Merge tag 'linux-can-fixes-for-5.4-20191113' of...

			      void *data);

extern int can_send(struct sk_buff *skb, int loop);

void can_sock_destruct(struct sock *sk);

#endif /* !_CAN_CORE_H */

/* af_can socket functions */

static void can_sock_destruct(struct sock *sk)

void can_sock_destruct(struct sock *sk)

{

	skb_queue_purge(&sk->sk_receive_queue);

	skb_queue_purge(&sk->sk_error_queue);

}

EXPORT_SYMBOL(can_sock_destruct);

static const struct can_proto *can_get_proto(int protocol)

{

	if (!skb)

		return;

	j1939_priv_get(priv);

	can_skb_set_owner(skb, iskb->sk);

	/* get a pointer to the header of the skb

	j1939_simple_recv(priv, skb);

	j1939_sk_recv(priv, skb);

 done:

	j1939_priv_put(priv);

	kfree_skb(skb);

}

	netdev_dbg(priv->ndev, "%s: 0x%p\n", __func__, priv);

	WARN_ON_ONCE(!list_empty(&priv->active_session_list));

	WARN_ON_ONCE(!list_empty(&priv->ecus));

	WARN_ON_ONCE(!list_empty(&priv->j1939_socks));

	dev_put(ndev);

	kfree(priv);

}

{

	struct can_ml_priv *can_ml_priv = ndev->ml_priv;

	if (!can_ml_priv)

		return NULL;

	return can_ml_priv->j1939_priv;

}

{

	jsk->state |= J1939_SOCK_BOUND;

	j1939_priv_get(priv);

	jsk->priv = priv;

	spin_lock_bh(&priv->j1939_socks_lock);

	list_add_tail(&jsk->list, &priv->j1939_socks);

	list_del_init(&jsk->list);

	spin_unlock_bh(&priv->j1939_socks_lock);

	jsk->priv = NULL;

	j1939_priv_put(priv);

	jsk->state &= ~J1939_SOCK_BOUND;

}

	spin_unlock_bh(&priv->j1939_socks_lock);

}

static void j1939_sk_sock_destruct(struct sock *sk)

{

	struct j1939_sock *jsk = j1939_sk(sk);

	/* This function will be call by the generic networking code, when then

	 * the socket is ultimately closed (sk->sk_destruct).

	 *

	 * The race between

	 * - processing a received CAN frame

	 *   (can_receive -> j1939_can_recv)

	 *   and accessing j1939_priv

	 * ... and ...

	 * - closing a socket

	 *   (j1939_can_rx_unregister -> can_rx_unregister)

	 *   and calling the final j1939_priv_put()

	 *

	 * is avoided by calling the final j1939_priv_put() from this

	 * RCU deferred cleanup call.

	 */

	if (jsk->priv) {

		j1939_priv_put(jsk->priv);

		jsk->priv = NULL;

	}

	/* call generic CAN sock destruct */

	can_sock_destruct(sk);

}

static int j1939_sk_init(struct sock *sk)

{

	struct j1939_sock *jsk = j1939_sk(sk);

	atomic_set(&jsk->skb_pending, 0);

	spin_lock_init(&jsk->sk_session_queue_lock);

	INIT_LIST_HEAD(&jsk->sk_session_queue);

	sk->sk_destruct = j1939_sk_sock_destruct;

	return 0;

}

		}

		jsk->ifindex = addr->can_ifindex;

		/* the corresponding j1939_priv_put() is called via

		 * sk->sk_destruct, which points to j1939_sk_sock_destruct()

		 */

		j1939_priv_get(priv);

		jsk->priv = priv;

	}

	/* set default transmit pgn */

	if (!sk)

		return 0;

	jsk = j1939_sk(sk);

	lock_sock(sk);

	jsk = j1939_sk(sk);

	if (jsk->state & J1939_SOCK_BOUND) {

		struct j1939_priv *priv = jsk->priv;

{

	struct sock *sk = sock->sk;

	struct j1939_sock *jsk = j1939_sk(sk);

	struct j1939_priv *priv = jsk->priv;

	struct j1939_priv *priv;

	int ifindex;

	int ret;

	lock_sock(sock->sk);

	/* various socket state tests */

	if (!(jsk->state & J1939_SOCK_BOUND))

		return -EBADFD;

	if (!(jsk->state & J1939_SOCK_BOUND)) {

		ret = -EBADFD;

		goto sendmsg_done;

	}

	priv = jsk->priv;

	ifindex = jsk->ifindex;

	if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR)

	if (!jsk->addr.src_name && jsk->addr.sa == J1939_NO_ADDR) {

		/* no source address assigned yet */

		return -EBADFD;

		ret = -EBADFD;

		goto sendmsg_done;

	}

	/* deal with provided destination address info */

	if (msg->msg_name) {

		struct sockaddr_can *addr = msg->msg_name;

		if (msg->msg_namelen < J1939_MIN_NAMELEN)

			return -EINVAL;

		if (msg->msg_namelen < J1939_MIN_NAMELEN) {

			ret = -EINVAL;

			goto sendmsg_done;

		}

		if (addr->can_family != AF_CAN)

			return -EINVAL;

		if (addr->can_family != AF_CAN) {

			ret = -EINVAL;

			goto sendmsg_done;

