hartkopp [Sat, 1 Jan 2011 17:14:20 +0000 (17:14 +0000)]
can-bcm: Use inode instead of kernel address for /proc file
Since the socket address is just being used as a unique identifier, its
inode number is an alternative that does not leak potentially sensitive
information.
CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83
hartkopp [Thu, 9 Dec 2010 18:58:59 +0000 (18:58 +0000)]
cangw: Do not use skb->sk to detect already routed CAN frames.
As the latest changes to the can-gw have shown, the use of skb->sk created
several problems and still looks like a bad hack.
While checking the struct skbuff for usable containers to detect routed CAN-
frames that do not interfere with other sophisticated network technique, the
pointers to the [transport|network|mac]_header looked interesting.
So we mark routed frames by setting some mac header length which is not
relevant for the CAN frames located in the skb->data section.
As dev->header_ops is not set in CAN netdevices no one is ever accessing the
various header offsets in the CAN skbuffs anyway. E.g. using the packet socket
to read CAN frames is still working after this change to gw.c .
hartkopp [Thu, 9 Dec 2010 18:03:47 +0000 (18:03 +0000)]
slcan: Add missing linux/sched.h include.
drivers/net/can/slcan.c: In function 'slcan_open':
drivers/net/can/slcan.c:568: error: dereferencing pointer to incomplete type
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=84b3cdc38cd2882d7ac3c2ae4b6faf5c199874e3
hartkopp [Mon, 6 Dec 2010 16:44:00 +0000 (16:44 +0000)]
skb->sk is used in dev_pick_tx() which is called from dev_queue_xmit(). If
sk points to an arbitrary magic value, dev_pick_tx() returns a wrong value,
which can lead to various memory corruption bugs.
hartkopp [Sun, 5 Dec 2010 19:37:16 +0000 (19:37 +0000)]
RTNL is used as a global lock for all changes to network configuration.
Therefore the cgw_list_lock was obvoiusly over-engineered 8-)
This patch makes use of the rtnl_lock to protect cangw route entry changes.
hartkopp [Tue, 30 Nov 2010 19:27:36 +0000 (19:27 +0000)]
capabilities have been dropped in 2.6.33
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.33.y.git;a=commitdiff;h=13f18aa05f5abe135f47b6417537ae2b2fedc18c
hartkopp [Thu, 18 Nov 2010 20:19:23 +0000 (20:19 +0000)]
slcan: This commit reverts commit rev1171 that has been done to
enable the swtc char hack. Once swtc has gone the upstream commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5342b77c4123ba39f911d92a813295fb3bb21f69
is restored now to his original extend.
hartkopp [Thu, 18 Nov 2010 19:51:14 +0000 (19:51 +0000)]
Mostly cosmetic changes to make the code look similar to the latest
net-next-2.6/drivers/net/slip.c code where it has been updated since
we branched slcan.c.
hartkopp [Mon, 15 Nov 2010 15:08:36 +0000 (15:08 +0000)]
isotp: the timestamp for rx stmin enforcement was reset in the function that
receives the flow control. Of course it has to be in the funtion that sends
the FC to the sender of the data. :-(
This patch fixes the rx/tx issue.
hartkopp [Sun, 14 Nov 2010 08:55:06 +0000 (08:55 +0000)]
Added new socketoptions to force the isotp protocol to intentionally
misbehave for regression tests.
CAN_ISOTP_TX_STMIN:
Set a value in nano secs that's used as minimum CF gap by the sender.
This value is used instead of the value provided by the receiver inside the FC.
CAN_ISOTP_RX_STMIN:
Ignores received CF frames which timestamps differ less than this value in nano
secs. This is used to test the receivers misbehaviour when the receiver
provides a lower stmin value that he's able to cope with. Received CF frames
are silently dropped when they come faster than specified by this value.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> CC: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream Commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0597d1b99fcfc2c0eada09a698f85ed413d4ba84
hartkopp [Fri, 22 Oct 2010 05:24:03 +0000 (05:24 +0000)]
can-raw: add msg_flags to distinguish local traffic
CAN has no addressing scheme. It is currently impossible for userspace
to tell is a received CAN frame comes from another process on the local
host, or from a remote CAN device.
