 0x87ef , 0x9666 , 0xa4fd , 0xb574 ,
0x5d02 , 0x4c8b , 0x7e10 , 0x6f99 , 0x1b26 , 0x0aaf , 0x3834 , 0x29bd ,
0xd14a , 0xc0c3 , 0xf258 , 0xe3d1 , 0x976e , 0x86e7 , 0xb47c , 0xa5f5 ,
0x6c81 , 0x7d08 , 0x4f93 , 0x5e1a , 0x2aa5 , 0x3b2c , 0x09b7 , 0x183e ,
0xe0c9 , 0xf140 , 0xc3db , 0xd252 , 0xa6ed , 0xb764 , 0x85ff , 0x9476 ,
0x7c00 , 0x6d89 , 0x5f12 , 0x4e9b , 0x3a24 , 0x2bad , 0x1936 , 0x08bf ,
0xf048 , 0xe1c1 , 0xd35a , 0xc2d3 , 0xb66c , 0xa7e5 , 0x957e , 0x84f7 ,
0x8b8f , 0x9a06 , 0xa89d , 0xb914 , 0xcdab , 0xdc22 , 0xeeb9 , 0xff30 ,
0x07c7 , 0x164e , 0x24d5 , 0x355c , 0x41e3 , 0x506a , 0x62f1 , 0x7378 ,
0x9b0e , 0x8a87 , 0xb81c , 0xa995 , 0xdd2a , 0xcca3 , 0xfe38 , 0xefb1 ,
0x1746 , 0x06cf , 0x3454 , 0x25dd , 0x5162 , 0x40eb , 0x7270 , 0x63f9 ,
0xaa8d , 0xbb04 , 0x899f , 0x9816 , 0xeca9 , 0xfd20 , 0xcfbb , 0xde32 ,
0x26c5 , 0x374c , 0x05d7 , 0x145e , 0x60e1 , 0x7168 , 0x43f3 , 0x527a ,
0xba0c , 0xab85 , 0x991e , 0x8897 , 0xfc28 , 0xeda1 , 0xdf3a , 0xceb3 ,
0x3644 , 0x27cd , 0x1556 , 0x04df , 0x7060 , 0x61e9 , 0x5372 , 0x42fb ,
0xc98b , 0xd802 , 0xea99 , 0xfb10 , 0x8faf , 0x9e26 , 0xacbd , 0xbd34 ,
0x45c3 , 0x544a , 0x66d1 , 0x7758 , 0x03e7 , 0x126e , 0x20f5 , 0x317c ,
0xd90a , 0xc883 , 0xfa18 , 0xeb91 , 0x9f2e , 0x8ea7 , 0xbc3c , 0xadb5 ,
0x5542 , 0x44cb , 0x7650 , 0x67d9 , 0x1366 , 0x02ef , 0x3074 , 0x21fd ,
0xe889 , 0xf900 , 0xcb9b , 0xda12 , 0xaead , 0xbf24 , 0x8dbf , 0x9c36 ,
0x64c1 , 0x7548 , 0x47d3 , 0x565a , 0x22e5 , 0x336c , 0x01f7 , 0x107e ,
0xf808 , 0xe981 , 0xdb1a , 0xca93 , 0xbe2c , 0xafa5 , 0x9d3e , 0x8cb7 ,
0x7440 , 0x65c9 , 0x5752 , 0x46db , 0x3264 , 0x23ed , 0x1176 , 0x00ff
2005-04-16 15:20:36 -07:00
} ;
static unsigned short calc_crc_flex ( unsigned char * cp , int size )
{
2005-08-24 18:06:36 +01:00
unsigned short crc = 0xffff ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
while ( size - - )
crc = ( crc < < 8 ) ^ crc_flex_table [ ( ( crc > > 8 ) ^ * cp + + ) & 0xff ] ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
return crc ;
}
2005-04-16 15:20:36 -07:00
static int check_crc_flex ( unsigned char * cp , int size )
{
2005-08-24 18:06:36 +01:00
unsigned short crc = 0xffff ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( size < 3 )
return - 1 ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
while ( size - - )
crc = ( crc < < 8 ) ^ crc_flex_table [ ( ( crc > > 8 ) ^ * cp + + ) & 0xff ] ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( ( crc & 0xffff ) ! = 0x7070 )
return - 1 ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
2005-10-14 14:28:09 +01:00
static int check_crc_16 ( unsigned char * cp , int size )
{
unsigned short crc = 0x0000 ;
if ( size < 3 )
return - 1 ;
crc = crc16 ( 0 , cp , size ) ;
if ( crc ! = 0x0000 )
return - 1 ;
return 0 ;
}
2005-08-24 18:06:36 +01:00
/*
* Standard encapsulation
*/
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
static int kiss_esc ( unsigned char * s , unsigned char * d , int len )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
unsigned char * ptr = d ;
unsigned char c ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/*
* Send an initial END character to flush out any data that may have
* accumulated in the receiver due to line noise .
*/
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
* ptr + + = END ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
while ( len - - > 0 ) {
switch ( c = * s + + ) {
case END :
* ptr + + = ESC ;
* ptr + + = ESC_END ;
2005-04-16 15:20:36 -07:00
break ;
2005-08-24 18:06:36 +01:00
case ESC :
* ptr + + = ESC ;
* ptr + + = ESC_ESC ;
break ;
default :
* ptr + + = c ;
break ;
}
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
* ptr + + = END ;
return ptr - d ;
}
/*
* MW :
* OK its ugly , but tell me a better solution without copying the
* packet to a temporary buffer : - )
*/
static int kiss_esc_crc ( unsigned char * s , unsigned char * d , unsigned short crc ,
int len )
{
unsigned char * ptr = d ;
unsigned char c = 0 ;
* ptr + + = END ;
while ( len > 0 ) {
if ( len > 2 )
c = * s + + ;
else if ( len > 1 )
c = crc > > 8 ;
2018-04-25 11:43:07 +01:00
else
2005-08-24 18:06:36 +01:00
c = crc & 0xff ;
len - - ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
switch ( c ) {
case END :
* ptr + + = ESC ;
* ptr + + = ESC_END ;
break ;
case ESC :
* ptr + + = ESC ;
* ptr + + = ESC_ESC ;
break ;
default :
* ptr + + = c ;
break ;
}
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
* ptr + + = END ;
return ptr - d ;
}
/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
static void ax_bump ( struct mkiss * ax )
{
struct sk_buff * skb ;
int count ;
spin_lock_bh ( & ax - > buflock ) ;
if ( ax - > rbuff [ 0 ] > 0x0f ) {
2005-10-14 14:28:09 +01:00
if ( ax - > rbuff [ 0 ] & 0x80 ) {
if ( check_crc_16 ( ax - > rbuff , ax - > rcount ) < 0 ) {
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_errors + + ;
2005-10-14 14:28:09 +01:00
spin_unlock_bh ( & ax - > buflock ) ;
return ;
}
if ( ax - > crcmode ! = CRC_MODE_SMACK & & ax - > crcauto ) {
printk ( KERN_INFO
2009-10-01 14:48:25 -07:00
" mkiss: %s: Switching to crc-smack \n " ,
2005-10-14 14:28:09 +01:00
ax - > dev - > name ) ;
ax - > crcmode = CRC_MODE_SMACK ;
}
ax - > rcount - = 2 ;
* ax - > rbuff & = ~ 0x80 ;
} else if ( ax - > rbuff [ 0 ] & 0x20 ) {
2005-08-24 18:06:36 +01:00
if ( check_crc_flex ( ax - > rbuff , ax - > rcount ) < 0 ) {
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_errors + + ;
2005-10-14 14:28:09 +01:00
spin_unlock_bh ( & ax - > buflock ) ;
2005-08-24 18:06:36 +01:00
return ;
}
2005-10-14 14:28:09 +01:00
if ( ax - > crcmode ! = CRC_MODE_FLEX & & ax - > crcauto ) {
printk ( KERN_INFO
2009-10-01 14:48:25 -07:00
" mkiss: %s: Switching to crc-flexnet \n " ,
2005-10-14 14:28:09 +01:00
ax - > dev - > name ) ;
ax - > crcmode = CRC_MODE_FLEX ;
}
2005-08-24 18:06:36 +01:00
ax - > rcount - = 2 ;
2005-10-14 14:28:09 +01:00
/*
* dl9sau bugfix : the trailling two bytes flexnet crc
* will not be passed to the kernel . thus we have to
* correct the kissparm signature , because it indicates
* a crc but there ' s none
2005-08-24 18:06:36 +01:00
*/
2005-10-14 14:28:09 +01:00
* ax - > rbuff & = ~ 0x20 ;
2005-04-16 15:20:36 -07:00
}
2021-05-20 11:47:50 +08:00
}
2005-08-24 18:06:36 +01:00
count = ax - > rcount ;
if ( ( skb = dev_alloc_skb ( count ) ) = = NULL ) {
printk ( KERN_ERR " mkiss: %s: memory squeeze, dropping packet. \n " ,
ax - > dev - > name ) ;
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_dropped + + ;
2008-02-13 11:17:58 +00:00
spin_unlock_bh ( & ax - > buflock ) ;
2005-08-24 18:06:36 +01:00
return ;
2005-04-16 15:20:36 -07:00
}
networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.
