1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (c) 2015, Sony Mobile Communications Inc.
4 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
5 */
6 #include <linux/module.h>
7 #include <linux/netlink.h>
8 #include <linux/qrtr.h>
9 #include <linux/termios.h> /* For TIOCINQ/OUTQ */
10 #include <linux/spinlock.h>
11 #include <linux/wait.h>
12
13 #include <net/sock.h>
14
15 #include "qrtr.h"
16
17 #define QRTR_PROTO_VER_1 1
18 #define QRTR_PROTO_VER_2 3
19
20 /* auto-bind range */
21 #define QRTR_MIN_EPH_SOCKET 0x4000
22 #define QRTR_MAX_EPH_SOCKET 0x7fff
23
24 /**
25 * struct qrtr_hdr_v1 - (I|R)PCrouter packet header version 1
26 * @version: protocol version
27 * @type: packet type; one of QRTR_TYPE_*
28 * @src_node_id: source node
29 * @src_port_id: source port
30 * @confirm_rx: boolean; whether a resume-tx packet should be send in reply
31 * @size: length of packet, excluding this header
32 * @dst_node_id: destination node
33 * @dst_port_id: destination port
34 */
35 struct qrtr_hdr_v1 {
36 __le32 version;
37 __le32 type;
38 __le32 src_node_id;
39 __le32 src_port_id;
40 __le32 confirm_rx;
41 __le32 size;
42 __le32 dst_node_id;
43 __le32 dst_port_id;
44 } __packed;
45
46 /**
47 * struct qrtr_hdr_v2 - (I|R)PCrouter packet header later versions
48 * @version: protocol version
49 * @type: packet type; one of QRTR_TYPE_*
50 * @flags: bitmask of QRTR_FLAGS_*
51 * @optlen: length of optional header data
52 * @size: length of packet, excluding this header and optlen
53 * @src_node_id: source node
54 * @src_port_id: source port
55 * @dst_node_id: destination node
56 * @dst_port_id: destination port
57 */
58 struct qrtr_hdr_v2 {
59 u8 version;
60 u8 type;
61 u8 flags;
62 u8 optlen;
63 __le32 size;
64 __le16 src_node_id;
65 __le16 src_port_id;
66 __le16 dst_node_id;
67 __le16 dst_port_id;
68 };
69
70 #define QRTR_FLAGS_CONFIRM_RX BIT(0)
71
72 struct qrtr_cb {
73 u32 src_node;
74 u32 src_port;
75 u32 dst_node;
76 u32 dst_port;
77
78 u8 type;
79 u8 confirm_rx;
80 };
81
82 #define QRTR_HDR_MAX_SIZE max_t(size_t, sizeof(struct qrtr_hdr_v1), \
83 sizeof(struct qrtr_hdr_v2))
84
85 struct qrtr_sock {
86 /* WARNING: sk must be the first member */
87 struct sock sk;
88 struct sockaddr_qrtr us;
89 struct sockaddr_qrtr peer;
90 };
91
qrtr_sk(struct sock * sk)92 static inline struct qrtr_sock *qrtr_sk(struct sock *sk)
93 {
94 BUILD_BUG_ON(offsetof(struct qrtr_sock, sk) != 0);
95 return container_of(sk, struct qrtr_sock, sk);
96 }
97
98 static unsigned int qrtr_local_nid = 1;
99
100 /* for node ids */
101 static RADIX_TREE(qrtr_nodes, GFP_ATOMIC);
102 static DEFINE_SPINLOCK(qrtr_nodes_lock);
103 /* broadcast list */
104 static LIST_HEAD(qrtr_all_nodes);
105 /* lock for qrtr_all_nodes and node reference */
106 static DEFINE_MUTEX(qrtr_node_lock);
107
108 /* local port allocation management */
109 static DEFINE_IDR(qrtr_ports);
110 static DEFINE_MUTEX(qrtr_port_lock);
111
112 /**
113 * struct qrtr_node - endpoint node
114 * @ep_lock: lock for endpoint management and callbacks
115 * @ep: endpoint
116 * @ref: reference count for node
117 * @nid: node id
118 * @qrtr_tx_flow: tree of qrtr_tx_flow, keyed by node << 32 | port
119 * @qrtr_tx_lock: lock for qrtr_tx_flow inserts
120 * @rx_queue: receive queue
121 * @item: list item for broadcast list
122 */
123 struct qrtr_node {
124 struct mutex ep_lock;
125 struct qrtr_endpoint *ep;
126 struct kref ref;
127 unsigned int nid;
128
129 struct radix_tree_root qrtr_tx_flow;
130 struct mutex qrtr_tx_lock; /* for qrtr_tx_flow */
131
132 struct sk_buff_head rx_queue;
133 struct list_head item;
134 };
135
136 /**
137 * struct qrtr_tx_flow - tx flow control
138 * @resume_tx: waiters for a resume tx from the remote
139 * @pending: number of waiting senders
140 * @tx_failed: indicates that a message with confirm_rx flag was lost
141 */
142 struct qrtr_tx_flow {
143 struct wait_queue_head resume_tx;
144 int pending;
145 int tx_failed;
146 };
147
148 #define QRTR_TX_FLOW_HIGH 10
149 #define QRTR_TX_FLOW_LOW 5
150
151 static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
152 int type, struct sockaddr_qrtr *from,
153 struct sockaddr_qrtr *to);
154 static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
155 int type, struct sockaddr_qrtr *from,
156 struct sockaddr_qrtr *to);
157 static struct qrtr_sock *qrtr_port_lookup(int port);
158 static void qrtr_port_put(struct qrtr_sock *ipc);
159
160 /* Release node resources and free the node.
161 *
162 * Do not call directly, use qrtr_node_release. To be used with
163 * kref_put_mutex. As such, the node mutex is expected to be locked on call.
