1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2010-2011 EIA Electronics,
3 // Pieter Beyens <pieter.beyens@eia.be>
4 // Copyright (c) 2010-2011 EIA Electronics,
5 // Kurt Van Dijck <kurt.van.dijck@eia.be>
6 // Copyright (c) 2018 Protonic,
7 // Robin van der Gracht <robin@protonic.nl>
8 // Copyright (c) 2017-2019 Pengutronix,
9 // Marc Kleine-Budde <kernel@pengutronix.de>
10 // Copyright (c) 2017-2019 Pengutronix,
11 // Oleksij Rempel <kernel@pengutronix.de>
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <linux/can/can-ml.h>
16 #include <linux/can/core.h>
17 #include <linux/can/skb.h>
18 #include <linux/errqueue.h>
19 #include <linux/if_arp.h>
20
21 #include "j1939-priv.h"
22
23 #define J1939_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_addr.j1939)
24
25 /* conversion function between struct sock::sk_priority from linux and
26 * j1939 priority field
27 */
j1939_prio(u32 sk_priority)28 static inline priority_t j1939_prio(u32 sk_priority)
29 {
30 sk_priority = min(sk_priority, 7U);
31
32 return 7 - sk_priority;
33 }
34
j1939_to_sk_priority(priority_t prio)35 static inline u32 j1939_to_sk_priority(priority_t prio)
36 {
37 return 7 - prio;
38 }
39
40 /* function to see if pgn is to be evaluated */
j1939_pgn_is_valid(pgn_t pgn)41 static inline bool j1939_pgn_is_valid(pgn_t pgn)
42 {
43 return pgn <= J1939_PGN_MAX;
44 }
45
46 /* test function to avoid non-zero DA placeholder for pdu1 pgn's */
j1939_pgn_is_clean_pdu(pgn_t pgn)47 static inline bool j1939_pgn_is_clean_pdu(pgn_t pgn)
48 {
49 if (j1939_pgn_is_pdu1(pgn))
50 return !(pgn & 0xff);
51 else
52 return true;
53 }
54
j1939_sock_pending_add(struct sock * sk)55 static inline void j1939_sock_pending_add(struct sock *sk)
56 {
57 struct j1939_sock *jsk = j1939_sk(sk);
58
59 atomic_inc(&jsk->skb_pending);
60 }
61
j1939_sock_pending_get(struct sock * sk)62 static int j1939_sock_pending_get(struct sock *sk)
63 {
64 struct j1939_sock *jsk = j1939_sk(sk);
65
66 return atomic_read(&jsk->skb_pending);
67 }
68
j1939_sock_pending_del(struct sock * sk)69 void j1939_sock_pending_del(struct sock *sk)
70 {
71 struct j1939_sock *jsk = j1939_sk(sk);
72
73 /* atomic_dec_return returns the new value */
74 if (!atomic_dec_return(&jsk->skb_pending))
75 wake_up(&jsk->waitq); /* no pending SKB's */
76 }
77
j1939_jsk_add(struct j1939_priv * priv,struct j1939_sock * jsk)78 static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk)
79 {
80 jsk->state |= J1939_SOCK_BOUND;
81 j1939_priv_get(priv);
82
83 write_lock_bh(&priv->j1939_socks_lock);
84 list_add_tail(&jsk->list, &priv->j1939_socks);
85 write_unlock_bh(&priv->j1939_socks_lock);
86 }
87
j1939_jsk_del(struct j1939_priv * priv,struct j1939_sock * jsk)88 static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk)
89 {
90 write_lock_bh(&priv->j1939_socks_lock);
91 list_del_init(&jsk->list);
92 write_unlock_bh(&priv->j1939_socks_lock);
93
94 j1939_priv_put(priv);
95 jsk->state &= ~J1939_SOCK_BOUND;
96 }
97
j1939_sk_queue_session(struct j1939_session * session)98 static bool j1939_sk_queue_session(struct j1939_session *session)
99 {
100 struct j1939_sock *jsk = j1939_sk(session->sk);
101 bool empty;
102
103 spin_lock_bh(&jsk->sk_session_queue_lock);
104 empty = list_empty(&jsk->sk_session_queue);
105 j1939_session_get(session);
106 list_add_tail(&session->sk_session_queue_entry, &jsk->sk_session_queue);
107 spin_unlock_bh(&jsk->sk_session_queue_lock);
108 j1939_sock_pending_add(&jsk->sk);
109
110 return empty;
111 }
112
113 static struct
j1939_sk_get_incomplete_session(struct j1939_sock * jsk)114 j1939_session *j1939_sk_get_incomplete_session(struct j1939_sock *jsk)
115 {
116 struct j1939_session *session = NULL;
117
118 spin_lock_bh(&jsk->sk_session_queue_lock);
119 if (!list_empty(&jsk->sk_session_queue)) {
120 session = list_last_entry(&jsk->sk_session_queue,
121 struct j1939_session,
122 sk_session_queue_entry);
123 if (session->total_queued_size == session->total_message_size)
124 session = NULL;
125 else
126 j1939_session_get(session);
127 }
128 spin_unlock_bh(&jsk->sk_session_queue_lock);
129
130 return session;
131 }
132
j1939_sk_queue_drop_all(struct j1939_priv * priv,struct j1939_sock * jsk,int err)133 static void j1939_sk_queue_drop_all(struct j1939_priv *priv,
134 struct j1939_sock *jsk, int err)
135 {
136 struct j1939_session *session, *tmp;
137
138 netdev_dbg(priv->ndev, "%s: err: %i\n", __func__, err);
139 spin_lock_bh(&jsk->sk_session_queue_lock);
140 list_for_each_entry_safe(session, tmp, &jsk->sk_session_queue,
141 sk_session_queue_entry) {
142 list_del_init(&session->sk_session_queue_entry);
143 session->err = err;
144 j1939_session_put(session);
145 }
146 spin_unlock_bh(&jsk->sk_session_queue_lock);
147 }
148
j1939_sk_queue_activate_next_locked(struct j1939_session * session)149 static void j1939_sk_queue_activate_next_locked(struct j1939_session *session)
150 {
151 struct j1939_sock *jsk;
152 struct j1939_session *first;
153 int err;
154
155 /* RX-Session don't have a socket (yet) */
156 if (!session->sk)
157 return;
158
159 jsk = j1939_sk(session->sk);
160 lockdep_assert_held(&jsk->sk_session_queue_lock);
161
162 err = session->err;
163
164 first = list_first_entry_or_null(&jsk->sk_session_queue,
165 struct j1939_session,
166 sk_session_queue_entry);
167
168 /* Some else has already activated the next session */
169 if (first != session)
170 return;
171
172 activate_next:
173 list_del_init(&first->sk_session_queue_entry);
174 j1939_session_put(first);
175 first = list_first_entry_or_null(&jsk->sk_session_queue,
176 struct j1939_session,
