d380ce7005
We need to protect the reader reading the sysctl value because the value can be changed concurrently. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jason Xing <kernelxing@tencent.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
302 lines
6.8 KiB
C
302 lines
6.8 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
*
|
|
* Copyright Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
|
|
* Copyright Darryl Miles G7LED (dlm@g7led.demon.co.uk)
|
|
*/
|
|
#include <linux/errno.h>
|
|
#include <linux/types.h>
|
|
#include <linux/socket.h>
|
|
#include <linux/in.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/string.h>
|
|
#include <linux/sockios.h>
|
|
#include <linux/net.h>
|
|
#include <linux/slab.h>
|
|
#include <net/ax25.h>
|
|
#include <linux/inet.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/sock.h>
|
|
#include <net/tcp_states.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/fcntl.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/interrupt.h>
|
|
#include <net/netrom.h>
|
|
|
|
static int nr_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more)
|
|
{
|
|
struct sk_buff *skbo, *skbn = skb;
|
|
struct nr_sock *nr = nr_sk(sk);
|
|
|
|
skb_pull(skb, NR_NETWORK_LEN + NR_TRANSPORT_LEN);
|
|
|
|
nr_start_idletimer(sk);
|
|
|
|
if (more) {
|
|
nr->fraglen += skb->len;
|
|
skb_queue_tail(&nr->frag_queue, skb);
|
|
return 0;
|
|
}
|
|
|
|
if (!more && nr->fraglen > 0) { /* End of fragment */
|
|
nr->fraglen += skb->len;
|
|
skb_queue_tail(&nr->frag_queue, skb);
|
|
|
|
if ((skbn = alloc_skb(nr->fraglen, GFP_ATOMIC)) == NULL)
|
|
return 1;
|
|
|
|
skb_reset_transport_header(skbn);
|
|
|
|
while ((skbo = skb_dequeue(&nr->frag_queue)) != NULL) {
|
|
skb_copy_from_linear_data(skbo,
|
|
skb_put(skbn, skbo->len),
|
|
skbo->len);
|
|
kfree_skb(skbo);
|
|
}
|
|
|
|
nr->fraglen = 0;
|
|
}
|
|
|
|
return sock_queue_rcv_skb(sk, skbn);
|
|
}
|
|
|
|
/*
|
|
* State machine for state 1, Awaiting Connection State.
|
|
* The handling of the timer(s) is in file nr_timer.c.
|
|
* Handling of state 0 and connection release is in netrom.c.
|
|
*/
|
|
static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
|
|
int frametype)
|
|
{
|
|
switch (frametype) {
|
|
case NR_CONNACK: {
|
|
struct nr_sock *nr = nr_sk(sk);
|
|
|
|
nr_stop_t1timer(sk);
|
|
nr_start_idletimer(sk);
|
|
nr->your_index = skb->data[17];
|
|
nr->your_id = skb->data[18];
|
|
nr->vs = 0;
|
|
nr->va = 0;
|
|
nr->vr = 0;
|
|
nr->vl = 0;
|
|
nr->state = NR_STATE_3;
|
|
nr->n2count = 0;
|
|
nr->window = skb->data[20];
|
|
sk->sk_state = TCP_ESTABLISHED;
|
|
if (!sock_flag(sk, SOCK_DEAD))
|
|
sk->sk_state_change(sk);
|
|
break;
|
|
}
|
|
|
|
case NR_CONNACK | NR_CHOKE_FLAG:
|
|
nr_disconnect(sk, ECONNREFUSED);
|
|
break;
|
|
|
|
case NR_RESET:
|
|
if (READ_ONCE(sysctl_netrom_reset_circuit))
|
|
nr_disconnect(sk, ECONNRESET);
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* State machine for state 2, Awaiting Release State.
|
|
* The handling of the timer(s) is in file nr_timer.c
|
|
* Handling of state 0 and connection release is in netrom.c.
|
|
*/
|
|
static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
|
|
int frametype)
|
|
{
|
|
switch (frametype) {
|
|
case NR_CONNACK | NR_CHOKE_FLAG:
|
|
nr_disconnect(sk, ECONNRESET);
|
|
break;
|
|
|
|
case NR_DISCREQ:
|
|
nr_write_internal(sk, NR_DISCACK);
|
|
fallthrough;
|
|
case NR_DISCACK:
|
|
nr_disconnect(sk, 0);
|
|
break;
|
|
|
|
case NR_RESET:
|
|
if (READ_ONCE(sysctl_netrom_reset_circuit))
|
|
nr_disconnect(sk, ECONNRESET);
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* State machine for state 3, Connected State.
|
|
* The handling of the timer(s) is in file nr_timer.c
|
|
* Handling of state 0 and connection release is in netrom.c.