		}

		if (addr->can_ifindex && addr->can_ifindex != ifindex)

			return -EBADFD;

		if (addr->can_ifindex && addr->can_ifindex != ifindex) {

			ret = -EBADFD;

			goto sendmsg_done;

		}

		if (j1939_pgn_is_valid(addr->can_addr.j1939.pgn) &&

		    !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn))

			return -EINVAL;

		    !j1939_pgn_is_clean_pdu(addr->can_addr.j1939.pgn)) {

			ret = -EINVAL;

			goto sendmsg_done;

		}

		if (!addr->can_addr.j1939.name &&

		    addr->can_addr.j1939.addr == J1939_NO_ADDR &&

		    !sock_flag(sk, SOCK_BROADCAST))

		    !sock_flag(sk, SOCK_BROADCAST)) {

			/* broadcast, but SO_BROADCAST not set */

			return -EACCES;

			ret = -EACCES;

			goto sendmsg_done;

		}

	} else {

		if (!jsk->addr.dst_name && jsk->addr.da == J1939_NO_ADDR &&

		    !sock_flag(sk, SOCK_BROADCAST))

		    !sock_flag(sk, SOCK_BROADCAST)) {

			/* broadcast, but SO_BROADCAST not set */

			return -EACCES;

			ret = -EACCES;

			goto sendmsg_done;

		}

	}

	ret = j1939_sk_send_loop(priv, sk, msg, size);

sendmsg_done:

	release_sock(sock->sk);

	return ret;

}

		return;

	j1939_sock_pending_del(session->sk);

	sock_put(session->sk);

}

static void j1939_session_destroy(struct j1939_session *session)

	netdev_dbg(session->priv->ndev, "%s: 0x%p\n", __func__, session);

	WARN_ON_ONCE(!list_empty(&session->sk_session_queue_entry));

	WARN_ON_ONCE(!list_empty(&session->active_session_list_entry));

	skb_queue_purge(&session->skb_queue);

	__j1939_session_drop(session);

	j1939_priv_put(session->priv);

		j1939_sk_queue_activate_next(session);

}

static void j1939_session_cancel(struct j1939_session *session,

static void __j1939_session_cancel(struct j1939_session *session,

				 enum j1939_xtp_abort err)

{

	struct j1939_priv *priv = session->priv;

	WARN_ON_ONCE(!err);

	lockdep_assert_held(&session->priv->active_session_list_lock);

	session->err = j1939_xtp_abort_to_errno(priv, err);

	/* do not send aborts on incoming broadcasts */

		j1939_sk_send_loop_abort(session->sk, session->err);

}

static void j1939_session_cancel(struct j1939_session *session,

				 enum j1939_xtp_abort err)

{

	j1939_session_list_lock(session->priv);

	if (session->state >= J1939_SESSION_ACTIVE &&

	    session->state < J1939_SESSION_WAITING_ABORT) {

		j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);

		__j1939_session_cancel(session, err);

	}

	j1939_session_list_unlock(session->priv);

}

static enum hrtimer_restart j1939_tp_txtimer(struct hrtimer *hrtimer)

{

	struct j1939_session *session =

		netdev_alert(priv->ndev, "%s: 0x%p: tx aborted with unknown reason: %i\n",

			     __func__, session, ret);

		if (session->skcb.addr.type != J1939_SIMPLE) {

			j1939_tp_set_rxtimeout(session,

					       J1939_XTP_ABORT_TIMEOUT_MS);

			j1939_session_cancel(session, J1939_XTP_ABORT_OTHER);

		} else {

			session->err = ret;

			hrtimer_start(&session->rxtimer,

				      ms_to_ktime(J1939_XTP_ABORT_TIMEOUT_MS),

				      HRTIMER_MODE_REL_SOFT);

			j1939_session_cancel(session, J1939_XTP_ABORT_TIMEOUT);

			__j1939_session_cancel(session, J1939_XTP_ABORT_TIMEOUT);

		}

		j1939_session_list_unlock(session->priv);

	}

 out_session_cancel:

	j1939_session_timers_cancel(session);

	j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);

	j1939_session_cancel(session, err);

}

		/* RTS on active session */

		j1939_session_timers_cancel(session);

		j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);

		j1939_session_cancel(session, J1939_XTP_ABORT_BUSY);

	}

			     session->last_cmd);

		j1939_session_timers_cancel(session);

		j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);

		j1939_session_cancel(session, J1939_XTP_ABORT_BUSY);

		return -EBUSY;

 out_session_cancel:

	j1939_session_timers_cancel(session);

	j1939_tp_set_rxtimeout(session, J1939_XTP_ABORT_TIMEOUT_MS);

	j1939_session_cancel(session, J1939_XTP_ABORT_FAULT);

	j1939_session_put(session);

}

		return ERR_PTR(-ENOMEM);

	/* skb is recounted in j1939_session_new() */

	sock_hold(skb->sk);

	session->sk = skb->sk;

	session->transmission = true;

	session->pkt.total = (size + 6) / 7;

				 &priv->active_session_list,

				 active_session_list_entry) {

		if (!sk || sk == session->sk) {

			j1939_session_timers_cancel(session);

			if (hrtimer_try_to_cancel(&session->txtimer) == 1)

				j1939_session_put(session);

			if (hrtimer_try_to_cancel(&session->rxtimer) == 1)

				j1939_session_put(session);

			session->err = ESHUTDOWN;

			j1939_session_deactivate_locked(session);

		}