pppoatm.c source code [linux/net/atm/pppoatm.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/ net/atm/pppoatm.c - RFC2364 PPP over ATM/AAL5 /
3
4	/ Copyright 1999-2000 by Mitchell Blank Jr /
5	/ Based on clip.c; 1995-1999 by Werner Almesberger, EPFL LRC/ICA /
6	/ And on ppp_async.c; Copyright 1999 Paul Mackerras /
7	/ And help from Jens Axboe /
8
9	/*
10	*
11	* This driver provides the encapsulation and framing for sending
12	* and receiving PPP frames in ATM AAL5 PDUs.
13	*/
14
15	/*
16	* One shortcoming of this driver is that it does not comply with
17	* section 8 of RFC2364 - we are supposed to detect a change
18	* in encapsulation and immediately abort the connection (in order
19	* to avoid a black-hole being created if our peer loses state
20	* and changes encapsulation unilaterally. However, since the
21	* ppp_generic layer actually does the decapsulation, we need
22	* a way of notifying it when we _think_ there might be a problem)
23	* There's two cases:
24	* 1. LLC-encapsulation was missing when it was enabled. In
25	* this case, we should tell the upper layer "tear down
26	* this session if this skb looks ok to you"
27	* 2. LLC-encapsulation was present when it was disabled. Then
28	* we need to tell the upper layer "this packet may be
29	* ok, but if its in error tear down the session"
30	* These hooks are not yet available in ppp_generic
31	*/
32
33	#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
34
35	#include <linux/module.h>
36	#include <linux/init.h>
37	#include <linux/interrupt.h>
38	#include <linux/skbuff.h>
39	#include <linux/slab.h>
40	#include <linux/atm.h>
41	#include <linux/atmdev.h>
42	#include <linux/capability.h>
43	#include <linux/ppp_defs.h>
44	#include <linux/ppp-ioctl.h>
45	#include <linux/ppp_channel.h>
46	#include <linux/atmppp.h>
47
48	#include "common.h"
49
50	enum pppoatm_encaps {
51	e_autodetect = PPPOATM_ENCAPS_AUTODETECT,
52	e_vc = PPPOATM_ENCAPS_VC,
53	e_llc = PPPOATM_ENCAPS_LLC,
54	};
55
56	struct pppoatm_vcc {
57	struct atm_vcc atmvcc; /* VCC descriptor /
58	void (old_push)(struct* atm_vcc , struct* sk_buff *);
59	void (old_pop)(struct* atm_vcc , struct* sk_buff *);
60	void (old_release_cb)(struct* atm_vcc *);
61	struct module *old_owner;
62	/ keep old push/pop for detaching /
63	enum pppoatm_encaps encaps;
64	atomic_t inflight;
65	unsigned long blocked;
66	int flags; / SC_COMP_PROT - compress protocol /
67	struct ppp_channel chan; / interface to generic ppp layer /
68	struct tasklet_struct wakeup_tasklet;
69	};
70
71	/*
72	* We want to allow two packets in the queue. The one that's currently in
73	* flight, and one queued up ready for the ATM device to send immediately
74	* from its TX done IRQ. We want to be able to use atomic_inc_not_zero(), so
75	* inflight == -2 represents an empty queue, -1 one packet, and zero means
76	* there are two packets in the queue.
77	*/
78	#define NONE_INFLIGHT -2
79
80	#define BLOCKED 0
81
82	/*
83	* Header used for LLC Encapsulated PPP (4 bytes) followed by the LCP protocol
84	* ID (0xC021) used in autodetection
85	*/
86	static const unsigned char pppllc[`6`] = { `0xFE`, `0xFE`, `0x03`, `0xCF`, `0xC0`, `0x21` };
87	#define LLC_LEN (4)
88
89	static inline struct pppoatm_vcc atmvcc_to_pvcc(const* struct atm_vcc *atmvcc)
90	{
91	return (struct pppoatm_vcc *) (atmvcc->user_back);
92	}
93
94	static inline struct pppoatm_vcc chan_to_pvcc(const* struct ppp_channel *chan)
95	{
96	return (struct pppoatm_vcc *) (chan->private);
97	}
98
99	/*
100	* We can't do this directly from our _pop handler, since the ppp code
101	* doesn't want to be called in interrupt context, so we do it from
102	* a tasklet
103	*/
104	static void pppoatm_wakeup_sender(struct tasklet_struct *t)
105	{
106	struct pppoatm_vcc *pvcc = from_tasklet(pvcc, t, wakeup_tasklet);
107
108	ppp_output_wakeup(&pvcc->chan);
109	}
110
111	static void pppoatm_release_cb(struct atm_vcc *atmvcc)
112	{
113	struct pppoatm_vcc *pvcc = atmvcc_to_pvcc(atmvcc);
114
115	/*
116	* As in pppoatm_pop(), it's safe to clear the BLOCKED bit here because
117	* the wakeup can't race with pppoatm_send(). They both hold the PPP
118	* channel's ->downl lock. And the potential race with setting it,
119	* which leads to the double-check dance in pppoatm_may_send(), doesn't
120	* exist here. In the sock_owned_by_user() case in pppoatm_send(), we
121	* set the BLOCKED bit while the socket is still locked. We know that
122	* ->release_cb() can't be called until that's done.