This patch add support for userspace applications to distinguish between
'own', 'local' and 'remote' CAN traffic. The distinction is made by returning
flags in msg->msg_flags in the call to recvmsg().
The added documentation explains the introduced flags.
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=1e55659ce6ddb5247cee0b1f720d77a799902b85
Added information how to obtain timestamps as suggested by
Daniele Venzano <venza@brownhat.org>. Extended the possibility
to get timestamps via recvmsg().
On 64bit systems a 'long' is a 64bit value but the target values of scanf()
are always 32bit in the affected code - which means just an 'unsigned int'.
Unsigned int is fine on 32 and 64 bit systems.
Fixed calculation of needed bits on the physical wire according Ken Tindells
*worst* case calculation for stuff-bits.
(see "Guaranteeing Message Latencies on Controller Area Network" 1st ICC'94)
Due to the bitstuffing estimation the calculated busload may exceed 100%.
hartkopp [Fri, 13 Aug 2010 16:15:16 +0000 (16:15 +0000)]
can: add limit for nframes and clean up signed/unsigned variables
This patch adds a limit for nframes as the number of frames in TX_SETUP and
RX_SETUP are derived from a single byte multiplex value by default.
Use-cases that would require to send/filter more than 256 CAN frames should
be implemented in userspace for complexity reasons anyway.
Additionally the assignments of unsigned values from userspace to signed
values in kernelspace and vice versa are fixed by using unsigned values in
kernelspace consistently.
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Reported-by: Ben Hawkes <hawkes@google.com> Acked-by: Urs Thuermann <urs.thuermann@volkswagen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=5b75c4973ce779520b9d1e392483207d6f842cde
can-calc-bit-timing: calculate bit timings for all known controllers by default
When testing or improving the bit timing algorithm, you're probably
interested in the values of all can controllers. Further you might not
know the all reference clocks of the controllers.
This patch add a "ref_clock" member to the "struct can_bittiming_const"
that holds the reference clock of the controller in Hz.
By default now the bit timing is calculated for all known can
controllers with the default ref_clock defined in "can_bittiming_const".
It's still possible to overwrite the ref clock with the command line
option "-c".
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1188 030b6a49-0b11-0410-94ab-b0dab22257f2
can-calc-bit-timing: improve printing of bit timing parameters
This patch adds additional fields when printing the bit timing
parameters. Now the real bitrate the nominal and the real sample point
as well as the error of the sample point is displayed.
can-calc-bit-timing: use algorithm from the kernel
This patch copies the algorithm functions (can_update_spt and
can_calc_bittiming) from the kernel. Then some glue code is added that
these functions compile in userspace.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1186 030b6a49-0b11-0410-94ab-b0dab22257f2
The cleanup of slc_alloc() integrated in SVN Rev1095 based on upstream commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5342b77c4123ba39f911d92a813295fb3bb21f69
was not really Kernel-version depended ...
So far this code section is needed for the changes added in SVN Rev1170 so we
would need to revisit this code when mainlining the driver.
Added possibility to force the slcan driver to use a specific device number
when set via SWTC char (e.g. with stty). See thread
https://lists.berlios.de/pipermail/socketcan-users/2010-April/001378.html
Provided by Stephen Hellriegel <Stephen.Hellriegel@verari.com>
So far this change only applies for Kernels < 2.6.32 ...
There is no reason why the 'real' SLCAN interfaces should have a different
naming scheme than other 'real' CAN interfaces.
So create canX instead of slcX network device names with the slcan driver.
As Stephen Hellriegel pointed out in
https://lists.berlios.de/pipermail/socketcan-users/2010-April/001378.html
it does not make sense to monitor the tx data flow in the slcan driver as
we do not know anything about the CAN specific problems that may occur in the
slcan device.
