b8c31fc928e1f417a1529c8e4dc30d80b4440dee
[linux-3.10.git] / net / phonet / pep.c
1 /*
2  * File: pep.c
3  *
4  * Phonet pipe protocol end point socket
5  *
6  * Copyright (C) 2008 Nokia Corporation.
7  *
8  * Author: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com>
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License
12  * version 2 as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
22  * 02110-1301 USA
23  */
24
25 #include <linux/kernel.h>
26 #include <linux/slab.h>
27 #include <linux/socket.h>
28 #include <net/sock.h>
29 #include <net/tcp_states.h>
30 #include <asm/ioctls.h>
31
32 #include <linux/phonet.h>
33 #include <net/phonet/phonet.h>
34 #include <net/phonet/pep.h>
35 #include <net/phonet/gprs.h>
36
37 /* sk_state values:
38  * TCP_CLOSE            sock not in use yet
39  * TCP_CLOSE_WAIT       disconnected pipe
40  * TCP_LISTEN           listening pipe endpoint
41  * TCP_SYN_RECV         connected pipe in disabled state
42  * TCP_ESTABLISHED      connected pipe in enabled state
43  *
44  * pep_sock locking:
45  *  - sk_state, ackq, hlist: sock lock needed
46  *  - listener: read only
47  *  - pipe_handle: read only
48  */
49
50 #define CREDITS_MAX     10
51 #define CREDITS_THR     7
52
53 #define pep_sb_size(s) (((s) + 5) & ~3) /* 2-bytes head, 32-bits aligned */
54
55 /* Get the next TLV sub-block. */
56 static unsigned char *pep_get_sb(struct sk_buff *skb, u8 *ptype, u8 *plen,
57                                         void *buf)
58 {
59         void *data = NULL;
60         struct {
61                 u8 sb_type;
62                 u8 sb_len;
63         } *ph, h;
64         int buflen = *plen;
65
66         ph = skb_header_pointer(skb, 0, 2, &h);
67         if (ph == NULL || ph->sb_len < 2 || !pskb_may_pull(skb, ph->sb_len))
68                 return NULL;
69         ph->sb_len -= 2;
70         *ptype = ph->sb_type;
71         *plen = ph->sb_len;
72
73         if (buflen > ph->sb_len)
74                 buflen = ph->sb_len;
75         data = skb_header_pointer(skb, 2, buflen, buf);
76         __skb_pull(skb, 2 + ph->sb_len);
77         return data;
78 }
79
80 static int pep_reply(struct sock *sk, struct sk_buff *oskb,
81                         u8 code, const void *data, int len, gfp_t priority)
82 {
83         const struct pnpipehdr *oph = pnp_hdr(oskb);
84         struct pnpipehdr *ph;
85         struct sk_buff *skb;
86         struct sockaddr_pn peer;
87
88         skb = alloc_skb(MAX_PNPIPE_HEADER + len, priority);
89         if (!skb)
90                 return -ENOMEM;
91         skb_set_owner_w(skb, sk);
92
93         skb_reserve(skb, MAX_PNPIPE_HEADER);
94         __skb_put(skb, len);
95         skb_copy_to_linear_data(skb, data, len);
96         __skb_push(skb, sizeof(*ph));
97         skb_reset_transport_header(skb);
98         ph = pnp_hdr(skb);
99         ph->utid = oph->utid;
100         ph->message_id = oph->message_id + 1; /* REQ -> RESP */
101         ph->pipe_handle = oph->pipe_handle;
102         ph->error_code = code;
103
104         pn_skb_get_src_sockaddr(oskb, &peer);
105         return pn_skb_send(sk, skb, &peer);
106 }
107
108 #define PAD 0x00
109
110 #ifdef CONFIG_PHONET_PIPECTRLR
111 static int pipe_handler_send_req(struct sock *sk, u8 msg_id, gfp_t priority)
112 {
113         int len;
114         struct pnpipehdr *ph;
115         struct sk_buff *skb;
116         struct pep_sock *pn = pep_sk(sk);
117
118         static const u8 data[4] = {
119                 PAD, PAD, PAD, PAD,
120         };
121
122         switch (msg_id) {
123         case PNS_PEP_CONNECT_REQ:
124                 len = sizeof(data);
125                 break;
126
127         case PNS_PEP_DISCONNECT_REQ:
128         case PNS_PEP_ENABLE_REQ:
129         case PNS_PEP_DISABLE_REQ:
130                 len = 0;
131                 break;
132
133         default:
134                 return -EINVAL;
135         }
136
137         skb = alloc_skb(MAX_PNPIPE_HEADER + len, priority);
138         if (!skb)
139                 return -ENOMEM;
140         skb_set_owner_w(skb, sk);
141
142         skb_reserve(skb, MAX_PNPIPE_HEADER);
143         if (len) {
144                 __skb_put(skb, len);
145                 skb_copy_to_linear_data(skb, data, len);
146         }
147         __skb_push(skb, sizeof(*ph));
148         skb_reset_transport_header(skb);
149         ph = pnp_hdr(skb);
150         ph->utid = msg_id; /* whatever */
151         ph->message_id = msg_id;
152         ph->pipe_handle = pn->pipe_handle;
153         ph->error_code = PN_PIPE_NO_ERROR;
154
155         return pn_skb_send(sk, skb, NULL);
156 }
157
158 static int pipe_handler_send_created_ind(struct sock *sk, u8 msg_id)
159 {
160         int err_code;
161         struct pnpipehdr *ph;
162         struct sk_buff *skb;
163
164         struct pep_sock *pn = pep_sk(sk);
165         static u8 data[4] = {
166                 0x03, 0x04,
167         };
168         data[2] = pn->tx_fc;
169         data[3] = pn->rx_fc;
170
171         /*
172          * actually, below is number of sub-blocks and not error code.
173          * Pipe_created_ind message format does not have any
174          * error code field. However, the Phonet stack will always send
175          * an error code as part of pnpipehdr. So, use that err_code to
176          * specify the number of sub-blocks.
177          */
178         err_code = 0x01;
179
180         skb = alloc_skb(MAX_PNPIPE_HEADER + sizeof(data), GFP_ATOMIC);
181         if (!skb)
182                 return -ENOMEM;
183         skb_set_owner_w(skb, sk);
184
185         skb_reserve(skb, MAX_PNPIPE_HEADER);
186         __skb_put(skb, sizeof(data));
187         skb_copy_to_linear_data(skb, data, sizeof(data));
188         __skb_push(skb, sizeof(*ph));
189         skb_reset_transport_header(skb);
190         ph = pnp_hdr(skb);
191         ph->utid = 0;
192         ph->message_id = msg_id;
193         ph->pipe_handle = pn->pipe_handle;
194         ph->error_code = err_code;
195
196         return pn_skb_send(sk, skb, NULL);
197 }
198
199 static int pipe_handler_send_ind(struct sock *sk, u8 msg_id)
200 {
201         int err_code;
202         struct pnpipehdr *ph;
203         struct sk_buff *skb;
204         struct pep_sock *pn = pep_sk(sk);
205
206         /*
207          * actually, below is a filler.
