net/qrtr/qrtr.c at v5.9 · tjh.dev/kernel

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / qrtr / qrtr.c
at v5.9 1288 lines 30 kB view raw
wrap content
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Copyright (c) 2015, Sony Mobile Communications Inc.
   4 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
   5 */
   6#include <linux/module.h>
   7#include <linux/netlink.h>
   8#include <linux/qrtr.h>
   9#include <linux/termios.h>	/* For TIOCINQ/OUTQ */
  10#include <linux/spinlock.h>
  11#include <linux/wait.h>
  12
  13#include <net/sock.h>
  14
  15#include "qrtr.h"
  16
  17#define QRTR_PROTO_VER_1 1
  18#define QRTR_PROTO_VER_2 3
  19
  20/* auto-bind range */
  21#define QRTR_MIN_EPH_SOCKET 0x4000
  22#define QRTR_MAX_EPH_SOCKET 0x7fff
  23
  24/**
  25 * struct qrtr_hdr_v1 - (I|R)PCrouter packet header version 1
  26 * @version: protocol version
  27 * @type: packet type; one of QRTR_TYPE_*
  28 * @src_node_id: source node
  29 * @src_port_id: source port
  30 * @confirm_rx: boolean; whether a resume-tx packet should be send in reply
  31 * @size: length of packet, excluding this header
  32 * @dst_node_id: destination node
  33 * @dst_port_id: destination port
  34 */
  35struct qrtr_hdr_v1 {
  36	__le32 version;
  37	__le32 type;
  38	__le32 src_node_id;
  39	__le32 src_port_id;
  40	__le32 confirm_rx;
  41	__le32 size;
  42	__le32 dst_node_id;
  43	__le32 dst_port_id;
  44} __packed;
  45
  46/**
  47 * struct qrtr_hdr_v2 - (I|R)PCrouter packet header later versions
  48 * @version: protocol version
  49 * @type: packet type; one of QRTR_TYPE_*
  50 * @flags: bitmask of QRTR_FLAGS_*
  51 * @optlen: length of optional header data
  52 * @size: length of packet, excluding this header and optlen
  53 * @src_node_id: source node
  54 * @src_port_id: source port
  55 * @dst_node_id: destination node
  56 * @dst_port_id: destination port
  57 */
  58struct qrtr_hdr_v2 {
  59	u8 version;
  60	u8 type;
  61	u8 flags;
  62	u8 optlen;
  63	__le32 size;
  64	__le16 src_node_id;
  65	__le16 src_port_id;
  66	__le16 dst_node_id;
  67	__le16 dst_port_id;
  68};
  69
  70#define QRTR_FLAGS_CONFIRM_RX	BIT(0)
  71
  72struct qrtr_cb {
  73	u32 src_node;
  74	u32 src_port;
  75	u32 dst_node;
  76	u32 dst_port;
  77
  78	u8 type;
  79	u8 confirm_rx;
  80};
  81
  82#define QRTR_HDR_MAX_SIZE max_t(size_t, sizeof(struct qrtr_hdr_v1), \
  83					sizeof(struct qrtr_hdr_v2))
  84
  85struct qrtr_sock {
  86	/* WARNING: sk must be the first member */
  87	struct sock sk;
  88	struct sockaddr_qrtr us;
  89	struct sockaddr_qrtr peer;
  90};
  91
  92static inline struct qrtr_sock *qrtr_sk(struct sock *sk)
  93{
  94	BUILD_BUG_ON(offsetof(struct qrtr_sock, sk) != 0);
  95	return container_of(sk, struct qrtr_sock, sk);
  96}
  97
  98static unsigned int qrtr_local_nid = 1;
  99
 100/* for node ids */
 101static RADIX_TREE(qrtr_nodes, GFP_ATOMIC);
 102static DEFINE_SPINLOCK(qrtr_nodes_lock);
 103/* broadcast list */
 104static LIST_HEAD(qrtr_all_nodes);
 105/* lock for qrtr_all_nodes and node reference */
 106static DEFINE_MUTEX(qrtr_node_lock);
 107
 108/* local port allocation management */
 109static DEFINE_IDR(qrtr_ports);
 110static DEFINE_MUTEX(qrtr_port_lock);
 111
 112/**
 113 * struct qrtr_node - endpoint node
 114 * @ep_lock: lock for endpoint management and callbacks
 115 * @ep: endpoint
 116 * @ref: reference count for node
 117 * @nid: node id
 118 * @qrtr_tx_flow: tree of qrtr_tx_flow, keyed by node << 32 | port
 119 * @qrtr_tx_lock: lock for qrtr_tx_flow inserts
 120 * @rx_queue: receive queue
 121 * @item: list item for broadcast list
 122 */
 123struct qrtr_node {
 124	struct mutex ep_lock;
 125	struct qrtr_endpoint *ep;
 126	struct kref ref;
 127	unsigned int nid;
 128
 129	struct radix_tree_root qrtr_tx_flow;
 130	struct mutex qrtr_tx_lock; /* for qrtr_tx_flow */
 131
 132	struct sk_buff_head rx_queue;
 133	struct list_head item;
 134};
 135
 136/**
 137 * struct qrtr_tx_flow - tx flow control
 138 * @resume_tx: waiters for a resume tx from the remote
 139 * @pending: number of waiting senders
 140 * @tx_failed: indicates that a message with confirm_rx flag was lost
 141 */
 142struct qrtr_tx_flow {
 143	struct wait_queue_head resume_tx;
 144	int pending;
 145	int tx_failed;
 146};
 147
 148#define QRTR_TX_FLOW_HIGH	10
 149#define QRTR_TX_FLOW_LOW	5
 150
 151static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
 152			      int type, struct sockaddr_qrtr *from,
 153			      struct sockaddr_qrtr *to);
 154static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
 155			      int type, struct sockaddr_qrtr *from,
 156			      struct sockaddr_qrtr *to);
 157static struct qrtr_sock *qrtr_port_lookup(int port);
 158static void qrtr_port_put(struct qrtr_sock *ipc);
 159
 160/* Release node resources and free the node.