177 sk_session_queue_entry);
178 if (!first)
179 return;
180
181 if (j1939_session_activate(first)) {
182 netdev_warn_once(first->priv->ndev,
183 "%s: 0x%p: Identical session is already activated.\n",
184 __func__, first);
185 first->err = -EBUSY;
186 goto activate_next;
187 } else {
188 /* Give receiver some time (arbitrary chosen) to recover */
189 int time_ms = 0;
190
191 if (err)
192 time_ms = 10 + get_random_u32_below(16);
193
194 j1939_tp_schedule_txtimer(first, time_ms);
195 }
196 }
197
j1939_sk_queue_activate_next(struct j1939_session * session)198 void j1939_sk_queue_activate_next(struct j1939_session *session)
199 {
200 struct j1939_sock *jsk;
201
202 if (!session->sk)
203 return;
204
205 jsk = j1939_sk(session->sk);
206
207 spin_lock_bh(&jsk->sk_session_queue_lock);
208 j1939_sk_queue_activate_next_locked(session);
209 spin_unlock_bh(&jsk->sk_session_queue_lock);
210 }
211
j1939_sk_match_dst(struct j1939_sock * jsk,const struct j1939_sk_buff_cb * skcb)212 static bool j1939_sk_match_dst(struct j1939_sock *jsk,
213 const struct j1939_sk_buff_cb *skcb)
214 {
215 if ((jsk->state & J1939_SOCK_PROMISC))
216 return true;
217
218 /* Destination address filter */
219 if (jsk->addr.src_name && skcb->addr.dst_name) {
220 if (jsk->addr.src_name != skcb->addr.dst_name)
221 return false;
222 } else {
223 /* receive (all sockets) if
224 * - all packages that match our bind() address
225 * - all broadcast on a socket if SO_BROADCAST
226 * is set
227 */
228 if (j1939_address_is_unicast(skcb->addr.da)) {
229 if (jsk->addr.sa != skcb->addr.da)
230 return false;
231 } else if (!sock_flag(&jsk->sk, SOCK_BROADCAST)) {
232 /* receiving broadcast without SO_BROADCAST
233 * flag is not allowed
234 */
235 return false;
236 }
237 }
238
239 /* Source address filter */
240 if (jsk->state & J1939_SOCK_CONNECTED) {
241 /* receive (all sockets) if
242 * - all packages that match our connect() name or address
243 */
244 if (jsk->addr.dst_name && skcb->addr.src_name) {
245 if (jsk->addr.dst_name != skcb->addr.src_name)
246 return false;
247 } else {
248 if (jsk->addr.da != skcb->addr.sa)
249 return false;
250 }
251 }
252
253 /* PGN filter */
254 if (j1939_pgn_is_valid(jsk->pgn_rx_filter) &&
255 jsk->pgn_rx_filter != skcb->addr.pgn)
256 return false;
257
258 return true;
259 }
260
261 /* matches skb control buffer (addr) with a j1939 filter */
j1939_sk_match_filter(struct j1939_sock * jsk,const struct j1939_sk_buff_cb * skcb)262 static bool j1939_sk_match_filter(struct j1939_sock *jsk,
263 const struct j1939_sk_buff_cb *skcb)
264 {
265 const struct j1939_filter *f;
266 int nfilter;
267
268 spin_lock_bh(&jsk->filters_lock);
269
270 f = jsk->filters;
271 nfilter = jsk->nfilters;
272
273 if (!nfilter)
274 /* receive all when no filters are assigned */
275 goto filter_match_found;
276
277 for (; nfilter; ++f, --nfilter) {
278 if ((skcb->addr.pgn & f->pgn_mask) != f->pgn)
279 continue;
280 if ((skcb->addr.sa & f->addr_mask) != f->addr)
281 continue;
282 if ((skcb->addr.src_name & f->name_mask) != f->name)
283 continue;
284 goto filter_match_found;
285 }
286
287 spin_unlock_bh(&jsk->filters_lock);
288 return false;
289
290 filter_match_found:
291 spin_unlock_bh(&jsk->filters_lock);
292 return true;
293 }
294
j1939_sk_recv_match_one(struct j1939_sock * jsk,const struct j1939_sk_buff_cb * skcb)295 static bool j1939_sk_recv_match_one(struct j1939_sock *jsk,
296 const struct j1939_sk_buff_cb *skcb)
297 {
298 if (!(jsk->state & J1939_SOCK_BOUND))
299 return false;
300
301 if (!j1939_sk_match_dst(jsk, skcb))
302 return false;
303
304 if (!j1939_sk_match_filter(jsk, skcb))
305 return false;
306
307 return true;
308 }
309
j1939_sk_recv_one(struct j1939_sock * jsk,struct sk_buff * oskb)310 static void j1939_sk_recv_one(struct j1939_sock *jsk, struct sk_buff *oskb)
311 {
312 const struct j1939_sk_buff_cb *oskcb = j1939_skb_to_cb(oskb);
313 struct j1939_sk_buff_cb *skcb;
314 enum skb_drop_reason reason;
315 struct sk_buff *skb;
316
317 if (oskb->sk == &jsk->sk)
318 return;
319
320 if (!j1939_sk_recv_match_one(jsk, oskcb))
321 return;
322
323 skb = skb_clone(oskb, GFP_ATOMIC);
324 if (!skb) {
325 pr_warn("skb clone failed\n");
326 return;
327 }
328 can_skb_set_owner(skb, oskb->sk);
329
330 skcb = j1939_skb_to_cb(skb);
331 skcb->msg_flags &= ~(MSG_DONTROUTE);
332 if (skb->sk)
333 skcb->msg_flags |= MSG_DONTROUTE;
334
335 if (sock_queue_rcv_skb_reason(&jsk->sk, skb, &reason) < 0)
336 sk_skb_reason_drop(&jsk->sk, skb, reason);
337 }
338
j1939_sk_recv_match(struct j1939_priv * priv,struct j1939_sk_buff_cb * skcb)339 bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb)
340 {
341 struct j1939_sock *jsk;
342 bool match = false;
343
344 read_lock_bh(&priv->j1939_socks_lock);
345 list_for_each_entry(jsk, &priv->j1939_socks, list) {
346 match = j1939_sk_recv_match_one(jsk, skcb);
347 if (match)
348 break;
349 }
350 read_unlock_bh(&priv->j1939_socks_lock);
351
352 return match;
353 }
354
j1939_sk_recv(struct j1939_priv * priv,struct sk_buff * skb)355 void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb)
356 {
357 struct j1939_sock *jsk;
358
359 read_lock_bh(&priv->j1939_socks_lock);
360 list_for_each_entry(jsk, &priv->j1939_socks, list) {
361 j1939_sk_recv_one(jsk, skb);
362 }
363 read_unlock_bh(&priv->j1939_socks_lock);
364 }
365
j1939_sk_sock_destruct(struct sock * sk)366 static void j1939_sk_sock_destruct(struct sock *sk)
367 {
368 struct j1939_sock *jsk = j1939_sk(sk);
369
370 /* This function will be called by the generic networking code, when
371 * the socket is ultimately closed (sk->sk_destruct).
