1
// SPDX-License-Identifier: GPL-2.0
2
// Copyright (c) 2010-2011 EIA Electronics,
3
//                         Pieter Beyens <[email protected]>
4
// Copyright (c) 2010-2011 EIA Electronics,
5
//                         Kurt Van Dijck <[email protected]>
6
// Copyright (c) 2018 Protonic,
7
//                         Robin van der Gracht <[email protected]>
8
// Copyright (c) 2017-2019 Pengutronix,
9
//                         Marc Kleine-Budde <[email protected]>
10
// Copyright (c) 2017-2019 Pengutronix,
11
//                         Oleksij Rempel <[email protected]>
12

13
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14

15
#include <linux/can/can-ml.h>
16
#include <linux/can/core.h>
17
#include <linux/can/skb.h>
18
#include <linux/errqueue.h>
19
#include <linux/if_arp.h>
20

21
#include "j1939-priv.h"
22

23
#define J1939_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_addr.j1939)
24

25
/* conversion function between struct sock::sk_priority from linux and
26
 * j1939 priority field
27
 */
28
static inline priority_t j1939_prio(u32 sk_priority)
29
{
30
	sk_priority = min(sk_priority, 7U);
31

32
	return 7 - sk_priority;
33
}
34

35
static inline u32 j1939_to_sk_priority(priority_t prio)
36
{
37
	return 7 - prio;
38
}
39

40
/* function to see if pgn is to be evaluated */
41
static inline bool j1939_pgn_is_valid(pgn_t pgn)
42
{
43
	return pgn <= J1939_PGN_MAX;
44
}
45

46
/* test function to avoid non-zero DA placeholder for pdu1 pgn's */
47
static inline bool j1939_pgn_is_clean_pdu(pgn_t pgn)
48
{
49
	if (j1939_pgn_is_pdu1(pgn))
50
		return !(pgn & 0xff);
51
	else
52
		return true;
53
}
54

55
static inline void j1939_sock_pending_add(struct sock *sk)
56
{
57
	struct j1939_sock *jsk = j1939_sk(sk);
58

59
	atomic_inc(&jsk->skb_pending);
60
}
61

62
static int j1939_sock_pending_get(struct sock *sk)
63
{
64
	struct j1939_sock *jsk = j1939_sk(sk);
65

66
	return atomic_read(&jsk->skb_pending);
67
}
68

69
void j1939_sock_pending_del(struct sock *sk)
70
{
71
	struct j1939_sock *jsk = j1939_sk(sk);
72

73
	/* atomic_dec_return returns the new value */
74
	if (!atomic_dec_return(&jsk->skb_pending))
75
		wake_up(&jsk->waitq);	/* no pending SKB's */
76
}
77

78
static void j1939_jsk_add(struct j1939_priv *priv, struct j1939_sock *jsk)
79
{
80
	jsk->state |= J1939_SOCK_BOUND;
81
	j1939_priv_get(priv);
82

83
	write_lock_bh(&priv->j1939_socks_lock);
84
	list_add_tail(&jsk->list, &priv->j1939_socks);
85
	write_unlock_bh(&priv->j1939_socks_lock);
86
}
87

88
static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk)
89
{
90
	write_lock_bh(&priv->j1939_socks_lock);
91
	list_del_init(&jsk->list);
92
	write_unlock_bh(&priv->j1939_socks_lock);
93

94
	j1939_priv_put(priv);
95
	jsk->state &= ~J1939_SOCK_BOUND;
96
}
97

98
static bool j1939_sk_queue_session(struct j1939_session *session)
99
{
100
	struct j1939_sock *jsk = j1939_sk(session->sk);
101
	bool empty;
102

103
	spin_lock_bh(&jsk->sk_session_queue_lock);
104
	empty = list_empty(&jsk->sk_session_queue);
105
	j1939_session_get(session);
106
	list_add_tail(&session->sk_session_queue_entry, &jsk->sk_session_queue);
107
	spin_unlock_bh(&jsk->sk_session_queue_lock);
108
	j1939_sock_pending_add(&jsk->sk);
109

110
	return empty;
111
}
112

113
static struct
114
j1939_session *j1939_sk_get_incomplete_session(struct j1939_sock *jsk)
115
{
116
	struct j1939_session *session = NULL;
117

118
	spin_lock_bh(&jsk->sk_session_queue_lock);
119
	if (!list_empty(&jsk->sk_session_queue)) {
120
		session = list_last_entry(&jsk->sk_session_queue,
121
					  struct j1939_session,
122
					  sk_session_queue_entry);
123
		if (session->total_queued_size == session->total_message_size)
124
			session = NULL;
125
		else
126
			j1939_session_get(session);
127
	}
128
	spin_unlock_bh(&jsk->sk_session_queue_lock);
129

130
	return session;
131
}
132

133
static void j1939_sk_queue_drop_all(struct j1939_priv *priv,
134
				    struct j1939_sock *jsk, int err)
135
{
136
	struct j1939_session *session, *tmp;
137

138
	netdev_dbg(priv->ndev, "%s: err: %i\n", __func__, err);
139
	spin_lock_bh(&jsk->sk_session_queue_lock);
140
	list_for_each_entry_safe(session, tmp, &jsk->sk_session_queue,
141
				 sk_session_queue_entry) {
142
		list_del_init(&session->sk_session_queue_entry);
143
		session->err = err;
144
		j1939_session_put(session);
145
	}
146
	spin_unlock_bh(&jsk->sk_session_queue_lock);
147
}
148

149
static void j1939_sk_queue_activate_next_locked(struct j1939_session *session)
150
{
151
	struct j1939_sock *jsk;
152
	struct j1939_session *first;
153
	int err;
154

155
	/* RX-Session don't have a socket (yet) */
156
	if (!session->sk)
157
		return;
158

159
	jsk = j1939_sk(session->sk);
160
	lockdep_assert_held(&jsk->sk_session_queue_lock);
161

162
	err = session->err;
163

164
	first = list_first_entry_or_null(&jsk->sk_session_queue,
165
					 struct j1939_session,
166
					 sk_session_queue_entry);
167

168
	/* Some else has already activated the next session */
169
	if (first != session)
170
		return;
171

172
activate_next:
173
	list_del_init(&first->sk_session_queue_entry);
174
	j1939_session_put(first);
175
	first = list_first_entry_or_null(&jsk->sk_session_queue,
176
					 struct j1939_session,
177
					 sk_session_queue_entry);
178
	if (!first)
179
		return;
180

