ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1452

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	net/802/tr.c
Line in file:	499
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-05-21 20:30:05 UTC
Source:

  1/*
  2 * NET3:        Token ring device handling subroutines
  3 *
  4 *                This program is free software; you can redistribute it and/or
  5 *                modify it under the terms of the GNU General Public License
  6 *                as published by the Free Software Foundation; either version
  7 *                2 of the License, or (at your option) any later version.
  8 *
  9 * Fixes:       3 Feb 97 Paul Norton <pnorton@cts.com> Minor routing fixes.
 10 *              Added rif table to /proc/net/tr_rif and rif timeout to
 11 *              /proc/sys/net/token-ring/rif_timeout.
 12 *              22 Jun 98 Paul Norton <p.norton@computer.org> Rearranged
 13 *              tr_header and tr_type_trans to handle passing IPX SNAP and
 14 *              802.2 through the correct layers. Eliminated tr_reformat.
 15 *
 16 */
 17
 18#include <asm/uaccess.h>
 19#include <asm/system.h>
 20#include <linux/module.h>
 21#include <linux/types.h>
 22#include <linux/kernel.h>
 23#include <linux/jiffies.h>
 24#include <linux/string.h>
 25#include <linux/mm.h>
 26#include <linux/socket.h>
 27#include <linux/in.h>
 28#include <linux/inet.h>
 29#include <linux/netdevice.h>
 30#include <linux/trdevice.h>
 31#include <linux/skbuff.h>
 32#include <linux/errno.h>
 33#include <linux/timer.h>
 34#include <linux/net.h>
 35#include <linux/proc_fs.h>
 36#include <linux/seq_file.h>
 37#include <linux/init.h>
 38#include <linux/sysctl.h>
 39#include <net/arp.h>
 40#include <net/net_namespace.h>
 41
 42static void tr_add_rif_info(struct trh_hdr *trh, struct net_device *dev);
 43static void rif_check_expire(unsigned long dummy);
 44
 45#define TR_SR_DEBUG 0
 46
 47/*
 48 *        Each RIF entry we learn is kept this way
 49 */
 50
 51struct rif_cache {
 52        unsigned char addr[TR_ALEN];
 53        int iface;
 54        __be16 rcf;
 55        __be16 rseg[8];
 56        struct rif_cache *next;
 57        unsigned long last_used;
 58        unsigned char local_ring;
 59};
 60
 61#define RIF_TABLE_SIZE 32
 62
 63/*
 64 *        We hash the RIF cache 32 ways. We do after all have to look it
 65 *        up a lot.
 66 */
 67
 68static struct rif_cache *rif_table[RIF_TABLE_SIZE];
 69
 70static DEFINE_SPINLOCK(rif_lock);
 71
 72
 73/*
 74 *        Garbage disposal timer.
 75 */
 76
 77static struct timer_list rif_timer;
 78
 79static int sysctl_tr_rif_timeout = 60*10*HZ;
 80
 81static inline unsigned long rif_hash(const unsigned char *addr)
 82{
 83        unsigned long x;
 84
 85        x = addr[0];
 86        x = (x << 2) ^ addr[1];
 87        x = (x << 2) ^ addr[2];
 88        x = (x << 2) ^ addr[3];
 89        x = (x << 2) ^ addr[4];
 90        x = (x << 2) ^ addr[5];
 91
 92        x ^= x >> 8;
 93
 94        return x & (RIF_TABLE_SIZE - 1);
 95}
 96
 97/*
 98 *        Put the headers on a token ring packet. Token ring source routing
 99 *        makes this a little more exciting than on ethernet.
100 */
101
102static int tr_header(struct sk_buff *skb, struct net_device *dev,
103                     unsigned short type,
104                     const void *daddr, const void *saddr, unsigned len)
105{
106        struct trh_hdr *trh;
107        int hdr_len;
108
109        /*
110         * Add the 802.2 SNAP header if IP as the IPv4/IPv6 code calls
111         * dev->hard_header directly.
