1 // SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
2 /* raw.c - Raw sockets for protocol family CAN
3  *
4  * Copyright (c) 2002-2007 Volkswagen Group Electronic Research
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of Volkswagen nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * Alternatively, provided that this notice is retained in full, this
20  * software may be distributed under the terms of the GNU General
21  * Public License ("GPL") version 2, in which case the provisions of the
22  * GPL apply INSTEAD OF those given above.
23  *
24  * The provided data structures and external interfaces from this code
25  * are not restricted to be used by modules with a GPL compatible license.
26  *
27  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38  * DAMAGE.
39  *
40  */
41 
42 #include <linux/module.h>
43 #include <linux/init.h>
44 #include <linux/uio.h>
45 #include <linux/net.h>
46 #include <linux/slab.h>
47 #include <linux/netdevice.h>
48 #include <linux/socket.h>
49 #include <linux/if_arp.h>
50 #include <linux/skbuff.h>
51 #include <linux/can.h>
52 #include <linux/can/core.h>
53 #include <linux/can/dev.h> /* for can_is_canxl_dev_mtu() */
54 #include <linux/can/skb.h>
55 #include <linux/can/raw.h>
56 #include <net/sock.h>
57 #include <net/net_namespace.h>
58 
59 MODULE_DESCRIPTION("PF_CAN raw protocol");
60 MODULE_LICENSE("Dual BSD/GPL");
61 MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
62 MODULE_ALIAS("can-proto-1");
63 
64 #define RAW_MIN_NAMELEN CAN_REQUIRED_SIZE(struct sockaddr_can, can_ifindex)
65 
66 #define MASK_ALL 0
67 
68 /* A raw socket has a list of can_filters attached to it, each receiving
69  * the CAN frames matching that filter.  If the filter list is empty,
70  * no CAN frames will be received by the socket.  The default after
71  * opening the socket, is to have one filter which receives all frames.
72  * The filter list is allocated dynamically with the exception of the
73  * list containing only one item.  This common case is optimized by
74  * storing the single filter in dfilter, to avoid using dynamic memory.
75  */
76 
77 struct uniqframe {
78 	int skbcnt;
79 	const struct sk_buff *skb;
80 	unsigned int join_rx_count;
81 };
82 
83 struct raw_sock {
84 	struct sock sk;
85 	int bound;
86 	int ifindex;
87 	struct net_device *dev;
88 	netdevice_tracker dev_tracker;
89 	struct list_head notifier;
90 	int loopback;
91 	int recv_own_msgs;
92 	int fd_frames;
93 	int xl_frames;
94 	int join_filters;
95 	int count;                 /* number of active filters */
96 	struct can_filter dfilter; /* default/single filter */
97 	struct can_filter *filter; /* pointer to filter(s) */
98 	can_err_mask_t err_mask;
99 	struct uniqframe __percpu *uniq;
100 };
101 
102 static LIST_HEAD(raw_notifier_list);
103 static DEFINE_SPINLOCK(raw_notifier_lock);
104 static struct raw_sock *raw_busy_notifier;
105 
106 /* Return pointer to store the extra msg flags for raw_recvmsg().
107  * We use the space of one unsigned int beyond the 'struct sockaddr_can'
108  * in skb->cb.