181
	if (j1939_session_activate(first)) {
182
		netdev_warn_once(first->priv->ndev,
183
				 "%s: 0x%p: Identical session is already activated.\n",
184
				 __func__, first);
185
		first->err = -EBUSY;
186
		goto activate_next;
187
	} else {
188
		/* Give receiver some time (arbitrary chosen) to recover */
189
		int time_ms = 0;
190

191
		if (err)
192
			time_ms = 10 + get_random_u32_below(16);
193

194
		j1939_tp_schedule_txtimer(first, time_ms);
195
	}
196
}
197

198
void j1939_sk_queue_activate_next(struct j1939_session *session)
199
{
200
	struct j1939_sock *jsk;
201

202
	if (!session->sk)
203
		return;
204

205
	jsk = j1939_sk(session->sk);
206

207
	spin_lock_bh(&jsk->sk_session_queue_lock);
208
	j1939_sk_queue_activate_next_locked(session);
209
	spin_unlock_bh(&jsk->sk_session_queue_lock);
210
}
211

212
static bool j1939_sk_match_dst(struct j1939_sock *jsk,
213
			       const struct j1939_sk_buff_cb *skcb)
214
{
215
	if ((jsk->state & J1939_SOCK_PROMISC))
216
		return true;
217

218
	/* Destination address filter */
219
	if (jsk->addr.src_name && skcb->addr.dst_name) {
220
		if (jsk->addr.src_name != skcb->addr.dst_name)
221
			return false;
222
	} else {
223
		/* receive (all sockets) if
224
		 * - all packages that match our bind() address
225
		 * - all broadcast on a socket if SO_BROADCAST
226
		 *   is set
227
		 */
228
		if (j1939_address_is_unicast(skcb->addr.da)) {
229
			if (jsk->addr.sa != skcb->addr.da)
230
				return false;
231
		} else if (!sock_flag(&jsk->sk, SOCK_BROADCAST)) {
232
			/* receiving broadcast without SO_BROADCAST
233
			 * flag is not allowed
234
			 */
235
			return false;
236
		}
237
	}
238

239
	/* Source address filter */
240
	if (jsk->state & J1939_SOCK_CONNECTED) {
241
		/* receive (all sockets) if
242
		 * - all packages that match our connect() name or address
243
		 */
244
		if (jsk->addr.dst_name && skcb->addr.src_name) {
245
			if (jsk->addr.dst_name != skcb->addr.src_name)
246
				return false;
247
		} else {
248
			if (jsk->addr.da != skcb->addr.sa)
249
				return false;
250
		}
251
	}
252

253
	/* PGN filter */
254
	if (j1939_pgn_is_valid(jsk->pgn_rx_filter) &&
255
	    jsk->pgn_rx_filter != skcb->addr.pgn)
256
		return false;
257

258
	return true;
259
}
260

261
/* matches skb control buffer (addr) with a j1939 filter */
262
static bool j1939_sk_match_filter(struct j1939_sock *jsk,
263
				  const struct j1939_sk_buff_cb *skcb)
264
{
265
	const struct j1939_filter *f;
266
	int nfilter;
267

268
	spin_lock_bh(&jsk->filters_lock);
269

270
	f = jsk->filters;
271
	nfilter = jsk->nfilters;
272

273
	if (!nfilter)
274
		/* receive all when no filters are assigned */
275
		goto filter_match_found;
276

277
	for (; nfilter; ++f, --nfilter) {
278
		if ((skcb->addr.pgn & f->pgn_mask) != f->pgn)
279
			continue;
280
		if ((skcb->addr.sa & f->addr_mask) != f->addr)
281
			continue;
282
		if ((skcb->addr.src_name & f->name_mask) != f->name)
283
			continue;
284
		goto filter_match_found;
285
	}
286

287
	spin_unlock_bh(&jsk->filters_lock);
288
	return false;
289

290
filter_match_found:
291
	spin_unlock_bh(&jsk->filters_lock);
292
	return true;
293
}
294

295
static bool j1939_sk_recv_match_one(struct j1939_sock *jsk,
296
				    const struct j1939_sk_buff_cb *skcb)
297
{
298
	if (!(jsk->state & J1939_SOCK_BOUND))
299
		return false;
300

301
	if (!j1939_sk_match_dst(jsk, skcb))
302
		return false;
303

304
	if (!j1939_sk_match_filter(jsk, skcb))
305
		return false;
306

307
	return true;
308
}
309

310
static void j1939_sk_recv_one(struct j1939_sock *jsk, struct sk_buff *oskb)
311
{
312
	const struct j1939_sk_buff_cb *oskcb = j1939_skb_to_cb(oskb);
313
	struct j1939_sk_buff_cb *skcb;
314
	enum skb_drop_reason reason;
315
	struct sk_buff *skb;
316

317
	if (oskb->sk == &jsk->sk)
318
		return;
319

320
	if (!j1939_sk_recv_match_one(jsk, oskcb))
321
		return;
322

323
	skb = skb_clone(oskb, GFP_ATOMIC);
324
	if (!skb) {
325
		pr_warn("skb clone failed\n");
326
		return;
327
	}
328
	can_skb_set_owner(skb, oskb->sk);
329

330
	skcb = j1939_skb_to_cb(skb);
331
	skcb->msg_flags &= ~(MSG_DONTROUTE);
332
	if (skb->sk)
333
		skcb->msg_flags |= MSG_DONTROUTE;
334

335
	if (sock_queue_rcv_skb_reason(&jsk->sk, skb, &reason) < 0)
336
		sk_skb_reason_drop(&jsk->sk, skb, reason);
337
}
338

339
bool j1939_sk_recv_match(struct j1939_priv *priv, struct j1939_sk_buff_cb *skcb)
340
{
341
	struct j1939_sock *jsk;
342
	bool match = false;
343

344
	read_lock_bh(&priv->j1939_socks_lock);
345
	list_for_each_entry(jsk, &priv->j1939_socks, list) {
346
		match = j1939_sk_recv_match_one(jsk, skcb);
347
		if (match)
348
			break;
349
	}
350
	read_unlock_bh(&priv->j1939_socks_lock);
351

352
	return match;
353
}
354

355
void j1939_sk_recv(struct j1939_priv *priv, struct sk_buff *skb)
356
{
357
	struct j1939_sock *jsk;
358

359
	read_lock_bh(&priv->j1939_socks_lock);
360
	list_for_each_entry(jsk, &priv->j1939_socks, list) {
361
		j1939_sk_recv_one(jsk, skb);
362
	}
363
	read_unlock_bh(&priv->j1939_socks_lock);
364
}
365

