85911f7958
Changes in 4.9.322 dm raid: fix KASAN warning in raid5_add_disks SUNRPC: Fix READ_PLUS crasher net: rose: fix UAF bugs caused by timer handler net: usb: ax88179_178a: Fix packet receiving usbnet: make sure no NULL pointer is passed through usbnet: fix memory allocation in helpers powerpc/powernv: wire up rng during setup_arch caif_virtio: fix race between virtio_device_ready() and ndo_open() netfilter: nft_dynset: restore set element counter when failing to update net: bonding: fix possible NULL deref in rlb code net: bonding: fix use-after-free after 802.3ad slave unbind nfc: nfcmrvl: Fix irq_of_parse_and_map() return value NFC: nxp-nci: Don't issue a zero length i2c_master_read() xen/gntdev: Avoid blocking in unmap_grant_pages() hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails sit: use min ipv6/sit: fix ipip6_tunnel_get_prl return value net: Rename and export copy_skb_header xen/blkfront: fix leaking data in shared pages xen/netfront: fix leaking data in shared pages xen/netfront: force data bouncing when backend is untrusted xen/blkfront: force data bouncing when backend is untrusted xen/arm: Fix race in RB-tree based P2M accounting qmi_wwan: Added support for Telit LN940 series net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition net: usb: qmi_wwan: add Telit 0x1060 composition net: usb: qmi_wwan: add Telit 0x1070 composition Linux 4.9.322 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I38531cdafc0a16ea008a8b3f97129d01faaeea24
221 lines
5.2 KiB
C
221 lines
5.2 KiB
C
/*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
|
|
* Copyright (C) 2002 Ralf Baechle DO1GRB (ralf@gnu.org)
|
|
*/
|
|
#include <linux/errno.h>
|
|
#include <linux/types.h>
|
|
#include <linux/socket.h>
|
|
#include <linux/in.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/jiffies.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/string.h>
|
|
#include <linux/sockios.h>
|
|
#include <linux/net.h>
|
|
#include <net/ax25.h>
|
|
#include <linux/inet.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/sock.h>
|
|
#include <net/tcp_states.h>
|
|
#include <linux/fcntl.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/interrupt.h>
|
|
#include <net/rose.h>
|
|
|
|
static void rose_heartbeat_expiry(unsigned long);
|
|
static void rose_timer_expiry(unsigned long);
|
|
static void rose_idletimer_expiry(unsigned long);
|
|
|
|
void rose_start_heartbeat(struct sock *sk)
|
|
{
|
|
sk_stop_timer(sk, &sk->sk_timer);
|
|
|
|
sk->sk_timer.data = (unsigned long)sk;
|
|
sk->sk_timer.function = &rose_heartbeat_expiry;
|
|
sk->sk_timer.expires = jiffies + 5 * HZ;
|
|
|
|
sk_reset_timer(sk, &sk->sk_timer, sk->sk_timer.expires);
|
|
}
|
|
|
|
void rose_start_t1timer(struct sock *sk)
|
|
{
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
sk_stop_timer(sk, &rose->timer);
|
|
|
|
rose->timer.data = (unsigned long)sk;
|
|
rose->timer.function = &rose_timer_expiry;
|
|
rose->timer.expires = jiffies + rose->t1;
|
|
|
|
sk_reset_timer(sk, &rose->timer, rose->timer.expires);
|
|
}
|
|
|
|
void rose_start_t2timer(struct sock *sk)
|
|
{
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
sk_stop_timer(sk, &rose->timer);
|
|
|
|
rose->timer.data = (unsigned long)sk;
|
|
rose->timer.function = &rose_timer_expiry;
|
|
rose->timer.expires = jiffies + rose->t2;
|
|
|
|
sk_reset_timer(sk, &rose->timer, rose->timer.expires);
|
|
}
|
|
|
|
void rose_start_t3timer(struct sock *sk)
|
|
{
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
sk_stop_timer(sk, &rose->timer);
|
|
|
|
rose->timer.data = (unsigned long)sk;
|
|
