ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c)
[linux-2.6] / net / netrom / nr_timer.c
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
8  * Copyright (C) 2002 Ralf Baechle DO1GRB (ralf@gnu.org)
9  */
10 #include <linux/errno.h>
11 #include <linux/types.h>
12 #include <linux/socket.h>
13 #include <linux/in.h>
14 #include <linux/kernel.h>
15 #include <linux/jiffies.h>
16 #include <linux/timer.h>
17 #include <linux/string.h>
18 #include <linux/sockios.h>
19 #include <linux/net.h>
20 #include <net/ax25.h>
21 #include <linux/inet.h>
22 #include <linux/netdevice.h>
23 #include <linux/skbuff.h>
24 #include <net/sock.h>
25 #include <net/tcp_states.h>
26 #include <asm/uaccess.h>
27 #include <asm/system.h>
28 #include <linux/fcntl.h>
29 #include <linux/mm.h>
30 #include <linux/interrupt.h>
31 #include <net/netrom.h>
32
33 static void nr_heartbeat_expiry(unsigned long);
34 static void nr_t1timer_expiry(unsigned long);
35 static void nr_t2timer_expiry(unsigned long);
36 static void nr_t4timer_expiry(unsigned long);
37 static void nr_idletimer_expiry(unsigned long);
38
39 void nr_init_timers(struct sock *sk)
40 {
41         struct nr_sock *nr = nr_sk(sk);
42
43         setup_timer(&nr->t1timer, nr_t1timer_expiry, (unsigned long)sk);
44         setup_timer(&nr->t2timer, nr_t2timer_expiry, (unsigned long)sk);
45         setup_timer(&nr->t4timer, nr_t4timer_expiry, (unsigned long)sk);
46         setup_timer(&nr->idletimer, nr_idletimer_expiry, (unsigned long)sk);
47
48         /* initialized by sock_init_data */
49         sk->sk_timer.data     = (unsigned long)sk;
50         sk->sk_timer.function = &nr_heartbeat_expiry;
51 }
52
53 void nr_start_t1timer(struct sock *sk)
54 {
55         struct nr_sock *nr = nr_sk(sk);
56
57         mod_timer(&nr->t1timer, jiffies + nr->t1);
58 }
59
60 void nr_start_t2timer(struct sock *sk)
61 {
62         struct nr_sock *nr = nr_sk(sk);
63
64         mod_timer(&nr->t2timer, jiffies + nr->t2);
65 }
66
67 void nr_start_t4timer(struct sock *sk)
68 {
69         struct nr_sock *nr = nr_sk(sk);
70
71         mod_timer(&nr->t4timer, jiffies + nr->t4);
72 }
73
74 void nr_start_idletimer(struct sock *sk)
75 {
76         struct nr_sock *nr = nr_sk(sk);
77
78         if (nr->idle > 0)
79                 mod_timer(&nr->idletimer, jiffies + nr->idle);
80 }
81
82 void nr_start_heartbeat(struct sock *sk)
83 {
84         mod_timer(&sk->sk_timer, jiffies + 5 * HZ);
85 }
86
87 void nr_stop_t1timer(struct sock *sk)
88 {
89         del_timer(&nr_sk(sk)->t1timer);
90 }
91
92 void nr_stop_t2timer(struct sock *sk)
93 {
94         del_timer(&nr_sk(sk)->t2timer);
95 }
96
97 void nr_stop_t4timer(struct sock *sk)
98 {
99         del_timer(&nr_sk(sk)->t4timer);
100 }
101
102 void nr_stop_idletimer(struct sock *sk)
103 {
104         del_timer(&nr_sk(sk)->idletimer);
105 }
106
107 void nr_stop_heartbeat(struct sock *sk)
108 {
109         del_timer(&sk->sk_timer);
110 }
111
112 int nr_t1timer_running(struct sock *sk)
113 {
114         return timer_pending(&nr_sk(sk)->t1timer);
115 }
116
117 static void nr_heartbeat_expiry(unsigned long param)
118 {
119         struct sock *sk = (struct sock *)param;
120         struct nr_sock *nr = nr_sk(sk);
121
122         bh_lock_sock(sk);
123         switch (nr->state) {
124         case NR_STATE_0:
125                 /* Magic here: If we listen() and a new link dies before it
126                    is accepted() it isn't 'dead' so doesn't get removed. */
127                 if (sock_flag(sk, SOCK_DESTROY) ||
128                     (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) {
129                         sock_hold(sk);
130                         bh_unlock_sock(sk);
131                         nr_destroy_socket(sk);
132                         sock_put(sk);
133                         return;
134                 }
135                 break;
136
137         case NR_STATE_3:
138                 /*
139                  * Check for the state of the receive buffer.
