Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / can / raw.c
blobcde1b4a20f758fe8055f26a7f24b40f16767ae55
1 /*
2 * raw.c - Raw sockets for protocol family CAN
4 * Copyright (c) 2002-2007 Volkswagen Group Electronic Research
5 * All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of Volkswagen nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * Alternatively, provided that this notice is retained in full, this
20 * software may be distributed under the terms of the GNU General
21 * Public License ("GPL") version 2, in which case the provisions of the
22 * GPL apply INSTEAD OF those given above.
24 * The provided data structures and external interfaces from this code
25 * are not restricted to be used by modules with a GPL compatible license.
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
42 #include <linux/module.h>
43 #include <linux/init.h>
44 #include <linux/uio.h>
45 #include <linux/net.h>
46 #include <linux/slab.h>
47 #include <linux/netdevice.h>
48 #include <linux/socket.h>
49 #include <linux/if_arp.h>
50 #include <linux/skbuff.h>
51 #include <linux/can.h>
52 #include <linux/can/core.h>
53 #include <linux/can/raw.h>
54 #include <net/sock.h>
55 #include <net/net_namespace.h>
57 #define CAN_RAW_VERSION CAN_VERSION
58 static __initdata const char banner[] =
59 KERN_INFO "can: raw protocol (rev " CAN_RAW_VERSION ")\n";
61 MODULE_DESCRIPTION("PF_CAN raw protocol");
62 MODULE_LICENSE("Dual BSD/GPL");
63 MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
64 MODULE_ALIAS("can-proto-1");
66 #define MASK_ALL 0
69 * A raw socket has a list of can_filters attached to it, each receiving
70 * the CAN frames matching that filter. If the filter list is empty,
71 * no CAN frames will be received by the socket. The default after
72 * opening the socket, is to have one filter which receives all frames.
73 * The filter list is allocated dynamically with the exception of the
74 * list containing only one item. This common case is optimized by
75 * storing the single filter in dfilter, to avoid using dynamic memory.
78 struct raw_sock {
79 struct sock sk;
80 int bound;
81 int ifindex;
82 struct notifier_block notifier;
83 int loopback;
84 int recv_own_msgs;
85 int count; /* number of active filters */
86 struct can_filter dfilter; /* default/single filter */
87 struct can_filter *filter; /* pointer to filter(s) */
88 can_err_mask_t err_mask;
92 * Return pointer to store the extra msg flags for raw_recvmsg().
93 * We use the space of one unsigned int beyond the 'struct sockaddr_can'
94 * in skb->cb.
96 static inline unsigned int *raw_flags(struct sk_buff *skb)
98 BUILD_BUG_ON(sizeof(skb->cb) <= (sizeof(struct sockaddr_can) +
99 sizeof(unsigned int)));
101 /* return pointer after struct sockaddr_can */
102 return (unsigned int *)(&((struct sockaddr_can *)skb->cb)[1]);
105 static inline struct raw_sock *raw_sk(const struct sock *sk)
107 return (struct raw_sock *)sk;
110 static void raw_rcv(struct sk_buff *oskb, void *data)
112 struct sock *sk = (struct sock *)data;
113 struct raw_sock *ro = raw_sk(sk);
114 struct sockaddr_can *addr;
115 struct sk_buff *skb;
116 unsigned int *pflags;
118 /* check the received tx sock reference */
119 if (!ro->recv_own_msgs && oskb->sk == sk)
120 return;
122 /* clone the given skb to be able to enqueue it into the rcv queue */
123 skb = skb_clone(oskb, GFP_ATOMIC);
124 if (!skb)
125 return;
128 * Put the datagram to the queue so that raw_recvmsg() can
129 * get it from there. We need to pass the interface index to
130 * raw_recvmsg(). We pass a whole struct sockaddr_can in skb->cb
131 * containing the interface index.
