xref: /linux/net/can/raw.c (revision 1a9239bb4253f9076b5b4b2a1a4e8d7defd77a95)
1 // SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
2 /* raw.c - Raw sockets for protocol family CAN
3  *
4  * Copyright (c) 2002-2007 Volkswagen Group Electronic Research
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of Volkswagen nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * Alternatively, provided that this notice is retained in full, this
20  * software may be distributed under the terms of the GNU General
21  * Public License ("GPL") version 2, in which case the provisions of the
22  * GPL apply INSTEAD OF those given above.
23  *
24  * The provided data structures and external interfaces from this code
25  * are not restricted to be used by modules with a GPL compatible license.
26  *
27  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38  * DAMAGE.
39  *
40  */
41 
42 #include <linux/module.h>
43 #include <linux/init.h>
44 #include <linux/uio.h>
45 #include <linux/net.h>
46 #include <linux/slab.h>
47 #include <linux/netdevice.h>
48 #include <linux/socket.h>
49 #include <linux/if_arp.h>
50 #include <linux/skbuff.h>
51 #include <linux/can.h>
52 #include <linux/can/core.h>
53 #include <linux/can/dev.h> /* for can_is_canxl_dev_mtu() */
54 #include <linux/can/skb.h>
55 #include <linux/can/raw.h>
56 #include <net/sock.h>
57 #include <net/net_namespace.h>
58 
59 MODULE_DESCRIPTION("PF_CAN raw protocol");
60 MODULE_LICENSE("Dual BSD/GPL");
61 MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
62 MODULE_ALIAS("can-proto-1");
63 
64 #define RAW_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_ifindex)
65 
66 #define MASK_ALL 0
67 
68 /* A raw socket has a list of can_filters attached to it, each receiving
69  * the CAN frames matching that filter.  If the filter list is empty,
70  * no CAN frames will be received by the socket.  The default after
71  * opening the socket, is to have one filter which receives all frames.
72  * The filter list is allocated dynamically with the exception of the
73  * list containing only one item.  This common case is optimized by
74  * storing the single filter in dfilter, to avoid using dynamic memory.
75  */
76 
77 struct uniqframe {
78 	int skbcnt;
79 	const struct sk_buff *skb;
80 	unsigned int join_rx_count;
81 };
82 
83 struct raw_sock {
84 	struct sock sk;
85 	int bound;
86 	int ifindex;
87 	struct net_device *dev;
88 	netdevice_tracker dev_tracker;
89 	struct list_head notifier;
90 	int loopback;
91 	int recv_own_msgs;
92 	int fd_frames;
93 	int xl_frames;
94 	struct can_raw_vcid_options raw_vcid_opts;
95 	canid_t tx_vcid_shifted;
96 	canid_t rx_vcid_shifted;
97 	canid_t rx_vcid_mask_shifted;
98 	int join_filters;
99 	int count;                 /* number of active filters */
100 	struct can_filter dfilter; /* default/single filter */
101 	struct can_filter *filter; /* pointer to filter(s) */
102 	can_err_mask_t err_mask;
103 	struct uniqframe __percpu *uniq;
104 };
105 
106 static LIST_HEAD(raw_notifier_list);
107 static DEFINE_SPINLOCK(raw_notifier_lock);
108 static struct raw_sock *raw_busy_notifier;
109 
110 /* Return pointer to store the extra msg flags for raw_recvmsg().
111  * We use the space of one unsigned int beyond the 'struct sockaddr_can'
112  * in skb->cb.
113  */
raw_flags(struct sk_buff * skb)114 static inline unsigned int *raw_flags(struct sk_buff *skb)
115 {
116 	sock_skb_cb_check_size(sizeof(struct sockaddr_can) +
117 			       sizeof(unsigned int));
118 
119 	/* return pointer after struct sockaddr_can */
120 	return (unsigned int *)(&((struct sockaddr_can *)skb->cb)[1]);
121 }
122 
raw_sk(const struct sock * sk)123 static inline struct raw_sock *raw_sk(const struct sock *sk)
124 {
125 	return (struct raw_sock *)sk;
126 }
127 
raw_rcv(struct sk_buff * oskb,void * data)128 static void raw_rcv(struct sk_buff *oskb, void *data)
129 {
130 	struct sock *sk = (struct sock *)data;