208          * Pipe_enabled/disabled_ind message format does not have any
209          * error code field. However, the Phonet stack will always send
210          * an error code as part of pnpipehdr. So, use that err_code to
211          * specify the filler value.
212          */
213         err_code = 0x0;
214
215         skb = alloc_skb(MAX_PNPIPE_HEADER, GFP_ATOMIC);
216         if (!skb)
217                 return -ENOMEM;
218         skb_set_owner_w(skb, sk);
219
220         skb_reserve(skb, MAX_PNPIPE_HEADER);
221         __skb_push(skb, sizeof(*ph));
222         skb_reset_transport_header(skb);
223         ph = pnp_hdr(skb);
224         ph->utid = 0;
225         ph->message_id = msg_id;
226         ph->pipe_handle = pn->pipe_handle;
227         ph->error_code = err_code;
228
229         return pn_skb_send(sk, skb, NULL);
230 }
231
232 static int pipe_handler_enable_pipe(struct sock *sk, int enable)
233 {
234         u8 id = enable ? PNS_PEP_ENABLE_REQ : PNS_PEP_DISABLE_REQ;
235
236         return pipe_handler_send_req(sk, id, GFP_KERNEL);
237 }
238 #endif
239
240 static int pep_accept_conn(struct sock *sk, struct sk_buff *skb)
241 {
242         static const u8 data[20] = {
243                 PAD, PAD, PAD, 2 /* sub-blocks */,
244                 PN_PIPE_SB_REQUIRED_FC_TX, pep_sb_size(5), 3, PAD,
245                         PN_MULTI_CREDIT_FLOW_CONTROL,
246                         PN_ONE_CREDIT_FLOW_CONTROL,
247                         PN_LEGACY_FLOW_CONTROL,
248                         PAD,
249                 PN_PIPE_SB_PREFERRED_FC_RX, pep_sb_size(5), 3, PAD,
250                         PN_MULTI_CREDIT_FLOW_CONTROL,
251                         PN_ONE_CREDIT_FLOW_CONTROL,
252                         PN_LEGACY_FLOW_CONTROL,
253                         PAD,
254         };
255
256         might_sleep();
257         return pep_reply(sk, skb, PN_PIPE_NO_ERROR, data, sizeof(data),
258                                 GFP_KERNEL);
259 }
260
261 static int pep_reject_conn(struct sock *sk, struct sk_buff *skb, u8 code)
262 {
263         static const u8 data[4] = { PAD, PAD, PAD, 0 /* sub-blocks */ };
264         WARN_ON(code == PN_PIPE_NO_ERROR);
265         return pep_reply(sk, skb, code, data, sizeof(data), GFP_ATOMIC);
266 }
267
268 /* Control requests are not sent by the pipe service and have a specific
269  * message format. */
270 static int pep_ctrlreq_error(struct sock *sk, struct sk_buff *oskb, u8 code,
271                                 gfp_t priority)
272 {
273         const struct pnpipehdr *oph = pnp_hdr(oskb);
274         struct sk_buff *skb;
275         struct pnpipehdr *ph;
276         struct sockaddr_pn dst;
277
278         skb = alloc_skb(MAX_PNPIPE_HEADER + 4, priority);
279         if (!skb)
280                 return -ENOMEM;
281         skb_set_owner_w(skb, sk);
282
283         skb_reserve(skb, MAX_PHONET_HEADER);
284         ph = (struct pnpipehdr *)skb_put(skb, sizeof(*ph) + 4);
285
286         ph->utid = oph->utid;
287         ph->message_id = PNS_PEP_CTRL_RESP;
288         ph->pipe_handle = oph->pipe_handle;
289         ph->data[0] = oph->data[1]; /* CTRL id */
290         ph->data[1] = oph->data[0]; /* PEP type */
291         ph->data[2] = code; /* error code, at an usual offset */
292         ph->data[3] = PAD;
293         ph->data[4] = PAD;
294
295         pn_skb_get_src_sockaddr(oskb, &dst);
296         return pn_skb_send(sk, skb, &dst);
297 }
298
299 static int pipe_snd_status(struct sock *sk, u8 type, u8 status, gfp_t priority)
300 {
301         struct pep_sock *pn = pep_sk(sk);
302         struct pnpipehdr *ph;
303         struct sk_buff *skb;
304
305         skb = alloc_skb(MAX_PNPIPE_HEADER + 4, priority);
306         if (!skb)
307                 return -ENOMEM;
308         skb_set_owner_w(skb, sk);
309
310         skb_reserve(skb, MAX_PNPIPE_HEADER + 4);
311         __skb_push(skb, sizeof(*ph) + 4);
312         skb_reset_transport_header(skb);
313         ph = pnp_hdr(skb);
314         ph->utid = 0;
315         ph->message_id = PNS_PEP_STATUS_IND;
316         ph->pipe_handle = pn->pipe_handle;
317         ph->pep_type = PN_PEP_TYPE_COMMON;
318         ph->data[1] = type;
319         ph->data[2] = PAD;
320         ph->data[3] = PAD;
321         ph->data[4] = status;
322
323         return pn_skb_send(sk, skb, NULL);
324 }
325
326 /* Send our RX flow control information to the sender.