372 *
373 * The race between
374 * - processing a received CAN frame
375 * (can_receive -> j1939_can_recv)
376 * and accessing j1939_priv
377 * ... and ...
378 * - closing a socket
379 * (j1939_can_rx_unregister -> can_rx_unregister)
380 * and calling the final j1939_priv_put()
381 *
382 * is avoided by calling the final j1939_priv_put() from this
383 * RCU deferred cleanup call.
384 */
385 if (jsk->priv) {
386 j1939_priv_put(jsk->priv);
387 jsk->priv = NULL;
388 }
389
390 /* call generic CAN sock destruct */
391 can_sock_destruct(sk);
392 }
393
j1939_sk_init(struct sock * sk)394 static int j1939_sk_init(struct sock *sk)
395 {
396 struct j1939_sock *jsk = j1939_sk(sk);
397
398 /* Ensure that "sk" is first member in "struct j1939_sock", so that we
399 * can skip it during memset().
400 */
401 BUILD_BUG_ON(offsetof(struct j1939_sock, sk) != 0);
402 memset((void *)jsk + sizeof(jsk->sk), 0x0,
403 sizeof(*jsk) - sizeof(jsk->sk));
404
405 INIT_LIST_HEAD(&jsk->list);
406 init_waitqueue_head(&jsk->waitq);
407 jsk->sk.sk_priority = j1939_to_sk_priority(6);
408 jsk->sk.sk_reuse = 1; /* per default */
409 jsk->addr.sa = J1939_NO_ADDR;
410 jsk->addr.da = J1939_NO_ADDR;
411 jsk->addr.pgn = J1939_NO_PGN;
412 jsk->pgn_rx_filter = J1939_NO_PGN;
413 atomic_set(&jsk->skb_pending, 0);
414 spin_lock_init(&jsk->sk_session_queue_lock);
415 INIT_LIST_HEAD(&jsk->sk_session_queue);
416 spin_lock_init(&jsk->filters_lock);
417
418 /* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */
419 sock_set_flag(sk, SOCK_RCU_FREE);
420 sk->sk_destruct = j1939_sk_sock_destruct;
421 sk->sk_protocol = CAN_J1939;
422
423 return 0;
424 }
425
j1939_sk_sanity_check(struct sockaddr_can * addr,int len)426 static int j1939_sk_sanity_check(struct sockaddr_can *addr, int len)
427 {
428 if (!addr)
429 return -EDESTADDRREQ;
430 if (len < J1939_MIN_NAMELEN)
431 return -EINVAL;
432 if (addr->can_family != AF_CAN)
433 return -EINVAL;
434 if (!addr->can_ifindex)
435 return -ENODEV;
436 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
437 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn))
438 return -EINVAL;
439
440 return 0;
441 }
442
j1939_sk_bind(struct socket * sock,struct sockaddr * uaddr,int len)443 static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
444 {
445 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
446 struct j1939_sock *jsk = j1939_sk(sock->sk);
447 struct j1939_priv *priv;
448 struct sock *sk;
449 struct net *net;
450 int ret = 0;
451
452 ret = j1939_sk_sanity_check(addr, len);
453 if (ret)
454 return ret;
455
456 lock_sock(sock->sk);
457
458 priv = jsk->priv;
459 sk = sock->sk;
460 net = sock_net(sk);
461
462 /* Already bound to an interface? */
463 if (jsk->state & J1939_SOCK_BOUND) {
464 /* A re-bind() to a different interface is not
465 * supported.
466 */
467 if (jsk->ifindex != addr->can_ifindex) {
468 ret = -EINVAL;
469 goto out_release_sock;
470 }
471
472 /* drop old references */
473 j1939_jsk_del(priv, jsk);
474 j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
475 } else {
476 struct can_ml_priv *can_ml;
477 struct net_device *ndev;
478
479 ndev = dev_get_by_index(net, addr->can_ifindex);
480 if (!ndev) {
481 ret = -ENODEV;
482 goto out_release_sock;
483 }
484
485 can_ml = can_get_ml_priv(ndev);
486 if (!can_ml) {
487 dev_put(ndev);
488 ret = -ENODEV;
489 goto out_release_sock;
490 }
491
492 if (!(ndev->flags & IFF_UP)) {
493 dev_put(ndev);
494 ret = -ENETDOWN;
495 goto out_release_sock;
496 }
497
498 priv = j1939_netdev_start(ndev);
499 dev_put(ndev);
500 if (IS_ERR(priv)) {
501 ret = PTR_ERR(priv);
502 goto out_release_sock;
503 }
504
505 jsk->ifindex = addr->can_ifindex;
506
507 /* the corresponding j1939_priv_put() is called via
508 * sk->sk_destruct, which points to j1939_sk_sock_destruct()
509 */
510 j1939_priv_get(priv);
511 jsk->priv = priv;
512 }
513
514 /* set default transmit pgn */
515 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
516 jsk->pgn_rx_filter = addr->can_addr.j1939.pgn;
517 jsk->addr.src_name = addr->can_addr.j1939.name;
518 jsk->addr.sa = addr->can_addr.j1939.addr;
519
520 /* get new references */
521 ret = j1939_local_ecu_get(priv, jsk->addr.src_name, jsk->addr.sa);
522 if (ret) {
523 j1939_netdev_stop(priv);
524 jsk->priv = NULL;
525 synchronize_rcu();
526 j1939_priv_put(priv);
527 goto out_release_sock;
528 }
529
530 j1939_jsk_add(priv, jsk);
531
532 out_release_sock: /* fall through */
533 release_sock(sock->sk);
534
535 return ret;
536 }
537
j1939_sk_connect(struct socket * sock,struct sockaddr * uaddr,int len,int flags)538 static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr,
539 int len, int flags)
540 {
541 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
542 struct j1939_sock *jsk = j1939_sk(sock->sk);
543 int ret = 0;
544
545 ret = j1939_sk_sanity_check(addr, len);
546 if (ret)
547 return ret;
548