Therefore we just wait until the ASCII data is sent on the serial line without
having a separate timeout handler in the slcan driver.
- rework internal structures to prepare routings and modifications of CAN traffic also to non-CAN interfaces
- fix reading of netlink messages in cangw.c (added RTCAN_RTA / RTCAN_PAYLOAD macros)
- rework reading of gw-job lists in cgw_dump_jobs()
- rename of functions and API definitions to have a common namespace cgw_
- added infrastructure to perform crc8 and xor checksums in CAN frame data[]
TODO:
- add and test functionality for crc8 and xor checksums in CAN frame data[]
- add help text for crc8 and xor checksums in CAN frame data[]
hartkopp [Wed, 17 Mar 2010 19:21:38 +0000 (19:21 +0000)]
Some binaries in can-utils depend on features in the socket-can svn
repository. Building with exported headers from an unpatched kernel will
fail due to missing symbols or headers.
This patch adds two make variables to optionally disable building such
binaries, like this:
make PROGRAMS_ISOTP= PROGRAMS_CANGW= PROGRAMS_SLCAN= all
Signed-off-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1163 030b6a49-0b11-0410-94ab-b0dab22257f2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1156 030b6a49-0b11-0410-94ab-b0dab22257f2
wolf [Fri, 5 Mar 2010 09:11:52 +0000 (09:11 +0000)]
can: netlink support for bus-error reporting and counters
This patch makes the bus-error reporting configurable and allows to
retrieve the CAN TX and RX bus error counters via netlink interface.
I have added support for the SJA1000. The TX and RX bus error counters
are also copied to the data fields 6..7 of error messages when state
changes are reported.
hartkopp [Thu, 25 Feb 2010 17:10:40 +0000 (17:10 +0000)]
softing_cs: fix for net-next-2.6 (2.6.33+)
The pcmcia_request_window() is postponed a little, as some flags must be
set before this call (I believe). It is a small change, but with some
noise in the patch. Same with softing_card_irq().
The netif_start_queue() is omitted, as softing_cycle() does a
netif_wake_queue().
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be> Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1146 030b6a49-0b11-0410-94ab-b0dab22257f2
hartkopp [Thu, 25 Feb 2010 08:04:22 +0000 (08:04 +0000)]
can: mscan-mpc5xxx: fix broken support for the MPC5200
Due to an invalid "#ifdef CONFIG_PPC_MPC5200", the real clock setup
function was not called for the MPC5200.
Signed-off-by: Wolfgang Grandegger <wg@denx.de> Acked-by: Wolfram Sang <w.sang@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Upstream commit
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=c5bab5e94d148aee2c852450374143c89aa56511
hartkopp [Sat, 20 Feb 2010 18:04:56 +0000 (18:04 +0000)]
Copy the struct members separately to ensure that no uninitialized
data are copied in the 3 bytes hole of the struct. This is needed
to make easy compares of the data in the struct can_can_gw.
hartkopp [Fri, 19 Feb 2010 13:33:59 +0000 (13:33 +0000)]
Added cangw netlink gateway configuration tool.
TODO (in both cangw and can-gw.ko) : Support removal and listing of rules.
So far the gateway jobs are only removed on can-gw.ko module unload or when
the used CAN netdevices disappear.
wolf [Fri, 19 Feb 2010 09:02:36 +0000 (09:02 +0000)]
ems_pcmcia: Fix compiler errors with recent net-next-2.6
Fix compiler errors with recent net-next-2.6 for 2.6.33
- Removed IRQInfo1 (as for irq_req_t)
- window_handle_t is now unsigned long instead of window_t*
- pcmcia_request_window needs now only a pointer, not pointer to pointer
- pass struct pcmcia_device pointer to pcmcia_map_mem_page
- Replaced cs_error function with dbg_err
Signed-off-by: Markus Plessing <plessing@ems-wuensche.com>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1135 030b6a49-0b11-0410-94ab-b0dab22257f2