]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * linux/fs/ncpfs/sock.c | |
3 | * | |
4 | * Copyright (C) 1992, 1993 Rick Sladkey | |
5 | * | |
6 | * Modified 1995, 1996 by Volker Lendecke to be usable for ncp | |
7 | * Modified 1997 Peter Waltenberg, Bill Hawes, David Woodhouse for 2.1 dcache | |
8 | * | |
9 | */ | |
10 | ||
b41f8b84 | 11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
1da177e4 LT |
12 | |
13 | #include <linux/time.h> | |
14 | #include <linux/errno.h> | |
15 | #include <linux/socket.h> | |
16 | #include <linux/fcntl.h> | |
17 | #include <linux/stat.h> | |
c5f93cf1 | 18 | #include <linux/string.h> |
7c0f6ba6 | 19 | #include <linux/uaccess.h> |
1da177e4 LT |
20 | #include <linux/in.h> |
21 | #include <linux/net.h> | |
22 | #include <linux/mm.h> | |
23 | #include <linux/netdevice.h> | |
24 | #include <linux/signal.h> | |
5a0e3ad6 | 25 | #include <linux/slab.h> |
1da177e4 LT |
26 | #include <net/scm.h> |
27 | #include <net/sock.h> | |
28 | #include <linux/ipx.h> | |
29 | #include <linux/poll.h> | |
30 | #include <linux/file.h> | |
31 | ||
32c419d9 | 32 | #include "ncp_fs.h" |
1da177e4 LT |
33 | |
34 | #include "ncpsign_kernel.h" | |
35 | ||
36 | static int _recv(struct socket *sock, void *buf, int size, unsigned flags) | |
37 | { | |
38 | struct msghdr msg = {NULL, }; | |
39 | struct kvec iov = {buf, size}; | |
40 | return kernel_recvmsg(sock, &msg, &iov, 1, size, flags); | |
41 | } | |
42 | ||
1da177e4 LT |
43 | static int _send(struct socket *sock, const void *buff, int len) |
44 | { | |
b8e2df1f AV |
45 | struct msghdr msg = { .msg_flags = 0 }; |
46 | struct kvec vec = {.iov_base = (void *)buff, .iov_len = len}; | |
47 | iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &vec, 1, len); | |
48 | return sock_sendmsg(sock, &msg); | |
1da177e4 LT |
49 | } |
50 | ||
51 | struct ncp_request_reply { | |
52 | struct list_head req; | |
53 | wait_queue_head_t wq; | |
c5f93cf1 PO |
54 | atomic_t refs; |
55 | unsigned char* reply_buf; | |
1da177e4 LT |
56 | size_t datalen; |
57 | int result; | |
c5f93cf1 | 58 | enum { RQ_DONE, RQ_INPROGRESS, RQ_QUEUED, RQ_IDLE, RQ_ABANDONED } status; |
2cebcc78 | 59 | struct iov_iter from; |
1da177e4 LT |
60 | struct kvec tx_iov[3]; |
61 | u_int16_t tx_type; | |
62 | u_int32_t sign[6]; | |
63 | }; | |
64 | ||
c5f93cf1 PO |
65 | static inline struct ncp_request_reply* ncp_alloc_req(void) |
66 | { | |
67 | struct ncp_request_reply *req; | |
68 | ||
69 | req = kmalloc(sizeof(struct ncp_request_reply), GFP_KERNEL); | |
70 | if (!req) | |
71 | return NULL; | |
72 | ||
73 | init_waitqueue_head(&req->wq); | |
74 | atomic_set(&req->refs, (1)); | |
75 | req->status = RQ_IDLE; | |
76 | ||
77 | return req; | |
78 | } | |
79 | ||
80 | static void ncp_req_get(struct ncp_request_reply *req) | |
81 | { | |
82 | atomic_inc(&req->refs); | |
83 | } | |
84 | ||
85 | static void ncp_req_put(struct ncp_request_reply *req) | |
86 | { | |
87 | if (atomic_dec_and_test(&req->refs)) | |
88 | kfree(req); | |
89 | } | |
90 | ||
676d2369 | 91 | void ncp_tcp_data_ready(struct sock *sk) |
1da177e4 LT |
92 | { |
93 | struct ncp_server *server = sk->sk_user_data; | |
94 | ||
676d2369 | 95 | server->data_ready(sk); |
1da177e4 LT |
96 | schedule_work(&server->rcv.tq); |
97 | } | |
98 | ||
99 | void ncp_tcp_error_report(struct sock *sk) | |
100 | { | |
101 | struct ncp_server *server = sk->sk_user_data; | |
102 | ||
103 | server->error_report(sk); | |
104 | schedule_work(&server->rcv.tq); | |
105 | } | |
106 | ||
107 | void ncp_tcp_write_space(struct sock *sk) | |
108 | { | |
109 | struct ncp_server *server = sk->sk_user_data; | |
110 | ||
111 | /* We do not need any locking: we first set tx.creq, and then we do sendmsg, | |
112 | not vice versa... */ | |
113 | server->write_space(sk); | |
114 | if (server->tx.creq) | |
115 | schedule_work(&server->tx.tq); | |
116 | } | |
117 | ||
118 | void ncpdgram_timeout_call(unsigned long v) | |