131 	struct raw_sock *ro = raw_sk(sk);
132 	struct sockaddr_can *addr;
133 	struct sk_buff *skb;
134 	unsigned int *pflags;
135 
136 	/* check the received tx sock reference */
137 	if (!ro->recv_own_msgs && oskb->sk == sk)
138 		return;
139 
140 	/* make sure to not pass oversized frames to the socket */
141 	if (!ro->fd_frames && can_is_canfd_skb(oskb))
142 		return;
143 
144 	if (can_is_canxl_skb(oskb)) {
145 		struct canxl_frame *cxl = (struct canxl_frame *)oskb->data;
146 
147 		/* make sure to not pass oversized frames to the socket */
148 		if (!ro->xl_frames)
149 			return;
150 
151 		/* filter CAN XL VCID content */
152 		if (ro->raw_vcid_opts.flags & CAN_RAW_XL_VCID_RX_FILTER) {
153 			/* apply VCID filter if user enabled the filter */
154 			if ((cxl->prio & ro->rx_vcid_mask_shifted) !=
155 			    (ro->rx_vcid_shifted & ro->rx_vcid_mask_shifted))
156 				return;
157 		} else {
158 			/* no filter => do not forward VCID tagged frames */
159 			if (cxl->prio & CANXL_VCID_MASK)
160 				return;
161 		}
162 	}
163 
164 	/* eliminate multiple filter matches for the same skb */
165 	if (this_cpu_ptr(ro->uniq)->skb == oskb &&
166 	    this_cpu_ptr(ro->uniq)->skbcnt == can_skb_prv(oskb)->skbcnt) {
167 		if (!ro->join_filters)
168 			return;
169 
170 		this_cpu_inc(ro->uniq->join_rx_count);
171 		/* drop frame until all enabled filters matched */
172 		if (this_cpu_ptr(ro->uniq)->join_rx_count < ro->count)
173 			return;
174 	} else {
175 		this_cpu_ptr(ro->uniq)->skb = oskb;
176 		this_cpu_ptr(ro->uniq)->skbcnt = can_skb_prv(oskb)->skbcnt;
177 		this_cpu_ptr(ro->uniq)->join_rx_count = 1;
178 		/* drop first frame to check all enabled filters? */
179 		if (ro->join_filters && ro->count > 1)
180 			return;
181 	}
182 
183 	/* clone the given skb to be able to enqueue it into the rcv queue */
184 	skb = skb_clone(oskb, GFP_ATOMIC);
185 	if (!skb)
186 		return;
187 
188 	/* Put the datagram to the queue so that raw_recvmsg() can get
189 	 * it from there. We need to pass the interface index to
190 	 * raw_recvmsg(). We pass a whole struct sockaddr_can in
191 	 * skb->cb containing the interface index.
192 	 */
193 
194 	sock_skb_cb_check_size(sizeof(struct sockaddr_can));
195 	addr = (struct sockaddr_can *)skb->cb;
196 	memset(addr, 0, sizeof(*addr));
197 	addr->can_family = AF_CAN;
198 	addr->can_ifindex = skb->dev->ifindex;
199 
200 	/* add CAN specific message flags for raw_recvmsg() */
201 	pflags = raw_flags(skb);
202 	*pflags = 0;
203 	if (oskb->sk)
204 		*pflags |= MSG_DONTROUTE;
205 	if (oskb->sk == sk)
206 		*pflags |= MSG_CONFIRM;
207 
208 	if (sock_queue_rcv_skb(sk, skb) < 0)
209 		kfree_skb(skb);
210 }
211 
raw_enable_filters(struct net * net,struct net_device * dev,struct sock * sk,struct can_filter * filter,int count)212 static int raw_enable_filters(struct net *net, struct net_device *dev,
213 			      struct sock *sk, struct can_filter *filter,
214 			      int count)
215 {
216 	int err = 0;
217 	int i;
218 
219 	for (i = 0; i < count; i++) {
220 		err = can_rx_register(net, dev, filter[i].can_id,
221 				      filter[i].can_mask,
222 				      raw_rcv, sk, "raw", sk);
223 		if (err) {
224 			/* clean up successfully registered filters */
225 			while (--i >= 0)
226 				can_rx_unregister(net, dev, filter[i].can_id,
227 						  filter[i].can_mask,
228 						  raw_rcv, sk);
229 			break;
230 		}
231 	}
232 
233 	return err;
234 }
235 
raw_enable_errfilter(struct net * net,struct net_device * dev,struct sock * sk,can_err_mask_t err_mask)236 static int raw_enable_errfilter(struct net *net, struct net_device *dev,
237 				struct sock *sk, can_err_mask_t err_mask)
238 {
239 	int err = 0;
240 
241 	if (err_mask)
242 		err = can_rx_register(net, dev, 0, err_mask | CAN_ERR_FLAG,
243 				      raw_rcv, sk, "raw", sk);
244 
245 	return err;
246 }
247 