164 */
__qrtr_node_release(struct kref * kref)165 static void __qrtr_node_release(struct kref *kref)
166 {
167 struct qrtr_node *node = container_of(kref, struct qrtr_node, ref);
168 struct radix_tree_iter iter;
169 struct qrtr_tx_flow *flow;
170 unsigned long flags;
171 void __rcu **slot;
172
173 spin_lock_irqsave(&qrtr_nodes_lock, flags);
174 if (node->nid != QRTR_EP_NID_AUTO)
175 radix_tree_delete(&qrtr_nodes, node->nid);
176 spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
177
178 list_del(&node->item);
179 mutex_unlock(&qrtr_node_lock);
180
181 skb_queue_purge(&node->rx_queue);
182
183 /* Free tx flow counters */
184 radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
185 flow = *slot;
186 radix_tree_iter_delete(&node->qrtr_tx_flow, &iter, slot);
187 kfree(flow);
188 }
189 kfree(node);
190 }
191
192 /* Increment reference to node. */
qrtr_node_acquire(struct qrtr_node * node)193 static struct qrtr_node *qrtr_node_acquire(struct qrtr_node *node)
194 {
195 if (node)
196 kref_get(&node->ref);
197 return node;
198 }
199
200 /* Decrement reference to node and release as necessary. */
qrtr_node_release(struct qrtr_node * node)201 static void qrtr_node_release(struct qrtr_node *node)
202 {
203 if (!node)
204 return;
205 kref_put_mutex(&node->ref, __qrtr_node_release, &qrtr_node_lock);
206 }
207
208 /**
209 * qrtr_tx_resume() - reset flow control counter
210 * @node: qrtr_node that the QRTR_TYPE_RESUME_TX packet arrived on
211 * @skb: resume_tx packet
212 */
qrtr_tx_resume(struct qrtr_node * node,struct sk_buff * skb)213 static void qrtr_tx_resume(struct qrtr_node *node, struct sk_buff *skb)
214 {
215 struct qrtr_ctrl_pkt *pkt = (struct qrtr_ctrl_pkt *)skb->data;
216 u64 remote_node = le32_to_cpu(pkt->client.node);
217 u32 remote_port = le32_to_cpu(pkt->client.port);
218 struct qrtr_tx_flow *flow;
219 unsigned long key;
220
221 key = remote_node << 32 | remote_port;
222
223 rcu_read_lock();
224 flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
225 rcu_read_unlock();
226 if (flow) {
227 spin_lock(&flow->resume_tx.lock);
228 flow->pending = 0;
229 spin_unlock(&flow->resume_tx.lock);
230 wake_up_interruptible_all(&flow->resume_tx);
231 }
232
233 consume_skb(skb);
234 }
235
236 /**
237 * qrtr_tx_wait() - flow control for outgoing packets
238 * @node: qrtr_node that the packet is to be send to
239 * @dest_node: node id of the destination
240 * @dest_port: port number of the destination
241 * @type: type of message
242 *
243 * The flow control scheme is based around the low and high "watermarks". When
244 * the low watermark is passed the confirm_rx flag is set on the outgoing
245 * message, which will trigger the remote to send a control message of the type
246 * QRTR_TYPE_RESUME_TX to reset the counter. If the high watermark is hit
247 * further transmision should be paused.
248 *
249 * Return: 1 if confirm_rx should be set, 0 otherwise or errno failure
250 */
qrtr_tx_wait(struct qrtr_node * node,int dest_node,int dest_port,int type)251 static int qrtr_tx_wait(struct qrtr_node *node, int dest_node, int dest_port,
252 int type)
253 {
254 unsigned long key = (u64)dest_node << 32 | dest_port;
255 struct qrtr_tx_flow *flow;
256 int confirm_rx = 0;
257 int ret;
258
259 /* Never set confirm_rx on non-data packets */
260 if (type != QRTR_TYPE_DATA)
261 return 0;
262
263 mutex_lock(&node->qrtr_tx_lock);
264 flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
265 if (!flow) {
266 flow = kzalloc(sizeof(*flow), GFP_KERNEL);
267 if (flow) {
268 init_waitqueue_head(&flow->resume_tx);
269 if (radix_tree_insert(&node->qrtr_tx_flow, key, flow)) {
270 kfree(flow);
271 flow = NULL;
272 }
273 }
274 }
275 mutex_unlock(&node->qrtr_tx_lock);
276
277 /* Set confirm_rx if we where unable to find and allocate a flow */
278 if (!flow)
279 return 1;
280
281 spin_lock_irq(&flow->resume_tx.lock);
282 ret = wait_event_interruptible_locked_irq(flow->resume_tx,
283 flow->pending < QRTR_TX_FLOW_HIGH ||
284 flow->tx_failed ||
285 !node->ep);
286 if (ret < 0) {
287 confirm_rx = ret;
288 } else if (!node->ep) {
289 confirm_rx = -EPIPE;
290 } else if (flow->tx_failed) {
291 flow->tx_failed = 0;
292 confirm_rx = 1;
293 } else {
294 flow->pending++;
295 confirm_rx = flow->pending == QRTR_TX_FLOW_LOW;
296 }
297 spin_unlock_irq(&flow->resume_tx.lock);
298
299 return confirm_rx;
300 }
301
302 /**
303 * qrtr_tx_flow_failed() - flag that tx of confirm_rx flagged messages failed
304 * @node: qrtr_node that the packet is to be send to
305 * @dest_node: node id of the destination
306 * @dest_port: port number of the destination
307 *
308 * Signal that the transmission of a message with confirm_rx flag failed. The
309 * flow's "pending" counter will keep incrementing towards QRTR_TX_FLOW_HIGH,
310 * at which point transmission would stall forever waiting for the resume TX
311 * message associated with the dropped confirm_rx message.
312 * Work around this by marking the flow as having a failed transmission and
313 * cause the next transmission attempt to be sent with the confirm_rx.
