xref: /openbmc/linux/net/can/j1939/transport.c (revision fb8d6c8d)
1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2010-2011 EIA Electronics,
3 //                         Kurt Van Dijck <kurt.van.dijck@eia.be>
4 // Copyright (c) 2018 Protonic,
5 //                         Robin van der Gracht <robin@protonic.nl>
6 // Copyright (c) 2017-2019 Pengutronix,
7 //                         Marc Kleine-Budde <kernel@pengutronix.de>
8 // Copyright (c) 2017-2019 Pengutronix,
9 //                         Oleksij Rempel <kernel@pengutronix.de>
10 
11 #include <linux/can/skb.h>
12 
13 #include "j1939-priv.h"
14 
15 #define J1939_XTP_TX_RETRY_LIMIT 100
16 
17 #define J1939_ETP_PGN_CTL 0xc800
18 #define J1939_ETP_PGN_DAT 0xc700
19 #define J1939_TP_PGN_CTL 0xec00
20 #define J1939_TP_PGN_DAT 0xeb00
21 
22 #define J1939_TP_CMD_RTS 0x10
23 #define J1939_TP_CMD_CTS 0x11
24 #define J1939_TP_CMD_EOMA 0x13
25 #define J1939_TP_CMD_BAM 0x20
26 #define J1939_TP_CMD_ABORT 0xff
27 
28 #define J1939_ETP_CMD_RTS 0x14
29 #define J1939_ETP_CMD_CTS 0x15
30 #define J1939_ETP_CMD_DPO 0x16
31 #define J1939_ETP_CMD_EOMA 0x17
32 #define J1939_ETP_CMD_ABORT 0xff
33 
34 enum j1939_xtp_abort {
35 	J1939_XTP_NO_ABORT = 0,
36 	J1939_XTP_ABORT_BUSY = 1,
37 	/* Already in one or more connection managed sessions and
38 	 * cannot support another.
39 	 *
40 	 * EALREADY:
41 	 * Operation already in progress
42 	 */
43 
44 	J1939_XTP_ABORT_RESOURCE = 2,
45 	/* System resources were needed for another task so this
46 	 * connection managed session was terminated.
47 	 *
48 	 * EMSGSIZE:
49 	 * The socket type requires that message be sent atomically,
50 	 * and the size of the message to be sent made this
51 	 * impossible.
52 	 */
53 
54 	J1939_XTP_ABORT_TIMEOUT = 3,
55 	/* A timeout occurred and this is the connection abort to
56 	 * close the session.
57 	 *
58 	 * EHOSTUNREACH:
59 	 * The destination host cannot be reached (probably because
60 	 * the host is down or a remote router cannot reach it).
61 	 */
62 
63 	J1939_XTP_ABORT_GENERIC = 4,
64 	/* CTS messages received when data transfer is in progress
65 	 *
66 	 * EBADMSG:
67 	 * Not a data message
68 	 */
69 
70 	J1939_XTP_ABORT_FAULT = 5,
71 	/* Maximal retransmit request limit reached
72 	 *
73 	 * ENOTRECOVERABLE:
74 	 * State not recoverable
75 	 */
76 
77 	J1939_XTP_ABORT_UNEXPECTED_DATA = 6,
78 	/* Unexpected data transfer packet
79 	 *
80 	 * ENOTCONN:
81 	 * Transport endpoint is not connected
82 	 */
83 
84 	J1939_XTP_ABORT_BAD_SEQ = 7,
85 	/* Bad sequence number (and software is not able to recover)
86 	 *
87 	 * EILSEQ:
88 	 * Illegal byte sequence
89 	 */
90 
91 	J1939_XTP_ABORT_DUP_SEQ = 8,
92 	/* Duplicate sequence number (and software is not able to
93 	 * recover)
94 	 */
95 
96 	J1939_XTP_ABORT_EDPO_UNEXPECTED = 9,
97 	/* Unexpected EDPO packet (ETP) or Message size > 1785 bytes
98 	 * (TP)
99 	 */
100 
101 	J1939_XTP_ABORT_BAD_EDPO_PGN = 10,
102 	/* Unexpected EDPO PGN (PGN in EDPO is bad) */
103 
104 	J1939_XTP_ABORT_EDPO_OUTOF_CTS = 11,
105 	/* EDPO number of packets is greater than CTS */
106 
107 	J1939_XTP_ABORT_BAD_EDPO_OFFSET = 12,
108 	/* Bad EDPO offset */
109 
110 	J1939_XTP_ABORT_OTHER_DEPRECATED = 13,
111 	/* Deprecated. Use 250 instead (Any other reason)  */
112 
113 	J1939_XTP_ABORT_ECTS_UNXPECTED_PGN = 14,
114 	/* Unexpected ECTS PGN (PGN in ECTS is bad) */
115 
116 	J1939_XTP_ABORT_ECTS_TOO_BIG = 15,
117 	/* ECTS requested packets exceeds message size */
118 
119 	J1939_XTP_ABORT_OTHER = 250,
120 	/* Any other reason (if a Connection Abort reason is
121 	 * identified that is not listed in the table use code 250)
122 	 */
123 };
124 
125 static unsigned int j1939_tp_block = 255;
126 static unsigned int j1939_tp_packet_delay;
127 static unsigned int j1939_tp_padding = 1;
128 
129 /* helpers */
130 static const char *j1939_xtp_abort_to_str(enum j1939_xtp_abort abort)
131 {
132 	switch (abort) {
133 	case J1939_XTP_ABORT_BUSY:
134 		return "Already in one or more connection managed sessions and cannot support another.";
135 	case J1939_XTP_ABORT_RESOURCE:
136 		return "System resources were needed for another task so this connection managed session was terminated.";
137 	case J1939_XTP_ABORT_TIMEOUT:
138 		return "A timeout occurred and this is the connection abort to close the session.";
139 	case J1939_XTP_ABORT_GENERIC:
140 		return "CTS messages received when data transfer is in progress";
141 	case J1939_XTP_ABORT_FAULT:
142 		return "Maximal retransmit request limit reached";
143 	case J1939_XTP_ABORT_UNEXPECTED_DATA:
144 		return "Unexpected data transfer packet";
145 	case J1939_XTP_ABORT_BAD_SEQ:
146 		return "Bad sequence number (and software is not able to recover)";
147 	case J1939_XTP_ABORT_DUP_SEQ:
148 		return "Duplicate sequence number (and software is not able to recover)";
149 	case J1939_XTP_ABORT_EDPO_UNEXPECTED:
150 		return "Unexpected EDPO packet (ETP) or Message size > 1785 bytes (TP)";
151 	case J1939_XTP_ABORT_BAD_EDPO_PGN:
152 		return "Unexpected EDPO PGN (PGN in EDPO is bad)";
153 	case J1939_XTP_ABORT_EDPO_OUTOF_CTS:
154 		return "EDPO number of packets is greater than CTS";
155 	case J1939_XTP_ABORT_BAD_EDPO_OFFSET:
156 		return "Bad EDPO offset";
157 	case J1939_XTP_ABORT_OTHER_DEPRECATED:
158 		return "Deprecated. Use 250 instead (Any other reason)";
159 	case J1939_XTP_ABORT_ECTS_UNXPECTED_PGN:
160 		return "Unexpected ECTS PGN (PGN in ECTS is bad)";
161 	case J1939_XTP_ABORT_ECTS_TOO_BIG:
162 		return "ECTS requested packets exceeds message size";
163 	case J1939_XTP_ABORT_OTHER:
164 		return "Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250)";
165 	default:
166 		return "<unknown>";
167 	}
168 }
169 
170 static int j1939_xtp_abort_to_errno(struct j1939_priv *priv,
171 				    enum j1939_xtp_abort abort)
172 {
173 	int err;
174 
175 	switch (abort) {
176 	case J1939_XTP_NO_ABORT:
177 		WARN_ON_ONCE(abort == J1939_XTP_NO_ABORT);
178 		err = 0;
179 		break;
180 	case J1939_XTP_ABORT_BUSY:
181 		err = EALREADY;
182 		break;
183 	case J1939_XTP_ABORT_RESOURCE:
184 		err = EMSGSIZE;
185 		break;
186 	case J1939_XTP_ABORT_TIMEOUT:
187 		err = EHOSTUNREACH;
188 		break;
189 	case J1939_XTP_ABORT_GENERIC:
190 		err = EBADMSG;
191 		break;
192 	case J1939_XTP_ABORT_FAULT:
193 		err = ENOTRECOVERABLE;
194 		break;
195 	case J1939_XTP_ABORT_UNEXPECTED_DATA:
196 		err = ENOTCONN;
197 		break;
198 	case J1939_XTP_ABORT_BAD_SEQ:
199 		err = EILSEQ;
200 		break;
201 	case J1939_XTP_ABORT_DUP_SEQ:
202 		err = EPROTO;
203 		break;
204 	case J1939_XTP_ABORT_EDPO_UNEXPECTED:
205 		err = EPROTO;
206 		break;
207 	case J1939_XTP_ABORT_BAD_EDPO_PGN:
208 		err = EPROTO;
209 		break;
210 	case J1939_XTP_ABORT_EDPO_OUTOF_CTS:
211 		err = EPROTO;
212 		break;
213 	case J1939_XTP_ABORT_BAD_EDPO_OFFSET:
214 		err = EPROTO;
215 		break;
216 	case J1939_XTP_ABORT_OTHER_DEPRECATED:
217 		err = EPROTO;
218 		break;
219 	case J1939_XTP_ABORT_ECTS_UNXPECTED_PGN:
220 		err = EPROTO;
221 		break;
222 	case J1939_XTP_ABORT_ECTS_TOO_BIG:
223 		err = EPROTO;
224 		break;
225 	case J1939_XTP_ABORT_OTHER:
226 		err = EPROTO;
227 		break;
228 	default:
229 		netdev_warn(priv->ndev, "Unknown abort code %i", abort);
230 		err = EPROTO;
231 	}
232 
233 	return err;
234 }
235 
236 static inline void j1939_session_list_lock(struct j1939_priv *priv)
237 {
238 	spin_lock_bh(&priv->active_session_list_lock);
239 }
240 
241 static inline void j1939_session_list_unlock(struct j1939_priv *priv)
242 {
243 	spin_unlock_bh(&priv->active_session_list_lock);
244 }
245 
246 void j1939_session_get(struct j1939_session *session)
247 {
248 	kref_get(&session->kref);
249 }
250 
251 /* session completion functions */
252 static void __j1939_session_drop(struct j1939_session *session)
253 {
254 	if (!session->transmission)
255 		return;
256 
257 	j1939_sock_pending_del(session->sk);
258 }
259 
260 static void j1939_session_destroy(struct j1939_session *session)
261 {
262 	if (session->err)