123	*/
124	if (test_and_clear_bit(BLOCKED, addr: &pvcc->blocked))
125	tasklet_schedule(t: &pvcc->wakeup_tasklet);
126	if (pvcc->old_release_cb)
127	pvcc->old_release_cb(atmvcc);
128	}
129	/*
130	* This gets called every time the ATM card has finished sending our
131	* skb. The ->old_pop will take care up normal atm flow control,
132	* but we also need to wake up the device if we blocked it
133	*/
134	static void pppoatm_pop(struct atm_vcc atmvcc, struct* sk_buff *skb)
135	{
136	struct pppoatm_vcc *pvcc = atmvcc_to_pvcc(atmvcc);
137
138	pvcc->old_pop(atmvcc, skb);
139	atomic_dec(v: &pvcc->inflight);
140
141	/*
142	* We always used to run the wakeup tasklet unconditionally here, for
143	* fear of race conditions where we clear the BLOCKED flag just as we
144	* refuse another packet in pppoatm_send(). This was quite inefficient.
145	*
146	* In fact it's OK. The PPP core will only ever call pppoatm_send()
147	* while holding the channel->downl lock. And ppp_output_wakeup() as
148	* called by the tasklet will also grab that lock. So even if another
149	* CPU is in pppoatm_send() right now, the tasklet isn't going to race
150	* with it. The wakeup will happen after the other CPU is safely out
151	* of pppoatm_send() again.
152	*
153	* So if the CPU in pppoatm_send() has already set the BLOCKED bit and
154	* it about to return, that's fine. We trigger a wakeup which will
155	* happen later. And if the CPU in pppoatm_send() hasn't set the
156	* BLOCKED bit yet, that's fine too because of the double check in
157	* pppoatm_may_send() which is commented there.
158	*/
159	if (test_and_clear_bit(BLOCKED, addr: &pvcc->blocked))
160	tasklet_schedule(t: &pvcc->wakeup_tasklet);
161	}
162
163	/*
164	* Unbind from PPP - currently we only do this when closing the socket,
165	* but we could put this into an ioctl if need be
166	*/
167	static void pppoatm_unassign_vcc(struct atm_vcc *atmvcc)
168	{
169	struct pppoatm_vcc *pvcc;
170	pvcc = atmvcc_to_pvcc(atmvcc);
171	atmvcc->push = pvcc->old_push;
172	atmvcc->pop = pvcc->old_pop;
173	atmvcc->release_cb = pvcc->old_release_cb;
174	tasklet_kill(t: &pvcc->wakeup_tasklet);
175	ppp_unregister_channel(&pvcc->chan);
176	atmvcc->user_back = NULL;
177	kfree(objp: pvcc);
178	}
179
180	/ Called when an AAL5 PDU comes in /
181	static void pppoatm_push(struct atm_vcc atmvcc, struct* sk_buff *skb)
182	{
183	struct pppoatm_vcc *pvcc = atmvcc_to_pvcc(atmvcc);
184	pr_debug("\n");
185	if (skb == NULL) { / VCC was closed /
186	struct module *module;
187
188	pr_debug("removing ATMPPP VCC %p\n", pvcc);
189	module = pvcc->old_owner;
190	pppoatm_unassign_vcc(atmvcc);
191	atmvcc->push(atmvcc, NULL); / Pass along bad news /
192	module_put(module);
193	return;
194	}
195	atm_return(vcc: atmvcc, truesize: skb->truesize);
196	switch (pvcc->encaps) {
197	case e_llc:
198	if (skb->len < LLC_LEN \|\|
199	memcmp(p: skb->data, q: pppllc, LLC_LEN))
200	goto error;
201	skb_pull(skb, LLC_LEN);
202	break;
203	case e_autodetect:
204	if (pvcc->chan.ppp == NULL) { / Not bound yet! /
205	kfree_skb(skb);
206	return;
207	}
