1 // SPDX-License-Identifier: GPL-2.0 2 // Copyright (c) 2010-2011 EIA Electronics, 3 // Pieter Beyens <pieter.beyens@eia.be> 4 // Copyright (c) 2010-2011 EIA Electronics, 5 // Kurt Van Dijck <kurt.van.dijck@eia.be> 6 // Copyright (c) 2018 Protonic, 7 // Robin van der Gracht <robin@protonic.nl> 8 // Copyright (c) 2017-2019 Pengutronix, 9 // Marc Kleine-Budde <kernel@pengutronix.de> 10 // Copyright (c) 2017-2019 Pengutronix, 11 // Oleksij Rempel <kernel@pengutronix.de> 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/can/core.h> 16 #include <linux/can/skb.h> 17 #include <linux/errqueue.h> 18 #include <linux/if_arp.h> 19 20 #include "j1939-priv.h" 21 22 #define J1939_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_addr.j1939) 23 24 /* conversion function between struct sock::sk_priority from linux and 25 * j1939 priority field 26 */ 27 static inline priority_t j1939_prio(u32 sk_priority) 28 { 29 sk_priority = min(sk_priority, 7U); 30 31 return 7 - sk_priority; 32 } 33 34 static inline u32 j1939_to_sk_priority(priority_t prio) 35 { 36 return 7 - prio; 37 } 38 39 /* function to see if pgn is to be evaluated */ 40 static inline bool j1939_pgn_is_valid(pgn_t pgn) 41 { 42 return pgn <= J1939_PGN_MAX; 43 } 44 45 /* test function to avoid non-zero DA placeholder for pdu1 pgn's */ 46 static inline bool j1939_pgn_is_clean_pdu(pgn_t pgn) 47 { 48 if (j1939_pgn_is_pdu1(pgn)) 49 return !(pgn & 0xff); 50 else 51 return true; 52 } 53 54 static inline void j1939_sock_pending_add(struct sock *sk) 55 { 56 struct j1939_sock *jsk = j1939_sk(sk); 57 58 atomic_inc(&jsk->skb_pending); 59 } 60 61 static int j1939_sock_pending_get(struct sock *sk) 62 { 63 struct j1939_sock *jsk = j1939_sk(sk); 64 65 return atomic_read(&jsk->skb_pending); 66 } 67 68 void j1939_sock_pending_del(struct sock *sk) 69 { 70 struct j1939_sock *jsk = j1939_sk(sk); 71 72 /* atomic_dec_return returns the new value */ 73 if (!atomic_dec_return(&jsk->skb_pending)) 74 wake_up(&jsk->waitq); /* no pending SKB's */ 75 } 76 77 static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk) 78 { 79 jsk->state |= J1939_SOCK_BOUND; 80 j1939_priv_get(priv); 81 82 spin_lock_bh(&priv->j1939_socks_lock); 83 list_add_tail(&jsk->list, &priv->j1939_socks); 84 spin_unlock_bh(&priv->j1939_socks_lock); 85 } 86 87 static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk) 88 { 89 spin_lock_bh(&priv->j1939_socks_lock); 90 list_del_init(&jsk->list); 91 spin_unlock_bh(&priv->j1939_socks_lock); 92 93 j1939_priv_put(priv); 94 jsk->state &= ~J1939_SOCK_BOUND; 95 } 96 97 static bool j1939_sk_queue_session(struct j1939_session *session) 98 { 99 struct j1939_sock *jsk = j1939_sk(session->sk); 100 bool empty; 101 102 spin_lock_bh(&jsk->sk_session_queue_lock); 103 empty = list_empty(&jsk->sk_session_queue); 104 j1939_session_get(session); 105 list_add_tail(&session->sk_session_queue_entry, &jsk->sk_session_queue); 106 spin_unlock_bh(&jsk->sk_session_queue_lock); 107 j1939_sock_pending_add(&jsk->sk); 108 109 return empty; 110 } 111 112 static struct 113 j1939_session *j1939_sk_get_incomplete_session(struct j1939_sock *jsk) 114 { 115 struct j1939_session *session = NULL; 116 117 spin_lock_bh(&jsk->sk_session_queue_lock); 118 if (!list_empty(&jsk->sk_session_queue)) { 119 session = list_last_entry(&jsk->sk_session_queue, 120 struct j1939_session, 121 sk_session_queue_entry); 122 if (session->total_queued_size == session->total_message_size) 123 session = NULL; 124 else 125 j1939_session_get(session); 126 } 127 spin_unlock_bh(&jsk->sk_session_queue_lock); 128 129 return session; 130 } 131 132 static void j1939_sk_queue_drop_all(struct j1939_priv *priv, 133 struct j1939_sock *jsk, int err) 134 { 135 struct j1939_session *session, *tmp; 136 137 netdev_dbg(priv->ndev, "%s: err: %i\n", __func__, err); 138 spin_lock_bh(&jsk->sk_session_queue_lock); 139 list_for_each_entry_safe(session, tmp, &jsk->sk_session_queue, 140 sk_session_queue_entry) { 141 list_del_init(&session->sk_session_queue_entry); 142 session->err = err; 143 