549 lock_sock(sock->sk);
550
551 /* bind() before connect() is mandatory */
552 if (!(jsk->state & J1939_SOCK_BOUND)) {
553 ret = -EINVAL;
554 goto out_release_sock;
555 }
556
557 /* A connect() to a different interface is not supported. */
558 if (jsk->ifindex != addr->can_ifindex) {
559 ret = -EINVAL;
560 goto out_release_sock;
561 }
562
563 if (!addr->can_addr.j1939.name &&
564 addr->can_addr.j1939.addr == J1939_NO_ADDR &&
565 !sock_flag(&jsk->sk, SOCK_BROADCAST)) {
566 /* broadcast, but SO_BROADCAST not set */
567 ret = -EACCES;
568 goto out_release_sock;
569 }
570
571 jsk->addr.dst_name = addr->can_addr.j1939.name;
572 jsk->addr.da = addr->can_addr.j1939.addr;
573
574 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
575 jsk->addr.pgn = addr->can_addr.j1939.pgn;
576
577 jsk->state |= J1939_SOCK_CONNECTED;
578
579 out_release_sock: /* fall through */
580 release_sock(sock->sk);
581
582 return ret;
583 }
584
j1939_sk_sock2sockaddr_can(struct sockaddr_can * addr,const struct j1939_sock * jsk,int peer)585 static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr,
586 const struct j1939_sock *jsk, int peer)
587 {
588 /* There are two holes (2 bytes and 3 bytes) to clear to avoid
589 * leaking kernel information to user space.
590 */
591 memset(addr, 0, J1939_MIN_NAMELEN);
592
593 addr->can_family = AF_CAN;
594 addr->can_ifindex = jsk->ifindex;
595 addr->can_addr.j1939.pgn = jsk->addr.pgn;
596 if (peer) {
597 addr->can_addr.j1939.name = jsk->addr.dst_name;
598 addr->can_addr.j1939.addr = jsk->addr.da;
599 } else {
600 addr->can_addr.j1939.name = jsk->addr.src_name;
601 addr->can_addr.j1939.addr = jsk->addr.sa;
602 }
603 }
604
j1939_sk_getname(struct socket * sock,struct sockaddr * uaddr,int peer)605 static int j1939_sk_getname(struct socket *sock, struct sockaddr *uaddr,
606 int peer)
607 {
608 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
609 struct sock *sk = sock->sk;
610 struct j1939_sock *jsk = j1939_sk(sk);
611 int ret = 0;
612
613 lock_sock(sk);
614
615 if (peer && !(jsk->state & J1939_SOCK_CONNECTED)) {
616 ret = -EADDRNOTAVAIL;
617 goto failure;
618 }
619
620 j1939_sk_sock2sockaddr_can(addr, jsk, peer);
621 ret = J1939_MIN_NAMELEN;
622
623 failure:
624 release_sock(sk);
625
626 return ret;
627 }
628
j1939_sk_release(struct socket * sock)629 static int j1939_sk_release(struct socket *sock)
630 {
631 struct sock *sk = sock->sk;
632 struct j1939_sock *jsk;
633
634 if (!sk)
635 return 0;
636
637 lock_sock(sk);
638 jsk = j1939_sk(sk);
639
640 if (jsk->state & J1939_SOCK_BOUND) {
641 struct j1939_priv *priv = jsk->priv;
642
643 if (wait_event_interruptible(jsk->waitq,
644 !j1939_sock_pending_get(&jsk->sk))) {
645 j1939_cancel_active_session(priv, sk);
646 j1939_sk_queue_drop_all(priv, jsk, ESHUTDOWN);
647 }
648
649 j1939_jsk_del(priv, jsk);
650
651 j1939_local_ecu_put(priv, jsk->addr.src_name,
652 jsk->addr.sa);
653
654 j1939_netdev_stop(priv);
655 }
656
657 kfree(jsk->filters);
658 sock_orphan(sk);
659 sock->sk = NULL;
660
661 release_sock(sk);
662 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
663 sock_put(sk);
664
665 return 0;
666 }
667
j1939_sk_setsockopt_flag(struct j1939_sock * jsk,sockptr_t optval,unsigned int optlen,int flag)668 static int j1939_sk_setsockopt_flag(struct j1939_sock *jsk, sockptr_t optval,
669 unsigned int optlen, int flag)
670 {
671 int tmp;
672
673 if (optlen != sizeof(tmp))
674 return -EINVAL;
675 if (copy_from_sockptr(&tmp, optval, optlen))
676 return -EFAULT;
677 lock_sock(&jsk->sk);
678 if (tmp)
679 jsk->state |= flag;
680 else
681 jsk->state &= ~flag;
682 release_sock(&jsk->sk);
683 return tmp;
684 }
685
j1939_sk_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)686 static int j1939_sk_setsockopt(struct socket *sock, int level, int optname,
687 sockptr_t optval, unsigned int optlen)
688 {
689 struct sock *sk = sock->sk;
690 struct j1939_sock *jsk = j1939_sk(sk);
691 int tmp, count = 0, ret = 0;
692 struct j1939_filter *filters = NULL, *ofilters;
693
694 if (level != SOL_CAN_J1939)
695 return -EINVAL;
696
697 switch (optname) {
698 case SO_J1939_FILTER:
699 if (!sockptr_is_null(optval) && optlen != 0) {
700 struct j1939_filter *f;
701 int c;
702
703 if (optlen % sizeof(*filters) != 0)
704 return -EINVAL;
705
706 if (optlen > J1939_FILTER_MAX *
707 sizeof(struct j1939_filter))
708 return -EINVAL;
709
710 count = optlen / sizeof(*filters);
711 filters = memdup_sockptr(optval, optlen);
712 if (IS_ERR(filters))
713 return PTR_ERR(filters);
714
715 for (f = filters, c = count; c; f++, c--) {
716 f->name &= f->name_mask;
717 f->pgn &= f->pgn_mask;
718 f->addr &= f->addr_mask;
719 }
720 }
721
722 lock_sock(&jsk->sk);
723 spin_lock_bh(&jsk->filters_lock);
724 ofilters = jsk->filters;
725 jsk->filters = filters;
726 jsk->nfilters = count;
727 spin_unlock_bh(&jsk->filters_lock);
728 release_sock(&jsk->sk);