263 		j1939_sk_errqueue(session, J1939_ERRQUEUE_ABORT);
264 	else
265 		j1939_sk_errqueue(session, J1939_ERRQUEUE_ACK);
266 
267 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
268 
269 	skb_queue_purge(&session->skb_queue);
270 	__j1939_session_drop(session);
271 	j1939_priv_put(session->priv);
272 	kfree(session);
273 }
274 
275 static void __j1939_session_release(struct kref *kref)
276 {
277 	struct j1939_session *session = container_of(kref, struct j1939_session,
278 						     kref);
279 
280 	j1939_session_destroy(session);
281 }
282 
283 void j1939_session_put(struct j1939_session *session)
284 {
285 	kref_put(&session->kref, __j1939_session_release);
286 }
287 
288 static void j1939_session_txtimer_cancel(struct j1939_session *session)
289 {
290 	if (hrtimer_cancel(&session->txtimer))
291 		j1939_session_put(session);
292 }
293 
294 static void j1939_session_rxtimer_cancel(struct j1939_session *session)
295 {
296 	if (hrtimer_cancel(&session->rxtimer))
297 		j1939_session_put(session);
298 }
299 
300 void j1939_session_timers_cancel(struct j1939_session *session)
301 {
302 	j1939_session_txtimer_cancel(session);
303 	j1939_session_rxtimer_cancel(session);
304 }
305 
306 static inline bool j1939_cb_is_broadcast(const struct j1939_sk_buff_cb *skcb)
307 {
308 	return (!skcb->addr.dst_name && (skcb->addr.da == 0xff));
309 }
310 
311 static void j1939_session_skb_drop_old(struct j1939_session *session)
312 {
313 	struct sk_buff *do_skb;
314 	struct j1939_sk_buff_cb *do_skcb;
315 	unsigned int offset_start;
316 	unsigned long flags;
317 
318 	if (skb_queue_len(&session->skb_queue) < 2)
319 		return;
320 
321 	offset_start = session->pkt.tx_acked * 7;
322 
323 	spin_lock_irqsave(&session->skb_queue.lock, flags);
324 	do_skb = skb_peek(&session->skb_queue);
325 	do_skcb = j1939_skb_to_cb(do_skb);
326 
327 	if ((do_skcb->offset + do_skb->len) < offset_start) {
328 		__skb_unlink(do_skb, &session->skb_queue);
329 		kfree_skb(do_skb);
330 	}
331 	spin_unlock_irqrestore(&session->skb_queue.lock, flags);
332 }
333 
334 void j1939_session_skb_queue(struct j1939_session *session,
335 			     struct sk_buff *skb)
336 {
337 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
338 	struct j1939_priv *priv = session->priv;
339 
340 	j1939_ac_fixup(priv, skb);
341 
342 	if (j1939_address_is_unicast(skcb->addr.da) &&
343 	    priv->ents[skcb->addr.da].nusers)
344 		skcb->flags |= J1939_ECU_LOCAL_DST;
345 
346 	skcb->flags |= J1939_ECU_LOCAL_SRC;
347 
348 	skb_queue_tail(&session->skb_queue, skb);
349 }
350 
351 static struct sk_buff *j1939_session_skb_find(struct j1939_session *session)
352 {
353 	struct j1939_priv *priv = session->priv;
354 	struct sk_buff *skb = NULL;
355 	struct sk_buff *do_skb;
356 	struct j1939_sk_buff_cb *do_skcb;
357 	unsigned int offset_start;
358 	unsigned long flags;
359 
360 	offset_start = session->pkt.dpo * 7;
361 
362 	spin_lock_irqsave(&session->skb_queue.lock, flags);
363 	skb_queue_walk(&session->skb_queue, do_skb) {
364 		do_skcb = j1939_skb_to_cb(do_skb);
365 
366 		if (offset_start >= do_skcb->offset &&
367 		    offset_start < (do_skcb->offset + do_skb->len)) {
368 			skb = do_skb;
369 		}
370 	}
371 	spin_unlock_irqrestore(&session->skb_queue.lock, flags);
372 
373 	if (!skb)
374 		netdev_dbg(priv->ndev, "%s: 0x%p: no skb found for start: %i, queue size: %i\n",
375 			   __func__, session, offset_start,
376 			   skb_queue_len(&session->skb_queue));
377 
378 	return skb;
379 }
380 
381 /* see if we are receiver
382  * returns 0 for broadcasts, although we will receive them
383  */
384 static inline int j1939_tp_im_receiver(const struct j1939_sk_buff_cb *skcb)
385 {
386 	return skcb->flags & J1939_ECU_LOCAL_DST;
387 }
388 
389 /* see if we are sender */
390 static inline int j1939_tp_im_transmitter(const struct j1939_sk_buff_cb *skcb)
391 {
392 	return skcb->flags & J1939_ECU_LOCAL_SRC;
393 }
394 
395 /* see if we are involved as either receiver or transmitter */
396 static int j1939_tp_im_involved(const struct j1939_sk_buff_cb *skcb, bool swap)
397 {
398 	if (swap)
399 		return j1939_tp_im_receiver(skcb);
400 	else
401 		return j1939_tp_im_transmitter(skcb);
402 }
403 
404 static int j1939_tp_im_involved_anydir(struct j1939_sk_buff_cb *skcb)
405 {
406 	return skcb->flags & (J1939_ECU_LOCAL_SRC | J1939_ECU_LOCAL_DST);
407 }
408 
409 /* extract pgn from flow-ctl message */
410 static inline pgn_t j1939_xtp_ctl_to_pgn(const u8 *dat)
411 {
412 	pgn_t pgn;
413 
414 	pgn = (dat[7] << 16) | (dat[6] << 8) | (dat[5] << 0);
415 	if (j1939_pgn_is_pdu1(pgn))
416 		pgn &= 0xffff00;
417 	return pgn;
418 }
419 
420 static inline unsigned int j1939_tp_ctl_to_size(const u8 *dat)
421 {
422 	return (dat[2] << 8) + (dat[1] << 0);
423 }
424 
425 static inline unsigned int j1939_etp_ctl_to_packet(const u8 *dat)
426 {
427 	return (dat[4] << 16) | (dat[3] << 8) | (dat[2] << 0);
428 }
429 
430 static inline unsigned int j1939_etp_ctl_to_size(const u8 *dat)
431 {
432 	return (dat[4] << 24) | (dat[3] << 16) |
433 		(dat[2] << 8) | (dat[1] << 0);
434 }
435 
436 /* find existing session:
437  * reverse: swap cb's src & dst
438  * there is no problem with matching broadcasts, since
439  * broadcasts (no dst, no da) would never call this
440  * with reverse == true
441  */
442 static bool j1939_session_match(struct j1939_addr *se_addr,
443 				struct j1939_addr *sk_addr, bool reverse)
444 {
445 	if (se_addr->type != sk_addr->type)
446 		return false;
447 
448 	if (reverse) {
449 		if (se_addr->src_name) {
450 			if (se_addr->src_name != sk_addr->dst_name)
451 				return false;
452 		} else if (se_addr->sa != sk_addr->da) {
453 			return false;
454 		}
455 
456 		if (se_addr->dst_name) {
457 			if (se_addr->dst_name != sk_addr->src_name)
458 				return false;
459 		} else if (se_addr->da != sk_addr->sa) {
460 			return false;
461 		}
462 	} else {
463 		if (se_addr->src_name) {
464 			if (se_addr->src_name != sk_addr->src_name)
465 				return false;
466 		} else if (se_addr->sa != sk_addr->sa) {
467 			return false;
468 		}
469 
470 		if (se_addr->dst_name) {
471 			if (se_addr->dst_name != sk_addr->dst_name)
472 				return false;
473 		} else if (se_addr->da != sk_addr->da) {
474 			return false;
475 		}
476 	}
477 
478 	return true;
479 }
480 
481 static struct
482 j1939_session *j1939_session_get_by_addr_locked(struct j1939_priv *priv,
483 						struct list_head *root,
484 						struct j1939_addr *addr,
485 						bool reverse, bool transmitter)
486 {
487 	struct j1939_session *session;
488 
489 	lockdep_assert_held(&priv->active_session_list_lock);
490 
491 	list_for_each_entry(session, root, active_session_list_entry) {
492 		j1939_session_get(session);
493 		if (j1939_session_match(&session->skcb.addr, addr, reverse) &&
494 		    session->transmission == transmitter)
495 			return session;
496 		j1939_session_put(session);
497 	}
498 
499 	return NULL;
500 }
501 
502 static struct
503 j1939_session *j1939_session_get_simple(struct j1939_priv *priv,
504 					struct sk_buff *skb)
505 {
506 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
507 	struct j1939_session *session;
508 
509 	lockdep_assert_held(&priv->active_session_list_lock);
510 
511 	list_for_each_entry(session, &priv->active_session_list,
512 			    active_session_list_entry) {
513 		j1939_session_get(session);
514 		if (session->skcb.addr.type == J1939_SIMPLE &&
515 		    session->tskey == skcb->tskey && session->sk == skb->sk)
516 			return session;
517 		j1939_session_put(session);
518 	}
519 
520 	return NULL;
521 }
522 
523 static struct
524 j1939_session *j1939_session_get_by_addr(struct j1939_priv *priv,
525 					 struct j1939_addr *addr,
526 					 bool reverse, bool transmitter)
527 {
528 	struct j1939_session *session;
529 
530 	j1939_session_list_lock(priv);
531 	session = j1939_session_get_by_addr_locked(priv,
532 						   &priv->active_session_list,
533 						   addr, reverse, transmitter);
534 	j1939_session_list_unlock(priv);
535 
