Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / can / slcan.c
blob3f1ebcc2cb831af2f09add75d793fd9b1d67f57b
1 /*
2 * slcan.c - serial line CAN interface driver (using tty line discipline)
4 * This file is derived from linux/drivers/net/slip.c
6 * slip.c Authors : Laurence Culhane <loz@holmes.demon.co.uk>
7 * Fred N. van Kempen <waltje@uwalt.nl.mugnet.org>
8 * slcan.c Author : Oliver Hartkopp <socketcan@hartkopp.net>
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the
12 * Free Software Foundation; either version 2 of the License, or (at your
13 * option) any later version.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307. You can also get it
23 * at http://www.gnu.org/licenses/gpl.html
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
36 * DAMAGE.
40 #include <linux/module.h>
41 #include <linux/moduleparam.h>
43 #include <asm/system.h>
44 #include <linux/uaccess.h>
45 #include <linux/bitops.h>
46 #include <linux/string.h>
47 #include <linux/tty.h>
48 #include <linux/errno.h>
49 #include <linux/netdevice.h>
50 #include <linux/skbuff.h>
51 #include <linux/rtnetlink.h>
52 #include <linux/if_arp.h>
53 #include <linux/if_ether.h>
54 #include <linux/sched.h>
55 #include <linux/delay.h>
56 #include <linux/init.h>
57 #include <linux/kernel.h>
58 #include <linux/can.h>
60 static __initdata const char banner[] =
61 KERN_INFO "slcan: serial line CAN interface driver\n";
63 MODULE_ALIAS_LDISC(N_SLCAN);
64 MODULE_DESCRIPTION("serial line CAN interface");
65 MODULE_LICENSE("GPL");
66 MODULE_AUTHOR("Oliver Hartkopp <socketcan@hartkopp.net>");
68 #define SLCAN_MAGIC 0x53CA
70 static int maxdev = 10; /* MAX number of SLCAN channels;
71 This can be overridden with
72 insmod slcan.ko maxdev=nnn */
73 module_param(maxdev, int, 0);
74 MODULE_PARM_DESC(maxdev, "Maximum number of slcan interfaces");
76 /* maximum rx buffer len: extended CAN frame with timestamp */
77 #define SLC_MTU (sizeof("T1111222281122334455667788EA5F\r")+1)
79 struct slcan {
80 int magic;
82 /* Various fields. */
83 struct tty_struct *tty; /* ptr to TTY structure */
84 struct net_device *dev; /* easy for intr handling */
85 spinlock_t lock;
87 /* These are pointers to the malloc()ed frame buffers. */
88 unsigned char rbuff[SLC_MTU]; /* receiver buffer */
89 int rcount; /* received chars counter */
90 unsigned char xbuff[SLC_MTU]; /* transmitter buffer */
91 unsigned char *xhead; /* pointer to next XMIT byte */
92 int xleft; /* bytes left in XMIT queue */
94 unsigned long flags; /* Flag values/ mode etc */
95 #define SLF_INUSE 0 /* Channel in use */
96 #define SLF_ERROR 1 /* Parity, etc. error */
99 static struct net_device **slcan_devs;
101 /************************************************************************
102 * SLCAN ENCAPSULATION FORMAT *
103 ************************************************************************/
106 * A CAN frame has a can_id (11 bit standard frame format OR 29 bit extended
107 * frame format) a data length code (can_dlc) which can be from 0 to 8
108 * and up to <can_dlc> data bytes as payload.
109 * Additionally a CAN frame may become a remote transmission frame if the
110 * RTR-bit is set. This causes another ECU to send a CAN frame with the
111 * given can_id.
113 * The SLCAN ASCII representation of these different frame types is:
114 * <type> <id> <dlc> <data>*
116 * Extended frames (29 bit) are defined by capital characters in the type.
117 * RTR frames are defined as 'r' types - normal frames have 't' type:
118 * t => 11 bit data frame
119 * r => 11 bit RTR frame
120 * T => 29 bit data frame
121 * R => 29 bit RTR frame
123 * The <id> is 3 (standard) or 8 (extended) bytes in ASCII Hex (base64).
