1 | // SPDX-License-Identifier: GPL-2.0 |
2 | // Copyright (c) 2010-2011 EIA Electronics, |
3 | // Kurt Van Dijck <kurt.van.dijck@eia.be> |
4 | // Copyright (c) 2010-2011 EIA Electronics, |
5 | // Pieter Beyens <pieter.beyens@eia.be> |
6 | // Copyright (c) 2017-2019 Pengutronix, |
7 | // Marc Kleine-Budde <kernel@pengutronix.de> |
8 | // Copyright (c) 2017-2019 Pengutronix, |
9 | // Oleksij Rempel <kernel@pengutronix.de> |
10 | |
11 | /* J1939 Address Claiming. |
12 | * Address Claiming in the kernel |
13 | * - keeps track of the AC states of ECU's, |
14 | * - resolves NAME<=>SA taking into account the AC states of ECU's. |
15 | * |
16 | * All Address Claim msgs (including host-originated msg) are processed |
17 | * at the receive path (a sent msg is always received again via CAN echo). |
18 | * As such, the processing of AC msgs is done in the order on which msgs |
19 | * are sent on the bus. |
20 | * |
21 | * This module doesn't send msgs itself (e.g. replies on Address Claims), |
22 | * this is the responsibility of a user space application or daemon. |
23 | */ |
24 | |
25 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
26 | |
27 | #include <linux/netdevice.h> |
28 | #include <linux/skbuff.h> |
29 | |
30 | #include "j1939-priv.h" |
31 | |
32 | static inline name_t j1939_skb_to_name(const struct sk_buff *skb) |
33 | { |
34 | return le64_to_cpup(p: (__le64 *)skb->data); |
35 | } |
36 | |
37 | static inline bool j1939_ac_msg_is_request(struct sk_buff *skb) |
38 | { |
39 | struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb); |
40 | int req_pgn; |
41 | |
42 | if (skb->len < 3 || skcb->addr.pgn != J1939_PGN_REQUEST) |
43 | return false; |
44 | |
45 | req_pgn = skb->data[0] | (skb->data[1] << 8) | (skb->data[2] << 16); |
46 | |
47 | return req_pgn == J1939_PGN_ADDRESS_CLAIMED; |
48 | } |
49 | |
50 | static int j1939_ac_verify_outgoing(struct j1939_priv *priv, |
51 | struct sk_buff *skb) |
52 | { |
53 | struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb); |
54 | |
55 | if (skb->len != 8) { |
56 | netdev_notice(dev: priv->ndev, format: "tx address claim with dlc %i\n" , |
57 | skb->len); |
58 | return -EPROTO; |
59 | } |
60 | |
61 | if (skcb->addr.src_name != j1939_skb_to_name(skb)) { |
62 | netdev_notice(dev: priv->ndev, format: "tx address claim with different name\n" ); |
63 | return -EPROTO; |
64 | } |
65 | |
66 | if (skcb->addr.sa == J1939_NO_ADDR) { |
67 | netdev_notice(dev: priv->ndev, format: "tx address claim with broadcast sa\n" ); |
68 | return -EPROTO; |
69 | } |
70 | |
71 | /* ac must always be a broadcast */ |
72 | if (skcb->addr.dst_name || skcb->addr.da != J1939_NO_ADDR) { |
73 | netdev_notice(dev: priv->ndev, format: "tx address claim with dest, not broadcast\n" ); |
74 | return -EPROTO; |
75 | } |
76 | return 0; |
77 | } |
78 | |
79 | int j1939_ac_fixup(struct j1939_priv *priv, struct sk_buff *skb) |
80 | { |
81 | struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb); |
82 | int ret; |
83 | u8 addr; |
84 | |
85 | /* network mgmt: address claiming msgs */ |
86 | if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) { |
87 | struct j1939_ecu *ecu; |
88 | |
89 | ret = j1939_ac_verify_outgoing(priv, skb); |
90 | /* return both when failure & when successful */ |