536 	return session;
537 }
538 
539 static void j1939_skbcb_swap(struct j1939_sk_buff_cb *skcb)
540 {
541 	u8 tmp = 0;
542 
543 	swap(skcb->addr.dst_name, skcb->addr.src_name);
544 	swap(skcb->addr.da, skcb->addr.sa);
545 
546 	/* swap SRC and DST flags, leave other untouched */
547 	if (skcb->flags & J1939_ECU_LOCAL_SRC)
548 		tmp |= J1939_ECU_LOCAL_DST;
549 	if (skcb->flags & J1939_ECU_LOCAL_DST)
550 		tmp |= J1939_ECU_LOCAL_SRC;
551 	skcb->flags &= ~(J1939_ECU_LOCAL_SRC | J1939_ECU_LOCAL_DST);
552 	skcb->flags |= tmp;
553 }
554 
555 static struct
556 sk_buff *j1939_tp_tx_dat_new(struct j1939_priv *priv,
557 			     const struct j1939_sk_buff_cb *re_skcb,
558 			     bool ctl,
559 			     bool swap_src_dst)
560 {
561 	struct sk_buff *skb;
562 	struct j1939_sk_buff_cb *skcb;
563 
564 	skb = alloc_skb(sizeof(struct can_frame) + sizeof(struct can_skb_priv),
565 			GFP_ATOMIC);
566 	if (unlikely(!skb))
567 		return ERR_PTR(-ENOMEM);
568 
569 	skb->dev = priv->ndev;
570 	can_skb_reserve(skb);
571 	can_skb_prv(skb)->ifindex = priv->ndev->ifindex;
572 	/* reserve CAN header */
573 	skb_reserve(skb, offsetof(struct can_frame, data));
574 
575 	memcpy(skb->cb, re_skcb, sizeof(skb->cb));
576 	skcb = j1939_skb_to_cb(skb);
577 	if (swap_src_dst)
578 		j1939_skbcb_swap(skcb);
579 
580 	if (ctl) {
581 		if (skcb->addr.type == J1939_ETP)
582 			skcb->addr.pgn = J1939_ETP_PGN_CTL;
583 		else
584 			skcb->addr.pgn = J1939_TP_PGN_CTL;
585 	} else {
586 		if (skcb->addr.type == J1939_ETP)
587 			skcb->addr.pgn = J1939_ETP_PGN_DAT;
588 		else
589 			skcb->addr.pgn = J1939_TP_PGN_DAT;
590 	}
591 
592 	return skb;
593 }
594 
595 /* TP transmit packet functions */
596 static int j1939_tp_tx_dat(struct j1939_session *session,
597 			   const u8 *dat, int len)
598 {
599 	struct j1939_priv *priv = session->priv;
600 	struct sk_buff *skb;
601 
602 	skb = j1939_tp_tx_dat_new(priv, &session->skcb,
603 				  false, false);
604 	if (IS_ERR(skb))
605 		return PTR_ERR(skb);
606 
607 	skb_put_data(skb, dat, len);
608 	if (j1939_tp_padding && len < 8)
609 		memset(skb_put(skb, 8 - len), 0xff, 8 - len);
610 
611 	return j1939_send_one(priv, skb);
612 }
613 
614 static int j1939_xtp_do_tx_ctl(struct j1939_priv *priv,
615 			       const struct j1939_sk_buff_cb *re_skcb,
616 			       bool swap_src_dst, pgn_t pgn, const u8 *dat)
617 {
618 	struct sk_buff *skb;
619 	u8 *skdat;
620 
621 	if (!j1939_tp_im_involved(re_skcb, swap_src_dst))
622 		return 0;
623 
624 	skb = j1939_tp_tx_dat_new(priv, re_skcb, true, swap_src_dst);
625 	if (IS_ERR(skb))
626 		return PTR_ERR(skb);
627 
628 	skdat = skb_put(skb, 8);
629 	memcpy(skdat, dat, 5);
630 	skdat[5] = (pgn >> 0);
631 	skdat[6] = (pgn >> 8);
632 	skdat[7] = (pgn >> 16);
633 
634 	return j1939_send_one(priv, skb);
635 }
636 
637 static inline int j1939_tp_tx_ctl(struct j1939_session *session,
638 				  bool swap_src_dst, const u8 *dat)
639 {
640 	struct j1939_priv *priv = session->priv;
641 
642 	return j1939_xtp_do_tx_ctl(priv, &session->skcb,
643 				   swap_src_dst,
644 				   session->skcb.addr.pgn, dat);
645 }
646 
647 static int j1939_xtp_tx_abort(struct j1939_priv *priv,
648 			      const struct j1939_sk_buff_cb *re_skcb,
649 			      bool swap_src_dst,
650 			      enum j1939_xtp_abort err,
651 			      pgn_t pgn)
652 {
653 	u8 dat[5];
654 
655 	if (!j1939_tp_im_involved(re_skcb, swap_src_dst))
656 		return 0;
657 
658 	memset(dat, 0xff, sizeof(dat));
659 	dat[0] = J1939_TP_CMD_ABORT;
660 	dat[1] = err;
661 	return j1939_xtp_do_tx_ctl(priv, re_skcb, swap_src_dst, pgn, dat);
662 }
663 
664 void j1939_tp_schedule_txtimer(struct j1939_session *session, int msec)
665 {
666 	j1939_session_get(session);
667 	hrtimer_start(&session->txtimer, ms_to_ktime(msec),
668 		      HRTIMER_MODE_REL_SOFT);
669 }
670 
671 static inline void j1939_tp_set_rxtimeout(struct j1939_session *session,
672 					  int msec)
673 {
674 	j1939_session_rxtimer_cancel(session);
675 	j1939_session_get(session);
676 	hrtimer_start(&session->rxtimer, ms_to_ktime(msec),
677 		      HRTIMER_MODE_REL_SOFT);
678 }
679 
680 static int j1939_session_tx_rts(struct j1939_session *session)
681 {
682 	u8 dat[8];
683 	int ret;
684 
685 	memset(dat, 0xff, sizeof(dat));
686 
687 	dat[1] = (session->total_message_size >> 0);
688 	dat[2] = (session->total_message_size >> 8);
689 	dat[3] = session->pkt.total;
690 
691 	if (session->skcb.addr.type == J1939_ETP) {
692 		dat[0] = J1939_ETP_CMD_RTS;
693 		dat[1] = (session->total_message_size >> 0);
694 		dat[2] = (session->total_message_size >> 8);
695 		dat[3] = (session->total_message_size >> 16);
696 		dat[4] = (session->total_message_size >> 24);
697 	} else if (j1939_cb_is_broadcast(&session->skcb)) {
698 		dat[0] = J1939_TP_CMD_BAM;
699 		/* fake cts for broadcast */
700 		session->pkt.tx = 0;
701 	} else {
702 		dat[0] = J1939_TP_CMD_RTS;
703 		dat[4] = dat[3];
704 	}
705 
706 	if (dat[0] == session->last_txcmd)
707 		/* done already */
708 		return 0;
709 
710 	ret = j1939_tp_tx_ctl(session, false, dat);
711 	if (ret < 0)
712 		return ret;
713 
714 	session->last_txcmd = dat[0];
715 	if (dat[0] == J1939_TP_CMD_BAM)
716 		j1939_tp_schedule_txtimer(session, 50);
717 
718 	j1939_tp_set_rxtimeout(session, 1250);
719 
720 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
721 
722 	return 0;
723 }
724 
725 static int j1939_session_tx_dpo(struct j1939_session *session)
726 {
727 	unsigned int pkt;
728 	u8 dat[8];
729 	int ret;
730 
731 	memset(dat, 0xff, sizeof(dat));
732 
733 	dat[0] = J1939_ETP_CMD_DPO;
734 	session->pkt.dpo = session->pkt.tx_acked;
735 	pkt = session->pkt.dpo;
736 	dat[1] = session->pkt.last - session->pkt.tx_acked;
737 	dat[2] = (pkt >> 0);
738 	dat[3] = (pkt >> 8);
739 	dat[4] = (pkt >> 16);
740 
741 	ret = j1939_tp_tx_ctl(session, false, dat);
742 	if (ret < 0)
743 		return ret;
744 
745 	session->last_txcmd = dat[0];
746 	j1939_tp_set_rxtimeout(session, 1250);
747 	session->pkt.tx = session->pkt.tx_acked;
748 
749 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
750 
751 	return 0;
752 }
753 
754 static int j1939_session_tx_dat(struct j1939_session *session)
755 {
756 	struct j1939_priv *priv = session->priv;
757 	struct j1939_sk_buff_cb *skcb;
758 	int offset, pkt_done, pkt_end;
759 	unsigned int len, pdelay;
760 	struct sk_buff *se_skb;
761 	const u8 *tpdat;
762 	int ret = 0;
763 	u8 dat[8];
764 
765 	se_skb = j1939_session_skb_find(session);
766 	if (!se_skb)
767 		return -ENOBUFS;
768 
769 	skcb = j1939_skb_to_cb(se_skb);
770 	tpdat = se_skb->data;
771 	ret = 0;
772 	pkt_done = 0;
773 	if (session->skcb.addr.type != J1939_ETP &&
774 	    j1939_cb_is_broadcast(&session->skcb))
775 		pkt_end = session->pkt.total;
776 	else
777 		pkt_end = session->pkt.last;
778 
779 	while (session->pkt.tx < pkt_end) {
780 		dat[0] = session->pkt.tx - session->pkt.dpo + 1;
781 		offset = (session->pkt.tx * 7) - skcb->offset;
782 		len =  se_skb->len - offset;
783 		if (len > 7)
784 			len = 7;
785 
786 		memcpy(&dat[1], &tpdat[offset], len);
787 		ret = j1939_tp_tx_dat(session, dat, len + 1);
788 		if (ret < 0) {
789 			/* ENOBUS == CAN interface TX queue is full */
790 			if (ret != -ENOBUFS)
791 				netdev_alert(priv->ndev,
792 					     "%s: 0x%p: queue data error: %i\n",
793 					     __func__, session, ret);
794 			break;
795 		}
796 
797 		session->last_txcmd = 0xff;
798 		pkt_done++;
799 		session->pkt.tx++;
800 		pdelay = j1939_cb_is_broadcast(&session->skcb) ? 50 :
801 			j1939_tp_packet_delay;
802 
803 		if (session->pkt.tx < session->pkt.total && pdelay) {
804 			j1939_tp_schedule_txtimer(session, pdelay);
805 			break;
806 		}
807 	}
808 
809 	if (pkt_done)
810 		j1939_tp_set_rxtimeout(session, 250);
811 
812 	return ret;
813 }
814 
815 static int j1939_xtp_txnext_transmiter(struct j1939_session *session)
816 {
817 	struct j1939_priv *priv = session->priv;
818 	int ret = 0;
819 
820 	if (!j1939_tp_im_transmitter(&session->skcb)) {
821 		netdev_alert(priv->ndev, "%s: 0x%p: called by not transmitter!\n",