729 kfree(ofilters);
730 return 0;
731 case SO_J1939_PROMISC:
732 return j1939_sk_setsockopt_flag(jsk, optval, optlen,
733 J1939_SOCK_PROMISC);
734 case SO_J1939_ERRQUEUE:
735 ret = j1939_sk_setsockopt_flag(jsk, optval, optlen,
736 J1939_SOCK_ERRQUEUE);
737 if (ret < 0)
738 return ret;
739
740 if (!(jsk->state & J1939_SOCK_ERRQUEUE))
741 skb_queue_purge(&sk->sk_error_queue);
742 return ret;
743 case SO_J1939_SEND_PRIO:
744 if (optlen != sizeof(tmp))
745 return -EINVAL;
746 if (copy_from_sockptr(&tmp, optval, optlen))
747 return -EFAULT;
748 if (tmp < 0 || tmp > 7)
749 return -EDOM;
750 if (tmp < 2 && !capable(CAP_NET_ADMIN))
751 return -EPERM;
752 lock_sock(&jsk->sk);
753 jsk->sk.sk_priority = j1939_to_sk_priority(tmp);
754 release_sock(&jsk->sk);
755 return 0;
756 default:
757 return -ENOPROTOOPT;
758 }
759 }
760
j1939_sk_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)761 static int j1939_sk_getsockopt(struct socket *sock, int level, int optname,
762 char __user *optval, int __user *optlen)
763 {
764 struct sock *sk = sock->sk;
765 struct j1939_sock *jsk = j1939_sk(sk);
766 int ret, ulen;
767 /* set defaults for using 'int' properties */
768 int tmp = 0;
769 int len = sizeof(tmp);
770 void *val = &tmp;
771
772 if (level != SOL_CAN_J1939)
773 return -EINVAL;
774 if (get_user(ulen, optlen))
775 return -EFAULT;
776 if (ulen < 0)
777 return -EINVAL;
778
779 lock_sock(&jsk->sk);
780 switch (optname) {
781 case SO_J1939_PROMISC:
782 tmp = (jsk->state & J1939_SOCK_PROMISC) ? 1 : 0;
783 break;
784 case SO_J1939_ERRQUEUE:
785 tmp = (jsk->state & J1939_SOCK_ERRQUEUE) ? 1 : 0;
786 break;
787 case SO_J1939_SEND_PRIO:
788 tmp = j1939_prio(jsk->sk.sk_priority);
789 break;
790 default:
791 ret = -ENOPROTOOPT;
792 goto no_copy;
793 }
794
795 /* copy to user, based on 'len' & 'val'
796 * but most sockopt's are 'int' properties, and have 'len' & 'val'
797 * left unchanged, but instead modified 'tmp'
798 */
799 if (len > ulen)
800 ret = -EFAULT;
801 else if (put_user(len, optlen))
802 ret = -EFAULT;
803 else if (copy_to_user(optval, val, len))
804 ret = -EFAULT;
805 else
806 ret = 0;
807 no_copy:
808 release_sock(&jsk->sk);
809 return ret;
810 }
811
j1939_sk_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)812 static int j1939_sk_recvmsg(struct socket *sock, struct msghdr *msg,
813 size_t size, int flags)
814 {
815 struct sock *sk = sock->sk;
816 struct sk_buff *skb;
817 struct j1939_sk_buff_cb *skcb;
818 int ret = 0;
819
820 if (flags & ~(MSG_DONTWAIT | MSG_ERRQUEUE | MSG_CMSG_COMPAT))
821 return -EINVAL;
822
823 if (flags & MSG_ERRQUEUE)
824 return sock_recv_errqueue(sock->sk, msg, size, SOL_CAN_J1939,
825 SCM_J1939_ERRQUEUE);
826
827 skb = skb_recv_datagram(sk, flags, &ret);
828 if (!skb)
829 return ret;
830
831 if (size < skb->len)
832 msg->msg_flags |= MSG_TRUNC;
833 else
834 size = skb->len;
835
836 ret = memcpy_to_msg(msg, skb->data, size);
837 if (ret < 0) {
838 skb_free_datagram(sk, skb);
839 return ret;
840 }
841
842 skcb = j1939_skb_to_cb(skb);
843 if (j1939_address_is_valid(skcb->addr.da))
844 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_ADDR,
845 sizeof(skcb->addr.da), &skcb->addr.da);
846
847 if (skcb->addr.dst_name)
848 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_NAME,
849 sizeof(skcb->addr.dst_name), &skcb->addr.dst_name);
850
851 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_PRIO,
852 sizeof(skcb->priority), &skcb->priority);
853
854 if (msg->msg_name) {
855 struct sockaddr_can *paddr = msg->msg_name;
856
857 msg->msg_namelen = J1939_MIN_NAMELEN;
858 memset(msg->msg_name, 0, msg->msg_namelen);
859 paddr->can_family = AF_CAN;
860 paddr->can_ifindex = skb->skb_iif;
861 paddr->can_addr.j1939.name = skcb->addr.src_name;
862 paddr->can_addr.j1939.addr = skcb->addr.sa;
863 paddr->can_addr.j1939.pgn = skcb->addr.pgn;
864 }
865
866 sock_recv_cmsgs(msg, sk, skb);
867 msg->msg_flags |= skcb->msg_flags;
868 skb_free_datagram(sk, skb);
869
870 return size;
871 }
872
j1939_sk_alloc_skb(struct net_device * ndev,struct sock * sk,struct msghdr * msg,size_t size,int * errcode)873 static struct sk_buff *j1939_sk_alloc_skb(struct net_device *ndev,
874 struct sock *sk,
875 struct msghdr *msg, size_t size,
876 int *errcode)
877 {
878 struct j1939_sock *jsk = j1939_sk(sk);
879 struct j1939_sk_buff_cb *skcb;
880 struct sk_buff *skb;
881 int ret;
882
883 skb = sock_alloc_send_skb(sk,
884 size +
885 sizeof(struct can_frame) -
886 sizeof(((struct can_frame *)NULL)->data) +
887 sizeof(struct can_skb_priv),
888 msg->msg_flags & MSG_DONTWAIT, &ret);
889 if (!skb)
890 goto failure;
891
892 can_skb_reserve(skb);
893 can_skb_prv(skb)->ifindex = ndev->ifindex;
894 can_skb_prv(skb)->skbcnt = 0;
895 skb_reserve(skb, offsetof(struct can_frame, data));
896
897 ret = memcpy_from_msg(skb_put(skb, size), msg, size);
898 if (ret < 0)
899 goto free_skb;
900
901 skb->dev = ndev;