109  */
raw_flags(struct sk_buff * skb)110 static inline unsigned int *raw_flags(struct sk_buff *skb)
111 {
112 	sock_skb_cb_check_size(sizeof(struct sockaddr_can) +
113 			       sizeof(unsigned int));
114 
115 	/* return pointer after struct sockaddr_can */
116 	return (unsigned int *)(&((struct sockaddr_can *)skb->cb)[1]);
117 }
118 
raw_sk(const struct sock * sk)119 static inline struct raw_sock *raw_sk(const struct sock *sk)
120 {
121 	return (struct raw_sock *)sk;
122 }
123 
raw_rcv(struct sk_buff * oskb,void * data)124 static void raw_rcv(struct sk_buff *oskb, void *data)
125 {
126 	struct sock *sk = (struct sock *)data;
127 	struct raw_sock *ro = raw_sk(sk);
128 	struct sockaddr_can *addr;
129 	struct sk_buff *skb;
130 	unsigned int *pflags;
131 
132 	/* check the received tx sock reference */
133 	if (!ro->recv_own_msgs && oskb->sk == sk)
134 		return;
135 
136 	/* make sure to not pass oversized frames to the socket */
137 	if ((!ro->fd_frames && can_is_canfd_skb(oskb)) ||
138 	    (!ro->xl_frames && can_is_canxl_skb(oskb)))
139 		return;
140 
141 	/* eliminate multiple filter matches for the same skb */
142 	if (this_cpu_ptr(ro->uniq)->skb == oskb &&
143 	    this_cpu_ptr(ro->uniq)->skbcnt == can_skb_prv(oskb)->skbcnt) {
144 		if (!ro->join_filters)
145 			return;
146 
147 		this_cpu_inc(ro->uniq->join_rx_count);
148 		/* drop frame until all enabled filters matched */
149 		if (this_cpu_ptr(ro->uniq)->join_rx_count < ro->count)
150 			return;
151 	} else {
152 		this_cpu_ptr(ro->uniq)->skb = oskb;
153 		this_cpu_ptr(ro->uniq)->skbcnt = can_skb_prv(oskb)->skbcnt;
154 		this_cpu_ptr(ro->uniq)->join_rx_count = 1;
155 		/* drop first frame to check all enabled filters? */
156 		if (ro->join_filters && ro->count > 1)
157 			return;
158 	}
159 
160 	/* clone the given skb to be able to enqueue it into the rcv queue */
161 	skb = skb_clone(oskb, GFP_ATOMIC);
162 	if (!skb)
163 		return;
164 
165 	/* Put the datagram to the queue so that raw_recvmsg() can get
166 	 * it from there. We need to pass the interface index to
167 	 * raw_recvmsg(). We pass a whole struct sockaddr_can in
168 	 * skb->cb containing the interface index.
169 	 */
170 
171 	sock_skb_cb_check_size(sizeof(struct sockaddr_can));
172 	addr = (struct sockaddr_can *)skb->cb;
173 	memset(addr, 0, sizeof(*addr));
174 	addr->can_family = AF_CAN;
175 	addr->can_ifindex = skb->dev->ifindex;
176 
177 	/* add CAN specific message flags for raw_recvmsg() */
178 	pflags = raw_flags(skb);
179 	*pflags = 0;
180 	if (oskb->sk)
181 		*pflags |= MSG_DONTROUTE;
182 	if (oskb->sk == sk)
183 		*pflags |= MSG_CONFIRM;
184 
185 	if (sock_queue_rcv_skb(sk, skb) < 0)
186 		kfree_skb(skb);
187 }
188 
raw_enable_filters(struct net * net,struct net_device * dev,struct sock * sk,struct can_filter * filter,int count)189 static int raw_enable_filters(struct net *net, struct net_device *dev,
190 			      struct sock *sk, struct can_filter *filter,
191 			      int count)
192 {
193 	int err = 0;
194 	int i;
195 
196 	for (i = 0; i < count; i++) {
197 		err = can_rx_register(net, dev, filter[i].can_id,
198 				      filter[i].can_mask,
199 				      raw_rcv, sk, "raw", sk);
200 		if (err) {
201 			/* clean up successfully registered filters */
202 			while (--i >= 0)
203 				can_rx_unregister(net, dev, filter[i].can_id,
204 						  filter[i].can_mask,
205 						  raw_rcv, sk);
206 			break;
207 		}
208 	}
209 
210 	return err;
211 }
212 
raw_enable_errfilter(struct net * net,struct net_device * dev,struct sock * sk,can_err_mask_t err_mask)213 static int raw_enable_errfilter(struct net *net, struct net_device *dev,
