ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1884

User:	Jiri Slaby
Error type:	Invalid Pointer Dereference
Error type description:	A pointer which is invalid is being dereferenced
File location:	net/econet/af_econet.c
Line in file:	354
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Smatch (1.59)
Entered:	2013-09-11 08:47:26 UTC
Source:

   1/*
   2 *        An implementation of the Acorn Econet and AUN protocols.
   3 *        Philip Blundell <philb@gnu.org>
   4 *
   5 *        This program is free software; you can redistribute it and/or
   6 *        modify it under the terms of the GNU General Public License
   7 *        as published by the Free Software Foundation; either version
   8 *        2 of the License, or (at your option) any later version.
   9 *
  10 */
  11
  12#include <linux/module.h>
  13
  14#include <linux/types.h>
  15#include <linux/kernel.h>
  16#include <linux/string.h>
  17#include <linux/mm.h>
  18#include <linux/socket.h>
  19#include <linux/sockios.h>
  20#include <linux/in.h>
  21#include <linux/errno.h>
  22#include <linux/interrupt.h>
  23#include <linux/if_ether.h>
  24#include <linux/netdevice.h>
  25#include <linux/inetdevice.h>
  26#include <linux/route.h>
  27#include <linux/inet.h>
  28#include <linux/etherdevice.h>
  29#include <linux/if_arp.h>
  30#include <linux/wireless.h>
  31#include <linux/skbuff.h>
  32#include <linux/udp.h>
  33#include <net/sock.h>
  34#include <net/inet_common.h>
  35#include <linux/stat.h>
  36#include <linux/init.h>
  37#include <linux/if_ec.h>
  38#include <net/udp.h>
  39#include <net/ip.h>
  40#include <linux/spinlock.h>
  41#include <linux/rcupdate.h>
  42#include <linux/bitops.h>
  43#include <linux/mutex.h>
  44
  45#include <asm/uaccess.h>
  46#include <asm/system.h>
  47
  48static const struct proto_ops econet_ops;
  49static struct hlist_head econet_sklist;
  50static DEFINE_RWLOCK(econet_lock);
  51static DEFINE_MUTEX(econet_mutex);
  52
  53/* Since there are only 256 possible network numbers (or fewer, depends
  54   how you count) it makes sense to use a simple lookup table. */
  55static struct net_device *net2dev_map[256];
  56
  57#define EC_PORT_IP        0xd2
  58
  59#ifdef CONFIG_ECONET_AUNUDP
  60static DEFINE_SPINLOCK(aun_queue_lock);
  61static struct socket *udpsock;
  62#define AUN_PORT        0x8000
  63
  64
  65struct aunhdr
  66{
  67        unsigned char code;                /* AUN magic protocol byte */
  68        unsigned char port;
  69        unsigned char cb;
  70        unsigned char pad;
  71        unsigned long handle;
  72};
  73
  74static unsigned long aun_seq;
  75
  76/* Queue of packets waiting to be transmitted. */
  77static struct sk_buff_head aun_queue;
  78static struct timer_list ab_cleanup_timer;
  79
  80#endif                /* CONFIG_ECONET_AUNUDP */
  81
  82/* Per-packet information */
  83struct ec_cb
  84{
  85        struct sockaddr_ec sec;
  86        unsigned long cookie;                /* Supplied by user. */
  87#ifdef CONFIG_ECONET_AUNUDP
  88        int done;
  89        unsigned long seq;                /* Sequencing */
  90        unsigned long timeout;                /* Timeout */
  91        unsigned long start;                /* jiffies */
  92#endif
  93#ifdef CONFIG_ECONET_NATIVE
  94        void (*sent)(struct sk_buff *, int result);
  95#endif
  96};
  97
  98static void econet_remove_socket(struct hlist_head *list, struct sock *sk)
  99{
 100        write_lock_bh(&econet_lock);
 101        sk_del_node_init(sk);
 102        write_unlock_bh(&econet_lock);
 103}
 104
 105static void econet_insert_socket(struct hlist_head *list, struct sock *sk)
 106{
 107        write_lock_bh(&econet_lock);
 108        sk_add_node(sk, list);
 109        write_unlock_bh(&econet_lock);
 110}
 111
 112/*
 113 *        Pull a packet from our receive queue and hand it to the user.
 114 *        If necessary we block.
 115 */
 116
 117static int econet_recvmsg(struct kiocb *iocb, struct socket *sock,
 118                          struct msghdr *msg, size_t len, int flags)
 119{
 120        struct sock *sk = sock->sk;
 121        struct sk_buff *skb;
 122        size_t copied;
 123        int err;
 124
 125        msg->msg_namelen = sizeof(struct sockaddr_ec);
 126
 127        mutex_lock(&econet_mutex);
 128
 129        /*
 130         *        Call the generic datagram receiver. This handles all sorts
 131         *        of horrible races and re-entrancy so we can forget about it
 132         *        in the protocol layers.
 133         *
 134         *        Now it will return ENETDOWN, if device have just gone down,
 135         *        but then it will block.
