1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* ATM ioctl handling */ |
3 | |
4 | /* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */ |
5 | /* 2003 John Levon <levon@movementarian.org> */ |
6 | |
7 | #define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__ |
8 | |
9 | #include <linux/module.h> |
10 | #include <linux/kmod.h> |
11 | #include <linux/net.h> /* struct socket, struct proto_ops */ |
12 | #include <linux/atm.h> /* ATM stuff */ |
13 | #include <linux/atmdev.h> |
14 | #include <linux/atmclip.h> /* CLIP_*ENCAP */ |
15 | #include <linux/atmarp.h> /* manifest constants */ |
16 | #include <linux/capability.h> |
17 | #include <linux/sonet.h> /* for ioctls */ |
18 | #include <linux/atmsvc.h> |
19 | #include <linux/atmmpc.h> |
20 | #include <net/atmclip.h> |
21 | #include <linux/atmlec.h> |
22 | #include <linux/mutex.h> |
23 | #include <asm/ioctls.h> |
24 | #include <net/compat.h> |
25 | |
26 | #include "resources.h" |
27 | #include "signaling.h" /* for WAITING and sigd_attach */ |
28 | #include "common.h" |
29 | |
30 | |
31 | static DEFINE_MUTEX(ioctl_mutex); |
32 | static LIST_HEAD(ioctl_list); |
33 | |
34 | |
35 | void register_atm_ioctl(struct atm_ioctl *ioctl) |
36 | { |
37 | mutex_lock(&ioctl_mutex); |
38 | list_add_tail(new: &ioctl->list, head: &ioctl_list); |
39 | mutex_unlock(lock: &ioctl_mutex); |
40 | } |
41 | EXPORT_SYMBOL(register_atm_ioctl); |
42 | |
43 | void deregister_atm_ioctl(struct atm_ioctl *ioctl) |
44 | { |
45 | mutex_lock(&ioctl_mutex); |
46 | list_del(entry: &ioctl->list); |
47 | mutex_unlock(lock: &ioctl_mutex); |
48 | } |
49 | EXPORT_SYMBOL(deregister_atm_ioctl); |
50 | |
51 | static int do_vcc_ioctl(struct socket *sock, unsigned int cmd, |
52 | unsigned long arg, int compat) |
53 | { |
54 | struct sock *sk = sock->sk; |
55 | struct atm_vcc *vcc; |
56 | int error; |
57 | struct list_head *pos; |
58 | void __user *argp = (void __user *)arg; |
59 | void __user *buf; |
60 | int __user *len; |
61 | |
62 | vcc = ATM_SD(sock); |
63 | switch (cmd) { |
64 | case SIOCOUTQ: |
65 | if (sock->state != SS_CONNECTED || |
66 | !test_bit(ATM_VF_READY, &vcc->flags)) { |
67 | error = -EINVAL; |
68 | goto done; |
69 | } |
70 | error = put_user(sk->sk_sndbuf - sk_wmem_alloc_get(sk), |
71 | (int __user *)argp) ? -EFAULT : 0; |
72 | goto done; |
73 | case SIOCINQ: |
74 | { |
75 | struct sk_buff *skb; |
76 | |
77 | if (sock->state != SS_CONNECTED) { |
78 | error = -EINVAL; |
79 | goto done; |
80 | } |
81 | skb = skb_peek(list_: &sk->sk_receive_queue); |
82 | error = put_user(skb ? skb->len : 0, |
83 | (int __user *)argp) ? -EFAULT : 0; |
84 | goto done; |
85 | } |
86 | case ATM_SETSC: |
87 | net_warn_ratelimited("ATM_SETSC is obsolete; used by %s:%d\n" , |
88 | current->comm, task_pid_nr(current)); |
89 | error = 0; |
90 | goto done; |
91 | case ATMSIGD_CTRL: |
92 | if (!capable(CAP_NET_ADMIN)) { |
93 | error = -EPERM; |
94 | goto done; |
95 | } |
96 | /* |
