aa2b2eb393
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()") Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27 CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline] waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384 [inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778 __do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> Allocated by task 5167: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634 __sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Freed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kmem_cache_free+0x129/0x350 mm/slub.c:4363 i_callback+0x43/0x70 fs/inode.c:249 rcu_do_batch kernel/rcu/tree.c:2158 [inline] rcu_core+0x819/0x1680 kernel/rcu/tree.c:2433 __do_softirq+0x21a/0x8de kernel/softirq.c:553 Last potentially related work creation: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 __kasan_record_aux_stack+0xba/0x100 mm/kasan/generic.c:586 __call_rcu_common.constprop.0+0x9a/0x7b0 kernel/rcu/tree.c:2683 destroy_inode+0x129/0x1b0 fs/inode.c:315 iput_final fs/inode.c:1739 [inline] iput.part.0+0x560/0x7b0 fs/inode.c:1765 iput+0x5c/0x80 fs/inode.c:1755 dentry_unlink_inode+0x292/0x430 fs/dcache.c:400 __dentry_kill+0x1ca/0x5f0 fs/dcache.c:603 dput.part.0+0x4ac/0x9a0 fs/dcache.c:845 dput+0x1f/0x30 fs/dcache.c:835 __fput+0x3b9/0xb70 fs/file_table.c:384 task_work_run+0x14d/0x240 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The buggy address belongs to the object at ffff88802f4fc800 which belongs to the cache sock_inode_cache of size 1408 The buggy address is located 128 bytes inside of freed 1408-byte region [ffff88802f4fc800, ffff88802f4fcd80) The buggy address belongs to the physical page: page:ffffea0000bd3e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f4f8 head:ffffea0000bd3e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000840 ffff888013b06b40 0000000000000000 0000000000000001 raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4956, tgid 4956 (sshd), ts 31423924727, free_ts 0 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x2d0/0x350 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0xa28/0x3780 mm/page_alloc.c:3311 __alloc_pages+0x22f/0x2440 mm/page_alloc.c:4567 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page mm/slub.c:2190 [inline] allocate_slab mm/slub.c:2354 [inline] new_slab+0xcc/0x3a0 mm/slub.c:2407 ___slab_alloc+0x4af/0x19a0 mm/slub.c:3540 __slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3625 __slab_alloc_node mm/slub.c:3678 [inline] slab_alloc_node mm/slub.c:3850 [inline] kmem_cache_alloc_lru+0x379/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634 __sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b page_owner free stack trace missing Memory state around the buggy address: ffff88802f4fc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88802f4fc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88802f4fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88802f4fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88802f4fc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 43815482370c ("net: sock_def_readable() and friends RCU conversion") Reported-and-tested-by: syzbot+32b89eaa102b372ff76d@syzkaller.appspotmail.com Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Biggers <ebiggers@google.com> Cc: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://lore.kernel.org/r/20240126165532.3396702-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
1311 lines
32 KiB
C
1311 lines
32 KiB
C
/*
|
|
* af_llc.c - LLC User Interface SAPs
|
|
* Description:
|
|
* Functions in this module are implementation of socket based llc
|
|
* communications for the Linux operating system. Support of llc class
|
|
* one and class two is provided via SOCK_DGRAM and SOCK_STREAM
|
|
* respectively.
|
|
*
|
|
* An llc2 connection is (mac + sap), only one llc2 sap connection
|
|
* is allowed per mac. Though one sap may have multiple mac + sap
|
|
* connections.
|
|
*
|
|
* Copyright (c) 2001 by Jay Schulist <jschlst@samba.org>
|
|
* 2002-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
|
|
*
|
|
* This program can be redistributed or modified under the terms of the
|
|
* GNU General Public License as published by the Free Software Foundation.
|
|
* This program is distributed without any warranty or implied warranty
|
|
* of merchantability or fitness for a particular purpose.
|
|
*
|
|
* See the GNU General Public License for more details.
|
|
*/
|
|
#include <linux/compiler.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <linux/init.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/sched/signal.h>
|
|
|
|
#include <net/llc.h>
|
|
#include <net/llc_sap.h>
|
|
#include <net/llc_pdu.h>
|
|
#include <net/llc_conn.h>
|
|
#include <net/tcp_states.h>
|
|
|
|
/* remember: uninitialized global data is zeroed because its in .bss */
|
|
static u16 llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
static u16 llc_ui_sap_link_no_max[256];
|
|
static struct sockaddr_llc llc_ui_addrnull;
|
|
static const struct proto_ops llc_ui_ops;
|
|
|
|
static bool llc_ui_wait_for_conn(struct sock *sk, long timeout);
|
|
static int llc_ui_wait_for_disc(struct sock *sk, long timeout);
|
|
static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout);
|
|
|
|
#if 0
|
|
#define dprintk(args...) printk(KERN_DEBUG args)
|
|
#else
|
|
#define dprintk(args...) do {} while (0)
|
|
#endif
|
|
|
|
/* Maybe we'll add some more in the future. */
|
|
#define LLC_CMSG_PKTINFO 1
|
|
|
|
|
|
/**
|
|
* llc_ui_next_link_no - return the next unused link number for a sap
|
|
* @sap: Address of sap to get link number from.
|
|
*
|
|
* Return the next unused link number for a given sap.
|
|
*/
|
|
static inline u16 llc_ui_next_link_no(int sap)
|
|
{
|
|
return llc_ui_sap_link_no_max[sap]++;
|
|
}
|
|
|
|
/**
|
|
* llc_proto_type - return eth protocol for ARP header type
|
|
* @arphrd: ARP header type.
|
|
*
|
|
* Given an ARP header type return the corresponding ethernet protocol.
|
|
*/
|
|
static inline __be16 llc_proto_type(u16 arphrd)
|
|
{
|
|
return htons(ETH_P_802_2);
|
|
}
|
|
|
|
/**
|
|
* llc_ui_addr_null - determines if a address structure is null
|
|
* @addr: Address to test if null.
|
|
*/
|
|
static inline u8 llc_ui_addr_null(struct sockaddr_llc *addr)
|
|
{
|
|
return !memcmp(addr, &llc_ui_addrnull, sizeof(*addr));
|
|
}
|
|
|
|
/**
|
|
* llc_ui_header_len - return length of llc header based on operation
|
|
* @sk: Socket which contains a valid llc socket type.