214 				struct sock *sk, can_err_mask_t err_mask)
215 {
216 	int err = 0;
217 
218 	if (err_mask)
219 		err = can_rx_register(net, dev, 0, err_mask | CAN_ERR_FLAG,
220 				      raw_rcv, sk, "raw", sk);
221 
222 	return err;
223 }
224 
raw_disable_filters(struct net * net,struct net_device * dev,struct sock * sk,struct can_filter * filter,int count)225 static void raw_disable_filters(struct net *net, struct net_device *dev,
226 				struct sock *sk, struct can_filter *filter,
227 				int count)
228 {
229 	int i;
230 
231 	for (i = 0; i < count; i++)
232 		can_rx_unregister(net, dev, filter[i].can_id,
233 				  filter[i].can_mask, raw_rcv, sk);
234 }
235 
raw_disable_errfilter(struct net * net,struct net_device * dev,struct sock * sk,can_err_mask_t err_mask)236 static inline void raw_disable_errfilter(struct net *net,
237 					 struct net_device *dev,
238 					 struct sock *sk,
239 					 can_err_mask_t err_mask)
240 
241 {
242 	if (err_mask)
243 		can_rx_unregister(net, dev, 0, err_mask | CAN_ERR_FLAG,
244 				  raw_rcv, sk);
245 }
246 
raw_disable_allfilters(struct net * net,struct net_device * dev,struct sock * sk)247 static inline void raw_disable_allfilters(struct net *net,
248 					  struct net_device *dev,
249 					  struct sock *sk)
250 {
251 	struct raw_sock *ro = raw_sk(sk);
252 
253 	raw_disable_filters(net, dev, sk, ro->filter, ro->count);
254 	raw_disable_errfilter(net, dev, sk, ro->err_mask);
255 }
256 
raw_enable_allfilters(struct net * net,struct net_device * dev,struct sock * sk)257 static int raw_enable_allfilters(struct net *net, struct net_device *dev,
258 				 struct sock *sk)
259 {
260 	struct raw_sock *ro = raw_sk(sk);
261 	int err;
262 
263 	err = raw_enable_filters(net, dev, sk, ro->filter, ro->count);
264 	if (!err) {
265 		err = raw_enable_errfilter(net, dev, sk, ro->err_mask);
266 		if (err)
267 			raw_disable_filters(net, dev, sk, ro->filter,
268 					    ro->count);
269 	}
270 
271 	return err;
272 }
273 
raw_notify(struct raw_sock * ro,unsigned long msg,struct net_device * dev)274 static void raw_notify(struct raw_sock *ro, unsigned long msg,
275 		       struct net_device *dev)
276 {
277 	struct sock *sk = &ro->sk;
278 
279 	if (!net_eq(dev_net(dev), sock_net(sk)))
280 		return;
281 
282 	if (ro->dev != dev)
283 		return;
284 
285 	switch (msg) {
286 	case NETDEV_UNREGISTER:
287 		lock_sock(sk);
288 		/* remove current filters & unregister */
289 		if (ro->bound) {
290 			raw_disable_allfilters(dev_net(dev), dev, sk);
291 			netdev_put(dev, &ro->dev_tracker);
292 		}
293 
294 		if (ro->count > 1)
295 			kfree(ro->filter);
296 
297 		ro->ifindex = 0;
298 		ro->bound = 0;
299 		ro->dev = NULL;
300 		ro->count = 0;
301 		release_sock(sk);
302 
303 		sk->sk_err = ENODEV;
304 		if (!sock_flag(sk, SOCK_DEAD))
305 			sk_error_report(sk);
306 		break;
307 
308 	case NETDEV_DOWN:
309 		sk->sk_err = ENETDOWN;
310 		if (!sock_flag(sk, SOCK_DEAD))
311 			sk_error_report(sk);
312 		break;
313 	}
314 }
315 
raw_notifier(struct notifier_block * nb,unsigned long msg,void * ptr)316 static int raw_notifier(struct notifier_block *nb, unsigned long msg,
317 			void *ptr)
318 {
319 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
320 
321 	if (dev->type != ARPHRD_CAN)
322 		return NOTIFY_DONE;
323 	if (msg != NETDEV_UNREGISTER && msg != NETDEV_DOWN)
324 		return NOTIFY_DONE;
325 	if (unlikely(raw_busy_notifier)) /* Check for reentrant bug. */
326 		return NOTIFY_DONE;
327 
328 	spin_lock(&raw_notifier_lock);
329 	list_for_each_entry(raw_busy_notifier, &raw_notifier_list, notifier) {
