1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#include <linux/kernel.h>
26#include <linux/slab.h>
27#include <linux/socket.h>
28#include <net/sock.h>
29#include <net/tcp_states.h>
30#include <asm/ioctls.h>
31
32#include <linux/phonet.h>
33#include <linux/module.h>
34#include <net/phonet/phonet.h>
35#include <net/phonet/pep.h>
36#include <net/phonet/gprs.h>
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51#define CREDITS_MAX 10
52#define CREDITS_THR 7
53
54#define pep_sb_size(s) (((s) + 5) & ~3)
55
56
57static unsigned char *pep_get_sb(struct sk_buff *skb, u8 *ptype, u8 *plen,
58 void *buf)
59{
60 void *data = NULL;
61 struct {
62 u8 sb_type;
63 u8 sb_len;
64 } *ph, h;
65 int buflen = *plen;
66
67 ph = skb_header_pointer(skb, 0, 2, &h);
68 if (ph == NULL || ph->sb_len < 2 || !pskb_may_pull(skb, ph->sb_len))
69 return NULL;
70 ph->sb_len -= 2;
71 *ptype = ph->sb_type;
72 *plen = ph->sb_len;
73
74 if (buflen > ph->sb_len)
75 buflen = ph->sb_len;
76 data = skb_header_pointer(skb, 2, buflen, buf);
77 __skb_pull(skb, 2 + ph->sb_len);
78 return data;
79}
80
81static struct sk_buff *pep_alloc_skb(struct sock *sk, const void *payload,
82 int len, gfp_t priority)
83{
84 struct sk_buff *skb = alloc_skb(MAX_PNPIPE_HEADER + len, priority);
85 if (!skb)
86 return NULL;
87 skb_set_owner_w(skb, sk);
88
89 skb_reserve(skb, MAX_PNPIPE_HEADER);
90 __skb_put(skb, len);
91 skb_copy_to_linear_data(skb, payload, len);
92 __skb_push(skb, sizeof(struct pnpipehdr));
93 skb_reset_transport_header(skb);
94 return skb;
95}
96
97static int pep_reply(struct sock *sk, struct sk_buff *oskb, u8 code,
98 const void *data, int len, gfp_t priority)
99{
100 const struct pnpipehdr *oph = pnp_hdr(oskb);
101 struct pnpipehdr *ph;
102 struct sk_buff *skb;
103 struct sockaddr_pn peer;
104
105 skb = pep_alloc_skb(sk, data, len, priority);
106 if (!skb)
107 return -ENOMEM;
108
109 ph = pnp_hdr(skb);
110 ph->utid = oph->utid;
111 ph->message_id = oph->message_id + 1;
112 ph->pipe_handle = oph->pipe_handle;
113 ph->error_code = code;
114
115 pn_skb_get_src_sockaddr(oskb, &peer);
116 return pn_skb_send(sk, skb, &peer);
117}
118
119static int pep_indicate(struct sock *sk, u8 id, u8 code,
120 const void *data, int len, gfp_t priority)
121{
122 struct pep_sock *pn = pep_sk(sk);
123 struct pnpipehdr *ph;
124 struct sk_buff *skb;
125
126 skb = pep_alloc_skb(sk, data, len, priority);
127 if (!skb)
128 return -ENOMEM;
129
130 ph = pnp_hdr(skb);
131 ph->utid = 0;
132 ph->message_id = id;
133 ph->pipe_handle = pn->pipe_handle;
134 ph->data[0] = code;
135 return pn_skb_send(sk, skb, NULL);
136}
137
138#define PAD 0x00
139
140static int pipe_handler_request(struct sock *sk, u8 id, u8 code,
141 const void *data, int len)
142{
143 struct pep_sock *pn = pep_sk(sk);
144 struct pnpipehdr *ph;
145 struct sk_buff *skb;
146
147 skb = pep_alloc_skb(sk, data, len, GFP_KERNEL);
148 if (!skb)
149 return -ENOMEM;
150
151 ph = pnp_hdr(skb);
152 ph->utid = id;
153 ph->message_id = id;
154 ph->pipe_handle = pn->pipe_handle;
155 ph->data[0] = code;
156 return pn_skb_send(sk, skb, NULL);
157}
158
159static int pipe_handler_send_created_ind(struct sock *sk)
160{
161 struct pep_sock *pn = pep_sk(sk);
162 u8 data[4] = {
163 PN_PIPE_SB_NEGOTIATED_FC, pep_sb_size(2),
164 pn->tx_fc, pn->rx_fc,
165 };
166
167 return pep_indicate(sk, PNS_PIPE_CREATED_IND, 1 ,
168 data, 4, GFP_ATOMIC);
169}
170
171static int pep_accept_conn(struct sock *sk, struct sk_buff *skb)
172{
173 static const u8 data[20] = {
174 PAD, PAD, PAD, 2 ,
175 PN_PIPE_SB_REQUIRED_FC_TX, pep_sb_size(5), 3, PAD,
176 PN_MULTI_CREDIT_FLOW_CONTROL,
177 PN_ONE_CREDIT_FLOW_CONTROL,
178 PN_LEGACY_FLOW_CONTROL,
179 PAD,
180 PN_PIPE_SB_PREFERRED_FC_RX, pep_sb_size(5), 3, PAD,
181 PN_MULTI_CREDIT_FLOW_CONTROL,
182 PN_ONE_CREDIT_FLOW_CONTROL,
183 PN_LEGACY_FLOW_CONTROL,
184 PAD,
185 };
186
187 might_sleep();
188 return pep_reply(sk, skb, PN_PIPE_NO_ERROR, data, sizeof(data),
189 GFP_KERNEL);
190}
191