 161 *
 162 * Do not call directly, use qrtr_node_release.  To be used with
 163 * kref_put_mutex.  As such, the node mutex is expected to be locked on call.
 164 */
 165static void __qrtr_node_release(struct kref *kref)
 166{
 167	struct qrtr_node *node = container_of(kref, struct qrtr_node, ref);
 168	struct radix_tree_iter iter;
 169	struct qrtr_tx_flow *flow;
 170	unsigned long flags;
 171	void __rcu **slot;
 172
 173	spin_lock_irqsave(&qrtr_nodes_lock, flags);
 174	if (node->nid != QRTR_EP_NID_AUTO)
 175		radix_tree_delete(&qrtr_nodes, node->nid);
 176	spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
 177
 178	list_del(&node->item);
 179	mutex_unlock(&qrtr_node_lock);
 180
 181	skb_queue_purge(&node->rx_queue);
 182
 183	/* Free tx flow counters */
 184	radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
 185		flow = *slot;
 186		radix_tree_iter_delete(&node->qrtr_tx_flow, &iter, slot);
 187		kfree(flow);
 188	}
 189	kfree(node);
 190}
 191
 192/* Increment reference to node. */
 193static struct qrtr_node *qrtr_node_acquire(struct qrtr_node *node)
 194{
 195	if (node)
 196		kref_get(&node->ref);
 197	return node;
 198}
 199
 200/* Decrement reference to node and release as necessary. */
 201static void qrtr_node_release(struct qrtr_node *node)
 202{
 203	if (!node)
 204		return;
 205	kref_put_mutex(&node->ref, __qrtr_node_release, &qrtr_node_lock);
 206}
 207
 208/**
 209 * qrtr_tx_resume() - reset flow control counter
 210 * @node:	qrtr_node that the QRTR_TYPE_RESUME_TX packet arrived on
 211 * @skb:	resume_tx packet
 212 */
 213static void qrtr_tx_resume(struct qrtr_node *node, struct sk_buff *skb)
 214{
 215	struct qrtr_ctrl_pkt *pkt = (struct qrtr_ctrl_pkt *)skb->data;
 216	u64 remote_node = le32_to_cpu(pkt->client.node);
 217	u32 remote_port = le32_to_cpu(pkt->client.port);
 218	struct qrtr_tx_flow *flow;
 219	unsigned long key;
 220
 221	key = remote_node << 32 | remote_port;
 222
 223	rcu_read_lock();
 224	flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
 225	rcu_read_unlock();
 226	if (flow) {
 227		spin_lock(&flow->resume_tx.lock);
 228		flow->pending = 0;
 229		spin_unlock(&flow->resume_tx.lock);
 230		wake_up_interruptible_all(&flow->resume_tx);
 231	}
 232
 233	consume_skb(skb);
 234}
 235
 236/**
 237 * qrtr_tx_wait() - flow control for outgoing packets
 238 * @node:	qrtr_node that the packet is to be send to
 239 * @dest_node:	node id of the destination
 240 * @dest_port:	port number of the destination
 241 * @type:	type of message
 242 *
 243 * The flow control scheme is based around the low and high "watermarks". When
 244 * the low watermark is passed the confirm_rx flag is set on the outgoing
 245 * message, which will trigger the remote to send a control message of the type
 246 * QRTR_TYPE_RESUME_TX to reset the counter. If the high watermark is hit
 247 * further transmision should be paused.
 248 *
 249 * Return: 1 if confirm_rx should be set, 0 otherwise or errno failure
 250 */
 251static int qrtr_tx_wait(struct qrtr_node *node, int dest_node, int dest_port,
 252			int type)
 253{
 254	unsigned long key = (u64)dest_node << 32 | dest_port;
 255	struct qrtr_tx_flow *flow;
 256	int confirm_rx = 0;
 257	int ret;
 258
 259	/* Never set confirm_rx on non-data packets */
 260	if (type != QRTR_TYPE_DATA)
 261		return 0;
 262
 263	mutex_lock(&node->qrtr_tx_lock);
 264	flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
 265	if (!flow) {
 266		flow = kzalloc(sizeof(*flow), GFP_KERNEL);
 267		if (flow) {
 268			init_waitqueue_head(&flow->resume_tx);
 269			radix_tree_insert(&node->qrtr_tx_flow, key, flow);
 270		}
 271	}
 272	mutex_unlock(&node->qrtr_tx_lock);
 273
 274	/* Set confirm_rx if we where unable to find and allocate a flow */
 275	if (!flow)
 276		return 1;
 277
 278	spin_lock_irq(&flow->resume_tx.lock);
 279	ret = wait_event_interruptible_locked_irq(flow->resume_tx,
 280						  flow->pending < QRTR_TX_FLOW_HIGH ||
 281						  flow->tx_failed ||
 282						  !node->ep);
 283	if (ret < 0) {
 284		confirm_rx = ret;
 285	} else if (!node->ep) {
 286		confirm_rx = -EPIPE;
 287	} else if (flow->tx_failed) {
 288		flow->tx_failed = 0;
 289		confirm_rx = 1;
 290	} else {
 291		flow->pending++;
 292		confirm_rx = flow->pending == QRTR_TX_FLOW_LOW;
 293	}
 294	spin_unlock_irq(&flow->resume_tx.lock);
 295
 296	return confirm_rx;
 297}
 298
 299/**
 300 * qrtr_tx_flow_failed() - flag that tx of confirm_rx flagged messages failed
 301 * @node:	qrtr_node that the packet is to be send to
 302 * @dest_node:	node id of the destination
 303 * @dest_port:	port number of the destination
 304 *
 305 * Signal that the transmission of a message with confirm_rx flag failed. The
 306 * flow's "pending" counter will keep incrementing towards QRTR_TX_FLOW_HIGH,
 307 * at which point transmission would stall forever waiting for the resume TX
 308 * message associated with the dropped confirm_rx message.