 136         */
 137
 138        skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err);
 139
 140        /*
 141         *        An error occurred so return it. Because skb_recv_datagram()
 142         *        handles the blocking we don't see and worry about blocking
 143         *        retries.
 144         */
 145
 146        if(skb==NULL)
 147                goto out;
 148
 149        /*
 150         *        You lose any data beyond the buffer you gave. If it worries a
 151         *        user program they can ask the device for its MTU anyway.
 152         */
 153
 154        copied = skb->len;
 155        if (copied > len)
 156        {
 157                copied=len;
 158                msg->msg_flags|=MSG_TRUNC;
 159        }
 160
 161        /* We can't use skb_copy_datagram here */
 162        err = memcpy_toiovec(msg->msg_iov, skb->data, copied);
 163        if (err)
 164                goto out_free;
 165        sk->sk_stamp = skb->tstamp;
 166
 167        if (msg->msg_name)
 168                memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
 169
 170        /*
 171         *        Free or return the buffer as appropriate. Again this
 172         *        hides all the races and re-entrancy issues from us.
 173         */
 174        err = copied;
 175
 176out_free:
 177        skb_free_datagram(sk, skb);
 178out:
 179        mutex_unlock(&econet_mutex);
 180        return err;
 181}
 182
 183/*
 184 *        Bind an Econet socket.
 185 */
 186
 187static int econet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 188{
 189        struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr;
 190        struct sock *sk;
 191        struct econet_sock *eo;
 192
 193        /*
 194         *        Check legality
 195         */
 196
 197        if (addr_len < sizeof(struct sockaddr_ec) ||
 198            sec->sec_family != AF_ECONET)
 199                return -EINVAL;
 200
 201        mutex_lock(&econet_mutex);
 202
 203        sk = sock->sk;
 204        eo = ec_sk(sk);
 205
 206        eo->cb            = sec->cb;
 207        eo->port    = sec->port;
 208        eo->station = sec->addr.station;
 209        eo->net            = sec->addr.net;
 210
 211        mutex_unlock(&econet_mutex);
 212
 213        return 0;
 214}
 215
 216#if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
 217/*
 218 *        Queue a transmit result for the user to be told about.
 219 */
 220
 221static void tx_result(struct sock *sk, unsigned long cookie, int result)
 222{
 223        struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC);
 224        struct ec_cb *eb;
 225        struct sockaddr_ec *sec;
 226
 227        if (skb == NULL)
 228        {
 229                printk(KERN_DEBUG "ec: memory squeeze, transmit result dropped.\n");
 230                return;
 231        }
 232
 233        eb = (struct ec_cb *)&skb->cb;
 234        sec = (struct sockaddr_ec *)&eb->sec;
 235        memset(sec, 0, sizeof(struct sockaddr_ec));
 236        sec->cookie = cookie;
 237        sec->type = ECTYPE_TRANSMIT_STATUS | result;
 238        sec->sec_family = AF_ECONET;
 239
 240        if (sock_queue_rcv_skb(sk, skb) < 0)
 241                kfree_skb(skb);
 242}
 243#endif
 244
 245#ifdef CONFIG_ECONET_NATIVE
 246/*
 247 *        Called by the Econet hardware driver when a packet transmit
 248 *        has completed.  Tell the user.
 249 */
 250
 251static void ec_tx_done(struct sk_buff *skb, int result)
 252{
 253        struct ec_cb *eb = (struct ec_cb *)&skb->cb;
 254        tx_result(skb->sk, eb->cookie, result);
 255}
 256#endif
 257
 258/*
 259 *        Send a packet.  We have to work out which device it's going out on
 260 *        and hence whether to use real Econet or the UDP emulation.
 261 */
 262
 263static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
 264                          struct msghdr *msg, size_t len)
 265{
 266        struct sock *sk = sock->sk;
 267        struct sockaddr_ec *saddr=(struct sockaddr_ec *)msg->msg_name;
 268        struct net_device *dev;
 269        struct ec_addr addr;
 270        int err;
 271        unsigned char port, cb;
 272#if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
 273        struct sk_buff *skb;
 274        struct ec_cb *eb;
 275#endif
 276#ifdef CONFIG_ECONET_AUNUDP
 277        struct msghdr udpmsg;
 278        struct iovec iov[msg->msg_iovlen+1];
 279        struct aunhdr ah;
 280        struct sockaddr_in udpdest;
 281        __kernel_size_t size;
 282        int i;
 283        mm_segment_t oldfs;
 284#endif
 285
 286        /*
 287         *        Check the flags.
 288         */
 289
 290        if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
 291                return -EINVAL;
 292
 293        /*
 294         *        Get and verify the address.
