1
/*
2
 * Copyright (C) ST-Ericsson AB 2010
3
 * Author:	Sjur Brendeland [email protected]
4
 * License terms: GNU General Public License (GPL) version 2
5
 */
6

7
#define pr_fmt(fmt) KBUILD_MODNAME ":%s(): " fmt, __func__
8

9
#include <linux/fs.h>
10
#include <linux/init.h>
11
#include <linux/module.h>
12
#include <linux/sched.h>
13
#include <linux/spinlock.h>
14
#include <linux/mutex.h>
15
#include <linux/list.h>
16
#include <linux/wait.h>
17
#include <linux/poll.h>
18
#include <linux/tcp.h>
19
#include <linux/uaccess.h>
20
#include <linux/debugfs.h>
21
#include <linux/caif/caif_socket.h>
22
#include <linux/atomic.h>
23
#include <net/sock.h>
24
#include <net/tcp_states.h>
25
#include <net/caif/caif_layer.h>
26
#include <net/caif/caif_dev.h>
27
#include <net/caif/cfpkt.h>
28

29
MODULE_LICENSE("GPL");
30
MODULE_ALIAS_NETPROTO(AF_CAIF);
31

32
/*
33
 * CAIF state is re-using the TCP socket states.
34
 * caif_states stored in sk_state reflect the state as reported by
35
 * the CAIF stack, while sk_socket->state is the state of the socket.
36
 */
37
enum caif_states {
38
	CAIF_CONNECTED		= TCP_ESTABLISHED,
39
	CAIF_CONNECTING	= TCP_SYN_SENT,
40
	CAIF_DISCONNECTED	= TCP_CLOSE
41
};
42

43
#define TX_FLOW_ON_BIT	1
44
#define RX_FLOW_ON_BIT	2
45

46
static struct dentry *debugfsdir;
47

48
#ifdef CONFIG_DEBUG_FS
49
struct debug_fs_counter {
50
	atomic_t caif_nr_socks;
51
	atomic_t caif_sock_create;
52
	atomic_t num_connect_req;
53
	atomic_t num_connect_resp;
54
	atomic_t num_connect_fail_resp;
55
	atomic_t num_disconnect;
56
	atomic_t num_remote_shutdown_ind;
57
	atomic_t num_tx_flow_off_ind;
58
	atomic_t num_tx_flow_on_ind;
59
	atomic_t num_rx_flow_off;
60
	atomic_t num_rx_flow_on;
61
};
62
static struct debug_fs_counter cnt;
63
#define	dbfs_atomic_inc(v) atomic_inc_return(v)
64
#define	dbfs_atomic_dec(v) atomic_dec_return(v)
65
#else
66
#define	dbfs_atomic_inc(v) 0
67
#define	dbfs_atomic_dec(v) 0
68
#endif
69

70
struct caifsock {
71
	struct sock sk; /* must be first member */
72
	struct cflayer layer;
73
	char name[CAIF_LAYER_NAME_SZ]; /* Used for debugging */
74
	u32 flow_state;
75
	struct caif_connect_request conn_req;
76
	struct mutex readlock;
77
	struct dentry *debugfs_socket_dir;
78
	int headroom, tailroom, maxframe;
79
};
80

81
static int rx_flow_is_on(struct caifsock *cf_sk)
82
{
83
	return test_bit(RX_FLOW_ON_BIT,
84
			(void *) &cf_sk->flow_state);
85
}
86

87
static int tx_flow_is_on(struct caifsock *cf_sk)
88
{
89
	return test_bit(TX_FLOW_ON_BIT,
90
			(void *) &cf_sk->flow_state);
91
}
92

93
static void set_rx_flow_off(struct caifsock *cf_sk)
94
{
95
	 clear_bit(RX_FLOW_ON_BIT,
96
		 (void *) &cf_sk->flow_state);
97
}
98

99
static void set_rx_flow_on(struct caifsock *cf_sk)
100
{
101
	 set_bit(RX_FLOW_ON_BIT,
102
			(void *) &cf_sk->flow_state);
103
}
104

105
static void set_tx_flow_off(struct caifsock *cf_sk)
106
{
107
	 clear_bit(TX_FLOW_ON_BIT,
108
		(void *) &cf_sk->flow_state);
109
}
110

111
static void set_tx_flow_on(struct caifsock *cf_sk)
112
{
113
	 set_bit(TX_FLOW_ON_BIT,
114
		(void *) &cf_sk->flow_state);
115
}
116

117
static void caif_read_lock(struct sock *sk)
118
{
119
	struct caifsock *cf_sk;
120
	cf_sk = container_of(sk, struct caifsock, sk);
121
	mutex_lock(&cf_sk->readlock);
122
}
123

124
static void caif_read_unlock(struct sock *sk)
125
{
126
	struct caifsock *cf_sk;
127
	cf_sk = container_of(sk, struct caifsock, sk);
128
	mutex_unlock(&cf_sk->readlock);
129
}
130

131
static int sk_rcvbuf_lowwater(struct caifsock *cf_sk)
132
{
133
	/* A quarter of full buffer is used a low water mark */
134
	return cf_sk->sk.sk_rcvbuf / 4;
135
}
136

137
static void caif_flow_ctrl(struct sock *sk, int mode)
138
{
139
	struct caifsock *cf_sk;
140
	cf_sk = container_of(sk, struct caifsock, sk);
141
	if (cf_sk->layer.dn && cf_sk->layer.dn->modemcmd)
142
		cf_sk->layer.dn->modemcmd(cf_sk->layer.dn, mode);
143
}
144

145
/*
146
 * Copied from sock.c:sock_queue_rcv_skb(), but changed so packets are
147
 * not dropped, but CAIF is sending flow off instead.
148
 */
149
static int caif_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
150
{
151
	int err;
152
	int skb_len;
153
	unsigned long flags;
154
	struct sk_buff_head *list = &sk->sk_receive_queue;
155
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
156