112         */
113        if (type == ETH_P_IP || type == ETH_P_IPV6 || type == ETH_P_ARP)
114        {
115                struct trllc *trllc;
116
117                hdr_len = sizeof(struct trh_hdr) + sizeof(struct trllc);
118                trh = (struct trh_hdr *)skb_push(skb, hdr_len);
119                trllc = (struct trllc *)(trh+1);
120                trllc->dsap = trllc->ssap = EXTENDED_SAP;
121                trllc->llc = UI_CMD;
122                trllc->protid[0] = trllc->protid[1] = trllc->protid[2] = 0x00;
123                trllc->ethertype = htons(type);
124        }
125        else
126        {
127                hdr_len = sizeof(struct trh_hdr);
128                trh = (struct trh_hdr *)skb_push(skb, hdr_len);
129        }
130
131        trh->ac=AC;
132        trh->fc=LLC_FRAME;
133
134        if(saddr)
135                memcpy(trh->saddr,saddr,dev->addr_len);
136        else
137                memcpy(trh->saddr,dev->dev_addr,dev->addr_len);
138
139        /*
140         *        Build the destination and then source route the frame
141         */
142
143        if(daddr)
144        {
145                memcpy(trh->daddr,daddr,dev->addr_len);
146                tr_source_route(skb, trh, dev);
147                return(hdr_len);
148        }
149
150        return -hdr_len;
151}
152
153/*
154 *        A neighbour discovery of some species (eg arp) has completed. We
155 *        can now send the packet.
156 */
157
158static int tr_rebuild_header(struct sk_buff *skb)
159{
160        struct trh_hdr *trh=(struct trh_hdr *)skb->data;
161        struct trllc *trllc=(struct trllc *)(skb->data+sizeof(struct trh_hdr));
162        struct net_device *dev = skb->dev;
163
164        /*
165         *        FIXME: We don't yet support IPv6 over token rings
166         */
167
168        if(trllc->ethertype != htons(ETH_P_IP)) {
169                printk("tr_rebuild_header: Don't know how to resolve type %04X addresses ?\n", ntohs(trllc->ethertype));
170                return 0;
171        }
172
173#ifdef CONFIG_INET
174        if(arp_find(trh->daddr, skb)) {
175                        return 1;
176        }
177        else
178#endif
179        {
180                tr_source_route(skb,trh,dev);
181                return 0;
182        }
183}
184
185/*
186 *        Some of this is a bit hackish. We intercept RIF information
187 *        used for source routing. We also grab IP directly and don't feed
188 *        it via SNAP.
189 */
190
191__be16 tr_type_trans(struct sk_buff *skb, struct net_device *dev)
192{
193
194        struct trh_hdr *trh;
195        struct trllc *trllc;
196        unsigned riflen=0;
197
198        skb->dev = dev;
199        skb_reset_mac_header(skb);
200        trh = tr_hdr(skb);
201
202        if(trh->saddr[0] & TR_RII)
203                riflen = (ntohs(trh->rcf) & TR_RCF_LEN_MASK) >> 8;
204
205        trllc = (struct trllc *)(skb->data+sizeof(struct trh_hdr)-TR_MAXRIFLEN+riflen);
206
207        skb_pull(skb,sizeof(struct trh_hdr)-TR_MAXRIFLEN+riflen);
208
209        if(*trh->daddr & 0x80)
210        {
211                if(!memcmp(trh->daddr,dev->broadcast,TR_ALEN))
212                        skb->pkt_type=PACKET_BROADCAST;
213                else
214                        skb->pkt_type=PACKET_MULTICAST;
215        }
216        else if ( (trh->daddr[0] & 0x01) && (trh->daddr[1] & 0x00) && (trh->daddr[2] & 0x5E))
217        {
218                skb->pkt_type=PACKET_MULTICAST;
219        }
220        else if(dev->flags & IFF_PROMISC)
221        {
222                if(memcmp(trh->daddr, dev->dev_addr, TR_ALEN))
223                        skb->pkt_type=PACKET_OTHERHOST;
224        }
225
226        if ((skb->pkt_type != PACKET_BROADCAST) &&
227            (skb->pkt_type != PACKET_MULTICAST))
228                tr_add_rif_info(trh,dev) ;
229
230        /*
231         * Strip the SNAP header from ARP packets since we don't
232         * pass them through to the 802.2/SNAP layers.