j1939_session_put(session); 144 } 145 spin_unlock_bh(&jsk->sk_session_queue_lock); 146 } 147 148 static void j1939_sk_queue_activate_next_locked(struct j1939_session *session) 149 { 150 struct j1939_sock *jsk; 151 struct j1939_session *first; 152 int err; 153 154 /* RX-Session don't have a socket (yet) */ 155 if (!session->sk) 156 return; 157 158 jsk = j1939_sk(session->sk); 159 lockdep_assert_held(&jsk->sk_session_queue_lock); 160 161 err = session->err; 162 163 first = list_first_entry_or_null(&jsk->sk_session_queue, 164 struct j1939_session, 165 sk_session_queue_entry); 166 167 /* Some else has already activated the next session */ 168 if (first != session) 169 return; 170 171 activate_next: 172 list_del_init(&first->sk_session_queue_entry); 173 j1939_session_put(first); 174 first = list_first_entry_or_null(&jsk->sk_session_queue, 175 struct j1939_session, 176 sk_session_queue_entry); 177 if (!first) 178 return; 179 180 if (WARN_ON_ONCE(j1939_session_activate(first))) { 181 first->err = -EBUSY; 182 goto activate_next; 183 } else { 184 /* Give receiver some time (arbitrary chosen) to recover */ 185 int time_ms = 0; 186 187 if (err) 188 time_ms = 10 + prandom_u32_max(16); 189 190 j1939_tp_schedule_txtimer(first, time_ms); 191 } 192 } 193 194 void j1939_sk_queue_activate_next(struct j1939_session *session) 195 { 196 struct j1939_sock *jsk; 197 198 if (!session->sk) 199 return; 200 201 jsk = j1939_sk(session->sk); 202 203 spin_lock_bh(&jsk->sk_session_queue_lock); 204 j1939_sk_queue_activate_next_locked(session); 205 spin_unlock_bh(&jsk->sk_session_queue_lock); 206 } 207 208 static bool j1939_sk_match_dst(struct j1939_sock *jsk, 209 const struct j1939_sk_buff_cb *skcb) 210 { 211 if ((jsk->state & J1939_SOCK_PROMISC)) 212 return true; 213 214 /* Destination address filter */ 215 if (jsk->addr.src_name && skcb->addr.dst_name) { 216 if (jsk->addr.src_name != skcb->addr.dst_name) 217 return false; 218 } else { 219 /* receive (all sockets) if 220 * - all packages that match our bind() address 221 * - all broadcast on a socket if SO_BROADCAST 222 * is set 223 */ 224 if (j1939_address_is_unicast(skcb->addr.da)) { 225 if (jsk->addr.sa != skcb->addr.da) 226 return false; 227 } else if (!sock_flag(&jsk->sk, SOCK_BROADCAST)) { 228 /* receiving broadcast without SO_BROADCAST 229 * flag is not allowed 230 */ 231 return false; 232 } 233 } 234 235 /* Source address filter */ 236 if (jsk->state & J1939_SOCK_CONNECTED) { 237 /* receive (all sockets) if 238 * - all packages that match our connect() name or address 239 */ 240 if (jsk->addr.dst_name && skcb->addr.src_name) { 241 if (jsk->addr.dst_name != skcb->addr.src_name) 242 return false; 243 } else { 244 if (jsk->addr.da != skcb->addr.sa) 245 return false; 246 } 247 } 248 249 /* PGN filter */ 250 if (j1939_pgn_is_valid(jsk->pgn_rx_filter) && 251 jsk->pgn_rx_filter != skcb->addr.pgn) 252 return false; 253 254 return true; 255 } 256 257 /* matches skb control buffer (addr) with a j1939 filter */ 258 static bool j1939_sk_match_filter(struct j1939_sock *jsk, 259 const struct j1939_sk_buff_cb *skcb) 260 { 261 const struct j1939_filter *f = jsk->filters; 262 int nfilter = jsk->nfilters; 263 264 if (!nfilter) 265 /* receive all when no filters are assigned */ 266 return true; 267 268 for (; nfilter; ++f, --nfilter) { 269 if ((skcb->addr.pgn & f->pgn_mask) != f->pgn) 270 continue; 271 if ((skcb->addr.sa & f->addr_mask) != f->addr) 272 continue; 273 if ((skcb->addr.src_name & f->name_mask) != f->name) 274 continue; 275 return true; 276 } 277 return false; 278 } 279 280 static bool j1939_sk_recv_match_one(struct j1939_sock *jsk, 281 const struct j1939_sk_buff_cb *skcb) 282 { 283 if (!