97 | * The user/kernel protocol for exchanging signalling |
98 | * info uses kernel pointers as opaque references, |
99 | * so the holder of the file descriptor can scribble |
100 | * on the kernel... so we should make sure that we |
101 | * have the same privileges that /proc/kcore needs |
102 | */ |
103 | if (!capable(CAP_SYS_RAWIO)) { |
104 | error = -EPERM; |
105 | goto done; |
106 | } |
107 | #ifdef CONFIG_COMPAT |
108 | /* WTF? I don't even want to _think_ about making this |
109 | work for 32-bit userspace. TBH I don't really want |
110 | to think about it at all. dwmw2. */ |
111 | if (compat) { |
112 | net_warn_ratelimited("32-bit task cannot be atmsigd\n" ); |
113 | error = -EINVAL; |
114 | goto done; |
115 | } |
116 | #endif |
117 | error = sigd_attach(vcc); |
118 | if (!error) |
119 | sock->state = SS_CONNECTED; |
120 | goto done; |
121 | case ATM_SETBACKEND: |
122 | case ATM_NEWBACKENDIF: |
123 | { |
124 | atm_backend_t backend; |
125 | error = get_user(backend, (atm_backend_t __user *)argp); |
126 | if (error) |
127 | goto done; |
128 | switch (backend) { |
129 | case ATM_BACKEND_PPP: |
130 | request_module("pppoatm" ); |
131 | break; |
132 | case ATM_BACKEND_BR2684: |
133 | request_module("br2684" ); |
134 | break; |
135 | } |
136 | break; |
137 | } |
138 | case ATMMPC_CTRL: |
139 | case ATMMPC_DATA: |
140 | request_module("mpoa" ); |
141 | break; |
142 | case ATMARPD_CTRL: |
143 | request_module("clip" ); |
144 | break; |
145 | case ATMLEC_CTRL: |
146 | request_module("lec" ); |
147 | break; |
148 | } |
149 | |
150 | error = -ENOIOCTLCMD; |
151 | |
152 | mutex_lock(&ioctl_mutex); |
153 | list_for_each(pos, &ioctl_list) { |
154 | struct atm_ioctl *ic = list_entry(pos, struct atm_ioctl, list); |
155 | if (try_module_get(module: ic->owner)) { |
156 | error = ic->ioctl(sock, cmd, arg); |
157 | module_put(module: ic->owner); |
158 | if (error != -ENOIOCTLCMD) |
159 | break; |
160 | } |
161 | } |
162 | mutex_unlock(lock: &ioctl_mutex); |
163 | |
164 | if (error != -ENOIOCTLCMD) |
165 | goto done; |
166 | |
167 | if (cmd == ATM_GETNAMES) { |
168 | if (IS_ENABLED(CONFIG_COMPAT) && compat) { |
169 | #ifdef CONFIG_COMPAT |
170 | struct compat_atm_iobuf __user *ciobuf = argp; |
171 | compat_uptr_t cbuf; |
172 | len = &ciobuf->length; |
173 | if (get_user(cbuf, &ciobuf->buffer)) |
174 | return -EFAULT; |
175 | buf = compat_ptr(uptr: cbuf); |
176 | #endif |
177 | } else { |
178 | struct atm_iobuf __user *iobuf = argp; |
179 | len = &iobuf->length; |
180 | if (get_user(buf, &iobuf->buffer)) |
181 | return -EFAULT; |
182 | } |
183 | error = atm_getnames(buf, iobuf_len: len); |
184 | } else { |
185 | int number; |
186 | |
187 | if (IS_ENABLED(CONFIG_COMPAT) && compat) { |
188 | #ifdef CONFIG_COMPAT |
189 | struct compat_atmif_sioc __user *csioc = argp; |
190 | compat_uptr_t carg; |
191 | |
192 | len = &csioc->length; |
193 | if (get_user(carg, &csioc->arg)) |
194 | return -EFAULT; |
195 | buf = compat_ptr(uptr: carg); |