157
	if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
158
		(unsigned)sk->sk_rcvbuf && rx_flow_is_on(cf_sk)) {
159
		if (net_ratelimit())
160
			pr_debug("sending flow OFF (queue len = %d %d)\n",
161
					atomic_read(&cf_sk->sk.sk_rmem_alloc),
162
					sk_rcvbuf_lowwater(cf_sk));
163
		set_rx_flow_off(cf_sk);
164
		dbfs_atomic_inc(&cnt.num_rx_flow_off);
165
		caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_OFF_REQ);
166
	}
167

168
	err = sk_filter(sk, skb);
169
	if (err)
170
		return err;
171
	if (!sk_rmem_schedule(sk, skb->truesize) && rx_flow_is_on(cf_sk)) {
172
		set_rx_flow_off(cf_sk);
173
		if (net_ratelimit())
174
			pr_debug("sending flow OFF due to rmem_schedule\n");
175
		dbfs_atomic_inc(&cnt.num_rx_flow_off);
176
		caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_OFF_REQ);
177
	}
178
	skb->dev = NULL;
179
	skb_set_owner_r(skb, sk);
180
	/* Cache the SKB length before we tack it onto the receive
181
	 * queue. Once it is added it no longer belongs to us and
182
	 * may be freed by other threads of control pulling packets
183
	 * from the queue.
184
	 */
185
	skb_len = skb->len;
186
	spin_lock_irqsave(&list->lock, flags);
187
	if (!sock_flag(sk, SOCK_DEAD))
188
		__skb_queue_tail(list, skb);
189
	spin_unlock_irqrestore(&list->lock, flags);
190

191
	if (!sock_flag(sk, SOCK_DEAD))
192
		sk->sk_data_ready(sk, skb_len);
193
	else
194
		kfree_skb(skb);
195
	return 0;
196
}
197

198
/* Packet Receive Callback function called from CAIF Stack */
199
static int caif_sktrecv_cb(struct cflayer *layr, struct cfpkt *pkt)
200
{
201
	struct caifsock *cf_sk;
202
	struct sk_buff *skb;
203

204
	cf_sk = container_of(layr, struct caifsock, layer);
205
	skb = cfpkt_tonative(pkt);
206

207
	if (unlikely(cf_sk->sk.sk_state != CAIF_CONNECTED)) {
208
		kfree_skb(skb);
209
		return 0;
210
	}
211
	caif_queue_rcv_skb(&cf_sk->sk, skb);
212
	return 0;
213
}
214

215
static void cfsk_hold(struct cflayer *layr)
216
{
217
	struct caifsock *cf_sk = container_of(layr, struct caifsock, layer);
218
	sock_hold(&cf_sk->sk);
219
}
220

221
static void cfsk_put(struct cflayer *layr)
222
{
223
	struct caifsock *cf_sk = container_of(layr, struct caifsock, layer);
224
	sock_put(&cf_sk->sk);
225
}
226

227
/* Packet Control Callback function called from CAIF */
228
static void caif_ctrl_cb(struct cflayer *layr,
229
				enum caif_ctrlcmd flow,
230
				int phyid)
231
{
232
	struct caifsock *cf_sk = container_of(layr, struct caifsock, layer);
233
	switch (flow) {
234
	case CAIF_CTRLCMD_FLOW_ON_IND:
235
		/* OK from modem to start sending again */
236
		dbfs_atomic_inc(&cnt.num_tx_flow_on_ind);
237
		set_tx_flow_on(cf_sk);
238
		cf_sk->sk.sk_state_change(&cf_sk->sk);
239
		break;
240

241
	case CAIF_CTRLCMD_FLOW_OFF_IND:
242
		/* Modem asks us to shut up */
243
		dbfs_atomic_inc(&cnt.num_tx_flow_off_ind);
244
		set_tx_flow_off(cf_sk);
245
		cf_sk->sk.sk_state_change(&cf_sk->sk);
246
		break;
247

248
	case CAIF_CTRLCMD_INIT_RSP:
249
		/* We're now connected */
250
		caif_client_register_refcnt(&cf_sk->layer,
251
						cfsk_hold, cfsk_put);
252
		dbfs_atomic_inc(&cnt.num_connect_resp);
253
		cf_sk->sk.sk_state = CAIF_CONNECTED;
254
		set_tx_flow_on(cf_sk);
255
		cf_sk->sk.sk_state_change(&cf_sk->sk);
256
		break;
257

258
	case CAIF_CTRLCMD_DEINIT_RSP:
259
		/* We're now disconnected */
260
		cf_sk->sk.sk_state = CAIF_DISCONNECTED;
261
		cf_sk->sk.sk_state_change(&cf_sk->sk);
262
		break;
263

264
	case CAIF_CTRLCMD_INIT_FAIL_RSP:
265
		/* Connect request failed */
266
		dbfs_atomic_inc(&cnt.num_connect_fail_resp);
267
		cf_sk->sk.sk_err = ECONNREFUSED;
268
		cf_sk->sk.sk_state = CAIF_DISCONNECTED;
269
		cf_sk->sk.sk_shutdown = SHUTDOWN_MASK;
270
		/*
271
		 * Socket "standards" seems to require POLLOUT to
272
		 * be set at connect failure.
273
		 */
274
		set_tx_flow_on(cf_sk);
275
		cf_sk->sk.sk_state_change(&cf_sk->sk);
276
		break;
277

278
	case CAIF_CTRLCMD_REMOTE_SHUTDOWN_IND:
279
		/* Modem has closed this connection, or device is down. */
280
		dbfs_atomic_inc(&cnt.num_remote_shutdown_ind);
281
		cf_sk->sk.sk_shutdown = SHUTDOWN_MASK;
282
		cf_sk->sk.sk_err = ECONNRESET;
283
		set_rx_flow_on(cf_sk);
284
		cf_sk->sk.sk_error_report(&cf_sk->sk);
285
		break;
286

