1 /*
2 * Copyright (c) 2015, Sony Mobile Communications Inc.
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 and
7 * only version 2 as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 */
14 #include <linux/module.h>
15 #include <linux/netlink.h>
16 #include <linux/qrtr.h>
17 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
18
19 #include <net/sock.h>
20
21 #include "qrtr.h"
22
23 #define QRTR_PROTO_VER_1 1
24 #define QRTR_PROTO_VER_2 3
25
26 /* auto-bind range */
27 #define QRTR_MIN_EPH_SOCKET 0x4000
28 #define QRTR_MAX_EPH_SOCKET 0x7fff
29
30 /**
31 * struct qrtr_hdr_v1 - (I|R)PCrouter packet header version 1
32 * @version: protocol version
33 * @type: packet type; one of QRTR_TYPE_*
34 * @src_node_id: source node
35 * @src_port_id: source port
36 * @confirm_rx: boolean; whether a resume-tx packet should be send in reply
37 * @size: length of packet, excluding this header
38 * @dst_node_id: destination node
39 * @dst_port_id: destination port
40 */
41 struct qrtr_hdr_v1 {
42 __le32 version;
43 __le32 type;
44 __le32 src_node_id;
45 __le32 src_port_id;
46 __le32 confirm_rx;
47 __le32 size;
48 __le32 dst_node_id;
49 __le32 dst_port_id;
50 } __packed;
51
52 /**
53 * struct qrtr_hdr_v2 - (I|R)PCrouter packet header later versions
54 * @version: protocol version
55 * @type: packet type; one of QRTR_TYPE_*
56 * @flags: bitmask of QRTR_FLAGS_*
57 * @optlen: length of optional header data
58 * @size: length of packet, excluding this header and optlen
59 * @src_node_id: source node
60 * @src_port_id: source port
61 * @dst_node_id: destination node
62 * @dst_port_id: destination port
63 */
64 struct qrtr_hdr_v2 {
65 u8 version;
66 u8 type;
67 u8 flags;
68 u8 optlen;
69 __le32 size;
70 __le16 src_node_id;
71 __le16 src_port_id;
72 __le16 dst_node_id;
73 __le16 dst_port_id;
74 };
75
76 #define QRTR_FLAGS_CONFIRM_RX BIT(0)
77
78 struct qrtr_cb {
79 u32 src_node;
80 u32 src_port;
81 u32 dst_node;
82 u32 dst_port;
83
84 u8 type;
85 u8 confirm_rx;
86 };
87
88 #define QRTR_HDR_MAX_SIZE max_t(size_t, sizeof(struct qrtr_hdr_v1), \
89 sizeof(struct qrtr_hdr_v2))
90
91 struct qrtr_sock {
92 /* WARNING: sk must be the first member */
93 struct sock sk;
94 struct sockaddr_qrtr us;
95 struct sockaddr_qrtr peer;
96 };
97
98 static inline struct qrtr_sock *qrtr_sk(struct sock *sk)
99 {
100 BUILD_BUG_ON(offsetof(struct qrtr_sock, sk) != 0);
101 return container_of(sk, struct qrtr_sock, sk);
102 }
103
104 static unsigned int qrtr_local_nid = -1;
105
106 /* for node ids */
107 static RADIX_TREE(qrtr_nodes, GFP_KERNEL);
108 /* broadcast list */
109 static LIST_HEAD(qrtr_all_nodes);
110 /* lock for qrtr_nodes, qrtr_all_nodes and node reference */
111 static DEFINE_MUTEX(qrtr_node_lock);
112
113 /* local port allocation management */
114 static DEFINE_IDR(qrtr_ports);
115 static DEFINE_MUTEX(qrtr_port_lock);
116
117 /**
118 * struct qrtr_node - endpoint node
119 * @ep_lock: lock for endpoint management and callbacks
120 * @ep: endpoint
121 * @ref: reference count for node
122 * @nid: node id
123 * @rx_queue: receive queue
124 * @work: scheduled work struct for recv work
125 * @item: list item for broadcast list
126 */
127 struct qrtr_node {
128 struct mutex ep_lock;
129 struct qrtr_endpoint *ep;
130 struct kref ref;
131 unsigned int nid;
132
133 struct sk_buff_head rx_queue;
134 struct work_struct work;
135 struct list_head item;
136 };
137
138 static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
139 int type, struct sockaddr_qrtr *from,
140 struct sockaddr_qrtr *to);
141 static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
142 int type, struct sockaddr_qrtr *from,
143 struct sockaddr_qrtr *to);
144
145 /* Release node resources and free the node.
146 *
147 * Do not call directly, use qrtr_node_release. To be used with
148 * kref_put_mutex. As such, the node mutex is expected to be locked on call.