 295         */
 296
 297        mutex_lock(&econet_mutex);
 298
 299        if (saddr == NULL) {
 300                struct econet_sock *eo = ec_sk(sk);
 301
 302                addr.station = eo->station;
 303                addr.net     = eo->net;
 304                port             = eo->port;
 305                cb             = eo->cb;
 306        } else {
 307                if (msg->msg_namelen < sizeof(struct sockaddr_ec)) {
 308                        mutex_unlock(&econet_mutex);
 309                        return -EINVAL;
 310                }
 311                addr.station = saddr->addr.station;
 312                addr.net = saddr->addr.net;
 313                port = saddr->port;
 314                cb = saddr->cb;
 315        }
 316
 317        /* Look for a device with the right network number. */
 318        dev = net2dev_map[addr.net];
 319
 320        /* If not directly reachable, use some default */
 321        if (dev == NULL) {
 322                dev = net2dev_map[0];
 323                /* No interfaces at all? */
 324                if (dev == NULL) {
 325                        mutex_unlock(&econet_mutex);
 326                        return -ENETDOWN;
 327                }
 328        }
 329
 330        if (len + 15 > dev->mtu) {
 331                mutex_unlock(&econet_mutex);
 332                return -EMSGSIZE;
 333        }
 334
 335        if (dev->type == ARPHRD_ECONET) {
 336                /* Real hardware Econet.  We're not worthy etc. */
 337#ifdef CONFIG_ECONET_NATIVE
 338                unsigned short proto = 0;
 339                int res;
 340
 341                dev_hold(dev);
 342
 343                skb = sock_alloc_send_skb(sk, len+LL_ALLOCATED_SPACE(dev),
 344                                          msg->msg_flags & MSG_DONTWAIT, &err);
 345                if (skb==NULL)
 346                        goto out_unlock;
 347
 348                skb_reserve(skb, LL_RESERVED_SPACE(dev));
 349                skb_reset_network_header(skb);
 350
 351                eb = (struct ec_cb *)&skb->cb;
 352
 353                /* BUG: saddr may be NULL */
 354                eb->cookie = saddr->cookie;
 355                eb->sec = *saddr;
 356                eb->sent = ec_tx_done;
 357
 358                err = -EINVAL;
 359                res = dev_hard_header(skb, dev, ntohs(proto), &addr, NULL, len);
 360                if (res < 0)
 361                        goto out_free;
 362                if (res > 0) {
 363                        struct ec_framehdr *fh;
 364                        /* Poke in our control byte and
 365                           port number.  Hack, hack.  */
 366                        fh = (struct ec_framehdr *)(skb->data);
 367                        fh->cb = cb;
 368                        fh->port = port;
 369                        if (sock->type != SOCK_DGRAM) {
 370                                skb_reset_tail_pointer(skb);
 371                                skb->len = 0;
 372                        }
 373                }
 374
 375                /* Copy the data. Returns -EFAULT on error */
 376                err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
 377                skb->protocol = proto;
 378                skb->dev = dev;
 379                skb->priority = sk->sk_priority;
 380                if (err)
 381                        goto out_free;
 382
 383                err = -ENETDOWN;
 384                if (!(dev->flags & IFF_UP))
 385                        goto out_free;
 386
 387                /*
 388                 *        Now send it
 389                 */
 390
 391                dev_queue_xmit(skb);
 392                dev_put(dev);
 393                mutex_unlock(&econet_mutex);
 394                return(len);
 395
 396        out_free:
 397                kfree_skb(skb);
 398        out_unlock:
 399                if (dev)
 400                        dev_put(dev);
 401#else
 402                err = -EPROTOTYPE;
 403#endif
 404                mutex_unlock(&econet_mutex);
 405
 406                return err;
 407        }
 408
 409#ifdef CONFIG_ECONET_AUNUDP
 410        /* AUN virtual Econet. */
 411
 412        if (udpsock == NULL) {
 413                mutex_unlock(&econet_mutex);
 414                return -ENETDOWN;                /* No socket - can't send */
 415        }
 416
 417        /* Make up a UDP datagram and hand it off to some higher intellect. */
 418
 419        memset(&udpdest, 0, sizeof(udpdest));
 420        udpdest.sin_family = AF_INET;
 421        udpdest.sin_port = htons(AUN_PORT);
 422
 423        /* At the moment we use the stupid Acorn scheme of Econet address
 424           y.x maps to IP a.b.c.x.  This should be replaced with something
 425           more flexible and more aware of subnet masks.  */
 426        {
 427                struct in_device *idev;