822 			     __func__, session);
823 		return -EINVAL;
824 	}
825 
826 	switch (session->last_cmd) {
827 	case 0:
828 		ret = j1939_session_tx_rts(session);
829 		break;
830 
831 	case J1939_ETP_CMD_CTS:
832 		if (session->last_txcmd != J1939_ETP_CMD_DPO) {
833 			ret = j1939_session_tx_dpo(session);
834 			if (ret)
835 				return ret;
836 		}
837 
838 		/* fall through */
839 	case J1939_TP_CMD_CTS:
840 	case 0xff: /* did some data */
841 	case J1939_ETP_CMD_DPO:
842 	case J1939_TP_CMD_BAM:
843 		ret = j1939_session_tx_dat(session);
844 
845 		break;
846 	default:
847 		netdev_alert(priv->ndev, "%s: 0x%p: unexpected last_cmd: %x\n",
848 			     __func__, session, session->last_cmd);
849 	}
850 
851 	return ret;
852 }
853 
854 static int j1939_session_tx_cts(struct j1939_session *session)
855 {
856 	struct j1939_priv *priv = session->priv;
857 	unsigned int pkt, len;
858 	int ret;
859 	u8 dat[8];
860 
861 	if (!j1939_sk_recv_match(priv, &session->skcb))
862 		return -ENOENT;
863 
864 	len = session->pkt.total - session->pkt.rx;
865 	len = min3(len, session->pkt.block, j1939_tp_block ?: 255);
866 	memset(dat, 0xff, sizeof(dat));
867 
868 	if (session->skcb.addr.type == J1939_ETP) {
869 		pkt = session->pkt.rx + 1;
870 		dat[0] = J1939_ETP_CMD_CTS;
871 		dat[1] = len;
872 		dat[2] = (pkt >> 0);
873 		dat[3] = (pkt >> 8);
874 		dat[4] = (pkt >> 16);
875 	} else {
876 		dat[0] = J1939_TP_CMD_CTS;
877 		dat[1] = len;
878 		dat[2] = session->pkt.rx + 1;
879 	}
880 
881 	if (dat[0] == session->last_txcmd)
882 		/* done already */
883 		return 0;
884 
885 	ret = j1939_tp_tx_ctl(session, true, dat);
886 	if (ret < 0)
887 		return ret;
888 
889 	if (len)
890 		/* only mark cts done when len is set */
891 		session->last_txcmd = dat[0];
892 	j1939_tp_set_rxtimeout(session, 1250);
893 
894 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
895 
896 	return 0;
897 }
898 
899 static int j1939_session_tx_eoma(struct j1939_session *session)
900 {
901 	struct j1939_priv *priv = session->priv;
902 	u8 dat[8];
903 	int ret;
904 
905 	if (!j1939_sk_recv_match(priv, &session->skcb))
906 		return -ENOENT;
907 
908 	memset(dat, 0xff, sizeof(dat));
909 
910 	if (session->skcb.addr.type == J1939_ETP) {
911 		dat[0] = J1939_ETP_CMD_EOMA;
912 		dat[1] = session->total_message_size >> 0;
913 		dat[2] = session->total_message_size >> 8;
914 		dat[3] = session->total_message_size >> 16;
915 		dat[4] = session->total_message_size >> 24;
916 	} else {
917 		dat[0] = J1939_TP_CMD_EOMA;
918 		dat[1] = session->total_message_size;
919 		dat[2] = session->total_message_size >> 8;
920 		dat[3] = session->pkt.total;
921 	}
922 
923 	if (dat[0] == session->last_txcmd)
924 		/* done already */
925 		return 0;
926 
927 	ret = j1939_tp_tx_ctl(session, true, dat);
928 	if (ret < 0)
929 		return ret;
930 
931 	session->last_txcmd = dat[0];
932 
933 	/* wait for the EOMA packet to come in */
934 	j1939_tp_set_rxtimeout(session, 1250);
935 
936 	netdev_dbg(session->priv->ndev, "%p: 0x%p\n", __func__, session);
937 
938 	return 0;
939 }
940 
941 static int j1939_xtp_txnext_receiver(struct j1939_session *session)
942 {
943 	struct j1939_priv *priv = session->priv;
944 	int ret = 0;
945 
946 	if (!j1939_tp_im_receiver(&session->skcb)) {
947 		netdev_alert(priv->ndev, "%s: 0x%p: called by not receiver!\n",
948 			     __func__, session);
949 		return -EINVAL;
950 	}
951 
952 	switch (session->last_cmd) {
953 	case J1939_TP_CMD_RTS:
954 	case J1939_ETP_CMD_RTS:
955 		ret = j1939_session_tx_cts(session);
956 		break;
957 
958 	case J1939_ETP_CMD_CTS:
959 	case J1939_TP_CMD_CTS:
960 	case 0xff: /* did some data */
961 	case J1939_ETP_CMD_DPO:
962 		if ((session->skcb.addr.type == J1939_TP &&
963 		     j1939_cb_is_broadcast(&session->skcb)))
964 			break;
965 
966 		if (session->pkt.rx >= session->pkt.total) {
967 			ret = j1939_session_tx_eoma(session);
968 		} else if (session->pkt.rx >= session->pkt.last) {
969 			session->last_txcmd = 0;
970 			ret = j1939_session_tx_cts(session);
971 		}
972 		break;
973 	default:
974 		netdev_alert(priv->ndev, "%s: 0x%p: unexpected last_cmd: %x\n",
975 			     __func__, session, session->last_cmd);
976 	}
977 
978 	return ret;
979 }
980 
981 static int j1939_simple_txnext(struct j1939_session *session)
982 {
983 	struct j1939_priv *priv = session->priv;
984 	struct sk_buff *se_skb = j1939_session_skb_find(session);
985 	struct sk_buff *skb;
986 	int ret;
987 
988 	if (!se_skb)
989 		return 0;
990 
991 	skb = skb_clone(se_skb, GFP_ATOMIC);
992 	if (!skb)
993 		return -ENOMEM;
994 
995 	can_skb_set_owner(skb, se_skb->sk);
996 
997 	j1939_tp_set_rxtimeout(session, J1939_SIMPLE_ECHO_TIMEOUT_MS);
998 
999 	ret = j1939_send_one(priv, skb);
1000 	if (ret)
1001 		return ret;
1002 
1003 	j1939_sk_errqueue(session, J1939_ERRQUEUE_SCHED);
1004 	j1939_sk_queue_activate_next(session);
1005 
1006 	return 0;
1007 }
1008 
1009 static bool j1939_session_deactivate_locked(struct j1939_session *session)
1010 {
1011 	bool active = false;
1012 
1013 	lockdep_assert_held(&session->priv->active_session_list_lock);
1014 
1015 	if (session->state >= J1939_SESSION_ACTIVE &&
1016 	    session->state < J1939_SESSION_ACTIVE_MAX) {
1017 		active = true;
1018 
1019 		list_del_init(&session->active_session_list_entry);
1020 		session->state = J1939_SESSION_DONE;
1021 		j1939_session_put(session);
1022 	}
1023 
1024 	return active;
1025 }
1026 
1027 static bool j1939_session_deactivate(struct j1939_session *session)
1028 {
1029 	bool active;
1030 
1031 	j1939_session_list_lock(session->priv);
1032 	active = j1939_session_deactivate_locked(session);
1033 	j1939_session_list_unlock(session->priv);
1034 
1035 	return active;
1036 }
1037 
1038 static void
1039 j1939_session_deactivate_activate_next(struct j1939_session *session)
1040 {
1041 	if (j1939_session_deactivate(session))
1042 		j1939_sk_queue_activate_next(session);
1043 }
1044 
1045 static void j1939_session_cancel(struct j1939_session *session,
1046 				 enum j1939_xtp_abort err)
1047 {
1048 	struct j1939_priv *priv = session->priv;
1049 
1050 	WARN_ON_ONCE(!err);
1051 
1052 	session->err = j1939_xtp_abort_to_errno(priv, err);
1053 	/* do not send aborts on incoming broadcasts */
1054 	if (!j1939_cb_is_broadcast(&session->skcb)) {
1055 		session->state = J1939_SESSION_WAITING_ABORT;
1056 		j1939_xtp_tx_abort(priv, &session->skcb,
1057 				   !session->transmission,
1058 				   err, session->skcb.addr.pgn);
1059 	}
1060 
1061 	if (session->sk)
1062 		j1939_sk_send_loop_abort(session->sk, session->err);
1063 }
1064 
1065 static enum hrtimer_restart j1939_tp_txtimer(struct hrtimer *hrtimer)
1066 {
1067 	struct j1939_session *session =
1068 		container_of(hrtimer, struct j1939_session, txtimer);
1069 	struct j1939_priv *priv = session->priv;
1070 	int ret = 0;
1071 
1072 	if (session->skcb.addr.type == J1939_SIMPLE) {
1073 		ret = j1939_simple_txnext(session);
1074 	} else {
1075 		if (session->transmission)
1076 			ret = j1939_xtp_txnext_transmiter(session);
1077 		else
1078 			ret = j1939_xtp_txnext_receiver(session);
1079 	}
1080 
1081 	switch (ret) {
1082 	case -ENOBUFS:
1083 		/* Retry limit is currently arbitrary chosen */
1084 		if (session->tx_retry < J1939_XTP_TX_RETRY_LIMIT) {
1085 			session->tx_retry++;
1086 			j1939_tp_schedule_txtimer(session,
1087 						  10 + prandom_u32_max(16));
1088 		} else {
1089 			netdev_alert(priv->ndev, "%s: 0x%p: tx retry count reached\n",
1090 				     __func__, session);
1091 			session->err = -ENETUNREACH;
1092 			j1939_session_rxtimer_cancel(session);
1093 			j1939_session_deactivate_activate_next(session);
1094 		}
1095 		break;
1096 	case -ENETDOWN:
1097 		/* In this case we should get a netdev_event(), all active
1098 		 * sessions will be cleared by
1099 		 * j1939_cancel_all_active_sessions(). So handle this as an
1100 		 * error, but let j1939_cancel_all_active_sessions() do the
1101 		 * cleanup including propagation of the error to user space.
