1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Linux WiMAX
4 * Generic messaging interface between userspace and driver/device
5 *
6 * Copyright (C) 2007-2008 Intel Corporation <linux-wimax@intel.com>
7 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 *
9 * This implements a direct communication channel between user space and
10 * the driver/device, by which free form messages can be sent back and
11 * forth.
12 *
13 * This is intended for device-specific features, vendor quirks, etc.
14 *
15 * See include/net/wimax.h
16 *
17 * GENERIC NETLINK ENCODING AND CAPACITY
18 *
19 * A destination "pipe name" is added to each message; it is up to the
20 * drivers to assign or use those names (if using them at all).
21 *
22 * Messages are encoded as a binary netlink attribute using nla_put()
23 * using type NLA_UNSPEC (as some versions of libnl still in
24 * deployment don't yet understand NLA_BINARY).
25 *
26 * The maximum capacity of this transport is PAGESIZE per message (so
27 * the actual payload will be bit smaller depending on the
28 * netlink/generic netlink attributes and headers).
29 *
30 * RECEPTION OF MESSAGES
31 *
32 * When a message is received from user space, it is passed verbatim
33 * to the driver calling wimax_dev->op_msg_from_user(). The return
34 * value from this function is passed back to user space as an ack
35 * over the generic netlink protocol.
36 *
37 * The stack doesn't do any processing or interpretation of these
38 * messages.
39 *
40 * SENDING MESSAGES
41 *
42 * Messages can be sent with wimax_msg().
43 *
44 * If the message delivery needs to happen on a different context to
45 * that of its creation, wimax_msg_alloc() can be used to get a
46 * pointer to the message that can be delivered later on with
47 * wimax_msg_send().
48 *
49 * ROADMAP
50 *
51 * wimax_gnl_doit_msg_from_user() Process a message from user space
52 * wimax_dev_get_by_genl_info()
53 * wimax_dev->op_msg_from_user() Delivery of message to the driver
54 *
55 * wimax_msg() Send a message to user space
56 * wimax_msg_alloc()
57 * wimax_msg_send()
58 */
59 #include <linux/device.h>
60 #include <linux/slab.h>
61 #include <net/genetlink.h>
62 #include <linux/netdevice.h>
63 #include <linux/wimax.h>
64 #include <linux/security.h>
65 #include <linux/export.h>
66 #include "wimax-internal.h"
67
68
69 #define D_SUBMODULE op_msg
70 #include "debug-levels.h"
71
72
73 /**
74 * wimax_msg_alloc - Create a new skb for sending a message to userspace
75 *
76 * @wimax_dev: WiMAX device descriptor
77 * @pipe_name: "named pipe" the message will be sent to
78 * @msg: pointer to the message data to send
79 * @size: size of the message to send (in bytes), including the header.
80 * @gfp_flags: flags for memory allocation.
81 *
82 * Returns: %0 if ok, negative errno code on error
83 *
84 * Description:
85 *
86 * Allocates an skb that will contain the message to send to user
87 * space over the messaging pipe and initializes it, copying the
88 * payload.
89 *
90 * Once this call is done, you can deliver it with
91 * wimax_msg_send().
92 *
93 * IMPORTANT:
94 *
95 * Don't use skb_push()/skb_pull()/skb_reserve() on the skb, as
96 * wimax_msg_send() depends on skb->data being placed at the
97 * beginning of the user message.
98 *
99 * Unlike other WiMAX stack calls, this call can be used way early,
100 * even before wimax_dev_add() is called, as long as the
101 * wimax_dev->net_dev pointer is set to point to a proper
102 * net_dev. This is so that drivers can use it early in case they need
103 * to send stuff around or communicate with user space.
