1 // SPDX-License-Identifier: GPL-2.0
2 /* ATM ioctl handling */
3
4 /* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */
5 /* 2003 John Levon <levon@movementarian.org> */
6
7 #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
8
9 #include <linux/module.h>
10 #include <linux/kmod.h>
11 #include <linux/net.h> /* struct socket, struct proto_ops */
12 #include <linux/atm.h> /* ATM stuff */
13 #include <linux/atmdev.h>
14 #include <linux/atmclip.h> /* CLIP_*ENCAP */
15 #include <linux/atmarp.h> /* manifest constants */
16 #include <linux/capability.h>
17 #include <linux/sonet.h> /* for ioctls */
18 #include <linux/atmsvc.h>
19 #include <linux/atmmpc.h>
20 #include <net/atmclip.h>
21 #include <linux/atmlec.h>
22 #include <linux/mutex.h>
23 #include <asm/ioctls.h>
24 #include <net/compat.h>
25
26 #include "resources.h"
27 #include "signaling.h" /* for WAITING and sigd_attach */
28 #include "common.h"
29
30
31 static DEFINE_MUTEX(ioctl_mutex);
32 static LIST_HEAD(ioctl_list);
33
34
register_atm_ioctl(struct atm_ioctl * ioctl)35 void register_atm_ioctl(struct atm_ioctl *ioctl)
36 {
37 mutex_lock(&ioctl_mutex);
38 list_add_tail(&ioctl->list, &ioctl_list);
39 mutex_unlock(&ioctl_mutex);
40 }
41 EXPORT_SYMBOL(register_atm_ioctl);
42
deregister_atm_ioctl(struct atm_ioctl * ioctl)43 void deregister_atm_ioctl(struct atm_ioctl *ioctl)
44 {
45 mutex_lock(&ioctl_mutex);
46 list_del(&ioctl->list);
47 mutex_unlock(&ioctl_mutex);
48 }
49 EXPORT_SYMBOL(deregister_atm_ioctl);
50
do_vcc_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg,int compat)51 static int do_vcc_ioctl(struct socket *sock, unsigned int cmd,
52 unsigned long arg, int compat)
53 {
54 struct sock *sk = sock->sk;
55 struct atm_vcc *vcc;
56 int error;
57 struct list_head *pos;
58 void __user *argp = (void __user *)arg;
59
60 vcc = ATM_SD(sock);
61 switch (cmd) {
62 case SIOCOUTQ:
63 if (sock->state != SS_CONNECTED ||
64 !test_bit(ATM_VF_READY, &vcc->flags)) {
65 error = -EINVAL;
66 goto done;
67 }
68 error = put_user(sk->sk_sndbuf - sk_wmem_alloc_get(sk),
69 (int __user *)argp) ? -EFAULT : 0;
70 goto done;
71 case SIOCINQ:
72 {
73 struct sk_buff *skb;
74 int amount;
75
76 if (sock->state != SS_CONNECTED) {
77 error = -EINVAL;
78 goto done;
79 }
80 spin_lock_irq(&sk->sk_receive_queue.lock);
81 skb = skb_peek(&sk->sk_receive_queue);
82 amount = skb ? skb->len : 0;
83 spin_unlock_irq(&sk->sk_receive_queue.lock);
84 error = put_user(amount, (int __user *)argp) ? -EFAULT : 0;
85 goto done;
86 }
87 case ATM_SETSC:
88 net_warn_ratelimited("ATM_SETSC is obsolete; used by %s:%d\n",
89 current->comm, task_pid_nr(current));
90 error = 0;
91 goto done;
92 case ATMSIGD_CTRL:
93 if (!capable(CAP_NET_ADMIN)) {
94 error = -EPERM;
95 goto done;
96 }
97 /*
98 * The user/kernel protocol for exchanging signalling
99 * info uses kernel pointers as opaque references,
100 * so the holder of the file descriptor can scribble
101 * on the kernel... so we should make sure that we
102 * have the same privileges that /proc/kcore needs
103 */
104 if (!capable(CAP_SYS_RAWIO)) {
105 error = -EPERM;
106 goto done;
107 }
108 #ifdef CONFIG_COMPAT
109 /* WTF? I don't even want to _think_ about making this
110 work for 32-bit userspace. TBH I don't really want
111 to think about it at all. dwmw2. */
112 if (compat) {
113 net_warn_ratelimited("32-bit task cannot be atmsigd\n");
114 error = -EINVAL;
115 goto done;
116 }
117 #endif
118 error = sigd_attach(vcc);
119 if (!error)
120 sock->state = SS_CONNECTED;