|
|
* @addr: Complete sockaddr_llc structure received from the user.
|
|
*
|
|
* Provide the length of the llc header depending on what kind of
|
|
* operation the user would like to perform and the type of socket.
|
|
* Returns the correct llc header length.
|
|
*/
|
|
static inline u8 llc_ui_header_len(struct sock *sk, struct sockaddr_llc *addr)
|
|
{
|
|
u8 rc = LLC_PDU_LEN_U;
|
|
|
|
if (addr->sllc_test)
|
|
rc = LLC_PDU_LEN_U;
|
|
else if (addr->sllc_xid)
|
|
/* We need to expand header to sizeof(struct llc_xid_info)
|
|
* since llc_pdu_init_as_xid_cmd() sets 4,5,6 bytes of LLC header
|
|
* as XID PDU. In llc_ui_sendmsg() we reserved header size and then
|
|
* filled all other space with user data. If we won't reserve this
|
|
* bytes, llc_pdu_init_as_xid_cmd() will overwrite user data
|
|
*/
|
|
rc = LLC_PDU_LEN_U_XID;
|
|
else if (sk->sk_type == SOCK_STREAM)
|
|
rc = LLC_PDU_LEN_I;
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_send_data - send data via reliable llc2 connection
|
|
* @sk: Connection the socket is using.
|
|
* @skb: Data the user wishes to send.
|
|
* @noblock: can we block waiting for data?
|
|
*
|
|
* Send data via reliable llc2 connection.
|
|
* Returns 0 upon success, non-zero if action did not succeed.
|
|
*
|
|
* This function always consumes a reference to the skb.
|
|
*/
|
|
static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock)
|
|
{
|
|
struct llc_sock* llc = llc_sk(sk);
|
|
|
|
if (unlikely(llc_data_accept_state(llc->state) ||
|
|
llc->remote_busy_flag ||
|
|
llc->p_flag)) {
|
|
long timeout = sock_sndtimeo(sk, noblock);
|
|
int rc;
|
|
|
|
rc = llc_ui_wait_for_busy_core(sk, timeout);
|
|
if (rc) {
|
|
kfree_skb(skb);
|
|
return rc;
|
|
}
|
|
}
|
|
return llc_build_and_send_pkt(sk, skb);
|
|
}
|
|
|
|
static void llc_ui_sk_init(struct socket *sock, struct sock *sk)
|
|
{
|
|
sock_graft(sk, sock);
|
|
sk->sk_type = sock->type;
|
|
sock->ops = &llc_ui_ops;
|
|
}
|
|
|
|
static struct proto llc_proto = {
|
|
.name = "LLC",
|
|
.owner = THIS_MODULE,
|
|
.obj_size = sizeof(struct llc_sock),
|
|
.slab_flags = SLAB_TYPESAFE_BY_RCU,
|
|
};
|
|
|
|
/**
|
|
* llc_ui_create - alloc and init a new llc_ui socket
|
|
* @net: network namespace (must be default network)
|
|
* @sock: Socket to initialize and attach allocated sk to.
|
|
* @protocol: Unused.
|
|
* @kern: on behalf of kernel or userspace
|
|
*
|
|
* Allocate and initialize a new llc_ui socket, validate the user wants a
|
|
* socket type we have available.
|
|
* Returns 0 upon success, negative upon failure.
|
|
*/
|
|
static int llc_ui_create(struct net *net, struct socket *sock, int protocol,
|
|
int kern)
|
|
{
|
|
struct sock *sk;
|
|
int rc = -ESOCKTNOSUPPORT;
|
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_RAW))
|
|
return -EPERM;
|
|
|
|
if (!net_eq(net, &init_net))
|
|
return -EAFNOSUPPORT;
|
|
|
|
if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) {
|
|
rc = -ENOMEM;
|
|
sk = llc_sk_alloc(net, PF_LLC, GFP_KERNEL, &llc_proto, kern);
|
|
if (sk) {
|
|
rc = 0;
|
|
llc_ui_sk_init(sock, sk);
|
|
}
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_release - shutdown socket
|
|
* @sock: Socket to release.
|
|
*
|
|
* Shutdown and deallocate an existing socket.
|
|
*/
|
|
static int llc_ui_release(struct socket *sock)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc;
|
|
|
|
if (unlikely(sk == NULL))
|
|
goto out;
|
|
sock_hold(sk);
|
|
lock_sock(sk);
|
|
llc = llc_sk(sk);
|
|
dprintk("%s: closing local(%02X) remote(%02X)\n", __func__,
|
|
llc->laddr.lsap, llc->daddr.lsap);
|
|
if (!llc_send_disc(sk))
|
|
llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo);
|
|
if (!sock_flag(sk, SOCK_ZAPPED)) {
|
|
struct llc_sap *sap = llc->sap;
|
|
|
|
/* Hold this for release_sock(), so that llc_backlog_rcv()
|
|
* could still use it.
|
|
*/
|
|
llc_sap_hold(sap);
|
|
llc_sap_remove_socket(llc->sap, sk);
|
|
release_sock(sk);
|
|
llc_sap_put(sap);
|
|
} else {
|
|
release_sock(sk);
|
|
}
|
|
netdev_put(llc->dev, &llc->dev_tracker);
|
|
sock_put(sk);
|
|
sock_orphan(sk);
|
|
sock->sk = NULL;
|
|
llc_sk_free(sk);
|
|
out:
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_autoport - provide dynamically allocate SAP number
|
|
*
|
|
* Provide the caller with a dynamically allocated SAP number according
|
|
* to the rules that are set in this function. Returns: 0, upon failure,
|
|
* SAP number otherwise.
