/net/atm/ioctl.c

  1// SPDX-License-Identifier: GPL-2.0
  2/* ATM ioctl handling */
  3
  4/* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */
  5/* 2003 John Levon  <levon@movementarian.org> */
  6
  7#define pr_fmt(fmt) KBUILD_MODNAME ":%s: " fmt, __func__
  8
  9#include <linux/module.h>
 10#include <linux/kmod.h>
 11#include <linux/net.h>		/* struct socket, struct proto_ops */
 12#include <linux/atm.h>		/* ATM stuff */
 13#include <linux/atmdev.h>
 14#include <linux/atmclip.h>	/* CLIP_*ENCAP */
 15#include <linux/atmarp.h>	/* manifest constants */
 16#include <linux/capability.h>
 17#include <linux/sonet.h>	/* for ioctls */
 18#include <linux/atmsvc.h>
 19#include <linux/atmmpc.h>
 20#include <net/atmclip.h>
 21#include <linux/atmlec.h>
 22#include <linux/mutex.h>
 23#include <asm/ioctls.h>
 24#include <net/compat.h>
 25
 26#include "resources.h"
 27#include "signaling.h"		/* for WAITING and sigd_attach */
 28#include "common.h"
 29
 30
 31static DEFINE_MUTEX(ioctl_mutex);
 32static LIST_HEAD(ioctl_list);
 33
 34
 35void register_atm_ioctl(struct atm_ioctl *ioctl)
 36{
 37	mutex_lock(&ioctl_mutex);
 38	list_add_tail(&ioctl->list, &ioctl_list);
 39	mutex_unlock(&ioctl_mutex);
 40}
 41EXPORT_SYMBOL(register_atm_ioctl);
 42
 43void deregister_atm_ioctl(struct atm_ioctl *ioctl)
 44{
 45	mutex_lock(&ioctl_mutex);
 46	list_del(&ioctl->list);
 47	mutex_unlock(&ioctl_mutex);
 48}
 49EXPORT_SYMBOL(deregister_atm_ioctl);
 50
 51static int do_vcc_ioctl(struct socket *sock, unsigned int cmd,
 52			unsigned long arg, int compat)
 53{
 54	struct sock *sk = sock->sk;
 55	struct atm_vcc *vcc;
 56	int error;
 57	struct list_head *pos;
 58	void __user *argp = (void __user *)arg;
 59
 60	vcc = ATM_SD(sock);
 61	switch (cmd) {
 62	case SIOCOUTQ:
 63		if (sock->state != SS_CONNECTED ||
 64		    !test_bit(ATM_VF_READY, &vcc->flags)) {
 65			error =  -EINVAL;
 66			goto done;
 67		}
 68		error = put_user(sk->sk_sndbuf - sk_wmem_alloc_get(sk),
 69				 (int __user *)argp) ? -EFAULT : 0;
 70		goto done;
 71	case SIOCINQ:
 72	{
 73		struct sk_buff *skb;
 74
 75		if (sock->state != SS_CONNECTED) {
 76			error = -EINVAL;
 77			goto done;
 78		}
 79		skb = skb_peek(&sk->sk_receive_queue);
 80		error = put_user(skb ? skb->len : 0,
 81				 (int __user *)argp) ? -EFAULT : 0;
 82		goto done;
 83	}
 84	case ATM_SETSC:
 85		net_warn_ratelimited("ATM_SETSC is obsolete; used by %s:%d\n",
 86				     current->comm, task_pid_nr(current));
 87		error = 0;
 88		goto done;
 89	case ATMSIGD_CTRL:
 90		if (!capable(CAP_NET_ADMIN)) {
 91			error = -EPERM;
 92			goto done;
 93		}
 94		/*
 95		 * The user/kernel protocol for exchanging signalling
 96		 * info uses kernel pointers as opaque references,
 97		 * so the holder of the file descriptor can scribble
 98		 * on the kernel... so we should make sure that we
 99		 * have the same privileges that /proc/kcore needs
100		 */
101		if (!capable(CAP_SYS_RAWIO)) {
102			error = -EPERM;
103			goto done;
104		}
105#ifdef CONFIG_COMPAT
106		/* WTF? I don't even want to _think_ about making this
107		   work for 32-bit userspace. TBH I don't really want
108		   to think about it at all. dwmw2. */
109		if (compat) {
110			net_warn_ratelimited("32-bit task cannot be atmsigd\n");
111			error = -EINVAL;
112			goto done;
113		}
114#endif
115		error = sigd_attach(vcc);
116		if (!error)
117			sock->state = SS_CONNECTED;
