projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net/x25: fix use-after-free in x25_device_event()
[GitHub/moto-9609/android_kernel_motorola_exynos9610.git] / net / atm / br2684.c
CommitLineData
1da177e4 1/*
fb64c735
CW		 2 * Ethernet netdevice using ATM AAL5 as underlying carrier
3 * (RFC1483 obsoleted by RFC2684) for Linux
4 *
5 * Authors: Marcell GAL, 2000, XDSL Ltd, Hungary
6 * Eric Kinzie, 2006-2007, US Naval Research Laboratory
7 */
1da177e4 8
99824461
JP		 9#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
10
1da177e4 11#include <linux/module.h>
1da177e4
LT		 12#include <linux/init.h>
13#include <linux/kernel.h>
14#include <linux/list.h>
15#include <linux/netdevice.h>
16#include <linux/skbuff.h>
17#include <linux/etherdevice.h>
18#include <linux/rtnetlink.h>
19#include <linux/ip.h>
641d729e 20#include <linux/uaccess.h>
5a0e3ad6 21#include <linux/slab.h>
1da177e4
LT		 22#include <net/arp.h>
23#include <linux/atm.h>
24#include <linux/atmdev.h>
4fc268d2 25#include <linux/capability.h>
1da177e4
LT		 26#include <linux/seq_file.h>
27
28#include <linux/atmbr2684.h>
29
30#include "common.h"
1da177e4 31
1da177e4
LT		 32static void skb_debug(const struct sk_buff *skb)
33{
641d729e 34#ifdef SKB_DEBUG
1da177e4 35#define NUM2PRINT 50
641d729e
JP		 36 print_hex_dump(KERN_DEBUG, "br2684: skb: ", DUMP_OFFSET,
37 16, 1, skb->data, min(NUM2PRINT, skb->len), true);
1da177e4 38#endif
641d729e 39}
1da177e4 40
097b19a9
EK		 41#define BR2684_ETHERTYPE_LEN 2
42#define BR2684_PAD_LEN 2
43
44#define LLC 0xaa, 0xaa, 0x03
45#define SNAP_BRIDGED 0x00, 0x80, 0xc2
46#define SNAP_ROUTED 0x00, 0x00, 0x00
47#define PID_ETHERNET 0x00, 0x07
48#define ETHERTYPE_IPV4 0x08, 0x00
49#define ETHERTYPE_IPV6 0x86, 0xdd
50#define PAD_BRIDGED 0x00, 0x00
51
61c33e01
MBJ		 52static const unsigned char ethertype_ipv4[] = { ETHERTYPE_IPV4 };
53static const unsigned char ethertype_ipv6[] = { ETHERTYPE_IPV6 };
54static const unsigned char llc_oui_pid_pad[] =
fb64c735 55 { LLC, SNAP_BRIDGED, PID_ETHERNET, PAD_BRIDGED };
befc93fe 56static const unsigned char pad[] = { PAD_BRIDGED };
61c33e01
MBJ		 57static const unsigned char llc_oui_ipv4[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV4 };
58static const unsigned char llc_oui_ipv6[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV6 };
1da177e4
LT		 59
60enum br2684_encaps {
fb64c735 61 e_vc = BR2684_ENCAPS_VC,
1da177e4
LT		 62 e_llc = BR2684_ENCAPS_LLC,
63};
64
65struct br2684_vcc {
fb64c735 66 struct atm_vcc *atmvcc;
1da177e4 67 struct net_device *device;
fb64c735 68 /* keep old push, pop functions for chaining */
641d729e 69 void (*old_push)(struct atm_vcc *vcc, struct sk_buff *skb);
137742cf 70 void (*old_pop)(struct atm_vcc *vcc, struct sk_buff *skb);
b8958853 71 void (*old_release_cb)(struct atm_vcc *vcc);
d71ffeb1 72 struct module *old_owner;
1da177e4
LT		 73 enum br2684_encaps encaps;
74 struct list_head brvccs;
75#ifdef CONFIG_ATM_BR2684_IPFILTER
76 struct br2684_filter filter;
77#endif /* CONFIG_ATM_BR2684_IPFILTER */
95c96174 78 unsigned int copies_needed, copies_failed;
ae088d66 79 atomic_t qspace;
1da177e4
LT		 80};
81
82struct br2684_dev {
83 struct net_device *net_dev;
84 struct list_head br2684_devs;
85 int number;
fb64c735 86 struct list_head brvccs; /* one device <=> one vcc (before xmas) */
1da177e4 87 int mac_was_set;
097b19a9 88 enum br2684_payload payload;
1da177e4
LT		 89};
90
91/*
92 * This lock should be held for writing any time the list of devices or
93 * their attached vcc's could be altered. It should be held for reading