|
|
*/
|
|
static int llc_ui_autoport(void)
|
|
{
|
|
struct llc_sap *sap;
|
|
int i, tries = 0;
|
|
|
|
while (tries < LLC_SAP_DYN_TRIES) {
|
|
for (i = llc_ui_sap_last_autoport;
|
|
i < LLC_SAP_DYN_STOP; i += 2) {
|
|
sap = llc_sap_find(i);
|
|
if (!sap) {
|
|
llc_ui_sap_last_autoport = i + 2;
|
|
goto out;
|
|
}
|
|
llc_sap_put(sap);
|
|
}
|
|
llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
tries++;
|
|
}
|
|
i = 0;
|
|
out:
|
|
return i;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_autobind - automatically bind a socket to a sap
|
|
* @sock: socket to bind
|
|
* @addr: address to connect to
|
|
*
|
|
* Used by llc_ui_connect and llc_ui_sendmsg when the user hasn't
|
|
* specifically used llc_ui_bind to bind to an specific address/sap
|
|
*
|
|
* Returns: 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
struct net_device *dev = NULL;
|
|
struct llc_sap *sap;
|
|
int rc = -EINVAL;
|
|
|
|
if (!sock_flag(sk, SOCK_ZAPPED))
|
|
goto out;
|
|
if (!addr->sllc_arphrd)
|
|
addr->sllc_arphrd = ARPHRD_ETHER;
|
|
if (addr->sllc_arphrd != ARPHRD_ETHER)
|
|
goto out;
|
|
rc = -ENODEV;
|
|
if (sk->sk_bound_dev_if) {
|
|
dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if);
|
|
if (dev && addr->sllc_arphrd != dev->type) {
|
|
dev_put(dev);
|
|
dev = NULL;
|
|
}
|
|
} else
|
|
dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
|
|
if (!dev)
|
|
goto out;
|
|
rc = -EUSERS;
|
|
llc->laddr.lsap = llc_ui_autoport();
|
|
if (!llc->laddr.lsap)
|
|
goto out;
|
|
rc = -EBUSY; /* some other network layer is using the sap */
|
|
sap = llc_sap_open(llc->laddr.lsap, NULL);
|
|
if (!sap)
|
|
goto out;
|
|
|
|
/* Note: We do not expect errors from this point. */
|
|
llc->dev = dev;
|
|
netdev_tracker_alloc(llc->dev, &llc->dev_tracker, GFP_KERNEL);
|
|
dev = NULL;
|
|
|
|
memcpy(llc->laddr.mac, llc->dev->dev_addr, IFHWADDRLEN);
|
|
memcpy(&llc->addr, addr, sizeof(llc->addr));
|
|
/* assign new connection to its SAP */
|
|
llc_sap_add_socket(sap, sk);
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
rc = 0;
|
|
out:
|
|
dev_put(dev);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_bind - bind a socket to a specific address.
|
|
* @sock: Socket to bind an address to.
|
|
* @uaddr: Address the user wants the socket bound to.
|
|
* @addrlen: Length of the uaddr structure.
|
|
*
|
|
* Bind a socket to a specific address. For llc a user is able to bind to
|
|
* a specific sap only or mac + sap.
|
|
* If the user desires to bind to a specific mac + sap, it is possible to
|
|
* have multiple sap connections via multiple macs.
|
|
* Bind and autobind for that matter must enforce the correct sap usage
|
|
* otherwise all hell will break loose.
|
|
* Returns: 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
|
|
{
|
|
struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
struct net_device *dev = NULL;
|
|
struct llc_sap *sap;
|
|
int rc = -EINVAL;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)))
|
|
goto out;
|
|
rc = -EAFNOSUPPORT;
|
|
if (!addr->sllc_arphrd)
|
|
addr->sllc_arphrd = ARPHRD_ETHER;
|
|
if (unlikely(addr->sllc_family != AF_LLC || addr->sllc_arphrd != ARPHRD_ETHER))
|
|
goto out;
|
|
dprintk("%s: binding %02X\n", __func__, addr->sllc_sap);
|
|
rc = -ENODEV;
|
|
rcu_read_lock();
|
|
if (sk->sk_bound_dev_if) {
|
|
dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if);
|
|
if (dev) {
|
|
if (is_zero_ether_addr(addr->sllc_mac))
|
|
memcpy(addr->sllc_mac, dev->dev_addr,
|
|
IFHWADDRLEN);
|
|
if (addr->sllc_arphrd != dev->type ||
|
|
!ether_addr_equal(addr->sllc_mac,
|
|
dev->dev_addr)) {
|
|
rc = -EINVAL;
|
|
dev = NULL;
|
|
}
|
|
}
|
|
} else {
|
|
dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd,
|
|
addr->sllc_mac);
|
|
}
|
|
dev_hold(dev);
|
|
rcu_read_unlock();
|
|
if (!dev)
|
|
goto out;
|
|
|
|
if (!addr->sllc_sap) {
|
|
rc = -EUSERS;
|
|
addr->sllc_sap = llc_ui_autoport();
|
|
if (!addr->sllc_sap)
|
|
goto out;
|
|
}
|
|
sap = llc_sap_find(addr->sllc_sap);
|
|
if (!sap) {
|
|
sap = llc_sap_open(addr->sllc_sap, NULL);
|
|
rc = -EBUSY; /* some other network layer is using the sap */
|
|
if (!sap)
|
|
goto out;
|
|
} else {
|
|
struct llc_addr laddr, daddr;
|
|
struct sock *ask;
|
|
|
|
memset(&laddr, 0, sizeof(laddr));
|
|
memset(&daddr, 0, sizeof(daddr));
|
|
/*
|
|
* FIXME: check if the address is multicast,
|
|
* only SOCK_DGRAM can do this.
|
|
*/
|
|
memcpy(laddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
|
laddr.lsap = addr->sllc_sap;
|
|
rc = -EADDRINUSE; /* mac + sap clash. */
|
|
ask = llc_lookup_established(sap, &daddr, &laddr, &init_net);
|
|
if (ask) {
|
|
sock_put(ask);
|
|
goto out_put;
|
|
}
|
|
}
|
|
|
|
/* Note: We do not expect errors from this point. */
|
|
llc->dev = dev;
|
|
netdev_tracker_alloc(llc->dev, &llc->dev_tracker, GFP_KERNEL);
|
|
dev = NULL;
|
|
|
|
llc->laddr.lsap = addr->sllc_sap;
|
|
memcpy(llc->laddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
|
memcpy(&llc->addr, addr, sizeof(llc->addr));
|
|
/* assign new connection to its SAP */
|
|
llc_sap_add_socket(sap, sk);
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
rc = 0;
|
|
out_put:
|
|
llc_sap_put(sap);
|
|
out:
|
|
dev_put(dev);
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_shutdown - shutdown a connect llc2 socket.