raw_disable_filters(struct net * net,struct net_device * dev,struct sock * sk,struct can_filter * filter,int count)248 static void raw_disable_filters(struct net *net, struct net_device *dev,
249 				struct sock *sk, struct can_filter *filter,
250 				int count)
251 {
252 	int i;
253 
254 	for (i = 0; i < count; i++)
255 		can_rx_unregister(net, dev, filter[i].can_id,
256 				  filter[i].can_mask, raw_rcv, sk);
257 }
258 
raw_disable_errfilter(struct net * net,struct net_device * dev,struct sock * sk,can_err_mask_t err_mask)259 static inline void raw_disable_errfilter(struct net *net,
260 					 struct net_device *dev,
261 					 struct sock *sk,
262 					 can_err_mask_t err_mask)
263 
264 {
265 	if (err_mask)
266 		can_rx_unregister(net, dev, 0, err_mask | CAN_ERR_FLAG,
267 				  raw_rcv, sk);
268 }
269 
raw_disable_allfilters(struct net * net,struct net_device * dev,struct sock * sk)270 static inline void raw_disable_allfilters(struct net *net,
271 					  struct net_device *dev,
272 					  struct sock *sk)
273 {
274 	struct raw_sock *ro = raw_sk(sk);
275 
276 	raw_disable_filters(net, dev, sk, ro->filter, ro->count);
277 	raw_disable_errfilter(net, dev, sk, ro->err_mask);
278 }
279 
raw_enable_allfilters(struct net * net,struct net_device * dev,struct sock * sk)280 static int raw_enable_allfilters(struct net *net, struct net_device *dev,
281 				 struct sock *sk)
282 {
283 	struct raw_sock *ro = raw_sk(sk);
284 	int err;
285 
286 	err = raw_enable_filters(net, dev, sk, ro->filter, ro->count);
287 	if (!err) {
288 		err = raw_enable_errfilter(net, dev, sk, ro->err_mask);
289 		if (err)
290 			raw_disable_filters(net, dev, sk, ro->filter,
291 					    ro->count);
292 	}
293 
294 	return err;
295 }
296 
raw_notify(struct raw_sock * ro,unsigned long msg,struct net_device * dev)297 static void raw_notify(struct raw_sock *ro, unsigned long msg,
298 		       struct net_device *dev)
299 {
300 	struct sock *sk = &ro->sk;
301 
302 	if (!net_eq(dev_net(dev), sock_net(sk)))
303 		return;
304 
305 	if (ro->dev != dev)
306 		return;
307 
308 	switch (msg) {
309 	case NETDEV_UNREGISTER:
310 		lock_sock(sk);
311 		/* remove current filters & unregister */
312 		if (ro->bound) {
313 			raw_disable_allfilters(dev_net(dev), dev, sk);
314 			netdev_put(dev, &ro->dev_tracker);
315 		}
316 
317 		if (ro->count > 1)
318 			kfree(ro->filter);
319 
320 		ro->ifindex = 0;
321 		ro->bound = 0;
322 		ro->dev = NULL;
323 		ro->count = 0;
324 		release_sock(sk);
325 
326 		sk->sk_err = ENODEV;
327 		if (!sock_flag(sk, SOCK_DEAD))
328 			sk_error_report(sk);
329 		break;
330 
331 	case NETDEV_DOWN:
332 		sk->sk_err = ENETDOWN;
333 		if (!sock_flag(sk, SOCK_DEAD))
334 			sk_error_report(sk);
335 		break;
336 	}
337 }
338 
raw_notifier(struct notifier_block * nb,unsigned long msg,void * ptr)339 static int raw_notifier(struct notifier_block *nb, unsigned long msg,
340 			void *ptr)
341 {
342 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
343 
344 	if (dev->type != ARPHRD_CAN)
345 		return NOTIFY_DONE;
346 	if (msg != NETDEV_UNREGISTER && msg != NETDEV_DOWN)
347 		return NOTIFY_DONE;
348 	if (unlikely(raw_busy_notifier)) /* Check for reentrant bug. */
349 		return NOTIFY_DONE;
350 
351 	spin_lock(&raw_notifier_lock);
352 	list_for_each_entry(raw_busy_notifier, &raw_notifier_list, notifier) {
353 		spin_unlock(&raw_notifier_lock);
354 		raw_notify(raw_busy_notifier, msg, dev);
355 		spin_lock(&raw_notifier_lock);
356 	}
357 	raw_busy_notifier = NULL;
358 	spin_unlock(&raw_notifier_lock);
359 	return NOTIFY_DONE;
360 }
361 
raw_init(struct sock * sk)362 static int raw_init(struct sock *sk)
363 {
364 	struct raw_sock *ro = raw_sk(sk);
365 
366 	ro->bound            = 0;
367 	ro->ifindex          = 0;
368 	ro->dev              = NULL;
369 
370 	/* set default filter to single entry dfilter */
371 	ro->dfilter.can_id   = 0;
372 	ro->dfilter.can_mask = MASK_ALL;
373 	ro->filter           = &ro->dfilter;
374 	ro->count            = 1;