287
	default:
288
		pr_debug("Unexpected flow command %d\n", flow);
289
	}
290
}
291

292
static void caif_check_flow_release(struct sock *sk)
293
{
294
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
295

296
	if (rx_flow_is_on(cf_sk))
297
		return;
298

299
	if (atomic_read(&sk->sk_rmem_alloc) <= sk_rcvbuf_lowwater(cf_sk)) {
300
			dbfs_atomic_inc(&cnt.num_rx_flow_on);
301
			set_rx_flow_on(cf_sk);
302
			caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ);
303
	}
304
}
305

306
/*
307
 * Copied from unix_dgram_recvmsg, but removed credit checks,
308
 * changed locking, address handling and added MSG_TRUNC.
309
 */
310
static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
311
				struct msghdr *m, size_t len, int flags)
312

313
{
314
	struct sock *sk = sock->sk;
315
	struct sk_buff *skb;
316
	int ret;
317
	int copylen;
318

319
	ret = -EOPNOTSUPP;
320
	if (m->msg_flags&MSG_OOB)
321
		goto read_error;
322

323
	skb = skb_recv_datagram(sk, flags, 0 , &ret);
324
	if (!skb)
325
		goto read_error;
326
	copylen = skb->len;
327
	if (len < copylen) {
328
		m->msg_flags |= MSG_TRUNC;
329
		copylen = len;
330
	}
331

332
	ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen);
333
	if (ret)
334
		goto out_free;
335

336
	ret = (flags & MSG_TRUNC) ? skb->len : copylen;
337
out_free:
338
	skb_free_datagram(sk, skb);
339
	caif_check_flow_release(sk);
340
	return ret;
341

342
read_error:
343
	return ret;
344
}
345

346

347
/* Copied from unix_stream_wait_data, identical except for lock call. */
348
static long caif_stream_data_wait(struct sock *sk, long timeo)
349
{
350
	DEFINE_WAIT(wait);
351
	lock_sock(sk);
352

353
	for (;;) {
354
		prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
355

356
		if (!skb_queue_empty(&sk->sk_receive_queue) ||
357
			sk->sk_err ||
358
			sk->sk_state != CAIF_CONNECTED ||
359
			sock_flag(sk, SOCK_DEAD) ||
360
			(sk->sk_shutdown & RCV_SHUTDOWN) ||
361
			signal_pending(current) ||
362
			!timeo)
363
			break;
364

365
		set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
366
		release_sock(sk);
367
		timeo = schedule_timeout(timeo);
368
		lock_sock(sk);
369
		clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
370
	}
371

372
	finish_wait(sk_sleep(sk), &wait);
373
	release_sock(sk);
374
	return timeo;
375
}
376

377

378
/*
379
 * Copied from unix_stream_recvmsg, but removed credit checks,
380
 * changed locking calls, changed address handling.
381
 */
382
static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
383
				struct msghdr *msg, size_t size,
384
				int flags)
385
{
386
	struct sock *sk = sock->sk;
387
	int copied = 0;
388
	int target;
389
	int err = 0;
390
	long timeo;
391

392
	err = -EOPNOTSUPP;
393
	if (flags&MSG_OOB)
394
		goto out;
395

396
	msg->msg_namelen = 0;
397

398
	/*
399
	 * Lock the socket to prevent queue disordering
400
	 * while sleeps in memcpy_tomsg
401
	 */
402
	err = -EAGAIN;
403
	if (sk->sk_state == CAIF_CONNECTING)
404
		goto out;
405

406
	caif_read_lock(sk);
407
	target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
408
	timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
409

410
	do {
411
		int chunk;
412
		struct sk_buff *skb;
413

414
		lock_sock(sk);
415
		skb = skb_dequeue(&sk->sk_receive_queue);
416
		caif_check_flow_release(sk);
417

418
		if (skb == NULL) {
419
			if (copied >= target)
420
				goto unlock;
421
			/*
422
			 *	POSIX 1003.1g mandates this order.
423
			 */
424
			err = sock_error(sk);
425
			if (err)
426
				goto unlock;
427
			err = -ECONNRESET;
428
			if (sk->sk_shutdown & RCV_SHUTDOWN)
429
				goto unlock;
430

431
			err = -EPIPE;
432
			if (sk->sk_state != CAIF_CONNECTED)
433
				goto unlock;
434
			if (sock_flag(sk, SOCK_DEAD))
435
				goto unlock;
436

437
			release_sock(sk);
438

439
			err = -EAGAIN;
440
			if (!timeo)
441
				break;
442

443
			caif_read_unlock(sk);
444

445
			timeo = caif_stream_data_wait(sk, timeo);
446

447
			if (signal_pending(current)) {
448
				err = sock_intr_errno(timeo);
449
				goto out;
450
			}
451
			caif_read_lock(sk);
452
			continue;
453
unlock:
454
			release_sock(sk);
455
			break;
456
		}
457
		release_sock(sk);
458
		chunk = min_t(unsigned int, skb->len, size);
459
		if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) {
460
			skb_queue_head(&sk->sk_receive_queue, skb);
461
			if (copied == 0)
462
				copied = -EFAULT;
463
			break;
464
		}
465
		copied += chunk;
466
		size -= chunk;
467

468
		/* Mark read part of skb as used */
469
		if (!(flags & MSG_PEEK)) {
470
			skb_pull(skb, chunk);
471

472
			/* put the skb back if we didn't use it up. */
473
			if (skb->len) {
474
				skb_queue_head(&sk->sk_receive_queue, skb);
475
				break;
476
			}
477
			kfree_skb(skb);
478

479
		} else {
480
			/*
481
			 * It is questionable, see note in unix_dgram_recvmsg.
482
			 */
483
			/* put message back and return */
484
			skb_queue_head(&sk->sk_receive_queue, skb);
485
			break;
486
		}
487
	} while (size);
488
	caif_read_unlock(sk);
489