327  * Socket must be locked. */
328 static void pipe_grant_credits(struct sock *sk)
329 {
330         struct pep_sock *pn = pep_sk(sk);
331
332         BUG_ON(sk->sk_state != TCP_ESTABLISHED);
333
334         switch (pn->rx_fc) {
335         case PN_LEGACY_FLOW_CONTROL: /* TODO */
336                 break;
337         case PN_ONE_CREDIT_FLOW_CONTROL:
338                 pipe_snd_status(sk, PN_PEP_IND_FLOW_CONTROL,
339                                 PEP_IND_READY, GFP_ATOMIC);
340                 pn->rx_credits = 1;
341                 break;
342         case PN_MULTI_CREDIT_FLOW_CONTROL:
343                 if ((pn->rx_credits + CREDITS_THR) > CREDITS_MAX)
344                         break;
345                 if (pipe_snd_status(sk, PN_PEP_IND_ID_MCFC_GRANT_CREDITS,
346                                         CREDITS_MAX - pn->rx_credits,
347                                         GFP_ATOMIC) == 0)
348                         pn->rx_credits = CREDITS_MAX;
349                 break;
350         }
351 }
352
353 static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb)
354 {
355         struct pep_sock *pn = pep_sk(sk);
356         struct pnpipehdr *hdr;
357         int wake = 0;
358
359         if (!pskb_may_pull(skb, sizeof(*hdr) + 4))
360                 return -EINVAL;
361
362         hdr = pnp_hdr(skb);
363         if (hdr->data[0] != PN_PEP_TYPE_COMMON) {
364                 LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP type: %u\n",
365                                 (unsigned)hdr->data[0]);
366                 return -EOPNOTSUPP;
367         }
368
369         switch (hdr->data[1]) {
370         case PN_PEP_IND_FLOW_CONTROL:
371                 switch (pn->tx_fc) {
372                 case PN_LEGACY_FLOW_CONTROL:
373                         switch (hdr->data[4]) {
374                         case PEP_IND_BUSY:
375                                 atomic_set(&pn->tx_credits, 0);
376                                 break;
377                         case PEP_IND_READY:
378                                 atomic_set(&pn->tx_credits, wake = 1);
379                                 break;
380                         }
381                         break;
382                 case PN_ONE_CREDIT_FLOW_CONTROL:
383                         if (hdr->data[4] == PEP_IND_READY)
384                                 atomic_set(&pn->tx_credits, wake = 1);
385                         break;
386                 }
387                 break;
388
389         case PN_PEP_IND_ID_MCFC_GRANT_CREDITS:
390                 if (pn->tx_fc != PN_MULTI_CREDIT_FLOW_CONTROL)
391                         break;
392                 atomic_add(wake = hdr->data[4], &pn->tx_credits);
393                 break;
394
395         default:
396                 LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP indication: %u\n",
397                                 (unsigned)hdr->data[1]);
398                 return -EOPNOTSUPP;
399         }
400         if (wake)
401                 sk->sk_write_space(sk);
402         return 0;
403 }
404
405 static int pipe_rcv_created(struct sock *sk, struct sk_buff *skb)
406 {
407         struct pep_sock *pn = pep_sk(sk);
408         struct pnpipehdr *hdr = pnp_hdr(skb);
409         u8 n_sb = hdr->data[0];
410
411         pn->rx_fc = pn->tx_fc = PN_LEGACY_FLOW_CONTROL;
412         __skb_pull(skb, sizeof(*hdr));
413         while (n_sb > 0) {
414                 u8 type, buf[2], len = sizeof(buf);
415                 u8 *data = pep_get_sb(skb, &type, &len, buf);
416
417                 if (data == NULL)
418                         return -EINVAL;
419                 switch (type) {
420                 case PN_PIPE_SB_NEGOTIATED_FC:
421                         if (len < 2 || (data[0] | data[1]) > 3)
422                                 break;
423                         pn->tx_fc = data[0] & 3;
424                         pn->rx_fc = data[1] & 3;
425                         break;
426                 }
427                 n_sb--;
428         }
429         return 0;
430 }
431
432 /* Queue an skb to a connected sock.
433  * Socket lock must be held. */
434 static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
435 {
436         struct pep_sock *pn = pep_sk(sk);
437         struct pnpipehdr *hdr = pnp_hdr(skb);
438         struct sk_buff_head *queue;
439         int err = 0;
440
441         BUG_ON(sk->sk_state == TCP_CLOSE_WAIT);
442
443         switch (hdr->message_id) {
444         case PNS_PEP_CONNECT_REQ:
445                 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE);
446                 break;
447
448         case PNS_PEP_DISCONNECT_REQ:
449                 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
450                 sk->sk_state = TCP_CLOSE_WAIT;
451                 if (!sock_flag(sk, SOCK_DEAD))
452                         sk->sk_state_change(sk);
453                 break;
454
455 #ifdef CONFIG_PHONET_PIPECTRLR
456         case PNS_PEP_DISCONNECT_RESP:
457                 sk->sk_state = TCP_CLOSE;
458                 break;
459 #endif
460
461         case PNS_PEP_ENABLE_REQ:
462                 /* Wait for PNS_PIPE_(ENABLED|REDIRECTED)_IND */
463                 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
464                 break;
465
466 #ifdef CONFIG_PHONET_PIPECTRLR
467         case PNS_PEP_ENABLE_RESP:
468                 pipe_handler_send_ind(sk, PNS_PIPE_ENABLED_IND);
469
470                 if (!pn_flow_safe(pn->tx_fc)) {
471                         atomic_set(&pn->tx_credits, 1);
472                         sk->sk_write_space(sk);
473                 }
474                 if (sk->sk_state == TCP_ESTABLISHED)
475                         break; /* Nothing to do */
476                 sk->sk_state = TCP_ESTABLISHED;
477                 pipe_grant_credits(sk);
478                 break;
479 #endif
480
481         case PNS_PEP_RESET_REQ:
482                 switch (hdr->state_after_reset) {
483                 case PN_PIPE_DISABLE:
484                         pn->init_enable = 0;
485                         break;
486                 case PN_PIPE_ENABLE:
487                         pn->init_enable = 1;
488                         break;
489                 default: /* not allowed to send an error here!? */
490                         err = -EINVAL;
491                         goto out;
492                 }