140                  */
141                 if (atomic_read(&sk->sk_rmem_alloc) < (sk->sk_rcvbuf / 2) &&
142                     (nr->condition & NR_COND_OWN_RX_BUSY)) {
143                         nr->condition &= ~NR_COND_OWN_RX_BUSY;
144                         nr->condition &= ~NR_COND_ACK_PENDING;
145                         nr->vl         = nr->vr;
146                         nr_write_internal(sk, NR_INFOACK);
147                         break;
148                 }
149                 break;
150         }
151
152         nr_start_heartbeat(sk);
153         bh_unlock_sock(sk);
154 }
155
156 static void nr_t2timer_expiry(unsigned long param)
157 {
158         struct sock *sk = (struct sock *)param;
159         struct nr_sock *nr = nr_sk(sk);
160
161         bh_lock_sock(sk);
162         if (nr->condition & NR_COND_ACK_PENDING) {
163                 nr->condition &= ~NR_COND_ACK_PENDING;
164                 nr_enquiry_response(sk);
165         }
166         bh_unlock_sock(sk);
167 }
168
169 static void nr_t4timer_expiry(unsigned long param)
170 {
171         struct sock *sk = (struct sock *)param;
172
173         bh_lock_sock(sk);
174         nr_sk(sk)->condition &= ~NR_COND_PEER_RX_BUSY;
175         bh_unlock_sock(sk);
176 }
177
178 static void nr_idletimer_expiry(unsigned long param)
179 {
180         struct sock *sk = (struct sock *)param;
181         struct nr_sock *nr = nr_sk(sk);
182
183         bh_lock_sock(sk);
184
185         nr_clear_queues(sk);
186
187         nr->n2count = 0;
188         nr_write_internal(sk, NR_DISCREQ);
189         nr->state = NR_STATE_2;
190
191         nr_start_t1timer(sk);
192         nr_stop_t2timer(sk);
193         nr_stop_t4timer(sk);
194
195         sk->sk_state     = TCP_CLOSE;
196         sk->sk_err       = 0;
197         sk->sk_shutdown |= SEND_SHUTDOWN;
198
199         if (!sock_flag(sk, SOCK_DEAD)) {
200                 sk->sk_state_change(sk);
201                 sock_set_flag(sk, SOCK_DEAD);
202         }
203         bh_unlock_sock(sk);
204 }
205
206 static void nr_t1timer_expiry(unsigned long param)
207 {
208         struct sock *sk = (struct sock *)param;
209         struct nr_sock *nr = nr_sk(sk);
210
211         bh_lock_sock(sk);
212         switch (nr->state) {
213         case NR_STATE_1:
214                 if (nr->n2count == nr->n2) {
215                         nr_disconnect(sk, ETIMEDOUT);
216                         bh_unlock_sock(sk);
217                         return;
218                 } else {
219                         nr->n2count++;
220                         nr_write_internal(sk, NR_CONNREQ);
221                 }
222                 break;
223
224         case NR_STATE_2:
225                 if (nr->n2count == nr->n2) {
226                         nr_disconnect(sk, ETIMEDOUT);
227                         bh_unlock_sock(sk);
228                         return;
229                 } else {
230                         nr->n2count++;
231                         nr_write_internal(sk, NR_DISCREQ);
232                 }
233                 break;
234
235         case NR_STATE_3:
236                 if (nr->n2count == nr->n2) {
237                         nr_disconnect(sk, ETIMEDOUT);
238                         bh_unlock_sock(sk);
239                         return;
240                 } else {
241                         nr->n2count++;
242                         nr_requeue_frames(sk);
243                 }
244                 break;
245         }
246
247         nr_start_t1timer(sk);
248         bh_unlock_sock(sk);
249 }