94 * any time these are being queried. Note that we sometimes need to
95 * do read-locking under interrupt context, so write locking must block
96 * the current CPU's interrupts
97 */
98static DEFINE_RWLOCK(devs_lock);
99
100static LIST_HEAD(br2684_devs);
101
102static inline struct br2684_dev *BRPRIV(const struct net_device *net_dev)
103{
37d66800 104 return netdev_priv(net_dev);
1da177e4
LT		 105}
106
107static inline struct net_device *list_entry_brdev(const struct list_head *le)
108{
109 return list_entry(le, struct br2684_dev, br2684_devs)->net_dev;
110}
111
112static inline struct br2684_vcc *BR2684_VCC(const struct atm_vcc *atmvcc)
113{
fb64c735 114 return (struct br2684_vcc *)(atmvcc->user_back);
1da177e4
LT		 115}
116
117static inline struct br2684_vcc *list_entry_brvcc(const struct list_head *le)
118{
119 return list_entry(le, struct br2684_vcc, brvccs);
120}
121
122/* Caller should hold read_lock(&devs_lock) */
123static struct net_device *br2684_find_dev(const struct br2684_if_spec *s)
124{
125 struct list_head *lh;
126 struct net_device *net_dev;
127 switch (s->method) {
128 case BR2684_FIND_BYNUM:
129 list_for_each(lh, &br2684_devs) {
130 net_dev = list_entry_brdev(lh);
131 if (BRPRIV(net_dev)->number == s->spec.devnum)
132 return net_dev;
133 }
134 break;
135 case BR2684_FIND_BYIFNAME:
136 list_for_each(lh, &br2684_devs) {
137 net_dev = list_entry_brdev(lh);
138 if (!strncmp(net_dev->name, s->spec.ifname, IFNAMSIZ))
139 return net_dev;
140 }
141 break;
142 }
143 return NULL;
144}
145
00506612
KH		 146static int atm_dev_event(struct notifier_block *this, unsigned long event,
147 void *arg)
148{
149 struct atm_dev *atm_dev = arg;
150 struct list_head *lh;
151 struct net_device *net_dev;
152 struct br2684_vcc *brvcc;
153 struct atm_vcc *atm_vcc;
154 unsigned long flags;
155
156 pr_debug("event=%ld dev=%p\n", event, atm_dev);
157
158 read_lock_irqsave(&devs_lock, flags);
159 list_for_each(lh, &br2684_devs) {
160 net_dev = list_entry_brdev(lh);
161
162 list_for_each_entry(brvcc, &BRPRIV(net_dev)->brvccs, brvccs) {
163 atm_vcc = brvcc->atmvcc;
164 if (atm_vcc && brvcc->atmvcc->dev == atm_dev) {
165
166 if (atm_vcc->dev->signal == ATM_PHY_SIG_LOST)
167 netif_carrier_off(net_dev);
168 else
169 netif_carrier_on(net_dev);
170
171 }
172 }
173 }
174 read_unlock_irqrestore(&devs_lock, flags);
175
176 return NOTIFY_DONE;
177}
178
179static struct notifier_block atm_dev_notifier = {
180 .notifier_call = atm_dev_event,
181};
182
137742cf
KH		 183/* chained vcc->pop function. Check if we should wake the netif_queue */
184static void br2684_pop(struct atm_vcc *vcc, struct sk_buff *skb)
185{
186 struct br2684_vcc *brvcc = BR2684_VCC(vcc);
137742cf 187
ae088d66 188 pr_debug("(vcc %p ; net_dev %p )\n", vcc, brvcc->device);
137742cf
KH		 189 brvcc->old_pop(vcc, skb);
190
ae088d66
DW		 191 /* If the queue space just went up from zero, wake */
192 if (atomic_inc_return(&brvcc->qspace) == 1)
193 netif_wake_queue(brvcc->device);
137742cf 194}
ae088d66 195
1da177e4
LT		 196/*
197 * Send a packet out a particular vcc. Not to useful right now, but paves
198 * the way for multiple vcc's per itf. Returns true if we can send,
199 * otherwise false
200 */
410e9d8f 201static int br2684_xmit_vcc(struct sk_buff *skb, struct net_device *dev,
fb64c735 202 struct br2684_vcc *brvcc)
1da177e4 203{
410e9d8f 204 struct br2684_dev *brdev = BRPRIV(dev);
1da177e4 205 struct atm_vcc *atmvcc;
9e667b29
PH		 206 int minheadroom = (brvcc->encaps == e_llc) ?
207 ((brdev->payload == p_bridged) ?