124 * The <dlc> is a one byte ASCII number ('0' - '8')
125 * The <data> section has at much ASCII Hex bytes as defined by the <dlc>
127 * Examples:
129 * t1230 : can_id 0x123, can_dlc 0, no data
130 * t4563112233 : can_id 0x456, can_dlc 3, data 0x11 0x22 0x33
131 * T12ABCDEF2AA55 : extended can_id 0x12ABCDEF, can_dlc 2, data 0xAA 0x55
132 * r1230 : can_id 0x123, can_dlc 0, no data, remote transmission request
136 /************************************************************************
137 * STANDARD SLCAN DECAPSULATION *
138 ************************************************************************/
140 /* Send one completely decapsulated can_frame to the network layer */
141 static void slc_bump(struct slcan *sl)
143 struct sk_buff *skb;
144 struct can_frame cf;
145 int i, dlc_pos, tmp;
146 unsigned long ultmp;
147 char cmd = sl->rbuff[0];
149 if ((cmd != 't') && (cmd != 'T') && (cmd != 'r') && (cmd != 'R'))
150 return;
152 if (cmd & 0x20) /* tiny chars 'r' 't' => standard frame format */
153 dlc_pos = 4; /* dlc position tiiid */
154 else
155 dlc_pos = 9; /* dlc position Tiiiiiiiid */
157 if (!((sl->rbuff[dlc_pos] >= '0') && (sl->rbuff[dlc_pos] < '9')))
158 return;
160 cf.can_dlc = sl->rbuff[dlc_pos] - '0'; /* get can_dlc from ASCII val */
162 sl->rbuff[dlc_pos] = 0; /* terminate can_id string */
164 if (strict_strtoul(sl->rbuff+1, 16, &ultmp))
165 return;
167 cf.can_id = ultmp;
169 if (!(cmd & 0x20)) /* NO tiny chars => extended frame format */
170 cf.can_id |= CAN_EFF_FLAG;
172 if ((cmd | 0x20) == 'r') /* RTR frame */
173 cf.can_id |= CAN_RTR_FLAG;
175 *(u64 *) (&cf.data) = 0; /* clear payload */
177 for (i = 0, dlc_pos++; i < cf.can_dlc; i++) {
178 tmp = hex_to_bin(sl->rbuff[dlc_pos++]);
179 if (tmp < 0)
180 return;
181 cf.data[i] = (tmp << 4);
182 tmp = hex_to_bin(sl->rbuff[dlc_pos++]);
183 if (tmp < 0)
184 return;
185 cf.data[i] |= tmp;
188 skb = dev_alloc_skb(sizeof(struct can_frame));
189 if (!skb)
190 return;
192 skb->dev = sl->dev;
193 skb->protocol = htons(ETH_P_CAN);
194 skb->pkt_type = PACKET_BROADCAST;
195 skb->ip_summed = CHECKSUM_UNNECESSARY;
196 memcpy(skb_put(skb, sizeof(struct can_frame)),
197 &cf, sizeof(struct can_frame));
198 netif_rx_ni(skb);
200 sl->dev->stats.rx_packets++;
201 sl->dev->stats.rx_bytes += cf.can_dlc;
204 /* parse tty input stream */
205 static void slcan_unesc(struct slcan *sl, unsigned char s)
208 if ((s == '\r') || (s == '\a')) { /* CR or BEL ends the pdu */
209 if (!test_and_clear_bit(SLF_ERROR, &sl->flags) &&
210 (sl->rcount > 4)) {
211 slc_bump(sl);
213 sl->rcount = 0;
214 } else {
215 if (!test_bit(SLF_ERROR, &sl->flags)) {
216 if (sl->rcount < SLC_MTU) {
217 sl->rbuff[sl->rcount++] = s;
218 return;
219 } else {
220 sl->dev->stats.rx_over_errors++;
221 set_bit(SLF_ERROR, &sl->flags);
227 /************************************************************************
228 * STANDARD SLCAN ENCAPSULATION *
229 ************************************************************************/
231 /* Encapsulate one can_frame and stuff into a TTY queue. */
232 static void slc_encaps(struct slcan *sl, struct can_frame *cf)
234 int actual, idx, i;
235 char cmd;
237 if (cf->can_id & CAN_RTR_FLAG)
238 cmd = 'R'; /* becomes 'r' in standard frame format */
239 else
240 cmd = 'T'; /* becomes 't' in standard frame format */
242 if (cf->can_id & CAN_EFF_FLAG)
243 sprintf(sl->xbuff, "%c%08X%d", cmd,
244 cf->can_id & CAN_EFF_MASK, cf->can_dlc);
245 else
246 sprintf(sl->xbuff, "%c%03X%d", cmd | 0x20,
247 cf->can_id & CAN_SFF_MASK, cf->can_dlc);
249 idx = strlen(sl->xbuff);
251 for (i = 0; i < cf->can_dlc; i++)
252 sprintf(&sl->xbuff[idx + 2*i], "%02X", cf->data[i]);
254 strcat(sl->xbuff, "\r"); /* add terminating character */
256 /* Order of next two lines is *very* important.