366
static void j1939_sk_sock_destruct(struct sock *sk)
367
{
368
	struct j1939_sock *jsk = j1939_sk(sk);
369

370
	/* This function will be called by the generic networking code, when
371
	 * the socket is ultimately closed (sk->sk_destruct).
372
	 *
373
	 * The race between
374
	 * - processing a received CAN frame
375
	 *   (can_receive -> j1939_can_recv)
376
	 *   and accessing j1939_priv
377
	 * ... and ...
378
	 * - closing a socket
379
	 *   (j1939_can_rx_unregister -> can_rx_unregister)
380
	 *   and calling the final j1939_priv_put()
381
	 *
382
	 * is avoided by calling the final j1939_priv_put() from this
383
	 * RCU deferred cleanup call.
384
	 */
385
	if (jsk->priv) {
386
		j1939_priv_put(jsk->priv);
387
		jsk->priv = NULL;
388
	}
389

390
	/* call generic CAN sock destruct */
391
	can_sock_destruct(sk);
392
}
393

394
static int j1939_sk_init(struct sock *sk)
395
{
396
	struct j1939_sock *jsk = j1939_sk(sk);
397

398
	/* Ensure that "sk" is first member in "struct j1939_sock", so that we
399
	 * can skip it during memset().
400
	 */
401
	BUILD_BUG_ON(offsetof(struct j1939_sock, sk) != 0);
402
	memset((void *)jsk + sizeof(jsk->sk), 0x0,
403
	       sizeof(*jsk) - sizeof(jsk->sk));
404

405
	INIT_LIST_HEAD(&jsk->list);
406
	init_waitqueue_head(&jsk->waitq);
407
	jsk->sk.sk_priority = j1939_to_sk_priority(6);
408
	jsk->sk.sk_reuse = 1; /* per default */
409
	jsk->addr.sa = J1939_NO_ADDR;
410
	jsk->addr.da = J1939_NO_ADDR;
411
	jsk->addr.pgn = J1939_NO_PGN;
412
	jsk->pgn_rx_filter = J1939_NO_PGN;
413
	atomic_set(&jsk->skb_pending, 0);
414
	spin_lock_init(&jsk->sk_session_queue_lock);
415
	INIT_LIST_HEAD(&jsk->sk_session_queue);
416
	spin_lock_init(&jsk->filters_lock);
417

418
	/* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */
419
	sock_set_flag(sk, SOCK_RCU_FREE);
420
	sk->sk_destruct = j1939_sk_sock_destruct;
421
	sk->sk_protocol = CAN_J1939;
422

423
	return 0;
424
}
425

426
static int j1939_sk_sanity_check(struct sockaddr_can *addr, int len)
427
{
428
	if (!addr)
429
		return -EDESTADDRREQ;
430
	if (len < J1939_MIN_NAMELEN)
431
		return -EINVAL;
432
	if (addr->can_family != AF_CAN)
433
		return -EINVAL;
434
	if (!addr->can_ifindex)
435
		return -ENODEV;
436
	if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
437
	    !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn))
438
		return -EINVAL;
439

440
	return 0;
441
}
442

443
static int j1939_sk_bind(struct socket *sock, struct sockaddr_unsized *uaddr, int len)
444
{
445
	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
446
	struct j1939_sock *jsk = j1939_sk(sock->sk);
447
	struct j1939_priv *priv;
448
	struct sock *sk;
449
	struct net *net;
450
	int ret = 0;
451

452
	ret = j1939_sk_sanity_check(addr, len);
453
	if (ret)
454
		return ret;
455

456
	lock_sock(sock->sk);
457

458
	priv = jsk->priv;
459
	sk = sock->sk;
460
	net = sock_net(sk);
461

462
	/* Already bound to an interface? */
463
	if (jsk->state & J1939_SOCK_BOUND) {
464
		/* A re-bind() to a different interface is not
465
		 * supported.
466
		 */
467
		if (jsk->ifindex != addr->can_ifindex) {
468
			ret = -EINVAL;
469
			goto out_release_sock;
470
		}
471

472
		/* drop old references */
473
		j1939_jsk_del(priv, jsk);
474
		j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
475
	} else {
476
		struct can_ml_priv *can_ml;
477
		struct net_device *ndev;
478

479
		ndev = dev_get_by_index(net, addr->can_ifindex);
480
		if (!ndev) {
481
			ret = -ENODEV;
482
			goto out_release_sock;
483
		}
484

485
		if (ndev->reg_state != NETREG_REGISTERED) {
486
			dev_put(ndev);
487
			ret = -ENODEV;
488
			goto out_release_sock;
489
		}
490

491
		can_ml = can_get_ml_priv(ndev);
492
		if (!can_ml) {
493
			dev_put(ndev);
494
			ret = -ENODEV;
495
			goto out_release_sock;
496
		}
497

498
		if (!(ndev->flags & IFF_UP)) {
499
			dev_put(ndev);
500
			ret = -ENETDOWN;
501
			goto out_release_sock;
502
		}
503

504
		priv = j1939_netdev_start(ndev);
505
		dev_put(ndev);
506
		if (IS_ERR(priv)) {
507
			ret = PTR_ERR(priv);
508
			goto out_release_sock;
509
		}
510

511
		jsk->ifindex = addr->can_ifindex;
512

513
		/* the corresponding j1939_priv_put() is called via
514
		 * sk->sk_destruct, which points to j1939_sk_sock_destruct()
515
		 */
516
		j1939_priv_get(priv);
517
		jsk->priv = priv;
518
	}
519

520
	/* set default transmit pgn */
521
	if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
522
		jsk->pgn_rx_filter = addr->can_addr.j1939.pgn;
523
	jsk->addr.src_name = addr->can_addr.j1939.name;
524
	jsk->addr.sa = addr->can_addr.j1939.addr;
525

526
	/* get new references */
527
	ret = j1939_local_ecu_get(priv, jsk->addr.src_name, jsk->addr.sa);
528
	if (ret) {
529
		j1939_netdev_stop(priv);
530
		jsk->priv = NULL;
531
		synchronize_rcu();
532
		j1939_priv_put(priv);
533
		goto out_release_sock;
534
	}
535

536
	j1939_jsk_add(priv, jsk);
537

538
 out_release_sock: /* fall through */
539
	release_sock(sock->sk);
540

541
	return ret;
542
}
543

544
static int j1939_sk_connect(struct socket *sock, struct sockaddr_unsized *uaddr,
545
			    int len, int flags)
546
{
547
	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
548
	struct j1939_sock *jsk = j1939_sk(sock->sk);
549
	int ret = 0;
550