(jsk->state & J1939_SOCK_BOUND)) 284 return false; 285 286 if (!j1939_sk_match_dst(jsk, skcb)) 287 return false; 288 289 if (!j1939_sk_match_filter(jsk, skcb)) 290 return false; 291 292 return true; 293 } 294 295 static void j1939_sk_recv_one(struct j1939_sock *jsk, struct sk_buff *oskb) 296 { 297 const struct j1939_sk_buff_cb *oskcb = j1939_skb_to_cb(oskb); 298 struct j1939_sk_buff_cb *skcb; 299 struct sk_buff *skb; 300 301 if (oskb->sk == &jsk->sk) 302 return; 303 304 if (!j1939_sk_recv_match_one(jsk, oskcb)) 305 return; 306 307 skb = skb_clone(oskb, GFP_ATOMIC); 308 if (!skb) { 309 pr_warn("skb clone failed\n"); 310 return; 311 } 312 can_skb_set_owner(skb, oskb->sk); 313 314 skcb = j1939_skb_to_cb(skb); 315 skcb->msg_flags &= ~(MSG_DONTROUTE); 316 if (skb->sk) 317 skcb->msg_flags |= MSG_DONTROUTE; 318 319 if (sock_queue_rcv_skb(&jsk->sk, skb) < 0) 320 kfree_skb(skb); 321 } 322 323 bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb) 324 { 325 struct j1939_sock *jsk; 326 bool match = false; 327 328 spin_lock_bh(&priv->j1939_socks_lock); 329 list_for_each_entry(jsk, &priv->j1939_socks, list) { 330 match = j1939_sk_recv_match_one(jsk, skcb); 331 if (match) 332 break; 333 } 334 spin_unlock_bh(&priv->j1939_socks_lock); 335 336 return match; 337 } 338 339 void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb) 340 { 341 struct j1939_sock *jsk; 342 343 spin_lock_bh(&priv->j1939_socks_lock); 344 list_for_each_entry(jsk, &priv->j1939_socks, list) { 345 j1939_sk_recv_one(jsk, skb); 346 } 347 spin_unlock_bh(&priv->j1939_socks_lock); 348 } 349 350 static void j1939_sk_sock_destruct(struct sock *sk) 351 { 352 struct j1939_sock *jsk = j1939_sk(sk); 353 354 /* This function will be call by the generic networking code, when then 355 * the socket is ultimately closed (sk->sk_destruct). 356 * 357 * The race between 358 * - processing a received CAN frame 359 * (can_receive -> j1939_can_recv) 360 * and accessing j1939_priv 361 * ... and ... 362 * - closing a socket 363 * (j1939_can_rx_unregister -> can_rx_unregister) 364 * and calling the final j1939_priv_put() 365 * 366 * is avoided by calling the final j1939_priv_put() from this 367 * RCU deferred cleanup call. 368 */ 369 if (jsk->priv) { 370 j1939_priv_put(jsk->priv); 371 jsk->priv = NULL; 372 } 373 374 /* call generic CAN sock destruct */ 375 can_sock_destruct(sk); 376 } 377 378 static int j1939_sk_init(struct sock *sk) 379 { 380 struct j1939_sock *jsk = j1939_sk(sk); 381 382 /* Ensure that "sk" is first member in "struct j1939_sock", so that we 383 * can skip it during memset(). 384 */ 385 BUILD_BUG_ON(offsetof(struct j1939_sock, sk) != 0); 386 memset((void *)jsk + sizeof(jsk->sk), 0x0, 387 sizeof(*jsk) - sizeof(jsk->sk)); 388 389 INIT_LIST_HEAD(&jsk->list); 390 init_waitqueue_head(&jsk->waitq); 391 jsk->sk.sk_priority = j1939_to_sk_priority(6); 392 jsk->sk.sk_reuse = 1; /* per default */ 393 jsk->addr.sa = J1939_NO_ADDR; 394 jsk->addr.da = J1939_NO_ADDR; 395 jsk->addr.pgn = J1939_NO_PGN; 396 jsk->pgn_rx_filter = J1939_NO_PGN; 397 atomic_set(&jsk->skb_pending, 0); 398 spin_lock_init(&jsk->sk_session_queue_lock); 399 INIT_LIST_HEAD(&jsk->sk_session_queue); 400 sk->sk_destruct = j1939_sk_sock_destruct; 401 sk->sk_protocol = CAN_J1939; 402 403 return 0; 404 } 405 406 static int j1939_sk_sanity_check(struct sockaddr_can *addr, int len) 407 { 408 if (!addr) 409 return -EDESTADDRREQ; 410 if (len < J1939_MIN_NAMELEN) 411 return -EINVAL; 412 if (addr->can_family != AF_CAN) 413 return -EINVAL; 414 if (!addr->can_ifindex) 415 return -ENODEV; 416 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) && 417 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) 418 return -EINVAL; 419 420 return 0; 421 } 422 423 static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len) 424 { 425 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 426 struct j1939_sock *jsk = j1939_sk(sock->sk); 427 struct j1939_priv *priv; 428 struct sock *sk; 429 struct net *net; 430 int ret = 0; 431 432 ret = j1939_sk_sanity_check(addr, len); 433 if (ret) 434 return ret; 435 436 lock_sock(sock->sk); 437 438 priv = jsk->priv; 439 sk = sock->sk; 440 net = sock_net(sk); 441 442 /* Already bound to an interface? */ 443 if (jsk->state & J1939_SOCK_BOUND) { 444 /* A re-bind() to a different interface is not 445 * supported. 