314 */
qrtr_tx_flow_failed(struct qrtr_node * node,int dest_node,int dest_port)315 static void qrtr_tx_flow_failed(struct qrtr_node *node, int dest_node,
316 int dest_port)
317 {
318 unsigned long key = (u64)dest_node << 32 | dest_port;
319 struct qrtr_tx_flow *flow;
320
321 rcu_read_lock();
322 flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
323 rcu_read_unlock();
324 if (flow) {
325 spin_lock_irq(&flow->resume_tx.lock);
326 flow->tx_failed = 1;
327 spin_unlock_irq(&flow->resume_tx.lock);
328 }
329 }
330
331 /* Pass an outgoing packet socket buffer to the endpoint driver. */
qrtr_node_enqueue(struct qrtr_node * node,struct sk_buff * skb,int type,struct sockaddr_qrtr * from,struct sockaddr_qrtr * to)332 static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb,
333 int type, struct sockaddr_qrtr *from,
334 struct sockaddr_qrtr *to)
335 {
336 struct qrtr_hdr_v1 *hdr;
337 size_t len = skb->len;
338 int rc, confirm_rx;
339
340 confirm_rx = qrtr_tx_wait(node, to->sq_node, to->sq_port, type);
341 if (confirm_rx < 0) {
342 kfree_skb(skb);
343 return confirm_rx;
344 }
345
346 hdr = skb_push(skb, sizeof(*hdr));
347 hdr->version = cpu_to_le32(QRTR_PROTO_VER_1);
348 hdr->type = cpu_to_le32(type);
349 hdr->src_node_id = cpu_to_le32(from->sq_node);
350 hdr->src_port_id = cpu_to_le32(from->sq_port);
351 if (to->sq_port == QRTR_PORT_CTRL) {
352 hdr->dst_node_id = cpu_to_le32(node->nid);
353 hdr->dst_port_id = cpu_to_le32(QRTR_PORT_CTRL);
354 } else {
355 hdr->dst_node_id = cpu_to_le32(to->sq_node);
356 hdr->dst_port_id = cpu_to_le32(to->sq_port);
357 }
358
359 hdr->size = cpu_to_le32(len);
360 hdr->confirm_rx = !!confirm_rx;
361
362 rc = skb_put_padto(skb, ALIGN(len, 4) + sizeof(*hdr));
363
364 if (!rc) {
365 mutex_lock(&node->ep_lock);
366 rc = -ENODEV;
367 if (node->ep)
368 rc = node->ep->xmit(node->ep, skb);
369 else
370 kfree_skb(skb);
371 mutex_unlock(&node->ep_lock);
372 }
373 /* Need to ensure that a subsequent message carries the otherwise lost
374 * confirm_rx flag if we dropped this one */
375 if (rc && confirm_rx)
376 qrtr_tx_flow_failed(node, to->sq_node, to->sq_port);
377
378 return rc;
379 }
380
381 /* Lookup node by id.
382 *
383 * callers must release with qrtr_node_release()
384 */
qrtr_node_lookup(unsigned int nid)385 static struct qrtr_node *qrtr_node_lookup(unsigned int nid)
386 {
387 struct qrtr_node *node;
388 unsigned long flags;
389
390 spin_lock_irqsave(&qrtr_nodes_lock, flags);
391 node = radix_tree_lookup(&qrtr_nodes, nid);
392 node = qrtr_node_acquire(node);
393 spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
394
395 return node;
396 }
397
398 /* Assign node id to node.
399 *
400 * This is mostly useful for automatic node id assignment, based on
401 * the source id in the incoming packet.
402 */
qrtr_node_assign(struct qrtr_node * node,unsigned int nid)403 static void qrtr_node_assign(struct qrtr_node *node, unsigned int nid)
404 {
405 unsigned long flags;
406
407 if (node->nid != QRTR_EP_NID_AUTO || nid == QRTR_EP_NID_AUTO)
408 return;
409
410 spin_lock_irqsave(&qrtr_nodes_lock, flags);
411 radix_tree_insert(&qrtr_nodes, nid, node);
412 node->nid = nid;
413 spin_unlock_irqrestore(&qrtr_nodes_lock, flags);
414 }
415
416 /**
417 * qrtr_endpoint_post() - post incoming data
418 * @ep: endpoint handle
419 * @data: data pointer
420 * @len: size of data in bytes
421 *
422 * Return: 0 on success; negative error code on failure
423 */
qrtr_endpoint_post(struct qrtr_endpoint * ep,const void * data,size_t len)424 int qrtr_endpoint_post(struct qrtr_endpoint *ep, const void *data, size_t len)
425 {
426 struct qrtr_node *node = ep->node;
427 const struct qrtr_hdr_v1 *v1;
428 const struct qrtr_hdr_v2 *v2;
429 struct qrtr_sock *ipc;
430 struct sk_buff *skb;
431 struct qrtr_cb *cb;
432 size_t size;
433 unsigned int ver;
434 size_t hdrlen;
435
436 if (len == 0 || len & 3)
437 return -EINVAL;
438
439 skb = __netdev_alloc_skb(NULL, len, GFP_ATOMIC | __GFP_NOWARN);
440 if (!skb)
441 return -ENOMEM;
442
443 cb = (struct qrtr_cb *)skb->cb;
444
445 /* Version field in v1 is little endian, so this works for both cases */
446 ver = *(u8*)data;
447
448 switch (ver) {
449 case QRTR_PROTO_VER_1:
450 if (len < sizeof(*v1))
451 goto err;
452 v1 = data;
453 hdrlen = sizeof(*v1);
454
455 cb->type = le32_to_cpu(v1->type);
456 cb->src_node = le32_to_cpu(v1->src_node_id);
457 cb->src_port = le32_to_cpu(v1->src_port_id);
458 cb->confirm_rx = !!v1->confirm_rx;
459 cb->dst_node = le32_to_cpu(v1->dst_node_id);
460 cb->dst_port = le32_to_cpu(v1->dst_port_id);
461
462 size = le32_to_cpu(v1->size);
463 break;