551
	ret = j1939_sk_sanity_check(addr, len);
552
	if (ret)
553
		return ret;
554

555
	lock_sock(sock->sk);
556

557
	/* bind() before connect() is mandatory */
558
	if (!(jsk->state & J1939_SOCK_BOUND)) {
559
		ret = -EINVAL;
560
		goto out_release_sock;
561
	}
562

563
	/* A connect() to a different interface is not supported. */
564
	if (jsk->ifindex != addr->can_ifindex) {
565
		ret = -EINVAL;
566
		goto out_release_sock;
567
	}
568

569
	if (!addr->can_addr.j1939.name &&
570
	    addr->can_addr.j1939.addr == J1939_NO_ADDR &&
571
	    !sock_flag(&jsk->sk, SOCK_BROADCAST)) {
572
		/* broadcast, but SO_BROADCAST not set */
573
		ret = -EACCES;
574
		goto out_release_sock;
575
	}
576

577
	jsk->addr.dst_name = addr->can_addr.j1939.name;
578
	jsk->addr.da = addr->can_addr.j1939.addr;
579

580
	if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
581
		jsk->addr.pgn = addr->can_addr.j1939.pgn;
582

583
	jsk->state |= J1939_SOCK_CONNECTED;
584

585
 out_release_sock: /* fall through */
586
	release_sock(sock->sk);
587

588
	return ret;
589
}
590

591
static void j1939_sk_sock2sockaddr_can(struct sockaddr_can *addr,
592
				       const struct j1939_sock *jsk, int peer)
593
{
594
	/* There are two holes (2 bytes and 3 bytes) to clear to avoid
595
	 * leaking kernel information to user space.
596
	 */
597
	memset(addr, 0, J1939_MIN_NAMELEN);
598

599
	addr->can_family = AF_CAN;
600
	addr->can_ifindex = jsk->ifindex;
601
	addr->can_addr.j1939.pgn = jsk->addr.pgn;
602
	if (peer) {
603
		addr->can_addr.j1939.name = jsk->addr.dst_name;
604
		addr->can_addr.j1939.addr = jsk->addr.da;
605
	} else {
606
		addr->can_addr.j1939.name = jsk->addr.src_name;
607
		addr->can_addr.j1939.addr = jsk->addr.sa;
608
	}
609
}
610

611
static int j1939_sk_getname(struct socket *sock, struct sockaddr *uaddr,
612
			    int peer)
613
{
614
	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
615
	struct sock *sk = sock->sk;
616
	struct j1939_sock *jsk = j1939_sk(sk);
617
	int ret = 0;
618

619
	lock_sock(sk);
620

621
	if (peer && !(jsk->state & J1939_SOCK_CONNECTED)) {
622
		ret = -EADDRNOTAVAIL;
623
		goto failure;
624
	}
625

626
	j1939_sk_sock2sockaddr_can(addr, jsk, peer);
627
	ret = J1939_MIN_NAMELEN;
628

629
 failure:
630
	release_sock(sk);
631

632
	return ret;
633
}
634

635
static int j1939_sk_release(struct socket *sock)
636
{
637
	struct sock *sk = sock->sk;
638
	struct j1939_sock *jsk;
639

640
	if (!sk)
641
		return 0;
642

643
	lock_sock(sk);
644
	jsk = j1939_sk(sk);
645

646
	if (jsk->state & J1939_SOCK_BOUND) {
647
		struct j1939_priv *priv = jsk->priv;
648

649
		if (wait_event_interruptible(jsk->waitq,
650
					     !j1939_sock_pending_get(&jsk->sk))) {
651
			j1939_cancel_active_session(priv, sk);
652
			j1939_sk_queue_drop_all(priv, jsk, ESHUTDOWN);
653
		}
654

655
		j1939_jsk_del(priv, jsk);
656

657
		j1939_local_ecu_put(priv, jsk->addr.src_name,
658
				    jsk->addr.sa);
659

660
		j1939_netdev_stop(priv);
661
	}
662

663
	kfree(jsk->filters);
664
	sock_orphan(sk);
665
	sock->sk = NULL;
666

667
	release_sock(sk);
668
	sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
669
	sock_put(sk);
670

671
	return 0;
672
}
673

674
static int j1939_sk_setsockopt_flag(struct j1939_sock *jsk, sockptr_t optval,
675
				    unsigned int optlen, int flag)
676
{
677
	int tmp;
678

679
	if (optlen != sizeof(tmp))
680
		return -EINVAL;
681
	if (copy_from_sockptr(&tmp, optval, optlen))
682
		return -EFAULT;
683
	lock_sock(&jsk->sk);
684
	if (tmp)
685
		jsk->state |= flag;
686
	else
687
		jsk->state &= ~flag;
688
	release_sock(&jsk->sk);
689
	return tmp;
690
}
691

692
static int j1939_sk_setsockopt(struct socket *sock, int level, int optname,
693
			       sockptr_t optval, unsigned int optlen)
694
{
695
	struct sock *sk = sock->sk;
696
	struct j1939_sock *jsk = j1939_sk(sk);
697
	int tmp, count = 0, ret = 0;
698
	struct j1939_filter *filters = NULL, *ofilters;
699

700
	if (level != SOL_CAN_J1939)
701
		return -EINVAL;
702

703
	switch (optname) {
704
	case SO_J1939_FILTER:
705
		if (!sockptr_is_null(optval) && optlen != 0) {
706
			struct j1939_filter *f;
707
			int c;
708

709
			if (optlen % sizeof(*filters) != 0)
710
				return -EINVAL;
711

712
			if (optlen > J1939_FILTER_MAX *
713
			    sizeof(struct j1939_filter))
714
				return -EINVAL;
715

716
			count = optlen / sizeof(*filters);
717
			filters = memdup_sockptr(optval, optlen);
718
			if (IS_ERR(filters))
719
				return PTR_ERR(filters);
720

721
			for (f = filters, c = count; c; f++, c--) {
722
				f->name &= f->name_mask;
723
				f->pgn &= f->pgn_mask;
724
				f->addr &= f->addr_mask;
725
			}
726
		}
727

728
		lock_sock(&jsk->sk);
729
		spin_lock_bh(&jsk->filters_lock);
730
		ofilters = jsk->filters;
731
		jsk->filters = filters;
732
		jsk->nfilters = count;
733
		spin_unlock_bh(&jsk->filters_lock);
734
		release_sock(&jsk->sk);
735
		kfree(ofilters);
736
		return 0;
737
	case SO_J1939_PROMISC:
738
		return j1939_sk_setsockopt_flag(jsk, optval, optlen,
739
						J1939_SOCK_PROMISC);
740
	case SO_J1939_ERRQUEUE:
741
		ret = j1939_sk_setsockopt_flag(jsk, optval, optlen,
742
					       J1939_SOCK_ERRQUEUE);
743
		if (ret < 0)
744
			return ret;
745