119 | { | |
120 | struct ncp_server *server = (void*)v; | |
121 | ||
122 | schedule_work(&server->timeout_tq); | |
123 | } | |
124 | ||
c5f93cf1 | 125 | static inline void ncp_finish_request(struct ncp_server *server, struct ncp_request_reply *req, int result) |
1da177e4 LT |
126 | { |
127 | req->result = result; | |
c5f93cf1 PO |
128 | if (req->status != RQ_ABANDONED) |
129 | memcpy(req->reply_buf, server->rxbuf, req->datalen); | |
1da177e4 LT |
130 | req->status = RQ_DONE; |
131 | wake_up_all(&req->wq); | |
c5f93cf1 | 132 | ncp_req_put(req); |
1da177e4 LT |
133 | } |
134 | ||
c5f93cf1 | 135 | static void __abort_ncp_connection(struct ncp_server *server) |
1da177e4 LT |
136 | { |
137 | struct ncp_request_reply *req; | |
138 | ||
139 | ncp_invalidate_conn(server); | |
140 | del_timer(&server->timeout_tm); | |
141 | while (!list_empty(&server->tx.requests)) { | |
142 | req = list_entry(server->tx.requests.next, struct ncp_request_reply, req); | |
143 | ||
144 | list_del_init(&req->req); | |
c5f93cf1 | 145 | ncp_finish_request(server, req, -EIO); |
1da177e4 LT |
146 | } |
147 | req = server->rcv.creq; | |
148 | if (req) { | |
149 | server->rcv.creq = NULL; | |
c5f93cf1 | 150 | ncp_finish_request(server, req, -EIO); |
1da177e4 LT |
151 | server->rcv.ptr = NULL; |
152 | server->rcv.state = 0; | |
153 | } | |
154 | req = server->tx.creq; | |
155 | if (req) { | |
156 | server->tx.creq = NULL; | |
c5f93cf1 | 157 | ncp_finish_request(server, req, -EIO); |
1da177e4 LT |
158 | } |
159 | } | |
160 | ||
161 | static inline int get_conn_number(struct ncp_reply_header *rp) | |
162 | { | |
163 | return rp->conn_low | (rp->conn_high << 8); | |
164 | } | |
165 | ||
166 | static inline void __ncp_abort_request(struct ncp_server *server, struct ncp_request_reply *req, int err) | |
167 | { | |
168 | /* If req is done, we got signal, but we also received answer... */ | |
169 | switch (req->status) { | |
170 | case RQ_IDLE: | |
171 | case RQ_DONE: | |
172 | break; | |
173 | case RQ_QUEUED: | |
174 | list_del_init(&req->req); | |
c5f93cf1 | 175 | ncp_finish_request(server, req, err); |
1da177e4 LT |
176 | break; |
177 | case RQ_INPROGRESS: | |
c5f93cf1 PO |
178 | req->status = RQ_ABANDONED; |
179 | break; | |
180 | case RQ_ABANDONED: | |
1da177e4 LT |
181 | break; |
182 | } | |
183 | } | |
184 | ||
185 | static inline void ncp_abort_request(struct ncp_server *server, struct ncp_request_reply *req, int err) | |
186 | { | |
8e3f9045 | 187 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 | 188 | __ncp_abort_request(server, req, err); |
8e3f9045 | 189 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
190 | } |
191 | ||
192 | static inline void __ncptcp_abort(struct ncp_server *server) | |
193 | { | |
c5f93cf1 | 194 | __abort_ncp_connection(server); |
1da177e4 LT |
195 | } |
196 | ||
197 | static int ncpdgram_send(struct socket *sock, struct ncp_request_reply *req) | |
198 | { | |
2cebcc78 AV |
199 | struct msghdr msg = { .msg_iter = req->from, .msg_flags = MSG_DONTWAIT }; |
200 | return sock_sendmsg(sock, &msg); | |
1da177e4 LT |
201 | } |
202 | ||
203 | static void __ncptcp_try_send(struct ncp_server *server) | |
204 | { | |
205 | struct ncp_request_reply *rq; | |
2cebcc78 | 206 | struct msghdr msg = { .msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT }; |
1da177e4 LT |
207 | int result; |
208 | ||
209 | rq = server->tx.creq; | |
210 | if (!rq) | |
211 | return; | |
212 | ||
2cebcc78 AV |
213 | msg.msg_iter = rq->from; |
214 | result = sock_sendmsg(server->ncp_sock, &msg); | |
1da177e4 LT |
215 | |
216 | if (result == -EAGAIN) | |
217 | return; | |
218 | ||
219 | if (result < 0) { | |
b41f8b84 | 220 | pr_err("tcp: Send failed: %d\n", result); |
1da177e4 LT |
221 | __ncp_abort_request(server, rq, result); |
222 | return; | |
223 | } | |
2cebcc78 | 224 | if (!msg_data_left(&msg)) { |
1da177e4 LT |
225 | server->rcv.creq = rq; |
226 | server->tx.creq = NULL; | |