493                 /* fall through */
494         case PNS_PEP_DISABLE_REQ:
495                 atomic_set(&pn->tx_credits, 0);
496                 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
497                 break;
498
499 #ifdef CONFIG_PHONET_PIPECTRLR
500         case PNS_PEP_DISABLE_RESP:
501                 atomic_set(&pn->tx_credits, 0);
502                 pipe_handler_send_ind(sk, PNS_PIPE_DISABLED_IND);
503                 sk->sk_state = TCP_SYN_RECV;
504                 pn->rx_credits = 0;
505                 break;
506 #endif
507
508         case PNS_PEP_CTRL_REQ:
509                 if (skb_queue_len(&pn->ctrlreq_queue) >= PNPIPE_CTRLREQ_MAX) {
510                         atomic_inc(&sk->sk_drops);
511                         break;
512                 }
513                 __skb_pull(skb, 4);
514                 queue = &pn->ctrlreq_queue;
515                 goto queue;
516
517         case PNS_PIPE_ALIGNED_DATA:
518                 __skb_pull(skb, 1);
519                 /* fall through */
520         case PNS_PIPE_DATA:
521                 __skb_pull(skb, 3); /* Pipe data header */
522                 if (!pn_flow_safe(pn->rx_fc)) {
523                         err = sock_queue_rcv_skb(sk, skb);
524                         if (!err)
525                                 return 0;
526                         break;
527                 }
528
529                 if (pn->rx_credits == 0) {
530                         atomic_inc(&sk->sk_drops);
531                         err = -ENOBUFS;
532                         break;
533                 }
534                 pn->rx_credits--;
535                 queue = &sk->sk_receive_queue;
536                 goto queue;
537
538         case PNS_PEP_STATUS_IND:
539                 pipe_rcv_status(sk, skb);
540                 break;
541
542         case PNS_PIPE_REDIRECTED_IND:
543                 err = pipe_rcv_created(sk, skb);
544                 break;
545
546         case PNS_PIPE_CREATED_IND:
547                 err = pipe_rcv_created(sk, skb);
548                 if (err)
549                         break;
550                 /* fall through */
551         case PNS_PIPE_RESET_IND:
552                 if (!pn->init_enable)
553                         break;
554                 /* fall through */
555         case PNS_PIPE_ENABLED_IND:
556                 if (!pn_flow_safe(pn->tx_fc)) {
557                         atomic_set(&pn->tx_credits, 1);
558                         sk->sk_write_space(sk);
559                 }
560                 if (sk->sk_state == TCP_ESTABLISHED)
561                         break; /* Nothing to do */
562                 sk->sk_state = TCP_ESTABLISHED;
563                 pipe_grant_credits(sk);
564                 break;
565
566         case PNS_PIPE_DISABLED_IND:
567                 sk->sk_state = TCP_SYN_RECV;
568                 pn->rx_credits = 0;
569                 break;
570
571         default:
572                 LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP message: %u\n",
573                                 hdr->message_id);
574                 err = -EINVAL;
575         }
576 out:
577         kfree_skb(skb);
578         return err;
579
580 queue:
581         skb->dev = NULL;
582         skb_set_owner_r(skb, sk);
583         err = skb->len;
584         skb_queue_tail(queue, skb);
585         if (!sock_flag(sk, SOCK_DEAD))
586                 sk->sk_data_ready(sk, err);
587         return 0;
588 }
589
590 /* Destroy connected sock. */
591 static void pipe_destruct(struct sock *sk)
592 {
593         struct pep_sock *pn = pep_sk(sk);
594
595         skb_queue_purge(&sk->sk_receive_queue);
596         skb_queue_purge(&pn->ctrlreq_queue);
597 }
598
599 #ifdef CONFIG_PHONET_PIPECTRLR
600 static u8 pipe_negotiate_fc(const u8 *fcs, unsigned n)
601 {
602         unsigned i;
603         u8 final_fc = PN_NO_FLOW_CONTROL;
604
605         for (i = 0; i < n; i++) {
606                 u8 fc = fcs[i];
607
608                 if (fc > final_fc && fc < PN_MAX_FLOW_CONTROL)
609                         final_fc = fc;
610         }
611         return final_fc;
612 }
613
614 static int pep_connresp_rcv(struct sock *sk, struct sk_buff *skb)
615 {
616         struct pep_sock *pn = pep_sk(sk);
617         struct pnpipehdr *hdr;
618         u8 n_sb;
619
620         if (!pskb_pull(skb, sizeof(*hdr) + 4))
621                 return -EINVAL;
622
623         hdr = pnp_hdr(skb);
624
625         /* Parse sub-blocks */
626         n_sb = hdr->data[4];
627         while (n_sb > 0) {
628                 u8 type, buf[6], len = sizeof(buf);
629                 const u8 *data = pep_get_sb(skb, &type, &len, buf);
630
631                 if (data == NULL)
632                         return -EINVAL;
633
634                 switch (type) {
635                 case PN_PIPE_SB_REQUIRED_FC_TX:
636                         if (len < 2 || len < data[0])
637                                 break;
638                         pn->tx_fc = pipe_negotiate_fc(data + 2, len - 2);
639                         break;
640
641                 case PN_PIPE_SB_PREFERRED_FC_RX:
642                         if (len < 2 || len < data[0])
643                                 break;
644                         pn->rx_fc = pipe_negotiate_fc(data + 2, len - 2);
645                         break;
646
647                 }
648                 n_sb--;
649         }
650
651         sk->sk_state = TCP_SYN_RECV;
652         sk->sk_backlog_rcv = pipe_do_rcv;
653         sk->sk_destruct = pipe_destruct;
654         pn->rx_credits = 0;
655         sk->sk_state_change(sk);
656
657         return pipe_handler_send_created_ind(sk, PNS_PIPE_CREATED_IND);
658 }
659 #endif
660
661 static int pep_connreq_rcv(struct sock *sk, struct sk_buff *skb)
662 {
663         struct sock *newsk;
664         struct pep_sock *newpn, *pn = pep_sk(sk);
665         struct pnpipehdr *hdr;
666         struct sockaddr_pn dst, src;
667         u16 peer_type;
668         u8 pipe_handle, enabled, n_sb;
669         u8 aligned = 0;
670
671         if (!pskb_pull(skb, sizeof(*hdr) + 4))
672                 return -EINVAL;
673
674         hdr = pnp_hdr(skb);
675         pipe_handle = hdr->pipe_handle;
676         switch (hdr->state_after_connect) {
677         case PN_PIPE_DISABLE:
678                 enabled = 0;
679                 break;
680         case PN_PIPE_ENABLE:
681                 enabled = 1;
682                 break;
683         default:
684                 pep_reject_conn(sk, skb, PN_PIPE_ERR_INVALID_PARAM);
685                 return -EINVAL;
686         }
687         peer_type = hdr->other_pep_type << 8;
688
689         if (unlikely(sk->sk_state != TCP_LISTEN) || sk_acceptq_is_full(sk)) {
690                 pep_reject_conn(sk, skb, PN_PIPE_ERR_PEP_IN_USE);
691                 return -ENOBUFS;
692         }
693
694         /* Parse sub-blocks (options) */
695         n_sb = hdr->data[4];
696         while (n_sb > 0) {
697                 u8 type, buf[1], len = sizeof(buf);
698                 const u8 *data = pep_get_sb(skb, &type, &len, buf);
699
700                 if (data == NULL)
701                         return -EINVAL;
702                 switch (type) {
703                 case PN_PIPE_SB_CONNECT_REQ_PEP_SUB_TYPE:
704                         if (len < 1)
705                                 return -EINVAL;
706                         peer_type = (peer_type & 0xff00) | data[0];
707                         break;
708                 case PN_PIPE_SB_ALIGNED_DATA:
709                         aligned = data[0] != 0;
710                         break;
711                 }
712                 n_sb--;
713         }
714
715         skb = skb_clone(skb, GFP_ATOMIC);
716         if (!skb)
717                 return -ENOMEM;
718
719         /* Create a new to-be-accepted sock */
720         newsk = sk_alloc(sock_net(sk), PF_PHONET, GFP_ATOMIC, sk->sk_prot);
721         if (!newsk) {
722                 kfree_skb(skb);
723                 return -ENOMEM;
724         }
725         sock_init_data(NULL, newsk);
726         newsk->sk_state = TCP_SYN_RECV;
727         newsk->sk_backlog_rcv = pipe_do_rcv;
728         newsk->sk_protocol = sk->sk_protocol;
729         newsk->sk_destruct = pipe_destruct;
730
731         newpn = pep_sk(newsk);
732         pn_skb_get_dst_sockaddr(skb, &dst);
733         pn_skb_get_src_sockaddr(skb, &src);
734         newpn->pn_sk.sobject = pn_sockaddr_get_object(&dst);
735         newpn->pn_sk.dobject = pn_sockaddr_get_object(&src);
736         newpn->pn_sk.resource = pn_sockaddr_get_resource(&dst);
737         skb_queue_head_init(&newpn->ctrlreq_queue);
738         newpn->pipe_handle = pipe_handle;
739         atomic_set(&newpn->tx_credits, 0);
740         newpn->peer_type = peer_type;
741         newpn->rx_credits = 0;
742         newpn->rx_fc = newpn->tx_fc = PN_LEGACY_FLOW_CONTROL;
743         newpn->init_enable = enabled;
744         newpn->aligned = aligned;
745
746         BUG_ON(!skb_queue_empty(&newsk->sk_receive_queue));
747         skb_queue_head(&newsk->sk_receive_queue, skb);
748         if (!sock_flag(sk, SOCK_DEAD))
749                 sk->sk_data_ready(sk, 0);
750
751         sk_acceptq_added(sk);
752         sk_add_node(newsk, &pn->ackq);
753         return 0;
754 }
755
756 /* Listening sock must be locked */
757 static struct sock *pep_find_pipe(const struct hlist_head *hlist,
758                                         const struct sockaddr_pn *dst,
759                                         u8 pipe_handle)
760 {
761         struct hlist_node *node;
762         struct sock *sknode;
763         u16 dobj = pn_sockaddr_get_object(dst);
764
765         sk_for_each(sknode, node, hlist) {
766                 struct pep_sock *pnnode = pep_sk(sknode);
767
768                 /* Ports match, but addresses might not: */
769                 if (pnnode->pn_sk.sobject != dobj)
770                         continue;
771                 if (pnnode->pipe_handle != pipe_handle)
772                         continue;
773                 if (sknode->sk_state == TCP_CLOSE_WAIT)
774                         continue;
775
776                 sock_hold(sknode);
777                 return sknode;
778         }
779         return NULL;
780 }
781
782 /*
783  * Deliver an skb to a listening sock.
784  * Socket lock must be held.
785  * We then queue the skb to the right connected sock (if any).
786  */
787 static int pep_do_rcv(struct sock *sk, struct sk_buff *skb)
788 {
789         struct pep_sock *pn = pep_sk(sk);
790         struct sock *sknode;
791         struct pnpipehdr *hdr;
792         struct sockaddr_pn dst;
793         int err = NET_RX_SUCCESS;
794         u8 pipe_handle;
795
796         if (!pskb_may_pull(skb, sizeof(*hdr)))
797                 goto drop;
798
799         hdr = pnp_hdr(skb);
800         pipe_handle = hdr->pipe_handle;
801         if (pipe_handle == PN_PIPE_INVALID_HANDLE)
802                 goto drop;
803
804         pn_skb_get_dst_sockaddr(skb, &dst);
805
806         /* Look for an existing pipe handle */
807         sknode = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
808         if (sknode)
809                 return sk_receive_skb(sknode, skb, 1);
810
811         /* Look for a pipe handle pending accept */
812         sknode = pep_find_pipe(&pn->ackq, &dst, pipe_handle);
813         if (sknode) {
814                 sock_put(sknode);
815                 if (net_ratelimit())
816                         printk(KERN_WARNING"Phonet unconnected PEP ignored");
817                 err = NET_RX_DROP;
818                 goto drop;
819         }
820
821         switch (hdr->message_id) {
822         case PNS_PEP_CONNECT_REQ:
823                 err = pep_connreq_rcv(sk, skb);
824                 break;
825
826 #ifdef CONFIG_PHONET_PIPECTRLR
827         case PNS_PEP_CONNECT_RESP:
828                 err = pep_connresp_rcv(sk, skb);
829                 break;
830 #endif
831
832         case PNS_PEP_DISCONNECT_REQ:
833                 pep_reply(sk, skb, PN_PIPE_NO_ERROR, NULL, 0, GFP_ATOMIC);
834                 break;
835
836         case PNS_PEP_CTRL_REQ:
837                 pep_ctrlreq_error(sk, skb, PN_PIPE_INVALID_HANDLE, GFP_ATOMIC);
838                 break;
839
840         case PNS_PEP_RESET_REQ:
841         case PNS_PEP_ENABLE_REQ:
842         case PNS_PEP_DISABLE_REQ:
843                 /* invalid handle is not even allowed here! */
844         default:
845                 err = NET_RX_DROP;
846         }
847 drop:
848         kfree_skb(skb);
849         return err;
850 }
851
852 static int pipe_do_remove(struct sock *sk)
853 {
854         struct pep_sock *pn = pep_sk(sk);
855         struct pnpipehdr *ph;
856         struct sk_buff *skb;
857