446 */ 447 if (jsk->ifindex != addr->can_ifindex) { 448 ret = -EINVAL; 449 goto out_release_sock; 450 } 451 452 /* drop old references */ 453 j1939_jsk_del(priv, jsk); 454 j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa); 455 } else { 456 struct net_device *ndev; 457 458 ndev = dev_get_by_index(net, addr->can_ifindex); 459 if (!ndev) { 460 ret = -ENODEV; 461 goto out_release_sock; 462 } 463 464 if (ndev->type != ARPHRD_CAN) { 465 dev_put(ndev); 466 ret = -ENODEV; 467 goto out_release_sock; 468 } 469 470 if (!ndev->ml_priv) { 471 netdev_warn_once(ndev, 472 "No CAN mid layer private allocated, please fix your driver and use alloc_candev()!\n"); 473 dev_put(ndev); 474 ret = -ENODEV; 475 goto out_release_sock; 476 } 477 478 priv = j1939_netdev_start(ndev); 479 dev_put(ndev); 480 if (IS_ERR(priv)) { 481 ret = PTR_ERR(priv); 482 goto out_release_sock; 483 } 484 485 jsk->ifindex = addr->can_ifindex; 486 487 /* the corresponding j1939_priv_put() is called via 488 * sk->sk_destruct, which points to j1939_sk_sock_destruct() 489 */ 490 j1939_priv_get(priv); 491 jsk->priv = priv; 492 } 493 494 /* set default transmit pgn */ 495 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 496 jsk->pgn_rx_filter = addr->can_addr.j1939.pgn; 497 jsk->addr.src_name = addr->can_addr.j1939.name; 498 jsk->addr.sa = addr->can_addr.j1939.addr; 499 500 /* get new references */ 501 ret = j1939_local_ecu_get(priv, jsk->addr.src_name, jsk->addr.sa); 502 if (ret) { 503 j1939_netdev_stop(priv); 504 goto out_release_sock; 505 } 506 507 j1939_jsk_add(priv, jsk); 508 509 out_release_sock: /* fall through */ 510 release_sock(sock->sk); 511 512 return ret; 513 } 514 515 static int j1939_sk_connect(struct socket *sock, struct sockaddr *uaddr, 516 int len, int flags) 517 { 518 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 519 struct j1939_sock *jsk = j1939_sk(sock->sk); 520 int ret = 0; 521 522 ret = j1939_sk_sanity_check(addr, len); 523 if (ret) 524 return ret; 525 526 lock_sock(sock->sk); 527 528 /* bind() before connect() is mandatory */ 529 if (!(jsk->state & J1939_SOCK_BOUND)) { 530 ret = -EINVAL; 531 goto out_release_sock; 532 } 533 534 /* A connect() to a different interface is not supported. */ 535 if (jsk->ifindex != addr->can_ifindex) { 536 ret = -EINVAL; 537 goto out_release_sock; 538 } 539 540 if (!addr->can_addr.j1939.name && 541 addr->can_addr.j1939.addr == J1939_NO_ADDR && 542 !sock_flag(&jsk->sk, SOCK_BROADCAST)) { 543 /* broadcast, but SO_BROADCAST not set */ 544 ret = -EACCES; 545 goto out_release_sock; 546 } 547 548 jsk->addr.dst_name = addr->can_addr.j1939.name; 549 jsk->addr.da = addr->can_addr.j1939.addr; 550 551 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 552 jsk->addr.pgn = addr->can_addr.j1939.pgn; 553 554 jsk->state |= J1939_SOCK_CONNECTED; 555 556 out_release_sock: /* fall through */ 557 release_sock(sock->sk); 558 559 return ret; 560 } 561 562 static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr, 563 const struct j1939_sock *jsk, int peer) 564 { 565 /* There are two holes (2 bytes and 3 bytes) to clear to avoid 566 * leaking kernel information to user space. 567 */ 568 memset(addr, 0, J1939_MIN_NAMELEN); 569 570 addr->can_family = AF_CAN; 571 addr->can_ifindex = jsk->ifindex; 572 addr->can_addr.j1939.pgn = jsk->addr.pgn; 573 if (peer) { 574 addr->can_addr.j1939.name = jsk->addr.dst_name; 575 addr->can_addr.j1939.addr = jsk->addr.da; 576 } else { 577 addr->can_addr.j1939.name = jsk->addr.src_name; 578 addr->can_addr.j1939.addr = jsk->addr.sa; 579 } 580 } 581 582 static int j1939_sk_getname(struct socket *sock, struct sockaddr *uaddr, 583 int peer) 584 { 585 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; 586 struct sock *sk = sock->sk; 587 struct j1939_sock *jsk = j1939_sk(sk); 588 int ret = 0; 589 590 lock_sock(sk); 591 592 if (peer && !