149 */
150 static void __qrtr_node_release(struct kref *kref)
151 {
152 struct qrtr_node *node = container_of(kref, struct qrtr_node, ref);
153
154 if (node->nid != QRTR_EP_NID_AUTO)
155 radix_tree_delete(&qrtr_nodes, node->nid);
156
157 list_del(&node->item);
158 mutex_unlock(&qrtr_node_lock);
159
160 skb_queue_purge(&node->rx_queue);
161 kfree(node);
162 }
163
164 /* Increment reference to node. */
165 static struct qrtr_node *qrtr_node_acquire(struct qrtr_node *node)
166 {
167 if (node)
168 kref_get(&node->ref);
169 return node;
170 }
171
172 /* Decrement reference to node and release as necessary. */
173 static void qrtr_node_release(struct qrtr_node *node)
174 {
175 if (!node)
176 return;
177 kref_put_mutex(&node->ref, __qrtr_node_release, &qrtr_node_lock);
178 }
179
180 /* Pass an outgoing packet socket buffer to the endpoint driver. */
181 static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb,
182 int type, struct sockaddr_qrtr *from,
183 struct sockaddr_qrtr *to)
184 {
185 struct qrtr_hdr_v1 *hdr;
186 size_t len = skb->len;
187 int rc = -ENODEV;
188
189 hdr = skb_push(skb, sizeof(*hdr));
190 hdr->version = cpu_to_le32(QRTR_PROTO_VER_1);
191 hdr->type = cpu_to_le32(type);
192 hdr->src_node_id = cpu_to_le32(from->sq_node);
193 hdr->src_port_id = cpu_to_le32(from->sq_port);
194 if (to->sq_port == QRTR_PORT_CTRL) {
195 hdr->dst_node_id = cpu_to_le32(node->nid);
196 hdr->dst_port_id = cpu_to_le32(QRTR_NODE_BCAST);
197 } else {
198 hdr->dst_node_id = cpu_to_le32(to->sq_node);
199 hdr->dst_port_id = cpu_to_le32(to->sq_port);
200 }
201
202 hdr->size = cpu_to_le32(len);
203 hdr->confirm_rx = 0;
204
205 skb_put_padto(skb, ALIGN(len, 4));
206
207 mutex_lock(&node->ep_lock);
208 if (node->ep)
209 rc = node->ep->xmit(node->ep, skb);
210 else
211 kfree_skb(skb);
212 mutex_unlock(&node->ep_lock);
213
214 return rc;
215 }
216
217 /* Lookup node by id.
218 *
219 * callers must release with qrtr_node_release()
220 */
221 static struct qrtr_node *qrtr_node_lookup(unsigned int nid)
222 {
223 struct qrtr_node *node;
224
225 mutex_lock(&qrtr_node_lock);
226 node = radix_tree_lookup(&qrtr_nodes, nid);
227 node = qrtr_node_acquire(node);
228 mutex_unlock(&qrtr_node_lock);
229
230 return node;
231 }
232
233 /* Assign node id to node.
234 *
235 * This is mostly useful for automatic node id assignment, based on
236 * the source id in the incoming packet.
237 */
238 static void qrtr_node_assign(struct qrtr_node *node, unsigned int nid)
239 {
240 if (node->nid != QRTR_EP_NID_AUTO || nid == QRTR_EP_NID_AUTO)
241 return;
242
243 mutex_lock(&qrtr_node_lock);
244 radix_tree_insert(&qrtr_nodes, nid, node);
245 node->nid = nid;
246 mutex_unlock(&qrtr_node_lock);
247 }
248
249 /**
250 * qrtr_endpoint_post() - post incoming data
251 * @ep: endpoint handle
252 * @data: data pointer
253 * @len: size of data in bytes
254 *
255 * Return: 0 on success; negative error code on failure
256 */
257 int qrtr_endpoint_post(struct qrtr_endpoint *ep, const void *data, size_t len)
258 {
259 struct qrtr_node *node = ep->node;
260 const struct qrtr_hdr_v1 *v1;
261 const struct qrtr_hdr_v2 *v2;
262 struct sk_buff *skb;
263 struct qrtr_cb *cb;
264 unsigned int size;
265 unsigned int ver;
266 size_t hdrlen;
267
268 if (len & 3)
269 return -EINVAL;
270
271 skb = netdev_alloc_skb(NULL, len);
272 if (!skb)
273 return -ENOMEM;
274
275 cb = (struct qrtr_cb *)skb->cb;
276
277 /* Version field in v1 is little endian, so this works for both cases */
278 ver = *(u8*)data;
279
280 switch (ver) {
281 case QRTR_PROTO_VER_1:
282 v1 = data;
283 hdrlen = sizeof(*v1);
284
285 cb->type = le32_to_cpu(v1->type);
286 cb->src_node = le32_to_cpu(v1->src_node_id);
287 cb->src_port = le32_to_cpu(v1->src_port_id);