|
|
* @sock: Socket to shutdown.
|
|
* @how: What part of the socket to shutdown.
|
|
*
|
|
* Shutdown a connected llc2 socket. Currently this function only supports
|
|
* shutting down both sends and receives (2), we could probably make this
|
|
* function such that a user can shutdown only half the connection but not
|
|
* right now.
|
|
* Returns: 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_shutdown(struct socket *sock, int how)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
int rc = -ENOTCONN;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(sk->sk_state != TCP_ESTABLISHED))
|
|
goto out;
|
|
rc = -EINVAL;
|
|
if (how != 2)
|
|
goto out;
|
|
rc = llc_send_disc(sk);
|
|
if (!rc)
|
|
rc = llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo);
|
|
/* Wake up anyone sleeping in poll */
|
|
sk->sk_state_change(sk);
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_connect - Connect to a remote llc2 mac + sap.
|
|
* @sock: Socket which will be connected to the remote destination.
|
|
* @uaddr: Remote and possibly the local address of the new connection.
|
|
* @addrlen: Size of uaddr structure.
|
|
* @flags: Operational flags specified by the user.
|
|
*
|
|
* Connect to a remote llc2 mac + sap. The caller must specify the
|
|
* destination mac and address to connect to. If the user hasn't previously
|
|
* called bind(2) with a smac the address of the first interface of the
|
|
* specified arp type will be used.
|
|
* This function will autobind if user did not previously call bind.
|
|
* Returns: 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr,
|
|
int addrlen, int flags)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
|
|
int rc = -EINVAL;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(addrlen != sizeof(*addr)))
|
|
goto out;
|
|
rc = -EAFNOSUPPORT;
|
|
if (unlikely(addr->sllc_family != AF_LLC))
|
|
goto out;
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
|
goto out;
|
|
rc = -EALREADY;
|
|
if (unlikely(sock->state == SS_CONNECTING))
|
|
goto out;
|
|
/* bind connection to sap if user hasn't done it. */
|
|
if (sock_flag(sk, SOCK_ZAPPED)) {
|
|
/* bind to sap with null dev, exclusive */
|
|
rc = llc_ui_autobind(sock, addr);
|
|
if (rc)
|
|
goto out;
|
|
}
|
|
llc->daddr.lsap = addr->sllc_sap;
|
|
memcpy(llc->daddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
|
sock->state = SS_CONNECTING;
|
|
sk->sk_state = TCP_SYN_SENT;
|
|
llc->link = llc_ui_next_link_no(llc->sap->laddr.lsap);
|
|
rc = llc_establish_connection(sk, llc->dev->dev_addr,
|
|
addr->sllc_mac, addr->sllc_sap);
|
|
if (rc) {
|
|
dprintk("%s: llc_ui_send_conn failed :-(\n", __func__);
|
|
sock->state = SS_UNCONNECTED;
|
|
sk->sk_state = TCP_CLOSE;
|
|
goto out;
|
|
}
|
|
|
|
if (sk->sk_state == TCP_SYN_SENT) {
|
|
const long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
|
|
|
|
if (!timeo || !llc_ui_wait_for_conn(sk, timeo))
|
|
goto out;
|
|
|
|
rc = sock_intr_errno(timeo);
|
|
if (signal_pending(current))
|
|
goto out;
|
|
}
|
|
|
|
if (sk->sk_state == TCP_CLOSE)
|
|
goto sock_error;
|
|
|
|
sock->state = SS_CONNECTED;
|
|
rc = 0;
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
sock_error:
|
|
rc = sock_error(sk) ? : -ECONNABORTED;
|
|
sock->state = SS_UNCONNECTED;
|
|
goto out;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_listen - allow a normal socket to accept incoming connections
|
|
* @sock: Socket to allow incoming connections on.
|
|
* @backlog: Number of connections to queue.
|
|
*
|
|
* Allow a normal socket to accept incoming connections.
|
|
* Returns 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_listen(struct socket *sock, int backlog)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
int rc = -EINVAL;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(sock->state != SS_UNCONNECTED))
|
|
goto out;
|
|
rc = -EOPNOTSUPP;
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
|
goto out;
|
|
rc = -EAGAIN;
|
|
if (sock_flag(sk, SOCK_ZAPPED))
|
|
goto out;
|
|
rc = 0;
|
|
if (!(unsigned int)backlog) /* BSDism */
|
|
backlog = 1;
|
|
sk->sk_max_ack_backlog = backlog;
|
|
if (sk->sk_state != TCP_LISTEN) {
|
|
sk->sk_ack_backlog = 0;
|
|
sk->sk_state = TCP_LISTEN;
|
|
}
|
|
sk->sk_socket->flags |= __SO_ACCEPTCON;
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
static int llc_ui_wait_for_disc(struct sock *sk, long timeout)
|
|
{
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
|
int rc = 0;
|
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
|
while (1) {
|
|
if (sk_wait_event(sk, &timeout,
|
|
READ_ONCE(sk->sk_state) == TCP_CLOSE, &wait))
|
|
break;
|
|
rc = -ERESTARTSYS;
|
|
if (signal_pending(current))
|
|
break;
|
|
rc = -EAGAIN;
|
|
if (!timeout)
|
|
break;
|
|
rc = 0;
|
|
}
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
|
return rc;
|
|
}
|
|
|
|
static bool llc_ui_wait_for_conn(struct sock *sk, long timeout)
|
|
{
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
|
while (1) {
|
|
if (sk_wait_event(sk, &timeout,
|
|
READ_ONCE(sk->sk_state) != TCP_SYN_SENT, &wait))
|
|
break;
|
|
if (signal_pending(current) || !timeout)
|
|
break;
|
|
}
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
|
return timeout;
|
|
}
|
|
|
|
static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout)
|
|
{
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
int rc;
|
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
|
while (1) {
|
|
rc = 0;
|
|
if (sk_wait_event(sk, &timeout,
|
|
(READ_ONCE(sk->sk_shutdown) & RCV_SHUTDOWN) ||
|
|
(!llc_data_accept_state(llc->state) &&
|
|
!llc->remote_busy_flag &&
|
|
!llc->p_flag), &wait))
|
|
break;
|
|
rc = -ERESTARTSYS;
|
|
if (signal_pending(current))
|
|
break;
|
|
rc = -EAGAIN;
|
|
if (!timeout)
|
|
break;
|
|
}
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
|
return rc;
|
|
}
|
|
|
|
static int llc_wait_data(struct sock *sk, long timeo)
|
|
{
|
|
int rc;
|
|
|
|
while (1) {
|
|
/*
|
|
* POSIX 1003.1g mandates this order.