(jsk->state & J1939_SOCK_CONNECTED)) { 593 ret = -EADDRNOTAVAIL; 594 goto failure; 595 } 596 597 j1939_sk_sock2sockaddr_can(addr, jsk, peer); 598 ret = J1939_MIN_NAMELEN; 599 600 failure: 601 release_sock(sk); 602 603 return ret; 604 } 605 606 static int j1939_sk_release(struct socket *sock) 607 { 608 struct sock *sk = sock->sk; 609 struct j1939_sock *jsk; 610 611 if (!sk) 612 return 0; 613 614 lock_sock(sk); 615 jsk = j1939_sk(sk); 616 617 if (jsk->state & J1939_SOCK_BOUND) { 618 struct j1939_priv *priv = jsk->priv; 619 620 if (wait_event_interruptible(jsk->waitq, 621 !j1939_sock_pending_get(&jsk->sk))) { 622 j1939_cancel_active_session(priv, sk); 623 j1939_sk_queue_drop_all(priv, jsk, ESHUTDOWN); 624 } 625 626 j1939_jsk_del(priv, jsk); 627 628 j1939_local_ecu_put(priv, jsk->addr.src_name, 629 jsk->addr.sa); 630 631 j1939_netdev_stop(priv); 632 } 633 634 kfree(jsk->filters); 635 sock_orphan(sk); 636 sock->sk = NULL; 637 638 release_sock(sk); 639 sock_put(sk); 640 641 return 0; 642 } 643 644 static int j1939_sk_setsockopt_flag(struct j1939_sock *jsk, sockptr_t optval, 645 unsigned int optlen, int flag) 646 { 647 int tmp; 648 649 if (optlen != sizeof(tmp)) 650 return -EINVAL; 651 if (copy_from_sockptr(&tmp, optval, optlen)) 652 return -EFAULT; 653 lock_sock(&jsk->sk); 654 if (tmp) 655 jsk->state |= flag; 656 else 657 jsk->state &= ~flag; 658 release_sock(&jsk->sk); 659 return tmp; 660 } 661 662 static int j1939_sk_setsockopt(struct socket *sock, int level, int optname, 663 sockptr_t optval, unsigned int optlen) 664 { 665 struct sock *sk = sock->sk; 666 struct j1939_sock *jsk = j1939_sk(sk); 667 int tmp, count = 0, ret = 0; 668 struct j1939_filter *filters = NULL, *ofilters; 669 670 if (level != SOL_CAN_J1939) 671 return -EINVAL; 672 673 switch (optname) { 674 case SO_J1939_FILTER: 675 if (!sockptr_is_null(optval)) { 676 struct j1939_filter *f; 677 int c; 678 679 if (optlen % sizeof(*filters) != 0) 680 return -EINVAL; 681 682 if (optlen > J1939_FILTER_MAX * 683 sizeof(struct j1939_filter)) 684 return -EINVAL; 685 686 count = optlen / sizeof(*filters); 687 filters = memdup_sockptr(optval, optlen); 688 if (IS_ERR(filters)) 689 return PTR_ERR(filters); 690 691 for (f = filters, c = count; c; f++, c--) { 692 f->name &= f->name_mask; 693 f->pgn &= f->pgn_mask; 694 f->addr &= f->addr_mask; 695 } 696 } 697 698 lock_sock(&jsk->sk); 699 ofilters = jsk->filters; 700 jsk->filters = filters; 701 jsk->nfilters = count; 702 release_sock(&jsk->sk); 703 kfree(ofilters); 704 return 0; 705 case SO_J1939_PROMISC: 706 return j1939_sk_setsockopt_flag(jsk, optval, optlen, 707 J1939_SOCK_PROMISC); 708 case SO_J1939_ERRQUEUE: 709 ret = j1939_sk_setsockopt_flag(jsk, optval, optlen, 710 J1939_SOCK_ERRQUEUE); 711 if (ret < 0) 712 return ret; 713 714 if (!(jsk->state & J1939_SOCK_ERRQUEUE)) 715 skb_queue_purge(&sk->sk_error_queue); 716 return ret; 717 case SO_J1939_SEND_PRIO: 718 if (optlen != sizeof(tmp)) 719 return -EINVAL; 720 if (copy_from_sockptr(&tmp, optval, optlen)) 721 return -EFAULT; 722 if (tmp < 0 || tmp > 7) 723 return -EDOM; 724 if (tmp < 2 && !capable(CAP_NET_ADMIN)) 725 return -EPERM; 726 lock_sock(&jsk->sk); 727 jsk->sk.sk_priority = j1939_to_sk_priority(tmp); 728 release_sock(&jsk->sk); 729 return 0; 730 default: 731 return -ENOPROTOOPT; 732 } 733 } 734 735 static int j1939_sk_getsockopt(struct socket *sock, int level, int optname, 736 char __user *optval, int __user *optlen) 737 { 738 struct sock *sk = sock->sk; 739 struct j1939_sock *jsk = j1939_sk(sk); 740 int ret, ulen; 741 /* set defaults for using 'int' properties */ 742 int tmp = 0; 743 int len = sizeof(tmp); 744 void *val = &tmp; 745 746 if (level != SOL_CAN_J1939) 747 return -EINVAL; 748 if (get_user(ulen, optlen)) 749 return -EFAULT; 750 if (ulen < 0) 751 return -EINVAL; 752 753 lock_sock(&jsk->sk); 754 switch (optname) { 755 case SO_J1939_PROMISC: 756 tmp = (jsk->state & J1939_SOCK_PROMISC) ? 1 : 0; 757 break; 758 case SO_J1939_ERRQUEUE: 759 tmp = (jsk->state & J1939_SOCK_ERRQUEUE) ? 