104 */
wimax_msg_alloc(struct wimax_dev * wimax_dev,const char * pipe_name,const void * msg,size_t size,gfp_t gfp_flags)105 struct sk_buff *wimax_msg_alloc(struct wimax_dev *wimax_dev,
106 const char *pipe_name,
107 const void *msg, size_t size,
108 gfp_t gfp_flags)
109 {
110 int result;
111 struct device *dev = wimax_dev_to_dev(wimax_dev);
112 size_t msg_size;
113 void *genl_msg;
114 struct sk_buff *skb;
115
116 msg_size = nla_total_size(size)
117 + nla_total_size(sizeof(u32))
118 + (pipe_name ? nla_total_size(strlen(pipe_name)) : 0);
119 result = -ENOMEM;
120 skb = genlmsg_new(msg_size, gfp_flags);
121 if (skb == NULL)
122 goto error_new;
123 genl_msg = genlmsg_put(skb, 0, 0, &wimax_gnl_family,
124 0, WIMAX_GNL_OP_MSG_TO_USER);
125 if (genl_msg == NULL) {
126 dev_err(dev, "no memory to create generic netlink message\n");
127 goto error_genlmsg_put;
128 }
129 result = nla_put_u32(skb, WIMAX_GNL_MSG_IFIDX,
130 wimax_dev->net_dev->ifindex);
131 if (result < 0) {
132 dev_err(dev, "no memory to add ifindex attribute\n");
133 goto error_nla_put;
134 }
135 if (pipe_name) {
136 result = nla_put_string(skb, WIMAX_GNL_MSG_PIPE_NAME,
137 pipe_name);
138 if (result < 0) {
139 dev_err(dev, "no memory to add pipe_name attribute\n");
140 goto error_nla_put;
141 }
142 }
143 result = nla_put(skb, WIMAX_GNL_MSG_DATA, size, msg);
144 if (result < 0) {
145 dev_err(dev, "no memory to add payload (msg %p size %zu) in "
146 "attribute: %d\n", msg, size, result);
147 goto error_nla_put;
148 }
149 genlmsg_end(skb, genl_msg);
150 return skb;
151
152 error_nla_put:
153 error_genlmsg_put:
154 error_new:
155 nlmsg_free(skb);
156 return ERR_PTR(result);
157 }
158 EXPORT_SYMBOL_GPL(wimax_msg_alloc);
159
160
161 /**
162 * wimax_msg_data_len - Return a pointer and size of a message's payload
163 *
164 * @msg: Pointer to a message created with wimax_msg_alloc()
165 * @size: Pointer to where to store the message's size
166 *
167 * Returns the pointer to the message data.
168 */
wimax_msg_data_len(struct sk_buff * msg,size_t * size)169 const void *wimax_msg_data_len(struct sk_buff *msg, size_t *size)
170 {
171 struct nlmsghdr *nlh = (void *) msg->head;
172 struct nlattr *nla;
173
174 nla = nlmsg_find_attr(nlh, sizeof(struct genlmsghdr),
175 WIMAX_GNL_MSG_DATA);
176 if (nla == NULL) {
177 pr_err("Cannot find attribute WIMAX_GNL_MSG_DATA\n");
178 return NULL;
179 }
180 *size = nla_len(nla);
181 return nla_data(nla);
182 }
183 EXPORT_SYMBOL_GPL(wimax_msg_data_len);
184
185
186 /**
187 * wimax_msg_data - Return a pointer to a message's payload
188 *
189 * @msg: Pointer to a message created with wimax_msg_alloc()
190 */
wimax_msg_data(struct sk_buff * msg)191 const void *wimax_msg_data(struct sk_buff *msg)
192 {
193 struct nlmsghdr *nlh = (void *) msg->head;
194 struct nlattr *nla;
195
196 nla = nlmsg_find_attr(nlh, sizeof(struct genlmsghdr),
197 WIMAX_GNL_MSG_DATA);
198 if (nla == NULL) {
199 pr_err("Cannot find attribute WIMAX_GNL_MSG_DATA\n");
200 return NULL;
201 }
202 return nla_data(nla);
203 }
204 EXPORT_SYMBOL_GPL(wimax_msg_data);
205
206
207 /**
208 * wimax_msg_len - Return a message's payload length
209 *
210 * @msg: Pointer to a message created with wimax_msg_alloc()
211 */
wimax_msg_len(struct sk_buff * msg)212 ssize_t wimax_msg_len(struct sk_buff *msg)
213 {
214 struct nlmsghdr *nlh = (void *) msg->head;
215 struct nlattr *nla;
216
217 nla = nlmsg_find_attr(nlh, sizeof(struct genlmsghdr),
218 WIMAX_GNL_MSG_DATA);
219 if (nla == NULL) {
220 pr_err("Cannot find attribute WIMAX_GNL_MSG_DATA\n");
221 return -EINVAL;
222 }
223 return nla_len(nla);
224 }
225 EXPORT_SYMBOL_GPL(wimax_msg_len);
226
227
228 /**
229 * wimax_msg_send - Send a pre-allocated message to user space
230 *
231 * @wimax_dev: WiMAX device descriptor
232 *
233 * @skb: &struct sk_buff returned by wimax_msg_alloc(). Note the
234 * ownership of @skb is transferred to this function.
