search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
netfilter: nfnetlink_{log,queue}: fix information leaks in netlink message
[linux/fpc-iii.git] / net / batman-adv / icmp_socket.c
blobb27508b8085cd84727bf89c434b0b56adcdcd87f
1 /* Copyright (C) 2007-2013 B.A.T.M.A.N. contributors:
2 *
3 * Marek Lindner
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of version 2 of the GNU General Public
7 * License as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA
18 */
19
20 #include "main.h"
21 #include <linux/debugfs.h>
22 #include <linux/slab.h>
23 #include "icmp_socket.h"
24 #include "send.h"
25 #include "hash.h"
26 #include "originator.h"
27 #include "hard-interface.h"
28
29 static struct batadv_socket_client *batadv_socket_client_hash[256];
30
31 static void batadv_socket_add_packet(struct batadv_socket_client *socket_client,
32 struct batadv_icmp_packet_rr *icmp_packet,
33 size_t icmp_len);
34
35 void batadv_socket_init(void)
36 {
37 memset(batadv_socket_client_hash, 0, sizeof(batadv_socket_client_hash));
38 }
39
40 static int batadv_socket_open(struct inode *inode, struct file *file)
41 {
42 unsigned int i;
43 struct batadv_socket_client *socket_client;
44
45 if (!try_module_get(THIS_MODULE))
46 return -EBUSY;
47
48 nonseekable_open(inode, file);
49
50 socket_client = kmalloc(sizeof(*socket_client), GFP_KERNEL);
51 if (!socket_client) {
52 module_put(THIS_MODULE);
53 return -ENOMEM;
54 }
55
56 for (i = 0; i < ARRAY_SIZE(batadv_socket_client_hash); i++) {
57 if (!batadv_socket_client_hash[i]) {
58 batadv_socket_client_hash[i] = socket_client;
59 break;
60 }
61 }
62
63 if (i == ARRAY_SIZE(batadv_socket_client_hash)) {
64 pr_err("Error - can't add another packet client: maximum number of clients reached\n");
65 kfree(socket_client);
66 module_put(THIS_MODULE);
67 return -EXFULL;
68 }
69
70 INIT_LIST_HEAD(&socket_client->queue_list);
71 socket_client->queue_len = 0;
72 socket_client->index = i;
73 socket_client->bat_priv = inode->i_private;
74 spin_lock_init(&socket_client->lock);
75 init_waitqueue_head(&socket_client->queue_wait);
76
77 file->private_data = socket_client;
78
79 return 0;
80 }
81
82 static int batadv_socket_release(struct inode *inode, struct file *file)
83 {
84 struct batadv_socket_client *socket_client = file->private_data;
85 struct batadv_socket_packet *socket_packet;
86 struct list_head *list_pos, *list_pos_tmp;
87
88 spin_lock_bh(&socket_client->lock);
89
90 /* for all packets in the queue ... */
91 list_for_each_safe(list_pos, list_pos_tmp, &socket_client->queue_list) {
92 socket_packet = list_entry(list_pos,
93 struct batadv_socket_packet, list);
94
95 list_del(list_pos);
96 kfree(socket_packet);
97 }
98
99 batadv_socket_client_hash[socket_client->index] = NULL;
100 spin_unlock_bh(&socket_client->lock);
101
102 kfree(socket_client);
103 module_put(THIS_MODULE);
104
105 return 0;
106 }
107
108 static ssize_t batadv_socket_read(struct file *file, char __user *buf,
109 size_t count, loff_t *ppos)
110 {
111 struct batadv_socket_client *socket_client = file->private_data;
112 struct batadv_socket_packet *socket_packet;
113 size_t packet_len;
114 int error;
115
116 if ((file->f_flags & O_NONBLOCK) && (socket_client->queue_len == 0))
117 return -EAGAIN;
118
119 if ((!buf) || (count < sizeof(struct batadv_icmp_packet)))