An spatch similar to the one for skb_put_zero() converts many
of the places using it:
@@
identifier p, p2;
expression len, skb, data;
type t, t2;
@@
(
-p = skb_put(skb, len);
+p = skb_put_data(skb, data, len);
|
-p = (t)skb_put(skb, len);
+p = skb_put_data(skb, data, len);
)
(
p2 = (t2)p;
-memcpy(p2, data, len);
|
-memcpy(p, data, len);
)
@@
type t, t2;
identifier p, p2;
expression skb, data;
@@
t *p;
...
(
-p = skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
|
-p = (t *)skb_put(skb, sizeof(t));
+p = skb_put_data(skb, data, sizeof(t));
)
(
p2 = (t2)p;
-memcpy(p2, data, sizeof(*p));
|
-memcpy(p, data, sizeof(*p));
)
@@
expression skb, len, data;
@@
-memcpy(skb_put(skb, len), data, len);
+skb_put_data(skb, data, len);
(again, manually post-processed to retain some comments)
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 14:29:20 +02:00
skb_put_data ( skb , ax - > rbuff , count ) ;
2005-08-24 18:06:36 +01:00
skb - > protocol = ax25_type_trans ( skb , ax - > dev ) ;
netif_rx ( skb ) ;
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_packets + + ;
ax - > dev - > stats . rx_bytes + = count ;
2008-02-13 11:17:58 +00:00
spin_unlock_bh ( & ax - > buflock ) ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
static void kiss_unesc ( struct mkiss * ax , unsigned char s )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
switch ( s ) {
case END :
/* drop keeptest bit = VSV */
if ( test_bit ( AXF_KEEPTEST , & ax - > flags ) )
clear_bit ( AXF_KEEPTEST , & ax - > flags ) ;
if ( ! test_and_clear_bit ( AXF_ERROR , & ax - > flags ) & & ( ax - > rcount > 2 ) )
ax_bump ( ax ) ;
clear_bit ( AXF_ESCAPE , & ax - > flags ) ;
ax - > rcount = 0 ;
return ;
case ESC :
set_bit ( AXF_ESCAPE , & ax - > flags ) ;
return ;
case ESC_ESC :
if ( test_and_clear_bit ( AXF_ESCAPE , & ax - > flags ) )
s = ESC ;
break ;
case ESC_END :
if ( test_and_clear_bit ( AXF_ESCAPE , & ax - > flags ) )
s = END ;
break ;
}
spin_lock_bh ( & ax - > buflock ) ;
if ( ! test_bit ( AXF_ERROR , & ax - > flags ) ) {
if ( ax - > rcount < ax - > buffsize ) {
ax - > rbuff [ ax - > rcount + + ] = s ;
spin_unlock_bh ( & ax - > buflock ) ;
return ;
}
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_over_errors + + ;
2005-08-24 18:06:36 +01:00
set_bit ( AXF_ERROR , & ax - > flags ) ;
}
spin_unlock_bh ( & ax - > buflock ) ;
}
static int ax_set_mac_address ( struct net_device * dev , void * addr )
{
struct sockaddr_ax25 * sa = addr ;
2006-06-09 12:20:56 -07:00
netif_tx_lock_bh ( dev ) ;
2008-07-15 00:13:44 -07:00
netif_addr_lock ( dev ) ;
2005-08-24 18:06:36 +01:00
memcpy ( dev - > dev_addr , & sa - > sax25_call , AX25_ADDR_LEN ) ;
2008-07-15 00:13:44 -07:00
netif_addr_unlock ( dev ) ;
2006-06-09 12:20:56 -07:00
netif_tx_unlock_bh ( dev ) ;
2005-08-24 18:06:36 +01:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
/*---------------------------------------------------------------------------*/
static void ax_changedmtu ( struct mkiss * ax )
2005-04-16 15:20:36 -07:00
{
struct net_device * dev = ax - > dev ;
unsigned char * xbuff , * rbuff , * oxbuff , * orbuff ;
int len ;
len = dev - > mtu * 2 ;
/*
* allow for arrival of larger UDP packets , even if we say not to
* also fixes a bug in which SunOS sends 512 - byte packets even with
* an MSS of 128
*/
if ( len < 576 * 2 )
len = 576 * 2 ;
xbuff = kmalloc ( len + 4 , GFP_ATOMIC ) ;
rbuff = kmalloc ( len + 4 , GFP_ATOMIC ) ;
if ( xbuff = = NULL | | rbuff = = NULL ) {
2005-08-24 18:06:36 +01:00
printk ( KERN_ERR " mkiss: %s: unable to grow ax25 buffers, "
" MTU change cancelled. \n " ,
2005-04-16 15:20:36 -07:00
ax - > dev - > name ) ;
dev - > mtu = ax - > mtu ;
2005-10-28 16:53:13 -04:00
kfree ( xbuff ) ;
kfree ( rbuff ) ;
2005-04-16 15:20:36 -07:00
return ;
}
spin_lock_bh ( & ax - > buflock ) ;
oxbuff = ax - > xbuff ;
ax - > xbuff = xbuff ;
orbuff = ax - > rbuff ;
ax - > rbuff = rbuff ;
if ( ax - > xleft ) {
if ( ax - > xleft < = len ) {
memcpy ( ax - > xbuff , ax - > xhead , ax - > xleft ) ;
} else {
ax - > xleft = 0 ;
2009-01-09 13:01:40 +00:00
dev - > stats . tx_dropped + + ;
2005-04-16 15:20:36 -07:00
}
}
ax - > xhead = ax - > xbuff ;
if ( ax - > rcount ) {
if ( ax - > rcount < = len ) {
memcpy ( ax - > rbuff , orbuff , ax - > rcount ) ;
} else {
ax - > rcount = 0 ;
2009-01-09 13:01:40 +00:00
dev - > stats . rx_over_errors + + ;
2005-04-16 15:20:36 -07:00
set_bit ( AXF_ERROR , & ax - > flags ) ;
}
}
ax - > mtu = dev - > mtu + 73 ;
ax - > buffsize = len ;
spin_unlock_bh ( & ax - > buflock ) ;
2005-08-24 18:06:36 +01:00
kfree ( oxbuff ) ;