330 		spin_unlock(&raw_notifier_lock);
331 		raw_notify(raw_busy_notifier, msg, dev);
332 		spin_lock(&raw_notifier_lock);
333 	}
334 	raw_busy_notifier = NULL;
335 	spin_unlock(&raw_notifier_lock);
336 	return NOTIFY_DONE;
337 }
338 
raw_init(struct sock * sk)339 static int raw_init(struct sock *sk)
340 {
341 	struct raw_sock *ro = raw_sk(sk);
342 
343 	ro->bound            = 0;
344 	ro->ifindex          = 0;
345 	ro->dev              = NULL;
346 
347 	/* set default filter to single entry dfilter */
348 	ro->dfilter.can_id   = 0;
349 	ro->dfilter.can_mask = MASK_ALL;
350 	ro->filter           = &ro->dfilter;
351 	ro->count            = 1;
352 
353 	/* set default loopback behaviour */
354 	ro->loopback         = 1;
355 	ro->recv_own_msgs    = 0;
356 	ro->fd_frames        = 0;
357 	ro->xl_frames        = 0;
358 	ro->join_filters     = 0;
359 
360 	/* alloc_percpu provides zero'ed memory */
361 	ro->uniq = alloc_percpu(struct uniqframe);
362 	if (unlikely(!ro->uniq))
363 		return -ENOMEM;
364 
365 	/* set notifier */
366 	spin_lock(&raw_notifier_lock);
367 	list_add_tail(&ro->notifier, &raw_notifier_list);
368 	spin_unlock(&raw_notifier_lock);
369 
370 	return 0;
371 }
372 
raw_release(struct socket * sock)373 static int raw_release(struct socket *sock)
374 {
375 	struct sock *sk = sock->sk;
376 	struct raw_sock *ro;
377 
378 	if (!sk)
379 		return 0;
380 
381 	ro = raw_sk(sk);
382 
383 	spin_lock(&raw_notifier_lock);
384 	while (raw_busy_notifier == ro) {
385 		spin_unlock(&raw_notifier_lock);
386 		schedule_timeout_uninterruptible(1);
387 		spin_lock(&raw_notifier_lock);
388 	}
389 	list_del(&ro->notifier);
390 	spin_unlock(&raw_notifier_lock);
391 
392 	rtnl_lock();
393 	lock_sock(sk);
394 
395 	/* remove current filters & unregister */
396 	if (ro->bound) {
397 		if (ro->dev) {
398 			raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk);
399 			netdev_put(ro->dev, &ro->dev_tracker);
400 		} else {
401 			raw_disable_allfilters(sock_net(sk), NULL, sk);
402 		}
403 	}
404 
405 	if (ro->count > 1)
406 		kfree(ro->filter);
407 
408 	ro->ifindex = 0;
409 	ro->bound = 0;
410 	ro->dev = NULL;
411 	ro->count = 0;
412 	free_percpu(ro->uniq);
413 
414 	sock_orphan(sk);
415 	sock->sk = NULL;
416 
417 	release_sock(sk);
418 	rtnl_unlock();
419 
420 	sock_put(sk);
421 
422 	return 0;
423 }
424 
raw_bind(struct socket * sock,struct sockaddr * uaddr,int len)425 static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len)
426 {
427 	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
428 	struct sock *sk = sock->sk;
429 	struct raw_sock *ro = raw_sk(sk);
430 	struct net_device *dev = NULL;
431 	int ifindex;
432 	int err = 0;
433 	int notify_enetdown = 0;
434 
435 	if (len < RAW_MIN_NAMELEN)
436 		return -EINVAL;
437 	if (addr->can_family != AF_CAN)
438 		return -EINVAL;
439 
440 	rtnl_lock();
441 	lock_sock(sk);
442 
443 	if (ro->bound && addr->can_ifindex == ro->ifindex)
444 		goto out;
445 
446 	if (addr->can_ifindex) {
447 		dev = dev_get_by_index(sock_net(sk), addr->can_ifindex);
448 		if (!dev) {
449 			err = -ENODEV;
450 			goto out;
451 		}
452 		if (dev->type != ARPHRD_CAN) {
453 			err = -ENODEV;
454 			goto out_put_dev;
455 		}
456 
457 		if (!(dev->flags & IFF_UP))
458 			notify_enetdown = 1;
459 
460 		ifindex = dev->ifindex;
461 
462 		/* filters set by default/setsockopt */
463 		err = raw_enable_allfilters(sock_net(sk), dev, sk);
464 		if (err)
465 			goto out_put_dev;
466 
467 	} else {
468 		ifindex = 0;
469 
470 		/* filters set by default/setsockopt */
471 		err = raw_enable_allfilters(sock_net(sk), NULL, sk);
472 	}
473 