1 : 0; 760 break; 761 case SO_J1939_SEND_PRIO: 762 tmp = j1939_prio(jsk->sk.sk_priority); 763 break; 764 default: 765 ret = -ENOPROTOOPT; 766 goto no_copy; 767 } 768 769 /* copy to user, based on 'len' & 'val' 770 * but most sockopt's are 'int' properties, and have 'len' & 'val' 771 * left unchanged, but instead modified 'tmp' 772 */ 773 if (len > ulen) 774 ret = -EFAULT; 775 else if (put_user(len, optlen)) 776 ret = -EFAULT; 777 else if (copy_to_user(optval, val, len)) 778 ret = -EFAULT; 779 else 780 ret = 0; 781 no_copy: 782 release_sock(&jsk->sk); 783 return ret; 784 } 785 786 static int j1939_sk_recvmsg(struct socket *sock, struct msghdr *msg, 787 size_t size, int flags) 788 { 789 struct sock *sk = sock->sk; 790 struct sk_buff *skb; 791 struct j1939_sk_buff_cb *skcb; 792 int ret = 0; 793 794 if (flags & ~(MSG_DONTWAIT | MSG_ERRQUEUE)) 795 return -EINVAL; 796 797 if (flags & MSG_ERRQUEUE) 798 return sock_recv_errqueue(sock->sk, msg, size, SOL_CAN_J1939, 799 SCM_J1939_ERRQUEUE); 800 801 skb = skb_recv_datagram(sk, flags, 0, &ret); 802 if (!skb) 803 return ret; 804 805 if (size < skb->len) 806 msg->msg_flags |= MSG_TRUNC; 807 else 808 size = skb->len; 809 810 ret = memcpy_to_msg(msg, skb->data, size); 811 if (ret < 0) { 812 skb_free_datagram(sk, skb); 813 return ret; 814 } 815 816 skcb = j1939_skb_to_cb(skb); 817 if (j1939_address_is_valid(skcb->addr.da)) 818 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_ADDR, 819 sizeof(skcb->addr.da), &skcb->addr.da); 820 821 if (skcb->addr.dst_name) 822 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_NAME, 823 sizeof(skcb->addr.dst_name), &skcb->addr.dst_name); 824 825 put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_PRIO, 826 sizeof(skcb->priority), &skcb->priority); 827 828 if (msg->msg_name) { 829 struct sockaddr_can *paddr = msg->msg_name; 830 831 msg->msg_namelen = J1939_MIN_NAMELEN; 832 memset(msg->msg_name, 0, msg->msg_namelen); 833 paddr->can_family = AF_CAN; 834 paddr->can_ifindex = skb->skb_iif; 835 paddr->can_addr.j1939.name = skcb->addr.src_name; 836 paddr->can_addr.j1939.addr = skcb->addr.sa; 837 paddr->can_addr.j1939.pgn = skcb->addr.pgn; 838 } 839 840 sock_recv_ts_and_drops(msg, sk, skb); 841 msg->msg_flags |= skcb->msg_flags; 842 skb_free_datagram(sk, skb); 843 844 return size; 845 } 846 847 static struct sk_buff *j1939_sk_alloc_skb(struct net_device *ndev, 848 struct sock *sk, 849 struct msghdr *msg, size_t size, 850 int *errcode) 851 { 852 struct j1939_sock *jsk = j1939_sk(sk); 853 struct j1939_sk_buff_cb *skcb; 854 struct sk_buff *skb; 855 int ret; 856 857 skb = sock_alloc_send_skb(sk, 858 size + 859 sizeof(struct can_frame) - 860 sizeof(((struct can_frame *)NULL)->data) + 861 sizeof(struct can_skb_priv), 862 msg->msg_flags & MSG_DONTWAIT, &ret); 863 if (!skb) 864 goto failure; 865 866 can_skb_reserve(skb); 867 can_skb_prv(skb)->ifindex = ndev->ifindex; 868 can_skb_prv(skb)->skbcnt = 0; 869 skb_reserve(skb, offsetof(struct can_frame, data)); 870 871 ret = memcpy_from_msg(skb_put(skb, size), msg, size); 872 if (ret < 0) 873 goto free_skb; 874 875 skb->dev = ndev; 876 877 skcb = j1939_skb_to_cb(skb); 878 memset(skcb, 0, sizeof(*skcb)); 879 skcb->addr = jsk->addr; 880 skcb->priority = j1939_prio(sk->sk_priority); 881 882 if (msg->msg_name) { 883 struct sockaddr_can *addr = msg->msg_name; 884 885 if (addr->can_addr.j1939.name || 886 addr->can_addr.j1939.addr != J1939_NO_ADDR) { 887 skcb->addr.dst_name = addr->can_addr.j1939.name; 888 skcb->addr.da = addr->can_addr.j1939.addr; 889 } 890 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn)) 891 skcb->addr.pgn = addr->can_addr.j1939.pgn; 892 } 893 894 *errcode = ret; 895 return skb; 896 897 free_skb: 898 kfree_skb(skb); 899 failure: 900 *errcode = ret; 901 return NULL; 902 } 903 904 static size_t j1939_sk_opt_stats_get_size(void) 905 { 906 return 907 nla_total_size(sizeof(u32)) + /* J1939_NLA_BYTES_ACKED */ 908 0; 909 } 910 911 static struct sk_buff * 912 j1939_sk_get_timestamping_opt_stats(struct j1939_session *session) 913 { 914 struct sk_buff *stats; 915 u32 size; 916 917 stats = alloc_skb(j1939_sk_opt_stats_get_size(), GFP_ATOMIC); 918 if (!stats) 919 return NULL; 920 921 if (session->skcb.addr.type == J1939_SIMPLE) 922 size = session->total_message_size; 