134 BUILD_BUG_ON(sizeof(skb->cb) < sizeof(struct sockaddr_can));
135 addr = (struct sockaddr_can *)skb->cb;
136 memset(addr, 0, sizeof(*addr));
137 addr->can_family = AF_CAN;
138 addr->can_ifindex = skb->dev->ifindex;
140 /* add CAN specific message flags for raw_recvmsg() */
141 pflags = raw_flags(skb);
142 *pflags = 0;
143 if (oskb->sk)
144 *pflags |= MSG_DONTROUTE;
145 if (oskb->sk == sk)
146 *pflags |= MSG_CONFIRM;
148 if (sock_queue_rcv_skb(sk, skb) < 0)
149 kfree_skb(skb);
152 static int raw_enable_filters(struct net_device *dev, struct sock *sk,
153 struct can_filter *filter, int count)
155 int err = 0;
156 int i;
158 for (i = 0; i < count; i++) {
159 err = can_rx_register(dev, filter[i].can_id,
160 filter[i].can_mask,
161 raw_rcv, sk, "raw");
162 if (err) {
163 /* clean up successfully registered filters */
164 while (--i >= 0)
165 can_rx_unregister(dev, filter[i].can_id,
166 filter[i].can_mask,
167 raw_rcv, sk);
168 break;
172 return err;
175 static int raw_enable_errfilter(struct net_device *dev, struct sock *sk,
176 can_err_mask_t err_mask)
178 int err = 0;
180 if (err_mask)
181 err = can_rx_register(dev, 0, err_mask | CAN_ERR_FLAG,
182 raw_rcv, sk, "raw");
184 return err;
187 static void raw_disable_filters(struct net_device *dev, struct sock *sk,
188 struct can_filter *filter, int count)
190 int i;
192 for (i = 0; i < count; i++)
193 can_rx_unregister(dev, filter[i].can_id, filter[i].can_mask,
194 raw_rcv, sk);
197 static inline void raw_disable_errfilter(struct net_device *dev,
198 struct sock *sk,
199 can_err_mask_t err_mask)
202 if (err_mask)
203 can_rx_unregister(dev, 0, err_mask | CAN_ERR_FLAG,
204 raw_rcv, sk);
207 static inline void raw_disable_allfilters(struct net_device *dev,
208 struct sock *sk)
210 struct raw_sock *ro = raw_sk(sk);
212 raw_disable_filters(dev, sk, ro->filter, ro->count);
213 raw_disable_errfilter(dev, sk, ro->err_mask);
216 static int raw_enable_allfilters(struct net_device *dev, struct sock *sk)
218 struct raw_sock *ro = raw_sk(sk);
219 int err;
221 err = raw_enable_filters(dev, sk, ro->filter, ro->count);
222 if (!err) {
223 err = raw_enable_errfilter(dev, sk, ro->err_mask);
224 if (err)
225 raw_disable_filters(dev, sk, ro->filter, ro->count);
228 return err;
231 static int raw_notifier(struct notifier_block *nb,
232 unsigned long msg, void *data)
234 struct net_device *dev = (struct net_device *)data;
235 struct raw_sock *ro = container_of(nb, struct raw_sock, notifier);
236 struct sock *sk = &ro->sk;
238 if (!net_eq(dev_net(dev), &init_net))
239 return NOTIFY_DONE;
241 if (dev->type != ARPHRD_CAN)
242 return NOTIFY_DONE;
244 if (ro->ifindex != dev->ifindex)
245 return NOTIFY_DONE;
247 switch (msg) {
249 case NETDEV_UNREGISTER:
250 lock_sock(sk);
251 /* remove current filters & unregister */
252 if (ro->bound)
253 raw_disable_allfilters(dev, sk);
255 if (ro->count > 1)
256 kfree(ro->filter);
258 ro->ifindex = 0;
259 ro->bound = 0;
260 ro->count = 0;
261 release_sock(sk);
263 sk->sk_err = ENODEV;
264 if (!sock_flag(sk, SOCK_DEAD))
265 sk->sk_error_report(sk);
266 break;
268 case NETDEV_DOWN:
269 sk->sk_err = ENETDOWN;
270 if (!sock_flag(sk, SOCK_DEAD))
271 sk->sk_error_report(sk);
272 break;
275 return NOTIFY_DONE;
278 static int raw_init(struct sock *sk)
280 struct raw_sock *ro = raw_sk(sk);
282 ro->bound = 0;
283 ro->ifindex = 0;
285 /* set default filter to single entry dfilter */
286 ro->dfilter.can_id = 0;
287 ro->dfilter.can_mask = MASK_ALL;
288 ro->filter = &ro->dfilter;
289 ro->count = 1;