 309 * Work around this by marking the flow as having a failed transmission and
 310 * cause the next transmission attempt to be sent with the confirm_rx.
 311 */
 312static void qrtr_tx_flow_failed(struct qrtr_node *node, int dest_node,
 313				int dest_port)
 314{
 315	unsigned long key = (u64)dest_node << 32 | dest_port;
 316	struct qrtr_tx_flow *flow;
 317
 318	rcu_read_lock();
 319	flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
 320	rcu_read_unlock();
 321	if (flow) {
 322		spin_lock_irq(&flow->resume_tx.lock);
 323		flow->tx_failed = 1;
 324		spin_unlock_irq(&flow->resume_tx.lock);
 325	}
 326}
 327
 328/* Pass an outgoing packet socket buffer to the endpoint driver. */
 329static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb,
 330			     int type, struct sockaddr_qrtr *from,
 331			     struct sockaddr_qrtr *to)
 332{
 333	struct qrtr_hdr_v1 *hdr;
 334	size_t len = skb->len;
 335	int rc, confirm_rx;
 336
 337	confirm_rx = qrtr_tx_wait(node, to->sq_node, to->sq_port, type);
 338	if (confirm_rx < 0) {
 339		kfree_skb(skb);
 340		return confirm_rx;
 341	}
 342
 343	hdr = skb_push(skb, sizeof(*hdr));
 344	hdr->version = cpu_to_le32(QRTR_PROTO_VER_1);
 345	hdr->type = cpu_to_le32(type);
 346	hdr->src_node_id = cpu_to_le32(from->sq_node);
 347	hdr->src_port_id = cpu_to_le32(from->sq_port);
 348	if (to->sq_port == QRTR_PORT_CTRL) {
 349		hdr->dst_node_id = cpu_to_le32(node->nid);
 350		hdr->dst_port_id = cpu_to_le32(QRTR_NODE_BCAST);
 351	} else {
 352		hdr->dst_node_id = cpu_to_le32(to->sq_node);
 353		hdr->dst_port_id = cpu_to_le32(to->sq_port);
 354	}
 355
 356	hdr->size = cpu_to_le32(len);
 357	hdr->confirm_rx = !!confirm_rx;
 358
 359	rc = skb_put_padto(skb, ALIGN(len, 4) + sizeof(*hdr));
 360
 361	if (!rc) {
 362		mutex_lock(&node->ep_lock);
 363		rc = -ENODEV;
 364		if (node->ep)
 365			rc = node->ep->xmit(node->ep, skb);
 366		else
 367			kfree_skb(skb);
 368		mutex_unlock(&node->ep_lock);
 369	}
 370	/* Need to ensure that a subsequent message carries the otherwise lost
 371	 * confirm_rx flag if we dropped this one */
 372	if (rc && confirm_rx)
 373		qrtr_tx_flow_failed(node, to->sq_node, to->sq_port);
 374
 375	return rc;
 376}
 377
 378/* Lookup node by id.
 379 *
 380 * callers must release with qrtr_node_release()
 381 */
 382static struct qrtr_node *qrtr_node_lookup(unsigned int nid)
 383{
 384	struct qrtr_node *node;
 385	unsigned long flags;
 386
 387	spin_lock_irqsave(&qrtr_nodes_lock, flags);
 388	node = radix_tree_lookup(&qrtr_nodes, nid);
 389	node = qrtr_node_acquire(node);
 390	spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
 391
 392	return node;
 393}
 394
 395/* Assign node id to node.
 396 *
 397 * This is mostly useful for automatic node id assignment, based on
 398 * the source id in the incoming packet.
 399 */
 400static void qrtr_node_assign(struct qrtr_node *node, unsigned int nid)
 401{
 402	unsigned long flags;
 403
 404	if (node->nid != QRTR_EP_NID_AUTO || nid == QRTR_EP_NID_AUTO)
 405		return;
 406
 407	spin_lock_irqsave(&qrtr_nodes_lock, flags);
 408	radix_tree_insert(&qrtr_nodes, nid, node);
 409	node->nid = nid;
 410	spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
 411}
 412
 413/**
 414 * qrtr_endpoint_post() - post incoming data
 415 * @ep: endpoint handle
 416 * @data: data pointer
 417 * @len: size of data in bytes
 418 *
 419 * Return: 0 on success; negative error code on failure
 420 */
 421int qrtr_endpoint_post(struct qrtr_endpoint *ep, const void *data, size_t len)
 422{
 423	struct qrtr_node *node = ep->node;
 424	const struct qrtr_hdr_v1 *v1;
 425	const struct qrtr_hdr_v2 *v2;
 426	struct qrtr_sock *ipc;
 427	struct sk_buff *skb;
 428	struct qrtr_cb *cb;
 429	unsigned int size;
 430	unsigned int ver;
 431	size_t hdrlen;
 432
 433	if (len == 0 || len & 3)
 434		return -EINVAL;
 435
 436	skb = netdev_alloc_skb(NULL, len);
 437	if (!skb)
 438		return -ENOMEM;
 439
 440	cb = (struct qrtr_cb *)skb->cb;
 441
 442	/* Version field in v1 is little endian, so this works for both cases */
 443	ver = *(u8*)data;
 444
 445	switch (ver) {
 446	case QRTR_PROTO_VER_1:
 447		if (len < sizeof(*v1))
 448			goto err;
 449		v1 = data;
 450		hdrlen = sizeof(*v1);
 451
 452		cb->type = le32_to_cpu(v1->type);
 453		cb->src_node = le32_to_cpu(v1->src_node_id);
 454		cb->src_port = le32_to_cpu(v1->src_port_id);
 455		cb->confirm_rx = !!v1->confirm_rx;
 456		cb->dst_node = le32_to_cpu(v1->dst_node_id);
 457		cb->dst_port = le32_to_cpu(v1->dst_port_id);
 458
 459		size = le32_to_cpu(v1->size);
 460		break;
