xref: /linux/net/can/j1939/address-claim.c (revision 9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e)

// SPDX-License-Identifier: GPL-2.0
// Copyright (c) 2010-2011 EIA Electronics,
//                         Kurt Van Dijck <kurt.van.dijck@eia.be>
// Copyright (c) 2010-2011 EIA Electronics,
//                         Pieter Beyens <pieter.beyens@eia.be>
// Copyright (c) 2017-2019 Pengutronix,
//                         Marc Kleine-Budde <kernel@pengutronix.de>
// Copyright (c) 2017-2019 Pengutronix,
//                         Oleksij Rempel <kernel@pengutronix.de>

/* J1939 Address Claiming.
 * Address Claiming in the kernel
 * - keeps track of the AC states of ECU's,
 * - resolves NAME<=>SA taking into account the AC states of ECU's.
 *
 * All Address Claim msgs (including host-originated msg) are processed
 * at the receive path (a sent msg is always received again via CAN echo).
 * As such, the processing of AC msgs is done in the order on which msgs
 * are sent on the bus.
 *
 * This module doesn't send msgs itself (e.g. replies on Address Claims),
 * this is the responsibility of a user space application or daemon.
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/netdevice.h>
#include <linux/skbuff.h>

#include "j1939-priv.h"

static inline name_t j1939_skb_to_name(const struct sk_buff *skb)
{
	return le64_to_cpup((__le64 *)skb->data);
}

static inline bool j1939_ac_msg_is_request(struct sk_buff *skb)
{
	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
	int req_pgn;

	if (skb->len < 3 || skcb->addr.pgn != J1939_PGN_REQUEST)
		return false;

	req_pgn = skb->data[0] | (skb->data[1] << 8) | (skb->data[2] << 16);

	return req_pgn == J1939_PGN_ADDRESS_CLAIMED;
}

static int j1939_ac_verify_outgoing(struct j1939_priv *priv,
				    struct sk_buff *skb)
{
	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);

	if (skb->len != 8) {
		netdev_notice(priv->ndev, "tx address claim with dlc %i\n",
			      skb->len);
		return -EPROTO;
	}

	if (skcb->addr.src_name != j1939_skb_to_name(skb)) {
		netdev_notice(priv->ndev, "tx address claim with different name\n");
		return -EPROTO;
	}

	if (skcb->addr.sa == J1939_NO_ADDR) {
		netdev_notice(priv->ndev, "tx address claim with broadcast sa\n");
		return -EPROTO;
	}

	/* ac must always be a broadcast */
	if (skcb->addr.dst_name || skcb->addr.da != J1939_NO_ADDR) {
		netdev_notice(priv->ndev, "tx address claim with dest, not broadcast\n");
		return -EPROTO;
	}
	return 0;
}

int j1939_ac_fixup(struct j1939_priv *priv, struct sk_buff *skb)
{
	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
	int ret;
	u8 addr;

	/* network mgmt: address claiming msgs */
	if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) {
		struct j1939_ecu *ecu;

		ret = j1939_ac_verify_outgoing(priv, skb);
		/* return both when failure & when successful */
		if (ret < 0)
			return ret;
		ecu = j1939_ecu_get_by_name(priv, skcb->addr.src_name);
		if (!ecu)
			return -ENODEV;

		if (ecu->addr != skcb->addr.sa)
			/* hold further traffic for ecu, remove from parent */
			j1939_ecu_unmap(ecu);
		j1939_ecu_put(ecu);
	} else if (skcb->addr.src_name) {
		/* assign source address */
		addr = j1939_name_to_addr(priv, skcb->addr.src_name);
		if (!j1939_address_is_unicast(addr) &&
		    !j1939_ac_msg_is_request(skb)) {
			netdev_notice(priv->ndev, "tx drop: invalid sa for name 0x%016llx\n",
				      skcb->addr.src_name);
			return -EADDRNOTAVAIL;
		}
		skcb->addr.sa = addr;
	}

	/* assign destination address */
	if (skcb->addr.dst_name) {
		addr = j1939_name_to_addr(priv, skcb->addr.dst_name);
		if (!j1939_address_is_unicast(addr)) {
			netdev_notice(priv->ndev, "tx drop: invalid da for name 0x%016llx\n",
				      skcb->addr.dst_name);
			return -EADDRNOTAVAIL;
		}
		skcb->addr.da = addr;
	}
	return 0;
}

static void j1939_ac_process(struct j1939_priv *priv, struct sk_buff *skb)
{
	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
	struct j1939_ecu *ecu, *prev;
	name_t name;

	if (skb->len != 8) {
		netdev_notice(priv->ndev, "rx address claim with wrong dlc %i\n",
			      skb->len);
		return;
	}

	name = j1939_skb_to_name(skb);
	skcb->addr.src_name = name;
	if (!name) {
		netdev_notice(priv->ndev, "rx address claim without name\n");
		return;
	}

	if (!j1939_address_is_valid(skcb->addr.sa)) {
		netdev_notice(priv->ndev, "rx address claim with broadcast sa\n");
		return;
	}

	write_lock_bh(&priv->lock);

