Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / scsi / scsi_netlink.c
blobc77628afbf9f3e4dbb53c76e6ccf30b054b0f28a
1 /*
2 * scsi_netlink.c - SCSI Transport Netlink Interface
4 * Copyright (C) 2006 James Smart, Emulex Corporation
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #include <linux/time.h>
22 #include <linux/jiffies.h>
23 #include <linux/security.h>
24 #include <linux/delay.h>
25 #include <linux/slab.h>
26 #include <linux/export.h>
27 #include <net/sock.h>
28 #include <net/netlink.h>
30 #include <scsi/scsi_netlink.h>
31 #include "scsi_priv.h"
33 struct sock *scsi_nl_sock = NULL;
34 EXPORT_SYMBOL_GPL(scsi_nl_sock);
36 static DEFINE_SPINLOCK(scsi_nl_lock);
37 static struct list_head scsi_nl_drivers;
39 static u32 scsi_nl_state;
40 #define STATE_EHANDLER_BSY 0x00000001
42 struct scsi_nl_transport {
43 int (*msg_handler)(struct sk_buff *);
44 void (*event_handler)(struct notifier_block *, unsigned long, void *);
45 unsigned int refcnt;
46 int flags;
49 /* flags values (bit flags) */
50 #define HANDLER_DELETING 0x1
52 static struct scsi_nl_transport transports[SCSI_NL_MAX_TRANSPORTS] =
53 { {NULL, }, };
56 struct scsi_nl_drvr {
57 struct list_head next;
58 int (*dmsg_handler)(struct Scsi_Host *shost, void *payload,
59 u32 len, u32 pid);
60 void (*devt_handler)(struct notifier_block *nb,
61 unsigned long event, void *notify_ptr);
62 struct scsi_host_template *hostt;
63 u64 vendor_id;
64 unsigned int refcnt;
65 int flags;
70 /**
71 * scsi_nl_rcv_msg - Receive message handler.
72 * @skb: socket receive buffer
74 * Description: Extracts message from a receive buffer.
75 * Validates message header and calls appropriate transport message handler
78 **/
79 static void
80 scsi_nl_rcv_msg(struct sk_buff *skb)
82 struct nlmsghdr *nlh;
83 struct scsi_nl_hdr *hdr;
84 unsigned long flags;
85 u32 rlen;
86 int err, tport;
88 while (skb->len >= NLMSG_SPACE(0)) {
89 err = 0;
91 nlh = nlmsg_hdr(skb);
92 if ((nlh->nlmsg_len < (sizeof(*nlh) + sizeof(*hdr))) ||
93 (skb->len < nlh->nlmsg_len)) {
94 printk(KERN_WARNING "%s: discarding partial skb\n",
95 __func__);
96 return;
99 rlen = NLMSG_ALIGN(nlh->nlmsg_len);
100 if (rlen > skb->len)
101 rlen = skb->len;
103 if (nlh->nlmsg_type != SCSI_TRANSPORT_MSG) {
104 err = -EBADMSG;
105 goto next_msg;
108 hdr = NLMSG_DATA(nlh);
109 if ((hdr->version != SCSI_NL_VERSION) ||
110 (hdr->magic != SCSI_NL_MAGIC)) {
111 err = -EPROTOTYPE;
112 goto next_msg;
115 if (!capable(CAP_SYS_ADMIN)) {
116 err = -EPERM;
117 goto next_msg;
120 if (nlh->nlmsg_len < (sizeof(*nlh) + hdr->msglen)) {
121 printk(KERN_WARNING "%s: discarding partial message\n",
122 __func__);
123 goto next_msg;
127 * Deliver message to the appropriate transport
129 spin_lock_irqsave(&scsi_nl_lock, flags);
131 tport = hdr->transport;
132 if ((tport < SCSI_NL_MAX_TRANSPORTS) &&
133 !(transports[tport].flags & HANDLER_DELETING) &&
134 (transports[tport].msg_handler)) {
135 transports[tport].refcnt++;
136 spin_unlock_irqrestore(&scsi_nl_lock, flags);
137 err = transports[tport].msg_handler(skb);
138 spin_lock_irqsave(&scsi_nl_lock, flags);
139 transports[tport].refcnt--;
140 } else
141 err = -ENOENT;
143 spin_unlock_irqrestore(&scsi_nl_lock, flags);
145 next_msg:
146 if ((err) || (nlh->nlmsg_flags & NLM_F_ACK))
147 netlink_ack(skb, nlh, err);
149 skb_pull(skb, rlen);
155 * scsi_nl_rcv_event - Event handler for a netlink socket.