 428                unsigned long network = 0;
 429
 430                rcu_read_lock();
 431                idev = __in_dev_get_rcu(dev);
 432                if (idev) {
 433                        if (idev->ifa_list)
 434                                network = ntohl(idev->ifa_list->ifa_address) &
 435                                        0xffffff00;                /* !!! */
 436                }
 437                rcu_read_unlock();
 438                udpdest.sin_addr.s_addr = htonl(network | addr.station);
 439        }
 440
 441        ah.port = port;
 442        ah.cb = cb & 0x7f;
 443        ah.code = 2;                /* magic */
 444        ah.pad = 0;
 445
 446        /* tack our header on the front of the iovec */
 447        size = sizeof(struct aunhdr);
 448        /*
 449         * XXX: that is b0rken.  We can't mix userland and kernel pointers
 450         * in iovec, since on a lot of platforms copy_from_user() will
 451         * *not* work with the kernel and userland ones at the same time,
 452         * regardless of what we do with set_fs().  And we are talking about
 453         * econet-over-ethernet here, so "it's only ARM anyway" doesn't
 454         * apply.  Any suggestions on fixing that code?                -- AV
 455         */
 456        iov[0].iov_base = (void *)&ah;
 457        iov[0].iov_len = size;
 458        for (i = 0; i < msg->msg_iovlen; i++) {
 459                void __user *base = msg->msg_iov[i].iov_base;
 460                size_t len = msg->msg_iov[i].iov_len;
 461                /* Check it now since we switch to KERNEL_DS later. */
 462                if (!access_ok(VERIFY_READ, base, len)) {
 463                        mutex_unlock(&econet_mutex);
 464                        return -EFAULT;
 465                }
 466                iov[i+1].iov_base = base;
 467                iov[i+1].iov_len = len;
 468                size += len;
 469        }
 470
 471        /* Get a skbuff (no data, just holds our cb information) */
 472        if ((skb = sock_alloc_send_skb(sk, 0,
 473                                       msg->msg_flags & MSG_DONTWAIT,
 474                                       &err)) == NULL) {
 475                mutex_unlock(&econet_mutex);
 476                return err;
 477        }
 478
 479        eb = (struct ec_cb *)&skb->cb;
 480
 481        eb->cookie = saddr->cookie;
 482        eb->timeout = (5*HZ);
 483        eb->start = jiffies;
 484        ah.handle = aun_seq;
 485        eb->seq = (aun_seq++);
 486        eb->sec = *saddr;
 487
 488        skb_queue_tail(&aun_queue, skb);
 489
 490        udpmsg.msg_name = (void *)&udpdest;
 491        udpmsg.msg_namelen = sizeof(udpdest);
 492        udpmsg.msg_iov = &iov[0];
 493        udpmsg.msg_iovlen = msg->msg_iovlen + 1;
 494        udpmsg.msg_control = NULL;
 495        udpmsg.msg_controllen = 0;
 496        udpmsg.msg_flags=0;
 497
 498        oldfs = get_fs(); set_fs(KERNEL_DS);        /* More privs :-) */
 499        err = sock_sendmsg(udpsock, &udpmsg, size);
 500        set_fs(oldfs);
 501#else
 502        err = -EPROTOTYPE;
 503#endif
 504        mutex_unlock(&econet_mutex);
 505
 506        return err;
 507}
 508
 509/*
 510 *        Look up the address of a socket.
 511 */
 512
 513static int econet_getname(struct socket *sock, struct sockaddr *uaddr,
 514                          int *uaddr_len, int peer)
 515{
 516        struct sock *sk;
 517        struct econet_sock *eo;
 518        struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr;
 519
 520        if (peer)
 521                return -EOPNOTSUPP;
 522
 523        mutex_lock(&econet_mutex);
 524
 525        sk = sock->sk;
 526        eo = ec_sk(sk);
 527
 528        sec->sec_family          = AF_ECONET;
 529        sec->port          = eo->port;
 530        sec->addr.station = eo->station;
 531        sec->addr.net          = eo->net;
 532
 533        mutex_unlock(&econet_mutex);
 534
 535        *uaddr_len = sizeof(*sec);
 536        return 0;
 537}
 538
 539static void econet_destroy_timer(unsigned long data)
 540{
 541        struct sock *sk=(struct sock *)data;
 542
 543        if (!atomic_read(&sk->sk_wmem_alloc) &&
 544            !atomic_read(&sk->sk_rmem_alloc)) {
 545                sk_free(sk);
 546                return;
 547        }
 548
 549        sk->sk_timer.expires = jiffies + 10 * HZ;
 550        add_timer(&sk->sk_timer);
 551        printk(KERN_DEBUG "econet socket destroy delayed\n");
 552}
 553
 554/*
 555 *        Close an econet socket.
 556 */
 557
 558static int econet_release(struct socket *sock)
 559{
 560        struct sock *sk;
 561
 562        mutex_lock(&econet_mutex);
 563
 564        sk = sock->sk;
 565        if (!sk)
 566                goto out_unlock;
 567
 568        econet_remove_socket(&econet_sklist, sk);
 569
 570        /*
 571         *        Now the socket is dead. No more input will appear.