858         skb = alloc_skb(MAX_PNPIPE_HEADER, GFP_KERNEL);
859         if (!skb)
860                 return -ENOMEM;
861
862         skb_reserve(skb, MAX_PNPIPE_HEADER);
863         __skb_push(skb, sizeof(*ph));
864         skb_reset_transport_header(skb);
865         ph = pnp_hdr(skb);
866         ph->utid = 0;
867         ph->message_id = PNS_PIPE_REMOVE_REQ;
868         ph->pipe_handle = pn->pipe_handle;
869         ph->data[0] = PAD;
870
871         return pn_skb_send(sk, skb, NULL);
872 }
873
874 /* associated socket ceases to exist */
875 static void pep_sock_close(struct sock *sk, long timeout)
876 {
877         struct pep_sock *pn = pep_sk(sk);
878         int ifindex = 0;
879
880         sock_hold(sk); /* keep a reference after sk_common_release() */
881         sk_common_release(sk);
882
883         lock_sock(sk);
884         if (sk->sk_state == TCP_LISTEN) {
885                 /* Destroy the listen queue */
886                 struct sock *sknode;
887                 struct hlist_node *p, *n;
888
889                 sk_for_each_safe(sknode, p, n, &pn->ackq)
890                         sk_del_node_init(sknode);
891                 sk->sk_state = TCP_CLOSE;
892         } else if ((1 << sk->sk_state) & (TCPF_SYN_RECV|TCPF_ESTABLISHED)) {
893 #ifndef CONFIG_PHONET_PIPECTRLR
894                 /* Forcefully remove dangling Phonet pipe */
895                 pipe_do_remove(sk);
896 #else
897                 /* send pep disconnect request */
898                 pipe_handler_send_req(sk, PNS_PEP_DISCONNECT_REQ, GFP_KERNEL);
899                 sk->sk_state = TCP_CLOSE;
900 #endif
901         }
902
903         ifindex = pn->ifindex;
904         pn->ifindex = 0;
905         release_sock(sk);
906
907         if (ifindex)
908                 gprs_detach(sk);
909         sock_put(sk);
910 }
911
912 static int pep_wait_connreq(struct sock *sk, int noblock)
913 {
914         struct task_struct *tsk = current;
915         struct pep_sock *pn = pep_sk(sk);
916         long timeo = sock_rcvtimeo(sk, noblock);
917
918         for (;;) {
919                 DEFINE_WAIT(wait);
920
921                 if (sk->sk_state != TCP_LISTEN)
922                         return -EINVAL;
923                 if (!hlist_empty(&pn->ackq))
924                         break;
925                 if (!timeo)
926                         return -EWOULDBLOCK;
927                 if (signal_pending(tsk))
928                         return sock_intr_errno(timeo);
929
930                 prepare_to_wait_exclusive(sk_sleep(sk), &wait,
931                                                 TASK_INTERRUPTIBLE);
932                 release_sock(sk);
933                 timeo = schedule_timeout(timeo);
934                 lock_sock(sk);
935                 finish_wait(sk_sleep(sk), &wait);
936         }
937
938         return 0;
939 }
940
941 static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp)
942 {
943         struct pep_sock *pn = pep_sk(sk);
944         struct sock *newsk = NULL;
945         struct sk_buff *oskb;
946         int err;
947
948         lock_sock(sk);
949         err = pep_wait_connreq(sk, flags & O_NONBLOCK);
950         if (err)
951                 goto out;
952
953         newsk = __sk_head(&pn->ackq);
954
955         oskb = skb_dequeue(&newsk->sk_receive_queue);
956         err = pep_accept_conn(newsk, oskb);
957         if (err) {
958                 skb_queue_head(&newsk->sk_receive_queue, oskb);
959                 newsk = NULL;
960                 goto out;
961         }
962         kfree_skb(oskb);
963
964         sock_hold(sk);
965         pep_sk(newsk)->listener = sk;
966
967         sock_hold(newsk);
968         sk_del_node_init(newsk);
969         sk_acceptq_removed(sk);
970         sk_add_node(newsk, &pn->hlist);
971         __sock_put(newsk);
972
973 out:
974         release_sock(sk);
975         *errp = err;
976         return newsk;
977 }
978
979 #ifdef CONFIG_PHONET_PIPECTRLR
980 static int pep_sock_connect(struct sock *sk, struct sockaddr *addr, int len)
981 {
982         struct pep_sock *pn = pep_sk(sk);
983         const struct sockaddr_pn *spn = (struct sockaddr_pn *)addr;
984
985         pn->pn_sk.dobject = pn_sockaddr_get_object(spn);
986         pn->pn_sk.resource = pn_sockaddr_get_resource(spn);
987         return pipe_handler_send_req(sk, PNS_PEP_CONNECT_REQ, GFP_KERNEL);
988 }
989 #endif
990
991 static int pep_ioctl(struct sock *sk, int cmd, unsigned long arg)
992 {
993         struct pep_sock *pn = pep_sk(sk);
994         int answ;
995
996         switch (cmd) {
997         case SIOCINQ:
998                 if (sk->sk_state == TCP_LISTEN)
999                         return -EINVAL;
1000
1001                 lock_sock(sk);
1002                 if (sock_flag(sk, SOCK_URGINLINE) &&
1003                     !skb_queue_empty(&pn->ctrlreq_queue))
1004                         answ = skb_peek(&pn->ctrlreq_queue)->len;
1005                 else if (!skb_queue_empty(&sk->sk_receive_queue))
1006                         answ = skb_peek(&sk->sk_receive_queue)->len;
1007                 else
1008                         answ = 0;
1009                 release_sock(sk);
1010                 return put_user(answ, (int __user *)arg);
1011         }
1012
1013         return -ENOIOCTLCMD;
1014 }
1015
1016 static int pep_init(struct sock *sk)
1017 {
1018         struct pep_sock *pn = pep_sk(sk);
1019
1020         INIT_HLIST_HEAD(&pn->ackq);
1021         INIT_HLIST_HEAD(&pn->hlist);
1022         skb_queue_head_init(&pn->ctrlreq_queue);
1023         pn->pipe_handle = PN_PIPE_INVALID_HANDLE;
1024         return 0;
1025 }
1026
1027 static int pep_setsockopt(struct sock *sk, int level, int optname,
1028                                 char __user *optval, unsigned int optlen)
1029 {
1030         struct pep_sock *pn = pep_sk(sk);
1031         int val = 0, err = 0;
1032
1033         if (level != SOL_PNPIPE)
1034                 return -ENOPROTOOPT;
1035         if (optlen >= sizeof(int)) {
1036                 if (get_user(val, (int __user *) optval))
1037                         return -EFAULT;
1038         }
1039
1040         lock_sock(sk);
1041         switch (optname) {
1042 #ifdef CONFIG_PHONET_PIPECTRLR
1043         case PNPIPE_PIPE_HANDLE:
1044                 if (val) {
1045                         pn->pipe_handle = val;
1046                         break;
1047                 }