375 
376 	/* set default loopback behaviour */
377 	ro->loopback         = 1;
378 	ro->recv_own_msgs    = 0;
379 	ro->fd_frames        = 0;
380 	ro->xl_frames        = 0;
381 	ro->join_filters     = 0;
382 
383 	/* alloc_percpu provides zero'ed memory */
384 	ro->uniq = alloc_percpu(struct uniqframe);
385 	if (unlikely(!ro->uniq))
386 		return -ENOMEM;
387 
388 	/* set notifier */
389 	spin_lock(&raw_notifier_lock);
390 	list_add_tail(&ro->notifier, &raw_notifier_list);
391 	spin_unlock(&raw_notifier_lock);
392 
393 	return 0;
394 }
395 
raw_release(struct socket * sock)396 static int raw_release(struct socket *sock)
397 {
398 	struct sock *sk = sock->sk;
399 	struct raw_sock *ro;
400 	struct net *net;
401 
402 	if (!sk)
403 		return 0;
404 
405 	ro = raw_sk(sk);
406 	net = sock_net(sk);
407 
408 	spin_lock(&raw_notifier_lock);
409 	while (raw_busy_notifier == ro) {
410 		spin_unlock(&raw_notifier_lock);
411 		schedule_timeout_uninterruptible(1);
412 		spin_lock(&raw_notifier_lock);
413 	}
414 	list_del(&ro->notifier);
415 	spin_unlock(&raw_notifier_lock);
416 
417 	rtnl_lock();
418 	lock_sock(sk);
419 
420 	/* remove current filters & unregister */
421 	if (ro->bound) {
422 		if (ro->dev) {
423 			raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk);
424 			netdev_put(ro->dev, &ro->dev_tracker);
425 		} else {
426 			raw_disable_allfilters(net, NULL, sk);
427 		}
428 	}
429 
430 	if (ro->count > 1)
431 		kfree(ro->filter);
432 
433 	ro->ifindex = 0;
434 	ro->bound = 0;
435 	ro->dev = NULL;
436 	ro->count = 0;
437 	free_percpu(ro->uniq);
438 
439 	sock_orphan(sk);
440 	sock->sk = NULL;
441 
442 	release_sock(sk);
443 	rtnl_unlock();
444 
445 	sock_prot_inuse_add(net, sk->sk_prot, -1);
446 	sock_put(sk);
447 
448 	return 0;
449 }
450 
raw_bind(struct socket * sock,struct sockaddr * uaddr,int len)451 static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len)
452 {
453 	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
454 	struct sock *sk = sock->sk;
455 	struct raw_sock *ro = raw_sk(sk);
456 	struct net_device *dev = NULL;
457 	int ifindex;
458 	int err = 0;
459 	int notify_enetdown = 0;
460 
461 	if (len < RAW_MIN_NAMELEN)
462 		return -EINVAL;
463 	if (addr->can_family != AF_CAN)
464 		return -EINVAL;
465 
466 	rtnl_lock();
467 	lock_sock(sk);
468 
469 	if (ro->bound && addr->can_ifindex == ro->ifindex)
470 		goto out;
471 
472 	if (addr->can_ifindex) {
473 		dev = dev_get_by_index(sock_net(sk), addr->can_ifindex);
474 		if (!dev) {
475 			err = -ENODEV;
476 			goto out;
477 		}
478 		if (dev->type != ARPHRD_CAN) {
479 			err = -ENODEV;
480 			goto out_put_dev;
481 		}
482 
483 		if (!(dev->flags & IFF_UP))
484 			notify_enetdown = 1;
485 
486 		ifindex = dev->ifindex;
487 
488 		/* filters set by default/setsockopt */
489 		err = raw_enable_allfilters(sock_net(sk), dev, sk);
490 		if (err)
491 			goto out_put_dev;
492 
493 	} else {
494 		ifindex = 0;
495 
496 		/* filters set by default/setsockopt */
497 		err = raw_enable_allfilters(sock_net(sk), NULL, sk);
498 	}
499 
500 	if (!err) {
501 		if (ro->bound) {
502 			/* unregister old filters */
503 			if (ro->dev) {
504 				raw_disable_allfilters(dev_net(ro->dev),
505 						       ro->dev, sk);
506 				/* drop reference to old ro->dev */
507 				netdev_put(ro->dev, &ro->dev_tracker);
508 			} else {
509 				raw_disable_allfilters(sock_net(sk), NULL, sk);
510 			}
511 		}
512 		ro->ifindex = ifindex;
513 		ro->bound = 1;
514 		/* bind() ok -> hold a reference for new ro->dev */
515 		ro->dev = dev;
516 		if (ro->dev)
517 			netdev_hold(ro->dev, &ro->dev_tracker, GFP_KERNEL);
518 	}
519 
520 out_put_dev:
521 	/* remove potential reference from dev_get_by_index() */
522 	dev_put(dev);
523 out:
524 	release_sock(sk);
525 	rtnl_unlock();
526 
527 	if (notify_enetdown) {
528 		sk->sk_err = ENETDOWN;
529 		if (!sock_flag(sk, SOCK_DEAD))
530 			sk_error_report(sk);
