1 // SPDX-License-Identifier: GPL-2.0 2 // Copyright (c) 2010-2011 EIA Electronics, 3 // Pieter Beyens <pieter.beyens@eia.be> 4 // Copyright (c) 2010-2011 EIA Electronics, 5 // Kurt Van Dijck <kurt.van.dijck@eia.be> 6 // Copyright (c) 2018 Protonic, 7 // Robin van der Gracht <robin@protonic.nl> 8 // Copyright (c) 2017-2019 Pengutronix, 9 // Marc Kleine-Budde <kernel@pengutronix.de> 10 // Copyright (c) 2017-2019 Pengutronix, 11 // Oleksij Rempel <kernel@pengutronix.de> 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/can/can-ml.h> 16 #include <linux/can/core.h> 17 #include <linux/can/skb.h> 18 #include <linux/errqueue.h> 19 #include <linux/if_arp.h> 20 21 #include "j1939-priv.h" 22 23 #define J1939_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_addr.j1939) 24 25 /* conversion function between struct sock::sk_priority from linux and 26 * j1939 priority field 27 */ 28 static inline priority_t j1939_prio(u32 sk_priority) 29 { 30 sk_priority = min(sk_priority, 7U); 31 32 return 7 - sk_priority; 33 } 34 35 static inline u32 j1939_to_sk_priority(priority_t prio) 36 { 37 return 7 - prio; 38 } 39 40 /* function to see if pgn is to be evaluated */ 41 static inline bool j1939_pgn_is_valid(pgn_t pgn) 42 { 43 return pgn <= J1939_PGN_MAX; 44 } 45 46 /* test function to avoid non-zero DA placeholder for pdu1 pgn's */ 47 static inline bool j1939_pgn_is_clean_pdu(pgn_t pgn) 48 { 49 if (j1939_pgn_is_pdu1(pgn)) 50 return !(pgn & 0xff); 51 else 52 return true; 53 } 54 55 static inline void j1939_sock_pending_add(struct sock *sk) 56 { 57 struct j1939_sock *jsk = j1939_sk(sk); 58 59 atomic_inc(&jsk->skb_pending); 60 } 61 62 static int j1939_sock_pending_get(struct sock *sk) 63 { 64 struct j1939_sock *jsk = j1939_sk(sk); 65 66 return atomic_read(&jsk->skb_pending); 67 } 68 69 void j1939_sock_pending_del(struct sock *sk) 70 { 71 struct j1939_sock *jsk = j1939_sk(sk); 72 73 /* atomic_dec_return returns the new value */ 74 if (!atomic_dec_return(&jsk->skb_pending)) 75 wake_up(&jsk->waitq); /* no pending SKB's */ 76 } 77 78 static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk) 79 { 80 jsk->state |= J1939_SOCK_BOUND; 81 j1939_priv_get(priv); 82 83 write_lock_bh(&priv->j1939_socks_lock); 84 list_add_tail(&jsk->list, &priv->j1939_socks); 85 write_unlock_bh(&priv->j1939_socks_lock); 86 } 87 88 static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk) 89 { 90 write_lock_bh(&priv->j1939_socks_lock); 91 list_del_init(&jsk->list); 92 write_unlock_bh(&priv->j1939_socks_lock); 93 94 j1939_priv_put(priv); 95 jsk->state &= ~J1939_SOCK_BOUND; 96 } 97 98 static bool j1939_sk_queue_session(struct j1939_session *session) 99 { 100 struct j1939_sock *jsk = j1939_sk(session->sk); 101 bool empty; 102 103 spin_lock_bh(&jsk->sk_session_queue_lock); 104 empty = list_empty(&jsk->sk_session_queue); 105 j1939_session_get(session); 106 list_add_tail(&session->sk_session_queue_entry, &jsk->sk_session_queue); 107 spin_unlock_bh(&jsk->sk_session_queue_lock); 108 j1939_sock_pending_add(&jsk->sk); 109 110 return empty; 111 } 112 113 static struct 114 j1939_session *j1939_sk_get_incomplete_session(struct j1939_sock *jsk) 115 { 116 struct j1939_session *session = NULL; 117 118 spin_lock_bh(&jsk->sk_session_queue_lock); 119 if (!list_empty(&jsk->sk_session_queue)) { 120 session = list_last_entry(&jsk->sk_session_queue, 121 struct j1939_session, 122 sk_session_queue_entry); 123 if (session->total_queued_size == session->total_message_size) 124 session = NULL; 125 else 126 j1939_session_get(session); 127 } 128 spin_unlock_bh(&jsk->sk_session_queue_lock); 129 130 return session; 131 } 132 133 static void j1939_sk_queue_drop_all(struct j1939_priv *priv, 134 struct j1939_sock *jsk, int err) 135 { 136 struct j1939_session *session, *tmp; 137 138 netdev_dbg(priv->ndev, "%s: err: %i\n", __func__, err); 139 spin_lock_bh(&jsk->sk_session_queue_lock); 140 list_for_each_entry_safe(session, tmp, &jsk->sk_session_queue, 141 sk_session_queue_entry) { 142 list_del_init(&session->sk_session_queue_entry); 143 session->err = err; 144 j1939_session_put(session); 145 } 146 spin_unlock_bh(&jsk->sk_session_queue_lock); 147 } 148 149 static void j1939_sk_queue_activate_next_locked(struct j1939_session *session) 150 { 151 struct j1939_sock *jsk; 152 struct j1939_session *first; 153 int err; 154 155 /* RX-Session don't have a socket (yet) */ 156 if (!session->sk) 157 return; 158 159 jsk = j1939_sk(session->sk); 160 