net/can/j1939/address-claim.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 // Copyright (c) 2010-2011 EIA Electronics,
   3 //                         Kurt Van Dijck <kurt.van.dijck@eia.be>
   4 // Copyright (c) 2010-2011 EIA Electronics,
   5 //                         Pieter Beyens <pieter.beyens@eia.be>
   6 // Copyright (c) 2017-2019 Pengutronix,
   7 //                         Marc Kleine-Budde <kernel@pengutronix.de>
   8 // Copyright (c) 2017-2019 Pengutronix,
   9 //                         Oleksij Rempel <kernel@pengutronix.de>
  10
  11 /* J1939 Address Claiming.
  12  * Address Claiming in the kernel
  13  * - keeps track of the AC states of ECU's,
  14  * - resolves NAME<=>SA taking into account the AC states of ECU's.
  15  *
  16  * All Address Claim msgs (including host-originated msg) are processed
  17  * at the receive path (a sent msg is always received again via CAN echo).
  18  * As such, the processing of AC msgs is done in the order on which msgs
  19  * are sent on the bus.
  20  *
  21  * This module doesn't send msgs itself (e.g. replies on Address Claims),
  22  * this is the responsibility of a user space application or daemon.
  23  */
  24
  25 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  26
  27 #include <linux/netdevice.h>
  28 #include <linux/skbuff.h>
  29
  30 #include "j1939-priv.h"
  31
  32 static inline name_t j1939_skb_to_name(const struct sk_buff *skb)
  33 {
  34         return le64_to_cpup((__le64 *)skb->data);
  35 }
  36
  37 static inline bool j1939_ac_msg_is_request(struct sk_buff *skb)
  38 {
  39         struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
  40         int req_pgn;
  41
  42         if (skb->len < 3 || skcb->addr.pgn != J1939_PGN_REQUEST)
  43                 return false;
  44
  45         req_pgn = skb->data[0] | (skb->data[1] << 8) | (skb->data[2] << 16);
  46
  47         return req_pgn == J1939_PGN_ADDRESS_CLAIMED;
  48 }
  49
  50 static int j1939_ac_verify_outgoing(struct j1939_priv *priv,
  51                                     struct sk_buff *skb)
  52 {
  53         struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
  54
  55         if (skb->len != 8) {
  56                 netdev_notice(priv->ndev, "tx address claim with dlc %i\n",
  57                               skb->len);
  58                 return -EPROTO;
  59         }
  60
  61         if (skcb->addr.src_name != j1939_skb_to_name(skb)) {
  62                 netdev_notice(priv->ndev, "tx address claim with different name\n");
  63                 return -EPROTO;
  64         }
  65
  66         if (skcb->addr.sa == J1939_NO_ADDR) {
  67                 netdev_notice(priv->ndev, "tx address claim with broadcast sa\n");
  68                 return -EPROTO;
  69         }
  70
  71         /* ac must always be a broadcast */
  72         if (skcb->addr.dst_name || skcb->addr.da != J1939_NO_ADDR) {
  73                 netdev_notice(priv->ndev, "tx address claim with dest, not broadcast\n");
  74                 return -EPROTO;
  75         }
  76         return 0;
  77 }
  78
  79 int j1939_ac_fixup(struct j1939_priv *priv, struct sk_buff *skb)
  80 {
  81         struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
  82         int ret;
  83         u8 addr;
  84
  85         /* network mgmt: address claiming msgs */
  86         if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) {
  87                 struct j1939_ecu *ecu;
  88
  89                 ret = j1939_ac_verify_outgoing(priv, skb);
  90                 /* return both when failure & when successful */
  91                 if (ret < 0)
  92                         return ret;
  93                 ecu = j1939_ecu_get_by_name(priv, skcb->addr.src_name);
  94                 if (!ecu)
  95                         return -ENODEV;
  96
  97                 if (ecu->addr != skcb->addr.sa)
  98                         /* hold further traffic for ecu, remove from parent */
  99                         j1939_ecu_unmap(ecu);
 100                 j1939_ecu_put(ecu);
 101         } else if (skcb->addr.src_name) {
 102                 /* assign source address */
 103                 addr = j1939_name_to_addr(priv, skcb->addr.src_name);
 104                 if (!j1939_address_is_unicast(addr) &&
 105                     !j1939_ac_msg_is_request(skb)) {
 106                         netdev_notice(priv->ndev, "tx drop: invalid sa for name 0x%016llx\n",
 107                                       skcb->addr.src_name);
 108                         return -EADDRNOTAVAIL;
 109                 }
 110                 skcb->addr.sa = addr;
 111         }
 112
 113         /* assign destination address */
 114         if (skcb->addr.dst_name) {
 115                 addr = j1939_name_to_addr(priv, skcb->addr.dst_name);
 116                 if (!j1939_address_is_unicast(addr)) {
 117                         netdev_notice(priv->ndev, "tx drop: invalid da for name 0x%016llx\n",
 118                                       skcb->addr.dst_name);
 119                         return -EADDRNOTAVAIL;
 120                 }
 121                 skcb->addr.da = addr;
 122         }
 123         return 0;
 124 }
 125
 126 static void j1939_ac_process(struct j1939_priv *priv, struct sk_buff *skb)
 127 {
 128         struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
 129         struct j1939_ecu *ecu, *prev;
 130         name_t name;
 131
 132         if (skb->len != 8) {
 133                 netdev_notice(priv->ndev, "rx address claim with wrong dlc %i\n",
 134                               skb->len);
 135                 return;
 136         }
 137
 138         name = j1939_skb_to_name(skb);
 139         skcb->addr.src_name = name;
 140         if (!name) {
 141                 netdev_notice(priv->ndev, "rx address claim without name\n");
 142                 return;
 143         }
 144
 145         if (!j1939_address_is_valid(skcb->addr.sa)) {
 146                 netdev_notice(priv->ndev, "rx address claim with broadcast sa\n");
 147                 return;
 148         }
 149
 150         write_lock_bh(&priv->lock);
 151
 152         /* Few words on the ECU ref counting:
 153          *
 154          * First we get an ECU handle, either with
 155          * j1939_ecu_get_by_name_locked() (increments the ref counter)
 156          * or j1939_ecu_create_locked() (initializes an ECU object
 157          * with a ref counter of 1).