121 goto done;
122 case ATM_SETBACKEND:
123 case ATM_NEWBACKENDIF:
124 {
125 atm_backend_t backend;
126 error = get_user(backend, (atm_backend_t __user *)argp);
127 if (error)
128 goto done;
129 switch (backend) {
130 case ATM_BACKEND_PPP:
131 request_module("pppoatm");
132 break;
133 case ATM_BACKEND_BR2684:
134 request_module("br2684");
135 break;
136 }
137 break;
138 }
139 case ATMMPC_CTRL:
140 case ATMMPC_DATA:
141 request_module("mpoa");
142 break;
143 case ATMARPD_CTRL:
144 request_module("clip");
145 break;
146 case ATMLEC_CTRL:
147 request_module("lec");
148 break;
149 }
150
151 error = -ENOIOCTLCMD;
152
153 mutex_lock(&ioctl_mutex);
154 list_for_each(pos, &ioctl_list) {
155 struct atm_ioctl *ic = list_entry(pos, struct atm_ioctl, list);
156 if (try_module_get(ic->owner)) {
157 error = ic->ioctl(sock, cmd, arg);
158 module_put(ic->owner);
159 if (error != -ENOIOCTLCMD)
160 break;
161 }
162 }
163 mutex_unlock(&ioctl_mutex);
164
165 if (error != -ENOIOCTLCMD)
166 goto done;
167
168 error = atm_dev_ioctl(cmd, argp, compat);
169
170 done:
171 return error;
172 }
173
vcc_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)174 int vcc_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
175 {
176 return do_vcc_ioctl(sock, cmd, arg, 0);
177 }
178
179 #ifdef CONFIG_COMPAT
180 /*
181 * FIXME:
182 * The compat_ioctl handling is duplicated, using both these conversion
183 * routines and the compat argument to the actual handlers. Both
184 * versions are somewhat incomplete and should be merged, e.g. by
185 * moving the ioctl number translation into the actual handlers and
186 * killing the conversion code.
187 *
188 * -arnd, November 2009
189 */
190 #define ATM_GETLINKRATE32 _IOW('a', ATMIOC_ITF+1, struct compat_atmif_sioc)
191 #define ATM_GETNAMES32 _IOW('a', ATMIOC_ITF+3, struct compat_atm_iobuf)
192 #define ATM_GETTYPE32 _IOW('a', ATMIOC_ITF+4, struct compat_atmif_sioc)
193 #define ATM_GETESI32 _IOW('a', ATMIOC_ITF+5, struct compat_atmif_sioc)
194 #define ATM_GETADDR32 _IOW('a', ATMIOC_ITF+6, struct compat_atmif_sioc)
195 #define ATM_RSTADDR32 _IOW('a', ATMIOC_ITF+7, struct compat_atmif_sioc)
196 #define ATM_ADDADDR32 _IOW('a', ATMIOC_ITF+8, struct compat_atmif_sioc)
197 #define ATM_DELADDR32 _IOW('a', ATMIOC_ITF+9, struct compat_atmif_sioc)
198 #define ATM_GETCIRANGE32 _IOW('a', ATMIOC_ITF+10, struct compat_atmif_sioc)
199 #define ATM_SETCIRANGE32 _IOW('a', ATMIOC_ITF+11, struct compat_atmif_sioc)
200 #define ATM_SETESI32 _IOW('a', ATMIOC_ITF+12, struct compat_atmif_sioc)
201 #define ATM_SETESIF32 _IOW('a', ATMIOC_ITF+13, struct compat_atmif_sioc)
202 #define ATM_GETSTAT32 _IOW('a', ATMIOC_SARCOM+0, struct compat_atmif_sioc)
203 #define ATM_GETSTATZ32 _IOW('a', ATMIOC_SARCOM+1, struct compat_atmif_sioc)
204 #define ATM_GETLOOP32 _IOW('a', ATMIOC_SARCOM+2, struct compat_atmif_sioc)
205 #define ATM_SETLOOP32 _IOW('a', ATMIOC_SARCOM+3, struct compat_atmif_sioc)
206 #define ATM_QUERYLOOP32 _IOW('a', ATMIOC_SARCOM+4, struct compat_atmif_sioc)
207
208 static struct {
209 unsigned int cmd32;
210 unsigned int cmd;
211 } atm_ioctl_map[] = {
212 { ATM_GETLINKRATE32, ATM_GETLINKRATE },
213 { ATM_GETNAMES32, ATM_GETNAMES },
214 { ATM_GETTYPE32, ATM_GETTYPE },
215 { ATM_GETESI32, ATM_GETESI },
216 { ATM_GETADDR32, ATM_GETADDR },
217 { ATM_RSTADDR32, ATM_RSTADDR },
218 { ATM_ADDADDR32, ATM_ADDADDR },
219 { ATM_DELADDR32, ATM_DELADDR },
220 { ATM_GETCIRANGE32, ATM_GETCIRANGE },
221 { ATM_SETCIRANGE32, ATM_SETCIRANGE },