|
|
*/
|
|
static int nr_state3_machine(struct sock *sk, struct sk_buff *skb, int frametype)
|
|
{
|
|
struct nr_sock *nrom = nr_sk(sk);
|
|
struct sk_buff_head temp_queue;
|
|
struct sk_buff *skbn;
|
|
unsigned short save_vr;
|
|
unsigned short nr, ns;
|
|
int queued = 0;
|
|
|
|
nr = skb->data[18];
|
|
|
|
switch (frametype) {
|
|
case NR_CONNREQ:
|
|
nr_write_internal(sk, NR_CONNACK);
|
|
break;
|
|
|
|
case NR_DISCREQ:
|
|
nr_write_internal(sk, NR_DISCACK);
|
|
nr_disconnect(sk, 0);
|
|
break;
|
|
|
|
case NR_CONNACK | NR_CHOKE_FLAG:
|
|
case NR_DISCACK:
|
|
nr_disconnect(sk, ECONNRESET);
|
|
break;
|
|
|
|
case NR_INFOACK:
|
|
case NR_INFOACK | NR_CHOKE_FLAG:
|
|
case NR_INFOACK | NR_NAK_FLAG:
|
|
case NR_INFOACK | NR_NAK_FLAG | NR_CHOKE_FLAG:
|
|
if (frametype & NR_CHOKE_FLAG) {
|
|
nrom->condition |= NR_COND_PEER_RX_BUSY;
|
|
nr_start_t4timer(sk);
|
|
} else {
|
|
nrom->condition &= ~NR_COND_PEER_RX_BUSY;
|
|
nr_stop_t4timer(sk);
|
|
}
|
|
if (!nr_validate_nr(sk, nr)) {
|
|
break;
|
|
}
|
|
if (frametype & NR_NAK_FLAG) {
|
|
nr_frames_acked(sk, nr);
|
|
nr_send_nak_frame(sk);
|
|
} else {
|
|
if (nrom->condition & NR_COND_PEER_RX_BUSY) {
|
|
nr_frames_acked(sk, nr);
|
|
} else {
|
|
nr_check_iframes_acked(sk, nr);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case NR_INFO:
|
|
case NR_INFO | NR_NAK_FLAG:
|
|
case NR_INFO | NR_CHOKE_FLAG:
|
|
case NR_INFO | NR_MORE_FLAG:
|
|
case NR_INFO | NR_NAK_FLAG | NR_CHOKE_FLAG:
|
|
case NR_INFO | NR_CHOKE_FLAG | NR_MORE_FLAG:
|
|
case NR_INFO | NR_NAK_FLAG | NR_MORE_FLAG:
|
|
case NR_INFO | NR_NAK_FLAG | NR_CHOKE_FLAG | NR_MORE_FLAG:
|
|
if (frametype & NR_CHOKE_FLAG) {
|
|
nrom->condition |= NR_COND_PEER_RX_BUSY;
|
|
nr_start_t4timer(sk);
|
|
} else {
|
|
nrom->condition &= ~NR_COND_PEER_RX_BUSY;
|
|
nr_stop_t4timer(sk);
|
|
}
|
|
if (nr_validate_nr(sk, nr)) {
|
|
if (frametype & NR_NAK_FLAG) {
|
|
nr_frames_acked(sk, nr);
|
|
nr_send_nak_frame(sk);
|
|
} else {
|
|
if (nrom->condition & NR_COND_PEER_RX_BUSY) {
|
|
nr_frames_acked(sk, nr);
|
|
} else {
|
|
nr_check_iframes_acked(sk, nr);
|
|
}
|
|
}
|
|
}
|
|
queued = 1;
|
|
skb_queue_head(&nrom->reseq_queue, skb);
|
|
if (nrom->condition & NR_COND_OWN_RX_BUSY)
|
|
break;
|
|
skb_queue_head_init(&temp_queue);
|
|
do {
|
|
save_vr = nrom->vr;
|
|
while ((skbn = skb_dequeue(&nrom->reseq_queue)) != NULL) {
|
|
ns = skbn->data[17];
|
|
if (ns == nrom->vr) {
|
|
if (nr_queue_rx_frame(sk, skbn, frametype & NR_MORE_FLAG) == 0) {
|
|
nrom->vr = (nrom->vr + 1) % NR_MODULUS;
|
|
} else {
|
|
nrom->condition |= NR_COND_OWN_RX_BUSY;
|
|
skb_queue_tail(&temp_queue, skbn);
|
|
}
|
|
} else if (nr_in_rx_window(sk, ns)) {
|
|
skb_queue_tail(&temp_queue, skbn);
|
|
} else {
|
|
kfree_skb(skbn);
|
|
}
|
|
}
|
|
while ((skbn = skb_dequeue(&temp_queue)) != NULL) {
|
|
skb_queue_tail(&nrom->reseq_queue, skbn);
|
|
}
|
|
} while (save_vr != nrom->vr);
|
|
/*
|
|
* Window is full, ack it immediately.
|
|
*/
|
|
if (((nrom->vl + nrom->window) % NR_MODULUS) == nrom->vr) {
|
|
nr_enquiry_response(sk);
|
|
} else {
|
|
if (!(nrom->condition & NR_COND_ACK_PENDING)) {
|
|
nrom->condition |= NR_COND_ACK_PENDING;
|
|
nr_start_t2timer(sk);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case NR_RESET:
|
|
if (READ_ONCE(sysctl_netrom_reset_circuit))
|
|
nr_disconnect(sk, ECONNRESET);
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
return queued;
|
|
}
|
|
|
|
/* Higher level upcall for a LAPB frame - called with sk locked */
|
|
int nr_process_rx_frame(struct sock *sk, struct sk_buff *skb)
|
|
{
|
|
struct nr_sock *nr = nr_sk(sk);
|
|
int queued = 0, frametype;
|
|
|
|
if (nr->state == NR_STATE_0)
|
|
return 0;
|
|
|
|
frametype = skb->data[19];
|
|
|
|
switch (nr->state) {
|
|
case NR_STATE_1:
|
|
queued = nr_state1_machine(sk, skb, frametype);
|
|
break;
|
|
case NR_STATE_2:
|
|
queued = nr_state2_machine(sk, skb, frametype);
|
|
break;
|
|
case NR_STATE_3:
|
|
queued = nr_state3_machine(sk, skb, frametype);
|
|
break;
|
|
}
|
|
|
|
nr_kick(sk);
|
|
|
|
return queued;
|
|
}
|