233         */
234
235        if (trllc->dsap == EXTENDED_SAP &&
236            (trllc->ethertype == htons(ETH_P_IP) ||
237             trllc->ethertype == htons(ETH_P_IPV6) ||
238             trllc->ethertype == htons(ETH_P_ARP)))
239        {
240                skb_pull(skb, sizeof(struct trllc));
241                return trllc->ethertype;
242        }
243
244        return htons(ETH_P_TR_802_2);
245}
246
247/*
248 *        We try to do source routing...
249 */
250
251void tr_source_route(struct sk_buff *skb,struct trh_hdr *trh,
252                     struct net_device *dev)
253{
254        int slack;
255        unsigned int hash;
256        struct rif_cache *entry;
257        unsigned char *olddata;
258        unsigned long flags;
259        static const unsigned char mcast_func_addr[]
260                = {0xC0,0x00,0x00,0x04,0x00,0x00};
261
262        spin_lock_irqsave(&rif_lock, flags);
263
264        /*
265         *        Broadcasts are single route as stated in RFC 1042
266         */
267        if( (!memcmp(&(trh->daddr[0]),&(dev->broadcast[0]),TR_ALEN)) ||
268            (!memcmp(&(trh->daddr[0]),&(mcast_func_addr[0]), TR_ALEN))  )
269        {
270                trh->rcf=htons((((sizeof(trh->rcf)) << 8) & TR_RCF_LEN_MASK)
271                               | TR_RCF_FRAME2K | TR_RCF_LIMITED_BROADCAST);
272                trh->saddr[0]|=TR_RII;
273        }
274        else
275        {
276                hash = rif_hash(trh->daddr);
277                /*
278                 *        Walk the hash table and look for an entry
279                 */
280                for(entry=rif_table[hash];entry && memcmp(&(entry->addr[0]),&(trh->daddr[0]),TR_ALEN);entry=entry->next);
281
282                /*
283                 *        If we found an entry we can route the frame.
284                 */
285                if(entry)
286                {
287#if TR_SR_DEBUG
288{
289DECLARE_MAC_BUF(mac);
290printk("source routing for %s\n",print_mac(mac, trh->daddr));
291}
292#endif
293                        if(!entry->local_ring && (ntohs(entry->rcf) & TR_RCF_LEN_MASK) >> 8)
294                        {
295                                trh->rcf=entry->rcf;
296                                memcpy(&trh->rseg[0],&entry->rseg[0],8*sizeof(unsigned short));
297                                trh->rcf^=htons(TR_RCF_DIR_BIT);
298                                trh->rcf&=htons(0x1fff);        /* Issam Chehab <ichehab@madge1.demon.co.uk> */
299
300                                trh->saddr[0]|=TR_RII;
301#if TR_SR_DEBUG
302                                printk("entry found with rcf %04x\n", entry->rcf);
303                        }
304                        else
305                        {
306                                printk("entry found but without rcf length, local=%02x\n", entry->local_ring);
307#endif
308                        }
309                        entry->last_used=jiffies;
310                }
311                else
312                {
313                        /*
314                         *        Without the information we simply have to shout
315                         *        on the wire. The replies should rapidly clean this
316                         *        situation up.