257 * When we are sending a little amount of data,
258 * the transfer may be completed inside the ops->write()
259 * routine, because it's running with interrupts enabled.
260 * In this case we *never* got WRITE_WAKEUP event,
261 * if we did not request it before write operation.
262 * 14 Oct 1994 Dmitry Gorodchanin.
264 set_bit(TTY_DO_WRITE_WAKEUP, &sl->tty->flags);
265 actual = sl->tty->ops->write(sl->tty, sl->xbuff, strlen(sl->xbuff));
266 sl->xleft = strlen(sl->xbuff) - actual;
267 sl->xhead = sl->xbuff + actual;
268 sl->dev->stats.tx_bytes += cf->can_dlc;
272 * Called by the driver when there's room for more data. If we have
273 * more packets to send, we send them here.
275 static void slcan_write_wakeup(struct tty_struct *tty)
277 int actual;
278 struct slcan *sl = (struct slcan *) tty->disc_data;
280 /* First make sure we're connected. */
281 if (!sl || sl->magic != SLCAN_MAGIC || !netif_running(sl->dev))
282 return;
284 if (sl->xleft <= 0) {
285 /* Now serial buffer is almost free & we can start
286 * transmission of another packet */
287 sl->dev->stats.tx_packets++;
288 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
289 netif_wake_queue(sl->dev);
290 return;
293 actual = tty->ops->write(tty, sl->xhead, sl->xleft);
294 sl->xleft -= actual;
295 sl->xhead += actual;
298 /* Send a can_frame to a TTY queue. */
299 static netdev_tx_t slc_xmit(struct sk_buff *skb, struct net_device *dev)
301 struct slcan *sl = netdev_priv(dev);
303 if (skb->len != sizeof(struct can_frame))
304 goto out;
306 spin_lock(&sl->lock);
307 if (!netif_running(dev)) {
308 spin_unlock(&sl->lock);
309 printk(KERN_WARNING "%s: xmit: iface is down\n", dev->name);
310 goto out;
312 if (sl->tty == NULL) {
313 spin_unlock(&sl->lock);
314 goto out;
317 netif_stop_queue(sl->dev);
318 slc_encaps(sl, (struct can_frame *) skb->data); /* encaps & send */
319 spin_unlock(&sl->lock);
321 out:
322 kfree_skb(skb);
323 return NETDEV_TX_OK;
327 /******************************************
328 * Routines looking at netdevice side.
329 ******************************************/
331 /* Netdevice UP -> DOWN routine */
332 static int slc_close(struct net_device *dev)
334 struct slcan *sl = netdev_priv(dev);
336 spin_lock_bh(&sl->lock);
337 if (sl->tty) {
338 /* TTY discipline is running. */
339 clear_bit(TTY_DO_WRITE_WAKEUP, &sl->tty->flags);
341 netif_stop_queue(dev);
342 sl->rcount = 0;
343 sl->xleft = 0;
344 spin_unlock_bh(&sl->lock);
346 return 0;
349 /* Netdevice DOWN -> UP routine */
350 static int slc_open(struct net_device *dev)
352 struct slcan *sl = netdev_priv(dev);
354 if (sl->tty == NULL)
355 return -ENODEV;
357 sl->flags &= (1 << SLF_INUSE);
358 netif_start_queue(dev);
359 return 0;
362 /* Hook the destructor so we can free slcan devs at the right point in time */
363 static void slc_free_netdev(struct net_device *dev)
365 int i = dev->base_addr;
366 free_netdev(dev);
367 slcan_devs[i] = NULL;
370 static const struct net_device_ops slc_netdev_ops = {
371 .ndo_open = slc_open,
372 .ndo_stop = slc_close,
373 .ndo_start_xmit = slc_xmit,
376 static void slc_setup(struct net_device *dev)
378 dev->netdev_ops = &slc_netdev_ops;
379 dev->destructor = slc_free_netdev;
381 dev->hard_header_len = 0;
382 dev->addr_len = 0;
383 dev->tx_queue_len = 10;
385 dev->mtu = sizeof(struct can_frame);
386 dev->type = ARPHRD_CAN;
388 /* New-style flags. */
389 dev->flags = IFF_NOARP;
390 dev->features = NETIF_F_HW_CSUM;
393 /******************************************
394 Routines looking at TTY side.
395 ******************************************/
398 * Handle the 'receiver data ready' interrupt.