|
|
*/
|
|
rc = sock_error(sk);
|
|
if (rc)
|
|
break;
|
|
rc = 0;
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
|
break;
|
|
rc = -EAGAIN;
|
|
if (!timeo)
|
|
break;
|
|
rc = sock_intr_errno(timeo);
|
|
if (signal_pending(current))
|
|
break;
|
|
rc = 0;
|
|
if (sk_wait_data(sk, &timeo, NULL))
|
|
break;
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
|
|
{
|
|
struct llc_sock *llc = llc_sk(skb->sk);
|
|
|
|
if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
|
|
struct llc_pktinfo info;
|
|
|
|
memset(&info, 0, sizeof(info));
|
|
info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
|
|
llc_pdu_decode_dsap(skb, &info.lpi_sap);
|
|
llc_pdu_decode_da(skb, info.lpi_mac);
|
|
put_cmsg(msg, SOL_LLC, LLC_OPT_PKTINFO, sizeof(info), &info);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* llc_ui_accept - accept a new incoming connection.
|
|
* @sock: Socket which connections arrive on.
|
|
* @newsock: Socket to move incoming connection to.
|
|
* @flags: User specified operational flags.
|
|
* @kern: If the socket is kernel internal
|
|
*
|
|
* Accept a new incoming connection.
|
|
* Returns 0 upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags,
|
|
bool kern)
|
|
{
|
|
struct sock *sk = sock->sk, *newsk;
|
|
struct llc_sock *llc, *newllc;
|
|
struct sk_buff *skb;
|
|
int rc = -EOPNOTSUPP;
|
|
|
|
dprintk("%s: accepting on %02X\n", __func__,
|
|
llc_sk(sk)->laddr.lsap);
|
|
lock_sock(sk);
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
|
goto out;
|
|
rc = -EINVAL;
|
|
if (unlikely(sock->state != SS_UNCONNECTED ||
|
|
sk->sk_state != TCP_LISTEN))
|
|
goto out;
|
|
/* wait for a connection to arrive. */
|
|
if (skb_queue_empty(&sk->sk_receive_queue)) {
|
|
rc = llc_wait_data(sk, sk->sk_rcvtimeo);
|
|
if (rc)
|
|
goto out;
|
|
}
|
|
dprintk("%s: got a new connection on %02X\n", __func__,
|
|
llc_sk(sk)->laddr.lsap);
|
|
skb = skb_dequeue(&sk->sk_receive_queue);
|
|
rc = -EINVAL;
|
|
if (!skb->sk)
|
|
goto frees;
|
|
rc = 0;
|
|
newsk = skb->sk;
|
|
/* attach connection to a new socket. */
|
|
llc_ui_sk_init(newsock, newsk);
|
|
sock_reset_flag(newsk, SOCK_ZAPPED);
|
|
newsk->sk_state = TCP_ESTABLISHED;
|
|
newsock->state = SS_CONNECTED;
|
|
llc = llc_sk(sk);
|
|
newllc = llc_sk(newsk);
|
|
memcpy(&newllc->addr, &llc->addr, sizeof(newllc->addr));
|
|
newllc->link = llc_ui_next_link_no(newllc->laddr.lsap);
|
|
|
|
/* put original socket back into a clean listen state. */
|
|
sk->sk_state = TCP_LISTEN;
|
|
sk_acceptq_removed(sk);
|
|
dprintk("%s: ok success on %02X, client on %02X\n", __func__,
|
|
llc_sk(sk)->addr.sllc_sap, newllc->daddr.lsap);
|
|
frees:
|
|
kfree_skb(skb);
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_recvmsg - copy received data to the socket user.
|
|
* @sock: Socket to copy data from.
|
|
* @msg: Various user space related information.
|
|
* @len: Size of user buffer.
|
|
* @flags: User specified flags.
|
|
*
|
|
* Copy received data to the socket user.
|
|
* Returns non-negative upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
|
|
int flags)
|
|
{
|
|
DECLARE_SOCKADDR(struct sockaddr_llc *, uaddr, msg->msg_name);
|
|
const int nonblock = flags & MSG_DONTWAIT;
|
|
struct sk_buff *skb = NULL;
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
size_t copied = 0;
|
|
u32 peek_seq = 0;
|
|
u32 *seq, skb_len;
|
|
unsigned long used;
|
|
int target; /* Read at least this many bytes */
|
|
long timeo;
|
|
|
|
lock_sock(sk);
|
|
copied = -ENOTCONN;
|
|
if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
|
|
goto out;
|
|
|
|
timeo = sock_rcvtimeo(sk, nonblock);
|
|
|
|
seq = &llc->copied_seq;
|
|
if (flags & MSG_PEEK) {
|
|
peek_seq = llc->copied_seq;
|
|
seq = &peek_seq;
|
|
}
|
|
|
|
target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
|
|
copied = 0;
|
|
|
|
do {
|
|
u32 offset;
|
|
|
|
/*
|
|
* We need to check signals first, to get correct SIGURG
|
|
* handling. FIXME: Need to check this doesn't impact 1003.1g
|
|
* and move it down to the bottom of the loop
|
|
*/
|
|
if (signal_pending(current)) {
|
|
if (copied)
|
|
break;
|
|
copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
|
|
break;
|
|
}
|
|
|
|
/* Next get a buffer. */
|
|
|
|
skb = skb_peek(&sk->sk_receive_queue);
|
|
if (skb) {
|
|
offset = *seq;
|
|
goto found_ok_skb;
|
|
}
|
|
/* Well, if we have backlog, try to process it now yet. */
|
|
|
|
if (copied >= target && !READ_ONCE(sk->sk_backlog.tail))
|
|
break;
|
|
|
|
if (copied) {
|
|
if (sk->sk_err ||
|
|
sk->sk_state == TCP_CLOSE ||
|
|
(sk->sk_shutdown & RCV_SHUTDOWN) ||
|
|
!timeo ||
|
|
(flags & MSG_PEEK))
|
|
break;
|
|
} else {
|
|
if (sock_flag(sk, SOCK_DONE))
|
|
break;
|
|
|
|
if (sk->sk_err) {
|
|
copied = sock_error(sk);
|
|
break;
|
|
}
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
|
break;
|
|
|
|
if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) {
|
|
if (!sock_flag(sk, SOCK_DONE)) {
|
|
/*
|
|
* This occurs when user tries to read
|
|
* from never connected socket.