 572         */
 573
 574        sk->sk_state_change(sk);        /* It is useless. Just for sanity. */
 575
 576        sock_orphan(sk);
 577
 578        /* Purge queues */
 579
 580        skb_queue_purge(&sk->sk_receive_queue);
 581
 582        if (atomic_read(&sk->sk_rmem_alloc) ||
 583            atomic_read(&sk->sk_wmem_alloc)) {
 584                sk->sk_timer.data     = (unsigned long)sk;
 585                sk->sk_timer.expires  = jiffies + HZ;
 586                sk->sk_timer.function = econet_destroy_timer;
 587                add_timer(&sk->sk_timer);
 588
 589                goto out_unlock;
 590        }
 591
 592        sk_free(sk);
 593
 594out_unlock:
 595        mutex_unlock(&econet_mutex);
 596        return 0;
 597}
 598
 599static struct proto econet_proto = {
 600        .name          = "ECONET",
 601        .owner          = THIS_MODULE,
 602        .obj_size = sizeof(struct econet_sock),
 603};
 604
 605/*
 606 *        Create an Econet socket
 607 */
 608
 609static int econet_create(struct net *net, struct socket *sock, int protocol)
 610{
 611        struct sock *sk;
 612        struct econet_sock *eo;
 613        int err;
 614
 615        if (net != &init_net)
 616                return -EAFNOSUPPORT;
 617
 618        /* Econet only provides datagram services. */
 619        if (sock->type != SOCK_DGRAM)
 620                return -ESOCKTNOSUPPORT;
 621
 622        sock->state = SS_UNCONNECTED;
 623
 624        err = -ENOBUFS;
 625        sk = sk_alloc(net, PF_ECONET, GFP_KERNEL, &econet_proto);
 626        if (sk == NULL)
 627                goto out;
 628
 629        sk->sk_reuse = 1;
 630        sock->ops = &econet_ops;
 631        sock_init_data(sock, sk);
 632
 633        eo = ec_sk(sk);
 634        sock_reset_flag(sk, SOCK_ZAPPED);
 635        sk->sk_family = PF_ECONET;
 636        eo->num = protocol;
 637
 638        econet_insert_socket(&econet_sklist, sk);
 639        return(0);
 640out:
 641        return err;
 642}
 643
 644/*
 645 *        Handle Econet specific ioctls
 646 */
 647
 648static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void __user *arg)
 649{
 650        struct ifreq ifr;
 651        struct ec_device *edev;
 652        struct net_device *dev;
 653        struct sockaddr_ec *sec;
 654        int err;
 655
 656        /*
 657         *        Fetch the caller's info block into kernel space
 658         */
 659
 660        if (copy_from_user(&ifr, arg, sizeof(struct ifreq)))
 661                return -EFAULT;
 662
 663        if ((dev = dev_get_by_name(&init_net, ifr.ifr_name)) == NULL)
 664                return -ENODEV;
 665
 666        sec = (struct sockaddr_ec *)&ifr.ifr_addr;
 667
 668        mutex_lock(&econet_mutex);
 669
 670        err = 0;
 671        switch (cmd) {
 672        case SIOCSIFADDR:
 673                edev = dev->ec_ptr;
 674                if (edev == NULL) {
 675                        /* Magic up a new one. */
 676                        edev = kzalloc(sizeof(struct ec_device), GFP_KERNEL);
 677                        if (edev == NULL) {
 678                                err = -ENOMEM;
 679                                break;
 680                        }
 681                        dev->ec_ptr = edev;
 682                } else
 683                        net2dev_map[edev->net] = NULL;
 684                edev->station = sec->addr.station;
 685                edev->net = sec->addr.net;
 686                net2dev_map[sec->addr.net] = dev;
 687                if (!net2dev_map[0])
 688                        net2dev_map[0] = dev;
 689                break;
 690
 691        case SIOCGIFADDR:
 692                edev = dev->ec_ptr;
 693                if (edev == NULL) {
 694                        err = -ENODEV;
 695                        break;
 696                }
 697                memset(sec, 0, sizeof(struct sockaddr_ec));
 698                sec->addr.station = edev->station;
 699                sec->addr.net = edev->net;
 700                sec->sec_family = AF_ECONET;
 701                dev_put(dev);
 702                if (copy_to_user(arg, &ifr, sizeof(struct ifreq)))
 703                        err = -EFAULT;
 704                break;
 705
 706        default:
 707                err = -EINVAL;
 708                break;
 709        }
 710
 711        mutex_unlock(&econet_mutex);
 712
 713        dev_put(dev);
 714
 715        return err;
 716}
 717
 718/*
 719 *        Handle generic ioctls
 720 */
 721
 722static int econet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 723{
 724        struct sock *sk = sock->sk;
 725        void __user *argp = (void __user *)arg;
 726
 727        switch(cmd) {
 728                case SIOCGSTAMP:
 729                        return sock_get_timestamp(sk, argp);
 730
 731                case SIOCGSTAMPNS:
 732                        return sock_get_timestampns(sk, argp);
 733
 734                case SIOCSIFADDR:
 735                case SIOCGIFADDR:
 736                        return ec_dev_ioctl(sock, cmd, argp);
 737                        break;
 738
 739                default:
 740                        return -ENOIOCTLCMD;
 741        }
 742        /*NOTREACHED*/
 743        return 0;
 744}
 745
 746static struct net_proto_family econet_family_ops = {
 747        .family =        PF_ECONET,
 748        .create =        econet_create,
 749        .owner        =        THIS_MODULE,
 750};
 751
 752static const struct proto_ops econet_ops = {
 753        .family =        PF_ECONET,
 754        .owner =        THIS_MODULE,
 755        .release =        econet_release,
 756        .bind =                econet_bind,
 757        .connect =        sock_no_connect,
 758        .socketpair =        sock_no_socketpair,
 759        .accept =        sock_no_accept,
 760        .getname =        econet_getname,
 761        .poll =                datagram_poll,
 762        .ioctl =        econet_ioctl,
 763        .listen =        sock_no_listen,
 764        .shutdown =        sock_no_shutdown,
 765        .setsockopt =        sock_no_setsockopt,
 766        .getsockopt =        sock_no_getsockopt,
 767        .sendmsg =        econet_sendmsg,
 768        .recvmsg =        econet_recvmsg,
 769        .mmap =                sock_no_mmap,
 770        .sendpage =        sock_no_sendpage,
 771};
 772
 773#if defined(CONFIG_ECONET_AUNUDP) || defined(CONFIG_ECONET_NATIVE)
 774/*
 775 *        Find the listening socket, if any, for the given data.