235 *
236 * Returns: 0 if ok, < 0 errno code on error
237 *
238 * Description:
239 *
240 * Sends a free-form message that was preallocated with
241 * wimax_msg_alloc() and filled up.
242 *
243 * Assumes that once you pass an skb to this function for sending, it
244 * owns it and will release it when done (on success).
245 *
246 * IMPORTANT:
247 *
248 * Don't use skb_push()/skb_pull()/skb_reserve() on the skb, as
249 * wimax_msg_send() depends on skb->data being placed at the
250 * beginning of the user message.
251 *
252 * Unlike other WiMAX stack calls, this call can be used way early,
253 * even before wimax_dev_add() is called, as long as the
254 * wimax_dev->net_dev pointer is set to point to a proper
255 * net_dev. This is so that drivers can use it early in case they need
256 * to send stuff around or communicate with user space.
257 */
wimax_msg_send(struct wimax_dev * wimax_dev,struct sk_buff * skb)258 int wimax_msg_send(struct wimax_dev *wimax_dev, struct sk_buff *skb)
259 {
260 struct device *dev = wimax_dev_to_dev(wimax_dev);
261 void *msg = skb->data;
262 size_t size = skb->len;
263 might_sleep();
264
265 d_printf(1, dev, "CTX: wimax msg, %zu bytes\n", size);
266 d_dump(2, dev, msg, size);
267 genlmsg_multicast(&wimax_gnl_family, skb, 0, 0, GFP_KERNEL);
268 d_printf(1, dev, "CTX: genl multicast done\n");
269 return 0;
270 }
271 EXPORT_SYMBOL_GPL(wimax_msg_send);
272
273
274 /**
275 * wimax_msg - Send a message to user space
276 *
277 * @wimax_dev: WiMAX device descriptor (properly referenced)
278 * @pipe_name: "named pipe" the message will be sent to
279 * @buf: pointer to the message to send.
280 * @size: size of the buffer pointed to by @buf (in bytes).
281 * @gfp_flags: flags for memory allocation.
282 *
283 * Returns: %0 if ok, negative errno code on error.
284 *
285 * Description:
286 *
287 * Sends a free-form message to user space on the device @wimax_dev.
288 *
289 * NOTES:
290 *
291 * Once the @skb is given to this function, who will own it and will
292 * release it when done (unless it returns error).
293 */
wimax_msg(struct wimax_dev * wimax_dev,const char * pipe_name,const void * buf,size_t size,gfp_t gfp_flags)294 int wimax_msg(struct wimax_dev *wimax_dev, const char *pipe_name,
295 const void *buf, size_t size, gfp_t gfp_flags)
296 {
297 int result = -ENOMEM;
298 struct sk_buff *skb;
299
300 skb = wimax_msg_alloc(wimax_dev, pipe_name, buf, size, gfp_flags);
301 if (IS_ERR(skb))
302 result = PTR_ERR(skb);
303 else
304 result = wimax_msg_send(wimax_dev, skb);
305 return result;
306 }
307 EXPORT_SYMBOL_GPL(wimax_msg);
308
309 /*
310 * Relays a message from user space to the driver
311 *
312 * The skb is passed to the driver-specific function with the netlink
313 * and generic netlink headers already stripped.