399 * This function is called by the 'tty_io' module in the kernel when
400 * a block of SLCAN data has been received, which can now be decapsulated
401 * and sent on to some IP layer for further processing. This will not
402 * be re-entered while running but other ldisc functions may be called
403 * in parallel
406 static void slcan_receive_buf(struct tty_struct *tty,
407 const unsigned char *cp, char *fp, int count)
409 struct slcan *sl = (struct slcan *) tty->disc_data;
411 if (!sl || sl->magic != SLCAN_MAGIC || !netif_running(sl->dev))
412 return;
414 /* Read the characters out of the buffer */
415 while (count--) {
416 if (fp && *fp++) {
417 if (!test_and_set_bit(SLF_ERROR, &sl->flags))
418 sl->dev->stats.rx_errors++;
419 cp++;
420 continue;
422 slcan_unesc(sl, *cp++);
426 /************************************
427 * slcan_open helper routines.
428 ************************************/
430 /* Collect hanged up channels */
431 static void slc_sync(void)
433 int i;
434 struct net_device *dev;
435 struct slcan *sl;
437 for (i = 0; i < maxdev; i++) {
438 dev = slcan_devs[i];
439 if (dev == NULL)
440 break;
442 sl = netdev_priv(dev);
443 if (sl->tty)
444 continue;
445 if (dev->flags & IFF_UP)
446 dev_close(dev);
450 /* Find a free SLCAN channel, and link in this `tty' line. */
451 static struct slcan *slc_alloc(dev_t line)
453 int i;
454 char name[IFNAMSIZ];
455 struct net_device *dev = NULL;
456 struct slcan *sl;
458 for (i = 0; i < maxdev; i++) {
459 dev = slcan_devs[i];
460 if (dev == NULL)
461 break;
465 /* Sorry, too many, all slots in use */
466 if (i >= maxdev)
467 return NULL;
469 sprintf(name, "slcan%d", i);
470 dev = alloc_netdev(sizeof(*sl), name, slc_setup);
471 if (!dev)
472 return NULL;
474 dev->base_addr = i;
475 sl = netdev_priv(dev);
477 /* Initialize channel control data */
478 sl->magic = SLCAN_MAGIC;
479 sl->dev = dev;
480 spin_lock_init(&sl->lock);
481 slcan_devs[i] = dev;
483 return sl;
487 * Open the high-level part of the SLCAN channel.
488 * This function is called by the TTY module when the
489 * SLCAN line discipline is called for. Because we are
490 * sure the tty line exists, we only have to link it to
491 * a free SLCAN channel...
493 * Called in process context serialized from other ldisc calls.
496 static int slcan_open(struct tty_struct *tty)
498 struct slcan *sl;
499 int err;
501 if (!capable(CAP_NET_ADMIN))
502 return -EPERM;
504 if (tty->ops->write == NULL)
505 return -EOPNOTSUPP;
507 /* RTnetlink lock is misused here to serialize concurrent
508 opens of slcan channels. There are better ways, but it is
509 the simplest one.
511 rtnl_lock();
513 /* Collect hanged up channels. */
514 slc_sync();
516 sl = tty->disc_data;
518 err = -EEXIST;
519 /* First make sure we're not already connected. */
520 if (sl && sl->magic == SLCAN_MAGIC)
521 goto err_exit;
523 /* OK. Find a free SLCAN channel to use. */
524 err = -ENFILE;
525 sl = slc_alloc(tty_devnum(tty));
526 if (sl == NULL)
527 goto err_exit;
529 sl->tty = tty;
530 tty->disc_data = sl;
532 if (!test_bit(SLF_INUSE, &sl->flags)) {
533 /* Perform the low-level SLCAN initialization. */
534 sl->rcount = 0;
535 sl->xleft = 0;
537 set_bit(SLF_INUSE, &sl->flags);
539 err = register_netdevice(sl->dev);
540 if (err)
541 goto err_free_chan;
544 /* Done. We have linked the TTY line to a channel. */
545 rtnl_unlock();
546 tty->receive_room = 65536; /* We don't flow control */
548 /* TTY layer expects 0 on success */
549 return 0;
551 err_free_chan:
552 sl->tty = NULL;
553 tty->disc_data = NULL;
554 clear_bit(SLF_INUSE, &sl->flags);
556 err_exit:
557 rtnl_unlock();
559 /* Count references from TTY module */
560 return err;
564 * Close down a SLCAN channel.