192static int pep_reject_conn(struct sock *sk, struct sk_buff *skb, u8 code,
193 gfp_t priority)
194{
195 static const u8 data[4] = { PAD, PAD, PAD, 0 };
196 WARN_ON(code == PN_PIPE_NO_ERROR);
197 return pep_reply(sk, skb, code, data, sizeof(data), priority);
198}
199
200
201
202static int pep_ctrlreq_error(struct sock *sk, struct sk_buff *oskb, u8 code,
203 gfp_t priority)
204{
205 const struct pnpipehdr *oph = pnp_hdr(oskb);
206 struct sk_buff *skb;
207 struct pnpipehdr *ph;
208 struct sockaddr_pn dst;
209 u8 data[4] = {
210 oph->data[0],
211 code,
212 PAD, PAD,
213 };
214
215 skb = pep_alloc_skb(sk, data, 4, priority);
216 if (!skb)
217 return -ENOMEM;
218
219 ph = pnp_hdr(skb);
220 ph->utid = oph->utid;
221 ph->message_id = PNS_PEP_CTRL_RESP;
222 ph->pipe_handle = oph->pipe_handle;
223 ph->data[0] = oph->data[1];
224
225 pn_skb_get_src_sockaddr(oskb, &dst);
226 return pn_skb_send(sk, skb, &dst);
227}
228
229static int pipe_snd_status(struct sock *sk, u8 type, u8 status, gfp_t priority)
230{
231 u8 data[4] = { type, PAD, PAD, status };
232
233 return pep_indicate(sk, PNS_PEP_STATUS_IND, PN_PEP_TYPE_COMMON,
234 data, 4, priority);
235}
236
237
238
239static void pipe_grant_credits(struct sock *sk, gfp_t priority)
240{
241 struct pep_sock *pn = pep_sk(sk);
242
243 BUG_ON(sk->sk_state != TCP_ESTABLISHED);
244
245 switch (pn->rx_fc) {
246 case PN_LEGACY_FLOW_CONTROL:
247 break;
248 case PN_ONE_CREDIT_FLOW_CONTROL:
249 if (pipe_snd_status(sk, PN_PEP_IND_FLOW_CONTROL,
250 PEP_IND_READY, priority) == 0)
251 pn->rx_credits = 1;
252 break;
253 case PN_MULTI_CREDIT_FLOW_CONTROL:
254 if ((pn->rx_credits + CREDITS_THR) > CREDITS_MAX)
255 break;
256 if (pipe_snd_status(sk, PN_PEP_IND_ID_MCFC_GRANT_CREDITS,
257 CREDITS_MAX - pn->rx_credits,
258 priority) == 0)
259 pn->rx_credits = CREDITS_MAX;
260 break;
261 }
262}
263
264static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb)
265{
266 struct pep_sock *pn = pep_sk(sk);
267 struct pnpipehdr *hdr;
268 int wake = 0;
269
270 if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
271 return -EINVAL;
272
273 hdr = pnp_hdr(skb);
274 if (hdr->data[0] != PN_PEP_TYPE_COMMON) {
275 net_dbg_ratelimited("Phonet unknown PEP type: %u\n",
276 (unsigned int)hdr->data[0]);
277 return -EOPNOTSUPP;
278 }
279
280 switch (hdr->data[1]) {
281 case PN_PEP_IND_FLOW_CONTROL:
282 switch (pn->tx_fc) {
283 case PN_LEGACY_FLOW_CONTROL:
284 switch (hdr->data[4]) {
285 case PEP_IND_BUSY:
286 atomic_set(&pn->tx_credits, 0);
287 break;
288 case PEP_IND_READY:
289 atomic_set(&pn->tx_credits, wake = 1);
290 break;
291 }
292 break;
293 case PN_ONE_CREDIT_FLOW_CONTROL:
294 if (hdr->data[4] == PEP_IND_READY)
295 atomic_set(&pn->tx_credits, wake = 1);
296 break;
297 }
298 break;
299
300 case PN_PEP_IND_ID_MCFC_GRANT_CREDITS:
301 if (pn->tx_fc != PN_MULTI_CREDIT_FLOW_CONTROL)
302 break;
303 atomic_add(wake = hdr->data[4], &pn->tx_credits);
304 break;
305
306 default:
307 net_dbg_ratelimited("Phonet unknown PEP indication: %u\n",
308 (unsigned int)hdr->data[1]);
309 return -EOPNOTSUPP;
310 }
311 if (wake)
312 sk->sk_write_space(sk);
313 return 0;
314}
315
316static int pipe_rcv_created(struct sock *sk, struct sk_buff *skb)
317{
318 struct pep_sock *pn = pep_sk(sk);
319 struct pnpipehdr *hdr = pnp_hdr(skb);
320 u8 n_sb = hdr->data[0];
321
322 pn->rx_fc = pn->tx_fc = PN_LEGACY_FLOW_CONTROL;
323 __skb_pull(skb, sizeof(*hdr));
324 while (n_sb > 0) {
325 u8 type, buf[2], len = sizeof(buf);
326 u8 *data = pep_get_sb(skb, &type, &len, buf);
327
328 if (data == NULL)
329 return -EINVAL;
330 switch (type) {
331 case PN_PIPE_SB_NEGOTIATED_FC:
332 if (len < 2 || (data[0] | data[1]) > 3)
333 break;
334 pn->tx_fc = data[0] & 3;
335 pn->rx_fc = data[1] & 3;
336 break;
337 }
338 n_sb--;
339 }
340 return 0;
341}
342
343
344
345static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
346{
347 struct pep_sock *pn = pep_sk(sk);
348 struct pnpipehdr *hdr = pnp_hdr(skb);
349 struct sk_buff_head *queue;