222 { ATM_SETESI32, ATM_SETESI },
223 { ATM_SETESIF32, ATM_SETESIF },
224 { ATM_GETSTAT32, ATM_GETSTAT },
225 { ATM_GETSTATZ32, ATM_GETSTATZ },
226 { ATM_GETLOOP32, ATM_GETLOOP },
227 { ATM_SETLOOP32, ATM_SETLOOP },
228 { ATM_QUERYLOOP32, ATM_QUERYLOOP },
229 };
230
231 #define NR_ATM_IOCTL ARRAY_SIZE(atm_ioctl_map)
232
do_atm_iobuf(struct socket * sock,unsigned int cmd,unsigned long arg)233 static int do_atm_iobuf(struct socket *sock, unsigned int cmd,
234 unsigned long arg)
235 {
236 struct atm_iobuf __user *iobuf;
237 struct compat_atm_iobuf __user *iobuf32;
238 u32 data;
239 void __user *datap;
240 int len, err;
241
242 iobuf = compat_alloc_user_space(sizeof(*iobuf));
243 iobuf32 = compat_ptr(arg);
244
245 if (get_user(len, &iobuf32->length) ||
246 get_user(data, &iobuf32->buffer))
247 return -EFAULT;
248 datap = compat_ptr(data);
249 if (put_user(len, &iobuf->length) ||
250 put_user(datap, &iobuf->buffer))
251 return -EFAULT;
252
253 err = do_vcc_ioctl(sock, cmd, (unsigned long) iobuf, 0);
254
255 if (!err) {
256 if (copy_in_user(&iobuf32->length, &iobuf->length,
257 sizeof(int)))
258 err = -EFAULT;
259 }
260
261 return err;
262 }
263
do_atmif_sioc(struct socket * sock,unsigned int cmd,unsigned long arg)264 static int do_atmif_sioc(struct socket *sock, unsigned int cmd,
265 unsigned long arg)
266 {
267 struct atmif_sioc __user *sioc;
268 struct compat_atmif_sioc __user *sioc32;
269 u32 data;
270 void __user *datap;
271 int err;
272
273 sioc = compat_alloc_user_space(sizeof(*sioc));
274 sioc32 = compat_ptr(arg);
275
276 if (copy_in_user(&sioc->number, &sioc32->number, 2 * sizeof(int)) ||
277 get_user(data, &sioc32->arg))
278 return -EFAULT;
279 datap = compat_ptr(data);
280 if (put_user(datap, &sioc->arg))
281 return -EFAULT;
282
283 err = do_vcc_ioctl(sock, cmd, (unsigned long) sioc, 0);
284
285 if (!err) {
286 if (copy_in_user(&sioc32->length, &sioc->length,
287 sizeof(int)))
288 err = -EFAULT;
289 }
290 return err;
291 }
292
do_atm_ioctl(struct socket * sock,unsigned int cmd32,unsigned long arg)293 static int do_atm_ioctl(struct socket *sock, unsigned int cmd32,
294 unsigned long arg)
295 {
296 int i;
297 unsigned int cmd = 0;
298
299 switch (cmd32) {
300 case SONET_GETSTAT:
301 case SONET_GETSTATZ:
302 case SONET_GETDIAG:
303 case SONET_SETDIAG:
304 case SONET_CLRDIAG:
305 case SONET_SETFRAMING:
306 case SONET_GETFRAMING:
307 case SONET_GETFRSENSE:
308 return do_atmif_sioc(sock, cmd32, arg);
309 }
310
311 for (i = 0; i < NR_ATM_IOCTL; i++) {
312 if (cmd32 == atm_ioctl_map[i].cmd32) {
313 cmd = atm_ioctl_map[i].cmd;
314 break;
315 }
316 }
317 if (i == NR_ATM_IOCTL)
318 return -EINVAL;
319
320 switch (cmd) {
321 case ATM_GETNAMES:
322 return do_atm_iobuf(sock, cmd, arg);
323
324 case ATM_GETLINKRATE:
325 case ATM_GETTYPE:
326 case ATM_GETESI:
327 case ATM_GETADDR:
328 case ATM_RSTADDR:
329 case ATM_ADDADDR:
330 case ATM_DELADDR:
331 case ATM_GETCIRANGE:
332 case ATM_SETCIRANGE:
333 case ATM_SETESI:
334 case ATM_SETESIF:
335 case ATM_GETSTAT:
336 case ATM_GETSTATZ:
337 case ATM_GETLOOP:
338 case ATM_SETLOOP:
339 case ATM_QUERYLOOP:
340 return do_atmif_sioc(sock, cmd, arg);
341 }
342
343 return -EINVAL;
344 }
345
vcc_compat_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)346 int vcc_compat_ioctl(struct socket *sock, unsigned int cmd,
347 unsigned long arg)
348 {
349 int ret;
350
351 ret = do_vcc_ioctl(sock, cmd, arg, 1);
352 if (ret != -ENOIOCTLCMD)
353 return ret;
354
355 return do_atm_ioctl(sock, cmd, arg);
356 }
357 #endif
358