aboutsummaryrefslogtreecommitdiffstats
path: root/net/can/bcm.c
diff options
context:
space:
mode:
authorOliver Hartkopp <socketcan@hartkopp.net>2010-08-11 19:12:35 -0400
committerDavid S. Miller <davem@davemloft.net>2010-08-11 19:12:35 -0400
commit5b75c4973ce779520b9d1e392483207d6f842cde (patch)
tree8d5934353d83b0caae1faecf120c8091cfbaff63 /net/can/bcm.c
parent3e9e5a5921f4b7dc098a01d01e5972bebb36491e (diff)
can: add limit for nframes and clean up signed/unsigned variables
This patch adds a limit for nframes as the number of frames in TX_SETUP and RX_SETUP are derived from a single byte multiplex value by default. Use-cases that would require to send/filter more than 256 CAN frames should be implemented in userspace for complexity reasons anyway. Additionally the assignments of unsigned values from userspace to signed values in kernelspace and vice versa are fixed by using unsigned values in kernelspace consistently. Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Reported-by: Ben Hawkes <hawkes@google.com> Acked-by: Urs Thuermann <urs.thuermann@volkswagen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/can/bcm.c')
-rw-r--r--net/can/bcm.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 9c65e9deb9c3..08ffe9e4be20 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -60,6 +60,13 @@
60#include <net/sock.h> 60#include <net/sock.h>
61#include <net/net_namespace.h> 61#include <net/net_namespace.h>
62 62
63/*
64 * To send multiple CAN frame content within TX_SETUP or to filter
65 * CAN messages with multiplex index within RX_SETUP, the number of
66 * different filters is limited to 256 due to the one byte index value.
67 */
68#define MAX_NFRAMES 256
69
63/* use of last_frames[index].can_dlc */ 70/* use of last_frames[index].can_dlc */
64#define RX_RECV 0x40 /* received data for this element */ 71#define RX_RECV 0x40 /* received data for this element */
65#define RX_THR 0x80 /* element not been sent due to throttle feature */ 72#define RX_THR 0x80 /* element not been sent due to throttle feature */
@@ -89,16 +96,16 @@ struct bcm_op {
89 struct list_head list; 96 struct list_head list;
90 int ifindex; 97 int ifindex;
91 canid_t can_id; 98 canid_t can_id;
92 int flags; 99 u32 flags;
93 unsigned long frames_abs, frames_filtered; 100 unsigned long frames_abs, frames_filtered;
94 struct timeval ival1, ival2; 101 struct timeval ival1, ival2;
95 struct hrtimer timer, thrtimer; 102 struct hrtimer timer, thrtimer;
96 struct tasklet_struct tsklet, thrtsklet; 103 struct tasklet_struct tsklet, thrtsklet;
97 ktime_t rx_stamp, kt_ival1, kt_ival2, kt_lastmsg; 104 ktime_t rx_stamp, kt_ival1, kt_ival2, kt_lastmsg;
98 int rx_ifindex; 105 int rx_ifindex;
99 int count; 106 u32 count;
100 int nframes; 107 u32 nframes;
101 int currframe; 108 u32 currframe;
102 struct can_frame *frames; 109 struct can_frame *frames;
103 struct can_frame *last_frames; 110 struct can_frame *last_frames;
104 struct can_frame sframe; 111 struct can_frame sframe;
@@ -175,7 +182,7 @@ static int bcm_proc_show(struct seq_file *m, void *v)
175 182
176 seq_printf(m, "rx_op: %03X %-5s ", 183 seq_printf(m, "rx_op: %03X %-5s ",
177 op->can_id, bcm_proc_getifname(ifname, op->ifindex)); 184 op->can_id, bcm_proc_getifname(ifname, op->ifindex));
178 seq_printf(m, "[%d]%c ", op->nframes, 185 seq_printf(m, "[%u]%c ", op->nframes,
179 (op->flags & RX_CHECK_DLC)?'d':' '); 186 (op->flags & RX_CHECK_DLC)?'d':' ');
180 if (op->kt_ival1.tv64) 187 if (op->kt_ival1.tv64)
181 seq_printf(m, "timeo=%lld ", 188 seq_printf(m, "timeo=%lld ",
@@ -198,7 +205,7 @@ static int bcm_proc_show(struct seq_file *m, void *v)
198 205
199 list_for_each_entry(op, &bo->tx_ops, list) { 206 list_for_each_entry(op, &bo->tx_ops, list) {
200 207
201 seq_printf(m, "tx_op: %03X %s [%d] ", 208 seq_printf(m, "tx_op: %03X %s [%u] ",
202 op->can_id, 209 op->can_id,
203 bcm_proc_getifname(ifname, op->ifindex), 210 bcm_proc_getifname(ifname, op->ifindex),