91 | if (ret < 0) |
92 | return ret; |
93 | ecu = j1939_ecu_get_by_name(priv, name: skcb->addr.src_name); |
94 | if (!ecu) |
95 | return -ENODEV; |
96 | |
97 | if (ecu->addr != skcb->addr.sa) |
98 | /* hold further traffic for ecu, remove from parent */ |
99 | j1939_ecu_unmap(ecu); |
100 | j1939_ecu_put(ecu); |
101 | } else if (skcb->addr.src_name) { |
102 | /* assign source address */ |
103 | addr = j1939_name_to_addr(priv, name: skcb->addr.src_name); |
104 | if (!j1939_address_is_unicast(addr) && |
105 | !j1939_ac_msg_is_request(skb)) { |
106 | netdev_notice(dev: priv->ndev, format: "tx drop: invalid sa for name 0x%016llx\n" , |
107 | skcb->addr.src_name); |
108 | return -EADDRNOTAVAIL; |
109 | } |
110 | skcb->addr.sa = addr; |
111 | } |
112 | |
113 | /* assign destination address */ |
114 | if (skcb->addr.dst_name) { |
115 | addr = j1939_name_to_addr(priv, name: skcb->addr.dst_name); |
116 | if (!j1939_address_is_unicast(addr)) { |
117 | netdev_notice(dev: priv->ndev, format: "tx drop: invalid da for name 0x%016llx\n" , |
118 | skcb->addr.dst_name); |
119 | return -EADDRNOTAVAIL; |
120 | } |
121 | skcb->addr.da = addr; |
122 | } |
123 | return 0; |
124 | } |
125 | |
126 | static void j1939_ac_process(struct j1939_priv *priv, struct sk_buff *skb) |
127 | { |
128 | struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb); |
129 | struct j1939_ecu *ecu, *prev; |
130 | name_t name; |
131 | |
132 | if (skb->len != 8) { |
133 | netdev_notice(dev: priv->ndev, format: "rx address claim with wrong dlc %i\n" , |
134 | skb->len); |
135 | return; |
136 | } |
137 | |
138 | name = j1939_skb_to_name(skb); |
139 | skcb->addr.src_name = name; |
140 | if (!name) { |
141 | netdev_notice(dev: priv->ndev, format: "rx address claim without name\n" ); |
142 | return; |
143 | } |
144 | |
145 | if (!j1939_address_is_valid(addr: skcb->addr.sa)) { |
146 | netdev_notice(dev: priv->ndev, format: "rx address claim with broadcast sa\n" ); |
147 | return; |
148 | } |
149 | |
150 | write_lock_bh(&priv->lock); |
151 | |
152 | /* Few words on the ECU ref counting: |
153 | * |
154 | * First we get an ECU handle, either with |
155 | * j1939_ecu_get_by_name_locked() (increments the ref counter) |
156 | * or j1939_ecu_create_locked() (initializes an ECU object |
157 | * with a ref counter of 1). |
158 | * |
159 | * j1939_ecu_unmap_locked() will decrement the ref counter, |
160 | * but only if the ECU was mapped before. So "ecu" still |
161 | * belongs to us. |
162 | * |
163 | * j1939_ecu_timer_start() will increment the ref counter |
164 | * before it starts the timer, so we can put the ecu when |
165 | * leaving this function. |
166 | */ |
167 | ecu = j1939_ecu_get_by_name_locked(priv, name); |
168 | |
169 | if (ecu && ecu->addr == skcb->addr.sa) { |
170 | /* The ISO 11783-5 standard, in "4.5.2 - Address claim |
171 | * requirements", states: |
172 | * d) No CF shall begin, or resume, transmission on the |
173 | * network until 250 ms after it has successfully claimed |
174 | * an address except when responding to a request for |
175 | * address-claimed. |
176 | * |
177 | * But "Figure 6" and "Figure 7" in "4.5.4.2 - Address-claim |
178 | * prioritization" show that the CF begins the transmission |