kfree ( orbuff ) ;
2005-04-16 15:20:36 -07:00
}
/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
2005-08-24 18:06:36 +01:00
static void ax_encaps ( struct net_device * dev , unsigned char * icp , int len )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = netdev_priv ( dev ) ;
2005-04-16 15:20:36 -07:00
unsigned char * p ;
int actual , count ;
if ( ax - > mtu ! = ax - > dev - > mtu + 73 ) /* Someone has been ifconfigging */
ax_changedmtu ( ax ) ;
if ( len > ax - > mtu ) { /* Sigh, shouldn't occur BUT ... */
printk ( KERN_ERR " mkiss: %s: truncating oversized transmit packet! \n " , ax - > dev - > name ) ;
2009-01-09 13:01:40 +00:00
dev - > stats . tx_dropped + + ;
2005-08-24 18:06:36 +01:00
netif_start_queue ( dev ) ;
2005-04-16 15:20:36 -07:00
return ;
}
p = icp ;
spin_lock_bh ( & ax - > buflock ) ;
2005-10-14 14:28:09 +01:00
if ( ( * p & 0x0f ) ! = 0 ) {
/* Configuration Command (kissparms(1).
* Protocol spec says : never append CRC .
* This fixes a very old bug in the linux
* kiss driver . - - dl9sau */
switch ( * p & 0xff ) {
case 0x85 :
/* command from userspace especially for us,
* not for delivery to the tnc */
if ( len > 1 ) {
int cmd = ( p [ 1 ] & 0xff ) ;
switch ( cmd ) {
case 3 :
ax - > crcmode = CRC_MODE_SMACK ;
break ;
case 2 :
ax - > crcmode = CRC_MODE_FLEX ;
break ;
case 1 :
ax - > crcmode = CRC_MODE_NONE ;
break ;
case 0 :
default :
ax - > crcmode = CRC_MODE_SMACK_TEST ;
cmd = 0 ;
}
ax - > crcauto = ( cmd ? 0 : 1 ) ;
2017-09-27 22:45:13 +01:00
printk ( KERN_INFO " mkiss: %s: crc mode set to %d \n " ,
ax - > dev - > name , cmd ) ;
2005-10-14 14:28:09 +01:00
}
spin_unlock_bh ( & ax - > buflock ) ;
netif_start_queue ( dev ) ;
2005-04-16 15:20:36 -07:00
2005-10-14 14:28:09 +01:00
return ;
default :
2012-06-04 12:44:18 +00:00
count = kiss_esc ( p , ax - > xbuff , len ) ;
2005-10-14 14:28:09 +01:00
}
} else {
unsigned short crc ;
switch ( ax - > crcmode ) {
case CRC_MODE_SMACK_TEST :
ax - > crcmode = CRC_MODE_FLEX_TEST ;
printk ( KERN_INFO " mkiss: %s: Trying crc-smack \n " , ax - > dev - > name ) ;
2020-08-23 17:36:59 -05:00
fallthrough ;
2005-10-14 14:28:09 +01:00
case CRC_MODE_SMACK :
* p | = 0x80 ;
crc = swab16 ( crc16 ( 0 , p , len ) ) ;
2012-06-04 12:44:18 +00:00
count = kiss_esc_crc ( p , ax - > xbuff , crc , len + 2 ) ;
2005-10-14 14:28:09 +01:00
break ;
case CRC_MODE_FLEX_TEST :
ax - > crcmode = CRC_MODE_NONE ;
printk ( KERN_INFO " mkiss: %s: Trying crc-flexnet \n " , ax - > dev - > name ) ;
2020-08-23 17:36:59 -05:00
fallthrough ;
2005-10-14 14:28:09 +01:00
case CRC_MODE_FLEX :
* p | = 0x20 ;
crc = calc_crc_flex ( p , len ) ;
2012-06-04 12:44:18 +00:00
count = kiss_esc_crc ( p , ax - > xbuff , crc , len + 2 ) ;
2005-10-14 14:28:09 +01:00
break ;
default :
2012-06-04 12:44:18 +00:00
count = kiss_esc ( p , ax - > xbuff , len ) ;
2005-10-14 14:28:09 +01:00
}
2021-05-20 11:47:50 +08:00
}
2006-01-08 22:31:04 -08:00
spin_unlock_bh ( & ax - > buflock ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
set_bit ( TTY_DO_WRITE_WAKEUP , & ax - > tty - > flags ) ;
2008-04-30 00:54:13 -07:00
actual = ax - > tty - > ops - > write ( ax - > tty , ax - > xbuff , count ) ;
2009-01-09 13:01:40 +00:00
dev - > stats . tx_packets + + ;
dev - > stats . tx_bytes + = actual ;
2005-08-24 18:06:36 +01:00
2016-05-03 16:33:13 +02:00
netif_trans_update ( ax - > dev ) ;
2005-04-16 15:20:36 -07:00
ax - > xleft = count - actual ;
ax - > xhead = ax - > xbuff + actual ;
}
/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
2009-08-31 19:50:43 +00:00
static netdev_tx_t ax_xmit ( struct sk_buff * skb , struct net_device * dev )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = netdev_priv ( dev ) ;
2005-04-16 15:20:36 -07:00
2015-03-03 09:41:47 -06:00
if ( skb - > protocol = = htons ( ETH_P_IP ) )
return ax25_ip_xmit ( skb ) ;
2005-04-16 15:20:36 -07:00
if ( ! netif_running ( dev ) ) {
printk ( KERN_ERR " mkiss: %s: xmit call when iface is down \n " , dev - > name ) ;
2009-06-12 06:22:29 +00:00
return NETDEV_TX_BUSY ;
2005-04-16 15:20:36 -07:00
}
if ( netif_queue_stopped ( dev ) ) {
/*
* May be we must check transmitter timeout here ?
* 14 Oct 1994 Dmitry Gorodchanin .
*/
2016-05-03 16:30:59 +02:00
if ( time_before ( jiffies , dev_trans_start ( dev ) + 20 * HZ ) ) {
2005-04-16 15:20:36 -07:00
/* 20 sec timeout not reached */
2009-06-12 06:22:29 +00:00
return NETDEV_TX_BUSY ;
2005-04-16 15:20:36 -07:00
}
printk ( KERN_ERR " mkiss: %s: transmit timed out, %s? \n " , dev - > name ,
2008-07-30 12:38:59 -07:00
( tty_chars_in_buffer ( ax - > tty ) | | ax - > xleft ) ?