291 /* set default loopback behaviour */
292 ro->loopback = 1;
293 ro->recv_own_msgs = 0;
295 /* set notifier */
296 ro->notifier.notifier_call = raw_notifier;
298 register_netdevice_notifier(&ro->notifier);
300 return 0;
303 static int raw_release(struct socket *sock)
305 struct sock *sk = sock->sk;
306 struct raw_sock *ro;
308 if (!sk)
309 return 0;
311 ro = raw_sk(sk);
313 unregister_netdevice_notifier(&ro->notifier);
315 lock_sock(sk);
317 /* remove current filters & unregister */
318 if (ro->bound) {
319 if (ro->ifindex) {
320 struct net_device *dev;
322 dev = dev_get_by_index(&init_net, ro->ifindex);
323 if (dev) {
324 raw_disable_allfilters(dev, sk);
325 dev_put(dev);
327 } else
328 raw_disable_allfilters(NULL, sk);
331 if (ro->count > 1)
332 kfree(ro->filter);
334 ro->ifindex = 0;
335 ro->bound = 0;
336 ro->count = 0;
338 sock_orphan(sk);
339 sock->sk = NULL;
341 release_sock(sk);
342 sock_put(sk);
344 return 0;
347 static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len)
349 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
350 struct sock *sk = sock->sk;
351 struct raw_sock *ro = raw_sk(sk);
352 int ifindex;
353 int err = 0;
354 int notify_enetdown = 0;
356 if (len < sizeof(*addr))
357 return -EINVAL;
359 lock_sock(sk);
361 if (ro->bound && addr->can_ifindex == ro->ifindex)
362 goto out;
364 if (addr->can_ifindex) {
365 struct net_device *dev;
367 dev = dev_get_by_index(&init_net, addr->can_ifindex);
368 if (!dev) {
369 err = -ENODEV;
370 goto out;
372 if (dev->type != ARPHRD_CAN) {
373 dev_put(dev);
374 err = -ENODEV;
375 goto out;
377 if (!(dev->flags & IFF_UP))
378 notify_enetdown = 1;
380 ifindex = dev->ifindex;
382 /* filters set by default/setsockopt */
383 err = raw_enable_allfilters(dev, sk);
384 dev_put(dev);
385 } else {
386 ifindex = 0;
388 /* filters set by default/setsockopt */
389 err = raw_enable_allfilters(NULL, sk);
392 if (!err) {
393 if (ro->bound) {
394 /* unregister old filters */
395 if (ro->ifindex) {
396 struct net_device *dev;
398 dev = dev_get_by_index(&init_net, ro->ifindex);
399 if (dev) {
400 raw_disable_allfilters(dev, sk);
401 dev_put(dev);
403 } else
404 raw_disable_allfilters(NULL, sk);
406 ro->ifindex = ifindex;
407 ro->bound = 1;
410 out:
411 release_sock(sk);
413 if (notify_enetdown) {
414 sk->sk_err = ENETDOWN;
415 if (!sock_flag(sk, SOCK_DEAD))
416 sk->sk_error_report(sk);
419 return err;
422 static int raw_getname(struct socket *sock, struct sockaddr *uaddr,
423 int *len, int peer)
425 struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
426 struct sock *sk = sock->sk;
427 struct raw_sock *ro = raw_sk(sk);
429 if (peer)
430 return -EOPNOTSUPP;
432 memset(addr, 0, sizeof(*addr));
433 addr->can_family = AF_CAN;
434 addr->can_ifindex = ro->ifindex;
436 *len = sizeof(*addr);
438 return 0;
441 static int raw_setsockopt(struct socket *sock, int level, int optname,
442 char __user *optval, unsigned int optlen)
444 struct sock *sk = sock->sk;
445 struct raw_sock *ro = raw_sk(sk);
446 struct can_filter *filter = NULL; /* dyn. alloc'ed filters */
447 struct can_filter sfilter; /* single filter */
448 struct net_device *dev = NULL;
449 can_err_mask_t err_mask = 0;
450 int count = 0;
451 int err = 0;
453 if (level != SOL_CAN_RAW)
454 return -EINVAL;
456 switch (optname) {
458 case CAN_RAW_FILTER:
459 if (optlen % sizeof(struct can_filter) != 0)
460 return -EINVAL;
462 count = optlen / sizeof(struct can_filter);
464 if (count > 1) {
465 /* filter does not fit into dfilter => alloc space */