208 sizeof(llc_oui_pid_pad) : sizeof(llc_oui_ipv4)) :
209 ((brdev->payload == p_bridged) ? BR2684_PAD_LEN : 0);
097b19a9 210
1da177e4
LT		 211 if (skb_headroom(skb) < minheadroom) {
212 struct sk_buff *skb2 = skb_realloc_headroom(skb, minheadroom);
213 brvcc->copies_needed++;
214 dev_kfree_skb(skb);
215 if (skb2 == NULL) {
216 brvcc->copies_failed++;
217 return 0;
218 }
219 skb = skb2;
220 }
097b19a9
EK		 221
222 if (brvcc->encaps == e_llc) {
223 if (brdev->payload == p_bridged) {
224 skb_push(skb, sizeof(llc_oui_pid_pad));
fb64c735
CW		 225 skb_copy_to_linear_data(skb, llc_oui_pid_pad,
226 sizeof(llc_oui_pid_pad));
097b19a9
EK		 227 } else if (brdev->payload == p_routed) {
228 unsigned short prot = ntohs(skb->protocol);
229
230 skb_push(skb, sizeof(llc_oui_ipv4));
231 switch (prot) {
fb64c735
CW		 232 case ETH_P_IP:
233 skb_copy_to_linear_data(skb, llc_oui_ipv4,
234 sizeof(llc_oui_ipv4));
235 break;
236 case ETH_P_IPV6:
237 skb_copy_to_linear_data(skb, llc_oui_ipv6,
238 sizeof(llc_oui_ipv6));
239 break;
240 default:
241 dev_kfree_skb(skb);
242 return 0;
097b19a9
EK		 243 }
244 }
7e903c2a
EK		 245 } else { /* e_vc */
246 if (brdev->payload == p_bridged) {
247 skb_push(skb, 2);
097b19a9 248 memset(skb->data, 0, 2);
7e903c2a 249 }
097b19a9 250 }
1da177e4
LT		 251 skb_debug(skb);
252
253 ATM_SKB(skb)->vcc = atmvcc = brvcc->atmvcc;
52240062 254 pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, atmvcc, atmvcc->dev);
f93d6593 255 atm_account_tx(atmvcc, skb);
410e9d8f
SH		 256 dev->stats.tx_packets++;
257 dev->stats.tx_bytes += skb->len;
137742cf 258
ae088d66
DW		 259 if (atomic_dec_return(&brvcc->qspace) < 1) {
260 /* No more please! */
137742cf 261 netif_stop_queue(brvcc->device);
ae088d66
DW		 262 /* We might have raced with br2684_pop() */
263 if (unlikely(atomic_read(&brvcc->qspace) > 0))
264 netif_wake_queue(brvcc->device);
137742cf
KH		 265 }
266
ae088d66
DW		 267 /* If this fails immediately, the skb will be freed and br2684_pop()
268 will wake the queue if appropriate. Just return an error so that
269 the stats are updated correctly */
270 return !atmvcc->send(atmvcc, skb);
1da177e4
LT		 271}
272
b8958853
DW		 273static void br2684_release_cb(struct atm_vcc *atmvcc)
274{
275 struct br2684_vcc *brvcc = BR2684_VCC(atmvcc);
276
277 if (atomic_read(&brvcc->qspace) > 0)
278 netif_wake_queue(brvcc->device);
279
280 if (brvcc->old_release_cb)
281 brvcc->old_release_cb(atmvcc);
282}
283
61c33e01
MBJ		 284static inline struct br2684_vcc *pick_outgoing_vcc(const struct sk_buff *skb,
285 const struct br2684_dev *brdev)
1da177e4 286{
fb64c735 287 return list_empty(&brdev->brvccs) ? NULL : list_entry_brvcc(brdev->brvccs.next); /* 1 vcc/dev right now */
1da177e4
LT		 288}
289
3c805a22
SH		 290static netdev_tx_t br2684_start_xmit(struct sk_buff *skb,
291 struct net_device *dev)
1da177e4
LT		 292{
293 struct br2684_dev *brdev = BRPRIV(dev);
294 struct br2684_vcc *brvcc;
b8958853
DW		 295 struct atm_vcc *atmvcc;
296 netdev_tx_t ret = NETDEV_TX_OK;
1da177e4 297
99824461 298 pr_debug("skb_dst(skb)=%p\n", skb_dst(skb));
1da177e4
LT		 299 read_lock(&devs_lock);
300 brvcc = pick_outgoing_vcc(skb, brdev);
301 if (brvcc == NULL) {
52240062 302 pr_debug("no vcc attached to dev %s\n", dev->name);
410e9d8f
SH		 303 dev->stats.tx_errors++;
304 dev->stats.tx_carrier_errors++;
1da177e4
LT		 305 /* netif_stop_queue(dev); */
306 dev_kfree_skb(skb);
b8958853 307 goto out_devs;
1da177e4 308 }
b8958853
DW		 309 atmvcc = brvcc->atmvcc;
310
311 bh_lock_sock(sk_atm(atmvcc));
312
313 if (test_bit(ATM_VF_RELEASED, &atmvcc->flags) ||
314 test_bit(ATM_VF_CLOSE, &atmvcc->flags) ||
315 !test_bit(ATM_VF_READY, &atmvcc->flags)) {
316 dev->stats.tx_dropped++;
317 dev_kfree_skb(skb);
318 goto out;
319 }
320
321 if (sock_owned_by_user(sk_atm(atmvcc))) {
322 netif_stop_queue(brvcc->device);
323 ret = NETDEV_TX_BUSY;
324 goto out;
325 }
326
410e9d8f 327 if (!br2684_xmit_vcc(skb, dev, brvcc)) {
1da177e4
LT		 328 /*
329 * We should probably use netif_*_queue() here, but that
330 * involves added complication. We need to walk before
fb64c735
CW		 331 * we can run.
332 *
333 * Don't free here! this pointer might be no longer valid!