288 cb->confirm_rx = !!v1->confirm_rx;
289 cb->dst_node = le32_to_cpu(v1->dst_node_id);
290 cb->dst_port = le32_to_cpu(v1->dst_port_id);
291
292 size = le32_to_cpu(v1->size);
293 break;
294 case QRTR_PROTO_VER_2:
295 v2 = data;
296 hdrlen = sizeof(*v2) + v2->optlen;
297
298 cb->type = v2->type;
299 cb->confirm_rx = !!(v2->flags & QRTR_FLAGS_CONFIRM_RX);
300 cb->src_node = le16_to_cpu(v2->src_node_id);
301 cb->src_port = le16_to_cpu(v2->src_port_id);
302 cb->dst_node = le16_to_cpu(v2->dst_node_id);
303 cb->dst_port = le16_to_cpu(v2->dst_port_id);
304
305 if (cb->src_port == (u16)QRTR_PORT_CTRL)
306 cb->src_port = QRTR_PORT_CTRL;
307 if (cb->dst_port == (u16)QRTR_PORT_CTRL)
308 cb->dst_port = QRTR_PORT_CTRL;
309
310 size = le32_to_cpu(v2->size);
311 break;
312 default:
313 pr_err("qrtr: Invalid version %d\n", ver);
314 goto err;
315 }
316
317 if (len != ALIGN(size, 4) + hdrlen)
318 goto err;
319
320 if (cb->dst_port != QRTR_PORT_CTRL && cb->type != QRTR_TYPE_DATA)
321 goto err;
322
323 skb_put_data(skb, data + hdrlen, size);
324
325 skb_queue_tail(&node->rx_queue, skb);
326 schedule_work(&node->work);
327
328 return 0;
329
330 err:
331 kfree_skb(skb);
332 return -EINVAL;
333
334 }
335 EXPORT_SYMBOL_GPL(qrtr_endpoint_post);
336
337 /**
338 * qrtr_alloc_ctrl_packet() - allocate control packet skb
339 * @pkt: reference to qrtr_ctrl_pkt pointer
340 *
341 * Returns newly allocated sk_buff, or NULL on failure
342 *
343 * This function allocates a sk_buff large enough to carry a qrtr_ctrl_pkt and
344 * on success returns a reference to the control packet in @pkt.
345 */
346 static struct sk_buff *qrtr_alloc_ctrl_packet(struct qrtr_ctrl_pkt **pkt)
347 {
348 const int pkt_len = sizeof(struct qrtr_ctrl_pkt);
349 struct sk_buff *skb;
350
351 skb = alloc_skb(QRTR_HDR_MAX_SIZE + pkt_len, GFP_KERNEL);
352 if (!skb)
353 return NULL;
354
355 skb_reserve(skb, QRTR_HDR_MAX_SIZE);
356 *pkt = skb_put_zero(skb, pkt_len);
357
358 return skb;
359 }
360
361 static struct qrtr_sock *qrtr_port_lookup(int port);
362 static void qrtr_port_put(struct qrtr_sock *ipc);
363
364 /* Handle and route a received packet.
365 *
366 * This will auto-reply with resume-tx packet as necessary.
367 */
368 static void qrtr_node_rx_work(struct work_struct *work)
369 {
370 struct qrtr_node *node = container_of(work, struct qrtr_node, work);
371 struct qrtr_ctrl_pkt *pkt;
372 struct sockaddr_qrtr dst;
373 struct sockaddr_qrtr src;
374 struct sk_buff *skb;
375
376 while ((skb = skb_dequeue(&node->rx_queue)) != NULL) {
377 struct qrtr_sock *ipc;
378 struct qrtr_cb *cb;
379 int confirm;
380
381 cb = (struct qrtr_cb *)skb->cb;
382 src.sq_node = cb->src_node;
383 src.sq_port = cb->src_port;
384 dst.sq_node = cb->dst_node;
385 dst.sq_port = cb->dst_port;
386 confirm = !!cb->confirm_rx;
387
388 qrtr_node_assign(node, cb->src_node);
389
390 ipc = qrtr_port_lookup(cb->dst_port);
391 if (!ipc) {
392 kfree_skb(skb);
393 } else {
394 if (sock_queue_rcv_skb(&ipc->sk, skb))
395 kfree_skb(skb);
396
397 qrtr_port_put(ipc);
398 }
399
400 if (confirm) {
401 skb = qrtr_alloc_ctrl_packet(&pkt);
402 if (!skb)
403 break;
404
405 pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
406 pkt->client.node = cpu_to_le32(dst.sq_node);
407 pkt->client.port = cpu_to_le32(dst.sq_port);
408
409 if (qrtr_node_enqueue(node, skb, QRTR_TYPE_RESUME_TX,
410 &dst, &src))
411 break;
412 }
413 }
414 }
415
416 /**
417 * qrtr_endpoint_register() - register a new endpoint
418 * @ep: endpoint to register
419 * @nid: desired node id; may be QRTR_EP_NID_AUTO for auto-assignment
420 * Return: 0 on success; negative error code on failure
421 *
422 * The specified endpoint must have the xmit function pointer set on call.