902
903 skcb = j1939_skb_to_cb(skb);
904 memset(skcb, 0, sizeof(*skcb));
905 skcb->addr = jsk->addr;
906 skcb->priority = j1939_prio(READ_ONCE(sk->sk_priority));
907
908 if (msg->msg_name) {
909 struct sockaddr_can *addr = msg->msg_name;
910
911 if (addr->can_addr.j1939.name ||
912 addr->can_addr.j1939.addr != J1939_NO_ADDR) {
913 skcb->addr.dst_name = addr->can_addr.j1939.name;
914 skcb->addr.da = addr->can_addr.j1939.addr;
915 }
916 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
917 skcb->addr.pgn = addr->can_addr.j1939.pgn;
918 }
919
920 *errcode = ret;
921 return skb;
922
923 free_skb:
924 kfree_skb(skb);
925 failure:
926 *errcode = ret;
927 return NULL;
928 }
929
j1939_sk_opt_stats_get_size(enum j1939_sk_errqueue_type type)930 static size_t j1939_sk_opt_stats_get_size(enum j1939_sk_errqueue_type type)
931 {
932 switch (type) {
933 case J1939_ERRQUEUE_RX_RTS:
934 return
935 nla_total_size(sizeof(u32)) + /* J1939_NLA_TOTAL_SIZE */
936 nla_total_size(sizeof(u32)) + /* J1939_NLA_PGN */
937 nla_total_size(sizeof(u64)) + /* J1939_NLA_SRC_NAME */
938 nla_total_size(sizeof(u64)) + /* J1939_NLA_DEST_NAME */
939 nla_total_size(sizeof(u8)) + /* J1939_NLA_SRC_ADDR */
940 nla_total_size(sizeof(u8)) + /* J1939_NLA_DEST_ADDR */
941 0;
942 default:
943 return
944 nla_total_size(sizeof(u32)) + /* J1939_NLA_BYTES_ACKED */
945 0;
946 }
947 }
948
949 static struct sk_buff *
j1939_sk_get_timestamping_opt_stats(struct j1939_session * session,enum j1939_sk_errqueue_type type)950 j1939_sk_get_timestamping_opt_stats(struct j1939_session *session,
951 enum j1939_sk_errqueue_type type)
952 {
953 struct sk_buff *stats;
954 u32 size;
955
956 stats = alloc_skb(j1939_sk_opt_stats_get_size(type), GFP_ATOMIC);
957 if (!stats)
958 return NULL;
959
960 if (session->skcb.addr.type == J1939_SIMPLE)
961 size = session->total_message_size;
962 else
963 size = min(session->pkt.tx_acked * 7,
964 session->total_message_size);
965
966 switch (type) {
967 case J1939_ERRQUEUE_RX_RTS:
968 nla_put_u32(stats, J1939_NLA_TOTAL_SIZE,
969 session->total_message_size);
970 nla_put_u32(stats, J1939_NLA_PGN,
971 session->skcb.addr.pgn);
972 nla_put_u64_64bit(stats, J1939_NLA_SRC_NAME,
973 session->skcb.addr.src_name, J1939_NLA_PAD);
974 nla_put_u64_64bit(stats, J1939_NLA_DEST_NAME,
975 session->skcb.addr.dst_name, J1939_NLA_PAD);
976 nla_put_u8(stats, J1939_NLA_SRC_ADDR,
977 session->skcb.addr.sa);
978 nla_put_u8(stats, J1939_NLA_DEST_ADDR,
979 session->skcb.addr.da);
980 break;
981 default:
982 nla_put_u32(stats, J1939_NLA_BYTES_ACKED, size);
983 }
984
985 return stats;
986 }
987
__j1939_sk_errqueue(struct j1939_session * session,struct sock * sk,enum j1939_sk_errqueue_type type)988 static void __j1939_sk_errqueue(struct j1939_session *session, struct sock *sk,
989 enum j1939_sk_errqueue_type type)
990 {
991 struct j1939_priv *priv = session->priv;
992 struct j1939_sock *jsk;
993 struct sock_exterr_skb *serr;
994 struct sk_buff *skb;
995 char *state = "UNK";
996 u32 tsflags;
997 int err;
998
999 jsk = j1939_sk(sk);
1000
1001 if (!(jsk->state & J1939_SOCK_ERRQUEUE))
1002 return;
1003
1004 tsflags = READ_ONCE(sk->sk_tsflags);
1005 switch (type) {
1006 case J1939_ERRQUEUE_TX_ACK:
1007 if (!(tsflags & SOF_TIMESTAMPING_TX_ACK))
1008 return;
1009 break;
1010 case J1939_ERRQUEUE_TX_SCHED:
1011 if (!(tsflags & SOF_TIMESTAMPING_TX_SCHED))
1012 return;
1013 break;
1014 case J1939_ERRQUEUE_TX_ABORT:
1015 break;
1016 case J1939_ERRQUEUE_RX_RTS:
1017 fallthrough;
1018 case J1939_ERRQUEUE_RX_DPO:
1019 fallthrough;
1020 case J1939_ERRQUEUE_RX_ABORT:
1021 if (!(tsflags & SOF_TIMESTAMPING_RX_SOFTWARE))
1022 return;
1023 break;
1024 default:
1025 netdev_err(priv->ndev, "Unknown errqueue type %i\n", type);
1026 }
1027
1028 skb = j1939_sk_get_timestamping_opt_stats(session, type);
1029 if (!skb)
1030 return;
1031
1032 skb->tstamp = ktime_get_real();
1033
1034 BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb));
1035
1036 serr = SKB_EXT_ERR(skb);
1037 memset(serr, 0, sizeof(*serr));
1038 switch (type) {
1039 case J1939_ERRQUEUE_TX_ACK:
1040 serr->ee.ee_errno = ENOMSG;
1041 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
1042 serr->ee.ee_info = SCM_TSTAMP_ACK;
1043 state = "TX ACK";
1044 break;
1045 case J1939_ERRQUEUE_TX_SCHED:
1046 serr->ee.ee_errno = ENOMSG;
1047 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
1048 serr->ee.ee_info = SCM_TSTAMP_SCHED;
1049 state = "TX SCH";
1050 break;
1051 case J1939_ERRQUEUE_TX_ABORT:
1052 serr->ee.ee_errno = session->err;
1053 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1054 serr->ee.ee_info = J1939_EE_INFO_TX_ABORT;
1055 state = "TX ABT";
1056 break;
1057 case J1939_ERRQUEUE_RX_RTS:
1058 serr->ee.ee_errno = ENOMSG;
1059 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1060 serr->ee.ee_info = J1939_EE_INFO_RX_RTS;
1061 state = "RX RTS";
1062 break;