156 * @this: event notifier block
157 * @event: event type
158 * @ptr: event payload
161 static int
162 scsi_nl_rcv_event(struct notifier_block *this, unsigned long event, void *ptr)
164 struct netlink_notify *n = ptr;
165 struct scsi_nl_drvr *driver;
166 unsigned long flags;
167 int tport;
169 if (n->protocol != NETLINK_SCSITRANSPORT)
170 return NOTIFY_DONE;
172 spin_lock_irqsave(&scsi_nl_lock, flags);
173 scsi_nl_state |= STATE_EHANDLER_BSY;
176 * Pass event on to any transports that may be listening
178 for (tport = 0; tport < SCSI_NL_MAX_TRANSPORTS; tport++) {
179 if (!(transports[tport].flags & HANDLER_DELETING) &&
180 (transports[tport].event_handler)) {
181 spin_unlock_irqrestore(&scsi_nl_lock, flags);
182 transports[tport].event_handler(this, event, ptr);
183 spin_lock_irqsave(&scsi_nl_lock, flags);
188 * Pass event on to any drivers that may be listening
190 list_for_each_entry(driver, &scsi_nl_drivers, next) {
191 if (!(driver->flags & HANDLER_DELETING) &&
192 (driver->devt_handler)) {
193 spin_unlock_irqrestore(&scsi_nl_lock, flags);
194 driver->devt_handler(this, event, ptr);
195 spin_lock_irqsave(&scsi_nl_lock, flags);
199 scsi_nl_state &= ~STATE_EHANDLER_BSY;
200 spin_unlock_irqrestore(&scsi_nl_lock, flags);
202 return NOTIFY_DONE;
205 static struct notifier_block scsi_netlink_notifier = {
206 .notifier_call = scsi_nl_rcv_event,
211 * GENERIC SCSI transport receive and event handlers
215 * scsi_generic_msg_handler - receive message handler for GENERIC transport messages
216 * @skb: socket receive buffer
218 static int
219 scsi_generic_msg_handler(struct sk_buff *skb)
221 struct nlmsghdr *nlh = nlmsg_hdr(skb);
222 struct scsi_nl_hdr *snlh = NLMSG_DATA(nlh);
223 struct scsi_nl_drvr *driver;
224 struct Scsi_Host *shost;
225 unsigned long flags;
226 int err = 0, match, pid;
228 pid = NETLINK_CREDS(skb)->pid;
230 switch (snlh->msgtype) {
231 case SCSI_NL_SHOST_VENDOR:
233 struct scsi_nl_host_vendor_msg *msg = NLMSG_DATA(nlh);
235 /* Locate the driver that corresponds to the message */
236 spin_lock_irqsave(&scsi_nl_lock, flags);
237 match = 0;
238 list_for_each_entry(driver, &scsi_nl_drivers, next) {
239 if (driver->vendor_id == msg->vendor_id) {
240 match = 1;
241 break;
245 if ((!match) || (!driver->dmsg_handler)) {
246 spin_unlock_irqrestore(&scsi_nl_lock, flags);
247 err = -ESRCH;
248 goto rcv_exit;
251 if (driver->flags & HANDLER_DELETING) {
252 spin_unlock_irqrestore(&scsi_nl_lock, flags);
253 err = -ESHUTDOWN;
254 goto rcv_exit;
257 driver->refcnt++;
258 spin_unlock_irqrestore(&scsi_nl_lock, flags);
261 /* if successful, scsi_host_lookup takes a shost reference */
262 shost = scsi_host_lookup(msg->host_no);
263 if (!shost) {
264 err = -ENODEV;
265 goto driver_exit;
268 /* is this host owned by the vendor ? */
269 if (shost->hostt != driver->hostt) {
270 err = -EINVAL;
271 goto vendormsg_put;
274 /* pass message on to the driver */
275 err = driver->dmsg_handler(shost, (void *)&msg[1],
276 msg->vmsg_datalen, pid);
278 vendormsg_put:
279 /* release reference by scsi_host_lookup */
280 scsi_host_put(shost);
282 driver_exit:
283 /* release our own reference on the registration object */
284 spin_lock_irqsave(&scsi_nl_lock, flags);
285 driver->refcnt--;
286 spin_unlock_irqrestore(&scsi_nl_lock, flags);
287 break;
290 default:
291 err = -EBADR;
292 break;
295 rcv_exit:
296 if (err)
297 printk(KERN_WARNING "%s: Msgtype %d failed - err %d\n",
298 __func__, snlh->msgtype, err);
299 return err;
304 * scsi_nl_add_transport -
305 * Registers message and event handlers for a transport. Enables
306 * receipt of netlink messages and events to a transport.