rose->timer.function = &rose_timer_expiry;
|
|
rose->timer.expires = jiffies + rose->t3;
|
|
|
|
sk_reset_timer(sk, &rose->timer, rose->timer.expires);
|
|
}
|
|
|
|
void rose_start_hbtimer(struct sock *sk)
|
|
{
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
sk_stop_timer(sk, &rose->timer);
|
|
|
|
rose->timer.data = (unsigned long)sk;
|
|
rose->timer.function = &rose_timer_expiry;
|
|
rose->timer.expires = jiffies + rose->hb;
|
|
|
|
sk_reset_timer(sk, &rose->timer, rose->timer.expires);
|
|
}
|
|
|
|
void rose_start_idletimer(struct sock *sk)
|
|
{
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
sk_stop_timer(sk, &rose->timer);
|
|
|
|
if (rose->idle > 0) {
|
|
rose->idletimer.data = (unsigned long)sk;
|
|
rose->idletimer.function = &rose_idletimer_expiry;
|
|
rose->idletimer.expires = jiffies + rose->idle;
|
|
|
|
sk_reset_timer(sk, &rose->idletimer, rose->idletimer.expires);
|
|
}
|
|
}
|
|
|
|
void rose_stop_heartbeat(struct sock *sk)
|
|
{
|
|
sk_stop_timer(sk, &sk->sk_timer);
|
|
}
|
|
|
|
void rose_stop_timer(struct sock *sk)
|
|
{
|
|
sk_stop_timer(sk, &rose_sk(sk)->timer);
|
|
}
|
|
|
|
void rose_stop_idletimer(struct sock *sk)
|
|
{
|
|
sk_stop_timer(sk, &rose_sk(sk)->idletimer);
|
|
}
|
|
|
|
static void rose_heartbeat_expiry(unsigned long param)
|
|
{
|
|
struct sock *sk = (struct sock *)param;
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
bh_lock_sock(sk);
|
|
switch (rose->state) {
|
|
case ROSE_STATE_0:
|
|
/* Magic here: If we listen() and a new link dies before it
|
|
is accepted() it isn't 'dead' so doesn't get removed. */
|
|
if (sock_flag(sk, SOCK_DESTROY) ||
|
|
(sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) {
|
|
bh_unlock_sock(sk);
|
|
rose_destroy_socket(sk);
|
|
sock_put(sk);
|
|
return;
|
|
}
|
|
break;
|
|
|
|
case ROSE_STATE_3:
|
|
/*
|
|
* Check for the state of the receive buffer.
|
|
*/
|
|
if (atomic_read(&sk->sk_rmem_alloc) < (sk->sk_rcvbuf / 2) &&
|
|
(rose->condition & ROSE_COND_OWN_RX_BUSY)) {
|
|
rose->condition &= ~ROSE_COND_OWN_RX_BUSY;
|
|
rose->condition &= ~ROSE_COND_ACK_PENDING;
|
|
rose->vl = rose->vr;
|
|
rose_write_internal(sk, ROSE_RR);
|
|
rose_stop_timer(sk); /* HB */
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
|
|
rose_start_heartbeat(sk);
|
|
bh_unlock_sock(sk);
|
|
sock_put(sk);
|
|
}
|
|
|
|
static void rose_timer_expiry(unsigned long param)
|
|
{
|
|
struct sock *sk = (struct sock *)param;
|
|
struct rose_sock *rose = rose_sk(sk);
|
|
|
|
bh_lock_sock(sk);
|
|
switch (rose->state) {
|
|
case ROSE_STATE_1: /* T1 */
|
|
case ROSE_STATE_4: /* T2 */
|
|
rose_write_internal(sk, ROSE_CLEAR_REQUEST);
|
|
rose->state = ROSE_STATE_2;
|
|
rose_start_t3timer(sk);
|
|
break;
|
|
|
|
case ROSE_STATE_2: /* T3 */
|
|
rose->neighbour->use--;
|
|
rose_disconnect(sk, ETIMEDOUT, -1, -1);
|
|
break;
|
|
|
|
case ROSE_STATE_3: /* HB */
|
|
if (rose->condition & ROSE_COND_ACK_PENDING) {
|
|
rose->condition &= ~ROSE_COND_ACK_PENDING;
|
|
rose_enquiry_response(sk);
|
|
}
|
|
break;
|
|
}
|
|
bh_unlock_sock(sk);
|
|
sock_put(sk);
|
|
}
|
|
|
|
static void rose_idletimer_expiry(unsigned long param)
|
|
{
|
|
struct sock *sk = (struct sock *)param;
|
|
|
|
bh_lock_sock(sk);
|
|
rose_clear_queues(sk);
|
|
|
|
rose_write_internal(sk, ROSE_CLEAR_REQUEST);
|
|
rose_sk(sk)->state = ROSE_STATE_2;
|
|
|
|
rose_start_t3timer(sk);
|
|
|
|
sk->sk_state = TCP_CLOSE;
|
|
sk->sk_err = 0;
|
|
sk->sk_shutdown |= SEND_SHUTDOWN;
|
|
|
|
if (!sock_flag(sk, SOCK_DEAD)) {
|
|
sk->sk_state_change(sk);
|
|
sock_set_flag(sk, SOCK_DEAD);
|
|
}
|
|
bh_unlock_sock(sk);
|
|
sock_put(sk);
|
|
}
|