746
		if (!(jsk->state & J1939_SOCK_ERRQUEUE))
747
			skb_queue_purge(&sk->sk_error_queue);
748
		return ret;
749
	case SO_J1939_SEND_PRIO:
750
		if (optlen != sizeof(tmp))
751
			return -EINVAL;
752
		if (copy_from_sockptr(&tmp, optval, optlen))
753
			return -EFAULT;
754
		if (tmp < 0 || tmp > 7)
755
			return -EDOM;
756
		if (tmp < 2 && !capable(CAP_NET_ADMIN))
757
			return -EPERM;
758
		lock_sock(&jsk->sk);
759
		jsk->sk.sk_priority = j1939_to_sk_priority(tmp);
760
		release_sock(&jsk->sk);
761
		return 0;
762
	default:
763
		return -ENOPROTOOPT;
764
	}
765
}
766

767
static int j1939_sk_getsockopt(struct socket *sock, int level, int optname,
768
			       char __user *optval, int __user *optlen)
769
{
770
	struct sock *sk = sock->sk;
771
	struct j1939_sock *jsk = j1939_sk(sk);
772
	int ret, ulen;
773
	/* set defaults for using 'int' properties */
774
	int tmp = 0;
775
	int len = sizeof(tmp);
776
	void *val = &tmp;
777

778
	if (level != SOL_CAN_J1939)
779
		return -EINVAL;
780
	if (get_user(ulen, optlen))
781
		return -EFAULT;
782
	if (ulen < 0)
783
		return -EINVAL;
784

785
	lock_sock(&jsk->sk);
786
	switch (optname) {
787
	case SO_J1939_PROMISC:
788
		tmp = (jsk->state & J1939_SOCK_PROMISC) ? 1 : 0;
789
		break;
790
	case SO_J1939_ERRQUEUE:
791
		tmp = (jsk->state & J1939_SOCK_ERRQUEUE) ? 1 : 0;
792
		break;
793
	case SO_J1939_SEND_PRIO:
794
		tmp = j1939_prio(jsk->sk.sk_priority);
795
		break;
796
	default:
797
		ret = -ENOPROTOOPT;
798
		goto no_copy;
799
	}
800

801
	/* copy to user, based on 'len' & 'val'
802
	 * but most sockopt's are 'int' properties, and have 'len' & 'val'
803
	 * left unchanged, but instead modified 'tmp'
804
	 */
805
	if (len > ulen)
806
		ret = -EFAULT;
807
	else if (put_user(len, optlen))
808
		ret = -EFAULT;
809
	else if (copy_to_user(optval, val, len))
810
		ret = -EFAULT;
811
	else
812
		ret = 0;
813
 no_copy:
814
	release_sock(&jsk->sk);
815
	return ret;
816
}
817

818
static int j1939_sk_recvmsg(struct socket *sock, struct msghdr *msg,
819
			    size_t size, int flags)
820
{
821
	struct sock *sk = sock->sk;
822
	struct sk_buff *skb;
823
	struct j1939_sk_buff_cb *skcb;
824
	int ret = 0;
825

826
	if (flags & ~(MSG_DONTWAIT | MSG_ERRQUEUE | MSG_CMSG_COMPAT))
827
		return -EINVAL;
828

829
	if (flags & MSG_ERRQUEUE)
830
		return sock_recv_errqueue(sock->sk, msg, size, SOL_CAN_J1939,
831
					  SCM_J1939_ERRQUEUE);
832

833
	skb = skb_recv_datagram(sk, flags, &ret);
834
	if (!skb)
835
		return ret;
836

837
	if (size < skb->len)
838
		msg->msg_flags |= MSG_TRUNC;
839
	else
840
		size = skb->len;
841

842
	ret = memcpy_to_msg(msg, skb->data, size);
843
	if (ret < 0) {
844
		skb_free_datagram(sk, skb);
845
		return ret;
846
	}
847

848
	skcb = j1939_skb_to_cb(skb);
849
	if (j1939_address_is_valid(skcb->addr.da))
850
		put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_ADDR,
851
			 sizeof(skcb->addr.da), &skcb->addr.da);
852

853
	if (skcb->addr.dst_name)
854
		put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_DEST_NAME,
855
			 sizeof(skcb->addr.dst_name), &skcb->addr.dst_name);
856

857
	put_cmsg(msg, SOL_CAN_J1939, SCM_J1939_PRIO,
858
		 sizeof(skcb->priority), &skcb->priority);
859

860
	if (msg->msg_name) {
861
		struct sockaddr_can *paddr = msg->msg_name;
862

863
		msg->msg_namelen = J1939_MIN_NAMELEN;
864
		memset(msg->msg_name, 0, msg->msg_namelen);
865
		paddr->can_family = AF_CAN;
866
		paddr->can_ifindex = skb->skb_iif;
867
		paddr->can_addr.j1939.name = skcb->addr.src_name;
868
		paddr->can_addr.j1939.addr = skcb->addr.sa;
869
		paddr->can_addr.j1939.pgn = skcb->addr.pgn;
870
	}
871

872
	sock_recv_cmsgs(msg, sk, skb);
873
	msg->msg_flags |= skcb->msg_flags;
874
	skb_free_datagram(sk, skb);
875

876
	return size;
877
}
878

879
static struct sk_buff *j1939_sk_alloc_skb(struct net_device *ndev,
880
					  struct sock *sk,
881
					  struct msghdr *msg, size_t size,
882
					  int *errcode)
883
{
884
	struct j1939_sock *jsk = j1939_sk(sk);
885
	struct j1939_sk_buff_cb *skcb;
886
	struct sk_buff *skb;
887
	int ret;
888

889
	skb = sock_alloc_send_skb(sk,
890
				  size +
891
				  sizeof(struct can_frame) -
892
				  sizeof(((struct can_frame *)NULL)->data) +
893
				  sizeof(struct can_skb_priv),
894
				  msg->msg_flags & MSG_DONTWAIT, &ret);
895
	if (!skb)
896
		goto failure;
897

898
	can_skb_reserve(skb);
899
	can_skb_prv(skb)->ifindex = ndev->ifindex;
900
	can_skb_prv(skb)->skbcnt = 0;
901
	skb_reserve(skb, offsetof(struct can_frame, data));
902