308 * @tport: transport registering handlers
309 * @msg_handler: receive message handler callback
310 * @event_handler: receive event handler callback
313 scsi_nl_add_transport(u8 tport,
314 int (*msg_handler)(struct sk_buff *),
315 void (*event_handler)(struct notifier_block *, unsigned long, void *))
317 unsigned long flags;
318 int err = 0;
320 if (tport >= SCSI_NL_MAX_TRANSPORTS)
321 return -EINVAL;
323 spin_lock_irqsave(&scsi_nl_lock, flags);
325 if (scsi_nl_state & STATE_EHANDLER_BSY) {
326 spin_unlock_irqrestore(&scsi_nl_lock, flags);
327 msleep(1);
328 spin_lock_irqsave(&scsi_nl_lock, flags);
331 if (transports[tport].msg_handler || transports[tport].event_handler) {
332 err = -EALREADY;
333 goto register_out;
336 transports[tport].msg_handler = msg_handler;
337 transports[tport].event_handler = event_handler;
338 transports[tport].flags = 0;
339 transports[tport].refcnt = 0;
341 register_out:
342 spin_unlock_irqrestore(&scsi_nl_lock, flags);
344 return err;
346 EXPORT_SYMBOL_GPL(scsi_nl_add_transport);
350 * scsi_nl_remove_transport -
351 * Disable transport receiption of messages and events
353 * @tport: transport deregistering handlers
356 void
357 scsi_nl_remove_transport(u8 tport)
359 unsigned long flags;
361 spin_lock_irqsave(&scsi_nl_lock, flags);
362 if (scsi_nl_state & STATE_EHANDLER_BSY) {
363 spin_unlock_irqrestore(&scsi_nl_lock, flags);
364 msleep(1);
365 spin_lock_irqsave(&scsi_nl_lock, flags);
368 if (tport < SCSI_NL_MAX_TRANSPORTS) {
369 transports[tport].flags |= HANDLER_DELETING;
371 while (transports[tport].refcnt != 0) {
372 spin_unlock_irqrestore(&scsi_nl_lock, flags);
373 schedule_timeout_uninterruptible(HZ/4);
374 spin_lock_irqsave(&scsi_nl_lock, flags);
376 transports[tport].msg_handler = NULL;
377 transports[tport].event_handler = NULL;
378 transports[tport].flags = 0;
381 spin_unlock_irqrestore(&scsi_nl_lock, flags);
383 return;
385 EXPORT_SYMBOL_GPL(scsi_nl_remove_transport);
389 * scsi_nl_add_driver -
390 * A driver is registering its interfaces for SCSI netlink messages
392 * @vendor_id: A unique identification value for the driver.
