From f3d870811c8c72bc70895db4e4171319d5aba23a Mon Sep 17 00:00:00 2001 From: =?utf8?q?=E9=BB=84=E6=B6=9B?= Date: Sat, 30 Jul 2011 22:44:45 +0800 Subject: [PATCH] Revert "net: PPPoPNS and PPPoLAC fixes." This reverts commit 286fcd1c1ed0003ba2bdbd26d1ffbe66f5980c85. --- drivers/net/pppolac.c | 129 ++++++++++++---------------- drivers/net/pppopns.c | 177 ++++++++++++++++----------------------- include/linux/if_pppox.h | 3 - 3 files changed, 125 insertions(+), 184 deletions(-) diff --git a/drivers/net/pppolac.c b/drivers/net/pppolac.c index af3202a920a0..8843a9d30911 100644 --- a/drivers/net/pppolac.c +++ b/drivers/net/pppolac.c @@ -3,6 +3,7 @@ * Driver for PPP on L2TP Access Concentrator / PPPoLAC Socket (RFC 2661) * * Copyright (C) 2009 Google, Inc. + * Author: Chia-chi Yeh * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -21,10 +22,8 @@ * only works on IPv4 due to the lack of UDP encapsulation support in IPv6. */ #include -#include #include #include -#include #include #include #include @@ -32,14 +31,13 @@ #include #include #include -#include -#define L2TP_CONTROL_BIT 0x80 -#define L2TP_LENGTH_BIT 0x40 -#define L2TP_SEQUENCE_BIT 0x08 -#define L2TP_OFFSET_BIT 0x02 -#define L2TP_VERSION 0x02 +#define L2TP_CONTROL_MASK 0x80 #define L2TP_VERSION_MASK 0x0F +#define L2TP_VERSION 0x02 +#define L2TP_LENGTH_MASK 0x40 +#define L2TP_OFFSET_MASK 0x02 +#define L2TP_SEQUENCE_MASK 0x08 #define PPP_ADDR 0xFF #define PPP_CTRL 0x03 @@ -53,10 +51,10 @@ static inline union unaligned *unaligned(void *ptr) return (union unaligned *)ptr; } -static int pppolac_recv_core(struct sock *sk_udp, struct sk_buff *skb) +static int pppolac_recv(struct sock *sk_udp, struct sk_buff *skb) { - struct sock *sk = (struct sock *)sk_udp->sk_user_data; - struct pppolac_opt *opt = &pppox_sk(sk)->proto.lac; + struct sock *sk; + struct pppolac_opt *opt; __u8 bits; __u8 *ptr; @@ -65,10 +63,10 @@ static int pppolac_recv_core(struct sock *sk_udp, struct sk_buff *skb) goto drop; /* Put it back if it is a control packet. */ - if (skb->data[sizeof(struct udphdr)] & L2TP_CONTROL_BIT) - return opt->backlog_rcv(sk_udp, skb); + if (skb->data[sizeof(struct udphdr)] & L2TP_CONTROL_MASK) + return 1; - /* Skip UDP header. */ + /* Now the packet is ours. Skip UDP header. */ skb_pull(skb, sizeof(struct udphdr)); /* Check the version. */ @@ -78,30 +76,44 @@ static int pppolac_recv_core(struct sock *sk_udp, struct sk_buff *skb) ptr = &skb->data[2]; /* Check the length if it is present. */ - if (bits & L2TP_LENGTH_BIT) { + if (bits & L2TP_LENGTH_MASK) { if ((ptr[0] << 8 | ptr[1]) != skb->len) goto drop; ptr += 2; } /* Skip all fields including optional ones. */ - if (!skb_pull(skb, 6 + (bits & L2TP_SEQUENCE_BIT ? 4 : 0) + - (bits & L2TP_LENGTH_BIT ? 2 : 0) + - (bits & L2TP_OFFSET_BIT ? 2 : 0))) + if (!skb_pull(skb, 6 + (bits & L2TP_SEQUENCE_MASK ? 4 : 0) + + (bits & L2TP_LENGTH_MASK ? 2 : 0) + + (bits & L2TP_OFFSET_MASK ? 2 : 0))) goto drop; /* Skip the offset padding if it is present. */ - if (bits & L2TP_OFFSET_BIT && + if (bits & L2TP_OFFSET_MASK && !skb_pull(skb, skb->data[-2] << 8 | skb->data[-1])) goto drop; + /* Now ptr is pointing to the tunnel and skb is pointing to the payload. + * We have to lock sk_udp to prevent sk from being closed. */ + lock_sock(sk_udp); + sk = sk_udp->sk_user_data; + if (!sk) { + release_sock(sk_udp); + goto drop; + } + sock_hold(sk); + release_sock(sk_udp); + opt = &pppox_sk(sk)->proto.lac; + /* Check