464 case QRTR_PROTO_VER_2:
465 if (len < sizeof(*v2))
466 goto err;
467 v2 = data;
468 hdrlen = sizeof(*v2) + v2->optlen;
469
470 cb->type = v2->type;
471 cb->confirm_rx = !!(v2->flags & QRTR_FLAGS_CONFIRM_RX);
472 cb->src_node = le16_to_cpu(v2->src_node_id);
473 cb->src_port = le16_to_cpu(v2->src_port_id);
474 cb->dst_node = le16_to_cpu(v2->dst_node_id);
475 cb->dst_port = le16_to_cpu(v2->dst_port_id);
476
477 if (cb->src_port == (u16)QRTR_PORT_CTRL)
478 cb->src_port = QRTR_PORT_CTRL;
479 if (cb->dst_port == (u16)QRTR_PORT_CTRL)
480 cb->dst_port = QRTR_PORT_CTRL;
481
482 size = le32_to_cpu(v2->size);
483 break;
484 default:
485 pr_err("qrtr: Invalid version %d\n", ver);
486 goto err;
487 }
488
489 if (!size || len != ALIGN(size, 4) + hdrlen)
490 goto err;
491
492 if (cb->dst_port != QRTR_PORT_CTRL && cb->type != QRTR_TYPE_DATA &&
493 cb->type != QRTR_TYPE_RESUME_TX)
494 goto err;
495
496 skb_put_data(skb, data + hdrlen, size);
497
498 qrtr_node_assign(node, cb->src_node);
499
500 if (cb->type == QRTR_TYPE_RESUME_TX) {
501 qrtr_tx_resume(node, skb);
502 } else {
503 ipc = qrtr_port_lookup(cb->dst_port);
504 if (!ipc)
505 goto err;
506
507 if (sock_queue_rcv_skb(&ipc->sk, skb)) {
508 qrtr_port_put(ipc);
509 goto err;
510 }
511
512 qrtr_port_put(ipc);
513 }
514
515 return 0;
516
517 err:
518 kfree_skb(skb);
519 return -EINVAL;
520
521 }
522 EXPORT_SYMBOL_GPL(qrtr_endpoint_post);
523
524 /**
525 * qrtr_alloc_ctrl_packet() - allocate control packet skb
526 * @pkt: reference to qrtr_ctrl_pkt pointer
527 *
528 * Returns newly allocated sk_buff, or NULL on failure
529 *
530 * This function allocates a sk_buff large enough to carry a qrtr_ctrl_pkt and
531 * on success returns a reference to the control packet in @pkt.
532 */
qrtr_alloc_ctrl_packet(struct qrtr_ctrl_pkt ** pkt)533 static struct sk_buff *qrtr_alloc_ctrl_packet(struct qrtr_ctrl_pkt **pkt)
534 {
535 const int pkt_len = sizeof(struct qrtr_ctrl_pkt);
536 struct sk_buff *skb;
537
538 skb = alloc_skb(QRTR_HDR_MAX_SIZE + pkt_len, GFP_KERNEL);
539 if (!skb)
540 return NULL;
541
542 skb_reserve(skb, QRTR_HDR_MAX_SIZE);
543 *pkt = skb_put_zero(skb, pkt_len);
544
545 return skb;
546 }
547
548 /**
549 * qrtr_endpoint_register() - register a new endpoint
550 * @ep: endpoint to register
551 * @nid: desired node id; may be QRTR_EP_NID_AUTO for auto-assignment
552 * Return: 0 on success; negative error code on failure
553 *
554 * The specified endpoint must have the xmit function pointer set on call.
555 */
qrtr_endpoint_register(struct qrtr_endpoint * ep,unsigned int nid)556 int qrtr_endpoint_register(struct qrtr_endpoint *ep, unsigned int nid)
557 {
558 struct qrtr_node *node;
559
560 if (!ep || !ep->xmit)
561 return -EINVAL;
562
563 node = kzalloc(sizeof(*node), GFP_KERNEL);
564 if (!node)
565 return -ENOMEM;
566
567 kref_init(&node->ref);
568 mutex_init(&node->ep_lock);
569 skb_queue_head_init(&node->rx_queue);
570 node->nid = QRTR_EP_NID_AUTO;
571 node->ep = ep;
572
573 INIT_RADIX_TREE(&node->qrtr_tx_flow, GFP_KERNEL);
574 mutex_init(&node->qrtr_tx_lock);
575
576 qrtr_node_assign(node, nid);
577
578 mutex_lock(&qrtr_node_lock);
579 list_add(&node->item, &qrtr_all_nodes);
580 mutex_unlock(&qrtr_node_lock);
581 ep->node = node;
582
583 return 0;
584 }
585 EXPORT_SYMBOL_GPL(qrtr_endpoint_register);
586
587 /**
588 * qrtr_endpoint_unregister - unregister endpoint
589 * @ep: endpoint to unregister
590 */
qrtr_endpoint_unregister(struct qrtr_endpoint * ep)591 void qrtr_endpoint_unregister(struct qrtr_endpoint *ep)
592 {
593 struct qrtr_node *node = ep->node;
594 struct sockaddr_qrtr src = {AF_QIPCRTR, node->nid, QRTR_PORT_CTRL};
595 struct sockaddr_qrtr dst = {AF_QIPCRTR, qrtr_local_nid, QRTR_PORT_CTRL};
596 struct radix_tree_iter iter;
597 struct qrtr_ctrl_pkt *pkt;
598 struct qrtr_tx_flow *flow;
599 struct sk_buff *skb;
600 void __rcu **slot;
601
602 mutex_lock(&node->ep_lock);
603 node->ep = NULL;
604 mutex_unlock(&node->ep_lock);
605
606 /* Notify the local controller about the event */
607 skb = qrtr_alloc_ctrl_packet(&pkt);
608 if (skb) {
609 pkt->cmd = cpu_to_le32(QRTR_TYPE_BYE);
610 qrtr_local_enqueue(NULL, skb, QRTR_TYPE_BYE, &src, &dst);
611 }
612
613 /* Wake up any transmitters waiting for resume-tx from the node */
614 mutex_lock(&node->qrtr_tx_lock);
615 radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
616 flow = *slot;
617 wake_up_interruptible_all(&flow->resume_tx);
618 }
619 mutex_unlock(&node->qrtr_tx_lock);
620
621 qrtr_node_release(node);
622 ep->node = NULL;
623 }
624 EXPORT_SYMBOL_GPL(qrtr_endpoint_unregister);
625
626 /* Lookup socket by port.