923 else 924 size = min(session->pkt.tx_acked * 7, 925 session->total_message_size); 926 927 nla_put_u32(stats, J1939_NLA_BYTES_ACKED, size); 928 929 return stats; 930 } 931 932 void j1939_sk_errqueue(struct j1939_session *session, 933 enum j1939_sk_errqueue_type type) 934 { 935 struct j1939_priv *priv = session->priv; 936 struct sock *sk = session->sk; 937 struct j1939_sock *jsk; 938 struct sock_exterr_skb *serr; 939 struct sk_buff *skb; 940 char *state = "UNK"; 941 int err; 942 943 /* currently we have no sk for the RX session */ 944 if (!sk) 945 return; 946 947 jsk = j1939_sk(sk); 948 949 if (!(jsk->state & J1939_SOCK_ERRQUEUE)) 950 return; 951 952 skb = j1939_sk_get_timestamping_opt_stats(session); 953 if (!skb) 954 return; 955 956 skb->tstamp = ktime_get_real(); 957 958 BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb)); 959 960 serr = SKB_EXT_ERR(skb); 961 memset(serr, 0, sizeof(*serr)); 962 switch (type) { 963 case J1939_ERRQUEUE_ACK: 964 if (!(sk->sk_tsflags & SOF_TIMESTAMPING_TX_ACK)) { 965 kfree_skb(skb); 966 return; 967 } 968 969 serr->ee.ee_errno = ENOMSG; 970 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 971 serr->ee.ee_info = SCM_TSTAMP_ACK; 972 state = "ACK"; 973 break; 974 case J1939_ERRQUEUE_SCHED: 975 if (!(sk->sk_tsflags & SOF_TIMESTAMPING_TX_SCHED)) { 976 kfree_skb(skb); 977 return; 978 } 979 980 serr->ee.ee_errno = ENOMSG; 981 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 982 serr->ee.ee_info = SCM_TSTAMP_SCHED; 983 state = "SCH"; 984 break; 985 case J1939_ERRQUEUE_ABORT: 986 serr->ee.ee_errno = session->err; 987 serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL; 988 serr->ee.ee_info = J1939_EE_INFO_TX_ABORT; 989 state = "ABT"; 990 break; 991 default: 992 netdev_err(priv->ndev, "Unknown errqueue type %i\n", type); 993 } 994 995 serr->opt_stats = true; 996 if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) 997 serr->ee.ee_data = session->tskey; 998 999 netdev_dbg(session->priv->ndev, "%s: 0x%p tskey: %i, state: %s\n", 1000 __func__, session, session->tskey, state); 1001 err = sock_queue_err_skb(sk, skb); 1002 1003 if (err) 1004 kfree_skb(skb); 1005 }; 1006 1007 void j1939_sk_send_loop_abort(struct sock *sk, int err) 1008 { 1009 sk->sk_err = err; 1010 1011 sk->sk_error_report(sk); 1012 } 1013 1014 static int j1939_sk_send_loop(struct j1939_priv *priv, struct sock *sk, 1015 struct msghdr *msg, size_t size) 1016 1017 { 1018 struct j1939_sock *jsk = j1939_sk(sk); 1019 struct j1939_session *session = j1939_sk_get_incomplete_session(jsk); 1020 struct sk_buff *skb; 1021 size_t segment_size, todo_size; 1022 int ret = 0; 1023 1024 if (session && 1025 session->total_message_size != session->total_queued_size + size) { 1026 j1939_session_put(session); 1027 return -EIO; 1028 } 1029 1030 todo_size = size; 1031 1032 while (todo_size) { 1033 struct j1939_sk_buff_cb *skcb; 1034 1035 segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE, 1036 todo_size); 1037 1038 /* Allocate skb for one segment */ 1039 skb = j1939_sk_alloc_skb(priv->ndev, sk, msg, segment_size, 1040 &ret); 1041 if (ret) 1042 break; 1043 1044 skcb = j1939_skb_to_cb(skb); 1045 1046 if (!session) { 1047 /* at this point the size should be full size 1048 * of the session 1049 */ 1050 skcb->offset = 0; 1051 session = j1939_tp_send(priv, skb, size); 1052 if (IS_ERR(session)) { 1053 ret = PTR_ERR(session); 1054 goto kfree_skb; 1055 } 1056 if (j1939_sk_queue_session(session)) { 1057 /* try to activate session if we a 1058 * fist in the queue 1059 */ 1060 if (!j1939_session_activate(session)) { 1061 j1939_tp_schedule_txtimer(session, 0); 1062 } else { 1063 ret = -EBUSY; 1064 session->err = ret; 1065 j1939_sk_queue_drop_all(priv, jsk, 1066 EBUSY); 1067 break; 1068 } 1069 } 1070 } else { 1071 skcb->offset = session->total_queued_size; 1072 j1939_session_skb_queue(session, skb); 1073 } 1074 1075 todo_size -= segment_size; 1076 session->total_queued_size += segment_size; 1077 } 1078 1079 switch (ret) { 1080 case 0: /* OK */ 1081 if (todo_size) 1082 netdev_warn(priv->ndev, 1083 "no error found and not completely queued?! %zu\n", 1084 todo_size); 1085 ret = size; 1086 break; 1087 case -ERESTARTSYS: 1088 ret = -EINTR; 1089 fallthrough; 1090 case -EAGAIN: /* OK */ 1091 if (todo_size != size) 1092 ret = size - todo_size; 1093 break; 1094 default: /* ERROR */ 1095 break; 1096 } 1097 1098 if (session) 1099 j1939_session_put(session); 1100 1101 return ret; 1102 1103 kfree_skb: 1104 kfree_skb(skb); 1105 return ret; 1106 } 1107 1108 static int j1939_sk_sendmsg(struct socket *sock, struct msghdr *msg, 1109 size_t size) 1110 { 1111 struct sock *sk = sock->sk; 1112 struct j1939_sock *jsk = j1939_sk(sk); 1113 struct j1939_priv *priv; 1114 int ifindex; 1115 int ret; 1116 1117 lock_sock(sock->sk); 1118 /* various socket state tests */ 1119 if (!(jsk->state & J1939_SOCK_BOUND)) { 1120 ret = -EBADFD; 1121 goto sendmsg_done; 1122 } 1123 1124 priv = jsk->priv; 1125 ifindex = jsk->ifindex; 1126 1127 if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) { 1128 /* no source address assigned yet */ 1129 ret = -EBADFD; 1130 goto sendmsg_done; 1131 } 1132 1133 /* deal with provided destination address info */ 1134 if (msg->msg_name) { 1135 struct sockaddr_can *addr = msg->msg_name; 1136 1137 if (msg->msg_namelen < J1939_MIN_NAMELEN) { 1138 ret = -EINVAL; 1139 goto sendmsg_done; 1140 } 1141 1142 if (addr->can_family != AF_CAN) { 1143 ret = -EINVAL; 1144 goto sendmsg_done; 1145 } 1146 1147 if (addr->can_ifindex && addr->can_ifindex != ifindex) { 1148 ret = -EBADFD; 1149 goto sendmsg_done; 1150 } 1151 1152 if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) && 1153 !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) { 1154 ret = -EINVAL; 1155 goto sendmsg_done; 1156 } 1157 1158 if (!addr->can_addr.j1939.name && 1159 addr->can_addr.j1939.addr == J1939_NO_ADDR && 1160 !sock_flag(sk, SOCK_BROADCAST)) { 1161 /* broadcast, but SO_BROADCAST not set */ 1162 ret = -EACCES; 1163 goto sendmsg_done; 1164 } 1165 } else { 1166 if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR && 1167 !sock_flag(sk, SOCK_BROADCAST)) { 1168 /* broadcast, but SO_BROADCAST not set */ 1169 ret = -EACCES; 1170 goto sendmsg_done; 1171 } 1172 } 1173 1174 ret = j1939_sk_send_loop(priv, sk, msg, size); 1175 1176 sendmsg_done: 1177 release_sock(sock->sk); 1178 1179 return ret; 1180 } 1181 1182 void j1939_sk_netdev_event_netdown(struct j1939_priv *priv) 1183 { 1184 struct j1939_sock *jsk; 1185 int error_code = ENETDOWN; 1186 1187 spin_lock_bh(&priv->j1939_socks_lock); 1188 list_for_each_entry(jsk, &priv->j1939_socks, list) { 1189 jsk->sk.sk_err = error_code; 1190 if (!sock_flag(&jsk->sk, SOCK_DEAD)) 1191 jsk->sk.sk_error_report(&jsk->sk); 1192 1193 j1939_sk_queue_drop_all(priv, jsk, error_code); 1194 } 1195 spin_unlock_bh(&priv->j1939_socks_lock); 1196 } 1197 1198 static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd, 1199 unsigned long arg) 1200 { 1201 /* no ioctls for socket layer -> hand it down to NIC layer */ 1202 return -ENOIOCTLCMD; 1203 } 1204 1205 static const struct proto_ops j1939_ops = { 1206 .family = PF_CAN, 1207 .release = j1939_sk_release, 1208 .bind = j1939_sk_bind, 1209 .connect = j1939_sk_connect, 1210 .socketpair = sock_no_socketpair, 1211 .accept = sock_no_accept, 1212 .getname = j1939_sk_getname, 1213 .poll = datagram_poll, 1214 .ioctl = j1939_sk_no_ioctlcmd, 1215 .listen = sock_no_listen, 1216 .shutdown = sock_no_shutdown, 1217 .setsockopt = j1939_sk_setsockopt, 1218 .getsockopt = j1939_sk_getsockopt, 1219 .sendmsg = j1939_sk_sendmsg, 1220 .recvmsg = j1939_sk_recvmsg, 1221 .mmap = sock_no_mmap, 1222 .sendpage = sock_no_sendpage, 1223 }; 1224 1225 static struct proto j1939_proto __read_mostly = { 1226 .name = "CAN_J1939", 1227 .owner = THIS_MODULE, 1228 .obj_size = sizeof(struct j1939_sock), 1229 .init = j1939_sk_init, 1230 }; 1231 1232 const struct can_proto j1939_can_proto = { 1233 .type = SOCK_DGRAM, 1234 .protocol = CAN_J1939, 1235 .ops = &j1939_ops, 1236 .prot = &j1939_proto, 1237 }; 1238