474 	if (!err) {
475 		if (ro->bound) {
476 			/* unregister old filters */
477 			if (ro->dev) {
478 				raw_disable_allfilters(dev_net(ro->dev),
479 						       ro->dev, sk);
480 				/* drop reference to old ro->dev */
481 				netdev_put(ro->dev, &ro->dev_tracker);
482 			} else {
483 				raw_disable_allfilters(sock_net(sk), NULL, sk);
484 			}
485 		}
486 		ro->ifindex = ifindex;
487 		ro->bound = 1;
488 		/* bind() ok -> hold a reference for new ro->dev */
489 		ro->dev = dev;
490 		if (ro->dev)
491 			netdev_hold(ro->dev, &ro->dev_tracker, GFP_KERNEL);
492 	}
493 
494 out_put_dev:
495 	/* remove potential reference from dev_get_by_index() */
496 	if (dev)
497 		dev_put(dev);
498 out:
499 	release_sock(sk);
500 	rtnl_unlock();
501 
502 	if (notify_enetdown) {
503 		sk->sk_err = ENETDOWN;
504 		if (!sock_flag(sk, SOCK_DEAD))
505 			sk_error_report(sk);
506 	}
507 
508 	return err;
509 }
510 
raw_getname(struct socket * sock,struct sockaddr * uaddr,int peer)511 static int raw_getname(struct socket *sock, struct sockaddr *uaddr,
512 		       int peer)
513 {
514 	struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
515 	struct sock *sk = sock->sk;
516 	struct raw_sock *ro = raw_sk(sk);
517 
518 	if (peer)
519 		return -EOPNOTSUPP;
520 
521 	memset(addr, 0, RAW_MIN_NAMELEN);
522 	addr->can_family  = AF_CAN;
523 	addr->can_ifindex = ro->ifindex;
524 
525 	return RAW_MIN_NAMELEN;
526 }
527 
raw_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)528 static int raw_setsockopt(struct socket *sock, int level, int optname,
529 			  sockptr_t optval, unsigned int optlen)
530 {
531 	struct sock *sk = sock->sk;
532 	struct raw_sock *ro = raw_sk(sk);
533 	struct can_filter *filter = NULL;  /* dyn. alloc'ed filters */
534 	struct can_filter sfilter;         /* single filter */
535 	struct net_device *dev = NULL;
536 	can_err_mask_t err_mask = 0;
537 	int fd_frames;
538 	int count = 0;
539 	int err = 0;
540 
541 	if (level != SOL_CAN_RAW)
542 		return -EINVAL;
543 
544 	switch (optname) {
545 	case CAN_RAW_FILTER:
546 		if (optlen % sizeof(struct can_filter) != 0)
547 			return -EINVAL;
548 
549 		if (optlen > CAN_RAW_FILTER_MAX * sizeof(struct can_filter))
550 			return -EINVAL;
551 
552 		count = optlen / sizeof(struct can_filter);
553 
554 		if (count > 1) {
555 			/* filter does not fit into dfilter => alloc space */
556 			filter = memdup_sockptr(optval, optlen);
557 			if (IS_ERR(filter))
558 				return PTR_ERR(filter);
559 		} else if (count == 1) {
560 			if (copy_from_sockptr(&sfilter, optval, sizeof(sfilter)))
561 				return -EFAULT;
562 		}
563 
564 		rtnl_lock();
565 		lock_sock(sk);
566 
567 		dev = ro->dev;
568 		if (ro->bound && dev) {
569 			if (dev->reg_state != NETREG_REGISTERED) {
570 				if (count > 1)
571 					kfree(filter);
572 				err = -ENODEV;
573 				goto out_fil;
574 			}
575 		}
576 
577 		if (ro->bound) {
578 			/* (try to) register the new filters */
579 			if (count == 1)
580 				err = raw_enable_filters(sock_net(sk), dev, sk,
581 							 &sfilter, 1);
582 			else
583 				err = raw_enable_filters(sock_net(sk), dev, sk,
584 							 filter, count);
585 			if (err) {
586 				if (count > 1)
587 					kfree(filter);
588 				goto out_fil;
589 			}
590 
591 			/* remove old filter registrations */
592 			raw_disable_filters(sock_net(sk), dev, sk, ro->filter,
593 					    ro->count);
594 		}
595 
596 		/* remove old filter space */
597 		if (ro->count > 1)
598 			kfree(ro->filter);
599 
600 		/* link new filters to the socket */
601 		if (count == 1) {
602 			/* copy filter data for single filter */