1102 		 */
1103 		break;
1104 	case 0:
1105 		session->tx_retry = 0;
1106 		break;
1107 	default:
1108 		netdev_alert(priv->ndev, "%s: 0x%p: tx aborted with unknown reason: %i\n",
1109 			     __func__, session, ret);
1110 		if (session->skcb.addr.type != J1939_SIMPLE) {
1111 			j1939_tp_set_rxtimeout(session,
1112 					       J1939_XTP_ABORT_TIMEOUT_MS);
1113 			j1939_session_cancel(session, J1939_XTP_ABORT_OTHER);
1114 		} else {
1115 			session->err = ret;
1116 			j1939_session_rxtimer_cancel(session);
1117 			j1939_session_deactivate_activate_next(session);
1118 		}
1119 	}
1120 
1121 	j1939_session_put(session);
1122 
1123 	return HRTIMER_NORESTART;
1124 }
1125 
1126 static void j1939_session_completed(struct j1939_session *session)
1127 {
1128 	struct sk_buff *skb;
1129 
1130 	if (!session->transmission) {
1131 		skb = j1939_session_skb_find(session);
1132 		/* distribute among j1939 receivers */
1133 		j1939_sk_recv(session->priv, skb);
1134 	}
1135 
1136 	j1939_session_deactivate_activate_next(session);
1137 }
1138 
1139 static enum hrtimer_restart j1939_tp_rxtimer(struct hrtimer *hrtimer)
1140 {
1141 	struct j1939_session *session = container_of(hrtimer,
1142 						     struct j1939_session,
1143 						     rxtimer);
1144 	struct j1939_priv *priv = session->priv;
1145 
1146 	if (session->state == J1939_SESSION_WAITING_ABORT) {
1147 		netdev_alert(priv->ndev, "%s: 0x%p: abort rx timeout. Force session deactivation\n",
1148 			     __func__, session);
1149 
1150 		j1939_session_deactivate_activate_next(session);
1151 
1152 	} else if (session->skcb.addr.type == J1939_SIMPLE) {
1153 		netdev_alert(priv->ndev, "%s: 0x%p: Timeout. Failed to send simple message.\n",
1154 			     __func__, session);
1155 
1156 		/* The message is probably stuck in the CAN controller and can
1157 		 * be send as soon as CAN bus is in working state again.
1158 		 */
1159 		session->err = -ETIME;
1160 		j1939_session_deactivate(session);
1161 	} else {
1162 		netdev_alert(priv->ndev, "%s: 0x%p: rx timeout, send abort\n",
1163 			     __func__, session);
1164 
1165 		j1939_session_list_lock(session->priv);
1166 		if (session->state >= J1939_SESSION_ACTIVE &&
1167 		    session->state < J1939_SESSION_ACTIVE_MAX) {
1168 			j1939_session_get(session);
1169 			hrtimer_start(&session->rxtimer,
1170 				      ms_to_ktime(J1939_XTP_ABORT_TIMEOUT_MS),
1171 				      HRTIMER_MODE_REL_SOFT);
1172 			j1939_session_cancel(session, J1939_XTP_ABORT_TIMEOUT);
1173 		}
1174 		j1939_session_list_unlock(session->priv);
1175 	}
1176 
1177 	j1939_session_put(session);
1178 
1179 	return HRTIMER_NORESTART;
1180 }
1181 
1182 static bool j1939_xtp_rx_cmd_bad_pgn(struct j1939_session *session,
1183 				     const struct sk_buff *skb)
1184 {
1185 	const struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1186 	pgn_t pgn = j1939_xtp_ctl_to_pgn(skb->data);
1187 	struct j1939_priv *priv = session->priv;
1188 	enum j1939_xtp_abort abort = J1939_XTP_NO_ABORT;
1189 	u8 cmd = skb->data[0];
1190 
1191 	if (session->skcb.addr.pgn == pgn)
1192 		return false;
1193 
1194 	switch (cmd) {
1195 	case J1939_TP_CMD_BAM:
1196 		abort = J1939_XTP_NO_ABORT;
1197 		break;
1198 
1199 	case J1939_ETP_CMD_RTS:
1200 	case J1939_TP_CMD_RTS: /* fall through */
1201 		abort = J1939_XTP_ABORT_BUSY;
1202 		break;
1203 
1204 	case J1939_ETP_CMD_CTS:
1205 	case J1939_TP_CMD_CTS: /* fall through */
1206 		abort = J1939_XTP_ABORT_ECTS_UNXPECTED_PGN;
1207 		break;
1208 
1209 	case J1939_ETP_CMD_DPO:
1210 		abort = J1939_XTP_ABORT_BAD_EDPO_PGN;
1211 		break;
1212 
1213 	case J1939_ETP_CMD_EOMA:
1214 	case J1939_TP_CMD_EOMA: /* fall through */
1215 		abort = J1939_XTP_ABORT_OTHER;
1216 		break;
1217 
1218 	case J1939_ETP_CMD_ABORT: /* && J1939_TP_CMD_ABORT */
1219 		abort = J1939_XTP_NO_ABORT;
1220 		break;
1221 
1222 	default:
1223 		WARN_ON_ONCE(1);
1224 		break;
1225 	}
1226 
1227 	netdev_warn(priv->ndev, "%s: 0x%p: CMD 0x%02x with PGN 0x%05x for running session with different PGN 0x%05x.\n",
1228 		    __func__, session, cmd, pgn, session->skcb.addr.pgn);
1229 	if (abort != J1939_XTP_NO_ABORT)
1230 		j1939_xtp_tx_abort(priv, skcb, true, abort, pgn);
1231 
1232 	return true;
1233 }
1234 
1235 static void j1939_xtp_rx_abort_one(struct j1939_priv *priv, struct sk_buff *skb,
1236 				   bool reverse, bool transmitter)
1237 {
1238 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1239 	struct j1939_session *session;
1240 	u8 abort = skb->data[1];
1241 
1242 	session = j1939_session_get_by_addr(priv, &skcb->addr, reverse,
1243 					    transmitter);
1244 	if (!session)
1245 		return;
1246 
1247 	if (j1939_xtp_rx_cmd_bad_pgn(session, skb))
1248 		goto abort_put;
1249 
1250 	netdev_info(priv->ndev, "%s: 0x%p: 0x%05x: (%u) %s\n", __func__,
1251 		    session, j1939_xtp_ctl_to_pgn(skb->data), abort,
1252 		    j1939_xtp_abort_to_str(abort));
1253 
1254 	j1939_session_timers_cancel(session);
1255 	session->err = j1939_xtp_abort_to_errno(priv, abort);
1256 	if (session->sk)
1257 		j1939_sk_send_loop_abort(session->sk, session->err);
1258 	j1939_session_deactivate_activate_next(session);
1259 
1260 abort_put:
1261 	j1939_session_put(session);
1262 }
1263 
1264 /* abort packets may come in 2 directions */
1265 static void
1266 j1939_xtp_rx_abort(struct j1939_priv *priv, struct sk_buff *skb,
1267 		   bool transmitter)
1268 {
1269 	j1939_xtp_rx_abort_one(priv, skb, false, transmitter);
1270 	j1939_xtp_rx_abort_one(priv, skb, true, transmitter);
1271 }
1272 
1273 static void
1274 j1939_xtp_rx_eoma_one(struct j1939_session *session, struct sk_buff *skb)
1275 {
1276 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1277 	const u8 *dat;
1278 	int len;
1279 
1280 	if (j1939_xtp_rx_cmd_bad_pgn(session, skb))
1281 		return;
1282 
1283 	dat = skb->data;
1284 
1285 	if (skcb->addr.type == J1939_ETP)
1286 		len = j1939_etp_ctl_to_size(dat);
1287 	else
1288 		len = j1939_tp_ctl_to_size(dat);
1289 
1290 	if (session->total_message_size != len) {
1291 		netdev_warn_once(session->priv->ndev,
1292 				 "%s: 0x%p: Incorrect size. Expected: %i; got: %i.\n",
1293 				 __func__, session, session->total_message_size,
1294 				 len);
1295 	}
1296 
1297 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
1298 
1299 	session->pkt.tx_acked = session->pkt.total;
1300 	j1939_session_timers_cancel(session);
1301 	/* transmitted without problems */
1302 	j1939_session_completed(session);
1303 }
1304 
1305 static void
1306 j1939_xtp_rx_eoma(struct j1939_priv *priv, struct sk_buff *skb,
1307 		  bool transmitter)
1308 {
1309 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1310 	struct j1939_session *session;
1311 
1312 	session = j1939_session_get_by_addr(priv, &skcb->addr, true,
1313 					    transmitter);
1314 	if (!session)
1315 		return;
1316 
1317 	j1939_xtp_rx_eoma_one(session, skb);
1318 	j1939_session_put(session);
1319 }
1320 
1321 static void
1322 j1939_xtp_rx_cts_one(struct j1939_session *session, struct sk_buff *skb)
1323 {
1324 	enum j1939_xtp_abort err = J1939_XTP_ABORT_FAULT;
1325 	unsigned int pkt;
1326 	const u8 *dat;
1327 
1328 	dat = skb->data;
1329 
1330 	if (j1939_xtp_rx_cmd_bad_pgn(session, skb))
1331 		return;
1332 
1333 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
1334 
1335 	if (session->last_cmd == dat[0]) {
1336 		err = J1939_XTP_ABORT_DUP_SEQ;
1337 		goto out_session_cancel;
1338 	}
1339 
1340 	if (session->skcb.addr.type == J1939_ETP)
1341 		pkt = j1939_etp_ctl_to_packet(dat);
1342 	else
1343 		pkt = dat[2];
1344 
1345 	if (!pkt)
1346 		goto out_session_cancel;
1347 	else if (dat[1] > session->pkt.block /* 0xff for etp */)
1348 		goto out_session_cancel;
1349 
1350 	/* set packet counters only when not CTS(0) */
1351 	session->pkt.tx_acked = pkt - 1;
1352 	j1939_session_skb_drop_old(session);
1353 	session->pkt.last = session->pkt.tx_acked + dat[1];
1354 	if (session->pkt.last > session->pkt.total)
1355 		/* safety measure */