423 */
424 int qrtr_endpoint_register(struct qrtr_endpoint *ep, unsigned int nid)
425 {
426 struct qrtr_node *node;
427
428 if (!ep || !ep->xmit)
429 return -EINVAL;
430
431 node = kzalloc(sizeof(*node), GFP_KERNEL);
432 if (!node)
433 return -ENOMEM;
434
435 INIT_WORK(&node->work, qrtr_node_rx_work);
436 kref_init(&node->ref);
437 mutex_init(&node->ep_lock);
438 skb_queue_head_init(&node->rx_queue);
439 node->nid = QRTR_EP_NID_AUTO;
440 node->ep = ep;
441
442 qrtr_node_assign(node, nid);
443
444 mutex_lock(&qrtr_node_lock);
445 list_add(&node->item, &qrtr_all_nodes);
446 mutex_unlock(&qrtr_node_lock);
447 ep->node = node;
448
449 return 0;
450 }
451 EXPORT_SYMBOL_GPL(qrtr_endpoint_register);
452
453 /**
454 * qrtr_endpoint_unregister - unregister endpoint
455 * @ep: endpoint to unregister
456 */
457 void qrtr_endpoint_unregister(struct qrtr_endpoint *ep)
458 {
459 struct qrtr_node *node = ep->node;
460 struct sockaddr_qrtr src = {AF_QIPCRTR, node->nid, QRTR_PORT_CTRL};
461 struct sockaddr_qrtr dst = {AF_QIPCRTR, qrtr_local_nid, QRTR_PORT_CTRL};
462 struct qrtr_ctrl_pkt *pkt;
463 struct sk_buff *skb;
464
465 mutex_lock(&node->ep_lock);
466 node->ep = NULL;
467 mutex_unlock(&node->ep_lock);
468
469 /* Notify the local controller about the event */
470 skb = qrtr_alloc_ctrl_packet(&pkt);
471 if (skb) {
472 pkt->cmd = cpu_to_le32(QRTR_TYPE_BYE);
473 qrtr_local_enqueue(NULL, skb, QRTR_TYPE_BYE, &src, &dst);
474 }
475
476 qrtr_node_release(node);
477 ep->node = NULL;
478 }
479 EXPORT_SYMBOL_GPL(qrtr_endpoint_unregister);
480
481 /* Lookup socket by port.
482 *
483 * Callers must release with qrtr_port_put()
484 */
485 static struct qrtr_sock *qrtr_port_lookup(int port)
486 {
487 struct qrtr_sock *ipc;
488
489 if (port == QRTR_PORT_CTRL)
490 port = 0;
491
492 mutex_lock(&qrtr_port_lock);
493 ipc = idr_find(&qrtr_ports, port);
494 if (ipc)
495 sock_hold(&ipc->sk);
496 mutex_unlock(&qrtr_port_lock);
497
498 return ipc;
499 }
500
501 /* Release acquired socket. */
502 static void qrtr_port_put(struct qrtr_sock *ipc)
503 {
504 sock_put(&ipc->sk);
505 }
506
507 /* Remove port assignment. */
508 static void qrtr_port_remove(struct qrtr_sock *ipc)
509 {
510 struct qrtr_ctrl_pkt *pkt;
511 struct sk_buff *skb;
512 int port = ipc->us.sq_port;
513 struct sockaddr_qrtr to;
514
515 to.sq_family = AF_QIPCRTR;
516 to.sq_node = QRTR_NODE_BCAST;
517 to.sq_port = QRTR_PORT_CTRL;
518
519 skb = qrtr_alloc_ctrl_packet(&pkt);
520 if (skb) {
521 pkt->cmd = cpu_to_le32(QRTR_TYPE_DEL_CLIENT);
522 pkt->client.node = cpu_to_le32(ipc->us.sq_node);
523 pkt->client.port = cpu_to_le32(ipc->us.sq_port);
524
525 skb_set_owner_w(skb, &ipc->sk);
526 qrtr_bcast_enqueue(NULL, skb, QRTR_TYPE_DEL_CLIENT, &ipc->us,
527 &to);
528 }
529
530 if (port == QRTR_PORT_CTRL)
531 port = 0;
532
533 __sock_put(&ipc->sk);
534
535 mutex_lock(&qrtr_port_lock);
536 idr_remove(&qrtr_ports, port);
537 mutex_unlock(&qrtr_port_lock);
538 }
539
540 /* Assign port number to socket.