lockdep_assert_held(&jsk->sk_session_queue_lock); 161 162 err = session->err; 163 164 first = list_first_entry_or_null(&jsk->sk_session_queue, 165 struct j1939_session, 166 sk_session_queue_entry); 167 168 /* Some else has already activated the next session */ 169 if (first != session) 170 return; 171 172 activate_next: 173 list_del_init(&first->sk_session_queue_entry); 174 j1939_session_put(first); 175 first = list_first_entry_or_null(&jsk->sk_session_queue, 176 struct j1939_session, 177 sk_session_queue_entry); 178 if (!first) 179 return; 180 181 if (j1939_session_activate(first)) { 182 netdev_warn_once(first->priv->ndev, 183 "%s: 0x%p: Identical session is already activated.\n", 184 __func__, first); 185 first->err = -EBUSY; 186 goto activate_next; 187 } else { 188 /* Give receiver some time (arbitrary chosen) to recover */ 189 int time_ms = 0; 190 191 if (err) 192 time_ms = 10 + get_random_u32_below(16); 193 194 j1939_tp_schedule_txtimer(first, time_ms); 195 } 196 } 197 198 void j1939_sk_queue_activate_next(struct j1939_session *session) 199 { 200 struct j1939_sock *jsk; 201 202 if (!session->sk) 203 return; 204 205 jsk = j1939_sk(session->sk); 206 207 spin_lock_bh(&jsk->sk_session_queue_lock); 208 j1939_sk_queue_activate_next_locked(session); 209 spin_unlock_bh(&jsk->sk_session_queue_lock); 210 } 211 212 static bool j1939_sk_match_dst(struct j1939_sock *jsk, 213 const struct j1939_sk_buff_cb *skcb) 214 { 215 if ((jsk->state & J1939_SOCK_PROMISC)) 216 return true; 217 218 /* Destination address filter */ 219 if (jsk->addr.src_name && skcb->addr.dst_name) { 220 if (jsk->addr.src_name != skcb->addr.dst_name) 221 return false; 222 } else { 223 /* receive (all sockets) if 224 * - all packages that match our bind() address 225 * - all broadcast on a socket if SO_BROADCAST 226 * is set 227 */ 228 if (j1939_address_is_unicast(skcb->addr.da)) { 229 if (jsk->addr.sa != skcb->addr.da) 230 return false; 231 } else if (!sock_flag(&jsk->sk, SOCK_BROADCAST)) { 232 /* receiving broadcast without SO_BROADCAST 233 * flag is not allowed 234 */ 235 return false; 236 } 237 } 238 239 /* Source address filter */ 240 if (jsk->state & J1939_SOCK_CONNECTED) { 241 /* receive (all sockets) if 242 * - all packages that match our connect() name or address 243 */ 244 if (jsk->addr.dst_name && skcb->addr.src_name) { 245 if (jsk->addr.dst_name != skcb->addr.src_name) 246 return false; 247 } else { 248 if (jsk->addr.da != skcb->addr.sa) 249 return false; 250 } 251 } 252 253 /* PGN filter */ 254 if (j1939_pgn_is_valid(jsk->pgn_rx_filter) && 255 jsk->pgn_rx_filter != skcb->addr.pgn) 256 return false; 257 258 return true; 259 } 260 261 /* matches skb control buffer (addr) with a j1939 filter */ 262 static bool j1939_sk_match_filter(struct j1939_sock *jsk, 263 const struct j1939_sk_buff_cb *skcb) 264 { 265 const struct j1939_filter *f; 266 int nfilter; 267 268 spin_lock_bh(&jsk->filters_lock); 269 270 f = jsk->filters; 271 nfilter = jsk->nfilters; 272 273 if (!nfilter) 274 /* receive all when no filters are assigned */ 275 goto filter_match_found; 276 277 for (; nfilter; ++f, --nfilter) { 278 if ((skcb->addr.pgn & f->pgn_mask) != f->pgn) 279 continue; 280 if ((skcb->addr.sa & f->addr_mask) != f->addr) 281 continue; 282 if ((skcb->addr.src_name & f->name_mask) != f->name) 283 continue; 284 goto filter_match_found; 285 } 286 287 spin_unlock_bh(&jsk->filters_lock); 288 return false; 289 290 filter_match_found: 291 spin_unlock_bh(&jsk->filters_lock); 292 return true; 293 } 294 295 static bool j1939_sk_recv_match_one(struct j1939_sock *jsk, 296 const struct j1939_sk_buff_cb *skcb) 297 { 298 if (!(jsk->state & J1939_SOCK_BOUND)) 299 return false; 300 301 if (!j1939_sk_match_dst(jsk, skcb)) 302 return false; 303 304 if (!j1939_sk_match_filter(jsk, skcb)) 305 return false; 306 307 return true; 308 } 309 310 static void j1939_sk_recv_one(struct j1939_sock *jsk, struct sk_buff *oskb) 311 { 312 const struct j1939_sk_buff_cb *oskcb = j1939_skb_to_cb(oskb); 313 struct j1939_sk_buff_cb *skcb; 314 enum skb_drop_reason reason; 315 struct sk_buff *skb; 316 317 if (oskb->sk == &jsk->sk) 318 return; 319 320 if (!j1939_sk_recv_match_one(jsk, oskcb)) 321 return; 322 323 skb = skb_clone(oskb, GFP_ATOMIC); 324 if (!skb) { 325 pr_warn("skb clone failed\n"); 326 return; 327 } 328 can_skb_set_owner(skb, oskb->sk); 329 330 skcb = j1939_skb_to_cb(skb); 331 skcb->msg_flags &= ~(MSG_DONTROUTE); 332 if (skb->sk) 333 skcb->msg_flags |= MSG_DONTROUTE; 334 335 if (sock_queue_rcv_skb_reason(&jsk->sk, skb, &reason) < 0) 336 sk_skb_reason_drop(&jsk->sk, skb, reason); 337 } 338 339 bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb) 340 { 341 struct j1939_sock *jsk; 342 bool match = false; 343 344 read_lock_bh(&priv->j1939_socks_lock); 345 list_for_each_entry(jsk, &priv->j1939_socks, list) { 346 match = j1939_sk_recv_match_one(jsk, skcb); 347 if (match) 348 break; 349 } 350 read_unlock_bh(&priv->j1939_socks_lock); 351 352 return match; 353 } 354 355 void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb) 356 { 357 struct j1939_sock *jsk; 358 359 read_lock_bh(&priv->j1939_socks_lock); 360 list_for_each_entry(jsk, &priv->j1939_socks, list) { 361 j1939_sk_recv_one(jsk, skb); 362 } 363 read_unlock_bh(&priv->j1939_socks_lock); 364 } 365 366 static void j1939_sk_sock_destruct(struct sock *sk) 367 { 368 struct j1939_sock *jsk = j1939_sk(sk); 369 370 /* This function will be called by the generic networking code, when 371 * the socket is ultimately closed (sk->sk_destruct). 372 * 373 * The race between 374 * - processing a received CAN frame 375 * (can_receive -> j1939_can_recv) 376 * and accessing j1939_priv 377 * ... and ... 378 * - closing a socket 379 * (j1939_can_rx_unregister -> can_rx_unregister) 380 * and calling the final j1939_priv_put() 381 * 382 * is avoided by calling the final j1939_priv_put() from this 383 * RCU deferred cleanup call. 384 */ 385 if (jsk->priv) { 386 j1939_priv_put(jsk->priv); 387 jsk->priv = NULL; 388 } 389 390 /* call generic CAN sock destruct */ 391 can_sock_destruct(sk); 392 } 393 394 static int j1939_sk_init(struct sock *sk) 395 { 396 struct j1939_sock *jsk = j1939_sk(sk); 397 398 /* Ensure that "sk" is first member in "struct j1939_sock", so that we 399 * can skip it during memset(). 400 */ 401 BUILD_BUG_ON(offsetof(struct j1939_sock, sk) != 0); 402 memset((void *)jsk + sizeof(jsk->sk), 0x0, 403 sizeof(*jsk) - sizeof(jsk->sk)); 404 405 INIT_LIST_HEAD(&jsk->list); 406 init_waitqueue_head(&jsk->waitq); 407 jsk->sk.sk_priority = j1939_to_sk_priority(6); 408 jsk->sk.sk_reuse = 1; /* per default */ 409 jsk->addr.sa = J1939_NO_ADDR; 410 jsk->addr.da = J1939_NO_ADDR; 411 jsk->addr.pgn = J1939_NO_PGN; 412 jsk->pgn_rx_filter = J1939_NO_PGN; 413 atomic_set(&jsk->skb_pending, 0); 414 spin_lock_init(&jsk->sk_session_queue_lock); 415 INIT_LIST_HEAD(&jsk->sk_session_queue); 416 spin_lock_init(&jsk->filters_lock); 417 418 /* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */ 419 sock_set_flag(sk, SOCK_RCU_FREE); 420 sk->sk_destruct = j1939_sk_sock_destruct; 421 sk->sk_protocol = CAN_J1939; 422 423 return 0; 424 } 425 426 static int j1939_sk_sanity_check(struct sockaddr_can *addr, int len) 427 { 428 if (!addr) 429 return -EDESTADDRREQ; 430 if (len < J1939_MIN_NAMELEN) 431 return -EINVAL; 432 if (addr->can_family != AF_CAN) 433 return -EINVAL; 434 if (!addr->can_ifindex) 435 return -ENODEV; 436 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) && 437 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) 438 return -EINVAL; 439 440 return 0; 441 } 442 443 static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len) 444 { 445 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 446 struct j1939_sock *jsk = j1939_sk(sock->sk); 447 struct j1939_priv *priv; 448 struct sock *sk; 449 struct net *net; 450 int ret = 0; 451 452 ret = j1939_sk_sanity_check(addr, len); 453 if (ret) 454 return ret; 455 456 lock_sock(sock->sk); 457 458 priv = jsk->priv; 459 sk = sock->sk; 460 net = sock_net(sk); 461 462 /* Already bound to an interface? */ 463 if (jsk->state & J1939_SOCK_BOUND) { 464 /* A re-bind() to a different interface is not 465 * supported. 466 */ 467 if (jsk->ifindex != addr->can_ifindex) { 468 ret = -EINVAL; 469 goto out_release_sock; 470 } 471 472 /* drop old references */ 473 j1939_jsk_del(priv, jsk); 474 j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa); 475 } else { 476 struct can_ml_priv *can_ml; 477 struct net_device *ndev; 478 479 ndev = dev_get_by_index(net, addr->can_ifindex); 480 if (!ndev) { 481 ret = -ENODEV; 482 goto out_release_sock; 483 } 484 485 can_ml = can_get_ml_priv(ndev); 486 if (!can_ml) { 487 dev_put(ndev); 488 ret = -ENODEV; 489 goto out_release_sock; 490 } 491 492 if (!