603 			ro->dfilter = sfilter;
604 			filter = &ro->dfilter;
605 		}
606 		ro->filter = filter;
607 		ro->count  = count;
608 
609  out_fil:
610 		release_sock(sk);
611 		rtnl_unlock();
612 
613 		break;
614 
615 	case CAN_RAW_ERR_FILTER:
616 		if (optlen != sizeof(err_mask))
617 			return -EINVAL;
618 
619 		if (copy_from_sockptr(&err_mask, optval, optlen))
620 			return -EFAULT;
621 
622 		err_mask &= CAN_ERR_MASK;
623 
624 		rtnl_lock();
625 		lock_sock(sk);
626 
627 		dev = ro->dev;
628 		if (ro->bound && dev) {
629 			if (dev->reg_state != NETREG_REGISTERED) {
630 				err = -ENODEV;
631 				goto out_err;
632 			}
633 		}
634 
635 		/* remove current error mask */
636 		if (ro->bound) {
637 			/* (try to) register the new err_mask */
638 			err = raw_enable_errfilter(sock_net(sk), dev, sk,
639 						   err_mask);
640 
641 			if (err)
642 				goto out_err;
643 
644 			/* remove old err_mask registration */
645 			raw_disable_errfilter(sock_net(sk), dev, sk,
646 					      ro->err_mask);
647 		}
648 
649 		/* link new err_mask to the socket */
650 		ro->err_mask = err_mask;
651 
652  out_err:
653 		release_sock(sk);
654 		rtnl_unlock();
655 
656 		break;
657 
658 	case CAN_RAW_LOOPBACK:
659 		if (optlen != sizeof(ro->loopback))
660 			return -EINVAL;
661 
662 		if (copy_from_sockptr(&ro->loopback, optval, optlen))
663 			return -EFAULT;
664 
665 		break;
666 
667 	case CAN_RAW_RECV_OWN_MSGS:
668 		if (optlen != sizeof(ro->recv_own_msgs))
669 			return -EINVAL;
670 
671 		if (copy_from_sockptr(&ro->recv_own_msgs, optval, optlen))
672 			return -EFAULT;
673 
674 		break;
675 
676 	case CAN_RAW_FD_FRAMES:
677 		if (optlen != sizeof(fd_frames))
678 			return -EINVAL;
679 
680 		if (copy_from_sockptr(&fd_frames, optval, optlen))
681 			return -EFAULT;
682 
683 		/* Enabling CAN XL includes CAN FD */
684 		if (ro->xl_frames && !fd_frames)
685 			return -EINVAL;
686 
687 		ro->fd_frames = fd_frames;
688 		break;
689 
690 	case CAN_RAW_XL_FRAMES:
691 		if (optlen != sizeof(ro->xl_frames))
692 			return -EINVAL;
693 
694 		if (copy_from_sockptr(&ro->xl_frames, optval, optlen))
695 			return -EFAULT;
696 
697 		/* Enabling CAN XL includes CAN FD */
698 		if (ro->xl_frames)
699 			ro->fd_frames = ro->xl_frames;
700 		break;
701 
702 	case CAN_RAW_JOIN_FILTERS:
703 		if (optlen != sizeof(ro->join_filters))
704 			return -EINVAL;
705 
706 		if (copy_from_sockptr(&ro->join_filters, optval, optlen))
707 			return -EFAULT;
708 
709 		break;
710 
711 	default:
712 		return -ENOPROTOOPT;
713 	}
714 	return err;
715 }
716 
raw_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)717 static int raw_getsockopt(struct socket *sock, int level, int optname,
718 			  char __user *optval, int __user *optlen)
719 {
720 	struct sock *sk = sock->sk;
721 	struct raw_sock *ro = raw_sk(sk);
722 	int len;
723 	void *val;
724 	int err = 0;
725 
726 	if (level != SOL_CAN_RAW)
727 		return -EINVAL;
728 	if (get_user(len, optlen))
729 		return -EFAULT;
730 	if (len < 0)
731 		return -EINVAL;
732 
733 	switch (optname) {
734 	case CAN_RAW_FILTER:
735 		lock_sock(sk);
736 		if (ro->count > 0) {
737 			int fsize = ro->count * sizeof(struct can_filter);
738 
739 			/* user space buffer to small for filter list? */
740 			if (len < fsize) {
741 				/* return -ERANGE and needed space in optlen */
742 				err = -ERANGE;
743 				if (put_user(fsize, optlen))
744 					err = -EFAULT;
745 			} else {
746 				if (len > fsize)
747 					len = fsize;
748 				if (copy_to_user(optval, ro->filter, len))
749 					err = -EFAULT;
750 			}
751 		} else {
752 			len = 0;
753 		}
754 		release_sock(sk);