 461	case QRTR_PROTO_VER_2:
 462		if (len < sizeof(*v2))
 463			goto err;
 464		v2 = data;
 465		hdrlen = sizeof(*v2) + v2->optlen;
 466
 467		cb->type = v2->type;
 468		cb->confirm_rx = !!(v2->flags & QRTR_FLAGS_CONFIRM_RX);
 469		cb->src_node = le16_to_cpu(v2->src_node_id);
 470		cb->src_port = le16_to_cpu(v2->src_port_id);
 471		cb->dst_node = le16_to_cpu(v2->dst_node_id);
 472		cb->dst_port = le16_to_cpu(v2->dst_port_id);
 473
 474		if (cb->src_port == (u16)QRTR_PORT_CTRL)
 475			cb->src_port = QRTR_PORT_CTRL;
 476		if (cb->dst_port == (u16)QRTR_PORT_CTRL)
 477			cb->dst_port = QRTR_PORT_CTRL;
 478
 479		size = le32_to_cpu(v2->size);
 480		break;
 481	default:
 482		pr_err("qrtr: Invalid version %d\n", ver);
 483		goto err;
 484	}
 485
 486	if (len != ALIGN(size, 4) + hdrlen)
 487		goto err;
 488
 489	if (cb->dst_port != QRTR_PORT_CTRL && cb->type != QRTR_TYPE_DATA &&
 490	    cb->type != QRTR_TYPE_RESUME_TX)
 491		goto err;
 492
 493	skb_put_data(skb, data + hdrlen, size);
 494
 495	qrtr_node_assign(node, cb->src_node);
 496
 497	if (cb->type == QRTR_TYPE_RESUME_TX) {
 498		qrtr_tx_resume(node, skb);
 499	} else {
 500		ipc = qrtr_port_lookup(cb->dst_port);
 501		if (!ipc)
 502			goto err;
 503
 504		if (sock_queue_rcv_skb(&ipc->sk, skb))
 505			goto err;
 506
 507		qrtr_port_put(ipc);
 508	}
 509
 510	return 0;
 511
 512err:
 513	kfree_skb(skb);
 514	return -EINVAL;
 515
 516}
 517EXPORT_SYMBOL_GPL(qrtr_endpoint_post);
 518
 519/**
 520 * qrtr_alloc_ctrl_packet() - allocate control packet skb
 521 * @pkt: reference to qrtr_ctrl_pkt pointer
 522 *
 523 * Returns newly allocated sk_buff, or NULL on failure
 524 *
 525 * This function allocates a sk_buff large enough to carry a qrtr_ctrl_pkt and
 526 * on success returns a reference to the control packet in @pkt.
 527 */
 528static struct sk_buff *qrtr_alloc_ctrl_packet(struct qrtr_ctrl_pkt **pkt)
 529{
 530	const int pkt_len = sizeof(struct qrtr_ctrl_pkt);
 531	struct sk_buff *skb;
 532
 533	skb = alloc_skb(QRTR_HDR_MAX_SIZE + pkt_len, GFP_KERNEL);
 534	if (!skb)
 535		return NULL;
 536
 537	skb_reserve(skb, QRTR_HDR_MAX_SIZE);
 538	*pkt = skb_put_zero(skb, pkt_len);
 539
 540	return skb;
 541}
 542
 543/**
 544 * qrtr_endpoint_register() - register a new endpoint
 545 * @ep: endpoint to register
 546 * @nid: desired node id; may be QRTR_EP_NID_AUTO for auto-assignment
 547 * Return: 0 on success; negative error code on failure
 548 *
 549 * The specified endpoint must have the xmit function pointer set on call.
 550 */
 551int qrtr_endpoint_register(struct qrtr_endpoint *ep, unsigned int nid)
 552{
 553	struct qrtr_node *node;
 554
 555	if (!ep || !ep->xmit)
 556		return -EINVAL;
 557
 558	node = kzalloc(sizeof(*node), GFP_KERNEL);
 559	if (!node)
 560		return -ENOMEM;
 561
 562	kref_init(&node->ref);
 563	mutex_init(&node->ep_lock);
 564	skb_queue_head_init(&node->rx_queue);
 565	node->nid = QRTR_EP_NID_AUTO;
 566	node->ep = ep;
 567
 568	INIT_RADIX_TREE(&node->qrtr_tx_flow, GFP_KERNEL);
 569	mutex_init(&node->qrtr_tx_lock);
 570
 571	qrtr_node_assign(node, nid);
 572
 573	mutex_lock(&qrtr_node_lock);
 574	list_add(&node->item, &qrtr_all_nodes);
 575	mutex_unlock(&qrtr_node_lock);
 576	ep->node = node;
 577
 578	return 0;
 579}
 580EXPORT_SYMBOL_GPL(qrtr_endpoint_register);
 581
 582/**
 583 * qrtr_endpoint_unregister - unregister endpoint
 584 * @ep: endpoint to unregister
 585 */
 586void qrtr_endpoint_unregister(struct qrtr_endpoint *ep)
 587{
 588	struct qrtr_node *node = ep->node;
 589	struct sockaddr_qrtr src = {AF_QIPCRTR, node->nid, QRTR_PORT_CTRL};
 590	struct sockaddr_qrtr dst = {AF_QIPCRTR, qrtr_local_nid, QRTR_PORT_CTRL};
 591	struct radix_tree_iter iter;
 592	struct qrtr_ctrl_pkt *pkt;
 593	struct qrtr_tx_flow *flow;
 594	struct sk_buff *skb;
 595	void __rcu **slot;
 596
 597	mutex_lock(&node->ep_lock);
 598	node->ep = NULL;
 599	mutex_unlock(&node->ep_lock);
 600
 601	/* Notify the local controller about the event */
 602	skb = qrtr_alloc_ctrl_packet(&pkt);
 603	if (skb) {
 604		pkt->cmd = cpu_to_le32(QRTR_TYPE_BYE);
 605		qrtr_local_enqueue(NULL, skb, QRTR_TYPE_BYE, &src, &dst);
 606	}
 607
 608	/* Wake up any transmitters waiting for resume-tx from the node */
 609	mutex_lock(&node->qrtr_tx_lock);
 610	radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
 611		flow = *slot;
 612		wake_up_interruptible_all(&flow->resume_tx);
 613	}
 614	mutex_unlock(&node->qrtr_tx_lock);
 615
 616	qrtr_node_release(node);
 617	ep->node = NULL;
 618}
 619EXPORT_SYMBOL_GPL(qrtr_endpoint_unregister);
 620
 621/* Lookup socket by port.