1356 		session->pkt.last = session->pkt.total;
1357 	/* TODO: do not set tx here, do it in txtimer */
1358 	session->pkt.tx = session->pkt.tx_acked;
1359 
1360 	session->last_cmd = dat[0];
1361 	if (dat[1]) {
1362 		j1939_tp_set_rxtimeout(session, 1250);
1363 		if (session->transmission) {
1364 			if (session->pkt.tx_acked)
1365 				j1939_sk_errqueue(session,
1366 						  J1939_ERRQUEUE_SCHED);
1367 			j1939_session_txtimer_cancel(session);
1368 			j1939_tp_schedule_txtimer(session, 0);
1369 		}
1370 	} else {
1371 		/* CTS(0) */
1372 		j1939_tp_set_rxtimeout(session, 550);
1373 	}
1374 	return;
1375 
1376  out_session_cancel:
1377 	j1939_session_timers_cancel(session);
1378 	j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);
1379 	j1939_session_cancel(session, err);
1380 }
1381 
1382 static void
1383 j1939_xtp_rx_cts(struct j1939_priv *priv, struct sk_buff *skb, bool transmitter)
1384 {
1385 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1386 	struct j1939_session *session;
1387 
1388 	session = j1939_session_get_by_addr(priv, &skcb->addr, true,
1389 					    transmitter);
1390 	if (!session)
1391 		return;
1392 	j1939_xtp_rx_cts_one(session, skb);
1393 	j1939_session_put(session);
1394 }
1395 
1396 static struct j1939_session *j1939_session_new(struct j1939_priv *priv,
1397 					       struct sk_buff *skb, size_t size)
1398 {
1399 	struct j1939_session *session;
1400 	struct j1939_sk_buff_cb *skcb;
1401 
1402 	session = kzalloc(sizeof(*session), gfp_any());
1403 	if (!session)
1404 		return NULL;
1405 
1406 	INIT_LIST_HEAD(&session->active_session_list_entry);
1407 	INIT_LIST_HEAD(&session->sk_session_queue_entry);
1408 	kref_init(&session->kref);
1409 
1410 	j1939_priv_get(priv);
1411 	session->priv = priv;
1412 	session->total_message_size = size;
1413 	session->state = J1939_SESSION_NEW;
1414 
1415 	skb_queue_head_init(&session->skb_queue);
1416 	skb_queue_tail(&session->skb_queue, skb);
1417 
1418 	skcb = j1939_skb_to_cb(skb);
1419 	memcpy(&session->skcb, skcb, sizeof(session->skcb));
1420 
1421 	hrtimer_init(&session->txtimer, CLOCK_MONOTONIC,
1422 		     HRTIMER_MODE_REL_SOFT);
1423 	session->txtimer.function = j1939_tp_txtimer;
1424 	hrtimer_init(&session->rxtimer, CLOCK_MONOTONIC,
1425 		     HRTIMER_MODE_REL_SOFT);
1426 	session->rxtimer.function = j1939_tp_rxtimer;
1427 
1428 	netdev_dbg(priv->ndev, "%s: 0x%p: sa: %02x, da: %02x\n",
1429 		   __func__, session, skcb->addr.sa, skcb->addr.da);
1430 
1431 	return session;
1432 }
1433 
1434 static struct
1435 j1939_session *j1939_session_fresh_new(struct j1939_priv *priv,
1436 				       int size,
1437 				       const struct j1939_sk_buff_cb *rel_skcb)
1438 {
1439 	struct sk_buff *skb;
1440 	struct j1939_sk_buff_cb *skcb;
1441 	struct j1939_session *session;
1442 
1443 	skb = alloc_skb(size + sizeof(struct can_skb_priv), GFP_ATOMIC);
1444 	if (unlikely(!skb))
1445 		return NULL;
1446 
1447 	skb->dev = priv->ndev;
1448 	can_skb_reserve(skb);
1449 	can_skb_prv(skb)->ifindex = priv->ndev->ifindex;
1450 	skcb = j1939_skb_to_cb(skb);
1451 	memcpy(skcb, rel_skcb, sizeof(*skcb));
1452 
1453 	session = j1939_session_new(priv, skb, size);
1454 	if (!session) {
1455 		kfree_skb(skb);
1456 		return NULL;
1457 	}
1458 
1459 	/* alloc data area */
1460 	skb_put(skb, size);
1461 	/* skb is recounted in j1939_session_new() */
1462 	return session;
1463 }
1464 
1465 int j1939_session_activate(struct j1939_session *session)
1466 {
1467 	struct j1939_priv *priv = session->priv;
1468 	struct j1939_session *active = NULL;
1469 	int ret = 0;
1470 
1471 	j1939_session_list_lock(priv);
1472 	if (session->skcb.addr.type != J1939_SIMPLE)
1473 		active = j1939_session_get_by_addr_locked(priv,
1474 							  &priv->active_session_list,
1475 							  &session->skcb.addr, false,
1476 							  session->transmission);
1477 	if (active) {
1478 		j1939_session_put(active);
1479 		ret = -EAGAIN;
1480 	} else {
1481 		WARN_ON_ONCE(session->state != J1939_SESSION_NEW);
1482 		list_add_tail(&session->active_session_list_entry,
1483 			      &priv->active_session_list);
1484 		j1939_session_get(session);
1485 		session->state = J1939_SESSION_ACTIVE;
1486 
1487 		netdev_dbg(session->priv->ndev, "%s: 0x%p\n",
1488 			   __func__, session);
1489 	}
1490 	j1939_session_list_unlock(priv);
1491 
1492 	return ret;
1493 }
1494 
1495 static struct
1496 j1939_session *j1939_xtp_rx_rts_session_new(struct j1939_priv *priv,
1497 					    struct sk_buff *skb)
1498 {
1499 	enum j1939_xtp_abort abort = J1939_XTP_NO_ABORT;
1500 	struct j1939_sk_buff_cb skcb = *j1939_skb_to_cb(skb);
1501 	struct j1939_session *session;
1502 	const u8 *dat;
1503 	pgn_t pgn;
1504 	int len;
1505 
1506 	netdev_dbg(priv->ndev, "%s\n", __func__);
1507 
1508 	dat = skb->data;
1509 	pgn = j1939_xtp_ctl_to_pgn(dat);
1510 	skcb.addr.pgn = pgn;
1511 
1512 	if (!j1939_sk_recv_match(priv, &skcb))
1513 		return NULL;
1514 
1515 	if (skcb.addr.type == J1939_ETP) {
1516 		len = j1939_etp_ctl_to_size(dat);
1517 		if (len > J1939_MAX_ETP_PACKET_SIZE)
1518 			abort = J1939_XTP_ABORT_FAULT;
1519 		else if (len > priv->tp_max_packet_size)
1520 			abort = J1939_XTP_ABORT_RESOURCE;
1521 		else if (len <= J1939_MAX_TP_PACKET_SIZE)
1522 			abort = J1939_XTP_ABORT_FAULT;
1523 	} else {
1524 		len = j1939_tp_ctl_to_size(dat);
1525 		if (len > J1939_MAX_TP_PACKET_SIZE)
1526 			abort = J1939_XTP_ABORT_FAULT;
1527 		else if (len > priv->tp_max_packet_size)
1528 			abort = J1939_XTP_ABORT_RESOURCE;
1529 	}
1530 
1531 	if (abort != J1939_XTP_NO_ABORT) {
1532 		j1939_xtp_tx_abort(priv, &skcb, true, abort, pgn);
1533 		return NULL;
1534 	}
1535 
1536 	session = j1939_session_fresh_new(priv, len, &skcb);
1537 	if (!session) {
1538 		j1939_xtp_tx_abort(priv, &skcb, true,
1539 				   J1939_XTP_ABORT_RESOURCE, pgn);
1540 		return NULL;
1541 	}
1542 
1543 	/* initialize the control buffer: plain copy */
1544 	session->pkt.total = (len + 6) / 7;
1545 	session->pkt.block = 0xff;
1546 	if (skcb.addr.type != J1939_ETP) {
1547 		if (dat[3] != session->pkt.total)
1548 			netdev_alert(priv->ndev, "%s: 0x%p: strange total, %u != %u\n",
1549 				     __func__, session, session->pkt.total,
1550 				     dat[3]);
1551 		session->pkt.total = dat[3];
1552 		session->pkt.block = min(dat[3], dat[4]);
1553 	}
1554 
1555 	session->pkt.rx = 0;
1556 	session->pkt.tx = 0;
1557 
1558 	WARN_ON_ONCE(j1939_session_activate(session));
1559 
1560 	return session;
1561 }
1562 
1563 static int j1939_xtp_rx_rts_session_active(struct j1939_session *session,
1564 					   struct sk_buff *skb)
1565 {
1566 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1567 	struct j1939_priv *priv = session->priv;
1568 
1569 	if (!session->transmission) {
1570 		if (j1939_xtp_rx_cmd_bad_pgn(session, skb))
1571 			return -EBUSY;
1572 
1573 		/* RTS on active session */
1574 		j1939_session_timers_cancel(session);
1575 		j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);
1576 		j1939_session_cancel(session, J1939_XTP_ABORT_BUSY);
1577 	}
1578 
1579 	if (session->last_cmd != 0) {
1580 		/* we received a second rts on the same connection */
1581 		netdev_alert(priv->ndev, "%s: 0x%p: connection exists (%02x %02x). last cmd: %x\n",
1582 			     __func__, session, skcb->addr.sa, skcb->addr.da,
1583 			     session->last_cmd);
1584 
1585 		j1939_session_timers_cancel(session);
1586 		j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);
1587 		j1939_session_cancel(session, J1939_XTP_ABORT_BUSY);
1588 
1589 		return -EBUSY;
1590 	}
1591 
1592 	if (session->skcb.addr.sa != skcb->addr.sa ||
1593 	    session->skcb.addr.da != skcb->addr.da)
1594 		netdev_warn(priv->ndev, "%s: 0x%p: session->skcb.addr.sa=0x%02x skcb->addr.sa=0x%02x session->skcb.addr.da=0x%02x skcb->addr.da=0x%02x\n",
1595 			    __func__, session,
1596 			    session->skcb.addr.sa, skcb->addr.sa,
1597 			    session->skcb.addr.da, skcb->addr.da);
1598 	/* make sure 'sa' & 'da' are correct !