903
	ret = memcpy_from_msg(skb_put(skb, size), msg, size);
904
	if (ret < 0)
905
		goto free_skb;
906

907
	skb->dev = ndev;
908

909
	skcb = j1939_skb_to_cb(skb);
910
	memset(skcb, 0, sizeof(*skcb));
911
	skcb->addr = jsk->addr;
912
	skcb->priority = j1939_prio(READ_ONCE(sk->sk_priority));
913

914
	if (msg->msg_name) {
915
		struct sockaddr_can *addr = msg->msg_name;
916

917
		if (addr->can_addr.j1939.name ||
918
		    addr->can_addr.j1939.addr != J1939_NO_ADDR) {
919
			skcb->addr.dst_name = addr->can_addr.j1939.name;
920
			skcb->addr.da = addr->can_addr.j1939.addr;
921
		}
922
		if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn))
923
			skcb->addr.pgn = addr->can_addr.j1939.pgn;
924
	}
925

926
	*errcode = ret;
927
	return skb;
928

929
free_skb:
930
	kfree_skb(skb);
931
failure:
932
	*errcode = ret;
933
	return NULL;
934
}
935

936
static size_t j1939_sk_opt_stats_get_size(enum j1939_sk_errqueue_type type)
937
{
938
	switch (type) {
939
	case J1939_ERRQUEUE_RX_RTS:
940
		return
941
			nla_total_size(sizeof(u32)) + /* J1939_NLA_TOTAL_SIZE */
942
			nla_total_size(sizeof(u32)) + /* J1939_NLA_PGN */
943
			nla_total_size(sizeof(u64)) + /* J1939_NLA_SRC_NAME */
944
			nla_total_size(sizeof(u64)) + /* J1939_NLA_DEST_NAME */
945
			nla_total_size(sizeof(u8)) +  /* J1939_NLA_SRC_ADDR */
946
			nla_total_size(sizeof(u8)) +  /* J1939_NLA_DEST_ADDR */
947
			0;
948
	default:
949
		return
950
			nla_total_size(sizeof(u32)) + /* J1939_NLA_BYTES_ACKED */
951
			0;
952
	}
953
}
954

955
static struct sk_buff *
956
j1939_sk_get_timestamping_opt_stats(struct j1939_session *session,
957
				    enum j1939_sk_errqueue_type type)
958
{
959
	struct sk_buff *stats;
960
	u32 size;
961

962
	stats = alloc_skb(j1939_sk_opt_stats_get_size(type), GFP_ATOMIC);
963
	if (!stats)
964
		return NULL;
965

966
	if (session->skcb.addr.type == J1939_SIMPLE)
967
		size = session->total_message_size;
968
	else
969
		size = min(session->pkt.tx_acked * 7,
970
			   session->total_message_size);
971

972
	switch (type) {
973
	case J1939_ERRQUEUE_RX_RTS:
974
		nla_put_u32(stats, J1939_NLA_TOTAL_SIZE,
975
			    session->total_message_size);
976
		nla_put_u32(stats, J1939_NLA_PGN,
977
			    session->skcb.addr.pgn);
978
		nla_put_u64_64bit(stats, J1939_NLA_SRC_NAME,
979
				  session->skcb.addr.src_name, J1939_NLA_PAD);
980
		nla_put_u64_64bit(stats, J1939_NLA_DEST_NAME,
981
				  session->skcb.addr.dst_name, J1939_NLA_PAD);
982
		nla_put_u8(stats, J1939_NLA_SRC_ADDR,
983
			   session->skcb.addr.sa);
984
		nla_put_u8(stats, J1939_NLA_DEST_ADDR,
985
			   session->skcb.addr.da);
986
		break;
987
	default:
988
		nla_put_u32(stats, J1939_NLA_BYTES_ACKED, size);
989
	}
990

991
	return stats;
992
}
993

994
static void __j1939_sk_errqueue(struct j1939_session *session, struct sock *sk,
995
				enum j1939_sk_errqueue_type type)
996
{
997
	struct j1939_priv *priv = session->priv;
998
	struct j1939_sock *jsk;
999
	struct sock_exterr_skb *serr;
1000
	struct sk_buff *skb;
1001
	char *state = "UNK";
1002
	u32 tsflags;
1003
	int err;
1004

1005
	jsk = j1939_sk(sk);
1006

1007
	if (!(jsk->state & J1939_SOCK_ERRQUEUE))
1008
		return;
1009

1010
	tsflags = READ_ONCE(sk->sk_tsflags);
1011
	switch (type) {
1012
	case J1939_ERRQUEUE_TX_ACK:
1013
		if (!(tsflags & SOF_TIMESTAMPING_TX_ACK))
1014
			return;
1015
		break;
1016
	case J1939_ERRQUEUE_TX_SCHED:
1017
		if (!(tsflags & SOF_TIMESTAMPING_TX_SCHED))
1018
			return;
1019
		break;
1020
	case J1939_ERRQUEUE_TX_ABORT:
1021
		break;
1022
	case J1939_ERRQUEUE_RX_RTS:
1023
		fallthrough;
1024
	case J1939_ERRQUEUE_RX_DPO:
1025
		fallthrough;
1026
	case J1939_ERRQUEUE_RX_ABORT:
1027
		if (!(tsflags & SOF_TIMESTAMPING_RX_SOFTWARE))
1028
			return;
1029
		break;
1030
	default:
1031
		netdev_err(priv->ndev, "Unknown errqueue type %i\n", type);
1032
	}
1033

1034
	skb = j1939_sk_get_timestamping_opt_stats(session, type);
1035
	if (!skb)
1036
		return;
1037