227 | return; | |
228 | } | |
2cebcc78 | 229 | rq->from = msg.msg_iter; |
1da177e4 LT |
230 | } |
231 | ||
232 | static inline void ncp_init_header(struct ncp_server *server, struct ncp_request_reply *req, struct ncp_request_header *h) | |
233 | { | |
234 | req->status = RQ_INPROGRESS; | |
235 | h->conn_low = server->connection; | |
236 | h->conn_high = server->connection >> 8; | |
237 | h->sequence = ++server->sequence; | |
238 | } | |
239 | ||
240 | static void ncpdgram_start_request(struct ncp_server *server, struct ncp_request_reply *req) | |
241 | { | |
2cebcc78 AV |
242 | size_t signlen, len = req->tx_iov[1].iov_len; |
243 | struct ncp_request_header *h = req->tx_iov[1].iov_base; | |
1da177e4 | 244 | |
1da177e4 | 245 | ncp_init_header(server, req, h); |
2cebcc78 AV |
246 | signlen = sign_packet(server, |
247 | req->tx_iov[1].iov_base + sizeof(struct ncp_request_header) - 1, | |
248 | len - sizeof(struct ncp_request_header) + 1, | |
249 | cpu_to_le32(len), req->sign); | |
1da177e4 | 250 | if (signlen) { |
2cebcc78 AV |
251 | /* NCP over UDP appends signature */ |
252 | req->tx_iov[2].iov_base = req->sign; | |
253 | req->tx_iov[2].iov_len = signlen; | |
1da177e4 | 254 | } |
2cebcc78 AV |
255 | iov_iter_kvec(&req->from, WRITE | ITER_KVEC, |
256 | req->tx_iov + 1, signlen ? 2 : 1, len + signlen); | |
1da177e4 LT |
257 | server->rcv.creq = req; |
258 | server->timeout_last = server->m.time_out; | |
259 | server->timeout_retries = server->m.retry_count; | |
260 | ncpdgram_send(server->ncp_sock, req); | |
261 | mod_timer(&server->timeout_tm, jiffies + server->m.time_out); | |
262 | } | |
263 | ||
264 | #define NCP_TCP_XMIT_MAGIC (0x446D6454) | |
265 | #define NCP_TCP_XMIT_VERSION (1) | |
266 | #define NCP_TCP_RCVD_MAGIC (0x744E6350) | |
267 | ||
268 | static void ncptcp_start_request(struct ncp_server *server, struct ncp_request_reply *req) | |
269 | { | |
2cebcc78 AV |
270 | size_t signlen, len = req->tx_iov[1].iov_len; |
271 | struct ncp_request_header *h = req->tx_iov[1].iov_base; | |
1da177e4 | 272 | |
1da177e4 LT |
273 | ncp_init_header(server, req, h); |
274 | signlen = sign_packet(server, req->tx_iov[1].iov_base + sizeof(struct ncp_request_header) - 1, | |
2cebcc78 AV |
275 | len - sizeof(struct ncp_request_header) + 1, |
276 | cpu_to_be32(len + 24), req->sign + 4) + 16; | |
1da177e4 LT |
277 | |
278 | req->sign[0] = htonl(NCP_TCP_XMIT_MAGIC); | |
2cebcc78 | 279 | req->sign[1] = htonl(len + signlen); |
1da177e4 LT |
280 | req->sign[2] = htonl(NCP_TCP_XMIT_VERSION); |
281 | req->sign[3] = htonl(req->datalen + 8); | |
2cebcc78 | 282 | /* NCP over TCP prepends signature */ |
1da177e4 LT |
283 | req->tx_iov[0].iov_base = req->sign; |
284 | req->tx_iov[0].iov_len = signlen; | |
2cebcc78 AV |
285 | iov_iter_kvec(&req->from, WRITE | ITER_KVEC, |
286 | req->tx_iov, 2, len + signlen); | |
1da177e4 LT |
287 | |
288 | server->tx.creq = req; | |
289 | __ncptcp_try_send(server); | |
290 | } | |
291 | ||
292 | static inline void __ncp_start_request(struct ncp_server *server, struct ncp_request_reply *req) | |
293 | { | |
c5f93cf1 PO |
294 | /* we copy the data so that we do not depend on the caller |
295 | staying alive */ | |
296 | memcpy(server->txbuf, req->tx_iov[1].iov_base, req->tx_iov[1].iov_len); | |
297 | req->tx_iov[1].iov_base = server->txbuf; | |
298 | ||
1da177e4 LT |
299 | if (server->ncp_sock->type == SOCK_STREAM) |
300 | ncptcp_start_request(server, req); | |
301 | else | |
302 | ncpdgram_start_request(server, req); | |
303 | } | |
304 | ||
305 | static int ncp_add_request(struct ncp_server *server, struct ncp_request_reply *req) | |
306 | { | |
8e3f9045 | 307 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 | 308 | if (!ncp_conn_valid(server)) { |
8e3f9045 | 309 | mutex_unlock(&server->rcv.creq_mutex); |
b41f8b84 | 310 | pr_err("tcp: Server died\n"); |
1da177e4 LT |
311 | return -EIO; |
312 | } | |
c5f93cf1 | 313 | ncp_req_get(req); |
1da177e4 LT |