2005-04-16 15:20:36 -07:00
" bad line quality " : " driver error " ) ;
ax - > xleft = 0 ;
2005-08-24 18:06:36 +01:00
clear_bit ( TTY_DO_WRITE_WAKEUP , & ax - > tty - > flags ) ;
netif_start_queue ( dev ) ;
2005-04-16 15:20:36 -07:00
}
/* We were not busy, so we are now... :-) */
2015-03-05 20:48:46 +03:00
netif_stop_queue ( dev ) ;
ax_encaps ( dev , skb - > data , skb - > len ) ;
kfree_skb ( skb ) ;
2005-04-16 15:20:36 -07:00
2009-06-23 06:03:08 +00:00
return NETDEV_TX_OK ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
static int ax_open_dev ( struct net_device * dev )
{
struct mkiss * ax = netdev_priv ( dev ) ;
if ( ax - > tty = = NULL )
return - ENODEV ;
return 0 ;
}
2005-04-16 15:20:36 -07:00
/* Open the low-level part of the AX25 channel. Easy! */
static int ax_open ( struct net_device * dev )
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = netdev_priv ( dev ) ;
2005-04-16 15:20:36 -07:00
unsigned long len ;
if ( ax - > tty = = NULL )
return - ENODEV ;
/*
* Allocate the frame buffers :
*
* rbuff Receive buffer .
* xbuff Transmit buffer .
*/
len = dev - > mtu * 2 ;
/*
* allow for arrival of larger UDP packets , even if we say not to
* also fixes a bug in which SunOS sends 512 - byte packets even with
* an MSS of 128
*/
if ( len < 576 * 2 )
len = 576 * 2 ;
if ( ( ax - > rbuff = kmalloc ( len + 4 , GFP_KERNEL ) ) = = NULL )
goto norbuff ;
if ( ( ax - > xbuff = kmalloc ( len + 4 , GFP_KERNEL ) ) = = NULL )
goto noxbuff ;
ax - > mtu = dev - > mtu + 73 ;
ax - > buffsize = len ;
ax - > rcount = 0 ;
ax - > xleft = 0 ;
ax - > flags & = ( 1 < < AXF_INUSE ) ; /* Clear ESCAPE & ERROR flags */
spin_lock_init ( & ax - > buflock ) ;
return 0 ;
noxbuff :
kfree ( ax - > rbuff ) ;
norbuff :
return - ENOMEM ;
}
/* Close the low-level part of the AX25 channel. Easy! */
static int ax_close ( struct net_device * dev )
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = netdev_priv ( dev ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( ax - > tty )
clear_bit ( TTY_DO_WRITE_WAKEUP , & ax - > tty - > flags ) ;
2005-04-16 15:20:36 -07:00
netif_stop_queue ( dev ) ;
return 0 ;
}
2009-01-09 13:01:41 +00:00
static const struct net_device_ops ax_netdev_ops = {
. ndo_open = ax_open_dev ,
. ndo_stop = ax_close ,
. ndo_start_xmit = ax_xmit ,
. ndo_set_mac_address = ax_set_mac_address ,
} ;
2005-08-24 18:06:36 +01:00
static void ax_setup ( struct net_device * dev )
{
/* Finish setting up the DEVICE info. */
dev - > mtu = AX_MTU ;
2017-02-09 14:12:11 +01:00
dev - > hard_header_len = AX25_MAX_HEADER_LEN ;
dev - > addr_len = AX25_ADDR_LEN ;
2005-08-24 18:06:36 +01:00
dev - > type = ARPHRD_AX25 ;
dev - > tx_queue_len = 10 ;
2015-03-02 00:03:02 -06:00
dev - > header_ops = & ax25_header_ops ;
2009-01-09 13:01:41 +00:00
dev - > netdev_ops = & ax_netdev_ops ;
2007-10-09 01:40:57 -07:00
2005-08-24 18:06:36 +01:00
2006-12-07 15:47:08 -08:00
memcpy ( dev - > broadcast , & ax25_bcast , AX25_ADDR_LEN ) ;
memcpy ( dev - > dev_addr , & ax25_defaddr , AX25_ADDR_LEN ) ;
2005-08-24 18:06:36 +01:00
dev - > flags = IFF_BROADCAST | IFF_MULTICAST ;
2005-04-16 15:20:36 -07:00
}
/*
2005-08-24 18:06:36 +01:00
* We have a potential race on dereferencing tty - > disc_data , because the tty
* layer provides no locking at all - thus one cpu could be running
* sixpack_receive_buf while another calls sixpack_close , which zeroes
* tty - > disc_data and frees the memory that sixpack_receive_buf is using . The
* best way to fix this is to use a rwlock in the tty struct , but for now we
* use a single global rwlock for all ttys in ppp line discipline .
2005-04-16 15:20:36 -07:00
*/
2005-10-04 12:22:16 +01:00
static DEFINE_RWLOCK ( disc_data_lock ) ;
2005-08-24 18:06:36 +01:00
static struct mkiss * mkiss_get ( struct tty_struct * tty )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
read_lock ( & disc_data_lock ) ;
ax = tty - > disc_data ;
if ( ax )
2019-08-03 00:48:21 +08:00
refcount_inc ( & ax - > refcnt ) ;
2005-08-24 18:06:36 +01:00
read_unlock ( & disc_data_lock ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
return ax ;
}
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
static void mkiss_put ( struct mkiss * ax )
{
2019-08-03 00:48:21 +08:00
if ( refcount_dec_and_test ( & ax - > refcnt ) )
2018-12-10 22:52:56 +01:00
complete ( & ax - > dead ) ;
2005-04-16 15:20:36 -07:00
}
2005-10-14 14:28:09 +01:00
static int crc_force = 0 ; /* Can be overridden with insmod */
2005-08-24 18:06:36 +01:00
static int mkiss_open ( struct tty_struct * tty )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct net_device * dev ;
struct mkiss * ax ;
2005-04-16 15:20:36 -07:00
int err ;
2005-08-24 18:06:36 +01:00
if ( ! capable ( CAP_NET_ADMIN ) )
return - EPERM ;
2008-04-30 00:54:13 -07:00
if ( tty - > ops - > write = = NULL )
return - EOPNOTSUPP ;
2005-04-16 15:20:36 -07:00
net: set name_assign_type in alloc_netdev()
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.
Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@
(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)
v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen <teg@jklm.no>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-14 16:37:24 +02:00
dev = alloc_netdev ( sizeof ( struct mkiss ) , " ax%d " , NET_NAME_UNKNOWN ,
ax_setup ) ;
2005-08-24 18:06:36 +01:00
if ( ! dev ) {
err = - ENOMEM ;
goto out ;
}
ax = netdev_priv ( dev ) ;
ax - > dev = dev ;
spin_lock_init ( & ax - > buflock ) ;
2019-08-03 00:48:21 +08:00
refcount_set ( & ax - > refcnt , 1 ) ;
2018-12-10 22:52:56 +01:00
init_completion ( & ax - > dead ) ;
2005-04-16 15:20:36 -07:00
ax - > tty = tty ;
tty - > disc_data = ax ;
[PATCH] TTY layer buffering revamp
The API and code have been through various bits of initial review by
serial driver people but they definitely need to live somewhere for a
while so the unconverted drivers can get knocked into shape, existing
drivers that have been updated can be better tuned and bugs whacked out.