(ndev->flags & IFF_UP)) { 493 dev_put(ndev); 494 ret = -ENETDOWN; 495 goto out_release_sock; 496 } 497 498 priv = j1939_netdev_start(ndev); 499 dev_put(ndev); 500 if (IS_ERR(priv)) { 501 ret = PTR_ERR(priv); 502 goto out_release_sock; 503 } 504 505 jsk->ifindex = addr->can_ifindex; 506 507 /* the corresponding j1939_priv_put() is called via 508 * sk->sk_destruct, which points to j1939_sk_sock_destruct() 509 */ 510 j1939_priv_get(priv); 511 jsk->priv = priv; 512 } 513 514 /* set default transmit pgn */ 515 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 516 jsk->pgn_rx_filter = addr->can_addr.j1939.pgn; 517 jsk->addr.src_name = addr->can_addr.j1939.name; 518 jsk->addr.sa = addr->can_addr.j1939.addr; 519 520 /* get new references */ 521 ret = j1939_local_ecu_get(priv, jsk->addr.src_name, jsk->addr.sa); 522 if (ret) { 523 j1939_netdev_stop(priv); 524 goto out_release_sock; 525 } 526 527 j1939_jsk_add(priv, jsk); 528 529 out_release_sock: /* fall through */ 530 release_sock(sock->sk); 531 532 return ret; 533 } 534 535 static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr, 536 int len, int flags) 537 { 538 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 539 struct j1939_sock *jsk = j1939_sk(sock->sk); 540 int ret = 0; 541 542 ret = j1939_sk_sanity_check(addr, len); 543 if (ret) 544 return ret; 545 546 lock_sock(sock->sk); 547 548 /* bind() before connect() is mandatory */ 549 if (!(jsk->state & J1939_SOCK_BOUND)) { 550 ret = -EINVAL; 551 goto out_release_sock; 552 } 553 554 /* A connect() to a different interface is not supported. */ 555 if (jsk->ifindex != addr->can_ifindex) { 556 ret = -EINVAL; 557 goto out_release_sock; 558 } 559 560 if (!addr->can_addr.j1939.name && 561 addr->can_addr.j1939.addr == J1939_NO_ADDR && 562 !sock_flag(&jsk->sk, SOCK_BROADCAST)) { 563 /* broadcast, but SO_BROADCAST not set */ 564 ret = -EACCES; 565 goto out_release_sock; 566 } 567 568 jsk->addr.dst_name = addr->can_addr.j1939.name; 569 jsk->addr.da = addr->can_addr.j1939.addr; 570 571 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 572 jsk->addr.pgn = addr->can_addr.j1939.pgn; 573 574 jsk->state |= J1939_SOCK_CONNECTED; 575 576 out_release_sock: /* fall through */ 577 release_sock(sock->sk); 578 579 return ret; 580 } 581 582 static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr, 583 const struct j1939_sock *jsk, int peer) 584 { 585 /* There are two holes (2 bytes and 3 bytes) to clear to avoid 586 * leaking kernel information to user space. 587 */ 588 memset(addr, 0, J1939_MIN_NAMELEN); 589 590 addr->can_family = AF_CAN; 591 addr->can_ifindex = jsk->ifindex; 592 addr->can_addr.j1939.pgn = jsk->addr.pgn; 593 if (peer) { 594 addr->can_addr.j1939.name = jsk->addr.dst_name; 595 addr->can_addr.j1939.addr = jsk->addr.da; 596 } else { 597 addr->can_addr.j1939.name = jsk->addr.src_name; 598 addr->can_addr.j1939.addr = jsk->addr.sa; 599 } 600 } 601 602 static int j1939_sk_getname(struct socket *sock, struct sockaddr *uaddr, 603 int peer) 604 { 605 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 606 struct sock *sk = sock->sk; 607 struct j1939_sock *jsk = j1939_sk(sk); 608 int ret = 0; 609 610 lock_sock(sk); 611 612 if (peer && !(jsk->state & J1939_SOCK_CONNECTED)) { 613 ret = -EADDRNOTAVAIL; 614 goto failure; 615 } 616 617 j1939_sk_sock2sockaddr_can(addr, jsk, peer); 618 ret = J1939_MIN_NAMELEN; 619 620 failure: 621 release_sock(sk); 622 623 return ret; 624 } 625 626 static int j1939_sk_release(struct socket *sock) 627 { 628 struct sock *sk = sock->sk; 629 struct j1939_sock *jsk; 630 631 if (!sk) 632 return 0; 633 634 lock_sock(sk); 635 jsk = j1939_sk(sk); 636 637 if (jsk->state & J1939_SOCK_BOUND) { 638 struct j1939_priv *priv = jsk->priv; 639 640 if (wait_event_interruptible(jsk->waitq, 641 !j1939_sock_pending_get(&jsk->sk))) { 642 j1939_cancel_active_session(priv, sk); 643 j1939_sk_queue_drop_all(priv, jsk, ESHUTDOWN); 644 } 645 646 j1939_jsk_del(priv, jsk); 647 648 j1939_local_ecu_put(priv, jsk->addr.src_name, 649 jsk->addr.sa); 650 651 j1939_netdev_stop(priv); 652 } 653 654 kfree(jsk->filters); 655 sock_orphan(sk); 656 sock->sk = NULL; 657 658 release_sock(sk); 659 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 660 sock_put(sk); 661 662 return 0; 663 } 664 665 static int j1939_sk_setsockopt_flag(struct j1939_sock *jsk, sockptr_t optval, 666 unsigned int optlen, int flag) 667 { 668 int tmp; 669 670 if (optlen != sizeof(tmp)) 671 return -EINVAL; 672 if (copy_from_sockptr(&tmp, optval, optlen)) 673 return -EFAULT; 674 lock_sock(&jsk->sk); 675 if (tmp) 676 jsk->state |= flag; 677 else 678 jsk->state &= ~flag; 679 release_sock(&jsk->sk); 