1063 case J1939_ERRQUEUE_RX_DPO:
1064 serr->ee.ee_errno = ENOMSG;
1065 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1066 serr->ee.ee_info = J1939_EE_INFO_RX_DPO;
1067 state = "RX DPO";
1068 break;
1069 case J1939_ERRQUEUE_RX_ABORT:
1070 serr->ee.ee_errno = session->err;
1071 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1072 serr->ee.ee_info = J1939_EE_INFO_RX_ABORT;
1073 state = "RX ABT";
1074 break;
1075 }
1076
1077 serr->opt_stats = true;
1078 if (tsflags & SOF_TIMESTAMPING_OPT_ID)
1079 serr->ee.ee_data = session->tskey;
1080
1081 netdev_dbg(session->priv->ndev, "%s: 0x%p tskey: %i, state: %s\n",
1082 __func__, session, session->tskey, state);
1083 err = sock_queue_err_skb(sk, skb);
1084
1085 if (err)
1086 kfree_skb(skb);
1087 };
1088
j1939_sk_errqueue(struct j1939_session * session,enum j1939_sk_errqueue_type type)1089 void j1939_sk_errqueue(struct j1939_session *session,
1090 enum j1939_sk_errqueue_type type)
1091 {
1092 struct j1939_priv *priv = session->priv;
1093 struct j1939_sock *jsk;
1094
1095 if (session->sk) {
1096 /* send TX notifications to the socket of origin */
1097 __j1939_sk_errqueue(session, session->sk, type);
1098 return;
1099 }
1100
1101 /* spread RX notifications to all sockets subscribed to this session */
1102 read_lock_bh(&priv->j1939_socks_lock);
1103 list_for_each_entry(jsk, &priv->j1939_socks, list) {
1104 if (j1939_sk_recv_match_one(jsk, &session->skcb))
1105 __j1939_sk_errqueue(session, &jsk->sk, type);
1106 }
1107 read_unlock_bh(&priv->j1939_socks_lock);
1108 };
1109
j1939_sk_send_loop_abort(struct sock * sk,int err)1110 void j1939_sk_send_loop_abort(struct sock *sk, int err)
1111 {
1112 struct j1939_sock *jsk = j1939_sk(sk);
1113
1114 if (jsk->state & J1939_SOCK_ERRQUEUE)
1115 return;
1116
1117 sk->sk_err = err;
1118
1119 sk_error_report(sk);
1120 }
1121
j1939_sk_send_loop(struct j1939_priv * priv,struct sock * sk,struct msghdr * msg,size_t size)1122 static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk,
1123 struct msghdr *msg, size_t size)
1124
1125 {
1126 struct j1939_sock *jsk = j1939_sk(sk);
1127 struct j1939_session *session = j1939_sk_get_incomplete_session(jsk);
1128 struct sk_buff *skb;
1129 size_t segment_size, todo_size;
1130 int ret = 0;
1131
1132 if (session &&
1133 session->total_message_size != session->total_queued_size + size) {
1134 j1939_session_put(session);
1135 return -EIO;
1136 }
1137
1138 todo_size = size;
1139
1140 do {
1141 struct j1939_sk_buff_cb *skcb;
1142
1143 segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
1144 todo_size);
1145
1146 /* Allocate skb for one segment */
1147 skb = j1939_sk_alloc_skb(priv->ndev, sk, msg, segment_size,
1148 &ret);
1149 if (ret)
1150 break;
1151
1152 skcb = j1939_skb_to_cb(skb);
1153
1154 if (!session) {
1155 /* at this point the size should be full size
1156 * of the session
1157 */
1158 skcb->offset = 0;
1159 session = j1939_tp_send(priv, skb, size);
1160 if (IS_ERR(session)) {
1161 ret = PTR_ERR(session);
1162 goto kfree_skb;
1163 }
1164 if (j1939_sk_queue_session(session)) {
1165 /* try to activate session if we a
1166 * fist in the queue
1167 */
1168 if (!j1939_session_activate(session)) {
1169 j1939_tp_schedule_txtimer(session, 0);
1170 } else {
1171 ret = -EBUSY;
1172 session->err = ret;
1173 j1939_sk_queue_drop_all(priv, jsk,
1174 EBUSY);
1175 break;
1176 }
1177 }
1178 } else {
1179 skcb->offset = session->total_queued_size;
1180 j1939_session_skb_queue(session, skb);
1181 }
1182
1183 todo_size -= segment_size;
1184 session->total_queued_size += segment_size;
1185 } while (todo_size);
1186
1187 switch (ret) {
1188 case 0: /* OK */
1189 if (todo_size)
1190 netdev_warn(priv->ndev,
1191 "no error found and not completely queued?! %zu\n",
1192 todo_size);
1193 ret = size;
1194 break;
1195 case -ERESTARTSYS:
1196 ret = -EINTR;
1197 fallthrough;
1198 case -EAGAIN: /* OK */
1199 if (todo_size != size)
1200 ret = size - todo_size;
1201 break;
1202 default: /* ERROR */
1203 break;
1204 }
1205
1206 if (session)
1207 j1939_session_put(session);
1208
1209 return ret;
1210
1211 kfree_skb:
1212 kfree_skb(skb);
1213 return ret;
1214 }
1215
j1939_sk_sendmsg(struct socket * sock,struct msghdr * msg,size_t size)1216 static int j1939_sk_sendmsg(struct socket *sock, struct msghdr *msg,
1217 size_t size)
1218 {
1219 struct sock *sk = sock->sk;
1220 struct j1939_sock *jsk = j1939_sk(sk);
1221 struct j1939_priv *priv;
1222 int ifindex;
1223 int ret;
1224
1225 lock_sock(sock->sk);
1226 /* various socket state tests */
1227 if (!(jsk->state & J1939_SOCK_BOUND)) {
1228 ret = -EBADFD;
1229 goto sendmsg_done;
1230 }
1231
1232 priv = jsk->priv;
1233 ifindex = jsk->ifindex;
1234
1235 if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) {
1236 /* no source address assigned yet */
1237 ret = -EBADFD;
1238 goto sendmsg_done;
1239 }
1240