314 *
315 * This call will block while handling/relaying the message.
316 */
wimax_gnl_doit_msg_from_user(struct sk_buff * skb,struct genl_info * info)317 int wimax_gnl_doit_msg_from_user(struct sk_buff *skb, struct genl_info *info)
318 {
319 int result, ifindex;
320 struct wimax_dev *wimax_dev;
321 struct device *dev;
322 struct nlmsghdr *nlh = info->nlhdr;
323 char *pipe_name;
324 void *msg_buf;
325 size_t msg_len;
326
327 might_sleep();
328 d_fnstart(3, NULL, "(skb %p info %p)\n", skb, info);
329 result = -ENODEV;
330 if (info->attrs[WIMAX_GNL_MSG_IFIDX] == NULL) {
331 pr_err("WIMAX_GNL_MSG_FROM_USER: can't find IFIDX attribute\n");
332 goto error_no_wimax_dev;
333 }
334 ifindex = nla_get_u32(info->attrs[WIMAX_GNL_MSG_IFIDX]);
335 wimax_dev = wimax_dev_get_by_genl_info(info, ifindex);
336 if (wimax_dev == NULL)
337 goto error_no_wimax_dev;
338 dev = wimax_dev_to_dev(wimax_dev);
339
340 /* Unpack arguments */
341 result = -EINVAL;
342 if (info->attrs[WIMAX_GNL_MSG_DATA] == NULL) {
343 dev_err(dev, "WIMAX_GNL_MSG_FROM_USER: can't find MSG_DATA "
344 "attribute\n");
345 goto error_no_data;
346 }
347 msg_buf = nla_data(info->attrs[WIMAX_GNL_MSG_DATA]);
348 msg_len = nla_len(info->attrs[WIMAX_GNL_MSG_DATA]);
349
350 if (info->attrs[WIMAX_GNL_MSG_PIPE_NAME] == NULL)
351 pipe_name = NULL;
352 else {
353 struct nlattr *attr = info->attrs[WIMAX_GNL_MSG_PIPE_NAME];
354 size_t attr_len = nla_len(attr);
355 /* libnl-1.1 does not yet support NLA_NUL_STRING */
356 result = -ENOMEM;
357 pipe_name = kstrndup(nla_data(attr), attr_len + 1, GFP_KERNEL);
358 if (pipe_name == NULL)
359 goto error_alloc;
360 pipe_name[attr_len] = 0;
361 }
362 mutex_lock(&wimax_dev->mutex);
363 result = wimax_dev_is_ready(wimax_dev);
364 if (result == -ENOMEDIUM)
365 result = 0;
366 if (result < 0)
367 goto error_not_ready;
368 result = -ENOSYS;
369 if (wimax_dev->op_msg_from_user == NULL)
370 goto error_noop;
371
372 d_printf(1, dev,
373 "CRX: nlmsghdr len %u type %u flags 0x%04x seq 0x%x pid %u\n",
374 nlh->nlmsg_len, nlh->nlmsg_type, nlh->nlmsg_flags,
375 nlh->nlmsg_seq, nlh->nlmsg_pid);
376 d_printf(1, dev, "CRX: wimax message %zu bytes\n", msg_len);
377 d_dump(2, dev, msg_buf, msg_len);
378
379 result = wimax_dev->op_msg_from_user(wimax_dev, pipe_name,
380 msg_buf, msg_len, info);
381 error_noop:
382 error_not_ready:
383 mutex_unlock(&wimax_dev->mutex);
384 error_alloc:
385 kfree(pipe_name);
386 error_no_data:
387 dev_put(wimax_dev->net_dev);
388 error_no_wimax_dev:
389 d_fnend(3, NULL, "(skb %p info %p) = %d\n", skb, info, result);
390 return result;
391 }
392