680 return tmp; 681 } 682 683 static int j1939_sk_setsockopt(struct socket *sock, int level, int optname, 684 sockptr_t optval, unsigned int optlen) 685 { 686 struct sock *sk = sock->sk; 687 struct j1939_sock *jsk = j1939_sk(sk); 688 int tmp, count = 0, ret = 0; 689 struct j1939_filter *filters = NULL, *ofilters; 690 691 if (level != SOL_CAN_J1939) 692 return -EINVAL; 693 694 switch (optname) { 695 case SO_J1939_FILTER: 696 if (!sockptr_is_null(optval) && optlen != 0) { 697 struct j1939_filter *f; 698 int c; 699 700 if (optlen % sizeof(*filters) != 0) 701 return -EINVAL; 702 703 if (optlen > J1939_FILTER_MAX * 704 sizeof(struct j1939_filter)) 705 return -EINVAL; 706 707 count = optlen / sizeof(*filters); 708 filters = memdup_sockptr(optval, optlen); 709 if (IS_ERR(filters)) 710 return PTR_ERR(filters); 711 712 for (f = filters, c = count; c; f++, c--) { 713 f->name &= f->name_mask; 714 f->pgn &= f->pgn_mask; 715 f->addr &= f->addr_mask; 716 } 717 } 718 719 lock_sock(&jsk->sk); 720 spin_lock_bh(&jsk->filters_lock); 721 ofilters = jsk->filters; 722 jsk->filters = filters; 723 jsk->nfilters = count; 724 spin_unlock_bh(&jsk->filters_lock); 725 release_sock(&jsk->sk); 726 kfree(ofilters); 727 return 0; 728 case SO_J1939_PROMISC: 729 return j1939_sk_setsockopt_flag(jsk, optval, optlen, 730 J1939_SOCK_PROMISC); 731 case SO_J1939_ERRQUEUE: 732 ret = j1939_sk_setsockopt_flag(jsk, optval, optlen, 733 J1939_SOCK_ERRQUEUE); 734 if (ret < 0) 735 return ret; 736 737 if (!(jsk->state & J1939_SOCK_ERRQUEUE)) 738 skb_queue_purge(&sk->sk_error_queue); 739 return ret; 740 case SO_J1939_SEND_PRIO: 741 if (optlen != sizeof(tmp)) 742 return -EINVAL; 743 if (copy_from_sockptr(&tmp, optval, optlen)) 744 return -EFAULT; 745 if (tmp < 0 || tmp > 7) 746 return -EDOM; 747 if (tmp < 2 && !capable(CAP_NET_ADMIN)) 748 return -EPERM; 749 lock_sock(&jsk->sk); 750 jsk->sk.sk_priority = j1939_to_sk_priority(tmp); 751 release_sock(&jsk->sk); 752 return 0; 753 default: 754 return -ENOPROTOOPT; 755 } 756 } 757 758 static int j1939_sk_getsockopt(struct socket *sock, int level, int optname, 759 char __user *optval, int __user *optlen) 760 { 761 struct sock *sk = sock->sk; 762 struct j1939_sock *jsk = j1939_sk(sk); 763 int ret, ulen; 764 /* set defaults for using 'int' properties */ 765 int tmp = 0; 766 int len = sizeof(tmp); 767 void *val = &tmp; 768 769 if (level != SOL_CAN_J1939) 770 return -EINVAL; 771 if (get_user(ulen, optlen)) 772 return -EFAULT; 773 if (ulen < 0) 774 return -EINVAL; 775 776 lock_sock(&jsk->sk); 777 switch (optname) { 778 case SO_J1939_PROMISC: 779 tmp = (jsk->state & J1939_SOCK_PROMISC) ? 1 : 0; 780 break; 781 case SO_J1939_ERRQUEUE: 782 tmp = (jsk->state & J1939_SOCK_ERRQUEUE) ? 1 : 0; 783 break; 784 case SO_J1939_SEND_PRIO: 785 tmp = j1939_prio(jsk->sk.sk_priority); 786 break; 787 default: 788 ret = -ENOPROTOOPT; 789 goto no_copy; 790 } 791 792 /* copy to user, based on 'len' & 'val' 793 * but most sockopt's are 'int' properties, and have 'len' & 'val' 794 * left unchanged, but instead modified 'tmp' 795 */ 796 if (len > ulen) 797 ret = -EFAULT; 798 else if (put_user(len, optlen)) 799 ret = -EFAULT; 800 else if (copy_to_user(optval, val, len)) 801 ret = -EFAULT; 802 else 803 ret = 0; 804 no_copy: 805 release_sock(&jsk->sk); 806 return ret; 807 } 808 809 static int j1939_sk_recvmsg(struct socket *sock, struct msghdr *msg, 810 size_t size, int flags) 811 { 812 struct sock *sk = sock->sk; 813 struct sk_buff *skb; 814 struct j1939_sk_buff_cb *skcb; 815 int ret = 0; 816 817 if (flags & ~(MSG_DONTWAIT | MSG_ERRQUEUE | MSG_CMSG_COMPAT)) 818 return -EINVAL; 819 820 if (flags & MSG_ERRQUEUE) 821 return sock_recv_errqueue(sock->sk, msg, size, SOL_CAN_J1939, 822 SCM_J1939_ERRQUEUE); 823 824 skb = skb_recv_datagram(sk, flags, &ret); 825 if (!skb) 826 return ret; 827 828 if (size < skb->len) 829 msg->msg_flags |= MSG_TRUNC; 830 else 831 size = skb->len; 832 833 ret = memcpy_to_msg(msg, skb->data, size); 834 if (ret < 0) { 835 skb_free_datagram(sk, skb); 836 return ret; 837 } 838 839 skcb = j1939_skb_to_cb(skb); 840 if (j1939_address_is_valid(skcb->addr.da)) 841 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_ADDR, 842 sizeof(skcb->addr.da), &skcb->addr.da); 843 844 if (skcb->addr.dst_name) 845 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_NAME, 846 sizeof(skcb->addr.dst_name), &skcb->addr.dst_name); 847 848 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_PRIO, 849 