196 | if (get_user(number, &csioc->number)) |
197 | return -EFAULT; |
198 | #endif |
199 | } else { |
200 | struct atmif_sioc __user *sioc = argp; |
201 | |
202 | len = &sioc->length; |
203 | if (get_user(buf, &sioc->arg)) |
204 | return -EFAULT; |
205 | if (get_user(number, &sioc->number)) |
206 | return -EFAULT; |
207 | } |
208 | error = atm_dev_ioctl(cmd, buf, sioc_len: len, number, compat); |
209 | } |
210 | |
211 | done: |
212 | return error; |
213 | } |
214 | |
215 | int vcc_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
216 | { |
217 | return do_vcc_ioctl(sock, cmd, arg, compat: 0); |
218 | } |
219 | |
220 | #ifdef CONFIG_COMPAT |
221 | /* |
222 | * FIXME: |
223 | * The compat_ioctl handling is duplicated, using both these conversion |
224 | * routines and the compat argument to the actual handlers. Both |
225 | * versions are somewhat incomplete and should be merged, e.g. by |
226 | * moving the ioctl number translation into the actual handlers and |
227 | * killing the conversion code. |
228 | * |
229 | * -arnd, November 2009 |
230 | */ |
231 | #define ATM_GETLINKRATE32 _IOW('a', ATMIOC_ITF+1, struct compat_atmif_sioc) |
232 | #define ATM_GETNAMES32 _IOW('a', ATMIOC_ITF+3, struct compat_atm_iobuf) |
233 | #define ATM_GETTYPE32 _IOW('a', ATMIOC_ITF+4, struct compat_atmif_sioc) |
234 | #define ATM_GETESI32 _IOW('a', ATMIOC_ITF+5, struct compat_atmif_sioc) |
235 | #define ATM_GETADDR32 _IOW('a', ATMIOC_ITF+6, struct compat_atmif_sioc) |
236 | #define ATM_RSTADDR32 _IOW('a', ATMIOC_ITF+7, struct compat_atmif_sioc) |
237 | #define ATM_ADDADDR32 _IOW('a', ATMIOC_ITF+8, struct compat_atmif_sioc) |
238 | #define ATM_DELADDR32 _IOW('a', ATMIOC_ITF+9, struct compat_atmif_sioc) |
239 | #define ATM_GETCIRANGE32 _IOW('a', ATMIOC_ITF+10, struct compat_atmif_sioc) |
240 | #define ATM_SETCIRANGE32 _IOW('a', ATMIOC_ITF+11, struct compat_atmif_sioc) |
241 | #define ATM_SETESI32 _IOW('a', ATMIOC_ITF+12, struct compat_atmif_sioc) |
242 | #define ATM_SETESIF32 _IOW('a', ATMIOC_ITF+13, struct compat_atmif_sioc) |
243 | #define ATM_GETSTAT32 _IOW('a', ATMIOC_SARCOM+0, struct compat_atmif_sioc) |
244 | #define ATM_GETSTATZ32 _IOW('a', ATMIOC_SARCOM+1, struct compat_atmif_sioc) |
245 | #define ATM_GETLOOP32 _IOW('a', ATMIOC_SARCOM+2, struct compat_atmif_sioc) |
246 | #define ATM_SETLOOP32 _IOW('a', ATMIOC_SARCOM+3, struct compat_atmif_sioc) |
247 | #define ATM_QUERYLOOP32 _IOW('a', ATMIOC_SARCOM+4, struct compat_atmif_sioc) |
248 | |
249 | static struct { |
250 | unsigned int cmd32; |
251 | unsigned int cmd; |
252 | } atm_ioctl_map[] = { |
253 | { ATM_GETLINKRATE32, ATM_GETLINKRATE }, |
254 | { ATM_GETNAMES32, ATM_GETNAMES }, |
255 | { ATM_GETTYPE32, ATM_GETTYPE }, |
256 | { ATM_GETESI32, ATM_GETESI }, |
257 | { ATM_GETADDR32, ATM_GETADDR }, |
258 | { ATM_RSTADDR32, ATM_RSTADDR }, |
259 | { ATM_ADDADDR32, ATM_ADDADDR }, |
260 | { ATM_DELADDR32, ATM_DELADDR }, |
261 | { ATM_GETCIRANGE32, ATM_GETCIRANGE }, |