 158          *
 159          * j1939_ecu_unmap_locked() will decrement the ref counter,
 160          * but only if the ECU was mapped before. So "ecu" still
 161          * belongs to us.
 162          *
 163          * j1939_ecu_timer_start() will increment the ref counter
 164          * before it starts the timer, so we can put the ecu when
 165          * leaving this function.
 166          */
 167         ecu = j1939_ecu_get_by_name_locked(priv, name);
 168
 169         if (ecu && ecu->addr == skcb->addr.sa) {
 170                 /* The ISO 11783-5 standard, in "4.5.2 - Address claim
 171                  * requirements", states:
 172                  *   d) No CF shall begin, or resume, transmission on the
 173                  *      network until 250 ms after it has successfully claimed
 174                  *      an address except when responding to a request for
 175                  *      address-claimed.
 176                  *
 177                  * But "Figure 6" and "Figure 7" in "4.5.4.2 - Address-claim
 178                  * prioritization" show that the CF begins the transmission
 179                  * after 250 ms from the first AC (address-claimed) message
 180                  * even if it sends another AC message during that time window
 181                  * to resolve the address contention with another CF.
 182                  *
 183                  * As stated in "4.4.2.3 - Address-claimed message":
 184                  *   In order to successfully claim an address, the CF sending
 185                  *   an address claimed message shall not receive a contending
 186                  *   claim from another CF for at least 250 ms.
 187                  *
 188                  * As stated in "4.4.3.2 - NAME management (NM) message":
 189                  *   1) A commanding CF can
 190                  *      d) request that a CF with a specified NAME transmit
 191                  *         the address-claimed message with its current NAME.
 192                  *   2) A target CF shall
 193                  *      d) send an address-claimed message in response to a
 194                  *         request for a matching NAME
 195                  *
 196                  * Taking the above arguments into account, the 250 ms wait is
 197                  * requested only during network initialization.
 198                  *
 199                  * Do not restart the timer on AC message if both the NAME and
 200                  * the address match and so if the address has already been
 201                  * claimed (timer has expired) or the AC message has been sent
 202                  * to resolve the contention with another CF (timer is still
 203                  * running).
 204                  */
 205                 goto out_ecu_put;
 206         }
 207
 208         if (!ecu && j1939_address_is_unicast(skcb->addr.sa))
 209                 ecu = j1939_ecu_create_locked(priv, name);
 210
 211         if (IS_ERR_OR_NULL(ecu))
 212                 goto out_unlock_bh;
 213
 214         /* cancel pending (previous) address claim */
 215         j1939_ecu_timer_cancel(ecu);
 216
 217         if (j1939_address_is_idle(skcb->addr.sa)) {
 218                 j1939_ecu_unmap_locked(ecu);
 219                 goto out_ecu_put;
 220         }
 221
 222         /* save new addr */
 223         if (ecu->addr != skcb->addr.sa)
 224                 j1939_ecu_unmap_locked(ecu);
 225         ecu->addr = skcb->addr.sa;
 226
 227         prev = j1939_ecu_get_by_addr_locked(priv, skcb->addr.sa);
 228         if (prev) {
 229                 if (ecu->name > prev->name) {
 230                         j1939_ecu_unmap_locked(ecu);
 231                         j1939_ecu_put(prev);
 232                         goto out_ecu_put;
 233                 } else {
 234                         /* kick prev if less or equal */
 235                         j1939_ecu_unmap_locked(prev);
 236                         j1939_ecu_put(prev);
 237                 }
 238         }
 239
 240         j1939_ecu_timer_start(ecu);
 241  out_ecu_put:
 242         j1939_ecu_put(ecu);
 243  out_unlock_bh:
 244         write_unlock_bh(&priv->lock);
 245 }
 246
 247 void j1939_ac_recv(struct j1939_priv *priv, struct sk_buff *skb)
 248 {
 249         struct j1939_sk_buff_cb *skcb = j1939_skb_to_cb(skb);
 250         struct j1939_ecu *ecu;
 251
 252         /* network mgmt */
 253         if (skcb->addr.pgn == J1939_PGN_ADDRESS_CLAIMED) {
 254                 j1939_ac_process(priv, skb);
 255         } else if (j1939_address_is_unicast(skcb->addr.sa)) {
 256                 /* assign source name */
 257                 ecu = j1939_ecu_get_by_addr(priv, skcb->addr.sa);
 258                 if (ecu) {
 259                         skcb->addr.src_name = ecu->name;
 260                         j1939_ecu_put(ecu);
 261                 }
 262         }
 263
 264         /* assign destination name */
 265         ecu = j1939_ecu_get_by_addr(priv, skcb->addr.da);
 266         if (ecu) {
 267                 skcb->addr.dst_name = ecu->name;
 268                 j1939_ecu_put(ecu);
 269         }
 270 }