393 * @hostt: address of the driver's host template. Used
394 * to verify an shost is bound to the driver
395 * @nlmsg_handler: receive message handler callback
396 * @nlevt_handler: receive event handler callback
398 * Returns:
399 * 0 on Success
400 * error result otherwise
403 scsi_nl_add_driver(u64 vendor_id, struct scsi_host_template *hostt,
404 int (*nlmsg_handler)(struct Scsi_Host *shost, void *payload,
405 u32 len, u32 pid),
406 void (*nlevt_handler)(struct notifier_block *nb,
407 unsigned long event, void *notify_ptr))
409 struct scsi_nl_drvr *driver;
410 unsigned long flags;
412 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
413 if (unlikely(!driver)) {
414 printk(KERN_ERR "%s: allocation failure\n", __func__);
415 return -ENOMEM;
418 driver->dmsg_handler = nlmsg_handler;
419 driver->devt_handler = nlevt_handler;
420 driver->hostt = hostt;
421 driver->vendor_id = vendor_id;
423 spin_lock_irqsave(&scsi_nl_lock, flags);
424 if (scsi_nl_state & STATE_EHANDLER_BSY) {
425 spin_unlock_irqrestore(&scsi_nl_lock, flags);
426 msleep(1);
427 spin_lock_irqsave(&scsi_nl_lock, flags);
429 list_add_tail(&driver->next, &scsi_nl_drivers);
430 spin_unlock_irqrestore(&scsi_nl_lock, flags);
432 return 0;
434 EXPORT_SYMBOL_GPL(scsi_nl_add_driver);
438 * scsi_nl_remove_driver -
439 * An driver is unregistering with the SCSI netlink messages
441 * @vendor_id: The unique identification value for the driver.
443 void
444 scsi_nl_remove_driver(u64 vendor_id)
446 struct scsi_nl_drvr *driver;
447 unsigned long flags;
449 spin_lock_irqsave(&scsi_nl_lock, flags);
450 if (scsi_nl_state & STATE_EHANDLER_BSY) {
451 spin_unlock_irqrestore(&scsi_nl_lock, flags);
452 msleep(1);
453 spin_lock_irqsave(&scsi_nl_lock, flags);
456 list_for_each_entry(driver, &scsi_nl_drivers, next) {
457 if (driver->vendor_id == vendor_id) {
458 driver->flags |= HANDLER_DELETING;
459 while (driver->refcnt != 0) {
460 spin_unlock_irqrestore(&scsi_nl_lock, flags);
461 schedule_timeout_uninterruptible(HZ/4);
462 spin_lock_irqsave(&scsi_nl_lock, flags);
464 list_del(&driver->next);
465 kfree(driver);
466 spin_unlock_irqrestore(&scsi_nl_lock, flags);
467 return;
471 spin_unlock_irqrestore(&scsi_nl_lock, flags);
473 printk(KERN_ERR "%s: removal of driver failed - vendor_id 0x%llx\n",
474 __func__, (unsigned long long)vendor_id);
475 return;
477 EXPORT_SYMBOL_GPL(scsi_nl_remove_driver);
481 * scsi_netlink_init - Called by SCSI subsystem to initialize
482 * the SCSI transport netlink interface
485 void
486 scsi_netlink_init(void)
488 int error;
490 INIT_LIST_HEAD(&scsi_nl_drivers);
492 error = netlink_register_notifier(&scsi_netlink_notifier);
493 if (error) {
494 printk(KERN_ERR "%s: register of event handler failed - %d\n",
495 __func__, error);
496 return;
499 scsi_nl_sock = netlink_kernel_create(&init_net, NETLINK_SCSITRANSPORT,
500 SCSI_NL_GRP_CNT, scsi_nl_rcv_msg, NULL,
501 THIS_MODULE);
502 if (!scsi_nl_sock) {
503 printk(KERN_ERR "%s: register of receive handler failed\n",
504 __func__);
505 netlink_unregister_notifier(&scsi_netlink_notifier);
506 return;
509 /* Register the entry points for the generic SCSI transport */
510 error = scsi_nl_add_transport(SCSI_NL_TRANSPORT,
511 scsi_generic_msg_handler, NULL);
512 if (error)
513 printk(KERN_ERR "%s: register of GENERIC transport handler"
514 " failed - %d\n", __func__, error);
515 return;
520 * scsi_netlink_exit - Called by SCSI subsystem to disable the SCSI transport netlink interface