262 | { ATM_SETCIRANGE32, ATM_SETCIRANGE }, |
263 | { ATM_SETESI32, ATM_SETESI }, |
264 | { ATM_SETESIF32, ATM_SETESIF }, |
265 | { ATM_GETSTAT32, ATM_GETSTAT }, |
266 | { ATM_GETSTATZ32, ATM_GETSTATZ }, |
267 | { ATM_GETLOOP32, ATM_GETLOOP }, |
268 | { ATM_SETLOOP32, ATM_SETLOOP }, |
269 | { ATM_QUERYLOOP32, ATM_QUERYLOOP }, |
270 | }; |
271 | |
272 | #define NR_ATM_IOCTL ARRAY_SIZE(atm_ioctl_map) |
273 | |
274 | static int do_atm_iobuf(struct socket *sock, unsigned int cmd, |
275 | unsigned long arg) |
276 | { |
277 | struct compat_atm_iobuf __user *iobuf32 = compat_ptr(uptr: arg); |
278 | u32 data; |
279 | |
280 | if (get_user(data, &iobuf32->buffer)) |
281 | return -EFAULT; |
282 | |
283 | return atm_getnames(buf: &iobuf32->length, iobuf_len: compat_ptr(uptr: data)); |
284 | } |
285 | |
286 | static int do_atmif_sioc(struct socket *sock, unsigned int cmd, |
287 | unsigned long arg) |
288 | { |
289 | struct compat_atmif_sioc __user *sioc32 = compat_ptr(uptr: arg); |
290 | int number; |
291 | u32 data; |
292 | |
293 | if (get_user(data, &sioc32->arg) || get_user(number, &sioc32->number)) |
294 | return -EFAULT; |
295 | return atm_dev_ioctl(cmd, buf: compat_ptr(uptr: data), sioc_len: &sioc32->length, number, compat: 0); |
296 | } |
297 | |
298 | static int do_atm_ioctl(struct socket *sock, unsigned int cmd32, |
299 | unsigned long arg) |
300 | { |
301 | int i; |
302 | unsigned int cmd = 0; |
303 | |
304 | switch (cmd32) { |
305 | case SONET_GETSTAT: |
306 | case SONET_GETSTATZ: |
307 | case SONET_GETDIAG: |
308 | case SONET_SETDIAG: |
309 | case SONET_CLRDIAG: |
310 | case SONET_SETFRAMING: |
311 | case SONET_GETFRAMING: |
312 | case SONET_GETFRSENSE: |
313 | return do_atmif_sioc(sock, cmd: cmd32, arg); |
314 | } |
315 | |
316 | for (i = 0; i < NR_ATM_IOCTL; i++) { |
317 | if (cmd32 == atm_ioctl_map[i].cmd32) { |
318 | cmd = atm_ioctl_map[i].cmd; |
319 | break; |
320 | } |
321 | } |
322 | if (i == NR_ATM_IOCTL) |
323 | return -EINVAL; |
324 | |
325 | switch (cmd) { |
326 | case ATM_GETNAMES: |
327 | return do_atm_iobuf(sock, cmd, arg); |
328 | |
329 | case ATM_GETLINKRATE: |
330 | case ATM_GETTYPE: |
331 | case ATM_GETESI: |
332 | case ATM_GETADDR: |
333 | case ATM_RSTADDR: |
334 | case ATM_ADDADDR: |
335 | case ATM_DELADDR: |
336 | case ATM_GETCIRANGE: |
337 | case ATM_SETCIRANGE: |
338 | case ATM_SETESI: |
339 | case ATM_SETESIF: |
340 | case ATM_GETSTAT: |
341 | case ATM_GETSTATZ: |
342 | case ATM_GETLOOP: |
343 | case ATM_SETLOOP: |
344 | case ATM_QUERYLOOP: |
345 | return do_atmif_sioc(sock, cmd, arg); |
346 | } |
347 | |
348 | return -EINVAL; |
349 | } |
350 | |
351 | int vcc_compat_ioctl(struct socket *sock, unsigned int cmd, |
352 | unsigned long arg) |
353 | { |
354 | int ret; |
355 | |
356 | ret = do_vcc_ioctl(sock, cmd, arg, compat: 1); |
357 | if (ret != -ENOIOCTLCMD) |
358 | return ret; |
359 | |
360 | return do_atm_ioctl(sock, cmd32: cmd, arg); |
361 | } |
362 | #endif |
363 | |