rmnet_data netlink handler currently does not check for the
incoming process pid and instead just loops back the pid.
A malicious root user could potentially send a message with
source pid 0 and this could cause rmnet_data to loop the message
back till an out of memory situation occurs.
rmnet_data also does not check for the message length of the
incoming netlink messages and instead casts the netlink message
without checking for the boundary.
Fix these two scenarios by adding the pid and message length checks
respectively.
Bug: 31252965
CRs-Fixed: 1098801
Change-Id: I172c1a7112e67e82959b397af7ddfd963d819bdc
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Avoid spamming the kernel logs when clients query for the
presence of wireless extensions.
Also fix a typo in the original log message.
Change-Id: I1b56e787624ea2b7e4294d25bd33052a5189f645
Signed-off-by: Naveen Ramaraj <nramaraj@codeaurora.org>
Flow control the entire RmNet Data virtual network device whenever
we receive a MAP flow control command with flow ID 0xFFFFFFFF. Since
it is guaranteed that we will never mix 0xFFFFFFFF with other flow IDs
(e.g.. disable 0xFFFFFFFF enable 0x00000001), TC based flow control
is not required. Instead netif stop/wake queue APIs are used in immediate
context.
CRs-Fixed: 767337
Change-Id: I8eff0988fa38726284789b70e045cc4b1dbb5d4e
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Whenever handling a force-unassociate, make sure the device is closed
before freeing the logical endoint configuration. Whenever the endpoint
config is cleared, the egress device is set to null. This can cause null
pointer dereference if the endpoint config is cleared at the same time a
packet is being transmitted.
[ 479.906025] [RMNET:HI] rmnet_config_notify_cb(): Kernel is trying to un
register rmnet_ipa0
[ 479.913428] Unable to handle kernel NULL pointer dereference at virtual
address 000002c0
[ 480.068123] [<ffffffc000c73608>] rmnet_egress_handler+0x30/0x2bc
[ 480.074109] [<ffffffc000c728e8>] rmnet_vnd_start_xmit+0x108/0x13c
[ 480.080192] [<ffffffc000ae42ec>] dev_hard_start_xmit+0x260/0x484
[ 480.086178] [<ffffffc000afd390>] sch_direct_xmit+0x68/0x198
[ 480.091732] [<ffffffc000afd5b0>] __qdisc_run+0xf0/0x140
[ 480.096938] [<ffffffc000ae4794>] dev_queue_xmit+0x284/0x400
Change-Id: Ib87b123dc565b087374dfde6d3c40ddccf2a257d
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Do not aggregate frames if they are sapced out more than 10ms. Since the
scedule_delayed_work() API only takes time in jiffies, ping packets
are getting substantially delayed. Instead, just send them. This parameter
is tunable from the module parameters location.
CRs-Fixed: 772705
Change-Id: I6ac337c8d61b1290f939b86081070c14c2c757b1
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Accumulation logic now respects max packet count as well as buffer size.
Additionally, packets will get shipped if they have been sitting around
for more than 1ms. This parameter is tunable from the module parameters
location.
CRs-Fixed: 772705
Change-Id: I1b5cb597ef6adfe19df590582f9a6cae091c5977
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Set rmnet_data virtual network devices with NETIF_F_IPV6_UDP_CSUM
to support uplink checksum offloading to HW for IPv6 over UDP
packets.
CRs-fixed: 731693
Change-Id: I6c06fb4d137d4e96a813894802e3096c26e88da4
Signed-off-by: Sivan Reinstein <sivanr@codeaurora.org>
Add UL checksum offload routines for MAPv3. Can bypass checksum software
for IPv4/IPv6 TCP/UDP protocols.
Set rmnet_data VNDs hw_flags to NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM to
define the checksum offload abilities.
Add UL checksum meta-info header for IPv4/IPv6 TCP/UDP packets for which
UL checksum is being offloaded.
CRs-fixed: 731693
Change-Id: Ief139d357b528aead66acfe39a5227328b8fbf93
Signed-off-by: Sivan Reinstein <sivanr@codeaurora.org>
Checksum offload routine should skip checksum fixup computation on
IPv4 UDP packets which have the checksum field set to 0 by the sender.
This is allowed by RFC768. Packets are marked as checksum unnecessary
and shipped up the stack as-is.