 622 *
 623 * Callers must release with qrtr_port_put()
 624 */
 625static struct qrtr_sock *qrtr_port_lookup(int port)
 626{
 627	struct qrtr_sock *ipc;
 628
 629	if (port == QRTR_PORT_CTRL)
 630		port = 0;
 631
 632	rcu_read_lock();
 633	ipc = idr_find(&qrtr_ports, port);
 634	if (ipc)
 635		sock_hold(&ipc->sk);
 636	rcu_read_unlock();
 637
 638	return ipc;
 639}
 640
 641/* Release acquired socket. */
 642static void qrtr_port_put(struct qrtr_sock *ipc)
 643{
 644	sock_put(&ipc->sk);
 645}
 646
 647/* Remove port assignment. */
 648static void qrtr_port_remove(struct qrtr_sock *ipc)
 649{
 650	struct qrtr_ctrl_pkt *pkt;
 651	struct sk_buff *skb;
 652	int port = ipc->us.sq_port;
 653	struct sockaddr_qrtr to;
 654
 655	to.sq_family = AF_QIPCRTR;
 656	to.sq_node = QRTR_NODE_BCAST;
 657	to.sq_port = QRTR_PORT_CTRL;
 658
 659	skb = qrtr_alloc_ctrl_packet(&pkt);
 660	if (skb) {
 661		pkt->cmd = cpu_to_le32(QRTR_TYPE_DEL_CLIENT);
 662		pkt->client.node = cpu_to_le32(ipc->us.sq_node);
 663		pkt->client.port = cpu_to_le32(ipc->us.sq_port);
 664
 665		skb_set_owner_w(skb, &ipc->sk);
 666		qrtr_bcast_enqueue(NULL, skb, QRTR_TYPE_DEL_CLIENT, &ipc->us,
 667				   &to);
 668	}
 669
 670	if (port == QRTR_PORT_CTRL)
 671		port = 0;
 672
 673	__sock_put(&ipc->sk);
 674
 675	mutex_lock(&qrtr_port_lock);
 676	idr_remove(&qrtr_ports, port);
 677	mutex_unlock(&qrtr_port_lock);
 678
 679	/* Ensure that if qrtr_port_lookup() did enter the RCU read section we
 680	 * wait for it to up increment the refcount */
 681	synchronize_rcu();
 682}
 683
 684/* Assign port number to socket.
 685 *
 686 * Specify port in the integer pointed to by port, and it will be adjusted
 687 * on return as necesssary.
 688 *
 689 * Port may be:
 690 *   0: Assign ephemeral port in [QRTR_MIN_EPH_SOCKET, QRTR_MAX_EPH_SOCKET]
 691 *   <QRTR_MIN_EPH_SOCKET: Specified; requires CAP_NET_ADMIN
 692 *   >QRTR_MIN_EPH_SOCKET: Specified; available to all
 693 */
 694static int qrtr_port_assign(struct qrtr_sock *ipc, int *port)
 695{
 696	u32 min_port;
 697	int rc;
 698
 699	mutex_lock(&qrtr_port_lock);
 700	if (!*port) {
 701		min_port = QRTR_MIN_EPH_SOCKET;
 702		rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, QRTR_MAX_EPH_SOCKET, GFP_ATOMIC);
 703		if (!rc)
 704			*port = min_port;
 705	} else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
 706		rc = -EACCES;
 707	} else if (*port == QRTR_PORT_CTRL) {
 708		min_port = 0;
 709		rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, 0, GFP_ATOMIC);
 710	} else {
 711		min_port = *port;
 712		rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, *port, GFP_ATOMIC);
 713		if (!rc)
 714			*port = min_port;
 715	}
 716	mutex_unlock(&qrtr_port_lock);
 717
 718	if (rc == -ENOSPC)
 719		return -EADDRINUSE;
 720	else if (rc < 0)
 721		return rc;
 722
 723	sock_hold(&ipc->sk);
 724
 725	return 0;
 726}
 727
 728/* Reset all non-control ports */
 729static void qrtr_reset_ports(void)
 730{
 731	struct qrtr_sock *ipc;
 732	int id;
 733
 734	mutex_lock(&qrtr_port_lock);
 735	idr_for_each_entry(&qrtr_ports, ipc, id) {
 736		/* Don't reset control port */
 737		if (id == 0)
 738			continue;
 739
 740		sock_hold(&ipc->sk);
 741		ipc->sk.sk_err = ENETRESET;
 742		ipc->sk.sk_error_report(&ipc->sk);
 743		sock_put(&ipc->sk);
 744	}
 745	mutex_unlock(&qrtr_port_lock);
 746}
 747
 748/* Bind socket to address.
 749 *
 750 * Socket should be locked upon call.