531 	}
532 
533 	return err;
534 }
535 
raw_getname(struct socket * sock,struct sockaddr * uaddr,int peer)536 static int raw_getname(struct socket *sock, struct sockaddr *uaddr,
537 		       int peer)
538 {
539 	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
540 	struct sock *sk = sock->sk;
541 	struct raw_sock *ro = raw_sk(sk);
542 
543 	if (peer)
544 		return -EOPNOTSUPP;
545 
546 	memset(addr, 0, RAW_MIN_NAMELEN);
547 	addr->can_family  = AF_CAN;
548 	addr->can_ifindex = ro->ifindex;
549 
550 	return RAW_MIN_NAMELEN;
551 }
552 
raw_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)553 static int raw_setsockopt(struct socket *sock, int level, int optname,
554 			  sockptr_t optval, unsigned int optlen)
555 {
556 	struct sock *sk = sock->sk;
557 	struct raw_sock *ro = raw_sk(sk);
558 	struct can_filter *filter = NULL;  /* dyn. alloc'ed filters */
559 	struct can_filter sfilter;         /* single filter */
560 	struct net_device *dev = NULL;
561 	can_err_mask_t err_mask = 0;
562 	int fd_frames;
563 	int count = 0;
564 	int err = 0;
565 
566 	if (level != SOL_CAN_RAW)
567 		return -EINVAL;
568 
569 	switch (optname) {
570 	case CAN_RAW_FILTER:
571 		if (optlen % sizeof(struct can_filter) != 0)
572 			return -EINVAL;
573 
574 		if (optlen > CAN_RAW_FILTER_MAX * sizeof(struct can_filter))
575 			return -EINVAL;
576 
577 		count = optlen / sizeof(struct can_filter);
578 
579 		if (count > 1) {
580 			/* filter does not fit into dfilter => alloc space */
581 			filter = memdup_sockptr(optval, optlen);
582 			if (IS_ERR(filter))
583 				return PTR_ERR(filter);
584 		} else if (count == 1) {
585 			if (copy_from_sockptr(&sfilter, optval, sizeof(sfilter)))
586 				return -EFAULT;
587 		}
588 
589 		rtnl_lock();
590 		lock_sock(sk);
591 
592 		dev = ro->dev;
593 		if (ro->bound && dev) {
594 			if (dev->reg_state != NETREG_REGISTERED) {
595 				if (count > 1)
596 					kfree(filter);
597 				err = -ENODEV;
598 				goto out_fil;
599 			}
600 		}
601 
602 		if (ro->bound) {
603 			/* (try to) register the new filters */
604 			if (count == 1)
605 				err = raw_enable_filters(sock_net(sk), dev, sk,
606 							 &sfilter, 1);
607 			else
608 				err = raw_enable_filters(sock_net(sk), dev, sk,
609 							 filter, count);
610 			if (err) {
611 				if (count > 1)
612 					kfree(filter);
613 				goto out_fil;
614 			}
615 
616 			/* remove old filter registrations */
617 			raw_disable_filters(sock_net(sk), dev, sk, ro->filter,
618 					    ro->count);
619 		}
620 
621 		/* remove old filter space */
622 		if (ro->count > 1)
623 			kfree(ro->filter);
624 
625 		/* link new filters to the socket */
626 		if (count == 1) {
627 			/* copy filter data for single filter */
628 			ro->dfilter = sfilter;
629 			filter = &ro->dfilter;
630 		}
631 		ro->filter = filter;
632 		ro->count  = count;
633 
634  out_fil:
635 		release_sock(sk);
636 		rtnl_unlock();
637 
638 		break;
639 
640 	case CAN_RAW_ERR_FILTER:
641 		if (optlen != sizeof(err_mask))
642 			return -EINVAL;
643 
644 		if (copy_from_sockptr(&err_mask, optval, optlen))
645 			return -EFAULT;
646 
647 		err_mask &= CAN_ERR_MASK;
648 
649 		rtnl_lock();
650 		lock_sock(sk);
651 
652 		dev = ro->dev;
653 		if (ro->bound && dev) {
654 			if (dev->reg_state != NETREG_REGISTERED) {
655 				err = -ENODEV;
656 				goto out_err;
657 			}
658 		}
659 
660 		/* remove current error mask */
661 		if (ro->bound) {
662 			/* (try to) register the new err_mask */
663 			err = raw_enable_errfilter(sock_net(sk), dev, sk,
664 						   err_mask);
665 
666 			if (err)
667 				goto out_err;
668 
669 			/* remove old err_mask registration */
670 			raw_disable_errfilter(sock_net(sk), dev, sk,
671 					      ro->err_mask);
672 		}
673 
674 		/* link new err_mask to the socket */
675 		ro->err_mask = err_mask;
676 
677  out_err:
678 		release_sock(sk);
679 		rtnl_unlock();
680 
681 		break;
682 