317                         */
318                        trh->rcf=htons((((sizeof(trh->rcf)) << 8) & TR_RCF_LEN_MASK)
319                                       | TR_RCF_FRAME2K | TR_RCF_LIMITED_BROADCAST);
320                        trh->saddr[0]|=TR_RII;
321#if TR_SR_DEBUG
322                        printk("no entry in rif table found - broadcasting frame\n");
323#endif
324                }
325        }
326
327        /* Compress the RIF here so we don't have to do it in the driver(s) */
328        if (!(trh->saddr[0] & 0x80))
329                slack = 18;
330        else
331                slack = 18 - ((ntohs(trh->rcf) & TR_RCF_LEN_MASK)>>8);
332        olddata = skb->data;
333        spin_unlock_irqrestore(&rif_lock, flags);
334
335        skb_pull(skb, slack);
336        memmove(skb->data, olddata, sizeof(struct trh_hdr) - slack);
337}
338
339/*
340 *        We have learned some new RIF information for our source
341 *        routing.
342 */
343
344static void tr_add_rif_info(struct trh_hdr *trh, struct net_device *dev)
345{
346        unsigned int hash, rii_p = 0;
347        unsigned long flags;
348        struct rif_cache *entry;
349        unsigned char saddr0;
350
351        spin_lock_irqsave(&rif_lock, flags);
352        saddr0 = trh->saddr[0];
353
354        /*
355         *        Firstly see if the entry exists
356         */
357
358        if(trh->saddr[0] & TR_RII)
359        {
360                trh->saddr[0]&=0x7f;
361                if (((ntohs(trh->rcf) & TR_RCF_LEN_MASK) >> 8) > 2)
362                {
363                        rii_p = 1;
364                }
365        }
366
367        hash = rif_hash(trh->saddr);
368        for(entry=rif_table[hash];entry && memcmp(&(entry->addr[0]),&(trh->saddr[0]),TR_ALEN);entry=entry->next);
369
370        if(entry==NULL)
371        {
372#if TR_SR_DEBUG
373                DECLARE_MAC_BUF(mac);
374                printk("adding rif_entry: addr:%s rcf:%04X\n",
375                       print_mac(mac, trh->saddr), ntohs(trh->rcf));
376#endif
377                /*
378                 *        Allocate our new entry. A failure to allocate loses
379                 *        use the information. This is harmless.
380                 *
381                 *        FIXME: We ought to keep some kind of cache size
382                 *        limiting and adjust the timers to suit.
383                 */
384                entry=kmalloc(sizeof(struct rif_cache),GFP_ATOMIC);
385
386                if(!entry)
387                {
388                        printk(KERN_DEBUG "tr.c: Couldn't malloc rif cache entry !\n");
389                        spin_unlock_irqrestore(&rif_lock, flags);
390                        return;
391                }
392
393                memcpy(&(entry->addr[0]),&(trh->saddr[0]),TR_ALEN);
394                entry->iface = dev->ifindex;
395                entry->next=rif_table[hash];
396                entry->last_used=jiffies;
397                rif_table[hash]=entry;
398
399                if (rii_p)
400                {
401                        entry->rcf = trh->rcf & htons((unsigned short)~TR_RCF_BROADCAST_MASK);
402                        memcpy(&(entry->rseg[0]),&(trh->rseg[0]),8*sizeof(unsigned short));
403                        entry->local_ring = 0;
404                }
405                else
406                {
407                        entry->local_ring = 1;
408                }
409        }
410        else        /* Y. Tahara added */
411        {
412                /*
413                 *        Update existing entries
414                 */
415                if (!entry->local_ring)
416                    if (entry->rcf != (trh->rcf & htons((unsigned short)~TR_RCF_BROADCAST_MASK)) &&
417                         !(trh->rcf & htons(TR_RCF_BROADCAST_MASK)))
418                    {
419#if TR_SR_DEBUG
420{
421DECLARE_MAC_BUF(mac);
422printk("updating rif_entry: addr:%s rcf:%04X\n",
423                print_mac(mac, trh->saddr), ntohs(trh->rcf));
424}
425#endif
426                            entry->rcf = trh->rcf & htons((unsigned short)~TR_RCF_BROADCAST_MASK);
427                            memcpy(&(entry->rseg[0]),&(trh->rseg[0]),8*sizeof(unsigned short));
428                    }
429                entry->last_used=jiffies;
430        }
431        trh->saddr[0]=saddr0; /* put the routing indicator back for tcpdump */
432        spin_unlock_irqrestore(&rif_lock, flags);
433}
434
435/*
436 *        Scan the cache with a timer and see what we need to throw out.