627 *
628 * Callers must release with qrtr_port_put()
629 */
qrtr_port_lookup(int port)630 static struct qrtr_sock *qrtr_port_lookup(int port)
631 {
632 struct qrtr_sock *ipc;
633
634 if (port == QRTR_PORT_CTRL)
635 port = 0;
636
637 rcu_read_lock();
638 ipc = idr_find(&qrtr_ports, port);
639 if (ipc)
640 sock_hold(&ipc->sk);
641 rcu_read_unlock();
642
643 return ipc;
644 }
645
646 /* Release acquired socket. */
qrtr_port_put(struct qrtr_sock * ipc)647 static void qrtr_port_put(struct qrtr_sock *ipc)
648 {
649 sock_put(&ipc->sk);
650 }
651
652 /* Remove port assignment. */
qrtr_port_remove(struct qrtr_sock * ipc)653 static void qrtr_port_remove(struct qrtr_sock *ipc)
654 {
655 struct qrtr_ctrl_pkt *pkt;
656 struct sk_buff *skb;
657 int port = ipc->us.sq_port;
658 struct sockaddr_qrtr to;
659
660 to.sq_family = AF_QIPCRTR;
661 to.sq_node = QRTR_NODE_BCAST;
662 to.sq_port = QRTR_PORT_CTRL;
663
664 skb = qrtr_alloc_ctrl_packet(&pkt);
665 if (skb) {
666 pkt->cmd = cpu_to_le32(QRTR_TYPE_DEL_CLIENT);
667 pkt->client.node = cpu_to_le32(ipc->us.sq_node);
668 pkt->client.port = cpu_to_le32(ipc->us.sq_port);
669
670 skb_set_owner_w(skb, &ipc->sk);
671 qrtr_bcast_enqueue(NULL, skb, QRTR_TYPE_DEL_CLIENT, &ipc->us,
672 &to);
673 }
674
675 if (port == QRTR_PORT_CTRL)
676 port = 0;
677
678 __sock_put(&ipc->sk);
679
680 mutex_lock(&qrtr_port_lock);
681 idr_remove(&qrtr_ports, port);
682 mutex_unlock(&qrtr_port_lock);
683
684 /* Ensure that if qrtr_port_lookup() did enter the RCU read section we
685 * wait for it to up increment the refcount */
686 synchronize_rcu();
687 }
688
689 /* Assign port number to socket.
690 *
691 * Specify port in the integer pointed to by port, and it will be adjusted
692 * on return as necesssary.
693 *
694 * Port may be:
695 * 0: Assign ephemeral port in [QRTR_MIN_EPH_SOCKET, QRTR_MAX_EPH_SOCKET]
696 * <QRTR_MIN_EPH_SOCKET: Specified; requires CAP_NET_ADMIN
697 * >QRTR_MIN_EPH_SOCKET: Specified; available to all
698 */
qrtr_port_assign(struct qrtr_sock * ipc,int * port)699 static int qrtr_port_assign(struct qrtr_sock *ipc, int *port)
700 {
701 u32 min_port;
702 int rc;
703
704 mutex_lock(&qrtr_port_lock);
705 if (!*port) {
706 min_port = QRTR_MIN_EPH_SOCKET;
707 rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, QRTR_MAX_EPH_SOCKET, GFP_ATOMIC);
708 if (!rc)
709 *port = min_port;
710 } else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
711 rc = -EACCES;
712 } else if (*port == QRTR_PORT_CTRL) {
713 min_port = 0;
714 rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, 0, GFP_ATOMIC);
715 } else {
716 min_port = *port;
717 rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port, *port, GFP_ATOMIC);
718 if (!rc)
719 *port = min_port;
720 }
721 mutex_unlock(&qrtr_port_lock);
722
723 if (rc == -ENOSPC)
724 return -EADDRINUSE;
725 else if (rc < 0)
726 return rc;
727
728 sock_hold(&ipc->sk);
729
730 return 0;
731 }
732
733 /* Reset all non-control ports */
qrtr_reset_ports(void)734 static void qrtr_reset_ports(void)
735 {
736 struct qrtr_sock *ipc;
737 int id;
738
739 mutex_lock(&qrtr_port_lock);
740 idr_for_each_entry(&qrtr_ports, ipc, id) {
741 /* Don't reset control port */
742 if (id == 0)
743 continue;
744
745 sock_hold(&ipc->sk);
746 ipc->sk.sk_err = ENETRESET;
747 ipc->sk.sk_error_report(&ipc->sk);
748 sock_put(&ipc->sk);
749 }
750 mutex_unlock(&qrtr_port_lock);
751 }
752
753 /* Bind socket to address.
754 *
755 * Socket should be locked upon call.