120 return -EINVAL;
121
122 if (!access_ok(VERIFY_WRITE, buf, count))
123 return -EFAULT;
124
125 error = wait_event_interruptible(socket_client->queue_wait,
126 socket_client->queue_len);
127
128 if (error)
129 return error;
130
131 spin_lock_bh(&socket_client->lock);
132
133 socket_packet = list_first_entry(&socket_client->queue_list,
134 struct batadv_socket_packet, list);
135 list_del(&socket_packet->list);
136 socket_client->queue_len--;
137
138 spin_unlock_bh(&socket_client->lock);
139
140 packet_len = min(count, socket_packet->icmp_len);
141 error = copy_to_user(buf, &socket_packet->icmp_packet, packet_len);
142
143 kfree(socket_packet);
144
145 if (error)
146 return -EFAULT;
147
148 return packet_len;
149 }
150
151 static ssize_t batadv_socket_write(struct file *file, const char __user *buff,
152 size_t len, loff_t *off)
153 {
154 struct batadv_socket_client *socket_client = file->private_data;
155 struct batadv_priv *bat_priv = socket_client->bat_priv;
156 struct batadv_hard_iface *primary_if = NULL;
157 struct sk_buff *skb;
158 struct batadv_icmp_packet_rr *icmp_packet;
159
160 struct batadv_orig_node *orig_node = NULL;
161 struct batadv_neigh_node *neigh_node = NULL;
162 size_t packet_len = sizeof(struct batadv_icmp_packet);
163
164 if (len < sizeof(struct batadv_icmp_packet)) {
165 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
166 "Error - can't send packet from char device: invalid packet size\n");
167 return -EINVAL;
168 }
169
170 primary_if = batadv_primary_if_get_selected(bat_priv);
171
172 if (!primary_if) {
173 len = -EFAULT;
174 goto out;
175 }
176
177 if (len >= sizeof(struct batadv_icmp_packet_rr))
178 packet_len = sizeof(struct batadv_icmp_packet_rr);
179
180 skb = netdev_alloc_skb_ip_align(NULL, packet_len + ETH_HLEN);
181 if (!skb) {
182 len = -ENOMEM;
183 goto out;
184 }
185
186 skb_reserve(skb, ETH_HLEN);
187 icmp_packet = (struct batadv_icmp_packet_rr *)skb_put(skb, packet_len);
188
189 if (copy_from_user(icmp_packet, buff, packet_len)) {
190 len = -EFAULT;
191 goto free_skb;
192 }
193
194 if (icmp_packet->header.packet_type != BATADV_ICMP) {
195 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
196 "Error - can't send packet from char device: got bogus packet type (expected: BAT_ICMP)\n");
197 len = -EINVAL;
198 goto free_skb;
199 }
200
201 if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) {
202 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
203 "Error - can't send packet from char device: got bogus message type (expected: ECHO_REQUEST)\n");
204 len = -EINVAL;
205 goto free_skb;
206 }
207
208 icmp_packet->uid = socket_client->index;
209
210 if (icmp_packet->header.version != BATADV_COMPAT_VERSION) {
211 icmp_packet->msg_type = BATADV_PARAMETER_PROBLEM;
212 icmp_packet->header.version = BATADV_COMPAT_VERSION;
213 batadv_socket_add_packet(socket_client, icmp_packet,
214 packet_len);
215 goto free_skb;
216 }
217
218 if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE)
219 goto dst_unreach;
220
221 orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->dst);
222 if (!orig_node)
223 goto dst_unreach;
224
225 neigh_node = batadv_orig_node_get_router(orig_node);
226 if (!neigh_node)
227 goto dst_unreach;
228
229 if (!neigh_node->if_incoming)
230 goto dst_unreach;
231