 776 */
 777
 778static struct sock *ec_listening_socket(unsigned char port, unsigned char
 779                                 station, unsigned char net)
 780{
 781        struct sock *sk;
 782        struct hlist_node *node;
 783
 784        sk_for_each(sk, node, &econet_sklist) {
 785                struct econet_sock *opt = ec_sk(sk);
 786                if ((opt->port == port || opt->port == 0) &&
 787                    (opt->station == station || opt->station == 0) &&
 788                    (opt->net == net || opt->net == 0))
 789                        goto found;
 790        }
 791        sk = NULL;
 792found:
 793        return sk;
 794}
 795
 796/*
 797 *        Queue a received packet for a socket.
 798 */
 799
 800static int ec_queue_packet(struct sock *sk, struct sk_buff *skb,
 801                           unsigned char stn, unsigned char net,
 802                           unsigned char cb, unsigned char port)
 803{
 804        struct ec_cb *eb = (struct ec_cb *)&skb->cb;
 805        struct sockaddr_ec *sec = (struct sockaddr_ec *)&eb->sec;
 806
 807        memset(sec, 0, sizeof(struct sockaddr_ec));
 808        sec->sec_family = AF_ECONET;
 809        sec->type = ECTYPE_PACKET_RECEIVED;
 810        sec->port = port;
 811        sec->cb = cb;
 812        sec->addr.net = net;
 813        sec->addr.station = stn;
 814
 815        return sock_queue_rcv_skb(sk, skb);
 816}
 817#endif
 818
 819#ifdef CONFIG_ECONET_AUNUDP
 820/*
 821 *        Send an AUN protocol response.
 822 */
 823
 824static void aun_send_response(__u32 addr, unsigned long seq, int code, int cb)
 825{
 826        struct sockaddr_in sin = {
 827                .sin_family = AF_INET,
 828                .sin_port = htons(AUN_PORT),
 829                .sin_addr = {.s_addr = addr}
 830        };
 831        struct aunhdr ah = {.code = code, .cb = cb, .handle = seq};
 832        struct kvec iov = {.iov_base = (void *)&ah, .iov_len = sizeof(ah)};
 833        struct msghdr udpmsg;
 834
 835        udpmsg.msg_name = (void *)&sin;
 836        udpmsg.msg_namelen = sizeof(sin);
 837        udpmsg.msg_control = NULL;
 838        udpmsg.msg_controllen = 0;
 839        udpmsg.msg_flags=0;
 840
 841        kernel_sendmsg(udpsock, &udpmsg, &iov, 1, sizeof(ah));
 842}
 843
 844
 845/*
 846 *        Handle incoming AUN packets.  Work out if anybody wants them,
 847 *        and send positive or negative acknowledgements as appropriate.
 848 */
 849
 850static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len)
 851{
 852        struct iphdr *ip = ip_hdr(skb);
 853        unsigned char stn = ntohl(ip->saddr) & 0xff;
 854        struct sock *sk;
 855        struct sk_buff *newskb;
 856        struct ec_device *edev = skb->dev->ec_ptr;
 857
 858        if (! edev)
 859                goto bad;
 860
 861        if ((sk = ec_listening_socket(ah->port, stn, edev->net)) == NULL)
 862                goto bad;                /* Nobody wants it */
 863
 864        newskb = alloc_skb((len - sizeof(struct aunhdr) + 15) & ~15,
 865                           GFP_ATOMIC);
 866        if (newskb == NULL)
 867        {
 868                printk(KERN_DEBUG "AUN: memory squeeze, dropping packet.\n");
 869                /* Send nack and hope sender tries again */
 870                goto bad;
 871        }
 872
 873        memcpy(skb_put(newskb, len - sizeof(struct aunhdr)), (void *)(ah+1),
 874               len - sizeof(struct aunhdr));
 875
 876        if (ec_queue_packet(sk, newskb, stn, edev->net, ah->cb, ah->port))
 877        {
 878                /* Socket is bankrupt. */
 879                kfree_skb(newskb);
 880                goto bad;
 881        }
 882
 883        aun_send_response(ip->saddr, ah->handle, 3, 0);
 884        return;
 885
 886bad:
 887        aun_send_response(ip->saddr, ah->handle, 4, 0);
 888}
 889
 890/*
 891 *        Handle incoming AUN transmit acknowledgements.  If the sequence
 892 *      number matches something in our backlog then kill it and tell
 893 *        the user.  If the remote took too long to reply then we may have
 894 *        dropped the packet already.