sizeof(skcb->priority), &skcb->priority); 850 851 if (msg->msg_name) { 852 struct sockaddr_can *paddr = msg->msg_name; 853 854 msg->msg_namelen = J1939_MIN_NAMELEN; 855 memset(msg->msg_name, 0, msg->msg_namelen); 856 paddr->can_family = AF_CAN; 857 paddr->can_ifindex = skb->skb_iif; 858 paddr->can_addr.j1939.name = skcb->addr.src_name; 859 paddr->can_addr.j1939.addr = skcb->addr.sa; 860 paddr->can_addr.j1939.pgn = skcb->addr.pgn; 861 } 862 863 sock_recv_cmsgs(msg, sk, skb); 864 msg->msg_flags |= skcb->msg_flags; 865 skb_free_datagram(sk, skb); 866 867 return size; 868 } 869 870 static struct sk_buff *j1939_sk_alloc_skb(struct net_device *ndev, 871 struct sock *sk, 872 struct msghdr *msg, size_t size, 873 int *errcode) 874 { 875 struct j1939_sock *jsk = j1939_sk(sk); 876 struct j1939_sk_buff_cb *skcb; 877 struct sk_buff *skb; 878 int ret; 879 880 skb = sock_alloc_send_skb(sk, 881 size + 882 sizeof(struct can_frame) - 883 sizeof(((struct can_frame *)NULL)->data) + 884 sizeof(struct can_skb_priv), 885 msg->msg_flags & MSG_DONTWAIT, &ret); 886 if (!skb) 887 goto failure; 888 889 can_skb_reserve(skb); 890 can_skb_prv(skb)->ifindex = ndev->ifindex; 891 can_skb_prv(skb)->skbcnt = 0; 892 skb_reserve(skb, offsetof(struct can_frame, data)); 893 894 ret = memcpy_from_msg(skb_put(skb, size), msg, size); 895 if (ret < 0) 896 goto free_skb; 897 898 skb->dev = ndev; 899 900 skcb = j1939_skb_to_cb(skb); 901 memset(skcb, 0, sizeof(*skcb)); 902 skcb->addr = jsk->addr; 903 skcb->priority = j1939_prio(READ_ONCE(sk->sk_priority)); 904 905 if (msg->msg_name) { 906 struct sockaddr_can *addr = msg->msg_name; 907 908 if (addr->can_addr.j1939.name || 909 addr->can_addr.j1939.addr != J1939_NO_ADDR) { 910 skcb->addr.dst_name = addr->can_addr.j1939.name; 911 skcb->addr.da = addr->can_addr.j1939.addr; 912 } 913 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 914 skcb->addr.pgn = addr->can_addr.j1939.pgn; 915 } 916 917 *errcode = ret; 918 return skb; 919 920 free_skb: 921 kfree_skb(skb); 922 failure: 923 *errcode = ret; 924 return NULL; 925 } 926 927 static size_t j1939_sk_opt_stats_get_size(enum j1939_sk_errqueue_type type) 928 { 929 switch (type) { 930 case J1939_ERRQUEUE_RX_RTS: 931 return 932 nla_total_size(sizeof(u32)) + /* J1939_NLA_TOTAL_SIZE */ 933 nla_total_size(sizeof(u32)) + /* J1939_NLA_PGN */ 934 nla_total_size(sizeof(u64)) + /* J1939_NLA_SRC_NAME */ 935 nla_total_size(sizeof(u64)) + /* J1939_NLA_DEST_NAME */ 936 nla_total_size(sizeof(u8)) + /* J1939_NLA_SRC_ADDR */ 937 nla_total_size(sizeof(u8)) + /* J1939_NLA_DEST_ADDR */ 938 0; 939 default: 940 return 941 nla_total_size(sizeof(u32)) + /* J1939_NLA_BYTES_ACKED */ 942 0; 943 } 944 } 945 946 static struct sk_buff * 947 j1939_sk_get_timestamping_opt_stats(struct j1939_session *session, 948 enum j1939_sk_errqueue_type type) 949 { 950 struct sk_buff *stats; 951 u32 size; 952 953 stats = alloc_skb(j1939_sk_opt_stats_get_size(type), GFP_ATOMIC); 954 if (!stats) 955 return NULL; 956 957 if (session->skcb.addr.type == J1939_SIMPLE) 958 size = session->total_message_size; 959 else 960 size = min(session->pkt.tx_acked * 7, 961 session->total_message_size); 962 963 switch (type) { 964 case J1939_ERRQUEUE_RX_RTS: 965 nla_put_u32(stats, J1939_NLA_TOTAL_SIZE, 966 session->total_message_size); 967 nla_put_u32(stats, J1939_NLA_PGN, 968 session->skcb.addr.pgn); 969 nla_put_u64_64bit(stats, J1939_NLA_SRC_NAME, 970 session->skcb.addr.src_name, J1939_NLA_PAD); 971 nla_put_u64_64bit(stats, J1939_NLA_DEST_NAME, 972 session->skcb.addr.dst_name, J1939_NLA_PAD); 973 nla_put_u8(stats, J1939_NLA_SRC_ADDR, 974 session->skcb.addr.sa); 975 nla_put_u8(stats, J1939_NLA_DEST_ADDR, 976 session->skcb.addr.da); 977 break; 978 default: 979 nla_put_u32(stats, J1939_NLA_BYTES_ACKED, size); 980 } 981 982 return stats; 983 } 984 985 static void __j1939_sk_errqueue(struct j1939_session *session, struct sock *sk, 986 enum j1939_sk_errqueue_type type) 987 { 988 struct j1939_priv *priv = session->priv; 989 struct j1939_sock *jsk; 990 struct sock_exterr_skb *serr; 991 struct sk_buff *skb; 992 char *state = "UNK"; 993 u32 tsflags; 994 int err; 995 996 jsk = j1939_sk(sk); 997 998 if (!(jsk->state & J1939_SOCK_ERRQUEUE)) 999 return; 1000 1001 tsflags = READ_ONCE(sk->sk_tsflags); 1002 switch (type) { 1003 case J1939_ERRQUEUE_TX_ACK: 1004 if (!(tsflags & SOF_TIMESTAMPING_TX_ACK)) 1005 return; 1006 break; 1007 case J1939_ERRQUEUE_TX_SCHED: 1008 if (!