CRs-Fixed: 755544
Change-Id: I0432c3e1b25196134ecc8bbbe23c9cab46666d5c
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Better document the configuration structures and the element usage.
Anticipating more elements being added in the near term.
Change-Id: I5ca90b7a776072d6b1ac4838782cada38f4fea3b
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Support the full range of mux IDs for special channels which have large
ID numbers. Expected runtime memory impact is an increase of ~1.5KB per
attached physical network device.
Change-Id: Ic9db497708064c31fe7ed588a855311b50d55e19
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Fix an out of bounds array access during virtual
net device creation
CRs-fixed: 695032
Change-Id: Ie8ae1f25122f685c22d139d1abf06acf55d46782
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Replace all instances of RMNET_USE_BIG_ENDIAN_STRUCTS in header
definitions with #if defined(__LITTLE_ENDIAN_BITFIELD). The replacement
macro is well known and used in the core network stack.
Change-Id: I9a174ca40e186024ee9535e1b6c458bec60d09dc
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Expose the MAP header to the rest of the kernel and user space. Useful for
making various parts of the kernel MAP aware. Keeping consistency with
other networking procols by exposing protocol headers to user space with
a header file in UAPI.
CRs-Fixed: 681280
Change-Id: Ic7f414f926f68531418725f971ab2b44459f5ea1
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
skb->tail and skb->end are defined as character pointers in 32 bit
environments and as integers in other environments. Fix compilation
issues seen in the packet logging functions as a result of the data
type mismtach in 64 bit environments.
CRs-fixed: 665364
Change-Id: Ie70e01ce0678947d9c8cd924fe99b89ce319d4e5
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
RmNet Data does not explicitly catch 0-length MAP frames when
de-aggregating frames. This causes the empty MAP frames to get dropped
at a later point in MAP processing, causing the drop counters to get
skewed with benign drops. This patch explicitly handles 0-length
MAP frames and adds a dedicated drop counter. This change is required
on hardware which generates 0-length MAP frames.
CRs-Fixed: 673296
Change-Id: I8e7210403d35018bffa8f45ea1b4b5752f3e30be
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Add a call to unregister_netdevice_notifier in rmnet_config_exit,
and fix some compilation warnings.
CRs-Fixed: 633585
Change-Id: I0e61c5460b927c3348f4e9815bbd9f842488f14d
Acked-by: Sivan Reinstein <sivanr@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Added support for RMNET_NETLINK_GET_LOGICAL_EP_CONFIG
and RMNET_NETLINK_GET_NETWORK_DEVICE_ASSOCIATED in the
rmnet_data configuration module.
CRs-fixed: 599231
Change-Id: Ib5eeb4a37f80a4df19cb3c1ef02ec477f5445740
Acked-by: David Arinzon <darinzon@qti.qualcomm.com>
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Clear out VNDs which have their egress device pointing to an interface
which is trying to unregister from the network stack. Required to prevent
systems hangs on unexpected shutdown/reboot of the device.
CRs-Fixed: 638324
Change-Id: I406270fee9feb1f9673b3391ce51c11e8e6c9d81
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
When IFF_NOARP flag is set for a device, the kernel automatically
sets the accept_dad flag to -1 even though autoconf is enabled.
As a result, nodes on that link were not receiving neighbour
solicitations. Removed the setting of IFF_NOARP during net device
setup.
CRs-Fixed: 629099
Change-Id: Ia8b5d1163196cc0518a20beba643930b4f439771
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Clients consuming the 8-byte QoS header expect the flowID
in a different position in the header thus causing random address
dereference and a potential crash. Update the 8-byte QoS header
format structure as specified in the mandated QOS specification
CRs-Fixed: 625709
Change-Id: I58c662ff2f3adfe9584d19891339ea31ce0c8bd3
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Adding initial support for ftrace events in order to help with
profiling and debugging. This initial set of events covers the
ingress and egress handlers.
Change-Id: I296d6fb9d009d8fdc2061e17d25e1275ee0a8a12
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
This patch modifies the rmnet ioctls RMNET_IOCTL_GET_LLP,
RMNET_IOCTL_GET_QOS, RMNET_IOCTL_GET_OPMODE, RMNET_IOCTL_FLOW_ENABLE
and RMNET_IOCTL_FLOW_DISABLE to avoid putting integral data in pointers
and avoid casting between 32 and 64 bits types.