541 *
542 * Specify port in the integer pointed to by port, and it will be adjusted
543 * on return as necesssary.
544 *
545 * Port may be:
546 * 0: Assign ephemeral port in [QRTR_MIN_EPH_SOCKET, QRTR_MAX_EPH_SOCKET]
547 * <QRTR_MIN_EPH_SOCKET: Specified; requires CAP_NET_ADMIN
548 * >QRTR_MIN_EPH_SOCKET: Specified; available to all
549 */
550 static int qrtr_port_assign(struct qrtr_sock *ipc, int *port)
551 {
552 int rc;
553
554 mutex_lock(&qrtr_port_lock);
555 if (!*port) {
556 rc = idr_alloc(&qrtr_ports, ipc,
557 QRTR_MIN_EPH_SOCKET, QRTR_MAX_EPH_SOCKET + 1,
558 GFP_ATOMIC);
559 if (rc >= 0)
560 *port = rc;
561 } else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
562 rc = -EACCES;
563 } else if (*port == QRTR_PORT_CTRL) {
564 rc = idr_alloc(&qrtr_ports, ipc, 0, 1, GFP_ATOMIC);
565 } else {
566 rc = idr_alloc(&qrtr_ports, ipc, *port, *port + 1, GFP_ATOMIC);
567 if (rc >= 0)
568 *port = rc;
569 }
570 mutex_unlock(&qrtr_port_lock);
571
572 if (rc == -ENOSPC)
573 return -EADDRINUSE;
574 else if (rc < 0)
575 return rc;
576
577 sock_hold(&ipc->sk);
578
579 return 0;
580 }
581
582 /* Reset all non-control ports */
583 static void qrtr_reset_ports(void)
584 {
585 struct qrtr_sock *ipc;
586 int id;
587
588 mutex_lock(&qrtr_port_lock);
589 idr_for_each_entry(&qrtr_ports, ipc, id) {
590 /* Don't reset control port */
591 if (id == 0)
592 continue;
593
594 sock_hold(&ipc->sk);
595 ipc->sk.sk_err = ENETRESET;
596 ipc->sk.sk_error_report(&ipc->sk);
597 sock_put(&ipc->sk);
598 }
599 mutex_unlock(&qrtr_port_lock);
600 }
601
602 /* Bind socket to address.
603 *
604 * Socket should be locked upon call.
605 */
606 static int __qrtr_bind(struct socket *sock,
607 const struct sockaddr_qrtr *addr, int zapped)
608 {
609 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
610 struct sock *sk = sock->sk;
611 int port;
612 int rc;
613
614 /* rebinding ok */
615 if (!zapped && addr->sq_port == ipc->us.sq_port)
616 return 0;
617
618 port = addr->sq_port;
619 rc = qrtr_port_assign(ipc, &port);
620 if (rc)
621 return rc;
622
623 /* unbind previous, if any */
624 if (!zapped)
625 qrtr_port_remove(ipc);
626 ipc->us.sq_port = port;
627
628 sock_reset_flag(sk, SOCK_ZAPPED);
629
630 /* Notify all open ports about the new controller */
631 if (port == QRTR_PORT_CTRL)
632 qrtr_reset_ports();
633
634 return 0;
635 }
636
637 /* Auto bind to an ephemeral port. */
638 static int qrtr_autobind(struct socket *sock)
639 {
640 struct sock *sk = sock->sk;
641 struct sockaddr_qrtr addr;
642
643 if (!sock_flag(sk, SOCK_ZAPPED))
644 return 0;
645
646 addr.sq_family = AF_QIPCRTR;
647 addr.sq_node = qrtr_local_nid;
648 addr.sq_port = 0;
649
650 return __qrtr_bind(sock, &addr, 1);
651 }
652
653 /* Bind socket to specified sockaddr. */
654 static int qrtr_bind(struct socket *sock, struct sockaddr *saddr, int len)
655 {
656 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
657 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
658 struct sock *sk = sock->sk;
659 int rc;
660
661 if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
662 return -EINVAL;
663
664 if (addr->sq_node != ipc->us.sq_node)
665 return -EINVAL;
666
667 lock_sock(sk);
668 rc = __qrtr_bind(sock, addr, sock_flag(sk, SOCK_ZAPPED));
669 release_sock(sk);
670
671 return rc;
672 }
673
674 /* Queue packet to local peer socket. */
675 static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
676 int type, struct sockaddr_qrtr *from,
677 struct sockaddr_qrtr *to)
678 {
679 struct qrtr_sock *ipc;
680 struct qrtr_cb *cb;
681
682 ipc = qrtr_port_lookup(to->sq_port);