 895 */
 896
 897static void aun_tx_ack(unsigned long seq, int result)
 898{
 899        struct sk_buff *skb;
 900        unsigned long flags;
 901        struct ec_cb *eb;
 902
 903        spin_lock_irqsave(&aun_queue_lock, flags);
 904        skb = skb_peek(&aun_queue);
 905        while (skb && skb != (struct sk_buff *)&aun_queue)
 906        {
 907                struct sk_buff *newskb = skb->next;
 908                eb = (struct ec_cb *)&skb->cb;
 909                if (eb->seq == seq)
 910                        goto foundit;
 911
 912                skb = newskb;
 913        }
 914        spin_unlock_irqrestore(&aun_queue_lock, flags);
 915        printk(KERN_DEBUG "AUN: unknown sequence %ld\n", seq);
 916        return;
 917
 918foundit:
 919        tx_result(skb->sk, eb->cookie, result);
 920        skb_unlink(skb, &aun_queue);
 921        spin_unlock_irqrestore(&aun_queue_lock, flags);
 922        kfree_skb(skb);
 923}
 924
 925/*
 926 *        Deal with received AUN frames - sort out what type of thing it is
 927 *        and hand it to the right function.
 928 */
 929
 930static void aun_data_available(struct sock *sk, int slen)
 931{
 932        int err;
 933        struct sk_buff *skb;
 934        unsigned char *data;
 935        struct aunhdr *ah;
 936        struct iphdr *ip;
 937        size_t len;
 938
 939        while ((skb = skb_recv_datagram(sk, 0, 1, &err)) == NULL) {
 940                if (err == -EAGAIN) {
 941                        printk(KERN_ERR "AUN: no data available?!");
 942                        return;
 943                }
 944                printk(KERN_DEBUG "AUN: recvfrom() error %d\n", -err);
 945        }
 946
 947        data = skb_transport_header(skb) + sizeof(struct udphdr);
 948        ah = (struct aunhdr *)data;
 949        len = skb->len - sizeof(struct udphdr);
 950        ip = ip_hdr(skb);
 951
 952        switch (ah->code)
 953        {
 954        case 2:
 955                aun_incoming(skb, ah, len);
 956                break;
 957        case 3:
 958                aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_OK);
 959                break;
 960        case 4:
 961                aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_NOT_LISTENING);
 962                break;
 963#if 0
 964                /* This isn't quite right yet. */
 965        case 5:
 966                aun_send_response(ip->saddr, ah->handle, 6, ah->cb);
 967                break;
 968#endif
 969        default:
 970                printk(KERN_DEBUG "unknown AUN packet (type %d)\n", data[0]);
 971        }
 972
 973        skb_free_datagram(sk, skb);
 974}
 975
 976/*
 977 *        Called by the timer to manage the AUN transmit queue.  If a packet
 978 *        was sent to a dead or nonexistent host then we will never get an
 979 *        acknowledgement back.  After a few seconds we need to spot this and
 980 *        drop the packet.
 981 */
 982
 983static void ab_cleanup(unsigned long h)
 984{
 985        struct sk_buff *skb;
 986        unsigned long flags;
 987
 988        spin_lock_irqsave(&aun_queue_lock, flags);
 989        skb = skb_peek(&aun_queue);
 990        while (skb && skb != (struct sk_buff *)&aun_queue)
 991        {
 992                struct sk_buff *newskb = skb->next;
 993                struct ec_cb *eb = (struct ec_cb *)&skb->cb;
 994                if ((jiffies - eb->start) > eb->timeout)
 995                {
 996                        tx_result(skb->sk, eb->cookie,
 997                                  ECTYPE_TRANSMIT_NOT_PRESENT);
 998                        skb_unlink(skb, &aun_queue);
 999                        kfree_skb(skb);
1000                }
1001                skb = newskb;
1002        }
1003        spin_unlock_irqrestore(&aun_queue_lock, flags);
1004
1005        mod_timer(&ab_cleanup_timer, jiffies + (HZ*2));
1006}
1007
1008static int __init aun_udp_initialise(void)
1009{
1010        int error;
1011        struct sockaddr_in sin;
1012
1013        skb_queue_head_init(&aun_queue);
1014        spin_lock_init(&aun_queue_lock);
1015        setup_timer(&ab_cleanup_timer, ab_cleanup, 0);
1016        ab_cleanup_timer.expires = jiffies + (HZ*2);
1017        add_timer(&ab_cleanup_timer);
1018
1019        memset(&sin, 0, sizeof(sin));
1020        sin.sin_port = htons(AUN_PORT);
1021
1022        /* We can count ourselves lucky Acorn machines are too dim to
1023           speak IPv6. :-) */
1024        if ((error = sock_create_kern(PF_INET, SOCK_DGRAM, 0, &udpsock)) < 0)
1025        {
1026                printk("AUN: socket error %d\n", -error);
1027                return error;
1028        }
1029
1030        udpsock->sk->sk_reuse = 1;
1031        udpsock->sk->sk_allocation = GFP_ATOMIC; /* we're going to call it
1032                                                    from interrupts */
1033
1034        error = udpsock->ops->bind(udpsock, (struct sockaddr *)&sin,
1035                                sizeof(sin));
1036        if (error < 0)
1037        {
1038                printk("AUN: bind error %d\n", -error);
1039                goto release;
1040        }
1041
1042        udpsock->sk->sk_data_ready = aun_data_available;
1043
1044        return 0;
1045
1046release:
1047        sock_release(udpsock);
1048        udpsock = NULL;
1049        return error;
1050}
1051#endif
1052
1053#ifdef CONFIG_ECONET_NATIVE
1054
1055/*
1056 *        Receive an Econet frame from a device.