208	if (skb->len >= sizeof(pppllc) &&
209	!memcmp(p: skb->data, q: pppllc, size: sizeof(pppllc))) {
210	pvcc->encaps = e_llc;
211	skb_pull(skb, LLC_LEN);
212	break;
213	}
214	if (skb->len >= (sizeof(pppllc) - LLC_LEN) &&
215	!memcmp(p: skb->data, q: &pppllc[LLC_LEN],
216	size: sizeof(pppllc) - LLC_LEN)) {
217	pvcc->encaps = e_vc;
218	pvcc->chan.mtu += LLC_LEN;
219	break;
220	}
221	pr_debug("Couldn't autodetect yet (skb: %6ph)\n", skb->data);
222	goto error;
223	case e_vc:
224	break;
225	}
226	ppp_input(&pvcc->chan, skb);
227	return;
228
229	error:
230	kfree_skb(skb);
231	ppp_input_error(&pvcc->chan, code: `0`);
232	}
233
234	static int pppoatm_may_send(struct pppoatm_vcc pvcc, int* size)
235	{
236	/*
237	* It's not clear that we need to bother with using atm_may_send()
238	* to check we don't exceed sk->sk_sndbuf. If userspace sets a
239	* value of sk_sndbuf which is lower than the MTU, we're going to
240	* block for ever. But the code always did that before we introduced
241	* the packet count limit, so...
242	*/
243	if (atm_may_send(vcc: pvcc->atmvcc, size) &&
244	atomic_inc_not_zero(v: &pvcc->inflight))
245	return `1`;
246
247	/*
248	* We use test_and_set_bit() rather than set_bit() here because
249	* we need to ensure there's a memory barrier after it. The bit
250	* must be set before we do the atomic_inc() on pvcc->inflight.
251	* There's no smp_mb__after_set_bit(), so it's this or abuse
252	* smp_mb__after_atomic().
253	*/
254	test_and_set_bit(BLOCKED, addr: &pvcc->blocked);
255
256	/*
257	* We may have raced with pppoatm_pop(). If it ran for the
258	* last packet in the queue, just before we set the BLOCKED
259	* bit, then it might never run again and the channel could
260	* remain permanently blocked. Cope with that race by checking
261	* again. If it did run in that window, we'll have space on
262	* the queue now and can return success. It's harmless to leave
263	* the BLOCKED flag set, since it's only used as a trigger to
264	* run the wakeup tasklet. Another wakeup will never hurt.
265	* If pppoatm_pop() is running but hasn't got as far as making
266	* space on the queue yet, then it hasn't checked the BLOCKED
267	* flag yet either, so we're safe in that case too. It'll issue
268	* an "immediate" wakeup... where "immediate" actually involves
269	* taking the PPP channel's ->downl lock, which is held by the
270	* code path that calls pppoatm_send(), and is thus going to
271	* wait for us to finish.
272	*/
273	if (atm_may_send(vcc: pvcc->atmvcc, size) &&
274	atomic_inc_not_zero(v: &pvcc->inflight))
275	return `1`;
276
277	return `0`;
278	}
279	/*
280	* Called by the ppp_generic.c to send a packet - returns true if packet
281	* was accepted. If we return false, then it's our job to call
282	* ppp_output_wakeup(chan) when we're feeling more up to it.
283	* Note that in the ENOMEM case (as opposed to the !atm_may_send case)
284	* we should really drop the packet, but the generic layer doesn't
285	* support this yet. We just return 'DROP_PACKET' which we actually define
286	* as success, just to be clear what we're really doing.