683 if (!ipc || &ipc->sk == skb->sk) { /* do not send to self */
684 kfree_skb(skb);
685 return -ENODEV;
686 }
687
688 cb = (struct qrtr_cb *)skb->cb;
689 cb->src_node = from->sq_node;
690 cb->src_port = from->sq_port;
691
692 if (sock_queue_rcv_skb(&ipc->sk, skb)) {
693 qrtr_port_put(ipc);
694 kfree_skb(skb);
695 return -ENOSPC;
696 }
697
698 qrtr_port_put(ipc);
699
700 return 0;
701 }
702
703 /* Queue packet for broadcast. */
704 static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
705 int type, struct sockaddr_qrtr *from,
706 struct sockaddr_qrtr *to)
707 {
708 struct sk_buff *skbn;
709
710 mutex_lock(&qrtr_node_lock);
711 list_for_each_entry(node, &qrtr_all_nodes, item) {
712 skbn = skb_clone(skb, GFP_KERNEL);
713 if (!skbn)
714 break;
715 skb_set_owner_w(skbn, skb->sk);
716 qrtr_node_enqueue(node, skbn, type, from, to);
717 }
718 mutex_unlock(&qrtr_node_lock);
719
720 qrtr_local_enqueue(node, skb, type, from, to);
721
722 return 0;
723 }
724
725 static int qrtr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
726 {
727 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
728 int (*enqueue_fn)(struct qrtr_node *, struct sk_buff *, int,
729 struct sockaddr_qrtr *, struct sockaddr_qrtr *);
730 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
731 struct sock *sk = sock->sk;
732 struct qrtr_node *node;
733 struct sk_buff *skb;
734 size_t plen;
735 u32 type = QRTR_TYPE_DATA;
736 int rc;
737
738 if (msg->msg_flags & ~(MSG_DONTWAIT))
739 return -EINVAL;
740
741 if (len > 65535)
742 return -EMSGSIZE;
743
744 lock_sock(sk);
745
746 if (addr) {
747 if (msg->msg_namelen < sizeof(*addr)) {
748 release_sock(sk);
749 return -EINVAL;
750 }
751
752 if (addr->sq_family != AF_QIPCRTR) {
753 release_sock(sk);
754 return -EINVAL;
755 }
756
757 rc = qrtr_autobind(sock);
758 if (rc) {
759 release_sock(sk);
760 return rc;
761 }
762 } else if (sk->sk_state == TCP_ESTABLISHED) {
763 addr = &ipc->peer;
764 } else {
765 release_sock(sk);
766 return -ENOTCONN;
767 }
768
769 node = NULL;
770 if (addr->sq_node == QRTR_NODE_BCAST) {
771 enqueue_fn = qrtr_bcast_enqueue;
772 if (addr->sq_port != QRTR_PORT_CTRL) {
773 release_sock(sk);
774 return -ENOTCONN;
775 }
776 } else if (addr->sq_node == ipc->us.sq_node) {
777 enqueue_fn = qrtr_local_enqueue;
778 } else {
779 enqueue_fn = qrtr_node_enqueue;
780 node = qrtr_node_lookup(addr->sq_node);
781 if (!node) {
782 release_sock(sk);
783 return -ECONNRESET;
784 }
785 }
786
787 plen = (len + 3) & ~3;
788 skb = sock_alloc_send_skb(sk, plen + QRTR_HDR_MAX_SIZE,
789 msg->msg_flags & MSG_DONTWAIT, &rc);
790 if (!skb)
791 goto out_node;
792
793 skb_reserve(skb, QRTR_HDR_MAX_SIZE);
794
795 rc = memcpy_from_msg(skb_put(skb, len), msg, len);
796 if (rc) {
797 kfree_skb(skb);
798 goto out_node;
799 }
800
801 if (ipc->us.sq_port == QRTR_PORT_CTRL) {
802 if (len < 4) {
803 rc = -EINVAL;
804 kfree_skb(skb);
805 goto out_node;
806 }
807
808 /* control messages already require the type as 'command' */
809 skb_copy_bits(skb, 0, &type, 4);
810 type = le32_to_cpu(type);
811 }
812
813 rc = enqueue_fn(node, skb, type, &ipc->us, addr);
814 if (rc >= 0)
815 rc = len;
816
817 out_node:
818 qrtr_node_release(node);
819 release_sock(sk);
820
821 return rc;
822 }
823
824 static int qrtr_recvmsg(struct socket *sock, struct msghdr *msg,
825 size_t size, int flags)
826 {
827 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
828 struct sock *sk = sock->sk;
829 struct sk_buff *skb;
830 struct qrtr_cb *cb;
831 int copied, rc;
832
833 lock_sock(sk);
834
835 if (sock_flag(sk, SOCK_ZAPPED)) {
836 release_sock(sk);