204 op->nframes); 211 op->nframes);
@@ -283,7 +290,7 @@ static void bcm_send_to_user(struct bcm_op *op, struct bcm_msg_head *head,
283 struct can_frame *firstframe; 290 struct can_frame *firstframe;
284 struct sockaddr_can *addr; 291 struct sockaddr_can *addr;
285 struct sock *sk = op->sk; 292 struct sock *sk = op->sk;
286 int datalen = head->nframes * CFSIZ; 293 unsigned int datalen = head->nframes * CFSIZ;
287 int err; 294 int err;
288 295
289 skb = alloc_skb(sizeof(*head) + datalen, gfp_any()); 296 skb = alloc_skb(sizeof(*head) + datalen, gfp_any());
@@ -468,7 +475,7 @@ rx_changed_settime:
468 * bcm_rx_cmp_to_index - (bit)compares the currently received data to formerly 475 * bcm_rx_cmp_to_index - (bit)compares the currently received data to formerly
469 * received data stored in op->last_frames[] 476 * received data stored in op->last_frames[]
470 */ 477 */
471static void bcm_rx_cmp_to_index(struct bcm_op *op, int index, 478static void bcm_rx_cmp_to_index(struct bcm_op *op, unsigned int index,
472 const struct can_frame *rxdata) 479 const struct can_frame *rxdata)
473{ 480{
474 /* 481 /*
@@ -554,7 +561,8 @@ static enum hrtimer_restart bcm_rx_timeout_handler(struct hrtimer *hrtimer)
554/* 561/*
555 * bcm_rx_do_flush - helper for bcm_rx_thr_flush 562 * bcm_rx_do_flush - helper for bcm_rx_thr_flush
556 */ 563 */
557static inline int bcm_rx_do_flush(struct bcm_op *op, int update, int index) 564static inline int bcm_rx_do_flush(struct bcm_op *op, int update,
565 unsigned int index)
558{ 566{
559 if ((op->last_frames) && (op->last_frames[index].can_dlc & RX_THR)) { 567 if ((op->last_frames) && (op->last_frames[index].can_dlc & RX_THR)) {
560 if (update) 568 if (update)
@@ -575,7 +583,7 @@ static int bcm_rx_thr_flush(struct bcm_op *op, int update)
575 int updated = 0; 583 int updated = 0;
576 584
577 if (op->nframes > 1) { 585 if (op->nframes > 1) {
578 int i; 586 unsigned int i;
579 587
580 /* for MUX filter we start at index 1 */ 588 /* for MUX filter we start at index 1 */
581 for (i = 1; i < op->nframes; i++) 589 for (i = 1; i < op->nframes; i++)
@@ -624,7 +632,7 @@ static void bcm_rx_handler(struct sk_buff *skb, void *data)
624{ 632{
625 struct bcm_op *op = (struct bcm_op *)data; 633 struct bcm_op *op = (struct bcm_op *)data;
626 const struct can_frame *rxframe = (struct can_frame *)skb->data; 634 const struct can_frame *rxframe = (struct can_frame *)skb->data;
627 int i; 635 unsigned int i;
628 636
629 /* disable timeout */ 637 /* disable timeout */
630 hrtimer_cancel(&op->timer); 638 hrtimer_cancel(&op->timer);
@@ -822,14 +830,15 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
822{ 830{
823 struct bcm_sock *bo = bcm_sk(sk); 831 struct bcm_sock *bo = bcm_sk(sk);
824 struct bcm_op *op; 832 struct bcm_op *op;
825 int i, err; 833 unsigned int i;
834 int err;
826 835
827 /* we need a real device to send frames */ 836 /* we need a real device to send frames */
828 if (!ifindex) 837 if (!ifindex)
829 return -ENODEV; 838 return -ENODEV;
830 839
831 /* we need at least one can_frame */ 840 /* check nframes boundaries - we need at least one can_frame */
832 if (msg_head->nframes < 1) 841 if (msg_head->nframes < 1 || msg_head->nframes > MAX_NFRAMES)
833 return -EINVAL; 842 return -EINVAL;
834 843
835 /* check the given can_id */ 844 /* check the given can_id */
@@ -993,6 +1002,10 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
993 msg_head->nframes = 0; 1002 msg_head->nframes = 0;
994 } 1003 }
995 1004
1005 /* the first element contains the mux-mask => MAX_NFRAMES + 1 */
1006 if (msg_head->nframes > MAX_NFRAMES + 1)
1007 return -EINVAL;
1008
996 if ((msg_head->flags & RX_RTR_FRAME) && 1009 if ((msg_head->flags & RX_RTR_FRAME) &&
997 ((msg_head->nframes != 1) || 1010 ((msg_head->nframes != 1) ||
998 (!(msg_head->can_id & CAN_RTR_FLAG)))) 1011 (!(msg_head->can_id & CAN_RTR_FLAG))))