1599 	 * They may be 'not filled in yet' for sending
1600 	 * skb's, since they did not pass the Address Claim ever.
1601 	 */
1602 	session->skcb.addr.sa = skcb->addr.sa;
1603 	session->skcb.addr.da = skcb->addr.da;
1604 
1605 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
1606 
1607 	return 0;
1608 }
1609 
1610 static void j1939_xtp_rx_rts(struct j1939_priv *priv, struct sk_buff *skb,
1611 			     bool transmitter)
1612 {
1613 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1614 	struct j1939_session *session;
1615 	u8 cmd = skb->data[0];
1616 
1617 	session = j1939_session_get_by_addr(priv, &skcb->addr, false,
1618 					    transmitter);
1619 
1620 	if (!session) {
1621 		if (transmitter) {
1622 			/* If we're the transmitter and this function is called,
1623 			 * we received our own RTS. A session has already been
1624 			 * created.
1625 			 *
1626 			 * For some reasons however it might have been destroyed
1627 			 * already. So don't create a new one here (using
1628 			 * "j1939_xtp_rx_rts_session_new()") as this will be a
1629 			 * receiver session.
1630 			 *
1631 			 * The reasons the session is already destroyed might
1632 			 * be:
1633 			 * - user space closed socket was and the session was
1634 			 *   aborted
1635 			 * - session was aborted due to external abort message
1636 			 */
1637 			return;
1638 		}
1639 		session = j1939_xtp_rx_rts_session_new(priv, skb);
1640 		if (!session)
1641 			return;
1642 	} else {
1643 		if (j1939_xtp_rx_rts_session_active(session, skb)) {
1644 			j1939_session_put(session);
1645 			return;
1646 		}
1647 	}
1648 	session->last_cmd = cmd;
1649 
1650 	j1939_tp_set_rxtimeout(session, 1250);
1651 
1652 	if (cmd != J1939_TP_CMD_BAM && !session->transmission) {
1653 		j1939_session_txtimer_cancel(session);
1654 		j1939_tp_schedule_txtimer(session, 0);
1655 	}
1656 
1657 	j1939_session_put(session);
1658 }
1659 
1660 static void j1939_xtp_rx_dpo_one(struct j1939_session *session,
1661 				 struct sk_buff *skb)
1662 {
1663 	const u8 *dat = skb->data;
1664 
1665 	if (j1939_xtp_rx_cmd_bad_pgn(session, skb))
1666 		return;
1667 
1668 	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);
1669 
1670 	/* transmitted without problems */
1671 	session->pkt.dpo = j1939_etp_ctl_to_packet(skb->data);
1672 	session->last_cmd = dat[0];
1673 	j1939_tp_set_rxtimeout(session, 750);
1674 }
1675 
1676 static void j1939_xtp_rx_dpo(struct j1939_priv *priv, struct sk_buff *skb,
1677 			     bool transmitter)
1678 {
1679 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1680 	struct j1939_session *session;
1681 
1682 	session = j1939_session_get_by_addr(priv, &skcb->addr, false,
1683 					    transmitter);
1684 	if (!session) {
1685 		netdev_info(priv->ndev,
1686 			    "%s: no connection found\n", __func__);
1687 		return;
1688 	}
1689 
1690 	j1939_xtp_rx_dpo_one(session, skb);
1691 	j1939_session_put(session);
1692 }
1693 
1694 static void j1939_xtp_rx_dat_one(struct j1939_session *session,
1695 				 struct sk_buff *skb)
1696 {
1697 	struct j1939_priv *priv = session->priv;
1698 	struct j1939_sk_buff_cb *skcb;
1699 	struct sk_buff *se_skb;
1700 	const u8 *dat;
1701 	u8 *tpdat;
1702 	int offset;
1703 	int nbytes;
1704 	bool final = false;
1705 	bool do_cts_eoma = false;
1706 	int packet;
1707 
1708 	skcb = j1939_skb_to_cb(skb);
1709 	dat = skb->data;
1710 	if (skb->len <= 1)
1711 		/* makes no sense */
1712 		goto out_session_cancel;
1713 
1714 	switch (session->last_cmd) {
1715 	case 0xff:
1716 		break;
1717 	case J1939_ETP_CMD_DPO:
1718 		if (skcb->addr.type == J1939_ETP)
1719 			break;
1720 		/* fall through */
1721 	case J1939_TP_CMD_BAM: /* fall through */
1722 	case J1939_TP_CMD_CTS: /* fall through */
1723 		if (skcb->addr.type != J1939_ETP)
1724 			break;
1725 		/* fall through */
1726 	default:
1727 		netdev_info(priv->ndev, "%s: 0x%p: last %02x\n", __func__,
1728 			    session, session->last_cmd);
1729 		goto out_session_cancel;
1730 	}
1731 
1732 	packet = (dat[0] - 1 + session->pkt.dpo);
1733 	if (packet > session->pkt.total ||
1734 	    (session->pkt.rx + 1) > session->pkt.total) {
1735 		netdev_info(priv->ndev, "%s: 0x%p: should have been completed\n",
1736 			    __func__, session);
1737 		goto out_session_cancel;
1738 	}
1739 	se_skb = j1939_session_skb_find(session);
1740 	if (!se_skb) {
1741 		netdev_warn(priv->ndev, "%s: 0x%p: no skb found\n", __func__,
1742 			    session);
1743 		goto out_session_cancel;
1744 	}
1745 
1746 	skcb = j1939_skb_to_cb(se_skb);
1747 	offset = packet * 7 - skcb->offset;
1748 	nbytes = se_skb->len - offset;
1749 	if (nbytes > 7)
1750 		nbytes = 7;
1751 	if (nbytes <= 0 || (nbytes + 1) > skb->len) {
1752 		netdev_info(priv->ndev, "%s: 0x%p: nbytes %i, len %i\n",
1753 			    __func__, session, nbytes, skb->len);
1754 		goto out_session_cancel;
1755 	}
1756 
1757 	tpdat = se_skb->data;
1758 	memcpy(&tpdat[offset], &dat[1], nbytes);
1759 	if (packet == session->pkt.rx)
1760 		session->pkt.rx++;
1761 
1762 	if (skcb->addr.type != J1939_ETP &&
1763 	    j1939_cb_is_broadcast(&session->skcb)) {
1764 		if (session->pkt.rx >= session->pkt.total)
1765 			final = true;
1766 	} else {
1767 		/* never final, an EOMA must follow */
1768 		if (session->pkt.rx >= session->pkt.last)
1769 			do_cts_eoma = true;
1770 	}
1771 
1772 	if (final) {
1773 		j1939_session_completed(session);
1774 	} else if (do_cts_eoma) {
1775 		j1939_tp_set_rxtimeout(session, 1250);
1776 		if (!session->transmission)
1777 			j1939_tp_schedule_txtimer(session, 0);
1778 	} else {
1779 		j1939_tp_set_rxtimeout(session, 250);
1780 	}
1781 	session->last_cmd = 0xff;
1782 	j1939_session_put(session);
1783 
1784 	return;
1785 
1786  out_session_cancel:
1787 	j1939_session_timers_cancel(session);
1788 	j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);
1789 	j1939_session_cancel(session, J1939_XTP_ABORT_FAULT);
1790 	j1939_session_put(session);
1791 }
1792 
1793 static void j1939_xtp_rx_dat(struct j1939_priv *priv, struct sk_buff *skb)
1794 {
1795 	struct j1939_sk_buff_cb *skcb;
1796 	struct j1939_session *session;
1797 
1798 	skcb = j1939_skb_to_cb(skb);
1799 
1800 	if (j1939_tp_im_transmitter(skcb)) {
1801 		session = j1939_session_get_by_addr(priv, &skcb->addr, false,
1802 						    true);
1803 		if (!session)
1804 			netdev_info(priv->ndev, "%s: no tx connection found\n",
1805 				    __func__);
1806 		else
1807 			j1939_xtp_rx_dat_one(session, skb);
1808 	}
1809 
1810 	if (j1939_tp_im_receiver(skcb)) {
1811 		session = j1939_session_get_by_addr(priv, &skcb->addr, false,
1812 						    false);
1813 		if (!session)
1814 			netdev_info(priv->ndev, "%s: no rx connection found\n",