350 int err = 0;
351
352 BUG_ON(sk->sk_state == TCP_CLOSE_WAIT);
353
354 switch (hdr->message_id) {
355 case PNS_PEP_CONNECT_REQ:
356 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE, GFP_ATOMIC);
357 break;
358
359 case PNS_PEP_DISCONNECT_REQ:
360 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
361 sk->sk_state = TCP_CLOSE_WAIT;
362 if (!sock_flag(sk, SOCK_DEAD))
363 sk->sk_state_change(sk);
364 break;
365
366 case PNS_PEP_ENABLE_REQ:
367
368 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
369 break;
370
371 case PNS_PEP_RESET_REQ:
372 switch (hdr->state_after_reset) {
373 case PN_PIPE_DISABLE:
374 pn->init_enable = 0;
375 break;
376 case PN_PIPE_ENABLE:
377 pn->init_enable = 1;
378 break;
379 default:
380 err = -EINVAL;
381 goto out;
382 }
383
384 case PNS_PEP_DISABLE_REQ:
385 atomic_set(&pn->tx_credits, 0);
386 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
387 break;
388
389 case PNS_PEP_CTRL_REQ:
390 if (skb_queue_len(&pn->ctrlreq_queue) >= PNPIPE_CTRLREQ_MAX) {
391 atomic_inc(&sk->sk_drops);
392 break;
393 }
394 __skb_pull(skb, 4);
395 queue = &pn->ctrlreq_queue;
396 goto queue;
397
398 case PNS_PIPE_ALIGNED_DATA:
399 __skb_pull(skb, 1);
400
401 case PNS_PIPE_DATA:
402 __skb_pull(skb, 3);
403 if (!pn_flow_safe(pn->rx_fc)) {
404 err = sock_queue_rcv_skb(sk, skb);
405 if (!err)
406 return NET_RX_SUCCESS;
407 err = -ENOBUFS;
408 break;
409 }
410
411 if (pn->rx_credits == 0) {
412 atomic_inc(&sk->sk_drops);
413 err = -ENOBUFS;
414 break;
415 }
416 pn->rx_credits--;
417 queue = &sk->sk_receive_queue;
418 goto queue;
419
420 case PNS_PEP_STATUS_IND:
421 pipe_rcv_status(sk, skb);
422 break;
423
424 case PNS_PIPE_REDIRECTED_IND:
425 err = pipe_rcv_created(sk, skb);
426 break;
427
428 case PNS_PIPE_CREATED_IND:
429 err = pipe_rcv_created(sk, skb);
430 if (err)
431 break;
432
433 case PNS_PIPE_RESET_IND:
434 if (!pn->init_enable)
435 break;
436
437 case PNS_PIPE_ENABLED_IND:
438 if (!pn_flow_safe(pn->tx_fc)) {
439 atomic_set(&pn->tx_credits, 1);
440 sk->sk_write_space(sk);
441 }
442 if (sk->sk_state == TCP_ESTABLISHED)
443 break;
444 sk->sk_state = TCP_ESTABLISHED;
445 pipe_grant_credits(sk, GFP_ATOMIC);
446 break;
447
448 case PNS_PIPE_DISABLED_IND:
449 sk->sk_state = TCP_SYN_RECV;
450 pn->rx_credits = 0;
451 break;
452
453 default:
454 net_dbg_ratelimited("Phonet unknown PEP message: %u\n",
455 hdr->message_id);
456 err = -EINVAL;
457 }
458out:
459 kfree_skb(skb);
460 return (err == -ENOBUFS) ? NET_RX_DROP : NET_RX_SUCCESS;
461
462queue:
463 skb->dev = NULL;
464 skb_set_owner_r(skb, sk);
465 skb_queue_tail(queue, skb);
466 if (!sock_flag(sk, SOCK_DEAD))
467 sk->sk_data_ready(sk);
468 return NET_RX_SUCCESS;
469}
470
471
472static void pipe_destruct(struct sock *sk)
473{
474 struct pep_sock *pn = pep_sk(sk);
475
476 skb_queue_purge(&sk->sk_receive_queue);
477 skb_queue_purge(&pn->ctrlreq_queue);
478}
479
480static u8 pipe_negotiate_fc(const u8 *fcs, unsigned int n)
481{
482 unsigned int i;
483 u8 final_fc = PN_NO_FLOW_CONTROL;
484
485 for (i = 0; i < n; i++) {
486 u8 fc = fcs[i];
487
488 if (fc > final_fc && fc < PN_MAX_FLOW_CONTROL)
489 final_fc = fc;
490 }
491 return final_fc;
492}
493
494static int pep_connresp_rcv(struct sock *sk, struct sk_buff *skb)
495{
496 struct pep_sock *pn = pep_sk(sk);
497 struct pnpipehdr *hdr;
498 u8 n_sb;
499
500 if (!pskb_pull(skb, sizeof(*hdr) + 4))
501 return -EINVAL;
502
503 hdr = pnp_hdr(skb);
504 if (hdr->error_code != PN_PIPE_NO_ERROR)
505 return -ECONNREFUSED;
506
507
508 n_sb = hdr->data[4];
509 while (n_sb > 0) {
510 u8 type, buf[6], len = sizeof(buf);
511 const u8 *data = pep_get_sb(skb, &type, &len, buf);
512
513 if (data == NULL)
514 return -EINVAL;
515
516 switch (type) {
517 case PN_PIPE_SB_REQUIRED_FC_TX:
518 if (len < 2 || len < data[0])
519 break;
520 pn->tx_fc = pipe_negotiate_fc(data + 2, len - 2);
521 break;
522
523 case PN_PIPE_SB_PREFERRED_FC_RX:
524 if (len < 2 || len < data[0])
525 break;