1048 #endif
1049
1050         case PNPIPE_ENCAP:
1051                 if (val && val != PNPIPE_ENCAP_IP) {
1052                         err = -EINVAL;
1053                         break;
1054                 }
1055                 if (!pn->ifindex == !val)
1056                         break; /* Nothing to do! */
1057                 if (!capable(CAP_NET_ADMIN)) {
1058                         err = -EPERM;
1059                         break;
1060                 }
1061                 if (val) {
1062                         release_sock(sk);
1063                         err = gprs_attach(sk);
1064                         if (err > 0) {
1065                                 pn->ifindex = err;
1066                                 err = 0;
1067                         }
1068                 } else {
1069                         pn->ifindex = 0;
1070                         release_sock(sk);
1071                         gprs_detach(sk);
1072                         err = 0;
1073                 }
1074                 goto out_norel;
1075
1076 #ifdef CONFIG_PHONET_PIPECTRLR
1077         case PNPIPE_ENABLE:
1078                 if ((1 << sk->sk_state) & ~(TCPF_SYN_RECV|TCPF_ESTABLISHED)) {
1079                         err = -ENOTCONN;
1080                         break;
1081                 }
1082                 err = pipe_handler_enable_pipe(sk, val);
1083                 break;
1084 #endif
1085
1086         default:
1087                 err = -ENOPROTOOPT;
1088         }
1089         release_sock(sk);
1090
1091 out_norel:
1092         return err;
1093 }
1094
1095 static int pep_getsockopt(struct sock *sk, int level, int optname,
1096                                 char __user *optval, int __user *optlen)
1097 {
1098         struct pep_sock *pn = pep_sk(sk);
1099         int len, val;
1100
1101         if (level != SOL_PNPIPE)
1102                 return -ENOPROTOOPT;
1103         if (get_user(len, optlen))
1104                 return -EFAULT;
1105
1106         switch (optname) {
1107         case PNPIPE_ENCAP:
1108                 val = pn->ifindex ? PNPIPE_ENCAP_IP : PNPIPE_ENCAP_NONE;
1109                 break;
1110
1111         case PNPIPE_IFINDEX:
1112                 val = pn->ifindex;
1113                 break;
1114
1115 #ifdef CONFIG_PHONET_PIPECTRLR
1116         case PNPIPE_ENABLE:
1117                 val = sk->sk_state == TCP_ESTABLISHED;
1118                 break;
1119 #endif
1120
1121         default:
1122                 return -ENOPROTOOPT;
1123         }
1124
1125         len = min_t(unsigned int, sizeof(int), len);
1126         if (put_user(len, optlen))
1127                 return -EFAULT;
1128         if (put_user(val, (int __user *) optval))
1129                 return -EFAULT;
1130         return 0;
1131 }
1132
1133 static int pipe_skb_send(struct sock *sk, struct sk_buff *skb)
1134 {
1135         struct pep_sock *pn = pep_sk(sk);
1136         struct pnpipehdr *ph;
1137         int err;
1138
1139         if (pn_flow_safe(pn->tx_fc) &&
1140             !atomic_add_unless(&pn->tx_credits, -1, 0)) {
1141                 kfree_skb(skb);
1142                 return -ENOBUFS;
1143         }
1144
1145         skb_push(skb, 3 + pn->aligned);
1146         skb_reset_transport_header(skb);
1147         ph = pnp_hdr(skb);
1148         ph->utid = 0;
1149         if (pn->aligned) {
1150                 ph->message_id = PNS_PIPE_ALIGNED_DATA;
1151                 ph->data[0] = 0; /* padding */
1152         } else
1153                 ph->message_id = PNS_PIPE_DATA;
1154         ph->pipe_handle = pn->pipe_handle;
1155         err = pn_skb_send(sk, skb, NULL);
1156
1157         if (err && pn_flow_safe(pn->tx_fc))
1158                 atomic_inc(&pn->tx_credits);
1159         return err;
1160
1161 }
1162
1163 static int pep_sendmsg(struct kiocb *iocb, struct sock *sk,
1164                         struct msghdr *msg, size_t len)
1165 {
1166         struct pep_sock *pn = pep_sk(sk);
1167         struct sk_buff *skb;
1168         long timeo;
1169         int flags = msg->msg_flags;
1170         int err, done;
1171
1172         if ((msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_NOSIGNAL|
1173                                 MSG_CMSG_COMPAT)) ||
1174                         !(msg->msg_flags & MSG_EOR))
1175                 return -EOPNOTSUPP;
1176
1177         skb = sock_alloc_send_skb(sk, MAX_PNPIPE_HEADER + len,
1178                                         flags & MSG_DONTWAIT, &err);
1179         if (!skb)
1180                 return err;
1181
1182         skb_reserve(skb, MAX_PHONET_HEADER + 3);
1183         err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len);
1184         if (err < 0)
1185                 goto outfree;
1186
1187         lock_sock(sk);
1188         timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1189         if ((1 << sk->sk_state) & (TCPF_LISTEN|TCPF_CLOSE)) {
1190                 err = -ENOTCONN;
1191                 goto out;
1192         }
1193         if (sk->sk_state != TCP_ESTABLISHED) {
1194                 /* Wait until the pipe gets to enabled state */
1195 disabled:
1196                 err = sk_stream_wait_connect(sk, &timeo);
1197                 if (err)
1198                         goto out;
1199
1200                 if (sk->sk_state == TCP_CLOSE_WAIT) {
1201                         err = -ECONNRESET;
1202                         goto out;
1203                 }
1204         }
1205         BUG_ON(sk->sk_state != TCP_ESTABLISHED);
1206
1207         /* Wait until flow control allows TX */
1208         done = atomic_read(&pn->tx_credits);
1209         while (!done) {
1210                 DEFINE_WAIT(wait);
1211
1212                 if (!timeo) {
1213                         err = -EAGAIN;
1214                         goto out;
1215                 }
1216                 if (signal_pending(current)) {
1217                         err = sock_intr_errno(timeo);
1218                         goto out;
1219                 }
1220
1221                 prepare_to_wait(sk_sleep(sk), &wait,
1222                                 TASK_INTERRUPTIBLE);
1223                 done = sk_wait_event(sk, &timeo, atomic_read(&pn->tx_credits));
1224                 finish_wait(sk_sleep(sk), &wait);
1225
1226                 if (sk->sk_state != TCP_ESTABLISHED)
1227                         goto disabled;
1228         }
1229