523 void
524 scsi_netlink_exit(void)
526 scsi_nl_remove_transport(SCSI_NL_TRANSPORT);
528 if (scsi_nl_sock) {
529 netlink_kernel_release(scsi_nl_sock);
530 netlink_unregister_notifier(&scsi_netlink_notifier);
533 return;
538 * Exported Interfaces
542 * scsi_nl_send_transport_msg -
543 * Generic function to send a single message from a SCSI transport to
544 * a single process
546 * @pid: receiving pid
547 * @hdr: message payload
550 void
551 scsi_nl_send_transport_msg(u32 pid, struct scsi_nl_hdr *hdr)
553 struct sk_buff *skb;
554 struct nlmsghdr *nlh;
555 const char *fn;
556 char *datab;
557 u32 len, skblen;
558 int err;
560 if (!scsi_nl_sock) {
561 err = -ENOENT;
562 fn = "netlink socket";
563 goto msg_fail;
566 len = NLMSG_SPACE(hdr->msglen);
567 skblen = NLMSG_SPACE(len);
569 skb = alloc_skb(skblen, GFP_KERNEL);
570 if (!skb) {
571 err = -ENOBUFS;
572 fn = "alloc_skb";
573 goto msg_fail;
576 nlh = nlmsg_put(skb, pid, 0, SCSI_TRANSPORT_MSG, len - sizeof(*nlh), 0);
577 if (!nlh) {
578 err = -ENOBUFS;
579 fn = "nlmsg_put";
580 goto msg_fail_skb;
582 datab = NLMSG_DATA(nlh);
583 memcpy(datab, hdr, hdr->msglen);
585 err = nlmsg_unicast(scsi_nl_sock, skb, pid);
586 if (err < 0) {
587 fn = "nlmsg_unicast";
588 /* nlmsg_unicast already kfree_skb'd */
589 goto msg_fail;
592 return;
594 msg_fail_skb:
595 kfree_skb(skb);
596 msg_fail:
597 printk(KERN_WARNING
598 "%s: Dropped Message : pid %d Transport %d, msgtype x%x, "
599 "msglen %d: %s : err %d\n",
600 __func__, pid, hdr->transport, hdr->msgtype, hdr->msglen,
601 fn, err);
602 return;
604 EXPORT_SYMBOL_GPL(scsi_nl_send_transport_msg);
608 * scsi_nl_send_vendor_msg - called to send a shost vendor unique message
609 * to a specific process id.
611 * @pid: process id of the receiver
612 * @host_no: host # sending the message
613 * @vendor_id: unique identifier for the driver's vendor
614 * @data_len: amount, in bytes, of vendor unique payload data
615 * @data_buf: pointer to vendor unique data buffer
617 * Returns:
618 * 0 on successful return
619 * otherwise, failing error code
621 * Notes:
622 * This routine assumes no locks are held on entry.
625 scsi_nl_send_vendor_msg(u32 pid, unsigned short host_no, u64 vendor_id,
626 char *data_buf, u32 data_len)
628 struct sk_buff *skb;
629 struct nlmsghdr *nlh;
630 struct scsi_nl_host_vendor_msg *msg;
631 u32 len, skblen;
632 int err;
634 if (!scsi_nl_sock) {
635 err = -ENOENT;
636 goto send_vendor_fail;
639 len = SCSI_NL_MSGALIGN(sizeof(*msg) + data_len);
640 skblen = NLMSG_SPACE(len);
642 skb = alloc_skb(skblen, GFP_KERNEL);
643 if (!skb) {
644 err = -ENOBUFS;
645 goto send_vendor_fail;
648 nlh = nlmsg_put(skb, 0, 0, SCSI_TRANSPORT_MSG,
649 skblen - sizeof(*nlh), 0);
650 if (!nlh) {
651 err = -ENOBUFS;
652 goto send_vendor_fail_skb;
654 msg = NLMSG_DATA(nlh);
656 INIT_SCSI_NL_HDR(&msg->snlh, SCSI_NL_TRANSPORT,
657 SCSI_NL_SHOST_VENDOR, len);
658 msg->vendor_id = vendor_id;
659 msg->host_no = host_no;
660 msg->vmsg_datalen = data_len; /* bytes */
661 memcpy(&msg[1], data_buf, data_len);
663 err = nlmsg_unicast(scsi_nl_sock, skb, pid);
664 if (err)
665 /* nlmsg_multicast already kfree_skb'd */
666 goto send_vendor_fail;
668 return 0;
670 send_vendor_fail_skb:
671 kfree_skb(skb);
672 send_vendor_fail:
673 printk(KERN_WARNING
674 "%s: Dropped SCSI Msg : host %d vendor_unique - err %d\n",
675 __func__, host_no, err);
676 return err;
678 EXPORT_SYMBOL(scsi_nl_send_vendor_msg);