the tunnel and the session. */ - if (unaligned(ptr)->u32 != opt->local) + if (unaligned(ptr)->u32 != opt->local) { + sock_put(sk); goto drop; + } - /* Check the sequence if it is present. According to RFC 2661 section - * 5.4, the only thing to do is to update opt->sequencing. */ - opt->sequencing = bits & L2TP_SEQUENCE_BIT; + /* Check the sequence if it is present. According to RFC 2661 page 10 + * and 43, the only thing to do is updating opt->sequencing. */ + opt->sequencing = bits & L2TP_SEQUENCE_MASK; /* Skip PPP address and control if they are present. */ if (skb->len >= 2 && skb->data[0] == PPP_ADDR && @@ -112,50 +124,26 @@ static int pppolac_recv_core(struct sock *sk_udp, struct sk_buff *skb) if (skb->len >= 1 && skb->data[0] & 1) skb_push(skb, 1)[0] = 0; - /* Finally, deliver the packet to PPP channel. */ + /* Finally, deliver the packet to PPP channel. We have to lock sk to + * prevent another thread from calling pppox_unbind_sock(). */ skb_orphan(skb); + lock_sock(sk); ppp_input(&pppox_sk(sk)->chan, skb); - return NET_RX_SUCCESS; + release_sock(sk); + sock_put(sk); + return 0; + drop: kfree_skb(skb); - return NET_RX_DROP; -} - -static int pppolac_recv(struct sock *sk_udp, struct sk_buff *skb) -{ - sock_hold(sk_udp); - sk_receive_skb(sk_udp, skb, 0); return 0; } -static struct sk_buff_head delivery_queue; - -static void pppolac_xmit_core(struct work_struct *delivery_work) -{ - mm_segment_t old_fs = get_fs(); - struct sk_buff *skb; - - set_fs(KERNEL_DS); - while ((skb = skb_dequeue(&delivery_queue))) { - struct sock *sk_udp = skb->sk; - struct kvec iov = {.iov_base = skb->data, .iov_len = skb->len}; - struct msghdr msg = { - .msg_iov = (struct iovec *)&iov, - .msg_iovlen = 1, - .msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT, - }; - sk_udp->sk_prot->sendmsg(NULL, sk_udp, &msg, skb->len); - kfree_skb(skb); - } - set_fs(old_fs); -} - -static DECLARE_WORK(delivery_work, pppolac_xmit_core); - static int pppolac_xmit(struct ppp_channel *chan, struct sk_buff *skb) { struct sock *sk_udp = (struct sock *)chan->private; struct pppolac_opt *opt = &pppox_sk(sk_udp->sk_user_data)->proto.lac; + struct msghdr msg = {.msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT}; + struct kvec iov; /* Install PPP address and control. */ skb_push(skb, 2); @@ -165,7 +153,7 @@ static int pppolac_xmit(struct ppp_channel *chan, struct sk_buff *skb) /* Install L2TP header. */ if (opt->sequencing) { skb_push(skb, 10); - skb->data[0] = L2TP_SEQUENCE_BIT; + skb->data[0] = L2TP_SEQUENCE_MASK; skb->data[6] = opt->sequence >> 8; skb->data[7] = opt->sequence; skb->data[8] = 0; @@ -178,10 +166,11 @@ static int pppolac_xmit(struct ppp_channel *chan, struct sk_buff *skb) skb->data[1] = L2TP_VERSION; unaligned(&skb->data[2])->u32 = opt->remote; - /* Now send the packet via the delivery queue. */ - skb_set_owner_w(skb, sk_udp); - skb_queue_tail(&delivery_queue, skb); - schedule_work(&delivery_work); + /* Now send the packet via UDP socket. */ + iov.iov_base = skb->data; + iov.iov_len = skb->len; + kernel_sendmsg(sk_udp->sk_socket, &msg, &iov, 1, skb->len); + kfree_skb(skb); return 1; } @@ -231,14 +220,6 @@ static int pppolac_connect(struct socket *sock, struct sockaddr *useraddr, error = -EBUSY; if (udp_sk(sk_udp)->encap_type || sk_udp->sk_user_data) goto out; - if (!sk_udp->sk_bound_dev_if) { - struct dst_entry *dst = sk_dst_get(sk_udp); - error = -ENODEV; - if (!dst) - goto