|
|
*/
|
|
copied = -ENOTCONN;
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
if (!timeo) {
|
|
copied = -EAGAIN;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (copied >= target) { /* Do not sleep, just process backlog. */
|
|
release_sock(sk);
|
|
lock_sock(sk);
|
|
} else
|
|
sk_wait_data(sk, &timeo, NULL);
|
|
|
|
if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) {
|
|
net_dbg_ratelimited("LLC(%s:%d): Application bug, race in MSG_PEEK\n",
|
|
current->comm,
|
|
task_pid_nr(current));
|
|
peek_seq = llc->copied_seq;
|
|
}
|
|
continue;
|
|
found_ok_skb:
|
|
skb_len = skb->len;
|
|
/* Ok so how much can we use? */
|
|
used = skb->len - offset;
|
|
if (len < used)
|
|
used = len;
|
|
|
|
if (!(flags & MSG_TRUNC)) {
|
|
int rc = skb_copy_datagram_msg(skb, offset, msg, used);
|
|
if (rc) {
|
|
/* Exception. Bailout! */
|
|
if (!copied)
|
|
copied = -EFAULT;
|
|
break;
|
|
}
|
|
}
|
|
|
|
*seq += used;
|
|
copied += used;
|
|
len -= used;
|
|
|
|
/* For non stream protcols we get one packet per recvmsg call */
|
|
if (sk->sk_type != SOCK_STREAM)
|
|
goto copy_uaddr;
|
|
|
|
if (!(flags & MSG_PEEK)) {
|
|
skb_unlink(skb, &sk->sk_receive_queue);
|
|
kfree_skb(skb);
|
|
*seq = 0;
|
|
}
|
|
|
|
/* Partial read */
|
|
if (used + offset < skb_len)
|
|
continue;
|
|
} while (len > 0);
|
|
|
|
out:
|
|
release_sock(sk);
|
|
return copied;
|
|
copy_uaddr:
|
|
if (uaddr != NULL && skb != NULL) {
|
|
memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr));
|
|
msg->msg_namelen = sizeof(*uaddr);
|
|
}
|
|
if (llc_sk(sk)->cmsg_flags)
|
|
llc_cmsg_rcv(msg, skb);
|
|
|
|
if (!(flags & MSG_PEEK)) {
|
|
skb_unlink(skb, &sk->sk_receive_queue);
|
|
kfree_skb(skb);
|
|
*seq = 0;
|
|
}
|
|
|
|
goto out;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_sendmsg - Transmit data provided by the socket user.
|
|
* @sock: Socket to transmit data from.
|
|
* @msg: Various user related information.
|
|
* @len: Length of data to transmit.
|
|
*
|
|
* Transmit data provided by the socket user.
|
|
* Returns non-negative upon success, negative otherwise.
|
|
*/
|
|
static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
|
|
{
|
|
DECLARE_SOCKADDR(struct sockaddr_llc *, addr, msg->msg_name);
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
int flags = msg->msg_flags;
|
|
int noblock = flags & MSG_DONTWAIT;
|
|
int rc = -EINVAL, copied = 0, hdrlen, hh_len;
|
|
struct sk_buff *skb = NULL;
|
|
struct net_device *dev;
|
|
size_t size = 0;
|
|
|
|
dprintk("%s: sending from %02X to %02X\n", __func__,
|
|
llc->laddr.lsap, llc->daddr.lsap);
|
|
lock_sock(sk);
|
|
if (addr) {
|
|
if (msg->msg_namelen < sizeof(*addr))
|
|
goto out;
|
|
} else {
|
|
if (llc_ui_addr_null(&llc->addr))
|
|
goto out;
|
|
addr = &llc->addr;
|
|
}
|
|
/* must bind connection to sap if user hasn't done it. */
|
|
if (sock_flag(sk, SOCK_ZAPPED)) {
|
|
/* bind to sap with null dev, exclusive. */
|
|
rc = llc_ui_autobind(sock, addr);
|
|
if (rc)
|
|
goto out;
|
|
}
|
|
dev = llc->dev;
|
|
hh_len = LL_RESERVED_SPACE(dev);
|
|
hdrlen = llc_ui_header_len(sk, addr);
|
|
size = hdrlen + len;
|
|
size = min_t(size_t, size, READ_ONCE(dev->mtu));
|
|
copied = size - hdrlen;
|
|
rc = -EINVAL;
|
|
if (copied < 0)
|
|
goto out;
|
|
release_sock(sk);
|
|
skb = sock_alloc_send_skb(sk, hh_len + size, noblock, &rc);
|
|
lock_sock(sk);
|
|
if (!skb)
|
|
goto out;
|
|
if (sock_flag(sk, SOCK_ZAPPED) ||
|
|
llc->dev != dev ||
|
|
hdrlen != llc_ui_header_len(sk, addr) ||
|
|
hh_len != LL_RESERVED_SPACE(dev) ||
|
|
size > READ_ONCE(dev->mtu))
|
|
goto out;
|
|
skb->dev = dev;
|
|
skb->protocol = llc_proto_type(addr->sllc_arphrd);
|
|
skb_reserve(skb, hh_len + hdrlen);
|
|
rc = memcpy_from_msg(skb_put(skb, copied), msg, copied);
|
|
if (rc)
|
|
goto out;
|
|
if (sk->sk_type == SOCK_DGRAM || addr->sllc_ua) {
|
|
llc_build_and_send_ui_pkt(llc->sap, skb, addr->sllc_mac,
|
|
addr->sllc_sap);
|
|
skb = NULL;
|
|
goto out;
|
|
}
|
|
if (addr->sllc_test) {
|
|
llc_build_and_send_test_pkt(llc->sap, skb, addr->sllc_mac,
|
|
addr->sllc_sap);
|
|
skb = NULL;
|
|
goto out;
|
|
}
|
|
if (addr->sllc_xid) {
|
|
llc_build_and_send_xid_pkt(llc->sap, skb, addr->sllc_mac,
|
|
addr->sllc_sap);
|
|
skb = NULL;
|
|
goto out;
|
|
}
|
|
rc = -ENOPROTOOPT;
|
|
if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua))
|
|
goto out;
|
|
rc = llc_ui_send_data(sk, skb, noblock);
|
|
skb = NULL;
|
|
out:
|
|
kfree_skb(skb);
|
|
if (rc)
|
|
dprintk("%s: failed sending from %02X to %02X: %d\n",
|
|
__func__, llc->laddr.lsap, llc->daddr.lsap, rc);
|
|
release_sock(sk);
|
|
return rc ? : copied;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_getname - return the address info of a socket
|
|
* @sock: Socket to get address of.