755 
756 		if (!err)
757 			err = put_user(len, optlen);
758 		return err;
759 
760 	case CAN_RAW_ERR_FILTER:
761 		if (len > sizeof(can_err_mask_t))
762 			len = sizeof(can_err_mask_t);
763 		val = &ro->err_mask;
764 		break;
765 
766 	case CAN_RAW_LOOPBACK:
767 		if (len > sizeof(int))
768 			len = sizeof(int);
769 		val = &ro->loopback;
770 		break;
771 
772 	case CAN_RAW_RECV_OWN_MSGS:
773 		if (len > sizeof(int))
774 			len = sizeof(int);
775 		val = &ro->recv_own_msgs;
776 		break;
777 
778 	case CAN_RAW_FD_FRAMES:
779 		if (len > sizeof(int))
780 			len = sizeof(int);
781 		val = &ro->fd_frames;
782 		break;
783 
784 	case CAN_RAW_XL_FRAMES:
785 		if (len > sizeof(int))
786 			len = sizeof(int);
787 		val = &ro->xl_frames;
788 		break;
789 
790 	case CAN_RAW_JOIN_FILTERS:
791 		if (len > sizeof(int))
792 			len = sizeof(int);
793 		val = &ro->join_filters;
794 		break;
795 
796 	default:
797 		return -ENOPROTOOPT;
798 	}
799 
800 	if (put_user(len, optlen))
801 		return -EFAULT;
802 	if (copy_to_user(optval, val, len))
803 		return -EFAULT;
804 	return 0;
805 }
806 
raw_bad_txframe(struct raw_sock * ro,struct sk_buff * skb,int mtu)807 static bool raw_bad_txframe(struct raw_sock *ro, struct sk_buff *skb, int mtu)
808 {
809 	/* Classical CAN -> no checks for flags and device capabilities */
810 	if (can_is_can_skb(skb))
811 		return false;
812 
813 	/* CAN FD -> needs to be enabled and a CAN FD or CAN XL device */
814 	if (ro->fd_frames && can_is_canfd_skb(skb) &&
815 	    (mtu == CANFD_MTU || can_is_canxl_dev_mtu(mtu)))
816 		return false;
817 
818 	/* CAN XL -> needs to be enabled and a CAN XL device */
819 	if (ro->xl_frames && can_is_canxl_skb(skb) &&
820 	    can_is_canxl_dev_mtu(mtu))
821 		return false;
822 
823 	return true;
824 }
825 
raw_sendmsg(struct socket * sock,struct msghdr * msg,size_t size)826 static int raw_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
827 {
828 	struct sock *sk = sock->sk;
829 	struct raw_sock *ro = raw_sk(sk);
830 	struct sockcm_cookie sockc;
831 	struct sk_buff *skb;
832 	struct net_device *dev;
833 	int ifindex;
834 	int err = -EINVAL;
835 
836 	/* check for valid CAN frame sizes */
837 	if (size < CANXL_HDR_SIZE + CANXL_MIN_DLEN || size > CANXL_MTU)
838 		return -EINVAL;
839 
840 	if (msg->msg_name) {
841 		DECLARE_SOCKADDR(struct sockaddr_can *, addr, msg->msg_name);
842 
843 		if (msg->msg_namelen < RAW_MIN_NAMELEN)
844 			return -EINVAL;
845 
846 		if (addr->can_family != AF_CAN)
847 			return -EINVAL;
848 
849 		ifindex = addr->can_ifindex;
850 	} else {
851 		ifindex = ro->ifindex;
852 	}
853 
854 	dev = dev_get_by_index(sock_net(sk), ifindex);
855 	if (!dev)
856 		return -ENXIO;
857 
858 	skb = sock_alloc_send_skb(sk, size + sizeof(struct can_skb_priv),
859 				  msg->msg_flags & MSG_DONTWAIT, &err);
860 	if (!skb)
861 		goto put_dev;
862 
863 	can_skb_reserve(skb);
864 	can_skb_prv(skb)->ifindex = dev->ifindex;
865 	can_skb_prv(skb)->skbcnt = 0;
866 
867 	/* fill the skb before testing for valid CAN frames */
868 	err = memcpy_from_msg(skb_put(skb, size), msg, size);
869 	if (err < 0)
870 		goto free_skb;
871 
872 	err = -EINVAL;
873 	if (raw_bad_txframe(ro, skb, dev->mtu))
874 		goto free_skb;
875 
876 	sockcm_init(&sockc, sk);
877 	if (msg->msg_controllen) {
878 		err = sock_cmsg_send(sk, msg, &sockc);
879 		if (unlikely(err))
880 			goto free_skb;
881 	}
882 
883 	skb->dev = dev;
884 	skb->priority = sk->sk_priority;
885 	skb->mark = READ_ONCE(sk->sk_mark);
886 	skb->tstamp = sockc.transmit_time;
887 
888 	skb_setup_tx_timestamp(skb, sockc.tsflags);
889 