1815 				    __func__);
1816 		else
1817 			j1939_xtp_rx_dat_one(session, skb);
1818 	}
1819 }
1820 
1821 /* j1939 main intf */
1822 struct j1939_session *j1939_tp_send(struct j1939_priv *priv,
1823 				    struct sk_buff *skb, size_t size)
1824 {
1825 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1826 	struct j1939_session *session;
1827 	int ret;
1828 
1829 	if (skcb->addr.pgn == J1939_TP_PGN_DAT ||
1830 	    skcb->addr.pgn == J1939_TP_PGN_CTL ||
1831 	    skcb->addr.pgn == J1939_ETP_PGN_DAT ||
1832 	    skcb->addr.pgn == J1939_ETP_PGN_CTL)
1833 		/* avoid conflict */
1834 		return ERR_PTR(-EDOM);
1835 
1836 	if (size > priv->tp_max_packet_size)
1837 		return ERR_PTR(-EMSGSIZE);
1838 
1839 	if (size <= 8)
1840 		skcb->addr.type = J1939_SIMPLE;
1841 	else if (size > J1939_MAX_TP_PACKET_SIZE)
1842 		skcb->addr.type = J1939_ETP;
1843 	else
1844 		skcb->addr.type = J1939_TP;
1845 
1846 	if (skcb->addr.type == J1939_ETP &&
1847 	    j1939_cb_is_broadcast(skcb))
1848 		return ERR_PTR(-EDESTADDRREQ);
1849 
1850 	/* fill in addresses from names */
1851 	ret = j1939_ac_fixup(priv, skb);
1852 	if (unlikely(ret))
1853 		return ERR_PTR(ret);
1854 
1855 	/* fix DST flags, it may be used there soon */
1856 	if (j1939_address_is_unicast(skcb->addr.da) &&
1857 	    priv->ents[skcb->addr.da].nusers)
1858 		skcb->flags |= J1939_ECU_LOCAL_DST;
1859 
1860 	/* src is always local, I'm sending ... */
1861 	skcb->flags |= J1939_ECU_LOCAL_SRC;
1862 
1863 	/* prepare new session */
1864 	session = j1939_session_new(priv, skb, size);
1865 	if (!session)
1866 		return ERR_PTR(-ENOMEM);
1867 
1868 	/* skb is recounted in j1939_session_new() */
1869 	session->sk = skb->sk;
1870 	session->transmission = true;
1871 	session->pkt.total = (size + 6) / 7;
1872 	session->pkt.block = skcb->addr.type == J1939_ETP ? 255 :
1873 		min(j1939_tp_block ?: 255, session->pkt.total);
1874 
1875 	if (j1939_cb_is_broadcast(&session->skcb))
1876 		/* set the end-packet for broadcast */
1877 		session->pkt.last = session->pkt.total;
1878 
1879 	skcb->tskey = session->sk->sk_tskey++;
1880 	session->tskey = skcb->tskey;
1881 
1882 	return session;
1883 }
1884 
1885 static void j1939_tp_cmd_recv(struct j1939_priv *priv, struct sk_buff *skb)
1886 {
1887 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1888 	int extd = J1939_TP;
1889 	u8 cmd = skb->data[0];
1890 
1891 	switch (cmd) {
1892 	case J1939_ETP_CMD_RTS:
1893 		extd = J1939_ETP;
1894 		/* fall through */
1895 	case J1939_TP_CMD_BAM: /* fall through */
1896 	case J1939_TP_CMD_RTS: /* fall through */
1897 		if (skcb->addr.type != extd)
1898 			return;
1899 
1900 		if (cmd == J1939_TP_CMD_RTS && j1939_cb_is_broadcast(skcb)) {
1901 			netdev_alert(priv->ndev, "%s: rts without destination (%02x)\n",
1902 				     __func__, skcb->addr.sa);
1903 			return;
1904 		}
1905 
1906 		if (j1939_tp_im_transmitter(skcb))
1907 			j1939_xtp_rx_rts(priv, skb, true);
1908 
1909 		if (j1939_tp_im_receiver(skcb))
1910 			j1939_xtp_rx_rts(priv, skb, false);
1911 
1912 		break;
1913 
1914 	case J1939_ETP_CMD_CTS:
1915 		extd = J1939_ETP;
1916 		/* fall through */
1917 	case J1939_TP_CMD_CTS:
1918 		if (skcb->addr.type != extd)
1919 			return;
1920 
1921 		if (j1939_tp_im_transmitter(skcb))
1922 			j1939_xtp_rx_cts(priv, skb, false);
1923 
1924 		if (j1939_tp_im_receiver(skcb))
1925 			j1939_xtp_rx_cts(priv, skb, true);
1926 
1927 		break;
1928 
1929 	case J1939_ETP_CMD_DPO:
1930 		if (skcb->addr.type != J1939_ETP)
1931 			return;
1932 
1933 		if (j1939_tp_im_transmitter(skcb))
1934 			j1939_xtp_rx_dpo(priv, skb, true);
1935 
1936 		if (j1939_tp_im_receiver(skcb))
1937 			j1939_xtp_rx_dpo(priv, skb, false);
1938 
1939 		break;
1940 
1941 	case J1939_ETP_CMD_EOMA:
1942 		extd = J1939_ETP;
1943 		/* fall through */
1944 	case J1939_TP_CMD_EOMA:
1945 		if (skcb->addr.type != extd)
1946 			return;
1947 
1948 		if (j1939_tp_im_transmitter(skcb))
1949 			j1939_xtp_rx_eoma(priv, skb, false);
1950 
1951 		if (j1939_tp_im_receiver(skcb))
1952 			j1939_xtp_rx_eoma(priv, skb, true);
1953 
1954 		break;
1955 
1956 	case J1939_ETP_CMD_ABORT: /* && J1939_TP_CMD_ABORT */
1957 		if (j1939_tp_im_transmitter(skcb))
1958 			j1939_xtp_rx_abort(priv, skb, true);
1959 
1960 		if (j1939_tp_im_receiver(skcb))
1961 			j1939_xtp_rx_abort(priv, skb, false);
1962 
1963 		break;
1964 	default:
1965 		return;
1966 	}
1967 }
1968 
1969 int j1939_tp_recv(struct j1939_priv *priv, struct sk_buff *skb)
1970 {
1971 	struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
1972 
1973 	if (!j1939_tp_im_involved_anydir(skcb))
1974 		return 0;
1975 
1976 	switch (skcb->addr.pgn) {
1977 	case J1939_ETP_PGN_DAT:
1978 		skcb->addr.type = J1939_ETP;
1979 		/* fall through */
1980 	case J1939_TP_PGN_DAT:
1981 		j1939_xtp_rx_dat(priv, skb);
1982 		break;
1983 
1984 	case J1939_ETP_PGN_CTL:
1985 		skcb->addr.type = J1939_ETP;
1986 		/* fall through */
1987 	case J1939_TP_PGN_CTL:
1988 		if (skb->len < 8)
1989 			return 0; /* Don't care. Nothing to extract here */
1990 
1991 		j1939_tp_cmd_recv(priv, skb);
1992 		break;
1993 	default:
1994 		return 0; /* no problem */
1995 	}
1996 	return 1; /* "I processed the message" */
1997 }
1998 
1999 void j1939_simple_recv(struct j1939_priv *priv, struct sk_buff *skb)
2000 {
2001 	struct j1939_session *session;
2002 
2003 	if (!skb->sk)
2004 		return;
2005 
2006 	j1939_session_list_lock(priv);
2007 	session = j1939_session_get_simple(priv, skb);
2008 	j1939_session_list_unlock(priv);
2009 	if (!session) {
2010 		netdev_warn(priv->ndev,
2011 			    "%s: Received already invalidated message\n",
2012 			    __func__);
2013 		return;
2014 	}
2015 
2016 	j1939_session_timers_cancel(session);
2017 	j1939_session_deactivate(session);
2018 	j1939_session_put(session);
2019 }
2020 
2021 int j1939_cancel_active_session(struct j1939_priv *priv, struct sock *sk)
2022 {
2023 	struct j1939_session *session, *saved;
2024 
2025 	netdev_dbg(priv->ndev, "%s, sk: %p\n", __func__, sk);
2026 	j1939_session_list_lock(priv);
2027 	list_for_each_entry_safe(session, saved,
2028 				 &priv->active_session_list,
2029 				 active_session_list_entry) {
2030 		if (!sk || sk == session->sk) {
2031 			j1939_session_timers_cancel(session);
2032 			session->err = ESHUTDOWN;
2033 			j1939_session_deactivate_locked(session);
2034 		}
2035 	}
2036 	j1939_session_list_unlock(priv);
2037 	return NOTIFY_DONE;
2038 }
2039 
2040 void j1939_tp_init(struct j1939_priv *priv)
2041 {
2042 	spin_lock_init(&priv->active_session_list_lock);
2043 	INIT_LIST_HEAD(&priv->active_session_list);
2044 	priv->tp_max_packet_size = J1939_MAX_ETP_PACKET_SIZE;
2045 }
2046