|
|
* @uaddr: Address structure to return information.
|
|
* @peer: Does user want local or remote address information.
|
|
*
|
|
* Return the address information of a socket.
|
|
*/
|
|
static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr,
|
|
int peer)
|
|
{
|
|
struct sockaddr_llc sllc;
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
int rc = -EBADF;
|
|
|
|
memset(&sllc, 0, sizeof(sllc));
|
|
lock_sock(sk);
|
|
if (sock_flag(sk, SOCK_ZAPPED))
|
|
goto out;
|
|
if (peer) {
|
|
rc = -ENOTCONN;
|
|
if (sk->sk_state != TCP_ESTABLISHED)
|
|
goto out;
|
|
if(llc->dev)
|
|
sllc.sllc_arphrd = llc->dev->type;
|
|
sllc.sllc_sap = llc->daddr.lsap;
|
|
memcpy(&sllc.sllc_mac, &llc->daddr.mac, IFHWADDRLEN);
|
|
} else {
|
|
rc = -EINVAL;
|
|
if (!llc->sap)
|
|
goto out;
|
|
sllc.sllc_sap = llc->sap->laddr.lsap;
|
|
|
|
if (llc->dev) {
|
|
sllc.sllc_arphrd = llc->dev->type;
|
|
memcpy(&sllc.sllc_mac, llc->dev->dev_addr,
|
|
IFHWADDRLEN);
|
|
}
|
|
}
|
|
sllc.sllc_family = AF_LLC;
|
|
memcpy(uaddr, &sllc, sizeof(sllc));
|
|
rc = sizeof(sllc);
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_ioctl - io controls for PF_LLC
|
|
* @sock: Socket to get/set info
|
|
* @cmd: command
|
|
* @arg: optional argument for cmd
|
|
*
|
|
* get/set info on llc sockets
|
|
*/
|
|
static int llc_ui_ioctl(struct socket *sock, unsigned int cmd,
|
|
unsigned long arg)
|
|
{
|
|
return -ENOIOCTLCMD;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_setsockopt - set various connection specific parameters.
|
|
* @sock: Socket to set options on.
|
|
* @level: Socket level user is requesting operations on.
|
|
* @optname: Operation name.
|
|
* @optval: User provided operation data.
|
|
* @optlen: Length of optval.
|
|
*
|
|
* Set various connection specific parameters.
|
|
*/
|
|
static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
|
|
sockptr_t optval, unsigned int optlen)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
unsigned int opt;
|
|
int rc = -EINVAL;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(level != SOL_LLC || optlen != sizeof(int)))
|
|
goto out;
|
|
rc = copy_from_sockptr(&opt, optval, sizeof(opt));
|
|
if (rc)
|
|
goto out;
|
|
rc = -EINVAL;
|
|
switch (optname) {
|
|
case LLC_OPT_RETRY:
|
|
if (opt > LLC_OPT_MAX_RETRY)
|
|
goto out;
|
|
llc->n2 = opt;
|
|
break;
|
|
case LLC_OPT_SIZE:
|
|
if (opt > LLC_OPT_MAX_SIZE)
|
|
goto out;
|
|
llc->n1 = opt;
|
|
break;
|
|
case LLC_OPT_ACK_TMR_EXP:
|
|
if (opt > LLC_OPT_MAX_ACK_TMR_EXP)
|
|
goto out;
|
|
llc->ack_timer.expire = opt * HZ;
|
|
break;
|
|
case LLC_OPT_P_TMR_EXP:
|
|
if (opt > LLC_OPT_MAX_P_TMR_EXP)
|
|
goto out;
|
|
llc->pf_cycle_timer.expire = opt * HZ;
|
|
break;
|
|
case LLC_OPT_REJ_TMR_EXP:
|
|
if (opt > LLC_OPT_MAX_REJ_TMR_EXP)
|
|
goto out;
|
|
llc->rej_sent_timer.expire = opt * HZ;
|
|
break;
|
|
case LLC_OPT_BUSY_TMR_EXP:
|
|
if (opt > LLC_OPT_MAX_BUSY_TMR_EXP)
|
|
goto out;
|
|
llc->busy_state_timer.expire = opt * HZ;
|
|
break;
|
|
case LLC_OPT_TX_WIN:
|
|
if (opt > LLC_OPT_MAX_WIN)
|
|
goto out;
|
|
llc->k = opt;
|
|
break;
|
|
case LLC_OPT_RX_WIN:
|
|
if (opt > LLC_OPT_MAX_WIN)
|
|
goto out;
|
|
llc->rw = opt;
|
|
break;
|
|
case LLC_OPT_PKTINFO:
|
|
if (opt)
|
|
llc->cmsg_flags |= LLC_CMSG_PKTINFO;
|
|
else
|
|
llc->cmsg_flags &= ~LLC_CMSG_PKTINFO;
|
|
break;
|
|
default:
|
|
rc = -ENOPROTOOPT;
|
|
goto out;
|
|
}
|
|
rc = 0;
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* llc_ui_getsockopt - get connection specific socket info
|
|
* @sock: Socket to get information from.