118		goto done;
119	case ATM_SETBACKEND:
120	case ATM_NEWBACKENDIF:
121	{
122		atm_backend_t backend;
123		error = get_user(backend, (atm_backend_t __user *)argp);
124		if (error)
125			goto done;
126		switch (backend) {
127		case ATM_BACKEND_PPP:
128			request_module("pppoatm");
129			break;
130		case ATM_BACKEND_BR2684:
131			request_module("br2684");
132			break;
133		}
134		break;
135	}
136	case ATMMPC_CTRL:
137	case ATMMPC_DATA:
138		request_module("mpoa");
139		break;
140	case ATMARPD_CTRL:
141		request_module("clip");
142		break;
143	case ATMLEC_CTRL:
144		request_module("lec");
145		break;
146	}
147
148	error = -ENOIOCTLCMD;
149
150	mutex_lock(&ioctl_mutex);
151	list_for_each(pos, &ioctl_list) {
152		struct atm_ioctl *ic = list_entry(pos, struct atm_ioctl, list);
153		if (try_module_get(ic->owner)) {
154			error = ic->ioctl(sock, cmd, arg);
155			module_put(ic->owner);
156			if (error != -ENOIOCTLCMD)
157				break;
158		}
159	}
160	mutex_unlock(&ioctl_mutex);
161
162	if (error != -ENOIOCTLCMD)
163		goto done;
164
165	error = atm_dev_ioctl(cmd, argp, compat);
166
167done:
168	return error;
169}
170
171int vcc_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
172{
173	return do_vcc_ioctl(sock, cmd, arg, 0);
174}
175
176#ifdef CONFIG_COMPAT
177/*
178 * FIXME:
179 * The compat_ioctl handling is duplicated, using both these conversion
180 * routines and the compat argument to the actual handlers. Both
181 * versions are somewhat incomplete and should be merged, e.g. by
182 * moving the ioctl number translation into the actual handlers and
183 * killing the conversion code.
184 *
185 * -arnd, November 2009
186 */
187#define ATM_GETLINKRATE32 _IOW('a', ATMIOC_ITF+1, struct compat_atmif_sioc)
188#define ATM_GETNAMES32    _IOW('a', ATMIOC_ITF+3, struct compat_atm_iobuf)
189#define ATM_GETTYPE32     _IOW('a', ATMIOC_ITF+4, struct compat_atmif_sioc)
190#define ATM_GETESI32	  _IOW('a', ATMIOC_ITF+5, struct compat_atmif_sioc)
191#define ATM_GETADDR32	  _IOW('a', ATMIOC_ITF+6, struct compat_atmif_sioc)
192#define ATM_RSTADDR32	  _IOW('a', ATMIOC_ITF+7, struct compat_atmif_sioc)
193#define ATM_ADDADDR32	  _IOW('a', ATMIOC_ITF+8, struct compat_atmif_sioc)
194#define ATM_DELADDR32	  _IOW('a', ATMIOC_ITF+9, struct compat_atmif_sioc)
195#define ATM_GETCIRANGE32  _IOW('a', ATMIOC_ITF+10, struct compat_atmif_sioc)
196#define ATM_SETCIRANGE32  _IOW('a', ATMIOC_ITF+11, struct compat_atmif_sioc)
197#define ATM_SETESI32      _IOW('a', ATMIOC_ITF+12, struct compat_atmif_sioc)
198#define ATM_SETESIF32     _IOW('a', ATMIOC_ITF+13, struct compat_atmif_sioc)
199#define ATM_GETSTAT32     _IOW('a', ATMIOC_SARCOM+0, struct compat_atmif_sioc)
200#define ATM_GETSTATZ32    _IOW('a', ATMIOC_SARCOM+1, struct compat_atmif_sioc)
201#define ATM_GETLOOP32	  _IOW('a', ATMIOC_SARCOM+2, struct compat_atmif_sioc)
202#define ATM_SETLOOP32	  _IOW('a', ATMIOC_SARCOM+3, struct compat_atmif_sioc)
203#define ATM_QUERYLOOP32	  _IOW('a', ATMIOC_SARCOM+4, struct compat_atmif_sioc)
204
205static struct {
206	unsigned int cmd32;
207	unsigned int cmd;
208} atm_ioctl_map[] = {
209	{ ATM_GETLINKRATE32, ATM_GETLINKRATE },
210	{ ATM_GETNAMES32,    ATM_GETNAMES },
211	{ ATM_GETTYPE32,     ATM_GETTYPE },
212	{ ATM_GETESI32,	     ATM_GETESI },
213	{ ATM_GETADDR32,     ATM_GETADDR },
214	{ ATM_RSTADDR32,     ATM_RSTADDR },
215	{ ATM_ADDADDR32,     ATM_ADDADDR },
216	{ ATM_DELADDR32,     ATM_DELADDR },