526 pn->rx_fc = pipe_negotiate_fc(data + 2, len - 2);
527 break;
528
529 }
530 n_sb--;
531 }
532
533 return pipe_handler_send_created_ind(sk);
534}
535
536static int pep_enableresp_rcv(struct sock *sk, struct sk_buff *skb)
537{
538 struct pnpipehdr *hdr = pnp_hdr(skb);
539
540 if (hdr->error_code != PN_PIPE_NO_ERROR)
541 return -ECONNREFUSED;
542
543 return pep_indicate(sk, PNS_PIPE_ENABLED_IND, 0 ,
544 NULL, 0, GFP_ATOMIC);
545
546}
547
548static void pipe_start_flow_control(struct sock *sk)
549{
550 struct pep_sock *pn = pep_sk(sk);
551
552 if (!pn_flow_safe(pn->tx_fc)) {
553 atomic_set(&pn->tx_credits, 1);
554 sk->sk_write_space(sk);
555 }
556 pipe_grant_credits(sk, GFP_ATOMIC);
557}
558
559
560
561static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
562{
563 struct pep_sock *pn = pep_sk(sk);
564 struct pnpipehdr *hdr = pnp_hdr(skb);
565 int err = NET_RX_SUCCESS;
566
567 switch (hdr->message_id) {
568 case PNS_PIPE_ALIGNED_DATA:
569 __skb_pull(skb, 1);
570
571 case PNS_PIPE_DATA:
572 __skb_pull(skb, 3);
573 if (!pn_flow_safe(pn->rx_fc)) {
574 err = sock_queue_rcv_skb(sk, skb);
575 if (!err)
576 return NET_RX_SUCCESS;
577 err = NET_RX_DROP;
578 break;
579 }
580
581 if (pn->rx_credits == 0) {
582 atomic_inc(&sk->sk_drops);
583 err = NET_RX_DROP;
584 break;
585 }
586 pn->rx_credits--;
587 skb->dev = NULL;
588 skb_set_owner_r(skb, sk);
589 skb_queue_tail(&sk->sk_receive_queue, skb);
590 if (!sock_flag(sk, SOCK_DEAD))
591 sk->sk_data_ready(sk);
592 return NET_RX_SUCCESS;
593
594 case PNS_PEP_CONNECT_RESP:
595 if (sk->sk_state != TCP_SYN_SENT)
596 break;
597 if (!sock_flag(sk, SOCK_DEAD))
598 sk->sk_state_change(sk);
599 if (pep_connresp_rcv(sk, skb)) {
600 sk->sk_state = TCP_CLOSE_WAIT;
601 break;
602 }
603 if (pn->init_enable == PN_PIPE_DISABLE)
604 sk->sk_state = TCP_SYN_RECV;
605 else {
606 sk->sk_state = TCP_ESTABLISHED;
607 pipe_start_flow_control(sk);
608 }
609 break;
610
611 case PNS_PEP_ENABLE_RESP:
612 if (sk->sk_state != TCP_SYN_SENT)
613 break;
614
615 if (pep_enableresp_rcv(sk, skb)) {
616 sk->sk_state = TCP_CLOSE_WAIT;
617 break;
618 }
619
620 sk->sk_state = TCP_ESTABLISHED;
621 pipe_start_flow_control(sk);
622 break;
623
624 case PNS_PEP_DISCONNECT_RESP:
625
626 break;
627
628 case PNS_PEP_STATUS_IND:
629 pipe_rcv_status(sk, skb);
630 break;
631 }
632 kfree_skb(skb);
633 return err;
634}
635
636
637static struct sock *pep_find_pipe(const struct hlist_head *hlist,
638 const struct sockaddr_pn *dst,
639 u8 pipe_handle)
640{
641 struct sock *sknode;
642 u16 dobj = pn_sockaddr_get_object(dst);
643
644 sk_for_each(sknode, hlist) {
645 struct pep_sock *pnnode = pep_sk(sknode);
646
647
648 if (pnnode->pn_sk.sobject != dobj)
649 continue;
650 if (pnnode->pipe_handle != pipe_handle)
651 continue;
652 if (sknode->sk_state == TCP_CLOSE_WAIT)
653 continue;
654
655 sock_hold(sknode);
656 return sknode;
657 }
658 return NULL;
659}
660
661
662
663
664
665
666static int pep_do_rcv(struct sock *sk, struct sk_buff *skb)
667{
668 struct pep_sock *pn = pep_sk(sk);
669 struct sock *sknode;
670 struct pnpipehdr *hdr;
671 struct sockaddr_pn dst;
672 u8 pipe_handle;
673
674 if (!pskb_may_pull(skb, sizeof(*hdr)))
675 goto drop;
676
677 hdr = pnp_hdr(skb);
678 pipe_handle = hdr->pipe_handle;
679 if (pipe_handle == PN_PIPE_INVALID_HANDLE)
680 goto drop;
681
682 pn_skb_get_dst_sockaddr(skb, &dst);
683
684
685 sknode = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
686 if (sknode)
687 return sk_receive_skb(sknode, skb, 1);
688
689 switch (hdr->message_id) {
690 case PNS_PEP_CONNECT_REQ:
691 if (sk->sk_state != TCP_LISTEN || sk_acceptq_is_full(sk)) {
692 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE,
693 GFP_ATOMIC);
694 break;
695 }
696 skb_queue_head(&sk->sk_receive_queue, skb);
697 sk_acceptq_added(sk);
698 if (!sock_flag(sk, SOCK_DEAD))
699 sk->sk_data_ready(sk);
700 return NET_RX_SUCCESS;
701
702 case PNS_PEP_DISCONNECT_REQ:
703 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