837 return -EADDRNOTAVAIL;
838 }
839
840 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
841 flags & MSG_DONTWAIT, &rc);
842 if (!skb) {
843 release_sock(sk);
844 return rc;
845 }
846
847 copied = skb->len;
848 if (copied > size) {
849 copied = size;
850 msg->msg_flags |= MSG_TRUNC;
851 }
852
853 rc = skb_copy_datagram_msg(skb, 0, msg, copied);
854 if (rc < 0)
855 goto out;
856 rc = copied;
857
858 if (addr) {
859 cb = (struct qrtr_cb *)skb->cb;
860 addr->sq_family = AF_QIPCRTR;
861 addr->sq_node = cb->src_node;
862 addr->sq_port = cb->src_port;
863 msg->msg_namelen = sizeof(*addr);
864 }
865
866 out:
867 skb_free_datagram(sk, skb);
868 release_sock(sk);
869
870 return rc;
871 }
872
873 static int qrtr_connect(struct socket *sock, struct sockaddr *saddr,
874 int len, int flags)
875 {
876 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
877 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
878 struct sock *sk = sock->sk;
879 int rc;
880
881 if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
882 return -EINVAL;
883
884 lock_sock(sk);
885
886 sk->sk_state = TCP_CLOSE;
887 sock->state = SS_UNCONNECTED;
888
889 rc = qrtr_autobind(sock);
890 if (rc) {
891 release_sock(sk);
892 return rc;
893 }
894
895 ipc->peer = *addr;
896 sock->state = SS_CONNECTED;
897 sk->sk_state = TCP_ESTABLISHED;
898
899 release_sock(sk);
900
901 return 0;
902 }
903
904 static int qrtr_getname(struct socket *sock, struct sockaddr *saddr,
905 int peer)
906 {
907 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
908 struct sockaddr_qrtr qaddr;
909 struct sock *sk = sock->sk;
910
911 lock_sock(sk);
912 if (peer) {
913 if (sk->sk_state != TCP_ESTABLISHED) {
914 release_sock(sk);
915 return -ENOTCONN;
916 }
917
918 qaddr = ipc->peer;
919 } else {
920 qaddr = ipc->us;
921 }
922 release_sock(sk);
923
924 qaddr.sq_family = AF_QIPCRTR;
925
926 memcpy(saddr, &qaddr, sizeof(qaddr));
927
928 return sizeof(qaddr);
929 }
930
931 static int qrtr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
932 {
933 void __user *argp = (void __user *)arg;
934 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
935 struct sock *sk = sock->sk;
936 struct sockaddr_qrtr *sq;
937 struct sk_buff *skb;
938 struct ifreq ifr;
939 long len = 0;
940 int rc = 0;
941
942 lock_sock(sk);
943
944 switch (cmd) {
945 case TIOCOUTQ:
946 len = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
947 if (len < 0)
948 len = 0;
949 rc = put_user(len, (int __user *)argp);
950 break;
951 case TIOCINQ:
952 skb = skb_peek(&sk->sk_receive_queue);
953 if (skb)
954 len = skb->len;
955 rc = put_user(len, (int __user *)argp);
956 break;
957 case SIOCGIFADDR:
958 if (copy_from_user(&ifr, argp, sizeof(ifr))) {
959 rc = -EFAULT;
960 break;
961 }
962
963 sq = (struct sockaddr_qrtr *)&ifr.ifr_addr;
964 *sq = ipc->us;
965 if (copy_to_user(argp, &ifr, sizeof(ifr))) {
966 rc = -EFAULT;
967 break;
968 }
969 break;
970 case SIOCGSTAMP:
971 rc = sock_get_timestamp(sk, argp);
972 break;
973 case SIOCADDRT:
974 case SIOCDELRT:
975 case SIOCSIFADDR:
976 case SIOCGIFDSTADDR:
977 case SIOCSIFDSTADDR:
978 case SIOCGIFBRDADDR:
979 case SIOCSIFBRDADDR:
980 case SIOCGIFNETMASK:
981 case SIOCSIFNETMASK:
982 rc = -EINVAL;
983 break;
984 default:
985 rc = -ENOIOCTLCMD;
986 break;
987 }
988
989 release_sock(sk);
990
991 return rc;
992 }
993
994 static int qrtr_release(struct socket *sock)
995 {
996 struct sock *sk = sock->sk;
997 struct qrtr_sock *ipc;
998
999 if (!sk)
1000 return 0;
1001
1002 lock_sock(sk);
1003
1004 ipc = qrtr_sk(sk);
1005 sk->sk_shutdown = SHUTDOWN_MASK;