490
out:
491
	return copied ? : err;
492
}
493

494
/*
495
 * Copied from sock.c:sock_wait_for_wmem, but change to wait for
496
 * CAIF flow-on and sock_writable.
497
 */
498
static long caif_wait_for_flow_on(struct caifsock *cf_sk,
499
				int wait_writeable, long timeo, int *err)
500
{
501
	struct sock *sk = &cf_sk->sk;
502
	DEFINE_WAIT(wait);
503
	for (;;) {
504
		*err = 0;
505
		if (tx_flow_is_on(cf_sk) &&
506
			(!wait_writeable || sock_writeable(&cf_sk->sk)))
507
			break;
508
		*err = -ETIMEDOUT;
509
		if (!timeo)
510
			break;
511
		*err = -ERESTARTSYS;
512
		if (signal_pending(current))
513
			break;
514
		prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
515
		*err = -ECONNRESET;
516
		if (sk->sk_shutdown & SHUTDOWN_MASK)
517
			break;
518
		*err = -sk->sk_err;
519
		if (sk->sk_err)
520
			break;
521
		*err = -EPIPE;
522
		if (cf_sk->sk.sk_state != CAIF_CONNECTED)
523
			break;
524
		timeo = schedule_timeout(timeo);
525
	}
526
	finish_wait(sk_sleep(sk), &wait);
527
	return timeo;
528
}
529

530
/*
531
 * Transmit a SKB. The device may temporarily request re-transmission
532
 * by returning EAGAIN.
533
 */
534
static int transmit_skb(struct sk_buff *skb, struct caifsock *cf_sk,
535
			int noblock, long timeo)
536
{
537
	struct cfpkt *pkt;
538

539
	pkt = cfpkt_fromnative(CAIF_DIR_OUT, skb);
540
	memset(skb->cb, 0, sizeof(struct caif_payload_info));
541

542
	if (cf_sk->layer.dn == NULL)
543
		return -EINVAL;
544

545
	return cf_sk->layer.dn->transmit(cf_sk->layer.dn, pkt);
546
}
547

548
/* Copied from af_unix:unix_dgram_sendmsg, and adapted to CAIF */
549
static int caif_seqpkt_sendmsg(struct kiocb *kiocb, struct socket *sock,
550
			struct msghdr *msg, size_t len)
551
{
552
	struct sock *sk = sock->sk;
553
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
554
	int buffer_size;
555
	int ret = 0;
556
	struct sk_buff *skb = NULL;
557
	int noblock;
558
	long timeo;
559
	caif_assert(cf_sk);
560
	ret = sock_error(sk);
561
	if (ret)
562
		goto err;
563

564
	ret = -EOPNOTSUPP;
565
	if (msg->msg_flags&MSG_OOB)
566
		goto err;
567

568
	ret = -EOPNOTSUPP;
569
	if (msg->msg_namelen)
570
		goto err;
571

572
	ret = -EINVAL;
573
	if (unlikely(msg->msg_iov->iov_base == NULL))
574
		goto err;
575
	noblock = msg->msg_flags & MSG_DONTWAIT;
576

577
	timeo = sock_sndtimeo(sk, noblock);
578
	timeo = caif_wait_for_flow_on(container_of(sk, struct caifsock, sk),
579
				1, timeo, &ret);
580

581
	if (ret)
582
		goto err;
583
	ret = -EPIPE;
584
	if (cf_sk->sk.sk_state != CAIF_CONNECTED ||
585
		sock_flag(sk, SOCK_DEAD) ||
586
		(sk->sk_shutdown & RCV_SHUTDOWN))
587
		goto err;
588

589
	/* Error if trying to write more than maximum frame size. */
590
	ret = -EMSGSIZE;
591
	if (len > cf_sk->maxframe && cf_sk->sk.sk_protocol != CAIFPROTO_RFM)
592
		goto err;
593

594
	buffer_size = len + cf_sk->headroom + cf_sk->tailroom;
595

596
	ret = -ENOMEM;
597
	skb = sock_alloc_send_skb(sk, buffer_size, noblock, &ret);
598

599
	if (!skb || skb_tailroom(skb) < buffer_size)
600
		goto err;
601

602
	skb_reserve(skb, cf_sk->headroom);
603

604
	ret = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
605

606
	if (ret)
607
		goto err;
608
	ret = transmit_skb(skb, cf_sk, noblock, timeo);
609
	if (ret < 0)
610
		/* skb is already freed */
611
		return ret;
612

613
	return len;
614
err:
615
	kfree_skb(skb);
616
	return ret;
617
}
618

619
/*
620
 * Copied from unix_stream_sendmsg and adapted to CAIF:
621
 * Changed removed permission handling and added waiting for flow on
622
 * and other minor adaptations.
623
 */
624
static int caif_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
625
				struct msghdr *msg, size_t len)
626
{
627
	struct sock *sk = sock->sk;
628
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
629
	int err, size;
630
	struct sk_buff *skb;
631
	int sent = 0;
632
	long timeo;
633

634
	err = -EOPNOTSUPP;
635
	if (unlikely(msg->msg_flags&MSG_OOB))
636
		goto out_err;
637

638
	if (unlikely(msg->msg_namelen))
639
		goto out_err;
640

641
	timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
642
	timeo = caif_wait_for_flow_on(cf_sk, 1, timeo, &err);
643

644
	if (unlikely(sk->sk_shutdown & SEND_SHUTDOWN))
645
		goto pipe_err;
646

647
	while (sent < len) {
648

649
		size = len-sent;
650

651
		if (size > cf_sk->maxframe)
652
			size = cf_sk->maxframe;
653

654
		/* If size is more than half of sndbuf, chop up message */
655
		if (size > ((sk->sk_sndbuf >> 1) - 64))
656
			size = (sk->sk_sndbuf >> 1) - 64;
657