287	*/
288	#define DROP_PACKET 1
289	static int pppoatm_send(struct ppp_channel chan, struct* sk_buff *skb)
290	{
291	struct pppoatm_vcc *pvcc = chan_to_pvcc(chan);
292	struct atm_vcc *vcc;
293	int ret;
294
295	ATM_SKB(skb)->vcc = pvcc->atmvcc;
296	pr_debug("(skb=0x%p, vcc=0x%p)\n", skb, pvcc->atmvcc);
297	if (skb->data[`0`] == `'\0'` && (pvcc->flags & SC_COMP_PROT))
298	(void) skb_pull(skb, len: `1`);
299
300	vcc = ATM_SKB(skb)->vcc;
301	bh_lock_sock(sk_atm(vcc));
302	if (sock_owned_by_user(sk: sk_atm(vcc))) {
303	/*
304	* Needs to happen (and be flushed, hence test_and_) before we unlock
305	* the socket. It needs to be seen by the time our ->release_cb gets
306	* called.
307	*/
308	test_and_set_bit(BLOCKED, addr: &pvcc->blocked);
309	goto nospace;
310	}
311	if (test_bit(ATM_VF_RELEASED, &vcc->flags) \|\|
312	test_bit(ATM_VF_CLOSE, &vcc->flags) \|\|
313	!test_bit(ATM_VF_READY, &vcc->flags)) {
314	bh_unlock_sock(sk_atm(vcc));
315	kfree_skb(skb);
316	return DROP_PACKET;
317	}
318
319	switch (pvcc->encaps) { / LLC encapsulation needed /
320	case e_llc:
321	if (skb_headroom(skb) < LLC_LEN) {
322	struct sk_buff *n;
323	n = skb_realloc_headroom(skb, LLC_LEN);
324	if (n != NULL &&
325	!pppoatm_may_send(pvcc, size: n->truesize)) {
326	kfree_skb(skb: n);
327	goto nospace;
328	}
329	consume_skb(skb);
330	skb = n;
331	if (skb == NULL) {
332	bh_unlock_sock(sk_atm(vcc));
333	return DROP_PACKET;
334	}
335	} else if (!pppoatm_may_send(pvcc, size: skb->truesize))
336	goto nospace;
337	memcpy(skb_push(skb, LLC_LEN), pppllc, LLC_LEN);
338	break;
339	case e_vc:
340	if (!pppoatm_may_send(pvcc, size: skb->truesize))
341	goto nospace;
342	break;
343	case e_autodetect:
344	bh_unlock_sock(sk_atm(vcc));
345	pr_debug("Trying to send without setting encaps!\n");
346	kfree_skb(skb);
347	return `1`;
348	}
349
350	atm_account_tx(vcc, skb);
351	pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n",
352	skb, ATM_SKB(skb)->vcc, ATM_SKB(skb)->vcc->dev);
353	ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
354	? DROP_PACKET : `1`;
355	bh_unlock_sock(sk_atm(vcc));
356	return ret;
357	nospace:
358	bh_unlock_sock(sk_atm(vcc));
359	/*
360	* We don't have space to send this SKB now, but we might have
361	* already applied SC_COMP_PROT compression, so may need to undo
362	*/
363	if ((pvcc->flags & SC_COMP_PROT) && skb_headroom(skb) > `0` &&
364	skb->data[-`1`] == `'\0'`)
365	(void) skb_push(skb, len: `1`);
366	return `0`;
367	}
368
369	/ This handles ioctls sent to the /dev/ppp interface /
370	static int pppoatm_devppp_ioctl(struct ppp_channel chan, unsigned* int cmd,
371	unsigned long arg)
372	{
373	switch (cmd) {
374	case PPPIOCGFLAGS:
375	return put_user(chan_to_pvcc(chan)->flags, (int __user *) arg)
376	? -EFAULT : `0`;
377	case PPPIOCSFLAGS:
378	return get_user(chan_to_pvcc(chan)->flags, (int __user *) arg)
379	? -EFAULT : `0`;
380	}
381	return -ENOTTY;
382	}
383
384	static const struct ppp_channel_ops pppoatm_ops = {
385	.start_xmit = pppoatm_send,
386	.ioctl = pppoatm_devppp_ioctl,
387	};
388
389	static int pppoatm_assign_vcc(struct atm_vcc atmvcc, void* __user *arg)
390	{