1da177e4 334 */
410e9d8f
SH		 335 dev->stats.tx_errors++;
336 dev->stats.tx_fifo_errors++;
1da177e4 337 }
b8958853
DW		 338 out:
339 bh_unlock_sock(sk_atm(atmvcc));
340 out_devs:
1da177e4 341 read_unlock(&devs_lock);
b8958853 342 return ret;
1da177e4
LT		 343}
344
1da177e4
LT		 345/*
346 * We remember when the MAC gets set, so we don't override it later with
347 * the ESI of the ATM card of the first VC
348 */
1da177e4
LT		 349static int br2684_mac_addr(struct net_device *dev, void *p)
350{
0ba25ff4 351 int err = eth_mac_addr(dev, p);
1da177e4
LT		 352 if (!err)
353 BRPRIV(dev)->mac_was_set = 1;
354 return err;
355}
356
357#ifdef CONFIG_ATM_BR2684_IPFILTER
358/* this IOCTL is experimental. */
fb64c735 359static int br2684_setfilt(struct atm_vcc *atmvcc, void __user * arg)
1da177e4
LT		 360{
361 struct br2684_vcc *brvcc;
362 struct br2684_filter_set fs;
363
364 if (copy_from_user(&fs, arg, sizeof fs))
365 return -EFAULT;
366 if (fs.ifspec.method != BR2684_FIND_BYNOTHING) {
367 /*
368 * This is really a per-vcc thing, but we can also search
fb64c735 369 * by device.
1da177e4
LT		 370 */
371 struct br2684_dev *brdev;
372 read_lock(&devs_lock);
373 brdev = BRPRIV(br2684_find_dev(&fs.ifspec));
641d729e
JP		 374 if (brdev == NULL || list_empty(&brdev->brvccs) ||
375 brdev->brvccs.next != brdev->brvccs.prev) /* >1 VCC */
1da177e4
LT		 376 brvcc = NULL;
377 else
378 brvcc = list_entry_brvcc(brdev->brvccs.next);
379 read_unlock(&devs_lock);
380 if (brvcc == NULL)
381 return -ESRCH;
382 } else
383 brvcc = BR2684_VCC(atmvcc);
384 memcpy(&brvcc->filter, &fs.filter, sizeof(brvcc->filter));
385 return 0;
386}
387
388/* Returns 1 if packet should be dropped */
389static inline int
30d492da 390packet_fails_filter(__be16 type, struct br2684_vcc *brvcc, struct sk_buff *skb)
1da177e4
LT		 391{
392 if (brvcc->filter.netmask == 0)
fb64c735 393 return 0; /* no filter in place */
acde4855 394 if (type == htons(ETH_P_IP) &&
fb64c735 395 (((struct iphdr *)(skb->data))->daddr & brvcc->filter.
1da177e4
LT		 396 netmask) == brvcc->filter.prefix)
397 return 0;
acde4855 398 if (type == htons(ETH_P_ARP))
1da177e4 399 return 0;
fb64c735
CW		 400 /*
401 * TODO: we should probably filter ARPs too.. don't want to have
402 * them returning values that don't make sense, or is that ok?
1da177e4
LT		 403 */
404 return 1; /* drop */
405}
406#endif /* CONFIG_ATM_BR2684_IPFILTER */
407
408static void br2684_close_vcc(struct br2684_vcc *brvcc)
409{
52240062 410 pr_debug("removing VCC %p from dev %p\n", brvcc, brvcc->device);
1da177e4
LT		 411 write_lock_irq(&devs_lock);
412 list_del(&brvcc->brvccs);
413 write_unlock_irq(&devs_lock);
414 brvcc->atmvcc->user_back = NULL; /* what about vcc->recvq ??? */
b8958853 415 brvcc->atmvcc->release_cb = brvcc->old_release_cb;
1da177e4 416 brvcc->old_push(brvcc->atmvcc, NULL); /* pass on the bad news */
d71ffeb1 417 module_put(brvcc->old_owner);
1da177e4 418 kfree(brvcc);
1da177e4
LT		 419}
420
421/* when AAL5 PDU comes in: */
422static void br2684_push(struct atm_vcc *atmvcc, struct sk_buff *skb)
423{
424 struct br2684_vcc *brvcc = BR2684_VCC(atmvcc);
425 struct net_device *net_dev = brvcc->device;
426 struct br2684_dev *brdev = BRPRIV(net_dev);
1da177e4 427
99824461 428 pr_debug("\n");
1da177e4
LT		 429
430 if (unlikely(skb == NULL)) {
431 /* skb==NULL means VCC is being destroyed */
432 br2684_close_vcc(brvcc);
433 if (list_empty(&brdev->brvccs)) {
1e0ba006 434 write_lock_irq(&devs_lock);
1da177e4 435 list_del(&brdev->br2684_devs);
1e0ba006 436 write_unlock_irq(&devs_lock);
1da177e4 437 unregister_netdev(net_dev);
5f6b1ea4 438 free_netdev(net_dev);
1da177e4
LT		 439 }
440 return;
441 }
442
443 skb_debug(skb);
444 atm_return(atmvcc, skb->truesize);
52240062 445 pr_debug("skb from brdev %p\n", brdev);
1da177e4 446 if (brvcc->encaps == e_llc) {
097b19a9
EK		 447
448 if (skb->len > 7 && skb->data[7] == 0x01)
449 __skb_trim(skb, skb->len - 4);
450
451 /* accept packets that have "ipv[46]" in the snap header */
641d729e
JP		 452 if ((skb->len >= (sizeof(llc_oui_ipv4))) &&
453 (memcmp(skb->data, llc_oui_ipv4,
454 sizeof(llc_oui_ipv4) - BR2684_ETHERTYPE_LEN) == 0)) {
455 if (memcmp(skb->data + 6, ethertype_ipv6,
456 sizeof(ethertype_ipv6)) == 0)
60678040 457 skb->protocol = htons(ETH_P_IPV6);
641d729e
JP		 458 else if (memcmp(skb->data + 6, ethertype_ipv4,
459 sizeof(ethertype_ipv4)) == 0)
60678040 460 skb->protocol = htons(ETH_P_IP);
7e903c2a
EK		 461 else
462 goto error;
097b19a9
EK		 463 skb_pull(skb, sizeof(llc_oui_ipv4));
464 skb_reset_network_header(skb);
465 skb->pkt_type = PACKET_HOST;
641d729e
JP		 466 /*
467 * Let us waste some time for checking the encapsulation.