314 | if (server->tx.creq || server->rcv.creq) { |
315 | req->status = RQ_QUEUED; | |
316 | list_add_tail(&req->req, &server->tx.requests); | |
8e3f9045 | 317 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
318 | return 0; |
319 | } | |
320 | __ncp_start_request(server, req); | |
8e3f9045 | 321 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
322 | return 0; |
323 | } | |
324 | ||
325 | static void __ncp_next_request(struct ncp_server *server) | |
326 | { | |
327 | struct ncp_request_reply *req; | |
328 | ||
329 | server->rcv.creq = NULL; | |
330 | if (list_empty(&server->tx.requests)) { | |
331 | return; | |
332 | } | |
333 | req = list_entry(server->tx.requests.next, struct ncp_request_reply, req); | |
334 | list_del_init(&req->req); | |
335 | __ncp_start_request(server, req); | |
336 | } | |
337 | ||
338 | static void info_server(struct ncp_server *server, unsigned int id, const void * data, size_t len) | |
339 | { | |
340 | if (server->info_sock) { | |
b8e2df1f AV |
341 | struct msghdr msg = { .msg_flags = MSG_NOSIGNAL }; |
342 | __be32 hdr[2] = {cpu_to_be32(len + 8), cpu_to_be32(id)}; | |
343 | struct kvec iov[2] = { | |
344 | {.iov_base = hdr, .iov_len = 8}, | |
345 | {.iov_base = (void *)data, .iov_len = len}, | |
346 | }; | |
347 | ||
348 | iov_iter_kvec(&msg.msg_iter, ITER_KVEC | WRITE, | |
349 | iov, 2, len + 8); | |
1da177e4 | 350 | |
b8e2df1f | 351 | sock_sendmsg(server->info_sock, &msg); |
1da177e4 LT |
352 | } |
353 | } | |
354 | ||
c4028958 | 355 | void ncpdgram_rcv_proc(struct work_struct *work) |
1da177e4 | 356 | { |
c4028958 DH |
357 | struct ncp_server *server = |
358 | container_of(work, struct ncp_server, rcv.tq); | |
1da177e4 LT |
359 | struct socket* sock; |
360 | ||
361 | sock = server->ncp_sock; | |
362 | ||
363 | while (1) { | |
364 | struct ncp_reply_header reply; | |
365 | int result; | |
366 | ||
367 | result = _recv(sock, &reply, sizeof(reply), MSG_PEEK | MSG_DONTWAIT); | |
368 | if (result < 0) { | |
369 | break; | |
370 | } | |
371 | if (result >= sizeof(reply)) { | |
372 | struct ncp_request_reply *req; | |
373 | ||
374 | if (reply.type == NCP_WATCHDOG) { | |
375 | unsigned char buf[10]; | |
376 | ||
377 | if (server->connection != get_conn_number(&reply)) { | |
378 | goto drop; | |
379 | } | |
380 | result = _recv(sock, buf, sizeof(buf), MSG_DONTWAIT); | |
381 | if (result < 0) { | |
d3b73ca1 | 382 | ncp_dbg(1, "recv failed with %d\n", result); |
1da177e4 LT |
383 | continue; |
384 | } | |
385 | if (result < 10) { | |
d3b73ca1 | 386 | ncp_dbg(1, "too short (%u) watchdog packet\n", result); |
1da177e4 LT |
387 | continue; |
388 | } | |
389 | if (buf[9] != '?') { | |
d3b73ca1 | 390 | ncp_dbg(1, "bad signature (%02X) in watchdog packet\n", buf[9]); |
1da177e4 LT |
391 | continue; |
392 | } | |
393 | buf[9] = 'Y'; | |
394 | _send(sock, buf, sizeof(buf)); | |
395 | continue; | |
396 | } | |
397 | if (reply.type != NCP_POSITIVE_ACK && reply.type != NCP_REPLY) { | |
398 | result = _recv(sock, server->unexpected_packet.data, sizeof(server->unexpected_packet.data), MSG_DONTWAIT); | |
399 | if (result < 0) { | |
400 | continue; | |
401 | } | |
402 | info_server(server, 0, server->unexpected_packet.data, result); | |
403 | continue; | |
404 | } | |
8e3f9045 | 405 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 LT |
406 | req = server->rcv.creq; |
407 | if (req && (req->tx_type == NCP_ALLOC_SLOT_REQUEST || (server->sequence == reply.sequence && | |
408 | server->connection == get_conn_number(&reply)))) { | |
409 | if (reply.type == NCP_POSITIVE_ACK) { | |
410 | server->timeout_retries = server->m.retry_count; | |
411 | server->timeout_last = NCP_MAX_RPC_TIMEOUT; | |
412 | mod_timer(&server->timeout_tm, jiffies + NCP_MAX_RPC_TIMEOUT); | |
413 | } else if (reply.type == NCP_REPLY) { | |
c5f93cf1 | 414 | result = _recv(sock, server->rxbuf, req->datalen, MSG_DONTWAIT); |
1da177e4 LT |
415 | #ifdef CONFIG_NCPFS_PACKET_SIGNING |