CRs-Fixed: 601207
Change-Id: I66edb785f6204f38b6f0ecccb2ceab36d5e38188
Acked-by: Sivan Reinstein <sivanr@qti.qualcomm.com>
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
The lack of newline characters causes messy printouts over serial.
This patch corrects the problem for easier readability.
Change-Id: I38df34eb4a705d8c0fcd3243b7e756967bc7d5a9
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Added performance counters to various key places in RmNet Data
data path.
CRs-Fixed: 600629
Change-Id: Iba50c86665e181e09525e9538a540e09e526e16f
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
The default value of tx_queue_len was 0 which was causing packet
drops because of queueing in tc.
This patch sets a fixed value for the tx_queue_len
CRs-Fixed: 609873
Change-Id: I51739e63223b563f7cf8838d88908db7dcc9bf3e
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Logging macros now enforce that function names are printed, and
newlines are inserted at the end. The start of log messages are
now standardize.
CRs-Fixed: 600629
Change-Id: I91dae00c331af80954b93eba1f7be2889c569276
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Added new parameter tail_spacing to
RMNET_NETLINK_SET_LINK_INGRESS_DATA_FORMAT in order to support
an additional fixed padding on packets. Required to support RNDIS
tethering.
CRs-Fixed: 579184
Change-Id: I58bbbfbaa68a28b25a96f52b04165285de9c24ef
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
This patch modified the main ingress handler to not drop MAP packets
when in bridge mode. This is required to support bridging of MAP
packets between two endpoints.
CRs-Fixed: 590888
Change-Id: If0b6f6434ec95c36e0f46bbe70ea65fa50b03b15
Acked-by: David Arinzon <darinzon@qti.qualcomm.com>
Signed-off-by: Harout Hadeshian <harouth@codeaurora.org>
Gracefully handle device unregister notifications. Cleans
up any logical endpoints configured on a physical devices
and then unassociates it. Required to prevent crash if
references are held too long.
CRs-Fixed: 596227
Change-Id: I02d08e07e74510b7a8dffbefa99e651e0100db23
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Cleaned up refcount on get_dev_by_name.
Added new APIs to support cleanup of configuration and virtual devices.
Added explicit reference managment in association/un-association
and when setting/unsetting logical EP.
CRs-Fixed: 596227
Change-Id: Ic67bb649b0f0420d9a1e4bf5664ed63c0ff7d8bf
Signed-off-by: Harout Hadeshian <harouth@codeaurora.org>
Implement 8-byte QoS header support in order to fix alignment
issues on HSIC transport and increase throughput
CRs-Fixed: 579132
Change-Id: I3e53571d36bd71705abcb1473290929f8227e6f3
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Implement MAP based in-band flow control. Added 2 new configuration
messages to allow adding and deleting flow handles. Added handlers
in VND for flow control events. Added flow control command handler
in rmnet_map_commands.
CRs-fixed: 568534
Change-Id: Ica52e4ad89430c9fa5e2b38e389ee6bc91de2e9b
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Set the skb->protocol field to ETH_P_MAP for egress packets which
have MAP enabled. Required for lower level drivers to ensure that
only MAP packets are being transmitted.
CRs-Fixed: 554883
Change-Id: I6fa852344ef36e079cc610cbed152555aae9d6f2
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Run-time user space components can now specify virtual network device
name prefix at device creation. This will be used to support legacy
data services.
CRs-Fixed: 555507
Change-Id: Id34c2761f2060e66b05c521304d5151620ba5665
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Removed incorrect compiler macro comments in MAP header file.
Comments are now up fixed up to standards.
CRs-Fixed: 553399
Change-Id: I6373753e644f3801b7a25184e4cff5772f365a02
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
RmNet Data driver provides a transport agnostic MAP (multiplexing and
aggregation protocol) support in embedded and bridge modes. Module
provides virtual network devices which can be attached to any IP-mode
physical device. This will be used to provide all MAP functionality
on future hardware in a single consistent location.
CRs-Fixed: 525675
Change-Id: I739947c9c3de008974dd485a74e9953ba2cbb75e
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Subash Abhinov Kasiviswanathan