391	struct atm_backend_ppp be;
392	struct pppoatm_vcc *pvcc;
393	int err;
394
395	if (copy_from_user(to: &be, from: arg, n: sizeof be))
396	return -EFAULT;
397	if (be.encaps != PPPOATM_ENCAPS_AUTODETECT &&
398	be.encaps != PPPOATM_ENCAPS_VC && be.encaps != PPPOATM_ENCAPS_LLC)
399	return -EINVAL;
400	pvcc = kzalloc(size: sizeof(*pvcc), GFP_KERNEL);
401	if (pvcc == NULL)
402	return -ENOMEM;
403	pvcc->atmvcc = atmvcc;
404
405	/ Maximum is zero, so that we can use atomic_inc_not_zero() /
406	atomic_set(v: &pvcc->inflight, NONE_INFLIGHT);
407	pvcc->old_push = atmvcc->push;
408	pvcc->old_pop = atmvcc->pop;
409	pvcc->old_owner = atmvcc->owner;
410	pvcc->old_release_cb = atmvcc->release_cb;
411	pvcc->encaps = (enum pppoatm_encaps) be.encaps;
412	pvcc->chan.private = pvcc;
413	pvcc->chan.ops = &pppoatm_ops;
414	pvcc->chan.mtu = atmvcc->qos.txtp.max_sdu - PPP_HDRLEN -
415	(be.encaps == e_vc ? `0` : LLC_LEN);
416	tasklet_setup(t: &pvcc->wakeup_tasklet, callback: pppoatm_wakeup_sender);
417	err = ppp_register_channel(&pvcc->chan);
418	if (err != `0`) {
419	kfree(objp: pvcc);
420	return err;
421	}
422	atmvcc->user_back = pvcc;
423	atmvcc->push = pppoatm_push;
424	atmvcc->pop = pppoatm_pop;
425	atmvcc->release_cb = pppoatm_release_cb;
426	__module_get(THIS_MODULE);
427	atmvcc->owner = THIS_MODULE;
428
429	/ re-process everything received between connection setup and*
430	backend setup /*
431	vcc_process_recv_queue(vcc: atmvcc);
432	return `0`;
433	}
434
435	/*
436	* This handles ioctls actually performed on our vcc - we must return
437	* -ENOIOCTLCMD for any unrecognized ioctl
438	*/
439	static int pppoatm_ioctl(struct socket sock, unsigned* int cmd,
440	unsigned long arg)
441	{
442	struct atm_vcc *atmvcc = ATM_SD(sock);
443	void __user argp = (void* __user *)arg;
444
445	if (cmd != ATM_SETBACKEND && atmvcc->push != pppoatm_push)
446	return -ENOIOCTLCMD;
447	switch (cmd) {
448	case ATM_SETBACKEND: {
449	atm_backend_t b;
450	if (get_user(b, (atm_backend_t __user *) argp))
451	return -EFAULT;
452	if (b != ATM_BACKEND_PPP)
453	return -ENOIOCTLCMD;
454	if (!capable(CAP_NET_ADMIN))
455	return -EPERM;
456	if (sock->state != SS_CONNECTED)
457	return -EINVAL;
458	return pppoatm_assign_vcc(atmvcc, arg: argp);
459	}
460	case PPPIOCGCHAN:
461	return put_user(ppp_channel_index(&atmvcc_to_pvcc(atmvcc)->
462	chan), (int __user *) argp) ? -EFAULT : `0`;
463	case PPPIOCGUNIT:
464	return put_user(ppp_unit_number(&atmvcc_to_pvcc(atmvcc)->
465	chan), (int __user *) argp) ? -EFAULT : `0`;
466	}
467	return -ENOIOCTLCMD;
468	}
469
470	static struct atm_ioctl pppoatm_ioctl_ops = {
471	.owner = THIS_MODULE,
472	.ioctl = pppoatm_ioctl,
473	};
474
475	static int __init pppoatm_init(void)
476	{
477	register_atm_ioctl(&pppoatm_ioctl_ops);
478	return `0`;
479	}
480
481	static void __exit pppoatm_exit(void)
482	{
483	deregister_atm_ioctl(&pppoatm_ioctl_ops);
484	}
485
486	module_init(pppoatm_init);
487	module_exit(pppoatm_exit);
488
489	MODULE_AUTHOR("Mitchell Blank Jr <mitch@sfgoth.com>");
490	MODULE_DESCRIPTION("RFC2364 PPP over ATM/AAL5");
491	MODULE_LICENSE("GPL");
492

source code of linux/net/atm/pppoatm.c