890 	err = can_send(skb, ro->loopback);
891 
892 	dev_put(dev);
893 
894 	if (err)
895 		goto send_failed;
896 
897 	return size;
898 
899 free_skb:
900 	kfree_skb(skb);
901 put_dev:
902 	dev_put(dev);
903 send_failed:
904 	return err;
905 }
906 
raw_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)907 static int raw_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
908 		       int flags)
909 {
910 	struct sock *sk = sock->sk;
911 	struct sk_buff *skb;
912 	int err = 0;
913 
914 	if (flags & MSG_ERRQUEUE)
915 		return sock_recv_errqueue(sk, msg, size,
916 					  SOL_CAN_RAW, SCM_CAN_RAW_ERRQUEUE);
917 
918 	skb = skb_recv_datagram(sk, flags, &err);
919 	if (!skb)
920 		return err;
921 
922 	if (size < skb->len)
923 		msg->msg_flags |= MSG_TRUNC;
924 	else
925 		size = skb->len;
926 
927 	err = memcpy_to_msg(msg, skb->data, size);
928 	if (err < 0) {
929 		skb_free_datagram(sk, skb);
930 		return err;
931 	}
932 
933 	sock_recv_cmsgs(msg, sk, skb);
934 
935 	if (msg->msg_name) {
936 		__sockaddr_check_size(RAW_MIN_NAMELEN);
937 		msg->msg_namelen = RAW_MIN_NAMELEN;
938 		memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
939 	}
940 
941 	/* assign the flags that have been recorded in raw_rcv() */
942 	msg->msg_flags |= *(raw_flags(skb));
943 
944 	skb_free_datagram(sk, skb);
945 
946 	return size;
947 }
948 
raw_sock_no_ioctlcmd(struct socket * sock,unsigned int cmd,unsigned long arg)949 static int raw_sock_no_ioctlcmd(struct socket *sock, unsigned int cmd,
950 				unsigned long arg)
951 {
952 	/* no ioctls for socket layer -> hand it down to NIC layer */
953 	return -ENOIOCTLCMD;
954 }
955 
956 static const struct proto_ops raw_ops = {
957 	.family        = PF_CAN,
958 	.release       = raw_release,
959 	.bind          = raw_bind,
960 	.connect       = sock_no_connect,
961 	.socketpair    = sock_no_socketpair,
962 	.accept        = sock_no_accept,
963 	.getname       = raw_getname,
964 	.poll          = datagram_poll,
965 	.ioctl         = raw_sock_no_ioctlcmd,
966 	.gettstamp     = sock_gettstamp,
967 	.listen        = sock_no_listen,
968 	.shutdown      = sock_no_shutdown,
969 	.setsockopt    = raw_setsockopt,
970 	.getsockopt    = raw_getsockopt,
971 	.sendmsg       = raw_sendmsg,
972 	.recvmsg       = raw_recvmsg,
973 	.mmap          = sock_no_mmap,
974 };
975 
976 static struct proto raw_proto __read_mostly = {
977 	.name       = "CAN_RAW",
978 	.owner      = THIS_MODULE,
979 	.obj_size   = sizeof(struct raw_sock),
980 	.init       = raw_init,
981 };
982 
983 static const struct can_proto raw_can_proto = {
984 	.type       = SOCK_RAW,
985 	.protocol   = CAN_RAW,
986 	.ops        = &raw_ops,
987 	.prot       = &raw_proto,
988 };
989 
990 static struct notifier_block canraw_notifier = {
991 	.notifier_call = raw_notifier
992 };
993 
raw_module_init(void)994 static __init int raw_module_init(void)
995 {
996 	int err;
997 
998 	pr_info("can: raw protocol\n");
999 
1000 	err = register_netdevice_notifier(&canraw_notifier);
1001 	if (err)
1002 		return err;
1003 
1004 	err = can_proto_register(&raw_can_proto);
1005 	if (err < 0) {
1006 		pr_err("can: registration of raw protocol failed\n");
1007 		goto register_proto_failed;
1008 	}
1009 
1010 	return 0;
1011 
1012 register_proto_failed:
1013 	unregister_netdevice_notifier(&canraw_notifier);
1014 	return err;
1015 }
1016 
raw_module_exit(void)1017 static __exit void raw_module_exit(void)
1018 {
1019 	can_proto_unregister(&raw_can_proto);
1020 	unregister_netdevice_notifier(&canraw_notifier);
1021 }
1022 
1023 module_init(raw_module_init);
1024 module_exit(raw_module_exit);
1025