1038
	skb->tstamp = ktime_get_real();
1039

1040
	BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb));
1041

1042
	serr = SKB_EXT_ERR(skb);
1043
	memset(serr, 0, sizeof(*serr));
1044
	switch (type) {
1045
	case J1939_ERRQUEUE_TX_ACK:
1046
		serr->ee.ee_errno = ENOMSG;
1047
		serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
1048
		serr->ee.ee_info = SCM_TSTAMP_ACK;
1049
		state = "TX ACK";
1050
		break;
1051
	case J1939_ERRQUEUE_TX_SCHED:
1052
		serr->ee.ee_errno = ENOMSG;
1053
		serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
1054
		serr->ee.ee_info = SCM_TSTAMP_SCHED;
1055
		state = "TX SCH";
1056
		break;
1057
	case J1939_ERRQUEUE_TX_ABORT:
1058
		serr->ee.ee_errno = session->err;
1059
		serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1060
		serr->ee.ee_info = J1939_EE_INFO_TX_ABORT;
1061
		state = "TX ABT";
1062
		break;
1063
	case J1939_ERRQUEUE_RX_RTS:
1064
		serr->ee.ee_errno = ENOMSG;
1065
		serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1066
		serr->ee.ee_info = J1939_EE_INFO_RX_RTS;
1067
		state = "RX RTS";
1068
		break;
1069
	case J1939_ERRQUEUE_RX_DPO:
1070
		serr->ee.ee_errno = ENOMSG;
1071
		serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1072
		serr->ee.ee_info = J1939_EE_INFO_RX_DPO;
1073
		state = "RX DPO";
1074
		break;
1075
	case J1939_ERRQUEUE_RX_ABORT:
1076
		serr->ee.ee_errno = session->err;
1077
		serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
1078
		serr->ee.ee_info = J1939_EE_INFO_RX_ABORT;
1079
		state = "RX ABT";
1080
		break;
1081
	}
1082

1083
	serr->opt_stats = true;
1084
	if (tsflags & SOF_TIMESTAMPING_OPT_ID)
1085
		serr->ee.ee_data = session->tskey;
1086

1087
	netdev_dbg(session->priv->ndev, "%s: 0x%p tskey: %i, state: %s\n",
1088
		   __func__, session, session->tskey, state);
1089
	err = sock_queue_err_skb(sk, skb);
1090

1091
	if (err)
1092
		kfree_skb(skb);
1093
};
1094

1095
void j1939_sk_errqueue(struct j1939_session *session,
1096
		       enum j1939_sk_errqueue_type type)
1097
{
1098
	struct j1939_priv *priv = session->priv;
1099
	struct j1939_sock *jsk;
1100

1101
	if (session->sk) {
1102
		/* send TX notifications to the socket of origin  */
1103
		__j1939_sk_errqueue(session, session->sk, type);
1104
		return;
1105
	}
1106

1107
	/* spread RX notifications to all sockets subscribed to this session */
1108
	read_lock_bh(&priv->j1939_socks_lock);
1109
	list_for_each_entry(jsk, &priv->j1939_socks, list) {
1110
		if (j1939_sk_recv_match_one(jsk, &session->skcb))
1111
			__j1939_sk_errqueue(session, &jsk->sk, type);
1112
	}
1113
	read_unlock_bh(&priv->j1939_socks_lock);
1114
};
1115

1116
void j1939_sk_send_loop_abort(struct sock *sk, int err)
1117
{
1118
	struct j1939_sock *jsk = j1939_sk(sk);
1119

1120
	if (jsk->state & J1939_SOCK_ERRQUEUE)
1121
		return;
1122

1123
	sk->sk_err = err;
1124

1125
	sk_error_report(sk);
1126
}
1127

1128
static int j1939_sk_send_loop(struct j1939_priv *priv,  struct sock *sk,
1129
			      struct msghdr *msg, size_t size)
1130

1131
{
1132
	struct j1939_sock *jsk = j1939_sk(sk);
1133
	struct j1939_session *session = j1939_sk_get_incomplete_session(jsk);
1134
	struct sk_buff *skb;
1135
	size_t segment_size, todo_size;
1136
	int ret = 0;
1137

1138
	if (session &&
1139
	    session->total_message_size != session->total_queued_size + size) {
1140
		j1939_session_put(session);
1141
		return -EIO;
1142
	}
1143

1144
	todo_size = size;
1145

1146
	do {
1147
		struct j1939_sk_buff_cb *skcb;
1148

1149
		segment_size = min_t(size_t, J1939_MAX_TP_PACKET_SIZE,
1150
				     todo_size);
1151

1152
		/* Allocate skb for one segment */
1153
		skb = j1939_sk_alloc_skb(priv->ndev, sk, msg, segment_size,
1154
					 &ret);
1155
		if (ret)
1156
			break;
1157

1158
		skcb = j1939_skb_to_cb(skb);
1159

1160
		if (!session) {
1161
			/* at this point the size should be full size
1162
			 * of the session
1163
			 */
1164
			skcb->offset = 0;
1165
			session = j1939_tp_send(priv, skb, size);
1166
			if (IS_ERR(session)) {
1167
				ret = PTR_ERR(session);
1168
				goto kfree_skb;
1169
			}
1170
			if (j1939_sk_queue_session(session)) {
1171
				/* try to activate session if we a
1172
				 * fist in the queue
1173
				 */
1174
				if (!j1939_session_activate(session)) {
1175
					j1939_tp_schedule_txtimer(session, 0);
1176
				} else {
1177
					ret = -EBUSY;
1178
					session->err = ret;
1179
					j1939_sk_queue_drop_all(priv, jsk,
1180
								EBUSY);
1181
					break;
1182
				}
1183
			}
1184
		} else {
1185
			skcb->offset = session->total_queued_size;
1186
			j1939_session_skb_queue(session, skb);
1187
		}
1188

1189
		todo_size -= segment_size;
1190
		session->total_queued_size += segment_size;
1191
	} while (todo_size);
1192

1193
	switch (ret) {
1194
	case 0: /* OK */
1195
		if (todo_size)
1196
			netdev_warn(priv->ndev,
1197
				    "no error found and not completely queued?! %zu\n",
1198
				    todo_size);
1199
		ret = size;
1200
		break;
1201
	case -ERESTARTSYS:
1202
		ret = -EINTR;
1203
		fallthrough;
1204
	case -EAGAIN: /* OK */
1205
		if (todo_size != size)
1206
			ret = size - todo_size;
1207
		break;
1208
	default: /* ERROR */
1209
		break;
1210
	}
1211

1212
	if (session)
1213
		j1939_session_put(session);
1214

1215
	return ret;
1216

1217
 kfree_skb:
1218
	kfree_skb(skb);
1219
	return ret;
1220
}
1221

1222
static int j1939_sk_sendmsg(struct socket *sock, struct msghdr *msg,
1223
			    size_t size)
1224
{
1225
	struct sock *sk = sock->sk;
1226
	struct j1939_sock *jsk = j1939_sk(sk);
1227
	struct j1939_priv *priv;
1228
	int ifindex;
1229
	int ret;
1230

1231
	lock_sock(sock->sk);
1232
	/* various socket state tests */
1233
	if (!(jsk->state & J1939_SOCK_BOUND)) {
1234
		ret = -EBADFD;
1235
		goto sendmsg_done;
1236
	}
1237