This replaces the tty flip buffers with kmalloc objects in rings. In the
normal situation for an IRQ driven serial port at typical speeds the
behaviour is pretty much the same, two buffers end up allocated and the
kernel cycles between them as before.
When there are delays or at high speed we now behave far better as the
buffer pool can grow a bit rather than lose characters. This also means
that we can operate at higher speeds reliably.
For drivers that receive characters in blocks (DMA based, USB and
especially virtualisation) the layer allows a lot of driver specific
code that works around the tty layer with private secondary queues to be
removed. The IBM folks need this sort of layer, the smart serial port
people do, the virtualisers do (because a virtualised tty typically
operates at infinite speed rather than emulating 9600 baud).
Finally many drivers had invalid and unsafe attempts to avoid buffer
overflows by directly invoking tty methods extracted out of the innards
of work queue structs. These are no longer needed and all go away. That
fixes various random hangs with serial ports on overflow.
The other change in here is to optimise the receive_room path that is
used by some callers. It turns out that only one ldisc uses receive room
except asa constant and it updates it far far less than the value is
read. We thus make it a variable not a function call.
I expect the code to contain bugs due to the size alone but I'll be
watching and squashing them and feeding out new patches as it goes.
Because the buffers now dynamically expand you should only run out of
buffering when the kernel runs out of memory for real. That means a lot of
the horrible hacks high performance drivers used to do just aren't needed any
more.
Description:
tty_insert_flip_char is an old API and continues to work as before, as does
tty_flip_buffer_push() [this is why many drivers dont need modification]. It
does now also return the number of chars inserted
There are also
tty_buffer_request_room(tty, len)
which asks for a buffer block of the length requested and returns the space
found. This improves efficiency with hardware that knows how much to
transfer.
and tty_insert_flip_string_flags(tty, str, flags, len)
to insert a string of characters and flags
For a smart interface the usual code is
len = tty_request_buffer_room(tty, amount_hardware_says);
tty_insert_flip_string(tty, buffer_from_card, len);
More description!
At the moment tty buffers are attached directly to the tty. This is causing a
lot of the problems related to tty layer locking, also problems at high speed
and also with bursty data (such as occurs in virtualised environments)
I'm working on ripping out the flip buffers and replacing them with a pool of
dynamically allocated buffers. This allows both for old style "byte I/O"
devices and also helps virtualisation and smart devices where large blocks of
data suddenely materialise and need storing.
So far so good. Lots of drivers reference tty->flip.*. Several of them also
call directly and unsafely into function pointers it provides. This will all
break. Most drivers can use tty_insert_flip_char which can be kept as an API
but others need more.
At the moment I've added the following interfaces, if people think more will
be needed now is a good time to say
int tty_buffer_request_room(tty, size)
Try and ensure at least size bytes are available, returns actual room (may be
zero). At the moment it just uses the flipbuf space but that will change.
Repeated calls without characters being added are not cumulative. (ie if you
call it with 1, 1, 1, and then 4 you'll have four characters of space. The
other functions will also try and grow buffers in future but this will be a
more efficient way when you know block sizes.
int tty_insert_flip_char(tty, ch, flag)
As before insert a character if there is room. Now returns 1 for success, 0
for failure.
int tty_insert_flip_string(tty, str, len)
Insert a block of non error characters. Returns the number inserted.
int tty_prepare_flip_string(tty, strptr, len)
Adjust the buffer to allow len characters to be added. Returns a buffer
pointer in strptr and the length available. This allows for hardware that
needs to use functions like insl or mencpy_fromio.
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Hirokazu Takata <takata@linux-m32r.org>
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: John Hawkes <hawkes@sgi.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-09 20:54:13 -08:00
tty - > receive_room = 65535 ;
2005-04-16 15:20:36 -07:00
2008-04-30 00:54:13 -07:00
tty_driver_flush_buffer ( tty ) ;
2005-04-16 15:20:36 -07:00
/* Restore default settings */
2005-08-24 18:06:36 +01:00
dev - > type = ARPHRD_AX25 ;
2005-04-16 15:20:36 -07:00
/* Perform the low-level AX25 initialization. */
2015-08-10 14:22:43 -03:00
err = ax_open ( ax - > dev ) ;
if ( err )
2005-08-24 18:06:36 +01:00
goto out_free_netdev ;
2005-04-16 15:20:36 -07:00
2015-08-10 14:22:43 -03:00
err = register_netdev ( dev ) ;
if ( err )
2005-08-24 18:06:36 +01:00
goto out_free_buffers ;
2005-04-16 15:20:36 -07:00
2005-10-14 14:28:09 +01:00
/* after register_netdev() - because else printk smashes the kernel */
switch ( crc_force ) {
case 3 :
ax - > crcmode = CRC_MODE_SMACK ;
printk ( KERN_INFO " mkiss: %s: crc mode smack forced. \n " ,
ax - > dev - > name ) ;
break ;
case 2 :
ax - > crcmode = CRC_MODE_FLEX ;
printk ( KERN_INFO " mkiss: %s: crc mode flexnet forced. \n " ,
ax - > dev - > name ) ;
break ;
case 1 :
ax - > crcmode = CRC_MODE_NONE ;
printk ( KERN_INFO " mkiss: %s: crc mode disabled. \n " ,
ax - > dev - > name ) ;
break ;
case 0 :
default :
crc_force = 0 ;
printk ( KERN_INFO " mkiss: %s: crc mode is auto. \n " ,
ax - > dev - > name ) ;
ax - > crcmode = CRC_MODE_SMACK_TEST ;
}
ax - > crcauto = ( crc_force ? 0 : 1 ) ;
2005-08-24 18:06:36 +01:00
netif_start_queue ( dev ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/* Done. We have linked the TTY line to a channel. */
return 0 ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
out_free_buffers :
kfree ( ax - > rbuff ) ;
kfree ( ax - > xbuff ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
out_free_netdev :
free_netdev ( dev ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
out :
return err ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
static void mkiss_close ( struct tty_struct * tty )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax ;
2005-04-16 15:20:36 -07:00
6pack,mkiss: fix possible deadlock
We got another syzbot report [1] that tells us we must use
write_lock_irq()/write_unlock_irq() to avoid possible deadlock.