704 break;
705
706 case PNS_PEP_CTRL_REQ:
707 pep_ctrlreq_error(sk, skb, PN_PIPE_INVALID_HANDLE, GFP_ATOMIC);
708 break;
709
710 case PNS_PEP_RESET_REQ:
711 case PNS_PEP_ENABLE_REQ:
712 case PNS_PEP_DISABLE_REQ:
713
714 break;
715
716 default:
717 if ((1 << sk->sk_state)
718 & ~(TCPF_CLOSE|TCPF_LISTEN|TCPF_CLOSE_WAIT))
719
720 return pipe_handler_do_rcv(sk, skb);
721 }
722drop:
723 kfree_skb(skb);
724 return NET_RX_SUCCESS;
725}
726
727static int pipe_do_remove(struct sock *sk)
728{
729 struct pep_sock *pn = pep_sk(sk);
730 struct pnpipehdr *ph;
731 struct sk_buff *skb;
732
733 skb = pep_alloc_skb(sk, NULL, 0, GFP_KERNEL);
734 if (!skb)
735 return -ENOMEM;
736
737 ph = pnp_hdr(skb);
738 ph->utid = 0;
739 ph->message_id = PNS_PIPE_REMOVE_REQ;
740 ph->pipe_handle = pn->pipe_handle;
741 ph->data[0] = PAD;
742 return pn_skb_send(sk, skb, NULL);
743}
744
745
746static void pep_sock_close(struct sock *sk, long timeout)
747{
748 struct pep_sock *pn = pep_sk(sk);
749 int ifindex = 0;
750
751 sock_hold(sk);
752 sk_common_release(sk);
753
754 lock_sock(sk);
755 if ((1 << sk->sk_state) & (TCPF_SYN_RECV|TCPF_ESTABLISHED)) {
756 if (sk->sk_backlog_rcv == pipe_do_rcv)
757
758 pipe_do_remove(sk);
759 else
760 pipe_handler_request(sk, PNS_PEP_DISCONNECT_REQ, PAD,
761 NULL, 0);
762 }
763 sk->sk_state = TCP_CLOSE;
764
765 ifindex = pn->ifindex;
766 pn->ifindex = 0;
767 release_sock(sk);
768
769 if (ifindex)
770 gprs_detach(sk);
771 sock_put(sk);
772}
773
774static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp)
775{
776 struct pep_sock *pn = pep_sk(sk), *newpn;
777 struct sock *newsk = NULL;
778 struct sk_buff *skb;
779 struct pnpipehdr *hdr;
780 struct sockaddr_pn dst, src;
781 int err;
782 u16 peer_type;
783 u8 pipe_handle, enabled, n_sb;
784 u8 aligned = 0;
785
786 skb = skb_recv_datagram(sk, 0, flags & O_NONBLOCK, errp);
787 if (!skb)
788 return NULL;
789
790 lock_sock(sk);
791 if (sk->sk_state != TCP_LISTEN) {
792 err = -EINVAL;
793 goto drop;
794 }
795 sk_acceptq_removed(sk);
796
797 err = -EPROTO;
798 if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
799 goto drop;
800
801 hdr = pnp_hdr(skb);
802 pipe_handle = hdr->pipe_handle;
803 switch (hdr->state_after_connect) {
804 case PN_PIPE_DISABLE:
805 enabled = 0;
806 break;
807 case PN_PIPE_ENABLE:
808 enabled = 1;
809 break;
810 default:
811 pep_reject_conn(sk, skb, PN_PIPE_ERR_INVALID_PARAM,
812 GFP_KERNEL);
813 goto drop;
814 }
815 peer_type = hdr->other_pep_type << 8;
816
817
818 n_sb = hdr->data[4];
819 while (n_sb > 0) {
820 u8 type, buf[1], len = sizeof(buf);
821 const u8 *data = pep_get_sb(skb, &type, &len, buf);
822
823 if (data == NULL)
824 goto drop;
825 switch (type) {
826 case PN_PIPE_SB_CONNECT_REQ_PEP_SUB_TYPE:
827 if (len < 1)
828 goto drop;
829 peer_type = (peer_type & 0xff00) | data[0];
830 break;
831 case PN_PIPE_SB_ALIGNED_DATA:
832 aligned = data[0] != 0;
833 break;
834 }
835 n_sb--;
836 }
837
838
839 newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
840 if (unlikely(newsk)) {
841 __sock_put(newsk);
842 newsk = NULL;
843 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE, GFP_KERNEL);
844 goto drop;
845 }
846
847
848 newsk = sk_alloc(sock_net(sk), PF_PHONET, GFP_KERNEL, sk->sk_prot, 0);
849 if (!newsk) {
850 pep_reject_conn(sk, skb, PN_PIPE_ERR_OVERLOAD, GFP_KERNEL);
851 err = -ENOBUFS;
852 goto drop;
853 }
854
855 sock_init_data(NULL, newsk);
856 newsk->sk_state = TCP_SYN_RECV;
857 newsk->sk_backlog_rcv = pipe_do_rcv;
858 newsk->sk_protocol = sk->sk_protocol;
859 newsk->sk_destruct = pipe_destruct;
860
861 newpn = pep_sk(newsk);
862 pn_skb_get_dst_sockaddr(skb, &dst);
863 pn_skb_get_src_sockaddr(skb, &src);
864 newpn->pn_sk.sobject = pn_sockaddr_get_object(&dst);
865 newpn->pn_sk.dobject = pn_sockaddr_get_object(&src);
866 newpn->pn_sk.resource = pn_sockaddr_get_resource(&dst);
867 sock_hold(sk);
868 newpn->listener = sk;
869 skb_queue_head_init(&newpn->ctrlreq_queue);
870 newpn->pipe_handle = pipe_handle;