217	{ ATM_GETCIRANGE32,  ATM_GETCIRANGE },
218	{ ATM_SETCIRANGE32,  ATM_SETCIRANGE },
219	{ ATM_SETESI32,	     ATM_SETESI },
220	{ ATM_SETESIF32,     ATM_SETESIF },
221	{ ATM_GETSTAT32,     ATM_GETSTAT },
222	{ ATM_GETSTATZ32,    ATM_GETSTATZ },
223	{ ATM_GETLOOP32,     ATM_GETLOOP },
224	{ ATM_SETLOOP32,     ATM_SETLOOP },
225	{ ATM_QUERYLOOP32,   ATM_QUERYLOOP },
226};
227
228#define NR_ATM_IOCTL ARRAY_SIZE(atm_ioctl_map)
229
230static int do_atm_iobuf(struct socket *sock, unsigned int cmd,
231			unsigned long arg)
232{
233	struct atm_iobuf __user *iobuf;
234	struct compat_atm_iobuf __user *iobuf32;
235	u32 data;
236	void __user *datap;
237	int len, err;
238
239	iobuf = compat_alloc_user_space(sizeof(*iobuf));
240	iobuf32 = compat_ptr(arg);
241
242	if (get_user(len, &iobuf32->length) ||
243	    get_user(data, &iobuf32->buffer))
244		return -EFAULT;
245	datap = compat_ptr(data);
246	if (put_user(len, &iobuf->length) ||
247	    put_user(datap, &iobuf->buffer))
248		return -EFAULT;
249
250	err = do_vcc_ioctl(sock, cmd, (unsigned long) iobuf, 0);
251
252	if (!err) {
253		if (copy_in_user(&iobuf32->length, &iobuf->length,
254				 sizeof(int)))
255			err = -EFAULT;
256	}
257
258	return err;
259}
260
261static int do_atmif_sioc(struct socket *sock, unsigned int cmd,
262			 unsigned long arg)
263{
264	struct atmif_sioc __user *sioc;
265	struct compat_atmif_sioc __user *sioc32;
266	u32 data;
267	void __user *datap;
268	int err;
269
270	sioc = compat_alloc_user_space(sizeof(*sioc));
271	sioc32 = compat_ptr(arg);
272
273	if (copy_in_user(&sioc->number, &sioc32->number, 2 * sizeof(int)) ||
274	    get_user(data, &sioc32->arg))
275		return -EFAULT;
276	datap = compat_ptr(data);
277	if (put_user(datap, &sioc->arg))
278		return -EFAULT;
279
280	err = do_vcc_ioctl(sock, cmd, (unsigned long) sioc, 0);
281
282	if (!err) {
283		if (copy_in_user(&sioc32->length, &sioc->length,
284				 sizeof(int)))
285			err = -EFAULT;
286	}
287	return err;
288}
289
290static int do_atm_ioctl(struct socket *sock, unsigned int cmd32,
291			unsigned long arg)
292{
293	int i;
294	unsigned int cmd = 0;
295
296	switch (cmd32) {
297	case SONET_GETSTAT:
298	case SONET_GETSTATZ:
299	case SONET_GETDIAG:
300	case SONET_SETDIAG:
301	case SONET_CLRDIAG:
302	case SONET_SETFRAMING:
303	case SONET_GETFRAMING:
304	case SONET_GETFRSENSE:
305		return do_atmif_sioc(sock, cmd32, arg);
306	}
307
308	for (i = 0; i < NR_ATM_IOCTL; i++) {
309		if (cmd32 == atm_ioctl_map[i].cmd32) {
310			cmd = atm_ioctl_map[i].cmd;
311			break;
312		}
313	}
314	if (i == NR_ATM_IOCTL)
315		return -EINVAL;
316
317	switch (cmd) {
318	case ATM_GETNAMES:
319		return do_atm_iobuf(sock, cmd, arg);
320
321	case ATM_GETLINKRATE:
322	case ATM_GETTYPE:
323	case ATM_GETESI:
324	case ATM_GETADDR:
325	case ATM_RSTADDR:
326	case ATM_ADDADDR:
327	case ATM_DELADDR:
328	case ATM_GETCIRANGE:
329	case ATM_SETCIRANGE:
330	case ATM_SETESI:
331	case ATM_SETESIF:
332	case ATM_GETSTAT:
333	case ATM_GETSTATZ:
334	case ATM_GETLOOP:
335	case ATM_SETLOOP:
336	case ATM_QUERYLOOP:
337		return do_atmif_sioc(sock, cmd, arg);
338	}
339
340	return -EINVAL;
341}
342
343int vcc_compat_ioctl(struct socket *sock, unsigned int cmd,
344		     unsigned long arg)
345{
346	int ret;
347
348	ret = do_vcc_ioctl(sock, cmd, arg, 1);
349	if (ret != -ENOIOCTLCMD)
350		return ret;
351
352	return do_atm_ioctl(sock, cmd, arg);
353}
354#endif