	/* Few words on the ECU ref counting:
	 *
	 * First we get an ECU handle, either with
	 * j1939_ecu_get_by_name_locked() (increments the ref counter)
	 * or j1939_ecu_create_locked() (initializes an ECU object
	 * with a ref counter of 1).
	 *
	 * j1939_ecu_unmap_locked() will decrement the ref counter,
	 * but only if the ECU was mapped before. So "ecu" still
	 * belongs to us.
	 *
	 * j1939_ecu_timer_start() will increment the ref counter
	 * before it starts the timer, so we can put the ecu when
	 * leaving this function.
	 */
	ecu = j1939_ecu_get_by_name_locked(priv, name);

	if (ecu && ecu->addr == skcb->addr.sa) {
		/* The ISO 11783-5 standard, in "4.5.2 - Address claim
		 * requirements", states:
		 *   d) No CF shall begin, or resume, transmission on the
		 *      network until 250 ms after it has successfully claimed
		 *      an address except when responding to a request for
		 *      address-claimed.
		 *
		 * But "Figure 6" and "Figure 7" in "4.5.4.2 - Address-claim
		 * prioritization" show that the CF begins the transmission
		 * after 250 ms from the first AC (address-claimed) message
		 * even if it sends another AC message during that time window
		 * to resolve the address contention with another CF.
		 *
		 * As stated in "4.4.2.3 - Address-claimed message":
		 *   In order to successfully claim an address, the CF sending
		 *   an address claimed message shall not receive a contending
		 *   claim from another CF for at least 250 ms.
		 *
		 * As stated in "4.4.3.2 - NAME management (NM) message":
		 *   1) A commanding CF can
		 *      d) request that a CF with a specified NAME transmit
		 *         the address-claimed message with its current NAME.
		 *   2) A target CF shall
		 *      d) send an address-claimed message in response to a
		 *         request for a matching NAME
		 *
		 * Taking the above arguments into account, the 250 ms wait is
		 * requested only during network initialization.
		 *
		 * Do not restart the timer on AC message if both the NAME and
		 * the address match and so if the address has already been
		 * claimed (timer has expired) or the AC message has been sent
		 * to resolve the contention with another CF (timer is still
		 * running).
		 */
		goto out_ecu_put;
	}

	if (!ecu && j1939_address_is_unicast(skcb->addr.sa))
		ecu = j1939_ecu_create_locked(priv, name);

	if (IS_ERR_OR_NULL(ecu))
		goto out_unlock_bh;

	/* cancel pending (previous) address claim */
	j1939_ecu_timer_cancel(ecu);

	if (j1939_address_is_idle(skcb->addr.sa)) {
		j1939_ecu_unmap_locked(ecu);
		goto out_ecu_put;
	}

	/* save new addr */
	if (ecu->addr != skcb->addr.sa)
		j1939_ecu_unmap_locked(ecu);
	ecu->addr = skcb->addr.sa;

	prev = j1939_ecu_get_by_addr_locked(priv, skcb->addr.sa);
	if (prev) {
		if (ecu->name > prev->name) {
			j1939_ecu_unmap_locked(ecu);
			j1939_ecu_put(prev);
			goto out_ecu_put;
		} else {
			/* kick prev if less or equal */
			j1939_ecu_unmap_locked(prev);
			j1939_ecu_put(prev);
		}
	}

	j1939_ecu_timer_start(ecu);
 out_ecu_put:
	j1939_ecu_put(ecu);
 out_unlock_bh:
	write_unlock_bh(&priv->lock);
}

void j1939_ac_recv(struct j1939_priv *priv, struct sk_buff *skb)
{
	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
	struct j1939_ecu *ecu;

	/* network mgmt */
	if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) {
		j1939_ac_process(priv, skb);
	} else if (j1939_address_is_unicast(skcb->addr.sa)) {
		/* assign source name */
		ecu = j1939_ecu_get_by_addr(priv, skcb->addr.sa);
		if (ecu) {
			skcb->addr.src_name = ecu->name;
			j1939_ecu_put(ecu);
		}
	}

	/* assign destination name */
	ecu = j1939_ecu_get_by_addr(priv, skcb->addr.da);
	if (ecu) {
		skcb->addr.dst_name = ecu->name;
		j1939_ecu_put(ecu);
	}
}