658
		if (size > SKB_MAX_ALLOC)
659
			size = SKB_MAX_ALLOC;
660

661
		skb = sock_alloc_send_skb(sk,
662
					size + cf_sk->headroom +
663
					cf_sk->tailroom,
664
					msg->msg_flags&MSG_DONTWAIT,
665
					&err);
666
		if (skb == NULL)
667
			goto out_err;
668

669
		skb_reserve(skb, cf_sk->headroom);
670
		/*
671
		 *	If you pass two values to the sock_alloc_send_skb
672
		 *	it tries to grab the large buffer with GFP_NOFS
673
		 *	(which can fail easily), and if it fails grab the
674
		 *	fallback size buffer which is under a page and will
675
		 *	succeed. [Alan]
676
		 */
677
		size = min_t(int, size, skb_tailroom(skb));
678

679
		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
680
		if (err) {
681
			kfree_skb(skb);
682
			goto out_err;
683
		}
684
		err = transmit_skb(skb, cf_sk,
685
				msg->msg_flags&MSG_DONTWAIT, timeo);
686
		if (err < 0) {
687
			kfree_skb(skb);
688
			goto pipe_err;
689
		}
690
		sent += size;
691
	}
692

693
	return sent;
694

695
pipe_err:
696
	if (sent == 0 && !(msg->msg_flags&MSG_NOSIGNAL))
697
		send_sig(SIGPIPE, current, 0);
698
	err = -EPIPE;
699
out_err:
700
	return sent ? : err;
701
}
702

703
static int setsockopt(struct socket *sock,
704
			int lvl, int opt, char __user *ov, unsigned int ol)
705
{
706
	struct sock *sk = sock->sk;
707
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
708
	int linksel;
709

710
	if (cf_sk->sk.sk_socket->state != SS_UNCONNECTED)
711
		return -ENOPROTOOPT;
712

713
	switch (opt) {
714
	case CAIFSO_LINK_SELECT:
715
		if (ol < sizeof(int))
716
			return -EINVAL;
717
		if (lvl != SOL_CAIF)
718
			goto bad_sol;
719
		if (copy_from_user(&linksel, ov, sizeof(int)))
720
			return -EINVAL;
721
		lock_sock(&(cf_sk->sk));
722
		cf_sk->conn_req.link_selector = linksel;
723
		release_sock(&cf_sk->sk);
724
		return 0;
725

726
	case CAIFSO_REQ_PARAM:
727
		if (lvl != SOL_CAIF)
728
			goto bad_sol;
729
		if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL)
730
			return -ENOPROTOOPT;
731
		lock_sock(&(cf_sk->sk));
732
		if (ol > sizeof(cf_sk->conn_req.param.data) ||
733
			copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {
734
			release_sock(&cf_sk->sk);
735
			return -EINVAL;
736
		}
737
		cf_sk->conn_req.param.size = ol;
738
		release_sock(&cf_sk->sk);
739
		return 0;
740

741
	default:
742
		return -ENOPROTOOPT;
743
	}
744

745
	return 0;
746
bad_sol:
747
	return -ENOPROTOOPT;
748

749
}
750

751
/*
752
 * caif_connect() - Connect a CAIF Socket
753
 * Copied and modified af_irda.c:irda_connect().
754
 *
755
 * Note : by consulting "errno", the user space caller may learn the cause
756
 * of the failure. Most of them are visible in the function, others may come
757
 * from subroutines called and are listed here :
758
 *  o -EAFNOSUPPORT: bad socket family or type.
759
 *  o -ESOCKTNOSUPPORT: bad socket type or protocol
760
 *  o -EINVAL: bad socket address, or CAIF link type
761
 *  o -ECONNREFUSED: remote end refused the connection.
762
 *  o -EINPROGRESS: connect request sent but timed out (or non-blocking)
763
 *  o -EISCONN: already connected.
764
 *  o -ETIMEDOUT: Connection timed out (send timeout)
765
 *  o -ENODEV: No link layer to send request
766
 *  o -ECONNRESET: Received Shutdown indication or lost link layer
767
 *  o -ENOMEM: Out of memory
768
 *
769
 *  State Strategy:
770
 *  o sk_state: holds the CAIF_* protocol state, it's updated by
771
 *	caif_ctrl_cb.
772
 *  o sock->state: holds the SS_* socket state and is updated by connect and
773
 *	disconnect.
774
 */
775
static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
776
			int addr_len, int flags)
777
{
778
	struct sock *sk = sock->sk;
779
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
780
	long timeo;
781
	int err;
782
	int ifindex, headroom, tailroom;
783
	unsigned int mtu;
784
	struct net_device *dev;
785

786
	lock_sock(sk);
787

788
	err = -EAFNOSUPPORT;
789
	if (uaddr->sa_family != AF_CAIF)
790
		goto out;
791

792
	switch (sock->state) {
793
	case SS_UNCONNECTED:
794
		/* Normal case, a fresh connect */
795
		caif_assert(sk->sk_state == CAIF_DISCONNECTED);
796
		break;
797
	case SS_CONNECTING:
798
		switch (sk->sk_state) {
799
		case CAIF_CONNECTED:
800
			sock->state = SS_CONNECTED;
801
			err = -EISCONN;
802
			goto out;
803
		case CAIF_DISCONNECTED:
804
			/* Reconnect allowed */
805
			break;
806
		case CAIF_CONNECTING:
807
			err = -EALREADY;
808
			if (flags & O_NONBLOCK)
809
				goto out;
810
			goto wait_connect;
811
		}
812
		break;
813
	case SS_CONNECTED:
814
		caif_assert(sk->sk_state == CAIF_CONNECTED ||
815
				sk->sk_state == CAIF_DISCONNECTED);
816
		if (sk->sk_shutdown & SHUTDOWN_MASK) {
817
			/* Allow re-connect after SHUTDOWN_IND */
818
			caif_disconnect_client(sock_net(sk), &cf_sk->layer);
819
			caif_free_client(&cf_sk->layer);
820
			break;
821
		}
822
		/* No reconnect on a seqpacket socket */
823
		err = -EISCONN;
824
		goto out;
825
	case SS_DISCONNECTING:
826
	case SS_FREE:
827
		caif_assert(1); /*Should never happen */
828
		break;
829
	}
830
	sk->sk_state = CAIF_DISCONNECTED;
831
	sock->state = SS_UNCONNECTED;
832
	sk_stream_kill_queues(&cf_sk->sk);
833