871 atomic_set(&newpn->tx_credits, 0);
872 newpn->ifindex = 0;
873 newpn->peer_type = peer_type;
874 newpn->rx_credits = 0;
875 newpn->rx_fc = newpn->tx_fc = PN_LEGACY_FLOW_CONTROL;
876 newpn->init_enable = enabled;
877 newpn->aligned = aligned;
878
879 err = pep_accept_conn(newsk, skb);
880 if (err) {
881 sock_put(newsk);
882 newsk = NULL;
883 goto drop;
884 }
885 sk_add_node(newsk, &pn->hlist);
886drop:
887 release_sock(sk);
888 kfree_skb(skb);
889 *errp = err;
890 return newsk;
891}
892
893static int pep_sock_connect(struct sock *sk, struct sockaddr *addr, int len)
894{
895 struct pep_sock *pn = pep_sk(sk);
896 int err;
897 u8 data[4] = { 0 , PAD, PAD, PAD };
898
899 if (pn->pipe_handle == PN_PIPE_INVALID_HANDLE)
900 pn->pipe_handle = 1;
901
902 err = pipe_handler_request(sk, PNS_PEP_CONNECT_REQ,
903 pn->init_enable, data, 4);
904 if (err) {
905 pn->pipe_handle = PN_PIPE_INVALID_HANDLE;
906 return err;
907 }
908
909 sk->sk_state = TCP_SYN_SENT;
910
911 return 0;
912}
913
914static int pep_sock_enable(struct sock *sk, struct sockaddr *addr, int len)
915{
916 int err;
917
918 err = pipe_handler_request(sk, PNS_PEP_ENABLE_REQ, PAD,
919 NULL, 0);
920 if (err)
921 return err;
922
923 sk->sk_state = TCP_SYN_SENT;
924
925 return 0;
926}
927
928static int pep_ioctl(struct sock *sk, int cmd, unsigned long arg)
929{
930 struct pep_sock *pn = pep_sk(sk);
931 int answ;
932 int ret = -ENOIOCTLCMD;
933
934 switch (cmd) {
935 case SIOCINQ:
936 if (sk->sk_state == TCP_LISTEN) {
937 ret = -EINVAL;
938 break;
939 }
940
941 lock_sock(sk);
942 if (sock_flag(sk, SOCK_URGINLINE) &&
943 !skb_queue_empty(&pn->ctrlreq_queue))
944 answ = skb_peek(&pn->ctrlreq_queue)->len;
945 else if (!skb_queue_empty(&sk->sk_receive_queue))
946 answ = skb_peek(&sk->sk_receive_queue)->len;
947 else
948 answ = 0;
949 release_sock(sk);
950 ret = put_user(answ, (int __user *)arg);
951 break;
952
953 case SIOCPNENABLEPIPE:
954 lock_sock(sk);
955 if (sk->sk_state == TCP_SYN_SENT)
956 ret = -EBUSY;
957 else if (sk->sk_state == TCP_ESTABLISHED)
958 ret = -EISCONN;
959 else
960 ret = pep_sock_enable(sk, NULL, 0);
961 release_sock(sk);
962 break;
963 }
964
965 return ret;
966}
967
968static int pep_init(struct sock *sk)
969{
970 struct pep_sock *pn = pep_sk(sk);
971
972 sk->sk_destruct = pipe_destruct;
973 INIT_HLIST_HEAD(&pn->hlist);
974 pn->listener = NULL;
975 skb_queue_head_init(&pn->ctrlreq_queue);
976 atomic_set(&pn->tx_credits, 0);
977 pn->ifindex = 0;
978 pn->peer_type = 0;
979 pn->pipe_handle = PN_PIPE_INVALID_HANDLE;
980 pn->rx_credits = 0;
981 pn->rx_fc = pn->tx_fc = PN_LEGACY_FLOW_CONTROL;
982 pn->init_enable = 1;
983 pn->aligned = 0;
984 return 0;
985}
986
987static int pep_setsockopt(struct sock *sk, int level, int optname,
988 char __user *optval, unsigned int optlen)
989{
990 struct pep_sock *pn = pep_sk(sk);
991 int val = 0, err = 0;
992
993 if (level != SOL_PNPIPE)
994 return -ENOPROTOOPT;
995 if (optlen >= sizeof(int)) {
996 if (get_user(val, (int __user *) optval))
997 return -EFAULT;
998 }
999
1000 lock_sock(sk);
1001 switch (optname) {
1002 case PNPIPE_ENCAP:
1003 if (val && val != PNPIPE_ENCAP_IP) {
1004 err = -EINVAL;
1005 break;
1006 }
1007 if (!pn->ifindex == !val)
1008 break;
1009 if (!capable(CAP_NET_ADMIN)) {
1010 err = -EPERM;
1011 break;
1012 }
1013 if (val) {
1014 release_sock(sk);
1015 err = gprs_attach(sk);
1016 if (err > 0) {
1017 pn->ifindex = err;
1018 err = 0;
1019 }
1020 } else {
1021 pn->ifindex = 0;
1022 release_sock(sk);
1023 gprs_detach(sk);
1024 err = 0;
1025 }
1026 goto out_norel;
1027
1028 case PNPIPE_HANDLE:
1029 if ((sk->sk_state == TCP_CLOSE) &&
1030 (val >= 0) && (val < PN_PIPE_INVALID_HANDLE))
1031 pn->pipe_handle = val;
1032 else
1033 err = -EINVAL;
1034 break;
1035
1036 case PNPIPE_INITSTATE:
1037 pn->init_enable = !!val;
1038 break;
1039
1040 default:
1041 err = -ENOPROTOOPT;
1042 }
1043 release_sock(sk);
1044
1045out_norel:
1046 return err;
1047}
1048