[1]
WARNING: inconsistent lock state
5.5.0-rc1-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-R} usage.
syz-executor826/9605 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffffff8a128718 (disc_data_lock){+-..}, at: sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
{HARDIRQ-ON-W} state was registered at:
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
__raw_write_lock_bh include/linux/rwlock_api_smp.h:203 [inline]
_raw_write_lock_bh+0x33/0x50 kernel/locking/spinlock.c:319
sixpack_close+0x1d/0x250 drivers/net/hamradio/6pack.c:657
tty_ldisc_close.isra.0+0x119/0x1a0 drivers/tty/tty_ldisc.c:489
tty_set_ldisc+0x230/0x6b0 drivers/tty/tty_ldisc.c:585
tiocsetd drivers/tty/tty_io.c:2337 [inline]
tty_ioctl+0xe8d/0x14f0 drivers/tty/tty_io.c:2597
vfs_ioctl fs/ioctl.c:47 [inline]
file_ioctl fs/ioctl.c:545 [inline]
do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
__do_sys_ioctl fs/ioctl.c:756 [inline]
__se_sys_ioctl fs/ioctl.c:754 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 3946
hardirqs last enabled at (3945): [<ffffffff87c86e43>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (3945): [<ffffffff87c86e43>] _raw_spin_unlock_irq+0x23/0x80 kernel/locking/spinlock.c:199
hardirqs last disabled at (3946): [<ffffffff8100675f>] trace_hardirqs_off_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:42
softirqs last enabled at (2658): [<ffffffff86a8b4df>] spin_unlock_bh include/linux/spinlock.h:383 [inline]
softirqs last enabled at (2658): [<ffffffff86a8b4df>] clusterip_netdev_event+0x46f/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:222
softirqs last disabled at (2656): [<ffffffff86a8b22b>] spin_lock_bh include/linux/spinlock.h:343 [inline]
softirqs last disabled at (2656): [<ffffffff86a8b22b>] clusterip_netdev_event+0x1bb/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:196
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(disc_data_lock);
<Interrupt>
lock(disc_data_lock);
*** DEADLOCK ***
5 locks held by syz-executor826/9605:
#0: ffff8880a905e198 (&tty->legacy_mutex){+.+.}, at: tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
#1: ffffffff899a56c0 (rcu_read_lock){....}, at: mutex_spin_on_owner+0x0/0x330 kernel/locking/mutex.c:413
#2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
#2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x2d/0x1a0 drivers/tty/serial/8250/8250_core.c:116
#3: ffffffff8c104048 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x330 drivers/tty/serial/8250/8250_port.c:1823
#4: ffff8880a905e090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x22/0x90 drivers/tty/tty_ldisc.c:288
stack backtrace:
CPU: 1 PID: 9605 Comm: syz-executor826 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_usage_bug.cold+0x327/0x378 kernel/locking/lockdep.c:3101
valid_state kernel/locking/lockdep.c:3112 [inline]
mark_lock_irq kernel/locking/lockdep.c:3309 [inline]
mark_lock+0xbb4/0x1220 kernel/locking/lockdep.c:3666
mark_usage kernel/locking/lockdep.c:3554 [inline]
__lock_acquire+0x1e55/0x4a00 kernel/locking/lockdep.c:3909
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x32/0x50 kernel/locking/spinlock.c:223
sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
sixpack_write_wakeup+0x25/0x340 drivers/net/hamradio/6pack.c:402
tty_wakeup+0xe9/0x120 drivers/tty/tty_io.c:536
tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:50
tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387
uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104
serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1761
serial8250_handle_irq.part.0+0x2a2/0x330 drivers/tty/serial/8250/8250_port.c:1834
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1820 [inline]
serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1850
serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149
handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830
generic_handle_irq_desc include/linux/irqdesc.h:156 [inline]
do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:607
</IRQ>
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:685 [inline]
RIP: 0010:mutex_spin_on_owner+0x247/0x330 kernel/locking/mutex.c:579
Code: c3 be 08 00 00 00 4c 89 e7 e8 e5 06 59 00 4c 89 e0 48 c1 e8 03 42 80 3c 38 00 0f 85 e1 00 00 00 49 8b 04 24 a8 01 75 96 f3 90 <e9> 2f fe ff ff 0f 0b e8 0d 19 09 00 84 c0 0f 85 ff fd ff ff 48 c7
RSP: 0018:ffffc90001eafa20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd7
RAX: 0000000000000000 RBX: ffff88809fd9e0c0 RCX: 1ffffffff13266dd
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
RBP: ffffc90001eafa60 R08: 1ffff11013d22898 R09: ffffed1013d22899
R10: ffffed1013d22898 R11: ffff88809e9144c7 R12: ffff8880a905e138
R13: ffff88809e9144c0 R14: 0000000000000000 R15: dffffc0000000000
mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
__mutex_lock_common kernel/locking/mutex.c:962 [inline]
__mutex_lock+0x32b/0x13c0 kernel/locking/mutex.c:1106
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1121
tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
tty_release+0xb5/0xe90 drivers/tty/tty_io.c:1665
__fput+0x2ff/0x890 fs/file_table.c:280
____fput+0x16/0x20 fs/file_table.c:313
task_work_run+0x145/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8e7/0x2ef0 kernel/exit.c:797
do_group_exit+0x135/0x360 kernel/exit.c:895
__do_sys_exit_group kernel/exit.c:906 [inline]
__se_sys_exit_group kernel/exit.c:904 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fef8
Code: Bad RIP value.
RSP: 002b:00007ffdb07d2338 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043fef8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004bf730 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
Fixes: 6e4e2f811bad ("6pack,mkiss: fix lock inconsistency")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
2019-12-12 10:32:13 -08:00
write_lock_irq ( & disc_data_lock ) ;
2005-08-24 18:06:36 +01:00
ax = tty - > disc_data ;
tty - > disc_data = NULL ;
6pack,mkiss: fix possible deadlock
We got another syzbot report [1] that tells us we must use
write_lock_irq()/write_unlock_irq() to avoid possible deadlock.
[1]
WARNING: inconsistent lock state
5.5.0-rc1-syzkaller #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-R} usage.