1006 if (!sock_flag(sk, SOCK_DEAD))
1007 sk->sk_state_change(sk);
1008
1009 sock_set_flag(sk, SOCK_DEAD);
1010 sock->sk = NULL;
1011
1012 if (!sock_flag(sk, SOCK_ZAPPED))
1013 qrtr_port_remove(ipc);
1014
1015 skb_queue_purge(&sk->sk_receive_queue);
1016
1017 release_sock(sk);
1018 sock_put(sk);
1019
1020 return 0;
1021 }
1022
1023 static const struct proto_ops qrtr_proto_ops = {
1024 .owner = THIS_MODULE,
1025 .family = AF_QIPCRTR,
1026 .bind = qrtr_bind,
1027 .connect = qrtr_connect,
1028 .socketpair = sock_no_socketpair,
1029 .accept = sock_no_accept,
1030 .listen = sock_no_listen,
1031 .sendmsg = qrtr_sendmsg,
1032 .recvmsg = qrtr_recvmsg,
1033 .getname = qrtr_getname,
1034 .ioctl = qrtr_ioctl,
1035 .poll = datagram_poll,
1036 .shutdown = sock_no_shutdown,
1037 .setsockopt = sock_no_setsockopt,
1038 .getsockopt = sock_no_getsockopt,
1039 .release = qrtr_release,
1040 .mmap = sock_no_mmap,
1041 .sendpage = sock_no_sendpage,
1042 };
1043
1044 static struct proto qrtr_proto = {
1045 .name = "QIPCRTR",
1046 .owner = THIS_MODULE,
1047 .obj_size = sizeof(struct qrtr_sock),
1048 };
1049
1050 static int qrtr_create(struct net *net, struct socket *sock,
1051 int protocol, int kern)
1052 {
1053 struct qrtr_sock *ipc;
1054 struct sock *sk;
1055
1056 if (sock->type != SOCK_DGRAM)
1057 return -EPROTOTYPE;
1058
1059 sk = sk_alloc(net, AF_QIPCRTR, GFP_KERNEL, &qrtr_proto, kern);
1060 if (!sk)
1061 return -ENOMEM;
1062
1063 sock_set_flag(sk, SOCK_ZAPPED);
1064
1065 sock_init_data(sock, sk);
1066 sock->ops = &qrtr_proto_ops;
1067
1068 ipc = qrtr_sk(sk);
1069 ipc->us.sq_family = AF_QIPCRTR;
1070 ipc->us.sq_node = qrtr_local_nid;
1071 ipc->us.sq_port = 0;
1072
1073 return 0;
1074 }
1075
1076 static const struct nla_policy qrtr_policy[IFA_MAX + 1] = {
1077 [IFA_LOCAL] = { .type = NLA_U32 },
1078 };
1079
1080 static int qrtr_addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh,
1081 struct netlink_ext_ack *extack)
1082 {
1083 struct nlattr *tb[IFA_MAX + 1];
1084 struct ifaddrmsg *ifm;
1085 int rc;
1086
1087 if (!netlink_capable(skb, CAP_NET_ADMIN))
1088 return -EPERM;
1089
1090 if (!netlink_capable(skb, CAP_SYS_ADMIN))
1091 return -EPERM;
1092
1093 ASSERT_RTNL();
1094
1095 rc = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, qrtr_policy, extack);
1096 if (rc < 0)
1097 return rc;
1098
1099 ifm = nlmsg_data(nlh);
1100 if (!tb[IFA_LOCAL])
1101 return -EINVAL;
1102
1103 qrtr_local_nid = nla_get_u32(tb[IFA_LOCAL]);
1104 return 0;
1105 }
1106
1107 static const struct net_proto_family qrtr_family = {
1108 .owner = THIS_MODULE,
1109 .family = AF_QIPCRTR,
1110 .create = qrtr_create,
1111 };
1112
1113 static int __init qrtr_proto_init(void)
1114 {
1115 int rc;
1116
1117 rc = proto_register(&qrtr_proto, 1);
1118 if (rc)
1119 return rc;
1120
1121 rc = sock_register(&qrtr_family);
1122 if (rc) {
1123 proto_unregister(&qrtr_proto);
1124 return rc;
1125 }
1126
1127 rc = rtnl_register_module(THIS_MODULE, PF_QIPCRTR, RTM_NEWADDR, qrtr_addr_doit, NULL, 0);
1128 if (rc) {
1129 sock_unregister(qrtr_family.family);
1130 proto_unregister(&qrtr_proto);
1131 }
1132
1133 return rc;
1134 }
1135 postcore_initcall(qrtr_proto_init);
1136
1137 static void __exit qrtr_proto_fini(void)
1138 {
1139 rtnl_unregister(PF_QIPCRTR, RTM_NEWADDR);
1140 sock_unregister(qrtr_family.family);
1141 proto_unregister(&qrtr_proto);
1142 }
1143 module_exit(qrtr_proto_fini);
1144
1145 MODULE_DESCRIPTION("Qualcomm IPC-router driver");
1146 MODULE_LICENSE("GPL v2");
1147 MODULE_ALIAS_NETPROTO(PF_QIPCRTR);
1148
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.