565 * This means flushing out any pending queues, and then returning. This
566 * call is serialized against other ldisc functions.
568 * We also use this method for a hangup event.
571 static void slcan_close(struct tty_struct *tty)
573 struct slcan *sl = (struct slcan *) tty->disc_data;
575 /* First make sure we're connected. */
576 if (!sl || sl->magic != SLCAN_MAGIC || sl->tty != tty)
577 return;
579 tty->disc_data = NULL;
580 sl->tty = NULL;
582 /* Flush network side */
583 unregister_netdev(sl->dev);
584 /* This will complete via sl_free_netdev */
587 static int slcan_hangup(struct tty_struct *tty)
589 slcan_close(tty);
590 return 0;
593 /* Perform I/O control on an active SLCAN channel. */
594 static int slcan_ioctl(struct tty_struct *tty, struct file *file,
595 unsigned int cmd, unsigned long arg)
597 struct slcan *sl = (struct slcan *) tty->disc_data;
598 unsigned int tmp;
600 /* First make sure we're connected. */
601 if (!sl || sl->magic != SLCAN_MAGIC)
602 return -EINVAL;
604 switch (cmd) {
605 case SIOCGIFNAME:
606 tmp = strlen(sl->dev->name) + 1;
607 if (copy_to_user((void __user *)arg, sl->dev->name, tmp))
608 return -EFAULT;
609 return 0;
611 case SIOCSIFHWADDR:
612 return -EINVAL;
614 default:
615 return tty_mode_ioctl(tty, file, cmd, arg);
619 static struct tty_ldisc_ops slc_ldisc = {
620 .owner = THIS_MODULE,
621 .magic = TTY_LDISC_MAGIC,
622 .name = "slcan",
623 .open = slcan_open,
624 .close = slcan_close,
625 .hangup = slcan_hangup,
626 .ioctl = slcan_ioctl,
627 .receive_buf = slcan_receive_buf,
628 .write_wakeup = slcan_write_wakeup,
631 static int __init slcan_init(void)
633 int status;
635 if (maxdev < 4)
636 maxdev = 4; /* Sanity */
638 printk(banner);
639 printk(KERN_INFO "slcan: %d dynamic interface channels.\n", maxdev);
641 slcan_devs = kzalloc(sizeof(struct net_device *)*maxdev, GFP_KERNEL);
642 if (!slcan_devs) {
643 printk(KERN_ERR "slcan: can't allocate slcan device array!\n");
644 return -ENOMEM;
647 /* Fill in our line protocol discipline, and register it */
648 status = tty_register_ldisc(N_SLCAN, &slc_ldisc);
649 if (status) {
650 printk(KERN_ERR "slcan: can't register line discipline\n");
651 kfree(slcan_devs);
653 return status;
656 static void __exit slcan_exit(void)
658 int i;
659 struct net_device *dev;
660 struct slcan *sl;
661 unsigned long timeout = jiffies + HZ;
662 int busy = 0;
664 if (slcan_devs == NULL)
665 return;
667 /* First of all: check for active disciplines and hangup them.
669 do {
670 if (busy)
671 msleep_interruptible(100);
673 busy = 0;
674 for (i = 0; i < maxdev; i++) {
675 dev = slcan_devs[i];
676 if (!dev)
677 continue;
678 sl = netdev_priv(dev);
679 spin_lock_bh(&sl->lock);
680 if (sl->tty) {
681 busy++;
682 tty_hangup(sl->tty);
684 spin_unlock_bh(&sl->lock);
686 } while (busy && time_before(jiffies, timeout));
688 /* FIXME: hangup is async so we should wait when doing this second
689 phase */
691 for (i = 0; i < maxdev; i++) {
692 dev = slcan_devs[i];
693 if (!dev)
694 continue;
695 slcan_devs[i] = NULL;
697 sl = netdev_priv(dev);
698 if (sl->tty) {
699 printk(KERN_ERR "%s: tty discipline still running\n",
700 dev->name);
701 /* Intentionally leak the control block. */
702 dev->destructor = NULL;
705 unregister_netdev(dev);
708 kfree(slcan_devs);
709 slcan_devs = NULL;
711 i = tty_unregister_ldisc(N_SLCAN);
712 if (i)
713 printk(KERN_ERR "slcan: can't unregister ldisc (err %d)\n", i);
716 module_init(slcan_init);
717 module_exit(slcan_exit);