 751 */
 752static int __qrtr_bind(struct socket *sock,
 753		       const struct sockaddr_qrtr *addr, int zapped)
 754{
 755	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
 756	struct sock *sk = sock->sk;
 757	int port;
 758	int rc;
 759
 760	/* rebinding ok */
 761	if (!zapped && addr->sq_port == ipc->us.sq_port)
 762		return 0;
 763
 764	port = addr->sq_port;
 765	rc = qrtr_port_assign(ipc, &port);
 766	if (rc)
 767		return rc;
 768
 769	/* unbind previous, if any */
 770	if (!zapped)
 771		qrtr_port_remove(ipc);
 772	ipc->us.sq_port = port;
 773
 774	sock_reset_flag(sk, SOCK_ZAPPED);
 775
 776	/* Notify all open ports about the new controller */
 777	if (port == QRTR_PORT_CTRL)
 778		qrtr_reset_ports();
 779
 780	return 0;
 781}
 782
 783/* Auto bind to an ephemeral port. */
 784static int qrtr_autobind(struct socket *sock)
 785{
 786	struct sock *sk = sock->sk;
 787	struct sockaddr_qrtr addr;
 788
 789	if (!sock_flag(sk, SOCK_ZAPPED))
 790		return 0;
 791
 792	addr.sq_family = AF_QIPCRTR;
 793	addr.sq_node = qrtr_local_nid;
 794	addr.sq_port = 0;
 795
 796	return __qrtr_bind(sock, &addr, 1);
 797}
 798
 799/* Bind socket to specified sockaddr. */
 800static int qrtr_bind(struct socket *sock, struct sockaddr *saddr, int len)
 801{
 802	DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
 803	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
 804	struct sock *sk = sock->sk;
 805	int rc;
 806
 807	if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
 808		return -EINVAL;
 809
 810	if (addr->sq_node != ipc->us.sq_node)
 811		return -EINVAL;
 812
 813	lock_sock(sk);
 814	rc = __qrtr_bind(sock, addr, sock_flag(sk, SOCK_ZAPPED));
 815	release_sock(sk);
 816
 817	return rc;
 818}
 819
 820/* Queue packet to local peer socket. */
 821static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
 822			      int type, struct sockaddr_qrtr *from,
 823			      struct sockaddr_qrtr *to)
 824{
 825	struct qrtr_sock *ipc;
 826	struct qrtr_cb *cb;
 827
 828	ipc = qrtr_port_lookup(to->sq_port);
 829	if (!ipc || &ipc->sk == skb->sk) { /* do not send to self */
 830		kfree_skb(skb);
 831		return -ENODEV;
 832	}
 833
 834	cb = (struct qrtr_cb *)skb->cb;
 835	cb->src_node = from->sq_node;
 836	cb->src_port = from->sq_port;
 837
 838	if (sock_queue_rcv_skb(&ipc->sk, skb)) {
 839		qrtr_port_put(ipc);
 840		kfree_skb(skb);
 841		return -ENOSPC;
 842	}
 843
 844	qrtr_port_put(ipc);
 845
 846	return 0;
 847}
 848
 849/* Queue packet for broadcast. */
 850static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
 851			      int type, struct sockaddr_qrtr *from,
 852			      struct sockaddr_qrtr *to)
 853{
 854	struct sk_buff *skbn;
 855
 856	mutex_lock(&qrtr_node_lock);
 857	list_for_each_entry(node, &qrtr_all_nodes, item) {
 858		skbn = skb_clone(skb, GFP_KERNEL);
 859		if (!skbn)
 860			break;
 861		skb_set_owner_w(skbn, skb->sk);
 862		qrtr_node_enqueue(node, skbn, type, from, to);
 863	}
 864	mutex_unlock(&qrtr_node_lock);
 865
 866	qrtr_local_enqueue(NULL, skb, type, from, to);
 867
 868	return 0;
 869}
 870
 871static int qrtr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
 872{
 873	DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
 874	int (*enqueue_fn)(struct qrtr_node *, struct sk_buff *, int,
 875			  struct sockaddr_qrtr *, struct sockaddr_qrtr *);
 876	__le32 qrtr_type = cpu_to_le32(QRTR_TYPE_DATA);
 877	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
 878	struct sock *sk = sock->sk;
 879	struct qrtr_node *node;
 880	struct sk_buff *skb;
 881	size_t plen;
 882	u32 type;
 883	int rc;
 884
 885	if (msg->msg_flags & ~(MSG_DONTWAIT))
 886		return -EINVAL;
 887
 888	if (len > 65535)
 889		return -EMSGSIZE;
 890
 891	lock_sock(sk);
 892
 893	if (addr) {
 894		if (msg->msg_namelen < sizeof(*addr)) {
 895			release_sock(sk);
 896			return -EINVAL;
 897		}
 898
 899		if (addr->sq_family != AF_QIPCRTR) {
 900			release_sock(sk);
 901			return -EINVAL;
 902		}
 903
 904		rc = qrtr_autobind(sock);
 905		if (rc) {
 906			release_sock(sk);
 907			return rc;
 908		}
 909	} else if (sk->sk_state == TCP_ESTABLISHED) {
 910		addr = &ipc->peer;
 911	} else {
 912		release_sock(sk);
 913		return -ENOTCONN;
 914	}
 915
 916	node = NULL;
 917	if (addr->sq_node == QRTR_NODE_BCAST) {
 918		if (addr->sq_port != QRTR_PORT_CTRL &&
 919		    qrtr_local_nid != QRTR_NODE_BCAST) {