1238
	priv = jsk->priv;
1239
	ifindex = jsk->ifindex;
1240

1241
	if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) {
1242
		/* no source address assigned yet */
1243
		ret = -EBADFD;
1244
		goto sendmsg_done;
1245
	}
1246

1247
	/* deal with provided destination address info */
1248
	if (msg->msg_name) {
1249
		struct sockaddr_can *addr = msg->msg_name;
1250

1251
		if (msg->msg_namelen < J1939_MIN_NAMELEN) {
1252
			ret = -EINVAL;
1253
			goto sendmsg_done;
1254
		}
1255

1256
		if (addr->can_family != AF_CAN) {
1257
			ret = -EINVAL;
1258
			goto sendmsg_done;
1259
		}
1260

1261
		if (addr->can_ifindex && addr->can_ifindex != ifindex) {
1262
			ret = -EBADFD;
1263
			goto sendmsg_done;
1264
		}
1265

1266
		if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&
1267
		    !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) {
1268
			ret = -EINVAL;
1269
			goto sendmsg_done;
1270
		}
1271

1272
		if (!addr->can_addr.j1939.name &&
1273
		    addr->can_addr.j1939.addr == J1939_NO_ADDR &&
1274
		    !sock_flag(sk, SOCK_BROADCAST)) {
1275
			/* broadcast, but SO_BROADCAST not set */
1276
			ret = -EACCES;
1277
			goto sendmsg_done;
1278
		}
1279
	} else {
1280
		if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR &&
1281
		    !sock_flag(sk, SOCK_BROADCAST)) {
1282
			/* broadcast, but SO_BROADCAST not set */
1283
			ret = -EACCES;
1284
			goto sendmsg_done;
1285
		}
1286
	}
1287

1288
	ret = j1939_sk_send_loop(priv, sk, msg, size);
1289

1290
sendmsg_done:
1291
	release_sock(sock->sk);
1292

1293
	return ret;
1294
}
1295

1296
void j1939_sk_netdev_event_netdown(struct j1939_priv *priv)
1297
{
1298
	struct j1939_sock *jsk;
1299
	int error_code = ENETDOWN;
1300

1301
	read_lock_bh(&priv->j1939_socks_lock);
1302
	list_for_each_entry(jsk, &priv->j1939_socks, list) {
1303
		jsk->sk.sk_err = error_code;
1304
		if (!sock_flag(&jsk->sk, SOCK_DEAD))
1305
			sk_error_report(&jsk->sk);
1306

1307
		j1939_sk_queue_drop_all(priv, jsk, error_code);
1308
	}
1309
	read_unlock_bh(&priv->j1939_socks_lock);
1310
}
1311

1312
void j1939_sk_netdev_event_unregister(struct j1939_priv *priv)
1313
{
1314
	struct sock *sk;
1315
	struct j1939_sock *jsk;
1316
	bool wait_rcu = false;
1317

1318
rescan: /* The caller is holding a ref on this "priv" via j1939_priv_get_by_ndev(). */
1319
	read_lock_bh(&priv->j1939_socks_lock);
1320
	list_for_each_entry(jsk, &priv->j1939_socks, list) {
1321
		/* Skip if j1939_jsk_add() is not called on this socket. */
1322
		if (!(jsk->state & J1939_SOCK_BOUND))
1323
			continue;
1324
		sk = &jsk->sk;
1325
		sock_hold(sk);
1326
		read_unlock_bh(&priv->j1939_socks_lock);
1327
		/* Check if j1939_jsk_del() is not yet called on this socket after holding
1328
		 * socket's lock, for both j1939_sk_bind() and j1939_sk_release() call
1329
		 * j1939_jsk_del() with socket's lock held.
1330
		 */
1331
		lock_sock(sk);
1332
		if (jsk->state & J1939_SOCK_BOUND) {
1333
			/* Neither j1939_sk_bind() nor j1939_sk_release() called j1939_jsk_del().
1334
			 * Make this socket no longer bound, by pretending as if j1939_sk_bind()
1335
			 * dropped old references but did not get new references.
1336
			 */
1337
			j1939_jsk_del(priv, jsk);
1338
			j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
1339
			j1939_netdev_stop(priv);
1340
			/* Call j1939_priv_put() now and prevent j1939_sk_sock_destruct() from
1341
			 * calling the corresponding j1939_priv_put().
1342
			 *
1343
			 * j1939_sk_sock_destruct() is supposed to call j1939_priv_put() after
1344
			 * an RCU grace period. But since the caller is holding a ref on this
1345
			 * "priv", we can defer synchronize_rcu() until immediately before
1346
			 * the caller calls j1939_priv_put().
1347
			 */
1348
			j1939_priv_put(priv);
1349
			jsk->priv = NULL;
1350
			wait_rcu = true;
1351
		}
1352
		release_sock(sk);
1353
		sock_put(sk);
1354
		goto rescan;
1355
	}
1356
	read_unlock_bh(&priv->j1939_socks_lock);
1357
	if (wait_rcu)
1358
		synchronize_rcu();
1359
}
1360

1361
static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd,
1362
				unsigned long arg)
1363
{
1364
	/* no ioctls for socket layer -> hand it down to NIC layer */
1365
	return -ENOIOCTLCMD;
1366
}
1367

1368
static const struct proto_ops j1939_ops = {
1369
	.family = PF_CAN,
1370
	.release = j1939_sk_release,
1371
	.bind = j1939_sk_bind,
1372
	.connect = j1939_sk_connect,
1373
	.socketpair = sock_no_socketpair,
1374
	.accept = sock_no_accept,
1375
	.getname = j1939_sk_getname,
1376
	.poll = datagram_poll,
1377
	.ioctl = j1939_sk_no_ioctlcmd,
1378
	.listen = sock_no_listen,
1379
	.shutdown = sock_no_shutdown,
1380
	.setsockopt = j1939_sk_setsockopt,
1381
	.getsockopt = j1939_sk_getsockopt,
1382
	.sendmsg = j1939_sk_sendmsg,
1383
	.recvmsg = j1939_sk_recvmsg,
1384
	.mmap = sock_no_mmap,
1385
};
1386

1387
static struct proto j1939_proto __read_mostly = {
1388
	.name = "CAN_J1939",
1389
	.owner = THIS_MODULE,
1390
	.obj_size = sizeof(struct j1939_sock),
1391
	.init = j1939_sk_init,
1392
};
1393

1394
const struct can_proto j1939_can_proto = {
1395
	.type = SOCK_DGRAM,
1396
	.protocol = CAN_J1939,
1397
	.ops = &j1939_ops,
1398
	.prot = &j1939_proto,
1399
};
1400

1401