1230         err = pipe_skb_send(sk, skb);
1231         if (err >= 0)
1232                 err = len; /* success! */
1233         skb = NULL;
1234 out:
1235         release_sock(sk);
1236 outfree:
1237         kfree_skb(skb);
1238         return err;
1239 }
1240
1241 int pep_writeable(struct sock *sk)
1242 {
1243         struct pep_sock *pn = pep_sk(sk);
1244
1245         return atomic_read(&pn->tx_credits);
1246 }
1247
1248 int pep_write(struct sock *sk, struct sk_buff *skb)
1249 {
1250         struct sk_buff *rskb, *fs;
1251         int flen = 0;
1252
1253         if (pep_sk(sk)->aligned)
1254                 return pipe_skb_send(sk, skb);
1255
1256         rskb = alloc_skb(MAX_PNPIPE_HEADER, GFP_ATOMIC);
1257         if (!rskb) {
1258                 kfree_skb(skb);
1259                 return -ENOMEM;
1260         }
1261         skb_shinfo(rskb)->frag_list = skb;
1262         rskb->len += skb->len;
1263         rskb->data_len += rskb->len;
1264         rskb->truesize += rskb->len;
1265
1266         /* Avoid nested fragments */
1267         skb_walk_frags(skb, fs)
1268                 flen += fs->len;
1269         skb->next = skb_shinfo(skb)->frag_list;
1270         skb_frag_list_init(skb);
1271         skb->len -= flen;
1272         skb->data_len -= flen;
1273         skb->truesize -= flen;
1274
1275         skb_reserve(rskb, MAX_PHONET_HEADER + 3);
1276         return pipe_skb_send(sk, rskb);
1277 }
1278
1279 struct sk_buff *pep_read(struct sock *sk)
1280 {
1281         struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
1282
1283         if (sk->sk_state == TCP_ESTABLISHED)
1284                 pipe_grant_credits(sk);
1285         return skb;
1286 }
1287
1288 static int pep_recvmsg(struct kiocb *iocb, struct sock *sk,
1289                         struct msghdr *msg, size_t len, int noblock,
1290                         int flags, int *addr_len)
1291 {
1292         struct sk_buff *skb;
1293         int err;
1294
1295         if (flags & ~(MSG_OOB|MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_WAITALL|
1296                         MSG_NOSIGNAL|MSG_CMSG_COMPAT))
1297                 return -EOPNOTSUPP;
1298
1299         if (unlikely(1 << sk->sk_state & (TCPF_LISTEN | TCPF_CLOSE)))
1300                 return -ENOTCONN;
1301
1302         if ((flags & MSG_OOB) || sock_flag(sk, SOCK_URGINLINE)) {
1303                 /* Dequeue and acknowledge control request */
1304                 struct pep_sock *pn = pep_sk(sk);
1305
1306                 if (flags & MSG_PEEK)
1307                         return -EOPNOTSUPP;
1308                 skb = skb_dequeue(&pn->ctrlreq_queue);
1309                 if (skb) {
1310                         pep_ctrlreq_error(sk, skb, PN_PIPE_NO_ERROR,
1311                                                 GFP_KERNEL);
1312                         msg->msg_flags |= MSG_OOB;
1313                         goto copy;
1314                 }
1315                 if (flags & MSG_OOB)
1316                         return -EINVAL;
1317         }
1318
1319         skb = skb_recv_datagram(sk, flags, noblock, &err);
1320         lock_sock(sk);
1321         if (skb == NULL) {
1322                 if (err == -ENOTCONN && sk->sk_state == TCP_CLOSE_WAIT)
1323                         err = -ECONNRESET;
1324                 release_sock(sk);
1325                 return err;
1326         }
1327
1328         if (sk->sk_state == TCP_ESTABLISHED)
1329                 pipe_grant_credits(sk);
1330         release_sock(sk);
1331 copy:
1332         msg->msg_flags |= MSG_EOR;
1333         if (skb->len > len)
1334                 msg->msg_flags |= MSG_TRUNC;
1335         else
1336                 len = skb->len;
1337
1338         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
1339         if (!err)
1340                 err = (flags & MSG_TRUNC) ? skb->len : len;
1341
1342         skb_free_datagram(sk, skb);
1343         return err;
1344 }
1345
1346 static void pep_sock_unhash(struct sock *sk)
1347 {
1348         struct pep_sock *pn = pep_sk(sk);
1349         struct sock *skparent = NULL;
1350
1351         lock_sock(sk);
1352
1353 #ifndef CONFIG_PHONET_PIPECTRLR
1354         if ((1 << sk->sk_state) & ~(TCPF_CLOSE|TCPF_LISTEN)) {
1355                 skparent = pn->listener;
1356                 release_sock(sk);
1357
1358                 pn = pep_sk(skparent);
1359                 lock_sock(skparent);
1360                 sk_del_node_init(sk);
1361                 sk = skparent;
1362         }
1363 #endif
1364         /* Unhash a listening sock only when it is closed
1365          * and all of its active connected pipes are closed. */
1366         if (hlist_empty(&pn->hlist))
1367                 pn_sock_unhash(&pn->pn_sk.sk);
1368         release_sock(sk);
1369
1370         if (skparent)
1371                 sock_put(skparent);
1372 }
1373
1374 static struct proto pep_proto = {
1375         .close          = pep_sock_close,
1376         .accept         = pep_sock_accept,
1377 #ifdef CONFIG_PHONET_PIPECTRLR
1378         .connect        = pep_sock_connect,
1379 #endif
1380         .ioctl          = pep_ioctl,
1381         .init           = pep_init,
1382         .setsockopt     = pep_setsockopt,
1383         .getsockopt     = pep_getsockopt,
1384         .sendmsg        = pep_sendmsg,
1385         .recvmsg        = pep_recvmsg,
1386         .backlog_rcv    = pep_do_rcv,
1387         .hash           = pn_sock_hash,
1388         .unhash         = pep_sock_unhash,
1389         .get_port       = pn_sock_get_port,
1390         .obj_size       = sizeof(struct pep_sock),
1391         .owner          = THIS_MODULE,
1392         .name           = "PNPIPE",
1393 };
1394
1395 static struct phonet_protocol pep_pn_proto = {
1396         .ops            = &phonet_stream_ops,
1397         .prot           = &pep_proto,
1398         .sock_type      = SOCK_SEQPACKET,
1399 };
1400
1401 static int __init pep_register(void)
1402 {
1403         return phonet_proto_register(PN_PROTO_PIPE, &pep_pn_proto);
1404 }
1405
1406 static void __exit pep_unregister(void)
1407 {
1408         phonet_proto_unregister(PN_PROTO_PIPE, &pep_pn_proto);
1409 }
1410
1411 module_init(pep_register);
1412 module_exit(pep_unregister);
1413 MODULE_AUTHOR("Remi Denis-Courmont, Nokia");
1414 MODULE_DESCRIPTION("Phonet pipe protocol");
1415 MODULE_LICENSE("GPL");
1416 MODULE_ALIAS_NET_PF_PROTO(PF_PHONET, PN_PROTO_PIPE);