|
|
* @level: Socket level user is requesting operations on.
|
|
* @optname: Operation name.
|
|
* @optval: Variable to return operation data in.
|
|
* @optlen: Length of optval.
|
|
*
|
|
* Get connection specific socket information.
|
|
*/
|
|
static int llc_ui_getsockopt(struct socket *sock, int level, int optname,
|
|
char __user *optval, int __user *optlen)
|
|
{
|
|
struct sock *sk = sock->sk;
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
int val = 0, len = 0, rc = -EINVAL;
|
|
|
|
lock_sock(sk);
|
|
if (unlikely(level != SOL_LLC))
|
|
goto out;
|
|
rc = get_user(len, optlen);
|
|
if (rc)
|
|
goto out;
|
|
rc = -EINVAL;
|
|
if (len != sizeof(int))
|
|
goto out;
|
|
switch (optname) {
|
|
case LLC_OPT_RETRY:
|
|
val = llc->n2; break;
|
|
case LLC_OPT_SIZE:
|
|
val = llc->n1; break;
|
|
case LLC_OPT_ACK_TMR_EXP:
|
|
val = llc->ack_timer.expire / HZ; break;
|
|
case LLC_OPT_P_TMR_EXP:
|
|
val = llc->pf_cycle_timer.expire / HZ; break;
|
|
case LLC_OPT_REJ_TMR_EXP:
|
|
val = llc->rej_sent_timer.expire / HZ; break;
|
|
case LLC_OPT_BUSY_TMR_EXP:
|
|
val = llc->busy_state_timer.expire / HZ; break;
|
|
case LLC_OPT_TX_WIN:
|
|
val = llc->k; break;
|
|
case LLC_OPT_RX_WIN:
|
|
val = llc->rw; break;
|
|
case LLC_OPT_PKTINFO:
|
|
val = (llc->cmsg_flags & LLC_CMSG_PKTINFO) != 0;
|
|
break;
|
|
default:
|
|
rc = -ENOPROTOOPT;
|
|
goto out;
|
|
}
|
|
rc = 0;
|
|
if (put_user(len, optlen) || copy_to_user(optval, &val, len))
|
|
rc = -EFAULT;
|
|
out:
|
|
release_sock(sk);
|
|
return rc;
|
|
}
|
|
|
|
static const struct net_proto_family llc_ui_family_ops = {
|
|
.family = PF_LLC,
|
|
.create = llc_ui_create,
|
|
.owner = THIS_MODULE,
|
|
};
|
|
|
|
static const struct proto_ops llc_ui_ops = {
|
|
.family = PF_LLC,
|
|
.owner = THIS_MODULE,
|
|
.release = llc_ui_release,
|
|
.bind = llc_ui_bind,
|
|
.connect = llc_ui_connect,
|
|
.socketpair = sock_no_socketpair,
|
|
.accept = llc_ui_accept,
|
|
.getname = llc_ui_getname,
|
|
.poll = datagram_poll,
|
|
.ioctl = llc_ui_ioctl,
|
|
.listen = llc_ui_listen,
|
|
.shutdown = llc_ui_shutdown,
|
|
.setsockopt = llc_ui_setsockopt,
|
|
.getsockopt = llc_ui_getsockopt,
|
|
.sendmsg = llc_ui_sendmsg,
|
|
.recvmsg = llc_ui_recvmsg,
|
|
.mmap = sock_no_mmap,
|
|
};
|
|
|
|
static const char llc_proc_err_msg[] __initconst =
|
|
KERN_CRIT "LLC: Unable to register the proc_fs entries\n";
|
|
static const char llc_sysctl_err_msg[] __initconst =
|
|
KERN_CRIT "LLC: Unable to register the sysctl entries\n";
|
|
static const char llc_sock_err_msg[] __initconst =
|
|
KERN_CRIT "LLC: Unable to register the network family\n";
|
|
|
|
static int __init llc2_init(void)
|
|
{
|
|
int rc = proto_register(&llc_proto, 0);
|
|
|
|
if (rc != 0)
|
|
goto out;
|
|
|
|
llc_build_offset_table();
|
|
llc_station_init();
|
|
llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
rc = llc_proc_init();
|
|
if (rc != 0) {
|
|
printk(llc_proc_err_msg);
|
|
goto out_station;
|
|
}
|
|
rc = llc_sysctl_init();
|
|
if (rc) {
|
|
printk(llc_sysctl_err_msg);
|
|
goto out_proc;
|
|
}
|
|
rc = sock_register(&llc_ui_family_ops);
|
|
if (rc) {
|
|
printk(llc_sock_err_msg);
|
|
goto out_sysctl;
|
|
}
|
|
llc_add_pack(LLC_DEST_SAP, llc_sap_handler);
|
|
llc_add_pack(LLC_DEST_CONN, llc_conn_handler);
|
|
out:
|
|
return rc;
|
|
out_sysctl:
|
|
llc_sysctl_exit();
|
|
out_proc:
|
|
llc_proc_exit();
|
|
out_station:
|
|
llc_station_exit();
|
|
proto_unregister(&llc_proto);
|
|
goto out;
|
|
}
|
|
|
|
static void __exit llc2_exit(void)
|
|
{
|
|
llc_station_exit();
|
|
llc_remove_pack(LLC_DEST_SAP);
|
|
llc_remove_pack(LLC_DEST_CONN);
|
|
sock_unregister(PF_LLC);
|
|
llc_proc_exit();
|
|
llc_sysctl_exit();
|
|
proto_unregister(&llc_proto);
|
|
}
|
|
|
|
module_init(llc2_init);
|
|
module_exit(llc2_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Procom 1997, Jay Schullist 2001, Arnaldo C. Melo 2001-2003");
|
|
MODULE_DESCRIPTION("IEEE 802.2 PF_LLC support");
|
|
MODULE_ALIAS_NETPROTO(PF_LLC);
|