468 * Note, that only 7 char is checked so frames with a valid FCS
469 * are also accepted (but FCS is not checked of course).
470 */
097b19a9 471 } else if ((skb->len >= sizeof(llc_oui_pid_pad)) &&
fb64c735 472 (memcmp(skb->data, llc_oui_pid_pad, 7) == 0)) {
097b19a9
EK		 473 skb_pull(skb, sizeof(llc_oui_pid_pad));
474 skb->protocol = eth_type_trans(skb, net_dev);
7e903c2a
EK		 475 } else
476 goto error;
1da177e4 477
7e903c2a
EK		 478 } else { /* e_vc */
479 if (brdev->payload == p_routed) {
480 struct iphdr *iph;
481
482 skb_reset_network_header(skb);
483 iph = ip_hdr(skb);
484 if (iph->version == 4)
60678040 485 skb->protocol = htons(ETH_P_IP);
7e903c2a 486 else if (iph->version == 6)
60678040 487 skb->protocol = htons(ETH_P_IPV6);
7e903c2a
EK		 488 else
489 goto error;
490 skb->pkt_type = PACKET_HOST;
491 } else { /* p_bridged */
492 /* first 2 chars should be 0 */
befc93fe 493 if (memcmp(skb->data, pad, BR2684_PAD_LEN) != 0)
7e903c2a
EK		 494 goto error;
495 skb_pull(skb, BR2684_PAD_LEN);
496 skb->protocol = eth_type_trans(skb, net_dev);
1da177e4 497 }
1da177e4
LT		 498 }
499
1da177e4 500#ifdef CONFIG_ATM_BR2684_IPFILTER
7e903c2a
EK		 501 if (unlikely(packet_fails_filter(skb->protocol, brvcc, skb)))
502 goto dropped;
1da177e4
LT		 503#endif /* CONFIG_ATM_BR2684_IPFILTER */
504 skb->dev = net_dev;
505 ATM_SKB(skb)->vcc = atmvcc; /* needed ? */
52240062 506 pr_debug("received packet's protocol: %x\n", ntohs(skb->protocol));
1da177e4 507 skb_debug(skb);
7e903c2a
EK		 508 /* sigh, interface is down? */
509 if (unlikely(!(net_dev->flags & IFF_UP)))
510 goto dropped;
410e9d8f
SH		 511 net_dev->stats.rx_packets++;
512 net_dev->stats.rx_bytes += skb->len;
1da177e4
LT		 513 memset(ATM_SKB(skb), 0, sizeof(struct atm_skb_data));
514 netif_rx(skb);
7e903c2a
EK		 515 return;
516
517dropped:
410e9d8f 518 net_dev->stats.rx_dropped++;
7e903c2a
EK		 519 goto free_skb;
520error:
410e9d8f 521 net_dev->stats.rx_errors++;
7e903c2a
EK		 522free_skb:
523 dev_kfree_skb(skb);
1da177e4
LT		 524}
525
fb64c735
CW		 526/*
527 * Assign a vcc to a dev
528 * Note: we do not have explicit unassign, but look at _push()
529 */
530static int br2684_regvcc(struct atm_vcc *atmvcc, void __user * arg)
1da177e4 531{
1da177e4 532 struct br2684_vcc *brvcc;
1da177e4
LT		 533 struct br2684_dev *brdev;
534 struct net_device *net_dev;
535 struct atm_backend_br2684 be;
4e55f578 536 int err;
1da177e4
LT		 537
538 if (copy_from_user(&be, arg, sizeof be))
539 return -EFAULT;
0da974f4 540 brvcc = kzalloc(sizeof(struct br2684_vcc), GFP_KERNEL);
1da177e4
LT		 541 if (!brvcc)
542 return -ENOMEM;
ae088d66
DW		 543 /*
544 * Allow two packets in the ATM queue. One actually being sent, and one
545 * for the ATM 'TX done' handler to send. It shouldn't take long to get
546 * the next one from the netdev queue, when we need it. More than that
547 * would be bufferbloat.