466 filter = memdup_user(optval, optlen);
467 if (IS_ERR(filter))
468 return PTR_ERR(filter);
469 } else if (count == 1) {
470 if (copy_from_user(&sfilter, optval, sizeof(sfilter)))
471 return -EFAULT;
474 lock_sock(sk);
476 if (ro->bound && ro->ifindex)
477 dev = dev_get_by_index(&init_net, ro->ifindex);
479 if (ro->bound) {
480 /* (try to) register the new filters */
481 if (count == 1)
482 err = raw_enable_filters(dev, sk, &sfilter, 1);
483 else
484 err = raw_enable_filters(dev, sk, filter,
485 count);
486 if (err) {
487 if (count > 1)
488 kfree(filter);
489 goto out_fil;
492 /* remove old filter registrations */
493 raw_disable_filters(dev, sk, ro->filter, ro->count);
496 /* remove old filter space */
497 if (ro->count > 1)
498 kfree(ro->filter);
500 /* link new filters to the socket */
501 if (count == 1) {
502 /* copy filter data for single filter */
503 ro->dfilter = sfilter;
504 filter = &ro->dfilter;
506 ro->filter = filter;
507 ro->count = count;
509 out_fil:
510 if (dev)
511 dev_put(dev);
513 release_sock(sk);
515 break;
517 case CAN_RAW_ERR_FILTER:
518 if (optlen != sizeof(err_mask))
519 return -EINVAL;
521 if (copy_from_user(&err_mask, optval, optlen))
522 return -EFAULT;
524 err_mask &= CAN_ERR_MASK;
526 lock_sock(sk);
528 if (ro->bound && ro->ifindex)
529 dev = dev_get_by_index(&init_net, ro->ifindex);
531 /* remove current error mask */
532 if (ro->bound) {
533 /* (try to) register the new err_mask */
534 err = raw_enable_errfilter(dev, sk, err_mask);
536 if (err)
537 goto out_err;
539 /* remove old err_mask registration */
540 raw_disable_errfilter(dev, sk, ro->err_mask);
543 /* link new err_mask to the socket */
544 ro->err_mask = err_mask;
546 out_err:
547 if (dev)
548 dev_put(dev);
550 release_sock(sk);
552 break;
554 case CAN_RAW_LOOPBACK:
555 if (optlen != sizeof(ro->loopback))
556 return -EINVAL;
558 if (copy_from_user(&ro->loopback, optval, optlen))
559 return -EFAULT;
561 break;
563 case CAN_RAW_RECV_OWN_MSGS:
564 if (optlen != sizeof(ro->recv_own_msgs))
565 return -EINVAL;
567 if (copy_from_user(&ro->recv_own_msgs, optval, optlen))
568 return -EFAULT;
570 break;
572 default:
573 return -ENOPROTOOPT;
575 return err;
578 static int raw_getsockopt(struct socket *sock, int level, int optname,
579 char __user *optval, int __user *optlen)
581 struct sock *sk = sock->sk;
582 struct raw_sock *ro = raw_sk(sk);
583 int len;
584 void *val;
585 int err = 0;
587 if (level != SOL_CAN_RAW)
588 return -EINVAL;
589 if (get_user(len, optlen))
590 return -EFAULT;
591 if (len < 0)
592 return -EINVAL;
594 switch (optname) {
596 case CAN_RAW_FILTER:
597 lock_sock(sk);
598 if (ro->count > 0) {
599 int fsize = ro->count * sizeof(struct can_filter);
600 if (len > fsize)
601 len = fsize;
602 if (copy_to_user(optval, ro->filter, len))
603 err = -EFAULT;
604 } else
605 len = 0;
606 release_sock(sk);
608 if (!err)
609 err = put_user(len, optlen);
610 return err;
612 case CAN_RAW_ERR_FILTER:
613 if (len > sizeof(can_err_mask_t))
614 len = sizeof(can_err_mask_t);
615 val = &ro->err_mask;
616 break;
618 case CAN_RAW_LOOPBACK:
619 if (len > sizeof(int))
620 len = sizeof(int);
621 val = &ro->loopback;
622 break;
624 case CAN_RAW_RECV_OWN_MSGS:
625 if (len > sizeof(int))
626 len = sizeof(int);
627 val = &ro->recv_own_msgs;
628 break;
630 default:
631 return -ENOPROTOOPT;
634 if (put_user(len, optlen))
635 return -EFAULT;
636 if (copy_to_user(optval, val, len))
637 return -EFAULT;
638 return 0;