1049static int pep_getsockopt(struct sock *sk, int level, int optname,
1050 char __user *optval, int __user *optlen)
1051{
1052 struct pep_sock *pn = pep_sk(sk);
1053 int len, val;
1054
1055 if (level != SOL_PNPIPE)
1056 return -ENOPROTOOPT;
1057 if (get_user(len, optlen))
1058 return -EFAULT;
1059
1060 switch (optname) {
1061 case PNPIPE_ENCAP:
1062 val = pn->ifindex ? PNPIPE_ENCAP_IP : PNPIPE_ENCAP_NONE;
1063 break;
1064
1065 case PNPIPE_IFINDEX:
1066 val = pn->ifindex;
1067 break;
1068
1069 case PNPIPE_HANDLE:
1070 val = pn->pipe_handle;
1071 if (val == PN_PIPE_INVALID_HANDLE)
1072 return -EINVAL;
1073 break;
1074
1075 case PNPIPE_INITSTATE:
1076 val = pn->init_enable;
1077 break;
1078
1079 default:
1080 return -ENOPROTOOPT;
1081 }
1082
1083 len = min_t(unsigned int, sizeof(int), len);
1084 if (put_user(len, optlen))
1085 return -EFAULT;
1086 if (put_user(val, (int __user *) optval))
1087 return -EFAULT;
1088 return 0;
1089}
1090
1091static int pipe_skb_send(struct sock *sk, struct sk_buff *skb)
1092{
1093 struct pep_sock *pn = pep_sk(sk);
1094 struct pnpipehdr *ph;
1095 int err;
1096
1097 if (pn_flow_safe(pn->tx_fc) &&
1098 !atomic_add_unless(&pn->tx_credits, -1, 0)) {
1099 kfree_skb(skb);
1100 return -ENOBUFS;
1101 }
1102
1103 skb_push(skb, 3 + pn->aligned);
1104 skb_reset_transport_header(skb);
1105 ph = pnp_hdr(skb);
1106 ph->utid = 0;
1107 if (pn->aligned) {
1108 ph->message_id = PNS_PIPE_ALIGNED_DATA;
1109 ph->data[0] = 0;
1110 } else
1111 ph->message_id = PNS_PIPE_DATA;
1112 ph->pipe_handle = pn->pipe_handle;
1113 err = pn_skb_send(sk, skb, NULL);
1114
1115 if (err && pn_flow_safe(pn->tx_fc))
1116 atomic_inc(&pn->tx_credits);
1117 return err;
1118
1119}
1120
1121static int pep_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1122{
1123 struct pep_sock *pn = pep_sk(sk);
1124 struct sk_buff *skb;
1125 long timeo;
1126 int flags = msg->msg_flags;
1127 int err, done;
1128
1129 if (len > USHRT_MAX)
1130 return -EMSGSIZE;
1131
1132 if ((msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|
1133 MSG_CMSG_COMPAT)) ||
1134 !(msg->msg_flags & MSG_EOR))
1135 return -EOPNOTSUPP;
1136
1137 skb = sock_alloc_send_skb(sk, MAX_PNPIPE_HEADER + len,
1138 flags & MSG_DONTWAIT, &err);
1139 if (!skb)
1140 return err;
1141
1142 skb_reserve(skb, MAX_PHONET_HEADER + 3 + pn->aligned);
1143 err = memcpy_from_msg(skb_put(skb, len), msg, len);
1144 if (err < 0)
1145 goto outfree;
1146
1147 lock_sock(sk);
1148 timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1149 if ((1 << sk->sk_state) & (TCPF_LISTEN|TCPF_CLOSE)) {
1150 err = -ENOTCONN;
1151 goto out;
1152 }
1153 if (sk->sk_state != TCP_ESTABLISHED) {
1154
1155disabled:
1156 err = sk_stream_wait_connect(sk, &timeo);
1157 if (err)
1158 goto out;
1159
1160 if (sk->sk_state == TCP_CLOSE_WAIT) {
1161 err = -ECONNRESET;
1162 goto out;
1163 }
1164 }
1165 BUG_ON(sk->sk_state != TCP_ESTABLISHED);
1166
1167
1168 done = atomic_read(&pn->tx_credits);
1169 while (!done) {
1170 DEFINE_WAIT(wait);
1171
1172 if (!timeo) {
1173 err = -EAGAIN;
1174 goto out;
1175 }
1176 if (signal_pending(current)) {
1177 err = sock_intr_errno(timeo);
1178 goto out;
1179 }
1180
1181 prepare_to_wait(sk_sleep(sk), &wait,
1182 TASK_INTERRUPTIBLE);
1183 done = sk_wait_event(sk, &timeo, atomic_read(&pn->tx_credits));
1184 finish_wait(sk_sleep(sk), &wait);
1185
1186 if (sk->sk_state != TCP_ESTABLISHED)
1187 goto disabled;
1188 }
1189
1190 err = pipe_skb_send(sk, skb);
1191 if (err >= 0)
1192 err = len;
1193 skb = NULL;
1194out:
1195 release_sock(sk);
1196outfree:
1197 kfree_skb(skb);
1198 return err;
1199}
1200
1201int pep_writeable(struct sock *sk)
1202{
1203 struct pep_sock *pn = pep_sk(sk);
1204
1205 return atomic_read(&pn->tx_credits);
1206}
1207
1208int pep_write(struct sock *sk, struct sk_buff *skb)
1209{
1210 struct sk_buff *rskb, *fs;
1211 int flen = 0;
1212
1213 if (pep_sk(sk)->aligned)
1214 return pipe_skb_send(sk, skb);
1215
1216 rskb = alloc_skb(MAX_PNPIPE_HEADER, GFP_ATOMIC);
1217 if (!rskb) {