(tsflags & SOF_TIMESTAMPING_TX_SCHED)) 1009 return; 1010 break; 1011 case J1939_ERRQUEUE_TX_ABORT: 1012 break; 1013 case J1939_ERRQUEUE_RX_RTS: 1014 fallthrough; 1015 case J1939_ERRQUEUE_RX_DPO: 1016 fallthrough; 1017 case J1939_ERRQUEUE_RX_ABORT: 1018 if (!(tsflags & SOF_TIMESTAMPING_RX_SOFTWARE)) 1019 return; 1020 break; 1021 default: 1022 netdev_err(priv->ndev, "Unknown errqueue type %i\n", type); 1023 } 1024 1025 skb = j1939_sk_get_timestamping_opt_stats(session, type); 1026 if (!skb) 1027 return; 1028 1029 skb->tstamp = ktime_get_real(); 1030 1031 BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb)); 1032 1033 serr = SKB_EXT_ERR(skb); 1034 memset(serr, 0, sizeof(*serr)); 1035 switch (type) { 1036 case J1939_ERRQUEUE_TX_ACK: 1037 serr->ee.ee_errno = ENOMSG; 1038 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 1039 serr->ee.ee_info = SCM_TSTAMP_ACK; 1040 state = "TX ACK"; 1041 break; 1042 case J1939_ERRQUEUE_TX_SCHED: 1043 serr->ee.ee_errno = ENOMSG; 1044 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 1045 serr->ee.ee_info = SCM_TSTAMP_SCHED; 1046 state = "TX SCH"; 1047 break; 1048 case J1939_ERRQUEUE_TX_ABORT: 1049 serr->ee.ee_errno = session->err; 1050 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 1051 serr->ee.ee_info = J1939_EE_INFO_TX_ABORT; 1052 state = "TX ABT"; 1053 break; 1054 case J1939_ERRQUEUE_RX_RTS: 1055 serr->ee.ee_errno = ENOMSG; 1056 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 1057 serr->ee.ee_info = J1939_EE_INFO_RX_RTS; 1058 state = "RX RTS"; 1059 break; 1060 case J1939_ERRQUEUE_RX_DPO: 1061 serr->ee.ee_errno = ENOMSG; 1062 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 1063 serr->ee.ee_info = J1939_EE_INFO_RX_DPO; 1064 state = "RX DPO"; 1065 break; 1066 case J1939_ERRQUEUE_RX_ABORT: 1067 serr->ee.ee_errno = session->err; 1068 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 1069 serr->ee.ee_info = J1939_EE_INFO_RX_ABORT; 1070 state = "RX ABT"; 1071 break; 1072 } 1073 1074 serr->opt_stats = true; 1075 if (tsflags & SOF_TIMESTAMPING_OPT_ID) 1076 serr->ee.ee_data = session->tskey; 1077 1078 netdev_dbg(session->priv->ndev, "%s: 0x%p tskey: %i, state: %s\n", 1079 __func__, session, session->tskey, state); 1080 err = sock_queue_err_skb(sk, skb); 1081 1082 if (err) 1083 kfree_skb(skb); 1084 }; 1085 1086 void j1939_sk_errqueue(struct j1939_session *session, 1087 enum j1939_sk_errqueue_type type) 1088 { 1089 struct j1939_priv *priv = session->priv; 1090 struct j1939_sock *jsk; 1091 1092 if (session->sk) { 1093 /* send TX notifications to the socket of origin */ 1094 __j1939_sk_errqueue(session, session->sk, type); 1095 return; 1096 } 1097 1098 /* spread RX notifications to all sockets subscribed to this session */ 1099 read_lock_bh(&priv->j1939_socks_lock); 1100 list_for_each_entry(jsk, &priv->j1939_socks, list) { 1101 if (j1939_sk_recv_match_one(jsk, &session->skcb)) 1102 __j1939_sk_errqueue(session, &jsk->sk, type); 1103 } 1104 read_unlock_bh(&priv->j1939_socks_lock); 1105 }; 1106 1107 void j1939_sk_send_loop_abort(struct sock *sk, int err) 1108 { 1109 struct j1939_sock *jsk = j1939_sk(sk); 1110 1111 if (jsk->state & J1939_SOCK_ERRQUEUE) 1112 return; 1113 1114 sk->sk_err = err; 1115 1116 sk_error_report(sk); 1117 } 1118 1119 static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk, 1120 struct msghdr *msg, size_t size) 1121 1122 { 1123 struct j1939_sock *jsk = j1939_sk(sk); 1124 struct j1939_session *session = j1939_sk_get_incomplete_session(jsk); 1125 struct sk_buff *skb; 1126 size_t segment_size, todo_size; 1127 int ret = 0; 1128 1129 if (session && 1130 session->total_message_size != session->total_queued_size + size) { 1131 j1939_session_put(session); 1132 return -EIO; 1133 } 1134 1135 todo_size = size; 1136 1137 do { 1138 struct j1939_sk_buff_cb *skcb; 1139 1140 segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE, 1141 todo_size); 1142 1143 /* Allocate skb for one segment */ 1144 skb = j1939_sk_alloc_skb(priv->ndev, sk, msg, segment_size, 1145 &ret); 1146 if (ret) 1147 break; 1148 1149 skcb = j1939_skb_to_cb(skb); 1150 1151 if (!session) { 1152 /* at this point the size should be full size 1153 * of the session 1154 */ 1155 skcb->offset = 0; 1156 session = j1939_tp_send(priv, skb, size); 1157 if (IS_ERR(session)) { 1158 ret = PTR_ERR(session); 1159 goto kfree_skb; 1160 } 1161 if (j1939_sk_queue_session(session)) { 1162 /* try to activate session if we a 1163 * fist in the queue 1164 */ 1165 if (!j1939_session_activate(session)) { 