416 | if (result >= 0 && server->sign_active && req->tx_type != NCP_DEALLOC_SLOT_REQUEST) { | |
417 | if (result < 8 + 8) { | |
418 | result = -EIO; | |
419 | } else { | |
420 | unsigned int hdrl; | |
421 | ||
422 | result -= 8; | |
423 | hdrl = sock->sk->sk_family == AF_INET ? 8 : 6; | |
c5f93cf1 | 424 | if (sign_verify_reply(server, server->rxbuf + hdrl, result - hdrl, cpu_to_le32(result), server->rxbuf + result)) { |
b41f8b84 | 425 | pr_info("Signature violation\n"); |
1da177e4 LT |
426 | result = -EIO; |
427 | } | |
428 | } | |
429 | } | |
430 | #endif | |
431 | del_timer(&server->timeout_tm); | |
432 | server->rcv.creq = NULL; | |
c5f93cf1 | 433 | ncp_finish_request(server, req, result); |
1da177e4 | 434 | __ncp_next_request(server); |
8e3f9045 | 435 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
436 | continue; |
437 | } | |
438 | } | |
8e3f9045 | 439 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
440 | } |
441 | drop:; | |
442 | _recv(sock, &reply, sizeof(reply), MSG_DONTWAIT); | |
443 | } | |
444 | } | |
445 | ||
446 | static void __ncpdgram_timeout_proc(struct ncp_server *server) | |
447 | { | |
448 | /* If timer is pending, we are processing another request... */ | |
449 | if (!timer_pending(&server->timeout_tm)) { | |
450 | struct ncp_request_reply* req; | |
451 | ||
452 | req = server->rcv.creq; | |
453 | if (req) { | |
454 | int timeout; | |
455 | ||
456 | if (server->m.flags & NCP_MOUNT_SOFT) { | |
457 | if (server->timeout_retries-- == 0) { | |
458 | __ncp_abort_request(server, req, -ETIMEDOUT); | |
459 | return; | |
460 | } | |
461 | } | |
462 | /* Ignore errors */ | |
463 | ncpdgram_send(server->ncp_sock, req); | |
464 | timeout = server->timeout_last << 1; | |
465 | if (timeout > NCP_MAX_RPC_TIMEOUT) { | |
466 | timeout = NCP_MAX_RPC_TIMEOUT; | |
467 | } | |
468 | server->timeout_last = timeout; | |
469 | mod_timer(&server->timeout_tm, jiffies + timeout); | |
470 | } | |
471 | } | |
472 | } | |
473 | ||
c4028958 | 474 | void ncpdgram_timeout_proc(struct work_struct *work) |
1da177e4 | 475 | { |
c4028958 DH |
476 | struct ncp_server *server = |
477 | container_of(work, struct ncp_server, timeout_tq); | |
8e3f9045 | 478 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 | 479 | __ncpdgram_timeout_proc(server); |
8e3f9045 | 480 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
481 | } |
482 | ||
1da177e4 LT |
483 | static int do_tcp_rcv(struct ncp_server *server, void *buffer, size_t len) |
484 | { | |
485 | int result; | |
486 | ||
487 | if (buffer) { | |
488 | result = _recv(server->ncp_sock, buffer, len, MSG_DONTWAIT); | |
489 | } else { | |
490 | static unsigned char dummy[1024]; | |
491 | ||
492 | if (len > sizeof(dummy)) { | |
493 | len = sizeof(dummy); | |
494 | } | |
495 | result = _recv(server->ncp_sock, dummy, len, MSG_DONTWAIT); | |
496 | } | |
497 | if (result < 0) { | |
498 | return result; | |
499 | } | |
500 | if (result > len) { | |
b41f8b84 | 501 | pr_err("tcp: bug in recvmsg (%u > %Zu)\n", result, len); |
1da177e4 LT |
502 | return -EIO; |
503 | } | |
504 | return result; | |
505 | } | |
506 | ||
507 | static int __ncptcp_rcv_proc(struct ncp_server *server) | |
508 | { | |
509 | /* We have to check the result, so store the complete header */ | |
510 | while (1) { | |
511 | int result; | |
512 | struct ncp_request_reply *req; | |
513 | int datalen; | |
514 | int type; | |
515 | ||
516 | while (server->rcv.len) { | |
517 | result = do_tcp_rcv(server, server->rcv.ptr, server->rcv.len); | |
518 | if (result == -EAGAIN) { | |
519 | return 0; | |
520 | } | |
521 | if (result <= 0) { | |
522 | req = server->rcv.creq; | |
523 | if (req) { | |
524 | __ncp_abort_request(server, req, -EIO); | |
525 | } else { | |
526 | __ncptcp_abort(server); | |
527 | } | |
528 | if (result < 0) { | |
b41f8b84 | 529 | pr_err("tcp: error in recvmsg: %d\n", result); |
1da177e4 | 530 | } else { |