756 */
__qrtr_bind(struct socket * sock,const struct sockaddr_qrtr * addr,int zapped)757 static int __qrtr_bind(struct socket *sock,
758 const struct sockaddr_qrtr *addr, int zapped)
759 {
760 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
761 struct sock *sk = sock->sk;
762 int port;
763 int rc;
764
765 /* rebinding ok */
766 if (!zapped && addr->sq_port == ipc->us.sq_port)
767 return 0;
768
769 port = addr->sq_port;
770 rc = qrtr_port_assign(ipc, &port);
771 if (rc)
772 return rc;
773
774 /* unbind previous, if any */
775 if (!zapped)
776 qrtr_port_remove(ipc);
777 ipc->us.sq_port = port;
778
779 sock_reset_flag(sk, SOCK_ZAPPED);
780
781 /* Notify all open ports about the new controller */
782 if (port == QRTR_PORT_CTRL)
783 qrtr_reset_ports();
784
785 return 0;
786 }
787
788 /* Auto bind to an ephemeral port. */
qrtr_autobind(struct socket * sock)789 static int qrtr_autobind(struct socket *sock)
790 {
791 struct sock *sk = sock->sk;
792 struct sockaddr_qrtr addr;
793
794 if (!sock_flag(sk, SOCK_ZAPPED))
795 return 0;
796
797 addr.sq_family = AF_QIPCRTR;
798 addr.sq_node = qrtr_local_nid;
799 addr.sq_port = 0;
800
801 return __qrtr_bind(sock, &addr, 1);
802 }
803
804 /* Bind socket to specified sockaddr. */
qrtr_bind(struct socket * sock,struct sockaddr * saddr,int len)805 static int qrtr_bind(struct socket *sock, struct sockaddr *saddr, int len)
806 {
807 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
808 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
809 struct sock *sk = sock->sk;
810 int rc;
811
812 if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
813 return -EINVAL;
814
815 if (addr->sq_node != ipc->us.sq_node)
816 return -EINVAL;
817
818 lock_sock(sk);
819 rc = __qrtr_bind(sock, addr, sock_flag(sk, SOCK_ZAPPED));
820 release_sock(sk);
821
822 return rc;
823 }
824
825 /* Queue packet to local peer socket. */
qrtr_local_enqueue(struct qrtr_node * node,struct sk_buff * skb,int type,struct sockaddr_qrtr * from,struct sockaddr_qrtr * to)826 static int qrtr_local_enqueue(struct qrtr_node *node, struct sk_buff *skb,
827 int type, struct sockaddr_qrtr *from,
828 struct sockaddr_qrtr *to)
829 {
830 struct qrtr_sock *ipc;
831 struct qrtr_cb *cb;
832
833 ipc = qrtr_port_lookup(to->sq_port);
834 if (!ipc || &ipc->sk == skb->sk) { /* do not send to self */
835 if (ipc)
836 qrtr_port_put(ipc);
837 kfree_skb(skb);
838 return -ENODEV;
839 }
840
841 cb = (struct qrtr_cb *)skb->cb;
842 cb->src_node = from->sq_node;
843 cb->src_port = from->sq_port;
844
845 if (sock_queue_rcv_skb(&ipc->sk, skb)) {
846 qrtr_port_put(ipc);
847 kfree_skb(skb);
848 return -ENOSPC;
849 }
850
851 qrtr_port_put(ipc);
852
853 return 0;
854 }
855
856 /* Queue packet for broadcast. */
qrtr_bcast_enqueue(struct qrtr_node * node,struct sk_buff * skb,int type,struct sockaddr_qrtr * from,struct sockaddr_qrtr * to)857 static int qrtr_bcast_enqueue(struct qrtr_node *node, struct sk_buff *skb,
858 int type, struct sockaddr_qrtr *from,
859 struct sockaddr_qrtr *to)
860 {
861 struct sk_buff *skbn;
862
863 mutex_lock(&qrtr_node_lock);
864 list_for_each_entry(node, &qrtr_all_nodes, item) {
865 skbn = skb_clone(skb, GFP_KERNEL);
866 if (!skbn)
867 break;
868 skb_set_owner_w(skbn, skb->sk);
869 qrtr_node_enqueue(node, skbn, type, from, to);
870 }
871 mutex_unlock(&qrtr_node_lock);
872
873 qrtr_local_enqueue(NULL, skb, type, from, to);
874
875 return 0;
876 }
877
qrtr_sendmsg(struct socket * sock,struct msghdr * msg,size_t len)878 static int qrtr_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
879 {
880 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
881 int (*enqueue_fn)(struct qrtr_node *, struct sk_buff *, int,
882 struct sockaddr_qrtr *, struct sockaddr_qrtr *);
883 __le32 qrtr_type = cpu_to_le32(QRTR_TYPE_DATA);
884 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
885 struct sock *sk = sock->sk;
886 struct qrtr_node *node;
887 struct sk_buff *skb;
888 size_t plen;
889 u32 type;
890 int rc;
891
892 if (msg->msg_flags & ~(MSG_DONTWAIT))
893 return -EINVAL;
894
895 if (len > 65535)
896 return -EMSGSIZE;
897
898 lock_sock(sk);
899
900 if (addr) {
901 if (msg->msg_namelen < sizeof(*addr)) {
902 release_sock(sk);
903 return -EINVAL;
904 }
905
906 if (addr->sq_family != AF_QIPCRTR) {
907 release_sock(sk);
908 return -EINVAL;
909 }
910
911 rc = qrtr_autobind(sock);
912 if (rc) {
913 release_sock(sk);
914 return rc;
915 }
916 } else if (sk->sk_state == TCP_ESTABLISHED) {
917 addr = &ipc->peer;
918 } else {
919 release_sock(sk);
920 return -ENOTCONN;
921 }
922
923 node = NULL;
924 if (addr->sq_node == QRTR_NODE_BCAST) {