683 	case CAN_RAW_LOOPBACK:
684 		if (optlen != sizeof(ro->loopback))
685 			return -EINVAL;
686 
687 		if (copy_from_sockptr(&ro->loopback, optval, optlen))
688 			return -EFAULT;
689 
690 		break;
691 
692 	case CAN_RAW_RECV_OWN_MSGS:
693 		if (optlen != sizeof(ro->recv_own_msgs))
694 			return -EINVAL;
695 
696 		if (copy_from_sockptr(&ro->recv_own_msgs, optval, optlen))
697 			return -EFAULT;
698 
699 		break;
700 
701 	case CAN_RAW_FD_FRAMES:
702 		if (optlen != sizeof(fd_frames))
703 			return -EINVAL;
704 
705 		if (copy_from_sockptr(&fd_frames, optval, optlen))
706 			return -EFAULT;
707 
708 		/* Enabling CAN XL includes CAN FD */
709 		if (ro->xl_frames && !fd_frames)
710 			return -EINVAL;
711 
712 		ro->fd_frames = fd_frames;
713 		break;
714 
715 	case CAN_RAW_XL_FRAMES:
716 		if (optlen != sizeof(ro->xl_frames))
717 			return -EINVAL;
718 
719 		if (copy_from_sockptr(&ro->xl_frames, optval, optlen))
720 			return -EFAULT;
721 
722 		/* Enabling CAN XL includes CAN FD */
723 		if (ro->xl_frames)
724 			ro->fd_frames = ro->xl_frames;
725 		break;
726 
727 	case CAN_RAW_XL_VCID_OPTS:
728 		if (optlen != sizeof(ro->raw_vcid_opts))
729 			return -EINVAL;
730 
731 		if (copy_from_sockptr(&ro->raw_vcid_opts, optval, optlen))
732 			return -EFAULT;
733 
734 		/* prepare 32 bit values for handling in hot path */
735 		ro->tx_vcid_shifted = ro->raw_vcid_opts.tx_vcid << CANXL_VCID_OFFSET;
736 		ro->rx_vcid_shifted = ro->raw_vcid_opts.rx_vcid << CANXL_VCID_OFFSET;
737 		ro->rx_vcid_mask_shifted = ro->raw_vcid_opts.rx_vcid_mask << CANXL_VCID_OFFSET;
738 		break;
739 
740 	case CAN_RAW_JOIN_FILTERS:
741 		if (optlen != sizeof(ro->join_filters))
742 			return -EINVAL;
743 
744 		if (copy_from_sockptr(&ro->join_filters, optval, optlen))
745 			return -EFAULT;
746 
747 		break;
748 
749 	default:
750 		return -ENOPROTOOPT;
751 	}
752 	return err;
753 }
754 
raw_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)755 static int raw_getsockopt(struct socket *sock, int level, int optname,
756 			  char __user *optval, int __user *optlen)
757 {
758 	struct sock *sk = sock->sk;
759 	struct raw_sock *ro = raw_sk(sk);
760 	int len;
761 	void *val;
762 
763 	if (level != SOL_CAN_RAW)
764 		return -EINVAL;
765 	if (get_user(len, optlen))
766 		return -EFAULT;
767 	if (len < 0)
768 		return -EINVAL;
769 
770 	switch (optname) {
771 	case CAN_RAW_FILTER: {
772 		int err = 0;
773 
774 		lock_sock(sk);
775 		if (ro->count > 0) {
776 			int fsize = ro->count * sizeof(struct can_filter);
777 
778 			/* user space buffer to small for filter list? */
779 			if (len < fsize) {
780 				/* return -ERANGE and needed space in optlen */
781 				err = -ERANGE;
782 				if (put_user(fsize, optlen))
783 					err = -EFAULT;
784 			} else {
785 				if (len > fsize)
786 					len = fsize;
787 				if (copy_to_user(optval, ro->filter, len))
788 					err = -EFAULT;
789 			}
790 		} else {
791 			len = 0;
792 		}
793 		release_sock(sk);
794 
795 		if (!err)
796 			err = put_user(len, optlen);
797 		return err;
798 	}
799 	case CAN_RAW_ERR_FILTER:
800 		if (len > sizeof(can_err_mask_t))
801 			len = sizeof(can_err_mask_t);
802 		val = &ro->err_mask;
803 		break;
804 
805 	case CAN_RAW_LOOPBACK:
806 		if (len > sizeof(int))
807 			len = sizeof(int);
808 		val = &ro->loopback;
809 		break;
810 
811 	case CAN_RAW_RECV_OWN_MSGS:
812 		if (len > sizeof(int))
813 			len = sizeof(int);
814 		val = &ro->recv_own_msgs;
815 		break;
816 
817 	case CAN_RAW_FD_FRAMES:
818 		if (len > sizeof(int))
819 			len = sizeof(int);
820 		val = &ro->fd_frames;
821 		break;
822 
823 	case CAN_RAW_XL_FRAMES:
824 		if (len > sizeof(int))
825 			len = sizeof(int);
826 		val = &ro->xl_frames;
827 		break;
828 
829 	case CAN_RAW_XL_VCID_OPTS: {
830 		int err = 0;
831 
832 		/* user space buffer to small for VCID opts? */
833 		if (len < sizeof(ro->raw_vcid_opts)) {
834 			/* return -ERANGE and needed space in optlen */