548 */
549 atomic_set(&brvcc->qspace, 2);
1da177e4
LT		 550 write_lock_irq(&devs_lock);
551 net_dev = br2684_find_dev(&be.ifspec);
552 if (net_dev == NULL) {
25985edc 553 pr_err("tried to attach to non-existent device\n");
1da177e4
LT		 554 err = -ENXIO;
555 goto error;
556 }
557 brdev = BRPRIV(net_dev);
558 if (atmvcc->push == NULL) {
559 err = -EBADFD;
560 goto error;
561 }
562 if (!list_empty(&brdev->brvccs)) {
563 /* Only 1 VCC/dev right now */
564 err = -EEXIST;
565 goto error;
566 }
641d729e
JP		 567 if (be.fcs_in != BR2684_FCSIN_NO ||
568 be.fcs_out != BR2684_FCSOUT_NO ||
569 be.fcs_auto || be.has_vpiid || be.send_padding ||
570 (be.encaps != BR2684_ENCAPS_VC &&
571 be.encaps != BR2684_ENCAPS_LLC) ||
572 be.min_size != 0) {
1da177e4
LT		 573 err = -EINVAL;
574 goto error;
575 }
99824461 576 pr_debug("vcc=%p, encaps=%d, brvcc=%p\n", atmvcc, be.encaps, brvcc);
1da177e4
LT		 577 if (list_empty(&brdev->brvccs) && !brdev->mac_was_set) {
578 unsigned char *esi = atmvcc->dev->esi;
579 if (esi[0] | esi[1] | esi[2] | esi[3] | esi[4] | esi[5])
580 memcpy(net_dev->dev_addr, esi, net_dev->addr_len);
581 else
582 net_dev->dev_addr[2] = 1;
583 }
584 list_add(&brvcc->brvccs, &brdev->brvccs);
585 write_unlock_irq(&devs_lock);
586 brvcc->device = net_dev;
587 brvcc->atmvcc = atmvcc;
588 atmvcc->user_back = brvcc;
fb64c735 589 brvcc->encaps = (enum br2684_encaps)be.encaps;
1da177e4 590 brvcc->old_push = atmvcc->push;
137742cf 591 brvcc->old_pop = atmvcc->pop;
b8958853 592 brvcc->old_release_cb = atmvcc->release_cb;
d71ffeb1 593 brvcc->old_owner = atmvcc->owner;
1da177e4
LT		 594 barrier();
595 atmvcc->push = br2684_push;
137742cf 596 atmvcc->pop = br2684_pop;
b8958853 597 atmvcc->release_cb = br2684_release_cb;
d71ffeb1 598 atmvcc->owner = THIS_MODULE;
c40a27f4 599
00506612
KH		 600 /* initialize netdev carrier state */
601 if (atmvcc->dev->signal == ATM_PHY_SIG_LOST)
602 netif_carrier_off(net_dev);
603 else
604 netif_carrier_on(net_dev);
605
1da177e4 606 __module_get(THIS_MODULE);
4e55f578
JBD		 607
608 /* re-process everything received between connection setup and
609 backend setup */
610 vcc_process_recv_queue(atmvcc);
1da177e4 611 return 0;
641d729e
JP		 612
613error:
1da177e4
LT		 614 write_unlock_irq(&devs_lock);
615 kfree(brvcc);
616 return err;
617}
618
0ba25ff4
SH		 619static const struct net_device_ops br2684_netdev_ops = {
620 .ndo_start_xmit = br2684_start_xmit,
621 .ndo_set_mac_address = br2684_mac_addr,
0ba25ff4
SH		 622 .ndo_validate_addr = eth_validate_addr,
623};
624
2e302ebf
C		 625static const struct net_device_ops br2684_netdev_ops_routed = {
626 .ndo_start_xmit = br2684_start_xmit,
627 .ndo_set_mac_address = br2684_mac_addr,
2e302ebf
C		 628};
629
1da177e4
LT		 630static void br2684_setup(struct net_device *netdev)
631{
632 struct br2684_dev *brdev = BRPRIV(netdev);
633
634 ether_setup(netdev);
9e667b29 635 netdev->hard_header_len += sizeof(llc_oui_pid_pad); /* worst case */
902e5ea1 636 brdev->net_dev = netdev;
1da177e4 637
0ba25ff4 638 netdev->netdev_ops = &br2684_netdev_ops;
1da177e4
LT		 639
640 INIT_LIST_HEAD(&brdev->brvccs);
641}
642
097b19a9
EK		 643static void br2684_setup_routed(struct net_device *netdev)
644{
645 struct br2684_dev *brdev = BRPRIV(netdev);
097b19a9 646
2e302ebf 647 brdev->net_dev = netdev;
9e667b29 648 netdev->hard_header_len = sizeof(llc_oui_ipv4); /* worst case */
2e302ebf 649 netdev->netdev_ops = &br2684_netdev_ops_routed;
097b19a9 650 netdev->addr_len = 0;
8b1efc0f
JW		 651 netdev->mtu = ETH_DATA_LEN;
652 netdev->min_mtu = 0;
653 netdev->max_mtu = ETH_MAX_MTU;