d3b73ca1 | 531 | ncp_dbg(1, "tcp: EOF\n"); |
1da177e4 LT |
532 | } |
533 | return -EIO; | |
534 | } | |
535 | if (server->rcv.ptr) { | |
536 | server->rcv.ptr += result; | |
537 | } | |
538 | server->rcv.len -= result; | |
539 | } | |
540 | switch (server->rcv.state) { | |
541 | case 0: | |
542 | if (server->rcv.buf.magic != htonl(NCP_TCP_RCVD_MAGIC)) { | |
b41f8b84 | 543 | pr_err("tcp: Unexpected reply type %08X\n", ntohl(server->rcv.buf.magic)); |
1da177e4 LT |
544 | __ncptcp_abort(server); |
545 | return -EIO; | |
546 | } | |
547 | datalen = ntohl(server->rcv.buf.len) & 0x0FFFFFFF; | |
548 | if (datalen < 10) { | |
b41f8b84 | 549 | pr_err("tcp: Unexpected reply len %d\n", datalen); |
1da177e4 LT |
550 | __ncptcp_abort(server); |
551 | return -EIO; | |
552 | } | |
553 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | |
554 | if (server->sign_active) { | |
555 | if (datalen < 18) { | |
b41f8b84 | 556 | pr_err("tcp: Unexpected reply len %d\n", datalen); |
1da177e4 LT |
557 | __ncptcp_abort(server); |
558 | return -EIO; | |
559 | } | |
560 | server->rcv.buf.len = datalen - 8; | |
561 | server->rcv.ptr = (unsigned char*)&server->rcv.buf.p1; | |
562 | server->rcv.len = 8; | |
563 | server->rcv.state = 4; | |
564 | break; | |
565 | } | |
566 | #endif | |
567 | type = ntohs(server->rcv.buf.type); | |
568 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | |
569 | cont:; | |
570 | #endif | |
571 | if (type != NCP_REPLY) { | |
572 | if (datalen - 8 <= sizeof(server->unexpected_packet.data)) { | |
573 | *(__u16*)(server->unexpected_packet.data) = htons(type); | |
574 | server->unexpected_packet.len = datalen - 8; | |
575 | ||
576 | server->rcv.state = 5; | |
577 | server->rcv.ptr = server->unexpected_packet.data + 2; | |
578 | server->rcv.len = datalen - 10; | |
579 | break; | |
580 | } | |
d3b73ca1 | 581 | ncp_dbg(1, "tcp: Unexpected NCP type %02X\n", type); |
1da177e4 LT |
582 | skipdata2:; |
583 | server->rcv.state = 2; | |
584 | skipdata:; | |
585 | server->rcv.ptr = NULL; | |
586 | server->rcv.len = datalen - 10; | |
587 | break; | |
588 | } | |
589 | req = server->rcv.creq; | |
590 | if (!req) { | |
d3b73ca1 | 591 | ncp_dbg(1, "Reply without appropriate request\n"); |
1da177e4 LT |
592 | goto skipdata2; |
593 | } | |
594 | if (datalen > req->datalen + 8) { | |
b41f8b84 | 595 | pr_err("tcp: Unexpected reply len %d (expected at most %Zd)\n", datalen, req->datalen + 8); |
1da177e4 LT |
596 | server->rcv.state = 3; |
597 | goto skipdata; | |
598 | } | |
599 | req->datalen = datalen - 8; | |
c5f93cf1 PO |
600 | ((struct ncp_reply_header*)server->rxbuf)->type = NCP_REPLY; |
601 | server->rcv.ptr = server->rxbuf + 2; | |
1da177e4 LT |
602 | server->rcv.len = datalen - 10; |
603 | server->rcv.state = 1; | |
604 | break; | |
605 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | |
606 | case 4: | |
607 | datalen = server->rcv.buf.len; | |
608 | type = ntohs(server->rcv.buf.type2); | |
609 | goto cont; | |
610 | #endif | |
611 | case 1: | |
612 | req = server->rcv.creq; | |
613 | if (req->tx_type != NCP_ALLOC_SLOT_REQUEST) { | |
c5f93cf1 | 614 | if (((struct ncp_reply_header*)server->rxbuf)->sequence != server->sequence) { |
b41f8b84 | 615 | pr_err("tcp: Bad sequence number\n"); |
1da177e4 LT |
616 | __ncp_abort_request(server, req, -EIO); |
617 | return -EIO; | |
618 | } | |
c5f93cf1 | 619 | if ((((struct ncp_reply_header*)server->rxbuf)->conn_low | (((struct ncp_reply_header*)server->rxbuf)->conn_high << 8)) != server->connection) { |
b41f8b84 | 620 | pr_err("tcp: Connection number mismatch\n"); |
1da177e4 LT |
621 | __ncp_abort_request(server, req, -EIO); |
622 | return -EIO; | |
623 | } | |
624 | } | |
625 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | |
626 | if (server->sign_active && req->tx_type != NCP_DEALLOC_SLOT_REQUEST) { | |
c5f93cf1 | 627 | if (sign_verify_reply(server, server->rxbuf + 6, req->datalen - 6, cpu_to_be32(req->datalen + 16), &server->rcv.buf.type)) { |