syz-executor826/9605 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffffff8a128718 (disc_data_lock){+-..}, at: sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
{HARDIRQ-ON-W} state was registered at:
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
__raw_write_lock_bh include/linux/rwlock_api_smp.h:203 [inline]
_raw_write_lock_bh+0x33/0x50 kernel/locking/spinlock.c:319
sixpack_close+0x1d/0x250 drivers/net/hamradio/6pack.c:657
tty_ldisc_close.isra.0+0x119/0x1a0 drivers/tty/tty_ldisc.c:489
tty_set_ldisc+0x230/0x6b0 drivers/tty/tty_ldisc.c:585
tiocsetd drivers/tty/tty_io.c:2337 [inline]
tty_ioctl+0xe8d/0x14f0 drivers/tty/tty_io.c:2597
vfs_ioctl fs/ioctl.c:47 [inline]
file_ioctl fs/ioctl.c:545 [inline]
do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
__do_sys_ioctl fs/ioctl.c:756 [inline]
__se_sys_ioctl fs/ioctl.c:754 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 3946
hardirqs last enabled at (3945): [<ffffffff87c86e43>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (3945): [<ffffffff87c86e43>] _raw_spin_unlock_irq+0x23/0x80 kernel/locking/spinlock.c:199
hardirqs last disabled at (3946): [<ffffffff8100675f>] trace_hardirqs_off_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:42
softirqs last enabled at (2658): [<ffffffff86a8b4df>] spin_unlock_bh include/linux/spinlock.h:383 [inline]
softirqs last enabled at (2658): [<ffffffff86a8b4df>] clusterip_netdev_event+0x46f/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:222
softirqs last disabled at (2656): [<ffffffff86a8b22b>] spin_lock_bh include/linux/spinlock.h:343 [inline]
softirqs last disabled at (2656): [<ffffffff86a8b22b>] clusterip_netdev_event+0x1bb/0x670 net/ipv4/netfilter/ipt_CLUSTERIP.c:196
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(disc_data_lock);
<Interrupt>
lock(disc_data_lock);
*** DEADLOCK ***
5 locks held by syz-executor826/9605:
#0: ffff8880a905e198 (&tty->legacy_mutex){+.+.}, at: tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
#1: ffffffff899a56c0 (rcu_read_lock){....}, at: mutex_spin_on_owner+0x0/0x330 kernel/locking/mutex.c:413
#2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
#2: ffff8880a496a2b0 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x2d/0x1a0 drivers/tty/serial/8250/8250_core.c:116
#3: ffffffff8c104048 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x330 drivers/tty/serial/8250/8250_port.c:1823
#4: ffff8880a905e090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x22/0x90 drivers/tty/tty_ldisc.c:288
stack backtrace:
CPU: 1 PID: 9605 Comm: syz-executor826 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_usage_bug.cold+0x327/0x378 kernel/locking/lockdep.c:3101
valid_state kernel/locking/lockdep.c:3112 [inline]
mark_lock_irq kernel/locking/lockdep.c:3309 [inline]
mark_lock+0xbb4/0x1220 kernel/locking/lockdep.c:3666
mark_usage kernel/locking/lockdep.c:3554 [inline]
__lock_acquire+0x1e55/0x4a00 kernel/locking/lockdep.c:3909
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x32/0x50 kernel/locking/spinlock.c:223
sp_get.isra.0+0x1d/0xf0 drivers/net/ppp/ppp_synctty.c:138
sixpack_write_wakeup+0x25/0x340 drivers/net/hamradio/6pack.c:402
tty_wakeup+0xe9/0x120 drivers/tty/tty_io.c:536
tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:50
tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387
uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104
serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1761
serial8250_handle_irq.part.0+0x2a2/0x330 drivers/tty/serial/8250/8250_port.c:1834
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1820 [inline]
serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1850
serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149
handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830
generic_handle_irq_desc include/linux/irqdesc.h:156 [inline]
do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:607
</IRQ>
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:685 [inline]
RIP: 0010:mutex_spin_on_owner+0x247/0x330 kernel/locking/mutex.c:579
Code: c3 be 08 00 00 00 4c 89 e7 e8 e5 06 59 00 4c 89 e0 48 c1 e8 03 42 80 3c 38 00 0f 85 e1 00 00 00 49 8b 04 24 a8 01 75 96 f3 90 <e9> 2f fe ff ff 0f 0b e8 0d 19 09 00 84 c0 0f 85 ff fd ff ff 48 c7
RSP: 0018:ffffc90001eafa20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd7
RAX: 0000000000000000 RBX: ffff88809fd9e0c0 RCX: 1ffffffff13266dd
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
RBP: ffffc90001eafa60 R08: 1ffff11013d22898 R09: ffffed1013d22899
R10: ffffed1013d22898 R11: ffff88809e9144c7 R12: ffff8880a905e138
R13: ffff88809e9144c0 R14: 0000000000000000 R15: dffffc0000000000
mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
__mutex_lock_common kernel/locking/mutex.c:962 [inline]
__mutex_lock+0x32b/0x13c0 kernel/locking/mutex.c:1106
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1121
tty_lock+0xc7/0x130 drivers/tty/tty_mutex.c:19
tty_release+0xb5/0xe90 drivers/tty/tty_io.c:1665
__fput+0x2ff/0x890 fs/file_table.c:280
____fput+0x16/0x20 fs/file_table.c:313
task_work_run+0x145/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8e7/0x2ef0 kernel/exit.c:797
do_group_exit+0x135/0x360 kernel/exit.c:895
__do_sys_exit_group kernel/exit.c:906 [inline]
__se_sys_exit_group kernel/exit.c:904 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fef8
Code: Bad RIP value.
RSP: 002b:00007ffdb07d2338 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043fef8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004bf730 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
Fixes: 6e4e2f811bad ("6pack,mkiss: fix lock inconsistency")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
2019-12-12 10:32:13 -08:00
write_unlock_irq ( & disc_data_lock ) ;
2005-04-16 15:20:36 -07:00
2008-01-24 02:06:46 -08:00
if ( ! ax )
2005-08-24 18:06:36 +01:00
return ;
2005-04-16 15:20:36 -07:00
/*
2005-08-24 18:06:36 +01:00
* We have now ensured that nobody can start using ap from now on , but
* we have to wait for all existing users to finish .
2005-04-16 15:20:36 -07:00
*/
2019-08-03 00:48:21 +08:00
if ( ! refcount_dec_and_test ( & ax - > refcnt ) )
2018-12-10 22:52:56 +01:00
wait_for_completion ( & ax - > dead ) ;
2016-01-06 14:55:02 +00:00
/*
* Halt the transmit queue so that a new transmit cannot scribble
* on our buffers
*/
netif_stop_queue ( ax - > dev ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/* Free all AX25 frame buffers. */
kfree ( ax - > rbuff ) ;
kfree ( ax - > xbuff ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
ax - > tty = NULL ;
2015-12-17 16:05:49 -05:00
unregister_netdev ( ax - > dev ) ;
net: hamradio: fix memory leak in mkiss_close
My local syzbot instance hit memory leak in
mkiss_open()[1]. The problem was in missing
free_netdev() in mkiss_close().
In mkiss_open() netdevice is allocated and then
registered, but in mkiss_close() netdevice was
only unregistered, but not freed.
Fail log:
BUG: memory leak
unreferenced object 0xffff8880281ba000 (size 4096):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............
00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706e7e8>] alloc_netdev_mqs+0x98/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880141a9a00 (size 96):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....
98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........
backtrace:
[<ffffffff8709f68b>] __hw_addr_create_ex+0x5b/0x310
[<ffffffff8709fb38>] __hw_addr_add_ex+0x1f8/0x2b0
[<ffffffff870a0c7b>] dev_addr_init+0x10b/0x1f0
[<ffffffff8706e88b>] alloc_netdev_mqs+0x13b/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff8880219bfc00 (size 512):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............