1218 kfree_skb(skb);
1219 return -ENOMEM;
1220 }
1221 skb_shinfo(rskb)->frag_list = skb;
1222 rskb->len += skb->len;
1223 rskb->data_len += rskb->len;
1224 rskb->truesize += rskb->len;
1225
1226
1227 skb_walk_frags(skb, fs)
1228 flen += fs->len;
1229 skb->next = skb_shinfo(skb)->frag_list;
1230 skb_frag_list_init(skb);
1231 skb->len -= flen;
1232 skb->data_len -= flen;
1233 skb->truesize -= flen;
1234
1235 skb_reserve(rskb, MAX_PHONET_HEADER + 3);
1236 return pipe_skb_send(sk, rskb);
1237}
1238
1239struct sk_buff *pep_read(struct sock *sk)
1240{
1241 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
1242
1243 if (sk->sk_state == TCP_ESTABLISHED)
1244 pipe_grant_credits(sk, GFP_ATOMIC);
1245 return skb;
1246}
1247
1248static int pep_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
1249 int noblock, int flags, int *addr_len)
1250{
1251 struct sk_buff *skb;
1252 int err;
1253
1254 if (flags & ~(MSG_OOB|MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_WAITALL|
1255 MSG_NOSIGNAL|MSG_CMSG_COMPAT))
1256 return -EOPNOTSUPP;
1257
1258 if (unlikely(1 << sk->sk_state & (TCPF_LISTEN | TCPF_CLOSE)))
1259 return -ENOTCONN;
1260
1261 if ((flags & MSG_OOB) || sock_flag(sk, SOCK_URGINLINE)) {
1262
1263 struct pep_sock *pn = pep_sk(sk);
1264
1265 if (flags & MSG_PEEK)
1266 return -EOPNOTSUPP;
1267 skb = skb_dequeue(&pn->ctrlreq_queue);
1268 if (skb) {
1269 pep_ctrlreq_error(sk, skb, PN_PIPE_NO_ERROR,
1270 GFP_KERNEL);
1271 msg->msg_flags |= MSG_OOB;
1272 goto copy;
1273 }
1274 if (flags & MSG_OOB)
1275 return -EINVAL;
1276 }
1277
1278 skb = skb_recv_datagram(sk, flags, noblock, &err);
1279 lock_sock(sk);
1280 if (skb == NULL) {
1281 if (err == -ENOTCONN && sk->sk_state == TCP_CLOSE_WAIT)
1282 err = -ECONNRESET;
1283 release_sock(sk);
1284 return err;
1285 }
1286
1287 if (sk->sk_state == TCP_ESTABLISHED)
1288 pipe_grant_credits(sk, GFP_KERNEL);
1289 release_sock(sk);
1290copy:
1291 msg->msg_flags |= MSG_EOR;
1292 if (skb->len > len)
1293 msg->msg_flags |= MSG_TRUNC;
1294 else
1295 len = skb->len;
1296
1297 err = skb_copy_datagram_msg(skb, 0, msg, len);
1298 if (!err)
1299 err = (flags & MSG_TRUNC) ? skb->len : len;
1300
1301 skb_free_datagram(sk, skb);
1302 return err;
1303}
1304
1305static void pep_sock_unhash(struct sock *sk)
1306{
1307 struct pep_sock *pn = pep_sk(sk);
1308 struct sock *skparent = NULL;
1309
1310 lock_sock(sk);
1311
1312 if (pn->listener != NULL) {
1313 skparent = pn->listener;
1314 pn->listener = NULL;
1315 release_sock(sk);
1316
1317 pn = pep_sk(skparent);
1318 lock_sock(skparent);
1319 sk_del_node_init(sk);
1320 sk = skparent;
1321 }
1322
1323
1324
1325 if (hlist_empty(&pn->hlist))
1326 pn_sock_unhash(&pn->pn_sk.sk);
1327 release_sock(sk);
1328
1329 if (skparent)
1330 sock_put(skparent);
1331}
1332
1333static struct proto pep_proto = {
1334 .close = pep_sock_close,
1335 .accept = pep_sock_accept,
1336 .connect = pep_sock_connect,
1337 .ioctl = pep_ioctl,
1338 .init = pep_init,
1339 .setsockopt = pep_setsockopt,
1340 .getsockopt = pep_getsockopt,
1341 .sendmsg = pep_sendmsg,
1342 .recvmsg = pep_recvmsg,
1343 .backlog_rcv = pep_do_rcv,
1344 .hash = pn_sock_hash,
1345 .unhash = pep_sock_unhash,
1346 .get_port = pn_sock_get_port,
1347 .obj_size = sizeof(struct pep_sock),
1348 .owner = THIS_MODULE,
1349 .name = "PNPIPE",
1350};
1351
1352static struct phonet_protocol pep_pn_proto = {
1353 .ops = &phonet_stream_ops,
1354 .prot = &pep_proto,
1355 .sock_type = SOCK_SEQPACKET,
1356};
1357
1358static int __init pep_register(void)
1359{
1360 return phonet_proto_register(PN_PROTO_PIPE, &pep_pn_proto);
1361}
1362
1363static void __exit pep_unregister(void)
1364{
1365 phonet_proto_unregister(PN_PROTO_PIPE, &pep_pn_proto);
1366}
1367
1368module_init(pep_register);
1369module_exit(pep_unregister);
1370MODULE_AUTHOR("Remi Denis-Courmont, Nokia");
1371MODULE_DESCRIPTION("Phonet pipe protocol");
1372MODULE_LICENSE("GPL");
1373MODULE_ALIAS_NET_PF_PROTO(PF_PHONET, PN_PROTO_PIPE);
1374