b41f8b84 | 628 | pr_err("tcp: Signature violation\n"); |
1da177e4 LT |
629 | __ncp_abort_request(server, req, -EIO); |
630 | return -EIO; | |
631 | } | |
632 | } | |
633 | #endif | |
c5f93cf1 | 634 | ncp_finish_request(server, req, req->datalen); |
1da177e4 LT |
635 | nextreq:; |
636 | __ncp_next_request(server); | |
637 | case 2: | |
638 | next:; | |
639 | server->rcv.ptr = (unsigned char*)&server->rcv.buf; | |
640 | server->rcv.len = 10; | |
641 | server->rcv.state = 0; | |
642 | break; | |
643 | case 3: | |
c5f93cf1 | 644 | ncp_finish_request(server, server->rcv.creq, -EIO); |
1da177e4 LT |
645 | goto nextreq; |
646 | case 5: | |
647 | info_server(server, 0, server->unexpected_packet.data, server->unexpected_packet.len); | |
648 | goto next; | |
649 | } | |
650 | } | |
651 | } | |
652 | ||
c4028958 | 653 | void ncp_tcp_rcv_proc(struct work_struct *work) |
1da177e4 | 654 | { |
c4028958 DH |
655 | struct ncp_server *server = |
656 | container_of(work, struct ncp_server, rcv.tq); | |
1da177e4 | 657 | |
8e3f9045 | 658 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 | 659 | __ncptcp_rcv_proc(server); |
8e3f9045 | 660 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
661 | } |
662 | ||
c4028958 | 663 | void ncp_tcp_tx_proc(struct work_struct *work) |
1da177e4 | 664 | { |
c4028958 DH |
665 | struct ncp_server *server = |
666 | container_of(work, struct ncp_server, tx.tq); | |
1da177e4 | 667 | |
8e3f9045 | 668 | mutex_lock(&server->rcv.creq_mutex); |
1da177e4 | 669 | __ncptcp_try_send(server); |
8e3f9045 | 670 | mutex_unlock(&server->rcv.creq_mutex); |
1da177e4 LT |
671 | } |
672 | ||
673 | static int do_ncp_rpc_call(struct ncp_server *server, int size, | |
c5f93cf1 | 674 | unsigned char* reply_buf, int max_reply_size) |
1da177e4 LT |
675 | { |
676 | int result; | |
c5f93cf1 PO |
677 | struct ncp_request_reply *req; |
678 | ||
679 | req = ncp_alloc_req(); | |
680 | if (!req) | |
681 | return -ENOMEM; | |
682 | ||
683 | req->reply_buf = reply_buf; | |
684 | req->datalen = max_reply_size; | |
685 | req->tx_iov[1].iov_base = server->packet; | |
686 | req->tx_iov[1].iov_len = size; | |
c5f93cf1 PO |
687 | req->tx_type = *(u_int16_t*)server->packet; |
688 | ||
689 | result = ncp_add_request(server, req); | |
690 | if (result < 0) | |
691 | goto out; | |
692 | ||
693 | if (wait_event_interruptible(req->wq, req->status == RQ_DONE)) { | |
694 | ncp_abort_request(server, req, -EINTR); | |
695 | result = -EINTR; | |
696 | goto out; | |
1da177e4 | 697 | } |
c5f93cf1 PO |
698 | |
699 | result = req->result; | |
700 | ||
701 | out: | |
702 | ncp_req_put(req); | |
703 | ||
704 | return result; | |
1da177e4 LT |
705 | } |
706 | ||
707 | /* | |
708 | * We need the server to be locked here, so check! | |
709 | */ | |
710 | ||
711 | static int ncp_do_request(struct ncp_server *server, int size, | |
712 | void* reply, int max_reply_size) | |
713 | { | |
714 | int result; | |
715 | ||
716 | if (server->lock == 0) { | |
b41f8b84 | 717 | pr_err("Server not locked!\n"); |
1da177e4 LT |
718 | return -EIO; |
719 | } | |
720 | if (!ncp_conn_valid(server)) { | |
1da177e4 LT |
721 | return -EIO; |
722 | } | |
723 | { | |
724 | sigset_t old_set; | |
725 | unsigned long mask, flags; | |
726 | ||
727 | spin_lock_irqsave(¤t->sighand->siglock, flags); | |
728 | old_set = current->blocked; | |
729 | if (current->flags & PF_EXITING) | |
730 | mask = 0; | |
731 | else | |
732 | mask = sigmask(SIGKILL); | |
733 | if (server->m.flags & NCP_MOUNT_INTR) { | |
734 | /* FIXME: This doesn't seem right at all. So, like, | |
735 | we can't handle SIGINT and get whatever to stop? | |
736 | What if we've blocked it ourselves? What about | |
737 | alarms? Why, in fact, are we mucking with the | |
738 | sigmask at all? -- r~ */ | |
739 | if (current->sighand->action[SIGINT - 1].sa.sa_handler == SIG_DFL) | |
740 | mask |= sigmask(SIGINT); | |