925 if (addr->sq_port != QRTR_PORT_CTRL &&
926 qrtr_local_nid != QRTR_NODE_BCAST) {
927 release_sock(sk);
928 return -ENOTCONN;
929 }
930 enqueue_fn = qrtr_bcast_enqueue;
931 } else if (addr->sq_node == ipc->us.sq_node) {
932 enqueue_fn = qrtr_local_enqueue;
933 } else {
934 node = qrtr_node_lookup(addr->sq_node);
935 if (!node) {
936 release_sock(sk);
937 return -ECONNRESET;
938 }
939 enqueue_fn = qrtr_node_enqueue;
940 }
941
942 plen = (len + 3) & ~3;
943 skb = sock_alloc_send_skb(sk, plen + QRTR_HDR_MAX_SIZE,
944 msg->msg_flags & MSG_DONTWAIT, &rc);
945 if (!skb) {
946 rc = -ENOMEM;
947 goto out_node;
948 }
949
950 skb_reserve(skb, QRTR_HDR_MAX_SIZE);
951
952 rc = memcpy_from_msg(skb_put(skb, len), msg, len);
953 if (rc) {
954 kfree_skb(skb);
955 goto out_node;
956 }
957
958 if (ipc->us.sq_port == QRTR_PORT_CTRL) {
959 if (len < 4) {
960 rc = -EINVAL;
961 kfree_skb(skb);
962 goto out_node;
963 }
964
965 /* control messages already require the type as 'command' */
966 skb_copy_bits(skb, 0, &qrtr_type, 4);
967 }
968
969 type = le32_to_cpu(qrtr_type);
970 rc = enqueue_fn(node, skb, type, &ipc->us, addr);
971 if (rc >= 0)
972 rc = len;
973
974 out_node:
975 qrtr_node_release(node);
976 release_sock(sk);
977
978 return rc;
979 }
980
qrtr_send_resume_tx(struct qrtr_cb * cb)981 static int qrtr_send_resume_tx(struct qrtr_cb *cb)
982 {
983 struct sockaddr_qrtr remote = { AF_QIPCRTR, cb->src_node, cb->src_port };
984 struct sockaddr_qrtr local = { AF_QIPCRTR, cb->dst_node, cb->dst_port };
985 struct qrtr_ctrl_pkt *pkt;
986 struct qrtr_node *node;
987 struct sk_buff *skb;
988 int ret;
989
990 node = qrtr_node_lookup(remote.sq_node);
991 if (!node)
992 return -EINVAL;
993
994 skb = qrtr_alloc_ctrl_packet(&pkt);
995 if (!skb)
996 return -ENOMEM;
997
998 pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
999 pkt->client.node = cpu_to_le32(cb->dst_node);
1000 pkt->client.port = cpu_to_le32(cb->dst_port);
1001
1002 ret = qrtr_node_enqueue(node, skb, QRTR_TYPE_RESUME_TX, &local, &remote);
1003
1004 qrtr_node_release(node);
1005
1006 return ret;
1007 }
1008
qrtr_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)1009 static int qrtr_recvmsg(struct socket *sock, struct msghdr *msg,
1010 size_t size, int flags)
1011 {
1012 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, msg->msg_name);
1013 struct sock *sk = sock->sk;
1014 struct sk_buff *skb;
1015 struct qrtr_cb *cb;
1016 int copied, rc;
1017
1018 lock_sock(sk);
1019
1020 if (sock_flag(sk, SOCK_ZAPPED)) {
1021 release_sock(sk);
1022 return -EADDRNOTAVAIL;
1023 }
1024
1025 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1026 flags & MSG_DONTWAIT, &rc);
1027 if (!skb) {
1028 release_sock(sk);
1029 return rc;
1030 }
1031 cb = (struct qrtr_cb *)skb->cb;
1032
1033 copied = skb->len;
1034 if (copied > size) {
1035 copied = size;
1036 msg->msg_flags |= MSG_TRUNC;
1037 }
1038
1039 rc = skb_copy_datagram_msg(skb, 0, msg, copied);
1040 if (rc < 0)
1041 goto out;
1042 rc = copied;
1043
1044 if (addr) {
1045 /* There is an anonymous 2-byte hole after sq_family,
1046 * make sure to clear it.
1047 */
1048 memset(addr, 0, sizeof(*addr));
1049
1050 addr->sq_family = AF_QIPCRTR;
1051 addr->sq_node = cb->src_node;
1052 addr->sq_port = cb->src_port;
1053 msg->msg_namelen = sizeof(*addr);
1054 }
1055
1056 out:
1057 if (cb->confirm_rx)
1058 qrtr_send_resume_tx(cb);
1059
1060 skb_free_datagram(sk, skb);
1061 release_sock(sk);
1062
1063 return rc;
1064 }
1065
qrtr_connect(struct socket * sock,struct sockaddr * saddr,int len,int flags)1066 static int qrtr_connect(struct socket *sock, struct sockaddr *saddr,
1067 int len, int flags)
1068 {
1069 DECLARE_SOCKADDR(struct sockaddr_qrtr *, addr, saddr);
1070 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1071 struct sock *sk = sock->sk;
1072 int rc;
1073
1074 if (len < sizeof(*addr) || addr->sq_family != AF_QIPCRTR)
1075 return -EINVAL;
1076
1077 lock_sock(sk);
1078
1079 sk->sk_state = TCP_CLOSE;
1080 sock->state = SS_UNCONNECTED;
1081
1082 rc = qrtr_autobind(sock);
1083 if (rc) {
1084 release_sock(sk);
1085 return rc;
1086 }
1087
1088 ipc->peer = *addr;
1089 sock->state = SS_CONNECTED;
1090 sk->sk_state = TCP_ESTABLISHED;
1091
1092 release_sock(sk);
1093
1094 return 0;
1095 }
1096
qrtr_getname(struct socket * sock,struct sockaddr * saddr,int peer)1097 static int qrtr_getname(struct socket *sock, struct sockaddr *saddr,
1098 int peer)
1099 {
1100 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1101 struct sockaddr_qrtr qaddr;
1102 struct sock *sk = sock->sk;
1103
1104 lock_sock(sk);
1105 if (peer) {
1106 if (sk->sk_state != TCP_ESTABLISHED) {