out; - sk_udp->sk_bound_dev_if = dst->dev->ifindex; - dst_release(dst); - } po->chan.hdrlen = 12; po->chan.private = sk_udp; @@ -246,7 +227,6 @@ static int pppolac_connect(struct socket *sock, struct sockaddr *useraddr, po->chan.mtu = PPP_MTU - 80; po->proto.lac.local = unaligned(&addr->local)->u32; po->proto.lac.remote = unaligned(&addr->remote)->u32; - po->proto.lac.backlog_rcv = sk_udp->sk_backlog_rcv; error = ppp_register_channel(&po->chan); if (error) @@ -255,8 +235,8 @@ static int pppolac_connect(struct socket *sock, struct sockaddr *useraddr, sk->sk_state = PPPOX_CONNECTED; udp_sk(sk_udp)->encap_type = UDP_ENCAP_L2TPINUDP; udp_sk(sk_udp)->encap_rcv = pppolac_recv; - sk_udp->sk_backlog_rcv = pppolac_recv_core; sk_udp->sk_user_data = sk; + out: if (sock_udp) { release_sock(sk_udp); @@ -283,11 +263,12 @@ static int pppolac_release(struct socket *sock) if (sk->sk_state != PPPOX_NONE) { struct sock *sk_udp = (struct sock *)pppox_sk(sk)->chan.private; lock_sock(sk_udp); + pppox_unbind_sock(sk); + sk_udp->sk_user_data = NULL; udp_sk(sk_udp)->encap_type = 0; udp_sk(sk_udp)->encap_rcv = NULL; - sk_udp->sk_backlog_rcv = pppox_sk(sk)->proto.lac.backlog_rcv; - sk_udp->sk_user_data = NULL; + release_sock(sk_udp); sockfd_put(sk_udp->sk_socket); } @@ -361,8 +342,6 @@ static int __init pppolac_init(void) error = register_pppox_proto(PX_PROTO_OLAC, &pppolac_pppox_proto); if (error) proto_unregister(&pppolac_proto); - else - skb_queue_head_init(&delivery_queue); return error; } diff --git a/drivers/net/pppopns.c b/drivers/net/pppopns.c index 298097127c90..8885eba8968e 100644 --- a/drivers/net/pppopns.c +++ b/drivers/net/pppopns.c @@ -3,6 +3,7 @@ * Driver for PPP on PPTP Network Server / PPPoPNS Socket (RFC 2637) * * Copyright (C) 2009 Google, Inc. + * Author: Chia-chi Yeh * * This software is licensed under the terms of the GNU General Public * License version 2, as published by the Free Software Foundation, and @@ -21,24 +22,20 @@ * and IPv6. */ #include -#include #include #include -#include #include #include #include #include #include #include -#include #define GRE_HEADER_SIZE 8 -#define PPTP_GRE_BITS htons(0x2001) -#define PPTP_GRE_BITS_MASK htons(0xEF7F) -#define PPTP_GRE_SEQ_BIT htons(0x1000) -#define PPTP_GRE_ACK_BIT htons(0x0080) +#define PPTP_GRE_MASK htons(0x2001) +#define PPTP_GRE_SEQ_MASK htons(0x1000) +#define PPTP_GRE_ACK_MASK htons(0x0080) #define PPTP_GRE_TYPE htons(0x880B) #define PPP_ADDR 0xFF @@ -52,90 +49,76 @@ struct header { __u32 sequence; } __attribute__((packed)); -static int pppopns_recv_core(struct sock *sk_raw, struct sk_buff *skb) -{ - struct sock *sk = (struct sock *)sk_raw->sk_user_data; - struct pppopns_opt *opt = &pppox_sk(sk)->proto.pns; - struct header *hdr; - - /* Skip transport header */ - skb_pull(skb, skb_transport_header(skb) - skb->data); - - /* Drop the packet if it is too short. */ - if (skb->len < GRE_HEADER_SIZE) - goto drop; - - /* Check the header. */ - hdr = (struct header *)skb->data; - if (hdr->type != PPTP_GRE_TYPE || hdr->call != opt->local || - (hdr->bits & PPTP_GRE_BITS_MASK) != PPTP_GRE_BITS) - goto drop; - - /* Skip all fields including optional ones. */ - if (!skb_pull(skb, GRE_HEADER_SIZE + - (hdr->bits & PPTP_GRE_SEQ_BIT ? 4 : 0) + - (hdr->bits & PPTP_GRE_ACK_BIT ? 