835 			err = -ERANGE;
836 			if (put_user(sizeof(ro->raw_vcid_opts), optlen))
837 				err = -EFAULT;
838 		} else {
839 			if (len > sizeof(ro->raw_vcid_opts))
840 				len = sizeof(ro->raw_vcid_opts);
841 			if (copy_to_user(optval, &ro->raw_vcid_opts, len))
842 				err = -EFAULT;
843 		}
844 		if (!err)
845 			err = put_user(len, optlen);
846 		return err;
847 	}
848 	case CAN_RAW_JOIN_FILTERS:
849 		if (len > sizeof(int))
850 			len = sizeof(int);
851 		val = &ro->join_filters;
852 		break;
853 
854 	default:
855 		return -ENOPROTOOPT;
856 	}
857 
858 	if (put_user(len, optlen))
859 		return -EFAULT;
860 	if (copy_to_user(optval, val, len))
861 		return -EFAULT;
862 	return 0;
863 }
864 
raw_put_canxl_vcid(struct raw_sock * ro,struct sk_buff * skb)865 static void raw_put_canxl_vcid(struct raw_sock *ro, struct sk_buff *skb)
866 {
867 	struct canxl_frame *cxl = (struct canxl_frame *)skb->data;
868 
869 	/* sanitize non CAN XL bits */
870 	cxl->prio &= (CANXL_PRIO_MASK | CANXL_VCID_MASK);
871 
872 	/* clear VCID in CAN XL frame if pass through is disabled */
873 	if (!(ro->raw_vcid_opts.flags & CAN_RAW_XL_VCID_TX_PASS))
874 		cxl->prio &= CANXL_PRIO_MASK;
875 
876 	/* set VCID in CAN XL frame if enabled */
877 	if (ro->raw_vcid_opts.flags & CAN_RAW_XL_VCID_TX_SET) {
878 		cxl->prio &= CANXL_PRIO_MASK;
879 		cxl->prio |= ro->tx_vcid_shifted;
880 	}
881 }
882 
raw_check_txframe(struct raw_sock * ro,struct sk_buff * skb,int mtu)883 static unsigned int raw_check_txframe(struct raw_sock *ro, struct sk_buff *skb, int mtu)
884 {
885 	/* Classical CAN -> no checks for flags and device capabilities */
886 	if (can_is_can_skb(skb))
887 		return CAN_MTU;
888 
889 	/* CAN FD -> needs to be enabled and a CAN FD or CAN XL device */
890 	if (ro->fd_frames && can_is_canfd_skb(skb) &&
891 	    (mtu == CANFD_MTU || can_is_canxl_dev_mtu(mtu)))
892 		return CANFD_MTU;
893 
894 	/* CAN XL -> needs to be enabled and a CAN XL device */
895 	if (ro->xl_frames && can_is_canxl_skb(skb) &&
896 	    can_is_canxl_dev_mtu(mtu))
897 		return CANXL_MTU;
898 
899 	return 0;
900 }
901 
raw_sendmsg(struct socket * sock,struct msghdr * msg,size_t size)902 static int raw_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
903 {
904 	struct sock *sk = sock->sk;
905 	struct raw_sock *ro = raw_sk(sk);
906 	struct sockcm_cookie sockc;
907 	struct sk_buff *skb;
908 	struct net_device *dev;
909 	unsigned int txmtu;
910 	int ifindex;
911 	int err = -EINVAL;
912 
913 	/* check for valid CAN frame sizes */
914 	if (size < CANXL_HDR_SIZE + CANXL_MIN_DLEN || size > CANXL_MTU)
915 		return -EINVAL;
916 
917 	if (msg->msg_name) {
918 		DECLARE_SOCKADDR(struct sockaddr_can *, addr, msg->msg_name);
919 
920 		if (msg->msg_namelen < RAW_MIN_NAMELEN)
921 			return -EINVAL;
922 
923 		if (addr->can_family != AF_CAN)
924 			return -EINVAL;
925 
926 		ifindex = addr->can_ifindex;
927 	} else {
928 		ifindex = ro->ifindex;
929 	}
930 
931 	dev = dev_get_by_index(sock_net(sk), ifindex);
932 	if (!dev)
933 		return -ENXIO;
934 
935 	skb = sock_alloc_send_skb(sk, size + sizeof(struct can_skb_priv),
936 				  msg->msg_flags & MSG_DONTWAIT, &err);
937 	if (!skb)
938 		goto put_dev;
939 
940 	can_skb_reserve(skb);
941 	can_skb_prv(skb)->ifindex = dev->ifindex;
942 	can_skb_prv(skb)->skbcnt = 0;
943 
944 	/* fill the skb before testing for valid CAN frames */
945 	err = memcpy_from_msg(skb_put(skb, size), msg, size);
946 	if (err < 0)
947 		goto free_skb;
948 
949 	err = -EINVAL;
950 
951 	/* check for valid CAN (CC/FD/XL) frame content */
952 	txmtu = raw_check_txframe(ro, skb, dev->mtu);
953 	if (!txmtu)
954 		goto free_skb;
955 
956 	/* only CANXL: clear/forward/set VCID value */
957 	if (txmtu == CANXL_MTU)
958 		raw_put_canxl_vcid(ro, skb);
959 
960 	sockcm_init(&sockc, sk);
961 	if (msg->msg_controllen) {
962 		err = sock_cmsg_send(sk, msg, &sockc);
963 		if (unlikely(err))