 920			release_sock(sk);
 921			return -ENOTCONN;
 922		}
 923		enqueue_fn = qrtr_bcast_enqueue;
 924	} else if (addr->sq_node == ipc->us.sq_node) {
 925		enqueue_fn = qrtr_local_enqueue;
 926	} else {
 927		node = qrtr_node_lookup(addr->sq_node);
 928		if (!node) {
 929			release_sock(sk);
 930			return -ECONNRESET;
 931		}
 932		enqueue_fn = qrtr_node_enqueue;
 933	}
 934
 935	plen = (len + 3) & ~3;
 936	skb = sock_alloc_send_skb(sk, plen + QRTR_HDR_MAX_SIZE,
 937				  msg->msg_flags & MSG_DONTWAIT, &rc);
 938	if (!skb)
 939		goto out_node;
 940
 941	skb_reserve(skb, QRTR_HDR_MAX_SIZE);
 942
 943	rc = memcpy_from_msg(skb_put(skb, len), msg, len);
 944	if (rc) {
 945		kfree_skb(skb);
 946		goto out_node;
 947	}
 948
 949	if (ipc->us.sq_port == QRTR_PORT_CTRL) {
 950		if (len < 4) {
 951			rc = -EINVAL;
 952			kfree_skb(skb);
 953			goto out_node;
 954		}
 955
 956		/* control messages already require the type as 'command' */
 957		skb_copy_bits(skb, 0, &qrtr_type, 4);
 958	}
 959
 960	type = le32_to_cpu(qrtr_type);
 961	rc = enqueue_fn(node, skb, type, &ipc->us, addr);
 962	if (rc >= 0)
 963		rc = len;
 964
 965out_node:
 966	qrtr_node_release(node);
 967	release_sock(sk);
 968
 969	return rc;
 970}
 971
 972static int qrtr_send_resume_tx(struct qrtr_cb *cb)
 973{
 974	struct sockaddr_qrtr remote = { AF_QIPCRTR, cb->src_node, cb->src_port };
 975	struct sockaddr_qrtr local = { AF_QIPCRTR, cb->dst_node, cb->dst_port };
 976	struct qrtr_ctrl_pkt *pkt;
 977	struct qrtr_node *node;
 978	struct sk_buff *skb;
 979	int ret;
 980
 981	node = qrtr_node_lookup(remote.sq_node);
 982	if (!node)
 983		return -EINVAL;
 984
 985	skb = qrtr_alloc_ctrl_packet(&pkt);
 986	if (!skb)
 987		return -ENOMEM;
 988
 989	pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
 990	pkt->client.node = cpu_to_le32(cb->dst_node);
 991	pkt->client.port = cpu_to_le32(cb->dst_port);
 992
 993	ret = qrtr_node_enqueue(node, skb, QRTR_TYPE_RESUME_TX, &local, &remote);
 994
 995	qrtr_node_release(node);
 996
 997	return ret;
 998}
 999
1000static int qrtr_recvmsg(struct socket *sock, struct msghdr *msg,
1001			size_t size, int flags)
1002{
1003	DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
1004	struct sock *sk = sock->sk;
1005	struct sk_buff *skb;
1006	struct qrtr_cb *cb;
1007	int copied, rc;
1008
1009	lock_sock(sk);
1010
1011	if (sock_flag(sk, SOCK_ZAPPED)) {
1012		release_sock(sk);
1013		return -EADDRNOTAVAIL;
1014	}
1015
1016	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1017				flags & MSG_DONTWAIT, &rc);
1018	if (!skb) {
1019		release_sock(sk);
1020		return rc;
1021	}
1022	cb = (struct qrtr_cb *)skb->cb;
1023
1024	copied = skb->len;
1025	if (copied > size) {
1026		copied = size;
1027		msg->msg_flags |= MSG_TRUNC;
1028	}
1029
1030	rc = skb_copy_datagram_msg(skb, 0, msg, copied);
1031	if (rc < 0)
1032		goto out;
1033	rc = copied;
1034
1035	if (addr) {
1036		addr->sq_family = AF_QIPCRTR;
1037		addr->sq_node = cb->src_node;
1038		addr->sq_port = cb->src_port;
1039		msg->msg_namelen = sizeof(*addr);
1040	}
1041
1042out:
1043	if (cb->confirm_rx)
1044		qrtr_send_resume_tx(cb);
1045
1046	skb_free_datagram(sk, skb);
1047	release_sock(sk);
1048
1049	return rc;
1050}
1051
1052static int qrtr_connect(struct socket *sock, struct sockaddr *saddr,
1053			int len, int flags)
1054{
1055	DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
1056	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1057	struct sock *sk = sock->sk;
1058	int rc;
1059
1060	if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
1061		return -EINVAL;
1062
1063	lock_sock(sk);
1064
1065	sk->sk_state = TCP_CLOSE;
1066	sock->state = SS_UNCONNECTED;
1067
1068	rc = qrtr_autobind(sock);
1069	if (rc) {
1070		release_sock(sk);
1071		return rc;
1072	}
1073
1074	ipc->peer = *addr;
1075	sock->state = SS_CONNECTED;
1076	sk->sk_state = TCP_ESTABLISHED;
1077
1078	release_sock(sk);
1079
1080	return 0;
1081}
1082
1083static int qrtr_getname(struct socket *sock, struct sockaddr *saddr,
1084			int peer)
1085{
1086	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1087	struct sockaddr_qrtr qaddr;
1088	struct sock *sk = sock->sk;
1089
1090	lock_sock(sk);
1091	if (peer) {
1092		if (sk->sk_state != TCP_ESTABLISHED) {
1093			release_sock(sk);
1094			return -ENOTCONN;
1095		}
1096
1097		qaddr = ipc->peer;
1098	} else {
1099		qaddr = ipc->us;