1166 j1939_tp_schedule_txtimer(session, 0); 1167 } else { 1168 ret = -EBUSY; 1169 session->err = ret; 1170 j1939_sk_queue_drop_all(priv, jsk, 1171 EBUSY); 1172 break; 1173 } 1174 } 1175 } else { 1176 skcb->offset = session->total_queued_size; 1177 j1939_session_skb_queue(session, skb); 1178 } 1179 1180 todo_size -= segment_size; 1181 session->total_queued_size += segment_size; 1182 } while (todo_size); 1183 1184 switch (ret) { 1185 case 0: /* OK */ 1186 if (todo_size) 1187 netdev_warn(priv->ndev, 1188 "no error found and not completely queued?! %zu\n", 1189 todo_size); 1190 ret = size; 1191 break; 1192 case -ERESTARTSYS: 1193 ret = -EINTR; 1194 fallthrough; 1195 case -EAGAIN: /* OK */ 1196 if (todo_size != size) 1197 ret = size - todo_size; 1198 break; 1199 default: /* ERROR */ 1200 break; 1201 } 1202 1203 if (session) 1204 j1939_session_put(session); 1205 1206 return ret; 1207 1208 kfree_skb: 1209 kfree_skb(skb); 1210 return ret; 1211 } 1212 1213 static int j1939_sk_sendmsg(struct socket *sock, struct msghdr *msg, 1214 size_t size) 1215 { 1216 struct sock *sk = sock->sk; 1217 struct j1939_sock *jsk = j1939_sk(sk); 1218 struct j1939_priv *priv; 1219 int ifindex; 1220 int ret; 1221 1222 lock_sock(sock->sk); 1223 /* various socket state tests */ 1224 if (!(jsk->state & J1939_SOCK_BOUND)) { 1225 ret = -EBADFD; 1226 goto sendmsg_done; 1227 } 1228 1229 priv = jsk->priv; 1230 ifindex = jsk->ifindex; 1231 1232 if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) { 1233 /* no source address assigned yet */ 1234 ret = -EBADFD; 1235 goto sendmsg_done; 1236 } 1237 1238 /* deal with provided destination address info */ 1239 if (msg->msg_name) { 1240 struct sockaddr_can *addr = msg->msg_name; 1241 1242 if (msg->msg_namelen < J1939_MIN_NAMELEN) { 1243 ret = -EINVAL; 1244 goto sendmsg_done; 1245 } 1246 1247 if (addr->can_family != AF_CAN) { 1248 ret = -EINVAL; 1249 goto sendmsg_done; 1250 } 1251 1252 if (addr->can_ifindex && addr->can_ifindex != ifindex) { 1253 ret = -EBADFD; 1254 goto sendmsg_done; 1255 } 1256 1257 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) && 1258 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) { 1259 ret = -EINVAL; 1260 goto sendmsg_done; 1261 } 1262 1263 if (!addr->can_addr.j1939.name && 1264 addr->can_addr.j1939.addr == J1939_NO_ADDR && 1265 !sock_flag(sk, SOCK_BROADCAST)) { 1266 /* broadcast, but SO_BROADCAST not set */ 1267 ret = -EACCES; 1268 goto sendmsg_done; 1269 } 1270 } else { 1271 if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR && 1272 !sock_flag(sk, SOCK_BROADCAST)) { 1273 /* broadcast, but SO_BROADCAST not set */ 1274 ret = -EACCES; 1275 goto sendmsg_done; 1276 } 1277 } 1278 1279 ret = j1939_sk_send_loop(priv, sk, msg, size); 1280 1281 sendmsg_done: 1282 release_sock(sock->sk); 1283 1284 return ret; 1285 } 1286 1287 void j1939_sk_netdev_event_netdown(struct j1939_priv *priv) 1288 { 1289 struct j1939_sock *jsk; 1290 int error_code = ENETDOWN; 1291 1292 read_lock_bh(&priv->j1939_socks_lock); 1293 list_for_each_entry(jsk, &priv->j1939_socks, list) { 1294 jsk->sk.sk_err = error_code; 1295 if (!sock_flag(&jsk->sk, SOCK_DEAD)) 1296 sk_error_report(&jsk->sk); 1297 1298 j1939_sk_queue_drop_all(priv, jsk, error_code); 1299 } 1300 read_unlock_bh(&priv->j1939_socks_lock); 1301 } 1302 1303 static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd, 1304 unsigned long arg) 1305 { 1306 /* no ioctls for socket layer -> hand it down to NIC layer */ 1307 return -ENOIOCTLCMD; 1308 } 1309 1310 static const struct proto_ops j1939_ops = { 1311 .family = PF_CAN, 1312 .release = j1939_sk_release, 1313 .bind = j1939_sk_bind, 1314 .connect = j1939_sk_connect, 1315 .socketpair = sock_no_socketpair, 1316 .accept = sock_no_accept, 1317 .getname = j1939_sk_getname, 1318 .poll = datagram_poll, 1319 .ioctl = j1939_sk_no_ioctlcmd, 1320 .listen = sock_no_listen, 1321 .shutdown = sock_no_shutdown, 1322 .setsockopt = j1939_sk_setsockopt, 1323 .getsockopt = j1939_sk_getsockopt, 1324 .sendmsg = j1939_sk_sendmsg, 1325 .recvmsg = j1939_sk_recvmsg, 1326 .mmap = sock_no_mmap, 1327 }; 1328 1329 static struct proto j1939_proto __read_mostly = { 1330 .name = "CAN_J1939", 1331 .owner = THIS_MODULE, 1332 .obj_size = sizeof(struct j1939_sock), 1333 .init = j1939_sk_init, 1334 }; 1335 1336 const struct can_proto j1939_can_proto = { 1337 .type = SOCK_DGRAM, 1338 .protocol = CAN_J1939, 1339 .ops = &j1939_ops, 1340 .prot = &j1939_proto, 1341 }; 1342