1107 release_sock(sk);
1108 return -ENOTCONN;
1109 }
1110
1111 qaddr = ipc->peer;
1112 } else {
1113 qaddr = ipc->us;
1114 }
1115 release_sock(sk);
1116
1117 qaddr.sq_family = AF_QIPCRTR;
1118
1119 memcpy(saddr, &qaddr, sizeof(qaddr));
1120
1121 return sizeof(qaddr);
1122 }
1123
qrtr_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)1124 static int qrtr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1125 {
1126 void __user *argp = (void __user *)arg;
1127 struct qrtr_sock *ipc = qrtr_sk(sock->sk);
1128 struct sock *sk = sock->sk;
1129 struct sockaddr_qrtr *sq;
1130 struct sk_buff *skb;
1131 struct ifreq ifr;
1132 long len = 0;
1133 int rc = 0;
1134
1135 lock_sock(sk);
1136
1137 switch (cmd) {
1138 case TIOCOUTQ:
1139 len = sk->sk_sndbuf - sk_wmem_alloc_get(sk);
1140 if (len < 0)
1141 len = 0;
1142 rc = put_user(len, (int __user *)argp);
1143 break;
1144 case TIOCINQ:
1145 skb = skb_peek(&sk->sk_receive_queue);
1146 if (skb)
1147 len = skb->len;
1148 rc = put_user(len, (int __user *)argp);
1149 break;
1150 case SIOCGIFADDR:
1151 if (copy_from_user(&ifr, argp, sizeof(ifr))) {
1152 rc = -EFAULT;
1153 break;
1154 }
1155
1156 sq = (struct sockaddr_qrtr *)&ifr.ifr_addr;
1157 *sq = ipc->us;
1158 if (copy_to_user(argp, &ifr, sizeof(ifr))) {
1159 rc = -EFAULT;
1160 break;
1161 }
1162 break;
1163 case SIOCADDRT:
1164 case SIOCDELRT:
1165 case SIOCSIFADDR:
1166 case SIOCGIFDSTADDR:
1167 case SIOCSIFDSTADDR:
1168 case SIOCGIFBRDADDR:
1169 case SIOCSIFBRDADDR:
1170 case SIOCGIFNETMASK:
1171 case SIOCSIFNETMASK:
1172 rc = -EINVAL;
1173 break;
1174 default:
1175 rc = -ENOIOCTLCMD;
1176 break;
1177 }
1178
1179 release_sock(sk);
1180
1181 return rc;
1182 }
1183
qrtr_release(struct socket * sock)1184 static int qrtr_release(struct socket *sock)
1185 {
1186 struct sock *sk = sock->sk;
1187 struct qrtr_sock *ipc;
1188
1189 if (!sk)
1190 return 0;
1191
1192 lock_sock(sk);
1193
1194 ipc = qrtr_sk(sk);
1195 sk->sk_shutdown = SHUTDOWN_MASK;
1196 if (!sock_flag(sk, SOCK_DEAD))
1197 sk->sk_state_change(sk);
1198
1199 sock_set_flag(sk, SOCK_DEAD);
1200 sock_orphan(sk);
1201 sock->sk = NULL;
1202
1203 if (!sock_flag(sk, SOCK_ZAPPED))
1204 qrtr_port_remove(ipc);
1205
1206 skb_queue_purge(&sk->sk_receive_queue);
1207
1208 release_sock(sk);
1209 sock_put(sk);
1210
1211 return 0;
1212 }
1213
1214 static const struct proto_ops qrtr_proto_ops = {
1215 .owner = THIS_MODULE,
1216 .family = AF_QIPCRTR,
1217 .bind = qrtr_bind,
1218 .connect = qrtr_connect,
1219 .socketpair = sock_no_socketpair,
1220 .accept = sock_no_accept,
1221 .listen = sock_no_listen,
1222 .sendmsg = qrtr_sendmsg,
1223 .recvmsg = qrtr_recvmsg,
1224 .getname = qrtr_getname,
1225 .ioctl = qrtr_ioctl,
1226 .gettstamp = sock_gettstamp,
1227 .poll = datagram_poll,
1228 .shutdown = sock_no_shutdown,
1229 .release = qrtr_release,
1230 .mmap = sock_no_mmap,
1231 .sendpage = sock_no_sendpage,
1232 };
1233
1234 static struct proto qrtr_proto = {
1235 .name = "QIPCRTR",
1236 .owner = THIS_MODULE,
1237 .obj_size = sizeof(struct qrtr_sock),
1238 };
1239
qrtr_create(struct net * net,struct socket * sock,int protocol,int kern)1240 static int qrtr_create(struct net *net, struct socket *sock,
1241 int protocol, int kern)
1242 {
1243 struct qrtr_sock *ipc;
1244 struct sock *sk;
1245
1246 if (sock->type != SOCK_DGRAM)
1247 return -EPROTOTYPE;
1248
1249 sk = sk_alloc(net, AF_QIPCRTR, GFP_KERNEL, &qrtr_proto, kern);
1250 if (!sk)
1251 return -ENOMEM;
1252
1253 sock_set_flag(sk, SOCK_ZAPPED);
1254
1255 sock_init_data(sock, sk);
1256 sock->ops = &qrtr_proto_ops;
1257
1258 ipc = qrtr_sk(sk);
1259 ipc->us.sq_family = AF_QIPCRTR;
1260 ipc->us.sq_node = qrtr_local_nid;
1261 ipc->us.sq_port = 0;
1262
1263 return 0;
1264 }
1265
1266 static const struct net_proto_family qrtr_family = {
1267 .owner = THIS_MODULE,
1268 .family = AF_QIPCRTR,
1269 .create = qrtr_create,
1270 };
1271
qrtr_proto_init(void)1272 static int __init qrtr_proto_init(void)
1273 {
1274 int rc;
1275
1276 rc = proto_register(&qrtr_proto, 1);
1277 if (rc)
1278 return rc;
1279
1280 rc = sock_register(&qrtr_family);
1281 if (rc) {
1282 proto_unregister(&qrtr_proto);
1283 return rc;
1284 }
1285
1286 qrtr_ns_init();
1287
1288 return rc;
1289 }
1290 postcore_initcall(qrtr_proto_init);
1291
qrtr_proto_fini(void)1292 static void __exit qrtr_proto_fini(void)
1293 {
1294 qrtr_ns_remove();
1295 sock_unregister(qrtr_family.family);
1296 proto_unregister(&qrtr_proto);
1297 }
1298 module_exit(qrtr_proto_fini);
1299
1300 MODULE_DESCRIPTION("Qualcomm IPC-router driver");
1301 MODULE_LICENSE("GPL v2");
1302 MODULE_ALIAS_NETPROTO(PF_QIPCRTR);
1303