4 : 0))) - goto drop; - - /* Check the length. */ - if (skb->len != ntohs(hdr->length)) - goto drop; - - /* Skip PPP address and control if they are present. */ - if (skb->len >= 2 && skb->data[0] == PPP_ADDR && - skb->data[1] == PPP_CTRL) - skb_pull(skb, 2); - - /* Fix PPP protocol if it is compressed. */ - if (skb->len >= 1 && skb->data[0] & 1) - skb_push(skb, 1)[0] = 0; - - /* Finally, deliver the packet to PPP channel. */ - skb_orphan(skb); - ppp_input(&pppox_sk(sk)->chan, skb); - return NET_RX_SUCCESS; -drop: - kfree_skb(skb); - return NET_RX_DROP; -} - static void pppopns_recv(struct sock *sk_raw, int length) { + struct sock *sk; + struct pppopns_opt *opt; struct sk_buff *skb; - while ((skb = skb_dequeue(&sk_raw->sk_receive_queue))) { - sock_hold(sk_raw); - sk_receive_skb(sk_raw, skb, 0); - } -} - -static struct sk_buff_head delivery_queue; + struct header *hdr; -static void pppopns_xmit_core(struct work_struct *delivery_work) -{ - mm_segment_t old_fs = get_fs(); - struct sk_buff *skb; + /* Lock sk_raw to prevent sk from being closed. */ + lock_sock(sk_raw); + sk = (struct sock *)sk_raw->sk_user_data; + if (!sk) { + release_sock(sk_raw); + return; + } + sock_hold(sk); + release_sock(sk_raw); + opt = &pppox_sk(sk)->proto.pns; - set_fs(KERNEL_DS); - while ((skb = skb_dequeue(&delivery_queue))) { - struct sock *sk_raw = skb->sk; - struct kvec iov = {.iov_base = skb->data, .iov_len = skb->len}; - struct msghdr msg = { - .msg_iov = (struct iovec *)&iov, - .msg_iovlen = 1, - .msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT, - }; - sk_raw->sk_prot->sendmsg(NULL, sk_raw, &msg, skb->len); + /* Process packets from the receive queue. */ + while ((skb = skb_dequeue(&sk_raw->sk_receive_queue))) { + skb_pull(skb, skb_transport_header(skb) - skb->data); + + /* Drop the packet if it is too short. */ + if (skb->len < GRE_HEADER_SIZE) + goto drop; + + /* Check the header. */ + hdr = (struct header *)skb->data; + if (hdr->type != PPTP_GRE_TYPE || hdr->call != opt->local || + (hdr->bits & PPTP_GRE_MASK) != PPTP_GRE_MASK) + goto drop; + + /* Skip all fields including optional ones. */ + if (!skb_pull(skb, GRE_HEADER_SIZE + + (hdr->bits & PPTP_GRE_SEQ_MASK ? 4 : 0) + + (hdr->bits & PPTP_GRE_ACK_MASK ? 4 : 0))) + goto drop; + + /* Check the length. */ + if (skb->len != ntohs(hdr->length)) + goto drop; + + /* Skip PPP address and control if they are present. */ + if (skb->len >= 2 && skb->data[0] == PPP_ADDR && + skb->data[1] == PPP_CTRL) + skb_pull(skb, 2); + + /* Fix PPP protocol if it is compressed. */ + if (skb->len >= 1 && skb->data[0] & 1) + skb_push(skb, 1)[0] = 0; + + /* Deliver the packet to PPP channel. We have to lock sk to + * prevent another thread from calling pppox_unbind_sock(). */ + skb_orphan(skb); + lock_sock(sk); + ppp_input(&pppox_sk(sk)->chan, skb); + release_sock(sk); + continue; +drop: kfree_skb(skb); } - set_fs(old_fs); + sock_put(sk); } -static DECLARE_WORK(delivery_work, pppopns_xmit_core); - static int pppopns_xmit(struct ppp_channel *chan, struct sk_buff *skb) { struct sock *sk_raw = (struct sock *)chan->private; struct pppopns_opt *opt = &pppox_sk(sk_raw->sk_user_data)->proto.pns; + struct msghdr msg = {.msg_flags = MSG_NOSIGNAL | MSG_DONTWAIT}; + struct kvec iov; struct header *hdr; __u16 length; @@ -147,17 +130,18 @@ static int pppopns_xmit(struct ppp_channel *chan, struct sk_buff *skb) /* Install PPTP GRE header. */ hdr = (struct header *)skb_push(skb, 12); - hdr->bits = PPTP_GRE_BITS | PPTP_GRE_SEQ_BIT; + hdr->bits = PPTP_GRE_MASK | PPTP_GRE_SEQ_MASK; hdr->type = PPTP_GRE_TYPE; hdr->length = htons(length); hdr->call = opt->remote; hdr->sequence = htonl(opt->sequence); opt->sequence++; - /* Now send the packet via the delivery queue. */ - skb_set_owner_w(skb, sk_raw); - skb_queue_tail(&delivery_queue, skb); - schedule_work(&delivery_work); + /* Now send the packet via RAW socket. */ + iov.iov_base = skb->data; + iov.iov_len = skb->len; + kernel_sendmsg(sk_raw->sk_socket, &msg, &iov, 1, skb->len); + kfree_skb(skb); return 1; } @@ -176,7 +160,6 @@ static int pppopns_connect(struct socket *sock, struct sockaddr *useraddr, struct sockaddr_storage ss; struct socket *sock_tcp = NULL; struct socket *sock_raw = NULL; - struct sock *sk_tcp; struct sock *sk_raw; int error; @@ -191,31 +174,21 @@ static int pppopns_connect(struct socket *sock, struct sockaddr *useraddr, sock_tcp = sockfd_lookup(addr->tcp_socket, &error); if (!sock_tcp) goto out; - sk_tcp = sock_tcp->sk; error = -EPROTONOSUPPORT; - if (sk_tcp->sk_protocol != IPPROTO_TCP) + if (sock_tcp->sk->sk_protocol != IPPROTO_TCP) goto out; addrlen = sizeof(struct sockaddr_storage); error = kernel_getpeername(sock_tcp, (struct sockaddr *)&ss, &addrlen); if (error) goto out; - if (!sk_tcp->sk_bound_dev_if) { - struct dst_entry *dst = sk_dst_get(sk_tcp); - error = -ENODEV; - if (!dst) - goto out; - sk_tcp->sk_bound_dev_if = dst->dev->ifindex; - dst_release(dst); - } error = sock_create(ss.ss_family, SOCK_RAW, IPPROTO_GRE, &sock_raw); if (error) goto out; - sk_raw = sock_raw->sk; - sk_raw->sk_bound_dev_if = sk_tcp->sk_bound_dev_if; error = kernel_connect(sock_raw, (struct sockaddr *)&ss, addrlen, 0); if (error) goto out; + sk_raw = sock_raw->sk; po->chan.hdrlen = 14; po->chan.private = sk_raw; @@ -223,19 +196,15 @@ static int pppopns_connect(struct socket *sock, struct sockaddr *useraddr, po->chan.mtu = PPP_MTU - 80; po->proto.pns.local = addr->local; po->proto.pns.remote = addr->remote; - po->proto.pns.data_ready = sk_raw->sk_data_ready; - po->proto.pns.backlog_rcv = sk_raw->sk_backlog_rcv; error = ppp_register_channel(&po->chan); if (error) goto out; sk->sk_state = PPPOX_CONNECTED; - lock_sock(sk_raw); - sk_raw->sk_data_ready = pppopns_recv; - sk_raw->sk_backlog_rcv = pppopns_recv_core; sk_raw->sk_user_data = sk; - release_sock(sk_raw); + sk_raw->sk_data_ready = pppopns_recv; + out: if (sock_tcp) sockfd_put(sock_tcp); @@ -262,8 +231,6 @@ static int pppopns_release(struct socket *sock) struct sock *sk_raw = (struct sock *)pppox_sk(sk)->chan.private; lock_sock(sk_raw); pppox_unbind_sock(sk); - sk_raw->sk_data_ready = pppox_sk(sk)->proto.pns.data_ready; - sk_raw->sk_backlog_rcv = pppox_sk(sk)->proto.pns.backlog_rcv; sk_raw->sk_user_data = NULL; release_sock(sk_raw); sock_release(sk_raw->sk_socket); @@ -338,8 +305,6 @@ static int __init pppopns_init(void) error = register_pppox_proto(PX_PROTO_OPNS, &pppopns_pppox_proto); if (error) proto_unregister(&pppopns_proto); - else - skb_queue_head_init(&delivery_queue); return error; } diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h index 9f581dab63b2..c5539f620be7 100644 --- a/include/linux/if_pppox.h +++ b/include/linux/if_pppox.h @@ -150,15 +150,12 @@ struct pppolac_opt { __u32 remote; __u16 sequence; __u8 sequencing; - int (*backlog_rcv)(struct sock *sk_udp, struct sk_buff *skb); }; struct pppopns_opt { __u16 local; __u16 remote; __u32 sequence; - void (*data_ready)(struct sock *sk_raw, int length); - int (*backlog_rcv)(struct sock *sk_raw, struct sk_buff *skb); }; #include -- 2.34.1