437 */
438
439static void rif_check_expire(unsigned long dummy)
440{
441        int i;
442        unsigned long flags, next_interval = jiffies + sysctl_tr_rif_timeout/2;
443
444        spin_lock_irqsave(&rif_lock, flags);
445
446        for(i =0; i < RIF_TABLE_SIZE; i++) {
447                struct rif_cache *entry, **pentry;
448
449                pentry = rif_table+i;
450                while((entry=*pentry) != NULL) {
451                        unsigned long expires
452                                = entry->last_used + sysctl_tr_rif_timeout;
453
454                        if (time_before_eq(expires, jiffies)) {
455                                *pentry = entry->next;
456                                kfree(entry);
457                        } else {
458                                pentry = &entry->next;
459
460                                if (time_before(expires, next_interval))
461                                        next_interval = expires;
462                        }
463                }
464        }
465
466        spin_unlock_irqrestore(&rif_lock, flags);
467
468        mod_timer(&rif_timer, next_interval);
469
470}
471
472/*
473 *        Generate the /proc/net information for the token ring RIF
474 *        routing.
475 */
476
477#ifdef CONFIG_PROC_FS
478
479static struct rif_cache *rif_get_idx(loff_t pos)
480{
481        int i;
482        struct rif_cache *entry;
483        loff_t off = 0;
484
485        for(i = 0; i < RIF_TABLE_SIZE; i++)
486                for(entry = rif_table[i]; entry; entry = entry->next) {
487                        if (off == pos)
488                                return entry;
489                        ++off;
490                }
491
492        return NULL;
493}
494
495static void *rif_seq_start(struct seq_file *seq, loff_t *pos)
496{
497        spin_lock_irq(&rif_lock);
498
499        return *pos ? rif_get_idx(*pos - 1) : SEQ_START_TOKEN;
500}
501
502static void *rif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
503{
504        int i;
505        struct rif_cache *ent = v;
506
507        ++*pos;
508
509        if (v == SEQ_START_TOKEN) {
510                i = -1;
511                goto scan;
512        }
513
514        if (ent->next)
515                return ent->next;
516
517        i = rif_hash(ent->addr);
518 scan:
519        while (++i < RIF_TABLE_SIZE) {
520                if ((ent = rif_table[i]) != NULL)
521                        return ent;
522        }
523        return NULL;
524}
525
526static void rif_seq_stop(struct seq_file *seq, void *v)
527{
528        spin_unlock_irq(&rif_lock);
529}
530
531static int rif_seq_show(struct seq_file *seq, void *v)
532{
533        int j, rcf_len, segment, brdgnmb;
534        struct rif_cache *entry = v;
535        DECLARE_MAC_BUF(mac);
536
537        if (v == SEQ_START_TOKEN)
538                seq_puts(seq,
539                     "if     TR address       TTL   rcf   routing segments\n");
540        else {
541                struct net_device *dev = dev_get_by_index(&init_net, entry->iface);
542                long ttl = (long) (entry->last_used + sysctl_tr_rif_timeout)
543                                - (long) jiffies;
544
545                seq_printf(seq, "%s %s %7li ",
546                           dev?dev->name:"?",
547                           print_mac(mac, entry->addr),
548                           ttl/HZ);
549
550                        if (entry->local_ring)
551                                seq_puts(seq, "local\n");
552                        else {
553
554                                seq_printf(seq, "%04X", ntohs(entry->rcf));
555                                rcf_len = ((ntohs(entry->rcf) & TR_RCF_LEN_MASK)>>8)-2;
556                                if (rcf_len)
557                                        rcf_len >>= 1;
558                                for(j = 1; j < rcf_len; j++) {