179 | * after 250 ms from the first AC (address-claimed) message |
180 | * even if it sends another AC message during that time window |
181 | * to resolve the address contention with another CF. |
182 | * |
183 | * As stated in "4.4.2.3 - Address-claimed message": |
184 | * In order to successfully claim an address, the CF sending |
185 | * an address claimed message shall not receive a contending |
186 | * claim from another CF for at least 250 ms. |
187 | * |
188 | * As stated in "4.4.3.2 - NAME management (NM) message": |
189 | * 1) A commanding CF can |
190 | * d) request that a CF with a specified NAME transmit |
191 | * the address-claimed message with its current NAME. |
192 | * 2) A target CF shall |
193 | * d) send an address-claimed message in response to a |
194 | * request for a matching NAME |
195 | * |
196 | * Taking the above arguments into account, the 250 ms wait is |
197 | * requested only during network initialization. |
198 | * |
199 | * Do not restart the timer on AC message if both the NAME and |
200 | * the address match and so if the address has already been |
201 | * claimed (timer has expired) or the AC message has been sent |
202 | * to resolve the contention with another CF (timer is still |
203 | * running). |
204 | */ |
205 | goto out_ecu_put; |
206 | } |
207 | |
208 | if (!ecu && j1939_address_is_unicast(addr: skcb->addr.sa)) |
209 | ecu = j1939_ecu_create_locked(priv, name); |
210 | |
211 | if (IS_ERR_OR_NULL(ptr: ecu)) |
212 | goto out_unlock_bh; |
213 | |
214 | /* cancel pending (previous) address claim */ |
215 | j1939_ecu_timer_cancel(ecu); |
216 | |
217 | if (j1939_address_is_idle(addr: skcb->addr.sa)) { |
218 | j1939_ecu_unmap_locked(ecu); |
219 | goto out_ecu_put; |
220 | } |
221 | |
222 | /* save new addr */ |
223 | if (ecu->addr != skcb->addr.sa) |
224 | j1939_ecu_unmap_locked(ecu); |
225 | ecu->addr = skcb->addr.sa; |
226 | |
227 | prev = j1939_ecu_get_by_addr_locked(priv, addr: skcb->addr.sa); |
228 | if (prev) { |
229 | if (ecu->name > prev->name) { |
230 | j1939_ecu_unmap_locked(ecu); |
231 | j1939_ecu_put(ecu: prev); |
232 | goto out_ecu_put; |
233 | } else { |
234 | /* kick prev if less or equal */ |
235 | j1939_ecu_unmap_locked(ecu: prev); |
236 | j1939_ecu_put(ecu: prev); |
237 | } |
238 | } |
239 | |
240 | j1939_ecu_timer_start(ecu); |
241 | out_ecu_put: |
242 | j1939_ecu_put(ecu); |
243 | out_unlock_bh: |
244 | write_unlock_bh(&priv->lock); |
245 | } |
246 | |
247 | void j1939_ac_recv(struct j1939_priv *priv, struct sk_buff *skb) |
248 | { |
249 | struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb); |
250 | struct j1939_ecu *ecu; |
251 | |
252 | /* network mgmt */ |
253 | if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) { |
254 | j1939_ac_process(priv, skb); |
255 | } else if (j1939_address_is_unicast(addr: skcb->addr.sa)) { |
256 | /* assign source name */ |
257 | ecu = j1939_ecu_get_by_addr(priv, addr: skcb->addr.sa); |
258 | if (ecu) { |
259 | skcb->addr.src_name = ecu->name; |
260 | j1939_ecu_put(ecu); |
261 | } |
262 | } |
263 | |
264 | /* assign destination name */ |
265 | ecu = j1939_ecu_get_by_addr(priv, addr: skcb->addr.da); |
266 | if (ecu) { |
267 | skcb->addr.dst_name = ecu->name; |
268 | j1939_ecu_put(ecu); |
269 | } |
270 | } |
271 | |