834
	err = -EINVAL;
835
	if (addr_len != sizeof(struct sockaddr_caif))
836
		goto out;
837

838
	memcpy(&cf_sk->conn_req.sockaddr, uaddr,
839
		sizeof(struct sockaddr_caif));
840

841
	/* Move to connecting socket, start sending Connect Requests */
842
	sock->state = SS_CONNECTING;
843
	sk->sk_state = CAIF_CONNECTING;
844

845
	/* Check priority value comming from socket */
846
	/* if priority value is out of range it will be ajusted */
847
	if (cf_sk->sk.sk_priority > CAIF_PRIO_MAX)
848
		cf_sk->conn_req.priority = CAIF_PRIO_MAX;
849
	else if (cf_sk->sk.sk_priority < CAIF_PRIO_MIN)
850
		cf_sk->conn_req.priority = CAIF_PRIO_MIN;
851
	else
852
		cf_sk->conn_req.priority = cf_sk->sk.sk_priority;
853

854
	/*ifindex = id of the interface.*/
855
	cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if;
856

857
	dbfs_atomic_inc(&cnt.num_connect_req);
858
	cf_sk->layer.receive = caif_sktrecv_cb;
859

860
	err = caif_connect_client(sock_net(sk), &cf_sk->conn_req,
861
				&cf_sk->layer, &ifindex, &headroom, &tailroom);
862

863
	if (err < 0) {
864
		cf_sk->sk.sk_socket->state = SS_UNCONNECTED;
865
		cf_sk->sk.sk_state = CAIF_DISCONNECTED;
866
		goto out;
867
	}
868

869
	err = -ENODEV;
870
	rcu_read_lock();
871
	dev = dev_get_by_index_rcu(sock_net(sk), ifindex);
872
	if (!dev) {
873
		rcu_read_unlock();
874
		goto out;
875
	}
876
	cf_sk->headroom = LL_RESERVED_SPACE_EXTRA(dev, headroom);
877
	mtu = dev->mtu;
878
	rcu_read_unlock();
879

880
	cf_sk->tailroom = tailroom;
881
	cf_sk->maxframe = mtu - (headroom + tailroom);
882
	if (cf_sk->maxframe < 1) {
883
		pr_warn("CAIF Interface MTU too small (%d)\n", dev->mtu);
884
		err = -ENODEV;
885
		goto out;
886
	}
887

888
	err = -EINPROGRESS;
889
wait_connect:
890

891
	if (sk->sk_state != CAIF_CONNECTED && (flags & O_NONBLOCK))
892
		goto out;
893

894
	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
895

896
	release_sock(sk);
897
	err = -ERESTARTSYS;
898
	timeo = wait_event_interruptible_timeout(*sk_sleep(sk),
899
			sk->sk_state != CAIF_CONNECTING,
900
			timeo);
901
	lock_sock(sk);
902
	if (timeo < 0)
903
		goto out; /* -ERESTARTSYS */
904

905
	err = -ETIMEDOUT;
906
	if (timeo == 0 && sk->sk_state != CAIF_CONNECTED)
907
		goto out;
908
	if (sk->sk_state != CAIF_CONNECTED) {
909
		sock->state = SS_UNCONNECTED;
910
		err = sock_error(sk);
911
		if (!err)
912
			err = -ECONNREFUSED;
913
		goto out;
914
	}
915
	sock->state = SS_CONNECTED;
916
	err = 0;
917
out:
918
	release_sock(sk);
919
	return err;
920
}
921

922
/*
923
 * caif_release() - Disconnect a CAIF Socket
924
 * Copied and modified af_irda.c:irda_release().
925
 */
926
static int caif_release(struct socket *sock)
927
{
928
	struct sock *sk = sock->sk;
929
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
930

931
	if (!sk)
932
		return 0;
933

934
	set_tx_flow_off(cf_sk);
935

936
	/*
937
	 * Ensure that packets are not queued after this point in time.
938
	 * caif_queue_rcv_skb checks SOCK_DEAD holding the queue lock,
939
	 * this ensures no packets when sock is dead.
940
	 */
941
	spin_lock_bh(&sk->sk_receive_queue.lock);
942
	sock_set_flag(sk, SOCK_DEAD);
943
	spin_unlock_bh(&sk->sk_receive_queue.lock);
944
	sock->sk = NULL;
945

946
	dbfs_atomic_inc(&cnt.num_disconnect);
947

948
	WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir));
949
	if (cf_sk->debugfs_socket_dir != NULL)
950
		debugfs_remove_recursive(cf_sk->debugfs_socket_dir);
951

952
	lock_sock(&(cf_sk->sk));
953
	sk->sk_state = CAIF_DISCONNECTED;
954
	sk->sk_shutdown = SHUTDOWN_MASK;
955

956
	caif_disconnect_client(sock_net(sk), &cf_sk->layer);
957
	cf_sk->sk.sk_socket->state = SS_DISCONNECTING;
958
	wake_up_interruptible_poll(sk_sleep(sk), POLLERR|POLLHUP);
959

960
	sock_orphan(sk);
961
	sk_stream_kill_queues(&cf_sk->sk);
962
	release_sock(sk);
963
	sock_put(sk);
964
	return 0;
965
}
966