641 static int raw_sendmsg(struct kiocb *iocb, struct socket *sock,
642 struct msghdr *msg, size_t size)
644 struct sock *sk = sock->sk;
645 struct raw_sock *ro = raw_sk(sk);
646 struct sk_buff *skb;
647 struct net_device *dev;
648 int ifindex;
649 int err;
651 if (msg->msg_name) {
652 struct sockaddr_can *addr =
653 (struct sockaddr_can *)msg->msg_name;
655 if (msg->msg_namelen < sizeof(*addr))
656 return -EINVAL;
658 if (addr->can_family != AF_CAN)
659 return -EINVAL;
661 ifindex = addr->can_ifindex;
662 } else
663 ifindex = ro->ifindex;
665 if (size != sizeof(struct can_frame))
666 return -EINVAL;
668 dev = dev_get_by_index(&init_net, ifindex);
669 if (!dev)
670 return -ENXIO;
672 skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT,
673 &err);
674 if (!skb)
675 goto put_dev;
677 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
678 if (err < 0)
679 goto free_skb;
680 err = sock_tx_timestamp(sk, &skb_shinfo(skb)->tx_flags);
681 if (err < 0)
682 goto free_skb;
684 /* to be able to check the received tx sock reference in raw_rcv() */
685 skb_shinfo(skb)->tx_flags |= SKBTX_DRV_NEEDS_SK_REF;
687 skb->dev = dev;
688 skb->sk = sk;
690 err = can_send(skb, ro->loopback);
692 dev_put(dev);
694 if (err)
695 goto send_failed;
697 return size;
699 free_skb:
700 kfree_skb(skb);
701 put_dev:
702 dev_put(dev);
703 send_failed:
704 return err;
707 static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
708 struct msghdr *msg, size_t size, int flags)
710 struct sock *sk = sock->sk;
711 struct sk_buff *skb;
712 int err = 0;
713 int noblock;
715 noblock = flags & MSG_DONTWAIT;
716 flags &= ~MSG_DONTWAIT;
718 skb = skb_recv_datagram(sk, flags, noblock, &err);
719 if (!skb)
720 return err;
722 if (size < skb->len)
723 msg->msg_flags |= MSG_TRUNC;
724 else
725 size = skb->len;
727 err = memcpy_toiovec(msg->msg_iov, skb->data, size);
728 if (err < 0) {
729 skb_free_datagram(sk, skb);
730 return err;
733 sock_recv_ts_and_drops(msg, sk, skb);
735 if (msg->msg_name) {
736 msg->msg_namelen = sizeof(struct sockaddr_can);
737 memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
740 /* assign the flags that have been recorded in raw_rcv() */
741 msg->msg_flags |= *(raw_flags(skb));
743 skb_free_datagram(sk, skb);
745 return size;
748 static const struct proto_ops raw_ops = {
749 .family = PF_CAN,
750 .release = raw_release,
751 .bind = raw_bind,
752 .connect = sock_no_connect,
753 .socketpair = sock_no_socketpair,
754 .accept = sock_no_accept,
755 .getname = raw_getname,
756 .poll = datagram_poll,
757 .ioctl = can_ioctl, /* use can_ioctl() from af_can.c */
758 .listen = sock_no_listen,
759 .shutdown = sock_no_shutdown,
760 .setsockopt = raw_setsockopt,
761 .getsockopt = raw_getsockopt,
762 .sendmsg = raw_sendmsg,
763 .recvmsg = raw_recvmsg,
764 .mmap = sock_no_mmap,
765 .sendpage = sock_no_sendpage,
768 static struct proto raw_proto __read_mostly = {
769 .name = "CAN_RAW",
770 .owner = THIS_MODULE,
771 .obj_size = sizeof(struct raw_sock),
772 .init = raw_init,
775 static const struct can_proto raw_can_proto = {
776 .type = SOCK_RAW,
777 .protocol = CAN_RAW,
778 .ops = &raw_ops,
779 .prot = &raw_proto,
782 static __init int raw_module_init(void)
784 int err;
786 printk(banner);
788 err = can_proto_register(&raw_can_proto);
789 if (err < 0)
790 printk(KERN_ERR "can: registration of raw protocol failed\n");
792 return err;
795 static __exit void raw_module_exit(void)
797 can_proto_unregister(&raw_can_proto);
800 module_init(raw_module_init);
801 module_exit(raw_module_exit);