1241 /* deal with provided destination address info */
1242 if (msg->msg_name) {
1243 struct sockaddr_can *addr = msg->msg_name;
1244
1245 if (msg->msg_namelen < J1939_MIN_NAMELEN) {
1246 ret = -EINVAL;
1247 goto sendmsg_done;
1248 }
1249
1250 if (addr->can_family != AF_CAN) {
1251 ret = -EINVAL;
1252 goto sendmsg_done;
1253 }
1254
1255 if (addr->can_ifindex && addr->can_ifindex != ifindex) {
1256 ret = -EBADFD;
1257 goto sendmsg_done;
1258 }
1259
1260 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
1261 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) {
1262 ret = -EINVAL;
1263 goto sendmsg_done;
1264 }
1265
1266 if (!addr->can_addr.j1939.name &&
1267 addr->can_addr.j1939.addr == J1939_NO_ADDR &&
1268 !sock_flag(sk, SOCK_BROADCAST)) {
1269 /* broadcast, but SO_BROADCAST not set */
1270 ret = -EACCES;
1271 goto sendmsg_done;
1272 }
1273 } else {
1274 if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR &&
1275 !sock_flag(sk, SOCK_BROADCAST)) {
1276 /* broadcast, but SO_BROADCAST not set */
1277 ret = -EACCES;
1278 goto sendmsg_done;
1279 }
1280 }
1281
1282 ret = j1939_sk_send_loop(priv, sk, msg, size);
1283
1284 sendmsg_done:
1285 release_sock(sock->sk);
1286
1287 return ret;
1288 }
1289
j1939_sk_netdev_event_netdown(struct j1939_priv * priv)1290 void j1939_sk_netdev_event_netdown(struct j1939_priv *priv)
1291 {
1292 struct j1939_sock *jsk;
1293 int error_code = ENETDOWN;
1294
1295 read_lock_bh(&priv->j1939_socks_lock);
1296 list_for_each_entry(jsk, &priv->j1939_socks, list) {
1297 jsk->sk.sk_err = error_code;
1298 if (!sock_flag(&jsk->sk, SOCK_DEAD))
1299 sk_error_report(&jsk->sk);
1300
1301 j1939_sk_queue_drop_all(priv, jsk, error_code);
1302 }
1303 read_unlock_bh(&priv->j1939_socks_lock);
1304 }
1305
j1939_sk_netdev_event_unregister(struct j1939_priv * priv)1306 void j1939_sk_netdev_event_unregister(struct j1939_priv *priv)
1307 {
1308 struct sock *sk;
1309 struct j1939_sock *jsk;
1310 bool wait_rcu = false;
1311
1312 rescan: /* The caller is holding a ref on this "priv" via j1939_priv_get_by_ndev(). */
1313 read_lock_bh(&priv->j1939_socks_lock);
1314 list_for_each_entry(jsk, &priv->j1939_socks, list) {
1315 /* Skip if j1939_jsk_add() is not called on this socket. */
1316 if (!(jsk->state & J1939_SOCK_BOUND))
1317 continue;
1318 sk = &jsk->sk;
1319 sock_hold(sk);
1320 read_unlock_bh(&priv->j1939_socks_lock);
1321 /* Check if j1939_jsk_del() is not yet called on this socket after holding
1322 * socket's lock, for both j1939_sk_bind() and j1939_sk_release() call
1323 * j1939_jsk_del() with socket's lock held.
1324 */
1325 lock_sock(sk);
1326 if (jsk->state & J1939_SOCK_BOUND) {
1327 /* Neither j1939_sk_bind() nor j1939_sk_release() called j1939_jsk_del().
1328 * Make this socket no longer bound, by pretending as if j1939_sk_bind()
1329 * dropped old references but did not get new references.
1330 */
1331 j1939_jsk_del(priv, jsk);
1332 j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
1333 j1939_netdev_stop(priv);
1334 /* Call j1939_priv_put() now and prevent j1939_sk_sock_destruct() from
1335 * calling the corresponding j1939_priv_put().
1336 *
1337 * j1939_sk_sock_destruct() is supposed to call j1939_priv_put() after
1338 * an RCU grace period. But since the caller is holding a ref on this
1339 * "priv", we can defer synchronize_rcu() until immediately before
1340 * the caller calls j1939_priv_put().
1341 */
1342 j1939_priv_put(priv);
1343 jsk->priv = NULL;
1344 wait_rcu = true;
1345 }
1346 release_sock(sk);
1347 sock_put(sk);
1348 goto rescan;
1349 }
1350 read_unlock_bh(&priv->j1939_socks_lock);
1351 if (wait_rcu)
1352 synchronize_rcu();
1353 }
1354
j1939_sk_no_ioctlcmd(struct socket * sock,unsigned int cmd,unsigned long arg)1355 static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd,
1356 unsigned long arg)
1357 {
1358 /* no ioctls for socket layer -> hand it down to NIC layer */
1359 return -ENOIOCTLCMD;
1360 }
1361
1362 static const struct proto_ops j1939_ops = {
1363 .family = PF_CAN,
1364 .release = j1939_sk_release,
1365 .bind = j1939_sk_bind,
1366 .connect = j1939_sk_connect,
1367 .socketpair = sock_no_socketpair,
1368 .accept = sock_no_accept,
1369 .getname = j1939_sk_getname,
1370 .poll = datagram_poll,
1371 .ioctl = j1939_sk_no_ioctlcmd,
1372 .listen = sock_no_listen,
1373 .shutdown = sock_no_shutdown,
1374 .setsockopt = j1939_sk_setsockopt,
1375 .getsockopt = j1939_sk_getsockopt,
1376 .sendmsg = j1939_sk_sendmsg,
1377 .recvmsg = j1939_sk_recvmsg,
1378 .mmap = sock_no_mmap,
1379 };
1380
1381 static struct proto j1939_proto __read_mostly = {
1382 .name = "CAN_J1939",
1383 .owner = THIS_MODULE,
1384 .obj_size = sizeof(struct j1939_sock),
1385 .init = j1939_sk_init,
1386 };
1387
1388 const struct can_proto j1939_can_proto = {
1389 .type = SOCK_DGRAM,
1390 .protocol = CAN_J1939,
1391 .ops = &j1939_ops,
1392 .prot = &j1939_proto,
1393 };
1394