1057 */
1058
1059static int econet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
1060{
1061        struct ec_framehdr *hdr;
1062        struct sock *sk;
1063        struct ec_device *edev = dev->ec_ptr;
1064
1065        if (!net_eq(dev_net(dev), &init_net))
1066                goto drop;
1067
1068        if (skb->pkt_type == PACKET_OTHERHOST)
1069                goto drop;
1070
1071        if (!edev)
1072                goto drop;
1073
1074        if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
1075                return NET_RX_DROP;
1076
1077        if (!pskb_may_pull(skb, sizeof(struct ec_framehdr)))
1078                goto drop;
1079
1080        hdr = (struct ec_framehdr *) skb->data;
1081
1082        /* First check for encapsulated IP */
1083        if (hdr->port == EC_PORT_IP) {
1084                skb->protocol = htons(ETH_P_IP);
1085                skb_pull(skb, sizeof(struct ec_framehdr));
1086                netif_rx(skb);
1087                return 0;
1088        }
1089
1090        sk = ec_listening_socket(hdr->port, hdr->src_stn, hdr->src_net);
1091        if (!sk)
1092                goto drop;
1093
1094        if (ec_queue_packet(sk, skb, edev->net, hdr->src_stn, hdr->cb,
1095                            hdr->port))
1096                goto drop;
1097
1098        return 0;
1099
1100drop:
1101        kfree_skb(skb);
1102        return NET_RX_DROP;
1103}
1104
1105static struct packet_type econet_packet_type = {
1106        .type =                __constant_htons(ETH_P_ECONET),
1107        .func =                econet_rcv,
1108};
1109
1110static void econet_hw_initialise(void)
1111{
1112        dev_add_pack(&econet_packet_type);
1113}
1114
1115#endif
1116
1117static int econet_notifier(struct notifier_block *this, unsigned long msg, void *data)
1118{
1119        struct net_device *dev = (struct net_device *)data;
1120        struct ec_device *edev;
1121
1122        if (!net_eq(dev_net(dev), &init_net))
1123                return NOTIFY_DONE;
1124
1125        switch (msg) {
1126        case NETDEV_UNREGISTER:
1127                /* A device has gone down - kill any data we hold for it. */
1128                edev = dev->ec_ptr;
1129                if (edev)
1130                {
1131                        if (net2dev_map[0] == dev)
1132                                net2dev_map[0] = NULL;
1133                        net2dev_map[edev->net] = NULL;
1134                        kfree(edev);
1135                        dev->ec_ptr = NULL;
1136                }
1137                break;
1138        }
1139
1140        return NOTIFY_DONE;
1141}
1142
1143static struct notifier_block econet_netdev_notifier = {
1144        .notifier_call =econet_notifier,
1145};
1146
1147static void __exit econet_proto_exit(void)
1148{
1149#ifdef CONFIG_ECONET_AUNUDP
1150        del_timer(&ab_cleanup_timer);
1151        if (udpsock)
1152                sock_release(udpsock);
1153#endif
1154        unregister_netdevice_notifier(&econet_netdev_notifier);
1155#ifdef CONFIG_ECONET_NATIVE
1156        dev_remove_pack(&econet_packet_type);
1157#endif
1158        sock_unregister(econet_family_ops.family);
1159        proto_unregister(&econet_proto);
1160}
1161
1162static int __init econet_proto_init(void)
1163{
1164        int err = proto_register(&econet_proto, 0);
1165
1166        if (err != 0)
1167                goto out;
1168        sock_register(&econet_family_ops);
1169#ifdef CONFIG_ECONET_AUNUDP
1170        spin_lock_init(&aun_queue_lock);
1171        aun_udp_initialise();
1172#endif
1173#ifdef CONFIG_ECONET_NATIVE
1174        econet_hw_initialise();
1175#endif
1176        register_netdevice_notifier(&econet_netdev_notifier);
1177out:
1178        return err;
1179}
1180
1181module_init(econet_proto_init);
1182module_exit(econet_proto_exit);
1183
1184MODULE_LICENSE("GPL");
1185MODULE_ALIAS_NETPROTO(PF_ECONET);