967
/* Copied from af_unix.c:unix_poll(), added CAIF tx_flow handling */
968
static unsigned int caif_poll(struct file *file,
969
				struct socket *sock, poll_table *wait)
970
{
971
	struct sock *sk = sock->sk;
972
	unsigned int mask;
973
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
974

975
	sock_poll_wait(file, sk_sleep(sk), wait);
976
	mask = 0;
977

978
	/* exceptional events? */
979
	if (sk->sk_err)
980
		mask |= POLLERR;
981
	if (sk->sk_shutdown == SHUTDOWN_MASK)
982
		mask |= POLLHUP;
983
	if (sk->sk_shutdown & RCV_SHUTDOWN)
984
		mask |= POLLRDHUP;
985

986
	/* readable? */
987
	if (!skb_queue_empty(&sk->sk_receive_queue) ||
988
		(sk->sk_shutdown & RCV_SHUTDOWN))
989
		mask |= POLLIN | POLLRDNORM;
990

991
	/*
992
	 * we set writable also when the other side has shut down the
993
	 * connection. This prevents stuck sockets.
994
	 */
995
	if (sock_writeable(sk) && tx_flow_is_on(cf_sk))
996
		mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
997

998
	return mask;
999
}
1000

1001
static const struct proto_ops caif_seqpacket_ops = {
1002
	.family = PF_CAIF,
1003
	.owner = THIS_MODULE,
1004
	.release = caif_release,
1005
	.bind = sock_no_bind,
1006
	.connect = caif_connect,
1007
	.socketpair = sock_no_socketpair,
1008
	.accept = sock_no_accept,
1009
	.getname = sock_no_getname,
1010
	.poll = caif_poll,
1011
	.ioctl = sock_no_ioctl,
1012
	.listen = sock_no_listen,
1013
	.shutdown = sock_no_shutdown,
1014
	.setsockopt = setsockopt,
1015
	.getsockopt = sock_no_getsockopt,
1016
	.sendmsg = caif_seqpkt_sendmsg,
1017
	.recvmsg = caif_seqpkt_recvmsg,
1018
	.mmap = sock_no_mmap,
1019
	.sendpage = sock_no_sendpage,
1020
};
1021

1022
static const struct proto_ops caif_stream_ops = {
1023
	.family = PF_CAIF,
1024
	.owner = THIS_MODULE,
1025
	.release = caif_release,
1026
	.bind = sock_no_bind,
1027
	.connect = caif_connect,
1028
	.socketpair = sock_no_socketpair,
1029
	.accept = sock_no_accept,
1030
	.getname = sock_no_getname,
1031
	.poll = caif_poll,
1032
	.ioctl = sock_no_ioctl,
1033
	.listen = sock_no_listen,
1034
	.shutdown = sock_no_shutdown,
1035
	.setsockopt = setsockopt,
1036
	.getsockopt = sock_no_getsockopt,
1037
	.sendmsg = caif_stream_sendmsg,
1038
	.recvmsg = caif_stream_recvmsg,
1039
	.mmap = sock_no_mmap,
1040
	.sendpage = sock_no_sendpage,
1041
};
1042

1043
/* This function is called when a socket is finally destroyed. */
1044
static void caif_sock_destructor(struct sock *sk)
1045
{
1046
	struct caifsock *cf_sk = container_of(sk, struct caifsock, sk);
1047
	caif_assert(!atomic_read(&sk->sk_wmem_alloc));
1048
	caif_assert(sk_unhashed(sk));
1049
	caif_assert(!sk->sk_socket);
1050
	if (!sock_flag(sk, SOCK_DEAD)) {
1051
		pr_debug("Attempt to release alive CAIF socket: %p\n", sk);
1052
		return;
1053
	}
1054
	sk_stream_kill_queues(&cf_sk->sk);
1055
	dbfs_atomic_dec(&cnt.caif_nr_socks);
1056
	caif_free_client(&cf_sk->layer);
1057
}
1058

1059
static int caif_create(struct net *net, struct socket *sock, int protocol,
1060
			int kern)
1061
{
1062
	int num;
1063
	struct sock *sk = NULL;
1064
	struct caifsock *cf_sk = NULL;
1065
	static struct proto prot = {.name = "PF_CAIF",
1066
		.owner = THIS_MODULE,
1067
		.obj_size = sizeof(struct caifsock),
1068
	};
1069

1070
	if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN))
1071
		return -EPERM;
1072
	/*
1073
	 * The sock->type specifies the socket type to use.
1074
	 * The CAIF socket is a packet stream in the sense
1075
	 * that it is packet based. CAIF trusts the reliability
1076
	 * of the link, no resending is implemented.
1077
	 */
1078
	if (sock->type == SOCK_SEQPACKET)
1079
		sock->ops = &caif_seqpacket_ops;
1080
	else if (sock->type == SOCK_STREAM)
1081
		sock->ops = &caif_stream_ops;
1082
	else
1083
		return -ESOCKTNOSUPPORT;
1084

1085
	if (protocol < 0 || protocol >= CAIFPROTO_MAX)
1086
		return -EPROTONOSUPPORT;
1087
	/*
1088
	 * Set the socket state to unconnected.	 The socket state
1089
	 * is really not used at all in the net/core or socket.c but the
1090
	 * initialization makes sure that sock->state is not uninitialized.
1091
	 */
1092
	sk = sk_alloc(net, PF_CAIF, GFP_KERNEL, &prot);
1093
	if (!sk)
1094
		return -ENOMEM;
1095

1096
	cf_sk = container_of(sk, struct caifsock, sk);
1097

1098
	/* Store the protocol */
1099
	sk->sk_protocol = (unsigned char) protocol;
1100

1101
	/*
1102
	 * Lock in order to try to stop someone from opening the socket
1103
	 * too early.
1104
	 */
1105
	lock_sock(&(cf_sk->sk));
1106