097b19a9
EK		 654 netdev->type = ARPHRD_PPP;
655 netdev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
656 netdev->tx_queue_len = 100;
657 INIT_LIST_HEAD(&brdev->brvccs);
658}
659
641d729e 660static int br2684_create(void __user *arg)
1da177e4
LT		 661{
662 int err;
663 struct net_device *netdev;
664 struct br2684_dev *brdev;
665 struct atm_newif_br2684 ni;
097b19a9 666 enum br2684_payload payload;
1da177e4 667
99824461 668 pr_debug("\n");
1da177e4 669
641d729e 670 if (copy_from_user(&ni, arg, sizeof ni))
1da177e4 671 return -EFAULT;
097b19a9
EK		 672
673 if (ni.media & BR2684_FLAG_ROUTED)
674 payload = p_routed;
675 else
676 payload = p_bridged;
fb64c735 677 ni.media &= 0xffff; /* strip flags */
097b19a9 678
641d729e 679 if (ni.media != BR2684_MEDIA_ETHERNET || ni.mtu != 1500)
1da177e4 680 return -EINVAL;
1da177e4
LT		 681
682 netdev = alloc_netdev(sizeof(struct br2684_dev),
683 ni.ifname[0] ? ni.ifname : "nas%d",
c835a677
TG		 684 NET_NAME_UNKNOWN,
685 (payload == p_routed) ? br2684_setup_routed : br2684_setup);
1da177e4
LT		 686 if (!netdev)
687 return -ENOMEM;
688
689 brdev = BRPRIV(netdev);
690
52240062 691 pr_debug("registered netdev %s\n", netdev->name);
1da177e4
LT		 692 /* open, stop, do_ioctl ? */
693 err = register_netdev(netdev);
694 if (err < 0) {
99824461 695 pr_err("register_netdev failed\n");
1da177e4
LT		 696 free_netdev(netdev);
697 return err;
698 }
699
700 write_lock_irq(&devs_lock);
00506612 701
097b19a9 702 brdev->payload = payload;
00506612
KH		 703
704 if (list_empty(&br2684_devs)) {
705 /* 1st br2684 device */
00506612
KH		 706 brdev->number = 1;
707 } else
708 brdev->number = BRPRIV(list_entry_brdev(br2684_devs.prev))->number + 1;
709
1da177e4
LT		 710 list_add_tail(&brdev->br2684_devs, &br2684_devs);
711 write_unlock_irq(&devs_lock);
712 return 0;
713}
714
715/*
716 * This handles ioctls actually performed on our vcc - we must return
717 * -ENOIOCTLCMD for any unrecognized ioctl
718 */
719static int br2684_ioctl(struct socket *sock, unsigned int cmd,
fb64c735 720 unsigned long arg)
1da177e4
LT		 721{
722 struct atm_vcc *atmvcc = ATM_SD(sock);
723 void __user *argp = (void __user *)arg;
fb64c735 724 atm_backend_t b;
1da177e4
LT		 725
726 int err;
fb64c735 727 switch (cmd) {
1da177e4 728 case ATM_SETBACKEND:
fb64c735 729 case ATM_NEWBACKENDIF:
1da177e4
LT		 730 err = get_user(b, (atm_backend_t __user *) argp);
731 if (err)
732 return -EFAULT;
733 if (b != ATM_BACKEND_BR2684)
734 return -ENOIOCTLCMD;
735 if (!capable(CAP_NET_ADMIN))
736 return -EPERM;
9eba2526
KM		 737 if (cmd == ATM_SETBACKEND) {
738 if (sock->state != SS_CONNECTED)
739 return -EINVAL;
1da177e4 740 return br2684_regvcc(atmvcc, argp);
9eba2526 741 } else {
1da177e4 742 return br2684_create(argp);
9eba2526 743 }
1da177e4
LT		 744#ifdef CONFIG_ATM_BR2684_IPFILTER
745 case BR2684_SETFILT:
746 if (atmvcc->push != br2684_push)
747 return -ENOIOCTLCMD;
748 if (!capable(CAP_NET_ADMIN))
749 return -EPERM;
750 err = br2684_setfilt(atmvcc, argp);
fb64c735 751
1da177e4
LT		 752 return err;
753#endif /* CONFIG_ATM_BR2684_IPFILTER */
754 }
755 return -ENOIOCTLCMD;
756}
757
758static struct atm_ioctl br2684_ioctl_ops = {
fb64c735
CW		 759 .owner = THIS_MODULE,
760 .ioctl = br2684_ioctl,
1da177e4
LT		 761};
762
1da177e4 763#ifdef CONFIG_PROC_FS
fb64c735 764static void *br2684_seq_start(struct seq_file *seq, loff_t * pos)
5c17d5f1 765 __acquires(devs_lock)
1da177e4 766{
1da177e4 767 read_lock(&devs_lock);
9af97186 768 return seq_list_start(&br2684_devs, *pos);
1da177e4
LT		 769}
770