559                                        if(j==1) {
560                                                segment=ntohs(entry->rseg[j-1])>>4;
561                                                seq_printf(seq,"  %03X",segment);
562                                        }
563
564                                        segment=ntohs(entry->rseg[j])>>4;
565                                        brdgnmb=ntohs(entry->rseg[j-1])&0x00f;
566                                        seq_printf(seq,"-%01X-%03X",brdgnmb,segment);
567                                }
568                                seq_putc(seq, '\n');
569                        }
570                }
571        return 0;
572}
573
574
575static const struct seq_operations rif_seq_ops = {
576        .start = rif_seq_start,
577        .next  = rif_seq_next,
578        .stop  = rif_seq_stop,
579        .show  = rif_seq_show,
580};
581
582static int rif_seq_open(struct inode *inode, struct file *file)
583{
584        return seq_open(file, &rif_seq_ops);
585}
586
587static const struct file_operations rif_seq_fops = {
588        .owner         = THIS_MODULE,
589        .open    = rif_seq_open,
590        .read    = seq_read,
591        .llseek  = seq_lseek,
592        .release = seq_release,
593};
594
595#endif
596
597static const struct header_ops tr_header_ops = {
598        .create = tr_header,
599        .rebuild= tr_rebuild_header,
600};
601
602static void tr_setup(struct net_device *dev)
603{
604        /*
605         *        Configure and register
606         */
607
608        dev->header_ops        = &tr_header_ops;
609
610        dev->type                = ARPHRD_IEEE802_TR;
611        dev->hard_header_len        = TR_HLEN;
612        dev->mtu                = 2000;
613        dev->addr_len                = TR_ALEN;
614        dev->tx_queue_len        = 100;        /* Long queues on tr */
615
616        memset(dev->broadcast,0xFF, TR_ALEN);
617
618        /* New-style flags. */
619        dev->flags                = IFF_BROADCAST | IFF_MULTICAST ;
620}
621
622/**
623 * alloc_trdev - Register token ring device
624 * @sizeof_priv: Size of additional driver-private structure to be allocated
625 *        for this token ring device
626 *
627 * Fill in the fields of the device structure with token ring-generic values.
628 *
629 * Constructs a new net device, complete with a private data area of
630 * size @sizeof_priv.  A 32-byte (not bit) alignment is enforced for
631 * this private data area.
632 */
633struct net_device *alloc_trdev(int sizeof_priv)
634{
635        return alloc_netdev(sizeof_priv, "tr%d", tr_setup);
636}
637
638#ifdef CONFIG_SYSCTL
639static struct ctl_table tr_table[] = {
640        {
641                .ctl_name        = NET_TR_RIF_TIMEOUT,
642                .procname        = "rif_timeout",
643                .data                = &sysctl_tr_rif_timeout,
644                .maxlen                = sizeof(int),
645                .mode                = 0644,
646                .proc_handler        = &proc_dointvec
647        },
648        { 0 },
649};
650
651static __initdata struct ctl_path tr_path[] = {
652        { .procname = "net", .ctl_name = CTL_NET, },
653        { .procname = "token-ring", .ctl_name = NET_TR, },
654        { }
655};
656#endif
657
658/*
659 *        Called during bootup.  We don't actually have to initialise
660 *        too much for this.
661 */
662
663static int __init rif_init(void)
664{
665        rif_timer.expires  = jiffies + sysctl_tr_rif_timeout;
666        setup_timer(&rif_timer, rif_check_expire, 0);
667        add_timer(&rif_timer);
668#ifdef CONFIG_SYSCTL
669        register_sysctl_paths(tr_path, tr_table);
670#endif
671        proc_net_fops_create(&init_net, "tr_rif", S_IRUGO, &rif_seq_fops);
672        return 0;
673}
674
675module_init(rif_init);
676
677EXPORT_SYMBOL(tr_type_trans);
678EXPORT_SYMBOL(alloc_trdev);