1100	}
1101	release_sock(sk);
1102
1103	qaddr.sq_family = AF_QIPCRTR;
1104
1105	memcpy(saddr, &qaddr, sizeof(qaddr));
1106
1107	return sizeof(qaddr);
1108}
1109
1110static int qrtr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1111{
1112	void __user *argp = (void __user *)arg;
1113	struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1114	struct sock *sk = sock->sk;
1115	struct sockaddr_qrtr *sq;
1116	struct sk_buff *skb;
1117	struct ifreq ifr;
1118	long len = 0;
1119	int rc = 0;
1120
1121	lock_sock(sk);
1122
1123	switch (cmd) {
1124	case TIOCOUTQ:
1125		len = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1126		if (len < 0)
1127			len = 0;
1128		rc = put_user(len, (int __user *)argp);
1129		break;
1130	case TIOCINQ:
1131		skb = skb_peek(&sk->sk_receive_queue);
1132		if (skb)
1133			len = skb->len;
1134		rc = put_user(len, (int __user *)argp);
1135		break;
1136	case SIOCGIFADDR:
1137		if (copy_from_user(&ifr, argp, sizeof(ifr))) {
1138			rc = -EFAULT;
1139			break;
1140		}
1141
1142		sq = (struct sockaddr_qrtr *)&ifr.ifr_addr;
1143		*sq = ipc->us;
1144		if (copy_to_user(argp, &ifr, sizeof(ifr))) {
1145			rc = -EFAULT;
1146			break;
1147		}
1148		break;
1149	case SIOCADDRT:
1150	case SIOCDELRT:
1151	case SIOCSIFADDR:
1152	case SIOCGIFDSTADDR:
1153	case SIOCSIFDSTADDR:
1154	case SIOCGIFBRDADDR:
1155	case SIOCSIFBRDADDR:
1156	case SIOCGIFNETMASK:
1157	case SIOCSIFNETMASK:
1158		rc = -EINVAL;
1159		break;
1160	default:
1161		rc = -ENOIOCTLCMD;
1162		break;
1163	}
1164
1165	release_sock(sk);
1166
1167	return rc;
1168}
1169
1170static int qrtr_release(struct socket *sock)
1171{
1172	struct sock *sk = sock->sk;
1173	struct qrtr_sock *ipc;
1174
1175	if (!sk)
1176		return 0;
1177
1178	lock_sock(sk);
1179
1180	ipc = qrtr_sk(sk);
1181	sk->sk_shutdown = SHUTDOWN_MASK;
1182	if (!sock_flag(sk, SOCK_DEAD))
1183		sk->sk_state_change(sk);
1184
1185	sock_set_flag(sk, SOCK_DEAD);
1186	sock_orphan(sk);
1187	sock->sk = NULL;
1188
1189	if (!sock_flag(sk, SOCK_ZAPPED))
1190		qrtr_port_remove(ipc);
1191
1192	skb_queue_purge(&sk->sk_receive_queue);
1193
1194	release_sock(sk);
1195	sock_put(sk);
1196
1197	return 0;
1198}
1199
1200static const struct proto_ops qrtr_proto_ops = {
1201	.owner		= THIS_MODULE,
1202	.family		= AF_QIPCRTR,
1203	.bind		= qrtr_bind,
1204	.connect	= qrtr_connect,
1205	.socketpair	= sock_no_socketpair,
1206	.accept		= sock_no_accept,
1207	.listen		= sock_no_listen,
1208	.sendmsg	= qrtr_sendmsg,
1209	.recvmsg	= qrtr_recvmsg,
1210	.getname	= qrtr_getname,
1211	.ioctl		= qrtr_ioctl,
1212	.gettstamp	= sock_gettstamp,
1213	.poll		= datagram_poll,
1214	.shutdown	= sock_no_shutdown,
1215	.release	= qrtr_release,
1216	.mmap		= sock_no_mmap,
1217	.sendpage	= sock_no_sendpage,
1218};
1219
1220static struct proto qrtr_proto = {
1221	.name		= "QIPCRTR",
1222	.owner		= THIS_MODULE,
1223	.obj_size	= sizeof(struct qrtr_sock),
1224};
1225
1226static int qrtr_create(struct net *net, struct socket *sock,
1227		       int protocol, int kern)
1228{
1229	struct qrtr_sock *ipc;
1230	struct sock *sk;
1231
1232	if (sock->type != SOCK_DGRAM)
1233		return -EPROTOTYPE;
1234
1235	sk = sk_alloc(net, AF_QIPCRTR, GFP_KERNEL, &qrtr_proto, kern);
1236	if (!sk)
1237		return -ENOMEM;
1238
1239	sock_set_flag(sk, SOCK_ZAPPED);
1240
1241	sock_init_data(sock, sk);
1242	sock->ops = &qrtr_proto_ops;
1243
1244	ipc = qrtr_sk(sk);
1245	ipc->us.sq_family = AF_QIPCRTR;
1246	ipc->us.sq_node = qrtr_local_nid;
1247	ipc->us.sq_port = 0;
1248
1249	return 0;
1250}
1251
1252static const struct net_proto_family qrtr_family = {
1253	.owner	= THIS_MODULE,
1254	.family	= AF_QIPCRTR,
1255	.create	= qrtr_create,
1256};
1257
1258static int __init qrtr_proto_init(void)
1259{
1260	int rc;
1261
1262	rc = proto_register(&qrtr_proto, 1);
1263	if (rc)
1264		return rc;
1265
1266	rc = sock_register(&qrtr_family);
1267	if (rc) {
1268		proto_unregister(&qrtr_proto);
1269		return rc;
1270	}
1271
1272	qrtr_ns_init();
1273
1274	return rc;
1275}
1276postcore_initcall(qrtr_proto_init);
1277
1278static void __exit qrtr_proto_fini(void)
1279{
1280	qrtr_ns_remove();
1281	sock_unregister(qrtr_family.family);
1282	proto_unregister(&qrtr_proto);
1283}
1284module_exit(qrtr_proto_fini);
1285
1286MODULE_DESCRIPTION("Qualcomm IPC-router driver");
1287MODULE_LICENSE("GPL v2");
1288MODULE_ALIAS_NETPROTO(PF_QIPCRTR);
Configure Feed

Configure Feed