964 			goto free_skb;
965 	}
966 
967 	skb->dev = dev;
968 	skb->priority = sockc.priority;
969 	skb->mark = sockc.mark;
970 	skb->tstamp = sockc.transmit_time;
971 
972 	skb_setup_tx_timestamp(skb, &sockc);
973 
974 	err = can_send(skb, ro->loopback);
975 
976 	dev_put(dev);
977 
978 	if (err)
979 		goto send_failed;
980 
981 	return size;
982 
983 free_skb:
984 	kfree_skb(skb);
985 put_dev:
986 	dev_put(dev);
987 send_failed:
988 	return err;
989 }
990 
raw_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)991 static int raw_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
992 		       int flags)
993 {
994 	struct sock *sk = sock->sk;
995 	struct sk_buff *skb;
996 	int err = 0;
997 
998 	if (flags & MSG_ERRQUEUE)
999 		return sock_recv_errqueue(sk, msg, size,
1000 					  SOL_CAN_RAW, SCM_CAN_RAW_ERRQUEUE);
1001 
1002 	skb = skb_recv_datagram(sk, flags, &err);
1003 	if (!skb)
1004 		return err;
1005 
1006 	if (size < skb->len)
1007 		msg->msg_flags |= MSG_TRUNC;
1008 	else
1009 		size = skb->len;
1010 
1011 	err = memcpy_to_msg(msg, skb->data, size);
1012 	if (err < 0) {
1013 		skb_free_datagram(sk, skb);
1014 		return err;
1015 	}
1016 
1017 	sock_recv_cmsgs(msg, sk, skb);
1018 
1019 	if (msg->msg_name) {
1020 		__sockaddr_check_size(RAW_MIN_NAMELEN);
1021 		msg->msg_namelen = RAW_MIN_NAMELEN;
1022 		memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
1023 	}
1024 
1025 	/* assign the flags that have been recorded in raw_rcv() */
1026 	msg->msg_flags |= *(raw_flags(skb));
1027 
1028 	skb_free_datagram(sk, skb);
1029 
1030 	return size;
1031 }
1032 
raw_sock_no_ioctlcmd(struct socket * sock,unsigned int cmd,unsigned long arg)1033 static int raw_sock_no_ioctlcmd(struct socket *sock, unsigned int cmd,
1034 				unsigned long arg)
1035 {
1036 	/* no ioctls for socket layer -> hand it down to NIC layer */
1037 	return -ENOIOCTLCMD;
1038 }
1039 
1040 static const struct proto_ops raw_ops = {
1041 	.family        = PF_CAN,
1042 	.release       = raw_release,
1043 	.bind          = raw_bind,
1044 	.connect       = sock_no_connect,
1045 	.socketpair    = sock_no_socketpair,
1046 	.accept        = sock_no_accept,
1047 	.getname       = raw_getname,
1048 	.poll          = datagram_poll,
1049 	.ioctl         = raw_sock_no_ioctlcmd,
1050 	.gettstamp     = sock_gettstamp,
1051 	.listen        = sock_no_listen,
1052 	.shutdown      = sock_no_shutdown,
1053 	.setsockopt    = raw_setsockopt,
1054 	.getsockopt    = raw_getsockopt,
1055 	.sendmsg       = raw_sendmsg,
1056 	.recvmsg       = raw_recvmsg,
1057 	.mmap          = sock_no_mmap,
1058 };
1059 
1060 static struct proto raw_proto __read_mostly = {
1061 	.name       = "CAN_RAW",
1062 	.owner      = THIS_MODULE,
1063 	.obj_size   = sizeof(struct raw_sock),
1064 	.init       = raw_init,
1065 };
1066 
1067 static const struct can_proto raw_can_proto = {
1068 	.type       = SOCK_RAW,
1069 	.protocol   = CAN_RAW,
1070 	.ops        = &raw_ops,
1071 	.prot       = &raw_proto,
1072 };
1073 
1074 static struct notifier_block canraw_notifier = {
1075 	.notifier_call = raw_notifier
1076 };
1077 
raw_module_init(void)1078 static __init int raw_module_init(void)
1079 {
1080 	int err;
1081 
1082 	pr_info("can: raw protocol\n");
1083 
1084 	err = register_netdevice_notifier(&canraw_notifier);
1085 	if (err)
1086 		return err;
1087 
1088 	err = can_proto_register(&raw_can_proto);
1089 	if (err < 0) {
1090 		pr_err("can: registration of raw protocol failed\n");
1091 		goto register_proto_failed;
1092 	}
1093 
1094 	return 0;
1095 
1096 register_proto_failed:
1097 	unregister_netdevice_notifier(&canraw_notifier);
1098 	return err;
1099 }
1100 
raw_module_exit(void)1101 static __exit void raw_module_exit(void)
1102 {
1103 	can_proto_unregister(&raw_can_proto);
1104 	unregister_netdevice_notifier(&canraw_notifier);
1105 }
1106 
1107 module_init(raw_module_init);
1108 module_exit(raw_module_exit);
1109