741 | if (current->sighand->action[SIGQUIT - 1].sa.sa_handler == SIG_DFL) | |
742 | mask |= sigmask(SIGQUIT); | |
743 | } | |
744 | siginitsetinv(¤t->blocked, mask); | |
745 | recalc_sigpending(); | |
746 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | |
747 | ||
748 | result = do_ncp_rpc_call(server, size, reply, max_reply_size); | |
749 | ||
750 | spin_lock_irqsave(¤t->sighand->siglock, flags); | |
751 | current->blocked = old_set; | |
752 | recalc_sigpending(); | |
753 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | |
754 | } | |
755 | ||
d3b73ca1 | 756 | ncp_dbg(2, "do_ncp_rpc_call returned %d\n", result); |
1da177e4 | 757 | |
1da177e4 LT |
758 | return result; |
759 | } | |
760 | ||
761 | /* ncp_do_request assures that at least a complete reply header is | |
762 | * received. It assumes that server->current_size contains the ncp | |
763 | * request size | |
764 | */ | |
765 | int ncp_request2(struct ncp_server *server, int function, | |
766 | void* rpl, int size) | |
767 | { | |
768 | struct ncp_request_header *h; | |
769 | struct ncp_reply_header* reply = rpl; | |
770 | int result; | |
771 | ||
772 | h = (struct ncp_request_header *) (server->packet); | |
773 | if (server->has_subfunction != 0) { | |
774 | *(__u16 *) & (h->data[0]) = htons(server->current_size - sizeof(*h) - 2); | |
775 | } | |
776 | h->type = NCP_REQUEST; | |
777 | /* | |
778 | * The server shouldn't know or care what task is making a | |
779 | * request, so we always use the same task number. | |
780 | */ | |
781 | h->task = 2; /* (current->pid) & 0xff; */ | |
782 | h->function = function; | |
783 | ||
784 | result = ncp_do_request(server, server->current_size, reply, size); | |
785 | if (result < 0) { | |
d3b73ca1 | 786 | ncp_dbg(1, "ncp_request_error: %d\n", result); |
1da177e4 LT |
787 | goto out; |
788 | } | |
789 | server->completion = reply->completion_code; | |
790 | server->conn_status = reply->connection_state; | |
791 | server->reply_size = result; | |
792 | server->ncp_reply_size = result - sizeof(struct ncp_reply_header); | |
793 | ||
794 | result = reply->completion_code; | |
795 | ||
796 | if (result != 0) | |
e45ca8ba | 797 | ncp_vdbg("completion code=%x\n", result); |
1da177e4 LT |
798 | out: |
799 | return result; | |
800 | } | |
801 | ||
802 | int ncp_connect(struct ncp_server *server) | |
803 | { | |
804 | struct ncp_request_header *h; | |
805 | int result; | |
806 | ||
807 | server->connection = 0xFFFF; | |
808 | server->sequence = 255; | |
809 | ||
810 | h = (struct ncp_request_header *) (server->packet); | |
811 | h->type = NCP_ALLOC_SLOT_REQUEST; | |
812 | h->task = 2; /* see above */ | |
813 | h->function = 0; | |
814 | ||
815 | result = ncp_do_request(server, sizeof(*h), server->packet, server->packet_size); | |
816 | if (result < 0) | |
817 | goto out; | |
818 | server->connection = h->conn_low + (h->conn_high * 256); | |
819 | result = 0; | |
820 | out: | |
821 | return result; | |
822 | } | |
823 | ||
824 | int ncp_disconnect(struct ncp_server *server) | |
825 | { | |
826 | struct ncp_request_header *h; | |
827 | ||
828 | h = (struct ncp_request_header *) (server->packet); | |
829 | h->type = NCP_DEALLOC_SLOT_REQUEST; | |
830 | h->task = 2; /* see above */ | |
831 | h->function = 0; | |
832 | ||
833 | return ncp_do_request(server, sizeof(*h), server->packet, server->packet_size); | |
834 | } | |
835 | ||
836 | void ncp_lock_server(struct ncp_server *server) | |
837 | { | |
8e3f9045 | 838 | mutex_lock(&server->mutex); |
1da177e4 | 839 | if (server->lock) |
b41f8b84 | 840 | pr_warn("%s: was locked!\n", __func__); |
1da177e4 LT |
841 | server->lock = 1; |
842 | } | |
843 | ||
844 | void ncp_unlock_server(struct ncp_server *server) | |
845 | { | |
846 | if (!server->lock) { | |
b41f8b84 | 847 | pr_warn("%s: was not locked!\n", __func__); |
1da177e4 LT |
848 | return; |
849 | } | |
850 | server->lock = 0; | |
8e3f9045 | 851 | mutex_unlock(&server->mutex); |
1da177e4 | 852 | } |