fb64c735 771static void *br2684_seq_next(struct seq_file *seq, void *v, loff_t * pos)
1da177e4 772{
9af97186 773 return seq_list_next(v, &br2684_devs, pos);
1da177e4
LT		 774}
775
776static void br2684_seq_stop(struct seq_file *seq, void *v)
5c17d5f1 777 __releases(devs_lock)
1da177e4
LT		 778{
779 read_unlock(&devs_lock);
780}
781
782static int br2684_seq_show(struct seq_file *seq, void *v)
783{
9af97186 784 const struct br2684_dev *brdev = list_entry(v, struct br2684_dev,
fb64c735 785 br2684_devs);
1da177e4
LT		 786 const struct net_device *net_dev = brdev->net_dev;
787 const struct br2684_vcc *brvcc;
788
e174961c 789 seq_printf(seq, "dev %.16s: num=%d, mac=%pM (%s)\n",
0795af57
JP		 790 net_dev->name,
791 brdev->number,
e174961c 792 net_dev->dev_addr,
0795af57 793 brdev->mac_was_set ? "set" : "auto");
1da177e4
LT		 794
795 list_for_each_entry(brvcc, &brdev->brvccs, brvccs) {
097b19a9 796 seq_printf(seq, " vcc %d.%d.%d: encaps=%s payload=%s"
fb64c735
CW		 797 ", failed copies %u/%u"
798 "\n", brvcc->atmvcc->dev->number,
799 brvcc->atmvcc->vpi, brvcc->atmvcc->vci,
800 (brvcc->encaps == e_llc) ? "LLC" : "VC",
801 (brdev->payload == p_bridged) ? "bridged" : "routed",
802 brvcc->copies_failed, brvcc->copies_needed);
1da177e4 803#ifdef CONFIG_ATM_BR2684_IPFILTER
fb64c735 804 if (brvcc->filter.netmask != 0)
85b1d8bb
JP		 805 seq_printf(seq, " filter=%pI4/%pI4\n",
806 &brvcc->filter.prefix,
807 &brvcc->filter.netmask);
1da177e4
LT		 808#endif /* CONFIG_ATM_BR2684_IPFILTER */
809 }
810 return 0;
811}
812
56b3d975 813static const struct seq_operations br2684_seq_ops = {
1da177e4 814 .start = br2684_seq_start,
fb64c735
CW		 815 .next = br2684_seq_next,
816 .stop = br2684_seq_stop,
817 .show = br2684_seq_show,
1da177e4
LT		 818};
819
820static int br2684_proc_open(struct inode *inode, struct file *file)
821{
822 return seq_open(file, &br2684_seq_ops);
823}
824
9a32144e 825static const struct file_operations br2684_proc_ops = {
fb64c735
CW		 826 .owner = THIS_MODULE,
827 .open = br2684_proc_open,
828 .read = seq_read,
829 .llseek = seq_lseek,
1da177e4
LT		 830 .release = seq_release,
831};
832
833extern struct proc_dir_entry *atm_proc_root; /* from proc.c */
fb64c735 834#endif /* CONFIG_PROC_FS */
1da177e4
LT		 835
836static int __init br2684_init(void)
837{
838#ifdef CONFIG_PROC_FS
839 struct proc_dir_entry *p;
16e297b3
WC		 840 p = proc_create("br2684", 0, atm_proc_root, &br2684_proc_ops);
841 if (p == NULL)
1da177e4 842 return -ENOMEM;
1da177e4
LT		 843#endif
844 register_atm_ioctl(&br2684_ioctl_ops);
a3d6713f 845 register_atmdevice_notifier(&atm_dev_notifier);
1da177e4
LT		 846 return 0;
847}
848
849static void __exit br2684_exit(void)
850{
851 struct net_device *net_dev;
852 struct br2684_dev *brdev;
853 struct br2684_vcc *brvcc;
854 deregister_atm_ioctl(&br2684_ioctl_ops);
855
856#ifdef CONFIG_PROC_FS
857 remove_proc_entry("br2684", atm_proc_root);
858#endif
859
00506612 860
a3d6713f 861 unregister_atmdevice_notifier(&atm_dev_notifier);
00506612 862
1da177e4
LT		 863 while (!list_empty(&br2684_devs)) {
864 net_dev = list_entry_brdev(br2684_devs.next);
865 brdev = BRPRIV(net_dev);
866 while (!list_empty(&brdev->brvccs)) {
867 brvcc = list_entry_brvcc(brdev->brvccs.next);
868 br2684_close_vcc(brvcc);
869 }
870
871 list_del(&brdev->br2684_devs);
872 unregister_netdev(net_dev);
5f6b1ea4 873 free_netdev(net_dev);
1da177e4
LT		 874 }
875}
876
877module_init(br2684_init);
878module_exit(br2684_exit);
879
880MODULE_AUTHOR("Marcell GAL");
881MODULE_DESCRIPTION("RFC2684 bridged protocols over ATM/AAL5");
882MODULE_LICENSE("GPL");