80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706eec7>] alloc_netdev_mqs+0x777/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
BUG: memory leak
unreferenced object 0xffff888029b2b200 (size 256):
comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff81a27201>] kvmalloc_node+0x61/0xf0
[<ffffffff8706f062>] alloc_netdev_mqs+0x912/0xe80
[<ffffffff84e64192>] mkiss_open+0xb2/0x6f0 [1]
[<ffffffff842355db>] tty_ldisc_open+0x9b/0x110
[<ffffffff84236488>] tty_set_ldisc+0x2e8/0x670
[<ffffffff8421f7f3>] tty_ioctl+0xda3/0x1440
[<ffffffff81c9f273>] __x64_sys_ioctl+0x193/0x200
[<ffffffff8911263a>] do_syscall_64+0x3a/0xb0
[<ffffffff89200068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 815f62bf7427 ("[PATCH] SMP rewrite of mkiss")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-06-16 22:09:06 +03:00
free_netdev ( ax - > dev ) ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
/* Perform I/O control on an active ax25 channel. */
static int mkiss_ioctl ( struct tty_struct * tty , struct file * file ,
unsigned int cmd , unsigned long arg )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = mkiss_get ( tty ) ;
2008-12-16 15:43:29 -08:00
struct net_device * dev ;
2005-08-24 18:06:36 +01:00
unsigned int tmp , err ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/* First make sure we're connected. */
if ( ax = = NULL )
return - ENXIO ;
2008-12-16 15:43:29 -08:00
dev = ax - > dev ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
switch ( cmd ) {
2021-05-20 11:47:50 +08:00
case SIOCGIFNAME :
2005-08-24 18:06:36 +01:00
err = copy_to_user ( ( void __user * ) arg , ax - > dev - > name ,
strlen ( ax - > dev - > name ) + 1 ) ? - EFAULT : 0 ;
break ;
case SIOCGIFENCAP :
err = put_user ( 4 , ( int __user * ) arg ) ;
break ;
case SIOCSIFENCAP :
if ( get_user ( tmp , ( int __user * ) arg ) ) {
err = - EFAULT ;
break ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
ax - > mode = tmp ;
dev - > addr_len = AX25_ADDR_LEN ;
dev - > hard_header_len = AX25_KISS_HEADER_LEN +
AX25_MAX_HEADER_LEN + 3 ;
dev - > type = ARPHRD_AX25 ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
err = 0 ;
break ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
case SIOCSIFHWADDR : {
char addr [ AX25_ADDR_LEN ] ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( copy_from_user ( & addr ,
( void __user * ) arg , AX25_ADDR_LEN ) ) {
err = - EFAULT ;
2005-04-16 15:20:36 -07:00
break ;
}
2006-06-09 12:20:56 -07:00
netif_tx_lock_bh ( dev ) ;
2005-08-24 18:06:36 +01:00
memcpy ( dev - > dev_addr , addr , AX25_ADDR_LEN ) ;
2006-06-09 12:20:56 -07:00
netif_tx_unlock_bh ( dev ) ;
2005-08-24 18:06:36 +01:00
err = 0 ;
break ;
}
default :
err = - ENOIOCTLCMD ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
mkiss_put ( ax ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
return err ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
/*
* Handle the ' receiver data ready ' interrupt .
* This function is called by the ' tty_io ' module in the kernel when
* a block of data has been received , which can now be decapsulated
* and sent on to the AX .25 layer for further processing .
*/
2011-06-04 06:33:24 +09:00
static void mkiss_receive_buf ( struct tty_struct * tty , const unsigned char * cp ,
2021-05-05 11:19:04 +02:00
const char * fp , int count )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = mkiss_get ( tty ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( ! ax )
2011-06-04 06:33:24 +09:00
return ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/*
* Argh ! mtu change time ! - costs us the packet part received
* at the change
*/
if ( ax - > mtu ! = ax - > dev - > mtu + 73 )
ax_changedmtu ( ax ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
/* Read the characters out of the buffer */
2011-06-04 06:33:24 +09:00
while ( count - - ) {
2005-08-24 18:06:36 +01:00
if ( fp ! = NULL & & * fp + + ) {
if ( ! test_and_set_bit ( AXF_ERROR , & ax - > flags ) )
2009-01-09 13:01:40 +00:00
ax - > dev - > stats . rx_errors + + ;
2005-08-24 18:06:36 +01:00
cp + + ;
continue ;
}
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
kiss_unesc ( ax , * cp + + ) ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
mkiss_put ( ax ) ;
2008-04-30 00:54:18 -07:00
tty_unthrottle ( tty ) ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
/*
* Called by the driver when there ' s room for more data . If we have
* more packets to send , we send them here .
*/
static void mkiss_write_wakeup ( struct tty_struct * tty )
2005-04-16 15:20:36 -07:00
{
2005-08-24 18:06:36 +01:00
struct mkiss * ax = mkiss_get ( tty ) ;
int actual ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( ! ax )
return ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
if ( ax - > xleft < = 0 ) {
/* Now serial buffer is almost free & we can start
* transmission of another packet
*/
clear_bit ( TTY_DO_WRITE_WAKEUP , & tty - > flags ) ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
netif_wake_queue ( ax - > dev ) ;
goto out ;
}
2005-04-16 15:20:36 -07:00
2008-04-30 00:54:13 -07:00
actual = tty - > ops - > write ( tty , ax - > xhead , ax - > xleft ) ;
2005-08-24 18:06:36 +01:00
ax - > xleft - = actual ;
ax - > xhead + = actual ;
2005-04-16 15:20:36 -07:00
2005-08-24 18:06:36 +01:00
out :
mkiss_put ( ax ) ;
2005-04-16 15:20:36 -07:00
}
2008-07-16 21:53:12 +01:00
static struct tty_ldisc_ops ax_ldisc = {
2005-10-12 23:11:01 +01:00
. owner = THIS_MODULE ,
2021-05-05 11:19:07 +02:00
. num = N_AX25 ,
2005-08-24 18:06:36 +01:00
. name = " mkiss " ,
. open = mkiss_open ,
. close = mkiss_close ,
. ioctl = mkiss_ioctl ,
. receive_buf = mkiss_receive_buf ,
. write_wakeup = mkiss_write_wakeup
} ;
2005-04-16 15:20:36 -07:00
2012-10-04 17:11:58 -07:00
static const char banner [ ] __initconst = KERN_INFO \
2005-08-24 18:06:36 +01:00
" mkiss: AX.25 Multikiss, Hans Albas PE1AYX \n " ;
2012-10-04 17:11:58 -07:00
static const char msg_regfail [ ] __initconst = KERN_ERR \
2005-08-24 18:06:36 +01:00
" mkiss: can't register line discipline (err = %d) \n " ;
2005-04-16 15:20:36 -07:00
static int __init mkiss_init_driver ( void )
{
int status ;
printk ( banner ) ;
2021-05-05 11:19:07 +02:00
status = tty_register_ldisc ( & ax_ldisc ) ;
2009-02-14 11:33:21 +00:00
if ( status ! = 0 )
printk ( msg_regfail , status ) ;
2005-04-16 15:20:36 -07:00
return status ;
}
static void __exit mkiss_exit_driver ( void )
{
2021-05-05 11:19:11 +02:00
tty_unregister_ldisc ( & ax_ldisc ) ;
2005-04-16 15:20:36 -07:00
}
2005-08-24 18:06:36 +01:00
MODULE_AUTHOR ( " Ralf Baechle DL5RB <ralf@linux-mips.org> " ) ;
2005-04-16 15:20:36 -07:00
MODULE_DESCRIPTION ( " KISS driver for AX.25 over TTYs " ) ;
2006-03-25 03:07:05 -08:00
module_param ( crc_force , int , 0 ) ;
2005-10-14 14:28:09 +01:00
MODULE_PARM_DESC ( crc_force , " crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack] " ) ;
2005-04-16 15:20:36 -07:00
MODULE_LICENSE ( " GPL " ) ;
MODULE_ALIAS_LDISC ( N_AX25 ) ;
2005-08-24 18:06:36 +01:00
2005-04-16 15:20:36 -07:00
module_init ( mkiss_init_driver ) ;
module_exit ( mkiss_exit_driver ) ;