1107
	/* Initialize the nozero default sock structure data. */
1108
	sock_init_data(sock, sk);
1109
	sk->sk_destruct = caif_sock_destructor;
1110

1111
	mutex_init(&cf_sk->readlock); /* single task reading lock */
1112
	cf_sk->layer.ctrlcmd = caif_ctrl_cb;
1113
	cf_sk->sk.sk_socket->state = SS_UNCONNECTED;
1114
	cf_sk->sk.sk_state = CAIF_DISCONNECTED;
1115

1116
	set_tx_flow_off(cf_sk);
1117
	set_rx_flow_on(cf_sk);
1118

1119
	/* Set default options on configuration */
1120
	cf_sk->sk.sk_priority = CAIF_PRIO_NORMAL;
1121
	cf_sk->conn_req.link_selector = CAIF_LINK_LOW_LATENCY;
1122
	cf_sk->conn_req.protocol = protocol;
1123
	/* Increase the number of sockets created. */
1124
	dbfs_atomic_inc(&cnt.caif_nr_socks);
1125
	num = dbfs_atomic_inc(&cnt.caif_sock_create);
1126
#ifdef CONFIG_DEBUG_FS
1127
	if (!IS_ERR(debugfsdir)) {
1128

1129
		/* Fill in some information concerning the misc socket. */
1130
		snprintf(cf_sk->name, sizeof(cf_sk->name), "cfsk%d", num);
1131

1132
		cf_sk->debugfs_socket_dir =
1133
			debugfs_create_dir(cf_sk->name, debugfsdir);
1134

1135
		debugfs_create_u32("sk_state", S_IRUSR | S_IWUSR,
1136
				cf_sk->debugfs_socket_dir,
1137
				(u32 *) &cf_sk->sk.sk_state);
1138
		debugfs_create_u32("flow_state", S_IRUSR | S_IWUSR,
1139
				cf_sk->debugfs_socket_dir, &cf_sk->flow_state);
1140
		debugfs_create_u32("sk_rmem_alloc", S_IRUSR | S_IWUSR,
1141
				cf_sk->debugfs_socket_dir,
1142
				(u32 *) &cf_sk->sk.sk_rmem_alloc);
1143
		debugfs_create_u32("sk_wmem_alloc", S_IRUSR | S_IWUSR,
1144
				cf_sk->debugfs_socket_dir,
1145
				(u32 *) &cf_sk->sk.sk_wmem_alloc);
1146
		debugfs_create_u32("identity", S_IRUSR | S_IWUSR,
1147
				cf_sk->debugfs_socket_dir,
1148
				(u32 *) &cf_sk->layer.id);
1149
	}
1150
#endif
1151
	release_sock(&cf_sk->sk);
1152
	return 0;
1153
}
1154

1155

1156
static struct net_proto_family caif_family_ops = {
1157
	.family = PF_CAIF,
1158
	.create = caif_create,
1159
	.owner = THIS_MODULE,
1160
};
1161

1162
static int af_caif_init(void)
1163
{
1164
	int err = sock_register(&caif_family_ops);
1165
	if (!err)
1166
		return err;
1167
	return 0;
1168
}
1169

1170
static int __init caif_sktinit_module(void)
1171
{
1172
#ifdef CONFIG_DEBUG_FS
1173
	debugfsdir = debugfs_create_dir("caif_sk", NULL);
1174
	if (!IS_ERR(debugfsdir)) {
1175
		debugfs_create_u32("num_sockets", S_IRUSR | S_IWUSR,
1176
				debugfsdir,
1177
				(u32 *) &cnt.caif_nr_socks);
1178
		debugfs_create_u32("num_create", S_IRUSR | S_IWUSR,
1179
				debugfsdir,
1180
				(u32 *) &cnt.caif_sock_create);
1181
		debugfs_create_u32("num_connect_req", S_IRUSR | S_IWUSR,
1182
				debugfsdir,
1183
				(u32 *) &cnt.num_connect_req);
1184
		debugfs_create_u32("num_connect_resp", S_IRUSR | S_IWUSR,
1185
				debugfsdir,
1186
				(u32 *) &cnt.num_connect_resp);
1187
		debugfs_create_u32("num_connect_fail_resp", S_IRUSR | S_IWUSR,
1188
				debugfsdir,
1189
				(u32 *) &cnt.num_connect_fail_resp);
1190
		debugfs_create_u32("num_disconnect", S_IRUSR | S_IWUSR,
1191
				debugfsdir,
1192
				(u32 *) &cnt.num_disconnect);
1193
		debugfs_create_u32("num_remote_shutdown_ind",
1194
				S_IRUSR | S_IWUSR, debugfsdir,
1195
				(u32 *) &cnt.num_remote_shutdown_ind);
1196
		debugfs_create_u32("num_tx_flow_off_ind", S_IRUSR | S_IWUSR,
1197
				debugfsdir,
1198
				(u32 *) &cnt.num_tx_flow_off_ind);
1199
		debugfs_create_u32("num_tx_flow_on_ind", S_IRUSR | S_IWUSR,
1200
				debugfsdir,
1201
				(u32 *) &cnt.num_tx_flow_on_ind);
1202
		debugfs_create_u32("num_rx_flow_off", S_IRUSR | S_IWUSR,
1203
				debugfsdir,
1204
				(u32 *) &cnt.num_rx_flow_off);
1205
		debugfs_create_u32("num_rx_flow_on", S_IRUSR | S_IWUSR,
1206
				debugfsdir,
1207
				(u32 *) &cnt.num_rx_flow_on);
1208
	}
1209
#endif
1210
	return af_caif_init();
1211
}
1212

1213
static void __exit caif_sktexit_module(void)
1214
{
1215
	sock_unregister(PF_CAIF);
1216
	if (debugfsdir != NULL)
1217
		debugfs_remove_recursive(debugfsdir);
1218
}
1219
module_init(caif_sktinit_module);
1220
module_exit(caif_sktexit_module);
1221

1222