232 if (neigh_node->if_incoming->if_status != BATADV_IF_ACTIVE)
233 goto dst_unreach;
234
235 memcpy(icmp_packet->orig,
236 primary_if->net_dev->dev_addr, ETH_ALEN);
237
238 if (packet_len == sizeof(struct batadv_icmp_packet_rr))
239 memcpy(icmp_packet->rr,
240 neigh_node->if_incoming->net_dev->dev_addr, ETH_ALEN);
241
242 batadv_send_skb_packet(skb, neigh_node->if_incoming, neigh_node->addr);
243 goto out;
244
245 dst_unreach:
246 icmp_packet->msg_type = BATADV_DESTINATION_UNREACHABLE;
247 batadv_socket_add_packet(socket_client, icmp_packet, packet_len);
248 free_skb:
249 kfree_skb(skb);
250 out:
251 if (primary_if)
252 batadv_hardif_free_ref(primary_if);
253 if (neigh_node)
254 batadv_neigh_node_free_ref(neigh_node);
255 if (orig_node)
256 batadv_orig_node_free_ref(orig_node);
257 return len;
258 }
259
260 static unsigned int batadv_socket_poll(struct file *file, poll_table *wait)
261 {
262 struct batadv_socket_client *socket_client = file->private_data;
263
264 poll_wait(file, &socket_client->queue_wait, wait);
265
266 if (socket_client->queue_len > 0)
267 return POLLIN | POLLRDNORM;
268
269 return 0;
270 }
271
272 static const struct file_operations batadv_fops = {
273 .owner = THIS_MODULE,
274 .open = batadv_socket_open,
275 .release = batadv_socket_release,
276 .read = batadv_socket_read,
277 .write = batadv_socket_write,
278 .poll = batadv_socket_poll,
279 .llseek = no_llseek,
280 };
281
282 int batadv_socket_setup(struct batadv_priv *bat_priv)
283 {
284 struct dentry *d;
285
286 if (!bat_priv->debug_dir)
287 goto err;
288
289 d = debugfs_create_file(BATADV_ICMP_SOCKET, S_IFREG | S_IWUSR | S_IRUSR,
290 bat_priv->debug_dir, bat_priv, &batadv_fops);
291 if (!d)
292 goto err;
293
294 return 0;
295
296 err:
297 return -ENOMEM;
298 }
299
300 static void batadv_socket_add_packet(struct batadv_socket_client *socket_client,
301 struct batadv_icmp_packet_rr *icmp_packet,
302 size_t icmp_len)
303 {
304 struct batadv_socket_packet *socket_packet;
305
306 socket_packet = kmalloc(sizeof(*socket_packet), GFP_ATOMIC);
307
308 if (!socket_packet)
309 return;
310
311 INIT_LIST_HEAD(&socket_packet->list);
312 memcpy(&socket_packet->icmp_packet, icmp_packet, icmp_len);
313 socket_packet->icmp_len = icmp_len;
314
315 spin_lock_bh(&socket_client->lock);
316
317 /* while waiting for the lock the socket_client could have been
318 * deleted
319 */
320 if (!batadv_socket_client_hash[icmp_packet->uid]) {
321 spin_unlock_bh(&socket_client->lock);
322 kfree(socket_packet);
323 return;
324 }
325
326 list_add_tail(&socket_packet->list, &socket_client->queue_list);
327 socket_client->queue_len++;
328
329 if (socket_client->queue_len > 100) {
330 socket_packet = list_first_entry(&socket_client->queue_list,
331 struct batadv_socket_packet,
332 list);
333
334 list_del(&socket_packet->list);
335 kfree(socket_packet);
336 socket_client->queue_len--;
337 }
338
339 spin_unlock_bh(&socket_client->lock);
340
341 wake_up(&socket_client->queue_wait);
342 }
343
344 void batadv_socket_receive_packet(struct batadv_icmp_packet_rr *icmp_packet,
345 size_t icmp_len)
346 {
347 struct batadv_socket_client *hash;
348
349 hash = batadv_socket_client_hash[icmp_packet->uid];
350 if (hash)
351 batadv_socket_add_packet(hash, icmp_packet, icmp_len);
352 }
Linux with added FPC-III support